This adds a generic interface to boost a list of devfreq devices defined
at compile time. The specified devfreq devices (boost_devices) are boosted
to their respective max frequencies when the screen is turned on in order to
improve screen-wake performance. The default boost duration is 10 seconds.
Signed-off-by: Sultanxda <sultanxda@gmail.com>
The patch centralizes the XTS key check logic into the service function
xts_check_key which is invoked from the different XTS implementations.
With this, the XTS implementations in ARM, ARM64, PPC and S390 have now
a sanity check for the XTS keys similar to the other arches.
In addition, this service function received a check to ensure that the
key != the tweak key which is mandated by FIPS 140-2 IG A.9. As the
check is not present in the standards defining XTS, it is only enforced
in FIPS mode of the kernel.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This updated the generic SHA-512 implementation to use the
generic shared SHA-512 glue code.
It also implements a .finup hook crypto_sha512_finup() and exports
it to other modules. The import and export() functions and the
.statesize member are dropped, since the default implementation
is perfectly suitable for this module.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This updates the generic SHA-256 implementation to use the
new shared SHA-256 glue code.
It also implements a .finup hook crypto_sha256_finup() and exports
it to other modules. The import and export() functions and the
.statesize member are dropped, since the default implementation
is perfectly suitable for this module.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This updated the generic SHA-1 implementation to use the generic
shared SHA-1 glue code.
It also implements a .finup hook crypto_sha1_finup() and exports
it to other modules. The import and export() functions and the
.statesize member are dropped, since the default implementation
is perfectly suitable for this module.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
To reduce the number of copies of boilerplate code throughout
the tree, this patch implements generic glue for the SHA-512
algorithm. This allows a specific arch or hardware implementation
to only implement the special handling that it needs.
The users need to supply an implementation of
void (sha512_block_fn)(struct sha512_state *sst, u8 const *src, int blocks)
and pass it to the SHA-512 base functions. For easy casting between the
prototype above and existing block functions that take a 'u64 state[]'
as their first argument, the 'state' member of struct sha512_state is
moved to the base of the struct.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
To reduce the number of copies of boilerplate code throughout
the tree, this patch implements generic glue for the SHA-256
algorithm. This allows a specific arch or hardware implementation
to only implement the special handling that it needs.
The users need to supply an implementation of
void (sha256_block_fn)(struct sha256_state *sst, u8 const *src, int blocks)
and pass it to the SHA-256 base functions. For easy casting between the
prototype above and existing block functions that take a 'u32 state[]'
as their first argument, the 'state' member of struct sha256_state is
moved to the base of the struct.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
To reduce the number of copies of boilerplate code throughout
the tree, this patch implements generic glue for the SHA-1
algorithm. This allows a specific arch or hardware implementation
to only implement the special handling that it needs.
The users need to supply an implementation of
void (sha1_block_fn)(struct sha1_state *sst, u8 const *src, int blocks)
and pass it to the SHA-1 base functions. For easy casting between the
prototype above and existing block functions that take a 'u32 state[]'
as their first argument, the 'state' member of struct sha1_state is
moved to the base of the struct.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch removes the kernel blocking API as it has been completely
replaced by the callback API.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The get_blocking_random_bytes API is broken because the wait can
be arbitrarily long (potentially forever) so there is no safe way
of calling it from within the kernel.
This patch replaces it with a callback API instead. The callback
is invoked potentially from interrupt context so the user needs
to schedule their own work thread if necessary.
In addition to adding callbacks, they can also be removed as
otherwise this opens up a way for user-space to allocate kernel
memory with no bound (by opening algif_rng descriptors and then
closing them).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The added API calls provide a synchronous function call
get_blocking_random_bytes where the caller is blocked until
the nonblocking_pool is initialized.
CC: Andreas Steffen <andreas.steffen@strongswan.org>
CC: Theodore Ts'o <tytso@mit.edu>
CC: Sandy Harris <sandyinchina@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Add delay_blk() to pcm, platform and DAI ops.
The pcm delay_blk() op collects the audio DSP path
delays from the low-level drivers and sets the
runtime->delay field to their aggregate.
Change-Id: Ib7e10f44ab8ccb46dc2f5825081d0afef662d827
Signed-off-by: Kenneth Westfield <kwestfie@codeaurora.org>
OCP (over current protection) current can be configured
for speaker driver on wcd9330 codec. Add support to
configure the OCP current based on the parameter value
set in device tree.
Change-Id: Iadedef28a849863b0b2b63eef21bd0ad69db38e3
Signed-off-by: Roberto Granados Dorado <robertog@codeaurora.org>
Signed-off-by: Phani Kumar Uppalapati <phaniu@codeaurora.org>
add_random was implemented for spinning hard disks. It only slows SSDs down. Read here http://wiki.samat.org/SSD for more info.
Signed-off-by: Chester Kener <Cl3Kener@gmail.com>
Signed-off-by: engstk <eng.stk@sapo.pt>
Strings are sometimes sanitized by replacing a certain character (often
'/') by another (often '!'). In a few places, this is done the same way
Schlemiel the Painter would do it. Others are slightly smarter but still
do multiple strchr() calls. Introduce strreplace() to do this using a
single function call and a single pass over the string.
One would expect the return value to be one of three things: void, s, or
the number of replacements made. I chose the fourth, returning a pointer
to the end of the string. This is more likely to be useful (for example
allowing the caller to avoid a strlen call).
BUG: 27175947
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: "Theodore Ts'o" <tytso@mit.edu>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Neil Brown <neilb@suse.de>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Joe Perches <joe@perches.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: I1ddb88534a189f2e78ae1b5b074c0662781c7665
(Cherry-pick from commit f9a61eb4e2471c56a63cd804c7474128138c38ac)
Original mbcache was designed to have more features than what ext?
filesystems ended up using. It supported entry being in more hashes, it
had a home-grown rwlocking of each entry, and one cache could cache
entries from multiple filesystems. This genericity also resulted in more
complex locking, larger cache entries, and generally more code
complexity.
This is reimplementation of the mbcache functionality to exactly fit the
purpose ext? filesystems use it for. Cache entries are now considerably
smaller (7 instead of 13 longs), the code is considerably smaller as
well (414 vs 913 lines of code), and IMO also simpler. The new code is
also much more lightweight.
I have measured the speed using artificial xattr-bench benchmark, which
spawns P processes, each process sets xattr for F different files, and
the value of xattr is randomly chosen from a pool of V values. Averages
of runtimes for 5 runs for various combinations of parameters are below.
The first value in each cell is old mbache, the second value is the new
mbcache.
V=10
F\P 1 2 4 8 16 32 64
10 0.158,0.157 0.208,0.196 0.500,0.277 0.798,0.400 3.258,0.584 13.807,1.047 61.339,2.803
100 0.172,0.167 0.279,0.222 0.520,0.275 0.825,0.341 2.981,0.505 12.022,1.202 44.641,2.943
1000 0.185,0.174 0.297,0.239 0.445,0.283 0.767,0.340 2.329,0.480 6.342,1.198 16.440,3.888
V=100
F\P 1 2 4 8 16 32 64
10 0.162,0.153 0.200,0.186 0.362,0.257 0.671,0.496 1.433,0.943 3.801,1.345 7.938,2.501
100 0.153,0.160 0.221,0.199 0.404,0.264 0.945,0.379 1.556,0.485 3.761,1.156 7.901,2.484
1000 0.215,0.191 0.303,0.246 0.471,0.288 0.960,0.347 1.647,0.479 3.916,1.176 8.058,3.160
V=1000
F\P 1 2 4 8 16 32 64
10 0.151,0.129 0.210,0.163 0.326,0.245 0.685,0.521 1.284,0.859 3.087,2.251 6.451,4.801
100 0.154,0.153 0.211,0.191 0.276,0.282 0.687,0.506 1.202,0.877 3.259,1.954 8.738,2.887
1000 0.145,0.179 0.202,0.222 0.449,0.319 0.899,0.333 1.577,0.524 4.221,1.240 9.782,3.579
V=10000
F\P 1 2 4 8 16 32 64
10 0.161,0.154 0.198,0.190 0.296,0.256 0.662,0.480 1.192,0.818 2.989,2.200 6.362,4.746
100 0.176,0.174 0.236,0.203 0.326,0.255 0.696,0.511 1.183,0.855 4.205,3.444 19.510,17.760
1000 0.199,0.183 0.240,0.227 1.159,1.014 2.286,2.154 6.023,6.039 ---,10.933 ---,36.620
V=100000
F\P 1 2 4 8 16 32 64
10 0.171,0.162 0.204,0.198 0.285,0.230 0.692,0.500 1.225,0.881 2.990,2.243 6.379,4.771
100 0.151,0.171 0.220,0.210 0.295,0.255 0.720,0.518 1.226,0.844 3.423,2.831 19.234,17.544
1000 0.192,0.189 0.249,0.225 1.162,1.043 2.257,2.093 5.853,4.997 ---,10.399 ---,32.198
We see that the new code is faster in pretty much all the cases and
starting from 4 processes there are significant gains with the new code
resulting in upto 20-times shorter runtimes. Also for large numbers of
cached entries all values for the old code could not be measured as the
kernel started hitting softlockups and died before the test completed.
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
(Cherry-pick from commit 24f7c6b981fb70084757382da464ea85d72af300)
The current shrinker callout API uses an a single shrinker call for
multiple functions. To determine the function, a special magical value is
passed in a parameter to change the behaviour. This complicates the
implementation and return value specification for the different
behaviours.
Separate the two different behaviours into separate operations, one to
return a count of freeable objects in the cache, and another to scan a
certain number of objects in the cache for freeing. In defining these new
operations, ensure the return values and resultant behaviours are clearly
defined and documented.
Modify shrink_slab() to use the new API and implement the callouts for all
the existing shrinkers.
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Glauber Costa <glommer@parallels.com>
Acked-by: Mel Gorman <mgorman@suse.de>
Cc: "Theodore Ts'o" <tytso@mit.edu>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Cc: Arve Hjønnevåg <arve@android.com>
Cc: Carlos Maiolino <cmaiolino@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Chuck Lever <chuck.lever@oracle.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: David Rientjes <rientjes@google.com>
Cc: Gleb Natapov <gleb@redhat.com>
Cc: Greg Thelen <gthelen@google.com>
Cc: J. Bruce Fields <bfields@redhat.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Jerome Glisse <jglisse@redhat.com>
Cc: John Stultz <john.stultz@linaro.org>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Kent Overstreet <koverstreet@google.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Steven Whitehouse <swhiteho@redhat.com>
Cc: Thomas Hellstrom <thellstrom@vmware.com>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[@nathanchance: fixed conflicts related to ec8ce5ecc8]
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
The trace event headers are required to include tracepoint.h. The only reason
they worked now is because module.h included tracepoint.h, and that will soon
change.
Link: http://lkml.kernel.org/r/20140226190644.442886305@goodmis.org
Fixes: 455b286468 "writeback: Initial tracing support"
Cc: Dave Chinner <dchinner@redhat.com>
Cc: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
It is very likely that block device inode will be part of BDI dirty list
as well. However it doesn't make sence to sort inodes on the b_io list
just because of this inode (as it contains buffers all over the device
anyway). So save some CPU cycles which is valuable since we hold relatively
contented wb->list_lock.
Signed-off-by: Jan Kara <jack@suse.cz>
Al Viro points out that:
> > * [Linux-specific aside] our __alloc_fd() can degrade quite badly
> > with some use patterns. The cacheline pingpong in the bitmap is probably
> > inevitable, unless we accept considerably heavier memory footprint,
> > but we also have a case when alloc_fd() takes O(n) and it's _not_ hard
> > to trigger - close(3);open(...); will have the next open() after that
> > scanning the entire in-use bitmap.
And Eric Dumazet has a somewhat realistic multithreaded microbenchmark
that opens and closes a lot of sockets with minimal work per socket.
This patch largely fixes it. We keep a 2nd-level bitmap of the open
file bitmaps, showing which words are already full. So then we can
traverse that second-level bitmap to efficiently skip already allocated
file descriptors.
On his benchmark, this improves performance by up to an order of
magnitude, by avoiding the excessive open file bitmap scanning.
Tested-and-acked-by: Eric Dumazet <edumazet@google.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
In preparation of not locking at all for certain buffers depending on if
there's contention, make locking optional depending on the initialization
of the prz.
Signed-off-by: Joel Fernandes <joelaf@google.com>
[kees: moved locking flag into prz instead of via caller arguments]
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Joe Maples <joe@frap129.org>
Currently pstore has a global spinlock for all zones. Since the zones
are independent and modify different areas of memory, there's no need
to have a global lock, so we should use a per-zone lock as introduced
here. Also, when ramoops's ftrace use-case has a FTRACE_PER_CPU flag
introduced later, which splits the ftrace memory area into a single zone
per CPU, it will eliminate the need for locking. In preparation for this,
make the locking optional.
Signed-off-by: Joel Fernandes <joelaf@google.com>
[kees: updated commit message]
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Joe Maples <joe@frap129.org>
strlen is often used incorectly to get the length of strings
defined at compile time. In these cases, the behavior can be
replicated with sizeof(X) - 1, which is calculated at compile
time rather than runtime, reducing overhead. I've created a
simple macro to replace these instances and applied it to all
the files compiled into the angler kernel.
Signed-off-by: Joe Maples <joe@frap129.org>
This patch backports the queuing_blocked() function
from Linux mainline and places it into the
kthread header so it is accessible everywhere.
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
Signed-off-by: Joe Maples <joe@frap129.org>
O_TMPFILE | O_CREAT => linkat() with AT_SYMLINK_FOLLOW and /proc/self/fd/<n>
as oldpath (i.e. flink()) will create a link
O_TMPFILE | O_CREAT | O_EXCL => ENOENT on attempt to link those guys
Change-Id: I5e28485680c3320cd0fccc0ba1bea8b963fca7fe
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[suggested by Rasmus Villemoes] make O_DIRECTORY | O_RDWR part of O_TMPFILE;
that will fail on old kernels in a lot more cases than what I came up with.
And make sure O_CREAT doesn't get there...
Change-Id: I4818563d79ca1abf9ea99f5ccea9317eb2f3b678
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
commit 946e51f2bf37f1656916eb75bd0742ba33983c28 upstream.
Change-Id: I5eac86f5d0e43edea255bbedd9ca05e308bb9475
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Ben Hutchings <ben@decadent.org.uk>
[hujianyang: Backported to 3.10 refer to the work of Ben Hutchings in 3.2:
- Apply name changes in all the different places we use d_alias and d_child
- Move the WARN_ON() in __d_free() to d_free() as we don't have dentry_free()]
Signed-off-by: hujianyang <hujianyang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCWxWzwwAKCRDorT+BmrEO
eEmGAJ9Y4YMBAgQmIsz5GjbvNk3Kqu3RGACdEcAsk2is8cSq1kKvF6Hmlappr3w=
=pyl6
-----END PGP SIGNATURE-----
Merge aosp tag 'android-8.1.0_r0.62' into lineage-15.1
June 2018 OPM6.171019.030.B1
f7affbf Revert "ion: ensure CMO target is valid"
71a0cf4 msm: ADSPRPC: Use ID in response to get context pointer
1c03a6d qcacld-2.0: Fix potential buffer overwrite in the htt_t2h_lp_msg_handler
0963d6e qcacld-2.0: Add data_len check to avoid OOB access
b85cb60 BACKPORT: ASN.1: fix out-of-bounds read when parsing indefinite length item
e26c230 UPSTREAM: KEYS: fix out-of-bounds read during ASN.1 parsing
758fa30 qcacld-2.0: Fix potential buffer overflow
88e7e58 ion: ensure CMO target is valid
8aae2ec crypto: hmac - require that the underlying hash algorithm is unkeyed
a343e34 qcacld-2.0: Move NBUF_UPDATE_TX_PKT_COUNT before freeing netbuf
7970e95 diag: dci: check signed values for negativity
58e7effd diag: Add conditional check for len in dci_process_ctrl_status()
1cc5ac5 diag: Validate copying length against source buffer length
7e15586 mm-camera2:isp2: Handle use after free buffer
2b052636 ANDROID: Bluetooth: hidp: buffer overflow in hidp_process_report
bbee8ff UPSTREAM: HID: Bluetooth: hidp: make sure input buffers are big enough
be5c4ba qcacld-2.0: Remove FW memory dump feature
04300ee BACKPORT: ipv6: fix udpv6 sendmsg crash caused by too small MTU
1d6da6b UPSTREAM: ipv4, ipv6: ensure raw socket message is big enough to hold an IP header
1748f845 msm: ADSPRPC: use access_ok to validate pointers
3607a99 ASoC: wcd_cpe_core: Add mutex lock for CPE session
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCWxWzwwAKCRDorT+BmrEO
eEmGAJ9Y4YMBAgQmIsz5GjbvNk3Kqu3RGACdEcAsk2is8cSq1kKvF6Hmlappr3w=
=pyl6
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlsVt6IACgkQmXOSYMts
txaWWg//bg+TS8zJixr4WwRjFL/eMLtLVKViMQX5p7ZEaaKZzzV178fG/yICUEGa
TIDjR9RIFU2P17y7NJCN/Jwn3qSNgf1gxuSSUboNAPYUK3L9qFIGTmUZHGQ0nGMc
q6eVO+leIF38+aePzD6utysAzrCO3rd7MKFyHaukQUVX0z46ObUZYUkNlxcalVfL
/+8rzUOX5JnuD0iUaU1LwgxY/Kox2IDkmJCiI1mnexUGJ7fCDOZN5HLG+7bsRw2r
+YiKzzOqsoAIiXNlZOL7K4fnB3kt0pslcsv4apt75547xqSl1guVM3qUOLhvgpKL
yn2C0DLwi7QP5WOJjiyT7dNlmRBE1d5X/cWZZGffUbhMMcvFDxXO9yXmI9cS2nB9
2tfhlvEjf4COtmoai/5LwsyoLfJn+gtiAzQ2J7D+/FqMSYcF4p+cj0nKNNu5+aN7
od5RFOnodKIeGoGf6XJcPQtOZnCu+TpUe+xMaACTnolT/xHlcyCV5xCL+E6waNg5
0mGCOEOyXM3+LlFul8o++dd8UFDQr83Sq9VJ+S6flKIM/ShIle9bxvsO3TSu9Uy/
QlmP9/NBdnLmPqdabauq1HNINpQAFAnPFtP8MqHYGEdZczpAGf9ihJWFtAEPRWSw
/KoFtUWCMsvFMnIz3EDAr2i3afb2/vE1seQc/X44uErwqsng8M8=
=PN63
-----END PGP SIGNATURE-----
Merge tag 'android-8.1.0_r0.62' into android-msm-bullhead-3.10
Android 8.1.0 Release 0.62
* tag 'android-8.1.0_r0.62':
Revert "ion: ensure CMO target is valid"
msm: ADSPRPC: Use ID in response to get context pointer
qcacld-2.0: Fix potential buffer overwrite in the htt_t2h_lp_msg_handler
qcacld-2.0: Add data_len check to avoid OOB access
BACKPORT: ASN.1: fix out-of-bounds read when parsing indefinite length item
UPSTREAM: KEYS: fix out-of-bounds read during ASN.1 parsing
qcacld-2.0: Fix potential buffer overflow
ion: ensure CMO target is valid
crypto: hmac - require that the underlying hash algorithm is unkeyed
qcacld-2.0: Move NBUF_UPDATE_TX_PKT_COUNT before freeing netbuf
diag: dci: check signed values for negativity
diag: Add conditional check for len in dci_process_ctrl_status()
diag: Validate copying length against source buffer length
mm-camera2:isp2: Handle use after free buffer
ANDROID: Bluetooth: hidp: buffer overflow in hidp_process_report
UPSTREAM: HID: Bluetooth: hidp: make sure input buffers are big enough
qcacld-2.0: Remove FW memory dump feature
BACKPORT: ipv6: fix udpv6 sendmsg crash caused by too small MTU
UPSTREAM: ipv4, ipv6: ensure raw socket message is big enough to hold an IP header
msm: ADSPRPC: use access_ok to validate pointers
ASoC: wcd_cpe_core: Add mutex lock for CPE session
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
commit af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 upstream.
Because the HMAC template didn't check that its underlying hash
algorithm is unkeyed, trying to use "hmac(hmac(sha3-512-generic))"
through AF_ALG or through KEYCTL_DH_COMPUTE resulted in the inner HMAC
being used without having been keyed, resulting in sha3_update() being
called without sha3_init(), causing a stack buffer overflow.
This is a very old bug, but it seems to have only started causing real
problems when SHA-3 support was added (requires CONFIG_CRYPTO_SHA3)
because the innermost hash's state is ->import()ed from a zeroed buffer,
and it just so happens that other hash algorithms are fine with that,
but SHA-3 is not. However, there could be arch or hardware-dependent
hash algorithms also affected; I couldn't test everything.
Fix the bug by introducing a function crypto_shash_alg_has_setkey()
which tests whether a shash algorithm is keyed. Then update the HMAC
template to require that its underlying hash algorithm is unkeyed.
Here is a reproducer:
#include <linux/if_alg.h>
#include <sys/socket.h>
int main()
{
int algfd;
struct sockaddr_alg addr = {
.salg_type = "hash",
.salg_name = "hmac(hmac(sha3-512-generic))",
};
char key[4096] = { 0 };
algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(algfd, (const struct sockaddr *)&addr, sizeof(addr));
setsockopt(algfd, SOL_ALG, ALG_SET_KEY, key, sizeof(key));
}
Here was the KASAN report from syzbot:
BUG: KASAN: stack-out-of-bounds in memcpy include/linux/string.h:341 [inline]
BUG: KASAN: stack-out-of-bounds in sha3_update+0xdf/0x2e0 crypto/sha3_generic.c:161
Write of size 4096 at addr ffff8801cca07c40 by task syzkaller076574/3044
CPU: 1 PID: 3044 Comm: syzkaller076574 Not tainted 4.14.0-mm1+ #25
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x257 lib/dump_stack.c:53
print_address_description+0x73/0x250 mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351 [inline]
kasan_report+0x25b/0x340 mm/kasan/report.c:409
check_memory_region_inline mm/kasan/kasan.c:260 [inline]
check_memory_region+0x137/0x190 mm/kasan/kasan.c:267
memcpy+0x37/0x50 mm/kasan/kasan.c:303
memcpy include/linux/string.h:341 [inline]
sha3_update+0xdf/0x2e0 crypto/sha3_generic.c:161
crypto_shash_update+0xcb/0x220 crypto/shash.c:109
shash_finup_unaligned+0x2a/0x60 crypto/shash.c:151
crypto_shash_finup+0xc4/0x120 crypto/shash.c:165
hmac_finup+0x182/0x330 crypto/hmac.c:152
crypto_shash_finup+0xc4/0x120 crypto/shash.c:165
shash_digest_unaligned+0x9e/0xd0 crypto/shash.c:172
crypto_shash_digest+0xc4/0x120 crypto/shash.c:186
hmac_setkey+0x36a/0x690 crypto/hmac.c:66
crypto_shash_setkey+0xad/0x190 crypto/shash.c:64
shash_async_setkey+0x47/0x60 crypto/shash.c:207
crypto_ahash_setkey+0xaf/0x180 crypto/ahash.c:200
hash_setkey+0x40/0x90 crypto/algif_hash.c:446
alg_setkey crypto/af_alg.c:221 [inline]
alg_setsockopt+0x2a1/0x350 crypto/af_alg.c:254
SYSC_setsockopt net/socket.c:1851 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1830
entry_SYSCALL_64_fastpath+0x1f/0x96
Reported-by: syzbot <syzkaller@googlegroups.com>
Bug: 71752561
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: Ib101c789fc49f1a80cffeedd78f166956a35287b
March 2018 OPM3.171019.016 android-8.1.0_r0.35
0d5d67e qcacld-2.0: Add sanity check to limit mgmt frames data len
14876b0 qcacld-2.0: Set length of challenge text sent by SAP to 128
673d3f9 BACKPORT: packet: in packet_do_bind, test fanout with bind_lock held
1dc6576 qcacld-2.0: Avoid OEM message overread
de18d78 msm: sensor: flash: add conditional check for ioctl
170c359 msm:ipa: Fix to incorrect structure access
7f03d54 ASoC: msm: qdsp6v2: Set freed pointers to NULL
1aaa5ce UPSTREAM: packet: fix tp_reserve race in packet_set_ring
51639fd diag: Add protection while de-initializing clients
732133b qcacld-2.0: Fix out-of-bounds access in limProcessActionFrameNoSession
47ba538a qcacld-2.0: Check for upper bound in P2P NOA event
13ff632 qcacld-2.0: Check for the max number of P2P NOA descriptors
4d0c252 qcacld-2.0: Check for valid vdev ID in wma_nlo_match_evt_handler
9c5c66c qcacld-2.0: Avoid possible buffer overwrite in wma_process_utf_event
c9d4535 UPSTREAM: USB: serial: console: fix use-after-free after failed setup
04168fa UPSTREAM: ALSA: usb-audio: Kill stray URB at exiting
0e9bb0bf UPSTREAM: ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
1a21d8e UPSTREAM: USB: fix out-of-bounds in usb_set_configuration
9c339fa UPSTREAM: HID: usbhid: fix out-of-bounds bug
3917708 UPSTREAM: USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
5216047 UPSTREAM: packet: hold bind lock when rebinding to fanout hook
b59e5bf power: qcom: msm-core: Add mutex lock for ioctl
249230a qcacld-2.0: Fix int overflow in wma_unified_link_peer_stats_event_handler
c491f09 qcacld-2.0: Check vdev_id against wma->max_bssid
c4d087e FROMLIST: power: Fix user ptr in EA_LEAKAGE ioctl
2d298f2 diag: Add mutex protection while reading dci debug statistics
583794f qcacld-2.0: Fix Integer overflow with latest framesc_linux tool
e45809e qcacld-2.0: Avoid integer overflow in lim_update_ibss_prop_add_ies
b9e6be8 qcacld-2.0: Fix the size of array ch_list in sme_set_plm_request
0fe2574 ANDROID: sdcardfs: Add default_normal option
0b3f999 ANDROID: sdcardfs: notify lower file of opens
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCWp3GSgAKCRDorT+BmrEO
eH+BAJ0Z1NF9Qsc8eCHx2GPuLc9Oh4BiuwCeIRJt6qJwTgqwGhBrzLEy4WtvR18=
=Rbhg
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlqd0TEACgkQmXOSYMts
txYuSg/+Nz5WSONRPD1P5fJds0JPlQaT4UUxwJy0QJJQwQLzKdhBObLjZHI07Kwg
wVaJ0QjFd2TP5RGqBI4ACreePkpLZLtY0fNlMFrqJAczU+SCyjrR8jEpwLESFa0W
Uy83dc7+8nNPYo4A2WHW596paXkkf/zzexIYvc0KPBbqbR1MEHxl2M9WQ1FpbDtX
ebzlhPGHxP99n6R2DYFU4Fh4bp1XXP5i0Yp+083HXobkU8L9svdouyGzN3DaC/gh
oy3LS/QOh80V60nl+QuMtlrv2WmGycaWypa5PkYVJO80HVxzJV6Wmw9nioBghgVB
h6kv5UuJRMH6MqUSdqc9WVfeA1ndDwFPdrYn8xuroljKWOBdz7UInblYoT4U2kpR
oYy822xKssqPEyVP48pFP+iN2LwOc7Qr/W5dYRRkg0uTooZWzDhrpvvVgPaddpvU
sKLrI4z2Z4y3/fJJ1BynpL046H4UHFDA7/9m4ehIwK8eX+/QCSi6gEvEtZcU+k+F
czGVR843MKpbcDztGnyw+ml7K2hajkC394syAaLQs+pq/1CUkQ2JoRbukmladTIS
4A7OnSr4Q3kHaZnoV1axvtzCRNkUr3f5VeOMA6IrYSw9dsGGWQ78fy7mp/BgJbcI
Fpt7iRDzIy813oegQz4D9AQ3bqIbBBvWQ3uvRr4EUz1WLYQ+jc0=
=AhfL
-----END PGP SIGNATURE-----
Merge tag 'android-8.1.0_r0.37' into android-msm-bullhead-3.10-oreo-m5
Android 8.1.0 Release 0.36 (OPM5.171019.017,angler)
* tag 'android-8.1.0_r0.37':
qcacld-2.0: Add sanity check to limit mgmt frames data len
qcacld-2.0: Set length of challenge text sent by SAP to 128
BACKPORT: packet: in packet_do_bind, test fanout with bind_lock held
qcacld-2.0: Avoid OEM message overread
msm: sensor: flash: add conditional check for ioctl
msm:ipa: Fix to incorrect structure access
ASoC: msm: qdsp6v2: Set freed pointers to NULL
UPSTREAM: packet: fix tp_reserve race in packet_set_ring
diag: Add protection while de-initializing clients
qcacld-2.0: Fix out-of-bounds access in limProcessActionFrameNoSession
qcacld-2.0: Check for upper bound in P2P NOA event
qcacld-2.0: Check for the max number of P2P NOA descriptors
qcacld-2.0: Check for valid vdev ID in wma_nlo_match_evt_handler
qcacld-2.0: Avoid possible buffer overwrite in wma_process_utf_event
UPSTREAM: USB: serial: console: fix use-after-free after failed setup
UPSTREAM: ALSA: usb-audio: Kill stray URB at exiting
UPSTREAM: ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
UPSTREAM: USB: fix out-of-bounds in usb_set_configuration
UPSTREAM: HID: usbhid: fix out-of-bounds bug
UPSTREAM: USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
UPSTREAM: packet: hold bind lock when rebinding to fanout hook
power: qcom: msm-core: Add mutex lock for ioctl
qcacld-2.0: Fix int overflow in wma_unified_link_peer_stats_event_handler
qcacld-2.0: Check vdev_id against wma->max_bssid
FROMLIST: power: Fix user ptr in EA_LEAKAGE ioctl
diag: Add mutex protection while reading dci debug statistics
qcacld-2.0: Fix Integer overflow with latest framesc_linux tool
qcacld-2.0: Avoid integer overflow in lim_update_ibss_prop_add_ies
qcacld-2.0: Fix the size of array ch_list in sme_set_plm_request
ANDROID: sdcardfs: Add default_normal option
ANDROID: sdcardfs: notify lower file of opens
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
February 2018 OPM3.171019.014 android-8.1.0_r0.22
25966c5 qcacld-2.0: Fix potential buffer overwrite in wma_roam_synch_event_handler
585aad3 qcacld-2.0: Add sanity check to avoid len overflow issue in WMI event data
1c34442 ANDROID: sound: rawmidi: Hold lock around realloc
121b5f7 rtac: add size check when reading cal data kvaddr buffer
4d27be6 ANDROID: qtaguid: Fix the UAF probelm with tag_ref_tree
9e27b06 msm: camera: Return -NOTTY on invalid ioctl command.
