DCI command buffer reallocation is not done properly with
required capacity. The patch reallocates the same buffer and
updated capacity properly with header and response length.
Bug: 129549913
Bug: 144528162
Bug: 140423420
Change-Id: I7b5fd132b9241d0f1493bcb602a6b361e4ad9a04
Signed-off-by: Hardik Arya <harya@codeaurora.org>
Proper buffer length check is missing for dci userspace data
buffer before processing the dci transaction. The patch adds
proper check for the same.
Change-Id: I68c0e8c41d4e05493adecf8a1fcacea708dfafa2
Signed-off-by: Hardik Arya <harya@codeaurora.org>
If we have a hardware RNG and are using the in-kernel rngd, we should
use this to initialize the non-blocking pool so that getrandom(2)
doesn't block unnecessarily.
Cc: stable@kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
This patch removes the kernel blocking API as it has been completely
replaced by the callback API.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The get_blocking_random_bytes API is broken because the wait can
be arbitrarily long (potentially forever) so there is no safe way
of calling it from within the kernel.
This patch replaces it with a callback API instead. The callback
is invoked potentially from interrupt context so the user needs
to schedule their own work thread if necessary.
In addition to adding callbacks, they can also be removed as
otherwise this opens up a way for user-space to allocate kernel
memory with no bound (by opening algif_rng descriptors and then
closing them).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The added API calls provide a synchronous function call
get_blocking_random_bytes where the caller is blocked until
the nonblocking_pool is initialized.
CC: Andreas Steffen <andreas.steffen@strongswan.org>
CC: Theodore Ts'o <tytso@mit.edu>
CC: Sandy Harris <sandyinchina@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
get_random_long() reads from the get_random_int_hash array using an
unsigned long pointer. For this code to be guaranteed correct on all
architectures, the array must be aligned to an unsigned long boundary.
Cc: stable@kernel.org
Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
(cherry pick from commit 309124e2648d668a0c23539c5078815660a4a850)
According to full-history-linux commit d3794f4fa7c3edc3 ("[PATCH] M68k
update (part 25)"), port operations are allowed on m68k if CONFIG_ISA is
defined.
However, commit 153dcc54df ("[PATCH] mem driver: fix conditional
on isa i/o support") accidentally changed an "||" into an "&&",
disabling it completely on m68k. This logic was retained when
introducing the DEVPORT symbol in commit 4f911d64e0 ("Make
/dev/port conditional on config symbol").
Drop the bogus dependency on !M68K to fix this.
Fixes: 153dcc54df ("[PATCH] mem driver: fix conditional on isa i/o support")
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Tested-by: Al Stone <ahs3@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 37210310
Bug: 36604779
Change-Id: I9139bd8a5a6e9e39c2e428bde23a7d9be07e2f91
Signed-off-by: Joe Maples <joe@frap129.org>
Without a bool string present, using "# CONFIG_DEVPORT is not set" in
defconfig files would not actually unset devport. This ensured that
/dev/port was always on, but there are reasons a user may wish to
disable it (smaller kernel, attack surface reduction) if it's not being
used. Adding a message here in order to make this user visible.
Bug: 33301618
Bug: 36604779
Change-Id: I36d1fad62701208fe9f8c6d631dc757b726b1483
Signed-off-by: Max Bires <jbires@google.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Joe Maples <joe@frap129.org>
strlen is often used incorectly to get the length of strings
defined at compile time. In these cases, the behavior can be
replicated with sizeof(X) - 1, which is calculated at compile
time rather than runtime, reducing overhead. I've created a
simple macro to replace these instances and applied it to all
the files compiled into the angler kernel.
Signed-off-by: Joe Maples <joe@frap129.org>
In diagchar_open() protect the decrement of number of diag clients
so that there will be no race conditions while reading the value
from other functions.
Bug: 79421261
Change-Id: I0e2fb5331eec9c7bba39e7d881b69559256833a3
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCWxWzwwAKCRDorT+BmrEO
eEmGAJ9Y4YMBAgQmIsz5GjbvNk3Kqu3RGACdEcAsk2is8cSq1kKvF6Hmlappr3w=
=pyl6
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlsVt6IACgkQmXOSYMts
txaWWg//bg+TS8zJixr4WwRjFL/eMLtLVKViMQX5p7ZEaaKZzzV178fG/yICUEGa
TIDjR9RIFU2P17y7NJCN/Jwn3qSNgf1gxuSSUboNAPYUK3L9qFIGTmUZHGQ0nGMc
q6eVO+leIF38+aePzD6utysAzrCO3rd7MKFyHaukQUVX0z46ObUZYUkNlxcalVfL
/+8rzUOX5JnuD0iUaU1LwgxY/Kox2IDkmJCiI1mnexUGJ7fCDOZN5HLG+7bsRw2r
+YiKzzOqsoAIiXNlZOL7K4fnB3kt0pslcsv4apt75547xqSl1guVM3qUOLhvgpKL
yn2C0DLwi7QP5WOJjiyT7dNlmRBE1d5X/cWZZGffUbhMMcvFDxXO9yXmI9cS2nB9
2tfhlvEjf4COtmoai/5LwsyoLfJn+gtiAzQ2J7D+/FqMSYcF4p+cj0nKNNu5+aN7
od5RFOnodKIeGoGf6XJcPQtOZnCu+TpUe+xMaACTnolT/xHlcyCV5xCL+E6waNg5
0mGCOEOyXM3+LlFul8o++dd8UFDQr83Sq9VJ+S6flKIM/ShIle9bxvsO3TSu9Uy/
QlmP9/NBdnLmPqdabauq1HNINpQAFAnPFtP8MqHYGEdZczpAGf9ihJWFtAEPRWSw
/KoFtUWCMsvFMnIz3EDAr2i3afb2/vE1seQc/X44uErwqsng8M8=
=PN63
-----END PGP SIGNATURE-----
Merge tag 'android-8.1.0_r0.62' into android-msm-bullhead-3.10
Android 8.1.0 Release 0.62
* tag 'android-8.1.0_r0.62':
Revert "ion: ensure CMO target is valid"
msm: ADSPRPC: Use ID in response to get context pointer
qcacld-2.0: Fix potential buffer overwrite in the htt_t2h_lp_msg_handler
qcacld-2.0: Add data_len check to avoid OOB access
BACKPORT: ASN.1: fix out-of-bounds read when parsing indefinite length item
UPSTREAM: KEYS: fix out-of-bounds read during ASN.1 parsing
qcacld-2.0: Fix potential buffer overflow
ion: ensure CMO target is valid
crypto: hmac - require that the underlying hash algorithm is unkeyed
qcacld-2.0: Move NBUF_UPDATE_TX_PKT_COUNT before freeing netbuf
diag: dci: check signed values for negativity
diag: Add conditional check for len in dci_process_ctrl_status()
diag: Validate copying length against source buffer length
mm-camera2:isp2: Handle use after free buffer
ANDROID: Bluetooth: hidp: buffer overflow in hidp_process_report
UPSTREAM: HID: Bluetooth: hidp: make sure input buffers are big enough
qcacld-2.0: Remove FW memory dump feature
BACKPORT: ipv6: fix udpv6 sendmsg crash caused by too small MTU
UPSTREAM: ipv4, ipv6: ensure raw socket message is big enough to hold an IP header
msm: ADSPRPC: use access_ok to validate pointers
ASoC: wcd_cpe_core: Add mutex lock for CPE session
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
As the length datatype is signed, an attacker can both overflow
the calculation or supply a negative number to trick the check
into returning an chosen chunk. This can have undesired
consequences. Always use unsigned integer types for length
values.
Change-Id: Ifde2f0d35129014b976507f7723a319c53fabddf
Acked-by: Thyagarajan Venkatanarayanan <venkatan@qti.qualcomm.com>
Signed-off-by: Tharun Kumar Merugu <mtharu@codeaurora.org>
Bug: 63165135
CRs-Fixed: 2139538
Signed-off-by: Dennis Cagle <dcagle@codeaurora.org>
(cherry picked from commit c29e11c774b3c59660c1c599b73b7fabf1492d43)
Signed-off-by: David Lin <dtwlin@google.com>
Send context ID in rpc header instead of context pointer.
Validate context ID received in response and get context pointer.
Bug: 74237782
Change-Id: I9cfd10d0c1b25c3085b8e15c7ca1c8ff214bf10d
Acked-by: Viswanatham Paduchuri <vpaduchu@qti.qualcomm.com>
Signed-off-by: Tharun Kumar Merugu <mtharu@codeaurora.org>
Signed-off-by: Steve Pfetsch <spfetsch@google.com>
when comparing a signed value vs sizeof, make sure
it's >= 0 so that when promoted to signed for comparison
it won't lead to unexpected results.
Bug: 70528036
Change-Id: I99a1220598e67e3ce5c99d425e84c79639121838
Signed-off-by: Andrew Chant <achant@google.com>
Add correct conditional check for len in dci_process_ctrl_status() to
prevent buffer overflow.
Bug: 70528036
Change-Id: Id73ed1c8b104428eceef0544ce2858160cc08fd2
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
There a possibility of out-of-bound read because of not
validating source buffer length against length that about
to be copied. The patch adds proper check for validating
length before copying data
Bug: 70399602
CRs-Fixed: 2163793
Change-Id: I7c93839d0c4d83024ce23a0ce494d09dd08567a9
Signed-off-by: Hardik Arya <harya@codeaurora.org>
The FASTRPC_IOCTL_INIT ioctl registers a pointer for later
access without checking that it is a user pointer. This could
allow arbitrary kernel memory access.
This patch verifies that the pointer is a user pointer.
