SSM driver is not enabled and hence needs deprecation.
Remove all the SSM driver references.
CRs-Fixed: 2268386
Change-Id: I02f82817023d2fcc6d05a2f0d7eb3aec8f60a7d5
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
CVE-2018-12010
Needed for easy switching to 300HZ kernel. some drivers need there 100HZ.
[CertifiedBlyndGuy]:
* Also convert a couple to a 1000HZ basis. 3.18 uses higher calculations
in some cases that might prove beneficial
Signed-off-by: Joe Maples <joe@frap129.org>
Added mutex lock to query rt table function also to sync
with other ioctl calls in ipa.
Change-Id: I65d46c0ef28b5e6260c92473fd15e9763de20146
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Signed-off-by: Joe Maples <joe@frap129.org>
SPS driver does not support manual bind/unbind operations
through sysfs. Suppress the bind/unbind nodes. Do not free
SPS struct in sps_device_de_init since it is being done in
sps_exit, and also to avoid use-after-free.
Bug: 114042002
Change-Id: If6da6c5fb9d1a44d0420c6151f7f9d0a33cb2d04
Signed-off-by: Siva Kumar Akkireddi <sivaa@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCW48UjgAKCRDorT+BmrEO
eM3uAJ4rqJ3N9CFF8T0r6BvCBvqWGJ4tHACcDYFq1SGprHRkbQsHWKKPLhfg/As=
=1a/f
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAluPGGkACgkQmXOSYMts
txaO6xAAmpz1MVhqTLXIrUJCDKP3jVeqFhW6jgAoFVwbGUS+lpuOz91NMxeFw32e
9z3EgZqutxsO41AIogn4x2cx8YrwSL1IlXscMiIVCSJnppB0ZLJ/Pkt6j5r/T2fT
5cFuW1Tj9mXzP/YJeCbO+6V1nxA5qs1Ihoac44qrSg22VZnjyW8SuljYuzDEpNMj
HzIXnOc7qWs7WdhgUdT2I9cF5jzAQ2SvADGalsq14spKTAXlPPOb69YnFHj3ynts
QS5mWtcFUpeqnK0WhCISw05IeSmXWnKNF55yJOMqk+yn6X1epRxZNHqnAp6E06x8
Ri356+glNfQAaq7A1vJprDhCgQZgNJep47pfqsZTwLhuuzjKNv932OZRXQSB1Qyu
6XgBOX9B1OZKrfKGMtBu+OgBLJufyOIpt6ATp+3QOvTu9dGBkw/rH1eHaYgqhCT3
3qYiAnveDUBHd98xuixygwhmBBf4rpquQNotYaIr6yFDXcLB/4Qgu40fLcozGOtX
UHaPeJBXVqdxQYkENIPNkghQgEmAub+seLqmV26Kf1q9itw7t3hrH4ZZs+OrpXdn
k4AuGsc4kEtB55dRsXsHOd5iGq+jIwnAcXV4Q8kQf5a4QhtQ7hmwE0V2H0HlImY/
Cdq9HtF4VCluLV7xn4XeyGSeaEknGICctzKm44jmFwvAM4IVICw=
=RwYM
-----END PGP SIGNATURE-----
Merge tag 'android-8.1.0_r0.102' into android-msm-bullhead-3.10
Android 8.1.0 Release 0.102 (OPM6.171019.030.K1,bullhead)
* tag 'android-8.1.0_r0.102':
Revert "arm64: move sp_el0 and tpidr_el1 into cpu_suspend_ctx"
Revert "arm64: Add macro for Cortex A72 primary part number"
Revert "arm64: Delay ELF HWCAP initialisation until all CPUs are up"
Revert "arm64: Move post_ttbr_update_workaround to C code"
Revert "drivers/firmware: Expose psci_get_version through psci_ops structure"
Revert "arm64: Add skeleton to harden the branch predictor against aliasing attacks"
Revert "arm64: Implement branch predictor hardening for cortex A57, A72"
Revert "arm64: PSCI Wrapper for branch predictor flush"
arm64: PSCI Wrapper for branch predictor flush
arm64: Implement branch predictor hardening for cortex A57, A72
arm64: Add skeleton to harden the branch predictor against aliasing attacks
drivers/firmware: Expose psci_get_version through psci_ops structure
arm64: Move post_ttbr_update_workaround to C code
arm64: Delay ELF HWCAP initialisation until all CPUs are up
arm64: Add macro for Cortex A72 primary part number
arm64: move sp_el0 and tpidr_el1 into cpu_suspend_ctx
NFC: llcp: Limit size of SDP URI
qcacld-2.0: Fix UAF in WLAN HDD
qcacld-2.0: Fix OOB write in wma_passpoint_match_event_handler
qcacld-2.0: Fix buffer overflow in ol_rx_in_order_indication_handler
msm: ipa: Fix to handle NULL pointer dereference
ASoC: msm: qdspv2: initialize variables before use
ASoC: msm: qdspv2: add spin lock to protect ac
ANDROID: HID: debug: check length in hid_debug_events_read() before copy_to_user()
voice_svc: Avoid double free in voice_svc driver
qcacld-2.0: Fix UAF in the function wlan_hdd_execute_remain_on_channel
usb: dwc3: dbm: Fix double free in msm_dbm_probe
qcacld-2.0: Resolve possible OOB while posting SET PASSPOINT WMA event
qcacld-2.0: Fix information leak issue during memcpy
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Header entry deleted but same entry pointer using in
routing table not updated. Added checks to confirm
header entry present or not before using it to avoid
null pointer dereference.
Bug: 109741734
Change-Id: Id1d844c60b2dcb0cc7cf18352b78d62fe5a89347
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Check for CAP_NET_ADMIN capability of the user
space application who tries to access rmnet driver IOCTL.
Bug: 36367253
Change-Id: If6bb4b54659306c5103b5e34bf02c7234c851e0a
CRs-Fixed: 2226355
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Floor vote data needs to be protected with mutex lock to
avoid double free of memory due to race condtion.
Bug: 72956941
Change-Id: Ifaa01a14d273ccba6b9463aff3a41c0038b05f06
Signed-off-by: Odelu Kukatla <okukatla@codeaurora.org>
Fix the security issue where mux channel name might
not be null-terminated causing memory access overflow
in ipa wan driver.
Bug: 33967002
Change-Id: Ia27dad8f8400e98ada3778363baa05c3f912d711
Acked-by: Shihuan Liu <shihuanl@qti.qualcomm.com>
Signed-off-by: Skylar Chang <chiaweic@codeaurora.org>
Signed-off-by: Ahmed ElArabawy <arabawy@google.com>
There is a race condition be observed
on global variable num_q6_rule used in
ipa wan-driver. The fix is to add lock
to prevent different threads are accessing
it at the same time.
Bug: 68992477
Change-Id: I7b91b85ceaace0721785d1ac70f78727e2c121f1
Signed-off-by: Skylar Chang <chiaweic@codeaurora.org>
Default IPA header is added or deleted from the driver
directly and not by user space application. This change
prevents adding/deleting it from user application which
may cause inconsistencies in the driver. Also the change
fixes the header reset function to skip on the correct
default header.
