[ Upstream commit 9f62c15f28b0d1d746734666d88a79f08ba1e43e ]
Fix the following slab-out-of-bounds kasan report in
ndisc_fill_redirect_hdr_option when the incoming ipv6 packet is not
linear and the accessed data are not in the linear data region of orig_skb.
[ 1503.122508] ==================================================================
[ 1503.122832] BUG: KASAN: slab-out-of-bounds in ndisc_send_redirect+0x94e/0x990
[ 1503.123036] Read of size 1184 at addr ffff8800298ab6b0 by task netperf/1932
[ 1503.123220] CPU: 0 PID: 1932 Comm: netperf Not tainted 4.16.0-rc2+ #124
[ 1503.123347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.10.2-2.fc27 04/01/2014
[ 1503.123527] Call Trace:
[ 1503.123579] <IRQ>
[ 1503.123638] print_address_description+0x6e/0x280
[ 1503.123849] kasan_report+0x233/0x350
[ 1503.123946] memcpy+0x1f/0x50
[ 1503.124037] ndisc_send_redirect+0x94e/0x990
[ 1503.125150] ip6_forward+0x1242/0x13b0
[...]
[ 1503.153890] Allocated by task 1932:
[ 1503.153982] kasan_kmalloc+0x9f/0xd0
[ 1503.154074] __kmalloc_track_caller+0xb5/0x160
[ 1503.154198] __kmalloc_reserve.isra.41+0x24/0x70
[ 1503.154324] __alloc_skb+0x130/0x3e0
[ 1503.154415] sctp_packet_transmit+0x21a/0x1810
[ 1503.154533] sctp_outq_flush+0xc14/0x1db0
[ 1503.154624] sctp_do_sm+0x34e/0x2740
[ 1503.154715] sctp_primitive_SEND+0x57/0x70
[ 1503.154807] sctp_sendmsg+0xaa6/0x1b10
[ 1503.154897] sock_sendmsg+0x68/0x80
[ 1503.154987] ___sys_sendmsg+0x431/0x4b0
[ 1503.155078] __sys_sendmsg+0xa4/0x130
[ 1503.155168] do_syscall_64+0x171/0x3f0
[ 1503.155259] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1503.155436] Freed by task 1932:
[ 1503.155527] __kasan_slab_free+0x134/0x180
[ 1503.155618] kfree+0xbc/0x180
[ 1503.155709] skb_release_data+0x27f/0x2c0
[ 1503.155800] consume_skb+0x94/0xe0
[ 1503.155889] sctp_chunk_put+0x1aa/0x1f0
[ 1503.155979] sctp_inq_pop+0x2f8/0x6e0
[ 1503.156070] sctp_assoc_bh_rcv+0x6a/0x230
[ 1503.156164] sctp_inq_push+0x117/0x150
[ 1503.156255] sctp_backlog_rcv+0xdf/0x4a0
[ 1503.156346] __release_sock+0x142/0x250
[ 1503.156436] release_sock+0x80/0x180
[ 1503.156526] sctp_sendmsg+0xbb0/0x1b10
[ 1503.156617] sock_sendmsg+0x68/0x80
[ 1503.156708] ___sys_sendmsg+0x431/0x4b0
[ 1503.156799] __sys_sendmsg+0xa4/0x130
[ 1503.156889] do_syscall_64+0x171/0x3f0
[ 1503.156980] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 1503.157158] The buggy address belongs to the object at ffff8800298ab600
which belongs to the cache kmalloc-1024 of size 1024
[ 1503.157444] The buggy address is located 176 bytes inside of
1024-byte region [ffff8800298ab600, ffff8800298aba00)
[ 1503.157702] The buggy address belongs to the page:
[ 1503.157820] page:ffffea0000a62a00 count:1 mapcount:0 mapping:0000000000000000 index:0x0 compound_mapcount: 0
[ 1503.158053] flags: 0x4000000000008100(slab|head)
[ 1503.158171] raw: 4000000000008100 0000000000000000 0000000000000000 00000001800e000e
[ 1503.158350] raw: dead000000000100 dead000000000200 ffff880036002600 0000000000000000
[ 1503.158523] page dumped because: kasan: bad access detected
[ 1503.158698] Memory state around the buggy address:
[ 1503.158816] ffff8800298ab900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1503.158988] ffff8800298ab980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1503.159165] >ffff8800298aba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1503.159338] ^
[ 1503.159436] ffff8800298aba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1503.159610] ffff8800298abb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1503.159785] ==================================================================
[ 1503.159964] Disabling lock debugging due to kernel taint
The test scenario to trigger the issue consists of 4 devices:
- H0: data sender, connected to LAN0
- H1: data receiver, connected to LAN1
- GW0 and GW1: routers between LAN0 and LAN1. Both of them have an
ethernet connection on LAN0 and LAN1
On H{0,1} set GW0 as default gateway while on GW0 set GW1 as next hop for
data from LAN0 to LAN1.
Moreover create an ip6ip6 tunnel between H0 and H1 and send 3 concurrent
data streams (TCP/UDP/SCTP) from H0 to H1 through ip6ip6 tunnel (send
buffer size is set to 16K). While data streams are active flush the route
cache on HA multiple times.
I have not been able to identify a given commit that introduced the issue
since, using the reproducer described above, the kasan report has been
triggered from 4.14 and I have not gone back further.
Reported-by: Jianlin Shi <jishi@redhat.com>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlq2IVkACgkQONu9yGCS
aT5SGQ//eDH59qGQJFy8GwDQULnYV8JEeBZT2tIzx2LDVJvKKz/8BkJmcGZrQ0gH
9EnMCiPkbxRH6HV6Cu1SHcyLFK+iVXGEw28Uk/sEcesQSZvrRxUKIgRLvyWhANgP
E1FiPbI6V1tXTROmUk/lrGZYgHMVUMAa+kYRndpbijtB++7qO25mVngP0Yg6OveO
oyw0MRx+v9mwQS/SID2EtlXnZOVGM+7kd3gg5fLY5w0qJT1jHjhrtZNWyKH2SMrS
QnzkFDMGDIWk5TrHJY0LEvpZI/toKNtPrG/Mt5gOvtSgjmQ4+EEVndrlutPAOa3K
xF6ERjtyBIRRG2ftk122fm6brjpxyCoqycD8JgCm1BxalNN7Bg+1ogQCGwE0EWNp
yYEsxLmSbLllX/4rkZtx+WsgiG4rwNWG1/IsPsEo80La3M53WzA3My8E0aVLpbIj
aqkzR62lZ1TSRgtbFjm6Bl4DtpJH4f9uELbO0VBi7b8LRTUI99Qcz4bOoKH+WKOC
umvHsuyMwDm8wc0KhQ4hdyGb1le0nS4Y1xydp1p0pcASLfeA2VOIg20ZvxQVBTZA
rlHo7zEQVkVYvphoPONUodOUVZ8/AGxoVvim3HlI6s5VvtdF6k/hQUWaOuWDh59J
bjw2vnMWOLWSqmmkpK9HmU6ohIV310TJewPu8BShzAuZRSNDxl8=
=OCjx
-----END PGP SIGNATURE-----
Merge 4.4.124 into android-4.4
Changes in 4.4.124
tpm: fix potential buffer overruns caused by bit glitches on the bus
tpm_tis: fix potential buffer overruns caused by bit glitches on the bus
SMB3: Validate negotiate request must always be signed
CIFS: Enable encryption during session setup phase
staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA
regulator: anatop: set default voltage selector for pcie
x86: i8259: export legacy_pic symbol
rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs
Input: ar1021_i2c - fix too long name in driver's device table
time: Change posix clocks ops interfaces to use timespec64
ACPI/processor: Fix error handling in __acpi_processor_start()
ACPI/processor: Replace racy task affinity logic
cpufreq/sh: Replace racy task affinity logic
genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs
i2c: i2c-scmi: add a MS HID
net: ipv6: send unsolicited NA on admin up
media/dvb-core: Race condition when writing to CAM
spi: dw: Disable clock after unregistering the host
ath: Fix updating radar flags for coutry code India
clk: ns2: Correct SDIO bits
scsi: virtio_scsi: Always try to read VPD pages
KVM: PPC: Book3S PR: Exit KVM on failed mapping
ARM: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER
iommu/omap: Register driver before setting IOMMU ops
md/raid10: wait up frozen array in handle_write_completed
NFS: Fix missing pg_cleanup after nfs_pageio_cond_complete()
tcp: remove poll() flakes with FastOpen
e1000e: fix timing for 82579 Gigabit Ethernet controller
ALSA: hda - Fix headset microphone detection for ASUS N551 and N751
IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow
IB/ipoib: Update broadcast object if PKey value was changed in index 0
HSI: ssi_protocol: double free in ssip_pn_xmit()
IB/mlx4: Take write semaphore when changing the vma struct
IB/mlx4: Change vma from shared to private
ASoC: Intel: Skylake: Uninitialized variable in probe_codec()
Fix driver usage of 128B WQEs when WQ_CREATE is V1.
netfilter: xt_CT: fix refcnt leak on error path
openvswitch: Delete conntrack entry clashing with an expectation.
mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR()
wan: pc300too: abort path on failure
qlcnic: fix unchecked return value
scsi: mac_esp: Replace bogus memory barrier with spinlock
infiniband/uverbs: Fix integer overflows
NFS: don't try to cross a mountpount when there isn't one there.
iio: st_pressure: st_accel: Initialise sensor platform data properly
mt7601u: check return value of alloc_skb
rndis_wlan: add return value validation
Btrfs: send, fix file hole not being preserved due to inline extent
mac80211: don't parse encrypted management frames in ieee80211_frame_acked
mfd: palmas: Reset the POWERHOLD mux during power off
mtip32xx: use runtime tag to initialize command header
staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y
staging: wilc1000: fix unchecked return value
mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a
ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP
ipmi/watchdog: fix wdog hang on panic waiting for ipmi response
ACPI / PMIC: xpower: Fix power_table addresses
drm/nouveau/kms: Increase max retries in scanout position queries.
bnx2x: Align RX buffers
power: supply: pda_power: move from timer to delayed_work
Input: twl4030-pwrbutton - use correct device for irq request
md/raid10: skip spare disk as 'first' disk
ia64: fix module loading for gcc-5.4
tcm_fileio: Prevent information leak for short reads
video: fbdev: udlfb: Fix buffer on stack
sm501fb: don't return zero on failure path in sm501fb_start()
net: hns: fix ethtool_get_strings overflow in hns driver
cifs: small underflow in cnvrtDosUnixTm()
rtc: ds1374: wdt: Fix issue with timeout scaling from secs to wdt ticks
rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL
perf tests kmod-path: Don't fail if compressed modules aren't supported
Bluetooth: hci_qca: Avoid setup failure on missing rampatch
media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt
drm/msm: fix leak in failed get_pages
RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo()
rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled.
media: bt8xx: Fix err 'bt878_probe()'
media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart
cros_ec: fix nul-termination for firmware build info
platform/chrome: Use proper protocol transfer function
mmc: avoid removing non-removable hosts during suspend
IB/ipoib: Avoid memory leak if the SA returns a different DGID
RDMA/cma: Use correct size when writing netlink stats
IB/umem: Fix use of npages/nmap fields
vgacon: Set VGA struct resource types
drm/omap: DMM: Check for DMM readiness after successful transaction commit
pty: cancel pty slave port buf's work in tty_release
coresight: Fix disabling of CoreSight TPIU
pinctrl: Really force states during suspend/resume
iommu/vt-d: clean up pr_irq if request_threaded_irq fails
ip6_vti: adjust vti mtu according to mtu of lower device
RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS
nfsd4: permit layoutget of executable-only files
clk: si5351: Rename internal plls to avoid name collisions
dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63
RDMA/ucma: Fix access to non-initialized CM_ID object
Linux 4.4.124
Change-Id: Iac6f5bda7941f032c5b1f58750e084140b0e3f23
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 53c81e95df1793933f87748d36070a721f6cb287 ]
LTP/udp6_ipsec_vti tests fail when sending large UDP datagrams over
ip6_vti that require fragmentation and the underlying device has an
MTU smaller than 1500 plus some extra space for headers. This happens
because ip6_vti, by default, sets MTU to ETH_DATA_LEN and not updating
it depending on a destination address or link parameter. Further
attempts to send UDP packets may succeed because pmtu gets updated on
ICMPV6_PKT_TOOBIG in vti6_err().
In case the lower device has larger MTU size, e.g. 9000, ip6_vti works
but not using the possible maximum size, output packets have 1500 limit.
The above cases require manual MTU setup after ip6_vti creation. However
ip_vti already updates MTU based on lower device with ip_tunnel_bind_dev().
Here is the example when the lower device MTU is set to 9000:
# ip a sh ltp_ns_veth2
ltp_ns_veth2@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 ...
inet 10.0.0.2/24 scope global ltp_ns_veth2
inet6 fd00::2/64 scope global
# ip li add vti6 type vti6 local fd00::2 remote fd00::1
# ip li show vti6
vti6@NONE: <POINTOPOINT,NOARP> mtu 1500 ...
link/tunnel6 fd00::2 peer fd00::1
After the patch:
# ip li add vti6 type vti6 local fd00::2 remote fd00::1
# ip li show vti6
vti6@NONE: <POINTOPOINT,NOARP> mtu 8832 ...
link/tunnel6 fd00::2 peer fd00::1
Reported-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 4a6e3c5def13c91adf2acc613837001f09af3baa ]
ndisc_notify is the ipv6 equivalent to arp_notify. When arp_notify is
set to 1, gratuitous arp requests are sent when the device is brought up.
The same is expected when ndisc_notify is set to 1 (per ndisc_notify in
Documentation/networking/ip-sysctl.txt). The NA is not sent on NETDEV_UP
event; add it.
Fixes: 5cb04436ee ("ipv6: add knob to send unsolicited ND on link-layer address change")
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlquPNIACgkQONu9yGCS
aT6LURAAjSz1VBeImaAE0gwA95OTImKYIGvaltpP9Gls7o7brrheSiBXUIYHNFkQ
2TGGJQL7aJD+t0cTi4qqJndEq9Znq8VosA0xAUpDddv/Ebz9vtwh88Sjhspomjw0
cNHNQZC/+voKfl29aTATb/UilBb5Oku9ENlPrD7tKHIyHR82t6pt5Pp4Fj33L2p0
0EvJXXjBTJayOk8HqIquOOL+qGf+egRn80xCmMOmAhqf+/8OXFC5SI6F351NiVwa
dHK2v5LrTqTI6bUBIx7TYTAdkt6g5QNxm2dW/VmW5GWrCcWaiopTLRkd/7Lz8AAp
N/0dKERm1Y9dPhZ9c8+FsDB5uRosSw/CgU8ONUJskC9XTIJTGk5kdBsw2U6O6aMG
llO1Xg+hFqdiw/9GRojrt6WwXmDukjz5UsIKkoh8QB0cxFk5CQQpvXOcKOEIEr6A
fE+T+zobka0gdv9agbdxwq7fd49ZddrIgTwtg9QMXSX5LJ4xzdt34d8cwmaSOTER
Jxn3Y0p8Y0ZHEgRG2rojMF1Ic3CPOS/0Jm5tROWw3el43WHl3U4tM3Kh6sso56TF
5R6GI83+xupQOyt4fcCglcdHth6cmZzz+7draXdvRzDB1EhGlbjXo7R3rcM4ptdl
x8uU9dclirciWGrQmcp5UsR7/xADlvSzsTJaDjvxIf34C2KKXNE=
=x2eC
-----END PGP SIGNATURE-----
Merge 4.4.122 into android-4.4
Changes in 4.4.122
RDMA/ucma: Limit possible option size
RDMA/ucma: Check that user doesn't overflow QP state
RDMA/mlx5: Fix integer overflow while resizing CQ
scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
workqueue: Allow retrieval of current task's work struct
drm: Allow determining if current task is output poll worker
drm/nouveau: Fix deadlock on runtime suspend
drm/radeon: Fix deadlock on runtime suspend
drm/amdgpu: Fix deadlock on runtime suspend
drm/amdgpu: Notify sbios device ready before send request
drm/radeon: fix KV harvesting
drm/amdgpu: fix KV harvesting
MIPS: BMIPS: Do not mask IPIs during suspend
MIPS: ath25: Check for kzalloc allocation failure
MIPS: OCTEON: irq: Check for null return on kzalloc allocation
Input: matrix_keypad - fix race when disabling interrupts
loop: Fix lost writes caused by missing flag
kbuild: Handle builtin dtb file names containing hyphens
bcache: don't attach backing with duplicate UUID
x86/MCE: Serialize sysfs changes
ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520
ALSA: seq: Don't allow resizing pool in use
ALSA: seq: More protection for concurrent write and ioctl races
ALSA: hda: add dock and led support for HP EliteBook 820 G3
ALSA: hda: add dock and led support for HP ProBook 640 G2
nospec: Include <asm/barrier.h> dependency
watchdog: hpwdt: SMBIOS check
watchdog: hpwdt: Check source of NMI
watchdog: hpwdt: fix unused variable warning
netfilter: nfnetlink_queue: fix timestamp attribute
ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds
Input: tca8418_keypad - remove double read of key event register
tc358743: fix register i2c_rd/wr function fix
netfilter: add back stackpointer size checks
netfilter: x_tables: fix missing timer initialization in xt_LED
netfilter: nat: cope with negative port range
netfilter: IDLETIMER: be syzkaller friendly
netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
netfilter: bridge: ebt_among: add missing match size checks
netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
netfilter: use skb_to_full_sk in ip_route_me_harder
netfilter: x_tables: pass xt_counters struct instead of packet counter
netfilter: x_tables: pass xt_counters struct to counter allocator
netfilter: x_tables: pack percpu counter allocations
ext4: inplace xattr block update fails to deduplicate blocks
ubi: Fix race condition between ubi volume creation and udev
scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport
NFS: Fix an incorrect type in struct nfs_direct_req
Revert "ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux"
x86/module: Detect and skip invalid relocations
x86: Treat R_X86_64_PLT32 as R_X86_64_PC32
serial: sh-sci: prevent lockup on full TTY buffers
tty/serial: atmel: add new version check for usart
uas: fix comparison for error code
staging: comedi: fix comedi_nsamples_left.
staging: android: ashmem: Fix lockdep issue during llseek
USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h
usb: quirks: add control message delay for 1b1c:1b20
USB: usbmon: remove assignment from IS_ERR argument
usb: usbmon: Read text within supplied buffer size
usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb()
serial: 8250_pci: Add Brainboxes UC-260 4 port serial device
fixup: sctp: verify size of a new chunk in _sctp_make_chunk()
Linux 4.4.122
Change-Id: I0946c4a7c59be33f18bed6498c3cdb748e82bbaf
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit ae0ac0ed6fcf5af3be0f63eb935f483f44a402d2 upstream.
instead of allocating each xt_counter individually, allocate 4k chunks
and then use these for counter allocation requests.
