Conflicts:
arch/arm64/kernel/smp.c
drivers/scsi/sd.c Skipped, it's a fix for a commit we didn't apply during upstream as it caused a regression in performance.
[ Upstream commit 0dcdf9f64028ec3b75db6b691560f8286f3898bf ]
The nci_conn_max_data_pkt_payload_size() function sometimes returns
-EPROTO so "max_size" needs to be signed for the error handling to
work. We can make "payload_size" an int as well.
Fixes: a06347c04c ("NFC: Add Intel Fields Peak NFC solution driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Conflicts:
drivers/scsi/ufs/ufshcd.c Checked out ' 39f4ec1ef6 ', similar fix was found in source
drivers/staging/android/ashmem.c
drivers/usb/gadget/function/u_serial.c
fs/ext4/ext4.h
security/selinux/avc.c
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl5oitoACgkQONu9yGCS
aT617Q/8Dk8BDWkAeGzyxkdSmSwHbF/fRsF14iCXZdH4896J4Lpti6ku5XvTfzqq
8gQqjo36FP5/8gohuc5vwZCPnUzEw6MAzF5jR/T6uNny5wsS1I/TP9SsggEhUF5Z
e6qg6OyRKOyfT0Q46bZMslJRQzqyZikVIr0IflP20emIBo2okAg1N+fHdhhpeqKk
3+dagpksRwCtaWGROO9jV9rcuvFR9WbR3UuuJr+MLRbF2Hp2MBK6VWq3qhbLEhd9
E23rlpZ/qJGiTtUbMzw5DqRCnqYlz2Gf02mltjKPOhnzEl1NmLCP29qygkluUI/Q
a7a3lw+XLlhd1adXS+xg3jv9Nkl3gjCgS7VPqVJEdzaTFh/TvEaC4jJxLXlyATEr
t6C3y6pa2eHK/Qj5jfDzV/nIJI5z0AcRgMW/0Hkyb8effxad4DaxSdQ8SQmpLaDd
wNwKAEhxFeAjJXoQOdrKiSGrPe8/h4pq3UNFajA9YvB8hxjN2TS/5X4Fh//uLtB9
VEzKw8d2XlutIDqpF6QRrQZZZ88dDHPALpcAEIVDbBWT1gjSGPOWCVZtybIlbgw5
9shE/kQRUMChEf4LAuWtjhx3TOHUa3faaRIIvCGW2TPPdXfkHgto8G79M7IOfxAf
tygDixkP2tDPJju0VRbcOp+Z+f7yOZbxXgV63aXQPj8h0nWJJpA=
=KwBy
-----END PGP SIGNATURE-----
Merge 4.9.216 into android-4.9-q
Changes in 4.9.216
iwlwifi: pcie: fix rb_allocator workqueue allocation
ext4: fix potential race between online resizing and write operations
ext4: fix potential race between s_flex_groups online resizing and access
ext4: fix potential race between s_group_info online resizing and access
ipmi:ssif: Handle a possible NULL pointer reference
drm/msm: Set dma maximum segment size for mdss
mac80211: consider more elements in parsing CRC
cfg80211: check wiphy driver existence for drvinfo report
qmi_wwan: re-add DW5821e pre-production variant
net: ena: fix potential crash when rxfh key is NULL
net: ena: add missing ethtool TX timestamping indication
net: ena: fix incorrect default RSS key
net: ena: rss: fix failure to get indirection table
net: ena: rss: store hash function as values and not bits
net: ena: fix incorrectly saving queue numbers when setting RSS indirection table
net: ena: ena-com.c: prevent NULL pointer dereference
cifs: Fix mode output in debugging statements
cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
sysrq: Restore original console_loglevel when sysrq disabled
sysrq: Remove duplicated sysrq message
net: fib_rules: Correctly set table field when table number exceeds 8 bits
net: phy: restore mdio regs in the iproc mdio driver
ipv6: Fix nlmsg_flags when splitting a multipath route
ipv6: Fix route replacement with dev-only route
sctp: move the format error check out of __sctp_sf_do_9_1_abort
nfc: pn544: Fix occasional HW initialization failure
net: sched: correct flower port blocking
ext4: potential crash on allocation error in ext4_alloc_flex_bg_array()
audit: fix error handling in audit_data_to_entry()
ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro
ACPI: watchdog: Fix gas->access_width usage
HID: core: fix off-by-one memset in hid_report_raw_event()
HID: core: increase HID report buffer size to 8KiB
HID: hiddev: Fix race in in hiddev_disconnect()
MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()'
i2c: jz4780: silence log flood on txabrt
ecryptfs: Fix up bad backport of fe2e082f5da5b4a0a92ae32978f81507ef37ec66
serial: 8250: Check UPF_IRQ_SHARED in advance
include/linux/bitops.h: introduce BITS_PER_TYPE
net: netlink: cap max groups which will be considered in netlink_bind()
net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE
namei: only return -ECHILD from follow_dotdot_rcu()
KVM: Check for a bad hva before dropping into the ghc slow path
slip: stop double free sl->dev in slip_open
tuntap: correctly set SOCKWQ_ASYNC_NOSPACE
drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()'
perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc
mm/huge_memory.c: use head to check huge zero page
audit: always check the netlink payload length in audit_receive_msg()
vhost: Check docket sk_family instead of call getname
serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE
usb: gadget: composite: Support more than 500mA MaxPower
usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags
usb: gadget: serial: fix Tx stall after buffer overflow
drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI
drm/msm/dsi: save pll state before dsi host is powered off
net: ks8851-ml: Remove 8-bit bus accessors
net: ks8851-ml: Fix 16-bit data access
net: ks8851-ml: Fix 16-bit IO operation
watchdog: da9062: do not ping the hw during stop()
s390/cio: cio_ignore_proc_seq_next should increase position index
cifs: don't leak -EAGAIN for stat() during reconnect
usb: storage: Add quirk for Samsung Fit flash
usb: quirks: add NO_LPM quirk for Logitech Screen Share
usb: core: hub: do error out if usb_autopm_get_interface() fails
usb: core: port: do error out if usb_autopm_get_interface() fails
vgacon: Fix a UAF in vgacon_invert_region
fat: fix uninit-memory access for partial initialized inode
tty:serial:mvebu-uart:fix a wrong return
vt: selection, close sel_buffer race
vt: selection, push console lock down
vt: selection, push sel_lock up
x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes
dmaengine: tegra-apb: Fix use-after-free
dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list
ARM: dts: ls1021a: Restore MDIO compatible to gianfar
ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output
ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path
ASoC: dapm: Correct DAPM handling of active widgets during shutdown
RDMA/iwcm: Fix iwcm work deallocation
RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
ARM: imx: build v7_cpu_resume() unconditionally
hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT()
dmaengine: coh901318: Fix a double lock bug in dma_tc_handle()
powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems
dm cache: fix a crash due to incorrect work item cancelling
crypto: algif_skcipher - use ZERO_OR_NULL_PTR in skcipher_recvmsg_async
Linux 4.9.216
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id92ae78607b020bf7f2af83481404628e694c230
[ Upstream commit c3331d2fe3fd4d5e321f2467d01f72de7edfb5d0 ]
The PN544 driver checks the "enable" polarity during of driver's probe and
it's doing that by turning ON and OFF NFC with different polarities until
enabling succeeds. It takes some time for the hardware to power-down, and
thus, to deassert the IRQ that is raised by turning ON the hardware.
Since the delay after last power-down of the polarity-checking process is
missed in the code, the interrupt may trigger immediately after installing
the IRQ handler (right after the checking is done), which results in IRQ
handler trying to touch the disabled HW and ends with marking NFC as
'DEAD' during of the driver's probe:
pn544_hci_i2c 1-002a: NFC: nfc_en polarity : active high
pn544_hci_i2c 1-002a: NFC: invalid len byte
shdlc: llc_shdlc_recv_frame: NULL Frame -> link is dead
This patch fixes the occasional NFC initialization failure on Nexus 7
device.
Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl5ZJvIACgkQONu9yGCS
aT4YXxAAkGwu5Kr2xdjQVfkG/P/v0DBf1QJ1xxUGlOt0eql0Kl9aiDSOoHDwLBpX
L+nCaXdH5miLR/U3bhV95UW2uR9Ma/Q4hSyWv8ESzMvv3ov8zauCaCjRpIY00+0X
2HjEl50SV1ST5fb8U55JIaYp2kNGXLsrnL2/J7NiYq/gv2+2qAQVup3rnTWk4YMB
Zz3XCoyVw5m1Wn3D5sPe3S6z0TQq5wAqzH2hFgHIkOddIEbD+ZBtWWcWVSuVfBu6
eyJBSNz75SV7eLK6MUVQyfKMIA0rQpidGHPO9R9QspS9wUT/PG4veCGsrvIXOQKG
wD/PbVlvGCI0aj87dbvJjd4N24HEFPM85Kq5KcJdFYwSTgpf9h/R/Y3amZ1EzS1Y
+7IzDWAdw2jqWo7Ys78bBoT2BGAHTkRbj93jTVv8cjow88URHQeakIyFPh2+nQg3
+ky04NGy/eWzNRNwBB6BdpukZZ5WVwcmYq7VhDkHLOvqhH5Q2eom+pUKgLszvZCY
U/Nv2wCQB+gVXEAZ1LNqG8uePBkJXZSwCEAoMTQMAC0riiJSAtS1BZPnr+x2ZdJD
OrN7DsFvTeJLsh/SDg+s9mVvO4YotQ5JcBbmGdbXDjuEIaxpncDIo5MM9y5CE/Ej
hW6n8tNPbIZfkzEDsBMkhHbUoDtKLgdZql7dMmeVWIsRi3UfrVM=
=EsN0
-----END PGP SIGNATURE-----
Merge 4.9.215 into android-4.9-q
Changes in 4.9.215
x86/vdso: Use RDPID in preference to LSL when available
KVM: x86: emulate RDPID
ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs
ecryptfs: fix a memory leak bug in parse_tag_1_packet()
ecryptfs: fix a memory leak bug in ecryptfs_init_messaging()
ALSA: usb-audio: Apply sample rate quirk for Audioengine D1
ext4: don't assume that mmp_nodename/bdevname have NUL
ext4: fix checksum errors with indexed dirs
ext4: improve explanation of a mount failure caused by a misconfigured kernel
Btrfs: fix race between using extent maps and merging them
btrfs: log message when rw remount is attempted with unclean tree-log
perf/x86/amd: Add missing L2 misses event spec to AMD Family 17h's event map
padata: Remove broken queue flushing
s390/time: Fix clk type in get_tod_clock
perf/x86/intel: Fix inaccurate period in context switch for auto-reload
hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions.
jbd2: move the clearing of b_modified flag to the journal_unmap_buffer()
jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer
btrfs: print message when tree-log replay starts
scsi: qla2xxx: fix a potential NULL pointer dereference
Revert "KVM: VMX: Add non-canonical check on writes to RTIT address MSRs"
drm/gma500: Fixup fbdev stolen size usage evaluation
cpu/hotplug, stop_machine: Fix stop_machine vs hotplug order
brcmfmac: Fix use after free in brcmf_sdio_readframes()
gianfar: Fix TX timestamping with a stacked DSA driver
pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs
pxa168fb: Fix the function used to release some memory in an error handling path
media: i2c: mt9v032: fix enum mbus codes and frame sizes
powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number
gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap()
media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run()
pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins
efi/x86: Map the entire EFI vendor string before copying it
MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init()
sparc: Add .exit.data section.
uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()
usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe()
jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal
x86/sysfb: Fix check for bad VRAM size
tracing: Fix tracing_stat return values in error handling paths
tracing: Fix very unlikely race of registering two stat tracers
ext4, jbd2: ensure panic when aborting with zero errno
kconfig: fix broken dependency in randconfig-generated .config
clk: qcom: rcg2: Don't crash if our parent can't be found; return an error
drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table
regulator: rk808: Lower log level on optional GPIOs being not available
net/wan/fsl_ucc_hdlc: reject muram offsets above 64K
PCI/IOV: Fix memory leak in pci_iov_add_virtfn()
NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu().
media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros
reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status
b43legacy: Fix -Wcast-function-type
ipw2x00: Fix -Wcast-function-type
iwlegacy: Fix -Wcast-function-type
rtlwifi: rtl_pci: Fix -Wcast-function-type
orinoco: avoid assertion in case of NULL pointer
ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1
scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
drm/mediatek: handle events when enabling/disabling crtc
ARM: dts: r8a7779: Add device node for ARM global timer
x86/vdso: Provide missing include file
PM / devfreq: rk3399_dmc: Add COMPILE_TEST and HAVE_ARM_SMCCC dependency
pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs
RDMA/rxe: Fix error type of mmap_offset
ALSA: sh: Fix compile warning wrt const
tools lib api fs: Fix gcc9 stringop-truncation compilation error
usbip: Fix unsafe unaligned pointer usage
udf: Fix free space reporting for metadata and virtual partitions
soc/tegra: fuse: Correct straps' address for older Tegra124 device trees
rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls
Input: edt-ft5x06 - work around first register access error
wan: ixp4xx_hss: fix compile-testing on 64-bit
ASoC: atmel: fix build error with CONFIG_SND_ATMEL_SOC_DMA=m
tty: synclinkmp: Adjust indentation in several functions
tty: synclink_gt: Adjust indentation in several functions
driver core: platform: Prevent resouce overflow from causing infinite loops
driver core: Print device when resources present in really_probe()
vme: bridges: reduce stack usage
drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw
drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler
drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add
usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue
iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE
scsi: iscsi: Don't destroy session if there are outstanding connections
arm64: fix alternatives with LLVM's integrated assembler
pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional
cmd64x: potential buffer overflow in cmd64x_program_timings()
ide: serverworks: potential overflow in svwks_set_pio_mode()
remoteproc: Initialize rproc_class before use
x86/decoder: Add TEST opcode to Group3-2
s390/ftrace: generate traced function stack frame
driver core: platform: fix u32 greater or equal to zero comparison
ALSA: hda - Add docking station support for Lenovo Thinkpad T420s
powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record
ARM: 8951/1: Fix Kexec compilation issue.
