Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 246cff7d authored by Ivaylo Georgiev's avatar Ivaylo Georgiev
Browse files

Merge android-4.19.40 (6a19cf97) into msm-4.19 



* refs/heads/tmp-6a19cf97:
  Linux 4.19.40
  ath10k: Drop WARN_ON()s that always trigger during system resume
  ALSA: line6: use dynamic buffers
  KVM: nVMX: Fix size checks in vmx_set_nested_state
  KVM: x86: Whitelist port 0x7e for pre-incrementing %rip
  net/tls: fix copy to fragments in reencrypt
  net/tls: don't copy negative amounts of data in reencrypt
  bnxt_en: Fix uninitialized variable usage in bnxt_rx_pkt().
  bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one()
  bnxt_en: Improve multicast address setup logic.
  packet: validate msg_namelen in send directly
  selftests: fib_rule_tests: print the result and return 1 if any tests failed
  sctp: avoid running the sctp state machine recursively
  rxrpc: Fix net namespace cleanup
  net/tls: avoid NULL pointer deref on nskb->sk in fallback
  net: phy: marvell: Fix buffer overrun with stats counters
  net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc
  l2tp: use rcu_dereference_sk_user_data() in l2tp_udp_encap_recv()
  l2ip: fix possible use-after-free
  ipv6: invert flowlabel sharing check in process and user mode
  ipv6/flowlabel: wait rcu grace period before put_pid()
  ipv6: fix races in ip6_dst_destroy()
  ipv6: A few fixes on dereferencing rt->from
  ipv4: ip_do_fragment: Preserve skb_iif during fragmentation

Change-Id: Ie5f0d92abc23f7367a1d8582e43ab62d9f7ceeb4
Signed-off-by: default avatarIvaylo Georgiev <irgeorgiev@codeaurora.org>
parents 42a4a46f 6a19cf97

Makefile

+1 −1
Original line number Diff line number Diff line 
# SPDX-License-Identifier: GPL-2.0

VERSION = 4

PATCHLEVEL = 19

SUBLEVEL = 39

SUBLEVEL = 40

EXTRAVERSION =

NAME = "People's Front"

arch/x86/include/uapi/asm/kvm.h

+1 −0
Original line number Diff line number Diff line
@@ -378,6 +378,7 @@ struct kvm_sync_regs { 
#define KVM_X86_QUIRK_LINT0_REENABLED	(1 << 0)

#define KVM_X86_QUIRK_CD_NW_CLEARED	(1 << 1)

#define KVM_X86_QUIRK_LAPIC_MMIO_HOLE	(1 << 2)

#define KVM_X86_QUIRK_OUT_7E_INC_RIP	(1 << 3)



#define KVM_STATE_NESTED_GUEST_MODE	0x00000001

#define KVM_STATE_NESTED_RUN_PENDING	0x00000002

arch/x86/kvm/vmx.c

+2 −2
Original line number Diff line number Diff line
@@ -14236,7 +14236,7 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu, 
		return ret;



	/* Empty 'VMXON' state is permitted */

	if (kvm_state->size < sizeof(kvm_state) + sizeof(*vmcs12))

	if (kvm_state->size < sizeof(*kvm_state) + sizeof(*vmcs12))

		return 0;



	if (kvm_state->vmx.vmcs_pa == kvm_state->vmx.vmxon_pa ||
@@ -14269,7 +14269,7 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu, 
	if (nested_cpu_has_shadow_vmcs(vmcs12) &&

	    vmcs12->vmcs_link_pointer != -1ull) {

		struct vmcs12 *shadow_vmcs12 = get_shadow_vmcs12(vcpu);

		if (kvm_state->size < sizeof(kvm_state) + 2 * sizeof(*vmcs12))

		if (kvm_state->size < sizeof(*kvm_state) + 2 * sizeof(*vmcs12))

			return -EINVAL;



		if (copy_from_user(shadow_vmcs12,

arch/x86/kvm/x86.c

+19 −2
Original line number Diff line number Diff line
@@ -6328,6 +6328,12 @@ int kvm_emulate_instruction_from_buffer(struct kvm_vcpu *vcpu, 
}

EXPORT_SYMBOL_GPL(kvm_emulate_instruction_from_buffer);



static int complete_fast_pio_out_port_0x7e(struct kvm_vcpu *vcpu)

{

	vcpu->arch.pio.count = 0;

	return 1;

}



static int complete_fast_pio_out(struct kvm_vcpu *vcpu)

{

	vcpu->arch.pio.count = 0;
@@ -6344,12 +6350,23 @@ static int kvm_fast_pio_out(struct kvm_vcpu *vcpu, int size, 
	unsigned long val = kvm_register_read(vcpu, VCPU_REGS_RAX);

	int ret = emulator_pio_out_emulated(&vcpu->arch.emulate_ctxt,

					    size, port, &val, 1);

	if (ret)

		return ret;



	if (!ret) {

	/*

	 * Workaround userspace that relies on old KVM behavior of %rip being

	 * incremented prior to exiting to userspace to handle "OUT 0x7e".

	 */

	if (port == 0x7e &&

	    kvm_check_has_quirk(vcpu->kvm, KVM_X86_QUIRK_OUT_7E_INC_RIP)) {

		vcpu->arch.complete_userspace_io =

			complete_fast_pio_out_port_0x7e;

		kvm_skip_emulated_instruction(vcpu);

	} else {

		vcpu->arch.pio.linear_rip = kvm_get_linear_rip(vcpu);

		vcpu->arch.complete_userspace_io = complete_fast_pio_out;

	}

	return ret;

	return 0;

}



static int complete_fast_pio_in(struct kvm_vcpu *vcpu)

drivers/net/dsa/bcm_sf2_cfp.c

+6 −0
Original line number Diff line number Diff line
@@ -742,6 +742,9 @@ static int bcm_sf2_cfp_rule_set(struct dsa_switch *ds, int port, 
	     fs->m_ext.data[1]))

		return -EINVAL;



	if (fs->location != RX_CLS_LOC_ANY && fs->location >= CFP_NUM_RULES)

		return -EINVAL;



	if (fs->location != RX_CLS_LOC_ANY &&

	    test_bit(fs->location, priv->cfp.used))

		return -EBUSY;
@@ -836,6 +839,9 @@ static int bcm_sf2_cfp_rule_del(struct bcm_sf2_priv *priv, int port, 
	u32 next_loc = 0;

	int ret;



	if (loc >= CFP_NUM_RULES)

		return -EINVAL;



	/* Refuse deleting unused rules, and those that are not unique since

	 * that could leave IPv6 rules with one of the chained rule in the

	 * table.