lineage-20.0
67 Commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
Greg Kroah-Hartman
|
80792f5eeb |
This is the 4.19.256 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmMHPc8ACgkQONu9yGCS aT7dvBAAtey5V7VviCe9tFUEkjDg9oB0YHu5I7J16ODhNgMV25xCoEmGD1fEZ4mr BWheee+8z7OmO/be0k+f95Sprd10zr6aFdvhkjRqvKcvm7gSR3hBryzDH65GVuM7 jWTa5RfJ2TWSAtJwjdMiRDnLbwsj51QXWaddnTcMtEBXvvU3aTNYkMLSBdz+xtjB 7S0DgTQNEaevz4GGw81zzmRWMoqlff/+rqyQitcFSr2teprGjSoRQbKzjlIU1D71 31jt1z0wEdeqDRu3S/VCPNQUd6oH+B2d+q7qjnuQkCt/GbhfW91Sw4fUCDFiKvYU KoZvVIo7fIhig9N4uLqqpP5vv23HMkAAPKMB12dt3ue1ozueEGiQ5fVdyFNcli6u M4b7woAooe0n/eL3jjPyk9U7Otg9Zj9+6LbOmnCZabkPPnYW3ik5s+kgrKBQYGhU hyd+ejnKdyqPzKK1JaJe0dk9ZhpwTPvd/4Hodiz+5wZqTXkB5nwBJHxXEeGv5O4R GfxkxN+kvLQkliADDXhohXQJfN3o4YplPNksHeDuh6PqMTHiqFJOnrVTS8Mkx4Y1 JVUsSVq3NsIzTIFOUMr6x8s3VTcSBWCMhWJpm3Afin39Zd9ZSenat4KNSN1IDYdR pkCYF/U051fKSqc9iq9bBilEQrdONG/x0GrTVTXTV1NCIVHMAh0= =U309 -----END PGP SIGNATURE----- Merge 4.19.256 into android-4.19-stable Changes in 4.19.256 Makefile: link with -z noexecstack --no-warn-rwx-segments x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments ALSA: bcd2000: Fix a UAF bug on the error path of probing wifi: mac80211_hwsim: fix race condition in pending packet wifi: mac80211_hwsim: add back erroneously removed cast wifi: mac80211_hwsim: use 32-bit skb cookie add barriers to buffer_uptodate and set_buffer_uptodate HID: wacom: Don't register pad_input for touch switch KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model ALSA: hda/cirrus - support for iMac 12,1 model tty: vt: initialize unicode screen buffer vfs: Check the truncate maximum size in inode_newsize_ok() fs: Add missing umask strip in vfs_tmpfile thermal: sysfs: Fix cooling_device_stats_setup() error code path fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters usbnet: Fix linkwatch use-after-free on disconnect ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() parisc: Fix device names in /proc/iomem drm/nouveau: fix another off-by-one in nvbios_addr drm/amdgpu: Check BO's requested pinning domains against its preferred_domains bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() iio: light: isl29028: Fix the warning in isl29028_remove() fuse: limit nsec serial: mvebu-uart: uart2 error bits clearing md-raid10: fix KASAN warning ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() PCI: Add defines for normal and subtractive PCI bridges powerpc/fsl-pci: Fix Class Code of PCIe Root Port powerpc/powernv: Avoid crashing if rng is NULL MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK USB: HCD: Fix URB giveback issue in tasklet function netfilter: nf_tables: do not allow SET_ID to refer to another table netfilter: nf_tables: fix null deref due to zeroed list head arm64: Do not forget syscall when starting a new thread. arm64: fix oops in concurrently setting insn_emulation sysctls ext2: Add more validity checks for inode counts ARM: dts: imx6ul: add missing properties for sram ARM: dts: imx6ul: change operating-points to uint32-matrix ARM: dts: imx6ul: fix lcdif node compatible ARM: dts: imx6ul: fix qspi node compatible ARM: OMAP2+: display: Fix refcount leak bug ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks ACPI: PM: save NVS memory for Lenovo G40-45 ACPI: LPSS: Fix missing check in register_device_clock() arm64: dts: qcom: ipq8074: fix NAND node name PM: hibernate: defer device probing when resuming from hibernation selinux: Add boundary check in put_entry() ARM: findbit: fix overflowing offset meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init ARM: bcm: Fix refcount leak in bcm_kona_smc_init x86/pmem: Fix platform-device leak in error path ARM: dts: ast2500-evb: fix board compatible soc: fsl: guts: machine variable might be unset ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init cpufreq: zynq: Fix refcount leak in zynq_get_revision ARM: dts: qcom: pm8841: add required thermal-sensor-cells bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node regulator: of: Fix refcount leak bug in of_get_regulation_constraints() nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() thermal/tools/tmon: Include pthread and time headers in tmon.h dm: return early from dm_pr_call() if DM device is suspended ath10k: do not enforce interrupt trigger type wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function i2c: Fix a potential use after free media: tw686x: Register the irq at the end of probe ath9k: fix use-after-free in ath9k_hif_usb_rx_cb wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() drm: bridge: adv7511: Add check for mipi_dsi_driver_register media: hdpvr: fix error value returns in hdpvr_read drm/vc4: dsi: Correct DSI divider calculations drm/rockchip: vop: Don't crash for invalid duplicate_state() drm/mediatek: dpi: Remove output format of YUV drm: bridge: sii8620: fix possible off-by-one drm/msm/mdp5: Fix global state lock backoff crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() tcp: make retransmitted SKB fit into the send window libbpf: Fix the name of a reused map selftests: timers: valid-adjtimex: build fix for newer toolchains selftests: timers: clocksource-switch: fix passing errors from child fs: check FMODE_LSEEK to control internal pipe splicing wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() wifi: p54: Fix an error handling path in p54spi_probe() wifi: p54: add missing parentheses in p54_flush() can: pch_can: do not report txerr and rxerr during bus-off can: rcar_can: do not report txerr and rxerr during bus-off can: sja1000: do not report txerr and rxerr during bus-off can: hi311x: do not report txerr and rxerr during bus-off can: sun4i_can: do not report txerr and rxerr during bus-off can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off can: usb_8dev: do not report txerr and rxerr during bus-off can: error: specify the values of data[5..7] of CAN error frames can: pch_can: pch_can_error(): initialize errc before using it Bluetooth: hci_intel: Add check for platform_driver_register i2c: cadence: Support PEC for SMBus block read i2c: mux-gpmux: Add of_node_put() when breaking out of loop wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` wifi: libertas: Fix possible refcount leak in if_usb_probe() net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS netdevsim: Avoid allocation warnings triggered from user space net: rose: fix netdev reference changes dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock clk: renesas: r9a06g032: Fix UART clkgrp bitsel mtd: maps: Fix refcount leak in of_flash_probe_versatile mtd: maps: Fix refcount leak in ap_flash_init HID: cp2112: prevent a buffer overflow in cp2112_xfer() mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path fpga: altera-pr-ip: fix unsigned comparison with less than zero usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe misc: rtsx: Fix an error handling path in rtsx_pci_probe() clk: qcom: ipq8074: fix NSS port frequency tables clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks soundwire: bus_type: fix remove and shutdown support staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch memstick/ms_block: Fix some incorrect memory allocation memstick/ms_block: Fix a memory leak mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R scsi: smartpqi: Fix DMA direction for RAID requests usb: gadget: udc: amd5536 depends on HAS_DMA RDMA/hfi1: fix potential memory leak in setup_base_ctxt() gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() mmc: cavium-octeon: Add of_node_put() when breaking out of loop mmc: cavium-thunderx: Add of_node_put() when breaking out of loop HID: alps: Declare U1_UNICORN_LEGACY support USB: serial: fix tty-port initialized comments platform/olpc: Fix uninitialized data in debugfs write mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region RDMA/rxe: Fix error unwind in rxe_create_qp() null_blk: fix ida error handling in null_add_dev() ext4: recover csum seed of tmp_inode after migrating to extents jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe ASoC: codecs: da7210: add check for i2c_add_driver ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() profiling: fix shift too large makes kernel panic tty: n_gsm: fix non flow control frames during mux flow off tty: n_gsm: fix packet re-transmission without open control channel tty: n_gsm: fix race condition in gsmld_write() remoteproc: qcom: wcnss: Fix handling of IRQs vfio/ccw: Do not change FSM state in subchannel event tty: n_gsm: fix wrong T1 retry count handling tty: n_gsm: fix DM command tty: n_gsm: fix missing corner cases in gsmld_poll() iommu/exynos: Handle failed IOMMU device registration properly rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge kfifo: fix kfifo_to_user() return type mfd: t7l66xb: Drop platform disable callback iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop s390/zcore: fix race when reading from hardware system area ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() video: fbdev: amba-clcd: Fix refcount leak bugs video: fbdev: sis: fix typos in SiS_GetModeID() powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32 powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader powerpc/xive: Fix refcount leak in xive_get_max_prio powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address kprobes: Forbid probing on trampoline and BPF code areas powerpc/pci: Fix PHB numbering when using opal-phbid genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO scripts/faddr2line: Fix vmlinux detection on arm64 x86/numa: Use cpumask_available instead of hardcoded NULL check video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() tools/thermal: Fix possible path truncations video: fbdev: vt8623fb: Check the size of screen before memset_io() video: fbdev: arkfb: Check the size of screen before memset_io() video: fbdev: s3fb: Check the size of screen before memset_io() scsi: zfcp: Fix missing auto port scan and thus missing target ports x86/olpc: fix 'logical not is only applied to the left hand side' spmi: trace: fix stack-out-of-bound access in SPMI tracing functions ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h ext4: make sure ext4_append() always allocates new block ext4: fix use-after-free in ext4_xattr_set_entry ext4: update s_overhead_clusters in the superblock during an on-line resize ext4: fix extent status tree race in writeback error recovery path ext4: correct max_inline_xattr_value_size computing ext4: correct the misjudgment in ext4_iget_extra_inode intel_th: pci: Add Raptor Lake-S CPU support intel_th: pci: Add Raptor Lake-S PCH support intel_th: pci: Add Meteor Lake-P support dm raid: fix address sanitizer warning in raid_resume dm raid: fix address sanitizer warning in raid_status dm writecache: set a default MAX_WRITEBACK_JOBS ACPI: CPPC: Do not prevent CPPC from working in the future net_sched: cls_route: remove from list when handle is 0 btrfs: reject log replay if there is unsupported RO compat flag KVM: Add infrastructure and macro to mark VM as bugged KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() tcp: fix over estimation in sk_forced_mem_schedule() scsi: sg: Allow waiting for commands to complete on removed device Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression net/9p: Initialize the iounit field during fid creation net_sched: cls_route: disallow handle of 0 firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails powerpc/mm: Split dump_pagelinuxtables flag_array table powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E ALSA: info: Fix llseek return value when using callback rds: add missing barrier to release_refill ata: libata-eh: Add missing command name mmc: pxamci: Fix another error handling path in pxamci_probe() mmc: pxamci: Fix an error handling path in pxamci_probe() btrfs: fix lost error handling when looking up extended ref on log replay tracing: Have filter accept "common_cpu" to be consistent can: ems_usb: fix clang's -Wunaligned-access warning apparmor: fix quiet_denied for file rules apparmor: fix absroot causing audited secids to begin with = apparmor: Fix failed mount permission check error message apparmor: fix aa_label_asxprint return check apparmor: fix overlapping attachment computation apparmor: fix reference count leak in aa_pivotroot() apparmor: Fix memleak in aa_simple_write_to_buffer() NFSv4: Fix races in the legacy idmapper upcall NFSv4.1: RECLAIM_COMPLETE must handle EACCES NFSv4/pnfs: Fix a use-after-free bug in open SUNRPC: Reinitialise the backchannel request buffers before reuse pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool geneve: do not use RT_TOS for IPv6 flowlabel vsock: Fix memory leak in vsock_connect() vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() tools build: Switch to new openssl API for test-libcrypto NTB: ntb_tool: uninitialized heap data in tool_fn_write() xen/xenbus: fix return type in xenbus_file_read() atm: idt77252: fix use-after-free bugs caused by tst_timer nios2: page fault et.al. are *not* restartable syscalls... nios2: don't leave NULLs in sys_call_table[] nios2: traced syscall does need to check the syscall number nios2: fix syscall restart checks nios2: restarts apply only to the first sigframe we build... nios2: add force_successful_syscall_return() netfilter: nf_tables: really skip inactive sets when allocating name powerpc/pci: Fix get_phb_number() locking i40e: Fix to stop tx_timeout recovery if GLOBR fails fec: Fix timer capture timing in `fec_ptp_enable_pps()` igb: Add lock to avoid data race gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file locking/atomic: Make test_and_*_bit() ordered on failure drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() PCI: Add ACS quirk for Broadcom BCM5750x NICs irqchip/tegra: Fix overflow implicit truncation warnings usb: host: ohci-ppc-of: Fix refcount leak bug usb: renesas: Fix refcount leak bug vboxguest: Do not use devm for irq clk: qcom: ipq8074: dont disable gcc_sleep_clk_src gadgetfs: ep_io - wait until IRQ finishes cxl: Fix a memory leak in an error handling path dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed drivers:md:fix a potential use-after-free bug ext4: avoid remove directory when directory is corrupted ext4: avoid resizing to a partial cluster size lib/list_debug.c: Detect uninitialized lists tty: serial: Fix refcount leak bug in ucc_uart.c vfio: Clear the caps->buf to NULL after free mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start riscv: mmap with PROT_WRITE but no PROT_READ is invalid RISC-V: Add fast call path of crash_kexec() watchdog: export lockup_detector_reconfigure ALSA: core: Add async signal helpers ALSA: timer: Use deferred fasync helper f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() smb3: check xattr value length earlier powerpc/64: Init jump labels before parse_early_param() video: fbdev: i740fb: Check the argument of i740_calc_vclk() MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 tee: add overflow check in register_shm_helper() tracing/probes: Have kprobes and uprobes use $COMM too btrfs: only write the sectors in the vertical stripe which has data stripes btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() Linux 4.19.256 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Icc0d54b54bbf59d4f46e021d161581f330e9dea6 |
||
Jens Wiklander
|
b37e0f1765 |
tee: add overflow check in register_shm_helper()
commit 573ae4f13f630d6660008f1974c0a8a29c30e18a upstream.
With special lengths supplied by user space, register_shm_helper() has
an integer overflow when calculating the number of pages covered by a
supplied user space memory region.
This causes internal_get_user_pages_fast() a helper function of
pin_user_pages_fast() to do a NULL pointer dereference:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010
Modules linked in:
CPU: 1 PID: 173 Comm: optee_example_a Not tainted 5.19.0 #11
Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015
pc : internal_get_user_pages_fast+0x474/0xa80
Call trace:
internal_get_user_pages_fast+0x474/0xa80
pin_user_pages_fast+0x24/0x4c
register_shm_helper+0x194/0x330
tee_shm_register_user_buf+0x78/0x120
tee_ioctl+0xd0/0x11a0
__arm64_sys_ioctl+0xa8/0xec
invoke_syscall+0x48/0x114
Fix this by adding an an explicit call to access_ok() in
tee_shm_register_user_buf() to catch an invalid user space address
early.