hostap: Adjust indentation in prism2_hostapd_add_sta
iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop
cifs: fix NULL dereference in match_prepath
irqchip/gic-v3: Only provision redistributors that are enabled in ACPI
drm/nouveau/disp/nv50-: prevent oops when no channel method map provided
ftrace: fpid_next() should increase position index
trigger_next should increase position index
radeon: insert 10ms sleep in dce5_crtc_load_lut
ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans()
lib/scatterlist.c: adjust indentation in __sg_alloc_table
reiserfs: prevent NULL pointer dereference in reiserfs_insert_item()
bcache: explicity type cast in bset_bkey_last()
irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building INVALL
iwlwifi: mvm: Fix thermal zone registration
microblaze: Prevent the overflow of the start
brd: check and limit max_part par
help_next should increase position index
selinux: ensure we cleanup the internal AVC counters on error in avc_update()
enic: prevent waking up stopped tx queues over watchdog reset
net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS
net/sched: flower: add missing validation of TCA_FLOWER_FLAGS
floppy: check FDC index for errors before assigning it
vt: selection, handle pending signals in paste_selection
staging: android: ashmem: Disallow ashmem memory from being remapped
staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi.
xhci: Force Maximum Packet size for Full-speed bulk devices to valid range.
usb: uas: fix a plug & unplug racing
USB: Fix novation SourceControl XL after suspend
USB: hub: Don't record a connect-change event during reset-resume
staging: rtl8188eu: Fix potential security hole
staging: rtl8188eu: Fix potential overuse of kernel memory
x86/mce/amd: Publish the bank pointer only after setup has succeeded
x86/mce/amd: Fix kobject lifetime
tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode
tty: serial: imx: setup the correct sg entry for tx dma
Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()"
xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms
KVM: x86: don't notify userspace IOAPIC on edge-triggered interrupt EOI
VT_RESIZEX: get rid of field-by-field copyin
vt: vt_ioctl: fix race in VT_RESIZEX
lib/stackdepot.c: fix global out-of-bounds in stack_slabs
KVM: nVMX: Don't emulate instructions in guest mode
netfilter: xt_bpf: add overflow checks
ext4: fix a data race in EXT4_I(inode)->i_disksize
ext4: add cond_resched() to __ext4_find_entry()
ext4: fix mount failure with quota configured as module
ext4: rename s_journal_flag_rwsem to s_writepages_rwsem
ext4: fix race between writepages and enabling EXT4_EXTENTS_FL
KVM: nVMX: Refactor IO bitmap checks into helper function
KVM: nVMX: Check IO instruction VM-exit conditions
KVM: apic: avoid calculating pending eoi from an uninitialized val
Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents
scsi: Revert "RDMA/isert: Fix a recently introduced regression related to logout"
scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session"
usb: gadget: composite: Fix bMaxPower for SuperSpeedPlus
staging: greybus: use after free in gb_audio_manager_remove_all()
ecryptfs: replace BUG_ON with error handling code
ALSA: rawmidi: Avoid bit fields for state flags
ALSA: seq: Avoid concurrent access to queue flags
ALSA: seq: Fix concurrent access to queue current tick/time
netfilter: xt_hashlimit: limit the max size of hashtable
ata: ahci: Add shutdown to freeze hardware resources of ahci
xen: Enable interrupts when calling _cond_resched()
s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in storage_key_init_range
Linux 4.9.215
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4c663321dde48cd2a324e59acb70c99f75f9344e
[ Upstream commit 718eae277e62a26e5862eb72a830b5e0fe37b04a ]
Convert cpu_to_le16(le16_to_cpu(frame->datalen) + len) to
use le16_add_cpu(), which is more concise and does the same thing.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Mao Wenan <maowenan@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl5HEZ4ACgkQONu9yGCS
aT4BIg//Qh5esijh/lrHElNJKX6MH+G2DhAwXkwKox8XSrdUYn7+W/HZDJ4ZE/sJ
B36mteRsIvgn4MqIBqp0lLP8rgEUBakW2lifhIZcZUHxrr8inPcltxpXkPjpgh3M
GSiDIznZKuNK4wvCGvN7UmeAubHfU0ww0hdgq7uH0tH2zoN1LHyWiSJwywl3qOF3
e9U7HPmLn9YNdEHcRLy2CKL7T5qHZMjhSpIKZ3aZOhIX43XhdUVrUeN48Y1aMQME
eh0/iMwViaUEEVP7AmkdgTEo6qsYLbEOQNZL/s00xFLPm6UtK0iK7vEn/uFXZXht
lpkjzKSmSq91qUfx9EMl4Y8MTm8JKosGsswmuDlOmYRb1StunJ7HDZwH9b8gQQbB
xsAz8ip63dPkmRPSHfFgt65BryyQU/wYZO8PvFQqKzLE2hdKP4MYHGFHFJdCCJ7+
v/2n7J8KrCA19KLcOcz0uSDm73her9eVHGL0ID7wonpvHPDYCEcQgl5oJqokhvCt
vHd0Jckfyl/s/hJ1FTT1uVbKuzxx0GgZmI/M/CiAbS0vBZYLTd4FeTkK5EShH6mc
gEo61XkxMwqNyjIrzRBBZ1aPbU0JLXJe+WPfb8GYFgl7mvOtAQBWyuYqnDam/bBa
kxLEzLNBWxle8bJ2i+MaL2/njbk2tuqGNU2fmC1FNMFdNBcF7LU=
=jTK9
-----END PGP SIGNATURE-----
Merge 4.9.214 into android-4.9-q
Changes in 4.9.214
media: iguanair: fix endpoint sanity check
x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
sparc32: fix struct ipc64_perm type definition
ASoC: qcom: Fix of-node refcount unbalance to link->codec_of_node
cls_rsvp: fix rsvp_policy
gtp: use __GFP_NOWARN to avoid memalloc warning
net: hsr: fix possible NULL deref in hsr_handle_frame()
net_sched: fix an OOB access in cls_tcindex
rxrpc: Fix insufficient receive notification generation
rxrpc: Fix NULL pointer deref due to call->conn being cleared on disconnect
tcp: clear tp->total_retrans in tcp_disconnect()
tcp: clear tp->delivered in tcp_disconnect()
tcp: clear tp->data_segs{in|out} in tcp_disconnect()
tcp: clear tp->segs_{in|out} in tcp_disconnect()
media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
mfd: dln2: More sanity checking for endpoints
brcmfmac: Fix memory leak in brcmf_usbdev_qinit
usb: gadget: legacy: set max_speed to super-speed
usb: gadget: f_ncm: Use atomic_t to track in-flight request
usb: gadget: f_ecm: Use atomic_t to track in-flight request
ALSA: dummy: Fix PCM format loop in proc output
media/v4l2-core: set pages dirty upon releasing DMA buffers
media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments
lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more()
powerpc/pseries: Advance pfn if section is not present in lmb_is_removable()
mmc: spi: Toggle SPI polarity, do not hardcode it
PCI: keystone: Fix link training retries initiation
ubifs: Change gfp flags in page allocation for bulk read
ubifs: Fix deadlock in concurrent bulk-read and writepage
crypto: api - Check spawn->alg under lock in crypto_drop_spawn
scsi: qla2xxx: Fix mtcp dump collection failure
power: supply: ltc2941-battery-gauge: fix use-after-free
of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc
dm space map common: fix to ensure new block isn't already in use
crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
crypto: atmel-aes - Fix counter overflow in CTR mode
crypto: api - Fix race condition in crypto_spawn_alg
crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill
btrfs: set trans->drity in btrfs_commit_transaction
ARM: tegra: Enable PLLP bypass during Tegra124 LP1
mwifiex: fix unbalanced locking in mwifiex_process_country_ie()
sunrpc: expiry_time should be seconds not timeval
KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks
KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks
KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks
KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c
KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks
KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails
KVM: PPC: Book3S PR: Free shared page if mmu initialization fails
KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
clk: tegra: Mark fuse clock as critical
scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type
scsi: csiostor: Adjust indentation in csio_device_reset
scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free
ext2: Adjust indentation in ext2_fill_super
powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize
NFC: pn544: Adjust indentation in pn544_hci_check_presence
ppp: Adjust indentation into ppp_async_input
net: smc911x: Adjust indentation in smc911x_phy_configure
net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
IB/mlx5: Fix outstanding_pi index for GSI qps
nfsd: fix delay timer on 32-bit architectures
nfsd: fix jiffies/time_t mixup in LRU list
ubi: fastmap: Fix inverted logic in seen selfcheck
ubi: Fix an error pointer dereference in error handling code
mfd: da9062: Fix watchdog compatible string
mfd: rn5t618: Mark ADC control register volatile
net: systemport: Avoid RBUF stuck in Wake-on-LAN mode
bonding/alb: properly access headers in bond_alb_xmit()
NFS: switch back to to ->iterate()
NFS: Fix memory leaks and corruption in readdir
NFS: Fix bool initialization/comparison
NFS: Directory page cache pages need to be locked when read
ext4: fix deadlock allocating crypto bounce page from mempool
Btrfs: fix assertion failure on fsync with NO_HOLES enabled
btrfs: use bool argument in free_root_pointers()
btrfs: remove trivial locking wrappers of tree mod log
Btrfs: fix race between adding and putting tree mod seq elements and nodes
drm: atmel-hlcdc: enable clock before configuring timing engine
KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks
btrfs: flush write bio if we loop in extent_write_cache_pages
KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM
KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
KVM: nVMX: vmread should not set rflags to specify success in case of #PF
cifs: fail i/o on soft mounts if sessionsetup errors out
clocksource: Prevent double add_timer_on() for watchdog_timer
perf/core: Fix mlock accounting in perf_mmap()
rxrpc: Fix service call disconnection
ASoC: pcm: update FE/BE trigger order based on the command
RDMA/netlink: Do not always generate an ACK for some netlink operations
scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails
PCI: Don't disable bridge BARs when assigning bus resources
nfs: NFS_SWAP should depend on SWAP
NFSv4: try lease recovery on NFS4ERR_EXPIRED
rtc: hym8563: Return -EINVAL if the time is known to be invalid
rtc: cmos: Stop using shared IRQ
ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node
ARM: dts: at91: sama5d3: fix maximum peripheral clock rates
ARM: dts: at91: sama5d3: define clock rate range for tcb1
tools/power/acpi: fix compilation error
powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW
pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B
scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state
dm: fix potential for q->make_request_fn NULL pointer
mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held
libertas: make lbs_ibss_join_existing() return error code on rates overflow
Linux 4.9.214
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ieac421e286126a690fd2c206ea7b4dde45e4a475
commit 5080832627b65e3772a35d1dced68c64e2b24442 upstream.
Clang warns
../drivers/nfc/pn544/pn544.c:696:4: warning: misleading indentation;
statement is not part of the previous 'if' [-Wmisleading-indentation]
return nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
^
../drivers/nfc/pn544/pn544.c:692:3: note: previous statement is here
if (target->nfcid1_len != 4 && target->nfcid1_len != 7 &&
^
1 warning generated.
This warning occurs because there is a space after the tab on this line.
Remove it so that the indentation is consistent with the Linux kernel
coding style and clang no longer warns.
Fixes: da052850b9 ("NFC: Add pn544 presence check for different targets")
Link: https://github.com/ClangBuiltLinux/linux/issues/814
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl396QsACgkQONu9yGCS
aT63DA//V6C58MC6I6ISv/2zcGrWOzfP4q1et4lu1eBPgUTzbnB7gdnwH2V6l3QU
Kt9V4GUI6GFsVmRGsEJZjg4kvA1HDjx6sbs3odHuvDnhGFrHstnxKOJiuZeQU4Ph
wxDEQghyeYod+2VDKNWw3gxjBgjP95eAvZMmhnQ13dwY20HZgGjoUMHBKpKpwOly
ZwV0YWsW9Zko8bTmuyrqXUG8ChSWZCWMuNKNpUDIjVj/NPcAyEAr9wkYOGf8UnGq
rK/owI0Y02qZJS9ZGxv4IDNjW7yjIGQzSYWUrY8ajSQzFqHErWSQ7tGwJ8fb5EBM
0zH2GGp8XLXXOCMMrg8nsTlNaj+wg7a5C0Vx0VtijYyIQCE39M91rltO+oVBWdjR
jCUbp//2v7XFN+eQSvwuWHrUyOmGGj9C0mDGoMC4rSHES4jYS4b4wHzn9CK8Iqy2
izvNjz93TrNj+YLLUlf6tTSUfWYuGSFNyahbhjFL7MPBp2RUJM1f5uzhBj2sQqwN
olCUvsNSZRWkR5/f15/kdEyPAhYt0i66aV3JNpEaRHZDqpUXAMTRv+AgtEPBNA5r
mORdDq9Zw+m+BGYSiuotArINRY8PSn1tP8tnhNjGE0RwnAx+S0Fs6+0AyHhEY+wQ
OBpNfRTaJep9L1Yl4Hj4ZDU6Lr5xqWLoplV2X9OIUzLleAY44+M=
=Gqb9
-----END PGP SIGNATURE-----
Merge 4.9.207 into android-4.9-q
Changes in 4.9.207
arm64: tegra: Fix 'active-low' warning for Jetson TX1 regulator
usb: gadget: u_serial: add missing port entry locking
tty: serial: fsl_lpuart: use the sg count from dma_map_sg
tty: serial: msm_serial: Fix flow control
serial: pl011: Fix DMA ->flush_buffer()
serial: serial_core: Perform NULL checks for break_ctl ops
serial: ifx6x60: add missed pm_runtime_disable
autofs: fix a leak in autofs_expire_indirect()
RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN
exportfs_decode_fh(): negative pinned may become positive without the parent locked
audit_get_nd(): don't unlock parent too early
NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error
Input: cyttsp4_core - fix use after free bug
ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed()
rsxx: add missed destroy_workqueue calls in remove
net: ep93xx_eth: fix mismatch of request_mem_region in remove
serial: core: Allow processing sysrq at port unlock time
cxgb4vf: fix memleak in mac_hlist initialization
iwlwifi: mvm: Send non offchannel traffic via AP sta
ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+
net/mlx5: Release resource on error flow
extcon: max8997: Fix lack of path setting in USB device mode
clk: rockchip: fix rk3188 sclk_smc gate data
clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering
ARM: dts: rockchip: Fix rk3288-rock2 vcc_flash name
dlm: fix missing idr_destroy for recover_idr
MIPS: SiByte: Enable ZONE_DMA32 for LittleSur
scsi: zfcp: drop default switch case which might paper over missing case
pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues
Staging: iio: adt7316: Fix i2c data reading, set the data field
regulator: Fix return value of _set_load() stub
MIPS: OCTEON: octeon-platform: fix typing
math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning
rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()'
rtc: dt-binding: abx80x: fix resistance scale
ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module
media: pulse8-cec: return 0 when invalidating the logical address
dmaengine: coh901318: Fix a double-lock bug
dmaengine: coh901318: Remove unused variable
usb: dwc3: don't log probe deferrals; but do log other error codes
ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion()
dma-mapping: fix return type of dma_set_max_seg_size()
altera-stapl: check for a null key before strcasecmp'ing it
serial: imx: fix error handling in console_setup
i2c: imx: don't print error message on probe defer
dlm: NULL check before kmem_cache_destroy is not needed
ARM: debug: enable UART1 for socfpga Cyclone5
nfsd: fix a warning in __cld_pipe_upcall()
ARM: OMAP1/2: fix SoC name printing
net/x25: fix called/calling length calculation in x25_parse_address_block
net/x25: fix null_x25_address handling
ARM: dts: mmp2: fix the gpio interrupt cell number
ARM: dts: realview-pbx: Fix duplicate regulator nodes
tcp: fix off-by-one bug on aborting window-probing socket
tcp: fix SNMP TCP timeout under-estimation
modpost: skip ELF local symbols during section mismatch check
kbuild: fix single target build for external module
mtd: fix mtd_oobavail() incoherent returned value
ARM: dts: pxa: clean up USB controller nodes
clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent
ARM: dts: realview: Fix some more duplicate regulator nodes
dlm: fix invalid cluster name warning
net/mlx4_core: Fix return codes of unsupported operations
powerpc/math-emu: Update macros from GCC
MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition
nfsd: Return EPERM, not EACCES, in some SETATTR cases
tty: Don't block on IO when ldisc change is pending
media: stkwebcam: Bugfix for wrong return values
mlx4: Use snprintf instead of complicated strcpy
ARM: dts: sunxi: Fix PMU compatible strings
sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision
fuse: verify nlink
fuse: verify attributes
ALSA: pcm: oss: Avoid potential buffer overflows
Input: goodix - add upside-down quirk for Teclast X89 tablet
coresight: etm4x: Fix input validation for sysfs.
