This repository has been archived by the owner on Jun 19, 2024. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge tag 'ASB-2022-04-05_4.14-q' into Grass-Unified
https://source.android.com/security/bulletin/2022-04-01 CVE-2021-0707 CVE-2021-39800 CVE-2021-39801 (4.9 only) CVE-2021-39802 * tag 'ASB-2022-04-05_4.14-q': Linux 4.14.275 arm64: Use the clearbhb instruction in mitigations arm64: add ID_AA64ISAR2_EL1 sys register KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated arm64: Mitigate spectre style branch history side channels KVM: arm64: Add templates for BHB mitigation sequences arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 arm64: Add percpu vectors for EL1 arm64: entry: Add macro for reading symbol addresses from the trampoline arm64: entry: Add vectors that have the bhb mitigation sequences arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations arm64: entry: Allow the trampoline text to occupy multiple pages arm64: entry: Make the kpti trampoline's kpti sequence optional arm64: entry: Move trampoline macros out of ifdef'd section arm64: entry: Don't assume tramp_vectors is the start of the vectors arm64: entry: Allow tramp_alias to access symbols after the 4K boundary arm64: entry: Move the trampoline data page before the text page arm64: entry: Free up another register on kpti's tramp_exit path arm64: entry: Make the trampoline cleanup optional arm64: entry.S: Add ventry overflow sanity checks arm64: Add Cortex-X2 CPU part definition arm64: Add Neoverse-N2, Cortex-A710 CPU part definition arm64: Add part number for Arm Cortex-A77 arm64: Add part number for Neoverse N1 arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT arm64: Add silicon-errata.txt entry for ARM erratum 1188873 arm64: arch_timer: avoid unused function warning arm64: arch_timer: Add workaround for ARM erratum 1188873 Linux 4.14.274 llc: only change llc->dev when bind() succeeds mac80211: fix potential double free on mesh join crypto: qat - disable registration of algorithms ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board netfilter: nf_tables: initialize registers in nft_do_chain() drivers: net: xgene: Fix regression in CRC stripping ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec ALSA: cmipci: Restore aux vol on suspend/resume ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB ALSA: pcm: Add stream lock during PCM reset ioctl operations llc: fix netdevice reference leaks in llc_ui_bind() thermal: int340x: fix memory leak in int3400_notify() staging: fbtft: fb_st7789v: reset display before initialization esp: Fix possible buffer overflow in ESP transformation net: ipv6: fix skb_over_panic in __ip6_append_data nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION Linux 4.14.273 perf symbols: Fix symbol size calculation condition Input: aiptek - properly check endpoint type usb: gadget: Fix use-after-free bug by not setting udc->dev.driver usb: gadget: rndis: prevent integer overflow in rndis_set_response() net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() atm: eni: Add check for dma_map_single net/packet: fix slab-out-of-bounds access in packet_recvmsg() efi: fix return value of __setup handlers fs: sysfs_emit: Remove PAGE_SIZE alignment check kselftest/vm: fix tests build with old libc sfc: extend the locking on mcdi->seqno tcp: make tcp_read_sock() more robust nl80211: Update bss channel on channel switch for P2P_CLIENT atm: firestream: check the return value of ioremap() in fs_init() can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE MIPS: smp: fill in sibling and core maps earlier ARM: dts: rockchip: fix a typo on rk3288 crypto-controller arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity xfrm: Fix xfrm migrate issues when address family changes sctp: fix the processing for INIT_ACK chunk sctp: fix the processing for INIT chunk Linux 4.14.272 btrfs: unlock newly allocated extent buffer after error ext4: add check to prevent attempting to resize an fs with sparse_super2 ARM: fix Thumb2 regression with Spectre BHB virtio: acknowledge all features before access virtio: unexport virtio_finalize_features staging: gdm724x: fix use after free in gdm_lte_rx() ARM: Spectre-BHB: provide empty stub for non-config selftests/memfd: clean up mapping in mfd_fail_write tracing: Ensure trace buffer is at least 4096 bytes large Revert "xen-netback: Check for hotplug-status existence before watching" Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" net-sysfs: add check for netdevice being present to speed_show sctp: fix kernel-infoleak for SCTP sockets gpio: ts4900: Do not set DAT and OE together NFC: port100: fix use-after-free in port100_send_complete net/mlx5: Fix size field in bufferx_reg struct ax25: Fix NULL pointer dereference in ax25_kill_by_device