mirror of
https://github.com/joel16/android_kernel_sony_msm8994_rework.git
synced 2024-11-23 03:50:08 +00:00
lineage-19.0
18800 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Takashi Iwai
|
2e30ca4e3c |
ALSA: info: Drop WARN_ON() from buffer NULL sanity check
commit 60379ba08532eca861e933b389526a4dc89e0c42 upstream. snd_info_get_line() has a sanity check of NULL buffer -- both buffer itself being NULL and buffer->buffer being NULL. Basically both checks are valid and necessary, but the problem is that it's with snd_BUG_ON() macro that triggers WARN_ON(). The latter condition (NULL buffer->buffer) can be met arbitrarily by user since the buffer is allocated at the first write, so it means that user can trigger WARN_ON() at will. This patch addresses it by simply moving buffer->buffer NULL check out of snd_BUG_ON() so that spurious WARNING is no longer triggered. Reported-by: syzbot+e42d0746c3c3699b6061@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20200717084023.5928-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Lee Jones <lee.jones@linaro.org> Change-Id: Ib2982f1bfd375ce7ac022071607de4e6c498acc1 |
||
|
Takashi Iwai
|
3892d3828d |
BACKPORT: ALSA: seq: Fix use-after-free at creating a port
There is a potential race window opened at creating and deleting a port via ioctl, as spotted by fuzzing. snd_seq_create_port() creates a port object and returns its pointer, but it doesn't take the refcount, thus it can be deleted immediately by another thread. Meanwhile, snd_seq_ioctl_create_port() still calls the function snd_seq_system_client_ev_port_start() with the created port object that is being deleted, and this triggers use-after-free like: BUG: KASAN: use-after-free in snd_seq_ioctl_create_port+0x504/0x630 [snd_seq] at addr ffff8801f2241cb1 ============================================================================= BUG kmalloc-512 (Tainted: G B ): kasan: bad access detected ----------------------------------------------------------------------------- INFO: Allocated in snd_seq_create_port+0x94/0x9b0 [snd_seq] age=1 cpu=3 pid=4511 ___slab_alloc+0x425/0x460 __slab_alloc+0x20/0x40 kmem_cache_alloc_trace+0x150/0x190 snd_seq_create_port+0x94/0x9b0 [snd_seq] snd_seq_ioctl_create_port+0xd1/0x630 [snd_seq] snd_seq_do_ioctl+0x11c/0x190 [snd_seq] snd_seq_ioctl+0x40/0x80 [snd_seq] do_vfs_ioctl+0x54b/0xda0 SyS_ioctl+0x79/0x90 entry_SYSCALL_64_fastpath+0x16/0x75 INFO: Freed in port_delete+0x136/0x1a0 [snd_seq] age=1 cpu=2 pid=4717 __slab_free+0x204/0x310 kfree+0x15f/0x180 port_delete+0x136/0x1a0 [snd_seq] snd_seq_delete_port+0x235/0x350 [snd_seq] snd_seq_ioctl_delete_port+0xc8/0x180 [snd_seq] snd_seq_do_ioctl+0x11c/0x190 [snd_seq] snd_seq_ioctl+0x40/0x80 [snd_seq] do_vfs_ioctl+0x54b/0xda0 SyS_ioctl+0x79/0x90 entry_SYSCALL_64_fastpath+0x16/0x75 Call Trace: [<ffffffff81b03781>] dump_stack+0x63/0x82 [<ffffffff81531b3b>] print_trailer+0xfb/0x160 [<ffffffff81536db4>] object_err+0x34/0x40 [<ffffffff815392d3>] kasan_report.part.2+0x223/0x520 [<ffffffffa07aadf4>] ? snd_seq_ioctl_create_port+0x504/0x630 [snd_seq] [<ffffffff815395fe>] __asan_report_load1_noabort+0x2e/0x30 [<ffffffffa07aadf4>] snd_seq_ioctl_create_port+0x504/0x630 [snd_seq] [<ffffffffa07aa8f0>] ? snd_seq_ioctl_delete_port+0x180/0x180 [snd_seq] [<ffffffff8136be50>] ? taskstats_exit+0xbc0/0xbc0 [<ffffffffa07abc5c>] snd_seq_do_ioctl+0x11c/0x190 [snd_seq] [<ffffffffa07abd10>] snd_seq_ioctl+0x40/0x80 [snd_seq] [<ffffffff8136d433>] ? acct_account_cputime+0x63/0x80 [<ffffffff815b515b>] do_vfs_ioctl+0x54b/0xda0 ..... We may fix this in a few different ways, and in this patch, it's fixed simply by taking the refcount properly at snd_seq_create_port() and letting the caller unref the object after use. Also, there is another potential use-after-free by sprintf() call in snd_seq_create_port(), and this is moved inside the lock. This fix covers CVE-2017-15265. Reported-and-tested-by: Michael23 Yu <ycqzsy@gmail.com> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> (cherry picked from commit 71105998845fb012937332fe2e806d443c09e026) Signed-off-by: Connor O'Brien <connoro@google.com> Bug: 67900971 Change-Id: Id29492065ff11927db7c0c1f50288f07a52e9823 |
||
|
Mark Brown
|
6d85895b0e |
ASoC: compress: Use power efficient workqueue
There is no need for the power down work to be done on a per CPU workqueue especially considering the fairly long delay before powerdown. Change-Id: Ic4aad6a7375d43f658c72487f72c42f3b578126e Signed-off-by: Mark Brown <broonie@linaro.org> Acked-by: Vinod Koul <vinod.koul@intel.com> |
||
|
Mark Brown
|
2675b3e6b0 |
ASoC: jack: Use power efficient workqueue
The accessory detect debounce work is not performance sensitive so let the scheduler run it wherever is most efficient rather than in a per CPU workqueue by using the system power efficient workqueue. Change-Id: I63bfb6d55ec3618d6fd043cdc43b81d7866d4977 Signed-off-by: Mark Brown <broonie@linaro.org> Acked-by: Viresh Kumar <viresh.kumar@linaro.org> |
||
|
Mark Brown
|
3199d198f9 |
ASoC: pcm: Use the power efficient workqueue for delayed powerdown
There is no need to use a normal per-CPU workqueue for delayed power downs as they're not timing or performance critical and waking up a core for them would defeat some of the point. Change-Id: I9313ef0dcca81fb882de16c7ef87865275fd2cfd Signed-off-by: Mark Brown <broonie@linaro.org> Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org> |
||
|
Rk779
|
793e1402b9 |
Merge tag 'v3.10.108' into lineage-15.1
e7a59c7 Linux 3.10.108
68cbe93 x86/apic: fix build breakage caused by incomplete backport to 3.10
541cbdc can: esd_usb2: Fix can_dlc value for received RTR, frames
4de0e6b scsi: scsi_dh_emc: return success in clariion_std_inquiry()
4021627 usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options
49218ad KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
75840f1 IB/qib: fix false-postive maybe-uninitialized warning
f63d10b team: fix memory leaks
9032694 IB/ipoib: rtnl_unlock can not come after free_netdev
827a5cb btrfs: prevent to set invalid default subvolid
7210062 tracing: Erase irqsoff trace with empty write
ec8c69e tracing: Apply trace_clock changes to instance max buffer
c5378d2 scsi: qla2xxx: Fix an integer overflow in sysfs code
92e84b6 crypto: AF_ALG - remove SGL terminator indicator when chaining
6f47a87 ip6_gre: fix endianness errors in ip6gre_err
488ec7b ipv6: fix typo in fib6_net_exit()
4e39d5e ipv6: fix memory leak with multiple tables during netns destruction
dd3e501 qlge: avoid memcpy buffer overflow
71bec91 ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal
136211c ALSA: core: Fix unexpected error at replacing user TLV
b4824101 staging:iio:resolver:ad2s1210 fix negative IIO_ANGL_VEL read
fe1fd35 packet: fix tp_reserve race in packet_set_ring
162f50e workqueue: implicit ordered attribute should be overridable
ef6fa3f ipv4: initialize fib_trie prior to register_netdev_notifier call.
50602d3 net/mlx4: Remove BUG_ON from ICM allocation routine
c1327b4 perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its target
3a7578a udf: Fix deadlock between writeback and udf_setsize()
ad08716 ir-core: fix gcc-7 warning on bool arithmetic
7fb443f crypto: caam - fix signals handling
b569326 mm: fix overflow check in expand_upwards()
9efa3d5 cfg80211: Check if PMKID attribute is of expected size
d474081 cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
fa69abf ipv6: avoid unregistering inet6_dev for loopback
98b9e94 KEYS: Fix an error code in request_master_key()
fe77acc KVM: x86: zero base3 of unusable segments
40cfe45 cpufreq: s3c2416: double free on driver init error path
04d0069 xfrm: Oops on error in pfkey_msg2xfrm_state()
f478b42 xfrm: NULL dereference on allocation failure
6ac502c net: korina: Fix NAPI versus resources freeing
1814420 net: phy: fix marvell phy status reading
2406076 drivers/misc/c2port/c2port-duramar2150.c: checking for NULL instead of IS_ERR()
779ec20 usb: r8a66597-hcd: decrease timeout
e1bdf20 usb: r8a66597-hcd: select a different endpoint on timeout
655e5ff pvrusb2: reduce stack usage pvr2_eeprom_analyze()
1e7ae91 mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode
e52eca8 x86/mm/32: Set the '__vmalloc_start_set' flag in initmem_init()
12d805b serial: efm32: Fix parity management in 'efm32_uart_console_get_options()'
f6b525b net: xilinx_emaclite: fix receive buffer overflow
7e25c93 drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve()
a72c279 scsi: qla2xxx: don't disable a not previously enabled PCI device
f7eb769 net: ping: do not abuse udp_poll()
ca58e31 kvm: async_pf: fix rcu_irq_enter() with irqs enabled
28968bc x86/io: Add "memory" clobber to insb/insw/insl/outsb/outsw/outsl
61eea27 net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev
bc3eede net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs
78da094 net: Set sk_prot_creator when cloning sockets to the right proto
055ad96 net/packet: check length in getsockopt() called with PACKET_HDRLEN
83fef52 tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0
81d2ec2 tcp: when rearming RTO, if RTO time is in past then fire RTO ASAP
37cb362 tcp: avoid setting cwnd to invalid ssthresh after cwnd reduction states
6f85a88 tcp: reset sk_rx_dst in tcp_disconnect()
72d7b83 netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
946272f tcp: disallow cwnd undo when switching congestion control
08bd34b sctp: potential read out of bounds in sctp_ulpevent_type_enabled()
faa132a sctp: fully initialize the IPv6 address in sctp_v6_to_addr()
2630e5a sctp: fix the check for _sctp_walk_params and _sctp_walk_errors
3cb637d sctp: don't dereference ptr before leaving _sctp_walk_{params, errors}()
9f75306 ext4: avoid deadlock when expanding inode size
ebb33af ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets
159c95b netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister
19cc6d9 wext: handle NULL extra data in iwe_stream_add_point better
7af6952 kernel/extable.c: mark core_kernel_text notrace
4ef4196 net: prevent sign extension in dev_get_stats()
2f34aab ext4: fix SEEK_HOLE
3031776 lib/cmdline.c: fix get_options() overflow while parsing ranges
7719043 md: fix super_offset endianness in super_1_rdev_size_change
634fd95363 md/raid10: submit bio directly to replacement disk
09ab11e netfilter: invoke synchronize_rcu after set the _hook_ to NULL
a77cf1b lib/digsig: fix dereference of NULL user_key_payload
9ac5390 md/bitmap: disable bitmap_resize for file-backed bitmaps.
a45d367 KEYS: encrypted: fix dereference of NULL user_key_payload
e8705c4 KEYS: prevent creating a different user's keyrings
f9e779c MIPS: Fix mips_atomic_set() retry condition
9c66c82 ext4: keep existing extra fields when inode expands
ba85092 FS-Cache: fix dereference of NULL user_key_payload
20d94bc9 KEYS: don't let add_key() update an uninstantiated key
be3e7b1 USB: serial: console: fix use-after-free after failed setup
d75e854 direct-io: Prevent NULL pointer access in submit_page_section
544d7ba iommu/amd: Finish TLB flush in amd_iommu_unmap()
5abdd6e usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction
b974ab5 usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe
4b106b9 scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response
bb5cf57 scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
2c7bfb3 scsi: zfcp: fix missing trace records for early returns in TMF eh handlers
e7ab3bd scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path
f609dac scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
c2ace304 fuse: initialize the flock flag in fuse_file on allocation
003bea4 target: Avoid mappedlun symlink creation during lun shutdown
a6a256f media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl
c39dcbd ext4: fix overflow caused by missing cast in ext4_resize_fs()
bdc5fbb ext4: fix SEEK_HOLE/SEEK_DATA for blocksize < pagesize
ae49cb7 workqueue: restore WQ_UNBOUND/max_active==1 to be ordered
7e20e7b libata: array underflow in ata_find_dev()
4748ac3 MIPS: math-emu: Prevent wrong ISA mode instruction emulation
2121b63 MIPS: Fix unaligned PC interpretation in `compute_return_epc'
6aa23d1 MIPS: Actually decode JALX in `__compute_return_epc_for_insn'
a2555cd usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL
ecac824 powerpc/asm: Mark cr0 as clobbered in mftb()
733c88d powerpc: Fix emulation of mfocrf in emulate_step()
8e38d08 powerpc/64: Fix atomic64_inc_not_zero() to return an int
c11c8fc PM / Domains: Fix unsafe iteration over modified list of device links
f9c9c73 crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD
1fc0b43 vt: fix unchecked __put_user() in tioclinux ioctls
7136ca7 brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
fe7e554 staging: comedi: fix clean-up of comedi_class in comedi_init()
790d869 powerpc/kprobes: Pause function_graph tracing during jprobes handling
69e0576 cpufreq: conservative: Allow down_threshold to take values from 1 to 10
54fd65c usb: chipidea: debug: check before accessing ci_role
f862c94 KEYS: fix dereferencing NULL payload with nonzero length
e044ff5 serial: ifx6x60: fix use-after-free on module unload
6c17636 MIPS: Send SIGILL for BPOSGE32 in `__compute_return_epc_for_insn'
3937c2c ALSA: seq: Fix use-after-free at creating a port
44ec968 nl80211: check for the required netlink attributes presence
7571b74 xfrm: policy: check policy direction value
978e42b rxrpc: Fix several cases where a padded len isn't checked in ticket decode
4f54b264 fs/exec.c: account for argv/envp pointers
9a95fe3 usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet
b2453bd usb: renesas_usbhs: fix the sequence in xfer_work()
58e47d4 usb: renesas_usbhs: fix the behavior of some usbhs_pkt_handle
75894ad leak in O_DIRECT readv past the EOF
7c11e178 mm/page_alloc: Remove kernel address exposure in free_reserved_area()
01c577c tcp: fix xmit timer to only be reset if data ACKed/SACKed
aa923a7 tcp: enable xmit timer fix by having TLP use time when RTO should fire
42a858e tcp: introduce tcp_rto_delta_us() helper for xmit timer fix
ecce864 Bluetooth: cmtp: cmtp_add_connection() should verify that it's dealing with l2cap socket
b8d57eb Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with l2cap socket
69ddef7b udp: consistently apply ufo or fragmentation
b673e04 Staging: comedi: comedi_fops: Avoid orphaned proc entry
bf98a1b net: skb_needs_check() accepts CHECKSUM_NONE for tx
1bff8a2 net: reduce skb_warn_bad_offload() noise
f0dce90 ipvs: SNAT packet replies only for NATed connections
Signed-off-by: Rk779 <Rahulkrishna585@gmail.com>
|
||
|
Rk779
|
4c1dafc453 |
Merge tag 'v3.10.107' into lineage-15.1
0e3d574 Linux 3.10.107 0fcba8f Allow stack to grow up to address space limit 28ebf89 mm: fix new crash in unmapped_area_topdown() 1ad9a25 mm: larger stack guard gap, between vmas a5eec86 x86/mm/32: Enable full randomization on i386 and X86_32 2d49a81 x86: standardize mmap_rnd() usage 36805c5 ipv6: check raw payload size correctly in ioctl d46354f printk: use rcuidle console tracepoint 302c74b tun: read vnet_hdr_sz once 58e4633 kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) b3d2d8a ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram 2103905 nfsd: check for oversized NFSv2/v3 arguments 37a23f2 p9_client_readdir() fix 1e46601 xen/x86: don't lose event interrupts 403642a RDS: Fix the atomicity for congestion map update 32b0616 MIPS: Fix crash registers on non-crashing CPUs ab93db2 ip6mr: fix notification device destruction 075de21 sctp: listen on the sock only when it's state is listening or closed 4d1b81c net: neigh: guard against NULL solicit() method c1b4204 gfs2: avoid uninitialized variable warning f6d81f2 hostap: avoid uninitialized variable use in hfa384x_get_rid 8998669 tty: nozomi: avoid a harmless gcc warning a8069ae net/packet: fix overflow in check for tp_reserve 492980c net/packet: fix overflow in check for tp_frame_nr 187d3b3 powerpc: Reject binutils 2.24 when building little endian 2c6896a x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs e898332 ubi/upd: Always flush after prepared for an update 0854b58 Drivers: hv: get rid of timeout in vmbus_open() 0c792ee Drivers: hv: don't leak memory in vmbus_establish_gpadl() 3fa1656 net: ipv6: check route protocol when deleting routes 6b7c152 catc: Use heap buffer for memory size test f3487f84 catc: Combine failure cleanup code in catc_probe() fad53245 virtio-console: avoid DMA from stack 081fb3d mm: Tighten x86 /dev/mem with zeroing reads c9b40c2 platform/x86: acer-wmi: setup accelerometer when ACPI device was found 9b2b8b0 platform/x86: acer-wmi: setup accelerometer when machine has appropriate notify event c0dd8ff char: lack of bool string made CONFIG_DEVPORT always on 3fa1aeb xen, fbfront: fix connecting to backend 6694041 iscsi-target: Drop work-around for legacy GlobalSAN initiator e71bfbe iscsi-target: Fix TMR reference leak during session shutdown 5e25d2d x86/vdso: Plug race between mapping and ELF header setup 56bc42d net/packet: fix overflow in check for priv area size db930d8 mtd: bcm47xxpart: fix parsing first block after aligned TRX ef67ca9 mm/mempolicy.c: fix error handling in set_mempolicy and mbind. 