| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://android.googlesource.com/kernel/common into lineage-18.1-caf-msm8998
This brings LA.UM.9.2.r1-03300-SDMxx0.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
3628cdd31199d Merge 4.4.270 into android-4.4-p
Conflicts:
drivers/mmc/core/core.c
drivers/usb/core/hub.c
kernel/trace/trace.c
Change-Id: I6b81471122341f9769ce9c65cbd0fedd5e908b38
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 6d19628f539fccf899298ff02ee4c73e4bf6df3f upstream.
This fails the pairing procedure when both remote and local non-debug
public keys are identical.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refs/heads/tmp-8eb3d65
Linux 4.4.187
ceph: hold i_ceph_lock when removing caps for freeing inode
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
sched/fair: Don't free p->numa_faults with concurrent readers
Bluetooth: hci_uart: check for missing tty operations
media: radio-raremono: change devm_k*alloc to k*alloc
media: cpia2_usb: first wake up, then free in disconnect
ISDN: hfcsusb: checking idx of ep configuration
tcp: reset sk_send_head in tcp_write_queue_purge
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
mm, vmstat: make quiet_vmstat lighter
vmstat: Remove BUG_ON from vmstat_update
access: avoid the RCU grace period for the temporary subjective credentials
powerpc/tm: Fix oops on sigreturn on systems without TM
ALSA: hda - Add a conexant codec entry to let mute led work
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
hpet: Fix division by zero in hpet_time_div()
x86/speculation/mds: Apply more accurate check on hypervisor platform
x86/sysfb_efi: Add quirks for some devices with swapped width and height
usb: pci-quirks: Correct AMD PLL quirk detection
usb: wusbcore: fix unbalanced get/put cluster_id
locking/lockdep: Hide unused 'class' variable
locking/lockdep: Fix lock used or unused stats error
mm/mmu_notifier: use hlist_add_head_rcu()
9p: pass the correct prototype to read_cache_page
mm/kmemleak.c: fix check for softirq context
sh: prevent warnings when using iounmap
powerpc/eeh: Handle hugepages in ioremap space
mailbox: handle failed named mailbox channel request
f2fs: avoid out-of-range memory access
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
kallsyms: exclude kasan local symbols on s390
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
um: Silence lockdep complaint about mmap_sem
mfd: arizona: Fix undefined behavior
mfd: core: Set fwnode for created devices
recordmcount: Fix spurious mcount entries on powerpc
iio: iio-utils: Fix possible incorrect mask calculation
PCI: sysfs: Ignore lockdep for remove attribute
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
usb: gadget: Zero ffs_io_data
phy: renesas: rcar-gen2: Fix memory leak at error paths
drm/virtio: Add memory barriers for capset cache.
tty: serial: msm_serial: avoid system lockup condition
tty/serial: digicolor: Fix digicolor-usart already registered warning
memstick: Fix error cleanup path of memstick_init
tty: serial: cpm_uart - fix init when SMC is relocated
pinctrl: rockchip: fix leaked of_node references
tty: max310x: Fix invalid baudrate divisors calculator
usb: core: hub: Disable hub-initiated U1/U2
drm/panel: simple: Fix panel_simple_dsi_probe
nfsd: Fix overflow causing non-working mounts on 1 TB machines
nfsd: fix performance-limiting session calculation
nfsd: give out fewer session slots as limit approaches
nfsd: increase DRC cache limit
NFSv4: Fix open create exclusive when the server reboots
elevator: fix truncation of icq_cache_name
net: bridge: stp: don't cache eth dest pointer before skb pull
net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
bonding: validate ip header before check IPPROTO_IGMP
tcp: Reset bytes_acked and bytes_received when disconnecting
netrom: hold sock when setting skb->destructor
netrom: fix a memory leak in nr_rx_frame()
sky2: Disable MSI on ASUS P6T
nfc: fix potential illegal memory access
net: neigh: fix multiple neigh timer scheduling
net: bcmgenet: use promisc for unsupported filters
ipv4: don't set IPv6 only flags to IPv4 addresses
caif-hsi: fix possible deadlock in cfhsi_exit_module()
bnx2x: Prevent load reordering in tx completion processing
dm bufio: fix deadlock with loop device
usb: Handle USB3 remote wakeup for LPM enabled devices correctly
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
intel_th: msu: Fix single mode with disabled IOMMU
eCryptfs: fix a couple type promotion bugs
powerpc/watchpoint: Restore NV GPRs while returning from exception
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
coda: pass the host file in vma->vm_file on mmap
floppy: fix out-of-bounds read in copy_buffer
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in next_valid_format
floppy: fix div-by-zero in setup_format_params
take floppy compat ioctls to sodding floppy.c
PCI: Do not poll for PME if the device is in D3cold
9p/virtio: Add cleanup path in p9_virtio_init
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
drm/nouveau/i2c: Enable i2c pads & busses during preinit
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
media: coda: Remove unbalanced and unneeded mutex unlock
media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
ALSA: seq: Break too long mutex context in the write loop
lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
NFSv4: Handle the special Linux file open access mode
tracing/snapshot: Resize spare buffer if size changed
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
Input: gtco - bounds check collection indent level
crypto: arm64/sha2-ce - correct digest for empty data in finup
crypto: arm64/sha1-ce - correct digest for empty data in finup
crypto: ghash - fix unaligned memory access in ghash_setkey()
Bluetooth: validate BLE connection interval updates
Bluetooth: Check state in l2cap_disconnect_rsp
Bluetooth: 6lowpan: search for destination address in all peers
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
ixgbe: Check DDM existence in transceiver before access
rslib: Fix handling of of caller provided syndrome
rslib: Fix decoding of shortened codes
ath10k: fix PCIE device wake up failed
mt7601u: fix possible memory leak when the device is disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: do not schedule rx_tasklet when the device has been disconnected
media: coda: increment sequence offset for the last returned frame
media: coda: fix mpeg2 sequence number handling
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
timer_list: Guard procfs specific code
ntp: Limit TAI-UTC offset
media: i2c: fix warning same module names
EDAC/sysfs: Fix memory leak when creating a csrow object
vhost_net: disable zerocopy by default
perf evsel: Make perf_evsel__name() accept a NULL argument
xfrm: fix sa selector validation
rcu: Force inlining of rcu_read_lock()
bpf: silence warning messages in core
regmap: fix bulk writes on paged registers
gpio: omap: ensure irq is enabled before wakeup
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
perf test 6: Fix missing kvm module load for s390
s390/qdio: handle PENDING state for QEBSM devices
net: axienet: Fix race condition causing TX hang
net: fec: Do not use netdev messages too early
cpupower : frequency-set -r option misses the last cpu in related cpu list
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
locking/lockdep: Fix merging of hlocks with non-zero references
tua6100: Avoid build warnings.
net: phy: Check against net_device being NULL
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
xfrm: Fix xfrm sel prefix length validation
af_key: fix leaks in key_pol_get_resp and dump_sp.
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
net: stmmac: dwmac1000: Clear unused address entries
media: vpss: fix a potential NULL pointer dereference
media: marvell-ccic: fix DMA s/g desc number calculation
crypto: talitos - fix skcipher failure due to wrong output IV
media: dvb: usb: fix use after free in dvb_usb_device_exit
batman-adv: fix for leaked TVLV handler.
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
ath6kl: add some bounds checking
ath9k: Check for errors when reading SREV register
ath10k: Do not send probe response template for mesh
dmaengine: imx-sdma: fix use-after-free on probe error path
MIPS: fix build on non-linux hosts
MIPS: ath79: fix ar933x uart parity mode
f2fs: use EINVAL for superblock with invalid magic
f2fs: fix to read source block before invalidating it
f2fs: remove redundant check from f2fs_setflags_common()
f2fs: use generic checking and prep function for FS_IOC_SETFLAGS
ANDROID: overlayfs: Fix a regression in commit b24be4acd
ANDROID: xfrm: remove in_compat_syscall() checks
ANDROID: enable CONFIG_RTC_DRV_TEST on cuttlefish
BACKPORT: binder: Set end of SG buffer area properly.
f2fs: improve print log in f2fs_sanity_check_ckpt()
f2fs: avoid out-of-range memory access
f2fs: fix to avoid long latency during umount
f2fs: allow all the users to pin a file
f2fs: support swap file w/ DIO
f2fs: allocate blocks for pinned file
f2fs: fix is_idle() check for discard type
f2fs: add a rw_sem to cover quota flag changes
f2fs: set SBI_NEED_FSCK for xattr corruption case
f2fs: use generic EFSBADCRC/EFSCORRUPTED
f2fs: Use DIV_ROUND_UP() instead of open-coding
f2fs: print kernel message if filesystem is inconsistent
f2fs: introduce f2fs_<level> macros to wrap f2fs_printk()
f2fs: avoid get_valid_blocks() for cleanup
f2fs: ioctl for removing a range from F2FS
f2fs: only set project inherit bit for directory
f2fs: separate f2fs i_flags from fs_flags and ext4 i_flags
f2fs: Add option to limit required GC for checkpoint=disable
f2fs: Fix accounting for unusable blocks
f2fs: Fix root reserved on remount
f2fs: Lower threshold for disable_cp_again
f2fs: fix sparse warning
f2fs: fix f2fs_show_options to show nodiscard mount option
f2fs: add error prints for debugging mount failure
f2fs: fix to do sanity check on segment bitmap of LFS curseg
f2fs: add missing sysfs entries in documentation
f2fs: fix to avoid deadloop if data_flush is on
f2fs: always assume that the device is idle under gc_urgent
f2fs: add bio cache for IPU
f2fs: allow ssr block allocation during checkpoint=disable period
f2fs: fix to check layout on last valid checkpoint park
Conflicts:
drivers/net/wireless/ath/ath10k/hw.c
fs/ecryptfs/crypto.c
mm/vmstat.c
Change-Id: Ic268e845f4992a9dbdf5c985cfe9359a56a5c72e
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 1d87b88ba26eabd4745e158ecfd87c93a9b51dc2 upstream.
Microsoft Surface Precision Mouse provides bogus identity address when
pairing. It connects with Static Random address but provides Public
Address in SMP Identity Address Information PDU. Address has same
value but type is different. Workaround this by dropping IRK if ID
address discrepancy is detected.
> HCI Event: LE Meta Event (0x3e) plen 19
LE Connection Complete (0x01)
Status: Success (0x00)
Handle: 75
Role: Master (0x00)
Peer address type: Random (0x01)
Peer address: E0:52:33:93:3B:21 (Static)
Connection interval: 50.00 msec (0x0028)
Connection latency: 0 (0x0000)
Supervision timeout: 420 msec (0x002a)
Master clock accuracy: 0x00
....
> ACL Data RX: Handle 75 flags 0x02 dlen 12
SMP: Identity Address Information (0x09) len 7
Address type: Public (0x00)
Address: E0:52:33:93:3B:21
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Tested-by: Maarten Fonville <maarten.fonville@gmail.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199461
Cc: stable@vger.kernel.org
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refs/heads/tmp-0ca3fca
Linux 4.4.163
x86/time: Correct the attribute on jiffies' definition
l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6
cpuidle: Do not access cpuidle_devices when !CONFIG_CPU_IDLE
x86/percpu: Fix this_cpu_read()
sched/fair: Fix throttle_list starvation with low CFS quota
Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM
USB: fix the usbfs flag sanitization for control transfers
usb: gadget: storage: Fix Spectre v1 vulnerability
cdc-acm: correct counting of UART states in serial state notification
IB/ucm: Fix Spectre v1 vulnerability
RDMA/ucma: Fix Spectre v1 vulnerability
ptp: fix Spectre v1 vulnerability
cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)
ahci: don't ignore result code of ahci_reset_controller()
crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned
mremap: properly flush TLB before releasing the page
rtnetlink: Disallow FDB configuration for non-Ethernet device
vhost: Fix Spectre V1 vulnerability
net: drop skb on failure in ip_check_defrag()
sctp: fix race on sctp_id2asoc
r8169: fix NAPI handling under high load
net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
net: socket: fix a missing-check bug
net: sched: gred: pass the right attribute to gred_change_table_def()
net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called
ipv6: mcast: fix a use-after-free in inet6_mc_check
net: bridge: remove ipv6 zero address check in mcast queries
bridge: do not add port to router list when receives query with source 0.0.0.0
perf tools: Disable parallelism for 'make clean'
mtd: spi-nor: Add support for is25wp series chips
fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
ARM: dts: imx53-qsb: disable 1.2GHz OPP
MIPS: DEC: Fix an int-handler.S CPU_DADDI_WORKAROUNDS regression
igb: Remove superfluous reset to PHY and page 0 selection
MIPS: microMIPS: Fix decoding of swsp16 instruction
scsi: aacraid: Fix typo in blink status
bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal
PM / devfreq: tegra: fix error return code in tegra_devfreq_probe()
ASoC: spear: fix error return code in spdif_in_probe()
spi: xlp: fix error return code in xlp_spi_probe()
spi/bcm63xx: fix error return code in bcm63xx_spi_probe()
MIPS: Handle non word sized instructions when examining frame
spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe()
usb: dwc3: omap: fix error return code in dwc3_omap_probe()
usb: ehci-omap: fix error return code in ehci_hcd_omap_probe()
usb: imx21-hcd: fix error return code in imx21_probe()
gpio: msic: fix error return code in platform_msic_gpio_probe()
sparc64: Fix exception handling in UltraSPARC-III memcpy.