x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect
CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
CIFS: Fix SMB2 oplock break processing
tty: vt: keyboard: reject invalid keycodes
can: slcan: Fix use-after-free Read in slcan_open
jbd2: Fix possible overflow in jbd2_log_space_left()
drm/i810: Prevent underflow in ioctl
KVM: x86: do not modify masked bits of shared MSRs
KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES
crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr
crypto: ccp - fix uninitialized list head
crypto: ecdh - fix big endian bug in ECC library
crypto: user - fix memory leak in crypto_report
spi: atmel: Fix CS high support
RDMA/qib: Validate ->show()/store() callbacks before calling them
thermal: Fix deadlock in thermal thermal_zone_device_check
KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
appletalk: Fix potential NULL pointer dereference in unregister_snap_client
appletalk: Set error code if register_snap_client failed
usb: gadget: configfs: Fix missing spin_lock_init()
USB: uas: honor flag to avoid CAPACITY16
USB: uas: heed CAPACITY_HEURISTICS
usb: Allow USB device to be warm reset in suspended state
staging: rtl8188eu: fix interface sanity check
staging: rtl8712: fix interface sanity check
staging: gigaset: fix general protection fault on probe
staging: gigaset: fix illegal free on probe errors
staging: gigaset: add endpoint-type sanity check
xhci: Increase STS_HALT timeout in xhci_suspend()
ARM: dts: pandora-common: define wl1251 as child node of mmc3
iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting
USB: atm: ueagle-atm: add missing endpoint check
USB: idmouse: fix interface sanity checks
USB: serial: io_edgeport: fix epic endpoint lookup
USB: adutux: fix interface sanity check
usb: core: urb: fix URB structure initialization function
usb: mon: Fix a deadlock in usbmon between mmap and read
mtd: spear_smi: Fix Write Burst mode
virtio-balloon: fix managed page counts when migrating pages between zones
btrfs: check page->mapping when loading free space cache
btrfs: Remove btrfs_bio::flags member
Btrfs: send, skip backreference walking for extents with many references
btrfs: record all roots for rename exchange on a subvol
rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address
rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer
rtlwifi: rtl8192de: Fix missing enable interrupt flag
lib: raid6: fix awk build warnings
ALSA: hda - Fix pending unsol events at shutdown
workqueue: Fix spurious sanity check failures in destroy_workqueue()
workqueue: Fix pwq ref leak in rescuer_thread()
ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report
blk-mq: avoid sysfs buffer overflow with too many CPU cores
cgroup: pids: use atomic64_t for pids->limit
ar5523: check NULL before memcpy() in ar5523_cmd()
media: bdisp: fix memleak on release
media: radio: wl1273: fix interrupt masking on release
cpuidle: Do not unset the driver if it is there already
PM / devfreq: Lock devfreq in trans_stat_show
ACPI: OSL: only free map once in osl.c
ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data()
ACPI: PM: Avoid attaching ACPI PM domain to certain devices
pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init
pinctrl: samsung: Fix device node refcount leaks in init code
mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card
ppdev: fix PPGETTIME/PPSETTIME ioctls
powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB
video/hdmi: Fix AVI bar unpack
quota: Check that quota is not dirty before release
ext2: check err when partial != NULL
quota: fix livelock in dquot_writeback_dquots
scsi: zfcp: trace channel log even for FCP command responses
usb: xhci: only set D3hot for pci device
xhci: Fix memory leak in xhci_add_in_port()
xhci: make sure interrupts are restored to correct state
iio: adis16480: Add debugfs_reg_access entry
Btrfs: fix negative subv_writers counter and data space leak after buffered write
omap: pdata-quirks: remove openpandora quirks for mmc3 and wl1251
scsi: lpfc: Cap NPIV vports to 256
e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait
x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models
x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk
ath10k: fix fw crash by moving chip reset after napi disabled
ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity
pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init
scsi: qla2xxx: Fix DMA unmap leak
scsi: qla2xxx: Fix session lookup in qlt_abort_work()
scsi: qla2xxx: Fix qla24xx_process_bidir_cmd()
scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value
powerpc: Fix vDSO clock_getres()
reiserfs: fix extended attributes on the root directory
firmware: qcom: scm: Ensure 'a0' status code is treated as signed
mm/shmem.c: cast the type of unmap_start to u64
ext4: fix a bug in ext4_wait_for_tail_page_commit
blk-mq: make sure that line break can be printed
workqueue: Fix missing kfree(rescuer) in destroy_workqueue()
sunrpc: fix crash when cache_head become valid before update
net/mlx5e: Fix SFF 8472 eeprom length
kernel/module.c: wakeup processes in module_wq on module unload
nvme: host: core: fix precedence of ternary operator
net: bridge: deny dev_set_mac_address() when unregistering
net: ethernet: ti: cpsw: fix extra rx interrupt
openvswitch: support asymmetric conntrack
tcp: md5: fix potential overestimation of TCP option space
tipc: fix ordering of tipc module init and exit routine
inet: protect against too small mtu values.
tcp: fix rejected syncookies due to stale timestamps
tcp: tighten acceptance of ACKs not matching a child socket
tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
Revert "regulator: Defer init completion for a while after late_initcall"
PCI: Fix Intel ACS quirk UPDCR register address
PCI/MSI: Fix incorrect MSI-X masking on resume
xtensa: fix TLB sanity checker
CIFS: Respect O_SYNC and O_DIRECT flags during reconnect
ARM: dts: s3c64xx: Fix init order of clock providers
ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume()
vfio/pci: call irq_bypass_unregister_producer() before freeing irq
dma-buf: Fix memory leak in sync_file_merge()
dm btree: increase rebalance threshold in __rebalance2()
scsi: iscsi: Fix a potential deadlock in the timeout handler
drm/radeon: fix r1xx/r2xx register checker for POT textures
xhci: fix USB3 device initiated resume race with roothub autosuspend
net: stmmac: use correct DMA buffer size in the RX descriptor
net: stmmac: don't stop NAPI processing when dropping a packet
Linux 4.9.207
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit a71a29f50de1ef97ab55c151a1598eb12dde379d ]
I2C communication errors (-EREMOTEIO) during the IRQ handler of nxp-nci
result in a NULL pointer dereference at the moment:
BUG: kernel NULL pointer dereference, address: 0000000000000000
Oops: 0002 [#1] PREEMPT SMP NOPTI
CPU: 1 PID: 355 Comm: irq/137-nxp-nci Not tainted 5.4.0-rc6 #1
RIP: 0010:skb_queue_tail+0x25/0x50
Call Trace:
nci_recv_frame+0x36/0x90 [nci]
nxp_nci_i2c_irq_thread_fn+0xd1/0x285 [nxp_nci_i2c]
? preempt_count_add+0x68/0xa0
? irq_forced_thread_fn+0x80/0x80
irq_thread_fn+0x20/0x60
irq_thread+0xee/0x180
? wake_threads_waitq+0x30/0x30
kthread+0xfb/0x130
? irq_thread_check_affinity+0xd0/0xd0
? kthread_park+0x90/0x90
ret_from_fork+0x1f/0x40
Afterward the kernel must be rebooted to work properly again.
This happens because it attempts to call nci_recv_frame() with skb == NULL.
However, unlike nxp_nci_fw_recv_frame(), nci_recv_frame() does not have any
NULL checks for skb, causing the NULL pointer dereference.
Change the code to call only nxp_nci_fw_recv_frame() in case of an error.
Make sure to log it so it is obvious that a communication error occurred.
The error above then becomes:
nxp-nci_i2c i2c-NXP1001:00: NFC: Read failed with error -121
nci: __nci_request: wait_for_completion_interruptible_timeout failed 0
nxp-nci_i2c i2c-NXP1001:00: NFC: Read failed with error -121
Fixes: 6be88670fc ("NFC: nxp-nci_i2c: Add I2C support to NXP NCI driver")
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3gA+IACgkQONu9yGCS
aT4A1g/9GUv2ZqnuffYjkV/89P+ueu5iG/XvI7EZixVtFNe8/ZV/MDqVw98TiGck
q9ZY4fg1Zn0VmBreSruDGBTa+NJ5RGlkcUqRO9CjeyPN2P3T9haN+JiRNpB2vjgW
xLOF0+JiZ/KZFB4QY39imcX+58BdCvl4I40wv2frP8r/QcM2eXP3f80UAb2bAjTO
mVKm538Btd/bSKbnzShmUree4lqExOZtxvoYjlGEwyJJz+uT2E2/HiE/mAoh4eIz
NtAAo9QH5xDye6dHLxxjM5ks3hyFipbNKzdIKXl/5Z2bF3wcG99M19BpbwoGmfv6
ndNl1Cbvvm1iBLK9+EKhEFpsoZ2emLf53l/cgmTHYAul/ookMwyqxogC9REH7pSL
YQVhoADQ7lqFmO5P09PKILx+P88Xn5FRTO/XcivKcmodKnaiQsxisRbem5LzGoDd
PhNQV/y7pVTwi1Q/FeD0rl3gPVaKLRyWFtEVkn/CI/2Y7CXCy0pLvkjso37REGt7
wNaE5/6yPuW1wQ+Sker767SwDN8C3PFQCNaPYTShEJ52H/g4vYtC5y3AtwVj0Mu8
itAw/vcwoEpY6clsCKq6qmptS8hNrP6bkOi6Ev4wPC/YS0iDnH/r/SGI+T3sEzBL
9FzBMerRJtRj8f2Iq6t2qp3sv4921iCLratrjVS+S5wSbCfYhrc=
=o3eX
-----END PGP SIGNATURE-----
Merge 4.9.204 into android-4.9-q
Changes in 4.9.204
net/mlx4_en: fix mlx4 ethtool -N insertion
net: rtnetlink: prevent underflows in do_setvfinfo()
sfc: Only cancel the PPS workqueue if it exists
net/mlx5e: Fix set vf link state error flow
net/sched: act_pedit: fix WARN() in the traffic path
gpio: max77620: Fixup debounce delays
tools: gpio: Correctly add make dependencies for gpio_utils
Revert "fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()"
mm/ksm.c: don't WARN if page is still mapped in remove_stable_node()
platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ
platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi
mwifiex: Fix NL80211_TX_POWER_LIMITED
ALSA: isight: fix leak of reference to firewire unit in error path of .probe callback
printk: fix integer overflow in setup_log_buf()
gfs2: Fix marking bitmaps non-full
synclink_gt(): fix compat_ioctl()
powerpc: Fix signedness bug in update_flash_db()
powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field
brcmsmac: AP mode: update beacon when TIM changes
ath10k: allocate small size dma memory in ath10k_pci_diag_write_mem
spi: sh-msiof: fix deferred probing
mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail
btrfs: handle error of get_old_root
gsmi: Fix bug in append_to_eventlog sysfs handler
misc: mic: fix a DMA pool free failure
m68k: fix command-line parsing when passed from u-boot
amiflop: clean up on errors during setup
scsi: ips: fix missing break in switch
KVM/x86: Fix invvpid and invept register operand size in 64-bit mode
scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler
scsi: isci: Change sci_controller_start_task's return type to sci_status
scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param
clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk
ASoC: tegra_sgtl5000: fix device_node refcounting
scsi: dc395x: fix dma API usage in srb_done
scsi: dc395x: fix DMA API usage in sg_update_list
net: fix warning in af_unix
net: ena: Fix Kconfig dependency on X86
xfs: fix use-after-free race in xfs_buf_rele
kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad stack
ALSA: i2c/cs8427: Fix int to char conversion
macintosh/windfarm_smu_sat: Fix debug output
USB: misc: appledisplay: fix backlight update_status return code
usbip: tools: fix atoi() on non-null terminated string
SUNRPC: Fix a compile warning for cmpxchg64()
sunrpc: safely reallow resvport min/max inversion
atm: zatm: Fix empty body Clang warnings
s390/perf: Return error when debug_register fails
spi: omap2-mcspi: Set FIFO DMA trigger level to word length
sparc: Fix parport build warnings.
ceph: fix dentry leak in ceph_readdir_prepopulate
rtc: s35390a: Change buf's type to u8 in s35390a_init
f2fs: fix to spread clear_cold_data()
mISDN: Fix type of switch control variable in ctrl_teimanager
qlcnic: fix a return in qlcnic_dcb_get_capability()
net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode
mfd: arizona: Correct calling of runtime_put_sync
mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values
mfd: max8997: Enale irq-wakeup unconditionally
selftests/ftrace: Fix to test kprobe $comm arg only if available
thermal: rcar_thermal: Prevent hardware access during system suspend
powerpc/process: Fix flush_all_to_thread for SPE
sparc64: Rework xchg() definition to avoid warnings.
fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle()
mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock
macsec: update operstate when lower device changes
macsec: let the administrator set UP state even if lowerdev is down
um: Make line/tty semantics use true write IRQ
linux/bitmap.h: handle constant zero-size bitmaps correctly
linux/bitmap.h: fix type of nbits in bitmap_shift_right()
hfsplus: fix BUG on bnode parent update
hfs: fix BUG on bnode parent update
hfsplus: prevent btree data loss on ENOSPC
hfs: prevent btree data loss on ENOSPC
hfsplus: fix return value of hfsplus_get_block()
hfs: fix return value of hfs_get_block()
hfsplus: update timestamps on truncate()
hfs: update timestamp on truncate()
fs/hfs/extent.c: fix array out of bounds read of array extent
mm/memory_hotplug: make add_memory() take the device_hotplug_lock
igb: shorten maximum PHC timecounter update interval
ntb_netdev: fix sleep time mismatch
ntb: intel: fix return value for ndev_vec_mask()
arm64: makefile fix build of .i file in external module case
ocfs2: don't put and assigning null to bh allocated outside
ocfs2: fix clusters leak in ocfs2_defrag_extent()
net: do not abort bulk send on BQL status
sched/fair: Don't increase sd->balance_interval on newidle balance
audit: print empty EXECVE args
wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()'
rtl8xxxu: Fix missing break in switch
brcmsmac: never log "tid x is not agg'able" by default
wireless: airo: potential buffer overflow in sprintf()
rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information
scsi: mpt3sas: Fix Sync cache command failure during driver unload
scsi: mpt3sas: Fix driver modifying persistent data in Manufacturing page11
scsi: megaraid_sas: Fix msleep granularity
scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces
dlm: fix invalid free
dlm: don't leak kernel pointer to userspace
ACPICA: Use %d for signed int print formatting instead of %u
net: bcmgenet: return correct value 'ret' from bcmgenet_power_down
sock: Reset dst when changing sk_mark via setsockopt
pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues
pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT
pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD
PCI: keystone: Use quirk to limit MRRS for K2G
spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch
mm/memory_hotplug: Do not unlock when fails to take the device_hotplug_lock
Bluetooth: Fix invalid-free in bcsp_close()
KVM: MMU: Do not treat ZONE_DEVICE pages as being reserved
ath9k_hw: fix uninitialized variable data
dm: use blk_set_queue_dying() in __dm_destroy()
arm64: fix for bad_mode() handler to always result in panic
cpufreq: Skip cpufreq resume if it's not suspended
ocfs2: remove ocfs2_is_o2cb_active()
ARM: 8904/1: skip nomap memblocks while finding the lowmem/highmem boundary
ARC: perf: Accommodate big-endian CPU
x86/insn: Fix awk regexp warnings
x86/speculation: Fix incorrect MDS/TAA mitigation status
x86/speculation: Fix redundant MDS mitigation message
nfc: port100: handle command failure cleanly
l2tp: don't use l2tp_tunnel_find() in l2tp_ip and l2tp_ip6
media: vivid: Set vid_cap_streaming and vid_out_streaming to true
media: vivid: Fix wrong locking that causes race conditions on streaming stop
media: usbvision: Fix races among open, close, and disconnect
cpufreq: Add NULL checks to show() and store() methods of cpufreq
media: uvcvideo: Fix error path in control parsing failure
media: b2c2-flexcop-usb: add sanity checking
media: cxusb: detect cxusb_ctrl_msg error in query
media: imon: invalid dereference in imon_touch_event
virtio_console: reset on out of memory
virtio_console: don't tie bufs to a vq
virtio_console: allocate inbufs in add_port() only if it is needed
virtio_ring: fix return code on DMA mapping fails
virtio_console: fix uninitialized variable use
virtio_console: drop custom control queue cleanup
virtio_console: move removal code
usbip: tools: fix fd leakage in the function of read_attr_usbip_status
usb-serial: cp201x: support Mark-10 digital force gauge
USB: chaoskey: fix error case of a timeout
appledisplay: fix error handling in the scheduled work
USB: serial: mos7840: add USB ID to support Moxa UPort 2210
USB: serial: mos7720: fix remote wakeup
USB: serial: mos7840: fix remote wakeup
USB: serial: option: add support for DW5821e with eSIM support
USB: serial: option: add support for Foxconn T77W968 LTE modules
staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error
powerpc/64s: support nospectre_v2 cmdline option
powerpc/book3s64: Fix link stack flush on context switch
KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel
Linux 4.9.204
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 5f9f0b11f0816b35867f2cf71e54d95f53f03902 upstream.
If starting the transfer of a command suceeds but the transfer for the reply
fails, it is not enough to initiate killing the transfer for the
command may still be running. You need to wait for the killing to finish
before you can reuse URB and buffer.
Reported-and-tested-by: syzbot+711468aa5c3a1eabf863@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3K9vkACgkQONu9yGCS
aT6fag//aZGV3gVyTHo9ZFFSs1ZO6AW9H/Qyfi+w1Q+pfvMfxvOroFs0Fojk1xoa
VQ9QDpa9O9dvX1GcvCaxwToVR8zte+wWMviDOz5Tae5puFQuT3dkjleMiU/5Gu+E
wWwV7dLoyJ4WMIvRCuxs7djh9NYQDczkOCLZtA1z9IF2SkG12pOJ5yg2ZOOUnovJ
lvSo7phGYv3X/tZHUvWvg6XG8DaAzWYgo4nQ0Ccv0Q3IWiqAlJFZwWH+VDqgzdPS
HKwKKqLqjTo2mfmDbScduVtIton6U9wipXrnOkqVPNxbrMS1OpmNreYfJYRXfCfZ
0WD/pEqa4t9dAkRVXhal91CXjJ0pfl5VPo3T3EXEDSCBb/rvId45dMpKxLO4kLmm
rF7w0NdvcSV9Zo07m6SL8S+ADrgBNts6g2ZopFRCm7HRXxxGXlA0smLR8mUrsMxw
49Lvcr0MtVu8/LgrnPEjyvT1A615Yad5f3n7oJSKsQrm/32abrTb47ZE98U7rUnU
9NEiBrLe83dyq3HTPbPspx7yIAjiCkknQdmCylL+lLIlRaIXeas81D+AO+zO3Wyu
DBjJRy8N+PotluK66PxlKSaJSrkH2YbQsbYUpifU9KZ8JfR2CRmEzmb4cyWgpVOH
2clUBuQg6uEoDK2QsweIdKvHlCO6vHKIE4Gh71NSvS8vxMfg+tA=
=WHB8
-----END PGP SIGNATURE-----
Merge 4.9.201 into android-4.9-q
Changes in 4.9.201
CDC-NCM: handle incomplete transfer of MTU
ipv4: Fix table id reference in fib_sync_down_addr
net: fix data-race in neigh_event_send()
net: usb: qmi_wwan: add support for DW5821e with eSIM support
NFC: fdp: fix incorrect free object
nfc: netlink: fix double device reference drop
NFC: st21nfca: fix double free
qede: fix NULL pointer deref in __qede_remove()
ALSA: timer: Fix incorrectly assigned timer instance
ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series
ALSA: hda/ca0132 - Fix possible workqueue stall
mm: thp: handle page cache THP correctly in PageTransCompoundMap
mm, vmstat: hide /proc/pagetypeinfo from normal users
dump_stack: avoid the livelock of the dump_lock
perf tools: Fix time sorting
drm/radeon: fix si_enable_smc_cac() failed issue
ceph: fix use-after-free in __ceph_remove_cap()
iio: imu: adis16480: make sure provided frequency is positive
netfilter: nf_tables: Align nft_expr private data to 64-bit
netfilter: ipset: Fix an error code in ip_set_sockfn_get()
can: usb_8dev: fix use-after-free on disconnect
can: c_can: c_can_poll(): only read status register after status IRQ
can: peak_usb: fix a potential out-of-sync while decoding packets
can: gs_usb: gs_can_open(): prevent memory leak
can: peak_usb: fix slab info leak
configfs: Fix bool initialization/comparison
configfs: stash the data we need into configfs_buffer at open time
configfs_register_group() shouldn't be (and isn't) called in rmdirable parts
configfs: new object reprsenting tree fragments
configfs: provide exclusion between IO and removals
configfs: fix a deadlock in configfs_symlink()
usbip: stub_rx: fix static checker warning on unnecessary checks
usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path
usbip: fix possibility of dereference by NULLL pointer in vhci_hcd.c
drivers: usb: usbip: Add missing break statement to switch
PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30
dmaengine: xilinx_dma: Fix control reg update in vdma_channel_set_config
HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring()
scsi: qla2xxx: fixup incorrect usage of host_byte
scsi: lpfc: Honor module parameter lpfc_use_adisc
ipvs: move old_secure_tcp into struct netns_ipvs
bonding: fix unexpected IFF_BONDING bit unset
usb: fsl: Check memory resource before releasing it
usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode.
usb: gadget: composite: Fix possible double free memory bug
usb: gadget: configfs: fix concurrent issue between composite APIs
usb: dwc3: remove the call trace of USBx_GFLADJ
perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity
perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h)
USB: Skip endpoints with 0 maxpacket length
RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case
scsi: qla2xxx: stop timer in shutdown path
fjes: Handle workqueue allocation failure
net: hisilicon: Fix "Trying to free already-free IRQ"
NFSv4: Don't allow a cached open with a revoked delegation
net: ethernet: arc: add the missed clk_disable_unprepare
igb: Fix constant media auto sense switching when no cable is connected
e1000: fix memory leaks
x86/apic: Move pending interrupt check code into it's own function
x86/apic: Drop logical_smp_processor_id() inline
x86/apic/32: Avoid bogus LDR warnings
can: flexcan: disable completely the ECC mechanism
mm/filemap.c: don't initiate writeback if mapping has no dirty pages
cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead
net: prevent load/store tearing on sk->sk_stamp
drm/i915: kick out cmd_parser specific structs from i915_drv.h
drm/i915: cleanup use of INSTR_CLIENT_MASK
drm/i915: return EACCES for check_cmd() failures
drm/i915: don't whitelist oacontrol in cmd parser
drm/i915: Use the precomputed value for whether to enable command parsing
drm/i915/cmdparser: Limit clflush to active cachelines
drm/i915/gtt: Add read only pages to gen8_pte_encode
drm/i915/gtt: Read-only pages for insert_entries on bdw+
drm/i915/gtt: Disable read-only support under GVT
drm/i915: Prevent writing into a read-only object via a GGTT mmap
drm/i915/cmdparser: Check reg_table_count before derefencing.
drm/i915/cmdparser: Do not check past the cmd length.
drm/i915: Silence smatch for cmdparser
drm/i915: Move engine->needs_cmd_parser to engine->flags
drm/i915: Rename gen7 cmdparser tables
drm/i915: Disable Secure Batches for gen6+
drm/i915: Remove Master tables from cmdparser
drm/i915: Add support for mandatory cmdparsing
drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
drm/i915: Allow parsing of unsized batches
drm/i915: Add gen9 BCS cmdparsing
drm/i915/cmdparser: Use explicit goto for error paths
drm/i915/cmdparser: Add support for backward jumps
drm/i915/cmdparser: Ignore Length operands during command matching
drm/i915: Lower RM timeout to avoid DSI hard hangs
drm/i915/gen8+: Add RC6 CTX corruption WA
drm/i915/cmdparser: Fix jump whitelist clearing
Linux 4.9.201
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 99a8efbb6e30b72ac98cecf81103f847abffb1e5 ]
The variable nfcid_skb is not changed in the callee nfc_hci_get_param()
if error occurs. Consequently, the freed variable nfcid_skb will be
freed again, resulting in a double free bug. Set nfcid_skb to NULL after
releasing it to fix the bug.
Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 517ce4e93368938b204451285e53014549804868 ]
The address of fw_vsc_cfg is on stack. Releasing it with devm_kfree() is
incorrect, which may result in a system crash or other security impacts.
The expected object to free is *fw_vsc_cfg.
Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1yFqoACgkQONu9yGCS
aT6Qhg/9EhDdNA67JIe4Wxns9YRb/yqAKKYGhvGQsUNud1fEYmnIeYOfkwSjPDQv
OCt2gwgPfw1K49r96+zXsw4vywrCBAZShe2OnR7g63Toz9NHGQu1LJy6FyvzBubl
vZ2WQBkY8T/viUfPMQ+xwJcuUsx2mWZ+VqgEzmgrqXxFCEPaxCerXqxgLAN3UhjI
KGqylDKaKlHpNDZYc24GvO8rNoehRZS7FSrKOfjFpDld1bLjHq0ZMNp8ChBp/W99
K+jp3MIeenjdoEiH4K2Hdf8zRRxxOVJf/hcbT9Hi8TKG2HsgAKAMuFz1X6IJtnYZ
02bhYkvPoa+sKVS1wt9tscFzIiwBfAP7CyAROn9nv3A2V3A8ZfXIY/tMWh1yRS+E
y6eVwH6gG9IW7AbjkJmZAlcgxCkYlag6WoTjc1F/s+XdB+fLyQIi8Tls85mKtzwi
GXygbZIC7pKPlcVIfnEK4cMEm9FAZlxqThTXTckzSasteFsxTbQxy4AeflMY7MQE
hn8c32gU4+zXhebF/2vQaEwVar+DkzRNwJUjRN5uLbISwJ1hrEvGWR3mhde2RIZg
JiwGiJ5LmdegSemuLMXBvtOiZ6yTvfoT5p4Wqd5LLhtclrMvDOQ1ye4lBPOHGKFc
gTuC+Hvo50THpNovzVjsJX2tf92z1FtF0jvH8fMEaQ3uPsLwGrA=
=U6+Q
-----END PGP SIGNATURE-----
Merge 4.9.191 into android-4.9-q
Changes in 4.9.191
HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
MIPS: kernel: only use i8253 clocksource with periodic clockevent
netfilter: ebtables: fix a memory leak bug in compat
ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
bonding: Force slave speed check after link state recovery for 802.3ad
can: dev: call netif_carrier_off() in register_candev()
st21nfca_connectivity_event_received: null check the allocation
st_nci_hci_connectivity_event_received: null check the allocation
ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
net: usb: qmi_wwan: Add the BroadMobi BM818 card
isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain()
isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
perf bench numa: Fix cpu0 binding
can: sja1000: force the string buffer NULL-terminated
can: peak_usb: force the string buffer NULL-terminated
NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
HID: input: fix a4tech horizontal wheel custom usage
net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
net: hisilicon: make hip04_tx_reclaim non-reentrant
net: hisilicon: fix hip04-xmit never return TX_BUSY
net: hisilicon: Fix dma_map_single failed on arm64
libata: add SG safety checks in SFF pio transfers
x86/lib/cpu: Address missing prototypes warning
drm/vmwgfx: fix memory leak when too many retries have occurred
perf pmu-events: Fix missing "cpu_clk_unhalted.core" event
selftests: kvm: Adding config fragments
HID: wacom: correct misreported EKR ring values
HID: wacom: Correct distance scale for 2nd-gen Intuos devices
Revert "dm bufio: fix deadlock with loop device"
gpiolib: never report open-drain/source lines as 'input' to user-space
userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
x86/apic: Handle missing global clockevent gracefully
x86/boot: Save fields explicitly, zero out everything else
x86/boot: Fix boot regression caused by bootparam sanitizing
dm btree: fix order of block initialization in btree_split_beneath
dm space map metadata: fix missing store of apply_bops() return value
dm table: fix invalid memory accesses with too high sector number
genirq: Properly pair kobject_del() with kobject_add()
mm, page_owner: handle THP splits correctly
mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely
xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
Revert "perf test 6: Fix missing kvm module load for s390"
x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
dmaengine: ste_dma40: fix unneeded variable warning
iommu/dma: Handle SG length overflow better
usb: gadget: composite: Clear "suspended" on reset/disconnect
xen/blkback: fix memory leaks
i2c: emev2: avoid race when unregistering slave client
usb: host: fotg2: restart hcd after port reset
tools: hv: fix KVP and VSS daemons exit code
watchdog: bcm2835_wdt: Fix module autoload
scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value
tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
tcp: make sure EPOLLOUT wont be missed
ALSA: line6: Fix memory leak at line6_init_pcm() error path
ALSA: seq: Fix potential concurrent access to the deleted pool
KVM: x86: Don't update RIP or do single-step on faulting emulation
x86/apic: Do not initialize LDR and DFR for bigsmp
x86/apic: Include the LDR when clearing out APIC registers
mm/zsmalloc.c: fix race condition in zs_destroy_pool
usb-storage: Add new JMS567 revision to unusual_devs
USB: cdc-wdm: fix race between write and disconnect due to flag abuse
usb: chipidea: udc: don't do hardware access if gadget has stopped
usb: host: ohci: fix a race condition between shutdown and irq
usb: host: xhci: rcar: Fix typo in compatible string matching
USB: storage: ums-realtek: Update module parameter description for auto_delink_en
USB: storage: ums-realtek: Whitelist auto-delink support
ptrace,x86: Make user_64bit_mode() available to 32-bit builds
uprobes/x86: Fix detection of 32-bit user mode
mmc: sdhci-of-at91: add quirk for broken HS200
mmc: core: Fix init of SD cards reporting an invalid VDD range
stm class: Fix a double free of stm_source_device
VMCI: Release resource if the work is already queued
Revert "cfg80211: fix processing world regdomain when non modular"
mac80211: fix possible sta leak
KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is long
KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI
i2c: piix4: Fix port selection for AMD Family 16h Model 30h
x86/ptrace: fix up botched merge of spectrev1 fix
mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n
Linux 4.9.191
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 3008e06fdf0973770370f97d5f1fba3701d8281d ]
devm_kzalloc may fail and return NULL. So the null check is needed.
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 9891d06836e67324c9e9c4675ed90fc8b8110034 ]
devm_kzalloc may fail and return null. So the null check is needed.
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzdoVMACgkQONu9yGCS
aT4qIQ//XMYZIYkQGwN57TzWVqaE1TqutVHuAnc+k111hEl4Af9bKedyOQKoA7EF
WzWau8wUKZsoAegoHbao29Ow5JE6iO0Qy9hjgRIbHRQA+IziPmYbJZ/zE2KBZFyH
LlC3cxcCujABPtdfSq8/ChXpvtcQAtvGLWwpppHxIhYUC0WPTlzdMYqCDR6DxJbQ
Z1KKTjR4uEH2d7XwsRsBfoEeYiHL4Wi33ZFjN3IeXOjNiN54QIdH3INsEkOlugxE
NmoZrkyMzh8wkVlhAhpimREI5+0YSjxyEBbi7Qdo76+dK7NHdR6AHMh4/l/i8Ytc
qMK7tgXQ0VjZlsfZ1a803XEcM0TY/j4zGdSInpmKOP5uR1IsBz+THidKNlwmB4ZT
AZjzgfLz/lmRm8W58SSSL1y9g1sNFJcziUjAq0j24kWseeTRd1gcooZP+RJBtHhN
zGnG54l67RW1POFK+1sAIUElHrx36FMrAD3ae3nwUW7I91XO65ODS59S6xJJMzjl
qKV6jm7ZhqvyCJKkxWDq9pSBE5EMccaFQpnzy1oQhxh1nFLaK9+jsAkbfey6tAjC
d0hsqgUXRF8yFGUSE/Nd7LEn8Pf9lFl8GTrsF13xLXXuWknsFulmOnu8h8nNPnDG
i8Os9NfS7VImodPCvGAXF+ACtlbzCiTYJhebiZw8Ak0+vSeURyQ=
=O1S8
-----END PGP SIGNATURE-----
Merge 4.9.177 into android-4.9-q
Changes in 4.9.177
netfilter: compat: initialize all fields in xt_init
bpf: fix struct htab_elem layout
bpf: convert htab map to hlist_nulls
platform/x86: sony-laptop: Fix unintentional fall-through
USB: serial: fix unthrottle races
iio: adc: xilinx: fix potential use-after-free on remove
libnvdimm/namespace: Fix a potential NULL pointer dereference
HID: input: add mapping for Expose/Overview key
HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
HID: input: add mapping for "Toggle Display" key
libnvdimm/btt: Fix a kmemdup failure check
s390/dasd: Fix capacity calculation for large volumes
mac80211: fix unaligned access in mesh table hash function
s390/3270: fix lockdep false positive on view->lock
mISDN: Check address length before reading address family
x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T
KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing
tools lib traceevent: Fix missing equality check for strcmp
init: initialize jump labels before command line option parsing
selftests: netfilter: check icmp pkttoobig errors are set as related
ipvs: do not schedule icmp errors from tunnels
MIPS: perf: ath79: Fix perfcount IRQ assignment
s390: ctcm: fix ctcm_new_device error return code
drm/sun4i: Set device driver data at bind time for use in unbind
selftests/net: correct the return value for run_netsocktests
gpu: ipu-v3: dp: fix CSC handling
spi: Micrel eth switch: declare missing of table
spi: ST ST95HF NFC: declare missing of table
Input: synaptics-rmi4 - fix possible double free
cw1200: fix missing unlock on error in cw1200_hw_scan()
ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command
rtlwifi: rtl8723ae: Fix missing break in switch statement
Don't jump to compute_result state from check_result state
Revert "x86/vdso: Drop implicit common-page-size linker flag"
Revert "x86: vdso: Use $LD instead of $CC to link"
x86: vdso: Use $LD instead of $CC to link
x86/vdso: Drop implicit common-page-size linker flag
x86/vdso: Pass --eh-frame-hdr to the linker
powerpc/64s: Include cpu header
bridge: Fix error path for kobject_init_and_add()
fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied
net: ucc_geth - fix Oops when changing number of buffers in the ring
packet: Fix error path in packet_init
vlan: disable SIOCSHWTSTAMP in container
vrf: sit mtu should not be updated when vrf netdev is the link
ipv4: Fix raw socket lookup for local traffic
bonding: fix arp_validate toggling in active-backup mode
drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
powerpc/lib: fix book3s/32 boot failure due to code patching
powerpc/booke64: set RI in default MSR
Linux 4.9.177
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit d04830531d0c4a99c897a44038e5da3d23331d2f ]
Add missing <of_device_id> table for SPI driver relying on SPI
device match since compatible is in a DT binding or in a DTS.
Before this patch:
modinfo drivers/nfc/st95hf/st95hf.ko | grep alias
alias: spi:st95hf
After this patch:
modinfo drivers/nfc/st95hf/st95hf.ko | grep alias
alias: spi:st95hf
alias: of:N*T*Cst,st95hfC*
alias: of:N*T*Cst,st95hf
Reported-by: Javier Martinez Canillas <javier@dowhile0.org>
Signed-off-by: Daniel Gomez <dagmcr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlw2EF8ACgkQONu9yGCS
aT60Uw//dk+Mshl6uj1zeD5ZIBYZqIH3pQqEgPO6/wFmT4Koxl4rajbsj60r1qrB
qZnIpiLQhyBhb0TaVMMEyHbDB0US1gzOeQDShIWFVzUwZix+O8iL0s24NAMbLWZz
L2b62hphcj6I3K30Ly7BQgIlKhwecPEeftejSC4A/UQ5I2x3qe5dp3KFEShK4Oob
rR9CFZD2DV0u/G6u4AsP33oE1Zx7d26U6RazNgWZfMW1/Sb3n/d4ihHVNENsXR5U
wiB0Y2zWogKSkj5l4ZkIpPeQYgYfVsQlC/i749yWi/ng833guratUefusLO3n/jr
efhTsQP1OgesogO3apx9WOHj+9Eqhr/rRYJbeGcn5oG0S9Hbg+3honYb53FY+mrb
n3mEwAJDI+ntZDEdRl+ZZA4kSD1pXTn7ddy5VqZ/B81RZPudYWeJiB1USIcoqjmj
bJtS/ZtIKwfVzd745Drg+Ko9D96xfQETvJE7OM7iUzdBS+ONI9CaUt3dawoBj6pc
IFnAX5vJ1ruzB44iWc8rJhmCTJ/ww7jkKhl2Av8Q7UG2rJ7r4xzgTkislUxQQamw
+by07OxeK8T0mahuRTlZbU27lnRK5xQ+H9+G1n6KoGNjjl0jBhDjnFZ56kUkNXuw
V8SsC7PoCpR7zEZUButg83qrvLXpDcM9A8arWyqgl4WKF4AVUZk=
=qO5G
-----END PGP SIGNATURE-----
Merge 4.9.149 into android-4.9
Changes in 4.9.149
NFC: nxp-nci: Include unaligned.h instead of access_ok.h
ip6mr: Fix potential Spectre v1 vulnerability
ipv4: Fix potential Spectre v1 vulnerability
ax25: fix a use-after-free in ax25_fillin_cb()
ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
ieee802154: lowpan_header_create check must check daddr
ipv6: explicitly initialize udp6_addr in udp_sock_create6()
ipv6: tunnels: fix two use-after-free
isdn: fix kernel-infoleak in capi_unlocked_ioctl
net: ipv4: do not handle duplicate fragments as overlapping
net: phy: Fix the issue that netif always links up after resuming
netrom: fix locking in nr_find_socket()
net/wan: fix a double free in x25_asy_open_tty()
packet: validate address length
packet: validate address length if non-zero
sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
tipc: fix a double kfree_skb()
vhost: make sure used idx is seen before log in vhost_add_used_n()
VSOCK: Send reset control packet when socket is partially bound
xen/netfront: tolerate frags with no data
tipc: use lock_sock() in tipc_sk_reinit()
tipc: compare remote and local protocols in tipc_udp_enable()
gro_cell: add napi_disable in gro_cells_destroy
net/mlx5e: Remove the false indication of software timestamping support
net/mlx5: Typo fix in del_sw_hw_rule
sock: Make sock->sk_stamp thread-safe
ptr_ring: wrap back ->producer in __ptr_ring_swap_queue()
ALSA: rme9652: Fix potential Spectre v1 vulnerability
ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
ALSA: pcm: Fix potential Spectre v1 vulnerability
ALSA: emux: Fix potential Spectre v1 vulnerabilities
mtd: atmel-quadspi: disallow building on ebsa110
ALSA: hda: add mute LED support for HP EliteBook 840 G4
ALSA: hda/tegra: clear pending irq handlers
USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
USB: serial: option: add Fibocom NL678 series
usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()
staging: wilc1000: fix missing read_write setting when reading data
qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID
Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
platform-msi: Free descriptors in platform_msi_domain_free()
perf pmu: Suppress potential format-truncation warning
ext4: fix possible use after free in ext4_quota_enable
ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
ext4: fix EXT4_IOC_GROUP_ADD ioctl
ext4: include terminating u32 in size of xattr entries when expanding inodes
ext4: force inode writes when nfsd calls commit_metadata()
spi: bcm2835: Fix race on DMA termination
spi: bcm2835: Fix book-keeping of DMA termination
spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
clk: rockchip: fix typo in rk3188 spdif_frac parent
cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
f2fs: fix validation of the block count in sanity_check_raw_super
serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly
media: vivid: free bitmap_cap when updating std/timings/etc.
media: v4l2-tpg: array index could become negative
MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
MIPS: Align kernel load address to 64KB
MIPS: OCTEON: mark RGMII interface disabled on OCTEON III
CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested
arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1
rtc: m41t80: Correct alarm month range with RTC reads
tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x
spi: bcm2835: Unbreak the build of esoteric configs
Linux 4.9.149
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 2eee74b7e2a496dea49847c36fd09320505f45b7 upstream.
Directly including access_ok.h can result in the following compile errors
if an architecture such as ia64 does not support direct unaligned accesses.
include/linux/unaligned/access_ok.h:7:19: error:
redefinition of 'get_unaligned_le16'
include/linux/unaligned/le_struct.h:6:19: note:
previous definition of 'get_unaligned_le16' was here
include/linux/unaligned/access_ok.h:12:19: error:
redefinition of 'get_unaligned_le32'
include/linux/unaligned/le_struct.h:11:19: note:
previous definition of 'get_unaligned_le32' was here
Include asm/unaligned.h instead and let the architecture decide which
access functions to use.
