[ Upstream commit 8c6b6c793ed32b8f9770ebcdf1ba99af423c303b ]
Since p points at raw xdr data, there's no guarantee that it's NULL
terminated, so we should give a length. And probably escape any special
characters too.
Reported-by: Zhi Li <yieli@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit eabe861881a733fc84f286f4d5a1ffaddd4f526f upstream.
pskb_carve_frag_list() may return -ENOMEM in pskb_carve_inside_nonlinear().
we should handle this correctly or we would get wrong sk_buff.
Fixes: 6fa01ccd88 ("skbuff: Add pskb_extract() helper function")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1ed9ec9b08addbd8d3e36d5f4a652d8590a6ddb7 upstream.
The driver for Marvell switches puts all ports in IGMP snooping mode
which results in all IGMP/MLD frames that ingress on the ports to be
forwarded to the CPU only.
The bridge code in the kernel can then interpret these frames and act
upon them, for instance by updating the mdb in the switch to reflect
multicast memberships of stations connected to the ports. However,
the IGMP/MLD frames must then also be forwarded to other ports of the
bridge so external IGMP queriers can track membership reports, and
external multicast clients can receive query reports from foreign IGMP
queriers.
Currently, this is impossible as the EDSA tagger sets offload_fwd_mark
on the skb when it unwraps the tagged frames, and that will make the
switchdev layer prevent the skb from egressing on any other port of
the same switch.
To fix that, look at the To_CPU code in the DSA header and make
forwarding of the frame possible for trapped IGMP packets.
Introduce some #defines for the frame types to make the code a bit more
comprehensive.
This was tested on a Marvell 88E6352 variant.
Signed-off-by: Daniel Mack <daniel@zonque.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Tested-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: DENG Qingfang <dqfext@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl9jTJEACgkQONu9yGCS
aT7XARAAo0FTpcnk62Aqo+Wv1BZOFtDxXTHPsW/1CzK2lebub4CGM0y7cNYBf8XP
aEytk/RHKhh+F27htxuHZ6T+izQuWbJaM2h7LDwgaWTlmRh2FPEHTI3iwAgzVnM6
7V5OOcAWkC49CpnsBgEQX++R1SgttHypS+/naZpjeGJwd/ivjLSCBqxqiWt1IT1W
Qo/LeOjQEbI58lln/3qS9zs0OLByJ/6Y8poYREngof2sbxaOARk8u1gWefe9kuYG
jYcAKFFj3GGMrK+y5V9R6I/XoAB7/DQA/+LTlrLKuqxMXT+fzgLFFd9Yn/LORiYh
hlNfvXDTvRL+aZ2LUGXhkUyU24dcO500HxHN7mp5TmWOVgkCa8lruCW5Vu3YLQ0u
aXajrc9SGJJ9OZSb9Pm5oCkzIN0Io7GIkNaB5qIErur7egFC4/F5wZdShxnrcJhX
yQRCIgCtQk1HoOuQkAKcaq6o/BjDkuOjFleu30JF+EMWm2KjQMN46td6tAnrxVdW
CjXQzjYJxnLphZzKwUndmjekZk+OcAgw1E9Qud9F19R306PrL+eVmndh3PZyhNCF
tga5vmB0acwWSRMRDsGncR3aG3WUt+xLhCy9gER/8amSJm6bBO9ENCJvALFksEJo
T6t2UvMksr6R1ZqrP66EiJjBCgyyfhEhnctLKvW63yNNjcxhmZs=
=3vVI
-----END PGP SIGNATURE-----
Merge 4.19.146 into android-4.19-stable
Changes in 4.19.146
ARM: dts: logicpd-torpedo-baseboard: Fix broken audio
ARM: dts: logicpd-som-lv-baseboard: Fix broken audio
ARM: dts: socfpga: fix register entry for timer3 on Arria10
ARM: dts: ls1021a: fix QuadSPI-memory reg range
RDMA/rxe: Fix memleak in rxe_mem_init_user
RDMA/rxe: Drop pointless checks in rxe_init_ports
RDMA/bnxt_re: Do not report transparent vlan from QP1
drm/sun4i: Fix dsi dcs long write function
scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA
RDMA/core: Fix reported speed and width
mmc: sdhci-msm: Add retries when all tuning phases are found valid
ARM: dts: bcm: HR2: Fixed QSPI compatible string
ARM: dts: NSP: Fixed QSPI compatible string
ARM: dts: BCM5301X: Fixed QSPI compatible string
arm64: dts: ns2: Fixed QSPI compatible string
ARC: HSDK: wireup perf irq
dmaengine: acpi: Put the CSRT table after using it
netfilter: conntrack: allow sctp hearbeat after connection re-use
drivers/net/wan/lapbether: Added needed_tailroom
NFC: st95hf: Fix memleak in st95hf_in_send_cmd
firestream: Fix memleak in fs_open
ALSA: hda: Fix 2 channel swapping for Tegra
drivers/net/wan/lapbether: Set network_header before transmitting
xfs: initialize the shortform attr header padding entry
irqchip/eznps: Fix build error for !ARC700 builds
nvme-fabrics: don't check state NVME_CTRL_NEW for request acceptance
nvme-rdma: serialize controller teardown sequences
HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices
drivers/net/wan/hdlc_cisco: Add hard_header_len
HID: elan: Fix memleak in elan_input_configured
ARC: [plat-hsdk]: Switch ethernet phy-mode to rgmii-id
cpufreq: intel_pstate: Refuse to turn off with HWP enabled
cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled
ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
drm/amdgpu: Fix bug in reporting voltage for CIK
iommu/amd: Do not use IOMMUv2 functionality when SME is active
gcov: Disable gcov build with GCC 10
iio: adc: mcp3422: fix locking scope
iio: adc: mcp3422: fix locking on error path
iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set
iio:light:ltr501 Fix timestamp alignment issue.
iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak.
iio:adc:ti-adc084s021 Fix alignment and data leak issues.
iio:adc:ina2xx Fix timestamp alignment issue.
iio:adc:max1118 Fix alignment of timestamp and data leak issues
iio:adc:ti-adc081c Fix alignment and data leak issues
iio:magnetometer:ak8975 Fix alignment and data leak issues.
iio:light:max44000 Fix timestamp alignment and prevent data leak.
iio:chemical:ccs811: Fix timestamp alignment and prevent data leak.
iio: accel: kxsd9: Fix alignment of local buffer.
iio:accel:mma7455: Fix timestamp alignment and prevent data leak.
iio:accel:mma8452: Fix timestamp alignment and prevent data leak.
staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()
btrfs: require only sector size alignment for parent eb bytenr
btrfs: fix lockdep splat in add_missing_dev
btrfs: fix wrong address when faulting in pages in the search ioctl
regulator: push allocation in set_consumer_device_supply() out of lock
scsi: target: iscsi: Fix data digest calculation
scsi: target: iscsi: Fix hang in iscsit_access_np() when getting tpg->np_login_sem
drm/tve200: Stabilize enable/disable
drm/msm: Disable preemption on all 5xx targets
rbd: require global CAP_SYS_ADMIN for mapping and unmapping
RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars
vgacon: remove software scrollback support
fbcon: remove soft scrollback code
fbcon: remove now unusued 'softback_lines' cursor() argument
KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit
ARM: dts: vfxxx: Add syscon compatible with OCOTP
video: fbdev: fix OOB read in vga_8planes_imageblit()
staging: greybus: audio: fix uninitialized value issue
phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init
usb: core: fix slab-out-of-bounds Read in read_descriptors
USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter
USB: serial: option: support dynamic Quectel USB compositions
USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules
usb: Fix out of sync data toggle if a configured device is reconfigured
usb: typec: ucsi: acpi: Check the _DEP dependencies
gcov: add support for GCC 10.1
Linux 4.19.146
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic9b467bc37c7cbbc1e9704d662bc0c8fda05416e
[ Upstream commit cc5453a5b7e90c39f713091a7ebc53c1f87d1700 ]
If an sctp connection gets re-used, heartbeats are flagged as invalid
because their vtag doesn't match.
Handle this in a similar way as TCP conntrack when it suspects that the
endpoints and conntrack are out-of-sync.
When a HEARTBEAT request fails its vtag validation, flag this in the
conntrack state and accept the packet.
When a HEARTBEAT_ACK is received with an invalid vtag in the reverse
direction after we allowed such a HEARTBEAT through, assume we are
out-of-sync and re-set the vtag info.
v2: remove left-over snippet from an older incarnation that moved
new_state/old_state assignments, thats not needed so keep that
as-is.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl9ctJoACgkQONu9yGCS
aT408xAAgPLoJt28UWiyWqcMQyQgvZQVJ8Y5nD66pZ53PtcY2V7MMLbeXFY8I8Xy
U0p5HnGEHeYUHsXcZo7nNlkg+aBFZw9kBWne9OExPWw4NTjGmUXs2AusRSFkEY22
sLYPXwnStOZzyuakAPRJ2Q3EEz2+tdhZiTMOeAT1BKqcLfNBebsZjNgc7i4ogFty
UaGYnrhDzYcj0jf1uzPNeANXqK2czvbB1d/KLdUKINvaCaSpw65xfjhfjciAlRTH
3uGINBAOw5npYMBK3nNW6hgNNeyKvVVRbZf239x7d6xzQnVNfEgAdQ1Cg2lbTgDB
M9I8uO5jRM8i3mKNdjffuBnfagCJwlVs56G6Unp8dt8f8vOncVZ+B7hTPLaCUPN/
LVbF4QYGWXBE7V8VVtPMoKz1V5FgTTeshQsRmu6EXihxQK2HgPnV2HUyfkt132kI
arWkeW3Qsl2TmGBk0nCXbikWAp2E6ToiC2dX0MWsyA2US6DqaZvIyaqmI6E9QCPM
o+PJwzePcUD7CUnOqxWN6OHulQ9FNBRs0BUdxwcNIU4YO8ne6lx2rh95MtQk4Bvf
qEFYZFHZDLtJojsY5bOQ9z+ChowKyMDcZVY+/X+C1PEDq7cjlwdLfJWoF5PIltb9
/OjQH3Ox9yBw1ECA4F4ObcnTEs8bd8/VnfMayLpMhVrlh5kLAAY=
=hMRJ
-----END PGP SIGNATURE-----
Merge 4.19.145 into android-4.19-stable
Changes in 4.19.145
ALSA; firewire-tascam: exclude Tascam FE-8 from detection
block: ensure bdi->io_pages is always initialized
netlabel: fix problems with mapping removal
net: usb: dm9601: Add USB ID of Keenetic Plus DSL
sctp: not disable bh in the whole sctp_get_port_local()
tipc: fix shutdown() of connectionless socket
net: disable netpoll on fresh napis
net/mlx5e: Don't support phys switch id if not in switchdev mode
Linux 4.19.145
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I84b193f4c87a87efbba84219856368d3cfba907b
[ Upstream commit 96e97bc07e90f175a8980a22827faf702ca4cb30 ]
napi_disable() makes sure to set the NAPI_STATE_NPSVC bit to prevent
netpoll from accessing rings before init is complete. However, the
same is not done for fresh napi instances in netif_napi_add(),
even though we expect NAPI instances to be added as disabled.