Fixes:
|
||
Greg Kroah-Hartman
|
464464ac47 |
Merge 4.19.226 into android-4.19-stable
Changes in 4.19.226 Bluetooth: bfusb: fix division by zero in send path USB: core: Fix bug in resuming hub's handling of wakeup requests USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status can: bcm: switch timer to HRTIMER_MODE_SOFT and remove hrtimer_tasklet veth: Do not record rx queue hint in veth_xmit mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} random: fix data race on crng_node_pool random: fix data race on crng init time staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() KVM: s390: Clarify SIGP orders versus STOP/RESTART media: uvcvideo: fix division by zero at stream start rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled firmware: qemu_fw_cfg: fix sysfs information leak firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries firmware: qemu_fw_cfg: fix kobject leak in probe error path ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows HID: uhid: Fix worker destroying device without any protection HID: wacom: Reset expected and received contact counts at the same time HID: wacom: Ignore the confidence flag when a touch is removed HID: wacom: Avoid using stale array indicies to read contact count f2fs: fix to do sanity check in is_alive() nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 x86/gpu: Reserve stolen memory for first integrated Intel GPU rtc: cmos: take rtc_lock while reading from CMOS media: flexcop-usb: fix control-message timeouts media: mceusb: fix control-message timeouts media: em28xx: fix control-message timeouts media: cpia2: fix control-message timeouts media: s2255: fix control-message timeouts media: dib0700: fix undefined behavior in tuner shutdown media: redrat3: fix control-message timeouts media: pvrusb2: fix control-message timeouts media: stk1160: fix control-message timeouts can: softing_cs: softingcs_probe(): fix memleak on registration failure lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode drm/panel: innolux-p079zca: Delete panel on attach() failure Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails clk: bcm-2835: Pick the closest clock rate clk: bcm-2835: Remove rounding up the dividers wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND wcn36xx: Release DMA channel descriptor allocations media: videobuf2: Fix the size printk format media: em28xx: fix memory leak in em28xx_init_dev arm64: dts: meson-gxbb-wetek: fix missing GPIO binding Bluetooth: stop proccessing malicious adv data tee: fix put order in teedev_close_context() media: dmxdev: fix UAF when dvb_register_device() fails crypto: qce - fix uaf on qce_ahash_register_one tty: serial: atmel: Check return code of dmaengine_submit() tty: serial: atmel: Call dma_async_issue_pending() media: rcar-csi2: Correct the selection of hsfreqrange media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released netfilter: bridge: add support for pppoe filtering arm64: dts: qcom: msm8916: fix MMC controller aliases drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() tty: serial: uartlite: allow 64 bit address serial: amba-pl011: do not request memory region twice floppy: Fix hang in watchdog when disk is ejected media: dib8000: Fix a memleak in dib8000_init() media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() media: si2157: Fix "warm" tuner state detection sched/rt: Try to restart rt period timer when rt runtime exceeded xfrm: fix a small bug in xfrm_sa_len() crypto: stm32/cryp - fix double pm exit media: dw2102: Fix use after free media: msi001: fix possible null-ptr-deref in msi001_probe() media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes drm/msm/dpu: fix safe status debugfs file xfrm: interface with if_id 0 should return error xfrm: state and policy should fail if XFRMA_IF_ID 0 usb: ftdi-elan: fix memory leak on device disconnect ARM: dts: armada-38x: Add generic compatible to UART nodes mmc: meson-mx-sdio: add IRQ check x86/mce/inject: Avoid out-of-bounds write when setting flags pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() ppp: ensure minimum packet size in ppp_write() staging: greybus: audio: Check null pointer fsl/fman: Check for null pointer after calling devm_ioremap Bluetooth: hci_bcm: Check for error irq spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe tpm: add request_locality before write TPM_INT_ENABLE can: softing: softing_startstop(): fix set but not used variable warning can: xilinx_can: xcan_probe(): check for error irq pcmcia: fix setting of kthread task states net: mcs7830: handle usb read errors properly ext4: avoid trim error on fs with small groups ALSA: jack: Add missing rwsem around snd_ctl_remove() calls ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls ALSA: hda: Add missing rwsem around snd_ctl_remove() calls RDMA/hns: Validate the pkey index powerpc/prom_init: Fix improper check of prom_getprop() ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA ALSA: oss: fix compile error when OSS_DEBUG is enabled char/mwave: Adjust io port register size iommu/io-pgtable-arm: Fix table descriptor paddr formatting scsi: ufs: Fix race conditions related to driver data RDMA/core: Let ib_find_gid() continue search even after empty entry ASoC: rt5663: Handle device_property_read_u32_array error codes dmaengine: pxa/mmp: stop referencing config->slave_id iommu/iova: Fix race between FQ timeout and teardown ASoC: mediatek: Check for error clk pointer ASoC: samsung: idma: Check of ioremap return value misc: lattice-ecp3-config: Fix task hung when firmware load failed mips: lantiq: add support for clk_set_parent() mips: bcm63xx: add support for clk_set_parent() RDMA/cxgb4: Set queue pair state when being queried Bluetooth: Fix debugfs entry leak in hci_register_dev() fs: dlm: filter user dlm messages for kernel locks ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR usb: gadget: f_fs: Use stream_open() for endpoint files HID: apple: Do not reset quirks when the Fn key is not found media: b2c2: Add missing check in flexcop_pci_isr: mlxsw: pci: Add shutdown method in PCI driver drm/bridge: megachips: Ensure both bridges are probed before registration gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use HSI: core: Fix return freed object in hsi_new_client mwifiex: Fix skb_over_panic in mwifiex_usb_recv() rsi: Fix out-of-bounds read in rsi_read_pkt() usb: uhci: add aspeed ast2600 uhci support floppy: Add max size check for user space request media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() media: m920x: don't use stack on USB reads iwlwifi: mvm: synchronize with FW after multicast commands ath10k: Fix tx hanging net-sysfs: update the queue counts in the unregistration path x86/mce: Mark mce_panic() noinstr x86/mce: Mark mce_end() noinstr x86/mce: Mark mce_read_aux() noinstr net: bonding: debug: avoid printing debug logs when bond is not notifying peers bpf: Do not WARN in bpf_warn_invalid_xdp_action() HID: quirks: Allow inverting the absolute X/Y values media: igorplugusb: receiver overflow should be reported media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO audit: ensure userspace is penalized the same as the kernel when under pressure arm64: tegra: Adjust length of CCPLEX cluster MMIO region usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream iwlwifi: fix leaks/bad data after failed firmware load iwlwifi: remove module loading failure message iwlwifi: mvm: Fix calculation of frame length um: registers: Rename function names to avoid conflicts and build problems jffs2: GC deadlock reading a page that is used in jffs2_write_begin() ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions ACPICA: Utilities: Avoid deleting the same object twice in a row ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 drm/amdgpu: fixup bad vram size on gmc v8 ACPI: battery: Add the ThinkPad "Not Charging" quirk btrfs: remove BUG_ON() in find_parent_nodes() btrfs: remove BUG_ON(!eie) in find_parent_nodes net: mdio: Demote probed message to debug print mac80211: allow non-standard VHT MCS-10/11 dm btree: add a defensive bounds check to insert_at() dm space map common: add bounds check to sm_ll_lookup_bitmap() net: phy: marvell: configure RGMII delays for 88E1118 net: gemini: allow any RGMII interface mode regulator: qcom_smd: Align probe function with rpmh-regulator serial: pl010: Drop CR register reset on set_termios serial: core: Keep mctrl register state and cached copy in sync parisc: Avoid calling faulthandler_disabled() twice powerpc/6xx: add missing of_node_put powerpc/powernv: add missing of_node_put powerpc/cell: add missing of_node_put powerpc/btext: add missing of_node_put powerpc/watchdog: Fix missed watchdog reset due to memory ordering race i2c: i801: Don't silently correct invalid transfer size powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING i2c: mpc: Correct I2C reset procedure w1: Misuse of get_user()/put_user() reported by sparse ALSA: seq: Set upper limit of processed events powerpc: handle kdump appropriately with crash_kexec_post_notifiers option MIPS: OCTEON: add put_device() after of_find_device_by_node() i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters MIPS: Octeon: Fix build errors using clang scsi: sr: Don't use GFP_DMA ASoC: mediatek: mt8173: fix device_node leak power: bq25890: Enable continuous conversion for ADC at charging rpmsg: core: Clean up resources on announce_create failure. ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers serial: Fix incorrect rs485 polarity on uart open cputime, cpuacct: Include guest time in user time in cpuacct.stat iwlwifi: mvm: Increase the scan timeout guard to 30 seconds s390/mm: fix 2KB pgtable release race drm/etnaviv: limit submit sizes ext4: make sure to reset inode lockdep class when quota enabling fails ext4: make sure quota gets properly shutdown on error ext4: set csum seed in tmp inode while migrating to extents ext4: Fix BUG_ON in ext4_bread when write quota data ext4: don't use the orphan list when migrating an inode crypto: stm32/crc32 - Fix kernel BUG triggered in probe() ASoC: dpcm: prevent snd_soc_dpcm use after free regulator: core: Let boot-on regulators be powered off drm/radeon: fix error handling in radeon_driver_open_kms ARM: dts: Fix vcsi regulator to be always-on for droid4 to prevent hangs firmware: Update Kconfig help text for Google firmware media: rcar-csi2: Optimize the selection PHTW register Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization RDMA/hns: Modify the mapping attribute of doorbell to device RDMA/rxe: Fix a typo in opcode name dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK powerpc/cell: Fix clang -Wimplicit-fallthrough warning powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress net: axienet: Wait for PhyRstCmplt after core reset net: axienet: fix number of TX ring slots for available check rtc: pxa: fix null pointer dereference netns: add schedule point in ops_exit_list() libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() dmaengine: at_xdmac: Don't start transactions at tx_submit level dmaengine: at_xdmac: Print debug message after realeasing the lock dmaengine: at_xdmac: Fix lld view setting dmaengine: at_xdmac: Fix at_xdmac_lld struct definition net_sched: restore "mpu xxx" handling bcmgenet: add WOL IRQ check scripts/dtc: dtx_diff: remove broken example from help text lib82596: Fix IRQ check in sni_82596_probe mtd: nand: bbt: Fix corner case in bad block table handling mips,s390,sh,sparc: gup: Work around the "COW can break either way" issue fuse: fix bad inode fuse: fix live lock in fuse_iget() Linux 4.19.226 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ie7599317fe668c46e0ceca652b4172ad2ce6533d |
||
Jens Wiklander
|
564a7ca7b4 |
tee: fix put order in teedev_close_context()
[ Upstream commit f18397ab3ae23e8e43bba9986e66af6d4497f2ad ]
Prior to this patch was teedev_close_context() calling tee_device_put()
before teedev_ctx_put() leading to teedev_ctx_release() accessing
ctx->teedev just after the reference counter was decreased on the
teedev. Fix this by calling teedev_ctx_put() before tee_device_put().
Fixes:
|
||
Greg Kroah-Hartman
|
523769c68b |
This is the 4.19.224 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmHVgnEACgkQONu9yGCS aT6NNBAArSCFEgVRaFVPXhO/JavBoIxb1bgfrmzzcYXd952sN0BbHHd1Rjvy8gLl gqJtYt/F42+gnEe1z0YhkebgXpO4GuyhcF7fg4N8BDjoExBbo+MkkBWk3uhjYXi+ hIxHgPw++2Cng6K3zIS/dP8OFrs3YKezdFd3MsBI+ggRm88NpxfDSWTZbmjHq8Y6 miNBqVHLCiKds/99Gb3vU4v55q4oyIBUySLk+WKL/rvhgWL61DT100NiDTLH2ugs GvX7kUz9EnUX3gj1ulbC0Ow6yTRTjNx9xtLJrYeLZHytw9bHhfnpzEyQdUXzRwQi +Ax/IF0AWEyFF0+xCj3CK7qfAgyFaqr7BxhKSaiY1VB5ax4Tz+ng0gSusfepQNko vMPzup3aIHDCMndW5UmQdND13dVWevaiNI9BoSxmU/ioMizq7zrGS/8JuoAcWpIv 7XQP7eMqaWW8ZQwG4gH4ELBRHqnygYTrk7Ck3rrm54pq/m5IuNnGgBIGcuH6+bqm FmUD9GF9VgOr2unabUaFglSakdhxBVr2IEkgovcO+C7e/JFZv81SVggPhJe7ZJ5P gA076qUDzOKdc1WJ4xbG013R8/6KtJvhzeac5HbzQ5TChi5AUHamcNiSO47mtjsP zcd5gKpe4zeT/7J93XZlMR5chupnVtXSA9NKlB6gS6mICLsMTyg= =vl+b -----END PGP SIGNATURE----- Merge 4.19.224 into android-4.19-stable Changes in 4.19.224 HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option tee: handle lookup of shm with reference count 0 Input: i8042 - add deferred probe support Input: i8042 - enable deferred probe quirk for ASUS UM325UA platform/x86: apple-gmux: use resource_size() with res recordmcount.pl: fix typo in s390 mcount regex selinux: initialize proto variable in selinux_ip_postroute_compat() scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() udp: using datalen to cap ipv6 udp max gso segments selftests: Calculate udpgso segment count without header adjustment sctp: use call_rcu to free endpoint net: usb: pegasus: Do not drop long Ethernet frames NFC: st21nfca: Fix memory leak in device probe and remove net/mlx5e: Fix wrong features assignment in case of error selftests/net: udpgso_bench_tx: fix dst ip argument fsl/fman: Fix missing put_device() call in fman_port_probe i2c: validate user data in compat ioctl nfc: uapi: use kernel size_t to fix user-space builds uapi: fix linux/nfc.h userspace compilation errors xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. usb: mtu3: set interval of FS intr and isoc endpoint binder: fix async_free_space accounting for empty parcels scsi: vmw_pvscsi: Set residual data length conditionally Input: appletouch - initialize work before device registration Input: spaceball - fix parsing of movement data packets net: fix use-after-free in tw_timer_handler Linux 4.19.224 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I152e5f7136d00c553192c65298371353418eed41 |
||
Jens Wiklander
|
b4a661b421 |
tee: handle lookup of shm with reference count 0
commit dfd0743f1d9ea76931510ed150334d571fbab49d upstream.
Since the tee subsystem does not keep a strong reference to its idle
shared memory buffers, it races with other threads that try to destroy a
shared memory through a close of its dma-buf fd or by unmapping the
memory.
In tee_shm_get_from_id() when a lookup in teedev->idr has been
successful, it is possible that the tee_shm is in the dma-buf teardown
path, but that path is blocked by the teedev mutex. Since we don't have
an API to tell if the tee_shm is in the dma-buf teardown path or not we
must find another way of detecting this condition.
Fix this by doing the reference counting directly on the tee_shm using a
new refcount_t refcount field. dma-buf is replaced by using
anon_inode_getfd() instead, this separates the life-cycle of the
underlying file from the tee_shm. tee_shm_put() is updated to hold the
mutex when decreasing the refcount to 0 and then remove the tee_shm from
teedev->idr before releasing the mutex. This means that the tee_shm can
never be found unless it has a refcount larger than 0.
