* refs/heads/tmp-5f7f76a
Linux 4.4.118
net: dst_cache_per_cpu_dst_set() can be static
crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
KVM: nVMX: invvpid handling improvements
KVM: VMX: clean up declaration of VPID/EPT invalidation types
kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail
KVM: nVMX: kmap() can't fail
x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
x86/spectre: Simplify spectre_v2 command line parsing
x86/retpoline: Avoid retpolines for built-in __init functions
x86/kvm: Update spectre-v1 mitigation
x86/paravirt: Remove 'noreplace-paravirt' cmdline option
x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
x86/spectre: Report get_user mitigation for spectre_v1
nl80211: Sanitize array index in parse_txq_params
vfs, fdtable: Prevent bounds-check bypass via speculative execution
x86/syscall: Sanitize syscall table de-references under speculation
x86/get_user: Use pointer masking to limit speculation
x86: Introduce barrier_nospec
x86: Implement array_index_mask_nospec
array_index_nospec: Sanitize speculative array de-references
Documentation: Document array_index_nospec
x86/spectre: Check CONFIG_RETPOLINE in command line parser
x86/cpu/bugs: Make retpoline module warning conditional
x86/bugs: Drop one "mitigation" from dmesg
x86/nospec: Fix header guards names
module/retpoline: Warn about missing retpoline in module
KVM: VMX: Make indirect call speculation safe
KVM: x86: Make indirect calls in emulator speculation safe
x86/retpoline: Remove the esp/rsp thunk
KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously
kasan: rework Kconfig settings
drm/gma500: remove helper function
x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug
genksyms: Fix segfault with invalid declarations
dell-wmi, dell-laptop: depends DMI
netlink: fix nla_put_{u8,u16,u32} for KASAN
ASoC: Intel: Kconfig: fix build when ACPI is not enabled
ARM: tegra: select USB_ULPI from EHCI rather than platform
ncr5380: shut up gcc indentation warning
usb: phy: msm add regulator dependency
idle: i7300: add PCI dependency
binfmt_elf: compat: avoid unused function warning
isdn: sc: work around type mismatch warning
power: bq27xxx_battery: mark some symbols __maybe_unused
Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
ncpfs: fix unused variable warning
gpio: xgene: mark PM functions as __maybe_unused
net: hp100: remove unnecessary #ifdefs
dmaengine: zx: fix build warning
perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
wireless: cw1200: use __maybe_unused to hide pm functions_
cw1200: fix bogus maybe-uninitialized warning
v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER
hdpvr: hide unused variable
drm/gma500: Sanity-check pipe index
serial: 8250_mid: fix broken DMA dependency
ASoC: rockchip: use __maybe_unused to hide st_irq_syscfg_resume
ISDN: eicon: reduce stack size of sig_ind function
em28xx: only use mt9v011 if camera support is enabled
go7007: add MEDIA_CAMERA_SUPPORT dependency
KVM: add X86_LOCAL_APIC dependency
Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
tc358743: fix register i2c_rd/wr functions
staging: unisys: visorinput depends on INPUT
i2c: remove __init from i2c_register_board_info()
b2c2: flexcop: avoid unused function warnings
infiniband: cxgb4: use %pR format string for printing resources
iio: adc: axp288: remove redundant duplicate const on axp288_adc_channels
ASoC: mediatek: add i2c dependency
genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
tty: cyclades: cyz_interrupt is only used for PCI
drm/vmwgfx: use *_32_bits() macros
tlan: avoid unused label with PCI=n
tc1100-wmi: fix build warning when CONFIG_PM not enabled
ipv4: ipconfig: avoid unused ic_proto_used symbol
netfilter: ipvs: avoid unused variable warnings
x86/platform/olpc: Fix resume handler build warning
staging: wilc1000: fix kbuild test robot error
rtlwifi: fix gcc-6 indentation warning
USB: cdc_subset: only build when one driver is enabled
hwrng: exynos - use __maybe_unused to hide pm functions
fbdev: sm712fb: avoid unused function warnings
Drivers: hv: vmbus: fix build warning
modsign: hide openssl output in silent builds
fbdev: s6e8ax0: avoid unused function warnings
mtd: cfi: enforce valid geometry configuration
mtd: sh_flctl: pass FIFO as physical address
amd-xgbe: Fix unused suspend handlers build warning
fbdev: auo_k190x: avoid unused function warnings
driver-core: use 'dev' argument in dev_dbg_ratelimited stub
target/user: Fix cast from pointer to phys_addr_t
tty: hvc_xen: hide xen_console_remove when unused
usb: musb/ux500: remove duplicate check for dma_is_compatible
pwc: hide unused label
SCSI: initio: remove duplicate module device table
scsi: mvumi: use __maybe_unused to hide pm functions
video: Use bool instead int pointer for get_opt_bool() argument
fbdev: sis: enforce selection of at least one backend
staging: ste_rmi4: avoid unused function warnings
video: fbdev: sis: remove unused variable
scsi: fdomain: drop fdomain_pci_tbl when built-in
mptfusion: hide unused seq_mpt_print_ioc_summary function
mtd: maps: add __init attribute
mtd: ichxrom: maybe-uninitialized with gcc-4.9
md: avoid warning for 32-bit sector_t
profile: hide unused functions when !CONFIG_PROC_FS
dpt_i2o: fix build warning
drivers/net: fix eisa_driver probe section mismatch
scsi: sim710: fix build warning
x86/boot: Avoid warning for zero-filling .bss
thermal: spear: use __maybe_unused for PM functions
ssb: mark ssb_bus_register as __maybe_unused
reiserfs: avoid a -Wmaybe-uninitialized warning
ALSA: hda/ca0132 - fix possible NULL pointer use
arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
scsi: advansys: fix uninitialized data access
x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
x86: add MULTIUSER dependency for KVM
thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
x86/build: Silence the build with "make -s"
tools build: Add tools tree support for 'make -s'
x86/fpu/math-emu: Fix possible uninitialized variable use
arm64: define BUG() instruction without CONFIG_BUG
x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
scsi: advansys: fix build warning for PCI=n
video: fbdev: via: remove possibly unused variables
platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
gpio: intel-mid: Fix build warning when !CONFIG_PM
vmxnet3: prevent building with 64K pages
isdn: icn: remove a #warning
virtio_balloon: prevent uninitialized variable use
hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
xen: XEN_ACPI_PROCESSOR is Dom0-only
x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
dmaengine: jz4740: disable/unprepare clk if probe fails
drm/armada: fix leak of crtc structure
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
spi: sun4i: disable clocks in the remove function
ASoC: rockchip: disable clock on error
clk: fix a panic error caused by accessing NULL pointer
dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved
dmaengine: ioat: Fix error handling path
509: fix printing uninitialized stack memory when OID is empty
btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
net_sched: red: Avoid illegal values
net_sched: red: Avoid devision by zero
gianfar: fix a flooded alignment reports because of padding issue.
s390/dasd: prevent prefix I/O error
powerpc/perf: Fix oops when grouping different pmu events
ipvlan: Add the skb->mark as flow4's member to lookup route
scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
RDMA/cma: Make sure that PSN is not over max allowed
pinctrl: sunxi: Fix A80 interrupt pin bank
media: s5k6aa: describe some function parameters
perf bench numa: Fixup discontiguous/sparse numa nodes
perf top: Fix window dimensions change handling
ARM: dts: am4372: Correct the interrupts_properties of McASP
ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
usb: build drivers/usb/common/ when USB_SUPPORT is set
usbip: keep usbip_device sockfd state in sync with tcp_socket
staging: iio: adc: ad7192: fix external frequency setting
binder: check for binder_thread allocation failure in binder_poll()
staging: android: ashmem: Fix a race condition in pin ioctls
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
Make DST_CACHE a silent config option
arm64: dts: add #cooling-cells to CPU nodes
video: fbdev/mmp: add MODULE_LICENSE
ASoC: ux500: add MODULE_LICENSE tag
net: avoid skb_warn_bad_offload on IS_ERR
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
netfilter: on sockopt() acquire sock lock only in the required scope
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
netfilter: x_tables: fix int overflow in xt_alloc_table_info()
KVM: x86: fix escape of guest dr6 to the host
crypto: x86/twofish-3way - Fix %rbp usage
selinux: skip bounded transition processing if the policy isn't loaded
selinux: ensure the context is NUL terminated in security_context_to_sid_core()
Provide a function to create a NUL-terminated string from unterminated data
drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
blktrace: fix unlocked registration of tracepoints
xfrm: check id proto in validate_tmpl()
xfrm: Fix stack-out-of-bounds read on socket policy lookup.
mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
cfg80211: check dev_set_name() return value
net: replace dst_cache ip6_tunnel implementation with the generic one
net: add dst_cache support
ANDROID: sdcardfs: Hold i_mutex for i_size_write
BACKPORT, FROMGIT: crypto: speck - add test vectors for Speck64-XTS
BACKPORT, FROMGIT: crypto: speck - add test vectors for Speck128-XTS
BACKPORT, FROMGIT: crypto: arm/speck - add NEON-accelerated implementation of Speck-XTS
FROMGIT: crypto: speck - export common helpers
BACKPORT, FROMGIT: crypto: speck - add support for the Speck block cipher
UPSTREAM: ANDROID: binder: synchronize_rcu() when using POLLFREE.
f2fs: updates on v4.16-rc1
Conflicts:
net/Kconfig
net/core/Makefile
Change-Id: I659b0444812b04252f1f1fba8bc62410ce42b061
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
* refs/heads/tmp-20ddb25
Linux 4.4.116
ftrace: Remove incorrect setting of glob search field
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
ovl: fix failure to fsync lower dir
ACPI: sbshc: remove raw pointer from printk() message
nvme: Fix managing degraded controllers
btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
pktcdvd: Fix pkt_setup_dev() error path
EDAC, octeon: Fix an uninitialized variable warning
xtensa: fix futex_atomic_cmpxchg_inatomic
alpha: fix reboot on Avanti platform
alpha: fix crash if pthread_create races with signal delivery
signal/sh: Ensure si_signo is initialized in do_divide_error
signal/openrisc: Fix do_unaligned_access to send the proper signal
Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version
Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
Bluetooth: btsdio: Do not bind to non-removable BCM43341
HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
kernel/async.c: revert "async: simplify lowest_in_progress()"
media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
media: ts2020: avoid integer overflows on 32 bit machines
watchdog: imx2_wdt: restore previous timeout after suspend+resume
KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
crypto: caam - fix endless loop when DECO acquire fails
media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha
media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
media: v4l2-compat-ioctl32.c: avoid sizeof(type)
media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
media: v4l2-compat-ioctl32.c: fix the indentation
media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
vb2: V4L2_BUF_FLAG_DONE is set after DQBUF
media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
nsfs: mark dentry with DCACHE_RCUACCESS
crypto: poly1305 - remove ->setkey() method
crypto: cryptd - pass through absence of ->setkey()
crypto: hash - introduce crypto_hash_alg_has_setkey()
ahci: Add Intel Cannon Lake PCH-H PCI ID
ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
ahci: Annotate PCI ids for mobile Intel chipsets as such
kernfs: fix regression in kernfs_fop_write caused by wrong type
NFS: reject request for id_legacy key without auxdata
NFS: commit direct writes even if they fail partially
NFS: Add a cond_resched() to nfs_commit_release_pages()
nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
ubi: block: Fix locking for idr_alloc/idr_remove
mtd: nand: sunxi: Fix ECC strength choice
mtd: nand: Fix nand_do_read_oob() return value
mtd: nand: brcmnand: Disable prefetch by default
mtd: cfi: convert inline functions to macros
media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
dccp: CVE-2017-8824: use-after-free in DCCP code
sched/rt: Up the root domain ref count when passing it around via IPIs
sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
usb: gadget: uvc: Missing files for configfs interface
posix-timer: Properly check sigevent->sigev_notify
netfilter: nf_queue: Make the queue_handler pernet
kaiser: fix compile error without vsyscall
x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER
dmaengine: dmatest: fix container_of member in dmatest_callback
CIFS: zero sensitive data when freeing
cifs: Fix autonegotiate security settings mismatch
cifs: Fix missing put_xid in cifs_file_strict_mmap
powerpc/pseries: include linux/types.h in asm/hvcall.h
x86/microcode: Do the family check first
x86/microcode/AMD: Do not load when running on a hypervisor
crypto: tcrypt - fix S/G table for test_aead_speed()
don't put symlink bodies in pagecache into highmem
KEYS: encrypted: fix buffer overread in valid_master_desc()
media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
vhost_net: stop device during reset owner
tcp: release sk_frag.page in tcp_disconnect
r8169: fix RTL8168EP take too long to complete driver initialization.
qlcnic: fix deadlock bug
net: igmp: add a missing rcu locking section
ip6mr: fix stale iterator
x86/asm: Fix inline asm call constraints for GCC 4.4
drm: rcar-du: Fix race condition when disabling planes at CRTC stop
drm: rcar-du: Use the VBK interrupt for vblank events
ASoC: rsnd: avoid duplicate free_irq()
ASoC: rsnd: don't call free_irq() on Parent SSI
ASoC: simple-card: Fix misleading error message
net: cdc_ncm: initialize drvflags before usage
usbip: fix 3eee23c3ec14 tcp_socket address still in the status file
usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit
ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
powerpc/64s: Allow control of RFI flush via debugfs
powerpc/64s: Wire up cpu_show_meltdown()
powerpc/powernv: Check device-tree for RFI flush settings
powerpc/pseries: Query hypervisor for RFI flush settings
powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti
powerpc/64s: Add support for RFI flush of L1-D cache
powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL
powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL
powerpc/64s: Simple RFI macro conversions
powerpc/64: Add macros for annotating the destination of rfid/hrfid
powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
powerpc: Simplify module TOC handling
powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC
powerpc/64: Fix flush_(d|i)cache_range() called from modules
powerpc/bpf/jit: Disable classic BPF JIT on ppc64le
BACKPORT: xfrm: Fix return value check of copy_sec_ctx.
time: Fix ktime_get_raw() incorrect base accumulation
sched/fair: prevent possible infinite loop in sched_group_energy
UPSTREAM: MIPS: Fix build of compressed image
ANDROID: qtaguid: Fix the UAF probelm with tag_ref_tree
UPSTREAM: ANDROID: binder: remove waitqueue when thread exits.