Bug: 72957269
Change-Id: Iea0984c86f89d8f8ef53b5e14bb6df42c0bd51e1
CRs-fixed: 2151146
Signed-off-by: Ghanim Fodi <gfodi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCWp3GSgAKCRDorT+BmrEO
eH+BAJ0Z1NF9Qsc8eCHx2GPuLc9Oh4BiuwCeIRJt6qJwTgqwGhBrzLEy4WtvR18=
=Rbhg
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlqd0TEACgkQmXOSYMts
txYuSg/+Nz5WSONRPD1P5fJds0JPlQaT4UUxwJy0QJJQwQLzKdhBObLjZHI07Kwg
wVaJ0QjFd2TP5RGqBI4ACreePkpLZLtY0fNlMFrqJAczU+SCyjrR8jEpwLESFa0W
Uy83dc7+8nNPYo4A2WHW596paXkkf/zzexIYvc0KPBbqbR1MEHxl2M9WQ1FpbDtX
ebzlhPGHxP99n6R2DYFU4Fh4bp1XXP5i0Yp+083HXobkU8L9svdouyGzN3DaC/gh
oy3LS/QOh80V60nl+QuMtlrv2WmGycaWypa5PkYVJO80HVxzJV6Wmw9nioBghgVB
h6kv5UuJRMH6MqUSdqc9WVfeA1ndDwFPdrYn8xuroljKWOBdz7UInblYoT4U2kpR
oYy822xKssqPEyVP48pFP+iN2LwOc7Qr/W5dYRRkg0uTooZWzDhrpvvVgPaddpvU
sKLrI4z2Z4y3/fJJ1BynpL046H4UHFDA7/9m4ehIwK8eX+/QCSi6gEvEtZcU+k+F
czGVR843MKpbcDztGnyw+ml7K2hajkC394syAaLQs+pq/1CUkQ2JoRbukmladTIS
4A7OnSr4Q3kHaZnoV1axvtzCRNkUr3f5VeOMA6IrYSw9dsGGWQ78fy7mp/BgJbcI
Fpt7iRDzIy813oegQz4D9AQ3bqIbBBvWQ3uvRr4EUz1WLYQ+jc0=
=AhfL
-----END PGP SIGNATURE-----
Merge tag 'android-8.1.0_r0.37' into android-msm-bullhead-3.10-oreo-m5
Android 8.1.0 Release 0.36 (OPM5.171019.017,angler)
* tag 'android-8.1.0_r0.37':
qcacld-2.0: Add sanity check to limit mgmt frames data len
qcacld-2.0: Set length of challenge text sent by SAP to 128
BACKPORT: packet: in packet_do_bind, test fanout with bind_lock held
qcacld-2.0: Avoid OEM message overread
msm: sensor: flash: add conditional check for ioctl
msm:ipa: Fix to incorrect structure access
ASoC: msm: qdsp6v2: Set freed pointers to NULL
UPSTREAM: packet: fix tp_reserve race in packet_set_ring
diag: Add protection while de-initializing clients
qcacld-2.0: Fix out-of-bounds access in limProcessActionFrameNoSession
qcacld-2.0: Check for upper bound in P2P NOA event
qcacld-2.0: Check for the max number of P2P NOA descriptors
qcacld-2.0: Check for valid vdev ID in wma_nlo_match_evt_handler
qcacld-2.0: Avoid possible buffer overwrite in wma_process_utf_event
UPSTREAM: USB: serial: console: fix use-after-free after failed setup
UPSTREAM: ALSA: usb-audio: Kill stray URB at exiting
UPSTREAM: ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
UPSTREAM: USB: fix out-of-bounds in usb_set_configuration
UPSTREAM: HID: usbhid: fix out-of-bounds bug
UPSTREAM: USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
UPSTREAM: packet: hold bind lock when rebinding to fanout hook
power: qcom: msm-core: Add mutex lock for ioctl
qcacld-2.0: Fix int overflow in wma_unified_link_peer_stats_event_handler
qcacld-2.0: Check vdev_id against wma->max_bssid
FROMLIST: power: Fix user ptr in EA_LEAKAGE ioctl
diag: Add mutex protection while reading dci debug statistics
qcacld-2.0: Fix Integer overflow with latest framesc_linux tool
qcacld-2.0: Avoid integer overflow in lim_update_ibss_prop_add_ies
qcacld-2.0: Fix the size of array ch_list in sme_set_plm_request
ANDROID: sdcardfs: Add default_normal option
ANDROID: sdcardfs: notify lower file of opens
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJZUiosAAoJEE44bZycYXAvcHYP/1OKMYQB/3G7GfEhMXdlpV31
VjdzUg5X1JOE60anYNopvWQJgDFXMy9mTceUI3axDkfYb5iDFUpRBFEh70ggDL04
bGB/J4n2Linjkj35u+S5P3fK6qBfg9+VDpTfUYPZGB5YjOjmaD06E8InBF8iUuC3
6pkMtQKOptmKOc2hw84PsB3qm9ER2MMa92Lrs1rtcOihEqQMyKjkI/kzogs8XGje
5gMt31VweScZed3d7i1r9tl/DTmzGcpEyVpz/x8gI7Xwi69FeeLy6cWbhK0VOsLA
u7ul9mDa77bUC/jpBzJmIkS8fhzaTyUw8NQbtol9RSSIfzb+mvXyx9Vr7o4LYK2B
P6AekC16x6R8KUED1hfxKdagguRACDfKf91bMAxDCN/PXqITVbk3RxxxH6wHAvOx
Ihf4G5h800/ks6X1oMBYZcbFFbNCUHZjyL7V1M/iy1TrKuRhEtou4Ft3X+gOauLS
CG8VR9Jo1/BAvMaJmy5Hg9RPNoxEMstDi6x3ugD0wH57XHSZ5QmFMBzCbuWR6hWM
q1DvBK/I54BXlsdYU9WySn1hm2gKCNPZ+zGzLTo1l426vme+YjhC5911V7Tv+WHm
lc5FTXWtXGhoAZuNSIGDrlv3Dyq44iMNrqXrhlPmJjWD3Hx4hFGGp2GyHOpK+5+7
7egPk9m1WrhUKzA9m1/M
=InCr
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqfQUACgkQmXOSYMts
txZNghAApD/SW4fTOx6RZFCPVjAP70FfXvZsQYf3Zfp44Ytm2Kax3GIABPuknlI+
IZRAPnXb6KP8DNDdCyGcJ0avI5uw96sXyeZWlDZyeS1WHHizJq3+BLB09zzdegSk
K1dJrobXCYNESmcQMT5diGwqLYkdOs3hh7Ehqut29njwCzVzNG3n43H9F15o9cUZ
6lAM8/Zb6ai+0KgVgwC40QJneVltDEFfXVr6wo/IJXnYNaRCPKQM5lsG09pxxopG
NVSsmUyeJI5bPWEm5vbuBL2JVhaCcMtTfAPHflqbtykE8eSVEWdTeCWPuGWcATB+
2sGp3cVR2W7+4CHpbcnrXolmP/OI3jXHbG1LvyRqg4Iw1jgtZ8wwjCEkdsPz3fED
g2+EtSYl/NLW7N8P4KQV9jzihYIfELBj9HQsEs5aPOstyjyxl12RxJvjw835v5ts
oa7qKQAHIwZsuaB34qK+DjI5coNeKRvDMy5mm0GL3TqmLLFEzSVpaTceGpdvNLi0
6k3RkuJzU0TwAoTShWyYu6AbV+8aHniBQbjzYs5sufRgDy9pjnfWzDqtUM+chTsm
WaxwhpHdpOomwAfZr8/Zaf0xIxP/M99SFKevntE04Ft93P8dKuLqFcNAjQkMdibY
UHrJ67nBllmDtlH8yGO9j4FD89O0QaBX4J3qGyIu5eE73/iibvo=
=J7vi
-----END PGP SIGNATURE-----
Merge 3.10.107 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.107: (270 commits)
Revert "Btrfs: don't delay inode ref updates during log, replay"
Btrfs: fix memory leak in reading btree blocks
ext4: use more strict checks for inodes_per_block on mount
ext4: fix in-superblock mount options processing
ext4: add sanity checking to count_overhead()
ext4: validate s_first_meta_bg at mount time
jbd2: don't leak modified metadata buffers on an aborted journal
ext4: fix fencepost in s_first_meta_bg validation
ext4: trim allocation requests to group size
ext4: preserve the needs_recovery flag when the journal is aborted
ext4: return EROFS if device is r/o and journal replay is needed
ext4: fix inode checksum calculation problem if i_extra_size is small
block: fix use-after-free in sys_ioprio_get()
block: allow WRITE_SAME commands with the SG_IO ioctl
block: fix del_gendisk() vs blkdev_ioctl crash
dm crypt: mark key as invalid until properly loaded
dm space map metadata: fix 'struct sm_metadata' leak on failed create
md/raid5: limit request size according to implementation limits
md:raid1: fix a dead loop when read from a WriteMostly disk
md linear: fix a race between linear_add() and linear_congested()
CIFS: Fix a possible memory corruption during reconnect
CIFS: Fix missing nls unload in smb2_reconnect()
CIFS: Fix a possible memory corruption in push locks
CIFS: remove bad_network_name flag
fs/cifs: make share unaccessible at root level mountable
cifs: Do not send echoes before Negotiate is complete
ocfs2: fix crash caused by stale lvb with fsdlm plugin
ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed()
can: raw: raw_setsockopt: limit number of can_filter that can be set
can: peak: fix bad memory access and free sequence
can: c_can_pci: fix null-pointer-deref in c_can_start() - set device pointer
can: ti_hecc: add missing prepare and unprepare of the clock
can: bcm: fix hrtimer/tasklet termination in bcm op removal
can: usb_8dev: Fix memory leak of priv->cmd_msg_buffer
ALSA: hda - Fix up GPIO for ASUS ROG Ranger
ALSA: seq: Fix race at creating a queue
ALSA: seq: Don't handle loop timeout at snd_seq_pool_done()
ALSA: timer: Reject user params with too small ticks
ALSA: seq: Fix link corruption by event error handling
ALSA: seq: Fix racy cell insertions during snd_seq_pool_done()
ALSA: seq: Fix race during FIFO resize
ALSA: seq: Don't break snd_use_lock_sync() loop by timeout
ALSA: usb-audio: Add QuickCam Communicate Deluxe/S7500 to volume_control_quirks
usb: gadgetfs: restrict upper bound on device configuration size
USB: gadgetfs: fix unbounded memory allocation bug
USB: gadgetfs: fix use-after-free bug
USB: gadgetfs: fix checks of wTotalLength in config descriptors
xhci: free xhci virtual devices with leaf nodes first
USB: serial: io_ti: bind to interface after fw download
usb: gadget: composite: always set ep->mult to a sensible value
USB: cdc-acm: fix double usb_autopm_put_interface() in acm_port_activate()
USB: cdc-acm: fix open and suspend race
USB: cdc-acm: fix failed open not being detected
usb: dwc3: gadget: make Set Endpoint Configuration macros safe
usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci controllers
usb: dwc3: gadget: delay unmap of bounced requests
usb: hub: Wait for connection to be reestablished after port reset
usb: gadget: composite: correctly initialize ep->maxpacket
USB: UHCI: report non-PME wakeup signalling for Intel hardware
arm/xen: Use alloc_percpu rather than __alloc_percpu
xfs: set AGI buffer type in xlog_recover_clear_agi_bucket
xfs: clear _XBF_PAGES from buffers when readahead page
ssb: Fix error routine when fallback SPROM fails
drivers/gpu/drm/ast: Fix infinite loop if read fails
scsi: avoid a permanent stop of the scsi device's request queue
scsi: move the nr_phys_segments assert into scsi_init_io
scsi: don't BUG_ON() empty DMA transfers
scsi: storvsc: properly handle SRB_ERROR when sense message is present
scsi: storvsc: properly set residual data length on errors
target/pscsi: Fix TYPE_TAPE + TYPE_MEDIMUM_CHANGER export
scsi: lpfc: Add shutdown method for kexec
scsi: sr: Sanity check returned mode data
scsi: sd: Fix capacity calculation with 32-bit sector_t
s390/vmlogrdr: fix IUCV buffer allocation
libceph: verify authorize reply on connect
nfs_write_end(): fix handling of short copies
powerpc/ps3: Fix system hang with GCC 5 builds
sg_write()/bsg_write() is not fit to be called under KERNEL_DS
ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it
cred/userns: define current_user_ns() as a function
net: ti: cpmac: Fix compiler warning due to type confusion
tick/broadcast: Prevent NULL pointer dereference
netvsc: reduce maximum GSO size
drop_monitor: add missing call to genlmsg_end
drop_monitor: consider inserted data in genlmsg_end
igmp: Make igmp group member RFC 3376 compliant
HID: hid-cypress: validate length of report
Input: xpad - use correct product id for x360w controllers
Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000
Input: iforce - validate number of endpoints before using them
Input: kbtab - validate number of endpoints before using them
Input: joydev - do not report stale values on first open
Input: tca8418 - use the interrupt trigger from the device tree
Input: mpr121 - handle multiple bits change of status register
Input: mpr121 - set missing event capability
Input: i8042 - add Clevo P650RS to the i8042 reset list
i2c: fix kernel memory disclosure in dev interface
vme: Fix wrong pointer utilization in ca91cx42_slave_get
sysrq: attach sysrq handler correctly for 32-bit kernel
pinctrl: sh-pfc: Do not unconditionally support PIN_CONFIG_BIAS_DISABLE
x86/PCI: Ignore _CRS on Supermicro X8DTH-i/6/iF/6F
qla2xxx: Fix crash due to null pointer access
ARM: 8634/1: hw_breakpoint: blacklist Scorpion CPUs
ARM: dts: da850-evm: fix read access to SPI flash
NFSv4: Ensure nfs_atomic_open set the dentry verifier on ENOENT
vmxnet3: Wake queue from reset work
Fix memory leaks in cifs_do_mount()
Compare prepaths when comparing superblocks
Move check for prefix path to within cifs_get_root()
Fix regression which breaks DFS mounting
apparmor: fix uninitialized lsm_audit member
apparmor: exec should not be returning ENOENT when it denies
apparmor: fix disconnected bind mnts reconnection
apparmor: internal paths should be treated as disconnected
apparmor: check that xindex is in trans_table bounds
apparmor: add missing id bounds check on dfa verification
apparmor: don't check for vmalloc_addr if kvzalloc() failed
apparmor: fix oops in profile_unpack() when policy_db is not present
apparmor: fix module parameters can be changed after policy is locked
apparmor: do not expose kernel stack
vfio/pci: Fix integer overflows, bitmask check
bna: Add synchronization for tx ring.