gpu: host1x: fix error return code in host1x_probe()
sparc64 mm: Fix more TSB sizing issues
video: fbdev: pxa3xx_gcu: fix error return code in pxa3xx_gcu_probe()
tty: serial: sprd: fix error return code in sprd_probe()
l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()
brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain
gro: Allow tunnel stacking in the case of FOU/GUE
vti6: flush x-netns xfrm cache when vti interface is removed
ALSA: timer: Fix zero-division by continue of uninitialized instance
ixgbe: Correct X550EM_x revision check
ixgbe: fix RSS limit for X550
net/mlx5e: Correctly handle RSS indirection table when changing number of channels
net/mlx5e: Fix LRO modify
ixgbevf: Fix handling of NAPI budget when multiple queues are enabled per vector
fuse: Dont call set_page_dirty_lock() for ITER_BVEC pages for async_dio
drm/nouveau/fbcon: fix oops without fbdev emulation
bpf: generally move prog destruction to RCU deferral
usb-storage: fix bogus hardware error messages for ATA pass-thru devices
sch_red: update backlog as well
sparc/pci: Refactor dev_archdata initialization into pci_init_dev_archdata
scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state
xfrm: Clear sk_dst_cache when applying per-socket policy.
arm64: Fix potential race with hardware DBM in ptep_set_access_flags()
CIFS: handle guest access errors to Windows shares
ASoC: wm8940: Enable cache usage to fix crashes on resume
ASoC: ak4613: Enable cache usage to fix crashes on resume
MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue
usbvision: revert commit 588afcc1
perf/core: Don't leak event in the syscall error path
aacraid: Start adapter after updating number of MSIX vectors
x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs
tpm: fix: return rc when devm_add_action() fails
thermal: allow u8500-thermal driver to be a module
thermal: allow spear-thermal driver to be a module
btrfs: don't create or leak aliased root while cleaning up orphans
sched/cgroup: Fix cgroup entity load tracking tear-down
um: Avoid longjmp/setjmp symbol clashes with libpthread.a
ipv6: orphan skbs in reassembly unit
net/mlx4_en: Resolve dividing by zero in 32-bit system
af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers
radix-tree: fix radix_tree_iter_retry() for tagged iterators.
x86/mm/pat: Prevent hang during boot when mapping pages
ARM: dts: apq8064: add ahci ports-implemented mask
tracing: Skip more functions when doing stack tracing of events
ser_gigaset: use container_of() instead of detour
net: drop write-only stack variable
ipv6: suppress sparse warnings in IP6_ECN_set_ce()
KEYS: put keyring if install_session_keyring_to_cred() fails
net: cxgb3_main: fix a missing-check bug
perf/ring_buffer: Prevent concurent ring buffer access
smsc95xx: Check for Wake-on-LAN modes
smsc75xx: Check for Wake-on-LAN modes
r8152: Check for supported Wake-on-LAN Modes
sr9800: Check for supported Wake-on-LAN modes
lan78xx: Check for supported Wake-on-LAN modes
ax88179_178a: Check for supported Wake-on-LAN modes
asix: Check for supported Wake-on-LAN modes
pxa168fb: prepare the clock
Bluetooth: SMP: fix crash in unpairing
mac80211_hwsim: do not omit multicast announce of first added radio
xfrm: validate template mode
ARM: 8799/1: mm: fix pci_ioremap_io() offset check
cfg80211: reg: Init wiphy_idx in regulatory_hint_core()
mac80211: Always report TX status
xfrm6: call kfree_skb when skb is toobig
xfrm: Validate address prefix lengths in the xfrm selector.
BACKPORT: xfrm: Allow Output Mark to be Updated Using UPDSA
ANDROID: sdcardfs: Add option to drop unused dentries
f2fs: guarantee journalled quota data by checkpoint
f2fs: cleanup dirty pages if recover failed
f2fs: fix data corruption issue with hardware encryption
f2fs: fix to recover inode->i_flags of inode block during POR
f2fs: spread f2fs_set_inode_flags()
f2fs: fix to spread clear_cold_data()
Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()"
f2fs: account read IOs and use IO counts for is_idle
f2fs: fix to account IO correctly for cgroup writeback
f2fs: fix to account IO correctly
f2fs: remove request_list check in is_idle()
f2fs: allow to mount, if quota is failed
f2fs: update REQ_TIME in f2fs_cross_rename()
f2fs: do not update REQ_TIME in case of error conditions
f2fs: remove unneeded disable_nat_bits()
f2fs: remove unused sbi->trigger_ssr_threshold
f2fs: shrink sbi->sb_lock coverage in set_file_temperature()
f2fs: fix to recover cold bit of inode block during POR
f2fs: submit cached bio to avoid endless PageWriteback
f2fs: checkpoint disabling
f2fs: clear PageError on the read path
f2fs: allow out-place-update for direct IO in LFS mode
f2fs: refactor ->page_mkwrite() flow
Revert: "f2fs: check last page index in cached bio to decide submission"
f2fs: support superblock checksum
f2fs: add to account skip count of background GC
f2fs: add to account meta IO
f2fs: keep lazytime on remount
f2fs: fix missing up_read
f2fs: return correct errno in f2fs_gc
f2fs: avoid f2fs_bug_on if f2fs_get_meta_page_nofail got EIO
f2fs: mark inode dirty explicitly in recover_inode()
f2fs: fix to recover inode's crtime during POR
f2fs: fix to recover inode's i_gc_failures during POR
f2fs: fix to recover inode's i_flags during POR
f2fs: fix to recover inode's project id during POR
f2fs: update i_size after DIO completion
f2fs: report ENOENT correctly in f2fs_rename
f2fs: fix remount problem of option io_bits
f2fs: fix to recover inode's uid/gid during POR
f2fs: avoid infinite loop in f2fs_alloc_nid
f2fs: add new idle interval timing for discard and gc paths
f2fs: split IO error injection according to RW
f2fs: add SPDX license identifiers
f2fs: surround fault_injection related option parsing using CONFIG_F2FS_FAULT_INJECTION
f2fs: avoid sleeping under spin_lock
f2fs: plug readahead IO in readdir()
f2fs: fix to do sanity check with current segment number
f2fs: fix memory leak of percpu counter in fill_super()
f2fs: fix memory leak of write_io in fill_super()
f2fs: cache NULL when both default_acl and acl are NULL
f2fs: fix to flush all dirty inodes recovered in readonly fs
f2fs: report error if quota off error during umount
f2fs: submit bio after shutdown
f2fs: avoid wrong decrypted data from disk
Revert "f2fs: use printk_ratelimited for f2fs_msg"
f2fs: fix unnecessary periodic wakeup of discard thread when dev is busy
f2fs: fix to avoid NULL pointer dereference on se->discard_map
f2fs: add additional sanity check in f2fs_acl_from_disk()
Revert "BACKPORT, FROMLIST: fscrypt: add Speck128/256 support"
Build fix for 076c36fce1ea0.
Revert "BACKPORT, FROMGIT: crypto: speck - add support for the Speck block cipher"
Revert "FROMGIT: crypto: speck - export common helpers"
Revert "BACKPORT, FROMGIT: crypto: arm/speck - add NEON-accelerated implementation of Speck-XTS"
Revert "BACKPORT, FROMGIT: crypto: speck - add test vectors for Speck128-XTS"
Revert "BACKPORT, FROMGIT: crypto: speck - add test vectors for Speck64-XTS"
Revert "BACKPORT, FROMLIST: crypto: arm64/speck - add NEON-accelerated implementation of Speck-XTS"
Revert "fscrypt: add Speck128/256 support"
UPSTREAM: loop: Add LOOP_SET_BLOCK_SIZE in compat ioctl
BACKPORT: block/loop: set hw_sectors
UPSTREAM: loop: add ioctl for changing logical block size
Conflicts:
fs/ext4/crypto.c
fs/ext4/ext4.h
Change-Id: I8cb2f70b27906879f8e8fdd90e67f438e39701b8
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit cb28c306b93b71f2741ce1a5a66289db26715f4d ]
In case unpair_device() was called through mgmt interface at the same time
when pairing was in progress, Bluetooth kernel module crash was seen.
[ 600.351225] general protection fault: 0000 [#1] SMP PTI
[ 600.351235] CPU: 1 PID: 11096 Comm: btmgmt Tainted: G OE 4.19.0-rc1+ #1
[ 600.351238] Hardware name: Dell Inc. Latitude E5440/08RCYC, BIOS A18 05/14/2017
[ 600.351272] RIP: 0010:smp_chan_destroy.isra.10+0xce/0x2c0 [bluetooth]
[ 600.351276] Code: c0 0f 84 b4 01 00 00 80 78 28 04 0f 84 53 01 00 00 4d 85 ed 0f 85 ab 00 00 00 48 8b 08 48 8b 50 08 be 10 00 00 00 48 89 51 08 <48> 89 0a 48 b9 00 02 00 00 00 00 ad de 48 89 48 08 48 8b 83 00 01
[ 600.351279] RSP: 0018:ffffa9be839b3b50 EFLAGS: 00010246
[ 600.351282] RAX: ffff9c999ac565a0 RBX: ffff9c9996e98c00 RCX: ffff9c999aa28b60
[ 600.351285] RDX: dead000000000200 RSI: 0000000000000010 RDI: ffff9c999e403500
[ 600.351287] RBP: ffffa9be839b3b70 R08: 0000000000000000 R09: ffffffff92a25c00
[ 600.351290] R10: ffffa9be839b3ae8 R11: 0000000000000001 R12: ffff9c995375b800
[ 600.351292] R13: 0000000000000000 R14: ffff9c99619a5000 R15: ffff9c9962a01c00
[ 600.351295] FS: 00007fb2be27c700(0000) GS:ffff9c999e880000(0000) knlGS:0000000000000000
[ 600.351298] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 600.351300] CR2: 00007fb2bdadbad0 CR3: 000000041c328001 CR4: 00000000001606e0
[ 600.351302] Call Trace:
[ 600.351325] smp_failure+0x4f/0x70 [bluetooth]
[ 600.351345] smp_cancel_pairing+0x74/0x80 [bluetooth]
[ 600.351370] unpair_device+0x1c1/0x330 [bluetooth]
[ 600.351399] hci_sock_sendmsg+0x960/0x9f0 [bluetooth]
[ 600.351409] ? apparmor_socket_sendmsg+0x1e/0x20
[ 600.351417] sock_sendmsg+0x3e/0x50
[ 600.351422] sock_write_iter+0x85/0xf0
[ 600.351429] do_iter_readv_writev+0x12b/0x1b0
[ 600.351434] do_iter_write+0x87/0x1a0
[ 600.351439] vfs_writev+0x98/0x110
[ 600.351443] ? ep_poll+0x16d/0x3d0
[ 600.351447] ? ep_modify+0x73/0x170
[ 600.351451] do_writev+0x61/0xf0
[ 600.351455] ? do_writev+0x61/0xf0
[ 600.351460] __x64_sys_writev+0x1c/0x20
[ 600.351465] do_syscall_64+0x5a/0x110
[ 600.351471] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 600.351474] RIP: 0033:0x7fb2bdb62fe0
[ 600.351477] Code: 73 01 c3 48 8b 0d b8 6e 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 69 c7 2c 00 00 75 10 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 de 80 01 00 48 89 04 24
[ 600.351479] RSP: 002b:00007ffe062cb8f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 600.351484] RAX: ffffffffffffffda RBX: 000000000255b3d0 RCX: 00007fb2bdb62fe0
[ 600.351487] RDX: 0000000000000001 RSI: 00007ffe062cb920 RDI: 0000000000000004
[ 600.351490] RBP: 00007ffe062cb920 R08: 000000000255bd80 R09: 0000000000000000
[ 600.351494] R10: 0000000000000353 R11: 0000000000000246 R12: 0000000000000001
[ 600.351497] R13: 00007ffe062cbbe0 R14: 0000000000000000 R15: 0000000000000000
[ 600.351501] Modules linked in: algif_hash algif_skcipher af_alg cmac ipt_MASQUERADE nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c br_netfilter bridge stp llc overlay arc4 nls_iso8859_1 dm_crypt intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp dell_laptop kvm_intel crct10dif_pclmul dell_smm_hwmon crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd cryptd glue_helper intel_cstate intel_rapl_perf uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev media hid_multitouch input_leds joydev serio_raw dell_wmi snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic dell_smbios dcdbas sparse_keymap
[ 600.351569] snd_hda_intel btusb snd_hda_codec btrtl btbcm btintel snd_hda_core bluetooth(OE) snd_hwdep snd_pcm iwlmvm ecdh_generic wmi_bmof dell_wmi_descriptor snd_seq_midi mac80211 snd_seq_midi_event lpc_ich iwlwifi snd_rawmidi snd_seq snd_seq_device snd_timer cfg80211 snd soundcore mei_me mei dell_rbtn dell_smo8800 mac_hid parport_pc ppdev lp parport autofs4 hid_generic usbhid hid i915 nouveau kvmgt vfio_mdev mdev vfio_iommu_type1 vfio kvm irqbypass i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt mxm_wmi psmouse ahci sdhci_pci cqhci libahci fb_sys_fops sdhci drm e1000e video wmi
[ 600.351637] ---[ end trace e49e9f1df09c94fb ]---
[ 600.351664] RIP: 0010:smp_chan_destroy.isra.10+0xce/0x2c0 [bluetooth]
[ 600.351666] Code: c0 0f 84 b4 01 00 00 80 78 28 04 0f 84 53 01 00 00 4d 85 ed 0f 85 ab 00 00 00 48 8b 08 48 8b 50 08 be 10 00 00 00 48 89 51 08 <48> 89 0a 48 b9 00 02 00 00 00 00 ad de 48 89 48 08 48 8b 83 00 01
[ 600.351669] RSP: 0018:ffffa9be839b3b50 EFLAGS: 00010246
[ 600.351672] RAX: ffff9c999ac565a0 RBX: ffff9c9996e98c00 RCX: ffff9c999aa28b60
[ 600.351674] RDX: dead000000000200 RSI: 0000000000000010 RDI: ffff9c999e403500
[ 600.351676] RBP: ffffa9be839b3b70 R08: 0000000000000000 R09: ffffffff92a25c00
[ 600.351679] R10: ffffa9be839b3ae8 R11: 0000000000000001 R12: ffff9c995375b800
[ 600.351681] R13: 0000000000000000 R14: ffff9c99619a5000 R15: ffff9c9962a01c00
[ 600.351684] FS: 00007fb2be27c700(0000) GS:ffff9c999e880000(0000) knlGS:0000000000000000
[ 600.351686] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 600.351689] CR2: 00007fb2bdadbad0 CR3: 000000041c328001 CR4: 00000000001606e0
Crash happened because list_del_rcu() was called twice for smp->ltk. This
was possible if unpair_device was called right after ltk was generated
but before keys were distributed.
