mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
727 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Davidlohr Bueso
|
8013fc0dd7 |
ipc/mqueue: Optimize msg_get()
Our msg priorities became an rbtree as of d6629859b36d ("ipc/mqueue:
improve performance of send/recv"). However, consuming a msg in
msg_get() remains logarithmic (still being better than the case before
of course). By applying well known techniques to cache pointers we can
have the node with the highest priority in O(1), which is specially nice
for the rt cases. Furthermore, some callers can call msg_get() in a
loop.
A new msg_tree_erase() helper is also added to encapsulate the tree
removal and node_cache game. Passes ltp mq testcases.
Link: http://lkml.kernel.org/r/20190321190216.1719-2-dave@stgolabs.net
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Cc: Manfred Spraul <manfred@colorfullife.com>
Change-Id: I234983728fbc30aba482a6b58b2a70b1c38f3145
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Yousef Algadri <yusufgadrie@gmail.com>
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
|
||
Tashfin Shakeer Rhythm
|
a9566ccc56 |
msm-4.14: Make macros no-op using ((void)0)
Do not solely rely on compiler optimizations to get the workaround
of having macros do nothing using an empty do-while loop. It's
inefficient.
Use ((void)0) to which the standard assert macro expands when NDEBUG
is defined.
No functional change intended.
[mcdofrenchfreis]:
Implement this patch to tree using the command:
git grep -l "do {} while (0)" | xargs sed -i "s/do {} while (0)/((void)0)/g"
Change-Id: I9615c62c46670e31ed8d0d89d195144541baa3e6
Signed-off-by: Tashfin Shakeer Rhythm <tashfinshakeerrhythm@gmail.com>
Signed-off-by: mcdofrenchfreis <xyzevan@androidist.net>
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
|
||
Richard Raya
|
2cd059fb56 |
This is the 4.14.354 OpenELA-Extended LTS stable release
-----BEGIN PGP SIGNATURE----- iQJNBAABCAA3FiEERFwmR4yFob14UDOYC8702P6YulgFAmcgko0ZHHZlZ2FyZC5u b3NzdW1Ab3JhY2xlLmNvbQAKCRALzvTY/pi6WL/GD/0em+uP/O8QiPYqeGrEECpW bgRsBiN3XnyEsghAjplWX12G/zjxA0PY0u2zh9K9sdPw60n8nVZ1OxvPHINwuSC9 kE9N60SCpJ88ju9OtU+4xz/nxtEmlel8fWy5elagB5wqbWbvsjT52ceZXqSxqhy7 pQdIDHSiUUwx9JL6vDuJSL+Z/Y216qvBETZLnDSo90raFp/MDa5JmQsh81lLeUt8 wGKwC/Olnbd21QTStNK34aQGyX5b+3YeACFVPud66Zs9airz9EE6Yq78gwL29L2k 4jxzihXxSkkfa66eR63ap53+/mEqOZX72m2qEMVOvAcAwU0XsNDTdkXN7z8YQ5T3 E1rJwr4Ox0hmM+hHBA20w9xRDXZoZmdrcjsU1aNKuK2zTJ0h9DBIvMM2XY5n5sWK I4F8E15KyKmu4nXBETreXZixqVLZMgjNFncRLf8XBIL1kxXm65LYCHypp3AgdVgo Ccdq5PbC6LAyNPrIOaftIaS9VlU15cqcalu7A+gSoWq55LGWAa3G9vX0ZtYQB9QX 0R18fbzyjqG6Wa5J5KRDJ+HyS4IvdnEWS8hMR3jfosjMNgJhfDlDeev8NARBiDpX d26xogNA7xOOvtdpuwEbnxD5kR0zUdnC73pC4wxdMptYSK6ULKNPmTkA0dKE9qvl TDgw4DML8vXQqJ4P+w3Njw== =gX2R -----END PGP SIGNATURE----- Merge tag 'v4.14.354-openela' of https://github.com/openela/kernel-lts This is the 4.14.354 OpenELA-Extended LTS stable release * tag 'v4.14.354-openela' of https://github.com/openela/kernel-lts: (90 commits) LTS: Update to 4.14.354 drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var ipc: remove memcg accounting for sops objects in do_semtimedop() scsi: aacraid: Fix double-free on probe failure usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() usb: dwc3: st: fix probed platform device ref count on probe error path usb: dwc3: core: Prevent USB core invalid event buffer address access usb: dwc3: omap: add missing depopulate in probe error path USB: serial: option: add MeiG Smart SRM825L cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller net: busy-poll: use ktime_get_ns() instead of local_clock() gtp: fix a potential NULL pointer dereference net: prevent mss overflow in skb_segment() ida: Fix crash in ida_free when the bitmap is empty net:rds: Fix possible deadlock in rds_message_put fbmem: Check virtual screen sizes in fb_set_var() fbcon: Prevent that screen size is smaller than font size printk: Export is_console_locked memcg: enable accounting of ipc resources cgroup/cpuset: Prevent UAF in proc_cpuset_show() ... Change-Id: I7da4d8d188dec9d2833216e5d6580dbd72b99240 Signed-off-by: Richard Raya <rdxzv.dev@gmail.com> |
||
Vasily Averin
|
30eb6ce857 |
ipc: remove memcg accounting for sops objects in do_semtimedop()
commit 6a4746ba06191e23d30230738e94334b26590a8a upstream. Linus proposes to revert an accounting for sops objects in do_semtimedop() because it's really just a temporary buffer for a single semtimedop() system call. This object can consume up to 2 pages, syscall is sleeping one, size and duration can be controlled by user, and this allocation can be repeated by many thread at the same time. However Shakeel Butt pointed that there are much more popular objects with the same life time and similar memory consumption, the accounting of which was decided to be rejected for performance reasons. Considering at least 2 pages for task_struct and 2 pages for the kernel stack, a back of the envelope calculation gives a footprint amplification of <1.5 so this temporal buffer can be safely ignored. The factor would IMO be interesting if it was >> 2 (from the PoV of excessive (ab)use, fine-grained accounting seems to be currently unfeasible due to performance impact). Link: https://lore.kernel.org/lkml/90e254df-0dfe-f080-011e-b7c53ee7fd20@virtuozzo.com/ Fixes: 18319498fdd4 ("memcg: enable accounting of ipc resources") Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Acked-by: Michal Hocko <mhocko@suse.com> Reviewed-by: Michal Koutný <mkoutny@suse.com> Acked-by: Shakeel Butt <shakeelb@google.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit 72793f5cc9e41f9ee33353d4594036817529b766) [Vegard: fix conflict due to missing commit 344476e16acbe20249675b75933be1ad52eff4df ("treewide: kvmalloc() -> kvmalloc_array()").] Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> |
||
|
Vasily Averin
|
f477af54db |
memcg: enable accounting of ipc resources
commit 18319498fdd4cdf8c1c2c48cd432863b1f915d6f upstream. When user creates IPC objects it forces kernel to allocate memory for these long-living objects. It makes sense to account them to restrict the host's memory consumption from inside the memcg-limited container. This patch enables accounting for IPC shared memory segments, messages semaphores and semaphore's undo lists. Link: https://lkml.kernel.org/r/d6507b06-4df6-78f8-6c54-3ae86e3b5339@virtuozzo.com Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Reviewed-by: Shakeel Butt <shakeelb@google.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Andrei Vagin <avagin@gmail.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Borislav Petkov <bp@suse.de> Cc: Christian Brauner <christian.brauner@ubuntu.com> Cc: Dmitry Safonov <0x7f454c46@gmail.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Jeff Layton <jlayton@kernel.org> Cc: Jens Axboe <axboe@kernel.dk> Cc: Jiri Slaby <jirislaby@kernel.org> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Kirill Tkhai <ktkhai@virtuozzo.com> Cc: Michal Hocko <mhocko@kernel.org> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Roman Gushchin <guro@fb.com> Cc: Serge Hallyn <serge@hallyn.com> Cc: Tejun Heo <tj@kernel.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vladimir Davydov <vdavydov.dev@gmail.com> Cc: Yutian Yang <nglaive@gmail.com> Cc: Zefan Li <lizefan.x@bytedance.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit 9e235ce6facfef2cbde3e2a5f1ccce28d341880f) [Vegard: fix conflict due to missing commit 344476e16acbe20249675b75933be1ad52eff4df ("treewide: kvmalloc() -> kvmalloc_array()").] Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> |
||
|
Richard Raya
|
9cdc78c354 |
Merge branch 'android-4.14-stable' of https://android.googlesource.com/kernel/common
* 'android-4.14-stable' of https://android.googlesource.com/kernel/common: (2966 commits) Linux 4.14.331 net: sched: fix race condition in qdisc_graft() scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks ext4: correct return value of ext4_convert_meta_bg ext4: correct offset of gdb backup in non meta_bg group to update_backups ext4: apply umask if ACL support is disabled media: venus: hfi: fix the check to handle session buffer requirement media: sharp: fix sharp encoding i2c: i801: fix potential race in i801_block_transaction_byte_by_byte net: dsa: lan9303: consequently nested-lock physical MDIO ALSA: info: Fix potential deadlock at disconnection parisc/pgtable: Do not drop upper 5 address bits of physical address parisc: Prevent booting 64-bit kernels on PA1.x machines mcb: fix error handling for different scenarios when parsing jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware mmc: meson-gx: Remove setting of CMD_CFG_ERROR PM: hibernate: Clean up sync_read handling in snapshot_write_next() PM: hibernate: Use __get_safe_page() rather than touching the list ... Change-Id: I755d2aa7c525ace28adc4aee433572b3110ea39b |
||
Greg Kroah-Hartman
|
8e45015ccc |
This is the 4.14.301 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmORudAACgkQONu9yGCS aT4vRg/7B8euq4DmhfFCT7DR4FJ2oulsoEOstgsCqoY1tRoI2IFFIZhmsrsL6Xcf 6v3qsEMkXnKZSGYsdUeAGNvRCCXFROnKD+vpDgTYNmkdFcWGhJM4Bv0FScMbuHoI ButLYeNYfafk2NTHny/q2mvpa50iXcOXBOgExQhmiSb0O8ymysfK1xwU/1EpFoww ZTbSlpNaSSRO8ZUwJgkCmYhzhGuhci9aU/jUiwsnJvFrg6a+dE2LNlKdSHhl4MrQ cNKURvvTKz461Hltrfw+EGeq2vts9sZOkAEqfipeTQLFf/xV655tiR6K8EQLJjtm SQ4IsNjLQWgM8NnJYR0jgze+xCzhPDMb0Dlg9g9gQegOx9cymSnlaXB59WhUtNOR xJQUSoOAFsz/kUYuYqe9Ar6hpCUohukqBB/t2P0prSlIk9PNBTOBJ/xALiH+I2D5 7jidkQ4xQ6sUx4mYHHlEGK8nJxYufa9lSYeLoQCXMYuy0OG9H6utZP1FJsvU5S4N 83pEE4LBYEht0GuHr6i6vjaz2Gq8aCcap1KiTMy+YPlk0215/P29boqQAaR/nn9/ z2Lwf+2HOl3RXuAX3RiwmEMtqbWUgeOnxB3gDE5aeZ0kydSMlrkn7c0NHe/cR/pf EBN7Bs2KDSkpKbYKE0rRSXRmwCFoPDnowBPomzRHzx00LUui8KE= =IZRW -----END PGP SIGNATURE----- Merge 4.14.301 into android-4.14-stable Changes in 4.14.301 wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support audit: fix undefined behavior in bit shift for AUDIT_BIT wifi: mac80211: Fix ack frame idr leak when mesh has no route spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run MIPS: pic32: treat port as signed integer af_key: Fix send_acquire race with pfkey_register ARM: dts: am335x-pcm-953: Define fixed regulators in root node bus: sunxi-rsb: Support atomic transfers ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl nfc/nci: fix race with opening and closing net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() 9p/fd: fix issue of list_del corruption in p9_fd_cancel() ARM: mxs: fix memory leak in mxs_machine_init() net/mlx4: Check retval of mlx4_bitmap_init net/qla3xxx: fix potential memleak in ql3xxx_send() xfrm: Fix ignored return value in xfrm6_init() NFC: nci: fix memory leak in nci_rx_data_packet() dccp/tcp: Reset saddr on failure after inet6?_hash_connect(). s390/dasd: fix no record found for raw_track_access nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION nfc: st-nci: fix memory leaks in EVT_TRANSACTION net: thunderx: Fix the ACPI memory leak s390/crashdump: fix TOD programmable field size nios2: add FORCE for vmlinuz.gz arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency iio: light: apds9960: fix wrong register for gesture gain iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails kconfig: display recursive dependency resolution hint just once nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() xen/platform-pci: add missing free_irq() in error path platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) platform/x86: hp-wmi: Ignore Smart Experience App event tcp: configurable source port perturb table size net: usb: qmi_wwan: add Telit 0x103a composition drm/amdgpu: always register an MMU notifier for userptr iio: health: afe4403: Fix oob read in afe4403_read_raw iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw iio: light: rpr0521: add missing Kconfig dependencies hwmon: (i5500_temp) fix missing pci_disable_device() hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails of: property: decrement node refcount in of_fwnode_get_reference_args() net/mlx5: Fix uninitialized variable bug in outlen_write() can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() can: cc770: cc770_isa_probe(): add missing free_cc770dev() qlcnic: fix sleep-in-atomic-context bugs caused by msleep net: phy: fix null-ptr-deref while probe() failed net: net_netdev: Fix error handling in ntb_netdev_init_module() net/9p: Fix a potential socket leak in p9_socket_open dsa: lan9303: Correct stat name net: hsr: Fix potential use-after-free packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed hwmon: (coretemp) Check for null before removing sysfs attrs hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() perf: Add sample_flags to indicate the PMU-filled sample data btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep" nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72 efi: random: Properly limit the size of the random seed ASoC: ops: Fix bounds check for _sx controls pinctrl: single: Fix potential division by zero iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() tcp/udp: Fix memory leak in ipv6_renew_options(). nvme: restrict management ioctls to admin x86/tsx: Add a feature bit for TSX control MSR support x86/pm: Add enumeration check before spec MSRs save/restore setup Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM x86/ioremap: Fix page aligned size calculation in __ioremap_caller() mmc: sdhci: use FIELD_GET for preset value bit masks mmc: sdhci: Fix voltage switch delay proc: avoid integer type confusion in get_proc_long proc: proc_skip_spaces() shouldn't think it is working on C strings v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails ipc/sem: Fix dangling sem_array access in semtimedop race x86/nospec: Fix i386 RSB stuffing Revert "x86/speculation: Change FILL_RETURN_BUFFER to work with objtool" Linux 4.14.301 Change-Id: I4c27385f0c1a0b71629ec158a1ce88540584db49 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Jann Horn
|
39a60b24d1 |
ipc/sem: Fix dangling sem_array access in semtimedop race
[ Upstream commit b52be557e24c47286738276121177a41f54e3b83 ]
When __do_semtimedop() goes to sleep because it has to wait for a
semaphore value becoming zero or becoming bigger than some threshold, it
links the on-stack sem_queue to the sem_array, then goes to sleep
without holding a reference on the sem_array.
When __do_semtimedop() comes back out of sleep, one of two things must
happen:
a) We prove that the on-stack sem_queue has been disconnected from the
(possibly freed) sem_array, making it safe to return from the stack
frame that the sem_queue exists in.
b) We stabilize our reference to the sem_array, lock the sem_array, and
detach the sem_queue from the sem_array ourselves.
sem_array has RCU lifetime, so for case (b), the reference can be
stabilized inside an RCU read-side critical section by locklessly
checking whether the sem_queue is still connected to the sem_array.
However, the current code does the lockless check on sem_queue before
starting an RCU read-side critical section, so the result of the
lockless check immediately becomes useless.
Fix it by doing rcu_read_lock() before the lockless check. Now RCU
ensures that if we observe the object being on our queue, the object
can't be freed until rcu_read_unlock().
This bug is only hittable on kernel builds with full preemption support
(either CONFIG_PREEMPT or PREEMPT_DYNAMIC with preempt=full).
Fixes: 370b262c896e ("ipc/sem: avoid idr tree lookup for interrupted semop")
Cc: stable@vger.kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Alexey Dobriyan
|
72e8dd7b2f
|
proc: move /proc/sysvipc creation to where it belongs
Move the proc_mkdir() call within the sysvipc subsystem such that we avoid polluting proc_root_init() with petty cpp. [dave@stgolabs.net: contributed changelog] Link: http://lkml.kernel.org/r/20180216161732.GA10297@avx2 Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: Davidlohr Bueso <dave@stgolabs.net> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Panchajanya1999 <rsk52959@gmail.com> Signed-off-by: Panchajanya1999 <panchajanya@azure-dev.live> (cherry picked from commit 650fedae68888a3b53b7b052147fb5e69af53afb) Signed-off-by: Adithya R <gh0strider.2k18.reborn@gmail.com> Signed-off-by: Salllz <sal235222727@gmail.com> Signed-off-by: alanndz <alanndz7@gmail.com> Signed-off-by: azrim <mirzaspc@gmail.com> |
||
Eric W. Biederman
|
9ee79460d0
|
BACKPORT: FROMGIT: [PATCH] msg/security: Pass kern_ipc_perm not msg_queue into the
msg_queue security hooks All of the implementations of security hooks that take msg_queue only access q_perm the struct kern_ipc_perm member. This means the dependencies of the msg_queue security hooks can be simplified by passing the kern_ipc_perm member of msg_queue. Making this change will allow struct msg_queue to become private to ipc/msg.c. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Jebaitedneko <Jebaitedneko@gmail.com> Signed-off-by: azrim <mirzaspc@gmail.com> |
||
|
Eric W. Biederman
|
a34d86144a
|
BACKPORT: FROMGIT: [PATCH] shm/security: Pass kern_ipc_perm not shmid_kernel into the
shm security hooks All of the implementations of security hooks that take shmid_kernel only access shm_perm the struct kern_ipc_perm member. This means the dependencies of the shm security hooks can be simplified by passing the kern_ipc_perm member of shmid_kernel.. Making this change will allow struct shmid_kernel to become private to ipc/shm.c. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Jebaitedneko <Jebaitedneko@gmail.com> Signed-off-by: azrim <mirzaspc@gmail.com> |
||
|
Eric W. Biederman
|
72372af9d6
|
BACKPORT: FROMGIT: sem/security: Pass kern_ipc_perm not sem_array into the sem security hooks
All of the implementations of security hooks that take sem_array only access sem_perm the struct kern_ipc_perm member. This means the dependencies of the sem security hooks can be simplified by passing the kern_ipc_perm member of sem_array. Making this change will allow struct sem and struct sem_array to become private to ipc/sem.c. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Jebaitedneko <Jebaitedneko@gmail.com> Signed-off-by: azrim <mirzaspc@gmail.com> |
||
|
Greg Kroah-Hartman
|
6d1f178f21 |
This is the 4.14.257 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmGwYv4ACgkQONu9yGCS aT4HeQ/8Dn/KYB6zzi6YenfG8JyTdkcIZ4Y1ElurgF5RX9/JUQbw0l5EDWsmG/IN 0JUn7KsT+eStnaI2AUj175K4oZE1l3cZxvPGEOB3ynv9/is+iSyVHARrtR1ITTO3 +YTO6ZXKLUI+oMVo3SHr6dxr6kkT0b0BDgaroaYLgVqknpPQMDQvx35ZG7E2NL4O R6ou66nG/TKTbtn7vBCCoERMcPH6TEYUhi7p+L/+cdQs2/li3JDo/d3/3WGAb0ej 0kXX16VCEghicoE8m2TOA9TAgGs6nF3i6H2ZiCMl4m0gqAcr4IdAxDzD3a5IfUV9 pt1fmz+7DNrWTxv9e5ST5R5poAIoSuuVQfNQDV4MjeDLmh5ujyl/5WUk5rYQQ9vw vRtu5DrSrSNM15jOZnlCQxlcu/1xqRKuixWQbupawhKNN00w6yJKxuQ3oM87AvX+ OX0tp6FdXVoDO2sP1xXp9o7G5DDrQq9Lh5gNen6BaVF00VawM77UjJ+ijwmCUWXf jhfAyDXZEPNRijlwcOq8rtXVb68ZhQ2sT0HVJ22ppx70bglD1FgfvGPYxFf4BIxz g+MsaMUU3rgXxIo7xatAC6NnCPMC8feYINGbf+L/MDgvySf3GU84JOIeM/MDMawe coZQpDreHcYZQtbECpeFVuEA8hTaLCvmxowbG7uVRj1sNvpxxik= =dp5S -----END PGP SIGNATURE----- Merge 4.14.257 into android-4.14-stable Changes in 4.14.257 USB: serial: option: add Telit LE910S1 0x9200 composition USB: serial: option: add Fibocom FM101-GL variants usb: hub: Fix usb enumeration issue due to address0 race usb: hub: Fix locking issues with address0_mutex binder: fix test regression due to sender_euid change ALSA: ctxfi: Fix out-of-range access media: cec: copy sequence field for the reply HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() fuse: fix page stealing xen: don't continue xenstore initialization in case of errors xen: detect uninitialized xenbus in xenbus_init tracing: Fix pid filtering when triggers are attached netfilter: ipvs: Fix reuse connection if RS weight is 0 ARM: dts: BCM5301X: Fix I2C controller interrupt ARM: dts: BCM5301X: Add interrupt properties to GPIO node ASoC: topology: Add missing rwsem around snd_ctl_remove() calls net: ieee802154: handle iftypes as u32 NFSv42: Don't fail clone() unless the OP_CLONE operation failed ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE scsi: mpt3sas: Fix kernel panic during drive powercycle test drm/vc4: fix error code in vc4_create_object() ipv6: fix typos in __ip6_finish_output() net/smc: Ensure the active closing peer first closes clcsock PM: hibernate: use correct mode for swsusp_close() tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 net/smc: Don't call clcsock shutdown twice when smc shutdown vhost/vsock: fix incorrect used length reported to the guest tracing: Check pid filtering when creating events s390/mm: validate VMA in PGSTE manipulation functions PCI: aardvark: Fix I/O space page leak PCI: aardvark: Fix a leaked reference by adding missing of_node_put() PCI: aardvark: Wait for endpoint to be ready before training link PCI: aardvark: Train link immediately after enabling training PCI: aardvark: Improve link training PCI: aardvark: Issue PERST via GPIO PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros PCI: aardvark: Indicate error in 'val' when config read fails PCI: aardvark: Introduce an advk_pcie_valid_device() helper PCI: aardvark: Don't touch PCIe registers if no card connected PCI: aardvark: Fix compilation on s390 PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() PCI: aardvark: Update comment about disabling link training PCI: aardvark: Remove PCIe outbound window configuration PCI: aardvark: Configure PCIe resources from 'ranges' DT property PCI: aardvark: Fix PCIe Max Payload Size setting PCI: Add PCI_EXP_LNKCTL2_TLS* macros PCI: aardvark: Fix link training PCI: aardvark: Fix checking for link up via LTSSM state pinctrl: armada-37xx: Correct mpp definitions pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup pinctrl: armada-37xx: Correct PWM pins definitions arm64: dts: marvell: armada-37xx: declare PCIe reset pin arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function hugetlbfs: flush TLBs correctly after huge_pmd_unshare proc/vmcore: fix clearing user buffer by properly using clear_user() NFC: add NCI_UNREG flag to eliminate the race fuse: release pipe buf after last use xen: sync include/xen/interface/io/ring.h with Xen's newest version xen/blkfront: read response from backend only once xen/blkfront: don't take local copy of a request from the ring page xen/blkfront: don't trust the backend response data blindly xen/netfront: read response from backend only once xen/netfront: don't read data from request on the ring page xen/netfront: disentangle tx_skb_freelist xen/netfront: don't trust the backend response data blindly tty: hvc: replace BUG_ON() with negative return value shm: extend forced shm destroy to support objects from several IPC nses ipc: WARN if trying to remove ipc object which is absent NFSv42: Fix pagecache invalidation after COPY/CLONE hugetlb: take PMD sharing into account when flushing tlb/caches net: return correct error code platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep s390/setup: avoid using memblock_enforce_memory_limit btrfs: check-integrity: fix a warning on write caching disabled disk thermal: core: Reset previous low and high trip during thermal zone init scsi: iscsi: Unblock session then wake up error handler ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() perf hist: Fix memory leak of a perf_hpp_fmt vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit kprobes: Limit max data_size of the kretprobe instances sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl fs: add fget_many() and fput_many() fget: check that the fd still exists after getting a ref to it natsemi: xtensa: fix section mismatch warnings net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() net: mpls: Fix notifications when deleting a device siphash: use _unaligned version by default net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available net/rds: correct socket tunable error in rds_tcp_tune() net/smc: Keep smc_close_final rc during active close parisc: Fix KBUILD_IMAGE for self-extracting kernel parisc: Fix "make install" on newer debian releases vgacon: Propagate console boot parameters before calling `vc_resize' xhci: Fix commad ring abort, write all 64 bits to CRCR register. usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect x86/64/mm: Map all kernel memory into trampoline_pgd tty: serial: msm_serial: Deactivate RX DMA for polling support serial: pl011: Add ACPI SBSA UART match id serial: core: fix transmit-buffer reset and memleak parisc: Mark cr16 CPU clocksource unstable on all SMP machines Linux 4.14.257 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I3148611f406a61ce3d7ff7dcb56977a114a4f499 |
||
Alexander Mikhalitsyn
|
c537846f72 |
ipc: WARN if trying to remove ipc object which is absent
commit 126e8bee943e9926238c891e2df5b5573aee76bc upstream.
Patch series "shm: shm_rmid_forced feature fixes".
Some time ago I met kernel crash after CRIU restore procedure,
fortunately, it was CRIU restore, so, I had dump files and could do
restore many times and crash reproduced easily. After some
investigation I've constructed the minimal reproducer. It was found
that it's use-after-free and it happens only if sysctl
kernel.shm_rmid_forced = 1.
The key of the problem is that the exit_shm() function not handles shp's
object destroy when task->sysvshm.shm_clist contains items from
different IPC namespaces. In most cases this list will contain only
items from one IPC namespace.
How can this list contain object from different namespaces? The
exit_shm() function is designed to clean up this list always when
process leaves IPC namespace. But we made a mistake a long time ago and
did not add a exit_shm() call into the setns() syscall procedures.
The first idea was just to add this call to setns() syscall but it
obviously changes semantics of setns() syscall and that's
userspace-visible change. So, I gave up on this idea.
The first real attempt to address the issue was just to omit forced
destroy if we meet shp object not from current task IPC namespace [1].
But that was not the best idea because task->sysvshm.shm_clist was
protected by rwsem which belongs to current task IPC namespace. It
means that list corruption may occur.
Second approach is just extend exit_shm() to properly handle shp's from
different IPC namespaces [2]. This is really non-trivial thing, I've
put a lot of effort into that but not believed that it's possible to
make it fully safe, clean and clear.
Thanks to the efforts of Manfred Spraul working an elegant solution was
designed. Thanks a lot, Manfred!
Eric also suggested the way to address the issue in ("[RFC][PATCH] shm:
In shm_exit destroy all created and never attached segments") Eric's
idea was to maintain a list of shm_clists one per IPC namespace, use
lock-less lists. But there is some extra memory consumption-related
concerns.
An alternative solution which was suggested by me was implemented in
("shm: reset shm_clist on setns but omit forced shm destroy"). The idea
is pretty simple, we add exit_shm() syscall to setns() but DO NOT
destroy shm segments even if sysctl kernel.shm_rmid_forced = 1, we just
clean up the task->sysvshm.shm_clist list.
This chages semantics of setns() syscall a little bit but in comparision
to the "naive" solution when we just add exit_shm() without any special
exclusions this looks like a safer option.
[1] https://lkml.org/lkml/2021/7/6/1108
[2] https://lkml.org/lkml/2021/7/14/736
This patch (of 2):
Let's produce a warning if we trying to remove non-existing IPC object
from IPC namespace kht/idr structures.
This allows us to catch possible bugs when the ipc_rmid() function was
called with inconsistent struct ipc_ids*, struct kern_ipc_perm*
arguments.
Link: https://lkml.kernel.org/r/20211027224348.611025-1-alexander.mikhalitsyn@virtuozzo.com
Link: https://lkml.kernel.org/r/20211027224348.611025-2-alexander.mikhalitsyn@virtuozzo.com
Co-developed-by: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Andrei Vagin <avagin@gmail.com>
Cc: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Cc: Vasily Averin <vvs@virtuozzo.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Alexander Mikhalitsyn
|
8619236d93 |
shm: extend forced shm destroy to support objects from several IPC nses
commit 85b6d24646e4125c591639841169baa98a2da503 upstream. Currently, the exit_shm() function not designed to work properly when task->sysvshm.shm_clist holds shm objects from different IPC namespaces. This is a real pain when sysctl kernel.shm_rmid_forced = 1, because it leads to use-after-free (reproducer exists). This is an attempt to fix the problem by extending exit_shm mechanism to handle shm's destroy from several IPC ns'es. To achieve that we do several things: 1. add a namespace (non-refcounted) pointer to the struct shmid_kernel 2. during new shm object creation (newseg()/shmget syscall) we initialize this pointer by current task IPC ns 3. exit_shm() fully reworked such that it traverses over all shp's in task->sysvshm.shm_clist and gets IPC namespace not from current task as it was before but from shp's object itself, then call shm_destroy(shp, ns). Note: We need to be really careful here, because as it was said before (1), our pointer to IPC ns non-refcnt'ed. To be on the safe side we using special helper get_ipc_ns_not_zero() which allows to get IPC ns refcounter only if IPC ns not in the "state of destruction". Q/A Q: Why can we access shp->ns memory using non-refcounted pointer? A: Because shp object lifetime is always shorther than IPC namespace lifetime, so, if we get shp object from the task->sysvshm.shm_clist while holding task_lock(task) nobody can steal our namespace. Q: Does this patch change semantics of unshare/setns/clone syscalls? A: No. It's just fixes non-covered case when process may leave IPC namespace without getting task->sysvshm.shm_clist list cleaned up. Link: https://lkml.kernel.org/r/67bb03e5-f79c-1815-e2bf-949c67047418@colorfullife.com Link: https://lkml.kernel.org/r/20211109151501.4921-1-manfred@colorfullife.com Fixes: ab602f79915 ("shm: make exit_shm work proportional to task activity") Co-developed-by: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Greg KH <gregkh@linuxfoundation.org> Cc: Andrei Vagin <avagin@gmail.com> Cc: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Cc: Vasily Averin <vvs@virtuozzo.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
4f02b6c9ac |
This is the 4.14.181 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7Ey28ACgkQONu9yGCS aT5HHBAApSN5pEsCeogd9V1h20Gsx9TteDrn1qVqIxa4k7FczL7TuhGZw3SH9JjI oK7xvZK8JknVvr+GSnk+OO7oU64L3qtZ+icfrdqVecBIsxiyu3gopmazjLP+QxEo x+9xqR9clqTjOgQx3S8rH9s09fgsZMNAp1Ga8juyGZWxFkPoLiSyB+SDEIFwL43v IYeC2uJc5lnv8+vNGAcEHAJiphxKeWJLd/etmelIaFrp+kkmO0nIoszR9uLNkr8i yuCqt2tCSd3vVaQqjSOpg/3u1PnQpmMqvKqWXuDKBOkr9nz7cgOf+6uWeuo3Fvro Ji8q0Dtay1xNJLgwCGH3c98OsiRE5OMX0dIpadcDCteFwJOSryu7tkf5ODp7BA+Q EjZx5DIhvNa/7auqarqMJvblconocZnJ+8zcN2aGL8Yn57Q0bsfyiHyB6bMW98+/ J0dMSuXl0c9MPLKa28+31hrmeThs5kG15EpTUzBrkXcTbsLGxPoJVC4IFIACwqlg lyhokwuZ87slEZfnz91R3V2Ehdyl5d8ci2/DBzzZiPjgGsUoxWH1pwmb5WO2agNf K9l9VVsGCAl+gqY41kI9UCf3BNzv/sc2uScjlnOIjpGrNI4IVc/bGq1y1ktIY4UC WV3Qux5GvwHbS/Dbrapv7B5Tt9EtbLmAPbnCCJ93e1mXXEkUw3o= =6R5g -----END PGP SIGNATURE----- Merge 4.14.181 into android-4.14-stable Changes in 4.14.181 USB: serial: qcserial: Add DW5816e support dp83640: reverse arguments to list_add_tail fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks net: macsec: preserve ingress frame ordering net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() net: usb: qmi_wwan: add support for DW5816e sch_choke: avoid potential panic in choke_reset() sch_sfq: validate silly quantum values bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features(). net/mlx5: Fix forced completion access non initialized command entry net/mlx5: Fix command entry leak in Internal Error State bnxt_en: Improve AER slot reset. bnxt_en: Fix VF anti-spoof filter setup. net: stricter validation of untrusted gso packets ipv6: fix cleanup ordering for ip6_mr failure HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices geneve: only configure or fill UDP_ZERO_CSUM6_RX/TX info when CONFIG_IPV6 HID: usbhid: Fix race between usbhid_close() and usbhid_stop() USB: uas: add quirk for LaCie 2Big Quadra USB: serial: garmin_gps: add sanity checking for data length tracing: Add a vmalloc_sync_mappings() for safe measure KVM: arm: vgic: Fix limit condition when writing to GICD_I[CS]ACTIVER mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous() coredump: fix crash when umh is disabled batman-adv: fix batadv_nc_random_weight_tq batman-adv: Fix refcnt leak in batadv_show_throughput_override batman-adv: Fix refcnt leak in batadv_store_throughput_override batman-adv: Fix refcnt leak in batadv_v_ogm_process x86/entry/64: Fix unwind hints in kernel exit path x86/entry/64: Fix unwind hints in rewind_stack_do_exit() x86/unwind/orc: Don't skip the first frame for inactive tasks x86/unwind/orc: Prevent unwinding before ORC initialization x86/unwind/orc: Fix error path for bad ORC entry type netfilter: nat: never update the UDP checksum when it's 0 objtool: Fix stack offset tracking for indirect CFAs scripts/decodecode: fix trapping instruction formatting net: ipv6: add net argument to ip6_dst_lookup_flow net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup blktrace: fix unlocked access to init/start-stop/teardown blktrace: fix trace mutex deadlock blktrace: Protect q->blk_trace with RCU blktrace: fix dereference after null check f2fs: introduce read_inline_xattr f2fs: introduce read_xattr_block f2fs: sanity check of xattr entry size f2fs: fix to avoid accessing xattr across the boundary f2fs: fix to avoid memory leakage in f2fs_listxattr net: stmmac: Use mutex instead of spinlock shmem: fix possible deadlocks on shmlock_user_lock net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' net: moxa: Fix a potential double 'free_irq()' drop_monitor: work around gcc-10 stringop-overflow warning virtio-blk: handle block_device_operations callbacks after hot unplug scsi: sg: add sg_remove_request in sg_write dmaengine: pch_dma.c: Avoid data race between probe and irq handler dmaengine: mmp_tdma: Reset channel error on release cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once ALSA: hda/hdmi: fix race in monitor detection during probe drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() ipc/util.c: sysvipc_find_ipc() incorrectly updates position index ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse x86/entry/64: Fix unwind hints in register clearing code ipmi: Fix NULL pointer dereference in ssif_probe pinctrl: baytrail: Enable pin configuration setting for GPIO chip pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler i40iw: Fix error handling in i40iw_manage_arp_cache() netfilter: conntrack: avoid gcc-10 zero-length-bounds warning IB/mlx4: Test return value of calls to ib_get_cached_pkey hwmon: (da9052) Synchronize access with mfd pnp: Use list_for_each_entry() instead of open coding gcc-10 warnings: fix low-hanging fruit kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig Stop the ad-hoc games with -Wno-maybe-initialized gcc-10: disable 'zero-length-bounds' warning for now gcc-10: disable 'array-bounds' warning for now gcc-10: disable 'stringop-overflow' warning for now gcc-10: disable 'restrict' warning for now gcc-10: avoid shadowing standard library 'free()' in crypto x86/asm: Add instruction suffixes to bitops net: phy: micrel: Use strlcpy() for ethtool::get_strings net: fix a potential recursive NETDEV_FEAT_CHANGE netlabel: cope with NULL catmap net: phy: fix aneg restart in phy_ethtool_set_eee Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu" hinic: fix a bug of ndo_stop net: dsa: loop: Add module soft dependency net: ipv4: really enforce backoff for redirects netprio_cgroup: Fix unlimited memory leak of v2 cgroups net: tcp: fix rx timestamp behavior for tcp_recvmsg ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 ALSA: rawmidi: Initialize allocated buffers ALSA: rawmidi: Fix racy buffer resize under concurrent accesses ARM: dts: dra7: Fix bus_dma_limit for PCIe ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries x86: Fix early boot crash on gcc-10, third try ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B usb: host: xhci-plat: keep runtime active when removing host USB: gadget: fix illegal array access in binding with UDC usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list x86/unwind/orc: Fix error handling in __unwind_start() exec: Move would_dump into flush_old_exec clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' usb: gadget: audio: Fix a missing error return value in audio_bind() usb: gadget: legacy: fix error return code in gncm_bind() usb: gadget: legacy: fix error return code in cdc_bind() Revert "ALSA: hda/realtek: Fix pop noise on ALC225" arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy ARM: dts: r8a73a4: Add missing CMT1 interrupts ARM: dts: r8a7740: Add missing extal2 to CPG node KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce Makefile: disallow data races on gcc-10 as well Linux 4.14.181 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ie1fb614d727dc6aad472bea0234073076eae8c8b |
||
|
Vasily Averin
|
d6f2f8dc01 |
ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
[ Upstream commit 5e698222c70257d13ae0816720dde57c56f81e15 ]
Commit 89163f93c6f9 ("ipc/util.c: sysvipc_find_ipc() should increase
position index") is causing this bug (seen on 5.6.8):
# ipcs -q
------ Message Queues --------
key msqid owner perms used-bytes messages
# ipcmk -Q
Message queue id: 0
# ipcs -q
------ Message Queues --------
key msqid owner perms used-bytes messages
0x82db8127 0 root 644 0 0
# ipcmk -Q
Message queue id: 1
# ipcs -q
------ Message Queues --------
key msqid owner perms used-bytes messages
0x82db8127 0 root 644 0 0
0x76d1fb2a 1 root 644 0 0
# ipcrm -q 0
# ipcs -q
------ Message Queues --------
key msqid owner perms used-bytes messages
0x76d1fb2a 1 root 644 0 0
0x76d1fb2a 1 root 644 0 0
# ipcmk -Q
Message queue id: 2
# ipcrm -q 2
# ipcs -q
------ Message Queues --------
key msqid owner perms used-bytes messages
0x76d1fb2a 1 root 644 0 0
0x76d1fb2a 1 root 644 0 0
# ipcmk -Q
Message queue id: 3
# ipcrm -q 1
# ipcs -q
------ Message Queues --------
key msqid owner perms used-bytes messages
0x7c982867 3 root 644 0 0
0x7c982867 3 root 644 0 0
0x7c982867 3 root 644 0 0
0x7c982867 3 root 644 0 0
Whenever an IPC item with a low id is deleted, the items with higher ids
are duplicated, as if filling a hole.
new_pos should jump through hole of unused ids, pos can be updated
inside "for" cycle.
Fixes: 89163f93c6f9 ("ipc/util.c: sysvipc_find_ipc() should increase position index")
Reported-by: Andreas Schwab <schwab@suse.de>
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Waiman Long <longman@redhat.com>
Cc: NeilBrown <neilb@suse.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Peter Oberparleiter <oberpar@linux.ibm.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/4921fe9b-9385-a2b4-1dc4-1099be6d2e39@virtuozzo.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
a810d3c5bf |
This is the 4.14.178 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl6tkL8ACgkQONu9yGCS
aT4DqQ/+NU5DTIpe/G453W7kieNu1S4JqjxITOj0syGBOzpWqXXyqyMTghps8G0O
6NR1kHh19rEZIo+aP2ltJB0cErQiVwmSN4msgs5AuBWj7krVIKZMp6LVLGxrp/b5
BI0/uHnyv1pvRN42eKBynxVBS0JEqht/gZwMWDd4+FsBEP37wqjhb4NH4+3VwlFs
qkpEhys91sVWbXhh/6u9id0wFm0C4M77hcRki3bp6giNKliVRqE1Tv3rCWP4IBUQ
dBujckqpgiOx2fI2PPadmB8FAoMGNTRL5DhsvJXAkcpU+9PsKEIW58NMggMDqer6
YXs/PCeuhJql5QUnnChdHrojbsv1xYRPvArB+fgb5F53AivHQ9f50pRN8Df28DBN
h4J3OpAWTT1A/gce8SCoO0oPFDEWleGdKWQW/qaMRKBQf94CnKyRsIOVaUr9oABS
bxI5B2OPiFNvkG1ImE+un8Fcty/0ZEtxSKnxJLjVD01sghxtVIi1TBQCR8XKDqWv
cLyYsQV+VexOFkOS980TVHQGGqMu5QqmLeyaImOxzOvV6h7lb0tcx87ycNS1AABF
stfkTARfScn6aKPwBdnWC4PfKVqfcthGNYxqAmZdEPsiglaeySIiKTsg8K/kAjYO
8HS2OdJllBNpjovH9rSMA6GPuxz0aiHF3KgaCeobUy6U88PIFzQ=
=u1LD
-----END PGP SIGNATURE-----
Merge 4.14.178 into android-4.14-stable
Changes in 4.14.178
ext4: fix extent_status fragmentation for plain files
net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()
net: ipv4: avoid unused variable warning for sysctl
keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h
drm/msm: Use the correct dma_sync calls harder
crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static
vti4: removed duplicate log message.
watchdog: reset last_hw_keepalive time at start
scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login
ceph: return ceph_mdsc_do_request() errors from __get_parent()
ceph: don't skip updating wanted caps when cap is stale
pwm: rcar: Fix late Runtime PM enablement
scsi: iscsi: Report unbind session event when the target has been removed
ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map()
kernel/gcov/fs.c: gcov_seq_next() should increase position index
selftests: kmod: fix handling test numbers above 9
ipc/util.c: sysvipc_find_ipc() should increase position index
s390/cio: avoid duplicated 'ADD' uevents
pwm: renesas-tpu: Fix late Runtime PM enablement
pwm: bcm2835: Dynamically allocate base
perf/core: Disable page faults when getting phys address
PCI/ASPM: Allow re-enabling Clock PM
mm, slub: restore the original intention of prefetch_freepointer()
cxgb4: fix large delays in PTP synchronization
ipv6: fix restrict IPV6_ADDRFORM operation
macsec: avoid to set wrong mtu
macvlan: fix null dereference in macvlan_device_event()
net: bcmgenet: correct per TX/RX ring statistics
net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
net/x25: Fix x25_neigh refcnt leak when receiving frame
tcp: cache line align MAX_TCP_HEADER
team: fix hang in team_mode_get()
net: dsa: b53: Fix ARL register definitions
xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
vrf: Check skb for XFRM_TRANSFORMED flag
KEYS: Avoid false positive ENOMEM error on key read
ALSA: hda: Remove ASUS ROG Zenith from the blacklist
iio: adc: stm32-adc: fix sleep in atomic context
iio: xilinx-xadc: Fix ADC-B powerdown
iio: xilinx-xadc: Fix clearing interrupt when enabling trigger
iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode
fs/namespace.c: fix mountpoint reference counter race
USB: sisusbvga: Change port variable from signed to unsigned
USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE
USB: early: Handle AMD's spec-compliant identifiers, too
USB: core: Fix free-while-in-use bug in the USB S-Glibrary
USB: hub: Fix handling of connect changes during sleep
overflow.h: Add arithmetic shift helper
vmalloc: fix remap_vmalloc_range() bounds checks
mm/hugetlb: fix a addressing exception caused by huge_pte_offset
mm/ksm: fix NULL pointer dereference when KSM zero page is enabled
tools/vm: fix cross-compile build
ALSA: usx2y: Fix potential NULL dereference
ALSA: hda/realtek - Add new codec supported for ALC245
ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices
tpm/tpm_tis: Free IRQ if probing fails
tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send()
KVM: Check validity of resolved slot when searching memslots
KVM: VMX: Enable machine check support for 32bit targets
tty: hvc: fix buffer overflow during hvc_alloc().
tty: rocket, avoid OOB access
usb-storage: Add unusual_devs entry for JMicron JMS566
audit: check the length of userspace generated audit records
ASoC: dapm: fixup dapm kcontrol widget
iwlwifi: pcie: actually release queue memory in TVQM
ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y
powerpc/setup_64: Set cache-line-size based on cache-block-size
staging: comedi: dt2815: fix writing hi byte of analog output
staging: comedi: Fix comedi_device refcnt leak in comedi_open
vt: don't hardcode the mem allocation upper bound
staging: vt6656: Don't set RCR_MULTICAST or RCR_BROADCAST by default.
staging: vt6656: Fix calling conditions of vnt_set_bss_mode
staging: vt6656: Fix drivers TBTT timing counter.
staging: vt6656: Fix pairwise key entry save.
staging: vt6656: Power save stop wake_up_count wrap around.
cdc-acm: close race betrween suspend() and acm_softint
cdc-acm: introduce a cool down
UAS: no use logging any details in case of ENODEV
UAS: fix deadlock in error handling and PM flushing work
usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset()
serial: sh-sci: Make sure status register SCxSR is read in correct sequence
xfs: validate sb_logsunit is a multiple of the fs blocksize
xfs: Fix deadlock between AGI and AGF with RENAME_WHITEOUT
remoteproc: Fix wrong rvring index computation
mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer
include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap
binder: take read mode of mmap_sem in binder_alloc_free_page()
usb: dwc3: gadget: Do link recovery for SS and SSP
usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete
iio:ad7797: Use correct attribute_group
nfsd: memory corruption in nfsd4_lock()
i2c: altera: use proper variable to hold errno
net/cxgb4: Check the return from t4_query_params properly
ARM: dts: bcm283x: Disable dsi0 node
perf/core: fix parent pid/tid in task exit events
mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path
bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B
x86: hyperv: report value of misc_features
xfs: fix partially uninitialized structure in xfs_reflink_remap_extent
scsi: target: fix PR IN / READ FULL STATUS for FC
objtool: Fix CONFIG_UBSAN_TRAP unreachable warnings
objtool: Support Clang non-section symbols in ORC dump
xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
arm64: Delete the space separator in __emit_inst
ext4: use matching invalidatepage in ext4_writepage
ext4: increase wait time needed before reuse of deleted inode numbers
ext4: convert BUG_ON's to WARN_ON's in mballoc.c
hwmon: (jc42) Fix name to have no illegal characters
ext4: avoid declaring fs inconsistent due to invalid file handles
ext4: protect journal inode's blocks using block_validity
ext4: don't perform block validity checks on the journal inode
ext4: fix block validity checks for journal inodes using indirect blocks
ext4: unsigned int compared against zero
qed: Fix use after free in qed_chain_free
ext4: check for non-zero journal inum in ext4_calculate_overhead
propagate_one(): mnt_set_mountpoint() needs mount_lock
Linux 4.14.178
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia3d4a2b883413346daf1779820545cb0b0e35948
|
||
|
Vasily Averin
|
73240ee761 |
ipc/util.c: sysvipc_find_ipc() should increase position index
[ Upstream commit 89163f93c6f969da5811af5377cc10173583123b ] If seq_file .next function does not change position index, read after some lseek can generate unexpected output. https://bugzilla.kernel.org/show_bug.cgi?id=206283 Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: Waiman Long <longman@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Manfred Spraul <manfred@colorfullife.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Ingo Molnar <mingo@redhat.com> Cc: NeilBrown <neilb@suse.com> Cc: Peter Oberparleiter <oberpar@linux.ibm.com> Cc: Steven Rostedt <rostedt@goodmis.org> Link: http://lkml.kernel.org/r/b7a20945-e315-8bb0-21e6-3875c14a8494@virtuozzo.com Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
4f546b14ce |
This is the 4.14.172 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl5ZM8sACgkQONu9yGCS
aT61sQ//VYIHq9fdzKuD9px1gOoXdbHliFq+Xl5TtS6LMj+NaGParvLC7WKh1ANL
2PypjozzW82XMW6xGr2QB9fiy9fiEUB6v0TM+kV58Yh3S6OMTftqMng2QjvTpvnI
GvQ4QrgnsVXr1S9no1+UI9gM+44S/0V5Fg0RYK0dwpQOYZJ3alIvKAgk+7Kc8upq
N6CUPojTd0XQm/Y6Xuer40KUL4FW48tVbWGXoptFR+R76VKCfcJz+iF0cKDdtjsQ
GhpV9OkQxQFNdBgcr+GfybqEsSNWGgWKboI/ax/Rfm88H1+E6gBrJbST6JHQ3Sm8
7k8rFpQiwr49WhKubpJCkydCIsEa1qUX0hrBsFZnr4i/r5i+QrcixIfairtBrzcp
lNe0jYYCTP1K9uXtQy45+46/rKx4sij/9VU7UmizSD+HqzfiJ1Zo75PqJsI7i5pl
6E0ftDXfZ/pFIlHS9Jfdj+IazsqKEGd0GQkoXE5O49Op+AhlU8znVYhpNnnW18y/
c0rdRr2nydFdANEhnT1vpvixMdjNVl/Nbj09f8x2ngWchc1HPggMMdpg5F16SdG9
NFBmIYmWBm5eP82p7nxwyFL3xoG8jtQ0B8e4wWFWbSobBYIMYZCB6640Gzp4MC1c
41zLKwCVFVn60TVqqGqF8fFumMElE9FBjLMAKp4v8mpfl/o23NY=
=BFpw
-----END PGP SIGNATURE-----
Merge 4.14.172 into android-4.14
Changes in 4.14.172
KVM: x86: emulate RDPID
iommu/qcom: Fix bogus detach logic
ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs
ASoC: sun8i-codec: Fix setting DAI data format
ecryptfs: fix a memory leak bug in parse_tag_1_packet()
ecryptfs: fix a memory leak bug in ecryptfs_init_messaging()
Input: synaptics - switch T470s to RMI4 by default
Input: synaptics - enable SMBus on ThinkPad L470
Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list
ALSA: usb-audio: Apply sample rate quirk for Audioengine D1
arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly
arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations
arm64: nofpsimd: Handle TIF_FOREIGN_FPSTATE flag cleanly
ARM: 8723/2: always assume the "unified" syntax for assembly code
ext4: don't assume that mmp_nodename/bdevname have NUL
ext4: fix support for inode sizes > 1024 bytes
ext4: fix checksum errors with indexed dirs
ext4: improve explanation of a mount failure caused by a misconfigured kernel
Btrfs: fix race between using extent maps and merging them
btrfs: print message when tree-log replay starts
btrfs: log message when rw remount is attempted with unclean tree-log
arm64: ssbs: Fix context-switch when SSBS is present on all CPUs
KVM: nVMX: Use correct root level for nested EPT shadow page tables
perf/x86/amd: Add missing L2 misses event spec to AMD Family 17h's event map
padata: Remove broken queue flushing
serial: imx: ensure that RX irqs are off if RX is off
serial: imx: Only handle irqs that are actually enabled
IB/hfi1: Close window for pq and request coliding
RDMA/core: Fix protection fault in get_pkey_idx_qp_list
s390/time: Fix clk type in get_tod_clock
perf/x86/intel: Fix inaccurate period in context switch for auto-reload
hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions.
jbd2: move the clearing of b_modified flag to the journal_unmap_buffer()
jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer
scsi: qla2xxx: fix a potential NULL pointer dereference
Revert "KVM: nVMX: Use correct root level for nested EPT shadow page tables"
Revert "KVM: VMX: Add non-canonical check on writes to RTIT address MSRs"
KVM: nVMX: Use correct root level for nested EPT shadow page tables
drm/gma500: Fixup fbdev stolen size usage evaluation
cpu/hotplug, stop_machine: Fix stop_machine vs hotplug order
brcmfmac: Fix use after free in brcmf_sdio_readframes()
leds: pca963x: Fix open-drain initialization
ext4: fix ext4_dax_read/write inode locking sequence for IOCB_NOWAIT
ALSA: ctl: allow TLV read operation for callback type of element in locked case
gianfar: Fix TX timestamping with a stacked DSA driver
pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs
pxa168fb: Fix the function used to release some memory in an error handling path
media: i2c: mt9v032: fix enum mbus codes and frame sizes
powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number
gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap()
char/random: silence a lockdep splat with printk()
media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run()
pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins
efi/x86: Map the entire EFI vendor string before copying it
MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init()
sparc: Add .exit.data section.
uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()
usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe()
usb: dwc2: Fix IN FIFO allocation
clocksource/drivers/bcm2835_timer: Fix memory leak of timer
kselftest: Minimise dependency of get_size on C library interfaces
jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal
x86/sysfb: Fix check for bad VRAM size
tracing: Fix tracing_stat return values in error handling paths
tracing: Fix very unlikely race of registering two stat tracers
ext4, jbd2: ensure panic when aborting with zero errno
nbd: add a flush_workqueue in nbd_start_device
KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups
kconfig: fix broken dependency in randconfig-generated .config
clk: qcom: rcg2: Don't crash if our parent can't be found; return an error
drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table
regulator: rk808: Lower log level on optional GPIOs being not available
net/wan/fsl_ucc_hdlc: reject muram offsets above 64K
PCI/IOV: Fix memory leak in pci_iov_add_virtfn()
NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu().
arm64: dts: qcom: msm8996: Disable USB2 PHY suspend by core
ARM: dts: imx6: rdu2: Disable WP for USDHC2 and USDHC3
media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros
reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
fore200e: Fix incorrect checks of NULL pointer dereference
ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status
b43legacy: Fix -Wcast-function-type
ipw2x00: Fix -Wcast-function-type
iwlegacy: Fix -Wcast-function-type
rtlwifi: rtl_pci: Fix -Wcast-function-type
orinoco: avoid assertion in case of NULL pointer
ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1
scsi: ufs: Complete pending requests in host reset and restore path
scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
drm/mediatek: handle events when enabling/disabling crtc
ARM: dts: r8a7779: Add device node for ARM global timer
dmaengine: Store module owner in dma_device struct
x86/vdso: Provide missing include file
PM / devfreq: rk3399_dmc: Add COMPILE_TEST and HAVE_ARM_SMCCC dependency
pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs
RDMA/rxe: Fix error type of mmap_offset
clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock
ALSA: sh: Fix unused variable warnings
ALSA: sh: Fix compile warning wrt const
tools lib api fs: Fix gcc9 stringop-truncation compilation error
drm: remove the newline for CRC source name.
usbip: Fix unsafe unaligned pointer usage
udf: Fix free space reporting for metadata and virtual partitions
IB/hfi1: Add software counter for ctxt0 seq drop
soc/tegra: fuse: Correct straps' address for older Tegra124 device trees
efi/x86: Don't panic or BUG() on non-critical error conditions
rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls
Input: edt-ft5x06 - work around first register access error
wan: ixp4xx_hss: fix compile-testing on 64-bit
ASoC: atmel: fix build error with CONFIG_SND_ATMEL_SOC_DMA=m
tty: synclinkmp: Adjust indentation in several functions
tty: synclink_gt: Adjust indentation in several functions
driver core: platform: Prevent resouce overflow from causing infinite loops
driver core: Print device when resources present in really_probe()
vme: bridges: reduce stack usage
drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new()
drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw
drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler
drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add
usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue
iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE
f2fs: free sysfs kobject
scsi: iscsi: Don't destroy session if there are outstanding connections
arm64: fix alternatives with LLVM's integrated assembler
watchdog/softlockup: Enforce that timestamp is valid on boot
f2fs: fix memleak of kobject
x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd
pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional
cmd64x: potential buffer overflow in cmd64x_program_timings()
ide: serverworks: potential overflow in svwks_set_pio_mode()
pwm: Remove set but not set variable 'pwm'
btrfs: fix possible NULL-pointer dereference in integrity checks
btrfs: safely advance counter when looking up bio csums
btrfs: device stats, log when stats are zeroed
remoteproc: Initialize rproc_class before use
irqchip/mbigen: Set driver .suppress_bind_attrs to avoid remove problems
ALSA: hda/hdmi - add retry logic to parse_intel_hdmi()
x86/decoder: Add TEST opcode to Group3-2
s390/ftrace: generate traced function stack frame
driver core: platform: fix u32 greater or equal to zero comparison
ALSA: hda - Add docking station support for Lenovo Thinkpad T420s
powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record
jbd2: make sure ESHUTDOWN to be recorded in the journal superblock
ARM: 8951/1: Fix Kexec compilation issue.
hostap: Adjust indentation in prism2_hostapd_add_sta
iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop
cifs: fix NULL dereference in match_prepath
ceph: check availability of mds cluster on mount after wait timeout
irqchip/gic-v3: Only provision redistributors that are enabled in ACPI
drm/nouveau/disp/nv50-: prevent oops when no channel method map provided
ftrace: fpid_next() should increase position index
trigger_next should increase position index
radeon: insert 10ms sleep in dce5_crtc_load_lut
ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans()
lib/scatterlist.c: adjust indentation in __sg_alloc_table
reiserfs: prevent NULL pointer dereference in reiserfs_insert_item()
bcache: explicity type cast in bset_bkey_last()
irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building INVALL
iwlwifi: mvm: Fix thermal zone registration
microblaze: Prevent the overflow of the start
brd: check and limit max_part par
help_next should increase position index
virtio_balloon: prevent pfn array overflow
mlxsw: spectrum_dpipe: Add missing error path
selinux: ensure we cleanup the internal AVC counters on error in avc_update()
enic: prevent waking up stopped tx queues over watchdog reset
net: dsa: tag_qca: Make sure there is headroom for tag
net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS
net/sched: flower: add missing validation of TCA_FLOWER_FLAGS
net/smc: fix leak of kernel memory to user space
thunderbolt: Prevent crash if non-active NVMem file is read
USB: misc: iowarrior: add support for 2 OEMed devices
USB: misc: iowarrior: add support for the 28 and 28L devices
USB: misc: iowarrior: add support for the 100 device
floppy: check FDC index for errors before assigning it
vt: selection, handle pending signals in paste_selection
staging: android: ashmem: Disallow ashmem memory from being remapped
staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi.
xhci: Force Maximum Packet size for Full-speed bulk devices to valid range.
xhci: fix runtime pm enabling for quirky Intel hosts
usb: host: xhci: update event ring dequeue pointer on purpose
usb: uas: fix a plug & unplug racing
USB: Fix novation SourceControl XL after suspend
USB: hub: Don't record a connect-change event during reset-resume
USB: hub: Fix the broken detection of USB3 device in SMSC hub
staging: rtl8188eu: Fix potential security hole
staging: rtl8188eu: Fix potential overuse of kernel memory
staging: rtl8723bs: Fix potential security hole
staging: rtl8723bs: Fix potential overuse of kernel memory
x86/mce/amd: Publish the bank pointer only after setup has succeeded
x86/mce/amd: Fix kobject lifetime
tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode
tty: serial: imx: setup the correct sg entry for tx dma
serdev: ttyport: restore client ops on deregistration
MAINTAINERS: Update drm/i915 bug filing URL
Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()"
mm/vmscan.c: don't round up scan size for online memory cgroup
drm/amdgpu/soc15: fix xclk for raven
KVM: x86: don't notify userspace IOAPIC on edge-triggered interrupt EOI
xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms
VT_RESIZEX: get rid of field-by-field copyin
vt: vt_ioctl: fix race in VT_RESIZEX
serial: 8250: Check UPF_IRQ_SHARED in advance
lib/stackdepot.c: fix global out-of-bounds in stack_slabs
KVM: nVMX: Don't emulate instructions in guest mode
ext4: fix a data race in EXT4_I(inode)->i_disksize
ext4: add cond_resched() to __ext4_find_entry()
ext4: fix mount failure with quota configured as module
ext4: rename s_journal_flag_rwsem to s_writepages_rwsem
ext4: fix race between writepages and enabling EXT4_EXTENTS_FL
KVM: nVMX: Refactor IO bitmap checks into helper function
KVM: nVMX: Check IO instruction VM-exit conditions
KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1
KVM: apic: avoid calculating pending eoi from an uninitialized val
btrfs: fix bytes_may_use underflow in prealloc error condtition
btrfs: do not check delayed items are empty for single transaction cleanup
Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents
scsi: Revert "RDMA/isert: Fix a recently introduced regression related to logout"
scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session"
usb: gadget: composite: Fix bMaxPower for SuperSpeedPlus
staging: rtl8723bs: fix copy of overlapping memory
staging: greybus: use after free in gb_audio_manager_remove_all()
ecryptfs: replace BUG_ON with error handling code
iommu/vt-d: Fix compile warning from intel-svm.h
genirq/proc: Reject invalid affinity masks (again)
ALSA: rawmidi: Avoid bit fields for state flags
ALSA: seq: Avoid concurrent access to queue flags
ALSA: seq: Fix concurrent access to queue current tick/time
netfilter: xt_hashlimit: limit the max size of hashtable
ata: ahci: Add shutdown to freeze hardware resources of ahci
xen: Enable interrupts when calling _cond_resched()
s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in storage_key_init_range
Linux 4.14.172
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia229dbad24bf3cb8a718d73fc9eb86a053985985
|
||
Ioanna Alifieraki
|
122f23f4bc |
Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()"
commit edf28f4061afe4c2d9eb1c3323d90e882c1d6800 upstream.
This reverts commit a97955844807e327df11aa33869009d14d6b7de0.
Commit a97955844807 ("ipc,sem: remove uneeded sem_undo_list lock usage
in exit_sem()") removes a lock that is needed. This leads to a process
looping infinitely in exit_sem() and can also lead to a crash. There is
a reproducer available in [1] and with the commit reverted the issue
does not reproduce anymore.
Using the reproducer found in [1] is fairly easy to reach a point where
one of the child processes is looping infinitely in exit_sem between
for(;;) and if (semid == -1) block, while it's trying to free its last
sem_undo structure which has already been freed by freeary().
Each sem_undo struct is on two lists: one per semaphore set (list_id)
and one per process (list_proc). The list_id list tracks undos by
semaphore set, and the list_proc by process.
Undo structures are removed either by freeary() or by exit_sem(). The
freeary function is invoked when the user invokes a syscall to remove a
semaphore set. During this operation freeary() traverses the list_id
associated with the semaphore set and removes the undo structures from
both the list_id and list_proc lists.
For this case, exit_sem() is called at process exit. Each process
contains a struct sem_undo_list (referred to as "ulp") which contains
the head for the list_proc list. When the process exits, exit_sem()
traverses this list to remove each sem_undo struct. As in freeary(),
whenever a sem_undo struct is removed from list_proc, it is also removed
from the list_id list.
Removing elements from list_id is safe for both exit_sem() and freeary()
due to sem_lock(). Removing elements from list_proc is not safe;
freeary() locks &un->ulp->lock when it performs
list_del_rcu(&un->list_proc) but exit_sem() does not (locking was
removed by commit a97955844807 ("ipc,sem: remove uneeded sem_undo_list
lock usage in exit_sem()").
This can result in the following situation while executing the
reproducer [1] : Consider a child process in exit_sem() and the parent
in freeary() (because of semctl(sid[i], NSEM, IPC_RMID)).
- The list_proc for the child contains the last two undo structs A and
B (the rest have been removed either by exit_sem() or freeary()).
- The semid for A is 1 and semid for B is 2.
- exit_sem() removes A and at the same time freeary() removes B.
- Since A and B have different semid sem_lock() will acquire different
locks for each process and both can proceed.
The bug is that they remove A and B from the same list_proc at the same
time because only freeary() acquires the ulp lock. When exit_sem()
removes A it makes ulp->list_proc.next to point at B and at the same
time freeary() removes B setting B->semid=-1.
At the next iteration of for(;;) loop exit_sem() will try to remove B.
The only way to break from for(;;) is for (&un->list_proc ==
&ulp->list_proc) to be true which is not. Then exit_sem() will check if
B->semid=-1 which is and will continue looping in for(;;) until the
memory for B is reallocated and the value at B->semid is changed.
At that point, exit_sem() will crash attempting to unlink B from the
lists (this can be easily triggered by running the reproducer [1] a
second time).
To prove this scenario instrumentation was added to keep information
about each sem_undo (un) struct that is removed per process and per
semaphore set (sma).
CPU0 CPU1
[caller holds sem_lock(sma for A)] ...
freeary() exit_sem()
... ...
... sem_lock(sma for B)
spin_lock(A->ulp->lock) ...
list_del_rcu(un_A->list_proc) list_del_rcu(un_B->list_proc)
Undo structures A and B have different semid and sem_lock() operations
proceed. However they belong to the same list_proc list and they are
removed at the same time. This results into ulp->list_proc.next
pointing to the address of B which is already removed.
After reverting commit a97955844807 ("ipc,sem: remove uneeded
sem_undo_list lock usage in exit_sem()") the issue was no longer
reproducible.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1694779
Link: http://lkml.kernel.org/r/20191211191318.11860-1-ioanna-maria.alifieraki@canonical.com
Fixes: a97955844807 ("ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()")
Signed-off-by: Ioanna Alifieraki <ioanna-maria.alifieraki@canonical.com>
Acked-by: Manfred Spraul <manfred@colorfullife.com>
Acked-by: Herton R. Krzesinski <herton@redhat.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: <malat@debian.org>
Cc: Joel Fernandes (Google) <joel@joelfernandes.org>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Jay Vosburgh <jay.vosburgh@canonical.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
b9cd593b1b |
This is the 4.14.137 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1Js1wACgkQONu9yGCS
aT7BCg/+OpPQxylhBL9oIJ+bUrt5DWFMJzVOg7cjTOx1+e68nFLUxsr8/naqysXl
GGHBrVC68fxE9pkVd2fb1sxlhA73yfBKePmxEkCWfDNnTV4ZMYc2YzXJp+x4Git5
H11N/Yn9y1Yi4efu5WxwOXaGNv8V5YP+ie5EFd/undG8+s03caTzZW+aZliBI5mf
jl89Gv02FHFReZYmbyx4x14YZhyS6VJnIKzVM4d4nvkug/iDfRv2KiIMdLOIAI33
qQ2bLeMlPChs4UqcK4SCz/c9wgmcdqm6bsus67DHlTIX2NzQjrvulV/McHHGHmMc
JJj+EGe0hpuCgAoZNGDR/9fu5yBLunG/oGPZd+jLOAUhy6Usxj0keJHY/3hfwLIm
+vp0L+SKK2DyPQSxDjajbpUM8+Dt28sTpCZ5Gw3vM1bClnqpxawLdb08Jx9vw1Tu
5trsaW6YYQxfNUNBYv3AoHGOncq1tf0Wss/K/xp9oI/bUZnmce9XGQQW4umY1Zz3
KKVWDTUKY4/fZuqQFLcWRL7SR6fb+i9fpCBHO4qjNQqjPf9L+p1DbZP+0+WMDuQv
9oPJRMbX/8BevAr7RTA6Shd0lO4bsOgKrCQg3sdr7UyD74hhkfuFQp/cLxVekLtQ
/5ZlJbAvTAxGiSL8jvSCO+IH3gWFNMvzTJAoWEobU5ln3oSs1wg=
=vvRS
-----END PGP SIGNATURE-----
Merge 4.14.137 into android-4.14
Changes in 4.14.137
ARM: riscpc: fix DMA
ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200
ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again
ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
ftrace: Enable trampoline when rec count returns back to one
kernel/module.c: Only return -EEXIST for modules that have finished loading
MIPS: lantiq: Fix bitfield masking
dmaengine: rcar-dmac: Reject zero-length slave DMA requests
clk: tegra210: fix PLLU and PLLU_OUT1
fs/adfs: super: fix use-after-free bug
btrfs: fix minimum number of chunk errors for DUP
cifs: Fix a race condition with cifs_echo_request
ceph: fix improper use of smp_mb__before_atomic()
ceph: return -ERANGE if virtual xattr value didn't fit in buffer
ACPI: blacklist: fix clang warning for unused DMI table
scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
x86: kvm: avoid constant-conversion warning
ACPI: fix false-positive -Wuninitialized warning
be2net: Signal that the device cannot transmit during reconfiguration
x86/apic: Silence -Wtype-limits compiler warnings
x86: math-emu: Hide clang warnings for 16-bit overflow
mm/cma.c: fail if fixed declaration can't be honored
coda: add error handling for fget
coda: fix build using bare-metal toolchain
uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers
drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings
ipc/mqueue.c: only perform resource calculation if user valid
xen/pv: Fix a boot up hang revealed by int3 self test
x86/kvm: Don't call kvm_spurious_fault() from .fixup
x86/paravirt: Fix callee-saved function ELF sizes
x86, boot: Remove multiple copy of static function sanitize_boot_params()
drm/nouveau: fix memory leak in nouveau_conn_reset()
kbuild: initialize CLANG_FLAGS correctly in the top Makefile
Btrfs: fix incremental send failure after deduplication
Btrfs: fix race leading to fs corruption after transaction abort
mmc: dw_mmc: Fix occasional hang after tuning on eMMC
gpiolib: fix incorrect IRQ requesting of an active-low lineevent
IB/hfi1: Fix Spectre v1 vulnerability
selinux: fix memory leak in policydb_init()
s390/dasd: fix endless loop after read unit address configuration
parisc: Fix build of compressed kernel even with debug enabled
drivers/perf: arm_pmu: Fix failure path in PM notifier
nbd: replace kill_bdev() with __invalidate_device() again
xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
IB/mlx5: Fix unreg_umr to ignore the mkey state
IB/mlx5: Use direct mkey destroy command upon UMR unreg failure
IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache
IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification
IB/hfi1: Check for error on call to alloc_rsm_map_table
eeprom: at24: make spd world-readable again
objtool: Support GCC 9 cold subfunction naming scheme
gcc-9: properly declare the {pv,hv}clock_page storage
x86/vdso: Prevent segfaults due to hoisted vclock reads
x86/cpufeatures: Carve out CQM features retrieval
x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
x86/speculation: Enable Spectre v1 swapgs mitigations
x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
Documentation: Add swapgs description to the Spectre v1 documentation
Linux 4.14.137
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Kees Cook
|
8e993f711d |
ipc/mqueue.c: only perform resource calculation if user valid
[ Upstream commit a318f12ed8843cfac53198390c74a565c632f417 ]
Andreas Christoforou reported:
UBSAN: Undefined behaviour in ipc/mqueue.c:414:49 signed integer overflow:
9 * 2305843009213693951 cannot be represented in type 'long int'
...
Call Trace:
mqueue_evict_inode+0x8e7/0xa10 ipc/mqueue.c:414
evict+0x472/0x8c0 fs/inode.c:558
iput_final fs/inode.c:1547 [inline]
iput+0x51d/0x8c0 fs/inode.c:1573
mqueue_get_inode+0x8eb/0x1070 ipc/mqueue.c:320
mqueue_create_attr+0x198/0x440 ipc/mqueue.c:459
vfs_mkobj+0x39e/0x580 fs/namei.c:2892
prepare_open ipc/mqueue.c:731 [inline]
do_mq_open+0x6da/0x8e0 ipc/mqueue.c:771
Which could be triggered by:
struct mq_attr attr = {
.mq_flags = 0,
.mq_maxmsg = 9,
.mq_msgsize = 0x1fffffffffffffff,
.mq_curmsgs = 0,
};
if (mq_open("/testing", 0x40, 3, &attr) == (mqd_t) -1)
perror("mq_open");
mqueue_get_inode() was correctly rejecting the giant mq_msgsize, and
preparing to return -EINVAL. During the cleanup, it calls
mqueue_evict_inode() which performed resource usage tracking math for
updating "user", before checking if there was a valid "user" at all
(which would indicate that the calculations would be sane). Instead,
delay this check to after seeing a valid "user".
The overflow was real, but the results went unused, so while the flaw is
harmless, it's noisy for kernel fuzzers, so just fix it by moving the
calculation under the non-NULL "user" where it actually gets used.
Link: http://lkml.kernel.org/r/201906072207.ECB65450@keescook
Signed-off-by: Kees Cook <keescook@chromium.org>
Reported-by: Andreas Christoforou <andreaschristofo@gmail.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
cfee25d274 |
This is the 4.14.126 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl0EwHQACgkQONu9yGCS aT59Nw//Sex0+ddLTmmKWaW/gK/jia2JHRHMsE6SKPkfooF6tzbxrqWdSFDr5fNH OILFVDSkWSz6mcZP8ACuiajelKKcrBBrYRSaPbF4SQC5DH6ift64F3BgfC6z0zmU x4NDvm4lc0ppjLnwfOpqwgb51bLRVlEEx5JAHsdliNiB0unZ35O79Ef4yLATac3t M+5Fhw2Czi6v1Q5Fl3xsdS59rqP8mrx8WqiUB9Ym7r+u1ZsOoPTk90nzs7Q6EJI7 GIqy4YX7+MxT6bTFySFFgnX4fzqXHmtiy0evOf/xU/KfcN7IouiOcyYMz945F7VV b5dS9XBPEZJlmVth64/60Dy3X2tllrBP3qGZpacVs3BxTsGQJysPGMTq+G+zvx2z +pC0haJDVFEUINenUkuDLGJJdLdkzdBVOBJkdctgks5Y/X5aU+hz7wNCKw0U150K u4bjqDFtgSlx4PV3oZc1y9OLWI79+At+NJlvDB6W6KbCYJFwCDOu5DutV/9m1Y6B W3n6JTK5cfWhItTKFHN8EHVxr8bB9FFU7Xisa2leDPFbTUhZ3VoUEyzKrVbzstUx QZ3MCPtX+m7MUYQMagr6dxZWSgxdGJyKXaWBcYKaMP7tJgvVXLlQovhW545I8O3r j9k/cHRuQ/1x4d2bdTlh1lDZrDH+HQ+J5POGIIkoU7HfvFkytfk= =mqbn -----END PGP SIGNATURE----- Merge 4.14.126 into android-4.14 Changes in 4.14.126 rapidio: fix a NULL pointer dereference when create_workqueue() fails fs/fat/file.c: issue flush after the writeback of FAT sysctl: return -EINVAL if val violates minmax ipc: prevent lockup on alloc_msg and free_msg ARM: prevent tracing IPI_CPU_BACKTRACE mm/hmm: select mmu notifier when selecting HMM hugetlbfs: on restore reserve error path retain subpool reservation mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE mm/cma.c: fix crash on CMA allocation if bitmap allocation fails mm/cma.c: fix the bitmap status to show failed allocation reason mm/cma_debug.c: fix the break condition in cma_maxchunk_get() mm/slab.c: fix an infinite loop in leaks_show() kernel/sys.c: prctl: fix false positive in validate_prctl_map() thermal: rcar_gen3_thermal: disable interrupt in .remove drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER mfd: tps65912-spi: Add missing of table registration mfd: intel-lpss: Set the device in reset state when init drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration mfd: twl6040: Fix device init errors for ACCCTL register perf/x86/intel: Allow PEBS multi-entry in watermark mode drm/bridge: adv7511: Fix low refresh rate selection objtool: Don't use ignore flag for fake jumps EDAC/mpc85xx: Prevent building as a module pwm: meson: Use the spin-lock only to protect register modifications ntp: Allow TAI-UTC offset to be set to zero f2fs: fix to avoid panic in do_recover_data() f2fs: fix to clear dirty inode in error path of f2fs_iget() f2fs: fix to avoid panic in dec_valid_block_count() f2fs: fix to do sanity check on valid block count of segment percpu: remove spurious lock dependency between percpu and sched configfs: fix possible use-after-free in configfs_register_group uml: fix a boot splat wrt use of cpu_all_mask mmc: mmci: Prevent polling for busy detection in IRQ context watchdog: imx2_wdt: Fix set_timeout for big timeout values watchdog: fix compile time error of pretimeout governors blk-mq: move cancel of requeue_work into blk_mq_release iommu/vt-d: Set intel_iommu_gfx_mapped correctly misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test nvme-pci: unquiesce admin queue on shutdown ALSA: hda - Register irq handler after the chip initialization nvmem: core: fix read buffer in place fuse: retrieve: cap requested size to negotiated max_write nfsd: allow fh_want_write to be called twice vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING" x86/PCI: Fix PCI IRQ routing table memory leak platform/chrome: cros_ec_proto: check for NULL transfer function PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64 soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 soc: rockchip: Set the proper PWM for rk3288 ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx50: Specify IMX5_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx53: Specify IMX5_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA PCI: rpadlpar: Fix leaked device_node references in add/remove paths platform/x86: intel_pmc_ipc: adding error handling power: supply: max14656: fix potential use-before-alloc PCI: rcar: Fix a potential NULL pointer dereference PCI: rcar: Fix 64bit MSI message address handling video: hgafb: fix potential NULL pointer dereference video: imsttfb: fix potential NULL pointer dereferences block, bfq: increase idling for weight-raised queues PCI: xilinx: Check for __get_free_pages() failure gpio: gpio-omap: add check for off wake capable gpios dmaengine: idma64: Use actual device for DMA transfers pwm: tiehrpwm: Update shadow register for disabling PWMs ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa pwm: Fix deadlock warning when removing PWM device ARM: exynos: Fix undefined instruction during Exynos5422 resume usb: typec: fusb302: Check vconn is off when we start toggling gpio: vf610: Do not share irq_chip percpu: do not search past bitmap when allocating an area Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" Revert "drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)" drm: don't block fb changes for async plane updates ALSA: seq: Cover unsubscribe_port() in list_mutex Linux 4.14.126 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Li Rongqing
|
bcdabf7f7e |
ipc: prevent lockup on alloc_msg and free_msg
[ Upstream commit d6a2946a88f524a47cc9b79279667137899db807 ] msgctl10 of ltp triggers the following lockup When CONFIG_KASAN is enabled on large memory SMP systems, the pages initialization can take a long time, if msgctl10 requests a huge block memory, and it will block rcu scheduler, so release cpu actively. After adding schedule() in free_msg, free_msg can not be called when holding spinlock, so adding msg to a tmp list, and free it out of spinlock rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: rcu: Tasks blocked on level-1 rcu_node (CPUs 16-31): P32505 rcu: Tasks blocked on level-1 rcu_node (CPUs 48-63): P34978 rcu: (detected by 11, t=35024 jiffies, g=44237529, q=16542267) msgctl10 R running task 21608 32505 2794 0x00000082 Call Trace: preempt_schedule_irq+0x4c/0xb0 retint_kernel+0x1b/0x2d RIP: 0010:__is_insn_slot_addr+0xfb/0x250 Code: 82 1d 00 48 8b 9b 90 00 00 00 4c 89 f7 49 c1 ee 03 e8 59 83 1d 00 48 b8 00 00 00 00 00 fc ff df 4c 39 eb 48 89 9d 58 ff ff ff <41> c6 04 06 f8 74 66 4c 8d 75 98 4c 89 f1 48 c1 e9 03 48 01 c8 48 RSP: 0018:ffff88bce041f758 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 RAX: dffffc0000000000 RBX: ffffffff8471bc50 RCX: ffffffff828a2a57 RDX: dffffc0000000000 RSI: dffffc0000000000 RDI: ffff88bce041f780 RBP: ffff88bce041f828 R08: ffffed15f3f4c5b3 R09: ffffed15f3f4c5b3 R10: 0000000000000001 R11: ffffed15f3f4c5b2 R12: 000000318aee9b73 R13: ffffffff8471bc50 R14: 1ffff1179c083ef0 R15: 1ffff1179c083eec kernel_text_address+0xc1/0x100 __kernel_text_address+0xe/0x30 unwind_get_return_address+0x2f/0x50 __save_stack_trace+0x92/0x100 create_object+0x380/0x650 __kmalloc+0x14c/0x2b0 load_msg+0x38/0x1a0 do_msgsnd+0x19e/0xcf0 do_syscall_64+0x117/0x400 entry_SYSCALL_64_after_hwframe+0x49/0xbe rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: rcu: Tasks blocked on level-1 rcu_node (CPUs 0-15): P32170 rcu: (detected by 14, t=35016 jiffies, g=44237525, q=12423063) msgctl10 R running task 21608 32170 32155 0x00000082 Call Trace: preempt_schedule_irq+0x4c/0xb0 retint_kernel+0x1b/0x2d RIP: 0010:lock_acquire+0x4d/0x340 Code: 48 81 ec c0 00 00 00 45 89 c6 4d 89 cf 48 8d 6c 24 20 48 89 3c 24 48 8d bb e4 0c 00 00 89 74 24 0c 48 c7 44 24 20 b3 8a b5 41 <48> c1 ed 03 48 c7 44 24 28 b4 25 18 84 48 c7 44 24 30 d0 54 7a 82 RSP: 0018:ffff88af83417738 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 RAX: dffffc0000000000 RBX: ffff88bd335f3080 RCX: 0000000000000002 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88bd335f3d64 RBP: ffff88af83417758 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: ffffed13f3f745b2 R12: 0000000000000000 R13: 0000000000000002 R14: 0000000000000000 R15: 0000000000000000 is_bpf_text_address+0x32/0xe0 kernel_text_address+0xec/0x100 __kernel_text_address+0xe/0x30 unwind_get_return_address+0x2f/0x50 __save_stack_trace+0x92/0x100 save_stack+0x32/0xb0 __kasan_slab_free+0x130/0x180 kfree+0xfa/0x2d0 free_msg+0x24/0x50 do_msgrcv+0x508/0xe60 do_syscall_64+0x117/0x400 entry_SYSCALL_64_after_hwframe+0x49/0xbe Davidlohr said: "So after releasing the lock, the msg rbtree/list is empty and new calls will not see those in the newly populated tmp_msg list, and therefore they cannot access the delayed msg freeing pointers, which is good. Also the fact that the node_cache is now freed before the actual messages seems to be harmless as this is wanted for msg_insert() avoiding GFP_ATOMIC allocations, and after releasing the info->lock the thing is freed anyway so it should not change things" Link: http://lkml.kernel.org/r/1552029161-4957-1-git-send-email-lirongqing@baidu.com Signed-off-by: Li RongQing <lirongqing@baidu.com> Signed-off-by: Zhang Yu <zhangyu31@baidu.com> Reviewed-by: Davidlohr Bueso <dbueso@suse.de> Cc: Manfred Spraul <manfred@colorfullife.com> Cc: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
6fff4be48e |
This is the 4.14.68 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAluPhTQACgkQONu9yGCS
aT7uMA/9GlKiVnqhXCRDZUS6zbbflwFRQK3nkXQ1xi4hGea6HzDJO1ADvmB36SQC
I/stuXN4pA0k2kuCLijqzVE7h4DA7S3Jemok+gISFxJH7tib2fsDFVEu1fN+e8xE
Npd16tdb0KKAGDCuuYtRatpWdmmsCqdVU51wtLTvOMq19vT2w2E+2gKTgzQkehTp
Bo6aF33bhfiWB/trea2lFFKpkrFF92bZubgx/NK8MW799XQvnWN8OkSSt85WfqdA
kFfcJSJF32s+q10BsZfapPuEzxbnlsB97/SvoW2hHQmAm4T8f/78nGD5/N8kAS2C
ZuKElZnZAyR0gv+4G4M3Bz1GU/vPQ7yh9zIIKW99FdsvY9Q1uilJBtRa6uuViOiu
3NoBFfYtOY2J7jp41gJeNctrMvSgfUSiiNgw+rP5eUbydsFMezcAgj6DmroyJtkY
Wt3VAvREtOzSyjet7IYrod1Qj9xJmGKJDQ5iRLwjjV2CVyFyxf94CTb6gJf/9A4u
YOCugisS/bix6hncjlKzf+EZN1YXXLX0olB4Smuv5C7UpmAWX2dLQGqhbxVSeJUh
zCC6vEX/Z86HtL4SVUSqgRoDi8URLQAftTU0mqPtP34qlYTOBGvlVJM9Dhe183Pg
bXpye3WpWSgKujrPY6j336A5QjzLpywUZCREmlcG9CatRO5j0F4=
=dt34
-----END PGP SIGNATURE-----
Merge 4.14.68 into android-4.14
Changes in 4.14.68
crypto: vmx - Use skcipher for ctr fallback
vti6: fix PMTU caching and reporting on xmit
xfrm: fix missing dst_release() after policy blocking lbcast and multicast
xfrm: free skb if nlsk pointer is NULL
esp6: fix memleak on error path in esp6_input
mac80211: add stations tied to AP_VLANs during hw reconfig
ext4: clear mmp sequence number when remounting read-only
nl80211: Add a missing break in parse_station_flags
drm/bridge: adv7511: Reset registers on hotplug
scsi: target: iscsi: cxgbit: fix max iso npdu calculation
scsi: libiscsi: fix possible NULL pointer dereference in case of TMF
drm/imx: imx-ldb: disable LDB on driver bind
drm/imx: imx-ldb: check if channel is enabled before printing warning
nbd: don't requeue the same request twice.
nbd: handle unexpected replies better
usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in init_controller()
usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in r8a66597_queue()
usb: gadget: f_uac2: fix error handling in afunc_bind (again)
usb: gadget: u_audio: fix pcm/card naming in g_audio_setup()
usb: gadget: u_audio: update hw_ptr in iso_complete after data copied
usb: gadget: u_audio: remove caching of stream buffer parameters
usb: gadget: u_audio: remove cached period bytes value
usb: gadget: u_audio: protect stream runtime fields with stream spinlock
usb/phy: fix PPC64 build errors in phy-fsl-usb.c
tools: usb: ffs-test: Fix build on big endian systems
usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3'
netfilter: nft_set_hash: add rcu_barrier() in the nft_rhash_destroy()
bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd
netfilter: nf_tables: fix memory leaks on chain rename
netfilter: nf_tables: don't allow to rename to already-pending name
KVM: vmx: use local variable for current_vmptr when emulating VMPTRST
tools/power turbostat: fix -S on UP systems
net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
qed: Fix link flap issue due to mismatching EEE capabilities.
qed: Fix possible race for the link state value.
qed: Correct Multicast API to reflect existence of 256 approximate buckets.
atl1c: reserve min skb headroom
net: prevent ISA drivers from building on PPC32
can: mpc5xxx_can: check of_iomap return before use
can: m_can: Move accessing of message ram to after clocks are enabled
i2c: davinci: Avoid zero value of CLKH
perf/x86/amd/ibs: Don't access non-started event
media: staging: omap4iss: Include asm/cacheflush.h after generic includes
bnx2x: Fix invalid memory access in rss hash config path.
qmi_wwan: fix interface number for DW5821e production firmware
net: axienet: Fix double deregister of mdio
locking/rtmutex: Allow specifying a subclass for nested locking
i2c/mux, locking/core: Annotate the nested rt_mutex usage
sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE
x86/boot: Fix if_changed build flip/flop bug
fscache: Allow cancelled operations to be enqueued
cachefiles: Fix refcounting bug in backing-file read monitoring
cachefiles: Wait rather than BUG'ing on "Unexpected object collision"
selftests/ftrace: Add snapshot and tracing_on test case
hinic: Link the logical network device to the pci device in sysfs
ipc/sem.c: prevent queue.status tearing in semop
zswap: re-check zswap_is_full() after do zswap_shrink()
tools/power turbostat: Read extended processor family from CPUID
Revert "MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum"
ARC: dma [non-IOC] setup SMP_CACHE_BYTES and cache_line_size
bpf: use GFP_ATOMIC instead of GFP_KERNEL in bpf_parse_prog()
nfp: flower: fix port metadata conversion bug
enic: handle mtu change for vf properly
ARC: [plat-eznps] Add missing struct nps_host_reg_aux_dpc
arc: [plat-eznps] fix data type errors in platform headers
arc: [plat-eznps] fix printk warning in arc/plat-eznps/mtm.c
arc: fix build errors in arc/include/asm/delay.h
arc: fix type warnings in arc/mm/cache.c
sparc/time: Add missing __init to init_tick_ops()
sparc: use asm-generic version of msi.h
enic: do not call enic_change_mtu in enic_probe
squashfs metadata 2: electric boogaloo
mm: delete historical BUG from zap_pmd_range()
Squashfs: Compute expected length from inode size rather than block length
drivers: net: lmc: fix case value for target abort error
memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure
gpiolib-acpi: make sure we trigger edge events at least once on boot
scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send
scsi: fcoe: drop frames in ELS LOGO error path
scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO
scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED
mm/memory.c: check return value of ioremap_prot
mei: don't update offset in write
cifs: add missing debug entries for kconfig options
cifs: check kmalloc before use
smb3: enumerating snapshots was leaving part of the data off end
smb3: Do not send SMB3 SET_INFO if nothing changed
smb3: don't request leases in symlink creation and query
smb3: fill in statfs fsid and correct namelen
btrfs: use correct compare function of dirty_metadata_bytes
btrfs: don't leak ret from do_chunk_alloc
Btrfs: fix btrfs_write_inode vs delayed iput deadlock
iommu/arm-smmu: Error out only if not enough context interrupts
printk: Split the code for storing a message into the log buffer
printk: Create helper function to queue deferred console handling
printk/nmi: Prevent deadlock when accessing the main log buffer in NMI
kprobes/arm64: Fix %p uses in error messages
arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid()
arm64: dts: rockchip: corrected uart1 clock-names for rk3328
KVM: arm/arm64: Skip updating PMD entry if no change
KVM: arm/arm64: Skip updating PTE entry if no change
s390/kvm: fix deadlock when killed by oom
stop_machine: Reflow cpu_stop_queue_two_works()
stop_machine: Atomically queue and wake stopper threads
ext4: check for NUL characters in extended attribute's name
ext4: sysfs: print ext4_super_block fields as little-endian
ext4: reset error code in ext4_find_entry in fallback
nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event
platform/x86: ideapad-laptop: Apply no_hw_rfkill to Y20-15IKBM, too
mm: move tlb_table_flush to tlb_flush_mmu_free
mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE
x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM
x86/speculation/l1tf: Suggest what to do on systems with too much RAM
x86/vdso: Fix vDSO build if a retpoline is emitted
x86/process: Re-export start_thread()
KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
x86/kvm/vmx: Remove duplicate l1d flush definitions
fuse: Don't access pipe->buffers without pipe_lock()
fuse: fix initial parallel dirops
fuse: fix double request_end()
fuse: fix unlocked access to processing queue
fuse: umount should wait for all requests
fuse: Fix oops at process_init_reply()
fuse: Add missed unlock_page() to fuse_readpages_fill()
udl-kms: change down_interruptible to down
udl-kms: handle allocation failure
udl-kms: fix crash due to uninitialized memory
udl-kms: avoid division
b43legacy/leds: Ensure NUL-termination of LED name string
b43/leds: Ensure NUL-termination of LED name string
ASoC: dpcm: don't merge format from invalid codec dai
ASoC: zte: Fix incorrect PCM format bit usages
ASoC: sirf: Fix potential NULL pointer dereference
pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show()
x86/vdso: Fix lsl operand order
x86/nmi: Fix NMI uaccess race against CR3 switching
x86/irqflags: Mark native_restore_fl extern inline
x86/spectre: Add missing family 6 check to microcode check
x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
hwmon: (nct6775) Fix potential Spectre v1
x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit()
s390/mm: fix addressing exception after suspend/resume
s390: fix br_r1_trampoline for machines without exrl
s390/qdio: reset old sbal_state flags
s390/numa: move initial setup of node_to_cpumask_map
s390/pci: fix out of bounds access during irq setup
kprobes/arm: Fix %p uses in error messages
kprobes: Make list and blacklist root user read only
MIPS: Correct the 64-bit DSP accumulator register size
MIPS: Always use -march=<arch>, not -<arch> shortcuts
MIPS: Change definition of cpu_relax() for Loongson-3
MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7
tpm: Return the actual size when receiving an unsupported command
scsi: mpt3sas: Fix _transport_smp_handler() error path
scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock
iscsi target: fix session creation failure handling
clk: rockchip: fix clk_i2sout parent selection bits on rk3399
PM / clk: signedness bug in of_pm_clk_add_clks()
power: generic-adc-battery: fix out-of-bounds write when copying channel properties
power: generic-adc-battery: check for duplicate properties copied from iio channels
watchdog: Mark watchdog touch functions as notrace
cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
gcc-plugins: Add include required by GCC release 8
gcc-plugins: Use dynamic initializers
Linux 4.14.68
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Davidlohr Bueso
|
92c159863d |
ipc/sem.c: prevent queue.status tearing in semop
[ Upstream commit f075faa300acc4f6301e348acde0a4580ed5f77c ] In order for load/store tearing prevention to work, _all_ accesses to the variable in question need to be done around READ and WRITE_ONCE() macros. Ensure everyone does so for q->status variable for semtimedop(). Link: http://lkml.kernel.org/r/20180717052654.676-1-dave@stgolabs.net Signed-off-by: Davidlohr Bueso <dbueso@suse.de> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
503f6fecb8 |
This is the 4.14.45 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlsOPCoACgkQONu9yGCS aT4vYBAAoESFP3oUtpyrPQU2yWQx7sRq/Dd8WyNlHlq2nRU8Y42ynB8TdRpAIces 3aP7vPwFLaK4H0SZt4oA+NialRMhC/bN6BmKaoTUXq2nmE2XzDkcPDu0zHnqQt9C vc5wa2hd+H95wj9cdkkPwdlmgVhHztowJ3uqqNaPql2MVjDLKxziNVMv7lAIGPk3 TycD9SihGAEKFjI2WIXaX6hm+3gGRnuK2ovlqnlF24dLRFiGIBL+fUp5ZGoxVlRP W260tQnTv/TvWUJ7V3x6rZ04kgV7LcaZrwSyN7GLJmhoi9Bw0BmL1N3cEAfEZdy2 YoGqDemLW9bEiHBhFuPOcFr7tyAz8EsVH4/KUwkIMgWNbV8DmTKT2nbfzG9ju6Hb q9q3OJyLPBamGxTuiXUspRhQJrVrMX6sahHQDj5786AVgBDoGVFw1d+v9kJCoSAv lnA7qTbCFeq288dJ3sU7OZhmApC1oMPjMjmfVWwuQKBz81xqsquAjQRkBY3Odw+j yreZ9PS2Krk3bpf9QoDf/NGM+zpFyyy3xbrHpMkIEv48VGYrpe0nP6TZRfEgF65L 036uZCPzpH+vFdyjMPWUPPXGZCD7q6DGk+wKit2eMFKOXB477yKA2+qAWs0GAeKo g7N0Rql7YZQK+Zu+1YvtfqF4WUBBP0uAb7FSuyVKVIzI3LfPCQk= =m2qv -----END PGP SIGNATURE----- Merge 4.14.45 into android-4.14 Changes in 4.14.45 MIPS: c-r4k: Fix data corruption related to cache coherence MIPS: ptrace: Expose FIR register through FP regset MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" affs_lookup(): close a race with affs_remove_link() fs: don't scan the inode cache before SB_BORN is set aio: fix io_destroy(2) vs. lookup_ioctx() race ALSA: timer: Fix pause event notification do d_instantiate/unlock_new_inode combinations safely mmc: sdhci-iproc: remove hard coded mmc cap 1.8v mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus libata: Blacklist some Sandisk SSDs for NCQ libata: blacklist Micron 500IT SSD with MU01 firmware xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros arm64: lse: Add early clobbers to some input/output asm operands powerpc/64s: Clear PCR on boot IB/hfi1: Use after free race condition in send context error path IB/umem: Use the correct mm during ib_umem_release sr: pass down correctly sized SCSI sense buffer idr: fix invalid ptr dereference on item delete Revert "ipc/shm: Fix shmat mmap nil-page protection" ipc/shm: fix shmat() nil address after round-down when remapping mm/kasan: don't vfree() nonexistent vm_area kasan: free allocated shadow memory on MEM_CANCEL_ONLINE kasan: fix memory hotplug during boot kernel/sys.c: fix potential Spectre v1 issue KVM/VMX: Expose SSBD properly to guests KVM: s390: vsie: fix < 8k check for the itdba KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed kvm: x86: IA32_ARCH_CAPABILITIES is always supported x86/kvm: fix LAPIC timer drift when guest uses periodic mode powerpc/64s: Improve RFI L1-D cache flush fallback powerpc/pseries: Support firmware disable of RFI flush powerpc/powernv: Support firmware disable of RFI flush powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again powerpc/rfi-flush: Always enable fallback flush on pseries powerpc/rfi-flush: Differentiate enabled and patched flush types powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags powerpc: Add security feature flags for Spectre/Meltdown powerpc/pseries: Set or clear security feature flags powerpc/powernv: Set or clear security feature flags powerpc/64s: Move cpu_show_meltdown() powerpc/64s: Enhance the information in cpu_show_meltdown() powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() powerpc/64s: Wire up cpu_show_spectre_v1() powerpc/64s: Wire up cpu_show_spectre_v2() powerpc/pseries: Fix clearing of security feature flags powerpc: Move default security feature flags powerpc/pseries: Restore default security feature flags on setup powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit MIPS: generic: Fix machine compatible matching mac80211: mesh: fix wrong mesh TTL offset calculation ARC: Fix malformed ARC_EMUL_UNALIGNED default ptr_ring: prevent integer overflow when calculating size arm64: dts: rockchip: fix rock64 gmac2io stability issues arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire libata: Fix compile warning with ATA_DEBUG enabled selftests: sync: missing CFLAGS while compiling selftest/vDSO: fix O= selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m selftests: memfd: add config fragment for fuse ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt ARM: OMAP3: Fix prm wake interrupt for resume ARM: OMAP2+: Fix sar_base inititalization for HS omaps ARM: OMAP1: clock: Fix debugfs_create_*() usage ibmvnic: Wait until reset is complete to set carrier on ibmvnic: Free RX socket buffer in case of adapter error ibmvnic: Clean RX pool buffers during device close tls: retrun the correct IV in getsockopt xhci: workaround for AMD Promontory disabled ports wakeup IB/uverbs: Fix method merging in uverbs_ioctl_merge IB/uverbs: Fix possible oops with duplicate ioctl attributes IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy arm64: dts: rockchip: Fix DWMMC clocks ARM: dts: rockchip: Fix DWMMC clocks iwlwifi: mvm: fix security bug in PN checking iwlwifi: mvm: fix IBSS for devices that support station type API iwlwifi: mvm: always init rs with 20mhz bandwidth rates NFC: llcp: Limit size of SDP URI rxrpc: Work around usercopy check MD: Free bioset when md_run fails md: fix md_write_start() deadlock w/o metadata devices s390/dasd: fix handling of internal requests xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 mac80211: fix a possible leak of station stats mac80211: fix calling sleeping function in atomic context cfg80211: clear wep keys after disconnection mac80211: Do not disconnect on invalid operating class mac80211: Fix sending ADDBA response for an ongoing session gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle md raid10: fix NULL deference in handle_write_completed() drm/exynos: g2d: use monotonic timestamps drm/exynos: fix comparison to bitshift when dealing with a mask drm/meson: fix vsync buffer update arm64: perf: correct PMUVer probing RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails RDMA/bnxt_re: Fix system crash during load/unload ibmvnic: Check for NULL skb's in NAPI poll routine net/mlx5e: Return error if prio is specified when offloading eswitch vlan push locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() md: raid5: avoid string overflow warning virtio_net: fix XDP code path in receive_small() kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE bug.h: work around GCC PR82365 in BUG() selftests/memfd: add run_fuse_test.sh to TEST_FILES seccomp: add a selftest for get_metadata soc: imx: gpc: de-register power domains only if initialized powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access s390/cio: fix ccw_device_start_timeout API s390/cio: fix return code after missing interrupt s390/cio: clear timer when terminating driver I/O selftests/bpf/test_maps: exit child process without error in ENOMEM case PKCS#7: fix direct verification of SignerInfo signature arm64: dts: cavium: fix PCI bus dtc warnings nfs: system crashes after NFS4ERR_MOVED recovery ARM: OMAP: Fix dmtimer init for omap1 smsc75xx: fix smsc75xx_set_features() regulatory: add NUL to request alpha2 integrity/security: fix digsig.c build error with header file x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations mac80211: drop frames with unexpected DS bits from fast-rx to slow path arm64: fix unwind_frame() for filtered out fn for function graph tracing macvlan: fix use-after-free in macvlan_common_newlink() KVM: nVMX: Don't halt vcpu when L1 is injecting events to L2 kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds ARM: dts: imx6dl: Include correct dtsi file for Engicam i.CoreM6 DualLite/Solo RQS fs: dcache: Avoid livelock between d_alloc_parallel and __d_add fs: dcache: Use READ_ONCE when accessing i_dir_seq md: fix a potential deadlock of raid5/raid10 reshape md/raid1: fix NULL pointer dereference batman-adv: fix packet checksum in receive path batman-adv: invalidate checksum on fragment reassembly netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount netfilter: ipt_CLUSTERIP: put config instead of freeing it netfilter: ebtables: convert BUG_ONs to WARN_ONs batman-adv: Ignore invalid batadv_iv_gw during netlink send batman-adv: Ignore invalid batadv_v_gw during netlink send batman-adv: Fix netlink dumping of BLA claims batman-adv: Fix netlink dumping of BLA backbones nvme-pci: Fix nvme queue cleanup if IRQ setup fails clocksource/drivers/fsl_ftm_timer: Fix error return checking libceph, ceph: avoid memory leak when specifying same option several times ceph: fix dentry leak when failing to init debugfs xen/pvcalls: fix null pointer dereference on map->sock ARM: orion5x: Revert commit 4904dbda41c8. qrtr: add MODULE_ALIAS macro to smd selftests/futex: Fix line continuation in Makefile r8152: fix tx packets accounting virtio-gpu: fix ioctl and expose the fixed status to userspace. dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 bcache: fix kcrashes with fio in RAID5 backend dev ip_gre: fix IFLA_MTU ignored on NEWLINK ip6_tunnel: fix IFLA_MTU ignored on NEWLINK sit: fix IFLA_MTU ignored on NEWLINK nbd: fix return value in error handling path ARM: dts: NSP: Fix amount of RAM on BCM958625HR ARM: dts: bcm283x: Fix unit address of local_intc powerpc/boot: Fix random libfdt related build errors clocksource/drivers/mips-gic-timer: Use correct shift count to extract data gianfar: Fix Rx byte accounting for ndev stats net/tcp/illinois: replace broken algorithm reference link nvmet: fix PSDT field check in command format net/smc: use link_id of server in confirm link reply mlxsw: core: Fix flex keys scratchpad offset conflict mlxsw: spectrum: Treat IPv6 unregistered multicast as broadcast spectrum: Reference count VLAN entries ARC: mcip: halt GFRC counter when ARC cores halt ARC: mcip: update MCIP debug mask when the new cpu came online ARC: setup cpu possible mask according to possible-cpus dts property ipvs: remove IPS_NAT_MASK check to fix passive FTP IB/mlx: Set slid to zero in Ethernet completion struct RDMA/bnxt_re: Unconditionly fence non wire memory operations RDMA/bnxt_re: Fix incorrect DB offset calculation RDMA/bnxt_re: Fix the ib_reg failure cleanup xen/pirq: fix error path cleanup when binding MSIs drm/amd/amdgpu: Correct VRAM width for APUs with GMC9 xfrm: Fix ESN sequence number handling for IPsec GSO packets. arm64: dts: rockchip: Fix rk3399-gru-* s2r (pinctrl hogs, wifi reset) drm/sun4i: Fix dclk_set_phase btrfs: use kvzalloc to allocate btrfs_fs_info Btrfs: send, fix issuing write op when processing hole in no data mode Btrfs: fix log replay failure after linking special file and fsync ceph: fix potential memory leak in init_caches() block: display the correct diskname for bio nvme-pci: Fix EEH failure on ppc nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable net: ethtool: don't ignore return from driver get_fecparam method iwlwifi: mvm: fix TX of CCMP 256 iwlwifi: mvm: Fix channel switch for count 0 and 1 iwlwifi: mvm: fix assert 0x2B00 on older FWs iwlwifi: avoid collecting firmware dump if not loaded iwlwifi: mvm: fix "failed to remove key" message iwlwifi: mvm: Direct multicast frames to the correct station iwlwifi: mvm: Correctly set the tid for mcast queue rds: Incorrect reference counting in TCP socket creation watchdog: f71808e_wdt: Fix magic close handling watchdog: sbsa: use 32-bit read for WCV batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag hv_netvsc: use napi_schedule_irqoff hv_netvsc: filter multicast/broadcast hv_netvsc: propagate rx filters to VF ARM: dts: rockchip: Add missing #sound-dai-cells on rk3288 perf record: Fix crash in pipe mode e1000e: Fix check_for_link return value with autoneg off e1000e: allocate ring descriptors with dma_zalloc_coherent ia64/err-inject: Use get_user_pages_fast() RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA RDMA/qedr: Fix iWARP write and send with immediate IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). fsl/fman: avoid sleeping in atomic context while adding an address qed: Free RoCE ILT Memory on rmmod qedr net: qcom/emac: Use proper free methods during TX net: smsc911x: Fix unload crash when link is up IB/core: Fix possible crash to access NULL netdev cxgb4: do not set needs_free_netdev for mgmt dev's xen-blkfront: move negotiate_mq to cover all cases of new VBDs xen: xenbus: use put_device() instead of kfree() hv_netvsc: fix filter flags hv_netvsc: fix locking for rx_mode hv_netvsc: fix locking during VF setup ARM: davinci: fix the GPIO lookup for omapl138-hawk arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery selftests/vm/run_vmtests: adjust hugetlb size according to nr_cpus lib/test_kmod.c: fix limit check on number of test devices created dmaengine: mv_xor_v2: Fix clock resource by adding a register clock netfilter: ebtables: fix erroneous reject of last rule can: m_can: change comparison to bitshift when dealing with a mask can: m_can: select pinctrl state in each suspend/resume function bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). workqueue: use put_device() instead of kfree() ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu sunvnet: does not support GSO for sctp KVM: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending gpu: ipu-v3: prg: avoid possible array underflow drm/imx: move arming of the vblank event to atomic_flush drm/nouveau/bl: fix backlight regression xfrm: fix rcu_read_unlock usage in xfrm_local_error iwlwifi: mvm: set the correct tid when we flush the MCAST sta iwlwifi: mvm: Correctly set IGTK for AP iwlwifi: mvm: fix error checking for multi/broadcast sta net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off vlan: Fix out of order vlan headers with reorder header off batman-adv: fix header size check in batadv_dbg_arp() net/sched: fix NULL dereference in the error path of tcf_sample_init() batman-adv: Fix skbuff rcsum on packet reroute vti4: Don't count header length twice on tunnel setup ip_tunnel: Clamp MTU to bounds on new link vti4: Don't override MTU passed on link creation via IFLA_MTU vti6: Fix dev->max_mtu setting iwlwifi: mvm: Increase session protection time after CS iwlwifi: mvm: clear tx queue id when unreserving aggregation queue iwlwifi: mvm: make sure internal station has a valid id iwlwifi: mvm: fix array out of bounds reference drm/tegra: Shutdown on driver unbind perf/cgroup: Fix child event counting bug brcmfmac: Fix check for ISO3166 code kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races RDMA/ucma: Correct option size check using optlen RDMA/qedr: fix QP's ack timeout configuration RDMA/qedr: Fix rc initialization on CNQ allocation failure RDMA/qedr: Fix QP state initialization race net/sched: fix idr leak on the error path of tcf_bpf_init() net/sched: fix idr leak in the error path of tcf_simp_init() net/sched: fix idr leak in the error path of tcf_act_police_init() net/sched: fix idr leak in the error path of tcp_pedit_init() net/sched: fix idr leak in the error path of __tcf_ipt_init() net/sched: fix idr leak in the error path of tcf_skbmod_init() net: dsa: Fix functional dsa-loop dependency on FIXED_PHY drm/ast: Fixed 1280x800 Display Issue mm/mempolicy.c: avoid use uninitialized preferred_node mm, thp: do not cause memcg oom for thp xfrm: Fix transport mode skb control buffer usage. selftests: ftrace: Add probe event argument syntax testcase selftests: ftrace: Add a testcase for string type with kprobe_event selftests: ftrace: Add a testcase for probepoint drm/amdkfd: Fix scratch memory with HWS enabled batman-adv: fix multicast-via-unicast transmission with AP isolation batman-adv: fix packet loss for broadcasted DHCP packets to a server ARM: 8748/1: mm: Define vdso_start, vdso_end as array lan78xx: Set ASD in MAC_CR when EEE is enabled. net: qmi_wwan: add BroadMobi BM806U 2020:2033 bonding: fix the err path for dev hwaddr sync in bond_enslave net: dsa: mt7530: fix module autoloading for OF platform drivers net/mlx5: Make eswitch support to depend on switchdev perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs x86/alternatives: Fixup alternative_call_2 llc: properly handle dev_queue_xmit() return value builddeb: Fix header package regarding dtc source links qede: Fix barrier usage after tx doorbell write. mm, slab: memcg_link the SLAB's kmem_cache mm/page_owner: fix recursion bug after changing skip entries mm/vmstat.c: fix vmstat_update() preemption BUG mm/kmemleak.c: wait for scan completion before disabling free hv_netvsc: enable multicast if necessary qede: Do not drop rx-checksum invalidated packets. net: Fix untag for vlan packets without ethernet header vlan: Fix vlan insertion for packets without ethernet header net: mvneta: fix enable of all initialized RXQs sh: fix debug trap failure to process signals before return to user firmware: dmi_scan: Fix UUID length safety check nvme: don't send keep-alives to the discovery controller Btrfs: clean up resources during umount after trans is aborted Btrfs: fix loss of prealloc extents past i_size after fsync log replay x86/pgtable: Don't set huge PUD/PMD on non-leaf entries x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table swap: divide-by-zero when zero length swap file on ssd z3fold: fix memory leak sr: get/drop reference to device in revalidate and check_events Force log to disk before reading the AGF during a fstrim cpufreq: CPPC: Initialize shared perf capabilities of CPUs powerpc/fscr: Enable interrupts earlier before calling get_user() perf tools: Fix perf builds with clang support perf clang: Add support for recent clang versions dp83640: Ensure against premature access to PHY registers after reset ibmvnic: Zero used TX descriptor counter on reset mm/ksm: fix interaction with THP mm: fix races between address_space dereference and free in page_evicatable mm: thp: fix potential clearing to referenced flag in page_idle_clear_pte_refs_one() Btrfs: bail out on error during replay_dir_deletes Btrfs: fix NULL pointer dereference in log_dir_items btrfs: Fix possible softlock on single core machines IB/rxe: Fix for oops in rxe_register_device on ppc64le arch ocfs2/dlm: don't handle migrate lockres if already in shutdown powerpc/64s/idle: Fix restore of AMOR on POWER9 after deep sleep sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of this_cpu_has() in build_cr3_noflush() KVM: VMX: raise internal error for exception during invalid protected mode state lan78xx: Connect phy early fscache: Fix hanging wait on page discarded by writeback sparc64: Make atomic_xchg() an inline function rather than a macro. net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() net: bgmac: Correctly annotate register space powerpc/64s: sreset panic if there is no debugger or crash dump handlers btrfs: tests/qgroup: Fix wrong tree backref level Btrfs: fix copy_items() return value when logging an inode btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled rxrpc: Fix Tx ring annotation after initial Tx failure rxrpc: Don't treat call aborts as conn aborts xen/acpi: off by one in read_acpi_id() drivers: macintosh: rack-meter: really fix bogus memsets ACPI: acpi_pad: Fix memory leak in power saving threads powerpc/mpic: Check if cpu_possible() in mpic_physmask() ieee802154: ca8210: fix uninitialised data read ath10k: advertize beacon_int_min_gcd iommu/amd: Take into account that alloc_dev_data() may return NULL intel_th: Use correct method of finding hub m68k: set dma and coherent masks for platform FEC ethernets iwlwifi: mvm: check if mac80211_queue is valid in iwl_mvm_disable_txq parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode hwmon: (nct6775) Fix writing pwmX_mode powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer powerpc/perf: Fix kernel address leak via sampling registers rsi: fix kernel panic observed on 64bit machine tools/thermal: tmon: fix for segfault selftests: Print the test we're running to /dev/kmsg net/mlx5: Protect from command bit overflow watchdog: davinci_wdt: fix error handling in davinci_wdt_probe() ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) nvme-pci: disable APST for Samsung NVMe SSD 960 EVO + ASUS PRIME Z370-A ath9k: fix crash in spectral scan cxgb4: Setup FW queues before registering netdev ima: Fix Kconfig to select TPM 2.0 CRB interface ima: Fallback to the builtin hash algorithm watchdog: aspeed: Allow configuring for alternate boot virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS arm: dts: socfpga: fix GIC PPI warning ext4: don't complain about incorrect features when probing drm/vmwgfx: Unpin the screen object backup buffer when not used iommu/mediatek: Fix protect memory setting cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path IB/mlx5: Set the default active rate and width to QDR and 4X zorro: Set up z->dev.dma_mask for the DMA API bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set remoteproc: imx_rproc: Fix an error handling path in 'imx_rproc_probe()' dt-bindings: add device tree binding for Allwinner H6 main CCU ACPICA: Events: add a return on failure from acpi_hw_register_read ACPICA: Fix memory leak on unusual memory leak ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c cxgb4: Fix queue free path of ULD drivers i2c: mv64xxx: Apply errata delay only in standard mode KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use perf top: Fix top.call-graph config option reading perf stat: Fix core dump when flag T is used IB/core: Honor port_num while resolving GID for IB link layer drm/amdkfd: add missing include of mm.h coresight: Use %px to print pcsr instead of %p regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()' spi: bcm-qspi: fIX some error handling paths net/smc: pay attention to MAX_ORDER for CQ entries MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset PCI: Restore config space on runtime resume despite being unbound watchdog: dw: RMW the control register watchdog: aspeed: Fix translation of reset mode to ctrl register ipmi_ssif: Fix kernel panic at msg_done_handler drm/meson: Fix some error handling paths in 'meson_drv_bind_master()' drm/meson: Fix an un-handled error path in 'meson_drv_bind_master()' powerpc: Add missing prototype for arch_irq_work_raise() powerpc/powernv/npu: Fix deadlock in mmio_invalidate() cxl: Check if PSL data-cache is available before issue flush request f2fs: fix to set KEEP_SIZE bit in f2fs_zero_range f2fs: fix to clear CP_TRIMMED_FLAG f2fs: fix to check extent cache in f2fs_drop_extent_tree perf/core: Fix installing cgroup events on CPU max17042: propagate of_node to power supply device perf/core: Fix perf_output_read_group() drm/panel: simple: Fix the bus format for the Ontat panel hwmon: (pmbus/max8688) Accept negative page register values hwmon: (pmbus/adm1275) Accept negative page register values perf/x86/intel: Properly save/restore the PMU state in the NMI handler cdrom: do not call check_disk_change() inside cdrom_open() efi/arm*: Only register page tables when they exist perf/x86/intel: Fix large period handling on Broadwell CPUs perf/x86/intel: Fix event update for auto-reload arm64: dts: qcom: Fix SPI5 config on MSM8996 soc: qcom: wcnss_ctrl: Fix increment in NV upload gfs2: Fix fallocate chunk size x86/devicetree: Initialize device tree before using it x86/devicetree: Fix device IRQ settings in DT phy: rockchip-emmc: retry calpad busy trimming ALSA: vmaster: Propagate slave error phy: qcom-qmp: Fix phy pipe clock gating drm/bridge: sii902x: Retry status read after DDI I2C tools: hv: fix compiler warnings about major/target_fname block: null_blk: fix 'Invalid parameters' when loading module dmaengine: pl330: fix a race condition in case of threaded irqs dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() enic: enable rq before updating rq descriptors watchdog: asm9260_wdt: fix error handling in asm9260_wdt_probe() hwrng: stm32 - add reset during probe pinctrl: devicetree: Fix dt_to_map_one_config handling of hogs pinctrl: artpec6: dt: add missing pin group uart5nocts vfio-ccw: fence off transport mode dmaengine: qcom: bam_dma: get num-channels and num-ees from dt drm: omapdrm: dss: Move initialization code from component bind to probe ARM: dts: dra71-evm: Correct evm_sd regulator max voltage drm/amdgpu: disable GFX ring and disable PQ wptr in hw_fini drm/amdgpu: adjust timeout for ib_ring_tests(v2) net: stmmac: ensure that the device has released ownership before reading data net: stmmac: ensure that the MSS desc is the last desc to set the own bit cpufreq: Reorder cpufreq_online() error code path dpaa_eth: fix SG mapping PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 udf: Provide saner default for invalid uid / gid ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode sh_eth: fix TSU init on SH7734/R8A7740 power: supply: ltc2941-battery-gauge: Fix temperature units ARM: dts: bcm283x: Fix probing of bcm2835-i2s ARM: dts: bcm283x: Fix pin function of JTAG pins PCMCIA / PM: Avoid noirq suspend aborts during suspend-to-idle audit: return on memory error to avoid null pointer dereference net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() rcu: Call touch_nmi_watchdog() while printing stall warnings pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group dpaa_eth: fix pause capability advertisement logic MIPS: Octeon: Fix logging messages with spurious periods after newlines drm/rockchip: Respect page offset for PRIME mmap calls x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified perf test: Fix test case inet_pton to accept inlines. perf report: Fix wrong jump arrow perf tests: Use arch__compare_symbol_names to compare symbols perf report: Fix memory corruption in --branch-history mode --branch-history perf tests: Fix dwarf unwind for stripped binaries selftests/net: fixes psock_fanout eBPF test case netlabel: If PF_INET6, check sk_buff ip header version drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen3 drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen2 ARM: dts: at91: tse850: use the correct compatible for the eeprom regmap: Correct comparison in regmap_cached i40e: Add delay after EMP reset for firmware to recover ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet ARM: dts: porter: Fix HDMI output routing regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' pinctrl: msm: Use dynamic GPIO numbering pinctrl: mcp23s08: spi: Fix regmap debugfs entries kdb: make "mdr" command repeat drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is successful Linux 4.14.45 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Davidlohr Bueso
|
afdc490b36 |
ipc/shm: fix shmat() nil address after round-down when remapping
commit 8f89c007b6dec16a1793cb88de88fcc02117bbbc upstream. shmat()'s SHM_REMAP option forbids passing a nil address for; this is in fact the very first thing we check for. Andrea reported that for SHM_RND|SHM_REMAP cases we can end up bypassing the initial addr check, but we need to check again if the address was rounded down to nil. As of this patch, such cases will return -EINVAL. Link: http://lkml.kernel.org/r/20180503204934.kk63josdu6u53fbd@linux-n805 Signed-off-by: Davidlohr Bueso <dbueso@suse.de> Reported-by: Andrea Arcangeli <aarcange@redhat.com> Cc: Joe Lawrence <joe.lawrence@redhat.com> Cc: Manfred Spraul <manfred@colorfullife.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Davidlohr Bueso
|
67dd0bad81 |
Revert "ipc/shm: Fix shmat mmap nil-page protection"
commit a73ab244f0dad8fffb3291b905f73e2d3eaa7c00 upstream.
Patch series "ipc/shm: shmat() fixes around nil-page".
These patches fix two issues reported[1] a while back by Joe and Andrea
around how shmat(2) behaves with nil-page.
The first reverts a commit that it was incorrectly thought that mapping
nil-page (address=0) was a no no with MAP_FIXED. This is not the case,
with the exception of SHM_REMAP; which is address in the second patch.
I chose two patches because it is easier to backport and it explicitly
reverts bogus behaviour. Both patches ought to be in -stable and ltp
testcases need updated (the added testcase around the cve can be
modified to just test for SHM_RND|SHM_REMAP).
[1] lkml.kernel.org/r/20180430172152.nfa564pvgpk3ut7p@linux-n805
This patch (of 2):
Commit 95e91b831f87 ("ipc/shm: Fix shmat mmap nil-page protection")
worked on the idea that we should not be mapping as root addr=0 and
MAP_FIXED. However, it was reported that this scenario is in fact
valid, thus making the patch both bogus and breaks userspace as well.
For example X11's libint10.so relies on shmat(1, SHM_RND) for lowmem
initialization[1].
[1] https://cgit.freedesktop.org/xorg/xserver/tree/hw/xfree86/os-support/linux/int10/linux.c#n347
Link: http://lkml.kernel.org/r/20180503203243.15045-2-dave@stgolabs.net
Fixes: 95e91b831f87 ("ipc/shm: Fix shmat mmap nil-page protection")
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Reported-by: Joe Lawrence <joe.lawrence@redhat.com>
Reported-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
e9a2c5dd1a |
This is the 4.14.36 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlre3ogACgkQONu9yGCS aT4a8Q//aR1U1nYUiiMwMTgxvWXR5Hic3jtnAxdOkpr6UNa5dDa1tijI5U9poKJW 65EPPQNW29PxIv0UGhLRzdjpL/ac2QhMyW8gmS8ikXMbFPF2JrgvOLSZpWF70cE1 hyFkzbnvavJe0QfWsii7Z+RdrSZMgfZheZMmLh1exv1tEmuYcfAiletdC8f5kTPU /aS5X9rmJM/Fyw4iQF7NEpYPY4vESsgMd7ZfHifcV07ze6f+lkW+gcKZuVi//eJ1 NJEvSBjSvqbQoHugHvHbV/UM2RwzFFfihm6y94WOurSbToksJ141P/MEBxc9vDae rCA8Qwq3YZ8vPu5rb8L1UHlpR+CIuanSJnijBhC2Lh6W4CmVA70+lvveqMbZGi/X Tm9+QlV4F32ogOy+rNvFARoNx7KkWvjZ8kF2a/qgbkqQgPCwSku4anW3abXLQad+ 4hYbqAwunq0V1Zi4XoIAjcQWlAokau4jDxfKbpoO7CBUYoia+1vDoK4U1FHsFy77 E4w7LktCecfoqieoBzsD5mZfTG5qrzwNhoxnnZmRGZY81TW9swVZYPkfqamG/Cbk 7HkgOLvtQiwtY5dxsLHvMwbtXzQqxO10KuLBAao6OY9xLEAqamV1v9gGO1WyOzRd avVUShDL6FQHTRalzcm8K9OLUhOZWDcZLR9XgNwfgxZYjAlfqCA= =Gbe3 -----END PGP SIGNATURE----- Merge 4.14.36 into android-4.14 Changes in 4.14.36 tty: make n_tty_read() always abort if hangup is in progress cpufreq: CPPC: Use transition_delay_us depending transition_latency ubifs: Check ubifs_wbuf_sync() return code ubi: fastmap: Don't flush fastmap work on detach ubi: Fix error for write access ubi: Reject MLC NAND mm/ksm.c: fix inconsistent accounting of zero pages mm/hmm: fix header file if/else/endif maze mm/hmm: hmm_pfns_bad() was accessing wrong struct task_struct: only use anon struct under randstruct plugin fs/reiserfs/journal.c: add missing resierfs_warning() arg resource: fix integer overflow at reallocation ipc/shm: fix use-after-free of shm file via remap_file_pages() mm, slab: reschedule cache_reap() on the same CPU usb: musb: gadget: misplaced out of bounds check phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS usb: gadget: udc: core: update usb_ep_queue() documentation ARM64: dts: meson: reduce odroid-c2 eMMC maximum rate KVM: arm/arm64: vgic-its: Fix potential overrun in vgic_copy_lpi_list ARM: dts: da850-lego-ev3: Fix battery voltage gpio ARM: EXYNOS: Fix coupled CPU idle freeze on Exynos4210 arm: dts: mt7623: fix USB initialization fails on bananapi-r2 ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property ARM: dts: exynos: Fix IOMMU support for GScaler devices on Exynos5250 ARM: dts: at91: sama5d4: fix pinctrl compatible string spi: atmel: init FIFOs before spi enable spi: Fix scatterlist elements size in spi_map_buf spi: Fix unregistration of controller with fixed SPI bus number media: atomisp_fops.c: disable atomisp_compat_ioctl32 media: vivid: check if the cec_adapter is valid media: vsp1: Fix BRx conditional path in WPF x86/xen: Delay get_cpu_cap until stack canary is established xen-netfront: Fix hang on device removal regmap: Fix reversed bounds check in regmap_raw_write() ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() USB: gadget: f_midi: fixing a possible double-free in f_midi USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw usb: dwc3: prevent setting PRTCAP to OTG from debugfs usb: dwc3: pci: Properly cleanup resource usb: dwc3: gadget: never call ->complete() from ->ep_queue() cifs: fix memory leak in SMB2_open() fix smb3-encryption breakage when CONFIG_DEBUG_SG=y smb3: Fix root directory when server returns inode number of zero HID: i2c-hid: fix size check and type usage i2c: i801: Save register SMBSLVCMD value only once i2c: i801: Restore configuration at shutdown CIFS: refactor crypto shash/sdesc allocation&free CIFS: add sha512 secmech CIFS: fix sha512 check in cifs_crypto_secmech_release powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() powerpc/64s: Fix dt_cpu_ftrs to have restore_cpu clear unwanted LPCR bits powerpc/64: Call H_REGISTER_PROC_TBL when running as a HPT guest on POWER9 powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently powerpc/kprobes: Fix call trace due to incorrect preempt count powerpc/kexec_file: Fix error code when trying to load kdump kernel powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops HID: Fix hid_report_len usage HID: core: Fix size as type u32 soc: mediatek: fix the mistaken pointer accessed when subdomains are added ASoC: ssm2602: Replace reg_default_raw with reg_default ASoC: topology: Fix kcontrol name string handling thunderbolt: Wait a bit longer for ICM to authenticate the active NVM thunderbolt: Serialize PCIe tunnel creation with PCI rescan thunderbolt: Resume control channel after hibernation image is created thunderbolt: Prevent crash when ICM firmware is not running irqchip/gic: Take lock when updating irq type random: use a tighter cap in credit_entropy_bits_safe() extcon: intel-cht-wc: Set direction and drv flags for V5 boost GPIO block: use 32-bit blk_status_t on Alpha jbd2: if the journal is aborted then don't allow update of the log tail ext4: shutdown should not prevent get_write_access ext4: eliminate sleep from shutdown ioctl ext4: pass -ESHUTDOWN code to jbd2 layer ext4: don't update checksum of new initialized bitmaps ext4: protect i_disksize update by i_data_sem in direct write path ext4: limit xattr size to INT_MAX ext4: fail ext4_iget for root directory if unallocated ext4: always initialize the crc32c checksum driver ext4: don't allow r/w mounts if metadata blocks overlap the superblock ext4: move call to ext4_error() into ext4_xattr_check_block() ext4: add bounds checking to ext4_xattr_find_entry() ext4: add extra checks to ext4_xattr_block_get() dm crypt: limit the number of allocated pages RDMA/ucma: Don't allow setting RDMA_OPTION_IB_PATH without an RDMA device RDMA/mlx5: Protect from NULL pointer derefence RDMA/rxe: Fix an out-of-bounds read ALSA: pcm: Fix UAF at PCM release via PCM timer access IB/srp: Fix srp_abort() IB/srp: Fix completion vector assignment algorithm dmaengine: at_xdmac: fix rare residue corruption cxl: Fix possible deadlock when processing page faults from cxllib tpm: self test failure should not cause suspend to fail libnvdimm, dimm: fix dpa reservation vs uninitialized label area libnvdimm, namespace: use a safe lookup for dimm device name nfit, address-range-scrub: fix scrub in-progress reporting nfit: skip region registration for incomplete control regions ring-buffer: Check if memory is available before allocation um: Compile with modern headers um: Use POSIX ucontext_t instead of struct ucontext iommu/vt-d: Fix a potential memory leak mmc: jz4740: Fix race condition in IRQ mask update mmc: tmio: Fix error handling when issuing CMD23 PCI: Mark Broadcom HT1100 and HT2000 Root Port Extended Tags as broken clk: mvebu: armada-38x: add support for missing clocks clk: fix false-positive Wmaybe-uninitialized warning clk: mediatek: fix PWM clock source by adding a fixed-factor clock clk: bcm2835: De-assert/assert PLL reset signal when appropriate pwm: rcar: Fix a condition to prevent mismatch value setting to duty thermal: imx: Fix race condition in imx_thermal_probe() dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 watchdog: f71808e_wdt: Fix WD_EN register read vfio/pci: Virtualize Maximum Read Request Size ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation ALSA: pcm: Avoid potential races between OSS ioctls and read/write ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation drm/amdgpu: Add an ATPX quirk for hybrid laptop drm/amdgpu: Fix always_valid bos multiple LRU insertions. drm/amdgpu/sdma: fix mask in emit_pipeline_sync drm/amdgpu: Fix PCIe lane width calculation drm/amdgpu/si: implement get/set pcie_lanes asic callback drm/rockchip: Clear all interrupts before requesting the IRQ drm/radeon: add PX quirk for Asus K73TK drm/radeon: Fix PCIe lane width calculation ALSA: line6: Use correct endpoint type for midi output ALSA: rawmidi: Fix missing input substream checks in compat ioctls ALSA: hda - New VIA controller suppor no-snoop path ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags ALSA: hda/realtek - adjust the location of one mic random: fix crng_ready() test random: use a different mixing algorithm for add_device_randomness() random: crng_reseed() should lock the crng instance that it is modifying random: add new ioctl RNDRESEEDCRNG HID: input: fix battery level reporting on BT mice HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device HID: wacom: bluetooth: send exit report for recent Bluetooth devices MIPS: uaccess: Add micromips clobbers to bzero invocation MIPS: memset.S: EVA & fault support for small_memset MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup MIPS: memset.S: Fix clobber of v1 in last_fixup powerpc/eeh: Fix enabling bridge MMIO windows powerpc/xive: Fix trying to "push" an already active pool VP powerpc/lib: Fix off-by-one in alternate feature patching udf: Fix leak of UTF-16 surrogates into encoded strings fanotify: fix logic of events on child mmc: sdhci-pci: Only do AMD tuning for HS200 drm/i915: Correctly handle limited range YCbCr data on VLV/CHV jffs2_kill_sb(): deal with failed allocations hypfs_kill_super(): deal with failed allocations orangefs_kill_sb(): deal with allocation failures rpc_pipefs: fix double-dput() Don't leak MNT_INTERNAL away from internal mounts autofs: mount point create should honour passed in mode mm/filemap.c: fix NULL pointer in page_cache_tree_insert() net: dsa: Discard frames from unused ports iwlwifi: add shared clock PHY config flag for some devices iwlwifi: add a bunch of new 9000 PCI IDs Revert "media: lirc_zilog: driver only sends LIRCCODE" media: staging: lirc_zilog: incorrect reference counting writeback: safer lock nesting Linux 4.14.36 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Eric Biggers
|
703eee6543 |
ipc/shm: fix use-after-free of shm file via remap_file_pages()
commit 3f05317d9889ab75c7190dcd39491d2a97921984 upstream.
syzbot reported a use-after-free of shm_file_data(file)->file->f_op in
shm_get_unmapped_area(), called via sys_remap_file_pages().
Unfortunately it couldn't generate a reproducer, but I found a bug which
I think caused it. When remap_file_pages() is passed a full System V
shared memory segment, the memory is first unmapped, then a new map is
created using the ->vm_file. Between these steps, the shm ID can be
removed and reused for a new shm segment. But, shm_mmap() only checks
whether the ID is currently valid before calling the underlying file's
->mmap(); it doesn't check whether it was reused. Thus it can use the
wrong underlying file, one that was already freed.
Fix this by making the "outer" shm file (the one that gets put in
->vm_file) hold a reference to the real shm file, and by making
__shm_open() require that the file associated with the shm ID matches
the one associated with the "outer" file.
Taking the reference to the real shm file is needed to fully solve the
problem, since otherwise sfd->file could point to a freed file, which
then could be reallocated for the reused shm ID, causing the wrong shm
segment to be mapped (and without the required permission checks).
Commit 1ac0b6dec656 ("ipc/shm: handle removed segments gracefully in
shm_mmap()") almost fixed this bug, but it didn't go far enough because
it didn't consider the case where the shm ID is reused.
The following program usually reproduces this bug:
#include <stdlib.h>
#include <sys/shm.h>
#include <sys/syscall.h>
#include <unistd.h>
int main()
{
int is_parent = (fork() != 0);
srand(getpid());
for (;;) {
int id = shmget(0xF00F, 4096, IPC_CREAT|0700);
if (is_parent) {
void *addr = shmat(id, NULL, 0);
usleep(rand() % 50);
while (!syscall(__NR_remap_file_pages, addr, 4096, 0, 0, 0));
} else {
usleep(rand() % 50);
shmctl(id, IPC_RMID, NULL);
}
}
}
It causes the following NULL pointer dereference due to a 'struct file'
being used while it's being freed. (I couldn't actually get a KASAN
use-after-free splat like in the syzbot report. But I think it's
possible with this bug; it would just take a more extraordinary race...)
BUG: unable to handle kernel NULL pointer dereference at 0000000000000058
PGD 0 P4D 0
Oops: 0000 [#1] SMP NOPTI
CPU: 9 PID: 258 Comm: syz_ipc Not tainted 4.16.0-05140-gf8cf2f16a7c95 #189
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014
RIP: 0010:d_inode include/linux/dcache.h:519 [inline]
RIP: 0010:touch_atime+0x25/0xd0 fs/inode.c:1724
[...]