sg: Fix double-free when drives detach during SG_IO
move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon)
serial: 8250_pci: Detach low-level driver during PCI error recovery
bnx2x: Correct ringparam estimate when DOWN
tile/ptrace: Preserve previous registers for short regset write
sysctl: fix proc_doulongvec_ms_jiffies_minmax()
ISDN: eicon: silence misleading array-bounds warning
ARC: [arcompact] handle unaligned access delay slot corner case
parisc: Don't use BITS_PER_LONG in userspace-exported swab.h header
nfs: Don't increment lock sequence ID after NFS4ERR_MOVED
ipv6: addrconf: Avoid addrconf_disable_change() using RCU read-side lock
af_unix: move unix_mknod() out of bindlock
drm/nouveau/nv1a,nv1f/disp: fix memory clock rate retrieval
crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg
ata: sata_mv:- Handle return value of devm_ioremap.
mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone()
mm, fs: check for fatal signals in do_generic_file_read()
ARC: [arcompact] brown paper bag bug in unaligned access delay slot fixup
sched/debug: Don't dump sched debug info in SysRq-W
tcp: fix 0 divide in __tcp_select_window()
macvtap: read vnet_hdr_size once
packet: round up linear to header len
vfs: fix uninitialized flags in splice_to_pipe()
siano: make it work again with CONFIG_VMAP_STACK
futex: Move futex_init() to core_initcall
rtc: interface: ignore expired timers when enqueuing new timers
irda: Fix lockdep annotations in hashbin_delete().
tty: serial: msm: Fix module autoload
rtlwifi: rtl_usb: Fix for URB leaking when doing ifconfig up/down
af_packet: remove a stray tab in packet_set_ring()
MIPS: Fix special case in 64 bit IP checksumming.
mm: vmpressure: fix sending wrong events on underflow
ipc/shm: Fix shmat mmap nil-page protection
sd: get disk reference in sd_check_events()
samples/seccomp: fix 64-bit comparison macros
ath5k: drop bogus warning on drv_set_key with unsupported cipher
rdma_cm: fail iwarp accepts w/o connection params
NFSv4: fix getacl ERANGE for some ACL buffer sizes
bcma: use (get|put)_device when probing/removing device driver
powerpc/xmon: Fix data-breakpoint
KVM: VMX: use correct vmcs_read/write for guest segment selector/base
KVM: PPC: Book3S PR: Fix illegal opcode emulation
KVM: s390: fix task size check
s390: TASK_SIZE for kernel threads
xtensa: move parse_tag_fdt out of #ifdef CONFIG_BLK_DEV_INITRD
mac80211: flush delayed work when entering suspend
drm/ast: Fix test for VGA enabled
drm/ttm: Make sure BOs being swapped out are cacheable
fat: fix using uninitialized fields of fat_inode/fsinfo_inode
drivers: hv: Turn off write permission on the hypercall page
xhci: fix 10 second timeout on removal of PCI hotpluggable xhci controllers
crypto: improve gcc optimization flags for serpent and wp512
mtd: pmcmsp: use kstrndup instead of kmalloc+strncpy
cpmac: remove hopeless #warning
mvsas: fix misleading indentation
l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
net: don't call strlen() on the user buffer in packet_bind_spkt()
dccp: Unlock sock before calling sk_free()
tcp: fix various issues for sockets morphing to listen state
uapi: fix linux/packet_diag.h userspace compilation error
ipv6: avoid write to a possibly cloned skb
dccp: fix memory leak during tear-down of unsuccessful connection request
futex: Fix potential use-after-free in FUTEX_REQUEUE_PI
futex: Add missing error handling to FUTEX_REQUEUE_PI
give up on gcc ilog2() constant optimizations
cancel the setfilesize transation when io error happen
crypto: ghash-clmulni - Fix load failure
crypto: cryptd - Assign statesize properly
ACPI / video: skip evaluating _DOD when it does not exist
Drivers: hv: balloon: don't crash when memory is added in non-sorted order
s390/pci: fix use after free in dma_init
cpufreq: Fix and clean up show_cpuinfo_cur_freq()
igb: Workaround for igb i210 firmware issue
igb: add i211 to i210 PHY workaround
ipv4: provide stronger user input validation in nl_fib_input()
tcp: initialize icsk_ack.lrcvtime at session start time
ACM gadget: fix endianness in notifications
mmc: sdhci: Do not disable interrupts while waiting for clock
uvcvideo: uvc_scan_fallback() for webcams with broken chain
fbcon: Fix vc attr at deinit
crypto: algif_hash - avoid zero-sized array
virtio_balloon: init 1st buffer in stats vq
c6x/ptrace: Remove useless PTRACE_SETREGSET implementation
sparc/ptrace: Preserve previous registers for short regset write
metag/ptrace: Preserve previous registers for short regset write
metag/ptrace: Provide default TXSTATUS for short NT_PRSTATUS
metag/ptrace: Reject partial NT_METAG_RPIPE writes
libceph: force GFP_NOIO for socket allocations
ACPI: Fix incompatibility with mcount-based function graph tracing
ACPI / power: Avoid maybe-uninitialized warning
rtc: s35390a: make sure all members in the output are set
rtc: s35390a: implement reset routine as suggested by the reference
rtc: s35390a: improve irq handling
padata: avoid race in reordering
HID: hid-lg: Fix immediate disconnection of Logitech Rumblepad 2
HID: i2c-hid: Add sleep between POWER ON and RESET
drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()
drm/vmwgfx: avoid calling vzalloc with a 0 size in vmw_get_cap_3d_ioctl()
drm/vmwgfx: Remove getparam error message
drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
Reset TreeId to zero on SMB2 TREE_CONNECT
metag/usercopy: Drop unused macros
metag/usercopy: Zero rest of buffer from copy_from_user
powerpc: Don't try to fix up misaligned load-with-reservation instructions
mm/mempolicy.c: fix error handling in set_mempolicy and mbind.