Fixes:
|
||
Greg Kroah-Hartman
|
78a4d032ec |
This is the 4.19.203 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmEVA9cACgkQONu9yGCS aT61LA/7Bw2GeHVH4pNy85UdodXwxXRAqdO6sDSjXB8YX4dgTqxFTPCXnjhhHks5 q4bviwGHSNkFcHMQYgU4ZFN9kxqZY5IisLRtJDZFfK0TRhq8eV3vWegVF4d872iF nCUwBMbTpGEB92cBuC6/HuZDB0EDznOA5ehxbEyGc6MwSkQhqOc+lQ+hR274l0zO S/kOq3GbqzXWqyvFlIxSNWm8QL7xU8Xm6GjzMI2LHD/jjlDoFzNI1ZRR9U/jBpNj yQg+9nnHCGjOkYPiyDPHNwtBDIwKwLCSGn3am1aMyG4vSSIYqxU/kYhkTSy9mzMs Fm13g26yWDIH20w3ziNr4rMozNcHJXhCGJ9Gk4iO3g0JCAO6MqtCrXYlLxiFep1A sjN7OBCIzhAq51qpA+JXf6kVzeObBQLT/jfGmd9L9Cx5gikOmDAd7dM2RMCnijrs AZ5t6+OXVTE0fusxoUJmbZXo6P6BHNAseFK/Epz8ipgEqdK54MJNwUgiihD+1/ip SV/dnmNjonPFgyid/e4teESGfhp8WcQzzTr/9JNhRsmW/dko3uljLZULBB6F3a+P tUe9QAXCjZ/CRfXLecJQIQZDLW6h83Sq3aHc7PRK5DFOVJjiD31hrqle9tnJQfA6 uCdD7UX7fKow8KUSs1+B02mljMct29KUs3rlVJ/2gu6L6wprNMw= =PTUl -----END PGP SIGNATURE----- Merge 4.19.203 into android-4.19-stable Changes in 4.19.203 Revert "ACPICA: Fix memory leak caused by _CID repair function" ALSA: seq: Fix racy deletion of subscriber ARM: imx: add missing iounmap() ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz ALSA: usb-audio: fix incorrect clock source setting clk: stm32f4: fix post divisor setup for I2S/SAI PLLs omap5-board-common: remove not physically existing vdds_1v8_main fixed-regulator scsi: sr: Return correct event when media event code is 3 media: videobuf2-core: dequeue if start_streaming fails net: natsemi: Fix missing pci_disable_device() in probe and remove sctp: move the active_key update after sh_keys is added nfp: update ethtool reporting of pauseframe control net: ipv6: fix returned variable type in ip6_skb_dst_mtu mips: Fix non-POSIX regexp bnx2x: fix an error code in bnx2x_nic_load() net: pegasus: fix uninit-value in get_interrupt_interval net: fec: fix use-after-free in fec_drv_remove net: vxge: fix use-after-free in vxge_device_unregister blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() Bluetooth: defer cleanup of resources in hci_unregister_dev() USB: usbtmc: Fix RCU stall warning USB: serial: option: add Telit FD980 composition 0x1056 USB: serial: ch341: fix character loss at high transfer rates USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback firmware_loader: fix use-after-free in firmware_fallback_sysfs ALSA: usb-audio: Add registration quirk for JBL Quantum 600 usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers usb: gadget: f_hid: fixed NULL pointer dereference usb: gadget: f_hid: idle uses the highest byte for duration usb: otg-fsm: Fix hrtimer list corruption scripts/tracing: fix the bug that can't parse raw_trace_func tracing / histogram: Give calculation hist_fields a size tracing/histogram: Rename "cpu" to "common_cpu" optee: Clear stale cache entries during initialization staging: rtl8723bs: Fix a resource leak in sd_int_dpc media: rtl28xxu: fix zero-length control request pipe: increase minimum default pipe size to 2 pages ext4: fix potential htree corruption when growing large_dir directories serial: 8250: Mask out floating 16/32-bit bus bits MIPS: Malta: Do not byte-swap accesses to the CBUS UART pcmcia: i82092: fix a null pointer dereference bug KVM: x86: accept userspace interrupt only if no event is injected KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds spi: meson-spicc: fix memory leak in meson_spicc_remove perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest qmi_wwan: add network device usage statistics for qmimux devices libata: fix ata_pio_sector for CONFIG_HIGHMEM reiserfs: add check for root_inode in reiserfs_fill_super reiserfs: check directory items on read from disk alpha: Send stop IPI to send to online CPUs net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset ARM: imx: add mmdc ipg clock operation for mmdc Linux 4.19.203 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I4adcce1092ab000faec667eda6cf569e7a269562 |
||
Tyler Hicks
|
78264dfb6f |
optee: Clear stale cache entries during initialization
commit b5c10dd04b7418793517e3286cde5c04759a86de upstream. The shm cache could contain invalid addresses if optee_disable_shm_cache() was not called from the .shutdown hook of the previous kernel before a kexec. These addresses could be unmapped or they could point to mapped but unintended locations in memory. Clear the shared memory cache, while being careful to not translate the addresses returned from OPTEE_SMC_DISABLE_SHM_CACHE, during driver initialization. Once all pre-cache shm objects are removed, proceed with enabling the cache so that we know that we can handle cached shm objects with confidence later in the .shutdown hook. Cc: stable@vger.kernel.org Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
011b73c995 |
This is the 4.19.191 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmCoybcACgkQONu9yGCS aT7dBQ//ZniOtxGdujpsPI6Fs7ET0E9K9Pa6hfxneiffPEgEtfA3ab9g7Y88fb9m vzXCpghzPmqk5Fd/+qDeIFxTaEQ1OoUWdx8uXF56XXh5NqTPLJ/gqmgcIqAnPrVq HefKZg3RiOLC4dT0LqALeqDF0dFrXEw+iOnlctXcjOjX6CSUtiLeyTIS5pytv1Ap rMlAkwfYuyBXs8almb6gb+JbemljgvLB9uB0RNG1YxXN5b/y6LqfDdpJIQCaWGxZ p+EYIbCp1NporUTpbWUJWaMD7krMpNhdeOMlkP4fUYmCYkFXqn1CSWVEYZjTDuah HFr57qshm7EMpjBofDCBhjCsphmcFnzkIKON8kH3HXYCb3HNYVo7rWkXg4KRS5XH kUFPmvgSmLi8Ad4dMc/xBBShB/fYaT1Ij1UB0iyKl4R/MDJ+gf6tjKQsFfK5Losr pyXEPyOWmXyWCgMUilWd2nnhkxfrBtXkxlbR1XlXfZ3Sn6GJANN7/Of2mmXFQB1E YBnL+H3bQSkdoZnoGQCktxs+hj74cG167/zSRNC/dFmBhuAmmDZXiR0ai020iyNw Grzv55owpby0HBpJXSWMBYUvV+2PfhZ69JjHc/bfoPUkeMgtW+oeDY2R5rk/enmW 0aNOycvMQujU7IzBdg8TaqHH6rIRSoFowcUXLLAwzoMt0AcE1c4= =V0VA -----END PGP SIGNATURE----- Merge 4.19.191 into android-4.19-stable Changes in 4.19.191 s390/disassembler: increase ebpf disasm buffer size ACPI: custom_method: fix potential use-after-free issue ACPI: custom_method: fix a possible memory leak ftrace: Handle commands when closing set_ftrace_filter file ARM: 9056/1: decompressor: fix BSS size calculation for LLVM ld.lld arm64: dts: marvell: armada-37xx: add syscon compatible to NB clk node arm64: dts: mt8173: fix property typo of 'phys' in dsi node ecryptfs: fix kernel panic with null dev_name mtd: spinand: core: add missing MODULE_DEVICE_TABLE() mtd: rawnand: atmel: Update ecc_stats.corrected counter spi: spi-ti-qspi: Free DMA resources scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers mmc: block: Update ext_csd.cache_ctrl if it was written mmc: block: Issue a cache flush only when it's enabled mmc: core: Do a power cycle when the CMD11 fails mmc: core: Set read only for SD cards with permanent write protect bit erofs: add unsupported inode i_format check cifs: Return correct error code from smb2_get_enc_key btrfs: fix metadata extent leak after failure to create subvolume intel_th: pci: Add Rocket Lake CPU support fbdev: zero-fill colormap in fbcmap.c staging: wimax/i2400m: fix byte-order issue crypto: api - check for ERR pointers in crypto_destroy_tfm() usb: gadget: uvc: add bInterval checking for HS mode genirq/matrix: Prevent allocation counter corruption usb: gadget: f_uac1: validate input parameters usb: dwc3: gadget: Ignore EP queue requests during bus reset usb: xhci: Fix port minor revision PCI: PM: Do not read power state in pci_enable_device_flags() x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS) tee: optee: do not check memref size on return from Secure World perf/arm_pmu_platform: Fix error handling usb: xhci-mtk: support quirk to disable usb2 lpm xhci: check control context is valid before dereferencing it. xhci: fix potential array out of bounds with several interrupters spi: dln2: Fix reference leak to master spi: omap-100k: Fix reference leak to master intel_th: Consistency and off-by-one fix phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe scsi: lpfc: Fix pt2pt connection does not recover after LOGO scsi: target: pscsi: Fix warning in pscsi_complete_cmd() media: ite-cir: check for receive overflow media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB power: supply: bq27xxx: fix power_avg for newer ICs extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged media: media/saa7164: fix saa7164_encoder_register() memory leak bugs media: gspca/sq905.c: fix uninitialized variable power: supply: Use IRQF_ONESHOT drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() scsi: qla2xxx: Fix use after free in bsg scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() media: em28xx: fix memory leak media: vivid: update EDID clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() media: tc358743: fix possible use-after-free in tc358743_remove() media: adv7604: fix possible use-after-free in adv76xx_remove() media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() media: i2c: adv7842: fix possible use-after-free in adv7842_remove() media: dvb-usb: fix memory leak in dvb_usb_adapter_init media: gscpa/stv06xx: fix memory leak drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal amdgpu: avoid incorrect %hu format string drm/amdgpu: fix NULL pointer dereference scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic scsi: libfc: Fix a format specifier s390/archrandom: add parameter check for s390_arch_random_generate ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer ALSA: hda/conexant: Re-order CX5066 quirk table entries ALSA: sb: Fix two use after free in snd_sb_qsound_build ALSA: usb-audio: Explicitly set up the clock selector ALSA: usb-audio: More constifications ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8 ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx btrfs: fix race when picking most recent mod log operation for an old root arm64/vdso: Discard .note.gnu.property sections in vDSO ubifs: Only check replay with inode type to judge if inode linked f2fs: fix to avoid out-of-bounds memory access mlxsw: spectrum_mr: Update egress RIF list before route's action openvswitch: fix stack OOB read while fragmenting IPv4 packets ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure NFS: Don't discard pNFS layout segments that are marked for return NFSv4: Don't discard segments marked for return in _pnfs_return_layout() jffs2: Fix kasan slab-out-of-bounds problem powerpc/eeh: Fix EEH handling for hugepages in ioremap space. powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h intel_th: pci: Add Alder Lake-M support tpm: vtpm_proxy: Avoid reading host log when using a virtual device md/raid1: properly indicate failure when ending a failed write request dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences security: commoncap: fix -Wstringop-overread warning Fix misc new gcc warnings jffs2: check the validity of dstlen in jffs2_zlib_compress() Revert |
||
Jerome Forissier
|
f386d162c2 |
tee: optee: do not check memref size on return from Secure World
[ Upstream commit c650b8dc7a7910eb25af0aac1720f778b29e679d ] When Secure World returns, it may have changed the size attribute of the memory references passed as [in/out] parameters. The GlobalPlatform TEE Internal Core API specification does not restrict the values that this size can take. In particular, Secure World may increase the value to be larger than the size of the input buffer to indicate that it needs more. Therefore, the size check in optee_from_msg_param() is incorrect and needs to be removed. This fixes a number of failed test cases in the GlobalPlatform TEE Initial Configuratiom Test Suite v2_0_0_0-2017_06_09 when OP-TEE is compiled without dynamic shared memory support (CFG_CORE_DYN_SHM=n). Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Suggested-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Greg Kroah-Hartman
|
08bed51f55 |
Merge 4.19.161 into android-4.19-stable
Changes in 4.19.161 perf event: Check ref_reloc_sym before using it netfilter: clear skb->next in NF_HOOK_LIST() btrfs: don't access possibly stale fs_info data for printing duplicate device btrfs: fix lockdep splat when reading qgroup config on mount wireless: Use linux/stddef.h instead of stddef.h KVM: arm64: vgic-v3: Drop the reporting of GICR_TYPER.Last for userspace KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint KVM: x86: Fix split-irqchip vs interrupt injection window request arm64: pgtable: Fix pte_accessible() arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() drm/atomic_helper: Stop modesets on unregistered connectors harder ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close HID: cypress: Support Varmilo Keyboards' media hotkeys HID: add support for Sega Saturn Input: i8042 - allow insmod to succeed on devices without an i8042 controller HID: hid-sensor-hub: Fix issue with devices with no report ID HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices dmaengine: xilinx_dma: use readl_poll_timeout_atomic variant x86/xen: don't unbind uninitialized lock_kicker_irq HID: Add Logitech Dinovo Edge battery quirk proc: don't allow async path resolution of /proc/self components nvme: free sq/cq dbbuf pointers when dbbuf set fails dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size scsi: libiscsi: Fix NOP race condition scsi: target: iscsi: Fix cmd abort fabric stop race perf/x86: fix sysfs type mismatches xtensa: uaccess: Add missing __user to strncpy_from_user() prototype phy: tegra: xusb: Fix dangling pointer on probe failure batman-adv: set .owner to THIS_MODULE ARM: dts: dra76x: m_can: fix order of clocks scsi: ufs: Fix race between shutdown and runtime resume flow bnxt_en: fix error return code in bnxt_init_one() bnxt_en: fix error return code in bnxt_init_board() video: hyperv_fb: Fix the cache type when mapping the VRAM bnxt_en: Release PCI regions when DMA mask setup fails during probe. cxgb4: fix the panic caused by non smac rewrite s390/qeth: fix tear down of async TX buffers IB/mthca: fix return value of error branch in mthca_init_cq() nfc: s3fwrn5: use signed integer for parsing GPIO numbers net: ena: set initial DMA width to avoid intel iommu issue ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq optee: add writeback to valid memory type efivarfs: revert "fix memory leak in efivarfs_create()" can: gs_usb: fix endianess problem with candleLight firmware platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time platform/x86: toshiba_acpi: Fix the wrong variable assignment can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 perf probe: Fix to die_entrypc() returns error correctly USB: core: Change %pK for __user pointers to %px usb: gadget: f_midi: Fix memleak in f_midi_alloc USB: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO built-in usb-audio card usb: gadget: Fix memleak in gadgetfs_fill_super x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak USB: core: Fix regression in Hercules audio card Linux 4.19.161 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ib704b9ff60755978b272aa358d25ddb217cc37bc |
||
Rui Miguel Silva
|
d6172283a4 |
optee: add writeback to valid memory type
[ Upstream commit 853735e404244f5496cdb6188c5ed9a0f9627ee6 ]
Only in smp systems the cache policy is setup as write alloc, in
single cpu systems the cache policy is set as writeback and it is
normal memory, so, it should pass the is_normal_memory check in the
share memory registration.
Add the right condition to make it work in no smp systems.