This causes crashes during driver reconfiguration (enabling XDP,
changing the channel count) - if there is any printk() after
netif_napi_add() but before napi_enable().
To ensure memory ordering is correct we need to use RCU accessors.
Reported-by: Rob Sherwood <rsher@fb.com>
Fixes: 2d8bff1269 ("netpoll: Close race condition between poll_one_napi and napi_disable")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 2a63866c8b51a3f72cea388dfac259d0e14c4ba6 ]
syzbot is reporting hung task at nbd_ioctl() [1], for there are two
problems regarding TIPC's connectionless socket's shutdown() operation.
----------
#include <fcntl.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <linux/nbd.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
const int fd = open("/dev/nbd0", 3);
alarm(5);
ioctl(fd, NBD_SET_SOCK, socket(PF_TIPC, SOCK_DGRAM, 0));
ioctl(fd, NBD_DO_IT, 0); /* To be interrupted by SIGALRM. */
return 0;
}
----------
One problem is that wait_for_completion() from flush_workqueue() from
nbd_start_device_ioctl() from nbd_ioctl() cannot be completed when
nbd_start_device_ioctl() received a signal at wait_event_interruptible(),
for tipc_shutdown() from kernel_sock_shutdown(SHUT_RDWR) from
nbd_mark_nsock_dead() from sock_shutdown() from nbd_start_device_ioctl()
is failing to wake up a WQ thread sleeping at wait_woken() from
tipc_wait_for_rcvmsg() from sock_recvmsg() from sock_xmit() from
nbd_read_stat() from recv_work() scheduled by nbd_start_device() from
nbd_start_device_ioctl(). Fix this problem by always invoking
sk->sk_state_change() (like inet_shutdown() does) when tipc_shutdown() is
called.
The other problem is that tipc_wait_for_rcvmsg() cannot return when
tipc_shutdown() is called, for tipc_shutdown() sets sk->sk_shutdown to
SEND_SHUTDOWN (despite "how" is SHUT_RDWR) while tipc_wait_for_rcvmsg()
needs sk->sk_shutdown set to RCV_SHUTDOWN or SHUTDOWN_MASK. Fix this
problem by setting sk->sk_shutdown to SHUTDOWN_MASK (like inet_shutdown()
does) when the socket is connectionless.
[1] https://syzkaller.appspot.com/bug?id=3fe51d307c1f0a845485cf1798aa059d12bf18b2
Reported-by: syzbot <syzbot+e36f41d207137b5d12f7@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 3106ecb43a05dc3e009779764b9da245a5d082de ]
With disabling bh in the whole sctp_get_port_local(), when
snum == 0 and too many ports have been used, the do-while
loop will take the cpu for a long time and cause cpu stuck:
[ ] watchdog: BUG: soft lockup - CPU#11 stuck for 22s!
[ ] RIP: 0010:native_queued_spin_lock_slowpath+0x4de/0x940
[ ] Call Trace:
[ ] _raw_spin_lock+0xc1/0xd0
[ ] sctp_get_port_local+0x527/0x650 [sctp]
[ ] sctp_do_bind+0x208/0x5e0 [sctp]
[ ] sctp_autobind+0x165/0x1e0 [sctp]
[ ] sctp_connect_new_asoc+0x355/0x480 [sctp]
[ ] __sctp_connect+0x360/0xb10 [sctp]
There's no need to disable bh in the whole function of
sctp_get_port_local. So fix this cpu stuck by removing
local_bh_disable() called at the beginning, and using
spin_lock_bh() instead.
The same thing was actually done for inet_csk_get_port() in
Commit ea8add2b19 ("tcp/dccp: better use of ephemeral
ports in bind()").
Thanks to Marcelo for pointing the buggy code out.
v1->v2:
- use cond_resched() to yield cpu to other tasks if needed,
as Eric noticed.
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Reported-by: Ying Xu <yinxu@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit d3b990b7f327e2afa98006e7666fb8ada8ed8683 ]
This patch fixes two main problems seen when removing NetLabel
mappings: memory leaks and potentially extra audit noise.
The memory leaks are caused by not properly free'ing the mapping's
address selector struct when free'ing the entire entry as well as
not properly cleaning up a temporary mapping entry when adding new
address selectors to an existing entry. This patch fixes both these
problems such that kmemleak reports no NetLabel associated leaks
after running the SELinux test suite.
The potentially extra audit noise was caused by the auditing code in
netlbl_domhsh_remove_entry() being called regardless of the entry's
validity. If another thread had already marked the entry as invalid,
but not removed/free'd it from the list of mappings, then it was
possible that an additional mapping removal audit record would be
generated. This patch fixes this by returning early from the removal
function when the entry was previously marked invalid. This change
also had the side benefit of improving the code by decreasing the
indentation level of large chunk of code by one (accounting for most
of the diffstat).
Fixes: 63c4168874 ("netlabel: Add network address selectors to the NetLabel/LSM domain mapping")
Reported-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl9ZCzcACgkQONu9yGCS
aT6VCw//aRDPlJMx+LHqasSImMs3lCHnMcHVxE09knu30mQNpJXv05piJ70/Ct/S
ukE4e6NEv2L9wgE/Ti4q7Hk5ahTeMqE3fxewtsJcoTnswa6LwL7X0iPtdFs3aVSa
u6nwlkkz5uXE4xFD1fE8WudizglSqFc6cSD+3AJvtI4DAM+it920EGvAX6yzk9Gi
7wF5lsqX0xm6Jn2XZ+ZnI8f49cKE+7n8aKpkXFGyrPVqrVotXdJUcovz2eEXxO3E
vo95Z1FksBqY7gMOCbrLiBXspMujaIduphKmWUIeNccAsexMVJjfJqO5GTZA/siW
GxdauwbMWWAOcw9RAnjt5crmPU7gtUcaXr32ST42BmZtDWW0frj4hN6jcsvfW6KO
uyWKIi6SidQJui/dcDyzTwhJlUzUhxY1bj/hWMwLmJznfNMqeS1wFF/5xewWShwG
dxmhuZAsoI8CrpHG4kvJiZ2vvHvS7zNDdXWQyHE9GOh6xcAdhRc9nhkPd9ugubDf
3wuHuSpQg7fbsq98QxTKM1irlsBXNXBpw/VbiYhhbfN5n9VCFj82KSJZf321/BVk
PoETRPFnrYU3/85xDxvEbAX9EYCWHQaJWq49kZRBAQ9yMOUFYrcRmzfRtDvNdNzs
dE+kGJhgu90wrJYkywOqBHsi/7jNIqjRG6/lDYxICaRI9NEbaa4=
=aozR
-----END PGP SIGNATURE-----
Merge 4.19.144 into android-4.19-stable
Changes in 4.19.144
HID: core: Correctly handle ReportSize being zero
HID: core: Sanitize event code and type when mapping input
perf record/stat: Explicitly call out event modifiers in the documentation
scsi: target: tcmu: Fix size in calls to tcmu_flush_dcache_range
scsi: target: tcmu: Optimize use of flush_dcache_page
tty: serial: qcom_geni_serial: Drop __init from qcom_geni_console_setup
drm/msm: add shutdown support for display platform_driver
hwmon: (applesmc) check status earlier.
nvmet: Disable keep-alive timer when kato is cleared to 0h
drm/msm/a6xx: fix gmu start on newer firmware
ceph: don't allow setlease on cephfs
cpuidle: Fixup IRQ state
s390: don't trace preemption in percpu macros
xen/xenbus: Fix granting of vmalloc'd memory
dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
batman-adv: Avoid uninitialized chaddr when handling DHCP
batman-adv: Fix own OGM check in aggregated OGMs
batman-adv: bla: use netif_rx_ni when not in interrupt context
dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate()
MIPS: mm: BMIPS5000 has inclusive physical caches
MIPS: BMIPS: Also call bmips_cpu_setup() for secondary cores
netfilter: nf_tables: add NFTA_SET_USERDATA if not null
netfilter: nf_tables: incorrect enum nft_list_attributes definition
netfilter: nf_tables: fix destination register zeroing
net: hns: Fix memleak in hns_nic_dev_probe
net: systemport: Fix memleak in bcm_sysport_probe
ravb: Fixed to be able to unload modules
net: arc_emac: Fix memleak in arc_mdio_probe
dmaengine: pl330: Fix burst length if burst size is smaller than bus width
gtp: add GTPA_LINK info to msg sent to userspace
bnxt_en: Don't query FW when netif_running() is false.
bnxt_en: Check for zero dir entries in NVRAM.
bnxt_en: Fix PCI AER error recovery flow
bnxt_en: fix HWRM error when querying VF temperature
xfs: fix boundary test in xfs_attr_shortform_verify
bnxt: don't enable NAPI until rings are ready
selftests/bpf: Fix massive output from test_maps
netfilter: nfnetlink: nfnetlink_unicast() reports EAGAIN instead of ENOBUFS
nvmet-fc: Fix a missed _irqsave version of spin_lock in 'nvmet_fc_fod_op_done()'
perf tools: Correct SNOOPX field offset
net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
fix regression in "epoll: Keep a reference on files added to the check list"
net: gemini: Fix another missing clk_disable_unprepare() in probe
xfs: fix xfs_bmap_validate_extent_raw when checking attr fork of rt files
perf jevents: Fix suspicious code in fixregex()
tg3: Fix soft lockup when tg3_reset_task() fails.