This should speed up rule evaluation by increasing data locality,
also speeds up ruleset loading because we reduce calls to the percpu
allocator.
As Eric points out we can't use PAGE_SIZE, page_allocator would fail on
arches with 64k page size.
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4d31eef5176df06f218201bc9c0ce40babb41660 upstream.
On SMP we overload the packet counter (unsigned long) to contain
percpu offset. Hide this from callers and pass xt_counters address
instead.
Preparation patch to allocate the percpu counters in page-sized batch
chunks.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b078556aecd791b0e5cb3a59f4c3a14273b52121 upstream.
l4proto->manip_pkt() can cause reallocation of skb head so pointer
to the ipv6 header must be reloaded.
Reported-and-tested-by: <syzbot+10005f4292fc9cc89de7@syzkaller.appspotmail.com>
Fixes: 58a317f106 ("netfilter: ipv6: add IPv6 NAT support")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 57ebd808a97d7c5b1e1afb937c2db22beba3c1f8 upstream.
The rationale for removing the check is only correct for rulesets
generated by ip(6)tables.
In iptables, a jump can only occur to a user-defined chain, i.e.
because we size the stack based on number of user-defined chains we
cannot exceed stack size.
However, the underlying binary format has no such restriction,
and the validation step only ensures that the jump target is a
valid rule start point.
IOW, its possible to build a rule blob that has no user-defined
chains but does contain a jump.
If this happens, no jump stack gets allocated and crash occurs
because no jumpstack was allocated.
Fixes: 7814b6ec6d ("netfilter: xtables: don't save/restore jumpstack offset")
Reported-by: syzbot+e783f671527912cd9403@syzkaller.appspotmail.com
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqlSRUACgkQONu9yGCS
aT4pDQ//Y4lGqfzLeZpwhm4wWFL3ZiC0IY4WEFP0Mb4N6LPtDqhmZoW1nFT5l5sS
uJaKU/7w49GB9jjgYIlYu5+aiX/PMgTbHD7NRRIoWtRDKxgVBuP4iIhUDdB9u61f
t3W49sRHnGoc8apEOzp7zeNZMhJB+RXJnhvPkzOX1ctXsoL50aSQXhSDQUXt5g8U
yey0bvKs1aWW2f1sjpQJIDRtzFbZP+hLlfwoiz5T5d/50zovaqt2yhw6ke5vBMbi
eP8i+g/91t5+MT6Bc7SUpsYBxMyrcZvnEHb/HSMxez2twueK6O6TXbQWGxAcHYSQ
WF6W8xOKAl7z92MsDuVM4wy1Hamwc0R3jF+KTriYNboGThfuNZDD4OlUrmWfafoY
Uaoa6wI7fiYvPBq5zvLkOc7ufE+ECqRq9pC2VXZp+G4veEgcc4ftZ57blhULryKS
Nl0E25BXEpyix9m0Racl26OLFx3DUI3wSfPb1aqJx4EP13FYBAGJIVMcZfSEjN7/
zpfPZExelkF1Q5P+OWbRrg5bi/DQoy/EGmZMA0LvpQl8rSFBilLdUjhGGPvmVwBE
P9qElRjdSqeoOiDUyDmARO3iWm42s2cBqAwgxlgP8LUcyzxUperkvnbM25pvkHfn
hh+QV9zOFUlI+rVj7pwu4DLmdOteRw7+7mTY4jgBVlZcAMBBLd0=
=KZem
-----END PGP SIGNATURE-----
Merge 4.4.121 into android-4.4
Changes in 4.4.121
tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus
tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus
tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus
ALSA: usb-audio: Add a quirck for B&W PX headphones
ALSA: hda: Add a power_save blacklist
cpufreq: s3c24xx: Fix broken s3c_cpufreq_init()
media: m88ds3103: don't call a non-initalized function
nospec: Allow index argument to have const-qualified type
ARM: mvebu: Fix broken PL310_ERRATA_753970 selects
KVM: mmu: Fix overlap between public and private memslots
x86/syscall: Sanitize syscall table de-references under speculation fix
btrfs: Don't clear SGID when inheriting ACLs
ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux
x86/apic/vector: Handle legacy irq data correctly
leds: do not overflow sysfs buffer in led_trigger_show
x86/spectre: Fix an error message
Revert "led: core: Fix brightness setting when setting delay_off=0"
bridge: check brport attr show in brport_show
fib_semantics: Don't match route with mismatching tclassid
hdlc_ppp: carrier detect ok, don't turn off negotiation
ipv6 sit: work around bogus gcc-8 -Wrestrict warning
net: fix race on decreasing number of TX queues
net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68
netlink: ensure to loop over all netns in genlmsg_multicast_allns()
ppp: prevent unregistered channels from connecting to PPP units
udplite: fix partial checksum initialization
sctp: fix dst refcnt leak in sctp_v4_get_dst
sctp: fix dst refcnt leak in sctp_v6_get_dst()
s390/qeth: fix SETIP command handling
s390/qeth: fix IPA command submission race
sctp: verify size of a new chunk in _sctp_make_chunk()
net: mpls: Pull common label check into helper
mpls, nospec: Sanitize array index in mpls_label_ok()
dm io: fix duplicate bio completion due to missing ref count
bpf, x64: implement retpoline for tail call
btrfs: preserve i_mode if __btrfs_set_acl() fails
Linux 4.4.121
Change-Id: Ifc1f73c407f35cc1815e6f69bbed838c8ca60bc2
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 15f35d49c93f4fa9875235e7bf3e3783d2dd7a1b ]
Since UDP-Lite is always using checksum, the following path is
triggered when calculating pseudo header for it:
udp4_csum_init() or udp6_csum_init()
skb_checksum_init_zero_check()
__skb_checksum_validate_complete()
The problem can appear if skb->len is less than CHECKSUM_BREAK. In
this particular case __skb_checksum_validate_complete() also invokes
__skb_checksum_complete(skb). If UDP-Lite is using partial checksum
that covers only part of a packet, the function will return bad
checksum and the packet will be dropped.
It can be fixed if we skip skb_checksum_init_zero_check() and only
set the required pseudo header checksum for UDP-Lite with partial
checksum before udp4_csum_init()/udp6_csum_init() functions return.
Fixes: ed70fcfcee ("net: Call skb_checksum_init in IPv4")
Fixes: e4f45b7f40 ("net: Call skb_checksum_init in IPv6")
Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit ca79bec237f5809a7c3c59bd41cd0880aa889966 ]
gcc-8 has a new warning that detects overlapping input and output arguments
in memcpy(). It triggers for sit_init_net() calling ipip6_tunnel_clone_6rd(),
which is actually correct:
net/ipv6/sit.c: In function 'sit_init_net':
net/ipv6/sit.c:192:3: error: 'memcpy' source argument is the same as destination [-Werror=restrict]
The problem here is that the logic detecting the memcpy() arguments finds them
to be the same, but the conditional that tests for the input and output of
ipip6_tunnel_clone_6rd() to be identical is not a compile-time constant.
We know that netdev_priv(t->dev) is the same as t for a tunnel device,
and comparing "dev" directly here lets the compiler figure out as well
that 'dev == sitn->fb_tunnel_dev' when called from sit_init_net(), so
it no longer warns.
This code is old, so Cc stable to make sure that we don't get the warning
for older kernels built with new gcc.
Cc: Martin Sebor <msebor@gmail.com>
Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83456
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-d63fdf6
Linux 4.4.120
MIPS: Implement __multi3 for GCC7 MIPS64r6 builds
net: gianfar_ptp: move set_fipers() to spinlock protecting area
sctp: make use of pre-calculated len
xen/gntdev: Fix partial gntdev_mmap() cleanup
xen/gntdev: Fix off-by-one error when unmapping with holes
SolutionEngine771x: fix Ether platform data
mdio-sun4i: Fix a memory leak
xen-netfront: enable device after manual module load
bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine.
can: flex_can: Correct the checking for frame length in flexcan_start_xmit()
mac80211: mesh: drop frames appearing to be from us
drm/ttm: check the return value of kzalloc
e1000: fix disabling already-disabled warning
xfs: quota: check result of register_shrinker()
xfs: quota: fix missed destroy of qi_tree_lock
IB/ipoib: Fix race condition in neigh creation
IB/mlx4: Fix mlx4_ib_alloc_mr error flow
s390/dasd: fix wrongly assigned configuration data
led: core: Fix brightness setting when setting delay_off=0
bnx2x: Improve reliability in case of nested PCI errors
tg3: Enable PHY reset in MTU change path for 5720
tg3: Add workaround to restrict 5762 MRRS to 2048
lib/mpi: Fix umul_ppmm() for MIPS64r6
ARM: dts: ls1021a: fix incorrect clock references
scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error
net: arc_emac: fix arc_emac_rx() error paths
spi: atmel: fixed spin_lock usage inside atmel_spi_remove
drm/nouveau/pci: do a msi rearm on init
sget(): handle failures of register_shrinker()
ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch
ipv6: icmp6: Allow icmp messages to be looped back
mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM
f2fs: fix a bug caused by NULL extent tree
hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers)
ANDROID: keychord: Check for write data size
Revert "binder: add missing binder_unlock()"
Linux 4.4.119
binder: add missing binder_unlock()
drm/amdgpu: Avoid leaking PM domain on driver unbind (v2)
usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path
usb: gadget: f_fs: Process all descriptors during bind
usb: ldusb: add PIDs for new CASSY devices supported by this driver
usb: dwc3: gadget: Set maxpacket size for ep0 IN
drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA
Add delay-init quirk for Corsair K70 RGB keyboards
arm64: Disable unhandled signal log messages by default
usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks()
irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()
x86/oprofile: Fix bogus GCC-8 warning in nmi_setup()
iio: adis_lib: Initialize trigger before requesting interrupt
iio: buffer: check if a buffer has been set up when poll is called
cfg80211: fix cfg80211_beacon_dup
scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info
ip_tunnel: fix preempt warning in ip tunnel creation/updating
ip_tunnel: replace dst_cache with generic implementation
PCI: keystone: Fix interrupt-controller-node lookup
powerpc/64s: Fix RFI flush dependency on HARDLOCKUP_DETECTOR
netfilter: drop outermost socket lock in getsockopt()
ANDROID: sdcardfs: Set num in extension_details during make_item
Conflicts:
drivers/usb/gadget/function/f_fs.c
Change-Id: I594b9686fd64d4b62ebef4452d4f1ccca4f5a77b
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqaaMQACgkQONu9yGCS
aT4KzBAAvCqibAFMAux179fHPZD3bUKdHPLKtyFFiqEo72x85VbzGMyF+8z0G9ci
uEIbg9nChvMEajggZ11I4Ydi8vBFNomYCp9I5d9ozDS18fUi0dLUPrRBbbKome5I
qVygmKshx7QKuiiVNknecQczqZbrd6cqOHJqJH/W6TUEPNsC7gta0bAB40DeWjQk
1SSKYEstaz7For4ZH9mjNqM/KF0RSWUt8/iLs8u4EQcSs47CMkUMFv3PwtITC8if
9lgsk+DZ5ua3DLrpRvMX8pL/hC1GZaceun7hn0aBIa/YmAYC6EsT5PB2SDX1ULC/
dUw1TjXpt/pJvhzxm+YZ4tq6JkxGDT6cfb3LwmGwSm+XUp299y7WBseC8U7GLBIp
hLLhSGTUtVkQbZ+dX24Hw+mwsgbdFbvFvwoeCBxfqAqgz/OeG4+zIXY94aBt0hxo
4qzzYqs4RuLS2bf+Gx6V2gfsqX6T9EXDIEUh+ybz+rAYBwLl9EVK7wVDB/ZjonTe
0/OUIQZEFS8g6kBczHQFISqoV+7ChwMwznEv8ZulYtdovPqGW7h10ZLAEm0L1i6d
xXtjxYezSaaiTWg44fbGjSTzUBso0+Mlxf6Q8YO2inxPQlLLdaTiPBxkTxY6M9Re
pmt8Z0o2796AsYbNrnBm5Y+8MTusdOWukFtUxz2vE8TR1r8mXO8=
=jkg+
-----END PGP SIGNATURE-----
Merge 4.4.120 into android-4.4
Changes in 4.4.120
hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers)
f2fs: fix a bug caused by NULL extent tree
mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM
ipv6: icmp6: Allow icmp messages to be looped back
ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch
sget(): handle failures of register_shrinker()
drm/nouveau/pci: do a msi rearm on init
spi: atmel: fixed spin_lock usage inside atmel_spi_remove
net: arc_emac: fix arc_emac_rx() error paths
scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error
ARM: dts: ls1021a: fix incorrect clock references
lib/mpi: Fix umul_ppmm() for MIPS64r6
tg3: Add workaround to restrict 5762 MRRS to 2048
tg3: Enable PHY reset in MTU change path for 5720
bnx2x: Improve reliability in case of nested PCI errors
led: core: Fix brightness setting when setting delay_off=0
s390/dasd: fix wrongly assigned configuration data
IB/mlx4: Fix mlx4_ib_alloc_mr error flow
IB/ipoib: Fix race condition in neigh creation
xfs: quota: fix missed destroy of qi_tree_lock
xfs: quota: check result of register_shrinker()
e1000: fix disabling already-disabled warning
drm/ttm: check the return value of kzalloc
mac80211: mesh: drop frames appearing to be from us
can: flex_can: Correct the checking for frame length in flexcan_start_xmit()
bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine.
xen-netfront: enable device after manual module load
mdio-sun4i: Fix a memory leak
SolutionEngine771x: fix Ether platform data
xen/gntdev: Fix off-by-one error when unmapping with holes
xen/gntdev: Fix partial gntdev_mmap() cleanup
sctp: make use of pre-calculated len
net: gianfar_ptp: move set_fipers() to spinlock protecting area
MIPS: Implement __multi3 for GCC7 MIPS64r6 builds
Linux 4.4.120
Change-Id: Ie363d2e798f7bbe76e728c995e605af94667dfe5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 588753f1eb18978512b1c9b85fddb457d46f9033 ]
One example of when an ICMPv6 packet is required to be looped back is
when a host acts as both a Multicast Listener and a Multicast Router.
A Multicast Router will listen on address ff02::16 for MLDv2 messages.
Currently, MLDv2 messages originating from a Multicast Listener running
on the same host as the Multicast Router are not being delivered to the
Multicast Router. This is due to dst.input being assigned the default
value of dst_discard.
This results in the packet being looped back but discarded before being
delivered to the Multicast Router.
This patch sets dst.input to ip6_input to ensure a looped back packet
is delivered to the Multicast Router.
