Prevents mishandling USB requests that are no longer present.
Bug: 161010552
Fixes: 483cb5629e ("ANDROID: usb: gadget: f_accessory: Add Android Accessory function")
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: I8ff24d6d49214c3bd10a1b5d5e72814ec2a91c61
Steps on the way to 5.16-rc3
Resolves conflicts in:
drivers/hid/hid-nintendo.c
due to the android tree sticking with the old version of this driver.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0a4f24f71ee4eb095a5b24a547de33931ecb3922
Pull parisc fixes from Helge Deller:
"Increase the FRAME_WARN value to avoid some new warnings which showed
up in the Linux kernel test project, revert a patch which moved the
_stext symbol and thus tiggered errors in the hardened usercopy
checks, and introduce an extru_safe() assembler macro to overcome
possible unsafe usage of the extru asm statement on 64-bit PA2.0
machines"
* tag 'for-5.16/parisc-5' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
Revert "parisc: Fix backtrace to always include init funtion names"
parisc: Convert PTE lookup to use extru_safe() macro
parisc: Fix extraction of hash lock bits in syscall.S
parisc: Provide an extru_safe() macro to extract unsigned bits
parisc: Increase FRAME_WARN to 2048 bytes on parisc
Pull tracing fix from Steven Rostedt:
"Fix wrong uprobe variable in iterator
uprobe_perf_open() processes a list of probes, but due to a missing
setting of the uprobe to be processed, the loop processes the head
probe instead of the added probes"
* tag 'trace-v5.16-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing/uprobe: Fix uprobe_perf_open probes iteration
Pull HID fixes from Jiri Kosina:
- fix for Intel-ISH driver to make sure it gets aoutoloaded only on
matching devices and not universally (Thomas Weißschuh)
- fix for Wacom driver reporting invalid contact under certain
circumstances (Jason Gerecke)
- probing fix for ft260 dirver (Michael Zaidman)
- fix for generic keycode remapping (Thomas Weißschuh)
- fix for division by zero in hid-magicmouse (Claudia Pellegrino)
- other tiny assorted fixes and new device IDs
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
HID: multitouch: Fix Iiyama ProLite T1931SAW (0eef:0001 again!)
HID: nintendo: eliminate dead datastructures in !CONFIG_NINTENDO_FF case
HID: magicmouse: prevent division by 0 on scroll
HID: thrustmaster: fix sparse warnings
HID: Ignore battery for Elan touchscreen on HP Envy X360 15-eu0xxx
HID: input: set usage type to key on keycode remap
HID: input: Fix parsing of HID_CP_CONSUMER_CONTROL fields
HID: ft260: fix i2c probing for hwmon devices
Revert "HID: hid-asus.c: Maps key 0x35 (display off) to KEY_SCREENLOCK"
HID: intel-ish-hid: fix module device-id handling
mod_devicetable: fix kdocs for ishtp_device_id
HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts
HID: nintendo: unlock on error in joycon_leds_create()
platform/x86: isthp_eclite: only load for matching devices
platform/chrome: chros_ec_ishtp: only load for matching devices
HID: intel-ish-hid: hid-client: only load for matching devices
HID: intel-ish-hid: fw-loader: only load for matching devices
HID: intel-ish-hid: use constants for modaliases
HID: intel-ish-hid: add support for MODULE_DEVICE_TABLE()
Pull SELinux fix from Paul Moore:
"A fix to make sure things are handled correctly when an allocation
fails"
* tag 'selinux-pr-20211123' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: fix NULL-pointer dereference when hashtab allocation fails
Pull sound fixes from Takashi Iwai:
"A lot of small changes at this time.
There are many ASoC fixes, and the majority of them are new machine
quirks for Intel platforms, as well as the device-specific fixes for
Mediatek and Qualcomm.