UPSTREAM: arm64/efi: Make strnlen() available to the EFI namespace
UPSTREAM: ARM: boot: Add an implementation of strnlen for libfdt
ANDROID: MIPS: Add ranchu[32r5|32r6|64]_defconfig
FROMLIST: tty: goldfish: Enable 'earlycon' only if built-in
FROMLIST: MIPS: ranchu: Add Ranchu as a new generic-based board
FROMLIST: MIPS: Add noexec=on|off kernel parameter
FROMLIST: MIPS: CPC: Map registers using DT in mips_cpc_default_phys_base()
FROMLIST: dt-bindings: Document mti,mips-cpc binding
FROMLIST: MIPS: math-emu: Mark fall throughs in switch statements with a comment
FROMLIST: MIPS: math-emu: Avoid multiple assignment
FROMLIST: MIPS: math-emu: Avoid an assignment within if statement condition
FROMLIST: MIPS: math-emu: Declare function srl128() as static
FROMLIST: MIPS: math-emu: Avoid definition duplication for macro DPXMULT()
FROMLIST: MIPS: math-emu: Remove an unnecessary header inclusion
UPSTREAM: scripts/dtc: Update to upstream version 0931cea3ba20
UPSTREAM: scripts/dtc: dt_to_config - kernel config options for a devicetree
UPSTREAM: scripts/dtc: Update to upstream version 53bf130b1cdd
UPSTREAM: scripts/dtc: Update to upstream commit b06e55c88b9b
UPSTREAM: scripts/dtc: dtx_diff - add info to error message
UPSTREAM: dtc: create tool to diff device trees
UPSTREAM: config: android-base: disable CONFIG_NFSD and CONFIG_NFS_FS
UPSTREAM: config: android-base: add CGROUP_BPF
UPSTREAM: config: android-base: add CONFIG_MODULES option
UPSTREAM: config: android-base: add CONFIG_IKCONFIG option
UPSTREAM: config: android-base: disable CONFIG_USELIB and CONFIG_FHANDLE
UPSTREAM: config: android-base: enable hardened usercopy and kernel ASLR
UPSTREAM: config: android: enable CONFIG_SECCOMP
UPSTREAM: config: android: set SELinux as default security mode
UPSTREAM: config: android: move device mapper options to recommended
UPSTREAM: config/android: Remove CONFIG_IPV6_PRIVACY
UPSTREAM: config: add android config fragments
BACKPORT: MIPS: generic: Add a MAINTAINERS entry
BACKPORT: irqchip/irq-goldfish-pic: Add Goldfish PIC driver
UPSTREAM: dt-bindings/goldfish-pic: Add device tree binding for Goldfish PIC driver
UPSTREAM: MIPS: Allow storing pgd in C0_CONTEXT for MIPSr6
UPSTREAM: MIPS: CPS: Handle spurious VP starts more gracefully
UPSTREAM: MIPS: CPS: Handle cores not powering down more gracefully
UPSTREAM: MIPS: CPS: Prevent multi-core with dcache aliasing
UPSTREAM: MIPS: CPS: Select CONFIG_SYS_SUPPORTS_SCHED_SMT for MIPSr6
UPSTREAM: MIPS: CM: WARN on attempt to lock invalid VP, not BUG
UPSTREAM: MIPS: CM: Avoid per-core locking with CM3 & higher
UPSTREAM: MIPS: smp-cps: Avoid BUG() when offlining pre-r6 CPUs
UPSTREAM: MIPS: smp-cps: Add support for CPU hotplug of MIPSr6 processors
UPSTREAM: MIPS: generic: Bump default NR_CPUS to 16
UPSTREAM: MIPS: pm-cps: Change FSB workaround to CPU blacklist
UPSTREAM: MIPS: Fix early CM probing
UPSTREAM: MIPS: smp-cps: Stop printing EJTAG exceptions to UART
UPSTREAM: MIPS: smp-cps: Add nothreads kernel parameter
UPSTREAM: MIPS: smp-cps: Support MIPSr6 Virtual Processors
UPSTREAM: MIPS: smp-cps: Skip core setup if coherent
UPSTREAM: MIPS: smp-cps: Pull boot config retrieval out of mips_cps_boot_vpes
UPSTREAM: MIPS: smp-cps: Pull cache init into a function
UPSTREAM: MIPS: smp-cps: Ensure our VP ident calculation is correct
UPSTREAM: irqchip: mips-gic: Provide VP ID accessor
UPSTREAM: irqchip: mips-gic: Use HW IDs for VPE_OTHER_ADDR
UPSTREAM: MIPS: CM: Fix mips_cm_max_vp_width for UP kernels
UPSTREAM: MIPS: CM: Add CM GCR_BEV_BASE accessors
UPSTREAM: MIPS: CPC: Add start, stop and running CM3 CPC registers
UPSTREAM: MIPS: pm-cps: Avoid offset overflow on MIPSr6
UPSTREAM: MIPS: traps: Make sure secondary cores have a sane ebase register
UPSTREAM: MIPS: Detect MIPSr6 Virtual Processor support
UPSTREAM: Documentation: Add device tree binding for Goldfish FB driver
UPSTREAM: MIPS: math-emu: Use preferred flavor of unsigned integer declarations
UPSTREAM: MIPS: math-emu: <MADDF|MSUBF>.D: Fix accuracy (64-bit case)
UPSTREAM: MIPS: math-emu: <MADDF|MSUBF>.S: Fix accuracy (32-bit case)
UPSTREAM: MIPS: Update Goldfish RTC driver maintainer email address
UPSTREAM: MIPS: Update RINT emulation maintainer email address
UPSTREAM: MIPS: math-emu: do not use bools for arithmetic
UPSTREAM: rtc: goldfish: Add RTC driver for Android emulator
BACKPORT: dt-bindings: Add device tree binding for Goldfish RTC driver
UPSTREAM: tty: goldfish: Implement support for kernel 'earlycon' parameter
UPSTREAM: tty: goldfish: Use streaming DMA for r/w operations on Ranchu platforms
UPSTREAM: tty: goldfish: Refactor constants to better reflect their nature
UPSTREAM: MIPS: math-emu: Add FP emu debugfs stats for individual instructions
UPSTREAM: MIPS: math-emu: Add FP emu debugfs clear functionality
UPSTREAM: MIPS: math-emu: Add FP emu debugfs statistics for branches
BACKPORT: MIPS: math-emu: CLASS.D: Zero bits 32-63 of the result
BACKPORT: MIPS: math-emu: RINT.<D|S>: Fix several problems by reimplementation
UPSTREAM: MIPS: math-emu: CMP.Sxxx.<D|S>: Prevent occurrences of SIGILL crashes
UPSTREAM: MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Clean up "maddf_flags" enumeration
UPSTREAM: MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Fix some cases of zero inputs
UPSTREAM: MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Fix some cases of infinite inputs
UPSTREAM: MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Fix NaN propagation
UPSTREAM: tty: goldfish: Fix a parameter of a call to free_irq
UPSTREAM: MIPS: VDSO: Fix clobber lists in fallback code paths
UPSTREAM: MIPS: VDSO: Fix a mismatch between comment and preprocessor constant
UPSTREAM: MIPS: VDSO: Add implementation of gettimeofday() fallback
UPSTREAM: MIPS: VDSO: Add implementation of clock_gettime() fallback
UPSTREAM: MIPS: VDSO: Fix conversions in do_monotonic()/do_monotonic_coarse()
UPSTREAM: MIPS: unaligned: Add DSP lwx & lhx missaligned access support
UPSTREAM: MIPS: build: Fix "-modd-spreg" switch usage when compiling for mips32r6
UPSTREAM: MIPS: cmdline: Add support for 'memmap' parameter
UPSTREAM: MIPS: math-emu: Handle zero accumulator case in MADDF and MSUBF separately
UPSTREAM: MIPS: Support per-device DMA coherence
UPSTREAM: MIPS: dma-default: Don't check hw_coherentio if device is non-coherent
UPSTREAM: MIPS: Sanitise coherentio semantics
UPSTREAM: MIPS: CPC: Provide default mips_cpc_default_phys_base to ignore CPC
UPSTREAM: MIPS: generic: Introduce generic DT-based board support
UPSTREAM: MIPS: Support generating Flattened Image Trees (.itb)
UPSTREAM: MIPS: Allow emulation for unaligned [LS]DXC1 instructions
UPSTREAM: MIPS: math-emu: Fix BC1EQZ and BC1NEZ condition handling
UPSTREAM: MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters
UPSTREAM: MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification
UPSTREAM: MIPS: remove aliasing alignment if HW has antialising support
BACKPORT: MIPS: store the appended dtb address in a variable
UPSTREAM: MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue
UPSTREAM: MIPS: kernel: Audit and remove any unnecessary uses of module.h
UPSTREAM: MIPS: c-r4k: Fix sigtramp SMP call to use kmap
UPSTREAM: MIPS: c-r4k: Fix protected_writeback_scache_line for EVA
UPSTREAM: MIPS: Spelling fix lets -> let's
UPSTREAM: MIPS: R6: Fix typo
UPSTREAM: MIPS: traps: Correct the SIGTRAP debug ABI in `do_watch' and `do_trap_or_bp'
UPSTREAM: MIPS: inst.h: Rename cbcond{0,1}_op to pop{1,3}0_op
UPSTREAM: MIPS: inst.h: Rename b{eq,ne}zcji[al]c_op to pop{6,7}6_op
UPSTREAM: MIPS: math-emu: Fix m{add,sub}.s shifts
UPSTREAM: MIPS: inst: Declare fsel_op for sel.fmt instruction
UPSTREAM: MIPS: math-emu: Fix code indentation
UPSTREAM: MIPS: math-emu: Fix bit-width in ieee754dp_{mul, maddf, msubf} comments
UPSTREAM: MIPS: math-emu: Add z argument macros
UPSTREAM: MIPS: math-emu: Unify ieee754dp_m{add,sub}f
UPSTREAM: MIPS: math-emu: Unify ieee754sp_m{add,sub}f
UPSTREAM: MIPS: math-emu: Emulate MIPSr6 sel.fmt instruction
UPSTREAM: MIPS: math-emu: Fix BC1{EQ,NE}Z emulation
UPSTREAM: MIPS: math-emu: Always propagate sNaN payload in quieting
UPSTREAM: MIPS: Fix misspellings in comments.
UPSTREAM: MIPS: math-emu: Add IEEE Std 754-2008 NaN encoding emulation
UPSTREAM: MIPS: math-emu: Add IEEE Std 754-2008 ABS.fmt and NEG.fmt emulation
UPSTREAM: MIPS: non-exec stack & heap when non-exec PT_GNU_STACK is present
UPSTREAM: MIPS: Add IEEE Std 754 conformance mode selection
UPSTREAM: MIPS: Determine the presence of IEEE Std 754-2008 features
UPSTREAM: MIPS: Define the legacy-NaN and 2008-NaN features
UPSTREAM: MIPS: ELF: Interpret the NAN2008 file header flag
UPSTREAM: ELF: Also pass any interpreter's file header to `arch_check_elf'
UPSTREAM: MIPS: Use a union to access the ELF file header
UPSTREAM: MIPS: Fix delay slot emulation count in debugfs
BACKPORT: exit_thread: accept a task parameter to be exited
UPSTREAM: mn10300: let exit_fpu accept a task
UPSTREAM: MIPS: Use per-mm page to execute branch delay slot instructions
BACKPORT: s390: get rid of exit_thread()
BACKPORT: exit_thread: remove empty bodies
UPSTREAM: MIPS: Make flush_thread
UPSTREAM: MIPS: Properly disable FPU in start_thread()
UPSTREAM: MIPS: Select CONFIG_HANDLE_DOMAIN_IRQ and make it work.
UPSTREAM: MIPS: math-emu: Fix typo
UPSTREAM: MIPS: math-emu: dsemul: Remove an unused bit in ADDIUPC emulation
UPSTREAM: MIPS: math-emu: dsemul: Reduce `get_isa16_mode' clutter
UPSTREAM: MIPS: math-emu: dsemul: Correct description of the emulation frame
UPSTREAM: MIPS: math-emu: Correct the emulation of microMIPS ADDIUPC instruction
UPSTREAM: MIPS: math-emu: Make microMIPS branch delay slot emulation work
UPSTREAM: MIPS: math-emu: dsemul: Fix ill formatting of microMIPS part
UPSTREAM: MIPS: math-emu: Correctly handle NOP emulation
Conflicts:
drivers/irqchip/Kconfig
drivers/irqchip/Makefile
drivers/media/v4l2-core/v4l2-compat-ioctl32.c
Change-Id: I98374358ab24ce80dba3afa2f4562c71f45b7aab
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqSigwACgkQONu9yGCS
aT7zXA//SqhwoiM7hEaqv1Qmd9BRq06kog9QeYctnz+S42x7jXxzB2eHNz5FvhlL
3h1oSrXVPmbhtjsltxMhanLJp7gn/Gm/ee3o7Yx/1cwjmGcDQgB9zShwGlwhi8y/
IKackKpd+bLDLAHJAp/1xr25Njitnqr8uuufXX5ngscGB7tkX9ycLKALEWXDczLT
hAEk6Zt9/Ukk3r45QiPyfco4MOK8OwnHb7eAQHA0BJn9/izhl6CSEesm8NrYce+V
38KfLjNL1vdITWb072j4WyhaHb/0tE5OKy0hS4TBhyhd95FTZpI+NzqYzf7fGaZy
tsuxLDVCKcXLzqFPo5BTPgu84mHKntFI71HzwewtYP7reB60279NXd+QGDp1BXhW
v1RYTVwCxpViG6usrM8WNcWJMH9QCMuqJrEby54Sc9FQItwZYiboJaQw/IyDP59n
NoHsL/yehqhzez94jmmKJnsgSbK2qYYCmua1VoY4tZW7YXLOmT3t+siEzUbbssDo
QLZdxRtFZZYMrIcAEDzDVs1qQg+tEoGnDgkhgO1KrXhdzsLweCpLWkK64XwaksQf
5olEpyiQ6nXPuaINzdV3PLvoyZiWM6NdOpzCUHTnBn8cV/R2yPGT4t7Cey9JBEUb
LU4KDjEZpK/Ss1tWS/VIvkc6VEPWAIcMjpHRqtohovw5szHexgw=
=KxO7
-----END PGP SIGNATURE-----
Merge 4.4.118 into android-4.4
Changes in 4.4.118
net: add dst_cache support
net: replace dst_cache ip6_tunnel implementation with the generic one
cfg80211: check dev_set_name() return value
mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
xfrm: Fix stack-out-of-bounds read on socket policy lookup.
xfrm: check id proto in validate_tmpl()
blktrace: fix unlocked registration of tracepoints
drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
Provide a function to create a NUL-terminated string from unterminated data
selinux: ensure the context is NUL terminated in security_context_to_sid_core()
selinux: skip bounded transition processing if the policy isn't loaded
crypto: x86/twofish-3way - Fix %rbp usage
KVM: x86: fix escape of guest dr6 to the host
netfilter: x_tables: fix int overflow in xt_alloc_table_info()
netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
netfilter: on sockopt() acquire sock lock only in the required scope
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
net: avoid skb_warn_bad_offload on IS_ERR
ASoC: ux500: add MODULE_LICENSE tag
video: fbdev/mmp: add MODULE_LICENSE
arm64: dts: add #cooling-cells to CPU nodes
Make DST_CACHE a silent config option
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
staging: android: ashmem: Fix a race condition in pin ioctls
binder: check for binder_thread allocation failure in binder_poll()
staging: iio: adc: ad7192: fix external frequency setting
usbip: keep usbip_device sockfd state in sync with tcp_socket
usb: build drivers/usb/common/ when USB_SUPPORT is set
ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
ARM: dts: am4372: Correct the interrupts_properties of McASP
perf top: Fix window dimensions change handling
perf bench numa: Fixup discontiguous/sparse numa nodes
media: s5k6aa: describe some function parameters
pinctrl: sunxi: Fix A80 interrupt pin bank
RDMA/cma: Make sure that PSN is not over max allowed
scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
ipvlan: Add the skb->mark as flow4's member to lookup route
powerpc/perf: Fix oops when grouping different pmu events
s390/dasd: prevent prefix I/O error
gianfar: fix a flooded alignment reports because of padding issue.
net_sched: red: Avoid devision by zero
net_sched: red: Avoid illegal values
btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
509: fix printing uninitialized stack memory when OID is empty
dmaengine: ioat: Fix error handling path
dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved
clk: fix a panic error caused by accessing NULL pointer
ASoC: rockchip: disable clock on error
spi: sun4i: disable clocks in the remove function
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
drm/armada: fix leak of crtc structure
dmaengine: jz4740: disable/unprepare clk if probe fails
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
xen: XEN_ACPI_PROCESSOR is Dom0-only
hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
virtio_balloon: prevent uninitialized variable use
isdn: icn: remove a #warning
vmxnet3: prevent building with 64K pages
gpio: intel-mid: Fix build warning when !CONFIG_PM
platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
video: fbdev: via: remove possibly unused variables
scsi: advansys: fix build warning for PCI=n
x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
arm64: define BUG() instruction without CONFIG_BUG
x86/fpu/math-emu: Fix possible uninitialized variable use
tools build: Add tools tree support for 'make -s'
x86/build: Silence the build with "make -s"
thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
x86: add MULTIUSER dependency for KVM
x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
scsi: advansys: fix uninitialized data access
arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
ALSA: hda/ca0132 - fix possible NULL pointer use
reiserfs: avoid a -Wmaybe-uninitialized warning
ssb: mark ssb_bus_register as __maybe_unused
thermal: spear: use __maybe_unused for PM functions
x86/boot: Avoid warning for zero-filling .bss
scsi: sim710: fix build warning
drivers/net: fix eisa_driver probe section mismatch
dpt_i2o: fix build warning
profile: hide unused functions when !CONFIG_PROC_FS
md: avoid warning for 32-bit sector_t
mtd: ichxrom: maybe-uninitialized with gcc-4.9
mtd: maps: add __init attribute
mptfusion: hide unused seq_mpt_print_ioc_summary function
scsi: fdomain: drop fdomain_pci_tbl when built-in
video: fbdev: sis: remove unused variable
staging: ste_rmi4: avoid unused function warnings
fbdev: sis: enforce selection of at least one backend
video: Use bool instead int pointer for get_opt_bool() argument
scsi: mvumi: use __maybe_unused to hide pm functions
SCSI: initio: remove duplicate module device table
pwc: hide unused label
usb: musb/ux500: remove duplicate check for dma_is_compatible
tty: hvc_xen: hide xen_console_remove when unused
target/user: Fix cast from pointer to phys_addr_t
driver-core: use 'dev' argument in dev_dbg_ratelimited stub
fbdev: auo_k190x: avoid unused function warnings
amd-xgbe: Fix unused suspend handlers build warning
mtd: sh_flctl: pass FIFO as physical address
mtd: cfi: enforce valid geometry configuration
fbdev: s6e8ax0: avoid unused function warnings
modsign: hide openssl output in silent builds
Drivers: hv: vmbus: fix build warning
fbdev: sm712fb: avoid unused function warnings
hwrng: exynos - use __maybe_unused to hide pm functions
USB: cdc_subset: only build when one driver is enabled
rtlwifi: fix gcc-6 indentation warning
staging: wilc1000: fix kbuild test robot error
x86/platform/olpc: Fix resume handler build warning
netfilter: ipvs: avoid unused variable warnings
ipv4: ipconfig: avoid unused ic_proto_used symbol
tc1100-wmi: fix build warning when CONFIG_PM not enabled
tlan: avoid unused label with PCI=n
drm/vmwgfx: use *_32_bits() macros
tty: cyclades: cyz_interrupt is only used for PCI
genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
ASoC: mediatek: add i2c dependency
iio: adc: axp288: remove redundant duplicate const on axp288_adc_channels
infiniband: cxgb4: use %pR format string for printing resources
b2c2: flexcop: avoid unused function warnings
i2c: remove __init from i2c_register_board_info()
staging: unisys: visorinput depends on INPUT
tc358743: fix register i2c_rd/wr functions
drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
KVM: add X86_LOCAL_APIC dependency
go7007: add MEDIA_CAMERA_SUPPORT dependency
em28xx: only use mt9v011 if camera support is enabled
ISDN: eicon: reduce stack size of sig_ind function
ASoC: rockchip: use __maybe_unused to hide st_irq_syscfg_resume
serial: 8250_mid: fix broken DMA dependency
drm/gma500: Sanity-check pipe index
hdpvr: hide unused variable
v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER
cw1200: fix bogus maybe-uninitialized warning
wireless: cw1200: use __maybe_unused to hide pm functions_
perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
dmaengine: zx: fix build warning
net: hp100: remove unnecessary #ifdefs
gpio: xgene: mark PM functions as __maybe_unused
ncpfs: fix unused variable warning
Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
power: bq27xxx_battery: mark some symbols __maybe_unused
isdn: sc: work around type mismatch warning
binfmt_elf: compat: avoid unused function warning
idle: i7300: add PCI dependency
usb: phy: msm add regulator dependency
ncr5380: shut up gcc indentation warning
ARM: tegra: select USB_ULPI from EHCI rather than platform
ASoC: Intel: Kconfig: fix build when ACPI is not enabled
netlink: fix nla_put_{u8,u16,u32} for KASAN
dell-wmi, dell-laptop: depends DMI
genksyms: Fix segfault with invalid declarations
x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug
drm/gma500: remove helper function
kasan: rework Kconfig settings
KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously
x86/retpoline: Remove the esp/rsp thunk
KVM: x86: Make indirect calls in emulator speculation safe
KVM: VMX: Make indirect call speculation safe
module/retpoline: Warn about missing retpoline in module
x86/nospec: Fix header guards names
x86/bugs: Drop one "mitigation" from dmesg
x86/cpu/bugs: Make retpoline module warning conditional
x86/spectre: Check CONFIG_RETPOLINE in command line parser
Documentation: Document array_index_nospec
array_index_nospec: Sanitize speculative array de-references
x86: Implement array_index_mask_nospec
x86: Introduce barrier_nospec
x86/get_user: Use pointer masking to limit speculation
x86/syscall: Sanitize syscall table de-references under speculation
vfs, fdtable: Prevent bounds-check bypass via speculative execution
nl80211: Sanitize array index in parse_txq_params
x86/spectre: Report get_user mitigation for spectre_v1
x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
x86/paravirt: Remove 'noreplace-paravirt' cmdline option
x86/kvm: Update spectre-v1 mitigation
x86/retpoline: Avoid retpolines for built-in __init functions
x86/spectre: Simplify spectre_v2 command line parsing
x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
KVM: nVMX: kmap() can't fail
KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail
kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
KVM: VMX: clean up declaration of VPID/EPT invalidation types
KVM: nVMX: invvpid handling improvements
crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
net: dst_cache_per_cpu_dst_set() can be static
Linux 4.4.118
Change-Id: I01c76e1c15a611e13a1e98092bc5c01cdb5b6adb
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 4b14752ec4e0d87126e636384cf37c8dd9df157c upstream.