Bug: 63165064
Change-Id: I936f73a2c2029f9e7ca12cc8fc06d0698e6710c0
Signed-off-by: Tharun Kumar Merugu <mtharu@codeaurora.org>
Signed-off-by: Sean Callanan <spyffe@google.com>
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCWp3GSgAKCRDorT+BmrEO
eH+BAJ0Z1NF9Qsc8eCHx2GPuLc9Oh4BiuwCeIRJt6qJwTgqwGhBrzLEy4WtvR18=
=Rbhg
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlqd0TEACgkQmXOSYMts
txYuSg/+Nz5WSONRPD1P5fJds0JPlQaT4UUxwJy0QJJQwQLzKdhBObLjZHI07Kwg
wVaJ0QjFd2TP5RGqBI4ACreePkpLZLtY0fNlMFrqJAczU+SCyjrR8jEpwLESFa0W
Uy83dc7+8nNPYo4A2WHW596paXkkf/zzexIYvc0KPBbqbR1MEHxl2M9WQ1FpbDtX
ebzlhPGHxP99n6R2DYFU4Fh4bp1XXP5i0Yp+083HXobkU8L9svdouyGzN3DaC/gh
oy3LS/QOh80V60nl+QuMtlrv2WmGycaWypa5PkYVJO80HVxzJV6Wmw9nioBghgVB
h6kv5UuJRMH6MqUSdqc9WVfeA1ndDwFPdrYn8xuroljKWOBdz7UInblYoT4U2kpR
oYy822xKssqPEyVP48pFP+iN2LwOc7Qr/W5dYRRkg0uTooZWzDhrpvvVgPaddpvU
sKLrI4z2Z4y3/fJJ1BynpL046H4UHFDA7/9m4ehIwK8eX+/QCSi6gEvEtZcU+k+F
czGVR843MKpbcDztGnyw+ml7K2hajkC394syAaLQs+pq/1CUkQ2JoRbukmladTIS
4A7OnSr4Q3kHaZnoV1axvtzCRNkUr3f5VeOMA6IrYSw9dsGGWQ78fy7mp/BgJbcI
Fpt7iRDzIy813oegQz4D9AQ3bqIbBBvWQ3uvRr4EUz1WLYQ+jc0=
=AhfL
-----END PGP SIGNATURE-----
Merge tag 'android-8.1.0_r0.37' into android-msm-bullhead-3.10-oreo-m5
Android 8.1.0 Release 0.36 (OPM5.171019.017,angler)
* tag 'android-8.1.0_r0.37':
qcacld-2.0: Add sanity check to limit mgmt frames data len
qcacld-2.0: Set length of challenge text sent by SAP to 128
BACKPORT: packet: in packet_do_bind, test fanout with bind_lock held
qcacld-2.0: Avoid OEM message overread
msm: sensor: flash: add conditional check for ioctl
msm:ipa: Fix to incorrect structure access
ASoC: msm: qdsp6v2: Set freed pointers to NULL
UPSTREAM: packet: fix tp_reserve race in packet_set_ring
diag: Add protection while de-initializing clients
qcacld-2.0: Fix out-of-bounds access in limProcessActionFrameNoSession
qcacld-2.0: Check for upper bound in P2P NOA event
qcacld-2.0: Check for the max number of P2P NOA descriptors
qcacld-2.0: Check for valid vdev ID in wma_nlo_match_evt_handler
qcacld-2.0: Avoid possible buffer overwrite in wma_process_utf_event
UPSTREAM: USB: serial: console: fix use-after-free after failed setup
UPSTREAM: ALSA: usb-audio: Kill stray URB at exiting
UPSTREAM: ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
UPSTREAM: USB: fix out-of-bounds in usb_set_configuration
UPSTREAM: HID: usbhid: fix out-of-bounds bug
UPSTREAM: USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
UPSTREAM: packet: hold bind lock when rebinding to fanout hook
power: qcom: msm-core: Add mutex lock for ioctl
qcacld-2.0: Fix int overflow in wma_unified_link_peer_stats_event_handler
qcacld-2.0: Check vdev_id against wma->max_bssid
FROMLIST: power: Fix user ptr in EA_LEAKAGE ioctl
diag: Add mutex protection while reading dci debug statistics
qcacld-2.0: Fix Integer overflow with latest framesc_linux tool
qcacld-2.0: Avoid integer overflow in lim_update_ibss_prop_add_ies
qcacld-2.0: Fix the size of array ch_list in sme_set_plm_request
ANDROID: sdcardfs: Add default_normal option
ANDROID: sdcardfs: notify lower file of opens
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJZUiosAAoJEE44bZycYXAvcHYP/1OKMYQB/3G7GfEhMXdlpV31
VjdzUg5X1JOE60anYNopvWQJgDFXMy9mTceUI3axDkfYb5iDFUpRBFEh70ggDL04
bGB/J4n2Linjkj35u+S5P3fK6qBfg9+VDpTfUYPZGB5YjOjmaD06E8InBF8iUuC3
6pkMtQKOptmKOc2hw84PsB3qm9ER2MMa92Lrs1rtcOihEqQMyKjkI/kzogs8XGje
5gMt31VweScZed3d7i1r9tl/DTmzGcpEyVpz/x8gI7Xwi69FeeLy6cWbhK0VOsLA
u7ul9mDa77bUC/jpBzJmIkS8fhzaTyUw8NQbtol9RSSIfzb+mvXyx9Vr7o4LYK2B
P6AekC16x6R8KUED1hfxKdagguRACDfKf91bMAxDCN/PXqITVbk3RxxxH6wHAvOx
Ihf4G5h800/ks6X1oMBYZcbFFbNCUHZjyL7V1M/iy1TrKuRhEtou4Ft3X+gOauLS
CG8VR9Jo1/BAvMaJmy5Hg9RPNoxEMstDi6x3ugD0wH57XHSZ5QmFMBzCbuWR6hWM
q1DvBK/I54BXlsdYU9WySn1hm2gKCNPZ+zGzLTo1l426vme+YjhC5911V7Tv+WHm
lc5FTXWtXGhoAZuNSIGDrlv3Dyq44iMNrqXrhlPmJjWD3Hx4hFGGp2GyHOpK+5+7
7egPk9m1WrhUKzA9m1/M
=InCr
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqfQUACgkQmXOSYMts
txZNghAApD/SW4fTOx6RZFCPVjAP70FfXvZsQYf3Zfp44Ytm2Kax3GIABPuknlI+
IZRAPnXb6KP8DNDdCyGcJ0avI5uw96sXyeZWlDZyeS1WHHizJq3+BLB09zzdegSk
K1dJrobXCYNESmcQMT5diGwqLYkdOs3hh7Ehqut29njwCzVzNG3n43H9F15o9cUZ
6lAM8/Zb6ai+0KgVgwC40QJneVltDEFfXVr6wo/IJXnYNaRCPKQM5lsG09pxxopG
NVSsmUyeJI5bPWEm5vbuBL2JVhaCcMtTfAPHflqbtykE8eSVEWdTeCWPuGWcATB+
2sGp3cVR2W7+4CHpbcnrXolmP/OI3jXHbG1LvyRqg4Iw1jgtZ8wwjCEkdsPz3fED
g2+EtSYl/NLW7N8P4KQV9jzihYIfELBj9HQsEs5aPOstyjyxl12RxJvjw835v5ts
oa7qKQAHIwZsuaB34qK+DjI5coNeKRvDMy5mm0GL3TqmLLFEzSVpaTceGpdvNLi0
6k3RkuJzU0TwAoTShWyYu6AbV+8aHniBQbjzYs5sufRgDy9pjnfWzDqtUM+chTsm
WaxwhpHdpOomwAfZr8/Zaf0xIxP/M99SFKevntE04Ft93P8dKuLqFcNAjQkMdibY
UHrJ67nBllmDtlH8yGO9j4FD89O0QaBX4J3qGyIu5eE73/iibvo=
=J7vi
-----END PGP SIGNATURE-----
Merge 3.10.107 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.107: (270 commits)
Revert "Btrfs: don't delay inode ref updates during log, replay"
Btrfs: fix memory leak in reading btree blocks
ext4: use more strict checks for inodes_per_block on mount
ext4: fix in-superblock mount options processing
ext4: add sanity checking to count_overhead()
ext4: validate s_first_meta_bg at mount time
jbd2: don't leak modified metadata buffers on an aborted journal
ext4: fix fencepost in s_first_meta_bg validation
ext4: trim allocation requests to group size
ext4: preserve the needs_recovery flag when the journal is aborted
ext4: return EROFS if device is r/o and journal replay is needed
ext4: fix inode checksum calculation problem if i_extra_size is small
block: fix use-after-free in sys_ioprio_get()
block: allow WRITE_SAME commands with the SG_IO ioctl
block: fix del_gendisk() vs blkdev_ioctl crash
dm crypt: mark key as invalid until properly loaded
dm space map metadata: fix 'struct sm_metadata' leak on failed create
md/raid5: limit request size according to implementation limits
md:raid1: fix a dead loop when read from a WriteMostly disk
md linear: fix a race between linear_add() and linear_congested()
CIFS: Fix a possible memory corruption during reconnect
CIFS: Fix missing nls unload in smb2_reconnect()
CIFS: Fix a possible memory corruption in push locks
CIFS: remove bad_network_name flag
fs/cifs: make share unaccessible at root level mountable
cifs: Do not send echoes before Negotiate is complete
ocfs2: fix crash caused by stale lvb with fsdlm plugin
ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed()
can: raw: raw_setsockopt: limit number of can_filter that can be set
can: peak: fix bad memory access and free sequence
can: c_can_pci: fix null-pointer-deref in c_can_start() - set device pointer
can: ti_hecc: add missing prepare and unprepare of the clock
can: bcm: fix hrtimer/tasklet termination in bcm op removal
can: usb_8dev: Fix memory leak of priv->cmd_msg_buffer
ALSA: hda - Fix up GPIO for ASUS ROG Ranger
ALSA: seq: Fix race at creating a queue
ALSA: seq: Don't handle loop timeout at snd_seq_pool_done()
ALSA: timer: Reject user params with too small ticks
ALSA: seq: Fix link corruption by event error handling
ALSA: seq: Fix racy cell insertions during snd_seq_pool_done()
ALSA: seq: Fix race during FIFO resize
ALSA: seq: Don't break snd_use_lock_sync() loop by timeout
ALSA: usb-audio: Add QuickCam Communicate Deluxe/S7500 to volume_control_quirks
usb: gadgetfs: restrict upper bound on device configuration size
USB: gadgetfs: fix unbounded memory allocation bug
USB: gadgetfs: fix use-after-free bug
USB: gadgetfs: fix checks of wTotalLength in config descriptors
xhci: free xhci virtual devices with leaf nodes first
USB: serial: io_ti: bind to interface after fw download
usb: gadget: composite: always set ep->mult to a sensible value
USB: cdc-acm: fix double usb_autopm_put_interface() in acm_port_activate()
USB: cdc-acm: fix open and suspend race
USB: cdc-acm: fix failed open not being detected
usb: dwc3: gadget: make Set Endpoint Configuration macros safe
usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci controllers
usb: dwc3: gadget: delay unmap of bounced requests
usb: hub: Wait for connection to be reestablished after port reset
usb: gadget: composite: correctly initialize ep->maxpacket
USB: UHCI: report non-PME wakeup signalling for Intel hardware
arm/xen: Use alloc_percpu rather than __alloc_percpu
xfs: set AGI buffer type in xlog_recover_clear_agi_bucket
xfs: clear _XBF_PAGES from buffers when readahead page
ssb: Fix error routine when fallback SPROM fails
drivers/gpu/drm/ast: Fix infinite loop if read fails
scsi: avoid a permanent stop of the scsi device's request queue
scsi: move the nr_phys_segments assert into scsi_init_io
scsi: don't BUG_ON() empty DMA transfers
scsi: storvsc: properly handle SRB_ERROR when sense message is present
scsi: storvsc: properly set residual data length on errors
target/pscsi: Fix TYPE_TAPE + TYPE_MEDIMUM_CHANGER export
scsi: lpfc: Add shutdown method for kexec
scsi: sr: Sanity check returned mode data
scsi: sd: Fix capacity calculation with 32-bit sector_t
s390/vmlogrdr: fix IUCV buffer allocation
libceph: verify authorize reply on connect
nfs_write_end(): fix handling of short copies
powerpc/ps3: Fix system hang with GCC 5 builds
sg_write()/bsg_write() is not fit to be called under KERNEL_DS
ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it
cred/userns: define current_user_ns() as a function
net: ti: cpmac: Fix compiler warning due to type confusion
tick/broadcast: Prevent NULL pointer dereference
netvsc: reduce maximum GSO size
drop_monitor: add missing call to genlmsg_end
drop_monitor: consider inserted data in genlmsg_end
igmp: Make igmp group member RFC 3376 compliant
HID: hid-cypress: validate length of report
Input: xpad - use correct product id for x360w controllers
Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000
Input: iforce - validate number of endpoints before using them
Input: kbtab - validate number of endpoints before using them
Input: joydev - do not report stale values on first open
Input: tca8418 - use the interrupt trigger from the device tree
Input: mpr121 - handle multiple bits change of status register
Input: mpr121 - set missing event capability
Input: i8042 - add Clevo P650RS to the i8042 reset list
i2c: fix kernel memory disclosure in dev interface
vme: Fix wrong pointer utilization in ca91cx42_slave_get
sysrq: attach sysrq handler correctly for 32-bit kernel
pinctrl: sh-pfc: Do not unconditionally support PIN_CONFIG_BIAS_DISABLE
x86/PCI: Ignore _CRS on Supermicro X8DTH-i/6/iF/6F
qla2xxx: Fix crash due to null pointer access
ARM: 8634/1: hw_breakpoint: blacklist Scorpion CPUs
ARM: dts: da850-evm: fix read access to SPI flash
NFSv4: Ensure nfs_atomic_open set the dentry verifier on ENOENT
vmxnet3: Wake queue from reset work
Fix memory leaks in cifs_do_mount()
Compare prepaths when comparing superblocks
Move check for prefix path to within cifs_get_root()
Fix regression which breaks DFS mounting
apparmor: fix uninitialized lsm_audit member
apparmor: exec should not be returning ENOENT when it denies
apparmor: fix disconnected bind mnts reconnection
apparmor: internal paths should be treated as disconnected
apparmor: check that xindex is in trans_table bounds
apparmor: add missing id bounds check on dfa verification
apparmor: don't check for vmalloc_addr if kvzalloc() failed
apparmor: fix oops in profile_unpack() when policy_db is not present
apparmor: fix module parameters can be changed after policy is locked
apparmor: do not expose kernel stack
vfio/pci: Fix integer overflows, bitmask check
bna: Add synchronization for tx ring.
sg: Fix double-free when drives detach during SG_IO
move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon)
serial: 8250_pci: Detach low-level driver during PCI error recovery
bnx2x: Correct ringparam estimate when DOWN
tile/ptrace: Preserve previous registers for short regset write
sysctl: fix proc_doulongvec_ms_jiffies_minmax()
ISDN: eicon: silence misleading array-bounds warning
ARC: [arcompact] handle unaligned access delay slot corner case
parisc: Don't use BITS_PER_LONG in userspace-exported swab.h header
nfs: Don't increment lock sequence ID after NFS4ERR_MOVED
ipv6: addrconf: Avoid addrconf_disable_change() using RCU read-side lock
af_unix: move unix_mknod() out of bindlock
drm/nouveau/nv1a,nv1f/disp: fix memory clock rate retrieval
crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg
ata: sata_mv:- Handle return value of devm_ioremap.
mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone()
mm, fs: check for fatal signals in do_generic_file_read()
ARC: [arcompact] brown paper bag bug in unaligned access delay slot fixup
sched/debug: Don't dump sched debug info in SysRq-W
tcp: fix 0 divide in __tcp_select_window()
macvtap: read vnet_hdr_size once
packet: round up linear to header len
vfs: fix uninitialized flags in splice_to_pipe()
siano: make it work again with CONFIG_VMAP_STACK
futex: Move futex_init() to core_initcall
rtc: interface: ignore expired timers when enqueuing new timers
irda: Fix lockdep annotations in hashbin_delete().
tty: serial: msm: Fix module autoload
rtlwifi: rtl_usb: Fix for URB leaking when doing ifconfig up/down
af_packet: remove a stray tab in packet_set_ring()
MIPS: Fix special case in 64 bit IP checksumming.
mm: vmpressure: fix sending wrong events on underflow
ipc/shm: Fix shmat mmap nil-page protection
sd: get disk reference in sd_check_events()
samples/seccomp: fix 64-bit comparison macros
ath5k: drop bogus warning on drv_set_key with unsupported cipher
rdma_cm: fail iwarp accepts w/o connection params
NFSv4: fix getacl ERANGE for some ACL buffer sizes
bcma: use (get|put)_device when probing/removing device driver
powerpc/xmon: Fix data-breakpoint
KVM: VMX: use correct vmcs_read/write for guest segment selector/base
KVM: PPC: Book3S PR: Fix illegal opcode emulation
KVM: s390: fix task size check
s390: TASK_SIZE for kernel threads
xtensa: move parse_tag_fdt out of #ifdef CONFIG_BLK_DEV_INITRD
mac80211: flush delayed work when entering suspend
drm/ast: Fix test for VGA enabled
drm/ttm: Make sure BOs being swapped out are cacheable
fat: fix using uninitialized fields of fat_inode/fsinfo_inode
drivers: hv: Turn off write permission on the hypercall page
xhci: fix 10 second timeout on removal of PCI hotpluggable xhci controllers
crypto: improve gcc optimization flags for serpent and wp512
mtd: pmcmsp: use kstrndup instead of kmalloc+strncpy
cpmac: remove hopeless #warning
mvsas: fix misleading indentation
l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
net: don't call strlen() on the user buffer in packet_bind_spkt()
dccp: Unlock sock before calling sk_free()
tcp: fix various issues for sockets morphing to listen state
uapi: fix linux/packet_diag.h userspace compilation error
ipv6: avoid write to a possibly cloned skb
dccp: fix memory leak during tear-down of unsuccessful connection request
futex: Fix potential use-after-free in FUTEX_REQUEUE_PI
futex: Add missing error handling to FUTEX_REQUEUE_PI
give up on gcc ilog2() constant optimizations
cancel the setfilesize transation when io error happen
crypto: ghash-clmulni - Fix load failure
crypto: cryptd - Assign statesize properly
ACPI / video: skip evaluating _DOD when it does not exist
Drivers: hv: balloon: don't crash when memory is added in non-sorted order
s390/pci: fix use after free in dma_init
cpufreq: Fix and clean up show_cpuinfo_cur_freq()
igb: Workaround for igb i210 firmware issue
igb: add i211 to i210 PHY workaround
ipv4: provide stronger user input validation in nl_fib_input()
tcp: initialize icsk_ack.lrcvtime at session start time
ACM gadget: fix endianness in notifications
mmc: sdhci: Do not disable interrupts while waiting for clock
uvcvideo: uvc_scan_fallback() for webcams with broken chain
fbcon: Fix vc attr at deinit
crypto: algif_hash - avoid zero-sized array
virtio_balloon: init 1st buffer in stats vq
c6x/ptrace: Remove useless PTRACE_SETREGSET implementation
sparc/ptrace: Preserve previous registers for short regset write
metag/ptrace: Preserve previous registers for short regset write
metag/ptrace: Provide default TXSTATUS for short NT_PRSTATUS
metag/ptrace: Reject partial NT_METAG_RPIPE writes
libceph: force GFP_NOIO for socket allocations
ACPI: Fix incompatibility with mcount-based function graph tracing
ACPI / power: Avoid maybe-uninitialized warning
rtc: s35390a: make sure all members in the output are set
rtc: s35390a: implement reset routine as suggested by the reference
rtc: s35390a: improve irq handling
padata: avoid race in reordering
HID: hid-lg: Fix immediate disconnection of Logitech Rumblepad 2
HID: i2c-hid: Add sleep between POWER ON and RESET
drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()
drm/vmwgfx: avoid calling vzalloc with a 0 size in vmw_get_cap_3d_ioctl()
drm/vmwgfx: Remove getparam error message
drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
Reset TreeId to zero on SMB2 TREE_CONNECT
metag/usercopy: Drop unused macros
metag/usercopy: Zero rest of buffer from copy_from_user
powerpc: Don't try to fix up misaligned load-with-reservation instructions
mm/mempolicy.c: fix error handling in set_mempolicy and mbind.
mtd: bcm47xxpart: fix parsing first block after aligned TRX
net/packet: fix overflow in check for priv area size
x86/vdso: Plug race between mapping and ELF header setup
iscsi-target: Fix TMR reference leak during session shutdown
iscsi-target: Drop work-around for legacy GlobalSAN initiator
xen, fbfront: fix connecting to backend
char: lack of bool string made CONFIG_DEVPORT always on
platform/x86: acer-wmi: setup accelerometer when machine has appropriate notify event
platform/x86: acer-wmi: setup accelerometer when ACPI device was found
mm: Tighten x86 /dev/mem with zeroing reads
virtio-console: avoid DMA from stack
catc: Combine failure cleanup code in catc_probe()
catc: Use heap buffer for memory size test
net: ipv6: check route protocol when deleting routes
Drivers: hv: don't leak memory in vmbus_establish_gpadl()
Drivers: hv: get rid of timeout in vmbus_open()
ubi/upd: Always flush after prepared for an update
x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs
powerpc: Reject binutils 2.24 when building little endian
net/packet: fix overflow in check for tp_frame_nr
net/packet: fix overflow in check for tp_reserve
tty: nozomi: avoid a harmless gcc warning
hostap: avoid uninitialized variable use in hfa384x_get_rid
gfs2: avoid uninitialized variable warning
net: neigh: guard against NULL solicit() method
sctp: listen on the sock only when it's state is listening or closed
ip6mr: fix notification device destruction
MIPS: Fix crash registers on non-crashing CPUs
RDS: Fix the atomicity for congestion map update
xen/x86: don't lose event interrupts
p9_client_readdir() fix
nfsd: check for oversized NFSv2/v3 arguments
ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram
kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)
tun: read vnet_hdr_sz once
printk: use rcuidle console tracepoint
ipv6: check raw payload size correctly in ioctl
x86: standardize mmap_rnd() usage
x86/mm/32: Enable full randomization on i386 and X86_32
mm: larger stack guard gap, between vmas
mm: fix new crash in unmapped_area_topdown()
Allow stack to grow up to address space limit
Linux 3.10.107
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
arch/x86/mm/mmap.c
drivers/mmc/host/sdhci.c
drivers/usb/host/xhci-plat.c
fs/ext4/super.c
kernel/sched/core.c
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJZQspmAAoJEE44bZycYXAvLXMP/3Uqx7K7dGjHvvhGA4DhnzSp
bGLpjeP1sXXnnd932PN+qkGbl2j/NPjS74DobDqGWnrwxKRzQ21F4YkWJGtb4Pe2
JKcY7y2rbKGcwhpS9qDMkSWuaUKJWF5MAsH08LnCWqlGphGwAH/uPTdqS4iI/CJM
aQvaaITe5SVzvpvpyoCVdHqu8K+Ukraf91mvt7hlmrn9OnqO9us9MWulw5sSXQcd
pM8ZbRkBDE5OFeVnPKJDBY+cR2ML41wekMMwvJWt7uRyrX2i5c7oQVXYoeYE4MKx
Pueb7aG7LQwBUzNJCiZA6PAEFQPwNPCoxHZbAax0D6/JyDWOZukappquzjd6gLDM
+U7mxeFTeNZJ5v9tUcUIOb4GaaFcccS3wdDP23V2N8iM88hFVwJn0RSy/pksX37+
ZNDiEyDeJBjz3kh/Kf40zhFIIrABMozFeX3tpSRVVqXb+T6P9l8Y88O2LGY5FCXK
QBbAC+jC4X4YI+4v+QWImg9mkfTwzZyjyAlfyjPlHVSK9KDP9M6LXpr2+jKS7jOc
ievMOh9ku0HIVuSWGUKZSqjvcF01Bh99tFlX+KqipomwNTwa4hKCLmnOVflF1BPE
8sfD9hvenA0e949kXrURUmqpg6Ujkrbb/lXuD7e2CakCu+XjEMf317R11TyTsHNG
10hsmPsGDVcwbyFOFHS3
=mvzl
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqfEUACgkQmXOSYMts
txbJOQ/+Pce1eBSgjESWKuz0OP9BfAe9RpWFi7lBZ/EgRwJVYEx6jau9EYXAQ7YT
roCIsV6eufhMplYGHJz6EHxK2Hieb1zG9ooX9ss9GxiB6qmqeqC0Slm9EQE15yGT
px3fVz9r86edqjtj7UKK0/n8DJUaFh5LWOymLD3d3/115RYQsl/GowugH9F79PvN
pR+OyXq7srtfCmwdhZ65012Ef10RXqBRv0fCYBH6r+jkMqb7uSDFzdR39Z7k3QFk
AM4+3lTm6EEZ4xZkcMyX3GuQWslpPAlvFdEx43TjdCbseXAqURoppmxvz+Izum75
fy0oOdKl5OSpyZArRkUfZ0MnL6BHGcKxwYV4u1LupwvqPyaUT4yiT5VEUdy9EqJo
Syrr0oSR2lrXqQESdxKkmOZVXyul0nF3Fh1p5QlU1/Id9oskMLYqcXegFyhr2Wyp
+A4ZozljEQ4AGm4dYFdH3w8TcNDttjztYoKf8OXnaCOj3p/SEq84tk4Hm3vpoPvh
5OzsZC3UB9gJ1mXsKOVKLJFCPzmg61KOvwhopfAcC6cyiIIf/MPCneZeOzsavtQX
J+atSNcLVNE3jmrXvUrwxSpZ3KCc3Ti5Q8pD9ni6/B6st2+LO8EXPrS6n2+28nvu
hVpjyCXLbghdmn1mjOGW9lvMQEg/Dupj/ocpCPHJnXpbpM8Mcjo=
=3eAv
-----END PGP SIGNATURE-----
Merge 3.10.106 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.106: (252 commits)
packet: fix race condition in packet_set_ring
crypto: crypto_memneq - add equality testing of memory regions w/o timing leaks
EVM: Use crypto_memneq() for digest comparisons
libceph: don't set weight to IN when OSD is destroyed
KVM: x86: fix emulation of "MOV SS, null selector"
KVM: x86: Introduce segmented_write_std
posix_acl: Clear SGID bit when setting file permissions
tmpfs: clear S_ISGID when setting posix ACLs
fbdev: color map copying bounds checking
selinux: fix off-by-one in setprocattr
tcp: avoid infinite loop in tcp_splice_read()
xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder
KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
KEYS: Change the name of the dead type to ".dead" to prevent user access
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
ext4: fix data exposure after a crash
locking/rtmutex: Prevent dequeue vs. unlock race
m68k: Fix ndelay() macro
hotplug: Make register and unregister notifier API symmetric
Btrfs: fix tree search logic when replaying directory entry deletes
USB: serial: kl5kusb105: fix open error path
block_dev: don't test bdev->bd_contains when it is not stable
crypto: caam - fix AEAD givenc descriptors
ext4: fix mballoc breakage with 64k block size
ext4: fix stack memory corruption with 64k block size
ext4: reject inodes with negative size
ext4: return -ENOMEM instead of success
f2fs: set ->owner for debugfs status file's file_operations
block: protect iterate_bdevs() against concurrent close
scsi: zfcp: fix use-after-"free" in FC ingress path after TMF
scsi: zfcp: do not trace pure benign residual HBA responses at default level
scsi: zfcp: fix rport unblock race with LUN recovery
ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps to it
IB/mad: Fix an array index check
IB/multicast: Check ib_find_pkey() return value
powerpc: Convert cmp to cmpd in idle enter sequence
usb: gadget: composite: Test get_alt() presence instead of set_alt()
USB: serial: omninet: fix NULL-derefs at open and disconnect
USB: serial: quatech2: fix sleep-while-atomic in close
USB: serial: pl2303: fix NULL-deref at open
USB: serial: keyspan_pda: verify endpoints at probe
USB: serial: spcp8x5: fix NULL-deref at open
USB: serial: io_ti: fix NULL-deref at open
USB: serial: io_ti: fix another NULL-deref at open
USB: serial: iuu_phoenix: fix NULL-deref at open
USB: serial: garmin_gps: fix memory leak on failed URB submit
USB: serial: ti_usb_3410_5052: fix NULL-deref at open
USB: serial: io_edgeport: fix NULL-deref at open
USB: serial: oti6858: fix NULL-deref at open
USB: serial: cyberjack: fix NULL-deref at open
USB: serial: kobil_sct: fix NULL-deref in write
USB: serial: mos7840: fix NULL-deref at open
USB: serial: mos7720: fix NULL-deref at open
USB: serial: mos7720: fix use-after-free on probe errors
USB: serial: mos7720: fix parport use-after-free on probe errors
USB: serial: mos7720: fix parallel probe
usb: xhci-mem: use passed in GFP flags instead of GFP_KERNEL
usb: musb: Fix trying to free already-free IRQ 4
ALSA: usb-audio: Fix bogus error return in snd_usb_create_stream()
USB: serial: kl5kusb105: abort on open exception path
staging: iio: ad7606: fix improper setting of oversampling pins
usb: dwc3: gadget: always unmap EP0 requests
cris: Only build flash rescue image if CONFIG_ETRAX_AXISFLASHMAP is selected
hwmon: (ds620) Fix overflows seen when writing temperature limits
clk: clk-wm831x: fix a logic error
iommu/amd: Fix the left value check of cmd buffer
scsi: mvsas: fix command_active typo
target/iscsi: Fix double free in lio_target_tiqn_addtpg()
mmc: mmc_test: Uninitialized return value
powerpc/pci/rpadlpar: Fix device reference leaks
ser_gigaset: return -ENOMEM on error instead of success
net, sched: fix soft lockup in tc_classify
net: stmmac: Fix race between stmmac_drv_probe and stmmac_open
gro: Enter slow-path if there is no tailroom
gro: use min_t() in skb_gro_reset_offset()
gro: Disable frag0 optimization on IPv6 ext headers
powerpc: Fix build warning on 32-bit PPC
Input: i8042 - add Pegatron touchpad to noloop table
mm/hugetlb.c: fix reservation race when freeing surplus pages
USB: serial: kl5kusb105: fix line-state error handling
USB: serial: ch341: fix initial modem-control state
USB: serial: ch341: fix open error handling
USB: serial: ch341: fix control-message error handling
USB: serial: ch341: fix open and resume after B0
USB: serial: ch341: fix resume after reset
USB: serial: ch341: fix modem-control and B0 handling
x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option
NFSv4.1: nfs4_fl_prepare_ds must be careful about reporting success.