Cc: Clément Perrochaud <clement.perrochaud@effinnov.com>
Cc: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Cc: Matthias Kaehlcke <mka@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlwCSesACgkQONu9yGCS
aT6l4xAA1dKYI5S/l/K6VswVDAR48BZY4hAVPrCOCuhWt6RXMa6rv9Jhqvlj8DTH
njfntSSpQCkEUHdmG1uceTVtuitXKFWyIwQXVql73cdg9u7Jxd1uJ71B7dSzyqFw
s712+HkKyp2O64KH/LpLjwEbImtVXTAzIXhIAxLjLdOEkBV7kNZMcVTFzKqPO/vX
OKwZw65ro2+3VZiU5cfSVx6Oerbdjusan56dQTGAxH96JCo3+5mXjBiK83fmQf0e
52zmesn4bSfC4083bwJpAx5wy6tBBZocDRMTCXJ6vvHMFL58QvZEnIdWpe2ECT3v
rUIxOs5nNq6yFHwfn3VM+PzYhqz7WT08RBkr2KNTpaDOIQqFqMi7H4qVo2BfUVnv
RKEUnyXe9hO5SNcVroNmM8qwda5tubA/EGPgLt+BFw2sUEZIcQ0VWduxSJtgxerH
aSEvyEvT9551oXLg4LHARIJwNiKDk2Iq8UkANwL6+F0ZLD0sNzDNM+gysvNII7aW
lkY6Z/sE0oGYWylq17i+wFxJ2PeLo84KJeZ3tqrnTbTuok4cjIWSmxPszDnq+E3f
b9dMoDnECEO1DmM+OCKBeOkxzwbl92rkn3HaQxWQNFRhGzoGK1h4ECHSHyMCkZJw
7n17JeT4QGrxhmkmO7qS2u1yjPiJWURDd0FDd1ns6Tm4soaljvs=
=zLVF
-----END PGP SIGNATURE-----
Merge 4.9.142 into android-4.9
Changes in 4.9.142
usb: core: Fix hub port connection events lost
usb: dwc3: core: Clean up ULPI device
usb: xhci: fix timeout for transition from RExit to U0
MAINTAINERS: Add Sasha as a stable branch maintainer
gpio: don't free unallocated ida on gpiochip_add_data_with_key() error path
iwlwifi: mvm: support sta_statistics() even on older firmware
iwlwifi: mvm: fix regulatory domain update when the firmware starts
brcmfmac: fix reporting support for 160 MHz channels
tools/power/cpupower: fix compilation with STATIC=true
v9fs_dir_readdir: fix double-free on p9stat_read error
selinux: Add __GFP_NOWARN to allocation at str_read()
bfs: add sanity check at bfs_fill_super()
sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer
gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd
llc: do not use sk_eat_skb()
mm: don't warn about large allocations for slab
drm/ast: change resolution may cause screen blurred
drm/ast: fixed cursor may disappear sometimes
drm/ast: Remove existing framebuffers before loading driver
can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb()
can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length
can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb is accessed out of bounds
can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb
IB/core: Fix for core panic
IB/hfi1: Eliminate races in the SDMA send error path
usb: xhci: Prevent bus suspend if a port connect change or polling state is detected
pinctrl: meson: fix pinconf bias disable
KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE
cpufreq: imx6q: add return value check for voltage scale
rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write
floppy: fix race condition in __floppy_read_block_0()
powerpc/io: Fix the IO workarounds code to work with Radix
perf/x86/intel/uncore: Add more IMC PCI IDs for KabyLake and CoffeeLake CPUs
SUNRPC: Fix a bogus get/put in generic_key_to_expire()
kdb: Use strscpy with destination buffer size
powerpc/numa: Suppress "VPHN is not supported" messages
efi/arm: Revert deferred unmap of early memmap mapping
tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset
of: add helper to lookup compatible child node
NFC: nfcmrvl_uart: fix OF child-node lookup
net: bcmgenet: fix OF child-node lookup
arm64: remove no-op -p linker flag
ath10k: fix kernel panic due to race in accessing arvif list
Input: xpad - add product ID for Xbox One S pad
Input: xpad - fix Xbox One rumble stopping after 2.5 secs
Input: xpad - correctly sort vendor id's
Input: xpad - move reporting xbox one home button to common function
Input: xpad - simplify error condition in init_output
Input: xpad - don't depend on endpoint order
Input: xpad - fix stuck mode button on Xbox One S pad
Input: xpad - restore LED state after device resume
Input: xpad - support some quirky Xbox One pads
Input: xpad - sort supported devices by USB ID
Input: xpad - sync supported devices with xboxdrv
Input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth
Input: xpad - sync supported devices with 360Controller
Input: xpad - sync supported devices with XBCD
Input: xpad - constify usb_device_id
Input: xpad - fix PowerA init quirk for some gamepad models
Input: xpad - validate USB endpoint type during probe
Input: xpad - add support for PDP Xbox One controllers
Input: xpad - add PDP device id 0x02a4
Input: xpad - fix some coding style issues
Input: xpad - avoid using __set_bit() for capabilities
Input: xpad - add GPD Win 2 Controller USB IDs
Input: xpad - fix GPD Win 2 controller name
Input: xpad - add support for Xbox1 PDP Camo series gamepad
cw1200: Don't leak memory if krealloc failes
mwifiex: prevent register accesses after host is sleeping
mwifiex: report error to PCIe for suspend failure
mwifiex: Fix NULL pointer dereference in skb_dequeue()
mwifiex: fix p2p device doesn't find in scan problem
scsi: ufs: fix bugs related to null pointer access and array size
scsi: ufshcd: Fix race between clk scaling and ungate work
scsi: ufs: fix race between clock gating and devfreq scaling work
scsi: ufshcd: release resources if probe fails
include/linux/pfn_t.h: force '~' to be parsed as an unary operator
tty: wipe buffer.
tty: wipe buffer if not echoing data
usb: xhci: fix uninitialized completion when USB3 port got wrong status
sched/core: Allow __sched_setscheduler() in interrupts when PI is not used
namei: allow restricted O_CREAT of FIFOs and regular files
lan78xx: Read MAC address from DT if present
s390/mm: Check for valid vma before zapping in gmap_discard
net: ieee802154: 6lowpan: fix frag reassembly
Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC"
ima: always measure and audit files in policy
EVM: Add support for portable signature format
ima: re-introduce own integrity cache lock
ima: re-initialize iint->atomic_flags
Linux 4.9.142
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 5bf59773aaf36dd62117dc83d50e1bbf9ef432da ]
Use the new of_get_compatible_child() helper to lookup the nfc child
node instead of using of_find_compatible_node(), which searches the
entire tree from a given start node and thus can return an unrelated
(i.e. non-child) node.
This also addresses a potential use-after-free (e.g. after probe
deferral) as the tree-wide helper drops a reference to its first
argument (i.e. the parent node).
Fixes: e097dc624f ("NFC: nfcmrvl: add UART driver")
Fixes: d8e018c0b3 ("NFC: nfcmrvl: update device tree bindings for Marvell NFC")
Cc: stable <stable@vger.kernel.org> # 4.2
Cc: Vincent Cuissard <cuissard@marvell.com>
Cc: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlt/6CsACgkQONu9yGCS
aT7KOw//boywfZ/3pWvs5bp6MsNBrYxa9mzvv7MDQFj10nibTdwY+XFf7O370j3q
Udt3A3V4a57KnploVglMSv4452LETDhMFdlQlxVTMcWAISiZoviVemDTi6GoRCwI
PJg30COP3kE4u51O5i4sGDrff9mRiUPH2XR4JP27CY1aYbjE1IYoOTfB7jUSZhNn
nzghkYLuxIpXc3GlNiWwXSxjRoDz9hw/0jaY4oZC9CRGi/Z/YBqvXLvj9dMO/2R2
0R1ftiI/CEpuQ10XZ9z3h2WlgiWz9Pj183qBMwCUVR0IDVRo+A6lN1Zz7X+eG0no
+CsDAhwfxu2BmDZ4eTDCgcKTk1LDmSVAo3cOoIdW+UkNbeoz99gFivy+jhEyKwQA
KYfMciX31qmrbVfqGT9mZTsDgrYnLCqOmRnhIoAbA3Tb/4gzO6pQXt08eGK4l+LI
u2Yv4L3BiNtZlRPBZYaibtnAAWOPZEuMIf/cRxXJ4//AcWsLirS1Dy3Z70z7J6ew
jkxtDf2F34YYrj1QGRAKfELiZJOJYX7Ig81y80M4tBD2sjRfb29z7QEK5XbDrIID
OJ8Kh57YrdnkGBOFbG8Yvfy4QV1js8VsReasK1pgad8iL8suBYPTPQwmUztGWXz5
AQsU+aQxNYicTtsRIfEN4Tr1Nb/2IqfShC+lwFpcagMvjzjDT/Q=
=GH5x
-----END PGP SIGNATURE-----
Merge 4.9.124 into android-4.9
Changes in 4.9.124
x86/entry/64: Remove %ebx handling from error_entry/exit
ARC: Explicitly add -mmedium-calls to CFLAGS
usb: dwc3: of-simple: fix use-after-free on remove
netfilter: ipv6: nf_defrag: reduce struct net memory waste
selftests: pstore: return Kselftest Skip code for skipped tests
selftests: static_keys: return Kselftest Skip code for skipped tests
selftests: user: return Kselftest Skip code for skipped tests
selftests: zram: return Kselftest Skip code for skipped tests
selftests: sync: add config fragment for testing sync framework
ARM: dts: NSP: Fix i2c controller interrupt type
ARM: dts: NSP: Fix PCIe controllers interrupt types
ARM: dts: Cygnus: Fix I2C controller interrupt type
ARM: dts: Cygnus: Fix PCIe controller interrupt type
arm64: dts: ns2: Fix I2C controller interrupt type
drm: mali-dp: Enable Global SE interrupts mask for DP500
IB/rxe: Fix missing completion for mem_reg work requests
libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
usb: dwc2: fix isoc split in transfer with no data
usb: gadget: composite: fix delayed_status race condition when set_interface
usb: gadget: dwc2: fix memory leak in gadget_init()
xen: add error handling for xenbus_printf
scsi: xen-scsifront: add error handling for xenbus_printf
xen/scsiback: add error handling for xenbus_printf
arm64: make secondary_start_kernel() notrace
qed: Add sanity check for SIMD fastpath handler.
enic: initialize enic->rfs_h.lock in enic_probe
net: hamradio: use eth_broadcast_addr
net: propagate dev_get_valid_name return code
net: stmmac: socfpga: add additional ocp reset line for Stratix10
nvmet: reset keep alive timer in controller enable
ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP
net: davinci_emac: match the mdio device against its compatible if possible
KVM: arm/arm64: Drop resource size check for GICV window
locking/lockdep: Do not record IRQ state within lockdep code
ipv6: mcast: fix unsolicited report interval after receiving querys
Smack: Mark inode instant in smack_task_to_inode
batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump
batman-adv: Fix bat_v best gw refcnt after netlink dump
cxgb4: when disabling dcb set txq dcb priority to 0
iio: pressure: bmp280: fix relative humidity unit
brcmfmac: stop watchdog before detach and free everything
ARM: dts: am437x: make edt-ft5x06 a wakeup source
ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl
usb: xhci: remove the code build warning
usb: xhci: increase CRS timeout value
NFC: pn533: Fix wrong GFP flag usage
perf test session topology: Fix test on s390
perf report powerpc: Fix crash if callchain is empty
perf bench: Fix numa report output code
netfilter: nf_log: fix uninit read in nf_log_proc_dostring
ceph: fix dentry leak in splice_dentry()
selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs
selftests/x86/sigreturn: Do minor cleanups
ARM: dts: da850: Fix interrups property for gpio
dmaengine: pl330: report BURST residue granularity
dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate()
md/raid10: fix that replacement cannot complete recovery after reassemble
nl80211: relax ht operation checks for mesh
drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes
drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes
drm/exynos: decon5433: Fix WINCONx reset value
bpf, s390: fix potential memleak when later bpf_jit_prog fails
PCI: xilinx: Add missing of_node_put()
PCI: xilinx-nwl: Add missing of_node_put()
bnx2x: Fix receiving tx-timeout in error or recovery state.
acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value
m68k: fix "bad page state" oops on ColdFire boot
objtool: Support GCC 8 '-fnoreorder-functions'
ipvlan: call dev_change_flags when ipvlan mode is reset
HID: wacom: Correct touch maximum XY of 2nd-gen Intuos
ARM: imx_v6_v7_defconfig: Select ULPI support
ARM: imx_v4_v5_defconfig: Select ULPI support
tracing: Use __printf markup to silence compiler
kasan: fix shadow_size calculation error in kasan_module_alloc
smsc75xx: Add workaround for gigabit link up hardware errata.
samples/bpf: add missing <linux/if_vlan.h>
samples/bpf: Check the error of write() and read()
ieee802154: 6lowpan: set IFLA_LINK
netfilter: x_tables: set module owner for icmp(6) matches
ipv6: make ipv6_renew_options() interrupt/kernel safe
net: qrtr: Broadcast messages only from control port
sh_eth: fix invalid context bug while calling auto-negotiation by ethtool
sh_eth: fix invalid context bug while changing link options by ethtool
ravb: fix invalid context bug while calling auto-negotiation by ethtool
ravb: fix invalid context bug while changing link options by ethtool
ARM: pxa: irq: fix handling of ICMR registers in suspend/resume
net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used
ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem
ieee802154: at86rf230: use __func__ macro for debug messages
ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem
drm/armada: fix colorkey mode property
netfilter: nf_conntrack: Fix possible possible crash on module loading.
ARC: Improve cmpxchg syscall implementation
bnxt_en: Always set output parameters in bnxt_get_max_rings().
bnxt_en: Fix for system hang if request_irq fails
perf llvm-utils: Remove bashism from kernel include fetch script
nfit: fix unchecked dereference in acpi_nfit_ctl
RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path
ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot
ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores
ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller
ixgbe: Be more careful when modifying MAC filters
tools: build: Use HOSTLDFLAGS with fixdep
packet: reset network header if packet shorter than ll reserved space
qlogic: check kstrtoul() for errors
tcp: remove DELAYED ACK events in DCTCP
pinctrl: nsp: off by ones in nsp_pinmux_enable()
pinctrl: nsp: Fix potential NULL dereference
drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply()
net/ethernet/freescale/fman: fix cross-build error
net: usb: rtl8150: demote allmulti message to dev_dbg()
PCI: OF: Fix I/O space page leak
PCI: versatile: Fix I/O space page leak
net: qca_spi: Avoid packet drop during initial sync
net: qca_spi: Make sure the QCA7000 reset is triggered
net: qca_spi: Fix log level if probe fails
tcp: identify cryptic messages as TCP seq # bugs
KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
ext4: fix spectre gadget in ext4_mb_regular_allocator()
parisc: Remove ordered stores from syscall.S
xfrm_user: prevent leaking 2 bytes of kernel memory
netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
packet: refine ring v3 block size test to hold one frame
parisc: Remove unnecessary barriers from spinlock.h
PCI: hotplug: Don't leak pci_slot on registration failure
PCI: Skip MPS logic for Virtual Functions (VFs)
PCI: pciehp: Fix use-after-free on unplug
PCI: pciehp: Fix unprotected list iteration in IRQ handler
i2c: imx: Fix race condition in dma read
reiserfs: fix broken xattr handling (heap corruption, bad retval)
Linux 4.9.124
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit ecc443c03fb14abfb8a6af5e3b2d43b5257e60f2 ]
pn533_recv_response() is an urb completion handler, so it must use
GFP_ATOMIC. pn533_usb_send_frame() OTOH runs from a regular sleeping
context, so the pn533_submit_urb_for_response() there (and only there)
can use the regular GFP_KERNEL flags.
