285dc038c1124a4f2a3bf4bf4e29ef0fc5b9fd39
1214 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
f5585d325a |
UPSTREAM: bpf: Explicitly memset some bpf info structures declared on the stack
Trying to initialize a structure with "= {};" will not always clean out
all padding locations in a structure. So be explicit and call memset to
initialize everything for a number of bpf information structures that
are then copied from userspace, sometimes from smaller memory locations
than the size of the structure.
Reported-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20200320162258.GA794295@kroah.com
(cherry picked from commit 269efb7fc478563a7e7b22590d8076823f4ac82a)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I52a2cab20aa310085ec104bd811ac4f2b83657b6
|
||
|
Greg Kroah-Hartman
|
50c6beb9c9 |
UPSTREAM: bpf: Explicitly memset the bpf_attr structure
For the bpf syscall, we are relying on the compiler to properly zero out
the bpf_attr union that we copy userspace data into. Unfortunately that
doesn't always work properly, padding and other oddities might not be
correctly zeroed, and in some tests odd things have been found when the
stack is pre-initialized to other values.
Fix this by explicitly memsetting the structure to 0 before using it.
Reported-by: Maciej Żenczykowski <maze@google.com>
Reported-by: John Stultz <john.stultz@linaro.org>
Reported-by: Alexander Potapenko <glider@google.com>
Reported-by: Alistair Delva <adelva@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://android-review.googlesource.com/c/kernel/common/+/1235490
Link: https://lore.kernel.org/bpf/20200320094813.GA421650@kroah.com
(cherry picked from commit
|
||
Greg Kroah-Hartman
|
2c2101d181 |
Merge 5.4.23 into android-5.4
Changes in 5.4.23 iommu/qcom: Fix bogus detach logic ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs ALSA: hda/realtek - Apply quirk for MSI GP63, too ALSA: hda/realtek - Apply quirk for yet another MSI laptop ASoC: codec2codec: avoid invalid/double-free of pcm runtime ASoC: sun8i-codec: Fix setting DAI data format tpm: Initialize crypto_id of allocated_banks to HASH_ALGO__LAST ecryptfs: fix a memory leak bug in parse_tag_1_packet() ecryptfs: fix a memory leak bug in ecryptfs_init_messaging() btrfs: handle logged extent failure properly thunderbolt: Prevent crash if non-active NVMem file is read USB: misc: iowarrior: add support for 2 OEMed devices USB: misc: iowarrior: add support for the 28 and 28L devices USB: misc: iowarrior: add support for the 100 device e1000e: Use rtnl_lock to prevent race conditions between net and pci/pm floppy: check FDC index for errors before assigning it vt: fix scrollback flushing on background consoles vt: selection, handle pending signals in paste_selection vt: vt_ioctl: fix race in VT_RESIZEX staging: android: ashmem: Disallow ashmem memory from being remapped staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi. xhci: Force Maximum Packet size for Full-speed bulk devices to valid range. xhci: fix runtime pm enabling for quirky Intel hosts xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms xhci: Fix memory leak when caching protocol extended capability PSI tables - take 2 usb: host: xhci: update event ring dequeue pointer on purpose USB: core: add endpoint-blacklist quirk USB: quirks: blacklist duplicate ep on Sound Devices USBPre2 usb: uas: fix a plug & unplug racing USB: Fix novation SourceControl XL after suspend USB: hub: Don't record a connect-change event during reset-resume USB: hub: Fix the broken detection of USB3 device in SMSC hub usb: dwc2: Fix SET/CLEAR_FEATURE and GET_STATUS flows usb: dwc3: gadget: Check for IOC/LST bit in TRB->ctrl fields usb: dwc3: debug: fix string position formatting mixup with ret and len scsi: Revert "target/core: Inline transport_lun_remove_cmd()" staging: rtl8188eu: Fix potential security hole staging: rtl8188eu: Fix potential overuse of kernel memory staging: rtl8723bs: Fix potential security hole staging: rtl8723bs: Fix potential overuse of kernel memory drm/panfrost: perfcnt: Reserve/use the AS attached to the perfcnt MMU context powerpc/8xx: Fix clearing of bits 20-23 in ITLB miss powerpc/eeh: Fix deadlock handling dead PHB powerpc/tm: Fix clearing MSR[TS] in current when reclaiming on signal delivery powerpc/entry: Fix an #if which should be an #ifdef in entry_32.S powerpc/hugetlb: Fix 512k hugepages on 8xx with 16k page size powerpc/hugetlb: Fix 8M hugepages on 8xx arm64: memory: Add missing brackets to untagged_addr() macro jbd2: fix ocfs2 corrupt when clearing block group bits x86/ima: use correct identifier for SetupMode variable x86/mce/amd: Publish the bank pointer only after setup has succeeded x86/mce/amd: Fix kobject lifetime x86/cpu/amd: Enable the fixed Instructions Retired counter IRPERF serial: 8250: Check UPF_IRQ_SHARED in advance tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode tty: serial: imx: setup the correct sg entry for tx dma tty: serial: qcom_geni_serial: Fix RX cancel command failure serdev: ttyport: restore client ops on deregistration MAINTAINERS: Update drm/i915 bug filing URL ACPI: PM: s2idle: Check fixed wakeup events in acpi_s2idle_wake() Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()" mm/memcontrol.c: lost css_put in memcg_expand_shrinker_maps() nvme-multipath: Fix memory leak with ana_log_buf genirq/irqdomain: Make sure all irq domain flags are distinct mm/vmscan.c: don't round up scan size for online memory cgroup mm/sparsemem: pfn_to_page is not valid yet on SPARSEMEM lib/stackdepot.c: fix global out-of-bounds in stack_slabs mm: Avoid creating virtual address aliases in brk()/mmap()/mremap() drm/amdgpu/soc15: fix xclk for raven drm/amdgpu/gfx9: disable gfxoff when reading rlc clock drm/amdgpu/gfx10: disable gfxoff when reading rlc clock drm/nouveau/kms/gv100-: Re-set LUT after clearing for modesets drm/i915: Wean off drm_pci_alloc/drm_pci_free drm/i915: Update drm/i915 bug filing URL sched/psi: Fix OOB write when writing 0 bytes to PSI files KVM: nVMX: Don't emulate instructions in guest mode KVM: x86: don't notify userspace IOAPIC on edge-triggered interrupt EOI ext4: fix a data race in EXT4_I(inode)->i_disksize ext4: add cond_resched() to __ext4_find_entry() ext4: fix potential race between online resizing and write operations ext4: fix potential race between s_group_info online resizing and access ext4: fix potential race between s_flex_groups online resizing and access ext4: fix mount failure with quota configured as module ext4: rename s_journal_flag_rwsem to s_writepages_rwsem ext4: fix race between writepages and enabling EXT4_EXTENTS_FL KVM: nVMX: Refactor IO bitmap checks into helper function KVM: nVMX: Check IO instruction VM-exit conditions KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 KVM: apic: avoid calculating pending eoi from an uninitialized val btrfs: destroy qgroup extent records on transaction abort btrfs: fix bytes_may_use underflow in prealloc error condtition btrfs: reset fs_root to NULL on error in open_ctree btrfs: do not check delayed items are empty for single transaction cleanup Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents Btrfs: fix race between shrinking truncate and fiemap btrfs: don't set path->leave_spinning for truncate Btrfs: fix deadlock during fast fsync when logging prealloc extents beyond eof Revert "dmaengine: imx-sdma: Fix memory leak" drm/i915/gt: Detect if we miss WaIdleLiteRestore drm/i915/execlists: Always force a context reload when rewinding RING_TAIL drm/i915/gvt: more locking for ppgtt mm LRU list drm/bridge: tc358767: fix poll timeouts drm/i915/gt: Protect defer_request() from new waiters drm/msm/dpu: fix BGR565 vs RGB565 confusion scsi: Revert "RDMA/isert: Fix a recently introduced regression related to logout" scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" usb: gadget: composite: Fix bMaxPower for SuperSpeedPlus usb: dwc2: Fix in ISOC request length checking staging: rtl8723bs: fix copy of overlapping memory staging: greybus: use after free in gb_audio_manager_remove_all() ASoC: atmel: fix atmel_ssc_set_audio link failure ASoC: fsl_sai: Fix exiting path on probing failure ecryptfs: replace BUG_ON with error handling code iommu/vt-d: Fix compile warning from intel-svm.h crypto: rename sm3-256 to sm3 in hash_algo_name genirq/proc: Reject invalid affinity masks (again) bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill arm64: lse: Fix LSE atomics with LLVM io_uring: fix __io_iopoll_check deadlock in io_sq_thread ALSA: rawmidi: Avoid bit fields for state flags ALSA: seq: Avoid concurrent access to queue flags ALSA: seq: Fix concurrent access to queue current tick/time netfilter: xt_hashlimit: limit the max size of hashtable rxrpc: Fix call RCU cleanup using non-bh-safe locks io_uring: prevent sq_thread from spinning when it should stop ata: ahci: Add shutdown to freeze hardware resources of ahci xen: Enable interrupts when calling _cond_resched() net/mlx5e: Reset RQ doorbell counter before moving RQ state from RST to RDY net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa net/mlx5e: Fix crash in recovery flow without devlink reporter s390/kaslr: Fix casts in get_random s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in storage_key_init_range bpf: Selftests build error in sockmap_basic.c ASoC: SOF: Intel: hda: Add iDisp4 DAI Linux 5.4.23 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I1d60f06bcb6ee74e5601976c7af79153c41af11c |
||
Johannes Krude
|
8132323eb3 |
bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill
commit |
||
|
Greg Kroah-Hartman
|
835bd1de9c |
Merge 5.4.22 into android-5.4
Changes in 5.4.22
core: Don't skip generic XDP program execution for cloned SKBs
enic: prevent waking up stopped tx queues over watchdog reset
net/smc: fix leak of kernel memory to user space
net: dsa: tag_qca: Make sure there is headroom for tag
net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS
net/sched: flower: add missing validation of TCA_FLOWER_FLAGS
drm/gma500: Fixup fbdev stolen size usage evaluation
ath10k: Fix qmi init error handling
wil6210: fix break that is never reached because of zero'ing of a retry counter
drm/qxl: Complete exception handling in qxl_device_init()
rcu/nocb: Fix dump_tree hierarchy print always active
rcu: Fix missed wakeup of exp_wq waiters
rcu: Fix data-race due to atomic_t copy-by-value
f2fs: preallocate DIO blocks when forcing buffered_io
f2fs: call f2fs_balance_fs outside of locked page
media: meson: add missing allocation failure check on new_buf
clk: meson: pll: Fix by 0 division in __pll_params_to_rate()
cpu/hotplug, stop_machine: Fix stop_machine vs hotplug order
brcmfmac: Fix memory leak in brcmf_p2p_create_p2pdev()
brcmfmac: Fix use after free in brcmf_sdio_readframes()
PCI: Fix pci_add_dma_alias() bitmask size
drm/amd/display: Map ODM memory correctly when doing ODM combine
leds: pca963x: Fix open-drain initialization
ext4: fix ext4_dax_read/write inode locking sequence for IOCB_NOWAIT
ALSA: ctl: allow TLV read operation for callback type of element in locked case
gianfar: Fix TX timestamping with a stacked DSA driver
pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs
printk: fix exclusive_console replaying
drm/mipi_dbi: Fix off-by-one bugs in mipi_dbi_blank()
drm/msm/adreno: fix zap vs no-zap handling
pxa168fb: Fix the function used to release some memory in an error handling path
media: ov5640: Fix check for PLL1 exceeding max allowed rate
media: i2c: mt9v032: fix enum mbus codes and frame sizes
media: sun4i-csi: Deal with DRAM offset
media: sun4i-csi: Fix data sampling polarity handling
media: sun4i-csi: Fix [HV]sync polarity handling
clk: at91: sam9x60: fix programmable clock prescaler
powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number
clk: meson: meson8b: make the CCF use the glitch-free mali mux
gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap()
iommu/vt-d: Fix off-by-one in PASID allocation
x86/fpu: Deactivate FPU state after failure during state load
char/random: silence a lockdep splat with printk()
media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run()
kernel/module: Fix memleak in module_add_modinfo_attrs()
IB/core: Let IB core distribute cache update events
pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins
efi/x86: Map the entire EFI vendor string before copying it
MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init()
sparc: Add .exit.data section.
net: ethernet: ixp4xx: Standard module init
raid6/test: fix a compilation error
uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()
drm/amdgpu/sriov: workaround on rev_id for Navi12 under sriov
spi: fsl-lpspi: fix only one cs-gpio working
drm/nouveau/nouveau: fix incorrect sizeof on args.src an args.dst
usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe()
usb: dwc2: Fix IN FIFO allocation
clocksource/drivers/bcm2835_timer: Fix memory leak of timer
drm/amd/display: Clear state after exiting fixed active VRR state
kselftest: Minimise dependency of get_size on C library interfaces
jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal
ext4: fix deadlock allocating bio_post_read_ctx from mempool
clk: ti: dra7: fix parent for gmac_clkctrl
x86/sysfb: Fix check for bad VRAM size
pwm: omap-dmtimer: Simplify error handling
udf: Allow writing to 'Rewritable' partitions
dmaengine: fsl-qdma: fix duplicated argument to &&
wan/hdlc_x25: fix skb handling
s390/pci: Fix possible deadlock in recover_store()
powerpc/iov: Move VF pdev fixup into pcibios_fixup_iov()
tracing: Fix tracing_stat return values in error handling paths
tracing: Fix very unlikely race of registering two stat tracers
ARM: 8952/1: Disable kmemleak on XIP kernels
ext4, jbd2: ensure panic when aborting with zero errno
ath10k: Correct the DMA direction for management tx buffers
rtw88: fix rate mask for 1SS chip
brcmfmac: sdio: Fix OOB interrupt initialization on brcm43362
selftests: settings: tests can be in subsubdirs
rtc: i2c/spi: Avoid inclusion of REGMAP support when not needed
drm/amd/display: Retrain dongles when SINK_COUNT becomes non-zero
tracing: Simplify assignment parsing for hist triggers
nbd: add a flush_workqueue in nbd_start_device
KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups
Btrfs: keep pages dirty when using btrfs_writepage_fixup_worker
drivers/block/zram/zram_drv.c: fix error return codes not being returned in writeback_store
block, bfq: do not plug I/O for bfq_queues with no proc refs
kconfig: fix broken dependency in randconfig-generated .config
clk: qcom: Don't overwrite 'cfg' in clk_rcg2_dfs_populate_freq()
clk: qcom: rcg2: Don't crash if our parent can't be found; return an error
drm/amdkfd: Fix a bug in SDMA RLC queue counting under HWS mode
bpf, sockhash: Synchronize_rcu before free'ing map
drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table
ath10k: correct the tlv len of ath10k_wmi_tlv_op_gen_config_pno_start
drm/amdgpu: Ensure ret is always initialized when using SOC15_WAIT_ON_RREG
drm/panel: simple: Add Logic PD Type 28 display support
arm64: dts: rockchip: Fix NanoPC-T4 cooling maps
modules: lockdep: Suppress suspicious RCU usage warning
ASoC: intel: sof_rt5682: Add quirk for number of HDMI DAI's
ASoC: intel: sof_rt5682: Add support for tgl-max98357a-rt5682
regulator: rk808: Lower log level on optional GPIOs being not available
net/wan/fsl_ucc_hdlc: reject muram offsets above 64K
NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu().