Signed-off-by: Brendan McGrath <redmcg@redmandi.dyndns.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-5f7f76a
Linux 4.4.118
net: dst_cache_per_cpu_dst_set() can be static
crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
KVM: nVMX: invvpid handling improvements
KVM: VMX: clean up declaration of VPID/EPT invalidation types
kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail
KVM: nVMX: kmap() can't fail
x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
x86/spectre: Simplify spectre_v2 command line parsing
x86/retpoline: Avoid retpolines for built-in __init functions
x86/kvm: Update spectre-v1 mitigation
x86/paravirt: Remove 'noreplace-paravirt' cmdline option
x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
x86/spectre: Report get_user mitigation for spectre_v1
nl80211: Sanitize array index in parse_txq_params
vfs, fdtable: Prevent bounds-check bypass via speculative execution
x86/syscall: Sanitize syscall table de-references under speculation
x86/get_user: Use pointer masking to limit speculation
x86: Introduce barrier_nospec
x86: Implement array_index_mask_nospec
array_index_nospec: Sanitize speculative array de-references
Documentation: Document array_index_nospec
x86/spectre: Check CONFIG_RETPOLINE in command line parser
x86/cpu/bugs: Make retpoline module warning conditional
x86/bugs: Drop one "mitigation" from dmesg
x86/nospec: Fix header guards names
module/retpoline: Warn about missing retpoline in module
KVM: VMX: Make indirect call speculation safe
KVM: x86: Make indirect calls in emulator speculation safe
x86/retpoline: Remove the esp/rsp thunk
KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously
kasan: rework Kconfig settings
drm/gma500: remove helper function
x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug
genksyms: Fix segfault with invalid declarations
dell-wmi, dell-laptop: depends DMI
netlink: fix nla_put_{u8,u16,u32} for KASAN
ASoC: Intel: Kconfig: fix build when ACPI is not enabled
ARM: tegra: select USB_ULPI from EHCI rather than platform
ncr5380: shut up gcc indentation warning
usb: phy: msm add regulator dependency
idle: i7300: add PCI dependency
binfmt_elf: compat: avoid unused function warning
isdn: sc: work around type mismatch warning
power: bq27xxx_battery: mark some symbols __maybe_unused
Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
ncpfs: fix unused variable warning
gpio: xgene: mark PM functions as __maybe_unused
net: hp100: remove unnecessary #ifdefs
dmaengine: zx: fix build warning
perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
wireless: cw1200: use __maybe_unused to hide pm functions_
cw1200: fix bogus maybe-uninitialized warning
v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER
hdpvr: hide unused variable
drm/gma500: Sanity-check pipe index
serial: 8250_mid: fix broken DMA dependency
ASoC: rockchip: use __maybe_unused to hide st_irq_syscfg_resume
ISDN: eicon: reduce stack size of sig_ind function
em28xx: only use mt9v011 if camera support is enabled
go7007: add MEDIA_CAMERA_SUPPORT dependency
KVM: add X86_LOCAL_APIC dependency
Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
tc358743: fix register i2c_rd/wr functions
staging: unisys: visorinput depends on INPUT
i2c: remove __init from i2c_register_board_info()
b2c2: flexcop: avoid unused function warnings
infiniband: cxgb4: use %pR format string for printing resources
iio: adc: axp288: remove redundant duplicate const on axp288_adc_channels
ASoC: mediatek: add i2c dependency
genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
tty: cyclades: cyz_interrupt is only used for PCI
drm/vmwgfx: use *_32_bits() macros
tlan: avoid unused label with PCI=n
tc1100-wmi: fix build warning when CONFIG_PM not enabled
ipv4: ipconfig: avoid unused ic_proto_used symbol
netfilter: ipvs: avoid unused variable warnings
x86/platform/olpc: Fix resume handler build warning
staging: wilc1000: fix kbuild test robot error
rtlwifi: fix gcc-6 indentation warning
USB: cdc_subset: only build when one driver is enabled
hwrng: exynos - use __maybe_unused to hide pm functions
fbdev: sm712fb: avoid unused function warnings
Drivers: hv: vmbus: fix build warning
modsign: hide openssl output in silent builds
fbdev: s6e8ax0: avoid unused function warnings
mtd: cfi: enforce valid geometry configuration
mtd: sh_flctl: pass FIFO as physical address
amd-xgbe: Fix unused suspend handlers build warning
fbdev: auo_k190x: avoid unused function warnings
driver-core: use 'dev' argument in dev_dbg_ratelimited stub
target/user: Fix cast from pointer to phys_addr_t
tty: hvc_xen: hide xen_console_remove when unused
usb: musb/ux500: remove duplicate check for dma_is_compatible
pwc: hide unused label
SCSI: initio: remove duplicate module device table
scsi: mvumi: use __maybe_unused to hide pm functions
video: Use bool instead int pointer for get_opt_bool() argument
fbdev: sis: enforce selection of at least one backend
staging: ste_rmi4: avoid unused function warnings
video: fbdev: sis: remove unused variable
scsi: fdomain: drop fdomain_pci_tbl when built-in
mptfusion: hide unused seq_mpt_print_ioc_summary function
mtd: maps: add __init attribute
mtd: ichxrom: maybe-uninitialized with gcc-4.9
md: avoid warning for 32-bit sector_t
profile: hide unused functions when !CONFIG_PROC_FS
dpt_i2o: fix build warning
drivers/net: fix eisa_driver probe section mismatch
scsi: sim710: fix build warning
x86/boot: Avoid warning for zero-filling .bss
thermal: spear: use __maybe_unused for PM functions
ssb: mark ssb_bus_register as __maybe_unused
reiserfs: avoid a -Wmaybe-uninitialized warning
ALSA: hda/ca0132 - fix possible NULL pointer use
arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
scsi: advansys: fix uninitialized data access
x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
x86: add MULTIUSER dependency for KVM
thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
x86/build: Silence the build with "make -s"
tools build: Add tools tree support for 'make -s'
x86/fpu/math-emu: Fix possible uninitialized variable use
arm64: define BUG() instruction without CONFIG_BUG
x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
scsi: advansys: fix build warning for PCI=n
video: fbdev: via: remove possibly unused variables
platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
gpio: intel-mid: Fix build warning when !CONFIG_PM
vmxnet3: prevent building with 64K pages
isdn: icn: remove a #warning
virtio_balloon: prevent uninitialized variable use
hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
xen: XEN_ACPI_PROCESSOR is Dom0-only
x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
dmaengine: jz4740: disable/unprepare clk if probe fails
drm/armada: fix leak of crtc structure
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
spi: sun4i: disable clocks in the remove function
ASoC: rockchip: disable clock on error
clk: fix a panic error caused by accessing NULL pointer
dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved
dmaengine: ioat: Fix error handling path
509: fix printing uninitialized stack memory when OID is empty
btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
net_sched: red: Avoid illegal values
net_sched: red: Avoid devision by zero
gianfar: fix a flooded alignment reports because of padding issue.
s390/dasd: prevent prefix I/O error
powerpc/perf: Fix oops when grouping different pmu events
ipvlan: Add the skb->mark as flow4's member to lookup route
scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
RDMA/cma: Make sure that PSN is not over max allowed
pinctrl: sunxi: Fix A80 interrupt pin bank
media: s5k6aa: describe some function parameters
perf bench numa: Fixup discontiguous/sparse numa nodes
perf top: Fix window dimensions change handling
ARM: dts: am4372: Correct the interrupts_properties of McASP
ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
usb: build drivers/usb/common/ when USB_SUPPORT is set
usbip: keep usbip_device sockfd state in sync with tcp_socket
staging: iio: adc: ad7192: fix external frequency setting
binder: check for binder_thread allocation failure in binder_poll()
staging: android: ashmem: Fix a race condition in pin ioctls
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
Make DST_CACHE a silent config option
arm64: dts: add #cooling-cells to CPU nodes
video: fbdev/mmp: add MODULE_LICENSE
ASoC: ux500: add MODULE_LICENSE tag
net: avoid skb_warn_bad_offload on IS_ERR
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
netfilter: on sockopt() acquire sock lock only in the required scope
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
netfilter: x_tables: fix int overflow in xt_alloc_table_info()
KVM: x86: fix escape of guest dr6 to the host
crypto: x86/twofish-3way - Fix %rbp usage
selinux: skip bounded transition processing if the policy isn't loaded
selinux: ensure the context is NUL terminated in security_context_to_sid_core()
Provide a function to create a NUL-terminated string from unterminated data
drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
blktrace: fix unlocked registration of tracepoints
xfrm: check id proto in validate_tmpl()
xfrm: Fix stack-out-of-bounds read on socket policy lookup.
mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
cfg80211: check dev_set_name() return value
net: replace dst_cache ip6_tunnel implementation with the generic one
net: add dst_cache support
ANDROID: sdcardfs: Hold i_mutex for i_size_write
BACKPORT, FROMGIT: crypto: speck - add test vectors for Speck64-XTS
BACKPORT, FROMGIT: crypto: speck - add test vectors for Speck128-XTS
BACKPORT, FROMGIT: crypto: arm/speck - add NEON-accelerated implementation of Speck-XTS
FROMGIT: crypto: speck - export common helpers
BACKPORT, FROMGIT: crypto: speck - add support for the Speck block cipher
UPSTREAM: ANDROID: binder: synchronize_rcu() when using POLLFREE.
f2fs: updates on v4.16-rc1
Conflicts:
net/Kconfig
net/core/Makefile
Change-Id: I659b0444812b04252f1f1fba8bc62410ce42b061
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
* refs/heads/tmp-20ddb25
Linux 4.4.116
ftrace: Remove incorrect setting of glob search field
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
ovl: fix failure to fsync lower dir
ACPI: sbshc: remove raw pointer from printk() message
nvme: Fix managing degraded controllers
btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
pktcdvd: Fix pkt_setup_dev() error path
EDAC, octeon: Fix an uninitialized variable warning
xtensa: fix futex_atomic_cmpxchg_inatomic
alpha: fix reboot on Avanti platform
alpha: fix crash if pthread_create races with signal delivery
signal/sh: Ensure si_signo is initialized in do_divide_error
signal/openrisc: Fix do_unaligned_access to send the proper signal
Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version
Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
Bluetooth: btsdio: Do not bind to non-removable BCM43341
HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
kernel/async.c: revert "async: simplify lowest_in_progress()"
media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
media: ts2020: avoid integer overflows on 32 bit machines
watchdog: imx2_wdt: restore previous timeout after suspend+resume
KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
crypto: caam - fix endless loop when DECO acquire fails
media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha
media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
media: v4l2-compat-ioctl32.c: avoid sizeof(type)
media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
media: v4l2-compat-ioctl32.c: fix the indentation
media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
vb2: V4L2_BUF_FLAG_DONE is set after DQBUF
media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
nsfs: mark dentry with DCACHE_RCUACCESS
crypto: poly1305 - remove ->setkey() method
crypto: cryptd - pass through absence of ->setkey()
crypto: hash - introduce crypto_hash_alg_has_setkey()
ahci: Add Intel Cannon Lake PCH-H PCI ID
ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
ahci: Annotate PCI ids for mobile Intel chipsets as such
kernfs: fix regression in kernfs_fop_write caused by wrong type
NFS: reject request for id_legacy key without auxdata
NFS: commit direct writes even if they fail partially
NFS: Add a cond_resched() to nfs_commit_release_pages()
nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
ubi: block: Fix locking for idr_alloc/idr_remove
mtd: nand: sunxi: Fix ECC strength choice
mtd: nand: Fix nand_do_read_oob() return value
mtd: nand: brcmnand: Disable prefetch by default
mtd: cfi: convert inline functions to macros
media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
dccp: CVE-2017-8824: use-after-free in DCCP code
sched/rt: Up the root domain ref count when passing it around via IPIs
sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
usb: gadget: uvc: Missing files for configfs interface
posix-timer: Properly check sigevent->sigev_notify
netfilter: nf_queue: Make the queue_handler pernet
kaiser: fix compile error without vsyscall
x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER
dmaengine: dmatest: fix container_of member in dmatest_callback
CIFS: zero sensitive data when freeing
cifs: Fix autonegotiate security settings mismatch
cifs: Fix missing put_xid in cifs_file_strict_mmap
powerpc/pseries: include linux/types.h in asm/hvcall.h
x86/microcode: Do the family check first
x86/microcode/AMD: Do not load when running on a hypervisor
crypto: tcrypt - fix S/G table for test_aead_speed()
don't put symlink bodies in pagecache into highmem
KEYS: encrypted: fix buffer overread in valid_master_desc()
media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
vhost_net: stop device during reset owner
tcp: release sk_frag.page in tcp_disconnect
r8169: fix RTL8168EP take too long to complete driver initialization.
qlcnic: fix deadlock bug
net: igmp: add a missing rcu locking section
ip6mr: fix stale iterator
x86/asm: Fix inline asm call constraints for GCC 4.4
drm: rcar-du: Fix race condition when disabling planes at CRTC stop
drm: rcar-du: Use the VBK interrupt for vblank events
ASoC: rsnd: avoid duplicate free_irq()
ASoC: rsnd: don't call free_irq() on Parent SSI
ASoC: simple-card: Fix misleading error message
net: cdc_ncm: initialize drvflags before usage
usbip: fix 3eee23c3ec14 tcp_socket address still in the status file
usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit
ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
powerpc/64s: Allow control of RFI flush via debugfs
powerpc/64s: Wire up cpu_show_meltdown()
powerpc/powernv: Check device-tree for RFI flush settings
powerpc/pseries: Query hypervisor for RFI flush settings
powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti
powerpc/64s: Add support for RFI flush of L1-D cache
powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL
powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL
powerpc/64s: Simple RFI macro conversions
powerpc/64: Add macros for annotating the destination of rfid/hrfid
powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
powerpc: Simplify module TOC handling
powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC
powerpc/64: Fix flush_(d|i)cache_range() called from modules
powerpc/bpf/jit: Disable classic BPF JIT on ppc64le
BACKPORT: xfrm: Fix return value check of copy_sec_ctx.
time: Fix ktime_get_raw() incorrect base accumulation
sched/fair: prevent possible infinite loop in sched_group_energy
UPSTREAM: MIPS: Fix build of compressed image
ANDROID: qtaguid: Fix the UAF probelm with tag_ref_tree
UPSTREAM: ANDROID: binder: remove waitqueue when thread exits.
UPSTREAM: arm64/efi: Make strnlen() available to the EFI namespace
UPSTREAM: ARM: boot: Add an implementation of strnlen for libfdt
ANDROID: MIPS: Add ranchu[32r5|32r6|64]_defconfig
FROMLIST: tty: goldfish: Enable 'earlycon' only if built-in
FROMLIST: MIPS: ranchu: Add Ranchu as a new generic-based board
FROMLIST: MIPS: Add noexec=on|off kernel parameter
FROMLIST: MIPS: CPC: Map registers using DT in mips_cpc_default_phys_base()
FROMLIST: dt-bindings: Document mti,mips-cpc binding
FROMLIST: MIPS: math-emu: Mark fall throughs in switch statements with a comment
FROMLIST: MIPS: math-emu: Avoid multiple assignment
FROMLIST: MIPS: math-emu: Avoid an assignment within if statement condition
FROMLIST: MIPS: math-emu: Declare function srl128() as static
FROMLIST: MIPS: math-emu: Avoid definition duplication for macro DPXMULT()
FROMLIST: MIPS: math-emu: Remove an unnecessary header inclusion
UPSTREAM: scripts/dtc: Update to upstream version 0931cea3ba20
UPSTREAM: scripts/dtc: dt_to_config - kernel config options for a devicetree
UPSTREAM: scripts/dtc: Update to upstream version 53bf130b1cdd
UPSTREAM: scripts/dtc: Update to upstream commit b06e55c88b9b
UPSTREAM: scripts/dtc: dtx_diff - add info to error message
UPSTREAM: dtc: create tool to diff device trees
UPSTREAM: config: android-base: disable CONFIG_NFSD and CONFIG_NFS_FS
UPSTREAM: config: android-base: add CGROUP_BPF
UPSTREAM: config: android-base: add CONFIG_MODULES option
UPSTREAM: config: android-base: add CONFIG_IKCONFIG option
UPSTREAM: config: android-base: disable CONFIG_USELIB and CONFIG_FHANDLE
UPSTREAM: config: android-base: enable hardened usercopy and kernel ASLR
UPSTREAM: config: android: enable CONFIG_SECCOMP
UPSTREAM: config: android: set SELinux as default security mode
UPSTREAM: config: android: move device mapper options to recommended
UPSTREAM: config/android: Remove CONFIG_IPV6_PRIVACY
UPSTREAM: config: add android config fragments
BACKPORT: MIPS: generic: Add a MAINTAINERS entry
BACKPORT: irqchip/irq-goldfish-pic: Add Goldfish PIC driver
UPSTREAM: dt-bindings/goldfish-pic: Add device tree binding for Goldfish PIC driver
UPSTREAM: MIPS: Allow storing pgd in C0_CONTEXT for MIPSr6
UPSTREAM: MIPS: CPS: Handle spurious VP starts more gracefully
UPSTREAM: MIPS: CPS: Handle cores not powering down more gracefully
UPSTREAM: MIPS: CPS: Prevent multi-core with dcache aliasing
UPSTREAM: MIPS: CPS: Select CONFIG_SYS_SUPPORTS_SCHED_SMT for MIPSr6
UPSTREAM: MIPS: CM: WARN on attempt to lock invalid VP, not BUG
UPSTREAM: MIPS: CM: Avoid per-core locking with CM3 & higher
UPSTREAM: MIPS: smp-cps: Avoid BUG() when offlining pre-r6 CPUs
UPSTREAM: MIPS: smp-cps: Add support for CPU hotplug of MIPSr6 processors
UPSTREAM: MIPS: generic: Bump default NR_CPUS to 16
UPSTREAM: MIPS: pm-cps: Change FSB workaround to CPU blacklist
UPSTREAM: MIPS: Fix early CM probing
UPSTREAM: MIPS: smp-cps: Stop printing EJTAG exceptions to UART
UPSTREAM: MIPS: smp-cps: Add nothreads kernel parameter
UPSTREAM: MIPS: smp-cps: Support MIPSr6 Virtual Processors
UPSTREAM: MIPS: smp-cps: Skip core setup if coherent
UPSTREAM: MIPS: smp-cps: Pull boot config retrieval out of mips_cps_boot_vpes
UPSTREAM: MIPS: smp-cps: Pull cache init into a function
UPSTREAM: MIPS: smp-cps: Ensure our VP ident calculation is correct
UPSTREAM: irqchip: mips-gic: Provide VP ID accessor
UPSTREAM: irqchip: mips-gic: Use HW IDs for VPE_OTHER_ADDR
UPSTREAM: MIPS: CM: Fix mips_cm_max_vp_width for UP kernels
UPSTREAM: MIPS: CM: Add CM GCR_BEV_BASE accessors
UPSTREAM: MIPS: CPC: Add start, stop and running CM3 CPC registers
UPSTREAM: MIPS: pm-cps: Avoid offset overflow on MIPSr6
UPSTREAM: MIPS: traps: Make sure secondary cores have a sane ebase register
UPSTREAM: MIPS: Detect MIPSr6 Virtual Processor support
UPSTREAM: Documentation: Add device tree binding for Goldfish FB driver
UPSTREAM: MIPS: math-emu: Use preferred flavor of unsigned integer declarations
UPSTREAM: MIPS: math-emu: <MADDF|MSUBF>.D: Fix accuracy (64-bit case)
UPSTREAM: MIPS: math-emu: <MADDF|MSUBF>.S: Fix accuracy (32-bit case)
UPSTREAM: MIPS: Update Goldfish RTC driver maintainer email address
UPSTREAM: MIPS: Update RINT emulation maintainer email address
UPSTREAM: MIPS: math-emu: do not use bools for arithmetic
UPSTREAM: rtc: goldfish: Add RTC driver for Android emulator
BACKPORT: dt-bindings: Add device tree binding for Goldfish RTC driver
UPSTREAM: tty: goldfish: Implement support for kernel 'earlycon' parameter
UPSTREAM: tty: goldfish: Use streaming DMA for r/w operations on Ranchu platforms
UPSTREAM: tty: goldfish: Refactor constants to better reflect their nature
UPSTREAM: MIPS: math-emu: Add FP emu debugfs stats for individual instructions
UPSTREAM: MIPS: math-emu: Add FP emu debugfs clear functionality
UPSTREAM: MIPS: math-emu: Add FP emu debugfs statistics for branches
BACKPORT: MIPS: math-emu: CLASS.D: Zero bits 32-63 of the result
BACKPORT: MIPS: math-emu: RINT.<D|S>: Fix several problems by reimplementation
UPSTREAM: MIPS: math-emu: CMP.Sxxx.<D|S>: Prevent occurrences of SIGILL crashes
UPSTREAM: MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Clean up "maddf_flags" enumeration
UPSTREAM: MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Fix some cases of zero inputs
UPSTREAM: MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Fix some cases of infinite inputs
UPSTREAM: MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Fix NaN propagation
UPSTREAM: tty: goldfish: Fix a parameter of a call to free_irq
UPSTREAM: MIPS: VDSO: Fix clobber lists in fallback code paths
UPSTREAM: MIPS: VDSO: Fix a mismatch between comment and preprocessor constant
UPSTREAM: MIPS: VDSO: Add implementation of gettimeofday() fallback
UPSTREAM: MIPS: VDSO: Add implementation of clock_gettime() fallback
UPSTREAM: MIPS: VDSO: Fix conversions in do_monotonic()/do_monotonic_coarse()
UPSTREAM: MIPS: unaligned: Add DSP lwx & lhx missaligned access support
UPSTREAM: MIPS: build: Fix "-modd-spreg" switch usage when compiling for mips32r6
UPSTREAM: MIPS: cmdline: Add support for 'memmap' parameter
UPSTREAM: MIPS: math-emu: Handle zero accumulator case in MADDF and MSUBF separately
UPSTREAM: MIPS: Support per-device DMA coherence
UPSTREAM: MIPS: dma-default: Don't check hw_coherentio if device is non-coherent
UPSTREAM: MIPS: Sanitise coherentio semantics
UPSTREAM: MIPS: CPC: Provide default mips_cpc_default_phys_base to ignore CPC
UPSTREAM: MIPS: generic: Introduce generic DT-based board support
UPSTREAM: MIPS: Support generating Flattened Image Trees (.itb)
UPSTREAM: MIPS: Allow emulation for unaligned [LS]DXC1 instructions
UPSTREAM: MIPS: math-emu: Fix BC1EQZ and BC1NEZ condition handling
UPSTREAM: MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters
UPSTREAM: MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification
UPSTREAM: MIPS: remove aliasing alignment if HW has antialising support
BACKPORT: MIPS: store the appended dtb address in a variable
UPSTREAM: MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue
UPSTREAM: MIPS: kernel: Audit and remove any unnecessary uses of module.h
UPSTREAM: MIPS: c-r4k: Fix sigtramp SMP call to use kmap
UPSTREAM: MIPS: c-r4k: Fix protected_writeback_scache_line for EVA
UPSTREAM: MIPS: Spelling fix lets -> let's
UPSTREAM: MIPS: R6: Fix typo
UPSTREAM: MIPS: traps: Correct the SIGTRAP debug ABI in `do_watch' and `do_trap_or_bp'
UPSTREAM: MIPS: inst.h: Rename cbcond{0,1}_op to pop{1,3}0_op
UPSTREAM: MIPS: inst.h: Rename b{eq,ne}zcji[al]c_op to pop{6,7}6_op
UPSTREAM: MIPS: math-emu: Fix m{add,sub}.s shifts
UPSTREAM: MIPS: inst: Declare fsel_op for sel.fmt instruction
UPSTREAM: MIPS: math-emu: Fix code indentation
UPSTREAM: MIPS: math-emu: Fix bit-width in ieee754dp_{mul, maddf, msubf} comments
UPSTREAM: MIPS: math-emu: Add z argument macros
UPSTREAM: MIPS: math-emu: Unify ieee754dp_m{add,sub}f
UPSTREAM: MIPS: math-emu: Unify ieee754sp_m{add,sub}f
UPSTREAM: MIPS: math-emu: Emulate MIPSr6 sel.fmt instruction
UPSTREAM: MIPS: math-emu: Fix BC1{EQ,NE}Z emulation
UPSTREAM: MIPS: math-emu: Always propagate sNaN payload in quieting
UPSTREAM: MIPS: Fix misspellings in comments.