We can't do anything reasonable in security_bounded_transition() if we
don't have a policy loaded, and in fact we could run into problems
with some of the code inside expecting a policy. Fix these problems
like we do many others in security/selinux/ss/services.c by checking
to see if the policy is loaded (ss_initialized) and returning quickly
if it isn't.
Reported-by: syzbot <syzkaller-bugs@googlegroups.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ef28df55ac27e1e5cd122e19fa311d886d47a756 upstream.
The syzbot/syzkaller automated tests found a problem in
security_context_to_sid_core() during early boot (before we load the
SELinux policy) where we could potentially feed context strings without
NUL terminators into the strcmp() function.
We already guard against this during normal operation (after the SELinux
policy has been loaded) by making a copy of the context strings and
explicitly adding a NUL terminator to the end. The patch extends this
protection to the early boot case (no loaded policy) by moving the context
copy earlier in security_context_to_sid_core().
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Reviewed-By: William Roberts <william.c.roberts@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqHLN8ACgkQONu9yGCS
aT7eyQ/+NGK3/MPgoqRtg8sEvr1CVk8VhH1BiBfiQPGXe/D4nqPrKQzQBBzsW8QX
6Z9PY7wDz9RgFkw+FoOyG0eLuYdgNYOelASdQ4kJzteVH8pB2GxxTbX0drttzV+F
liNy0w39YLYxbjR4FavOSuDekd46dNQsHBvzTawaFKh0BEtQO+1uUGMg1LjMKVPn
F9ry0mEPrOoC2+nRvU6QXIUZy6y4+Pgdda0sfGcO3yXwQev9HoW5h9qMCnGah30J
D3Glt86dtpQcuqeIaXrfX+HnkvAOxTHjP8uRn3O7A7h8+WYBWq5Xms6A7EE9duNV
0UA8OZpvq0r0YSTmBFzrDexAcf/cXW8ajd/VKseI/d53iIauLV5FUaGldLJ3IQMc
gYZ2uNxGTI4z3V+nIiVQ0NCm4kmqogVY8PvMlgUwiFVG2B088iYGZ7iTOQ9b7wBO
VgDo0ouC/yDA8Lmz/A0l3SuvkJDNIPJit5lWzqCGRjk1F8WdPpI5C3ONfp8R3Lko
sTllldOo982KW5up/fg5HfuMg1OjgXZtzO+/NlTtyTpSr9bb1OoniSROG8eEcMqO
lKI1MB8Xx/pqqW1E8OOtb7A/8JPCBFzVV9xVGKwI0uZa2XOQeAwGruOe8Ub6nEpU
8w30DlSgy8MB1BPL6UGC6k+001k8jkohdl/qjpYb6aK55CfbhlA=
=a3k5
-----END PGP SIGNATURE-----
Merge 4.4.116 into android-4.4
Changes in 4.4.116
powerpc/bpf/jit: Disable classic BPF JIT on ppc64le
powerpc/64: Fix flush_(d|i)cache_range() called from modules
powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC
powerpc: Simplify module TOC handling
powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
powerpc/64: Add macros for annotating the destination of rfid/hrfid
powerpc/64s: Simple RFI macro conversions
powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL
powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL
powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
powerpc/64s: Add support for RFI flush of L1-D cache
powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti
powerpc/pseries: Query hypervisor for RFI flush settings
powerpc/powernv: Check device-tree for RFI flush settings
powerpc/64s: Wire up cpu_show_meltdown()
powerpc/64s: Allow control of RFI flush via debugfs
ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit
usbip: fix 3eee23c3ec14 tcp_socket address still in the status file
net: cdc_ncm: initialize drvflags before usage
ASoC: simple-card: Fix misleading error message
ASoC: rsnd: don't call free_irq() on Parent SSI
ASoC: rsnd: avoid duplicate free_irq()
drm: rcar-du: Use the VBK interrupt for vblank events
drm: rcar-du: Fix race condition when disabling planes at CRTC stop
x86/asm: Fix inline asm call constraints for GCC 4.4
ip6mr: fix stale iterator
net: igmp: add a missing rcu locking section
qlcnic: fix deadlock bug
r8169: fix RTL8168EP take too long to complete driver initialization.
tcp: release sk_frag.page in tcp_disconnect
vhost_net: stop device during reset owner
media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
KEYS: encrypted: fix buffer overread in valid_master_desc()
don't put symlink bodies in pagecache into highmem
crypto: tcrypt - fix S/G table for test_aead_speed()
x86/microcode/AMD: Do not load when running on a hypervisor
x86/microcode: Do the family check first
powerpc/pseries: include linux/types.h in asm/hvcall.h
cifs: Fix missing put_xid in cifs_file_strict_mmap
cifs: Fix autonegotiate security settings mismatch
CIFS: zero sensitive data when freeing
dmaengine: dmatest: fix container_of member in dmatest_callback
x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER
kaiser: fix compile error without vsyscall
netfilter: nf_queue: Make the queue_handler pernet
posix-timer: Properly check sigevent->sigev_notify
usb: gadget: uvc: Missing files for configfs interface
sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
sched/rt: Up the root domain ref count when passing it around via IPIs
dccp: CVE-2017-8824: use-after-free in DCCP code
media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
mtd: cfi: convert inline functions to macros
mtd: nand: brcmnand: Disable prefetch by default
mtd: nand: Fix nand_do_read_oob() return value
mtd: nand: sunxi: Fix ECC strength choice
ubi: block: Fix locking for idr_alloc/idr_remove
nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
NFS: Add a cond_resched() to nfs_commit_release_pages()
NFS: commit direct writes even if they fail partially
NFS: reject request for id_legacy key without auxdata
kernfs: fix regression in kernfs_fop_write caused by wrong type
ahci: Annotate PCI ids for mobile Intel chipsets as such
ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
ahci: Add Intel Cannon Lake PCH-H PCI ID
crypto: hash - introduce crypto_hash_alg_has_setkey()
crypto: cryptd - pass through absence of ->setkey()
crypto: poly1305 - remove ->setkey() method
nsfs: mark dentry with DCACHE_RCUACCESS
media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
vb2: V4L2_BUF_FLAG_DONE is set after DQBUF
media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
media: v4l2-compat-ioctl32.c: fix the indentation
media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
media: v4l2-compat-ioctl32.c: avoid sizeof(type)
media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha
media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
crypto: caam - fix endless loop when DECO acquire fails
arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
watchdog: imx2_wdt: restore previous timeout after suspend+resume
media: ts2020: avoid integer overflows on 32 bit machines
media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
kernel/async.c: revert "async: simplify lowest_in_progress()"
HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
Bluetooth: btsdio: Do not bind to non-removable BCM43341
Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version
signal/openrisc: Fix do_unaligned_access to send the proper signal
signal/sh: Ensure si_signo is initialized in do_divide_error
alpha: fix crash if pthread_create races with signal delivery
alpha: fix reboot on Avanti platform
xtensa: fix futex_atomic_cmpxchg_inatomic
EDAC, octeon: Fix an uninitialized variable warning
pktcdvd: Fix pkt_setup_dev() error path
btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
nvme: Fix managing degraded controllers
ACPI: sbshc: remove raw pointer from printk() message
ovl: fix failure to fsync lower dir
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
ftrace: Remove incorrect setting of glob search field
Linux 4.4.116
Change-Id: Id000cb8d59b74de063902e9ad24dd07fe1b1694b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 794b4bc292f5d31739d89c0202c54e7dc9bc3add upstream.
With the 'encrypted' key type it was possible for userspace to provide a
data blob ending with a master key description shorter than expected,
e.g. 'keyctl add encrypted desc "new x" @s'. When validating such a
master key description, validate_master_desc() could read beyond the end
of the buffer. Fix this by using strncmp() instead of memcmp(). [Also
clean up the code to deduplicate some logic.]
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Jin Qian <jinqian@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-aa856bd
Linux 4.4.115
spi: imx: do not access registers while clocks disabled
serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS
selinux: general protection fault in sock_has_perm
usb: uas: unconditionally bring back host after reset
usb: f_fs: Prevent gadget unbind if it is already unbound
USB: serial: simple: add Motorola Tetra driver
usbip: list: don't list devices attached to vhci_hcd
usbip: prevent bind loops on devices attached to vhci_hcd
USB: serial: io_edgeport: fix possible sleep-in-atomic
CDC-ACM: apply quirk for card reader
USB: cdc-acm: Do not log urb submission errors on disconnect
USB: serial: pl2303: new device id for Chilitag
usb: option: Add support for FS040U modem
staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID
usb: gadget: don't dereference g until after it has been null checked
media: usbtv: add a new usbid
scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg
scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path
xfs: ubsan fixes
drm/omap: Fix error handling path in 'omap_dmm_probe()'
kmemleak: add scheduling point to kmemleak_scan()
SUNRPC: Allow connect to return EHOSTUNREACH
quota: Check for register_shrinker() failure.
net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit
hwmon: (pmbus) Use 64bit math for DIRECT format values
lockd: fix "list_add double add" caused by legacy signal interface
nfsd: check for use of the closed special stateid
grace: replace BUG_ON by WARN_ONCE in exit_net hook
nfsd: Ensure we check stateid validity in the seqid operation checks
nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)
xen-netfront: remove warning when unloading module
KVM: VMX: Fix rflags cache during vCPU reset
btrfs: fix deadlock when writing out space cache
mac80211: fix the update of path metric for RANN frame
openvswitch: fix the incorrect flow action alloc size
drm/amdkfd: Fix SDMA oversubsription handling
drm/amdkfd: Fix SDMA ring buffer size calculation
drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode
bcache: check return value of register_shrinker
cpufreq: Add Loongson machine dependencies
ACPI / bus: Leave modalias empty for devices which are not present
KVM: x86: ioapic: Preserve read-only values in the redirection table
KVM: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered
KVM: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race
KVM: X86: Fix operand/address-size during instruction decoding
KVM: x86: Don't re-execute instruction when not passing CR2 value
KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure
igb: Free IRQs when device is hotplugged
mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
crypto: af_alg - whitelist mask and type
crypto: aesni - handle zero length dst buffer
ALSA: seq: Make ioctls race-free
kaiser: fix intel_bts perf crashes
x86/pti: Make unpoison of pgd for trusted boot work for real
bpf: reject stores into ctx via st and xadd
bpf: fix 32-bit divide by zero
bpf: fix divides by zero
bpf: avoid false sharing of map refcount with max_entries
bpf: arsh is not supported in 32 bit alu thus reject it
bpf: introduce BPF_JIT_ALWAYS_ON config
bpf: fix bpf_tail_call() x64 JIT
x86: bpf_jit: small optimization in emit_bpf_tail_call()
bpf: fix branch pruning logic
loop: fix concurrent lo_open/lo_release
ANDROID: sdcardfs: Protect set_top
ANDROID: fsnotify: Notify lower fs of open
Revert "ANDROID: sdcardfs: notify lower file of opens"
ANDROID: sdcardfs: Use lower getattr times/size
ANDROID: sched/rt: schedtune: Add boost retention to RT
Conflicts:
arch/x86/Kconfig
kernel/sched/rt.c
Change-Id: I91b08e1b8e0a1c6ca9c245597acad0bf197f9527
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlp13ZEACgkQONu9yGCS
aT6RTg/9GeWWfZY5XFvHIm2k8HEtPuTQ3C+8u2J+qCW+TFDFPZjHAoYNRiFqOzOx
kFvwcCBakSCuW6MVP1i0LKZXQc6kKySQYiZ8Oe8ULYGDfxUep0jZ23mH3wpYqIn+
doB2+NbXpMyQUI2emzq0BrgWgw7kxo2aBClYMfHT+ZOa2fdnfCtKTWGedjLdzMZ4
VKqqHOH6VmSqB1y3qC9nrCRA9iXnTOHE+Cqs8qoMImMHO5LK/XffdI/zZQfsS1LA
fxZpfQ7a4kRSgxSeTq5GlzQCx3Tp6+gxau1yFz73RjfkQgMKZumDH4NzIBqcfB2Y
pND5xOkJLf0Lc50mj9hdJMC+ZTxaucvz0t+8ve0cfN9O11axaPuCwUf9Eolgqrt+
I34VxpYw1Vr05z146V6CmpuhZwzvhlcn5mUg7KDOkStPhyTr+PUjnFiOtUnUFOBv
G2sYh2HYwSjnOw+/ovpYJX15Z8TydY6bFie6J4FgD4ERrvUxV3I5N0DxXVPjk1AE
9XwFHB2Zn19R0xr8Dxdw2LElIjaEiFz7vmMK04CfLjuU1B0YkgbJHMRCDtOfR3NP
hKPY/KWBrK5LJrsuE6EVyMUbPGQ0cNUlSWwU60udODZuwuSJWPUAnlFcgxBLrCO2
JsUNsZYWY4vWHheB1sG6IWOZg7jZvwOOhIExahwj1IDEt9QJBpo=
=ViWs
-----END PGP SIGNATURE-----
Merge 4.4.115 into android-4.4
Changes in 4.4.115
loop: fix concurrent lo_open/lo_release
bpf: fix branch pruning logic
x86: bpf_jit: small optimization in emit_bpf_tail_call()
bpf: fix bpf_tail_call() x64 JIT
bpf: introduce BPF_JIT_ALWAYS_ON config
bpf: arsh is not supported in 32 bit alu thus reject it
bpf: avoid false sharing of map refcount with max_entries
bpf: fix divides by zero
bpf: fix 32-bit divide by zero
bpf: reject stores into ctx via st and xadd
x86/pti: Make unpoison of pgd for trusted boot work for real
kaiser: fix intel_bts perf crashes
ALSA: seq: Make ioctls race-free
crypto: aesni - handle zero length dst buffer
crypto: af_alg - whitelist mask and type
power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
igb: Free IRQs when device is hotplugged
KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure
KVM: x86: Don't re-execute instruction when not passing CR2 value
KVM: X86: Fix operand/address-size during instruction decoding
KVM: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race
KVM: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered
KVM: x86: ioapic: Preserve read-only values in the redirection table
ACPI / bus: Leave modalias empty for devices which are not present
cpufreq: Add Loongson machine dependencies
bcache: check return value of register_shrinker
drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode
drm/amdkfd: Fix SDMA ring buffer size calculation
drm/amdkfd: Fix SDMA oversubsription handling
openvswitch: fix the incorrect flow action alloc size
mac80211: fix the update of path metric for RANN frame
btrfs: fix deadlock when writing out space cache
KVM: VMX: Fix rflags cache during vCPU reset
xen-netfront: remove warning when unloading module
nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)
nfsd: Ensure we check stateid validity in the seqid operation checks
grace: replace BUG_ON by WARN_ONCE in exit_net hook
nfsd: check for use of the closed special stateid
lockd: fix "list_add double add" caused by legacy signal interface
hwmon: (pmbus) Use 64bit math for DIRECT format values
net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit
quota: Check for register_shrinker() failure.
SUNRPC: Allow connect to return EHOSTUNREACH
kmemleak: add scheduling point to kmemleak_scan()
drm/omap: Fix error handling path in 'omap_dmm_probe()'
xfs: ubsan fixes
scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path
scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg
media: usbtv: add a new usbid
usb: gadget: don't dereference g until after it has been null checked
staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID
usb: option: Add support for FS040U modem
USB: serial: pl2303: new device id for Chilitag
USB: cdc-acm: Do not log urb submission errors on disconnect
CDC-ACM: apply quirk for card reader
USB: serial: io_edgeport: fix possible sleep-in-atomic
usbip: prevent bind loops on devices attached to vhci_hcd
usbip: list: don't list devices attached to vhci_hcd
USB: serial: simple: add Motorola Tetra driver
usb: f_fs: Prevent gadget unbind if it is already unbound
usb: uas: unconditionally bring back host after reset
selinux: general protection fault in sock_has_perm
serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS
spi: imx: do not access registers while clocks disabled
Linux 4.4.115
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
In the absence of commit a4298e4522d6 ("net: add SOCK_RCU_FREE socket
flag") and all the associated infrastructure changes to take advantage
of a RCU grace period before freeing, there is a heightened
possibility that a security check is performed while an ill-timed
setsockopt call races in from user space. It then is prudent to null
check sk_security, and if the case, reject the permissions.
Because of the nature of this problem, hard to duplicate, no clear
path, this patch is a simplified band-aid for stable trees lacking the
infrastructure for the series of commits leading up to providing a
suitable RCU grace period. This adjustment is orthogonal to
infrastructure improvements that may nullify the needed check, but
could be added as good code hygiene in all trees.
