add_interrupt_randomess always wakes up
code blocking on /dev/random. This wake up is done
unconditionally. Unfortunately this means all interrupts
take the wait queue spinlock, which can be rather expensive
on large systems processing lots of interrupts.
We saw 1% cpu time spinning on this on a large macro workload
running on a large system.
I believe it's a recent regression (?)
Always check if there is a waiter on the wait queue
before waking up. This check can be done without
taking a spinlock.
1.06% 10460 [kernel.vmlinux] [k] native_queued_spin_lock_slowpath
|
---native_queued_spin_lock_slowpath
|
--0.57%--_raw_spin_lock_irqsave
|
--0.56%--__wake_up_common_lock
credit_entropy_bits
add_interrupt_randomness
handle_irq_event_percpu
handle_irq_event
handle_edge_irq
handle_irq
do_IRQ
common_interrupt
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
There are many code paths opencoding kvmalloc. Let's use the helper
instead. The main difference to kvmalloc is that those users are
usually not considering all the aspects of the memory allocator. E.g.
allocation requests <= 32kB (with 4kB pages) are basically never failing
and invoke OOM killer to satisfy the allocation. This sounds too
disruptive for something that has a reasonable fallback - the vmalloc.
On the other hand those requests might fallback to vmalloc even when the
memory allocator would succeed after several more reclaim/compaction
attempts previously. There is no guarantee something like that happens
though.
This patch converts many of those places to kv[mz]alloc* helpers because
they are more conservative.
Link: http://lkml.kernel.org/r/20170306103327.2766-2-mhocko@kernel.org
Signed-off-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> # Xen bits
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: Andreas Dilger <andreas.dilger@intel.com> # Lustre
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> # KVM/s390
Acked-by: Dan Williams <dan.j.williams@intel.com> # nvdim
Acked-by: David Sterba <dsterba@suse.com> # btrfs
Acked-by: Ilya Dryomov <idryomov@gmail.com> # Ceph
Acked-by: Tariq Toukan <tariqt@mellanox.com> # mlx4
Acked-by: Leon Romanovsky <leonro@mellanox.com> # mlx5
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Anton Vorontsov <anton@enomsg.org>
Cc: Colin Cross <ccross@android.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Ben Skeggs <bskeggs@redhat.com>
Cc: Kent Overstreet <kent.overstreet@gmail.com>
Cc: Santosh Raspatur <santosh@chelsio.com>
Cc: Hariprasad S <hariprasad@chelsio.com>
Cc: Yishai Hadas <yishaih@mellanox.com>
Cc: Oleg Drokin <oleg.drokin@intel.com>
Cc: "Yan, Zheng" <zyan@redhat.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: David Miller <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl6UI7sACgkQONu9yGCS
aT5png//QOOP2eJhRXJ1fljGpHhS8TizKPG4HsvWYEvbJpiPgap4+K//MHHPQJBH
c7C03STaMoFEwb2kmWIWmQWwUlRIRaG0ubuCGYLboncts0jWOnbuN3u51Z31V2/w
LjJ3BKAt+EDGxltxV+KFE7Gp5DQ5bvN4PzlkNDpyF90QtjCZSDBpFR0c466lkUsy
26RYU3BG2RbuNDGPqgzhIsTvc4hpmiPM/pvkXbAHqjf7TDeDPZnQntfwvqjtSUVu
fDey9pBNSkfam++29t14bYVeRIp1i73ASFZe7IOajb3+U5B+mUGD1efurDAAMjiE
hJpw1p2SNidDntUfW53xF6xiSNDmxUpOQexWNgMQZZrLow0EObm4eRkXwJLgch18
BmtgHg2NKHfcosXP+yTzmwiyBOes0/q7EnIR6IeCWdYH+9TXwSy4BL+eMyJUZR7+
A1FEIt3+SuIee88N+b+rn4u94r4vvxzRBZ5flpX8TJDSkQ2FhAf4to7dXHA/BZkg
+IKNaW/zvcgTRGROOzODVenbXcGseOseoNMXzp4PciAtZvWfGXo0LU82gD/SivS4
tkA+C/bBu5WBzPr0Pzl+fhlHn5maLpIIukNPOGsSASBh/d11BVE4951GzlhEFjgT
km4bfo/85QtD43s68emrJUNoUE7RfKlulhlbN5Aa+Xg/N/DcTo8=
=/6B3
-----END PGP SIGNATURE-----
Merge 4.9.219 into android-4.9-q
Changes in 4.9.219
l2tp: ensure sessions are freed after their PPPOL2TP socket
l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall()
drm/bochs: downgrade pci_request_region failure from error to warning
ipv4: fix a RCU-list lock in fib_triestat_seq_show
net, ip_tunnel: fix interface lookup with no key
sctp: fix refcount bug in sctp_wfree
sctp: fix possibly using a bad saddr with a given dst
drm/etnaviv: replace MMU flush marker with flush sequence
blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
blk-mq: Allow blocking queue tag iter callbacks
coresight: do not use the BIT() macro in the UAPI header
net: dsa: tag_brcm: Fix skb->fwd_offload_mark location
padata: always acquire cpu_hotplug_lock before pinst->lock
mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
net: dsa: bcm_sf2: Ensure correct sub-node is parsed
net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting
slcan: Don't transmit uninitialized stack data in padding
net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers
random: always use batched entropy for get_random_u{32,64}
tools/accounting/getdelays.c: fix netlink attribute length
ASoC: jz4740-i2s: Fix divider written at incorrect offset in register
IB/hfi1: Call kobject_put() when kobject_init_and_add() fails
IB/hfi1: Fix memory leaks in sysfs registration and unregistration
ceph: remove the extra slashes in the server path
ceph: canonicalize server path in place
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow
clk: qcom: rcg: Return failure for RCG update
drm/msm: stop abusing dma_map/unmap for cache
arm64: Fix size of __early_cpu_boot_status
usb: dwc3: don't set gadget->is_otg flag
drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read()
drm/msm: Use the correct dma_sync calls in msm_gem
Linux 4.9.219
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic787d6aa9374864ce928ac1ef802077ac55ca232
commit 69efea712f5b0489e67d07565aad5c94e09a3e52 upstream.
It turns out that RDRAND is pretty slow. Comparing these two
constructions:
for (i = 0; i < CHACHA_BLOCK_SIZE; i += sizeof(ret))
arch_get_random_long(&ret);
and
long buf[CHACHA_BLOCK_SIZE / sizeof(long)];
extract_crng((u8 *)buf);
it amortizes out to 352 cycles per long for the top one and 107 cycles
per long for the bottom one, on Coffee Lake Refresh, Intel Core i9-9880H.
And importantly, the top one has the drawback of not benefiting from the
real rng, whereas the bottom one has all the nice benefits of using our
own chacha rng. As get_random_u{32,64} gets used in more places (perhaps
beyond what it was originally intended for when it was introduced as
get_random_{int,long} back in the md5 monstrosity era), it seems like it
might be a good thing to strengthen its posture a tiny bit. Doing this
should only be stronger and not any weaker because that pool is already
initialized with a bunch of rdrand data (when available). This way, we
get the benefits of the hardware rng as well as our own rng.
Another benefit of this is that we no longer hit pitfalls of the recent
stream of AMD bugs in RDRAND. One often used code pattern for various
things is:
do {
val = get_random_u32();
} while (hash_table_contains_key(val));
That recent AMD bug rendered that pattern useless, whereas we're really
very certain that chacha20 output will give pretty distributed numbers,
no matter what.
So, this simplification seems better both from a security perspective
and from a performance perspective.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/20200221201037.30231-1-Jason@zx2c4.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Conflicts:
drivers/scsi/ufs/ufshcd.c Checked out ' 39f4ec1ef6 ', similar fix was found in source
drivers/staging/android/ashmem.c
drivers/usb/gadget/function/u_serial.c
fs/ext4/ext4.h
security/selinux/avc.c
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl5oitoACgkQONu9yGCS
aT617Q/8Dk8BDWkAeGzyxkdSmSwHbF/fRsF14iCXZdH4896J4Lpti6ku5XvTfzqq
8gQqjo36FP5/8gohuc5vwZCPnUzEw6MAzF5jR/T6uNny5wsS1I/TP9SsggEhUF5Z
e6qg6OyRKOyfT0Q46bZMslJRQzqyZikVIr0IflP20emIBo2okAg1N+fHdhhpeqKk
3+dagpksRwCtaWGROO9jV9rcuvFR9WbR3UuuJr+MLRbF2Hp2MBK6VWq3qhbLEhd9
E23rlpZ/qJGiTtUbMzw5DqRCnqYlz2Gf02mltjKPOhnzEl1NmLCP29qygkluUI/Q
a7a3lw+XLlhd1adXS+xg3jv9Nkl3gjCgS7VPqVJEdzaTFh/TvEaC4jJxLXlyATEr
t6C3y6pa2eHK/Qj5jfDzV/nIJI5z0AcRgMW/0Hkyb8effxad4DaxSdQ8SQmpLaDd
wNwKAEhxFeAjJXoQOdrKiSGrPe8/h4pq3UNFajA9YvB8hxjN2TS/5X4Fh//uLtB9
VEzKw8d2XlutIDqpF6QRrQZZZ88dDHPALpcAEIVDbBWT1gjSGPOWCVZtybIlbgw5
9shE/kQRUMChEf4LAuWtjhx3TOHUa3faaRIIvCGW2TPPdXfkHgto8G79M7IOfxAf
tygDixkP2tDPJju0VRbcOp+Z+f7yOZbxXgV63aXQPj8h0nWJJpA=
=KwBy
-----END PGP SIGNATURE-----
Merge 4.9.216 into android-4.9-q
Changes in 4.9.216
iwlwifi: pcie: fix rb_allocator workqueue allocation
ext4: fix potential race between online resizing and write operations
ext4: fix potential race between s_flex_groups online resizing and access
ext4: fix potential race between s_group_info online resizing and access
ipmi:ssif: Handle a possible NULL pointer reference
drm/msm: Set dma maximum segment size for mdss
mac80211: consider more elements in parsing CRC
cfg80211: check wiphy driver existence for drvinfo report
qmi_wwan: re-add DW5821e pre-production variant
net: ena: fix potential crash when rxfh key is NULL
net: ena: add missing ethtool TX timestamping indication
net: ena: fix incorrect default RSS key
net: ena: rss: fix failure to get indirection table
net: ena: rss: store hash function as values and not bits
net: ena: fix incorrectly saving queue numbers when setting RSS indirection table
net: ena: ena-com.c: prevent NULL pointer dereference
cifs: Fix mode output in debugging statements
cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
sysrq: Restore original console_loglevel when sysrq disabled
sysrq: Remove duplicated sysrq message
net: fib_rules: Correctly set table field when table number exceeds 8 bits
net: phy: restore mdio regs in the iproc mdio driver
ipv6: Fix nlmsg_flags when splitting a multipath route
ipv6: Fix route replacement with dev-only route
sctp: move the format error check out of __sctp_sf_do_9_1_abort
nfc: pn544: Fix occasional HW initialization failure
net: sched: correct flower port blocking
ext4: potential crash on allocation error in ext4_alloc_flex_bg_array()
audit: fix error handling in audit_data_to_entry()
ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro
ACPI: watchdog: Fix gas->access_width usage
HID: core: fix off-by-one memset in hid_report_raw_event()
HID: core: increase HID report buffer size to 8KiB
HID: hiddev: Fix race in in hiddev_disconnect()
MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()'
i2c: jz4780: silence log flood on txabrt
ecryptfs: Fix up bad backport of fe2e082f5da5b4a0a92ae32978f81507ef37ec66
serial: 8250: Check UPF_IRQ_SHARED in advance
include/linux/bitops.h: introduce BITS_PER_TYPE
net: netlink: cap max groups which will be considered in netlink_bind()
net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE
namei: only return -ECHILD from follow_dotdot_rcu()
KVM: Check for a bad hva before dropping into the ghc slow path
slip: stop double free sl->dev in slip_open
tuntap: correctly set SOCKWQ_ASYNC_NOSPACE
drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()'
perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc
mm/huge_memory.c: use head to check huge zero page
audit: always check the netlink payload length in audit_receive_msg()
vhost: Check docket sk_family instead of call getname
serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE
usb: gadget: composite: Support more than 500mA MaxPower
usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags
usb: gadget: serial: fix Tx stall after buffer overflow
drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI
drm/msm/dsi: save pll state before dsi host is powered off
net: ks8851-ml: Remove 8-bit bus accessors
net: ks8851-ml: Fix 16-bit data access
net: ks8851-ml: Fix 16-bit IO operation
watchdog: da9062: do not ping the hw during stop()
s390/cio: cio_ignore_proc_seq_next should increase position index
cifs: don't leak -EAGAIN for stat() during reconnect
usb: storage: Add quirk for Samsung Fit flash
usb: quirks: add NO_LPM quirk for Logitech Screen Share
usb: core: hub: do error out if usb_autopm_get_interface() fails
usb: core: port: do error out if usb_autopm_get_interface() fails
vgacon: Fix a UAF in vgacon_invert_region
fat: fix uninit-memory access for partial initialized inode
tty:serial:mvebu-uart:fix a wrong return
vt: selection, close sel_buffer race
vt: selection, push console lock down
vt: selection, push sel_lock up
x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes
dmaengine: tegra-apb: Fix use-after-free
dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list
ARM: dts: ls1021a: Restore MDIO compatible to gianfar
ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output
ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path
ASoC: dapm: Correct DAPM handling of active widgets during shutdown
RDMA/iwcm: Fix iwcm work deallocation
RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
ARM: imx: build v7_cpu_resume() unconditionally
hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT()
dmaengine: coh901318: Fix a double lock bug in dma_tc_handle()
powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems
dm cache: fix a crash due to incorrect work item cancelling
crypto: algif_skcipher - use ZERO_OR_NULL_PTR in skcipher_recvmsg_async
Linux 4.9.216
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id92ae78607b020bf7f2af83481404628e694c230
[ Upstream commit 6b8526d3abc02c08a2f888e8c20b7ac9e5776dfe ]
In error cases a NULL can be passed to memcpy. The length will always
be zero, so it doesn't really matter, but go ahead and check for NULL,
anyway, to be more precise and avoid static analysis errors.
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 9a655c77ff8fc65699a3f98e237db563b37c439b upstream.
tpk_write()/tpk_close() could be interrupted when holding a mutex, then
in timer handler tpk_write() may be called again trying to acquire same
mutex, lead to deadlock.
Google syzbot reported this issue with CONFIG_DEBUG_ATOMIC_SLEEP
enabled:
BUG: sleeping function called from invalid context at
kernel/locking/mutex.c:938
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 0, name: swapper/1
1 lock held by swapper/1/0:
...
Call Trace:
<IRQ>
dump_stack+0x197/0x210
___might_sleep.cold+0x1fb/0x23e
__might_sleep+0x95/0x190
__mutex_lock+0xc5/0x13c0
mutex_lock_nested+0x16/0x20
tpk_write+0x5d/0x340
resync_tnc+0x1b6/0x320
call_timer_fn+0x1ac/0x780
run_timer_softirq+0x6c3/0x1790
__do_softirq+0x262/0x98c
irq_exit+0x19b/0x1e0
smp_apic_timer_interrupt+0x1a3/0x610
apic_timer_interrupt+0xf/0x20
</IRQ>
See link https://syzkaller.appspot.com/bug?extid=2eeef62ee31f9460ad65 for
more details.
Fix it by using spinlock in process context instead of mutex and having
interrupt disabled in critical section.