powerpc/ibmebus: Fix further device reference leaks
powerpc/ibmebus: Fix device reference leaks in sysfs interface
IB/mlx4: Set traffic class in AH
IB/mlx4: Fix port query for 56Gb Ethernet links
perf scripting: Avoid leaking the scripting_context variable
ARM: dts: imx31: fix clock control module interrupts description
svcrpc: don't leak contexts on PROC_DESTROY
mmc: mxs-mmc: Fix additional cycles after transmission stop
mtd: nand: xway: disable module support
ubifs: Fix journal replay wrt. xattr nodes
arm64/ptrace: Preserve previous registers for short regset write
arm64/ptrace: Avoid uninitialised struct padding in fpr_set()
arm64/ptrace: Reject attempts to set incomplete hardware breakpoint fields
ARM: ux500: fix prcmu_is_cpu_in_wfi() calculation
ite-cir: initialize use_demodulator before using it
fuse: do not use iocb after it may have been freed
crypto: caam - fix non-hmac hashes
drm/i915: Don't leak edid in intel_crt_detect_ddc()
s5k4ecgx: select CRC32 helper
platform/x86: intel_mid_powerbtn: Set IRQ_ONESHOT
net: fix harmonize_features() vs NETIF_F_HIGHDMA
tcp: initialize max window for a new fastopen socket
svcrpc: fix oops in absence of krb5 module
ARM: 8643/3: arm/ptrace: Preserve previous registers for short regset write
mac80211: Fix adding of mesh vendor IEs
scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed send
drm/i915: fix use-after-free in page_flip_completed()
net: use a work queue to defer net_disable_timestamp() work
ipv4: keep skb->dst around in presence of IP options
netlabel: out of bound access in cipso_v4_validate()
ip6_gre: fix ip6gre_err() invalid reads
ping: fix a null pointer dereference
l2tp: do not use udp_ioctl()
packet: fix races in fanout_add()
packet: Do not call fanout_release from atomic contexts
net: socket: fix recvmmsg not returning error from sock_error
USB: serial: mos7840: fix another NULL-deref at open
USB: serial: ftdi_sio: fix modem-status error handling
USB: serial: ftdi_sio: fix extreme low-latency setting
USB: serial: ftdi_sio: fix line-status over-reporting
USB: serial: spcp8x5: fix modem-status handling
USB: serial: opticon: fix CTS retrieval at open
USB: serial: ark3116: fix register-accessor error handling
x86/platform/goldfish: Prevent unconditional loading
goldfish: Sanitize the broken interrupt handler
ocfs2: do not write error flag to user structure we cannot copy from/to
mfd: pm8921: Potential NULL dereference in pm8921_remove()
drm/nv50/disp: min/max are reversed in nv50_crtc_gamma_set()
net: 6lowpan: fix lowpan_header_create non-compression memcpy call
vti4: Don't count header length twice.
net/sched: em_meta: Fix 'meta vlan' to correctly recognize zero VID frames
MIPS: OCTEON: Fix copy_from_user fault handling for large buffers
MIPS: Clear ISA bit correctly in get_frame_info()
MIPS: Prevent unaligned accesses during stack unwinding
MIPS: Fix get_frame_info() handling of microMIPS function size
MIPS: Fix is_jump_ins() handling of 16b microMIPS instructions
MIPS: Calculate microMIPS ra properly when unwinding the stack
MIPS: Handle microMIPS jumps in the same way as MIPS32/MIPS64 jumps
uvcvideo: Fix a wrong macro
scsi: aacraid: Reorder Adapter status check
ath9k: use correct OTP register offsets for the AR9340 and AR9550
fuse: add missing FR_FORCE
RDMA/core: Fix incorrect structure packing for booleans
NFSv4: fix getacl head length estimation
s390/qdio: clear DSCI prior to scanning multiple input queues
IB/ipoib: Fix deadlock between rmmod and set_mode
ktest: Fix child exit code processing
nlm: Ensure callback code also checks that the files match
dm: flush queued bios when process blocks to avoid deadlock
USB: serial: digi_acceleport: fix OOB data sanity check
USB: serial: digi_acceleport: fix OOB-event processing
MIPS: ip27: Disable qlge driver in defconfig
tracing: Add #undef to fix compile error
USB: serial: safe_serial: fix information leak in completion handler
USB: serial: omninet: fix reference leaks at open
USB: iowarrior: fix NULL-deref at probe
USB: iowarrior: fix NULL-deref in write
USB: serial: io_ti: fix NULL-deref in interrupt callback
USB: serial: io_ti: fix information leak in completion handler
vxlan: correctly validate VXLAN ID against VXLAN_N_VID
ipv4: mask tos for input route
locking/static_keys: Add static_key_{en,dis}able() helpers
net: net_enable_timestamp() can be called from irq contexts
dccp/tcp: fix routing redirect race
net sched actions: decrement module reference count after table flush.
perf/core: Fix event inheritance on fork()
isdn/gigaset: fix NULL-deref at probe
xen: do not re-use pirq number cached in pci device msi msg data
net: properly release sk_frag.page
net: unix: properly re-increment inflight counter of GC discarded candidates
Input: ims-pcu - validate number of endpoints before using them
Input: hanwang - validate number of endpoints before using them
Input: yealink - validate number of endpoints before using them
Input: cm109 - validate number of endpoints before using them
USB: uss720: fix NULL-deref at probe
USB: idmouse: fix NULL-deref at probe
USB: wusbcore: fix NULL-deref at probe
uwb: i1480-dfu: fix NULL-deref at probe
uwb: hwa-rc: fix NULL-deref at probe
mmc: ushc: fix NULL-deref at probe
ext4: mark inode dirty after converting inline directory
scsi: libsas: fix ata xfer length
ALSA: ctxfi: Fallback DMA mask to 32bit
ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call
ACPI / PNP: Avoid conflicting resource reservations
ACPI / resources: free memory on error in add_region_before()
ACPI / PNP: Reserve ACPI resources at the fs_initcall_sync stage
USB: OHCI: Fix race between ED unlink and URB submission
i2c: at91: manage unexpected RXRDY flag when starting a transfer
ipv4: igmp: Allow removing groups from a removed interface
ptrace: fix PTRACE_LISTEN race corrupting task->state
ring-buffer: Fix return value check in test_ringbuffer()
metag/usercopy: Fix alignment error checking
metag/usercopy: Add early abort to copy_to_user
metag/usercopy: Set flags before ADDZ
metag/usercopy: Fix src fixup in from user rapf loops
metag/usercopy: Add missing fixups
s390/decompressor: fix initrd corruption caused by bss clear
net/mlx4_en: Fix bad WQE issue
net/mlx4_core: Fix racy CQ (Completion Queue) free
char: Drop bogus dependency of DEVPORT on !M68K
powerpc: Disable HFSCR[TM] if TM is not supported
pegasus: Use heap buffers for all register access
rtl8150: Use heap buffers for all register access
tracing: Allocate the snapshot buffer before enabling probe
ring-buffer: Have ring_buffer_iter_empty() return true when empty
netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel
net: phy: handle state correctly in phy_stop_machine
l2tp: take reference on sessions being dumped
MIPS: KGDB: Use kernel context for sleeping threads
ARM: dts: imx31: move CCM device node to AIPS2 bus devices
ARM: dts: imx31: fix AVIC base address
tun: Fix TUN_PKT_STRIP setting
Staging: vt6655-6: potential NULL dereference in hostap_disable_hostapd()
net: sctp: rework multihoming retransmission path selection to rfc4960
perf trace: Use the syscall raw_syscalls:sys_enter timestamp
USB: usbtmc: add missing endpoint sanity check
ping: implement proper locking
USB: fix problems with duplicate endpoint addresses
USB: dummy-hcd: fix bug in stop_activity (handle ep0)
mm/init: fix zone boundary creation
can: Fix kernel panic at security_sock_rcv_skb
Drivers: hv: avoid vfree() on crash
xc2028: avoid use after free
xc2028: unlock on error in xc2028_set_config()
xc2028: Fix use-after-free bug properly
ipv6: fix ip6_tnl_parse_tlv_enc_lim()
ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()
ipv6: fix the use of pcpu_tstats in ip6_tunnel
sctp: avoid BUG_ON on sctp_wait_for_sndbuf
sctp: deny peeloff operation on asocs with threads sleeping on it
KVM: x86: clear bus pointer when destroyed
kvm: exclude ioeventfd from counting kvm_io_range limit
KVM: kvm_io_bus_unregister_dev() should never fail
TTY: n_hdlc, fix lockdep false positive
tty: n_hdlc: get rid of racy n_hdlc.tbuf
ipv6: handle -EFAULT from skb_copy_bits
fs: exec: apply CLOEXEC before changing dumpable task flags
mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp
dccp/tcp: do not inherit mc_list from parent
char: lp: fix possible integer overflow in lp_setup()
dccp: fix freeing skb too early for IPV6_RECVPKTINFO
Linux 3.10.106
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
drivers/mfd/pm8921-core.c
include/linux/cpu.h
kernel/cpu.c
net/ipv4/inet_connection_sock.c
net/ipv4/ping.c
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJYnZNdAAoJEE44bZycYXAvJv0P/jpPc+jKb+D0FVUOiYDkY5Rw
jxsZ3oeruTIeSFAAIzusVMLm9moBJA6DThuTHU5Kt68mRaKB2lgmqwkkvQAPTSYh
tnDQwlrF7dOSVmPczJFHalpaLpRdXdQP9r8y+38PibaFZPssKdnZr3BBfdOdi5DT
lj029AGKfG7co6Hb/iAhsxuAFfPmvGHY4QNwJ2FRbU1m6MDtmCTbXzF0fc6X5AW1
qrtaWwPulJtZ/5MPk7aFyNpuCpNvIaTEqNaQsZbuz3bHfzDQVLerWze98vgHC0QM
2YOTP6TnEiHhxHGMb9SywUgSV1ylx0X542YDfxmcfyxBWRr0khlxQh1gpX+waqE3
pqdSlvN7AFzifw6kubbG2/XjkNvFtJcDTgrL3qco4utIezSijXmoOsDpKNnJuzk/
kSD5WYd+Q1CSHOkqZX29QPw1Dl/7Ftm7GPfxu7Pis1OBuPByqtRkEfmn9DpiKSs5
Aja0ljZYiQ3jy3fH+WlEzo6PVSxx0ZxKg0fOShlpgjj8KjMUdGfl9cB1OZxyWnNH
UiQ9iIWd3tJci7WbsBOfawsQpq3EIJxZKjyUmLYpBht5/YenYxOBDCr/CLJDQBGI
IQUPAs/E1JGDxGTUY3AmsaMVrcX2yOfhLzjrsVJGqSdote0um+2PdTLZHE4MMiz2
Dh6CbUVYWS1KNgmQ8T8L
=k5mW
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqeiwACgkQmXOSYMts
txaBAQ/+KqZh90YZI+gRHGdczbo3XnlryHMdpp+DTIFtN3zU+2LM352oP+haoJfr
YhNsixcMhW5TX0is5fg4SkIc0B3ooGKZLVKOPIRw+1NLBAVG5yVuYxW7I1faJgk6
F37+4rvq7KAOPCNMjAEXRt7GqZ4WZjgvgKy+u5wzKh3k5kUylqDwlP2qdgx2L5Rc
IxyxgOuaVGV6dZTyAyRlRMild5Tlz+SMY4pWoMe0sulDDXhd5/5PnGNVIgh+XqB6
m0AGkIIzPVe+wmg6n1iYs93dQO0Jmu6DL47Zv4f3ASZNL/XVSLvU9ie63FyWGZXG
e52qAPtztXInEOo15vPQSAAq7McZHDTzhHhsU/ZtkBT+LeSUU+rsxXddJ2EO5UgC
O3cVm11x1FWMzbBtFNFtkqeri2Y2OxvU4O81mfNP1oOUQBTMeSHTzQ8psbCdXeEr
ktSOtI+nakPmDE3aq4YSaz7BwSgt2tU/vZehkrTxtAQJxt0b88r2xFfThy5WScT1
v6muoqxlprjjvFld7v99P8cXxJq4QrxKUxXtEBTdB79Q5xtCC29OAcTelpPFDCED
/KpgZflubzH/Z872AW9Ru8OL9PYty6hBNDOP4aHLSFWfCu3KQxL6BMEeqi5qBjBX
mJ8JT0dCQYP6xONIWq6a3fICroNMazhNFxdpPSfsQFRhujhjGPg=
=zhKv
-----END PGP SIGNATURE-----
Merge 3.10.105 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.105: (315 commits)
sched/core: Fix a race between try_to_wake_up() and a woken up task
sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule()
crypto: algif_skcipher - Require setkey before accept(2)
crypto: af_alg - Disallow bind/setkey/... after accept(2)
crypto: af_alg - Add nokey compatibility path
crypto: algif_skcipher - Add nokey compatibility path
crypto: hash - Add crypto_ahash_has_setkey
crypto: shash - Fix has_key setting
crypto: algif_hash - Require setkey before accept(2)
crypto: skcipher - Add crypto_skcipher_has_setkey
crypto: algif_skcipher - Add key check exception for cipher_null
crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey path
crypto: algif_hash - Remove custom release parent function
crypto: algif_skcipher - Remove custom release parent function
crypto: af_alg - Forbid bind(2) when nokey child sockets are present
crypto: algif_hash - Fix race condition in hash_check_key
crypto: algif_skcipher - Fix race condition in skcipher_check_key
crypto: algif_skcipher - Load TX SG list after waiting
crypto: cryptd - initialize child shash_desc on import
crypto: skcipher - Fix blkcipher walk OOM crash
crypto: gcm - Fix IV buffer size in crypto_gcm_setkey
MIPS: KVM: Fix unused variable build warning
KVM: MIPS: Precalculate MMIO load resume PC
KVM: MIPS: Drop other CPU ASIDs on guest MMU changes
KVM: nVMX: postpone VMCS changes on MSR_IA32_APICBASE write
KVM: MIPS: Make ERET handle ERL before EXL
KVM: x86: fix wbinvd_dirty_mask use-after-free
KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
KVM: Disable irq while unregistering user notifier
PM / devfreq: Fix incorrect type issue.
ppp: defer netns reference release for ppp channel
x86/mm/xen: Suppress hugetlbfs in PV guests
xen: Add RING_COPY_REQUEST()
xen-netback: don't use last request to determine minimum Tx credit
xen-netback: use RING_COPY_REQUEST() throughout
xen-blkback: only read request operation from shared ring once
xen/pciback: Save xen_pci_op commands before processing it
xen/pciback: Save the number of MSI-X entries to be copied later.
xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled
xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI or MSI-X enabled
xen/pciback: Do not install an IRQ handler for MSI interrupts.
xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled.
xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
xen-pciback: Add name prefix to global 'permissive' variable
x86/xen: fix upper bound of pmd loop in xen_cleanhighmap()
x86/traps: Ignore high word of regs->cs in early_idt_handler_common
x86/mm: Disable preemption during CR3 read+write
x86/apic: Do not init irq remapping if ioapic is disabled
x86/mm/pat, /dev/mem: Remove superfluous error message
x86/paravirt: Do not trace _paravirt_ident_*() functions
x86/build: Build compressed x86 kernels as PIE
x86/um: reuse asm-generic/barrier.h
iommu/amd: Update Alias-DTE in update_device_table()
iommu/amd: Free domain id when free a domain of struct dma_ops_domain
ARM: 8616/1: dt: Respect property size when parsing CPUs
ARM: 8618/1: decompressor: reset ttbcr fields to use TTBR0 on ARMv7
ARM: sa1100: clear reset status prior to reboot
ARM: sa1111: fix pcmcia suspend/resume
arm64: avoid returning from bad_mode
arm64: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
arm64: spinlocks: implement smp_mb__before_spinlock() as smp_mb()
arm64: debug: avoid resetting stepping state machine when TIF_SINGLESTEP
MIPS: Malta: Fix IOCU disable switch read for MIPS64
MIPS: ptrace: Fix regs_return_value for kernel context
powerpc/mm: Don't alias user region to other regions below PAGE_OFFSET
powerpc/vdso64: Use double word compare on pointers
powerpc/powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data()
powerpc/64: Fix incorrect return value from __copy_tofrom_user
powerpc/nvram: Fix an incorrect partition merge
avr32: fix copy_from_user()
avr32: fix 'undefined reference to `___copy_from_user'
avr32: off by one in at32_init_pio()
s390/dasd: fix hanging device after clear subchannel
parisc: Ensure consistent state when switching to kernel stack at syscall entry
microblaze: fix __get_user()
microblaze: fix copy_from_user()
mn10300: failing __get_user() and get_user() should zero
m32r: fix __get_user()
sh64: failing __get_user() should zero
score: fix __get_user/get_user
s390: get_user() should zero on failure
ARC: uaccess: get_user to zero out dest in cause of fault
asm-generic: make get_user() clear the destination on errors
frv: fix clear_user()
cris: buggered copy_from_user/copy_to_user/clear_user
blackfin: fix copy_from_user()
score: fix copy_from_user() and friends
sh: fix copy_from_user()
hexagon: fix strncpy_from_user() error return
mips: copy_from_user() must zero the destination on access_ok() failure
asm-generic: make copy_from_user() zero the destination properly
alpha: fix copy_from_user()
metag: copy_from_user() should zero the destination on access_ok() failure
parisc: fix copy_from_user()
openrisc: fix copy_from_user()
openrisc: fix the fix of copy_from_user()
mn10300: copy_from_user() should zero on access_ok() failure...
sparc32: fix copy_from_user()
ppc32: fix copy_from_user()
ia64: copy_from_user() should zero the destination on access_ok() failure
fix fault_in_multipages_...() on architectures with no-op access_ok()
fix memory leaks in tracing_buffers_splice_read()
arc: don't leak bits of kernel stack into coredump
Fix potential infoleak in older kernels
swapfile: fix memory corruption via malformed swapfile
coredump: fix unfreezable coredumping task
usb: dwc3: gadget: increment request->actual once
USB: validate wMaxPacketValue entries in endpoint descriptors
USB: fix typo in wMaxPacketSize validation
usb: xhci: Fix panic if disconnect
USB: serial: fix memleak in driver-registration error path
USB: kobil_sct: fix non-atomic allocation in write path
USB: serial: mos7720: fix non-atomic allocation in write path
USB: serial: mos7840: fix non-atomic allocation in write path
usb: renesas_usbhs: fix clearing the {BRDY,BEMP}STS condition
USB: change bInterval default to 10 ms
usb: gadget: fsl_qe_udc: signedness bug in qe_get_frame()
USB: serial: cp210x: fix hardware flow-control disable
usb: misc: legousbtower: Fix NULL pointer deference
usb: gadget: function: u_ether: don't starve tx request queue
USB: serial: cp210x: fix tiocmget error handling
usb: gadget: u_ether: remove interrupt throttling
usb: chipidea: move the lock initialization to core file
Fix USB CB/CBI storage devices with CONFIG_VMAP_STACK=y
ALSA: rawmidi: Fix possible deadlock with virmidi registration
ALSA: timer: fix NULL pointer dereference in read()/ioctl() race
ALSA: timer: fix division by zero after SNDRV_TIMER_IOCTL_CONTINUE
ALSA: timer: fix NULL pointer dereference on memory allocation failure
ALSA: ali5451: Fix out-of-bound position reporting
ALSA: pcm : Call kill_fasync() in stream lock
zfcp: fix fc_host port_type with NPIV
zfcp: fix ELS/GS request&response length for hardware data router
zfcp: close window with unblocked rport during rport gone
zfcp: retain trace level for SCSI and HBA FSF response records
zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace
zfcp: trace on request for open and close of WKA port
zfcp: restore tracing of handle for port and LUN with HBA records
zfcp: fix D_ID field with actual value on tracing SAN responses
zfcp: fix payload trace length for SAN request&response
zfcp: trace full payload of all SAN records (req,resp,iels)
scsi: zfcp: spin_lock_irqsave() is not nestable
scsi: mpt3sas: Fix secure erase premature termination
scsi: mpt3sas: Unblock device after controller reset
scsi: mpt3sas: fix hang on ata passthrough commands
mpt2sas: Fix secure erase premature termination
scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices
scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression
scsi: ibmvfc: Fix I/O hang when port is not mapped
scsi: Fix use-after-free
scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer()
scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded
scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
ext4: validate that metadata blocks do not overlap superblock
ext4: avoid modifying checksum fields directly during checksum verification
ext4: use __GFP_NOFAIL in ext4_free_blocks()
ext4: reinforce check of i_dtime when clearing high fields of uid and gid
ext4: allow DAX writeback for hole punch
ext4: sanity check the block and cluster size at mount time
reiserfs: fix "new_insert_key may be used uninitialized ..."