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 14233 Comm: syz-executor2 Not tainted 4.4.112-g5f6325b #28
task: ffff8801d1095f00 task.stack: ffff8800b5950000
RIP: 0010:[<ffffffff81b69b7e>] [<ffffffff81b69b7e>] sock_has_perm+0x1fe/0x3e0 security/selinux/hooks.c:4069
RSP: 0018:ffff8800b5957ce0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 1ffff10016b2af9f RCX: ffffffff81b69b51
RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000010
RBP: ffff8800b5957de0 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 1ffff10016b2af68 R12: ffff8800b5957db8
R13: 0000000000000000 R14: ffff8800b7259f40 R15: 00000000000000d7
FS: 00007f72f5ae2700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000a2fa38 CR3: 00000001d7980000 CR4: 0000000000160670
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffffffff81b69a1f ffff8800b5957d58 00008000b5957d30 0000000041b58ab3
ffffffff83fc82f2 ffffffff81b69980 0000000000000246 ffff8801d1096770
ffff8801d3165668 ffffffff8157844b ffff8801d1095f00
ffff880000000001
Call Trace:
[<ffffffff81b6a19d>] selinux_socket_setsockopt+0x4d/0x80 security/selinux/hooks.c:4338
[<ffffffff81b4873d>] security_socket_setsockopt+0x7d/0xb0 security/security.c:1257
[<ffffffff82df1ac8>] SYSC_setsockopt net/socket.c:1757 [inline]
[<ffffffff82df1ac8>] SyS_setsockopt+0xe8/0x250 net/socket.c:1746
[<ffffffff83776499>] entry_SYSCALL_64_fastpath+0x16/0x92
Code: c2 42 9b b6 81 be 01 00 00 00 48 c7 c7 a0 cb 2b 84 e8
f7 2f 6d ff 49 8d 7d 10 48 b8 00 00 00 00 00 fc ff df 48 89
fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 83 01 00
00 41 8b 75 10 31
RIP [<ffffffff81b69b7e>] sock_has_perm+0x1fe/0x3e0 security/selinux/hooks.c:4069
RSP <ffff8800b5957ce0>
---[ end trace 7b5aaf788fef6174 ]---
Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: selinux@tycho.nsa.gov
Cc: linux-security-module@vger.kernel.org
Cc: Eric Paris <eparis@parisplace.org>
Cc: Serge E. Hallyn <serge@hallyn.com>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-5f6325b
Linux 4.4.112
selftests/x86: Add test_vsyscall
x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
x86/alternatives: Fix optimize_nops() checking
sysfs/cpu: Fix typos in vulnerability documentation
x86/cpu: Implement CPU vulnerabilites sysfs functions
sysfs/cpu: Add vulnerability folder
x86/cpu: Merge bugs.c and bugs_64.c
x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
x86/cpufeatures: Add X86_BUG_CPU_INSECURE
x86/cpufeatures: Make CPU bugs sticky
x86/cpu: Factor out application of forced CPU caps
x86/Documentation: Add PTI description
e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
uas: ignore UAS for Norelsys NS1068(X) chips
Bluetooth: Prevent stack info leak from the EFS element.
staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
usbip: remove kernel addresses from usb device and urb debug msgs
USB: fix usbmon BUG trigger
usb: misc: usb3503: make sure reset is low for at least 100us
USB: serial: cp210x: add new device ID ELV ALC 8xxx
USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ
target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
bpf: prevent out-of-bounds speculation
bpf: adjust insn_aux_data when patching insns
bpf: refactor fixup_bpf_calls()
bpf: move fixup_bpf_calls() function
bpf: don't (ab)use instructions to store state
bpf: add bpf_patch_insn_single helper
kaiser: Set _PAGE_NX only if supported
drm/vmwgfx: Potential off by one in vmw_view_add()
KVM: x86: Add memory barrier on vmcs field lookup
x86/microcode/intel: Extend BDW late-loading with a revision check
rbd: set max_segments to USHRT_MAX
crypto: algapi - fix NULL dereference in crypto_remove_spawns()
ipv6: fix possible mem leaks in ipv6_make_skb()
net: stmmac: enable EEE in MII, GMII or RGMII only
sh_eth: fix SH7757 GEther initialization
sh_eth: fix TSU resource handling
RDS: null pointer dereference in rds_atomic_free_op
RDS: Heap OOB write in rds_message_alloc_sgs()
net: core: fix module type in sock_diag_bind
ip6_tunnel: disable dst caching if tunnel is dual-stack
8021q: fix a memory leak for VLAN 0 device
x86/pti/efi: broken conversion from efi to kernel page table
Revert "userfaultfd: selftest: vm: allow to build in vm/ directory"
xhci: Fix ring leak in failure path of xhci_alloc_virt_device()
sysrq: Fix warning in sysrq generated crash.
hwrng: core - sleep interruptible in read
x86/mm/pat, /dev/mem: Remove superfluous error message
cx82310_eth: use skb_cow_head() to deal with cloned skbs
smsc75xx: use skb_cow_head() to deal with cloned skbs
sr9700: use skb_cow_head() to deal with cloned skbs
lan78xx: use skb_cow_head() to deal with cloned skbs
r8152: adjust ALDPS function
r8152: use test_and_clear_bit
r8152: fix the wake event
usb: musb: ux500: Fix NULL pointer dereference at system PM
usbvision fix overflow of interfaces array
locking/mutex: Allow next waiter lockless wakeup
futex: Replace barrier() in unqueue_me() with READ_ONCE()
locks: don't check for race with close when setting OFD lock
zswap: don't param_set_charp while holding spinlock
mm/zswap: use workqueue to destroy pool
mm/page-writeback: fix dirty_ratelimit calculation
mm/compaction: pass only pageblock aligned range to pageblock_pfn_to_page
mm/compaction: fix invalid free_pfn and compact_cached_free_pfn
x86/acpi: Reduce code duplication in mp_override_legacy_irq()
ALSA: aloop: Fix racy hw constraints adjustment
ALSA: aloop: Fix inconsistent format due to incomplete rule
ALSA: aloop: Release cable upon open error path
ALSA: pcm: Allow aborting mutex lock at OSS read/write loops
ALSA: pcm: Abort properly at pending signal in OSS read/write loops
ALSA: pcm: Add missing error checks in OSS emulation plugin builder
ALSA: pcm: Remove incorrect snd_BUG_ON() usages
iommu/arm-smmu-v3: Don't free page table ops twice
x86/acpi: Handle SCI interrupts above legacy space gracefully
x86/vsdo: Fix build on PARAVIRT_CLOCK=y, KVM_GUEST=n
kvm: vmx: Scrub hardware GPRs at VM-exit
net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y
MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses
MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET
MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA
MIPS: Consistently handle buffer counter with PTRACE_SETREGSET
MIPS: Guard against any partial write attempt with PTRACE_SETREGSET
MIPS: Factor out NT_PRFPREG regset access helpers
MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task
IB/srpt: Disable RDMA access by the initiator
can: gs_usb: fix return value of the "set_bittiming" callback
KVM: Fix stack-out-of-bounds read in write_mmio
dm bufio: fix shrinker scans when (nr_to_scan < retain_target)
fscrypt: updates on 4.15-rc4
ANDROID: uid_sys_stats: fix the comment
BACKPORT: optee: fix invalid of_node_put() in optee_driver_init()
BACKPORT: tee: optee: sync with new naming of interrupts
BACKPORT: tee: indicate privileged dev in gen_caps
BACKPORT: tee: optee: interruptible RPC sleep
BACKPORT: tee: optee: add const to tee_driver_ops and tee_desc structures
BACKPORT: tee: tee_shm: Constify dma_buf_ops structures.
BACKPORT: tee: add forward declaration for struct device
BACKPORT: tee: optee: fix uninitialized symbol 'parg'
BACKPORT: tee.txt: standardize document format
BACKPORT: tee: add ARM_SMCCC dependency
BACKPORT: selinux: nlmsgtab: add SOCK_DESTROY to the netlink mapping tables
Conflicts:
security/selinux/nlmsgtab.c
Change-Id: I5770a565f39c321f2305f8228e41f822e3cd0625
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
* refs/heads/tmp-5cc8c2e
Linux 4.4.110
kaiser: Set _PAGE_NX only if supported
x86/kasan: Clear kasan_zero_page after TLB flush
x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap
x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader
KPTI: Report when enabled
KPTI: Rename to PAGE_TABLE_ISOLATION
x86/kaiser: Move feature detection up
kaiser: disabled on Xen PV
x86/kaiser: Reenable PARAVIRT
x86/paravirt: Dont patch flush_tlb_single
kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
kaiser: asm/tlbflush.h handle noPGE at lower level
kaiser: drop is_atomic arg to kaiser_pagetable_walk()
kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
x86/kaiser: Check boottime cmdline params
x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
kaiser: add "nokaiser" boot option, using ALTERNATIVE
kaiser: fix unlikely error in alloc_ldt_struct()
kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls
kaiser: paranoid_entry pass cr3 need to paranoid_exit
kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user
kaiser: PCID 0 for kernel and 128 for user
kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
kaiser: enhanced by kernel and user PCIDs
kaiser: vmstat show NR_KAISERTABLE as nr_overhead
kaiser: delete KAISER_REAL_SWITCH option
kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET
kaiser: cleanups while trying for gold link
kaiser: kaiser_remove_mapping() move along the pgd
kaiser: tidied up kaiser_add/remove_mapping slightly
kaiser: tidied up asm/kaiser.h somewhat
kaiser: ENOMEM if kaiser_pagetable_walk() NULL
kaiser: fix perf crashes
kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
kaiser: KAISER depends on SMP
kaiser: fix build and FIXME in alloc_ldt_struct()
kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
kaiser: do not set _PAGE_NX on pgd_none
kaiser: merged update
KAISER: Kernel Address Isolation
x86/boot: Add early cmdline parsing for options with arguments
ANDROID: sdcardfs: Add default_normal option
ANDROID: sdcardfs: notify lower file of opens
Conflicts:
kernel/fork.c
Change-Id: I9c8c12e63321d79dc2c89fb470ca8de587366911
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
* refs/heads/tmp-79f138a
Linux 4.4.107
ath9k: fix tx99 potential info leak
IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop
RDMA/cma: Avoid triggering undefined behavior
macvlan: Only deliver one copy of the frame to the macvlan interface
udf: Avoid overflow when session starts at large offset
scsi: bfa: integer overflow in debugfs
scsi: sd: change allow_restart to bool in sysfs interface
scsi: sd: change manage_start_stop to bool in sysfs interface
vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend
scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry
raid5: Set R5_Expanded on parity devices as well as data.
pinctrl: adi2: Fix Kconfig build problem
usb: musb: da8xx: fix babble condition handling
tty fix oops when rmmod 8250
powerpc/perf/hv-24x7: Fix incorrect comparison in memord
scsi: hpsa: destroy sas transport properties before scsi_host
scsi: hpsa: cleanup sas_phy structures in sysfs when unloading
PCI: Detach driver before procfs & sysfs teardown on device remove
xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real
xfs: fix log block underflow during recovery cycle verification
l2tp: cleanup l2tp_tunnel_delete calls
bcache: fix wrong cache_misses statistics
bcache: explicitly destroy mutex while exiting
GFS2: Take inode off order_write list when setting jdata flag
thermal/drivers/step_wise: Fix temperature regulation misbehavior
ppp: Destroy the mutex when cleanup
clk: tegra: Fix cclk_lp divisor register
clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU
clk: mediatek: add the option for determining PLL source clock
mm: Handle 0 flags in _calc_vm_trans() macro
crypto: tcrypt - fix buffer lengths in test_aead_speed()
arm-ccn: perf: Prevent module unload while PMU is in use
target/file: Do not return error for UNMAP if length is zero
target:fix condition return in core_pr_dump_initiator_port()
iscsi-target: fix memory leak in lio_target_tiqn_addtpg()
target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
powerpc/ipic: Fix status get and status clear
powerpc/opal: Fix EBUSY bug in acquiring tokens
netfilter: ipvs: Fix inappropriate output of procfs
powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo
PCI/PME: Handle invalid data when reading Root Status
dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type
rtc: pcf8563: fix output clock rate
video: fbdev: au1200fb: Return an error code if a memory allocation fails
video: fbdev: au1200fb: Release some resources if a memory allocation fails
video: udlfb: Fix read EDID timeout
fbdev: controlfb: Add missing modes to fix out of bounds access
sfc: don't warn on successful change of MAC
target: fix race during implicit transition work flushes
target: fix ALUA transition timeout handling
target: Use system workqueue for ALUA transitions
btrfs: add missing memset while reading compressed inline extents
NFSv4.1 respect server's max size in CREATE_SESSION
efi/esrt: Cleanup bad memory map log messages
perf symbols: Fix symbols__fixup_end heuristic for corner cases
net/mlx4_core: Avoid delays during VF driver device shutdown
afs: Fix afs_kill_pages()
afs: Fix page leak in afs_write_begin()
afs: Populate and use client modification time
afs: Fix the maths in afs_fs_store_data()
afs: Prevent callback expiry timer overflow
afs: Migrate vlocation fields to 64-bit
afs: Flush outstanding writes when an fd is closed
afs: Adjust mode bits processing
afs: Populate group ID from vnode status
afs: Fix missing put_page()
drm/radeon: reinstate oland workaround for sclk
mmc: mediatek: Fixed bug where clock frequency could be set wrong
sched/deadline: Use deadline instead of period when calculating overflow
sched/deadline: Throttle a constrained deadline task activated after the deadline
sched/deadline: Make sure the replenishment timer fires in the next period
drm/radeon/si: add dpm quirk for Oland
fjes: Fix wrong netdevice feature flags
scsi: hpsa: limit outstanding rescans
scsi: hpsa: update check for logical volume status
openrisc: fix issue handling 8 byte get_user calls
intel_th: pci: Add Gemini Lake support
mlxsw: reg: Fix SPVMLR max record count
mlxsw: reg: Fix SPVM max record count
net: Resend IGMP memberships upon peer notification.
dmaengine: Fix array index out of bounds warning in __get_unmap_pool()
net: wimax/i2400m: fix NULL-deref at probe
writeback: fix memory leak in wb_queue_work()
netfilter: bridge: honor frag_max_size when refragmenting
drm/omap: fix dmabuf mmap for dma_alloc'ed buffers
Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list
NFSD: fix nfsd_reset_versions for NFSv4.
NFSD: fix nfsd_minorversion(.., NFSD_AVAIL)
net: bcmgenet: Power up the internal PHY before probing the MII
net: bcmgenet: power down internal phy if open or resume fails
net: bcmgenet: reserved phy revisions must be checked first
net: bcmgenet: correct MIB access of UniMAC RUNT counters
net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values
net: initialize msg.msg_flags in recvfrom
userfaultfd: selftest: vm: allow to build in vm/ directory
userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE
md-cluster: free md_cluster_info if node leave cluster
usb: phy: isp1301: Add OF device ID table
mac80211: Fix addition of mesh configuration element
KEYS: add missing permission check for request_key() destination
ext4: fix crash when a directory's i_size is too small
ext4: fix fdatasync(2) after fallocate(2) operation
dmaengine: dmatest: move callback wait queue to thread context
sched/rt: Do not pull from current CPU if only one CPU to pull
xhci: Don't add a virt_dev to the devs array before it's fully allocated
Bluetooth: btusb: driver to enable the usb-wakeup feature
ceph: drop negative child dentries before try pruning inode's alias
usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
USB: core: prevent malicious bNumInterfaces overflow
USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID
tracing: Allocate mask_str buffer dynamically
autofs: fix careless error in recent commit
crypto: salsa20 - fix blkcipher_walk API usage
crypto: hmac - require that the underlying hash algorithm is unkeyed
UPSTREAM: arm64: setup: introduce kaslr_offset()
UPSTREAM: kcov: fix comparison callback signature
UPSTREAM: kcov: support comparison operands collection
UPSTREAM: kcov: remove pointless current != NULL check
UPSTREAM: kcov: support compat processes
UPSTREAM: kcov: simplify interrupt check
UPSTREAM: kcov: make kcov work properly with KASLR enabled
UPSTREAM: kcov: add more missing includes
UPSTREAM: kcov: add missing #include <linux/sched.h>
UPSTREAM: kcov: properly check if we are in an interrupt
UPSTREAM: kcov: don't profile branches in kcov
UPSTREAM: kcov: don't trace the code coverage code
BACKPORT: kernel: add kcov code coverage
Conflicts:
Makefile
mm/kasan/Makefile
scripts/Makefile.lib
Change-Id: Ic19953706ea2e700621b0ba94d1c90bbffa4f471
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Without this, using SOCK_DESTROY in enforcing mode results in:
SELinux: unrecognized netlink message type=21 for sclass=32
Original patch has SOCK_DESTROY instead of SOCK_DESTROY_BACKPORT
Change-Id: I2d0bb7a0b1ef3b201e956479a93f58c844909f8b
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
* refs/heads/tmp-8a53962
Linux 4.4.105
xen-netfront: avoid crashing on resume after a failure in talk_to_netback()
usb: host: fix incorrect updating of offset
USB: usbfs: Filter flags passed in from user space
USB: devio: Prevent integer overflow in proc_do_submiturb()
USB: Increase usbfs transfer limit
USB: core: Add type-specific length check of BOS descriptors
usb: ch9: Add size macro for SSP dev cap descriptor
usb: Add USB 3.1 Precision time measurement capability descriptor support
usb: xhci: fix panic in xhci_free_virt_devices_depth_first
usb: hub: Cycle HUB power when initialization fails
Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"
net: fec: fix multicast filtering hardware setup
xen-netfront: Improve error handling during initialization
mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers
tcp: correct memory barrier usage in tcp_check_space()
dmaengine: pl330: fix double lock
tipc: fix cleanup at module unload
net: sctp: fix array overrun read on sctp_timer_tbl
drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement
NFSv4: Fix client recovery when server reboots multiple times
KVM: arm/arm64: Fix occasional warning from the timer work function
nfs: Don't take a reference on fl->fl_file for LOCK operation
ravb: Remove Rx overflow log messages
net/appletalk: Fix kernel memory disclosure
vti6: fix device register to report IFLA_INFO_KIND
ARM: OMAP1: DMA: Correct the number of logical channels
net: systemport: Pad packet before inserting TSB
net: systemport: Utilize skb_put_padto()
kprobes/x86: Disable preemption in ftrace-based jprobes
perf test attr: Fix ignored test case result
sysrq : fix Show Regs call trace on ARM
EDAC, sb_edac: Fix missing break in switch
x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
usb: phy: tahvo: fix error handling in tahvo_usb_probe()
spi: sh-msiof: Fix DMA transfer size check
serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
selftests/x86/ldt_get: Add a few additional tests for limits
s390/pci: do not require AIS facility
ima: fix hash algorithm initialization
USB: serial: option: add Quectel BG96 id
s390/runtime instrumentation: simplify task exit handling
serial: 8250_pci: Add Amazon PCI serial device ID
usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
bcache: recover data from backing when data is clean
bcache: only permit to recovery read error when cache device is clean
ANDROID: initramfs: call free_initrd() when skipping init
Conflicts:
drivers/usb/core/config.c
include/linux/usb.h
include/uapi/linux/usb/ch9.h
Change-Id: Ibada5100be12f3a1389461f7738ee2ecb0d427af
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlpPj0wACgkQONu9yGCS
aT5QOhAAu3PoT3472I7zuWDUG0KQo5r0wdUO+YPW31VIHrxQ2H3sxR44rSHc5jW/
tTg2TIYNBkNoj4jJDJ9J7f6PSnN1vGFglFW4GzxE3cr2+W7u5M5ex8yCYMcBIY9U
56hbyqX5lf5KjGWJiQThwYsMBokrBJW2igAFN3cW39nNABhl0W39kiysGA9vbNrV
+QMA4+ZADA2EeIRcdJmj8uc/cez/7sGAfrSktvATkI+HFamnTs0mrx9cl0eQKvjm
y5PCxYUCbi4kqD4WM+UCYO3zpUD+r4iMDXwXBwLWkFvbumY4mVTItP+gq5M4Fb1g
MSauGUGH7BDsT9gspricCMcAmjcTn6hth7/7/ZhlNq3NZv89pOquhpE0JOSAmYbA
P4WaIRRWwpVrRt+THU7vZpAQWpFSwGmtE7tBfPMt2J7zqY3lMYmO3DoA+gejw3CV
igbvmV0UY2uYSFnjawUUJ+k+ggYfGyRkUl2DfcllPhZFqE1XEi3NyjI0wi8vtXTd
UlrU55TqsldCw1bjXH3lWrpoNybWvqUD2a249ZVs/h06Q5NKwNL8mTye+2BBQtCP
QzAqHYbkBKv/f8M6Kg+HtTzgqUbWxVCeQTWFXHMAPVo4bCwGvVGrXbGJIj15lBuQ
GWqc3dt69zxpn1tlcRHKH0P3KnkC67dARtY+8F8+D+HAHVY71Bg=
=Kpwd
-----END PGP SIGNATURE-----
Merge 4.4.110 into android-4.4
Changes in 4.4.110
x86/boot: Add early cmdline parsing for options with arguments
KAISER: Kernel Address Isolation
kaiser: merged update
kaiser: do not set _PAGE_NX on pgd_none
kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
kaiser: fix build and FIXME in alloc_ldt_struct()
kaiser: KAISER depends on SMP
kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
kaiser: fix perf crashes
kaiser: ENOMEM if kaiser_pagetable_walk() NULL
kaiser: tidied up asm/kaiser.h somewhat
kaiser: tidied up kaiser_add/remove_mapping slightly
kaiser: kaiser_remove_mapping() move along the pgd
kaiser: cleanups while trying for gold link
kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET
kaiser: delete KAISER_REAL_SWITCH option
kaiser: vmstat show NR_KAISERTABLE as nr_overhead
kaiser: enhanced by kernel and user PCIDs
kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
kaiser: PCID 0 for kernel and 128 for user
kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user
kaiser: paranoid_entry pass cr3 need to paranoid_exit
kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls
kaiser: fix unlikely error in alloc_ldt_struct()
kaiser: add "nokaiser" boot option, using ALTERNATIVE
x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
x86/kaiser: Check boottime cmdline params
kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
kaiser: drop is_atomic arg to kaiser_pagetable_walk()
kaiser: asm/tlbflush.h handle noPGE at lower level
kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
x86/paravirt: Dont patch flush_tlb_single
x86/kaiser: Reenable PARAVIRT
kaiser: disabled on Xen PV
x86/kaiser: Move feature detection up
KPTI: Rename to PAGE_TABLE_ISOLATION
KPTI: Report when enabled
x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader
x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap
x86/kasan: Clear kasan_zero_page after TLB flush
kaiser: Set _PAGE_NX only if supported
Linux 4.4.110
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Now that the required bits have been addressed, reenable
PARAVIRT.