UPSTREAM: MIPS: math-emu: Add IEEE Std 754-2008 NaN encoding emulation
UPSTREAM: MIPS: math-emu: Add IEEE Std 754-2008 ABS.fmt and NEG.fmt emulation
UPSTREAM: MIPS: non-exec stack & heap when non-exec PT_GNU_STACK is present
UPSTREAM: MIPS: Add IEEE Std 754 conformance mode selection
UPSTREAM: MIPS: Determine the presence of IEEE Std 754-2008 features
UPSTREAM: MIPS: Define the legacy-NaN and 2008-NaN features
UPSTREAM: MIPS: ELF: Interpret the NAN2008 file header flag
UPSTREAM: ELF: Also pass any interpreter's file header to `arch_check_elf'
UPSTREAM: MIPS: Use a union to access the ELF file header
UPSTREAM: MIPS: Fix delay slot emulation count in debugfs
BACKPORT: exit_thread: accept a task parameter to be exited
UPSTREAM: mn10300: let exit_fpu accept a task
UPSTREAM: MIPS: Use per-mm page to execute branch delay slot instructions
BACKPORT: s390: get rid of exit_thread()
BACKPORT: exit_thread: remove empty bodies
UPSTREAM: MIPS: Make flush_thread
UPSTREAM: MIPS: Properly disable FPU in start_thread()
UPSTREAM: MIPS: Select CONFIG_HANDLE_DOMAIN_IRQ and make it work.
UPSTREAM: MIPS: math-emu: Fix typo
UPSTREAM: MIPS: math-emu: dsemul: Remove an unused bit in ADDIUPC emulation
UPSTREAM: MIPS: math-emu: dsemul: Reduce `get_isa16_mode' clutter
UPSTREAM: MIPS: math-emu: dsemul: Correct description of the emulation frame
UPSTREAM: MIPS: math-emu: Correct the emulation of microMIPS ADDIUPC instruction
UPSTREAM: MIPS: math-emu: Make microMIPS branch delay slot emulation work
UPSTREAM: MIPS: math-emu: dsemul: Fix ill formatting of microMIPS part
UPSTREAM: MIPS: math-emu: Correctly handle NOP emulation
Conflicts:
drivers/irqchip/Kconfig
drivers/irqchip/Makefile
drivers/media/v4l2-core/v4l2-compat-ioctl32.c
Change-Id: I98374358ab24ce80dba3afa2f4562c71f45b7aab
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqWc7cACgkQONu9yGCS
aT4pTw/+P/ROsI+I8Y6OQaAwSBNiDJJXIPuyiOWz9HPKoFQJ+TGZo5HobLoasoMO
s0MgNO+wNsIYdZZ8aWLqjtjvIbNWc93dJg+rChbEQbYDjSHexDR8IG0yHu+pafrF
SEmsd/uI90PQPU+uhTPJpvq9Zsu71i60M392c+3b7XfOkPOdMiLYh5wTGwItCTVk
zueyVPW3Rb6UhwdQ5PFrGh09M8eCOBsYEtQ2NVVaF1nDU/26tucqFqT5iQUFiDRM
XZbbhoxtRZUI8zIqhDqCfbbEBBRWxx7wW+04pEm7vf4oDYUDcywj0QrrPKWqvMty
Na155a7013KXG+KtfxcgD5iKYVLILHZNPwaKHJVNRnI/U1c1xG7mpEUt3RtuWMCh
4dh62g+AP5PabEqRoccOKqLHrXS6uelLjkwisheDJvADlCDQUP1A4yL9Lvu0ETNw
BAJoXOQcCuefAjtZT+fp4gAcku2lSBOAHmoneclCWT1iqEe/i0iXt7lfJ6cASJ5w
YmGTyU9o4dVKSGdeIEl7sN1Ijh5sv4LpJqsQvNDeGCsvI/EoiD5pNGsPAtjzgc19
8jjXfGd5BrOwmZvTSECyQTWpgmSwpd0tcLa9QjfQ3UHnjS+/kn8q44+C9pHtKID/
1UfedG4TP26LOSGVUWakhd93J9roojIud9WjYAVzG66u8JG5o/8=
=RGPa
-----END PGP SIGNATURE-----
Merge 4.4.119 into android-4.4
Changes in 4.4.119
netfilter: drop outermost socket lock in getsockopt()
powerpc/64s: Fix RFI flush dependency on HARDLOCKUP_DETECTOR
PCI: keystone: Fix interrupt-controller-node lookup
ip_tunnel: replace dst_cache with generic implementation
ip_tunnel: fix preempt warning in ip tunnel creation/updating
scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info
cfg80211: fix cfg80211_beacon_dup
iio: buffer: check if a buffer has been set up when poll is called
iio: adis_lib: Initialize trigger before requesting interrupt
x86/oprofile: Fix bogus GCC-8 warning in nmi_setup()
irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()
usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks()
arm64: Disable unhandled signal log messages by default
Add delay-init quirk for Corsair K70 RGB keyboards
drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA
usb: dwc3: gadget: Set maxpacket size for ep0 IN
usb: ldusb: add PIDs for new CASSY devices supported by this driver
usb: gadget: f_fs: Process all descriptors during bind
usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path
drm/amdgpu: Avoid leaking PM domain on driver unbind (v2)
binder: add missing binder_unlock()
Linux 4.4.119
Change-Id: Ie2b40ffed3554beef8db7b0e41d2a17d12f1a12c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit e09acddf873bf775b208b452a4c3a3fd26fa9427 upstream.
The current ip_tunnel cache implementation is prone to a race
that will cause the wrong dst to be cached on cuncurrent dst cache
miss and ip tunnel update via netlink.
Replacing with the generic implementation fix the issue.
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Suggested-and-acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 01ea306f2ac2baff98d472da719193e738759d93 upstream.
The Syzbot reported a possible deadlock in the netfilter area caused by
rtnl lock, xt lock and socket lock being acquired with a different order
on different code paths, leading to the following backtrace:
Reviewed-by: Xin Long <lucien.xin@gmail.com>
======================================================
WARNING: possible circular locking dependency detected
4.15.0+ #301 Not tainted
------------------------------------------------------
syzkaller233489/4179 is trying to acquire lock:
(rtnl_mutex){+.+.}, at: [<0000000048e996fd>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:74
but task is already holding lock:
(&xt[i].mutex){+.+.}, at: [<00000000328553a2>]
xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1041
which lock already depends on the new lock.
===
Since commit 3f34cfae1230 ("netfilter: on sockopt() acquire sock lock
only in the required scope"), we already acquire the socket lock in
the innermost scope, where needed. In such commit I forgot to remove
the outer-most socket lock from the getsockopt() path, this commit
addresses the issues dropping it now.
v1 -> v2: fix bad subj, added relavant 'fixes' tag
Fixes: 22265a5c3c ("netfilter: xt_TEE: resolve oif using netdevice notifiers")
Fixes: 202f59afd441 ("netfilter: ipt_CLUSTERIP: do not hold dev")
Fixes: 3f34cfae1230 ("netfilter: on sockopt() acquire sock lock only in the required scope")
Reported-by: syzbot+ddde1c7b7ff7442d7f2d@syzkaller.appspotmail.com
Suggested-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqSigwACgkQONu9yGCS
aT7zXA//SqhwoiM7hEaqv1Qmd9BRq06kog9QeYctnz+S42x7jXxzB2eHNz5FvhlL
3h1oSrXVPmbhtjsltxMhanLJp7gn/Gm/ee3o7Yx/1cwjmGcDQgB9zShwGlwhi8y/
IKackKpd+bLDLAHJAp/1xr25Njitnqr8uuufXX5ngscGB7tkX9ycLKALEWXDczLT
hAEk6Zt9/Ukk3r45QiPyfco4MOK8OwnHb7eAQHA0BJn9/izhl6CSEesm8NrYce+V
38KfLjNL1vdITWb072j4WyhaHb/0tE5OKy0hS4TBhyhd95FTZpI+NzqYzf7fGaZy
tsuxLDVCKcXLzqFPo5BTPgu84mHKntFI71HzwewtYP7reB60279NXd+QGDp1BXhW
v1RYTVwCxpViG6usrM8WNcWJMH9QCMuqJrEby54Sc9FQItwZYiboJaQw/IyDP59n
NoHsL/yehqhzez94jmmKJnsgSbK2qYYCmua1VoY4tZW7YXLOmT3t+siEzUbbssDo
QLZdxRtFZZYMrIcAEDzDVs1qQg+tEoGnDgkhgO1KrXhdzsLweCpLWkK64XwaksQf
5olEpyiQ6nXPuaINzdV3PLvoyZiWM6NdOpzCUHTnBn8cV/R2yPGT4t7Cey9JBEUb
LU4KDjEZpK/Ss1tWS/VIvkc6VEPWAIcMjpHRqtohovw5szHexgw=
=KxO7
-----END PGP SIGNATURE-----
Merge 4.4.118 into android-4.4
Changes in 4.4.118
net: add dst_cache support
net: replace dst_cache ip6_tunnel implementation with the generic one
cfg80211: check dev_set_name() return value
mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
xfrm: Fix stack-out-of-bounds read on socket policy lookup.
xfrm: check id proto in validate_tmpl()
blktrace: fix unlocked registration of tracepoints
drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
Provide a function to create a NUL-terminated string from unterminated data
selinux: ensure the context is NUL terminated in security_context_to_sid_core()
selinux: skip bounded transition processing if the policy isn't loaded
crypto: x86/twofish-3way - Fix %rbp usage
KVM: x86: fix escape of guest dr6 to the host
netfilter: x_tables: fix int overflow in xt_alloc_table_info()
netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
netfilter: on sockopt() acquire sock lock only in the required scope
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
net: avoid skb_warn_bad_offload on IS_ERR
ASoC: ux500: add MODULE_LICENSE tag
video: fbdev/mmp: add MODULE_LICENSE
arm64: dts: add #cooling-cells to CPU nodes
Make DST_CACHE a silent config option
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
staging: android: ashmem: Fix a race condition in pin ioctls
binder: check for binder_thread allocation failure in binder_poll()
staging: iio: adc: ad7192: fix external frequency setting
usbip: keep usbip_device sockfd state in sync with tcp_socket
usb: build drivers/usb/common/ when USB_SUPPORT is set
ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
ARM: dts: am4372: Correct the interrupts_properties of McASP
perf top: Fix window dimensions change handling
perf bench numa: Fixup discontiguous/sparse numa nodes
media: s5k6aa: describe some function parameters
pinctrl: sunxi: Fix A80 interrupt pin bank
RDMA/cma: Make sure that PSN is not over max allowed
scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
ipvlan: Add the skb->mark as flow4's member to lookup route
powerpc/perf: Fix oops when grouping different pmu events
s390/dasd: prevent prefix I/O error
gianfar: fix a flooded alignment reports because of padding issue.