mtd: bcm47xxpart: fix parsing first block after aligned TRX
net/packet: fix overflow in check for priv area size
x86/vdso: Plug race between mapping and ELF header setup
iscsi-target: Fix TMR reference leak during session shutdown
iscsi-target: Drop work-around for legacy GlobalSAN initiator
xen, fbfront: fix connecting to backend
char: lack of bool string made CONFIG_DEVPORT always on
platform/x86: acer-wmi: setup accelerometer when machine has appropriate notify event
platform/x86: acer-wmi: setup accelerometer when ACPI device was found
mm: Tighten x86 /dev/mem with zeroing reads
virtio-console: avoid DMA from stack
catc: Combine failure cleanup code in catc_probe()
catc: Use heap buffer for memory size test
net: ipv6: check route protocol when deleting routes
Drivers: hv: don't leak memory in vmbus_establish_gpadl()
Drivers: hv: get rid of timeout in vmbus_open()
ubi/upd: Always flush after prepared for an update
x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs
powerpc: Reject binutils 2.24 when building little endian
net/packet: fix overflow in check for tp_frame_nr
net/packet: fix overflow in check for tp_reserve
tty: nozomi: avoid a harmless gcc warning
hostap: avoid uninitialized variable use in hfa384x_get_rid
gfs2: avoid uninitialized variable warning
net: neigh: guard against NULL solicit() method
sctp: listen on the sock only when it's state is listening or closed
ip6mr: fix notification device destruction
MIPS: Fix crash registers on non-crashing CPUs
RDS: Fix the atomicity for congestion map update
xen/x86: don't lose event interrupts
p9_client_readdir() fix
nfsd: check for oversized NFSv2/v3 arguments
ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram
kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)
tun: read vnet_hdr_sz once
printk: use rcuidle console tracepoint
ipv6: check raw payload size correctly in ioctl
x86: standardize mmap_rnd() usage
x86/mm/32: Enable full randomization on i386 and X86_32
mm: larger stack guard gap, between vmas
mm: fix new crash in unmapped_area_topdown()
Allow stack to grow up to address space limit
Linux 3.10.107
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
arch/x86/mm/mmap.c
drivers/mmc/host/sdhci.c
drivers/usb/host/xhci-plat.c
fs/ext4/super.c
kernel/sched/core.c
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJZQspmAAoJEE44bZycYXAvLXMP/3Uqx7K7dGjHvvhGA4DhnzSp
bGLpjeP1sXXnnd932PN+qkGbl2j/NPjS74DobDqGWnrwxKRzQ21F4YkWJGtb4Pe2
JKcY7y2rbKGcwhpS9qDMkSWuaUKJWF5MAsH08LnCWqlGphGwAH/uPTdqS4iI/CJM
aQvaaITe5SVzvpvpyoCVdHqu8K+Ukraf91mvt7hlmrn9OnqO9us9MWulw5sSXQcd
pM8ZbRkBDE5OFeVnPKJDBY+cR2ML41wekMMwvJWt7uRyrX2i5c7oQVXYoeYE4MKx
Pueb7aG7LQwBUzNJCiZA6PAEFQPwNPCoxHZbAax0D6/JyDWOZukappquzjd6gLDM
+U7mxeFTeNZJ5v9tUcUIOb4GaaFcccS3wdDP23V2N8iM88hFVwJn0RSy/pksX37+
ZNDiEyDeJBjz3kh/Kf40zhFIIrABMozFeX3tpSRVVqXb+T6P9l8Y88O2LGY5FCXK
QBbAC+jC4X4YI+4v+QWImg9mkfTwzZyjyAlfyjPlHVSK9KDP9M6LXpr2+jKS7jOc
ievMOh9ku0HIVuSWGUKZSqjvcF01Bh99tFlX+KqipomwNTwa4hKCLmnOVflF1BPE
8sfD9hvenA0e949kXrURUmqpg6Ujkrbb/lXuD7e2CakCu+XjEMf317R11TyTsHNG
10hsmPsGDVcwbyFOFHS3
=mvzl
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqfEUACgkQmXOSYMts
txbJOQ/+Pce1eBSgjESWKuz0OP9BfAe9RpWFi7lBZ/EgRwJVYEx6jau9EYXAQ7YT
roCIsV6eufhMplYGHJz6EHxK2Hieb1zG9ooX9ss9GxiB6qmqeqC0Slm9EQE15yGT
px3fVz9r86edqjtj7UKK0/n8DJUaFh5LWOymLD3d3/115RYQsl/GowugH9F79PvN
pR+OyXq7srtfCmwdhZ65012Ef10RXqBRv0fCYBH6r+jkMqb7uSDFzdR39Z7k3QFk
AM4+3lTm6EEZ4xZkcMyX3GuQWslpPAlvFdEx43TjdCbseXAqURoppmxvz+Izum75
fy0oOdKl5OSpyZArRkUfZ0MnL6BHGcKxwYV4u1LupwvqPyaUT4yiT5VEUdy9EqJo
Syrr0oSR2lrXqQESdxKkmOZVXyul0nF3Fh1p5QlU1/Id9oskMLYqcXegFyhr2Wyp
+A4ZozljEQ4AGm4dYFdH3w8TcNDttjztYoKf8OXnaCOj3p/SEq84tk4Hm3vpoPvh
5OzsZC3UB9gJ1mXsKOVKLJFCPzmg61KOvwhopfAcC6cyiIIf/MPCneZeOzsavtQX
J+atSNcLVNE3jmrXvUrwxSpZ3KCc3Ti5Q8pD9ni6/B6st2+LO8EXPrS6n2+28nvu
hVpjyCXLbghdmn1mjOGW9lvMQEg/Dupj/ocpCPHJnXpbpM8Mcjo=
=3eAv
-----END PGP SIGNATURE-----
Merge 3.10.106 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.106: (252 commits)
packet: fix race condition in packet_set_ring
crypto: crypto_memneq - add equality testing of memory regions w/o timing leaks
EVM: Use crypto_memneq() for digest comparisons
libceph: don't set weight to IN when OSD is destroyed
KVM: x86: fix emulation of "MOV SS, null selector"
KVM: x86: Introduce segmented_write_std
posix_acl: Clear SGID bit when setting file permissions
tmpfs: clear S_ISGID when setting posix ACLs
fbdev: color map copying bounds checking
selinux: fix off-by-one in setprocattr
tcp: avoid infinite loop in tcp_splice_read()
xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder
KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
KEYS: Change the name of the dead type to ".dead" to prevent user access
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
ext4: fix data exposure after a crash
locking/rtmutex: Prevent dequeue vs. unlock race
m68k: Fix ndelay() macro
hotplug: Make register and unregister notifier API symmetric
Btrfs: fix tree search logic when replaying directory entry deletes
USB: serial: kl5kusb105: fix open error path
block_dev: don't test bdev->bd_contains when it is not stable
crypto: caam - fix AEAD givenc descriptors
ext4: fix mballoc breakage with 64k block size
ext4: fix stack memory corruption with 64k block size
ext4: reject inodes with negative size
ext4: return -ENOMEM instead of success
f2fs: set ->owner for debugfs status file's file_operations
block: protect iterate_bdevs() against concurrent close
scsi: zfcp: fix use-after-"free" in FC ingress path after TMF
scsi: zfcp: do not trace pure benign residual HBA responses at default level
scsi: zfcp: fix rport unblock race with LUN recovery
ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps to it
IB/mad: Fix an array index check
IB/multicast: Check ib_find_pkey() return value
powerpc: Convert cmp to cmpd in idle enter sequence
usb: gadget: composite: Test get_alt() presence instead of set_alt()
USB: serial: omninet: fix NULL-derefs at open and disconnect
USB: serial: quatech2: fix sleep-while-atomic in close
USB: serial: pl2303: fix NULL-deref at open
USB: serial: keyspan_pda: verify endpoints at probe
USB: serial: spcp8x5: fix NULL-deref at open
USB: serial: io_ti: fix NULL-deref at open
USB: serial: io_ti: fix another NULL-deref at open
USB: serial: iuu_phoenix: fix NULL-deref at open
USB: serial: garmin_gps: fix memory leak on failed URB submit
USB: serial: ti_usb_3410_5052: fix NULL-deref at open
USB: serial: io_edgeport: fix NULL-deref at open
USB: serial: oti6858: fix NULL-deref at open
USB: serial: cyberjack: fix NULL-deref at open
USB: serial: kobil_sct: fix NULL-deref in write
USB: serial: mos7840: fix NULL-deref at open
USB: serial: mos7720: fix NULL-deref at open
USB: serial: mos7720: fix use-after-free on probe errors
USB: serial: mos7720: fix parport use-after-free on probe errors
USB: serial: mos7720: fix parallel probe
usb: xhci-mem: use passed in GFP flags instead of GFP_KERNEL
usb: musb: Fix trying to free already-free IRQ 4
ALSA: usb-audio: Fix bogus error return in snd_usb_create_stream()
USB: serial: kl5kusb105: abort on open exception path
staging: iio: ad7606: fix improper setting of oversampling pins
usb: dwc3: gadget: always unmap EP0 requests
cris: Only build flash rescue image if CONFIG_ETRAX_AXISFLASHMAP is selected
hwmon: (ds620) Fix overflows seen when writing temperature limits
clk: clk-wm831x: fix a logic error
iommu/amd: Fix the left value check of cmd buffer
scsi: mvsas: fix command_active typo
target/iscsi: Fix double free in lio_target_tiqn_addtpg()
mmc: mmc_test: Uninitialized return value
powerpc/pci/rpadlpar: Fix device reference leaks
ser_gigaset: return -ENOMEM on error instead of success
net, sched: fix soft lockup in tc_classify
net: stmmac: Fix race between stmmac_drv_probe and stmmac_open
gro: Enter slow-path if there is no tailroom
gro: use min_t() in skb_gro_reset_offset()
gro: Disable frag0 optimization on IPv6 ext headers
powerpc: Fix build warning on 32-bit PPC
Input: i8042 - add Pegatron touchpad to noloop table
mm/hugetlb.c: fix reservation race when freeing surplus pages
USB: serial: kl5kusb105: fix line-state error handling
USB: serial: ch341: fix initial modem-control state
USB: serial: ch341: fix open error handling
USB: serial: ch341: fix control-message error handling
USB: serial: ch341: fix open and resume after B0
USB: serial: ch341: fix resume after reset
USB: serial: ch341: fix modem-control and B0 handling
x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option
NFSv4.1: nfs4_fl_prepare_ds must be careful about reporting success.