arm64: dts: allwinner: H6: Add PMU mode
arm64: dts: allwinner: H5: Add PMU node
arm: dts: allwinner: H3: Add PMU node
opp: Free static OPPs on errors while adding them
selinux: ensure we cleanup the internal AVC counters on error in avc_insert()
arm64: dts: qcom: msm8996: Disable USB2 PHY suspend by core
padata: validate cpumask without removed CPU during offline
clk: imx: Add correct failure handling for clk based helpers
ARM: exynos_defconfig: Bring back explicitly wanted options
ARM: dts: imx6: rdu2: Disable WP for USDHC2 and USDHC3
ARM: dts: imx6: rdu2: Limit USBH1 to Full Speed
bus: ti-sysc: Implement quirk handling for CLKDM_NOAUTO
PCI: iproc: Apply quirk_paxc_bridge() for module as well as built-in
media: cx23885: Add support for AVerMedia CE310B
PCI: Add generic quirk for increasing D3hot delay
PCI: Increase D3 delay for AMD Ryzen5/7 XHCI controllers
Revert "nfp: abm: fix memory leak in nfp_abm_u32_knode_replace"
gpu/drm: ingenic: Avoid null pointer deference in plane atomic update
selftests/net: make so_txtime more robust to timer variance
media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros
reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
samples/bpf: Set -fno-stack-protector when building BPF programs
r8169: check that Realtek PHY driver module is loaded
fore200e: Fix incorrect checks of NULL pointer dereference
netfilter: nft_tunnel: add the missing ERSPAN_VERSION nla_policy
ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status
PCI: Add nr_devfns parameter to pci_add_dma_alias()
PCI: Add DMA alias quirk for PLX PEX NTB
b43legacy: Fix -Wcast-function-type
ipw2x00: Fix -Wcast-function-type
iwlegacy: Fix -Wcast-function-type
rtlwifi: rtl_pci: Fix -Wcast-function-type
orinoco: avoid assertion in case of NULL pointer
drm/amdgpu: fix KIQ ring test fail in TDR of SRIOV
clk: qcom: smd: Add missing bimc clock
ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1
nfsd: Clone should commit src file metadata too
scsi: ufs: Complete pending requests in host reset and restore path
scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
crypto: inside-secure - add unspecified HAS_IOMEM dependency
drm/mediatek: handle events when enabling/disabling crtc
clk: renesas: rcar-gen3: Allow changing the RPC[D2] clocks
ARM: dts: r8a7779: Add device node for ARM global timer
selinux: ensure we cleanup the internal AVC counters on error in avc_update()
scsi: lpfc: Fix: Rework setting of fdmi symbolic node name registration
arm64: dts: qcom: db845c: Enable ath10k 8bit host-cap quirk
iommu/amd: Check feature support bit before accessing MSI capability registers
iommu/amd: Only support x2APIC with IVHD type 11h/40h
iommu/iova: Silence warnings under memory pressure
clk: actually call the clock init before any other callback of the clock
dmaengine: Store module owner in dma_device struct
dmaengine: imx-sdma: Fix memory leak
bpf: Print error message for bpftool cgroup show
net: phy: realtek: add logging for the RGMII TX delay configuration
crypto: chtls - Fixed memory leak
x86/vdso: Provide missing include file
PM / devfreq: exynos-ppmu: Fix excessive stack usage
PM / devfreq: rk3399_dmc: Add COMPILE_TEST and HAVE_ARM_SMCCC dependency
drm/fbdev: Fallback to non tiled mode if all tiles not present
pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs
reset: uniphier: Add SCSSI reset control for each channel
ASoC: soc-topology: fix endianness issues
fbdev: fix numbering of fbcon options
RDMA/rxe: Fix error type of mmap_offset
clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock
ALSA: sh: Fix unused variable warnings
clk: Use parent node pointer during registration if necessary
clk: uniphier: Add SCSSI clock gate for each channel
ALSA: hda/realtek - Apply mic mute LED quirk for Dell E7xx laptops, too
ALSA: sh: Fix compile warning wrt const
net: phy: fixed_phy: fix use-after-free when checking link GPIO
tools lib api fs: Fix gcc9 stringop-truncation compilation error
vfio/spapr/nvlink2: Skip unpinning pages on error exit
ASoC: Intel: sof_rt5682: Ignore the speaker amp when there isn't one.
ACPI: button: Add DMI quirk for Razer Blade Stealth 13 late 2019 lid switch
iommu/vt-d: Match CPU and IOMMU paging mode
iommu/vt-d: Avoid sending invalid page response
drm/amdkfd: Fix permissions of hang_hws
mlx5: work around high stack usage with gcc
RDMA/hns: Avoid printing address of mtt page
drm: remove the newline for CRC source name.
usb: dwc3: use proper initializers for property entries
ARM: dts: stm32: Add power-supply for DSI panel on stm32f469-disco
usbip: Fix unsafe unaligned pointer usage
udf: Fix free space reporting for metadata and virtual partitions
drm/mediatek: Add gamma property according to hardware capability
staging: rtl8188: avoid excessive stack usage
IB/hfi1: Add software counter for ctxt0 seq drop
IB/hfi1: Add RcvShortLengthErrCnt to hfi1stats
soc/tegra: fuse: Correct straps' address for older Tegra124 device trees
efi/x86: Don't panic or BUG() on non-critical error conditions
rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls
Input: edt-ft5x06 - work around first register access error
bnxt: Detach page from page pool before sending up the stack
x86/nmi: Remove irq_work from the long duration NMI handler
wan: ixp4xx_hss: fix compile-testing on 64-bit
clocksource: davinci: only enable clockevents once tim34 is initialized
arm64: dts: rockchip: fix dwmmc clock name for px30
arm64: dts: rockchip: add reg property to brcmf sub-nodes
ARM: dts: rockchip: add reg property to brcmf sub node for rk3188-bqedison2qc
ALSA: usb-audio: Add boot quirk for MOTU M Series
ASoC: atmel: fix build error with CONFIG_SND_ATMEL_SOC_DMA=m
raid6/test: fix a compilation warning
tty: synclinkmp: Adjust indentation in several functions
tty: synclink_gt: Adjust indentation in several functions
misc: xilinx_sdfec: fix xsdfec_poll()'s return type
visorbus: fix uninitialized variable access
driver core: platform: Prevent resouce overflow from causing infinite loops
driver core: Print device when resources present in really_probe()
ASoC: SOF: Intel: hda-dai: fix compilation warning in pcm_prepare
bpf: Return -EBADRQC for invalid map type in __bpf_tx_xdp_map
vme: bridges: reduce stack usage
drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new()
drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw
drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler
drm/nouveau/drm/ttm: Remove set but not used variable 'mem'
drm/nouveau/fault/gv100-: fix memory leak on module unload
dm thin: don't allow changing data device during thin-pool reload
gpiolib: Set lockdep class for hierarchical irq domains
drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add
perf/imx_ddr: Fix cpu hotplug state cleanup
usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue
kbuild: remove *.tmp file when filechk fails
iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE
ALSA: usb-audio: unlock on error in probe
f2fs: set I_LINKABLE early to avoid wrong access by vfs
f2fs: free sysfs kobject
scsi: ufs: pass device information to apply_dev_quirks
scsi: ufs-mediatek: add apply_dev_quirks variant operation
scsi: iscsi: Don't destroy session if there are outstanding connections
crypto: essiv - fix AEAD capitalization and preposition use in help text
ALSA: usb-audio: add implicit fb quirk for MOTU M Series
RDMA/mlx5: Don't fake udata for kernel path
arm64: lse: fix LSE atomics with LLVM's integrated assembler
arm64: fix alternatives with LLVM's integrated assembler
drm/amd/display: fixup DML dependencies
EDAC/sifive: Fix return value check in ecc_register()
KVM: PPC: Remove set but not used variable 'ra', 'rs', 'rt'
arm64: dts: ti: k3-j721e-main: Add missing power-domains for smmu
sched/core: Fix size of rq::uclamp initialization
sched/topology: Assert non-NUMA topology masks don't (partially) overlap
perf/x86/amd: Constrain Large Increment per Cycle events
watchdog/softlockup: Enforce that timestamp is valid on boot
debugobjects: Fix various data races
ASoC: SOF: Intel: hda: Fix SKL dai count
regulator: vctrl-regulator: Avoid deadlock getting and setting the voltage
f2fs: fix memleak of kobject
x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd
pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional
cmd64x: potential buffer overflow in cmd64x_program_timings()
ide: serverworks: potential overflow in svwks_set_pio_mode()
pwm: Remove set but not set variable 'pwm'
btrfs: fix possible NULL-pointer dereference in integrity checks
btrfs: safely advance counter when looking up bio csums
btrfs: device stats, log when stats are zeroed
module: avoid setting info->name early in case we can fall back to info->mod->name
remoteproc: Initialize rproc_class before use
regulator: core: Fix exported symbols to the exported GPL version
irqchip/mbigen: Set driver .suppress_bind_attrs to avoid remove problems
ALSA: hda/hdmi - add retry logic to parse_intel_hdmi()
spi: spi-fsl-qspi: Ensure width is respected in spi-mem operations
kbuild: use -S instead of -E for precise cc-option test in Kconfig
objtool: Fix ARCH=x86_64 build error
x86/decoder: Add TEST opcode to Group3-2
s390: adjust -mpacked-stack support check for clang 10
s390/ftrace: generate traced function stack frame
driver core: platform: fix u32 greater or equal to zero comparison
bpf, btf: Always output invariant hit in pahole DWARF to BTF transform
ALSA: hda - Add docking station support for Lenovo Thinkpad T420s
sunrpc: Fix potential leaks in sunrpc_cache_unhash()
drm/nouveau/mmu: fix comptag memory leak
powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
media: uvcvideo: Add a quirk to force GEO GC6500 Camera bits-per-pixel value
btrfs: separate definition of assertion failure handlers
btrfs: Fix split-brain handling when changing FSID to metadata uuid
bcache: cached_dev_free needs to put the sb page
bcache: rework error unwinding in register_bcache
bcache: fix use-after-free in register_bcache()
iommu/vt-d: Remove unnecessary WARN_ON_ONCE()
alarmtimer: Make alarmtimer platform device child of RTC device
selftests: bpf: Reset global state between reuseport test runs
jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record
jbd2: make sure ESHUTDOWN to be recorded in the journal superblock
powerpc/pseries/lparcfg: Fix display of Maximum Memory
selftests/eeh: Bump EEH wait time to 60s
ARM: 8951/1: Fix Kexec compilation issue.
ALSA: usb-audio: add quirks for Line6 Helix devices fw>=2.82
hostap: Adjust indentation in prism2_hostapd_add_sta
rtw88: fix potential NULL skb access in TX ISR
iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop
cifs: fix unitialized variable poential problem with network I/O cache lock patch
cifs: Fix mount options set in automount
cifs: fix NULL dereference in match_prepath
bpf: map_seq_next should always increase position index
powerpc/mm: Don't log user reads to 0xffffffff
ceph: check availability of mds cluster on mount after wait timeout
rbd: work around -Wuninitialized warning
drm/amd/display: do not allocate display_mode_lib unnecessarily
irqchip/gic-v3: Only provision redistributors that are enabled in ACPI
drm/nouveau/disp/nv50-: prevent oops when no channel method map provided
char: hpet: Fix out-of-bounds read bug
ftrace: fpid_next() should increase position index
trigger_next should increase position index
radeon: insert 10ms sleep in dce5_crtc_load_lut
powerpc: Do not consider weak unresolved symbol relocations as bad
btrfs: do not do delalloc reservation under page lock
ocfs2: make local header paths relative to C files
ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans()
lib/scatterlist.c: adjust indentation in __sg_alloc_table
reiserfs: prevent NULL pointer dereference in reiserfs_insert_item()
bcache: fix memory corruption in bch_cache_accounting_clear()
bcache: explicity type cast in bset_bkey_last()
bcache: fix incorrect data type usage in btree_flush_write()
irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building INVALL
nvmet: Pass lockdep expression to RCU lists
nvme-pci: remove nvmeq->tags
iwlwifi: mvm: Fix thermal zone registration
iwlwifi: mvm: Check the sta is not NULL in iwl_mvm_cfg_he_sta()
asm-generic/tlb: add missing CONFIG symbol
microblaze: Prevent the overflow of the start
brd: check and limit max_part par
drm/amdgpu/smu10: fix smu10_get_clock_by_type_with_latency
drm/amdgpu/smu10: fix smu10_get_clock_by_type_with_voltage
NFS: Fix memory leaks
help_next should increase position index
i40e: Relax i40e_xsk_wakeup's return value when PF is busy
cifs: log warning message (once) if out of disk space
virtio_balloon: prevent pfn array overflow
fuse: don't overflow LLONG_MAX with end offset
mlxsw: spectrum_dpipe: Add missing error path
s390/pci: Recover handle in clp_set_pci_fn()
drm/amdgpu/display: handle multiple numbers of fclks in dcn_calcs.c (v2)
bcache: properly initialize 'path' and 'err' in register_bcache()
rtc: Kconfig: select REGMAP_I2C when necessary
Linux 5.4.22
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Iaeb3945493ecc81a0ae90ef87b19ceb2caf48164
|
||
Vasily Averin
|
3ce3df5d00 |
bpf: map_seq_next should always increase position index
[ Upstream commit
|
||
|
Greg Kroah-Hartman
|
87acfa0267 |
Merge 5.4.19 into android-5.4
Changes in 5.4.19
sparc32: fix struct ipc64_perm type definition
bnxt_en: Move devlink_register before registering netdev
cls_rsvp: fix rsvp_policy
gtp: use __GFP_NOWARN to avoid memalloc warning
l2tp: Allow duplicate session creation with UDP
net: hsr: fix possible NULL deref in hsr_handle_frame()
net_sched: fix an OOB access in cls_tcindex
net: stmmac: Delete txtimer in suspend()
bnxt_en: Fix TC queue mapping.
rxrpc: Fix use-after-free in rxrpc_put_local()
rxrpc: Fix insufficient receive notification generation
rxrpc: Fix missing active use pinning of rxrpc_local object
rxrpc: Fix NULL pointer deref due to call->conn being cleared on disconnect
tcp: clear tp->total_retrans in tcp_disconnect()
tcp: clear tp->delivered in tcp_disconnect()
tcp: clear tp->data_segs{in|out} in tcp_disconnect()
tcp: clear tp->segs_{in|out} in tcp_disconnect()
ionic: fix rxq comp packet type mask
MAINTAINERS: correct entries for ISDN/mISDN section
netdevsim: fix stack-out-of-bounds in nsim_dev_debugfs_init()
bnxt_en: Fix logic that disables Bus Master during firmware reset.
