https://source.android.com/security/bulletin/2019-02-01
CVE-2018-10879
CVE-2019-2000
CVE-2019-2001
Fix for CVE-2019-1999 not publicly available yet
Merge 4.4.172 into android-4.4-p
Changes in 4.4.172
tty/ldsem: Wake up readers after timed out down_write()
can: gw: ensure DLC boundaries after CAN frame modification
f2fs: clean up argument of recover_data
f2fs: cover more area with nat_tree_lock
f2fs: move sanity checking of cp into get_valid_checkpoint
f2fs: fix to convert inline directory correctly
f2fs: give -EINVAL for norecovery and rw mount
f2fs: remove an obsolete variable
f2fs: factor out fsync inode entry operations
f2fs: fix inode cache leak
f2fs: fix to avoid reading out encrypted data in page cache
f2fs: not allow to write illegal blkaddr
f2fs: avoid unneeded loop in build_sit_entries
f2fs: use crc and cp version to determine roll-forward recovery
f2fs: introduce get_checkpoint_version for cleanup
f2fs: put directory inodes before checkpoint in roll-forward recovery
f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack
f2fs: detect wrong layout
f2fs: free meta pages if sanity check for ckpt is failed
f2fs: fix race condition in between free nid allocator/initializer
f2fs: return error during fill_super
f2fs: check blkaddr more accuratly before issue a bio
f2fs: sanity check on sit entry
f2fs: enhance sanity_check_raw_super() to avoid potential overflow
f2fs: clean up with is_valid_blkaddr()
f2fs: introduce and spread verify_blkaddr
f2fs: fix to do sanity check with secs_per_zone
f2fs: fix to do sanity check with user_block_count
f2fs: Add sanity_check_inode() function
f2fs: fix to do sanity check with node footer and iblocks
f2fs: fix to do sanity check with reserved blkaddr of inline inode
f2fs: fix to do sanity check with block address in main area
f2fs: fix to do sanity check with block address in main area v2
f2fs: fix to do sanity check with cp_pack_start_sum
f2fs: fix invalid memory access
f2fs: fix missing up_read
f2fs: fix validation of the block count in sanity_check_raw_super
media: em28xx: Fix misplaced reset of dev->v4l::field_count
proc: Remove empty line in /proc/self/status
arm64/kvm: consistently handle host HCR_EL2 flags
arm64: Don't trap host pointer auth use to EL2
ipv6: fix kernel-infoleak in ipv6_local_error()
net: bridge: fix a bug on using a neighbour cache entry without checking its state
packet: Do not leak dev refcounts on error exit
ip: on queued skb use skb_header_pointer instead of pskb_may_pull
crypto: authencesn - Avoid twice completion call in decrypt path
crypto: authenc - fix parsing key with misaligned rta_len
btrfs: wait on ordered extents on abort cleanup
Yama: Check for pid death before checking ancestry
scsi: sd: Fix cache_type_store()
mips: fix n32 compat_ipc_parse_version
mfd: tps6586x: Handle interrupts on suspend
Disable MSI also when pcie-octeon.pcie_disable on
omap2fb: Fix stack memory disclosure
media: vivid: fix error handling of kthread_run
media: vivid: set min width/height to a value > 0
LSM: Check for NULL cred-security on free
media: vb2: vb2_mmap: move lock up
sunrpc: handle ENOMEM in rpcb_getport_async
selinux: fix GPF on invalid policy
sctp: allocate sctp_sockaddr_entry with kzalloc
tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
tipc: fix uninit-value in tipc_nl_compat_bearer_enable
tipc: fix uninit-value in tipc_nl_compat_link_set
tipc: fix uninit-value in tipc_nl_compat_name_table_dump
tipc: fix uninit-value in tipc_nl_compat_doit
block/loop: Use global lock for ioctl() operation.
loop: Fold __loop_release into loop_release
loop: Get rid of loop_index_mutex
loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
media: vb2: be sure to unlock mutex on errors
r8169: Add support for new Realtek Ethernet
ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE
platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey
e1000e: allow non-monotonic SYSTIM readings
writeback: don't decrement wb->refcnt if !wb->bdi
MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
arm64: perf: set suppress_bind_attrs flag to true
jffs2: Fix use of uninitialized delayed_work, lockdep breakage
pstore/ram: Do not treat empty buffers as valid
powerpc/pseries/cpuidle: Fix preempt warning
media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
net: call sk_dst_reset when set SO_DONTROUTE
scsi: target: use consistent left-aligned ASCII INQUIRY data
clk: imx6q: reset exclusive gates on init
kconfig: fix file name and line number of warn_ignored_character()
kconfig: fix memory leak when EOF is encountered in quotation
mmc: atmel-mci: do not assume idle after atmci_request_end
perf intel-pt: Fix error with config term "pt=0"
perf svghelper: Fix unchecked usage of strncpy()
perf parse-events: Fix unchecked usage of strncpy()
dm kcopyd: Fix bug causing workqueue stalls
dm snapshot: Fix excessive memory usage and workqueue stalls
ALSA: bebob: fix model-id of unit for Apogee Ensemble
sysfs: Disable lockdep for driver bind/unbind files
scsi: megaraid: fix out-of-bound array accesses
ocfs2: fix panic due to unrecovered local alloc
mm/page-writeback.c: don't break integrity writeback on ->writepage() error
mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
net: speed up skb_rbtree_purge()
ipmi:ssif: Fix handling of multi-part return messages
Linux 4.4.172
Change-Id: Icbea295f7501881279bdb3a111abfc96c6aa67fc
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