Reported-by: syzbot+2eeef62ee31f9460ad65@syzkaller.appspotmail.com
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@gmail.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/20200113034842.435-1-zhenzhong.duan@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4Qh+sACgkQONu9yGCS
aT7sUQ/+P+dg9KWYEUxPUaSrZ3N8yvFTI2GlVWVv9MMrl/TQPU4jLVoFXxpaQd+i
4MIlgs6a/FEPJWZbsJZP7DCMcIOX3wEbaV4IdHDD67W6sK8A2kUL7Rz7kVEz1/Gi
o3Z0aep0kScIoY7gIOJXxypreg983odXouyEiP2OMKUNkPWpJqa+kG3XCYWOMnoP
ak9+gOGVlyVY2rgxHcAIS1IFUhM6QBmTRy78B9vRr/c4OLTwKR9S2AyY9LYX3FsA
Y4cxXzxFdgHROXg7ev2Xebor2bnrJR6jI2/7BlNLZ7mv/GTKe3UbgLqPcmiqIJ0l
ybiiDIqs62K/UFW187H3UEwrHzPZcA5eacKk5dX5wTPEiJIMSnhlUKUcNBNFMDEf
YWeDgd5oxAKyEe8uDTUynQJLa4SpyGpgkWuipEjpih7VlYKXsNsGIMsKnZT30xFO
dUe6GRaflx/fAU2X5W56o+NfND8QwCaODPfhWXnFUBNK2UP8qortIUBvqqvv+h8g
mi+FWskrkG+UPHa6WrLoHvhbRzWZ55I4hS3cnDTJfZ+GyQViiEFIFwh+yQV7s9T6
MWDWzAkK+gMqAIKtHlJA5h7CoFCVUWc804FpFVBT0/ew1fS1ji2kR+RPg7JaJUrU
/1aoBlsaPI9T/W4na/d6pxJG6CsjNUZCbRIIvk++xfF4qNZuPg4=
=brIz
-----END PGP SIGNATURE-----
Merge 4.9.208 into android-4.9-q
Changes in 4.9.208
btrfs: skip log replay on orphaned roots
btrfs: do not leak reloc root if we fail to read the fs root
btrfs: handle ENOENT in btrfs_uuid_tree_iterate
ALSA: pcm: Avoid possible info leaks from PCM stream buffers
ALSA: hda/ca0132 - Keep power on during processing DSP response
ALSA: hda/ca0132 - Avoid endless loop
drm: mst: Fix query_payload ack reply struct
drm/bridge: analogix-anx78xx: silence -EPROBE_DEFER warnings
iio: light: bh1750: Resolve compiler warning and make code more readable
spi: Add call to spi_slave_abort() function when spidev driver is released
staging: rtl8192u: fix multiple memory leaks on error path
staging: rtl8188eu: fix possible null dereference
rtlwifi: prevent memory leak in rtl_usb_probe
libertas: fix a potential NULL pointer dereference
IB/iser: bound protection_sg size by data_sg size
media: am437x-vpfe: Setting STD to current value is not an error
media: i2c: ov2659: fix s_stream return value
media: i2c: ov2659: Fix missing 720p register config
media: ov6650: Fix stored frame format not in sync with hardware
tools/power/cpupower: Fix initializer override in hsw_ext_cstates
usb: renesas_usbhs: add suspend event support in gadget mode
hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled
regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe()
media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init()
media: cec-funcs.h: add status_req checks
samples: pktgen: fix proc_cmd command result check logic
mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format
media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number
media: ti-vpe: vpe: Make sure YUYV is set as default format
extcon: sm5502: Reset registers during initialization
x86/mm: Use the correct function type for native_set_fixmap()
perf test: Report failure for mmap events
perf report: Add warning when libunwind not compiled in
usb: usbfs: Suppress problematic bind and unbind uevents.
iio: adc: max1027: Reset the device at probe time
Bluetooth: hci_core: fix init for HCI_USER_CHANNEL
x86/mce: Lower throttling MCE messages' priority to warning
drm/gma500: fix memory disclosures due to uninitialized bytes
rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot
x86/ioapic: Prevent inconsistent state when moving an interrupt
arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill()
libata: Ensure ata_port probe has completed before detach
pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B
Bluetooth: Fix advertising duplicated flags
bnx2x: Fix PF-VF communication over multi-cos queues.
spi: img-spfi: fix potential double release
ALSA: timer: Limit max amount of slave instances
rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt()
perf probe: Fix to find range-only function instance
perf probe: Fix to list probe event with correct line number
perf probe: Walk function lines in lexical blocks
perf probe: Fix to probe an inline function which has no entry pc
perf probe: Fix to show ranges of variables in functions without entry_pc
perf probe: Fix to show inlined function callsite without entry_pc
perf probe: Fix to probe a function which has no entry pc
perf probe: Skip overlapped location on searching variables
perf probe: Return a better scope DIE if there is no best scope
perf probe: Fix to show calling lines of inlined functions
perf probe: Skip end-of-sequence and non statement lines
perf probe: Filter out instances except for inlined subroutine and subprogram
ath10k: fix get invalid tx rate for Mesh metric
media: pvrusb2: Fix oops on tear-down when radio support is not present
media: si470x-i2c: add missed operations in remove
EDAC/ghes: Fix grain calculation
spi: pxa2xx: Add missed security checks
ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile
s390/disassembler: don't hide instruction addresses
parport: load lowlevel driver if ports not found
cpufreq: Register drivers only after CPU devices have been registered
x86/crash: Add a forward declaration of struct kimage
iwlwifi: mvm: fix unaligned read of rx_pkt_status
spi: tegra20-slink: add missed clk_unprepare
mmc: tmio: Add MMC_CAP_ERASE to allow erase/discard/trim requests
btrfs: don't prematurely free work in end_workqueue_fn()
btrfs: don't prematurely free work in run_ordered_work()
spi: st-ssc4: add missed pm_runtime_disable
x86/insn: Add some Intel instructions to the opcode map
iwlwifi: check kasprintf() return value
fbtft: Make sure string is NULL terminated
crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c
crypto: vmx - Avoid weird build failures
libtraceevent: Fix memory leakage in copy_filter_type
net: phy: initialise phydev speed and duplex sanely
btrfs: don't prematurely free work in reada_start_machine_worker()
Revert "mmc: sdhci: Fix incorrect switch to HS mode"
usb: xhci: Fix build warning seen with CONFIG_PM=n
btrfs: don't double lock the subvol_sem for rename exchange
btrfs: do not call synchronize_srcu() in inode_tree_del
btrfs: return error pointer from alloc_test_extent_buffer
btrfs: abort transaction after failed inode updates in create_subvol
Btrfs: fix removal logic of the tree mod log that leads to use-after-free issues
af_packet: set defaule value for tmo
fjes: fix missed check in fjes_acpi_add
mod_devicetable: fix PHY module format
net: hisilicon: Fix a BUG trigered by wrong bytes_compl
net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive()
net: qlogic: Fix error paths in ql_alloc_large_buffers()
net: usb: lan78xx: Fix suspend/resume PHY register access error
sctp: fully initialize v4 addr in some functions
net: dst: Force 4-byte alignment of dst_metrics
usbip: Fix error path of vhci_recv_ret_submit()
USB: EHCI: Do not return -EPIPE when hub is disconnected
platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes
staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value
ext4: fix ext4_empty_dir() for directories with holes
ext4: check for directory entries too close to block end
powerpc/irq: fix stack overflow verification
mmc: sdhci-of-esdhc: fix P2020 errata handling
perf probe: Fix to show function entry line as probe-able
scsi: mpt3sas: Fix clear pending bit in ioctl status
scsi: lpfc: Fix locking on mailbox command completion
Input: atmel_mxt_ts - disable IRQ across suspend
iommu/tegra-smmu: Fix page tables in > 4 GiB memory
scsi: target: compare full CHAP_A Algorithm strings
scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices
scsi: csiostor: Don't enable IRQs too early
powerpc/pseries: Mark accumulate_stolen_time() as notrace
powerpc/pseries: Don't fail hash page table insert for bolted mapping
dma-debug: add a schedule point in debug_dma_dump_mappings()
clocksource/drivers/asm9260: Add a check for of_clk_get
powerpc/security/book3s64: Report L1TF status in sysfs
powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning
jbd2: Fix statistics for the number of logged blocks
scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6)
scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow
clk: qcom: Allow constant ratio freq tables for rcg
irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary
irqchip: ingenic: Error out if IRQ domain creation failed
fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long
scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences
scsi: ufs: fix potential bug which ends in system hang
powerpc/pseries/cmm: Implement release() function for sysfs device
powerpc/security: Fix wrong message when RFI Flush is disable
scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE
clk: pxa: fix one of the pxa RTC clocks
bcache: at least try to shrink 1 node in bch_mca_scan()
HID: Improve Windows Precision Touchpad detection.
ext4: work around deleting a file with i_nlink == 0 safely
scsi: pm80xx: Fix for SATA device discovery
scsi: scsi_debug: num_tgts must be >= 0
scsi: target: iscsi: Wait for all commands to finish before freeing a session
gpio: mpc8xxx: Don't overwrite default irq_set_type callback
scripts/kallsyms: fix definitely-lost memory leak
cdrom: respect device capabilities during opening action
perf regs: Make perf_reg_name() return "unknown" instead of NULL
libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h
s390/cpum_sf: Check for SDBT and SDB consistency
ocfs2: fix passing zero to 'PTR_ERR' warning
kernel: sysctl: make drop_caches write-only
x86/mce: Fix possibly incorrect severity calculation on AMD
net, sysctl: Fix compiler warning when only cBPF is present
ALSA: hda - Downgrade error message for single-cmd fallback
perf strbuf: Remove redundant va_end() in strbuf_addv()
Make filldir[64]() verify the directory entry filename is valid
filldir[64]: remove WARN_ON_ONCE() for bad directory entries
netfilter: ebtables: compat: reject all padding in matches/watchers
6pack,mkiss: fix possible deadlock
netfilter: bridge: make sure to pull arp header in br_nf_forward_arp()
net: icmp: fix data-race in cmp_global_allow()
hrtimer: Annotate lockless access to timer->state
tty/serial: atmel: fix out of range clock divider handling
pinctrl: baytrail: Really serialize all register accesses
mmc: sdhci: Update the tuning failed messages to pr_debug level
net: ena: fix napi handler misbehavior when the napi budget is zero
vhost/vsock: accept only packets with the right dst_cid
tcp/dccp: fix possible race __inet_lookup_established()
tcp: do not send empty skb from tcp_write_xmit()
gtp: fix wrong condition in gtp_genl_dump_pdp()
gtp: avoid zero size hashtable
Linux 4.9.208
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit eaecce12f5f0d2c35d278e41e1bc4522393861ab ]
When unloading omap3-rom-rng, we'll get the following:
WARNING: CPU: 0 PID: 100 at drivers/clk/clk.c:948 clk_core_disable
This is because the clock may be already disabled by omap3_rom_rng_idle().
Let's fix the issue by checking for rng_idle on exit.
Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Adam Ford <aford173@gmail.com>
Cc: Pali Rohár <pali.rohar@gmail.com>
Cc: Sebastian Reichel <sre@kernel.org>
Cc: Tero Kristo <t-kristo@ti.com>
Fixes: 1c6b7c2108 ("hwrng: OMAP3 ROM Random Number Generator support")
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl396QsACgkQONu9yGCS
aT63DA//V6C58MC6I6ISv/2zcGrWOzfP4q1et4lu1eBPgUTzbnB7gdnwH2V6l3QU
Kt9V4GUI6GFsVmRGsEJZjg4kvA1HDjx6sbs3odHuvDnhGFrHstnxKOJiuZeQU4Ph
wxDEQghyeYod+2VDKNWw3gxjBgjP95eAvZMmhnQ13dwY20HZgGjoUMHBKpKpwOly
ZwV0YWsW9Zko8bTmuyrqXUG8ChSWZCWMuNKNpUDIjVj/NPcAyEAr9wkYOGf8UnGq
rK/owI0Y02qZJS9ZGxv4IDNjW7yjIGQzSYWUrY8ajSQzFqHErWSQ7tGwJ8fb5EBM
0zH2GGp8XLXXOCMMrg8nsTlNaj+wg7a5C0Vx0VtijYyIQCE39M91rltO+oVBWdjR
jCUbp//2v7XFN+eQSvwuWHrUyOmGGj9C0mDGoMC4rSHES4jYS4b4wHzn9CK8Iqy2
izvNjz93TrNj+YLLUlf6tTSUfWYuGSFNyahbhjFL7MPBp2RUJM1f5uzhBj2sQqwN
olCUvsNSZRWkR5/f15/kdEyPAhYt0i66aV3JNpEaRHZDqpUXAMTRv+AgtEPBNA5r
mORdDq9Zw+m+BGYSiuotArINRY8PSn1tP8tnhNjGE0RwnAx+S0Fs6+0AyHhEY+wQ
OBpNfRTaJep9L1Yl4Hj4ZDU6Lr5xqWLoplV2X9OIUzLleAY44+M=
=Gqb9
-----END PGP SIGNATURE-----
Merge 4.9.207 into android-4.9-q
Changes in 4.9.207
arm64: tegra: Fix 'active-low' warning for Jetson TX1 regulator
usb: gadget: u_serial: add missing port entry locking
tty: serial: fsl_lpuart: use the sg count from dma_map_sg
tty: serial: msm_serial: Fix flow control
serial: pl011: Fix DMA ->flush_buffer()
serial: serial_core: Perform NULL checks for break_ctl ops
serial: ifx6x60: add missed pm_runtime_disable
autofs: fix a leak in autofs_expire_indirect()
RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN
exportfs_decode_fh(): negative pinned may become positive without the parent locked
audit_get_nd(): don't unlock parent too early
NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error
Input: cyttsp4_core - fix use after free bug
ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed()
rsxx: add missed destroy_workqueue calls in remove
net: ep93xx_eth: fix mismatch of request_mem_region in remove
serial: core: Allow processing sysrq at port unlock time
cxgb4vf: fix memleak in mac_hlist initialization
iwlwifi: mvm: Send non offchannel traffic via AP sta
ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+
net/mlx5: Release resource on error flow
extcon: max8997: Fix lack of path setting in USB device mode
clk: rockchip: fix rk3188 sclk_smc gate data
clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering
ARM: dts: rockchip: Fix rk3288-rock2 vcc_flash name
dlm: fix missing idr_destroy for recover_idr
MIPS: SiByte: Enable ZONE_DMA32 for LittleSur
scsi: zfcp: drop default switch case which might paper over missing case
pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues
Staging: iio: adt7316: Fix i2c data reading, set the data field
regulator: Fix return value of _set_load() stub
MIPS: OCTEON: octeon-platform: fix typing
math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning
rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()'
rtc: dt-binding: abx80x: fix resistance scale
ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module
media: pulse8-cec: return 0 when invalidating the logical address
dmaengine: coh901318: Fix a double-lock bug
dmaengine: coh901318: Remove unused variable
usb: dwc3: don't log probe deferrals; but do log other error codes
ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion()
dma-mapping: fix return type of dma_set_max_seg_size()
altera-stapl: check for a null key before strcasecmp'ing it
serial: imx: fix error handling in console_setup
i2c: imx: don't print error message on probe defer
dlm: NULL check before kmem_cache_destroy is not needed
ARM: debug: enable UART1 for socfpga Cyclone5
nfsd: fix a warning in __cld_pipe_upcall()
ARM: OMAP1/2: fix SoC name printing
net/x25: fix called/calling length calculation in x25_parse_address_block
net/x25: fix null_x25_address handling
ARM: dts: mmp2: fix the gpio interrupt cell number
ARM: dts: realview-pbx: Fix duplicate regulator nodes
tcp: fix off-by-one bug on aborting window-probing socket
tcp: fix SNMP TCP timeout under-estimation
modpost: skip ELF local symbols during section mismatch check
kbuild: fix single target build for external module
mtd: fix mtd_oobavail() incoherent returned value
ARM: dts: pxa: clean up USB controller nodes
clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent
ARM: dts: realview: Fix some more duplicate regulator nodes
dlm: fix invalid cluster name warning
net/mlx4_core: Fix return codes of unsupported operations
powerpc/math-emu: Update macros from GCC
MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition
nfsd: Return EPERM, not EACCES, in some SETATTR cases
tty: Don't block on IO when ldisc change is pending
media: stkwebcam: Bugfix for wrong return values
mlx4: Use snprintf instead of complicated strcpy
ARM: dts: sunxi: Fix PMU compatible strings
sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision
fuse: verify nlink
fuse: verify attributes
ALSA: pcm: oss: Avoid potential buffer overflows
Input: goodix - add upside-down quirk for Teclast X89 tablet
coresight: etm4x: Fix input validation for sysfs.