net_sched: red: Avoid devision by zero
net_sched: red: Avoid illegal values
btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
509: fix printing uninitialized stack memory when OID is empty
dmaengine: ioat: Fix error handling path
dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved
clk: fix a panic error caused by accessing NULL pointer
ASoC: rockchip: disable clock on error
spi: sun4i: disable clocks in the remove function
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
drm/armada: fix leak of crtc structure
dmaengine: jz4740: disable/unprepare clk if probe fails
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
xen: XEN_ACPI_PROCESSOR is Dom0-only
hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
virtio_balloon: prevent uninitialized variable use
isdn: icn: remove a #warning
vmxnet3: prevent building with 64K pages
gpio: intel-mid: Fix build warning when !CONFIG_PM
platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
video: fbdev: via: remove possibly unused variables
scsi: advansys: fix build warning for PCI=n
x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
arm64: define BUG() instruction without CONFIG_BUG
x86/fpu/math-emu: Fix possible uninitialized variable use
tools build: Add tools tree support for 'make -s'
x86/build: Silence the build with "make -s"
thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
x86: add MULTIUSER dependency for KVM
x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
scsi: advansys: fix uninitialized data access
arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
ALSA: hda/ca0132 - fix possible NULL pointer use
reiserfs: avoid a -Wmaybe-uninitialized warning
ssb: mark ssb_bus_register as __maybe_unused
thermal: spear: use __maybe_unused for PM functions
x86/boot: Avoid warning for zero-filling .bss
scsi: sim710: fix build warning
drivers/net: fix eisa_driver probe section mismatch
dpt_i2o: fix build warning
profile: hide unused functions when !CONFIG_PROC_FS
md: avoid warning for 32-bit sector_t
mtd: ichxrom: maybe-uninitialized with gcc-4.9
mtd: maps: add __init attribute
mptfusion: hide unused seq_mpt_print_ioc_summary function
scsi: fdomain: drop fdomain_pci_tbl when built-in
video: fbdev: sis: remove unused variable
staging: ste_rmi4: avoid unused function warnings
fbdev: sis: enforce selection of at least one backend
video: Use bool instead int pointer for get_opt_bool() argument
scsi: mvumi: use __maybe_unused to hide pm functions
SCSI: initio: remove duplicate module device table
pwc: hide unused label
usb: musb/ux500: remove duplicate check for dma_is_compatible
tty: hvc_xen: hide xen_console_remove when unused
target/user: Fix cast from pointer to phys_addr_t
driver-core: use 'dev' argument in dev_dbg_ratelimited stub
fbdev: auo_k190x: avoid unused function warnings
amd-xgbe: Fix unused suspend handlers build warning
mtd: sh_flctl: pass FIFO as physical address
mtd: cfi: enforce valid geometry configuration
fbdev: s6e8ax0: avoid unused function warnings
modsign: hide openssl output in silent builds
Drivers: hv: vmbus: fix build warning
fbdev: sm712fb: avoid unused function warnings
hwrng: exynos - use __maybe_unused to hide pm functions
USB: cdc_subset: only build when one driver is enabled
rtlwifi: fix gcc-6 indentation warning
staging: wilc1000: fix kbuild test robot error
x86/platform/olpc: Fix resume handler build warning
netfilter: ipvs: avoid unused variable warnings
ipv4: ipconfig: avoid unused ic_proto_used symbol
tc1100-wmi: fix build warning when CONFIG_PM not enabled
tlan: avoid unused label with PCI=n
drm/vmwgfx: use *_32_bits() macros
tty: cyclades: cyz_interrupt is only used for PCI
genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
ASoC: mediatek: add i2c dependency
iio: adc: axp288: remove redundant duplicate const on axp288_adc_channels
infiniband: cxgb4: use %pR format string for printing resources
b2c2: flexcop: avoid unused function warnings
i2c: remove __init from i2c_register_board_info()
staging: unisys: visorinput depends on INPUT
tc358743: fix register i2c_rd/wr functions
drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
KVM: add X86_LOCAL_APIC dependency
go7007: add MEDIA_CAMERA_SUPPORT dependency
em28xx: only use mt9v011 if camera support is enabled
ISDN: eicon: reduce stack size of sig_ind function
ASoC: rockchip: use __maybe_unused to hide st_irq_syscfg_resume
serial: 8250_mid: fix broken DMA dependency
drm/gma500: Sanity-check pipe index
hdpvr: hide unused variable
v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER
cw1200: fix bogus maybe-uninitialized warning
wireless: cw1200: use __maybe_unused to hide pm functions_
perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
dmaengine: zx: fix build warning
net: hp100: remove unnecessary #ifdefs
gpio: xgene: mark PM functions as __maybe_unused
ncpfs: fix unused variable warning
Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
power: bq27xxx_battery: mark some symbols __maybe_unused
isdn: sc: work around type mismatch warning
binfmt_elf: compat: avoid unused function warning
idle: i7300: add PCI dependency
usb: phy: msm add regulator dependency
ncr5380: shut up gcc indentation warning
ARM: tegra: select USB_ULPI from EHCI rather than platform
ASoC: Intel: Kconfig: fix build when ACPI is not enabled
netlink: fix nla_put_{u8,u16,u32} for KASAN
dell-wmi, dell-laptop: depends DMI
genksyms: Fix segfault with invalid declarations
x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug
drm/gma500: remove helper function
kasan: rework Kconfig settings
KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously
x86/retpoline: Remove the esp/rsp thunk
KVM: x86: Make indirect calls in emulator speculation safe
KVM: VMX: Make indirect call speculation safe
module/retpoline: Warn about missing retpoline in module
x86/nospec: Fix header guards names
x86/bugs: Drop one "mitigation" from dmesg
x86/cpu/bugs: Make retpoline module warning conditional
x86/spectre: Check CONFIG_RETPOLINE in command line parser
Documentation: Document array_index_nospec
array_index_nospec: Sanitize speculative array de-references
x86: Implement array_index_mask_nospec
x86: Introduce barrier_nospec
x86/get_user: Use pointer masking to limit speculation
x86/syscall: Sanitize syscall table de-references under speculation
vfs, fdtable: Prevent bounds-check bypass via speculative execution
nl80211: Sanitize array index in parse_txq_params
x86/spectre: Report get_user mitigation for spectre_v1
x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
x86/paravirt: Remove 'noreplace-paravirt' cmdline option
x86/kvm: Update spectre-v1 mitigation
x86/retpoline: Avoid retpolines for built-in __init functions
x86/spectre: Simplify spectre_v2 command line parsing
x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
KVM: nVMX: kmap() can't fail
KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail
kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
KVM: VMX: clean up declaration of VPID/EPT invalidation types
KVM: nVMX: invvpid handling improvements
crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
net: dst_cache_per_cpu_dst_set() can be static
Linux 4.4.118
Change-Id: I01c76e1c15a611e13a1e98092bc5c01cdb5b6adb
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 3f34cfae1238848fd53f25e5c8fd59da57901f4b upstream.
Syzbot reported several deadlocks in the netfilter area caused by
rtnl lock and socket lock being acquired with a different order on
different code paths, leading to backtraces like the following one:
======================================================
WARNING: possible circular locking dependency detected
4.15.0-rc9+ #212 Not tainted
------------------------------------------------------
syzkaller041579/3682 is trying to acquire lock:
(sk_lock-AF_INET6){+.+.}, at: [<000000008775e4dd>] lock_sock
include/net/sock.h:1463 [inline]
(sk_lock-AF_INET6){+.+.}, at: [<000000008775e4dd>]
do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167
but task is already holding lock:
(rtnl_mutex){+.+.}, at: [<000000004342eaa9>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:74
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (rtnl_mutex){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74
register_netdevice_notifier+0xad/0x860 net/core/dev.c:1607
tee_tg_check+0x1a0/0x280 net/netfilter/xt_TEE.c:106
xt_check_target+0x22c/0x7d0 net/netfilter/x_tables.c:845
check_target net/ipv6/netfilter/ip6_tables.c:538 [inline]
find_check_entry.isra.7+0x935/0xcf0
net/ipv6/netfilter/ip6_tables.c:580
translate_table+0xf52/0x1690 net/ipv6/netfilter/ip6_tables.c:749
do_replace net/ipv6/netfilter/ip6_tables.c:1165 [inline]
do_ip6t_set_ctl+0x370/0x5f0 net/ipv6/netfilter/ip6_tables.c:1691
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ipv6_setsockopt+0x115/0x150 net/ipv6/ipv6_sockglue.c:928
udpv6_setsockopt+0x45/0x80 net/ipv6/udp.c:1422
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
entry_SYSCALL_64_fastpath+0x29/0xa0
-> #0 (sk_lock-AF_INET6){+.+.}:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
lock_sock_nested+0xc2/0x110 net/core/sock.c:2780
lock_sock include/net/sock.h:1463 [inline]
do_ipv6_setsockopt.isra.8+0x3c5/0x39d0 net/ipv6/ipv6_sockglue.c:167
ipv6_setsockopt+0xd7/0x150 net/ipv6/ipv6_sockglue.c:922
udpv6_setsockopt+0x45/0x80 net/ipv6/udp.c:1422
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2978
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
entry_SYSCALL_64_fastpath+0x29/0xa0
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(rtnl_mutex);
lock(sk_lock-AF_INET6);
lock(rtnl_mutex);
lock(sk_lock-AF_INET6);
*** DEADLOCK ***
1 lock held by syzkaller041579/3682:
#0: (rtnl_mutex){+.+.}, at: [<000000004342eaa9>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:74
The problem, as Florian noted, is that nf_setsockopt() is always
called with the socket held, even if the lock itself is required only
for very tight scopes and only for some operation.
This patch addresses the issues moving the lock_sock() call only
where really needed, namely in ipv*_getorigdst(), so that nf_setsockopt()
does not need anymore to acquire both locks.
Fixes: 22265a5c3c ("netfilter: xt_TEE: resolve oif using netdevice notifiers")
Reported-by: syzbot+a4c2dc980ac1af699b36@syzkaller.appspotmail.com
Suggested-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 607f725f6f7d5ec3759fbc16224afb60e2152a5b upstream.
This also fix a potential race into the existing tunnel code, which
could lead to the wrong dst to be permanenty cached:
CPU1: CPU2:
<xmit on ip6_tunnel>
<cache lookup fails>
dst = ip6_route_output(...)
<tunnel params are changed via nl>
dst_cache_reset() // no effect,
// the cache is empty
dst_cache_set() // the wrong dst
// is permanenty stored
// into the cache
With the new dst implementation the above race is not possible
since the first cache lookup after dst_cache_reset will fail due
to the timestamp check
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Suggested-and-acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Manoj Boopathi Raj <manojboopathi@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqHLN8ACgkQONu9yGCS
aT7eyQ/+NGK3/MPgoqRtg8sEvr1CVk8VhH1BiBfiQPGXe/D4nqPrKQzQBBzsW8QX
6Z9PY7wDz9RgFkw+FoOyG0eLuYdgNYOelASdQ4kJzteVH8pB2GxxTbX0drttzV+F
liNy0w39YLYxbjR4FavOSuDekd46dNQsHBvzTawaFKh0BEtQO+1uUGMg1LjMKVPn
F9ry0mEPrOoC2+nRvU6QXIUZy6y4+Pgdda0sfGcO3yXwQev9HoW5h9qMCnGah30J
D3Glt86dtpQcuqeIaXrfX+HnkvAOxTHjP8uRn3O7A7h8+WYBWq5Xms6A7EE9duNV
0UA8OZpvq0r0YSTmBFzrDexAcf/cXW8ajd/VKseI/d53iIauLV5FUaGldLJ3IQMc
gYZ2uNxGTI4z3V+nIiVQ0NCm4kmqogVY8PvMlgUwiFVG2B088iYGZ7iTOQ9b7wBO
VgDo0ouC/yDA8Lmz/A0l3SuvkJDNIPJit5lWzqCGRjk1F8WdPpI5C3ONfp8R3Lko
sTllldOo982KW5up/fg5HfuMg1OjgXZtzO+/NlTtyTpSr9bb1OoniSROG8eEcMqO
lKI1MB8Xx/pqqW1E8OOtb7A/8JPCBFzVV9xVGKwI0uZa2XOQeAwGruOe8Ub6nEpU
8w30DlSgy8MB1BPL6UGC6k+001k8jkohdl/qjpYb6aK55CfbhlA=
=a3k5
-----END PGP SIGNATURE-----
Merge 4.4.116 into android-4.4
Changes in 4.4.116
powerpc/bpf/jit: Disable classic BPF JIT on ppc64le
powerpc/64: Fix flush_(d|i)cache_range() called from modules
powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC
powerpc: Simplify module TOC handling
powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
powerpc/64: Add macros for annotating the destination of rfid/hrfid
powerpc/64s: Simple RFI macro conversions
powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL
powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL
powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
powerpc/64s: Add support for RFI flush of L1-D cache
powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti
powerpc/pseries: Query hypervisor for RFI flush settings
powerpc/powernv: Check device-tree for RFI flush settings
powerpc/64s: Wire up cpu_show_meltdown()
powerpc/64s: Allow control of RFI flush via debugfs
ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit
usbip: fix 3eee23c3ec14 tcp_socket address still in the status file
net: cdc_ncm: initialize drvflags before usage
ASoC: simple-card: Fix misleading error message
ASoC: rsnd: don't call free_irq() on Parent SSI
ASoC: rsnd: avoid duplicate free_irq()
drm: rcar-du: Use the VBK interrupt for vblank events
drm: rcar-du: Fix race condition when disabling planes at CRTC stop
x86/asm: Fix inline asm call constraints for GCC 4.4
ip6mr: fix stale iterator
net: igmp: add a missing rcu locking section
qlcnic: fix deadlock bug
r8169: fix RTL8168EP take too long to complete driver initialization.
tcp: release sk_frag.page in tcp_disconnect
vhost_net: stop device during reset owner
media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
KEYS: encrypted: fix buffer overread in valid_master_desc()
don't put symlink bodies in pagecache into highmem
crypto: tcrypt - fix S/G table for test_aead_speed()
x86/microcode/AMD: Do not load when running on a hypervisor
x86/microcode: Do the family check first
powerpc/pseries: include linux/types.h in asm/hvcall.h
cifs: Fix missing put_xid in cifs_file_strict_mmap
cifs: Fix autonegotiate security settings mismatch
CIFS: zero sensitive data when freeing
dmaengine: dmatest: fix container_of member in dmatest_callback
x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER
kaiser: fix compile error without vsyscall
netfilter: nf_queue: Make the queue_handler pernet
posix-timer: Properly check sigevent->sigev_notify
usb: gadget: uvc: Missing files for configfs interface
sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
sched/rt: Up the root domain ref count when passing it around via IPIs
dccp: CVE-2017-8824: use-after-free in DCCP code
media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
mtd: cfi: convert inline functions to macros
mtd: nand: brcmnand: Disable prefetch by default
mtd: nand: Fix nand_do_read_oob() return value
mtd: nand: sunxi: Fix ECC strength choice
ubi: block: Fix locking for idr_alloc/idr_remove
nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
NFS: Add a cond_resched() to nfs_commit_release_pages()
NFS: commit direct writes even if they fail partially
NFS: reject request for id_legacy key without auxdata
kernfs: fix regression in kernfs_fop_write caused by wrong type
ahci: Annotate PCI ids for mobile Intel chipsets as such
ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
ahci: Add Intel Cannon Lake PCH-H PCI ID
crypto: hash - introduce crypto_hash_alg_has_setkey()
crypto: cryptd - pass through absence of ->setkey()
crypto: poly1305 - remove ->setkey() method
nsfs: mark dentry with DCACHE_RCUACCESS
media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
vb2: V4L2_BUF_FLAG_DONE is set after DQBUF
media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
media: v4l2-compat-ioctl32.c: fix the indentation
media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
media: v4l2-compat-ioctl32.c: avoid sizeof(type)
media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha
media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
crypto: caam - fix endless loop when DECO acquire fails
arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
watchdog: imx2_wdt: restore previous timeout after suspend+resume
media: ts2020: avoid integer overflows on 32 bit machines
media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
kernel/async.c: revert "async: simplify lowest_in_progress()"
HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
Bluetooth: btsdio: Do not bind to non-removable BCM43341
Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version
signal/openrisc: Fix do_unaligned_access to send the proper signal
signal/sh: Ensure si_signo is initialized in do_divide_error
alpha: fix crash if pthread_create races with signal delivery
alpha: fix reboot on Avanti platform
xtensa: fix futex_atomic_cmpxchg_inatomic
EDAC, octeon: Fix an uninitialized variable warning
pktcdvd: Fix pkt_setup_dev() error path
btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
nvme: Fix managing degraded controllers
ACPI: sbshc: remove raw pointer from printk() message
ovl: fix failure to fsync lower dir
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
ftrace: Remove incorrect setting of glob search field
Linux 4.4.116
Change-Id: Id000cb8d59b74de063902e9ad24dd07fe1b1694b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
* refs/heads/tmp-fe09418
Linux 4.4.114
nfsd: auth: Fix gid sorting when rootsquash enabled
net: tcp: close sock if net namespace is exiting
flow_dissector: properly cap thoff field
ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY
net: Allow neigh contructor functions ability to modify the primary_key
vmxnet3: repair memory leak
sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
sctp: do not allow the v4 socket to bind a v4mapped v6 address
r8169: fix memory corruption on retrieval of hardware statistics.
