Merge 4.4.244 into android-4.4-p

Changes in 4.4.244 ring-buffer: Fix recursion protection transitions between interrupt context gfs2: Wake up when sd_glock_disposal becomes zero mm: mempolicy: fix potential pte_unmap_unlock pte error time: Prevent undefined behaviour in timespec64_to_ns() btrfs: reschedule when cloning lots of extents net: xfrm: fix a race condition during allocing spi perf tools: Add missing swap for ino_generation ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() can: peak_usb: add range checking in decode operations can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping Btrfs: fix missing error return if writeback for extent buffer never started pinctrl: devicetree: Avoid taking direct reference to device name string i40e: Wrong truncation from u16 to u8 i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c geneve: add transport ports in route lookup for geneve ath9k_htc: Use appropriate rs_datalen type usb: gadget: goku_udc: fix potential crashes in probe gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free gfs2: check for live vs. read-only file system in gfs2_fitrim drm/amdgpu: perform srbm soft reset always on SDMA resume mac80211: fix use of skb payload instead of header cfg80211: regulatory: Fix inconsistent format argument iommu/amd: Increase interrupt remapping table limit to 512 entries xfs: fix a missing unlock on error in xfs_fs_map_blocks of/address: Fix of_node memory leak in of_dma_is_coherent cosa: Add missing kfree in error path of cosa_write perf: Fix get_recursion_context() ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA ext4: unlock xattr_sem properly in ext4_inline_data_truncate() usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode mei: protect mei_cl_mtu from null dereference ocfs2: initialize ip_next_orphan don't dump the threads that had been already exiting when zapped. drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] pinctrl: amd: use higher precision for 512 RtcClk pinctrl: amd: fix incorrect way to disable debounce filter swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb" IPv6: Set SIT tunnel hard_header_len to zero net/af_iucv: fix null pointer dereference on shutdown net/x25: Fix null-ptr-deref in x25_connect net: Update window_clamp if SOCK_RCVBUF is set random32: make prandom_u32() output unpredictable x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP xen/events: avoid removing an event channel while handling it xen/events: add a proper barrier to 2-level uevent unmasking xen/events: fix race in evtchn_fifo_unmask() xen/events: add a new "late EOI" evtchn framework xen/blkback: use lateeoi irq binding xen/netback: use lateeoi irq binding xen/scsiback: use lateeoi irq binding xen/pciback: use lateeoi irq binding xen/events: switch user event channels to lateeoi model xen/events: use a common cpu hotplug hook for event channels xen/events: defer eoi in case of excessive number of events xen/events: block rogue events for some time perf/core: Fix race in the perf_mmap_close() function Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint" reboot: fix overflow parsing reboot cpu number ext4: fix leaking sysfs kobject after failed mount Convert trailing spaces and periods in path components Linux 4.4.244 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I70bf4c5ac9248a8ca3383b9b0c4871729606e75e
author: Greg Kroah-Hartman <gregkh@google.com> 2020-11-18 19:35:00 +0100
committer: Greg Kroah-Hartman <gregkh@google.com> 2020-11-18 19:35:00 +0100
commit: 4e6c6e008513d98396bf9f92bf38b83b6980fa54 (patch)
tree: cf5334d164312580a0b114540be244965076ecc0 /include/linux
parent: 34b1d1174c2c7054c01cfa39d274421d80649386 (diff)
parent: b71e57af961fc0cc69998a13dea631ba2229333e (diff)
3 files changed, 46 insertions, 14 deletions
diff --git a/include/linux/can/skb.h b/include/linux/can/skb.h
index 51bb6532785c..1a2111c775ae 100644
--- a/include/linux/can/skb.h
+++ b/include/linux/can/skb.h
@@ -60,21 +60,17 @@ static inline void can_skb_set_owner(struct sk_buff *skb, struct sock *sk)
  */
 static inline struct sk_buff *can_create_echo_skb(struct sk_buff *skb)
 {
-	if (skb_shared(skb)) {
-		struct sk_buff *nskb = skb_clone(skb, GFP_ATOMIC);
+	struct sk_buff *nskb;
 