net: ethernet: lpc_eth: Handle error for clk_enable net: ethernet: ti: cpts: Handle error for clk_enable ethernet: Fix error handling in xemaclite_of_probe qed: return status of qed_iov_get_link net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() Linux 4.14.271 xen/netfront: react properly to failing gnttab_end_foreign_access_ref() xen/gnttab: fix gnttab_end_foreign_access() without page specified xen/9p: use alloc/free_pages_exact() xen: remove gnttab_query_foreign_access() xen/gntalloc: don't use gnttab_query_foreign_access() xen/scsifront: don't use gnttab_query_foreign_access() for mapped status xen/netfront: don't use gnttab_query_foreign_access() for mapped status xen/blkfront: don't use gnttab_query_foreign_access() for mapped status xen/grant-table: add gnttab_try_end_foreign_access() xen/xenbus: don't let xenbus_grant_ring() remove grants in error case ARM: fix build warning in proc-v7-bugs.c ARM: Do not use NOCROSSREFS directive with ld.lld ARM: fix co-processor register typo ARM: fix build error when BPF_SYSCALL is disabled ARM: include unprivileged BPF status in Spectre V2 reporting ARM: Spectre-BHB workaround ARM: use LOADADDR() to get load address of sections ARM: early traps initialisation ARM: report Spectre v2 status through sysfs arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() arm/arm64: Provide a wrapper for SMCCC 1.1 calls x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT x86/speculation: Warn about Spectre v2 LFENCE mitigation x86/speculation: Update link to AMD speculation whitepaper x86/speculation: Use generic retpoline by default on AMD x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting Documentation/hw-vuln: Update spectre doc x86/speculation: Add eIBRS + Retpoline options x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE x86,bugs: Unconditionally allow spectre_v2=retpoline,amd x86/speculation: Merge one test in spectre_v2_user_select_mitigation() Linux 4.14.270 hamradio: fix macro redefine warning net: dcb: disable softirqs in dcbnl_flush_dev() memfd: fix F_SEAL_WRITE after shmem huge page allocated HID: add mapping for KEY_ALL_APPLICATIONS Input: elan_i2c - fix regulator enable count imbalance after suspend/resume Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() nl80211: Handle nla_memdup failures in handle_nan_filter net: chelsio: cxgb3: check the return value of pci_find_capability() soc: fsl: qe: Check of ioremap return value ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions can: gs_usb: change active_channels's type from atomic_t to u8 efivars: Respect "block" flag in efivar_entry_set_safe() net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() net: sxgbe: fix return value of __setup handler net: stmmac: fix return value of __setup handler mac80211: fix forwarded mesh frames AC & queue selection firmware: qemu_fw_cfg: fix kobject leak in probe error path firmware: Fix a reference count leak. net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client net: dcb: flush lingering app table entries for unregistered devices batman-adv: Don't expect inter-netns unique iflink indices batman-adv: Request iflink once in batadv_get_real_netdevice batman-adv: Request iflink once in batadv-on-batadv check netfilter: nf_queue: fix possible use-after-free netfilter: nf_queue: don't assume sk is full socket xfrm: enforce validity of offload input flags netfilter: fix use-after-free in __nf_register_net_hook() xfrm: fix MTU regression ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min ALSA: intel_hdmi: Fix reference to PCM buffer address ata: pata_hpt37x: fix PCI clock detection usb: gadget: clear related members when goto fail usb: gadget: don't release an existing dev->buf net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 i2c: qup: allow COMPILE_TEST i2c: cadence: allow COMPILE_TEST dmaengine: shdma: Fix runtime PM imbalance on error cifs: fix double free race when mount fails in cifs_get_root() Input: clear BTN_RIGHT/MIDDLE on buttonpads i2c: bcm2835: Avoid clock stretching timeouts mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work mac80211_hwsim: report NOACK frames in tx_status Linux 4.14.269 fget: clarify and improve __fget_files() implementation memblock: use kfree() to release kmalloced memblock regions Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR" tty: n_gsm: fix proper link termination after failed open tty: n_gsm: fix encoding of control signal octet bit DV xhci: Prevent futile URB re-submissions due to incorrect return value. xhci: re-initialize the HC during resume if HCE was set usb: dwc3: gadget: Let the interrupt handler disable bottom halves. USB: serial: option: add Telit LE910R1 compositions USB: serial: option: add support for DW5829e tracefs: Set the group ownership in apply_options() not parse_options() USB: gadget: validate endpoint index for xilinx udc usb: gadget: rndis: add spinlock for rndis response list Revert "USB: serial: ch341: add new Product ID for CH341A" ata: pata_hpt37x: disable primary channel on HPT371 iio: adc: men_z188_adc: Fix a resource leak in an error handling path RDMA/ib_srp: Fix a deadlock configfs: fix a race in configfs_{,un}register_subsystem() net/mlx5e: Fix wrong return value on ioctl EEPROM query failure drm/edid: Always set RGB444 openvswitch: Fix setting ipv6 fields causing hw csum failure gso: do not skip outer ip header in case of ipip and net_failover net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends ping: remove pr_err from ping_lookup serial: 8250: of: Fix mapped region size when using reg-offset property USB: zaurus: support another broken Zaurus sr9700: sanity check for packet length parisc/unaligned: Fix ldw() and stw() unalignment handlers parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel vhost/vsock: don't check owner in vhost_vsock_stop() while releasing cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug Linux 4.14.268 net: macb: Align the dma and coherent dma masks net: usb: qmi_wwan: Add support for Dell DW5829e tracing: Fix tp_printk option related with tp_printk_stop_on_boot ata: libata-core: Disable TRIM on M88V29 ARM: OMAP2+: hwmod: Add of_node_put() before break NFS: Do not report writeback errors in nfs_getattr() KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status mtd: rawnand: brcmnand: Refactored code to introduce helper functions lib/iov_iter: initialize "flags" in new pipe_buffer i2c: brcmstb: fix support for DSL and CM variants dmaengine: sh: rcar-dmac: Check for error num after setting mask net: sched: limit TC_ACT_REPEAT loops EDAC: Fix calculation of returned address and next offset in edac_align_ptr() NFS: LOOKUP_DIRECTORY is also ok with symlinks powerpc/lib/sstep: fix 'ptesync' build error ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() ALSA: hda: Fix missing codec probe on Shenker Dock 15 ALSA: hda: Fix regression on forced probe mask option libsubcmd: Fix use-after-free for realloc(..., 0) bonding: fix data-races around agg_select_timer drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit ping: fix the dif and sdif check in ping_lookup net: ieee802154: ca8210: Fix lifs/sifs periods iwlwifi: pcie: gen2: fix locking when "HW not ready" iwlwifi: pcie: fix locking when "HW not ready" vsock: remove vsock from connected table when connect is interrupted by a signal taskstats: Cleanup the use of task->exit_code xfrm: Don't accidentally set RTO_ONLINK in decode_session4() drm/radeon: Fix backlight control on iMac 12,1 iwlwifi: fix use-after-free Revert "module, async: async_synchronize_full() on module init iff async is used" quota: make dquot_quota_sync return errors from ->sync_fs vfs: make freeze_super abort when sync_filesystem returns error ax25: improve the incomplete fix to avoid UAF and NPD bugs selftests/zram: Adapt the situation that /dev/zram0 is being used selftests/zram01.sh: Fix compression ratio calculation selftests/zram: Skip max_comp_streams interface on newer kernel net: ieee802154: at86rf230: Stop leaking skb's btrfs: send: in case of IO error log it parisc: Fix sglist access in ccio-dma.c parisc: Fix data TLB miss in sba_unmap_sg serial: parisc: GSC: fix build when IOSAPIC is not set net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup Makefile.extrawarn: Move -Wunaligned-access to W=1 Linux 4.14.267 perf: Fix list corruption in perf_cgroup_switch() hwmon: (dell-smm) Speed up setting of fan speed seccomp: Invalidate seccomp mode to catch death failures USB: serial: cp210x: add CPI Bulk Coin Recycler id USB: serial: cp210x: add NCR Retail IO box id USB: serial: ch341: add support for GW Instek USB2.0-Serial devices USB: serial: option: add ZTE MF286D modem USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 usb: gadget: rndis: check size of RNDIS_MSG_SET command USB: gadget: validate interface OS descriptor requests usb: dwc3: gadget: Prevent core from processing stale TRBs usb: ulpi: Call of_node_put correctly usb: ulpi: Move of_node_put to ulpi_dev_release n_tty: wake up poll(POLLRDNORM) on receiving data vt_ioctl: add array_index_nospec to VT_ACTIVATE vt_ioctl: fix array_index_nospec in vt_setactivate net: amd-xgbe: disable interrupts during pci removal tipc: rate limit warning for received illegal binding update net: fix a memleak when uncloning an skb dst and its metadata net: do not keep the dst cache when uncloning an skb dst and its metadata ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path bonding: pair enable_port with slave_arr_updates usb: f_fs: Fix use-after-free for epfile ARM: dts: imx6qdl-udoo: Properly describe the SD card detect staging: fbtft: Fix error path in fbtft_driver_module_init() ARM: dts: meson: Fix the UART compatible strings ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group bpf: Add kconfig knob for disabling unpriv bpf by default Revert "net: axienet: Wait for PhyRstCmplt after core reset" net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend scsi: target: iscsi: Make sure the np under each tpg is unique NFSv4 expose nfs_parse_server_name function NFSv4 remove zero number of fs_locations entries error check NFSv4.1: Fix uninitialised variable in devicenotify nfs: nfs4clinet: check the return value of kstrdup() NFSv4 only print the label when its queried NFSD: Clamp WRITE offsets NFS: Fix initialisation of nfs_client cl_flags field net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs mmc: sdhci-of-esdhc: Check for error num after setting mask ima: Allow template selection with ima_template[_fmt]= after ima_hash= ima: Remove ima_policy file before directory integrity: check the return value of audit_log_start() Revert "tracefs: Have tracefs directories not set OTH permission bits by default" Linux 4.14.266 tipc: improve size validations for received domain records x86/mm, mm/hwpoison: Fix the unmap kernel 1:1 pages check condition moxart: fix potential use-after-free on remove path cgroup-v1: Require capabilities to set release_agent Linux 4.14.265 ext4: fix error handling in ext4_restore_inline_data() EDAC/xgene: Fix deferred probing EDAC/altera: Fix deferred probing rtc: cmos: Evaluate century appropriate selftests: futex: Use variable MAKE instead of make nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe ASoC: fsl: Add missing error handling in pcm030_fabric_probe drm/i915/overlay: Prevent divide by zero bugs in scaling net: macsec: Verify that send_sci is on when setting Tx sci explicitly net: ieee802154: Return meaningful error codes from the netlink helpers net: ieee802154: ca8210: Stop leaking skb's spi: meson-spicc: add IRQ check in meson_spicc_probe spi: mediatek: Avoid NULL pointer crash in interrupt spi: bcm-qspi: check for valid cs before applying chip select iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() RDMA/mlx4: Don't continue event handler after memory allocation failure block: bio-integrity: Advance seed correctly for larger interval sizes drm/nouveau: fix off by one in BIOS boundary checking ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() audit: improve audit queue handling when "audit=1" on cmdline af_packet: fix data-race in packet_setsockopt / packet_setsockopt rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() net: amd-xgbe: Fix skb data length underflow net: amd-xgbe: ensure to reset the tx_timer_active flag ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback netfilter: nat: limit port clash resolution attempts netfilter: nat: remove l4 protocol port rovers bpf: fix truncated jump targets on heavy expansions ipv4: tcp: send zero IPID in SYNACK messages ipv4: raw: lock the socket in raw_bind() yam: fix a memory leak in yam_siocdevprivate() ibmvnic: don't spin in tasklet drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable drm/msm: Fix wrong size calculation net-procfs: show net devices bound packet types NFSv4: nfs_atomic_open() can race when looking up a non-regular file NFSv4: Handle case where the lookup of a directory fails hwmon: (lm90) Reduce maximum conversion rate for G781 ipv4: avoid using shared IP generator for connected sockets ping: fix the sk_bound_dev_if match in ping_lookup net: fix information leakage in /proc/net/ptype ipv6_tunnel: Rate limit warning messages scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev i40e: fix unsigned stat widths i40e: Increase delay to 1 s after global EMP reset lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() powerpc/32: Fix boot failure with GCC latent entropy plugin net: sfp: ignore disabled SFP node usb: typec: tcpm: Do not disconnect while receiving VBUS off USB: core: Fix hang in usb_kill_urb by adding memory barriers usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS usb: common: ulpi: Fix crash in ulpi_match() usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge tty: Add support for Brainboxes UC cards. tty: n_gsm: fix SW flow control encoding/handling serial: stm32: fix software flow control transfer netfilter: nft_payload: do not update layer 4 checksum when mangling fragments PM: wakeup: simplify the output logic of pm_show_wakelocks() udf: Fix NULL ptr deref when converting from inline format udf: Restore i_lenAlloc when inode expansion fails scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices s390/hypfs: include z/VM guests with access control group set Bluetooth: refactor malicious adv data check
- Loading branch information