00a5bc6 BACKPORT: ALSA: seq: Fix use-after-free at creating a port
fff552a qcacld-2.0: Fix to propagate key-receiver-sequence-counter to WMA
a4f67fd qcacld-2.0: Propagate key sequence counter to SME
7f216fb qcacld-2.0: Change local variables to dynamic in limProcessAuthFrame
a7fc3e1 qcacld-2.0: Prevent buffer overflow
0630460 qcacld-2.0: Fix int overflow in wma_unified_link_radio_stats_event_handler
246914e msm: ipa: Fix to use after free issue
1a3c1bc FROMLIST: input: synaptics_dsx: remove unused synaptics touch screen driver files
77c84e2 iovec: make sure the caller actually wants anything in memcpy_fromiovecend
eafd3e9 xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJZ/kCIAAoJEE44bZycYXAvRXwQAIZY4bXFnlvl8qJZLd8GV6gT
8FErDT14eHKBXZUe1a4TFFJ4FU/dVWfPEPJf2k/aotqjwEysxy5MhOApun12ZbF4
nL6ahNemhNxdIRQFVKBw6HCLyqNwbeBSD3ycLd6FNio4Xxz+3UHO1hoVEbTPSGOf
XD+100wsV3CHvoCnkmoGXH4PiD1zaNVPwJEh4Fu6yVJQPXDilszTNZgVv4oujhsZ
zp7Si3SpttfojkOcWgyqrV7jg2ALZxagf4SZ0KbbpwM/5fKEpYtC3sDDE3HyvcVm
CN0ApTIg7xnuaPsDMwHU9EGLVwlAZEAeiWtR2Byg1YoRQ7mEP9PfkP9xJv9YPxvP
Ovy7CqezRFjjscVsvrWScFaVtsdYbnT9e5uw2N3yLimHEKy+37x333gLCpbr+/0c
gsJMJMYTiq1MYUTpa+qf+rB0lQVo972+7FsjOs4ovdy+IJrpgMnKaL6U8drOns7t
Nmyf1cZTC6YPELnEA8LiRCRsi26HHA6Tknu8Nu2/uOEjeYD0y9iVivptwDB2W35Q
cECNGSJ85qCob73WDYB5ErGQCTwIm0PTdjzEvjCTxRooT164uhzfr0BdIWhIsdV5
uPNnkTYj3PkDlMGHhjVARI32In/VQyuf7hsugpVPn4/wKZV3jGJ/rMugAR2eSfTn
TFrKUsUdH0DYPZKgIhh8
=wa9B
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqfQ0ACgkQmXOSYMts
txZ98RAAjyab1BYfLJMVklDBqzIIWnBqniRPOCReTZ3f+4KDwFVPl5wVT89DHci/
ooIonHqI1BKKuYDIgTL7idK6vGTFo6bTpUT8FZvsjU0V3mFYySA4Yo9aC5G6nXW9
w/dkaOpX1jtkMTukiAqENryBDs7gYXZ0sbqxnq7pgrnnDepVUStZ7ncoWYdxOADG
E6Mirskj5fE/MHsVAenYtVmJVFDlvj6P04MT5bGL9e5EIz5CP3ekOqasdsBWj6rE
yg1JOaH6eOsgSCsP7M9dGxYglKH9nfkJHRnlU3HbXrRdSupTRvs8zC6u9W0DDI2g
XlrDTIM2UAM1hhRFMhly41o+8zpGHTi8puLJsNYL6bRM33V678dNrnEr/xnzNGpR
QwC38JWJYymGTkUtW7J1T/GVlWbsF17/fJ5EBG9hSHphrtSjP0nF1i1dAo/MI6hb
IY+MxVzO3CTZ22Bwjg9DNz56V+RUg56xy//sHSz3GoI6kuFt4tYzwNmLf0Fkj5VJ
lEI6vDYW/YTlWFFGdNaycvVwj+uETKepx0MIPx2Xt/mY3YNPwMUA2EBfjew+6709
cbTkn/XxcIZTzZmqKsZ/wZkDK7hKatdlxbcqI2tzidL03MfC3nK83L3YGrJnpbXd
TU/kR3CWWFVgG574B24ssutT4nrYeHUBp+xGDcQSnwbmihig6NU=
=pENk
-----END PGP SIGNATURE-----
Merge 3.10.108 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.108: (141 commits)
ipvs: SNAT packet replies only for NATed connections
net: reduce skb_warn_bad_offload() noise
net: skb_needs_check() accepts CHECKSUM_NONE for tx
Staging: comedi: comedi_fops: Avoid orphaned proc entry
udp: consistently apply ufo or fragmentation
Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with l2cap socket
Bluetooth: cmtp: cmtp_add_connection() should verify that it's dealing with l2cap socket
tcp: introduce tcp_rto_delta_us() helper for xmit timer fix
tcp: enable xmit timer fix by having TLP use time when RTO should fire
tcp: fix xmit timer to only be reset if data ACKed/SACKed
mm/page_alloc: Remove kernel address exposure in free_reserved_area()
leak in O_DIRECT readv past the EOF
usb: renesas_usbhs: fix the behavior of some usbhs_pkt_handle
usb: renesas_usbhs: fix the sequence in xfer_work()
usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet
fs/exec.c: account for argv/envp pointers
rxrpc: Fix several cases where a padded len isn't checked in ticket decode
xfrm: policy: check policy direction value
nl80211: check for the required netlink attributes presence
ALSA: seq: Fix use-after-free at creating a port
MIPS: Send SIGILL for BPOSGE32 in `__compute_return_epc_for_insn'
serial: ifx6x60: fix use-after-free on module unload
KEYS: fix dereferencing NULL payload with nonzero length
usb: chipidea: debug: check before accessing ci_role
cpufreq: conservative: Allow down_threshold to take values from 1 to 10
powerpc/kprobes: Pause function_graph tracing during jprobes handling
staging: comedi: fix clean-up of comedi_class in comedi_init()
brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
vt: fix unchecked __put_user() in tioclinux ioctls
crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD
PM / Domains: Fix unsafe iteration over modified list of device links
powerpc/64: Fix atomic64_inc_not_zero() to return an int
powerpc: Fix emulation of mfocrf in emulate_step()
powerpc/asm: Mark cr0 as clobbered in mftb()
usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL
MIPS: Actually decode JALX in `__compute_return_epc_for_insn'
MIPS: Fix unaligned PC interpretation in `compute_return_epc'
MIPS: math-emu: Prevent wrong ISA mode instruction emulation
libata: array underflow in ata_find_dev()
workqueue: restore WQ_UNBOUND/max_active==1 to be ordered
ext4: fix SEEK_HOLE/SEEK_DATA for blocksize < pagesize
ext4: fix overflow caused by missing cast in ext4_resize_fs()
media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl
target: Avoid mappedlun symlink creation during lun shutdown
fuse: initialize the flock flag in fuse_file on allocation
scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path
scsi: zfcp: fix missing trace records for early returns in TMF eh handlers
scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response
usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe
usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction
iommu/amd: Finish TLB flush in amd_iommu_unmap()
direct-io: Prevent NULL pointer access in submit_page_section
USB: serial: console: fix use-after-free after failed setup
KEYS: don't let add_key() update an uninstantiated key
FS-Cache: fix dereference of NULL user_key_payload
ext4: keep existing extra fields when inode expands
MIPS: Fix mips_atomic_set() retry condition
KEYS: prevent creating a different user's keyrings
KEYS: encrypted: fix dereference of NULL user_key_payload
md/bitmap: disable bitmap_resize for file-backed bitmaps.
lib/digsig: fix dereference of NULL user_key_payload
netfilter: invoke synchronize_rcu after set the _hook_ to NULL
md/raid10: submit bio directly to replacement disk
md: fix super_offset endianness in super_1_rdev_size_change
lib/cmdline.c: fix get_options() overflow while parsing ranges
ext4: fix SEEK_HOLE
net: prevent sign extension in dev_get_stats()
kernel/extable.c: mark core_kernel_text notrace
wext: handle NULL extra data in iwe_stream_add_point better
netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister
ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets
ext4: avoid deadlock when expanding inode size
sctp: don't dereference ptr before leaving _sctp_walk_{params, errors}()
sctp: fix the check for _sctp_walk_params and _sctp_walk_errors
sctp: fully initialize the IPv6 address in sctp_v6_to_addr()
sctp: potential read out of bounds in sctp_ulpevent_type_enabled()
tcp: disallow cwnd undo when switching congestion control
netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
tcp: reset sk_rx_dst in tcp_disconnect()
tcp: avoid setting cwnd to invalid ssthresh after cwnd reduction states
tcp: when rearming RTO, if RTO time is in past then fire RTO ASAP
tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0
net/packet: check length in getsockopt() called with PACKET_HDRLEN
net: Set sk_prot_creator when cloning sockets to the right proto
net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs
net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev
x86/io: Add "memory" clobber to insb/insw/insl/outsb/outsw/outsl
kvm: async_pf: fix rcu_irq_enter() with irqs enabled
net: ping: do not abuse udp_poll()
scsi: qla2xxx: don't disable a not previously enabled PCI device
drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve()
net: xilinx_emaclite: fix receive buffer overflow
serial: efm32: Fix parity management in 'efm32_uart_console_get_options()'
x86/mm/32: Set the '__vmalloc_start_set' flag in initmem_init()
mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode
pvrusb2: reduce stack usage pvr2_eeprom_analyze()
usb: r8a66597-hcd: select a different endpoint on timeout
usb: r8a66597-hcd: decrease timeout
drivers/misc/c2port/c2port-duramar2150.c: checking for NULL instead of IS_ERR()
net: phy: fix marvell phy status reading
net: korina: Fix NAPI versus resources freeing
xfrm: NULL dereference on allocation failure
xfrm: Oops on error in pfkey_msg2xfrm_state()
cpufreq: s3c2416: double free on driver init error path
KVM: x86: zero base3 of unusable segments
KEYS: Fix an error code in request_master_key()
ipv6: avoid unregistering inet6_dev for loopback
cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
cfg80211: Check if PMKID attribute is of expected size
mm: fix overflow check in expand_upwards()
crypto: caam - fix signals handling
ir-core: fix gcc-7 warning on bool arithmetic
udf: Fix deadlock between writeback and udf_setsize()
perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its target
net/mlx4: Remove BUG_ON from ICM allocation routine
ipv4: initialize fib_trie prior to register_netdev_notifier call.
workqueue: implicit ordered attribute should be overridable
packet: fix tp_reserve race in packet_set_ring
staging:iio:resolver:ad2s1210 fix negative IIO_ANGL_VEL read
ALSA: core: Fix unexpected error at replacing user TLV
ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal
qlge: avoid memcpy buffer overflow
ipv6: fix memory leak with multiple tables during netns destruction
ipv6: fix typo in fib6_net_exit()
ip6_gre: fix endianness errors in ip6gre_err
crypto: AF_ALG - remove SGL terminator indicator when chaining
scsi: qla2xxx: Fix an integer overflow in sysfs code
tracing: Apply trace_clock changes to instance max buffer
tracing: Erase irqsoff trace with empty write
btrfs: prevent to set invalid default subvolid
IB/ipoib: rtnl_unlock can not come after free_netdev
team: fix memory leaks
IB/qib: fix false-postive maybe-uninitialized warning
KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options
scsi: scsi_dh_emc: return success in clariion_std_inquiry()
can: esd_usb2: Fix can_dlc value for received RTR, frames
x86/apic: fix build breakage caused by incomplete backport to 3.10
Linux 3.10.108
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJZUiosAAoJEE44bZycYXAvcHYP/1OKMYQB/3G7GfEhMXdlpV31
VjdzUg5X1JOE60anYNopvWQJgDFXMy9mTceUI3axDkfYb5iDFUpRBFEh70ggDL04
bGB/J4n2Linjkj35u+S5P3fK6qBfg9+VDpTfUYPZGB5YjOjmaD06E8InBF8iUuC3
6pkMtQKOptmKOc2hw84PsB3qm9ER2MMa92Lrs1rtcOihEqQMyKjkI/kzogs8XGje
5gMt31VweScZed3d7i1r9tl/DTmzGcpEyVpz/x8gI7Xwi69FeeLy6cWbhK0VOsLA
u7ul9mDa77bUC/jpBzJmIkS8fhzaTyUw8NQbtol9RSSIfzb+mvXyx9Vr7o4LYK2B
P6AekC16x6R8KUED1hfxKdagguRACDfKf91bMAxDCN/PXqITVbk3RxxxH6wHAvOx
Ihf4G5h800/ks6X1oMBYZcbFFbNCUHZjyL7V1M/iy1TrKuRhEtou4Ft3X+gOauLS
CG8VR9Jo1/BAvMaJmy5Hg9RPNoxEMstDi6x3ugD0wH57XHSZ5QmFMBzCbuWR6hWM
q1DvBK/I54BXlsdYU9WySn1hm2gKCNPZ+zGzLTo1l426vme+YjhC5911V7Tv+WHm
lc5FTXWtXGhoAZuNSIGDrlv3Dyq44iMNrqXrhlPmJjWD3Hx4hFGGp2GyHOpK+5+7
7egPk9m1WrhUKzA9m1/M
=InCr
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqfQUACgkQmXOSYMts
txZNghAApD/SW4fTOx6RZFCPVjAP70FfXvZsQYf3Zfp44Ytm2Kax3GIABPuknlI+
IZRAPnXb6KP8DNDdCyGcJ0avI5uw96sXyeZWlDZyeS1WHHizJq3+BLB09zzdegSk
K1dJrobXCYNESmcQMT5diGwqLYkdOs3hh7Ehqut29njwCzVzNG3n43H9F15o9cUZ
6lAM8/Zb6ai+0KgVgwC40QJneVltDEFfXVr6wo/IJXnYNaRCPKQM5lsG09pxxopG
NVSsmUyeJI5bPWEm5vbuBL2JVhaCcMtTfAPHflqbtykE8eSVEWdTeCWPuGWcATB+
2sGp3cVR2W7+4CHpbcnrXolmP/OI3jXHbG1LvyRqg4Iw1jgtZ8wwjCEkdsPz3fED
g2+EtSYl/NLW7N8P4KQV9jzihYIfELBj9HQsEs5aPOstyjyxl12RxJvjw835v5ts
oa7qKQAHIwZsuaB34qK+DjI5coNeKRvDMy5mm0GL3TqmLLFEzSVpaTceGpdvNLi0
6k3RkuJzU0TwAoTShWyYu6AbV+8aHniBQbjzYs5sufRgDy9pjnfWzDqtUM+chTsm
WaxwhpHdpOomwAfZr8/Zaf0xIxP/M99SFKevntE04Ft93P8dKuLqFcNAjQkMdibY
UHrJ67nBllmDtlH8yGO9j4FD89O0QaBX4J3qGyIu5eE73/iibvo=
=J7vi
-----END PGP SIGNATURE-----
Merge 3.10.107 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.107: (270 commits)
Revert "Btrfs: don't delay inode ref updates during log, replay"
Btrfs: fix memory leak in reading btree blocks
ext4: use more strict checks for inodes_per_block on mount
ext4: fix in-superblock mount options processing
ext4: add sanity checking to count_overhead()
ext4: validate s_first_meta_bg at mount time
jbd2: don't leak modified metadata buffers on an aborted journal
ext4: fix fencepost in s_first_meta_bg validation
ext4: trim allocation requests to group size
ext4: preserve the needs_recovery flag when the journal is aborted
ext4: return EROFS if device is r/o and journal replay is needed
ext4: fix inode checksum calculation problem if i_extra_size is small
block: fix use-after-free in sys_ioprio_get()
block: allow WRITE_SAME commands with the SG_IO ioctl
block: fix del_gendisk() vs blkdev_ioctl crash
dm crypt: mark key as invalid until properly loaded
dm space map metadata: fix 'struct sm_metadata' leak on failed create
md/raid5: limit request size according to implementation limits
md:raid1: fix a dead loop when read from a WriteMostly disk
md linear: fix a race between linear_add() and linear_congested()
CIFS: Fix a possible memory corruption during reconnect
CIFS: Fix missing nls unload in smb2_reconnect()
CIFS: Fix a possible memory corruption in push locks
CIFS: remove bad_network_name flag
fs/cifs: make share unaccessible at root level mountable
cifs: Do not send echoes before Negotiate is complete
ocfs2: fix crash caused by stale lvb with fsdlm plugin
ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed()
can: raw: raw_setsockopt: limit number of can_filter that can be set
can: peak: fix bad memory access and free sequence
can: c_can_pci: fix null-pointer-deref in c_can_start() - set device pointer
can: ti_hecc: add missing prepare and unprepare of the clock
can: bcm: fix hrtimer/tasklet termination in bcm op removal
can: usb_8dev: Fix memory leak of priv->cmd_msg_buffer
ALSA: hda - Fix up GPIO for ASUS ROG Ranger
ALSA: seq: Fix race at creating a queue
ALSA: seq: Don't handle loop timeout at snd_seq_pool_done()
ALSA: timer: Reject user params with too small ticks
ALSA: seq: Fix link corruption by event error handling
ALSA: seq: Fix racy cell insertions during snd_seq_pool_done()
ALSA: seq: Fix race during FIFO resize
ALSA: seq: Don't break snd_use_lock_sync() loop by timeout
ALSA: usb-audio: Add QuickCam Communicate Deluxe/S7500 to volume_control_quirks
usb: gadgetfs: restrict upper bound on device configuration size
USB: gadgetfs: fix unbounded memory allocation bug
USB: gadgetfs: fix use-after-free bug
USB: gadgetfs: fix checks of wTotalLength in config descriptors
xhci: free xhci virtual devices with leaf nodes first
USB: serial: io_ti: bind to interface after fw download
usb: gadget: composite: always set ep->mult to a sensible value
USB: cdc-acm: fix double usb_autopm_put_interface() in acm_port_activate()
USB: cdc-acm: fix open and suspend race
USB: cdc-acm: fix failed open not being detected
usb: dwc3: gadget: make Set Endpoint Configuration macros safe
usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci controllers
usb: dwc3: gadget: delay unmap of bounced requests
usb: hub: Wait for connection to be reestablished after port reset
usb: gadget: composite: correctly initialize ep->maxpacket
USB: UHCI: report non-PME wakeup signalling for Intel hardware
arm/xen: Use alloc_percpu rather than __alloc_percpu
xfs: set AGI buffer type in xlog_recover_clear_agi_bucket
xfs: clear _XBF_PAGES from buffers when readahead page
ssb: Fix error routine when fallback SPROM fails
drivers/gpu/drm/ast: Fix infinite loop if read fails
scsi: avoid a permanent stop of the scsi device's request queue
scsi: move the nr_phys_segments assert into scsi_init_io
scsi: don't BUG_ON() empty DMA transfers
scsi: storvsc: properly handle SRB_ERROR when sense message is present
scsi: storvsc: properly set residual data length on errors
target/pscsi: Fix TYPE_TAPE + TYPE_MEDIMUM_CHANGER export
scsi: lpfc: Add shutdown method for kexec
scsi: sr: Sanity check returned mode data
scsi: sd: Fix capacity calculation with 32-bit sector_t
s390/vmlogrdr: fix IUCV buffer allocation
libceph: verify authorize reply on connect
nfs_write_end(): fix handling of short copies
powerpc/ps3: Fix system hang with GCC 5 builds
sg_write()/bsg_write() is not fit to be called under KERNEL_DS
ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it
cred/userns: define current_user_ns() as a function
net: ti: cpmac: Fix compiler warning due to type confusion
tick/broadcast: Prevent NULL pointer dereference
netvsc: reduce maximum GSO size
drop_monitor: add missing call to genlmsg_end
drop_monitor: consider inserted data in genlmsg_end
igmp: Make igmp group member RFC 3376 compliant
HID: hid-cypress: validate length of report
Input: xpad - use correct product id for x360w controllers
Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000
Input: iforce - validate number of endpoints before using them
Input: kbtab - validate number of endpoints before using them
Input: joydev - do not report stale values on first open
Input: tca8418 - use the interrupt trigger from the device tree
Input: mpr121 - handle multiple bits change of status register
Input: mpr121 - set missing event capability
Input: i8042 - add Clevo P650RS to the i8042 reset list
i2c: fix kernel memory disclosure in dev interface
vme: Fix wrong pointer utilization in ca91cx42_slave_get
sysrq: attach sysrq handler correctly for 32-bit kernel
pinctrl: sh-pfc: Do not unconditionally support PIN_CONFIG_BIAS_DISABLE
x86/PCI: Ignore _CRS on Supermicro X8DTH-i/6/iF/6F
qla2xxx: Fix crash due to null pointer access
ARM: 8634/1: hw_breakpoint: blacklist Scorpion CPUs
ARM: dts: da850-evm: fix read access to SPI flash
NFSv4: Ensure nfs_atomic_open set the dentry verifier on ENOENT
vmxnet3: Wake queue from reset work
Fix memory leaks in cifs_do_mount()
Compare prepaths when comparing superblocks
Move check for prefix path to within cifs_get_root()
Fix regression which breaks DFS mounting
apparmor: fix uninitialized lsm_audit member
apparmor: exec should not be returning ENOENT when it denies
apparmor: fix disconnected bind mnts reconnection
apparmor: internal paths should be treated as disconnected
apparmor: check that xindex is in trans_table bounds
apparmor: add missing id bounds check on dfa verification
apparmor: don't check for vmalloc_addr if kvzalloc() failed
apparmor: fix oops in profile_unpack() when policy_db is not present
apparmor: fix module parameters can be changed after policy is locked
apparmor: do not expose kernel stack
vfio/pci: Fix integer overflows, bitmask check
bna: Add synchronization for tx ring.
sg: Fix double-free when drives detach during SG_IO
move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon)
serial: 8250_pci: Detach low-level driver during PCI error recovery
bnx2x: Correct ringparam estimate when DOWN
tile/ptrace: Preserve previous registers for short regset write
sysctl: fix proc_doulongvec_ms_jiffies_minmax()
ISDN: eicon: silence misleading array-bounds warning
ARC: [arcompact] handle unaligned access delay slot corner case
parisc: Don't use BITS_PER_LONG in userspace-exported swab.h header
nfs: Don't increment lock sequence ID after NFS4ERR_MOVED
ipv6: addrconf: Avoid addrconf_disable_change() using RCU read-side lock
af_unix: move unix_mknod() out of bindlock
drm/nouveau/nv1a,nv1f/disp: fix memory clock rate retrieval
crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg
ata: sata_mv:- Handle return value of devm_ioremap.
mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone()
mm, fs: check for fatal signals in do_generic_file_read()
ARC: [arcompact] brown paper bag bug in unaligned access delay slot fixup
sched/debug: Don't dump sched debug info in SysRq-W
tcp: fix 0 divide in __tcp_select_window()
macvtap: read vnet_hdr_size once
packet: round up linear to header len
vfs: fix uninitialized flags in splice_to_pipe()
siano: make it work again with CONFIG_VMAP_STACK
futex: Move futex_init() to core_initcall
rtc: interface: ignore expired timers when enqueuing new timers
irda: Fix lockdep annotations in hashbin_delete().
tty: serial: msm: Fix module autoload
rtlwifi: rtl_usb: Fix for URB leaking when doing ifconfig up/down
af_packet: remove a stray tab in packet_set_ring()
MIPS: Fix special case in 64 bit IP checksumming.
mm: vmpressure: fix sending wrong events on underflow
ipc/shm: Fix shmat mmap nil-page protection
sd: get disk reference in sd_check_events()
samples/seccomp: fix 64-bit comparison macros
ath5k: drop bogus warning on drv_set_key with unsupported cipher
rdma_cm: fail iwarp accepts w/o connection params
NFSv4: fix getacl ERANGE for some ACL buffer sizes
bcma: use (get|put)_device when probing/removing device driver
powerpc/xmon: Fix data-breakpoint
KVM: VMX: use correct vmcs_read/write for guest segment selector/base
KVM: PPC: Book3S PR: Fix illegal opcode emulation
KVM: s390: fix task size check
s390: TASK_SIZE for kernel threads
xtensa: move parse_tag_fdt out of #ifdef CONFIG_BLK_DEV_INITRD
mac80211: flush delayed work when entering suspend
drm/ast: Fix test for VGA enabled
drm/ttm: Make sure BOs being swapped out are cacheable
fat: fix using uninitialized fields of fat_inode/fsinfo_inode
drivers: hv: Turn off write permission on the hypercall page
xhci: fix 10 second timeout on removal of PCI hotpluggable xhci controllers
crypto: improve gcc optimization flags for serpent and wp512
mtd: pmcmsp: use kstrndup instead of kmalloc+strncpy
cpmac: remove hopeless #warning
mvsas: fix misleading indentation
l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
net: don't call strlen() on the user buffer in packet_bind_spkt()
dccp: Unlock sock before calling sk_free()
tcp: fix various issues for sockets morphing to listen state
uapi: fix linux/packet_diag.h userspace compilation error
ipv6: avoid write to a possibly cloned skb
dccp: fix memory leak during tear-down of unsuccessful connection request
futex: Fix potential use-after-free in FUTEX_REQUEUE_PI
futex: Add missing error handling to FUTEX_REQUEUE_PI
give up on gcc ilog2() constant optimizations
cancel the setfilesize transation when io error happen
crypto: ghash-clmulni - Fix load failure
crypto: cryptd - Assign statesize properly
ACPI / video: skip evaluating _DOD when it does not exist
Drivers: hv: balloon: don't crash when memory is added in non-sorted order
s390/pci: fix use after free in dma_init
cpufreq: Fix and clean up show_cpuinfo_cur_freq()
igb: Workaround for igb i210 firmware issue
igb: add i211 to i210 PHY workaround
ipv4: provide stronger user input validation in nl_fib_input()
tcp: initialize icsk_ack.lrcvtime at session start time
ACM gadget: fix endianness in notifications
mmc: sdhci: Do not disable interrupts while waiting for clock
uvcvideo: uvc_scan_fallback() for webcams with broken chain
fbcon: Fix vc attr at deinit
crypto: algif_hash - avoid zero-sized array
virtio_balloon: init 1st buffer in stats vq
c6x/ptrace: Remove useless PTRACE_SETREGSET implementation
sparc/ptrace: Preserve previous registers for short regset write
metag/ptrace: Preserve previous registers for short regset write
metag/ptrace: Provide default TXSTATUS for short NT_PRSTATUS
metag/ptrace: Reject partial NT_METAG_RPIPE writes
libceph: force GFP_NOIO for socket allocations
ACPI: Fix incompatibility with mcount-based function graph tracing
ACPI / power: Avoid maybe-uninitialized warning
rtc: s35390a: make sure all members in the output are set
rtc: s35390a: implement reset routine as suggested by the reference
rtc: s35390a: improve irq handling
padata: avoid race in reordering
HID: hid-lg: Fix immediate disconnection of Logitech Rumblepad 2
HID: i2c-hid: Add sleep between POWER ON and RESET
drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()
drm/vmwgfx: avoid calling vzalloc with a 0 size in vmw_get_cap_3d_ioctl()
drm/vmwgfx: Remove getparam error message
drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
Reset TreeId to zero on SMB2 TREE_CONNECT
metag/usercopy: Drop unused macros
metag/usercopy: Zero rest of buffer from copy_from_user
powerpc: Don't try to fix up misaligned load-with-reservation instructions
mm/mempolicy.c: fix error handling in set_mempolicy and mbind.