4261679 powerpc: Don't try to fix up misaligned load-with-reservation instructions aaf47bf metag/usercopy: Zero rest of buffer from copy_from_user 0f84dfc metag/usercopy: Drop unused macros 903377e Reset TreeId to zero on SMB2 TREE_CONNECT 404f763 drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() 3a36304 drm/vmwgfx: Remove getparam error message 354b332 drm/vmwgfx: avoid calling vzalloc with a 0 size in vmw_get_cap_3d_ioctl() 30cd45a6 drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() 02f1f3f HID: i2c-hid: Add sleep between POWER ON and RESET 2ee4455 HID: hid-lg: Fix immediate disconnection of Logitech Rumblepad 2 7a76e42 padata: avoid race in reordering 535c7d6 rtc: s35390a: improve irq handling df4be7e rtc: s35390a: implement reset routine as suggested by the reference 231b0f80 rtc: s35390a: make sure all members in the output are set 1812b5c ACPI / power: Avoid maybe-uninitialized warning 42fdd36 ACPI: Fix incompatibility with mcount-based function graph tracing edaad97 libceph: force GFP_NOIO for socket allocations 80fb16c metag/ptrace: Reject partial NT_METAG_RPIPE writes 137b9e2 metag/ptrace: Provide default TXSTATUS for short NT_PRSTATUS 1dc7c2d metag/ptrace: Preserve previous registers for short regset write e1e277f sparc/ptrace: Preserve previous registers for short regset write 7d3e34e c6x/ptrace: Remove useless PTRACE_SETREGSET implementation e2e1170 virtio_balloon: init 1st buffer in stats vq 0907dbe crypto: algif_hash - avoid zero-sized array 88085d8 fbcon: Fix vc attr at deinit 935896e uvcvideo: uvc_scan_fallback() for webcams with broken chain ecf229c mmc: sdhci: Do not disable interrupts while waiting for clock 7eb0374 ACM gadget: fix endianness in notifications f754ccc tcp: initialize icsk_ack.lrcvtime at session start time 7dbfa25 ipv4: provide stronger user input validation in nl_fib_input() 6e37a68 igb: add i211 to i210 PHY workaround cc7f31b igb: Workaround for igb i210 firmware issue 741c8ac cpufreq: Fix and clean up show_cpuinfo_cur_freq() ab6c86a s390/pci: fix use after free in dma_init 2b49b19 Drivers: hv: balloon: don't crash when memory is added in non-sorted order 4bbe571 ACPI / video: skip evaluating _DOD when it does not exist a4da2b0 crypto: cryptd - Assign statesize properly 4324a47 crypto: ghash-clmulni - Fix load failure 42be60f cancel the setfilesize transation when io error happen 46d284b give up on gcc ilog2() constant optimizations 4401c71 futex: Add missing error handling to FUTEX_REQUEUE_PI 8f4a52d futex: Fix potential use-after-free in FUTEX_REQUEUE_PI 3710b15 dccp: fix memory leak during tear-down of unsuccessful connection request cb93d3f ipv6: avoid write to a possibly cloned skb ce01649 uapi: fix linux/packet_diag.h userspace compilation error 9b4c2e7 tcp: fix various issues for sockets morphing to listen state 0363343 dccp: Unlock sock before calling sk_free() bc00602be net: don't call strlen() on the user buffer in packet_bind_spkt() 3475371 l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv 57f2082 mvsas: fix misleading indentation ab4de16 cpmac: remove hopeless #warning c424014 mtd: pmcmsp: use kstrndup instead of kmalloc+strncpy 4f9f848 crypto: improve gcc optimization flags for serpent and wp512 2ebbe4f xhci: fix 10 second timeout on removal of PCI hotpluggable xhci controllers 8d05f35 drivers: hv: Turn off write permission on the hypercall page 496355e fat: fix using uninitialized fields of fat_inode/fsinfo_inode 51f2df4 drm/ttm: Make sure BOs being swapped out are cacheable 6ac2741 drm/ast: Fix test for VGA enabled 6958f50 mac80211: flush delayed work when entering suspend 0c51e5d xtensa: move parse_tag_fdt out of #ifdef CONFIG_BLK_DEV_INITRD 71116d6 s390: TASK_SIZE for kernel threads f7bbcab KVM: s390: fix task size check 9f3a56a KVM: PPC: Book3S PR: Fix illegal opcode emulation d1e71d5 KVM: VMX: use correct vmcs_read/write for guest segment selector/base 96a14fe powerpc/xmon: Fix data-breakpoint 4289b9c bcma: use (get|put)_device when probing/removing device driver 249eb34 NFSv4: fix getacl ERANGE for some ACL buffer sizes 11f43b2 rdma_cm: fail iwarp accepts w/o connection params f84c064 ath5k: drop bogus warning on drv_set_key with unsupported cipher 109b421 samples/seccomp: fix 64-bit comparison macros 1ba4fc4 sd: get disk reference in sd_check_events() 20bfb0a ipc/shm: Fix shmat mmap nil-page protection 281c8f7 mm: vmpressure: fix sending wrong events on underflow 95589a7 MIPS: Fix special case in 64 bit IP checksumming. c0c294a af_packet: remove a stray tab in packet_set_ring() 5751935 rtlwifi: rtl_usb: Fix for URB leaking when doing ifconfig up/down 298feed tty: serial: msm: Fix module autoload 5988be3 irda: Fix lockdep annotations in hashbin_delete(). 296a1ab rtc: interface: ignore expired timers when enqueuing new timers bbd2068 futex: Move futex_init() to core_initcall 7160035 siano: make it work again with CONFIG_VMAP_STACK fe75d1a vfs: fix uninitialized flags in splice_to_pipe() c6cc07d packet: round up linear to header len b0899f8 macvtap: read vnet_hdr_size once 5c235ec tcp: fix 0 divide in __tcp_select_window() 4718919 sched/debug: Don't dump sched debug info in SysRq-W e2ec149 ARC: [arcompact] brown paper bag bug in unaligned access delay slot fixup 6ee1806 mm, fs: check for fatal signals in do_generic_file_read() 18f6264 mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone() bb3d39c ata: sata_mv:- Handle return value of devm_ioremap. 055d0a8 crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg bb47c5c drm/nouveau/nv1a,nv1f/disp: fix memory clock rate retrieval ddee222 af_unix: move unix_mknod() out of bindlock cba3e28 ipv6: addrconf: Avoid addrconf_disable_change() using RCU read-side lock 379fa3e nfs: Don't increment lock sequence ID after NFS4ERR_MOVED 485f990 parisc: Don't use BITS_PER_LONG in userspace-exported swab.h header b5882ec ARC: [arcompact] handle unaligned access delay slot corner case ddf2415 ISDN: eicon: silence misleading array-bounds warning db2b7cd sysctl: fix proc_doulongvec_ms_jiffies_minmax() 3cc334c tile/ptrace: Preserve previous registers for short regset write baaee1b bnx2x: Correct ringparam estimate when DOWN 1d662dc serial: 8250_pci: Detach low-level driver during PCI error recovery 64df8d3 move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) dda50d9 sg: Fix double-free when drives detach during SG_IO 0570aff bna: Add synchronization for tx ring. 37ccd2b vfio/pci: Fix integer overflows, bitmask check f466ca6 apparmor: do not expose kernel stack a078d77 apparmor: fix module parameters can be changed after policy is locked 1259d17 apparmor: fix oops in profile_unpack() when policy_db is not present 4b0f1ec apparmor: don't check for vmalloc_addr if kvzalloc() failed efbb2d5 apparmor: add missing id bounds check on dfa verification 57ad170 apparmor: check that xindex is in trans_table bounds 8b201a9 apparmor: internal paths should be treated as disconnected 31d33070 apparmor: fix disconnected bind mnts reconnection 8d14bc9 apparmor: exec should not be returning ENOENT when it denies e41dd34 apparmor: fix uninitialized lsm_audit member 0e872a0 Fix regression which breaks DFS mounting 685957c Move check for prefix path to within cifs_get_root() 5c33dcb Compare prepaths when comparing superblocks 528d066 Fix memory leaks in cifs_do_mount() 40fb18b vmxnet3: Wake queue from reset work da39d11 NFSv4: Ensure nfs_atomic_open set the dentry verifier on ENOENT 1c17617 ARM: dts: da850-evm: fix read access to SPI flash d6797dd ARM: 8634/1: hw_breakpoint: blacklist Scorpion CPUs 2044077 qla2xxx: Fix crash due to null pointer access 369ca80 x86/PCI: Ignore _CRS on Supermicro X8DTH-i/6/iF/6F 9cbef9a pinctrl: sh-pfc: Do not unconditionally support PIN_CONFIG_BIAS_DISABLE a5464db sysrq: attach sysrq handler correctly for 32-bit kernel 23913c7 vme: Fix wrong pointer utilization in ca91cx42_slave_get f8ddf96 i2c: fix kernel memory disclosure in dev interface b7f5924 Input: i8042 - add Clevo P650RS to the i8042 reset list 091db52 Input: mpr121 - set missing event capability 3910681 Input: mpr121 - handle multiple bits change of status register 4a878a0 Input: tca8418 - use the interrupt trigger from the device tree 840c242 Input: joydev - do not report stale values on first open 3f25fb3 Input: kbtab - validate number of endpoints before using them f0819a4 Input: iforce - validate number of endpoints before using them 4fccf69 Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000 e2c835e Input: xpad - use correct product id for x360w controllers a48d5b1 HID: hid-cypress: validate length of report 461527f igmp: Make igmp group member RFC 3376 compliant e88f37a drop_monitor: consider inserted data in genlmsg_end 0cfc062 drop_monitor: add missing call to genlmsg_end 4375298 netvsc: reduce maximum GSO size 468316b tick/broadcast: Prevent NULL pointer dereference 8f58777 net: ti: cpmac: Fix compiler warning due to type confusion de2e280 cred/userns: define current_user_ns() as a function fa51c86 ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it 823a2a0 sg_write()/bsg_write() is not fit to be called under KERNEL_DS b1230ef powerpc/ps3: Fix system hang with GCC 5 builds 768ce7b nfs_write_end(): fix handling of short copies 93c83e37 libceph: verify authorize reply on connect 8cfc539 s390/vmlogrdr: fix IUCV buffer allocation 937f076 scsi: sd: Fix capacity calculation with 32-bit sector_t d427ab5 scsi: sr: Sanity check returned mode data dfda822 scsi: lpfc: Add shutdown method for kexec 22e0bbb target/pscsi: Fix TYPE_TAPE + TYPE_MEDIMUM_CHANGER export d49e93f scsi: storvsc: properly set residual data length on errors d9b6a46 scsi: storvsc: properly handle SRB_ERROR when sense message is present c243c61 scsi: don't BUG_ON() empty DMA transfers cf8ec2c scsi: move the nr_phys_segments assert into scsi_init_io b3ffb4c scsi: avoid a permanent stop of the scsi device's request queue 0175d92 drivers/gpu/drm/ast: Fix infinite loop if read fails 048eeeb ssb: Fix error routine when fallback SPROM fails 4e448d4 xfs: clear _XBF_PAGES from buffers when readahead page dfd97b5 xfs: set AGI buffer type in xlog_recover_clear_agi_bucket afeef47 arm/xen: Use alloc_percpu rather than __alloc_percpu 50da0b0 USB: UHCI: report non-PME wakeup signalling for Intel hardware d4dfd03 usb: gadget: composite: correctly initialize ep->maxpacket 1ea3d6c usb: hub: Wait for connection to be reestablished after port reset 91c86d7 usb: dwc3: gadget: delay unmap of bounced requests a3fdfc6 usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci controllers 8cada85 usb: dwc3: gadget: make Set Endpoint Configuration macros safe 817a471 USB: cdc-acm: fix failed open not being detected 256d49b USB: cdc-acm: fix open and suspend race f8dc9ab USB: cdc-acm: fix double usb_autopm_put_interface() in acm_port_activate() 7b1a80c usb: gadget: composite: always set ep->mult to a sensible value a1bf279 USB: serial: io_ti: bind to interface after fw download e233c67 xhci: free xhci virtual devices with leaf nodes first bde22e3 USB: gadgetfs: fix checks of wTotalLength in config descriptors 6ccec4b USB: gadgetfs: fix use-after-free bug 66e87b4 USB: gadgetfs: fix unbounded memory allocation bug 133caaf usb: gadgetfs: restrict upper bound on device configuration size 7563f27 ALSA: usb-audio: Add QuickCam Communicate Deluxe/S7500 to volume_control_quirks 42860da ALSA: seq: Don't break snd_use_lock_sync() loop by timeout 28e0ebd ALSA: seq: Fix race during FIFO resize 2dbb155 ALSA: seq: Fix racy cell insertions during snd_seq_pool_done() 2dbfb5c ALSA: seq: Fix link corruption by event error handling 7a3085a ALSA: timer: Reject user params with too small ticks 28567fb ALSA: seq: Don't handle loop timeout at snd_seq_pool_done() 6dd5cf4 ALSA: seq: Fix race at creating a queue bbcdcb8 ALSA: hda - Fix up GPIO for ASUS ROG Ranger d2ab6e5 can: usb_8dev: Fix memory leak of priv->cmd_msg_buffer d5361ee can: bcm: fix hrtimer/tasklet termination in bcm op removal 2adddc0a can: ti_hecc: add missing prepare and unprepare of the clock 165cc03 can: c_can_pci: fix null-pointer-deref in c_can_start() - set device pointer 3e7b58a can: peak: fix bad memory access and free sequence cf79690 can: raw: raw_setsockopt: limit number of can_filter that can be set 1918581 ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() 4b93c1d ocfs2: fix crash caused by stale lvb with fsdlm plugin 4549e4a cifs: Do not send echoes before Negotiate is complete a9baa44 fs/cifs: make share unaccessible at root level mountable 60f2c2f CIFS: remove bad_network_name flag f9e74c2 CIFS: Fix a possible memory corruption in push locks 85beff4 CIFS: Fix missing nls unload in smb2_reconnect() e008a96 CIFS: Fix a possible memory corruption during reconnect d45256f md linear: fix a race between linear_add() and linear_congested() 7a56cc0 md:raid1: fix a dead loop when read from a WriteMostly disk 523d769 md/raid5: limit request size according to implementation limits 8255960 dm space map metadata: fix 'struct sm_metadata' leak on failed create 3044e19 dm crypt: mark key as invalid until properly loaded 1dd3d3e block: fix del_gendisk() vs blkdev_ioctl crash 5cb0174 block: allow WRITE_SAME commands with the SG_IO ioctl 0f3a4aa block: fix use-after-free in sys_ioprio_get() cd0d925 ext4: fix inode checksum calculation problem if i_extra_size is small 48a5889 ext4: return EROFS if device is r/o and journal replay is needed 399562b ext4: preserve the needs_recovery flag when the journal is aborted 98f58e0 ext4: trim allocation requests to group size 77bd57e ext4: fix fencepost in s_first_meta_bg validation 45f1a95 jbd2: don't leak modified metadata buffers on an aborted journal 188b2eb ext4: validate s_first_meta_bg at mount time d61f4e2 ext4: add sanity checking to count_overhead() bd652ad ext4: fix in-superblock mount options processing 408d824 ext4: use more strict checks for inodes_per_block on mount de714a8 Btrfs: fix memory leak in reading btree blocks 0ee8821 Revert "Btrfs: don't delay inode ref updates during log, replay" Signed-off-by: Rk779 <Rahulkrishna585@gmail.com> Conflicts: arch/x86/mm/init.c |
||
|
Rk779
|
194365cbe6 |
Merge tag 'v3.10.106' into lineage-15.1
a07ea93 Linux 3.10.106
4155279 dccp: fix freeing skb too early for IPV6_RECVPKTINFO
66cb324 char: lp: fix possible integer overflow in lp_setup()
2f954a6 dccp/tcp: do not inherit mc_list from parent
e64530f mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp
43fe818 fs: exec: apply CLOEXEC before changing dumpable task flags
8676954 ipv6: handle -EFAULT from skb_copy_bits
030e0b5 tty: n_hdlc: get rid of racy n_hdlc.tbuf
a9511e7 TTY: n_hdlc, fix lockdep false positive
211bcbc KVM: kvm_io_bus_unregister_dev() should never fail
d8abb8b kvm: exclude ioeventfd from counting kvm_io_range limit
dd8db85 KVM: x86: clear bus pointer when destroyed
620d73a sctp: deny peeloff operation on asocs with threads sleeping on it
1f7cb73 sctp: avoid BUG_ON on sctp_wait_for_sndbuf
abcfcd0 ipv6: fix the use of pcpu_tstats in ip6_tunnel
e246c09 ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()
72bbf33 ipv6: fix ip6_tnl_parse_tlv_enc_lim()
3bdb157 xc2028: Fix use-after-free bug properly
d9a854e xc2028: unlock on error in xc2028_set_config()
bb4884f xc2028: avoid use after free
9391c80 Drivers: hv: avoid vfree() on crash
801c8a0 can: Fix kernel panic at security_sock_rcv_skb
414989d mm/init: fix zone boundary creation
5765ee4 USB: dummy-hcd: fix bug in stop_activity (handle ep0)
15668b4 USB: fix problems with duplicate endpoint addresses
60f704b ping: implement proper locking
3d46433 USB: usbtmc: add missing endpoint sanity check
8c11dce perf trace: Use the syscall raw_syscalls:sys_enter timestamp
8ceaec0 net: sctp: rework multihoming retransmission path selection to rfc4960
ad1336d Staging: vt6655-6: potential NULL dereference in hostap_disable_hostapd()
bda0832 tun: Fix TUN_PKT_STRIP setting
bfac362 ARM: dts: imx31: fix AVIC base address
3e721e2 ARM: dts: imx31: move CCM device node to AIPS2 bus devices
d1f922a MIPS: KGDB: Use kernel context for sleeping threads
43f8c8b l2tp: take reference on sessions being dumped
509fda4 net: phy: handle state correctly in phy_stop_machine
9bc8935 netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel
6d5f780 ring-buffer: Have ring_buffer_iter_empty() return true when empty
95948b1 tracing: Allocate the snapshot buffer before enabling probe
57420af rtl8150: Use heap buffers for all register access
6a1d611 pegasus: Use heap buffers for all register access
797971a powerpc: Disable HFSCR[TM] if TM is not supported
6800d88 char: Drop bogus dependency of DEVPORT on !M68K
d5efe5c net/mlx4_core: Fix racy CQ (Completion Queue) free
2b3d0c0 net/mlx4_en: Fix bad WQE issue
6f68a8d s390/decompressor: fix initrd corruption caused by bss clear
bc37f9a metag/usercopy: Add missing fixups
816a1ae metag/usercopy: Fix src fixup in from user rapf loops
cabb4ce metag/usercopy: Set flags before ADDZ
9a83add8 metag/usercopy: Add early abort to copy_to_user
994c8e5 metag/usercopy: Fix alignment error checking
13e03cf ring-buffer: Fix return value check in test_ringbuffer()
b8054bf ptrace: fix PTRACE_LISTEN race corrupting task->state
4fbf100 ipv4: igmp: Allow removing groups from a removed interface
98dcb81 i2c: at91: manage unexpected RXRDY flag when starting a transfer
d106ce3 USB: OHCI: Fix race between ED unlink and URB submission
62bdbcf ACPI / PNP: Reserve ACPI resources at the fs_initcall_sync stage
23b2b0e ACPI / resources: free memory on error in add_region_before()
0f06de4 ACPI / PNP: Avoid conflicting resource reservations
a11b00f ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call
4b0ca39 ALSA: ctxfi: Fallback DMA mask to 32bit
21ec215 scsi: libsas: fix ata xfer length
3f102dc ext4: mark inode dirty after converting inline directory
e32d76a mmc: ushc: fix NULL-deref at probe
735a19d uwb: hwa-rc: fix NULL-deref at probe
b00b018 uwb: i1480-dfu: fix NULL-deref at probe
626f277 USB: wusbcore: fix NULL-deref at probe
712c7fb USB: idmouse: fix NULL-deref at probe
79e603e USB: uss720: fix NULL-deref at probe
9a15264 Input: cm109 - validate number of endpoints before using them
e121cd4 Input: yealink - validate number of endpoints before using them
ab84b30 Input: hanwang - validate number of endpoints before using them
ec5cc03 Input: ims-pcu - validate number of endpoints before using them
e24a53a net: unix: properly re-increment inflight counter of GC discarded candidates
de9d09c net: properly release sk_frag.page
d7a6842 xen: do not re-use pirq number cached in pci device msi msg data
47bad91 isdn/gigaset: fix NULL-deref at probe
1e0d06b perf/core: Fix event inheritance on fork()
20af6b4 net sched actions: decrement module reference count after table flush.