x86, fakenuma: Fix invalid starting node ID
iommu/vt-d: Serialize IOMMU GCMD register modifications
thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430
include/linux/log2.h: add missing () around n in roundup_pow_of_two()
ext2: don't update mtime on COW faults
xfs: don't update mtime on COW faults
btrfs: drop path before adding new uuid tree entry
vfio/type1: Support faulting PFNMAP vmas
vfio-pci: Fault mmaps to enable vma tracking
vfio-pci: Invalidate mmaps and block MMIO access on disabled memory
btrfs: Remove redundant extent_buffer_get in get_old_root
btrfs: Remove extraneous extent_buffer_get from tree_mod_log_rewind
btrfs: set the lockdep class for log tree extent buffers
uaccess: Add non-pagefault user-space read functions
uaccess: Add non-pagefault user-space write function
btrfs: fix potential deadlock in the search ioctl
net: usb: qmi_wwan: add Telit 0x1050 composition
usb: qmi_wwan: add D-Link DWM-222 A2 device ID
ALSA: ca0106: fix error code handling
ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
ALSA: hda/hdmi: always check pin power status in i915 pin fixup
ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO
media: rc: do not access device via sysfs after rc_unregister_device()
media: rc: uevent sysfs file races with rc_unregister_device()
affs: fix basic permission bits to actually work
block: allow for_each_bvec to support zero len bvec
libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks
dm writecache: handle DAX to partitions on persistent memory correctly
dm cache metadata: Avoid returning cmd->bm wild pointer on error
dm thin metadata: Avoid returning cmd->bm wild pointer on error
mm: slub: fix conversion of freelist_corrupted()
KVM: arm64: Add kvm_extable for vaxorcism code
KVM: arm64: Defer guest entry when an asynchronous exception is pending
KVM: arm64: Survive synchronous exceptions caused by AT instructions
KVM: arm64: Set HCR_EL2.PTW to prevent AT taking synchronous exception
vfio/pci: Fix SR-IOV VF handling with MMIO blocking
checkpatch: fix the usage of capture group ( ... )
mm/hugetlb: fix a race between hugetlb sysctl handlers
cfg80211: regulatory: reject invalid hints
net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
Linux 4.19.144
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I81d6b3f044fe0dd919d1ece16d131c2185c00bb3
[ Upstream commit ee921183557af39c1a0475f982d43b0fcac25e2e ]
Frontend callback reports EAGAIN to nfnetlink to retry a command, this
is used to signal that module autoloading is required. Unfortunately,
nlmsg_unicast() reports EAGAIN in case the receiver socket buffer gets
full, so it enters a busy-loop.
This patch updates nfnetlink_unicast() to turn EAGAIN into ENOBUFS and
to use nlmsg_unicast(). Remove the flags field in nfnetlink_unicast()
since this is always MSG_DONTWAIT in the existing code which is exactly
what nlmsg_unicast() passes to netlink_unicast() as parameter.
Fixes: 96518518cc ("netfilter: add nftables")
Reported-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 1e105e6afa6c3d32bfb52c00ffa393894a525c27 ]
Following bug was reported via irc:
nft list ruleset
set knock_candidates_ipv4 {
type ipv4_addr . inet_service
size 65535
elements = { 127.0.0.1 . 123,
127.0.0.1 . 123 }
}
..
udp dport 123 add @knock_candidates_ipv4 { ip saddr . 123 }
udp dport 123 add @knock_candidates_ipv4 { ip saddr . udp dport }
It should not have been possible to add a duplicate set entry.
After some debugging it turned out that the problem is the immediate
value (123) in the second-to-last rule.
Concatenations use 32bit registers, i.e. the elements are 8 bytes each,
not 6 and it turns out the kernel inserted
inet firewall @knock_candidates_ipv4
element 0100007f ffff7b00 : 0 [end]
element 0100007f 00007b00 : 0 [end]
Note the non-zero upper bits of the first element. It turns out that
nft_immediate doesn't zero the destination register, but this is needed
when the length isn't a multiple of 4.
Furthermore, the zeroing in nft_payload is broken. We can't use
[len / 4] = 0 -- if len is a multiple of 4, index is off by one.
Skip zeroing in this case and use a conditional instead of (len -1) / 4.
Fixes: 49499c3e6e ("netfilter: nf_tables: switch registers to 32 bit addressing")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 6f03bf43ee05b31d3822def2a80f11b3591c55b3 ]
Kernel sends an empty NFTA_SET_USERDATA attribute with no value if
userspace adds a set with no NFTA_SET_USERDATA attribute.
Fixes: e6d8ecac9e ("netfilter: nf_tables: Add new attributes into nft_set to store user data.")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 279e89b2281af3b1a9f04906e157992c19c9f163 ]
batadv_bla_send_claim() gets called from worker thread context through
batadv_bla_periodic_work(), thus netif_rx_ni needs to be used in that
case. This fixes "NOHZ: local_softirq_pending 08" log messages seen
when batman-adv is enabled.
Fixes: 23721387c4 ("batman-adv: add basic bridge loop avoidance code")
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@haltian.com>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d8bf0c01642275c7dca1e5d02c34e4199c200b1f ]
The own OGM check is currently misplaced and can lead to the following
issues:
For one thing we might receive an aggregated OGM from a neighbor node
which has our own OGM in the first place. We would then not only skip
our own OGM but erroneously also any other, following OGM in the
aggregate.
For another, we might receive an OGM aggregate which has our own OGM in
a place other then the first one. Then we would wrongly not skip this
OGM, leading to populating the orginator and gateway table with ourself.
Fixes: 9323158ef9 ("batman-adv: OGMv2 - implement originators logic")
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 303216e76dcab6049c9d42390b1032f0649a8206 ]
The gateway client code can try to optimize the delivery of DHCP packets to
avoid broadcasting them through the whole mesh. But also transmissions to
the client can be optimized by looking up the destination via the chaddr of
the DHCP packet.
But the chaddr is currently only done when chaddr is fully inside the
non-paged area of the skbuff. Otherwise it will not be initialized and the
unoptimized path should have been taken.
But the implementation didn't handle this correctly. It didn't retrieve the
correct chaddr but still tried to perform the TT lookup with this
uninitialized memory.
Reported-by: syzbot+ab16e463b903f5a37036@syzkaller.appspotmail.com
Fixes: 6c413b1c22 ("batman-adv: send every DHCP packet as bat-unicast")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Acked-by: Antonio Quartulli <a@unstable.cc>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl9QtnYACgkQONu9yGCS
aT6d3hAA0SGXTk13kxCTzOTOh7hhZJSI6a+JL64Cj/o8IkaoaCFMjLevcuYMAWh1
LARaLjPy7MNm1fAy6LPaQcLwRax2Ocwyl27x3U3IrM4/Fos/r0wkn4Ek6IJVBD0H
FqF4VHRoLt0IUhOTdsdGqv4YHRhE/l8dFHXVencTVE8dAB5QUUpI8XwKruk8HlOD
L2h1gF6x8yV18lt3I6kIA3+n9ImMSNO65OxwXUTgu0cZoyk35byj1bbgu8mkZPkk
s7Y5oBS5CorhBYFP+D6Av5e9LOP4jzvwPqCeLLCIa5idM277afyt6dKnwBcdK4w/
Y10AIlGeji0xaAD4Xv2SnjiY6lFtA5DF8gg8zLsjdjgPyELrZOdNOxJPhckL8Fbj
u9oeWerJPBgI1bEtaWUihRSo31dedp8VAi87aRdwMkNIdBrXLo9tdv+waWTm8YPi
0kbG+p/Cp7Z8SqG6dEJsLxnes2Spd5RohRsYET/L3adl5B/IdYVxuHF0Lc2U/5AM
+7FvisuqjeDS0o8ZpAP8F0wpvqDIhD+5Iy2NkT3/HcgzyYYd9q4+L5szoARN4Dzn
pIm/Y9UyvXxgYNUSvVl5H1hn4JJR0WuxgiBYoUrZGc5w5Ey5f8M9hOM90lfu6MWO
YWbLVEIui+jW9pkV4SmO71zkR+OI6u1I2YSTYGyTvXnyD+YL44w=
=416Q
-----END PGP SIGNATURE-----
Merge 4.19.143 into android-4.19-stable
Changes in 4.19.143
powerpc/64s: Don't init FSCR_DSCR in __init_FSCR()
gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY
net: Fix potential wrong skb->protocol in skb_vlan_untag()
net: qrtr: fix usage of idr in port assignment to socket
net/smc: Prevent kernel-infoleak in __smc_diag_dump()
tipc: fix uninit skb->data in tipc_nl_compat_dumpit()
net: ena: Make missed_tx stat incremental
ipvlan: fix device features
ALSA: pci: delete repeated words in comments
ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt
ASoC: img-parallel-out: Fix a reference count leak
ASoC: tegra: Fix reference count leaks.
mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs
arm64: dts: qcom: msm8916: Pull down PDM GPIOs during sleep
powerpc/xive: Ignore kmemleak false positives
media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq()
blktrace: ensure our debugfs dir exists
scsi: target: tcmu: Fix crash on ARM during cmd completion
iommu/iova: Don't BUG on invalid PFNs
drm/amdkfd: Fix reference count leaks.