media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
mfd: dln2: More sanity checking for endpoints
netfilter: ipset: fix suspicious RCU usage in find_set_and_id
ipc/msg.c: consolidate all xxxctl_down() functions
tracing/kprobes: Have uname use __get_str() in print_fmt
tracing: Fix sched switch start/stop refcount racy updates
rcu: Use *_ONCE() to protect lockless ->expmask accesses
rcu: Avoid data-race in rcu_gp_fqs_check_wake()
srcu: Apply *_ONCE() to ->srcu_last_gp_end
rcu: Use READ_ONCE() for ->expmask in rcu_read_unlock_special()
nvmet: Fix error print message at nvmet_install_queue function
nvmet: Fix controller use after free
Bluetooth: btusb: fix memory leak on fw
Bluetooth: btusb: Disable runtime suspend on Realtek devices
brcmfmac: Fix memory leak in brcmf_usbdev_qinit
usb: dwc3: gadget: Check END_TRANSFER completion
usb: dwc3: gadget: Delay starting transfer
usb: typec: tcpci: mask event interrupts when remove driver
objtool: Silence build output
usb: gadget: f_fs: set req->num_sgs as 0 for non-sg transfer
usb: gadget: legacy: set max_speed to super-speed
usb: gadget: f_ncm: Use atomic_t to track in-flight request
usb: gadget: f_ecm: Use atomic_t to track in-flight request
ALSA: usb-audio: Fix endianess in descriptor validation
ALSA: usb-audio: Annotate endianess in Scarlett gen2 quirk
ALSA: dummy: Fix PCM format loop in proc output
memcg: fix a crash in wb_workfn when a device disappears
mm/sparse.c: reset section's mem_map when fully deactivated
mmc: sdhci-pci: Make function amd_sdhci_reset static
utimes: Clamp the timestamps in notify_change()
mm/memory_hotplug: fix remove_memory() lockdep splat
mm: thp: don't need care deferred split queue in memcg charge move path
mm: move_pages: report the number of non-attempted pages
media/v4l2-core: set pages dirty upon releasing DMA buffers
media: v4l2-core: compat: ignore native command codes
media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments
lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more()
irqdomain: Fix a memory leak in irq_domain_push_irq()
x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
platform/x86: intel_scu_ipc: Fix interrupt support
ALSA: hda: Apply aligned MMIO access only conditionally
ALSA: hda: Add Clevo W65_67SB the power_save blacklist
ALSA: hda: Add JasperLake PCI ID and codec vid
arm64: acpi: fix DAIF manipulation with pNMI
KVM: arm64: Correct PSTATE on exception entry
KVM: arm/arm64: Correct CPSR on exception entry
KVM: arm/arm64: Correct AArch32 SPSR on exception entry
KVM: arm64: Only sign-extend MMIO up to register width
MIPS: syscalls: fix indentation of the 'SYSNR' message
MIPS: fix indentation of the 'RELOCS' message
MIPS: boot: fix typo in 'vmlinux.lzma.its' target
s390/mm: fix dynamic pagetable upgrade for hugetlbfs
powerpc/mmu_gather: enable RCU_TABLE_FREE even for !SMP case
powerpc/ptdump: Fix W+X verification
powerpc/xmon: don't access ASDR in VMs
powerpc/pseries: Advance pfn if section is not present in lmb_is_removable()
powerpc/32s: Fix bad_kuap_fault()
powerpc/32s: Fix CPU wake-up from sleep mode
tracing: Fix now invalid var_ref_vals assumption in trace action
PCI: tegra: Fix return value check of pm_runtime_get_sync()
PCI: keystone: Fix outbound region mapping
PCI: keystone: Fix link training retries initiation
PCI: keystone: Fix error handling when "num-viewport" DT property is not populated
mmc: spi: Toggle SPI polarity, do not hardcode it
ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards
ACPI / battery: Deal with design or full capacity being reported as -1
ACPI / battery: Use design-cap for capacity calculations if full-cap is not available
ACPI / battery: Deal better with neither design nor full capacity not being reported
alarmtimer: Unregister wakeup source when module get fails
fscrypt: don't print name of busy file when removing key
ubifs: don't trigger assertion on invalid no-key filename
ubifs: Fix wrong memory allocation
ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag
ubifs: Fix deadlock in concurrent bulk-read and writepage
mmc: sdhci-of-at91: fix memleak on clk_get failure
ASoC: SOF: core: free trace on errors
hv_balloon: Balloon up according to request page number
mfd: axp20x: Mark AXP20X_VBUS_IPSOUT_MGMT as volatile
nvmem: core: fix memory abort in cleanup path
crypto: api - Check spawn->alg under lock in crypto_drop_spawn
crypto: ccree - fix backlog memory leak
crypto: ccree - fix AEAD decrypt auth fail
crypto: ccree - fix pm wrongful error reporting
crypto: ccree - fix FDE descriptor sequence
crypto: ccree - fix PM race condition
padata: Remove broken queue flushing
fs: allow deduplication of eof block into the end of the destination file
scripts/find-unused-docs: Fix massive false positives
erofs: fix out-of-bound read for shifted uncompressed block
scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state
scsi: qla2xxx: Fix mtcp dump collection failure
cpupower: Revert library ABI changes from commit
|
||
Amol Grover
|
ab48c14a44 |
bpf, devmap: Pass lockdep expression to RCU lists
commit |
||
|
Greg Kroah-Hartman
|
33c8a1b2d0 |
Merge 5.4.15 into android-5.4
Changes in 5.4.15 drm/i915: Fix pid leak with banned clients libbpf: Fix compatibility for kernels without need_wakeup libbpf: Fix memory leak/double free issue libbpf: Fix potential overflow issue libbpf: Fix another potential overflow issue in bpf_prog_linfo libbpf: Make btf__resolve_size logic always check size error condition bpf: Force .BTF section start to zero when dumping from vmlinux samples: bpf: update map definition to new syntax BTF-defined map samples/bpf: Fix broken xdp_rxq_info due to map order assumptions ARM: dts: logicpd-torpedo-37xx-devkit-28: Reference new DRM panel ARM: OMAP2+: Add missing put_device() call in omapdss_init_of() xfs: Sanity check flags of Q_XQUOTARM call i2c: stm32f7: rework slave_id allocation i2c: i2c-stm32f7: fix 10-bits check in slave free id search loop mfd: intel-lpss: Add default I2C device properties for Gemini Lake SUNRPC: Fix svcauth_gss_proxy_init() SUNRPC: Fix backchannel latency metrics powerpc/security: Fix debugfs data leak on 32-bit powerpc/pseries: Enable support for ibm,drc-info property powerpc/kasan: Fix boot failure with RELOCATABLE && FSL_BOOKE powerpc/archrandom: fix arch_get_random_seed_int() tipc: reduce sensitive to retransmit failures tipc: update mon's self addr when node addr generated tipc: fix potential memory leak in __tipc_sendmsg() tipc: fix wrong socket reference counter after tipc_sk_timeout() returns tipc: fix wrong timeout input for tipc_wait_for_cond() net/mlx5e: Fix free peer_flow when refcount is 0 phy: lantiq: vrx200-pcie: fix error return code in ltq_vrx200_pcie_phy_power_on() net: phy: broadcom: Fix RGMII delays configuration for BCM54210E phy: ti: gmii-sel: fix mac tx internal delay for rgmii-rxid mt76: mt76u: fix endpoint definition order mt7601u: fix bbp version check in mt7601u_wait_bbp_ready ice: fix stack leakage s390/pkey: fix memory leak within _copy_apqns_from_user() nfsd: depend on CRYPTO_MD5 for legacy client tracking crypto: amcc - restore CRYPTO_AES dependency crypto: sun4i-ss - fix big endian issues perf map: No need to adjust the long name of modules leds: tlc591xx: update the maximum brightness soc/tegra: pmc: Fix crashes for hierarchical interrupts soc: qcom: llcc: Name regmaps to avoid collisions soc: renesas: Add missing check for non-zero product register address soc: aspeed: Fix snoop_file_poll()'s return type watchdog: sprd: Fix the incorrect pointer getting from driver data ipmi: Fix memory leak in __ipmi_bmc_register sched/core: Further clarify sched_class::set_next_task() gpiolib: No need to call gpiochip_remove_pin_ranges() twice rtw88: fix beaconing mode rsvd_page memory violation issue rtw88: fix error handling when setup efuse info drm/panfrost: Add missing check for pfdev->regulator drm: panel-lvds: Potential Oops in probe error handling drm/amdgpu: remove excess function parameter description hwrng: omap3-rom - Fix missing clock by probing with device tree dpaa2-eth: Fix minor bug in ethtool stats reporting drm/rockchip: Round up _before_ giving to the clock framework software node: Get reference to parent swnode in get_parent op PCI: mobiveil: Fix csr_read()/write() build issue drm: rcar_lvds: Fix color mismatches on R-Car H2 ES2.0 and later net: netsec: Correct dma sync for XDP_TX frames ACPI: platform: Unregister stale platform devices pwm: sun4i: Fix incorrect calculation of duty_cycle/period regulator: bd70528: Add MODULE_ALIAS to allow module auto loading drm/amdgpu/vi: silence an uninitialized variable warning power: supply: bd70528: Add MODULE_ALIAS to allow module auto loading firmware: imx: Remove call to devm_of_platform_populate libbpf: Don't use kernel-side u32 type in xsk.c rcu: Fix uninitialized variable in nocb_gp_wait() dpaa_eth: perform DMA unmapping before read dpaa_eth: avoid timestamp read on error paths scsi: ufs: delete redundant function ufshcd_def_desc_sizes() net: openvswitch: don't unlock mutex when changing the user_features fails hv_netvsc: flag software created hash value rt2800: remove errornous duplicate condition net: neigh: use long type to store jiffies delta net: axienet: Fix error return code in axienet_probe() selftests: gen_kselftest_tar.sh: Do not clobber kselftest/ rtc: bd70528: fix module alias to autoload module packet: fix data-race in fanout_flow_is_huge() i2c: stm32f7: report dma error during probe kselftests: cgroup: Avoid the reuse of fd after it is deallocated firmware: arm_scmi: Fix doorbell ring logic for !CONFIG_64BIT mmc: sdio: fix wl1251 vendor id mmc: core: fix wl1251 sdio quirks tee: optee: Fix dynamic shm pool allocations tee: optee: fix device enumeration error handling workqueue: Add RCU annotation for pwq list walk SUNRPC: Fix another issue with MIC buffer space sched/cpufreq: Move the cfs_rq_util_change() call to cpufreq_update_util() mt76: mt76u: rely on usb_interface instead of usb_dev dma-direct: don't check swiotlb=force in dma_direct_map_resource afs: Remove set but not used variables 'before', 'after' dmaengine: ti: edma: fix missed failure handling drm/radeon: fix bad DMA from INTERRUPT_CNTL2 xdp: Fix cleanup on map free for devmap_hash map type platform/chrome: wilco_ec: fix use after free issue block: fix memleak of bio integrity data s390/qeth: fix dangling IO buffers after halt/clear net-sysfs: Call dev_hold always in netdev_queue_add_kobject gpio: aspeed: avoid return type warning phy/rockchip: inno-hdmi: round clock rate down to closest 1000 Hz optee: Fix multi page dynamic shm pool alloc Linux 5.4.15 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I28b2a19657d40804406dc0e7c266296ce8768eb7 |
||
Toke Høiland-Jørgensen
|
074fd02d45 |
xdp: Fix cleanup on map free for devmap_hash map type
[ Upstream commit |
||
|
Greg Kroah-Hartman
|
ea962facf5 |
Merge 5.4.14 into android-5.4
Changes in 5.4.14
ARM: dts: meson8: fix the size of the PMU registers
clk: qcom: gcc-sdm845: Add missing flag to votable GDSCs
soc: amlogic: meson-ee-pwrc: propagate PD provider registration errors
soc: amlogic: meson-ee-pwrc: propagate errors from pm_genpd_init()
dt-bindings: reset: meson8b: fix duplicate reset IDs
ARM: dts: imx6q-dhcom: fix rtc compatible
arm64: dts: ls1028a: fix endian setting for dcfg
arm64: dts: imx8mm: Change SDMA1 ahb clock for imx8mm
bus: ti-sysc: Fix iterating over clocks
clk: Don't try to enable critical clocks if prepare failed
Revert "gpio: thunderx: Switch to GPIOLIB_IRQCHIP"
arm64: dts: imx8mq-librem5-devkit: use correct interrupt for the magnetometer
ASoC: msm8916-wcd-digital: Reset RX interpolation path after use
ASoC: stm32: sai: fix possible circular locking
ASoC: stm32: dfsdm: fix 16 bits record
ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1
ASoC: msm8916-wcd-analog: Fix MIC BIAS Internal1
ARM: OMAP2+: Fix ti_sysc_find_one_clockdomain to check for to_clk_hw_omap
ARM: dts: imx7ulp: fix reg of cpu node
ARM: dts: imx6q-dhcom: Fix SGTL5000 VDDIO regulator connection
ASoC: Intel: bytcht_es8316: Fix Irbis NB41 netbook quirk
ALSA: dice: fix fallback from protocol extension into limited functionality
ALSA: seq: Fix racy access for queue timer in proc read
ALSA: firewire-tascam: fix corruption due to spin lock without restoration in SoftIRQ context
ALSA: usb-audio: fix sync-ep altsetting sanity check
arm64: dts: allwinner: a64: olinuxino: Fix SDIO supply regulator
arm64: dts: allwinner: a64: olinuxino: Fix eMMC supply regulator
arm64: dts: agilex/stratix10: fix pmu interrupt numbers
Fix built-in early-load Intel microcode alignment
clk: sunxi-ng: r40: Allow setting parent rate for external clock outputs
block: fix an integer overflow in logical block size
fuse: fix fuse_send_readpages() in the syncronous read case
io_uring: only allow submit from owning task
cpuidle: teo: Fix intervals[] array indexing bug
ARM: dts: am571x-idk: Fix gpios property to have the correct gpio number
ARM: davinci: select CONFIG_RESET_CONTROLLER
perf: Correctly handle failed perf_get_aux_event()
iio: adc: ad7124: Fix DT channel configuration
iio: imu: st_lsm6dsx: Fix selection of ST_LSM6DS3_ID
iio: light: vcnl4000: Fix scale for vcnl4040
iio: chemical: pms7003: fix unmet triggered buffer dependency
iio: buffer: align the size of scan bytes to size of the largest element
USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx
USB: serial: option: Add support for Quectel RM500Q
USB: serial: opticon: fix control-message timeouts
USB: serial: option: add support for Quectel RM500Q in QDL mode
USB: serial: suppress driver bind attributes
USB: serial: ch341: handle unbound port at reset_resume
USB: serial: io_edgeport: handle unbound ports on URB completion
USB: serial: io_edgeport: add missing active-port sanity check
USB: serial: keyspan: handle unbound ports
USB: serial: quatech2: handle unbound ports
staging: comedi: ni_routes: fix null dereference in ni_find_route_source()
staging: comedi: ni_routes: allow partial routing information
scsi: fnic: fix invalid stack access
scsi: mptfusion: Fix double fetch bug in ioctl
ptrace: reintroduce usage of subjective credentials in ptrace_has_cap()
mtd: rawnand: gpmi: Fix suspend/resume problem
mtd: rawnand: gpmi: Restore nfc timing setup after suspend/resume
usb: core: hub: Improved device recognition on remote wakeup
cpu/SMT: Fix x86 link error without CONFIG_SYSFS
x86/resctrl: Fix an imbalance in domain_remove_cpu()
x86/CPU/AMD: Ensure clearing of SME/SEV features is maintained
locking/rwsem: Fix kernel crash when spinning on RWSEM_OWNER_UNKNOWN
perf/x86/intel/uncore: Fix missing marker for snr_uncore_imc_freerunning_events
x86/efistub: Disable paging at mixed mode entry
s390/zcrypt: Fix CCA cipher key gen with clear key value function
scsi: storvsc: Correctly set number of hardware queues for IDE disk
mtd: spi-nor: Fix selection of 4-byte addressing opcodes on Spansion
drm/i915: Add missing include file <linux/math64.h>
x86/resctrl: Fix potential memory leak
efi/earlycon: Fix write-combine mapping on x86
s390/setup: Fix secure ipl message
clk: samsung: exynos5420: Keep top G3D clocks enabled
perf hists: Fix variable name's inconsistency in hists__for_each() macro
locking/lockdep: Fix buffer overrun problem in stack_trace[]
perf report: Fix incorrectly added dimensions as switch perf data file
mm/shmem.c: thp, shmem: fix conflict of above-47bit hint address and PMD alignment
mm/huge_memory.c: thp: fix conflict of above-47bit hint address and PMD alignment
mm: memcg/slab: fix percpu slab vmstats flushing
mm: memcg/slab: call flush_memcg_workqueue() only if memcg workqueue is valid
mm, debug_pagealloc: don't rely on static keys too early
btrfs: rework arguments of btrfs_unlink_subvol
btrfs: fix invalid removal of root ref
btrfs: do not delete mismatched root refs
btrfs: relocation: fix reloc_root lifespan and access
btrfs: fix memory leak in qgroup accounting
btrfs: check rw_devices, not num_devices for balance
Btrfs: always copy scrub arguments back to user space
mm/memory_hotplug: don't free usage map when removing a re-added early section
mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()
mm: khugepaged: add trace status description for SCAN_PAGE_HAS_PRIVATE
ARM: dts: imx6qdl-sabresd: Remove incorrect power supply assignment
ARM: dts: imx6sx-sdb: Remove incorrect power supply assignment
ARM: dts: imx6sl-evk: Remove incorrect power supply assignment
ARM: dts: imx6sll-evk: Remove incorrect power supply assignment
ARM: dts: imx6q-icore-mipi: Use 1.5 version of i.Core MX6DL
ARM: dts: imx7: Fix Toradex Colibri iMX7S 256MB NAND flash support
net: stmmac: 16KB buffer must be 16 byte aligned
net: stmmac: Enable 16KB buffer size
reset: Fix {of,devm}_reset_control_array_get kerneldoc return types
tipc: fix potential hanging after b/rcast changing
tipc: fix retrans failure due to wrong destination
net: fix kernel-doc warning in <linux/netdevice.h>
block: Fix the type of 'sts' in bsg_queue_rq()
drm/amd/display: Reorder detect_edp_sink_caps before link settings read.
bpf: Fix incorrect verifier simulation of ARSH under ALU32
bpf: Sockmap/tls, during free we may call tcp_bpf_unhash() in loop
bpf: Sockmap, ensure sock lock held during tear down
bpf: Sockmap/tls, push write_space updates through ulp updates
bpf: Sockmap, skmsg helper overestimates push, pull, and pop bounds
bpf: Sockmap/tls, msg_push_data may leave end mark in place
bpf: Sockmap/tls, tls_sw can create a plaintext buf > encrypt buf
bpf: Sockmap/tls, skmsg can have wrapped skmsg that needs extra chaining
bpf: Sockmap/tls, fix pop data with SK_DROP return code
i2c: tegra: Fix suspending in active runtime PM state
i2c: tegra: Properly disable runtime PM on driver's probe error
cfg80211: fix deadlocks in autodisconnect work
cfg80211: fix memory leak in nl80211_probe_mesh_link
cfg80211: fix memory leak in cfg80211_cqm_rssi_update
cfg80211: fix page refcount issue in A-MSDU decap
bpf/sockmap: Read psock ingress_msg before sk_receive_queue
i2c: iop3xx: Fix memory leak in probe error path
netfilter: fix a use-after-free in mtype_destroy()
netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
netfilter: nat: fix ICMP header corruption on ICMP errors
netfilter: nft_tunnel: fix null-attribute check
netfilter: nft_tunnel: ERSPAN_VERSION must not be null
netfilter: nf_tables: remove WARN and add NLA_STRING upper limits
netfilter: nf_tables: store transaction list locally while requesting module
netfilter: nf_tables: fix flowtable list del corruption
NFC: pn533: fix bulk-message timeout
net: bpf: Don't leak time wait and request sockets
bpftool: Fix printing incorrect pointer in btf_dump_ptr
batman-adv: Fix DAT candidate selection on little endian systems
macvlan: use skb_reset_mac_header() in macvlan_queue_xmit()
hv_netvsc: Fix memory leak when removing rndis device
net: avoid updating qdisc_xmit_lock_key in netdev_update_lockdep_key()
net: dsa: tag_qca: fix doubled Tx statistics
net: hns3: pad the short frame before sending to the hardware
net: hns: fix soft lockup when there is not enough memory
net: phy: dp83867: Set FORCE_LINK_GOOD to default after reset
net/sched: act_ife: initalize ife->metalist earlier
net: usb: lan78xx: limit size of local TSO packets
net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info
ptp: free ptp device pin descriptors properly
r8152: add missing endpoint sanity check
tcp: fix marked lost packets not being retransmitted
bnxt_en: Fix NTUPLE firmware command failures.