powerpc/ibmebus: Fix further device reference leaks
powerpc/ibmebus: Fix device reference leaks in sysfs interface
IB/mlx4: Set traffic class in AH
IB/mlx4: Fix port query for 56Gb Ethernet links
perf scripting: Avoid leaking the scripting_context variable
ARM: dts: imx31: fix clock control module interrupts description
svcrpc: don't leak contexts on PROC_DESTROY
mmc: mxs-mmc: Fix additional cycles after transmission stop
mtd: nand: xway: disable module support
ubifs: Fix journal replay wrt. xattr nodes
arm64/ptrace: Preserve previous registers for short regset write
arm64/ptrace: Avoid uninitialised struct padding in fpr_set()
arm64/ptrace: Reject attempts to set incomplete hardware breakpoint fields
ARM: ux500: fix prcmu_is_cpu_in_wfi() calculation
ite-cir: initialize use_demodulator before using it
fuse: do not use iocb after it may have been freed
crypto: caam - fix non-hmac hashes
drm/i915: Don't leak edid in intel_crt_detect_ddc()
s5k4ecgx: select CRC32 helper
platform/x86: intel_mid_powerbtn: Set IRQ_ONESHOT
net: fix harmonize_features() vs NETIF_F_HIGHDMA
tcp: initialize max window for a new fastopen socket
svcrpc: fix oops in absence of krb5 module
ARM: 8643/3: arm/ptrace: Preserve previous registers for short regset write
mac80211: Fix adding of mesh vendor IEs
scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed send
drm/i915: fix use-after-free in page_flip_completed()
net: use a work queue to defer net_disable_timestamp() work
ipv4: keep skb->dst around in presence of IP options
netlabel: out of bound access in cipso_v4_validate()
ip6_gre: fix ip6gre_err() invalid reads
ping: fix a null pointer dereference
l2tp: do not use udp_ioctl()
packet: fix races in fanout_add()
packet: Do not call fanout_release from atomic contexts
net: socket: fix recvmmsg not returning error from sock_error
USB: serial: mos7840: fix another NULL-deref at open
USB: serial: ftdi_sio: fix modem-status error handling
USB: serial: ftdi_sio: fix extreme low-latency setting
USB: serial: ftdi_sio: fix line-status over-reporting
USB: serial: spcp8x5: fix modem-status handling
USB: serial: opticon: fix CTS retrieval at open
USB: serial: ark3116: fix register-accessor error handling
x86/platform/goldfish: Prevent unconditional loading
goldfish: Sanitize the broken interrupt handler
ocfs2: do not write error flag to user structure we cannot copy from/to
mfd: pm8921: Potential NULL dereference in pm8921_remove()
drm/nv50/disp: min/max are reversed in nv50_crtc_gamma_set()
net: 6lowpan: fix lowpan_header_create non-compression memcpy call
vti4: Don't count header length twice.
net/sched: em_meta: Fix 'meta vlan' to correctly recognize zero VID frames
MIPS: OCTEON: Fix copy_from_user fault handling for large buffers
MIPS: Clear ISA bit correctly in get_frame_info()
MIPS: Prevent unaligned accesses during stack unwinding
MIPS: Fix get_frame_info() handling of microMIPS function size
MIPS: Fix is_jump_ins() handling of 16b microMIPS instructions
MIPS: Calculate microMIPS ra properly when unwinding the stack
MIPS: Handle microMIPS jumps in the same way as MIPS32/MIPS64 jumps
uvcvideo: Fix a wrong macro
scsi: aacraid: Reorder Adapter status check
ath9k: use correct OTP register offsets for the AR9340 and AR9550
fuse: add missing FR_FORCE
RDMA/core: Fix incorrect structure packing for booleans
NFSv4: fix getacl head length estimation
s390/qdio: clear DSCI prior to scanning multiple input queues
IB/ipoib: Fix deadlock between rmmod and set_mode
ktest: Fix child exit code processing
nlm: Ensure callback code also checks that the files match
dm: flush queued bios when process blocks to avoid deadlock
USB: serial: digi_acceleport: fix OOB data sanity check
USB: serial: digi_acceleport: fix OOB-event processing
MIPS: ip27: Disable qlge driver in defconfig
tracing: Add #undef to fix compile error
USB: serial: safe_serial: fix information leak in completion handler
USB: serial: omninet: fix reference leaks at open
USB: iowarrior: fix NULL-deref at probe
USB: iowarrior: fix NULL-deref in write
USB: serial: io_ti: fix NULL-deref in interrupt callback
USB: serial: io_ti: fix information leak in completion handler
vxlan: correctly validate VXLAN ID against VXLAN_N_VID
ipv4: mask tos for input route
locking/static_keys: Add static_key_{en,dis}able() helpers
net: net_enable_timestamp() can be called from irq contexts
dccp/tcp: fix routing redirect race
net sched actions: decrement module reference count after table flush.
perf/core: Fix event inheritance on fork()
isdn/gigaset: fix NULL-deref at probe
xen: do not re-use pirq number cached in pci device msi msg data
net: properly release sk_frag.page
net: unix: properly re-increment inflight counter of GC discarded candidates
Input: ims-pcu - validate number of endpoints before using them
Input: hanwang - validate number of endpoints before using them
Input: yealink - validate number of endpoints before using them
Input: cm109 - validate number of endpoints before using them
USB: uss720: fix NULL-deref at probe
USB: idmouse: fix NULL-deref at probe
USB: wusbcore: fix NULL-deref at probe
uwb: i1480-dfu: fix NULL-deref at probe
uwb: hwa-rc: fix NULL-deref at probe
mmc: ushc: fix NULL-deref at probe
ext4: mark inode dirty after converting inline directory
scsi: libsas: fix ata xfer length
ALSA: ctxfi: Fallback DMA mask to 32bit
ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call
ACPI / PNP: Avoid conflicting resource reservations
ACPI / resources: free memory on error in add_region_before()
ACPI / PNP: Reserve ACPI resources at the fs_initcall_sync stage
USB: OHCI: Fix race between ED unlink and URB submission
i2c: at91: manage unexpected RXRDY flag when starting a transfer
ipv4: igmp: Allow removing groups from a removed interface
ptrace: fix PTRACE_LISTEN race corrupting task->state
ring-buffer: Fix return value check in test_ringbuffer()
metag/usercopy: Fix alignment error checking
metag/usercopy: Add early abort to copy_to_user
metag/usercopy: Set flags before ADDZ
metag/usercopy: Fix src fixup in from user rapf loops
metag/usercopy: Add missing fixups
s390/decompressor: fix initrd corruption caused by bss clear
net/mlx4_en: Fix bad WQE issue
net/mlx4_core: Fix racy CQ (Completion Queue) free
char: Drop bogus dependency of DEVPORT on !M68K
powerpc: Disable HFSCR[TM] if TM is not supported
pegasus: Use heap buffers for all register access
rtl8150: Use heap buffers for all register access
tracing: Allocate the snapshot buffer before enabling probe
ring-buffer: Have ring_buffer_iter_empty() return true when empty
netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel
net: phy: handle state correctly in phy_stop_machine
l2tp: take reference on sessions being dumped
MIPS: KGDB: Use kernel context for sleeping threads
ARM: dts: imx31: move CCM device node to AIPS2 bus devices
ARM: dts: imx31: fix AVIC base address
tun: Fix TUN_PKT_STRIP setting
Staging: vt6655-6: potential NULL dereference in hostap_disable_hostapd()
net: sctp: rework multihoming retransmission path selection to rfc4960
perf trace: Use the syscall raw_syscalls:sys_enter timestamp
USB: usbtmc: add missing endpoint sanity check
ping: implement proper locking
USB: fix problems with duplicate endpoint addresses
USB: dummy-hcd: fix bug in stop_activity (handle ep0)
mm/init: fix zone boundary creation
can: Fix kernel panic at security_sock_rcv_skb
Drivers: hv: avoid vfree() on crash
xc2028: avoid use after free
xc2028: unlock on error in xc2028_set_config()
xc2028: Fix use-after-free bug properly
ipv6: fix ip6_tnl_parse_tlv_enc_lim()
ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()
ipv6: fix the use of pcpu_tstats in ip6_tunnel
sctp: avoid BUG_ON on sctp_wait_for_sndbuf
sctp: deny peeloff operation on asocs with threads sleeping on it
KVM: x86: clear bus pointer when destroyed
kvm: exclude ioeventfd from counting kvm_io_range limit
KVM: kvm_io_bus_unregister_dev() should never fail
TTY: n_hdlc, fix lockdep false positive
tty: n_hdlc: get rid of racy n_hdlc.tbuf
ipv6: handle -EFAULT from skb_copy_bits
fs: exec: apply CLOEXEC before changing dumpable task flags
mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp
dccp/tcp: do not inherit mc_list from parent
char: lp: fix possible integer overflow in lp_setup()
dccp: fix freeing skb too early for IPV6_RECVPKTINFO
Linux 3.10.106
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
drivers/mfd/pm8921-core.c
include/linux/cpu.h
kernel/cpu.c
net/ipv4/inet_connection_sock.c
net/ipv4/ping.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXwrqoAAoJEE44bZycYXAvXY0P/0ggO2AAwJONCzFgBk3yZKi1
aHiSvhq4JLkFnHk3KRQJwBqAPzDkc9C41If65RTZcNwdczzPMVRBxpzIrQhzjTpg
xv2MwuuuTFQpOaJStmRbYSa8uiNs9KCmO357E6Rtz47bNrngqTk6TcXV2qIJxjl9
P5s8+l5iUIfLsPx1AIN9vCiSAeWdL2FLcVvJiIFrfpLfJd0FI0un2Z21/Cw14OLM