mtd: bcm47xxpart: fix parsing first block after aligned TRX
net/packet: fix overflow in check for priv area size
x86/vdso: Plug race between mapping and ELF header setup
iscsi-target: Fix TMR reference leak during session shutdown
iscsi-target: Drop work-around for legacy GlobalSAN initiator
xen, fbfront: fix connecting to backend
char: lack of bool string made CONFIG_DEVPORT always on
platform/x86: acer-wmi: setup accelerometer when machine has appropriate notify event
platform/x86: acer-wmi: setup accelerometer when ACPI device was found
mm: Tighten x86 /dev/mem with zeroing reads
virtio-console: avoid DMA from stack
catc: Combine failure cleanup code in catc_probe()
catc: Use heap buffer for memory size test
net: ipv6: check route protocol when deleting routes
Drivers: hv: don't leak memory in vmbus_establish_gpadl()
Drivers: hv: get rid of timeout in vmbus_open()
ubi/upd: Always flush after prepared for an update
x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs
powerpc: Reject binutils 2.24 when building little endian
net/packet: fix overflow in check for tp_frame_nr
net/packet: fix overflow in check for tp_reserve
tty: nozomi: avoid a harmless gcc warning
hostap: avoid uninitialized variable use in hfa384x_get_rid
gfs2: avoid uninitialized variable warning
net: neigh: guard against NULL solicit() method
sctp: listen on the sock only when it's state is listening or closed
ip6mr: fix notification device destruction
MIPS: Fix crash registers on non-crashing CPUs
RDS: Fix the atomicity for congestion map update
xen/x86: don't lose event interrupts
p9_client_readdir() fix
nfsd: check for oversized NFSv2/v3 arguments
ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram
kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)
tun: read vnet_hdr_sz once
printk: use rcuidle console tracepoint
ipv6: check raw payload size correctly in ioctl
x86: standardize mmap_rnd() usage
x86/mm/32: Enable full randomization on i386 and X86_32
mm: larger stack guard gap, between vmas
mm: fix new crash in unmapped_area_topdown()
Allow stack to grow up to address space limit
Linux 3.10.107
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
arch/x86/mm/mmap.c
drivers/mmc/host/sdhci.c
drivers/usb/host/xhci-plat.c
fs/ext4/super.c
kernel/sched/core.c
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJZQspmAAoJEE44bZycYXAvLXMP/3Uqx7K7dGjHvvhGA4DhnzSp
bGLpjeP1sXXnnd932PN+qkGbl2j/NPjS74DobDqGWnrwxKRzQ21F4YkWJGtb4Pe2
JKcY7y2rbKGcwhpS9qDMkSWuaUKJWF5MAsH08LnCWqlGphGwAH/uPTdqS4iI/CJM
aQvaaITe5SVzvpvpyoCVdHqu8K+Ukraf91mvt7hlmrn9OnqO9us9MWulw5sSXQcd
pM8ZbRkBDE5OFeVnPKJDBY+cR2ML41wekMMwvJWt7uRyrX2i5c7oQVXYoeYE4MKx
Pueb7aG7LQwBUzNJCiZA6PAEFQPwNPCoxHZbAax0D6/JyDWOZukappquzjd6gLDM
+U7mxeFTeNZJ5v9tUcUIOb4GaaFcccS3wdDP23V2N8iM88hFVwJn0RSy/pksX37+
ZNDiEyDeJBjz3kh/Kf40zhFIIrABMozFeX3tpSRVVqXb+T6P9l8Y88O2LGY5FCXK
QBbAC+jC4X4YI+4v+QWImg9mkfTwzZyjyAlfyjPlHVSK9KDP9M6LXpr2+jKS7jOc
ievMOh9ku0HIVuSWGUKZSqjvcF01Bh99tFlX+KqipomwNTwa4hKCLmnOVflF1BPE
8sfD9hvenA0e949kXrURUmqpg6Ujkrbb/lXuD7e2CakCu+XjEMf317R11TyTsHNG
10hsmPsGDVcwbyFOFHS3
=mvzl
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqfEUACgkQmXOSYMts
txbJOQ/+Pce1eBSgjESWKuz0OP9BfAe9RpWFi7lBZ/EgRwJVYEx6jau9EYXAQ7YT
roCIsV6eufhMplYGHJz6EHxK2Hieb1zG9ooX9ss9GxiB6qmqeqC0Slm9EQE15yGT
px3fVz9r86edqjtj7UKK0/n8DJUaFh5LWOymLD3d3/115RYQsl/GowugH9F79PvN
pR+OyXq7srtfCmwdhZ65012Ef10RXqBRv0fCYBH6r+jkMqb7uSDFzdR39Z7k3QFk
AM4+3lTm6EEZ4xZkcMyX3GuQWslpPAlvFdEx43TjdCbseXAqURoppmxvz+Izum75
fy0oOdKl5OSpyZArRkUfZ0MnL6BHGcKxwYV4u1LupwvqPyaUT4yiT5VEUdy9EqJo
Syrr0oSR2lrXqQESdxKkmOZVXyul0nF3Fh1p5QlU1/Id9oskMLYqcXegFyhr2Wyp
+A4ZozljEQ4AGm4dYFdH3w8TcNDttjztYoKf8OXnaCOj3p/SEq84tk4Hm3vpoPvh
5OzsZC3UB9gJ1mXsKOVKLJFCPzmg61KOvwhopfAcC6cyiIIf/MPCneZeOzsavtQX
J+atSNcLVNE3jmrXvUrwxSpZ3KCc3Ti5Q8pD9ni6/B6st2+LO8EXPrS6n2+28nvu
hVpjyCXLbghdmn1mjOGW9lvMQEg/Dupj/ocpCPHJnXpbpM8Mcjo=
=3eAv
-----END PGP SIGNATURE-----
Merge 3.10.106 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.106: (252 commits)
packet: fix race condition in packet_set_ring
crypto: crypto_memneq - add equality testing of memory regions w/o timing leaks
EVM: Use crypto_memneq() for digest comparisons
libceph: don't set weight to IN when OSD is destroyed
KVM: x86: fix emulation of "MOV SS, null selector"
KVM: x86: Introduce segmented_write_std
posix_acl: Clear SGID bit when setting file permissions
tmpfs: clear S_ISGID when setting posix ACLs
fbdev: color map copying bounds checking
selinux: fix off-by-one in setprocattr
tcp: avoid infinite loop in tcp_splice_read()
xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder
KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
KEYS: Change the name of the dead type to ".dead" to prevent user access
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
ext4: fix data exposure after a crash
locking/rtmutex: Prevent dequeue vs. unlock race
m68k: Fix ndelay() macro
hotplug: Make register and unregister notifier API symmetric
Btrfs: fix tree search logic when replaying directory entry deletes
USB: serial: kl5kusb105: fix open error path
block_dev: don't test bdev->bd_contains when it is not stable
crypto: caam - fix AEAD givenc descriptors
ext4: fix mballoc breakage with 64k block size
ext4: fix stack memory corruption with 64k block size
ext4: reject inodes with negative size
ext4: return -ENOMEM instead of success
f2fs: set ->owner for debugfs status file's file_operations
block: protect iterate_bdevs() against concurrent close
scsi: zfcp: fix use-after-"free" in FC ingress path after TMF
scsi: zfcp: do not trace pure benign residual HBA responses at default level
scsi: zfcp: fix rport unblock race with LUN recovery
ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps to it
IB/mad: Fix an array index check
IB/multicast: Check ib_find_pkey() return value
powerpc: Convert cmp to cmpd in idle enter sequence
usb: gadget: composite: Test get_alt() presence instead of set_alt()
USB: serial: omninet: fix NULL-derefs at open and disconnect
USB: serial: quatech2: fix sleep-while-atomic in close
USB: serial: pl2303: fix NULL-deref at open
USB: serial: keyspan_pda: verify endpoints at probe
USB: serial: spcp8x5: fix NULL-deref at open
USB: serial: io_ti: fix NULL-deref at open
USB: serial: io_ti: fix another NULL-deref at open
USB: serial: iuu_phoenix: fix NULL-deref at open
USB: serial: garmin_gps: fix memory leak on failed URB submit
USB: serial: ti_usb_3410_5052: fix NULL-deref at open
USB: serial: io_edgeport: fix NULL-deref at open
USB: serial: oti6858: fix NULL-deref at open
USB: serial: cyberjack: fix NULL-deref at open
USB: serial: kobil_sct: fix NULL-deref in write
USB: serial: mos7840: fix NULL-deref at open
USB: serial: mos7720: fix NULL-deref at open
USB: serial: mos7720: fix use-after-free on probe errors
USB: serial: mos7720: fix parport use-after-free on probe errors
USB: serial: mos7720: fix parallel probe
usb: xhci-mem: use passed in GFP flags instead of GFP_KERNEL
usb: musb: Fix trying to free already-free IRQ 4
ALSA: usb-audio: Fix bogus error return in snd_usb_create_stream()
USB: serial: kl5kusb105: abort on open exception path
staging: iio: ad7606: fix improper setting of oversampling pins
usb: dwc3: gadget: always unmap EP0 requests
cris: Only build flash rescue image if CONFIG_ETRAX_AXISFLASHMAP is selected
hwmon: (ds620) Fix overflows seen when writing temperature limits
clk: clk-wm831x: fix a logic error
iommu/amd: Fix the left value check of cmd buffer
scsi: mvsas: fix command_active typo
target/iscsi: Fix double free in lio_target_tiqn_addtpg()
mmc: mmc_test: Uninitialized return value
powerpc/pci/rpadlpar: Fix device reference leaks
ser_gigaset: return -ENOMEM on error instead of success
net, sched: fix soft lockup in tc_classify
net: stmmac: Fix race between stmmac_drv_probe and stmmac_open
gro: Enter slow-path if there is no tailroom
gro: use min_t() in skb_gro_reset_offset()
gro: Disable frag0 optimization on IPv6 ext headers
powerpc: Fix build warning on 32-bit PPC
Input: i8042 - add Pegatron touchpad to noloop table
mm/hugetlb.c: fix reservation race when freeing surplus pages
USB: serial: kl5kusb105: fix line-state error handling
USB: serial: ch341: fix initial modem-control state
USB: serial: ch341: fix open error handling
USB: serial: ch341: fix control-message error handling
USB: serial: ch341: fix open and resume after B0
USB: serial: ch341: fix resume after reset
USB: serial: ch341: fix modem-control and B0 handling
x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option
NFSv4.1: nfs4_fl_prepare_ds must be careful about reporting success.
powerpc/ibmebus: Fix further device reference leaks
powerpc/ibmebus: Fix device reference leaks in sysfs interface
IB/mlx4: Set traffic class in AH
IB/mlx4: Fix port query for 56Gb Ethernet links
perf scripting: Avoid leaking the scripting_context variable
ARM: dts: imx31: fix clock control module interrupts description
svcrpc: don't leak contexts on PROC_DESTROY
mmc: mxs-mmc: Fix additional cycles after transmission stop
mtd: nand: xway: disable module support
ubifs: Fix journal replay wrt. xattr nodes
arm64/ptrace: Preserve previous registers for short regset write
arm64/ptrace: Avoid uninitialised struct padding in fpr_set()
arm64/ptrace: Reject attempts to set incomplete hardware breakpoint fields
ARM: ux500: fix prcmu_is_cpu_in_wfi() calculation
ite-cir: initialize use_demodulator before using it
fuse: do not use iocb after it may have been freed
crypto: caam - fix non-hmac hashes
drm/i915: Don't leak edid in intel_crt_detect_ddc()
s5k4ecgx: select CRC32 helper
platform/x86: intel_mid_powerbtn: Set IRQ_ONESHOT
net: fix harmonize_features() vs NETIF_F_HIGHDMA
tcp: initialize max window for a new fastopen socket
svcrpc: fix oops in absence of krb5 module
ARM: 8643/3: arm/ptrace: Preserve previous registers for short regset write
mac80211: Fix adding of mesh vendor IEs
scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed send
drm/i915: fix use-after-free in page_flip_completed()
net: use a work queue to defer net_disable_timestamp() work
ipv4: keep skb->dst around in presence of IP options
netlabel: out of bound access in cipso_v4_validate()
ip6_gre: fix ip6gre_err() invalid reads
ping: fix a null pointer dereference
l2tp: do not use udp_ioctl()
packet: fix races in fanout_add()
packet: Do not call fanout_release from atomic contexts
net: socket: fix recvmmsg not returning error from sock_error
USB: serial: mos7840: fix another NULL-deref at open
USB: serial: ftdi_sio: fix modem-status error handling
USB: serial: ftdi_sio: fix extreme low-latency setting
USB: serial: ftdi_sio: fix line-status over-reporting
USB: serial: spcp8x5: fix modem-status handling
USB: serial: opticon: fix CTS retrieval at open
USB: serial: ark3116: fix register-accessor error handling
x86/platform/goldfish: Prevent unconditional loading
goldfish: Sanitize the broken interrupt handler
ocfs2: do not write error flag to user structure we cannot copy from/to
mfd: pm8921: Potential NULL dereference in pm8921_remove()
drm/nv50/disp: min/max are reversed in nv50_crtc_gamma_set()
net: 6lowpan: fix lowpan_header_create non-compression memcpy call
vti4: Don't count header length twice.
net/sched: em_meta: Fix 'meta vlan' to correctly recognize zero VID frames
MIPS: OCTEON: Fix copy_from_user fault handling for large buffers
MIPS: Clear ISA bit correctly in get_frame_info()
MIPS: Prevent unaligned accesses during stack unwinding
MIPS: Fix get_frame_info() handling of microMIPS function size
MIPS: Fix is_jump_ins() handling of 16b microMIPS instructions
MIPS: Calculate microMIPS ra properly when unwinding the stack
MIPS: Handle microMIPS jumps in the same way as MIPS32/MIPS64 jumps
uvcvideo: Fix a wrong macro
scsi: aacraid: Reorder Adapter status check
ath9k: use correct OTP register offsets for the AR9340 and AR9550
fuse: add missing FR_FORCE
RDMA/core: Fix incorrect structure packing for booleans
NFSv4: fix getacl head length estimation
s390/qdio: clear DSCI prior to scanning multiple input queues
IB/ipoib: Fix deadlock between rmmod and set_mode
ktest: Fix child exit code processing
nlm: Ensure callback code also checks that the files match
dm: flush queued bios when process blocks to avoid deadlock
USB: serial: digi_acceleport: fix OOB data sanity check
USB: serial: digi_acceleport: fix OOB-event processing
MIPS: ip27: Disable qlge driver in defconfig
tracing: Add #undef to fix compile error
USB: serial: safe_serial: fix information leak in completion handler
USB: serial: omninet: fix reference leaks at open
USB: iowarrior: fix NULL-deref at probe
USB: iowarrior: fix NULL-deref in write
USB: serial: io_ti: fix NULL-deref in interrupt callback
USB: serial: io_ti: fix information leak in completion handler
vxlan: correctly validate VXLAN ID against VXLAN_N_VID
ipv4: mask tos for input route
locking/static_keys: Add static_key_{en,dis}able() helpers
net: net_enable_timestamp() can be called from irq contexts
dccp/tcp: fix routing redirect race
net sched actions: decrement module reference count after table flush.
perf/core: Fix event inheritance on fork()
isdn/gigaset: fix NULL-deref at probe
xen: do not re-use pirq number cached in pci device msi msg data
net: properly release sk_frag.page
net: unix: properly re-increment inflight counter of GC discarded candidates
Input: ims-pcu - validate number of endpoints before using them
Input: hanwang - validate number of endpoints before using them
Input: yealink - validate number of endpoints before using them
Input: cm109 - validate number of endpoints before using them
USB: uss720: fix NULL-deref at probe
USB: idmouse: fix NULL-deref at probe
USB: wusbcore: fix NULL-deref at probe
uwb: i1480-dfu: fix NULL-deref at probe
uwb: hwa-rc: fix NULL-deref at probe
mmc: ushc: fix NULL-deref at probe
ext4: mark inode dirty after converting inline directory
scsi: libsas: fix ata xfer length
ALSA: ctxfi: Fallback DMA mask to 32bit
ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call
ACPI / PNP: Avoid conflicting resource reservations
ACPI / resources: free memory on error in add_region_before()
ACPI / PNP: Reserve ACPI resources at the fs_initcall_sync stage
USB: OHCI: Fix race between ED unlink and URB submission
i2c: at91: manage unexpected RXRDY flag when starting a transfer
ipv4: igmp: Allow removing groups from a removed interface
ptrace: fix PTRACE_LISTEN race corrupting task->state
ring-buffer: Fix return value check in test_ringbuffer()
metag/usercopy: Fix alignment error checking
metag/usercopy: Add early abort to copy_to_user
metag/usercopy: Set flags before ADDZ
metag/usercopy: Fix src fixup in from user rapf loops
metag/usercopy: Add missing fixups
s390/decompressor: fix initrd corruption caused by bss clear
net/mlx4_en: Fix bad WQE issue
net/mlx4_core: Fix racy CQ (Completion Queue) free
char: Drop bogus dependency of DEVPORT on !M68K
powerpc: Disable HFSCR[TM] if TM is not supported
pegasus: Use heap buffers for all register access
rtl8150: Use heap buffers for all register access
tracing: Allocate the snapshot buffer before enabling probe
ring-buffer: Have ring_buffer_iter_empty() return true when empty
netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel
net: phy: handle state correctly in phy_stop_machine
l2tp: take reference on sessions being dumped
MIPS: KGDB: Use kernel context for sleeping threads
ARM: dts: imx31: move CCM device node to AIPS2 bus devices
ARM: dts: imx31: fix AVIC base address
tun: Fix TUN_PKT_STRIP setting
Staging: vt6655-6: potential NULL dereference in hostap_disable_hostapd()
net: sctp: rework multihoming retransmission path selection to rfc4960
perf trace: Use the syscall raw_syscalls:sys_enter timestamp
USB: usbtmc: add missing endpoint sanity check
ping: implement proper locking
USB: fix problems with duplicate endpoint addresses
USB: dummy-hcd: fix bug in stop_activity (handle ep0)
mm/init: fix zone boundary creation
can: Fix kernel panic at security_sock_rcv_skb
Drivers: hv: avoid vfree() on crash
xc2028: avoid use after free
xc2028: unlock on error in xc2028_set_config()
xc2028: Fix use-after-free bug properly
ipv6: fix ip6_tnl_parse_tlv_enc_lim()
ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()
ipv6: fix the use of pcpu_tstats in ip6_tunnel
sctp: avoid BUG_ON on sctp_wait_for_sndbuf
sctp: deny peeloff operation on asocs with threads sleeping on it
KVM: x86: clear bus pointer when destroyed
kvm: exclude ioeventfd from counting kvm_io_range limit
KVM: kvm_io_bus_unregister_dev() should never fail
TTY: n_hdlc, fix lockdep false positive
tty: n_hdlc: get rid of racy n_hdlc.tbuf
ipv6: handle -EFAULT from skb_copy_bits
fs: exec: apply CLOEXEC before changing dumpable task flags
mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp
dccp/tcp: do not inherit mc_list from parent
char: lp: fix possible integer overflow in lp_setup()
dccp: fix freeing skb too early for IPV6_RECVPKTINFO
Linux 3.10.106
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
drivers/mfd/pm8921-core.c
include/linux/cpu.h
kernel/cpu.c
net/ipv4/inet_connection_sock.c
net/ipv4/ping.c
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJYnZNdAAoJEE44bZycYXAvJv0P/jpPc+jKb+D0FVUOiYDkY5Rw
jxsZ3oeruTIeSFAAIzusVMLm9moBJA6DThuTHU5Kt68mRaKB2lgmqwkkvQAPTSYh
tnDQwlrF7dOSVmPczJFHalpaLpRdXdQP9r8y+38PibaFZPssKdnZr3BBfdOdi5DT
lj029AGKfG7co6Hb/iAhsxuAFfPmvGHY4QNwJ2FRbU1m6MDtmCTbXzF0fc6X5AW1
qrtaWwPulJtZ/5MPk7aFyNpuCpNvIaTEqNaQsZbuz3bHfzDQVLerWze98vgHC0QM
2YOTP6TnEiHhxHGMb9SywUgSV1ylx0X542YDfxmcfyxBWRr0khlxQh1gpX+waqE3
pqdSlvN7AFzifw6kubbG2/XjkNvFtJcDTgrL3qco4utIezSijXmoOsDpKNnJuzk/
kSD5WYd+Q1CSHOkqZX29QPw1Dl/7Ftm7GPfxu7Pis1OBuPByqtRkEfmn9DpiKSs5
Aja0ljZYiQ3jy3fH+WlEzo6PVSxx0ZxKg0fOShlpgjj8KjMUdGfl9cB1OZxyWnNH
UiQ9iIWd3tJci7WbsBOfawsQpq3EIJxZKjyUmLYpBht5/YenYxOBDCr/CLJDQBGI
IQUPAs/E1JGDxGTUY3AmsaMVrcX2yOfhLzjrsVJGqSdote0um+2PdTLZHE4MMiz2
Dh6CbUVYWS1KNgmQ8T8L
=k5mW
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqeiwACgkQmXOSYMts
txaBAQ/+KqZh90YZI+gRHGdczbo3XnlryHMdpp+DTIFtN3zU+2LM352oP+haoJfr
YhNsixcMhW5TX0is5fg4SkIc0B3ooGKZLVKOPIRw+1NLBAVG5yVuYxW7I1faJgk6
F37+4rvq7KAOPCNMjAEXRt7GqZ4WZjgvgKy+u5wzKh3k5kUylqDwlP2qdgx2L5Rc
IxyxgOuaVGV6dZTyAyRlRMild5Tlz+SMY4pWoMe0sulDDXhd5/5PnGNVIgh+XqB6
m0AGkIIzPVe+wmg6n1iYs93dQO0Jmu6DL47Zv4f3ASZNL/XVSLvU9ie63FyWGZXG
e52qAPtztXInEOo15vPQSAAq7McZHDTzhHhsU/ZtkBT+LeSUU+rsxXddJ2EO5UgC
O3cVm11x1FWMzbBtFNFtkqeri2Y2OxvU4O81mfNP1oOUQBTMeSHTzQ8psbCdXeEr
ktSOtI+nakPmDE3aq4YSaz7BwSgt2tU/vZehkrTxtAQJxt0b88r2xFfThy5WScT1
v6muoqxlprjjvFld7v99P8cXxJq4QrxKUxXtEBTdB79Q5xtCC29OAcTelpPFDCED
/KpgZflubzH/Z872AW9Ru8OL9PYty6hBNDOP4aHLSFWfCu3KQxL6BMEeqi5qBjBX
mJ8JT0dCQYP6xONIWq6a3fICroNMazhNFxdpPSfsQFRhujhjGPg=
=zhKv
-----END PGP SIGNATURE-----
Merge 3.10.105 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.105: (315 commits)
sched/core: Fix a race between try_to_wake_up() and a woken up task
sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule()
crypto: algif_skcipher - Require setkey before accept(2)
crypto: af_alg - Disallow bind/setkey/... after accept(2)
crypto: af_alg - Add nokey compatibility path
crypto: algif_skcipher - Add nokey compatibility path
crypto: hash - Add crypto_ahash_has_setkey
crypto: shash - Fix has_key setting
crypto: algif_hash - Require setkey before accept(2)
crypto: skcipher - Add crypto_skcipher_has_setkey
crypto: algif_skcipher - Add key check exception for cipher_null
crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey path
crypto: algif_hash - Remove custom release parent function
crypto: algif_skcipher - Remove custom release parent function
crypto: af_alg - Forbid bind(2) when nokey child sockets are present
crypto: algif_hash - Fix race condition in hash_check_key
crypto: algif_skcipher - Fix race condition in skcipher_check_key
crypto: algif_skcipher - Load TX SG list after waiting
crypto: cryptd - initialize child shash_desc on import
crypto: skcipher - Fix blkcipher walk OOM crash
crypto: gcm - Fix IV buffer size in crypto_gcm_setkey
MIPS: KVM: Fix unused variable build warning
KVM: MIPS: Precalculate MMIO load resume PC
KVM: MIPS: Drop other CPU ASIDs on guest MMU changes
KVM: nVMX: postpone VMCS changes on MSR_IA32_APICBASE write
KVM: MIPS: Make ERET handle ERL before EXL
KVM: x86: fix wbinvd_dirty_mask use-after-free
KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
KVM: Disable irq while unregistering user notifier
PM / devfreq: Fix incorrect type issue.
ppp: defer netns reference release for ppp channel
x86/mm/xen: Suppress hugetlbfs in PV guests
xen: Add RING_COPY_REQUEST()
xen-netback: don't use last request to determine minimum Tx credit
xen-netback: use RING_COPY_REQUEST() throughout
xen-blkback: only read request operation from shared ring once
xen/pciback: Save xen_pci_op commands before processing it
xen/pciback: Save the number of MSI-X entries to be copied later.
xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled
xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI or MSI-X enabled
xen/pciback: Do not install an IRQ handler for MSI interrupts.
xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled.
xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
xen-pciback: Add name prefix to global 'permissive' variable
x86/xen: fix upper bound of pmd loop in xen_cleanhighmap()
x86/traps: Ignore high word of regs->cs in early_idt_handler_common
x86/mm: Disable preemption during CR3 read+write
x86/apic: Do not init irq remapping if ioapic is disabled
x86/mm/pat, /dev/mem: Remove superfluous error message
x86/paravirt: Do not trace _paravirt_ident_*() functions
x86/build: Build compressed x86 kernels as PIE
x86/um: reuse asm-generic/barrier.h
iommu/amd: Update Alias-DTE in update_device_table()
iommu/amd: Free domain id when free a domain of struct dma_ops_domain
ARM: 8616/1: dt: Respect property size when parsing CPUs
ARM: 8618/1: decompressor: reset ttbcr fields to use TTBR0 on ARMv7
ARM: sa1100: clear reset status prior to reboot
ARM: sa1111: fix pcmcia suspend/resume
arm64: avoid returning from bad_mode
arm64: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
arm64: spinlocks: implement smp_mb__before_spinlock() as smp_mb()
arm64: debug: avoid resetting stepping state machine when TIF_SINGLESTEP
MIPS: Malta: Fix IOCU disable switch read for MIPS64
MIPS: ptrace: Fix regs_return_value for kernel context
powerpc/mm: Don't alias user region to other regions below PAGE_OFFSET
powerpc/vdso64: Use double word compare on pointers
powerpc/powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data()
powerpc/64: Fix incorrect return value from __copy_tofrom_user
powerpc/nvram: Fix an incorrect partition merge
avr32: fix copy_from_user()
avr32: fix 'undefined reference to `___copy_from_user'
avr32: off by one in at32_init_pio()
s390/dasd: fix hanging device after clear subchannel
parisc: Ensure consistent state when switching to kernel stack at syscall entry
microblaze: fix __get_user()
microblaze: fix copy_from_user()
mn10300: failing __get_user() and get_user() should zero
m32r: fix __get_user()
sh64: failing __get_user() should zero
score: fix __get_user/get_user
s390: get_user() should zero on failure
ARC: uaccess: get_user to zero out dest in cause of fault
asm-generic: make get_user() clear the destination on errors
frv: fix clear_user()
cris: buggered copy_from_user/copy_to_user/clear_user
blackfin: fix copy_from_user()
score: fix copy_from_user() and friends
sh: fix copy_from_user()
hexagon: fix strncpy_from_user() error return
mips: copy_from_user() must zero the destination on access_ok() failure
asm-generic: make copy_from_user() zero the destination properly
alpha: fix copy_from_user()
metag: copy_from_user() should zero the destination on access_ok() failure
parisc: fix copy_from_user()
openrisc: fix copy_from_user()
openrisc: fix the fix of copy_from_user()
mn10300: copy_from_user() should zero on access_ok() failure...