In this commit smp_cancel_pairing was refactored to cancel pairing if it
is in progress and otherwise just removes keys. Once keys are removed from
rcu list, pointers to smp context's keys are set to NULL to make sure
removed list items are not accessed later.
This commit also adjusts the functionality of mgmt unpair_device() little
bit. Previously pairing was canceled only if pairing was in state that
keys were already generated. With this commit unpair_device() cancels
pairing already in earlier states.
Bug was found by fuzzing kernel SMP implementation using Synopsys
Defensics.
Reported-by: Pekka Oikarainen <pekka.oikarainen@synopsys.com>
Signed-off-by: Matias Karhumaa <matias.karhumaa@gmail.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refs/heads/tmp-d6bbe8b
Linux 4.4.127
Revert "ip6_vti: adjust vti mtu according to mtu of lower device"
net: cavium: liquidio: fix up "Avoid dma_unmap_single on uninitialized ndata"
spi: davinci: fix up dma_mapping_error() incorrect patch
Revert "mtip32xx: use runtime tag to initialize command header"
Revert "cpufreq: Fix governor module removal race"
Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin"
Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin"
Revert "PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()"
nospec: Kill array_index_nospec_mask_check()
nospec: Move array_index_nospec() parameter checking into separate macro
net: hns: Fix ethtool private flags
md/raid10: reset the 'first' at the end of loop
ARM: dts: am57xx-beagle-x15-common: Add overide powerhold property
ARM: dts: dra7: Add power hold and power controller properties to palmas
Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition
vt: change SGR 21 to follow the standards
Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad
Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list
staging: comedi: ni_mio_common: ack ai fifo error interrupts.
fs/proc: Stop trying to report thread stacks
crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one
crypto: ahash - Fix early termination in hash walk
parport_pc: Add support for WCH CH382L PCI-E single parallel port card.
media: usbtv: prevent double free in error case
mei: remove dev_err message on an unsupported ioctl
USB: serial: cp210x: add ELDAT Easywave RX09 id
USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator
USB: serial: ftdi_sio: add RT Systems VX-8 cable
usb: dwc2: Improve gadget state disconnection handling
scsi: virtio_scsi: always read VPD pages for multiqueue too
llist: clang: introduce member_address_is_nonnull()
Bluetooth: Fix missing encryption refresh on Security Request
netfilter: x_tables: add and use xt_check_proc_name
netfilter: bridge: ebt_among: add more missing match size checks
xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms()
RDMA/ucma: Introduce safer rdma_addr_size() variants
RDMA/ucma: Don't allow join attempts for unsupported AF family
RDMA/ucma: Check that device exists prior to accessing it
RDMA/ucma: Check that device is connected prior to access it
RDMA/ucma: Ensure that CM_ID exists prior to access it
RDMA/ucma: Fix use-after-free access in ucma_close
RDMA/ucma: Check AF family prior resolving address
xfrm_user: uncoditionally validate esn replay attribute struct
arm64: avoid overflow in VA_START and PAGE_OFFSET
selinux: Remove redundant check for unknown labeling behavior
netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch
tty: provide tty_name() even without CONFIG_TTY
audit: add tty field to LOGIN event
frv: declare jiffies to be located in the .data section
jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp
fs: compat: Remove warning from COMPATIBLE_IOCTL
selinux: Remove unnecessary check of array base in selinux_set_mapping()
cpumask: Add helper cpumask_available()
genirq: Use cpumask_available() for check of cpumask variable
netfilter: nf_nat_h323: fix logical-not-parentheses warning
Input: mousedev - fix implicit conversion warning
dm ioctl: remove double parentheses
PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant
writeback: fix the wrong congested state variable definition
ACPI, PCI, irq: remove redundant check for null string pointer
kprobes/x86: Fix to set RWX bits correctly before releasing trampoline
usb: gadget: f_hid: fix: Prevent accessing released memory
usb: gadget: align buffer size when allocating for OUT endpoint
usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align
usb: gadget: change len to size_t on alloc_ep_req()
usb: gadget: define free_ep_req as universal function
partitions/msdos: Unable to mount UFS 44bsd partitions
perf/hwbp: Simplify the perf-hwbp code, fix documentation
ALSA: pcm: potential uninitialized return values
ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()
mtd: jedec_probe: Fix crash in jedec_read_mfr()
Replace #define with enum for better compilation errors.
Add missing include to drivers/tty/goldfish.c
Fix whitespace in drivers/tty/goldfish.c
ANDROID: fuse: Add null terminator to path in canonical path to avoid issue
ANDROID: sdcardfs: Fix sdcardfs to stop creating cases-sensitive duplicate entries.
ANDROID: add missing include to pdev_bus
ANDROID: pdev_bus: replace writel with gf_write_ptr
ANDROID: Cleanup type casting in goldfish.h
ANDROID: Include missing headers in goldfish.h
ANDROID: cpufreq: times: skip printing invalid frequencies
ANDROID: xt_qtaguid: Remove unnecessary null checks to device's name
ANDROID: xt_qtaguid: Remove unnecessary null checks to ifa_label
ANDROID: cpufreq: times: allocate enough space for a uid_entry
Linux 4.4.126
net: systemport: Rewrite __bcm_sysport_tx_reclaim()
net: fec: Fix unbalanced PM runtime calls
ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
s390/qeth: on channel error, reject further cmd requests
s390/qeth: lock read device while queueing next buffer
s390/qeth: when thread completes, wake up all waiters
s390/qeth: free netdevice when removing a card
team: Fix double free in error path
skbuff: Fix not waking applications when errors are enqueued
net: Only honor ifindex in IP_PKTINFO if non-0
netlink: avoid a double skb free in genlmsg_mcast()
net/iucv: Free memory obtained by kzalloc
net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface
net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred
l2tp: do not accept arbitrary sockets
ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option()
dccp: check sk for closed state in dccp_sendmsg()
net: Fix hlist corruptions in inet_evict_bucket()
Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs"
scsi: sg: don't return bogus Sg_requests
Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs"
UPSTREAM: drm: virtio-gpu: set atomic flag
UPSTREAM: drm: virtio-gpu: transfer dumb buffers to host on plane update
UPSTREAM: drm: virtio-gpu: ensure plane is flushed to host on atomic update
UPSTREAM: drm: virtio-gpu: get the fb from the plane state for atomic updates
Linux 4.4.125
bpf, x64: increase number of passes
bpf: skip unnecessary capability check
kbuild: disable clang's default use of -fmerge-all-constants
staging: lustre: ptlrpc: kfree used instead of kvfree
perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period()
x86/entry/64: Don't use IST entry for #BP stack
x86/boot/64: Verify alignment of the LOAD segment
x86/build/64: Force the linker to use 2MB page size
kvm/x86: fix icebp instruction handling
tty: vt: fix up tabstops properly
can: cc770: Fix use after free in cc770_tx_interrupt()
can: cc770: Fix queue stall & dropped RTR reply
can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack
staging: ncpfs: memory corruption in ncp_read_kernel()
mtd: nand: fsl_ifc: Fix nand waitfunc return value
tracing: probeevent: Fix to support minus offset from symbol
rtlwifi: rtl8723be: Fix loss of signal
brcmfmac: fix P2P_DEVICE ethernet address generation
acpi, numa: fix pxm to online numa node associations
drm: udl: Properly check framebuffer mmap offsets
drm/radeon: Don't turn off DP sink when disconnected
drm/vmwgfx: Fix a destoy-while-held mutex problem.
x86/mm: implement free pmd/pte page interfaces
mm/vmalloc: add interfaces to free unmapped page table
libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version
libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions
libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs
libata: Enable queued TRIM for Samsung SSD 860
libata: disable LPM for Crucial BX100 SSD 500GB drive
libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs
libata: remove WARN() for DMA or PIO command without data
libata: fix length validation of ATAPI-relayed SCSI commands
Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174
clk: bcm2835: Protect sections updating shared registers
ahci: Add PCI-id for the Highpoint Rocketraid 644L card
PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L
mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs
ALSA: hda/realtek - Always immediately update mute LED with pin VREF
ALSA: aloop: Fix access to not-yet-ready substream via cable
ALSA: aloop: Sync stale timer before release
ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit
iio: st_pressure: st_accel: pass correct platform data to init
MIPS: ralink: Remove ralink_halt()
ANDROID: cpufreq: times: fix proc_time_in_state_show
dtc: turn off dtc unit address warnings by default
Linux 4.4.124
RDMA/ucma: Fix access to non-initialized CM_ID object
dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63
clk: si5351: Rename internal plls to avoid name collisions
nfsd4: permit layoutget of executable-only files
RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS
ip6_vti: adjust vti mtu according to mtu of lower device
iommu/vt-d: clean up pr_irq if request_threaded_irq fails
pinctrl: Really force states during suspend/resume
coresight: Fix disabling of CoreSight TPIU
pty: cancel pty slave port buf's work in tty_release
drm/omap: DMM: Check for DMM readiness after successful transaction commit
vgacon: Set VGA struct resource types
IB/umem: Fix use of npages/nmap fields
RDMA/cma: Use correct size when writing netlink stats
IB/ipoib: Avoid memory leak if the SA returns a different DGID
mmc: avoid removing non-removable hosts during suspend
platform/chrome: Use proper protocol transfer function
cros_ec: fix nul-termination for firmware build info
media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart
media: bt8xx: Fix err 'bt878_probe()'
rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled.
RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo()
drm/msm: fix leak in failed get_pages
media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt
Bluetooth: hci_qca: Avoid setup failure on missing rampatch
perf tests kmod-path: Don't fail if compressed modules aren't supported
rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL
rtc: ds1374: wdt: Fix issue with timeout scaling from secs to wdt ticks
cifs: small underflow in cnvrtDosUnixTm()
net: hns: fix ethtool_get_strings overflow in hns driver
sm501fb: don't return zero on failure path in sm501fb_start()
video: fbdev: udlfb: Fix buffer on stack
tcm_fileio: Prevent information leak for short reads
ia64: fix module loading for gcc-5.4
md/raid10: skip spare disk as 'first' disk
Input: twl4030-pwrbutton - use correct device for irq request
power: supply: pda_power: move from timer to delayed_work
bnx2x: Align RX buffers
drm/nouveau/kms: Increase max retries in scanout position queries.
ACPI / PMIC: xpower: Fix power_table addresses
ipmi/watchdog: fix wdog hang on panic waiting for ipmi response
ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP
mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a
staging: wilc1000: fix unchecked return value
staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y
mtip32xx: use runtime tag to initialize command header
mfd: palmas: Reset the POWERHOLD mux during power off
mac80211: don't parse encrypted management frames in ieee80211_frame_acked
Btrfs: send, fix file hole not being preserved due to inline extent
rndis_wlan: add return value validation
mt7601u: check return value of alloc_skb
iio: st_pressure: st_accel: Initialise sensor platform data properly
NFS: don't try to cross a mountpount when there isn't one there.
infiniband/uverbs: Fix integer overflows
scsi: mac_esp: Replace bogus memory barrier with spinlock
qlcnic: fix unchecked return value
wan: pc300too: abort path on failure
mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR()
openvswitch: Delete conntrack entry clashing with an expectation.
netfilter: xt_CT: fix refcnt leak on error path
Fix driver usage of 128B WQEs when WQ_CREATE is V1.