x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect
CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
CIFS: Fix SMB2 oplock break processing
tty: vt: keyboard: reject invalid keycodes
can: slcan: Fix use-after-free Read in slcan_open
jbd2: Fix possible overflow in jbd2_log_space_left()
drm/i810: Prevent underflow in ioctl
KVM: x86: do not modify masked bits of shared MSRs
KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES
crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr
crypto: ccp - fix uninitialized list head
crypto: ecdh - fix big endian bug in ECC library
crypto: user - fix memory leak in crypto_report
spi: atmel: Fix CS high support
RDMA/qib: Validate ->show()/store() callbacks before calling them
thermal: Fix deadlock in thermal thermal_zone_device_check
KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
appletalk: Fix potential NULL pointer dereference in unregister_snap_client
appletalk: Set error code if register_snap_client failed
usb: gadget: configfs: Fix missing spin_lock_init()
USB: uas: honor flag to avoid CAPACITY16
USB: uas: heed CAPACITY_HEURISTICS
usb: Allow USB device to be warm reset in suspended state
staging: rtl8188eu: fix interface sanity check
staging: rtl8712: fix interface sanity check
staging: gigaset: fix general protection fault on probe
staging: gigaset: fix illegal free on probe errors
staging: gigaset: add endpoint-type sanity check
xhci: Increase STS_HALT timeout in xhci_suspend()
ARM: dts: pandora-common: define wl1251 as child node of mmc3
iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting
USB: atm: ueagle-atm: add missing endpoint check
USB: idmouse: fix interface sanity checks
USB: serial: io_edgeport: fix epic endpoint lookup
USB: adutux: fix interface sanity check
usb: core: urb: fix URB structure initialization function
usb: mon: Fix a deadlock in usbmon between mmap and read
mtd: spear_smi: Fix Write Burst mode
virtio-balloon: fix managed page counts when migrating pages between zones
btrfs: check page->mapping when loading free space cache
btrfs: Remove btrfs_bio::flags member
Btrfs: send, skip backreference walking for extents with many references
btrfs: record all roots for rename exchange on a subvol
rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address
rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer
rtlwifi: rtl8192de: Fix missing enable interrupt flag
lib: raid6: fix awk build warnings
ALSA: hda - Fix pending unsol events at shutdown
workqueue: Fix spurious sanity check failures in destroy_workqueue()
workqueue: Fix pwq ref leak in rescuer_thread()
ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report
blk-mq: avoid sysfs buffer overflow with too many CPU cores
cgroup: pids: use atomic64_t for pids->limit
ar5523: check NULL before memcpy() in ar5523_cmd()
media: bdisp: fix memleak on release
media: radio: wl1273: fix interrupt masking on release
cpuidle: Do not unset the driver if it is there already
PM / devfreq: Lock devfreq in trans_stat_show
ACPI: OSL: only free map once in osl.c
ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data()
ACPI: PM: Avoid attaching ACPI PM domain to certain devices
pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init
pinctrl: samsung: Fix device node refcount leaks in init code
mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card
ppdev: fix PPGETTIME/PPSETTIME ioctls
powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB
video/hdmi: Fix AVI bar unpack
quota: Check that quota is not dirty before release
ext2: check err when partial != NULL
quota: fix livelock in dquot_writeback_dquots
scsi: zfcp: trace channel log even for FCP command responses
usb: xhci: only set D3hot for pci device
xhci: Fix memory leak in xhci_add_in_port()
xhci: make sure interrupts are restored to correct state
iio: adis16480: Add debugfs_reg_access entry
Btrfs: fix negative subv_writers counter and data space leak after buffered write
omap: pdata-quirks: remove openpandora quirks for mmc3 and wl1251
scsi: lpfc: Cap NPIV vports to 256
e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait
x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models
x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk
ath10k: fix fw crash by moving chip reset after napi disabled
ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity
pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init
scsi: qla2xxx: Fix DMA unmap leak
scsi: qla2xxx: Fix session lookup in qlt_abort_work()
scsi: qla2xxx: Fix qla24xx_process_bidir_cmd()
scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value
powerpc: Fix vDSO clock_getres()
reiserfs: fix extended attributes on the root directory
firmware: qcom: scm: Ensure 'a0' status code is treated as signed
mm/shmem.c: cast the type of unmap_start to u64
ext4: fix a bug in ext4_wait_for_tail_page_commit
blk-mq: make sure that line break can be printed
workqueue: Fix missing kfree(rescuer) in destroy_workqueue()
sunrpc: fix crash when cache_head become valid before update
net/mlx5e: Fix SFF 8472 eeprom length
kernel/module.c: wakeup processes in module_wq on module unload
nvme: host: core: fix precedence of ternary operator
net: bridge: deny dev_set_mac_address() when unregistering
net: ethernet: ti: cpsw: fix extra rx interrupt
openvswitch: support asymmetric conntrack
tcp: md5: fix potential overestimation of TCP option space
tipc: fix ordering of tipc module init and exit routine
inet: protect against too small mtu values.
tcp: fix rejected syncookies due to stale timestamps
tcp: tighten acceptance of ACKs not matching a child socket
tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
Revert "regulator: Defer init completion for a while after late_initcall"
PCI: Fix Intel ACS quirk UPDCR register address
PCI/MSI: Fix incorrect MSI-X masking on resume
xtensa: fix TLB sanity checker
CIFS: Respect O_SYNC and O_DIRECT flags during reconnect
ARM: dts: s3c64xx: Fix init order of clock providers
ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume()
vfio/pci: call irq_bypass_unregister_producer() before freeing irq
dma-buf: Fix memory leak in sync_file_merge()
dm btree: increase rebalance threshold in __rebalance2()
scsi: iscsi: Fix a potential deadlock in the timeout handler
drm/radeon: fix r1xx/r2xx register checker for POT textures
xhci: fix USB3 device initiated resume race with roothub autosuspend
net: stmmac: use correct DMA buffer size in the RX descriptor
net: stmmac: don't stop NAPI processing when dropping a packet
Linux 4.9.207
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 998174042da229e2cf5841f574aba4a743e69650 upstream.
Going through the uses of timeval in the user space API,
I noticed two bugs in ppdev that were introduced in the y2038
conversion:
* The range check was accidentally moved from ppsettime to
ppgettime
* On sparc64, the microseconds are in the other half of the
64-bit word.
Fix both, and mark the fix for stable backports.
Cc: stable@vger.kernel.org
Fixes: 3b9ab374a1 ("ppdev: convert to y2038 safe")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20191108203435.112759-8-arnd@arndb.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3pFbYACgkQONu9yGCS
aT6y/w/8DYKYKD/P8zCmsiDdC1aRO0oBTtvWSY4wfzEpziYnvjb+aVnbT1MizVRK
DOcHJgHpKjoW/rIoYo3obRK/2KdBQQ7QjuTBBs9KS1y9YeefT9nLpXOwZ1JFwHu6
Q/0zbH+CNcfcUnE/b86eciuPeFi6gzJdYMjbkI4GJMZnyXMdC9XmiVK8jmBGQkeF
Q60eHfop8ysmYEzl8EWOyVDCkWGj9QJ3m4IVkWIkXmFY7mvJPrfrEc7OsyAaJH4v
M2XZ4YPnnLvI9qzHzya+q02268eNtHyIaJC5M5iuAvg2av8cikntN+3ZYzdJ8fLG
12fKW3FzpMNLihkVILPnVkgEdobIUqf7owS6AUfgHKIiLWd+GBOiF7YZrWCHRmS+
zS5rgvsvlZbT4B6yi2S7vu+xf1/QKuca0jlGptryUPtxWigXXba3GVGa1JjZmjue
AtBMD7sIWeJgbfR1B8cqk7aSrx9i/xZUablYgCCy4Va5s5jO3NS47q3La//pnrLm
hHp7DXmYzPtSfkLEsfNP1UbMUNc5yzmlpJoy2bz1qpvXxfEyFA9HEfwo7Zx3di0W
w2AeUONPBCRFoPaXXJzEgHwulMt9UrsLn0SkByvsKYO29JhJ242LtDrLpieY4iN5
Zs416DXNe1iKUU45a7Fh0W9vyYohITGWXU+kj47dGBKVOJ3hxQw=
=Izfg
-----END PGP SIGNATURE-----
Merge 4.9.206 into android-4.9-q
Changes in 4.9.206
ASoC: compress: fix unsigned integer overflow check
ASoC: kirkwood: fix external clock probe defer
clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume
reset: fix reset_control_ops kerneldoc comment
clk: at91: avoid sleeping early
net: fec: add missed clk_disable_unprepare in remove
can: peak_usb: report bus recovery as well
can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open
watchdog: meson: Fix the wrong value of left time
scripts/gdb: fix debugging modules compiled with hot/cold partitioning
mac80211: fix station inactive_time shortly after boot
block: drbd: remove a stray unlock in __drbd_send_protocol()
pwm: bcm-iproc: Prevent unloading the driver module while in use
scsi: lpfc: Fix dif and first burst use in write commands
ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed
ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication
parisc: Fix serio address output
parisc: Fix HP SDC hpa address output
arm64: mm: Prevent mismatched 52-bit VA support
arm64: smp: Handle errors reported by the firmware
PM / AVS: SmartReflex: NULL check before some freeing functions is not needed
ARM: ks8695: fix section mismatch warning
ACPI / LPSS: Ignore acpi_device_fix_up_power() return value
crypto: user - support incremental algorithm dumps
mwifiex: fix potential NULL dereference and use after free
mwifiex: debugfs: correct histogram spacing, formatting
rtl818x: fix potential use after free
xfs: require both realtime inodes to mount
ubi: Put MTD device after it is not used
ubi: Do not drop UBI device reference before using
microblaze: adjust the help to the real behavior
microblaze: move "... is ready" messages to arch/microblaze/Makefile
gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB
VSOCK: bind to random port for VMADDR_PORT_ANY
mtd: rawnand: sunxi: Write pageprog related opcodes to WCMD_SET
btrfs: only track ref_heads in delayed_ref_updates
HID: intel-ish-hid: fixes incorrect error handling
xen/pciback: Check dev_data before using it
pinctrl: xway: fix gpio-hog related boot issues
net/mlx5: Continue driver initialization despite debugfs failure
KVM: s390: unregister debug feature on failing arch init
pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration
pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10
HID: doc: fix wrong data structure reference for UHID_OUTPUT
dm flakey: Properly corrupt multi-page bios.
gfs2: take jdata unstuff into account in do_grow
xfs: Align compat attrlist_by_handle with native implementation.
xfs: Fix bulkstat compat ioctls on x32 userspace.
IB/qib: Fix an error code in qib_sdma_verbs_send()
powerpc/book3s/32: fix number of bats in p/v_block_mapped()
powerpc/xmon: fix dump_segments()
drivers/regulator: fix a missing check of return value
serial: max310x: Fix tx_empty() callback
openrisc: Fix broken paths to arch/or32
RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer
scsi: qla2xxx: deadlock by configfs_depend_item
scsi: csiostor: fix incorrect dma device in case of vport
ath6kl: Only use match sets when firmware supports it
ath6kl: Fix off by one error in scan completion
powerpc/prom: fix early DEBUG messages
powerpc/mm: Make NULL pointer deferences explicit on bad page faults.
powerpc/44x/bamboo: Fix PCI range
vfio/spapr_tce: Get rid of possible infinite loop
powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status
drbd: ignore "all zero" peer volume sizes in handshake
drbd: reject attach of unsuitable uuids even if connected
drbd: do not block when adjusting "disk-options" while IO is frozen
drbd: fix print_st_err()'s prototype to match the definition
regulator: tps65910: fix a missing check of return value
powerpc/83xx: handle machine check caused by watchdog timer
powerpc/pseries: Fix node leak in update_lmb_associativity_index()
crypto: mxc-scc - fix build warnings on ARM64
pwm: clps711x: Fix period calculation
net/net_namespace: Check the return value of register_pernet_subsys()
um: Make GCOV depend on !KCOV
net: stmicro: fix a missing check of clk_prepare
net: dsa: bcm_sf2: Propagate error value from mdio_write
atl1e: checking the status of atl1e_write_phy_reg
tipc: fix a missing check of genlmsg_put
net/wan/fsl_ucc_hdlc: Avoid double free in ucc_hdlc_probe()
ocfs2: clear journal dirty flag after shutdown journal
vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n
lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk
lib/genalloc.c: use vzalloc_node() to allocate the bitmap
drivers/base/platform.c: kmemleak ignore a known leak
lib/genalloc.c: include vmalloc.h
mtd: Check add_mtd_device() ret code
tipc: fix memory leak in tipc_nl_compat_publ_dump
net/core/neighbour: tell kmemleak about hash tables
net/core/neighbour: fix kmemleak minimal reference count for hash tables
sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe
ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel
decnet: fix DN_IFREQ_SIZE
tipc: fix skb may be leaky in tipc_link_input
sfc: initialise found bitmap in efx_ef10_mtd_probe
net: fix possible overflow in __sk_mem_raise_allocated()
sctp: don't compare hb_timer expire date before starting it
net: dev: Use unsigned integer as an argument to left-shift
iommu/amd: Fix NULL dereference bug in match_hid_uid
scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery
ACPI / APEI: Switch estatus pool to use vmalloc memory
scsi: libsas: Check SMP PHY control function result
powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
mtd: Remove a debug trace in mtdpart.c
mm, gup: add missing refcount overflow checks on x86 and s390
clk: at91: fix update bit maps on CFG_MOR write
staging: rtl8192e: fix potential use after free
USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P
mei: bus: prefix device names on bus with the bus name
media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE
net: macb: fix error format in dev_err()
pwm: Clear chip_data in pwm_put()
media: atmel: atmel-isc: fix asd memory allocation
macvlan: schedule bc_work even if error
openvswitch: fix flow command message size
slip: Fix use-after-free Read in slip_open
openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info()
openvswitch: remove another BUG_ON()
tipc: fix link name length check
sctp: cache netns in sctp_ep_common
net: sched: fix `tc -s class show` no bstats on class with nolock subqueues
HID: core: check whether Usage Page item is after Usage ID items
hwrng: stm32 - fix unbalanced pm_runtime_enable
platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer
net: fec: fix clock count mis-match
Linux 4.9.206
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit af0d4442dd6813de6e77309063beb064fa8e89ae upstream.
No remove function implemented yet in the driver.
Without remove function, the pm_runtime implementation
complains when removing and probing again the driver.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3gA+IACgkQONu9yGCS
aT4A1g/9GUv2ZqnuffYjkV/89P+ueu5iG/XvI7EZixVtFNe8/ZV/MDqVw98TiGck
q9ZY4fg1Zn0VmBreSruDGBTa+NJ5RGlkcUqRO9CjeyPN2P3T9haN+JiRNpB2vjgW
xLOF0+JiZ/KZFB4QY39imcX+58BdCvl4I40wv2frP8r/QcM2eXP3f80UAb2bAjTO
mVKm538Btd/bSKbnzShmUree4lqExOZtxvoYjlGEwyJJz+uT2E2/HiE/mAoh4eIz
NtAAo9QH5xDye6dHLxxjM5ks3hyFipbNKzdIKXl/5Z2bF3wcG99M19BpbwoGmfv6
ndNl1Cbvvm1iBLK9+EKhEFpsoZ2emLf53l/cgmTHYAul/ookMwyqxogC9REH7pSL
YQVhoADQ7lqFmO5P09PKILx+P88Xn5FRTO/XcivKcmodKnaiQsxisRbem5LzGoDd
PhNQV/y7pVTwi1Q/FeD0rl3gPVaKLRyWFtEVkn/CI/2Y7CXCy0pLvkjso37REGt7
wNaE5/6yPuW1wQ+Sker767SwDN8C3PFQCNaPYTShEJ52H/g4vYtC5y3AtwVj0Mu8
itAw/vcwoEpY6clsCKq6qmptS8hNrP6bkOi6Ev4wPC/YS0iDnH/r/SGI+T3sEzBL
9FzBMerRJtRj8f2Iq6t2qp3sv4921iCLratrjVS+S5wSbCfYhrc=
=o3eX
-----END PGP SIGNATURE-----
Merge 4.9.204 into android-4.9-q
Changes in 4.9.204
net/mlx4_en: fix mlx4 ethtool -N insertion
net: rtnetlink: prevent underflows in do_setvfinfo()
sfc: Only cancel the PPS workqueue if it exists
net/mlx5e: Fix set vf link state error flow
net/sched: act_pedit: fix WARN() in the traffic path
gpio: max77620: Fixup debounce delays
tools: gpio: Correctly add make dependencies for gpio_utils
Revert "fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()"
mm/ksm.c: don't WARN if page is still mapped in remove_stable_node()
platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ
platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi
mwifiex: Fix NL80211_TX_POWER_LIMITED
ALSA: isight: fix leak of reference to firewire unit in error path of .probe callback
printk: fix integer overflow in setup_log_buf()
gfs2: Fix marking bitmaps non-full
synclink_gt(): fix compat_ioctl()
powerpc: Fix signedness bug in update_flash_db()
powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field
brcmsmac: AP mode: update beacon when TIM changes
ath10k: allocate small size dma memory in ath10k_pci_diag_write_mem
spi: sh-msiof: fix deferred probing
mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail
btrfs: handle error of get_old_root
gsmi: Fix bug in append_to_eventlog sysfs handler
misc: mic: fix a DMA pool free failure
m68k: fix command-line parsing when passed from u-boot
amiflop: clean up on errors during setup
scsi: ips: fix missing break in switch
KVM/x86: Fix invvpid and invept register operand size in 64-bit mode
scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler
scsi: isci: Change sci_controller_start_task's return type to sci_status
scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param
clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk
ASoC: tegra_sgtl5000: fix device_node refcounting
scsi: dc395x: fix dma API usage in srb_done
scsi: dc395x: fix DMA API usage in sg_update_list
net: fix warning in af_unix
net: ena: Fix Kconfig dependency on X86
xfs: fix use-after-free race in xfs_buf_rele
kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad stack
ALSA: i2c/cs8427: Fix int to char conversion
macintosh/windfarm_smu_sat: Fix debug output
USB: misc: appledisplay: fix backlight update_status return code
usbip: tools: fix atoi() on non-null terminated string
SUNRPC: Fix a compile warning for cmpxchg64()
sunrpc: safely reallow resvport min/max inversion
atm: zatm: Fix empty body Clang warnings
s390/perf: Return error when debug_register fails
spi: omap2-mcspi: Set FIFO DMA trigger level to word length
sparc: Fix parport build warnings.