bnxt_en: Fix ipv6 RFS filter matching logic.
bnxt_en: Do not treat DSN (Digital Serial Number) read failure as fatal.
net: ethernet: ave: Avoid lockdep warning
net: systemport: Fixed queue mapping in internal ring map
net: dsa: sja1105: Don't error out on disabled ports with no phy-mode
net: dsa: tag_gswip: fix typo in tagger name
net: sched: act_ctinfo: fix memory leak
net: dsa: bcm_sf2: Configure IMP port for 2Gb/sec
i40e: prevent memory leak in i40e_setup_macvlans
drm/amdgpu: allow direct upload save restore list for raven2
sh_eth: check sh_eth_cpu_data::dual_port when dumping registers
mlxsw: spectrum: Do not modify cloned SKBs during xmit
mlxsw: spectrum: Wipe xstats.backlog of down ports
mlxsw: spectrum_qdisc: Include MC TCs in Qdisc counters
net: stmmac: selftests: Make it work in Synopsys AXS101 boards
net: stmmac: selftests: Mark as fail when received VLAN ID != expected
selftests: mlxsw: qos_mc_aware: Fix mausezahn invocation
net: stmmac: selftests: Update status when disabling RSS
net: stmmac: tc: Do not setup flower filtering if RSS is enabled
devlink: Wait longer before warning about unset port type
xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk
dt-bindings: Add missing 'properties' keyword enclosing 'snps,tso'
tcp: refine rule to allow EPOLLOUT generation under mem pressure
irqchip: Place CONFIG_SIFIVE_PLIC into the menu
arm64: dts: qcom: msm8998: Disable coresight by default
cw1200: Fix a signedness bug in cw1200_load_firmware()
arm64: dts: meson: axg: fix audio fifo reg size
arm64: dts: meson: g12: fix audio fifo reg size
arm64: dts: meson-gxl-s905x-khadas-vim: fix gpio-keys-polled node
arm64: dts: renesas: r8a77970: Fix PWM3
arm64: dts: marvell: Add AP806-dual missing CPU clocks
cfg80211: check for set_wiphy_params
tick/sched: Annotate lockless access to last_jiffies_update
arm64: dts: marvell: Fix CP110 NAND controller node multi-line comment alignment
arm64: dts: renesas: r8a774a1: Remove audio port node
arm64: dts: imx8mm-evk: Assigned clocks for audio plls
arm64: dts: qcom: sdm845-cheza: delete zap-shader
ARM: dts: imx6ul-kontron-n6310-s: Disable the snvs-poweroff driver
arm64: dts: allwinner: a64: Re-add PMU node
ARM: dts: dra7: fix cpsw mdio fck clock
arm64: dts: juno: Fix UART frequency
ARM: dts: Fix sgx sysconfig register for omap4
Revert "arm64: dts: juno: add dma-ranges property"
mtd: devices: fix mchp23k256 read and write
mtd: cfi_cmdset_0002: only check errors when ready in cfi_check_err_status()
mtd: cfi_cmdset_0002: fix delayed error detection on HyperFlash
um: Don't trace irqflags during shutdown
um: virtio_uml: Disallow modular build
reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
scsi: esas2r: unlock on error in esas2r_nvram_read_direct()
scsi: hisi_sas: Don't create debugfs dump folder twice
scsi: hisi_sas: Set the BIST init value before enabling BIST
scsi: qla4xxx: fix double free bug
scsi: bnx2i: fix potential use after free
scsi: target: core: Fix a pr_debug() argument
scsi: lpfc: fix: Coverity: lpfc_get_scsi_buf_s3(): Null pointer dereferences
scsi: hisi_sas: Return directly if init hardware failed
scsi: scsi_transport_sas: Fix memory leak when removing devices
scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI
scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan
scsi: core: scsi_trace: Use get_unaligned_be*()
scsi: lpfc: Fix list corruption detected in lpfc_put_sgl_per_hdwq
scsi: lpfc: Fix hdwq sgl locks and irq handling
scsi: lpfc: Fix a kernel warning triggered by lpfc_get_sgl_per_hdwq()
rtw88: fix potential read outside array boundary
perf probe: Fix wrong address verification
perf script: Allow --time with --reltime
clk: sprd: Use IS_ERR() to validate the return value of syscon_regmap_lookup_by_phandle()
clk: imx7ulp: Correct system clock source option #7
clk: imx7ulp: Correct DDR clock mux options
regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id
hwmon: (pmbus/ibm-cffps) Switch LEDs to blocking brightness call
hwmon: (pmbus/ibm-cffps) Fix LED blink behavior
perf script: Fix --reltime with --time
scsi: lpfc: use hdwq assigned cpu for allocation
Linux 5.4.14
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I400bdf3be682df698c2477fbf869d5ad8ce300b5
|
||
Daniel Borkmann
|
a19ed4acec |
bpf: Fix incorrect verifier simulation of ARSH under ALU32
commit |
||
|
Greg Kroah-Hartman
|
b0b02162a4 |
Merge 5.4.13 into android-5.4
Changes in 5.4.13 HID: hidraw, uhid: Always report EPOLLOUT rtc: mt6397: fix alarm register overwrite phy: mapphone-mdm6600: Fix uninitialized status value regression RDMA/bnxt_re: Avoid freeing MR resources if dereg fails RDMA/bnxt_re: Fix Send Work Entry state check while polling completions IB/hfi1: Don't cancel unused work item mtd: rawnand: stm32_fmc2: avoid to lock the CPU bus i2c: bcm2835: Store pointer to bus clock ASoC: SOF: imx8: fix memory allocation failure check on priv->pd_dev ASoC: soc-core: Set dpcm_playback / dpcm_capture ASoC: stm32: spdifrx: fix inconsistent lock state ASoC: stm32: spdifrx: fix race condition in irq handler ASoC: stm32: spdifrx: fix input pin state management pinctrl: lochnagar: select GPIOLIB netfilter: nft_flow_offload: fix underflow in flowtable reference counter ASoC: SOF: imx8: Fix dsp_box offset mtd: onenand: omap2: Pass correct flags for prep_dma_memcpy gpio: zynq: Fix for bug in zynq_gpio_restore_context API pinctrl: meson: Fix wrong shift value when get drive-strength selftests: loopback.sh: skip this test if the driver does not support iommu/vt-d: Unlink device if failed to add to group iommu: Remove device link to group on failure bpf: cgroup: prevent out-of-order release of cgroup bpf fs: move guard_bio_eod() after bio_set_op_attrs scsi: mpt3sas: Fix double free in attach error handling gpio: Fix error message on out-of-range GPIO in lookup table PM / devfreq: tegra: Add COMMON_CLK dependency PCI: amlogic: Fix probed clock names drm/tegra: Fix ordering of cleanup code hsr: add hsr root debugfs directory hsr: rename debugfs file when interface name is changed hsr: reset network header when supervision frame is created s390/qeth: fix qdio teardown after early init error s390/qeth: fix false reporting of VNIC CHAR config failure s390/qeth: Fix vnicc_is_in_use if rx_bcast not set s390/qeth: vnicc Fix init to default s390/qeth: fix initialization on old HW cifs: Adjust indentation in smb2_open_file scsi: smartpqi: Update attribute name to `driver_version` MAINTAINERS: Append missed file to the database ath9k: use iowrite32 over __raw_writel can: j1939: fix address claim code example dt-bindings: reset: Fix brcmstb-reset example reset: brcmstb: Remove resource checks afs: Fix missing cell comparison in afs_test_super() perf vendor events s390: Remove name from L1D_RO_EXCL_WRITES description syscalls/x86: Wire up COMPAT_SYSCALL_DEFINE0 syscalls/x86: Use COMPAT_SYSCALL_DEFINE0 for IA32 (rt_)sigreturn syscalls/x86: Use the correct function type for sys_ni_syscall syscalls/x86: Fix function types in COND_SYSCALL hsr: fix slab-out-of-bounds Read in hsr_debugfs_rename() btrfs: simplify inode locking for RWF_NOWAIT netfilter: nf_tables_offload: release flow_rule on error from commit path netfilter: nft_meta: use 64-bit time arithmetic ASoC: dt-bindings: mt8183: add missing update ASoC: simple_card_utils.h: Add missing include ASoC: fsl_esai: Add spin lock to protect reset, stop and start ASoC: SOF: Intel: Broadwell: clarify mutual exclusion with legacy driver ASoC: core: Fix compile warning with CONFIG_DEBUG_FS=n ASoC: rsnd: fix DALIGN register for SSIU RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size() RDMA/hns: remove a redundant le16_to_cpu RDMA/hns: Modify return value of restrack functions RDMA/counter: Prevent QP counter manual binding in auto mode RDMA/siw: Fix port number endianness in a debug message RDMA/hns: Fix build error again RDMA/hns: Release qp resources when failed to destroy qp xprtrdma: Add unique trace points for posting Local Invalidate WRs xprtrdma: Connection becomes unstable after a reconnect xprtrdma: Fix MR list handling xprtrdma: Close window between waking RPC senders and posting Receives RDMA/hns: Fix to support 64K page for srq RDMA/hns: Bugfix for qpc/cqc timer configuration rdma: Remove nes ABI header RDMA/mlx5: Return proper error value RDMA/srpt: Report the SCSI residual to the initiator uaccess: Add non-pagefault user-space write function bpf: Make use of probe_user_write in probe write helper bpf: skmsg, fix potential psock NULL pointer dereference bpf: Support pre-2.25-binutils objcopy for vmlinux BTF libbpf: Fix Makefile' libbpf symbol mismatch diagnostic afs: Fix use-after-loss-of-ref afs: Fix afs_lookup() to not clobber the version on a new dentry keys: Fix request_key() cache scsi: enclosure: Fix stale device oops with hot replug scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI platform/mellanox: fix potential deadlock in the tmfifo driver platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 platform/x86: GPD pocket fan: Use default values when wrong modparams are given asm-generic/nds32: don't redefine cacheflush primitives Documentation/ABI: Fix documentation inconsistency for mlxreg-io sysfs interfaces Documentation/ABI: Add missed attribute for mlxreg-io sysfs interfaces xprtrdma: Fix create_qp crash on device unload xprtrdma: Fix completion wait during device removal xprtrdma: Fix oops in Receive handler after device removal dm: add dm-clone to the documentation index scsi: ufs: Give an unique ID to each ufs-bsg crypto: cavium/nitrox - fix firmware assignment to AE cores crypto: hisilicon - select NEED_SG_DMA_LENGTH in qm Kconfig crypto: arm64/aes-neonbs - add return value of skcipher_walk_done() in __xts_crypt() crypto: virtio - implement missing support for output IVs crypto: algif_skcipher - Use chunksize instead of blocksize crypto: geode-aes - convert to skcipher API and make thread-safe NFSv2: Fix a typo in encode_sattr() nfsd: Fix cld_net->cn_tfm initialization nfsd: v4 support requires CRYPTO_SHA256 NFSv4.x: Handle bad/dead sessions correctly in nfs41_sequence_process() NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn iio: imu: st_lsm6dsx: fix gyro gain definitions for LSM9DS1 iio: imu: adis16480: assign bias value only if operation succeeded mei: fix modalias documentation clk: meson: axg-audio: fix regmap last register clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume clk: Fix memory leak in clk_unregister() dmaengine: dw: platform: Mark 'hclk' clock optional clk: imx: pll14xx: Fix quick switch of S/K parameter rsi: fix potential null dereference in rsi_probe() affs: fix a memory leak in affs_remount pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call pinctrl: sh-pfc: Fix PINMUX_IPSR_PHYS() to set GPSR pinctrl: sh-pfc: Do not use platform_get_irq() to count interrupts pinctrl: lewisburg: Update pin list according to v1.1v6 PCI: pciehp: Do not disable interrupt twice on suspend Revert "drm/virtio: switch virtio_gpu_wait_ioctl() to gem helper." drm/amdgpu: cleanup creating BOs at fixed location (v2) drm/amdgpu/discovery: reserve discovery data at the top of VRAM scsi: sd: enable compat ioctls for sed-opal arm64: dts: apq8096-db820c: Increase load on l21 for SDCARD gfs2: add compat_ioctl support af_unix: add compat_ioctl support compat_ioctl: handle SIOCOUTQNSD PCI: aardvark: Use LTSSM state to build link training flag PCI: aardvark: Fix PCI_EXP_RTCTL register configuration PCI: dwc: Fix find_next_bit() usage PCI: Fix missing bridge dma_ranges resource list cleanup PCI/PM: Clear PCIe PME Status even for legacy power management tools: PCI: Fix fd leakage PCI/PTM: Remove spurious "d" from granularity message powerpc/powernv: Disable native PCIe port management MIPS: PCI: remember nasid changed by set interrupt affinity MIPS: Loongson: Fix return value of loongson_hwmon_init MIPS: SGI-IP27: Fix crash, when CPUs are disabled via nr_cpus parameter tty: serial: imx: use the sg count from dma_map_sg tty: serial: pch_uart: correct usage of dma_unmap_sg ARM: 8943/1: Fix topology setup in case of CPU hotplug for CONFIG_SCHED_MC media: ov6650: Fix incorrect use of JPEG colorspace media: ov6650: Fix some format attributes not under control media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support media: ov6650: Fix default format not applied on device probe media: rcar-vin: Fix incorrect return statement in rvin_try_format() media: hantro: h264: Fix the frame_num wraparound case media: v4l: cadence: Fix how unsued lanes are handled in 'csi2rx_start()' media: exynos4-is: Fix recursive locking in isp_video_release() media: coda: fix deadlock between decoder picture run and start command media: cedrus: Use correct H264 8x8 scaling list media: hantro: Do not reorder H264 scaling list media: aspeed-video: Fix memory leaks in aspeed_video_probe media: hantro: Set H264 FIELDPIC_FLAG_E flag correctly iommu/mediatek: Correct the flush_iotlb_all callback iommu/mediatek: Add a new tlb_lock for tlb_flush memory: mtk-smi: Add PM suspend and resume ops Revert "ubifs: Fix memory leak bug in alloc_ubifs_info() error path" ubifs: Fixed missed le64_to_cpu() in journal ubifs: do_kill_orphans: Fix a memory leak bug spi: sprd: Fix the incorrect SPI register mtd: spi-nor: fix silent truncation in spi_nor_read() mtd: spi-nor: fix silent truncation in spi_nor_read_raw() spi: pxa2xx: Set controller->max_transfer_size in dma mode spi: atmel: fix handling of cs_change set on non-last xfer spi: rspi: Use platform_get_irq_byname_optional() for optional irqs spi: lpspi: fix memory leak in fsl_lpspi_probe iwlwifi: mvm: consider ieee80211 station max amsdu value rtlwifi: Remove unnecessary NULL check in rtl_regd_init iwlwifi: mvm: fix support for single antenna diversity sch_cake: Add missing NLA policy entry TCA_CAKE_SPLIT_GSO f2fs: fix potential overflow NFSD fixing possible null pointer derefering in copy offload rtc: msm6242: Fix reading of 10-hour digit rtc: brcmstb-waketimer: add missed clk_disable_unprepare rtc: bd70528: Add MODULE ALIAS to autoload module gpio: mpc8xxx: Add platform device to gpiochip->parent scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() scsi: target/iblock: Fix protection error with blocks greater than 512B selftests: firmware: Fix it to do root uid check and skip rseq/selftests: Turn off timeout setting riscv: export flush_icache_all to modules mips: cacheinfo: report shared CPU map mips: Fix gettimeofday() in the vdso library tomoyo: Suppress RCU warning at list_for_each_entry_rcu(). MIPS: Prevent link failure with kcov instrumentation drm/arm/mali: make malidp_mw_connector_helper_funcs static rxrpc: Unlock new call in rxrpc_new_incoming_call() rather than the caller rxrpc: Don't take call->user_mutex in rxrpc_new_incoming_call() rxrpc: Fix missing security check on incoming calls dmaengine: k3dma: Avoid null pointer traversal s390/qeth: lock the card while changing its hsuid ioat: ioat_alloc_ring() failure handling. drm/amdgpu: enable gfxoff for raven1 refresh media: intel-ipu3: Align struct ipu3_uapi_awb_fr_config_s to 32 bytes kbuild/deb-pkg: annotate libelf-dev dependency as :native hexagon: parenthesize registers in asm predicates hexagon: work around compiler crash ocfs2: call journal flush to mark journal as empty after journal recovery when mount Linux 5.4.13 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I90734cd9d80f000e05a8109a529916ae641cdede |
||
Roman Gushchin
|
80a332f418 |
bpf: cgroup: prevent out-of-order release of cgroup bpf
commit |
||
|
Greg Kroah-Hartman
|
fde6e0c654 |
Merge 5.4.11 into android-5.4