ASoC: Intel: Skylake: Uninitialized variable in probe_codec()
IB/mlx4: Change vma from shared to private
IB/mlx4: Take write semaphore when changing the vma struct
HSI: ssi_protocol: double free in ssip_pn_xmit()
IB/ipoib: Update broadcast object if PKey value was changed in index 0
IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow
ALSA: hda - Fix headset microphone detection for ASUS N551 and N751
e1000e: fix timing for 82579 Gigabit Ethernet controller
tcp: remove poll() flakes with FastOpen
NFS: Fix missing pg_cleanup after nfs_pageio_cond_complete()
md/raid10: wait up frozen array in handle_write_completed
iommu/omap: Register driver before setting IOMMU ops
ARM: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER
KVM: PPC: Book3S PR: Exit KVM on failed mapping
scsi: virtio_scsi: Always try to read VPD pages
clk: ns2: Correct SDIO bits
ath: Fix updating radar flags for coutry code India
spi: dw: Disable clock after unregistering the host
media/dvb-core: Race condition when writing to CAM
net: ipv6: send unsolicited NA on admin up
i2c: i2c-scmi: add a MS HID
genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs
cpufreq/sh: Replace racy task affinity logic
ACPI/processor: Replace racy task affinity logic
ACPI/processor: Fix error handling in __acpi_processor_start()
time: Change posix clocks ops interfaces to use timespec64
Input: ar1021_i2c - fix too long name in driver's device table
rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs
x86: i8259: export legacy_pic symbol
regulator: anatop: set default voltage selector for pcie
platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA
staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
CIFS: Enable encryption during session setup phase
SMB3: Validate negotiate request must always be signed
tpm_tis: fix potential buffer overruns caused by bit glitches on the bus
tpm: fix potential buffer overruns caused by bit glitches on the bus
BACKPORT, FROMLIST: crypto: arm64/speck - add NEON-accelerated implementation of Speck-XTS
Linux 4.4.123
bpf: fix incorrect sign extension in check_alu_op()
usb: gadget: bdc: 64-bit pointer capability check
USB: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe()
btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device
btrfs: alloc_chunk: fix DUP stripe size handling
ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux
scsi: sg: only check for dxfer_len greater than 256M
scsi: sg: fix static checker warning in sg_is_valid_dxfer
scsi: sg: fix SG_DXFER_FROM_DEV transfers
irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis
fs/aio: Use RCU accessors for kioctx_table->table[]
fs/aio: Add explicit RCU grace period when freeing kioctx
lock_parent() needs to recheck if dentry got __dentry_kill'ed under it
fs: Teach path_connected to handle nfs filesystems with multiple roots.
drm/amdgpu/dce: Don't turn off DP sink when disconnected
ALSA: seq: Clear client entry before deleting else at closing
ALSA: seq: Fix possible UAF in snd_seq_check_queue()
ALSA: hda - Revert power_save option default value
ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
x86/mm: Fix vmalloc_fault to use pXd_large
x86/vm86/32: Fix POPF emulation
selftests/x86/entry_from_vm86: Add test cases for POPF
selftests/x86: Add tests for the STR and SLDT instructions
selftests/x86: Add tests for User-Mode Instruction Prevention
selftests/x86/entry_from_vm86: Exit with 1 if we fail
ima: relax requiring a file signature for new files with zero length
rcutorture/configinit: Fix build directory error message
ipvlan: add L2 check for packets arriving via virtual devices
ASoC: nuc900: Fix a loop timeout test
mac80211: remove BUG() when interface type is invalid
mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED
agp/intel: Flush all chipset writes after updating the GGTT
drm/amdkfd: Fix memory leaks in kfd topology
veth: set peer GSO values
media: cpia2: Fix a couple off by one bugs
scsi: dh: add new rdac devices
scsi: devinfo: apply to HP XP the same flags as Hitachi VSP
scsi: core: scsi_get_device_flags_keyed(): Always return device flags
spi: sun6i: disable/unprepare clocks on remove
tools/usbip: fixes build with musl libc toolchain
ath10k: fix invalid STS_CAP_OFFSET_MASK
clk: qcom: msm8916: fix mnd_width for codec_digcodec
cpufreq: Fix governor module removal race
ath10k: update tdls teardown state to target
ARM: dts: omap3-n900: Fix the audio CODEC's reset pin
ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin
mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]()
net: xfrm: allow clearing socket xfrm policies.
test_firmware: fix setting old custom fw path back on exit
sched: Stop resched_cpu() from sending IPIs to offline CPUs
sched: Stop switched_to_rt() from sending IPIs to offline CPUs
ARM: dts: exynos: Correct Trats2 panel reset line
HID: elo: clear BTN_LEFT mapping
video/hdmi: Allow "empty" HDMI infoframes
drm/edid: set ELD connector type in drm_edid_to_eld()
wil6210: fix memory access violation in wil_memcpy_from/toio_32
pwm: tegra: Increase precision in PWM rate calculation
kprobes/x86: Set kprobes pages read-only
kprobes/x86: Fix kprobe-booster not to boost far call instructions
scsi: sg: close race condition in sg_remove_sfp_usercontext()
scsi: sg: check for valid direction before starting the request
perf session: Don't rely on evlist in pipe mode
perf inject: Copy events when reordering events in pipe mode
drivers/perf: arm_pmu: handle no platform_device
usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control()
usb: dwc2: Make sure we disconnect the gadget state
md/raid6: Fix anomily when recovering a single device in RAID6.
regulator: isl9305: fix array size
MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters
MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification
MIPS: BPF: Fix multiple problems in JIT skb access helpers.
MIPS: BPF: Quit clobbering callee saved registers in JIT code.
coresight: Fixes coresight DT parse to get correct output port ID.
drm/amdgpu: Fail fb creation from imported dma-bufs. (v2)
drm/radeon: Fail fb creation from imported dma-bufs.
video: ARM CLCD: fix dma allocation size
iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range
apparmor: Make path_max parameter readonly
scsi: ses: don't get power status of SES device slot on probe
fm10k: correctly check if interface is removed
ALSA: firewire-digi00x: handle all MIDI messages on streaming packets
reiserfs: Make cancel_old_flush() reliable
ARM: dts: koelsch: Correct clock frequency of X2 DU clock input
net/faraday: Add missing include of of.h
powerpc: Avoid taking a data miss on every userspace instruction miss
ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks
ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks
NFC: nfcmrvl: double free on error path
NFC: nfcmrvl: Include unaligned.h instead of access_ok.h
vxlan: vxlan dev should inherit lowerdev's gso_max_size
drm/vmwgfx: Fixes to vmwgfx_fb
braille-console: Fix value returned by _braille_console_setup
bonding: refine bond_fold_stats() wrap detection
f2fs: relax node version check for victim data in gc
blk-throttle: make sure expire time isn't too big
mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative()
driver: (adm1275) set the m,b and R coefficients correctly for power
dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped
tcp: sysctl: Fix a race to avoid unexpected 0 window from space
spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer
ASoC: rcar: ssi: don't set SSICR.CKDV = 000 with SSIWSR.CONT
sched: act_csum: don't mangle TCP and UDP GSO packets
Input: qt1070 - add OF device ID table
sysrq: Reset the watchdog timers while displaying high-resolution timers
timers, sched_clock: Update timeout for clock wrap
media: i2c/soc_camera: fix ov6650 sensor getting wrong clock
scsi: ipr: Fix missed EH wakeup
solo6x10: release vb2 buffers in solo_stop_streaming()
of: fix of_device_get_modalias returned length when truncating buffers
batman-adv: handle race condition for claims between gateways
ARM: dts: Adjust moxart IRQ controller and flags
net/8021q: create device with all possible features in wanted_features
HID: clamp input to logical range if no null state
perf probe: Return errno when not hitting any event
ath10k: disallow DFS simulation if DFS channel is not enabled
drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off)
drivers: net: xgene: Fix hardware checksum setting
perf tools: Make perf_event__synthesize_mmap_events() scale
i40e: fix ethtool to get EEPROM data from X722 interface
i40e: Acquire NVM lock before reads on all devices
perf sort: Fix segfault with basic block 'cycles' sort dimension
selinux: check for address length in selinux_socket_bind()
PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()
ath10k: fix a warning during channel switch with multiple vaps
drm: qxl: Don't alloc fbdev if emulation is not supported
HID: reject input outside logical range only if null state is set
staging: wilc1000: add check for kmalloc allocation failure.
staging: speakup: Replace BUG_ON() with WARN_ON().
Input: tsc2007 - check for presence and power down tsc2007 during probe
blkcg: fix double free of new_blkg in blkcg_init_queue
ANDROID: cpufreq: times: avoid prematurely freeing uid_entry
ANDROID: Use standard logging functions in goldfish_pipe
ANDROID: Fix whitespace in goldfish
staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
llist: clang: introduce member_address_is_nonnull()
Linux 4.4.122
fixup: sctp: verify size of a new chunk in _sctp_make_chunk()
serial: 8250_pci: Add Brainboxes UC-260 4 port serial device
usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb()
usb: usbmon: Read text within supplied buffer size
USB: usbmon: remove assignment from IS_ERR argument
usb: quirks: add control message delay for 1b1c:1b20
USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h
staging: android: ashmem: Fix lockdep issue during llseek
staging: comedi: fix comedi_nsamples_left.
uas: fix comparison for error code
tty/serial: atmel: add new version check for usart
serial: sh-sci: prevent lockup on full TTY buffers
x86: Treat R_X86_64_PLT32 as R_X86_64_PC32
x86/module: Detect and skip invalid relocations
Revert "ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux"
NFS: Fix an incorrect type in struct nfs_direct_req
scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport
ubi: Fix race condition between ubi volume creation and udev
ext4: inplace xattr block update fails to deduplicate blocks
netfilter: x_tables: pack percpu counter allocations
netfilter: x_tables: pass xt_counters struct to counter allocator
netfilter: x_tables: pass xt_counters struct instead of packet counter
netfilter: use skb_to_full_sk in ip_route_me_harder
netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
netfilter: bridge: ebt_among: add missing match size checks
netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
netfilter: IDLETIMER: be syzkaller friendly
netfilter: nat: cope with negative port range
netfilter: x_tables: fix missing timer initialization in xt_LED
netfilter: add back stackpointer size checks
tc358743: fix register i2c_rd/wr function fix
Input: tca8418_keypad - remove double read of key event register
ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds
netfilter: nfnetlink_queue: fix timestamp attribute
watchdog: hpwdt: fix unused variable warning
watchdog: hpwdt: Check source of NMI
watchdog: hpwdt: SMBIOS check
nospec: Include <asm/barrier.h> dependency
ALSA: hda: add dock and led support for HP ProBook 640 G2
ALSA: hda: add dock and led support for HP EliteBook 820 G3
ALSA: seq: More protection for concurrent write and ioctl races
ALSA: seq: Don't allow resizing pool in use
ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520
x86/MCE: Serialize sysfs changes
bcache: don't attach backing with duplicate UUID
kbuild: Handle builtin dtb file names containing hyphens
loop: Fix lost writes caused by missing flag
Input: matrix_keypad - fix race when disabling interrupts
MIPS: OCTEON: irq: Check for null return on kzalloc allocation
MIPS: ath25: Check for kzalloc allocation failure
MIPS: BMIPS: Do not mask IPIs during suspend
drm/amdgpu: fix KV harvesting
drm/radeon: fix KV harvesting
drm/amdgpu: Notify sbios device ready before send request
drm/amdgpu: Fix deadlock on runtime suspend
drm/radeon: Fix deadlock on runtime suspend
drm/nouveau: Fix deadlock on runtime suspend
drm: Allow determining if current task is output poll worker
workqueue: Allow retrieval of current task's work struct
scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
RDMA/mlx5: Fix integer overflow while resizing CQ
RDMA/ucma: Check that user doesn't overflow QP state
RDMA/ucma: Limit possible option size
ANDROID: ranchu: 32 bit framebuffer support
ANDROID: Address checkpatch warnings in goldfishfb
ANDROID: Address checkpatch.pl warnings in goldfish_pipe
ANDROID: sdcardfs: fix lock issue on 32 bit/SMP architectures
ANDROID: goldfish: Fix typo in goldfish_cmd_locked() call
ANDROID: Address checkpatch.pl warnings in goldfish_pipe_v2
FROMLIST: f2fs: don't put dentry page in pagecache into highmem
Linux 4.4.121
btrfs: preserve i_mode if __btrfs_set_acl() fails
bpf, x64: implement retpoline for tail call
dm io: fix duplicate bio completion due to missing ref count
mpls, nospec: Sanitize array index in mpls_label_ok()
net: mpls: Pull common label check into helper
sctp: verify size of a new chunk in _sctp_make_chunk()
s390/qeth: fix IPA command submission race
s390/qeth: fix SETIP command handling
sctp: fix dst refcnt leak in sctp_v6_get_dst()
sctp: fix dst refcnt leak in sctp_v4_get_dst
udplite: fix partial checksum initialization
ppp: prevent unregistered channels from connecting to PPP units
netlink: ensure to loop over all netns in genlmsg_multicast_allns()
net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68
net: fix race on decreasing number of TX queues
ipv6 sit: work around bogus gcc-8 -Wrestrict warning
hdlc_ppp: carrier detect ok, don't turn off negotiation
fib_semantics: Don't match route with mismatching tclassid
bridge: check brport attr show in brport_show
Revert "led: core: Fix brightness setting when setting delay_off=0"
x86/spectre: Fix an error message
leds: do not overflow sysfs buffer in led_trigger_show
x86/apic/vector: Handle legacy irq data correctly
ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux
btrfs: Don't clear SGID when inheriting ACLs
x86/syscall: Sanitize syscall table de-references under speculation fix
KVM: mmu: Fix overlap between public and private memslots
ARM: mvebu: Fix broken PL310_ERRATA_753970 selects
nospec: Allow index argument to have const-qualified type
media: m88ds3103: don't call a non-initalized function
cpufreq: s3c24xx: Fix broken s3c_cpufreq_init()
ALSA: hda: Add a power_save blacklist
ALSA: usb-audio: Add a quirck for B&W PX headphones
tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus
tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus
tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus
ANDROID: Delete the goldfish_nand driver.
ANDROID: Add input support for Android Wear.
ANDROID: proc: fix config & includes for /proc/uid
FROMLIST: ARM: amba: Don't read past the end of sysfs "driver_override" buffer
UPSTREAM: ANDROID: binder: remove WARN() for redundant txn error
ANDROID: cpufreq: times: Add missing includes
ANDROID: cpufreq: Add time_in_state to /proc/uid directories
ANDROID: proc: Add /proc/uid directory
ANDROID: cpufreq: times: track per-uid time in state
ANDROID: cpufreq: track per-task time in state
Conflicts:
drivers/gpu/drm/msm/msm_gem.c
drivers/net/wireless/ath/regd.c
kernel/sched/core.c
Change-Id: I9bb7b5a062415da6925a5a56a34e6eb066a53320
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 64e759f58f128730b97a3c3a26d283c075ad7c86 upstream.
If Security Request is received on connection that is already encrypted
with sufficient security master should perform encryption key refresh
procedure instead of just ignoring Slave Security Request
(Core Spec 5.0 Vol 3 Part H 2.4.6).