ceph: fix dentry leak in ceph_readdir_prepopulate
rtc: s35390a: Change buf's type to u8 in s35390a_init
f2fs: fix to spread clear_cold_data()
mISDN: Fix type of switch control variable in ctrl_teimanager
qlcnic: fix a return in qlcnic_dcb_get_capability()
net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode
mfd: arizona: Correct calling of runtime_put_sync
mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values
mfd: max8997: Enale irq-wakeup unconditionally
selftests/ftrace: Fix to test kprobe $comm arg only if available
thermal: rcar_thermal: Prevent hardware access during system suspend
powerpc/process: Fix flush_all_to_thread for SPE
sparc64: Rework xchg() definition to avoid warnings.
fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle()
mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock
macsec: update operstate when lower device changes
macsec: let the administrator set UP state even if lowerdev is down
um: Make line/tty semantics use true write IRQ
linux/bitmap.h: handle constant zero-size bitmaps correctly
linux/bitmap.h: fix type of nbits in bitmap_shift_right()
hfsplus: fix BUG on bnode parent update
hfs: fix BUG on bnode parent update
hfsplus: prevent btree data loss on ENOSPC
hfs: prevent btree data loss on ENOSPC
hfsplus: fix return value of hfsplus_get_block()
hfs: fix return value of hfs_get_block()
hfsplus: update timestamps on truncate()
hfs: update timestamp on truncate()
fs/hfs/extent.c: fix array out of bounds read of array extent
mm/memory_hotplug: make add_memory() take the device_hotplug_lock
igb: shorten maximum PHC timecounter update interval
ntb_netdev: fix sleep time mismatch
ntb: intel: fix return value for ndev_vec_mask()
arm64: makefile fix build of .i file in external module case
ocfs2: don't put and assigning null to bh allocated outside
ocfs2: fix clusters leak in ocfs2_defrag_extent()
net: do not abort bulk send on BQL status
sched/fair: Don't increase sd->balance_interval on newidle balance
audit: print empty EXECVE args
wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()'
rtl8xxxu: Fix missing break in switch
brcmsmac: never log "tid x is not agg'able" by default
wireless: airo: potential buffer overflow in sprintf()
rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information
scsi: mpt3sas: Fix Sync cache command failure during driver unload
scsi: mpt3sas: Fix driver modifying persistent data in Manufacturing page11
scsi: megaraid_sas: Fix msleep granularity
scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces
dlm: fix invalid free
dlm: don't leak kernel pointer to userspace
ACPICA: Use %d for signed int print formatting instead of %u
net: bcmgenet: return correct value 'ret' from bcmgenet_power_down
sock: Reset dst when changing sk_mark via setsockopt
pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues
pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT
pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD
PCI: keystone: Use quirk to limit MRRS for K2G
spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch
mm/memory_hotplug: Do not unlock when fails to take the device_hotplug_lock
Bluetooth: Fix invalid-free in bcsp_close()
KVM: MMU: Do not treat ZONE_DEVICE pages as being reserved
ath9k_hw: fix uninitialized variable data
dm: use blk_set_queue_dying() in __dm_destroy()
arm64: fix for bad_mode() handler to always result in panic
cpufreq: Skip cpufreq resume if it's not suspended
ocfs2: remove ocfs2_is_o2cb_active()
ARM: 8904/1: skip nomap memblocks while finding the lowmem/highmem boundary
ARC: perf: Accommodate big-endian CPU
x86/insn: Fix awk regexp warnings
x86/speculation: Fix incorrect MDS/TAA mitigation status
x86/speculation: Fix redundant MDS mitigation message
nfc: port100: handle command failure cleanly
l2tp: don't use l2tp_tunnel_find() in l2tp_ip and l2tp_ip6
media: vivid: Set vid_cap_streaming and vid_out_streaming to true
media: vivid: Fix wrong locking that causes race conditions on streaming stop
media: usbvision: Fix races among open, close, and disconnect
cpufreq: Add NULL checks to show() and store() methods of cpufreq
media: uvcvideo: Fix error path in control parsing failure
media: b2c2-flexcop-usb: add sanity checking
media: cxusb: detect cxusb_ctrl_msg error in query
media: imon: invalid dereference in imon_touch_event
virtio_console: reset on out of memory
virtio_console: don't tie bufs to a vq
virtio_console: allocate inbufs in add_port() only if it is needed
virtio_ring: fix return code on DMA mapping fails
virtio_console: fix uninitialized variable use
virtio_console: drop custom control queue cleanup
virtio_console: move removal code
usbip: tools: fix fd leakage in the function of read_attr_usbip_status
usb-serial: cp201x: support Mark-10 digital force gauge
USB: chaoskey: fix error case of a timeout
appledisplay: fix error handling in the scheduled work
USB: serial: mos7840: add USB ID to support Moxa UPort 2210
USB: serial: mos7720: fix remote wakeup
USB: serial: mos7840: fix remote wakeup
USB: serial: option: add support for DW5821e with eSIM support
USB: serial: option: add support for Foxconn T77W968 LTE modules
staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error
powerpc/64s: support nospectre_v2 cmdline option
powerpc/book3s64: Fix link stack flush on context switch
KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel
Linux 4.9.204
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit aa44ec867030a72e8aa127977e37dec551d8df19 ]
Will make it reusable for error handling.
Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 61a8950c5c5708cf2068b29ffde94e454e528208 ]
We now cleanup all VQs on device removal - no need
to handle the control VQ specially.
Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2055997f983c6db7b5c3940ce5f8f822657d5bc3 ]
We try to disable callbacks on c_ivq even without multiport
even though that vq is not initialized in this configuration.
Fixes: c743d09dbd ("virtio: console: Disable callbacks for virtqueues at start of S4 freeze")
Suggested-by: Mike Galbraith <efault@gmx.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d791cfcbf98191122af70b053a21075cb450d119 ]
When we hot unplug a virtserialport and then try to hot plug again,
it fails:
(qemu) chardev-add socket,id=serial0,path=/tmp/serial0,server,nowait
(qemu) device_add virtserialport,bus=virtio-serial0.0,nr=2,\
chardev=serial0,id=serial0,name=serial0
(qemu) device_del serial0
(qemu) device_add virtserialport,bus=virtio-serial0.0,nr=2,\
chardev=serial0,id=serial0,name=serial0
kernel error:
virtio-ports vport2p2: Error allocating inbufs
qemu error:
virtio-serial-bus: Guest failure in adding port 2 for device \
virtio-serial0.0
This happens because buffers for the in_vq are allocated when the port is
added but are not released when the port is unplugged.
They are only released when virtconsole is removed (see a7a69ec0d8e4)
To avoid the problem and to be symmetric, we could allocate all the buffers
in init_vqs() as they are released in remove_vqs(), but it sounds like
a waste of memory.
Rather than that, this patch changes add_port() logic to ignore ENOSPC
error in fill_queue(), which means queue has already been filled.
Fixes: a7a69ec0d8e4 ("virtio_console: free buffers after reset")
Cc: mst@redhat.com
Cc: stable@vger.kernel.org
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2855b33514d290c51d52d94e25d3ef942cd4d578 ]
an allocated buffer doesn't need to be tied to a vq -
only vq->vdev is ever used. Pass the function the
just what it needs - the vdev.
Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 5c60300d68da32ca77f7f978039dc72bfc78b06b ]
When out of memory and we can't add ctrl vq buffers,
probe fails. Unfortunately the error handling is
out of spec: it calls del_vqs without bothering
to reset the device first.
To fix, call the full cleanup function in this case.
Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2bbYcACgkQONu9yGCS
aT79oQ/9HQuyJKKoRR7fVnbZV419aqKSYcBSv3d0ySIuAccr//1rQ90fJFrLN768
lP9AinNKxtFVdB0+R1dmh5CKqlyPw8COaAN64JbQjw1JA3rd9zPH/MzfIDlbeOnt
ad3QrYsrWD9pAimTsUG90duQv0rqim3xIEzfANC+nVZwWKt4kofVmlAfLhLb3SCt
A84PBhCUu25hmq1JEithmOzsufZJRfXfh172CGOkEhKYfRxoTShszOpTy1S/Xk9/
Rbo+N0wA6w7q9+qA/ku24Eo+jamWbgsyjB5Zr/0e5ZJZSrCtBWrYnpBq/nZTSf+u
1KrKs1/kR9FVEjB28mI1UbcG7Hneh8y/9iCvRSOm8PI+Zbaow8J5wVzzOIVfLmcg
5mx9p+To4umrBwj1yhqyKvx/oSCGU1TQ4ynYaJ3p0n4zWArv5Ajk0q/ZXcOHvCvl
8FvVgKimve9WkElKfxPfmq4vTurSwjmh7i1vhGnr2JrfJ4Gu0rmjRZNZcRz/h3tF
eWtkclKbGjrQcRPtiOuvI2NoosqOH66UQFa+lYmgaJjR0N+uyVcLcssb4LzLTsmk
EMCGu85mYUAeDtZJFDUYPQScrH7MpH6ceRInLbN53bM1QPi+aqk/6XZwYhM6Pfq/
Pw3h4V7ga3hJda0xsBExvzFhUSRr+5mJ14A8YxYx0hDHNr/6Yzo=
=oxpQ
-----END PGP SIGNATURE-----
Merge 4.9.196 into android-4.9-q
Changes in 4.9.196
drm/bridge: tc358767: Increase AUX transfer length limit
video: ssd1307fb: Start page range at page_offset
drm/radeon: Fix EEH during kexec
gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property()
ipmi_si: Only schedule continuously in the thread in maintenance mode
clk: qoriq: Fix -Wunused-const-variable
clk: sirf: Don't reference clk_init_data after registration
powerpc/rtas: use device model APIs and serialization during LPM
powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function
powerpc/pseries/mobility: use cond_resched when updating device tree
pinctrl: tegra: Fix write barrier placement in pmx_writel
vfio_pci: Restore original state on release
drm/amdgpu/si: fix ASIC tests
powerpc/64s/exception: machine check use correct cfar for late handler
powerpc/pseries: correctly track irq state in default idle
arm64: fix unreachable code issue with cmpxchg
clk: at91: select parent if main oscillator or bypass is enabled
scsi: core: Reduce memory required for SCSI logging
MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean
mfd: intel-lpss: Remove D3cold delay
PCI: tegra: Fix OF node reference leak
ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes
HID: apple: Fix stuck function keys when using FN
security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()
ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned address
fat: work around race with userspace's read via blockdev while mounting
hypfs: Fix error number left in struct pointer member
ocfs2: wait for recovering done after direct unlock request
kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
ANDROID: binder: remove waitqueue when thread exits.
ANDROID: binder: synchronize_rcu() when using POLLFREE.
cxgb4:Fix out-of-bounds MSI-X info array access
hso: fix NULL-deref on tty open
ipv6: drop incoming packets having a v4mapped source address
net: ipv4: avoid mixed n_redirects and rate_tokens usage
net: qlogic: Fix memory leak in ql_alloc_large_buffers
net: Unpublish sk from sk_reuseport_cb before call_rcu
nfc: fix memory leak in llcp_sock_bind()
qmi_wwan: add support for Cinterion CLS8 devices
sch_dsmark: fix potential NULL deref in dsmark_init()
net/rds: Fix error handling in rds_ib_add_one()
xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
ipv6: Handle missing host route in __ipv6_ifa_notify
Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
smack: use GFP_NOFS while holding inode_smack::smk_lock
NFC: fix attrs checks in netlink interface
Linux 4.9.196
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 340ff31ab00bca5c15915e70ad9ada3030c98cf8 ]
ipmi_thread() uses back-to-back schedule() to poll for command
completion which, on some machines, can push up CPU consumption and
heavily tax the scheduler locks leading to noticeable overall
performance degradation.
This was originally added so firmware updates through IPMI would
complete in a timely manner. But we can't kill the scheduler
locks for that one use case.
Instead, only run schedule() continuously in maintenance mode,
where firmware updates should run.
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2YcM0ACgkQONu9yGCS
aT50Bg//curnCC8kpDrnuE3sxgC6eDXMx0FVbepP6CI0cy+kQrytTWy7i3oIq/p+
8j5DXMkyc/Xq2GBcG3NWKZEcpJDWo+RUmgvIX1UlQKD4dJMc/KfGUwnf4hqvK08e
/ZyuELegBKjNhNPS09Vm3vzFthUJKpou8grOJw1ef1PgFGMdol+6j2LwPunEP2yY
fVVnQE4VGhkiZxxtl74rs4vR7XFhc2UX+QoruclWfNhQGmlMxsSeTNyez3xc+zEX
SgIOgf0PQ4x3zCSWcTlbXPKMiQfyRElivCuiqusObl/2JGPE/QJvQUjgCX8wgOqZ
BuX2X68S8S1jwVYngubL0W4lL68tQbm9Jac5E8R455azV0WhhBBv7A4xB3GE0AOY
8CIS9w6Th8NbHlejarSJ8jyqBavAj1qGkhFG4XpAZrq3u6qH4517w/MEVsEUi2wC
rgydLRfeCxiqT/FZCf4w9Mx8lF8nvvanvaGEr1iouAOtDf8EFxmYlr183TxbUE9i
cUW5JTthQropRk7i7U6pWCcLbDBrF5Ef3wl0Bmahq12xJKtE7DE0N+manDnbueu5
bmYuSC+2OfaORfVl8LhqyKEF3JmBZkcZASGqYQCBf7R6u+yLAxt2De/ZxTUHzM/c
PAtbFO/PwJEISzCscz6B+1n26GAs9C2TGpzeTw9E2rj0vnCT0So=
=R4e7
-----END PGP SIGNATURE-----
Merge 4.9.195 into android-4.9-q
Changes in 4.9.195
Revert "Bluetooth: validate BLE connection interval updates"
IB/core: Add an unbound WQ type to the new CQ API
HID: prodikeys: Fix general protection fault during probe
HID: logitech: Fix general protection fault caused by Logitech driver
HID: hidraw: Fix invalid read in hidraw_ioctl
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
crypto: talitos - fix missing break in switch statement
media: tvp5150: fix switch exit in set control handler
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
objtool: Clobber user CFLAGS variable
mac80211: Print text for disassociation reason
mac80211: handle deauthentication/disassociation from TDLS peer
power: supply: sysfs: ratelimit property read error message
locking/lockdep: Add debug_locks check in __lock_downgrade()
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
f2fs: check all the data segments against all node ones
Revert "f2fs: avoid out-of-range memory access"
f2fs: fix to do sanity check on segment bitmap of LFS curseg
drm: Flush output polling on shutdown
xfs: don't crash on null attr fork xfs_bmapi_read
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
arcnet: provide a buffer big enough to actually receive packets
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
macsec: drop skb sk before calling gro_cells_receive
net/phy: fix DP83865 10 Mbps HDX loopback disable function
net: qrtr: Stop rx_worker before freeing node
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
ppp: Fix memory leak in ppp_write
sch_netem: fix a divide by zero in tabledist()
skge: fix checksum byte order
usbnet: ignore endpoints with invalid wMaxPacketSize
usbnet: sanity checking of packet sizes and device mtu
mISDN: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
nfc: enforce CAP_NET_RAW for raw sockets
ALSA: hda: Flush interrupts on disabling
regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
ASoC: sgtl5000: Fix charge pump source assignment
dmaengine: bcm2835: Print error in case setting DMA mask fails
leds: leds-lp5562 allow firmware files up to the maximum length
media: dib0700: fix link error for dibx000_i2c_set_speed
media: exynos4-is: fix leaked of_node references
media: hdpvr: Add device num check and handling
sched/fair: Fix imbalance due to CPU affinity
sched/core: Fix CPU controller for !RT_GROUP_SCHED
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
x86/apic: Soft disable APIC before initializing it
ALSA: hda - Show the fatal CORB/RIRB error more clearly
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
media: iguanair: add sanity checks
base: soc: Export soc_device_register/unregister APIs
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
ia64:unwind: fix double free for mod->arch.init_unw_table
EDAC/altera: Use the proper type for the IRQ status bits
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
md: don't set In_sync if array is frozen
efi: cper: print AER info of PCIe fatal error
media: gspca: zero usb_buf on error
dmaengine: iop-adma: use correct printk format strings
media: omap3isp: Don't set streaming state on random subdevs
net: lpc-enet: fix printk format strings
ARM: dts: imx7d: cl-som-imx7: make ethernet work again
media: radio/si470x: kill urb on error
media: hdpvr: add terminating 0 at end of string
media: dvb-core: fix a memory leak bug
PM / devfreq: passive: Use non-devm notifiers
PM / devfreq: exynos-bus: Correct clock enable sequence
media: saa7146: add cleanup in hexium_attach()
media: cpia2_usb: fix memory leaks
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
media: ov9650: add a sanity check
ACPI / CPPC: do not require the _PSD method
arm64: kpti: ensure patched kernel text is fetched from PoU
nvmet: fix data units read and written counters in SMART log
iommu/amd: Silence warnings under memory pressure
libtraceevent: Change users plugin directory
ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
ACPI: custom_method: fix memory leaks
ACPI / PCI: fix acpi_pci_irq_enable() memory leak
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
md/raid1: fail run raid1 array when active disk less than one
dmaengine: ti: edma: Do not reset reserved paRAM slots
kprobes: Prohibit probing on BUG() and WARN() address
s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
mmc: sdhci: Fix incorrect switch to HS mode
libertas: Add missing sentinel at end of if_usb.c fw_table
e1000e: add workaround for possible stalled packet
drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
media: omap3isp: Set device on omap3isp subdevs
PM / devfreq: passive: fix compiler warning
ALSA: firewire-tascam: handle error code when getting current source of clock
ALSA: firewire-tascam: check intermediate state of clock status and retry
IB/hfi1: Define variables as unsigned long to fix KASAN warning
printk: remove games with previous record flags
printk: Do not lose last line in kmsg buffer dump
fuse: fix missing unlock_page in fuse_writepage()
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
KVM: x86: always stop emulation on page fault
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: Manually calculate reserved bits when loading PDPTRS
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
ASoC: Intel: NHLT: Fix debug print format
ASoC: Intel: Fix use of potentially uninitialized variable
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
regulator: Defer init completion for a while after late_initcall
memcg, kmem: do not fail __GFP_NOFAIL charges
ovl: filter of trusted xattr results in audit
Btrfs: fix use-after-free when using the tree modification log
btrfs: Relinquish CPUs in btrfs_compare_trees
md/raid6: Set R5_ReadError when there is read failure on parity disk
cfg80211: Purge frame registrations on iftype change
/dev/mem: Bail out upon SIGKILL.