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
We fail to see what CONFIG_KAISER_REAL_SWITCH is for: it seems to be
left over from early development, and now just obscures tricky parts
of the code. Delete it before adding PCIDs, or nokaiser boot option.
(Or if there is some good reason to keep the option, then it needs
a help text - and a "depends on KAISER", so that all those without
KAISER are not asked the question.)
Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
It is absurd that KAISER should depend on SMP, but apparently nobody
has tried a UP build before: which breaks on implicit declaration of
function 'per_cpu_offset' in arch/x86/mm/kaiser.c.
Now, you would expect that to be trivially fixed up; but looking at
the System.map when that block is #ifdef'ed out of kaiser_init(),
I see that in a UP build __per_cpu_user_mapped_end is precisely at
__per_cpu_user_mapped_start, and the items carefully gathered into
that section for user-mapping on SMP, dispersed elsewhere on UP.
So, some other kind of section assignment will be needed on UP,
but implementing that is not a priority: just make KAISER depend
on SMP for now.
Also inserted a blank line before the option, tidied up the
brief Kconfig help message, and added an "If unsure, Y".
Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch introduces our implementation of KAISER (Kernel Address Isolation to
have Side-channels Efficiently Removed), a kernel isolation technique to close
hardware side channels on kernel address information.
More information about the patch can be found on:
https://github.com/IAIK/KAISER
From: Richard Fellner <richard.fellner@student.tugraz.at>
From: Daniel Gruss <daniel.gruss@iaik.tugraz.at>
X-Subject: [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode
Date: Thu, 4 May 2017 14:26:50 +0200
Link: http://marc.info/?l=linux-kernel&m=149390087310405&w=2
Kaiser-4.10-SHA1: c4b1831d44c6144d3762ccc72f0c4e71a0c713e5
To: <linux-kernel@vger.kernel.org>
To: <kernel-hardening@lists.openwall.com>
Cc: <clementine.maurice@iaik.tugraz.at>
Cc: <moritz.lipp@iaik.tugraz.at>
Cc: Michael Schwarz <michael.schwarz@iaik.tugraz.at>
Cc: Richard Fellner <richard.fellner@student.tugraz.at>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: <kirill.shutemov@linux.intel.com>
Cc: <anders.fogh@gdata-adan.de>
After several recent works [1,2,3] KASLR on x86_64 was basically
considered dead by many researchers. We have been working on an
efficient but effective fix for this problem and found that not mapping
the kernel space when running in user mode is the solution to this
problem [4] (the corresponding paper [5] will be presented at ESSoS17).
With this RFC patch we allow anybody to configure their kernel with the
flag CONFIG_KAISER to add our defense mechanism.
If there are any questions we would love to answer them.
We also appreciate any comments!
Cheers,
Daniel (+ the KAISER team from Graz University of Technology)
[1] http://www.ieee-security.org/TC/SP2013/papers/4977a191.pdf
[2] https://www.blackhat.com/docs/us-16/materials/us-16-Fogh-Using-Undocumented-CPU-Behaviour-To-See-Into-Kernel-Mode-And-Break-KASLR-In-The-Process.pdf
[3] https://www.blackhat.com/docs/us-16/materials/us-16-Jang-Breaking-Kernel-Address-Space-Layout-Randomization-KASLR-With-Intel-TSX.pdf
[4] https://github.com/IAIK/KAISER
[5] https://gruss.cc/files/kaiser.pdf
[patch based also on
https://raw.githubusercontent.com/IAIK/KAISER/master/KAISER/0001-KAISER-Kernel-Address-Isolation.patch]
Signed-off-by: Richard Fellner <richard.fellner@student.tugraz.at>
Signed-off-by: Moritz Lipp <moritz.lipp@iaik.tugraz.at>
Signed-off-by: Daniel Gruss <daniel.gruss@iaik.tugraz.at>
Signed-off-by: Michael Schwarz <michael.schwarz@iaik.tugraz.at>
Acked-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-f0b9d2d
Linux 4.4.101
mm/pagewalk.c: report holes in hugetlb ranges
mm/page_ext.c: check if page_ext is not prepared
mm: check the return value of lookup_page_ext for all call sites
coda: fix 'kernel memory exposure attempt' in fsync
mm/page_alloc.c: broken deferred calculation
ipmi: fix unsigned long underflow
ocfs2: should wait dio before inode lock in ocfs2_setattr()
nvme: Fix memory order on async queue deletion
arm64: fix dump_instr when PAN and UAO are in use
serial: omap: Fix EFR write on RTS deassertion
ima: do not update security.ima if appraisal status is not INTEGRITY_PASS
net/sctp: Always set scope_id in sctp_inet6_skb_msgname
fealnx: Fix building error on MIPS
sctp: do not peel off an assoc from one netns to another one
af_netlink: ensure that NLMSG_DONE never fails in dumps
vlan: fix a use-after-free in vlan_device_event()
bonding: discard lowest hash bit for 802.3ad layer3+4
netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
tcp: do not mangle skb->cb[] in tcp_make_synack()
Conflicts:
mm/debug-pagealloc.c
mm/page_ext.c
mm/page_owner.c
Change-Id: I551aff1b4c8a0d72f64a234abb8ac88990fbc9e5
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
* refs/heads/tmp-7eab308
Linux 4.4.99
misc: panel: properly restore atomic counter on error path
target: Fix node_acl demo-mode + uncached dynamic shutdown regression
target/iscsi: Fix iSCSI task reassignment handling
brcmfmac: remove setting IBSS mode when stopping AP
tipc: fix link attribute propagation bug
security/keys: add CONFIG_KEYS_COMPAT to Kconfig
tcp/dccp: fix other lockdep splats accessing ireq_opt
tcp/dccp: fix lockdep splat in inet_csk_route_req()
tcp/dccp: fix ireq->opt races
ipip: only increase err_count for some certain type icmp in ipip_err
ppp: fix race in ppp device destruction
sctp: reset owner sk for data chunks on out queues when migrating a sock
tun: allow positive return values on dev_get_valid_name() call
ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err
net/unix: don't show information about sockets from other namespaces
ipv6: flowlabel: do not leave opt->tot_len with garbage
packet: avoid panic in packet_getsockopt()
sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect
tun: call dev_get_valid_name() before register_netdevice()
l2tp: check ps->sock before running pppol2tp_session_ioctl()
tcp: fix tcp_mtu_probe() vs highest_sack
tun/tap: sanitize TUNSETSNDBUF input
ALSA: seq: Cancel pending autoload work at unbinding device
Input: ims-psu - check if CDC union descriptor is sane
usb: usbtest: fix NULL pointer dereference
mac80211: don't compare TKIP TX MIC key in reinstall prevention
mac80211: use constant time comparison with keys
mac80211: accept key reinstall without changing anything
FROMLIST: binder: fix proc->files use-after-free
Change-Id: I9aaf4f803a5da1fc983879a214b2fddda7879f41
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
* refs/heads/tmp-03d4af8
Linux 4.4.98
PKCS#7: fix unitialized boolean 'want'
x86/oprofile/ppro: Do not use __this_cpu*() in preemptible context
can: c_can: don't indicate triple sampling support for D_CAN
can: sun4i: handle overrun in RX FIFO
rbd: use GFP_NOIO for parent stat and data requests
drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue
Input: elan_i2c - add ELAN060C to the ACPI table
MIPS: AR7: Ensure that serial ports are properly set up
MIPS: AR7: Defer registration of GPIO
tools: firmware: check for distro fallback udev cancel rule
selftests: firmware: send expected errors to /dev/null
selftests: firmware: add empty string and async tests
test: firmware_class: report errors properly on failure
MIPS: SMP: Fix deadlock & online race
MIPS: Fix race on setting and getting cpu_online_mask
MIPS: SMP: Use a completion event to signal CPU up
MIPS: Fix CM region target definitions
MIPS: microMIPS: Fix incorrect mask in insn_table_MM
ALSA: seq: Avoid invalid lockdep class warning
ALSA: seq: Fix OSS sysex delivery in OSS emulation
ARM: 8720/1: ensure dump_instr() checks addr_limit
KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]
crypto: x86/sha1-mb - fix panic due to unaligned access
workqueue: Fix NULL pointer dereference
x86/uaccess, sched/preempt: Verify access_ok() context
platform/x86: hp-wmi: Do not shadow error values
platform/x86: hp-wmi: Fix error value for hp_wmi_tablet_state
KEYS: trusted: fix writing past end of buffer in trusted_read()
KEYS: trusted: sanitize all key material
cdc_ncm: Set NTB format again after altsetting switch for Huawei devices
platform/x86: hp-wmi: Fix detection for dock and tablet mode
net: dsa: select NET_SWITCHDEV
s390/qeth: issue STARTLAN as first IPA command
IB/ipoib: Change list_del to list_del_init in the tx object
Input: mpr121 - set missing event capability
Input: mpr121 - handle multiple bits change of status register
IPsec: do not ignore crypto err in ah4 input
netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family
usb: hcd: initialize hcd->flags to 0 when rm hcd
serial: sh-sci: Fix register offsets for the IRDA serial port
phy: increase size of MII_BUS_ID_SIZE and bus_id
iio: trigger: free trigger resource correctly
crypto: vmx - disable preemption to enable vsx in aes_ctr.c
ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6
powerpc/corenet: explicitly disable the SDHC controller on kmcoge4
iommu/arm-smmu-v3: Clear prior settings when updating STEs
KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter
drm: drm_minor_register(): Clean up debugfs on failure
xen/netback: set default upper limit of tx/rx queues to 8
PCI: mvebu: Handle changes to the bridge windows while enabled
video: fbdev: pmag-ba-fb: Remove bad `__init' annotation
adv7604: Initialize drive strength to default when using DT
ANDROID: binder: clarify deferred thread work.
FROMLIST: arm64: Avoid aligning normal memory pointers in __memcpy_{to,from}io
Conflicts:
arch/arm64/kernel/io.c
Change-Id: I992fcf368dbc672ad7d6ae31e87f289f4d7df2bf
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlo6J9YACgkQONu9yGCS
aT7Cdg/8D7+btjAJPjk/suKUBSOpfSkYIoakaVSGf7r7gFv7SkMF023SikLUK+vN
xa0FL1bYASzXuKgcxY9vB7ZkCDShrglqTCIpbWwHJhwS0fRGTGrMN2MM+opVgeoG
4ngnEPLue5TqZs3LVrpTySQFODlxnY3C4lpKopN7QNrcr1M5iiMELXCJu/qy6JhC
ZBsRGUY8GHbouqC0YSqNlrv+C7zbfAlaawIBDSmYm0R4F+TuqoKZlBGAJ9lbALcZ
pM8OaOXx9v471RhE7Tcsl3Eiz3vKHFKWxG/ZujkSqB21wPq6gd4VuP/wMuelX0GC
rDTb/nn9Zhmv7UCOn62htlRLrAnSaJ9FlEK+u3TJ+XBGE9gmanH9IjIljCehEZeI
55Vm7q6IwQT2WvgTzqUoco4AYI37T9pqJ++I1E3jY/zk+bfCIQ1ZMpMXmwAUx738
m7boO38eRnyXMxqf4hfVQ4BFPkwaxdW/I3LDanE6U85Hw2nI2uZIPHRbVrC6gAPS
aY9EUFEancxu4mW92mWWKrEnEWs5Jsb313ISAKSU75WwWmZ/tgsUtSzvY7XNPwYr
G//HbPA5zNFdM1zSO4HQiLYjOqAiwNNAbDEWKoYr8MQpgYbTB4/SgT15mJzw6uTo
WtKZsIWMYiXVW8cNhQiWAVUJVf66GMlc6kHcyHU7YHH3obZAYXU=
=DNsf
-----END PGP SIGNATURE-----
Merge 4.4.107 into android-4.4
Changes in 4.4.107
crypto: hmac - require that the underlying hash algorithm is unkeyed
crypto: salsa20 - fix blkcipher_walk API usage
autofs: fix careless error in recent commit
tracing: Allocate mask_str buffer dynamically
USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID
USB: core: prevent malicious bNumInterfaces overflow
usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
ceph: drop negative child dentries before try pruning inode's alias
Bluetooth: btusb: driver to enable the usb-wakeup feature
xhci: Don't add a virt_dev to the devs array before it's fully allocated
sched/rt: Do not pull from current CPU if only one CPU to pull
dmaengine: dmatest: move callback wait queue to thread context
ext4: fix fdatasync(2) after fallocate(2) operation
ext4: fix crash when a directory's i_size is too small
KEYS: add missing permission check for request_key() destination
mac80211: Fix addition of mesh configuration element
usb: phy: isp1301: Add OF device ID table
md-cluster: free md_cluster_info if node leave cluster
userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE
userfaultfd: selftest: vm: allow to build in vm/ directory
net: initialize msg.msg_flags in recvfrom
net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values
net: bcmgenet: correct MIB access of UniMAC RUNT counters
net: bcmgenet: reserved phy revisions must be checked first
net: bcmgenet: power down internal phy if open or resume fails
net: bcmgenet: Power up the internal PHY before probing the MII
NFSD: fix nfsd_minorversion(.., NFSD_AVAIL)
NFSD: fix nfsd_reset_versions for NFSv4.
Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list
drm/omap: fix dmabuf mmap for dma_alloc'ed buffers
netfilter: bridge: honor frag_max_size when refragmenting
writeback: fix memory leak in wb_queue_work()
net: wimax/i2400m: fix NULL-deref at probe
dmaengine: Fix array index out of bounds warning in __get_unmap_pool()
net: Resend IGMP memberships upon peer notification.
mlxsw: reg: Fix SPVM max record count
mlxsw: reg: Fix SPVMLR max record count
intel_th: pci: Add Gemini Lake support
openrisc: fix issue handling 8 byte get_user calls
scsi: hpsa: update check for logical volume status
scsi: hpsa: limit outstanding rescans
fjes: Fix wrong netdevice feature flags
drm/radeon/si: add dpm quirk for Oland
sched/deadline: Make sure the replenishment timer fires in the next period
sched/deadline: Throttle a constrained deadline task activated after the deadline
sched/deadline: Use deadline instead of period when calculating overflow
mmc: mediatek: Fixed bug where clock frequency could be set wrong
drm/radeon: reinstate oland workaround for sclk
afs: Fix missing put_page()
afs: Populate group ID from vnode status
afs: Adjust mode bits processing
afs: Flush outstanding writes when an fd is closed
afs: Migrate vlocation fields to 64-bit
afs: Prevent callback expiry timer overflow
afs: Fix the maths in afs_fs_store_data()
afs: Populate and use client modification time
afs: Fix page leak in afs_write_begin()
afs: Fix afs_kill_pages()
net/mlx4_core: Avoid delays during VF driver device shutdown
perf symbols: Fix symbols__fixup_end heuristic for corner cases
efi/esrt: Cleanup bad memory map log messages
NFSv4.1 respect server's max size in CREATE_SESSION
btrfs: add missing memset while reading compressed inline extents
target: Use system workqueue for ALUA transitions
target: fix ALUA transition timeout handling
target: fix race during implicit transition work flushes
sfc: don't warn on successful change of MAC
fbdev: controlfb: Add missing modes to fix out of bounds access
video: udlfb: Fix read EDID timeout
video: fbdev: au1200fb: Release some resources if a memory allocation fails
video: fbdev: au1200fb: Return an error code if a memory allocation fails
rtc: pcf8563: fix output clock rate
dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type
PCI/PME: Handle invalid data when reading Root Status
powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo
netfilter: ipvs: Fix inappropriate output of procfs
powerpc/opal: Fix EBUSY bug in acquiring tokens
powerpc/ipic: Fix status get and status clear
target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
iscsi-target: fix memory leak in lio_target_tiqn_addtpg()
target:fix condition return in core_pr_dump_initiator_port()
target/file: Do not return error for UNMAP if length is zero
arm-ccn: perf: Prevent module unload while PMU is in use
crypto: tcrypt - fix buffer lengths in test_aead_speed()
mm: Handle 0 flags in _calc_vm_trans() macro
clk: mediatek: add the option for determining PLL source clock
clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU
clk: tegra: Fix cclk_lp divisor register
ppp: Destroy the mutex when cleanup
thermal/drivers/step_wise: Fix temperature regulation misbehavior
GFS2: Take inode off order_write list when setting jdata flag
bcache: explicitly destroy mutex while exiting
bcache: fix wrong cache_misses statistics
l2tp: cleanup l2tp_tunnel_delete calls
xfs: fix log block underflow during recovery cycle verification
xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real
PCI: Detach driver before procfs & sysfs teardown on device remove
scsi: hpsa: cleanup sas_phy structures in sysfs when unloading
scsi: hpsa: destroy sas transport properties before scsi_host
powerpc/perf/hv-24x7: Fix incorrect comparison in memord
tty fix oops when rmmod 8250
usb: musb: da8xx: fix babble condition handling
pinctrl: adi2: Fix Kconfig build problem
raid5: Set R5_Expanded on parity devices as well as data.
scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry
vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend
scsi: sd: change manage_start_stop to bool in sysfs interface
scsi: sd: change allow_restart to bool in sysfs interface
scsi: bfa: integer overflow in debugfs
udf: Avoid overflow when session starts at large offset
macvlan: Only deliver one copy of the frame to the macvlan interface
RDMA/cma: Avoid triggering undefined behavior
IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop
ath9k: fix tx99 potential info leak
Linux 4.4.107
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 4dca6ea1d9432052afb06baf2e3ae78188a4410b upstream.
When the request_key() syscall is not passed a destination keyring, it
links the requested key (if constructed) into the "default" request-key
keyring. This should require Write permission to the keyring. However,
there is actually no permission check.
This can be abused to add keys to any keyring to which only Search
permission is granted. This is because Search permission allows joining
the keyring. keyctl_set_reqkey_keyring(KEY_REQKEY_DEFL_SESSION_KEYRING)
then will set the default request-key keyring to the session keyring.
Then, request_key() can be used to add keys to the keyring.
Both negatively and positively instantiated keys can be added using this
method. Adding negative keys is trivial. Adding a positive key is a
bit trickier. It requires that either /sbin/request-key positively
instantiates the key, or that another thread adds the key to the process
keyring at just the right time, such that request_key() misses it
initially but then finds it in construct_alloc_key().
Fix this bug by checking for Write permission to the keyring in
construct_get_dest_keyring() when the default keyring is being used.
We don't do the permission check for non-default keyrings because that
was already done by the earlier call to lookup_user_key(). Also,
request_key_and_link() is currently passed a 'struct key *' rather than
a key_ref_t, so the "possessed" bit is unavailable.
We also don't do the permission check for the "requestor keyring", to
continue to support the use case described by commit 8bbf4976b5
("KEYS: Alter use of key instantiation link-to-keyring argument") where
/sbin/request-key recursively calls request_key() to add keys to the
original requestor's destination keyring. (I don't know of any users
who actually do that, though...)
Fixes: 3e30148c3d ("[PATCH] Keys: Make request-key create an authorisation key")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-46d256d
Linux 4.4.97
staging: r8712u: Fix Sparse warning in rtl871x_xmit.c
xen: don't print error message in case of missing Xenstore entry
bt8xx: fix memory leak
s390/dasd: check for device error pointer within state change interrupts
mei: return error on notification request to a disconnected client
exynos4-is: fimc-is: Unmap region obtained by of_iomap()
staging: lustre: ptlrpc: skip lock if export failed
staging: lustre: hsm: stack overrun in hai_dump_data_field
staging: lustre: llite: don't invoke direct_IO for the EOF case
platform/x86: intel_mid_thermal: Fix module autoload
scsi: aacraid: Process Error for response I/O
xen/manage: correct return value check on xenbus_scanf()
cx231xx: Fix I2C on Internal Master 3 Bus
perf tools: Only increase index if perf_evsel__new_idx() succeeds
drm/amdgpu: when dpm disabled, also need to stop/start vce.
i2c: riic: correctly finish transfers
ext4: do not use stripe_width if it is not set
ext4: fix stripe-unaligned allocations
staging: rtl8712u: Fix endian settings for structs describing network packets
mfd: axp20x: Fix axp288 PEK_DBR and PEK_DBF irqs being swapped
mfd: ab8500-sysctrl: Handle probe deferral
ARM: pxa: Don't rely on public mmc header to include leds.h
mmc: s3cmci: include linux/interrupt.h for tasklet_struct
PM / wakeirq: report a wakeup_event on dedicated wekup irq
Fix tracing sample code warning.
tracing/samples: Fix creation and deletion of simple_thread_fn creation
drm/msm: fix an integer overflow test
drm/msm: Fix potential buffer overflow issue
perf tools: Fix build failure on perl script context
ocfs2: fstrim: Fix start offset of first cluster group during fstrim
ARM: 8715/1: add a private asm/unaligned.h
ARM: dts: mvebu: pl310-cache disable double-linefill
arm64: ensure __dump_instr() checks addr_limit
ASoC: adau17x1: Workaround for noise bug in ADC
KEYS: fix out-of-bounds read during ASN.1 parsing
KEYS: return full count in keyring_read() if buffer is too small
cifs: check MaxPathNameComponentLength != 0 before using it
ALSA: seq: Fix nested rwsem annotation for lockdep splat
ALSA: timer: Add missing mutex lock for compat ioctls
BACKPORT: xfrm: Clear sk_dst_cache when applying per-socket policy.
Revert "ANDROID: sched/rt: schedtune: Add boost retention to RT"
cpufreq: Drop schedfreq governor
ANDROID: sched/rt: schedtune: Add boost retention to RT
ANDROID: sched/rt: add schedtune accounting
ANDROID: Revert "arm64: move ELF_ET_DYN_BASE to 4GB / 4MB"
ANDROID: Revert "arm: move ELF_ET_DYN_BASE to 4MB"
sched: EAS: Fix the calculation of group util in group_idle_state()
sched: EAS: update trg_cpu to backup_cpu if no energy saving for target_cpu
sched: EAS: Fix the condition to distinguish energy before/after
Conflicts:
drivers/cpufreq/Kconfig
drivers/gpu/drm/msm/msm_gem_submit.c
kernel/sched/core.c
kernel/sched/fair.c
kernel/sched/rt.c
kernel/sched/sched.h
Change-Id: I0d8c5287cb67fd47c8944a002c0ca71adcdef537
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlosIJUACgkQONu9yGCS
aT5/DQ/9Hkroo15HPErzBhLUIo3tdT8HyMBSA5gjy3x+fYBBkbj1HvyPWlwbZVgQ
q2xQs7+Au8UlLLOV2UDz5C3K+hU4tM+uS3TC781ats5+VYWXAg6lXMshqwuXCDCX
eZ1joC1cs+tHQ1AinXV341c6TX9HOQ1/kwZRxvS9q/n8PQd71uzIXxsp/AkqloMQ
zTYz4FKdFPmKrHmMHR2X4MbRX85S5S57IJwmsfFEB+89PhfHGT5UkuClUuVrxV6m
a34BcDDG2SZ9V58OEDS99SJIvVthyisv7iDwoe6qBO0cITI/DiZ15T53gR+6nhMd
L+Y78wWohLFXxNoQFVXax/viFlsSju9j3f9NZeBb3olFlGuSiITsoJethU33Tzg0
Lf1X9ELMekBDyE/e2nYN+wILz6WioWxHrJ9nqAkwxOAL8YQTjfiUnjv/TUO/AJZ3
dmoJyrHOjkUTJpSQXx60ZwyvIyBv/oy8CWbr0lzVoq23OBrP26o/1C1Sbrm6bGMG
6fUccAqFEG9IW7fxUM0ojFRGL/+eSkHIMeEQopfNs4XXIBV53kUD8en+Hf4n5sic
NskK/UZSrC8KCAG4wmv1T+alDSrjhn+7xMdzRieEthhjFouwH3i8OROaVS+YX8+y
oDZpCZxBMhMCFKl+CWbqj8+DdNJQgs5+7R6YhEjEmxpiPfIPQhQ=
=XPGm
-----END PGP SIGNATURE-----
Merge 4.4.105 into android-4.4
Changes in 4.4.105
bcache: only permit to recovery read error when cache device is clean
bcache: recover data from backing when data is clean
uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
serial: 8250_pci: Add Amazon PCI serial device ID
s390/runtime instrumentation: simplify task exit handling
USB: serial: option: add Quectel BG96 id
ima: fix hash algorithm initialization
s390/pci: do not require AIS facility
selftests/x86/ldt_get: Add a few additional tests for limits
serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
spi: sh-msiof: Fix DMA transfer size check
usb: phy: tahvo: fix error handling in tahvo_usb_probe()
serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
EDAC, sb_edac: Fix missing break in switch
sysrq : fix Show Regs call trace on ARM
perf test attr: Fix ignored test case result
kprobes/x86: Disable preemption in ftrace-based jprobes
net: systemport: Utilize skb_put_padto()
net: systemport: Pad packet before inserting TSB
ARM: OMAP1: DMA: Correct the number of logical channels
vti6: fix device register to report IFLA_INFO_KIND
net/appletalk: Fix kernel memory disclosure
ravb: Remove Rx overflow log messages
nfs: Don't take a reference on fl->fl_file for LOCK operation
KVM: arm/arm64: Fix occasional warning from the timer work function
NFSv4: Fix client recovery when server reboots multiple times
drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement
net: sctp: fix array overrun read on sctp_timer_tbl
tipc: fix cleanup at module unload
dmaengine: pl330: fix double lock
tcp: correct memory barrier usage in tcp_check_space()
mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers
xen-netfront: Improve error handling during initialization
net: fec: fix multicast filtering hardware setup
Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"
usb: hub: Cycle HUB power when initialization fails
usb: xhci: fix panic in xhci_free_virt_devices_depth_first
usb: Add USB 3.1 Precision time measurement capability descriptor support
usb: ch9: Add size macro for SSP dev cap descriptor
USB: core: Add type-specific length check of BOS descriptors
USB: Increase usbfs transfer limit
USB: devio: Prevent integer overflow in proc_do_submiturb()
USB: usbfs: Filter flags passed in from user space
usb: host: fix incorrect updating of offset
xen-netfront: avoid crashing on resume after a failure in talk_to_netback()
Linux 4.4.105
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit ebe7c0a7be92bbd34c6ff5b55810546a0ee05bee ]
The hash_setup function always sets the hash_setup_done flag, even
when the hash algorithm is invalid. This prevents the default hash
algorithm defined as CONFIG_IMA_DEFAULT_HASH from being used.
This patch sets hash_setup_done flag only for valid hash algorithms.
Fixes: e7a2ad7eb6 "ima: enable support for larger default filedata hash algorithms"
Signed-off-by: Boshi Wang <wangboshi@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAloXywoACgkQONu9yGCS
aT78dxAAoM0uHsL9r+ivJ4uMj81dwBL3Rd/1Lb/PMV5Yblh/LJ2WOcXriq/JgMLt
+ARoyugEpB8JzAi1Y3bq3Jku2TYcT0o55UmjRgZzQitdX5o8j1g1baNnpRuMz63z
S/g4Msh5aJyoHmwgxWZ+mWKn3SYdNwHy+r0gGwgtvlUO97iXqwM3nqQ/4tHnIv1B
sz0NtJ7cgFvWVaneUkZ4z0ZGTlKfxaQg95enyyCRWM7MJ6Be03+KnhmQZ6GEb8vP
tf9GtXiMEDJdwppDmXjtdjFW5adejBOoCF/grvbQoEdn7XPC47k6/l5Y6A3PYLMj
kqlC8IbMHbiQXvgwezxp6Mv+oc+LuSjSCVikZW2SGMacs5kF92+0MIUvBtfUwvsA
FP7q6jUcT3Or4xiG4xLDQW+RLPetidd+1Ms4jia6jaCajbMjU7ZYaBuAplT4qhIl
koJ9pn1ksna3fUyxnNFJttUN2ulGDzcSBP5EZf3bLWMXkG4daa8Cen7vBkG1VqZE
tspXCbB/mZ/eGv/rH3b7F2BVfP2RY0YqlUZzmfTXIoCwqcmX1zGi/KMfepcZTH3b
LOo8CBmTgSYXYh0/16GAUH3ds3QQt8d0oeaCEtf8BaAZnq5R3M8doZzGzTB6LGjG
Rn1KsUzJPKSqgYis3FTJNU3wmPokvV1ZVXK/ee9zMq5zOtyJyOg=
=XIwd
-----END PGP SIGNATURE-----
Merge 4.4.101 into android-4.4
Changes in 4.4.101
tcp: do not mangle skb->cb[] in tcp_make_synack()
netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
bonding: discard lowest hash bit for 802.3ad layer3+4
vlan: fix a use-after-free in vlan_device_event()
af_netlink: ensure that NLMSG_DONE never fails in dumps
sctp: do not peel off an assoc from one netns to another one
fealnx: Fix building error on MIPS
net/sctp: Always set scope_id in sctp_inet6_skb_msgname
ima: do not update security.ima if appraisal status is not INTEGRITY_PASS
serial: omap: Fix EFR write on RTS deassertion
arm64: fix dump_instr when PAN and UAO are in use
nvme: Fix memory order on async queue deletion
ocfs2: should wait dio before inode lock in ocfs2_setattr()
ipmi: fix unsigned long underflow
mm/page_alloc.c: broken deferred calculation
coda: fix 'kernel memory exposure attempt' in fsync
mm: check the return value of lookup_page_ext for all call sites
mm/page_ext.c: check if page_ext is not prepared
mm/pagewalk.c: report holes in hugetlb ranges
Linux 4.4.101
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 020aae3ee58c1af0e7ffc4e2cc9fe4dc630338cb upstream.
Commit b65a9cfc2c ("Untangling ima mess, part 2: deal with counters")
moved the call of ima_file_check() from may_open() to do_filp_open() at a
point where the file descriptor is already opened.
This breaks the assumption made by IMA that file descriptors being closed
belong to files whose access was granted by ima_file_check(). The
consequence is that security.ima and security.evm are updated with good
values, regardless of the current appraisal status.
For example, if a file does not have security.ima, IMA will create it after
opening the file for writing, even if access is denied. Access to the file
will be allowed afterwards.
Avoid this issue by checking the appraisal status before updating
security.ima.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAloQBz0ACgkQONu9yGCS
aT5nQxAAs/xWKpYLSLvLPYnTOmSmNJ36isgFriVT+wWOLzkrWTWuoQnluDjMQjie
nH6whZMlOnG+k5GrGF3XymxZ66tDj9TlXnPAHCC8ikcqir2/dBO/gO5v2gmFgF2E
j52mt09I3acBQJEt+Rz3xJCMa5so61uDYGtqk/URcPEW1nBa1rfA1QIy/9zv2/aw
2yPSz4NQlv+7yvjguw4Ik5Yt/hGeu1Y8Kuc4bVHG2TB+y0QYwri42bBwQV7llili
XqwfjFJYGMqWJqHGF/p0hD+/Xylw6GnDzxDZQDMNhsuWcfe3tUhuOVkX30E96fh2
ipT4wI5DTmql8EN/r/P7VS2BKL4W5HEMeNEd2APkGNGnSrzKGbd0CQ+cWVZbr645
R03AbqZjhaQKwRi+n82q1mMb4p+3Z/F/T8twHmYg/DLta3kzzRdfVJPNFBFIoSnF
Bay8KJKqoMv2Bjhla78pHMoqSQ9j/fJc2iPIAABtFlsTjic+/STiS7ANAsmDdJtt
8XXc6mFQfbulKKlKKqudPLjOpUNu1SrsOcc9gmovbTy7dN6FBOfJwFMCYonNyXAc
6/ACSxYJlnZ9YEacEmcXmz0GTytyKiTYE3fNsXc/8fHnRZ1+yea9Mo77wWkj7K4V
IqNIJMCW8K+P97oL6mdUBZwMUi4zrWueakMq8SWBdKYaD5yeV2k=
=ql4j
-----END PGP SIGNATURE-----
Merge 4.4.99 into android-4.4
Changes in 4.4.99
mac80211: accept key reinstall without changing anything
mac80211: use constant time comparison with keys
mac80211: don't compare TKIP TX MIC key in reinstall prevention
usb: usbtest: fix NULL pointer dereference
Input: ims-psu - check if CDC union descriptor is sane
ALSA: seq: Cancel pending autoload work at unbinding device
tun/tap: sanitize TUNSETSNDBUF input
tcp: fix tcp_mtu_probe() vs highest_sack
l2tp: check ps->sock before running pppol2tp_session_ioctl()
tun: call dev_get_valid_name() before register_netdevice()
sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect
packet: avoid panic in packet_getsockopt()
ipv6: flowlabel: do not leave opt->tot_len with garbage
net/unix: don't show information about sockets from other namespaces
ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err
tun: allow positive return values on dev_get_valid_name() call
sctp: reset owner sk for data chunks on out queues when migrating a sock
ppp: fix race in ppp device destruction
ipip: only increase err_count for some certain type icmp in ipip_err
tcp/dccp: fix ireq->opt races
tcp/dccp: fix lockdep splat in inet_csk_route_req()
tcp/dccp: fix other lockdep splats accessing ireq_opt
security/keys: add CONFIG_KEYS_COMPAT to Kconfig
tipc: fix link attribute propagation bug
brcmfmac: remove setting IBSS mode when stopping AP
target/iscsi: Fix iSCSI task reassignment handling
target: Fix node_acl demo-mode + uncached dynamic shutdown regression
misc: panel: properly restore atomic counter on error path
Linux 4.4.99
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 47b2c3fff4932e6fc17ce13d51a43c6969714e20 upstream.