drm/radeon: fix multiple reference count leak
drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms
drm/amd/display: fix ref count leak in amdgpu_drm_ioctl
drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config
drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
scsi: lpfc: Fix shost refcount mismatch when deleting vport
xfs: Don't allow logging of XFS_ISTALE inodes
selftests/powerpc: Purge extra count_pmc() calls of ebb selftests
f2fs: fix error path in do_recover_data()
omapfb: fix multiple reference count leaks due to pm_runtime_get_sync
PCI: Fix pci_create_slot() reference count leak
ARM: dts: ls1021a: output PPS signal on FIPER2
rtlwifi: rtl8192cu: Prevent leaking urb
mips/vdso: Fix resource leaks in genvdso.c
cec-api: prevent leaking memory through hole in structure
HID: quirks: add NOGET quirk for Logitech GROUP
f2fs: fix use-after-free issue
drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
drm/nouveau: fix reference count leak in nv50_disp_atomic_commit
drm/nouveau: Fix reference count leak in nouveau_connector_detect
locking/lockdep: Fix overflow in presentation of average lock-time
btrfs: file: reserve qgroup space after the hole punch range is locked
scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
ceph: fix potential mdsc use-after-free crash
scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del()
EDAC/ie31200: Fallback if host bridge device is already initialized
KVM: arm64: Fix symbol dependency in __hyp_call_panic_nvhe
powerpc/spufs: add CONFIG_COREDUMP dependency
USB: sisusbvga: Fix a potential UB casued by left shifting a negative value
efi: provide empty efi_enter_virtual_mode implementation
Revert "ath10k: fix DMA related firmware crashes on multiple devices"
media: gpio-ir-tx: improve precision of transmitted signal due to scheduling
drm/msm/adreno: fix updating ring fence
nvme-fc: Fix wrong return value in __nvme_fc_init_request()
null_blk: fix passing of REQ_FUA flag in null_handle_rq
i2c: rcar: in slave mode, clear NACK earlier
usb: gadget: f_tcm: Fix some resource leaks in some error paths
jbd2: make sure jh have b_transaction set in refile/unfile_buffer
ext4: don't BUG on inconsistent journal feature
ext4: handle read only external journal device
jbd2: abort journal if free a async write error metadata buffer
ext4: handle option set by mount flags correctly
ext4: handle error of ext4_setup_system_zone() on remount
ext4: correctly restore system zone info when remount fails
fs: prevent BUG_ON in submit_bh_wbc()
spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate
s390/cio: add cond_resched() in the slow_eval_known_fn() loop
ASoC: wm8994: Avoid attempts to read unreadable registers
scsi: fcoe: Fix I/O path allocation
scsi: ufs: Fix possible infinite loop in ufshcd_hold
scsi: ufs: Improve interrupt handling for shared interrupts
scsi: ufs: Clean up completed request without interrupt notification
scsi: qla2xxx: Check if FW supports MQ before enabling
scsi: qla2xxx: Fix null pointer access during disconnect from subsystem
Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command"
macvlan: validate setting of multiple remote source MAC addresses
net: gianfar: Add of_node_put() before goto statement
powerpc/perf: Fix soft lockups due to missed interrupt accounting
block: loop: set discard granularity and alignment for block device backed loop
HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands
blk-mq: order adding requests to hctx->dispatch and checking SCHED_RESTART
btrfs: reset compression level for lzo on remount
btrfs: fix space cache memory leak after transaction abort
fbcon: prevent user font height or width change from causing potential out-of-bounds access
USB: lvtest: return proper error code in probe
vt: defer kfree() of vc_screenbuf in vc_do_resize()
vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize()
serial: samsung: Removes the IRQ not found warning
serial: pl011: Fix oops on -EPROBE_DEFER
serial: pl011: Don't leak amba_ports entry on driver register error
serial: 8250_exar: Fix number of ports for Commtech PCIe cards
serial: 8250: change lock order in serial8250_do_startup()
writeback: Protect inode->i_io_list with inode->i_lock
writeback: Avoid skipping inode writeback
writeback: Fix sync livelock due to b_dirty_time processing
XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information.
usb: host: xhci: fix ep context print mismatch in debugfs
xhci: Do warm-reset when both CAS and XDEV_RESUME are set
xhci: Always restore EP_SOFT_CLEAR_TOGGLE even if ep reset failed
PM: sleep: core: Fix the handling of pending runtime resume requests
device property: Fix the secondary firmware node handling in set_primary_fwnode()
genirq/matrix: Deal with the sillyness of for_each_cpu() on UP
irqchip/stm32-exti: Avoid losing interrupts due to clearing pending bits by mistake
drm/amdgpu: Fix buffer overflow in INFO ioctl
drm/amd/pm: correct Vega10 swctf limit setting
drm/amd/pm: correct Vega12 swctf limit setting
USB: yurex: Fix bad gfp argument
usb: uas: Add quirk for PNY Pro Elite
USB: quirks: Add no-lpm quirk for another Raydium touchscreen
USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D
USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge
usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe()
USB: gadget: u_f: add overflow checks to VLA macros
USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb()
USB: gadget: u_f: Unbreak offset calculation in VLAs
USB: cdc-acm: rework notification_buffer resizing
usb: storage: Add unusual_uas entry for Sony PSZ drives
btrfs: check the right error variable in btrfs_del_dir_entries_in_log
usb: dwc3: gadget: Don't setup more than requested
usb: dwc3: gadget: Fix handling ZLP
usb: dwc3: gadget: Handle ZLP for sg requests
tpm: Unify the mismatching TPM space buffer sizes
HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
ALSA: usb-audio: Update documentation comment for MS2109 quirk
Linux 4.19.143
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8b6e29eda77bd69df30132842cf28019c8e7c1a3
[ Upstream commit 47733f9daf4fe4f7e0eb9e273f21ad3a19130487 ]
__tipc_nl_compat_dumpit() has two callers, and it expects them to
pass a valid nlmsghdr via arg->data. This header is artificial and
crafted just for __tipc_nl_compat_dumpit().
tipc_nl_compat_publ_dump() does so by putting a genlmsghdr as well
as some nested attribute, TIPC_NLA_SOCK. But the other caller
tipc_nl_compat_dumpit() does not, this leaves arg->data uninitialized
on this call path.
Fix this by just adding a similar nlmsghdr without any payload in
tipc_nl_compat_dumpit().
This bug exists since day 1, but the recent commit 6ea67769ff33
("net: tipc: prepare attrs in __tipc_nl_compat_dumpit()") makes it
easier to appear.
Reported-and-tested-by: syzbot+0e7181deafa7e0b79923@syzkaller.appspotmail.com
Fixes: d0796d1ef6 ("tipc: convert legacy nl bearer dump to nl compat")
Cc: Jon Maloy <jmaloy@redhat.com>
Cc: Ying Xue <ying.xue@windriver.com>
Cc: Richard Alpe <richard.alpe@ericsson.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit ce51f63e63c52a4e1eee4dd040fb0ba0af3b43ab ]
__smc_diag_dump() is potentially copying uninitialized kernel stack memory
into socket buffers, since the compiler may leave a 4-byte hole near the
beginning of `struct smcd_diag_dmbinfo`. Fix it by initializing `dinfo`
with memset().
Fixes: 4b1b7d3b30 ("net/smc: add SMC-D diag support")
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 8dfddfb79653df7c38a9c8c4c034f242a36acee9 ]
Passing large uint32 sockaddr_qrtr.port numbers for port allocation
triggers a warning within idr_alloc() since the port number is cast
to int, and thus interpreted as a negative number. This leads to
the rejection of such valid port numbers in qrtr_port_assign() as
idr_alloc() fails.
To avoid the problem, switch to idr_alloc_u32() instead.
Fixes: bdabad3e36 ("net: Add Qualcomm IPC router")
Reported-by: syzbot+f31428628ef672716ea8@syzkaller.appspotmail.com
Signed-off-by: Necip Fazil Yildiran <necip@google.com>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 55eff0eb7460c3d50716ed9eccf22257b046ca92 ]
We may access the two bytes after vlan_hdr in vlan_set_encap_proto(). So
we should pull VLAN_HLEN + sizeof(unsigned short) in skb_vlan_untag() or
we may access the wrong data.
Fixes: 0d5501c1c8 ("net: Always untag vlan-tagged traffic on input.")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 272502fcb7cda01ab07fc2fcff82d1d2f73d43cc ]
When receiving an IPv4 packet inside an IPv6 GRE packet, and the
IP6_TNL_F_RCV_DSCP_COPY flag is set on the tunnel, the IPv4 header would
get corrupted. This is due to the common ip6_tnl_rcv() function assuming
that the inner header is always IPv6. This patch checks the tunnel
protocol for IPv4 inner packets, but still defaults to IPv6.