29c4bf4 dccp/tcp: fix routing redirect race
9cfe942 net: net_enable_timestamp() can be called from irq contexts
12f1a0f locking/static_keys: Add static_key_{en,dis}able() helpers
7c72e85 ipv4: mask tos for input route
e5c6b9c vxlan: correctly validate VXLAN ID against VXLAN_N_VID
cb32438 USB: serial: io_ti: fix information leak in completion handler
58a600a USB: serial: io_ti: fix NULL-deref in interrupt callback
04992d7 USB: iowarrior: fix NULL-deref in write
88ee631 USB: iowarrior: fix NULL-deref at probe
50b6074 USB: serial: omninet: fix reference leaks at open
61ab4e5 USB: serial: safe_serial: fix information leak in completion handler
2b6aa62 tracing: Add #undef to fix compile error
06a5c0b MIPS: ip27: Disable qlge driver in defconfig
5e44fdd USB: serial: digi_acceleport: fix OOB-event processing
7c75989 USB: serial: digi_acceleport: fix OOB data sanity check
cc3d0c2 dm: flush queued bios when process blocks to avoid deadlock
ebd9572 nlm: Ensure callback code also checks that the files match
5bb7a6c ktest: Fix child exit code processing
2c31873 IB/ipoib: Fix deadlock between rmmod and set_mode
8e68a4d s390/qdio: clear DSCI prior to scanning multiple input queues
58ccba8 NFSv4: fix getacl head length estimation
e9a1e1c RDMA/core: Fix incorrect structure packing for booleans
5beea85 fuse: add missing FR_FORCE
f90660e ath9k: use correct OTP register offsets for the AR9340 and AR9550
6390114 scsi: aacraid: Reorder Adapter status check
0259f8b uvcvideo: Fix a wrong macro
9dc2420 MIPS: Handle microMIPS jumps in the same way as MIPS32/MIPS64 jumps
8577fb6 MIPS: Calculate microMIPS ra properly when unwinding the stack
a3e70c3 MIPS: Fix is_jump_ins() handling of 16b microMIPS instructions
9c01ee5 MIPS: Fix get_frame_info() handling of microMIPS function size
15d2aa7 MIPS: Prevent unaligned accesses during stack unwinding
1809a78 MIPS: Clear ISA bit correctly in get_frame_info()
e51712a MIPS: OCTEON: Fix copy_from_user fault handling for large buffers
beb27bf net/sched: em_meta: Fix 'meta vlan' to correctly recognize zero VID frames
37fdac5 vti4: Don't count header length twice.
3ac993d net: 6lowpan: fix lowpan_header_create non-compression memcpy call
c4c175d drm/nv50/disp: min/max are reversed in nv50_crtc_gamma_set()
dad5635 mfd: pm8921: Potential NULL dereference in pm8921_remove()
511ae3b ocfs2: do not write error flag to user structure we cannot copy from/to
7fb0b44 goldfish: Sanitize the broken interrupt handler
d3926e1 x86/platform/goldfish: Prevent unconditional loading
9ce78b1 USB: serial: ark3116: fix register-accessor error handling
1110205 USB: serial: opticon: fix CTS retrieval at open
3e642b8 USB: serial: spcp8x5: fix modem-status handling
c151418 USB: serial: ftdi_sio: fix line-status over-reporting
af1f7fb USB: serial: ftdi_sio: fix extreme low-latency setting
aa814ed USB: serial: ftdi_sio: fix modem-status error handling
c8c6bd8 USB: serial: mos7840: fix another NULL-deref at open
0b5240c net: socket: fix recvmmsg not returning error from sock_error
9aab359 packet: Do not call fanout_release from atomic contexts
2a272ab packet: fix races in fanout_add()
3d75337 l2tp: do not use udp_ioctl()
c6dfb87 ping: fix a null pointer dereference
a05c8e3 ip6_gre: fix ip6gre_err() invalid reads
96296cd netlabel: out of bound access in cipso_v4_validate()
050c309 ipv4: keep skb->dst around in presence of IP options
efca6f5 net: use a work queue to defer net_disable_timestamp() work
5c9d55e drm/i915: fix use-after-free in page_flip_completed()
01e26ca scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed send
22ae324 mac80211: Fix adding of mesh vendor IEs
fcd0b44 ARM: 8643/3: arm/ptrace: Preserve previous registers for short regset write
dd105cf svcrpc: fix oops in absence of krb5 module
5bcc3fa tcp: initialize max window for a new fastopen socket
48decd9 net: fix harmonize_features() vs NETIF_F_HIGHDMA
b2c6a97 platform/x86: intel_mid_powerbtn: Set IRQ_ONESHOT
a632ba4 s5k4ecgx: select CRC32 helper
784e4e9 drm/i915: Don't leak edid in intel_crt_detect_ddc()
7c2e0b9 crypto: caam - fix non-hmac hashes
d3005b0 fuse: do not use iocb after it may have been freed
abae7dd ite-cir: initialize use_demodulator before using it
ef60264 ARM: ux500: fix prcmu_is_cpu_in_wfi() calculation
518a744 arm64/ptrace: Reject attempts to set incomplete hardware breakpoint fields
b36ad64 arm64/ptrace: Avoid uninitialised struct padding in fpr_set()
f4c0fd3 arm64/ptrace: Preserve previous registers for short regset write
13c485b ubifs: Fix journal replay wrt. xattr nodes
490960c mtd: nand: xway: disable module support
8bc899e mmc: mxs-mmc: Fix additional cycles after transmission stop
6a4a5fd svcrpc: don't leak contexts on PROC_DESTROY
2024f68 ARM: dts: imx31: fix clock control module interrupts description
016f803 perf scripting: Avoid leaking the scripting_context variable
7d26287 IB/mlx4: Fix port query for 56Gb Ethernet links
dcb7311 IB/mlx4: Set traffic class in AH
2292bda powerpc/ibmebus: Fix device reference leaks in sysfs interface
34c23b2 powerpc/ibmebus: Fix further device reference leaks
c242797 NFSv4.1: nfs4_fl_prepare_ds must be careful about reporting success.
0954c87 x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option
2c65c73 USB: serial: ch341: fix modem-control and B0 handling
2563aee USB: serial: ch341: fix resume after reset
8024b1a USB: serial: ch341: fix open and resume after B0
352ba51 USB: serial: ch341: fix control-message error handling
6a9f8d8 USB: serial: ch341: fix open error handling
86e0a6b USB: serial: ch341: fix initial modem-control state
b031f56 USB: serial: kl5kusb105: fix line-state error handling
10e96e6 mm/hugetlb.c: fix reservation race when freeing surplus pages
4323a76 Input: i8042 - add Pegatron touchpad to noloop table
8b372d3 powerpc: Fix build warning on 32-bit PPC
8ec6068 gro: Disable frag0 optimization on IPv6 ext headers
f2c23ae gro: use min_t() in skb_gro_reset_offset()
9872698 gro: Enter slow-path if there is no tailroom
8d82183 net: stmmac: Fix race between stmmac_drv_probe and stmmac_open
4949c9e net, sched: fix soft lockup in tc_classify
3dc64c4 ser_gigaset: return -ENOMEM on error instead of success
b734c02 powerpc/pci/rpadlpar: Fix device reference leaks
985d68b mmc: mmc_test: Uninitialized return value
6075e94 target/iscsi: Fix double free in lio_target_tiqn_addtpg()
4d091cf scsi: mvsas: fix command_active typo
7712b94 iommu/amd: Fix the left value check of cmd buffer
b09fd95 clk: clk-wm831x: fix a logic error
232e0c1 hwmon: (ds620) Fix overflows seen when writing temperature limits
5c9b542 cris: Only build flash rescue image if CONFIG_ETRAX_AXISFLASHMAP is selected
34c8357 usb: dwc3: gadget: always unmap EP0 requests
57eb4ca staging: iio: ad7606: fix improper setting of oversampling pins
7a30277 USB: serial: kl5kusb105: abort on open exception path
b1d2451 ALSA: usb-audio: Fix bogus error return in snd_usb_create_stream()
1a2f2df usb: musb: Fix trying to free already-free IRQ 4
5a45bdd usb: xhci-mem: use passed in GFP flags instead of GFP_KERNEL
56a4835 USB: serial: mos7720: fix parallel probe
756f54d USB: serial: mos7720: fix parport use-after-free on probe errors
54cd03a USB: serial: mos7720: fix use-after-free on probe errors
5a896b11 USB: serial: mos7720: fix NULL-deref at open
e514b71 USB: serial: mos7840: fix NULL-deref at open
810fb7b USB: serial: kobil_sct: fix NULL-deref in write
ba35ae7 USB: serial: cyberjack: fix NULL-deref at open
7449b98 USB: serial: oti6858: fix NULL-deref at open
be7c031 USB: serial: io_edgeport: fix NULL-deref at open
52bc1e3 USB: serial: ti_usb_3410_5052: fix NULL-deref at open
a5d48a1 USB: serial: garmin_gps: fix memory leak on failed URB submit
e3c79a8 USB: serial: iuu_phoenix: fix NULL-deref at open
7d04b5c USB: serial: io_ti: fix another NULL-deref at open
0d90b3d USB: serial: io_ti: fix NULL-deref at open
7244497 USB: serial: spcp8x5: fix NULL-deref at open
1df7c66 USB: serial: keyspan_pda: verify endpoints at probe
18b787d USB: serial: pl2303: fix NULL-deref at open
4f2b2d8 USB: serial: quatech2: fix sleep-while-atomic in close
c15d09c USB: serial: omninet: fix NULL-derefs at open and disconnect
7e3f800 usb: gadget: composite: Test get_alt() presence instead of set_alt()
ecf33ba powerpc: Convert cmp to cmpd in idle enter sequence
029555a IB/multicast: Check ib_find_pkey() return value
67ae25b IB/mad: Fix an array index check
882f8f1 ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps to it
1c2287b scsi: zfcp: fix rport unblock race with LUN recovery
5d35a96 scsi: zfcp: do not trace pure benign residual HBA responses at default level
5453950 scsi: zfcp: fix use-after-"free" in FC ingress path after TMF
97c6c85 block: protect iterate_bdevs() against concurrent close
49c8225 f2fs: set ->owner for debugfs status file's file_operations
e74af99 ext4: return -ENOMEM instead of success
b70876f ext4: reject inodes with negative size
ac3d8fb ext4: fix stack memory corruption with 64k block size
cafd215 ext4: fix mballoc breakage with 64k block size
625208a crypto: caam - fix AEAD givenc descriptors
725da55 block_dev: don't test bdev->bd_contains when it is not stable
6017ea9 USB: serial: kl5kusb105: fix open error path
6e97d31 Btrfs: fix tree search logic when replaying directory entry deletes
57bf12f hotplug: Make register and unregister notifier API symmetric
3d1b965 m68k: Fix ndelay() macro
07f0386 locking/rtmutex: Prevent dequeue vs. unlock race
9488a477 ext4: fix data exposure after a crash
d19182e KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
5b22a8a KEYS: Change the name of the dead type to ".dead" to prevent user access
8e728d2 KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
cbd95d1 xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder
ccf8544 xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
452655e tcp: avoid infinite loop in tcp_splice_read()
a71b419 selinux: fix off-by-one in setprocattr
e39ab83 fbdev: color map copying bounds checking
1026a8c tmpfs: clear S_ISGID when setting posix ACLs
dd2421b posix_acl: Clear SGID bit when setting file permissions
27bf4b6 KVM: x86: Introduce segmented_write_std
2dd7d7e KVM: x86: fix emulation of "MOV SS, null selector"
dd7d4be libceph: don't set weight to IN when OSD is destroyed
3751051 EVM: Use crypto_memneq() for digest comparisons
5fd5381 crypto: crypto_memneq - add equality testing of memory regions w/o timing leaks
4bfb6dd packet: fix race condition in packet_set_ring
Signed-off-by: Rk779 <Rahulkrishna585@gmail.com>
Conflicts:
drivers/video/fbcmap.c
fs/ext3/acl.c
fs/generic_acl.c
net/ipv4/ping.c
|
||
|
Nathan Chancellor
|
c02e8f7fd4 |
Merge 3.10.105 into android-msm-bullhead-3.10-oreo-m5
Changes in 3.10.105: (315 commits)
sched/core: Fix a race between try_to_wake_up() and a woken up task
sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule()
crypto: algif_skcipher - Require setkey before accept(2)
crypto: af_alg - Disallow bind/setkey/... after accept(2)
crypto: af_alg - Add nokey compatibility path
crypto: algif_skcipher - Add nokey compatibility path
crypto: hash - Add crypto_ahash_has_setkey
crypto: shash - Fix has_key setting
crypto: algif_hash - Require setkey before accept(2)
crypto: skcipher - Add crypto_skcipher_has_setkey
crypto: algif_skcipher - Add key check exception for cipher_null
crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey path
crypto: algif_hash - Remove custom release parent function
crypto: algif_skcipher - Remove custom release parent function
crypto: af_alg - Forbid bind(2) when nokey child sockets are present
crypto: algif_hash - Fix race condition in hash_check_key
crypto: algif_skcipher - Fix race condition in skcipher_check_key
crypto: algif_skcipher - Load TX SG list after waiting
crypto: cryptd - initialize child shash_desc on import
crypto: skcipher - Fix blkcipher walk OOM crash
crypto: gcm - Fix IV buffer size in crypto_gcm_setkey
MIPS: KVM: Fix unused variable build warning
KVM: MIPS: Precalculate MMIO load resume PC
KVM: MIPS: Drop other CPU ASIDs on guest MMU changes
KVM: nVMX: postpone VMCS changes on MSR_IA32_APICBASE write
KVM: MIPS: Make ERET handle ERL before EXL
KVM: x86: fix wbinvd_dirty_mask use-after-free
KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
KVM: Disable irq while unregistering user notifier
PM / devfreq: Fix incorrect type issue.
ppp: defer netns reference release for ppp channel
x86/mm/xen: Suppress hugetlbfs in PV guests
xen: Add RING_COPY_REQUEST()
xen-netback: don't use last request to determine minimum Tx credit
xen-netback: use RING_COPY_REQUEST() throughout
xen-blkback: only read request operation from shared ring once
xen/pciback: Save xen_pci_op commands before processing it
xen/pciback: Save the number of MSI-X entries to be copied later.
xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled
xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has MSI or MSI-X enabled
xen/pciback: Do not install an IRQ handler for MSI interrupts.
xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled.
xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
xen-pciback: Add name prefix to global 'permissive' variable
x86/xen: fix upper bound of pmd loop in xen_cleanhighmap()
x86/traps: Ignore high word of regs->cs in early_idt_handler_common
x86/mm: Disable preemption during CR3 read+write
x86/apic: Do not init irq remapping if ioapic is disabled
x86/mm/pat, /dev/mem: Remove superfluous error message
x86/paravirt: Do not trace _paravirt_ident_*() functions
x86/build: Build compressed x86 kernels as PIE
x86/um: reuse asm-generic/barrier.h
iommu/amd: Update Alias-DTE in update_device_table()
iommu/amd: Free domain id when free a domain of struct dma_ops_domain
ARM: 8616/1: dt: Respect property size when parsing CPUs
ARM: 8618/1: decompressor: reset ttbcr fields to use TTBR0 on ARMv7
ARM: sa1100: clear reset status prior to reboot
ARM: sa1111: fix pcmcia suspend/resume
arm64: avoid returning from bad_mode
arm64: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
arm64: spinlocks: implement smp_mb__before_spinlock() as smp_mb()
arm64: debug: avoid resetting stepping state machine when TIF_SINGLESTEP
MIPS: Malta: Fix IOCU disable switch read for MIPS64
MIPS: ptrace: Fix regs_return_value for kernel context
powerpc/mm: Don't alias user region to other regions below PAGE_OFFSET
powerpc/vdso64: Use double word compare on pointers
powerpc/powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data()
powerpc/64: Fix incorrect return value from __copy_tofrom_user
powerpc/nvram: Fix an incorrect partition merge
avr32: fix copy_from_user()
avr32: fix 'undefined reference to `___copy_from_user'
avr32: off by one in at32_init_pio()
s390/dasd: fix hanging device after clear subchannel
parisc: Ensure consistent state when switching to kernel stack at syscall entry
microblaze: fix __get_user()
microblaze: fix copy_from_user()
mn10300: failing __get_user() and get_user() should zero
m32r: fix __get_user()
sh64: failing __get_user() should zero
score: fix __get_user/get_user
s390: get_user() should zero on failure
ARC: uaccess: get_user to zero out dest in cause of fault
asm-generic: make get_user() clear the destination on errors
frv: fix clear_user()
cris: buggered copy_from_user/copy_to_user/clear_user
blackfin: fix copy_from_user()
score: fix copy_from_user() and friends
sh: fix copy_from_user()
hexagon: fix strncpy_from_user() error return
mips: copy_from_user() must zero the destination on access_ok() failure
asm-generic: make copy_from_user() zero the destination properly
alpha: fix copy_from_user()
metag: copy_from_user() should zero the destination on access_ok() failure
parisc: fix copy_from_user()
openrisc: fix copy_from_user()
openrisc: fix the fix of copy_from_user()
mn10300: copy_from_user() should zero on access_ok() failure...
sparc32: fix copy_from_user()
ppc32: fix copy_from_user()
ia64: copy_from_user() should zero the destination on access_ok() failure
fix fault_in_multipages_...() on architectures with no-op access_ok()
fix memory leaks in tracing_buffers_splice_read()
arc: don't leak bits of kernel stack into coredump
Fix potential infoleak in older kernels
swapfile: fix memory corruption via malformed swapfile
coredump: fix unfreezable coredumping task
usb: dwc3: gadget: increment request->actual once
USB: validate wMaxPacketValue entries in endpoint descriptors
USB: fix typo in wMaxPacketSize validation
usb: xhci: Fix panic if disconnect
USB: serial: fix memleak in driver-registration error path
USB: kobil_sct: fix non-atomic allocation in write path
USB: serial: mos7720: fix non-atomic allocation in write path
USB: serial: mos7840: fix non-atomic allocation in write path
usb: renesas_usbhs: fix clearing the {BRDY,BEMP}STS condition
USB: change bInterval default to 10 ms
usb: gadget: fsl_qe_udc: signedness bug in qe_get_frame()
USB: serial: cp210x: fix hardware flow-control disable
usb: misc: legousbtower: Fix NULL pointer deference
usb: gadget: function: u_ether: don't starve tx request queue
USB: serial: cp210x: fix tiocmget error handling
usb: gadget: u_ether: remove interrupt throttling
usb: chipidea: move the lock initialization to core file
Fix USB CB/CBI storage devices with CONFIG_VMAP_STACK=y
ALSA: rawmidi: Fix possible deadlock with virmidi registration
ALSA: timer: fix NULL pointer dereference in read()/ioctl() race
ALSA: timer: fix division by zero after SNDRV_TIMER_IOCTL_CONTINUE
ALSA: timer: fix NULL pointer dereference on memory allocation failure
ALSA: ali5451: Fix out-of-bound position reporting
ALSA: pcm : Call kill_fasync() in stream lock
zfcp: fix fc_host port_type with NPIV
zfcp: fix ELS/GS request&response length for hardware data router
zfcp: close window with unblocked rport during rport gone
zfcp: retain trace level for SCSI and HBA FSF response records
zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace
zfcp: trace on request for open and close of WKA port
zfcp: restore tracing of handle for port and LUN with HBA records
zfcp: fix D_ID field with actual value on tracing SAN responses
zfcp: fix payload trace length for SAN request&response
zfcp: trace full payload of all SAN records (req,resp,iels)
scsi: zfcp: spin_lock_irqsave() is not nestable
scsi: mpt3sas: Fix secure erase premature termination
scsi: mpt3sas: Unblock device after controller reset
scsi: mpt3sas: fix hang on ata passthrough commands
mpt2sas: Fix secure erase premature termination
scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices
scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression
scsi: ibmvfc: Fix I/O hang when port is not mapped
scsi: Fix use-after-free
scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer()
scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded
scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
ext4: validate that metadata blocks do not overlap superblock
ext4: avoid modifying checksum fields directly during checksum verification
ext4: use __GFP_NOFAIL in ext4_free_blocks()
ext4: reinforce check of i_dtime when clearing high fields of uid and gid
ext4: allow DAX writeback for hole punch
ext4: sanity check the block and cluster size at mount time
reiserfs: fix "new_insert_key may be used uninitialized ..."
reiserfs: Unlock superblock before calling reiserfs_quota_on_mount()
xfs: fix superblock inprogress check
libxfs: clean up _calc_dquots_per_chunk
btrfs: ensure that file descriptor used with subvol ioctls is a dir
ocfs2/dlm: fix race between convert and migration
ocfs2: fix start offset to ocfs2_zero_range_for_truncate()
ubifs: Fix assertion in layout_in_gaps()
ubifs: Fix xattr_names length in exit paths
UBIFS: Fix possible memory leak in ubifs_readdir()
ubifs: Abort readdir upon error
ubifs: Fix regression in ubifs_readdir()
UBI: fastmap: scrub PEB when bitflips are detected in a free PEB EC header
NFSv4.x: Fix a refcount leak in nfs_callback_up_net
NFSD: Using free_conn free connection
NFS: Don't drop CB requests with invalid principals
NFSv4: Open state recovery must account for file permission changes
fs/seq_file: fix out-of-bounds read
fs/super.c: fix race between freeze_super() and thaw_super()
isofs: Do not return EACCES for unknown filesystems
hostfs: Freeing an ERR_PTR in hostfs_fill_sb_common()
driver core: Delete an unnecessary check before the function call "put_device"
driver core: fix race between creating/querying glue dir and its cleanup
drm/radeon: fix radeon_move_blit on 32bit systems
drm: Reject page_flip for !DRIVER_MODESET
drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to on
qxl: check for kmap failures
Input: i8042 - break load dependency between atkbd/psmouse and i8042
Input: i8042 - set up shared ps2_cmd_mutex for AUX ports
Input: ili210x - fix permissions on "calibrate" attribute
hwrng: exynos - Disable runtime PM on probe failure
hwrng: omap - Fix assumption that runtime_get_sync will always succeed
hwrng: omap - Only fail if pm_runtime_get_sync returns < 0
i2c-eg20t: fix race between i2c init and interrupt enable
em28xx-i2c: rt_mutex_trylock() returns zero on failure
i2c: core: fix NULL pointer dereference under race condition
i2c: at91: fix write transfers by clearing pending interrupt first
iio: accel: kxsd9: Fix raw read return
iio: accel: kxsd9: Fix scaling bug
thermal: hwmon: Properly report critical temperature in sysfs
cdc-acm: fix wrong pipe type on rx interrupt xfers
timers: Use proper base migration in add_timer_on()
EDAC: Increment correct counter in edac_inc_ue_error()
IB/ipoib: Fix memory corruption in ipoib cm mode connect flow
IB/core: Fix use after free in send_leave function
IB/ipoib: Don't allow MC joins during light MC flush
IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV
IB/mlx4: Fix create CQ error flow
IB/uverbs: Fix leak of XRC target QPs
IB/cm: Mark stale CM id's whenever the mad agent was unregistered
mtd: blkdevs: fix potential deadlock + lockdep warnings
mtd: pmcmsp-flash: Allocating too much in init_msp_flash()
mtd: nand: davinci: Reinitialize the HW ECC engine in 4bit hwctl
perf symbols: Fixup symbol sizes before picking best ones
perf: Tighten (and fix) the grouping condition
tty: Prevent ldisc drivers from re-using stale tty fields
tty: limit terminal size to 4M chars
tty: vt, fix bogus division in csi_J
vt: clear selection before resizing
drivers/vfio: Rework offsetofend()
include/stddef.h: Move offsetofend() from vfio.h to a generic kernel header
stddef.h: move offsetofend inside #ifndef/#endif guard, neaten
ipv6: don't call fib6_run_gc() until routing is ready
ipv6: split duplicate address detection and router solicitation timer
ipv6: move DAD and addrconf_verify processing to workqueue
ipv6: addrconf: fix dev refcont leak when DAD failed
ipv6: fix rtnl locking in setsockopt for anycast and multicast
ip6_gre: fix flowi6_proto value in ip6gre_xmit_other()
ipv6: correctly add local routes when lo goes up
ipv6: dccp: fix out of bound access in dccp_v6_err()
ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
ip6_tunnel: Clear IP6CB in ip6tunnel_xmit()
ip6_tunnel: disable caching when the traffic class is inherited
net/irda: handle iriap_register_lsap() allocation failure
tcp: fix use after free in tcp_xmit_retransmit_queue()
tcp: properly scale window in tcp_v[46]_reqsk_send_ack()
tcp: fix overflow in __tcp_retransmit_skb()
tcp: fix wrong checksum calculation on MTU probing
tcp: take care of truncations done by sk_filter()
bonding: Fix bonding crash
net: ratelimit warnings about dst entry refcount underflow or overflow
mISDN: Support DR6 indication in mISDNipac driver
mISDN: Fixing missing validation in base_sock_bind()
net: disable fragment reassembly if high_thresh is set to zero
ipvs: count pre-established TCP states as active
iwlwifi: pcie: fix access to scratch buffer
svc: Avoid garbage replies when pc_func() returns rpc_drop_reply
brcmsmac: Free packet if dma_mapping_error() fails in dma_rxfill
brcmsmac: Initialize power in brcms_c_stf_ss_algo_channel_get()
brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()
pstore: Fix buffer overflow while write offset equal to buffer size
net/mlx4_core: Allow resetting VF admin mac to zero
firewire: net: guard against rx buffer overflows
firewire: net: fix fragmented datagram_size off-by-one
netfilter: fix namespace handling in nf_log_proc_dostring
can: bcm: fix warning in bcm_connect/proc_register
net: fix sk_mem_reclaim_partial()
net: avoid sk_forward_alloc overflows
ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route
packet: call fanout_release, while UNREGISTERING a netdev
net: sctp, forbid negative length
sctp: validate chunk len before actually using it
net: clear sk_err_soft in sk_clone_lock()
net: mangle zero checksum in skb_checksum_help()
dccp: do not send reset to already closed sockets
dccp: fix out of bound access in dccp_v4_err()
sctp: assign assoc_id earlier in __sctp_connect
neigh: check error pointer instead of NULL for ipv4_neigh_lookup()
ipv4: use new_gw for redirect neigh lookup
mac80211: fix purging multicast PS buffer queue
mac80211: discard multicast and 4-addr A-MSDUs
cfg80211: limit scan results cache size
mwifiex: printk() overflow with 32-byte SSIDs
ipv4: Set skb->protocol properly for local output
net: sky2: Fix shutdown crash
kaweth: fix firmware download
tracing: Move mutex to protect against resetting of seq data
kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd
Revert "ipc/sem.c: optimize sem_lock()"
cfq: fix starvation of asynchronous writes
drbd: Fix kernel_sendmsg() usage - potential NULL deref
lib/genalloc.c: start search from start of chunk
tools/vm/slabinfo: fix an unintentional printf
rcu: Fix soft lockup for rcu_nocb_kthread
ratelimit: fix bug in time interval by resetting right begin time
mfd: core: Fix device reference leak in mfd_clone_cell
PM / sleep: fix device reference leak in test_suspend
mmc: mxs: Initialize the spinlock prior to using it
mmc: block: don't use CMD23 with very old MMC cards
pstore/core: drop cmpxchg based updates
pstore/ram: Use memcpy_toio instead of memcpy
pstore/ram: Use memcpy_fromio() to save old buffer
mb86a20s: fix the locking logic
mb86a20s: fix demod settings
cx231xx: don't return error on success
cx231xx: fix GPIOs for Pixelview SBTVD hybrid
gpio: mpc8xxx: Correct irq handler function
uio: fix dmem_region_start computation
KEYS: Fix short sprintf buffer in /proc/keys show function
hv: do not lose pending heartbeat vmbus packets
staging: iio: ad5933: avoid uninitialized variable in error case
mei: bus: fix received data size check in NFC fixup
ACPI / APEI: Fix incorrect return value of ghes_proc()
PCI: Handle read-only BARs on AMD CS553x devices
tile: avoid using clocksource_cyc2ns with absolute cycle count
dm flakey: fix reads to be issued if drop_writes configured
mm,ksm: fix endless looping in allocating memory when ksm enable
can: dev: fix deadlock reported after bus-off
hwmon: (adt7411) set bit 3 in CFG1 register
mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]
mfd: 88pm80x: Double shifting bug in suspend/resume
ASoC: omap-mcpdm: Fix irq resource handling
regulator: tps65910: Work around silicon erratum SWCZ010
dm: mark request_queue dead before destroying the DM device
fbdev/efifb: Fix 16 color palette entry calculation
metag: Only define atomic_dec_if_positive conditionally
Linux 3.10.105
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
arch/arm/mach-sa1100/generic.c
arch/arm64/kernel/traps.c
crypto/blkcipher.c
drivers/devfreq/devfreq.c
drivers/usb/dwc3/gadget.c
drivers/usb/gadget/u_ether.c
fs/ubifs/dir.c
include/net/if_inet6.h
lib/genalloc.c
net/ipv6/addrconf.c
net/ipv6/tcp_ipv6.c
net/wireless/scan.c
sound/core/timer.c
|
||
|
Rk779
|
23dc3cd807 |
Merge tag 'v3.10.103' into lineage-15.1
2ecaf1d Linux 3.10.103
51ace26 spi: spi-xilinx: cleanup a check in xilinx_spi_txrx_bufs()
78308a4 stb6100: fix buffer length check in stb6100_write_reg_range()
d55534b isdn: hfcpci_softirq: get func return to suppress compiler warning
9771330 net: rfkill: Do not ignore errors from regulator_enable()
c5a8b00 ALSA: oxygen: Fix logical-not-parentheses warning
2fa2c23 HID: hid-input: Add parentheses to quell gcc warning
f7ed93f squash mm: Export migrate_page_... : also make it non-static
de3cae1 be2iscsi: Fix bogus WARN_ON length check
fa20cb4 module: Invalidate signatures on force-loaded modules
8de0e6a dm flakey: error READ bios during the down_interval
12f567d ubi: Fix race condition between ubi device creation and udev
265a87b ubi: Make volume resize power cut aware
256dc4c metag: Fix __cmpxchg_u32 asm constraint for CMP
3e6afa4 ftrace/recordmcount: Work around for addition of metag magic but not relocations
1c72390 balloon: check the number of available pages in leak balloon
fb85c52 netlabel: add address family checks to netlbl_{sock,req}_delattr()
60a8744 cifs: Check for existing directory when opening file with O_CREAT
9e10c11 Bluetooth: Fix l2cap_sock_setsockopt() with optname BT_RCVMTU
e092e4f s5p-mfc: Add release callback for memory region devs
a249c24 s5p-mfc: Set device name for reserved memory region devs
21fc94d7 hp-wmi: Fix wifi cannot be hard-unblocked
68a4448 gpio: pca953x: Fix NBANK calculation for PCA9536
3787fb6 net/irda: fix NULL pointer dereference on memory allocation failure
7f92e56 fuse: fix wrong assignment of ->flags in fuse_send_init()
23cf0b7 block: fix use-after-free in seq file
f8f3d27 scsi_lib: correctly retry failed zero length REQ_TYPE_FS commands
f7f15c5 KEYS: 64-bit MIPS needs to use compat_sys_keyctl for 32-bit userspace
d5a5d0b x86/mm: Improve switch_mm() barrier comments
1cf7c76 sctp: Prevent soft lockup when sctp_accept() is called during a timeout event
72d4c30 net: mvneta: set real interrupt per packet for tx_done
fbcf1c5 ipr: Clear interrupt on croc/crocodile when running with LSI
e5a30a7 can: fix oops caused by wrong rtnl dellink usage
56a5db8 can: at91_can: RX queue could get stuck at high bus load
389ca69 mmc: block: fix packed command header endianness
80e90a3 qeth: delete napi struct when removing a qeth device
46d597e ARC: use ASL assembler mnemonic
e520113 ecryptfs: don't allow mmap when the lower fs doesn't support it
6e47981 Revert "ecryptfs: forbid opening files without mmap handler"
655a7f1 xen/pciback: Fix conf_space read/write overlap check.