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1514134
Fixes: 9815c7cf22 ("NFC: pn533: Separate physical layer from ...")
Cc: Michael Thalmeier <michael.thalmeier@hale.at>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqzZsQACgkQONu9yGCS
aT6GpRAA0smp5JfDXHUaQ0/6Syjo0bppqAdXZAkOeRYGEsZC1YG27rmB1YTk7R3X
6pwLRXDFP8264A7Pks4+fbE2CUv6Rt1qS4V6t3CVInzYVshVfThnZkl+cFXYWqTg
P9q7oW7M/nXp73kUJIu2Q+d3NTWozbjHAffwXzaM3XschGEA9FghiDoZToemG7gV
DmKstfUlnLb5M6ljXQla44UQWpPCFL9U5EAXHsEphz5nR7H5fTOvmXd38z2Pxmu8
F+wmVeqS3VzJA4otefClQMH78ZsEkImCJwGx6B2q5KIcVxJRprc0EC/Mxb3oSozR
3W7oxuOhGXV84oo9hY9LVett20ZAyDqcEY7RXaUdaaxC0XnZujgIwiHEUfWH5o5S
7o/kM5DRO7nKDqt9u+O8nXZU9dKPUAV5kPmMWBUlgGslKD9z3yat9z71h4nANd2Y
uQRlXO3CPrBIxTgLqdDRcAtStJoRBjDZxm1X1IYZwG5DjX6oLLYFVjE2rdD6OrOv
5Yi4NQ4qzVt3CcePyactJJQLMGf9/PI9zMXOsefKK6KwApud7zjxl+HVvGaFkDXt
ONkcHW1F9H7AnExaAyIfZiuWlDoOii58XIIAme/xKStCx4jRJD99d6o4fJomwTUq
Hpqe/6XgwmubKsRSn57e45RqtmrtXTAPlcGWDifd//PB1udoHFc=
=jQUN
-----END PGP SIGNATURE-----
Merge 4.9.89 into android-4.9
Changes in 4.9.89
blkcg: fix double free of new_blkg in blkcg_init_queue
Input: tsc2007 - check for presence and power down tsc2007 during probe
perf stat: Issue a HW watchdog disable hint
staging: speakup: Replace BUG_ON() with WARN_ON().
staging: wilc1000: add check for kmalloc allocation failure.
HID: reject input outside logical range only if null state is set
drm: qxl: Don't alloc fbdev if emulation is not supported
ARM: dts: r8a7791: Remove unit-address and reg from integrated cache
ARM: dts: r8a7792: Remove unit-address and reg from integrated cache
ARM: dts: r8a7793: Remove unit-address and reg from integrated cache
ARM: dts: r8a7794: Remove unit-address and reg from integrated cache
arm64: dts: r8a7796: Remove unit-address and reg from integrated cache
drm/sun4i: Fix up error path cleanup for master bind function
drm/sun4i: Set drm_crtc.port to the underlying TCON's output port node
ath10k: fix a warning during channel switch with multiple vaps
drm/sun4i: Fix TCON clock and regmap initialization sequence
PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()
selinux: check for address length in selinux_socket_bind()
x86/mm: Make mmap(MAP_32BIT) work correctly
perf sort: Fix segfault with basic block 'cycles' sort dimension
x86/mce: Handle broadcasted MCE gracefully with kexec
eventpoll.h: fix epoll event masks
i40e: Acquire NVM lock before reads on all devices
i40e: fix ethtool to get EEPROM data from X722 interface
perf tools: Make perf_event__synthesize_mmap_events() scale
ARM: brcmstb: Enable ZONE_DMA for non 64-bit capable peripherals
drivers: net: xgene: Fix hardware checksum setting
drivers: net: phy: xgene: Fix mdio write
drivers: net: xgene: Fix wrong logical operation
drivers: net: xgene: Fix Rx checksum validation logic
drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off)
ath10k: disallow DFS simulation if DFS channel is not enabled
ath10k: fix fetching channel during potential radar detection
usb: misc: lvs: fix race condition in disconnect handling
ARM: bcm2835: Enable missing CMA settings for VC4 driver
net: ethernet: bgmac: Allow MAC address to be specified in DTB
netem: apply correct delay when rate throttling
x86/mce: Init some CPU features early
omapfb: dss: Handle return errors in dss_init_ports()
perf probe: Fix concat_probe_trace_events
perf probe: Return errno when not hitting any event
HID: clamp input to logical range if no null state
net/8021q: create device with all possible features in wanted_features
ARM: dts: Adjust moxart IRQ controller and flags
qed: Always publish VF link from leading hwfn
s390/topology: fix typo in early topology code
zd1211rw: fix NULL-deref at probe
batman-adv: handle race condition for claims between gateways
of: fix of_device_get_modalias returned length when truncating buffers
solo6x10: release vb2 buffers in solo_stop_streaming()
x86/boot/32: Defer resyncing initial_page_table until per-cpu is set up
scsi: fnic: Fix for "Number of Active IOs" in fnicstats becoming negative
scsi: ipr: Fix missed EH wakeup
media: i2c/soc_camera: fix ov6650 sensor getting wrong clock
timers, sched_clock: Update timeout for clock wrap
sysrq: Reset the watchdog timers while displaying high-resolution timers
Input: qt1070 - add OF device ID table
sched: act_csum: don't mangle TCP and UDP GSO packets
PCI: hv: Properly handle PCI bus remove
PCI: hv: Lock PCI bus on device eject
ASoC: rcar: ssi: don't set SSICR.CKDV = 000 with SSIWSR.CONT
spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer
tcp: sysctl: Fix a race to avoid unexpected 0 window from space
dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped
usb: dwc3: make sure UX_EXIT_PX is cleared
ARM: dts: bcm2835: add index to the ethernet alias
perf annotate: Fix a bug following symbolic link of a build-id file
perf buildid: Do not assume that readlink() returns a null terminated string
i40e/i40evf: Fix use after free in Rx cleanup path
scsi: be2iscsi: Check tag in beiscsi_mccq_compl_wait
driver: (adm1275) set the m,b and R coefficients correctly for power
bonding: make speed, duplex setting consistent with link state
mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative()
ALSA: firewire-lib: add a quirk of packet without valid EOH in CIP format
ARM: dts: r8a7794: Add DU1 clock to device tree
ARM: dts: r8a7794: Correct clock of DU1
ARM: dts: silk: Correct clock of DU1
blk-throttle: make sure expire time isn't too big
regulator: core: Limit propagation of parent voltage count and list
perf trace: Handle unpaired raw_syscalls:sys_exit event
f2fs: relax node version check for victim data in gc
drm/ttm: never add BO that failed to validate to the LRU list
bonding: refine bond_fold_stats() wrap detection
PCI: Apply Cavium ACS quirk only to CN81xx/CN83xx/CN88xx devices
powerpc/mm/hugetlb: Filter out hugepage size not supported by page table layout
braille-console: Fix value returned by _braille_console_setup
drm/vmwgfx: Fixes to vmwgfx_fb
vxlan: vxlan dev should inherit lowerdev's gso_max_size
NFC: nfcmrvl: Include unaligned.h instead of access_ok.h
NFC: nfcmrvl: double free on error path
NFC: pn533: change order of free_irq and dev unregistration
ARM: dts: r7s72100: fix ethernet clock parent
ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks
ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks
ARM: dts: r8a7793: Correct parent of SSI[0-9] clocks
powerpc: Avoid taking a data miss on every userspace instruction miss
net: hns: Correct HNS RSS key set function
net/faraday: Add missing include of of.h
qed: Fix TM block ILT allocation
rtmutex: Fix PI chain order integrity
printk: Correctly handle preemption in console_unlock()
drm: rcar-du: Handle event when disabling CRTCs
ARM: dts: koelsch: Correct clock frequency of X2 DU clock input
reiserfs: Make cancel_old_flush() reliable
ASoC: rt5677: Add OF device ID table
IB/hfi1: Check for QSFP presence before attempting reads
ALSA: firewire-digi00x: add support for console models of Digi00x series
ALSA: firewire-digi00x: handle all MIDI messages on streaming packets
fm10k: correctly check if interface is removed
EDAC, altera: Fix peripheral warnings for Cyclone5
scsi: ses: don't get power status of SES device slot on probe
qed: Correct MSI-x for storage
apparmor: Make path_max parameter readonly
iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range
kvm/svm: Setup MCG_CAP on AMD properly
kvm: nVMX: Disallow userspace-injected exceptions in guest mode
video: ARM CLCD: fix dma allocation size
drm/radeon: Fail fb creation from imported dma-bufs.
drm/amdgpu: Fail fb creation from imported dma-bufs. (v2)
drm/rockchip: vop: Enable pm domain before vop_initial
i40e: only register client on iWarp-capable devices
coresight: Fixes coresight DT parse to get correct output port ID.
lkdtm: turn off kcov for lkdtm_rodata_do_nothing:
tty: amba-pl011: Fix spurious TX interrupts
serial: imx: setup DCEDTE early and ensure DCD and RI irqs to be off
MIPS: BPF: Quit clobbering callee saved registers in JIT code.
MIPS: BPF: Fix multiple problems in JIT skb access helpers.
MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification
MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters
v4l: vsp1: Prevent multiple streamon race commencing pipeline early
v4l: vsp1: Register pipe with output WPF
regulator: isl9305: fix array size
md/raid6: Fix anomily when recovering a single device in RAID6.
md.c:didn't unlock the mddev before return EINVAL in array_size_store
powerpc/nohash: Fix use of mmu_has_feature() in setup_initial_memory_limit()
usb: dwc2: Make sure we disconnect the gadget state
usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control()
perf evsel: Return exact sub event which failed with EPERM for wildcards
iwlwifi: mvm: fix RX SKB header size and align it properly
drivers/perf: arm_pmu: handle no platform_device
perf inject: Copy events when reordering events in pipe mode
net: fec: add phy-reset-gpios PROBE_DEFER check
perf session: Don't rely on evlist in pipe mode
vfio/powerpc/spapr_tce: Enforce IOMMU type compatibility check
vfio/spapr_tce: Check kzalloc() return when preregistering memory
scsi: sg: check for valid direction before starting the request
scsi: sg: close race condition in sg_remove_sfp_usercontext()
ALSA: hda: Add Geminilake id to SKL_PLUS
kprobes/x86: Fix kprobe-booster not to boost far call instructions
kprobes/x86: Set kprobes pages read-only
pwm: tegra: Increase precision in PWM rate calculation
clk: qcom: msm8996: Fix the vfe1 powerdomain name
Bluetooth: Avoid bt_accept_unlink() double unlinking
Bluetooth: 6lowpan: fix delay work init in add_peer_chan()
mac80211_hwsim: use per-interface power level
ath10k: fix compile time sanity check for CE4 buffer size
wil6210: fix protection against connections during reset
wil6210: fix memory access violation in wil_memcpy_from/toio_32
perf stat: Fix bug in handling events in error state
mwifiex: Fix invalid port issue
drm/edid: set ELD connector type in drm_edid_to_eld()
video/hdmi: Allow "empty" HDMI infoframes
HID: elo: clear BTN_LEFT mapping
iwlwifi: mvm: rs: don't override the rate history in the search cycle
clk: meson: gxbb: fix wrong clock for SARADC/SANA
ARM: dts: exynos: Correct Trats2 panel reset line
sched: Stop switched_to_rt() from sending IPIs to offline CPUs
sched: Stop resched_cpu() from sending IPIs to offline CPUs
test_firmware: fix setting old custom fw path back on exit
net: ieee802154: adf7242: Fix bug if defined DEBUG
net: xfrm: allow clearing socket xfrm policies.
mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]()
net: thunderx: Set max queue count taking XDP_TX into account
ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin
ARM: dts: omap3-n900: Fix the audio CODEC's reset pin
mtd: nand: ifc: update bufnum mask for ver >= 2.0.0
userns: Don't fail follow_automount based on s_user_ns
leds: pm8058: Silence pointer to integer size warning
power: supply: ab8500_charger: Fix an error handling path
power: supply: ab8500_charger: Bail out in case of error in 'ab8500_charger_init_hw_registers()'
ath10k: update tdls teardown state to target
scsi: ses: don't ask for diagnostic pages repeatedly during probe
pwm: stmpe: Fix wrong register offset for hwpwm=2 case
clk: qcom: msm8916: fix mnd_width for codec_digcodec
mwifiex: cfg80211: do not change virtual interface during scan processing
ath10k: fix invalid STS_CAP_OFFSET_MASK
tools/usbip: fixes build with musl libc toolchain
spi: sun6i: disable/unprepare clocks on remove
bnxt_en: Don't print "Link speed -1 no longer supported" messages.
scsi: core: scsi_get_device_flags_keyed(): Always return device flags
scsi: devinfo: apply to HP XP the same flags as Hitachi VSP
scsi: dh: add new rdac devices
media: vsp1: Prevent suspending and resuming DRM pipelines
media: cpia2: Fix a couple off by one bugs
veth: set peer GSO values
drm/amdkfd: Fix memory leaks in kfd topology
powerpc/modules: Don't try to restore r2 after a sibling call
agp/intel: Flush all chipset writes after updating the GGTT
mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED
mac80211: remove BUG() when interface type is invalid
ASoC: nuc900: Fix a loop timeout test
ipvlan: add L2 check for packets arriving via virtual devices
rcutorture/configinit: Fix build directory error message
locking/locktorture: Fix num reader/writer corner cases
ima: relax requiring a file signature for new files with zero length
net: hns: Some checkpatch.pl script & warning fixes
x86/boot/32: Fix UP boot on Quark and possibly other platforms
x86/cpufeatures: Add Intel PCONFIG cpufeature
selftests/x86/entry_from_vm86: Exit with 1 if we fail
selftests/x86: Add tests for User-Mode Instruction Prevention
selftests/x86: Add tests for the STR and SLDT instructions
selftests/x86/entry_from_vm86: Add test cases for POPF
x86/vm86/32: Fix POPF emulation
x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32-bit kernels
x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist
x86/mm: Fix vmalloc_fault to use pXd_large
parisc: Handle case where flush_cache_range is called with no context
ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
ALSA: hda - Revert power_save option default value
ALSA: seq: Fix possible UAF in snd_seq_check_queue()
ALSA: seq: Clear client entry before deleting else at closing
drm/amdgpu: fix prime teardown order
drm/amdgpu/dce: Don't turn off DP sink when disconnected
fs: Teach path_connected to handle nfs filesystems with multiple roots.
lock_parent() needs to recheck if dentry got __dentry_kill'ed under it
fs/aio: Add explicit RCU grace period when freeing kioctx
fs/aio: Use RCU accessors for kioctx_table->table[]
irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis
scsi: sg: fix SG_DXFER_FROM_DEV transfers
scsi: sg: fix static checker warning in sg_is_valid_dxfer
scsi: sg: only check for dxfer_len greater than 256M
btrfs: alloc_chunk: fix DUP stripe size handling
btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device
scsi: qla2xxx: Fix extraneous ref on sp's after adapter break
USB: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe()
usb: dwc3: Fix GDBGFIFOSPACE_TYPE values
usb: gadget: bdc: 64-bit pointer capability check
Linux 4.9.89
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 068a496c4525c638ffab56449d905b88ef97fe32 ]
Change order of free_irq and dev unregistration.