sparc32: fix copy_from_user()
ppc32: fix copy_from_user()
ia64: copy_from_user() should zero the destination on access_ok() failure
fix fault_in_multipages_...() on architectures with no-op access_ok()
fix memory leaks in tracing_buffers_splice_read()
arc: don't leak bits of kernel stack into coredump
Fix potential infoleak in older kernels
swapfile: fix memory corruption via malformed swapfile
coredump: fix unfreezable coredumping task
usb: dwc3: gadget: increment request->actual once
USB: validate wMaxPacketValue entries in endpoint descriptors
USB: fix typo in wMaxPacketSize validation
usb: xhci: Fix panic if disconnect
USB: serial: fix memleak in driver-registration error path
USB: kobil_sct: fix non-atomic allocation in write path
USB: serial: mos7720: fix non-atomic allocation in write path
USB: serial: mos7840: fix non-atomic allocation in write path
usb: renesas_usbhs: fix clearing the {BRDY,BEMP}STS condition
USB: change bInterval default to 10 ms
usb: gadget: fsl_qe_udc: signedness bug in qe_get_frame()
USB: serial: cp210x: fix hardware flow-control disable
usb: misc: legousbtower: Fix NULL pointer deference
usb: gadget: function: u_ether: don't starve tx request queue
USB: serial: cp210x: fix tiocmget error handling
usb: gadget: u_ether: remove interrupt throttling
usb: chipidea: move the lock initialization to core file
Fix USB CB/CBI storage devices with CONFIG_VMAP_STACK=y
ALSA: rawmidi: Fix possible deadlock with virmidi registration
ALSA: timer: fix NULL pointer dereference in read()/ioctl() race
ALSA: timer: fix division by zero after SNDRV_TIMER_IOCTL_CONTINUE
ALSA: timer: fix NULL pointer dereference on memory allocation failure
ALSA: ali5451: Fix out-of-bound position reporting
ALSA: pcm : Call kill_fasync() in stream lock
zfcp: fix fc_host port_type with NPIV
zfcp: fix ELS/GS request&response length for hardware data router
zfcp: close window with unblocked rport during rport gone
zfcp: retain trace level for SCSI and HBA FSF response records
zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace
zfcp: trace on request for open and close of WKA port
zfcp: restore tracing of handle for port and LUN with HBA records
zfcp: fix D_ID field with actual value on tracing SAN responses
zfcp: fix payload trace length for SAN request&response
zfcp: trace full payload of all SAN records (req,resp,iels)
scsi: zfcp: spin_lock_irqsave() is not nestable
scsi: mpt3sas: Fix secure erase premature termination
scsi: mpt3sas: Unblock device after controller reset
scsi: mpt3sas: fix hang on ata passthrough commands
mpt2sas: Fix secure erase premature termination
scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices
scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression
scsi: ibmvfc: Fix I/O hang when port is not mapped
scsi: Fix use-after-free
scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer()
scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded
scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
ext4: validate that metadata blocks do not overlap superblock
ext4: avoid modifying checksum fields directly during checksum verification
ext4: use __GFP_NOFAIL in ext4_free_blocks()
ext4: reinforce check of i_dtime when clearing high fields of uid and gid
ext4: allow DAX writeback for hole punch
ext4: sanity check the block and cluster size at mount time
reiserfs: fix "new_insert_key may be used uninitialized ..."
reiserfs: Unlock superblock before calling reiserfs_quota_on_mount()
xfs: fix superblock inprogress check
libxfs: clean up _calc_dquots_per_chunk
btrfs: ensure that file descriptor used with subvol ioctls is a dir
ocfs2/dlm: fix race between convert and migration
ocfs2: fix start offset to ocfs2_zero_range_for_truncate()
ubifs: Fix assertion in layout_in_gaps()
ubifs: Fix xattr_names length in exit paths
UBIFS: Fix possible memory leak in ubifs_readdir()
ubifs: Abort readdir upon error
ubifs: Fix regression in ubifs_readdir()
UBI: fastmap: scrub PEB when bitflips are detected in a free PEB EC header
NFSv4.x: Fix a refcount leak in nfs_callback_up_net
NFSD: Using free_conn free connection
NFS: Don't drop CB requests with invalid principals
NFSv4: Open state recovery must account for file permission changes
fs/seq_file: fix out-of-bounds read
fs/super.c: fix race between freeze_super() and thaw_super()
isofs: Do not return EACCES for unknown filesystems
hostfs: Freeing an ERR_PTR in hostfs_fill_sb_common()
driver core: Delete an unnecessary check before the function call "put_device"
driver core: fix race between creating/querying glue dir and its cleanup
drm/radeon: fix radeon_move_blit on 32bit systems
drm: Reject page_flip for !DRIVER_MODESET
drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to on
qxl: check for kmap failures
Input: i8042 - break load dependency between atkbd/psmouse and i8042
Input: i8042 - set up shared ps2_cmd_mutex for AUX ports
Input: ili210x - fix permissions on "calibrate" attribute
hwrng: exynos - Disable runtime PM on probe failure
hwrng: omap - Fix assumption that runtime_get_sync will always succeed
hwrng: omap - Only fail if pm_runtime_get_sync returns < 0
i2c-eg20t: fix race between i2c init and interrupt enable
em28xx-i2c: rt_mutex_trylock() returns zero on failure
i2c: core: fix NULL pointer dereference under race condition
i2c: at91: fix write transfers by clearing pending interrupt first
iio: accel: kxsd9: Fix raw read return
iio: accel: kxsd9: Fix scaling bug
thermal: hwmon: Properly report critical temperature in sysfs
cdc-acm: fix wrong pipe type on rx interrupt xfers
timers: Use proper base migration in add_timer_on()
EDAC: Increment correct counter in edac_inc_ue_error()
IB/ipoib: Fix memory corruption in ipoib cm mode connect flow
IB/core: Fix use after free in send_leave function
IB/ipoib: Don't allow MC joins during light MC flush
IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV
IB/mlx4: Fix create CQ error flow
IB/uverbs: Fix leak of XRC target QPs
IB/cm: Mark stale CM id's whenever the mad agent was unregistered
mtd: blkdevs: fix potential deadlock + lockdep warnings
mtd: pmcmsp-flash: Allocating too much in init_msp_flash()
mtd: nand: davinci: Reinitialize the HW ECC engine in 4bit hwctl
perf symbols: Fixup symbol sizes before picking best ones
perf: Tighten (and fix) the grouping condition
tty: Prevent ldisc drivers from re-using stale tty fields
tty: limit terminal size to 4M chars
tty: vt, fix bogus division in csi_J
vt: clear selection before resizing
drivers/vfio: Rework offsetofend()
include/stddef.h: Move offsetofend() from vfio.h to a generic kernel header
stddef.h: move offsetofend inside #ifndef/#endif guard, neaten
ipv6: don't call fib6_run_gc() until routing is ready
ipv6: split duplicate address detection and router solicitation timer
ipv6: move DAD and addrconf_verify processing to workqueue
ipv6: addrconf: fix dev refcont leak when DAD failed
ipv6: fix rtnl locking in setsockopt for anycast and multicast
ip6_gre: fix flowi6_proto value in ip6gre_xmit_other()
ipv6: correctly add local routes when lo goes up
ipv6: dccp: fix out of bound access in dccp_v6_err()
ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
ip6_tunnel: Clear IP6CB in ip6tunnel_xmit()
ip6_tunnel: disable caching when the traffic class is inherited
net/irda: handle iriap_register_lsap() allocation failure
tcp: fix use after free in tcp_xmit_retransmit_queue()
tcp: properly scale window in tcp_v[46]_reqsk_send_ack()
tcp: fix overflow in __tcp_retransmit_skb()
tcp: fix wrong checksum calculation on MTU probing
tcp: take care of truncations done by sk_filter()
bonding: Fix bonding crash
net: ratelimit warnings about dst entry refcount underflow or overflow
mISDN: Support DR6 indication in mISDNipac driver
mISDN: Fixing missing validation in base_sock_bind()
net: disable fragment reassembly if high_thresh is set to zero
ipvs: count pre-established TCP states as active
iwlwifi: pcie: fix access to scratch buffer
svc: Avoid garbage replies when pc_func() returns rpc_drop_reply
brcmsmac: Free packet if dma_mapping_error() fails in dma_rxfill
brcmsmac: Initialize power in brcms_c_stf_ss_algo_channel_get()
brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()
pstore: Fix buffer overflow while write offset equal to buffer size
net/mlx4_core: Allow resetting VF admin mac to zero
firewire: net: guard against rx buffer overflows
firewire: net: fix fragmented datagram_size off-by-one
netfilter: fix namespace handling in nf_log_proc_dostring
can: bcm: fix warning in bcm_connect/proc_register
net: fix sk_mem_reclaim_partial()
net: avoid sk_forward_alloc overflows
ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route
packet: call fanout_release, while UNREGISTERING a netdev
net: sctp, forbid negative length
sctp: validate chunk len before actually using it
net: clear sk_err_soft in sk_clone_lock()
net: mangle zero checksum in skb_checksum_help()
dccp: do not send reset to already closed sockets
dccp: fix out of bound access in dccp_v4_err()
sctp: assign assoc_id earlier in __sctp_connect
neigh: check error pointer instead of NULL for ipv4_neigh_lookup()
ipv4: use new_gw for redirect neigh lookup
mac80211: fix purging multicast PS buffer queue
mac80211: discard multicast and 4-addr A-MSDUs
cfg80211: limit scan results cache size
mwifiex: printk() overflow with 32-byte SSIDs
ipv4: Set skb->protocol properly for local output
net: sky2: Fix shutdown crash
kaweth: fix firmware download
tracing: Move mutex to protect against resetting of seq data
kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd
Revert "ipc/sem.c: optimize sem_lock()"
cfq: fix starvation of asynchronous writes
drbd: Fix kernel_sendmsg() usage - potential NULL deref
lib/genalloc.c: start search from start of chunk
tools/vm/slabinfo: fix an unintentional printf
rcu: Fix soft lockup for rcu_nocb_kthread
ratelimit: fix bug in time interval by resetting right begin time
mfd: core: Fix device reference leak in mfd_clone_cell
PM / sleep: fix device reference leak in test_suspend
mmc: mxs: Initialize the spinlock prior to using it
mmc: block: don't use CMD23 with very old MMC cards
pstore/core: drop cmpxchg based updates
pstore/ram: Use memcpy_toio instead of memcpy
pstore/ram: Use memcpy_fromio() to save old buffer
mb86a20s: fix the locking logic
mb86a20s: fix demod settings
cx231xx: don't return error on success
cx231xx: fix GPIOs for Pixelview SBTVD hybrid
gpio: mpc8xxx: Correct irq handler function
uio: fix dmem_region_start computation
KEYS: Fix short sprintf buffer in /proc/keys show function
hv: do not lose pending heartbeat vmbus packets
staging: iio: ad5933: avoid uninitialized variable in error case
mei: bus: fix received data size check in NFC fixup
ACPI / APEI: Fix incorrect return value of ghes_proc()
PCI: Handle read-only BARs on AMD CS553x devices
tile: avoid using clocksource_cyc2ns with absolute cycle count
dm flakey: fix reads to be issued if drop_writes configured
mm,ksm: fix endless looping in allocating memory when ksm enable
can: dev: fix deadlock reported after bus-off
hwmon: (adt7411) set bit 3 in CFG1 register
mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]
mfd: 88pm80x: Double shifting bug in suspend/resume
ASoC: omap-mcpdm: Fix irq resource handling
regulator: tps65910: Work around silicon erratum SWCZ010
dm: mark request_queue dead before destroying the DM device
fbdev/efifb: Fix 16 color palette entry calculation
metag: Only define atomic_dec_if_positive conditionally
Linux 3.10.105
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
arch/arm/mach-sa1100/generic.c
arch/arm64/kernel/traps.c
crypto/blkcipher.c
drivers/devfreq/devfreq.c
drivers/usb/dwc3/gadget.c
drivers/usb/gadget/u_ether.c
fs/ubifs/dir.c
include/net/if_inet6.h
lib/genalloc.c
net/ipv6/addrconf.c
net/ipv6/tcp_ipv6.c
net/wireless/scan.c
sound/core/timer.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXwrqoAAoJEE44bZycYXAvXY0P/0ggO2AAwJONCzFgBk3yZKi1
aHiSvhq4JLkFnHk3KRQJwBqAPzDkc9C41If65RTZcNwdczzPMVRBxpzIrQhzjTpg
xv2MwuuuTFQpOaJStmRbYSa8uiNs9KCmO357E6Rtz47bNrngqTk6TcXV2qIJxjl9
P5s8+l5iUIfLsPx1AIN9vCiSAeWdL2FLcVvJiIFrfpLfJd0FI0un2Z21/Cw14OLM
uoK2I8wf+DzwQdRXTUij+8+yC80IMh+bPmQR5QRcJ/jZx5xj5cdhhabWHZPw2InQ
PzPbX/xG514qNosRkALFM0xOgdpsikhOZwr4LzXJoYreFr3uarUiIQ2pGXR/DANY
nDmFNuvfwRxJTF8wXNW7J9jxLAhgqlJ5mOfWnNTI1filpUg+zCrp9O2DzyjBZOJA
7bzvCQgFG6pIawicIYX1cLZ+rdEB+oEmpQJtXkAUK9jg84jqluoq/NTQ4leNbjtl
1Vk0Gbvz28FX821lpcrNbEibkmN7MAbAr3LXYKYFtGd3RqED7LlSe1B1bxk4dS+6
FhKcZXpYXlofwGrZieGgdq/NieCUClbfTmBSbqmX7vCM3k0p5pIak+GGFoJW+rAl
VTqrxyrB5eBr4T1m04EuK6tIxbFo/SF78CgkjbOE6ghTkqe6BLuntMqXIcKn/lrO
8t0Tg0S+MrzTv3LWsnzx
=9dk8
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqdbgACgkQmXOSYMts
txa6FA//biC/xNB75MuS7nVE/4mDKnpzjejjiIWgtWFkcp+NHXIHa2JS8E1hfAfN
3oCifMMDIF8+QoQvjz6MBuxzxc4BoqxEju0Ez+/ktm8R6fTw7SEholmo+nGh4fGW
LlXwf2r2HcDrS+MzepCCVK5H2ewso4cDmnqJNVRME/R2CgTf1U+ALQ/Vv+UzXEYp
m+LbIRzWx6QcrGd9FiPg8uJ08vy/E5hZBjehKWTm1hMNvPuCysDhL6Cy7mfJhrOm
2/FypjVZHgkj+6ZMTkDOSS9mXvPmZSJ91rQCjt+Mk52OfYycbiALtBWiz3ekwYHc
wGkyzRHFMLCnjNTNBAk9LHMOdEHfR4hnvb7zaKvrAui7QyweDgX86SuqS+Okyb6Y
DXvPkzSMIs/cQc+0y1d9nSJ+ASTVAJBGewrvqENza0UDO+7r8OF+Yuu9ttlZSzVI
ABoCqcE2lqIJEVaCbjGD+r3fAclGQEJHzGhUxBvrvgBz4pKn5E3FMuB+Ll72BQo0
od1uUvP1TIBf9Sy0/k54tYusMR6pZ+0q5ffpAcVHwYg4ScUIv3e2DNlS2YwaAhg0
zUG5Is5jfIjOSzZ1cxNtlicCKKEWZgECI7i013Hx5AP3Im1ZwXZr82plOnGg16pl
Yt1pusfixkqhdi6S2gbULO4JfMN5WUDB0PvZAWCJ3US0uqi3ftE=
=9Iqv
-----END PGP SIGNATURE-----
Merge 3.10.103 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.103: (178 commits)
X.509: remove possible code fragility: enumeration values not handled
x86, asmlinkage, apm: Make APM data structure used from assembler visible
netfilter: x_tables: validate e->target_offset early
netfilter: x_tables: make sure e->next_offset covers remaining blob size
netfilter: x_tables: fix unconditional helper
netfilter: x_tables: don't move to non-existent next rule
netfilter: x_tables: add and use xt_check_entry_offsets
netfilter: x_tables: kill check_entry helper
netfilter: x_tables: assert minimum target size
netfilter: x_tables: add compat version of xt_check_entry_offsets
netfilter: x_tables: check standard target size too
netfilter: x_tables: check for bogus target offset
netfilter: x_tables: validate all offsets and sizes in a rule
netfilter: x_tables: don't reject valid target size on some architectures
netfilter: arp_tables: simplify translate_compat_table args
netfilter: ip_tables: simplify translate_compat_table args
netfilter: ip6_tables: simplify translate_compat_table args
netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
netfilter: ensure number of counters is >0 in do_replace()
netfilter: x_tables: do compat validation via translate_table
Revert "netfilter: ensure number of counters is >0 in do_replace()"
netfilter: x_tables: introduce and use xt_copy_counters_from_user
perf/x86: Honor the architectural performance monitoring version
perf/x86: Fix undefined shift on 32-bit kernels
signal: remove warning about using SI_TKILL in rt_[tg]sigqueueinfo
PCI/ACPI: Fix _OSC ordering to allow PCIe hotplug use when available
udp: properly support MSG_PEEK with truncated buffers
USB: fix invalid memory access in hub_activate()
USB: usbfs: fix potential infoleak in devio
USB: fix up faulty backports
USB: EHCI: declare hostpc register as zero-length array
USB: serial: option: add support for Telit LE910 PID 0x1206
usb: musb: Stop bulk endpoint while queue is rotated
usb: musb: Ensure rx reinit occurs for shared_fifo endpoints
usb: renesas_usbhs: protect the CFIFOSEL setting in usbhsg_ep_enable()
x86/mm: Add barriers and document switch_mm()-vs-flush synchronization
pipe: limit the per-user amount of pages allocated in pipes
cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind
KEYS: potential uninitialized variable
mm: migrate dirty page without clear_page_dirty_for_io etc
printk: do cond_resched() between lines while outputting to consoles
HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands
libceph: apply new_state before new_up_client on incrementals
tmpfs: don't undo fallocate past its last page
tmpfs: fix regression hang in fallocate undo
tcp: make challenge acks less predictable
tcp: record TLP and ER timer stats in v6 stats
tcp: consider recv buf for the initial window scale
MIPS: KVM: Fix mapped fault broken commpage handling
MIPS: KVM: Add missing gfn range check
MIPS: KVM: Fix gfn range check in kseg0 tlb faults
MIPS: KVM: Propagate kseg0/mapped tlb fault errors
MIPS: math-emu: Fix jalr emulation when rd == $0
MIPS: Fix siginfo.h to use strict posix types
MIPS: ath79: make bootconsole wait for both THRE and TEMT
MIPS: Fix 64k page support for 32 bit kernels.
MIPS: KVM: Fix modular KVM under QEMU
Input: uinput - handle compat ioctl for UI_SET_PHYS
Input: wacom_w8001 - w8001_MAX_LENGTH should be 13
Input: xpad - validate USB endpoint count during probe
ath5k: Change led pin configuration for compaq c700 laptop
aacraid: Relinquish CPU during timeout wait
aacraid: Fix for aac_command_thread hang
PCI: Disable all BAR sizing for devices with non-compliant BARs
rtlwifi: Fix logic error in enter/exit power-save mode
powerpc/book3s64: Fix branching to OOL handlers in relocatable kernel
powerpc: Fix definition of SIAR and SDAR registers
powerpc: Use privileged SPR number for MMCR2
powerpc/pseries/eeh: Handle RTAS delay requests in configure_bridge
powerpc/iommu: Remove the dependency on EEH struct in DDW mechanism
powerpc/pseries: Fix PCI config address for DDW
powerpc/tm: Always reclaim in start_thread() for exec() class syscalls
sunrpc: fix stripping of padded MIC tokens
drm/gma500: Fix possible out of bounds read
drm/fb_helper: Fix references to dev->mode_config.num_connector
drm/radeon: fix asic initialization for virtualized environments
drm/radeon: add a delay after ATPX dGPU power off
drm/radeon: Poll for both connect/disconnect on analog connectors
drm/radeon: fix firmware info version checks
ext4: fix hang when processing corrupted orphaned inode list
ext4: address UBSAN warning in mb_find_order_for_block()
ext4: silence UBSAN in ext4_mb_init()
ext4: verify extent header depth
ext4: check for extents that wrap around
ext4: don't call ext4_should_journal_data() on the journal inode
ext4: short-cut orphan cleanup on error
ext4: fix reference counting bug on block allocation error
dma-debug: avoid spinlock recursion when disabling dma-debug
xfs: xfs_iflush_cluster fails to abort on error
xfs: fix inode validity check in xfs_iflush_cluster
xfs: skip stale inodes in xfs_iflush_cluster
KVM: x86: fix OOPS after invalid KVM_SET_DEBUGREGS
ARM: fix PTRACE_SETVFPREGS on SMP systems
arm: oabi compat: add missing access checks
parisc: Fix pagefault crash in unaligned __get_user() call
ecryptfs: forbid opening files without mmap handler
fix d_walk()/non-delayed __d_free() race
crypto: ux500 - memmove the right size
crypto: gcm - Filter out async ghash if necessary
crypto: scatterwalk - Fix test in scatterwalk_done
sit: correct IP protocol used in ipip6_err
ipmr/ip6mr: Initialize the last assert time of mfc entries.
net: alx: Work around the DMA RX overflow issue
mac80211: mesh: flush mesh paths unconditionally
mac80211_hwsim: Add missing check for HWSIM_ATTR_SIGNAL
IB/mlx4: Properly initialize GRH TClass and FlowLabel in AHs
IB/security: Restrict use of the write() interface
IB/IPoIB: Don't update neigh validity for unresolved entries
IB/mlx4: Fix the SQ size of an RC QP
x86, build: copy ldlinux.c32 to image.iso
kprobes/x86: Clear TF bit in fault on single-stepping
x86/amd_nb: Fix boot crash on non-AMD systems
NFS: Fix another OPEN_DOWNGRADE bug
mm: Export migrate_page_move_mapping and migrate_page_copy
UBIFS: Implement ->migratepage()
cdc_ncm: workaround for EM7455 "silent" data interface
kvm: Fix irq route entries exceeding KVM_MAX_IRQ_ROUTES
tracing: Handle NULL formats in hold_module_trace_bprintk_format()
base: make module_create_drivers_dir race-free
iio: Fix error handling in iio_trigger_attach_poll_func
staging: iio: accel: fix error check
iio: accel: kxsd9: fix the usage of spi_w8r8()
iio:ad7266: Fix broken regulator error handling
iio:ad7266: Fix probe deferral for vref
tty/vt/keyboard: fix OOB access in do_compute_shiftstate()
ALSA: dummy: Fix a use-after-free at closing
ALSA: au88x0: Fix calculation in vortex_wtdma_bufshift()
ALSA: ctl: Stop notification after disconnection
ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
ALSA: timer: Fix leak in events via snd_timer_user_ccallback
ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
scsi: fix race between simultaneous decrements of ->host_failed
scsi: remove scsi_end_request
Fix reconnect to not defer smb3 session reconnect long after socket reconnect
xen/acpi: allow xen-acpi-processor driver to load on Xen 4.7
s390/seccomp: fix error return for filtered system calls
fs/nilfs2: fix potential underflow in call to crc32_le
arc: unwind: warn only once if DW2_UNWIND is disabled
xen/pciback: Fix conf_space read/write overlap check.
Revert "ecryptfs: forbid opening files without mmap handler"
ecryptfs: don't allow mmap when the lower fs doesn't support it
ARC: use ASL assembler mnemonic
qeth: delete napi struct when removing a qeth device
mmc: block: fix packed command header endianness
can: at91_can: RX queue could get stuck at high bus load
can: fix oops caused by wrong rtnl dellink usage
ipr: Clear interrupt on croc/crocodile when running with LSI
net: mvneta: set real interrupt per packet for tx_done
sctp: Prevent soft lockup when sctp_accept() is called during a timeout event
x86/mm: Improve switch_mm() barrier comments
KEYS: 64-bit MIPS needs to use compat_sys_keyctl for 32-bit userspace
scsi_lib: correctly retry failed zero length REQ_TYPE_FS commands
block: fix use-after-free in seq file
fuse: fix wrong assignment of ->flags in fuse_send_init()
net/irda: fix NULL pointer dereference on memory allocation failure
gpio: pca953x: Fix NBANK calculation for PCA9536
hp-wmi: Fix wifi cannot be hard-unblocked
s5p-mfc: Set device name for reserved memory region devs
s5p-mfc: Add release callback for memory region devs
Bluetooth: Fix l2cap_sock_setsockopt() with optname BT_RCVMTU
cifs: Check for existing directory when opening file with O_CREAT
netlabel: add address family checks to netlbl_{sock,req}_delattr()
balloon: check the number of available pages in leak balloon
ftrace/recordmcount: Work around for addition of metag magic but not relocations
metag: Fix __cmpxchg_u32 asm constraint for CMP
ubi: Make volume resize power cut aware
ubi: Fix race condition between ubi device creation and udev
dm flakey: error READ bios during the down_interval
module: Invalidate signatures on force-loaded modules
be2iscsi: Fix bogus WARN_ON length check
squash mm: Export migrate_page_... : also make it non-static
HID: hid-input: Add parentheses to quell gcc warning
ALSA: oxygen: Fix logical-not-parentheses warning
net: rfkill: Do not ignore errors from regulator_enable()
isdn: hfcpci_softirq: get func return to suppress compiler warning
stb6100: fix buffer length check in stb6100_write_reg_range()
spi: spi-xilinx: cleanup a check in xilinx_spi_txrx_bufs()
Linux 3.10.103
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
drivers/usb/core/quirks.c
fs/fuse/inode.c
kernel/panic.c
net/ipv4/tcp_input.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXXS5iAAoJEE44bZycYXAvDj8P/jbhmGAgW6tw2cnS90QIZDqG
M/nclEId61jICNvbfP6zsioKeWyrmzr5G7NjqTThsSNhCo/DXs3ddMqLy3pOaFdq
mytXtHIUpwZoplEib+ODinW40CMqnu11XSWEcee2nrsPuGNsnc7BY0wmFBa6UVCV
rOZef9SN9lJcZSYY/auvgLDXOXdQ+NMxp5hau30aF5HBO8hTDXStjPRcUwCvz7aR
govTQJHlS4HzLH3JOYS3Dt8IYFDOrKhQIby2nFdw7eiUxHCRy2F0asabTh3DzCw1
iLvFroozjyVXwozfWMqLCvMa+514MXJy8Nkva6xiAHraC8UrgfPtcNsTdgtkdH9T
V2Am9b0L7yiBdG6hsZLxkU3akk7vU/0dtppwzvudANT6i2tGcDSBeaZq3T2pAv7B
7coY53GzHZdQnbdTZbYeS1fxebxyXw50D5OJkF8DyLhoL7Uj2Dvv0QdjKv+U/e5D
VQ+ZyGcBdCLuOzflXysI10E01y0/M3FrkubgGBM4Oh0eYKCHJaHG/NCZy5JY/qxy
S0phem8RbeZPbcL14z+5buWIi1lUkTiCIMG8c32ZEmDh84drnICqABA0RzKmqdkj
ucQa+PzkMQ1DyhAMUl/CwpBfSqf1Zs3agLo78Kp5MTGfeAA90m0SeVqhmDgWhwqG
HhSlsPFfMfmJl5S0uJpQ
=UhFl
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqdSoACgkQmXOSYMts
txbb1A/6A1pJjz3//6RsYU7G2f4WgAjqCRzQDPtVtBUwpyBtj7DuAxNGeOAvw0KM
BfOTy0fhtgHfOV6F4kynIuU6scNY8zZlZ2ZCgndhiC45dlDBSto2mYgF9DmDl7m3
rRhiWmmSqFvJW+USxCETg8PxXVIs0Si+TU8AfBKJt3Mf25UyLsrm/hIDqg3FtkyP
STZlpmACGQEJl6qTVTubTv6/psJc0oE7gUZ2G4TTuFxt+p3/4MPf+pnicl5jcP04
laN1k2ce8ciV8Tc7f5zM55ArLGM+M4QQNRqO6Wrl7gQvtXpn6Efno9aY2MuaXtdm
7sKKvQWj0QMS/9tei+wGS73gDsfIb1qrsaMWD9UF9zGb7miGkRr3wdDZPYurysWy
5cIL1TErJDiIVlVedL/o8EYOxCYamSQPJ35WGxSgeS9kqfTlh3C1angGy9EOpv27
ER1myFM4TUc51ziPIFlEeBu1ku4vVY7atCsZU25VqKFLAapeDG3xuK1RDmal/PTd
d2JahllwPQ4Uh8OUNeHcN4Ptxf/fBVezSCZw1tv6vkAUdt6uXcbweutDw74cWlNJ
KbKd5yluWVCAVsOSiVNRFX8ij/9GeJvu94eU5o7jiC578TQTRrMdKyxEqVKzz6te
39rFoX20GZ7IosRoJDp9gsJTA7GAVsCcfU9CK/SNL3jxGLFvJbo=
=CaKB
-----END PGP SIGNATURE-----
Merge 3.10.102 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.102: (144 commits)
pipe: Fix buffer offset after partially failed read
x86/iopl/64: Properly context-switch IOPL on Xen PV
ext4: fix NULL pointer dereference in ext4_mark_inode_dirty()
compiler-gcc: integrate the various compiler-gcc[345].h files
x86: LLVMLinux: Fix "incomplete type const struct x86cpu_device_id"
KVM: i8254: change PIT discard tick policy
KVM: fix spin_lock_init order on x86
EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()
PCI: Disable IO/MEM decoding for devices with non-compliant BARs
linux/const.h: Add _BITUL() and _BITULL()
x86: Rename X86_CR4_RDWRGSFS to X86_CR4_FSGSBASE
x86, processor-flags: Fix the datatypes and add bit number defines
x86/iopl: Fix iopl capability check on Xen PV
sg: fix dxferp in from_to case
aacraid: Fix memory leak in aac_fib_map_free
be2iscsi: set the boot_kset pointer to NULL in case of failure
usb: retry reset if a device times out
USB: cdc-acm: more sanity checking
USB: iowarrior: fix oops with malicious USB descriptors
USB: usb_driver_claim_interface: add sanity checking
USB: mct_u232: add sanity checking in probe
USB: digi_acceleport: do sanity checking for the number of ports
USB: cypress_m8: add endpoint sanity check
USB: serial: cp210x: Adding GE Healthcare Device ID
USB: option: add "D-Link DWM-221 B1" device id
pwc: Add USB id for Philips Spc880nc webcam
Input: powermate - fix oops with malicious USB descriptors
net: irda: Fix use-after-free in irtty_open()
8250: use callbacks to access UART_DLL/UART_DLM
bttv: Width must be a multiple of 16 when capturing planar formats
media: v4l2-compat-ioctl32: fix missing length copy in put_v4l2_buffer32
ALSA: intel8x0: Add clock quirk entry for AD1981B on IBM ThinkPad X41.