Fixes: 308edfdf15 ("gre6: Cleanup GREv6 receive path, call common GRE functions")
Signed-off-by: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl9GHdsACgkQONu9yGCS
aT4AoA//RHH+8srJoIL7iz4HMcXbSTqom//BkZKhDLMvDoOHt7GE3t571kM4Bx99
cY+oJCxsfUgbSLGE2eBRmfr0i+kcyT/Ke1Jyp0/3+lrqZeFxhtda8z1TYz0PC0E6
V/M9OaKKpKFW2tsGxsiKsomE4wNZExhKl2yti6QWS6jl+1ngAKZEg0LLMjDDSC3G
CGtnk9yYjdExxky0XYN15B7I4RfIFLmHprT++Ctrgxq6wlrOiZyB2LqNJeZdJmsx
7tieTxC0rAsyMG5w1j6kFy5+6e+5t81B5yk5IfHNH17ZUU+L8p15fC172GEi3rwn
UOYPZxIEJs4wRImJTur3JwfQbt2ySt45GNJBTVtOt/dUvS141NgpBVTSaQ60Zv4Y
4aXi4GucVr3nApTnTfAM5nRjtnRrHPXg49qzM0CqOAzdlyuUpzpvQsyek1ml8Etl
Vdgn7iLyUbV7Cb/aVVEAwvkT+EAPdrzqSK8Q3nonl8R4pZy35CrxlPkdFPVSIKmH
KGLZP+xg3wJSHdjVuLAtMAYcREau/Yo+i3W8Pz4niU3MUnskPqdPQyp8XzY+hwfp
4OgJatcUPdB9782b242WmrVJ4b4Ts4ZOuM6hrIrSqdvOkuzQQ9vyDmfHHlEEfH4F
6tSEA96MZ1bG7uIyMwgx+11lbBC48UYhm/dKcXmyX/yV60N8oPw=
=/u20
-----END PGP SIGNATURE-----
Merge 4.19.142 into android-4.19-stable
Changes in 4.19.142
drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset()
perf probe: Fix memory leakage when the probe point is not found
khugepaged: khugepaged_test_exit() check mmget_still_valid()
khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter()
btrfs: export helpers for subvolume name/id resolution
btrfs: don't show full path of bind mounts in subvol=
btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range
btrfs: inode: fix NULL pointer dereference if inode doesn't need compression
btrfs: sysfs: use NOFS for device creation
romfs: fix uninitialized memory leak in romfs_dev_read()
kernel/relay.c: fix memleak on destroy relay channel
mm: include CMA pages in lowmem_reserve at boot
mm, page_alloc: fix core hung in free_pcppages_bulk()
ext4: fix checking of directory entry validity for inline directories
jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock()
scsi: zfcp: Fix use-after-free in request timeout handlers
drm/amd/display: fix pow() crashing when given base 0
kthread: Do not preempt current task if it is going to call schedule()
spi: Prevent adding devices below an unregistering controller
scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
scsi: target: tcmu: Fix crash in tcmu_flush_dcache_range on ARM
media: budget-core: Improve exception handling in budget_register()
rtc: goldfish: Enable interrupt in set_alarm() when necessary
media: vpss: clean up resources in init
Input: psmouse - add a newline when printing 'proto' by sysfs
m68knommu: fix overwriting of bits in ColdFire V3 cache control
svcrdma: Fix another Receive buffer leak
xfs: fix inode quota reservation checks
jffs2: fix UAF problem
ceph: fix use-after-free for fsc->mdsc
cpufreq: intel_pstate: Fix cpuinfo_max_freq when MSR_TURBO_RATIO_LIMIT is 0
scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
virtio_ring: Avoid loop when vq is broken in virtqueue_poll
tools/testing/selftests/cgroup/cgroup_util.c: cg_read_strcmp: fix null pointer dereference
xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init
alpha: fix annotation of io{read,write}{16,32}be()
fs/signalfd.c: fix inconsistent return codes for signalfd4
ext4: fix potential negative array index in do_split()
ext4: don't allow overlapping system zones
ASoC: q6routing: add dummy register read/write function
i40e: Set RX_ONLY mode for unicast promiscuous on VLAN
i40e: Fix crash during removing i40e driver
net: fec: correct the error path for regulator disable in probe
bonding: show saner speed for broadcast mode
bonding: fix a potential double-unregister
s390/runtime_instrumentation: fix storage key handling
s390/ptrace: fix storage key handling
ASoC: msm8916-wcd-analog: fix register Interrupt offset
ASoC: intel: Fix memleak in sst_media_open
vfio/type1: Add proper error unwind for vfio_iommu_replay()
kvm: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode
kvm: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode
kconfig: qconf: do not limit the pop-up menu to the first row
kconfig: qconf: fix signal connection to invalid slots
efi: avoid error message when booting under Xen
Fix build error when CONFIG_ACPI is not set/enabled:
RDMA/bnxt_re: Do not add user qps to flushlist
afs: Fix NULL deref in afs_dynroot_depopulate()
bonding: fix active-backup failover for current ARP slave
net: ena: Prevent reset after device destruction
net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe()
hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit()
net: dsa: b53: check for timeout
powerpc/pseries: Do not initiate shutdown when system is running on UPS
efi: add missed destroy_workqueue when efisubsys_init fails
epoll: Keep a reference on files added to the check list
do_epoll_ctl(): clean the failure exits up a bit
mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible
xen: don't reschedule in preemption off sections
clk: Evict unregistered clks from parent caches
KVM: Pass MMU notifier range flags to kvm_unmap_hva_range()
KVM: arm64: Only reschedule if MMU_NOTIFIER_RANGE_BLOCKABLE is not set
Linux 4.19.142
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ibfe4a0a4249f76ab35076f4b003e32cd6f9788a5
[ Upstream commit 64d26422516b2e347b32e6d9b1d40b3c19a62aae ]
During a connection tear down, the Receive queue is flushed before
the device resources are freed. Typically, all the Receives flush
with IB_WR_FLUSH_ERR.
However, any pending successful Receives flush with IB_WR_SUCCESS,
and the server automatically posts a fresh Receive to replace the
completing one. This happens even after the connection has closed
and the RQ is drained. Receives that are posted after the RQ is
drained appear never to complete, causing a Receive resource leak.
The leaked Receive buffer is left DMA-mapped.
To prevent these late-posted recv_ctxt's from leaking, block new
Receive posting after XPT_CLOSE is set.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl8/jnoACgkQONu9yGCS
aT54fA//azItNUOsY1HujeNfINHWCqCLV7OHpdxa9MEeixSpP/ufsGcgyZBTslNw
WOENkdUPGYxUQt9yyZjSY5CEneH6a007idCfUWIuHRZ9nxKbDZm312xDDcDkeZI7
P4TGvIdpDq7Czk2c+OCSUnmp/+fCJdPCpCYJZp0kBDVbUsKeUwpBJ42Dca8f/2iM
lWVlGR2KwMIV+NSVArpu8EUOpw7X4rPsGz72kEvVhCkcXa9GFxGbs65AVNG5NTzt
9sHBlja7PZTqt844/6UBM5EgTR43uJT5z8sSV5N5s6j2d07m/T+2f73PyKqr6+jQ
SXKpIp/J6Po7tCej5u4B9LO+ePpasuxbNAXmn1GLuiP7qzKRAriFxK2RfXXxqIuE
aP9DB6P/wbr/MszFjIFFg9nrr9G/biriRNPWtnzD2hbUk1mfM8WNCCSIt90MZh0f
CT85JiEBFlU5cZhgUJfqJcfZcckE8gbdUGOBvZ5NOq0hxqN2S6+/phespwkd4h/a
A4QyhER6eI9zT/StBoSLejs8c/lHKHjqyMARNjXLPF+bkkR90L9WDgocB1KiV0jn
YOY+j4tjXGnn/QAsuW/uhYVvzETtkQ5oSyeV5uTcgYvU3iw+QFo9H//y83yB5Q0o
pdDRNmMTtdYwrwkzt73xsjKGlVXaA8kB5kRCuBwGb5kzr0G8baE=
=Txdz
-----END PGP SIGNATURE-----
Merge 4.19.141 into android-4.19-stable
Changes in 4.19.141
smb3: warn on confusing error scenario with sec=krb5
genirq/affinity: Make affinity setting if activated opt-in
PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken
PCI: Add device even if driver attach failed
PCI: qcom: Define some PARF params needed for ipq8064 SoC
PCI: qcom: Add support for tx term offset for rev 2.1.0
PCI: Probe bridge window attributes once at enumeration-time
btrfs: free anon block device right after subvolume deletion
btrfs: don't allocate anonymous block device for user invisible roots
btrfs: ref-verify: fix memory leak in add_block_entry
btrfs: don't traverse into the seed devices in show_devname
btrfs: open device without device_list_mutex
btrfs: fix messages after changing compression level by remount
btrfs: only search for left_info if there is no right_info in try_merge_free_space
btrfs: fix memory leaks after failure to lookup checksums during inode logging
btrfs: fix return value mixup in btrfs_get_extent
dt-bindings: iio: io-channel-mux: Fix compatible string in example code
iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
xtensa: fix xtensa_pmu_setup prototype
cifs: Fix leak when handling lease break for cached root fid
powerpc: Allow 4224 bytes of stack expansion for the signal frame
powerpc: Fix circular dependency between percpu.h and mmu.h
media: vsp1: dl: Fix NULL pointer dereference on unbind
net: ethernet: stmmac: Disable hardware multicast filter
net: stmmac: dwmac1000: provide multicast filter fallback
net/compat: Add missing sock updates for SCM_RIGHTS
md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
bcache: allocate meta data pages as compound pages
bcache: fix overflow in offset_to_stripe()
mac80211: fix misplaced while instead of if
driver core: Avoid binding drivers to dead devices
MIPS: CPU#0 is not hotpluggable
ext2: fix missing percpu_counter_inc
ocfs2: change slot number type s16 to u16
mm/page_counter.c: fix protection usage propagation
ftrace: Setup correct FTRACE_FL_REGS flags for module
kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
tracing/hwlat: Honor the tracing_cpumask
tracing: Use trace_sched_process_free() instead of exit() for pid tracing
watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options
watchdog: f71808e_wdt: remove use of wrong watchdog_info option
watchdog: f71808e_wdt: clear watchdog timeout occurred flag
pseries: Fix 64 bit logical memory block panic
module: Correctly truncate sysfs sections output
perf intel-pt: Fix FUP packet state
remoteproc: qcom: q6v5: Update running state before requesting stop
drm/imx: imx-ldb: Disable both channels for split mode in enc->disable()
mfd: arizona: Ensure 32k clock is put on driver unbind and error
RDMA/ipoib: Return void from ipoib_ib_dev_stop()
RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah()
media: rockchip: rga: Introduce color fmt macros and refactor CSC mode logic
media: rockchip: rga: Only set output CSC mode for RGB input
USB: serial: ftdi_sio: make process-packet buffer unsigned
USB: serial: ftdi_sio: clean up receive processing
mmc: renesas_sdhi_internal_dmac: clean up the code for dma complete
gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers
dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue()
selftests/powerpc: ptrace-pkey: Rename variables to make it easier to follow code
selftests/powerpc: ptrace-pkey: Update the test to mark an invalid pkey correctly
selftests/powerpc: ptrace-pkey: Don't update expected UAMOR value
iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
iommu/vt-d: Enforce PASID devTLB field mask
i2c: rcar: slave: only send STOP event when we have been addressed
clk: clk-atlas6: fix return value check in atlas6_clk_init()
pwm: bcm-iproc: handle clk_get_rate() return
tools build feature: Use CC and CXX from parent
i2c: rcar: avoid race when unregistering slave
openrisc: Fix oops caused when dumping stack
scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying targetport
watchdog: initialize device before misc_register
Input: sentelic - fix error return when fsp_reg_write fails
drm/vmwgfx: Use correct vmw_legacy_display_unit pointer
drm/vmwgfx: Fix two list_for_each loop exit tests
net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init
nfs: Fix getxattr kernel panic and memory overflow
fs/minix: set s_maxbytes correctly
fs/minix: fix block limit check for V1 filesystems
fs/minix: remove expected error message in block_to_path()
fs/ufs: avoid potential u32 multiplication overflow
test_kmod: avoid potential double free in trigger_config_run_type()
mfd: dln2: Run event handler loop under spinlock
ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
perf bench mem: Always memset source before memcpy
tools build feature: Quote CC and CXX for their arguments
sh: landisk: Add missing initialization of sh_io_port_base
khugepaged: retract_page_tables() remember to test exit
arm64: dts: marvell: espressobin: add ethernet alias
drm: Added orientation quirk for ASUS tablet model T103HAF
drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume
Linux 4.19.141
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0800f8e03919fd8f054c1bcda87efd70a6e5db6b
commit 5981fe5b0529ba25d95f37d7faa434183ad618c5 upstream.
