| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
lineage-18.1-caf-msm8998
* common/android-4.4-p:
Linux 4.4.296
xen/netback: don't queue unlimited number of packages
xen/console: harden hvc_xen against event channel storms
xen/netfront: harden netfront against event channel storms
xen/blkfront: harden blkfront against event channel storms
Input: touchscreen - avoid bitwise vs logical OR warning
ARM: 8805/2: remove unneeded naked function usage
net: lan78xx: Avoid unnecessary self assignment
net: systemport: Add global locking for descriptor lifecycle
timekeeping: Really make sure wall_to_monotonic isn't positive
USB: serial: option: add Telit FN990 compositions
PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error
USB: gadget: bRequestType is a bitfield, not a enum
igbvf: fix double free in `igbvf_probe`
soc/tegra: fuse: Fix bitwise vs. logical OR warning
nfsd: fix use-after-free due to delegation race
dm btree remove: fix use after free in rebalance_children()
recordmcount.pl: look for jgnop instruction as well as bcrl on s390
mac80211: send ADDBA requests using the tid/queue of the aggregation session
hwmon: (dell-smm) Fix warning on /proc/i8k creation error
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
i2c: rk3x: Handle a spurious start completion interrupt flag
parisc/agp: Annotate parisc agp init functions with __init
nfc: fix segfault in nfc_genl_dump_devices_done
FROMGIT: USB: gadget: bRequestType is a bitfield, not a enum
Linux 4.4.295
irqchip: nvic: Fix offset for Interrupt Priority Offsets
irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
iio: itg3200: Call iio_trigger_notify_done() on error
iio: ltr501: Don't return error code in trigger handler
iio: mma8452: Fix trigger reference couting
iio: stk3310: Don't return error code in interrupt handler
usb: core: config: fix validation of wMaxPacketValue entries
USB: gadget: zero allocate endpoint 0 buffers
USB: gadget: detect too-big endpoint 0 requests
net/qla3xxx: fix an error code in ql_adapter_up()
net, neigh: clear whole pneigh_entry at alloc time
net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
net: altera: set a couple error code in probe()
net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
tracefs: Set all files to the same group ownership as the mount option
signalfd: use wake_up_pollfree()
binder: use wake_up_pollfree()
wait: add wake_up_pollfree()
libata: add horkage for ASMedia 1092
can: pch_can: pch_can_rx_normal: fix use after free
tracefs: Have new files inherit the ownership of their parent
ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
ALSA: pcm: oss: Limit the period size to 16MB
ALSA: pcm: oss: Fix negative period/buffer sizes
ALSA: ctl: Fix copy of updated id with element read/write
mm: bdi: initialize bdi_min_ratio when bdi is unregistered
nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
can: sja1000: fix use after free in ems_pcmcia_add_card()
HID: check for valid USB device for many HID drivers
HID: wacom: fix problems when device is not a valid USB device
HID: add USB_HID dependancy on some USB HID drivers
HID: add USB_HID dependancy to hid-chicony
HID: add USB_HID dependancy to hid-prodikeys
HID: add hid_is_usb() function to make it simpler for USB detection
HID: introduce hid_is_using_ll_driver
UPSTREAM: USB: gadget: zero allocate endpoint 0 buffers
UPSTREAM: USB: gadget: detect too-big endpoint 0 requests
Linux 4.4.294
serial: pl011: Add ACPI SBSA UART match id
tty: serial: msm_serial: Deactivate RX DMA for polling support
vgacon: Propagate console boot parameters before calling `vc_resize'
parisc: Fix "make install" on newer debian releases
siphash: use _unaligned version by default
net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()
natsemi: xtensa: fix section mismatch warnings
fget: check that the fd still exists after getting a ref to it
fs: add fget_many() and fput_many()
sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
kprobes: Limit max data_size of the kretprobe instances
net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock()
net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound
scsi: iscsi: Unblock session then wake up error handler
s390/setup: avoid using memblock_enforce_memory_limit
platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep
net: return correct error code
hugetlb: take PMD sharing into account when flushing tlb/caches
tty: hvc: replace BUG_ON() with negative return value
xen/netfront: don't trust the backend response data blindly
xen/netfront: disentangle tx_skb_freelist
xen/netfront: don't read data from request on the ring page
xen/netfront: read response from backend only once
xen/blkfront: don't trust the backend response data blindly
xen/blkfront: don't take local copy of a request from the ring page
xen/blkfront: read response from backend only once
xen: sync include/xen/interface/io/ring.h with Xen's newest version
shm: extend forced shm destroy to support objects from several IPC nses
fuse: release pipe buf after last use
fuse: fix page stealing
NFC: add NCI_UNREG flag to eliminate the race
proc/vmcore: fix clearing user buffer by properly using clear_user()
hugetlbfs: flush TLBs correctly after huge_pmd_unshare
tracing: Check pid filtering when creating events
tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows
scsi: mpt3sas: Fix kernel panic during drive powercycle test
ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
NFSv42: Don't fail clone() unless the OP_CLONE operation failed
net: ieee802154: handle iftypes as u32
ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
ARM: dts: BCM5301X: Add interrupt properties to GPIO node
xen: detect uninitialized xenbus in xenbus_init
xen: don't continue xenstore initialization in case of errors
staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
ALSA: ctxfi: Fix out-of-range access
binder: fix test regression due to sender_euid change
usb: hub: Fix locking issues with address0_mutex
usb: hub: Fix usb enumeration issue due to address0 race
USB: serial: option: add Fibocom FM101-GL variants
USB: serial: option: add Telit LE910S1 0x9200 composition
staging: ion: Prevent incorrect reference counting behavour
Change-Id: Iadf9f213915d2a02b27ceb3b2144eac827ade329
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit f123cffdd8fe8ea6c7fded4b88516a42798797d0 ]
Adding a check on len parameter to avoid empty skb. This prevents a
division error in netem_enqueue function which is caused when skb->len=0
and skb->data_len=0 in the randomized corruption step as shown below.
skb->data[prandom_u32() % skb_headlen(skb)] ^= 1<<(prandom_u32() % 8);
Crash Report:
[ 343.170349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family
0 port 6081 - 0
[ 343.216110] netem: version 1.3
[ 343.235841] divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 343.236680] CPU: 3 PID: 4288 Comm: reproducer Not tainted 5.16.0-rc1+
[ 343.237569] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.11.0-2.el7 04/01/2014
[ 343.238707] RIP: 0010:netem_enqueue+0x1590/0x33c0 [sch_netem]
[ 343.239499] Code: 89 85 58 ff ff ff e8 5f 5d e9 d3 48 8b b5 48 ff ff
ff 8b 8d 50 ff ff ff 8b 85 58 ff ff ff 48 8b bd 70 ff ff ff 31 d2 2b 4f
74 <f7> f1 48 b8 00 00 00 00 00 fc ff df 49 01 d5 4c 89 e9 48 c1 e9 03
[ 343.241883] RSP: 0018:ffff88800bcd7368 EFLAGS: 00010246
[ 343.242589] RAX: 00000000ba7c0a9c RBX: 0000000000000001 RCX:
0000000000000000
[ 343.243542] RDX: 0000000000000000 RSI: ffff88800f8edb10 RDI:
ffff88800f8eda40
[ 343.244474] RBP: ffff88800bcd7458 R08: 0000000000000000 R09:
ffffffff94fb8445
[ 343.245403] R10: ffffffff94fb8336 R11: ffffffff94fb8445 R12:
0000000000000000
[ 343.246355] R13: ffff88800a5a7000 R14: ffff88800a5b5800 R15:
0000000000000020
[ 343.247291] FS: 00007fdde2bd7700(0000) GS:ffff888109780000(0000)
knlGS:0000000000000000
[ 343.248350] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 343.249120] CR2: 00000000200000c0 CR3: 000000000ef4c000 CR4:
00000000000006e0
[ 343.250076] Call Trace:
[ 343.250423] <TASK>
[ 343.250713] ? memcpy+0x4d/0x60
[ 343.251162] ? netem_init+0xa0/0xa0 [sch_netem]
[ 343.251795] ? __sanitizer_cov_trace_pc+0x21/0x60
[ 343.252443] netem_enqueue+0xe28/0x33c0 [sch_netem]
[ 343.253102] ? stack_trace_save+0x87/0xb0
[ 343.253655] ? filter_irq_stacks+0xb0/0xb0
[ 343.254220] ? netem_init+0xa0/0xa0 [sch_netem]
[ 343.254837] ? __kasan_check_write+0x14/0x20
[ 343.255418] ? _raw_spin_lock+0x88/0xd6
[ 343.255953] dev_qdisc_enqueue+0x50/0x180
[ 343.256508] __dev_queue_xmit+0x1a7e/0x3090
[ 343.257083] ? netdev_core_pick_tx+0x300/0x300
[ 343.257690] ? check_kcov_mode+0x10/0x40
[ 343.258219] ? _raw_spin_unlock_irqrestore+0x29/0x40
[ 343.258899] ? __kasan_init_slab_obj+0x24/0x30
[ 343.259529] ? setup_object.isra.71+0x23/0x90
[ 343.260121] ? new_slab+0x26e/0x4b0
[ 343.260609] ? kasan_poison+0x3a/0x50
[ 343.261118] ? kasan_unpoison+0x28/0x50
[ 343.261637] ? __kasan_slab_alloc+0x71/0x90
[ 343.262214] ? memcpy+0x4d/0x60
[ 343.262674] ? write_comp_data+0x2f/0x90
[ 343.263209] ? __kasan_check_write+0x14/0x20
[ 343.263802] ? __skb_clone+0x5d6/0x840
[ 343.264329] ? __sanitizer_cov_trace_pc+0x21/0x60
[ 343.264958] dev_queue_xmit+0x1c/0x20
[ 343.265470] netlink_deliver_tap+0x652/0x9c0
[ 343.266067] netlink_unicast+0x5a0/0x7f0
[ 343.266608] ? netlink_attachskb+0x860/0x860
[ 343.267183] ? __sanitizer_cov_trace_pc+0x21/0x60
[ 343.267820] ? write_comp_data+0x2f/0x90
[ 343.268367] netlink_sendmsg+0x922/0xe80
[ 343.268899] ? netlink_unicast+0x7f0/0x7f0
[ 343.269472] ? __sanitizer_cov_trace_pc+0x21/0x60
[ 343.270099] ? write_comp_data+0x2f/0x90
[ 343.270644] ? netlink_unicast+0x7f0/0x7f0
[ 343.271210] sock_sendmsg+0x155/0x190
[ 343.271721] ____sys_sendmsg+0x75f/0x8f0
[ 343.272262] ? kernel_sendmsg+0x60/0x60
[ 343.272788] ? write_comp_data+0x2f/0x90
[ 343.273332] ? write_comp_data+0x2f/0x90
[ 343.273869] ___sys_sendmsg+0x10f/0x190
[ 343.274405] ? sendmsg_copy_msghdr+0x80/0x80
[ 343.274984] ? slab_post_alloc_hook+0x70/0x230
[ 343.275597] ? futex_wait_setup+0x240/0x240
[ 343.276175] ? security_file_alloc+0x3e/0x170
[ 343.276779] ? write_comp_data+0x2f/0x90
[ 343.277313] ? __sanitizer_cov_trace_pc+0x21/0x60
[ 343.277969] ? write_comp_data+0x2f/0x90
[ 343.278515] ? __fget_files+0x1ad/0x260
[ 343.279048] ? __sanitizer_cov_trace_pc+0x21/0x60
[ 343.279685] ? write_comp_data+0x2f/0x90
[ 343.280234] ? __sanitizer_cov_trace_pc+0x21/0x60
[ 343.280874] ? sockfd_lookup_light+0xd1/0x190
[ 343.281481] __sys_sendmsg+0x118/0x200
[ 343.281998] ? __sys_sendmsg_sock+0x40/0x40
[ 343.282578] ? alloc_fd+0x229/0x5e0
[ 343.283070] ? write_comp_data+0x2f/0x90
[ 343.283610] ? write_comp_data+0x2f/0x90
[ 343.284135] ? __sanitizer_cov_trace_pc+0x21/0x60
[ 343.284776] ? ktime_get_coarse_real_ts64+0xb8/0xf0
[ 343.285450] __x64_sys_sendmsg+0x7d/0xc0
[ 343.285981] ? syscall_enter_from_user_mode+0x4d/0x70
[ 343.286664] do_syscall_64+0x3a/0x80
[ 343.287158] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 343.287850] RIP: 0033:0x7fdde24cf289
[ 343.288344] Code: 01 00 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00
48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 db 2c 00 f7 d8 64 89 01 48
[ 343.290729] RSP: 002b:00007fdde2bd6d98 EFLAGS: 00000246 ORIG_RAX:
000000000000002e
[ 343.291730] RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
00007fdde24cf289
[ 343.292673] RDX: 0000000000000000 RSI: 00000000200000c0 RDI:
0000000000000004
[ 343.293618] RBP: 00007fdde2bd6e20 R08: 0000000100000001 R09:
0000000000000000
[ 343.294557] R10: 0000000100000001 R11: 0000000000000246 R12:
0000000000000000
[ 343.295493] R13: 0000000000021000 R14: 0000000000000000 R15:
00007fdde2bd7700
[ 343.296432] </TASK>
[ 343.296735] Modules linked in: sch_netem ip6_vti ip_vti ip_gre ipip
sit ip_tunnel geneve macsec macvtap tap ipvlan macvlan 8021q garp mrp
hsr wireguard libchacha20poly1305 chacha_x86_64 poly1305_x86_64
ip6_udp_tunnel udp_tunnel libblake2s blake2s_x86_64 libblake2s_generic
curve25519_x86_64 libcurve25519_generic libchacha xfrm_interface
xfrm6_tunnel tunnel4 veth netdevsim psample batman_adv nlmon dummy team
bonding tls vcan ip6_gre ip6_tunnel tunnel6 gre tun ip6t_rpfilter
ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set
ebtable_nat ebtable_broute ip6table_nat ip6table_mangle
ip6table_security ip6table_raw iptable_nat nf_nat nf_conntrack
nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle iptable_security
iptable_raw ebtable_filter ebtables rfkill ip6table_filter ip6_tables
iptable_filter ppdev bochs drm_vram_helper drm_ttm_helper ttm
drm_kms_helper cec parport_pc drm joydev floppy parport sg syscopyarea
sysfillrect sysimgblt i2c_piix4 qemu_fw_cfg fb_sys_fops pcspkr
[ 343.297459] ip_tables xfs virtio_net net_failover failover sd_mod
sr_mod cdrom t10_pi ata_generic pata_acpi ata_piix libata virtio_pci
virtio_pci_legacy_dev serio_raw virtio_pci_modern_dev dm_mirror
dm_region_hash dm_log dm_mod
[ 343.311074] Dumping ftrace buffer:
[ 343.311532] (ftrace buffer empty)
[ 343.312040] ---[ end trace a2e3db5a6ae05099 ]---
[ 343.312691] RIP: 0010:netem_enqueue+0x1590/0x33c0 [sch_netem]
[ 343.313481] Code: 89 85 58 ff ff ff e8 5f 5d e9 d3 48 8b b5 48 ff ff
ff 8b 8d 50 ff ff ff 8b 85 58 ff ff ff 48 8b bd 70 ff ff ff 31 d2 2b 4f
74 <f7> f1 48 b8 00 00 00 00 00 fc ff df 49 01 d5 4c 89 e9 48 c1 e9 03
[ 343.315893] RSP: 0018:ffff88800bcd7368 EFLAGS: 00010246
[ 343.316622] RAX: 00000000ba7c0a9c RBX: 0000000000000001 RCX:
0000000000000000
[ 343.317585] RDX: 0000000000000000 RSI: ffff88800f8edb10 RDI:
ffff88800f8eda40
[ 343.318549] RBP: ffff88800bcd7458 R08: 0000000000000000 R09:
ffffffff94fb8445
[ 343.319503] R10: ffffffff94fb8336 R11: ffffffff94fb8445 R12:
0000000000000000
[ 343.320455] R13: ffff88800a5a7000 R14: ffff88800a5b5800 R15:
0000000000000020
[ 343.321414] FS: 00007fdde2bd7700(0000) GS:ffff888109780000(0000)
knlGS:0000000000000000
[ 343.322489] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 343.323283] CR2: 00000000200000c0 CR3: 000000000ef4c000 CR4:
00000000000006e0
[ 343.324264] Kernel panic - not syncing: Fatal exception in interrupt
[ 343.333717] Dumping ftrace buffer:
[ 343.334175] (ftrace buffer empty)
[ 343.334653] Kernel Offset: 0x13600000 from 0xffffffff81000000
(relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 343.336027] Rebooting in 86400 seconds..
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Link: https://lore.kernel.org/r/20211129175328.55339-1-harshit.m.mogalapalli@oracle.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
lineage-18.1-caf-msm8998
# By Eric Dumazet (2) and others
# Via Greg Kroah-Hartman
* common/android-4.4-p:
Linux 4.4.289
perf/x86: Reset destroy callback on event init failure
scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
scsi: ses: Fix unsigned comparison with less than zero
mac80211: Drop frames from invalid MAC address in ad-hoc mode
netfilter: ip6_tables: zero-initialize fragment offset
HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing
gup: document and work around "COW can break either way" issue
i40e: fix endless loop under rtnl
netlink: annotate data races around nlk->bound
ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence
ptp_pch: Load module automatically if ID matches
net_sched: fix NULL deref in fifo_set_limit()
phy: mdio: fix memory leak
xtensa: call irqchip_init only when CONFIG_USE_OF is selected
nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero
USB: cdc-acm: fix break reporting
USB: cdc-acm: fix racy tty buffer accesses
Change-Id: I72428b366b3ed4931d8f8e8b38c7842ed48ead22
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 7707a4d01a648e4c655101a469c956cb11273655 ]
While existing code is correct, KCSAN is reporting
a data-race in netlink_insert / netlink_sendmsg [1]
It is correct to read nlk->bound without a lock, as netlink_autobind()
will acquire all needed locks.
[1]
BUG: KCSAN: data-race in netlink_insert / netlink_sendmsg
write to 0xffff8881031c8b30 of 1 bytes by task 18752 on cpu 0:
netlink_insert+0x5cc/0x7f0 net/netlink/af_netlink.c:597
netlink_autobind+0xa9/0x150 net/netlink/af_netlink.c:842
netlink_sendmsg+0x479/0x7c0 net/netlink/af_netlink.c:1892
sock_sendmsg_nosec net/socket.c:703 [inline]
sock_sendmsg net/socket.c:723 [inline]
____sys_sendmsg+0x360/0x4d0 net/socket.c:2392
___sys_sendmsg net/socket.c:2446 [inline]
__sys_sendmsg+0x1ed/0x270 net/socket.c:2475
__do_sys_sendmsg net/socket.c:2484 [inline]
__se_sys_sendmsg net/socket.c:2482 [inline]
__x64_sys_sendmsg+0x42/0x50 net/socket.c:2482
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
read to 0xffff8881031c8b30 of 1 bytes by task 18751 on cpu 1:
netlink_sendmsg+0x270/0x7c0 net/netlink/af_netlink.c:1891
sock_sendmsg_nosec net/socket.c:703 [inline]
sock_sendmsg net/socket.c:723 [inline]
__sys_sendto+0x2a8/0x370 net/socket.c:2019
__do_sys_sendto net/socket.c:2031 [inline]
__se_sys_sendto net/socket.c:2027 [inline]
__x64_sys_sendto+0x74/0x90 net/socket.c:2027
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
value changed: 0x00 -> 0x01
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 18751 Comm: syz-executor.0 Not tainted 5.14.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Fixes: da314c9923fe ("netlink: Replace rhash_portid with bound")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
lineage-18.1-caf-msm8998
# By Sergey Shtylyov (9) and others
# Via Greg Kroah-Hartman
* common/android-4.4-p:
Linux 4.4.288
libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD.
usb: testusb: Fix for showing the connection speed
scsi: sd: Free scsi_disk device via put_device()
ext2: fix sleeping in atomic bugs on error
sparc64: fix pci_iounmap() when CONFIG_PCI is not set
xen-netback: correct success/error reporting for the SKB-with-fraglist case
af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
Linux 4.4.287
Revert "arm64: Mark __stack_chk_guard as __ro_after_init"
Linux 4.4.286
cred: allow get_cred() and put_cred() to be given NULL.
HID: usbhid: free raw_report buffers in usbhid_stop
netfilter: ipset: Fix oversized kvmalloc() calls
HID: betop: fix slab-out-of-bounds Write in betop_probe
arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55
EDAC/synopsys: Fix wrong value type assignment for edac_mode
ext4: fix potential infinite loop in ext4_dx_readdir()
ipack: ipoctal: fix module reference leak
ipack: ipoctal: fix missing allocation-failure check
ipack: ipoctal: fix tty-registration error handling
ipack: ipoctal: fix tty registration race
ipack: ipoctal: fix stack information leak
e100: fix buffer overrun in e100_get_regs
e100: fix length calculation in e100_get_regs_len
ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
mac80211: fix use-after-free in CCMP/GCMP RX
tty: Fix out-of-bound vmalloc access in imageblit
qnx4: work around gcc false positive warning bug
spi: Fix tegra20 build with CONFIG_PM=n
net: 6pack: Fix tx timeout and slot time
alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile
arm64: Mark __stack_chk_guard as __ro_after_init
parisc: Use absolute_pointer() to define PAGE0
qnx4: avoid stringop-overread errors
sparc: avoid stringop-overread errors
net: i825xx: Use absolute_pointer for memcpy from fixed memory location
compiler.h: Introduce absolute_pointer macro
m68k: Double cast io functions to unsigned long
blktrace: Fix uaf in blk_trace access after removing by sysfs
scsi: iscsi: Adjust iface sysfs attr detection
net/mlx4_en: Don't allow aRFS for encapsulated packets
net: hso: fix muxed tty registration
USB: serial: option: add device id for Foxconn T99W265
USB: serial: option: remove duplicate USB device ID
USB: serial: option: add Telit LN920 compositions
USB: serial: mos7840: remove duplicated 0xac24 device ID
USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
xen/x86: fix PV trap handling on secondary processors
cifs: fix incorrect check for null pointer in header_assemble
usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
usb: gadget: r8a66597: fix a loop in set_feature()
Linux 4.4.285
sctp: validate from_addr_param return
drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
nilfs2: fix NULL pointer in nilfs_##name##_attr_release
nilfs2: fix memory leak in nilfs_sysfs_create_device_group
ceph: lockdep annotations for try_nonblocking_invalidate
dmaengine: ioat: depends on !UML
parisc: Move pci_dev_is_behind_card_dino to where it is used
dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
dmaengine: acpi-dma: check for 64-bit MMIO address
profiling: fix shift-out-of-bounds bugs
prctl: allow to setup brk for et_dyn executables
9p/trans_virtio: Remove sysfs file on probe failure
thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
sctp: validate chunk size in __rcv_asconf_lookup
PM / wakeirq: Fix unbalanced IRQ enable for wakeirq
s390/bpf: Fix optimizing out zero-extensions
Linux 4.4.284
s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
net: renesas: sh_eth: Fix freeing wrong tx descriptor
qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
ARC: export clear_user_page() for modules
mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()'
PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
ethtool: Fix an error code in cxgb2.c
dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
net/af_unix: fix a data-race in unix_dgram_poll
tipc: increase timeout in tipc_sk_enqueue()
r6040: Restore MDIO clock frequency after MAC reset
net/l2tp: Fix reference count leak in l2tp_udp_recv_core
dccp: don't duplicate ccid when cloning dccp sock
ptp: dp83640: don't define PAGE0
net-caif: avoid user-triggerable WARN_ON(1)
bnx2x: Fix enabling network interfaces without VFs
platform/chrome: cros_ec_proto: Send command again when timeout occurs
parisc: fix crash with signals and alloca
net: fix NULL pointer reference in cipso_v4_doi_free
ath9k: fix OOB read ar9300_eeprom_restore_internal
parport: remove non-zero check on count
Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set"
cifs: fix wrong release in sess_alloc_buffer() failed path
mmc: rtsx_pci: Fix long reads when clock is prescaled
gfs2: Don't call dlm after protocol is unmounted
rpc: fix gss_svc_init cleanup on failure
ARM: tegra: tamonten: Fix UART pad setting
gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port()
Bluetooth: skip invalid hci_sync_conn_complete_evt
serial: 8250_pci: make setup_port() parameters explicitly unsigned
hvsi: don't panic on tty_register_driver failure
xtensa: ISS: don't panic in rs_init
serial: 8250: Define RX trigger levels for OxSemi 950 devices
s390/jump_label: print real address in a case of a jump label bug
ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
video: fbdev: riva: Error out if 'pixclock' equals zero
video: fbdev: kyro: Error out if 'pixclock' equals zero
video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
bpf/tests: Do not PASS tests without actually testing the result
bpf/tests: Fix copy-and-paste error in double word test
tty: serial: jsm: hold port lock when reporting modem line changes
usb: gadget: u_ether: fix a potential null pointer dereference
usb: host: fotg210: fix the actual_length of an iso packet
Smack: Fix wrong semantics in smk_access_entry()
netlink: Deal with ESRCH error in nlmsg_notify()
video: fbdev: kyro: fix a DoS bug by restricting user input
iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
PCI: Use pci_update_current_state() in pci_enable_device_flags()
crypto: mxs-dcp - Use sg_mapping_iter to copy data
pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
openrisc: don't printk() unconditionally
PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
ARM: 9105/1: atags_to_fdt: don't warn about stack size
libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
media: rc-loopback: return number of emitters rather than error
media: uvc: don't do DMA on stack
VMCI: fix NULL pointer dereference when unmapping queue pair
power: supply: max17042: handle fails of reading status register
xen: fix setting of max_pfn in shared_info
PCI/MSI: Skip masking MSI-X on Xen PV
rtc: tps65910: Correct driver module alias
fbmem: don't allow too huge resolutions
clk: kirkwood: Fix a clocking boot regression
KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted
tty: Fix data race between tiocsti() and flush_to_ldisc()
ipv4: make exception cache less predictible
bcma: Fix memory leak for internally-handled cores
ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
i2c: mt65xx: fix IRQ check
CIFS: Fix a potencially linear read overflow
mmc: moxart: Fix issue with uninitialized dma_slave_config
mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
i2c: s3c2410: fix IRQ check
i2c: iop3xx: fix deferred probing
Bluetooth: add timeout sanity check to hci_inquiry
usb: gadget: mv_u3d: request_irq() after initializing UDC
usb: phy: tahvo: add IRQ check
usb: host: ohci-tmio: add IRQ check
Bluetooth: Move shutdown callback before flushing tx and rx queue
usb: phy: twl6030: add IRQ checks
usb: phy: fsl-usb: add IRQ check
usb: gadget: udc: at91: add IRQ check
drm/msm/dsi: Fix some reference counted resource leaks
Bluetooth: fix repeated calls to sco_sock_kill
arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7
Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
PCI: PM: Enable PME if it can be signaled from D3cold
i2c: highlander: add IRQ check
net: cipso: fix warnings in netlbl_cipsov4_add_std
tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
media: go7007: remove redundant initialization
media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
certs: Trigger creation of RSA module signing key if it's not an RSA key
m68k: emu: Fix invalid free in nfeth_cleanup()
udf_get_extendedattr() had no boundary checks.
crypto: qat - fix reuse of completion variable
crypto: qat - do not ignore errors from enable_vf2pf_comms()
libata: fix ata_host_start()
power: supply: max17042_battery: fix typo in MAx17042_TOFF
crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop()
crypto: mxs-dcp - Check for DMA mapping errors
PCI: Call Max Payload Size-related fixup quirks early
x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
Revert "btrfs: compression: don't try to compress if we don't have enough pages"
mm/page_alloc: speed up the iteration of max_order
net: ll_temac: Remove left-over debug message
powerpc/boot: Delete unneeded .globl _zimage_start
powerpc/module64: Fix comment in R_PPC64_ENTRY handling
mm/kmemleak.c: make cond_resched() rate-limiting more efficient
s390/disassembler: correct disassembly lines alignment
ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2)
tc358743: fix register i2c_rd/wr function fix
PM / wakeirq: Enable dedicated wakeirq for suspend
USB: serial: mos7720: improve OOM-handling in read_mos_reg()
usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled
igmp: Add ip_mc_list lock in ip_check_mc_rcu
media: stkwebcam: fix memory leak in stk_camera_probe
ath9k: Postpone key cache entry deletion for TXQ frames reference it
ath: Modify ath_key_delete() to not need full key entry
ath: Export ath_hw_keysetmac()
ath9k: Clear key cache explicitly on disabling hardware
ath: Use safer key clearing with key cache entries
ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
ARM: 8918/2: only build return_address() if needed
cryptoloop: add a deprecation warning
qede: Fix memset corruption
ARC: fix allnoconfig build warning
xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG
ext4: fix race writing to an inline_data file while its xattrs are changing
Change-Id: I0d3200388e095f977c784cba314b9cc061848c7a
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit fef773fc8110d8124c73a5e6610f89e52814637d ]
Yonghong Song report:
The bpf selftest tc_bpf failed with latest bpf-next.
The following is the command to run and the result:
$ ./test_progs -n 132
[ 40.947571] bpf_testmod: loading out-of-tree module taints kernel.
test_tc_bpf:PASS:test_tc_bpf__open_and_load 0 nsec
test_tc_bpf:PASS:bpf_tc_hook_create(BPF_TC_INGRESS) 0 nsec
test_tc_bpf:PASS:bpf_tc_hook_create invalid hook.attach_point 0 nsec
test_tc_bpf_basic:PASS:bpf_obj_get_info_by_fd 0 nsec
test_tc_bpf_basic:PASS:bpf_tc_attach 0 nsec
test_tc_bpf_basic:PASS:handle set 0 nsec
test_tc_bpf_basic:PASS:priority set 0 nsec
test_tc_bpf_basic:PASS:prog_id set 0 nsec
test_tc_bpf_basic:PASS:bpf_tc_attach replace mode 0 nsec
test_tc_bpf_basic:PASS:bpf_tc_query 0 nsec
test_tc_bpf_basic:PASS:handle set 0 nsec
test_tc_bpf_basic:PASS:priority set 0 nsec
test_tc_bpf_basic:PASS:prog_id set 0 nsec
libbpf: Kernel error message: Failed to send filter delete notification
test_tc_bpf_basic:FAIL:bpf_tc_detach unexpected error: -3 (errno 3)
test_tc_bpf:FAIL:test_tc_internal ingress unexpected error: -3 (errno 3)
The failure seems due to the commit
cfdf0d9ae75b ("rtnetlink: use nlmsg_notify() in rtnetlink_send()")
Deal with ESRCH error in nlmsg_notify() even the report variable is zero.
Reported-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Yajun Deng <yajun.deng@linux.dev>
Link: https://lore.kernel.org/r/20210719051816.11762-1-yajun.deng@linux.dev
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://android.googlesource.com/kernel/common into lineage-18.1-caf-msm8998
This brings LA.UM.9.2.r1-03400-SDMxx0.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
b5f0035416310 Merge 4.4.274 into android-4.4-p
Conflicts:
include/linux/spi/spi.h
Change-Id: I3daac7891ee93c70ffe08b7e70b77e8b2989af67
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 1d482e666b8e74c7555dbdfbfb77205eeed3ff2d ]
Syzbot reports that in mac80211 we have a potential deadlock
between our "local->stop_queue_reasons_lock" (spinlock) and
netlink's nl_table_lock (rwlock). This is because there's at
least one situation in which we might try to send a netlink
message with this spinlock held while it is also possible to
take the spinlock from a hardirq context, resulting in the
following deadlock scenario reported by lockdep:
CPU0 CPU1
---- ----
lock(nl_table_lock);
local_irq_disable();
lock(&local->queue_stop_reason_lock);
lock(nl_table_lock);
<Interrupt>
lock(&local->queue_stop_reason_lock);
This seems valid, we can take the queue_stop_reason_lock in
any kind of context ("CPU0"), and call ieee80211_report_ack_skb()
with the spinlock held and IRQs disabled ("CPU1") in some
code path (ieee80211_do_stop() via ieee80211_free_txskb()).
Short of disallowing netlink use in scenarios like these
(which would be rather complex in mac80211's case due to
the deep callchain), it seems the only fix for this is to
disable IRQs while nl_table_lock is held to avoid hitting
this scenario, this disallows the "CPU0" portion of the
reported deadlock.
Note that the writer side (netlink_table_grab()) already
disables IRQs for this lock.
Unfortunately though, this seems like a huge hammer, and
maybe the whole netlink table locking should be reworked.
Reported-by: syzbot+69ff9dff50dcfe14ddd4@syzkaller.appspotmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://android.googlesource.com/kernel/common into lineage-17.1-caf-msm8998
This brings LA.UM.8.4.r1-05700-8x98.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
8476df741c780 BACKPORT: xtables: extend matches and targets with .usersize
Conflicts:
drivers/usb/gadget/function/f_uac1.c
net/netlink/genetlink.c
sound/core/compress_offload.c
Change-Id: Id7b2fdf3942f1986edec869dcd965df632cc1c5f
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 1e82a62fec613844da9e558f3493540a5b7a7b67 ]
A potential deadlock can occur during registering or unregistering a
new generic netlink family between the main nl_table_lock and the
cb_lock where each thread wants the lock held by the other, as
demonstrated below.
1) Thread 1 is performing a netlink_bind() operation on a socket. As part
of this call, it will call netlink_lock_table(), incrementing the
nl_table_users count to 1.
2) Thread 2 is registering (or unregistering) a genl_family via the
genl_(un)register_family() API. The cb_lock semaphore will be taken for
writing.
3) Thread 1 will call genl_bind() as part of the bind operation to handle
subscribing to GENL multicast groups at the request of the user. It will
attempt to take the cb_lock semaphore for reading, but it will fail and
be scheduled away, waiting for Thread 2 to finish the write.
4) Thread 2 will call netlink_table_grab() during the (un)registration
call. However, as Thread 1 has incremented nl_table_users, it will not
be able to proceed, and both threads will be stuck waiting for the
other.
genl_bind() is a noop, unless a genl_family implements the mcast_bind()
function to handle setting up family-specific multicast operations. Since
no one in-tree uses this functionality as Cong pointed out, simply removing
the genl_bind() function will remove the possibility for deadlock, as there
is no attempt by Thread 1 above to take the cb_lock semaphore.
Fixes: c380d9a7afff ("genetlink: pass multicast bind/unbind to families")
Suggested-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Johannes Berg <johannes.berg@intel.com>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Sean Tranchetti <stranche@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://android.googlesource.com/kernel/common into lineage-17.1-caf-msm8998
This brings LA.UM.8.4.r1-05300-8x98.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
f9991115f0793 Merge 4.4.219 into android-4.4-p
Conflicts:
drivers/clk/qcom/clk-rcg2.c
drivers/scsi/sd.c
drivers/usb/gadget/function/f_fs.c
drivers/usb/gadget/function/u_serial.c
Change-Id: Ifed3db0ddda828c1697e57e9f73c1b73354bebf7
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 3a20773beeeeadec41477a5ba872175b778ff752 upstream.
Since nl_groups is a u32 we can't bind more groups via ->bind
(netlink_bind) call, but netlink has supported more groups via
setsockopt() for a long time and thus nlk->ngroups could be over 32.
