https://source.android.com/security/bulletin/2019-10-01
CVE-2018-19824
Merge 4.9.196 into android-4.9-o

Changes in 4.9.196
	drm/bridge: tc358767: Increase AUX transfer length limit
	video: ssd1307fb: Start page range at page_offset
	drm/radeon: Fix EEH during kexec
	gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property()
	ipmi_si: Only schedule continuously in the thread in maintenance mode
	clk: qoriq: Fix -Wunused-const-variable
	clk: sirf: Don't reference clk_init_data after registration
	powerpc/rtas: use device model APIs and serialization during LPM
	powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function
	powerpc/pseries/mobility: use cond_resched when updating device tree
	pinctrl: tegra: Fix write barrier placement in pmx_writel
	vfio_pci: Restore original state on release
	drm/amdgpu/si: fix ASIC tests
	powerpc/64s/exception: machine check use correct cfar for late handler
	powerpc/pseries: correctly track irq state in default idle
	arm64: fix unreachable code issue with cmpxchg
	clk: at91: select parent if main oscillator or bypass is enabled
	scsi: core: Reduce memory required for SCSI logging
	MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean
	mfd: intel-lpss: Remove D3cold delay
	PCI: tegra: Fix OF node reference leak
	ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes
	HID: apple: Fix stuck function keys when using FN
	security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()
	ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned address
	fat: work around race with userspace's read via blockdev while mounting
	hypfs: Fix error number left in struct pointer member
	ocfs2: wait for recovering done after direct unlock request
	kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
	ANDROID: binder: remove waitqueue when thread exits.
	ANDROID: binder: synchronize_rcu() when using POLLFREE.
	cxgb4:Fix out-of-bounds MSI-X info array access
	hso: fix NULL-deref on tty open
	ipv6: drop incoming packets having a v4mapped source address
	net: ipv4: avoid mixed n_redirects and rate_tokens usage
	net: qlogic: Fix memory leak in ql_alloc_large_buffers
	net: Unpublish sk from sk_reuseport_cb before call_rcu
	nfc: fix memory leak in llcp_sock_bind()
	qmi_wwan: add support for Cinterion CLS8 devices
	sch_dsmark: fix potential NULL deref in dsmark_init()
	net/rds: Fix error handling in rds_ib_add_one()
	xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
	sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
	ipv6: Handle missing host route in __ipv6_ifa_notify
	Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
	smack: use GFP_NOFS while holding inode_smack::smk_lock
	NFC: fix attrs checks in netlink interface
	Linux 4.9.196

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>