Changes in 5.4.11 USB: dummy-hcd: use usb_urb_dir_in instead of usb_pipein bpf: Fix passing modified ctx to ld/abs/ind instruction ASoC: rt5682: fix i2c arbitration lost issue spi: pxa2xx: Add support for Intel Jasper Lake regulator: fix use after free issue ASoC: max98090: fix possible race conditions spi: fsl: Fix GPIO descriptor support gpio: Handle counting of Freescale chipselects spi: fsl: Handle the single hardwired chipselect case locking/spinlock/debug: Fix various data races netfilter: ctnetlink: netns exit must wait for callbacks x86/intel: Disable HPET on Intel Ice Lake platforms netfilter: nf_tables_offload: Check for the NETDEV_UNREGISTER event mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() libtraceevent: Fix lib installation with O= libtraceevent: Copy pkg-config file to output folder when using O= regulator: core: fix regulator_register() error paths to properly release rdev x86/efi: Update e820 with reserved EFI boot services data to fix kexec breakage ASoC: Intel: bytcr_rt5640: Update quirk for Teclast X89 selftests: netfilter: use randomized netns names efi/gop: Return EFI_NOT_FOUND if there are no usable GOPs efi/gop: Return EFI_SUCCESS if a usable GOP was found efi/gop: Fix memory leak in __gop_query32/64() efi/earlycon: Remap entire framebuffer after page initialization ARM: dts: imx6ul: imx6ul-14x14-evk.dtsi: Fix SPI NOR probing ARM: vexpress: Set-up shared OPP table instead of individual for each CPU netfilter: uapi: Avoid undefined left-shift in xt_sctp.h netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets netfilter: nf_tables: validate NFT_SET_ELEM_INTERVAL_END netfilter: nf_tables: validate NFT_DATA_VALUE after nft_data_init() netfilter: nf_tables: skip module reference count bump on object updates netfilter: nf_tables_offload: return EOPNOTSUPP if rule specifies no actions ARM: dts: BCM5301X: Fix MDIO node address/size cells selftests/ftrace: Fix to check the existence of set_ftrace_filter selftests/ftrace: Fix ftrace test cases to check unsupported selftests/ftrace: Do not to use absolute debugfs path selftests/ftrace: Fix multiple kprobe testcase selftests: safesetid: Move link library to LDLIBS selftests: safesetid: Check the return value of setuid/setgid selftests: safesetid: Fix Makefile to set correct test program ARM: exynos_defconfig: Restore debugfs support ARM: dts: Cygnus: Fix MDIO node address/size cells spi: spi-cavium-thunderx: Add missing pci_release_regions() reset: Do not register resource data for missing resets ASoC: topology: Check return value for snd_soc_add_dai_link() ASoC: topology: Check return value for soc_tplg_pcm_create() ASoC: SOF: loader: snd_sof_fw_parse_ext_data log warning on unknown header ASoC: SOF: Intel: split cht and byt debug window sizes ARM: dts: am335x-sancloud-bbe: fix phy mode ARM: omap2plus_defconfig: Add back DEBUG_FS ARM: dts: bcm283x: Fix critical trip point arm64: dts: ls1028a: fix typo in TMU calibration data bpf, riscv: Limit to 33 tail calls bpf, mips: Limit to 33 tail calls bpftool: Don't crash on missing jited insns or ksyms perf metricgroup: Fix printing event names of metric group with multiple events perf header: Fix false warning when there are no duplicate cache entries spi: spi-ti-qspi: Fix a bug when accessing non default CS ARM: dts: am437x-gp/epos-evm: fix panel compatible kselftest/runner: Print new line in print of timeout log kselftest: Support old perl versions samples: bpf: Replace symbol compare of trace_event samples: bpf: fix syscall_tp due to unused syscall arm64: dts: ls1028a: fix reboot node ARM: imx_v6_v7_defconfig: Explicitly restore CONFIG_DEBUG_FS pinctrl: aspeed-g6: Fix LPC/eSPI mux configuration bus: ti-sysc: Fix missing reset delay handling clk: walk orphan list on clock provider registration mac80211: fix TID field in monitor mode transmit cfg80211: fix double-free after changing network namespace pinctrl: pinmux: fix a possible null pointer in pinmux_can_be_used_for_gpio powerpc: Ensure that swiotlb buffer is allocated from low memory btrfs: Fix error messages in qgroup_rescan_init Btrfs: fix cloning range with a hole when using the NO_HOLES feature powerpc/vcpu: Assume dedicated processors as non-preempt powerpc/spinlocks: Include correct header for static key btrfs: handle error in btrfs_cache_block_group Btrfs: fix hole extent items with a zero size after range cloning ocxl: Fix potential memory leak on context creation bpf: Clear skb->tstamp in bpf_redirect when necessary habanalabs: rate limit error msg on waiting for CS habanalabs: remove variable 'val' set but not used bnx2x: Do not handle requests from VFs after parity bnx2x: Fix logic to get total no. of PFs per engine cxgb4: Fix kernel panic while accessing sge_info net: usb: lan78xx: Fix error message format specifier parisc: fix compilation when KEXEC=n and KEXEC_FILE=y parisc: add missing __init annotation rfkill: Fix incorrect check to avoid NULL pointer dereference ASoC: wm8962: fix lambda value regulator: rn5t618: fix module aliases spi: nxp-fspi: Ensure width is respected in spi-mem operations clk: at91: fix possible deadlock staging: axis-fifo: add unspecified HAS_IOMEM dependency iommu/iova: Init the struct iova to fix the possible memleak kconfig: don't crash on NULL expressions in expr_eq() scripts: package: mkdebian: add missing rsync dependency perf/x86: Fix potential out-of-bounds access perf/x86/intel: Fix PT PMI handling sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime psi: Fix a division error in psi poll() usb: typec: fusb302: Fix an undefined reference to 'extcon_get_state' block: end bio with BLK_STS_AGAIN in case of non-mq devs and REQ_NOWAIT fs: avoid softlockups in s_inodes iterators fs: call fsnotify_sb_delete after evict_inodes perf/smmuv3: Remove the leftover put_cpu() in error path iommu/dma: Relax locking in iommu_dma_prepare_msi() io_uring: don't wait when under-submitting clk: Move clk_core_reparent_orphans() under CONFIG_OF net: stmmac: selftests: Needs to check the number of Multicast regs net: stmmac: Determine earlier the size of RX buffer net: stmmac: Do not accept invalid MTU values net: stmmac: xgmac: Clear previous RX buffer size net: stmmac: RX buffer size must be 16 byte aligned net: stmmac: Always arm TX Timer at end of transmission start s390/purgatory: do not build purgatory with kcov, kasan and friends drm/exynos: gsc: add missed component_del tpm/tpm_ftpm_tee: add shutdown call back xsk: Add rcu_read_lock around the XSK wakeup net/mlx5e: Fix concurrency issues between config flow and XSK net/i40e: Fix concurrency issues between config flow and XSK net/ixgbe: Fix concurrency issues between config flow and XSK platform/x86: pcengines-apuv2: fix simswap GPIO assignment arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list block: Fix a lockdep complaint triggered by request queue flushing s390/dasd/cio: Interpret ccw_device_get_mdc return value correctly s390/dasd: fix memleak in path handling error case block: fix memleak when __blk_rq_map_user_iov() is failed parisc: Fix compiler warnings in debug_core.c sbitmap: only queue kyber's wait callback if not already active s390/qeth: handle error due to unsupported transport mode s390/qeth: fix promiscuous mode after reset s390/qeth: don't return -ENOTSUPP to userspace llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c) hv_netvsc: Fix unwanted rx_table reset selftests: pmtu: fix init mtu value in description tracing: Do not create directories if lockdown is in affect gtp: fix bad unlock balance in gtp_encap_enable_socket macvlan: do not assume mac_header is set in macvlan_broadcast() net: dsa: mv88e6xxx: Preserve priority when setting CPU port. net: freescale: fec: Fix ethtool -d runtime PM net: stmmac: dwmac-sun8i: Allow all RGMII modes net: stmmac: dwmac-sunxi: Allow all RGMII modes net: stmmac: Fixed link does not need MDIO Bus net: usb: lan78xx: fix possible skb leak pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM sch_cake: avoid possible divide by zero in cake_enqueue() sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK vxlan: fix tos value before xmit mlxsw: spectrum_qdisc: Ignore grafting of invisible FIFO net: sch_prio: When ungrafting, replace with FIFO vlan: fix memory leak in vlan_dev_set_egress_priority vlan: vlan_changelink() should propagate errors macb: Don't unregister clks unconditionally net/mlx5: Move devlink registration before interfaces load net: dsa: mv88e6xxx: force cmode write on 6141/6341 net/mlx5e: Always print health reporter message to dmesg net/mlx5: DR, No need for atomic refcount for internal SW steering resources net/mlx5e: Fix hairpin RSS table size net/mlx5: DR, Init lists that are used in rule's member usb: dwc3: gadget: Fix request complete check USB: core: fix check for duplicate endpoints USB: serial: option: add Telit ME910G1 0x110a composition usb: missing parentheses in USE_NEW_SCHEME Linux 5.4.11 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Idb9985bebc97203fa305f881fd98a62ac08e66d9 |
||
|
Daniel Borkmann
|
b2eccb43aa |
bpf: Fix passing modified ctx to ld/abs/ind instruction
commit |
||
|
Greg Kroah-Hartman
|
813bf83282 |
Merge 5.4.9 into android-5.4
Changes in 5.4.9 drm/mcde: dsi: Fix invalid pointer dereference if panel cannot be found nvme_fc: add module to ops template to allow module references nvme-fc: fix double-free scenarios on hw queues drm/amdgpu: add check before enabling/disabling broadcast mode drm/amdgpu: add header line for power profile on Arcturus drm/amdgpu: add cache flush workaround to gfx8 emit_fence drm/amd/display: Map DSC resources 1-to-1 if numbers of OPPs and DSCs are equal drm/amd/display: Fixed kernel panic when booting with DP-to-HDMI dongle drm/amd/display: Change the delay time before enabling FEC drm/amd/display: Reset steer fifo before unblanking the stream drm/amd/display: update dispclk and dppclk vco frequency nvme/pci: Fix write and poll queue types nvme/pci: Fix read queue count iio: st_accel: Fix unused variable warning iio: adc: max9611: Fix too short conversion time delay PM / devfreq: Fix devfreq_notifier_call returning errno PM / devfreq: Set scaling_max_freq to max on OPP notifier error PM / devfreq: Don't fail devfreq_dev_release if not in list afs: Fix afs_find_server lookups for ipv4 peers afs: Fix SELinux setting security label on /afs RDMA/cma: add missed unregister_pernet_subsys in init failure rxe: correctly calculate iCRC for unaligned payloads scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func scsi: qla2xxx: Use explicit LOGO in target mode scsi: qla2xxx: Drop superfluous INIT_WORK of del_work scsi: qla2xxx: Don't call qlt_async_event twice scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length scsi: qla2xxx: Configure local loop for N2N target scsi: qla2xxx: Send Notify ACK after N2N PLOGI scsi: qla2xxx: Don't defer relogin unconditonally scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI scsi: iscsi: qla4xxx: fix double free in probe scsi: libsas: stop discovering if oob mode is disconnected scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func staging/wlan-ng: add CRC32 dependency in Kconfig drm/nouveau: Move the declaration of struct nouveau_conn_atom up a bit drm/nouveau: Fix drm-core using atomic code-paths on pre-nv50 hardware drm/nouveau/kms/nv50-: fix panel scaling usb: gadget: fix wrong endpoint desc net: make socket read/write_iter() honor IOCB_NOWAIT afs: Fix mountpoint parsing afs: Fix creation calls in the dynamic root to fail with EOPNOTSUPP raid5: need to set STRIPE_HANDLE for batch head md: raid1: check rdev before reference in raid1_sync_request func s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits s390/cpum_sf: Avoid SBD overflow condition in irq handler RDMA/counter: Prevent auto-binding a QP which are not tracked with res IB/mlx4: Follow mirror sequence of device add during device removal IB/mlx5: Fix steering rule of drop and count xen-blkback: prevent premature module unload xen/balloon: fix ballooned page accounting without hotplug enabled PM / hibernate: memory_bm_find_bit(): Tighten node optimisation ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC PCI: Add a helper to check Power Resource Requirements _PR3 existence ALSA: hda: Allow HDA to be runtime suspended when dGPU is not bound to a driver PCI: Fix missing inline for pci_pr3_present() ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen tcp: fix data-race in tcp_recvmsg() shmem: pin the file in shmem_fault() if mmap_sem is dropped taskstats: fix data-race ALSA: hda - Downgrade error message for single-cmd fallback netfilter: nft_tproxy: Fix port selector on Big Endian block: add bio_truncate to fix guard_bio_eod mm: drop mmap_sem before calling balance_dirty_pages() in write fault ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code ALSA: usb-audio: fix set_format altsetting sanity check ALSA: usb-audio: set the interface format after resume on Dell WD19 ALSA: hda - Apply sync-write workaround to old Intel platforms, too ALSA: hda/realtek - Add headset Mic no shutup for ALC283 drm/sun4i: hdmi: Remove duplicate cleanup calls drm/amdgpu/smu: add metrics table lock drm/amdgpu/smu: add metrics table lock for arcturus (v2) drm/amdgpu/smu: add metrics table lock for navi (v2) drm/amdgpu/smu: add metrics table lock for vega20 (v2) MIPS: BPF: Disable MIPS32 eBPF JIT MIPS: BPF: eBPF JIT: check for MIPS ISA compliance in Kconfig MIPS: Avoid VDSO ABI breakage due to global register variable media: pulse8-cec: fix lost cec_transmit_attempt_done() call media: cec: CEC 2.0-only bcast messages were ignored media: cec: avoid decrementing transmit_queue_sz if it is 0 media: cec: check 'transmit_in_progress', not 'transmitting' mm/memory_hotplug: shrink zones when offlining memory mm/zsmalloc.c: fix the migrated zspage statistics. memcg: account security cred as well to kmemcg mm: move_pages: return valid node id in status if the page is already on the target node mm/oom: fix pgtables units mismatch in Killed process message ocfs2: fix the crash due to call ocfs2_get_dlm_debug once less pstore/ram: Write new dumps to start of recycled zones pstore/ram: Fix error-path memory leak in persistent_ram_new() callers gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again locks: print unsigned ino in /proc/locks selftests/seccomp: Zero out seccomp_notif seccomp: Check that seccomp_notif is zeroed out by the user samples/seccomp: Zero out members based on seccomp_notif_sizes selftests/seccomp: Catch garbage on SECCOMP_IOCTL_NOTIF_RECV dmaengine: Fix access to uninitialized dma_slave_caps dmaengine: dma-jz4780: Also break descriptor chains on JZ4725B Btrfs: fix infinite loop during nocow writeback due to race compat_ioctl: block: handle Persistent Reservations compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES bpf: Fix precision tracking for unbounded scalars ata: libahci_platform: Export again ahci_platform_<en/dis>able_phys() ata: ahci_brcm: Fix AHCI resources management ata: ahci_brcm: Add missing clock management during recovery ata: ahci_brcm: BCM7425 AHCI requires AHCI_HFLAG_DELAY_ENGINE libata: Fix retrieving of active qcs gpio: xtensa: fix driver build gpiolib: fix up emulated open drain outputs clocksource: riscv: add notrace to riscv_sched_clock riscv: ftrace: correct the condition logic in function graph tracer rseq/selftests: Fix: Namespace gettid() for compatibility with glibc 2.30 tracing: Fix lock inversion in trace_event_enable_tgid_record() tracing: Avoid memory leak in process_system_preds() tracing: Have the histogram compare functions convert to u64 first tracing: Fix endianness bug in histogram trigger samples/trace_printk: Wait for IRQ work to finish io_uring: use current task creds instead of allocating a new one mm/gup: fix memory leak in __gup_benchmark_ioctl apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock dmaengine: virt-dma: Fix access after free in vchan_complete() gen_initramfs_list.sh: fix 'bad variable name' error ALSA: cs4236: fix error return comparison of an unsigned integer ALSA: pcm: Yet another missing check of non-cached buffer type ALSA: firewire-motu: Correct a typo in the clock proc string scsi: lpfc: Fix rpi release when deleting vport exit: panic before exit_mm() on global init exit arm64: Revert support for execute-only user mappings ftrace: Avoid potential division by zero in function profiler spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode drm/msm: include linux/sched/task.h PM / devfreq: Check NULL governor in available_governors_show sunrpc: fix crash when cache_head become valid before update arm64: dts: qcom: msm8998-clamshell: Remove retention idle state nfsd4: fix up replay_matches_cache() powerpc: Chunk calls to flush_dcache_range in arch_*_memory HID: i2c-hid: Reset ALPS touchpads on resume net/sched: annotate lockless accesses to qdisc->empty kernel/module.c: wakeup processes in module_wq on module unload ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100 perf callchain: Fix segfault in thread__resolve_callchain_sample() iommu/vt-d: Remove incorrect PSI capability check of: overlay: add_changeset_property() memory leak cifs: Fix potential softlockups while refreshing DFS cache firmware: arm_scmi: Avoid double free in error flow xfs: don't check for AG deadlock for realtime files in bunmapi platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table netfilter: nf_queue: enqueue skbs with NULL dst net, sysctl: Fix compiler warning when only cBPF is present watchdog: tqmx86_wdt: Fix build error regulator: axp20x: Fix axp20x_set_ramp_delay regulator: bd70528: Remove .set_ramp_delay for bd70528_ldo_ops spi: uniphier: Fix FIFO threshold regulator: axp20x: Fix AXP22x ELDO2 regulator enable bitmask powerpc/mm: Mark get_slice_psize() & slice_addr_is_low() as notrace Bluetooth: btusb: fix PM leak in error case of setup Bluetooth: delete a stray unlock Bluetooth: Fix memory leak in hci_connect_le_scan arm64: dts: meson-gxl-s905x-khadas-vim: fix uart_A bluetooth node arm64: dts: meson-gxm-khadas-vim2: fix uart_A bluetooth node media: flexcop-usb: ensure -EIO is returned on error condition regulator: ab8500: Remove AB8505 USB regulator media: usb: fix memory leak in af9005_identify_state dt-bindings: clock: renesas: rcar-usb2-clock-sel: Fix typo in example arm64: dts: meson: odroid-c2: Disable usb_otg bus to avoid power failed warning phy: renesas: rcar-gen3-usb2: Use platform_get_irq_optional() for optional irq tty: serial: msm_serial: Fix lockup for sysrq and oops cifs: Fix lookup of root ses in DFS referral cache fs: cifs: Fix atime update check vs mtime fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP ath9k_htc: Modify byte order for an error message ath9k_htc: Discard undersized packets drm/i915/execlists: Fix annotation for decoupling virtual request xfs: periodically yield scrub threads to the scheduler net: add annotations on hh->hh_len lockless accesses ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps btrfs: get rid of unique workqueue helper functions Btrfs: only associate the locked page with one async_chunk struct s390/smp: fix physical to logical CPU map for SMT mm/sparse.c: mark populate_section_memmap as __meminit xen/blkback: Avoid unmapping unmapped grant pages lib/ubsan: don't serialize UBSAN report efi: Don't attempt to map RCI2 config table if it doesn't exist perf/x86/intel/bts: Fix the use of page_private() net: annotate lockless accesses to sk->sk_pacing_shift hsr: avoid debugfs warning message when module is remove hsr: fix error handling routine in hsr_dev_finalize() hsr: fix a race condition in node list insertion and deletion mm/hugetlb: defer freeing of huge pages if in non-task context Linux 5.4.9 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I8eebcdac421faf74f70af8e8666abfdcdc45c86b |
||
|
Daniel Borkmann
|
abaf57360e |
bpf: Fix precision tracking for unbounded scalars
commit |
||
|
Greg Kroah-Hartman
|
861433ef01 |
Merge 5.4.7 into android-5.4
Changes in 5.4.7 af_packet: set defaule value for tmo fjes: fix missed check in fjes_acpi_add mod_devicetable: fix PHY module format net: dst: Force 4-byte alignment of dst_metrics net: gemini: Fix memory leak in gmac_setup_txqs net: hisilicon: Fix a BUG trigered by wrong bytes_compl net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() net: phy: ensure that phy IDs are correctly typed net: qlogic: Fix error paths in ql_alloc_large_buffers() net-sysfs: Call dev_hold always in rx_queue_add_kobject net: usb: lan78xx: Fix suspend/resume PHY register access error nfp: flower: fix stats id allocation qede: Disable hardware gro when xdp prog is installed qede: Fix multicast mac configuration sctp: fix memleak on err handling of stream initialization sctp: fully initialize v4 addr in some functions selftests: forwarding: Delete IPv6 address at the end neighbour: remove neigh_cleanup() method bonding: fix bond_neigh_init() net: ena: fix default tx interrupt moderation interval net: ena: fix issues in setting interrupt moderation params in ethtool dpaa2-ptp: fix double free of the ptp_qoriq IRQ mlxsw: spectrum_router: Remove unlikely user-triggerable warning net: ethernet: ti: davinci_cpdma: fix warning "device driver frees DMA memory with different size" net: stmmac: platform: Fix MDIO init for platforms without PHY net: dsa: b53: Fix egress flooding settings NFC: nxp-nci: Fix probing without ACPI btrfs: don't double lock the subvol_sem for rename exchange btrfs: do not call synchronize_srcu() in inode_tree_del Btrfs: make tree checker detect checksum items with overlapping ranges btrfs: return error pointer from alloc_test_extent_buffer Btrfs: fix missing data checksums after replaying a log tree btrfs: send: remove WARN_ON for readonly mount btrfs: abort transaction after failed inode updates in create_subvol btrfs: skip log replay on orphaned roots btrfs: do not leak reloc root if we fail to read the fs root btrfs: handle ENOENT in btrfs_uuid_tree_iterate Btrfs: fix removal logic of the tree mod log that leads to use-after-free issues ALSA: pcm: Avoid possible info leaks from PCM stream buffers ALSA: hda/ca0132 - Keep power on during processing DSP response ALSA: hda/ca0132 - Avoid endless loop ALSA: hda/ca0132 - Fix work handling in delayed HP detection drm/vc4/vc4_hdmi: fill in connector info drm/virtio: switch virtio_gpu_wait_ioctl() to gem helper. drm: mst: Fix query_payload ack reply struct drm/mipi-dbi: fix a loop in debugfs code drm/panel: Add missing drm_panel_init() in panel drivers drm: exynos: exynos_hdmi: use cec_notifier_conn_(un)register drm: Use EOPNOTSUPP, not ENOTSUPP drm/amd/display: verify stream link before link test drm/bridge: analogix-anx78xx: silence -EPROBE_DEFER warnings drm/amd/display: OTC underflow fix iio: max31856: add missing of_node and parent references to iio_dev iio: light: bh1750: Resolve compiler warning and make code more readable drm/amdgpu/sriov: add ring_stop before ring_create in psp v11 code drm/amdgpu: grab the id mgr lock while accessing passid_mapping drm/ttm: return -EBUSY on pipelining with no_gpu_wait (v2) drm/amd/display: Rebuild mapped resources after pipe split ath10k: add cleanup in ath10k_sta_state() drm/amd/display: Handle virtual signal type in disable_link() ath10k: Check if station exists before forwarding tx airtime report spi: Add call to spi_slave_abort() function when spidev driver is released drm/meson: vclk: use the correct G12A frac max value staging: rtl8192u: fix multiple memory leaks on error path staging: rtl8188eu: fix possible null dereference rtlwifi: prevent memory leak in rtl_usb_probe libertas: fix a potential NULL pointer dereference Revert "pinctrl: sh-pfc: r8a77990: Fix MOD_SEL1 bit30 when using SSI_SCK2 and SSI_WS2" Revert "pinctrl: sh-pfc: r8a77990: Fix MOD_SEL1 bit31 when using SIM0_D" ath10k: fix backtrace on coredump IB/iser: bound protection_sg size by data_sg size drm/komeda: Workaround for broken FLIP_COMPLETE timestamps spi: gpio: prevent memory leak in spi_gpio_probe media: am437x-vpfe: Setting STD to current value is not an error media: cedrus: fill in bus_info for media device media: seco-cec: Add a missing 'release_region()' in an error handling path media: vim2m: Fix abort issue media: vim2m: Fix BUG_ON in vim2m_device_release() media: max2175: Fix build error without CONFIG_REGMAP_I2C media: ov6650: Fix control handler not freed on init error media: i2c: ov2659: fix s_stream return value media: ov6650: Fix crop rectangle alignment not passed back media: i2c: ov2659: Fix missing 720p register config media: ov6650: Fix stored frame format not in sync with hardware media: ov6650: Fix stored crop rectangle not in sync with hardware tools/power/cpupower: Fix initializer override in hsw_ext_cstates media: venus: core: Fix msm8996 frequency table ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq media: vimc: Fix gpf in rmmod path when stream is active drm/amd/display: Set number of pipes to 1 if the second pipe was disabled pinctrl: devicetree: Avoid taking direct reference to device name string drm/sun4i: dsi: Fix TCON DRQ set bits drm/amdkfd: fix a potential NULL pointer dereference (v2) x86/math-emu: Check __copy_from_user() result drm/amd/powerplay: A workaround to GPU RESET on APU selftests/bpf: Correct path to include msg + path drm/amd/display: set minimum abm backlight level media: venus: Fix occasionally failures to suspend rtw88: fix NSS of hw_cap drm/amd/display: fix struct init in update_bounding_box usb: renesas_usbhs: add suspend event support in gadget mode crypto: aegis128-neon - use Clang compatible cflags for ARM hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() tools/memory-model: Fix data race detection for unordered store and load media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() media: cec-funcs.h: add status_req checks media: meson/ao-cec: move cec_notifier_cec_adap_register after hw setup drm/bridge: dw-hdmi: Refuse DDC/CI transfers on the internal I2C controller samples: pktgen: fix proc_cmd command result check logic block: Fix writeback throttling W=1 compiler warnings drm/amdkfd: Fix MQD size calculation MIPS: futex: Emit Loongson3 sync workarounds within asm mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring drm/drm_vblank: Change EINVAL by the correct errno selftests/bpf: Fix btf_dump padding test case libbpf: Fix struct end padding in btf_dump libbpf: Fix passing uninitialized bytes to setsockopt net/smc: increase device refcount for added link group team: call RCU read lock when walking the port_list media: cx88: Fix some error handling path in 'cx8800_initdev()' crypto: inside-secure - Fix a maybe-uninitialized warning crypto: aegis128/simd - build 32-bit ARM for v8 architecture explicitly misc: fastrpc: fix memory leak from miscdev->name ASoC: SOF: enable sync_write in hdac_bus media: ti-vpe: vpe: Fix Motion Vector vpdma stride media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number media: ti-vpe: vpe: Make sure YUYV is set as default format media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases drm/amd/display: Properly round nominal frequency for SPD drm/amd/display: wait for set pipe mcp command completion media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage drm/amd/display: add new active dongle to existent w/a syscalls/x86: Use the correct function type in SYSCALL_DEFINE0 drm/amd/display: Fix dongle_caps containing stale information. extcon: sm5502: Reset registers during initialization drm/amd/display: Program DWB watermarks from correct state x86/mm: Use the correct function type for native_set_fixmap() ath10k: Correct error handling of dma_map_single() rtw88: coex: Set 4 slot mode for A2DP drm/bridge: dw-hdmi: Restore audio when setting a mode perf test: Report failure for mmap events perf report: Add warning when libunwind not compiled in perf test: Avoid infinite loop for task exit case perf vendor events arm64: Fix Hisi hip08 DDRC PMU eventname usb: usbfs: Suppress problematic bind and unbind uevents. drm/amd/powerplay: avoid disabling ECC if RAS is enabled for VEGA20 iio: adc: max1027: Reset the device at probe time Bluetooth: btusb: avoid unused function warning Bluetooth: missed cpu_to_le16 conversion in hci_init4_req Bluetooth: Workaround directed advertising bug in Broadcom controllers Bluetooth: hci_core: fix init for HCI_USER_CHANNEL bpf/stackmap: Fix deadlock with rq_lock in bpf_get_stack() x86/mce: Lower throttling MCE messages' priority to warning drm/amd/display: enable hostvm based on roimmu active for dcn2.1 drm/amd/display: fix header for RN clk mgr drm/amdgpu: fix amdgpu trace event print string format error staging: iio: ad9834: add a check for devm_clk_get power: supply: cpcap-battery: Check voltage before orderly_poweroff perf tests: Disable bp_signal testing for arm64 selftests/bpf: Make a copy of subtest name net: hns3: log and clear hardware error after reset complete RDMA/hns: Fix wrong parameters when initial mtt of srq->idx_que drm/gma500: fix memory disclosures due to uninitialized bytes ASoC: soc-pcm: fixup dpcm_prune_paths() loop continue rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot RDMA/siw: Fix SQ/RQ drain logic ipmi: Don't allow device module unload when in use x86/ioapic: Prevent inconsistent state when moving an interrupt media: cedrus: Fix undefined shift with a SHIFT_AND_MASK_BITS macro media: aspeed: set hsync and vsync polarities to normal before starting mode detection drm/nouveau: Don't grab runtime PM refs for HPD IRQs media: ov6650: Fix stored frame interval not in sync with hardware media: ad5820: Define entity function media: ov5640: Make 2592x1944 mode only available at 15 fps media: st-mipid02: add a check for devm_gpiod_get_optional media: imx7-mipi-csis: Add a check for devm_regulator_get media: aspeed: clear garbage interrupts media: smiapp: Register sensor after enabling runtime PM on the device md: no longer compare spare disk superblock events in super_load staging: wilc1000: potential corruption in wilc_parse_join_bss_param() md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit drm: Don't free jobs in wait_event_interruptible() EDAC/amd64: Set grain per DIMM arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() drm/amd/display: setting the DIG_MODE to the correct value. i40e: initialize ITRN registers with correct values drm/amd/display: correctly populate dpp refclk in fpga i40e: Wrong 'Advertised FEC modes' after set FEC to AUTO net: phy: dp83867: enable robust auto-mdix drm/tegra: sor: Use correct SOR index on Tegra210 regulator: core: Release coupled_rdevs on regulator_init_coupling() error ubsan, x86: Annotate and allow __ubsan_handle_shift_out_of_bounds() in uaccess regions spi: sprd: adi: Add missing lock protection when rebooting ACPI: button: Add DMI quirk for Medion Akoya E2215T RDMA/qedr: Fix memory leak in user qp and mr RDMA/hns: Fix memory leak on 'context' on error return path RDMA/qedr: Fix srqs xarray initialization RDMA/core: Set DMA parameters correctly staging: wilc1000: check if device is initialzied before changing vif gpu: host1x: Allocate gather copy for host1x net: dsa: LAN9303: select REGMAP when LAN9303 enable phy: renesas: phy-rcar-gen2: Fix the array off by one warning phy: qcom-usb-hs: Fix extcon double register after power cycle s390/time: ensure get_clock_monotonic() returns monotonic values s390: add error handling to perf_callchain_kernel s390/mm: add mm_pxd_folded() checks to pxd_free() net: hns3: add struct netdev_queue debug info for TX timeout libata: Ensure ata_port probe has completed before detach loop: fix no-unmap write-zeroes request behavior net/mlx5e: Verify that rule has at least one fwd/drop action pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B ALSA: bebob: expand sleep just after breaking connections for protocol version 1 iio: dln2-adc: fix iio_triggered_buffer_postenable() position libbpf: Fix error handling in bpf_map__reuse_fd() Bluetooth: Fix advertising duplicated flags ALSA: pcm: Fix missing check of the new non-cached buffer type spi: sifive: disable clk when probe fails and remove ASoC: SOF: imx: fix reverse CONFIG_SND_SOC_SOF_OF dependency pinctrl: qcom: sc7180: Add missing tile info in SDC_QDSD_PINGROUP/UFS_RESET pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() ixgbe: protect TX timestamping from API misuse cpufreq: sun50i: Fix CPU speed bin detection media: rcar_drif: fix a memory disclosure media: v4l2-core: fix touch support in v4l_g_fmt nvme: introduce "Command Aborted By host" status code media: staging/imx: Use a shorter name for driver nvmem: imx-ocotp: reset error status on probe nvmem: core: fix nvmem_cell_write inline function ASoC: SOF: topology: set trigger order for FE DAI link media: vivid: media_device_cleanup was called too early spi: dw: Fix Designware SPI loopback bnx2x: Fix PF-VF communication over multi-cos queues. spi: img-spfi: fix potential double release ALSA: timer: Limit max amount of slave instances RDMA/core: Fix return code when modify_port isn't supported drm: msm: a6xx: fix debug bus register configuration rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() perf probe: Fix to find range-only function instance perf cs-etm: Fix definition of macro TO_CS_QUEUE_NR perf probe: Fix to list probe event with correct line number perf jevents: Fix resource leak in process_mapfile() and main() perf probe: Walk function lines in lexical blocks perf probe: Fix to probe an inline function which has no entry pc perf probe: Fix to show