reiserfs: Unlock superblock before calling reiserfs_quota_on_mount()
xfs: fix superblock inprogress check
libxfs: clean up _calc_dquots_per_chunk
btrfs: ensure that file descriptor used with subvol ioctls is a dir
ocfs2/dlm: fix race between convert and migration
ocfs2: fix start offset to ocfs2_zero_range_for_truncate()
ubifs: Fix assertion in layout_in_gaps()
ubifs: Fix xattr_names length in exit paths
UBIFS: Fix possible memory leak in ubifs_readdir()
ubifs: Abort readdir upon error
ubifs: Fix regression in ubifs_readdir()
UBI: fastmap: scrub PEB when bitflips are detected in a free PEB EC header
NFSv4.x: Fix a refcount leak in nfs_callback_up_net
NFSD: Using free_conn free connection
NFS: Don't drop CB requests with invalid principals
NFSv4: Open state recovery must account for file permission changes
fs/seq_file: fix out-of-bounds read
fs/super.c: fix race between freeze_super() and thaw_super()
isofs: Do not return EACCES for unknown filesystems
hostfs: Freeing an ERR_PTR in hostfs_fill_sb_common()
driver core: Delete an unnecessary check before the function call "put_device"
driver core: fix race between creating/querying glue dir and its cleanup
drm/radeon: fix radeon_move_blit on 32bit systems
drm: Reject page_flip for !DRIVER_MODESET
drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to on
qxl: check for kmap failures
Input: i8042 - break load dependency between atkbd/psmouse and i8042
Input: i8042 - set up shared ps2_cmd_mutex for AUX ports
Input: ili210x - fix permissions on "calibrate" attribute
hwrng: exynos - Disable runtime PM on probe failure
hwrng: omap - Fix assumption that runtime_get_sync will always succeed
hwrng: omap - Only fail if pm_runtime_get_sync returns < 0
i2c-eg20t: fix race between i2c init and interrupt enable
em28xx-i2c: rt_mutex_trylock() returns zero on failure
i2c: core: fix NULL pointer dereference under race condition
i2c: at91: fix write transfers by clearing pending interrupt first
iio: accel: kxsd9: Fix raw read return
iio: accel: kxsd9: Fix scaling bug
thermal: hwmon: Properly report critical temperature in sysfs
cdc-acm: fix wrong pipe type on rx interrupt xfers
timers: Use proper base migration in add_timer_on()
EDAC: Increment correct counter in edac_inc_ue_error()
IB/ipoib: Fix memory corruption in ipoib cm mode connect flow
IB/core: Fix use after free in send_leave function
IB/ipoib: Don't allow MC joins during light MC flush
IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV
IB/mlx4: Fix create CQ error flow
IB/uverbs: Fix leak of XRC target QPs
IB/cm: Mark stale CM id's whenever the mad agent was unregistered
mtd: blkdevs: fix potential deadlock + lockdep warnings
mtd: pmcmsp-flash: Allocating too much in init_msp_flash()
mtd: nand: davinci: Reinitialize the HW ECC engine in 4bit hwctl
perf symbols: Fixup symbol sizes before picking best ones
perf: Tighten (and fix) the grouping condition
tty: Prevent ldisc drivers from re-using stale tty fields
tty: limit terminal size to 4M chars
tty: vt, fix bogus division in csi_J
vt: clear selection before resizing
drivers/vfio: Rework offsetofend()
include/stddef.h: Move offsetofend() from vfio.h to a generic kernel header
stddef.h: move offsetofend inside #ifndef/#endif guard, neaten
ipv6: don't call fib6_run_gc() until routing is ready
ipv6: split duplicate address detection and router solicitation timer
ipv6: move DAD and addrconf_verify processing to workqueue
ipv6: addrconf: fix dev refcont leak when DAD failed
ipv6: fix rtnl locking in setsockopt for anycast and multicast
ip6_gre: fix flowi6_proto value in ip6gre_xmit_other()
ipv6: correctly add local routes when lo goes up
ipv6: dccp: fix out of bound access in dccp_v6_err()
ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
ip6_tunnel: Clear IP6CB in ip6tunnel_xmit()
ip6_tunnel: disable caching when the traffic class is inherited
net/irda: handle iriap_register_lsap() allocation failure
tcp: fix use after free in tcp_xmit_retransmit_queue()
tcp: properly scale window in tcp_v[46]_reqsk_send_ack()
tcp: fix overflow in __tcp_retransmit_skb()
tcp: fix wrong checksum calculation on MTU probing
tcp: take care of truncations done by sk_filter()
bonding: Fix bonding crash
net: ratelimit warnings about dst entry refcount underflow or overflow
mISDN: Support DR6 indication in mISDNipac driver
mISDN: Fixing missing validation in base_sock_bind()
net: disable fragment reassembly if high_thresh is set to zero
ipvs: count pre-established TCP states as active
iwlwifi: pcie: fix access to scratch buffer
svc: Avoid garbage replies when pc_func() returns rpc_drop_reply
brcmsmac: Free packet if dma_mapping_error() fails in dma_rxfill
brcmsmac: Initialize power in brcms_c_stf_ss_algo_channel_get()
brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()
pstore: Fix buffer overflow while write offset equal to buffer size
net/mlx4_core: Allow resetting VF admin mac to zero
firewire: net: guard against rx buffer overflows
firewire: net: fix fragmented datagram_size off-by-one
netfilter: fix namespace handling in nf_log_proc_dostring
can: bcm: fix warning in bcm_connect/proc_register
net: fix sk_mem_reclaim_partial()
net: avoid sk_forward_alloc overflows
ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route
packet: call fanout_release, while UNREGISTERING a netdev
net: sctp, forbid negative length
sctp: validate chunk len before actually using it
net: clear sk_err_soft in sk_clone_lock()
net: mangle zero checksum in skb_checksum_help()
dccp: do not send reset to already closed sockets
dccp: fix out of bound access in dccp_v4_err()
sctp: assign assoc_id earlier in __sctp_connect
neigh: check error pointer instead of NULL for ipv4_neigh_lookup()
ipv4: use new_gw for redirect neigh lookup
mac80211: fix purging multicast PS buffer queue
mac80211: discard multicast and 4-addr A-MSDUs
cfg80211: limit scan results cache size
mwifiex: printk() overflow with 32-byte SSIDs
ipv4: Set skb->protocol properly for local output
net: sky2: Fix shutdown crash
kaweth: fix firmware download
tracing: Move mutex to protect against resetting of seq data
kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd
Revert "ipc/sem.c: optimize sem_lock()"
cfq: fix starvation of asynchronous writes
drbd: Fix kernel_sendmsg() usage - potential NULL deref
lib/genalloc.c: start search from start of chunk
tools/vm/slabinfo: fix an unintentional printf
rcu: Fix soft lockup for rcu_nocb_kthread
ratelimit: fix bug in time interval by resetting right begin time
mfd: core: Fix device reference leak in mfd_clone_cell
PM / sleep: fix device reference leak in test_suspend
mmc: mxs: Initialize the spinlock prior to using it
mmc: block: don't use CMD23 with very old MMC cards
pstore/core: drop cmpxchg based updates
pstore/ram: Use memcpy_toio instead of memcpy
pstore/ram: Use memcpy_fromio() to save old buffer
mb86a20s: fix the locking logic
mb86a20s: fix demod settings
cx231xx: don't return error on success
cx231xx: fix GPIOs for Pixelview SBTVD hybrid
gpio: mpc8xxx: Correct irq handler function
uio: fix dmem_region_start computation
KEYS: Fix short sprintf buffer in /proc/keys show function
hv: do not lose pending heartbeat vmbus packets
staging: iio: ad5933: avoid uninitialized variable in error case
mei: bus: fix received data size check in NFC fixup
ACPI / APEI: Fix incorrect return value of ghes_proc()
PCI: Handle read-only BARs on AMD CS553x devices
tile: avoid using clocksource_cyc2ns with absolute cycle count
dm flakey: fix reads to be issued if drop_writes configured
mm,ksm: fix endless looping in allocating memory when ksm enable
can: dev: fix deadlock reported after bus-off
hwmon: (adt7411) set bit 3 in CFG1 register
mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]
mfd: 88pm80x: Double shifting bug in suspend/resume
ASoC: omap-mcpdm: Fix irq resource handling
regulator: tps65910: Work around silicon erratum SWCZ010
dm: mark request_queue dead before destroying the DM device
fbdev/efifb: Fix 16 color palette entry calculation
metag: Only define atomic_dec_if_positive conditionally
Linux 3.10.105
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
arch/arm/mach-sa1100/generic.c
arch/arm64/kernel/traps.c
crypto/blkcipher.c
drivers/devfreq/devfreq.c
drivers/usb/dwc3/gadget.c
drivers/usb/gadget/u_ether.c
fs/ubifs/dir.c
include/net/if_inet6.h
lib/genalloc.c
net/ipv6/addrconf.c
net/ipv6/tcp_ipv6.c
net/wireless/scan.c
sound/core/timer.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJWqv2IAAoJEDjbvchgkmk+180QAKqYrypT3cyClNOHGRFRaxID
Sxo8S9tr8apxaIeP/nfZH3fYXyoadKBwxet15PNYwGVex3jBIVO0M0kspNPu9guG
ogM0hf558EiWpdN5kydwCyN2ukJkhPP9r1ZQ5T84UcqflIboLDYXksqW1w8JX7wm
dumt8kbbnN42e9S1bXD79CRaBB+dkNBTg0fdfpCi7pOQvUQD9DAs/j6XM1ZkOouX
P+/vnIWbRwzbVqlJSaWNfBotlNsydosazJD9lg8iFIRDpVGJPKYbDMP2MPpyrmyA
mesNRIy0wD9cixXW6jMS3fkSOY27N5hZIYYVPWQ8vfCcooTej4GHw37C7Inlh8z6
iWf/sy1Hu+vniJKAr0BD86ocZxnaMv//BQtwCJZv3TfuQ93QkaRmEznEnCHYGN4M
thoaS7oYGfrJnsHKkh913Kr3K7QuvyFttOE058PloYzJbCPV+YVRa/UGyuR6qOCl
SbuSMXDdUDcf/Wznr6S6p6T2GIfM8GYvfm7hzIYwHpClCQpDR3lRdonDAg82mdMh
YCNbEZQ32+l8idBX/YG97MskMD869237yh4MLUUWoxLTbevAblkYSt81WuDO4Gya
PcWcB+zH4t2Y25W9yVoTKmaJSJPhT4ngNFSy7V8zKgVG2Vmz4YIuLRhd6N2/fGcd
FVSXw7uHZhrn+SEl+L6W
=tiwo
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqcPkACgkQmXOSYMts
txZ4uw/9Hej/LcL0HWcjPVYvTS/aESazHijvR4eX/nQwC5d01JjVprP63xk58W5W
qv/6hobuEiS/L3nlvTEleQ+NXmEFnt0SXme5bBYHl/BeWwHSd5fPQpOcPm/Wul39
L1SuaNcLkf/+dW8asr5X6R0zUrPRaUhAmIwaRy79u/vr/tdJoTygAt5xRWxYZYLT
etUYPpZPKNm5UVZ0Zb0ppJlTrQWJPRpuhsM9hXoL37fPOk7yDbXXzmfo4VkHrFVm
8RM7PZIa4rVkN6rH2cZyH3aPj11CRB2VHe09Zj/by86rgXFEbccO70MwPoE66w4Z
Q7rdAo6rx0MErcTAp/zx27IcFiQD9xfeDqbWG8By5CwaEACu2PwW2jl4FTy4UY2B
sFX05SKFnJE/tWuQCictvlJ2QMIoJCb5VLv3bjmaco2/hnrn2aPvfMReXVthWXlx
WkUNw9LoP8f4OC2v6I+SnliN9QM1JBQ3u2cEEF2ul8wksPFsRTBUqQhXtdoUFexO
TThtRmSkpbXe8ZHIaIFVnQWiUO28Z50lkZo+axLH+soxNVWUJD2MgzjKMLj70a9k
2PR9gZIC9UBLGtnQm3hWommFFWCCUhfGtnWY77SRrE5CuyI00c4qmWAQRfFpa+nM
1DWw8fIv9w7t+RJ+xxs3umwXcwBKQ8EMUMsyZhnvoFgFqy93ZYg=
=QpjP
-----END PGP SIGNATURE-----
Merge 3.10.96 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.96: (54 commits)
af_unix: fix incorrect revert of 'lock_interruptible' in stream receive code
x86/signal: Fix restart_syscall number for x32 tasks
xen/gntdev: Grant maps should not be subject to NUMA balancing
x86/xen: don't reset vcpu_info on a cancelled suspend
KVM: PPC: Book3S HV: Prohibit setting illegal transaction state in MSR
x86/reboot/quirks: Add iMac10,1 to pci_reboot_dmi_table[]
x86/boot: Double BOOT_HEAP_SIZE to 64KB
ipmi: move timer init to before irq is setup
ALSA: hda - Add Intel Lewisburg device IDs Audio
ALSA: hda - Apply pin fixup for HP ProBook 6550b
ALSA: rme96: Fix unexpected volume reset after rate changes
ALSA: hda - Add inverted dmic for Packard Bell DOTS
ALSA: hda - Set SKL+ hda controller power at freeze() and thaw()
ALSA: hda/realtek - Fix silent headphone output on MacPro 4,1 (v2)
ALSA: seq: Fix missing NULL check at remove_events ioctl
ALSA: seq: Fix race at timer setup and close
ALSA: timer: Harden slave timer list handling
ALSA: timer: Fix race among timer ioctls
ALSA: timer: Fix double unlink of active_list
ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode
ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode
ALSA: hrtimer: Fix stall by hrtimer_cancel()
ALSA: control: Avoid kernel warnings from tlv ioctl with numid 0
ASoC: wm8962: correct addresses for HPF_C_0/1
ASoC: arizona: Fix bclk for sample rates that are multiple of 4kHz
ASoC: compress: Fix compress device direction check
usb: xhci: fix config fail of FS hub behind a HS hub with MTT
USB: ipaq.c: fix a timeout loop
USB: cp210x: add ID for ELV Marble Sound Board 1
xhci: refuse loading if nousb is used
veth: don’t modify ip_summed; doing so treats packets with bad checksums as good.