6b03918b arc: unwind: warn only once if DW2_UNWIND is disabled
e1e78c0 fs/nilfs2: fix potential underflow in call to crc32_le
884c6be s390/seccomp: fix error return for filtered system calls
12f63d9 xen/acpi: allow xen-acpi-processor driver to load on Xen 4.7
655e0c0 Fix reconnect to not defer smb3 session reconnect long after socket reconnect
75b319d scsi: remove scsi_end_request
ec032b7 scsi: fix race between simultaneous decrements of ->host_failed
ed82c38 ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
9bad15d ALSA: timer: Fix leak in events via snd_timer_user_ccallback
77a13dd ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
34abd99 ALSA: ctl: Stop notification after disconnection
b753d79 ALSA: au88x0: Fix calculation in vortex_wtdma_bufshift()
c3fdd7d ALSA: dummy: Fix a use-after-free at closing
074ed3f tty/vt/keyboard: fix OOB access in do_compute_shiftstate()
585ec8b iio:ad7266: Fix probe deferral for vref
0ff80ac iio:ad7266: Fix broken regulator error handling
bb29eeb iio: accel: kxsd9: fix the usage of spi_w8r8()
56d7f34 staging: iio: accel: fix error check
c241138 iio: Fix error handling in iio_trigger_attach_poll_func
19a98b0 base: make module_create_drivers_dir race-free
a836c42 tracing: Handle NULL formats in hold_module_trace_bprintk_format()
01fcef2 kvm: Fix irq route entries exceeding KVM_MAX_IRQ_ROUTES
21e5755 cdc_ncm: workaround for EM7455 "silent" data interface
eed1a40 UBIFS: Implement ->migratepage()
31f4765 mm: Export migrate_page_move_mapping and migrate_page_copy
1e766c1 NFS: Fix another OPEN_DOWNGRADE bug
583e3ee x86/amd_nb: Fix boot crash on non-AMD systems
b92e992 kprobes/x86: Clear TF bit in fault on single-stepping
970e17c x86, build: copy ldlinux.c32 to image.iso
9a7edde IB/mlx4: Fix the SQ size of an RC QP
0c3c7f4 IB/IPoIB: Don't update neigh validity for unresolved entries
55ac348 IB/security: Restrict use of the write() interface
f40b2f1 IB/mlx4: Properly initialize GRH TClass and FlowLabel in AHs
62cfca0 mac80211_hwsim: Add missing check for HWSIM_ATTR_SIGNAL
11d7149 mac80211: mesh: flush mesh paths unconditionally
5bccf77 net: alx: Work around the DMA RX overflow issue
23f2a4c ipmr/ip6mr: Initialize the last assert time of mfc entries.
d09f7f9 sit: correct IP protocol used in ipip6_err
801b100 crypto: scatterwalk - Fix test in scatterwalk_done
ef15fd6 crypto: gcm - Filter out async ghash if necessary
7e2e211 crypto: ux500 - memmove the right size
742d555 fix d_walk()/non-delayed __d_free() race
88ac383 ecryptfs: forbid opening files without mmap handler
fcf5503 parisc: Fix pagefault crash in unaligned __get_user() call
d948109 arm: oabi compat: add missing access checks
951b391 ARM: fix PTRACE_SETVFPREGS on SMP systems
42bc57b KVM: x86: fix OOPS after invalid KVM_SET_DEBUGREGS
9eccedc xfs: skip stale inodes in xfs_iflush_cluster
360914d xfs: fix inode validity check in xfs_iflush_cluster
01ee480 xfs: xfs_iflush_cluster fails to abort on error
0ed4547 dma-debug: avoid spinlock recursion when disabling dma-debug
e7dcdba ext4: fix reference counting bug on block allocation error
bf86199 ext4: short-cut orphan cleanup on error
8b6ab35 ext4: don't call ext4_should_journal_data() on the journal inode
6dc68ac ext4: check for extents that wrap around
ea8f849 ext4: verify extent header depth
cb0b53e ext4: silence UBSAN in ext4_mb_init()
58e32a8 ext4: address UBSAN warning in mb_find_order_for_block()
3d1658b ext4: fix hang when processing corrupted orphaned inode list
0153784 drm/radeon: fix firmware info version checks
14a039bc drm/radeon: Poll for both connect/disconnect on analog connectors
6f78f4c drm/radeon: add a delay after ATPX dGPU power off
fee154e drm/radeon: fix asic initialization for virtualized environments
30e00cb drm/fb_helper: Fix references to dev->mode_config.num_connector
184f1f0 drm/gma500: Fix possible out of bounds read
b3feb52 sunrpc: fix stripping of padded MIC tokens
8110080 powerpc/tm: Always reclaim in start_thread() for exec() class syscalls
cc80e5c powerpc/pseries: Fix PCI config address for DDW
b738ed8 powerpc/iommu: Remove the dependency on EEH struct in DDW mechanism
628cb17 powerpc/pseries/eeh: Handle RTAS delay requests in configure_bridge
0d33089 powerpc: Use privileged SPR number for MMCR2
aeadb93 powerpc: Fix definition of SIAR and SDAR registers
be925e7 powerpc/book3s64: Fix branching to OOL handlers in relocatable kernel
3ba97d7 rtlwifi: Fix logic error in enter/exit power-save mode
f1fa6f7 PCI: Disable all BAR sizing for devices with non-compliant BARs
d67794f aacraid: Fix for aac_command_thread hang
4f36265 aacraid: Relinquish CPU during timeout wait
5b26ade ath5k: Change led pin configuration for compaq c700 laptop
0378ecf Input: xpad - validate USB endpoint count during probe
2ae02f0 Input: wacom_w8001 - w8001_MAX_LENGTH should be 13
b82f3ee Input: uinput - handle compat ioctl for UI_SET_PHYS
9338ba3 MIPS: KVM: Fix modular KVM under QEMU
ce7222f MIPS: Fix 64k page support for 32 bit kernels.
13f004c MIPS: ath79: make bootconsole wait for both THRE and TEMT
f814113 MIPS: Fix siginfo.h to use strict posix types
2c767da MIPS: math-emu: Fix jalr emulation when rd == $0
5928125 MIPS: KVM: Propagate kseg0/mapped tlb fault errors
8cee00e MIPS: KVM: Fix gfn range check in kseg0 tlb faults
2336de8 MIPS: KVM: Add missing gfn range check
828e4e1 MIPS: KVM: Fix mapped fault broken commpage handling
aadf1c4 tcp: consider recv buf for the initial window scale
4f6b169 tcp: record TLP and ER timer stats in v6 stats
b1f32b9 tcp: make challenge acks less predictable
24fc11a tmpfs: fix regression hang in fallocate undo
6d2eb0f tmpfs: don't undo fallocate past its last page
1196c36 libceph: apply new_state before new_up_client on incrementals
ba29357 HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands
0ba4f4bb printk: do cond_resched() between lines while outputting to consoles
af110cc mm: migrate dirty page without clear_page_dirty_for_io etc
273e07f KEYS: potential uninitialized variable
82365cf cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind
f474c52 pipe: limit the per-user amount of pages allocated in pipes
b1b4bec x86/mm: Add barriers and document switch_mm()-vs-flush synchronization
a2fe085 usb: renesas_usbhs: protect the CFIFOSEL setting in usbhsg_ep_enable()
664133c usb: musb: Ensure rx reinit occurs for shared_fifo endpoints
788d2a8 usb: musb: Stop bulk endpoint while queue is rotated
1883edde USB: serial: option: add support for Telit LE910 PID 0x1206
122ac0b USB: EHCI: declare hostpc register as zero-length array
903c5a4 USB: fix up faulty backports
ba3904e USB: usbfs: fix potential infoleak in devio
bbb0942 USB: fix invalid memory access in hub_activate()
98f57e4 udp: properly support MSG_PEEK with truncated buffers
6aaf5d4 PCI/ACPI: Fix _OSC ordering to allow PCIe hotplug use when available
15db6bf signal: remove warning about using SI_TKILL in rt_[tg]sigqueueinfo
55e1f39 perf/x86: Fix undefined shift on 32-bit kernels
ad0fd1a perf/x86: Honor the architectural performance monitoring version
0a05233 netfilter: x_tables: introduce and use xt_copy_counters_from_user
eb4a7d6 Revert "netfilter: ensure number of counters is >0 in do_replace()"
151cc2f netfilter: x_tables: do compat validation via translate_table
bb56059 netfilter: ensure number of counters is >0 in do_replace()
fbe426f netfilter: x_tables: xt_compat_match_from_user doesn't need a retval
b560137 netfilter: ip6_tables: simplify translate_compat_table args
f9e9232 netfilter: ip_tables: simplify translate_compat_table args
b6694fc netfilter: arp_tables: simplify translate_compat_table args
1a10388 netfilter: x_tables: don't reject valid target size on some architectures
1b507b9 netfilter: x_tables: validate all offsets and sizes in a rule
71f72bb netfilter: x_tables: check for bogus target offset
5366deb netfilter: x_tables: check standard target size too
3053233 netfilter: x_tables: add compat version of xt_check_entry_offsets
6b9f8b7 netfilter: x_tables: assert minimum target size
ea878a4 netfilter: x_tables: kill check_entry helper
ff9be20 netfilter: x_tables: add and use xt_check_entry_offsets
82e2616 netfilter: x_tables: don't move to non-existent next rule
1ee858d netfilter: x_tables: fix unconditional helper
74afad8 netfilter: x_tables: make sure e->next_offset covers remaining blob size
0608074 netfilter: x_tables: validate e->target_offset early
2d2bec8 x86, asmlinkage, apm: Make APM data structure used from assembler visible
ba3e6ea X.509: remove possible code fragility: enumeration values not handled
Signed-off-by: Rk779 <Rahulkrishna585@gmail.com>
Conflicts:
drivers/hid/usbhid/hiddev.c
kernel/panic.c
net/ipv4/netfilter/arp_tables.c
net/ipv4/netfilter/ip_tables.c
net/ipv6/netfilter/ip6_tables.c
|
||
|
Rk779
|
e7aaa4587a |
Merge tag 'v3.10.102' into lineage-15.1
ca1199f Linux 3.10.102
fd1a096 serial: samsung: Reorder the sequence of clock control when call s3c24xx_serial_set_termios()
0fff1b1 tty: vt, return error when con_startup fails
49849df USB: serial: option: add support for Cinterion PH8 and AHxx
9d08a99 USB: serial: io_edgeport: fix memory leaks in probe error path
1f983d0 USB: serial: quatech2: fix use-after-free in probe error path
550d9c4 USB: serial: keyspan: fix use-after-free in probe error path
c21f25b Bluetooth: vhci: purge unhandled skbs
e9e0c8a mmc: longer timeout for long read time quirk
e94c917 mmc: mmc: Fix partition switch timeout for some eMMCs
0cf2661 mfd: omap-usb-tll: Fix scheduling while atomic BUG
acd2913 ring-buffer: Prevent overflow of size in ring_buffer_resize()
1b54934 ring-buffer: Use long for nr_pages to avoid overflow failures
076765e fs/cifs: correctly to anonymous authentication via NTLMSSP
ee78aa2 net: fix a kernel infoleak in x25 module
2b3e8cb net: bridge: fix old ioctl unlocked net device walk
ced4eef VSOCK: do not disconnect socket when peer has shutdown SEND only
f9d6914 net: fix infoleak in rtnetlink
44efbfa net: fix infoleak in llc
58da198 atl2: Disable unimplemented scatter/gather feature
13b8971 packet: fix heap info leak in PACKET_DIAG_MCLIST sock_diag interface
3b848d3 route: do not cache fib route info on local routes with oif
49fabfb decnet: Do not build routes to devices without decnet private data.
d248f68 ARM: OMAP3: Fix booting with thumb2 kernel
3f557d2 asmlinkage, pnp: Make variables used from assembler code visible
6985c64f Input: max8997-haptic - fix NULL pointer dereference
8613b37 get_rock_ridge_filename(): handle malformed NM entries
f220ec5 crypto: hash - Fix page length clamping in hash walk
73dd3ac powerpc: scan_features() updates incorrect bits for REAL_LE
d7b49e5 Input: ads7846 - correct the value got from SPI
5e1a1e7 USB: serial: cp210x: add Straizona Focusers device ids
15e27ea USB: serial: cp210x: add ID for Link ECU
505a7a6 ACPICA: Dispatcher: Update thread ID for recursive method calls
cd275e9 MAINTAINERS: Remove asterisk from EFI directory names
e712c5d batman-adv: Fix broadcast/ogm queue limit on a removed interface
5210e24 proc: prevent accessing /proc/<PID>/environ until it's ready
7b640fe ARM: SoCFPGA: Fix secondary CPU startup in thumb2 kernel
834f595 lpfc: fix misleading indentation
d3605b9 clk: versatile: sp810: support reentrance
f95bba8 nbd: ratelimit error msgs after socket close
049c18d ipvs: correct initial offset of Call-ID header search in SIP persistence engine
5d814ad compiler-gcc: disable -ftracer for __noclone functions
26898db ARM: OMAP3: Add cpuidle parameters table for omap3430
ab30678 perf stat: Document --detailed option
7041518 Drivers: hv: vmbus: prevent cpu offlining on newer hypervisors
df1da5a include/linux/poison.h: fix LIST_POISON{1,2} offset
310c45d drivers/misc/ad525x_dpot: AD5274 fix RDAC read back errors
e35d983 rtc: vr41xx: Wire up alarm_irq_enable
8e80683 misc/bmp085: Enable building as a module
78d64c6 fbdev: da8xx-fb: fix videomodes of lcd panels
226a8ce paride: make 'verbose' parameter an 'int' again
378175d USB: usbip: fix potential out-of-bounds write
8a872b1 workqueue: fix ghost PENDING flag while doing MQ IO
e2d8aa4 efi: Fix out-of-bounds read in variable_matches()
fba8a3e ASoC: s3c24xx: use const snd_soc_component_driver pointer
8d418eb EDAC: i7core, sb_edac: Don't return NOTIFY_BAD from mce_decoder callback
faf35c2 i2c: cpm: Fix build break due to incompatible pointer types
adaad9d Input: gtco - fix crash on detecting device without endpoints
3af67b1b nl80211: check netlink protocol in socket release notification
b0b53578 crypto: gcm - Fix rfc4543 decryption crash
7fbd632 usb: hcd: out of bounds access in for_each_companion
e1d5408 usb: xhci: fix wild pointers in xhci_mem_cleanup
87e4617 usbvision: fix crash on detecting device with invalid configuration
c5b5d09 usbvision: fix leak of usb_dev on failure paths in usbvision_probe()
6645b82 usbvision-video: fix memory leak of alt_max_pkt_size
f839050 drm/radeon: hold reference to fences in radeon_sa_bo_new (3.17 and older)
7ed849b HID: usbhid: fix inconsistent reset/resume/reset-resume behavior
6a2ba9c ext4: add lockdep annotations for i_data_sem
4407936 usb: renesas_usbhs: disable TX IRQ before starting TX DMAC transfer
5a6df60 usb: renesas_usbhs: avoid NULL pointer derefernce in usbhsf_pkt_handler()
d840a0c ip6_tunnel: set rtnl_link_ops before calling register_netdevice
0ad91c67 ipv6: l2tp: fix a potential issue in l2tp_ip6_recv
e8bf435 ipv4: l2tp: fix a potential issue in l2tp_ip_recv
c75e78a qmi_wwan: add "D-Link DWM-221 B1" device id
c57d15c ppp: take reference on channels netns
fb7d23c qlge: Fix receive packets drop.
d6a8ef9 ath9k: fix buffer overrun for ar9287
4d882b6 farsync: fix off-by-one bug in fst_add_one
8ba9ba1 net: Fix use after free in the recvmmsg exit path
0babba1b sh_eth: fix NULL pointer dereference in sh_eth_ring_format()
952bca8 udp6: fix UDP/IPv6 encap resubmit path
cfa74bd usbnet: cleanup after bind() in probe()
13eec5c cdc_ncm: toggle altsetting to force reset before setup
abcb7fb ipv6: re-enable fragment header matching in ipv6_find_hdr
9ad2f2e sctp: lack the check for ports in sctp_v6_cmp_addr
6bd21b4 net: jme: fix suspend/resume on JMC260
0e57779 ALSA: timer: Use mod_timer() for rearming the system timer
247ed0d parisc: Fix kernel crash with reversed copy_from_user()
ac6a8eb parisc: Avoid function pointers for kernel exception routines
1c6a2c4 hwmon: (max1111) Return -ENODEV from max1111_read_channel if not instantiated
750fc13 perf/x86/intel: Fix PEBS data source interpretation on Nehalem/Westmere
0579a12 sched/cputime: Fix steal time accounting vs. CPU hotplug
155025b mtd: onenand: fix deadlock in onenand_block_markbad
898eeac ocfs2/dlm: fix BUG in dlm_move_lockres_to_recovery_list
70f5f65 ocfs2/dlm: fix race between convert and recovery
0db3833 Input: ati_remote2 - fix crashes on detecting device with invalid descriptor
da23ec5 Input: ims-pcu - sanity check against missing interfaces
869dc27 scripts/coccinelle: modernize &
2ec6dac tracing: Fix trace_printk() to print when not using bprintk()
3f3f1fc tracing: Fix crash from reading trace_pipe with sendfile
e550992 tracing: Have preempt(irqs)off trace preempt disabled functions
aeda736 drm/radeon: Don't drop DP 2.7 Ghz link setup on some cards.
e018f7b ipr: Fix regression when loading firmware
c7f5b11 ipr: Fix out-of-bounds null overwrite
7af534d rapidio/rionet: fix deadlock on SMP
f6d033a md/raid5: Compare apples to apples (or sectors to sectors)
c716151 xtensa: clear all DBREAKC registers on start
fd5924d xtensa: ISS: don't hang if stdin EOF is reached
929522b splice: handle zero nr_pages in splice_to_pipe()
9bd0caf watchdog: rc32434_wdt: fix ioctl error handling
f5b0d85 bcache: fix cache_set_flush() NULL pointer dereference on OOM
7493d12 jbd2: fix FS corruption possibility in jbd2_journal_destroy() on umount path
f4795a4 ALSA: intel8x0: Add clock quirk entry for AD1981B on IBM ThinkPad X41.
