Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit c177ab98 authored by derfelot's avatar derfelot
Browse files

Merge Linux 4.4.233 kernel 

Changes in 4.4.233: (148 commits)
        xfs: don't call xfs_da_shrink_inode with NULL bp
        net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()
        media: rc: prevent memory leak in cx23888_ir_probe
        ath9k_htc: release allocated buffer if timed out
        ath9k: release allocated buffer if timed out
        nfs: Move call to security_inode_listsecurity into nfs_listxattr
        PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
        drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
        drm: hold gem reference until object is no longer accessed
        f2fs: check memory boundary by insane namelen
        f2fs: check if file namelen exceeds max value
        ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
        fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
        rds: Prevent kernel-infoleak in rds_notify_queue_get()
        net/x25: Fix x25_neigh refcnt leak when x25 disconnect
        net/x25: Fix null-ptr-deref in x25_disconnect
        sh: Fix validation of system call number
        net: lan78xx: add missing endpoint sanity check
        net: lan78xx: fix transfer-buffer memory leak
        mlxsw: core: Increase scope of RCU read-side critical section
        mac80211: mesh: Free ie data when leaving mesh
        nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
        net: ethernet: ravb: exit if re-initialization fails in tx timeout
        Revert "i2c: cadence: Fix the hold bit setting"
        xen-netfront: fix potential deadlock in xennet_remove()
        x86/i8259: Use printk_deferred() to prevent deadlock
        random32: update the net random state on interrupt and activity
        ARM: percpu.h: fix build error
        random: fix circular include dependency on arm64 after addition of percpu.h
        random32: remove net_rand_state from the latent entropy gcc plugin
        random32: move the pseudo-random 32-bit definitions to prandom.h
        ext4: fix direct I/O read error
        USB: serial: qcserial: add EM7305 QDL product ID
        ALSA: seq: oss: Serialize ioctls
        Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
        Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
        Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
        vgacon: Fix for missing check in scrollback handling
        mtd: properly check all write ioctls for permissions
        net/9p: validate fds in p9_fd_open
        drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason
        cfg80211: check vendor command doit pointer before use
        igb: reinit_locked() should be called with rtnl_lock
        atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
        tools lib traceevent: Fix memory leak in process_dynamic_array_len
        binder: Prevent context manager from incrementing ref 0
        ipv4: Silence suspicious RCU usage warning
        ipv6: fix memory leaks on IPV6_ADDRFORM path
        Revert "vxlan: fix tos value before xmit"
        net: lan78xx: replace bogus endpoint lookup
        usb: hso: check for return value in hso_serial_common_create()
        vxlan: Ensure FDB dump is performed under RCU
        Smack: fix use-after-free in smk_write_relabel_self()
        tracepoint: Mark __tracepoint_string's __used
        udp: drop corrupt packets earlier to avoid data corruption
        gpio: fix oops resulting from calling of_get_named_gpio(NULL, ...)
        EDAC: Fix reference count leaks
        m68k: mac: Don't send IOP message until channel is idle
        m68k: mac: Fix IOP status/control register writes
        ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
        ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh()
        drm/tilcdc: fix leak & null ref in panel_connector_get_modes
        Bluetooth: add a mutex lock to avoid UAF in do_enale_set
        fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
        drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
        video: fbdev: neofb: fix memory leak in neo_scan_monitor()
        drm/nouveau: fix multiple instances of reference count leaks
        drm/debugfs: fix plain echo to connector "force" attribute
        mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
        brcmfmac: To fix Bss Info flag definition Bug
        iwlegacy: Check the return value of pcie_capability_read_*()
        usb: gadget: net2280: fix memory leak on probe error handling paths