> ACL Data RX: Handle 3585 flags 0x02 dlen 6
SMP: Security Request (0x0b) len 1
Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09)
< HCI Command: LE Start Encryption (0x08|0x0019) plen 28
Handle: 3585
Random number: 0x0000000000000000
Encrypted diversifier: 0x0000
Long term key: 44264272a5c426a9e868f034cf0e69f3
> HCI Event: Command Status (0x0f) plen 4
LE Start Encryption (0x08|0x0019) ncmd 1
Status: Success (0x00)
> HCI Event: Encryption Key Refresh Complete (0x30) plen 3
Status: Success (0x00)
Handle: 3585
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refs/heads/tmp-9f764bb
Linux 4.4.80
ASoC: dpcm: Avoid putting stream state to STOP when FE stream is paused
scsi: snic: Return error code on memory allocation failure
scsi: fnic: Avoid sending reset to firmware when another reset is in progress
HID: ignore Petzl USB headlamp
ALSA: usb-audio: test EP_FLAG_RUNNING at urb completion
sh_eth: enable RX descriptor word 0 shift on SH7734
nvmem: imx-ocotp: Fix wrong register size
arm64: mm: fix show_pte KERN_CONT fallout
vfio-pci: Handle error from pci_iomap
video: fbdev: cobalt_lcdfb: Handle return NULL error from devm_ioremap
perf symbols: Robustify reading of build-id from sysfs
perf tools: Install tools/lib/traceevent plugins with install-bin
xfrm: Don't use sk_family for socket policy lookups
tools lib traceevent: Fix prev/next_prio for deadline tasks
Btrfs: adjust outstanding_extents counter properly when dio write is split
usb: gadget: Fix copy/pasted error message
ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
ARM: s3c2410_defconfig: Fix invalid values for NF_CT_PROTO_*
ARM64: zynqmp: Fix i2c node's compatible string
ARM64: zynqmp: Fix W=1 dtc 1.4 warnings
dmaengine: ti-dma-crossbar: Add some 'of_node_put()' in error path.
dmaengine: ioatdma: workaround SKX ioatdma version
dmaengine: ioatdma: Add Skylake PCI Dev ID
openrisc: Add _text symbol to fix ksym build error
irqchip/mxs: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND
ASoC: nau8825: fix invalid configuration in Pre-Scalar of FLL
spi: dw: Make debugfs name unique between instances
ASoC: tlv320aic3x: Mark the RESET register as volatile
irqchip/keystone: Fix "scheduling while atomic" on rt
vfio-pci: use 32-bit comparisons for register address for gcc-4.5
drm/msm: Verify that MSM_SUBMIT_BO_FLAGS are set
drm/msm: Ensure that the hardware write pointer is valid
net/mlx4: Remove BUG_ON from ICM allocation routine
ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output
ARM: dts: n900: Mark eMMC slot with no-sdio and no-sd flags
r8169: add support for RTL8168 series add-on card.
x86/mce/AMD: Make the init code more robust
tpm: Replace device number bitmap with IDR
tpm: fix a kernel memory leak in tpm-sysfs.c
xen/blkback: don't use xen_blkif_get() in xen-blkback kthread
xen/blkback: don't free be structure too early
sched/cputime: Fix prev steal time accouting during CPU hotplug
net: skb_needs_check() accepts CHECKSUM_NONE for tx
pstore: Use dynamic spinlock initializer
pstore: Correctly initialize spinlock and flags
pstore: Allow prz to control need for locking
vlan: Propagate MAC address to VLANs
/proc/iomem: only expose physical resource addresses to privileged users
Make file credentials available to the seqfile interfaces
v4l: s5c73m3: fix negation operator
dentry name snapshots
ipmi/watchdog: fix watchdog timeout set on reboot
libnvdimm, btt: fix btt_rw_page not returning errors
RDMA/uverbs: Fix the check for port number
PM / Domains: defer dev_pm_domain_set() until genpd->attach_dev succeeds if present
sched/cgroup: Move sched_online_group() back into css_online() to fix crash
kaweth: fix oops upon failed memory allocation
kaweth: fix firmware download
mpt3sas: Don't overreach ioc->reply_post[] during initialization
mailbox: handle empty message in tx_tick
mailbox: skip complete wait event if timer expired
mailbox: always wait in mbox_send_message for blocking Tx mode
wil6210: fix deadlock when using fw_no_recovery option
ath10k: fix null deref on wmi-tlv when trying spectral scan
isdn/i4l: fix buffer overflow
isdn: Fix a sleep-in-atomic bug
net: phy: Do not perform software reset for Generic PHY
nfc: fdp: fix NULL pointer dereference
xfs: don't BUG() on mixed direct and mapped I/O
perf intel-pt: Ensure never to set 'last_ip' when packet 'count' is zero
perf intel-pt: Use FUP always when scanning for an IP
perf intel-pt: Fix last_ip usage
perf intel-pt: Fix ip compression
drm: rcar-du: Simplify and fix probe error handling
drm: rcar-du: Perform initialization/cleanup at probe/remove time
drm/rcar: Nuke preclose hook
Staging: comedi: comedi_fops: Avoid orphaned proc entry
Revert "powerpc/numa: Fix percpu allocations to be NUMA aware"
KVM: PPC: Book3S HV: Save/restore host values of debug registers
KVM: PPC: Book3S HV: Reload HTM registers explicitly
KVM: PPC: Book3S HV: Restore critical SPRs to host values on guest exit
KVM: PPC: Book3S HV: Context-switch EBB registers properly
drm/nouveau/bar/gf100: fix access to upper half of BAR2
drm/vmwgfx: Fix gcc-7.1.1 warning
md/raid5: add thread_group worker async_tx_issue_pending_all
crypto: authencesn - Fix digest_null crash
powerpc/pseries: Fix of_node_put() underflow during reconfig remove
net: reduce skb_warn_bad_offload() noise
pstore: Make spinlock per zone instead of global
af_key: Add lock to key dump
ANDROID: binder: Don't BUG_ON(!spin_is_locked()).
Linux 4.4.79
alarmtimer: don't rate limit one-shot timers
tracing: Fix kmemleak in instance_rmdir
spmi: Include OF based modalias in device uevent
of: device: Export of_device_{get_modalias, uvent_modalias} to modules
drm/mst: Avoid processing partially received up/down message transactions
drm/mst: Avoid dereferencing a NULL mstb in drm_dp_mst_handle_up_req()
drm/mst: Fix error handling during MST sideband message reception
RDMA/core: Initialize port_num in qp_attr
ceph: fix race in concurrent readdir
staging: rtl8188eu: add TL-WN722N v2 support
Revert "perf/core: Drop kernel samples even though :u is specified"
perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its target
target: Fix COMPARE_AND_WRITE caw_sem leak during se_cmd quiesce
udf: Fix deadlock between writeback and udf_setsize()
NFS: only invalidate dentrys that are clearly invalid.
Input: i8042 - fix crash at boot time
MIPS: Fix a typo: s/preset/present/ in r2-to-r6 emulation error message
MIPS: Send SIGILL for linked branches in `__compute_return_epc_for_insn'
MIPS: Rename `sigill_r6' to `sigill_r2r6' in `__compute_return_epc_for_insn'
MIPS: Send SIGILL for BPOSGE32 in `__compute_return_epc_for_insn'
MIPS: math-emu: Prevent wrong ISA mode instruction emulation
MIPS: Fix unaligned PC interpretation in `compute_return_epc'
MIPS: Actually decode JALX in `__compute_return_epc_for_insn'
MIPS: Save static registers before sysmips
MIPS: Fix MIPS I ISA /proc/cpuinfo reporting
x86/ioapic: Pass the correct data to unmask_ioapic_irq()
x86/acpi: Prevent out of bound access caused by broken ACPI tables
MIPS: Negate error syscall return in trace
MIPS: Fix mips_atomic_set() with EVA
MIPS: Fix mips_atomic_set() retry condition
ftrace: Fix uninitialized variable in match_records()
vfio: New external user group/file match
vfio: Fix group release deadlock
f2fs: Don't clear SGID when inheriting ACLs
ipmi:ssif: Add missing unlock in error branch
ipmi: use rcu lock around call to intf->handlers->sender()
drm/radeon: Fix eDP for single-display iMac10,1 (v2)
drm/radeon/ci: disable mclk switching for high refresh rates (v2)
drm/amd/amdgpu: Return error if initiating read out of range on vram
s390/syscalls: Fix out of bounds arguments access
Raid5 should update rdev->sectors after reshape
cx88: Fix regression in initial video standard setting
x86/xen: allow userspace access during hypercalls
md: don't use flush_signals in userspace processes
usb: renesas_usbhs: gadget: disable all eps when the driver stops
usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL
USB: cdc-acm: add device-id for quirky printer
usb: storage: return on error to avoid a null pointer dereference
xhci: Fix NULL pointer dereference when cleaning up streams for removed host
xhci: fix 20000ms port resume timeout
ipvs: SNAT packet replies only for NATed connections
PCI/PM: Restore the status of PCI devices across hibernation
af_key: Fix sadb_x_ipsecrequest parsing
powerpc/asm: Mark cr0 as clobbered in mftb()
powerpc: Fix emulation of mfocrf in emulate_step()
powerpc: Fix emulation of mcrf in emulate_step()
powerpc/64: Fix atomic64_inc_not_zero() to return an int
iscsi-target: Add login_keys_workaround attribute for non RFC initiators
scsi: ses: do not add a device to an enclosure if enclosure_add_links() fails.
PM / Domains: Fix unsafe iteration over modified list of domain providers
PM / Domains: Fix unsafe iteration over modified list of device links
ASoC: compress: Derive substream from stream based on direction
wlcore: fix 64K page support
Bluetooth: use constant time memory comparison for secret values
perf intel-pt: Clear FUP flag on error
perf intel-pt: Ensure IP is zero when state is INTEL_PT_STATE_NO_IP
perf intel-pt: Fix missing stack clear
perf intel-pt: Improve sample timestamp
perf intel-pt: Move decoder error setting into one condition
NFC: Add sockaddr length checks before accessing sa_family in bind handlers
nfc: Fix the sockaddr length sanitization in llcp_sock_connect
nfc: Ensure presence of required attributes in the activate_target handler
NFC: nfcmrvl: fix firmware-management initialisation
NFC: nfcmrvl: use nfc-device for firmware download
NFC: nfcmrvl: do not use device-managed resources
NFC: nfcmrvl_uart: add missing tty-device sanity check
NFC: fix broken device allocation
ath9k: fix tx99 bus error
ath9k: fix tx99 use after free
thermal: cpu_cooling: Avoid accessing potentially freed structures
s5p-jpeg: don't return a random width/height
ir-core: fix gcc-7 warning on bool arithmetic
disable new gcc-7.1.1 warnings for now
sched/fair: Add a backup_cpu to find_best_target
sched/fair: Try to estimate possible idle states.
sched/fair: Sync task util before EAS wakeup
Revert "sched/fair: ensure utilization signals are synchronized before use"
sched/fair: kick nohz idle balance for misfit task
sched/fair: Update signals of nohz cpus if we are going idle
events: add tracepoint for find_best_target
sched/fair: streamline find_best_target heuristics
UPSTREAM: af_key: Fix sadb_x_ipsecrequest parsing
ANDROID: lowmemorykiller: Add tgid to kill message
Revert "proc: smaps: Allow smaps access for CAP_SYS_RESOURCE"
Conflicts:
drivers/gpu/drm/msm/adreno/adreno_gpu.c
drivers/gpu/drm/msm/msm_ringbuffer.c
drivers/staging/android/lowmemorykiller.c
kernel/sched/fair.c
Change-Id: Ic3b3a522b79b1deb178e513b56b9c39eea48e079
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 329d82309824ff1082dc4a91a5bbed8c3bec1580 upstream.
This file is filled with complex cryptography. Thus, the comparisons of
MACs and secret keys and curve points and so forth should not add timing
attacks, which could either result in a direct forgery, or, given the
complexity, some other type of attack.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tmp-917a9:
ARM/vdso: Mark the vDSO code read-only after init
x86/vdso: Mark the vDSO code read-only after init
lkdtm: Verify that '__ro_after_init' works correctly
arch: Introduce post-init read-only memory
x86/mm: Always enable CONFIG_DEBUG_RODATA and remove the Kconfig option
mm/init: Add 'rodata=off' boot cmdline parameter to disable read-only kernel mappings
asm-generic: Consolidate mark_rodata_ro()
Linux 4.4.6
ld-version: Fix awk regex compile failure
target: Drop incorrect ABORT_TASK put for completed commands
block: don't optimize for non-cloned bio in bio_get_last_bvec()
MIPS: smp.c: Fix uninitialised temp_foreign_map
MIPS: Fix build error when SMP is used without GIC
ovl: fix getcwd() failure after unsuccessful rmdir
ovl: copy new uid/gid into overlayfs runtime inode
userfaultfd: don't block on the last VM updates at exit time
powerpc/powernv: Fix OPAL_CONSOLE_FLUSH prototype and usages
powerpc/powernv: Add a kmsg_dumper that flushes console output on panic
powerpc: Fix dedotify for binutils >= 2.26
Revert "drm/radeon/pm: adjust display configuration after powerstate"
drm/radeon: Fix error handling in radeon_flip_work_func.
drm/amdgpu: Fix error handling in amdgpu_flip_work_func.