Recently I added support for per-vlan notifications and increased the
groups to 33 for NETLINK_ROUTE which exposed an old bug in the
netlink_bind() code causing out-of-bounds access on archs where unsigned
long is 32 bits via test_bit() on a local variable. Fix this by capping the
maximum groups in netlink_bind() to BITS_PER_TYPE(u32), effectively
capping them at 32 which is the minimum of allocated groups and the
maximum groups which can be bound via netlink_bind().
CC: Christophe Leroy <christophe.leroy@c-s.fr>
CC: Richard Guy Briggs <rgb@redhat.com>
Fixes: 4f520900522f ("netlink: have netlink per-protocol bind function return an error code.")
Reported-by: Erhard F. <erhard_f@mailbox.org>
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refs/heads/tmp-f057ff9
Linux 4.4.148
x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
x86/init: fix build with CONFIG_SWAP=n
x86/speculation/l1tf: Fix up CPU feature flags
x86/mm/kmmio: Make the tracer robust against L1TF
x86/mm/pat: Make set_memory_np() L1TF safe
x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
x86/speculation/l1tf: Invert all not present mappings
x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
x86/speculation/l1tf: Protect PAE swap entries against L1TF
x86/cpufeatures: Add detection of L1D cache flush support.
x86/speculation/l1tf: Extend 64bit swap file size limit
x86/bugs: Move the l1tf function and define pr_fmt properly
x86/speculation/l1tf: Limit swap file size to MAX_PA/2
x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
mm: fix cache mode tracking in vm_insert_mixed()
mm: Add vm_insert_pfn_prot()
x86/speculation/l1tf: Add sysfs reporting for l1tf
x86/speculation/l1tf: Make sure the first page is always reserved
x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
x86/speculation/l1tf: Protect swap entries against L1TF
x86/speculation/l1tf: Change order of offset/type in swap entry
mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1
x86/mm: Fix swap entry comment and macro
x86/mm: Move swap offset/type up in PTE to work around erratum
x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
x86/irqflags: Provide a declaration for native_save_fl
kprobes/x86: Fix %p uses in error messages
x86/speculation: Protect against userspace-userspace spectreRSB
x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
ARM: dts: imx6sx: fix irq for pcie bridge
IB/ocrdma: fix out of bounds access to local buffer
IB/mlx4: Mark user MR as writable if actual virtual memory is writable
IB/core: Make testing MR flags for writability a static inline function
fix __legitimize_mnt()/mntput() race
fix mntput/mntput race
root dentries need RCU-delayed freeing
scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled
ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices
xen/netfront: don't cache skb_shinfo()
parisc: Define mb() and add memory barriers to assembler unlock sequences
parisc: Enable CONFIG_MLONGCALLS by default
fork: unconditionally clear stack on fork
ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV
tpm: fix race condition in tpm_common_write()
ext4: fix check to prevent initializing reserved inodes
Linux 4.4.147
jfs: Fix inconsistency between memory allocation and ea_buf->max_size
i2c: imx: Fix reinit_completion() use
ring_buffer: tracing: Inherit the tracing setting to next ring buffer
ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle
ext4: fix false negatives *and* false positives in ext4_check_descriptors()
netlink: Don't shift on 64 for ngroups
netlink: Don't shift with UB on nlk->ngroups
netlink: Do not subscribe to non-existent groups
nohz: Fix local_timer_softirq_pending()
genirq: Make force irq threading setup more robust
scsi: qla2xxx: Return error when TMF returns
scsi: qla2xxx: Fix ISP recovery on unload
Conflicts:
include/linux/swapfile.h
Removed CONFIG_CRYPTO_ECHAINIV from defconfig files since this upmerge is
adding this config to Kconfig file.
Change-Id: Ide96c29f919d76590c2bdccf356d1d464a892fd7
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 91874ecf32e41b5d86a4cb9d60e0bee50d828058 upstream.
It's legal to have 64 groups for netlink_sock.
As user-supplied nladdr->nl_groups is __u32, it's possible to subscribe
only to first 32 groups.
The check for correctness of .bind() userspace supplied parameter
is done by applying mask made from ngroups shift. Which broke Android
as they have 64 groups and the shift for mask resulted in an overflow.
Fixes: 61f4b23769f0 ("netlink: Don't shift with UB on nlk->ngroups")
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: netdev@vger.kernel.org
Cc: stable@vger.kernel.org
Reported-and-Tested-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 61f4b23769f0cc72ae62c9a81cf08f0397d40da8 ]
On i386 nlk->ngroups might be 32 or 0. Which leads to UB, resulting in
hang during boot.
Check for 0 ngroups and use (unsigned long long) as a type to shift.
Fixes: 7acf9d4237c4 ("netlink: Do not subscribe to non-existent groups").
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 7acf9d4237c46894e0fa0492dd96314a41742e84 ]
Make ABI more strict about subscribing to group > ngroups.
Code doesn't check for that and it looks bogus.
(one can subscribe to non-existing group)
Still, it's possible to bind() to all possible groups with (-1)
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: netdev@vger.kernel.org
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refs/heads/tmp-13962260
Linux 4.4.146
scsi: sg: fix minor memory leak in error path
crypto: padlock-aes - Fix Nano workaround data corruption
kvm: x86: vmx: fix vpid leak
virtio_balloon: fix another race between migration and ballooning
net: socket: fix potential spectre v1 gadget in socketcall
can: ems_usb: Fix memory leak on ems_usb_disconnect()
squashfs: more metadata hardenings
squashfs: more metadata hardening
netlink: Fix spectre v1 gadget in netlink_create()
net: dsa: Do not suspend/resume closed slave_dev
inet: frag: enforce memory limits earlier
tcp: add one more quick ack after after ECN events
tcp: refactor tcp_ecn_check_ce to remove sk type cast
tcp: do not aggressively quick ack after ECN events
tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode
tcp: do not force quickack when receiving out-of-order packets
NET: stmmac: align DMA stuff to largest cache line length
xen-netfront: wait xenbus state change when load module manually
net: lan78xx: fix rx handling before first packet is send
net: fix amd-xgbe flow-control issue
ipv4: remove BUG_ON() from fib_compute_spec_dst
ASoC: pxa: Fix module autoload for platform drivers
dmaengine: pxa_dma: remove duplicate const qualifier
ext4: check for allocation block validity with block group locked
ext4: fix inline data updates with checksums enabled
squashfs: be more careful about metadata corruption
random: mix rdrand with entropy sent in from userspace
drm: Add DP PSR2 sink enable bit
media: si470x: fix __be16 annotations
scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
scsi: scsi_dh: replace too broad "TP9" string with the exact models
media: omap3isp: fix unbalanced dma_iommu_mapping
crypto: authenc - don't leak pointers to authenc keys
crypto: authencesn - don't leak pointers to authenc keys
usb: hub: Don't wait for connect state at resume for powered-off ports
microblaze: Fix simpleImage format generation
audit: allow not equal op for audit by executable
rsi: Fix 'invalid vdd' warning in mmc
ipconfig: Correctly initialise ic_nameservers
drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
memory: tegra: Apply interrupts mask per SoC
memory: tegra: Do not handle spurious interrupts
ALSA: hda/ca0132: fix build failure when a local macro is defined
drm/atomic: Handling the case when setting old crtc for plane
media: siano: get rid of __le32/__le16 cast warnings
bpf: fix references to free_bpf_prog_info() in comments
thermal: exynos: fix setting rising_threshold for Exynos5433
scsi: megaraid: silence a static checker bug
scsi: 3w-xxxx: fix a missing-check bug
scsi: 3w-9xxx: fix a missing-check bug
perf: fix invalid bit in diagnostic entry
s390/cpum_sf: Add data entry sizes to sampling trailer entry
brcmfmac: Add support for bcm43364 wireless chipset
mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
media: saa7164: Fix driver name in debug output
libata: Fix command retry decision
media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
tty: Fix data race in tty_insert_flip_string_fixed_flag
HID: i2c-hid: check if device is there before really probing
powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet
drm/radeon: fix mode_valid's return type
HID: hid-plantronics: Re-resend Update to map button for PTT products
ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback
media: smiapp: fix timeout checking in smiapp_read_nvm
md: fix NULL dereference of mddev->pers in remove_and_add_spares()
regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
ALSA: emu10k1: Rate-limit error messages about page errors
scsi: ufs: fix exception event handling
mwifiex: correct histogram data with appropriate index
PCI: pciehp: Request control of native hotplug only if supported
pinctrl: at91-pio4: add missing of_node_put
powerpc/8xx: fix invalid register expression in head_8xx.S
powerpc/powermac: Mark variable x as unused
powerpc/powermac: Add missing prototype for note_bootable_part()
powerpc/chrp/time: Make some functions static, add missing header include
powerpc/32: Add a missing include header
ath: Add regulatory mapping for Bahamas
ath: Add regulatory mapping for Bermuda
ath: Add regulatory mapping for Serbia
ath: Add regulatory mapping for Tanzania
ath: Add regulatory mapping for Uganda
ath: Add regulatory mapping for APL2_FCCA
ath: Add regulatory mapping for APL13_WORLD
ath: Add regulatory mapping for ETSI8_WORLD
ath: Add regulatory mapping for FCC3_ETSIC
PCI: Prevent sysfs disable of device while driver is attached
btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
media: videobuf2-core: don't call memop 'finish' when queueing
wlcore: sdio: check for valid platform device data before suspend
mwifiex: handle race during mwifiex_usb_disconnect
mfd: cros_ec: Fail early if we cannot identify the EC
ASoC: dpcm: fix BE dai not hw_free and shutdown
Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
iwlwifi: pcie: fix race in Rx buffer allocator
perf/x86/intel/uncore: Correct fixed counter index check for NHM
perf/x86/intel/uncore: Correct fixed counter index check in generic code
usbip: usbip_detach: Fix memory, udev context and udev leak
f2fs: fix to don't trigger writeback during recovery
disable loading f2fs module on PAGE_SIZE > 4KB
RDMA/mad: Convert BUG_ONs to error flows
powerpc/64s: Fix compiler store ordering to SLB shadow area
hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
infiniband: fix a possible use-after-free bug
netfilter: ipset: List timing out entries with "timeout 1" instead of zero
rtc: ensure rtc_set_alarm fails when alarms are not supported
mm/slub.c: add __printf verification to slab_err()
mm: vmalloc: avoid racy handling of debugobjects in vunmap
nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
ALSA: fm801: add error handling for snd_ctl_add
ALSA: emu10k1: add error handling for snd_ctl_add
xen/netfront: raise max number of slots in xennet_get_responses()
tracing: Quiet gcc warning about maybe unused link variable
tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
tracing: Fix possible double free in event_enable_trigger_func()
tracing: Fix double free of event_trigger_data
Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
Input: elan_i2c - add ACPI ID for lenovo ideapad 330
MIPS: Fix off-by-one in pci_resource_to_user()
kernel/sys.c: fix merge error with 4.4.144
Conflicts:
drivers/scsi/ufs/ufshcd.c
include/net/tcp.h
net/socket.c
Change-Id: Ie84fdcf54b0a45508f76ef56330291f54e35ed30
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit bc5b6c0b62b932626a135f516a41838c510c6eba ]
'protocol' is a user-controlled value, so sanitize it after the bounds
check to avoid using it for speculative out-of-bounds access to arrays
indexed by it.
This addresses the following accesses detected with the help of smatch:
* net/netlink/af_netlink.c:654 __netlink_create() warn: potential
spectre issue 'nlk_cb_mutex_keys' [w]
* net/netlink/af_netlink.c:654 __netlink_create() warn: potential
spectre issue 'nlk_cb_mutex_key_strings' [w]
* net/netlink/af_netlink.c:685 netlink_create() warn: potential spectre
issue 'nl_table' [w] (local cap)
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Jeremy Cline <jcline@redhat.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refs/heads/tmp-46155cc
Linux 4.4.132
perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
tracing/uprobe_event: Fix strncpy corner case
Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"
atm: zatm: Fix potential Spectre v1
net: atm: Fix potential Spectre v1
can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()
tracing: Fix regex_match_front() to not over compare the test string
libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
rfkill: gpio: fix memory leak in probe error path
xfrm_user: fix return value from xfrm_user_rcv_msg
f2fs: fix a dead loop in f2fs_fiemap()
bdi: Fix oops in wb_workfn()
tcp: fix TCP_REPAIR_QUEUE bound checking
perf: Remove superfluous allocation error check
soreuseport: initialise timewait reuseport field
dccp: initialize ireq->ir_mark
net: fix uninit-value in __hw_addr_add_ex()
net: initialize skb->peeked when cloning
net: fix rtnh_ok()
netlink: fix uninit-value in netlink_sendmsg
crypto: af_alg - fix possible uninit-value in alg_bind()
ipvs: fix rtnl_lock lockups caused by start_sync_thread
usb: musb: host: fix potential NULL pointer dereference
USB: serial: option: adding support for ublox R410M
USB: serial: option: reimplement interface masking
USB: Accept bulk endpoints with 1024-byte maxpacket
USB: serial: visor: handle potential invalid device configuration
test_firmware: fix setting old custom fw path back on exit, second try
drm/vmwgfx: Fix a buffer object leak
IB/mlx5: Use unlimited rate when static rate is not supported
NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2
RDMA/mlx5: Protect from shift operand overflow
RDMA/ucma: Allow resolving address w/o specifying source address
xfs: prevent creating negative-sized file via INSERT_RANGE
Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro
Input: leds - fix out of bound access
tracepoint: Do not warn on ENOMEM
ALSA: aloop: Add missing cable lock to ctl API callbacks
ALSA: aloop: Mark paused device as inactive
ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
ALSA: pcm: Check PCM state at xfern compat ioctl
USB: serial: option: Add support for Quectel EP06
gpmi-nand: Handle ECC Errors in erased pages
ath10k: rebuild crypto header in rx data frames
ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
mac80211: Add RX flag to indicate ICV stripped
mac80211: allow same PN for AMSDU sub-frames
mac80211: allow not sending MIC up from driver for HW crypto
percpu: include linux/sched.h for cond_resched()
KVM: s390: Enable all facility bits that are known good for passthrough
bpf: map_get_next_key to return first key on NULL
perf/core: Fix the perf_cpu_time_max_percent check
goldfish: pipe: ANDROID: mark local functions static
Revert "goldfish: pipe: ANDROID: Allocate memory with GFP_KERNEL."
UPSTREAM: ANDROID: binder: prevent transactions into own process.
goldfish: pipe: ANDROID: Add DMA support
UPSTREAM: f2fs: clear PageError on writepage - part 2
UPSTREAM: f2fs: avoid fsync() failure caused by EAGAIN in writepage()
ANDROID: build.config: enforce trace_printk check
ANDROID: x86_64_cuttlefish_defconfig: Disable KPTI
UPSTREAM: mac80211: ibss: Fix channel type enum in ieee80211_sta_join_ibss()
UPSTREAM: mac80211: Fix clang warning about constant operand in logical operation
UPSTREAM: nl80211: Fix enum type of variable in nl80211_put_sta_rate()
UPSTREAM: sysfs: remove signedness from sysfs_get_dirent
UPSTREAM: tracing: Use cpumask_available() to check if cpumask variable may be used
BACKPORT: clocksource: Use GENMASK_ULL in definition of CLOCKSOURCE_MASK
UPSTREAM: netpoll: Fix device name check in netpoll_setup()
FROMLIST: staging: Fix sparse warnings in vsoc driver.
FROMLIST: staging: vsoc: Fix a i386-randconfig warning.
FROMLIST: staging: vsoc: Create wc kernel mapping for region shm.
Revert "goldfish: pipe: ANDROID: remove a redundant target"
goldfish: pipe: ANDROID: Replace writel with gf_write_ptr
goldfish: pipe: ANDROID: Use dev_ logging instead of pr_
goldfish: pipe: ANDROID: fix checkpatch warnings
goldfish: pipe: ANDROID: Update module license
Conflicts:
drivers/net/wireless/ath/ath10k/core.c
drivers/net/wireless/ath/ath10k/core.h
drivers/net/wireless/ath/ath10k/htt_rx.c
Change-Id: If2ede1dea6a07b3fd498724e83071fd547170e1c
[spathi@codeaurora.org: resolved compilation errors in ath10k
by rebuilding crypto header in rx data frames]
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 6091f09c2f79730d895149bcfe3d66140288cd0e upstream.
syzbot reported :
BUG: KMSAN: uninit-value in ffs arch/x86/include/asm/bitops.h:432 [inline]
BUG: KMSAN: uninit-value in netlink_sendmsg+0xb26/0x1310 net/netlink/af_netlink.c:1851
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refs/heads/tmp-89904cc
ANDROID: Add build server config for cuttlefish.
ANDROID: Add defconfig for cuttlefish.
FROMLIST: staging: Android: Add 'vsoc' driver for cuttlefish.
Revert "proc: make oom adjustment files user read-only"
Revert "fixup! proc: make oom adjustment files user read-only"
Linux 4.4.128
Revert "xhci: plat: Register shutdown for xhci_plat"
vrf: Fix use after free and double free in vrf_finish_output
ipv6: the entire IPv6 header chain must fit the first fragment
net/ipv6: Increment OUTxxx counters after netfilter hook
net sched actions: fix dumping which requires several messages to user space
r8169: fix setting driver_data after register_netdev
vti6: better validate user provided tunnel names
ip6_tunnel: better validate user provided tunnel names
ip6_gre: better validate user provided tunnel names
ipv6: sit: better validate user provided tunnel names
ip_tunnel: better validate user provided tunnel names
net: fool proof dev_valid_name()
bonding: process the err returned by dev_set_allmulti properly in bond_enslave
bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave
bonding: fix the err path for dev hwaddr sync in bond_enslave
vlan: also check phy_driver ts_info for vlan's real device
vhost: correctly remove wait queue during poll failure
sky2: Increase D3 delay to sky2 stops working after suspend
sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
sctp: do not leak kernel memory to user space
pptp: remove a buggy dst release in pptp_connect()
net/sched: fix NULL dereference in the error path of tcf_bpf_init()
netlink: make sure nladdr has correct size in netlink_connect()
net/ipv6: Fix route leaking between VRFs
net: fix possible out-of-bound read in skb_network_protocol()
arp: fix arp_filter on l3slave devices
Kbuild: provide a __UNIQUE_ID for clang
futex: Remove requirement for lock_page() in get_futex_key()
random: use lockless method of accessing and updating f->reg_idx
virtio_net: check return value of skb_to_sgvec in one more location
virtio_net: check return value of skb_to_sgvec always
rxrpc: check return value of skb_to_sgvec always
ipsec: check return value of skb_to_sgvec always
perf tools: Fix copyfile_offset update of output offset
cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages
EDAC, mv64x60: Fix an error handling path
tty: n_gsm: Allow ADM response in addition to UA for control dlci
blk-mq: fix kernel oops in blk_mq_tag_idle()
scsi: libsas: initialize sas_phy status according to response of DISCOVER
scsi: libsas: fix error when getting phy events
scsi: libsas: fix memory leak in sas_smp_get_phy_events()
bcache: segregate flash only volume write streams
bcache: stop writeback thread after detaching
vxlan: dont migrate permanent fdb entries during learn
s390/dasd: fix hanging safe offline
ACPICA: Disassembler: Abort on an invalid/unknown AML opcode
ACPICA: Events: Add runtime stub support for event APIs
cpuidle: dt: Add missing 'of_node_put()'
Bluetooth: Send HCI Set Event Mask Page 2 command only when needed
iio: magnetometer: st_magn_spi: fix spi_device_id table
sparc64: ldc abort during vds iso boot
sctp: fix recursive locking warning in sctp_do_peeloff
bnx2x: Allow vfs to disable txvlan offload
xen: avoid type warning in xchg_xen_ulong
skbuff: only inherit relevant tx_flags
perf tests: Decompress kernel module before objdump
net: emac: fix reset timeout with AR8035 phy
Fix loop device flush before configure v3
MIPS: kprobes: flush_insn_slot should flush only if probe initialised
MIPS: mm: adjust PKMAP location
MIPS: mm: fixed mappings: correct initialisation
perf/core: Correct event creation with PERF_FORMAT_GROUP
e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails
ARM: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull
net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support
mceusb: sporadic RX truncation corruption fix
cx25840: fix unchecked return values
e1000e: fix race condition around skb_tstamp_tx()
tags: honor COMPILED_SOURCE with apart output directory
perf report: Ensure the perf DSO mapping matches what libdw sees
perf header: Set proper module name when build-id event found
net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport
net/mlx4: Fix the check in attaching steering rules
sit: reload iphdr in ipip6_rcv
skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow
bio-integrity: Do not allocate integrity context for bio w/o data
Fix serial console on SNI RM400 machines
cxgb4: fix incorrect cim_la output for T6
drm/omap: fix tiled buffer stride calculations
mISDN: Fix a sleep-in-atomic bug
qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and qlcnic_82xx_hw_read_wx_2M
perf trace: Add mmap alias for s390
powerpc/spufs: Fix coredump of SPU contexts
clk: Fix __set_clk_rates error print-string
clk: scpi: fix return type of __scpi_dvfs_round_rate
KVM: SVM: do not zero out segment attributes if segment is unusable or not present
net: freescale: fix potential null pointer dereference
SUNRPC: ensure correct error is reported by xs_tcp_setup_socket()
rtc: interface: Validate alarm-time before handling rollover
rtc: opal: Handle disabled TPO in opal_get_tpo_time()
cxgb4: FW upgrade fixes
net/mlx5: avoid build warning for uniprocessor
arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage
dmaengine: imx-sdma: Handle return value of clk_prepare_enable
powerpc/[booke|4xx]: Don't clobber TCR[WP] when setting TCR[DIE]
ovl: filter trusted xattr for non-admin
hdlcdrv: Fix divide by zero in hdlcdrv_ioctl
wl1251: check return from call to wl1251_acx_arp_ip_filter
ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()'
gpio: label descriptors using the device name
vfb: fix video mode and line_length being set when loaded
scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag.
scsi: libiscsi: Allow sd_shutdown on bad transport
ASoC: Intel: cht_bsw_rt5645: Analog Mic support
media: videobuf2-core: don't go out of the buffer range
hwmon: (ina2xx) Make calibration register value fixed
rds; Reset rs->rs_bound_addr in rds_add_bound() failure path
l2tp: fix missing print session offset info
perf probe: Add warning message if there is unexpected event name
thermal: power_allocator: fix one race condition issue for thermal_instances list
ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node
net: llc: add lock_sock in llc_ui_bind to avoid a race condition
KVM: nVMX: Fix handling of lmsw instruction
bonding: Don't update slave->link until ready to commit
Input: elan_i2c - clear INT before resetting controller
net: move somaxconn init from sysctl code
tcp: better validation of received ack sequences
ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff()
fix race in drivers/char/random.c:get_reg()
scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats()
ASoC: rsnd: SSI PIO adjust to 24bit mode
pNFS/flexfiles: missing error code in ff_layout_alloc_lseg()
netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize
libceph: NULL deref on crush_decode() error path
net: ieee802154: fix net_device reference release too early
mlx5: fix bug reading rss_hash_type from CQE
block: fix an error code in add_partition()
selinux: do not check open permission on sockets
net/mlx5: Tolerate irq_set_affinity_hint() failures
sched/numa: Use down_read_trylock() for the mmap_sem
leds: pca955x: Correct I2C Functionality
ray_cs: Avoid reading past end of buffer
ARM: davinci: da8xx: Create DSP device only when assigned memory
md-cluster: fix potential lock issue in add_new_disk
ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors
iio: hi8435: cleanup reset gpio
iio: hi8435: avoid garbage event at first enable
xfrm: fix state migration copy replay sequence numbers
selftests/powerpc: Fix TM resched DSCR test with some compilers
ath5k: fix memory leak on buf on failed eeprom read
powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash
scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
sh_eth: Use platform device for printing before register_netdev()
serial: sh-sci: Fix race condition causing garbage during shutdown
serial: 8250: omap: Disable DMA for console UART
USB: ene_usb6250: fix SCSI residue overwriting
net: x25: fix one potential use-after-free issue
USB: ene_usb6250: fix first command execution
usb: chipidea: properly handle host or gadget initialization failure
arp: honour gratuitous ARP _replies_
neighbour: update neigh timestamps iff update is effective
ata: libahci: properly propagate return value of platform_get_irq()
btrfs: fix incorrect error return ret being passed to mapping_set_error
usb: dwc3: keystone: check return value
async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome()
ipv6: avoid dad-failures for addresses with NODAD
ARM: dts: imx6qdl-wandboard: Fix audio channel swap
x86/tsc: Provide 'tsc=unstable' boot parameter
staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384x_drvr_setconfig16, also fixes relative sparse warning
ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin
PowerCap: Fix an error code in powercap_register_zone()
bus: brcmstb_gisb: correct support for 64-bit address output
bus: brcmstb_gisb: Use register offsets with writes too
SMB2: Fix share type handling
vmxnet3: ensure that adapter is in proper state during force_close
KVM: PPC: Book3S PR: Check copy_to/from_user return values
Input: elantech - force relative mode on a certain module
Input: elan_i2c - check if device is there before really probing
netxen_nic: set rcode to the return status from the call to netxen_issue_cmd
net: qca_spi: Fix alignment issues in rx path
blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split op
CIFS: silence lockdep splat in cifs_relock_file()
NFSv4.1: Work around a Linux server bug...
net/mlx4_en: Avoid adding steering rules with invalid ring
s390: move _text symbol to address higher than zero
pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid()
drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests
lockd: fix lockd shutdown race
net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control
net: cdc_ncm: Fix TX zero padding
ipmi_ssif: unlock on allocation failure
qlge: Avoid reading past end of buffer
bna: Avoid reading past end of buffer
mac80211: bail out from prep_connection() if a reconfig is ongoing
af_key: Fix slab-out-of-bounds in pfkey_compile_policy.
IB/srpt: Fix abort handling
NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION
x86/asm: Don't use RBP as a temporary register in csum_partial_copy_generic()
rtc: snvs: fix an incorrect check of return value
md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock
cfg80211: make RATE_INFO_BW_20 the default
ANDROID: proc: add null check in proc_uid_init
f2fs/fscrypt: updates to v4.17-rc1
Reduce amount of casting in drivers/tty/goldfish.c.
Conflicts:
drivers/staging/android/Kconfig
drivers/staging/android/Makefile
Change-Id: Ic7aa3df76a0312b8d6d84f8a8e11e793311a239a
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 7880287981b60a6808f39f297bb66936e8bdf57a ]
KMSAN reports use of uninitialized memory in the case when |alen| is
smaller than sizeof(struct sockaddr_nl), and therefore |nladdr| isn't
fully copied from the userspace.
Signed-off-by: Alexander Potapenko <glider@google.com>
Fixes: 1da177e4c3f41524 ("Linux-2.6.12-rc2")
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refs/heads/tmp-d6bbe8b
Linux 4.4.127
Revert "ip6_vti: adjust vti mtu according to mtu of lower device"
net: cavium: liquidio: fix up "Avoid dma_unmap_single on uninitialized ndata"
spi: davinci: fix up dma_mapping_error() incorrect patch
Revert "mtip32xx: use runtime tag to initialize command header"
Revert "cpufreq: Fix governor module removal race"
Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin"
Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin"
Revert "PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()"
nospec: Kill array_index_nospec_mask_check()
nospec: Move array_index_nospec() parameter checking into separate macro
net: hns: Fix ethtool private flags
md/raid10: reset the 'first' at the end of loop
ARM: dts: am57xx-beagle-x15-common: Add overide powerhold property
ARM: dts: dra7: Add power hold and power controller properties to palmas
Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition
vt: change SGR 21 to follow the standards
Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad
Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list
staging: comedi: ni_mio_common: ack ai fifo error interrupts.
fs/proc: Stop trying to report thread stacks
crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one
crypto: ahash - Fix early termination in hash walk
parport_pc: Add support for WCH CH382L PCI-E single parallel port card.
media: usbtv: prevent double free in error case
mei: remove dev_err message on an unsupported ioctl
USB: serial: cp210x: add ELDAT Easywave RX09 id
USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator
USB: serial: ftdi_sio: add RT Systems VX-8 cable
usb: dwc2: Improve gadget state disconnection handling
scsi: virtio_scsi: always read VPD pages for multiqueue too
llist: clang: introduce member_address_is_nonnull()
Bluetooth: Fix missing encryption refresh on Security Request
netfilter: x_tables: add and use xt_check_proc_name
netfilter: bridge: ebt_among: add more missing match size checks
xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms()
RDMA/ucma: Introduce safer rdma_addr_size() variants
RDMA/ucma: Don't allow join attempts for unsupported AF family
RDMA/ucma: Check that device exists prior to accessing it
RDMA/ucma: Check that device is connected prior to access it
RDMA/ucma: Ensure that CM_ID exists prior to access it
RDMA/ucma: Fix use-after-free access in ucma_close
RDMA/ucma: Check AF family prior resolving address
xfrm_user: uncoditionally validate esn replay attribute struct
arm64: avoid overflow in VA_START and PAGE_OFFSET
selinux: Remove redundant check for unknown labeling behavior
netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch
tty: provide tty_name() even without CONFIG_TTY
audit: add tty field to LOGIN event
frv: declare jiffies to be located in the .data section
jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp
fs: compat: Remove warning from COMPATIBLE_IOCTL
selinux: Remove unnecessary check of array base in selinux_set_mapping()
cpumask: Add helper cpumask_available()
genirq: Use cpumask_available() for check of cpumask variable
netfilter: nf_nat_h323: fix logical-not-parentheses warning
Input: mousedev - fix implicit conversion warning
dm ioctl: remove double parentheses
PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant
writeback: fix the wrong congested state variable definition
ACPI, PCI, irq: remove redundant check for null string pointer
kprobes/x86: Fix to set RWX bits correctly before releasing trampoline
usb: gadget: f_hid: fix: Prevent accessing released memory
usb: gadget: align buffer size when allocating for OUT endpoint
usb: gadget: fix usb_ep_align_maybe endianness and new usb_ep_align
usb: gadget: change len to size_t on alloc_ep_req()
usb: gadget: define free_ep_req as universal function
partitions/msdos: Unable to mount UFS 44bsd partitions
perf/hwbp: Simplify the perf-hwbp code, fix documentation
ALSA: pcm: potential uninitialized return values
ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()
mtd: jedec_probe: Fix crash in jedec_read_mfr()
Replace #define with enum for better compilation errors.
Add missing include to drivers/tty/goldfish.c
Fix whitespace in drivers/tty/goldfish.c
ANDROID: fuse: Add null terminator to path in canonical path to avoid issue
ANDROID: sdcardfs: Fix sdcardfs to stop creating cases-sensitive duplicate entries.
ANDROID: add missing include to pdev_bus
ANDROID: pdev_bus: replace writel with gf_write_ptr
ANDROID: Cleanup type casting in goldfish.h
ANDROID: Include missing headers in goldfish.h
ANDROID: cpufreq: times: skip printing invalid frequencies
ANDROID: xt_qtaguid: Remove unnecessary null checks to device's name
ANDROID: xt_qtaguid: Remove unnecessary null checks to ifa_label
ANDROID: cpufreq: times: allocate enough space for a uid_entry
Linux 4.4.126
net: systemport: Rewrite __bcm_sysport_tx_reclaim()
net: fec: Fix unbalanced PM runtime calls
ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
s390/qeth: on channel error, reject further cmd requests
s390/qeth: lock read device while queueing next buffer
s390/qeth: when thread completes, wake up all waiters
s390/qeth: free netdevice when removing a card
team: Fix double free in error path
skbuff: Fix not waking applications when errors are enqueued
net: Only honor ifindex in IP_PKTINFO if non-0
netlink: avoid a double skb free in genlmsg_mcast()
net/iucv: Free memory obtained by kzalloc
net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface
net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred
l2tp: do not accept arbitrary sockets
ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option()
dccp: check sk for closed state in dccp_sendmsg()
net: Fix hlist corruptions in inet_evict_bucket()
Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs"
scsi: sg: don't return bogus Sg_requests
Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs"
UPSTREAM: drm: virtio-gpu: set atomic flag
UPSTREAM: drm: virtio-gpu: transfer dumb buffers to host on plane update
UPSTREAM: drm: virtio-gpu: ensure plane is flushed to host on atomic update
UPSTREAM: drm: virtio-gpu: get the fb from the plane state for atomic updates
Linux 4.4.125
bpf, x64: increase number of passes
bpf: skip unnecessary capability check
kbuild: disable clang's default use of -fmerge-all-constants
staging: lustre: ptlrpc: kfree used instead of kvfree
perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period()
x86/entry/64: Don't use IST entry for #BP stack
x86/boot/64: Verify alignment of the LOAD segment
x86/build/64: Force the linker to use 2MB page size
kvm/x86: fix icebp instruction handling
tty: vt: fix up tabstops properly
can: cc770: Fix use after free in cc770_tx_interrupt()
can: cc770: Fix queue stall & dropped RTR reply
can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack
staging: ncpfs: memory corruption in ncp_read_kernel()
mtd: nand: fsl_ifc: Fix nand waitfunc return value
tracing: probeevent: Fix to support minus offset from symbol
rtlwifi: rtl8723be: Fix loss of signal
brcmfmac: fix P2P_DEVICE ethernet address generation
acpi, numa: fix pxm to online numa node associations
drm: udl: Properly check framebuffer mmap offsets
drm/radeon: Don't turn off DP sink when disconnected
drm/vmwgfx: Fix a destoy-while-held mutex problem.
x86/mm: implement free pmd/pte page interfaces
mm/vmalloc: add interfaces to free unmapped page table
libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version
libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions
libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs
libata: Enable queued TRIM for Samsung SSD 860
libata: disable LPM for Crucial BX100 SSD 500GB drive
libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs
libata: remove WARN() for DMA or PIO command without data
libata: fix length validation of ATAPI-relayed SCSI commands
Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174
clk: bcm2835: Protect sections updating shared registers
ahci: Add PCI-id for the Highpoint Rocketraid 644L card
PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L
mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs
ALSA: hda/realtek - Always immediately update mute LED with pin VREF
ALSA: aloop: Fix access to not-yet-ready substream via cable
ALSA: aloop: Sync stale timer before release
ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit
iio: st_pressure: st_accel: pass correct platform data to init
MIPS: ralink: Remove ralink_halt()
ANDROID: cpufreq: times: fix proc_time_in_state_show
dtc: turn off dtc unit address warnings by default
Linux 4.4.124
RDMA/ucma: Fix access to non-initialized CM_ID object
dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63
clk: si5351: Rename internal plls to avoid name collisions
nfsd4: permit layoutget of executable-only files
RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS
ip6_vti: adjust vti mtu according to mtu of lower device
iommu/vt-d: clean up pr_irq if request_threaded_irq fails
pinctrl: Really force states during suspend/resume
coresight: Fix disabling of CoreSight TPIU
pty: cancel pty slave port buf's work in tty_release
drm/omap: DMM: Check for DMM readiness after successful transaction commit
vgacon: Set VGA struct resource types
IB/umem: Fix use of npages/nmap fields
RDMA/cma: Use correct size when writing netlink stats
IB/ipoib: Avoid memory leak if the SA returns a different DGID
mmc: avoid removing non-removable hosts during suspend
platform/chrome: Use proper protocol transfer function
cros_ec: fix nul-termination for firmware build info
media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart
media: bt8xx: Fix err 'bt878_probe()'
rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled.
RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo()
drm/msm: fix leak in failed get_pages
media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt
Bluetooth: hci_qca: Avoid setup failure on missing rampatch
perf tests kmod-path: Don't fail if compressed modules aren't supported
rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL
rtc: ds1374: wdt: Fix issue with timeout scaling from secs to wdt ticks
cifs: small underflow in cnvrtDosUnixTm()
net: hns: fix ethtool_get_strings overflow in hns driver
sm501fb: don't return zero on failure path in sm501fb_start()
video: fbdev: udlfb: Fix buffer on stack
tcm_fileio: Prevent information leak for short reads
ia64: fix module loading for gcc-5.4
md/raid10: skip spare disk as 'first' disk
Input: twl4030-pwrbutton - use correct device for irq request
power: supply: pda_power: move from timer to delayed_work
bnx2x: Align RX buffers
drm/nouveau/kms: Increase max retries in scanout position queries.
ACPI / PMIC: xpower: Fix power_table addresses
ipmi/watchdog: fix wdog hang on panic waiting for ipmi response
ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP
mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a
staging: wilc1000: fix unchecked return value
staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y
mtip32xx: use runtime tag to initialize command header
mfd: palmas: Reset the POWERHOLD mux during power off
mac80211: don't parse encrypted management frames in ieee80211_frame_acked
Btrfs: send, fix file hole not being preserved due to inline extent
rndis_wlan: add return value validation
mt7601u: check return value of alloc_skb
iio: st_pressure: st_accel: Initialise sensor platform data properly
NFS: don't try to cross a mountpount when there isn't one there.
infiniband/uverbs: Fix integer overflows
scsi: mac_esp: Replace bogus memory barrier with spinlock
qlcnic: fix unchecked return value
wan: pc300too: abort path on failure
mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR()
openvswitch: Delete conntrack entry clashing with an expectation.
netfilter: xt_CT: fix refcnt leak on error path
Fix driver usage of 128B WQEs when WQ_CREATE is V1.
ASoC: Intel: Skylake: Uninitialized variable in probe_codec()
IB/mlx4: Change vma from shared to private
IB/mlx4: Take write semaphore when changing the vma struct
HSI: ssi_protocol: double free in ssip_pn_xmit()
IB/ipoib: Update broadcast object if PKey value was changed in index 0
IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow
ALSA: hda - Fix headset microphone detection for ASUS N551 and N751
e1000e: fix timing for 82579 Gigabit Ethernet controller
tcp: remove poll() flakes with FastOpen
NFS: Fix missing pg_cleanup after nfs_pageio_cond_complete()
md/raid10: wait up frozen array in handle_write_completed
iommu/omap: Register driver before setting IOMMU ops
ARM: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER
KVM: PPC: Book3S PR: Exit KVM on failed mapping
scsi: virtio_scsi: Always try to read VPD pages
clk: ns2: Correct SDIO bits
ath: Fix updating radar flags for coutry code India
spi: dw: Disable clock after unregistering the host
media/dvb-core: Race condition when writing to CAM
net: ipv6: send unsolicited NA on admin up
i2c: i2c-scmi: add a MS HID
genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs
cpufreq/sh: Replace racy task affinity logic
ACPI/processor: Replace racy task affinity logic
ACPI/processor: Fix error handling in __acpi_processor_start()
time: Change posix clocks ops interfaces to use timespec64
Input: ar1021_i2c - fix too long name in driver's device table
rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs
x86: i8259: export legacy_pic symbol
regulator: anatop: set default voltage selector for pcie
platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA
staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
CIFS: Enable encryption during session setup phase
SMB3: Validate negotiate request must always be signed
tpm_tis: fix potential buffer overruns caused by bit glitches on the bus
tpm: fix potential buffer overruns caused by bit glitches on the bus
BACKPORT, FROMLIST: crypto: arm64/speck - add NEON-accelerated implementation of Speck-XTS
Linux 4.4.123
bpf: fix incorrect sign extension in check_alu_op()
usb: gadget: bdc: 64-bit pointer capability check
USB: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe()
btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device
btrfs: alloc_chunk: fix DUP stripe size handling
ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux
scsi: sg: only check for dxfer_len greater than 256M
scsi: sg: fix static checker warning in sg_is_valid_dxfer
scsi: sg: fix SG_DXFER_FROM_DEV transfers
irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis
fs/aio: Use RCU accessors for kioctx_table->table[]
fs/aio: Add explicit RCU grace period when freeing kioctx
lock_parent() needs to recheck if dentry got __dentry_kill'ed under it
fs: Teach path_connected to handle nfs filesystems with multiple roots.
drm/amdgpu/dce: Don't turn off DP sink when disconnected
ALSA: seq: Clear client entry before deleting else at closing
ALSA: seq: Fix possible UAF in snd_seq_check_queue()
ALSA: hda - Revert power_save option default value
ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
x86/mm: Fix vmalloc_fault to use pXd_large
x86/vm86/32: Fix POPF emulation
selftests/x86/entry_from_vm86: Add test cases for POPF
selftests/x86: Add tests for the STR and SLDT instructions
selftests/x86: Add tests for User-Mode Instruction Prevention
selftests/x86/entry_from_vm86: Exit with 1 if we fail
ima: relax requiring a file signature for new files with zero length
rcutorture/configinit: Fix build directory error message
ipvlan: add L2 check for packets arriving via virtual devices
ASoC: nuc900: Fix a loop timeout test
mac80211: remove BUG() when interface type is invalid
mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED
agp/intel: Flush all chipset writes after updating the GGTT
drm/amdkfd: Fix memory leaks in kfd topology
veth: set peer GSO values
media: cpia2: Fix a couple off by one bugs
scsi: dh: add new rdac devices
scsi: devinfo: apply to HP XP the same flags as Hitachi VSP
scsi: core: scsi_get_device_flags_keyed(): Always return device flags
spi: sun6i: disable/unprepare clocks on remove
tools/usbip: fixes build with musl libc toolchain
ath10k: fix invalid STS_CAP_OFFSET_MASK
clk: qcom: msm8916: fix mnd_width for codec_digcodec
cpufreq: Fix governor module removal race
ath10k: update tdls teardown state to target
ARM: dts: omap3-n900: Fix the audio CODEC's reset pin
ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin
mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]()
net: xfrm: allow clearing socket xfrm policies.
test_firmware: fix setting old custom fw path back on exit
sched: Stop resched_cpu() from sending IPIs to offline CPUs
sched: Stop switched_to_rt() from sending IPIs to offline CPUs
ARM: dts: exynos: Correct Trats2 panel reset line
HID: elo: clear BTN_LEFT mapping
video/hdmi: Allow "empty" HDMI infoframes
drm/edid: set ELD connector type in drm_edid_to_eld()
wil6210: fix memory access violation in wil_memcpy_from/toio_32
pwm: tegra: Increase precision in PWM rate calculation
kprobes/x86: Set kprobes pages read-only
kprobes/x86: Fix kprobe-booster not to boost far call instructions
scsi: sg: close race condition in sg_remove_sfp_usercontext()
scsi: sg: check for valid direction before starting the request
perf session: Don't rely on evlist in pipe mode
perf inject: Copy events when reordering events in pipe mode
drivers/perf: arm_pmu: handle no platform_device
usb: gadget: dummy_hcd: Fix wrong power status bit clear/reset in dummy_hub_control()
usb: dwc2: Make sure we disconnect the gadget state
md/raid6: Fix anomily when recovering a single device in RAID6.
regulator: isl9305: fix array size
MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters
MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification
MIPS: BPF: Fix multiple problems in JIT skb access helpers.
MIPS: BPF: Quit clobbering callee saved registers in JIT code.
coresight: Fixes coresight DT parse to get correct output port ID.
drm/amdgpu: Fail fb creation from imported dma-bufs. (v2)
drm/radeon: Fail fb creation from imported dma-bufs.
video: ARM CLCD: fix dma allocation size
iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range
apparmor: Make path_max parameter readonly
scsi: ses: don't get power status of SES device slot on probe
fm10k: correctly check if interface is removed
ALSA: firewire-digi00x: handle all MIDI messages on streaming packets
reiserfs: Make cancel_old_flush() reliable
ARM: dts: koelsch: Correct clock frequency of X2 DU clock input
net/faraday: Add missing include of of.h
powerpc: Avoid taking a data miss on every userspace instruction miss
ARM: dts: r8a7791: Correct parent of SSI[0-9] clocks
ARM: dts: r8a7790: Correct parent of SSI[0-9] clocks
NFC: nfcmrvl: double free on error path
NFC: nfcmrvl: Include unaligned.h instead of access_ok.h
vxlan: vxlan dev should inherit lowerdev's gso_max_size
drm/vmwgfx: Fixes to vmwgfx_fb
braille-console: Fix value returned by _braille_console_setup
bonding: refine bond_fold_stats() wrap detection
f2fs: relax node version check for victim data in gc
blk-throttle: make sure expire time isn't too big
mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative()
driver: (adm1275) set the m,b and R coefficients correctly for power
dmaengine: imx-sdma: add 1ms delay to ensure SDMA channel is stopped
tcp: sysctl: Fix a race to avoid unexpected 0 window from space
spi: omap2-mcspi: poll OMAP2_MCSPI_CHSTAT_RXS for PIO transfer
ASoC: rcar: ssi: don't set SSICR.CKDV = 000 with SSIWSR.CONT
sched: act_csum: don't mangle TCP and UDP GSO packets
Input: qt1070 - add OF device ID table
sysrq: Reset the watchdog timers while displaying high-resolution timers
timers, sched_clock: Update timeout for clock wrap
media: i2c/soc_camera: fix ov6650 sensor getting wrong clock
scsi: ipr: Fix missed EH wakeup
solo6x10: release vb2 buffers in solo_stop_streaming()
of: fix of_device_get_modalias returned length when truncating buffers
batman-adv: handle race condition for claims between gateways
ARM: dts: Adjust moxart IRQ controller and flags
net/8021q: create device with all possible features in wanted_features
HID: clamp input to logical range if no null state
perf probe: Return errno when not hitting any event
ath10k: disallow DFS simulation if DFS channel is not enabled
drm: Defer disabling the vblank IRQ until the next interrupt (for instant-off)
drivers: net: xgene: Fix hardware checksum setting
perf tools: Make perf_event__synthesize_mmap_events() scale
i40e: fix ethtool to get EEPROM data from X722 interface
i40e: Acquire NVM lock before reads on all devices
perf sort: Fix segfault with basic block 'cycles' sort dimension
selinux: check for address length in selinux_socket_bind()
PCI/MSI: Stop disabling MSI/MSI-X in pci_device_shutdown()
ath10k: fix a warning during channel switch with multiple vaps
drm: qxl: Don't alloc fbdev if emulation is not supported
HID: reject input outside logical range only if null state is set
staging: wilc1000: add check for kmalloc allocation failure.
staging: speakup: Replace BUG_ON() with WARN_ON().
Input: tsc2007 - check for presence and power down tsc2007 during probe
blkcg: fix double free of new_blkg in blkcg_init_queue
ANDROID: cpufreq: times: avoid prematurely freeing uid_entry
ANDROID: Use standard logging functions in goldfish_pipe
ANDROID: Fix whitespace in goldfish
staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
llist: clang: introduce member_address_is_nonnull()
Linux 4.4.122
fixup: sctp: verify size of a new chunk in _sctp_make_chunk()
serial: 8250_pci: Add Brainboxes UC-260 4 port serial device
usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb()
usb: usbmon: Read text within supplied buffer size
USB: usbmon: remove assignment from IS_ERR argument
usb: quirks: add control message delay for 1b1c:1b20
USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h
staging: android: ashmem: Fix lockdep issue during llseek
staging: comedi: fix comedi_nsamples_left.
uas: fix comparison for error code
tty/serial: atmel: add new version check for usart
serial: sh-sci: prevent lockup on full TTY buffers
x86: Treat R_X86_64_PLT32 as R_X86_64_PC32
x86/module: Detect and skip invalid relocations
Revert "ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux"
NFS: Fix an incorrect type in struct nfs_direct_req
scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport
ubi: Fix race condition between ubi volume creation and udev
ext4: inplace xattr block update fails to deduplicate blocks
netfilter: x_tables: pack percpu counter allocations
netfilter: x_tables: pass xt_counters struct to counter allocator
netfilter: x_tables: pass xt_counters struct instead of packet counter
netfilter: use skb_to_full_sk in ip_route_me_harder
netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
netfilter: bridge: ebt_among: add missing match size checks
netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
netfilter: IDLETIMER: be syzkaller friendly
netfilter: nat: cope with negative port range
netfilter: x_tables: fix missing timer initialization in xt_LED
netfilter: add back stackpointer size checks
tc358743: fix register i2c_rd/wr function fix
Input: tca8418_keypad - remove double read of key event register
ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds
netfilter: nfnetlink_queue: fix timestamp attribute
watchdog: hpwdt: fix unused variable warning
watchdog: hpwdt: Check source of NMI
watchdog: hpwdt: SMBIOS check
nospec: Include <asm/barrier.h> dependency
ALSA: hda: add dock and led support for HP ProBook 640 G2
ALSA: hda: add dock and led support for HP EliteBook 820 G3
ALSA: seq: More protection for concurrent write and ioctl races
ALSA: seq: Don't allow resizing pool in use
ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520
x86/MCE: Serialize sysfs changes
bcache: don't attach backing with duplicate UUID
kbuild: Handle builtin dtb file names containing hyphens
loop: Fix lost writes caused by missing flag
Input: matrix_keypad - fix race when disabling interrupts
MIPS: OCTEON: irq: Check for null return on kzalloc allocation
MIPS: ath25: Check for kzalloc allocation failure
MIPS: BMIPS: Do not mask IPIs during suspend
drm/amdgpu: fix KV harvesting
drm/radeon: fix KV harvesting
drm/amdgpu: Notify sbios device ready before send request
drm/amdgpu: Fix deadlock on runtime suspend
drm/radeon: Fix deadlock on runtime suspend
drm/nouveau: Fix deadlock on runtime suspend
drm: Allow determining if current task is output poll worker
workqueue: Allow retrieval of current task's work struct
scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
RDMA/mlx5: Fix integer overflow while resizing CQ
RDMA/ucma: Check that user doesn't overflow QP state
RDMA/ucma: Limit possible option size
ANDROID: ranchu: 32 bit framebuffer support
ANDROID: Address checkpatch warnings in goldfishfb
ANDROID: Address checkpatch.pl warnings in goldfish_pipe
ANDROID: sdcardfs: fix lock issue on 32 bit/SMP architectures
ANDROID: goldfish: Fix typo in goldfish_cmd_locked() call
ANDROID: Address checkpatch.pl warnings in goldfish_pipe_v2
FROMLIST: f2fs: don't put dentry page in pagecache into highmem
Linux 4.4.121
btrfs: preserve i_mode if __btrfs_set_acl() fails
bpf, x64: implement retpoline for tail call
dm io: fix duplicate bio completion due to missing ref count
mpls, nospec: Sanitize array index in mpls_label_ok()
net: mpls: Pull common label check into helper
sctp: verify size of a new chunk in _sctp_make_chunk()
s390/qeth: fix IPA command submission race
s390/qeth: fix SETIP command handling
sctp: fix dst refcnt leak in sctp_v6_get_dst()
sctp: fix dst refcnt leak in sctp_v4_get_dst
udplite: fix partial checksum initialization
ppp: prevent unregistered channels from connecting to PPP units
netlink: ensure to loop over all netns in genlmsg_multicast_allns()
net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68
net: fix race on decreasing number of TX queues
ipv6 sit: work around bogus gcc-8 -Wrestrict warning
hdlc_ppp: carrier detect ok, don't turn off negotiation
fib_semantics: Don't match route with mismatching tclassid
bridge: check brport attr show in brport_show
Revert "led: core: Fix brightness setting when setting delay_off=0"
x86/spectre: Fix an error message
leds: do not overflow sysfs buffer in led_trigger_show
x86/apic/vector: Handle legacy irq data correctly
ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux
btrfs: Don't clear SGID when inheriting ACLs
x86/syscall: Sanitize syscall table de-references under speculation fix
KVM: mmu: Fix overlap between public and private memslots
ARM: mvebu: Fix broken PL310_ERRATA_753970 selects
nospec: Allow index argument to have const-qualified type
media: m88ds3103: don't call a non-initalized function
cpufreq: s3c24xx: Fix broken s3c_cpufreq_init()
ALSA: hda: Add a power_save blacklist
ALSA: usb-audio: Add a quirck for B&W PX headphones
tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus
tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus
tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus
ANDROID: Delete the goldfish_nand driver.
ANDROID: Add input support for Android Wear.
ANDROID: proc: fix config & includes for /proc/uid
FROMLIST: ARM: amba: Don't read past the end of sysfs "driver_override" buffer
UPSTREAM: ANDROID: binder: remove WARN() for redundant txn error
ANDROID: cpufreq: times: Add missing includes
ANDROID: cpufreq: Add time_in_state to /proc/uid directories
ANDROID: proc: Add /proc/uid directory
ANDROID: cpufreq: times: track per-uid time in state
ANDROID: cpufreq: track per-task time in state
Conflicts:
drivers/gpu/drm/msm/msm_gem.c
drivers/net/wireless/ath/regd.c
kernel/sched/core.c
Change-Id: I9bb7b5a062415da6925a5a56a34e6eb066a53320
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 02a2385f37a7c6594c9d89b64c4a1451276f08eb ]
nlmsg_multicast() consumes always the skb, thus the original skb must be
freed only when this function is called with a clone.
Fixes: cb9f7a9a5c96 ("netlink: ensure to loop over all netns in genlmsg_multicast_allns()")
Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit cb9f7a9a5c96a773bbc9c70660dc600cfff82f82 ]
Nowadays, nlmsg_multicast() returns only 0 or -ESRCH but this was not the
case when commit 134e63756d5f was pushed.
However, there was no reason to stop the loop if a netns does not have
listeners.
Returns -ESRCH only if there was no listeners in all netns.
To avoid having the same problem in the future, I didn't take the
assumption that nlmsg_multicast() returns only 0 or -ESRCH.
Fixes: 134e63756d5f ("genetlink: make netns aware")
CC: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refs/heads/tmp-8cbe01c
Linux 4.4.109
mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP
n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
x86/smpboot: Remove stale TLB flush invocations
nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()
usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201
USB: Fix off by one in type-specific length check of BOS SSP capability
usb: add RESET_RESUME for ELSA MicroLink 56K
usb: Add device quirk for Logitech HD Pro Webcam C925e
USB: serial: option: adding support for YUGA CLM920-NC5
USB: serial: option: add support for Telit ME910 PID 0x1101
USB: serial: qcserial: add Sierra Wireless EM7565
USB: serial: ftdi_sio: add id for Airbus DS P8GR
usbip: vhci: stop printing kernel pointer addresses in messages
usbip: stub: stop printing kernel pointer addresses in messages
usbip: fix usbip bind writing random string after command in match_busid
sock: free skb in skb_complete_tx_timestamp on error
net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround
net: Fix double free and memory corruption in get_net_ns_by_id()
net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks
ipv4: Fix use-after-free when flushing FIB tables
sctp: Replace use of sockets_allocated with specified macro.
net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case
net: ipv4: fix for a race condition in raw_sendmsg
tg3: Fix rx hang on MTU change with 5717/5719
tcp md5sig: Use skb's saddr when replying to an incoming segment
net: reevalulate autoflowlabel setting after sysctl setting
net: qmi_wwan: add Sierra EM7565 1199:9091
netlink: Add netns check on taps
net: igmp: Use correct source address on IGMPv3 reports
ipv6: mcast: better catch silly mtu values
ipv4: igmp: guard against silly MTU values
kbuild: add '-fno-stack-check' to kernel build options
x86/mm/64: Fix reboot interaction with CR4.PCIDE
x86/mm: Enable CR4.PCIDE on supported systems
x86/mm: Add the 'nopcid' boot option to turn off PCID
x86/mm: Disable PCID on 32-bit kernels
x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code
x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
x86/mm: Make flush_tlb_mm_range() more predictable
x86/mm: Remove flush_tlb() and flush_tlb_current_task()
x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
ALSA: hda - fix headset mic detection issue on a Dell machine
ALSA: hda: Drop useless WARN_ON()
ASoC: twl4030: fix child-node lookup
ASoC: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure
iw_cxgb4: Only validate the MSN for successful completions
ring-buffer: Mask out the info bits when returning buffer page length
tracing: Fix crash when it fails to alloc ring buffer
tracing: Fix possible double free on failure of allocating trace buffer
tracing: Remove extra zeroing out of the ring buffer page
net: mvneta: clear interface link status on port disable
powerpc/perf: Dereference BHRB entries safely
kvm: x86: fix RSM when PCID is non-zero
KVM: X86: Fix load RFLAGS w/o the fixed bit
spi: xilinx: Detect stall with Unknown commands
parisc: Hide Diva-built-in serial aux and graphics card
PCI / PM: Force devices to D0 in pci_pm_thaw_noirq()
ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU
ALSA: rawmidi: Avoid racy info ioctl via ctl device
mfd: twl6040: Fix child-node lookup
mfd: twl4030-audio: Fix sibling-node lookup
mfd: cros ec: spi: Don't send first message too soon
crypto: mcryptd - protect the per-CPU queue with a lock
ACPI: APEI / ERST: Fix missing error handling in erst_reader()
Change-Id: I3823f793c0c85d1639e9be10358cf70cfcd13afc
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 93c647643b48f0131f02e45da3bd367d80443291 ]
Currently, a nlmon link inside a child namespace can observe systemwide
netlink activity. Filter the traffic so that nlmon can only sniff
netlink messages from its own netns.
Test case:
vpnns -- bash -c "ip link add nlmon0 type nlmon; \
ip link set nlmon0 up; \
tcpdump -i nlmon0 -q -w /tmp/nlmon.pcap -U" &
sudo ip xfrm state add src 10.1.1.1 dst 10.1.1.2 proto esp \
spi 0x1 mode transport \
auth sha1 0x6162633132330000000000000000000000000000 \
enc aes 0x00000000000000000000000000000000
grep --binary abc123 /tmp/nlmon.pcap
Signed-off-by: Kevin Cernekee <cernekee@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refs/heads/tmp-55b3b8c
Linux 4.4.108
alpha: fix build failures
ALSA: hda - Fix yet another i915 pointer leftover in error path
ALSA: hda - Degrade i915 binding failure message
ALSA: hda - Clear the leftover component assignment at snd_hdac_i915_exit()
Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"
MIPS: math-emu: Fix final emulation phase for certain instructions
thermal: hisilicon: Handle return value of clk_prepare_enable
cpuidle: fix broadcast control when broadcast can not be entered
rtc: set the alarm to the next expiring timer
tcp: fix under-evaluated ssthresh in TCP Vegas
fm10k: ensure we process SM mbx when processing VF mbx
scsi: lpfc: PLOGI failures during NPIV testing
scsi: lpfc: Fix secure firmware updates
PCI/AER: Report non-fatal errors only to the affected endpoint
ixgbe: fix use of uninitialized padding
igb: check memory allocation failure
PCI: Create SR-IOV virtfn/physfn links before attaching driver
scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive
scsi: cxgb4i: fix Tx skb leak
PCI: Avoid bus reset if bridge itself is broken
net: phy: at803x: Change error to EINVAL for invalid MAC
rtc: pl031: make interrupt optional
crypto: crypto4xx - increase context and scatter ring buffer elements
backlight: pwm_bl: Fix overflow condition
bnxt_en: Fix NULL pointer dereference in reopen failure path
cpuidle: powernv: Pass correct drv->cpumask for registration
ARM: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory
netfilter: nfnetlink_queue: fix secctx memory leak
xhci: plat: Register shutdown for xhci_plat
isdn: kcapi: avoid uninitialized data
KVM: pci-assign: do not map smm memory slot pages in vt-d page tables
ARM: dts: am335x-evmsk: adjust mmc2 param to allow suspend
netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register
netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table
irda: vlsi_ir: fix check for DMA mapping errors
RDMA/iser: Fix possible mr leak on device removal event
i40e: Do not enable NAPI on q_vectors that have no rings
net: Do not allow negative values for busy_read and busy_poll sysctl interfaces
bna: avoid writing uninitialized data into hw registers
s390/qeth: no ETH header for outbound AF_IUCV
r8152: prevent the driver from transmitting packets with carrier off
HID: xinmo: fix for out of range for THT 2P arcade controller.
hwmon: (asus_atk0110) fix uninitialized data access
ARM: dts: ti: fix PCI bus dtc warnings
KVM: VMX: Fix enable VPID conditions
KVM: x86: correct async page present tracepoint
scsi: lpfc: Fix PT2PT PRLI reject
pinctrl: st: add irq_request/release_resources callbacks
inet: frag: release spinlock before calling icmp_send()
netfilter: nfnl_cthelper: Fix memory leak
netfilter: nfnl_cthelper: fix runtime expectation policy updates
usb: gadget: udc: remove pointer dereference after free
usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed
net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4
bna: integer overflow bug in debugfs
sch_dsmark: fix invalid skb_cow() usage
crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex
r8152: fix the list rx_done may be used without initialization
cpuidle: Validate cpu_dev in cpuidle_add_sysfs()
arm: kprobes: Align stack to 8-bytes in test code
arm: kprobes: Fix the return address of multiple kretprobes
ALSA: hda - add support for docking station for HP 840 G3
ALSA: hda - add support for docking station for HP 820 G2
x86/irq: Do not substract irq_tlb_count from irq_call_count
sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
ARM: Hide finish_arch_post_lock_switch() from modules
x86/mm, sched/core: Turn off IRQs in switch_mm()
x86/mm, sched/core: Uninline switch_mm()
x86/mm: Build arch/x86/mm/tlb.c even on !SMP
sched/core: Add switch_mm_irqs_off() and use it in the scheduler
mm/mmu_context, sched/core: Fix mmu_context.h assumption
mm/rmap: batched invalidations should use existing api
x86/mm: If INVPCID is available, use it to flush global mappings
x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
x86/mm: Fix INVPCID asm constraint
x86/mm: Add INVPCID helpers
cxl: Check if vphb exists before iterating over AFU devices
arm64: Initialise high_memory global variable earlier
ANDROID: binder: Remove obsolete proc waitqueue.
Change-Id: Ie954ccd1dbd861672345bb0ee879273be4d0a441
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 8a0f5ccfb33b0b8b51de65b7b3bf342ba10b4fb6 ]
On Tue, Mar 14, 2017 at 10:44:10AM +0100, Dmitry Vyukov wrote:
>
> Yes, please.
> Disregarding some reports is not a good way long term.
Please try this patch.
---8<---
Subject: netlink: Annotate nlk cb_mutex by protocol
Currently all occurences of nlk->cb_mutex are annotated by lockdep
as a single class. This causes a false lcokdep cycle involving
genl and crypto_user.
This patch fixes it by dividing cb_mutex into individual classes
based on the netlink protocol. As genl and crypto_user do not
use the same netlink protocol this breaks the false dependency
loop.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refs/heads/tmp-8bc4213
Linux 4.4.104
nfsd: Fix another OPEN stateid race
nfsd: Fix stateid races between OPEN and CLOSE
nfsd: Make init_open_stateid() a bit more whole
drm/i915: Prevent zero length "index" write
drm/i915: Don't try indexed reads to alternate slave addresses
NFS: revalidate "." etc correctly on "open".
mtd: nand: Fix writing mtdoops to nand flash.
drm/panel: simple: Add missing panel_simple_unprepare() calls
drm/radeon: fix atombios on big endian
Revert "drm/radeon: dont switch vt on suspend"
bcache: Fix building error on MIPS
eeprom: at24: check at24_read/write arguments
mmc: core: Do not leave the block driver in a suspended state
KVM: x86: inject exceptions produced by x86_decode_insn
KVM: x86: Exit to user-mode on #UD intercept when emulator requires
KVM: x86: pvclock: Handle first-time write to pvclock-page contains random junk
btrfs: clear space cache inode generation always
mm/madvise.c: fix madvise() infinite loop under special circumstances
mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
x86/efi-bgrt: Replace early_memremap() with memremap()
x86/efi-bgrt: Fix kernel panic when mapping BGRT data
ARM: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio
x86/efi: Build our own page table structures
x86/efi: Hoist page table switching code into efi_call_virt()
x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
ipsec: Fix aborted xfrm policy dump crash
netlink: add a start callback for starting a netlink dump
Documentation: tee subsystem and op-tee driver
tee: add OP-TEE driver
tee: generic TEE subsystem
dt/bindings: add bindings for optee
kernel.h: add u64_to_user_ptr()
ARM: 8481/2: drivers: psci: replace psci firmware calls
ARM: 8480/2: arm64: add implementation for arm-smccc
ARM: 8479/2: add implementation for arm-smccc
ARM: 8478/2: arm/arm64: add arm-smccc
UPSTREAM: net: xfrm: allow clearing socket xfrm policies.
Conflicts:
arch/arm64/kernel/arm64ksyms.c
arch/arm64/kernel/asm-offsets.c
arch/arm64/kvm/hyp/fpsimd.S
drivers/Kconfig
drivers/Makefile
drivers/firmware/psci.c
drivers/gpu/drm/msm/msm_gem_submit.c
drivers/mmc/core/bus.c
include/linux/arm-smccc.h
Change-Id: Ib22051f60c49ecf3bb7e18f9940ba9a4ac5143af
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit fc9e50f5a5a4e1fa9ba2756f745a13e693cf6a06 upstream.
The start callback allows the caller to set up a context for the
dump callbacks. Presumably, the context can then be destroyed in
the done callback.
Signed-off-by: Tom Herbert <tom@herbertland.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refs/heads/tmp-f0b9d2d
Linux 4.4.101
mm/pagewalk.c: report holes in hugetlb ranges
mm/page_ext.c: check if page_ext is not prepared
mm: check the return value of lookup_page_ext for all call sites
coda: fix 'kernel memory exposure attempt' in fsync
mm/page_alloc.c: broken deferred calculation
ipmi: fix unsigned long underflow
ocfs2: should wait dio before inode lock in ocfs2_setattr()
nvme: Fix memory order on async queue deletion
arm64: fix dump_instr when PAN and UAO are in use
serial: omap: Fix EFR write on RTS deassertion
ima: do not update security.ima if appraisal status is not INTEGRITY_PASS
net/sctp: Always set scope_id in sctp_inet6_skb_msgname
fealnx: Fix building error on MIPS
sctp: do not peel off an assoc from one netns to another one
af_netlink: ensure that NLMSG_DONE never fails in dumps
vlan: fix a use-after-free in vlan_device_event()
bonding: discard lowest hash bit for 802.3ad layer3+4
netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
tcp: do not mangle skb->cb[] in tcp_make_synack()
Conflicts:
mm/debug-pagealloc.c
mm/page_ext.c
mm/page_owner.c
Change-Id: I551aff1b4c8a0d72f64a234abb8ac88990fbc9e5
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 0642840b8bb008528dbdf929cec9f65ac4231ad0 ]
The way people generally use netlink_dump is that they fill in the skb
as much as possible, breaking when nla_put returns an error. Then, they
get called again and start filling out the next skb, and again, and so
forth. The mechanism at work here is the ability for the iterative
dumping function to detect when the skb is filled up and not fill it
past the brim, waiting for a fresh skb for the rest of the data.
However, if the attributes are small and nicely packed, it is possible
that a dump callback function successfully fills in attributes until the
skb is of size 4080 (libmnl's default page-sized receive buffer size).
The dump function completes, satisfied, and then, if it happens to be
that this is actually the last skb, and no further ones are to be sent,
then netlink_dump will add on the NLMSG_DONE part:
nlh = nlmsg_put_answer(skb, cb, NLMSG_DONE, sizeof(len), NLM_F_MULTI);
It is very important that netlink_dump does this, of course. However, in
this example, that call to nlmsg_put_answer will fail, because the
previous filling by the dump function did not leave it enough room. And
how could it possibly have done so? All of the nla_put variety of
functions simply check to see if the skb has enough tailroom,
independent of the context it is in.
In order to keep the important assumptions of all netlink dump users, it
is therefore important to give them an skb that has this end part of the
tail already reserved, so that the call to nlmsg_put_answer does not
fail. Otherwise, library authors are forced to find some bizarre sized
receive buffer that has a large modulo relative to the common sizes of
messages received, which is ugly and buggy.
This patch thus saves the NLMSG_DONE for an additional message, for the
case that things are dangerously close to the brim. This requires
keeping track of the errno from ->dump() across calls.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refs/heads/9796ea8
Linux 4.4.67
dm ioctl: prevent stack leak in dm ioctl call
nfsd: stricter decoding of write-like NFSv2/v3 ops
nfsd4: minor NFSv2/v3 write decoding cleanup
ext4/fscrypto: avoid RCU lookup in d_revalidate
ext4 crypto: use dget_parent() in ext4_d_revalidate()
ext4 crypto: revalidate dentry after adding or removing the key
ext4: require encryption feature for EXT4_IOC_SET_ENCRYPTION_POLICY
IB/ehca: fix maybe-uninitialized warnings
IB/qib: rename BITS_PER_PAGE to RVT_BITS_PER_PAGE
netlink: Allow direct reclaim for fallback allocation
8250_pci: Fix potential use-after-free in error path
scsi: cxlflash: Improve EEH recovery time
scsi: cxlflash: Fix to avoid EEH and host reset collisions
scsi: cxlflash: Scan host only after the port is ready for I/O
net: tg3: avoid uninitialized variable warning
mtd: avoid stack overflow in MTD CFI code
drbd: avoid redefinition of BITS_PER_PAGE
ALSA: ppc/awacs: shut up maybe-uninitialized warning
ASoC: intel: Fix PM and non-atomic crash in bytcr drivers
Handle mismatched open calls
timerfd: Protect the might cancel mechanism proper
ANDROID: android-base.cfg: remove USB_OTG_WAKELOCK
ANDROID: android-base.cfg: remove defunct options
ANDROID: arm64: suspend: Restore the UAO state
ANDROID: usb: gadget: f_audio_source: disable the CPU C-states upon playback
ANDROID: usb: gadget: f_mtp: Set 0xFFFFFFFF in mtp header ContainerLength field
Conflicts:
drivers/usb/gadget/function/f_mtp.c
fs/ext4/crypto.c
Change-Id: I408054176798ba49f0b62fb46a3b0d59060d108e
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The backport of d35c99ff77ec ("netlink: do not enter direct reclaim from
netlink_dump()") to the 4.4 branch (first in 4.4.32) mistakenly removed
direct claim from the initial large allocation _and_ the fallback
allocation which means that allocations can spuriously fail.
Fix the issue by adding back the direct reclaim flag to the fallback
allocation.
Fixes: 6d123f1d396b ("netlink: do not enter direct reclaim from netlink_dump()")
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* refs/heads/tmp-c71ad0f:
BACKPORT: arm64: dts: juno: fix cluster sleep state entry latency on all SoC versions
staging: android: ashmem: lseek failed due to no FMODE_LSEEK.
ANDROID: sdcardfs: update module info
ANDROID: sdcardfs: use d_splice_alias
ANDROID: sdcardfs: add read_iter/write_iter opeations
ANDROID: sdcardfs: fix ->llseek to update upper and lower offset
ANDROID: sdcardfs: copy lower inode attributes in ->ioctl
ANDROID: sdcardfs: remove unnecessary call to do_munmap
Merge 4.4.59 into android-4.4
UPSTREAM: ipv6 addrconf: implement RFC7559 router solicitation backoff
android: base-cfg: enable CONFIG_INET_DIAG_DESTROY
ANDROID: android-base.cfg: add CONFIG_MODULES option
ANDROID: android-base.cfg: add CONFIG_IKCONFIG option
ANDROID: android-base.cfg: properly sort the file
ANDROID: binder: add hwbinder,vndbinder to BINDER_DEVICES.