ranges of variables in functions without entry_pc perf probe: Fix to show inlined function callsite without entry_pc libsubcmd: Use -O0 with DEBUG=1 perf probe: Fix to probe a function which has no entry pc perf tools: Fix cross compile for ARM64 perf tools: Splice events onto evlist even on error drm/amdgpu: disallow direct upload save restore list from gfx driver drm/amd/powerplay: fix struct init in renoir_print_clk_levels drm/amdgpu: fix potential double drop fence reference ice: Check for null pointer dereference when setting rings xen/gntdev: Use select for DMA_SHARED_BUFFER perf parse: If pmu configuration fails free terms perf probe: Skip overlapped location on searching variables net: avoid potential false sharing in neighbor related code perf probe: Return a better scope DIE if there is no best scope perf probe: Fix to show calling lines of inlined functions perf probe: Skip end-of-sequence and non statement lines perf probe: Filter out instances except for inlined subroutine and subprogram libbpf: Fix negative FD close() in xsk_setup_xdp_prog() s390/bpf: Use kvcalloc for addrs array cgroup: freezer: don't change task and cgroups status unnecessarily selftests: proc: Make va_max 1MB drm/amdgpu: Avoid accidental thread reactivation. media: exynos4-is: fix wrong mdev and v4l2 dev order in error path ath10k: fix get invalid tx rate for Mesh metric fsi: core: Fix small accesses and unaligned offsets via sysfs selftests: net: Fix printf format warnings on arm media: pvrusb2: Fix oops on tear-down when radio support is not present soundwire: intel: fix PDI/stream mapping for Bulk crypto: atmel - Fix authenc support when it is set to m ice: delay less media: si470x-i2c: add missed operations in remove media: cedrus: Use helpers to access capture queue media: v4l2-ctrl: Lock main_hdl on operations of requests_queued. iio: cros_ec_baro: set info_mask_shared_by_all_available field EDAC/ghes: Fix grain calculation media: vicodec: media_device_cleanup was called too early media: vim2m: media_device_cleanup was called too early spi: pxa2xx: Add missed security checks ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile iio: dac: ad5446: Add support for new AD5600 DAC bpf, testing: Workaround a verifier failure for test_progs ASoC: Intel: kbl_rt5663_rt5514_max98927: Add dmic format constraint net: dsa: sja1105: Disallow management xmit during switch reset r8169: respect EEE user setting when restarting network s390/disassembler: don't hide instruction addresses net: ethernet: ti: Add dependency for TI_DAVINCI_EMAC nvme: Discard workaround for non-conformant devices parport: load lowlevel driver if ports not found bcache: fix static checker warning in bcache_device_free() cpufreq: Register drivers only after CPU devices have been registered qtnfmac: fix debugfs support for multiple cards qtnfmac: fix invalid channel information output x86/crash: Add a forward declaration of struct kimage qtnfmac: fix using skb after free RDMA/efa: Clear the admin command buffer prior to its submission tracing: use kvcalloc for tgid_map array allocation MIPS: ralink: enable PCI support only if driver for mt7621 SoC is selected tracing/kprobe: Check whether the non-suffixed symbol is notrace bcache: fix deadlock in bcache_allocator iwlwifi: mvm: fix unaligned read of rx_pkt_status ASoC: wm8904: fix regcache handling regulator: core: Let boot-on regulators be powered off spi: tegra20-slink: add missed clk_unprepare tun: fix data-race in gro_normal_list() xhci-pci: Allow host runtime PM as default also for Intel Ice Lake xHCI crypto: virtio - deal with unsupported input sizes mmc: tmio: Add MMC_CAP_ERASE to allow erase/discard/trim requests btrfs: don't prematurely free work in end_workqueue_fn() btrfs: don't prematurely free work in run_ordered_work() sched/uclamp: Fix overzealous type replacement ASoC: wm2200: add missed operations in remove and probe failure spi: st-ssc4: add missed pm_runtime_disable ASoC: wm5100: add missed pm_runtime_disable perf/core: Fix the mlock accounting, again selftests, bpf: Fix test_tc_tunnel hanging selftests, bpf: Workaround an alu32 sub-register spilling issue bnxt_en: Return proper error code for non-existent NVM variable net: phy: avoid matching all-ones clause 45 PHY IDs firmware_loader: Fix labels with comma for builtin firmware ASoC: Intel: bytcr_rt5640: Update quirk for Acer Switch 10 SW5-012 2-in-1 x86/insn: Add some Intel instructions to the opcode map net-af_xdp: Use correct number of channels from ethtool brcmfmac: remove monitor interface when detaching perf session: Fix decompression of PERF_RECORD_COMPRESSED records perf probe: Fix to show function entry line as probe-able s390/crypto: Fix unsigned variable compared with zero s390/kasan: support memcpy_real with TRACE_IRQFLAGS bnxt_en: Improve RX buffer error handling. iwlwifi: check kasprintf() return value fbtft: Make sure string is NULL terminated ASoC: soc-pcm: check symmetry before hw_params net: ethernet: ti: ale: clean ale tbl on init and intf restart mt76: fix possible out-of-bound access in mt7615_fill_txs/mt7603_fill_txs s390/cpumf: Adjust registration of s390 PMU device drivers crypto: sun4i-ss - Fix 64-bit size_t warnings crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED crypto: vmx - Avoid weird build failures libtraceevent: Fix memory leakage in copy_filter_type mips: fix build when "48 bits virtual memory" is enabled drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 ice: Only disable VF state when freeing each VF resources ice: Fix setting coalesce to handle DCB configuration net: phy: initialise phydev speed and duplex sanely tools, bpf: Fix build for 'make -s tools/bpf O=<dir>' RDMA/bnxt_re: Fix missing le16_to_cpu RDMA/bnxt_re: Fix stat push into dma buffer on gen p5 devices bpf: Provide better register bounds after jmp32 instructions RDMA/bnxt_re: Fix chip number validation Broadcom's Gen P5 series ibmvnic: Fix completion structure initialization net: wireless: intel: iwlwifi: fix GRO_NORMAL packet stalling MIPS: futex: Restore \n after sync instructions btrfs: don't prematurely free work in reada_start_machine_worker() btrfs: don't prematurely free work in scrub_missing_raid56_worker() Revert "mmc: sdhci: Fix incorrect switch to HS mode" mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode tpm_tis: reserve chip for duration of tpm_tis_core_init tpm: fix invalid locking in NONBLOCKING mode iommu: fix KASAN use-after-free in iommu_insert_resv_region iommu: set group default domain before creating direct mappings iommu/vt-d: Fix dmar pte read access not set error iommu/vt-d: Set ISA bridge reserved region as relaxable iommu/vt-d: Allocate reserved region for ISA with correct permission can: xilinx_can: Fix missing Rx can packets on CANFD2.0 can: m_can: tcan4x5x: add required delay after reset can: j1939: j1939_sk_bind(): take priv after lock is held can: flexcan: fix possible deadlock and out-of-order reception after wakeup can: flexcan: poll MCR_LPM_ACK instead of GPR ACK for stop mode acknowledgment can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices selftests: net: tls: remove recv_rcvbuf test spi: dw: Correct handling of native chipselect spi: cadence: Correct handling of native chipselect usb: xhci: Fix build warning seen with CONFIG_PM=n drm/amdgpu: fix uninitialized variable pasid_mapping_needed ath10k: Revert "ath10k: add cleanup in ath10k_sta_state()" RDMA/siw: Fix post_recv QP state locking md: avoid invalid memory access for array sb->dev_roles s390/ftrace: fix endless recursion in function_graph tracer ARM: dts: Fix vcsi regulator to be always-on for droid4 to prevent hangs can: flexcan: add low power enter/exit acknowledgment helper usbip: Fix receive error in vhci-hcd when using scatter-gather usbip: Fix error path of vhci_recv_ret_submit() spi: fsl: don't map irq during probe spi: fsl: use platform_get_irq() instead of of_irq_to_resource() efi/memreserve: Register reservations as 'reserved' in /proc/iomem cpufreq: Avoid leaving stale IRQ work items during CPU offline KEYS: asymmetric: return ENOMEM if akcipher_request_alloc() fails mm: vmscan: protect shrinker idr replace with CONFIG_MEMCG USB: EHCI: Do not return -EPIPE when hub is disconnected intel_th: pci: Add Comet Lake PCH-V support intel_th: pci: Add Elkhart Lake SOC support intel_th: Fix freeing IRQs intel_th: msu: Fix window switching without windows platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value tty/serial: atmel: fix out of range clock divider handling serial: sprd: Add clearing break interrupt operation pinctrl: baytrail: Really serialize all register accesses clk: imx: clk-imx7ulp: Add missing sentinel of ulp_div_table clk: imx: clk-composite-8m: add lock to gate/mux clk: imx: pll14xx: fix clk_pll14xx_wait_lock ext4: fix ext4_empty_dir() for directories with holes ext4: check for directory entries too close to block end ext4: unlock on error in ext4_expand_extra_isize() ext4: validate the debug_want_extra_isize mount option at parse time iocost: over-budget forced IOs should schedule async delay KVM: PPC: Book3S HV: Fix regression on big endian hosts kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD kvm: x86: Host feature SSBD doesn't imply guest feature AMD_SSBD KVM: arm/arm64: Properly handle faulting of device mappings KVM: arm64: Ensure 'params' is initialised when looking up sys register x86/intel: Disable HPET on Intel Coffee Lake H platforms x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks[] x86/mce: Fix possibly incorrect severity calculation on AMD powerpc/vcpu: Assume dedicated processors as non-preempt powerpc/irq: fix stack overflow verification ocxl: Fix concurrent AFU open and device removal mmc: sdhci-msm: Correct the offset and value for DDR_CONFIG register mmc: sdhci-of-esdhc: Revert "mmc: sdhci-of-esdhc: add erratum A-009204 support" mmc: sdhci: Update the tuning failed messages to pr_debug level mmc: sdhci-of-esdhc: fix P2020 errata handling mmc: sdhci: Workaround broken command queuing on Intel GLK mmc: sdhci: Add a quirk for broken command queuing nbd: fix shutdown and recv work deadlock v2 iwlwifi: pcie: move power gating workaround earlier in the flow Linux 5.4.7 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I3585238149235bf73bb453e25861d9a6b9193dfa |
||
Yonghong Song
|
b4de258ded |
bpf: Provide better register bounds after jmp32 instructions
[ Upstream commit
|
||
Song Liu
|
f1838da73c |
bpf/stackmap: Fix deadlock with rq_lock in bpf_get_stack()
[ Upstream commit |
||
Sami Tolvanen
|
ff5bf35998 |
ANDROID: bpf: validate bpf_func when BPF_JIT is enabled with CFI
With CONFIG_BPF_JIT, the kernel makes indirect calls to dynamically generated code, which the compile-time Control-Flow Integrity (CFI) checking cannot validate. This change adds basic sanity checking to ensure we are jumping to a valid location, which narrows down the attack surface on the stored pointer. In addition, this change adds a weak arch_bpf_jit_check_func function, which architectures that implement BPF JIT can override to perform additional validation, such as verifying that the pointer points to the correct memory region. Bug: 145210207 Change-Id: I1a90c70cdcef25673a870d3c4f2586a829c0d32e Signed-off-by: Sami Tolvanen <samitolvanen@google.com> |
||
Dan Carpenter
|
d0fbb51dfa |
bpf, offload: Unlock on error in bpf_offload_dev_create()
We need to drop the bpf_devs_lock on error before returning.
Fixes:
|
||
Björn Töpel
|
ff1c08e1f7 |
bpf: Change size to u64 for bpf_map_{area_alloc, charge_init}()
The functions bpf_map_area_alloc() and bpf_map_charge_init() prior this commit passed the size parameter as size_t. In this commit this is changed to u64. All users of these functions avoid size_t overflows on 32-bit systems, by explicitly using u64 when calculating the allocation size and memory charge cost. However, since the result was narrowed by the size_t when passing size and cost to the functions, the overflow handling was in vain. Instead of changing all call sites to size_t and handle overflow at the call site, the parameter is changed to u64 and checked in the functions above. Fixes: |
||
Ilya Leoshkevich
|
7541c87c9b |
bpf: Allow narrow loads of bpf_sysctl fields with offset > 0
"ctx:file_pos sysctl:read read ok narrow" works on s390 by accident: it reads the wrong byte, which happens to have the expected value of 0. Improve the test by seeking to the 4th byte and expecting 4 instead of 0. This makes the latent problem apparent: the test attempts to read the first byte of bpf_sysctl.file_pos, assuming this is the least-significant byte, which is not the case on big-endian machines: a non-zero offset is needed. The point of the test is to verify narrow loads, so we cannot cheat our way out by simply using BPF_W. The existence of the test means that such loads have to be supported, most likely because llvm can generate them. Fix the test by adding a big-endian variant, which uses an offset to access the least-significant byte of bpf_sysctl.file_pos. This reveals the final problem: verifier rejects accesses to bpf_sysctl fields with offset > 0. Such accesses are already allowed for a wide range of structs: __sk_buff, bpf_sock_addr and sk_msg_md to name a few. Extend this support to bpf_sysctl by using bpf_ctx_range instead of offsetof when matching field offsets. Fixes: |
||
|
Daniel Borkmann
|
3b4d9eb2ee |
bpf: Fix use after free in bpf_get_prog_name
There is one more problematic case I noticed while recently fixing BPF kallsyms handling in |
||
|
Daniel Borkmann
|
cd7455f101 |
bpf: Fix use after free in subprog's jited symbol removal
syzkaller managed to trigger the following crash: [...] BUG: unable to handle page fault for address: ffffc90001923030 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD aa551067 P4D aa551067 PUD aa552067 PMD a572b067 PTE 80000000a1173163 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 7982 Comm: syz-executor912 Not tainted 5.4.0-rc3+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:bpf_jit_binary_hdr include/linux/filter.h:787 [inline] RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:531 [inline] RIP: 0010:bpf_tree_comp kernel/bpf/core.c:600 [inline] RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline] RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline] RIP: 0010:bpf_prog_kallsyms_find kernel/bpf/core.c:674 [inline] RIP: 0010:is_bpf_text_address+0x184/0x3b0 kernel/bpf/core.c:709 [...] Call Trace: kernel_text_address kernel/extable.c:147 [inline] __kernel_text_address+0x9a/0x110 kernel/extable.c:102 unwind_get_return_address+0x4c/0x90 arch/x86/kernel/unwind_frame.c:19 arch_stack_walk+0x98/0xe0 arch/x86/kernel/stacktrace.c:26 stack_trace_save+0xb6/0x150 kernel/stacktrace.c:123 save_stack mm/kasan/common.c:69 [inline] set_track mm/kasan/common.c:77 [inline] __kasan_kmalloc+0x11c/0x1b0 mm/kasan/common.c:510 kasan_slab_alloc+0xf/0x20 mm/kasan/common.c:518 slab_post_alloc_hook mm/slab.h:584 [inline] slab_alloc mm/slab.c:3319 [inline] kmem_cache_alloc+0x1f5/0x2e0 mm/slab.c:3483 getname_flags+0xba/0x640 fs/namei.c:138 getname+0x19/0x20 fs/namei.c:209 do_sys_open+0x261/0x560 fs/open.c:1091 __do_sys_open fs/open.c:1115 [inline] __se_sys_open fs/open.c:1110 [inline] __x64_sys_open+0x87/0x90 fs/open.c:1110 do_syscall_64+0xf7/0x1c0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe [...] After further debugging it turns out that we walk kallsyms while in parallel we tear down a BPF program which contains subprograms that have been JITed though the program itself has not been fully exposed and is eventually bailing out with error. The bpf_prog_kallsyms_del_subprogs() in bpf_prog_load()'s error path removes the symbols, however, bpf_prog_free() tears down the JIT memory too early via scheduled work. Instead, it needs to properly respect RCU grace period as the kallsyms walk for BPF is under RCU. Fix it by refactoring __bpf_prog_put()'s tear down and reuse it in our error path where we defer final destruction when we have subprogs in the program. Fixes: |
||
|
Toke Høiland-Jørgensen
|
ce197d83a9 |
xdp: Handle device unregister for devmap_hash map type
It seems I forgot to add handling of devmap_hash type maps to the device
unregister hook for devmaps. This omission causes devices to not be
properly released, which causes hangs.
Fix this by adding the missing handler.
Fixes:
|
||
|
Toke Høiland-Jørgensen
|
05679ca6fe |
xdp: Prevent overflow in devmap_hash cost calculation for 32-bit builds
Tetsuo pointed out that without an explicit cast, the cost calculation for
devmap_hash type maps could overflow on 32-bit builds. This adds the
missing cast.
Fixes:
|
||
Linus Torvalds
|
02dc96ef6c |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from David Miller:
1) Sanity check URB networking device parameters to avoid divide by
zero, from Oliver Neukum.
2) Disable global multicast filter in NCSI, otherwise LLDP and IPV6
don't work properly. Longer term this needs a better fix tho. From
Vijay Khemka.
3) Small fixes to selftests (use ping when ping6 is not present, etc.)
from David Ahern.
4) Bring back rt_uses_gateway member of struct rtable, it's semantics
were not well understood and trying to remove it broke things. From
David Ahern.
5) Move usbnet snaity checking, ignore endpoints with invalid
wMaxPacketSize. From Bjørn Mork.
6) Missing Kconfig deps for sja1105 driver, from Mao Wenan.
7) Various small fixes to the mlx5 DR steering code, from Alaa Hleihel,
Alex Vesker, and Yevgeny Kliteynik
8) Missing CAP_NET_RAW checks in various places, from Ori Nimron.
9) Fix crash when removing sch_cbs entry while offloading is enabled,
from Vinicius Costa Gomes.
10) Signedness bug fixes, generally in looking at the result given by
of_get_phy_mode() and friends. From Dan Crapenter.
11) Disable preemption around BPF_PROG_RUN() calls, from Eric Dumazet.
12) Don't create VRF ipv6 rules if ipv6 is disabled, from David Ahern.
13) Fix quantization code in tcp_bbr, from Kevin Yang.
* git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (127 commits)
net: tap: clean up an indentation issue
nfp: abm: fix memory leak in nfp_abm_u32_knode_replace
tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state
sk_buff: drop all skb extensions on free and skb scrubbing
tcp_bbr: fix quantization code to not raise cwnd if not probing bandwidth
mlxsw: spectrum_flower: Fail in case user specifies multiple mirror actions
Documentation: Clarify trap's description
mlxsw: spectrum: Clear VLAN filters during port initialization
net: ena: clean up indentation issue
NFC: st95hf: clean up indentation issue
net: phy: micrel: add Asym Pause workaround for KSZ9021
net: socionext: ave: Avoid using netdev_err() before calling register_netdev()
ptp: correctly disable flags on old ioctls
lib: dimlib: fix help text typos
net: dsa: microchip: Always set regmap stride to 1
nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs
nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs
net/sched: Set default of CONFIG_NET_TC_SKB_EXT to N
vrf: Do not attempt to create IPv6 mcast rule if IPv6 is disabled
net: sched: sch_sfb: don't call qdisc_put() while holding tree lock
...
|
||
Colin Ian King
|
e3439af4a3 |
bpf: Clean up indentation issue in BTF kflag processing
There is a statement that is indented one level too deeply, remove the extraneous tab. Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/bpf/20190925093835.19515-1-colin.king@canonical.com |
||
Jonathan Lemon
|
fcd30ae066 |
bpf/xskmap: Return ERR_PTR for failure case instead of NULL.
When kzalloc() failed, NULL was returned to the caller, which
tested the pointer with IS_ERR(), which didn't match, so the
pointer was used later, resulting in a NULL dereference.
Return ERR_PTR(-ENOMEM) instead of NULL.
Reported-by: syzbot+491c1b7565ba9069ecae@syzkaller.appspotmail.com
Fixes:
|
||
|
Linus Torvalds
|
0b36c9eed2 |
Merge branch 'work.mount3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull more mount API conversions from Al Viro: "Assorted conversions of options parsing to new API. gfs2 is probably the most serious one here; the rest is trivial stuff. Other things in what used to be #work.mount are going to wait for the next cycle (and preferably go via git trees of the filesystems involved)" * 'work.mount3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: gfs2: Convert gfs2 to fs_context vfs: Convert spufs to use the new mount API vfs: Convert hypfs to use the new mount API hypfs: Fix error number left in struct pointer member vfs: Convert functionfs to use the new mount API vfs: Convert bpf to use the new mount API |
||
Alexei Starovoitov
|
9eea984979 |
bpf: fix BTF verification of enums
vmlinux BTF has enums that are 8 byte and 1 byte in size.
2 byte enum is a valid construct as well.
Fix BTF enum verification to accept those sizes.
Fixes:
|
||
David Howells
|
d2935de7e4 |
vfs: Convert bpf to use the new mount API
Convert the bpf filesystem to the new internal mount API as the old one will be obsoleted and removed. This allows greater flexibility in communication of mount parameters between userspace, the VFS and the filesystem. See Documentation/filesystems/mount_api.txt for more information. Signed-off-by: David Howells <dhowells@redhat.com> cc: Alexei Starovoitov <ast@kernel.org> cc: Daniel Borkmann <daniel@iogearbox.net> cc: Martin KaFai Lau <kafai@fb.com> cc: Song Liu <songliubraving@fb.com> cc: Yonghong Song <yhs@fb.com> cc: netdev@vger.kernel.org cc: bpf@vger.kernel.org Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
David S. Miller
|
28f2c362db |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
Daniel Borkmann says: ==================== pull-request: bpf-next 2019-09-16 The following pull-request contains BPF updates for your *net-next* tree. The main changes are: 1) Now that initial BPF backend for gcc has been merged upstream, enable BPF kselftest suite for bpf-gcc. Also fix a BE issue with access to bpf_sysctl.file_pos, from Ilya. 2) Follow-up fix for link-vmlinux.sh to remove bash-specific extensions related to recent work on exposing BTF info through sysfs, from Andrii. 3) AF_XDP zero copy fixes for i40e and ixgbe driver which caused umem headroom to be added twice, from Ciara. 4) Refactoring work to convert sock opt tests into test_progs framework in BPF kselftests, from Stanislav. 5) Fix a general protection fault in dev_map_hash_update_elem(), from Toke. 6) Cleanup to use BPF_PROG_RUN() macro in KCM, from Sami. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Ilya Leoshkevich
|
d895a0f16f |
bpf: fix accessing bpf_sysctl.file_pos on s390
"ctx:file_pos sysctl:read write ok" fails on s390 with "Read value !=
nux". This is because verifier rewrites a complete 32-bit
bpf_sysctl.file_pos update to a partial update of the first 32 bits of
64-bit *bpf_sysctl_kern.ppos, which is not correct on big-endian
systems.
Fix by using an offset on big-endian systems.
Ditto for bpf_sysctl.file_pos reads. Currently the test does not detect
a problem there, since it expects to see 0, which it gets with high
probability in error cases, so change it to seek to offset 3 and expect
3 in bpf_sysctl.file_pos.
Fixes:
|
||
|
Toke Høiland-Jørgensen
|
af58e7ee6a |
xdp: Fix race in dev_map_hash_update_elem() when replacing element
syzbot found a crash in dev_map_hash_update_elem(), when replacing an
element with a new one. Jesper correctly identified the cause of the crash
as a race condition between the initial lookup in the map (which is done
before taking the lock), and the removal of the old element.
Rather than just add a second lookup into the hashmap after taking the
lock, fix this by reworking the function logic to take the lock before the
initial lookup.
Fixes:
|
||
|
David S. Miller
|
aa2eaa8c27 |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Minor overlapping changes in the btusb and ixgbe drivers. Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
David S. Miller
|
1e46c09ec1 |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
Daniel Borkmann says:
====================
The following pull-request contains BPF updates for your *net-next* tree.
The main changes are:
1) Add the ability to use unaligned chunks in the AF_XDP umem. By
relaxing where the chunks can be placed, it allows to use an
arbitrary buffer size and place whenever there is a free
address in the umem. Helps more seamless DPDK AF_XDP driver
integration. Support for i40e, ixgbe and mlx5e, from Kevin and
Maxim.
2) Addition of a wakeup flag for AF_XDP tx and fill rings so the
application can wake up the kernel for rx/tx processing which
avoids busy-spinning of the latter, useful when app and driver
is located on the same core. Support for i40e, ixgbe and mlx5e,
from Magnus and Maxim.
3) bpftool fixes for printf()-like functions so compiler can actually
enforce checks, bpftool build system improvements for custom output
directories, and addition of 'bpftool map freeze' command, from Quentin.
4) Support attaching/detaching XDP programs from 'bpftool net' command,
from Daniel.
5) Automatic xskmap cleanup when AF_XDP socket is released, and several
barrier/{read,write}_once fixes in AF_XDP code, from Björn.
6) Relicense of bpf_helpers.h/bpf_endian.h for future libbpf
inclusion as well as libbpf versioning improvements, from Andrii.
7) Several new BPF kselftests for verifier precision tracking, from Alexei.
8) Several BPF kselftest fixes wrt endianess to run on s390x, from Ilya.
9) And more BPF kselftest improvements all over the place, from Stanislav.
10) Add simple BPF map op cache for nfp driver to batch dumps, from Jakub.
11) AF_XDP socket umem mapping improvements for 32bit archs, from Ivan.
12) Add BPF-to-BPF call and BTF line info support for s390x JIT, from Yauheni.
13) Small optimization in arm64 JIT to spare 1 insns for BPF_MOD, from Jerin.
14) Fix an error check in bpf_tcp_gen_syncookie() helper, from Petar.
15) Various minor fixes and cleanups, from Nathan, Masahiro, Masanari,
Peter, Wei, Yue.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
|
Alexei Starovoitov
|
2339cd6cd0 |
bpf: fix precision tracking of stack slots
The problem can be seen in the following two tests:
0: (bf) r3 = r10
1: (55) if r3 != 0x7b goto pc+0
2: (7a) *(u64 *)(r3 -8) = 0
3: (79) r4 = *(u64 *)(r10 -8)
..
0: (85) call bpf_get_prandom_u32#7
1: (bf) r3 = r10
2: (55) if r3 != 0x7b goto pc+0
3: (7b) *(u64 *)(r3 -8) = r0
4: (79) r4 = *(u64 *)(r10 -8)
When backtracking need to mark R4 it will mark slot fp-8.
But ST or STX into fp-8 could belong to the same block of instructions.
When backtracing is done the parent state may have fp-8 slot
as "unallocated stack". Which will cause verifier to warn
and incorrectly reject such programs.
Writes into stack via non-R10 register are rare. llvm always
generates canonical stack spill/fill.
For such pathological case fall back to conservative precision
tracking instead of rejecting.
Reported-by: syzbot+c8d66267fd2b5955287e@syzkaller.appspotmail.com
Fixes:
|
||
|
David S. Miller
|
765b7590c9 |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
r8152 conflicts are the NAPI fixes in 'net' overlapping with some tasklet stuff in net-next Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Alexei Starovoitov
|
10d274e880 |
bpf: introduce verifier internal test flag
Introduce BPF_F_TEST_STATE_FREQ flag to stress test parentage chain and state pruning. Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Song Liu <songliubraving@fb.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |
||
|
David S. Miller
|
68aaf44595 |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Minor conflict in r8169, bug fix had two versions in net and net-next, take the net-next hunks. Signed-off-by: David S. Miller <davem@davemloft.net> |
||
Naveen N. Rao
|
ede7c460b1 |
bpf: handle 32-bit zext during constant blinding
Since BPF constant blinding is performed after the verifier pass, the
ALU32 instructions inserted for doubleword immediate loads don't have a
corresponding zext instruction. This is causing a kernel oops on powerpc
and can be reproduced by running 'test_cgroup_storage' with
bpf_jit_harden=2.
Fix this by emitting BPF_ZEXT during constant blinding if
prog->aux->verifier_zext is set.
Fixes:
|
||
|
Daniel Borkmann
|
c751798aa2 |
bpf: fix use after free in prog symbol exposure
syzkaller managed to trigger the warning in bpf_jit_free() which checks via bpf_prog_kallsyms_verify_off() for potentially unlinked JITed BPF progs in kallsyms, and subsequently trips over GPF when walking kallsyms entries: [...] 8021q: adding VLAN 0 to HW filter on device batadv0 8021q: adding VLAN 0 to HW filter on device batadv0 WARNING: CPU: 0 PID: 9869 at kernel/bpf/core.c:810 bpf_jit_free+0x1e8/0x2a0 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 9869 Comm: kworker/0:7 Not tainted 5.0.0-rc8+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events bpf_prog_free_deferred Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x113/0x167 lib/dump_stack.c:113 panic+0x212/0x40b kernel/panic.c:214 __warn.cold.8+0x1b/0x38 kernel/panic.c:571 report_bug+0x1a4/0x200 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:178 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973 RIP: 0010:bpf_jit_free+0x1e8/0x2a0 Code: 02 4c 89 e2 83 e2 07 38 d0 7f 08 84 c0 0f 85 86 00 00 00 48 ba 00 02 00 00 00 00 ad de 0f b6 43 02 49 39 d6 0f 84 5f fe ff ff <0f> 0b e9 58 fe ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 RSP: 0018:ffff888092f67cd8 EFLAGS: 00010202 RAX: 0000000000000007 RBX: ffffc90001947000 RCX: ffffffff816e9d88 RDX: dead000000000200 RSI: 0000000000000008 RDI: ffff88808769f7f0 RBP: ffff888092f67d00 R08: fffffbfff1394059 R09: fffffbfff1394058 R10: fffffbfff1394058 R11: ffffffff89ca02c7 R12: ffffc90001947002 R13: ffffc90001947020 R14: ffffffff881eca80 R15: ffff88808769f7e8 BUG: unable to handle kernel paging request at fffffbfff400d000 #PF error: [normal kernel read fault] PGD 21ffee067 P4D 21ffee067 PUD 21ffed067 PMD 9f942067 PTE 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 9869 Comm: kworker/0:7 Not tainted 5.0.0-rc8+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events bpf_prog_free_deferred RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:495 [inline] RIP: 0010:bpf_tree_comp kernel/bpf/core.c:558 [inline] RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline] RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline] RIP: 0010:bpf_prog_kallsyms_find+0x107/0x2e0 kernel/bpf/core.c:632 Code: 00 f0 ff ff 44 38 c8 7f 08 84 c0 0f 85 fa 00 00 00 41 f6 45 02 01 75 02 0f 0b 48 39 da 0f 82 92 00 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 74 08 3c 03 0f 8e 45 01 00 00 8b 03 48 c1 e0 [...] Upon further debugging, it turns out that whenever we trigger this issue, the kallsyms removal in bpf_prog_ksym_node_del() was /skipped/ but yet bpf_jit_free() reported that the entry is /in use/. Problem is that symbol exposure via bpf_prog_kallsyms_add() but also perf_event_bpf_event() were done /after/ bpf_prog_new_fd(). Once the fd is exposed to the public, a parallel close request came in right before we attempted to do the bpf_prog_kallsyms_add(). Given at this time the prog reference count is one, we start to rip everything underneath us via bpf_prog_release() -> bpf_prog_put(). The memory is eventually released via deferred free, so we're seeing that bpf_jit_free() has a kallsym entry because we added it from bpf_prog_load() but /after/ bpf_prog_put() from the remote CPU. Therefore, move both notifications /before/ we install the fd. The issue was never seen between bpf_prog_alloc_id() and bpf_prog_new_fd() because upon bpf_prog_get_fd_by_id() we'll take another reference to the BPF prog, so we're still holding the original reference from the bpf_prog_load(). Fixes: |
||
|
Alexei Starovoitov
|
6754172c20 |
bpf: fix precision tracking in presence of bpf2bpf calls
While adding extra tests for precision tracking and extra infra to adjust verifier heuristics the existing test "calls: cross frame pruning - liveness propagation" started to fail. The root cause is the same as described in verifer.c comment: * Also if parent's curframe > frame where backtracking started, * the verifier need to mark registers in both frames, otherwise callees * may incorrectly prune callers. This is similar to * commit |
||
Quentin Monnet
|
1b9ed84ecf |
bpf: add new BPF_BTF_GET_NEXT_ID syscall command
Add a new command for the bpf() system call: BPF_BTF_GET_NEXT_ID is used to cycle through all BTF objects loaded on the system. The motivation is to be able to inspect (list) all BTF objects presents on the system. Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
||
|
Quentin Monnet
|
3481e64bbe |
bpf: add BTF ids in procfs for file descriptors to BTF objects
Implement the show_fdinfo hook for BTF FDs file operations, and make it print the id of the BTF object. This allows for a quick retrieval of the BTF id from its FD; or it can help understanding what type of object (BTF) the file descriptor points to. v2: - Do not expose data_size, only btf_id, in FD info. Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |
||
YueHaibing
|
ede6bc88d6 |
bpf: Use PTR_ERR_OR_ZERO in xsk_map_inc()
Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR. Signed-off-by: YueHaibing <yuehaibing@huawei.com> Acked-by: Björn Töpel <bjorn.topel@intel.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |