Commit dc261c32 authored Nov 28, 2022 by Greg Kroah-Hartman

Merge 4.19.267 into android-4.19-stable



Changes in 4.19.267
	phy: stm32: fix an error code in probe
	wifi: cfg80211: fix memory leak in query_regdb_file()
	HID: hyperv: fix possible memory leak in mousevsc_probe()
	net: gso: fix panic on frag_list with mixed head alloc types
	net: tun: Fix memory leaks of napi_get_frags
	bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
	net: fman: Unregister ethernet device on removal
	capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
	net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event()
	hamradio: fix issue of dev reference count leakage in bpq_device_event()
	drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register()
	ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
	tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
	dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
	drivers: net: xgene: disable napi when register irq failed in xgene_enet_open()
	net: nixge: disable napi when enable interrupts failed in nixge_open()
	net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
	ethernet: s2io: disable napi when start nic failed in s2io_card_up()
	net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open()
	net: macvlan: fix memory leaks of macvlan_common_newlink
	riscv: process: fix kernel info leakage
	arm64: efi: Fix handling of misaligned runtime regions and drop warning
	ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
	ALSA: hda: fix potential memleak in 'add_widget_node'
	ALSA: usb-audio: Add quirk entry for M-Audio Micro
	ALSA: usb-audio: Add DSD support for Accuphase DAC-60
	vmlinux.lds.h: Fix placement of '.data..decrypted' section
	nilfs2: fix deadlock in nilfs_count_free_blocks()
	nilfs2: fix use-after-free bug of ns_writer on remount
	drm/i915/dmabuf: fix sg_table handling in map_dma_buf
	platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
	btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
	udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
	cert host tools: Stop complaining about deprecated OpenSSL functions
	dmaengine: at_hdmac: Fix at_lli struct definition
	dmaengine: at_hdmac: Don't start transactions at tx_submit level
	dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
	dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
	dmaengine: at_hdmac: Fix impossible condition
	dmaengine: at_hdmac: Check return code of dma_async_device_register
	net: tun: call napi_schedule_prep() to ensure we own a napi
	x86/cpu: Restore AMD's DE_CFG MSR after resume
	ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe"
	ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe"
	ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe"
	spi: intel: Fix the offset to get the 64K erase opcode
	selftests/futex: fix build for clang
	selftests/intel_pstate: fix build for ARCH=x86_64
	NFSv4: Retry LOCK on OLD_STATEID during delegation return
	drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
	btrfs: remove pointless and double ulist frees in error paths of qgroup tests
	Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
	ASoC: core: Fix use-after-free in snd_soc_exit()
	serial: 8250_omap: remove wait loop from Errata i202 workaround
	serial: 8250: omap: Flush PM QOS work on remove
	serial: imx: Add missing .thaw_noirq hook
	tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
	ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
	block: sed-opal: kmalloc the cmd/resp buffers
	siox: fix possible memory leak in siox_device_add()
	parport_pc: Avoid FIFO port location truncation
	pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
	ata: libata-transport: fix double ata_host_put() in ata_tport_add()
	net: bgmac: Drop free_netdev() from bgmac_enet_remove()
	mISDN: fix possible memory leak in mISDN_dsp_element_register()
	mISDN: fix misuse of put_device() in mISDN_register_device()
	net: caif: fix double disconnect client in chnl_net_open()
	bnxt_en: Remove debugfs when pci_register_driver failed
	xen/pcpu: fix possible memory leak in register_pcpu()
	drbd: use after free in drbd_create_device()
	net/x25: Fix skb leak in x25_lapb_receive_frame()
	cifs: Fix wrong return value checking when GETFLAGS
	net: thunderbolt: Fix error handling in tbnet_init()
	ftrace: Fix the possible incorrect kernel message
	ftrace: Optimize the allocation for mcount entries
	ftrace: Fix null pointer dereference in ftrace_add_mod()
	ring_buffer: Do not deactivate non-existant pages
	ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
	slimbus: stream: correct presence rate frequencies
	speakup: fix a segfault caused by switching consoles
	USB: serial: option: add Sierra Wireless EM9191
	USB: serial: option: remove old LARA-R6 PID
	USB: serial: option: add u-blox LARA-R6 00B modem
	USB: serial: option: add u-blox LARA-L6 modem
	USB: serial: option: add Fibocom FM160 0x0111 composition
	usb: add NO_LPM quirk for Realforce 87U Keyboard
	usb: chipidea: fix deadlock in ci_otg_del_timer
	iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
	iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
	iio: pressure: ms5611: changed hardcoded SPI speed to value limited
	dm ioctl: fix misbehavior if list_versions races with module loading
	serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
	serial: 8250_lpss: Configure DMA also w/o DMA filter
	mmc: core: properly select voltage range without power cycle
	mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
	docs: update mediator contact information in CoC doc
	misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
	scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
	Input: i8042 - fix leaking of platform device on module removal
	serial: 8250: Flush DMA Rx on RLSI
	macvlan: enforce a consistent minimal mtu
	tcp: cdg: allow tcp_cdg_release() to be called multiple times
	kcm: avoid potential race in kcm_tx_work
	bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
	kcm: close race conditions on sk_receive_queue
	9p: trans_fd/p9_conn_cancel: drop client lock earlier
	gfs2: Check sb_bsize_shift after reading superblock
	gfs2: Switch from strlcpy to strscpy
	9p/trans_fd: always use O_NONBLOCK read/write
	mm: fs: initialize fsdata passed to write_begin/write_end interface
	ntfs: fix use-after-free in ntfs_attr_find()
	ntfs: fix out-of-bounds read in ntfs_attr_find()
	ntfs: check overflow when iterating ATTR_RECORDs
	Linux 4.19.267

Change-Id: Id7e07ae5c1681de4cd1b0499cf1bfd257ca2261b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

parents 3925fe0d c1ccef20

Documentation/process/code-of-conduct-interpretation.rst

+1 −1

Original line number	Diff line number	Diff line
		@@ -51,7 +51,7 @@ the Technical Advisory Board (TAB) or other maintainers if you're
		uncertain how to handle situations that come up. It will not be
		considered a violation report unless you want it to be. If you are
		uncertain about approaching the TAB or any other maintainers, please
		reach out to our conflict mediator, Joanna Lee <joanna.lee@gesmer.com>.
		reach out to our conflict mediator, Joanna Lee <jlee@linuxfoundation.org>.

		In the end, "be kind to each other" is really what the end goal is for
		everybody. We know everyone is human and we all fail at times, but the

Makefile

+1 −1

Original line number	Diff line number	Diff line
		# SPDX-License-Identifier: GPL-2.0
		VERSION = 4
		PATCHLEVEL = 19
		SUBLEVEL = 266
		SUBLEVEL = 267
		EXTRAVERSION =
		NAME = "People's Front"

arch/arm64/kernel/efi.c

+34 −18

Original line number	Diff line number	Diff line
		@@ -16,6 +16,14 @@

		#include <asm/efi.h>

		static bool region_is_misaligned(const efi_memory_desc_t *md)
		{
		if (PAGE_SIZE == EFI_PAGE_SIZE)
		return false;
		return !PAGE_ALIGNED(md->phys_addr) \|\|
		!PAGE_ALIGNED(md->num_pages << EFI_PAGE_SHIFT);
		}

		/*
		* Only regions of type EFI_RUNTIME_SERVICES_CODE need to be
		* executable, everything else can be mapped with the XN bits
		@@ -29,14 +37,22 @@ static __init pteval_t create_mapping_protection(efi_memory_desc_t *md)
		if (type == EFI_MEMORY_MAPPED_IO)
		return PROT_DEVICE_nGnRE;

		if (WARN_ONCE(!PAGE_ALIGNED(md->phys_addr),
		"UEFI Runtime regions are not aligned to 64 KB -- buggy firmware?"))
		if (region_is_misaligned(md)) {
		static bool __initdata code_is_misaligned;

		/*
		* If the region is not aligned to the page size of the OS, we
		* can not use strict permissions, since that would also affect
		* the mapping attributes of the adjacent regions.
		* Regions that are not aligned to the OS page size cannot be
		* mapped with strict permissions, as those might interfere
		* with the permissions that are needed by the adjacent
		* region's mapping. However, if we haven't encountered any
		* misaligned runtime code regions so far, we can safely use
		* non-executable permissions for non-code regions.
		*/
		return pgprot_val(PAGE_KERNEL_EXEC);
		code_is_misaligned \|= (type == EFI_RUNTIME_SERVICES_CODE);

		return code_is_misaligned ? pgprot_val(PAGE_KERNEL_EXEC)
		: pgprot_val(PAGE_KERNEL);
		}

		/* R-- */
		if ((attr & (EFI_MEMORY_XP \| EFI_MEMORY_RO)) ==
		@@ -66,19 +82,16 @@ int __init efi_create_mapping(struct mm_struct mm, efi_memory_desc_t md)
		bool page_mappings_only = (md->type == EFI_RUNTIME_SERVICES_CODE \|\|
		md->type == EFI_RUNTIME_SERVICES_DATA);

		if (!PAGE_ALIGNED(md->phys_addr) \|\|
		!PAGE_ALIGNED(md->num_pages << EFI_PAGE_SHIFT)) {
		/*
		* If the end address of this region is not aligned to page
		* size, the mapping is rounded up, and may end up sharing a
		* page frame with the next UEFI memory region. If we create
		* a block entry now, we may need to split it again when mapping
		* the next region, and support for that is going to be removed
		* from the MMU routines. So avoid block mappings altogether in
		* that case.
		* If this region is not aligned to the page size used by the OS, the
		* mapping will be rounded outwards, and may end up sharing a page
		* frame with an adjacent runtime memory region. Given that the page
		* table descriptor covering the shared page will be rewritten when the
		* adjacent region gets mapped, we must avoid block mappings here so we
		* don't have to worry about splitting them when that happens.
		*/
		if (region_is_misaligned(md))
		page_mappings_only = true;
		}

		create_pgd_mapping(mm, md->phys_addr, md->virt_addr,
		md->num_pages << EFI_PAGE_SHIFT,
		@@ -106,6 +119,9 @@ int __init efi_set_mapping_permissions(struct mm_struct *mm,
		BUG_ON(md->type != EFI_RUNTIME_SERVICES_CODE &&
		md->type != EFI_RUNTIME_SERVICES_DATA);

		if (region_is_misaligned(md))
		return 0;

		/*
		* Calling apply_to_page_range() is only safe on regions that are
		* guaranteed to be mapped down to pages. Since we are only called

arch/riscv/kernel/process.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -104,6 +104,8 @@ int copy_thread(unsigned long clone_flags, unsigned long usp,
		{
		struct pt_regs *childregs = task_pt_regs(p);

		memset(&p->thread.s, 0, sizeof(p->thread.s));

		/* p->thread holds context to be restored by __switch_to() */
		if (unlikely(p->flags & PF_KTHREAD)) {
		/* Kernel thread */

arch/x86/include/asm/msr-index.h

+5 −3

Original line number	Diff line number	Diff line
		@@ -399,6 +399,11 @@
		#define MSR_AMD64_OSVW_STATUS 0xc0010141
		#define MSR_AMD64_LS_CFG 0xc0011020
		#define MSR_AMD64_DC_CFG 0xc0011022

		#define MSR_AMD64_DE_CFG 0xc0011029
		#define MSR_AMD64_DE_CFG_LFENCE_SERIALIZE_BIT 1
		#define MSR_AMD64_DE_CFG_LFENCE_SERIALIZE BIT_ULL(MSR_AMD64_DE_CFG_LFENCE_SERIALIZE_BIT)

		#define MSR_AMD64_BU_CFG2 0xc001102a
		#define MSR_AMD64_IBSFETCHCTL 0xc0011030
		#define MSR_AMD64_IBSFETCHLINAD 0xc0011031
		@@ -467,9 +472,6 @@
		#define FAM10H_MMIO_CONF_BASE_MASK 0xfffffffULL
		#define FAM10H_MMIO_CONF_BASE_SHIFT 20
		#define MSR_FAM10H_NODE_ID 0xc001100c
		#define MSR_F10H_DECFG 0xc0011029
		#define MSR_F10H_DECFG_LFENCE_SERIALIZE_BIT 1
		#define MSR_F10H_DECFG_LFENCE_SERIALIZE BIT_ULL(MSR_F10H_DECFG_LFENCE_SERIALIZE_BIT)

		/* K8 MSRs */
		#define MSR_K8_TOP_MEM1 0xc001001a