Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge tag 'ASB-2024-06-05_4.19-stable' of https://android.googlesourc…
…e.com/kernel/common into android13-4.19-kona https://source.android.com/docs/security/bulletin/2024-06-01 CVE-2024-26926 * tag 'ASB-2024-06-05_4.19-stable' of https://android.googlesource.com/kernel/common: BACKPORT: net: fix __dst_negative_advice() race Linux 4.19.315 docs: kernel_include.py: Cope with docutils 0.21 serial: kgdboc: Fix NMI-safety problems from keyboard reset code tracing: Remove unnecessary var_ref destroy in track_data_destroy() tracing: Generalize hist trigger onmax and save action tracing: Split up onmatch action data tracing: Refactor hist trigger action code tracing: Have the historgram use the result of str_has_prefix() for len of prefix tracing: Use str_has_prefix() instead of using fixed sizes tracing: Use str_has_prefix() helper for histogram code string.h: Add str_has_prefix() helper function tracing: Consolidate trace_add/remove_event_call back to the nolock functions tracing: Remove unneeded synth_event_mutex tracing: Use dyn_event framework for synthetic events tracing: Add unified dynamic event framework tracing: Simplify creation and deletion of synthetic events btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() dm: limit the number of targets and parameter size area Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems" Linux 4.19.314 af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). net: fix out-of-bounds access in ops_init drm/vmwgfx: Fix invalid reads in fence signaled events dyndbg: fix old BUG_ON in >control parser tipc: fix UAF in error path usb: gadget: f_fs: Fix a race condition when processing setup packets. usb: gadget: composite: fix OS descriptors w_value logic firewire: nosy: ensure user_length is taken into account when fetching packet contents af_unix: Fix garbage collector racing against connect() af_unix: Do not use atomic ops for unix_sk(sk)->inflight. ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() net: bridge: fix corrupted ethernet header on multicast-to-unicast phonet: fix rtm_phonet_notify() skb allocation rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets tcp: remove redundant check on tskb net:usb:qmi_wwan: support Rolling modules fs/9p: drop inodes immediately on non-.L too gpio: crystalcove: Use -ENOTSUPP consistently gpio: wcove: Use -ENOTSUPP consistently 9p: explicitly deny setlease attempts fs/9p: translate O_TRUNC into OTRUNC fs/9p: only translate RWX permissions for plain 9P2000 selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior scsi: target: Fix SELinux error when systemd-modules loads the target module btrfs: always clear PERTRANS metadata during commit btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve tools/power turbostat: Fix Bzy_MHz documentation typo tools/power turbostat: Fix added raw MSR output firewire: ohci: mask bus reset interrupts between ISR and bottom half ata: sata_gemini: Check clk_enable() result net: bcmgenet: Reset RBUF on first open ALSA: line6: Zero-initialize message buffers scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload net: mark racy access on sk->sk_rcvbuf wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc gfs2: Fix invalid metadata access in punch_hole scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic tipc: fix a possible memleak in tipc_buf_append net: bridge: fix multicast-to-unicast with fraglist GSO net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 net: dsa: mv88e6xxx: Add number of MACs in the ATU net l2tp: drop flow hash on forward nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). bna: ensure the copied buf is NUL terminated s390/mm: Fix clearing storage keys for huge pages s390/mm: Fix storage key clearing for guest huge pages pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() power: rt9455: hide unused rt9455_boost_voltage_values pinctrl: core: delete incorrect free in pinctrl_enable() ethernet: Add helper for assigning packet type when dest address does not match device address ethernet: add a helper for assigning port addresses net: slightly optimize eth_type_trans drm/amdgpu: Fix leak when GPU memory allocation fails drm/amdkfd: change system memory