        bdc: Fix bug causing crash after multiple disconnects
        dyndbg: fix a BUG_ON in ddebug_describe_flags
        bcache: fix super block seq numbers comparision in register_cache_set()
        ACPICA: Do not increment operation_region reference counts for field units
        agp/intel: Fix a memory leak on module initialisation failure
        video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
        console: newport_con: fix an issue about leak related system resources
        iio: improve IIO_CONCENTRATION channel type description
        leds: lm355x: avoid enum conversion warning
        media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities()
        scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
        cxl: Fix kobject memleak
        drm/radeon: fix array out-of-bounds read and write issues
        scsi: powertec: Fix different dev_id between request_irq() and free_irq()
        scsi: eesox: Fix different dev_id between request_irq() and free_irq()
        media: firewire: Using uninitialized values in node_probe()
        media: exynos4-is: Add missed check for pinctrl_lookup_state()
        drm: panel: simple: Fix bpc for LG LB070WV8 panel
        mwifiex: Prevent memory corruption handling keys
        powerpc/vdso: Fix vdso cpu truncation
        PCI/ASPM: Add missing newline in sysfs 'policy'
        usb: dwc2: Fix error path in gadget registration
        scsi: mesh: Fix panic after host or bus reset
        Smack: fix another vsscanf out of bounds
        Smack: prevent underflow in smk_set_cipso()
        power: supply: check if calc_soc succeeded in pm860x_init_battery
        s390/qeth: don't process empty bridge port events
        wl1251: fix always return 0 error
        net: spider_net: Fix the size used in a 'dma_free_coherent()' call
        dlm: Fix kobject memleak
        pinctrl-single: fix pcs_parse_pinconf() return value
        drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
        net/nfc/rawsock.c: add CAP_NET_RAW check.
        net: Set fput_needed iff FDPUT_FPUT is set
        ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
        ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
        ALSA: usb-audio: add quirk for Pioneer DDJ-RB
        crypto: qat - fix double free in qat_uclo_create_batch_init_list
        fs/minix: check return value of sb_getblk()
        fs/minix: don't allow getting deleted inodes
        fs/minix: reject too-large maximum file size
        ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
        9p: Fix memory leak in v9fs_mount
        parisc: mask out enable and reserved bits from sba imask
        ARM: 8992/1: Fix unwind_frame for clang-built kernels
        xen/balloon: fix accounting in alloc_xenballooned_pages error path
        xen/balloon: make the balloon wait interruptible
        PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
        btrfs: only search for left_info if there is no right_info in try_merge_free_space
        btrfs: fix memory leaks after failure to lookup checksums during inode logging
        powerpc: Fix circular dependency between percpu.h and mmu.h
        net: ethernet: stmmac: Disable hardware multicast filter
        net: stmmac: dwmac1000: provide multicast filter fallback
        md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
        bcache: allocate meta data pages as compound pages
        mac80211: fix misplaced while instead of if
        MIPS: CPU#0 is not hotpluggable
        ext2: fix missing percpu_counter_inc
        ocfs2: change slot number type s16 to u16
        kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
        pseries: Fix 64 bit logical memory block panic
        USB: serial: ftdi_sio: make process-packet buffer unsigned
        USB: serial: ftdi_sio: clean up receive processing
        iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
        iommu/vt-d: Enforce PASID devTLB field mask
        i2c: rcar: slave: only send STOP event when we have been addressed
        clk: clk-atlas6: fix return value check in atlas6_clk_init()
        Input: sentelic - fix error return when fsp_reg_write fails
        drm/vmwgfx: Fix two list_for_each loop exit tests
        nfs: Fix getxattr kernel panic and memory overflow
        fs/ufs: avoid potential u32 multiplication overflow
        mfd: dln2: Run event handler loop under spinlock
        ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
        sh: landisk: Add missing initialization of sh_io_port_base
        ipv6: check skb->protocol before lookup for nexthop
        Linux 4.4.233