ANDROID: sort android-recommended.cfg
UPSTREAM: config/android: Remove CONFIG_IPV6_PRIVACY
UPSTREAM: config: android: set SELinux as default security mode
config: android: move device mapper options to recommended
ANDROID: ARM64: Allow to choose appended kernel image
UPSTREAM: arm64: vdso: constify vm_special_mapping used for aarch32 vectors page
UPSTREAM: arm64: vdso: add __init section marker to alloc_vectors_page
UPSTREAM: ARM: 8597/1: VDSO: put RO and RO after init objects into proper sections
UPSTREAM: arm64: Add support for CLOCK_MONOTONIC_RAW in clock_gettime() vDSO
UPSTREAM: arm64: Refactor vDSO time functions
UPSTREAM: arm64: fix vdso-offsets.h dependency
UPSTREAM: kbuild: drop FORCE from PHONY targets
UPSTREAM: mm: add PHYS_PFN, use it in __phys_to_pfn()
UPSTREAM: ARM: 8476/1: VDSO: use PTR_ERR_OR_ZERO for vma check
Linux 4.4.58
crypto: algif_hash - avoid zero-sized array
fbcon: Fix vc attr at deinit
serial: 8250_pci: Detach low-level driver during PCI error recovery
ACPI / blacklist: Make Dell Latitude 3350 ethernet work
ACPI / blacklist: add _REV quirks for Dell Precision 5520 and 3520
uvcvideo: uvc_scan_fallback() for webcams with broken chain
s390/zcrypt: Introduce CEX6 toleration
block: allow WRITE_SAME commands with the SG_IO ioctl
vfio/spapr: Postpone allocation of userspace version of TCE table
PCI: Do any VF BAR updates before enabling the BARs
PCI: Ignore BAR updates on virtual functions
PCI: Update BARs using property bits appropriate for type
PCI: Don't update VF BARs while VF memory space is enabled
PCI: Decouple IORESOURCE_ROM_ENABLE and PCI_ROM_ADDRESS_ENABLE
PCI: Add comments about ROM BAR updating
PCI: Remove pci_resource_bar() and pci_iov_resource_bar()
PCI: Separate VF BAR updates from standard BAR updates
x86/hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic
igb: add i211 to i210 PHY workaround
igb: Workaround for igb i210 firmware issue
xen: do not re-use pirq number cached in pci device msi msg data
xfs: clear _XBF_PAGES from buffers when readahead page
USB: usbtmc: add missing endpoint sanity check
nl80211: fix dumpit error path RTNL deadlocks
xfs: fix up xfs_swap_extent_forks inline extent handling
xfs: don't allow di_size with high bit set
libceph: don't set weight to IN when OSD is destroyed
raid10: increment write counter after bio is split
cpufreq: Restore policy min/max limits on CPU online
ARM: dts: at91: sama5d2: add dma properties to UART nodes
ARM: at91: pm: cpu_idle: switch DDR to power-down mode
iommu/vt-d: Fix NULL pointer dereference in device_to_iommu
xen/acpi: upload PM state from init-domain to Xen
mmc: sdhci: Do not disable interrupts while waiting for clock
ext4: mark inode dirty after converting inline directory
parport: fix attempt to write duplicate procfiles
iio: hid-sensor-trigger: Change get poll value function order to avoid sensor properties losing after resume from S3
iio: adc: ti_am335x_adc: fix fifo overrun recovery
mmc: ushc: fix NULL-deref at probe
uwb: hwa-rc: fix NULL-deref at probe
uwb: i1480-dfu: fix NULL-deref at probe
usb: hub: Fix crash after failure to read BOS descriptor
usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer
USB: wusbcore: fix NULL-deref at probe
USB: idmouse: fix NULL-deref at probe
USB: lvtest: fix NULL-deref at probe
USB: uss720: fix NULL-deref at probe
usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk
usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's wBytesPerInterval
ACM gadget: fix endianness in notifications
USB: serial: qcserial: add Dell DW5811e
USB: serial: option: add Quectel UC15, UC20, EC21, and EC25 modems
ALSA: hda - Adding a group of pin definition to fix headset problem
ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call
ALSA: seq: Fix racy cell insertions during snd_seq_pool_done()
Input: sur40 - validate number of endpoints before using them
Input: kbtab - validate number of endpoints before using them
Input: cm109 - validate number of endpoints before using them
Input: yealink - validate number of endpoints before using them
Input: hanwang - validate number of endpoints before using them
Input: ims-pcu - validate number of endpoints before using them
Input: iforce - validate number of endpoints before using them
Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000
Input: elan_i2c - add ASUS EeeBook X205TA special touchpad fw
tcp: initialize icsk_ack.lrcvtime at session start time
socket, bpf: fix sk_filter use after free in sk_clone_lock
ipv4: provide stronger user input validation in nl_fib_input()
net: bcmgenet: remove bcmgenet_internal_phy_setup()
net/mlx5e: Count LRO packets correctly
net/mlx5: Increase number of max QPs in default profile
net: unix: properly re-increment inflight counter of GC discarded candidates
amd-xgbe: Fix jumbo MTU processing on newer hardware
net: properly release sk_frag.page
net: bcmgenet: Do not suspend PHY if Wake-on-LAN is enabled
net/openvswitch: Set the ipv6 source tunnel key address attribute correctly
Linux 4.4.57
ext4: fix fencepost in s_first_meta_bg validation
percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages
gfs2: Avoid alignment hole in struct lm_lockname
isdn/gigaset: fix NULL-deref at probe
target: Fix VERIFY_16 handling in sbc_parse_cdb
scsi: libiscsi: add lock around task lists to fix list corruption regression
scsi: lpfc: Add shutdown method for kexec
target/pscsi: Fix TYPE_TAPE + TYPE_MEDIMUM_CHANGER export
md/raid1/10: fix potential deadlock
powerpc/boot: Fix zImage TOC alignment
cpufreq: Fix and clean up show_cpuinfo_cur_freq()
perf/core: Fix event inheritance on fork()
give up on gcc ilog2() constant optimizations
kernek/fork.c: allocate idle task for a CPU always on its local node
hv_netvsc: use skb_get_hash() instead of a homegrown implementation
tpm_tis: Use devm_free_irq not free_irq
drm/amdgpu: add missing irq.h include
s390/pci: fix use after free in dma_init
KVM: PPC: Book3S PR: Fix illegal opcode emulation
xen/qspinlock: Don't kick CPU if IRQ is not initialized
Drivers: hv: avoid vfree() on crash
Drivers: hv: balloon: don't crash when memory is added in non-sorted order
pinctrl: cherryview: Do not mask all interrupts in probe
ACPI / video: skip evaluating _DOD when it does not exist
cxlflash: Increase cmd_per_lun for better throughput
crypto: mcryptd - Fix load failure
crypto: cryptd - Assign statesize properly
crypto: ghash-clmulni - Fix load failure
USB: don't free bandwidth_mutex too early
usb: core: hub: hub_port_init lock controller instead of bus
ANDROID: sdcardfs: Fix style issues in macros
ANDROID: sdcardfs: Use seq_puts over seq_printf
ANDROID: sdcardfs: Use to kstrout
ANDROID: sdcardfs: Use pr_[...] instead of printk
ANDROID: sdcardfs: remove unneeded null check
ANDROID: sdcardfs: Fix style issues with comments
ANDROID: sdcardfs: Fix formatting
ANDROID: sdcardfs: correct order of descriptors
fix the deadlock in xt_qtaguid when enable DDEBUG
net: ipv6: Add sysctl for minimum prefix len acceptable in RIOs.
Linux 4.4.56
futex: Add missing error handling to FUTEX_REQUEUE_PI
futex: Fix potential use-after-free in FUTEX_REQUEUE_PI
x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm
x86/kasan: Fix boot with KASAN=y and PROFILE_ANNOTATED_BRANCHES=y
fscrypto: lock inode while setting encryption policy
fscrypt: fix renaming and linking special files
net sched actions: decrement module reference count after table flush.
dccp: fix memory leak during tear-down of unsuccessful connection request
dccp/tcp: fix routing redirect race
bridge: drop netfilter fake rtable unconditionally
ipv6: avoid write to a possibly cloned skb
ipv6: make ECMP route replacement less greedy
mpls: Send route delete notifications when router module is unloaded
act_connmark: avoid crashing on malformed nlattrs with null parms
uapi: fix linux/packet_diag.h userspace compilation error
vrf: Fix use-after-free in vrf_xmit
dccp: fix use-after-free in dccp_feat_activate_values
net: fix socket refcounting in skb_complete_tx_timestamp()
net: fix socket refcounting in skb_complete_wifi_ack()
tcp: fix various issues for sockets morphing to listen state
dccp: Unlock sock before calling sk_free()
net: net_enable_timestamp() can be called from irq contexts
net: don't call strlen() on the user buffer in packet_bind_spkt()
l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
ipv4: mask tos for input route
vti6: return GRE_KEY for vti6
vxlan: correctly validate VXLAN ID against VXLAN_N_VID
netlink: remove mmapped netlink support
ANDROID: mmc: core: export emmc revision
BACKPORT: mmc: core: Export device lifetime information through sysfs
ANDROID: android-verity: do not compile as independent module
ANDROID: sched: fix duplicate sched_group_energy const specifiers
config: disable CONFIG_USELIB and CONFIG_FHANDLE
ANDROID: power: align wakeup_sources format
ANDROID: dm: android-verity: allow disable dm-verity for Treble VTS
uid_sys_stats: change to use rt_mutex
ANDROID: vfs: user permission2 in notify_change2
ANDROID: sdcardfs: Fix gid issue
ANDROID: sdcardfs: Use tabs instead of spaces in multiuser.h
ANDROID: sdcardfs: Remove uninformative prints
ANDROID: sdcardfs: move path_put outside of spinlock
ANDROID: sdcardfs: Use case insensitive hash function
ANDROID: sdcardfs: declare MODULE_ALIAS_FS
ANDROID: sdcardfs: Get the blocksize from the lower fs
ANDROID: sdcardfs: Use d_invalidate instead of drop_recurisve
ANDROID: sdcardfs: Switch to internal case insensitive compare
ANDROID: sdcardfs: Use spin_lock_nested
ANDROID: sdcardfs: Replace get/put with d_lock
ANDROID: sdcardfs: rate limit warning print
ANDROID: sdcardfs: Fix case insensitive lookup
ANDROID: uid_sys_stats: account for fsync syscalls
ANDROID: sched: add a counter to track fsync
ANDROID: uid_sys_stats: fix negative write bytes.
ANDROID: uid_sys_stats: allow writing same state
ANDROID: uid_sys_stats: rename uid_cputime.c to uid_sys_stats.c
ANDROID: uid_cputime: add per-uid IO usage accounting
DTB: Add EAS compatible Juno Energy model to 'juno.dts'
arm64: dts: juno: Add idle-states to device tree
ANDROID: Replace spaces by '_' for some android filesystem tracepoints.
usb: gadget: f_accessory: Fix for UsbAccessory clean unbind.
android: binder: move global binder state into context struct.
android: binder: add padding to binder_fd_array_object.
binder: use group leader instead of open thread
nf: IDLETIMER: Use fullsock when querying uid
nf: IDLETIMER: Fix use after free condition during work
ANDROID: dm: android-verity: fix table_make_digest() error handling
ANDROID: usb: gadget: function: Fix commenting style
cpufreq: interactive governor drops bits in time calculation
ANDROID: sdcardfs: support direct-IO (DIO) operations
ANDROID: sdcardfs: implement vm_ops->page_mkwrite
ANDROID: sdcardfs: Don't bother deleting freelist
ANDROID: sdcardfs: Add missing path_put
ANDROID: sdcardfs: Fix incorrect hash
ANDROID: ext4 crypto: Disables zeroing on truncation when there's no key
ANDROID: ext4: add a non-reversible key derivation method
ANDROID: ext4: allow encrypting filenames using HEH algorithm
ANDROID: arm64/crypto: add ARMv8-CE optimized poly_hash algorithm
ANDROID: crypto: heh - factor out poly_hash algorithm
ANDROID: crypto: heh - Add Hash-Encrypt-Hash (HEH) algorithm
ANDROID: crypto: gf128mul - Add ble multiplication functions
ANDROID: crypto: gf128mul - Refactor gf128 overflow macros and tables
UPSTREAM: crypto: gf128mul - Zero memory when freeing multiplication table
ANDROID: crypto: shash - Add crypto_grab_shash() and crypto_spawn_shash_alg()
ANDROID: crypto: allow blkcipher walks over ablkcipher data
UPSTREAM: arm/arm64: crypto: assure that ECB modes don't require an IV
ANDROID: Refactor fs readpage/write tracepoints.
ANDROID: export security_path_chown
Squashfs: optimize reading uncompressed data
Squashfs: implement .readpages()
Squashfs: replace buffer_head with BIO
Squashfs: refactor page_actor
Squashfs: remove the FILE_CACHE option
ANDROID: android-recommended.cfg: CONFIG_CPU_SW_DOMAIN_PAN=y
FROMLIST: 9p: fix a potential acl leak
BACKPORT: posix_acl: Clear SGID bit when setting file permissions
UPSTREAM: udp: properly support MSG_PEEK with truncated buffers
UPSTREAM: arm64: Allow hw watchpoint of length 3,5,6 and 7
BACKPORT: arm64: hw_breakpoint: Handle inexact watchpoint addresses
UPSTREAM: arm64: Allow hw watchpoint at varied offset from base address
BACKPORT: hw_breakpoint: Allow watchpoint of length 3,5,6 and 7
ANDROID: sdcardfs: Switch strcasecmp for internal call
ANDROID: sdcardfs: switch to full_name_hash and qstr
ANDROID: sdcardfs: Add GID Derivation to sdcardfs
ANDROID: sdcardfs: Remove redundant operation
ANDROID: sdcardfs: add support for user permission isolation
ANDROID: sdcardfs: Refactor configfs interface
ANDROID: sdcardfs: Allow non-owners to touch
ANDROID: binder: fix format specifier for type binder_size_t
ANDROID: fs: Export vfs_rmdir2
ANDROID: fs: Export free_fs_struct and set_fs_pwd
BACKPORT: Input: xpad - validate USB endpoint count during probe
BACKPORT: Input: xpad - fix oops when attaching an unknown Xbox One gamepad
ANDROID: mnt: remount should propagate to slaves of slaves
ANDROID: sdcardfs: Switch ->d_inode to d_inode()
ANDROID: sdcardfs: Fix locking issue with permision fix up
ANDROID: sdcardfs: Change magic value
ANDROID: sdcardfs: Use per mount permissions
ANDROID: sdcardfs: Add gid and mask to private mount data
ANDROID: sdcardfs: User new permission2 functions
ANDROID: vfs: Add setattr2 for filesystems with per mount permissions
ANDROID: vfs: Add permission2 for filesystems with per mount permissions
ANDROID: vfs: Allow filesystems to access their private mount data
ANDROID: mnt: Add filesystem private data to mount points
ANDROID: sdcardfs: Move directory unlock before touch
ANDROID: sdcardfs: fix external storage exporting incorrect uid
ANDROID: sdcardfs: Added top to sdcardfs_inode_info
ANDROID: sdcardfs: Switch package list to RCU
ANDROID: sdcardfs: Fix locking for permission fix up
ANDROID: sdcardfs: Check for other cases on path lookup
ANDROID: sdcardfs: override umask on mkdir and create
arm64: kernel: Fix build warning
DEBUG: sched/fair: Fix sched_load_avg_cpu events for task_groups
DEBUG: sched/fair: Fix missing sched_load_avg_cpu events
UPSTREAM: l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()
UPSTREAM: packet: fix race condition in packet_set_ring
UPSTREAM: netlink: Fix dump skb leak/double free
UPSTREAM: net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
MIPS: Prevent "restoration" of MSA context in non-MSA kernels
net: socket: don't set sk_uid to garbage value in ->setattr()
ANDROID: configs: CONFIG_ARM64_SW_TTBR0_PAN=y
UPSTREAM: arm64: Disable PAN on uaccess_enable()
UPSTREAM: arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN
UPSTREAM: arm64: xen: Enable user access before a privcmd hvc call
UPSTREAM: arm64: Handle faults caused by inadvertent user access with PAN enabled
BACKPORT: arm64: Disable TTBR0_EL1 during normal kernel execution
BACKPORT: arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1
BACKPORT: arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro
BACKPORT: arm64: Factor out PAN enabling/disabling into separate uaccess_* macros
UPSTREAM: arm64: alternative: add auto-nop infrastructure
UPSTREAM: arm64: barriers: introduce nops and __nops macros for NOP sequences
Revert "FROMLIST: arm64: Factor out PAN enabling/disabling into separate uaccess_* macros"
Revert "FROMLIST: arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro"
Revert "FROMLIST: arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1"
Revert "FROMLIST: arm64: Disable TTBR0_EL1 during normal kernel execution"
Revert "FROMLIST: arm64: Handle faults caused by inadvertent user access with PAN enabled"
Revert "FROMLIST: arm64: xen: Enable user access before a privcmd hvc call"
Revert "FROMLIST: arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN"
ANDROID: sched/walt: fix build failure if FAIR_GROUP_SCHED=n
ANDROID: trace: net: use %pK for kernel pointers
ANDROID: android-base: Enable QUOTA related configs
net: ipv4: Don't crash if passing a null sk to ip_rt_update_pmtu.
net: inet: Support UID-based routing in IP protocols.
net: core: add UID to flows, rules, and routes
net: core: Add a UID field to struct sock.
Revert "net: core: Support UID-based routing."
UPSTREAM: efi/arm64: Don't apply MEMBLOCK_NOMAP to UEFI memory map mapping
UPSTREAM: arm64: mm: always take dirty state from new pte in ptep_set_access_flags
UPSTREAM: arm64: Implement pmdp_set_access_flags() for hardware AF/DBM
UPSTREAM: arm64: Fix typo in the pmdp_huge_get_and_clear() definition
UPSTREAM: arm64: enable CONFIG_DEBUG_RODATA by default
goldfish: enable CONFIG_INET_DIAG_DESTROY
sched/walt: kill {min,max}_capacity
sched: fix wrong truncation of walt_avg
build: fix build config kernel_dir
ANDROID: dm verity: add minimum prefetch size
build: add build server configs for goldfish
usb: gadget: Fix compilation problem with tx_qlen field
Conflicts:
android/configs/android-base.cfg
arch/arm64/Makefile
arch/arm64/include/asm/cpufeature.h
arch/arm64/kernel/vdso/gettimeofday.S
arch/arm64/mm/cache.S
drivers/md/Kconfig
drivers/misc/Makefile
drivers/mmc/host/sdhci.c
drivers/usb/core/hcd.c
drivers/usb/gadget/function/u_ether.c
fs/sdcardfs/derived_perm.c
fs/sdcardfs/file.c
fs/sdcardfs/inode.c
fs/sdcardfs/lookup.c
fs/sdcardfs/main.c
fs/sdcardfs/multiuser.h
fs/sdcardfs/packagelist.c
fs/sdcardfs/sdcardfs.h
fs/sdcardfs/super.c
include/linux/mmc/card.h
include/linux/mmc/mmc.h
include/trace/events/android_fs.h
include/trace/events/android_fs_template.h
drivers/android/binder.c
fs/exec.c
fs/ext4/crypto_key.c
fs/ext4/ext4.h
fs/ext4/inline.c
fs/ext4/inode.c
fs/ext4/readpage.c
fs/f2fs/data.c
fs/f2fs/inline.c
fs/mpage.c
include/linux/dcache.h
include/trace/events/sched.h
include/uapi/linux/ipv6.h
net/ipv4/tcp_ipv4.c
net/netfilter/xt_IDLETIMER.c
Change-Id: Ie345db6a14869fe0aa794aef4b71b5d0d503690b
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit d1b4c689d4130bcfd3532680b64db562300716b6 upstream.
mmapped netlink has a number of unresolved issues:
- TX zerocopy support had to be disabled more than a year ago via
commit 4682a0358639b29cf ("netlink: Always copy on mmap TX.")
because the content of the mmapped area can change after netlink
attribute validation but before message processing.
- RX support was implemented mainly to speed up nfqueue dumping packet
payload to userspace. However, since commit ae08ce0021087a5d812d2
("netfilter: nfnetlink_queue: zero copy support") we avoid one copy
with the socket-based interface too (via the skb_zerocopy helper).
The other problem is that skbs attached to mmaped netlink socket
behave different from normal skbs:
- they don't have a shinfo area, so all functions that use skb_shinfo()
(e.g. skb_clone) cannot be used.
- reserving headroom prevents userspace from seeing the content as
it expects message to start at skb->head.
See for instance
commit aa3a022094fa ("netlink: not trim skb for mmaped socket when dump").
- skbs handed e.g. to netlink_ack must have non-NULL skb->sk, else we
crash because it needs the sk to check if a tx ring is attached.
Also not obvious, leads to non-intuitive bug fixes such as 7c7bdf359
("netfilter: nfnetlink: use original skbuff when acking batches").
mmaped netlink also didn't play nicely with the skb_zerocopy helper
used by nfqueue and openvswitch. Daniel Borkmann fixed this via
commit 6bb0fef489f6 ("netlink, mmap: fix edge-case leakages in nf queue
zero-copy")' but at the cost of also needing to provide remaining
length to the allocation function.
nfqueue also has problems when used with mmaped rx netlink:
- mmaped netlink doesn't allow use of nfqueue batch verdict messages.
Problem is that in the mmap case, the allocation time also determines
the ordering in which the frame will be seen by userspace (A
allocating before B means that A is located in earlier ring slot,
but this also means that B might get a lower sequence number then A
since seqno is decided later. To fix this we would need to extend the
spinlocked region to also cover the allocation and message setup which
isn't desirable.
- nfqueue can now be configured to queue large (GSO) skbs to userspace.
Queing GSO packets is faster than having to force a software segmentation
in the kernel, so this is a desirable option. However, with a mmap based
ring one has to use 64kb per ring slot element, else mmap has to fall back
to the socket path (NL_MMAP_STATUS_COPY) for all large packets.
To use the mmap interface, userspace not only has to probe for mmap netlink
support, it also has to implement a recv/socket receive path in order to
handle messages that exceed the size of an rx ring element.
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Ken-ichirou MATSUZAWA <chamaken@gmail.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Shi Yuejie <shiyuejie@outlook.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* remotes/origin/tmp-2f0de51:
Linux 4.4.38
esp6: Fix integrity verification when ESN are used
esp4: Fix integrity verification when ESN are used
ipv4: Set skb->protocol properly for local output
ipv6: Set skb->protocol properly for local output
Don't feed anything but regular iovec's to blk_rq_map_user_iov
constify iov_iter_count() and iter_is_iovec()
sparc64: fix compile warning section mismatch in find_node()
sparc64: Fix find_node warning if numa node cannot be found
sparc32: Fix inverted invalid_frame_pointer checks on sigreturns
net: ping: check minimum size on ICMP header length
net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
geneve: avoid use-after-free of skb->data
sh_eth: remove unchecked interrupts for RZ/A1
net: bcmgenet: Utilize correct struct device for all DMA operations
packet: fix race condition in packet_set_ring
net/dccp: fix use-after-free in dccp_invalid_packet
netlink: Do not schedule work from sk_destruct
netlink: Call cb->done from a worker thread
net/sched: pedit: make sure that offset is valid
net, sched: respect rcu grace period on cls destruction
net: dsa: bcm_sf2: Ensure we re-negotiate EEE during after link change
l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()
rtnetlink: fix FDB size computation
af_unix: conditionally use freezable blocking calls in read
net: sky2: Fix shutdown crash
ip6_tunnel: disable caching when the traffic class is inherited
net: check dead netns for peernet2id_alloc()
virtio-net: add a missing synchronize_net()
Linux 4.4.37
arm64: suspend: Reconfigure PSTATE after resume from idle
arm64: mm: Set PSTATE.PAN from the cpu_enable_pan() call
arm64: cpufeature: Schedule enable() calls instead of calling them via IPI
pwm: Fix device reference leak
mwifiex: printk() overflow with 32-byte SSIDs
PCI: Set Read Completion Boundary to 128 iff Root Port supports it (_HPX)
PCI: Export pcie_find_root_port
rcu: Fix soft lockup for rcu_nocb_kthread
ALSA: pcm : Call kill_fasync() in stream lock
x86/traps: Ignore high word of regs->cs in early_fixup_exception()
kasan: update kasan_global for gcc 7
zram: fix unbalanced idr management at hot removal
ARC: Don't use "+l" inline asm constraint
Linux 4.4.36
scsi: mpt3sas: Unblock device after controller reset
flow_dissect: call init_default_flow_dissectors() earlier
mei: fix return value on disconnection
mei: me: fix place for kaby point device ids.
mei: me: disable driver on SPT SPS firmware
drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to on
mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]
parisc: Also flush data TLB in flush_icache_page_asm
parisc: Fix race in pci-dma.c
parisc: Fix races in parisc_setup_cache_timing()
NFSv4.x: hide array-bounds warning
apparmor: fix change_hat not finding hat after policy replacement
cfg80211: limit scan results cache size
tile: avoid using clocksource_cyc2ns with absolute cycle count
scsi: mpt3sas: Fix secure erase premature termination
Fix USB CB/CBI storage devices with CONFIG_VMAP_STACK=y
USB: serial: ftdi_sio: add support for TI CC3200 LaunchPad
USB: serial: cp210x: add ID for the Zone DPMX
usb: chipidea: move the lock initialization to core file
KVM: x86: check for pic and ioapic presence before use
KVM: x86: drop error recovery in em_jmp_far and em_ret_far
iommu/vt-d: Fix IOMMU lookup for SR-IOV Virtual Functions
iommu/vt-d: Fix PASID table allocation
sched: tune: Fix lacking spinlock initialization
UPSTREAM: trace: Update documentation for mono, mono_raw and boot clock
UPSTREAM: trace: Add an option for boot clock as trace clock
UPSTREAM: timekeeping: Add a fast and NMI safe boot clock
ANDROID: goldfish_pipe: fix allmodconfig build
ANDROID: goldfish: goldfish_pipe: fix locking errors
ANDROID: video: goldfishfb: fix platform_no_drv_owner.cocci warnings
ANDROID: goldfish_pipe: fix call_kern.cocci warnings
arm64: rename ranchu defconfig to ranchu64
ANDROID: arch: x86: disable pic for Android toolchain
ANDROID: goldfish_pipe: An implementation of more parallel pipe
ANDROID: goldfish_pipe: bugfixes and performance improvements.
ANDROID: goldfish: Add goldfish sync driver
ANDROID: goldfish: add ranchu defconfigs
ANDROID: goldfish_audio: Clear audio read buffer status after each read
ANDROID: goldfish_events: no extra EV_SYN; register goldfish
ANDROID: goldfish_fb: Set pixclock = 0
ANDROID: goldfish: Enable ACPI-based enumeration for goldfish audio
ANDROID: goldfish: Enable ACPI-based enumeration for goldfish framebuffer
ANDROID: video: goldfishfb: add devicetree bindings
BACKPORT: staging: goldfish: audio: fix compiliation on arm
BACKPORT: Input: goldfish_events - enable ACPI-based enumeration for goldfish events
BACKPORT: goldfish: Enable ACPI-based enumeration for goldfish battery
BACKPORT: drivers: tty: goldfish: Add device tree bindings
BACKPORT: tty: goldfish: support platform_device with id -1
BACKPORT: Input: goldfish_events - add devicetree bindings
BACKPORT: power: goldfish_battery: add devicetree bindings
BACKPORT: staging: goldfish: audio: add devicetree bindings
ANDROID: usb: gadget: function: cleanup: Add blank line after declaration
cpufreq: sched: Fix kernel crash on accessing sysfs file
usb: gadget: f_mtp: simplify ptp NULL pointer check
cgroup: replace unified-hierarchy.txt with a proper cgroup v2 documentation
cgroup: rename Documentation/cgroups/ to Documentation/cgroup-legacy/
cgroup: replace __DEVEL__sane_behavior with cgroup2 fs type
writeback: initialize inode members that track writeback history
mm: page_alloc: generalize the dirty balance reserve
block: fix module reference leak on put_disk() call for cgroups throttle
Linux 4.4.35
netfilter: nft_dynset: fix element timeout for HZ != 1000
IB/cm: Mark stale CM id's whenever the mad agent was unregistered
IB/uverbs: Fix leak of XRC target QPs
IB/core: Avoid unsigned int overflow in sg_alloc_table
IB/mlx5: Fix fatal error dispatching
IB/mlx5: Use cache line size to select CQE stride
IB/mlx4: Fix create CQ error flow
IB/mlx4: Check gid_index return value
PM / sleep: don't suspend parent when async child suspend_{noirq, late} fails
PM / sleep: fix device reference leak in test_suspend
uwb: fix device reference leaks
mfd: core: Fix device reference leak in mfd_clone_cell
iwlwifi: pcie: fix SPLC structure parsing
rtc: omap: Fix selecting external osc
clk: mmp: mmp2: fix return value check in mmp2_clk_init()
clk: mmp: pxa168: fix return value check in pxa168_clk_init()
clk: mmp: pxa910: fix return value check in pxa910_clk_init()
drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5)
crypto: caam - do not register AES-XTS mode on LP units
ext4: sanity check the block and cluster size at mount time
kbuild: Steal gcc's pie from the very beginning
x86/kexec: add -fno-PIE
scripts/has-stack-protector: add -fno-PIE
kbuild: add -fno-PIE
i2c: mux: fix up dependencies
can: bcm: fix warning in bcm_connect/proc_register
mfd: intel-lpss: Do not put device in reset state on suspend
fuse: fix fuse_write_end() if zero bytes were copied
KVM: Disable irq while unregistering user notifier
KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems
Linux 4.4.34
sparc64: Delete now unused user copy fixup functions.
sparc64: Delete now unused user copy assembler helpers.
sparc64: Convert U3copy_{from,to}_user to accurate exception reporting.
sparc64: Convert NG2copy_{from,to}_user to accurate exception reporting.
sparc64: Convert NGcopy_{from,to}_user to accurate exception reporting.
sparc64: Convert NG4copy_{from,to}_user to accurate exception reporting.
sparc64: Convert U1copy_{from,to}_user to accurate exception reporting.
sparc64: Convert GENcopy_{from,to}_user to accurate exception reporting.
sparc64: Convert copy_in_user to accurate exception reporting.
sparc64: Prepare to move to more saner user copy exception handling.
sparc64: Delete __ret_efault.
sparc64: Handle extremely large kernel TLB range flushes more gracefully.
sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call code.
sparc64: Fix instruction count in comment for __hypervisor_flush_tlb_pending.
sparc64: Fix illegal relative branches in hypervisor patched TLB code.
sparc64: Handle extremely large kernel TSB range flushes sanely.
sparc: Handle negative offsets in arch_jump_label_transform
sparc64 mm: Fix base TSB sizing when hugetlb pages are used
sparc: serial: sunhv: fix a double lock bug
sparc: Don't leak context bits into thread->fault_address
tty: Prevent ldisc drivers from re-using stale tty fields
tcp: take care of truncations done by sk_filter()
ipv4: use new_gw for redirect neigh lookup
net: __skb_flow_dissect() must cap its return value
sock: fix sendmmsg for partial sendmsg
fib_trie: Correct /proc/net/route off by one error
sctp: assign assoc_id earlier in __sctp_connect
ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
ipv6: dccp: fix out of bound access in dccp_v6_err()
dccp: fix out of bound access in dccp_v4_err()
dccp: do not send reset to already closed sockets
tcp: fix potential memory corruption
ip6_tunnel: Clear IP6CB in ip6tunnel_xmit()
bgmac: stop clearing DMA receive control register right after it is set
net: mangle zero checksum in skb_checksum_help()
net: clear sk_err_soft in sk_clone_lock()
dctcp: avoid bogus doubling of cwnd after loss
ARM: 8485/1: cpuidle: remove cpu parameter from the cpuidle_ops suspend hook
Linux 4.4.33
netfilter: fix namespace handling in nf_log_proc_dostring
btrfs: qgroup: Prevent qgroup->reserved from going subzero
mmc: mxs: Initialize the spinlock prior to using it
ASoC: sun4i-codec: return error code instead of NULL when create_card fails
ACPI / APEI: Fix incorrect return value of ghes_proc()
i40e: fix call of ndo_dflt_bridge_getlink()
hwrng: core - Don't use a stack buffer in add_early_randomness()
lib/genalloc.c: start search from start of chunk
mei: bus: fix received data size check in NFC fixup
iommu/vt-d: Fix dead-locks in disable_dmar_iommu() path
iommu/amd: Free domain id when free a domain of struct dma_ops_domain
tty/serial: at91: fix hardware handshake on Atmel platforms
dmaengine: at_xdmac: fix spurious flag status for mem2mem transfers
drm/i915: Respect alternate_ddc_pin for all DDI ports
KVM: MIPS: Precalculate MMIO load resume PC
scsi: mpt3sas: Fix for block device of raid exists even after deleting raid disk
scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
iio: orientation: hid-sensor-rotation: Add PM function (fix non working driver)
iio: hid-sensors: Increase the precision of scale to fix wrong reading interpretation.
clk: qoriq: Don't allow CPU clocks higher than starting value
toshiba-wmi: Fix loading the driver on non Toshiba laptops
drbd: Fix kernel_sendmsg() usage - potential NULL deref
usb: gadget: u_ether: remove interrupt throttling
USB: cdc-acm: fix TIOCMIWAIT
staging: nvec: remove managed resource from PS2 driver
Revert "staging: nvec: ps2: change serio type to passthrough"
drivers: staging: nvec: remove bogus reset command for PS/2 interface
staging: iio: ad5933: avoid uninitialized variable in error case
pinctrl: cherryview: Prevent possible interrupt storm on resume
pinctrl: cherryview: Serialize register access in suspend/resume
ARC: timer: rtc: implement read loop in "C" vs. inline asm
s390/hypfs: Use get_free_page() instead of kmalloc to ensure page alignment
coredump: fix unfreezable coredumping task
swapfile: fix memory corruption via malformed swapfile
dib0700: fix nec repeat handling
ASoC: cs4270: fix DAPM stream name mismatch
ALSA: info: Limit the proc text input size
ALSA: info: Return error for invalid read/write
arm64: Enable KPROBES/HIBERNATION/CORESIGHT in defconfig
arm64: kvm: allows kvm cpu hotplug
arm64: KVM: Register CPU notifiers when the kernel runs at HYP
arm64: KVM: Skip HYP setup when already running in HYP
arm64: hyp/kvm: Make hyp-stub reject kvm_call_hyp()
arm64: hyp/kvm: Make hyp-stub extensible
arm64: kvm: Move lr save/restore from do_el2_call into EL1
arm64: kvm: deal with kernel symbols outside of linear mapping
arm64: introduce KIMAGE_VADDR as the virtual base of the kernel region
ANDROID: video: adf: Avoid directly referencing user pointers
ANDROID: usb: gadget: audio_source: fix comparison of distinct pointer types
android: binder: support for file-descriptor arrays.
android: binder: support for scatter-gather.
android: binder: add extra size to allocator.
android: binder: refactor binder_transact()
android: binder: support multiple /dev instances.
android: binder: deal with contexts in debugfs.
android: binder: support multiple context managers.
android: binder: split flat_binder_object.
disable aio support in recommended configuration
Linux 4.4.32
scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression
drm/radeon: fix DP mode validation
drm/radeon/dp: add back special handling for NUTMEG
drm/amdgpu: fix DP mode validation
drm/amdgpu/dp: add back special handling for NUTMEG
KVM: MIPS: Drop other CPU ASIDs on guest MMU changes
Revert KVM: MIPS: Drop other CPU ASIDs on guest MMU changes
of: silence warnings due to max() usage
packet: on direct_xmit, limit tso and csum to supported devices
sctp: validate chunk len before actually using it
net sched filters: fix notification of filter delete with proper handle
udp: fix IP_CHECKSUM handling
net: sctp, forbid negative length
ipv4: use the right lock for ping_group_range
ipv4: disable BH in set_ping_group_range()
net: add recursion limit to GRO
rtnetlink: Add rtnexthop offload flag to compare mask
bridge: multicast: restore perm router ports on multicast enable
net: pktgen: remove rcu locking in pktgen_change_name()
ipv6: correctly add local routes when lo goes up
ip6_tunnel: fix ip6_tnl_lookup
ipv6: tcp: restore IP6CB for pktoptions skbs
netlink: do not enter direct reclaim from netlink_dump()
packet: call fanout_release, while UNREGISTERING a netdev
net: Add netdev all_adj_list refcnt propagation to fix panic
net/sched: act_vlan: Push skb->data to mac_header prior calling skb_vlan_*() functions
net: pktgen: fix pkt_size
net: fec: set mac address unconditionally
tg3: Avoid NULL pointer dereference in tg3_io_error_detected()
ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route
ip6_gre: fix flowi6_proto value in ip6gre_xmit_other()
tcp: fix a compile error in DBGUNDO()
tcp: fix wrong checksum calculation on MTU probing
net: avoid sk_forward_alloc overflows
tcp: fix overflow in __tcp_retransmit_skb()
arm64/kvm: fix build issue on kvm debug
arm64: ptdump: Indicate whether memory should be faulting
arm64: Add support for ARCH_SUPPORTS_DEBUG_PAGEALLOC
arm64: Drop alloc function from create_mapping
arm64: allow vmalloc regions to be set with set_memory_*
arm64: kernel: implement ACPI parking protocol
arm64: mm: create new fine-grained mappings at boot
arm64: ensure _stext and _etext are page-aligned
arm64: mm: allow passing a pgdir to alloc_init_*
arm64: mm: allocate pagetables anywhere
arm64: mm: use fixmap when creating page tables
arm64: mm: add functions to walk tables in fixmap
arm64: mm: add __{pud,pgd}_populate
arm64: mm: avoid redundant __pa(__va(x))
Linux 4.4.31
HID: usbhid: add ATEN CS962 to list of quirky devices
ubi: fastmap: Fix add_vol() return value test in ubi_attach_fastmap()
kvm: x86: Check memopp before dereference (CVE-2016-8630)
tty: vt, fix bogus division in csi_J
usb: dwc3: Fix size used in dma_free_coherent()
pwm: Unexport children before chip removal
UBI: fastmap: scrub PEB when bitflips are detected in a free PEB EC header
Disable "frame-address" warning
smc91x: avoid self-comparison warning
cgroup: avoid false positive gcc-6 warning
drm/exynos: fix error handling in exynos_drm_subdrv_open
mm/cma: silence warnings due to max() usage
ARM: 8584/1: floppy: avoid gcc-6 warning
powerpc/ptrace: Fix out of bounds array access warning
x86/xen: fix upper bound of pmd loop in xen_cleanhighmap()
perf build: Fix traceevent plugins build race
drm/dp/mst: Check peer device type before attempting EDID read
drm/radeon: drop register readback in cayman_cp_int_cntl_setup
drm/radeon/si_dpm: workaround for SI kickers
drm/radeon/si_dpm: Limit clocks on HD86xx part
Revert "drm/radeon: fix DP link training issue with second 4K monitor"
mmc: dw_mmc-pltfm: fix the potential NULL pointer dereference
scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded
scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices
mac80211: discard multicast and 4-addr A-MSDUs
firewire: net: fix fragmented datagram_size off-by-one
firewire: net: guard against rx buffer overflows
Input: i8042 - add XMG C504 to keyboard reset table
dm mirror: fix read error on recovery after default leg failure
virtio: console: Unlock vqs while freeing buffers
virtio_ring: Make interrupt suppression spec compliant
parisc: Ensure consistent state when switching to kernel stack at syscall entry
ovl: fsync after copy-up
KVM: MIPS: Make ERET handle ERL before EXL
KVM: x86: fix wbinvd_dirty_mask use-after-free
dm: free io_barrier after blk_cleanup_queue call
USB: serial: cp210x: fix tiocmget error handling
tty: limit terminal size to 4M chars
xhci: add restart quirk for Intel Wildcatpoint PCH
hv: do not lose pending heartbeat vmbus packets
vt: clear selection before resizing
Fix potential infoleak in older kernels
GenWQE: Fix bad page access during abort of resource allocation
usb: increase ohci watchdog delay to 275 msec
xhci: use default USB_RESUME_TIMEOUT when resuming ports.