In addition, a regression fix for USB-audio and a few more HD- and
USB-audio quirks are found here"
* tag 'sound-5.16-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (41 commits)
ALSA: intel-dsp-config: add quirk for JSL devices based on ES8336 codec
ALSA: usb-audio: Don't start stream for capture at prepare
ALSA: usb-audio: Switch back to non-latency mode at a later point
ALSA: ctxfi: Fix out-of-range access
ALSA: hda/realtek: Fix LED on HP ProBook 435 G7
ASoC: stm32: i2s: fix 32 bits channel length without mclk
ASoC: codecs: lpass-rx-macro: fix HPHR setting CLSH mask
ASoC: codecs: wcd934x: return error code correctly from hw_params
ASoC: codecs: wcd938x: fix volatile register range
ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
ASoC: qdsp6: q6routing: validate port id before setting up route
ASoC: qdsp6: q6adm: improve error reporting
ASoC: qdsp6: q6asm: fix q6asm_dai_prepare error handling
ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer
ASoC: qdsp6: qdsp6: q6prm: handle clk disable correctly
ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret'
ALSA: cmipci: Drop stale variable assignment
ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100
ASoC: rsnd: fixup DMAEngine API
ASoC: SOF: build compression interface into snd_sof.ko
...
This reverts commit 3d1f7b2753 as it is no
longer needed because the config options got renamed back (thankfully)
in commit a8b76910e4 ("preempt: Restore preemption model selection
configs")
Fixes: a8b76910e4 ("preempt: Restore preemption model selection configs")
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id51a4f54483cb39f99fb0e8242277c1e9c67a9e5
Commit cf30f6a5f0 ("lib: zstd: Add kernel-specific API") changed the
zstd api. Given that the incfs code is not in the kernel tree, it was
not also converted so do that here to keep the build working properly.
Fixes: cf30f6a5f0 ("lib: zstd: Add kernel-specific API")
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2e786a5e032adf104c0f3778bfb516a58c134047
Pull media fixes from Mauro Carvalho Chehab:
- fix VIDIOC_DQEVENT ioctl handling for 32-bit userspace with a 64-bit
kernel
- regression fix for videobuf2 core
- fix for CEC core when handling non-block transmit
- hi846: fix a clang warning
* tag 'media/v5.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
media: hi846: remove the of_match_ptr macro
media: hi846: include property.h instead of of_graph.h
media: cec: copy sequence field for the reply
media: videobuf2-dma-sg: Fix buf->vb NULL pointer dereference
media: v4l2-core: fix VIDIOC_DQEVENT handling on non-x86
We must flush the TLB before releasing i_mmap_rwsem to avoid the
potential reuse of an unshared PMDs page. This is not true in the case
of move_hugetlb_page_tables(). The last reference on the page table can
therefore be dropped before the TLB flush took place.
Prevent it by reordering the operations and flushing the TLB before
releasing i_mmap_rwsem.
Fixes: 550a7d60bd ("mm, hugepages: add mremap() support for hugepage backed vma")
Signed-off-by: Nadav Amit <namit@vmware.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Mina Almasry <almasrymina@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
When __unmap_hugepage_range() calls to huge_pmd_unshare() succeed, a TLB
flush is missing. This TLB flush must be performed before releasing the
i_mmap_rwsem, in order to prevent an unshared PMDs page from being
released and reused before the TLB flush took place.
Arguably, a comprehensive solution would use mmu_gather interface to
batch the TLB flushes and the PMDs page release, however it is not an
easy solution: (1) try_to_unmap_one() and try_to_migrate_one() also call
huge_pmd_unshare() and they cannot use the mmu_gather interface; and (2)
deferring the release of the page reference for the PMDs page until
after i_mmap_rwsem is dropeed can confuse huge_pmd_unshare() into
thinking PMDs are shared when they are not.
Fix __unmap_hugepage_range() by adding the missing TLB flush, and
forcing a flush when unshare is successful.
Fixes: 24669e5847 ("hugetlb: use mmu_gather instead of a temporary linked list for accumulating pages)" # 3.6
Signed-off-by: Nadav Amit <namit@vmware.com>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This reverts commit 9a868c8ad3.
Currently breaks the build due to the modified Android UFS/Crypto
code, so revert this until it is worked out...
Cc: Eric Biggers <ebiggers@google.com>
Cc: Bart Van Assche <bvanassche@google.com>
Fixes: 9a868c8ad3 ("scsi: ufs: core: Add a compile-time structure size check")
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8ad94a4c50d9d28fb21ce691dd6cb34090668b03
Steps on the way to 5.16-rc1
Resolves conflicts in:
drivers/scsi/ufs/ufshcd.c
drivers/scsi/ufs/ufshcd.h
Will not build due to a static_assert() in the ufs code that will be
reverted in a later commit.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I244662dad7bb84192c0762af96b53111375fa6c4
This reverts commit 172272a5e9.
