~kmously/ubuntu/+source/linux/+git/xenial:update-to-4.4.233

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

40a44da... by Greg Kroah-Hartman <email address hidden> on 2020-08-21

Linux 4.4.233

BugLink: https://bugs.launchpad.net/bugs/1892822

Tested-by: Guenter Roeck <email address hidden>
Tested-by: Shuah Khan <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

a03295a... by WANG Cong <email address hidden> on 2017-04-25

ipv6: check skb->protocol before lookup for nexthop

BugLink: https://bugs.launchpad.net/bugs/1892822

commit 199ab00f3cdb6f154ea93fa76fd80192861a821d upstream.

Andrey reported a out-of-bound access in ip6_tnl_xmit(), this
is because we use an ipv4 dst in ip6_tnl_xmit() and cast an IPv4
neigh key as an IPv6 address:

        neigh = dst_neigh_lookup(skb_dst(skb),
                                 &ipv6_hdr(skb)->daddr);
        if (!neigh)
                goto tx_err_link_failure;

        addr6 = (struct in6_addr *)&neigh->primary_key; // <=== HERE
        addr_type = ipv6_addr_type(addr6);

        if (addr_type == IPV6_ADDR_ANY)
                addr6 = &ipv6_hdr(skb)->daddr;

        memcpy(&fl6->daddr, addr6, sizeof(fl6->daddr));

Also the network header of the skb at this point should be still IPv4
for 4in6 tunnels, we shold not just use it as IPv6 header.

This patch fixes it by checking if skb->protocol is ETH_P_IPV6: if it
is, we are safe to do the nexthop lookup using skb_dst() and
ipv6_hdr(skb)->daddr; if not (aka IPv4), we have no clue about which
dest address we can pick here, we have to rely on callers to fill it
from tunnel config, so just fall to ip6_route_output() to make the
decision.

Fixes: ea3dc9601bda ("ip6_tunnel: Add support for wildcard tunnel endpoints.")
Reported-by: Andrey Konovalov <email address hidden>
Tested-by: Andrey Konovalov <email address hidden>
Cc: Steffen Klassert <email address hidden>
Signed-off-by: Cong Wang <email address hidden>
Signed-off-by: David S. Miller <email address hidden>
Signed-off-by: Alessio Balsini <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

8a40a3e... by Geert Uytterhoeven <email address hidden> on 2020-08-14

sh: landisk: Add missing initialization of sh_io_port_base

BugLink: https://bugs.launchpad.net/bugs/1892822

[ Upstream commit 0c64a0dce51faa9c706fdf1f957d6f19878f4b81 ]

The Landisk setup code maps the CF IDE area using ioremap_prot(), and
passes the resulting virtual addresses to the pata_platform driver,
disguising them as I/O port addresses. Hence the pata_platform driver
translates them again using ioport_map().
As CONFIG_GENERIC_IOMAP=n, and CONFIG_HAS_IOPORT_MAP=y, the
SuperH-specific mapping code in arch/sh/kernel/ioport.c translates
I/O port addresses to virtual addresses by adding sh_io_port_base, which
defaults to -1, thus breaking the assumption of an identity mapping.

Fix this by setting sh_io_port_base to zero.

Fixes: 37b7a97884ba64bf ("sh: machvec IO death.")
Signed-off-by: Geert Uytterhoeven <email address hidden>
Signed-off-by: Rich Felker <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

d3e74aa... by Dinghao Liu <email address hidden> on 2020-08-13

ALSA: echoaudio: Fix potential Oops in snd_echo_resume()

BugLink: https://bugs.launchpad.net/bugs/1892822

[ Upstream commit 5a25de6df789cc805a9b8ba7ab5deef5067af47e ]

Freeing chip on error may lead to an Oops at the next time
the system goes to resume. Fix this by removing all
snd_echo_free() calls on error.

Fixes: 47b5d028fdce8 ("ALSA: Echoaudio - Add suspend support #2")
Signed-off-by: Dinghao Liu <email address hidden>
Link: https://<email address hidden>
Signed-off-by: Takashi Iwai <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

0d2beb2... by Andy Shevchenko <email address hidden> on 2020-07-23

mfd: dln2: Run event handler loop under spinlock

BugLink: https://bugs.launchpad.net/bugs/1892822

[ Upstream commit 3d858942250820b9adc35f963a257481d6d4c81d ]

The event handler loop must be run with interrupts disabled.
Otherwise we will have a warning:

[ 1970.785649] irq 31 handler lineevent_irq_handler+0x0/0x20 enabled interrupts
[ 1970.792739] WARNING: CPU: 0 PID: 0 at kernel/irq/handle.c:159 __handle_irq_event_percpu+0x162/0x170
[ 1970.860732] RIP: 0010:__handle_irq_event_percpu+0x162/0x170
...
[ 1970.946994] Call Trace:
[ 1970.949446] <IRQ>
[ 1970.951471] handle_irq_event_percpu+0x2c/0x80
[ 1970.955921] handle_irq_event+0x23/0x43
[ 1970.959766] handle_simple_irq+0x57/0x70
[ 1970.963695] generic_handle_irq+0x42/0x50
[ 1970.967717] dln2_rx+0xc1/0x210 [dln2]
[ 1970.971479] ? usb_hcd_unmap_urb_for_dma+0xa6/0x1c0
[ 1970.976362] __usb_hcd_giveback_urb+0x77/0xe0
[ 1970.980727] usb_giveback_urb_bh+0x8e/0xe0
[ 1970.984837] tasklet_action_common.isra.0+0x4a/0xe0
...