Revert "drm/radeon: call hpd_irq_event on resume"
x86/mm: Fix slow_virt_to_phys() for X86_PAE again
gpu: ipu-v3: Do not bail out on missing optional port nodes
mac80211: Fix Public Action frame RX in AP mode
mac80211: check PN correctly for GCMP-encrypted fragmented MPDUs
mac80211: minstrel_ht: fix a logic error in RTS/CTS handling
mac80211: minstrel_ht: set default tx aggregation timeout to 0
mac80211: fix use of uninitialised values in RX aggregation
mac80211: minstrel: Change expected throughput unit back to Kbps
iwlwifi: mvm: inc pending frames counter also when txing non-sta
can: gs_usb: fixed disconnect bug by removing erroneous use of kfree()
cfg80211/wext: fix message ordering
wext: fix message delay/ordering
ovl: fix working on distributed fs as lower layer
ovl: ignore lower entries when checking purity of non-directory entries
ASoC: wm8958: Fix enum ctl accesses in a wrong type
ASoC: wm8994: Fix enum ctl accesses in a wrong type
ASoC: samsung: Use IRQ safe spin lock calls
ASoC: dapm: Fix ctl value accesses in a wrong type
ncpfs: fix a braino in OOM handling in ncp_fill_cache()
jffs2: reduce the breakage on recovery from halfway failed rename()
dmaengine: at_xdmac: fix residue computation
tracing: Fix check for cpu online when event is disabled
s390/dasd: fix diag 0x250 inline assembly
s390/mm: four page table levels vs. fork
KVM: MMU: fix reserved bit check for ept=0/CR0.WP=0/CR4.SMEP=1/EFER.NX=0
KVM: MMU: fix ept=0/pte.u=1/pte.w=0/CR0.WP=0/CR4.SMEP=1/EFER.NX=0 combo
KVM: PPC: Book3S HV: Sanitize special-purpose register values on guest exit
KVM: s390: correct fprs on SIGP (STOP AND) STORE STATUS
KVM: VMX: disable PEBS before a guest entry
kvm: cap halt polling at exactly halt_poll_ns
PCI: Allow a NULL "parent" pointer in pci_bus_assign_domain_nr()
ARM: OMAP2+: hwmod: Introduce ti,no-idle dt property
ARM: dts: dra7: do not gate cpsw clock due to errata i877
ARM: mvebu: fix overlap of Crypto SRAM with PCIe memory window
arm64: account for sparsemem section alignment when choosing vmemmap offset
Linux 4.4.5
drm/amdgpu: fix topaz/tonga gmc assignment in 4.4 stable
modules: fix longstanding /proc/kallsyms vs module insertion race.
drm/i915: refine qemu south bridge detection
drm/i915: more virtual south bridge detection
block: get the 1st and last bvec via helpers
block: check virt boundary in bio_will_gap()
drm/amdgpu: Use drm_calloc_large for VM page_tables array
thermal: cpu_cooling: fix out of bounds access in time_in_idle
i2c: brcmstb: allocate correct amount of memory for regmap
ubi: Fix out of bounds write in volume update code
cxl: Fix PSL timebase synchronization detection
MIPS: traps: Fix SIGFPE information leak from `do_ov' and `do_trap_or_bp'
MIPS: scache: Fix scache init with invalid line size.
USB: serial: option: add support for Quectel UC20
USB: serial: option: add support for Telit LE922 PID 0x1045
USB: qcserial: add Sierra Wireless EM74xx device ID
USB: qcserial: add Dell Wireless 5809e Gobi 4G HSPA+ (rev3)
USB: cp210x: Add ID for Parrot NMEA GPS Flight Recorder
usb: chipidea: otg: change workqueue ci_otg as freezable
ALSA: timer: Fix broken compat timer user status ioctl
ALSA: hdspm: Fix zero-division
ALSA: hdsp: Fix wrong boolean ctl value accesses
ALSA: hdspm: Fix wrong boolean ctl value accesses
ALSA: seq: oss: Don't drain at closing a client
ALSA: pcm: Fix ioctls for X32 ABI
ALSA: timer: Fix ioctls for X32 ABI
ALSA: rawmidi: Fix ioctls X32 ABI
ALSA: hda - Fix mic issues on Acer Aspire E1-472
ALSA: ctl: Fix ioctls for X32 ABI
ALSA: usb-audio: Add a quirk for Plantronics DA45
adv7604: fix tx 5v detect regression
dmaengine: pxa_dma: fix cyclic transfers
Fix directory hardlinks from deleted directories
jffs2: Fix page lock / f->sem deadlock
Revert "jffs2: Fix lock acquisition order bug in jffs2_write_begin"
Btrfs: fix loading of orphan roots leading to BUG_ON
pata-rb532-cf: get rid of the irq_to_gpio() call
tracing: Do not have 'comm' filter override event 'comm' field
ata: ahci: don't mark HotPlugCapable Ports as external/removable
PM / sleep / x86: Fix crash on graph trace through x86 suspend
arm64: vmemmap: use virtual projection of linear region
Adding Intel Lewisburg device IDs for SATA
writeback: flush inode cgroup wb switches instead of pinning super_block
block: bio: introduce helpers to get the 1st and last bvec
libata: Align ata_device's id on a cacheline
libata: fix HDIO_GET_32BIT ioctl
drm/amdgpu: return from atombios_dp_get_dpcd only when error
drm/amdgpu/gfx8: specify which engine to wait before vm flush
drm/amdgpu: apply gfx_v8 fixes to gfx_v7 as well
drm/amdgpu/pm: update current crtc info after setting the powerstate
drm/radeon/pm: update current crtc info after setting the powerstate
drm/ast: Fix incorrect register check for DRAM width
target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors
iommu/vt-d: Use BUS_NOTIFY_REMOVED_DEVICE in hotplug path
iommu/amd: Fix boot warning when device 00:00.0 is not iommu covered
iommu/amd: Apply workaround for ATS write permission check
arm/arm64: KVM: Fix ioctl error handling
KVM: x86: fix root cause for missed hardware breakpoints
vfio: fix ioctl error handling
Fix cifs_uniqueid_to_ino_t() function for s390x
CIFS: Fix SMB2+ interim response processing for read requests
cifs: fix out-of-bounds access in lease parsing
fbcon: set a default value to blink interval
kvm: x86: Update tsc multiplier on change.
mips/kvm: fix ioctl error handling
parisc: Fix ptrace syscall number and return value modification
PCI: keystone: Fix MSI code that retrieves struct pcie_port pointer
block: Initialize max_dev_sectors to 0
drm/amdgpu: mask out WC from BO on unsupported arches
btrfs: async-thread: Fix a use-after-free error for trace
btrfs: Fix no_space in write and rm loop
Btrfs: fix deadlock running delayed iputs at transaction commit time
drivers: sh: Restore legacy clock domain on SuperH platforms
use ->d_seq to get coherency between ->d_inode and ->d_flags
Linux 4.4.4
iwlwifi: mvm: don't allow sched scans without matches to be started
iwlwifi: update and fix 7265 series PCI IDs
iwlwifi: pcie: properly configure the debug buffer size for 8000
iwlwifi: dvm: fix WoWLAN
security: let security modules use PTRACE_MODE_* with bitmasks
IB/cma: Fix RDMA port validation for iWarp
x86/irq: Plug vector cleanup race
x86/irq: Call irq_force_move_complete with irq descriptor
x86/irq: Remove outgoing CPU from vector cleanup mask
x86/irq: Remove the cpumask allocation from send_cleanup_vector()
x86/irq: Clear move_in_progress before sending cleanup IPI
x86/irq: Remove offline cpus from vector cleanup
x86/irq: Get rid of code duplication
x86/irq: Copy vectormask instead of an AND operation
x86/irq: Check vector allocation early
x86/irq: Reorganize the search in assign_irq_vector
x86/irq: Reorganize the return path in assign_irq_vector
x86/irq: Do not use apic_chip_data.old_domain as temporary buffer
x86/irq: Validate that irq descriptor is still active
x86/irq: Fix a race in x86_vector_free_irqs()
x86/irq: Call chip->irq_set_affinity in proper context
x86/entry/compat: Add missing CLAC to entry_INT80_32
x86/mpx: Fix off-by-one comparison with nr_registers
hpfs: don't truncate the file when delete fails
do_last(): ELOOP failure exit should be done after leaving RCU mode
should_follow_link(): validate ->d_seq after having decided to follow
xen/pcifront: Fix mysterious crashes when NUMA locality information was extracted.
xen/pciback: Save the number of MSI-X entries to be copied later.
xen/pciback: Check PF instead of VF for PCI_COMMAND_MEMORY
xen/scsiback: correct frontend counting
xen/arm: correctly handle DMA mapping of compound pages
ARM: at91/dt: fix typo in sama5d2 pinmux descriptions
ARM: OMAP2+: Fix onenand initialization to avoid filesystem corruption
do_last(): don't let a bogus return value from ->open() et.al. to confuse us
kernel/resource.c: fix muxed resource handling in __request_region()
sunrpc/cache: fix off-by-one in qword_get()
tracing: Fix showing function event in available_events
powerpc/eeh: Fix partial hotplug criterion
KVM: x86: MMU: fix ubsan index-out-of-range warning
KVM: x86: fix conversion of addresses to linear in 32-bit protected mode
KVM: x86: fix missed hardware breakpoints
KVM: arm/arm64: vgic: Ensure bitmaps are long enough
KVM: async_pf: do not warn on page allocation failures
of/irq: Fix msi-map calculation for nonzero rid-base
NFSv4: Fix a dentry leak on alias use
nfs: fix nfs_size_to_loff_t
block: fix use-after-free in dio_bio_complete
bio: return EINTR if copying to user space got interrupted
i2c: i801: Adding Intel Lewisburg support for iTCO
phy: core: fix wrong err handle for phy_power_on
writeback: keep superblock pinned during cgroup writeback association switches
cgroup: make sure a parent css isn't offlined before its children
cpuset: make mm migration asynchronous
PCI/AER: Flush workqueue on device remove to avoid use-after-free
ARCv2: SMP: Emulate IPI to self using software triggered interrupt
ARCv2: STAR 9000950267: Handle return from intr to Delay Slot #2
libata: fix sff host state machine locking while polling
qla2xxx: Fix stale pointer access.
spi: atmel: fix gpio chip-select in case of non-DT platform
target: Fix race with SCF_SEND_DELAYED_TAS handling
target: Fix remote-port TMR ABORT + se_cmd fabric stop
target: Fix TAS handling for multi-session se_node_acls
target: Fix LUN_RESET active TMR descriptor handling
target: Fix LUN_RESET active I/O handling for ACK_KREF
ALSA: hda - Fixing background noise on Dell Inspiron 3162
ALSA: hda - Apply clock gate workaround to Skylake, too
Revert "workqueue: make sure delayed work run in local cpu"
workqueue: handle NUMA_NO_NODE for unbound pool_workqueue lookup
mac80211: Requeue work after scan complete for all VIF types.
rfkill: fix rfkill_fop_read wait_event usage
tick/nohz: Set the correct expiry when switching to nohz/lowres mode
perf stat: Do not clean event's private stats
cdc-acm:exclude Samsung phone 04e8:685d
Revert "Staging: panel: usleep_range is preferred over udelay"
Staging: speakup: Fix getting port information
sd: Optimal I/O size is in bytes, not sectors
libceph: don't spam dmesg with stray reply warnings
libceph: use the right footer size when skipping a message
libceph: don't bail early from try_read() when skipping a message
libceph: fix ceph_msg_revoke()
seccomp: always propagate NO_NEW_PRIVS on tsync
cpufreq: Fix NULL reference crash while accessing policy->governor_data
cpufreq: pxa2xx: fix pxa_cpufreq_change_voltage prototype
hwmon: (ads1015) Handle negative conversion values correctly
hwmon: (gpio-fan) Remove un-necessary speed_index lookup for thermal hook
hwmon: (dell-smm) Blacklist Dell Studio XPS 8000
Thermal: do thermal zone update after a cooling device registered
Thermal: handle thermal zone device properly during system sleep
Thermal: initialize thermal zone device correctly
IB/mlx5: Expose correct maximum number of CQE capacity
IB/qib: Support creating qps with GFP_NOIO flag
IB/qib: fix mcast detach when qp not attached
IB/cm: Fix a recently introduced deadlock
dmaengine: dw: disable BLOCK IRQs for non-cyclic xfer
dmaengine: at_xdmac: fix resume for cyclic transfers
dmaengine: dw: fix cyclic transfer callbacks
dmaengine: dw: fix cyclic transfer setup
nfit: fix multi-interface dimm handling, acpi6.1 compatibility
ACPI / PCI / hotplug: unlock in error path in acpiphp_enable_slot()
ACPI: Revert "ACPI / video: Add Dell Inspiron 5737 to the blacklist"
ACPI / video: Add disable_backlight_sysfs_if quirk for the Toshiba Satellite R830
ACPI / video: Add disable_backlight_sysfs_if quirk for the Toshiba Portege R700
lib: sw842: select crc32
uapi: update install list after nvme.h rename
ideapad-laptop: Add Lenovo Yoga 700 to no_hw_rfkill dmi list
ideapad-laptop: Add Lenovo ideapad Y700-17ISK to no_hw_rfkill dmi list
toshiba_acpi: Fix blank screen at boot if transflective backlight is supported
make sure that freeing shmem fast symlinks is RCU-delayed
drm/radeon/pm: adjust display configuration after powerstate
drm/radeon: Don't hang in radeon_flip_work_func on disabled crtc. (v2)
drm: Fix treatment of drm_vblank_offdelay in drm_vblank_on() (v2)
drm: Fix drm_vblank_pre/post_modeset regression from Linux 4.4
drm: Prevent vblank counter bumps > 1 with active vblank clients. (v2)
drm: No-Op redundant calls to drm_vblank_off() (v2)
drm/radeon: use post-decrement in error handling
drm/qxl: use kmalloc_array to alloc reloc_info in qxl_process_single_command
drm/i915: fix error path in intel_setup_gmbus()
drm/i915/dsi: don't pass arbitrary data to sideband
drm/i915/dsi: defend gpio table against out of bounds access
drm/i915/skl: Don't skip mst encoders in skl_ddi_pll_select()
drm/i915: Don't reject primary plane windowing with color keying enabled on SKL+
drm/i915/dp: fall back to 18 bpp when sink capability is unknown
drm/i915: Make sure DC writes are coherent on flush.