uoK2I8wf+DzwQdRXTUij+8+yC80IMh+bPmQR5QRcJ/jZx5xj5cdhhabWHZPw2InQ
PzPbX/xG514qNosRkALFM0xOgdpsikhOZwr4LzXJoYreFr3uarUiIQ2pGXR/DANY
nDmFNuvfwRxJTF8wXNW7J9jxLAhgqlJ5mOfWnNTI1filpUg+zCrp9O2DzyjBZOJA
7bzvCQgFG6pIawicIYX1cLZ+rdEB+oEmpQJtXkAUK9jg84jqluoq/NTQ4leNbjtl
1Vk0Gbvz28FX821lpcrNbEibkmN7MAbAr3LXYKYFtGd3RqED7LlSe1B1bxk4dS+6
FhKcZXpYXlofwGrZieGgdq/NieCUClbfTmBSbqmX7vCM3k0p5pIak+GGFoJW+rAl
VTqrxyrB5eBr4T1m04EuK6tIxbFo/SF78CgkjbOE6ghTkqe6BLuntMqXIcKn/lrO
8t0Tg0S+MrzTv3LWsnzx
=9dk8
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqdbgACgkQmXOSYMts
txa6FA//biC/xNB75MuS7nVE/4mDKnpzjejjiIWgtWFkcp+NHXIHa2JS8E1hfAfN
3oCifMMDIF8+QoQvjz6MBuxzxc4BoqxEju0Ez+/ktm8R6fTw7SEholmo+nGh4fGW
LlXwf2r2HcDrS+MzepCCVK5H2ewso4cDmnqJNVRME/R2CgTf1U+ALQ/Vv+UzXEYp
m+LbIRzWx6QcrGd9FiPg8uJ08vy/E5hZBjehKWTm1hMNvPuCysDhL6Cy7mfJhrOm
2/FypjVZHgkj+6ZMTkDOSS9mXvPmZSJ91rQCjt+Mk52OfYycbiALtBWiz3ekwYHc
wGkyzRHFMLCnjNTNBAk9LHMOdEHfR4hnvb7zaKvrAui7QyweDgX86SuqS+Okyb6Y
DXvPkzSMIs/cQc+0y1d9nSJ+ASTVAJBGewrvqENza0UDO+7r8OF+Yuu9ttlZSzVI
ABoCqcE2lqIJEVaCbjGD+r3fAclGQEJHzGhUxBvrvgBz4pKn5E3FMuB+Ll72BQo0
od1uUvP1TIBf9Sy0/k54tYusMR6pZ+0q5ffpAcVHwYg4ScUIv3e2DNlS2YwaAhg0
zUG5Is5jfIjOSzZ1cxNtlicCKKEWZgECI7i013Hx5AP3Im1ZwXZr82plOnGg16pl
Yt1pusfixkqhdi6S2gbULO4JfMN5WUDB0PvZAWCJ3US0uqi3ftE=
=9Iqv
-----END PGP SIGNATURE-----
Merge 3.10.103 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.103: (178 commits)
X.509: remove possible code fragility: enumeration values not handled
x86, asmlinkage, apm: Make APM data structure used from assembler visible
netfilter: x_tables: validate e->target_offset early
netfilter: x_tables: make sure e->next_offset covers remaining blob size
netfilter: x_tables: fix unconditional helper
netfilter: x_tables: don't move to non-existent next rule
netfilter: x_tables: add and use xt_check_entry_offsets
netfilter: x_tables: kill check_entry helper
netfilter: x_tables: assert minimum target size
netfilter: x_tables: add compat version of xt_check_entry_offsets
netfilter: x_tables: check standard target size too
netfilter: x_tables: check for bogus target offset
netfilter: x_tables: validate all offsets and sizes in a rule
netfilter: x_tables: don't reject valid target size on some architectures
netfilter: arp_tables: simplify translate_compat_table args
netfilter: ip_tables: simplify translate_compat_table args
netfilter: ip6_tables: simplify translate_compat_table args
netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
netfilter: ensure number of counters is >0 in do_replace()
netfilter: x_tables: do compat validation via translate_table
Revert "netfilter: ensure number of counters is >0 in do_replace()"
netfilter: x_tables: introduce and use xt_copy_counters_from_user
perf/x86: Honor the architectural performance monitoring version
perf/x86: Fix undefined shift on 32-bit kernels
signal: remove warning about using SI_TKILL in rt_[tg]sigqueueinfo
PCI/ACPI: Fix _OSC ordering to allow PCIe hotplug use when available
udp: properly support MSG_PEEK with truncated buffers
USB: fix invalid memory access in hub_activate()
USB: usbfs: fix potential infoleak in devio
USB: fix up faulty backports
USB: EHCI: declare hostpc register as zero-length array
USB: serial: option: add support for Telit LE910 PID 0x1206
usb: musb: Stop bulk endpoint while queue is rotated
usb: musb: Ensure rx reinit occurs for shared_fifo endpoints
usb: renesas_usbhs: protect the CFIFOSEL setting in usbhsg_ep_enable()
x86/mm: Add barriers and document switch_mm()-vs-flush synchronization
pipe: limit the per-user amount of pages allocated in pipes
cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind
KEYS: potential uninitialized variable
mm: migrate dirty page without clear_page_dirty_for_io etc
printk: do cond_resched() between lines while outputting to consoles
HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands
libceph: apply new_state before new_up_client on incrementals
tmpfs: don't undo fallocate past its last page
tmpfs: fix regression hang in fallocate undo
tcp: make challenge acks less predictable
tcp: record TLP and ER timer stats in v6 stats
tcp: consider recv buf for the initial window scale
MIPS: KVM: Fix mapped fault broken commpage handling
MIPS: KVM: Add missing gfn range check
MIPS: KVM: Fix gfn range check in kseg0 tlb faults
MIPS: KVM: Propagate kseg0/mapped tlb fault errors
MIPS: math-emu: Fix jalr emulation when rd == $0
MIPS: Fix siginfo.h to use strict posix types
MIPS: ath79: make bootconsole wait for both THRE and TEMT
MIPS: Fix 64k page support for 32 bit kernels.
MIPS: KVM: Fix modular KVM under QEMU
Input: uinput - handle compat ioctl for UI_SET_PHYS
Input: wacom_w8001 - w8001_MAX_LENGTH should be 13
Input: xpad - validate USB endpoint count during probe
ath5k: Change led pin configuration for compaq c700 laptop
aacraid: Relinquish CPU during timeout wait
aacraid: Fix for aac_command_thread hang
PCI: Disable all BAR sizing for devices with non-compliant BARs
rtlwifi: Fix logic error in enter/exit power-save mode
powerpc/book3s64: Fix branching to OOL handlers in relocatable kernel
powerpc: Fix definition of SIAR and SDAR registers
powerpc: Use privileged SPR number for MMCR2
powerpc/pseries/eeh: Handle RTAS delay requests in configure_bridge
powerpc/iommu: Remove the dependency on EEH struct in DDW mechanism
powerpc/pseries: Fix PCI config address for DDW
powerpc/tm: Always reclaim in start_thread() for exec() class syscalls
sunrpc: fix stripping of padded MIC tokens
drm/gma500: Fix possible out of bounds read
drm/fb_helper: Fix references to dev->mode_config.num_connector
drm/radeon: fix asic initialization for virtualized environments
drm/radeon: add a delay after ATPX dGPU power off
drm/radeon: Poll for both connect/disconnect on analog connectors
drm/radeon: fix firmware info version checks
ext4: fix hang when processing corrupted orphaned inode list
ext4: address UBSAN warning in mb_find_order_for_block()
ext4: silence UBSAN in ext4_mb_init()
ext4: verify extent header depth
ext4: check for extents that wrap around
ext4: don't call ext4_should_journal_data() on the journal inode
ext4: short-cut orphan cleanup on error
ext4: fix reference counting bug on block allocation error
dma-debug: avoid spinlock recursion when disabling dma-debug
xfs: xfs_iflush_cluster fails to abort on error
xfs: fix inode validity check in xfs_iflush_cluster
xfs: skip stale inodes in xfs_iflush_cluster
KVM: x86: fix OOPS after invalid KVM_SET_DEBUGREGS
ARM: fix PTRACE_SETVFPREGS on SMP systems
arm: oabi compat: add missing access checks
parisc: Fix pagefault crash in unaligned __get_user() call
ecryptfs: forbid opening files without mmap handler
fix d_walk()/non-delayed __d_free() race
crypto: ux500 - memmove the right size
crypto: gcm - Filter out async ghash if necessary
crypto: scatterwalk - Fix test in scatterwalk_done
sit: correct IP protocol used in ipip6_err
ipmr/ip6mr: Initialize the last assert time of mfc entries.
net: alx: Work around the DMA RX overflow issue
mac80211: mesh: flush mesh paths unconditionally
mac80211_hwsim: Add missing check for HWSIM_ATTR_SIGNAL
IB/mlx4: Properly initialize GRH TClass and FlowLabel in AHs
IB/security: Restrict use of the write() interface
IB/IPoIB: Don't update neigh validity for unresolved entries
IB/mlx4: Fix the SQ size of an RC QP
x86, build: copy ldlinux.c32 to image.iso
kprobes/x86: Clear TF bit in fault on single-stepping
x86/amd_nb: Fix boot crash on non-AMD systems
NFS: Fix another OPEN_DOWNGRADE bug
mm: Export migrate_page_move_mapping and migrate_page_copy
UBIFS: Implement ->migratepage()
cdc_ncm: workaround for EM7455 "silent" data interface
kvm: Fix irq route entries exceeding KVM_MAX_IRQ_ROUTES
tracing: Handle NULL formats in hold_module_trace_bprintk_format()
base: make module_create_drivers_dir race-free
iio: Fix error handling in iio_trigger_attach_poll_func
staging: iio: accel: fix error check
iio: accel: kxsd9: fix the usage of spi_w8r8()
iio:ad7266: Fix broken regulator error handling
iio:ad7266: Fix probe deferral for vref
tty/vt/keyboard: fix OOB access in do_compute_shiftstate()
ALSA: dummy: Fix a use-after-free at closing
ALSA: au88x0: Fix calculation in vortex_wtdma_bufshift()
ALSA: ctl: Stop notification after disconnection
ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
ALSA: timer: Fix leak in events via snd_timer_user_ccallback
ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
scsi: fix race between simultaneous decrements of ->host_failed
scsi: remove scsi_end_request
Fix reconnect to not defer smb3 session reconnect long after socket reconnect
xen/acpi: allow xen-acpi-processor driver to load on Xen 4.7
s390/seccomp: fix error return for filtered system calls
fs/nilfs2: fix potential underflow in call to crc32_le
arc: unwind: warn only once if DW2_UNWIND is disabled
xen/pciback: Fix conf_space read/write overlap check.
