Commit 635c56d2 authored Dec 06, 2018 by Greg Kroah-Hartman

Merge 4.19.6 into android-4.19



Changes in 4.19.6
	HID: steam: remove input device when a hid client is running.
	efi/libstub: arm: support building with clang
	usb: core: Fix hub port connection events lost
	usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers
	usb: dwc3: gadget: Properly check last unaligned/zero chain TRB
	usb: dwc3: core: Clean up ULPI device
	usb: dwc3: Fix NULL pointer exception in dwc3_pci_remove()
	xhci: Fix leaking USB3 shared_hcd at xhci removal
	xhci: handle port status events for removed USB3 hcd
	xhci: Add check for invalid byte size error when UAS devices are connected.
	usb: xhci: fix uninitialized completion when USB3 port got wrong status
	usb: xhci: fix timeout for transition from RExit to U0
	xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc
	usb: xhci: Prevent bus suspend if a port connect change or polling state is detected
	ALSA: oss: Use kvzalloc() for local buffer allocations
	MAINTAINERS: Add Sasha as a stable branch maintainer
	Documentation/security-bugs: Clarify treatment of embargoed information
	Documentation/security-bugs: Postpone fix publication in exceptional cases
	mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL
	mmc: sdhci-pci: Workaround GLK firmware failing to restore the tuning value
	gpio: don't free unallocated ida on gpiochip_add_data_with_key() error path
	iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE
	iwlwifi: mvm: support sta_statistics() even on older firmware
	iwlwifi: mvm: fix regulatory domain update when the firmware starts
	iwlwifi: mvm: don't use SAR Geo if basic SAR is not used
	brcmfmac: fix reporting support for 160 MHz channels
	opp: ti-opp-supply: Dynamically update u_volt_min
	opp: ti-opp-supply: Correct the supply in _get_optimal_vdd_voltage call
	tools/power/cpupower: fix compilation with STATIC=true
	v9fs_dir_readdir: fix double-free on p9stat_read error
	selinux: Add __GFP_NOWARN to allocation at str_read()
	Input: synaptics - avoid using uninitialized variable when probing
	bfs: add sanity check at bfs_fill_super()
	sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer
	gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd
	llc: do not use sk_eat_skb()
	mm: don't warn about large allocations for slab
	mm/memory.c: recheck page table entry with page table lock held
	tcp: do not release socket ownership in tcp_close()
	drm/fb-helper: Blacklist writeback when adding connectors to fbdev
	drm/amdgpu: Add missing firmware entry for HAINAN
	drm/vc4: Set ->legacy_cursor_update to false when doing non-async updates
	drm/amdgpu: Fix oops when pp_funcs->switch_power_profile is unset
	drm/i915: Disable LP3 watermarks on all SNB machines
	drm/ast: change resolution may cause screen blurred
	drm/ast: fixed cursor may disappear sometimes
	drm/ast: Remove existing framebuffers before loading driver
	can: flexcan: Unlock the MB unconditionally
	can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb()
	can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length
	can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb is accessed out of bounds
	can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb
	can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions
	can: rx-offload: rename can_rx_offload_irq_queue_err_skb() to can_rx_offload_queue_tail()
	can: flexcan: use can_rx_offload_queue_sorted() for flexcan_irq_bus_*()
	can: flexcan: handle tx-complete CAN frames via rx-offload infrastructure
	can: raw: check for CAN FD capable netdev in raw_sendmsg()
	can: hi311x: Use level-triggered interrupt
	can: flexcan: Always use last mailbox for TX
	can: flexcan: remove not needed struct flexcan_priv::tx_mb and struct flexcan_priv::tx_mb_idx
	ACPICA: AML interpreter: add region addresses in global list during initialization
	IB/hfi1: Eliminate races in the SDMA send error path
	fsnotify: generalize handling of extra event flags
	fanotify: fix handling of events on child sub-directory
	pinctrl: meson: fix pinconf bias disable
	pinctrl: meson: fix gxbb ao pull register bits
	pinctrl: meson: fix gxl ao pull register bits
	pinctrl: meson: fix meson8 ao pull register bits
	pinctrl: meson: fix meson8b ao pull register bits
	tools/testing/nvdimm: Fix the array size for dimm devices.
	scsi: lpfc: fix remoteport access
	scsi: hisi_sas: Remove set but not used variable 'dq_list'
	KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE
	cpufreq: imx6q: add return value check for voltage scale
	rtc: cmos: Do not export alarm rtc_ops when we do not support alarms
	rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write
	crypto: simd - correctly take reqsize of wrapped skcipher into account
	floppy: fix race condition in __floppy_read_block_0()
	powerpc/io: Fix the IO workarounds code to work with Radix
	sched/fair: Fix cpu_util_wake() for 'execl' type workloads
	perf/x86/intel/uncore: Add more IMC PCI IDs for KabyLake and CoffeeLake CPUs
	block: copy ioprio in __bio_clone_fast() and bounce
	SUNRPC: Fix a bogus get/put in generic_key_to_expire()
	riscv: add missing vdso_install target
	RISC-V: Silence some module warnings on 32-bit
	drm/amdgpu: fix bug with IH ring setup
	kdb: Use strscpy with destination buffer size
	NFSv4: Fix an Oops during delegation callbacks
	powerpc/numa: Suppress "VPHN is not supported" messages
	efi/arm: Revert deferred unmap of early memmap mapping
	z3fold: fix possible reclaim races
	mm, memory_hotplug: check zone_movable in has_unmovable_pages
	tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset
	mm, page_alloc: check for max order in hot path
	dax: Avoid losing wakeup in dax_lock_mapping_entry
	include/linux/pfn_t.h: force '~' to be parsed as an unary operator
	tty: wipe buffer.
	tty: wipe buffer if not echoing data
	gfs2: Fix iomap buffer head reference counting bug
	rcu: Make need_resched() respond to urgent RCU-QS needs
	media: ov5640: Re-work MIPI startup sequence
	media: ov5640: Fix timings setup code
	media: ov5640: fix exposure regression
	media: ov5640: fix auto gain & exposure when changing mode
	media: ov5640: fix wrong binning value in exposure calculation
	media: ov5640: fix auto controls values when switching to manual mode
	Linux 4.19.6

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

parents 0e79bf49 96db9080

Documentation/admin-guide/security-bugs.rst

+30 −18

Original line number	Diff line number	Diff line
		@@ -26,23 +26,35 @@ information is helpful. Any exploit code is very helpful and will not
		be released without consent from the reporter unless it has already been
		made public.

		Disclosure
		----------

		The goal of the Linux kernel security team is to work with the bug
		submitter to understand and fix the bug. We prefer to publish the fix as
		soon as possible, but try to avoid public discussion of the bug itself
		and leave that to others.

		Publishing the fix may be delayed when the bug or the fix is not yet
		fully understood, the solution is not well-tested or for vendor
		coordination. However, we expect these delays to be short, measurable in
		days, not weeks or months. A release date is negotiated by the security
		team working with the bug submitter as well as vendors. However, the
		kernel security team holds the final say when setting a timeframe. The
		timeframe varies from immediate (esp. if it's already publicly known bug)
		to a few weeks. As a basic default policy, we expect report date to
		release date to be on the order of 7 days.
		Disclosure and embargoed information
		------------------------------------

		The security list is not a disclosure channel. For that, see Coordination
		below.

		Once a robust fix has been developed, the release process starts. Fixes
		for publicly known bugs are released immediately.

		Although our preference is to release fixes for publicly undisclosed bugs
		as soon as they become available, this may be postponed at the request of
		the reporter or an affected party for up to 7 calendar days from the start
		of the release process, with an exceptional extension to 14 calendar days
		if it is agreed that the criticality of the bug requires more time. The
		only valid reason for deferring the publication of a fix is to accommodate
		the logistics of QA and large scale rollouts which require release
		coordination.

		Whilst embargoed information may be shared with trusted individuals in
		order to develop a fix, such information will not be published alongside
		the fix or on any other disclosure channel without the permission of the
		reporter. This includes but is not limited to the original bug report
		and followup discussions (if any), exploits, CVE information or the
		identity of the reporter.

		In other words our only interest is in getting bugs fixed. All other
		information submitted to the security list and any followup discussions
		of the report are treated confidentially even after the embargo has been
		lifted, in perpetuity.

		Coordination
		------------
		@@ -68,7 +80,7 @@ may delay the bug handling. If a reporter wishes to have a CVE identifier
		assigned ahead of public disclosure, they will need to contact the private
		linux-distros list, described above. When such a CVE identifier is known
		before a patch is provided, it is desirable to mention it in the commit
		message, though.
		message if the reporter agrees.

		Non-disclosure agreements
		-------------------------

Documentation/devicetree/bindings/net/can/holt_hi311x.txt

+1 −1

Original line number	Diff line number	Diff line
		@@ -17,7 +17,7 @@ Example:
		reg = <1>;
		clocks = <&clk32m>;
		interrupt-parent = <&gpio4>;
		interrupts = <13 IRQ_TYPE_EDGE_RISING>;
		interrupts = <13 IRQ_TYPE_LEVEL_HIGH>;
		vdd-supply = <&reg5v0>;
		xceiver-supply = <&reg5v0>;
		};

MAINTAINERS

+1 −0

Original line number	Diff line number	Diff line
		@@ -13769,6 +13769,7 @@ F: drivers/i2c/busses/i2c-stm32*

		STABLE BRANCH
		M: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
		M: Sasha Levin <sashal@kernel.org>
		L: stable@vger.kernel.org
		S: Supported
		F: Documentation/process/stable-kernel-rules.rst

Makefile

+1 −1

Original line number	Diff line number	Diff line
		# SPDX-License-Identifier: GPL-2.0
		VERSION = 4
		PATCHLEVEL = 19
		SUBLEVEL = 5
		SUBLEVEL = 6
		EXTRAVERSION =
		NAME = "People's Front"

arch/powerpc/include/asm/io.h

+7 −13

Original line number	Diff line number	Diff line
		@@ -285,19 +285,13 @@ extern void _memcpy_toio(volatile void __iomem dest, const void src,
		* their hooks, a bitfield is reserved for use by the platform near the
		* top of MMIO addresses (not PIO, those have to cope the hard way).
		*
		* This bit field is 12 bits and is at the top of the IO virtual
		* addresses PCI_IO_INDIRECT_TOKEN_MASK.
		* The highest address in the kernel virtual space are:
		*
		* The kernel virtual space is thus:
		* d0003fffffffffff # with Hash MMU
		* c00fffffffffffff # with Radix MMU
		*
		* 0xD000000000000000 : vmalloc
		* 0xD000080000000000 : PCI PHB IO space
		* 0xD000080080000000 : ioremap
		* 0xD0000fffffffffff : end of ioremap region
		*
		* Since the top 4 bits are reserved as the region ID, we use thus
		* the next 12 bits and keep 4 bits available for the future if the
		* virtual address space is ever to be extended.
		* The top 4 bits are reserved as the region ID on hash, leaving us 8 bits
		* that can be used for the field.
		*
		* The direct IO mapping operations will then mask off those bits
		* before doing the actual access, though that only happen when
		@@ -309,8 +303,8 @@ extern void _memcpy_toio(volatile void __iomem dest, const void src,
		*/

		#ifdef CONFIG_PPC_INDIRECT_MMIO
		#define PCI_IO_IND_TOKEN_MASK 0x0fff000000000000ul
		#define PCI_IO_IND_TOKEN_SHIFT 48
		#define PCI_IO_IND_TOKEN_SHIFT 52
		#define PCI_IO_IND_TOKEN_MASK (0xfful << PCI_IO_IND_TOKEN_SHIFT)
		#define PCI_FIX_ADDR(addr) \
		((PCI_IO_ADDR)(((unsigned long)(addr)) & ~PCI_IO_IND_TOKEN_MASK))
		#define PCI_GET_ADDR_TOKEN(addr) \