pppoe: take ->needed_headroom of lower device into account on xmit
net: qdisc_pkt_len_init() should be more robust
tcp: __tcp_hdrlen() helper
net: igmp: fix source address check for IGMPv3 reports
lan78xx: Fix failure in USB Full Speed
ipv6: ip6_make_skb() needs to clear cork.base.dst
ipv6: fix udpv6 sendmsg crash caused by too small MTU
ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state
hrtimer: Reset hrtimer cpu base proper on CPU hotplug
x86/microcode/intel: Extend BDW late-loading further with LLC size check
eventpoll.h: add missing epoll event masks
vsyscall: Fix permissions for emulate mode with KAISER/PTI
um: link vmlinux with -no-pie
usbip: prevent leaking socket pointer address in messages
usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
usbip: fix stub_rx: get_pipe() to validate endpoint number
usb: usbip: Fix possible deadlocks reported by lockdep
Input: trackpoint - force 3 buttons if 0 button is reported
Revert "module: Add retpoline tag to VERMAGIC"
scsi: libiscsi: fix shifting of DID_REQUEUE host byte
fs/fcntl: f_setown, avoid undefined behaviour
reiserfs: Don't clear SGID when inheriting ACLs
reiserfs: don't preallocate blocks for extended attributes
reiserfs: fix race in prealloc discard
ext2: Don't clear SGID when inheriting ACLs
netfilter: xt_osf: Add missing permission checks
netfilter: nfnetlink_cthelper: Add missing permission checks
netfilter: fix IS_ERR_VALUE usage
netfilter: use fwmark_reflect in nf_send_reset
netfilter: nf_conntrack_sip: extend request line validation
netfilter: restart search if moved to other chain
netfilter: nfnetlink_queue: reject verdict request from different portid
netfilter: nf_ct_expect: remove the redundant slash when policy name is empty
netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel
netfilter: x_tables: speed up jump target validation
ACPICA: Namespace: fix operand cache leak
ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
ACPI / processor: Avoid reserving IO regions too early
x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
ipc: msg, make msgrcv work with LONG_MIN
mm, page_alloc: fix potential false positive in __zone_watermark_ok
cma: fix calculation of aligned offset
hwpoison, memcg: forcibly uncharge LRU pages
mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
fs/select: add vmalloc fallback for select(2)
mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version
PCI: layerscape: Fix MSG TLP drop setting
PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
drivers: base: cacheinfo: fix boot error message when acpi is enabled
drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
Prevent timer value 0 for MWAITX
timers: Plug locking race vs. timer migration
time: Avoid undefined behaviour in ktime_add_safe()
PM / sleep: declare __tracedata symbols as char[] rather than char
can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks
x86/retpoline: Fill RSB on context switch for affected CPUs
x86/cpu/intel: Introduce macros for Intel family numbers
x86/microcode/intel: Fix BDW late-loading revision check
usbip: Fix potential format overflow in userspace tools
usbip: Fix implicit fallthrough warning
usbip: prevent vhci_hcd driver from leaking a socket pointer address
x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
ANDROID: sched: EAS: check energy_aware() before calling select_energy_cpu_brute() in up-migrate path
UPSTREAM: eventpoll.h: add missing epoll event masks
ANDROID: xattr: Pass EOPNOTSUPP to permission2
Conflicts:
kernel/sched/fair.c
Change-Id: I15005cb3bc039f4361d25ed2e22f8175b3d7ca96
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlpxo0gACgkQONu9yGCS
aT78EhAAs+LNVHZzqBuwgiuB/7Fsx5RvnzetpCstjWQnJHUCPjU9iCc4oTgpTGeC
jLZeQeUlwAguL87+GLEhKEflSqKd5O/3VozLd4Xw7tGTUSqkV/0yUbmKuXzMwqTP
ZlUDtM8eK4nfQ9ci/9yF6D3jMcpboVzFSlfu+HYLFxNUhr3NOf8jpPrMqDqTWEbP
ncT4habS87sQSDtZLFVsGLq2rtOg91NkiXSJEwyDeioTwR9kUju5eJGhF1yhmJZh
GEBOddmpD+RndL/Q0SN9poThWEFtWHwaBKeittHYzwnn5J7+ov9pjMmXkvGf8Slc
pWVx7WADcPkmyx18x53szI05uR0VycPB8YhwQW28yB9+4LabPzLSz9KNVDNcs7Tf
1GpP7Au0YVJBMjbUuJfZVe0MgSM6pRsw+I/etz47O27zsm/HEoRqHNwTk7T6B6jd
W0vjw2HohpQUxVa6AAgqVqCgzw4ALCmlIcepaOxtU6l3XEWLrMe8OwwUl6pQY+Fr
8dLk87SnFMgWVMyQf6M4Bse5EGHwfVEvA8z82HOlGNbynycexYDFWWxI/0P4CjPx
VCRg3XZF4OyoRWmy/9NKgpeQBXS+fiIGIGp0opjeMfpw6t6IJqeeFik6DzXZ3Hhe
FHYlCCtc45TAr3kJwSgfIoS7PcorBK93MDoEV58yJa6kcu0OOFQ=
=vx5p
-----END PGP SIGNATURE-----
Merge 4.4.114 into android-4.4
Changes in 4.4.114
x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
usbip: prevent vhci_hcd driver from leaking a socket pointer address
usbip: Fix implicit fallthrough warning
usbip: Fix potential format overflow in userspace tools
x86/microcode/intel: Fix BDW late-loading revision check
x86/cpu/intel: Introduce macros for Intel family numbers
x86/retpoline: Fill RSB on context switch for affected CPUs
sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks
can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
PM / sleep: declare __tracedata symbols as char[] rather than char
time: Avoid undefined behaviour in ktime_add_safe()
timers: Plug locking race vs. timer migration
Prevent timer value 0 for MWAITX
drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
drivers: base: cacheinfo: fix boot error message when acpi is enabled
PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
PCI: layerscape: Fix MSG TLP drop setting
mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version
fs/select: add vmalloc fallback for select(2)
mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
hwpoison, memcg: forcibly uncharge LRU pages
cma: fix calculation of aligned offset
mm, page_alloc: fix potential false positive in __zone_watermark_ok
ipc: msg, make msgrcv work with LONG_MIN
x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
ACPI / processor: Avoid reserving IO regions too early
ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
ACPICA: Namespace: fix operand cache leak
netfilter: x_tables: speed up jump target validation
netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel
netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
netfilter: nf_ct_expect: remove the redundant slash when policy name is empty
netfilter: nfnetlink_queue: reject verdict request from different portid
netfilter: restart search if moved to other chain
netfilter: nf_conntrack_sip: extend request line validation
netfilter: use fwmark_reflect in nf_send_reset
netfilter: fix IS_ERR_VALUE usage
netfilter: nfnetlink_cthelper: Add missing permission checks
netfilter: xt_osf: Add missing permission checks
ext2: Don't clear SGID when inheriting ACLs
reiserfs: fix race in prealloc discard
reiserfs: don't preallocate blocks for extended attributes
reiserfs: Don't clear SGID when inheriting ACLs
fs/fcntl: f_setown, avoid undefined behaviour
scsi: libiscsi: fix shifting of DID_REQUEUE host byte
Revert "module: Add retpoline tag to VERMAGIC"
Input: trackpoint - force 3 buttons if 0 button is reported
usb: usbip: Fix possible deadlocks reported by lockdep
usbip: fix stub_rx: get_pipe() to validate endpoint number
usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
usbip: prevent leaking socket pointer address in messages
um: link vmlinux with -no-pie
vsyscall: Fix permissions for emulate mode with KAISER/PTI
eventpoll.h: add missing epoll event masks
x86/microcode/intel: Extend BDW late-loading further with LLC size check
hrtimer: Reset hrtimer cpu base proper on CPU hotplug
dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state
ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
ipv6: fix udpv6 sendmsg crash caused by too small MTU
ipv6: ip6_make_skb() needs to clear cork.base.dst
lan78xx: Fix failure in USB Full Speed
net: igmp: fix source address check for IGMPv3 reports
tcp: __tcp_hdrlen() helper
net: qdisc_pkt_len_init() should be more robust
pppoe: take ->needed_headroom of lower device into account on xmit
r8169: fix memory corruption on retrieval of hardware statistics.
sctp: do not allow the v4 socket to bind a v4mapped v6 address
sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
vmxnet3: repair memory leak
net: Allow neigh contructor functions ability to modify the primary_key
ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY
flow_dissector: properly cap thoff field
net: tcp: close sock if net namespace is exiting
nfsd: auth: Fix gid sorting when rootsquash enabled
Linux 4.4.114
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 95ef498d977bf44ac094778fd448b98af158a3e6 ]
In my last patch, I missed fact that cork.base.dst was not initialized
in ip6_make_skb() :
If ip6_setup_cork() returns an error, we might attempt a dst_release()
on some random pointer.
Fixes: 862c03ee1deb ("ipv6: fix possible mem leaks in ipv6_make_skb()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit e9191ffb65d8e159680ce0ad2224e1acbde6985c ]
Commit 513674b5a2c9 ("net: reevalulate autoflowlabel setting after
sysctl setting") removed the initialisation of
ipv6_pinfo::autoflowlabel and added a second flag to indicate
whether this field or the net namespace default should be used.
The getsockopt() handling for this case was not updated, so it
currently returns 0 for all sockets for which IPV6_AUTOFLOWLABEL is
not explicitly enabled. Fix it to return the effective value, whether
that has been set at the socket or net namespace level.
Fixes: 513674b5a2c9 ("net: reevalulate autoflowlabel setting after sysctl ...")
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 92b4423e3a0bc5d43ecde4bcad871f8b5ba04efd upstream.
This is a forward-port of the original patch from Andrzej Hajda,
he said:
"IS_ERR_VALUE should be used only with unsigned long type.
Otherwise it can work incorrectly. To achieve this function
xt_percpu_counter_alloc is modified to return unsigned long,
and its result is assigned to temporary variable to perform
error checking, before assigning to .pcnt field.
The patch follows conclusion from discussion on LKML [1][2].
[1]: http://permalink.gmane.org/gmane.linux.kernel/2120927
[2]: http://permalink.gmane.org/gmane.linux.kernel/2150581"
Original patch from Andrzej is here:
http://patchwork.ozlabs.org/patch/582970/
This patch has clashed with input validation fixes for x_tables.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
commit cc31d43b4154ad5a7d8aa5543255a93b7e89edc2 upstream.
Otherwise, RST packets generated by ipt_REJECT always have mark 0 when
the routing is checked later in the same code path.
Fixes: e110861f86 ("net: add a sysctl to reflect the fwmark on replies")
Cc: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Pau Espin Pedrol <pau.espin@tessares.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 83170f3beccccd7ceb4f9a0ac0c4dc736afde90c upstream.
With the commit 48e8aa6e31 ("ipv6: Set FLOWI_FLAG_KNOWN_NH at
flowi6_flags") ip6_pol_route() callers were asked to to set the
FLOWI_FLAG_KNOWN_NH properly and xt_TEE was updated accordingly,
but with the later refactor in commit bbde9fc182 ("netfilter:
factor out packet duplication for IPv4/IPv6") the flowi6_flags
update was lost.
This commit re-add it just before the routing decision.
Fixes: bbde9fc182 ("netfilter: factor out packet duplication for IPv4/IPv6")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f4dc77713f8016d2e8a3295e1c9c53a21f296def upstream.
The dummy ruleset I used to test the original validation change was broken,
most rules were unreachable and were not tested by mark_source_chains().
In some cases rulesets that used to load in a few seconds now require
several minutes.
sample ruleset that shows the behaviour:
echo "*filter"
for i in $(seq 0 100000);do
printf ":chain_%06x - [0:0]\n" $i
done
for i in $(seq 0 100000);do
printf -- "-A INPUT -j chain_%06x\n" $i
printf -- "-A INPUT -j chain_%06x\n" $i
printf -- "-A INPUT -j chain_%06x\n" $i
done
echo COMMIT
[ pipe result into iptables-restore ]
This ruleset will be about 74mbyte in size, with ~500k searches
though all 500k[1] rule entries. iptables-restore will take forever
(gave up after 10 minutes)
Instead of always searching the entire blob for a match, fill an
array with the start offsets of every single ipt_entry struct,
then do a binary search to check if the jump target is present or not.
After this change ruleset restore times get again close to what one
gets when reverting 36472341017529e (~3 seconds on my workstation).
[1] every user-defined rule gets an implicit RETURN, so we get
300k jumps + 100k userchains + 100k returns -> 500k rule entries
Fixes: 36472341017529e ("netfilter: x_tables: validate targets of jumps")
Reported-by: Jeff Wu <wujiafu@gmail.com>
Tested-by: Jeff Wu <wujiafu@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-5f6325b
Linux 4.4.112
selftests/x86: Add test_vsyscall
x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
x86/alternatives: Fix optimize_nops() checking
sysfs/cpu: Fix typos in vulnerability documentation
x86/cpu: Implement CPU vulnerabilites sysfs functions
sysfs/cpu: Add vulnerability folder
x86/cpu: Merge bugs.c and bugs_64.c
x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
x86/cpufeatures: Add X86_BUG_CPU_INSECURE
x86/cpufeatures: Make CPU bugs sticky
x86/cpu: Factor out application of forced CPU caps
x86/Documentation: Add PTI description
e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
uas: ignore UAS for Norelsys NS1068(X) chips
Bluetooth: Prevent stack info leak from the EFS element.
staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
usbip: remove kernel addresses from usb device and urb debug msgs
USB: fix usbmon BUG trigger
usb: misc: usb3503: make sure reset is low for at least 100us
USB: serial: cp210x: add new device ID ELV ALC 8xxx
USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ
target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
bpf: prevent out-of-bounds speculation
bpf: adjust insn_aux_data when patching insns
bpf: refactor fixup_bpf_calls()
bpf: move fixup_bpf_calls() function
bpf: don't (ab)use instructions to store state
bpf: add bpf_patch_insn_single helper
kaiser: Set _PAGE_NX only if supported
drm/vmwgfx: Potential off by one in vmw_view_add()
KVM: x86: Add memory barrier on vmcs field lookup
x86/microcode/intel: Extend BDW late-loading with a revision check
rbd: set max_segments to USHRT_MAX
crypto: algapi - fix NULL dereference in crypto_remove_spawns()
ipv6: fix possible mem leaks in ipv6_make_skb()
net: stmmac: enable EEE in MII, GMII or RGMII only
sh_eth: fix SH7757 GEther initialization
sh_eth: fix TSU resource handling
RDS: null pointer dereference in rds_atomic_free_op
RDS: Heap OOB write in rds_message_alloc_sgs()
net: core: fix module type in sock_diag_bind
ip6_tunnel: disable dst caching if tunnel is dual-stack
8021q: fix a memory leak for VLAN 0 device
x86/pti/efi: broken conversion from efi to kernel page table
Revert "userfaultfd: selftest: vm: allow to build in vm/ directory"
xhci: Fix ring leak in failure path of xhci_alloc_virt_device()
sysrq: Fix warning in sysrq generated crash.
hwrng: core - sleep interruptible in read
x86/mm/pat, /dev/mem: Remove superfluous error message
cx82310_eth: use skb_cow_head() to deal with cloned skbs
smsc75xx: use skb_cow_head() to deal with cloned skbs
sr9700: use skb_cow_head() to deal with cloned skbs
lan78xx: use skb_cow_head() to deal with cloned skbs
r8152: adjust ALDPS function
r8152: use test_and_clear_bit
r8152: fix the wake event
usb: musb: ux500: Fix NULL pointer dereference at system PM
usbvision fix overflow of interfaces array
locking/mutex: Allow next waiter lockless wakeup
futex: Replace barrier() in unqueue_me() with READ_ONCE()
locks: don't check for race with close when setting OFD lock
zswap: don't param_set_charp while holding spinlock
mm/zswap: use workqueue to destroy pool
mm/page-writeback: fix dirty_ratelimit calculation
mm/compaction: pass only pageblock aligned range to pageblock_pfn_to_page
mm/compaction: fix invalid free_pfn and compact_cached_free_pfn
x86/acpi: Reduce code duplication in mp_override_legacy_irq()
ALSA: aloop: Fix racy hw constraints adjustment
ALSA: aloop: Fix inconsistent format due to incomplete rule
ALSA: aloop: Release cable upon open error path
ALSA: pcm: Allow aborting mutex lock at OSS read/write loops
ALSA: pcm: Abort properly at pending signal in OSS read/write loops
ALSA: pcm: Add missing error checks in OSS emulation plugin builder
ALSA: pcm: Remove incorrect snd_BUG_ON() usages
iommu/arm-smmu-v3: Don't free page table ops twice
x86/acpi: Handle SCI interrupts above legacy space gracefully
x86/vsdo: Fix build on PARAVIRT_CLOCK=y, KVM_GUEST=n
kvm: vmx: Scrub hardware GPRs at VM-exit
net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y
MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses
MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET
MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA
MIPS: Consistently handle buffer counter with PTRACE_SETREGSET
MIPS: Guard against any partial write attempt with PTRACE_SETREGSET
MIPS: Factor out NT_PRFPREG regset access helpers
MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task
IB/srpt: Disable RDMA access by the initiator
can: gs_usb: fix return value of the "set_bittiming" callback
KVM: Fix stack-out-of-bounds read in write_mmio
dm bufio: fix shrinker scans when (nr_to_scan < retain_target)
fscrypt: updates on 4.15-rc4
ANDROID: uid_sys_stats: fix the comment
BACKPORT: optee: fix invalid of_node_put() in optee_driver_init()
BACKPORT: tee: optee: sync with new naming of interrupts
BACKPORT: tee: indicate privileged dev in gen_caps
BACKPORT: tee: optee: interruptible RPC sleep
BACKPORT: tee: optee: add const to tee_driver_ops and tee_desc structures
BACKPORT: tee: tee_shm: Constify dma_buf_ops structures.
BACKPORT: tee: add forward declaration for struct device
BACKPORT: tee: optee: fix uninitialized symbol 'parg'
BACKPORT: tee.txt: standardize document format
BACKPORT: tee: add ARM_SMCCC dependency
BACKPORT: selinux: nlmsgtab: add SOCK_DESTROY to the netlink mapping tables
Conflicts:
security/selinux/nlmsgtab.c
Change-Id: I5770a565f39c321f2305f8228e41f822e3cd0625
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
When a dst is created by addrconf_dst_alloc() for a host route or an
anycast route, dst->dev points to loopback dev while rt6->rt6i_idev
points to a real device.
When the real device goes down, the current cleanup code only checks for
dst->dev and assumes rt6->rt6i_idev->dev is the same. This causes the
refcount leak on the real device in the above situation.
This patch makes sure to always release the refcount taken on
rt6->rt6i_idev during dst_dev_put().
