Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cf68f6b7 authored by Bharath's avatar Bharath Committed by Karsten Tausche
Browse files

Merge tag 'ASB-2022-10-01_4.9-q' into int/11/fp3 

https://source.android.com/docs/security/bulletin/2022-10-01
CVE-2022-1786
CVE-2022-20421
CVE-2022-20422
CVE-2022-20423
CVE-2022-20409

* tag 'ASB-2022-10-01_4.9-q': (73 commits)
  Linux 4.9.330
  ext4: make directory inode spreading reflect flexbg size
  Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region
  s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
  serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
  serial: Create uart_xmit_advance()
  net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
  perf kcore_copy: Do not check /proc/modules is unchanged
  can: gs_usb: gs_can_open(): fix race dev->can.state condition
  MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko
  net: team: Unsync device addresses on ndo_stop
  ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
  netfilter: nf_conntrack_irc: Tighten matching on DCC message
  netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
  mm/slub: fix to return errno if kmalloc() fails
  ALSA: hda: add Intel 5 Series / 3400 PCI DID
  ALSA: hda/tegra: set depop delay for tegra
  USB: core: Fix RST error in hub.c
  wifi: mac80211: Fix UAF in ieee80211_scan_rx()
  video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
  ...

Change-Id: I9d6de083385b93ca1575858e469e70c142947f04
parents 8410720d e9098858

Makefile

+1 −1
Original line number Diff line number Diff line 
VERSION = 4

PATCHLEVEL = 9

SUBLEVEL = 327

SUBLEVEL = 330

EXTRAVERSION =

NAME = Roaring Lionus

arch/mips/lantiq/clk.c

+1 −0
Original line number Diff line number Diff line
@@ -52,6 +52,7 @@ struct clk *clk_get_io(void) 
{

	return &cpu_clk_generic[2];

}

EXPORT_SYMBOL_GPL(clk_get_io);



struct clk *clk_get_ppe(void)

{

arch/mips/loongson32/ls1c/board.c

+0 −1
Original line number Diff line number Diff line
@@ -18,7 +18,6 @@ static struct platform_device *ls1c_platform_devices[] __initdata = { 
static int __init ls1c_platform_init(void)

{

	ls1x_serial_set_uartclk(&ls1x_uart_pdev);

	ls1x_rtc_set_extclk(&ls1x_rtc_pdev);



	return platform_add_devices(ls1c_platform_devices,

				   ARRAY_SIZE(ls1c_platform_devices));

arch/parisc/kernel/head.S

+42 −1
Original line number Diff line number Diff line
@@ -22,7 +22,7 @@ 
#include <linux/linkage.h>

#include <linux/init.h>



	.level	PA_ASM_LEVEL

	.level	1.1



	__INITDATA

ENTRY(boot_args)
@@ -69,6 +69,47 @@ $bss_loop: 
	stw,ma          %arg2,4(%r1)

	stw,ma          %arg3,4(%r1)



#if !defined(CONFIG_64BIT) && defined(CONFIG_PA20)

	/* This 32-bit kernel was compiled for PA2.0 CPUs. Check current CPU

	 * and halt kernel if we detect a PA1.x CPU. */

	ldi		32,%r10

	mtctl		%r10,%cr11

	.level 2.0

	mfctl,w		%cr11,%r10

	.level 1.1

	comib,<>,n	0,%r10,$cpu_ok



	load32		PA(msg1),%arg0

	ldi		msg1_end-msg1,%arg1

$iodc_panic:

	copy		%arg0, %r10

	copy		%arg1, %r11

	load32		PA(init_stack),%sp

#define MEM_CONS 0x3A0

	ldw		MEM_CONS+32(%r0),%arg0	// HPA

	ldi		ENTRY_IO_COUT,%arg1

	ldw		MEM_CONS+36(%r0),%arg2	// SPA

	ldw		MEM_CONS+8(%r0),%arg3	// layers

	load32		PA(__bss_start),%r1

	stw		%r1,-52(%sp)		// arg4

	stw		%r0,-56(%sp)		// arg5

	stw		%r10,-60(%sp)		// arg6 = ptr to text

	stw		%r11,-64(%sp)		// arg7 = len

	stw		%r0,-68(%sp)		// arg8

	load32		PA(.iodc_panic_ret), %rp

	ldw		MEM_CONS+40(%r0),%r1	// ENTRY_IODC

	bv,n		(%r1)

.iodc_panic_ret:

	b .				/* wait endless with ... */

	or		%r10,%r10,%r10	/* qemu idle sleep */

msg1:	.ascii "Can't boot kernel which was built for PA8x00 CPUs on this machine.\r\n"

msg1_end:



$cpu_ok:

#endif



	.level	PA_ASM_LEVEL



	/* Initialize startup VM. Just map first 16/32 MB of memory */

	load32		PA(swapper_pg_dir),%r4

	mtctl		%r4,%cr24	/* Initialize kernel root pointer */

arch/s390/include/asm/hugetlb.h

+4 −2
Original line number Diff line number Diff line
@@ -29,9 +29,11 @@ pte_t huge_ptep_get_and_clear(struct mm_struct *mm, 
static inline int prepare_hugepage_range(struct file *file,

			unsigned long addr, unsigned long len)

{

	if (len & ~HPAGE_MASK)

	struct hstate *h = hstate_file(file);



	if (len & ~huge_page_mask(h))

		return -EINVAL;

	if (addr & ~HPAGE_MASK)

	if (addr & ~huge_page_mask(h))

		return -EINVAL;

	return 0;

}