68d6ceb media: v4l2-compat-ioctl32: fix missing length copy in put_v4l2_buffer32
d2d7a79 bttv: Width must be a multiple of 16 when capturing planar formats
d86c21c 8250: use callbacks to access UART_DLL/UART_DLM
1c7f227 net: irda: Fix use-after-free in irtty_open()
67352ca Input: powermate - fix oops with malicious USB descriptors
4bf0746 pwc: Add USB id for Philips Spc880nc webcam
071e303 USB: option: add "D-Link DWM-221 B1" device id
284d34a USB: serial: cp210x: Adding GE Healthcare Device ID
e5ffd63 USB: cypress_m8: add endpoint sanity check
129e637 USB: digi_acceleport: do sanity checking for the number of ports
ffb372d USB: mct_u232: add sanity checking in probe
1b282e3 USB: usb_driver_claim_interface: add sanity checking
28fa0e4 USB: iowarrior: fix oops with malicious USB descriptors
d5f0867 USB: cdc-acm: more sanity checking
68d8ecd usb: retry reset if a device times out
eb236fd be2iscsi: set the boot_kset pointer to NULL in case of failure
324d4df aacraid: Fix memory leak in aac_fib_map_free
64adb59 sg: fix dxferp in from_to case
721485b x86/iopl: Fix iopl capability check on Xen PV
a47831b x86, processor-flags: Fix the datatypes and add bit number defines
f85cb76 x86: Rename X86_CR4_RDWRGSFS to X86_CR4_FSGSBASE
bb37dac linux/const.h: Add _BITUL() and _BITULL()
fa75115 PCI: Disable IO/MEM decoding for devices with non-compliant BARs
a3fda4b EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()
f556290 KVM: fix spin_lock_init order on x86
a6821c1 KVM: i8254: change PIT discard tick policy
d4d37e9 x86: LLVMLinux: Fix "incomplete type const struct x86cpu_device_id"
a4a4f1c compiler-gcc: integrate the various compiler-gcc[345].h files
308f438 ext4: fix NULL pointer dereference in ext4_mark_inode_dirty()
c9950bc x86/iopl/64: Properly context-switch IOPL on Xen PV
ce9588a pipe: Fix buffer offset after partially failed read
Signed-off-by: Rk779 <Rahulkrishna585@gmail.com>
|
||
|
Rk779
|
140201c295 |
Merge tag 'v3.10.101' into lineage-15.1
326a1b2 Linux 3.10.101 1f2493f Revert: "crypto: af_alg - Disallow bind/setkey/... after accept(2)" d6692b5 modules: fix longstanding /proc/kallsyms vs module insertion race. c8bedaa lib/ucs2_string: Correct ucs2 -> utf8 conversion 15b988c efi: Add pstore variables to the deletion whitelist 7b35014 efi: Make efivarfs entries immutable by default d591b6d efi: Make our variable validation list include the guid 44f21ed efi: Do variable name validation tests in utf8 c6d535a efi: Use ucs2_as_utf8 in efivarfs instead of open coding a bad version f0b5aae lib/ucs2_string: Add ucs2 -> utf8 helper functions 73c1d98 KVM: x86: move steal time initialization to vcpu entry time b4f8295 powerpc: Fix dedotify for binutils >= 2.26 0103c34f mac80211: minstrel_ht: set default tx aggregation timeout to 0 bb1df1e mac80211: fix use of uninitialised values in RX aggregation 5fc40fd wext: fix message delay/ordering 86ac250 ASoC: wm8958: Fix enum ctl accesses in a wrong type 2f2ba1d ASoC: wm8994: Fix enum ctl accesses in a wrong type 1934f32 tracing: Fix check for cpu online when event is disabled 618fedd KVM: VMX: disable PEBS before a guest entry |
||
|
Rk779
|
cebe3e76a3 |
Merge tag 'v3.10.100' into lineage-15.1
19d0bd7 Linux 3.10.100 3e04866 Revert "drm/radeon: hold reference to fences in radeon_sa_bo_new" 552b532 ubi: Fix out of bounds write in volume update code 5a86f5f USB: serial: option: add support for Quectel UC20 85b14c7a USB: serial: option: add support for Telit LE922 PID 0x1045 d9f2fa1 USB: cp210x: Add ID for Parrot NMEA GPS Flight Recorder f196347 ALSA: timer: Fix broken compat timer user status ioctl 080c4a4 ALSA: hdspm: Fix zero-division e3d2f69 ALSA: hdsp: Fix wrong boolean ctl value accesses b8834e4 ALSA: hdspm: Fix wrong boolean ctl value accesses e21cf19 ALSA: seq: oss: Don't drain at closing a client 3d0c02d ALSA: timer: Fix ioctls for X32 ABI f6e8594 ALSA: rawmidi: Fix ioctls X32 ABI 6146f38 ALSA: ctl: Fix ioctls for X32 ABI b723bb7 Fix directory hardlinks from deleted directories 44024ba jffs2: Fix page lock / f->sem deadlock dc71448 Revert "jffs2: Fix lock acquisition order bug in jffs2_write_begin" 137d2a2 PM / sleep / x86: Fix crash on graph trace through x86 suspend f105a72 libata: Align ata_device's id on a cacheline 45eb9d8 libata: fix HDIO_GET_32BIT ioctl eed92d8 drm/ast: Fix incorrect register check for DRAM width 4e24fd5 x86/entry/compat: Add missing CLAC to entry_INT80_32 ad1ec23 CIFS: Fix SMB2+ interim response processing for read requests 9f2c4c9 EDAC, mc_sysfs: Fix freeing bus' name 29ec60c locks: fix unlock when fcntl_setlk races with a close |
||
|
Rk779
|
ff5802d8d3 |
Merge tag 'v3.10.98' into lineage-15.1
90915bd Linux 3.10.98
dd6f1f0 module: wrapper for symbol name.
40ea6e6 ip6mr: call del_timer_sync() in ip6mr_free_table()
a895706 futex: Drop refcount if requeue_pi() acquired the rtmutex
4800af9 x86/asm/irq: Stop relying on magic JMP behavior for early_idt_handlers
08fc7d3 intel_scu_ipcutil: underflow in scu_reg_access()
c750edf radix-tree: fix oops after radix_tree_iter_retry
a202017 radix-tree: fix race in gang lookup
a28c4bb memcg: only free spare array when readers are done
d5b8e6b scripts/bloat-o-meter: fix python3 syntax error
2942425 dma-debug: switch check from _text to _stext
ac6cef6 m32r: fix m32104ut_defconfig build fail
e399e76 xhci: Fix list corruption in urb dequeue at host removal
f8f1013 mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone()
1631f17 iommu/vt-d: Fix 64-bit accesses to 32-bit DMAR_GSTS_REG
|
||
|
Rk779
|
d2b0f64696 |
Merge tag 'v3.10.97' into lineage-15.1
66b4554 Linux 3.10.97 d67d24e binfmt_elf: Don't clobber passed executable's file header 669e0b0 FS-Cache: Increase reference of parent after registering, netfs success 471b813 crypto: user - lock crypto_alg_list on alg dump 9250afa crypto: algif_hash - wait for crypto_ahash_init() to complete 71eec87 ahci: Intel DNV device IDs SATA f6c2bfd libata: disable forced PORTS_IMPL for >= AHCI 1.3 d2b76ee AHCI: Fix softreset failed issue of Port Multiplier f77597b crypto: af_alg - Fix socket double-free when accept fails 5a707f0 crypto: af_alg - Disallow bind/setkey/... after accept(2) 766ac2a ext4: Fix handling of extended tv_sec 6f2db87 tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) 4478e22 USB: option: fix Cinterion AHxx enumeration 3bee9e6 USB: serial: option: Adding support for Telit LE922 e193199 USB: cp210x: add ID for IAI USB to RS485 adaptor 03b987c USB: serial: ftdi_sio: add support for Yaesu SCU-18 cable f1a9ca0 USB: visor: fix null-deref at probe 3b079e3 USB: serial: visor: fix crash on detecting device without write_urbs 24e1fdb USB: ti_usb_3410_502: Fix ID table size d5ce15e saa7134-alsa: Only frees registered sound cards 49911dc ALSA: timer: Fix race between stop and interrupt e063b1a ALSA: dummy: Implement timer backend switching more safely c5929da ALSA: hda - Fix speaker output from VAIO AiO machines 538d254 ALSA: timer: Fix wrong instance passed to slave callbacks 8a77871 ALSA: timer: Fix link corruption due to double start or stop 732bc47 ALSA: timer: Fix leftover link at closing 51e9bd7 ALSA: timer: Code cleanup e53ec49 ALSA: seq: Fix lockdep warnings due to double mutex locks 14bdca3 ALSA: seq: Fix race at closing in virmidi driver 4df6314 ALSA: seq: Fix yet another races among ALSA timer accesses f042b75 ASoC: dpcm: fix the BE state on hw_free aae80d6 ALSA: pcm: Fix potential deadlock in OSS emulation 264df9e ALSA: rawmidi: Fix race at copying & updating the position f6cbda7 ALSA: rawmidi: Remove kernel WARNING for NULL user-space buffer check a04cbfb ALSA: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup() 3e24e59 ALSA: dummy: Disable switching timer backend via sysfs 074e46b ALSA: compress: Disable GET_CODEC_CAPS ioctl for some architectures 482c4c1 ALSA: usb-audio: avoid freeing umidi object twice fc34588 ALSA: usb-audio: Fix TEAC UD-501/UD-503/NT-503 usb delay 8634750 fix sysvfs symlinks 53587d46 media: vb2 dma-contig: Fully cache synchronise buffers in prepare and finish 1b97331 v4l2-compat-ioctl32: fix alignment for ARM64 4fdefe9 parisc: Fix __ARCH_SI_PREAMBLE_SIZE fedff89 parisc: Fix syscall restarts d2bb787 parisc: Drop unused MADV_xxxK_PAGES flags from asm/mman.h 1daeb19 fix calculation of meta_bg descriptor backups 1174350 jbd2: Fix unreclaimed pages after truncate in data=journal mode 98b3bd6 mtd: mtdpart: fix add_mtd_partitions error path 2acba4b vTPM: fix memory allocation flag for rtce buffer at kernel boot c0d57f2 wlcore/wl12xx: spi: fix NULL pointer dereference (Oops) 0d20999 wlcore/wl12xx: spi: fix oops on firmware load 1dcdf54 spi: fix parent-device reference leak 092f4b7 spi: atmel: Fix DMA-setup for transfers with more than 8 bits per word 0fd9b8b Revert "dm mpath: fix stalls when handling invalid ioctls" 516932b sh64: fix __NR_fgetxattr bb169b2 ocfs2/dlm: clear refmap bit of recovery lock while doing local recovery cleanup 854e6fc ocfs2/dlm: ignore cleaning the migration mle that is inuse fa17bfe kernel/signal.c: unexport sigsuspend() 2ed0426 remoteproc: avoid stack overflow in debugfs file e9828fd HID: usbhid: fix recursive deadlock d6671b0 dm btree: fix leak of bufio-backed block in btree_split_sibling error path daaf3fd crypto: algif_hash - Only export and import on sockets with data 12c1515 xhci: fix placement of call to usb_disabled() 4bd503f recordmcount: Fix endianness handling bug for nop_mcount Signed-off-by: Rk779 <Rahulkrishna585@gmail.com> |
||
|
Nathan Chancellor
|
647ba60993 |
Revert "ASoC: compress: Fix compress device direction check"
This breaks sound because both capture and playback are set, triggering the -EINVAL return, which wasn't a problem before. This patch is not needed. This reverts commit 9a76e683b64361450f3e331dd6634f5aa39ea51b. Signed-off-by: Nathan Chancellor <natechancellor@gmail.com> |
||
|
Yogendra Charya Tangalapally
|
84d4c5a179 |
ANDROID: sound: rawmidi: Hold lock around realloc
The SNDRV_RAWMIDI_STREAM_{OUTPUT,INPUT} ioctls may reallocate
runtime->buffer while other kernel threads are accessing it. If the
underlying krealloc() call frees the original buffer, then this can turn
into a use-after-free.
Most of these accesses happen while the thread is holding runtime->lock,
and can be fixed by just holding the same lock while replacing
runtime->buffer, however we can't hold this spinlock while
snd_rawmidi_kernel_{read1,write1} are copying to/from userspace. We
need to add and acquire a new mutex to prevent this from happening
concurrently with reallocation. We hold this mutex during the entire
reallocation process, to also prevent multiple concurrent reallocations
leading to a double-free.
Signed-off-by: Daniel Rosenberg <drosen@google.com>
bug: 64315347
Change-Id: I05764d4f1a38f373eb7c0ac1c98607ee5ff0eded
[dcagle@codeaurora.org: Resolve trivial merge conflict]
Git-repo: https://android.googlesource.com/kernel/msm
Git-commit: d7193540482d11ff0ad3a07fc18717811641c6eb
Signed-off-by: Yogendra Charya Tangalapally <c_yctang@qti.qualcomm.com>
|
||
|
Rk779
|
ee0d4872ab |
Merge tag 'v3.10.96' into lineage-15.1
e14ca73 Linux 3.10.96
5d5ee1d mn10300: Select CONFIG_HAVE_UID16 to fix build failure
156057c openrisc: fix CONFIG_UID16 setting
51bf4d0 HID: core: Avoid uninitialized buffer access
431124c parisc iommu: fix panic due to trying to allocate too large region
c8f487a arm64: mm: ensure that the zero page is visible to the page table walker
c2db3a4 arm64: Clear out any singlestep state on a ptrace detach operation
7c25432 arm64: fix building without CONFIG_UID16
288ac50 scripts/recordmcount.pl: support data in text section on powerpc
5bb9a36 powerpc: Make {cmp}xchg* and their atomic_ versions fully ordered
5ac5ac96 powerpc: Make value-returning atomics fully ordered
5d64942 powerpc/tm: Block signal return setting invalid MSR state
c496409 team: Replace rcu_read_lock with a mutex in team_vlan_rx_kill_vid
f82699d ppp, slip: Validate VJ compression slot parameters completely
0698722 isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
4734f53 phonet: properly unshare skbs in phonet_rcv()
3ed8606 tcp_yeah: don't set ssthresh below 2
439af14 net: possible use after free in dst_release
a150615 bridge: Only call /sbin/bridge-stp for the initial network namespace
df87da0 unix: properly account for FDs passed over unix sockets
644acb9 connector: bump skb->users before callback invocation
4a3411c sctp: sctp should release assoc when sctp_make_abort_user return NULL in sctp_close
0714155 ipv6/addrlabel: fix ip6addrlbl_get()
927905f veth: don’t modify ip_summed; doing so treats packets with bad checksums as good.