Fixes:
|
||
Greg Kroah-Hartman
|
83b584a64c |
This is the 4.19.102 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl461NIACgkQONu9yGCS aT6Mqw//W5xIIcs0Ut+P+QYNN6lCTRJ0AvFUolz79M3pyK/rHUluwTvYJbDAeGE3 sckv96rE1pxj5ZSf6LegXIoALrA4RlYHS8xXkYnRrt6xfrb7UwpqsJtt4Mx+IrJ3 9uFfaWRSvuDfRCraZxLiE2Bl9xVYvaPfFJYBmH383VB+deYNfpwORFsqNDQT+gR6 PZLuV0x//Kerwmd4OvaaHR/fIl8YVKmIz5lu3+3WIuVKxTK6Bbd3YzVu13dhVaX2 mETflLEAO/sYsUQiS4SO22ejLAiWyD8LyMV8s9KeTFQXzML3JpibKnt3ySDfzsFE m8VRlaLcQwB0Ca2AVGHA5QV0+V+2+6qh/IcZl630feBueGQX59qLQkOurD4e/9lm Na6ZkLPTh9UipIfTu9fvA5HY5lPt2VcSWwG2nLluckfJIpKNFVQEB7vuk9zd7468 qkXmj/J1YDdJzt2YgD0WZuKu3f1/No7rXbNmT2Oj0+HNWWvIU9xFNFlIPAxo7pJy kwekd9+gHI0n1OhLRjzYUyf0pD+j0o75ZHsYYsUW0y6cGoWX/LmQ8JPFi+waHiov FOe8FJz/uDtfQnJ4+izAM5Jjbu1LE+L8uGoIExYAv4DuXgPZtI2wtHvP4HHM3Aov mDWLesMgizsroViv57aXC0C1ZPksPpGeHT+HcH7RnDQ0kQmpe3E= =2XGW -----END PGP SIGNATURE----- Merge 4.19.102 into android-4.19 Changes in 4.19.102 vfs: fix do_last() regression x86/resctrl: Fix use-after-free when deleting resource groups x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup x86/resctrl: Fix a deadlock due to inaccurate reference crypto: pcrypt - Fix user-after-free on module unload rsi: add hci detach for hibernation and poweroff rsi: fix use-after-free on failed probe and unbind perf c2c: Fix return type for histogram sorting comparision functions PM / devfreq: Add new name attribute for sysfs tools lib: Fix builds when glibc contains strlcpy() arm64: kbuild: remove compressed images on 'make ARCH=arm64 (dist)clean' ext4: validate the debug_want_extra_isize mount option at parse time mm/mempolicy.c: fix out of bounds write in mpol_parse_str() reiserfs: Fix memory leak of journal device string media: digitv: don't continue if remote control state can't be read media: af9005: uninitialized variable printked media: vp7045: do not read uninitialized values if usb transfer fails media: gspca: zero usb_buf media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 tomoyo: Use atomic_t for statistics counter ttyprintk: fix a potential deadlock in interrupt context issue Bluetooth: Fix race condition in hci_release_sock() cgroup: Prevent double killing of css when enabling threaded cgroup media: si470x-i2c: Move free() past last use of 'radio' ARM: dts: sun8i: a83t: Correct USB3503 GPIOs polarity ARM: dts: am57xx-beagle-x15/am57xx-idk: Remove "gpios" for endpoint dt nodes ARM: dts: beagle-x15-common: Model 5V0 regulator soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot tools lib traceevent: Fix memory leakage in filter_event rseq: Unregister rseq for clone CLONE_VM clk: sunxi-ng: h6-r: Fix AR100/R_APB2 parent order mac80211: mesh: restrict airtime metric to peered established plinks clk: mmp2: Fix the order of timer mux parents ASoC: rt5640: Fix NULL dereference on module unload ixgbevf: Remove limit of 10 entries for unicast filter list ixgbe: Fix calculation of queue with VFs and flow director on interface flap igb: Fix SGMII SFP module discovery for 100FX/LX. platform/x86: GPD pocket fan: Allow somewhat lower/higher temperature limits ASoC: sti: fix possible sleep-in-atomic qmi_wwan: Add support for Quectel RM500Q parisc: Use proper printk format for resource_size_t wireless: fix enabling channel 12 for custom regulatory domain cfg80211: Fix radar event during another phy CAC mac80211: Fix TKIP replay protection immediately after key setup wireless: wext: avoid gcc -O3 warning netfilter: nft_tunnel: ERSPAN_VERSION must not be null net: dsa: bcm_sf2: Configure IMP port for 2Gb/sec bnxt_en: Fix ipv6 RFS filter matching logic. riscv: delete temporary files iwlwifi: Don't ignore the cap field upon mcc update ARM: dts: am335x-boneblack-common: fix memory size vti[6]: fix packet tx through bpf_redirect() xfrm interface: fix packet tx through bpf_redirect() xfrm: interface: do not confirm neighbor when do pmtu update scsi: fnic: do not queue commands during fwreset ARM: 8955/1: virt: Relax arch timer version check during early boot tee: optee: Fix compilation issue with nommu airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE r8152: get default setting of WOL before initializing ARM: dts: am43x-epos-evm: set data pin directions for spi0 and spi1 qlcnic: Fix CPU soft lockup while collecting firmware dump powerpc/fsl/dts: add fsl,erratum-a011043 net/fsl: treat fsl,erratum-a011043 net: fsl/fman: rename IF_MODE_XGMII to IF_MODE_10G seq_tab_next() should increase position index l2t_seq_next should increase position index net: Fix skb->csum update in inet_proto_csum_replace16(). btrfs: do not zero f_bavail if we have available space perf report: Fix no libunwind compiled warning break s390 issue mm/migrate.c: also overwrite error when it is bigger than zero Linux 4.19.102 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ia9b63c7932b66f469ab0e88467e1e07741408f0b |
||
Vincenzo Frascino
|
3ac901fc06 |
tee: optee: Fix compilation issue with nommu
[ Upstream commit 9e0caab8e0f96f0af7d1dd388e62f44184a75372 ] The optee driver uses specific page table types to verify if a memory region is normal. These types are not defined in nommu systems. Trying to compile the driver in these systems results in a build error: linux/drivers/tee/optee/call.c: In function ‘is_normal_memory’: linux/drivers/tee/optee/call.c:533:26: error: ‘L_PTE_MT_MASK’ undeclared (first use in this function); did you mean ‘PREEMPT_MASK’? return (pgprot_val(p) & L_PTE_MT_MASK) == L_PTE_MT_WRITEALLOC; ^~~~~~~~~~~~~ PREEMPT_MASK linux/drivers/tee/optee/call.c:533:26: note: each undeclared identifier is reported only once for each function it appears in linux/drivers/tee/optee/call.c:533:44: error: ‘L_PTE_MT_WRITEALLOC’ undeclared (first use in this function) return (pgprot_val(p) & L_PTE_MT_MASK) == L_PTE_MT_WRITEALLOC; ^~~~~~~~~~~~~~~~~~~ Make the optee driver depend on MMU to fix the compilation issue. Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com> [jw: update commit title] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Greg Kroah-Hartman
|
a36fc1fff6 |
This is the 4.19.86 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3aL2UACgkQONu9yGCS aT73GA//VSRJjGzdohy0+NVK3Dk7tCb2GfXFyLfRasyCbpCVGudaN9IltPU20pmj U67BRp3jJg6AFRFDxJn4uyAxqcYF6VFp77BiBLiF6lZEv3+0xxOqdyFL2IY9Cyew 5XGNWcjXAR/bZ0r/rRXw8GUBMmW/8oewW7Iay4YhriUWv/afucbMVK7cNgyj/qvP jSbHh4mp15BGg1aIanM7YSlJgXX2MimXwEceyHPQJgKpSx1CApI2uRMSNZw/RXeP hFox3Ord5o/K+dowtKW+eTXUMkbm+7Htsi0p+WvE69y6KjyBzh3CEXrQqJsLtd0Y 1myphKOX42z0/hbysUZQV8AvY5jrZu/SPoH8quXD/MNxPvNe0OjO3UiMruAdohQh I3SjKZB+HprtsCGn4X6/PiHUxq8PCLwtMaa9IIRmtFOXeuxPPeQLdEoM8m2eCEiL DnwkDXVVtQhKymmYgWUxcAsFpXl+s3k5ZRFmWEDDTuwlyZRWMPuRaWEOH8YuIHzz QETCyodrOis90TFgG1XJDijzPpZtxZKuJ8HdGmO7J8BMDXi6r0aoTzBk8cPAAe3A TUqRnHoMKLLYC+9vxA90aThXsibL6DuD06beJy3H1XCSj2vKvkM/iLaL8R95JjAW XZaEv/SH9zoEynypd+b8tOHHdPSaZcTe3pd3SDmOPLpejOuSTJU= =VtIx -----END PGP SIGNATURE----- Merge 4.19.86 into android-4.19 Changes in 4.19.86 spi: mediatek: use correct mata->xfer_len when in fifo transfer i2c: mediatek: modify threshold passed to i2c_get_dma_safe_msg_buf() tee: optee: add missing of_node_put after of_device_is_available Revert "OPP: Protect dev_list with opp_table lock" net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() idr: Fix idr_get_next race with idr_remove mm/memory_hotplug: don't access uninitialized memmaps in shrink_pgdat_span() mm/memory_hotplug: fix updating the node span arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault fbdev: Ditch fb_edid_add_monspecs bpf, x32: Fix bug for BPF_ALU64 | BPF_NEG bpf, x32: Fix bug with ALU64 {LSH, RSH, ARSH} BPF_X shift by 0 bpf, x32: Fix bug with ALU64 {LSH, RSH, ARSH} BPF_K shift by 0 bpf, x32: Fix bug for BPF_JMP | {BPF_JSGT, BPF_JSLE, BPF_JSLT, BPF_JSGE} net: ovs: fix return type of ndo_start_xmit function net: xen-netback: fix return type of ndo_start_xmit function ARM: dts: dra7: Enable workaround for errata i870 in PCIe host mode ARM: dts: omap5: enable OTG role for DWC3 controller net: hns3: Fix for netdev not up problem when setting mtu net: hns3: Fix loss of coal configuration while doing reset f2fs: return correct errno in f2fs_gc ARM: dts: sun8i: h3-h5: ir register size should be the whole memory block ARM: dts: sun8i: h3: bpi-m2-plus: Fix address for external RGMII Ethernet PHY tcp: up initial rmem to 128KB and SYN rwin to around 64KB SUNRPC: Fix priority queue fairness ACPI / LPSS: Make acpi_lpss_find_device() also find PCI devices ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq f2fs: keep lazytime on remount IB/hfi1: Error path MAD response size is incorrect IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds mt76x2: fix tx power configuration for VHT mcs 9 mt76x2: disable WLAN core before probe mt76: fix handling ps-poll frames iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout kvm: arm/arm64: Fix stage2_flush_memslot for 4 level page table arm64/numa: Report correct memblock range for the dummy node ath10k: fix vdev-start timeout on error rtlwifi: btcoex: Use proper enumerated types for Wi-Fi only interface ata: ahci_brcm: Allow using driver or DSL SoCs PM / devfreq: Fix devfreq_add_device() when drivers are built as modules. PM / devfreq: Fix handling of min/max_freq == 0 PM / devfreq: stopping the governor before device_unregister() ath9k: fix reporting calculated new FFT upper max selftests/tls: Fix recv(MSG_PEEK) & splice() test cases usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() usb: dwc3: gadget: Check ENBLSLPM before sending ep command nl80211: Fix a GET_KEY reply attribute irqchip/irq-mvebu-icu: Fix wrong private data retrieval watchdog: core: fix null pointer dereference when releasing cdev watchdog: renesas_wdt: stop when unregistering watchdog: sama5d4: fix timeout-sec usage watchdog: w83627hf_wdt: Support NCT6796D, NCT6797D, NCT6798D KVM: PPC: Inform the userspace about TCE update failures printk: Do not miss new messages when replaying the log printk: CON_PRINTBUFFER console registration is a bit racy dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction dmaengine: timb_dma: Use proper enum in td_prep_slave_sg ALSA: hda: Fix mismatch for register mask and value in ext controller. ext4: fix build error when DX_DEBUG is defined clk: keystone: Enable TISCI clocks if K3_ARCH sunrpc: Fix connect metrics x86/PCI: Apply VMD's AERSID fixup generically mei: samples: fix a signedness bug in amt_host_if_call() cxgb4: Use proper enum in cxgb4_dcb_handle_fw_update cxgb4: Use proper enum in IEEE_FAUX_SYNC powerpc/pseries: Fix DTL buffer registration powerpc/pseries: Fix how we iterate over the DTL entries powerpc/xive: Move a dereference below a NULL test ARM: dts: at91: sama5d4_xplained: fix addressable nand flash size ARM: dts: at91: at91sam9x5cm: fix addressable nand flash size ARM: dts: at91: sama5d2_ptc_ek: fix bootloader env offsets mtd: rawnand: sh_flctl: Use proper enum for flctl_dma_fifo0_transfer PM / hibernate: Check the success of generating md5 digest before hibernation tools: PCI: Fix compilation warnings clocksource/drivers/sh_cmt: Fixup for 64-bit machines clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines ice: Fix forward to queue group logic md: allow metadata updates while suspending an array - fix ixgbe: Fix ixgbe TX hangs with XDP_TX beyond queue limit i40e: Use proper enum in i40e_ndo_set_vf_link_state ixgbe: Fix crash with VFs and flow director on interface flap IB/mthca: Fix error return code in __mthca_init_one() IB/rxe: avoid srq memory leak RDMA/hns: Bugfix for reserved qp number RDMA/hns: Submit bad wr when post send wr exception RDMA/hns: Bugfix for CM test RDMA/hns: Limit the size of extend sge of sq IB/mlx4: Avoid implicit enumerated type conversion rpmsg: glink: smem: Support rx peak for size less than 4 bytes msm/gpu/a6xx: Force of_dma_configure to setup DMA for GMU OPP: Return error on error from dev_pm_opp_get_opp_count() ACPICA: Never run _REG on system_memory and system_IO cpuidle: menu: Fix wakeup statistics updates for polling state ASoC: qdsp6: q6asm-dai: checking NULL vs IS_ERR() powerpc/time: Use clockevents_register_device(), fixing an issue with large decrementer powerpc/64s/radix: Explicitly flush ERAT with local LPID invalidation ata: ep93xx: Use proper enums for directions qed: Avoid implicit enum conversion in qed_ooo_submit_tx_buffers media: rc: ir-rc6-decoder: enable toggle bit for Kathrein RCU-676 remote media: pxa_camera: Fix check for pdev->dev.of_node media: rcar-vin: fix redeclaration of symbol media: i2c: adv748x: Support probing a single output ALSA: hda/sigmatel - Disable automute for Elo VuPoint bnxt_en: return proper error when FW returns HWRM_ERR_CODE_RESOURCE_ACCESS_DENIED KVM: PPC: Book3S PR: Exiting split hack mode needs to fixup both PC and LR USB: serial: cypress_m8: fix interrupt-out transfer length usb: dwc2: disable power_down on rockchip devices mtd: physmap_of: Release resources on error cpu/SMT: State SMT is disabled even with nosmt and without "=force" brcmfmac: reduce timeout for action frame scan brcmfmac: fix full timeout waiting for action frame on-channel tx qtnfmac: request userspace to do OBSS scanning if FW can not qtnfmac: pass sgi rate info flag to wireless core qtnfmac: inform wireless core about supported extended capabilities qtnfmac: drop error reports for out-of-bounds key indexes clk: samsung: Use NOIRQ stage for Exynos5433 clocks suspend/resume clk: samsung: exynos5420: Define CLK_SECKEY gate clock only or Exynos5420 clk: samsung: Use clk_hw API for calling clk framework from clk notifiers i2c: brcmstb: Allow enabling the driver on DSL SoCs printk: Correct wrong casting NFSv4.x: fix lock recovery during delegation recall dmaengine: ioat: fix prototype of ioat_enumerate_channels media: ov5640: fix framerate update media: cec-gpio: select correct Signal Free Time gfs2: slow the deluge of io error messages i2c: omap: use core to detect 'no zero length' quirk i2c: qup: use core to detect 'no zero length' quirk i2c: tegra: use core