CONFIG_KEYS_COMPAT is defined in arch-specific Kconfigs and is missing for
several 64-bit architectures : mips, parisc, tile.
At the moment and for those architectures, calling in 32-bit userspace the
keyctl syscall would return an ENOSYS error.
This patch moves the CONFIG_KEYS_COMPAT option to security/keys/Kconfig, to
make sure the compatibility wrapper is registered by default for any 64-bit
architecture as long as it is configured with CONFIG_COMPAT.
[DH: Modified to remove arm64 compat enablement also as requested by Eric
Biggers]
Signed-off-by: Bilal Amarni <bilal.amarni@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
cc: Eric Biggers <ebiggers3@gmail.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Cc: James Cowgill <james.cowgill@mips.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAloMZ5oACgkQONu9yGCS
aT7uNg//Yr5QbYa+KgrcZaDLRH0otZkXsgwu4pt0uSW7Cudc5j6s2/RBSDxM1qvH
9Dnj9PY7gmC9xSC9qzBf/p8VzNv1ZxxNRkrvgR4sSMiL2o4Up8Yhs7mvxAZoagmQ
N3fsXrwgrly8qn1oQh5Q5zT2FZMVpnIjvNGDW1Rf+AhjyUQ5hXdVft88O705q0Ok
yPlJ0b/Y9sMLiUe65jxwaZS+0RnpjWEM3V7n2gOSoiYXuVaqwMC5lUsasUYBNeU4
o9tf4DR/9+3SAzcSbwYdC+MCLNia/FCw0N+RJk28eaMoca5ifOcPQEXAhC9u6N/V
XsSx79cV4I+X9wdH/L1jqw6LZn5Zh57tH1s1izB8cuBP51OEhltKuIBPSqhVSqDe
YSuho1hU32Kx1peTixwYwNikAmPMJ7biTCkA6azmFM7QWkX0Pq5kSF6nOV99fcCt
LWDfvHrOYmQfr8tLM0+/OnE0DtVDga5z0Bx9cKGjX9EPqtzi+wbBFWV1ccqNlnx6
1T7JQ98fNtFKo++jBy7RmIpGVkDkF/sio2lamboWB0ite4HuLwQwmISaHfJv7OE/
4m+mmBmSng3kUv9yFyNHhjaKVebveSHsF7aG/KhGd1ZbKFGPqC1Vz3naXvHzNDiD
HJGbMUOz9uH3jgugNP2zI8kqOKPL81YMZ5xyAZ6JyuAa/GgMW/Q=
=DOmu
-----END PGP SIGNATURE-----
Merge 4.4.98 into android-4.4
Changes in 4.4.98
adv7604: Initialize drive strength to default when using DT
video: fbdev: pmag-ba-fb: Remove bad `__init' annotation
PCI: mvebu: Handle changes to the bridge windows while enabled
xen/netback: set default upper limit of tx/rx queues to 8
drm: drm_minor_register(): Clean up debugfs on failure
KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter
iommu/arm-smmu-v3: Clear prior settings when updating STEs
powerpc/corenet: explicitly disable the SDHC controller on kmcoge4
ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6
crypto: vmx - disable preemption to enable vsx in aes_ctr.c
iio: trigger: free trigger resource correctly
phy: increase size of MII_BUS_ID_SIZE and bus_id
serial: sh-sci: Fix register offsets for the IRDA serial port
usb: hcd: initialize hcd->flags to 0 when rm hcd
netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family
IPsec: do not ignore crypto err in ah4 input
Input: mpr121 - handle multiple bits change of status register
Input: mpr121 - set missing event capability
IB/ipoib: Change list_del to list_del_init in the tx object
s390/qeth: issue STARTLAN as first IPA command
net: dsa: select NET_SWITCHDEV
platform/x86: hp-wmi: Fix detection for dock and tablet mode
cdc_ncm: Set NTB format again after altsetting switch for Huawei devices
KEYS: trusted: sanitize all key material
KEYS: trusted: fix writing past end of buffer in trusted_read()
platform/x86: hp-wmi: Fix error value for hp_wmi_tablet_state
platform/x86: hp-wmi: Do not shadow error values
x86/uaccess, sched/preempt: Verify access_ok() context
workqueue: Fix NULL pointer dereference
crypto: x86/sha1-mb - fix panic due to unaligned access
KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]
ARM: 8720/1: ensure dump_instr() checks addr_limit
ALSA: seq: Fix OSS sysex delivery in OSS emulation
ALSA: seq: Avoid invalid lockdep class warning
MIPS: microMIPS: Fix incorrect mask in insn_table_MM
MIPS: Fix CM region target definitions
MIPS: SMP: Use a completion event to signal CPU up
MIPS: Fix race on setting and getting cpu_online_mask
MIPS: SMP: Fix deadlock & online race
test: firmware_class: report errors properly on failure
selftests: firmware: add empty string and async tests
selftests: firmware: send expected errors to /dev/null
tools: firmware: check for distro fallback udev cancel rule
MIPS: AR7: Defer registration of GPIO
MIPS: AR7: Ensure that serial ports are properly set up
Input: elan_i2c - add ELAN060C to the ACPI table
drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue
rbd: use GFP_NOIO for parent stat and data requests
can: sun4i: handle overrun in RX FIFO
can: c_can: don't indicate triple sampling support for D_CAN
x86/oprofile/ppro: Do not use __this_cpu*() in preemptible context
PKCS#7: fix unitialized boolean 'want'
Linux 4.4.98
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit a3c812f7cfd80cf51e8f5b7034f7418f6beb56c1 upstream.
When calling keyctl_read() on a key of type "trusted", if the
user-supplied buffer was too small, the kernel ignored the buffer length
and just wrote past the end of the buffer, potentially corrupting
userspace memory. Fix it by instead returning the size required, as per
the documentation for keyctl_read().
We also don't even fill the buffer at all in this case, as this is
slightly easier to implement than doing a short read, and either
behavior appears to be permitted. It also makes it match the behavior
of the "encrypted" key type.
Fixes: d00a1c72f7 ("keys: add new trusted key-type")
Reported-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ee618b4619b72527aaed765f0f0b74072b281159 upstream.
As the previous patch did for encrypted-keys, zero sensitive any
potentially sensitive data related to the "trusted" key type before it
is freed. Notably, we were not zeroing the tpm_buf structures in which
the actual key is stored for TPM seal and unseal, nor were we zeroing
the trusted_key_payload in certain error paths.
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Safford <safford@us.ibm.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
ICE clock funciton masks the error code from
scm call. This might introduce unwanted issues
in device. Ensure to return proper error code
to storage frameworks.
Change-Id: Ibd7358c3b19d23d5995cf267f56ef3bacf166569
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAloCyRkACgkQONu9yGCS
aT7NQg/+JtZQkSf/TU59WhiyQjdCxc9Z05pZZUOYdoWWdOR4gwTcorz+S4fATu8H
uh7AYmyIa8Bna+8O1bWwjQ7/qbyAlku3nQ03oSJR/26Y3vyU7qRaGEAmU7olEyCs
jxTkA3tIz0ppsxfGpYIRXOGwgaEGrIgz0K6IpZJUV+xu4HAq/oesy7YaV+Nwa7wh
CHZsm8mAkeXCg1afCklJX/WasoxKK5979fLP9uN+9ZCpvnFcdxAQLtQ46zjJquvE
NlBPbtsf4h/QVuXeCL9dA+JjabnV2tZLzluCpaUAV8YZi2DoMFcrT88+/HXLi6Re
dBHAdMaAS06vmVSX63gSMOScv5Kd21FmOwVVzH4LD0YYWPPT7x/sYK+9CAmJckYS
HIfqbUDm8hnhp4GQffqJt2YK7SHvx0JFd0/kw/fubN5R3dZU+JpINGnxgMW9oXja
UDHPhTpqEKdkNYh7/CUFfectTclMPP8HXiU2rZvCyyYyzAYj4pST4wKawX6S1czu
nKRWh1Ae7E6MbuyjvRad9h7BTV/XC716d5K0xiN/t2YuSVHbVgll5dUoOmks3anC
vwynTrXGol9jHoq5lJV5gKvCH1dajHx9NtDlZay/4Fw96fEBpJRGuT8mWF0rNPnv
rCa3TOVcp6CILLF95m4qv2RNKNFAIQLSExJ1Om8Z3W3vzwusVHg=
=UerM
-----END PGP SIGNATURE-----
Merge 4.4.97 into android-4.4
Changes in 4.4.97
ALSA: timer: Add missing mutex lock for compat ioctls
ALSA: seq: Fix nested rwsem annotation for lockdep splat
cifs: check MaxPathNameComponentLength != 0 before using it
KEYS: return full count in keyring_read() if buffer is too small
KEYS: fix out-of-bounds read during ASN.1 parsing
ASoC: adau17x1: Workaround for noise bug in ADC
arm64: ensure __dump_instr() checks addr_limit
ARM: dts: mvebu: pl310-cache disable double-linefill
ARM: 8715/1: add a private asm/unaligned.h
ocfs2: fstrim: Fix start offset of first cluster group during fstrim
perf tools: Fix build failure on perl script context
drm/msm: Fix potential buffer overflow issue
drm/msm: fix an integer overflow test
tracing/samples: Fix creation and deletion of simple_thread_fn creation
Fix tracing sample code warning.
PM / wakeirq: report a wakeup_event on dedicated wekup irq
mmc: s3cmci: include linux/interrupt.h for tasklet_struct
ARM: pxa: Don't rely on public mmc header to include leds.h
mfd: ab8500-sysctrl: Handle probe deferral
mfd: axp20x: Fix axp288 PEK_DBR and PEK_DBF irqs being swapped
staging: rtl8712u: Fix endian settings for structs describing network packets
ext4: fix stripe-unaligned allocations
ext4: do not use stripe_width if it is not set
i2c: riic: correctly finish transfers
drm/amdgpu: when dpm disabled, also need to stop/start vce.
perf tools: Only increase index if perf_evsel__new_idx() succeeds
cx231xx: Fix I2C on Internal Master 3 Bus
xen/manage: correct return value check on xenbus_scanf()
scsi: aacraid: Process Error for response I/O
platform/x86: intel_mid_thermal: Fix module autoload
staging: lustre: llite: don't invoke direct_IO for the EOF case
staging: lustre: hsm: stack overrun in hai_dump_data_field
staging: lustre: ptlrpc: skip lock if export failed
exynos4-is: fimc-is: Unmap region obtained by of_iomap()
mei: return error on notification request to a disconnected client
s390/dasd: check for device error pointer within state change interrupts
bt8xx: fix memory leak
xen: don't print error message in case of missing Xenstore entry
staging: r8712u: Fix Sparse warning in rtl871x_xmit.c
Linux 4.4.97
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 3239b6f29bdfb4b0a2ba59df995fc9e6f4df7f1f upstream.
Commit e645016abc80 ("KEYS: fix writing past end of user-supplied buffer
in keyring_read()") made keyring_read() stop corrupting userspace memory
when the user-supplied buffer is too small. However it also made the
return value in that case be the short buffer size rather than the size
required, yet keyctl_read() is actually documented to return the size
required. Therefore, switch it over to the documented behavior.
Note that for now we continue to have it fill the short buffer, since it
did that before (pre-v3.13) and dump_key_tree_aux() in keyutils arguably
relies on it.
Fixes: e645016abc80 ("KEYS: fix writing past end of user-supplied buffer in keyring_read()")
Reported-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-ceee5bd
BACKPORT: arm64: relocatable: suppress R_AARCH64_ABS64 relocations in vmlinux
sched/core: fix have_sched_energy_data build warning
sched/core: Warn if ENERGY_AWARE is enabled but data is missing
sched: walt: Correct WALT window size initialization
FROMLIST: sched/fair: Use wake_q length as a hint for wake_wide
sched: WALT: account cumulative window demand
sched/fair: remove useless variable in find_best_target
sched/tune: access schedtune_initialized under CGROUP_SCHEDTUNE
sched/fair: consider task utilization in group_max_util()
sched/fair: consider task utilization in group_norm_util()
sched/fair: enforce EAS mode
sched/fair: ignore backup CPU when not valid
sched/fair: trace energy_diff for non boosted tasks
UPSTREAM: sched/fair: Sync task util before slow-path wakeup
UPSTREAM: sched/fair: Fix usage of find_idlest_group() when the local group is idlest
UPSTREAM: sched/fair: Fix usage of find_idlest_group() when no groups are allowed
BACKPORT: sched/fair: Fix find_idlest_group when local group is not allowed
UPSTREAM: sched/fair: Remove unnecessary comparison with -1
BACKPORT: sched/fair: Move select_task_rq_fair slow-path into its own function
UPSTREAM: sched/fair: Force balancing on nohz balance if local group has capacity
UPSTREAM: sched/core: Add missing update_rq_clock() call in set_user_nice()
UPSTREAM: sched/core: Add missing update_rq_clock() call for task_hot()
UPSTREAM: sched/core: Add missing update_rq_clock() in detach_task_cfs_rq()
UPSTREAM: sched/core: Add missing update_rq_clock() in post_init_entity_util_avg()
UPSTREAM: sched/core: Fix find_idlest_group() for fork
BACKPORT: sched/fair: Fix PELT integrity for new tasks
BACKPORT: sched/cgroup: Fix cpu_cgroup_fork() handling
UPSTREAM: sched/fair: Fix and optimize the fork() path
BACKPORT: sched/fair: Make it possible to account fair load avg consistently
cpufreq/sched: Consider max cpu capacity when choosing frequencies
Linux 4.4.95
FS-Cache: fix dereference of NULL user_key_payload
fscrypto: require write access to mount to set encryption policy
KEYS: Fix race between updating and finding a negative key
fscrypt: fix dereference of NULL user_key_payload
f2fs crypto: add missing locking for keyring_key access
f2fs crypto: replace some BUG_ON()'s with error checks
sched/autogroup: Fix autogroup_move_group() to never skip sched_move_task()
parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels
parisc: Avoid trashing sr2 and sr3 in LWS code
pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.
KEYS: don't let add_key() update an uninstantiated key
lib/digsig: fix dereference of NULL user_key_payload
KEYS: encrypted: fix dereference of NULL user_key_payload
rtlwifi: rtl8821ae: Fix connection lost problem
clockevents/drivers/cs5535: Improve resilience to spurious interrupts
bus: mbus: fix window size calculation for 4GB windows
brcmsmac: make some local variables 'static const' to reduce stack size
i2c: ismt: Separate I2C block read from SMBus block read
ALSA: hda: Remove superfluous '-' added by printk conversion
ALSA: seq: Enable 'use' locking in all configurations
drm/nouveau/mmu: flush tlbs before deleting page tables
drm/nouveau/bsp/g92: disable by default
can: esd_usb2: Fix can_dlc value for received RTR, frames
usb: musb: Check for host-mode using is_host_active() on reset interrupt
usb: musb: sunxi: Explicitly release USB PHY on exit
can: gs_usb: fix busy loop if no more TX context is available
ALSA: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital
usb: hub: Allow reset retry for USB2 devices on connect bounce
usb: quirks: add quirk for WORLDE MINI MIDI keyboard
usb: cdc_acm: Add quirk for Elatec TWN3
USB: serial: metro-usb: add MS7820 device id
USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
USB: devio: Revert "USB: devio: Don't corrupt user memory"
ANDROID: binder: show high watermark of alloc->pages.
ANDROID: binder: Add thread->process_todo flag.
