https://source.android.com/security/bulletin/2018-09-01
CVE-2017-5754
Merge 4.14.68 into android-4.14
Changes in 4.14.68
crypto: vmx - Use skcipher for ctr fallback
vti6: fix PMTU caching and reporting on xmit
xfrm: fix missing dst_release() after policy blocking lbcast and multicast
xfrm: free skb if nlsk pointer is NULL
esp6: fix memleak on error path in esp6_input
mac80211: add stations tied to AP_VLANs during hw reconfig
ext4: clear mmp sequence number when remounting read-only
nl80211: Add a missing break in parse_station_flags
drm/bridge: adv7511: Reset registers on hotplug
scsi: target: iscsi: cxgbit: fix max iso npdu calculation
scsi: libiscsi: fix possible NULL pointer dereference in case of TMF
drm/imx: imx-ldb: disable LDB on driver bind
drm/imx: imx-ldb: check if channel is enabled before printing warning
nbd: don't requeue the same request twice.
nbd: handle unexpected replies better
usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller()
usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue()
usb: gadget: f_uac2: fix error handling in afunc_bind (again)
usb: gadget: u_audio: fix pcm/card naming in g_audio_setup()
usb: gadget: u_audio: update hw_ptr in iso_complete after data copied
usb: gadget: u_audio: remove caching of stream buffer parameters
usb: gadget: u_audio: remove cached period bytes value
usb: gadget: u_audio: protect stream runtime fields with stream spinlock
usb/phy: fix PPC64 build errors in phy-fsl-usb.c
tools: usb: ffs-test: Fix build on big endian systems
usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3'
netfilter: nft_set_hash: add rcu_barrier() in the nft_rhash_destroy()
bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd
netfilter: nf_tables: fix memory leaks on chain rename
netfilter: nf_tables: don't allow to rename to already-pending name
KVM: vmx: use local variable for current_vmptr when emulating VMPTRST
tools/power turbostat: fix -S on UP systems
net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
qed: Fix link flap issue due to mismatching EEE capabilities.
qed: Fix possible race for the link state value.
qed: Correct Multicast API to reflect existence of 256 approximate buckets.
atl1c: reserve min skb headroom
net: prevent ISA drivers from building on PPC32
can: mpc5xxx_can: check of_iomap return before use
can: m_can: Move accessing of message ram to after clocks are enabled
i2c: davinci: Avoid zero value of CLKH
perf/x86/amd/ibs: Don't access non-started event
media: staging: omap4iss: Include asm/cacheflush.h after generic includes
bnx2x: Fix invalid memory access in rss hash config path.
qmi_wwan: fix interface number for DW5821e production firmware
net: axienet: Fix double deregister of mdio
locking/rtmutex: Allow specifying a subclass for nested locking
i2c/mux, locking/core: Annotate the nested rt_mutex usage
sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE
x86/boot: Fix if_changed build flip/flop bug
fscache: Allow cancelled operations to be enqueued
cachefiles: Fix refcounting bug in backing-file read monitoring
cachefiles: Wait rather than BUG'ing on "Unexpected object collision"
selftests/ftrace: Add snapshot and tracing_on test case
hinic: Link the logical network device to the pci device in sysfs
ipc/sem.c: prevent queue.status tearing in semop
zswap: re-check zswap_is_full() after do zswap_shrink()
tools/power turbostat: Read extended processor family from CPUID
Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum"
ARC: dma [non-IOC] setup SMP_CACHE_BYTES and cache_line_size
bpf: use GFP_ATOMIC instead of GFP_KERNEL in bpf_parse_prog()
nfp: flower: fix port metadata conversion bug
enic: handle mtu change for vf properly
ARC: [plat-eznps] Add missing struct nps_host_reg_aux_dpc
arc: [plat-eznps] fix data type errors in platform headers
arc: [plat-eznps] fix printk warning in arc/plat-eznps/mtm.c
arc: fix build errors in arc/include/asm/delay.h
arc: fix type warnings in arc/mm/cache.c
sparc/time: Add missing __init to init_tick_ops()
sparc: use asm-generic version of msi.h
enic: do not call enic_change_mtu in enic_probe
squashfs metadata 2: electric boogaloo
mm: delete historical BUG from zap_pmd_range()
Squashfs: Compute expected length from inode size rather than block length
drivers: net: lmc: fix case value for target abort error
memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure
gpiolib-acpi: make sure we trigger edge events at least once on boot
scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send
scsi: fcoe: drop frames in ELS LOGO error path
scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO
scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED
mm/memory.c: check return value of ioremap_prot
mei: don't update offset in write
cifs: add missing debug entries for kconfig options
cifs: check kmalloc before use
smb3: enumerating snapshots was leaving part of the data off end
smb3: Do not send SMB3 SET_INFO if nothing changed
smb3: don't request leases in symlink creation and query
smb3: fill in statfs fsid and correct namelen
btrfs: use correct compare function of dirty_metadata_bytes
btrfs: don't leak ret from do_chunk_alloc
Btrfs: fix btrfs_write_inode vs delayed iput deadlock
iommu/arm-smmu: Error out only if not enough context interrupts
printk: Split the code for storing a message into the log buffer
printk: Create helper function to queue deferred console handling
printk/nmi: Prevent deadlock when accessing the main log buffer in NMI
kprobes/arm64: Fix %p uses in error messages
arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()
arm64: dts: rockchip: corrected uart1 clock-names for rk3328
KVM: arm/arm64: Skip updating PMD entry if no change
KVM: arm/arm64: Skip updating PTE entry if no change
s390/kvm: fix deadlock when killed by oom
stop_machine: Reflow cpu_stop_queue_two_works()
stop_machine: Atomically queue and wake stopper threads
ext4: check for NUL characters in extended attribute's name
ext4: sysfs: print ext4_super_block fields as little-endian
ext4: reset error code in ext4_find_entry in fallback
nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event
platform/x86: ideapad-laptop: Apply no_hw_rfkill to Y20-15IKBM, too
mm: move tlb_table_flush to tlb_flush_mmu_free
mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE
x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM
x86/speculation/l1tf: Suggest what to do on systems with too much RAM
x86/vdso: Fix vDSO build if a retpoline is emitted
x86/process: Re-export start_thread()
KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
x86/kvm/vmx: Remove duplicate l1d flush definitions
fuse: Don't access pipe->buffers without pipe_lock()
fuse: fix initial parallel dirops
fuse: fix double request_end()
fuse: fix unlocked access to processing queue
fuse: umount should wait for all requests
fuse: Fix oops at process_init_reply()
fuse: Add missed unlock_page() to fuse_readpages_fill()
udl-kms: change down_interruptible to down
udl-kms: handle allocation failure
udl-kms: fix crash due to uninitialized memory
udl-kms: avoid division
b43legacy/leds: Ensure NUL-termination of LED name string
b43/leds: Ensure NUL-termination of LED name string
ASoC: dpcm: don't merge format from invalid codec dai
ASoC: zte: Fix incorrect PCM format bit usages
ASoC: sirf: Fix potential NULL pointer dereference
pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show()
x86/vdso: Fix lsl operand order
x86/nmi: Fix NMI uaccess race against CR3 switching
x86/irqflags: Mark native_restore_fl extern inline
x86/spectre: Add missing family 6 check to microcode check
x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
hwmon: (nct6775) Fix potential Spectre v1
x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit()
s390/mm: fix addressing exception after suspend/resume
s390: fix br_r1_trampoline for machines without exrl
s390/qdio: reset old sbal_state flags
s390/numa: move initial setup of node_to_cpumask_map
s390/pci: fix out of bounds access during irq setup
kprobes/arm: Fix %p uses in error messages
kprobes: Make list and blacklist root user read only
MIPS: Correct the 64-bit DSP accumulator register size
MIPS: Always use -march=<arch>, not -<arch> shortcuts
MIPS: Change definition of cpu_relax() for Loongson-3
MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7
tpm: Return the actual size when receiving an unsupported command
scsi: mpt3sas: Fix _transport_smp_handler() error path
scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock
iscsi target: fix session creation failure handling
clk: rockchip: fix clk_i2sout parent selection bits on rk3399
PM / clk: signedness bug in of_pm_clk_add_clks()
power: generic-adc-battery: fix out-of-bounds write when copying channel properties
power: generic-adc-battery: check for duplicate properties copied from iio channels
watchdog: Mark watchdog touch functions as notrace
cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
gcc-plugins: Add include required by GCC release 8
gcc-plugins: Use dynamic initializers
Linux 4.14.68
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