It fixes situation when device already unregistered and
an interrupt happens and nobody can handle it.
Signed-off-by: Andrey Rusalin <arusalin@dev.rtsoft.ru>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit ca42fb9e52d155547e6cf18cf26bce3e1a6af4ea ]
The nci_spi_send() function calls kfree_skb(skb) on both error and
success so this extra kfree_skb() is a double free.
Fixes: caf6e49bf6 ("NFC: nfcmrvl: add spi driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit d916d923724d59cde99ee588f15eec59dd863bbd ]
Including linux/unaligned/access_ok.h causes the allmodconfig build on
ia64 (and maybe others) to fail with the following warnings:
include/linux/unaligned/access_ok.h:7:19: error: redefinition of 'get_unaligned_le16'
include/linux/unaligned/access_ok.h:12:19: error: redefinition of 'get_unaligned_le32'
include/linux/unaligned/access_ok.h:17:19: error: redefinition of 'get_unaligned_le64'
include/linux/unaligned/access_ok.h:22:19: error: redefinition of 'get_unaligned_be16'
include/linux/unaligned/access_ok.h:27:19: error: redefinition of 'get_unaligned_be32'
include/linux/unaligned/access_ok.h:32:19: error: redefinition of 'get_unaligned_be64'
include/linux/unaligned/access_ok.h:37:20: error: redefinition of 'put_unaligned_le16'
include/linux/unaligned/access_ok.h:42:20: error: redefinition of 'put_unaligned_le32'
include/linux/unaligned/access_ok.h:42:20: error: redefinition of 'put_unaligned_le64'
include/linux/unaligned/access_ok.h:42:20: error: redefinition of 'put_unaligned_be16'
include/linux/unaligned/access_ok.h:42:20: error: redefinition of 'put_unaligned_be32'
include/linux/unaligned/access_ok.h:42:20: error: redefinition of 'put_unaligned_be64'
Fix these by including asm/unaligned.h instead and leave it up to the
architecture to decide how to implement unaligned accesses.
Fixes: 3194c68701 ("NFC: nfcmrvl: add firmware download support")
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Link: https://lkml.org/lkml/2016/10/22/247
Cc: Vincent Cuissard <cuissard@marvell.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Overflow on memcpy is possible in kernel driver for st21nfca's
NFC HCI layer when handling connectivity events if aid_len or
params_len are bigger than the buffer size.
Memory leak is possible when parameter tag is invalid.
Bug: 62679581
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Possible buffer overflow when reading next_read_size bytes into
tmp buffer after next_read_size was extracted from a previous packet.
Bug: 62678828
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Out of bounds kernel accesses in st21nfca's NFC HCI layer
might happen when handling ATR_REQ events if user-specified
atr_req->length is bigger than the buffer size. In
that case memcpy() inside st21nfca_tm_send_atr_res() will
read extra bytes resulting in OOB read from the kernel heap.
Bug: 62679012
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
commit b6355fb3f5f40bbce165847d277e64896cab8f95 upstream.
We are checking phy after dereferencing it. We can print the debug
information after checking it. If phy is NULL then we will get a good
stack trace to tell us that we are in this irq handler.
Signed-off-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 2497128133f8169b24b928852ba6eae34fc495e5 upstream.
If port100_send_ack() was called twice or more, it has race to hangup.
port100_send_ack() port100_send_ack()
init_completion()
[...]
dev->cmd_cancel = true
/* this removes previous from completion */
init_completion()
[...]
dev->cmd_cancel = true
wait_for_completion()
/* never be waked up */
wait_for_completion()
Like above race, this code is not assuming port100_send_ack() is
called twice or more.
To fix, this checks dev->cmd_cancel to know if prior cancel is
in-flight or not. And never be remove prior task from completion by
using reinit_completion(), so this guarantees to be waked up properly
soon or later.
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 45dd39b974f6632222dd5cdcbea7358a077ab0b0 upstream.
The nci-device was never deregistered in the event that
fw-initialisation failed.
Fix this by moving the firmware initialisation before device
registration since the firmware work queue should be available before
registering.
Note that this depends on a recent fix that moved device-name
initialisation back to to nci_allocate_device() as the
firmware-workqueue name is now derived from the nfc-device name.
Fixes: 3194c68701 ("NFC: nfcmrvl: add firmware download support")
Cc: Vincent Cuissard <cuissard@marvell.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e5834ac22948169bbd7c45996d8d4905edd20f5e upstream.
Use the nfc- rather than phy-device in firmware-management code that
needs a valid struct device.
This specifically fixes a NULL-pointer dereference in
nfcmrvl_fw_dnld_init() during registration when the underlying tty is
one end of a Unix98 pty.
Note that the driver still uses the phy device for any debugging, which
is fine for now.
Fixes: 3194c68701 ("NFC: nfcmrvl: add firmware download support")
Cc: Vincent Cuissard <cuissard@marvell.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0cbe40112f42cf5e008f9127f6cd5952ba3946c7 upstream.
This specifically fixes resource leaks in the registration error paths.
Device-managed resources is a bad fit for this driver as devices can be
registered from the n_nci line discipline. Firstly, a tty may not even
have a corresponding device (should it be part of a Unix98 pty)
something which would lead to a NULL-pointer dereference when
registering resources.
Secondly, if the tty has a class device, its lifetime exceeds that of
the line discipline, which means that resources would leak every time
the line discipline is closed (or if registration fails).
Currently, the devres interface was only being used to request a reset
gpio despite the fact that it was already explicitly freed in
nfcmrvl_nci_unregister_dev() (along with the private data), something
which also prevented the resource leak at close.
Note that the driver treats gpio number 0 as invalid despite it being
perfectly valid. This will be addressed in a follow-up patch.
Fixes: b2fe288eac ("NFC: nfcmrvl: free reset gpio")
Fixes: 4a2b947f56 ("NFC: nfcmrvl: add chip reset management")
Cc: Vincent Cuissard <cuissard@marvell.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 15e0c59f1535926a939d1df66d6edcf997d7c1b9 upstream.
Make sure to check the tty-device pointer before trying to access the
parent device to avoid dereferencing a NULL-pointer when the tty is one
end of a Unix98 pty.
Fixes: e097dc624f ("NFC: nfcmrvl: add UART driver")
Cc: Vincent Cuissard <cuissard@marvell.com>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
NFC version reply size checked against only header size, not against
full message size. That may lead potentially to uninitialized memory access
in version data.
That leads to warnings when version data is accessed:
drivers/misc/mei/bus-fixup.c: warning: '*((void *)&ver+11)' may be used uninitialized in this function [-Wuninitialized]: => 212:2
Reported in
Build regressions/improvements in v4.9-rc3
https://lkml.org/lkml/2016/10/30/57
Fixes: 59fcd7c63a (mei: nfc: Initial nfc implementation)
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This is the first NFC pull request for 4.8. We have:
- A fairly large NFC digital stack patchset:
* RTOX fixes.
* Proper DEP RWT support.
* ACK and NACK PDUs handling fixes, in both initiator
and target modes.
* A few memory leak fixes.
- A conversion of the nfcsim driver to use the digital stack.
The driver supports the DEP protocol in both NFC-A and NFC-F.
- Error injection through debugfs for the nfcsim driver.
- Improvements to the port100 driver for the Sony USB chipset, in
particular to the command abort and cancellation code paths.
- A few minor fixes for the pn533, trf7970a and fdp drivers.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXjp/3AAoJEIqAPN1PVmxKjpEP/2bgptSwf2cCql+Jv+YaLLny
PjKr+qBXxqvogclucaGg5iIFnVjJ/pHd+csCeqHWpT1jAK7DtK1IJZjg6K9nD7vO
OQQ49+oxcFLTTy00rbfCFzxRaDDnkhD/qafXkTomEMiH7QVK0qssaxm2FVFVEblW
1NTmcsEUnbDbccQhXnxh+N7Xt2CAgsMIbbyHM+4yQuqGtSYjFd164c3jTL13W4a5
SQEJZkCtI7DIdFd6SiXkTGNjlN/fqXuUqXsf2EHxdFb7EE0c067uHpudp2hFdAem
WmAYjjmIuTRFwRFKPJMLUakSen3XbBKVUbtDnIMYykNWYnC4CmedrCrX3YRw4GQt
hZgkj6o5IweSSf6foIgihurE6m5jqd2mAcauwYC/K9wW5nHLaKg8fd9gAngoWY7P
MKBOCyjqIPWkNDC5tne6qftpsDhCrBcdrAtbkorx0lHF20OFto7Gjzxx1Ca+fnJg
N9/fMulQJu8rz3FYpvfvogQMJjkjeFUfyZDa3/ft/ySU6qohxDwXOFaZ82lieTAo
PztTq8tY7GDrdJdyvvHx78RpRVCJT8qHzBRIiiZRpt9MM/aPSepLcozwM97WrJDa
sPvz0jol4d12VIy02j2ArPjMon1MrQePed+Y1y2OtBt8rGiSUxC94t5LE3aMqPs/
a9tNLZYL/nixpLeXbeWa
=yrVP
-----END PGP SIGNATURE-----
Merge tag 'nfc-next-4.8-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/nfc-next
Samuel Ortiz says:
====================
NFC 4.8 pull request
This is the first NFC pull request for 4.8. We have:
- A fairly large NFC digital stack patchset:
* RTOX fixes.
* Proper DEP RWT support.
* ACK and NACK PDUs handling fixes, in both initiator
and target modes.
* A few memory leak fixes.
- A conversion of the nfcsim driver to use the digital stack.
The driver supports the DEP protocol in both NFC-A and NFC-F.
- Error injection through debugfs for the nfcsim driver.
- Improvements to the port100 driver for the Sony USB chipset, in
particular to the command abort and cancellation code paths.
- A few minor fixes for the pn533, trf7970a and fdp drivers.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch allows to simulate the lost of frames exchanged between the 2
nfcsim devices through a control entry in the debugfs and is used as
follow:
echo n > /sys/kernel/debug/nfcsim/nfcX/dropframe
Where n specifies the number of frames to be dropped between 0 and 255
and nfcX is either nfc0 or nfc1, one of the two nfcsim devices.
In the following example, the next frame that should be sent by the nfc0
device will be dropped and thus not received by the nfc1 device:
echo 1 > /sys/kernel/debug/nfcsim/nfc0/dropframe
The value of 0 can be used to reset the dropframe counter.
Signed-off-by: Thierry Escande <thierry.escande@collabora.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
The idea is to have a way to control and/or modify the behavior of the
nfcsim virtual devices.
This patch creates a folder tree in the debug filesystem. The debugfs is
usually mounted into /sys/kernel/debug and the nfcsim entries are
located in DEBUGFS/nfcsim/nfcX/ where X is either 0 or 1 depending on
the device you want to address.
These folders are empty for now and control entries will be added by
upcoming commits.
Signed-off-by: Thierry Escande <thierry.escande@collabora.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
On mips and parisc:
drivers/bluetooth/btwilink.c: In function 'ti_st_open':
drivers/bluetooth/btwilink.c:174:21: warning: overflow in implicit constant conversion [-Woverflow]
hst->reg_status = -EINPROGRESS;
drivers/nfc/nfcwilink.c: In function 'nfcwilink_open':
drivers/nfc/nfcwilink.c:396:31: warning: overflow in implicit constant conversion [-Woverflow]
drv->st_register_cb_status = -EINPROGRESS;
There are actually two issues:
1. Whether "char" is signed or unsigned depends on the architecture.
As the completion callback data is used to pass a (negative) error
code, it should always be signed.
2. EINPROGRESS is 150 on mips, 245 on parisc.
Hence -EINPROGRESS doesn't fit in a signed 8-bit number.
Change the callback status from "char" to "int" to fix these.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Acked-by: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
The nfcsim driver now depends on the Digital layer. This patch adds the
missing dependency on NFC_DIGITAL for NFC_SIM config.
Signed-off-by: Thierry Escande <thierry.escande@collabora.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
If a command is still being processed by the device, the switch RF off
command will be rejected. With this patch, the port100 driver calls
port100_abort_cmd() before sending the switch RF off command.
Signed-off-by: Thierry Escande <thierry.escande@collabora.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
FAROVITUS
Greg Kroah-Hartman
Dan Carpenter
Dmitry Osipenko
Mao Wenan
Nathan Chancellor
Stephan Gerhold
Oliver Neukum
Pan Bian
Navid Emamdoost
Daniel Gomez
Guenter Roeck
Johan Hovold
Hans de Goede
Andrey Rusalin
Tobias Klauser
Suren Baghdasaryan
Sudip Mukherjee
OGAWA Hirofumi
Alexander Usyskin
David S. Miller
Thierry Escande
Geert Uytterhoeven