to detect 'no zero length' quirk i2c: zx2967: use core to detect 'no zero length' quirk Input: st1232 - set INPUT_PROP_DIRECT property Input: silead - try firmware reload after unsuccessful resume soc: fsl: bman_portals: defer probe after bman's probe net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware tc-testing: fix build of eBPF programs remoteproc: Check for NULL firmwares in sysfs interface remoteproc: qcom: q6v5: Fix a race condition on fatal crash kexec: Allocate decrypted control pages for kdump if SME is enabled x86/olpc: Fix build error with CONFIG_MFD_CS5535=m dmaengine: rcar-dmac: set scatter/gather max segment size crypto: mxs-dcp - Fix SHA null hashes and output length crypto: mxs-dcp - Fix AES issues xfrm: use correct size to initialise sp->ovec ACPI / SBS: Fix rare oops when removing modules iwlwifi: mvm: don't send keys when entering D3 xsk: proper AF_XDP socket teardown ordering x86/fsgsbase/64: Fix ptrace() to read the FS/GS base accurately mmc: renesas_sdhi_internal_dmac: Whitelist r8a774a1 mmc: tmio: Fix SCC error detection mmc: renesas_sdhi_internal_dmac: set scatter/gather max segment size atmel_lcdfb: support native-mode display-timings fbdev: sbuslib: use checked version of put_user() fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() fbdev: fix broken menu dependencies reset: Fix potential use-after-free in __of_reset_control_get() bcache: account size of buckets used in uuid write to ca->meta_sectors_written bcache: recal cached_dev_sectors on detach platform/x86: mlx-platform: Properly use mlxplat_mlxcpld_msn201x_items media: dw9714: Fix error handling in probe function media: dw9807-vcm: Fix probe error handling media: cx18: Don't check for address of video_dev mtd: spi-nor: cadence-quadspi: Use proper enum for dma_[un]map_single mtd: devices: m25p80: Make sure WRITE_EN is issued before each write x86/intel_rdt: Introduce utility to obtain CDP peer x86/intel_rdt: CBM overlap should also check for overlap with CDP peer mmc: mmci: expand startbiterr to irqmask and error check s390/kasan: avoid vdso instrumentation s390/kasan: avoid instrumentation of early C code s390/kasan: avoid user access code instrumentation proc/vmcore: Fix i386 build error of missing copy_oldmem_page_encrypted() backlight: lm3639: Unconditionally call led_classdev_unregister mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable printk: Give error on attempt to set log buffer length to over 2G media: isif: fix a NULL pointer dereference bug GFS2: Flush the GFS2 delete workqueue before stopping the kernel threads media: cx231xx: fix potential sign-extension overflow on large shift media: venus: vdec: fix decoded data size ALSA: hda/ca0132 - Fix input effect controls for desktop cards lightnvm: pblk: fix rqd.error return value in pblk_blk_erase_sync lightnvm: pblk: fix incorrect min_write_pgs lightnvm: pblk: guarantee emeta on line close lightnvm: pblk: fix write amplificiation calculation lightnvm: pblk: guarantee mw_cunits on read buffer lightnvm: do no update csecs and sos on 1.2 lightnvm: pblk: fix error handling of pblk_lines_init() lightnvm: pblk: consider max hw sectors supported for max_write_pgs x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error bpf: btf: Fix a missing check bug net: fix generic XDP to handle if eth header was mangled gpio: syscon: Fix possible NULL ptr usage spi: fsl-lpspi: Prevent FIFO under/overrun by default pinctrl: gemini: Mask and set properly spi: spidev: Fix OF tree warning logic ARM: 8802/1: Call syscall_trace_exit even when system call skipped x86/mm: Do not warn about PCI BIOS W+X mappings orangefs: rate limit the client not running info message pinctrl: gemini: Fix up TVC clock group scsi: arcmsr: clean up clang warning on extraneous parentheses hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors hwmon: (nct6775) Fix names of DIMM temperature sources hwmon: (pwm-fan) Silence error on probe deferral hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros hwmon: (npcm-750-pwm-fan) Change initial pwm target to 255 selftests: forwarding: Have lldpad_app_wait_set() wait for unknown, too net: sched: avoid writing on noop_qdisc netfilter: nft_compat: do not dump private area misc: cxl: Fix possible null pointer dereference mac80211: minstrel: fix using short preamble CCK rates on HT clients mac80211: minstrel: fix CCK rate group streams value mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode spi: rockchip: initialize dma_slave_config properly mlxsw: spectrum_switchdev: Check notification relevance based on upper device ARM: dts: omap5: Fix dual-role mode on Super-Speed port tcp: start receiver buffer autotuning sooner ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate PM / devfreq: Fix static checker warning in try_then_request_governor tools: PCI: Fix broken pcitest compilation powerpc/time: Fix clockevent_decrementer initalisation for PR KVM mmc: tmio: fix SCC error handling to avoid false positive CRC error x86/resctrl: Fix rdt_find_domain() return value and checks Linux 4.19.86 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ib9de820e5026cadf4fab89e69d1324302cdae9c3 |
||
Julia Lawall
|
4f4ab0b49c |
tee: optee: add missing of_node_put after of_device_is_available
commit c7c0d8df0b94a67377555a550b8d66ee2ad2f4ed upstream. Add an of_node_put when a tested device node is not available. The semantic patch that fixes this problem is as follows (http://coccinelle.lip6.fr): // <smpl> @@ identifier f; local idexpression e; expression x; @@ e = f(...); ... when != of_node_put(e) when != x = e when != e = x when any if (<+...of_device_is_available(e)...+>) { ... when != of_node_put(e) ( return e; | + of_node_put(e); return ...; ) } // </smpl> Fixes: db878f76b9ff ("tee: optee: take DT status property into account") Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Cc: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
44b82a3d1b |
This is the 4.19.85 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3VfEoACgkQONu9yGCS aT7vHRAAv3fZQ5+Rn0zn0cgYsgG5OGbtHL01aJB99g2Dgf/VmB3OrB2rx+ZF7WVw Uakab5XZp6rLSxG4LNQy7jjIuxADdDab5xWTlhqpEHVydsFC9IOktT91DW2luf8Y Xyr8q7sQIS7eV67NkUnUSqri1IdsRNB5qeWmhC0l6+PSuQrk+WF0y5B4TtrjF5Er GjYTq9RTJh7/luFKUSmxN8+TIwo4uY15b3oqX75LMPObzbH+c5iqp5QiHJh/BQ7/ awf7kxlMay0V/hPRmGomHxX70TgHTF2er0b+HyJwf1OX0zgKycsztWZT+p7qN+DT yjPWwYJ3kGs/7GwZL7HNhk8p/3aDf9HFHFvbVSty63wgZ8dfo4EuXZ9YfWa+lfI8 Kn4wKeynUvrvNLH9iYug/XuEPjXysQeSlBaL4pZTPTWtipu1MP0OpR05l8UzO2cO lqWgf0Y7wsunZBeyCLkWd9TCO7gd1s7csdkJAy37rG7mCjN3p83NeMznLlj+H4I8 MHlcAWdlxlWWitKohi0kr/VYiHmhBVsOZu4rQmuCBWuo++HrWwn7XaGBzYsP8Eku 7ZNaS5oJFAjBzKnQxp8i3mgE8ifODuokgPISImyyRWidedfoHcv6Kr+pdEoQ+gjk nL5xwqKAMsh/vMyxVmetzytULHtvBqJelquzQcfnanyEvBoS46Q= =EUxi -----END PGP SIGNATURE----- Merge 4.19.85 into android-4.19 Changes in 4.19.85 KVM: x86: introduce is_pae_paging MIPS: BCM63XX: fix switch core reset on BCM6368 scsi: core: Handle drivers which set sg_tablesize to zero ax88172a: fix information leak on short answers ipmr: Fix skb headroom in ipmr_get_route(). net: gemini: add missed free_netdev net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules slip: Fix memory leak in slip_open error path ALSA: usb-audio: Fix missing error check at mixer resolution test ALSA: usb-audio: not submit urb for stopped endpoint ALSA: usb-audio: Fix incorrect NULL check in create_yamaha_midi_quirk() ALSA: usb-audio: Fix incorrect size check for processing/extension units Btrfs: fix log context list corruption after rename exchange operation Input: ff-memless - kill timer in destroy() Input: synaptics-rmi4 - fix video buffer size Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) Input: synaptics-rmi4 - clear IRQ enables for F54 Input: synaptics-rmi4 - destroy F54 poller workqueue when removing IB/hfi1: Ensure full Gen3 speed in a Gen4 system IB/hfi1: Use a common pad buffer for 9B and 16B packets i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either net: ethernet: dwmac-sun8i: Use the correct function in exit path iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros mm: mempolicy: fix the wrong return value and potential pages leak of mbind mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() mmc: sdhci-of-at91: fix quirk2 overwrite iio: adc: max9611: explicitly cast gain_selectors tee: optee: take DT status property into account ath10k: fix kernel panic by moving pci flush after napi_disable iio: dac: mcp4922: fix error handling in mcp4922_write_raw clk: sunxi-ng: h6: fix PWM gate/reset offset soundwire: Initialize completion for defer messages soundwire: intel: Fix uninitialized adev deref arm64: dts: allwinner: a64: Orange Pi Win: Fix SD card node arm64: dts: allwinner: a64: Olinuxino: fix DRAM voltage arm64: dts: allwinner: a64: NanoPi-A64: Fix DCDC1 voltage ALSA: pcm: signedness bug in snd_pcm_plug_alloc() soc/tegra: pmc: Fix pad voltage configuration for Tegra186 arm64: dts: tegra210-p2180: Correct sdmmc4 vqmmc-supply y2038: make do_gettimeofday() and get_seconds() inline ARM: dts: rcar: Correct SATA device sizes to 2 MiB ARM: dts: at91/trivial: Fix USART1 definition for at91sam9g45 rtc: sysfs: fix NULL check in rtc_add_groups() rtc: rv8803: fix the rv8803 id in the OF table remoteproc/davinci: Use %zx for formating size_t extcon: cht-wc: Return from default case to avoid warnings cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set ALSA: seq: Do error checks at creating system ports ath10k: skip resetting rx filter for WCN3990 ath9k: fix tx99 with monitor mode interface wil6210: drop Rx multicast packets that are looped-back to STA wil6210: set edma variables only for Talyn-MB devices wil6210: prevent usage of tx ring 0 for eDMA wil6210: fix invalid memory access for rx_buff_mgmt debugfs ath10k: limit available channels via DT ieee80211-freq-limit ice: Update request resource command to latest specification ice: Prevent control queue operations during reset gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated ice: Fix and update driver version string ASoC: dapm: Don't fail creating new DAPM control on NULL pinctrl ASoC: dpcm: Properly initialise hw->rate_max ASoC: meson: axg-fifo: report interrupt request failure ASoC: AMD: Change MCLK to 48Mhz pinctrl: ingenic: Probe driver at subsys_initcall MIPS: BCM47XX: Enable USB power on Netgear WNDR3400v3 ARM: dts: exynos: Use i2c-gpio for HDMI-DDC on Arndale ARM: dts: exynos: Fix HDMI-HPD line handling on Arndale ARM: dts: exynos: Fix sound in Snow-rev5 Chromebook liquidio: fix race condition in instruction completion processing arm64: dts: stratix10: i2c clock running out of spec ARM: dts: exynos: Fix regulators configuration on Peach Pi/Pit Chromebooks i40evf: Validate the number of queues a PF sends i40e: use correct length for strncpy i40evf: set IFF_UNICAST_FLT flag for the VF i40e: Check and correct speed values for link on open i40evf: Don't enable vlan stripping when rx offload is turned on i40e: hold the rtnl lock on clearing interrupt scheme i40evf: cancel workqueue sync for adminq when a VF is removed i40e: Prevent deleting MAC address from VF when set by PF IB/rxe: avoid back-to-back retries IB/rxe: fixes for rdma read retry iwlwifi: drop packets with bad status in CD iwlwifi: don't WARN on trying to dump dead firmware iwlwifi: mvm: avoid sending too many BARs media: vicodec: fix out-of-range values when decoding media: i2c: Fix pm_runtime_get_if_in_use() usage in sensor drivers media: ov772x: Disable clk on error path ARM: dts: pxa: fix the rtc controller ARM: dts: pxa: fix power i2c base address rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument mwifiex: do no submit URB in suspended state mwifex: free rx_cmd skb in suspended state brcmfmac: fix wrong strnchr usage mt76: Fix comparisons with invalid hardware key index soc: imx: gpc: fix PDN delay ASoC: rsnd: ssi: Fix issue in dma data address assignment net: hns3: Fix for multicast failure net: hns3: Fix error of checking used vlan id net: hns3: Fix for loopback selftest failed problem net: hns3: Change the dst mac addr of loopback packet net/mlx5: Fix atomic_mode enum values net: phy: mscc: read 'vsc8531,vddmac' as an u32 net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 ARM: dts: meson8: fix the clock controller register size ARM: dts: meson8b: fix the clock controller register size mtd: rawnand: marvell: use regmap_update_bits() for syscon access mtd: rawnand: fsl_ifc: check result of SRAM initialization mtd: rawnand: fsl_ifc: fixup SRAM init for newer ctrl versions mtd: rawnand: qcom: don't include dma-direct.h IB/mlx5: Change TX affinity assignment in RoCE LAG mode qxl: fix null-pointer crash during suspend mac80211: fix saving a few HE values cfg80211: validate wmm rule when setting f2fs: avoid wrong decrypted data from disk net: lan78xx: Bail out if lan78xx_get_endpoints fails rtnetlink: move type calculation out of loop ASoC: sgtl5000: avoid division by zero if lo_vag is zero ath10k: avoid possible memory access violation ARM: dts: exynos: Disable pull control for S5M8767 PMIC ath10k: wmi: disable softirq's while calling ieee80211_rx i2c: mediatek: Use DMA safe buffers for i2c transactions IB/mlx5: Don't hold spin lock while checking device state IB/ipoib: Ensure that MTU isn't less than minimum permitted RDMA/core: Rate limit MAD error messages RDMA/core: Follow correct unregister order between sysfs and cgroup mips: txx9: fix iounmap related issue udf: Fix crash during mount ASoC: dapm: Avoid uninitialised variable warning ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation ata: Disable AHCI ALPM feature for Ampere Computing eMAG SATA of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC ARM: dts: omap3-gta04: give spi_lcd node a label so that we can overwrite in other DTS files ARM: dts: omap3-gta04: fixes for tvout / venc ARM: dts: omap3-gta04: tvout: enable as display1 alias ARM: dts: omap3-gta04: fix touchscreen tsc2007 ARM: dts: omap3-gta04: make NAND partitions compatible with