USB: serial: ftdi_sio: add support for Infineon TriBoard TC2X7
USB: serial: fix potential NULL-dereference at probe
usb: gadget: function: u_ether: don't starve tx request queue
mei: txe: don't clean an unprocessed interrupt cause.
ubifs: Fix regression in ubifs_readdir()
ubifs: Abort readdir upon error
btrfs: fix races on root_log_ctx lists
ANDROID: binder: Clear binder and cookie when setting handle in flat binder struct
ANDROID: binder: Add strong ref checks
ALSA: hda - Fix headset mic detection problem for two Dell laptops
ALSA: hda - Adding a new group of pin cfg into ALC295 pin quirk table
ALSA: hda - allow 40 bit DMA mask for NVidia devices
ALSA: hda - Raise AZX_DCAPS_RIRB_DELAY handling into top drivers
ALSA: hda - Merge RIRB_PRE_DELAY into CTX_WORKAROUND caps
ALSA: usb-audio: Add quirk for Syntek STK1160
KEYS: Fix short sprintf buffer in /proc/keys show function
mm: memcontrol: do not recurse in direct reclaim
mm/list_lru.c: avoid error-path NULL pointer deref
libxfs: clean up _calc_dquots_per_chunk
h8300: fix syscall restarting
drm/dp/mst: Clear port->pdt when tearing down the i2c adapter
i2c: core: fix NULL pointer dereference under race condition
i2c: xgene: Avoid dma_buffer overrun
arm64:cpufeature ARM64_NCAPS is the indicator of last feature
arm64: hibernate: Refuse to hibernate if the boot cpu is offline
PM / sleep: Add support for read-only sysfs attributes
arm64: kernel: Add support for hibernate/suspend-to-disk
arm64: mm: add functions to walk page tables by PA
arm64: mm: move pte_* macros
PM / Hibernate: Call flush_icache_range() on pages restored in-place
arm64: Add new asm macro copy_page
arm64: Promote KERNEL_START/KERNEL_END definitions to a header file
arm64: kernel: Include _AC definition in page.h
arm64: Change cpu_resume() to enable mmu early then access sleep_sp by va
arm64: kernel: Rework finisher callback out of __cpu_suspend_enter()
arm64: Cleanup SCTLR flags
arm64: Fold proc-macros.S into assembler.h
arm/arm64: KVM: Add hook for C-based stage2 init
arm/arm64: KVM: Detect vGIC presence at runtime
arm64: KVM: Add support for 16-bit VMID
arm: KVM: Make kvm_arm.h friendly to assembly code
arm/arm64: KVM: Remove unreferenced S2_PGD_ORDER
arm64: KVM: debug: Remove spurious inline attributes
ARM: KVM: Cleanup exception injection
arm64: KVM: Remove weak attributes
arm64: KVM: Cleanup asm-offset.c
arm64: KVM: Turn system register numbers to an enum
arm64: KVM: VHE: Patch out use of HVC
arm64: Add ARM64_HAS_VIRT_HOST_EXTN feature
arm/arm64: Add new is_kernel_in_hyp_mode predicate
arm64: KVM: Move away from the assembly version of the world switch
arm64: KVM: Map the kernel RO section into HYP
arm64: KVM: Add compatibility aliases
arm64: KVM: Implement vgic-v3 save/restore
arm64: KVM: Add panic handling
arm64: KVM: HYP mode entry points
arm64: KVM: Implement TLB handling
arm64: KVM: Implement fpsimd save/restore
arm64: KVM: Implement the core world switch
arm64: KVM: Add patchable function selector
arm64: KVM: Implement guest entry
arm64: KVM: Implement debug save/restore
arm64: KVM: Implement 32bit system register save/restore
arm64: KVM: Implement system register save/restore
arm64: KVM: Implement timer save/restore
arm64: KVM: Implement vgic-v2 save/restore
arm64: KVM: Add a HYP-specific header file
KVM: arm/arm64: vgic-v3: Make the LR indexing macro public
arm64: Add macros to read/write system registers
Linux 4.4.30
Revert "fix minor infoleak in get_user_ex()"
Revert "x86/mm: Expand the exception table logic to allow new handling options"
Linux 4.4.29
ARM: pxa: pxa_cplds: fix interrupt handling
powerpc/nvram: Fix an incorrect partition merge
mpt3sas: Don't spam logs if logging level is 0
perf symbols: Fixup symbol sizes before picking best ones
perf symbols: Check symbol_conf.allow_aliases for kallsyms loading too
perf hists browser: Fix event group display
clk: divider: Fix clk_divider_round_rate() to use clk_readl()
clk: qoriq: fix a register offset error
s390/con3270: fix insufficient space padding
s390/con3270: fix use of uninitialised data
s390/cio: fix accidental interrupt enabling during resume
x86/mm: Expand the exception table logic to allow new handling options
dmaengine: ipu: remove bogus NO_IRQ reference
power: bq24257: Fix use of uninitialized pointer bq->charger
staging: r8188eu: Fix scheduling while atomic splat
ASoC: dapm: Fix kcontrol creation for output driver widget
ASoC: dapm: Fix value setting for _ENUM_DOUBLE MUX's second channel
ASoC: dapm: Fix possible uninitialized variable in snd_soc_dapm_get_volsw()
ASoC: topology: Fix error return code in soc_tplg_dapm_widget_create()
hwrng: omap - Only fail if pm_runtime_get_sync returns < 0
crypto: arm/ghash-ce - add missing async import/export
crypto: gcm - Fix IV buffer size in crypto_gcm_setkey
mwifiex: correct aid value during tdls setup
spi: spi-fsl-dspi: Drop extra spi_master_put in device remove function
ARM: clk-imx35: fix name for ckil clk
uio: fix dmem_region_start computation
genirq/generic_chip: Add irq_unmap callback
perf stat: Fix interval output values
powerpc/eeh: Null check uses of eeh_pe_bus_get
tunnels: Remove encapsulation offloads on decap.
tunnels: Don't apply GRO to multiple layers of encapsulation.
ipip: Properly mark ipip GRO packets as encapsulated.
posix_acl: Clear SGID bit when setting file permissions
brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()
mm/hugetlb: fix memory offline with hugepage size > memory block size
drm/i915: Unalias obj->phys_handle and obj->userptr
drm/i915: Account for TSEG size when determining 865G stolen base
Revert "drm/i915: Check live status before reading edid"
drm/i915/gen9: fix the WaWmMemoryReadLatency implementation
xenbus: don't look up transaction IDs for ordinary writes
drm/vmwgfx: Limit the user-space command buffer size
drm/radeon: change vblank_time's calculation method to reduce computational error.
drm/radeon/si/dpm: fix phase shedding setup
drm/radeon: narrow asic_init for virtualization
drm/amdgpu: change vblank_time's calculation method to reduce computational error.
drm/amdgpu/dce11: add missing drm_mode_config_cleanup call
drm/amdgpu/dce11: disable hpd on local panels
drm/amdgpu/dce8: disable hpd on local panels
drm/amdgpu/dce10: disable hpd on local panels
drm/amdgpu: fix IB alignment for UVD
drm/prime: Pass the right module owner through to dma_buf_export()
Linux 4.4.28
target: Don't override EXTENDED_COPY xcopy_pt_cmd SCSI status code
target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE
target: Re-add missing SCF_ACK_KREF assignment in v4.1.y
ubifs: Fix xattr_names length in exit paths
jbd2: fix incorrect unlock on j_list_lock
ext4: do not advertise encryption support when disabled
mmc: rtsx_usb_sdmmc: Handle runtime PM while changing the led
mmc: rtsx_usb_sdmmc: Avoid keeping the device runtime resumed when unused
mmc: core: Annotate cmd_hdr as __le32
powerpc/mm: Prevent unlikely crash in copro_calculate_slb()
ceph: fix error handling in ceph_read_iter
arm64: kernel: Init MDCR_EL2 even in the absence of a PMU
arm64: percpu: rewrite ll/sc loops in assembly
memstick: rtsx_usb_ms: Manage runtime PM when accessing the device
memstick: rtsx_usb_ms: Runtime resume the device when polling for cards
isofs: Do not return EACCES for unknown filesystems
irqchip/gic-v3-its: Fix entry size mask for GITS_BASER
s390/mm: fix gmap tlb flush issues
Using BUG_ON() as an assert() is _never_ acceptable
mm: filemap: fix mapping->nrpages double accounting in fuse
mm: workingset: fix crash in shadow node shrinker caused by replace_page_cache_page()
acpi, nfit: check for the correct event code in notifications
net/mlx4_core: Allow resetting VF admin mac to zero
bnx2x: Prevent false warning for lack of FC NPIV
PKCS#7: Don't require SpcSpOpusInfo in Authenticode pkcs7 signatures
hpsa: correct skipping masked peripherals
sd: Fix rw_max for devices that report an optimal xfer size
irqchip/gicv3: Handle loop timeout proper
kvm: x86: memset whole irq_eoi
x86/e820: Don't merge consecutive E820_PRAM ranges
blkcg: Unlock blkcg_pol_mutex only once when cpd == NULL
Fix regression which breaks DFS mounting
Cleanup missing frees on some ioctls
Do not send SMB3 SET_INFO request if nothing is changing
SMB3: GUIDs should be constructed as random but valid uuids
Set previous session id correctly on SMB3 reconnect
Display number of credits available
Clarify locking of cifs file and tcon structures and make more granular
fs/cifs: keep guid when assigning fid to fileinfo
cifs: Limit the overall credit acquired
fs/super.c: fix race between freeze_super() and thaw_super()
arc: don't leak bits of kernel stack into coredump
lightnvm: ensure that nvm_dev_ops can be used without CONFIG_NVM
ipc/sem.c: fix complex_count vs. simple op race
mm: filemap: don't plant shadow entries without radix tree node
metag: Only define atomic_dec_if_positive conditionally
scsi: Fix use-after-free
NFSv4.2: Fix a reference leak in nfs42_proc_layoutstats_generic
NFSv4: Open state recovery must account for file permission changes
NFSv4: nfs4_copy_delegation_stateid() must fail if the delegation is invalid
NFSv4: Don't report revoked delegations as valid in nfs_have_delegation()
sunrpc: fix write space race causing stalls
Input: elantech - add Fujitsu Lifebook E556 to force crc_enabled
Input: elantech - force needed quirks on Fujitsu H760
Input: i8042 - skip selftest on ASUS laptops
lib: add "on"/"off" support to kstrtobool
lib: update single-char callers of strtobool()
lib: move strtobool() to kstrtobool()
MIPS: ptrace: Fix regs_return_value for kernel context
MIPS: Fix -mabi=64 build of vdso.lds
ALSA: hda - Fix a failure of micmute led when having multi adcs
cx231xx: fix GPIOs for Pixelview SBTVD hybrid
cx231xx: don't return error on success
mb86a20s: fix demod settings
mb86a20s: fix the locking logic
ovl: copy_up_xattr(): use strnlen
ovl: Fix info leak in ovl_lookup_temp()
fbdev/efifb: Fix 16 color palette entry calculation
scsi: zfcp: spin_lock_irqsave() is not nestable
zfcp: trace full payload of all SAN records (req,resp,iels)
zfcp: fix payload trace length for SAN request&response
zfcp: fix D_ID field with actual value on tracing SAN responses
zfcp: restore tracing of handle for port and LUN with HBA records
zfcp: trace on request for open and close of WKA port
zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace
zfcp: retain trace level for SCSI and HBA FSF response records
zfcp: close window with unblocked rport during rport gone
zfcp: fix ELS/GS request&response length for hardware data router
zfcp: fix fc_host port_type with NPIV
ubi: Deal with interrupted erasures in WL
powerpc/pseries: Fix stack corruption in htpe code
powerpc/64: Fix incorrect return value from __copy_tofrom_user
powerpc/powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data()
powerpc/powernv: Use CPU-endian hub diag-data type in pnv_eeh_get_and_dump_hub_diag()
powerpc/powernv: Pass CPU-endian PE number to opal_pci_eeh_freeze_clear()
powerpc/vdso64: Use double word compare on pointers
dm crypt: fix crash on exit
dm mpath: check if path's request_queue is dying in activate_path()
dm: return correct error code in dm_resume()'s retry loop
dm: mark request_queue dead before destroying the DM device
perf intel-pt: Fix MTC timestamp calculation for large MTC periods
perf intel-pt: Fix estimated timestamps for cycle-accurate mode
perf intel-pt: Fix snapshot overlap detection decoder errors
pstore/ram: Use memcpy_fromio() to save old buffer
pstore/ram: Use memcpy_toio instead of memcpy
pstore/core: drop cmpxchg based updates
pstore/ramoops: fixup driver removal
parisc: Increase initial kernel mapping size
parisc: Fix kernel memory layout regarding position of __gp
parisc: Increase KERNEL_INITIAL_SIZE for 32-bit SMP kernels
cpufreq: intel_pstate: Fix unsafe HWP MSR access
platform: don't return 0 from platform_get_irq[_byname]() on error
PCI: Mark Atheros AR9580 to avoid bus reset
mmc: sdhci: cast unsigned int to unsigned long long to avoid unexpeted error
mmc: block: don't use CMD23 with very old MMC cards
rtlwifi: Fix missing country code for Great Britain
PM / devfreq: event: remove duplicate devfreq_event_get_drvdata()
clk: imx6: initialize GPU clocks
regulator: tps65910: Work around silicon erratum SWCZ010
mei: me: add kaby point device ids
gpio: mpc8xxx: Correct irq handler function
cgroup: Change from CAP_SYS_NICE to CAP_SYS_RESOURCE for cgroup migration permissions
UPSTREAM: cpu/hotplug: Handle unbalanced hotplug enable/disable
UPSTREAM: arm64: kaslr: fix breakage with CONFIG_MODVERSIONS=y
UPSTREAM: arm64: kaslr: keep modules close to the kernel when DYNAMIC_FTRACE=y
cgroup: Remove leftover instances of allow_attach
BACKPORT: lib: harden strncpy_from_user
CHROMIUM: cgroups: relax permissions on moving tasks between cgroups
CHROMIUM: remove Android's cgroup generic permissions checks
Linux 4.4.27
cfq: fix starvation of asynchronous writes
vfs: move permission checking into notify_change() for utimes(NULL)
dlm: free workqueues after the connections
crypto: vmx - Fix memory corruption caused by p8_ghash
crypto: ghash-generic - move common definitions to a new header file
ext4: release bh in make_indexed_dir
ext4: allow DAX writeback for hole punch
ext4: fix memory leak in ext4_insert_range()
ext4: reinforce check of i_dtime when clearing high fields of uid and gid
ext4: enforce online defrag restriction for encrypted files
scsi: ibmvfc: Fix I/O hang when port is not mapped
scsi: arcmsr: Simplify user_len checking
scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer()
async_pq_val: fix DMA memory leak
reiserfs: switch to generic_{get,set,remove}xattr()
reiserfs: Unlock superblock before calling reiserfs_quota_on_mount()
ASoC: Intel: Atom: add a missing star in a memcpy call
brcmfmac: fix memory leak in brcmf_fill_bss_param
i40e: avoid NULL pointer dereference and recursive errors on early PCI error
fuse: fix killing s[ug]id in setattr
fuse: invalidate dir dentry after chmod
fuse: listxattr: verify xattr list
drivers: base: dma-mapping: page align the size when unmap_kernel_range
btrfs: assign error values to the correct bio structs
serial: 8250_dw: Check the data->pclk when get apb_pclk
arm64: Use PoU cache instr for I/D coherency
arm64: mm: add code to safely replace TTBR1_EL1
arm64: mm: place __cpu_setup in .text
arm64: add function to install the idmap
arm64: unmap idmap earlier
arm64: unify idmap removal
arm64: mm: place empty_zero_page in bss
arm64: head.S: use memset to clear BSS
arm64: mm: specialise pagetable allocators
arm64: mm: remove pointless PAGE_MASKing
asm-generic: Fix local variable shadow in __set_fixmap_offset
arm64: mm: fold alternatives into .init
ARM: 8511/1: ARM64: kernel: PSCI: move PSCI idle management code to drivers/firmware
ARM: 8481/2: drivers: psci: replace psci firmware calls
ARM: 8480/2: arm64: add implementation for arm-smccc
ARM: 8479/2: add implementation for arm-smccc
ARM: 8478/2: arm/arm64: add arm-smccc
ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies
ARM: 8458/1: bL_switcher: add GIC dependency
Linux 4.4.26
mm: remove gup_flags FOLL_WRITE games from __get_user_pages()
x86/build: Build compressed x86 kernels as PIE
arm64: Remove stack duplicating code from jprobes
arm64: kprobes: Add KASAN instrumentation around stack accesses
arm64: kprobes: Cleanup jprobe_return
arm64: kprobes: Fix overflow when saving stack
arm64: kprobes: WARN if attempting to step with PSTATE.D=1
kprobes: Add arm64 case in kprobe example module
arm64: Add kernel return probes support (kretprobes)
arm64: Add trampoline code for kretprobes
arm64: kprobes instruction simulation support
arm64: Treat all entry code as non-kprobe-able
arm64: Blacklist non-kprobe-able symbol
arm64: Kprobes with single stepping support
arm64: add conditional instruction simulation support
arm64: Add more test functions to insn.c
arm64: Add HAVE_REGS_AND_STACK_ACCESS_API feature
Linux 4.4.25
tpm_crb: fix crb_req_canceled behavior
tpm: fix a race condition in tpm2_unseal_trusted()
ima: use file_dentry()
ARM: cpuidle: Fix error return code
ARM: dts: MSM8064 remove flags from SPMI/MPP IRQs
ARM: dts: mvebu: armada-390: add missing compatibility string and bracket
x86/dumpstack: Fix x86_32 kernel_stack_pointer() previous stack access
x86/irq: Prevent force migration of irqs which are not in the vector domain
x86/boot: Fix kdump, cleanup aborted E820_PRAM max_pfn manipulation
KVM: PPC: BookE: Fix a sanity check
KVM: MIPS: Drop other CPU ASIDs on guest MMU changes
KVM: PPC: Book3s PR: Allow access to unprivileged MMCR2 register
mfd: wm8350-i2c: Make sure the i2c regmap functions are compiled
mfd: 88pm80x: Double shifting bug in suspend/resume
mfd: atmel-hlcdc: Do not sleep in atomic context
mfd: rtsx_usb: Avoid setting ucr->current_sg.status
ALSA: usb-line6: use the same declaration as definition in header for MIDI manufacturer ID
ALSA: usb-audio: Extend DragonFly dB scale quirk to cover other variants
ALSA: ali5451: Fix out-of-bound position reporting
timekeeping: Fix __ktime_get_fast_ns() regression
time: Add cycles to nanoseconds translation
mm: Fix build for hardened usercopy
ANDROID: binder: Clear binder and cookie when setting handle in flat binder struct
ANDROID: binder: Add strong ref checks
UPSTREAM: staging/android/ion : fix a race condition in the ion driver
ANDROID: android-base: CONFIG_HARDENED_USERCOPY=y
UPSTREAM: fs/proc/kcore.c: Add bounce buffer for ktext data
UPSTREAM: fs/proc/kcore.c: Make bounce buffer global for read
BACKPORT: arm64: Correctly bounds check virt_addr_valid
Fix a build breakage in IO latency hist code.
UPSTREAM: efi: include asm/early_ioremap.h not asm/efi.h to get early_memremap
UPSTREAM: ia64: split off early_ioremap() declarations into asm/early_ioremap.h
FROMLIST: arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN
FROMLIST: arm64: xen: Enable user access before a privcmd hvc call
FROMLIST: arm64: Handle faults caused by inadvertent user access with PAN enabled
FROMLIST: arm64: Disable TTBR0_EL1 during normal kernel execution
FROMLIST: arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1
FROMLIST: arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro
FROMLIST: arm64: Factor out PAN enabling/disabling into separate uaccess_* macros
UPSTREAM: arm64: Handle el1 synchronous instruction aborts cleanly
UPSTREAM: arm64: include alternative handling in dcache_by_line_op
UPSTREAM: arm64: fix "dc cvau" cache operation on errata-affected core
UPSTREAM: Revert "arm64: alternatives: add enable parameter to conditional asm macros"
UPSTREAM: arm64: Add new asm macro copy_page
UPSTREAM: arm64: kill ESR_LNX_EXEC
UPSTREAM: arm64: add macro to extract ESR_ELx.EC
UPSTREAM: arm64: mm: mark fault_info table const
UPSTREAM: arm64: fix dump_instr when PAN and UAO are in use
BACKPORT: arm64: Fold proc-macros.S into assembler.h
UPSTREAM: arm64: choose memstart_addr based on minimum sparsemem section alignment
UPSTREAM: arm64/mm: ensure memstart_addr remains sufficiently aligned
UPSTREAM: arm64/kernel: fix incorrect EL0 check in inv_entry macro
UPSTREAM: arm64: Add macros to read/write system registers
UPSTREAM: arm64/efi: refactor EFI init and runtime code for reuse by 32-bit ARM
UPSTREAM: arm64/efi: split off EFI init and runtime code for reuse by 32-bit ARM
UPSTREAM: arm64/efi: mark UEFI reserved regions as MEMBLOCK_NOMAP
BACKPORT: arm64: only consider memblocks with NOMAP cleared for linear mapping
UPSTREAM: mm/memblock: add MEMBLOCK_NOMAP attribute to memblock memory table
ANDROID: dm: android-verity: Remove fec_header location constraint
BACKPORT: audit: consistently record PIDs with task_tgid_nr()
android-base.cfg: Enable kernel ASLR
UPSTREAM: vmlinux.lds.h: allow arch specific handling of ro_after_init data section
UPSTREAM: arm64: spinlock: fix spin_unlock_wait for LSE atomics
UPSTREAM: arm64: avoid TLB conflict with CONFIG_RANDOMIZE_BASE
UPSTREAM: arm64: Only select ARM64_MODULE_PLTS if MODULES=y
sched: Add Kconfig option DEFAULT_USE_ENERGY_AWARE to set ENERGY_AWARE feature flag
sched/fair: remove printk while schedule is in progress
ANDROID: fs: FS tracepoints to track IO.
sched/walt: Drop arch-specific timer access
ANDROID: fiq_debugger: Pass task parameter to unwind_frame()
eas/sched/fair: Fixing comments in find_best_target.
input: keyreset: switch to orderly_reboot
UPSTREAM: tun: fix transmit timestamp support
UPSTREAM: arch/arm/include/asm/pgtable-3level.h: add pmd_mkclean for THP
net: inet: diag: expose the socket mark to privileged processes.
net: diag: make udp_diag_destroy work for mapped addresses.
net: diag: support SOCK_DESTROY for UDP sockets
net: diag: allow socket bytecode filters to match socket marks
net: diag: slightly refactor the inet_diag_bc_audit error checks.
net: diag: Add support to filter on device index
UPSTREAM: brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()
Linux 4.4.24
ALSA: hda - Add the top speaker pin config for HP Spectre x360
ALSA: hda - Fix headset mic detection problem for several Dell laptops
ACPICA: acpi_get_sleep_type_data: Reduce warnings
ALSA: hda - Adding one more ALC255 pin definition for headset problem
Revert "usbtmc: convert to devm_kzalloc"
USB: serial: cp210x: Add ID for a Juniper console
Staging: fbtft: Fix bug in fbtft-core
usb: misc: legousbtower: Fix NULL pointer deference
USB: serial: cp210x: fix hardware flow-control disable
dm log writes: fix bug with too large bios
clk: xgene: Add missing parenthesis when clearing divider value
aio: mark AIO pseudo-fs noexec
batman-adv: remove unused callback from batadv_algo_ops struct
IB/mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV
IB/mlx4: Fix code indentation in QP1 MAD flow
IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV
IB/ipoib: Don't allow MC joins during light MC flush
IB/core: Fix use after free in send_leave function
IB/ipoib: Fix memory corruption in ipoib cm mode connect flow
KVM: nVMX: postpone VMCS changes on MSR_IA32_APICBASE write
dmaengine: at_xdmac: fix to pass correct device identity to free_irq()
kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd
ASoC: omap-mcpdm: Fix irq resource handling
sysctl: handle error writing UINT_MAX to u32 fields
powerpc/prom: Fix sub-processor option passed to ibm, client-architecture-support
brcmsmac: Initialize power in brcms_c_stf_ss_algo_channel_get()
brcmsmac: Free packet if dma_mapping_error() fails in dma_rxfill
brcmfmac: Fix glob_skb leak in brcmf_sdiod_recv_chain
ASoC: Intel: Skylake: Fix error return code in skl_probe()
pNFS/flexfiles: Fix layoutcommit after a commit to DS
pNFS/files: Fix layoutcommit after a commit to DS
NFS: Don't drop CB requests with invalid principals
svc: Avoid garbage replies when pc_func() returns rpc_drop_reply
dmaengine: at_xdmac: fix debug string
fnic: pci_dma_mapping_error() doesn't return an error code
avr32: off by one in at32_init_pio()
ath9k: Fix programming of minCCA power threshold
gspca: avoid unused variable warnings
em28xx-i2c: rt_mutex_trylock() returns zero on failure
NFC: fdp: Detect errors from fdp_nci_create_conn()
iwlmvm: mvm: set correct state in smart-fifo configuration
tile: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
pstore: drop file opened reference count
blk-mq: actually hook up defer list when running requests
hwrng: omap - Fix assumption that runtime_get_sync will always succeed
ARM: sa1111: fix pcmcia suspend/resume
ARM: shmobile: fix regulator quirk for Gen2
ARM: sa1100: clear reset status prior to reboot
ARM: sa1100: fix 3.6864MHz clock
ARM: sa1100: register clocks early
ARM: sun5i: Fix typo in trip point temperature
regulator: qcom_smd: Fix voltage ranges for pm8x41
regulator: qcom_spmi: Update mvs1/mvs2 switches on pm8941
regulator: qcom_spmi: Add support for get_mode/set_mode on switches
regulator: qcom_spmi: Add support for S4 supply on pm8941
tpm: fix byte-order for the value read by tpm2_get_tpm_pt
printk: fix parsing of "brl=" option
MIPS: uprobes: fix use of uninitialised variable
MIPS: Malta: Fix IOCU disable switch read for MIPS64
MIPS: fix uretprobe implementation
MIPS: uprobes: remove incorrect set_orig_insn
arm64: debug: avoid resetting stepping state machine when TIF_SINGLESTEP
ARM: 8618/1: decompressor: reset ttbcr fields to use TTBR0 on ARMv7
irqchip/gicv3: Silence noisy DEBUG_PER_CPU_MAPS warning
gpio: sa1100: fix irq probing for ucb1x00
usb: gadget: fsl_qe_udc: signedness bug in qe_get_frame()
ceph: fix race during filling readdir cache
iwlwifi: mvm: don't use ret when not initialised
iwlwifi: pcie: fix access to scratch buffer
spi: sh-msiof: Avoid invalid clock generator parameters
hwmon: (adt7411) set bit 3 in CFG1 register
nvmem: Declare nvmem_cell_read() consistently
ipvs: fix bind to link-local mcast IPv6 address in backup
tools/vm/slabinfo: fix an unintentional printf
mmc: pxamci: fix potential oops
drivers/perf: arm_pmu: Fix leak in error path
pinctrl: Flag strict is a field in struct pinmux_ops
pinctrl: uniphier: fix .pin_dbg_show() callback
i40e: avoid null pointer dereference
perf/core: Fix pmu::filter_match for SW-led groups
iwlwifi: mvm: fix a few firmware capability checks
usb: musb: fix DMA for host mode
usb: musb: Fix DMA desired mode for Mentor DMA engine
ARM: 8617/1: dma: fix dma_max_pfn()
ARM: 8616/1: dt: Respect property size when parsing CPUs
drm/radeon/si/dpm: add workaround for for Jet parts
drm/nouveau/fifo/nv04: avoid ramht race against cookie insertion
x86/boot: Initialize FPU and X86_FEATURE_ALWAYS even if we don't have CPUID
x86/init: Fix cr4_init_shadow() on CR4-less machines
can: dev: fix deadlock reported after bus-off
mm,ksm: fix endless looping in allocating memory when ksm enable
mtd: nand: davinci: Reinitialize the HW ECC engine in 4bit hwctl
cpuset: handle race between CPU hotplug and cpuset_hotplug_work
usercopy: fold builtin_const check into inline function
Linux 4.4.23
hostfs: Freeing an ERR_PTR in hostfs_fill_sb_common()
qxl: check for kmap failures
power: supply: max17042_battery: fix model download bug.
power_supply: tps65217-charger: fix missing platform_set_drvdata()
PM / hibernate: Fix rtree_next_node() to avoid walking off list ends
PM / hibernate: Restore processor state before using per-CPU variables
MIPS: paravirt: Fix undefined reference to smp_bootstrap
MIPS: Add a missing ".set pop" in an early commit
MIPS: Avoid a BUG warning during prctl(PR_SET_FP_MODE, ...)