jbd2: fix FS corruption possibility in jbd2_journal_destroy() on umount path
bcache: fix cache_set_flush() NULL pointer dereference on OOM
watchdog: rc32434_wdt: fix ioctl error handling
splice: handle zero nr_pages in splice_to_pipe()
xtensa: ISS: don't hang if stdin EOF is reached
xtensa: clear all DBREAKC registers on start
md/raid5: Compare apples to apples (or sectors to sectors)
rapidio/rionet: fix deadlock on SMP
ipr: Fix out-of-bounds null overwrite
ipr: Fix regression when loading firmware
drm/radeon: Don't drop DP 2.7 Ghz link setup on some cards.
tracing: Have preempt(irqs)off trace preempt disabled functions
tracing: Fix crash from reading trace_pipe with sendfile
tracing: Fix trace_printk() to print when not using bprintk()
scripts/coccinelle: modernize &
Input: ims-pcu - sanity check against missing interfaces
Input: ati_remote2 - fix crashes on detecting device with invalid descriptor
ocfs2/dlm: fix race between convert and recovery
ocfs2/dlm: fix BUG in dlm_move_lockres_to_recovery_list
mtd: onenand: fix deadlock in onenand_block_markbad
sched/cputime: Fix steal time accounting vs. CPU hotplug
perf/x86/intel: Fix PEBS data source interpretation on Nehalem/Westmere
hwmon: (max1111) Return -ENODEV from max1111_read_channel if not instantiated
parisc: Avoid function pointers for kernel exception routines
parisc: Fix kernel crash with reversed copy_from_user()
ALSA: timer: Use mod_timer() for rearming the system timer
net: jme: fix suspend/resume on JMC260
sctp: lack the check for ports in sctp_v6_cmp_addr
ipv6: re-enable fragment header matching in ipv6_find_hdr
cdc_ncm: toggle altsetting to force reset before setup
usbnet: cleanup after bind() in probe()
udp6: fix UDP/IPv6 encap resubmit path
sh_eth: fix NULL pointer dereference in sh_eth_ring_format()
net: Fix use after free in the recvmmsg exit path
farsync: fix off-by-one bug in fst_add_one
ath9k: fix buffer overrun for ar9287
qlge: Fix receive packets drop.
ppp: take reference on channels netns
qmi_wwan: add "D-Link DWM-221 B1" device id
ipv4: l2tp: fix a potential issue in l2tp_ip_recv
ipv6: l2tp: fix a potential issue in l2tp_ip6_recv
ip6_tunnel: set rtnl_link_ops before calling register_netdevice
usb: renesas_usbhs: avoid NULL pointer derefernce in usbhsf_pkt_handler()
usb: renesas_usbhs: disable TX IRQ before starting TX DMAC transfer
ext4: add lockdep annotations for i_data_sem
HID: usbhid: fix inconsistent reset/resume/reset-resume behavior
drm/radeon: hold reference to fences in radeon_sa_bo_new (3.17 and older)
usbvision-video: fix memory leak of alt_max_pkt_size
usbvision: fix leak of usb_dev on failure paths in usbvision_probe()
usbvision: fix crash on detecting device with invalid configuration
usb: xhci: fix wild pointers in xhci_mem_cleanup
usb: hcd: out of bounds access in for_each_companion
crypto: gcm - Fix rfc4543 decryption crash
nl80211: check netlink protocol in socket release notification
Input: gtco - fix crash on detecting device without endpoints
i2c: cpm: Fix build break due to incompatible pointer types
EDAC: i7core, sb_edac: Don't return NOTIFY_BAD from mce_decoder callback
ASoC: s3c24xx: use const snd_soc_component_driver pointer
efi: Fix out-of-bounds read in variable_matches()
workqueue: fix ghost PENDING flag while doing MQ IO
USB: usbip: fix potential out-of-bounds write
paride: make 'verbose' parameter an 'int' again
fbdev: da8xx-fb: fix videomodes of lcd panels
misc/bmp085: Enable building as a module
rtc: vr41xx: Wire up alarm_irq_enable
drivers/misc/ad525x_dpot: AD5274 fix RDAC read back errors
include/linux/poison.h: fix LIST_POISON{1,2} offset
Drivers: hv: vmbus: prevent cpu offlining on newer hypervisors
perf stat: Document --detailed option
ARM: OMAP3: Add cpuidle parameters table for omap3430
compiler-gcc: disable -ftracer for __noclone functions
ipvs: correct initial offset of Call-ID header search in SIP persistence engine
nbd: ratelimit error msgs after socket close
clk: versatile: sp810: support reentrance
lpfc: fix misleading indentation
ARM: SoCFPGA: Fix secondary CPU startup in thumb2 kernel
proc: prevent accessing /proc/<PID>/environ until it's ready
batman-adv: Fix broadcast/ogm queue limit on a removed interface
MAINTAINERS: Remove asterisk from EFI directory names
ACPICA: Dispatcher: Update thread ID for recursive method calls
USB: serial: cp210x: add ID for Link ECU
USB: serial: cp210x: add Straizona Focusers device ids
Input: ads7846 - correct the value got from SPI
powerpc: scan_features() updates incorrect bits for REAL_LE
crypto: hash - Fix page length clamping in hash walk
get_rock_ridge_filename(): handle malformed NM entries
Input: max8997-haptic - fix NULL pointer dereference
asmlinkage, pnp: Make variables used from assembler code visible
ARM: OMAP3: Fix booting with thumb2 kernel
decnet: Do not build routes to devices without decnet private data.
route: do not cache fib route info on local routes with oif
packet: fix heap info leak in PACKET_DIAG_MCLIST sock_diag interface
atl2: Disable unimplemented scatter/gather feature
net: fix infoleak in llc
net: fix infoleak in rtnetlink
VSOCK: do not disconnect socket when peer has shutdown SEND only
net: bridge: fix old ioctl unlocked net device walk
net: fix a kernel infoleak in x25 module
fs/cifs: correctly to anonymous authentication via NTLMSSP
ring-buffer: Use long for nr_pages to avoid overflow failures
ring-buffer: Prevent overflow of size in ring_buffer_resize()
mfd: omap-usb-tll: Fix scheduling while atomic BUG
mmc: mmc: Fix partition switch timeout for some eMMCs
mmc: longer timeout for long read time quirk
Bluetooth: vhci: purge unhandled skbs
USB: serial: keyspan: fix use-after-free in probe error path
USB: serial: quatech2: fix use-after-free in probe error path
USB: serial: io_edgeport: fix memory leaks in probe error path
USB: serial: option: add support for Cinterion PH8 and AHxx
tty: vt, return error when con_startup fails
serial: samsung: Reorder the sequence of clock control when call s3c24xx_serial_set_termios()
Linux 3.10.102
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
drivers/media/v4l2-core/v4l2-compat-ioctl32.c
fs/pipe.c
kernel/trace/trace_printk.c
net/core/rtnetlink.c
net/socket.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJW6X7DAAoJEDjbvchgkmk+RqMP/23oS5ZXheNwIwKzWO8f1tnZ
Em+1+p5zZ8cFV/mWHz6Jxxt0/3tEteT1m3sWGJLvG3Uzz1kd7alS/omxU0Lf4WEf
Qzso9R5sg4+SKUtAhRmJlXhLvVwnKc5KiGyrBt4ZBrwViHy+phr6/uPUTI5m6u48
Xzujf+onqeojNXTfMxAq90r9a/AHmVlTwQ+j6SqPkKKbCrtHp9bjrMEb2JFbk8CN
dPhJQuKgUjUx0Scfk2KOecS89e0Kr+k8RWFstPtR0eUkvNlfzjcK7SD1WZ5i0yd4
d89tG/X9T2uTVeO2hTxKmTmOAxgiBS/RAljXgA+3j1VTPBMuOvYjyIVQ8RwROFtp
UbgkSabwhX2prKj1J0zXNUjSvYyiGQ1mXWcHemZxaJAZKl0rWwHeBuNHPuJCPAWJ
ZVqFkA0jrKcDbF+pnt9nkWEC1vFkO0kaZAY8hYtUiXkA8ohoC+4rIap09sgGzHiM
ElN9VZbg8dJOMfSrnFkIO8t8SQzlnLo3lNQsKF8HbtB2UsIODALYasuj61KXlt1s
xo4bKgKVncRqA0neMdOjVlu4U8qs3f2f8FDFMdX3lAlq/Pcgo/wJCUuhl3y3cr4+
9FRTaWxbtg7zCfvlV4JmgF9KjNdq+w6CU6ZbtRSDuBhtCx5dpMNGqD9igY6xtV4P
GN3zWp59z0D40kIU+bLd
=3YTQ
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqdNYACgkQmXOSYMts
txZXEBAApzBKflC5tuscXvhSXrstWHNZVN6gy+RF0NdqDcbhxz+3fDHZrfEF70MG
/kfRZ4/oV52ZnfjmpFwikGBfe9WuUrm6TQgqN3NkLdtdI23LZdDa5D6sfifu9evb
wpSbcpe4JVGfLt8q8Qqibbb5Imek19XIsDtrYt9Z1DQN/cT5joOgkzxi2d39Vbzy
9n0o5nfRGW2pE/VuRzDQ8V2+vdkSa/zNYIZTWvhDrNUN7T0pKb9Wwz212+VRkVyi
qkH/xoiTOdfWCecFHATT+vZMYEchnY8n5eQWsD6WESwMVc3w7L9ntUjMuvnGDqf1
es+dcD4QBLQ0zLxh72s8ahQ0LMZ0k2q4LX4BJwm00pmdC0SU6k3e/pf1Sdmk63Ln
IjeZoU0dfkZ6b9GRz4TRHQN39BbP1FlcpL2rCTLUjMg2u/1VkbqgPUq8QX8TPzUw
104y75t608ons/XkJtttQ9Y+F+FgOsBW/77ql06edZ0xA4FgCRt4zDVdZlGhRug6
QqC/aak/qAwTkffcOpprAIz964bZMDAlGNQg6wxE/RTo0rPD1v/bGJfOCciNrqZA
w98RRnzHx28InV0gXayToeN7Adzo5LS6msTAgWUvYRhrReZwEQqZq/wirRclzWvm
NwuvJSTzhLOKjj286UGslOqJoC7KaubkYGAhYWH12e2jnP0Fr6g=
=OhWq
-----END PGP SIGNATURE-----
Merge 3.10.101 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.101: (19 commits)
KVM: VMX: disable PEBS before a guest entry
tracing: Fix check for cpu online when event is disabled
ASoC: wm8994: Fix enum ctl accesses in a wrong type
ASoC: wm8958: Fix enum ctl accesses in a wrong type
wext: fix message delay/ordering
mac80211: fix use of uninitialised values in RX aggregation
mac80211: minstrel_ht: set default tx aggregation timeout to 0
powerpc: Fix dedotify for binutils >= 2.26
KVM: x86: move steal time initialization to vcpu entry time
lib/ucs2_string: Add ucs2 -> utf8 helper functions
efi: Use ucs2_as_utf8 in efivarfs instead of open coding a bad version
efi: Do variable name validation tests in utf8
efi: Make our variable validation list include the guid
efi: Make efivarfs entries immutable by default
efi: Add pstore variables to the deletion whitelist
lib/ucs2_string: Correct ucs2 -> utf8 conversion
modules: fix longstanding /proc/kallsyms vs module insertion race.
Revert: "crypto: af_alg - Disallow bind/setkey/... after accept(2)"
Linux 3.10.101
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJW2MPMAAoJEDjbvchgkmk+xlkP/3pLYC8OxOPz11sBFOWDB6Jn
+/La3kW252TMcY7K8Z6R2UJC93HxXaCySAZTrLrwUL6mqpSStiHhX/1HQMI6If4c
jMtsbgWpU+HZzprPzY8IK6rdrZJKz+Nxu3LMuV0pYTAFKLnCa4d9bSYZ52UArVnC
w13KGpk/gnWTO7A6ZNx4dcRpMqYHWcG+eJsT9zdExmyk65qBCxhhUxXh+DijmSn7
QXrFJ4zjWr1kIdsk6Moat/HCTt/zvwMiWuHdnqYIzUSmvWZWbaQsqGw0cFvKM2hL
pOJ3zf3fgUY6fsV0vG+SFdrMmL6RtL/v0c2EGM5ZlYCIPbUZcK+XMlaEqOe6UAHz
hITIE+r03l2zqagWVb/2HOen8liHIxnfqUPYgHd6vmXz2qWXg9sWTsOhr3ZAQQLA
tf0JDjmx/KCyBmiA7ZyhRLeyhx0jD/csxxo14YME8N3tJCyw5gEIOgXlOLNxhWRu
uCqSN27FDnnf6ppbX1euMeWxzqi4DCZFMDJQT743V5sJIz10BsVR9HJS6mwyUioN
ia4qVc99JfSEsXuawlZhC44Ht+Z/tTSxQPcZjWMHvftGVfxS9AZVf85BM5zNa91t
52mtJivT25N7JxHE41iEQA9t4V1shCjGmEUKD4cVMKgC18cpXD/awDlJ1Or1YuAO
ro6ElZeHj+O3YETFp31/
=GlVi
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqdM8ACgkQmXOSYMts
txacfQ//SS35oIq6UFvp2viMaloy++Ec9fBNUqMI8GLbdJ25Fwt2lA0kuhOCR+dH
bHjwCsb/lo4uf0g+gYuQU4M9XqusWbmsQouTObILBidMt1K2MavKXLqzZsQ+bVD5
pDHLK9ZJwGqTpGgPLlRo1KLIPq+Byf2T+mWiAdoR873gJAJSDPns4PhjJIRvsv52
lnqnIDcjJ//7RzZkBv1hqlA294ttEKRfDqRk+WhLHAJVtnxwpbaiMyRjZgcXvxec
rvPgnppkkhIi/EyrJPU3GkZEce8bj3WQBVDLEw+4NxXNQGANwUEo14jgbBVZaQTg
/Wrx5QR8S+qqxCeKBN825oHcsgfRdLzmX28J13m6R3hW3RMTH0cTjjLTIW/Ms/LI
wiwBW8rYIwkSFUY6r2HYzi9goC9wm1bP/rAJ5n9OdcFkyHc7sVtqkejQEdfmHRfT
UQmIzxe8nH21j88xXXmZ2OiVv0AJqZDcc6rBwvhFdxXRqySdZDKzbl6l7tNXVDBM
amOzbk6pbv245Mbr9i6BvkhUsoWkAmNpX6ZZeo98RAiGsQs9cvUPllgzNZmW0+KW
uDRHreI1ZGBdr7tFYmUCP0JeJYNXv0K3I8bsKIbC97q9xGa/T73M9PFFpQ8r0Cot
hd+rsq+fGC6CuXsYg6xAcuVDwM4ljuHwKbAnQTYSEiXvGEd0dDM=
=iIAf
-----END PGP SIGNATURE-----
Merge 3.10.99 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.99: (80 commits)
tracepoints: Do not trace when cpu is offline
drm/ast: Initialized data needed to map fbdev memory
netfilter: nf_conntrack: fix RCU race in nf_conntrack_find_get
bcache: unregister reboot notifier if bcache fails to unregister device
tools: Add a "make all" rule
drm/radeon: fix hotplug race at startup
efi: Disable interrupts around EFI calls, not in the epilog/prolog calls
dm thin metadata: fix bug when taking a metadata snapshot
dm thin: fix race condition when destroying thin pool workqueue
can: ems_usb: Fix possible tx overflow
USB: cp210x: add IDs for GE B650V3 and B850V3 boards
USB: option: add support for SIM7100E
USB: option: add "4G LTE usb-modem U901"
proc: Fix ptrace-based permission checks for accessing task maps
iw_cxgb3: Fix incorrectly returning error on success
MIPS: KVM: Fix ASID restoration logic
MIPS: KVM: Fix CACHE immediate offset sign extension
MIPS: KVM: Uninit VCPU in vcpu_create error path
splice: sendfile() at once fails for big files
Failing to send a CLOSE if file is opened WRONLY and server reboots on a 4.x mount
unix: correctly track in-flight fds in sending process user_struct
genirq: Prevent chip buslock deadlock
clocksource/drivers/vt8500: Increase the minimum delta
lockd: create NSM handles per net namespace
devres: fix a for loop bounds check
wm831x_power: Use IRQF_ONESHOT to request threaded IRQs
megaraid_sas: Do not use PAGE_SIZE for max_sectors
megaraid_sas : SMAP restriction--do not access user memory from IOCTL code
mmc: remove bondage between REQ_META and reliable write
mac: validate mac_partition is within sector
ARC: dw2 unwind: Remove falllback linear search thru FDE entries
vfs: Avoid softlockups with sendfile(2)
ring-buffer: Update read stamp with first real commit on page
virtio: fix memory leak of virtio ida cache layers
mac80211: mesh: fix call_rcu() usage
RDS: fix race condition when sending a message on unbound socket
can: sja1000: clear interrupts on start
sched/core: Remove false-positive warning from wake_up_process()
sata_sil: disable trim
dm btree: fix bufio buffer leaks in dm_btree_del() error path
vgaarb: fix signal handling in vga_get()
rfkill: copy the name into the rfkill struct
ses: Fix problems with simple enclosures
ses: fix additional element traversal bug
scripts: recordmcount: break hardlinks
Btrfs: add missing brelse when superblock checksum fails
Btrfs: igrab inode in writepage
Btrfs: send, don't BUG_ON() when an empty symlink is found
Btrfs: fix number of transaction units required to create symlink
s390: fix normalization bug in exception table sorting
s390/dasd: prevent incorrect length error under z/VM after PAV changes
s390/dasd: fix refcount for PAV reassignment
uml: flush stdout before forking
uml: fix hostfs mknod()
media: dvb-core: Don't force CAN_INVERSION_AUTO in oneshot mode
gspca: ov534/topro: prevent a division by 0
tda1004x: only update the frontend properties if locked
dm snapshot: fix hung bios when copy error occurs
posix-clock: Fix return code on the poll method's error path
mmc: mmci: fix an ages old detection error
sparc64: fix incorrect sign extension in sys_sparc64_personality
drm/vmwgfx: respect 'nomodeset'
drm/radeon: clean up fujitsu quirks
drm/radeon: hold reference to fences in radeon_sa_bo_new
drm/radeon: use post-decrement in error handling
IB/qib: fix mcast detach when qp not attached
libceph: don't bail early from try_read() when skipping a message
cdc-acm:exclude Samsung phone 04e8:685d
rfkill: fix rfkill_fop_read wait_event usage
Revert "workqueue: make sure delayed work run in local cpu"
libata: fix sff host state machine locking while polling
PCI/AER: Flush workqueue on device remove to avoid use-after-free
nfs: fix nfs_size_to_loff_t
KVM: async_pf: do not warn on page allocation failures
tracing: Fix showing function event in available_events
sunrpc/cache: fix off-by-one in qword_get()
kernel/resource.c: fix muxed resource handling in __request_region()
do_last(): don't let a bogus return value from ->open() et.al. to confuse us
xen/pcifront: Fix mysterious crashes when NUMA locality information was extracted.
Linux 3.10.99
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJWz1zgAAoJEDjbvchgkmk+yU8P/10DITNzrhCfz5wbhvvn9Uvo
7H1DziOora3u9h8/rz6xqgFEz2/9cZ03KoLcpGha7kEFBsvgVhN3uSI0YFpVV2mT
8/oh1ADdkky3Pld0f7gDGydDvrmgqx83/69SQ8hDQ8Mr2QTaKNvK05QGC2/EO9kI
OcUAXjdAGglmf5rfhNhXodG/F2DtsA55uCzeyuBhcPE3bM7d4/48pwr1b2tW2CR8
hsprRvSz+kGgHXQy8jYdxKEI66OC/i22xVnxEc8PZmPZ0fFfmszzc9nzhcseWfpe
0JGgfwAtM8Va+bX4kfvqPpc2qR0r8Z2iEKNnAHnGutOvSWvow0l1OEedsb/+s1J6
/AYlPIkgTxwLDAwBIymPgowkEMOPVZzPL0tkoZI8wjB+eqUxxLlIa2dNByCyUs/U
1xTy+0UDMMDXG911mJl+yZFvd4R7lQUavIEStmMQ+A/Go2KrATaqIM8WETBlm7oH
s3hZ3E+RBWmfD/6JQwsJNkwv6yWeaRXNE+bj8C1r/uBdPyGqX9T22OaIOlio+I71
XBNEM5mrTlNeNVIUIKW29qmLBxBrH2LLwpv/dRyfOfzfhi1B+dl9+3sJauvrSmWi
jrR1khGmmaZcfOT2DVmpwlDQCQcyMcy8S8RTTAHhhuNmWtSjdc3TcfRlHXvP0sOu
ruXBufxernb94E7sqsvF
=LW9r
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqdMoACgkQmXOSYMts
txYJKxAAkVgmXLjjtJbCUkYLzohjXabtfF9ekfy7UPRdBU+PPRC2c8tHcR6LCqXd
v+hEiI80h72BqEVE4y3ztFZlhbpSonIcmRrG+/gWsWcWmY9S0owilHwhmrl3uvmC
Fvso6+5oWVvVXuM8I4Ul/3bXmScVhv/rh22iN2hhOS7WgEVdqlhmYHC/KIpRK+rD
dyUQ2eONgr14FyGswgK0zLaFKXvKhQfEjvAu4KXJek0sIPIUEVdZ5xgS2v4eLigN
W0+ewi4DCTESCU8GCnZwwU1OIbe2De09sPIVwBM644bOIJRxOJxnL0a11IjwOaye
P9ne98G3M1vTruiM+/dA40eGh7kFiKKlIqCO1mf1IqrQSYq+sNEuDSmD9XY+huRZ
ktDue8NcUmFgJzJxeRYfdatCNF/esfdIzuzbFnw+Jr+EPACn6FiOXFgkJkUpo204
wvv+nOhiYlSJQT81jqmVTn3iGyvZIJd15uCEryguNt8LmLafGlztYBZ5dSUkejcu
nAipexnYGyrufD5XhshZlcBt1S1FCQZd3lUBETmqLzP+hiZG76ti96i2ro2hnyM5
TWva2zmC1Cp89l0dWJjtNSohD4S6226Jc6ebHTDO/67gpsj3dlbH3IR7rDqKXgof
AFltzPMYnfMPYuDmANTu7vqlJGI5974xrDA1hRAUN49YVxD5YKk=
=fJ2P
-----END PGP SIGNATURE-----
Merge 3.10.98 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.98: (55 commits)
ALSA: seq: Fix double port list deletion
wan/x25: Fix use-after-free in x25_asy_open_tty()
staging/speakup: Use tty_ldisc_ref() for paste kworker
pty: fix possible use after free of tty->driver_data
pty: make sure super_block is still valid in final /dev/tty close
AIO: properly check iovec sizes
ext4: fix potential integer overflow
Btrfs: fix hang on extent buffer lock caused by the inode_paths ioctl
perf: Fix inherited events vs. tracepoint filters
ptrace: use fsuid, fsgid, effective creds for fs access checks
tools lib traceevent: Fix output of %llu for 64 bit values read on 32 bit machines
tracing: Fix freak link error caused by branch tracer
klist: fix starting point removed bug in klist iterators
scsi: restart list search after unlock in scsi_remove_target
scsi_sysfs: Fix queue_ramp_up_period return code
iscsi-target: Fix rx_login_comp hang after login failure
Fix a memory leak in scsi_host_dev_release()
SCSI: Fix NULL pointer dereference in runtime PM
iscsi-target: Fix potential dead-lock during node acl delete
SCSI: fix crashes in sd and sr runtime PM
drivers/scsi/sg.c: mark VMA as VM_IO to prevent migration
scsi_dh_rdac: always retry MODE SELECT on command lock violation
scsi: fix soft lockup in scsi_remove_target() on module removal
iio:ad7793: Fix ad7785 product ID
iio: lpc32xx_adc: fix warnings caused by enabling unprepared clock
iio:ad5064: Make sure ad5064_i2c_write() returns 0 on success
iio: adis_buffer: Fix out-of-bounds memory access
iio: dac: mcp4725: set iio name property in sysfs
cifs: fix erroneous return value
nfs: Fix race in __update_open_stateid()
udf: limit the maximum number of indirect extents in a row
udf: Prevent buffer overrun with multi-byte characters
udf: Check output buffer length when converting name to CS0
ARM: 8519/1: ICST: try other dividends than 1
ARM: 8517/1: ICST: avoid arithmetic overflow in icst_hz()
fuse: break infinite loop in fuse_fill_write_pages()
mm: soft-offline: check return value in second __get_any_page() call
Input: elantech - add Fujitsu Lifebook U745 to force crc_enabled
Input: elantech - mark protocols v2 and v3 as semi-mt
Input: i8042 - add Fujitsu Lifebook U745 to the nomux list
iommu/vt-d: Fix 64-bit accesses to 32-bit DMAR_GSTS_REG
mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone()
xhci: Fix list corruption in urb dequeue at host removal
m32r: fix m32104ut_defconfig build fail
dma-debug: switch check from _text to _stext
scripts/bloat-o-meter: fix python3 syntax error
memcg: only free spare array when readers are done
radix-tree: fix race in gang lookup
radix-tree: fix oops after radix_tree_iter_retry
intel_scu_ipcutil: underflow in scu_reg_access()
x86/asm/irq: Stop relying on magic JMP behavior for early_idt_handlers
futex: Drop refcount if requeue_pi() acquired the rtmutex
ip6mr: call del_timer_sync() in ip6mr_free_table()
module: wrapper for symbol name.