This never was intended to be a 'while' loop, it should've
just been an 'if' instead of 'while'. Fix this.
I noticed this while applying another patch from Ben that
intended to fix a busy loop at this spot.
Cc: stable@vger.kernel.org
Fixes: b16798f5b907 ("mac80211: mark station unauthorized before key removal")
Reported-by: Ben Greear <greearb@candelatech.com>
Link: https://lore.kernel.org/r/20200803110209.253009ae41ff.I3522aad099392b31d5cf2dcca34cbac7e5832dde@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d9539752d23283db4692384a634034f451261e29 upstream.
Add missed sock updates to compat path via a new helper, which will be
used more in coming patches. (The net/core/scm.c code is left as-is here
to assist with -stable backports for the compat path.)
Cc: Christoph Hellwig <hch@lst.de>
Cc: Sargun Dhillon <sargun@sargun.me>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: stable@vger.kernel.org
Fixes: 48a87cc26c ("net: netprio: fd passed in SCM_RIGHTS datagram not set correctly")
Fixes: d84295067f ("net: net_cls: fd passed in SCM_RIGHTS datagram not set correctly")
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl88w3UACgkQONu9yGCS
aT4fZQ/+NYyfbsgFARqld2HbOIDSYyua90k42Xj7nlHXa3UcbPCsNEWIWn2k5SXU
kvzwXSUuI14AOyqBOp/swKkEZh7Dh5c6q8QBHA6YJnNaJBQQxv2tjMpA4TngMifG
oUSnxgHKNHtiD/6D7ZZ36l8u83sXfE6qPiginJAECdC2bVjpdfT7EqK5bY2lFd1s
yiz9RxEDXSlrVMXqew75XBEj+304RYhZcJEVPQrqFb/q2Q+rSYs1mAkCazFvAkX+
6Yooyp0tYlfUlkF2ItDpWmuKDcbGtWDd/I9LVGwZ0J67uAN86ZhNGbqlI8bpig9o
qNW0FXAN2TNjpBvKXwg1qavfs5xYQu2E0OrRpCUleL1yD/kWu2vfK4HqyIardsVq
63ffUvMJnJaWPnIvB2gx5f5tRt3Ca7uqvoM4LlYR1fwNZwVaU1fyWNEfeID4MAkr
jBhC8x3n40TF1ngdaZ/XETiAJbjiYve2uEVuvdCtnp1fFbQ892QD5A8MQYsOVFuh
6aR4f6bsR23F/h+tOMJc89wZTRYsCrFxbjwjye+tsWPcBm2GR7hgvCxo1JFqHgrz
elY15u+AWj4pjVhiQcsnXLL8pGKkZTvPrq+iwg12AE23gvE4ww1lpYbxO46GUWuw
q6L8oaHYA6cZiEnIde6yTUpkm6zag0MK+HDutiFUrEAmJTmeWds=
=9oFP
-----END PGP SIGNATURE-----
Merge 4.19.140 into android-4.19-stable
Changes in 4.19.140
tracepoint: Mark __tracepoint_string's __used
HID: input: Fix devices that return multiple bytes in battery report
cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone()
x86/mce/inject: Fix a wrong assignment of i_mce.status
sched/fair: Fix NOHZ next idle balance
sched: correct SD_flags returned by tl->sd_flags()
arm64: dts: rockchip: fix rk3368-lion gmac reset gpio
arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio
arm64: dts: rockchip: fix rk3399-puma gmac reset gpio
EDAC: Fix reference count leaks
arm64: dts: qcom: msm8916: Replace invalid bias-pull-none property
crypto: ccree - fix resource leak on error path
firmware: arm_scmi: Fix SCMI genpd domain probing
arm64: dts: exynos: Fix silent hang after boot on Espresso
clk: scmi: Fix min and max rate when registering clocks with discrete rates
m68k: mac: Don't send IOP message until channel is idle
m68k: mac: Fix IOP status/control register writes
platform/x86: intel-hid: Fix return value check in check_acpi_dev()
platform/x86: intel-vbtn: Fix return value check in check_acpi_dev()
ARM: dts: gose: Fix ports node name for adv7180
ARM: dts: gose: Fix ports node name for adv7612
ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
spi: lantiq: fix: Rx overflow error in full duplex mode
ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh()
drm/tilcdc: fix leak & null ref in panel_connector_get_modes
soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
loop: be paranoid on exit and prevent new additions / removals
fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
drm/amdgpu: avoid dereferencing a NULL pointer
drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
crypto: aesni - Fix build with LLVM_IAS=1
video: fbdev: neofb: fix memory leak in neo_scan_monitor()
md-cluster: fix wild pointer of unlock_all_bitmaps()
arm64: dts: hisilicon: hikey: fixes to comply with adi, adv7533 DT binding
drm/etnaviv: fix ref count leak via pm_runtime_get_sync
drm/nouveau: fix multiple instances of reference count leaks
usb: mtu3: clear dual mode of u3port when disable device
drm/debugfs: fix plain echo to connector "force" attribute
drm/radeon: disable AGP by default
irqchip/irq-mtk-sysirq: Replace spinlock with raw_spinlock
mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
brcmfmac: keep SDIO watchdog running when console_interval is non-zero
brcmfmac: To fix Bss Info flag definition Bug
brcmfmac: set state of hanger slot to FREE when flushing PSQ
iwlegacy: Check the return value of pcie_capability_read_*()
gpu: host1x: debug: Fix multiple channels emitting messages simultaneously
usb: gadget: net2280: fix memory leak on probe error handling paths
bdc: Fix bug causing crash after multiple disconnects
usb: bdc: Halt controller on suspend
dyndbg: fix a BUG_ON in ddebug_describe_flags
bcache: fix super block seq numbers comparision in register_cache_set()
ACPICA: Do not increment operation_region reference counts for field units
drm/msm: ratelimit crtc event overflow error
agp/intel: Fix a memory leak on module initialisation failure
video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
console: newport_con: fix an issue about leak related system resources
video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call
ath10k: Acquire tx_lock in tx error paths
iio: improve IIO_CONCENTRATION channel type description
drm/etnaviv: Fix error path on failure to enable bus clk
drm/arm: fix unintentional integer overflow on left shift
leds: lm355x: avoid enum conversion warning
media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities()
ASoC: Intel: bxt_rt298: add missing .owner field
scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline
cxl: Fix kobject memleak
drm/radeon: fix array out-of-bounds read and write issues
scsi: powertec: Fix different dev_id between request_irq() and free_irq()
scsi: eesox: Fix different dev_id between request_irq() and free_irq()
ipvs: allow connection reuse for unconfirmed conntrack
media: firewire: Using uninitialized values in node_probe()
media: exynos4-is: Add missed check for pinctrl_lookup_state()
xfs: don't eat an EIO/ENOSPC writeback error when scrubbing data fork
xfs: fix reflink quota reservation accounting error
RDMA/rxe: Skip dgid check in loopback mode
PCI: Fix pci_cfg_wait queue locking problem
leds: core: Flush scheduled work for system suspend
drm: panel: simple: Fix bpc for LG LB070WV8 panel
phy: exynos5-usbdrd: Calibrating makes sense only for USB2.0 PHY
drm/bridge: sil_sii8620: initialize return of sii8620_readb
scsi: scsi_debug: Add check for sdebug_max_queue during module init
mwifiex: Prevent memory corruption handling keys
powerpc/vdso: Fix vdso cpu truncation
RDMA/qedr: SRQ's bug fixes
RDMA/rxe: Prevent access to wr->next ptr afrer wr is posted to send queue
staging: rtl8192u: fix a dubious looking mask before a shift
PCI/ASPM: Add missing newline in sysfs 'policy'
powerpc/book3s64/pkeys: Use PVR check instead of cpu feature
drm/imx: tve: fix regulator_disable error path
USB: serial: iuu_phoenix: fix led-activity helpers
usb: core: fix quirks_param_set() writing to a const pointer
thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor()
coresight: tmc: Fix TMC mode read in tmc_read_unprepare_etb()
MIPS: OCTEON: add missing put_device() call in dwc3_octeon_device_init()
usb: dwc2: Fix error path in gadget registration
scsi: mesh: Fix panic after host or bus reset
net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration
PCI: cadence: Fix updating Vendor ID and Subsystem Vendor ID register
RDMA/core: Fix return error value in _ib_modify_qp() to negative
Smack: fix another vsscanf out of bounds
Smack: prevent underflow in smk_set_cipso()
power: supply: check if calc_soc succeeded in pm860x_init_battery
Bluetooth: hci_h5: Set HCI_UART_RESET_ON_INIT to correct flags
Bluetooth: hci_serdev: Only unregister device if it was registered
net: dsa: rtl8366: Fix VLAN semantics
net: dsa: rtl8366: Fix VLAN set-up
powerpc/boot: Fix CONFIG_PPC_MPC52XX references
selftests/powerpc: Fix CPU affinity for child process
PCI: Release IVRS table in AMD ACS quirk
selftests/powerpc: Fix online CPU selection
ASoC: meson: axg-tdm-interface: fix link fmt setup
s390/qeth: don't process empty bridge port events
wl1251: fix always return 0 error
tools, build: Propagate build failures from tools/build/Makefile.build
net: ethernet: aquantia: Fix wrong return value
liquidio: Fix wrong return value in cn23xx_get_pf_num()
net: spider_net: Fix the size used in a 'dma_free_coherent()' call
fsl/fman: use 32-bit unsigned integer
fsl/fman: fix dereference null return value
fsl/fman: fix unreachable code
fsl/fman: check dereferencing null pointer
fsl/fman: fix eth hash table allocation
dlm: Fix kobject memleak
ocfs2: fix unbalanced locking
pinctrl-single: fix pcs_parse_pinconf() return value
svcrdma: Fix page leak in svc_rdma_recv_read_chunk()
x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task
crypto: aesni - add compatibility with IAS
af_packet: TPACKET_V3: fix fill status rwlock imbalance
drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
net/nfc/rawsock.c: add CAP_NET_RAW check.
net: Set fput_needed iff FDPUT_FPUT is set
net/tls: Fix kmap usage
net: refactor bind_bucket fastreuse into helper
net: initialize fastreuse on inet_inherit_port
USB: serial: cp210x: re-enable auto-RTS on open
USB: serial: cp210x: enable usb generic throttle/unthrottle
ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO
ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
pstore: Fix linking when crypto API disabled
crypto: hisilicon - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified
crypto: qat - fix double free in qat_uclo_create_batch_init_list
crypto: ccp - Fix use of merged scatterlists
crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified
bitfield.h: don't compile-time validate _val in FIELD_FIT
fs/minix: check return value of sb_getblk()
fs/minix: don't allow getting deleted inodes
fs/minix: reject too-large maximum file size
ALSA: usb-audio: add quirk for Pioneer DDJ-RB
9p: Fix memory leak in v9fs_mount
drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
NFS: Don't move layouts to plh_return_segs list while in use
NFS: Don't return layout segments that are in use
cpufreq: dt: fix oops on armada37xx
include/asm-generic/vmlinux.lds.h: align ro_after_init
spi: spidev: Align buffers for DMA
mtd: rawnand: qcom: avoid write to unavailable register
parisc: Implement __smp_store_release and __smp_load_acquire barriers
parisc: mask out enable and reserved bits from sba imask
ARM: 8992/1: Fix unwind_frame for clang-built kernels
irqdomain/treewide: Free firmware node after domain removal
xen/balloon: fix accounting in alloc_xenballooned_pages error path
xen/balloon: make the balloon wait interruptible
xen/gntdev: Fix dmabuf import with non-zero sgt offset
Linux 4.19.140
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I6b0d8dcf9ded022f62d9c62605388f1c1e9112d1
[ Upstream commit d76f3351cea2d927fdf70dd7c06898235035e84e ]
In the case of TPROXY, bind_conflict optimizations for SO_REUSEADDR or
SO_REUSEPORT are broken, possibly resulting in O(n) instead of O(1) bind
behaviour or in the incorrect reuse of a bind.
the kernel keeps track for each bind_bucket if all sockets in the
bind_bucket support SO_REUSEADDR or SO_REUSEPORT in two fastreuse flags.
These flags allow skipping the costly bind_conflict check when possible
(meaning when all sockets have the proper SO_REUSE option).
For every socket added to a bind_bucket, these flags need to be updated.
As soon as a socket that does not support reuse is added, the flag is
set to false and will never go back to true, unless the bind_bucket is
deleted.
Note that there is no mechanism to re-evaluate these flags when a socket
is removed (this might make sense when removing a socket that would not
allow reuse; this leaves room for a future patch).
For this optimization to work, it is mandatory that these flags are
properly initialized and updated.
When a child socket is created from a listen socket in
__inet_inherit_port, the TPROXY case could create a new bind bucket
without properly initializing these flags, thus preventing the
optimization to work. Alternatively, a socket not allowing reuse could
be added to an existing bind bucket without updating the flags, causing
bind_conflict to never be called as it should.
Call inet_csk_update_fastreuse when __inet_inherit_port decides to create
a new bind_bucket or use a different bind_bucket than the one of the
listen socket.
Fixes: 093d282321 ("tproxy: fix hash locking issue when using port redirection in __inet_inherit_port()")
Acked-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Tim Froidcoeur <tim.froidcoeur@tessares.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 62ffc589abb176821662efc4525ee4ac0b9c3894 ]
Refactor the fastreuse update code in inet_csk_get_port into a small
helper function that can be called from other places.
Acked-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Tim Froidcoeur <tim.froidcoeur@tessares.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit b06c19d9f827f6743122795570bfc0c72db482b0 ]
When MSG_OOB is specified to tls_device_sendpage() the mapped page is
never unmapped.
Hold off mapping the page until after the flags are checked and the page
is actually needed.
Fixes: e8f6979981 ("net/tls: Add generic NIC offload infrastructure")
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit ce787a5a074a86f76f5d3fd804fa78e01bfb9e89 ]
We should fput() file iff FDPUT_FPUT is set. So we should set fput_needed
accordingly.
Fixes: 00e188ef6a ("sockfd_lookup_light(): switch to fdget^W^Waway from fget_light")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 26896f01467a28651f7a536143fe5ac8449d4041 ]
When creating a raw AF_NFC socket, CAP_NET_RAW needs to be checked first.
Signed-off-by: Qingyu Li <ieatmuttonchuan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 88fd1cb80daa20af063bce81e1fad14e945a8dc4 ]
After @blk_fill_in_prog_lock is acquired there is an early out vnet
situation that can occur. In that case, the rwlock needs to be
released.
Also, since @blk_fill_in_prog_lock is only acquired when @tp_version
is exactly TPACKET_V3, only release it on that exact condition as
well.
And finally, add sparse annotation so that it is clearer that
prb_fill_curr_block() and prb_clear_blk_fill_status() are acquiring
and releasing @blk_fill_in_prog_lock, respectively. sparse is still
unable to understand the balance, but the warnings are now on a
higher level that make more sense.
Fixes: 632ca50f2cbd ("af_packet: TPACKET_V3: replace busy-wait loop")
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit e814eecbe3bbeaa8b004d25a4b8974d232b765a9 ]
Commit 07d0ff3b0c ("svcrdma: Clean up Read chunk path") moved the
page saver logic so that it gets executed event when an error occurs.
In that case, the I/O is never posted, and those pages are then
leaked. Errors in this path, however, are quite rare.
Fixes: 07d0ff3b0c ("svcrdma: Clean up Read chunk path")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f0a5e4d7a594e0fe237d3dfafb069bb82f80f42f ]
YangYuxi is reporting that connection reuse
is causing one-second delay when SYN hits
existing connection in TIME_WAIT state.
Such delay was added to give time to expire
both the IPVS connection and the corresponding
conntrack. This was considered a rare case
at that time but it is causing problem for
some environments such as Kubernetes.
As nf_conntrack_tcp_packet() can decide to
release the conntrack in TIME_WAIT state and
to replace it with a fresh NEW conntrack, we
can use this to allow rescheduling just by
tuning our check: if the conntrack is
confirmed we can not schedule it to different
real server and the one-second delay still
applies but if new conntrack was created,
we are free to select new real server without
any delays.
YangYuxi lists some of the problem reports:
- One second connection delay in masquerading mode:
https://marc.info/?t=151683118100004&r=1&w=2
- IPVS low throughput #70747
https://github.com/kubernetes/kubernetes/issues/70747
- Apache Bench can fill up ipvs service proxy in seconds #544https://github.com/cloudnativelabs/kube-router/issues/544
- Additional 1s latency in `host -> service IP -> pod`
https://github.com/kubernetes/kubernetes/issues/90854
Fixes: f719e3754e ("ipvs: drop first packet to redirect conntrack")
Co-developed-by: YangYuxi <yx.atom1@gmail.com>
Signed-off-by: YangYuxi <yx.atom1@gmail.com>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Reviewed-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
If quota is precisely equal to skb->len then a notification
would not be sent due to immediately hitting 0.
This fixes that, and takes the opportunity to slightly clean
up the code and make quota behave more correctly for packet mode
as well.
Test: builds, net tests continue to pass
Bug: 164336990
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I78a11b48794496255513a6226c0469d809d7aa56
(cherry picked from commit b20eacd8ddbd1dbf403df94f5ba6384e6fef0113)
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl8ynf8ACgkQONu9yGCS
aT7/9hAAoTxKWdbp0peN5sGh6GqDix6M3H9Z5dexW/XIVk9Eg+pzBLOT0BWoM/qB
xnTOxu5yu2pYkMIoYSQc1cTNXeFeHU5qKiltgLmUTFFEolNcEHzWvSOb/uSUcvGR
x6r78cGm30qSyu7PCPcotzu/J95JUtzWraIB4sy1qVeU+rastRIcRDz7ZcUjFQ/b
PhDUusGY+d7ZA6+7vgLlT9LTmIlr/vQQA2kGxCkXZiKRLbJMmwm/IsS0G7NQMKMn
nnMg+qzrveaTDnuKYhsTSSTLn2WOQmYZmevYOZjrrwiBaksCW8ygaq9UGArUcsnq
PLgZGfhhoERmDp0mXxV9kngTkkgZ4OIlXP4sZiVbKiKNTnqTrMxCFPLpBqS2t0Eo
RPoGyjcIkKHGKq1KwnrX5esMyaZb76aYUhO3tFZrgDhIDa193SxH9Znyp7tr5Znz
3b5oH53wIA4k1kBkpA9ibhIhPjYeCDughI/oWC0ExcQAbWkPhIYqbmgWfbfzKVxo
Yq8VBlqfuZply1POmkgoge1oDD0A0LBk2mSLOl6wpzDN1umS0HtQLjWpbdEuugCq
S7wF+zDKJAz+O76ufyqv81KO5vAH4QcVSOBCH/HVGvsPZKwWvnWFQJ3cfXSm5iiA
Uj++z6jI4suc1Y4unjLHmr3EdXEUSSq7Kbi+mXj1GL1gi1qM8rE=
=ZQmS
-----END PGP SIGNATURE-----
Merge 4.19.139 into android-4.19-stable
Changes in 4.19.139
USB: serial: qcserial: add EM7305 QDL product ID
USB: iowarrior: fix up report size handling for some devices
usb: xhci: define IDs for various ASMedia host controllers
usb: xhci: Fix ASMedia ASM1142 DMA addressing
Revert "ALSA: hda: call runtime_allow() for all hda controllers"
ALSA: seq: oss: Serialize ioctls
staging: android: ashmem: Fix lockdep warning for write operation
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
omapfb: dss: Fix max fclk divider for omap36xx
binder: Prevent context manager from incrementing ref 0
vgacon: Fix for missing check in scrollback handling
mtd: properly check all write ioctls for permissions
leds: wm831x-status: fix use-after-free on unbind
leds: da903x: fix use-after-free on unbind
leds: lm3533: fix use-after-free on unbind
leds: 88pm860x: fix use-after-free on unbind
net/9p: validate fds in p9_fd_open
drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason
drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure
i2c: slave: improve sanity check when registering
i2c: slave: add sanity check when unregistering
usb: hso: check for return value in hso_serial_common_create()
firmware: Fix a reference count leak.
cfg80211: check vendor command doit pointer before use
igb: reinit_locked() should be called with rtnl_lock
atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
tools lib traceevent: Fix memory leak in process_dynamic_array_len
Drivers: hv: vmbus: Ignore CHANNELMSG_TL_CONNECT_RESULT(23)
xattr: break delegations in {set,remove}xattr
ipv4: Silence suspicious RCU usage warning
ipv6: fix memory leaks on IPV6_ADDRFORM path
net: ethernet: mtk_eth_soc: fix MTU warnings
vxlan: Ensure FDB dump is performed under RCU
net: lan78xx: replace bogus endpoint lookup
hv_netvsc: do not use VF device if link is down
net: gre: recompute gre csum for sctp over gre tunnels
net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task()
openvswitch: Prevent kernel-infoleak in ovs_ct_put_key()
Revert "vxlan: fix tos value before xmit"
selftests/net: relax cpu affinity requirement in msg_zerocopy test
rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
i40e: add num_vectors checker in iwarp handler
i40e: Wrong truncation from u16 to u8
i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
i40e: Memory leak in i40e_config_iwarp_qvlist
Smack: fix use-after-free in smk_write_relabel_self()
Linux 4.19.139
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If64996b6bc365365c5f06165ed8c7648336731bf
[ Upstream commit 65550098c1c4db528400c73acf3e46bfa78d9264 ]
There's a race between rxrpc_sendmsg setting up a call, but then failing to
send anything on it due to an error, and recvmsg() seeing the call
completion occur and trying to return the state to the user.
An assertion fails in rxrpc_recvmsg() because the call has already been
released from the socket and is about to be released again as recvmsg deals
with it. (The recvmsg_q queue on the socket holds a ref, so there's no
problem with use-after-free.)
We also have to be careful not to end up reporting an error twice, in such
a way that both returns indicate to userspace that the user ID supplied
with the call is no longer in use - which could cause the client to
malfunction if it recycles the user ID fast enough.
Fix this by the following means:
(1) When sendmsg() creates a call after the point that the call has been
successfully added to the socket, don't return any errors through
sendmsg(), but rather complete the call and let recvmsg() retrieve
them. Make sendmsg() return 0 at this point. Further calls to
sendmsg() for that call will fail with ESHUTDOWN.
Note that at this point, we haven't send any packets yet, so the
server doesn't yet know about the call.
(2) If sendmsg() returns an error when it was expected to create a new
call, it means that the user ID wasn't used.
(3) Mark the call disconnected before marking it completed to prevent an
oops in rxrpc_release_call().
(4) recvmsg() will then retrieve the error and set MSG_EOR to indicate
that the user ID is no longer known by the kernel.
An oops like the following is produced:
kernel BUG at net/rxrpc/recvmsg.c:605!
...
RIP: 0010:rxrpc_recvmsg+0x256/0x5ae
...
Call Trace:
? __init_waitqueue_head+0x2f/0x2f
____sys_recvmsg+0x8a/0x148
? import_iovec+0x69/0x9c
? copy_msghdr_from_user+0x5c/0x86
___sys_recvmsg+0x72/0xaa
? __fget_files+0x22/0x57
? __fget_light+0x46/0x51
? fdget+0x9/0x1b
do_recvmmsg+0x15e/0x232
? _raw_spin_unlock+0xa/0xb
? vtime_delta+0xf/0x25
__x64_sys_recvmmsg+0x2c/0x2f
do_syscall_64+0x4c/0x78
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes: 357f5ef646 ("rxrpc: Call rxrpc_release_call() on error in rxrpc_new_client_call()")
Reported-by: syzbot+b54969381df354936d96@syzkaller.appspotmail.com
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 9aba6c5b49254d5bee927d81593ed4429e91d4ae ]
ovs_ct_put_key() is potentially copying uninitialized kernel stack memory
into socket buffers, since the compiler may leave a 3-byte hole at the end
of `struct ovs_key_ct_tuple_ipv4` and `struct ovs_key_ct_tuple_ipv6`. Fix
it by initializing `orig` with memset().
Fixes: 9dd7f8907c ("openvswitch: Add original direction conntrack tuple to sw_flow_key.")
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Peilin Ye <yepeilin.cs@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 622e32b7d4a6492cf5c1f759ef833f817418f7b3 ]
The GRE tunnel can be used to transport traffic that does not rely on a
Internet checksum (e.g. SCTP). The issue can be triggered creating a GRE
or GRETAP tunnel and transmitting SCTP traffic ontop of it where CRC
offload has been disabled. In order to fix the issue we need to
recompute the GRE csum in gre_gso_segment() not relying on the inner
checksum.
The issue is still present when we have the CRC offload enabled.
In this case we need to disable the CRC offload if we require GRE
checksum since otherwise skb_checksum() will report a wrong value.
Fixes: 90017accff ("sctp: Add GSO support")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 8c0de6e96c9794cb523a516c465991a70245da1c ]
IPV6_ADDRFORM causes resource leaks when converting an IPv6 socket
to IPv4, particularly struct ipv6_ac_socklist. Similar to
struct ipv6_mc_socklist, we should just close it on this path.
This bug can be easily reproduced with the following C program:
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
int main()
{
int s, value;
struct sockaddr_in6 addr;
struct ipv6_mreq m6;
s = socket(AF_INET6, SOCK_DGRAM, 0);
addr.sin6_family = AF_INET6;
addr.sin6_port = htons(5000);
inet_pton(AF_INET6, "::ffff:192.168.122.194", &addr.sin6_addr);
connect(s, (struct sockaddr *)&addr, sizeof(addr));
inet_pton(AF_INET6, "fe80::AAAA", &m6.ipv6mr_multiaddr);
m6.ipv6mr_interface = 5;
setsockopt(s, SOL_IPV6, IPV6_JOIN_ANYCAST, &m6, sizeof(m6));
value = AF_INET;
setsockopt(s, SOL_IPV6, IPV6_ADDRFORM, &value, sizeof(value));
close(s);
return 0;
}
Reported-by: ch3332xr@gmail.com
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 83f3522860f702748143e022f1a546547314c715 ]
fib_trie_unmerge() is called with RTNL held, but not from an RCU
read-side critical section. This leads to the following warning [1] when
the FIB alias list in a leaf is traversed with
hlist_for_each_entry_rcu().
Since the function is always called with RTNL held and since
modification of the list is protected by RTNL, simply use
hlist_for_each_entry() and silence the warning.
[1]
WARNING: suspicious RCU usage
5.8.0-rc4-custom-01520-gc1f937f3f83b #30 Not tainted
-----------------------------
net/ipv4/fib_trie.c:1867 RCU-list traversed in non-reader section!!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
1 lock held by ip/164:
#0: ffffffff85a27850 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x49a/0xbd0
stack backtrace:
CPU: 0 PID: 164 Comm: ip Not tainted 5.8.0-rc4-custom-01520-gc1f937f3f83b #30
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-2.fc32 04/01/2014
Call Trace:
dump_stack+0x100/0x184
lockdep_rcu_suspicious+0x153/0x15d
fib_trie_unmerge+0x608/0xdb0
fib_unmerge+0x44/0x360
fib4_rule_configure+0xc8/0xad0
fib_nl_newrule+0x37a/0x1dd0
rtnetlink_rcv_msg+0x4f7/0xbd0
netlink_rcv_skb+0x17a/0x480
rtnetlink_rcv+0x22/0x30
netlink_unicast+0x5ae/0x890
netlink_sendmsg+0x98a/0xf40
____sys_sendmsg+0x879/0xa00
___sys_sendmsg+0x122/0x190
__sys_sendmsg+0x103/0x1d0
__x64_sys_sendmsg+0x7d/0xb0
do_syscall_64+0x54/0xa0
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fc80a234e97
Code: Bad RIP value.
RSP: 002b:00007ffef8b66798 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc80a234e97
RDX: 0000000000000000 RSI: 00007ffef8b66800 RDI: 0000000000000003
RBP: 000000005f141b1c R08: 0000000000000001 R09: 0000000000000000
R10: 00007fc80a2a8ac0 R11: 0000000000000246 R12: 0000000000000001
R13: 0000000000000000 R14: 00007ffef8b67008 R15: 0000556fccb10020
Fixes: 0ddcf43d5d ("ipv4: FIB Local/MAIN table collapse")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 4052d3d2e8f47a15053320bbcbe365d15610437d ]
In the case where a vendor command does not implement doit, and has no
flags set, doit would not be validated and a NULL pointer dereference
would occur, for example when invoking the vendor command via iw.
I encountered this while developing new vendor commands. Perhaps in
practice it is advisable to always implement doit along with dumpit,
but it seems reasonable to me to always check doit anyway, not just
when NEED_WDEV.
Signed-off-by: Julian Squires <julian@cipht.net>
Link: https://lore.kernel.org/r/20200706211353.2366470-1-julian@cipht.net
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit a39c46067c845a8a2d7144836e9468b7f072343e ]
p9_fd_open just fgets file descriptors passed in from userspace, but
doesn't verify that they are valid for read or writing. This gets
cought down in the VFS when actually attempting a read or write, but
a new warning added in linux-next upsets syzcaller.
Fix this by just verifying the fds early on.
Link: http://lkml.kernel.org/r/20200710085722.435850-1-hch@lst.de
Reported-by: syzbot+e6f77e16ff68b2434a2c@syzkaller.appspotmail.com
Signed-off-by: Christoph Hellwig <hch@lst.de>
[Dominique: amend goto as per Doug Nazar's review]
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Greg Kroah-Hartman
J. Bruce Fields
Miaohe Lin
Daniel Mack
Florian Westphal
Jakub Kicinski
Tetsuo Handa
Xin Long
Paul Moore
Johannes Berg
Pablo Neira Ayuso
Jussi Kivilinna
Linus Lüssing
Sven Eckelmann
Cong Wang
Peilin Ye
Necip Fazil Yildiran
Mark Tomlinson
Chuck Lever
Kees Cook
Tim Froidcoeur
Ira Weiny
Qingyu Li
John Ogness
Julian Anastasov
Lihong Kou
Maciej Żenczykowski
David Howells
Lorenzo Bianconi
Ido Schimmel
Julian Squires
Christoph Hellwig