drm/i915: Init power domains early in driver load
drm/i915: intel_hpd_init(): Fix suspend/resume reprobing
drm/i915: Restore inhibiting the load of the default context
drm: fix missing reference counting decrease
drm/radeon: hold reference to fences in radeon_sa_bo_new
drm/radeon: mask out WC from BO on unsupported arches
drm: add helper to check for wc memory support
drm/radeon: fix DP audio support for APU with DCE4.1 display engine
drm/radeon: Add a common function for DFS handling
drm/radeon: cleaned up VCO output settings for DP audio
drm/radeon: properly byte swap vce firmware setup
drm/radeon: clean up fujitsu quirks
drm/radeon: Fix "slow" audio over DP on DCE8+
drm/radeon: call hpd_irq_event on resume
drm/radeon: Fix off-by-one errors in radeon_vm_bo_set_addr
drm/dp/mst: deallocate payload on port destruction
drm/dp/mst: Reverse order of MST enable and clearing VC payload table.
drm/dp/mst: move GUID storage from mgr, port to only mst branch
drm/dp/mst: Calculate MST PBN with 31.32 fixed point
drm: Add drm_fixp_from_fraction and drm_fixp2int_ceil
drm/dp/mst: fix in RAD element access
drm/dp/mst: fix in MSTB RAD initialization
drm/dp/mst: always send reply for UP request
drm/dp/mst: process broadcast messages correctly
drm/nouveau: platform: Fix deferred probe
drm/nouveau/disp/dp: ensure sink is powered up before attempting link training
drm/nouveau/display: Enable vblank irqs after display engine is on again.
drm/nouveau/kms: take mode_config mutex in connector hotplug path
drm/amdgpu/pm: adjust display configuration after powerstate
drm/amdgpu: Don't hang in amdgpu_flip_work_func on disabled crtc.
drm/amdgpu: use post-decrement in error handling
drm/amdgpu: fix issue with overlapping userptrs
drm/amdgpu: hold reference to fences in amdgpu_sa_bo_new (v2)
drm/amdgpu: remove unnecessary forward declaration
drm/amdgpu: fix s4 resume
drm/amdgpu: remove exp hardware support from iceland
drm/amdgpu: don't load MEC2 on topaz
drm/amdgpu: drop topaz support from gmc8 module
drm/amdgpu: pull topaz gmc bits into gmc_v7
drm/amdgpu: The VI specific EXE bit should only apply to GMC v8.0 above
drm/amdgpu: iceland use CI based MC IP
drm/amdgpu: move gmc7 support out of CIK dependency
drm/amdgpu: no need to load MC firmware on fiji
drm/amdgpu: fix amdgpu_bo_pin_restricted VRAM placing v2
drm/amdgpu: fix tonga smu resume
drm/amdgpu: fix lost sync_to if scheduler is enabled.
drm/amdgpu: call hpd_irq_event on resume
drm/amdgpu: Fix off-by-one errors in amdgpu_vm_bo_map
drm/vmwgfx: respect 'nomodeset'
drm/vmwgfx: Fix a width / pitch mismatch on framebuffer updates
drm/vmwgfx: Fix an incorrect lock check
virtio_pci: fix use after free on release
virtio_balloon: fix race between migration and ballooning
virtio_balloon: fix race by fill and leak
regulator: mt6311: MT6311_REGULATOR needs to select REGMAP_I2C
regulator: axp20x: Fix GPIO LDO enable value for AXP22x
clk: exynos: use irqsave version of spin_lock to avoid deadlock with irqs
cxl: use correct operator when writing pcie config space values
sparc64: fix incorrect sign extension in sys_sparc64_personality
EDAC, mc_sysfs: Fix freeing bus' name
EDAC: Robustify workqueues destruction
MIPS: Fix buffer overflow in syscall_get_arguments()
MIPS: Fix some missing CONFIG_CPU_MIPSR6 #ifdefs
MIPS: hpet: Choose a safe value for the ETIME check
MIPS: Loongson-3: Fix SMP_ASK_C0COUNT IPI handler
Revert "MIPS: Fix PAGE_MASK definition"
cputime: Prevent 32bit overflow in time[val|spec]_to_cputime()
time: Avoid signed overflow in timekeeping_get_ns()
Bluetooth: 6lowpan: Fix handling of uncompressed IPv6 packets
Bluetooth: 6lowpan: Fix kernel NULL pointer dereferences
Bluetooth: Fix incorrect removing of IRKs
Bluetooth: Add support of Toshiba Broadcom based devices
Bluetooth: Use continuous scanning when creating LE connections
Drivers: hv: vmbus: Fix a Host signaling bug
tools: hv: vss: fix the write()'s argument: error -> vss_msg
mmc: sdhci: Allow override of get_cd() called from sdhci_request()
mmc: sdhci: Allow override of mmc host operations
mmc: sdhci-pci: Fix card detect race for Intel BXT/APL
mmc: pxamci: fix again read-only gpio detection polarity
mmc: sdhci-acpi: Fix card detect race for Intel BXT/APL
mmc: mmci: fix an ages old detection error
mmc: core: Enable tuning according to the actual timing
mmc: sdhci: Fix sdhci_runtime_pm_bus_on/off()
mmc: mmc: Fix incorrect use of driver strength switching HS200 and HS400
mmc: sdio: Fix invalid vdd in voltage switch power cycle
mmc: sdhci: Fix DMA descriptor with zero data length
mmc: sdhci-pci: Do not default to 33 Ohm driver strength for Intel SPT
mmc: usdhi6rol0: handle NULL data in timeout
clockevents/tcb_clksrc: Prevent disabling an already disabled clock
posix-clock: Fix return code on the poll method's error path
irqchip/gic-v3-its: Fix double ICC_EOIR write for LPI in EOImode==1
irqchip/atmel-aic: Fix wrong bit operation for IRQ priority
irqchip/mxs: Add missing set_handle_irq()
irqchip/omap-intc: Add support for spurious irq handling
coresight: checking for NULL string in coresight_name_match()
dm: fix dm_rq_target_io leak on faults with .request_fn DM w/ blk-mq paths
dm snapshot: fix hung bios when copy error occurs
dm space map metadata: remove unused variable in brb_pop()
tda1004x: only update the frontend properties if locked
vb2: fix a regression in poll() behavior for output,streams
gspca: ov534/topro: prevent a division by 0
si2157: return -EINVAL if firmware blob is too big
media: dvb-core: Don't force CAN_INVERSION_AUTO in oneshot mode
rc: sunxi-cir: Initialize the spinlock properly
namei: ->d_inode of a pinned dentry is stable only for positives
mei: validate request value in client notify request ioctl
mei: fix fasync return value on error
rtlwifi: rtl8723be: Fix module parameter initialization
rtlwifi: rtl8188ee: Fix module parameter initialization
rtlwifi: rtl8192se: Fix module parameter initialization
rtlwifi: rtl8723ae: Fix initialization of module parameters
rtlwifi: rtl8192de: Fix incorrect module parameter descriptions
rtlwifi: rtl8192ce: Fix handling of module parameters
rtlwifi: rtl8192cu: Add missing parameter setup
rtlwifi: rtl_pci: Fix kernel panic
locks: fix unlock when fcntl_setlk races with a close
um: link with -lpthread
uml: fix hostfs mknod()
uml: flush stdout before forking
s390/fpu: signals vs. floating point control register
s390/compat: correct restore of high gprs on signal return
s390/dasd: fix performance drop
s390/dasd: fix refcount for PAV reassignment
s390/dasd: prevent incorrect length error under z/VM after PAV changes
s390: fix normalization bug in exception table sorting
btrfs: initialize the seq counter in struct btrfs_device
Btrfs: Initialize btrfs_root->highest_objectid when loading tree root and subvolume roots
Btrfs: fix transaction handle leak on failure to create hard link
Btrfs: fix number of transaction units required to create symlink
Btrfs: send, don't BUG_ON() when an empty symlink is found
btrfs: statfs: report zero available if metadata are exhausted
Btrfs: igrab inode in writepage
Btrfs: add missing brelse when superblock checksum fails
KVM: s390: fix memory overwrites when vx is disabled
s390/kvm: remove dependency on struct save_area definition
clocksource/drivers/vt8500: Increase the minimum delta
genirq: Validate action before dereferencing it in handle_irq_event_percpu()
mm: numa: quickly fail allocations for NUMA balancing on full nodes
mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED
ocfs2: unlock inode if deleting inode from orphan fails
drm/i915: shut up gen8+ SDE irq dmesg noise
iw_cxgb3: Fix incorrectly returning error on success
spi: omap2-mcspi: Prevent duplicate gpio_request
drivers: android: correct the size of struct binder_uintptr_t for BC_DEAD_BINDER_DONE
USB: option: add "4G LTE usb-modem U901"
USB: option: add support for SIM7100E
USB: cp210x: add IDs for GE B650V3 and B850V3 boards
usb: dwc3: Fix assignment of EP transfer resources
can: ems_usb: Fix possible tx overflow
dm thin: fix race condition when destroying thin pool workqueue
bcache: Change refill_dirty() to always scan entire disk if necessary
bcache: prevent crash on changing writeback_running
bcache: allows use of register in udev to avoid "device_busy" error.
bcache: unregister reboot notifier if bcache fails to unregister device
bcache: fix a leak in bch_cached_dev_run()
bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing device
bcache: Add a cond_resched() call to gc
bcache: fix a livelock when we cause a huge number of cache misses
lib/ucs2_string: Correct ucs2 -> utf8 conversion
efi: Add pstore variables to the deletion whitelist
efi: Make efivarfs entries immutable by default
efi: Make our variable validation list include the guid
efi: Do variable name validation tests in utf8
efi: Use ucs2_as_utf8 in efivarfs instead of open coding a bad version
lib/ucs2_string: Add ucs2 -> utf8 helper functions
ARM: 8457/1: psci-smp is built only for SMP
drm/gma500: Use correct unref in the gem bo create function
devm_memremap: Fix error value when memremap failed
KVM: s390: fix guest fprs memory leak
arm64: errata: Add -mpc-relative-literal-loads to build flags
ARM: debug-ll: fix BCM63xx entry for multiplatform
ext4: fix bh->b_state corruption
sctp: Fix port hash table size computation
unix_diag: fix incorrect sign extension in unix_lookup_by_ino
tipc: unlock in error path
rtnl: RTM_GETNETCONF: fix wrong return value
IFF_NO_QUEUE: Fix for drivers not calling ether_setup()
tcp/dccp: fix another race at listener dismantle
route: check and remove route cache when we get route
net_sched fix: reclassification needs to consider ether protocol changes
pppoe: fix reference counting in PPPoE proxy
l2tp: Fix error creating L2TP tunnels
net/mlx4_en: Avoid changing dev->features directly in run-time
net/mlx4_en: Choose time-stamping shift value according to HW frequency
net/mlx4_en: Count HW buffer overrun only once
qmi_wwan: add "4G LTE usb-modem U901"
tcp: md5: release request socket instead of listener
tipc: fix premature addition of node to lookup table
af_unix: Guard against other == sk in unix_dgram_sendmsg
af_unix: Don't set err in unix_stream_read_generic unless there was an error
ipv4: fix memory leaks in ip_cmsg_send() callers
bonding: Fix ARP monitor validation
bpf: fix branch offset adjustment on backjumps after patching ctx expansion
flow_dissector: Fix unaligned access in __skb_flow_dissector when used by eth_get_headlen
net: Copy inner L3 and L4 headers as unaligned on GRE TEB
sctp: translate network order to host order when users get a hmacid
enic: increment devcmd2 result ring in case of timeout
tg3: Fix for tg3 transmit queue 0 timed out when too many gso_segs
net:Add sysctl_max_skb_frags
tcp: do not drop syn_recv on all icmp reports
unix: correctly track in-flight fds in sending process user_struct
ipv6: fix a lockdep splat
ipv6: addrconf: Fix recursive spin lock call
ipv6/udp: use sticky pktinfo egress ifindex on connect()
ipv6: enforce flowi6_oif usage in ip6_dst_lookup_tail()
tcp: beware of alignments in tcp_get_info()
switchdev: Require RTNL mutex to be held when sending FDB notifications
inet: frag: Always orphan skbs inside ip_defrag()
tipc: fix connection abort during subscription cancel
net: dsa: fix mv88e6xxx switches
sctp: allow setting SCTP_SACK_IMMEDIATELY by the application
pptp: fix illegal memory access caused by multiple bind()s
af_unix: fix struct pid memory leak
tcp: fix NULL deref in tcp_v4_send_ack()
lwt: fix rx checksum setting for lwt devices tunneling over ipv6
tunnels: Allow IPv6 UDP checksums to be correctly controlled.
net: dp83640: Fix tx timestamp overflow handling.
gro: Make GRO aware of lightweight tunnels.
af_iucv: Validate socket address length in iucv_sock_bind()
Conflicts:
arch/arm64/Makefile
arch/arm64/include/asm/cacheflush.h
drivers/mmc/host/sdhci.c
drivers/usb/dwc3/ep0.c
drivers/usb/dwc3/gadget.c
kernel/module.c
sound/core/pcm_compat.c
CRs-Fixed: 1010239
Signed-off-by: Runmin Wang <runminw@codeaurora.org>
Change-Id: I41a28636fc9ad91f9d979b191784609476294cdf
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit cff10ce7b4f02718ffd25e3914e60559f5ef6ca0 upstream.
The commit cad20c278085d893ebd616cd20c0747a8e9d53c7 was supposed to
fix handling of devices first using public addresses and then
switching to RPAs after pairing. Unfortunately it missed a couple of
key places in the code.
1. When evaluating which devices should be removed from the existing
white list we also need to consider whether we have an IRK for them or
not, i.e. a call to hci_find_irk_by_addr() is needed.
2. In smp_notify_keys() we should not be requiring the knowledge of
the RPA, but should simply keep the IRK around if the other conditions
require it.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
The %pK restrictions are used to eliminate exposing kernel addresses.