recent U-Boot ARM: dts: omap3-gta04: keep vpll2 always on f2fs: submit bio after shutdown failover: Fix error return code in net_failover_create sched/debug: Explicitly cast sched_feat() to bool sched/debug: Use symbolic names for task state constants firmware: arm_scmi: use strlcpy to ensure NULL-terminated strings arm64: dts: rockchip: Fix VCC5V0_HOST_EN on rk3399-sapphire ARM: dts: exynos: Disable pull control for PMIC IRQ line on Artik5 board usb: mtu3: disable vbus rise/fall interrupts of ltssm dmaengine: dma-jz4780: Don't depend on MACH_JZ4780 dmaengine: dma-jz4780: Further residue status fix EDAC, sb_edac: Return early on ADDRV bit and address type test rtc: mt6397: fix possible race condition rtc: pl030: fix possible race condition ath9k: add back support for using active monitor interfaces for tx99 dmaengine: at_xdmac: remove a stray bottom half unlock RDMA/hns: Fix an error code in hns_roce_v2_init_eq_table() IB/hfi1: Missing return value in error path for user sdma signal: Always ignore SIGKILL and SIGSTOP sent to the global init signal: Properly deliver SIGILL from uprobes signal: Properly deliver SIGSEGV from x86 uprobes f2fs: fix memory leak of write_io in fill_super() f2fs: fix memory leak of percpu counter in fill_super() f2fs: fix setattr project check upon fssetxattr ioctl scsi: qla2xxx: Use correct qpair for ABTS/CMD scsi: qla2xxx: Fix iIDMA error scsi: qla2xxx: Defer chip reset until target mode is enabled scsi: qla2xxx: Terminate Plogi/PRLI if WWN is 0 scsi: qla2xxx: Fix deadlock between ATIO and HW lock scsi: qla2xxx: Increase abort timeout value scsi: qla2xxx: Check for Register disconnect scsi: qla2xxx: Fix port speed display on chip reset scsi: qla2xxx: Fix dropped srb resource. scsi: qla2xxx: Fix duplicate switch's Nport ID entries scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 scsi: lpfc: Fix errors in log messages. scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() ARM: imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff" is set scsi: pm80xx: Corrected dma_unmap_sg() parameter scsi: pm80xx: Fixed system hang issue during kexec boot kprobes: Don't call BUG_ON() if there is a kprobe in use on free list net: aquantia: fix hw_atl_utils_fw_upload_dwords Drivers: hv: vmbus: Fix synic per-cpu context initialization nvmem: core: return error code instead of NULL from nvmem_device_get media: dt-bindings: adv748x: Fix decimal unit addresses ALSA: hda: Fix implicit definition of pci_iomap() on SH media: fix: media: pci: meye: validate offset to avoid arbitrary access media: dvb: fix compat ioctl translation net: bcmgenet: Fix speed selection for reverse MII arm64: dts: meson: libretech: update board model arm64: dts: meson-axg: use the proper compatible for ethmac ALSA: intel8x0m: Register irq handler after register initializations arm64: dts: renesas: salvator-common: adv748x: Override secondary addresses arm64: dts: renesas: r8a77965: Attach the SYS-DMAC to the IPMMU arm64: dts: renesas: r8a77965: Fix HS-USB compatible arm64: dts: renesas: r8a77965: Fix clock/reset for usb2_phy1 pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() llc: avoid blocking in llc_sap_close() ARM: dts: qcom: ipq4019: fix cpu0's qcom,saw2 reg value soc: qcom: geni: Don't ignore clk_round_rate() errors in geni_se_clk_tbl_get() soc: qcom: geni: geni_se_clk_freq_match() should always accept multiples soc: qcom: wcnss_ctrl: Avoid string overflow soc: qcom: apr: Avoid string overflow drivers: qcom: rpmh-rsc: clear wait_for_compl after use arm64: dts: broadcom: Fix I2C and SPI bus warnings ARM: dts: bcm: Fix SPI bus warnings ARM: dts: aspeed: Fix I2C bus warnings powerpc/vdso: Correct call frame information ARM: dts: socfpga: Fix I2C bus unit-address error ARM: dts: sunxi: Fix I2C bus warnings pinctrl: at91: don't use the same irqchip with multiple gpiochips ARM: dts: sun9i: Fix I2C bus warnings android: binder: no outgoing transaction when thread todo has transaction cxgb4: Fix endianness issue in t4_fwcache() arm64: fix for bad_mode() handler to always result in panic block, bfq: inject other-queue I/O into seeky idle queues on NCQ flash blok, bfq: do not plug I/O if all queues are weight-raised arm64: dts: meson: Fix erroneous SPI bus warnings power: supply: ab8500_fg: silence uninitialized variable warnings power: reset: at91-poweroff: do not procede if at91_shdwc is allocated power: supply: max8998-charger: Fix platform data retrieval component: fix loop condition to call unbind() if bind() fails kernfs: Fix range checks in kernfs_get_target_path ip_gre: fix parsing gre header in ipgre_err scsi: ufshcd: Fix NULL pointer dereference for in ufshcd_init ARM: dts: rockchip: Fix erroneous SPI bus dtc warnings on rk3036 arm64: dts: rockchip: Fix I2C bus unit-address error on rk3399-puma-haikou ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask netfilter: nf_tables: avoid BUG_ON usage ath9k: Fix a locking bug in ath9k_add_interface() s390/qeth: uninstall IRQ handler on device removal s390/qeth: invoke softirqs after napi_schedule() media: vsp1: Fix vsp1_regs.h license header media: vsp1: Fix YCbCr planar formats pitch calculation media: ov2680: don't register the v4l2 subdevice before checking chip ID PCI/ACPI: Correct error message for ASPM disabling net: socionext: Fix two sleep-in-atomic-context bugs in ave_rxfifo_reset() PCI: mediatek: Fix unchecked return value ARM: dts: xilinx: Fix I2C and SPI bus warnings serial: uartps: Fix suspend functionality serial: samsung: Enable baud clock for UART reset procedure in resume serial: mxs-auart: Fix potential infinite loop tty: serial: qcom_geni_serial: Fix serial when not used as console arm64: dts: ti: k3-am65: Change #address-cells and #size-cells of interconnect to 2 samples/bpf: fix a compilation failure spi/bcm63xx-hsspi: keep pll clk enabled spi: mediatek: Don't modify spi_transfer when transfer. ASoC: rt5682: Fix the boost volume at the begining of playback ipmi_si_pci: fix NULL device in ipmi_si error message ipmi_si: fix potential integer overflow on large shift ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address ipmi: fix return value of ipmi_set_my_LUN net: hns3: fix return type of ndo_start_xmit function net: cavium: fix return type of ndo_start_xmit function net: ibm: fix return type of ndo_start_xmit function powerpc/iommu: Avoid derefence before pointer check selftests/powerpc: Do not fail with reschedule powerpc/64s/hash: Fix stab_rr off by one initialization powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request powerpc/pseries: Disable CPU hotplug across migrations powerpc: Fix duplicate const clang warning in user access code RDMA/i40iw: Fix incorrect iterator type ARM: dts: atmel: Fix I2C and SPI bus warnings OPP: Protect dev_list with opp_table lock of/unittest: Fix I2C bus unit-address error libfdt: Ensure INT_MAX is defined in libfdt_env.h power: supply: twl4030_charger: fix charging current out-of-bounds power: supply: twl4030_charger: disable eoc interrupt on linear charge net: mvpp2: fix the number of queues per cpu for PPv2.2 net: marvell: fix return type of ndo_start_xmit function net: toshiba: fix return type of ndo_start_xmit function net: xilinx: fix return type of ndo_start_xmit function net: broadcom: fix return type of ndo_start_xmit function net: amd: fix return type of ndo_start_xmit function net: sun: fix return type of ndo_start_xmit function net: hns3: Fix for setting speed for phy failed problem net: hns3: Fix cmdq registers initialization issue for vf net: hns3: Clear client pointer when initialize client failed or unintialize finished net: hns3: Fix client initialize state issue when roce client initialize failed net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() nfp: provide a better warning when ring allocation fails usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started usb: chipidea: Fix otg event handler usb: usbtmc: Fix ioctl USBTMC_IOCTL_ABORT_BULK_OUT s390/zcrypt: enable AP bus scan without a valid default domain s390/vdso: avoid 64-bit vdso mapping for compat tasks s390/vdso: correct CFI annotations of vDSO functions brcmfmac: increase buffer for obtaining firmware capabilities brcmsmac: Use kvmalloc() for ucode allocations mlxsw: spectrum: Init shaper for TCs 8..15 PCI: portdrv: Initialize service drivers directly ARM: dts: am335x-evm: fix number of cpsw ARM: dts: ti: Fix SPI and I2C bus warnings f2fs: avoid infinite loop in f2fs_alloc_nid f2fs: fix to recover inode's uid/gid during POR ARM: dts: ux500: Correct SCU unit address ARM: dts: ux500: Fix LCDA clock line muxing ARM: dts: ste: Fix SPI controller node names spi: pic32: Use proper enum in dmaengine_prep_slave_rg crypto: chacha20 - Fix chacha20_block() keystream alignment (again) cpufeature: avoid warning when compiling with clang crypto: arm/crc32 - avoid warning when compiling with Clang ARM: dts: marvell: Fix SPI and I2C bus warnings x86/mce-inject: Reset injection struct after injection ARM: dts: stm32: enable display on stm32mp157c-ev1 board ARM: dts: clearfog: fix sdhci supply property name ARM: dts: stm32: Fix SPI controller node names bnx2x: Ignore bandwidth attention in single function mode PCI/AER: Take reference on error devices PCI/AER: Don't read upstream ports below fatal errors PCI/ERR: Use slot reset if available samples/bpf: fix compilation failure net: phy: mdio-bcm-unimac: Allow configuring MDIO clock divider net: micrel: fix return type of ndo_start_xmit function net: freescale: fix return type of ndo_start_xmit function x86/CPU: Use correct macros for Cyrix calls x86/CPU: Change query logic so CPUID is enabled before testing EDAC: Correct DIMM capacity unit symbol MIPS: kexec: Relax memory restriction arm64: dts: rockchip: Fix microSD in rk3399 sapphire board mlxsw: Make MLXSW_SP1_FWREV_MINOR a hard requirement media: imx: work around false-positive warning, again media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() media: au0828: Fix incorrect error messages media: davinci: Fix implicit enum conversion warning ARM: dts: rockchip: explicitly set vcc_sd0 pin to gpio on rk3188-radxarock usb: gadget: uvc: configfs: Drop leaked references to config items usb: gadget: uvc: configfs: Prevent format changes after linking header usb: gadget: uvc: configfs: Sort frame intervals upon writing ARM: dts: exynos: Correct audio subsystem parent clock on Peach Chromebooks i2c: aspeed: fix invalid clock parameters for very large divisors gpiolib: Fix gpio_direction_* for single direction GPIOs ARM: at91: pm: call put_device instead of of_node_put in at91_pm_config_ws phy: brcm-sata: allow PHY_BRCM_SATA driver to be built for DSL SoCs phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs phy: phy-twl4030-usb: fix denied runtime access ARM: dts: imx6ull: update vdd_soc voltage for 900MHz operating point usb: gadget: uvc: Factor out video USB request queueing usb: gadget: uvc: Only halt video streaming endpoint in bulk mode coresight: Use ERR_CAST instead of ERR_PTR coresight: Fix handling of sinks coresight: perf: Fix per cpu path management coresight: perf: Disable trace path upon source error coresight: tmc-etr: Handle driver mode specific ETR buffers coresight: etm4x: Configure EL2 exception level when kernel is running in HYP coresight: tmc: Fix byte-address alignment for RRP coresight: dynamic-replicator: Handle multiple connections slimbus: ngd: register ngd driver only once. slimbus: ngd: return proper error code instead of zero silmbus: ngd: register controller after power up. misc: kgdbts: Fix restrict error misc: genwqe: should return proper error value. vmbus: keep pointer to ring buffer page vfio/pci: Fix potential memory leak in vfio_msi_cap_len vfio/pci: Mask buggy SR-IOV VF INTx support iw_cxgb4: Use proper enumerated type in c4iw_bar2_addrs scsi: libsas: always unregister the old device if going to discover new f2fs: fix remount problem of option io_bits phy: lantiq: Fix compile warning arm64: dts: fsl: Fix I2C and SPI bus warnings ARM: dts: imx51-zii-rdu1: Fix the rtc compatible string arm64: tegra: I2C on Tegra194 is not compatible with Tegra114 ARM: dts: tegra30: fix xcvr-setup-use-fuses ARM: dts: tegra20: restore address order ARM: tegra: apalis_t30: fix mmc1 cmd pull-up ARM: tegra: apalis_t30: fix mcp2515 can controller interrupt polarity ARM: tegra: colibri_t30: fix mcp2515 can controller interrupt polarity ARM: dts: paz00: fix wakeup gpio keycode net: smsc: fix return type of ndo_start_xmit function net: faraday: fix return type of ndo_start_xmit function PCI/ERR: Run error recovery callbacks for all affected devices f2fs: update i_size after DIO completion f2fs: fix to recover inode's project id during POR f2fs: mark inode dirty explicitly in recover_inode() RDMA: Fix dependencies for rdma_user_mmap_io EDAC: Raise the maximum number of memory controllers ARM: dts: realview: Fix SPI controller node names firmware: dell_rbu: Make payload memory uncachable Bluetooth: hci_serdev: clear HCI_UART_PROTO_READY to avoid closing proto races Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS Bluetooth: btrsi: fix bt tx timeout issue x86/hyperv: Suppress "PCI: Fatal: No config space access function found" crypto: s5p-sss: Fix race in error handling crypto: s5p-sss: Fix Fix argument list alignment crypto: fix a memory leak in rsa-kcs1pad's encryption mode iwlwifi: dbg: don't crash if the firmware crashes in the middle of a debug dump iwlwifi: fix non_shared_ant for 22000 devices iwlwifi: pcie: read correct prph address for newer devices iwlwifi: api: annotate compressed BA notif array sizes iwlwifi: pcie: gen2: build A-MSDU only for GSO iwlwifi: pcie: fit reclaim msg to MAX_MSG_LEN iwlwifi: mvm: use correct FIFO length iwlwifi: mvm: Allow TKIP for AP mode scsi: NCR5380: Clear all unissued commands on host reset scsi: NCR5380: Have NCR5380_select() return a bool scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data scsi: NCR5380: Check for invalid reselection target scsi: NCR5380: Don't clear busy flag when abort fails scsi: NCR5380: Don't call dsprintk() following reselection interrupt scsi: NCR5380: Handle BUS FREE during reselection scsi: NCR5380: Check for bus reset arm64: dts: amd: Fix SPI bus warnings arm64: dts: lg: Fix SPI controller node names ARM: dts: lpc32xx: Fix SPI controller node names rtc: isl1208: avoid possible sysfs race rtc: tx4939: fixup nvmem name and register size rtc: armada38x: fix possible race condition netfilter: masquerade: don't flush all conntracks if only one address deleted on device usb: xhci-mtk: fix ISOC error when interval is zero usb: usbtmc: uninitialized symbol 'actual' in usbtmc_ioctl_clear fuse: use READ_ONCE on congestion_threshold and max_background IB/iser: Fix possible NULL deref at iser_inv_desc() media: ov2680: fix null dereference at power on s390/vdso: correct vdso mapping for compat tasks net: phy: mdio-bcm-unimac: mark PM functions as __maybe_unused memfd: Use radix_tree_deref_slot_protected to avoid the warning. slcan: Fix memory leak in error path Linux 4.19.85 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I0857e66ee2cdd412cd736548a1395bf764a8ab0a |