Recently xHCI driver switched to tasklets in the commit 36dc01657b49
("usb: host: xhci: Support running urb giveback in tasklet context").

The handle_irq_event_* functions are expected to be called with interrupts
disabled and they rightfully complain here because we run in tasklet context
with interrupts enabled.

Use a event spinlock to protect event handler from being interrupted.

Note, that there are only two users of this GPIO and ADC drivers and both of
them are using generic_handle_irq() which makes above happen.

Fixes: 338a12814297 ("mfd: Add support for Diolan DLN-2 devices")
Signed-off-by: Andy Shevchenko <email address hidden>
Signed-off-by: Lee Jones <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

2886dfa... by Colin Ian King on 2020-08-12

fs/ufs: avoid potential u32 multiplication overflow

BugLink: https://bugs.launchpad.net/bugs/1892822

[ Upstream commit 88b2e9b06381551b707d980627ad0591191f7a2d ]

The 64 bit ino is being compared to the product of two u32 values,
however, the multiplication is being performed using a 32 bit multiply so
there is a potential of an overflow. To be fully safe, cast uspi->s_ncg
to a u64 to ensure a 64 bit multiplication occurs to avoid any chance of
overflow.

Fixes: f3e2a520f5fb ("ufs: NFS support")
Signed-off-by: Colin Ian King <email address hidden>
Signed-off-by: Andrew Morton <email address hidden>
Cc: Evgeniy Dushistov <email address hidden>
Cc: Alexey Dobriyan <email address hidden>
Link: http://<email address hidden>
Addresses-Coverity: ("Unintentional integer overflow")
Signed-off-by: Linus Torvalds <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

5481ca1... by Jeffrey Mitchell <email address hidden> on 2020-08-05

nfs: Fix getxattr kernel panic and memory overflow

BugLink: https://bugs.launchpad.net/bugs/1892822

[ Upstream commit b4487b93545214a9db8cbf32e86411677b0cca21 ]

Move the buffer size check to decode_attr_security_label() before memcpy()
Only call memcpy() if the buffer is large enough

Fixes: aa9c2669626c ("NFS: Client implementation of Labeled-NFS")
Signed-off-by: Jeffrey Mitchell <email address hidden>
[Trond: clean up duplicate test of label->len != 0]
Signed-off-by: Trond Myklebust <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

19f34b6... by Dan Carpenter <email address hidden> on 2020-06-26

drm/vmwgfx: Fix two list_for_each loop exit tests

BugLink: https://bugs.launchpad.net/bugs/1892822

[ Upstream commit 4437c1152ce0e57ab8f401aa696ea6291cc07ab1 ]

These if statements are supposed to be true if we ended the
list_for_each_entry() loops without hitting a break statement but they
don't work.

In the first loop, we increment "i" after the "if (i == unit)" condition
so we don't necessarily know that "i" is not equal to unit at the end of
the loop.

In the second loop we exit when mode is not pointing to a valid
drm_display_mode struct so it doesn't make sense to check "mode->type".

Fixes: a278724aa23c ("drm/vmwgfx: Implement fbdev on kms v2")
Signed-off-by: Dan Carpenter <email address hidden>
Reviewed-by: Roland Scheidegger <email address hidden>
Signed-off-by: Roland Scheidegger <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

0dd7ccd... by Colin Ian King on 2020-08-06

Input: sentelic - fix error return when fsp_reg_write fails

BugLink: https://bugs.launchpad.net/bugs/1892822

[ Upstream commit ea38f06e0291986eb93beb6d61fd413607a30ca4 ]

Currently when the call to fsp_reg_write fails -EIO is not being returned
because the count is being returned instead of the return value in retval.
Fix this by returning the value in retval instead of count.

Addresses-Coverity: ("Unused value")
Fixes: fc69f4a6af49 ("Input: add new driver for Sentelic Finger Sensing Pad")
Signed-off-by: Colin Ian King <email address hidden>
Link: https://<email address hidden>
Signed-off-by: Dmitry Torokhov <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>

577ed86... by Xu Wang <email address hidden> on 2020-07-13

clk: clk-atlas6: fix return value check in atlas6_clk_init()

BugLink: https://bugs.launchpad.net/bugs/1892822

[ Upstream commit 12b90b40854a8461a02ef19f6f4474cc88d64b66 ]

In case of error, the function clk_register() returns ERR_PTR()
and never returns NULL. The NULL test in the return value check
should be replaced with IS_ERR().

Signed-off-by: Xu Wang <email address hidden>
Link: https://<email address hidden>
Acked-by: Barry Song <email address hidden>
Fixes: 7bf21bc81f28 ("clk: sirf: re-arch to make the codes support both prima2 and atlas6")
Signed-off-by: Stephen Boyd <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>