Revert "ecryptfs: forbid opening files without mmap handler"
ecryptfs: don't allow mmap when the lower fs doesn't support it
ARC: use ASL assembler mnemonic
qeth: delete napi struct when removing a qeth device
mmc: block: fix packed command header endianness
can: at91_can: RX queue could get stuck at high bus load
can: fix oops caused by wrong rtnl dellink usage
ipr: Clear interrupt on croc/crocodile when running with LSI
net: mvneta: set real interrupt per packet for tx_done
sctp: Prevent soft lockup when sctp_accept() is called during a timeout event
x86/mm: Improve switch_mm() barrier comments
KEYS: 64-bit MIPS needs to use compat_sys_keyctl for 32-bit userspace
scsi_lib: correctly retry failed zero length REQ_TYPE_FS commands
block: fix use-after-free in seq file
fuse: fix wrong assignment of ->flags in fuse_send_init()
net/irda: fix NULL pointer dereference on memory allocation failure
gpio: pca953x: Fix NBANK calculation for PCA9536
hp-wmi: Fix wifi cannot be hard-unblocked
s5p-mfc: Set device name for reserved memory region devs
s5p-mfc: Add release callback for memory region devs
Bluetooth: Fix l2cap_sock_setsockopt() with optname BT_RCVMTU
cifs: Check for existing directory when opening file with O_CREAT
netlabel: add address family checks to netlbl_{sock,req}_delattr()
balloon: check the number of available pages in leak balloon
ftrace/recordmcount: Work around for addition of metag magic but not relocations
metag: Fix __cmpxchg_u32 asm constraint for CMP
ubi: Make volume resize power cut aware
ubi: Fix race condition between ubi device creation and udev
dm flakey: error READ bios during the down_interval
module: Invalidate signatures on force-loaded modules
be2iscsi: Fix bogus WARN_ON length check
squash mm: Export migrate_page_... : also make it non-static
HID: hid-input: Add parentheses to quell gcc warning
ALSA: oxygen: Fix logical-not-parentheses warning
net: rfkill: Do not ignore errors from regulator_enable()
isdn: hfcpci_softirq: get func return to suppress compiler warning
stb6100: fix buffer length check in stb6100_write_reg_range()
spi: spi-xilinx: cleanup a check in xilinx_spi_txrx_bufs()
Linux 3.10.103
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
drivers/usb/core/quirks.c
fs/fuse/inode.c
kernel/panic.c
net/ipv4/tcp_input.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJWz1zgAAoJEDjbvchgkmk+yU8P/10DITNzrhCfz5wbhvvn9Uvo
7H1DziOora3u9h8/rz6xqgFEz2/9cZ03KoLcpGha7kEFBsvgVhN3uSI0YFpVV2mT
8/oh1ADdkky3Pld0f7gDGydDvrmgqx83/69SQ8hDQ8Mr2QTaKNvK05QGC2/EO9kI
OcUAXjdAGglmf5rfhNhXodG/F2DtsA55uCzeyuBhcPE3bM7d4/48pwr1b2tW2CR8
hsprRvSz+kGgHXQy8jYdxKEI66OC/i22xVnxEc8PZmPZ0fFfmszzc9nzhcseWfpe
0JGgfwAtM8Va+bX4kfvqPpc2qR0r8Z2iEKNnAHnGutOvSWvow0l1OEedsb/+s1J6
/AYlPIkgTxwLDAwBIymPgowkEMOPVZzPL0tkoZI8wjB+eqUxxLlIa2dNByCyUs/U
1xTy+0UDMMDXG911mJl+yZFvd4R7lQUavIEStmMQ+A/Go2KrATaqIM8WETBlm7oH
s3hZ3E+RBWmfD/6JQwsJNkwv6yWeaRXNE+bj8C1r/uBdPyGqX9T22OaIOlio+I71
XBNEM5mrTlNeNVIUIKW29qmLBxBrH2LLwpv/dRyfOfzfhi1B+dl9+3sJauvrSmWi
jrR1khGmmaZcfOT2DVmpwlDQCQcyMcy8S8RTTAHhhuNmWtSjdc3TcfRlHXvP0sOu
ruXBufxernb94E7sqsvF
=LW9r
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqdMoACgkQmXOSYMts
txYJKxAAkVgmXLjjtJbCUkYLzohjXabtfF9ekfy7UPRdBU+PPRC2c8tHcR6LCqXd
v+hEiI80h72BqEVE4y3ztFZlhbpSonIcmRrG+/gWsWcWmY9S0owilHwhmrl3uvmC
Fvso6+5oWVvVXuM8I4Ul/3bXmScVhv/rh22iN2hhOS7WgEVdqlhmYHC/KIpRK+rD
dyUQ2eONgr14FyGswgK0zLaFKXvKhQfEjvAu4KXJek0sIPIUEVdZ5xgS2v4eLigN
W0+ewi4DCTESCU8GCnZwwU1OIbe2De09sPIVwBM644bOIJRxOJxnL0a11IjwOaye
P9ne98G3M1vTruiM+/dA40eGh7kFiKKlIqCO1mf1IqrQSYq+sNEuDSmD9XY+huRZ
ktDue8NcUmFgJzJxeRYfdatCNF/esfdIzuzbFnw+Jr+EPACn6FiOXFgkJkUpo204
wvv+nOhiYlSJQT81jqmVTn3iGyvZIJd15uCEryguNt8LmLafGlztYBZ5dSUkejcu
nAipexnYGyrufD5XhshZlcBt1S1FCQZd3lUBETmqLzP+hiZG76ti96i2ro2hnyM5
TWva2zmC1Cp89l0dWJjtNSohD4S6226Jc6ebHTDO/67gpsj3dlbH3IR7rDqKXgof
AFltzPMYnfMPYuDmANTu7vqlJGI5974xrDA1hRAUN49YVxD5YKk=
=fJ2P
-----END PGP SIGNATURE-----
Merge 3.10.98 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.98: (55 commits)
ALSA: seq: Fix double port list deletion
wan/x25: Fix use-after-free in x25_asy_open_tty()
staging/speakup: Use tty_ldisc_ref() for paste kworker
pty: fix possible use after free of tty->driver_data
pty: make sure super_block is still valid in final /dev/tty close
AIO: properly check iovec sizes
ext4: fix potential integer overflow
Btrfs: fix hang on extent buffer lock caused by the inode_paths ioctl
perf: Fix inherited events vs. tracepoint filters
ptrace: use fsuid, fsgid, effective creds for fs access checks
tools lib traceevent: Fix output of %llu for 64 bit values read on 32 bit machines
tracing: Fix freak link error caused by branch tracer
klist: fix starting point removed bug in klist iterators
scsi: restart list search after unlock in scsi_remove_target
scsi_sysfs: Fix queue_ramp_up_period return code
iscsi-target: Fix rx_login_comp hang after login failure
Fix a memory leak in scsi_host_dev_release()
SCSI: Fix NULL pointer dereference in runtime PM
iscsi-target: Fix potential dead-lock during node acl delete
SCSI: fix crashes in sd and sr runtime PM
drivers/scsi/sg.c: mark VMA as VM_IO to prevent migration
scsi_dh_rdac: always retry MODE SELECT on command lock violation
scsi: fix soft lockup in scsi_remove_target() on module removal
iio:ad7793: Fix ad7785 product ID
iio: lpc32xx_adc: fix warnings caused by enabling unprepared clock
iio:ad5064: Make sure ad5064_i2c_write() returns 0 on success
iio: adis_buffer: Fix out-of-bounds memory access
iio: dac: mcp4725: set iio name property in sysfs
cifs: fix erroneous return value
nfs: Fix race in __update_open_stateid()
udf: limit the maximum number of indirect extents in a row
udf: Prevent buffer overrun with multi-byte characters
udf: Check output buffer length when converting name to CS0
ARM: 8519/1: ICST: try other dividends than 1
ARM: 8517/1: ICST: avoid arithmetic overflow in icst_hz()
fuse: break infinite loop in fuse_fill_write_pages()
mm: soft-offline: check return value in second __get_any_page() call
Input: elantech - add Fujitsu Lifebook U745 to force crc_enabled
Input: elantech - mark protocols v2 and v3 as semi-mt
Input: i8042 - add Fujitsu Lifebook U745 to the nomux list
iommu/vt-d: Fix 64-bit accesses to 32-bit DMAR_GSTS_REG
mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone()
xhci: Fix list corruption in urb dequeue at host removal
m32r: fix m32104ut_defconfig build fail
dma-debug: switch check from _text to _stext
scripts/bloat-o-meter: fix python3 syntax error
memcg: only free spare array when readers are done
radix-tree: fix race in gang lookup
radix-tree: fix oops after radix_tree_iter_retry
intel_scu_ipcutil: underflow in scu_reg_access()
x86/asm/irq: Stop relying on magic JMP behavior for early_idt_handlers
futex: Drop refcount if requeue_pi() acquired the rtmutex
ip6mr: call del_timer_sync() in ip6mr_free_table()
module: wrapper for symbol name.
Linux 3.10.98
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Accessing of incorrect structure pointer is causing
memory out of bound access, fixed issue by accessing
the correct structure pointer.
Bug: 63851638
Change-Id: I3c2f5f7a97cac854093ef670184d06db4231f5e1
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Signed-off-by: Siqi Lin <siqilin@google.com>
Added to code changes to ref_cnt variable will decrement only
when add_ref_hdr variable is true.
Bug: 68992478
Change-Id: I0bcc3909669f4843c43135e5f047ac28fa62bb63
Acked-by: Ashok Vuyyuru <avuyyuru@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
IOCTL interface to send QMI NOTIFY REQ messages can be called
from multiple contexts which can result into buffer overflow of
msg cache. Make a change to add mutext protection to prevent
buffer overflow.
Bug: 63868933
Change-Id: I22c37f2b61051494123c5c9599c56560ac7e3418
Acked-by: Pooja Kumari <kumarip@qti.qualcomm.com>
Signed-off-by: Mohammed Javid <mjavid@codeaurora.org>
Signed-off-by: Jonathan Solnit <jsolnit@google.com>
Cldata needed to be protected by lock since crash
happened when synchronous update and free.
CRs-Fixed: 2034222
Bug: 62378596
Change-Id: Ied86461b784d69d9758dc3fc793a8a0de86e7f9c
Signed-off-by: Maria Yu <aiquny@codeaurora.org>
SPS debugfs APIs can be called concurrently which can result
in dangling pointer access. This change synchronizes access
to the SPS debugfs buffer.
Bug: 33548839
Change-Id: I409b3f0618f760cb67eba47b43c81d166cdae4aa
Signed-off-by: Siva Kumar Akkireddi <sivaa@codeaurora.org>
commit f9ac89f5ad613b462339e845aeb8494646fd9be2 upstream.
The 98d610c3739a patch was introduced since v4.11-rc1 that it causes
that the accelerometer input device will not be created on workable
machines because the HID string comparing logic is wrong.
And, the patch doesn't prevent that the accelerometer input device
be created on the machines that have no BST0001. That's because
the acpi_get_devices() returns success even it didn't find any
match device.
This patch fixed the HID string comparing logic of BST0001 device.
And, it also makes sure that the acpi_get_devices() returns
acpi_handle for BST0001.
Fixes: 98d610c3739a ("acer-wmi: setup accelerometer when machine has appropriate notify event")
Reference: https://bugzilla.kernel.org/show_bug.cgi?id=193761
Reported-by: Samuel Sieb <samuel-kbugs@sieb.net>
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 98d610c3739ac354319a6590b915f4624d9151e6 upstream.
The accelerometer event relies on the ACERWMID_EVENT_GUID notify.
So, this patch changes the codes to setup accelerometer input device
when detected ACERWMID_EVENT_GUID. It avoids that the accel input
device created on every Acer machines.
In addition, patch adds a clearly parsing logic of accelerometer hid
to acer_wmi_get_handle_cb callback function. It is positive matching
the "SENR" name with "BST0001" device to avoid non-supported hardware.
Reported-by: Bjørn Mork <bjorn@mork.no>
Cc: Darren Hart <dvhart@infradead.org>
Signed-off-by: Chun-Yi Lee <jlee@suse.com>
[andy: slightly massage commit message]
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 6cf18e6927c0b224f972e3042fb85770d63cb9f8 upstream.
This interrupt handler is broken in several ways:
- It loops forever when the op code is not decodeable
- It never returns IRQ_HANDLED because the only way to exit the loop
returns IRQ_NONE unconditionally.
The whole concept of this is broken. Creating devices in an interrupt
handler is beyond any point of sanity.
Make it at least behave halfways sane so accidental users do not have to
deal with a hard to debug lockup.
Fixes: e809c22b8f ("goldfish: add the goldfish virtual bus")
Reported-by: Gabriel C <nix.or.die@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 5a00b6c2438460b870a451f14593fc40d3c7edf6 upstream.
The commit 1c6c69525b ("genirq: Reject bogus threaded irq requests")
starts refusing misconfigured interrupt handlers. This makes
intel_mid_powerbtn not working anymore.
Add a mandatory flag to a threaded IRQ request in the driver.
Fixes: 1c6c69525b ("genirq: Reject bogus threaded irq requests")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Overflow of reference counter can lead to memory leak.
Before incrementing the reference count, check with
U32_MAX and return for error check.
Bug: 35467471
Change-Id: Ib96d36574ee086ec73c9836110cb2c98e8ae3d66
Acked-by: Mohammed Javid <mjavid@qti.qualcomm.com>
Signed-off-by: Utkarsh Saxena <usaxena@codeaurora.org>
SSR logic is executed during device shutdown. During device
shutdown the Linux tasks (processes) are moving to SIGKILL
state. If a DMA allocation from the kernel happens
in a context of a process in SIGKILL state and page migration
is needed, the allocation will fail.
Use GFP_ATOMIC allocation flag during SSR. This will
utilize the atomic memory pool and will not require page
migration.
Bug: 36779136
CRs-fixed: 1077811
Change-Id: Ie06b85d1f9d0a230c3d3832b6f0bbcdefc520c1e
Signed-off-by: Ghanim Fodi <gfodi@codeaurora.org>
Signed-off-by: Utkarsh Saxena <usaxena@codeaurora.org>
Signed-off-by: Siqi Lin <siqilin@google.com>
The ipa_ioc_query_intf_rx_props structure comes
from the ioctl handler, and it is verified that
the size of rx buffer does not exceed the
IPA_NUM_PROPS_MAX elements. It is also verified
that the "entry->rx" buffer does not exceed
IPA_NUM_PROPS_MAX when "entry" is allocated.
However, the sizes of the buffer "rx->rx" and
the buffer "entry->rx" are not guaranteed to
be the same and will lead memory corruption
issue. The fix is to add the check before
memcpy.
Bug: 34026243
Bug: 35048450
Bug: 35047780
Bug: 35047217
Change-Id: Idf5c2d32f47c1a1cffeaa5607193855188893ddb
Signed-off-by: Skylar Chang <chiaweic@codeaurora.org>
Signed-off-by: Steve Pfetsch <spfetsch@google.com>
(am from https://source.codeaurora.org/quic/la/kernel/
msm-3.18/commit/?id=cf0d31bc3b04cf2db7737d36b11a5bf50af0c1db)
Fix input parameter validation in order to avoid
device crash because of incorrect parameter in IPA driver.
Change-Id: Icbdb05aeb9211665420a872d3453dbbd24fd347b
CRs-Fixed: 1069060
Acked-by: Ady Abraham <adya@qti.qualcomm.com>
Signed-off-by: Skylar Chang <chiaweic@codeaurora.org>
Bug: 34390017
(am from https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c7d7492c1e329fdeb28a7901c4cd634d41a996b1)
Signed-off-by: Yueyao Zhu <yueyao@google.com>
An IPA header or processing context can be added once
and later deleted once from user space.
Multiple deletion may cause invalid state of the headers
software cache.
Bug: 33139056
Change-Id: Ic0b8472b7fd8a76233a007d90c832af726184574
CRs-fixed: 1097714
Signed-off-by: Ghanim Fodi <gfodi@codeaurora.org>
Signed-off-by: Biswajit Paul <biswajitpaul@codeaurora.org>
IPA filtering and routing temp buffer size
should be big enough to contain the maximum possible
rule being composed.
Bug: 33106520
Change-Id: I659fd46ec1f44e68aedb9021962dd04de9d9cd57
CRs-fixed: 1099598
Signed-off-by: Ghanim Fodi <gfodi@codeaurora.org>
Signed-off-by: Biswajit Paul <biswajitpaul@codeaurora.org>
commit fc8a601e1175ae351f662506030f9939cb7fdbfe upstream.
Several users reported wifi cannot be unblocked as discussed in [1].
This patch removes the use of the 2009 flag by BIOS but uses the actual
WMI function calls - it will be skipped if WMI reports unsupported.
[1] https://bugzilla.kernel.org/show_bug.cgi?id=69131
Signed-off-by: Alex Hung <alex.hung@canonical.com>
Tested-by: Evgenii Shatokhin <eugene.shatokhin@yandex.ru>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
IPA might have Information leak and device crash due to
kernel heap overread in IPA driver when processing
WAN_IOC_ADD_FLT_RULE_INDEX ioctl. The fix is to add
check on max number of filter rules send to modem.
Bug: 29953313
CRs-Fixed: 1044072
Change-Id: I454e04d05cfcb7af8fc4bd2b4a1bade55c4684d0
Signed-off-by: Skylar Chang <chiaweic@codeaurora.org>
Signed-off-by: Biswajit Paul <biswajitpaul@codeaurora.org>
There are numerous potential race condition
ioctls in the IPA driver. The fix is to add
check wherever it copies arguments from
user-space memory and process.
Bug: 28919863
CRs-Fixed: 1037897
Change-Id: I5a440f89153518507acdf5dad42625503732e59a
Signed-off-by: Skylar Chang <chiaweic@codeaurora.org>
Signed-off-by: Biswajit Paul <biswajitpaul@codeaurora.org>
voidanix