UPSTREAM: arm64: compat: Remove leftover variable declaration
ANDROID: sched/fair: Select correct capacity state for energy_diff
Revert "UPSTREAM: efi/libstub/arm64: Set -fpie when building the EFI stub"
cpufreq: schedutil: clamp util to CPU maximum capacity
FROMLIST: android: binder: Fix null ptr dereference in debug msg
FROMLIST: android: binder: Change binder_shrinker to static
cpufreq/sched: Use cpu max freq rather than policy max
Conflicts:
include/linux/sched.h
kernel/sched/core.c
kernel/sched/fair.c
Change-Id: I2751f851df741f00e797deaf2119872b3dced655
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlny7PcACgkQONu9yGCS
aT7UAw//Zqfv7J8fAyfeTnVsbBg5GcD7SW7clzILMclb2nCGcS1g6ZFZAOoWRZV3
eSnYKLBvOxfnF+TunD/aNagtKMIEuPqA/9Srd3uL2sdso1FtMsL8PR07Ml1o3Qf3
eUeKt/JfchpD5r+1ca4CWqRDvFyuQwP8RMsbXUqjsDEy/5USeGOzPGa9jdQ5JI/O
zvXlHyWuXryvDWHlM52H67CSdZC2KSUNeybji8EqrJlK2yijJQ8CvN7jrBevSVVy
2XpMx9RoeAbOAH36VuW5R3/tpUPW70L3Tw8zTo8dfs5w/TEMgddzDd4aWz8PLLqo
mhD6V3bgkqzkbXEaLvmmht/IMg497K6HcAFzfDu/M8X1wSaNfNmJ8IBKmDTBeuBO
t5Ha2mqDxiCTrEXq/USEgiBW28PJXKv3C5MhdSlYPWo/QGho0boTRirmbbmYupf/
T02LwRWo8MQT9l+sX5zFx+/Tw/f5/f1bWSWVJ5ns+lFbQ5smnA2nxvcPLg6LuGEe
tXZ7R+7v5yFp5quyUPTz6eY8Tau4mswuzm4avob0QLr6ZDQXTt8WbD8kmaQRoDq4
U0k58ZZbdPnOyf0zxFTURQoPk+MI/EV9tclQcWEsR+AXWVzqA71rSUMCcSl7Gad2
/vSkgDcSQ1xt0UQ7Bqf7PdNSVLtfH/n/jXJGJXwYW/Q0r/zRTYY=
=vcfF
-----END PGP SIGNATURE-----
Merge 4.4.95 into android-4.4
Changes in 4.4.95
USB: devio: Revert "USB: devio: Don't corrupt user memory"
USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
USB: serial: metro-usb: add MS7820 device id
usb: cdc_acm: Add quirk for Elatec TWN3
usb: quirks: add quirk for WORLDE MINI MIDI keyboard
usb: hub: Allow reset retry for USB2 devices on connect bounce
ALSA: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital
can: gs_usb: fix busy loop if no more TX context is available
usb: musb: sunxi: Explicitly release USB PHY on exit
usb: musb: Check for host-mode using is_host_active() on reset interrupt
can: esd_usb2: Fix can_dlc value for received RTR, frames
drm/nouveau/bsp/g92: disable by default
drm/nouveau/mmu: flush tlbs before deleting page tables
ALSA: seq: Enable 'use' locking in all configurations
ALSA: hda: Remove superfluous '-' added by printk conversion
i2c: ismt: Separate I2C block read from SMBus block read
brcmsmac: make some local variables 'static const' to reduce stack size
bus: mbus: fix window size calculation for 4GB windows
clockevents/drivers/cs5535: Improve resilience to spurious interrupts
rtlwifi: rtl8821ae: Fix connection lost problem
KEYS: encrypted: fix dereference of NULL user_key_payload
lib/digsig: fix dereference of NULL user_key_payload
KEYS: don't let add_key() update an uninstantiated key
pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.
parisc: Avoid trashing sr2 and sr3 in LWS code
parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels
sched/autogroup: Fix autogroup_move_group() to never skip sched_move_task()
f2fs crypto: replace some BUG_ON()'s with error checks
f2fs crypto: add missing locking for keyring_key access
fscrypt: fix dereference of NULL user_key_payload
KEYS: Fix race between updating and finding a negative key
fscrypto: require write access to mount to set encryption policy
FS-Cache: fix dereference of NULL user_key_payload
Linux 4.4.95
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 363b02dab09b3226f3bd1420dad9c72b79a42a76 upstream.
Consolidate KEY_FLAG_INSTANTIATED, KEY_FLAG_NEGATIVE and the rejection
error into one field such that:
(1) The instantiation state can be modified/read atomically.
(2) The error can be accessed atomically with the state.
(3) The error isn't stored unioned with the payload pointers.
This deals with the problem that the state is spread over three different
objects (two bits and a separate variable) and reading or updating them
atomically isn't practical, given that not only can uninstantiated keys
change into instantiated or rejected keys, but rejected keys can also turn
into instantiated keys - and someone accessing the key might not be using
any locking.
The main side effect of this problem is that what was held in the payload
may change, depending on the state. For instance, you might observe the
key to be in the rejected state. You then read the cached error, but if
the key semaphore wasn't locked, the key might've become instantiated
between the two reads - and you might now have something in hand that isn't
actually an error code.
The state is now KEY_IS_UNINSTANTIATED, KEY_IS_POSITIVE or a negative error
code if the key is negatively instantiated. The key_is_instantiated()
function is replaced with key_is_positive() to avoid confusion as negative
keys are also 'instantiated'.
Additionally, barriering is included:
(1) Order payload-set before state-set during instantiation.
(2) Order state-read before payload-read when using the key.
Further separate barriering is necessary if RCU is being used to access the
payload content after reading the payload pointers.
Fixes: 146aa8b145 ("KEYS: Merge the type-specific data with the payload data")
Reported-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 60ff5b2f547af3828aebafd54daded44cfb0807a upstream.
Currently, when passed a key that already exists, add_key() will call the
key's ->update() method if such exists. But this is heavily broken in the
case where the key is uninstantiated because it doesn't call
__key_instantiate_and_link(). Consequently, it doesn't do most of the
things that are supposed to happen when the key is instantiated, such as
setting the instantiation state, clearing KEY_FLAG_USER_CONSTRUCT and
awakening tasks waiting on it, and incrementing key->user->nikeys.
It also never takes key_construction_mutex, which means that
->instantiate() can run concurrently with ->update() on the same key. In
the case of the "user" and "logon" key types this causes a memory leak, at
best. Maybe even worse, the ->update() methods of the "encrypted" and
"trusted" key types actually just dereference a NULL pointer when passed an
uninstantiated key.
Change key_create_or_update() to wait interruptibly for the key to finish
construction before continuing.
This patch only affects *uninstantiated* keys. For now we still allow a
negatively instantiated key to be updated (thereby positively
instantiating it), although that's broken too (the next patch fixes it)
and I'm not sure that anyone actually uses that functionality either.
Here is a simple reproducer for the bug using the "encrypted" key type
(requires CONFIG_ENCRYPTED_KEYS=y), though as noted above the bug
pertained to more than just the "encrypted" key type:
#include <stdlib.h>
#include <unistd.h>
#include <keyutils.h>
int main(void)
{
int ringid = keyctl_join_session_keyring(NULL);
if (fork()) {
for (;;) {
const char payload[] = "update user:foo 32";
usleep(rand() % 10000);
add_key("encrypted", "desc", payload, sizeof(payload), ringid);
keyctl_clear(ringid);
}
} else {
for (;;)
request_key("encrypted", "desc", "callout_info", ringid);
}
}
It causes:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
IP: encrypted_update+0xb0/0x170
PGD 7a178067 P4D 7a178067 PUD 77269067 PMD 0
PREEMPT SMP
CPU: 0 PID: 340 Comm: reproduce Tainted: G D 4.14.0-rc1-00025-g428490e38b2e #796
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff8a467a39a340 task.stack: ffffb15c40770000
RIP: 0010:encrypted_update+0xb0/0x170
RSP: 0018:ffffb15c40773de8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8a467a275b00 RCX: 0000000000000000
RDX: 0000000000000005 RSI: ffff8a467a275b14 RDI: ffffffffb742f303
RBP: ffffb15c40773e20 R08: 0000000000000000 R09: ffff8a467a275b17
R10: 0000000000000020 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8a4677057180 R15: ffff8a467a275b0f
FS: 00007f5d7fb08700(0000) GS:ffff8a467f200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000018 CR3: 0000000077262005 CR4: 00000000001606f0
Call Trace:
key_create_or_update+0x2bc/0x460
SyS_add_key+0x10c/0x1d0
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x7f5d7f211259
RSP: 002b:00007ffed03904c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
RAX: ffffffffffffffda RBX: 000000003b2a7955 RCX: 00007f5d7f211259
RDX: 00000000004009e4 RSI: 00000000004009ff RDI: 0000000000400a04
RBP: 0000000068db8bad R08: 000000003b2a7955 R09: 0000000000000004
R10: 000000000000001a R11: 0000000000000246 R12: 0000000000400868
R13: 00007ffed03905d0 R14: 0000000000000000 R15: 0000000000000000
Code: 77 28 e8 64 34 1f 00 45 31 c0 31 c9 48 8d 55 c8 48 89 df 48 8d 75 d0 e8 ff f9 ff ff 85 c0 41 89 c4 0f 88 84 00 00 00 4c 8b 7d c8 <49> 8b 75 18 4c 89 ff e8 24 f8 ff ff 85 c0 41 89 c4 78 6d 49 8b
RIP: encrypted_update+0xb0/0x170 RSP: ffffb15c40773de8
CR2: 0000000000000018
Reported-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 13923d0865ca96312197962522e88bc0aedccd74 upstream.
A key of type "encrypted" references a "master key" which is used to
encrypt and decrypt the encrypted key's payload. However, when we
accessed the master key's payload, we failed to handle the case where
the master key has been revoked, which sets the payload pointer to NULL.
Note that request_key() *does* skip revoked keys, but there is still a
window where the key can be revoked before we acquire its semaphore.
Fix it by checking for a NULL payload, treating it like a key which was
already revoked at the time it was requested.
This was an issue for master keys of type "user" only. Master keys can
also be of type "trusted", but those cannot be revoked.
Fixes: 7e70cb4978 ("keys: add new key-type encrypted")
Reviewed-by: James Morris <james.l.morris@oracle.com>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Safford <safford@us.ibm.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
CAN socket SELinux support is required to be able
to distinguish between generic socket and can_socket
Change-Id: I9ec2099fc4c08ab6406e33ff9ad821ef18261763
Signed-off-by: Alex Yakavenka <ayakav@codeaurora.org>
* refs/heads/tmp-73a2b70
Linux 4.4.92
ext4: don't allow encrypted operations without keys
ext4: Don't clear SGID when inheriting ACLs
ext4: fix data corruption for mmap writes
sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs
nvme: protect against simultaneous shutdown invocations
drm/i915/bios: ignore HDMI on port A
brcmfmac: setup passive scan if requested by user-space
uwb: ensure that endpoint is interrupt
uwb: properly check kthread_run return value
iio: adc: mcp320x: Fix oops on module unload
iio: adc: mcp320x: Fix readout of negative voltages
iio: ad7793: Fix the serial interface reset
iio: core: Return error for failed read_reg
staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack.
iio: ad_sigma_delta: Implement a dedicated reset function
iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of 'twl4030_madc_probe()'
iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()'
xhci: fix finding correct bus_state structure for USB 3.1 hosts
USB: fix out-of-bounds in usb_set_configuration
usb: Increase quirk delay for USB devices
USB: core: harden cdc_parse_cdc_header
USB: uas: fix bug in handling of alternate settings
scsi: sd: Do not override max_sectors_kb sysfs setting
iwlwifi: add workaround to disable wide channels in 5GHz
HID: i2c-hid: allocate hid buffers for real worst case
ftrace: Fix kmemleak in unregister_ftrace_graph
stm class: Fix a use-after-free
Drivers: hv: fcopy: restore correct transfer length
driver core: platform: Don't read past the end of "driver_override" buffer
ALSA: usx2y: Suppress kernel warning at page allocation failures
ALSA: compress: Remove unused variable
lsm: fix smack_inode_removexattr and xattr_getsecurity memleak
USB: g_mass_storage: Fix deadlock when driver is unbound
usb: gadget: mass_storage: set msg_registered after msg registered
USB: devio: Don't corrupt user memory
USB: dummy-hcd: Fix erroneous synchronization change
USB: dummy-hcd: fix infinite-loop resubmission bug
USB: dummy-hcd: fix connection failures (wrong speed)
usb: pci-quirks.c: Corrected timeout values used in handshake
ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction
usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe
usb-storage: unusual_devs entry to fix write-access regression for Seagate external drives
usb: gadget: udc: atmel: set vbus irqflags explicitly
USB: gadgetfs: fix copy_to_user while holding spinlock
USB: gadgetfs: Fix crash caused by inadequate synchronization
usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write
ANDROID: binder: init desired_prio.sched_policy before use it
BACKPORT: net: xfrm: support setting an output mark.
UPSTREAM: xfrm: Only add l3mdev oif to dst lookups
UPSTREAM: net: l3mdev: Add master device lookup by index
Linux 4.4.91
ttpci: address stringop overflow warning
ALSA: au88x0: avoid theoretical uninitialized access
ARM: remove duplicate 'const' annotations'
IB/qib: fix false-postive maybe-uninitialized warning
drivers: firmware: psci: drop duplicate const from psci_of_match
libata: transport: Remove circular dependency at free time
xfs: remove kmem_zalloc_greedy
i2c: meson: fix wrong variable usage in meson_i2c_put_data
md/raid10: submit bio directly to replacement disk
rds: ib: add error handle
iommu/io-pgtable-arm: Check for leaf entry before dereferencing it
parisc: perf: Fix potential NULL pointer dereference
netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max
exynos-gsc: Do not swap cb/cr for semi planar formats
MIPS: IRQ Stack: Unwind IRQ stack onto task stack
netfilter: invoke synchronize_rcu after set the _hook_ to NULL
bridge: netlink: register netdevice before executing changelink
mmc: sdio: fix alignment issue in struct sdio_func
usb: plusb: Add support for PL-27A1
team: fix memory leaks
net/packet: check length in getsockopt() called with PACKET_HDRLEN
net: core: Prevent from dereferencing null pointer when releasing SKB
MIPS: Lantiq: Fix another request_mem_region() return code check
ASoC: dapm: fix some pointer error handling
usb: chipidea: vbus event may exist before starting gadget
audit: log 32-bit socketcalls
ASoC: dapm: handle probe deferrals
partitions/efi: Fix integer overflow in GPT size calculation
USB: serial: mos7840: fix control-message error handling
USB: serial: mos7720: fix control-message error handling
drm/amdkfd: fix improper return value on error
IB/ipoib: Replace list_del of the neigh->list with list_del_init
IB/ipoib: rtnl_unlock can not come after free_netdev
IB/ipoib: Fix deadlock over vlan_mutex
tty: goldfish: Fix a parameter of a call to free_irq
ARM: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM
iio: adc: hx711: Add DT binding for avia,hx711
iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications
hwmon: (gl520sm) Fix overflows and crash seen when writing into limit attributes
sh_eth: use correct name for ECMR_MPDE bit
extcon: axp288: Use vbus-valid instead of -present to determine cable presence
igb: re-assign hw address pointer on reset after PCI error
MIPS: ralink: Fix incorrect assignment on ralink_soc
MIPS: Ensure bss section ends on a long-aligned address
ARM: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes
RDS: RDMA: Fix the composite message user notification
GFS2: Fix reference to ERR_PTR in gfs2_glock_iter_next
drm: bridge: add DT bindings for TI ths8135
drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define
FROMLIST: tracing: Add support for preempt and irq enable/disable events
FROMLIST: tracing: Prepare to add preempt and irq trace events
ANDROID: binder: fix transaction leak.
ANDROID: binder: Add tracing for binder priority inheritance.
Linux 4.4.90
fix xen_swiotlb_dma_mmap prototype
swiotlb-xen: implement xen_swiotlb_dma_mmap callback
video: fbdev: aty: do not leak uninitialized padding in clk to userspace
KVM: VMX: use cmpxchg64
ARM: pxa: fix the number of DMA requestor lines
ARM: pxa: add the number of DMA requestor lines
dmaengine: mmp-pdma: add number of requestors
cxl: Fix driver use count
KVM: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt
KVM: VMX: do not change SN bit in vmx_update_pi_irte()
timer/sysclt: Restrict timer migration sysctl values to 0 and 1
gfs2: Fix debugfs glocks dump
x86/fpu: Don't let userspace set bogus xcomp_bv
btrfs: prevent to set invalid default subvolid
btrfs: propagate error to btrfs_cmp_data_prepare caller
btrfs: fix NULL pointer dereference from free_reloc_roots()
PCI: Fix race condition with driver_override
kvm: nVMX: Don't allow L2 to access the hardware CR8
KVM: VMX: Do not BUG() on out-of-bounds guest IRQ
arm64: fault: Route pte translation faults via do_translation_fault
arm64: Make sure SPsel is always set
seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()
bsg-lib: don't free job in bsg_prepare_job
nl80211: check for the required netlink attributes presence
vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets
SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags
SMB: Validate negotiate (to protect against downgrade) even if signing off
Fix SMB3.1.1 guest authentication to Samba
powerpc/pseries: Fix parent_dn reference leak in add_dt_node()
KEYS: prevent KEYCTL_READ on negative key
KEYS: prevent creating a different user's keyrings
KEYS: fix writing past end of user-supplied buffer in keyring_read()
crypto: talitos - fix sha224
crypto: talitos - Don't provide setkey for non hmac hashing algs.
scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list
md/raid5: fix a race condition in stripe batch
tracing: Erase irqsoff trace with empty write
tracing: Fix trace_pipe behavior for instance traces
KVM: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce()
mac80211: flush hw_roc_start work before cancelling the ROC
cifs: release auth_key.response for reconnect.
f2fs: catch up to v4.14-rc1
UPSTREAM: cpufreq: schedutil: use now as reference when aggregating shared policy requests
ANDROID: add script to fetch android kernel config fragments
f2fs: reorganize stat information
f2fs: clean up flush/discard command namings
f2fs: check in-memory sit version bitmap
f2fs: check in-memory nat version bitmap
f2fs: check in-memory block bitmap
f2fs: introduce FI_ATOMIC_COMMIT
f2fs: clean up with list_{first, last}_entry
f2fs: return fs_trim if there is no candidate
f2fs: avoid needless checkpoint in f2fs_trim_fs
f2fs: relax async discard commands more
f2fs: drop exist_data for inline_data when truncated to 0
f2fs: don't allow encrypted operations without keys
f2fs: show the max number of atomic operations
f2fs: get io size bit from mount option
f2fs: support IO alignment for DATA and NODE writes
f2fs: add submit_bio tracepoint
f2fs: reassign new segment for mode=lfs
f2fs: fix a missing discard prefree segments
f2fs: use rb_entry_safe
f2fs: add a case of no need to read a page in write begin
f2fs: fix a problem of using memory after free
f2fs: remove unneeded condition
f2fs: don't cache nat entry if out of memory
f2fs: remove unused values in recover_fsync_data
f2fs: support async discard based on v4.9
f2fs: resolve op and op_flags confilcts
f2fs: remove wrong backported codes
FROMLIST: binder: fix use-after-free in binder_transaction()
UPSTREAM: ipv6: fib: Unlink replaced routes from their nodes
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
Conflicts:
fs/f2fs/crypto_key.c
fs/f2fs/f2fs_crypto.h
net/wireless/nl80211.c
sound/usb/card.c
Change-Id: I742aeaec84c7892165976b7bea3e07bdd6881d93
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
Srinivasarao P
Greg Kroah-Hartman
Paul Moore
Eric Biggers
Mark Salyzyn
Lorenzo Colitti
Kees Cook
Borislav Petkov
Hugh Dickins
Dave Hansen
Richard Fellner
Boshi Wang
Roberto Sassu
Linux Build Service Account
Bilal Amarni
Neeraj Soni
Blagovest Kolenichev
David Howells
Alex Yakavenka