Linux 3.10.98
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJWqv2IAAoJEDjbvchgkmk+180QAKqYrypT3cyClNOHGRFRaxID
Sxo8S9tr8apxaIeP/nfZH3fYXyoadKBwxet15PNYwGVex3jBIVO0M0kspNPu9guG
ogM0hf558EiWpdN5kydwCyN2ukJkhPP9r1ZQ5T84UcqflIboLDYXksqW1w8JX7wm
dumt8kbbnN42e9S1bXD79CRaBB+dkNBTg0fdfpCi7pOQvUQD9DAs/j6XM1ZkOouX
P+/vnIWbRwzbVqlJSaWNfBotlNsydosazJD9lg8iFIRDpVGJPKYbDMP2MPpyrmyA
mesNRIy0wD9cixXW6jMS3fkSOY27N5hZIYYVPWQ8vfCcooTej4GHw37C7Inlh8z6
iWf/sy1Hu+vniJKAr0BD86ocZxnaMv//BQtwCJZv3TfuQ93QkaRmEznEnCHYGN4M
thoaS7oYGfrJnsHKkh913Kr3K7QuvyFttOE058PloYzJbCPV+YVRa/UGyuR6qOCl
SbuSMXDdUDcf/Wznr6S6p6T2GIfM8GYvfm7hzIYwHpClCQpDR3lRdonDAg82mdMh
YCNbEZQ32+l8idBX/YG97MskMD869237yh4MLUUWoxLTbevAblkYSt81WuDO4Gya
PcWcB+zH4t2Y25W9yVoTKmaJSJPhT4ngNFSy7V8zKgVG2Vmz4YIuLRhd6N2/fGcd
FVSXw7uHZhrn+SEl+L6W
=tiwo
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqcPkACgkQmXOSYMts
txZ4uw/9Hej/LcL0HWcjPVYvTS/aESazHijvR4eX/nQwC5d01JjVprP63xk58W5W
qv/6hobuEiS/L3nlvTEleQ+NXmEFnt0SXme5bBYHl/BeWwHSd5fPQpOcPm/Wul39
L1SuaNcLkf/+dW8asr5X6R0zUrPRaUhAmIwaRy79u/vr/tdJoTygAt5xRWxYZYLT
etUYPpZPKNm5UVZ0Zb0ppJlTrQWJPRpuhsM9hXoL37fPOk7yDbXXzmfo4VkHrFVm
8RM7PZIa4rVkN6rH2cZyH3aPj11CRB2VHe09Zj/by86rgXFEbccO70MwPoE66w4Z
Q7rdAo6rx0MErcTAp/zx27IcFiQD9xfeDqbWG8By5CwaEACu2PwW2jl4FTy4UY2B
sFX05SKFnJE/tWuQCictvlJ2QMIoJCb5VLv3bjmaco2/hnrn2aPvfMReXVthWXlx
WkUNw9LoP8f4OC2v6I+SnliN9QM1JBQ3u2cEEF2ul8wksPFsRTBUqQhXtdoUFexO
TThtRmSkpbXe8ZHIaIFVnQWiUO28Z50lkZo+axLH+soxNVWUJD2MgzjKMLj70a9k
2PR9gZIC9UBLGtnQm3hWommFFWCCUhfGtnWY77SRrE5CuyI00c4qmWAQRfFpa+nM
1DWw8fIv9w7t+RJ+xxs3umwXcwBKQ8EMUMsyZhnvoFgFqy93ZYg=
=QpjP
-----END PGP SIGNATURE-----
Merge 3.10.96 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.96: (54 commits)
af_unix: fix incorrect revert of 'lock_interruptible' in stream receive code
x86/signal: Fix restart_syscall number for x32 tasks
xen/gntdev: Grant maps should not be subject to NUMA balancing
x86/xen: don't reset vcpu_info on a cancelled suspend
KVM: PPC: Book3S HV: Prohibit setting illegal transaction state in MSR
x86/reboot/quirks: Add iMac10,1 to pci_reboot_dmi_table[]
x86/boot: Double BOOT_HEAP_SIZE to 64KB
ipmi: move timer init to before irq is setup
ALSA: hda - Add Intel Lewisburg device IDs Audio
ALSA: hda - Apply pin fixup for HP ProBook 6550b
ALSA: rme96: Fix unexpected volume reset after rate changes
ALSA: hda - Add inverted dmic for Packard Bell DOTS
ALSA: hda - Set SKL+ hda controller power at freeze() and thaw()
ALSA: hda/realtek - Fix silent headphone output on MacPro 4,1 (v2)
ALSA: seq: Fix missing NULL check at remove_events ioctl
ALSA: seq: Fix race at timer setup and close
ALSA: timer: Harden slave timer list handling
ALSA: timer: Fix race among timer ioctls
ALSA: timer: Fix double unlink of active_list
ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode
ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode
ALSA: hrtimer: Fix stall by hrtimer_cancel()
ALSA: control: Avoid kernel warnings from tlv ioctl with numid 0
ASoC: wm8962: correct addresses for HPF_C_0/1
ASoC: arizona: Fix bclk for sample rates that are multiple of 4kHz
ASoC: compress: Fix compress device direction check
usb: xhci: fix config fail of FS hub behind a HS hub with MTT
USB: ipaq.c: fix a timeout loop
USB: cp210x: add ID for ELV Marble Sound Board 1
xhci: refuse loading if nousb is used
veth: don’t modify ip_summed; doing so treats packets with bad checksums as good.
ipv6/addrlabel: fix ip6addrlbl_get()
sctp: sctp should release assoc when sctp_make_abort_user return NULL in sctp_close
connector: bump skb->users before callback invocation
unix: properly account for FDs passed over unix sockets
bridge: Only call /sbin/bridge-stp for the initial network namespace
net: possible use after free in dst_release
tcp_yeah: don't set ssthresh below 2
phonet: properly unshare skbs in phonet_rcv()
isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
ppp, slip: Validate VJ compression slot parameters completely
team: Replace rcu_read_lock with a mutex in team_vlan_rx_kill_vid
powerpc/tm: Block signal return setting invalid MSR state
powerpc: Make value-returning atomics fully ordered
powerpc: Make {cmp}xchg* and their atomic_ versions fully ordered
scripts/recordmcount.pl: support data in text section on powerpc
arm64: fix building without CONFIG_UID16
arm64: Clear out any singlestep state on a ptrace detach operation
arm64: mm: ensure that the zero page is visible to the page table walker
parisc iommu: fix panic due to trying to allocate too large region
HID: core: Avoid uninitialized buffer access
openrisc: fix CONFIG_UID16 setting
mn10300: Select CONFIG_HAVE_UID16 to fix build failure
Linux 3.10.96
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
arch/mn10300/Kconfig
sound/core/timer.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJWowK8AAoJEDjbvchgkmk+sFIP/3HvyY47jKTX7ykzRa78wJZK
0ihPIOzV1OjgjvfRQZ4d6olGDMDuP5YbSAc0gHlIy71FO/cP7uPYSKZI9IrJAwSB
ZEovaAS05nhbA1UuJFZo9V7JVYSc4IXNH/QoMvzJS+Zrpr0v0tlnxQSvP3kaeQpL
Z5dbSd27XyzPp7gYM87Bn+OMkI1tPl+addyhqe7YwJ3MM7OUluLsZYxf30exoPjH
bdckbaXVi1U+WUzA1OI7XboOuKQZh6NT+ZixheB7EQPvbN5kxZRDQKtNJWjnk24d
ycU0KfGC1VntMULWhwJnn+elTxrQf0aVWkJcZM6xBri+g0BmGIli1DAD1WyYj3c7
NSPDlTiNFcm95SUgDpB2PvT7Bue6T/0kRadpZJNgpjZgLtVMXo0r62Lo9Y11Y9Oa
jRqSf7f7BsUJ+X3SDylcXXL60uiz5DOLpAyMp8TmI9JBh1hTymUhiHcEHR9iSUz+
0QOw6P/XKfIXVe0qhzSeWXaRCKIFZIwWrNMztfj2U/SZtAmsoQ76Lpx2jCf/nqGz
3IFAQ/dVhcfLRvOrcYPKFsMDWiLKMJNVTeKe2a9ywh8WCWajROfZvozm856dY42F
gUTUn2MsAnm2T+wNnYcFZo0y2i8EaA4FfjEYfoUeEgyIDqc3w8+YjvgCFwDldLr4
oMm63KBsozCC09L5rRpU
=8AjQ
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqcIwACgkQmXOSYMts
txZYsA//V8o4K4DIOIKDba1XSfocbydB4MyS8+rfavpSyRlrRdSdsR4p29mCY97H
R3fem9CXUaRbW0gvQszYvZ7QgE/GgBeqAhuqIZzpX45F/o573XaPTFW7lSK1e4F/
zn+kn7sww21AlQVoc6EMHyTWXqNtrKwwAaItUD7M4j5ZSYZ6b6FCPABSnJWLoNdl
mkl2VmxcuOc48jgN3TV/K0igy4JxJlj94Uz3fomHcYdzCE2knHpkI2mP4ThOrmmn
VWVr3F+IuX11J5Y9iR5DEzMq8KL9K+0P7P/k8xzuriYXi58+LYtiLZ0KgPU6vkLD
1TvOlO/Katv2GOr2nHW4xo/NNtabkL0OaovuSHisbnqk1HXZHUMMvePDm45LY0Wl
h/AdFlCJbt/8lF4I9VrYHCLKMa7kRnKl15vJLiMic5IWm3GSprtg7bOWYx0koUff
ic5y/VduP6lJ6xfMDMKAO5yPFssCjxU+VBpVHF1zFe2ipeHnlCpG+q457Ic/PhRc
iMXicZtGDVQ+l3T0RvJqpB03bx9vVV5M+EOOVY/esMUXIN2zE5jBVW3D1LSdcNq3
cHeK0lILycbF0SfC3J72ASusbhu+tut4XIYXZEYWcbhxANTRhEudRqa+MwHQXBr/
VTbkaYoCXRJBVMOG7lVZPveMMzTrDhqzOklmHn3VdCcPkY+yrfE=
=SyC6
-----END PGP SIGNATURE-----
Merge 3.10.95 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.95: (36 commits)
unix: avoid use-after-free in ep_remove_wait_queue
sctp: translate host order to network order when setting a hmacid
snmp: Remove duplicate OUTMCAST stat increment
net: qmi_wwan: add XS Stick W100-2 from 4G Systems
tcp: md5: fix lockdep annotation
tcp: initialize tp->copied_seq in case of cross SYN connection
net, scm: fix PaX detected msg_controllen overflow in scm_detach_fds
net: ipmr: fix static mfc/dev leaks on table destruction
net: ip6mr: fix static mfc/dev leaks on table destruction
broadcom: fix PHY_ID_BCM5481 entry in the id table
ipv6: distinguish frag queues by device for multicast and link-local packets
ipv6: sctp: implement sctp_v6_destroy_sock()
Btrfs: fix race leading to BUG_ON when running delalloc for nodatacow
ext4, jbd2: ensure entering into panic after recording an error in superblock
firewire: ohci: fix JMicron JMB38x IT context discovery
nfs4: start callback_ident at idr 1
nfs: if we have no valid attrs, then don't declare the attribute cache valid
USB: cdc_acm: Ignore Infineon Flash Loader utility
USB: cp210x: Remove CP2110 ID from compatibility list
USB: add quirk for devices with broken LPM
USB: whci-hcd: add check for dma mapping error
usb: Use the USB_SS_MULT() macro to decode burst multiplier for log message
gre6: allow to update all parameters via rtnl
atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation
sctp: update the netstamp_needed counter when copying sockets
ipv6: sctp: clone options to avoid use after free
net: add validation for the socket syscall protocol argument
sh_eth: fix kernel oops in skb_put()
pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
bluetooth: Validate socket address length in sco_sock_bind().
af_unix: Revert 'lock_interruptible' in stream receive code
KEYS: Fix race between key destruction and finding a keyring by name
KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring
KEYS: Fix race between read and revoke
KEYS: Fix keyring ref leak in join_session_keyring()
Linux 3.10.95
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
net/bluetooth/sco.c
net/unix/af_unix.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJWLskYAAoJEDjbvchgkmk+SuwP/151KbisBhxbvKfGEjdpp/CJ
4SVg8zEgRPhnlUoJKEpnWBf67I7SSz9FOpdG7x6CpA3sKbv3hiR3QYsD+L9HUIIN
MNHJyGaHkKkMoLWYj+WJXixy4gE1JLESgpxZ2JE979vdpFNzgIL+8W3DqxNO9deF
HzWv+VVX4SUeyd4O9uuVHsq7+NKgKzR2gAniRfeiYqw4Co/IMXNwV91nlS/Tt7E1
sqUw17UGLP0Jx5avI4o2P6e3nZhEAkzcPt8YIwBVN4PheNuUK5AHu5seGArUObiP
DfzFCsSgh6OJUSLawZ6Qw/zoJqDgWF8fBfDRbm+5vUJA49pF7xYG0dZFXkqHrCa1
SSYOi0H0OPnz/a5/qyW3jN8e3TEmoz6d58NetDUs6ogAoxpoCtR3m+OgfjXlRuvU
hIpA4GFa+duvatpAvYN+XFVJ1gUke1JGjBU+CKrZZFtE7M/hOWIw1FLcVkNzGun5
i/o9R05cW8muNcovFpipyW/vCpvBuG4qIiuHgn1H7iL0IxYvLxAI4RTPiLtN73Pi
MJ5E4CRpMJOvNZq01v5FD/VV6L9tgVGrdTg8PYkWGxE+e85E0ZMnqqfJ05jgxw4W
iOthNYpoIu0BFogljKXwMUjR8EzSLoe6tJoPzXWTndnCbSVii2Zigj6nFtUdZBqw
JK05rEMDE6+QVYABlhUu
=gSSH
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqcFMACgkQmXOSYMts
txb2+hAAsUnK2xFlpIhAXoy9PdEfCmbcUDc6rfToTv7e4JehC81IEEDiAE3+vwJh
mMwCkI1DkBEm9ECqvZLo4YiT2RZ0mkiuKn4mHdqbOZgVrJX+CMAlunwuVfBpZIab
fKjI2sJ7xf29s+TJfFgYw53iydnOgnhrOHrRXmGOWsPQMNPqvs+Vsk3ICaXQwtlx
TzWAZBonrKME2zpBgFK89JK9oaw8pzMF6hkFDcL65ZIWfE5M9xfxqW9DZ3mDRkeD
oo/qM7W38Sp9CN5PVgeXL2s+YnwIOhV/QzN8W2DuoMkGLPzmn5HmN/iIxjVpKSqR
bGVgwToxXYMXbjLrVn7SnwnpqZGkGcnkRPDH+Zc/OOdSrJqgf4VlkwFvwx3CSyXX
nW6OGWyw2Nt6zGJxRuXZtPdCO2tg0SPliU1bMVv9S+cHLcFbV0AlZONqKAweWMIS
5HXirtajV/SwciqWoSPFyuKa60Insusq4AvG5kQ6GnD1WN2IWIhslfkfAn4nmqEi
zn891Q8HlHPVOwH8WskvZ6mzlgUZo02Ve4AnQF0dmGzW9B7vI6sivJj9MQd536P1
aTuRNwZh/epY7K10DpcY3wnj7+0RAMQGdrcYGUxu0fzN1O7m67F9h8kElOuB81U6
ZVz75nDl8cQuLsuyHS28gza/2qQZwrP8bEpdAgVI5q67wHr7ATE=
=wnEo
-----END PGP SIGNATURE-----
Merge 3.10.92 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.92: (18 commits)
l2tp: protect tunnel->del_work by ref_count
af_unix: Convert the unix_sk macro to an inline function for type safety
af_unix: return data from multiple SKBs on recv() with MSG_PEEK flag
skbuff: Fix skb checksum flag on skb pull
skbuff: Fix skb checksum partial check.
net: add pfmemalloc check in sk_add_backlog()
ppp: don't override sk->sk_state in pppoe_flush_dev()
ethtool: Use kcalloc instead of kmalloc for ethtool_get_strings
asix: Don't reset PHY on if_up for ASIX 88772
asix: Do full reset during ax88772_bind
m68k/uaccess: Fix asm constraints for userspace access
crypto: sparc - initialize blkcipher.ivsize
crypto: ahash - ensure statesize is non-zero
i2c: rcar: enable RuntimePM before registering to the core
workqueue: make sure delayed work run in local cpu
dm thin: fix missing pool reference count decrement in pool_ctr error path
rbd: fix double free on rbd_dev->header_name
Linux 3.10.92
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJWKVdBAAoJEDjbvchgkmk+wnQP/0DzHATjkB3+8HRtYAbsKGCi
9dCZQKYpsBpySWF17aF+PV5sVRFE57K6wmVz39d2j4XkFN2JWXRf6xL9Y1kaJ6kN
D/jn5zsCoIgq5laUpaJaCbeIKsDb3GNx5QUNy55cqceRYekfPkrjj1ayGQ92rqQw
F0fwppAzNeX+dZFtRIN9+OcQ03VE4+vfF/NPqnVaCXKD13rB+967b/rWU6vTladT
jHlrWdR88MaPXbep1RS4wJk4d+YjTwlYMb1SfMXfE2QnjVkqpWVEOTO2uaVoSgC/
Ihu8C0+EHq8+tVnXU3XQlG+jsOwviYPf7m0y2uq5RNnOU3nlQMta20S10yGQhJNR
ccGYN0ZphTdgDRsFD89qaiGphQK0QsxTp/BqB/7+Vnekq4K2AzhW4I0CT3qWJnPl
44P7R4aQp14uSrrAG1VgCHpu8ZnFYlpdpD49oyvR/KAiRlPyMGrtKM4fas5193Mf
Yx0D9JkFtLXHMks4k6g408N+qtdB6+K/KhZTYU69rfUqFtChFOBwMYafYIGj3O+R
gypvTypjhmPq8+wcrBxLAIzTQcvfT+7/w1IYzA4ewhx3aQvsIwX55chu1rIES6W7
fp3z+3vzY2nEPfryDC5GfxaiZDUjO9TG5CMdO/+P0/1LPpK4E1xRx5Tvc3+D0gUw
UXjt6P13kTwiCE2rZBBf
=fw+q
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqcEoACgkQmXOSYMts
txa7kg/+PmSiTnE01uoWAdd2h3ejiUPmxKoNPAMWNI1dO45Ow5D5hdqW90usKkYW
17jGCQlIIuILe0ctm1ZeiIGUZtMlFsFxt1H+fbsNWVaiS3MctyjZeusWj9BpiQ+Y
MmeFsM+yDtvk1ODbiydPiRKa+bIolUE6B0f/EtDppmDylTQQvtMYCXC7Qlhpy2X0
JZqtF6X58laCvbyTb7n441+aorKoyIlFsR/+Lzg1GwC/xGs4wWWNhJ0ExcGNLWb+
Ngbmwg7RBrzo4MAmkQM+fo0jQSRYwRvL7gpjbxQyaxlY638uhEezb9vydqQ36R9w
DpwrWKzmzP2EgbtTHmNf7/5LxoGAM1Buqyqk2wYqru6aD04rBdJDKKP5S3LM9dC4
ThCBzddhRKh9hze7Vf/2yzye/Lm/pHfmWnXQJbHyEjdhb43ve6NbhZ235zsr8cSp
GS0y3bPvR4WcFf5ddfHlpUfiLEB0CJF1tJEN5i+u9roYjao27FNg2W++/8iwkOTr
nfQTXz8pgRoqr5XNIgr3L5bwd+3d78hN9IyZYj/yDwBu523iDTZa9SCWR4LUhh/3
UlmukWRLepyBU681xnGzUC25/qVQxsiiF6za3/fQS5CxvxM4++pjz4Z8eu4ei0SV
U1aGwpnI2M4tgUaJjIRGP6TFJmFFHSnV1xhkIr2sTlzTayk6HHE=
=ITb8
-----END PGP SIGNATURE-----
Merge 3.10.91 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.91: (55 commits)
scsi: fix scsi_error_handler vs. scsi_host_dev_release race
perf header: Fixup reading of HEADER_NRCPUS feature
ARM: 8429/1: disable GCC SRA optimization
windfarm: decrement client count when unregistering
x86/apic: Serialize LVTT and TSC_DEADLINE writes
x86/platform: Fix Geode LX timekeeping in the generic x86 build
Use WARN_ON_ONCE for missing X86_FEATURE_NRIPS
x86/mm: Set NX on gap between __ex_table and rodata
x86/xen: Support kexec/kdump in HVM guests by doing a soft reset
spi: Fix documentation of spi_alloc_master()
spi: spi-pxa2xx: Check status register to determine if SSSR_TINT is disabled
mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy a fault
ALSA: synth: Fix conflicting OSS device registration on AWE32
ASoC: fix broken pxa SoC support
ASoC: dwc: correct irq clear method
btrfs: skip waiting on ordered range for special files
staging: comedi: adl_pci7x3x: fix digital output on PCI-7230
dm btree: add ref counting ops for the leaves of top level btrees
USB: option: add ZTE PIDs
dm raid: fix round up of default region size
netfilter: nf_conntrack: Support expectations in different zones
disabling oplocks/leases via module parm enable_oplocks broken for SMB3
drm: Reject DRI1 hw lock ioctl functions for kms drivers
USB: whiteheat: fix potential null-deref at probe
usb: xhci: Clear XHCI_STATE_DYING on start
xhci: change xhci 1.0 only restrictions to support xhci 1.1
usb: xhci: Add support for URB_ZERO_PACKET to bulk/sg transfers
Initialize msg/shm IPC objects before doing ipc_addid()
ipvs: do not use random local source address for tunnels
ipvs: fix crash with sync protocol v0 and FTP
udf: Check length of extended attributes and allocation descriptors
regmap: debugfs: Ensure we don't underflow when printing access masks
regmap: debugfs: Don't bother actually printing when calculating max length
security: fix typo in security_task_prctl
usb: Use the USB_SS_MULT() macro to get the burst multiplier.
usb: Add device quirk for Logitech PTZ cameras
USB: Add reset-resume quirk for two Plantronics usb headphones.
MIPS: dma-default: Fix 32-bit fall back to GFP_DMA
md: flush ->event_work before stopping array.
powerpc/MSI: Fix race condition in tearing down MSI interrupts
UBI: Validate data_size
UBI: return ENOSPC if no enough space available
IB/qib: Change lkey table allocation to support more MRs
dcache: Handle escaped paths in prepend_path
vfs: Test for and handle paths that are unreachable from their mnt_root
arm64: readahead: fault retry breaks mmap file read random detection
m68k: Define asmlinkage_protect
bonding: correct the MAC address for "follow" fail_over_mac policy
fib_rules: Fix dump_rules() not to exit early
genirq: Fix race in register_irq_proc()
x86: Add 1/2/4/8 byte optimization to 64bit __copy_{from,to}_user_inatomic
dm cache: fix NULL pointer when switching from cleaner policy
staging: speakup: fix speakup-r regression
3w-9xxx: don't unmap bounce buffered commands
Linux 3.10.91
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
kernel/irq/proc.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJWDQYBAAoJEDjbvchgkmk+PrcQAICXm5q6InTIv16/Q2PKdny6
iydBdhM8sBUYt2fFv0hOJgEXgzQ1HeNQ4JLNrfUHocoSw6gTq4e7pFN4AsyhoZzy
DB2ZQ6cpxK6C3QPUa0C+zevoY/LsJac5TkNKT5RCxGRRolPgtTgtFw9RIXZdGPYo
3Fpt8xrwBp+SS6cXUH7j7hJEeSCpcDN3P8xq1DcAmLX1fm8At9MLOujyaILQis4U
oSaAinjg7rfTYbIpZFYix6B9F8PGqWe6/+bKLljhQhH7V7oR7aAyGKfKM53Gr1/h
Y0j+FbLxa9GNeYlR/Kw79fiX8fMpW88qGQ26rSAVIN7JtMReu7CBRHY7/hvTsyrR
wYywcHs9+zDUDlDMbp/v5ecTBkXVNRecEJpKtd7wQ7P4M79K3lR3Ar8sNxRvnP77
IHLBBNQTzOagZLQXWAYfTdmsWXjf1J4Ij673Ae1DZf2/mkSp/3wXslDYwHbrLIP4
WIYDlqc8B4+TxyJWNPXflfI6c2/nWU0ASYP/bMGGA9Kg+hReMW2DrGY0MTYCsfPg
uhu9hq8AW9JIEwA5t8sj4iebq2U1Nl1QgdpuwmgolmROwmie7zf6+yuK6e7XKpwe
A5vC7fDNTNmZOOo2tcNIH5QdHjrF/S19Re3dd1J44eBtkYiR4KM7vuBTMCrYf7r8
cknJgSXzT1VMvcpM84Zq
=w0iE
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqcAwACgkQmXOSYMts
txZtmA/+IzGuQW8ZtcxJgkca+QNgod6AW32WiH5btVRwRe0SiifT1vFSqIouKSWI
rwIG0E2qDpYMitydli5zooSF5pUGW+zzyKiNElBQhbBQvZuS2VxUBlaqRvWXIk6e
heDueAC/0OfXTuDRNf4Omj9BcI78881LTz/VUd3NKkOrf4qA6Xjjj8HGIlGgYO0h
UtkbsGP2QzWo51X1Ad2TqZbs0rFP0kO2dOHIohVd4QQKIxNctLOj2+5oYpgxyNnA
uxGOGQp5JnBOolclT2yVTuKLSHLRIzdqX+fB/swxoUjmeFMEsj8KEEtfZEIP+vP3
b0rhNReA/v0j5Z6r/0oKtwqWm4p2aBjjhmmloMNu8xmpyxCnS5o9zits3HEzJ8EL
MJ/NbRIhIGi2eLtGHn54+yS9MeX5AWurzLI+iNw8SBnDRKdbAMy0iki+puLtNP1f
OaNmH67mHXNTt5juowHAMmbqb7UAHSIpHR1AthpahRZ+nSob9Z1I8b7aTvjB96n0
sYBoe2eDIIFS6hqvkFh5pfv4uH9Ut171yu0G5fI7J9mfRsPuPhwmk0ZhBTby2a2n
u8XuJe5oOwMphYCAZELdkfU6Y8ZpNWGySV7nIxKIc7bnYsDP/PukzbGqoITgtxU8
W6CDDk8TVH0aCtnodpgiIvihYoPUc2FpodRD2aQRgcPVomO//wc=
=qmSH
-----END PGP SIGNATURE-----
Merge 3.10.90 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.90: (55 commits)
unshare: Unsharing a thread does not require unsharing a vm
rtlwifi: rtl8192cu: Add new device ID
tg3: Fix temperature reporting
mac80211: enable assoc check for mesh interfaces
arm64: kconfig: Move LIST_POISON to a safe value
arm64: compat: fix vfp save/restore across signal handlers in big-endian
arm64: head.S: initialise mdcr_el2 in el2_setup
ALSA: hda - Enable headphone jack detect on old Fujitsu laptops
ALSA: hda - Use ALC880_FIXUP_FUJITSU for FSC Amilo M1437
powerpc/mm: Fix pte_pagesize_index() crash on 4K w/64K hash
powerpc/rtas: Introduce rtas_get_sensor_fast() for IRQ handlers
Add radeon suspend/resume quirk for HP Compaq dc5750.
x86/mm: Initialize pmd_idx in page_table_range_init_count()
rc-core: fix remove uevent generation
NFSv4: don't set SETATTR for O_RDONLY|O_EXCL
NFS: nfs_set_pgio_error sometimes misses errors
parisc: Filter out spurious interrupts in PA-RISC irq handler
vmscan: fix increasing nr_isolated incurred by putback unevictable pages
fs: if a coredump already exists, unlink and recreate with O_EXCL
mmc: core: fix race condition in mmc_wait_data_done
md/raid10: always set reshape_safe when initializing reshape_position.
