Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bedd8821 authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman
Browse files

Merge 4.19.123 into android-4.19 



Changes in 4.19.123
	USB: serial: qcserial: Add DW5816e support
	tracing/kprobes: Fix a double initialization typo
	vt: fix unicode console freeing with a common interface
	dp83640: reverse arguments to list_add_tail
	fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
	net: macsec: preserve ingress frame ordering
	net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
	net_sched: sch_skbprio: add message validation to skbprio_change()
	net: usb: qmi_wwan: add support for DW5816e
	sch_choke: avoid potential panic in choke_reset()
	sch_sfq: validate silly quantum values
	tipc: fix partial topology connection closure
	bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features().
	net/mlx5: Fix forced completion access non initialized command entry
	net/mlx5: Fix command entry leak in Internal Error State
	bnxt_en: Improve AER slot reset.
	bnxt_en: Fix VF anti-spoof filter setup.
	net: stricter validation of untrusted gso packets
	HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices
	sctp: Fix bundling of SHUTDOWN with COOKIE-ACK
	HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
	USB: uas: add quirk for LaCie 2Big Quadra
	USB: serial: garmin_gps: add sanity checking for data length
	tracing: Add a vmalloc_sync_mappings() for safe measure
	KVM: arm: vgic: Fix limit condition when writing to GICD_I[CS]ACTIVER
	KVM: arm64: Fix 32bit PC wrap-around
	arm64: hugetlb: avoid potential NULL dereference
	mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous()
	staging: gasket: Check the return value of gasket_get_bar_index()
	coredump: fix crash when umh is disabled
	KVM: VMX: Explicitly reference RCX as the vmx_vcpu pointer in asm blobs
	KVM: VMX: Mark RCX, RDX and RSI as clobbered in vmx_vcpu_run()'s asm blob
	batman-adv: fix batadv_nc_random_weight_tq
	batman-adv: Fix refcnt leak in batadv_show_throughput_override
	batman-adv: Fix refcnt leak in batadv_store_throughput_override
	batman-adv: Fix refcnt leak in batadv_v_ogm_process
	x86/entry/64: Fix unwind hints in register clearing code
	x86/entry/64: Fix unwind hints in kernel exit path
	x86/entry/64: Fix unwind hints in rewind_stack_do_exit()
	x86/unwind/orc: Don't skip the first frame for inactive tasks
	x86/unwind/orc: Prevent unwinding before ORC initialization
	x86/unwind/orc: Fix error path for bad ORC entry type
	x86/unwind/orc: Fix premature unwind stoppage due to IRET frames
	netfilter: nat: never update the UDP checksum when it's 0
	netfilter: nf_osf: avoid passing pointer to local var
	objtool: Fix stack offset tracking for indirect CFAs
	scripts/decodecode: fix trapping instruction formatting
	ipc/mqueue.c: change __do_notify() to bypass check_kill_permission()
	Linux 4.19.123

Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib87d493c94816aa0a0754530669a8bd688964987
parents a9c813f8 258f0cf7

Makefile

+1 −1
Original line number Diff line number Diff line 
# SPDX-License-Identifier: GPL-2.0

VERSION = 4

PATCHLEVEL = 19

SUBLEVEL = 122

SUBLEVEL = 123

EXTRAVERSION =

NAME = "People's Front"

arch/arm64/kvm/guest.c

+7 −0
Original line number Diff line number Diff line
@@ -179,6 +179,13 @@ static int set_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg) 
	}



	memcpy((u32 *)regs + off, valp, KVM_REG_SIZE(reg->id));



	if (*vcpu_cpsr(vcpu) & PSR_MODE32_BIT) {

		int i;



		for (i = 0; i < 16; i++)

			*vcpu_reg32(vcpu, i) = (u32)*vcpu_reg32(vcpu, i);

	}

out:

	return err;

}

arch/arm64/mm/hugetlbpage.c

+2 −0
Original line number Diff line number Diff line
@@ -218,6 +218,8 @@ pte_t *huge_pte_alloc(struct mm_struct *mm, 
		ptep = (pte_t *)pudp;

	} else if (sz == (PAGE_SIZE * CONT_PTES)) {

		pmdp = pmd_alloc(mm, pudp, addr);

		if (!pmdp)

			return NULL;



		WARN_ON(addr & (sz - 1));

		/*

arch/x86/entry/calling.h

+21 −19
Original line number Diff line number Diff line
@@ -98,13 +98,6 @@ For 32-bit we have the following conventions - kernel is built with 
#define SIZEOF_PTREGS	21*8



.macro PUSH_AND_CLEAR_REGS rdx=%rdx rax=%rax save_ret=0

	/*

	 * Push registers and sanitize registers of values that a

	 * speculation attack might otherwise want to exploit. The

	 * lower registers are likely clobbered well before they

	 * could be put to use in a speculative execution gadget.

	 * Interleave XOR with PUSH for better uop scheduling:

	 */

	.if \save_ret

	pushq	%rsi		/* pt_regs->si */

	movq	8(%rsp), %rsi	/* temporarily store the return address in %rsi */
@@ -114,34 +107,43 @@ For 32-bit we have the following conventions - kernel is built with 
	pushq   %rsi		/* pt_regs->si */

	.endif

	pushq	\rdx		/* pt_regs->dx */

	xorl	%edx, %edx	/* nospec   dx */

	pushq   %rcx		/* pt_regs->cx */

	xorl	%ecx, %ecx	/* nospec   cx */

	pushq   \rax		/* pt_regs->ax */

	pushq   %r8		/* pt_regs->r8 */

	xorl	%r8d, %r8d	/* nospec   r8 */

	pushq   %r9		/* pt_regs->r9 */

	xorl	%r9d, %r9d	/* nospec   r9 */

	pushq   %r10		/* pt_regs->r10 */

	xorl	%r10d, %r10d	/* nospec   r10 */

	pushq   %r11		/* pt_regs->r11 */

	xorl	%r11d, %r11d	/* nospec   r11*/

	pushq	%rbx		/* pt_regs->rbx */

	xorl    %ebx, %ebx	/* nospec   rbx*/

	pushq	%rbp		/* pt_regs->rbp */

	xorl    %ebp, %ebp	/* nospec   rbp*/

	pushq	%r12		/* pt_regs->r12 */

	xorl	%r12d, %r12d	/* nospec   r12*/

	pushq	%r13		/* pt_regs->r13 */

	xorl	%r13d, %r13d	/* nospec   r13*/

	pushq	%r14		/* pt_regs->r14 */

	xorl	%r14d, %r14d	/* nospec   r14*/

	pushq	%r15		/* pt_regs->r15 */

	xorl	%r15d, %r15d	/* nospec   r15*/

	UNWIND_HINT_REGS



	.if \save_ret

	pushq	%rsi		/* return address on top of stack */

	.endif



	/*

	 * Sanitize registers of values that a speculation attack might

	 * otherwise want to exploit. The lower registers are likely clobbered

	 * well before they could be put to use in a speculative execution

	 * gadget.

	 */

	xorl	%edx,  %edx	/* nospec dx  */

	xorl	%ecx,  %ecx	/* nospec cx  */

	xorl	%r8d,  %r8d	/* nospec r8  */

	xorl	%r9d,  %r9d	/* nospec r9  */

	xorl	%r10d, %r10d	/* nospec r10 */

	xorl	%r11d, %r11d	/* nospec r11 */

	xorl	%ebx,  %ebx	/* nospec rbx */

	xorl	%ebp,  %ebp	/* nospec rbp */

	xorl	%r12d, %r12d	/* nospec r12 */

	xorl	%r13d, %r13d	/* nospec r13 */

	xorl	%r14d, %r14d	/* nospec r14 */

	xorl	%r15d, %r15d	/* nospec r15 */



.endm



.macro POP_REGS pop_rdi=1 skip_r11rcx=0

arch/x86/entry/entry_64.S

+5 −4
Original line number Diff line number Diff line
@@ -312,7 +312,6 @@ GLOBAL(entry_SYSCALL_64_after_hwframe) 
	 */

syscall_return_via_sysret:

	/* rcx and r11 are already restored (see code above) */

	UNWIND_HINT_EMPTY

	POP_REGS pop_rdi=0 skip_r11rcx=1



	/*
@@ -321,6 +320,7 @@ syscall_return_via_sysret: 
	 */

	movq	%rsp, %rdi

	movq	PER_CPU_VAR(cpu_tss_rw + TSS_sp0), %rsp

	UNWIND_HINT_EMPTY



	pushq	RSP-RDI(%rdi)	/* RSP */

	pushq	(%rdi)		/* RDI */
@@ -575,7 +575,7 @@ END(spurious_entries_start) 
 * +----------------------------------------------------+

 */

ENTRY(interrupt_entry)

	UNWIND_HINT_FUNC

	UNWIND_HINT_IRET_REGS offset=16

	ASM_CLAC

	cld
@@ -607,9 +607,9 @@ ENTRY(interrupt_entry) 
	pushq	5*8(%rdi)		/* regs->eflags */

	pushq	4*8(%rdi)		/* regs->cs */

	pushq	3*8(%rdi)		/* regs->ip */

	UNWIND_HINT_IRET_REGS

	pushq	2*8(%rdi)		/* regs->orig_ax */

	pushq	8(%rdi)			/* return address */

	UNWIND_HINT_FUNC



	movq	(%rdi), %rdi

	jmp	2f
@@ -700,6 +700,7 @@ GLOBAL(swapgs_restore_regs_and_return_to_usermode) 
	 */

	movq	%rsp, %rdi

	movq	PER_CPU_VAR(cpu_tss_rw + TSS_sp0), %rsp

	UNWIND_HINT_EMPTY



	/* Copy the IRET frame to the trampoline stack. */

	pushq	6*8(%rdi)	/* SS */
@@ -1744,7 +1745,7 @@ ENTRY(rewind_stack_do_exit) 


	movq	PER_CPU_VAR(cpu_current_top_of_stack), %rax

	leaq	-PTREGS_SIZE(%rax), %rsp

	UNWIND_HINT_FUNC sp_offset=PTREGS_SIZE

	UNWIND_HINT_REGS



	call	do_exit

END(rewind_stack_do_exit)