Change-Id: Id3d07aebb85432298179c6846986540e2f8b13a9
Fixes: 587fea741134 ("ipv6: mark DST_NOGC and remove the operation of
dst_free()")
Reported-by: John Stultz <john.stultz@linaro.org>
Tested-by: John Stultz <john.stultz@linaro.org>
Tested-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Wei Wang <weiwan@google.com>
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit: e5645f51ba99738b0e5d708edf9c6454f33b9310
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Tejaswi Tanikella <tejaswit@codeaurora.org>
* refs/heads/tmp-8cbe01c
Linux 4.4.109
mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP
n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
x86/smpboot: Remove stale TLB flush invocations
nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()
usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201
USB: Fix off by one in type-specific length check of BOS SSP capability
usb: add RESET_RESUME for ELSA MicroLink 56K
usb: Add device quirk for Logitech HD Pro Webcam C925e
USB: serial: option: adding support for YUGA CLM920-NC5
USB: serial: option: add support for Telit ME910 PID 0x1101
USB: serial: qcserial: add Sierra Wireless EM7565
USB: serial: ftdi_sio: add id for Airbus DS P8GR
usbip: vhci: stop printing kernel pointer addresses in messages
usbip: stub: stop printing kernel pointer addresses in messages
usbip: fix usbip bind writing random string after command in match_busid
sock: free skb in skb_complete_tx_timestamp on error
net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround
net: Fix double free and memory corruption in get_net_ns_by_id()
net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks
ipv4: Fix use-after-free when flushing FIB tables
sctp: Replace use of sockets_allocated with specified macro.
net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case
net: ipv4: fix for a race condition in raw_sendmsg
tg3: Fix rx hang on MTU change with 5717/5719
tcp md5sig: Use skb's saddr when replying to an incoming segment
net: reevalulate autoflowlabel setting after sysctl setting
net: qmi_wwan: add Sierra EM7565 1199:9091
netlink: Add netns check on taps
net: igmp: Use correct source address on IGMPv3 reports
ipv6: mcast: better catch silly mtu values
ipv4: igmp: guard against silly MTU values
kbuild: add '-fno-stack-check' to kernel build options
x86/mm/64: Fix reboot interaction with CR4.PCIDE
x86/mm: Enable CR4.PCIDE on supported systems
x86/mm: Add the 'nopcid' boot option to turn off PCID
x86/mm: Disable PCID on 32-bit kernels
x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code
x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
x86/mm: Make flush_tlb_mm_range() more predictable
x86/mm: Remove flush_tlb() and flush_tlb_current_task()
x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
ALSA: hda - fix headset mic detection issue on a Dell machine
ALSA: hda: Drop useless WARN_ON()
ASoC: twl4030: fix child-node lookup
ASoC: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure
iw_cxgb4: Only validate the MSN for successful completions
ring-buffer: Mask out the info bits when returning buffer page length
tracing: Fix crash when it fails to alloc ring buffer
tracing: Fix possible double free on failure of allocating trace buffer
tracing: Remove extra zeroing out of the ring buffer page
net: mvneta: clear interface link status on port disable
powerpc/perf: Dereference BHRB entries safely
kvm: x86: fix RSM when PCID is non-zero
KVM: X86: Fix load RFLAGS w/o the fixed bit
spi: xilinx: Detect stall with Unknown commands
parisc: Hide Diva-built-in serial aux and graphics card
PCI / PM: Force devices to D0 in pci_pm_thaw_noirq()
ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU
ALSA: rawmidi: Avoid racy info ioctl via ctl device
mfd: twl6040: Fix child-node lookup
mfd: twl4030-audio: Fix sibling-node lookup
mfd: cros ec: spi: Don't send first message too soon
crypto: mcryptd - protect the per-CPU queue with a lock
ACPI: APEI / ERST: Fix missing error handling in erst_reader()
Change-Id: I3823f793c0c85d1639e9be10358cf70cfcd13afc
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
* refs/heads/tmp-2fea039
Linux 4.4.106
usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping
arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"
Revert "x86/efi: Hoist page table switching code into efi_call_virt()"
Revert "x86/efi: Build our own page table structures"
net/packet: fix a race in packet_bind() and packet_notifier()
packet: fix crash in fanout_demux_rollover()
sit: update frag_off info
rds: Fix NULL pointer dereference in __rds_rdma_map
tipc: fix memory leak in tipc_accept_from_sock()
more bio_map_user_iov() leak fixes
s390: always save and restore all registers on context switch
ipmi: Stop timers before cleaning up the module
audit: ensure that 'audit=1' actually enables audit for PID 1
ipvlan: fix ipv6 outbound device
afs: Connect up the CB.ProbeUuid
IB/mlx5: Assign send CQ and recv CQ of UMR QP
IB/mlx4: Increase maximal message size under UD QP
xfrm: Copy policy family in clone_policy
jump_label: Invoke jump_label_test() via early_initcall()
atm: horizon: Fix irq release error
sctp: use the right sk after waking up from wait_buf sleep
sctp: do not free asoc when it is already dead in sctp_sendmsg
sparc64/mm: set fields in deferred pages
block: wake up all tasks blocked in get_request()
sunrpc: Fix rpc_task_begin trace point
NFS: Fix a typo in nfs_rename()
dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0
lib/genalloc.c: make the avail variable an atomic_long_t
route: update fnhe_expires for redirect when the fnhe exists
route: also update fnhe_genid when updating a route cache
mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
kbuild: pkg: use --transform option to prefix paths in tar
EDAC, i5000, i5400: Fix definition of NRECMEMB register
EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro
powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested
drm/amd/amdgpu: fix console deadlock if late init failed
axonram: Fix gendisk handling
netfilter: don't track fragmented packets
zram: set physical queue limits to avoid array out of bounds accesses
i2c: riic: fix restart condition
crypto: s5p-sss - Fix completing crypto request in IRQ handler
ipv6: reorder icmpv6_init() and ip6_mr_init()
bnx2x: do not rollback VF MAC/VLAN filters we did not configure
bnx2x: fix possible overrun of VFPF multicast addresses array
bnx2x: prevent crash when accessing PTP with interface down
spi_ks8995: fix "BUG: key accdaa28 not in .data!"
arm64: KVM: Survive unknown traps from guests
arm: KVM: Survive unknown traps from guests
KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset
irqchip/crossbar: Fix incorrect type of register size
scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters
workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq
libata: drop WARN from protocol error in ata_sff_qc_issue()
kvm: nVMX: VMCLEAR should not cause the vCPU to shut down
USB: gadgetfs: Fix a potential memory leak in 'dev_config()'
usb: gadget: configs: plug memory leak
HID: chicony: Add support for another ASUS Zen AiO keyboard
gpio: altera: Use handle_level_irq when configured as a level_high
ARM: OMAP2+: Release device node after it is no longer needed.
ARM: OMAP2+: Fix device node reference counts
module: set __jump_table alignment to 8
selftest/powerpc: Fix false failures for skipped tests
x86/hpet: Prevent might sleep splat on resume
ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure
vti6: Don't report path MTU below IPV6_MIN_MTU.
Revert "s390/kbuild: enable modversions for symbols exported from asm"
Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA"
Revert "drm/armada: Fix compile fail"
mm: drop unused pmdp_huge_get_and_clear_notify()
thp: fix MADV_DONTNEED vs. numa balancing race
thp: reduce indentation level in change_huge_pmd()
scsi: storvsc: Workaround for virtual DVD SCSI version
ARM: avoid faulting on qemu
ARM: BUG if jumping to usermode address in kernel mode
arm64: fpsimd: Prevent registers leaking from dead tasks
KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one
media: dvb: i2c transfers over usb cannot be done from stack
drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU
drm: extra printk() wrapper macros
kdb: Fix handling of kallsyms_symbol_next() return value
s390: fix compat system call table
iommu/vt-d: Fix scatterlist offset handling
ALSA: usb-audio: Add check return value for usb_string()
ALSA: usb-audio: Fix out-of-bound error
ALSA: seq: Remove spurious WARN_ON() at timer check
ALSA: pcm: prevent UAF in snd_pcm_info
x86/PCI: Make broadcom_postcore_init() check acpi_disabled
X.509: reject invalid BIT STRING for subjectPublicKey
ASN.1: check for error from ASN1_OP_END__ACT actions
ASN.1: fix out-of-bounds read when parsing indefinite length item
efi: Move some sysfs files to be read-only by root
scsi: libsas: align sata_device's rps_resp on a cacheline
isa: Prevent NULL dereference in isa_bus driver callbacks
hv: kvp: Avoid reading past allocated blocks from KVP file
virtio: release virtio index when fail to device_register
can: usb_8dev: cancel urb on -EPIPE and -EPROTO
can: esd_usb2: cancel urb on -EPIPE and -EPROTO
can: ems_usb: cancel urb on -EPIPE and -EPROTO
can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
can: kvaser_usb: ratelimit errors if incomplete messages are received
can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()
can: kvaser_usb: free buf in error paths
can: ti_hecc: Fix napi poll return value for repoll
BACKPORT: irq: Make the irqentry text section unconditional
UPSTREAM: arch, ftrace: for KASAN put hard/soft IRQ entries into separate sections
UPSTREAM: x86, kasan, ftrace: Put APIC interrupt handlers into .irqentry.text
UPSTREAM: kasan: make get_wild_bug_type() static
UPSTREAM: kasan: separate report parts by empty lines
UPSTREAM: kasan: improve double-free report format
UPSTREAM: kasan: print page description after stacks
UPSTREAM: kasan: improve slab object description
UPSTREAM: kasan: change report header
UPSTREAM: kasan: simplify address description logic
UPSTREAM: kasan: change allocation and freeing stack traces headers
UPSTREAM: kasan: unify report headers
UPSTREAM: kasan: introduce helper functions for determining bug type
BACKPORT: kasan: report only the first error by default
UPSTREAM: kasan: fix races in quarantine_remove_cache()
UPSTREAM: kasan: resched in quarantine_remove_cache()
BACKPORT: kasan, sched/headers: Uninline kasan_enable/disable_current()
BACKPORT: kasan: drain quarantine of memcg slab objects
UPSTREAM: kasan: eliminate long stalls during quarantine reduction
UPSTREAM: kasan: support panic_on_warn
UPSTREAM: x86/suspend: fix false positive KASAN warning on suspend/resume
UPSTREAM: kasan: support use-after-scope detection
UPSTREAM: kasan/tests: add tests for user memory access functions
UPSTREAM: mm, kasan: add a ksize() test
UPSTREAM: kasan: test fix: warn if the UAF could not be detected in kmalloc_uaf2
UPSTREAM: kasan: modify kmalloc_large_oob_right(), add kmalloc_pagealloc_oob_right()
UPSTREAM: lib/stackdepot: export save/fetch stack for drivers
UPSTREAM: lib/stackdepot.c: bump stackdepot capacity from 16MB to 128MB
BACKPORT: kprobes: Unpoison stack in jprobe_return() for KASAN
UPSTREAM: kasan: remove the unnecessary WARN_ONCE from quarantine.c
UPSTREAM: kasan: avoid overflowing quarantine size on low memory systems
UPSTREAM: kasan: improve double-free reports
BACKPORT: mm: coalesce split strings
BACKPORT: mm/kasan: get rid of ->state in struct kasan_alloc_meta
UPSTREAM: mm/kasan: get rid of ->alloc_size in struct kasan_alloc_meta
UPSTREAM: mm: kasan: remove unused 'reserved' field from struct kasan_alloc_meta
UPSTREAM: mm/kasan, slub: don't disable interrupts when object leaves quarantine
UPSTREAM: mm/kasan: don't reduce quarantine in atomic contexts
UPSTREAM: mm/kasan: fix corruptions and false positive reports
UPSTREAM: lib/stackdepot.c: use __GFP_NOWARN for stack allocations
BACKPORT: mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB
UPSTREAM: kasan/quarantine: fix bugs on qlist_move_cache()
UPSTREAM: mm: mempool: kasan: don't poot mempool objects in quarantine
UPSTREAM: kasan: change memory hot-add error messages to info messages
BACKPORT: mm/kasan: add API to check memory regions
UPSTREAM: mm/kasan: print name of mem[set,cpy,move]() caller in report
UPSTREAM: mm: kasan: initial memory quarantine implementation
UPSTREAM: lib/stackdepot: avoid to return 0 handle
UPSTREAM: lib/stackdepot.c: allow the stack trace hash to be zero
UPSTREAM: mm, kasan: fix compilation for CONFIG_SLAB
BACKPORT: mm, kasan: stackdepot implementation. Enable stackdepot for SLAB
BACKPORT: mm, kasan: add GFP flags to KASAN API
UPSTREAM: mm, kasan: SLAB support
UPSTREAM: mm/slab: align cache size first before determination of OFF_SLAB candidate
UPSTREAM: mm/slab: use more appropriate condition check for debug_pagealloc
UPSTREAM: mm/slab: factor out debugging initialization in cache_init_objs()
UPSTREAM: mm/slab: remove object status buffer for DEBUG_SLAB_LEAK
UPSTREAM: mm/slab: alternative implementation for DEBUG_SLAB_LEAK
UPSTREAM: mm/slab: clean up DEBUG_PAGEALLOC processing code
UPSTREAM: mm/slab: activate debug_pagealloc in SLAB when it is actually enabled
sched: EAS/WALT: Don't take into account of running task's util
BACKPORT: schedutil: Reset cached freq if it is not in sync with next_freq
UPSTREAM: kasan: add functions to clear stack poison
Conflicts:
arch/arm/include/asm/kvm_arm.h
arch/arm64/kernel/vmlinux.lds.S
include/linux/kasan.h
kernel/softirq.c
lib/Kconfig
lib/Kconfig.kasan
lib/Makefile
lib/stackdepot.c
mm/kasan/kasan.c
sound/usb/mixer.c
Change-Id: If70ced6da5f19be3dd92d10a8d8cd4d5841e5870
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlpfCtUACgkQONu9yGCS
aT6ZvBAAqxRZ9H5LCEVboN5KE4cvTDS7pYhJPk518ZxnSJslwUl7SZ+AOzxivV9w
YouBOEHbufSmbVJgPgsxuhlFsw+TMOYATUBVWIBrWjuD+nD+ooba0j5nb4FW2SOc
XTWv5X8t+Ho19uWcq7w9W+3Ang5f8ySNZUZIG4F/HTeRGU3//J29wfEP2nM9cVOJ
ZsOze9aK88KbLwgJRr2uCa/eyARvUeqOFomIlUhLNHgtU8xfEEKVX72r68RJ/bbU
xhoceKJHXLDnA29ZFG6hEi/EIgG6Zr9Iwp/QBe2JtcGtpXCNTR1f+VuW//rcqzka
OBXctQlObRuZ361jl+WcWg3aycK8DgSJPgC1+QTEcOULa64smu3n//ICqdPNHWSS
MIG1iVH5zKhtRyDkVZKnk66jqi04GWZ370FpmUvrmaOLFftSM7FHk/U4GDR5eOFJ
8vxARTrUF4ls2weLBwNiR7zFLiI7iaN8LYmGnjLeBvgVy4u8zZgqfrhwDrMX7dh6
mEAjNNufLTrsGo7O8tNhwI3KIn7s4gJp5u3c28I0LmB+G3OH+jIopy0o/NXXjAkm
5gYGsf5mkf0I2SbDT/wkRSAFwuhCfgWKfQiTZmdukLuRo5VaL+SP148hZBcTol0z
Jsqpy8SeAkWkPcegoMUwGQLRVU3QM1NL0NpT1TAT1Ng4lw5igxU=
=7usw
-----END PGP SIGNATURE-----
Merge 4.4.112 into android-4.4
Changes in 4.4.112
dm bufio: fix shrinker scans when (nr_to_scan < retain_target)
KVM: Fix stack-out-of-bounds read in write_mmio
can: gs_usb: fix return value of the "set_bittiming" callback
IB/srpt: Disable RDMA access by the initiator
MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task
MIPS: Factor out NT_PRFPREG regset access helpers
MIPS: Guard against any partial write attempt with PTRACE_SETREGSET
MIPS: Consistently handle buffer counter with PTRACE_SETREGSET
MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA
MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET
MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses
net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y
kvm: vmx: Scrub hardware GPRs at VM-exit
x86/vsdo: Fix build on PARAVIRT_CLOCK=y, KVM_GUEST=n
x86/acpi: Handle SCI interrupts above legacy space gracefully
iommu/arm-smmu-v3: Don't free page table ops twice
ALSA: pcm: Remove incorrect snd_BUG_ON() usages
ALSA: pcm: Add missing error checks in OSS emulation plugin builder
ALSA: pcm: Abort properly at pending signal in OSS read/write loops
ALSA: pcm: Allow aborting mutex lock at OSS read/write loops
ALSA: aloop: Release cable upon open error path
ALSA: aloop: Fix inconsistent format due to incomplete rule
ALSA: aloop: Fix racy hw constraints adjustment
x86/acpi: Reduce code duplication in mp_override_legacy_irq()
mm/compaction: fix invalid free_pfn and compact_cached_free_pfn
mm/compaction: pass only pageblock aligned range to pageblock_pfn_to_page
mm/page-writeback: fix dirty_ratelimit calculation
mm/zswap: use workqueue to destroy pool
zswap: don't param_set_charp while holding spinlock
locks: don't check for race with close when setting OFD lock
futex: Replace barrier() in unqueue_me() with READ_ONCE()
locking/mutex: Allow next waiter lockless wakeup
usbvision fix overflow of interfaces array
usb: musb: ux500: Fix NULL pointer dereference at system PM
r8152: fix the wake event
r8152: use test_and_clear_bit
r8152: adjust ALDPS function
lan78xx: use skb_cow_head() to deal with cloned skbs
sr9700: use skb_cow_head() to deal with cloned skbs
smsc75xx: use skb_cow_head() to deal with cloned skbs
cx82310_eth: use skb_cow_head() to deal with cloned skbs
x86/mm/pat, /dev/mem: Remove superfluous error message
hwrng: core - sleep interruptible in read
sysrq: Fix warning in sysrq generated crash.
xhci: Fix ring leak in failure path of xhci_alloc_virt_device()
Revert "userfaultfd: selftest: vm: allow to build in vm/ directory"
x86/pti/efi: broken conversion from efi to kernel page table
8021q: fix a memory leak for VLAN 0 device
ip6_tunnel: disable dst caching if tunnel is dual-stack
net: core: fix module type in sock_diag_bind
RDS: Heap OOB write in rds_message_alloc_sgs()
RDS: null pointer dereference in rds_atomic_free_op
sh_eth: fix TSU resource handling
sh_eth: fix SH7757 GEther initialization
net: stmmac: enable EEE in MII, GMII or RGMII only
ipv6: fix possible mem leaks in ipv6_make_skb()
crypto: algapi - fix NULL dereference in crypto_remove_spawns()
rbd: set max_segments to USHRT_MAX
x86/microcode/intel: Extend BDW late-loading with a revision check
KVM: x86: Add memory barrier on vmcs field lookup
drm/vmwgfx: Potential off by one in vmw_view_add()
kaiser: Set _PAGE_NX only if supported
bpf: add bpf_patch_insn_single helper
bpf: don't (ab)use instructions to store state
bpf: move fixup_bpf_calls() function
bpf: refactor fixup_bpf_calls()
bpf: adjust insn_aux_data when patching insns
bpf: prevent out-of-bounds speculation
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ
USB: serial: cp210x: add new device ID ELV ALC 8xxx
usb: misc: usb3503: make sure reset is low for at least 100us
USB: fix usbmon BUG trigger
usbip: remove kernel addresses from usb device and urb debug msgs
staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
Bluetooth: Prevent stack info leak from the EFS element.
uas: ignore UAS for Norelsys NS1068(X) chips
e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
x86/Documentation: Add PTI description
x86/cpu: Factor out application of forced CPU caps
x86/cpufeatures: Make CPU bugs sticky
x86/cpufeatures: Add X86_BUG_CPU_INSECURE
x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
x86/cpu: Merge bugs.c and bugs_64.c
sysfs/cpu: Add vulnerability folder
x86/cpu: Implement CPU vulnerabilites sysfs functions
sysfs/cpu: Fix typos in vulnerability documentation
x86/alternatives: Fix optimize_nops() checking
x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
selftests/x86: Add test_vsyscall
Linux 4.4.112
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 862c03ee1deb7e19e0f9931682e0294ecd1fcaf9 ]
ip6_setup_cork() might return an error, while memory allocations have
been done and must be rolled back.