overcommit limit wifi: nl80211: don't free NULL coalescing rule dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" dmaengine: pl330: issue_pending waits until WFP state Linux 4.19.313 serial: core: fix kernel-doc for uart_port_unlock_irqrestore() udp: preserve the connected status if only UDP cmsg Revert "y2038: rusage: use __kernel_old_timeval" Revert "loop: Remove sector_t truncation checks" HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up i2c: smbus: fix NULL function pointer dereference idma64: Don't try to serve interrupts when device is powered off dmaengine: owl: fix register access functions tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() tcp: Clean up kernel listener's reqsk in inet_twsk_purge() mtd: diskonchip: work around ubsan link failure stackdepot: respect __GFP_NOLOCKDEP allocation flag net: b44: set pause params only when interface is up irqchip/gic-v3-its: Prevent double free on error arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together tracing: Show size of requested perf buffer Revert "crypto: api - Disallow identical driver names" drm/amdgpu: validate the parameters of bo mapping operations more clearly amdgpu: validate offset_in_bo of drm_amdgpu_gem_va drm/amdgpu: restrict bo mapping within gpu address limits serial: mxs-auart: add spinlock around changing cts state serial: core: Provide port lock wrappers i40e: Do not use WQ_MEM_RECLAIM flag for workqueue net: openvswitch: Fix Use-After-Free in ovs_ct_exit net: openvswitch: ovs_ct_exit to be done under ovs_lock ipvs: Fix checksumming on GSO of SCTP packets net: gtp: Fix Use-After-Free in gtp_dellink net: usb: ax88179_178a: stop lying about skb->truesize NFC: trf7970a: disable all regulators on removal mlxsw: core: Unregister EMAD trap using FORWARD action vxlan: drop packets from invalid src-address ARC: [plat-hsdk]: Remove misplaced interrupt-cells property arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" arm64: dts: mediatek: mt7622: fix IR nodename arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma arm64: dts: rockchip: fix alphabetical ordering RK3399 puma tracing: Use var_refs[] for hist trigger reference checking tracing: Remove hist trigger synth_var_refs nilfs2: fix OOB in nilfs_set_de_type nouveau: fix instmem race condition around ptr stores fs: sysfs: Fix reference leak in sysfs_break_active_protection() speakup: Avoid crash on very long word usb: dwc2: host: Fix dereference issue in DDMA completion flow. Revert "usb: cdc-wdm: close race between read and workqueue" USB: serial: option: add Telit FN920C04 rmnet compositions USB: serial: option: add Rolling RW101-GL and RW135-GL support USB: serial: option: support Quectel EM060K sub-models USB: serial: option: add Lonsung U8300/U9300 product USB: serial: option: add support for Fibocom FM650/FG650 USB: serial: option: add Fibocom FM135-GL variants serial/pmac_zilog: Remove flawed mitigation for rx irq flood comedi: vmk80xx: fix incomplete endpoint checking drm: nv04: Fix out of bounds access RDMA/mlx5: Fix port number for counter query in multi-port configuration tun: limit printing rate when illegal packet received by tun dev netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() netfilter: nf_tables: __nft_expr_type_get() selects specific family type Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" kprobes: Fix possible use-after-free issue on kprobe registration selftests/ftrace: Limit length in subsystem-enable tests btrfs: record delayed inode root in transaction x86/apic: Force native_apic_mem_read() to use the MOV instruction selftests: timers: Fix abs() warning in posix_timers test vhost: Add smp_rmb() in vhost_vq_avail_empty() tracing: hide unused ftrace_event_id_fops net/mlx5: Properly link new fs rules into the tree ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr ipv4/route: avoid unused-but-set-variable warning ipv6: fib: hide unused 'pn' variable geneve: fix header validation in geneve[6]_xmit_skb nouveau: fix function cast warning Bluetooth: Fix memory leak in hci_req_sync_complete() batman-adv: Avoid infinite loop trying to resize local TT Conflicts: drivers/net/usb/ax88179_178a.c Change-Id: I73f07cafe3403d98dad2e4a8b34f89cfbd49818c
- Loading branch information