Should not be needed to be reverted anymore.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I76fb807a7cd7bd8aad0f55f3d9394d2a2c5b2f7a
This reverts commit e8a7240707.
Should not need to be reverted anymore.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I02a86e831986a5e0a8e85f54df6443e66920996e
Steps on the way to 5.16-rc1
Resolves conflicts in:
drivers/base/power/main.c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2608b73108fff680b947c585bf06799fe3f18d1d
Steps on the way to 5.16-rc1
Resolves merge conflicts in:
drivers/md/Kconfig
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I12d7a103b2db90569873d721a5a07fbc54c1a35b
Steps on the way to 5.16-rc1
Resolves conflicts in:
fs/overlayfs/file.c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I78b4136a37129bcbd964bebc95243a51831bb7e6
Commit 53944f171a ("mm: remove HARDENED_USERCOPY_FALLBACK") removed
the config option from the kernel, so it also needs to be removed from
the gki_defconfig files in order for the build to work properly.
Fixes: 53944f171a ("mm: remove HARDENED_USERCOPY_FALLBACK")
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I96185cd7bf64da0287f72e00dafa2cb13bbda7f5
This reverts commit c37495d625 which
is part of a series of patches that causes cuttlefish to crash.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie90f9d34180103cc05a3fe77d2446c10ed59d006
This reverts commit 56bcf40f91 which
is part of a series of patches that causes cuttlefish to crash.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I768a93d9a714dfe651a191a51dc3f8c243f5aef6
This reverts commit 894f24bb56 which
is part of a series of patches that causes cuttlefish to crash.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I70b1f906e111b7286afbd3c28f4743fa2e66c944
This reverts commit abd58f38df which
is part of a series of patches that causes cuttlefish to crash.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia06014d446c59d87b8fb642e4ed74e08a2ef0f2f
This reverts commit 17197dd460 which
is part of a series of patches that causes cuttlefish to crash.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id09ab4af153c29fcb6373acb96463dea6ffda9ee
This reverts commit 279917e27e.
With the CONFIG_HARDENED_USERCOPY option enabled, this patch triggers
kernel bugs at runtime:
usercopy: Kernel memory overwrite attempt detected to kernel text (offset 2084839, size 6)!
kernel BUG at mm/usercopy.c:99!
Backtrace:
IAOQ[0]: usercopy_abort+0xc4/0xe8
[<00000000406ed1c8>] __check_object_size+0x174/0x238
[<00000000407086d4>] copy_strings.isra.0+0x3e8/0x708
[<0000000040709a20>] do_execveat_common.isra.0+0x1bc/0x328
[<000000004070b760>] compat_sys_execve+0x7c/0xb8
[<0000000040303eb8>] syscall_exit+0x0/0x14
The problem is, that we have an init section of at least 2MB size which
starts at _stext and is freed after bootup.
If then later some kernel data is (temporarily) stored in this free
memory, check_kernel_text_object() will trigger a bug since the data
appears to be inside the kernel text (>=_stext) area:
if (overlaps(ptr, len, _stext, _etext))
usercopy_abort("kernel text");
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@kernel.org # 5.4+
The extru instruction leaves the most significant 32 bits of the target
register in an undefined state on PA 2.0 systems. If any of these bits
are nonzero, this will break the calculation of the lock pointer.
Fix by using extrd,u instruction via extru_safe macro on 64-bit kernels.
Signed-off-by: John David Anglin <dave.anglin@bell.net>
Signed-off-by: Helge Deller <deller@gmx.de>
The extru instruction leaves the most significant 32 bits of the
target register in an undefined state on PA 2.0 systems.
Provide a macro to safely use extru on 32- and 64-bit machines.
Suggested-by: John David Anglin <dave.anglin@bell.net>
Signed-off-by: Helge Deller <deller@gmx.de>
PA-RISC uses a much bigger frame size for functions than other
architectures. So increase it to 2048 for 32- and 64-bit kernels.
This fixes e.g. a warning in lib/xxhash.c.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Helge Deller <deller@gmx.de>