Fixes: 6422398c2a ("ipv6: introduce ipv6_make_skb")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Vlad Yasevich <vyasevich@gmail.com>
Reported-by: Mike Maloney <maloney@google.com>
Acked-by: Mike Maloney <maloney@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 23263ec86a5f44312d2899323872468752324107 ]
When an ip6_tunnel is in mode 'any', where the transport layer
protocol can be either 4 or 41, dst_cache must be disabled.
This is because xfrm policies might apply to only one of the two
protocols. Caching dst would cause xfrm policies for one protocol
incorrectly used for the other.
Signed-off-by: Eli Cooper <elicooper@gmx.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-8a53962
Linux 4.4.105
xen-netfront: avoid crashing on resume after a failure in talk_to_netback()
usb: host: fix incorrect updating of offset
USB: usbfs: Filter flags passed in from user space
USB: devio: Prevent integer overflow in proc_do_submiturb()
USB: Increase usbfs transfer limit
USB: core: Add type-specific length check of BOS descriptors
usb: ch9: Add size macro for SSP dev cap descriptor
usb: Add USB 3.1 Precision time measurement capability descriptor support
usb: xhci: fix panic in xhci_free_virt_devices_depth_first
usb: hub: Cycle HUB power when initialization fails
Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"
net: fec: fix multicast filtering hardware setup
xen-netfront: Improve error handling during initialization
mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers
tcp: correct memory barrier usage in tcp_check_space()
dmaengine: pl330: fix double lock
tipc: fix cleanup at module unload
net: sctp: fix array overrun read on sctp_timer_tbl
drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement
NFSv4: Fix client recovery when server reboots multiple times
KVM: arm/arm64: Fix occasional warning from the timer work function
nfs: Don't take a reference on fl->fl_file for LOCK operation
ravb: Remove Rx overflow log messages
net/appletalk: Fix kernel memory disclosure
vti6: fix device register to report IFLA_INFO_KIND
ARM: OMAP1: DMA: Correct the number of logical channels
net: systemport: Pad packet before inserting TSB
net: systemport: Utilize skb_put_padto()
kprobes/x86: Disable preemption in ftrace-based jprobes
perf test attr: Fix ignored test case result
sysrq : fix Show Regs call trace on ARM
EDAC, sb_edac: Fix missing break in switch
x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
usb: phy: tahvo: fix error handling in tahvo_usb_probe()
spi: sh-msiof: Fix DMA transfer size check
serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
selftests/x86/ldt_get: Add a few additional tests for limits
s390/pci: do not require AIS facility
ima: fix hash algorithm initialization
USB: serial: option: add Quectel BG96 id
s390/runtime instrumentation: simplify task exit handling
serial: 8250_pci: Add Amazon PCI serial device ID
usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
bcache: recover data from backing when data is clean
bcache: only permit to recovery read error when cache device is clean
ANDROID: initramfs: call free_initrd() when skipping init
Conflicts:
drivers/usb/core/config.c
include/linux/usb.h
include/uapi/linux/usb/ch9.h
Change-Id: Ibada5100be12f3a1389461f7738ee2ecb0d427af
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlpL3okACgkQONu9yGCS
aT6p5g/8CAG9NU/fLu7IMcIlyqfVvdOhzxn44oHCxq08eycqoggdnb3TZXxBUBgY
+w8uZk8yxNdjXR39GjkMSUy06WRvl2XDSrd36sDGRCBP62Fi8l5scmlRaNEnI/E8
ltBSB93P16SmnpKa/3Zscz+7LcaoXHpU5Xhs8Zmf4I69qmzOFX2qSKsUyzVT+gNI
ZoSN/mYuXf7+dzrcKhVdYzm4ZdMRvxdT0WefeoeZMekfAtU9D8zaFOA9jTIAMHSZ
adNn18s7UKmaipZf/01mW9srvZce4nPKiUC8WVGstiyl27ws+IDleKVmDnqFALjy
2LIxDvjDth/x8jfqTb7F6bFh6dVtMJjwUmd3KL7hgPuTddoQQe/GfKnjSHkbNxyR
qNxNtbOgQ2EVOf59fejxWshCP/fButNo8uvCI1ERdm4axGXcf9hiucdlwzCYezHs
UN0xrxAXprhqTq4hQFB9E4C49e8nMPNsyXTMZwSZRPe2z53spD53JR/0sl5Z2RWe
ueO21tBZ6ev9jPNi+lJrCVw1oBO+PKOmdNPAaSynUVm96grRnW6grUI3mX9FqMXb
r62UWG3YCWWBgxA3iQQrMxf/3S2YZXz59TBbp9GU8xOYJZLhKL29/iB7Rv4ANtkR
aMDrABjWqrCZpIazqkZ5uwbsNl6Q51e3Mji3EfwkBaMqjc41++I=
=B52+
-----END PGP SIGNATURE-----
Merge 4.4.109 into android-4.4
Changes in 4.4.109
ACPI: APEI / ERST: Fix missing error handling in erst_reader()
crypto: mcryptd - protect the per-CPU queue with a lock
mfd: cros ec: spi: Don't send first message too soon
mfd: twl4030-audio: Fix sibling-node lookup
mfd: twl6040: Fix child-node lookup
ALSA: rawmidi: Avoid racy info ioctl via ctl device
ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU
PCI / PM: Force devices to D0 in pci_pm_thaw_noirq()
parisc: Hide Diva-built-in serial aux and graphics card
spi: xilinx: Detect stall with Unknown commands
KVM: X86: Fix load RFLAGS w/o the fixed bit
kvm: x86: fix RSM when PCID is non-zero
powerpc/perf: Dereference BHRB entries safely
net: mvneta: clear interface link status on port disable
tracing: Remove extra zeroing out of the ring buffer page
tracing: Fix possible double free on failure of allocating trace buffer
tracing: Fix crash when it fails to alloc ring buffer
ring-buffer: Mask out the info bits when returning buffer page length
iw_cxgb4: Only validate the MSN for successful completions
ASoC: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure
ASoC: twl4030: fix child-node lookup
ALSA: hda: Drop useless WARN_ON()
ALSA: hda - fix headset mic detection issue on a Dell machine
x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
x86/mm: Remove flush_tlb() and flush_tlb_current_task()
x86/mm: Make flush_tlb_mm_range() more predictable
x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code
x86/mm: Disable PCID on 32-bit kernels
x86/mm: Add the 'nopcid' boot option to turn off PCID
x86/mm: Enable CR4.PCIDE on supported systems
x86/mm/64: Fix reboot interaction with CR4.PCIDE
kbuild: add '-fno-stack-check' to kernel build options
ipv4: igmp: guard against silly MTU values
ipv6: mcast: better catch silly mtu values
net: igmp: Use correct source address on IGMPv3 reports
netlink: Add netns check on taps
net: qmi_wwan: add Sierra EM7565 1199:9091
net: reevalulate autoflowlabel setting after sysctl setting
tcp md5sig: Use skb's saddr when replying to an incoming segment
tg3: Fix rx hang on MTU change with 5717/5719
net: ipv4: fix for a race condition in raw_sendmsg
net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case
sctp: Replace use of sockets_allocated with specified macro.
ipv4: Fix use-after-free when flushing FIB tables
net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks
net: Fix double free and memory corruption in get_net_ns_by_id()
net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround
sock: free skb in skb_complete_tx_timestamp on error
usbip: fix usbip bind writing random string after command in match_busid
usbip: stub: stop printing kernel pointer addresses in messages
usbip: vhci: stop printing kernel pointer addresses in messages
USB: serial: ftdi_sio: add id for Airbus DS P8GR
USB: serial: qcserial: add Sierra Wireless EM7565
USB: serial: option: add support for Telit ME910 PID 0x1101
USB: serial: option: adding support for YUGA CLM920-NC5
usb: Add device quirk for Logitech HD Pro Webcam C925e
usb: add RESET_RESUME for ELSA MicroLink 56K
USB: Fix off by one in type-specific length check of BOS SSP capability
usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201
nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()
x86/smpboot: Remove stale TLB flush invocations
n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP
Linux 4.4.109
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 30791ac41927ebd3e75486f9504b6d2280463bf0 ]
The MD5-key that belongs to a connection is identified by the peer's
IP-address. When we are in tcp_v4(6)_reqsk_send_ack(), we are replying
to an incoming segment from tcp_check_req() that failed the seq-number
checks.
Thus, to find the correct key, we need to use the skb's saddr and not
the daddr.
This bug seems to have been there since quite a while, but probably got
unnoticed because the consequences are not catastrophic. We will call
tcp_v4_reqsk_send_ack only to send a challenge-ACK back to the peer,
thus the connection doesn't really fail.
Fixes: 9501f97229 ("tcp md5sig: Let the caller pass appropriate key for tcp_v{4,6}_do_calc_md5_hash().")
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 513674b5a2c9c7a67501506419da5c3c77ac6f08 ]
sysctl.ip6.auto_flowlabels is default 1. In our hosts, we set it to 2.
If sockopt doesn't set autoflowlabel, outcome packets from the hosts are
supposed to not include flowlabel. This is true for normal packet, but
not for reset packet.
The reason is ipv6_pinfo.autoflowlabel is set in sock creation. Later if
we change sysctl.ip6.auto_flowlabels, the ipv6_pinfo.autoflowlabel isn't
changed, so the sock will keep the old behavior in terms of auto
flowlabel. Reset packet is suffering from this problem, because reset
packet is sent from a special control socket, which is created at boot
time. Since sysctl.ipv6.auto_flowlabels is 1 by default, the control
socket will always have its ipv6_pinfo.autoflowlabel set, even after
user set sysctl.ipv6.auto_flowlabels to 1, so reset packset will always
have flowlabel. Normal sock created before sysctl setting suffers from
the same issue. We can't even turn off autoflowlabel unless we kill all
socks in the hosts.
To fix this, if IPV6_AUTOFLOWLABEL sockopt is used, we use the
autoflowlabel setting from user, otherwise we always call
ip6_default_np_autolabel() which has the new settings of sysctl.
Note, this changes behavior a little bit. Before commit 42240901f7
(ipv6: Implement different admin modes for automatic flow labels), the
autoflowlabel behavior of a sock isn't sticky, eg, if sysctl changes,
existing connection will change autoflowlabel behavior. After that
commit, autoflowlabel behavior is sticky in the whole life of the sock.
With this patch, the behavior isn't sticky again.
Cc: Martin KaFai Lau <kafai@fb.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Tom Herbert <tom@quantonium.net>
Signed-off-by: Shaohua Li <shli@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-9fbf3d7
Linux 4.4.103
Revert "sctp: do not peel off an assoc from one netns to another one"
xen: xenbus driver must not accept invalid transaction ids
s390/kbuild: enable modversions for symbols exported from asm
ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data
btrfs: return the actual error value from from btrfs_uuid_tree_iterate
ASoC: rsnd: don't double free kctrl
netfilter: nf_tables: fix oob access
netfilter: nft_queue: use raw_smp_processor_id()
spi: SPI_FSL_DSPI should depend on HAS_DMA
staging: iio: cdc: fix improper return value
iio: light: fix improper return value
mac80211: Suppress NEW_PEER_CANDIDATE event if no room
mac80211: Remove invalid flag operations in mesh TSF synchronization
drm: Apply range restriction after color adjustment when allocation
ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE
ath10k: set CTS protection VDEV param only if VDEV is up
ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats()
ath10k: ignore configuring the incorrect board_id
ath10k: fix incorrect txpower set by P2P_DEVICE interface
drm/armada: Fix compile fail
net: 3com: typhoon: typhoon_init_one: fix incorrect return values
net: 3com: typhoon: typhoon_init_one: make return values more specific
net: Allow IP_MULTICAST_IF to set index to L3 slave
dmaengine: zx: set DMA_CYCLIC cap_mask bit
PCI: Apply _HPX settings only to relevant devices
RDS: RDMA: return appropriate error on rdma map failures
e1000e: Separate signaling for link check/link up
e1000e: Fix return value test
e1000e: Fix error path in link detection
PM / OPP: Add missing of_node_put(np)
net/9p: Switch to wait_event_killable()
fscrypt: lock mutex before checking for bounce page pool
sched/rt: Simplify the IPI based RT balancing logic
media: v4l2-ctrl: Fix flags field on Control events
cx231xx-cards: fix NULL-deref on missing association descriptor
media: rc: check for integer overflow
media: Don't do DMA on stack for firmware upload in the AS102 driver
powerpc/signal: Properly handle return value from uprobe_deny_signal()
parisc: Fix validity check of pointer size argument in new CAS implementation
ixgbe: Fix skb list corruption on Power systems
fm10k: Use smp_rmb rather than read_barrier_depends
i40evf: Use smp_rmb rather than read_barrier_depends
ixgbevf: Use smp_rmb rather than read_barrier_depends
igbvf: Use smp_rmb rather than read_barrier_depends
igb: Use smp_rmb rather than read_barrier_depends
i40e: Use smp_rmb rather than read_barrier_depends
NFC: fix device-allocation error return
IB/srp: Avoid that a cable pull can trigger a kernel crash
IB/srpt: Do not accept invalid initiator port names
libnvdimm, namespace: make 'resource' attribute only readable by root
libnvdimm, namespace: fix label initialization to use valid seq numbers
clk: ti: dra7-atl-clock: fix child-node lookups
clk: ti: dra7-atl-clock: Fix of_node reference counting
SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status
KVM: SVM: obey guest PAT
KVM: nVMX: set IDTR and GDTR limits when loading L1 host state
target: Fix QUEUE_FULL + SCSI task attribute handling
iscsi-target: Fix non-immediate TMR reference leak
fs/9p: Compare qid.path in v9fs_test_inode
fix a page leak in vhost_scsi_iov_to_sgl() error recovery
ALSA: hda/realtek - Fix ALC700 family no sound issue
ALSA: timer: Remove kernel warning at compat ioctl error paths
ALSA: usb-audio: Add sanity checks in v2 clock parsers
ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
ALSA: usb-audio: Add sanity checks to FE parser
ALSA: pcm: update tstamp only if audio_tstamp changed
ext4: fix interaction between i_size, fallocate, and delalloc after a crash
ata: fixes kernel crash while tracing ata_eh_link_autopsy event
rtlwifi: fix uninitialized rtlhal->last_suspend_sec time
rtlwifi: rtl8192ee: Fix memory leak when loading firmware
nfsd: deal with revoked delegations appropriately
nfs: Fix ugly referral attributes
NFS: Fix typo in nomigration mount option
isofs: fix timestamps beyond 2027
bcache: check ca->alloc_thread initialized before wake up it
eCryptfs: use after free in ecryptfs_release_messaging()
nilfs2: fix race condition that causes file system corruption
autofs: don't fail mount for transient error
MIPS: BCM47XX: Fix LED inversion for WRT54GSv1
MIPS: Fix an n32 core file generation regset support regression
dm: fix race between dm_get_from_kobject() and __dm_destroy()
dm bufio: fix integer overflow when limiting maximum cache size
ALSA: hda: Add Raven PCI ID
MIPS: ralink: Fix typo in mt7628 pinmux function
MIPS: ralink: Fix MT7628 pinmux
ARM: 8721/1: mm: dump: check hardware RO bit for LPAE
ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
x86/decoder: Add new TEST instruction pattern
lib/mpi: call cond_resched() from mpi_powm() loop
sched: Make resched_cpu() unconditional
vsock: use new wait API for vsock_stream_sendmsg()
AF_VSOCK: Shrink the area influenced by prepare_to_wait
ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER
s390/disassembler: increase show_code buffer size
s390/disassembler: add missing end marker for e7 table
s390/runtime instrumention: fix possible memory corruption
s390: fix transactional execution control register handling
BACKPORT: time: Clean up CLOCK_MONOTONIC_RAW time handling
BACKPORT: time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
UPSTREAM: arm64: vdso: fix clock_getres for 4GiB-aligned res
f2fs: updates on 4.15-rc1
UPSTREAM: android: binder: fix type mismatch warning
Linux 4.4.102
mm, hwpoison: fixup "mm: check the return value of lookup_page_ext for all call sites"
Conflicts:
fs/ext4/crypto_key.c
mm/debug-pagealloc.c
Change-Id: Ibe35d78bd0397f3ff2049e0a1dda20fcb06f2f75
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Lorenzo Bianconi
Greg Kroah-Hartman
Alexey Kodanev
David Ahern
Florian Westphal
Arnd Bergmann
Srinivasarao P
Brendan McGrath
Paolo Abeni
Nikolay Aleksandrov
Linux Build Service Account
Eric Dumazet
Mike Maloney
Ben Hutchings
Pablo Neira Ayuso
Pau Espin Pedrol
Wei Wang
Eli Cooper
Christoph Paasch
Shaohua Li