||
Ard Biesheuvel
|
75a600d7f0 |
tee: optee: take DT status property into account
[ Upstream commit db878f76b9ff7487da9bb0f686153f81829f1230 ] DT nodes may have a 'status' property which, if set to anything other than 'ok' or 'okay', indicates to the OS that the DT node should be treated as if it was not present. So add that missing logic to the OP-TEE driver. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Andrey Konovalov
|
e426e9788e |
UPSTREAM: tee/shm: untag user pointers in tee_shm_register
(Upstream commit 78063a9dd9637c0450cf6eacc03f42eb1295917f). This patch is a part of a series that extends kernel ABI to allow to pass tagged user pointers (with the top byte set to something else other than 0x00) as syscall arguments. tee_shm_register()->optee_shm_unregister()->check_mem_type() uses provided user pointers for vma lookups (via __check_mem_type()), which can only by done with untagged pointers. Untag user pointers in this function. Link: http://lkml.kernel.org/r/4b993f33196b3566ac81285ff8453219e2079b45.1563904656.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Eric Auger <eric.auger@redhat.com> Cc: Felix Kuehling <Felix.Kuehling@amd.com> Cc: Khalid Aziz <khalid.aziz@oracle.com> Cc: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> Cc: Mike Rapoport <rppt@linux.ibm.com> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Bug: 135692346 Change-Id: Id956633fca0b8e95954f0ed61744389b6bd503fd |
||
Zhizhou Zhang
|
39d4c1c0dd |
tee: optee: avoid possible double list_del()
[ Upstream commit b2d102bd0146d9eb1fa630ca0cd19a15ef2f74c8 ] This bug occurs when: - a new request arrives, one thread(let's call it A) is pending in optee_supp_req() with req->busy is initial value false. - tee-supplicant is killed, then optee_supp_release() is called, this function calls list_del(&req->link), and set supp->ctx to NULL. And it also wake up process A. - process A continues, it firstly checks supp->ctx which is NULL, then checks req->busy which is false, at last run list_del(&req->link). This triggers double list_del() and results kernel panic. For solve this problem, we rename req->busy to req->in_queue, and associate it with state of whether req is linked to supp->reqs. So we can just only check req->in_queue to make decision calling list_del() or not. Signed-off-by: Zhizhou Zhang <zhizhouzhang@asrmicro.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Linus Torvalds
|
f3ea496213 |
ARM: SoC driver updates
Some of the larger changes this merge window: - Removal of drivers for Exynos5440, a Samsung SoC that never saw widespread use. - Uniphier support for USB3 and SPI reset handling - Syste control and SRAM drivers and bindings for Allwinner platforms - Qualcomm AOSS (Always-on subsystem) reset controller drivers - Raspberry Pi hwmon driver for voltage - Mediatek pwrap (pmic) support for MT6797 SoC -----BEGIN PGP SIGNATURE----- iQJDBAABCAAtFiEElf+HevZ4QCAJmMQ+jBrnPN6EHHcFAlt+MMkPHG9sb2ZAbGl4 b20ubmV0AAoJEIwa5zzehBx3pB4QAIj7iVxSKEQFz65iXLTfMJKFZ9TSvRgWSDyE CHF+WOQGTnxkvySEHSw/SNqDM+Bas8ijR8b4vWzsXJFB+3HA0ZTGLU379/af1zCE 9k8QjyIWtRWKX9fo7qCHVXlMfxGbOdbCOsh4jnmHqEIDxCHXpIiJRfvUbKIXGpfn tw6QpM70vm6Q6AdKwzmDbMCYnQAMWxBK/G/Q7BfRG+IYWYjFGbiWIc9BV9Ki8+nE 3235ISaTHvAHodoec8tpLxv34GsOP4RCqscGYEuCf22RYfWva4S9e4yoWT8qPoIl IHWNsE3YWjksqpt9rj9Pie/PycthO4E4BUPMtqjMbC2OyKFgVsAcHrmToSdd+7ob t3VNM6RVl8xyWSRlm5ioev15CCOeWRi1nUT7m3UEBWpQ6ihJVpbjf1vVxZRW/E0t cgC+XzjSg26sWx1bSH9lGPFytOblAcZ04GG/Kpz02MmTgMiTdODFZ67AsqtdeQS7 a9wpaQ+DgTqU0VcQx8Kdq8uy9MOztkhXn5yO8fEWjpm0lPcxjhJS4EpN+Ru2T7/Z AMuy5lRJfQzAPU9kY7TE0yZ07pgpZgh7LlWOoKtGD7UklzXVVZrVlpn7bApRN5vg ZLze5OiEiIF5gIiRC8sIyQ9TZdvg4NqwebCqspINixqs7iIpB7TG93WQcy82osSE TXhtx4Sy =ZjwY -----END PGP SIGNATURE----- Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC driver updates from Olof Johansson: "Some of the larger changes this merge window: - Removal of drivers for Exynos5440, a Samsung SoC that never saw widespread use. - Uniphier support for USB3 and SPI reset handling - Syste control and SRAM drivers and bindings for Allwinner platforms - Qualcomm AOSS (Always-on subsystem) reset controller drivers - Raspberry Pi hwmon driver for voltage - Mediatek pwrap (pmic) support for MT6797 SoC" * tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (52 commits) drivers/firmware: psci_checker: stash and use topology_core_cpumask for hotplug tests soc: fsl: cleanup Kconfig menu soc: fsl: dpio: Convert DPIO documentation to .rst staging: fsl-mc: Remove remaining files staging: fsl-mc: Move DPIO from staging to drivers/soc/fsl staging: fsl-dpaa2: eth: move generic FD defines to DPIO soc: fsl: qe: gpio: Add qe_gpio_set_multiple usb: host: exynos: Remove support for Exynos5440 clk: samsung: Remove support for Exynos5440 soc: sunxi: Add the A13, A23 and H3 system control compatibles reset: uniphier: add reset control support for SPI cpufreq: exynos: Remove support for Exynos5440 ata: ahci-platform: Remove support for Exynos5440 soc: imx6qp: Use GENPD_FLAG_ALWAYS_ON for PU errata soc: mediatek: pwrap: add mt6351 driver for mt6797 SoCs soc: mediatek: pwrap: add pwrap driver for mt6797 SoCs soc: mediatek: pwrap: fix cipher init setting error dt-bindings: pwrap: mediatek: add pwrap support for MT6797 reset: uniphier: add USB3 core reset control dt-bindings: reset: uniphier: add USB3 core reset support ... |
||
Dave Airlie
|
f4366e44ef |
drm-misc-next for 4.19:
Cross-subsystem Changes: - fix compile breakage on ION due to the dma-buf cleanups (Christian König) -----BEGIN PGP SIGNATURE----- iQIcBAABAgAGBQJbK4N3AAoJEEN0HIUfOBk00S0P/ikY6Xvkbjs4m6BkpFpuAguy n5biz7PgEc8xFsp7hs3rcax0U8cd/spJEOdvxhur18+RiEXwlT+9l2cn+7l++DjR uQ+bNHLlKSzX4weoj+MT/9U3gQmaOeVw8h2A8y0Un2fnM9Y+FWGR2PR75+Zl0Tl9 Zfbj2Zzx84lg0YEoX+HUBcgBEZ3jAPED3Wax7oEgNo0gAXHSTPQxSeHPgr6U3jxn NwcawNd5huZhMJ8KyiieTs7DXrlPjHl/wU7ogjQLOVQN0xh26GlZMX5AAkJTIu21 5trTNhV/EdKunbBJzt+RFQDslyFFwfSZM1DAuICbjrY10Hmuzkki7+MDxBprJMRj N9fkJqQUrot2XDisauCvCJ2QUKOVhTqwODx6iU7uvJa/kbCgTY/gY/yZHJ46DCTQ IVMUmoqxqA6eHrT7dyL2pvH5q6is5XjsrP8ehJ9m4zlcZDfRn7JwExY5kLKIEWtW vXBGatF4heZZznNuoo02TRLmiSZnfsYLdr1b1vpnxGvWiDL4FdQr7CIntRiw/qhy aj7dP+XaQoPAewkiK77FGLb44zgHtGvWQC/6L6+d20+X4/EoruMOesvoH8lCsL2c Ov3D9kORyjHQTNwW4BT6DdJRnnwdMuwlppT+z4jq51WoDIfwEn8lFZe1goRvn8o0 GvR2rUgq259pFn9tnsEu =qsFF -----END PGP SIGNATURE----- Merge tag 'drm-misc-next-2018-06-21' of git://anongit.freedesktop.org/drm/drm-misc into drm-next drm-misc-next for 4.19: UAPI Changes: - Add writeback connector (Brian Starkey/Liviu Dudau) - Add "content type" property to HDMI connectors (Stanislav Lisovskiy) Cross-subsystem Changes: - some devicetree Docs update - fix compile breakage on ION due to the dma-buf cleanups (Christian König) Core Changes: - Reject over-sized allocation requests early (Chris Wilson) - gem-fb-helper: Always do implicit sync (Daniel Vetter) - dma-buf cleanups (Christian König) Driver Changes: - Fixes for the otm8009a panel driver (Philippe Cornu) - Add Innolux TV123WAM panel driver support (Sandeep Panda) - Move GEM BO to drm_framebuffer in few drivers (Daniel Stone) - i915 pinning improvements (Chris Wilson) - Stop consulting plane->fb/crtc in a few drivers (Ville Syrjälä) Signed-off-by: Dave Airlie <airlied@redhat.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180621105428.GA20795@juma |
||
Christian König
|
f664a52695 |
dma-buf: remove kmap_atomic interface
Neither used nor correctly implemented anywhere. Just completely remove the interface. Signed-off-by: Christian König <christian.koenig@amd.com> Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> Acked-by: Sumit Semwal <sumit.semwal@linaro.org> Link: https://patchwork.freedesktop.org/patch/226645/ |
||
Sahil Malhotra
|
3249527f19 |
tee: optee: making OPTEE_SHM_NUM_PRIV_PAGES configurable via Kconfig
This change adds KCONFIG option to set number of pages out of whole shared memory to be used for OP-TEE driver private data structures. Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com> [jw: fixing trivial merge conflict] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Arnd Bergmann
|
cf89fe88a6 |
tee: replace getnstimeofday64() with ktime_get_real_ts64()
The two do the same thing, but we want to have a consistent naming in the kernel. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Etienne Carriere
|
ab9d3db5b3 |
tee: check shm references are consistent in offset/size
This change prevents userland from referencing TEE shared memory outside the area initially allocated by its owner. Prior this change an application could not reference or access memory it did not own but it could reference memory not explicitly allocated by owner but still allocated to the owner due to the memory allocation granule. Reported-by: Alexandre Jutras <alexandre.jutras@nxp.com> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Jann Horn
|
bb765d1c33 |
tee: shm: fix use-after-free via temporarily dropped reference
Bump the file's refcount before moving the reference into the fd table,
not afterwards. The old code could drop the file's refcount to zero for a
short moment before calling get_file() via get_dma_buf().
This code can only be triggered on ARM systems that use Linaro's OP-TEE.
Fixes:
|
||
Jérôme Forissier
|
5c5f80307a |
tee: optee: report OP-TEE revision information
When the driver initializes, report the following information about the OP-TEE OS: - major and minor version, - build identifier (if available). Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Matthias Brugger <mbruger@suse.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Jérôme Forissier
|
6e112de042 |
tee: optee: GET_OS_REVISION: document a2 as a build identifier
In the OPTEE_SMC_CALL_GET_OS_REVISION request, the previously reserved parameter a2 is now documented as being an optional build identifier (such as an SCM revision or commit ID, for instance). A new structure optee_smc_call_get_os_revision_result is introduced to be used when querying the secure OS version, instead of re-using the struct defined for OPTEE_SMC_CALLS_REVISION. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Matthias Brugger <mbruger@suse.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Peng Fan
|
7dd003aec2 |
tee: correct max value for id allocation
The privileged dev id range is [TEE_NUM_DEVICES / 2, TEE_NUM_DEVICES). The non-privileged dev id range is [0, TEE_NUM_DEVICES / 2). So when finding a slot for them, need to use different max value. Signed-off-by: Peng Fan <peng.fan@nxp.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Olof Johansson
|
ffdc98c4f2 |
This pull request updates the previous tee-drv-dynamic-shm-for-v4.16 pull
request with five new patches fixing review comments and errors. Apart from three small fixes there's two larger patches that in the end checks that memory to be registered really is normal cached memory. -----BEGIN PGP SIGNATURE----- iQI3BAABCgAhBQJaVzZeGhxqZW5zLndpa2xhbmRlckBsaW5hcm8ub3JnAAoJELWw uEGXj+zTbVMQAOK22g34O1EouTBpFvw/Ch4aZ7AFr+NoXxyphhIeg/4RpWwCpiCY +xDBv4aHk6Opv0uhWGJJHMzRgE6eNYjLVVd8tGpDtRdqQWJP0MYVH2sHu5bnfJZS LfDUk+t2ULxgzVvIBvyccslTSAGqc5K0mnzW3DXrwkKtRmpfl27tg/OFph08lHni dhAOeW4m6PGWcWlQklDlpykTt8KUHMaIx5eNx+IBCYDcfQkev3Te49EwDK05ObjU MC6M1rZJmzb28UumkUC1B8nyS/PqxB8xrkyqYqehic6eBH9WIAn+paaLgSjocvqc gXwScaTNyniUPBMR73sNyARzpYgI0CvcqJ9R0uIGlSmwj9LQqrc0vtiJAR0YDeir FzweH8uhkU2qhZjH3WSoLGS4CSm2scIhEE3jbHpRjDdqvajoQBbOxPKusQnIjs/p iDZwYKuvH2f7TQtdwigT36k7KP0688LRSUrp7CeY7sIlzj0M3CLEzU/5OORBgqIl 5KyOt6R8aVbQtABDBnzqIn1BYqA05KWzZFqwlDPckCNfBjgHd45rz4HGvwqCf9JI dKZ3VZDtBOeQIpBRj02mbEn0mUhDyztd7we+WkzTz0AxmEAw8r8yn1035WhZILGw ntXMk4PX9uVwQxReE0n1Gyv5UxCP1u+RMGE7G3hQoDBGNdhGxHw9bDqV =0+NS -----END PGP SIGNATURE----- Merge tag 'tee-drv-dynamic-shm+fixes-for-v4.16' of https://git.linaro.org/people/jens.wiklander/linux-tee into next/drivers This pull request updates the previous tee-drv-dynamic-shm-for-v4.16 pull request with five new patches fixing review comments and errors. Apart from three small fixes there's two larger patches that in the end checks that memory to be registered really is normal cached memory. * tag 'tee-drv-dynamic-shm+fixes-for-v4.16' of https://git.linaro.org/people/jens.wiklander/linux-tee: tee: shm: Potential NULL dereference calling tee_shm_register() tee: shm: don't put_page on null shm->pages tee: shm: make function __tee_shm_alloc static tee: optee: check type of registered shared memory tee: add start argument to shm_register callback Signed-off-by: Olof Johansson <olof@lixom.net> |
||
Dan Carpenter
|
2490cdf643 |
tee: shm: Potential NULL dereference calling tee_shm_register()
get_user_pages_fast() can return zero in certain error paths. We should
handle that or else it means we accidentally return ERR_PTR(0) which is
NULL instead of an error pointer. The callers are not expecting that
and will crash with a NULL dereference.