MIPS: Remove compact branch policy Kconfig entries
MIPS: vDSO: Fix Malta EVA mapping to vDSO page structs
MIPS: SMP: Fix possibility of deadlock when bringing CPUs online
MIPS: Fix pre-r6 emulation FPU initialisation
i2c: qup: skip qup_i2c_suspend if the device is already runtime suspended
i2c-eg20t: fix race between i2c init and interrupt enable
btrfs: ensure that file descriptor used with subvol ioctls is a dir
nl80211: validate number of probe response CSA counters
can: flexcan: fix resume function
mm: delete unnecessary and unsafe init_tlb_ubc()
tracing: Move mutex to protect against resetting of seq data
fix memory leaks in tracing_buffers_splice_read()
power: reset: hisi-reboot: Unmap region obtained by of_iomap
mtd: pmcmsp-flash: Allocating too much in init_msp_flash()
mtd: maps: sa1100-flash: potential NULL dereference
fix fault_in_multipages_...() on architectures with no-op access_ok()
fanotify: fix list corruption in fanotify_get_response()
fsnotify: add a way to stop queueing events on group shutdown
xfs: prevent dropping ioend completions during buftarg wait
autofs: use dentry flags to block walks during expire
autofs races
pwm: Mark all devices as "might sleep"
bridge: re-introduce 'fix parsing of MLDv2 reports'
net: smc91x: fix SMC accesses
Revert "phy: IRQ cannot be shared"
net: dsa: bcm_sf2: Fix race condition while unmasking interrupts
net/mlx5: Added missing check of msg length in verifying its signature
tipc: fix NULL pointer dereference in shutdown()
net/irda: handle iriap_register_lsap() allocation failure
vti: flush x-netns xfrm cache when vti interface is removed
af_unix: split 'u->readlock' into two: 'iolock' and 'bindlock'
Revert "af_unix: Fix splice-bind deadlock"
bonding: Fix bonding crash
megaraid: fix null pointer check in megasas_detach_one().
nouveau: fix nv40_perfctr_next() cleanup regression
Staging: iio: adc: fix indent on break statement
iwlegacy: avoid warning about missing braces
ath9k: fix misleading indentation
am437x-vfpe: fix typo in vpfe_get_app_input_index
Add braces to avoid "ambiguous ‘else’" compiler warnings
net: caif: fix misleading indentation
Makefile: Mute warning for __builtin_return_address(>0) for tracing only
Disable "frame-address" warning
Disable "maybe-uninitialized" warning globally
gcov: disable -Wmaybe-uninitialized warning
Kbuild: disable 'maybe-uninitialized' warning for CONFIG_PROFILE_ALL_BRANCHES
kbuild: forbid kernel directory to contain spaces and colons
tools: Support relative directory path for 'O='
Makefile: revert "Makefile: Document ability to make file.lst and file.S" partially
kbuild: Do not run modules_install and install in paralel
ocfs2: fix start offset to ocfs2_zero_range_for_truncate()
ocfs2/dlm: fix race between convert and migration
crypto: echainiv - Replace chaining with multiplication
crypto: skcipher - Fix blkcipher walk OOM crash
crypto: arm/aes-ctr - fix NULL dereference in tail processing
crypto: arm64/aes-ctr - fix NULL dereference in tail processing
tcp: properly scale window in tcp_v[46]_reqsk_send_ack()
tcp: fix use after free in tcp_xmit_retransmit_queue()
tcp: cwnd does not increase in TCP YeAH
ipv6: release dst in ping_v6_sendmsg
ipv4: panic in leaf_walk_rcu due to stale node pointer
reiserfs: fix "new_insert_key may be used uninitialized ..."
Fix build warning in kernel/cpuset.c
include/linux/kernel.h: change abs() macro so it uses consistent return type
Linux 4.4.22
openrisc: fix the fix of copy_from_user()
avr32: fix 'undefined reference to `___copy_from_user'
ia64: copy_from_user() should zero the destination on access_ok() failure
genirq/msi: Fix broken debug output
ppc32: fix copy_from_user()
sparc32: fix copy_from_user()
mn10300: copy_from_user() should zero on access_ok() failure...
nios2: copy_from_user() should zero the tail of destination
openrisc: fix copy_from_user()
parisc: fix copy_from_user()
metag: copy_from_user() should zero the destination on access_ok() failure
alpha: fix copy_from_user()
asm-generic: make copy_from_user() zero the destination properly
mips: copy_from_user() must zero the destination on access_ok() failure
hexagon: fix strncpy_from_user() error return
sh: fix copy_from_user()
score: fix copy_from_user() and friends
blackfin: fix copy_from_user()
cris: buggered copy_from_user/copy_to_user/clear_user
frv: fix clear_user()
asm-generic: make get_user() clear the destination on errors
ARC: uaccess: get_user to zero out dest in cause of fault
s390: get_user() should zero on failure
score: fix __get_user/get_user
nios2: fix __get_user()
sh64: failing __get_user() should zero
m32r: fix __get_user()
mn10300: failing __get_user() and get_user() should zero
fix minor infoleak in get_user_ex()
microblaze: fix copy_from_user()
avr32: fix copy_from_user()
microblaze: fix __get_user()
fix iov_iter_fault_in_readable()
irqchip/atmel-aic: Fix potential deadlock in ->xlate()
genirq: Provide irq_gc_{lock_irqsave,unlock_irqrestore}() helpers
drm: Only use compat ioctl for addfb2 on X86/IA64
drm: atmel-hlcdc: Fix vertical scaling
net: simplify napi_synchronize() to avoid warnings
kconfig: tinyconfig: provide whole choice blocks to avoid warnings
soc: qcom/spm: shut up uninitialized variable warning
pinctrl: at91-pio4: use %pr format string for resource
mmc: dw_mmc: use resource_size_t to store physical address
drm/i915: Avoid pointer arithmetic in calculating plane surface offset
mpssd: fix buffer overflow warning
gma500: remove annoying deprecation warning
ipv6: addrconf: fix dev refcont leak when DAD failed
sched/core: Fix a race between try_to_wake_up() and a woken up task
Revert "wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel"
ath9k: fix using sta->drv_priv before initializing it
md-cluster: make md-cluster also can work when compiled into kernel
xhci: fix null pointer dereference in stop command timeout function
fuse: direct-io: don't dirty ITER_BVEC pages
Btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns
crypto: cryptd - initialize child shash_desc on import
arm64: spinlocks: implement smp_mb__before_spinlock() as smp_mb()
pinctrl: sunxi: fix uart1 CTS/RTS pins at PG on A23/A33
pinctrl: pistachio: fix mfio pll_lock pinmux
dm crypt: fix error with too large bios
dm log writes: move IO accounting earlier to fix error path
dm log writes: fix check of kthread_run() return value
bus: arm-ccn: Fix XP watchpoint settings bitmask
bus: arm-ccn: Do not attempt to configure XPs for cycle counter
bus: arm-ccn: Fix PMU handling of MN
ARM: dts: STiH407-family: Provide interconnect clock for consumption in ST SDHCI
ARM: dts: overo: fix gpmc nand on boards with ethernet
ARM: dts: overo: fix gpmc nand cs0 range
ARM: dts: imx6qdl: Fix SPDIF regression
ARM: OMAP3: hwmod data: Add sysc information for DSI
ARM: kirkwood: ib62x0: fix size of u-boot environment partition
ARM: imx6: add missing BM_CLPCR_BYPASS_PMIC_READY setting for imx6sx
ARM: imx6: add missing BM_CLPCR_BYP_MMDC_CH0_LPM_HS setting for imx6ul
ARM: AM43XX: hwmod: Fix RSTST register offset for pruss
cpuset: make sure new tasks conform to the current config of the cpuset
net: thunderx: Fix OOPs with ethtool --register-dump
USB: change bInterval default to 10 ms
ARM: dts: STiH410: Handle interconnect clock required by EHCI/OHCI (USB)
usb: chipidea: udc: fix NULL ptr dereference in isr_setup_status_phase
usb: renesas_usbhs: fix clearing the {BRDY,BEMP}STS condition
USB: serial: simple: add support for another Infineon flashloader
serial: 8250: added acces i/o products quad and octal serial cards
serial: 8250_mid: fix divide error bug if baud rate is 0
iio: ensure ret is initialized to zero before entering do loop
iio:core: fix IIO_VAL_FRACTIONAL sign handling
iio: accel: kxsd9: Fix scaling bug
iio: fix pressure data output unit in hid-sensor-attributes
iio: accel: bmc150: reset chip at init time
iio: adc: at91: unbreak channel adc channel 3
iio: ad799x: Fix buffered capture for ad7991/ad7995/ad7999
iio: adc: ti_am335x_adc: Increase timeout value waiting for ADC sample
iio: adc: ti_am335x_adc: Protect FIFO1 from concurrent access
iio: adc: rockchip_saradc: reset saradc controller before programming it
iio: proximity: as3935: set up buffer timestamps for non-zero values
iio: accel: kxsd9: Fix raw read return
kvm-arm: Unmap shadow pagetables properly
x86/AMD: Apply erratum 665 on machines without a BIOS fix
x86/paravirt: Do not trace _paravirt_ident_*() functions
ARC: mm: fix build breakage with STRICT_MM_TYPECHECKS
IB/uverbs: Fix race between uverbs_close and remove_one
dm flakey: fix reads to be issued if drop_writes configured
audit: fix exe_file access in audit_exe_compare
mm: introduce get_task_exe_file
kexec: fix double-free when failing to relocate the purgatory
NFSv4.1: Fix the CREATE_SESSION slot number accounting
pNFS: Ensure LAYOUTGET and LAYOUTRETURN are properly serialised
nfsd: Close race between nfsd4_release_lockowner and nfsd4_lock
NFSv4.x: Fix a refcount leak in nfs_callback_up_net
pNFS: The client must not do I/O to the DS if it's lease has expired
kernfs: don't depend on d_find_any_alias() when generating notifications
powerpc/mm: Don't alias user region to other regions below PAGE_OFFSET
powerpc/powernv : Drop reference added by kset_find_obj()
powerpc/tm: do not use r13 for tabort_syscall
tipc: move linearization of buffers to generic code
lightnvm: put bio before return
fscrypto: require write access to mount to set encryption policy
Revert "KVM: x86: fix missed hardware breakpoints"
MIPS: KVM: Check for pfn noslot case
clocksource/drivers/sun4i: Clear interrupts after stopping timer in probe function
fscrypto: add authorization check for setting encryption policy
ext4: use __GFP_NOFAIL in ext4_free_blocks()
Conflicts:
arch/arm/kernel/devtree.c
arch/arm64/Kconfig
arch/arm64/kernel/arm64ksyms.c
arch/arm64/kernel/psci.c
arch/arm64/mm/fault.c
drivers/android/binder.c
drivers/usb/host/xhci-hub.c
fs/ext4/readpage.c
include/linux/mmc/core.h
include/linux/mmzone.h
mm/memcontrol.c
net/core/filter.c
net/netlink/af_netlink.c
net/netlink/af_netlink.h
Change-Id: I99fe7a0914e83e284b11b33185b71448a8999d1f
Signed-off-by: Runmin Wang <runminw@codeaurora.org>
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit ed5d7788a934a4b6d6d025e948ed4da496b4f12e ]
It is wrong to schedule a work from sk_destruct using the socket
as the memory reserve because the socket will be freed immediately
after the return from sk_destruct.
Instead we should do the deferral prior to sk_free.
This patch does just that.
Fixes: 707693c8a498 ("netlink: Call cb->done from a worker thread")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 707693c8a498697aa8db240b93eb76ec62e30892 ]
The cb->done interface expects to be called in process context.
This was broken by the netlink RCU conversion. This patch fixes
it by adding a worker struct to make the cb->done call where
necessary.
Fixes: 21e4902aea80 ("netlink: Lockless lookup with RCU grace...")
Reported-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit d35c99ff77ecb2eb239731b799386f3b3637a31e ]
Since linux-3.15, netlink_dump() can use up to 16384 bytes skb
allocations.
Due to struct skb_shared_info ~320 bytes overhead, we end up using
order-3 (on x86) page allocations, that might trigger direct reclaim and
add stress.
The intent was really to attempt a large allocation but immediately
fallback to a smaller one (order-1 on x86) in case of memory stress.
On recent kernels (linux-4.4), we can remove __GFP_DIRECT_RECLAIM to
meet the goal. Old kernels would need to remove __GFP_WAIT
While we are at it, since we do an order-3 allocation, allow to use
all the allocated bytes instead of 16384 to reduce syscalls during
large dumps.
iproute2 already uses 32KB recvmsg() buffer sizes.
Alexei provided an initial patch downsizing to SKB_WITH_OVERHEAD(16384)
Fixes: 9063e21fb026 ("netlink: autosize skb lengthes")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Alexei Starovoitov <ast@kernel.org>
Cc: Greg Thelen <gthelen@google.com>
Reviewed-by: Greg Rose <grose@lightfleet.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Grabbing the mutex should not be done from netlink_sock_destruct() but
from netlink_release()
CRs-Fixed: 1094434
Change-Id: I69ae0d8589a0878b9758619893848afc272179c5
Signed-off-by: Eric Dumazet <edumazet@google.com>
Patch-mainline: linux-netdev @ 11/26/16, 04:54
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* origin/tmp-da9a92f:
arm64: kaslr: increase randomization granularity
arm64: relocatable: deal with physically misaligned kernel images
arm64: don't map TEXT_OFFSET bytes below the kernel if we can avoid it
arm64: kernel: replace early 64-bit literal loads with move-immediates
arm64: introduce mov_q macro to move a constant into a 64-bit register
arm64: kernel: perform relocation processing from ID map
arm64: kernel: use literal for relocated address of __secondary_switched
arm64: kernel: don't export local symbols from head.S
arm64: simplify kernel segment mapping granularity
arm64: cover the .head.text section in the .text segment mapping
arm64: move early boot code to the .init segment
arm64: use 'segment' rather than 'chunk' to describe mapped kernel regions
arm64: mm: Mark .rodata as RO
Linux 4.4.16
ovl: verify upper dentry before unlink and rename
drm/i915: Revert DisplayPort fast link training feature
tmpfs: fix regression hang in fallocate undo
tmpfs: don't undo fallocate past its last page
crypto: qat - make qat_asym_algs.o depend on asn1 headers
xen/acpi: allow xen-acpi-processor driver to load on Xen 4.7
File names with trailing period or space need special case conversion
cifs: dynamic allocation of ntlmssp blob
Fix reconnect to not defer smb3 session reconnect long after socket reconnect
53c700: fix BUG on untagged commands
s390: fix test_fp_ctl inline assembly contraints
scsi: fix race between simultaneous decrements of ->host_failed
ovl: verify upper dentry in ovl_remove_and_whiteout()
ovl: Copy up underlying inode's ->i_mode to overlay inode
ARM: mvebu: fix HW I/O coherency related deadlocks
ARM: dts: armada-38x: fix MBUS_ID for crypto SRAM on Armada 385 Linksys
ARM: sunxi/dt: make the CHIP inherit from allwinner,sun5i-a13
ALSA: hda: add AMD Stoney PCI ID with proper driver caps
ALSA: hda - fix use-after-free after module unload
ALSA: ctl: Stop notification after disconnection
ALSA: pcm: Free chmap at PCM free callback, too
ALSA: hda/realtek - add new pin definition in alc225 pin quirk table
ALSA: hda - fix read before array start
ALSA: hda - Add PCI ID for Kabylake-H
ALSA: hda/realtek: Add Lenovo L460 to docking unit fixup
ALSA: timer: Fix negative queue usage by racy accesses
ALSA: echoaudio: Fix memory allocation
ALSA: au88x0: Fix calculation in vortex_wtdma_bufshift()
ALSA: hda / realtek - add two more Thinkpad IDs (5050,5053) for tpt460 fixup
ALSA: hda - Fix the headset mic jack detection on Dell machine
ALSA: dummy: Fix a use-after-free at closing
hwmon: (dell-smm) Cache fan_type() calls and change fan detection
hwmon: (dell-smm) Disallow fan_type() calls on broken machines
hwmon: (dell-smm) Restrict fan control and serial number to CAP_SYS_ADMIN by default
tty/vt/keyboard: fix OOB access in do_compute_shiftstate()
tty: vt: Fix soft lockup in fbcon cursor blink timer.
iio:ad7266: Fix probe deferral for vref
iio:ad7266: Fix support for optional regulators
iio:ad7266: Fix broken regulator error handling
iio: accel: kxsd9: fix the usage of spi_w8r8()
staging: iio: accel: fix error check
iio: hudmidity: hdc100x: fix incorrect shifting and scaling
iio: humidity: hdc100x: fix IIO_TEMP channel reporting
iio: humidity: hdc100x: correct humidity integration time mask
iio: proximity: as3935: fix buffer stack trashing
iio: proximity: as3935: remove triggered buffer processing
iio: proximity: as3935: correct IIO_CHAN_INFO_RAW output
iio: light apds9960: Add the missing dev.parent
iio:st_pressure: fix sampling gains (bring inline with ABI)
iio: Fix error handling in iio_trigger_attach_poll_func
xen/balloon: Fix declared-but-not-defined warning
perf/x86: Fix undefined shift on 32-bit kernels
memory: omap-gpmc: Fix omap gpmc EXTRADELAY timing
drm/vmwgfx: Fix error paths when mapping framebuffer
drm/vmwgfx: Delay pinning fbdev framebuffer until after mode set
drm/vmwgfx: Check pin count before attempting to move a buffer
drm/vmwgfx: Work around mode set failure in 2D VMs
drm/vmwgfx: Add an option to change assumed FB bpp
drm/ttm: Make ttm_bo_mem_compat available
drm: atmel-hlcdc: actually disable scaling when no scaling is required
drm: make drm_atomic_set_mode_prop_for_crtc() more reliable
drm: add missing drm_mode_set_crtcinfo call
drm/i915: Update CDCLK_FREQ register on BDW after changing cdclk frequency
drm/i915: Update ifdeffery for mutex->owner
drm/i915: Refresh cached DP port register value on resume
drm/i915/ilk: Don't disable SSC source if it's in use
drm/nouveau/disp/sor/gf119: select correct sor when poking training pattern
drm/nouveau: fix for disabled fbdev emulation
drm/nouveau/fbcon: fix out-of-bounds memory accesses
drm/nouveau/gr/gf100-: update sm error decoding from gk20a nvgpu headers
drm/nouveau/disp/sor/gf119: both links use the same training register
virtio_balloon: fix PFN format for virtio-1
drm/dp/mst: Always clear proposed vcpi table for port.
drm/amdkfd: destroy dbgmgr in notifier release
drm/amdkfd: unbind only existing processes
ubi: Make recover_peb power cut aware
drm/amdgpu/gfx7: fix broken condition check
drm/radeon: fix asic initialization for virtualized environments
btrfs: account for non-CoW'd blocks in btrfs_abort_transaction
percpu: fix synchronization between synchronous map extension and chunk destruction
percpu: fix synchronization between chunk->map_extend_work and chunk destruction
af_unix: fix hard linked sockets on overlay
vfs: add d_real_inode() helper
arm64: Rework valid_user_regs
ipmi: Remove smi_msg from waiting_rcv_msgs list before handle_one_recv_msg()
drm/mgag200: Black screen fix for G200e rev 4
iommu/amd: Fix unity mapping initialization race
iommu/vt-d: Enable QI on all IOMMUs before setting root entry
iommu/arm-smmu: Wire up map_sg for arm-smmu-v3
base: make module_create_drivers_dir race-free
tracing: Handle NULL formats in hold_module_trace_bprintk_format()
HID: multitouch: enable palm rejection for Windows Precision Touchpad
HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands
HID: elo: kill not flush the work
KVM: nVMX: VMX instructions: fix segment checks when L1 is in long mode.
kvm: Fix irq route entries exceeding KVM_MAX_IRQ_ROUTES
KEYS: potential uninitialized variable
ARCv2: LLSC: software backoff is NOT needed starting HS2.1c
ARCv2: Check for LL-SC livelock only if LLSC is enabled
ipv6: Fix mem leak in rt6i_pcpu
cdc_ncm: workaround for EM7455 "silent" data interface
net_sched: fix mirrored packets checksum
packet: Use symmetric hash for PACKET_FANOUT_HASH.
sched/fair: Fix cfs_rq avg tracking underflow
UBIFS: Implement ->migratepage()
mm: Export migrate_page_move_mapping and migrate_page_copy
MIPS: KVM: Fix modular KVM under QEMU
ARM: 8579/1: mm: Fix definition of pmd_mknotpresent
ARM: 8578/1: mm: ensure pmd_present only checks the valid bit
ARM: imx6ul: Fix Micrel PHY mask
NFS: Fix another OPEN_DOWNGRADE bug
make nfs_atomic_open() call d_drop() on all ->open_context() errors.
nfsd: check permissions when setting ACLs
posix_acl: Add set_posix_acl
nfsd: Extend the mutex holding region around in nfsd4_process_open2()
nfsd: Always lock state exclusively.
nfsd4/rpc: move backchannel create logic into rpc code
writeback: use higher precision calculation in domain_dirty_limits()
thermal: cpu_cooling: fix improper order during initialization
uvc: Forward compat ioctls to their handlers directly
Revert "gpiolib: Split GPIO flags parsing and GPIO configuration"
x86/amd_nb: Fix boot crash on non-AMD systems
kprobes/x86: Clear TF bit in fault on single-stepping
x86, build: copy ldlinux.c32 to image.iso
locking/static_key: Fix concurrent static_key_slow_inc()
locking/qspinlock: Fix spin_unlock_wait() some more
locking/ww_mutex: Report recursive ww_mutex locking early
of: irq: fix of_irq_get[_byname]() kernel-doc
of: fix autoloading due to broken modalias with no 'compatible'
mnt: If fs_fully_visible fails call put_filesystem.
mnt: Account for MS_RDONLY in fs_fully_visible
mnt: fs_fully_visible test the proper mount for MNT_LOCKED
usb: common: otg-fsm: add license to usb-otg-fsm
USB: EHCI: declare hostpc register as zero-length array
usb: dwc2: fix regression on big-endian PowerPC/ARM systems
powerpc/tm: Always reclaim in start_thread() for exec() class syscalls
powerpc/pseries: Fix IBM_ARCH_VEC_NRCORES_OFFSET since POWER8NVL was added
powerpc/pseries: Fix PCI config address for DDW
powerpc/iommu: Remove the dependency on EEH struct in DDW mechanism
IB/mlx4: Properly initialize GRH TClass and FlowLabel in AHs
IB/cm: Fix a recently introduced locking bug
EDAC, sb_edac: Fix rank lookup on Broadwell
mac80211: Fix mesh estab_plinks counting in STA removal case
mac80211_hwsim: Add missing check for HWSIM_ATTR_SIGNAL
mac80211: mesh: flush mesh paths unconditionally
mac80211: fix fast_tx header alignment
Linux 4.4.15
usb: dwc3: exynos: Fix deferred probing storm.
usb: host: ehci-tegra: Grab the correct UTMI pads reset
usb: gadget: fix spinlock dead lock in gadgetfs
USB: mos7720: delete parport
xhci: Fix handling timeouted commands on hosts in weird states.
USB: xhci: Add broken streams quirk for Frescologic device id 1009
usb: xhci-plat: properly handle probe deferral for devm_clk_get()
xhci: Cleanup only when releasing primary hcd
usb: musb: host: correct cppi dma channel for isoch transfer
usb: musb: Ensure rx reinit occurs for shared_fifo endpoints
usb: musb: Stop bulk endpoint while queue is rotated
usb: musb: only restore devctl when session was set in backup
usb: quirks: Add no-lpm quirk for Acer C120 LED Projector
usb: quirks: Fix sorting
USB: uas: Fix slave queue_depth not being set
crypto: user - re-add size check for CRYPTO_MSG_GETALG
crypto: ux500 - memmove the right size
crypto: vmx - Increase priority of aes-cbc cipher
AX.25: Close socket connection on session completion
bpf: try harder on clones when writing into skb
net: alx: Work around the DMA RX overflow issue
net: macb: fix default configuration for GMAC on AT91
neigh: Explicitly declare RCU-bh read side critical section in neigh_xmit()
bpf, perf: delay release of BPF prog after grace period
sock_diag: do not broadcast raw socket destruction
Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address
ipmr/ip6mr: Initialize the last assert time of mfc entries.
netem: fix a use after free
esp: Fix ESN generation under UDP encapsulation
sit: correct IP protocol used in ipip6_err
net: Don't forget pr_fmt on net_dbg_ratelimited for CONFIG_DYNAMIC_DEBUG
net_sched: fix pfifo_head_drop behavior vs backlog
sdcardfs: Truncate packages_gid.list on overflow
UPSTREAM: cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind
BACKPORT: proc: add /proc/<pid>/timerslack_ns interface
BACKPORT: timer: convert timer_slack_ns from unsigned long to u64
netfilter: xt_quota2: make quota2_log work well
Revert "usb: gadget: prevent change of Host MAC address of 'usb0' interface"
BACKPORT: PM / sleep: Go direct_complete if driver has no callbacks
ANDROID: base-cfg: enable UID_CPUTIME
UPSTREAM: USB: usbfs: fix potential infoleak in devio
UPSTREAM: ALSA: timer: Fix leak in events via snd_timer_user_ccallback
UPSTREAM: ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
UPSTREAM: ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
ANDROID: configs: remove unused configs
ANDROID: cpu: send KOBJ_ONLINE event when enabling cpus
ANDROID: dm verity fec: initialize recursion level
ANDROID: dm verity fec: fix RS block calculation
Linux 4.4.14
netfilter: x_tables: introduce and use xt_copy_counters_from_user
netfilter: x_tables: do compat validation via translate_table
netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
netfilter: ip6_tables: simplify translate_compat_table args
netfilter: ip_tables: simplify translate_compat_table args
netfilter: arp_tables: simplify translate_compat_table args
netfilter: x_tables: don't reject valid target size on some architectures
netfilter: x_tables: validate all offsets and sizes in a rule
netfilter: x_tables: check for bogus target offset
netfilter: x_tables: check standard target size too
netfilter: x_tables: add compat version of xt_check_entry_offsets
netfilter: x_tables: assert minimum target size
netfilter: x_tables: kill check_entry helper
netfilter: x_tables: add and use xt_check_entry_offsets
netfilter: x_tables: validate targets of jumps
netfilter: x_tables: don't move to non-existent next rule
drm/core: Do not preserve framebuffer on rmfb, v4.
crypto: qat - fix adf_ctl_drv.c:undefined reference to adf_init_pf_wq
netfilter: x_tables: fix unconditional helper
netfilter: x_tables: make sure e->next_offset covers remaining blob size
netfilter: x_tables: validate e->target_offset early
MIPS: Fix 64k page support for 32 bit kernels.
sparc64: Fix return from trap window fill crashes.
sparc: Harden signal return frame checks.
sparc64: Take ctx_alloc_lock properly in hugetlb_setup().
sparc64: Reduce TLB flushes during hugepte changes
sparc/PCI: Fix for panic while enabling SR-IOV
sparc64: Fix sparc64_set_context stack handling.
sparc64: Fix numa node distance initialization
sparc64: Fix bootup regressions on some Kconfig combinations.
sparc: Fix system call tracing register handling.
fix d_walk()/non-delayed __d_free() race
sched: panic on corrupted stack end
proc: prevent stacking filesystems on top
x86/entry/traps: Don't force in_interrupt() to return true in IST handlers
wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel
ecryptfs: forbid opening files without mmap handler
memcg: add RCU locking around css_for_each_descendant_pre() in memcg_offline_kmem()
parisc: Fix pagefault crash in unaligned __get_user() call
pinctrl: mediatek: fix dual-edge code defect
powerpc/pseries: Add POWER8NVL support to ibm,client-architecture-support call
powerpc: Use privileged SPR number for MMCR2
powerpc: Fix definition of SIAR and SDAR registers
powerpc/pseries/eeh: Handle RTAS delay requests in configure_bridge
arm64: mm: always take dirty state from new pte in ptep_set_access_flags
arm64: Provide "model name" in /proc/cpuinfo for PER_LINUX32 tasks
crypto: ccp - Fix AES XTS error for request sizes above 4096
crypto: public_key: select CRYPTO_AKCIPHER
irqchip/gic-v3: Fix ICC_SGI1R_EL1.INTID decoding mask
s390/bpf: reduce maximum program size to 64 KB
s390/bpf: fix recache skb->data/hlen for skb_vlan_push/pop
gpio: bcm-kona: fix bcm_kona_gpio_reset() warnings
ARM: fix PTRACE_SETVFPREGS on SMP systems
ALSA: hda/realtek: Add T560 docking unit fixup
ALSA: hda/realtek - Add support for new codecs ALC700/ALC701/ALC703
ALSA: hda/realtek - ALC256 speaker noise issue
ALSA: hda - Fix headset mic detection problem for Dell machine
ALSA: hda - Add PCI ID for Kabylake
KVM: irqfd: fix NULL pointer dereference in kvm_irq_map_gsi
KVM: x86: fix OOPS after invalid KVM_SET_DEBUGREGS
vxlan, gre, geneve: Set a large MTU on ovs-created tunnel devices
geneve: Relax MTU constraints
vxlan: Relax MTU constraints
ipv6: Skip XFRM lookup if dst_entry in socket cache is valid
l2tp: fix configuration passed to setup_udp_tunnel_sock()
bridge: Don't insert unnecessary local fdb entry on changing mac address
tcp: record TLP and ER timer stats in v6 stats
vxlan: Accept user specified MTU value when create new vxlan link
team: don't call netdev_change_features under team->lock
sfc: on MC reset, clear PIO buffer linkage in TXQs
bpf, inode: disallow userns mounts
uapi glibc compat: fix compilation when !__USE_MISC in glibc
udp: prevent skbs lingering in tunnel socket queues
bpf: Use mount_nodev not mount_ns to mount the bpf filesystem
tuntap: correctly wake up process during uninit
switchdev: pass pointer to fib_info instead of copy
tipc: fix nametable publication field in nl compat
netlink: Fix dump skb leak/double free
tipc: check nl sock before parsing nested attributes
scsi: Add QEMU CD-ROM to VPD Inquiry Blacklist
scsi_lib: correctly retry failed zero length REQ_TYPE_FS commands
cs-etm: associating output packet with CPU they executed on
cs-etm: removing unecessary structure field
cs-etm: account for each trace buffer in the queue
cs-etm: avoid casting variable
perf tools: fixing Makefile problems
perf tools: new naming convention for openCSD
perf scripts: Add python scripts for CoreSight traces
perf tools: decoding capailitity for CoreSight traces
perf symbols: Check before overwriting build_id
perf tools: pushing driver configuration down to the kernel
perf tools: add infrastructure for PMU specific configuration
coresight: etm-perf: incorporating sink definition from the cmd line
coresight: adding sink parameter to function coresight_build_path()
perf: passing struct perf_event to function setup_aux()
perf/core: adding PMU driver specific configuration
perf tools: adding coresight etm PMU record capabilities
perf tools: making coresight PMU listable
coresight: tmc: implementing TMC-ETR AUX space API
coresight: Add support for Juno platform
coresight: Handle build path error
coresight: Fix erroneous memset in tmc_read_unprepare_etr
coresight: Fix tmc_read_unprepare_etr
coresight: Fix NULL pointer dereference in _coresight_build_path
ANDROID: dm verity fec: add missing release from fec_ktype
ANDROID: dm verity fec: limit error correction recursion
ANDROID: restrict access to perf events
FROMLIST: security,perf: Allow further restriction of perf_event_open
BACKPORT: perf tools: Document the perf sysctls
Revert "armv6 dcc tty driver"
Revert "arm: dcc_tty: fix armv6 dcc tty build failure"
ARM64: Ignore Image-dtb from git point of view
arm64: add option to build Image-dtb
ANDROID: usb: gadget: f_midi: set fi->f to NULL when free f_midi function
Linux 4.4.13
xfs: handle dquot buffer readahead in log recovery correctly
xfs: print name of verifier if it fails
xfs: skip stale inodes in xfs_iflush_cluster
xfs: fix inode validity check in xfs_iflush_cluster
xfs: xfs_iflush_cluster fails to abort on error
xfs: Don't wrap growfs AGFL indexes
xfs: disallow rw remount on fs with unknown ro-compat features
gcov: disable tree-loop-im to reduce stack usage
scripts/package/Makefile: rpmbuild add support of RPMOPTS
dma-debug: avoid spinlock recursion when disabling dma-debug
PM / sleep: Handle failures in device_suspend_late() consistently
ext4: silence UBSAN in ext4_mb_init()
ext4: address UBSAN warning in mb_find_order_for_block()
ext4: fix oops on corrupted filesystem
ext4: clean up error handling when orphan list is corrupted
ext4: fix hang when processing corrupted orphaned inode list
drm/imx: Match imx-ipuv3-crtc components using device node in platform data
drm/i915: Don't leave old junk in ilk active watermarks on readout
drm/atomic: Verify connector->funcs != NULL when clearing states
drm/fb_helper: Fix references to dev->mode_config.num_connector
drm/i915/fbdev: Fix num_connector references in intel_fb_initial_config()
drm/amdgpu: Fix hdmi deep color support.
drm/amdgpu: use drm_mode_vrefresh() rather than mode->vrefresh
drm/vmwgfx: Fix order of operation
drm/vmwgfx: use vmw_cmd_dx_cid_check for query commands.
drm/vmwgfx: Enable SVGA_3D_CMD_DX_SET_PREDICATION
drm/gma500: Fix possible out of bounds read
sunrpc: fix stripping of padded MIC tokens
xen: use same main loop for counting and remapping pages
xen/events: Don't move disabled irqs
powerpc/eeh: Restore initial state in eeh_pe_reset_and_recover()
Revert "powerpc/eeh: Fix crash in eeh_add_device_early() on Cell"
powerpc/eeh: Don't report error in eeh_pe_reset_and_recover()
powerpc/book3s64: Fix branching to OOL handlers in relocatable kernel
pipe: limit the per-user amount of pages allocated in pipes
QE-UART: add "fsl,t1040-ucc-uart" to of_device_id
wait/ptrace: assume __WALL if the child is traced
mm: use phys_addr_t for reserve_bootmem_region() arguments
media: v4l2-compat-ioctl32: fix missing reserved field copy in put_v4l2_create32
PCI: Disable all BAR sizing for devices with non-compliant BARs
pinctrl: exynos5440: Use off-stack memory for pinctrl_gpio_range
clk: bcm2835: divider value has to be 1 or more
clk: bcm2835: pll_off should only update CM_PLL_ANARST
clk: at91: fix check of clk_register() returned value
clk: bcm2835: Fix PLL poweron
cpuidle: Fix cpuidle_state_is_coupled() argument in cpuidle_enter()
cpuidle: Indicate when a device has been unregistered
PM / Runtime: Fix error path in pm_runtime_force_resume()
mfd: intel_soc_pmic_core: Terminate panel control GPIO lookup table correctly
mfd: intel-lpss: Save register context on suspend
hwmon: (ads7828) Enable internal reference
aacraid: Fix for KDUMP driver hang
aacraid: Fix for aac_command_thread hang
aacraid: Relinquish CPU during timeout wait
rtlwifi: pci: use dev_kfree_skb_irq instead of kfree_skb in rtl_pci_reset_trx_ring
rtlwifi: Fix logic error in enter/exit power-save mode
rtlwifi: btcoexist: Implement antenna selection
rtlwifi: rtl8723be: Add antenna select module parameter
hwrng: exynos - Fix unbalanced PM runtime put on timeout error path
ath5k: Change led pin configuration for compaq c700 laptop
ath10k: fix kernel panic, move arvifs list head init before htt init
ath10k: fix rx_channel during hw reconfigure
ath10k: fix firmware assert in monitor mode
ath10k: fix debugfs pktlog_filter write
ath9k: Fix LED polarity for some Mini PCI AR9220 MB92 cards.
ath9k: Add a module parameter to invert LED polarity.
ARM: dts: imx35: restore existing used clock enumeration
ARM: dts: exynos: Add interrupt line to MAX8997 PMIC on exynos4210-trats
ARM: dts: at91: fix typo in sama5d2 PIN_PD24 description
ARM: mvebu: fix GPIO config on the Linksys boards
Input: uinput - handle compat ioctl for UI_SET_PHYS
ASoC: ak4642: Enable cache usage to fix crashes on resume
affs: fix remount failure when there are no options changed
MIPS: VDSO: Build with `-fno-strict-aliasing'
MIPS: lib: Mark intrinsics notrace
MIPS: Build microMIPS VDSO for microMIPS kernels
MIPS: Fix sigreturn via VDSO on microMIPS kernel
MIPS: ptrace: Prevent writes to read-only FCSR bits
MIPS: ptrace: Fix FP context restoration FCSR regression
MIPS: Disable preemption during prctl(PR_SET_FP_MODE, ...)
MIPS: Prevent "restoration" of MSA context in non-MSA kernels
MIPS: Fix MSA ld_*/st_* asm macros to use PTR_ADDU
MIPS: Use copy_s.fmt rather than copy_u.fmt
MIPS: Loongson-3: Reserve 32MB for RS780E integrated GPU
MIPS: Reserve nosave data for hibernation
MIPS: ath79: make bootconsole wait for both THRE and TEMT
MIPS: Sync icache & dcache in set_pte_at
MIPS: Handle highmem pages in __update_cache
MIPS: Flush highmem pages in __flush_dcache_page
MIPS: Fix watchpoint restoration
MIPS: Fix uapi include in exported asm/siginfo.h
MIPS: Fix siginfo.h to use strict posix types
MIPS: Avoid using unwind_stack() with usermode
MIPS: Don't unwind to user mode with EVA
MIPS: MSA: Fix a link error on `_init_msa_upper' with older GCC
MIPS: math-emu: Fix jalr emulation when rd == $0
MIPS64: R6: R2 emulation bugfix
coresight: etb10: adjust read pointer only when needed
coresight: configuring ETF in FIFO mode when acting as link
coresight: tmc: implementing TMC-ETF AUX space API
coresight: moving struct cs_buffers to header file
coresight: tmc: keep track of memory width
coresight: tmc: make sysFS and Perf mode mutually exclusive
coresight: tmc: dump system memory content only when needed
coresight: tmc: adding mode of operation for link/sinks
coresight: tmc: getting rid of multiple read access
coresight: tmc: allocating memory when needed
coresight: tmc: making prepare/unprepare functions generic
coresight: tmc: splitting driver in ETB/ETF and ETR components
coresight: tmc: cleaning up header file
coresight: tmc: introducing new header file
coresight: tmc: clearly define number of transfers per burst
coresight: tmc: re-implementing tmc_read_prepare/unprepare() functions
coresight: tmc: waiting for TMCReady bit before programming
coresight: tmc: modifying naming convention
coresight: tmc: adding sysFS management entries
coresight: etm4x: add tracer ID for A72 Maia processor.
coresight: etb10: fixing the right amount of words to read
coresight: stm: adding driver for CoreSight STM component
coresight: adding path for STM device
coresight: etm4x: modify q_support type
coresight: no need to do the forced type conversion
coresight: removing gratuitous boot time log messages
coresight: etb10: splitting sysFS "status" entry
coresight: moving coresight_simple_func() to header file
coresight: etm4x: implementing the perf PMU API
coresight: etm4x: implementing user/kernel mode tracing
coresight: etm4x: moving etm_drvdata::enable to atomic field
coresight: etm4x: unlocking tracers in default arch init
coresight: etm4x: splitting etmv4 default configuration
coresight: etm4x: splitting struct etmv4_drvdata
coresight: etm4x: adding config and traceid registers
coresight: etm4x: moving sysFS entries to a dedicated file
stm class: Support devices that override software assigned masters
stm class: Remove unnecessary pointer increment
stm class: Fix stm device initialization order
stm class: Do not leak the chrdev in error path
stm class: Remove a pointless line
stm class: stm_heartbeat: Make nr_devs parameter read-only
stm class: dummy_stm: Make nr_dummies parameter read-only
MAINTAINERS: Add a git tree for the stm class
perf/ring_buffer: Document AUX API usage
perf/core: Free AUX pages in unmap path
perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops
perf auxtrace: Add perf_evlist pointer to *info_priv_size()
perf session: Simplify tool stubs
perf inject: Hit all DSOs for AUX data in JIT and other cases
perf tools: tracepoint_error() can receive e=NULL, robustify it
perf evlist: Make perf_evlist__open() open evsels with their cpus and threads (like perf record does)
perf evsel: Introduce disable() method
perf cpumap: Auto initialize cpu__max_{node,cpu}
drivers/hwtracing: make coresight-etm-perf.c explicitly non-modular
drivers/hwtracing: make coresight-* explicitly non-modular
coresight: introducing a global trace ID function
coresight: etm-perf: new PMU driver for ETM tracers
coresight: etb10: implementing AUX API
coresight: etb10: adding operation mode for sink->enable()
coresight: etb10: moving to local atomic operations
coresight: etm3x: implementing perf_enable/disable() API
coresight: etm3x: implementing user/kernel mode tracing
coresight: etm3x: consolidating initial config
coresight: etm3x: changing default trace configuration
coresight: etm3x: set progbit to stop trace collection
coresight: etm3x: adding operation mode for etm_enable()
coresight: etm3x: splitting struct etm_drvdata
coresight: etm3x: unlocking tracers in default arch init
coresight: etm3x: moving sysFS entries to dedicated file
coresight: etm3x: moving etm_readl/writel to header file
coresight: moving PM runtime operations to core framework
coresight: add API to get sink from path
coresight: associating path with session rather than tracer
coresight: etm4x: Check every parameter used by dma_xx_coherent.
coresight: "DEVICE_ATTR_RO" should defined as static.
coresight: implementing 'cpu_id()' API
coresight: removing bind/unbind options from sysfs
coresight: remove csdev's link from topology
coresight: release reference taken by 'bus_find_device()'
coresight: coresight_unregister() function cleanup
coresight: fixing lockdep error
coresight: fixing indentation problem
coresight: Fix a typo in Kconfig
coresight: checking for NULL string in coresight_name_match()
perf/core: Disable the event on a truncated AUX record
perf/core: Don't leak event in the syscall error path
perf/core: Fix perf_sched_count derailment
stm class: dummy_stm: Add link callback for fault injection
stm class: Plug stm device's unlink callback
stm class: Fix a race in unlinking
stm class: Fix unbalanced module/device refcounting
stm class: Guard output assignment against concurrency
stm class: Fix unlocking braino in the error path
stm class: Add heartbeat stm source device
stm class: dummy_stm: Create multiple devices
stm class: Support devices with multiple instances
stm class: Use driver's packet callback return value
stm class: Prevent user-controllable allocations
stm class: Fix link list locking
stm class: Fix locking in unbinding policy path
stm class: Select CONFIG_SRCU
stm class: Hide STM-specific options if STM is disabled
perf: Synchronously free aux pages in case of allocation failure
Linux 4.4.12
kbuild: move -Wunused-const-variable to W=1 warning level
Revert "scsi: fix soft lockup in scsi_remove_target() on module removal"
scsi: Add intermediate STARGET_REMOVE state to scsi_target_state
hpfs: implement the show_options method
hpfs: fix remount failure when there are no options changed
UBI: Fix static volume checks when Fastmap is used
SIGNAL: Move generic copy_siginfo() to signal.h
thunderbolt: Fix double free of drom buffer
IB/srp: Fix a debug kernel crash
ALSA: hda - Fix headset mic detection problem for one Dell machine
ALSA: hda/realtek - Add support for ALC295/ALC3254
ALSA: hda - Fix headphone noise on Dell XPS 13 9360
ALSA: hda/realtek - New codecs support for ALC234/ALC274/ALC294
mcb: Fixed bar number assignment for the gdd
clk: bcm2835: add locking to pll*_on/off methods
locking,qspinlock: Fix spin_is_locked() and spin_unlock_wait()
serial: samsung: Reorder the sequence of clock control when call s3c24xx_serial_set_termios()
serial: 8250_mid: recognize interrupt source in handler
serial: 8250_mid: use proper bar for DNV platform
serial: 8250_pci: fix divide error bug if baud rate is 0
Fix OpenSSH pty regression on close
tty/serial: atmel: fix hardware handshake selection
TTY: n_gsm, fix false positive WARN_ON
tty: vt, return error when con_startup fails
xen/x86: actually allocate legacy interrupts on PV guests
KVM: x86: mask CPUID(0xD,0x1).EAX against host value
MIPS: KVM: Fix timer IRQ race when writing CP0_Compare
MIPS: KVM: Fix timer IRQ race when freezing timer
KVM: x86: fix ordering of cr0 initialization code in vmx_cpu_reset
KVM: MTRR: remove MSR 0x2f8
staging: comedi: das1800: fix possible NULL dereference
usb: gadget: udc: core: Fix argument of dev_err() in usb_gadget_map_request()
USB: leave LPM alone if possible when binding/unbinding interface drivers
usb: misc: usbtest: fix pattern tests for scatterlists.
usb: f_mass_storage: test whether thread is running before starting another
usb: gadget: f_fs: Fix EFAULT generation for async read operations
USB: serial: option: add even more ZTE device ids
USB: serial: option: add more ZTE device ids
USB: serial: option: add support for Cinterion PH8 and AHxx
USB: serial: io_edgeport: fix memory leaks in probe error path
USB: serial: io_edgeport: fix memory leaks in attach error path
USB: serial: quatech2: fix use-after-free in probe error path
USB: serial: keyspan: fix use-after-free in probe error path
USB: serial: mxuport: fix use-after-free in probe error path
mei: bus: call mei_cl_read_start under device lock
mei: amthif: discard not read messages
mei: fix NULL dereferencing during FW initiated disconnection
Bluetooth: vhci: Fix race at creating hci device
Bluetooth: vhci: purge unhandled skbs
Bluetooth: vhci: fix open_timeout vs. hdev race
mmc: sdhci-pci: Remove MMC_CAP_BUS_WIDTH_TEST for Intel controllers
mmc: longer timeout for long read time quirk
dell-rbtn: Ignore ACPI notifications if device is suspended
ACPI / osi: Fix an issue that acpi_osi=!* cannot disable ACPICA internal strings
mmc: sdhci-acpi: Remove MMC_CAP_BUS_WIDTH_TEST for Intel controllers
mmc: mmc: Fix partition switch timeout for some eMMCs
can: fix handling of unmodifiable configuration options
irqchip/gic-v3: Configure all interrupts as non-secure Group-1
irqchip/gic: Ensure ordering between read of INTACK and shared data
Input: pwm-beeper - fix - scheduling while atomic
mfd: omap-usb-tll: Fix scheduling while atomic BUG
sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded systems
clk: qcom: msm8916: Fix crypto clock flags
crypto: sun4i-ss - Replace spinlock_bh by spin_lock_irq{save|restore}
crypto: talitos - fix ahash algorithms registration
crypto: caam - fix caam_jr_alloc() ret code
ring-buffer: Prevent overflow of size in ring_buffer_resize()
ring-buffer: Use long for nr_pages to avoid overflow failures
asix: Fix offset calculation in asix_rx_fixup() causing slow transmissions
fs/cifs: correctly to anonymous authentication for the NTLM(v2) authentication
fs/cifs: correctly to anonymous authentication for the NTLM(v1) authentication
fs/cifs: correctly to anonymous authentication for the LANMAN authentication
fs/cifs: correctly to anonymous authentication via NTLMSSP
remove directory incorrectly tries to set delete on close on non-empty directories
kvm: arm64: Fix EC field in inject_abt64
arm/arm64: KVM: Enforce Break-Before-Make on Stage-2 page tables
arm64: cpuinfo: Missing NULL terminator in compat_hwcap_str
arm64: Implement pmdp_set_access_flags() for hardware AF/DBM
arm64: Implement ptep_set_access_flags() for hardware AF/DBM
arm64: Ensure pmd_present() returns false after pmd_mknotpresent()
arm64: Fix typo in the pmdp_huge_get_and_clear() definition
ext4: iterate over buffer heads correctly in move_extent_per_page()
perf test: Fix build of BPF and LLVM on older glibc libraries
perf/core: Fix perf_event_open() vs. execve() race
perf/x86/intel/pt: Generate PMI in the STOP region as well
Btrfs: don't use src fd for printk
UPSTREAM: mac80211: fix "warning: ‘target_metric’ may be used uninitialized"
Revert "drivers: power: use 'current' instead of 'get_current()'"
cpufreq: interactive: drop cpufreq_{get,put}_global_kobject func calls
Revert "cpufreq: interactive: build fixes for 4.4"
xt_qtaguid: Fix panic caused by processing non-full socket.
fiq_debugger: Add fiq_debugger.disable option
UPSTREAM: procfs: fixes pthread cross-thread naming if !PR_DUMPABLE
FROMLIST: wlcore: Disable filtering in AP role
Revert "drivers: power: Add watchdog timer to catch drivers which lockup during suspend."
fiq_debugger: Add option to apply uart overlay by FIQ_DEBUGGER_UART_OVERLAY
Revert "Recreate asm/mach/mmc.h include file"
Revert "ARM: Add 'card_present' state to mmc_platfrom_data"
usb: dual-role: make stub functions inline
Revert "mmc: Add status IRQ and status callback function to mmc platform data"
quick selinux support for tracefs
Revert "hid-multitouch: Filter collections by application usage."
Revert "HID: steelseries: validate output report details"
xt_qtaguid: Fix panic caused by synack processing
Revert "mm: vmscan: Add a debug file for shrinkers"
Revert "SELinux: Enable setting security contexts on rootfs inodes."
Revert "SELinux: build fix for 4.1"
fuse: Add support for d_canonical_path
vfs: change d_canonical_path to take two paths
android: recommended.cfg: remove CONFIG_UID_STAT
netfilter: xt_qtaguid: seq_printf fixes
Revert "misc: uidstat: Adding uid stat driver to collect network statistics."
Revert "net: activity_stats: Add statistics for network transmission activity"
Revert "net: activity_stats: Stop using obsolete create_proc_read_entry api"
Revert "misc: uidstat: avoid create_stat() race and blockage."
Revert "misc: uidstat: Remove use of obsolete create_proc_read_entry api"
Revert "misc seq_printf fixes for 4.4"
Revert "misc: uid_stat: Include linux/atomic.h instead of asm/atomic.h"
Revert "net: socket ioctl to reset connections matching local address"
Revert "net: fix iterating over hashtable in tcp_nuke_addr()"
Revert "net: fix crash in tcp_nuke_addr()"
Revert "Don't kill IPv4 sockets when killing IPv6 sockets was requested."
Revert "tcp: Fix IPV6 module build errors"
android: base-cfg: remove CONFIG_SWITCH
Revert "switch: switch class and GPIO drivers."
Revert "drivers: switch: remove S_IWUSR from dev_attr"
ANDROID: base-cfg: enable CONFIG_IP_NF_NAT
BACKPORT: selinux: restrict kernel module loading
android: base-cfg: enable CONFIG_QUOTA
Conflicts:
Documentation/sysctl/kernel.txt
drivers/cpufreq/cpufreq_interactive.c
drivers/hwtracing/coresight/Kconfig
drivers/hwtracing/coresight/Makefile
drivers/hwtracing/coresight/coresight-etm4x.c
drivers/hwtracing/coresight/coresight-etm4x.h
drivers/hwtracing/coresight/coresight-priv.h
drivers/hwtracing/coresight/coresight-stm.c
drivers/hwtracing/coresight/coresight-tmc.c
drivers/mmc/core/core.c
include/linux/coresight-stm.h
include/linux/coresight.h
include/linux/msm_mdp.h
include/uapi/linux/coresight-stm.h
kernel/events/core.c
kernel/sched/fair.c
net/Makefile
net/ipv4/netfilter/arp_tables.c
net/ipv4/netfilter/ip_tables.c
net/ipv4/tcp.c
net/ipv6/netfilter/ip6_tables.c
net/netfilter/xt_quota2.c
sound/core/pcm.c
Change-Id: I17aa0002815014e9bddc47e67769a53c15768a99
Signed-off-by: Runmin Wang <runminw@codeaurora.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 92964c79b357efd980812c4de5c1fd2ec8bb5520 ]
When we free cb->skb after a dump, we do it after releasing the
lock. This means that a new dump could have started in the time
being and we'll end up freeing their skb instead of ours.
This patch saves the skb and module before we unlock so we free
the right memory.
Fixes: 16b304f3404f ("netlink: Eliminate kmalloc in netlink dump operation.")
Reported-by: Baozeng Ding <sploving1@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* msm-4.4/tmp-510d0a3f:
Linux 4.4.11
nf_conntrack: avoid kernel pointer value leak in slab name
drm/radeon: fix DP link training issue with second 4K monitor
drm/i915/bdw: Add missing delay during L3 SQC credit programming
drm/i915: Bail out of pipe config compute loop on LPT
drm/radeon: fix PLL sharing on DCE6.1 (v2)
Revert "[media] videobuf2-v4l2: Verify planes array in buffer dequeueing"
Input: max8997-haptic - fix NULL pointer dereference
get_rock_ridge_filename(): handle malformed NM entries
tools lib traceevent: Do not reassign parg after collapse_tree()
qla1280: Don't allocate 512kb of host tags
atomic_open(): fix the handling of create_error
regulator: axp20x: Fix axp22x ldo_io voltage ranges
regulator: s2mps11: Fix invalid selector mask and voltages for buck9
workqueue: fix rebind bound workers warning
ARM: dts: at91: sam9x5: Fix the memory range assigned to the PMC
vfs: rename: check backing inode being equal
vfs: add vfs_select_inode() helper
perf/core: Disable the event on a truncated AUX record
regmap: spmi: Fix regmap_spmi_ext_read in multi-byte case
pinctrl: at91-pio4: fix pull-up/down logic
spi: spi-ti-qspi: Handle truncated frames properly
spi: spi-ti-qspi: Fix FLEN and WLEN settings if bits_per_word is overridden
spi: pxa2xx: Do not detect number of enabled chip selects on Intel SPT
ALSA: hda - Fix broken reconfig
ALSA: hda - Fix white noise on Asus UX501VW headset
ALSA: hda - Fix subwoofer pin on ASUS N751 and N551
ALSA: usb-audio: Yet another Phoneix Audio device quirk
ALSA: usb-audio: Quirk for yet another Phoenix Audio devices (v2)
crypto: testmgr - Use kmalloc memory for RSA input
crypto: hash - Fix page length clamping in hash walk
crypto: qat - fix invalid pf2vf_resp_wq logic
s390/mm: fix asce_bits handling with dynamic pagetable levels
zsmalloc: fix zs_can_compact() integer overflow
ocfs2: fix posix_acl_create deadlock
ocfs2: revert using ocfs2_acl_chmod to avoid inode cluster lock hang
net/route: enforce hoplimit max value
tcp: refresh skb timestamp at retransmit time
net: thunderx: avoid exposing kernel stack
net: fix a kernel infoleak in x25 module
uapi glibc compat: fix compile errors when glibc net/if.h included before linux/if.h MIME-Version: 1.0
bridge: fix igmp / mld query parsing
net: bridge: fix old ioctl unlocked net device walk
VSOCK: do not disconnect socket when peer has shutdown SEND only
net/mlx4_en: Fix endianness bug in IPV6 csum calculation
net: fix infoleak in rtnetlink
net: fix infoleak in llc
net: fec: only clear a queue's work bit if the queue was emptied
netem: Segment GSO packets on enqueue
sch_dsmark: update backlog as well
sch_htb: update backlog as well
net_sched: update hierarchical backlog too
net_sched: introduce qdisc_replace() helper
gre: do not pull header in ICMP error processing
net: Implement net_dbg_ratelimited() for CONFIG_DYNAMIC_DEBUG case
samples/bpf: fix trace_output example
bpf: fix check_map_func_compatibility logic
bpf: fix refcnt overflow
bpf: fix double-fdput in replace_map_fd_with_map_ptr()
net/mlx4_en: fix spurious timestamping callbacks
ipv4/fib: don't warn when primary address is missing if in_dev is dead
net/mlx5e: Fix minimum MTU
net/mlx5e: Device's mtu field is u16 and not int
openvswitch: use flow protocol when recalculating ipv6 checksums
atl2: Disable unimplemented scatter/gather feature
vlan: pull on __vlan_insert_tag error path and fix csum correction
net: use skb_postpush_rcsum instead of own implementations
cdc_mbim: apply "NDP to end" quirk to all Huawei devices
bpf/verifier: reject invalid LD_ABS | BPF_DW instruction
net: sched: do not requeue a NULL skb
packet: fix heap info leak in PACKET_DIAG_MCLIST sock_diag interface
route: do not cache fib route info on local routes with oif
decnet: Do not build routes to devices without decnet private data.
parisc: Use generic extable search and sort routines
arm64: kasan: Use actual memory node when populating the kernel image shadow
arm64: mm: treat memstart_addr as a signed quantity
arm64: lse: deal with clobbered IP registers after branch via PLT
arm64: mm: check at build time that PAGE_OFFSET divides the VA space evenly
arm64: kasan: Fix zero shadow mapping overriding kernel image shadow
arm64: consistently use p?d_set_huge
arm64: fix KASLR boot-time I-cache maintenance
arm64: hugetlb: partial revert of 66b3923a1a0f
arm64: make irq_stack_ptr more robust
arm64: efi: invoke EFI_RNG_PROTOCOL to supply KASLR randomness
efi: stub: use high allocation for converted command line
efi: stub: add implementation of efi_random_alloc()
efi: stub: implement efi_get_random_bytes() based on EFI_RNG_PROTOCOL
arm64: kaslr: randomize the linear region
arm64: add support for kernel ASLR
arm64: add support for building vmlinux as a relocatable PIE binary
arm64: switch to relative exception tables
extable: add support for relative extables to search and sort routines
scripts/sortextable: add support for ET_DYN binaries
arm64: futex.h: Add missing PAN toggling
arm64: make asm/elf.h available to asm files
arm64: avoid dynamic relocations in early boot code
arm64: avoid R_AARCH64_ABS64 relocations for Image header fields
arm64: add support for module PLTs
arm64: move brk immediate argument definitions to separate header
arm64: mm: use bit ops rather than arithmetic in pa/va translations
arm64: mm: only perform memstart_addr sanity check if DEBUG_VM
arm64: User die() instead of panic() in do_page_fault()
arm64: allow kernel Image to be loaded anywhere in physical memory
arm64: defer __va translation of initrd_start and initrd_end
arm64: move kernel image to base of vmalloc area
arm64: kvm: deal with kernel symbols outside of linear mapping
arm64: decouple early fixmap init from linear mapping
arm64: pgtable: implement static [pte|pmd|pud]_offset variants
arm64: introduce KIMAGE_VADDR as the virtual base of the kernel region
arm64: add support for ioremap() block mappings
arm64: prevent potential circular header dependencies in asm/bug.h
of/fdt: factor out assignment of initrd_start/initrd_end
of/fdt: make memblock minimum physical address arch configurable
arm64: Remove the get_thread_info() function
arm64: kernel: Don't toggle PAN on systems with UAO
arm64: cpufeature: Test 'matches' pointer to find the end of the list
arm64: kernel: Add support for User Access Override
arm64: add ARMv8.2 id_aa64mmfr2 boiler plate
arm64: cpufeature: Change read_cpuid() to use sysreg's mrs_s macro
arm64: use local label prefixes for __reg_num symbols
arm64: vdso: Mark vDSO code as read-only
arm64: ubsan: select ARCH_HAS_UBSAN_SANITIZE_ALL
arm64: ptdump: Indicate whether memory should be faulting
arm64: Add support for ARCH_SUPPORTS_DEBUG_PAGEALLOC
arm64: Drop alloc function from create_mapping
arm64: prefetch: add missing #include for spin_lock_prefetch
arm64: lib: patch in prfm for copy_page if requested
arm64: lib: improve copy_page to deal with 128 bytes at a time
arm64: prefetch: add alternative pattern for CPUs without a prefetcher
arm64: prefetch: don't provide spin_lock_prefetch with LSE
arm64: allow vmalloc regions to be set with set_memory_*
arm64: kernel: implement ACPI parking protocol
arm64: mm: create new fine-grained mappings at boot
arm64: ensure _stext and _etext are page-aligned
arm64: mm: allow passing a pgdir to alloc_init_*
arm64: mm: allocate pagetables anywhere
arm64: mm: use fixmap when creating page tables
arm64: mm: add functions to walk tables in fixmap
arm64: mm: add __{pud,pgd}_populate
arm64: mm: avoid redundant __pa(__va(x))
arm64: mm: add functions to walk page tables by PA
arm64: mm: move pte_* macros
arm64: kasan: avoid TLB conflicts
arm64: mm: add code to safely replace TTBR1_EL1
arm64: add function to install the idmap
arm64: unmap idmap earlier
arm64: unify idmap removal
arm64: mm: place empty_zero_page in bss
arm64: mm: specialise pagetable allocators
asm-generic: Fix local variable shadow in __set_fixmap_offset
Eliminate the .eh_frame sections from the aarch64 vmlinux and kernel modules
arm64: Fix an enum typo in mm/dump.c
arm64: kasan: ensure that the KASAN zero page is mapped read-only
arch/arm64/include/asm/pgtable.h: add pmd_mkclean for THP
arm64: hide __efistub_ aliases from kallsyms
Linux 4.4.10
drm/i915/skl: Fix DMC load on Skylake J0 and K0
lib/test-string_helpers.c: fix and improve string_get_size() tests
ACPI / processor: Request native thermal interrupt handling via _OSC
drm/i915: Fake HDMI live status
drm/i915: Make RPS EI/thresholds multiple of 25 on SNB-BDW
drm/i915: Fix eDP low vswing for Broadwell
drm/i915/ddi: Fix eDP VDD handling during booting and suspend/resume
drm/radeon: make sure vertical front porch is at least 1
iio: ak8975: fix maybe-uninitialized warning
iio: ak8975: Fix NULL pointer exception on early interrupt
drm/amdgpu: set metadata pointer to NULL after freeing.
drm/amdgpu: make sure vertical front porch is at least 1
gpu: ipu-v3: Fix imx-ipuv3-crtc module autoloading
nvmem: mxs-ocotp: fix buffer overflow in read
USB: serial: cp210x: add Straizona Focusers device ids
USB: serial: cp210x: add ID for Link ECU
ata: ahci-platform: Add ports-implemented DT bindings.
libahci: save port map for forced port map
powerpc: Fix bad inline asm constraint in create_zero_mask()
ACPICA: Dispatcher: Update thread ID for recursive method calls
x86/sysfb_efi: Fix valid BAR address range check
ARC: Add missing io barriers to io{read,write}{16,32}be()
ARM: cpuidle: Pass on arm_cpuidle_suspend()'s return value
propogate_mnt: Handle the first propogated copy being a slave
fs/pnode.c: treat zero mnt_group_id-s as unequal
x86/tsc: Read all ratio bits from MSR_PLATFORM_INFO
MAINTAINERS: Remove asterisk from EFI directory names
writeback: Fix performance regression in wb_over_bg_thresh()
batman-adv: Reduce refcnt of removed router when updating route
batman-adv: Fix broadcast/ogm queue limit on a removed interface
batman-adv: Check skb size before using encapsulated ETH+VLAN header
batman-adv: fix DAT candidate selection (must use vid)
mm: update min_free_kbytes from khugepaged after core initialization
proc: prevent accessing /proc/<PID>/environ until it's ready
Input: zforce_ts - fix dual touch recognition
HID: Fix boot delay for Creative SB Omni Surround 5.1 with quirk
HID: wacom: Add support for DTK-1651
xen/evtchn: fix ring resize when binding new events
xen/balloon: Fix crash when ballooning on x86 32 bit PAE
xen: Fix page <-> pfn conversion on 32 bit systems
ARM: SoCFPGA: Fix secondary CPU startup in thumb2 kernel
ARM: EXYNOS: Properly skip unitialized parent clock in power domain on
mm/zswap: provide unique zpool name
mm, cma: prevent nr_isolated_* counters from going negative
Minimal fix-up of bad hashing behavior of hash_64()
MD: make bio mergeable
tracing: Don't display trigger file for events that can't be enabled
mac80211: fix statistics leak if dev_alloc_name() fails
ath9k: ar5008_hw_cmn_spur_mitigate: add missing mask_m & mask_p initialisation
lpfc: fix misleading indentation
clk: qcom: msm8960: Fix ce3_src register offset
clk: versatile: sp810: support reentrance
clk: qcom: msm8960: fix ce3_core clk enable register
clk: meson: Fix meson_clk_register_clks() signature type mismatch
clk: rockchip: free memory in error cases when registering clock branches
soc: rockchip: power-domain: fix err handle while probing
clk-divider: make sure read-only dividers do not write to their register
CNS3xxx: Fix PCI cns3xxx_write_config()
mwifiex: fix corner case association failure
ata: ahci_xgene: dereferencing uninitialized pointer in probe
nbd: ratelimit error msgs after socket close
mfd: intel-lpss: Remove clock tree on error path
ipvs: drop first packet to redirect conntrack
ipvs: correct initial offset of Call-ID header search in SIP persistence engine
ipvs: handle ip_vs_fill_iph_skb_off failure
RDMA/iw_cxgb4: Fix bar2 virt addr calculation for T4 chips
Revert: "powerpc/tm: Check for already reclaimed tasks"
arm64: head.S: use memset to clear BSS
efi: stub: define DISABLE_BRANCH_PROFILING for all architectures
arm64: entry: remove pointless SPSR mode check
arm64: mm: move pgd_cache initialisation to pgtable_cache_init
arm64: module: avoid undefined shift behavior in reloc_data()
arm64: module: fix relocation of movz instruction with negative immediate
arm64: traps: address fallout from printk -> pr_* conversion
arm64: ftrace: fix a stack tracer's output under function graph tracer
arm64: pass a task parameter to unwind_frame()
arm64: ftrace: modify a stack frame in a safe way
arm64: remove irq_count and do_softirq_own_stack()
arm64: hugetlb: add support for PTE contiguous bit
arm64: Use PoU cache instr for I/D coherency
arm64: Defer dcache flush in __cpu_copy_user_page
arm64: reduce stack use in irq_handler
arm64: Documentation: add list of software workarounds for errata
arm64: mm: place __cpu_setup in .text
arm64: cmpxchg: Don't incldue linux/mmdebug.h
arm64: mm: fold alternatives into .init
arm64: Remove redundant padding from linker script
arm64: mm: remove pointless PAGE_MASKing
arm64: don't call C code with el0's fp register
arm64: when walking onto the task stack, check sp & fp are in current->stack
arm64: Add this_cpu_ptr() assembler macro for use in entry.S
arm64: irq: fix walking from irq stack to task stack
arm64: Add do_softirq_own_stack() and enable irq_stacks
arm64: Modify stack trace and dump for use with irq_stack
arm64: Store struct thread_info in sp_el0
arm64: Add trace_hardirqs_off annotation in ret_to_user
arm64: ftrace: fix the comments for ftrace_modify_code
arm64: ftrace: stop using kstop_machine to enable/disable tracing
arm64: spinlock: serialise spin_unlock_wait against concurrent lockers
arm64: enable HAVE_IRQ_TIME_ACCOUNTING
arm64: fix COMPAT_SHMLBA definition for large pages
arm64: add __init/__initdata section marker to some functions/variables
arm64: pgtable: implement pte_accessible()
arm64: mm: allow sections for unaligned bases
arm64: mm: detect bad __create_mapping uses
Linux 4.4.9
extcon: max77843: Use correct size for reading the interrupt register
stm class: Select CONFIG_SRCU
megaraid_sas: add missing curly braces in ioctl handler
sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a race
thermal: rockchip: fix a impossible condition caused by the warning
unbreak allmodconfig KCONFIG_ALLCONFIG=...
jme: Fix device PM wakeup API usage
jme: Do not enable NIC WoL functions on S0
bus: imx-weim: Take the 'status' property value into account
ARM: dts: pxa: fix dma engine node to pxa3xx-nand
ARM: dts: armada-375: use armada-370-sata for SATA
ARM: EXYNOS: select THERMAL_OF
ARM: prima2: always enable reset controller
ARM: OMAP3: Add cpuidle parameters table for omap3430
ext4: fix races of writeback with punch hole and zero range
ext4: fix races between buffered IO and collapse / insert range
ext4: move unlocked dio protection from ext4_alloc_file_blocks()
ext4: fix races between page faults and hole punching
perf stat: Document --detailed option
perf tools: handle spaces in file names obtained from /proc/pid/maps
perf hists browser: Only offer symbol scripting when a symbol is under the cursor
mtd: nand: Drop mtd.owner requirement in nand_scan
mtd: brcmnand: Fix v7.1 register offsets
mtd: spi-nor: remove micron_quad_enable()
serial: sh-sci: Remove cpufreq notifier to fix crash/deadlock
ext4: fix NULL pointer dereference in ext4_mark_inode_dirty()
x86/mm/kmmio: Fix mmiotrace for hugepages
perf evlist: Reference count the cpu and thread maps at set_maps()
drivers/misc/ad525x_dpot: AD5274 fix RDAC read back errors
rtc: max77686: Properly handle regmap_irq_get_virq() error code
rtc: rx8025: remove rv8803 id
rtc: ds1685: passing bogus values to irq_restore
rtc: vr41xx: Wire up alarm_irq_enable
rtc: hym8563: fix invalid year calculation
PM / Domains: Fix removal of a subdomain
PM / OPP: Initialize u_volt_min/max to a valid value
misc: mic/scif: fix wrap around tests
misc/bmp085: Enable building as a module
lib/mpi: Endianness fix
fbdev: da8xx-fb: fix videomodes of lcd panels
scsi_dh: force modular build if SCSI is a module
paride: make 'verbose' parameter an 'int' again
regulator: s5m8767: fix get_register() error handling
irqchip/mxs: Fix error check of of_io_request_and_map()
irqchip/sunxi-nmi: Fix error check of of_io_request_and_map()
spi/rockchip: Make sure spi clk is on in rockchip_spi_set_cs
locking/mcs: Fix mcs_spin_lock() ordering
regulator: core: Fix nested locking of supplies
regulator: core: Ensure we lock all regulators
regulator: core: fix regulator_lock_supply regression
Revert "regulator: core: Fix nested locking of supplies"
videobuf2-v4l2: Verify planes array in buffer dequeueing
videobuf2-core: Check user space planes array in dqbuf
USB: usbip: fix potential out-of-bounds write
cgroup: make sure a parent css isn't freed before its children
mm/hwpoison: fix wrong num_poisoned_pages accounting
mm: vmscan: reclaim highmem zone if buffer_heads is over limit
numa: fix /proc/<pid>/numa_maps for THP
mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check
memcg: relocate charge moving from ->attach to ->post_attach
cgroup, cpuset: replace cpuset_post_attach_flush() with cgroup_subsys->post_attach callback
slub: clean up code for kmem cgroup support to kmem_cache_free_bulk
workqueue: fix ghost PENDING flag while doing MQ IO
x86/apic: Handle zero vector gracefully in clear_vector_irq()
efi: Expose non-blocking set_variable() wrapper to efivars
efi: Fix out-of-bounds read in variable_matches()
IB/security: Restrict use of the write() interface
IB/mlx5: Expose correct max_sge_rd limit
cxl: Keep IRQ mappings on context teardown
v4l2-dv-timings.h: fix polarity for 4k formats
vb2-memops: Fix over allocation of frame vectors
ASoC: rt5640: Correct the digital interface data select
ASoC: dapm: Make sure we have a card when displaying component widgets
ASoC: ssm4567: Reset device before regcache_sync()
ASoC: s3c24xx: use const snd_soc_component_driver pointer
EDAC: i7core, sb_edac: Don't return NOTIFY_BAD from mce_decoder callback
toshiba_acpi: Fix regression caused by hotkey enabling value
i2c: exynos5: Fix possible ABBA deadlock by keeping I2C clock prepared
i2c: cpm: Fix build break due to incompatible pointer types
perf intel-pt: Fix segfault tracing transactions
drm/i915: Use fw_domains_put_with_fifo() on HSW
drm/i915: Fixup the free space logic in ring_prepare
drm/amdkfd: uninitialized variable in dbgdev_wave_control_set_registers()
drm/i915: skl_update_scaler() wants a rotation bitmask instead of bit number
drm/i915: Cleanup phys status page too
pwm: brcmstb: Fix check of devm_ioremap_resource() return code
drm/dp/mst: Get validated port ref in drm_dp_update_payload_part1()
drm/dp/mst: Restore primary hub guid on resume
drm/dp/mst: Validate port in drm_dp_payload_send_msg()
drm/nouveau/gr/gf100: select a stream master to fixup tfb offset queries
drm: Loongson-3 doesn't fully support wc memory
drm/radeon: fix vertical bars appear on monitor (v2)
drm/radeon: forbid mapping of userptr bo through radeon device file
drm/radeon: fix initial connector audio value
drm/radeon: add a quirk for a XFX R9 270X
drm/amdgpu: fix regression on CIK (v2)
amdgpu/uvd: add uvd fw version for amdgpu
drm/amdgpu: bump the afmt limit for CZ, ST, Polaris
drm/amdgpu: use defines for CRTCs and AMFT blocks
drm/amdgpu: when suspending, if uvd/vce was running. need to cancel delay work.