ext4: fix warning inside ext4_convert_unwritten_extents_endio
ext4: fix punch hole for inline_data file systems
quota: fix wrong condition in is_quota_modification()
hwrng: core - don't wait on add_early_randomness()
i2c: riic: Clear NACK in tend isr
CIFS: fix max ea value size
CIFS: Fix oplock handling for SMB 2.1+ protocols
btrfs: qgroup: Drop quota_root and fs_info parameters from update_qgroup_status_item
Btrfs: fix race setting up and completing qgroup rescan workers
Linux 4.9.195
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 78887832e76541f77169a24ac238fccb51059b63 upstream.
add_early_randomness() is called by hwrng_register() when the
hardware is added. If this hardware and its module are present
at boot, and if there is no data available the boot hangs until
data are available and can't be interrupted.
For instance, in the case of virtio-rng, in some cases the host can be
not able to provide enough entropy for all the guests.
We can have two easy ways to reproduce the problem but they rely on
misconfiguration of the hypervisor or the egd daemon:
- if virtio-rng device is configured to connect to the egd daemon of the
host but when the virtio-rng driver asks for data the daemon is not
connected,
- if virtio-rng device is configured to connect to the egd daemon of the
host but the egd daemon doesn't provide data.
The guest kernel will hang at boot until the virtio-rng driver provides
enough data.
To avoid that, call rng_get_data() in non-blocking mode (wait=0)
from add_early_randomness().
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Fixes: d9e7972619 ("hwrng: add randomness to system from rng...")
Cc: <stable@vger.kernel.org>
Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8619e5bdeee8b2c685d686281f2d2a6017c4bc15 upstream.
syzbot found that a thread can stall for minutes inside read_mem() or
write_mem() after that thread was killed by SIGKILL [1]. Reading from
iomem areas of /dev/mem can be slow, depending on the hardware.
While reading 2GB at one read() is legal, delaying termination of killed
thread for minutes is bad. Thus, allow reading/writing /dev/mem and
/dev/kmem to be preemptible and killable.
[ 1335.912419][T20577] read_mem: sz=4096 count=2134565632
[ 1335.943194][T20577] read_mem: sz=4096 count=2134561536
[ 1335.978280][T20577] read_mem: sz=4096 count=2134557440
[ 1336.011147][T20577] read_mem: sz=4096 count=2134553344
[ 1336.041897][T20577] read_mem: sz=4096 count=2134549248
Theoretically, reading/writing /dev/mem and /dev/kmem can become
"interruptible". But this patch chose "killable". Future patch will make
them "interruptible" so that we can revert to "killable" if some program
regressed.
[1] https://syzkaller.appspot.com/bug?id=a0e3436829698d5824231251fad9d8e998f94f5e
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: stable <stable@vger.kernel.org>
Reported-by: syzbot <syzbot+8ab2d0f39fb79fe6ca40@syzkaller.appspotmail.com>
Link: https://lore.kernel.org/r/1566825205-10703-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Make the anon_inodes facility unconditional so that it can be used by core
VFS code.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
(cherry picked from commit dadd2299ab61fc2b55b95b7b3a8f674cdd3b69c9)
Bug: 135608568
Test: test program using syscall(__NR_sys_pidfd_open,..) and poll()
Change-Id: I2f97bda4f360d8d05bbb603de839717b3d8067ae
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1GilkACgkQONu9yGCS
aT6ibw//QcoRk+6jjWIzW2R83tvcSpDREIYKF5xDPULqmaUKv7qcbGqdCT4OI0Vf
CySao6jvmN+1V+5OlQHHw1qmithHF/Y4yEVi+eL0CcMgB6qA2tQxeA0ffFu0Fzxe
oKrAIDANAJ2FKymqbIzTJU8AChNuy+Rc+C60L9O0ZhBHykLYvO7/VepTxdO2aMGs
a9tdZyXnOAr/ZgKx+uN1F8Rx2ZorNfFmP2rDxEZ/B8pVrXsOjMAcxWRsZBv+w9mc
zWaMPEL1vIR/kG35L18l2EFwZ++uIGvfGR2HxhNRUlTqN4m/3trATIc0eRn5PyAC
qBlVdcwUeJKavBqK3cgHvK9CzWQdSMxNefk9A0H66ZGpfSuNCiFjw54AXEiRzx3t
OvzUvDjfa36jsKW7yiYXdLbEa52gT14UDzmSIzlAYQLBplEadHikJ0FxCFzAWpFt
C13gG1e4G0ZKEHH8wZMuRdanHbN87c/0Sm4rgTLMwCO6I1PeILcUwIq9El9M4RVL
MmHSXLKduaHbPJWx+Qopl6NxjqTe/VR8paT6q1QnU00/4kP15aIVE08vZSiGSNP+
Gp6xbv12skAx1m1zP7K82oGdwnCVCJUqlC9wafcjsaxcoCVBWvIgPkyMWAzUeFzc
Ub2yIS9iulUeYOxPXBZKWCqgwpl7kovGztf4gwX2Kuy50mXSZQg=
=ozfF
-----END PGP SIGNATURE-----
Merge 4.9.187 into android-4.9-q
Changes in 4.9.187
MIPS: ath79: fix ar933x uart parity mode
MIPS: fix build on non-linux hosts
arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
dmaengine: imx-sdma: fix use-after-free on probe error path
ath10k: Do not send probe response template for mesh
ath9k: Check for errors when reading SREV register
ath6kl: add some bounds checking
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
batman-adv: fix for leaked TVLV handler.
media: dvb: usb: fix use after free in dvb_usb_device_exit
crypto: talitos - fix skcipher failure due to wrong output IV
media: marvell-ccic: fix DMA s/g desc number calculation
media: vpss: fix a potential NULL pointer dereference
media: media_device_enum_links32: clean a reserved field
net: stmmac: dwmac1000: Clear unused address entries
net: stmmac: dwmac4/5: Clear unused address entries
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
af_key: fix leaks in key_pol_get_resp and dump_sp.
xfrm: Fix xfrm sel prefix length validation
media: mc-device.c: don't memset __user pointer contents
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
net: phy: Check against net_device being NULL
crypto: talitos - properly handle split ICV.
crypto: talitos - Align SEC1 accesses to 32 bits boundaries.
tua6100: Avoid build warnings.
locking/lockdep: Fix merging of hlocks with non-zero references
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
cpupower : frequency-set -r option misses the last cpu in related cpu list
net: fec: Do not use netdev messages too early
net: axienet: Fix race condition causing TX hang
s390/qdio: handle PENDING state for QEBSM devices
perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
perf test 6: Fix missing kvm module load for s390
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
gpio: omap: ensure irq is enabled before wakeup
regmap: fix bulk writes on paged registers
bpf: silence warning messages in core
rcu: Force inlining of rcu_read_lock()
blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration
xfrm: fix sa selector validation
perf evsel: Make perf_evsel__name() accept a NULL argument
vhost_net: disable zerocopy by default
ipoib: correcly show a VF hardware address
EDAC/sysfs: Fix memory leak when creating a csrow object
ipsec: select crypto ciphers for xfrm_algo
media: i2c: fix warning same module names
ntp: Limit TAI-UTC offset
timer_list: Guard procfs specific code
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
media: coda: fix mpeg2 sequence number handling
media: coda: increment sequence offset for the last returned frame
mt7601u: do not schedule rx_tasklet when the device has been disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: fix possible memory leak when the device is disconnected
ath10k: fix PCIE device wake up failed
perf tools: Increase MAX_NR_CPUS and MAX_CACHES
libata: don't request sense data on !ZAC ATA devices
clocksource/drivers/exynos_mct: Increase priority over ARM arch timer
rslib: Fix decoding of shortened codes
rslib: Fix handling of of caller provided syndrome
ixgbe: Check DDM existence in transceiver before access
crypto: asymmetric_keys - select CRYPTO_HASH where needed
EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
iwlwifi: mvm: Drop large non sta frames
net: usb: asix: init MAC address buffers
gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
Bluetooth: 6lowpan: search for destination address in all peers
Bluetooth: Check state in l2cap_disconnect_rsp
Bluetooth: validate BLE connection interval updates
gtp: fix Illegal context switch in RCU read-side critical section.
gtp: fix use-after-free in gtp_newlink()
xen: let alloc_xenballooned_pages() fail if not enough memory free
scsi: NCR5380: Reduce goto statements in NCR5380_select()
scsi: NCR5380: Always re-enable reselection interrupt
scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
crypto: ghash - fix unaligned memory access in ghash_setkey()
crypto: arm64/sha1-ce - correct digest for empty data in finup
crypto: arm64/sha2-ce - correct digest for empty data in finup
crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
Input: gtco - bounds check collection indent level
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
arm64: tegra: Update Jetson TX1 GPU regulator timings
iwlwifi: pcie: don't service an interrupt that was masked
tracing/snapshot: Resize spare buffer if size changed
NFSv4: Handle the special Linux file open access mode
lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
ALSA: seq: Break too long mutex context in the write loop
ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine
media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
media: coda: Remove unbalanced and unneeded mutex unlock
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
arm64: tegra: Fix AGIC register range
fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.
drm/nouveau/i2c: Enable i2c pads & busses during preinit
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
9p/virtio: Add cleanup path in p9_virtio_init
PCI: Do not poll for PME if the device is in D3cold
Btrfs: add missing inode version, ctime and mtime updates when punching hole
libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
take floppy compat ioctls to sodding floppy.c
floppy: fix div-by-zero in setup_format_params
floppy: fix out-of-bounds read in next_valid_format
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in copy_buffer
coda: pass the host file in vma->vm_file on mmap
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
crypto: ccp - Validate the the error value used to index error messages
PCI: hv: Delete the device earlier from hbus->children for hot-remove
PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
crypto: caam - limit output IV to CBC to work around CTR mode DMA issue
um: Allow building and running on older hosts
um: Fix FP register size for XSTATE/XSAVE
parisc: Ensure userspace privilege for ptraced processes in regset functions
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
powerpc/watchpoint: Restore NV GPRs while returning from exception
eCryptfs: fix a couple type promotion bugs
intel_th: msu: Fix single mode with disabled IOMMU
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
usb: Handle USB3 remote wakeup for LPM enabled devices correctly
dm bufio: fix deadlock with loop device
compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
compiler.h: Add read_word_at_a_time() function.
lib/strscpy: Shut up KASAN false-positives in strscpy()
ext4: allow directory holes
bnx2x: Prevent load reordering in tx completion processing
bnx2x: Prevent ptp_task to be rescheduled indefinitely
caif-hsi: fix possible deadlock in cfhsi_exit_module()
igmp: fix memory leak in igmpv3_del_delrec()
ipv4: don't set IPv6 only flags to IPv4 addresses
net: bcmgenet: use promisc for unsupported filters
net: dsa: mv88e6xxx: wait after reset deactivation
net: neigh: fix multiple neigh timer scheduling
net: openvswitch: fix csum updates for MPLS actions
nfc: fix potential illegal memory access
rxrpc: Fix send on a connected, but unbound socket
sky2: Disable MSI on ASUS P6T
vrf: make sure skb->data contains ip header to make routing
macsec: fix use-after-free of skb during RX
macsec: fix checksumming after decryption
netrom: fix a memory leak in nr_rx_frame()
netrom: hold sock when setting skb->destructor
bonding: validate ip header before check IPPROTO_IGMP
tcp: Reset bytes_acked and bytes_received when disconnecting
net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net: bridge: stp: don't cache eth dest pointer before skb pull
perf/x86/amd/uncore: Rename 'L2' to 'LLC'
perf/x86/amd/uncore: Get correct number of cores sharing last level cache
perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id
NFSv4: Fix open create exclusive when the server reboots
nfsd: increase DRC cache limit
nfsd: give out fewer session slots as limit approaches
nfsd: fix performance-limiting session calculation
nfsd: Fix overflow causing non-working mounts on 1 TB machines
drm/panel: simple: Fix panel_simple_dsi_probe
usb: core: hub: Disable hub-initiated U1/U2
tty: max310x: Fix invalid baudrate divisors calculator
pinctrl: rockchip: fix leaked of_node references
tty: serial: cpm_uart - fix init when SMC is relocated
drm/bridge: tc358767: read display_props in get_modes()
drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz
memstick: Fix error cleanup path of memstick_init
tty/serial: digicolor: Fix digicolor-usart already registered warning
tty: serial: msm_serial: avoid system lockup condition
serial: 8250: Fix TX interrupt handling condition
drm/virtio: Add memory barriers for capset cache.
phy: renesas: rcar-gen2: Fix memory leak at error paths
drm/rockchip: Properly adjust to a true clock in adjusted_mode
tty: serial_core: Set port active bit in uart_port_activate
usb: gadget: Zero ffs_io_data
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
PCI: sysfs: Ignore lockdep for remove attribute
kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS
PCI: xilinx-nwl: Fix Multi MSI data programming
iio: iio-utils: Fix possible incorrect mask calculation
recordmcount: Fix spurious mcount entries on powerpc
mfd: core: Set fwnode for created devices
mfd: arizona: Fix undefined behavior
mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk
um: Silence lockdep complaint about mmap_sem
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
RDMA/i40iw: Set queue pair state when being queried
serial: sh-sci: Terminate TX DMA during buffer flushing
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
kallsyms: exclude kasan local symbols on s390
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM
powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h
f2fs: avoid out-of-range memory access
mailbox: handle failed named mailbox channel request
powerpc/eeh: Handle hugepages in ioremap space
sh: prevent warnings when using iounmap
mm/kmemleak.c: fix check for softirq context
9p: pass the correct prototype to read_cache_page
mm/mmu_notifier: use hlist_add_head_rcu()
locking/lockdep: Fix lock used or unused stats error
locking/lockdep: Hide unused 'class' variable
usb: wusbcore: fix unbalanced get/put cluster_id
usb: pci-quirks: Correct AMD PLL quirk detection
x86/sysfb_efi: Add quirks for some devices with swapped width and height
x86/speculation/mds: Apply more accurate check on hypervisor platform
hpet: Fix division by zero in hpet_time_div()
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
ALSA: hda - Add a conexant codec entry to let mute led work
powerpc/tm: Fix oops on sigreturn on systems without TM
access: avoid the RCU grace period for the temporary subjective credentials
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
tcp: reset sk_send_head in tcp_write_queue_purge
arm64: dts: marvell: Fix A37xx UART0 register size
i2c: qup: fixed releasing dma without flush operation completion
arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ
ISDN: hfcsusb: checking idx of ep configuration
media: au0828: fix null dereference in error path
media: cpia2_usb: first wake up, then free in disconnect
media: radio-raremono: change devm_k*alloc to k*alloc
Bluetooth: hci_uart: check for missing tty operations
sched/fair: Don't free p->numa_faults with concurrent readers
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
ceph: hold i_ceph_lock when removing caps for freeing inode
Linux 4.9.187
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzxMLAACgkQONu9yGCS
aT649BAArnTG3L6VW6B/Z3bIhKIFPaeXI19wpF7UsaG4pnYXq6gJIGRJFLM6jWJd
/jvDB43ysPAsZHjSNsBGn6qJZ6scUFr2E4K+Q5oSOmjlFn6N8HCoUApKFC1Nw4U3
MTnNOgYhdRlw1ffep4E7fqDbpPvZ+YcWFGaRQ9I8bho6E3uNM/psa9XYeJ+bEZnA
iCTjDM/sr85tF7KTCy0QVw2kzYyIAnQGPzbL3V5iLhUU+wvIV6ccH3jyloa3KX1s
N3sQIlwWh2Od2EvIHVkOGar1/ZMDZUN8Yj6DIrkP8QLy5fbRViOWwKS6RSt9GhQn
5vY+uq9+4/KXZhVm5V9MmL8AJ1hrbFO3G/O4DMhV7Wb5Ou471m/ZcQaxIJBMhkgh
Mh115DVkF3b7bcQZFz955AopKmUCsF6AwdiX9cfvWfMkTiBhUwzgFczdeXZIiU8s
ZjbErG88yYDFJvc7ra3OBlNDw/hWixLv6xWCpUFUPEKWUf708V7TXIs+n1B1FBz2
hSq8y18JvquuXVMRe/IhzUWkYDIQWmA6QzSIRrt/0X6WuNW3Bj1r6LpOGdrJzM5Y
lPKKAu7sNdDx7k91QST8mqmUN181XQ8mYd2dYS1a5LGBq+UAXw2IHokAHj74oCz5
KdMaony//lOAjkubD6YJ3f8naMEF09Qah907dlyApw6V28pTnkI=
=LFsk
-----END PGP SIGNATURE-----
Merge 4.9.180 into android-4.9-q
Changes in 4.9.180
ext4: do not delete unlinked inode from orphan list on failed truncate
KVM: x86: fix return value for reserved EFER
bio: fix improper use of smp_mb__before_atomic()
Revert "scsi: sd: Keep disk read-only when re-reading partition"
crypto: vmx - CTR: always increment IV as quadword
kvm: svm/avic: fix off-by-one in checking host APIC ID
libnvdimm/namespace: Fix label tracking error
arm64: Save and restore OSDLR_EL1 across suspend/resume
gfs2: Fix sign extension bug in gfs2_update_stats
Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path
Btrfs: fix race between ranged fsync and writeback of adjacent ranges
btrfs: sysfs: don't leak memory when failing add fsid
fbdev: fix divide error in fb_var_to_videomode
hugetlb: use same fault hash key for shared and private mappings
fbdev: fix WARNING in __alloc_pages_nodemask bug
media: cpia2: Fix use-after-free in cpia2_exit
media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
at76c50x-usb: Don't register led_trigger if usb_register_driver failed
perf tools: No need to include bitops.h in util.h
tools include: Adopt linux/bits.h
Revert "btrfs: Honour FITRIM range constraints during free space trim"
gfs2: Fix lru_count going negative
cxgb4: Fix error path in cxgb4_init_module
mmc: core: Verify SD bus width
dmaengine: tegra210-dma: free dma controller in remove()
net: ena: gcc 8: fix compilation warning
ASoC: hdmi-codec: unlock the device on startup errors
powerpc/boot: Fix missing check of lseek() return value
ASoC: imx: fix fiq dependencies
spi: pxa2xx: fix SCR (divisor) calculation
brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler()
ARM: vdso: Remove dependency with the arch_timer driver internals
arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable
sched/cpufreq: Fix kobject memleak
scsi: qla2xxx: Fix a qla24xx_enable_msix() error path
iwlwifi: pcie: don't crash on invalid RX interrupt
rtc: 88pm860x: prevent use-after-free on device remove
w1: fix the resume command API
dmaengine: pl330: _stop: clear interrupt status
mac80211/cfg80211: update bss channel on channel switch
ASoC: fsl_sai: Update is_slave_mode with correct value
mwifiex: prevent an array overflow
net: cw1200: fix a NULL pointer dereference
crypto: sun4i-ss - Fix invalid calculation of hash end
bcache: return error immediately in bch_journal_replay()
bcache: fix failure in journal relplay
bcache: add failure check to run_cache_set() for journal replay
bcache: avoid clang -Wunintialized warning
x86/build: Move _etext to actual end of .text
smpboot: Place the __percpu annotation correctly
x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault()
mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions
HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
pinctrl: pistachio: fix leaked of_node references
dmaengine: at_xdmac: remove BUG_ON macro in tasklet
media: coda: clear error return value before picture run
media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
media: au0828: stop video streaming only when last user stops
media: ov2659: make S_FMT succeed even if requested format doesn't match
audit: fix a memory leak bug
media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
media: pvrusb2: Prevent a buffer overflow
powerpc/numa: improve control of topology updates
sched/core: Check quota and period overflow at usec to nsec conversion
sched/core: Handle overflow in cpu_shares_write_u64
USB: core: Don't unbind interfaces following device reset failure
x86/irq/64: Limit IST stack overflow check to #DB stack
i40e: don't allow changes to HW VLAN stripping on active port VLANs
arm64: vdso: Fix clock_getres() for CLOCK_REALTIME
RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
scsi: libsas: Do discovery on empty PHY to update PHY info
mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
mmc_spi: add a status check for spi_sync_locked
mmc: sdhci-of-esdhc: add erratum eSDHC5 support
mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
PM / core: Propagate dev->power.wakeup_path when no callbacks
extcon: arizona: Disable mic detect if running when driver is removed
s390: cio: fix cio_irb declaration
cpufreq: ppc_cbe: fix possible object reference leak
cpufreq/pasemi: fix possible object reference leak
cpufreq: pmac32: fix possible object reference leak
x86/build: Keep local relocations with ld.lld
iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
iio: hmc5843: fix potential NULL pointer dereferences
iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data
rtlwifi: fix a potential NULL pointer dereference
mwifiex: Fix mem leak in mwifiex_tm_cmd
brcmfmac: fix missing checks for kmemdup
b43: shut up clang -Wuninitialized variable warning
brcmfmac: convert dev_init_lock mutex to completion
brcmfmac: fix race during disconnect when USB completion is in progress
brcmfmac: fix Oops when bringing up interface during USB disconnect
scsi: ufs: Fix regulator load and icc-level configuration
scsi: ufs: Avoid configuring regulator with undefined voltage range
arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
x86/uaccess, signal: Fix AC=1 bloat
x86/ia32: Fix ia32_restore_sigcontext() AC leak
chardev: add additional check for minor range overlap
HID: core: move Usage Page concatenation to Main item
ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
cxgb3/l2t: Fix undefined behaviour
spi: tegra114: reset controller on probe
media: wl128x: prevent two potential buffer overflows
virtio_console: initialize vtermno value for ports
tty: ipwireless: fix missing checks for ioremap
x86/mce: Fix machine_check_poll() tests for error types
rcutorture: Fix cleanup path for invalid torture_type strings
rcuperf: Fix cleanup path for invalid perf_type strings
usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
scsi: qla4xxx: avoid freeing unallocated dma memory
dmaengine: tegra210-adma: use devm_clk_*() helpers
media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
media: go7007: avoid clang frame overflow warning with KASAN
scsi: lpfc: Fix FDMI manufacturer attribute value
media: saa7146: avoid high stack usage with clang
scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
spi : spi-topcliff-pch: Fix to handle empty DMA buffers
spi: rspi: Fix sequencer reset during initialization
spi: Fix zero length xfer bug
ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
drm: Wake up next in drm_read() chain if we are forced to putback the event
Linux 4.9.180
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 4b0a2c5ff7215206ea6135a405f17c5f6fca7d00 ]
For regular serial ports we do not initialize value of vtermno
variable. A garbage value is assigned for non console ports.
The value can be observed as a random integer with [1].
[1] vim /sys/kernel/debug/virtio-ports/vport*p*
This patch initialize the value of vtermno for console serial
ports to '1' and regular serial ports are initiaized to '0'.
Reported-by: siliu@redhat.com
Signed-off-by: Pankaj Gupta <pagupta@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzkK/4ACgkQONu9yGCS
aT7MpBAAwnw0HPr67VKF/PD18KNz5e8suu9OD8lUI7z5+CVA62bAe4cx4FQNOudZ
gR9iS2Q57k0b6pKIX1sOITkAuJCHIH7J9vL8PDIu+NeJFJiz82vg/k/3dq/QjL64
1Z6jjcDu/i4yNF/Jv+eAMbs1faRDOdMM4uLHqpwqdoOhp6aKVkqmPe1gMSXpCF4U
KTaypH/3f/0cMCWVSv75qPBK4eiiW5WgoS3CWtOcZAaxqpQpPdo3zKgzjxgfYCIR
7U0LpTSp9EEFIKtOYNvAJEUb2WZRKqSXHhPaWFmfYsTL6Zl5S4V7rbQaepmrKHpV
uzHSsPt6cXrzCnfPu0kcXzPDrQrW5zDg70ndYhuxR0mChcwazopRIVtDRHP6DXso
g/F1tKORhz5DPYuAkz7GCdyFQNXqipz6ybx54Z3JC7C+kXO6mc0GzFmihMjrlWCg
oIK0Va6WL7f1aYsakv1ngI2v7NqVq/EylOFHkqMZMxlrtUOWKbznz5CHg9D5oxO4
P/cZBkOhmsvKqtV5wtKDAISXmAIQMQabgKlPa7jPayjBk9b/4EEXp2DAJJ3lnNPQ
KfK+W6iChZho+YIyd4KWGpqu88bmDUssR11tw2xAJlnFKv2e1+tQQaCUjdp1meUM
ewbOuBEuElmPWMmh6TACzxa1pF6cPW72C1JJ1xYoUx/yihUo6n0=
=js4a
-----END PGP SIGNATURE-----
Merge 4.9.178 into android-4.9-q
Changes in 4.9.178
net: core: another layer of lists, around PF_MEMALLOC skb handling
locking/rwsem: Prevent decrement of reader count before increment
PCI: hv: Fix a memory leak in hv_eject_device_work()
x86/speculation/mds: Revert CPU buffer clear on double fault exit
x86/speculation/mds: Improve CPU buffer clear documentation
objtool: Fix function fallthrough detection
ARM: exynos: Fix a leaked reference by adding missing of_node_put
power: supply: axp288_charger: Fix unchecked return value
arm64: compat: Reduce address limit
arm64: Clear OSDLR_EL1 on CPU boot
sched/x86: Save [ER]FLAGS on context switch
crypto: chacha20poly1305 - set cra_name correctly
crypto: vmx - fix copy-paste error in CTR mode
crypto: crct10dif-generic - fix use via crypto_shash_digest()
crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
ALSA: usb-audio: Fix a memory leak bug
ALSA: hda/hdmi - Read the pin sense from register when repolling
ALSA: hda/hdmi - Consider eld_valid when reporting jack event
ALSA: hda/realtek - EAPD turn on later
ASoC: max98090: Fix restore of DAPM Muxes
ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
mm/mincore.c: make mincore() more conservative
ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L
mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values
tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
jbd2: check superblock mapped prior to committing
ext4: actually request zeroing of inode table after grow
ext4: fix ext4_show_options for file systems w/o journal
Btrfs: do not start a transaction at iterate_extent_inodes()
bcache: fix a race between cache register and cacheset unregister
bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
ipmi:ssif: compare block number correctly for multi-part return messages
crypto: gcm - Fix error return code in crypto_gcm_create_common()
crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
crypto: salsa20 - don't access already-freed walk.iv
crypto: arm/aes-neonbs - don't access already-freed walk.iv
fib_rules: fix error in backport of e9919a24d302 ("fib_rules: return 0...")
writeback: synchronize sync(2) against cgroup writeback membership switches
fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount
ext4: zero out the unused memory region in the extent tree block
ext4: fix data corruption caused by overlapping unaligned and aligned IO
ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
Linux 4.9.178
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 55be8658c7e2feb11a5b5b33ee031791dbd23a69 upstream.
According to ipmi spec, block number is a number that is incremented,
starting with 0, for each new block of message data returned using the
middle transaction.
Here, the 'blocknum' is data[0] which always starts from zero(0) and
'ssif_info->multi_pos' starts from 1.
So, we need to add +1 to blocknum while comparing with multi_pos.
Fixes: 7d6380cd40f79 ("ipmi:ssif: Fix handling of multi-part return messages").
Reported-by: Kiran Kolukuluru <kirank@ami.com>
Signed-off-by: Kamlakant Patel <kamlakantp@marvell.com>
Message-Id: <1556106615-18722-1-git-send-email-kamlakantp@marvell.com>
[Also added a debug log if the block numbers don't match.]
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Cc: stable@vger.kernel.org # 4.4
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzEBhgACgkQONu9yGCS
aT5v2w/+Mh9eJL1WjwqUfGzbel0DXZjEcDgPV3t0fwU+GeovkKVanvtK7vnODzou
KR5m4DENfmxu+tMeaGjlzDWeHJ1D+G0tl4Z0BK9EH7Vj2CXvCll43jQE8TLsvTS6
9ypHUKSs2lA/1HGbfcn1GZCJ55wz9YkjlkGxOb+uDOPtB6C4q0pKkYLWpHbAzaaK
PwFCxF9zmzBQlVm/77GuAB1GPdzn5b0jJ8eG9Vlx0hxwa61orsB9Qjpj3MNtyzGS
/pBn1jQO6bOpmiy+4v3+Baydm5Gs77hkFnB4H/TvXq9qVkYKpL3DZFJuzFQ+0x4I
p8uytuGuXPRcmE7WVOBqYM1VZSqrvbIbqtw14yso8mGHFa5Tq7jMvjWXjGuC99bU
Ui1Ebn5tM+S4Cyu83F6PWp6irhLUxR0Ud1a43AYKPTaI9kEHZdR71GuclpZsEPPH
C2PgbZppntV9h6vzkehw7gmq+06qelMcNplKbVVHtyEymdj6YgwOln7IYnlAeGYt
DrX2UIOVXFauZvBbRekryRdoxrp4enwGxc1mjG8hltoOanvyri0kUnLvLpPZKlIj
rpZbpeIaEylEgWyeprAjjMOE98xm0cu1HqKHXKvVVe7WfZi/y4skbT3Y73Vmfm0z
bTeJNQ0SLZwzoS82YEgpTwKh5ykMLRWJmrnKAI4GZcv6A4NRYGI=
=LAgp
-----END PGP SIGNATURE-----
Merge 4.9.171 into android-4.9-q
Changes in 4.9.171
bonding: fix event handling for stacked bonds
net: atm: Fix potential Spectre v1 vulnerabilities
net: bridge: fix per-port af_packet sockets
net: bridge: multicast: use rcu to access port list from br_multicast_start_querier
net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
tcp: tcp_grow_window() needs to respect tcp_space()
team: set slave to promisc if team is already in promisc mode
vhost: reject zero size iova range
ipv4: recompile ip options in ipv4_link_failure
ipv4: ensure rcu_read_lock() in ipv4_link_failure()
crypto: crypto4xx - properly set IV after de- and encrypt
mmc: sdhci: Fix data command CRC error handling
modpost: file2alias: go back to simple devtable lookup
modpost: file2alias: check prototype of handler
tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
CIFS: keep FileInfo handle live during oplock break
KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
staging: iio: ad7192: Fix ad7193 channel address
iio/gyro/bmg160: Use millidegrees for temperature scale
iio: ad_sigma_delta: select channel when reading register
iio: adc: at91: disable adc channel interrupt in timeout case
io: accel: kxcjk1013: restore the range after resume.
staging: comedi: vmk80xx: Fix use of uninitialized semaphore
staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
staging: comedi: ni_usb6501: Fix use of uninitialized mutex
staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
ALSA: core: Fix card races between register and disconnect
Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO"
Revert "svm: Fix AVIC incomplete IPI emulation"
crypto: x86/poly1305 - fix overflow during partial reduction
arm64: futex: Restore oldval initialization to work around buggy compilers
x86/kprobes: Verify stack frame on kretprobe
kprobes: Mark ftrace mcount handler functions nokprobe
kprobes: Fix error check when reusing optimized probes
rt2x00: do not increment sequence number while re-transmitting
mac80211: do not call driver wake_tx_queue op during reconfig
perf/x86/amd: Add event map for AMD Family 17h
Revert "kbuild: use -Oz instead of -Os when using clang"
sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
device_cgroup: fix RCU imbalance in error case
mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n
ALSA: info: Fix racy addition/deletion of nodes
percpu: stop printing kernel addresses
i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array
Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()"
kernel/sysctl.c: fix out-of-bounds access when setting file-max
Linux 4.9.171
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 442601e87a4769a8daba4976ec3afa5222ca211d upstream
Return -E2BIG when the transfer is incomplete. The upper layer does
not retry, so not doing that is incorrect behaviour.
Cc: stable@vger.kernel.org
Fixes: a2871c62e1 ("tpm: Add support for Atmel I2C TPMs")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAly6xVoACgkQONu9yGCS
aT4vmRAAmmmaS5dKFrLUvfXTwCwKnn2O8JmSuW5J88lS0poh85fxzkxu8u2qoC1L
jZ1Az2Kda01gxWkrR9bJX/5q8mlyLPxKO6mMZyxblYO9za/uGOm+G30LwE5cn+DE
dYlvogUrYfOD0ESlACtDVFyeWIMLqTeWvPwNAF+znQOdPN9Z9X3G1iNx2hWUJQU7
RV3rbISMphJHV1CWx4cPV2tsCJfHWLmGVnCUv46yzKGeDUqt4rxycs4iCT5ElpyN
GUZmds02efUfokj2iBbXjo7pBmycbxlaJQ9I4AXzuLCtGOKwkoJKN2EyKRY/ea3k
IMl3jA1BZDL6V0wNOsAUOwnce3NRschBAUgoRcWQoroJGy/cWP+JEX9EfZIBm1kv
3suDUKXRGDidrgBl0gMeeikS8XCzky38AbC+IWK6BXhjCSBK3cIg6SxozQT6FGOP
JbdaBpqv1w0Ncp8J4PCIMv+Knk68ZKb68cK3Q3VHbynCMYMcHecG/0U+s23x1Fn+
lK41Qjj/ZGAn+ieuZpfZOMl80Lzl3jYrJ4LoXx2w605282Gwq8zbPz8kCPlH33fe
xhyD4FIe9MO2Qi+n1/MXn/ClCU8wKKF6mD65tatTxI4KMhD8g+QVszxihf5J+E1N
kSYJ9GblEUCATlzx29lgNfX8JBBX+OeIOkM1ynhEC0q/o7bulgk=
=/Mx6
-----END PGP SIGNATURE-----
Merge 4.9.170 into android-4.9-q
Changes in 4.9.170
ARC: u-boot args: check that magic number is correct
perf/core: Restore mmap record type correctly
ext4: add missing brelse() in add_new_gdb_meta_bg()
ext4: report real fs size after failed resize
ALSA: echoaudio: add a check for ioremap_nocache
ALSA: sb8: add a check for request_region
IB/mlx4: Fix race condition between catas error reset and aliasguid flows
mmc: davinci: remove extraneous __init annotation
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
thermal/int340x_thermal: Add additional UUIDs
thermal/int340x_thermal: fix mode setting
tools/power turbostat: return the exit status of a command
perf config: Fix an error in the config template documentation
perf config: Fix a memory leak in collect_config()
perf build-id: Fix memory leak in print_sdt_events()
perf top: Fix error handling in cmd_top()
perf hist: Add missing map__put() in error case
perf evsel: Free evsel->counts in perf_evsel__exit()
perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
irqchip/mbigen: Don't clear eventid when freeing an MSI
x86/hpet: Prevent potential NULL pointer dereference
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
iommu/vt-d: Check capability before disabling protected memory
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
fix incorrect error code mapping for OBJECTID_NOT_FOUND
ext4: prohibit fstrim in norecovery mode
gpio: pxa: handle corner case of unprobed device
rsi: improve kernel thread handling to fix kernel panic
9p: do not trust pdu content for stat item size
9p locks: add mount option for lock retry interval
f2fs: fix to do sanity check with current segment number
serial: uartps: console_setup() can't be placed to init section
HID: i2c-hid: override HID descriptors for certain devices
ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
ACPI / SBS: Fix GPE storm on recent MacBookPro's
cifs: fallback to older infolevels on findfirst queryinfo retry
kernel: hung_task.c: disable on suspend
crypto: sha256/arm - fix crash bug in Thumb2 build
crypto: sha512/arm - fix crash bug in Thumb2 build
iommu/dmar: Fix buffer overflow during PCI bus notification
soc/tegra: pmc: Drop locking from tegra_powergate_is_powered()
lkdtm: Add tests for NULL pointer dereference
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
appletalk: Fix use-after-free in atalk_proc_exit
lib/div64.c: off by one in shift
include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
net: stmmac: Set dma ring length before enabling the DMA
appletalk: Fix compile regression
Linux 4.9.170
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 3d7a850fdc1a2e4d2adbc95cc0fc962974725e88 upstream
The current approach to read first 6 bytes from the response and then tail
of the response, can cause the 2nd memcpy_fromio() to do an unaligned read
(e.g. read 32-bit word from address aligned to a 16-bits), depending on how
memcpy_fromio() is implemented. If this happens, the read will fail and the
memory controller will fill the read with 1's.
This was triggered by 170d13ca3a2f, which should be probably refined to
check and react to the address alignment. Before that commit, on x86
memcpy_fromio() turned out to be memcpy(). By a luck GCC has done the right
thing (from tpm_crb's perspective) for us so far, but we should not rely on
that. Thus, it makes sense to fix this also in tpm_crb, not least because
the fix can be then backported to stable kernels and make them more robust
when compiled in differing environments.
Cc: stable@vger.kernel.org
Cc: James Morris <jmorris@namei.org>
Cc: Tomas Winkler <tomas.winkler@intel.com>
Cc: Jerry Snitselaar <jsnitsel@redhat.com>
Fixes: 30fc8d138e ("tpm: TPM 2.0 CRB Interface")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
Acked-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Sasha Levin (Microsoft) <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAly2yYMACgkQONu9yGCS
aT6IqA/+OvJwCoWsZj06Y82GpAnNtK6icEGG51//yRkkXRZNzQyJjM/ycy03yA6C
zBdwcUvZa5ZQjdXtEq4JFwlsAePzK+Gq1aTc/GRUoxh7+UCxBHHzGP4Kba+wKYFw
54FITbPBmPLRbK3uR9wvYzEwzeQd3oVGYL5WZFqfZPfSPEDGGNYQlNsQdFg4xMG1
WRdCIs2bnOCXqFNu8dspg8eDD6Fj3Pwk5iyaV/8Xn8/UbmRsNSb609mVM7wkS4Bo
DdDKdebKoBAMNYMYNUOxvlmeMLqFq0CbqEwpW/ieanvuzA2Tw0szA97XkOcj7/vk
ZRDReo8FkDouNQcOq0A+tMZ8RgXkDuZXiT7ANI3KJWEgW9cG+0G6v4X8cm73Topo
N0/ktnyuBlpK/au/BLZWCLYY9QV7dPZBSPkO1+9OnHGbEmJQ+nuPe1D55bOCrTja
Leu0LLVAZSqakO6ZR9XnQ9sRgOFc/x/Ka0fjZSdMGQ4dmFHjIXZzwm52FrXkR7XH
kzTqN2G6V9Ny60ikv1gV+zZ+Oi4/d2XwUEBbTFGdBcuh25m++DAci73mVj109Mzj
TI3Hf/paIIPa2am3M8YkqR1NsEoBgnNJGsaTbb61RUlQL68NEZfUEbo7+HwZhXPg
VPNzMlFO3HRzL3IciPtUb+7uD1MEqrN3ftpwxCN78iL8PaNLysA=
=LNZg
-----END PGP SIGNATURE-----
Merge 4.9.169 into android-4.9-q
Changes in 4.9.169
x86/power: Fix some ordering bugs in __restore_processor_context()
x86/power/64: Use struct desc_ptr for the IDT in struct saved_context
x86/power/32: Move SYSENTER MSR restoration to fix_processor_context()
x86/power: Make restore_processor_context() sane
powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM
kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
x86: vdso: Use $LD instead of $CC to link
x86/vdso: Drop implicit common-page-size linker flag
lib/string.c: implement a basic bcmp
powerpc: Fix invalid use of register expressions
powerpc/64s: Add barrier_nospec
powerpc/64s: Add support for ori barrier_nospec patching
powerpc: Avoid code patching freed init sections
powerpc/64s: Patch barrier_nospec in modules
powerpc/64s: Enable barrier_nospec based on firmware settings
powerpc: Use barrier_nospec in copy_from_user()
powerpc/64: Use barrier_nospec in syscall entry
powerpc/64s: Enhance the information in cpu_show_spectre_v1()
powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
powerpc/64: Disable the speculation barrier from the command line
powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
powerpc/64: Call setup_barrier_nospec() from setup_arch()
powerpc/64: Make meltdown reporting Book3S 64 specific
powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
powerpc/asm: Add a patch_site macro & helpers for patching instructions
powerpc/64s: Add new security feature flags for count cache flush
powerpc/64s: Add support for software count cache flush
powerpc/pseries: Query hypervisor for count cache flush settings
powerpc/powernv: Query firmware for count cache flush settings
powerpc/fsl: Add infrastructure to fixup branch predictor flush
powerpc/fsl: Add macro to flush the branch predictor
powerpc/fsl: Fix spectre_v2 mitigations reporting
powerpc/fsl: Emulate SPRN_BUCSR register
powerpc/fsl: Add nospectre_v2 command line argument
powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
powerpc/fsl: Flush branch predictor when entering KVM
powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
powerpc/fsl: Update Spectre v2 reporting
powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
powerpc/fsl: Fix the flush of branch predictor.
powerpc/security: Fix spectre_v2 reporting
arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region
tty: mark Siemens R3964 line discipline as BROKEN
tty: ldisc: add sysctl to prevent autoloading of ldiscs
ipv6: Fix dangling pointer when ipv6 fragment
ipv6: sit: reset ip header pointer in ipip6_rcv
kcm: switch order of device registration to fix a crash
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
openvswitch: fix flow actions reallocation
qmi_wwan: add Olicard 600
sctp: initialize _pad of sockaddr_in before copying to user memory
tcp: Ensure DCTCP reacts to losses
vrf: check accept_source_route on the original netdevice
bnxt_en: Reset device on RX buffer errors.
bnxt_en: Improve RX consumer index validity check.
net/mlx5e: Add a lock on tir list
netns: provide pure entropy for net_hash_mix()
net: ethtool: not call vzalloc for zero sized memory request
ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
ALSA: seq: Fix OOB-reads from strlcpy
parisc: Detect QEMU earlier in boot process
include/linux/bitrev.h: fix constant bitrev
ASoC: fsl_esai: fix channel swap issue when stream starts
Btrfs: do not allow trimming when a fs is mounted with the nologreplay option
block: do not leak memory in bio_copy_user_iov()
genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
virtio: Honour 'may_reduce_num' in vring_create_virtqueue
ARM: dts: at91: Fix typo in ISC_D0 on PC9
arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
parisc: Use cr16 interval timers unconditionally on qemu
xen: Prevent buffer overflow in privcmd ioctl
sched/fair: Do not re-read ->h_load_next during hierarchical load calculation
xtensa: fix return_address
PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
Linux 4.9.169
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit c7084edc3f6d67750f50d4183134c4fb5712a5c8 upstream.
The n_r3964 line discipline driver was written in a different time, when
SMP machines were rare, and users were trusted to do the right thing.
Since then, the world has moved on but not this code, it has stayed
rooted in the past with its lovely hand-crafted list structures and
loads of "interesting" race conditions all over the place.
After attempting to clean up most of the issues, I just gave up and am
now marking the driver as BROKEN so that hopefully someone who has this
hardware will show up out of the woodwork (I know you are out there!)
and will help with debugging a raft of changes that I had laying around
for the code, but was too afraid to commit as odds are they would break
things.
Many thanks to Jann and Linus for pointing out the initial problems in
this codebase, as well as many reviews of my attempts to fix the issues.
It was a case of whack-a-mole, and as you can see, the mole won.
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlynutMACgkQONu9yGCS
aT7lVA//QFJ8IsKQt9GCsGqVrJR/sI6HkCY9axyFNnSJSh67QGkZdOBd4W4kXDgW
T0/WyhvYwhdDagm81sThKYsQo2WrPEuQ1KfarK9VZgnDVkmdkY+IJEg90QJUoDGg
ucGsZs5S91cfDLC7UyfWEJLKJ9pqaPA4+jV0aHbcHiIzKCZqpBUwrZ+sa8UZXOTP
a8BPz3PM7EjHLLGstPzN1ZP8mGsOwgR/Hy9Fy7hkX+SRor8sAIdRs5uLkH4qr52G
mdbP42v3CtqyCXHTRaSVqXVak1U3i9IcD1zFY3JSQyUUo+QgHBzMf6ZGANudo7oM
hI8Q9fKl095P9lYFp8zb1nH4OoFbS1P6gUlUtl9qBPWx12EUbXic9XrcEzmk8bPH
E1uao/TZRymbadgRYiZZp4wIyG0XHWhY2aQ8AvKgMN5ddlqYfpOCY+gFuo5OPosC
/vusNZgy4RshbLi+NNpx+5HluMJQJaU7NLs6sHud9CsmeQYx41Hqu0v+VOBuvvJ+
iRkoPB6jw8ekJWKGQVm/eT2Qb0t8VqlPWTSWkbZEjWqeb/3dhJHlsDox1n/DuPgA
mBPkOHPYfZKO/2uNgiFLLb5FZA9HjMbyy6l4jogUhEeQkMc4bM2h3TXafRdmca8o
3/ElCDte0h/8uIPaqj8hprCK1/DunauQP3F4wA75XnKzU5C/FNw=
=NJEW
-----END PGP SIGNATURE-----
Merge 4.9.168 into android-4.9-q
Changes in 4.9.168
arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
arm64: debug: Ensure debug handlers check triggering exception level
ext4: cleanup bh release code in ext4_ind_remove_space()
lib/int_sqrt: optimize initial value compute
tty/serial: atmel: Add is_half_duplex helper
tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
CIFS: fix POSIX lock leak and invalid ptr deref
h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
tracing: kdb: Fix ftdump to not sleep
gpio: gpio-omap: fix level interrupt idling
include/linux/relay.h: fix percpu annotation in struct rchan
sysctl: handle overflow for file-max
enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
scsi: hisi_sas: Set PHY linkrate when disconnected
mm/cma.c: cma_declare_contiguous: correct err handling
mm/page_ext.c: fix an imbalance with kmemleak
mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
mm/slab.c: kmemleak no scan alien caches
ocfs2: fix a panic problem caused by o2cb_ctl
f2fs: do not use mutex lock in atomic context
fs/file.c: initialize init_files.resize_wait
cifs: use correct format characters
dm thin: add sanity checks to thin-pool and external snapshot creation
cifs: Fix NULL pointer dereference of devname
jbd2: fix invalid descriptor block checksum
fs: fix guard_bio_eod to check for real EOD errors
tools lib traceevent: Fix buffer overflow in arg_eval
wil6210: check null pointer in _wil_cfg80211_merge_extra_ies
crypto: crypto4xx - add missing of_node_put after of_device_is_available
usb: chipidea: Grab the (legacy) USB PHY by phandle first
scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
coresight: etm4x: Add support to enable ETMv4.2
ARM: 8840/1: use a raw_spinlock_t in unwind
iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables
mmc: omap: fix the maximum timeout setting
e1000e: Fix -Wformat-truncation warnings
mlxsw: spectrum: Avoid -Wformat-truncation warnings
IB/mlx4: Increase the timeout for CM cache
scsi: megaraid_sas: return error when create DMA pool failed
perf test: Fix failure of 'evsel-tp-sched' test on s390
SoC: imx-sgtl5000: add missing put_device()
media: sh_veu: Correct return type for mem2mem buffer helpers
media: s5p-jpeg: Correct return type for mem2mem buffer helpers
media: s5p-g2d: Correct return type for mem2mem buffer helpers
media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1
HID: intel-ish-hid: avoid binding wrong ishtp_cl_device
leds: lp55xx: fix null deref on firmware load failure
iwlwifi: pcie: fix emergency path
ACPI / video: Refactor and fix dmi_is_desktop()
kprobes: Prohibit probing on bsearch()
ARM: 8833/1: Ensure that NEON code always compiles with Clang
ALSA: PCM: check if ops are defined before suspending PCM
usb: f_fs: Avoid crash due to out-of-scope stack ptr access
bcache: fix input overflow to cache set sysfs file io_error_halflife
bcache: fix input overflow to sequential_cutoff
bcache: improve sysfs_strtoul_clamp()
genirq: Avoid summation loops for /proc/stat
iw_cxgb4: fix srqidx leak during connection abort
fbdev: fbmem: fix memory access if logo is bigger than the screen
cdrom: Fix race condition in cdrom_sysctl_register
e1000e: fix cyclic resets at link up with active tx
ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
efi/memattr: Don't bail on zero VA if it equals the region's PA
ARM: dts: lpc32xx: Remove leading 0x and 0s from bindings notation
soc: qcom: gsbi: Fix error handling in gsbi_probe()
mt7601u: bump supported EEPROM version
ARM: avoid Cortex-A9 livelock on tight dmb loops
tty: increase the default flip buffer limit to 2*640K
powerpc/pseries: Perform full re-add of CPU for topology update post-migration
media: mt9m111: set initial frame size other than 0x0
hwrng: virtio - Avoid repeated init of completion
soc/tegra: fuse: Fix illegal free of IO base address
HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit
hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
dmaengine: imx-dma: fix warning comparison of distinct pointer types
dmaengine: qcom_hidma: assign channel cookie correctly
netfilter: physdev: relax br_netfilter dependency
media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
drm/nouveau: Stop using drm_crtc_force_disable
x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
selinux: do not override context on context mounts
wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
x86/build: Mark per-CPU symbols as absolute explicitly for LLD
dmaengine: tegra: avoid overflow of byte tracking
drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
ACPI / video: Extend chassis-type detection with a "Lunch Box" check
Linux 4.9.168
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 24d48a61f2666630da130cc2ec2e526eacf229e3 ]
Commit '3d035f5806 ("drivers/char/hpet.c: allow user controlled mmap for
user processes")' introduced a new kernel command line parameter hpet_mmap,
that is required to expose the memory map of the HPET registers to
user-space. Unfortunately the kernel command line parameter 'hpet_mmap' is
broken and never takes effect due to missing '=' character in the __setup()
code of hpet_mmap_enable.
Before this patch:
dmesg output with the kernel command line parameter hpet_mmap=1
[ 0.204152] HPET mmap disabled
dmesg output with the kernel command line parameter hpet_mmap=0
[ 0.204192] HPET mmap disabled
After this patch:
dmesg output with the kernel command line parameter hpet_mmap=1
[ 0.203945] HPET mmap enabled
dmesg output with the kernel command line parameter hpet_mmap=0
[ 0.204652] HPET mmap disabled
Fixes: 3d035f5806 ("drivers/char/hpet.c: allow user controlled mmap for user processes")
Signed-off-by: Buland Singh <bsingh@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit aef027db48da56b6f25d0e54c07c8401ada6ce21 ]
The virtio-rng driver uses a completion called have_data to wait for a
virtio read to be fulfilled by the hypervisor. The completion is reset
before placing a buffer on the virtio queue and completed by the virtio
callback once data has been written into the buffer.
Prior to this commit, the driver called init_completion on this
completion both during probe as well as when registering virtio buffers
as part of a hwrng read operation. The second of these init_completion
calls should instead be reinit_completion because the have_data
completion has already been inited by probe. As described in
Documentation/scheduler/completion.txt, "Calling init_completion() twice
on the same completion object is most likely a bug".
This bug was present in the initial implementation of virtio-rng in
f7f510ec19 ("virtio: An entropy device, as suggested by hpa"). Back
then the have_data completion was a single static completion rather than
a member of one of potentially multiple virtrng_info structs as
implemented later by 08e53fbdb8 ("virtio-rng: support multiple
virtio-rng devices"). The original driver incorrectly used
init_completion rather than INIT_COMPLETION to reset have_data during
read.
Tested by running `head -c48 /dev/random | hexdump` within crosvm, the
Chrome OS virtual machine monitor, and confirming that the virtio-rng
driver successfully produces random bytes from the host.
Signed-off-by: David Tolnay <dtolnay@gmail.com>
Tested-by: David Tolnay <dtolnay@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
The crng_init triggers process_crng_rdy_callbacks() and those callbacks
can call into the crng again. So, leave the spinlock before processing
the callbacks.
This is a version of upstream commit '4a072c71f49b'
Bug: 124090075
Test: Build and boot cuttlefish with hwrng enabled
Change-Id: Ie5b7a60cd17eae80ca26b518c60110fd18efd548
Signed-off-by: Sandeep Patil <sspatil@android.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlyJcH4ACgkQONu9yGCS
aT6A3A//dVZKmejQ7tUeESZm5e/J+1/qSsF1LXVHoAYBz5aetWr+4/Ya3a3yl/QS
cVypLhSi/pEstd6gxgIyDts9C7JZdnsOrRg+tJ0D6DEUWBJGrWlBj+gSFdKyN5ko
4yFLk66kL8RV5d921q3OfHbhDy0qIso6VaFOKh4kRWTuoATgSAjksA/A//FijWh3
QQGB30IElENFfTYBIxqlzqer3FnarqauaiaJxSMSAhzlWcxcy7gs43RryIX1zX+F
BqhNgDwP4pU7EK128s0Jjx32PwOWb8sV9WB4t9b5NkIj1BRsc2repxorQg3GO+b9
ATaGJHVT87sU8Uvegvq+rFqmNdlg8OhGEg0GgpJOe/jrigx8+iCO1kbPgfXUJmzx
hu0qD+e1bW2hRk11l0kgTR2b1xaTq1Kfrwz8NjIirVLYBxZfLZpnZ9kiYeKRBjZC
lFHNogmLswWBgZfnqJGMWnZsL+lx8eyzB+27ntm9ZHffs+pZCw+njLcOkE7Fv7tb
5WKNLgdcD2mnH0OWKsszHFa7xVQnlhXPrfPC9Qh+e5ds6E5rDRHpr88DDBdAFW9f
ECtdLyh2Wl3fdxTGKhzo8psONigWRnyniqr6ELf3K6gUCuGcyHyYPkTy10OnnYU8
Dq3TtnQyhHeiNvmtGGcDtCJo/oKxZRtt9+q4k6NDBSV5i4ZOtI8=
=ZC4+
-----END PGP SIGNATURE-----
Merge 4.9.163 into android-4.9
Changes in 4.9.163
USB: serial: option: add Telit ME910 ECM composition
USB: serial: cp210x: add ID for Ingenico 3070
USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
cpufreq: Use struct kobj_attribute instead of struct global_attr
ncpfs: fix build warning of strncpy
isdn: isdn_tty: fix build warning of strncpy
staging: comedi: ni_660x: fix missing break in switch statement
staging: wilc1000: fix to set correct value for 'vif_num'
staging: android: ion: fix sys heap pool's gfp_flags
ip6mr: Do not call __IP6_INC_STATS() from preemptible context
net-sysfs: Fix mem leak in netdev_register_kobject
sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
team: Free BPF filter when unregistering netdev
bnxt_en: Drop oversize TX packets to prevent errors.
hv_netvsc: Fix IP header checksum for coalesced packets
net: dsa: mv88e6xxx: Fix u64 statistics
netlabel: fix out-of-bounds memory accesses
net: netem: fix skb length BUG_ON in __skb_to_sgvec
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
net: sit: fix memory leak in sit_init_net()
xen-netback: don't populate the hash cache on XenBus disconnect
xen-netback: fix occasional leak of grant ref mappings under memory pressure
net: Add __icmp_send helper.
net: avoid use IPCB in cipso_v4_error
tun: fix blocking read
tun: remove unnecessary memory barrier
net: phy: Micrel KSZ8061: link failure after cable connect
x86/CPU/AMD: Set the CPB bit unconditionally on F17h
applicom: Fix potential Spectre v1 vulnerabilities
MIPS: irq: Allocate accurate order pages for irq stack
hugetlbfs: fix races and page leaks during migration
exec: Fix mem leak in kernel_read_file
media: uvcvideo: Fix 'type' check leading to overflow
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
perf core: Fix perf_proc_update_handler() bug
perf tools: Handle TOPOLOGY headers with no CPU
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
iommu/amd: Call free_iova_fast with pfn in map_sg
iommu/amd: Unmap all mapped pages in error path of map_sg
ipvs: Fix signed integer overflow when setsockopt timeout
iommu/amd: Fix IOMMU page flush when detach device from a domain
xtensa: SMP: fix ccount_timer_shutdown
xtensa: SMP: fix secondary CPU initialization
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: mark each possible CPU as present
xtensa: SMP: limit number of possible CPUs by NR_CPUS
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
net: hns: Fix for missing of_node_put() after of_parse_phandle()
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
gpio: vf610: Mask all GPIO interrupts
nfs: Fix NULL pointer dereference of dev_name
qed: Fix VF probe failure while FLR
scsi: libfc: free skb when receiving invalid flogi resp
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
cifs: fix computation for MAX_SMB2_HDR_SIZE
arm64: kprobe: Always blacklist the KVM world-switch code
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
x86_64: increase stack size for KASAN_EXTRA
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
autofs: drop dentry reference only when it is never used
autofs: fix error return in autofs_fill_super()
soc: fsl: qbman: avoid race in clearing QMan interrupt
ARM: pxa: ssp: unneeded to free devm_ allocated data
arm64: dts: add msm8996 compatible to gicv3
usb: phy: fix link errors
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
vsock/virtio: fix kernel panic after device hot-unplug
vsock/virtio: reset connected sockets on device removal
dmaengine: dmatest: Abort test in case of mapping error
selftests: netfilter: fix config fragment CONFIG_NF_TABLES_INET
selftests: netfilter: add simple masq/redirect test cases
netfilter: nf_nat: skip nat clash resolution for same-origin entries
s390/qeth: fix use-after-free in error path
perf symbols: Filter out hidden symbols from labels
MIPS: Remove function size check in get_frame_info()
fs: ratelimit __find_get_block_slow() failure message.
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
iscsi_ibft: Fix missing break in switch statement
scsi: aacraid: Fix missing break in switch statement
futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
ARM: dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
drm: disable uncached DMA optimization for ARM and arm64
ARM: 8781/1: Fix Thumb-2 syscall return for binutils 2.29+
ARM: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420
perf/x86/intel: Make cpuc allocations consistent
perf/x86/intel: Generalize dynamic constraint creation
x86: Add TSX Force Abort CPUID/MSR
Linux 4.9.163
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit d7ac3c6ef5d8ce14b6381d52eb7adafdd6c8bb3c upstream.
IndexCard is indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.
This issue was detected with the help of Smatch:
drivers/char/applicom.c:418 ac_write() warn: potential spectre issue 'apbs' [r]
drivers/char/applicom.c:728 ac_ioctl() warn: potential spectre issue 'apbs' [r] (local cap)
Fix this by sanitizing IndexCard before using it to index apbs.
Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].
[1] https://lore.kernel.org/lkml/20180423164740.GY17484@dhcp22.suse.cz/
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlx2U0AACgkQONu9yGCS
aT6W1g//fNWwDub0IGC1rDim+yd40rvgSXz7JkZLi+vog90ucwmogIbK9BOMqZcn
y1Sz6M43EpUOxP039tbVVah+ay6nN6v/Y/PZXLtBHjk6OqRfaY6RNvmsdrej8Trj
cgVmsh9gohGLy3hcNz0hIcNrnOL4vAUvp2el56kOlkAZo1iascsuDKXFynlGsx9r
d/RhNr5MnjdDCjOTTdVaoSnLCdmeFZSKvnPrvHYqYlLzJ5/SeGMqRK5i+SYkveHG
OVL/OpadIwxTnCdwJLeYafSj4AL0nnhjDN9rTvrU4FWL6GKjCESBMaaMJA+e/Na7
l/PdytwJlHzr7PZYDvKZo3Rxq0R3+seUr1JxaUsBEJSuqNStEFG1RGwvm2JYW6M5
8NhFYDjHAtkZlTFUxEioku4Dy1UyvgaCHKMdUTUXMm3EMx8GKkeg0JBZwQqSvR4m
xxCx1clekmGf9linQ2tg6iZQaH9r64sLER/kH3fqrhiMR2e70/C1tjLejochNsl7
pmrMtrmgq7r5UdBiGeROGuSV4iB9mLW+DpbmBmkS1aBBDz9l//AW2EXb5dbedPjQ
HyMrZKyaDLxXcK0TF4s2qJI6+nzV6j9OAL9js8Ra+/AZO0ZGc19C4H2BJRh8yjcv
r3RILeRySERFgyVS6SAmHdp4XDiN0FfZE8AFIMqf9PjSzAWTyj4=
=LpSD
-----END PGP SIGNATURE-----
Merge 4.9.161 into android-4.9
Changes in 4.9.161
mac80211: Free mpath object when rhashtable insertion fails
libceph: handle an empty authorize reply
ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
proc, oom: do not report alien mms when setting oom_score_adj
KEYS: allow reaching the keys quotas exactly
mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
mfd: twl-core: Fix section annotations on {,un}protect_pm_master
mfd: db8500-prcmu: Fix some section annotations
mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported
mfd: ab8500-core: Return zero in get_register_interruptible()
mfd: qcom_rpm: write fw_version to CTRL_REG
mfd: wm5110: Add missing ASRC rate register
mfd: mc13xxx: Fix a missing check of a register-read failure
qed: Fix qed_ll2_post_rx_buffer_notify_fw() by adding a write memory barrier
net: hns: Fix use after free identified by SLUB debug
MIPS: ath79: Enable OF serial ports in the default config
scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
scsi: isci: initialize shost fully before calling scsi_add_host()
MIPS: jazz: fix 64bit build
net: stmmac: Fix PCI module removal leak
isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
atm: he: fix sign-extension overflow on large shift
leds: lp5523: fix a missing check of return value of lp55xx_read
mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky
net/mlx5e: Fix wrong (zero) TX drop counter indication for representor
isdn: avm: Fix string plus integer warning from Clang
net: ethernet: stmmac: change dma descriptors to __le32
RDMA/srp: Rework SCSI device reset handling
KEYS: user: Align the payload buffer
KEYS: always initialize keyring_index_key::desc_len
batman-adv: fix uninit-value in batadv_interface_tx()
net/packet: fix 4gb buffer limit due to overflow check
team: avoid complex list operations in team_nl_cmd_options_set()
sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment
net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
parisc: Fix ptrace syscall number modification
ARCv2: Enable unaligned access in early ASM code
ARC: U-boot: check arguments paranoidly
ARC: define ARCH_SLAB_MINALIGN = 8
hpet: Make cmd parameter of hpet_ioctl_common() unsigned
clocksource: Use GENMASK_ULL in definition of CLOCKSOURCE_MASK
netpoll: Fix device name check in netpoll_setup()
tracing: Use cpumask_available() to check if cpumask variable may be used
x86/boot: Disable the address-of-packed-member compiler warning
drm/i915: Consistently use enum pipe for PCH transcoders
drm/i915: Fix enum pipe vs. enum transcoder for the PCH transcoder
kbuild: move cc-option and cc-disable-warning after incl. arch Makefile
kbuild: clang: fix build failures with sparse check
kbuild: clang: remove crufty HOSTCFLAGS
kbuild: clang: disable unused variable warnings only when constant
kbuild: set no-integrated-as before incl. arch Makefile
kbuild: add -no-integrated-as Clang option unconditionally
irqchip/gic-v3: Convert arm64 GIC accessors to {read,write}_sysreg_s
mm/zsmalloc.c: change stat type parameter to int
mm/zsmalloc.c: fix -Wunneeded-internal-declaration warning
Revert "bridge: do not add port to router list when receives query with source 0.0.0.0"
netfilter: nf_tables: fix flush after rule deletion in the same batch
pinctrl: max77620: Use define directive for max77620_pinconf_param values
phy: tegra: remove redundant self assignment of 'map'
sched/sysctl: Fix attributes of some extern declarations
kbuild: consolidate Clang compiler flags
Linux 4.9.161
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Andi Kleen
Michal Hocko
FAROVITUS
Greg Kroah-Hartman
Jason A. Donenfeld
Corey Minyard
Zhenzhong Duan
Tony Lindgren
Arnd Bergmann
Lionel Debieve
Michael S. Tsirkin
Laurent Vivier
Tetsuo Handa
David Howells
Kefeng Wang
Pankaj Gupta
Kamlakant Patel
Jarkko Sakkinen
Greg Kroah-Hartman
Buland Singh
David Tolnay
Sandeep Patil
Gustavo A. R. Silva