ipv6/addrlabel: fix ip6addrlbl_get()
sctp: sctp should release assoc when sctp_make_abort_user return NULL in sctp_close
connector: bump skb->users before callback invocation
unix: properly account for FDs passed over unix sockets
bridge: Only call /sbin/bridge-stp for the initial network namespace
net: possible use after free in dst_release
tcp_yeah: don't set ssthresh below 2
phonet: properly unshare skbs in phonet_rcv()
isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
ppp, slip: Validate VJ compression slot parameters completely
team: Replace rcu_read_lock with a mutex in team_vlan_rx_kill_vid
powerpc/tm: Block signal return setting invalid MSR state
powerpc: Make value-returning atomics fully ordered
powerpc: Make {cmp}xchg* and their atomic_ versions fully ordered
scripts/recordmcount.pl: support data in text section on powerpc
arm64: fix building without CONFIG_UID16
arm64: Clear out any singlestep state on a ptrace detach operation
arm64: mm: ensure that the zero page is visible to the page table walker
parisc iommu: fix panic due to trying to allocate too large region
HID: core: Avoid uninitialized buffer access
openrisc: fix CONFIG_UID16 setting
mn10300: Select CONFIG_HAVE_UID16 to fix build failure
Linux 3.10.96
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
arch/mn10300/Kconfig
sound/core/timer.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJV0Vp+AAoJEDjbvchgkmk+wA0QAMiAQ5gDcDz8kX1SwFhXTsfW
8iTP1WX3/KzcCxj0lCToYvtjXfBZhG9rwvuW9iFR5XR8H5thCfOvAVyDiZa6pMXq
7dDePoUjEvGaA6HXYY4PQJIGs3V1/D+jY/+WOTTSOTxotOi53fONl9ouMF4AS3uH
QOpG2OWksWLiJkcX+5Y6aAEvAHUZUuTG/QKTf+PeDeouImpS4nuoV3gpThBPSjol
1COXBmYNo2EHbxGYl8YyxMMLg9EVcFiE4rJ4v0h7Bbf/PrnIlB3B8+HCqDmxcjxS
xNdu7fonRjCpOwK6/n4miT1Yz/duYZCpqy2S/UStnaEp/Hb6fl/grYjOm/rymLCI
A/aF0AWtvNjsvrQEhwxpLwKhl7G5+sr2bktgHJ48T1U3q3QX7c1rVnbrFkm3rd9n
nBdDj2uYtV+InLRXn5I/nZLUSBVn69QWHqgCQJ49NYOcbPVfFSyAL8pxlT6iNZF9
zM1XYYYu0xe0+8ksP4lNaKW6QUynwdt6bTLxuIoFYSenGyORMX1+BPB9ZPEdzgR3
bhNBzYoeUaeAQLGcJf/gBY1OO4pCdS1FyJ6MEezdV8PYJq0nC8+JAk6g/mmGsQ9E
OPOgUvSX25DyT8EV7+kK+GyznRRXgONH6VeiztFo5/qyvtHLVRsm4KpKKEXBIu2M
na/mDPP+BoM9iqf37bH7
=+8i5
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqb7MACgkQmXOSYMts
txbS5hAAoeL9avyJMndskluUqSiHw58h+Gm9b6cPpx+ICddShseM47fgnKBocHot
+FarBZgexDeuG0gK0EbfHM1LFghL+ywsnDzFrvy8wbV4CT4H5lzsr3aSB0HC84r+
J/tWoCG0uSB2/oJJiBEOUisEMFdI1ZV3pyNz+L2MoIsWdC+Q8pWOW7OxeOlgDa7f
S1PO8tQZGyeg0XUvQ59pKY3EGc+2VSDO1M6K8i7ITc2ViU+so/rEKnmb9x5ATEFi
DAJbe+UvAqt1vXgHm1hBStJihvGebFMvRHSy+mI82ElnRZ4KtZKJquPM7tAHSjbP
DxgDi0Zlgu6XExqawm8uHwWv+jgLquL7YZqpK2BRFE2fmSNpJE8TDgElV4sHM0Zs
8obYp87ELSMhV+fkQSEstuLk7Lpb2b7H4MwCQnMxfESEA/Y+F8e38VZ+x5lbHC8S
y9wVQpTohkLx5CaKEvs+QuI6SYxJE86/bYQV+LKc0MWwAN8QyQlC5QzUdVyc/omJ
5o0hHXbAIJItMmE8g0zWEDlkL6QOFmd6+aHLJ0yhcBtA8I28+HcRHT4J9HMGelpz
2/ZbcIRDRdAcd2AHQ/OpSg0CjT3iImh4z45QCFnBeJ+v1c2j/43MTgLZdD4vqu99
r6OaPz6dVWDKup2Jk62XVSvYxaDMaBerFh/z+UCfSh1SCJXBBNM=
=Pdd4
-----END PGP SIGNATURE-----
Merge 3.10.87 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.87: (36 commits)
ARM: realview: fix sparsemem build
MIPS: Fix sched_getaffinity with MT FPAFF enabled
MIPS: Make set_pte() SMP safe.
fsnotify: fix oops in fsnotify_clear_marks_by_group_flags()
drm/radeon/combios: add some validation of lvds values
ipr: Fix locking for unit attention handling
ipr: Fix incorrect trace indexing
ipr: Fix invalid array indexing for HRRQ
xhci: fix off by one error in TRB DMA address boundary check
USB: sierra: add 1199:68AB device ID
md: use kzalloc() when bitmap is disabled
ipmi: fix timeout calculation when bmc is disconnected
mfd: sm501: dbg_regs attribute must be read-only
perf/x86/amd: Rework AMD PMU init code
sparc64: Fix FPU register corruption with AES crypto offload.
sparc64: Fix userspace FPU register corruptions.
x86/xen: Probe target addresses in set_aliased_prot() before the hypercall
xen/gntdevt: Fix race condition in gntdev_release()
crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer
rbd: fix copyup completion race
iscsi-target: Fix iscsit_start_kthreads failure OOPs
ALSA: hda - fix cs4210_spdif_automute()
ipc: modify message queue accounting to not take kernel data structures into account
ocfs2: fix BUG in ocfs2_downconvert_thread_do_work()
md/raid1: extend spinlock to protect raid1_end_read_request against inconsistencies
sg_start_req(): make sure that there's not too many elements in iovec
ARM: Fix !kuser helpers case
ARM: Fix FIQ code on VIVT CPUs
ARM: 7819/1: fiq: Cast the first argument of flush_icache_range()
signalfd: fix information leak in signalfd_copyinfo
signal: fix information leak in copy_siginfo_to_user
signal: fix information leak in copy_siginfo_from_user32
kvm: x86: fix kvm_apic_has_events to check for NULL pointer
md/bitmap: return an error when bitmap superblock is corrupt.
mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations
Linux 3.10.87
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
mm/vmscan.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJVv5fSAAoJEDjbvchgkmk+cCEP/08rxgFQc0/T4NHeojs8WJHm
lJKa+EqW9zEPiuCQ9b+MpXHHnvvwCLQ/aSW0f4kg6795jXW9xmea0iUDiGHV8sck
3M6Mg4rnrpOxfDUQYf6n1ajOGCtyCunjbekSD+qt5+gyjmj7Zn1xU+1iuyvaFouY
mnEH5VdBpOLkYLLH5mz996yFi95cSUrXUDNWEybUG0ce+T5rAPmwrzoqs6VAQ+8f
sPHYtWCY1Rdnww203L02Ske57GXk/yikEbEqTruVjg4i43XANfMUOYPZ6gfQV12J
Rzfb54XhXkMfgH5BYirKcAy3h/CMqw0AlxRWazyrJGshSIlw4Ftznrr1q9ba2720
4haXDmc5apJ0FG1Xl63+zhpQvJgKPAJ/BrFUqM7nQC4+IkcWNGfslygJCUcnoizT
SlmohUSYyeFZtqKtr5uO7FIVP6M73g7ZBDGOgWjWXTuFlqVCEM+14Tn/2acIBuBU
R5/c+ZNEjm/XQXHdHJIPNztG+hDxhHTrCtG8MwVabC+/2IjMyzJZFctEErKC7jI4
+n4TG2SfU06ypVHFRmhCc7xRrC29W0GYQ2nMgWVslL2E2cT3ttZeQA0osOT7vvtO
CgNZFub/bWXvhh9yeKeWr2tRijCcnjH4tK0Tf9SuY+JYz3lIkQb9MdaScuZKxl2g
mwDqJkXxXNwaNI6KeL09
=OvlT
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqbtgACgkQmXOSYMts
txZsgQ/6AsdHDYDrjM4MPw0EGej1oLq3QlYuCfRSFhtPYVPimDZJ7uc+8s5Cx143
M1ifgn9ZFXhteg0sMnwbV410CXaqc/4WZWnj0yMpTsP/SoMWPs/3gJhc+9wYnFvD
nP95ykDsH/vXlMyLjreQTZaRRhUWhMjJ8zTkzC+HaPw71B6k+KKBDEwdkxgu8u7p
TihWxAjqKULv41on088TdzX33lBsFD57z9JASjC27gxtlxBdYZsU3ZR1LiYHrXSb
Mc9CiETcj7reBQZzLo+IkLQK5S3WxMo/wMAUGh+20i4iEn07HGymsSgg1YsjtJ/a
aSmnqwPnGdcipM+RY0G4pGV4bit6OUp5La32rXnFGpp7JTYebp3C5f2NJGs/I7HY
KVwhmbS9lfHA8fpS6IG/WF/by9DsR/VTenBkCX3sQ3fggnkmIDceVv+TdnaITik0
/edZYK3vhENXfzeP1ZzpxE5husF9s63RwoStMvrEJot406KN72EBkrXcr0r2Jx/t
gzq+HSua929RjwE6MNMRMXPgGZA0if7JoWMXnBVHfWDFzvjgq68nI406imPN4ENM
kPJhclaHI+sgedO3PXlmnVSa44re37PQlUlQkmGGJjIRjWeI/GOC78+StDvRiJnn
4rj30RgwOJPvYTCpFPCjwNlkBlBPw79XiHaqIR5uU7uMCqhZ4E4=
=xdrR
-----END PGP SIGNATURE-----
Merge 3.10.85 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.85: (90 commits)
ipr: Increase default adapter init stage change timeout
Disable write buffering on Toshiba ToPIC95
ALSA: hda - Add headset support to Acer Aspire V5
ALSA: hda - Fix the dock headphone output on Fujitsu Lifebook E780
ARC: add compiler barrier to LLSC based cmpxchg
arm64: Do not attempt to use init_mm in reset_context()
arm64: mm: Fix freeing of the wrong memmap entries with !SPARSEMEM_VMEMMAP
arm64: vdso: work-around broken ELF toolchains in Makefile
cpuidle / menu: Return (-1) if there are no suitable states
regmap: Fix regmap_bulk_read in BE mode
regulator: core: fix constraints output buffer
spi: pl022: Specify 'num-cs' property as required in devicetree binding
mtd: fix: avoid race condition when accessing mtd->usecount
mtd: dc21285: use raw spinlock functions for nw_gpio_lock
pinctrl: mvebu: armada-370: fix spi0 pin description
pinctrl: mvebu: armada-xp: remove non-existing NAND pins
pinctrl: mvebu: armada-xp: remove non-existing VDD cpu_pd functions
pinctrl: mvebu: armada-xp: fix functions of MPP48
Bluetooth: btusb: Fix memory leak in Intel setup routine
ath9k: fix DMA stop sequence for AR9003+
staging: rtl8712: prevent buffer overrun in recvbuf2recvframe
ext4: fix race between truncate and __ext4_journalled_writepage()
ext4: call sync_blockdev() before invalidate_bdev() in put_super()
ext4: don't retry file block mapping on bigalloc fs with non-extent file
ext4: fix reservation release on invalidatepage for delalloc fs
ext4: be more strict when migrating to non-extent based file
ext4: correctly migrate a file with a hole at the beginning
ext4: replace open coded nofail allocation in ext4_free_blocks()
jbd2: use GFP_NOFS in jbd2_cleanup_journal_tail()
jbd2: fix ocfs2 corrupt when updating journal superblock fails
i2c: at91: fix a race condition when using the DMA controller
iio: DAC: ad5624r_spi: fix bit shift of output data value
af9013: Don't accept invalid bandwidth
s5h1420: fix a buffer overflow when checking userspace params
cx24116: fix a buffer overflow when checking userspace params
ASoC: wm8737: Fixup setting VMID Impedance control register
ASoC: wm8955: Fix setting wrong register for WM8955_K_8_0_MASK bits
ASoC: wm8903: Fix define for WM8903_VMID_RES_250K
ASoC: wm8960: the enum of "DAC Polarity" should be wm8960_enum[1]
libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for HP 250GB SATA disk VB0250EAVER
libata: increase the timeout when setting transfer mode
usb: dwc3: gadget: return error if command sent to DGCMD register fails
usb: dwc3: gadget: return error if command sent to DEPCMD register fails
usb: dwc3: Reset the transfer resource index on SET_INTERFACE
USB: devio: fix a condition in async_completed()
USB: cp210x: add ID for Aruba Networks controllers
USB: option: add 2020:4000 ID
usb: xhci: Bugfix for NULL pointer deference in xhci_endpoint_init() function
dm btree remove: fix bug in redistribute3
dm btree: silence lockdep lock inversion in dm_btree_del()
mmc: block: Add missing mmc_blk_put() in power_ro_lock_show()
drm/qxl: Do not cause spice-server to clean our objects
drm/radeon: take the mode_config mutex when dealing with hpds (v2)
drm/radeon: Don't flush the GART TLB if rdev->gart.ptr == NULL
drm: add a check for x/y in drm_mode_setcrtc
xfs: fix remote symlinks on V5/CRC filesystems
vTPM: set virtual device before passing to ibmvtpm_reset_crq
libata: add ATA_HORKAGE_NOTRIM
libata: force disable trim for SuperSSpeed S238
tracing/filter: Do not WARN on operand count going below zero
tracing/filter: Do not allow infix to exceed end of string
tracing: Have branch tracer use recursive field of task struct
dmaengine: mv_xor: bug fix for racing condition in descriptors cleanup
hwmon: (mcp3021) Fix broken output scaling
md: fix a build warning
Btrfs: use kmem_cache_free when freeing entry in inode cache
fuse: initialize fc->release before calling it
crush: fix a bug in tree bucket decode
ACPICA: Tables: Fix an issue that FACS initialization is performed twice
iscsi-target: Convert iscsi_thread_set usage to kthread.h
iser-target: Fix possible deadlock in RDMA_CM connection error
iser-target: release stale iser connections
mmc: card: Fixup request missing in mmc_blk_issue_rw_rq
__bitmap_parselist: fix bug in empty string handling
mac80211: prevent possible crypto tx tailroom corruption
USB: usbfs: allow URBs to be reaped after disconnection
watchdog: omap: assert the counter being stopped before reprogramming
NFS: Fix size of NFSACL SETACL operations
fixing infinite OPEN loop in 4.0 stateid recovery
nfs: increase size of EXCHANGE_ID name string buffer
SUNRPC: Fix a memory leak in the backchannel code
9p: forgetting to cancel request on interrupted zero-copy RPC
9p: don't leave a half-initialized inode sitting around
rbd: use GFP_NOIO in rbd_obj_request_create()
agp/intel: Fix typo in needs_ilk_vtd_wa()
hpfs: hpfs_error: Remove static buffer, use vsprintf extension %pV instead
Fix firmware loader uevent buffer NULL pointer dereference
qla2xxx: Mark port lost when we receive an RSCN for it.