iommu/dma: Restore scatterlist offsets correctly
iommu/amd: Fix checking of pci dma aliases
pinctrl: single: Fix pcs_parse_bits_in_pinctrl_entry to use __ffs than ffs
pinctrl: mediatek: correct debounce time unit in mtk_gpio_set_debounce
xen kconfig: don't "select INPUT_XEN_KBDDEV_FRONTEND"
Input: pmic8xxx-pwrkey - fix algorithm for converting trigger delay
Input: gtco - fix crash on detecting device without endpoints
netlink: don't send NETLINK_URELEASE for unbound sockets
nl80211: check netlink protocol in socket release notification
powerpc: Update TM user feature bits in scan_features()
powerpc: Update cpu_user_features2 in scan_features()
powerpc: scan_features() updates incorrect bits for REAL_LE
crypto: talitos - fix AEAD tcrypt tests
crypto: talitos - fix crash in talitos_cra_init()
crypto: sha1-mb - use corrcet pointer while completing jobs
crypto: ccp - Prevent information leakage on export
iwlwifi: mvm: fix memory leak in paging
iwlwifi: pcie: lower the debug level for RSA semaphore access
s390/pci: add extra padding to function measurement block
cpufreq: intel_pstate: Fix processing for turbo activation ratio
Revert "drm/amdgpu: disable runtime pm on PX laptops without dGPU power control"
Revert "drm/radeon: disable runtime pm on PX laptops without dGPU power control"
drm/i915: Fix race condition in intel_dp_destroy_mst_connector()
drm/qxl: fix cursor position with non-zero hotspot
drm/nouveau/core: use vzalloc for allocating ramht
futex: Acknowledge a new waiter in counter before plist
futex: Handle unlock_pi race gracefully
asm-generic/futex: Re-enable preemption in futex_atomic_cmpxchg_inatomic()
ALSA: hda - Add dock support for ThinkPad X260
ALSA: pcxhr: Fix missing mutex unlock
ALSA: hda - add PCI ID for Intel Broxton-T
ALSA: hda - Keep powering up ADCs on Cirrus codecs
ALSA: hda/realtek - Add ALC3234 headset mode for Optiplex 9020m
ALSA: hda - Don't trust the reported actual power state
x86 EDAC, sb_edac.c: Repair damage introduced when "fixing" channel address
x86/mm/xen: Suppress hugetlbfs in PV guests
arm64: Update PTE_RDONLY in set_pte_at() for PROT_NONE permission
arm64: Honour !PTE_WRITE in set_pte_at() for kernel mappings
sched/cgroup: Fix/cleanup cgroup teardown/init
dmaengine: pxa_dma: fix the maximum requestor line
dmaengine: hsu: correct use of channel status register
dmaengine: dw: fix master selection
debugfs: Make automount point inodes permanently empty
lib: lz4: fixed zram with lz4 on big endian machines
dm cache metadata: fix cmd_read_lock() acquiring write lock
dm cache metadata: fix READ_LOCK macros and cleanup WRITE_LOCK macros
usb: gadget: f_fs: Fix use-after-free
usb: hcd: out of bounds access in for_each_companion
xhci: fix 10 second timeout on removal of PCI hotpluggable xhci controllers
usb: xhci: fix wild pointers in xhci_mem_cleanup
xhci: resume USB 3 roothub first
usb: xhci: applying XHCI_PME_STUCK_QUIRK to Intel BXT B0 host
assoc_array: don't call compare_object() on a node
ARM: OMAP2+: hwmod: Fix updating of sysconfig register
ARM: OMAP2: Fix up interconnect barrier initialization for DRA7
ARM: mvebu: Correct unit address for linksys
ARM: dts: AM43x-epos: Fix clk parent for synctimer
KVM: arm/arm64: Handle forward time correction gracefully
kvm: x86: do not leak guest xcr0 into host interrupt handlers
x86/mce: Avoid using object after free in genpool
block: loop: fix filesystem corruption in case of aio/dio
block: partition: initialize percpuref before sending out KOBJ_ADD
Conflicts:
arch/arm64/Kconfig
arch/arm64/include/asm/cputype.h
arch/arm64/include/asm/hardirq.h
arch/arm64/include/asm/irq.h
arch/arm64/include/asm/mmu_context.h
arch/arm64/kernel/cpu_errata.c
arch/arm64/kernel/cpuinfo.c
arch/arm64/kernel/setup.c
arch/arm64/kernel/smp.c
arch/arm64/kernel/stacktrace.c
arch/arm64/mm/init.c
arch/arm64/mm/mmu.c
arch/arm64/mm/pageattr.c
mm/memcontrol.c
CRs-Fixed: 1069136
Signed-off-by: Bryan Huntsman <bryanh@codeaurora.org>
Signed-off-by: Runmin Wang <runminw@codeaurora.org>
Change-Id: Ie9a16debd0578331a66947376f3b787a7bb54d65
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 9d6fd2c3e9fcfb ("Merge remote-tracking branch
'msm-4.4/tmp-510d0a3f' into msm-4.4"), because it breaks the
dump parsing tools due to kernel can be loaded anywhere in the memory
now and not fixed at linear mapping.
Change-Id: Id416f0a249d803442847d09ac47781147b0d0ee6
Signed-off-by: Trilok Soni <tsoni@codeaurora.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* msm-4.4/tmp-510d0a3f:
Linux 4.4.11
nf_conntrack: avoid kernel pointer value leak in slab name
drm/radeon: fix DP link training issue with second 4K monitor
drm/i915/bdw: Add missing delay during L3 SQC credit programming
drm/i915: Bail out of pipe config compute loop on LPT
drm/radeon: fix PLL sharing on DCE6.1 (v2)
Revert "[media] videobuf2-v4l2: Verify planes array in buffer dequeueing"
Input: max8997-haptic - fix NULL pointer dereference
get_rock_ridge_filename(): handle malformed NM entries
tools lib traceevent: Do not reassign parg after collapse_tree()
qla1280: Don't allocate 512kb of host tags
atomic_open(): fix the handling of create_error
regulator: axp20x: Fix axp22x ldo_io voltage ranges
regulator: s2mps11: Fix invalid selector mask and voltages for buck9
workqueue: fix rebind bound workers warning
ARM: dts: at91: sam9x5: Fix the memory range assigned to the PMC
vfs: rename: check backing inode being equal
vfs: add vfs_select_inode() helper
perf/core: Disable the event on a truncated AUX record
regmap: spmi: Fix regmap_spmi_ext_read in multi-byte case
pinctrl: at91-pio4: fix pull-up/down logic
spi: spi-ti-qspi: Handle truncated frames properly
spi: spi-ti-qspi: Fix FLEN and WLEN settings if bits_per_word is overridden
spi: pxa2xx: Do not detect number of enabled chip selects on Intel SPT
ALSA: hda - Fix broken reconfig
ALSA: hda - Fix white noise on Asus UX501VW headset
ALSA: hda - Fix subwoofer pin on ASUS N751 and N551
ALSA: usb-audio: Yet another Phoneix Audio device quirk
ALSA: usb-audio: Quirk for yet another Phoenix Audio devices (v2)
crypto: testmgr - Use kmalloc memory for RSA input
crypto: hash - Fix page length clamping in hash walk
crypto: qat - fix invalid pf2vf_resp_wq logic
s390/mm: fix asce_bits handling with dynamic pagetable levels
zsmalloc: fix zs_can_compact() integer overflow
ocfs2: fix posix_acl_create deadlock
ocfs2: revert using ocfs2_acl_chmod to avoid inode cluster lock hang
net/route: enforce hoplimit max value
tcp: refresh skb timestamp at retransmit time
net: thunderx: avoid exposing kernel stack
net: fix a kernel infoleak in x25 module
uapi glibc compat: fix compile errors when glibc net/if.h included before linux/if.h MIME-Version: 1.0
bridge: fix igmp / mld query parsing
net: bridge: fix old ioctl unlocked net device walk
VSOCK: do not disconnect socket when peer has shutdown SEND only
net/mlx4_en: Fix endianness bug in IPV6 csum calculation
net: fix infoleak in rtnetlink
net: fix infoleak in llc
net: fec: only clear a queue's work bit if the queue was emptied
netem: Segment GSO packets on enqueue
sch_dsmark: update backlog as well
sch_htb: update backlog as well
net_sched: update hierarchical backlog too
net_sched: introduce qdisc_replace() helper
gre: do not pull header in ICMP error processing
net: Implement net_dbg_ratelimited() for CONFIG_DYNAMIC_DEBUG case
samples/bpf: fix trace_output example
bpf: fix check_map_func_compatibility logic
bpf: fix refcnt overflow
bpf: fix double-fdput in replace_map_fd_with_map_ptr()
net/mlx4_en: fix spurious timestamping callbacks
ipv4/fib: don't warn when primary address is missing if in_dev is dead
net/mlx5e: Fix minimum MTU
net/mlx5e: Device's mtu field is u16 and not int
openvswitch: use flow protocol when recalculating ipv6 checksums
atl2: Disable unimplemented scatter/gather feature
vlan: pull on __vlan_insert_tag error path and fix csum correction
net: use skb_postpush_rcsum instead of own implementations
cdc_mbim: apply "NDP to end" quirk to all Huawei devices
bpf/verifier: reject invalid LD_ABS | BPF_DW instruction
net: sched: do not requeue a NULL skb
packet: fix heap info leak in PACKET_DIAG_MCLIST sock_diag interface
route: do not cache fib route info on local routes with oif
decnet: Do not build routes to devices without decnet private data.
parisc: Use generic extable search and sort routines
arm64: kasan: Use actual memory node when populating the kernel image shadow
arm64: mm: treat memstart_addr as a signed quantity
arm64: lse: deal with clobbered IP registers after branch via PLT
arm64: mm: check at build time that PAGE_OFFSET divides the VA space evenly
arm64: kasan: Fix zero shadow mapping overriding kernel image shadow
arm64: consistently use p?d_set_huge
arm64: fix KASLR boot-time I-cache maintenance
arm64: hugetlb: partial revert of 66b3923a1a0f
arm64: make irq_stack_ptr more robust
arm64: efi: invoke EFI_RNG_PROTOCOL to supply KASLR randomness
efi: stub: use high allocation for converted command line
efi: stub: add implementation of efi_random_alloc()
efi: stub: implement efi_get_random_bytes() based on EFI_RNG_PROTOCOL
arm64: kaslr: randomize the linear region
arm64: add support for kernel ASLR
arm64: add support for building vmlinux as a relocatable PIE binary
arm64: switch to relative exception tables
extable: add support for relative extables to search and sort routines
scripts/sortextable: add support for ET_DYN binaries
arm64: futex.h: Add missing PAN toggling
arm64: make asm/elf.h available to asm files
arm64: avoid dynamic relocations in early boot code
arm64: avoid R_AARCH64_ABS64 relocations for Image header fields
arm64: add support for module PLTs
arm64: move brk immediate argument definitions to separate header
arm64: mm: use bit ops rather than arithmetic in pa/va translations
arm64: mm: only perform memstart_addr sanity check if DEBUG_VM
arm64: User die() instead of panic() in do_page_fault()
arm64: allow kernel Image to be loaded anywhere in physical memory
arm64: defer __va translation of initrd_start and initrd_end
arm64: move kernel image to base of vmalloc area
arm64: kvm: deal with kernel symbols outside of linear mapping
arm64: decouple early fixmap init from linear mapping
arm64: pgtable: implement static [pte|pmd|pud]_offset variants
arm64: introduce KIMAGE_VADDR as the virtual base of the kernel region
arm64: add support for ioremap() block mappings
arm64: prevent potential circular header dependencies in asm/bug.h
of/fdt: factor out assignment of initrd_start/initrd_end
of/fdt: make memblock minimum physical address arch configurable
arm64: Remove the get_thread_info() function
arm64: kernel: Don't toggle PAN on systems with UAO
arm64: cpufeature: Test 'matches' pointer to find the end of the list
arm64: kernel: Add support for User Access Override
arm64: add ARMv8.2 id_aa64mmfr2 boiler plate
arm64: cpufeature: Change read_cpuid() to use sysreg's mrs_s macro
arm64: use local label prefixes for __reg_num symbols
arm64: vdso: Mark vDSO code as read-only
arm64: ubsan: select ARCH_HAS_UBSAN_SANITIZE_ALL
arm64: ptdump: Indicate whether memory should be faulting
arm64: Add support for ARCH_SUPPORTS_DEBUG_PAGEALLOC
arm64: Drop alloc function from create_mapping
arm64: prefetch: add missing #include for spin_lock_prefetch
arm64: lib: patch in prfm for copy_page if requested
arm64: lib: improve copy_page to deal with 128 bytes at a time
arm64: prefetch: add alternative pattern for CPUs without a prefetcher
arm64: prefetch: don't provide spin_lock_prefetch with LSE
arm64: allow vmalloc regions to be set with set_memory_*
arm64: kernel: implement ACPI parking protocol
arm64: mm: create new fine-grained mappings at boot
arm64: ensure _stext and _etext are page-aligned
arm64: mm: allow passing a pgdir to alloc_init_*
arm64: mm: allocate pagetables anywhere
arm64: mm: use fixmap when creating page tables
arm64: mm: add functions to walk tables in fixmap
arm64: mm: add __{pud,pgd}_populate
arm64: mm: avoid redundant __pa(__va(x))
arm64: mm: add functions to walk page tables by PA
arm64: mm: move pte_* macros
arm64: kasan: avoid TLB conflicts
arm64: mm: add code to safely replace TTBR1_EL1
arm64: add function to install the idmap
arm64: unmap idmap earlier
arm64: unify idmap removal
arm64: mm: place empty_zero_page in bss
arm64: mm: specialise pagetable allocators
asm-generic: Fix local variable shadow in __set_fixmap_offset
Eliminate the .eh_frame sections from the aarch64 vmlinux and kernel modules
arm64: Fix an enum typo in mm/dump.c
arm64: kasan: ensure that the KASAN zero page is mapped read-only
arch/arm64/include/asm/pgtable.h: add pmd_mkclean for THP
arm64: hide __efistub_ aliases from kallsyms
Linux 4.4.10
drm/i915/skl: Fix DMC load on Skylake J0 and K0
lib/test-string_helpers.c: fix and improve string_get_size() tests
ACPI / processor: Request native thermal interrupt handling via _OSC
drm/i915: Fake HDMI live status
drm/i915: Make RPS EI/thresholds multiple of 25 on SNB-BDW
drm/i915: Fix eDP low vswing for Broadwell
drm/i915/ddi: Fix eDP VDD handling during booting and suspend/resume
drm/radeon: make sure vertical front porch is at least 1
iio: ak8975: fix maybe-uninitialized warning
iio: ak8975: Fix NULL pointer exception on early interrupt
drm/amdgpu: set metadata pointer to NULL after freeing.
drm/amdgpu: make sure vertical front porch is at least 1
gpu: ipu-v3: Fix imx-ipuv3-crtc module autoloading
nvmem: mxs-ocotp: fix buffer overflow in read
USB: serial: cp210x: add Straizona Focusers device ids
USB: serial: cp210x: add ID for Link ECU
ata: ahci-platform: Add ports-implemented DT bindings.
libahci: save port map for forced port map
powerpc: Fix bad inline asm constraint in create_zero_mask()
ACPICA: Dispatcher: Update thread ID for recursive method calls
x86/sysfb_efi: Fix valid BAR address range check
ARC: Add missing io barriers to io{read,write}{16,32}be()
ARM: cpuidle: Pass on arm_cpuidle_suspend()'s return value
propogate_mnt: Handle the first propogated copy being a slave
fs/pnode.c: treat zero mnt_group_id-s as unequal
x86/tsc: Read all ratio bits from MSR_PLATFORM_INFO
MAINTAINERS: Remove asterisk from EFI directory names
writeback: Fix performance regression in wb_over_bg_thresh()
batman-adv: Reduce refcnt of removed router when updating route
batman-adv: Fix broadcast/ogm queue limit on a removed interface
batman-adv: Check skb size before using encapsulated ETH+VLAN header
batman-adv: fix DAT candidate selection (must use vid)
mm: update min_free_kbytes from khugepaged after core initialization
proc: prevent accessing /proc/<PID>/environ until it's ready
Input: zforce_ts - fix dual touch recognition
HID: Fix boot delay for Creative SB Omni Surround 5.1 with quirk
HID: wacom: Add support for DTK-1651
xen/evtchn: fix ring resize when binding new events
xen/balloon: Fix crash when ballooning on x86 32 bit PAE
xen: Fix page <-> pfn conversion on 32 bit systems
ARM: SoCFPGA: Fix secondary CPU startup in thumb2 kernel
ARM: EXYNOS: Properly skip unitialized parent clock in power domain on
mm/zswap: provide unique zpool name
mm, cma: prevent nr_isolated_* counters from going negative
Minimal fix-up of bad hashing behavior of hash_64()
MD: make bio mergeable
tracing: Don't display trigger file for events that can't be enabled
mac80211: fix statistics leak if dev_alloc_name() fails
ath9k: ar5008_hw_cmn_spur_mitigate: add missing mask_m & mask_p initialisation
lpfc: fix misleading indentation
clk: qcom: msm8960: Fix ce3_src register offset
clk: versatile: sp810: support reentrance
clk: qcom: msm8960: fix ce3_core clk enable register
clk: meson: Fix meson_clk_register_clks() signature type mismatch
clk: rockchip: free memory in error cases when registering clock branches
soc: rockchip: power-domain: fix err handle while probing
clk-divider: make sure read-only dividers do not write to their register
CNS3xxx: Fix PCI cns3xxx_write_config()
mwifiex: fix corner case association failure
ata: ahci_xgene: dereferencing uninitialized pointer in probe
nbd: ratelimit error msgs after socket close
mfd: intel-lpss: Remove clock tree on error path
ipvs: drop first packet to redirect conntrack
ipvs: correct initial offset of Call-ID header search in SIP persistence engine
ipvs: handle ip_vs_fill_iph_skb_off failure
RDMA/iw_cxgb4: Fix bar2 virt addr calculation for T4 chips
Revert: "powerpc/tm: Check for already reclaimed tasks"
arm64: head.S: use memset to clear BSS
efi: stub: define DISABLE_BRANCH_PROFILING for all architectures
arm64: entry: remove pointless SPSR mode check
arm64: mm: move pgd_cache initialisation to pgtable_cache_init
arm64: module: avoid undefined shift behavior in reloc_data()
arm64: module: fix relocation of movz instruction with negative immediate
arm64: traps: address fallout from printk -> pr_* conversion
arm64: ftrace: fix a stack tracer's output under function graph tracer
arm64: pass a task parameter to unwind_frame()
arm64: ftrace: modify a stack frame in a safe way
arm64: remove irq_count and do_softirq_own_stack()
arm64: hugetlb: add support for PTE contiguous bit
arm64: Use PoU cache instr for I/D coherency
arm64: Defer dcache flush in __cpu_copy_user_page
arm64: reduce stack use in irq_handler
arm64: Documentation: add list of software workarounds for errata
arm64: mm: place __cpu_setup in .text
arm64: cmpxchg: Don't incldue linux/mmdebug.h
arm64: mm: fold alternatives into .init
arm64: Remove redundant padding from linker script
arm64: mm: remove pointless PAGE_MASKing
arm64: don't call C code with el0's fp register
arm64: when walking onto the task stack, check sp & fp are in current->stack
arm64: Add this_cpu_ptr() assembler macro for use in entry.S
arm64: irq: fix walking from irq stack to task stack
arm64: Add do_softirq_own_stack() and enable irq_stacks
arm64: Modify stack trace and dump for use with irq_stack
arm64: Store struct thread_info in sp_el0
arm64: Add trace_hardirqs_off annotation in ret_to_user
arm64: ftrace: fix the comments for ftrace_modify_code
arm64: ftrace: stop using kstop_machine to enable/disable tracing
arm64: spinlock: serialise spin_unlock_wait against concurrent lockers
arm64: enable HAVE_IRQ_TIME_ACCOUNTING
arm64: fix COMPAT_SHMLBA definition for large pages
arm64: add __init/__initdata section marker to some functions/variables
arm64: pgtable: implement pte_accessible()
arm64: mm: allow sections for unaligned bases
arm64: mm: detect bad __create_mapping uses
Linux 4.4.9
extcon: max77843: Use correct size for reading the interrupt register
stm class: Select CONFIG_SRCU
megaraid_sas: add missing curly braces in ioctl handler
sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a race
thermal: rockchip: fix a impossible condition caused by the warning
unbreak allmodconfig KCONFIG_ALLCONFIG=...
jme: Fix device PM wakeup API usage
jme: Do not enable NIC WoL functions on S0
bus: imx-weim: Take the 'status' property value into account
ARM: dts: pxa: fix dma engine node to pxa3xx-nand
ARM: dts: armada-375: use armada-370-sata for SATA
ARM: EXYNOS: select THERMAL_OF
ARM: prima2: always enable reset controller
ARM: OMAP3: Add cpuidle parameters table for omap3430
ext4: fix races of writeback with punch hole and zero range
ext4: fix races between buffered IO and collapse / insert range
ext4: move unlocked dio protection from ext4_alloc_file_blocks()
ext4: fix races between page faults and hole punching
perf stat: Document --detailed option
perf tools: handle spaces in file names obtained from /proc/pid/maps
perf hists browser: Only offer symbol scripting when a symbol is under the cursor
mtd: nand: Drop mtd.owner requirement in nand_scan
mtd: brcmnand: Fix v7.1 register offsets
mtd: spi-nor: remove micron_quad_enable()
serial: sh-sci: Remove cpufreq notifier to fix crash/deadlock
ext4: fix NULL pointer dereference in ext4_mark_inode_dirty()
x86/mm/kmmio: Fix mmiotrace for hugepages
perf evlist: Reference count the cpu and thread maps at set_maps()
drivers/misc/ad525x_dpot: AD5274 fix RDAC read back errors
rtc: max77686: Properly handle regmap_irq_get_virq() error code
rtc: rx8025: remove rv8803 id
rtc: ds1685: passing bogus values to irq_restore
rtc: vr41xx: Wire up alarm_irq_enable
rtc: hym8563: fix invalid year calculation
PM / Domains: Fix removal of a subdomain
PM / OPP: Initialize u_volt_min/max to a valid value
misc: mic/scif: fix wrap around tests
misc/bmp085: Enable building as a module
lib/mpi: Endianness fix
fbdev: da8xx-fb: fix videomodes of lcd panels
scsi_dh: force modular build if SCSI is a module
paride: make 'verbose' parameter an 'int' again
regulator: s5m8767: fix get_register() error handling
irqchip/mxs: Fix error check of of_io_request_and_map()
irqchip/sunxi-nmi: Fix error check of of_io_request_and_map()
spi/rockchip: Make sure spi clk is on in rockchip_spi_set_cs
locking/mcs: Fix mcs_spin_lock() ordering
regulator: core: Fix nested locking of supplies
regulator: core: Ensure we lock all regulators
regulator: core: fix regulator_lock_supply regression
Revert "regulator: core: Fix nested locking of supplies"
videobuf2-v4l2: Verify planes array in buffer dequeueing
videobuf2-core: Check user space planes array in dqbuf
USB: usbip: fix potential out-of-bounds write
cgroup: make sure a parent css isn't freed before its children
mm/hwpoison: fix wrong num_poisoned_pages accounting
mm: vmscan: reclaim highmem zone if buffer_heads is over limit
numa: fix /proc/<pid>/numa_maps for THP
mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check
memcg: relocate charge moving from ->attach to ->post_attach
cgroup, cpuset: replace cpuset_post_attach_flush() with cgroup_subsys->post_attach callback
slub: clean up code for kmem cgroup support to kmem_cache_free_bulk
workqueue: fix ghost PENDING flag while doing MQ IO
x86/apic: Handle zero vector gracefully in clear_vector_irq()
efi: Expose non-blocking set_variable() wrapper to efivars
efi: Fix out-of-bounds read in variable_matches()
IB/security: Restrict use of the write() interface
IB/mlx5: Expose correct max_sge_rd limit
cxl: Keep IRQ mappings on context teardown
v4l2-dv-timings.h: fix polarity for 4k formats
vb2-memops: Fix over allocation of frame vectors
ASoC: rt5640: Correct the digital interface data select
ASoC: dapm: Make sure we have a card when displaying component widgets
ASoC: ssm4567: Reset device before regcache_sync()
ASoC: s3c24xx: use const snd_soc_component_driver pointer
EDAC: i7core, sb_edac: Don't return NOTIFY_BAD from mce_decoder callback
toshiba_acpi: Fix regression caused by hotkey enabling value
i2c: exynos5: Fix possible ABBA deadlock by keeping I2C clock prepared
i2c: cpm: Fix build break due to incompatible pointer types
perf intel-pt: Fix segfault tracing transactions
drm/i915: Use fw_domains_put_with_fifo() on HSW
drm/i915: Fixup the free space logic in ring_prepare
drm/amdkfd: uninitialized variable in dbgdev_wave_control_set_registers()
drm/i915: skl_update_scaler() wants a rotation bitmask instead of bit number
drm/i915: Cleanup phys status page too
pwm: brcmstb: Fix check of devm_ioremap_resource() return code
drm/dp/mst: Get validated port ref in drm_dp_update_payload_part1()
drm/dp/mst: Restore primary hub guid on resume
drm/dp/mst: Validate port in drm_dp_payload_send_msg()
drm/nouveau/gr/gf100: select a stream master to fixup tfb offset queries
drm: Loongson-3 doesn't fully support wc memory
drm/radeon: fix vertical bars appear on monitor (v2)
drm/radeon: forbid mapping of userptr bo through radeon device file
drm/radeon: fix initial connector audio value
drm/radeon: add a quirk for a XFX R9 270X
drm/amdgpu: fix regression on CIK (v2)
amdgpu/uvd: add uvd fw version for amdgpu
drm/amdgpu: bump the afmt limit for CZ, ST, Polaris
drm/amdgpu: use defines for CRTCs and AMFT blocks
drm/amdgpu: when suspending, if uvd/vce was running. need to cancel delay work.
iommu/dma: Restore scatterlist offsets correctly
iommu/amd: Fix checking of pci dma aliases
pinctrl: single: Fix pcs_parse_bits_in_pinctrl_entry to use __ffs than ffs
pinctrl: mediatek: correct debounce time unit in mtk_gpio_set_debounce
xen kconfig: don't "select INPUT_XEN_KBDDEV_FRONTEND"
Input: pmic8xxx-pwrkey - fix algorithm for converting trigger delay
Input: gtco - fix crash on detecting device without endpoints
netlink: don't send NETLINK_URELEASE for unbound sockets
nl80211: check netlink protocol in socket release notification
powerpc: Update TM user feature bits in scan_features()
powerpc: Update cpu_user_features2 in scan_features()
powerpc: scan_features() updates incorrect bits for REAL_LE
crypto: talitos - fix AEAD tcrypt tests
crypto: talitos - fix crash in talitos_cra_init()
crypto: sha1-mb - use corrcet pointer while completing jobs
crypto: ccp - Prevent information leakage on export
iwlwifi: mvm: fix memory leak in paging
iwlwifi: pcie: lower the debug level for RSA semaphore access
s390/pci: add extra padding to function measurement block
cpufreq: intel_pstate: Fix processing for turbo activation ratio
Revert "drm/amdgpu: disable runtime pm on PX laptops without dGPU power control"
Revert "drm/radeon: disable runtime pm on PX laptops without dGPU power control"
drm/i915: Fix race condition in intel_dp_destroy_mst_connector()
drm/qxl: fix cursor position with non-zero hotspot
drm/nouveau/core: use vzalloc for allocating ramht
futex: Acknowledge a new waiter in counter before plist
futex: Handle unlock_pi race gracefully
asm-generic/futex: Re-enable preemption in futex_atomic_cmpxchg_inatomic()
ALSA: hda - Add dock support for ThinkPad X260
ALSA: pcxhr: Fix missing mutex unlock
ALSA: hda - add PCI ID for Intel Broxton-T
ALSA: hda - Keep powering up ADCs on Cirrus codecs
ALSA: hda/realtek - Add ALC3234 headset mode for Optiplex 9020m
ALSA: hda - Don't trust the reported actual power state
x86 EDAC, sb_edac.c: Repair damage introduced when "fixing" channel address
x86/mm/xen: Suppress hugetlbfs in PV guests
arm64: Update PTE_RDONLY in set_pte_at() for PROT_NONE permission
arm64: Honour !PTE_WRITE in set_pte_at() for kernel mappings
sched/cgroup: Fix/cleanup cgroup teardown/init
dmaengine: pxa_dma: fix the maximum requestor line
dmaengine: hsu: correct use of channel status register
dmaengine: dw: fix master selection
debugfs: Make automount point inodes permanently empty
lib: lz4: fixed zram with lz4 on big endian machines
dm cache metadata: fix cmd_read_lock() acquiring write lock
dm cache metadata: fix READ_LOCK macros and cleanup WRITE_LOCK macros
usb: gadget: f_fs: Fix use-after-free
usb: hcd: out of bounds access in for_each_companion
xhci: fix 10 second timeout on removal of PCI hotpluggable xhci controllers
usb: xhci: fix wild pointers in xhci_mem_cleanup
xhci: resume USB 3 roothub first
usb: xhci: applying XHCI_PME_STUCK_QUIRK to Intel BXT B0 host
assoc_array: don't call compare_object() on a node
ARM: OMAP2+: hwmod: Fix updating of sysconfig register
ARM: OMAP2: Fix up interconnect barrier initialization for DRA7
ARM: mvebu: Correct unit address for linksys
ARM: dts: AM43x-epos: Fix clk parent for synctimer
KVM: arm/arm64: Handle forward time correction gracefully
kvm: x86: do not leak guest xcr0 into host interrupt handlers
x86/mce: Avoid using object after free in genpool
block: loop: fix filesystem corruption in case of aio/dio
block: partition: initialize percpuref before sending out KOBJ_ADD
Conflicts:
arch/arm64/Kconfig
arch/arm64/include/asm/cputype.h
arch/arm64/include/asm/hardirq.h
arch/arm64/include/asm/irq.h
arch/arm64/kernel/cpu_errata.c
arch/arm64/kernel/cpuinfo.c
arch/arm64/kernel/setup.c
arch/arm64/kernel/smp.c
arch/arm64/kernel/stacktrace.c
arch/arm64/mm/init.c
arch/arm64/mm/mmu.c
arch/arm64/mm/pageattr.c
mm/memcontrol.c
CRs-Fixed: 1054234
Signed-off-by: Trilok Soni <tsoni@codeaurora.org>
Change-Id: I2a7a34631ffee36ce18b9171f16d023be777392f
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit e27260203912b40751fa353d009eaa5a642c739f upstream.
All existing users of NETLINK_URELEASE use it to clean up resources that
were previously allocated to a socket via some command. As a result, no
users require getting this notification for unbound sockets.
Sending it for unbound sockets, however, is a problem because any user
(including unprivileged users) can create a socket that uses the same ID
as an existing socket. Binding this new socket will fail, but if the
NETLINK_URELEASE notification is generated for such sockets, the users
thereof will be tricked into thinking the socket that they allocated the
resources for is closed.
In the nl80211 case, this will cause destruction of virtual interfaces
that still belong to an existing hostapd process; this is the case that
Dmitry noticed. In the NFC case, it will cause a poll abort. In the case
of netlink log/queue it will cause them to stop reporting events, as if
NFULNL_CFG_CMD_UNBIND/NFQNL_CFG_CMD_UNBIND had been called.
Fix this problem by checking that the socket is bound before generating
the NETLINK_URELEASE notification.
Signed-off-by: Dmitry Ivanov <dima@ubnt.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 5ad6300524c0332 ("genetlink: disallow subscribing to unknown
mcast groups") disallows userspace to subscribe to groups that don't
exist in kernel. As a result, communication between processes is
not possible unless they explicitly register a dummy group with the
kernel even if the communication is between userspace processes
only. NETLINK_USERSOCK cannot be used here since userspace processes
would require CAP_NET_ADMIN to receive multicast messages which
is available for priveleged processes only.
Fix this problem by reverting the change till a solution is
determined internally and upstream discussion.
CRs-Fixed: 1052589
Change-Id: Id559d9ef9d1e0a25e3bbdc81503978f01c6ed85f
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sleep and avoiding waking kswapd
__GFP_WAIT has been used to identify atomic context in callers that hold
spinlocks or are in interrupts. They are expected to be high priority and
have access one of two watermarks lower than "min" which can be referred
to as the "atomic reserve". __GFP_HIGH users get access to the first
lower watermark and can be called the "high priority reserve".
Over time, callers had a requirement to not block when fallback options
were available. Some have abused __GFP_WAIT leading to a situation where
an optimisitic allocation with a fallback option can access atomic
reserves.
This patch uses __GFP_ATOMIC to identify callers that are truely atomic,
cannot sleep and have no alternative. High priority users continue to use
__GFP_HIGH. __GFP_DIRECT_RECLAIM identifies callers that can sleep and
are willing to enter direct reclaim. __GFP_KSWAPD_RECLAIM to identify
callers that want to wake kswapd for background reclaim. __GFP_WAIT is
redefined as a caller that is willing to enter direct reclaim and wake
kswapd for background reclaim.
This patch then converts a number of sites
o __GFP_ATOMIC is used by callers that are high priority and have memory
pools for those requests. GFP_ATOMIC uses this flag.
o Callers that have a limited mempool to guarantee forward progress clear
__GFP_DIRECT_RECLAIM but keep __GFP_KSWAPD_RECLAIM. bio allocations fall
into this category where kswapd will still be woken but atomic reserves
are not used as there is a one-entry mempool to guarantee progress.
o Callers that are checking if they are non-blocking should use the
helper gfpflags_allow_blocking() where possible. This is because
checking for __GFP_WAIT as was done historically now can trigger false
positives. Some exceptions like dm-crypt.c exist where the code intent
is clearer if __GFP_DIRECT_RECLAIM is used instead of the helper due to
flag manipulations.
o Callers that built their own GFP flags instead of starting with GFP_KERNEL
and friends now also need to specify __GFP_KSWAPD_RECLAIM.
The first key hazard to watch out for is callers that removed __GFP_WAIT
and was depending on access to atomic reserves for inconspicuous reasons.
In some cases it may be appropriate for them to use __GFP_HIGH.
The second key hazard is callers that assembled their own combination of
GFP flags instead of starting with something like GFP_KERNEL. They may
now wish to specify __GFP_KSWAPD_RECLAIM. It's almost certainly harmless
if it's missed in most cases as other activity will wake kswapd.
Signed-off-by: Mel Gorman <mgorman@techsingularity.net>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Christoph Lameter <cl@linux.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Vitaly Wool <vitalywool@gmail.com>
Cc: Rik van Riel <riel@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