xen/gntdev: convert priv->lock to a mutex
hfs: fix B-tree corruption after insertion at position 0
IB/uverbs: reject invalid or unknown opcodes
IB/uverbs: Fix race between ib_uverbs_open and remove_one
IB/mlx4: Forbid using sysfs to change RoCE pkeys
IB/mlx4: Use correct SL on AH query under RoCE
hfs,hfsplus: cache pages correctly between bnode_create and bnode_free
sctp: fix ASCONF list handling
vhost/scsi: potential memory corruption
x86: bpf_jit: fix compilation of large bpf programs
ipv6: Make MLD packets to only be processed locally
net/tipc: initialize security state for new connection socket
bridge: mdb: zero out the local br_ip variable before use
net: pktgen: fix race between pktgen_thread_worker() and kthread_stop()
net: call rcu_read_lock early in process_backlog
net: Clone skb before setting peeked flag
net: Fix skb csum races when peeking
net: Fix skb_set_peeked use-after-free bug
bridge: mdb: fix double add notification
isdn/gigaset: reset tty->receive_room when attaching ser_gigaset
ipv6: lock socket in ip6_datagram_connect()
bonding: fix destruction of bond with devices different from arphrd_ether
inet: frags: fix defragmented packet's IP header for af_packet
netlink: don't hold mutex in rcu callback when releasing mmapd ring
rds: fix an integer overflow test in rds_info_getsockopt()
ip6_gre: release cached dst on tunnel removal
usbnet: Get EVENT_NO_RUNTIME_PM bit before it is cleared
ipv6: fix exthdrs offload registration in out_rt path
net/ipv6: Correct PIM6 mrt_lock handling
sctp: fix race on protocol/netns initialization
fib_rules: fix fib rule dumps across multiple skbs
vfs: Remove incorrect debugging WARN in prepend_path
Revert "iio: bmg160: IIO_BUFFER and IIO_TRIGGERED_BUFFER are required"
Linux 3.10.90
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJVv5fSAAoJEDjbvchgkmk+cCEP/08rxgFQc0/T4NHeojs8WJHm
lJKa+EqW9zEPiuCQ9b+MpXHHnvvwCLQ/aSW0f4kg6795jXW9xmea0iUDiGHV8sck
3M6Mg4rnrpOxfDUQYf6n1ajOGCtyCunjbekSD+qt5+gyjmj7Zn1xU+1iuyvaFouY
mnEH5VdBpOLkYLLH5mz996yFi95cSUrXUDNWEybUG0ce+T5rAPmwrzoqs6VAQ+8f
sPHYtWCY1Rdnww203L02Ske57GXk/yikEbEqTruVjg4i43XANfMUOYPZ6gfQV12J
Rzfb54XhXkMfgH5BYirKcAy3h/CMqw0AlxRWazyrJGshSIlw4Ftznrr1q9ba2720
4haXDmc5apJ0FG1Xl63+zhpQvJgKPAJ/BrFUqM7nQC4+IkcWNGfslygJCUcnoizT
SlmohUSYyeFZtqKtr5uO7FIVP6M73g7ZBDGOgWjWXTuFlqVCEM+14Tn/2acIBuBU
R5/c+ZNEjm/XQXHdHJIPNztG+hDxhHTrCtG8MwVabC+/2IjMyzJZFctEErKC7jI4
+n4TG2SfU06ypVHFRmhCc7xRrC29W0GYQ2nMgWVslL2E2cT3ttZeQA0osOT7vvtO
CgNZFub/bWXvhh9yeKeWr2tRijCcnjH4tK0Tf9SuY+JYz3lIkQb9MdaScuZKxl2g
mwDqJkXxXNwaNI6KeL09
=OvlT
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqbtgACgkQmXOSYMts
txZsgQ/6AsdHDYDrjM4MPw0EGej1oLq3QlYuCfRSFhtPYVPimDZJ7uc+8s5Cx143
M1ifgn9ZFXhteg0sMnwbV410CXaqc/4WZWnj0yMpTsP/SoMWPs/3gJhc+9wYnFvD
nP95ykDsH/vXlMyLjreQTZaRRhUWhMjJ8zTkzC+HaPw71B6k+KKBDEwdkxgu8u7p
TihWxAjqKULv41on088TdzX33lBsFD57z9JASjC27gxtlxBdYZsU3ZR1LiYHrXSb
Mc9CiETcj7reBQZzLo+IkLQK5S3WxMo/wMAUGh+20i4iEn07HGymsSgg1YsjtJ/a
aSmnqwPnGdcipM+RY0G4pGV4bit6OUp5La32rXnFGpp7JTYebp3C5f2NJGs/I7HY
KVwhmbS9lfHA8fpS6IG/WF/by9DsR/VTenBkCX3sQ3fggnkmIDceVv+TdnaITik0
/edZYK3vhENXfzeP1ZzpxE5husF9s63RwoStMvrEJot406KN72EBkrXcr0r2Jx/t
gzq+HSua929RjwE6MNMRMXPgGZA0if7JoWMXnBVHfWDFzvjgq68nI406imPN4ENM
kPJhclaHI+sgedO3PXlmnVSa44re37PQlUlQkmGGJjIRjWeI/GOC78+StDvRiJnn
4rj30RgwOJPvYTCpFPCjwNlkBlBPw79XiHaqIR5uU7uMCqhZ4E4=
=xdrR
-----END PGP SIGNATURE-----
Merge 3.10.85 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.85: (90 commits)
ipr: Increase default adapter init stage change timeout
Disable write buffering on Toshiba ToPIC95
ALSA: hda - Add headset support to Acer Aspire V5
ALSA: hda - Fix the dock headphone output on Fujitsu Lifebook E780
ARC: add compiler barrier to LLSC based cmpxchg
arm64: Do not attempt to use init_mm in reset_context()
arm64: mm: Fix freeing of the wrong memmap entries with !SPARSEMEM_VMEMMAP
arm64: vdso: work-around broken ELF toolchains in Makefile
cpuidle / menu: Return (-1) if there are no suitable states
regmap: Fix regmap_bulk_read in BE mode
regulator: core: fix constraints output buffer
spi: pl022: Specify 'num-cs' property as required in devicetree binding
mtd: fix: avoid race condition when accessing mtd->usecount
mtd: dc21285: use raw spinlock functions for nw_gpio_lock
pinctrl: mvebu: armada-370: fix spi0 pin description
pinctrl: mvebu: armada-xp: remove non-existing NAND pins
pinctrl: mvebu: armada-xp: remove non-existing VDD cpu_pd functions
pinctrl: mvebu: armada-xp: fix functions of MPP48
Bluetooth: btusb: Fix memory leak in Intel setup routine
ath9k: fix DMA stop sequence for AR9003+
staging: rtl8712: prevent buffer overrun in recvbuf2recvframe
ext4: fix race between truncate and __ext4_journalled_writepage()
ext4: call sync_blockdev() before invalidate_bdev() in put_super()
ext4: don't retry file block mapping on bigalloc fs with non-extent file
ext4: fix reservation release on invalidatepage for delalloc fs
ext4: be more strict when migrating to non-extent based file
ext4: correctly migrate a file with a hole at the beginning
ext4: replace open coded nofail allocation in ext4_free_blocks()
jbd2: use GFP_NOFS in jbd2_cleanup_journal_tail()
jbd2: fix ocfs2 corrupt when updating journal superblock fails
i2c: at91: fix a race condition when using the DMA controller
iio: DAC: ad5624r_spi: fix bit shift of output data value
af9013: Don't accept invalid bandwidth
s5h1420: fix a buffer overflow when checking userspace params
cx24116: fix a buffer overflow when checking userspace params
ASoC: wm8737: Fixup setting VMID Impedance control register
ASoC: wm8955: Fix setting wrong register for WM8955_K_8_0_MASK bits
ASoC: wm8903: Fix define for WM8903_VMID_RES_250K
ASoC: wm8960: the enum of "DAC Polarity" should be wm8960_enum[1]
libata: add ATA_HORKAGE_BROKEN_FPDMA_AA quirk for HP 250GB SATA disk VB0250EAVER
libata: increase the timeout when setting transfer mode
usb: dwc3: gadget: return error if command sent to DGCMD register fails
usb: dwc3: gadget: return error if command sent to DEPCMD register fails
usb: dwc3: Reset the transfer resource index on SET_INTERFACE
USB: devio: fix a condition in async_completed()
USB: cp210x: add ID for Aruba Networks controllers
USB: option: add 2020:4000 ID
usb: xhci: Bugfix for NULL pointer deference in xhci_endpoint_init() function
dm btree remove: fix bug in redistribute3
dm btree: silence lockdep lock inversion in dm_btree_del()
mmc: block: Add missing mmc_blk_put() in power_ro_lock_show()
drm/qxl: Do not cause spice-server to clean our objects
drm/radeon: take the mode_config mutex when dealing with hpds (v2)
drm/radeon: Don't flush the GART TLB if rdev->gart.ptr == NULL
drm: add a check for x/y in drm_mode_setcrtc
xfs: fix remote symlinks on V5/CRC filesystems
vTPM: set virtual device before passing to ibmvtpm_reset_crq
libata: add ATA_HORKAGE_NOTRIM
libata: force disable trim for SuperSSpeed S238
tracing/filter: Do not WARN on operand count going below zero
tracing/filter: Do not allow infix to exceed end of string
tracing: Have branch tracer use recursive field of task struct
dmaengine: mv_xor: bug fix for racing condition in descriptors cleanup
hwmon: (mcp3021) Fix broken output scaling
md: fix a build warning
Btrfs: use kmem_cache_free when freeing entry in inode cache
fuse: initialize fc->release before calling it
crush: fix a bug in tree bucket decode
ACPICA: Tables: Fix an issue that FACS initialization is performed twice
iscsi-target: Convert iscsi_thread_set usage to kthread.h
iser-target: Fix possible deadlock in RDMA_CM connection error
iser-target: release stale iser connections
mmc: card: Fixup request missing in mmc_blk_issue_rw_rq
__bitmap_parselist: fix bug in empty string handling
mac80211: prevent possible crypto tx tailroom corruption
USB: usbfs: allow URBs to be reaped after disconnection
watchdog: omap: assert the counter being stopped before reprogramming
NFS: Fix size of NFSACL SETACL operations
fixing infinite OPEN loop in 4.0 stateid recovery
nfs: increase size of EXCHANGE_ID name string buffer
SUNRPC: Fix a memory leak in the backchannel code
9p: forgetting to cancel request on interrupted zero-copy RPC
9p: don't leave a half-initialized inode sitting around
rbd: use GFP_NOIO in rbd_obj_request_create()
agp/intel: Fix typo in needs_ilk_vtd_wa()
hpfs: hpfs_error: Remove static buffer, use vsprintf extension %pV instead
Fix firmware loader uevent buffer NULL pointer dereference
qla2xxx: Mark port lost when we receive an RSCN for it.
MIPS: KVM: Do not sign extend on unsigned MMIO load
Linux 3.10.85
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
drivers/usb/dwc3/gadget.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJVl0l6AAoJEDjbvchgkmk+zxsP/inK1pJeQd3q7k8/e8vg60yi
vtyuLZwcgZ5LqBeMBRYwXM5TRVgMsKYltIzLmZj/foK5cH+SrpANrFXZrjl6T32x
k1UMd/xY5yoylGmNdIUnLjgxMCQ0XCBVhASA7Xvh6OEdMinVmcgsoB8OJSrcQZy+
5HL30uBDO2QtBWLaioZikLie77JoDLQmCM83otlSsWd6f0A0eCRRJzJ7zS9UUxR1
wA1eNmhwvbGVQE1FNmBMhAdh7kSRkaR6wrOcn2qDoNXiZ87wVnKUSrKXxrXo1E3z
fFtui6dJUYlyjskfkFM+KJ8FaGkjShVWh9VJGQs3x3WGlQMZTrDhoOsKbwl8iFyl
58cJ/vojCe76pbxcL1g+koPRAe917C6yV7nR+yRi7Epsv5NwWwQfsR7OmMwIAulj
QIxqPos1a33DdNdesPYrZfUG1vcZ1JhNko4G8CIr5OmrPcZPe6QI1X3qwaM52ML0
nTDwjHxZGiruNl4OkDHfwX+aOXWKqJivqzWA239XDePz/peNL0DZJFCFc9Ado1h5
2bt1gNxn1Oiy0TPlDr3wLwjBjcYXIwICxGj0Hqh9hUv+IRL4JkfBUhG68koCgc2i
KbKZZioPamF7MvMukahF87f/SMOXYPhqs7pSKR9zzkzwLFBNpZ6h+rYvii8xB4LX
LztDlieyin8YFXI9MbM2
=YwGL
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqbKIACgkQmXOSYMts
txZZPg//fMdsCYndbngE1i784SkIo80ilvQkEfIvIXA6YlT+BSW0DedZ4yE1nMED
cf3NIaIYxtId6MyTqA7HUBZnq/j2Xoa4f3Nq9cY0S3X0NJjLRD8fd9LxGy0iUWkn
BiODFt/lXB8OiMCpAsV8u7/71oTeRC3RyKOHGjkyMT1+sGzWDzdq688R4/ZmajoF
nKjL6tBwSFmWY7yyCoJB+5me4UTHmM5hh0dq8JoOUTYdhoJtN8nBK79yOd5VJazZ
B2MmSPNgnGD0ieFY6yTa0WbpbM2vZGzJSAnRFdb9WpOh5LGcQ2Tbz/+kD5uRzQNQ
lykb+jhPaNYo3v60ufVK3Jhfy1si2O36V2GibZgDiJFcN3tgi5666Ho6PnB6dFs2
V9NxBChAdeRHd5eLfDvO5mZxZtnnO45zvoVT4BVjqBFXA66RIVENw2bYvS7NFSUw
K1e6YyUjV3WAd7Rmo4/tYPVfvwecEmC/vqMyXIugl5rOZ/5i8mol9qCU8tR6+JOQ
cWKWsJIPZebSUGZ6ByTR7v22UxwRwL8vAir5UwX5Qxa6HnfcefXjrcxgn854ORr8
nVSjRsJ8Q4cdC73Uja3gXmzcQkk67INWHfGqJBfS4nKSJrxD1WE1iPXTev9wlG7a
h7m3j0XudE2dNN/8EFat8GBuedekIu0K1AYx6ESTAWMvXIzOSX4=
=8vm4
-----END PGP SIGNATURE-----
Merge 3.10.83 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.83: (23 commits)
fput: turn "list_head delayed_fput_list" into llist_head
get rid of s_files and files_lock
config: Enable NEED_DMA_MAP_STATE by default when SWIOTLB is selected
netfilter: nfnetlink_cthelper: Remove 'const' and '&' to avoid warnings
netfilter: Zero the tuple in nfnl_cthelper_parse_tuple()
include/linux/sched.h: don't use task->pid/tgid in same_thread_group/has_group_leader_pid
__ptrace_may_access() should not deny sub-threads
ACPICA: Utilities: Cleanup to convert physical address printing formats.
ACPICA: Utilities: Cleanup to remove useless ACPI_PRINTF/FORMAT_xxx helpers.
sb_edac: Fix erroneous bytes->gigabytes conversion
hpsa: refine the pci enable/disable handling
hpsa: add missing pci_set_master in kdump path
fs: take i_mutex during prepare_binprm for set[ug]id executables
x86/microcode/intel: Guard against stack overflow in the loader
Btrfs: make xattr replace operations atomic
xfrm: Increase the garbage collector threshold
ipv6: prevent fib6_run_gc() contention
ipv6: update ip6_rt_last_gc every time GC is run
d_walk() might skip too much
ARM: clk-imx6q: refine sata's parent
KVM: nSVM: Check for NRIPS support before updating control field
bus: mvebu: pass the coherency availability information at init time
Linux 3.10.83
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
fs/exec.c
fs/super.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJVcpElAAoJEDjbvchgkmk+19UP/AyyYNDVLsjpZUvoK+In6n8u
O65FZ0nCoA/pGs+tvXzLlXAv/0wdMTOcFD4OqQy0OS+DmgyMR/QxJHf7OVlaerUn
9Nb6aqTp4y6b82mi9qbr/sEGvR9gE9mZqE5pFNojR7fSW4KDEPm5V5FEk4qgEG4d
8MWXuX5GsTyIzDNjTUGsg/DyDoxuqFhUlv5CP4I8JFExCqea2o/HSH3AZCfVyWla
bloovnFBknjCgIEZPX5S///BRdktZ35tnz/K3JEsgPf0v9eFYlRDmqKT1MKxbp6X
pjScyuR1VtrGzUTrQU6nzXM4AbfqbPAFSKn98aLTPA8YOEgdLzpoxrW3hM4OrURu
2yVnfNZiou6qzHXMphCFnHnm5igCwh89os40I9jBxNfVPc3DBqH2jM4juFw4EGYO
4q1VHSN7gYOEQiqjG/NEruc4JPKHHqvmWyYwWiLLmEqGegTmOUqZDxJRnpXhyvuj
o2cSsepoMSWjQh1RLt8q0mzJ99Va6FN1DjyCC/5J5xASij2mfsSHMbAa5e/PrzhN
MGuuBdNvUfUfTozeBL38kkUizG6jovyo/CyjPayO65dVCxHLPbyL/kQv29OpV7L1
uZXL/UsHbLweDn6XCceiEARj36eFOW5mL3UbdgAtGHze4kB4fE0OtA00BqPqZsPP
hpE6S9BsLSxsbkNqMqXg
=dmNW
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqbBUACgkQmXOSYMts
txYKrQ/+NJ8kUv5i25sy6Tvj+fXrCEJIXUU8CO+2uif7MrNTMsm/z4sjGMAG4E1C
ZeJNVIV9ydhuLb1suErwChaFvEAMP+pI+6kg+5mdLZZx4JSok7hBwtUtBQ8vIJfr
9oLWN0ceaHbtxuSv/T93H5c35LVlsX6v6IV16ffF6dF/2kYd8Dwsm/g993zPZ6aO
x2+uj/+knf7xH5hmPaWaXwfp2fQtGGNK7T46s1th7WMuEIr+Fp0LHLIdWzOafQuu
dFIqCDKIbyNdpH6NBa8ZrbKvwcWqfVbw1YZiz7WULvw9LH8wUPdz3I9HPJf1uoWh
JR/rTVARWKOhYWitOaJOhsbTcMeYbj1cl910Zl/PjTDvGN9MKsbMQQnBMmeFbJcI
01EOeZR4Yxv/LBgLx1kVVbjlec5wG7fGd4DeBDlvBsT9NFJKUnek2ugbTI6ZUmt/
g+q5/MHaZaMdT3H3I7LC56FMDTzcMIFwH8yFtfN4HREeIMFTNeFgwqaKRCdBV5pX
zCrpVIG3MNte41MMfFdWmSfbteD/i3s2exOGdOi62IV1bu6Z+JGOzjNnqqSHvPIb
+jbU4ILOsG4zbn2a+zRZ03zb5D2TjaaEK+td0cZI4fptsB1NsBlfUsvdxAHGENIN
3/57Ghh8hUXgsvmmPx6C8I79vYNean8up+FkYOX5/gyxLP0+9a4=
=xlgy
-----END PGP SIGNATURE-----
Merge 3.10.80 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.80: (46 commits)
staging: wlags49_h2: fix extern inline functions
drm/i915: Fix declaration of intel_gmbus_{is_forced_bit/is_port_falid}
staging, rtl8192e, LLVMLinux: Change extern inline to static inline
staging: rtl8712, rtl8712: avoid lots of build warnings
staging, rtl8192e, LLVMLinux: Remove unused inline prototype
kernel: use the gnu89 standard explicitly
net: socket: Fix the wrong returns for recvmsg and sendmsg
KVM: MMU: fix CR4.SMEP=1, CR0.WP=0 with shadow pages
fs, omfs: add NULL terminator in the end up the token list
lguest: fix out-by-one error in address checking.
libceph: request a new osdmap if lingering request maps to no osd
hwmon: (ntc_thermistor) Ensure iio channel is of type IIO_VOLTAGE
lib: Fix strnlen_user() to not touch memory after specified maximum
d_walk() might skip too much
ALSA: hda - Add Conexant codecs CX20721, CX20722, CX20723 and CX20724
ALSA: hda - Add headphone quirk for Lifebook E752
ASoC: mc13783: Fix wrong mask value used in mc13xxx_reg_rmw() calls
ASoC: wm8960: fix "RINPUT3" audio route error
ASoC: wm8994: correct BCLK DIV 348 to 384
target/pscsi: Don't leak scsi_host if hba is VIRTUAL_HOST
xhci: fix isoc endpoint dequeue from advancing too far on transaction error
xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256
xhci: gracefully handle xhci_irq dead device
USB: visor: Match I330 phone more precisely
USB: pl2303: Remove support for Samsung I330
USB: cp210x: add ID for KCF Technologies PRN device
usb-storage: Add NO_WP_DETECT quirk for Lacie 059f:0651 devices
usb: gadget: configfs: Fix interfaces array NULL-termination
powerpc: Align TOC to 256 bytes
mmc: atmel-mci: fix bad variable type for clkdiv
ext4: convert write_begin methods to stable_page_writes semantics
ext4: check for zero length extent explicitly
libata: Add helper to determine when PHY events should be ignored
libata: Ignore spurious PHY event on LPM policy change
rt2x00: add new rt2800usb device DWA 130
crypto: s390/ghash - Fix incorrect ghash icv buffer handling.
ARM: dts: imx27: only map 4 Kbyte for fec registers
ARM: fix missing syscall trace exit
svcrpc: fix potential GSSX_ACCEPT_SEC_CONTEXT decoding failures
md/raid5: don't record new size if resize_stripes fails.
rtlwifi: rtl8192cu: Fix kernel deadlock
Input: elantech - fix semi-mt protocol for v3 HW
ACPI / init: Fix the ordering of acpi_reserve_resources()
vfs: read file_handle only once in handle_to_path
fs/binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings
Linux 3.10.80
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJVSnIfAAoJEDjbvchgkmk+oZYQAMVn7/47hP0u6+24fUyyUM1i
3X58qPhPQJU+BHVTY67JXjBbc5RqXA45JXLXeZSL1oExD7mWmj6CTndqB4dogegE
OB+6D4eQpQwtURfNpEuFYBqKp5vQkHf8e5BMi1JKxX7dMgf6rQbUkI4Di93PfL0M
4kqyW2R6ZJICdvKgiLiRrHE1NINjt0eEWL+v2NF4S6U68/8pT29GyZKi1y+lX9rN
Qt7Gs8XBBIznfX3rb+L56Qk4SbCRnKw+5PyPoeg9r738Kh4977BmZG8C1IJBhZ5+
uBwDTjbrcBvnu3fjjav0OioFD0HmOqaQMPZ+xgGgo7GX339dQDgzY+THpiLKxxcj
qei4sZQB4mHrufiHpVnr6gZa9Sk6OptASqAlPfLOgLoUxNDb50IzRjW9Zwt9fXrd
thsDXXzh06RBLP89mgR95P92MC9+SuURAhCHD0iSgcjjkCV/rcrQKB1msT1uo+1f
Crf2uZa0g4ir7rUqUxrcsIoQL+3gCIY0DuFghyQEB655M6ANSJ/gbX4Q+x1NroDr
JSZkahuB6L1zxABUurbaeFpUzVbaWe+B3ZllKmF47U/fXA9wsRSv6mKOjg+eW39J
xGNfnoCtIfQSUtz/NszH7yrV1TE19jQs52A110cBcjOHBTTJtzmvXFm8QGSCLQKC
avMvZ84NgBOeaX73Rqzz
=wnEX
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqa+8ACgkQmXOSYMts
txZfIw//VQ0vu6wCHmmGgw2Cul8SOz9pO7udVa8zLcGFJqrcnWMkkks2sxun+3p8
91Zij1fMjGCjOEaw5NG0AOWi5rBFdMnM1egXJ7oEMgQcm5uxbGejh0dmUSI02kqn
5v9WLWXDLEjYUyeZnPCMG9C7NR30XNf+9ZfeLKc8qzGtUX4V2D5br6TK1YTxs0Tc
Jqtl6jWwmHVu9RMFKsrxnEtaBM3ZqhudUc9f1oaDLm5WuXO1QHoEWlb0KVxQy5/z
nbNX7vj3Bz1yPS0IsSYsGssf5/DUpR+XEcU1gAD+qkdY1Y2jmeFhhOjY1M281txU
1dLYDzqaTKPtU4z9X4WDpQgDrUGMx4kcrTgOAUN6ejmB9dNW0+2XvE8pF0WdghCv
UpVaoLXVTAT/9wLhqUEH4Q7bnTjEqceTNx6McpGPt2i1FY3D5VUU9DgXKcPA5IkI
vc/uFWx/EYKUGQxDWVAlSB0Tcpb/OWba5QQxFsZWNCAo5JSrhmnTthnAe7cqeqex
0xFWhGzE3NWGZQ68Lt/pucPH6TiISIsw6i173IreGijQdFEkHAiGteRhfvYIhDpo
s5Tr3V4hEVhzUwJjwTfigzkT01Vg4LLm+BcCJAtV8hySFIaJbuBq+gIK7UcsNon4
wlAgLhjWi/YNpnCDULJOwQlkBwgMvYLeur0PfT5dhMJWHxT8T5s=
=SSUg
-----END PGP SIGNATURE-----
Merge 3.10.77 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.77: (65 commits)
ip_forward: Drop frames with attached skb->sk
tcp: fix possible deadlock in tcp_send_fin()
tcp: avoid looping in tcp_send_fin()
Btrfs: fix log tree corruption when fs mounted with -o discard
Btrfs: fix inode eviction infinite loop after cloning into it
usb: gadget: composite: enable BESL support
KVM: s390: Zero out current VMDB of STSI before including level3 data.
s390/hibernate: fix save and restore of kernel text section
KVM: use slowpath for cross page cached accesses
MIPS: Hibernate: flush TLB entries earlier
cdc-wdm: fix endianness bug in debug statements
spi: spidev: fix possible arithmetic overflow for multi-transfer message
ring-buffer: Replace this_cpu_*() with __this_cpu_*()
power_supply: lp8788-charger: Fix leaked power supply on probe fail
ARM: 8320/1: fix integer overflow in ELF_ET_DYN_BASE
ARM: S3C64XX: Use fixed IRQ bases to avoid conflicts on Cragganmore
usb: phy: Find the right match in devm_usb_phy_match
usb: define a generic USB_RESUME_TIMEOUT macro
usb: host: r8a66597: use new USB_RESUME_TIMEOUT
usb: host: isp116x: use new USB_RESUME_TIMEOUT
usb: host: xhci: use new USB_RESUME_TIMEOUT
usb: host: sl811: use new USB_RESUME_TIMEOUT
usb: core: hub: use new USB_RESUME_TIMEOUT
ALSA: emu10k1: don't deadlock in proc-functions
Input: elantech - fix absolute mode setting on some ASUS laptops
fs/binfmt_elf.c: fix bug in loading of PIE binaries
ptrace: fix race between ptrace_resume() and wait_task_stopped()
rtlwifi: rtl8192cu: Add new USB ID
rtlwifi: rtl8192cu: Add new device ID
parport: disable PC-style parallel port support on cris
drivers: parport: Kconfig: exclude h8300 for PARPORT_PC
console: Disable VGA text console support on cris
video: vgacon: Don't build on arm64
arm64: kernel: compiling issue, need delete read_current_timer()
ext4: make fsync to sync parent dir in no-journal for real this time
powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH
tools/power turbostat: Use $(CURDIR) instead of $(PWD) and add support for O= option in Makefile
UBI: account for bitflips in both the VID header and data
UBI: fix out of bounds write
UBI: initialize LEB number variable
UBI: fix check for "too many bytes"
scsi: storvsc: Fix a bug in copy_from_bounce_buffer()
drivers: parport: Kconfig: exclude arm64 for PARPORT_PC
ACPICA: Utilities: split IO address types from data type models.
xtensa: xtfpga: fix hardware lockup caused by LCD driver
xtensa: provide __NR_sync_file_range2 instead of __NR_sync_file_range
Drivers: hv: vmbus: Fix a bug in the error path in vmbus_open()
mvsas: fix panic on expander attached SATA devices
stk1160: Make sure current buffer is released
IB/core: disallow registering 0-sized memory region
IB/core: don't disallow registering region starting at 0x0
IB/mlx4: Fix WQE LSO segment calculation
i2c: core: Export bus recovery functions
drm/radeon: fix doublescan modes (v2)
drm/i915: cope with large i2c transfers
RCU pathwalk breakage when running into a symlink overmounting something
ksoftirqd: Enable IRQs and call cond_resched() before poking RCU
e1000: add dummy allocator to fix race condition between mtu change and netpoll
lib: memzero_explicit: use barrier instead of OPTIMIZER_HIDE_VAR
wl18xx: show rx_frames_per_rates as an array as it really is
C6x: time: Ensure consistency in __init
memstick: mspro_block: add missing curly braces
nosave: consolidate __nosave_{begin,end} in <asm/sections.h>
s390: Fix build error
Linux 3.10.77
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
arch/arm64/kernel/time.c
fs/ext4/namei.c
This will come back as commit 1ad9a25dd0 ("mm: larger stack guard gap,
between vmas") in 3.10.107 and it causes a conflict with 3.10.76.
This reverts commit 25cd784141.
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJVM2NqAAoJEDjbvchgkmk+YtIQAKHNWU09GUrIxzg2va+9cVYI
pCyiUHd1JF/DLmWQG4TeBn4OowIqvwOuljPDg/0RoVrfX2cx33oAyo+R6Cgyay5c
1s7hPgTIsrV5QHTTWODXsV48fWE/AsqFqw01XvMnhMgFPRc3859Thh9zy29fwxjR
2xlzf5GBtWfmmuSLO8TtC1FOnvi7BuNKvhMR/5pJZ40kS1vpw6qpJvMPMSR2hEVT
fFfO87c9XPUhh94kRhMIaDoMk7OeZFbr0R7IJCW1WcUJVqFP8YQOK/YYLQmJERjG
OnGOF5W2VKGV0lWdMJ+NiNKZ3eLAjMHHqvzqbhl8ANU7AkRsw8bvwZeXjJJGFcqS
L9Ik94MakuuZDypyejZCC3QmlCGQUjR0PjmNGhuXZlPn63y0/dlxCEHlBxUdvdHh
OkfNDPMXqbRFzQ6ASjOPW0O41KiTOIw2oGezFkQRxq65KkGmBiCrHaEqmUtBLoP6
s5xPf7quMOvINn5GTEBTpZjGz4mH2UadCoRVXJ27Wn+KAxZqJgwpGodoyk+lHMc/
Xo3ndTVJGPnwKgAixkOINusEY2ne/TWyjPlGQBju/NoVTXsotdCf8HDtbRCY0mj4
EkxytoSnoI7/S2jGSFoUB8uDQuoQgveOSfe1IxUmWvBaIuUKHtM8h4n6f+Os7BzG
S+lI/rnXJHBkB8Oz1AGv
=vntV
-----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEJDfLduVEy2qz2d/TmXOSYMtstxYFAlpqaNgACgkQmXOSYMts
txaJrQ/+OLQnIVrcr0DdA1ZElDmt186GuGE4sNRorp8F+zNEmRKOwz0qXG8YmXq0
UzM9CvwYWdKtBVZFkFqOEEivgtrgmtcB8BEtki+MmOcQS0iMJD4XyZdwbgG1UUn/
JyQQcSLa4Bde2xkUEn/VUcxYjYYbwmhywYDIS0ApxMotFHu7NSVvtyYYUhnZXYmv
u3110UKu1va2R8gnxv9jN0PIe3yfFb5DaSQHrPcGkjeLhRM2W1ae2KYG1oBG7Yo/
7OCdRjGJTz+Hxzt1zGl1g6ROWZesy9/hnC+kWOif2QSkSEckWbM32dcCpQUh6Cmw
8GUs9yV7c8nMvNB8GWMGn8z8Mur5opt1r/FbVifgzlDZ8irFeVa5qkIVbdgCI4P1
cPui1+2Rgsocn5HbEoGNjGONtsn20YzC4EI2vWPkZVJirMB6J1HRLT8WGOLXoFB5
SnnDzLPnk7qAb5xIiAg1TaogrRk+2vwyHEf65OpAFGlYYL7Ng5019Zj4eetWO9OW
zZ7+kLSw8AWK5MTpZbLWVn6571oKenstNQM6nfOLkDH/YIXN4Q1JWIJSLG/Fcg+/
AY1hCKiJ0S3NipuHDQjCPA8es+AoIeHSLTKJPQ0I3AH36thEGIIFMiPAC1BRq+eX
ebmtn0N+ZErt3RTx/SBS80qfBJzakoU0dmdZOrT6+nQdZjhtqEU=
=uI+2
-----END PGP SIGNATURE-----
Merge 3.10.75 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.75: (35 commits)
ALSA: hda - Add one more node in the EAPD supporting candidate list
ALSA: usb - Creative USB X-Fi Pro SB1095 volume knob support
ALSA: hda - Fix headphone pin config for Lifebook T731
selinux: fix sel_write_enforce broken return value
tcp: Fix crash in TCP Fast Open
IB/core: Avoid leakage from kernel to user space
IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic
iwlwifi: dvm: run INIT firmware again upon .start()
nbd: fix possible memory leak
mm/memory hotplug: postpone the reset of obsolete pgdat
writeback: add missing INITIAL_JIFFIES init in global_update_bandwidth()
writeback: fix possible underflow in write bandwidth calculation
radeon: Do not directly dereference pointers to BIOS area.
USB: ftdi_sio: Added custom PID for Synapse Wireless product
USB: ftdi_sio: Use jtag quirk for SNAP Connect E10
Defer processing of REQ_PREEMPT requests for blocked devices
iio: inv_mpu6050: Clear timestamps fifo while resetting hardware fifo
iio: imu: Use iio_trigger_get for indio_dev->trig assignment
dmaengine: omap-dma: Fix memory leak when terminating running transfer
cpuidle: ACPI: do not overwrite name and description of C0
usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers
cifs: fix use-after-free bug in find_writable_file
be2iscsi: Fix kernel panic when device initialization fails
ocfs2: _really_ sync the right range
iscsi target: fix oops when adding reject pdu
media: s5p-mfc: fix mmap support for 64bit arch
core, nfqueue, openvswitch: fix compilation warning
ipc: fix compat msgrcv with negative msgtyp
net: rds: use correct size for max unacked packets and bytes
net: llc: use correct size for sysctl timeout entries
kernel.h: define u8, s8, u32, etc. limits
IB/mlx4: Saturate RoCE port PMA counters in case of overflow
console: Fix console name size mismatch
pagemap: do not leak physical addresses to non-privileged userspace
Linux 3.10.75
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
fs/proc/task_mmu.c
include/linux/kernel.h
commit bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb
Andrey Konovalov reported a possible out-of-bounds problem for a USB interface
association descriptor. He writes:
It seems there's no proper size check of a USB_DT_INTERFACE_ASSOCIATION
descriptor. It's only checked that the size is >= 2 in
usb_parse_configuration(), so find_iad() might do out-of-bounds access
to intf_assoc->bInterfaceCount.
And he's right, we don't check for crazy descriptors of this type very well, so
resolve this problem. Yet another issue found by syzkaller...
Bug: 69052055
Change-Id: I2cc3b5a66d16abd0fc567d69457fc90a45eb12d8
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
It has been claimed that the PG implementation of 'su' has security
vulnerabilities even when disabled. Unfortunately, the people that
find these vulnerabilities often like to keep them private so they
can profit from exploits while leaving users exposed to malicious
hackers.
In order to reduce the attack surface for vulnerabilites, it is
therefore necessary to make 'su' completely inaccessible when it
is not in use (except by the root and system users).
Change-Id: I79716c72f74d0b7af34ec3a8054896c6559a181d
(cherry picked from commit 853e06c28f8655040d8c00f0ee2f1d72a1d8dc14)
The SNDRV_RAWMIDI_STREAM_{OUTPUT,INPUT} ioctls may reallocate
runtime->buffer while other kernel threads are accessing it. If the
underlying krealloc() call frees the original buffer, then this can turn
into a use-after-free.
Most of these accesses happen while the thread is holding runtime->lock,
and can be fixed by just holding the same lock while replacing
runtime->buffer, however we can't hold this spinlock while
snd_rawmidi_kernel_{read1,write1} are copying to/from userspace. We
need to add and acquire a new mutex to prevent this from happening
concurrently with reallocation. We hold this mutex during the entire
reallocation process, to also prevent multiple concurrent reallocations
leading to a double-free.
Signed-off-by: Daniel Rosenberg <drosen@google.com>
bug: 64315347
Change-Id: I05764d4f1a38f373eb7c0ac1c98607ee5ff0eded
commit 0a94efb5acbb6980d7c9ab604372d93cd507e4d8 upstream.
5c0338c68706 ("workqueue: restore WQ_UNBOUND/max_active==1 to be
ordered") automatically enabled ordered attribute for unbound
workqueues w/ max_active == 1. Because ordered workqueues reject
max_active and some attribute changes, this implicit ordered mode
broke cases where the user creates an unbound workqueue w/ max_active
== 1 and later explicitly changes the related attributes.
This patch distinguishes explicit and implicit ordered setting and
overrides from attribute changes if implict.
Signed-off-by: Tejun Heo <tj@kernel.org>
Fixes: 5c0338c68706 ("workqueue: restore WQ_UNBOUND/max_active==1 to be ordered")
Cc: Holger Hoffstätte <holger@applied-asynchrony.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 77d4b1d36926a9b8387c6b53eeba42bcaaffcea3 upstream.
Alexander reported various KASAN messages triggered in recent kernels
The problem is that ping sockets should not use udp_poll() in the first
place, and recent changes in UDP stack finally exposed this old bug.
Fixes: c319b4d76b ("net: ipv4: add IPPROTO_ICMP socket kind")
Fixes: 6d0bfe226116 ("net: ipv6: Add IPv6 support to the ping socket.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Sasha Levin <alexander.levin@verizon.com>
Cc: Solar Designer <solar@openwall.com>
Cc: Vasiliy Kulikov <segoon@openwall.com>
Cc: Lorenzo Colitti <lorenzo@google.com>
Acked-By: Lorenzo Colitti <lorenzo@google.com>
Tested-By: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[wt: removed the parts related to ping6 as 6d0bfe226116 is not in 3.10]
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit fa5f7b51fc3080c2b195fa87c7eca7c05e56f673 upstream.
This code causes a static checker warning because Smatch doesn't trust
anything that comes from skb->data. I've reviewed this code and I do
think skb->data can be controlled by the user here.
The sctp_event_subscribe struct has 13 __u8 fields and we want to see
if ours is non-zero. sn_type can be any value in the 0-USHRT_MAX range.
We're subtracting SCTP_SN_TYPE_BASE which is 1 << 15 so we could read
either before the start of the struct or after the end.
This is a very old bug and it's surprising that it would go undetected
for so long but my theory is that it just doesn't have a big impact so
it would be hard to notice.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 6b84202c946cd3da3a8daa92c682510e9ed80321 upstream.
Commit b1f5bfc27a19 ("sctp: don't dereference ptr before leaving
_sctp_walk_{params, errors}()") tried to fix the issue that it
may overstep the chunk end for _sctp_walk_{params, errors} with
'chunk_end > offset(length) + sizeof(length)'.
But it introduced a side effect: When processing INIT, it verifies
the chunks with 'param.v == chunk_end' after iterating all params
by sctp_walk_params(). With the check 'chunk_end > offset(length)
+ sizeof(length)', it would return when the last param is not yet
accessed. Because the last param usually is fwdtsn supported param
whose size is 4 and 'chunk_end == offset(length) + sizeof(length)'
This is a badly issue even causing sctp couldn't process 4-shakes.
Client would always get abort when connecting to server, due to
the failure of INIT chunk verification on server.
The patch is to use 'chunk_end <= offset(length) + sizeof(length)'
instead of 'chunk_end < offset(length) + sizeof(length)' for both
_sctp_walk_params and _sctp_walk_errors.
Fixes: b1f5bfc27a19 ("sctp: don't dereference ptr before leaving _sctp_walk_{params, errors}()")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 93be2b74279c15c2844684b1a027fdc71dd5d9bf upstream.
gcc-7 complains that wl3501_cs passes NULL into a function that
then uses the argument as the input for memcpy:
drivers/net/wireless/wl3501_cs.c: In function 'wl3501_get_scan':
include/net/iw_handler.h:559:3: error: argument 2 null where non-null expected [-Werror=nonnull]
memcpy(stream + point_len, extra, iwe->u.data.length);
This works fine here because iwe->u.data.length is guaranteed to be 0
and the memcpy doesn't actually have an effect.
Making the length check explicit avoids the warning and should have
no other effect here.
Also check the pointer itself, since otherwise we get warnings
elsewhere in the code.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 237bbd29f7a049d310d907f4b2716a7feef9abf3 upstream.
It was possible for an unprivileged user to create the user and user
session keyrings for another user. For example:
sudo -u '#3000' sh -c 'keyctl add keyring _uid.4000 "" @u
keyctl add keyring _uid_ses.4000 "" @u
sleep 15' &
sleep 1
sudo -u '#4000' keyctl describe @u
sudo -u '#4000' keyctl describe @us
This is problematic because these "fake" keyrings won't have the right
permissions. In particular, the user who created them first will own
them and will have full access to them via the possessor permissions,
which can be used to compromise the security of a user's keys:
-4: alswrv-----v------------ 3000 0 keyring: _uid.4000
-5: alswrv-----v------------ 3000 0 keyring: _uid_ses.4000
Fix it by marking user and user session keyrings with a flag
KEY_FLAG_UID_KEYRING. Then, when searching for a user or user session
keyring by name, skip all keyrings that don't have the flag set.
Fixes: 69664cf16a ("keys: don't generate user and user session keyrings unless they're accessed")
Cc: <stable@vger.kernel.org> [v2.6.26+]
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
[wt: adjust context]
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 49cb77e297dc611a1b795cfeb79452b3002bd331 upstream.
This patch closes a race between se_lun deletion during configfs
unlink in target_fabric_port_unlink() -> core_dev_del_lun()
-> core_tpg_remove_lun(), when transport_clear_lun_ref() blocks
waiting for percpu_ref RCU grace period to finish, but a new
NodeACL mappedlun is added before the RCU grace period has
completed.
This can happen in target_fabric_mappedlun_link() because it
only checks for se_lun->lun_se_dev, which is not cleared until
after transport_clear_lun_ref() percpu_ref RCU grace period
finishes.
This bug originally manifested as NULL pointer dereference
OOPsen in target_stat_scsi_att_intr_port_show_attr_dev() on
v4.1.y code, because it dereferences lun->lun_se_dev without
a explicit NULL pointer check.
In post v4.1 code with target-core RCU conversion, the code
in target_stat_scsi_att_intr_port_show_attr_dev() no longer
uses se_lun->lun_se_dev, but the same race still exists.
To address the bug, go ahead and set se_lun>lun_shutdown as
early as possible in core_tpg_remove_lun(), and ensure new
NodeACL mappedlun creation in target_fabric_mappedlun_link()
fails during se_lun shutdown.
Reported-by: James Shen <jcs@datera.io>
Cc: James Shen <jcs@datera.io>
Tested-by: James Shen <jcs@datera.io>
Cc: stable@vger.kernel.org # 3.10+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit e1a10ef7fa876f8510aaec36ea5c0cf34baba410 upstream.
Pure refactor. This helper will be required in the xmit timer fix
later in the patch series. (Because the TLP logic will want to make
this calculation.)
[This version of the commit was compiled and briefly tested
based on top of v3.10.107.]
Change-Id: I1ccfba0b00465454bf5ce22e6fef5f7b5dd94d15
Fixes: 6ba8a3b19e ("tcp: Tail loss probe (TLP)")
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Nandita Dukkipati <nanditad@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 49d31c2f389acfe83417083e1208422b4091cd9e upstream.
take_dentry_name_snapshot() takes a safe snapshot of dentry name;
if the name is a short one, it gets copied into caller-supplied
structure, otherwise an extra reference to external name is grabbed
(those are never modified). In either case the pointer to stable
string is stored into the same structure.
dentry must be held by the caller of take_dentry_name_snapshot(),
but may be freely dropped afterwards - the snapshot will stay
until destroyed by release_dentry_name_snapshot().
Intended use:
struct name_snapshot s;
take_dentry_name_snapshot(&s, dentry);
...
access s.name
...
release_dentry_name_snapshot(&s);
Replaces fsnotify_oldname_...(), gets used in fsnotify to obtain the name
to pass down with event.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[carnil: backport 4.9: adjust context]
[bwh: Backported to 3.16:
- External names are not ref-counted, so copy them
- Adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
[ghackmann@google.com: backported to 3.10: adjust context]
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Change-Id: I612e687cbffa1a03107331a6b3f00911ffbebd8e
Bug: 63689921
To test whether an address is aligned to PAGE_SIZE.
Cc: HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit 0fa73b86ef0797ca4fde5334117ca0b330f08030)
Bug: 36007193
Change-Id: I7e912bb0dbd8c9737fb13c5b48acb54ee39dd5fc
This was reported many times, and this was even mentioned in commit
52ee2dfdd4 "pids: refactor vnr/nr_ns helpers to make them safe" but
somehow nobody bothered to fix the obvious problem: task_tgid_nr_ns()
is not safe because task->group_leader points to nowhere after the
exiting task passes exit_notify(), rcu_read_lock() can not help.
We really need to change __unhash_process() to nullify group_leader,
parent, and real_parent, but this needs some cleanups. Until then we
can turn task_tgid_nr_ns() into another user of __task_pid_nr_ns() and
fix the problem.
Reported-by: Troy Kensinger <tkensinger@google.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
(url: https://patchwork.kernel.org/patch/9913055/)
Bug: 31495866
Change-Id: I5e67b02a77e805f71fa3a787249f13c1310f02e2
commit 1be7107fbe18eed3e319a6c3e83c78254b693acb upstream.
Stack guard page is a useful feature to reduce a risk of stack smashing
into a different mapping. We have been using a single page gap which
is sufficient to prevent having stack adjacent to a different mapping.
But this seems to be insufficient in the light of the stack usage in
userspace. E.g. glibc uses as large as 64kB alloca() in many commonly
used functions. Others use constructs liks gid_t buffer[NGROUPS_MAX]
which is 256kB or stack strings with MAX_ARG_STRLEN.
This will become especially dangerous for suid binaries and the default
no limit for the stack size limit because those applications can be
tricked to consume a large portion of the stack and a single glibc call
could jump over the guard page. These attacks are not theoretical,
unfortunatelly.
Make those attacks less probable by increasing the stack guard gap
to 1MB (on systems with 4k pages; but make it depend on the page size
because systems with larger base pages might cap stack allocations in
the PAGE_SIZE units) which should cover larger alloca() and VLA stack
allocations. It is obviously not a full fix because the problem is
somehow inherent, but it should reduce attack space a lot.
One could argue that the gap size should be configurable from userspace,
but that can be done later when somebody finds that the new 1MB is wrong
for some special case applications. For now, add a kernel command line
option (stack_guard_gap) to specify the stack gap size (in page units).
Implementation wise, first delete all the old code for stack guard page:
because although we could get away with accounting one extra page in a
stack vma, accounting a larger gap can break userspace - case in point,
a program run with "ulimit -S -v 20000" failed when the 1MB gap was
counted for RLIMIT_AS; similar problems could come with RLIMIT_MLOCK
and strict non-overcommit mode.
Instead of keeping gap inside the stack vma, maintain the stack guard
gap as a gap between vmas: using vm_start_gap() in place of vm_start
(or vm_end_gap() in place of vm_end if VM_GROWSUP) in just those few
places which need to respect the gap - mainly arch_get_unmapped_area(),
and and the vma tree's subtree_gap support for that.
Original-patch-by: Oleg Nesterov <oleg@redhat.com>
Original-patch-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Hugh Dickins <hughd@google.com>
[wt: backport to 4.11: adjust context]
[wt: backport to 4.9: adjust context ; kernel doc was not in
admin-guide]
[wt: backport to 4.4: adjust context ; drop ppc hugetlb_radix changes]
[wt: backport to 3.18: adjust context ; no FOLL_POPULATE ;
s390 uses generic arch_get_unmapped_area()]
[wt: backport to 3.16: adjust context]
[wt: backport to 3.10: adjust context ; code logic in PARISC's
arch_get_unmapped_area() wasn't found ; code inserted into
expand_upwards() and expand_downwards() runs under anon_vma lock;
changes for gup.c:faultin_page go to memory.c:__get_user_pages();
included Hugh Dickins' fixes]
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 1ad9a25dd0)
Bug: 38413813
Change-Id: I07f79cec09c9e98fc3d82458f9a5f3f2e21e6ab4
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
This was found during userspace fuzzing test when a large size
allocation is made from ion
[<ffffffc00008a098>] show_stack+0x10/0x1c
[<ffffffc00119c390>] dump_stack+0x74/0xc8
[<ffffffc00020d9a0>] kasan_report_error+0x2b0/0x408
[<ffffffc00020dbd4>] kasan_report+0x34/0x40
[<ffffffc00020cfec>] __asan_storeN+0x15c/0x168
[<ffffffc00020d228>] memset+0x20/0x44
[<ffffffc00009b730>] __dma_alloc_coherent+0x114/0x18c
[<ffffffc00009c6e8>] __dma_alloc_noncoherent+0xbc/0x19c
[<ffffffc000c2b3e0>] ion_cma_allocate+0x178/0x2f0
[<ffffffc000c2b750>] ion_secure_cma_allocate+0xdc/0x190
[<ffffffc000c250dc>] ion_alloc+0x264/0xb88
[<ffffffc000c25e94>] ion_ioctl+0x1f4/0x480
[<ffffffc00022f650>] do_vfs_ioctl+0x67c/0x764
[<ffffffc00022f790>] SyS_ioctl+0x58/0x8c
Bug: 38195738
Signed-off-by: Rohit Vaswani <rvaswani@codeaurora.org>
Signed-off-by: Maggie White <maggiewhite@google.com>
Change-Id: I6b1a0a3eaec10500cd4e73290efad4023bc83da5
commit 1be7107fbe18eed3e319a6c3e83c78254b693acb upstream.
Stack guard page is a useful feature to reduce a risk of stack smashing
into a different mapping. We have been using a single page gap which
is sufficient to prevent having stack adjacent to a different mapping.
But this seems to be insufficient in the light of the stack usage in
userspace. E.g. glibc uses as large as 64kB alloca() in many commonly
used functions. Others use constructs liks gid_t buffer[NGROUPS_MAX]
which is 256kB or stack strings with MAX_ARG_STRLEN.
This will become especially dangerous for suid binaries and the default
no limit for the stack size limit because those applications can be
tricked to consume a large portion of the stack and a single glibc call
could jump over the guard page. These attacks are not theoretical,
unfortunatelly.
Make those attacks less probable by increasing the stack guard gap
to 1MB (on systems with 4k pages; but make it depend on the page size
because systems with larger base pages might cap stack allocations in
the PAGE_SIZE units) which should cover larger alloca() and VLA stack
allocations. It is obviously not a full fix because the problem is
somehow inherent, but it should reduce attack space a lot.
One could argue that the gap size should be configurable from userspace,
but that can be done later when somebody finds that the new 1MB is wrong
for some special case applications. For now, add a kernel command line
option (stack_guard_gap) to specify the stack gap size (in page units).
Implementation wise, first delete all the old code for stack guard page:
because although we could get away with accounting one extra page in a
stack vma, accounting a larger gap can break userspace - case in point,
a program run with "ulimit -S -v 20000" failed when the 1MB gap was
counted for RLIMIT_AS; similar problems could come with RLIMIT_MLOCK
and strict non-overcommit mode.
Instead of keeping gap inside the stack vma, maintain the stack guard
gap as a gap between vmas: using vm_start_gap() in place of vm_start
(or vm_end_gap() in place of vm_end if VM_GROWSUP) in just those few
places which need to respect the gap - mainly arch_get_unmapped_area(),
and and the vma tree's subtree_gap support for that.
Original-patch-by: Oleg Nesterov <oleg@redhat.com>
Original-patch-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Hugh Dickins <hughd@google.com>
[wt: backport to 4.11: adjust context]
[wt: backport to 4.9: adjust context ; kernel doc was not in admin-guide]
[wt: backport to 4.4: adjust context ; drop ppc hugetlb_radix changes]
[wt: backport to 3.18: adjust context ; no FOLL_POPULATE ;
s390 uses generic arch_get_unmapped_area()]
[wt: backport to 3.16: adjust context]
[wt: backport to 3.10: adjust context ; code logic in PARISC's
arch_get_unmapped_area() wasn't found ; code inserted into
expand_upwards() and expand_downwards() runs under anon_vma lock;
changes for gup.c:faultin_page go to memory.c:__get_user_pages();
included Hugh Dickins' fixes]
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 474c90156c8dcc2fa815e6716cc9394d7930cb9c upstream.
gcc-7 has an "optimization" pass that completely screws up, and
generates the code expansion for the (impossible) case of calling
ilog2() with a zero constant, even when the code gcc compiles does not
actually have a zero constant.
And we try to generate a compile-time error for anybody doing ilog2() on
a constant where that doesn't make sense (be it zero or negative). So
now gcc7 will fail the build due to our sanity checking, because it
created that constant-zero case that didn't actually exist in the source
code.
There's a whole long discussion on the kernel mailing about how to work
around this gcc bug. The gcc people themselevs have discussed their
"feature" in
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=72785
but it's all water under the bridge, because while it looked at one
point like it would be solved by the time gcc7 was released, that was
not to be.
So now we have to deal with this compiler braindamage.
And the only simple approach seems to be to just delete the code that
tries to warn about bad uses of ilog2().
So now "ilog2()" will just return 0 not just for the value 1, but for
any non-positive value too.
It's not like I can recall anybody having ever actually tried to use
this function on any invalid value, but maybe the sanity check just
meant that such code never made it out in public.
[js] no tools/include/linux/log2.h copy of that yet
Reported-by: Laura Abbott <labbott@redhat.com>
Cc: John Stultz <john.stultz@linaro.org>,
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 745cb7f8a5de0805cade3de3991b7a95317c7c73 upstream.
Replace MAX_ADDR_LEN with its numeric value to fix the following
linux/packet_diag.h userspace compilation error:
/usr/include/linux/packet_diag.h:67:17: error: 'MAX_ADDR_LEN' undeclared here (not in a function)
__u8 pdmc_addr[MAX_ADDR_LEN];
This is not the first case in the UAPI where the numeric value
of MAX_ADDR_LEN is used instead of symbolic one, uapi/linux/if_link.h
already does the same:
$ grep MAX_ADDR_LEN include/uapi/linux/if_link.h
__u8 mac[32]; /* MAX_ADDR_LEN */
There are no UAPI headers besides these two that use MAX_ADDR_LEN.
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Acked-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 059aa734824165507c65fd30a55ff000afd14983 upstream.
Xuan Qi reports that the Linux NFSv4 client failed to lock a file
that was migrated. The steps he observed on the wire:
1. The client sent a LOCK request to the source server
2. The source server replied NFS4ERR_MOVED
3. The client switched to the destination server
4. The client sent the same LOCK request to the destination
server with a bumped lock sequence ID
5. The destination server rejected the LOCK request with
NFS4ERR_BAD_SEQID
RFC 3530 section 8.1.5 provides a list of NFS errors which do not
bump a lock sequence ID.
However, RFC 3530 is now obsoleted by RFC 7530. In RFC 7530 section
9.1.7, this list has been updated by the addition of NFS4ERR_MOVED.
Reported-by: Xuan Qi <xuan.qi@oracle.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 0335695dfa4df01edff5bb102b9a82a0668ee51e upstream.
The current_user_ns() macro currently returns &init_user_ns when user
namespaces are disabled, and that causes several warnings when building
with gcc-6.0 in code that compares the result of the macro to
&init_user_ns itself:
fs/xfs/xfs_ioctl.c: In function 'xfs_ioctl_setattr_check_projid':
fs/xfs/xfs_ioctl.c:1249:22: error: self-comparison always evaluates to true [-Werror=tautological-compare]
if (current_user_ns() == &init_user_ns)
This is a legitimate warning in principle, but here it isn't really
helpful, so I'm reprasing the definition in a way that shuts up the
warning. Apparently gcc only warns when comparing identical literals,
but it can figure out that the result of an inline function can be
identical to a constant expression in order to optimize a condition yet
not warn about the fact that the condition is known at compile time.
This is exactly what we want here, and it looks reasonable because we
generally prefer inline functions over macros anyway.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Yaowei Bai <baiyaowei@cmss.chinamobile.com>
Cc: James Morris <james.l.morris@oracle.com>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 332b05ca7a438f857c61a3c21a88489a21532364 upstream.
This patch adds a check to limit the number of can_filters that can be
set via setsockopt on CAN_RAW sockets. Otherwise allocations > MAX_ORDER
are not prevented resulting in a warning.
Reference: https://lkml.org/lkml/2016/12/2/230
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 90db10434b163e46da413d34db8d0e77404cc645 upstream.
No caller currently checks the return value of
kvm_io_bus_unregister_dev(). This is evil, as all callers silently go on
freeing their device. A stale reference will remain in the io_bus,
getting at least used again, when the iobus gets teared down on
kvm_destroy_vm() - leading to use after free errors.
There is nothing the callers could do, except retrying over and over
again.
So let's simply remove the bus altogether, print an error and make
sure no one can access this broken bus again (returning -ENOMEM on any
attempt to access it).
Fixes: e93f8a0f82 ("KVM: convert io_bus to SRCU")
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[wt: no kvm_io_bus_read_cookie in 3.10, slightly different constructs]
Signed-off-by: Willy Tarreau <w@1wt.eu>
commit 6ea34c9b78c10289846db0abeebd6b84d5aca084 upstream.
We can easily reach the 1000 limit by start VM with a couple
hundred I/O devices (multifunction=on). The hardcode limit
already been adjusted 3 times (6 ~ 200 ~ 300 ~ 1000).
In userspace, we already have maximum file descriptor to
limit ioeventfd count. But kvm_io_bus devices also are used
for pit, pic, ioapic, coalesced_mmio. They couldn't be limited
by maximum file descriptor.
Currently only ioeventfds take too much kvm_io_bus devices,
so just exclude it from counting kvm_io_range limit.
Also fixed one indent issue in kvm_host.h
Signed-off-by: Amos Kong <akong@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
[wt: next patch depends on this one]
Signed-off-by: Willy Tarreau <w@1wt.eu>