MIPS: KVM: Do not sign extend on unsigned MMIO load
Linux 3.10.85
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
drivers/usb/dwc3/gadget.c
Currently, while de-initializing clients, there is
a possibility of using already freed memory. The
patch adds proper protection to fix the issue.
CRs-Fixed: 2068569
Bug: 68870904
Change-Id: I4b397a82e03fa2f1c84cfa8ca912cdb6a51ba08b
Signed-off-by: Mohit Aggarwal <maggarwa@codeaurora.org>
Unserialized access to diag_dbgfs_dci_data_index can lead to
heap overflow. Add mutex protection while updating the
diag_dbgfs_dci_data_index.
Bug: 70237704
Change-Id: Iee9d0447494e3576e6293afcd4d7611bc429aa8a
Signed-off-by: Sreelakshmi Gownipalli <sgownipa@codeaurora.org>
Currently, protection is missing when querying event
status due to which already removed dci client entry
might be accessed. This patch takes care of issue by
taking proper locking.
CRs-Fixed: 2015892
Bug: 62378232
Change-Id: I4195c4c6198d85e96559f1728d74419527a76bc5
Signed-off-by: Mohit Aggarwal <maggarwa@codeaurora.org>
Currently while extracting events and logs information from
the data read over peripherals, the clients details are accessed
without mutex protection. As the client access may happen from
multiple context, mutex protection is needed. This patch
resolves the same.
Bug: 62378232
Change-Id: I9bd115e1cd9eebc625f4a68854d554ff874d866d
Signed-off-by: Katish Paran <kparan@codeaurora.org>
Currently, while de-initializing dci clients, there is
a possibility to access stale entries. This patch fixes
this issue by adding proper protection mechanism.
CRs-Fixed: 961469
Bug: 62378232
Change-Id: I829c9497eeb356662a6531592c66108e615ce6e4
Signed-off-by: Mohit Aggarwal <maggarwa@codeaurora.org>
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
This fix removes dependency between real time message mask
table and build time message mask table. Also this fix
synchronizes retrieval and modification of real time message
mask table
CRs-Fixed: 2015227
Bug: 62378962
Change-Id: Id0a0964337ec4645d7061fc35120dfa061a990ff
Signed-off-by: Gopikrishna Mogasati <gmogas@codeaurora.org>
Signed-off-by: Paresh Purabhiya <ppurab@codeaurora.org>
Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>
(cherry picked from commit ec46adf67ac36ab39feff508f6ec42cb703b8571)
commit c4baad50297d84bde1a7ad45e50c73adae4a2192 upstream.
put_chars() stuffs the buffer it gets into an sg, but that buffer may be
on the stack. This breaks with CONFIG_VMAP_STACK=y (for me, it
manifested as printks getting turned into NUL bytes).
Signed-off-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Brad Spengler <spender@grsecurity.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit a4866aa812518ed1a37d8ea0c881dc946409de94 upstream.
Under CONFIG_STRICT_DEVMEM, reading System RAM through /dev/mem is
disallowed. However, on x86, the first 1MB was always allowed for BIOS
and similar things, regardless of it actually being System RAM. It was
possible for heap to end up getting allocated in low 1MB RAM, and then
read by things like x86info or dd, which would trip hardened usercopy:
usercopy: kernel memory exposure attempt detected from ffff880000090000 (dma-kmalloc-256) (4096 bytes)
This changes the x86 exception for the low 1MB by reading back zeros for
System RAM areas instead of blindly allowing them. More work is needed to
extend this to mmap, but currently mmap doesn't go through usercopy, so
hardened usercopy won't Oops the kernel.
Reported-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Tested-by: Tommi Rantala <tommi.t.rantala@nokia.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Brad Spengler <spender@grsecurity.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit f2cfa58b136e4b06a9b9db7af5ef62fbb5992f62 upstream.
Without a bool string present, using "# CONFIG_DEVPORT is not set" in
defconfig files would not actually unset devport. This esnured that
/dev/port was always on, but there are reasons a user may wish to
disable it (smaller kernel, attack surface reduction) if it's not being
used. Adding a message here in order to make this user visible.
Signed-off-by: Max Bires <jbires@google.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 3e21f4af170bebf47c187c1ff8bf155583c9f3b1 upstream.
The lp_setup() code doesn't apply any bounds checking when passing
"lp=none", and only in this case, resulting in an overflow of the
parport_nr[] array. All versions in Git history are affected.
Reported-By: Roee Hay <roee.hay@hcl.com>
Cc: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 309124e2648d668a0c23539c5078815660a4a850 upstream.
According to full-history-linux commit d3794f4fa7c3edc3 ("[PATCH] M68k
update (part 25)"), port operations are allowed on m68k if CONFIG_ISA is
defined.
However, commit 153dcc54df ("[PATCH] mem driver: fix conditional
on isa i/o support") accidentally changed an "||" into an "&&",
disabling it completely on m68k. This logic was retained when
introducing the DEVPORT symbol in commit 4f911d64e0 ("Make
/dev/port conditional on config symbol").
Drop the bogus dependency on !M68K to fix this.
Fixes: 153dcc54df ("[PATCH] mem driver: fix conditional on isa i/o support")
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Tested-by: Al Stone <ahs3@redhat.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry pick from commit 309124e2648d668a0c23539c5078815660a4a850)
According to full-history-linux commit d3794f4fa7c3edc3 ("[PATCH] M68k
update (part 25)"), port operations are allowed on m68k if CONFIG_ISA is
defined.
However, commit 153dcc54df ("[PATCH] mem driver: fix conditional
on isa i/o support") accidentally changed an "||" into an "&&",
disabling it completely on m68k. This logic was retained when
introducing the DEVPORT symbol in commit 4f911d64e0 ("Make
/dev/port conditional on config symbol").
Drop the bogus dependency on !M68K to fix this.
Fixes: 153dcc54df ("[PATCH] mem driver: fix conditional on isa i/o support")
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Tested-by: Al Stone <ahs3@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 37210310
Bug: 36604779
Change-Id: I9139bd8a5a6e9e39c2e428bde23a7d9be07e2f91
Without a bool string present, using "# CONFIG_DEVPORT is not set" in
defconfig files would not actually unset devport. This ensured that
/dev/port was always on, but there are reasons a user may wish to
disable it (smaller kernel, attack surface reduction) if it's not being
used. Adding a message here in order to make this user visible.
Bug: 36604779
Change-Id: Iab41b5c1ba44e9e52361fbfd8b1863b88eee417b
Signed-off-by: Max Bires <jbires@google.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Bug: 33301618
The buffer length that is being passed could result in overflow
condition causing invalid memory to be accessed.
Bug: 34112914
CRs-Fixed: 1110747
Change-Id: I3e23f31b8cb61f8e77d09a39fab4a2d4c222cf25
Signed-off-by: Sathish Ambley <sathishambley@codeaurora.org>
Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org>
Signed-off-by: Siqi Lin <siqilin@google.com>
(cherry picked from commit ded48b4476bc53662791a4f5fdf5152b63490b5d)
commit ad8529fde9e3601180a839867a8ab041109aebb5 upstream.
Currently omap-rng checks the return value of pm_runtime_get_sync and
reports failure if anything is returned, however it should be checking
if ret < 0 as pm_runtime_get_sync return 0 on success but also can return
1 if the device was already active which is not a failure case. Only
values < 0 are actual failures.
Fixes: 61dc0a446e5d ("hwrng: omap - Fix assumption that runtime_get_sync will always succeed")
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 61dc0a446e5d08f2de8a24b45f69a1e302bb1b1b upstream.
pm_runtime_get_sync does return a error value that must be checked for
error conditions, else, due to various reasons, the device maynot be
enabled and the system will crash due to lack of clock to the hardware
module.
Before:
12.562784] [00000000] *pgd=fe193835
12.562792] Internal error: : 1406 [#1] SMP ARM
[...]
12.562864] CPU: 1 PID: 241 Comm: modprobe Not tainted 4.7.0-rc4-next-20160624 #2
12.562867] Hardware name: Generic DRA74X (Flattened Device Tree)
12.562872] task: ed51f140 ti: ed44c000 task.ti: ed44c000
12.562886] PC is at omap4_rng_init+0x20/0x84 [omap_rng]
12.562899] LR is at set_current_rng+0xc0/0x154 [rng_core]
[...]
After the proper checks:
[ 94.366705] omap_rng 48090000.rng: _od_fail_runtime_resume: FIXME:
missing hwmod/omap_dev info
[ 94.375767] omap_rng 48090000.rng: Failed to runtime_get device -19
[ 94.382351] omap_rng 48090000.rng: initialization failed.
Fixes: 665d92fa85 ("hwrng: OMAP: convert to use runtime PM")
Cc: Paul Walmsley <paul@pwsan.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[wt: adjusted context for pre-3.12-rc1 kernels]
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 48a61e1e2af8020f11a2b8f8dc878144477623c6 upstream.
Add proper error path (for disabling runtime PM) when registering of
hwrng fails.
Fixes: b329669ea0 ("hwrng: exynos - Add support for Exynos random number generator")
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Hardik Arya