Call Trace:
file_accessed include/linux/fs.h:2063 [inline]
shmem_mmap+0x25/0x40 mm/shmem.c:2149
call_mmap include/linux/fs.h:1789 [inline]
shm_mmap+0x34/0x80 ipc/shm.c:465
call_mmap include/linux/fs.h:1789 [inline]
mmap_region+0x309/0x5b0 mm/mmap.c:1712
do_mmap+0x294/0x4a0 mm/mmap.c:1483
do_mmap_pgoff include/linux/mm.h:2235 [inline]
SYSC_remap_file_pages mm/mmap.c:2853 [inline]
SyS_remap_file_pages+0x232/0x310 mm/mmap.c:2769
do_syscall_64+0x64/0x1a0 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ebiggers@google.com: add comment]
Link: http://lkml.kernel.org/r/20180410192850.235835-1-ebiggers3@gmail.com
Link: http://lkml.kernel.org/r/20180409043039.28915-1-ebiggers3@gmail.com
Reported-by: syzbot+d11f321e7f1923157eac80aa990b446596f46439@syzkaller.appspotmail.com
Fixes: c8d78c1823f4 ("mm: replace remap_file_pages() syscall with emulation")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Davidlohr Bueso <dbueso@suse.de>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: "Eric W . Biederman" <ebiederm@xmission.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
27e69ad2ae |
This is the 4.14.33 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlrKCn4ACgkQONu9yGCS aT5N9Q//fD3Bsaf4GuQxBLR0Jd6tNpunTMyc98TxQ1SUqN72YHiVhhZ88F5syRXd OsdOUIbmlnGPGfiV4sFf9HPmji4OCmTwBdWOjeja75TjApJ98H1gMUlULbiFYgdc TMitrwfNmxjUsdbCUGO2E3+9xKXjWcqmDfqeE4zano9iejPLiDwulIiG52QTVIlY FGm0nxYPq2A4AlF4u2B7sHaf1PEeopcmx/wNaAAZQf3pzXo8SukThQaeQihYMUv2 4iU6EDmorTFy2V+r6N58AU4BEVj1fsiWLVObNRjfRkQ6NiljhzHgoSxrqXF+lOFu ZGOOLJ7oiVJMXBBFKkDCA9qKvLcVRmwEz8gwdvylhWuOoUIvRxfPBdbPenz7YXYS 0ySXA0zU6KT31O+70ryE2UQonQ27fF71hohBRm1a5Z88uy24eCbFR1b5+8ldVKeF 2SFruhtoaI9iG6aaIFW8bNLVU3d5wyhp+NrL57y4STeR/fDC5ed3jnaOaXKpM4Dl DnteX/UtTvlVTwhBNgSEaCxB53gHWM9/ueEJaijfSiQVaIyrXL0atz8ZhZPlXwVG n13Dl4nWbXO6/TckK+VqhCTJ/54vEZzKfvR6u9+QiusA5AcS5rFz/4nQx6fVpt1z XgmUPtaC63TPc7E3iY/SvX2FtOWpdjqR/Tv32xbIjwSfDdnOl2M= =kd9N -----END PGP SIGNATURE----- Merge 4.14.33 into android-4.14 Changes in 4.14.33 ARM: OMAP: Fix SRAM W+X mapping ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] ARM: dts: sun6i: a31s: bpi-m2: improve pmic properties ARM: dts: sun6i: a31s: bpi-m2: add missing regulators mtd: jedec_probe: Fix crash in jedec_read_mfr() mtd: nand: atmel: Fix get_sectorsize() function ALSA: usb-audio: Add native DSD support for TEAC UD-301 ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() ALSA: pcm: potential uninitialized return values x86/platform/uv/BAU: Add APIC idt entry perf/hwbp: Simplify the perf-hwbp code, fix documentation ceph: only dirty ITER_IOVEC pages for direct read ipc/shm.c: add split function to shm_vm_ops i2c: i2c-stm32f7: fix no check on returned setup powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs partitions/msdos: Unable to mount UFS 44bsd partitions xfrm_user: uncoditionally validate esn replay attribute struct RDMA/ucma: Check AF family prior resolving address RDMA/ucma: Fix use-after-free access in ucma_close RDMA/ucma: Ensure that CM_ID exists prior to access it RDMA/rdma_cm: Fix use after free race with process_one_req RDMA/ucma: Check that device is connected prior to access it RDMA/ucma: Check that device exists prior to accessing it RDMA/ucma: Introduce safer rdma_addr_size() variants net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems percpu: add __GFP_NORETRY semantics to the percpu balancing path netfilter: x_tables: make allocation less aggressive netfilter: bridge: ebt_among: add more missing match size checks l2tp: fix races with ipv4-mapped ipv6 addresses netfilter: drop template ct when conntrack is skipped. netfilter: x_tables: add and use xt_check_proc_name phy: qcom-ufs: add MODULE_LICENSE tag Bluetooth: Fix missing encryption refresh on Security Request usb: dwc2: Improve gadget state disconnection handling bitmap: fix memset optimization on big-endian systems USB: serial: ftdi_sio: add RT Systems VX-8 cable USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator USB: serial: cp210x: add ELDAT Easywave RX09 id serial: 8250: Add Nuvoton NPCM UART mei: remove dev_err message on an unsupported ioctl /dev/mem: Avoid overwriting "err" in read_mem() media: usbtv: prevent double free in error case parport_pc: Add support for WCH CH382L PCI-E single parallel port card. crypto: lrw - Free rctx->ext with kzfree crypto: inside-secure - fix clock management crypto: testmgr - Fix incorrect values in PKCS#1 test vector crypto: ahash - Fix early termination in hash walk crypto: caam - Fix null dereference at error path crypto: ccp - return an actual key size from RSA max_size callback crypto: arm,arm64 - Fix random regeneration of S_shipped crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one Btrfs: fix unexpected cow in run_delalloc_nocow staging: comedi: ni_mio_common: ack ai fifo error interrupts. Revert "base: arch_topology: fix section mismatch build warnings" Input: ALPS - fix TrackStick detection on Thinkpad L570 and Latitude 7370 Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad vt: change SGR 21 to follow the standards ARM: dts: DRA76-EVM: Set powerhold property for tps65917 net: hns: Fix ethtool private flags Fix slab name "biovec-(1<<(21-12))" Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin" Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin" Revert "cpufreq: Fix governor module removal race" Revert "ip6_vti: adjust vti mtu according to mtu of lower device" Linux 4.14.33 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Mike Kravetz
|
f025072cbf |
ipc/shm.c: add split function to shm_vm_ops
commit 3d942ee079b917b24e2a0c5f18d35ac8ec9fee48 upstream. If System V shmget/shmat operations are used to create a hugetlbfs backed mapping, it is possible to munmap part of the mapping and split the underlying vma such that it is not huge page aligned. This will untimately result in the following BUG: kernel BUG at /build/linux-jWa1Fv/linux-4.15.0/mm/hugetlb.c:3310! Oops: Exception in kernel mode, sig: 5 [#1] LE SMP NR_CPUS=2048 NUMA PowerNV Modules linked in: kcm nfc af_alg caif_socket caif phonet fcrypt CPU: 18 PID: 43243 Comm: trinity-subchil Tainted: G C E 4.15.0-10-generic #11-Ubuntu NIP: c00000000036e764 LR: c00000000036ee48 CTR: 0000000000000009 REGS: c000003fbcdcf810 TRAP: 0700 Tainted: G C E (4.15.0-10-generic) MSR: 9000000000029033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 24002222 XER: 20040000 CFAR: c00000000036ee44 SOFTE: 1 NIP __unmap_hugepage_range+0xa4/0x760 LR __unmap_hugepage_range_final+0x28/0x50 Call Trace: 0x7115e4e00000 (unreliable) __unmap_hugepage_range_final+0x28/0x50 unmap_single_vma+0x11c/0x190 unmap_vmas+0x94/0x140 exit_mmap+0x9c/0x1d0 mmput+0xa8/0x1d0 do_exit+0x360/0xc80 do_group_exit+0x60/0x100 SyS_exit_group+0x24/0x30 system_call+0x58/0x6c ---[ end trace ee88f958a1c62605 ]--- This bug was introduced by commit 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct"). A split function was added to vm_operations_struct to determine if a mapping can be split. This was mostly for device-dax and hugetlbfs mappings which have specific alignment constraints. Mappings initiated via shmget/shmat have their original vm_ops overwritten with shm_vm_ops. shm_vm_ops functions will call back to the original vm_ops if needed. Add such a split function to shm_vm_ops. Link: http://lkml.kernel.org/r/20180321161314.7711-1-mike.kravetz@oracle.com Fixes: 31383c6865a5 ("mm, hugetlbfs: introduce ->split() to vm_operations_struct") Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com> Reported-by: Laurent Dufour <ldufour@linux.vnet.ibm.com> Reviewed-by: Laurent Dufour <ldufour@linux.vnet.ibm.com> Tested-by: Laurent Dufour <ldufour@linux.vnet.ibm.com> Reviewed-by: Dan Williams <dan.j.williams@intel.com> Acked-by: Michal Hocko <mhocko@suse.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Manfred Spraul <manfred@colorfullife.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Daniel Rosenberg
|
571be17396 |
ANDROID: vfs: Add permission2 for filesystems with per mount permissions
This allows filesystems to use their mount private data to influence the permssions they return in permission2. It has been separated into a new call to avoid disrupting current permission users. Change-Id: I9d416e3b8b6eca84ef3e336bd2af89ddd51df6ca Signed-off-by: Daniel Rosenberg <drosen@google.com> |
||
Greg Kroah-Hartman
|
b24413180f |
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Many source files in the tree are missing licensing information, which makes it harder for compliance tools to determine the correct license. By default all files without license information are under the default license of the kernel, which is GPL version 2. Update the files which contain no license information with the 'GPL-2.0' SPDX license identifier. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. This patch is based on work done by Thomas Gleixner and Kate Stewart and Philippe Ombredanne. How this work was done: Patches were generated and checked against linux-4.14-rc6 for a subset of the use cases: - file had no licensing information it it. - file was a */uapi/* one with no licensing information in it, - file was a */uapi/* one with existing licensing information, Further patches will be generated in subsequent months to fix up cases where non-standard license headers were used, and references to license had to be inferred by heuristics based on keywords. The analysis to determine which SPDX License Identifier to be applied to a file was done in a spreadsheet of side by side results from of the output of two independent scanners (ScanCode & Windriver) producing SPDX tag:value files created by Philippe Ombredanne. Philippe prepared the base worksheet, and did an initial spot review of a few 1000 files. The 4.13 kernel was the starting point of the analysis with 60,537 files assessed. Kate Stewart did a file by file comparison of the scanner results in the spreadsheet to determine which SPDX license identifier(s) to be applied to the file. She confirmed any determination that was not immediately clear with lawyers working with the Linux Foundation. Criteria used to select files for SPDX license identifier tagging was: - Files considered eligible had to be source code files. - Make and config files were included as candidates if they contained >5 lines of source - File already had some variant of a license header in it (even if <5 lines). All documentation files were explicitly excluded. The following heuristics were used to determine which SPDX license identifiers to apply. - when both scanners couldn't find any license traces, file was considered to have no license information in it, and the top level COPYING file license applied. For non */uapi/* files that summary was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 11139 and resulted in the first patch in this series. If that file was a */uapi/* path one, it was "GPL-2.0 WITH Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 WITH Linux-syscall-note 930 and resulted in the second patch in this series. - if a file had some form of licensing information in it, and was one of the */uapi/* ones, it was denoted with the Linux-syscall-note if any GPL family license was found in the file or had no licensing in it (per prior point). Results summary: SPDX license identifier # files ---------------------------------------------------|------ GPL-2.0 WITH Linux-syscall-note 270 GPL-2.0+ WITH Linux-syscall-note 169 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17 LGPL-2.1+ WITH Linux-syscall-note 15 GPL-1.0+ WITH Linux-syscall-note 14 ((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5 LGPL-2.0+ WITH Linux-syscall-note 4 LGPL-2.1 WITH Linux-syscall-note 3 ((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3 ((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1 and that resulted in the third patch in this series. - when the two scanners agreed on the detected license(s), that became the concluded license(s). - when there was disagreement between the two scanners (one detected a license but the other didn't, or they both detected different licenses) a manual inspection of the file occurred. - In most cases a manual inspection of the information in the file resulted in a clear resolution of the license that should apply (and which scanner probably needed to revisit its heuristics). - When it was not immediately clear, the license identifier was confirmed with lawyers working with the Linux Foundation. - If there was any question as to the appropriate license identifier, the file was flagged for further research and to be revisited later in time. In total, over 70 hours of logged manual review was done on the spreadsheet to determine the SPDX license identifiers to apply to the source files by Kate, Philippe, Thomas and, in some cases, confirmation by lawyers working with the Linux Foundation. Kate also obtained a third independent scan of the 4.13 code base from FOSSology, and compared selected files where the other two scanners disagreed against that SPDX file, to see if there was new insights. The Windriver scanner is based on an older version of FOSSology in part, so they are related. Thomas did random spot checks in about 500 files from the spreadsheets for the uapi headers and agreed with SPDX license identifier in the files he inspected. For the non-uapi files Thomas did random spot checks in about 15000 files. In initial set of patches against 4.14-rc6, 3 files were found to have copy/paste license identifier errors, and have been fixed to reflect the correct identifier. Additionally Philippe spent 10 hours this week doing a detailed manual inspection and review of the 12,461 patched files from the initial patch version early this week with: - a full scancode scan run, collecting the matched texts, detected license ids and scores - reviewing anything where there was a license detected (about 500+ files) to ensure that the applied SPDX license was correct - reviewing anything where there was no detection but the patch license was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied SPDX license was correct This produced a worksheet with 20 files needing minor correction. This worksheet was then exported into 3 different .csv files for the different types of files to be modified. These .csv files were then reviewed by Greg. Thomas wrote a script to parse the csv files and add the proper SPDX tag to the file, in the format that the file expected. This script was further refined by Greg based on the output to detect more types of files automatically and to distinguish between header and source .c files (which need different comment types.) Finally Greg ran the script using the .csv files to generate the patches. Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Al Viro
|
b776e4b1a9 |
fix a typo in put_compat_shm_info()
"uip" misspelled as "up"; unfortunately, the latter happens to be a function and gcc is happy to convert it to void *... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
Will Deacon
|
58aff0af75 |
ipc/shm: Fix order of parameters when calling copy_compat_shmid_to_user
Commit 553f770ef71b ("ipc: move compat shmctl to native") moved the
compat IPC syscall handling into ipc/shm.c and refactored the struct
accessors in the process. Unfortunately, the call to
copy_compat_shmid_to_user when handling a compat {IPC,SHM}_STAT command
gets the arguments the wrong way round, passing a kernel stack address
as the user buffer (destination) and the user buffer as the kernel stack
address (source).
This patch fixes the parameter ordering so the buffers are accessed
correctly.
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
||
Linus Torvalds
|
cc73fee0ba |
Merge branch 'work.ipc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull ipc compat cleanup and 64-bit time_t from Al Viro: "IPC copyin/copyout sanitizing, including 64bit time_t work from Deepa Dinamani" * 'work.ipc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: utimes: Make utimes y2038 safe ipc: shm: Make shmid_kernel timestamps y2038 safe ipc: sem: Make sem_array timestamps y2038 safe ipc: msg: Make msg_queue timestamps y2038 safe ipc: mqueue: Replace timespec with timespec64 ipc: Make sys_semtimedop() y2038 safe get rid of SYSVIPC_COMPAT on ia64 semtimedop(): move compat to native shmat(2): move compat to native msgrcv(2), msgsnd(2): move compat to native ipc(2): move compat to native ipc: make use of compat ipc_perm helpers semctl(): move compat to native semctl(): separate all layout-dependent copyin/copyout msgctl(): move compat to native msgctl(): split the actual work from copyin/copyout ipc: move compat shmctl to native shmctl: split the work from copyin/copyout |
||
Guillaume Knispel
|
0cfb6aee70 |
ipc: optimize semget/shmget/msgget for lots of keys
ipc_findkey() used to scan all objects to look for the wanted key. This
is slow when using a high number of keys. This change adds an rhashtable
of kern_ipc_perm objects in ipc_ids, so that one lookup cease to be O(n).
This change gives a 865% improvement of benchmark reaim.jobs_per_min on a
56 threads Intel(R) Xeon(R) CPU E5-2695 v3 @ 2.30GHz with 256G memory [1]
Other (more micro) benchmark results, by the author: On an i5 laptop, the
following loop executed right after a reboot took, without and with this
change:
for (int i = 0, k=0x424242; i < KEYS; ++i)
semget(k++, 1, IPC_CREAT | 0600);
total total max single max single
KEYS without with call without call with
1 3.5 4.9 µs 3.5 4.9
10 7.6 8.6 µs 3.7 4.7
32 16.2 15.9 µs 4.3 5.3
100 72.9 41.8 µs 3.7 4.7
1000 5,630.0 502.0 µs * *
10000 1,340,000.0 7,240.0 µs * *
31900 17,600,000.0 22,200.0 µs * *
*: unreliable measure: high variance
The duration for a lookup-only usage was obtained by the same loop once
the keys are present:
total total max single max single
KEYS without with call without call with
1 2.1 2.5 µs 2.1 2.5
10 4.5 4.8 µs 2.2 2.3
32 13.0 10.8 µs 2.3 2.8
100 82.9 25.1 µs * 2.3
1000 5,780.0 217.0 µs * *
10000 1,470,000.0 2,520.0 µs * *
31900 17,400,000.0 7,810.0 µs * *
Finally, executing each semget() in a new process gave, when still
summing only the durations of these syscalls:
creation:
total total
KEYS without with
1 3.7 5.0 µs
10 32.9 36.7 µs
32 125.0 109.0 µs
100 523.0 353.0 µs
1000 20,300.0 3,280.0 µs
10000 2,470,000.0 46,700.0 µs
31900 27,800,000.0 219,000.0 µs
lookup-only:
total total
KEYS without with
1 2.5 2.7 µs
10 25.4 24.4 µs
32 106.0 72.6 µs
100 591.0 352.0 µs
1000 22,400.0 2,250.0 µs
10000 2,510,000.0 25,700.0 µs
31900 28,200,000.0 115,000.0 µs
[1] http://lkml.kernel.org/r/20170814060507.GE23258@yexl-desktop
Link: http://lkml.kernel.org/r/20170815194954.ck32ta2z35yuzpwp@debix
Signed-off-by: Guillaume Knispel <guillaume.knispel@supersonicimagine.com>
Reviewed-by: Marc Pardo <marc.pardo@supersonicimagine.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Kees Cook <keescook@chromium.org>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: "Peter Zijlstra (Intel)" <peterz@infradead.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Andrey Vagin <avagin@openvz.org>
Cc: Guillaume Knispel <guillaume.knispel@supersonicimagine.com>
Cc: Marc Pardo <marc.pardo@supersonicimagine.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Davidlohr Bueso
|
e4243b8062 |
ipc/sem: play nicer with large nsops allocations
Replacing semop()'s kmalloc for kvmalloc was originally proposed by Manfred on the premise that it can be called for large (than order-1) sizes. For example, while Oracle recommends setting SEMOPM to a _minimum_ of 100, some distros[1] encourage the setting to be a factor of the amount of db tasks (PROCESSES), which can get fishy for large systems (easily going beyond 1000). [1] An Example of Semaphore Settings https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Tuning_and_Optimizing_Red_Hat_Enterprise_Linux_for_Oracle_9i_and_10g_Databases/sect-Oracle_9i_and_10g_Tuning_Guide-Setting_Semaphores-An_Example_of_Semaphore_Settings.html So let's just convert this to kvmalloc, just like the rest of the allocations we do in ipc. While the fallback vmalloc obviously involves more overhead, this by far the uncommon path, and it's better for the user than just erroring out with kmalloc. Link: http://lkml.kernel.org/r/20170803184136.13855-2-dave@stgolabs.net Signed-off-by: Davidlohr Bueso <dbueso@suse.de> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Davidlohr Bueso
|
8419e64a0b |
ipc/sem: drop sem_checkid helper
... 'tis not used. Link: http://lkml.kernel.org/r/20170803184136.13855-1-dave@stgolabs.net Signed-off-by: Davidlohr Bueso <dbueso@suse.de> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Elena Reshetova
|
9405c03ee7 |
ipc: convert kern_ipc_perm.refcount from atomic_t to refcount_t
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Link: http://lkml.kernel.org/r/1499417992-3238-4-git-send-email-elena.reshetova@intel.com Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Windsor <dwindsor@gmail.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Serge Hallyn <serge@hallyn.com> Cc: <arozansk@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Elena Reshetova
|
f74370b86e |
ipc: convert sem_undo_list.refcnt from atomic_t to refcount_t
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Link: http://lkml.kernel.org/r/1499417992-3238-3-git-send-email-elena.reshetova@intel.com Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Windsor <dwindsor@gmail.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Serge Hallyn <serge@hallyn.com> Cc: <arozansk@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Elena Reshetova
|
a2e0602c36 |
ipc: convert ipc_namespace.count from atomic_t to refcount_t
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Link: http://lkml.kernel.org/r/1499417992-3238-2-git-send-email-elena.reshetova@intel.com Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Windsor <dwindsor@gmail.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Serge Hallyn <serge@hallyn.com> Cc: <arozansk@redhat.com> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Deepa Dinamani
|
7ff2819e8d |
ipc: shm: Make shmid_kernel timestamps y2038 safe
time_t is not y2038 safe. Replace all uses of time_t by y2038 safe time64_t. Similarly, replace the calls to get_seconds() with y2038 safe ktime_get_real_seconds(). Note that this preserves fast access on 64 bit systems, but 32 bit systems need sequence counters. The syscall interfaces themselves are not changed as part of the patch. They will be part of a different series. Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com> Reviewed-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Deepa Dinamani
|
e54d02b23c |
ipc: sem: Make sem_array timestamps y2038 safe
time_t is not y2038 safe. Replace all uses of time_t by y2038 safe time64_t. Similarly, replace the calls to get_seconds() with y2038 safe ktime_get_real_seconds(). Note that this preserves fast access on 64 bit systems, but 32 bit systems need sequence counters. The syscall interface themselves are not changed as part of the patch. They will be part of a different series. Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com> Reviewed-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Deepa Dinamani
|
50578ea97a |
ipc: msg: Make msg_queue timestamps y2038 safe
time_t is not y2038 safe. Replace all uses of time_t by y2038 safe time64_t. Similarly, replace the calls to get_seconds() with y2038 safe ktime_get_real_seconds(). Note that this preserves fast access on 64 bit systems, but 32 bit systems need sequence counters. The syscall interfaces themselves are not changed as part of the patch. They will be part of a different series. Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com> Reviewed-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Deepa Dinamani
|
b904772638 |
ipc: mqueue: Replace timespec with timespec64
struct timespec is not y2038 safe. Replace all uses of timespec by y2038 safe struct timespec64. Even though timespec is used here to represent timeouts, replace these with timespec64 so that it facilitates in verification by creating a y2038 safe kernel image that is free of timespec. The syscall interfaces themselves are not changed as part of the patch. They will be part of a different series. Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com> Cc: Paul Moore <paul@paul-moore.com> Cc: Richard Guy Briggs <rgb@redhat.com> Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Reviewed-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Deepa Dinamani
|
3ef56dc267 |
ipc: Make sys_semtimedop() y2038 safe
struct timespec is not y2038 safe on 32 bit machines. Replace timespec with y2038 safe struct timespec64. Note that the patch only changes the internals without modifying the syscall interface. This will be part of a separate series. Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com> Reviewed-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |