https://source.android.com/security/bulletin/2020-11-01
CVE-2020-0423
Merge 4.4.241 into android-4.4-o

Changes in 4.4.241
	ibmveth: Identify ingress large send packets.
	tipc: fix the skb_unshare() in tipc_buf_append()
	net/ipv4: always honour route mtu during forwarding
	r8169: fix data corruption issue on RTL8402
	ALSA: bebob: potential info leak in hwdep_read()
	mm/kasan: print name of mem[set,cpy,move]() caller in report
	mm/kasan: add API to check memory regions
	compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
	compiler.h: Add read_word_at_a_time() function.
	lib/strscpy: Shut up KASAN false-positives in strscpy()
	x86/mm/ptdump: Fix soft lockup in page table walker
	net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
	net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup
	nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download()
	tcp: fix to update snd_wl1 in bulk receiver fast path
	icmp: randomize the global rate limiter
	cifs: remove bogus debug code
	ima: Don't ignore errors from crypto_shash_update()
	EDAC/i5100: Fix error handling order in i5100_init_one()
	crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
	media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()"
	media: m5mols: Check function pointer in m5mols_sensor_power
	media: omap3isp: Fix memleak in isp_probe
	crypto: omap-sham - fix digcnt register handling with export/import
	media: tc358743: initialize variable
	media: ti-vpe: Fix a missing check and reference count leak
	ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
	ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
	wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
	mwifiex: Do not use GFP_KERNEL in atomic context
	drm/gma500: fix error check
	scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
	scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
	backlight: sky81452-backlight: Fix refcount imbalance on error
	VMCI: check return value of get_user_pages_fast() for errors
	tty: serial: earlycon dependency
	tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()
	pty: do tty_flip_buffer_push without port->lock in pty_write
	drivers/virt/fsl_hypervisor: Fix error handling path
	video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error
	video: fbdev: sis: fix null ptr dereference
	HID: roccat: add bounds checking in kone_sysfs_write_settings()
	ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd()
	misc: mic: scif: Fix error handling path
	ALSA: seq: oss: Avoid mutex lock for a long-time ioctl
	quota: clear padding in v2r1_mem2diskdqb()
	net: enic: Cure the enic api locking trainwreck
	mfd: sm501: Fix leaks in probe()
	usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well
	nl80211: fix non-split wiphy information
	mwifiex: fix double free
	net: korina: fix kfree of rx/tx descriptor array
	IB/mlx4: Adjust delayed work when a dup is observed
	powerpc/pseries: Fix missing of_node_put() in rng_init()
	powerpc/icp-hv: Fix missing of_node_put() in success path
	mtd: lpddr: fix excessive stack usage with clang
	mtd: mtdoops: Don't write panic data twice
	ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values
	powerpc/tau: Use appropriate temperature sample interval
	powerpc/tau: Remove duplicated set_thresholds() call
	powerpc/tau: Disable TAU between measurements
	perf intel-pt: Fix "context_switch event has no tid" error
	kdb: Fix pager search for multi-line strings
	powerpc/perf/hv-gpci: Fix starting index value
	cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier
	lib/crc32.c: fix trivial typo in preprocessor condition
	vfio/pci: Clear token on bypass registration failure
	Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
	Input: ep93xx_keypad - fix handling of platform_get_irq() error
	Input: omap4-keypad - fix handling of platform_get_irq() error
	Input: sun4i-ps2 - fix handling of platform_get_irq() error
	KVM: x86: emulating RDPID failure shall return #UD rather than #GP
	memory: omap-gpmc: Fix a couple off by ones
	memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
	arm64: dts: zynqmp: Remove additional compatible string for i2c IPs
	powerpc/powernv/dump: Fix race while processing OPAL dump
	media: firewire: fix memory leak
	media: ati_remote: sanity check for both endpoints
	media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync
	media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
	media: exynos4-is: Fix a reference count leak
	media: bdisp: Fix runtime PM imbalance on error
	media: media/pci: prevent memory leak in bttv_probe
	media: uvcvideo: Ensure all probed info is returned to v4l2
	mmc: sdio: Check for CISTPL_VERS_1 buffer size
	media: saa7134: avoid a shift overflow
	ntfs: add check for mft record size in superblock
	PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
	scsi: mvumi: Fix error return in mvumi_io_attach()
	scsi: target: core: Add CONTROL field for trace events
	usb: gadget: function: printer: fix use-after-free in __lock_acquire
	udf: Limit sparing table size
	udf: Avoid accessing uninitialized data on failed inode read
	ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs()
	misc: rtsx: Fix memory leak in rtsx_pci_probe
	reiserfs: only call unlock_new_inode() if I_NEW
	xfs: make sure the rt allocator doesn't run off the end
	usb: ohci: Default to per-port over-current protection
	Bluetooth: Only mark socket zapped after unlocking
	scsi: ibmvfc: Fix error return in ibmvfc_probe()
	brcmsmac: fix memory leak in wlc_phy_attach_lcnphy
	rtl8xxxu: prevent potential memory leak
	Fix use after free in get_capset_info callback.
	tty: ipwireless: fix error handling
	ipvs: Fix uninit-value in do_ip_vs_set_ctl()
	reiserfs: Fix memory leak in reiserfs_parse_options()
	brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach
	usb: core: Solve race condition in anchor cleanup functions
	ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
	net: korina: cast KSEG0 address to pointer in kfree
	usb: cdc-acm: add quirk to blacklist ETAS ES58X devices
	USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
	Linux 4.4.241

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4eabd2759869dd176e53218d37cebaa791d867ea