When kptr_restrict is set to "0" there are no restrictions. When
kptr_restrict is set to "1", kernel pointers printed using the %pK
format specifier will be replaced with 0's unless the user has
CAP_SYSLOG. When kptr_restrict is set to "2", kernel pointers printed
using %pK will be replaced with 0's regardless of privileges.
Change-Id: Iacd8f7b7cdafed3a111507d3da899be9261ff09f
Signed-off-by: Dibyendu Roy <dibyen@codeaurora.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The L2CAP core expects channel implementations to manage the reference
returned by the new_connection callback. With sockets this is already
handled with each channel being tied to the corresponding socket. With
SMP however there's no context to tie the pointer to in the
smp_new_conn_cb function. The function can also not just drop the
reference since it's the only one at that point.
For fixed channels (like SMP) the code path inside the L2CAP core from
new_connection() to ready() is short and straight-forwards. The
crucial difference is that in ready() the implementation has access to
the l2cap_conn that SMP needs associate its l2cap_chan. Instead of
taking a new reference in smp_ready_cb() we can simply assume to
already own the reference created in smp_new_conn_cb(), i.e. there is
no need to call l2cap_chan_hold().
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org # 3.19+
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When unpairing the keys stored in hci_dev are removed. If SMP is
ongoing the SMP context will also have references to these keys, so
removing them from the hci_dev lists will make the pointers invalid.
This can result in the following type of crashes:
BUG: unable to handle kernel paging request at 6b6b6b6b
IP: [<c11f26be>] __list_del_entry+0x44/0x71
*pde = 00000000
Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
Modules linked in: hci_uart btqca btusb btintel btbcm btrtl hci_vhci rfcomm bluetooth_6lowpan bluetooth
CPU: 0 PID: 723 Comm: kworker/u5:0 Not tainted 4.3.0-rc3+ #1379
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.1-20150318_183358- 04/01/2014
Workqueue: hci0 hci_rx_work [bluetooth]
task: f19da940 ti: f1a94000 task.ti: f1a94000
EIP: 0060:[<c11f26be>] EFLAGS: 00010202 CPU: 0
EIP is at __list_del_entry+0x44/0x71
EAX: c0088d20 EBX: f30fcac0 ECX: 6b6b6b6b EDX: 6b6b6b6b
ESI: f4b60000 EDI: c0088d20 EBP: f1a95d90 ESP: f1a95d8c
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
CR0: 8005003b CR2: 6b6b6b6b CR3: 319e5000 CR4: 00000690
Stack:
f30fcac0 f1a95db0 f82dc3e1 f1bfc000 00000000 c106524f f1bfc000 f30fd020
f1a95dc0 f1a95dd0 f82dcbdb f1a95de0 f82dcbdb 00000067 f1bfc000 f30fd020
f1a95de0 f1a95df0 f82d1126 00000067 f82d1126 00000006 f30fd020 f1bfc000
Call Trace:
[<f82dc3e1>] smp_chan_destroy+0x192/0x240 [bluetooth]
[<c106524f>] ? trace_hardirqs_on_caller+0x14e/0x169
[<f82dcbdb>] smp_teardown_cb+0x47/0x64 [bluetooth]
[<f82dcbdb>] ? smp_teardown_cb+0x47/0x64 [bluetooth]
[<f82d1126>] l2cap_chan_del+0x5d/0x14d [bluetooth]
[<f82d1126>] ? l2cap_chan_del+0x5d/0x14d [bluetooth]
[<f82d40ef>] l2cap_conn_del+0x109/0x17b [bluetooth]
[<f82d40ef>] ? l2cap_conn_del+0x109/0x17b [bluetooth]
[<f82c0205>] ? hci_event_packet+0x5b1/0x2092 [bluetooth]
[<f82d41aa>] l2cap_disconn_cfm+0x49/0x50 [bluetooth]
[<f82d41aa>] ? l2cap_disconn_cfm+0x49/0x50 [bluetooth]
[<f82c0228>] hci_event_packet+0x5d4/0x2092 [bluetooth]
[<c1332c16>] ? skb_release_data+0x6a/0x95
[<f82ce5d4>] ? hci_send_to_monitor+0xe7/0xf4 [bluetooth]
[<c1409708>] ? _raw_spin_unlock_irqrestore+0x44/0x57
[<f82b3bb0>] hci_rx_work+0xf1/0x28b [bluetooth]
[<f82b3bb0>] ? hci_rx_work+0xf1/0x28b [bluetooth]
[<c10635a0>] ? __lock_is_held+0x2e/0x44
[<c104772e>] process_one_work+0x232/0x432
[<c1071ddc>] ? rcu_read_lock_sched_held+0x50/0x5a
[<c104772e>] ? process_one_work+0x232/0x432
[<c1047d48>] worker_thread+0x1b8/0x255
[<c1047b90>] ? rescuer_thread+0x23c/0x23c
[<c104bb71>] kthread+0x91/0x96
[<c14096a7>] ? _raw_spin_unlock_irq+0x27/0x44
[<c1409d61>] ret_from_kernel_thread+0x21/0x30
[<c104bae0>] ? kthread_parkme+0x1e/0x1e
To solve the issue, introduce a new smp_cancel_pairing() API that can
be used to clean up the SMP state before touching the hci_dev lists.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |
|
|
|
|
|
|
|
| |
There's no need to clear the HCI_CONN_ENCRYPT_PEND flag in
smp_failure. In fact, this may cause the encryption tracking to get
out of sync as this has nothing to do with HCI activity.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There are LE devices on the market that start off by announcing their
public address and then once paired switch to using private address.
To be interoperable with such devices we should simply trust the fact
that we're receiving an IRK from them to indicate that they may use
private addresses in the future. Instead, simply tie the persistency
to the bonding/no-bonding information the same way as for LTKs and
CSRKs.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
net/ipv4/arp.c
The net/ipv4/arp.c conflict was one commit adding a new
local variable while another commit was deleting one.
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There are several actions that smp_conn_security() might make that do
not require a valid SMP context (conn->smp pointer). One of these
actions is to encrypt the link with an existing LTK. If the SMP
context wasn't initialized properly we should still allow the
independent actions to be done, i.e. the check for the context should
only be done at the last possible moment.
Reported-by: Chuck Ebbert <cebbert.lkml@gmail.com>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org # 4.0+
|
| |/
|
|
|
| |
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The l2cap_conn->smp pointer may be NULL for various valid reasons where SMP has
failed to initialize properly. One such scenario is when crypto support is
missing, another when the adapter has been powered on through a legacy method.
The smp_conn_security() function should have the appropriate check for this
situation to avoid NULL pointer dereferences.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Cc: stable@vger.kernel.org # 4.0+
|
| |
|
|
|
|
|
|
|
| |
When pairing over SMP over BR/EDR the generated LTK has by default the
same key size as the BR/EDR Link Key. Make sure we don't set our
Pairing Request/Response max value to anything higher than that.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |
|
|
|
|
|
|
|
|
| |
This patch adds a debugfs control to set a different minimum LE
encryption key size. This is useful for testing that implementation of
the encryption key size handling is behaving correctly (e.g. that we
get appropriate 'Encryption Key Size' error responses when necessary).
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |
|
|
|
|
|
|
|
| |
This patch adds a debugfs control to set a different maximum LE
encryption key size. This is useful for testing that implementation of
the encryption key size handling is behaving correctly.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When we notify user space of a new LTK or distribute an LTK to the
remote peer the value passed should be the shortened version so that
it's easy to compare values in various traces. The core spec also sets
the requirements for the shortening/masking as:
"The masking shall be done after generation and before being
distributed, used or stored."
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The encryption key size for LTKs is supposed to be applied only at the
moment of encryption. When generating a Link Key (using LE SC) from
the LTK the full non-shortened value should be used. This patch
modifies the code to always keep the full value around and only apply
the key size when passing the value to HCI.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |
|
|
|
|
|
|
| |
To help debug legacy SMP crypto functions add debug logs of the
various values involved.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |
|
|
|
|
|
|
|
| |
When SMP selftest is enabled, then besides printing the result into the
kernel message buffer, also create a debugfs file that allows retrieving
the same information.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We're getting very close to the maximum possible size of bt_skb_cb. To
prepare to shrink the struct with the help of a union this patch moves
all L2CAP related variables into the l2cap_ctrl struct. To later add
other 'ctrl' structs the L2CAP one is renamed simple 'l2cap' instead
of 'control'.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |
|
|
|
|
|
|
|
|
| |
When the allocation of the L2CAP channel for the BR/EDR security manager
fails, then the smp variable might be NULL. In that case do not try to
free the non-existing crypto contexts
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OS X version 10.10.2 (and possibly older versions) doesn't support LE
Secure Connections but incorrectly copies all authentication request
bits from a Security Request to its Pairing Request. The result is that
an SC capable initiator (such as BlueZ) will think OS X intends to do SC
when in fact it's incapable of it:
< ACL Data TX: Handle 3585 flags 0x00 dlen 6
SMP: Security Request (0x0b) len 1
Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09)
> ACL Data RX: Handle 3585 flags 0x02 dlen 11
SMP: Pairing Request (0x01) len 6
IO capability: KeyboardDisplay (0x04)
OOB data: Authentication data not present (0x00)
Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09)
Max encryption key size: 16
Initiator key distribution: EncKey (0x01)
Responder key distribution: EncKey IdKey Sign (0x07)
< ACL Data TX: Handle 3585 flags 0x00 dlen 11
SMP: Pairing Response (0x02) len 6
IO capability: NoInputNoOutput (0x03)
OOB data: Authentication data not present (0x00)
Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09)
Max encryption key size: 16
Initiator key distribution: EncKey (0x01)
Responder key distribution: EncKey Sign (0x05)
The pairing eventually fails when we get an unexpected Pairing Confirm
PDU instead of a Public Key PDU:
> ACL Data RX: Handle 3585 flags 0x02 dlen 21
SMP: Pairing Confirm (0x03) len 16
Confim value: bcc3bed31b8f313a78ec3cce32685faf
It is only at this point that we can speculate that the remote doesn't
really support SC. This patch creates a workaround for the just-works
model, however the MITM case is unsolvable because the OS X user has
already been requested to enter a PIN which we're now expected to
randomly generate and show the user (i.e. a chicken-and-egg problem).
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |
|
|
|
|
|
|
|
| |
The variable for the out-of-band random number was badly named and
with that confusing. Just rename it to local_rand so it is clear
what value it represents.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
| |
|
|
|
|
|
|
| |
Just for pure debugging purposes print the remote out-of-band data
that has been received and is going to be used.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
| |
|
|
|
| |
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
It might be a bit counterintuitive to set a 'local' flag based on remote
data. This patch adds a clarifying comment to the pairing req/rsp
handlers when setting the LOCAL_OOB flag based on the PDU received from
the remote side.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |
|
|
|
|
|
|
|
|
| |
When we receive the remote public key, if we have remote OOB data
there's no point in sending our public key to the remote if the OOB data
doesn't match. This patch moves the test for this higher up in the
smp_cmd_public_key() function.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |
|
|
|
|
|
|
|
|
| |
If we haven't received remote OOB data we cannot perform any special
checks on the confirm value. This patch updates the check after having
received the public key to only perform the verification if we have
remote OOB data present.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |
|
|
|
|
|
|
|
| |
If the SMP Pairing Request or Response PDU received from the remote
device indicates that it has received our OOB data we should set the
SMP_FLAG_LOCAL_OOB flag.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |
|
|
|
|
|
|
|
|
| |
There are several decisions in the SMP logic that depend not only on
whether we're doing SMP or not, but also whether local and/or remote OOB
data is present. This patch splits the existing SMP_FLAG_OOB into two
new flags to track local and remote OOB data respectively.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |
|
|
|
|
|
|
|
|
| |
We need to store the local ra/rb value in order to verify the Check
value received from the remote. This patch adds a new 'lr' for the local
ra/rb value and makes sure it gets used when verifying the DHKey Check
PDU received from the remote.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
| |
|
|
|
| |
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
| |
|
|
|
|
|
|
|
| |
The OOB public and secret key pair is different from the non-OOB pairing
procedure. SO when OOB method is in use, then use this key pair instead
of generating a new one.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
| |
|
|
|
|
|
|
|
| |
This patch adds a smp_generate_oob function that allows to create
local out-of-band data that can be used for pairing and also provides
the confirmation and random value.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
| |
|
|
|
|
|
|
|
| |
The security manager device will require the use of AES-CMAC hash for
out-of-band data generation. This patch makes sure it is correctly
set up and available.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Every Bluetooth Low Energy controller requires a local crypto context
to handle the resolvable private addresses. At the moment this is just
a single crypto context, but for out-of-band data generation it will
require an additional. To facility this, create a struct smp_dev that
will hold all the extra information. This patch is just the refactoring
in preparation for future changes.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
| |
|
|
|
|
|
|
|
| |
Within the security manager, it makes sense to use kzfree instead of
kfree for all data structures. This ensures that no key material leaks
by accident.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
With the extension of hdev->dev_flags utilizing a bitmap now, the space
is no longer restricted. Merge the hdev->dbg_flags into hdev->dev_flags
to save space on 64-bit architectures. On 32-bit architectures no size
reduction happens.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
| |
|
|
|
|
|
|
| |
Instead of manually coding test_bit on hdev->dev_flags all the time,
use hci_dev_test_flag helper macro.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
| |
|
|
|
|
|
|
| |
The SMP code contains two else branches that are not needed since the
successful test will actually leave the function.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The 'master' parameter of the New CSRK event was recently renamed to
'type', with the old values kept for backwards compatibility as
unauthenticated local/remote keys. This patch updates the code to take
into account the two new (authenticated) values and ensures they get
used based on the security level of the connection that the respective
keys get distributed over.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