-		if (likely(nskb)) {
-			can_skb_set_owner(nskb, skb->sk);
-			consume_skb(skb);
-			return nskb;
-		} else {
-			kfree_skb(skb);
-			return NULL;
-		}
+	nskb = skb_clone(skb, GFP_ATOMIC);
+	if (unlikely(!nskb)) {
+		kfree_skb(skb);
+		return NULL;
 	}
 
-	/* we can assume to have an unshared skb with proper owner */
-	return skb;
+	can_skb_set_owner(nskb, skb->sk);
+	consume_skb(skb);
+	return nskb;
 }
 
 #endif /* !_CAN_SKB_H */
diff --git a/include/linux/prandom.h b/include/linux/prandom.h
index aa16e6468f91..cc1e71334e53 100644
--- a/include/linux/prandom.h
+++ b/include/linux/prandom.h
@@ -16,12 +16,44 @@ void prandom_bytes(void *buf, size_t nbytes);
 void prandom_seed(u32 seed);
 void prandom_reseed_late(void);
 
+#if BITS_PER_LONG == 64
+/*
+ * The core SipHash round function.  Each line can be executed in
+ * parallel given enough CPU resources.
+ */
+#define PRND_SIPROUND(v0, v1, v2, v3) ( \
+	v0 += v1, v1 = rol64(v1, 13),  v2 += v3, v3 = rol64(v3, 16), \
+	v1 ^= v0, v0 = rol64(v0, 32),  v3 ^= v2,                     \
+	v0 += v3, v3 = rol64(v3, 21),  v2 += v1, v1 = rol64(v1, 17), \
+	v3 ^= v0,                      v1 ^= v2, v2 = rol64(v2, 32)  \
+)
+
+#define PRND_K0 (0x736f6d6570736575 ^ 0x6c7967656e657261)
+#define PRND_K1 (0x646f72616e646f6d ^ 0x7465646279746573)
+
+#elif BITS_PER_LONG == 32
+/*
+ * On 32-bit machines, we use HSipHash, a reduced-width version of SipHash.
+ * This is weaker, but 32-bit machines are not used for high-traffic
+ * applications, so there is less output for an attacker to analyze.
+ */
+#define PRND_SIPROUND(v0, v1, v2, v3) ( \
+	v0 += v1, v1 = rol32(v1,  5),  v2 += v3, v3 = rol32(v3,  8), \
+	v1 ^= v0, v0 = rol32(v0, 16),  v3 ^= v2,                     \
+	v0 += v3, v3 = rol32(v3,  7),  v2 += v1, v1 = rol32(v1, 13), \
+	v3 ^= v0,                      v1 ^= v2, v2 = rol32(v2, 16)  \
+)
+#define PRND_K0 0x6c796765
+#define PRND_K1 0x74656462
+
+#else
+#error Unsupported BITS_PER_LONG
+#endif
+
 struct rnd_state {
 	__u32 s1, s2, s3, s4;
 };
 
-DECLARE_PER_CPU(struct rnd_state, net_rand_state);
-
 u32 prandom_u32_state(struct rnd_state *state);
 void prandom_bytes_state(struct rnd_state *state, void *buf, size_t nbytes);
 void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state);
diff --git a/include/linux/time64.h b/include/linux/time64.h
index 367d5af899e8..10239cffd70f 100644
--- a/include/linux/time64.h
+++ b/include/linux/time64.h
@@ -197,6 +197,10 @@ static inline bool timespec64_valid_strict(const struct timespec64 *ts)
  */
 static inline s64 timespec64_to_ns(const struct timespec64 *ts)
 {
+	/* Prevent multiplication overflow */
+	if ((unsigned long long)ts->tv_sec >= KTIME_SEC_MAX)
+		return KTIME_MAX;
+
 	return ((s64) ts->tv_sec * NSEC_PER_SEC) + ts->tv_nsec;
 }
author	Greg Kroah-Hartman <gregkh@google.com>	2020-11-18 19:35:00 +0100
committer	Greg Kroah-Hartman <gregkh@google.com>	2020-11-18 19:35:00 +0100
commit	4e6c6e008513d98396bf9f92bf38b83b6980fa54 (patch)
tree	cf5334d164312580a0b114540be244965076ecc0 /include/linux
parent	34b1d1174c2c7054c01cfa39d274421d80649386 (diff)
parent	b71e57af961fc0cc69998a13dea631ba2229333e (diff)