Conflicts:
	drivers/android/binder.c
	fs/ext4/inode.c
	fs/f2fs/dir.c
parents 989e0e4e 5c1073c6

Documentation/ABI/testing/sysfs-bus-iio

+2 −1
Original line number Diff line number Diff line
@@ -1470,7 +1470,8 @@ What: /sys/bus/iio/devices/iio:deviceX/in_concentrationX_voc_raw 
KernelVersion:	4.3

Contact:	linux-iio@vger.kernel.org

Description:

		Raw (unscaled no offset etc.) percentage reading of a substance.

		Raw (unscaled no offset etc.) reading of a substance. Units

		after application of scale and offset are percents.



What:		/sys/bus/iio/devices/iio:deviceX/in_resistance_raw

What:		/sys/bus/iio/devices/iio:deviceX/in_resistanceX_raw

Makefile

+1 −1
Original line number Diff line number Diff line 
VERSION = 4

PATCHLEVEL = 4

SUBLEVEL = 232

SUBLEVEL = 233

EXTRAVERSION =

NAME = Blurry Fish Butt

arch/arm/include/asm/percpu.h

+2 −0
Original line number Diff line number Diff line
@@ -16,6 +16,8 @@ 
#ifndef _ASM_ARM_PERCPU_H_

#define _ASM_ARM_PERCPU_H_



#include <asm/thread_info.h>



/*

 * Same as asm-generic/percpu.h, except that we store the per cpu offset

 * in the TPIDRPRW. TPIDRPRW only exists on V6K and V7

arch/arm/kernel/hw_breakpoint.c

+22 −5
Original line number Diff line number Diff line
@@ -688,6 +688,12 @@ static void disable_single_step(struct perf_event *bp) 
	arch_install_hw_breakpoint(bp);

}



static int watchpoint_fault_on_uaccess(struct pt_regs *regs,

				       struct arch_hw_breakpoint *info)

{

	return !user_mode(regs) && info->ctrl.privilege == ARM_BREAKPOINT_USER;

}



static void watchpoint_handler(unsigned long addr, unsigned int fsr,

			       struct pt_regs *regs)

{
@@ -747,16 +753,27 @@ static void watchpoint_handler(unsigned long addr, unsigned int fsr, 
		}



		pr_debug("watchpoint fired: address = 0x%x\n", info->trigger);



		/*

		 * If we triggered a user watchpoint from a uaccess routine,

		 * then handle the stepping ourselves since userspace really

		 * can't help us with this.

		 */

		if (watchpoint_fault_on_uaccess(regs, info))

			goto step;



		perf_bp_event(wp, regs);



		/*

		 * If no overflow handler is present, insert a temporary

		 * mismatch breakpoint so we can single-step over the

		 * watchpoint trigger.

		 * Defer stepping to the overflow handler if one is installed.

		 * Otherwise, insert a temporary mismatch breakpoint so that

		 * we can single-step over the watchpoint trigger.

		 */

		if (!wp->overflow_handler)

			enable_single_step(wp, instruction_pointer(regs));

		if (wp->overflow_handler)

			goto unlock;



step:

		enable_single_step(wp, instruction_pointer(regs));

unlock:

		rcu_read_unlock();

	}

arch/arm/kernel/stacktrace.c

+24 −0
Original line number Diff line number Diff line
@@ -20,6 +20,19 @@ 
 * A simple function epilogue looks like this:

 *	ldm	sp, {fp, sp, pc}

 *

 * When compiled with clang, pc and sp are not pushed. A simple function

 * prologue looks like this when built with clang:

 *

 *	stmdb	{..., fp, lr}

 *	add	fp, sp, #x

 *	sub	sp, sp, #y

 *

 * A simple function epilogue looks like this when built with clang:

 *

 *	sub	sp, fp, #x

 *	ldm	{..., fp, pc}

 *

 *

 * Note that with framepointer enabled, even the leaf functions have the same

 * prologue and epilogue, therefore we can ignore the LR value in this case.

 */
@@ -32,6 +45,16 @@ int notrace unwind_frame(struct stackframe *frame) 
	low = frame->sp;

	high = ALIGN(low, THREAD_SIZE);



#ifdef CONFIG_CC_IS_CLANG

	/* check current frame pointer is within bounds */

	if (fp < low + 4 || fp > high - 4)

		return -EINVAL;



	frame->sp = frame->fp;

	frame->fp = *(unsigned long *)(fp);

	frame->pc = frame->lr;

	frame->lr = *(unsigned long *)(fp + 4);

#else

	/* check current frame pointer is within bounds */

	if (fp < low + 12 || fp > high - 4)

		return -EINVAL;
@@ -42,6 +65,7 @@ int notrace unwind_frame(struct stackframe *frame) 
	frame->fp = *(unsigned long *)(fp - 12);

	frame->sp = *(unsigned long *)(fp - 8);

	frame->pc = *(unsigned long *)(fp - 4);

#endif



	kasan_enable_current();