ad55109 xhci: refuse loading if nousb is used
c4924b5 USB: cp210x: add ID for ELV Marble Sound Board 1
5dbf71c USB: ipaq.c: fix a timeout loop
e6a13dd usb: xhci: fix config fail of FS hub behind a HS hub with MTT
9a76e68 ASoC: compress: Fix compress device direction check
1702ac2 ASoC: arizona: Fix bclk for sample rates that are multiple of 4kHz
48436c8 ASoC: wm8962: correct addresses for HPF_C_0/1
2f65969 ALSA: control: Avoid kernel warnings from tlv ioctl with numid 0
d24455e ALSA: hrtimer: Fix stall by hrtimer_cancel()
425b1bc ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode
870566b ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode
fd6788c ALSA: timer: Fix double unlink of active_list
a49bdee ALSA: timer: Fix race among timer ioctls
ea83c96 ALSA: timer: Harden slave timer list handling
6e29b1c ALSA: seq: Fix race at timer setup and close
b85a619 ALSA: seq: Fix missing NULL check at remove_events ioctl
9cb16b5 ALSA: hda/realtek - Fix silent headphone output on MacPro 4,1 (v2)
4b98be8 ALSA: hda - Set SKL+ hda controller power at freeze() and thaw()
ae8ca6a ALSA: hda - Add inverted dmic for Packard Bell DOTS
43702b7 ALSA: rme96: Fix unexpected volume reset after rate changes
b768cd7 ALSA: hda - Apply pin fixup for HP ProBook 6550b
6e14ea9 ALSA: hda - Add Intel Lewisburg device IDs Audio
dd66c0e1 ipmi: move timer init to before irq is setup
6ec8f1c x86/boot: Double BOOT_HEAP_SIZE to 64KB
a919f20 x86/reboot/quirks: Add iMac10,1 to pci_reboot_dmi_table[]
d59f772 KVM: PPC: Book3S HV: Prohibit setting illegal transaction state in MSR
c55958f x86/xen: don't reset vcpu_info on a cancelled suspend
723e01b xen/gntdev: Grant maps should not be subject to NUMA balancing
c511958 x86/signal: Fix restart_syscall number for x32 tasks
85ec923 af_unix: fix incorrect revert of 'lock_interruptible' in stream receive code
Signed-off-by: Rk779 <Rahulkrishna585@gmail.com>
|
||
|
Rk779
|
4552942224 |
Merge tag 'v3.10.94' into lineage-15.1
03ed106 Linux 3.10.94 82dbfa5 ALSA: usb-audio: work around CH345 input SysEx corruption 88ab732 ALSA: usb-audio: prevent CH345 multiport output SysEx corruption 5d39c9b ALSA: usb-audio: add packet size quirk for the Medeli DD305 53009ce USB: option: add XS Stick W100-2 from 4G Systems b2dbbdd USB: serial: option: add support for Novatel MiFi USB620L 9a96014 usb: musb: core: fix order of arguments to ulpi write callback 2391fbf usblp: do not set TASK_INTERRUPTIBLE before lock b2a5b59 arm64: Fix compat register mappings 3b792c8 can: sja1000: clear interrupts on start c458207 Bluetooth: hidp: fix device disconnect on idle timeout 9babe68 staging: rtl8712: Add device ID for Sitecom WLA2100 95563ce mwifiex: fix mwifiex_rdeeprom_read() dde9eef net: mvneta: Fix CPU_MAP registers initialisation ad9550e mac80211: fix driver RSSI event calculations 8fa88fa x86/cpu: Fix SMAP check in PVOPS environments 8f14777b x86/cpu: Call verify_cpu() after having entered long mode too 308b1b0 x86/setup: Fix low identity map for >= 2GB kernel range fa4fbf7 x86/setup: Extend low identity map to cover whole kernel range 8d4b965 ARM: orion: Fix DSA platform device after mvmdio conversion 1aac1dc ARM: 8427/1: dma-mapping: add support for offset parameter in dma_mmap() 98cc6d3 ARM: 8426/1: dma-mapping: add missing range check in dma_mmap() c79f626 RDS: verify the underlying transport exists before creating a connection bd81712 virtio-net: drop NETIF_F_FRAGLIST 0be0e57 net: fix a race in dst_release() 0861d01 net: avoid NULL deref in inet_ctl_sock_destroy() 25e462d ipmr: fix possible race resulting from improper usage of IP_INC_STATS_BH() in preemptible context. 34805d1 stmmac: Correctly report PTP capabilities. 669cd5e net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes 074043f RDS-TCP: Recover correctly from pskb_pull()/pksb_trim() failure in rds_tcp_data_recv e42f6b5 ppp: fix pppoe_dev deletion condition in pppoe_release() edbdd72 irda: precedence bug in irlmp_seq_hb_idx() |
||
|
Rk779
|
d04e2e2f5d |
Merge tag 'v3.10.91' into lineage-15.1
61ce152 Linux 3.10.91
c3dadb2 3w-9xxx: don't unmap bounce buffered commands
613df15 staging: speakup: fix speakup-r regression
d60cb612 dm cache: fix NULL pointer when switching from cleaner policy
f7c7bb9 x86: Add 1/2/4/8 byte optimization to 64bit __copy_{from,to}_user_inatomic
8938c10 genirq: Fix race in register_irq_proc()
e9346b9 fib_rules: Fix dump_rules() not to exit early
495d9de bonding: correct the MAC address for "follow" fail_over_mac policy
46409b7 m68k: Define asmlinkage_protect
339cb27 arm64: readahead: fault retry breaks mmap file read random detection
fa6ef73 vfs: Test for and handle paths that are unreachable from their mnt_root
91397d5 dcache: Handle escaped paths in prepend_path
ef5844a IB/qib: Change lkey table allocation to support more MRs
480ed18 UBI: return ENOSPC if no enough space available
a5bae33 UBI: Validate data_size
892e053 powerpc/MSI: Fix race condition in tearing down MSI interrupts
d7b00aa md: flush ->event_work before stopping array.
1335a48 MIPS: dma-default: Fix 32-bit fall back to GFP_DMA
b196b11 USB: Add reset-resume quirk for two Plantronics usb headphones.
fcb7ae4 usb: Add device quirk for Logitech PTZ cameras
560fac9 usb: Use the USB_SS_MULT() macro to get the burst multiplier.
db3611b security: fix typo in security_task_prctl
0bdf795 regmap: debugfs: Don't bother actually printing when calculating max length
789ef3d regmap: debugfs: Ensure we don't underflow when printing access masks
4d2c033 udf: Check length of extended attributes and allocation descriptors
2fc9fc9 ipvs: fix crash with sync protocol v0 and FTP
212c45a ipvs: do not use random local source address for tunnels
162d3c2 Initialize msg/shm IPC objects before doing ipc_addid()
760f9dc usb: xhci: Add support for URB_ZERO_PACKET to bulk/sg transfers
560db83 xhci: change xhci 1.0 only restrictions to support xhci 1.1
5eaec96 usb: xhci: Clear XHCI_STATE_DYING on start
0bccecf USB: whiteheat: fix potential null-deref at probe
253db04 drm: Reject DRI1 hw lock ioctl functions for kms drivers
10ff4a0 disabling oplocks/leases via module parm enable_oplocks broken for SMB3
6709d8bdf netfilter: nf_conntrack: Support expectations in different zones
bad5bfc dm raid: fix round up of default region size
03fbf70 USB: option: add ZTE PIDs
249fbae dm btree: add ref counting ops for the leaves of top level btrees
ba45b48 staging: comedi: adl_pci7x3x: fix digital output on PCI-7230
6ec7d68 btrfs: skip waiting on ordered range for special files
b7ab3af ASoC: dwc: correct irq clear method
9f6425c ASoC: fix broken pxa SoC support
c47197f ALSA: synth: Fix conflicting OSS device registration on AWE32
9834213 mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy a fault
69155df spi: spi-pxa2xx: Check status register to determine if SSSR_TINT is disabled
69e6860 spi: Fix documentation of spi_alloc_master()
919845c x86/xen: Support kexec/kdump in HVM guests by doing a soft reset
4f9d535 x86/mm: Set NX on gap between __ex_table and rodata
fb7eff9 Use WARN_ON_ONCE for missing X86_FEATURE_NRIPS
9870892 x86/platform: Fix Geode LX timekeeping in the generic x86 build
ffebdff x86/apic: Serialize LVTT and TSC_DEADLINE writes
a5c5872 windfarm: decrement client count when unregistering
a180063 ARM: 8429/1: disable GCC SRA optimization
b200a84 perf header: Fixup reading of HEADER_NRCPUS feature
4f402ee scsi: fix scsi_error_handler vs. scsi_host_dev_release race
Signed-off-by: Rk779 <Rahulkrishna585@gmail.com>
|
||
|
Rk779
|
4547d5e20f |
Merge tag 'v3.10.90' into lineage-15.1
f5552cd Linux 3.10.90 d565d87 Revert "iio: bmg160: IIO_BUFFER and IIO_TRIGGERED_BUFFER are required" e6478de vfs: Remove incorrect debugging WARN in prepend_path d0550a3 fib_rules: fix fib rule dumps across multiple skbs e7bb902 sctp: fix race on protocol/netns initialization 02b5ca7 net/ipv6: Correct PIM6 mrt_lock handling 162e3d1 ipv6: fix exthdrs offload registration in out_rt path fe47400 usbnet: Get EVENT_NO_RUNTIME_PM bit before it is cleared 6d8c190 ip6_gre: release cached dst on tunnel removal 7cd1033 rds: fix an integer overflow test in rds_info_getsockopt() 3ebe377 netlink: don't hold mutex in rcu callback when releasing mmapd ring cecc562 inet: frags: fix defragmented packet's IP header for af_packet e3e3caa bonding: fix destruction of bond with devices different from arphrd_ether 4b633bb ipv6: lock socket in ip6_datagram_connect() c6419a8 isdn/gigaset: reset tty->receive_room when attaching ser_gigaset 8d228c9 bridge: mdb: fix double add notification 5fa39f1 net: Fix skb_set_peeked use-after-free bug 4164cda net: Fix skb csum races when peeking 0ba48ae net: Clone skb before setting peeked flag c987fa7 net: call rcu_read_lock early in process_backlog f85eee6 net: pktgen: fix race between pktgen_thread_worker() and kthread_stop() 7865ece bridge: mdb: zero out the local br_ip variable before use afabf2a net/tipc: initialize security state for new connection socket 3b9393d ipv6: Make MLD packets to only be processed locally 9f6191d x86: bpf_jit: fix compilation of large bpf programs fa83234 vhost/scsi: potential memory corruption 7bf2498 sctp: fix ASCONF list handling 61cabc7 hfs,hfsplus: cache pages correctly between bnode_create and bnode_free 2698f57 IB/mlx4: Use correct SL on AH query under RoCE a6d452e IB/mlx4: Forbid using sysfs to change RoCE pkeys caf2335 IB/uverbs: Fix race between ib_uverbs_open and remove_one 939f804 IB/uverbs: reject invalid or unknown opcodes 431152b hfs: fix B-tree corruption after insertion at position 0 f8cb639 xen/gntdev: convert priv->lock to a mutex d3e972d md/raid10: always set reshape_safe when initializing reshape_position. ab7a4b4 mmc: core: fix race condition in mmc_wait_data_done 9bdee2f fs: if a coredump already exists, unlink and recreate with O_EXCL de047ce vmscan: fix increasing nr_isolated incurred by putback unevictable pages 706ad8d parisc: Filter out spurious interrupts in PA-RISC irq handler 690eb5e NFS: nfs_set_pgio_error sometimes misses errors 9520ac7 NFSv4: don't set SETATTR for O_RDONLY|O_EXCL 92a6eef rc-core: fix remove uevent generation 55b9029 x86/mm: Initialize pmd_idx in page_table_range_init_count() 1d6c457 Add radeon suspend/resume quirk for HP Compaq dc5750. 2ba90c0 powerpc/rtas: Introduce rtas_get_sensor_fast() for IRQ handlers 36e5789 powerpc/mm: Fix pte_pagesize_index() crash on 4K w/64K hash 4c9510d ALSA: hda - Use ALC880_FIXUP_FUJITSU for FSC Amilo M1437 e8c2bbe ALSA: hda - Enable headphone jack detect on old Fujitsu laptops 8a31f0d arm64: head.S: initialise mdcr_el2 in el2_setup a507adf arm64: compat: fix vfp save/restore across signal handlers in big-endian f828609 arm64: kconfig: Move LIST_POISON to a safe value 957c0c6 mac80211: enable assoc check for mesh interfaces f4487c4 tg3: Fix temperature reporting f04fce5 rtlwifi: rtl8192cu: Add new device ID 6b7d2f5 unshare: Unsharing a thread does not require unsharing a vm Conflicts: drivers/mmc/core/core.c |
||
|
Rk779
|
a11872cdad |
Merge tag 'v3.10.87' into lineage-15.1
5a427ce Linux 3.10.87 022d35a mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations bc0a524 md/bitmap: return an error when bitmap superblock is corrupt. d7a681b7 kvm: x86: fix kvm_apic_has_events to check for NULL pointer a6bb935 signal: fix information leak in copy_siginfo_from_user32 16a4955 signal: fix information leak in copy_siginfo_to_user 5c233bf signalfd: fix information leak in signalfd_copyinfo 22ab6a2 ARM: 7819/1: fiq: Cast the first argument of flush_icache_range() 627cd15 ARM: Fix FIQ code on VIVT CPUs 28d4d6e ARM: Fix !kuser helpers case 4d0dd43 sg_start_req(): make sure that there's not too many elements in iovec c4a6d3f md/raid1: extend spinlock to protect raid1_end_read_request against inconsistencies 2a4cb7b ocfs2: fix BUG in ocfs2_downconvert_thread_do_work() 2934eb3 ipc: modify message queue accounting to not take kernel data structures into account 5d6e589 ALSA: hda - fix cs4210_spdif_automute() 621468a iscsi-target: Fix iscsit_start_kthreads failure OOPs dff252b rbd: fix copyup completion race d3646ba crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer 292f536 xen/gntdevt: Fix race condition in gntdev_release() 3f2c206 x86/xen: Probe target addresses in set_aliased_prot() before the hypercall 683d1a7 sparc64: Fix userspace FPU register corruptions. 2312fd4 sparc64: Fix FPU register corruption with AES crypto offload. 3d82319 perf/x86/amd: Rework AMD PMU init code 14c99cd mfd: sm501: dbg_regs attribute must be read-only 471bfba ipmi: fix timeout calculation when bmc is disconnected 21c7d38 md: use kzalloc() when bitmap is disabled e850ac8 USB: sierra: add 1199:68AB device ID c0f9418 xhci: fix off by one error in TRB DMA address boundary check b8a1310 ipr: Fix invalid array indexing for HRRQ 615b0eb ipr: Fix incorrect trace indexing ec8ea7c ipr: Fix locking for unit attention handling 2f1a904 drm/radeon/combios: add some validation of lvds values 36db20ae fsnotify: fix oops in fsnotify_clear_marks_by_group_flags() c45e0a8 MIPS: Make set_pte() SMP safe. ff26891 MIPS: Fix sched_getaffinity with MT FPAFF enabled 6025624 ARM: realview: fix sparsemem build Signed-off-by: Rk779 <Rahulkrishna585@gmail.com> |
||
|
Rk779
|
228242fa0f |
Merge tag 'v3.10.86' into lineage-15.1
78fb9f4 Linux 3.10.86 8492fd4 efi: fix 32bit kernel boot failed problem using efi 92eba7d iscsi-target: Fix iser explicit logout TX kthread leak 8345c74 iscsi-target: Fix use-after-free during TPG session shutdown bde8e91 vhost: actually track log eventfd file 6c3498f rds: rds_ib_device.refcount overflow 5eeb26f xhci: prevent bus_suspend if SS port resuming in phase 1 99bcb88 xhci: report U3 when link is in resume state 7e74269 xhci: Calculate old endpoints correctly on device reset 76e0de0 usb-storage: ignore ZTE MF 823 card reader in mode 0x1225 357dafb ata: pmp: add quirk for Marvell 4140 SATA PMP 74f412a blkcg: fix gendisk reference leak in blkg_conf_prep() 15d6dd8 Input: usbtouchscreen - avoid unresponsive TSC-30 touch screen 9fbf45e tile: use free_bootmem_late() for initrd d831228 md/raid1: fix test for 'was read error from last working device'. 4713a3a mmc: sdhci-pxav3: fix platform_data is not initialized 04c6708 mmc: sdhci-esdhc: Make 8BIT bus work b070163 mac80211: clear subdir_stations when removing debugfs bdedc62 st: null pointer dereference panic caused by use after kref_put by st_open c97464e ALSA: hda - Fix MacBook Pro 5,2 quirk 025b812 ALSA: usb-audio: add dB range mapping for some devices a904904 ALSA: usb-audio: Add MIDI support for Steinberg MI2/MI4 dcc2305 genirq: Prevent resend to interrupts marked IRQ_NESTED_THREAD 508a750 ARC: make sure instruction_pointer() returns unsigned value 3a893ef s390/sclp: clear upper register halves in _sclp_print_early 518309e freeing unlinked file indefinitely delayed efcbc94 mm: avoid setting up anonymous pages into file mapping Signed-off-by: Rk779 <Rahulkrishna585@gmail.com> |
||
|
Rk779
|
f1a1508d86 |
Merge tag 'v3.10.85' into lineage-15.1
Signed-off-by: Rk779 <Rahulkrishna585@gmail.com> |
||
|
Sultanxda
|
f603bd6485 |
ASoC: core: Don't assign an out-of-bounds address to rtd_aux
When card->num_aux_devs is zero, card->rtd_aux is assigned an out-of-bounds address. This was found by KASan at runtime: ================================================================== BUG: KASAN: slab-out-of-bounds in msm_audrx_init+0xaa8/0xba4 at addr ffffffc14021ec18 Read of size 8 by task kworker/u8:9/264 page:ffffffbdc5008000 count:1 mapcount:0 mapping: (null) index:0x0 flags: 0x4000000000004000(head) page dumped because: kasan: bad access detected CPU: 3 PID: 264 Comm: kworker/u8:9 Tainted: G B W 3.18.31-Sultan #39 Hardware name: Qualcomm Technologies, Inc. MSM 8996 v3.0 + PMI8996 MTP (DT) Workqueue: deferwq deferred_probe_work_func Call trace: [<ffffffc00008a7bc>] dump_backtrace+0x0/0x298 [<ffffffc00008aa68>] show_stack+0x14/0x1c [<ffffffc000fa8134>] dump_stack+0x98/0xc0 [<ffffffc0001b1a44>] kasan_report+0x3a4/0x4e8 [<ffffffc0001b115c>] __asan_load8+0x24/0x7c [<ffffffc000cf47b4>] msm_audrx_init+0xaa8/0xba4 [<ffffffc000c293f4>] snd_soc_register_card+0x10ac/0x1c04 [<ffffffc000cf564c>] msm8996_asoc_machine_probe+0xd9c/0xf1c [<ffffffc000670a8c>] platform_drv_probe+0x50/0xa4 [<ffffffc00066ecd4>] driver_probe_device+0x114/0x2e0 [<ffffffc00066eee0>] __device_attach+0x40/0x64 [<ffffffc00066cf20>] bus_for_each_drv+0xac/0xdc [<ffffffc00066f058>] device_attach+0x94/0xc0 [<ffffffc00066d218>] bus_probe_device+0x48/0xf0 [<ffffffc00066e53c>] deferred_probe_work_func+0xa0/0xd0 [<ffffffc0000c229c>] process_one_work+0x324/0x50c [<ffffffc0000c2928>] worker_thread+0x4a4/0x624 [<ffffffc0000c9808>] kthread+0x138/0x14c Memory state around the buggy address: ffffffc14021eb00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ffffffc14021eb80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe >ffffffc14021ec00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ^ ffffffc14021ec80: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ffffffc14021ed00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ================================================================== Change-Id: I5e5cf2f672753c483917142b6ebf1330995b20a5 Signed-off-by: Sultanxda <sultanxda@gmail.com> |
||
|
Takashi Iwai
|
5bbc6bb514 |
UPSTREAM: ALSA: usb-audio: Kill stray URB at exiting
commit 124751d5e63c823092060074bd0abaae61aaa9c4 upstream. USB-audio driver may leave a stray URB for the mixer interrupt when it exits by some error during probe. This leads to a use-after-free error as spotted by syzkaller like: ================================================================== BUG: KASAN: use-after-free in snd_usb_mixer_interrupt+0x604/0x6f0 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:16 dump_stack+0x292/0x395 lib/dump_stack.c:52 print_address_description+0x78/0x280 mm/kasan/report.c:252 kasan_report_error mm/kasan/report.c:351 kasan_report+0x23d/0x350 mm/kasan/report.c:409 __asan_report_load8_noabort+0x19/0x20 mm/kasan/report.c:430 snd_usb_mixer_interrupt+0x604/0x6f0 sound/usb/mixer.c:2490 __usb_hcd_giveback_urb+0x2e0/0x650 drivers/usb/core/hcd.c:1779 .... Allocated by task 1484: save_stack_trace+0x1b/0x20 arch/x86/kernel/stacktrace.c:59 save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:551 kmem_cache_alloc_trace+0x11e/0x2d0 mm/slub.c:2772 kmalloc ./include/linux/slab.h:493 kzalloc ./include/linux/slab.h:666 snd_usb_create_mixer+0x145/0x1010 sound/usb/mixer.c:2540 create_standard_mixer_quirk+0x58/0x80 sound/usb/quirks.c:516 snd_usb_create_quirk+0x92/0x100 sound/usb/quirks.c:560 create_composite_quirk+0x1c4/0x3e0 sound/usb/quirks.c:59 snd_usb_create_quirk+0x92/0x100 sound/usb/quirks.c:560 usb_audio_probe+0x1040/0x2c10 sound/usb/card.c:618 .... Freed by task 1484: save_stack_trace+0x1b/0x20 arch/x86/kernel/stacktrace.c:59 save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 kasan_slab_free+0x72/0xc0 mm/kasan/kasan.c:524 slab_free_hook mm/slub.c:1390 slab_free_freelist_hook mm/slub.c:1412 slab_free mm/slub.c:2988 kfree+0xf6/0x2f0 mm/slub.c:3919 snd_usb_mixer_free+0x11a/0x160 sound/usb/mixer.c:2244 snd_usb_mixer_dev_free+0x36/0x50 sound/usb/mixer.c:2250 __snd_device_free+0x1ff/0x380 sound/core/device.c:91 snd_device_free_all+0x8f/0xe0 sound/core/device.c:244 snd_card_do_free sound/core/init.c:461 release_card_device+0x47/0x170 sound/core/init.c:181 device_release+0x13f/0x210 drivers/base/core.c:814 .... Actually such a URB is killed properly at disconnection when the device gets probed successfully, and what we need is to apply it for the error-path, too. In this patch, we apply snd_usb_mixer_disconnect() at releasing. Also introduce a new flag, disconnected, to struct usb_mixer_interface for not performing the disconnection procedure twice. Change-Id: Ibe5b1f714cd304cfefcd736d0bcfc168c54f8a48 Reported-by: Andrey Konovalov <andreyknvl@google.com> Tested-by: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Marissa Wall <marissaw@google.com> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com> |
||
|
Takashi Iwai
|
967355323f |
UPSTREAM: ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
commit bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991 When a USB-audio device receives a maliciously adjusted or corrupted buffer descriptor, the USB-audio driver may access an out-of-bounce value at its parser. This was detected by syzkaller, something like: BUG: KASAN: slab-out-of-bounds in usb_audio_probe+0x27b2/0x2ab0 Read of size 1 at addr ffff88006b83a9e8 by task kworker/0:1/24 CPU: 0 PID: 24 Comm: kworker/0:1 Not tainted 4.14.0-rc1-42251-gebb2c2437d80 #224 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:16 dump_stack+0x292/0x395 lib/dump_stack.c:52 print_address_description+0x78/0x280 mm/kasan/report.c:252 kasan_report_error mm/kasan/report.c:351 kasan_report+0x22f/0x340 mm/kasan/report.c:409 __asan_report_load1_noabort+0x19/0x20 mm/kasan/report.c:427 snd_usb_create_streams sound/usb/card.c:248 usb_audio_probe+0x27b2/0x2ab0 sound/usb/card.c:605 usb_probe_interface+0x35d/0x8e0 drivers/usb/core/driver.c:361 really_probe drivers/base/dd.c:413 driver_probe_device+0x610/0xa00 drivers/base/dd.c:557 __device_attach_driver+0x230/0x290 drivers/base/dd.c:653 bus_for_each_drv+0x161/0x210 drivers/base/bus.c:463 __device_attach+0x26e/0x3d0 drivers/base/dd.c:710 device_initial_probe+0x1f/0x30 drivers/base/dd.c:757 bus_probe_device+0x1eb/0x290 drivers/base/bus.c:523 device_add+0xd0b/0x1660 drivers/base/core.c:1835 usb_set_configuration+0x104e/0x1870 drivers/usb/core/message.c:1932 generic_probe+0x73/0xe0 drivers/usb/core/generic.c:174 usb_probe_device+0xaf/0xe0 drivers/usb/core/driver.c:266 really_probe drivers/base/dd.c:413 driver_probe_device+0x610/0xa00 drivers/base/dd.c:557 __device_attach_driver+0x230/0x290 drivers/base/dd.c:653 bus_for_each_drv+0x161/0x210 drivers/base/bus.c:463 __device_attach+0x26e/0x3d0 drivers/base/dd.c:710 device_initial_probe+0x1f/0x30 drivers/base/dd.c:757 bus_probe_device+0x1eb/0x290 drivers/base/bus.c:523 device_add+0xd0b/0x1660 drivers/base/core.c:1835 usb_new_device+0x7b8/0x1020 drivers/usb/core/hub.c:2457 hub_port_connect drivers/usb/core/hub.c:4903 hub_port_connect_change drivers/usb/core/hub.c:5009 port_event drivers/usb/core/hub.c:5115 hub_event+0x194d/0x3740 drivers/usb/core/hub.c:5195 process_one_work+0xc7f/0x1db0 kernel/workqueue.c:2119 worker_thread+0x221/0x1850 kernel/workqueue.c:2253 kthread+0x3a1/0x470 kernel/kthread.c:231 ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 This patch adds the checks of out-of-bounce accesses at appropriate places and bails out when it goes out of the given buffer. Change-Id: If4bed53e824123f7dc2df2cf0ec9ce98560cf259 Reported-by: Andrey Konovalov <andreyknvl@google.com> Tested-by: Andrey Konovalov <andreyknvl@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com> |
||
|
Robb Glasser
|
daef713ba2 |
ALSA: pcm: prevent UAF in snd_pcm_info
When the device descriptor is closed, the `substream->runtime` pointer is freed. But another thread may be in the ioctl handler, case SNDRV_CTL_IOCTL_PCM_INFO. This case calls snd_pcm_info_user() which calls snd_pcm_info() which accesses the now freed `substream->runtime`. Bug: 36006981 Signed-off-by: Robb Glasser <rglasser@google.com> Signed-off-by: Nick Desaulniers <ndesaulniers@google.com> Change-Id: I445d24bc21dc0af6d9522a8daabe64969042236a Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com> |
||
|
Olivier Karasangabo
|
c8d5289eb1
|
32.4.A.0.160
Change-Id: I06b24a90791d31f252fd7cc4f8ae412a0e182726 |
||
|
Takashi Iwai
|
186947a654
|
ALSA: timer: Fix double unlink of active_list
commit ee8413b01045c74340aa13ad5bdf905de32be736 upstream. ALSA timer instance object has a couple of linked lists and they are unlinked unconditionally at snd_timer_stop(). Meanwhile snd_timer_interrupt() unlinks it, but it calls list_del() which leaves the element list itself unchanged. This ends up with unlinking twice, and it was caught by syzkaller fuzzer. The fix is to use list_del_init() variant properly there, too. Change-Id: I7517f64f648f53eee6af10a8534a0ea457bd206d Reported-by: Dmitry Vyukov <dvyukov@google.com> Tested-by: Dmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> |
||
|
Takashi Iwai
|
120955e0f3
|
BACKPORT: ALSA: timer: Fix race between read and ioctl
The read from ALSA timer device, the function snd_timer_user_tread(), may access to an uninitialized struct snd_timer_user fields when the read is concurrently performed while the ioctl like snd_timer_user_tselect() is invoked. We have already fixed the races among ioctls via a mutex, but we seem to have forgotten the race between read vs ioctl. This patch simply applies (more exactly extends the already applied range of) tu->ioctl_lock in snd_timer_user_tread() for closing the race window. Reported-by: Alexander Potapenko <glider@google.com> Tested-by: Alexander Potapenko <glider@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> (cherry picked from commit d11662f4f798b50d8c8743f433842c3e40fe3378) Signed-off-by: Connor O'Brien <connoro@google.com> Bug: 62201221 Change-Id: I67a3b5153c39ce9f6d7571b5aa8faabe5e3dbb83 |
||
|
Takashi Iwai
|
f9ee851826
|
ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT
snd_timer_user_tselect() reallocates the queue buffer dynamically, but it forgot to reset its indices. Since the read may happen concurrently with ioctl and snd_timer_user_tselect() allocates the buffer via kmalloc(), this may lead to the leak of uninitialized kernel-space data, as spotted via KMSAN: BUG: KMSAN: use of unitialized memory in snd_timer_user_read+0x6c4/0xa10 CPU: 0 PID: 1037 Comm: probe Not tainted 4.11.0-rc5+ #2739 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:16 dump_stack+0x143/0x1b0 lib/dump_stack.c:52 kmsan_report+0x12a/0x180 mm/kmsan/kmsan.c:1007 kmsan_check_memory+0xc2/0x140 mm/kmsan/kmsan.c:1086 copy_to_user ./arch/x86/include/asm/uaccess.h:725 snd_timer_user_read+0x6c4/0xa10 sound/core/timer.c:2004 do_loop_readv_writev fs/read_write.c:716 __do_readv_writev+0x94c/0x1380 fs/read_write.c:864 do_readv_writev fs/read_write.c:894 vfs_readv fs/read_write.c:908 do_readv+0x52a/0x5d0 fs/read_write.c:934 SYSC_readv+0xb6/0xd0 fs/read_write.c:1021 SyS_readv+0x87/0xb0 fs/read_write.c:1018 This patch adds the missing reset of queue indices. Together with the previous fix for the ioctl/read race, we cover the whole problem. Reported-by: Alexander Potapenko <glider@google.com> Tested-by: Alexander Potapenko <glider@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> |
||
|
Viraja Kommaraju
|
6ef78b08e7
|
ASoC: msm: qdsp6v2: Change audio drivers to use %pK
Change all qdsp6v2 audio driver to use %pK instead of %p. %pK hides addresses when the users doesn't have kernel permissions. If address information is needed echo 0 > /proc/sys/kernel/kptr_restrict. Change-Id: Ifcd61bd2615505be80dd834e9dbee9c22f3d72ac Signed-off-by: Viraja Kommaraju <virajak@codeaurora.org> |
||
|
Olivier Karasangabo
|
c890000d05
|
Merge remote-tracking branch 'caf/LA.BF64.1.2.3_rb1.16' into HEAD
Change-Id: I29b6c70f6d3f7d4bfbbcd48b4391922204267164 |
||
|
Dan Carpenter
|
5e33183da8
|
ALSA: compress_core: integer overflow in snd_compr_allocate_buffer()
These are 32 bit values that come from the user, we need to check for integer overflows or we could end up allocating a smaller buffer than expected. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> |
||
|
Andrey Konovalov
|
ae306adc03
|
ALSA: usb-audio: avoid freeing umidi object twice
commit 07d86ca93db7e5cdf4743564d98292042ec21af7 upstream. The 'umidi' object will be free'd on the error path by snd_usbmidi_free() when tearing down the rawmidi interface. So we shouldn't try to free it in snd_usbmidi_create() after having registered the rawmidi interface. Found by KASAN. Change-Id: I109ad90b5836a5422380816671f9eb1a37e0557e Signed-off-by: Andrey Konovalov <andreyknvl@gmail.com> Acked-by: Clemens Ladisch <clemens@ladisch.de> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> |
||
|
Olivier Karasangabo
|
043520fbbb
|
Merge remote-tracking branch 'caf/LA.BF64.1.2.3_rb1.15' into HEAD
Change-Id: I2b851aadc8eaaf4a8edb297c767c8b3d091be9d3 |
||
|
Weiyin Jiang
|
1ff1f2ea1a |
SoC: msm: audio-effects: return directly to avoid integer overflow
Return error code directly to avoid further integer overflow leading to buffer overflow. Change-Id: I8b74efda227726494724f4387c45b5b6fa04637b CRs-Fixed: 2077909 Signed-off-by: Weiyin Jiang <wjiang@codeaurora.org> |
||
|
Linux Build Service Account
|
5a7a975c1c | Merge "ASoC: msm: qdsp6v2: add size check to fix out of bounds issue" | ||
|
Vidyakumar Athota
|
e26b29ea3a |
ASoC: msm: qdsp6v2: add size check to fix out of bounds issue
Before calling audio calibration ioctl functions, compare the allocated buffer size to the size of the header and cal type header to ensure the buffer is big enough. Change-Id: I601bb37ddcc34d459c207cf579f29744fe912d7b Signed-off-by: Vidyakumar Athota <vathota@codeaurora.org> |
||
|
Bhalchandra Gajare
|
9a3065a611 |
ASoC: msm-lsm-client: use kzalloc instead of kmalloc
In the ioctl function, driver allocates memory to store data internally before calling copy_to_user to copy data to user-space. It is possible that kernel internal information can be leaked to user space through this if the allocated memory is not completely overwritten with valid data. Use kzalloc to fix this. CRs-fixed: 2026045 Change-Id: I754ae2157034a135aaca4a15badf10d2567b7ed6 Signed-off-by: Bhalchandra Gajare <gajare@codeaurora.org> |
||
|
Yeleswarapu Nagaradhesh
|
0bad5176a1 |
ASoC: msm: acquire lock in ioctl
If two ioctls are triggered with different commands, there is a possibility to access freed confidence level memory. To resolve this acquire lock in ioctl. Also release mutex lock properly in error cases. CRs-Fixed: 1103085 Change-Id: I7d6b2eff21c8297e5f0755a0c141254be32f777d Signed-off-by: Yeleswarapu Nagaradhesh <nagaradh@codeaurora.org> |
||
|
Xiaojun Sang
|
622e29a871 |
ASoC: msm: remove unused msm-compr-q6-v2
msm-compr-q6-v2.c and msm-compr-q6-v2.h are no longer used. CRs-Fixed: 2022953 Change-Id: I856d90a212a3e123a2c8b80092aff003f7c608c7 Signed-off-by: Xiaojun Sang <xsang@codeaurora.org> |
||
|
Takashi Iwai
|
71a578bf49 |
ALSA: pcm : Call kill_fasync() in stream lock
Currently kill_fasync() is called outside the stream lock in snd_pcm_period_elapsed(). This is potentially racy, since the stream may get released even during the irq handler is running. Although snd_pcm_release_substream() calls snd_pcm_drop(), this doesn't guarantee that the irq handler finishes, thus the kill_fasync() call outside the stream spin lock may be invoked after the substream is detached, as recently reported by KASAN. As a quick workaround, move kill_fasync() call inside the stream lock. The fasync is rarely used interface, so this shouldn't have a big impact from the performance POV. Ideally, we should implement some sync mechanism for the proper finish of stream and irq handler. But this oneliner should suffice for most cases, so far. Change-Id: I6e50dfd91d6f8888a089d8bc29e1331c5e013a66 Reported-by: Baozeng Ding <sploving1@gmail.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Willy Tarreau <w@1wt.eu> Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git Git-commit: a27178e05b7c332522df40904f27674e36ee3757 Signed-off-by: Dennis Cagle <d-cagle@codeaurora.org> |
||
|
Siena Richard
|
a4a0d245cb |
ASoC: msm: qdsp6v2: clear address on error
Set address to NULL on error to ensure a stale address is not used. CRs-Fixed: 2038685 Signed-off-by: Siena Richard <sienar@codeaurora.org> Change-Id: I17e7b7b404625d21721b2466e70fa8be2370b517 |
||
|
Olivier Karasangabo
|
9578321ba1
|
Merge remote-tracking branch 'caf/LA.BF64.1.2.3_rb1.12' into HEAD
Change-Id: I2b44be7474f74ab2a12f0ae331bfe3af30d1674c |
||
|
Olivier Karasangabo
|
78ee17bafe
|
Merge remote-tracking branch 'caf/LA.BF64.1.2.3_rb1.11' into HEAD | ||
|
Alexy Joseph
|
6be07a8998 |
ASoC: qdsp6v2: Remove Eagle code
Eagle driver is not in use any more. Remove the code and associated calls to it. CRs-Fixed: 1103106 Change-Id: Ice5333861beda9538f0783b70b3267523d16fd2b Signed-off-by: Alexy Joseph <alexyj@codeaurora.org> |
||
|
Xiaojun Sang
|
578eb74435 |
ASoC: msm: qdsp6v2: set pointer to NULL after free.
Pointer after kfree is not sanitized. Set pointer to NULL. CRs-Fixed: 2008031 Change-Id: Ia59a57fcd142a6ed18d168992b8da4019314afa4 Signed-off-by: Xiaojun Sang <xsang@codeaurora.org> Signed-off-by: Bikshapathi Kothapeta <bkotha@codeaurora.org> |
||
|
Olivier Karasangabo
|
835d61c69a
|
Merge remote-tracking branch 'caf/LA.BF64.1.2.3_rb1.9' into HEAD
Change-Id: I2391988ac82581b76333efe2f33c3ea722390cc2 |