Fixes:
|
||
Colin Ian King
|
c94f31b526 |
tee: shm: don't put_page on null shm->pages
In the case that shm->pages fails to allocate, the current exit
error path will try to put_page on a null shm->pages and cause
a null pointer dereference when accessing shm->pages[n]. Fix this
by only performing the put_page and kfree on shm->pages if it
is not null.
Detected by CoverityScan, CID#1463283 ("Dereference after null check")
Fixes:
|
||
Colin Ian King
|
80ec6f5de6 |
tee: shm: make function __tee_shm_alloc static
The function __tee_shm_alloc is local to the source and does not need to be in global scope, so make it static. Cleans up sparse warning: symbol '__tee_shm_alloc' was not declared. Should it be static? Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Jens Wiklander
|
cdbcf83d29 |
tee: optee: check type of registered shared memory
Checks the memory type of the pages to be registered as shared memory. Only normal cached memory is allowed. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Jens Wiklander
|
95ffe4ca43 |
tee: add start argument to shm_register callback
Adds a start argument to the shm_register callback to allow the callback to check memory type of the passed pages. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Arnd Bergmann
|
f681e08f67 |
tee: optee: fix header dependencies
The optee driver includes the header files in an unusual order,
with asm/pgtable.h before the linux/*.h headers. For some reason
this seems to trigger a build failure:
drivers/tee/optee/call.c: In function 'optee_fill_pages_list':
include/asm-generic/memory_model.h:64:14: error: implicit declaration of function 'page_to_section'; did you mean '__nr_to_section'? [-Werror=implicit-function-declaration]
int __sec = page_to_section(__pg); \
drivers/tee/optee/call.c:494:15: note: in expansion of macro 'page_to_phys'
optee_page = page_to_phys(*pages) +
Let's just include linux/mm.h, which will then get the other
header implicitly.
Fixes:
|
||
Arnd Bergmann
|
bad19e0d04 |
This pull request enables dynamic shared memory support in the TEE
subsystem as a whole and in OP-TEE in particular. Global Platform TEE specification [1] allows client applications to register part of own memory as a shared buffer between application and TEE. This allows fast zero-copy communication between TEE and REE. But current implementation of TEE in Linux does not support this feature. Also, current implementation of OP-TEE transport uses fixed size pre-shared buffer for all communications with OP-TEE OS. This is okay in the most use cases. But this prevents use of OP-TEE in virtualized environments, because: a) We can't share the same buffer between different virtual machines b) Physically contiguous memory as seen by VM can be non-contiguous in reality (and as seen by OP-TEE OS) due to second stage of MMU translation. c) Size of this pre-shared buffer is limited. So, first part of this pull request adds generic register/unregister interface to tee subsystem. The second part adds necessary features into OP-TEE driver, so it can use not only static pre-shared buffer, but whole RAM to communicate with OP-TEE OS. This change is backwards compatible allowing older secure world or user space to work with newer kernels and vice versa. [1] https://www.globalplatform.org/specificationsdevice.asp -----BEGIN PGP SIGNATURE----- iQI3BAABCgAhBQJaM8X7GhxqZW5zLndpa2xhbmRlckBsaW5hcm8ub3JnAAoJELWw uEGXj+zThYsQAMPsMwvV977gLCnFxSZuIh1qnK5sXabpe4ITVOaUaxyCIoKAcROX exFdo1l+4UrOaEA9o06IROnHczCEz7IvGcPVYCB13tHwyfPsuicrdM0b/hm2Mehx MGYDsm3ZjnUTcZxGMNHYvCunNi84Rt1yOC8Mdx4kPhCI8ZCDqb9pV/Bb5wNLnkXS lXP/+EAkF0ECj88JUhgunkvL96QyK/PROCNUMWansB1RwglvyWy7IS/r03BW9Cpi 4Mtiywmj/KZO9To4LvWhPiX5xvdxe+VxXUD6BW9hVVOxmXGSTEwr9YYr0f7qWH5q HeTLzkOsRQ+uHkaSLZOJ1HkIsP0sYQ7tR6OaipAEMJIN87ktGr45uuxaMnJCV1Z/ tiKkGKJq9VISa7LA0Fv3nLhfYo8/jHiV/dV77FTreHhWimtVl3aiIkon+P/VSA7W Qstkq/v+djZXSmJ+dAcaRdukufWLUB4xhl27isnmaVjToFUHJH36wM9smtgXFygv DL8+5UBgsWPOlpJkIsTD/dwiQK+CeG4/SASgfe5DV7GVh+Z+71E2V40UQ9JoUROa Y33tPFWg07gG3cHAZYugKG2ucf4Yy3GXh5xZnjIq0Ye1U3/TnbK543V1y2N45vx0 xBWJFFh2blKD04QPynBFqKPKNc5d//OgeK3m4PBTYk2GoGIvnc5YxPTq =3iwl -----END PGP SIGNATURE----- Merge tag 'tee-drv-dynamic-shm-for-v4.16' of https://git.linaro.org/people/jens.wiklander/linux-tee into next/drivers Pull "tee dynamic shm for v4.16" from Jens Wiklander: This pull request enables dynamic shared memory support in the TEE subsystem as a whole and in OP-TEE in particular. Global Platform TEE specification [1] allows client applications to register part of own memory as a shared buffer between application and TEE. This allows fast zero-copy communication between TEE and REE. But current implementation of TEE in Linux does not support this feature. Also, current implementation of OP-TEE transport uses fixed size pre-shared buffer for all communications with OP-TEE OS. This is okay in the most use cases. But this prevents use of OP-TEE in virtualized environments, because: a) We can't share the same buffer between different virtual machines b) Physically contiguous memory as seen by VM can be non-contiguous in reality (and as seen by OP-TEE OS) due to second stage of MMU translation. c) Size of this pre-shared buffer is limited. So, first part of this pull request adds generic register/unregister interface to tee subsystem. The second part adds necessary features into OP-TEE driver, so it can use not only static pre-shared buffer, but whole RAM to communicate with OP-TEE OS. This change is backwards compatible allowing older secure world or user space to work with newer kernels and vice versa. [1] https://www.globalplatform.org/specificationsdevice.asp * tag 'tee-drv-dynamic-shm-for-v4.16' of https://git.linaro.org/people/jens.wiklander/linux-tee: tee: shm: inline tee_shm_get_id() tee: use reference counting for tee_context tee: optee: enable dynamic SHM support tee: optee: add optee-specific shared pool implementation tee: optee: store OP-TEE capabilities in private data tee: optee: add registered buffers handling into RPC calls tee: optee: add registered shared parameters handling tee: optee: add shared buffer registration functions tee: optee: add page list manipulation functions tee: optee: Update protocol definitions tee: shm: add page accessor functions tee: shm: add accessors for buffer size and page offset tee: add register user memory tee: flexible shared memory pool creation |
||
Arnd Bergmann
|
a8e9f5f672 |
Enable async communication with tee supplicant
This pull request enables asynchronous communication with TEE supplicant by introducing meta parameters in the user space API. The meta parameters can be used to tag requests with an id that can be matched against an asynchronous response as is done here in the OP-TEE driver. Asynchronous supplicant communication is needed by OP-TEE to implement GlobalPlatforms TEE Sockets API Specification v1.0.1. The specification is available at https://www.globalplatform.org/specificationsdevice.asp. This change is backwards compatible allowing older supplicants to work with newer kernels and vice versa. -----BEGIN PGP SIGNATURE----- iQI3BAABCgAhBQJaHoIkGhxqZW5zLndpa2xhbmRlckBsaW5hcm8ub3JnAAoJELWw uEGXj+zTdtoP/2/Og5YP0Xad0oRINgWJO/YnXT+kTHTHf35RuFA7LFbHdMNl4ZYx h7vTiHdgA1Bper+2ljLZdu2R36/za6LLVnof4p9WPDLueSJgH71jDMC3jVO0r1C7 SydYuCUtcdNTNObSSy3SJVdMZtCyXA+p3Z1VLdP9E3fSVYg/36JH9clqkB/LrTC+ NTC1w/g3cBcNIGj6kToPDwyXtKOk/9fMK7e4ylinscX0LyDmWTZyYRGrzB2gaek0 Xk1fSEprX5jor99GdU1WtYuO/6hk1T1LglD/L0ROO++7RQYZiAyO6Lgfyi6mvlMi 3oxuZRI3JZRR5hdzBzwxTpQGVVxj8ukYD/PFX0pBbw1XA9W9+gK7Du5OLmp4WZ+b t2Eg18pWivcRCmglpoS+VsirQkXT36ElCpHAK0QZ4gB2gVPFvNBjlFPD4xa5FsLw urO35ZLlj7b9VuEQQSJjif5FDc3sCyBlRuFQ1XCMXOeBULel8gnuWwyJRwwYhxIJ /moFkylFqOwewZui1oC1gmXCo/ud4xIw79+8HPN7ISves/bfJtDaMRK+YAFbPshl MbYCqRsr+B5o0MrFZbx+ofUNeJeh3Wwk/zdYoxTfRDGJ9ILBixBKCtPEmjX2MJGi Y66jiw73Yo0RsVTS3IO6sxFxsBi1mfGlpkUg4/pclr8Ijw71lc5msHkv =jsDo -----END PGP SIGNATURE----- Merge tag 'tee-drv-async-supplicant-for-v4.16' of https://git.linaro.org/people/jens.wiklander/linux-tee into next/drivers Pull "Enable async communication with tee supplicant" from Jens Wiklander: This pull request enables asynchronous communication with TEE supplicant by introducing meta parameters in the user space API. The meta parameters can be used to tag requests with an id that can be matched against an asynchronous response as is done here in the OP-TEE driver. Asynchronous supplicant communication is needed by OP-TEE to implement GlobalPlatforms TEE Sockets API Specification v1.0.1. The specification is available at https://www.globalplatform.org/specificationsdevice.asp. This change is backwards compatible allowing older supplicants to work with newer kernels and vice versa. * tag 'tee-drv-async-supplicant-for-v4.16' of https://git.linaro.org/people/jens.wiklander/linux-tee: optee: support asynchronous supplicant requests tee: add TEE_IOCTL_PARAM_ATTR_META tee: add tee_param_is_memref() for driver use |
||
Volodymyr Babchuk
|
ef8e08d24c |
tee: shm: inline tee_shm_get_id()
Now, when struct tee_shm is defined in public header, we can inline small getter functions like this one. Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Volodymyr Babchuk
|
217e0250cc |
tee: use reference counting for tee_context
We need to ensure that tee_context is present until last shared buffer will be freed. Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Volodymyr Babchuk
|
f58e236c9d |
tee: optee: enable dynamic SHM support
Previous patches added various features that are needed for dynamic SHM. Dynamic SHM allows Normal World to share any buffers with OP-TEE. While original design suggested to use pre-allocated region (usually of 1M to 2M of size), this new approach allows to use all non-secure RAM for command buffers, RPC allocations and TA parameters. This patch checks capability OPTEE_SMC_SEC_CAP_DYNAMIC_SHM. If it was set by OP-TEE, then kernel part of OP-TEE will use kernel page allocator to allocate command buffers. Also it will set TEE_GEN_CAP_REG_MEM capability to tell userspace that it supports shared memory registration. Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Volodymyr Babchuk
|
abd135ba21 |
tee: optee: add optee-specific shared pool implementation
This is simple pool that uses kernel page allocator. This pool can be used in case OP-TEE supports dynamic shared memory. Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Volodymyr Babchuk
|
d885cc5e07 |
tee: optee: store OP-TEE capabilities in private data
Those capabilities will be used in subsequent patches. Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Volodymyr Babchuk
|
53a107c812 |
tee: optee: add registered buffers handling into RPC calls
With latest changes to OP-TEE we can use any buffers as a shared memory. Thus, it is possible for supplicant to provide part of own memory when OP-TEE asks to allocate a shared buffer. This patch adds support for such feature into RPC handling code. Now when OP-TEE asks supplicant to allocate shared buffer, supplicant can use TEE_IOC_SHM_REGISTER to provide such buffer. RPC handler is aware of this, so it will pass list of allocated pages to OP-TEE. Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> [jw: fix parenthesis alignment in free_pages_list()] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Volodymyr Babchuk
|
64cf9d8a67 |
tee: optee: add registered shared parameters handling
Now, when client applications can register own shared buffers in OP-TEE, we need to extend ABI for parameter passing to/from OP-TEE. So, if OP-TEE core detects that parameter belongs to registered shared memory, it will use corresponding parameter attribute. Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Volodymyr Babchuk
|
06ca79179c |
tee: optee: add shared buffer registration functions
This change adds ops for shm_(un)register functions in tee interface. Client application can use these functions to (un)register an own shared buffer in OP-TEE address space. This allows zero copy data sharing between Normal and Secure Worlds. Please note that while those functions were added to optee code, it does not report to userspace that those functions are available. OP-TEE code does not set TEE_GEN_CAP_REG_MEM flag. This flag will be enabled only after all other features of dynamic shared memory will be implemented in subsequent patches. Of course user can ignore presence of TEE_GEN_CAP_REG_MEM flag and try do call those functions. This is okay, driver will register shared buffer in OP-TEE, but any attempts to use this shared buffer will fail. Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Volodymyr Babchuk
|
3bb48ba5cd |
tee: optee: add page list manipulation functions
These functions will be used to pass information about shared buffers to OP-TEE. ABI between Linux and OP-TEE is defined in optee_msg.h and optee_smc.h. optee_msg.h defines OPTEE_MSG_ATTR_NONCONTIG attribute for shared memory references and describes how such references should be passed. Note that it uses 64-bit page addresses even on 32 bit systems. This is done to support LPAE and to unify interface. Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> [jw: replacing uint64_t with u64 in optee_fill_pages_list()] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Volodymyr Babchuk
|
de5c6dfc43 |
tee: optee: Update protocol definitions
There were changes in REE<->OP-TEE ABI recently. Now ABI allows us to pass non-contiguous memory buffers as list of pages to OP-TEE. This can be achieved by using new parameter attribute OPTEE_MSG_ATTR_NONCONTIG. OP-TEE also is able to use all non-secure RAM for shared buffers. This new capability is enabled with OPTEE_SMC_SEC_CAP_DYNAMIC_SHM flag. This patch adds necessary definitions to the protocol definition files at Linux side. Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
Jens Wiklander
|
033ddf12bc |
tee: add register user memory
Added new ioctl to allow users register own buffers as a shared memory. Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> [jw: moved tee_shm_is_registered() declaration] [jw: added space after __tee_shm_alloc() implementation] Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |