118 Commits

Author	SHA1	Message	Date
Srinivasarao P	90bb7a2b24	Merge android-4.14-stable.180 (816f245) into msm-4.14 ... * refs/heads/tmp-816f245: Revert "clk: qcom: rcg2: Don't crash if our parent can't be found; return an error" Reverting crypto patches Reverting incremental fs changes Linux 4.14.180 cgroup, netclassid: remove double cond_resched mac80211: add ieee80211_is_any_nullfunc() ALSA: hda: Match both PCI ID and SSID for driver blacklist tracing: Reverse the order of trace_types_lock and event_mutex sctp: Fix SHUTDOWN CTSN Ack in the peer restart case net: systemport: suppress warnings on failed Rx SKB allocations net: bcmgenet: suppress warnings on failed Rx SKB allocations lib/mpi: Fix building for powerpc with clang net: dsa: b53: Rework ARL bin logic scripts/config: allow colons in option strings for sed s390/ftrace: fix potential crashes when switching tracers cifs: protect updating server->dstaddr with a spinlock net: stmmac: Fix sub-second increment net: stmmac: fix enabling socfpga's ptp_ref_clock wimax/i2400m: Fix potential urb refcnt leak ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry ASoC: rsnd: Fix HDMI channel mapping for multi-SSI mode ASoC: sgtl5000: Fix VAG power-on handling selftests/ipc: Fix test failure seen after initial test run ASoC: topology: Check return value of pcm_new_ver powerpc/pci/of: Parse unassigned resources vhost: vsock: kick send_pkt worker once device is started ANDROID: arm64: fix a mismerge in proc.S Linux 4.14.179 selinux: properly handle multiple messages in selinux_netlink_send() dmaengine: dmatest: Fix iteration non-stop logic nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl ALSA: opti9xx: shut up gcc-10 range warning iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system scsi: target/iblock: fix WRITE SAME zeroing iommu/qcom: Fix local_base status check vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() vfio: avoid possible overflow in vfio_iommu_type1_pin_pages RDMA/mlx4: Initialize ib_spec on the stack RDMA/mlx5: Set GRH fields in query QP on RoCE dm verity fec: fix hash block number in verity_fec_decode PM: hibernate: Freeze kernel threads in software_resume() PM: ACPI: Output correct message on target power state ALSA: pcm: oss: Place the plugin buffer overflow checks correctly ALSA: hda/hdmi: fix without unlocked before return ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers mmc: sdhci-xenon: fix annoying 1.8V regulator warning btrfs: fix partial loss of prealloc extent past i_size after fsync btrfs: fix block group leak when removing fails drm/qxl: qxl_release use after free drm/qxl: qxl_release leak in qxl_hw_surface_alloc() drm/qxl: qxl_release leak in qxl_draw_dirty_fb() drm/edid: Fix off-by-one in DispID DTD pixel clock ext4: fix special inode number checks in __ext4_iget() ANDROID: Incremental fs: Fix issues with very large files Linux 4.14.178 propagate_one(): mnt_set_mountpoint() needs mount_lock ext4: check for non-zero journal inum in ext4_calculate_overhead qed: Fix use after free in qed_chain_free ext4: unsigned int compared against zero ext4: fix block validity checks for journal inodes using indirect blocks ext4: don't perform block validity checks on the journal inode ext4: protect journal inode's blocks using block_validity ext4: avoid declaring fs inconsistent due to invalid file handles hwmon: (jc42) Fix name to have no illegal characters ext4: convert BUG_ON's to WARN_ON's in mballoc.c ext4: increase wait time needed before reuse of deleted inode numbers ext4: use matching invalidatepage in ext4_writepage arm64: Delete the space separator in __emit_inst xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status objtool: Support Clang non-section symbols in ORC dump objtool: Fix CONFIG_UBSAN_TRAP unreachable warnings scsi: target: fix PR IN / READ FULL STATUS for FC xfs: fix partially uninitialized structure in xfs_reflink_remap_extent x86: hyperv: report value of misc_features bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path perf/core: fix parent pid/tid in task exit events ARM: dts: bcm283x: Disable dsi0 node net/cxgb4: Check the return from t4_query_params properly i2c: altera: use proper variable to hold errno nfsd: memory corruption in nfsd4_lock() iio:ad7797: Use correct attribute_group usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete usb: dwc3: gadget: Do link recovery for SS and SSP binder: take read mode of mmap_sem in binder_alloc_free_page() include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer remoteproc: Fix wrong rvring index computation xfs: Fix deadlock between AGI and AGF with RENAME_WHITEOUT xfs: validate sb_logsunit is a multiple of the fs blocksize serial: sh-sci: Make sure status register SCxSR is read in correct sequence usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset() UAS: fix deadlock in error handling and PM flushing work UAS: no use logging any details in case of ENODEV cdc-acm: introduce a cool down cdc-acm: close race betrween suspend() and acm_softint staging: vt6656: Power save stop wake_up_count wrap around. staging: vt6656: Fix pairwise key entry save. staging: vt6656: Fix drivers TBTT timing counter. staging: vt6656: Fix calling conditions of vnt_set_bss_mode staging: vt6656: Don't set RCR_MULTICAST or RCR_BROADCAST by default. vt: don't hardcode the mem allocation upper bound staging: comedi: Fix comedi_device refcnt leak in comedi_open staging: comedi: dt2815: fix writing hi byte of analog output powerpc/setup_64: Set cache-line-size based on cache-block-size ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y iwlwifi: pcie: actually release queue memory in TVQM ASoC: dapm: fixup dapm kcontrol widget audit: check the length of userspace generated audit records usb-storage: Add unusual_devs entry for JMicron JMS566 tty: rocket, avoid OOB access tty: hvc: fix buffer overflow during hvc_alloc(). KVM: VMX: Enable machine check support for 32bit targets KVM: Check validity of resolved slot when searching memslots tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send() tpm/tpm_tis: Free IRQ if probing fails ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif ALSA: hda/realtek - Add new codec supported for ALC245 ALSA: usx2y: Fix potential NULL dereference tools/vm: fix cross-compile build mm/ksm: fix NULL pointer dereference when KSM zero page is enabled mm/hugetlb: fix a addressing exception caused by huge_pte_offset vmalloc: fix remap_vmalloc_range() bounds checks overflow.h: Add arithmetic shift helper USB: hub: Fix handling of connect changes during sleep USB: core: Fix free-while-in-use bug in the USB S-Glibrary USB: early: Handle AMD's spec-compliant identifiers, too USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE USB: sisusbvga: Change port variable from signed to unsigned fs/namespace.c: fix mountpoint reference counter race iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode iio: xilinx-xadc: Fix clearing interrupt when enabling trigger iio: xilinx-xadc: Fix ADC-B powerdown iio: adc: stm32-adc: fix sleep in atomic context ALSA: hda: Remove ASUS ROG Zenith from the blacklist KEYS: Avoid false positive ENOMEM error on key read vrf: Check skb for XFRM_TRANSFORMED flag xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish net: dsa: b53: Fix ARL register definitions team: fix hang in team_mode_get() tcp: cache line align MAX_TCP_HEADER net/x25: Fix x25_neigh refcnt leak when receiving frame net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node net: bcmgenet: correct per TX/RX ring statistics macvlan: fix null dereference in macvlan_device_event() macsec: avoid to set wrong mtu ipv6: fix restrict IPV6_ADDRFORM operation cxgb4: fix large delays in PTP synchronization mm, slub: restore the original intention of prefetch_freepointer() PCI/ASPM: Allow re-enabling Clock PM perf/core: Disable page faults when getting phys address pwm: bcm2835: Dynamically allocate base pwm: renesas-tpu: Fix late Runtime PM enablement s390/cio: avoid duplicated 'ADD' uevents ipc/util.c: sysvipc_find_ipc() should increase position index selftests: kmod: fix handling test numbers above 9 kernel/gcov/fs.c: gcov_seq_next() should increase position index ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map() scsi: iscsi: Report unbind session event when the target has been removed pwm: rcar: Fix late Runtime PM enablement ceph: don't skip updating wanted caps when cap is stale ceph: return ceph_mdsc_do_request() errors from __get_parent() scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login watchdog: reset last_hw_keepalive time at start vti4: removed duplicate log message. crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static drm/msm: Use the correct dma_sync calls harder keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h net: ipv4: avoid unused variable warning for sysctl net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg() ext4: fix extent_status fragmentation for plain files FROMGIT: f2fs: fix missing check for f2fs_unlock_op ANDROID: Fix kernel build regressions from virtio-gpu-next patches ANDROID: Incremental fs: Add setattr call ANDROID: cuttlefish_defconfig: enable LTO and CFI ANDROID: x86: map CFI jump tables in pti_clone_entry_text ANDROID: crypto: aesni: fix function types for aesni_(enc|dec) ANDROID: x86: disable CFI for do_syscall_* ANDROID: BACKPORT: x86, module: Ignore __typeid__ relocations ANDROID: BACKPORT: x86, relocs: Ignore __typeid__ relocations ANDROID: BACKPORT: x86/extable: Do not mark exception callback as CFI FROMLIST: crypto, x86/sha: Eliminate casts on asm implementations UPSTREAM: crypto: x86 - Rename functions to avoid conflict with crypto/sha256.h BACKPORT: x86/vmlinux: Actually use _etext for the end of the text segment ANDROID: x86: disable STACK_VALIDATION with LTO_CLANG ANDROID: x86: add support for CONFIG_LTO_CLANG ANDROID: x86/vdso: disable LTO only for VDSO ANDROID: x86/cpu/vmware: use the full form of inl in VMWARE_PORT UPSTREAM: x86/build/lto: Fix truncated .bss with -fdata-sections ANDROID: kbuild: don't select LD_DEAD_CODE_DATA_ELIMINATION with LTO ANDROID: kbuild: export LTO and CFI flags ANDROID: cfi: remove unnecessary <asm/memory.h> include ANDROID: drm/virtio: rebase to latest virgl/drm-misc-next (take 2) UPSTREAM: sysrq: Use panic() to force a crash ANDROID: Incremental fs: Use simple compression in log buffer ANDROID: dm-bow: Fix not to skip trim at framented range ANDROID: Remove VLA from uid_sys_stats.c ANDROID: cuttlefish_defconfig: enable CONFIG_DEBUG_LIST Linux 4.14.177 KEYS: Don't write out to userspace while holding key semaphore KEYS: Use individual pages in big_key for crypto buffers mtd: phram: fix a double free issue in error path mtd: lpddr: Fix a double free in probe() locktorture: Print ratio of acquisitions, not failures tty: evh_bytechan: Fix out of bounds accesses fbdev: potential information leak in do_fb_ioctl() net: dsa: bcm_sf2: Fix overflow checks iommu/amd: Fix the configuration of GCR3 table root pointer libnvdimm: Out of bounds read in __nd_ioctl() ext2: fix debug reference to ext2_xattr_cache ext2: fix empty body warnings when -Wextra is used iommu/vt-d: Fix mm reference leak NFS: Fix memory leaks in nfs_pageio_stop_mirroring() drm/amdkfd: kfree the wrong pointer x86: ACPI: fix CPU hotplug deadlock KVM: s390: vsie: Fix possible race when shadowing region 3 tables compiler.h: fix error in BUILD_BUG_ON() reporting percpu_counter: fix a data race at vm_committed_as include/linux/swapops.h: correct guards for non_swap_entry() ext4: do not commit super on read-only bdev powerpc/maple: Fix declaration made after definition s390/cpuinfo: fix wrong output when CPU0 is offline NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid() rtc: 88pm860x: fix possible race condition soc: imx: gpc: fix power up sequencing clk: tegra: Fix Tegra PMC clock out parents power: supply: bq27xxx_battery: Silence deferred-probe error clk: at91: usb: continue if clk_hw_round_rate() return zero of: unittest: kmemleak in of_unittest_platform_populate() rbd: call rbd_dev_unprobe() after unwatching and flushing notifies rbd: avoid a deadlock on header_rwsem when flushing notifies of: fix missing kobject init for !SYSFS && OF_DYNAMIC config soc: qcom: smem: Use le32_to_cpu for comparison wil6210: abort properly in cfg suspend wil6210: fix length check in __wmi_send wil6210: add block size checks during FW load wil6210: fix PCIe bus mastering in case of interface down rpmsg: glink: smem: Ensure ordering during tx rpmsg: glink: Fix missing mutex_init() in qcom_glink_alloc_channel() rtc: pm8xxx: Fix issue in RTC write path rpmsg: glink: use put_device() if device_register fail wil6210: rate limit wil_rx_refill error scsi: ufs: ufs-qcom: remove broken hci version quirk scsi: ufs: make sure all interrupts are processed wil6210: fix temperature debugfs wil6210: increase firmware ready timeout arch_topology: Fix section miss match warning due to free_raw_capacity() arm64: traps: Don't print stack or raw PC/LR values in backtraces arm64: perf: remove unsupported events for Cortex-A73 Revert "gpio: set up initial state from .get_direction()" clk: Fix debugfs_create_*() usage drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem video: fbdev: sis: Remove unnecessary parentheses and commented code lib/raid6: use vdupq_n_u8 to avoid endianness warnings ALSA: hda: Don't release card at firmware loading error irqchip/mbigen: Free msi_desc on device teardown netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type arm, bpf: Fix bugs with ALU64 {RSH, ARSH} BPF_K shift by 0 ext4: use non-movable memory for superblock readahead scsi: sg: add sg_remove_request in sg_common_write objtool: Fix switch table detection in .text.unlikely mm/vmalloc.c: move 'area->pages' after if statement x86/resctrl: Fix invalid attempt at removing the default resource group x86/resctrl: Preserve CDP enable over CPU hotplug x86/intel_rdt: Enable L2 CDP in MSR IA32_L2_QOS_CFG x86/intel_rdt: Add two new resources for L2 Code and Data Prioritization (CDP) x86/intel_rdt: Enumerate L2 Code and Data Prioritization (CDP) feature x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE scsi: target: fix hang when multiple threads try to destroy the same iscsi session scsi: target: remove boilerplate code kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD dm flakey: check for null arg_name in parse_features() ext4: do not zeroout extents beyond i_disksize mac80211_hwsim: Use kstrndup() in place of kasprintf() btrfs: check commit root generation in should_ignore_root tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation ALSA: usb-audio: Don't override ignore_ctl_error value from the map ASoC: Intel: mrfld: return error codes when an error occurs ASoC: Intel: mrfld: fix incorrect check on p->sink ext4: fix incorrect inodes per group in error message ext4: fix incorrect group count in ext4_fill_super error message pwm: pca9685: Fix PWM/GPIO inter-operation jbd2: improve comments about freeing data buffers whose page mapping is NULL scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes net: revert default NAPI poll timeout to 2 jiffies net: qrtr: send msgs from local of same id as broadcast net: ipv6: do not consider routes via gateways for anycast address check net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin hsr: check protocol version in hsr_newlink() amd-xgbe: Use __napi_schedule() in BH context mfd: dln2: Fix sanity checking for endpoints misc: echo: Remove unnecessary parentheses and simplify check for zero powerpc/fsl_booke: Avoid creating duplicate tlb1 entry ipmi: fix hung processes in __get_guid() ftrace/kprobe: Show the maxactive number on kprobe_events drm: Remove PageReserved manipulation from drm_pci_alloc drm/dp_mst: Fix clearing payload state on topology disable crypto: caam - update xts sector size for large input length dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone() btrfs: use nofs allocations for running delayed items Btrfs: fix crash during unmount due to race with delayed inode workers powerpc: Make setjmp/longjmp signature standard powerpc: Add attributes for setjmp/longjmp scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug powerpc/kprobes: Ignore traps that happened in real mode powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries powerpc/64/tm: Don't let userspace set regs->trap via sigreturn powerpc/powernv/idle: Restore AMR/UAMOR/AMOR after idle libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set hfsplus: fix crash and filesystem corruption when deleting files cpufreq: powernv: Fix use-after-free kmod: make request_module() return an error when autoloading is disabled Input: i8042 - add Acer Aspire 5738z to nomux list s390/diag: fix display of diagnose call statistics perf tools: Support Python 3.8+ in Makefile ocfs2: no need try to truncate file beyond i_size fs/filesystems.c: downgrade user-reachable WARN_ONCE() to pr_warn_once() ext4: fix a data race at inode->i_blocks NFS: Fix a page leak in nfs_destroy_unlinked_subrequests() rtc: omap: Use define directive for PIN_CONFIG_ACTIVE_HIGH arm64: armv8_deprecated: Fix undef_hook mask for thumb setend scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point dm verity fec: fix memory leak in verity_fec_dtr mm: Use fixed constant in page_frag_alloc instead of size + 1 tools: gpio: Fix out-of-tree build regression x86/speculation: Remove redundant arch_smt_update() invocation powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init() net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags ALSA: hda: Initialize power_state field properly crypto: mxs-dcp - fix scatterlist linearization for hash btrfs: drop block from cache on error in relocation CIFS: Fix bug which the return value by asynchronous read is error KVM: VMX: fix crash cleanup when KVM wasn't used KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support KVM: x86: Allocate new rmap and large page tracking when moving memslot KVM: s390: vsie: Fix delivery of addressing exceptions KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks KVM: nVMX: Properly handle userspace interrupt window request x86/entry/32: Add missing ASM_CLAC to general_protection entry signal: Extend exec_id to 64bits ath9k: Handle txpower changes even when TPC is disabled MIPS: OCTEON: irq: Fix potential NULL pointer dereference irqchip/versatile-fpga: Apply clear-mask earlier KEYS: reaching the keys quotas correctly PCI: endpoint: Fix for concurrent memory allocation in OB address region PCI/ASPM: Clear the correct bits when enabling L1 substates nvme-fc: Revert "add module to ops template to allow module references" thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n acpi/x86: ignore unspecified bit positions in the ACPI global lock field media: ti-vpe: cal: fix disable_irqs to only the intended target ALSA: hda/realtek - Set principled PC Beep configuration for ALC256 ALSA: doc: Document PC Beep Hidden Register on Realtek ALC256 ALSA: pcm: oss: Fix regression by buffer overflow fix ALSA: ice1724: Fix invalid access for enumerated ctl items ALSA: hda: Fix potential access overflow in beep helper ALSA: hda: Add driver blacklist ALSA: usb-audio: Add mixer workaround for TRX40 and co usb: gadget: composite: Inform controller driver of self-powered usb: gadget: f_fs: Fix use after free issue as part of queue failure ASoC: topology: use name_prefix for new kcontrol ASoC: dpcm: allow start or stop during pause for backend ASoC: dapm: connect virtual mux with default value ASoC: fix regwmask slub: improve bit diffusion for freelist ptr obfuscation misc: rtsx: set correct pcr_ops for rts522A uapi: rename ext2_swab() to swab() and share globally in swab.h btrfs: track reloc roots based on their commit root bytenr btrfs: remove a BUG_ON() from merge_reloc_roots() block, bfq: fix use-after-free in bfq_idle_slice_timer_body locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps() irqchip/gic-v4: Provide irq_retrigger to avoid circular locking dependency usb: dwc3: core: add support for disabling SS instances in park mode block: Fix use-after-free issue accessing struct io_cq genirq/irqdomain: Check pointer in irq_domain_alloc_irqs_hierarchy() efi/x86: Ignore the memory attributes table on i386 x86/boot: Use unsigned comparison for addresses gfs2: Don't demote a glock until its revokes are written libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() PCI/switchtec: Fix init_completion race condition with poll_wait() selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault sched: Avoid scale real weight down to zero irqchip/versatile-fpga: Handle chained IRQs properly block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices x86: Don't let pgprot_modify() change the page encryption bit null_blk: fix spurious IO errors after failed past-wp access null_blk: Handle null_add_dev() failures properly null_blk: Fix the null_add_dev() error path i2c: st: fix missing struct parameter description qlcnic: Fix bad kzalloc null test cxgb4/ptp: pass the sign of offset delta in FW CMD hinic: fix wrong para of wait_for_completion_timeout hinic: fix a bug of waitting for IO stopped net: vxge: fix wrong __VA_ARGS__ usage bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads ANDROID: fix wakeup reason findings UPSTREAM: gpu/trace: add a gpu total memory usage tracepoint CHROMIUM: drm/virtio: rebase zero-copy patches to virgl/drm-misc-next CHROMIUM: virtio-gpu: add VIRTIO_GPU_F_RESOURCE_UUID feature CHROMIUM: drm/virtgpu: add legacy VIRTIO_GPU_* values for non-upstream variants CHROMIUM: drm/virtgpu: fix various warnings CHROMIUM: drm/virtgpu: implement metadata allocation ioctl CHROMIUM: drm/virtgpu: introduce request IDRs CHROMIUM: drm/virtgpu: implement DRM_VIRTGPU_RESOURCE_CREATE_V2 CHROMIUM: drm/virtgpu: add stub ioctl implementation CHROMIUM: drm/virtgpu: check for revelant capabilites CHROMIUM: drm/virtgpu: add memory type to virtio_gpu_object_params CHROMIUM: drm/virtgpu: make memory and resource creation opaque CHROMIUM: virtio-gpu api: VIRTIO_GPU_F_MEMORY CHROMIUM: virtwl: store plane info per virtio_gpu_object CHROMIUM: drm/virtgpu: expose new ioctls to userspace BACKPORT: drm/virtio: move virtio_gpu_object_{attach, detach} calls. ANDROID: drm: ttm: Add ttm_tt_create2 driver hook UPSTREAM: virtio-gpu api: comment feature flags UPSTREAM: drm/virtio: module_param_named() requires linux/moduleparam.h BACKPORT: drm/virtio: fix resource id creation race BACKPORT: drm/virtio: make resource id workaround runtime switchable. BACKPORT: drm/virtio: do NOT reuse resource ids BACKPORT: drm/virtio: Drop deprecated load/unload initialization f2fs: fix quota_sync failure due to f2fs_lock_op f2fs: support read iostat f2fs: Fix the accounting of dcc->undiscard_blks f2fs: fix to handle error path of f2fs_ra_meta_pages() f2fs: report the discard cmd errors properly f2fs: fix long latency due to discard during umount f2fs: add tracepoint for f2fs iostat f2fs: introduce sysfs/data_io_flag to attach REQ_META/FUA UPSTREAM: kheaders: include only headers into kheaders_data.tar.xz UPSTREAM: kheaders: remove meaningless -R option of 'ls' ANDROID: Incremental fs: Fix create_file performance ANDROID: Incremental fs: Fix compound page usercopy crash ANDROID: Incremental fs: Clean up incfs_test build process ANDROID: Incremental fs: make remount log buffer change atomic ANDROID: Incremental fs: Optimize get_filled_block ANDROID: Incremental fs: Fix mislabeled __user ptrs ANDROID: Incremental fs: Use 64-bit int for file_size when writing hash blocks Revert "ANDROID: Incremental fs: Fix initialization, use of bitfields" Linux 4.14.176 drm/msm: Use the correct dma_sync calls in msm_gem rpmsg: glink: smem: Support rx peak for size less than 4 bytes drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read() usb: dwc3: don't set gadget->is_otg flag rpmsg: glink: Remove chunk size word align warning arm64: Fix size of __early_cpu_boot_status drm/msm: stop abusing dma_map/unmap for cache clk: qcom: rcg: Return failure for RCG update acpi/nfit: Fix bus command validation fbcon: fix null-ptr-deref in fbcon_switch RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl ceph: canonicalize server path in place ceph: remove the extra slashes in the server path IB/hfi1: Fix memory leaks in sysfs registration and unregistration IB/hfi1: Call kobject_put() when kobject_init_and_add() fails ASoC: jz4740-i2s: Fix divider written at incorrect offset in register hwrng: imx-rngc - fix an error path tools/accounting/getdelays.c: fix netlink attribute length random: always use batched entropy for get_random_u{32,64} mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE slcan: Don't transmit uninitialized stack data in padding net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers net: dsa: bcm_sf2: Ensure correct sub-node is parsed ipv6: don't auto-add link-local address to lag ports mm: mempolicy: require at least one nodeid for MPOL_PREFERRED padata: always acquire cpu_hotplug_lock before pinst->lock coresight: do not use the BIT() macro in the UAPI header misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices blk-mq: Allow blocking queue tag iter callbacks blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter drm/etnaviv: replace MMU flush marker with flush sequence tools/power turbostat: Fix gcc build warnings initramfs: restore default compression behavior drm/bochs: downgrade pci_request_region failure from error to warning sctp: fix possibly using a bad saddr with a given dst sctp: fix refcount bug in sctp_wfree net, ip_tunnel: fix interface lookup with no key ipv4: fix a RCU-list lock in fib_triestat_seq_show ANDROID: power: wakeup_reason: wake reason enhancements ubifs: wire up FS_IOC_GET_ENCRYPTION_NONCE f2fs: wire up FS_IOC_GET_ENCRYPTION_NONCE ext4: wire up FS_IOC_GET_ENCRYPTION_NONCE fscrypt: add FS_IOC_GET_ENCRYPTION_NONCE ioctl FROMLIST: power_supply: Add additional health properties to the header UPSTREAM: power: supply: core: Update sysfs-class-power ABI document BACKPORT: FROMGIT: kbuild: mkcompile_h: Include $LD version in /proc/version ANDROID: fscrypt: fall back to filesystem-layer crypto when needed ANDROID: block: require drivers to declare supported crypto key type(s) ANDROID: block: make blk_crypto_start_using_mode() properly check for support f2fs: keep inline_data when compression conversion f2fs: fix to disable compression on directory f2fs: add missing CONFIG_F2FS_FS_COMPRESSION f2fs: switch discard_policy.timeout to bool type f2fs: fix to verify tpage before releasing in f2fs_free_dic() f2fs: show compression in statx f2fs: clean up dic->tpages assignment f2fs: compress: support zstd compress algorithm f2fs: compress: add .{init,destroy}_decompress_ctx callback f2fs: compress: fix to call missing destroy_compress_ctx() f2fs: change default compression algorithm f2fs: clean up {cic,dic}.ref handling f2fs: fix to use f2fs_readpage_limit() in f2fs_read_multi_pages() f2fs: xattr.h: Make stub helpers inline f2fs: fix to avoid double unlock f2fs: fix potential .flags overflow on 32bit architecture f2fs: fix NULL pointer dereference in f2fs_verity_work() f2fs: fix to clear PG_error if fsverity failed f2fs: don't call fscrypt_get_encryption_info() explicitly in f2fs_tmpfile() f2fs: don't trigger data flush in foreground operation f2fs: fix NULL pointer dereference in f2fs_write_begin() f2fs: clean up f2fs_may_encrypt() f2fs: fix to avoid potential deadlock f2fs: don't change inode status under page lock f2fs: fix potential deadlock on compressed quota file f2fs: delete DIO read lock f2fs: don't mark compressed inode dirty during f2fs_iget() f2fs: fix to account compressed blocks in f2fs_compressed_blocks() f2fs: xattr.h: Replace zero-length array with flexible-array member f2fs: fix to update f2fs_super_block fields under sb_lock f2fs: Add a new CP flag to help fsck fix resize SPO issues f2fs: Fix mount failure due to SPO after a successful online resize FS f2fs: use kmem_cache pool during inline xattr lookups f2fs: skip migration only when BG_GC is called f2fs: fix to show tracepoint correctly f2fs: avoid __GFP_NOFAIL in f2fs_bio_alloc f2fs: introduce F2FS_IOC_GET_COMPRESS_BLOCKS f2fs: fix to avoid triggering IO in write path f2fs: add prefix for f2fs slab cache name f2fs: introduce DEFAULT_IO_TIMEOUT f2fs: skip GC when section is full f2fs: add migration count iff migration happens f2fs: clean up bggc mount option f2fs: clean up lfs/adaptive mount option f2fs: fix to show norecovery mount option f2fs: clean up parameter of macro XATTR_SIZE() f2fs: clean up codes with {f2fs_,}data_blkaddr() f2fs: show mounted time f2fs: Use scnprintf() for avoiding potential buffer overflow f2fs: allow to clear F2FS_COMPR_FL flag f2fs: fix to check dirty pages during compressed inode conversion f2fs: fix to account compressed inode correctly f2fs: fix wrong check on F2FS_IOC_FSSETXATTR f2fs: fix to avoid use-after-free in f2fs_write_multi_pages() f2fs: fix to avoid using uninitialized variable f2fs: fix inconsistent comments f2fs: remove i_sem lock coverage in f2fs_setxattr() f2fs: cover last_disk_size update with spinlock f2fs: fix to check i_compr_blocks correctly FROMLIST: kmod: make request_module() return an error when autoloading is disabled UPSTREAM: loop: Only freeze block queue when needed. UPSTREAM: loop: Only change blocksize when needed. ANDROID: Incremental fs: Fix remount ANDROID: Incremental fs: Protect get_fill_block, and add a field ANDROID: Incremental fs: Fix crash polling 0 size read_log ANDROID: Incremental fs: get_filled_blocks: better index_out ANDROID: Fix wq fp check for CFI builds ANDROID: Incremental fs: Fix four resource bugs ANDROID: kbuild: ensure __cfi_check is correctly aligned ANDROID: kbuild: fix module linker script flags for LTO Linux 4.14.175 arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id ARM: bcm2835-rpi-zero-w: Add missing pinctrl name ARM: dts: oxnas: Fix clear-mask property perf map: Fix off by one in strncpy() size argument arm64: alternative: fix build with clang integrated assembler net: ks8851-ml: Fix IO operations, again gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model bpf: Explicitly memset some bpf info structures declared on the stack bpf: Explicitly memset the bpf_attr structure platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table vt: vt_ioctl: fix use-after-free in vt_in_use() vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console vt: vt_ioctl: remove unnecessary console allocation checks vt: switch vt_dont_switch to bool vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines vt: selection, introduce vc_is_sel mac80211: fix authentication with iwlwifi/mvm mac80211: Check port authorization in the ieee80211_tx_dequeue() case media: xirlink_cit: add missing descriptor sanity checks media: stv06xx: add missing descriptor sanity checks media: dib0700: fix rc endpoint lookup media: ov519: add missing endpoint sanity checks libfs: fix infoleak in simple_attr_read() staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table media: usbtv: fix control-message timeouts media: flexcop-usb: fix endpoint sanity check usb: musb: fix crash with highmen PIO and usbmon USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback USB: cdc-acm: restore capability check order USB: serial: option: add Wistron Neweb D19Q1 USB: serial: option: add BroadMobi BM806U USB: serial: option: add support for ASKEY WWHC050 afs: Fix some tracing details Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger() Input: raydium_i2c_ts - use true and false for boolean values vti6: Fix memory leak of skb if input policy check fails netfilter: nft_fwd_netdev: validate family and chain type xfrm: policy: Fix doulbe free in xfrm_policy_timer xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire xfrm: fix uctx len check in verify_sec_ctx_len RDMA/mlx5: Block delay drop to unprivileged users vti[6]: fix packet tx through bpf_redirect() in XinY cases xfrm: handle NETDEV_UNREGISTER for xfrm device genirq: Fix reference leaks on irq affinity notifiers RDMA/core: Ensure security pkey modify is not lost gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk mac80211: mark station unauthorized before key removal scsi: sd: Fix optimal I/O size for devices that change reported values scripts/dtc: Remove redundant YYLOC global declaration tools: Let O= makes handle a relative path with -C option perf probe: Do not depend on dwfl_module_addrsym() ARM: dts: omap5: Add bus_dma_limit for L3 bus ARM: dts: dra7: Add bus_dma_limit for L3 bus Input: avoid BIT() macro usage in the serio.h UAPI header Input: synaptics - enable RMI on HP Envy 13-ad105ng i2c: hix5hd2: add missed clk_disable_unprepare in remove ftrace/x86: Anotate text_mutex split between ftrace_arch_code_modify_post_process() and ftrace_arch_code_modify_prepare() arm64: compat: map SPSR_ELx<->PSR for signals arm64: ptrace: map SPSR_ELx<->PSR for compat tasks sxgbe: Fix off by one in samsung driver strncpy size arg dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom mac80211: Do not send mesh HWMP PREQ if HWMP is disabled scsi: ipr: Fix softlockup when rescanning devices in petitboot fsl/fman: detect FMan erratum A050385 arm64: dts: ls1043a: FMan erratum A050385 dt-bindings: net: FMan erratum A050385 cgroup1: don't call release_agent when it is "" drivers/of/of_mdio.c:fix of_mdiobus_register() cpupower: avoid multiple definition with gcc -fno-common cgroup-v1: cgroup_pidlist_next should update position index net: ipv4: don't let PMTU updates increase route MTU hsr: set .netnsok flag hsr: add restart routine into hsr_get_node_list() hsr: use rcu_read_lock() in hsr_get_node_{list/status}() vxlan: check return value of gro_cells_init() net: dsa: mt7530: Change the LINK bit to reflect the link status bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets() slcan: not call free_netdev before rtnl_unlock in slcan_open NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() net: stmmac: dwmac-rk: fix error path in rk_gmac_probe net_sched: keep alloc_hash updated after hash allocation net_sched: cls_route: remove the right filter from hashtable net: qmi_wwan: add support for ASKEY WWHC050 net/packet: tpacket_rcv: avoid a producer race condition net: mvneta: Fix the case where the last poll did not process all rx net: dsa: Fix duplicate frames flooded by learning macsec: restrict to ethernet devices hsr: fix general protection fault in hsr_addr_is_self() Revert "drm/dp_mst: Skip validating ports during destruction, just ref" staging: greybus: loopback_test: fix potential path truncations staging: greybus: loopback_test: fix potential path truncation drm/bridge: dw-hdmi: fix AVI frame colorimetry arm64: smp: fix crash_smp_send_stop() behaviour arm64: smp: fix smp_send_stop() behaviour ALSA: hda/realtek: Fix pop noise on ALC225 Revert "ipv6: Fix handling of LLA with VRF and sockets bound to VRF" Revert "vrf: mark skb for multicast or link-local as enslaved to VRF" futex: Unbreak futex hashing futex: Fix inode life-time issue kbuild: Disable -Wpointer-to-enum-cast iio: adc: at91-sama5d2_adc: fix differential channels in triggered mode iio: adc: at91-sama5d2_adc: fix channel configuration for differential channels USB: cdc-acm: fix rounding error in TIOCSSERIAL USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL x86/mm: split vmalloc_sync_all() page-flags: fix a crash at SetPageError(THP_SWAP) mm, slub: prevent kmalloc_node crashes and memory leaks mm: slub: be more careful about the double cmpxchg of freelist memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event xhci: Do not open code __print_symbolic() in xhci trace events rtc: max8907: add missing select REGMAP_IRQ intel_th: pci: Add Elkhart Lake CPU support intel_th: Fix user-visible error codes staging/speakup: fix get_word non-space look-ahead staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2 iio: magnetometer: ak8974: Fix negative raw values in sysfs iio: trigger: stm32-timer: disable master mode when stopping ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks ALSA: pcm: oss: Avoid plugin buffer overflow ALSA: seq: oss: Fix running status after receiving sysex ALSA: seq: virmidi: Fix running status after receiving sysex ALSA: line6: Fix endless MIDI read loop usb: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c USB: serial: pl2303: add device-id for HP LD381 usb: host: xhci-plat: add a shutdown USB: serial: option: add ME910G1 ECM composition 0x110b usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters USB: Disable LPM on WD19's Realtek Hub parse-maintainers: Mark as executable block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group() xenbus: req->err should be updated before req->state xenbus: req->body should be updated before req->state dm bio record: save/restore bi_end_io and bi_integrity altera-stapl: altera_get_note: prevent write beyond end of 'key' drivers/perf: arm_pmu_acpi: Fix incorrect checking of gicc pointer drm/exynos: dsi: fix workaround for the legacy clock name drm/exynos: dsi: propagate error value and silence meaningless warning spi/zynqmp: remove entry that causes a cs glitch spi: pxa2xx: Add CS control clock quirk ARM: dts: dra7: Add "dma-ranges" property to PCIe RC DT nodes powerpc: Include .BTF section spi: qup: call spi_qup_pm_resume_runtime before suspending UPSTREAM: ubifs: wire up FS_IOC_GET_ENCRYPTION_NONCE UPSTREAM: f2fs: wire up FS_IOC_GET_ENCRYPTION_NONCE UPSTREAM: ext4: wire up FS_IOC_GET_ENCRYPTION_NONCE UPSTREAM: fscrypt: add FS_IOC_GET_ENCRYPTION_NONCE ioctl UPSTREAM: usb: raw_gadget: fix compilation warnings in uapi headers BACKPORT: usb: gadget: add raw-gadget interface UPSTREAM: usb: gadget: move choice ... endchoice to legacy/Kconfig ANDROID: clang: update to 10.0.5 FROMLIST: arm64: define __alloc_zeroed_user_highpage ANDROID: Incremental fs: Add INCFS_IOC_GET_FILLED_BLOCKS ANDROID: Incremental fs: Fix two typos f2fs: fix to avoid potential deadlock f2fs: add missing function name in kernel message f2fs: recycle unused compress_data.chksum feild f2fs: fix to avoid NULL pointer dereference f2fs: fix leaking uninitialized memory in compressed clusters f2fs: fix the panic in do_checkpoint() f2fs: fix to wait all node page writeback mm/swapfile.c: move inode_lock out of claim_swapfile UPSTREAM: ipv6: ndisc: add support for 'PREF64' dns64 prefix identifier UPSTREAM: ipv6: ndisc: add support for 'PREF64' dns64 prefix identifier ANDROID: dm-bow: Fix free_show value is incorrect UPSTREAM: coresight: Potential uninitialized variable in probe() ANDROID: kbuild: do not merge .section..* into .section in modules ANDROID: scsi: ufs: add ->map_sg_crypto() variant op UPSTREAM: bpf: Explicitly memset some bpf info structures declared on the stack UPSTREAM: bpf: Explicitly memset the bpf_attr structure Linux 4.14.174 ipv4: ensure rcu_read_lock() in cipso_v4_error() mm: slub: add missing TID bump in kmem_cache_alloc_bulk() ARM: 8958/1: rename missed uaccess .fixup section ARM: 8957/1: VDSO: Match ARMv8 timer in cntvct_functional() jbd2: fix data races at struct journal_head net: rmnet: fix NULL pointer dereference in rmnet_newlink() hinic: fix a bug of setting hw_ioctxt slip: not call free_netdev before rtnl_unlock in slip_open signal: avoid double atomic counter increments for user accounting mac80211: rx: avoid RCU list traversal under mutex net: ks8851-ml: Fix IRQ handling and locking net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch scsi: libfc: free response frame from GPN_ID cfg80211: check reg_rule for NULL in handle_channel_custom() HID: i2c-hid: add Trekstor Surfbook E11B to descriptor override HID: apple: Add support for recent firmware on Magic Keyboards ACPI: watchdog: Allow disabling WDAT at boot perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag batman-adv: Don't schedule OGM for disabled interface batman-adv: Avoid free/alloc race when handling OGM buffer batman-adv: Avoid free/alloc race when handling OGM2 buffer batman-adv: Fix duplicated OGMs on NETDEV_UP batman-adv: Fix debugfs path for renamed softif batman-adv: Fix debugfs path for renamed hardif batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs batman-adv: Fix TT sync flags for intermediate TT responses batman-adv: Avoid race in TT TVLV allocator helper batman-adv: update data pointers after skb_cow() batman-adv: Fix internal interface indices types batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq batman-adv: Fix check of retrieved orig_gw in batadv_v_gw_is_eligible batman-adv: Always initialize fragment header priority batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation efi: Add a sanity check to efivar_store_raw() net/smc: check for valid ib_client_data ipv6: restrict IPV6_ADDRFORM operation i2c: acpi: put device when verifying client fails iommu/vt-d: Ignore devices with out-of-spec domain number iommu/vt-d: Fix the wrong printing in RHSA parsing netfilter: nft_payload: add missing attribute validation for payload csum flags netfilter: cthelper: add missing attribute validation for cthelper nl80211: add missing attribute validation for channel switch nl80211: add missing attribute validation for beacon report scanning nl80211: add missing attribute validation for critical protocol indication pinctrl: core: Remove extra kref_get which blocks hogs being freed pinctrl: meson-gxl: fix GPIOX sdio pins iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint iommu/dma: Fix MSI reservation allocation x86/mce: Fix logic and comments around MSR_PPIN_CTL efi: Fix a race and a buffer overflow while reading efivars via sysfs ARC: define __ALIGN_STR and __ALIGN symbols for ARC KVM: x86: clear stale x86_emulate_ctxt->intercept value gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache cifs_atomic_open(): fix double-put on late allocation failure ktest: Add timeout for ssh sync testing drm/amd/display: remove duplicated assignment to grph_obj_type workqueue: don't use wq_select_unbound_cpu() for bound works iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint virtio-blk: fix hw_queue stopped on arbitrary error iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices cgroup: Iterate tasks that did not finish do_exit() cgroup: cgroup_procs_next should increase position index ipvlan: don't deref eth hdr before checking it's set ipvlan: egress mcast packets are not exceptional ipvlan: do not add hardware address of master to its unicast filter list inet_diag: return classid for all socket types macvlan: add cond_resched() during multicast processing net: fec: validate the new settings in fec_enet_set_coalesce() slip: make slhc_compress() more robust against malicious packets bonding/alb: make sure arp header is pulled before accessing it net: phy: fix MDIO bus PM PHY resuming nfc: add missing attribute validation for vendor subcommand nfc: add missing attribute validation for SE API team: add missing attribute validation for array index team: add missing attribute validation for port ifindex net: fq: add missing attribute validation for orphan mask macsec: add missing attribute validation for port can: add missing attribute validation for termination nl802154: add missing attribute validation for dev_type nl802154: add missing attribute validation fib: add missing attribute validation for tun_id net: memcg: fix lockdep splat in inet_csk_accept() net: memcg: late association of sock to memcg cgroup: memcg: net: do not associate sock with unrelated cgroup bnxt_en: reinitialize IRQs when MTU is modified sfc: detach from cb_page in efx_copy_channel() r8152: check disconnect status after long sleep net/packet: tpacket_rcv: do not increment ring index on drop net: nfc: fix bounds checking bugs on "pipe" net: macsec: update SCI upon MAC address change. netlink: Use netlink header as base to calculate bad attribute offset ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() ipvlan: add cond_resched_rcu() while processing muticast backlog ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface gre: fix uninit-value in __iptunnel_pull_header cgroup, netclassid: periodically release file_lock on classid updating net: phy: Avoid multiple suspends phy: Revert toggling reset changes. ANDROID: Incremental fs: Add INCFS_IOC_PERMIT_FILL ANDROID: Incremental fs: Remove signature checks from kernel ANDROID: Incremental fs: Pad hash blocks ANDROID: Incremental fs: Make fill block an ioctl ANDROID: Incremental fs: Remove all access_ok checks UPSTREAM: cgroup: Iterate tasks that did not finish do_exit() UPSTREAM: arm64: memory: Add missing brackets to untagged_addr() macro UPSTREAM: mm: Avoid creating virtual address aliases in brk()/mmap()/mremap() ANDROID: Add TPM support and the vTPM proxy to Cuttlefish. ANDROID: serdev: restrict claim of platform devices UPSTREAM: fscrypt: don't evict dirty inodes after removing key fscrypt: don't evict dirty inodes after removing key Linux 4.14.173 ASoC: topology: Fix memleak in soc_tplg_manifest_load() xhci: handle port status events for removed USB3 hcd dm integrity: fix a deadlock due to offloading to an incorrect workqueue powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() ARM: imx: build v7_cpu_resume() unconditionally IB/hfi1, qib: Ensure RCU is locked when accessing list RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() RDMA/iwcm: Fix iwcm work deallocation ASoC: dapm: Correct DAPM handling of active widgets during shutdown ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output ASoC: intel: skl: Fix possible buffer overflow in debug outputs ASoC: intel: skl: Fix pin debug prints ASoC: topology: Fix memleak in soc_tplg_link_elems_load() ARM: dts: ls1021a: Restore MDIO compatible to gianfar dm cache: fix a crash due to incorrect work item cancelling dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list dmaengine: tegra-apb: Fix use-after-free x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes vt: selection, push sel_lock up vt: selection, push console lock down vt: selection, close sel_buffer race serial: 8250_exar: add support for ACCES cards tty:serial:mvebu-uart:fix a wrong return arm: dts: dra76x: Fix mmc3 max-frequency fat: fix uninit-memory access for partial initialized inode mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa vgacon: Fix a UAF in vgacon_invert_region usb: core: port: do error out if usb_autopm_get_interface() fails usb: core: hub: do error out if usb_autopm_get_interface() fails usb: core: hub: fix unhandled return by employing a void function usb: quirks: add NO_LPM quirk for Logitech Screen Share usb: storage: Add quirk for Samsung Fit flash cifs: don't leak -EAGAIN for stat() during reconnect net: thunderx: workaround BGX TX Underflow issue x86/xen: Distribute switch variables for initialization nvme: Fix uninitialized-variable warning x86/boot/compressed: Don't declare __force_order in kaslr_64.c s390/cio: cio_ignore_proc_seq_next should increase position index watchdog: da9062: do not ping the hw during stop() net: ks8851-ml: Fix 16-bit IO operation net: ks8851-ml: Fix 16-bit data access net: ks8851-ml: Remove 8-bit bus accessors drm/msm/dsi: save pll state before dsi host is powered off drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI drm/msm/mdp5: rate limit pp done timeout warnings usb: gadget: serial: fix Tx stall after buffer overflow usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags usb: gadget: composite: Support more than 500mA MaxPower selftests: fix too long argument serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic RDMA/core: Fix use of logical OR in get_new_pps RDMA/core: Fix pkey and port assignment in get_new_pps net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec EDAC/amd64: Set grain per DIMM x86/mce: Handle varying MCA bank counts vhost: Check docket sk_family instead of call getname audit: always check the netlink payload length in audit_receive_msg() Revert "char/random: silence a lockdep splat with printk()" mm, thp: fix defrag setting if newline is not used mm/huge_memory.c: use head to check huge zero page perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc kprobes: Set unoptimized flag after unoptimizing code drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' tuntap: correctly set SOCKWQ_ASYNC_NOSPACE KVM: Check for a bad hva before dropping into the ghc slow path KVM: SVM: Override default MMIO mask if memory encryption is enabled mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() namei: only return -ECHILD from follow_dotdot_rcu() net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE net: atlantic: fix potential error handling net: netlink: cap max groups which will be considered in netlink_bind() include/linux/bitops.h: introduce BITS_PER_TYPE ecryptfs: Fix up bad backport of fe2e082f5da5b4a0a92ae32978f81507ef37ec66 usb: charger: assign specific number for enum value drm/i915/gvt: Separate display reset from ALL_ENGINES reset i2c: jz4780: silence log flood on txabrt i2c: altera: Fix potential integer overflow MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()' HID: hiddev: Fix race in in hiddev_disconnect() Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs" tracing: Disable trace_printk() on post poned tests HID: core: increase HID report buffer size to 8KiB HID: core: fix off-by-one memset in hid_report_raw_event() HID: ite: Only bind to keyboard USB interface on Acer SW5-012 keyboard dock KVM: VMX: check descriptor table exits on instruction emulation ACPI: watchdog: Fix gas->access_width usage ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro audit: fix error handling in audit_data_to_entry() ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() net: sched: correct flower port blocking qede: Fix race between rdma destroy workqueue and link change event ipv6: Fix route replacement with dev-only route ipv6: Fix nlmsg_flags when splitting a multipath route sctp: move the format error check out of __sctp_sf_do_9_1_abort nfc: pn544: Fix occasional HW initialization failure net: phy: restore mdio regs in the iproc mdio driver net: fib_rules: Correctly set table field when table number exceeds 8 bits sysrq: Remove duplicated sysrq message sysrq: Restore original console_loglevel when sysrq disabled cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE cifs: Fix mode output in debugging statements net: ena: ena-com.c: prevent NULL pointer dereference net: ena: ethtool: use correct value for crc32 hash net: ena: fix incorrectly saving queue numbers when setting RSS indirection table net: ena: rss: store hash function as values and not bits net: ena: rss: fix failure to get indirection table net: ena: fix incorrect default RSS key net: ena: add missing ethtool TX timestamping indication net: ena: fix uses of round_jiffies() net: ena: fix potential crash when rxfh key is NULL qmi_wwan: unconditionally reject 2 ep interfaces qmi_wwan: re-add DW5821e pre-production variant cfg80211: check wiphy driver existence for drvinfo report mac80211: consider more elements in parsing CRC dax: pass NOWAIT flag to iomap_apply drm/msm: Set dma maximum segment size for mdss ipmi:ssif: Handle a possible NULL pointer reference ext4: fix potential race between s_group_info online resizing and access ext4: fix potential race between s_flex_groups online resizing and access ext4: fix potential race between online resizing and write operations netfilter: nf_conntrack: resolve clash for matching conntracks iwlwifi: pcie: fix rb_allocator workqueue allocation FROMLIST: f2fs: fix wrong check on F2FS_IOC_FSSETXATTR UPSTREAM: binder: prevent UAF for binderfs devices II UPSTREAM: binder: prevent UAF for binderfs devices FROMLIST: lib: test_stackinit.c: XFAIL switch variable init tests ANDROID: cuttlefish: disable KPROBES ANDROID: scsi: ufs: allow ufs variants to override sg entry size FROMLIST: ufs: fix a bug on printing PRDT BACKPORT: loop: Add LOOP_SET_BLOCK_SIZE in compat ioctl ANDROID: fix build issue in security/selinux/avc.c ANDROID: cuttlefish_defconfig: Disable CONFIG_RT_GROUP_SCHED ANDROID: Enable HID_NINTENDO as y FROMLIST: HID: nintendo: add nintendo switch controller driver Linux 4.14.172 s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in storage_key_init_range xen: Enable interrupts when calling _cond_resched() ata: ahci: Add shutdown to freeze hardware resources of ahci netfilter: xt_hashlimit: limit the max size of hashtable ALSA: seq: Fix concurrent access to queue current tick/time ALSA: seq: Avoid concurrent access to queue flags ALSA: rawmidi: Avoid bit fields for state flags genirq/proc: Reject invalid affinity masks (again) iommu/vt-d: Fix compile warning from intel-svm.h ecryptfs: replace BUG_ON with error handling code staging: greybus: use after free in gb_audio_manager_remove_all() staging: rtl8723bs: fix copy of overlapping memory usb: gadget: composite: Fix bMaxPower for SuperSpeedPlus scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" scsi: Revert "RDMA/isert: Fix a recently introduced regression related to logout" Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents btrfs: do not check delayed items are empty for single transaction cleanup btrfs: fix bytes_may_use underflow in prealloc error condtition KVM: apic: avoid calculating pending eoi from an uninitialized val KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 KVM: nVMX: Check IO instruction VM-exit conditions KVM: nVMX: Refactor IO bitmap checks into helper function ext4: fix race between writepages and enabling EXT4_EXTENTS_FL ext4: rename s_journal_flag_rwsem to s_writepages_rwsem ext4: fix mount failure with quota configured as module ext4: add cond_resched() to __ext4_find_entry() ext4: fix a data race in EXT4_I(inode)->i_disksize KVM: nVMX: Don't emulate instructions in guest mode lib/stackdepot.c: fix global out-of-bounds in stack_slabs serial: 8250: Check UPF_IRQ_SHARED in advance vt: vt_ioctl: fix race in VT_RESIZEX VT_RESIZEX: get rid of field-by-field copyin xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms KVM: x86: don't notify userspace IOAPIC on edge-triggered interrupt EOI drm/amdgpu/soc15: fix xclk for raven mm/vmscan.c: don't round up scan size for online memory cgroup Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()" MAINTAINERS: Update drm/i915 bug filing URL serdev: ttyport: restore client ops on deregistration tty: serial: imx: setup the correct sg entry for tx dma tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode x86/mce/amd: Fix kobject lifetime x86/mce/amd: Publish the bank pointer only after setup has succeeded staging: rtl8723bs: Fix potential overuse of kernel memory staging: rtl8723bs: Fix potential security hole staging: rtl8188eu: Fix potential overuse of kernel memory staging: rtl8188eu: Fix potential security hole USB: hub: Fix the broken detection of USB3 device in SMSC hub USB: hub: Don't record a connect-change event during reset-resume USB: Fix novation SourceControl XL after suspend usb: uas: fix a plug & unplug racing usb: host: xhci: update event ring dequeue pointer on purpose xhci: fix runtime pm enabling for quirky Intel hosts xhci: Force Maximum Packet size for Full-speed bulk devices to valid range. staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi. staging: android: ashmem: Disallow ashmem memory from being remapped vt: selection, handle pending signals in paste_selection floppy: check FDC index for errors before assigning it USB: misc: iowarrior: add support for the 100 device USB: misc: iowarrior: add support for the 28 and 28L devices USB: misc: iowarrior: add support for 2 OEMed devices thunderbolt: Prevent crash if non-active NVMem file is read net/smc: fix leak of kernel memory to user space net/sched: flower: add missing validation of TCA_FLOWER_FLAGS net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS net: dsa: tag_qca: Make sure there is headroom for tag enic: prevent waking up stopped tx queues over watchdog reset selinux: ensure we cleanup the internal AVC counters on error in avc_update() mlxsw: spectrum_dpipe: Add missing error path virtio_balloon: prevent pfn array overflow help_next should increase position index brd: check and limit max_part par microblaze: Prevent the overflow of the start iwlwifi: mvm: Fix thermal zone registration irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building INVALL bcache: explicity type cast in bset_bkey_last() reiserfs: prevent NULL pointer dereference in reiserfs_insert_item() lib/scatterlist.c: adjust indentation in __sg_alloc_table ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans() radeon: insert 10ms sleep in dce5_crtc_load_lut trigger_next should increase position index ftrace: fpid_next() should increase position index drm/nouveau/disp/nv50-: prevent oops when no channel method map provided irqchip/gic-v3: Only provision redistributors that are enabled in ACPI ceph: check availability of mds cluster on mount after wait timeout cifs: fix NULL dereference in match_prepath iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop hostap: Adjust indentation in prism2_hostapd_add_sta ARM: 8951/1: Fix Kexec compilation issue. jbd2: make sure ESHUTDOWN to be recorded in the journal superblock jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV ALSA: hda - Add docking station support for Lenovo Thinkpad T420s driver core: platform: fix u32 greater or equal to zero comparison s390/ftrace: generate traced function stack frame x86/decoder: Add TEST opcode to Group3-2 ALSA: hda/hdmi - add retry logic to parse_intel_hdmi() irqchip/mbigen: Set driver .suppress_bind_attrs to avoid remove problems remoteproc: Initialize rproc_class before use btrfs: device stats, log when stats are zeroed btrfs: safely advance counter when looking up bio csums btrfs: fix possible NULL-pointer dereference in integrity checks pwm: Remove set but not set variable 'pwm' ide: serverworks: potential overflow in svwks_set_pio_mode() cmd64x: potential buffer overflow in cmd64x_program_timings() pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd f2fs: fix memleak of kobject watchdog/softlockup: Enforce that timestamp is valid on boot arm64: fix alternatives with LLVM's integrated assembler scsi: iscsi: Don't destroy session if there are outstanding connections f2fs: free sysfs kobject iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new() vme: bridges: reduce stack usage driver core: Print device when resources present in really_probe() driver core: platform: Prevent resouce overflow from causing infinite loops tty: synclink_gt: Adjust indentation in several functions tty: synclinkmp: Adjust indentation in several functions ASoC: atmel: fix build error with CONFIG_SND_ATMEL_SOC_DMA=m wan: ixp4xx_hss: fix compile-testing on 64-bit Input: edt-ft5x06 - work around first register access error rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls efi/x86: Don't panic or BUG() on non-critical error conditions soc/tegra: fuse: Correct straps' address for older Tegra124 device trees IB/hfi1: Add software counter for ctxt0 seq drop udf: Fix free space reporting for metadata and virtual partitions usbip: Fix unsafe unaligned pointer usage drm: remove the newline for CRC source name. tools lib api fs: Fix gcc9 stringop-truncation compilation error ALSA: sh: Fix compile warning wrt const ALSA: sh: Fix unused variable warnings clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock RDMA/rxe: Fix error type of mmap_offset pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs PM / devfreq: rk3399_dmc: Add COMPILE_TEST and HAVE_ARM_SMCCC dependency x86/vdso: Provide missing include file dmaengine: Store module owner in dma_device struct ARM: dts: r8a7779: Add device node for ARM global timer drm/mediatek: handle events when enabling/disabling crtc scsi: aic7xxx: Adjust indentation in ahc_find_syncrate scsi: ufs: Complete pending requests in host reset and restore path ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 orinoco: avoid assertion in case of NULL pointer rtlwifi: rtl_pci: Fix -Wcast-function-type iwlegacy: Fix -Wcast-function-type ipw2x00: Fix -Wcast-function-type b43legacy: Fix -Wcast-function-type ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status fore200e: Fix incorrect checks of NULL pointer dereference reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros ARM: dts: imx6: rdu2: Disable WP for USDHC2 and USDHC3 arm64: dts: qcom: msm8996: Disable USB2 PHY suspend by core NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu(). PCI/IOV: Fix memory leak in pci_iov_add_virtfn() net/wan/fsl_ucc_hdlc: reject muram offsets above 64K regulator: rk808: Lower log level on optional GPIOs being not available drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table clk: qcom: rcg2: Don't crash if our parent can't be found; return an error kconfig: fix broken dependency in randconfig-generated .config KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups nbd: add a flush_workqueue in nbd_start_device ext4, jbd2: ensure panic when aborting with zero errno tracing: Fix very unlikely race of registering two stat tracers tracing: Fix tracing_stat return values in error handling paths x86/sysfb: Fix check for bad VRAM size jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal kselftest: Minimise dependency of get_size on C library interfaces clocksource/drivers/bcm2835_timer: Fix memory leak of timer usb: dwc2: Fix IN FIFO allocation usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol() sparc: Add .exit.data section. MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init() efi/x86: Map the entire EFI vendor string before copying it pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() char/random: silence a lockdep splat with printk() gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number media: i2c: mt9v032: fix enum mbus codes and frame sizes pxa168fb: Fix the function used to release some memory in an error handling path pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs gianfar: Fix TX timestamping with a stacked DSA driver ALSA: ctl: allow TLV read operation for callback type of element in locked case ext4: fix ext4_dax_read/write inode locking sequence for IOCB_NOWAIT leds: pca963x: Fix open-drain initialization brcmfmac: Fix use after free in brcmf_sdio_readframes() cpu/hotplug, stop_machine: Fix stop_machine vs hotplug order drm/gma500: Fixup fbdev stolen size usage evaluation KVM: nVMX: Use correct root level for nested EPT shadow page tables Revert "KVM: VMX: Add non-canonical check on writes to RTIT address MSRs" Revert "KVM: nVMX: Use correct root level for nested EPT shadow page tables" scsi: qla2xxx: fix a potential NULL pointer dereference jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer jbd2: move the clearing of b_modified flag to the journal_unmap_buffer() hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions. perf/x86/intel: Fix inaccurate period in context switch for auto-reload s390/time: Fix clk type in get_tod_clock RDMA/core: Fix protection fault in get_pkey_idx_qp_list IB/hfi1: Close window for pq and request coliding serial: imx: Only handle irqs that are actually enabled serial: imx: ensure that RX irqs are off if RX is off padata: Remove broken queue flushing perf/x86/amd: Add missing L2 misses event spec to AMD Family 17h's event map KVM: nVMX: Use correct root level for nested EPT shadow page tables arm64: ssbs: Fix context-switch when SSBS is present on all CPUs btrfs: log message when rw remount is attempted with unclean tree-log btrfs: print message when tree-log replay starts Btrfs: fix race between using extent maps and merging them ext4: improve explanation of a mount failure caused by a misconfigured kernel ext4: fix checksum errors with indexed dirs ext4: fix support for inode sizes > 1024 bytes ext4: don't assume that mmp_nodename/bdevname have NUL ARM: 8723/2: always assume the "unified" syntax for assembly code arm64: nofpsimd: Handle TIF_FOREIGN_FPSTATE flag cleanly arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly ALSA: usb-audio: Apply sample rate quirk for Audioengine D1 Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list Input: synaptics - enable SMBus on ThinkPad L470 Input: synaptics - switch T470s to RMI4 by default ecryptfs: fix a memory leak bug in ecryptfs_init_messaging() ecryptfs: fix a memory leak bug in parse_tag_1_packet() ASoC: sun8i-codec: Fix setting DAI data format ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs iommu/qcom: Fix bogus detach logic KVM: x86: emulate RDPID UPSTREAM: sched/psi: Fix OOB write when writing 0 bytes to PSI files UPSTREAM: psi: Fix a division error in psi poll() UPSTREAM: sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime UPSTREAM: sched/psi: Correct overly pessimistic size calculation FROMLIST: f2fs: Handle casefolding with Encryption FROMLIST: fscrypt: Have filesystems handle their d_ops FROMLIST: ext4: Use generic casefolding support FROMLIST: f2fs: Use generic casefolding support FROMLIST: Add standard casefolding support FROMLIST: unicode: Add utf8_casefold_hash ANDROID: cuttlefish_defconfig: Add CONFIG_UNICODE ANDROID: sdcardfs: fix -ENOENT lookup race issue ANDROID: gki_defconfig: Enable CONFIG_RD_LZ4 ANDROID: dm: Add wrapped key support in dm-default-key ANDROID: dm: add support for passing through derive_raw_secret ANDROID: block: Prevent crypto fallback for wrapped keys ANDROID: Disable wq fp check in CFI builds ANDROID: increase limit on sched-tune boost groups ANDROID: ufs, block: fix crypto power management and move into block layer ANDROID: Incremental fs: Support xattrs ANDROID: test_stackinit: work around LLVM PR44916 ANDROID: clang: update to 10.0.4 fs-verity: use u64_to_user_ptr() fs-verity: use mempool for hash requests fs-verity: implement readahead of Merkle tree pages ext4: readpages() should submit IO as read-ahead fs-verity: implement readahead for FS_IOC_ENABLE_VERITY fscrypt: improve format of no-key names ubifs: allow both hash and disk name to be provided in no-key names ubifs: don't trigger assertion on invalid no-key filename fscrypt: clarify what is meant by a per-file key fscrypt: derive dirhash key for casefolded directories fscrypt: don't allow v1 policies with casefolding fscrypt: add "fscrypt_" prefix to fname_encrypt() fscrypt: don't print name of busy file when removing key fscrypt: document gfp_flags for bounce page allocation fscrypt: optimize fscrypt_zeroout_range() fscrypt: remove redundant bi_status check fscrypt: Allow modular crypto algorithms fscrypt: include <linux/ioctl.h> in UAPI header fscrypt: don't check for ENOKEY from fscrypt_get_encryption_info() fscrypt: remove fscrypt_is_direct_key_policy() fscrypt: move fscrypt_valid_enc_modes() to policy.c fscrypt: check for appropriate use of DIRECT_KEY flag earlier fscrypt: split up fscrypt_supported_policy() by policy version fscrypt: introduce fscrypt_needs_contents_encryption() fscrypt: move fscrypt_d_revalidate() to fname.c fscrypt: constify inode parameter to filename encryption functions fscrypt: constify struct fscrypt_hkdf parameter to fscrypt_hkdf_expand() fscrypt: verify that the crypto_skcipher has the correct ivsize fscrypt: use crypto_skcipher_driver_name() fscrypt: support passing a keyring key to FS_IOC_ADD_ENCRYPTION_KEY keys: Export lookup_user_key to external users f2fs: fix build error on PAGE_KERNEL_RO Conflicts: arch/arm64/kernel/smp.c arch/arm64/kernel/traps.c block/blk-crypto-fallback.c block/keyslot-manager.c drivers/base/power/wakeup.c drivers/clk/clk.c drivers/clk/qcom/clk-rcg2.c drivers/gpu/Makefile drivers/gpu/drm/msm/msm_drv.c drivers/gpu/drm/msm/msm_gem.c drivers/hwtracing/coresight/coresight-funnel.c drivers/irqchip/irq-gic-v3.c drivers/md/dm.c drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c drivers/net/macsec.c drivers/net/phy/micrel.c drivers/net/wireless/ath/wil6210/cfg80211.c drivers/net/wireless/ath/wil6210/fw_inc.c drivers/net/wireless/ath/wil6210/pcie_bus.c drivers/net/wireless/ath/wil6210/pm.c drivers/net/wireless/ath/wil6210/wil6210.h drivers/of/base.c drivers/power/supply/power_supply_sysfs.c drivers/rpmsg/qcom_glink_smem.c drivers/scsi/sd.c drivers/scsi/ufs/ufshcd-crypto.c drivers/scsi/ufs/ufshcd.c drivers/scsi/ufs/ufshcd.h drivers/scsi/ufs/ufshci.h drivers/usb/dwc3/core.c drivers/usb/dwc3/gadget.c drivers/usb/gadget/Kconfig drivers/usb/gadget/composite.c drivers/usb/gadget/function/f_fs.c drivers/usb/gadget/legacy/Makefile drivers/usb/host/xhci-mem.c fs/ext4/readpage.c fs/sdcardfs/lookup.c include/linux/key.h include/linux/keyslot-manager.h include/linux/power_supply.h include/uapi/linux/coresight-stm.h net/qrtr/qrtr.c Change-Id: Iaa9fcbe987e721f02596e167249a519781ed3888 Signed-off-by: Srinivasarao P <spathi@codeaurora.org>	2020-08-05 11:41:56 +05:30
Blagovest Kolenichev	8ad87c80a2	Merge android-4.14.151 (2bb70f4) into msm-4.14 ... * refs/heads/tmp-2bb70f4: ANDROID: virtio: virtio_input: Set the amount of multitouch slots in virtio input ANDROID: dummy_cpufreq: Implement get() rtlwifi: Fix potential overflow on P2P code ANDROID: cpufreq: create dummy cpufreq driver ANDROID: Allow DRM_IOCTL_MODE_*_DUMB for render clients. ANDROID: sdcardfs: evict dentries on fscrypt key removal ANDROID: fscrypt: add key removal notifier chain ANDROID: Move from clang r353983c to r365631c ANDROID: move up spin_unlock_bh() ahead of remove_proc_entry() BACKPORT: arm64: tags: Preserve tags for addresses translated via TTBR1 UPSTREAM: arm64: memory: Implement __tag_set() as common function UPSTREAM: arm64/mm: fix variable 'tag' set but not used UPSTREAM: arm64: avoid clang warning about self-assignment ANDROID: refactor build.config files to remove duplication UPSTREAM: mm: vmalloc: show number of vmalloc pages in /proc/meminfo BACKPORT: PM/sleep: Expose suspend stats in sysfs UPSTREAM: power: supply: Init device wakeup after device_add() UPSTREAM: PM / wakeup: Unexport wakeup_source_sysfs_{add,remove}() UPSTREAM: PM / wakeup: Register wakeup class kobj after device is added BACKPORT: PM / wakeup: Fix sysfs registration error path BACKPORT: PM / wakeup: Show wakeup sources stats in sysfs UPSTREAM: PM / wakeup: Print warn if device gets enabled as wakeup source during sleep UPSTREAM: PM / wakeup: Use wakeup_source_register() in wakelock.c UPSTREAM: PM / wakeup: Only update last time for active wakeup sources UPSTREAM: PM / core: Add support to skip power management in device/driver model cuttlefish-4.14: Enable CONFIG_DM_SNAPSHOT ANDROID: cuttlefish_defconfig: Enable BPF_JIT and BPF_JIT_ALWAYS_ON UPSTREAM: netfilter: xt_IDLETIMER: fix sysfs callback function type UPSTREAM: mm: untag user pointers in mmap/munmap/mremap/brk UPSTREAM: vfio/type1: untag user pointers in vaddr_get_pfn UPSTREAM: media/v4l2-core: untag user pointers in videobuf_dma_contig_user_get UPSTREAM: drm/radeon: untag user pointers in radeon_gem_userptr_ioctl BACKPORT: drm/amdgpu: untag user pointers UPSTREAM: userfaultfd: untag user pointers UPSTREAM: fs/namespace: untag user pointers in copy_mount_options UPSTREAM: mm: untag user pointers in get_vaddr_frames UPSTREAM: mm: untag user pointers in mm/gup.c BACKPORT: mm: untag user pointers passed to memory syscalls BACKPORT: lib: untag user pointers in strn*_user UPSTREAM: arm64: Fix reference to docs for ARM64_TAGGED_ADDR_ABI UPSTREAM: selftests, arm64: add kernel headers path for tags_test BACKPORT: arm64: Relax Documentation/arm64/tagged-pointers.rst UPSTREAM: arm64: Define Documentation/arm64/tagged-address-abi.rst UPSTREAM: arm64: Change the tagged_addr sysctl control semantics to only prevent the opt-in UPSTREAM: arm64: Tighten the PR_{SET, GET}_TAGGED_ADDR_CTRL prctl() unused arguments UPSTREAM: selftests, arm64: fix uninitialized symbol in tags_test.c UPSTREAM: arm64: mm: Really fix sparse warning in untagged_addr() UPSTREAM: selftests, arm64: add a selftest for passing tagged pointers to kernel BACKPORT: arm64: Introduce prctl() options to control the tagged user addresses ABI UPSTREAM: thread_info: Add update_thread_flag() helpers UPSTREAM: arm64: untag user pointers in access_ok and __uaccess_mask_ptr UPSTREAM: uaccess: add noop untagged_addr definition BACKPORT: block: annotate refault stalls from IO submission ext4: add verity flag check for dax ANDROID: usb: gadget: Fix dependency for f_accessory ANDROID: sched: fair: balance for single core cluster UPSTREAM: mm/kasan: fix false positive invalid-free reports with CONFIG_KASAN_SW_TAGS=y f2fs: add a condition to detect overflow in f2fs_ioc_gc_range() f2fs: fix to add missing F2FS_IO_ALIGNED() condition f2fs: fix to fallback to buffered IO in IO aligned mode f2fs: fix to handle error path correctly in f2fs_map_blocks f2fs: fix extent corrupotion during directIO in LFS mode f2fs: check all the data segments against all node ones f2fs: Add a small clarification to CONFIG_FS_F2FS_FS_SECURITY f2fs: fix inode rwsem regression f2fs: fix to avoid accessing uninitialized field of inode page in is_alive() f2fs: avoid infinite GC loop due to stale atomic files f2fs: Fix indefinite loop in f2fs_gc() f2fs: convert inline_data in prior to i_size_write f2fs: fix error path of f2fs_convert_inline_page() f2fs: add missing documents of reserve_root/resuid/resgid f2fs: fix flushing node pages when checkpoint is disabled f2fs: enhance f2fs_is_checkpoint_ready()'s readability f2fs: clean up __bio_alloc()'s parameter f2fs: fix wrong error injection path in inc_valid_block_count() f2fs: fix to writeout dirty inode during node flush f2fs: optimize case-insensitive lookups f2fs: introduce f2fs_match_name() for cleanup f2fs: Fix indefinite loop in f2fs_gc() f2fs: allocate memory in batch in build_sit_info() f2fs: fix to avoid data corruption by forbidding SSR overwrite f2fs: Fix build error while CONFIG_NLS=m Revert "f2fs: avoid out-of-range memory access" f2fs: cleanup the code in build_sit_entries. f2fs: fix wrong available node count calculation f2fs: remove duplicate code in f2fs_file_write_iter f2fs: fix to migrate blocks correctly during defragment f2fs: use wrapped f2fs_cp_error() f2fs: fix to use more generic EOPNOTSUPP f2fs: use wrapped IS_SWAPFILE() f2fs: Support case-insensitive file name lookups f2fs: include charset encoding information in the superblock fs: Reserve flag for casefolding f2fs: fix to avoid call kvfree under spinlock fs: f2fs: Remove unnecessary checks of SM_I(sbi) in update_general_status() f2fs: disallow direct IO in atomic write f2fs: fix to handle quota_{on,off} correctly f2fs: fix to detect cp error in f2fs_setxattr() f2fs: fix to spread f2fs_is_checkpoint_ready() f2fs: support fiemap() for directory inode f2fs: fix to avoid discard command leak f2fs: fix to avoid tagging SBI_QUOTA_NEED_REPAIR incorrectly f2fs: fix to drop meta/node pages during umount f2fs: disallow switching io_bits option during remount f2fs: fix panic of IO alignment feature f2fs: introduce {page,io}_is_mergeable() for readability f2fs: fix livelock in swapfile writes f2fs: add fs-verity support ext4: update on-disk format documentation for fs-verity ext4: add fs-verity read support ext4: add basic fs-verity support fs-verity: support builtin file signatures fs-verity: add SHA-512 support fs-verity: implement FS_IOC_MEASURE_VERITY ioctl fs-verity: implement FS_IOC_ENABLE_VERITY ioctl fs-verity: add data verification hooks for ->readpages() fs-verity: add the hook for file ->setattr() fs-verity: add the hook for file ->open() fs-verity: add inode and superblock fields fs-verity: add Kconfig and the helper functions for hashing fs: uapi: define verity bit for FS_IOC_GETFLAGS fs-verity: add UAPI header fs-verity: add MAINTAINERS file entry fs-verity: add a documentation file ext4: fix kernel oops caused by spurious casefold flag ext4: fix coverity warning on error path of filename setup ext4: optimize case-insensitive lookups ext4: fix dcache lookup of !casefolded directories unicode: update to Unicode 12.1.0 final unicode: add missing check for an error return from utf8lookup() ext4: export /sys/fs/ext4/feature/casefold if Unicode support is present unicode: refactor the rule for regenerating utf8data.h ext4: Support case-insensitive file name lookups ext4: include charset encoding information in the superblock unicode: update unicode database unicode version 12.1.0 unicode: introduce test module for normalized utf8 implementation unicode: implement higher level API for string handling unicode: reduce the size of utf8data[] unicode: introduce code for UTF-8 normalization unicode: introduce UTF-8 character database ext4 crypto: fix to check feature status before get policy fscrypt: document the new ioctls and policy version ubifs: wire up new fscrypt ioctls f2fs: wire up new fscrypt ioctls ext4: wire up new fscrypt ioctls fscrypt: require that key be added when setting a v2 encryption policy fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS ioctl fscrypt: allow unprivileged users to add/remove keys for v2 policies fscrypt: v2 encryption policy support fscrypt: add an HKDF-SHA512 implementation fscrypt: add FS_IOC_GET_ENCRYPTION_KEY_STATUS ioctl fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl fscrypt: add FS_IOC_ADD_ENCRYPTION_KEY ioctl fscrypt: rename keyinfo.c to keysetup.c fscrypt: move v1 policy key setup to keysetup_v1.c fscrypt: refactor key setup code in preparation for v2 policies fscrypt: rename fscrypt_master_key to fscrypt_direct_key fscrypt: add ->ci_inode to fscrypt_info fscrypt: use FSCRYPT_* definitions, not FS_* fscrypt: use FSCRYPT_ prefix for uapi constants fs, fscrypt: move uapi definitions to new header <linux/fscrypt.h> fscrypt: use ENOPKG when crypto API support missing fscrypt: improve warnings for missing crypto API support fscrypt: improve warning messages for unsupported encryption contexts fscrypt: make fscrypt_msg() take inode instead of super_block fscrypt: clean up base64 encoding/decoding fscrypt: remove loadable module related code ANDROID: arm64: bpf: implement arch_bpf_jit_check_func ANDROID: bpf: validate bpf_func when BPF_JIT is enabled with CFI UPSTREAM: kcm: use BPF_PROG_RUN UPSTREAM: psi: get poll_work to run when calling poll syscall next time UPSTREAM: sched/psi: Do not require setsched permission from the trigger creator UPSTREAM: sched/psi: Reduce psimon FIFO priority BACKPORT: arm64: Add support for relocating the kernel with RELR relocations ANDROID: Log which device failed to suspend in dpm_suspend_start() ANDROID: Revert "ANDROID: sched: Disallow WALT with CFS bandwidth control" ANDROID: sched: WALT: Add support for CFS_BANDWIDTH ANDROID: sched: WALT: Refactor cumulative runnable average fixup ANDROID: sched: Disallow WALT with CFS bandwidth control fscrypt: document testing with xfstests fscrypt: remove selection of CONFIG_CRYPTO_SHA256 fscrypt: remove unnecessary includes of ratelimit.h fscrypt: don't set policy for a dead directory fscrypt: decrypt only the needed blocks in __fscrypt_decrypt_bio() fscrypt: support decrypting multiple filesystem blocks per page fscrypt: introduce fscrypt_decrypt_block_inplace() fscrypt: handle blocksize < PAGE_SIZE in fscrypt_zeroout_range() fscrypt: support encrypting multiple filesystem blocks per page fscrypt: introduce fscrypt_encrypt_block_inplace() fscrypt: clean up some BUG_ON()s in block encryption/decryption fscrypt: rename fscrypt_do_page_crypto() to fscrypt_crypt_block() fscrypt: remove the "write" part of struct fscrypt_ctx fscrypt: simplify bounce page handling ANDROID: fiq_debugger: remove UPSTREAM: lib/test_meminit.c: use GFP_ATOMIC in RCU critical section UPSTREAM: mm: slub: Fix slab walking for init_on_free UPSTREAM: lib/test_meminit.c: minor test fixes UPSTREAM: lib/test_meminit.c: fix -Wmaybe-uninitialized false positive UPSTREAM: lib: introduce test_meminit module UPSTREAM: mm: init: report memory auto-initialization features at boot time BACKPORT: mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options UPSTREAM: arm64: move jump_label_init() before parse_early_param() ANDROID: Add a tracepoint for mapping inode to full path BACKPORT: arch: add pidfd and io_uring syscalls everywhere UPSTREAM: dma-buf: add show_fdinfo handler UPSTREAM: dma-buf: add DMA_BUF_SET_NAME ioctls BACKPORT: dma-buf: give each buffer a full-fledged inode ANDROID: fix kernelci build-break UPSTREAM: drm/virtio: Fix cache entry creation race. UPSTREAM: drm/virtio: Wake up all waiters when capset response comes in. UPSTREAM: drm/virtio: Ensure cached capset entries are valid before copying. UPSTREAM: drm/virtio: use u64_to_user_ptr macro UPSTREAM: drm/virtio: remove irrelevant DRM_UNLOCKED flag UPSTREAM: drm/virtio: Remove redundant return type UPSTREAM: drm/virtio: allocate fences with GFP_KERNEL UPSTREAM: drm/virtio: add trace events for commands UPSTREAM: drm/virtio: trace drm_fence_emit BACKPORT: drm/virtio: set seqno for dma-fence BACKPORT: drm/virtio: move drm_connector_update_edid_property() call UPSTREAM: drm/virtio: add missing drm_atomic_helper_shutdown() call. BACKPORT: drm/virtio: rework resource creation workflow. UPSTREAM: drm/virtio: params struct for virtio_gpu_cmd_create_resource_3d() BACKPORT: drm/virtio: params struct for virtio_gpu_cmd_create_resource() BACKPORT: drm/virtio: use struct to pass params to virtio_gpu_object_create() UPSTREAM: drm/virtio: add virtio-gpu-features debugfs file. UPSTREAM: drm/virtio: remove set but not used variable 'vgdev' BACKPORT: drm/virtio: implement prime export UPSTREAM: drm/virtio: remove prime pin/unpin callbacks. UPSTREAM: drm/virtio: implement prime mmap UPSTREAM: drm/virtio: drop virtio_gpu_fence_cleanup() UPSTREAM: drm/virtio: fix pageflip flush UPSTREAM: drm/virtio: log error responses UPSTREAM: drm/virtio: Add missing virtqueue reset UPSTREAM: drm/virtio: Remove incorrect kfree() UPSTREAM: drm/virtio: virtio_gpu_cmd_resource_create_3d: drop unused fence arg UPSTREAM: drm/virtio: fence: pass plain pointer BACKPORT: drm/virtio: add edid support UPSTREAM: virtio-gpu: add VIRTIO_GPU_F_EDID feature BACKPORT: drm/virtio: fix memory leak of vfpriv on error return path UPSTREAM: drm/virtio: bump driver version after explicit synchronization addition UPSTREAM: drm/virtio: add in/out fence support for explicit synchronization UPSTREAM: drm/virtio: add uapi for in and out explicit fences UPSTREAM: drm/virtio: add virtio_gpu_alloc_fence() UPSTREAM: drm/virtio: Handle error from virtio_gpu_resource_id_get UPSTREAM: gpu/drm/virtio/virtgpu_vq.c: Use kmem_cache_zalloc UPSTREAM: drm/virtio: fix resource id handling UPSTREAM: drm/virtio: drop resource_id argument. UPSTREAM: drm/virtio: use virtio_gpu_object->hw_res_handle in virtio_gpu_resource_create_ioctl() UPSTREAM: drm/virtio: use virtio_gpu_object->hw_res_handle in virtio_gpu_mode_dumb_create() UPSTREAM: drm/virtio: use virtio_gpu_object->hw_res_handle in virtio_gpufb_create() BACKPORT: drm/virtio: track created object state UPSTREAM: drm/virtio: document drm_dev_set_unique workaround UPSTREAM: virtio: Support prime objects vmap/vunmap UPSTREAM: virtio: Rework virtio_gpu_object_kmap() UPSTREAM: virtio: Add virtio_gpu_object_kunmap() UPSTREAM: drm/virtio: pass virtio_gpu_object to virtio_gpu_cmd_transfer_to_host_{2d, 3d} UPSTREAM: drm/virtio: add dma sync for dma mapped virtio gpu framebuffer pages UPSTREAM: drm/virtio: Remove set but not used variable 'bo' UPSTREAM: drm/virtio: add iommu support. UPSTREAM: drm/virtio: add virtio_gpu_object_detach() function UPSTREAM: drm/virtio: track virtual output state UPSTREAM: drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() UPSTREAM: gpu: drm: virtio: code cleanup UPSTREAM: drm/virtio: Place GEM BOs in drm_framebuffer UPSTREAM: drm/virtio: fix mode_valid's return type UPSTREAM: drm/virtio: Add spaces around operators UPSTREAM: drm/virtio: Remove multiple blank lines UPSTREAM: drm/virtio: Replace 'unsigned' for 'unsigned int' UPSTREAM: drm/virtio: Remove return from void function UPSTREAM: drm/virtio: Add */ in block comments to separate line UPSTREAM: drm/virtio: Add blank line after variable declarations UPSTREAM: drm/virtio: Add tabs at the start of a line UPSTREAM: drm/virtio: Don't return invalid caps on timeout UPSTREAM: virtgpu: remove redundant task_comm copying UPSTREAM: drm/virtio: add create_handle support. UPSTREAM: drm: virtio: replace reference/unreference with get/put UPSTREAM: drm/virtio: Replace instances of reference/unreference with get/put UPSTREAM: drm: byteorder: add DRM_FORMAT_HOST_* UPSTREAM: drm: add drm_connector_attach_edid_property() BACKPORT: drm/prime: Add drm_gem_prime_mmap() f2fs: fix build error on android tracepoints ANDROID: cuttlefish_defconfig: Enable CAN/VCAN UPSTREAM: pidfd: fix a poll race when setting exit_state BACKPORT: arch: wire-up pidfd_open() BACKPORT: pid: add pidfd_open() UPSTREAM: pidfd: add polling support UPSTREAM: signal: improve comments UPSTREAM: fork: do not release lock that wasn't taken BACKPORT: signal: support CLONE_PIDFD with pidfd_send_signal BACKPORT: clone: add CLONE_PIDFD UPSTREAM: Make anon_inodes unconditional UPSTREAM: signal: use fdget() since we don't allow O_PATH UPSTREAM: signal: don't silently convert SI_USER signals to non-current pidfd BACKPORT: signal: add pidfd_send_signal() syscall UPSTREAM: net-ipv6-ndisc: add support for RFC7710 RA Captive Portal Identifier ANDROID: fix up 9p filesystem due to CFI non-upstream patches f2fs: use EINVAL for superblock with invalid magic f2fs: fix to read source block before invalidating it f2fs: remove redundant check from f2fs_setflags_common() f2fs: use generic checking function for FS_IOC_FSSETXATTR f2fs: use generic checking and prep function for FS_IOC_SETFLAGS ubifs, fscrypt: cache decrypted symlink target in ->i_link vfs: use READ_ONCE() to access ->i_link fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory ANDROID: (arm64) cuttlefish_defconfig: enable CONFIG_CPU_FREQ_TIMES ANDROID: xfrm: remove in_compat_syscall() checks ANDROID: enable CONFIG_RTC_DRV_TEST on cuttlefish UPSTREAM: binder: Set end of SG buffer area properly. ANDROID: x86_64_cuttlefish_defconfig: enable CONFIG_CPU_FREQ_TIMES ANDROID: f2fs: add android fsync tracepoint ANDROID: f2fs: fix wrong android tracepoint fscrypt: cache decrypted symlink target in ->i_link fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext fscrypt: only set dentry_operations on ciphertext dentries fscrypt: fix race allowing rename() and link() of ciphertext dentries fscrypt: clean up and improve dentry revalidation fscrypt: use READ_ONCE() to access ->i_crypt_info fscrypt: remove WARN_ON_ONCE() when decryption fails fscrypt: drop inode argument from fscrypt_get_ctx() f2fs: improve print log in f2fs_sanity_check_ckpt() f2fs: avoid out-of-range memory access f2fs: fix to avoid long latency during umount f2fs: allow all the users to pin a file f2fs: support swap file w/ DIO f2fs: allocate blocks for pinned file f2fs: fix is_idle() check for discard type f2fs: add a rw_sem to cover quota flag changes f2fs: set SBI_NEED_FSCK for xattr corruption case f2fs: use generic EFSBADCRC/EFSCORRUPTED f2fs: Use DIV_ROUND_UP() instead of open-coding f2fs: print kernel message if filesystem is inconsistent f2fs: introduce f2fs_<level> macros to wrap f2fs_printk() f2fs: avoid get_valid_blocks() for cleanup f2fs: ioctl for removing a range from F2FS f2fs: only set project inherit bit for directory f2fs: separate f2fs i_flags from fs_flags and ext4 i_flags UPSTREAM: kasan: initialize tag to 0xff in __kasan_kmalloc UPSTREAM: x86/boot: Provide KASAN compatible aliases for string routines UPSTREAM: mm/kasan: Remove the ULONG_MAX stack trace hackery UPSTREAM: x86/uaccess, kasan: Fix KASAN vs SMAP UPSTREAM: x86/uaccess: Introduce user_access_{save,restore}() UPSTREAM: kasan: fix variable 'tag' set but not used warning UPSTREAM: Revert "x86_64: Increase stack size for KASAN_EXTRA" UPSTREAM: kasan: fix coccinelle warnings in kasan_p*_table UPSTREAM: kasan: fix kasan_check_read/write definitions BACKPORT: kasan: remove use after scope bugs detection. BACKPORT: kasan: turn off asan-stack for clang-8 and earlier UPSTREAM: slub: fix a crash with SLUB_DEBUG + KASAN_SW_TAGS UPSTREAM: kasan, slab: remove redundant kasan_slab_alloc hooks UPSTREAM: kasan, slab: make freelist stored without tags UPSTREAM: kasan, slab: fix conflicts with CONFIG_HARDENED_USERCOPY UPSTREAM: kasan: prevent tracing of tags.c UPSTREAM: kasan: fix random seed generation for tag-based mode UPSTREAM: slub: fix SLAB_CONSISTENCY_CHECKS + KASAN_SW_TAGS UPSTREAM: kasan, slub: fix more conflicts with CONFIG_SLAB_FREELIST_HARDENED UPSTREAM: kasan, slub: fix conflicts with CONFIG_SLAB_FREELIST_HARDENED UPSTREAM: kasan, slub: move kasan_poison_slab hook before page_address UPSTREAM: kasan, kmemleak: pass tagged pointers to kmemleak UPSTREAM: kasan: fix assigning tags twice UPSTREAM: kasan: mark file common so ftrace doesn't trace it UPSTREAM: kasan, arm64: remove redundant ARCH_SLAB_MINALIGN define UPSTREAM: kasan: fix krealloc handling for tag-based mode UPSTREAM: kasan: make tag based mode work with CONFIG_HARDENED_USERCOPY UPSTREAM: kasan, arm64: use ARCH_SLAB_MINALIGN instead of manual aligning BACKPORT: mm/memblock.c: skip kmemleak for kasan_init() UPSTREAM: kasan: add SPDX-License-Identifier mark to source files BACKPORT: kasan: update documentation UPSTREAM: kasan, arm64: select HAVE_ARCH_KASAN_SW_TAGS UPSTREAM: kasan: add __must_check annotations to kasan hooks BACKPORT: kasan, mm, arm64: tag non slab memory allocated via pagealloc UPSTREAM: kasan, arm64: add brk handler for inline instrumentation UPSTREAM: kasan: add hooks implementation for tag-based mode UPSTREAM: mm: move obj_to_index to include/linux/slab_def.h UPSTREAM: kasan: add bug reporting routines for tag-based mode UPSTREAM: kasan: split out generic_report.c from report.c UPSTREAM: kasan, mm: perform untagged pointers comparison in krealloc BACKPORT: kasan, arm64: enable top byte ignore for the kernel BACKPORT: kasan, arm64: fix up fault handling logic UPSTREAM: kasan: preassign tags to objects with ctors or SLAB_TYPESAFE_BY_RCU UPSTREAM: kasan, arm64: untag address in _virt_addr_is_linear UPSTREAM: kasan: add tag related helper functions BACKPORT: arm64: move untagged_addr macro from uaccess.h to memory.h BACKPORT: kasan: initialize shadow to 0xff for tag-based mode BACKPORT: kasan: rename kasan_zero_page to kasan_early_shadow_page BACKPORT: kasan, arm64: adjust shadow size for tag-based mode BACKPORT: kasan: add CONFIG_KASAN_GENERIC and CONFIG_KASAN_SW_TAGS UPSTREAM: kasan: rename source files to reflect the new naming scheme BACKPORT: kasan: move common generic and tag-based code to common.c UPSTREAM: kasan, slub: handle pointer tags in early_kmem_cache_node_alloc UPSTREAM: kasan, mm: change hooks signatures UPSTREAM: arm64: add EXPORT_SYMBOL_NOKASAN() BACKPORT: compiler: remove __no_sanitize_address_or_inline again UPSTREAM: mm/kasan/quarantine.c: make quarantine_lock a raw_spinlock_t UPSTREAM: lib/test_kasan.c: add tests for several string/memory API functions UPSTREAM: arm64: lib: use C string functions with KASAN enabled UPSTREAM: compiler: introduce __no_sanitize_address_or_inline UPSTREAM: arm64: Fix typo in a comment in arch/arm64/mm/kasan_init.c BACKPORT: kernel/memremap, kasan: make ZONE_DEVICE with work with KASAN BACKPORT: mm/mempool.c: remove unused argument in kasan_unpoison_element() and remove_element() UPSTREAM: kasan: only select SLUB_DEBUG with SYSFS=y UPSTREAM: kasan: depend on CONFIG_SLUB_DEBUG UPSTREAM: KASAN: prohibit KASAN+STRUCTLEAK combination UPSTREAM: arm64: kasan: avoid pfn_to_nid() before page array is initialized UPSTREAM: kasan: fix invalid-free test crashing the kernel UPSTREAM: kasan, slub: fix handling of kasan_slab_free hook UPSTREAM: slab, slub: skip unnecessary kasan_cache_shutdown() BACKPORT: kasan: make kasan_cache_create() work with 32-bit slab cache sizes UPSTREAM: locking/atomics: Instrument cmpxchg_double*() UPSTREAM: locking/atomics: Instrument xchg() UPSTREAM: locking/atomics: Simplify cmpxchg() instrumentation UPSTREAM: locking/atomics/x86: Reduce arch_cmpxchg64*() instrumentation UPSTREAM: locking/atomic, asm-generic, x86: Add comments for atomic instrumentation UPSTREAM: locking/atomic, asm-generic: Add KASAN instrumentation to atomic operations UPSTREAM: locking/atomic/x86: Switch atomic.h to use atomic-instrumented.h UPSTREAM: locking/atomic, asm-generic: Add asm-generic/atomic-instrumented.h BACKPORT: kasan, arm64: clean up KASAN_SHADOW_SCALE_SHIFT usage UPSTREAM: kasan: clean up KASAN_SHADOW_SCALE_SHIFT usage UPSTREAM: kasan: fix prototype author email address UPSTREAM: kasan: detect invalid frees UPSTREAM: kasan: unify code between kasan_slab_free() and kasan_poison_kfree() UPSTREAM: kasan: detect invalid frees for large mempool objects UPSTREAM: kasan: don't use __builtin_return_address(1) UPSTREAM: kasan: detect invalid frees for large objects UPSTREAM: kasan: add functions for unpoisoning stack variables UPSTREAM: kasan: add tests for alloca poisoning UPSTREAM: kasan: support alloca() poisoning UPSTREAM: kasan/Makefile: support LLVM style asan parameters BACKPORT: kasan: add compiler support for clang BACKPORT: fs: dcache: Revert "manually unpoison dname after allocation to shut up kasan's reports" UPSTREAM: fs/dcache: Use read_word_at_a_time() in dentry_string_cmp() UPSTREAM: lib/strscpy: Shut up KASAN false-positives in strscpy() UPSTREAM: compiler.h: Add read_word_at_a_time() function. UPSTREAM: compiler.h, kasan: Avoid duplicating __read_once_size_nocheck() UPSTREAM: arm64/mm/kasan: don't use vmemmap_populate() to initialize shadow UPSTREAM: Documentation/features/KASAN: mark KASAN as supported only on 64-bit on x86 f2fs: Add option to limit required GC for checkpoint=disable f2fs: Fix accounting for unusable blocks f2fs: Fix root reserved on remount f2fs: Lower threshold for disable_cp_again f2fs: fix sparse warning f2fs: fix f2fs_show_options to show nodiscard mount option f2fs: add error prints for debugging mount failure f2fs: fix to do sanity check on segment bitmap of LFS curseg f2fs: add missing sysfs entries in documentation f2fs: fix to avoid deadloop if data_flush is on f2fs: always assume that the device is idle under gc_urgent f2fs: add bio cache for IPU f2fs: allow ssr block allocation during checkpoint=disable period f2fs: fix to check layout on last valid checkpoint park Conflicts: arch/arm64/configs/cuttlefish_defconfig arch/arm64/include/asm/memory.h arch/arm64/include/asm/thread_info.h arch/x86/configs/x86_64_cuttlefish_defconfig build.config.common drivers/dma-buf/dma-buf.c fs/crypto/Makefile fs/crypto/bio.c fs/crypto/fscrypt_private.h fs/crypto/keyinfo.c fs/ext4/page-io.c fs/f2fs/data.c fs/f2fs/f2fs.h fs/f2fs/inode.c fs/f2fs/segment.c fs/userfaultfd.c include/linux/dma-buf.h include/linux/fscrypt.h include/linux/kasan.h include/linux/platform_data/ds2482.h include/uapi/linux/fs.h kernel/sched/deadline.c kernel/sched/fair.c kernel/sched/rt.c kernel/sched/sched.h kernel/sched/stop_task.c kernel/sched/walt.c kernel/sched/walt.h lib/test_kasan.c mm/kasan/common.c mm/kasan/kasan.h mm/kasan/report.c mm/slub.c mm/vmalloc.c scripts/Makefile.kasan Changed below files to fix build errors: drivers/char/diag/diagchar_core.c drivers/power/supply/qcom/battery.c drivers/power/supply/qcom/smb1390-charger-psy.c drivers/power/supply/qcom/smb1390-charger.c drivers/power/supply/qcom/step-chg-jeita.c fs/crypto/fscrypt_ice.c fs/crypto/fscrypt_private.h fs/f2fs/inode.c include/uapi/linux/fscrypt.h net/qrtr/qrtr.c gen_headers_arm.bp gen_headers_arm64.bp Extra added fixes in fs/f2fs/data.c for FBE: * Fix FBE regression with 9937c21ce1 ("f2fs: add bio cache for IPU"). The above commit is not setting the DUN for bio, due to which the bio's could get corrupted when FBE is enabled. * The f2fs_merge_page_bio() incorrectly uses the bio after it is submitted for IO when fscrypt_mergeable_bio() returns false. Fix it by making the submitted bio NULL so that a new bio gets allocated for the next/new page. Ignored the below scheduler patches as they are already present: ANDROID: sched: WALT: Add support for CFS_BANDWIDTH ANDROID: sched: WALT: Refactor cumulative runnable average fixup picked below patches from 4.14.159 and 4.14.172 versions to fix issues 0e39aa9d5 "UPSTREAM: arm64: Validate tagged addresses in access_ok() called from kernel threads" 352902650 "fscrypt: support passing a keyring key to FS_IOC_ADD_ENCRYPTION_KEY" Change-Id: I205b796ee125fa6e9d27fa30f881e4e8fe8bea29 Signed-off-by: Srinivasarao P <spathi@codeaurora.org> Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>	2020-04-07 15:22:27 +05:30
Greg Kroah-Hartman	5a81c7e39a	This is the 4.14.173 stable release ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl5pGdsACgkQONu9yGCS aT4e8g//e9KvLX52jYtFVkQ1VpRmp5jvh4s3acky/akvbSYgFvk2X+MFwZCUDk7s 6/ULYnjDu38ZpvxcxCdEcMrsu506GPzKInotUvO/epGy2tjZlWHBgkblef+ZEC4y KWWDVBrgugQGb+qFn4pRLKazyEvXzr5CZUMQ0rjtrA1k3ttviUZGxj5wxPUvNCJu RM0K9D54rNxjx9IHtMSMqXRMtfp8m3gUeDIQ5J39kC6aIV/QcZWJFy77WELG+Q+0 mJHjEI+HXO2w68a5XxP3ry7mVqsPB8asj+n4d7evWr3YlnYSeeBQah7B5v0nfpoW jZSYJ2cYJ6p/2B3AlYoYUwr/pGLwqz17taWozcyVssy+NxgORfy6PmpVCJhe2u8s liW0fA86ZC3PcgUI+xkrhVeNRw+OSvsPhsqzl6XSMACJf05niUqjVxD9CySmAKwb PrXHDbnwfZK8MB5wJ3/0j0PtTkwt0qiRS9daD14qxr+8OLTQ9C7zOxmZI9jkrqVd GmbYgx5fZYeP11vb6h1cOmJae/xIkm9Yl8RbbuWpiGtbFAVHWD/B8w9YL0U138pW f+aCpn66eyli27/MmEFJdAUQYvhkOwZ5TGwKuJrqYi5EDjRFTWUfaFfwYsIn1AaM 69nnNHUrGgozQGDfQZEEFMSCZFJZfma3zbkJyHqpV+KMqma8/dI= =XWup -----END PGP SIGNATURE----- Merge 4.14.173 into android-4.14 Changes in 4.14.173 iwlwifi: pcie: fix rb_allocator workqueue allocation netfilter: nf_conntrack: resolve clash for matching conntracks ext4: fix potential race between online resizing and write operations ext4: fix potential race between s_flex_groups online resizing and access ext4: fix potential race between s_group_info online resizing and access ipmi:ssif: Handle a possible NULL pointer reference drm/msm: Set dma maximum segment size for mdss dax: pass NOWAIT flag to iomap_apply mac80211: consider more elements in parsing CRC cfg80211: check wiphy driver existence for drvinfo report qmi_wwan: re-add DW5821e pre-production variant qmi_wwan: unconditionally reject 2 ep interfaces net: ena: fix potential crash when rxfh key is NULL net: ena: fix uses of round_jiffies() net: ena: add missing ethtool TX timestamping indication net: ena: fix incorrect default RSS key net: ena: rss: fix failure to get indirection table net: ena: rss: store hash function as values and not bits net: ena: fix incorrectly saving queue numbers when setting RSS indirection table net: ena: ethtool: use correct value for crc32 hash net: ena: ena-com.c: prevent NULL pointer dereference cifs: Fix mode output in debugging statements cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE sysrq: Restore original console_loglevel when sysrq disabled sysrq: Remove duplicated sysrq message net: fib_rules: Correctly set table field when table number exceeds 8 bits net: phy: restore mdio regs in the iproc mdio driver nfc: pn544: Fix occasional HW initialization failure sctp: move the format error check out of __sctp_sf_do_9_1_abort ipv6: Fix nlmsg_flags when splitting a multipath route ipv6: Fix route replacement with dev-only route qede: Fix race between rdma destroy workqueue and link change event net: sched: correct flower port blocking ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() audit: fix error handling in audit_data_to_entry() ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro ACPI: watchdog: Fix gas->access_width usage KVM: VMX: check descriptor table exits on instruction emulation HID: ite: Only bind to keyboard USB interface on Acer SW5-012 keyboard dock HID: core: fix off-by-one memset in hid_report_raw_event() HID: core: increase HID report buffer size to 8KiB tracing: Disable trace_printk() on post poned tests Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs" HID: hiddev: Fix race in in hiddev_disconnect() MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()' i2c: altera: Fix potential integer overflow i2c: jz4780: silence log flood on txabrt drm/i915/gvt: Separate display reset from ALL_ENGINES reset usb: charger: assign specific number for enum value ecryptfs: Fix up bad backport of fe2e082f5da5b4a0a92ae32978f81507ef37ec66 include/linux/bitops.h: introduce BITS_PER_TYPE net: netlink: cap max groups which will be considered in netlink_bind() net: atlantic: fix potential error handling net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE namei: only return -ECHILD from follow_dotdot_rcu() mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() KVM: SVM: Override default MMIO mask if memory encryption is enabled KVM: Check for a bad hva before dropping into the ghc slow path tuntap: correctly set SOCKWQ_ASYNC_NOSPACE drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' kprobes: Set unoptimized flag after unoptimizing code perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc mm/huge_memory.c: use head to check huge zero page mm, thp: fix defrag setting if newline is not used Revert "char/random: silence a lockdep splat with printk()" audit: always check the netlink payload length in audit_receive_msg() vhost: Check docket sk_family instead of call getname x86/mce: Handle varying MCA bank counts EDAC/amd64: Set grain per DIMM net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec RDMA/core: Fix pkey and port assignment in get_new_pps RDMA/core: Fix use of logical OR in get_new_pps kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE selftests: fix too long argument usb: gadget: composite: Support more than 500mA MaxPower usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags usb: gadget: serial: fix Tx stall after buffer overflow drm/msm/mdp5: rate limit pp done timeout warnings drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI drm/msm/dsi: save pll state before dsi host is powered off net: ks8851-ml: Remove 8-bit bus accessors net: ks8851-ml: Fix 16-bit data access net: ks8851-ml: Fix 16-bit IO operation watchdog: da9062: do not ping the hw during stop() s390/cio: cio_ignore_proc_seq_next should increase position index x86/boot/compressed: Don't declare __force_order in kaslr_64.c nvme: Fix uninitialized-variable warning x86/xen: Distribute switch variables for initialization net: thunderx: workaround BGX TX Underflow issue cifs: don't leak -EAGAIN for stat() during reconnect usb: storage: Add quirk for Samsung Fit flash usb: quirks: add NO_LPM quirk for Logitech Screen Share usb: core: hub: fix unhandled return by employing a void function usb: core: hub: do error out if usb_autopm_get_interface() fails usb: core: port: do error out if usb_autopm_get_interface() fails vgacon: Fix a UAF in vgacon_invert_region mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa fat: fix uninit-memory access for partial initialized inode arm: dts: dra76x: Fix mmc3 max-frequency tty:serial:mvebu-uart:fix a wrong return serial: 8250_exar: add support for ACCES cards vt: selection, close sel_buffer race vt: selection, push console lock down vt: selection, push sel_lock up x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes dmaengine: tegra-apb: Fix use-after-free dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list dm cache: fix a crash due to incorrect work item cancelling ARM: dts: ls1021a: Restore MDIO compatible to gianfar ASoC: topology: Fix memleak in soc_tplg_link_elems_load() ASoC: intel: skl: Fix pin debug prints ASoC: intel: skl: Fix possible buffer overflow in debug outputs ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path ASoC: dapm: Correct DAPM handling of active widgets during shutdown RDMA/iwcm: Fix iwcm work deallocation RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() IB/hfi1, qib: Ensure RCU is locked when accessing list ARM: imx: build v7_cpu_resume() unconditionally hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems dm integrity: fix a deadlock due to offloading to an incorrect workqueue xhci: handle port status events for removed USB3 hcd ASoC: topology: Fix memleak in soc_tplg_manifest_load() Linux 4.14.173 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ic06bd3eb90ee58f3fd96bff8969ebf6d9db4cb8d	2020-03-11 19:30:15 +01:00
Mel Gorman	ebf46a9428	mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa ... commit 8b272b3cbbb50a6a8e62d8a15affd473a788e184 upstream. : A user reported a bug against a distribution kernel while running a : proprietary workload described as "memory intensive that is not swapping" : that is expected to apply to mainline kernels. The workload is : read/write/modifying ranges of memory and checking the contents. They : reported that within a few hours that a bad PMD would be reported followed : by a memory corruption where expected data was all zeros. A partial : report of the bad PMD looked like : : [ 5195.338482] ../mm/pgtable-generic.c:33: bad pmd ffff8888157ba008(000002e0396009e2) : [ 5195.341184] ------------[ cut here ]------------ : [ 5195.356880] kernel BUG at ../mm/pgtable-generic.c:35! : .... : [ 5195.410033] Call Trace: : [ 5195.410471] [<ffffffff811bc75d>] change_protection_range+0x7dd/0x930 : [ 5195.410716] [<ffffffff811d4be8>] change_prot_numa+0x18/0x30 : [ 5195.410918] [<ffffffff810adefe>] task_numa_work+0x1fe/0x310 : [ 5195.411200] [<ffffffff81098322>] task_work_run+0x72/0x90 : [ 5195.411246] [<ffffffff81077139>] exit_to_usermode_loop+0x91/0xc2 : [ 5195.411494] [<ffffffff81003a51>] prepare_exit_to_usermode+0x31/0x40 : [ 5195.411739] [<ffffffff815e56af>] retint_user+0x8/0x10 : : Decoding revealed that the PMD was a valid prot_numa PMD and the bad PMD : was a false detection. The bug does not trigger if automatic NUMA : balancing or transparent huge pages is disabled. : : The bug is due a race in change_pmd_range between a pmd_trans_huge and : pmd_nond_or_clear_bad check without any locks held. During the : pmd_trans_huge check, a parallel protection update under lock can have : cleared the PMD and filled it with a prot_numa entry between the transhuge : check and the pmd_none_or_clear_bad check. : : While this could be fixed with heavy locking, it's only necessary to make : a copy of the PMD on the stack during change_pmd_range and avoid races. A : new helper is created for this as the check if quite subtle and the : existing similar helpful is not suitable. This passed 154 hours of : testing (usually triggers between 20 minutes and 24 hours) without : detecting bad PMDs or corruption. A basic test of an autonuma-intensive : workload showed no significant change in behaviour. Although Mel withdrew the patch on the face of LKML comment https://lkml.org/lkml/2017/4/10/922 the race window aforementioned is still open, and we have reports of Linpack test reporting bad residuals after the bad PMD warning is observed. In addition to that, bad rss-counter and non-zero pgtables assertions are triggered on mm teardown for the task hitting the bad PMD. host kernel: mm/pgtable-generic.c:40: bad pmd 00000000b3152f68(8000000d2d2008e7) .... host kernel: BUG: Bad rss-counter state mm:00000000b583043d idx:1 val:512 host kernel: BUG: non-zero pgtables_bytes on freeing mm: 4096 The issue is observed on a v4.18-based distribution kernel, but the race window is expected to be applicable to mainline kernels, as well. [akpm@linux-foundation.org: fix comment typo, per Rafael] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Rafael Aquini <aquini@redhat.com> Signed-off-by: Mel Gorman <mgorman@techsingularity.net> Cc: <stable@vger.kernel.org> Cc: Zi Yan <zi.yan@cs.rutgers.edu> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Michal Hocko <mhocko@suse.com> Link: http://lkml.kernel.org/r/20200216191800.22423-1-aquini@redhat.com Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-03-11 18:03:02 +01:00
Andrey Konovalov	5335f4e6a9	BACKPORT: mm: untag user pointers passed to memory syscalls ... (Upstream commit 057d3389108eda8a20c7f496f011846932680d88). This patch is a part of a series that extends kernel ABI to allow to pass tagged user pointers (with the top byte set to something else other than 0x00) as syscall arguments. This patch allows tagged pointers to be passed to the following memory syscalls: get_mempolicy, madvise, mbind, mincore, mlock, mlock2, mprotect, mremap, msync, munlock, move_pages. The mmap and mremap syscalls do not currently accept tagged addresses. Architectures may interpret the tag as a background colour for the corresponding vma. Link: http://lkml.kernel.org/r/aaf0c0969d46b2feb9017f3e1b3ef3970b633d91.1563904656.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Reviewed-by: Khalid Aziz <khalid.aziz@oracle.com> Reviewed-by: Vincenzo Frascino <vincenzo.frascino@arm.com> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Eric Auger <eric.auger@redhat.com> Cc: Felix Kuehling <Felix.Kuehling@amd.com> Cc: Jens Wiklander <jens.wiklander@linaro.org> Cc: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> Cc: Mike Rapoport <rppt@linux.ibm.com> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Change-Id: I1a2d89eedb45e618e85ca515f4c9121460711efb Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Bug: 135692346	2019-10-07 14:56:03 -04:00
Blagovest Kolenichev	1987b17312	Merge android-4.14-p.63 (8b11380) into msm-4.14 ... * refs/heads/tmp-8b11380: Linux 4.14.63 x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures x86/init: fix build with CONFIG_SWAP=n cpu/hotplug: Non-SMP machines do not make use of booted_once x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread x86/microcode: Allow late microcode loading with SMT disabled tools headers: Synchronise x86 cpufeatures.h for L1TF additions x86/mm/kmmio: Make the tracer robust against L1TF x86/mm/pat: Make set_memory_np() L1TF safe x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/speculation/l1tf: Invert all not present mappings cpu/hotplug: Fix SMT supported evaluation KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry x86/speculation: Simplify sysfs report of VMX L1TF vulnerability KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR KVM: X86: Allow userspace to define the microcode version KVM: X86: Introduce kvm_get_msr_feature() KVM: SVM: Add MSR-based feature support for serializing LFENCE KVM: x86: Add a framework for supporting MSR-based features Documentation/l1tf: Remove Yonah processors from not vulnerable list x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d x86: Don't include linux/irq.h from asm/hardirq.h x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() cpu/hotplug: detect SMT disabled by BIOS Documentation/l1tf: Fix typos x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content Documentation: Add section about CPU vulnerabilities x86/bugs, kvm: Introduce boot-time control of L1TF mitigations cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early cpu/hotplug: Expose SMT control init function x86/kvm: Allow runtime control of L1D flush x86/kvm: Serialize L1D flush parameter setter x86/kvm: Add static key for flush always x86/kvm: Move l1tf setup function x86/l1tf: Handle EPT disabled state proper x86/kvm: Drop L1TF MSR list approach x86/litf: Introduce vmx status variable cpu/hotplug: Online siblings when SMT control is turned on x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting x86/KVM/VMX: Add find_msr() helper function x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers x86/KVM/VMX: Add L1D flush logic x86/KVM/VMX: Add L1D MSR based flush x86/KVM/VMX: Add L1D flush algorithm x86/KVM/VMX: Add module argument for L1TF mitigation x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present cpu/hotplug: Boot HT siblings at least once Revert "x86/apic: Ignore secondary threads if nosmt=force" x86/speculation/l1tf: Fix up pte->pfn conversion for PAE x86/speculation/l1tf: Protect PAE swap entries against L1TF x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings x86/cpufeatures: Add detection of L1D cache flush support. x86/speculation/l1tf: Extend 64bit swap file size limit x86/apic: Ignore secondary threads if nosmt=force x86/cpu/AMD: Evaluate smp_num_siblings early x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info x86/cpu/intel: Evaluate smp_num_siblings early x86/cpu/topology: Provide detect_extended_topology_early() x86/cpu/common: Provide detect_ht_early() x86/cpu/AMD: Remove the pointless detect_ht() call x86/cpu: Remove the pointless CPU printout cpu/hotplug: Provide knobs to control SMT cpu/hotplug: Split do_cpu_down() cpu/hotplug: Make bringup/teardown of smp threads symmetric x86/topology: Provide topology_smt_supported() x86/smp: Provide topology_is_primary_thread() sched/smt: Update sched_smt_present at runtime x86/bugs: Move the l1tf function and define pr_fmt properly x86/speculation/l1tf: Limit swap file size to MAX_PA/2 x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings x86/speculation/l1tf: Add sysfs reporting for l1tf x86/speculation/l1tf: Make sure the first page is always reserved x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation x86/speculation/l1tf: Protect swap entries against L1TF x86/speculation/l1tf: Change order of offset/type in swap entry x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT x86/irqflags: Provide a declaration for native_save_fl kprobes/x86: Fix %p uses in error messages x86/speculation: Protect against userspace-userspace spectreRSB x86/paravirt: Fix spectre-v2 mitigations for paravirt guests ARM: dts: imx6sx: fix irq for pcie bridge Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops Bluetooth: hci_ldisc: Allow sleeping while proto locks are held. phy: phy-mtk-tphy: use auto instead of force to bypass utmi signals mtd: nand: qcom: Add a NULL check for devm_kasprintf() fix __legitimize_mnt()/mntput() race fix mntput/mntput race make sure that __dentry_kill() always invalidates d_seq, unhashed or not root dentries need RCU-delayed freeing init: rename and re-order boot_cpu_state_init() scsi: qla2xxx: Fix memory leak for allocating abort IOCB scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled xen/netfront: don't cache skb_shinfo() stop_machine: Disable preemption after queueing stopper threads Mark HI and TASKLET softirq synchronous kasan: add no_sanitize attribute for clang builds scsi: virtio_scsi: fix IO hang caused by automatic irq vector affinity scsi: core: introduce force_blk_mq scsi: hpsa: fix selection of reply queue parisc: Define mb() and add memory barriers to assembler unlock sequences parisc: Enable CONFIG_MLONGCALLS by default ANDROID: AVB error handler to invalidate vbmeta partition. Conflicts: include/linux/cpu.h include/linux/swapfile.h kernel/softirq.c kernel/stop_machine.c Change-Id: I940d6493a2124eb2a7f6ad3d9ff81fe48e413531 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>	2018-08-28 03:08:02 -07:00
Greg Kroah-Hartman	8b11380a08	This is the 4.14.63 stable release ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlt0UQ4ACgkQONu9yGCS aT48UBAAgRuM+14lp73NW+p9rX8VAupzk1k9QLP7/naWg6mIppVT2/NOEqMfLPYP xsLrkVdvMMlrTmf/LpNE4BEaE0YBD/CT/yK1NTrfLjhVoNIKhK9MEoAVyS7c3YlW OW+/jTuTyQ1BD3RkRXFquXVCnj4aDN+nWq4j7PIsvluNYiyqk7S8RzgUkunrRZTP ZU0EAi/cGcOYQ/iyPyKJLGyGgK8XmcjloSG75512D8SAoDymJIhvreqxFtcx9EVx Awe88RoeZos8/xuorlo+/vjKShnmesgPV2S+Nb1ih2Y3XCktXjASDBvaRX8kMsVh 3F08OKir8ikUZx6lGnJluIDVNVXjXI6f823h8T7D/8r42r9k6EFHTWPU89dFFMda FUyLMf6Oy4TbUSxxKgNxLomaRASaXLP/kSPamAm4KLFvSOmFk6UgOAa1GsB1Q3ad 6yE9KkDcyGxLu9p6NU6+5HgP42dbP5So3gOcLOgfRqR3+dallUqiZlmhbQkwZ1Wm kwDKyDAgbKCGnL7WEoZuSS542h1V9UXYMLWzw04zFaMIjF76H8ee9zBv8Y3ac/ms sM2hW6g7mfww7nvc1FPRQRDvkgfS4EE0DUzq72U0WKcK6v7ZRHUsmBQopxNVS7A4 74HYcin2b5VQw3O3aKy0h3sqKnkE/WzA+XkFo4ExNwfiCzYZeQI= =LXnx -----END PGP SIGNATURE----- Merge 4.14.63 into android-4.14-p Changes in 4.14.63 parisc: Enable CONFIG_MLONGCALLS by default parisc: Define mb() and add memory barriers to assembler unlock sequences scsi: hpsa: fix selection of reply queue scsi: core: introduce force_blk_mq scsi: virtio_scsi: fix IO hang caused by automatic irq vector affinity kasan: add no_sanitize attribute for clang builds Mark HI and TASKLET softirq synchronous stop_machine: Disable preemption after queueing stopper threads xen/netfront: don't cache skb_shinfo() scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled scsi: qla2xxx: Fix memory leak for allocating abort IOCB init: rename and re-order boot_cpu_state_init() root dentries need RCU-delayed freeing make sure that __dentry_kill() always invalidates d_seq, unhashed or not fix mntput/mntput race fix __legitimize_mnt()/mntput() race mtd: nand: qcom: Add a NULL check for devm_kasprintf() phy: phy-mtk-tphy: use auto instead of force to bypass utmi signals Bluetooth: hci_ldisc: Allow sleeping while proto locks are held. Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops ARM: dts: imx6sx: fix irq for pcie bridge x86/paravirt: Fix spectre-v2 mitigations for paravirt guests x86/speculation: Protect against userspace-userspace spectreRSB kprobes/x86: Fix %p uses in error messages x86/irqflags: Provide a declaration for native_save_fl x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT x86/speculation/l1tf: Change order of offset/type in swap entry x86/speculation/l1tf: Protect swap entries against L1TF x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation x86/speculation/l1tf: Make sure the first page is always reserved x86/speculation/l1tf: Add sysfs reporting for l1tf x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings x86/speculation/l1tf: Limit swap file size to MAX_PA/2 x86/bugs: Move the l1tf function and define pr_fmt properly sched/smt: Update sched_smt_present at runtime x86/smp: Provide topology_is_primary_thread() x86/topology: Provide topology_smt_supported() cpu/hotplug: Make bringup/teardown of smp threads symmetric cpu/hotplug: Split do_cpu_down() cpu/hotplug: Provide knobs to control SMT x86/cpu: Remove the pointless CPU printout x86/cpu/AMD: Remove the pointless detect_ht() call x86/cpu/common: Provide detect_ht_early() x86/cpu/topology: Provide detect_extended_topology_early() x86/cpu/intel: Evaluate smp_num_siblings early x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info x86/cpu/AMD: Evaluate smp_num_siblings early x86/apic: Ignore secondary threads if nosmt=force x86/speculation/l1tf: Extend 64bit swap file size limit x86/cpufeatures: Add detection of L1D cache flush support. x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings x86/speculation/l1tf: Protect PAE swap entries against L1TF x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Revert "x86/apic: Ignore secondary threads if nosmt=force" cpu/hotplug: Boot HT siblings at least once x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present x86/KVM/VMX: Add module argument for L1TF mitigation x86/KVM/VMX: Add L1D flush algorithm x86/KVM/VMX: Add L1D MSR based flush x86/KVM/VMX: Add L1D flush logic x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers x86/KVM/VMX: Add find_msr() helper function x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required cpu/hotplug: Online siblings when SMT control is turned on x86/litf: Introduce vmx status variable x86/kvm: Drop L1TF MSR list approach x86/l1tf: Handle EPT disabled state proper x86/kvm: Move l1tf setup function x86/kvm: Add static key for flush always x86/kvm: Serialize L1D flush parameter setter x86/kvm: Allow runtime control of L1D flush cpu/hotplug: Expose SMT control init function cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early x86/bugs, kvm: Introduce boot-time control of L1TF mitigations Documentation: Add section about CPU vulnerabilities x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content Documentation/l1tf: Fix typos cpu/hotplug: detect SMT disabled by BIOS x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d x86: Don't include linux/irq.h from asm/hardirq.h x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Documentation/l1tf: Remove Yonah processors from not vulnerable list KVM: x86: Add a framework for supporting MSR-based features KVM: SVM: Add MSR-based feature support for serializing LFENCE KVM: X86: Introduce kvm_get_msr_feature() KVM: X86: Allow userspace to define the microcode version KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR x86/speculation: Simplify sysfs report of VMX L1TF vulnerability x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry cpu/hotplug: Fix SMT supported evaluation x86/speculation/l1tf: Invert all not present mappings x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/mm/pat: Make set_memory_np() L1TF safe x86/mm/kmmio: Make the tracer robust against L1TF tools headers: Synchronise x86 cpufeatures.h for L1TF additions x86/microcode: Allow late microcode loading with SMT disabled x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread cpu/hotplug: Non-SMP machines do not make use of booted_once x86/init: fix build with CONFIG_SWAP=n x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present Linux 4.14.63 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2018-08-16 12:30:41 +02:00
Greg Kroah-Hartman	1f648790fe	This is the 4.14.63 stable release ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlt0UQ4ACgkQONu9yGCS aT48UBAAgRuM+14lp73NW+p9rX8VAupzk1k9QLP7/naWg6mIppVT2/NOEqMfLPYP xsLrkVdvMMlrTmf/LpNE4BEaE0YBD/CT/yK1NTrfLjhVoNIKhK9MEoAVyS7c3YlW OW+/jTuTyQ1BD3RkRXFquXVCnj4aDN+nWq4j7PIsvluNYiyqk7S8RzgUkunrRZTP ZU0EAi/cGcOYQ/iyPyKJLGyGgK8XmcjloSG75512D8SAoDymJIhvreqxFtcx9EVx Awe88RoeZos8/xuorlo+/vjKShnmesgPV2S+Nb1ih2Y3XCktXjASDBvaRX8kMsVh 3F08OKir8ikUZx6lGnJluIDVNVXjXI6f823h8T7D/8r42r9k6EFHTWPU89dFFMda FUyLMf6Oy4TbUSxxKgNxLomaRASaXLP/kSPamAm4KLFvSOmFk6UgOAa1GsB1Q3ad 6yE9KkDcyGxLu9p6NU6+5HgP42dbP5So3gOcLOgfRqR3+dallUqiZlmhbQkwZ1Wm kwDKyDAgbKCGnL7WEoZuSS542h1V9UXYMLWzw04zFaMIjF76H8ee9zBv8Y3ac/ms sM2hW6g7mfww7nvc1FPRQRDvkgfS4EE0DUzq72U0WKcK6v7ZRHUsmBQopxNVS7A4 74HYcin2b5VQw3O3aKy0h3sqKnkE/WzA+XkFo4ExNwfiCzYZeQI= =LXnx -----END PGP SIGNATURE----- Merge 4.14.63 into android-4.14 Changes in 4.14.63 parisc: Enable CONFIG_MLONGCALLS by default parisc: Define mb() and add memory barriers to assembler unlock sequences scsi: hpsa: fix selection of reply queue scsi: core: introduce force_blk_mq scsi: virtio_scsi: fix IO hang caused by automatic irq vector affinity kasan: add no_sanitize attribute for clang builds Mark HI and TASKLET softirq synchronous stop_machine: Disable preemption after queueing stopper threads xen/netfront: don't cache skb_shinfo() scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled scsi: qla2xxx: Fix memory leak for allocating abort IOCB init: rename and re-order boot_cpu_state_init() root dentries need RCU-delayed freeing make sure that __dentry_kill() always invalidates d_seq, unhashed or not fix mntput/mntput race fix __legitimize_mnt()/mntput() race mtd: nand: qcom: Add a NULL check for devm_kasprintf() phy: phy-mtk-tphy: use auto instead of force to bypass utmi signals Bluetooth: hci_ldisc: Allow sleeping while proto locks are held. Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops ARM: dts: imx6sx: fix irq for pcie bridge x86/paravirt: Fix spectre-v2 mitigations for paravirt guests x86/speculation: Protect against userspace-userspace spectreRSB kprobes/x86: Fix %p uses in error messages x86/irqflags: Provide a declaration for native_save_fl x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT x86/speculation/l1tf: Change order of offset/type in swap entry x86/speculation/l1tf: Protect swap entries against L1TF x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation x86/speculation/l1tf: Make sure the first page is always reserved x86/speculation/l1tf: Add sysfs reporting for l1tf x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings x86/speculation/l1tf: Limit swap file size to MAX_PA/2 x86/bugs: Move the l1tf function and define pr_fmt properly sched/smt: Update sched_smt_present at runtime x86/smp: Provide topology_is_primary_thread() x86/topology: Provide topology_smt_supported() cpu/hotplug: Make bringup/teardown of smp threads symmetric cpu/hotplug: Split do_cpu_down() cpu/hotplug: Provide knobs to control SMT x86/cpu: Remove the pointless CPU printout x86/cpu/AMD: Remove the pointless detect_ht() call x86/cpu/common: Provide detect_ht_early() x86/cpu/topology: Provide detect_extended_topology_early() x86/cpu/intel: Evaluate smp_num_siblings early x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info x86/cpu/AMD: Evaluate smp_num_siblings early x86/apic: Ignore secondary threads if nosmt=force x86/speculation/l1tf: Extend 64bit swap file size limit x86/cpufeatures: Add detection of L1D cache flush support. x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings x86/speculation/l1tf: Protect PAE swap entries against L1TF x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Revert "x86/apic: Ignore secondary threads if nosmt=force" cpu/hotplug: Boot HT siblings at least once x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present x86/KVM/VMX: Add module argument for L1TF mitigation x86/KVM/VMX: Add L1D flush algorithm x86/KVM/VMX: Add L1D MSR based flush x86/KVM/VMX: Add L1D flush logic x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers x86/KVM/VMX: Add find_msr() helper function x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required cpu/hotplug: Online siblings when SMT control is turned on x86/litf: Introduce vmx status variable x86/kvm: Drop L1TF MSR list approach x86/l1tf: Handle EPT disabled state proper x86/kvm: Move l1tf setup function x86/kvm: Add static key for flush always x86/kvm: Serialize L1D flush parameter setter x86/kvm: Allow runtime control of L1D flush cpu/hotplug: Expose SMT control init function cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early x86/bugs, kvm: Introduce boot-time control of L1TF mitigations Documentation: Add section about CPU vulnerabilities x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content Documentation/l1tf: Fix typos cpu/hotplug: detect SMT disabled by BIOS x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d x86: Don't include linux/irq.h from asm/hardirq.h x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Documentation/l1tf: Remove Yonah processors from not vulnerable list KVM: x86: Add a framework for supporting MSR-based features KVM: SVM: Add MSR-based feature support for serializing LFENCE KVM: X86: Introduce kvm_get_msr_feature() KVM: X86: Allow userspace to define the microcode version KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR x86/speculation: Simplify sysfs report of VMX L1TF vulnerability x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry cpu/hotplug: Fix SMT supported evaluation x86/speculation/l1tf: Invert all not present mappings x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/mm/pat: Make set_memory_np() L1TF safe x86/mm/kmmio: Make the tracer robust against L1TF tools headers: Synchronise x86 cpufeatures.h for L1TF additions x86/microcode: Allow late microcode loading with SMT disabled x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread cpu/hotplug: Non-SMP machines do not make use of booted_once x86/init: fix build with CONFIG_SWAP=n x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present Linux 4.14.63 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2018-08-16 12:28:17 +02:00
Andi Kleen	a4116334be	x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings ... commit 42e4089c7890725fcd329999252dc489b72f2921 upstream For L1TF PROT_NONE mappings are protected by inverting the PFN in the page table entry. This sets the high bits in the CPU's address space, thus making sure to point to not point an unmapped entry to valid cached memory. Some server system BIOSes put the MMIO mappings high up in the physical address space. If such an high mapping was mapped to unprivileged users they could attack low memory by setting such a mapping to PROT_NONE. This could happen through a special device driver which is not access protected. Normal /dev/mem is of course access protected. To avoid this forbid PROT_NONE mappings or mprotect for high MMIO mappings. Valid page mappings are allowed because the system is then unsafe anyways. It's not expected that users commonly use PROT_NONE on MMIO. But to minimize any impact this is only enforced if the mapping actually refers to a high MMIO address (defined as the MAX_PA-1 bit being set), and also skip the check for root. For mmaps this is straight forward and can be handled in vm_insert_pfn and in remap_pfn_range(). For mprotect it's a bit trickier. At the point where the actual PTEs are accessed a lot of state has been changed and it would be difficult to undo on an error. Since this is a uncommon case use a separate early page talk walk pass for MMIO PROT_NONE mappings that checks for this condition early. For non MMIO and non PROT_NONE there are no changes. Signed-off-by: Andi Kleen <ak@linux.intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> Acked-by: Dave Hansen <dave.hansen@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-08-15 18:12:51 +02:00
Laurent Dufour	4153099359	mm: protect VMA modifications using VMA sequence count ... The VMA sequence count has been introduced to allow fast detection of VMA modification when running a page fault handler without holding the mmap_sem. This patch provides protection against the VMA modification done in : - madvise() - mpol_rebind_policy() - vma_replace_policy() - change_prot_numa() - mlock(), munlock() - mprotect() - mmap_region() - collapse_huge_page() - userfaultd registering services In addition, VMA fields which will be read during the speculative fault path needs to be written using WRITE_ONCE to prevent write to be split and intermediate values to be pushed to other CPUs. Change-Id: Ic36046b7254e538b6baf7144c50ae577ee7f2074 Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com> Patch-mainline: linux-mm @ Tue, 17 Apr 2018 16:33:15 [vinmenon@codeaurora.org: trivial merge conflict fixes] Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>	2018-06-04 15:40:51 +05:30
Greg Kroah-Hartman	918914133e	This is the 4.14.13 stable release ... -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlpVz2IACgkQONu9yGCS aT5ruQ//e+yZXvviuuvH1GoPEPIBXNLIZRe1wRbkput3B299ECktxXfvquP/a8UK NcUM2G4TlrZ6o0qYjvYEpKpXmvXUBIhloNfX5bGTNFa5fAeQ4Zlx06EVBydtfteW gYn17aLZrnAPsr0g2A6BvPEtjkZQ4olzbcjQMlgmvCN0C4FH4eldEjC//wr7O00w yn+W5pL8b3QSjfuyHyp607BJni26bIZJtZGTmuyzRlfljaTxM1LDjCJNACp3Y8hP oR+5cxnlaOr7grtAbdBjAN3oLeH/JxEKP5Ec+4KTolYp/qfoRBaA7AEQhpUKgRuh rez1hJ5vGWBim4edARmkc27Fvos91TmKFRe+oH0LU8pA6FbcHQ3cAJGAWSSRfxwS 5UAPRgXruGGh+jyx+2MK8+UuhRrCBxalmSIoo/EuVEaAdLiZRua1rgO8JegoAAZD YAMZnY0aSFcncCOPO1JZEHi07py1LU3JMk6vAh53KVyePaEJXy6JzRPoXJep2a7f kRzPzNHYUH3cfR1oOv7Cuf+UEXSc5FvDjlzPXkDVBbK/7qVJaYRmVIz5evXbEXmy CQMQfivl5WvT3amPj/PSreWh0khXfENa3VZrTJdTqbq8gytlxwgz7JXSxNSipNUJ A2eg13rOVnT9knVfw8Kefozwtc+I56KMJ/F0VuzaJcsIvCs6+Q8= =dywX -----END PGP SIGNATURE----- Merge 4.14.13 into android-4.14 Changes in 4.14.13 x86/mm: Set MODULES_END to 0xffffffffff000000 x86/mm: Map cpu_entry_area at the same place on 4/5 level x86/kaslr: Fix the vaddr_end mess x86/events/intel/ds: Use the proper cache flush method for mapping ds buffers x86/tlb: Drop the _GPL from the cpu_tlbstate export x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN kernel/acct.c: fix the acct->needcheck check in check_free_space() mm/mprotect: add a cond_resched() inside change_pmd_range() mm/sparse.c: wrong allocation for mem_section userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails btrfs: fix refcount_t usage when deleting btrfs_delayed_nodes efi/capsule-loader: Reinstate virtual capsule mapping crypto: n2 - cure use after free crypto: chacha20poly1305 - validate the digest size crypto: pcrypt - fix freeing pcrypt instances crypto: chelsio - select CRYPTO_GF128MUL drm/i915: Disable DC states around GMBUS on GLK drm/i915: Apply Display WA #1183 on skl, kbl, and cfl sunxi-rsb: Include OF based modalias in device uevent fscache: Fix the default for fscache_maybe_release_page() x86 / CPU: Avoid unnecessary IPIs in arch_freq_get_on_cpu() x86 / CPU: Always show current CPU frequency in /proc/cpuinfo kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() iommu/arm-smmu-v3: Don't free page table ops twice iommu/arm-smmu-v3: Cope with duplicated Stream IDs ARC: uaccess: dont use "l" gcc inline asm constraint modifier powerpc/mm: Fix SEGV on mapped region to return SEGV_ACCERR Input: elantech - add new icbody type 15 x86/microcode/AMD: Add support for fam17h microcode loading apparmor: fix regression in mount mediation when feature set is pinned parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel parisc: qemu idle sleep support mtd: nand: pxa3xx: Fix READOOB implementation KVM: s390: fix cmma migration for multiple memory slots KVM: s390: prevent buffer overrun on memory hotplug during migration Linux 4.14.13 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2018-01-10 09:41:41 +01:00
Anshuman Khandual	abcc786278	mm/mprotect: add a cond_resched() inside change_pmd_range() ... commit 4991c09c7c812dba13ea9be79a68b4565bb1fa4e upstream. While testing on a large CPU system, detected the following RCU stall many times over the span of the workload. This problem is solved by adding a cond_resched() in the change_pmd_range() function. INFO: rcu_sched detected stalls on CPUs/tasks: 154-....: (670 ticks this GP) idle=022/140000000000000/0 softirq=2825/2825 fqs=612 (detected by 955, t=6002 jiffies, g=4486, c=4485, q=90864) Sending NMI from CPU 955 to CPUs 154: NMI backtrace for cpu 154 CPU: 154 PID: 147071 Comm: workload Not tainted 4.15.0-rc3+ #3 NIP: c0000000000b3f64 LR: c0000000000b33d4 CTR: 000000000000aa18 REGS: 00000000a4b0fb44 TRAP: 0501 Not tainted (4.15.0-rc3+) MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 22422082 XER: 00000000 CFAR: 00000000006cf8f0 SOFTE: 1 GPR00: 0010000000000000 c00003ef9b1cb8c0 c0000000010cc600 0000000000000000 GPR04: 8e0000018c32b200 40017b3858fd6e00 8e0000018c32b208 40017b3858fd6e00 GPR08: 8e0000018c32b210 40017b3858fd6e00 8e0000018c32b218 40017b3858fd6e00 GPR12: ffffffffffffffff c00000000fb25100 NIP [c0000000000b3f64] plpar_hcall9+0x44/0x7c LR [c0000000000b33d4] pSeries_lpar_flush_hash_range+0x384/0x420 Call Trace: flush_hash_range+0x48/0x100 __flush_tlb_pending+0x44/0xd0 hpte_need_flush+0x408/0x470 change_protection_range+0xaac/0xf10 change_prot_numa+0x30/0xb0 task_numa_work+0x2d0/0x3e0 task_work_run+0x130/0x190 do_notify_resume+0x118/0x120 ret_from_except_lite+0x70/0x74 Instruction dump: 60000000 f8810028 7ca42b78 7cc53378 7ce63b78 7d074378 7d284b78 7d495378 e9410060 e9610068 e9810070 44000022 <7d806378> e9810028 f88c0000 f8ac0008 Link: http://lkml.kernel.org/r/20171214140551.5794-1-khandual@linux.vnet.ibm.com Signed-off-by: Anshuman Khandual <khandual@linux.vnet.ibm.com> Suggested-by: Nicholas Piggin <npiggin@gmail.com> Acked-by: Michal Hocko <mhocko@suse.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-01-10 09:31:17 +01:00
Colin Cross	8392add7be	ANDROID: mm: add a field to store names for private anonymous memory ... Userspace processes often have multiple allocators that each do anonymous mmaps to get memory. When examining memory usage of individual processes or systems as a whole, it is useful to be able to break down the various heaps that were allocated by each layer and examine their size, RSS, and physical memory usage. This patch adds a user pointer to the shared union in vm_area_struct that points to a null terminated string inside the user process containing a name for the vma. vmas that point to the same address will be merged, but vmas that point to equivalent strings at different addresses will not be merged. Userspace can set the name for a region of memory by calling prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, start, len, (unsigned long)name); Setting the name to NULL clears it. The names of named anonymous vmas are shown in /proc/pid/maps as [anon:<name>] and in /proc/pid/smaps in a new "Name" field that is only present for named vmas. If the userspace pointer is no longer valid all or part of the name will be replaced with "<fault>". The idea to store a userspace pointer to reduce the complexity within mm (at the expense of the complexity of reading /proc/pid/mem) came from Dave Hansen. This results in no runtime overhead in the mm subsystem other than comparing the anon_name pointers when considering vma merging. The pointer is stored in a union with fieds that are only used on file-backed mappings, so it does not increase memory usage. Includes fix from Jed Davis <jld@mozilla.com> for typo in prctl_set_vma_anon_name, which could attempt to set the name across two vmas at the same time due to a typo, which might corrupt the vma list. Fix it to use tmp instead of end to limit the name setting to a single vma at a time. Change-Id: I9aa7b6b5ef536cd780599ba4e2fba8ceebe8b59f Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> [AmitP: Fix get_user_pages_remote() call to align with upstream commit 5b56d49fc31d ("mm: add locked parameter to get_user_pages_remote()")] Signed-off-by: Amit Pundir <amit.pundir@linaro.org>	2017-12-18 21:11:22 +05:30
Greg Kroah-Hartman	b24413180f	License cleanup: add SPDX GPL-2.0 license identifier to files with no license ... Many source files in the tree are missing licensing information, which makes it harder for compliance tools to determine the correct license. By default all files without license information are under the default license of the kernel, which is GPL version 2. Update the files which contain no license information with the 'GPL-2.0' SPDX license identifier. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. This patch is based on work done by Thomas Gleixner and Kate Stewart and Philippe Ombredanne. How this work was done: Patches were generated and checked against linux-4.14-rc6 for a subset of the use cases: - file had no licensing information it it. - file was a */uapi/* one with no licensing information in it, - file was a */uapi/* one with existing licensing information, Further patches will be generated in subsequent months to fix up cases where non-standard license headers were used, and references to license had to be inferred by heuristics based on keywords. The analysis to determine which SPDX License Identifier to be applied to a file was done in a spreadsheet of side by side results from of the output of two independent scanners (ScanCode & Windriver) producing SPDX tag:value files created by Philippe Ombredanne. Philippe prepared the base worksheet, and did an initial spot review of a few 1000 files. The 4.13 kernel was the starting point of the analysis with 60,537 files assessed. Kate Stewart did a file by file comparison of the scanner results in the spreadsheet to determine which SPDX license identifier(s) to be applied to the file. She confirmed any determination that was not immediately clear with lawyers working with the Linux Foundation. Criteria used to select files for SPDX license identifier tagging was: - Files considered eligible had to be source code files. - Make and config files were included as candidates if they contained >5 lines of source - File already had some variant of a license header in it (even if <5 lines). All documentation files were explicitly excluded. The following heuristics were used to determine which SPDX license identifiers to apply. - when both scanners couldn't find any license traces, file was considered to have no license information in it, and the top level COPYING file license applied. For non */uapi/* files that summary was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 11139 and resulted in the first patch in this series. If that file was a */uapi/* path one, it was "GPL-2.0 WITH Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 WITH Linux-syscall-note 930 and resulted in the second patch in this series. - if a file had some form of licensing information in it, and was one of the */uapi/* ones, it was denoted with the Linux-syscall-note if any GPL family license was found in the file or had no licensing in it (per prior point). Results summary: SPDX license identifier # files ---------------------------------------------------|------ GPL-2.0 WITH Linux-syscall-note 270 GPL-2.0+ WITH Linux-syscall-note 169 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17 LGPL-2.1+ WITH Linux-syscall-note 15 GPL-1.0+ WITH Linux-syscall-note 14 ((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5 LGPL-2.0+ WITH Linux-syscall-note 4 LGPL-2.1 WITH Linux-syscall-note 3 ((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3 ((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1 and that resulted in the third patch in this series. - when the two scanners agreed on the detected license(s), that became the concluded license(s). - when there was disagreement between the two scanners (one detected a license but the other didn't, or they both detected different licenses) a manual inspection of the file occurred. - In most cases a manual inspection of the information in the file resulted in a clear resolution of the license that should apply (and which scanner probably needed to revisit its heuristics). - When it was not immediately clear, the license identifier was confirmed with lawyers working with the Linux Foundation. - If there was any question as to the appropriate license identifier, the file was flagged for further research and to be revisited later in time. In total, over 70 hours of logged manual review was done on the spreadsheet to determine the SPDX license identifiers to apply to the source files by Kate, Philippe, Thomas and, in some cases, confirmation by lawyers working with the Linux Foundation. Kate also obtained a third independent scan of the 4.13 code base from FOSSology, and compared selected files where the other two scanners disagreed against that SPDX file, to see if there was new insights. The Windriver scanner is based on an older version of FOSSology in part, so they are related. Thomas did random spot checks in about 500 files from the spreadsheets for the uapi headers and agreed with SPDX license identifier in the files he inspected. For the non-uapi files Thomas did random spot checks in about 15000 files. In initial set of patches against 4.14-rc6, 3 files were found to have copy/paste license identifier errors, and have been fixed to reflect the correct identifier. Additionally Philippe spent 10 hours this week doing a detailed manual inspection and review of the 12,461 patched files from the initial patch version early this week with: - a full scancode scan run, collecting the matched texts, detected license ids and scores - reviewing anything where there was a license detected (about 500+ files) to ensure that the applied SPDX license was correct - reviewing anything where there was no detection but the patch license was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied SPDX license was correct This produced a worksheet with 20 files needing minor correction. This worksheet was then exported into 3 different .csv files for the different types of files to be modified. These .csv files were then reviewed by Greg. Thomas wrote a script to parse the csv files and add the proper SPDX tag to the file, in the format that the file expected. This script was further refined by Greg based on the output to detect more types of files automatically and to distinguish between header and source .c files (which need different comment types.) Finally Greg ran the script using the .csv files to generate the patches. Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2017-11-02 11:10:55 +01:00
Jérôme Glisse	5042db43cc	mm/ZONE_DEVICE: new type of ZONE_DEVICE for unaddressable memory ... HMM (heterogeneous memory management) need struct page to support migration from system main memory to device memory. Reasons for HMM and migration to device memory is explained with HMM core patch. This patch deals with device memory that is un-addressable memory (ie CPU can not access it). Hence we do not want those struct page to be manage like regular memory. That is why we extend ZONE_DEVICE to support different types of memory. A persistent memory type is define for existing user of ZONE_DEVICE and a new device un-addressable type is added for the un-addressable memory type. There is a clear separation between what is expected from each memory type and existing user of ZONE_DEVICE are un-affected by new requirement and new use of the un-addressable type. All specific code path are protect with test against the memory type. Because memory is un-addressable we use a new special swap type for when a page is migrated to device memory (this reduces the number of maximum swap file). The main two additions beside memory type to ZONE_DEVICE is two callbacks. First one, page_free() is call whenever page refcount reach 1 (which means the page is free as ZONE_DEVICE page never reach a refcount of 0). This allow device driver to manage its memory and associated struct page. The second callback page_fault() happens when there is a CPU access to an address that is back by a device page (which are un-addressable by the CPU). This callback is responsible to migrate the page back to system main memory. Device driver can not block migration back to system memory, HMM make sure that such page can not be pin into device memory. If device is in some error condition and can not migrate memory back then a CPU page fault to device memory should end with SIGBUS. [arnd@arndb.de: fix warning] Link: http://lkml.kernel.org/r/20170823133213.712917-1-arnd@arndb.de Link: http://lkml.kernel.org/r/20170817000548.32038-8-jglisse@redhat.com Signed-off-by: Jérôme Glisse <jglisse@redhat.com> Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Dan Williams <dan.j.williams@intel.com> Cc: Ross Zwisler <ross.zwisler@linux.intel.com> Cc: Aneesh Kumar <aneesh.kumar@linux.vnet.ibm.com> Cc: Balbir Singh <bsingharora@gmail.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: David Nellans <dnellans@nvidia.com> Cc: Evgeny Baskakov <ebaskakov@nvidia.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: John Hubbard <jhubbard@nvidia.com> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Mark Hairgrove <mhairgrove@nvidia.com> Cc: Michal Hocko <mhocko@kernel.org> Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: Sherry Cheung <SCheung@nvidia.com> Cc: Subhash Gutti <sgutti@nvidia.com> Cc: Vladimir Davydov <vdavydov.dev@gmail.com> Cc: Bob Liu <liubo95@huawei.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2017-09-08 18:26:46 -07:00
Zi Yan	84c3fc4e9c	mm: thp: check pmd migration entry in common path ... When THP migration is being used, memory management code needs to handle pmd migration entries properly. This patch uses !pmd_present() or is_swap_pmd() (depending on whether pmd_none() needs separate code or not) to check pmd migration entries at the places where a pmd entry is present. Since pmd-related code uses split_huge_page(), split_huge_pmd(), pmd_trans_huge(), pmd_trans_unstable(), or pmd_none_or_trans_huge_or_clear_bad(), this patch: 1. adds pmd migration entry split code in split_huge_pmd(), 2. takes care of pmd migration entries whenever pmd_trans_huge() is present, 3. makes pmd_none_or_trans_huge_or_clear_bad() pmd migration entry aware. Since split_huge_page() uses split_huge_pmd() and pmd_trans_unstable() is equivalent to pmd_none_or_trans_huge_or_clear_bad(), we do not change them. Until this commit, a pmd entry should be: 1. pointing to a pte page, 2. is_swap_pmd(), 3. pmd_trans_huge(), 4. pmd_devmap(), or 5. pmd_none(). Signed-off-by: Zi Yan <zi.yan@cs.rutgers.edu> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Anshuman Khandual <khandual@linux.vnet.ibm.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: David Nellans <dnellans@nvidia.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Mel Gorman <mgorman@techsingularity.net> Cc: Minchan Kim <minchan@kernel.org> Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Michal Hocko <mhocko@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2017-09-08 18:26:45 -07:00
Nadav Amit	16af97dc5a	mm: migrate: prevent racy access to tlb_flush_pending ... Patch series "fixes of TLB batching races", v6. It turns out that Linux TLB batching mechanism suffers from various races. Races that are caused due to batching during reclamation were recently handled by Mel and this patch-set deals with others. The more fundamental issue is that concurrent updates of the page-tables allow for TLB flushes to be batched on one core, while another core changes the page-tables. This other core may assume a PTE change does not require a flush based on the updated PTE value, while it is unaware that TLB flushes are still pending. This behavior affects KSM (which may result in memory corruption) and MADV_FREE and MADV_DONTNEED (which may result in incorrect behavior). A proof-of-concept can easily produce the wrong behavior of MADV_DONTNEED. Memory corruption in KSM is harder to produce in practice, but was observed by hacking the kernel and adding a delay before flushing and replacing the KSM page. Finally, there is also one memory barrier missing, which may affect architectures with weak memory model. This patch (of 7): Setting and clearing mm->tlb_flush_pending can be performed by multiple threads, since mmap_sem may only be acquired for read in task_numa_work(). If this happens, tlb_flush_pending might be cleared while one of the threads still changes PTEs and batches TLB flushes. This can lead to the same race between migration and change_protection_range() that led to the introduction of tlb_flush_pending. The result of this race was data corruption, which means that this patch also addresses a theoretically possible data corruption. An actual data corruption was not observed, yet the race was was confirmed by adding assertion to check tlb_flush_pending is not set by two threads, adding artificial latency in change_protection_range() and using sysctl to reduce kernel.numa_balancing_scan_delay_ms. Link: http://lkml.kernel.org/r/20170802000818.4760-2-namit@vmware.com Fixes: 20841405940e ("mm: fix TLB flush race between migration, and change_protection_range") Signed-off-by: Nadav Amit <namit@vmware.com> Acked-by: Mel Gorman <mgorman@suse.de> Acked-by: Rik van Riel <riel@redhat.com> Acked-by: Minchan Kim <minchan@kernel.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Hugh Dickins <hughd@google.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Jeff Dike <jdike@addtoit.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Mel Gorman <mgorman@techsingularity.net> Cc: Russell King <linux@armlinux.org.uk> Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Cc: Tony Luck <tony.luck@intel.com> Cc: Yoshinori Sato <ysato@users.sourceforge.jp> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2017-08-10 15:54:07 -07:00
Mel Gorman	3ea277194d	mm, mprotect: flush TLB if potentially racing with a parallel reclaim leaving stale TLB entries ... Nadav Amit identified a theoritical race between page reclaim and mprotect due to TLB flushes being batched outside of the PTL being held. He described the race as follows: CPU0 CPU1 ---- ---- user accesses memory using RW PTE [PTE now cached in TLB] try_to_unmap_one() ==> ptep_get_and_clear() ==> set_tlb_ubc_flush_pending() mprotect(addr, PROT_READ) ==> change_pte_range() ==> [ PTE non-present - no flush ] user writes using cached RW PTE ... try_to_unmap_flush() The same type of race exists for reads when protecting for PROT_NONE and also exists for operations that can leave an old TLB entry behind such as munmap, mremap and madvise. For some operations like mprotect, it's not necessarily a data integrity issue but it is a correctness issue as there is a window where an mprotect that limits access still allows access. For munmap, it's potentially a data integrity issue although the race is massive as an munmap, mmap and return to userspace must all complete between the window when reclaim drops the PTL and flushes the TLB. However, it's theoritically possible so handle this issue by flushing the mm if reclaim is potentially currently batching TLB flushes. Other instances where a flush is required for a present pte should be ok as either the page lock is held preventing parallel reclaim or a page reference count is elevated preventing a parallel free leading to corruption. In the case of page_mkclean there isn't an obvious path that userspace could take advantage of without using the operations that are guarded by this patch. Other users such as gup as a race with reclaim looks just at PTEs. huge page variants should be ok as they don't race with reclaim. mincore only looks at PTEs. userfault also should be ok as if a parallel reclaim takes place, it will either fault the page back in or read some of the data before the flush occurs triggering a fault. Note that a variant of this patch was acked by Andy Lutomirski but this was for the x86 parts on top of his PCID work which didn't make the 4.13 merge window as expected. His ack is dropped from this version and there will be a follow-on patch on top of PCID that will include his ack. [akpm@linux-foundation.org: tweak comments] [akpm@linux-foundation.org: fix spello] Link: http://lkml.kernel.org/r/20170717155523.emckq2esjro6hf3z@suse.de Reported-by: Nadav Amit <nadav.amit@gmail.com> Signed-off-by: Mel Gorman <mgorman@suse.de> Cc: Andy Lutomirski <luto@kernel.org> Cc: <stable@vger.kernel.org> [v4.4+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2017-08-02 16:34:46 -07:00
Naoya Horiguchi	8bc3c3fe4f	mm: drop NULL return check of pte_offset_map_lock() ... pte_offset_map_lock() finds and takes ptl, and returns pte. But some callers return without unlocking the ptl when pte == NULL, which seems weird. Git history said that !pte check in change_pte_range() was introduced in commit 1ad9f620c3a2 ("mm: numa: recheck for transhuge pages under lock during protection changes") and still remains after commit 175ad4f1e7a2 ("mm: mprotect: use pmd_trans_unstable instead of taking the pmd_lock") which partially reverts 1ad9f620c3a2. So I think that it's just dead code. Many other caller of pte_offset_map_lock() never check NULL return, so let's do likewise. Link: http://lkml.kernel.org/r/1495089737-1292-1-git-send-email-n-horiguchi@ah.jp.nec.com Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com> Acked-by: Vlastimil Babka <vbabka@suse.cz> Cc: Mel Gorman <mgorman@suse.de> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Rik van Riel <riel@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2017-07-06 16:24:33 -07:00
Kirill A. Shutemov	c2febafc67	mm: convert generic code to 5-level paging ... Convert all non-architecture-specific code to 5-level paging. It's mostly mechanical adding handling one more page table level in places where we deal with pud_t. Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Acked-by: Michal Hocko <mhocko@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2017-03-09 11:48:47 -08:00
Aneesh Kumar K.V	288bc54949	mm/autonuma: let architecture override how the write bit should be stashed in a protnone pte. ... Patch series "Numabalancing preserve write fix", v2. This patch series address an issue w.r.t THP migration and autonuma preserve write feature. migrate_misplaced_transhuge_page() cannot deal with concurrent modification of the page. It does a page copy without following the migration pte sequence. IIUC, this was done to keep the migration simpler and at the time of implemenation we didn't had THP page cache which would have required a more elaborate migration scheme. That means thp autonuma migration expect the protnone with saved write to be done such that both kernel and user cannot update the page content. This patch series enables archs like ppc64 to do that. We are good with the hash translation mode with the current code, because we never create a hardware page table entry for a protnone pte. This patch (of 2): Autonuma preserves the write permission across numa fault to avoid taking a writefault after a numa fault (Commit: b191f9b106ea " mm: numa: preserve PTE write permissions across a NUMA hinting fault"). Architecture can implement protnone in different ways and some may choose to implement that by clearing Read/ Write/Exec bit of pte. Setting the write bit on such pte can result in wrong behaviour. Fix this up by allowing arch to override how to save the write bit on a protnone pte. [aneesh.kumar@linux.vnet.ibm.com: don't mark pte saved write in case of dirty_accountable] Link: http://lkml.kernel.org/r/1487942884-16517-1-git-send-email-aneesh.kumar@linux.vnet.ibm.com [aneesh.kumar@linux.vnet.ibm.com: v3] Link: http://lkml.kernel.org/r/1487498625-10891-2-git-send-email-aneesh.kumar@linux.vnet.ibm.com Link: http://lkml.kernel.org/r/1487050314-3892-2-git-send-email-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Acked-by: Michael Neuling <mikey@neuling.org> Cc: Rik van Riel <riel@surriel.com> Cc: Mel Gorman <mgorman@techsingularity.net> Cc: Paul Mackerras <paulus@samba.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Michael Ellerman <michaele@au1.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2017-02-24 17:46:56 -08:00
Andrea Arcangeli	175ad4f1e7	mm: mprotect: use pmd_trans_unstable instead of taking the pmd_lock ... pmd_trans_unstable does an atomic read on the pmd so it doesn't require the pmd_lock for the same check. This also removes the special assumption that the mmap_sem is hold for writing if prot_numa is not set. userfaultfd will hold the mmap_sem only for reading in change_pte_range like prot_numa, but it will not set prot_numa. This is always a valid micro-optimization regardless of userfaultfd. [kirill@shutemov.name: drop unneeded pmd_trans_unstable(pmd) check after __split_huge_pmd()] Link: http://lkml.kernel.org/r/20170208120421.GE5578@node.shutemov.name Link: http://lkml.kernel.org/r/20161216144821.5183-43-aarcange@redhat.com Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Cc: Hillf Danton <hillf.zj@alibaba-inc.com> Cc: Michael Rapoport <RAPOPORT@il.ibm.com> Cc: Mike Kravetz <mike.kravetz@oracle.com> Cc: Mike Rapoport <rppt@linux.vnet.ibm.com> Cc: Pavel Emelyanov <xemul@parallels.com> Cc: "Kirill A. Shutemov" <kirill@shutemov.name> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2017-02-22 16:41:29 -08:00
Linus Torvalds	7c0f6ba682	Replace <asm/uaccess.h> with <linux/uaccess.h> globally ... This was entirely automated, using the script by Al: PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*<asm/uaccess.h>' sed -i -e "s!$PATT!#include <linux/uaccess.h>!" \ $(git grep -l "$PATT"|grep -v ^include/linux/uaccess.h) to do the replacement at the end of the merge window. Requested-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2016-12-24 11:46:01 -08:00
Heiko Carstens	c7142aead8	mm/pkeys: generate pkey system call code only if ARCH_HAS_PKEYS is selected ... Having code for the pkey_mprotect, pkey_alloc and pkey_free system calls makes only sense if ARCH_HAS_PKEYS is selected. If not selected these system calls will always return -ENOSPC or -EINVAL. To simplify things and have less code generate the pkey system call code only if ARCH_HAS_PKEYS is selected. For architectures which have already wired up the system calls, but do not select ARCH_HAS_PKEYS this will result in less generated code and a different return code: the three system calls will now always return -ENOSYS, using the cond_syscall mechanism. For architectures which have not wired up the system calls less unreachable code will be generated. Link: http://lkml.kernel.org/r/20161114111251.70084-1-heiko.carstens@de.ibm.com Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Acked-by: Dave Hansen <dave.hansen@linux.intel.com> Cc: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2016-12-12 18:55:07 -08:00
David Rientjes	fd60775aea	mm, thp: avoid unlikely branches for split_huge_pmd ... While doing MADV_DONTNEED on a large area of thp memory, I noticed we encountered many unlikely() branches in profiles for each backing hugepage. This is because zap_pmd_range() would call split_huge_pmd(), which rechecked the conditions that were already validated, but as part of an unlikely() branch. Avoid the unlikely() branch when in a context where pmd is known to be good for __split_huge_pmd() directly. Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1610181600300.84525@chino.kir.corp.google.com Signed-off-by: David Rientjes <rientjes@google.com> Acked-by: Vlastimil Babka <vbabka@suse.cz> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2016-12-12 18:55:07 -08:00
Andi Kleen	3e32158767	mm/mprotect.c: don't touch single threaded PTEs which are on the right node ... We had some problems with pages getting unmapped in single threaded affinitized processes. It was tracked down to NUMA scanning. In this case it doesn't make any sense to unmap pages if the process is single threaded and the page is already on the node the process is running on. Add a check for this case into the numa protection code, and skip unmapping if true. In theory the process could be migrated later, but we will eventually rescan and unmap and migrate then. In theory this could be made more fancy: remembering this state per process or even whole mm. However that would need extra tracking and be more complicated, and the simple check seems to work fine so far. [ak@linux.intel.com: v3: Minor updates from Mel. Change code layout] Link: http://lkml.kernel.org/r/1476382117-5440-1-git-send-email-andi@firstfloor.org Link: http://lkml.kernel.org/r/1476288949-20970-1-git-send-email-andi@firstfloor.org Signed-off-by: Andi Kleen <ak@linux.intel.com> Acked-by: Mel Gorman <mgorman@suse.de> Cc: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2016-12-12 18:55:07 -08:00
Wei Yongjun	137baabe35	mm/numa: Remove duplicated include from mprotect.c ... Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: linux-mm@kvack.org Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Mel Gorman <mgorman@techsingularity.net> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> Link: http://lkml.kernel.org/r/1476719259-6214-1-git-send-email-weiyj.lk@gmail.com Signed-off-by: Thomas Gleixner <tglx@linutronix.de>	2016-10-19 17:28:48 +02:00
Linus Torvalds	93c26d7dc0	Merge branch 'mm-pkeys-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip ... Pull protection keys syscall interface from Thomas Gleixner: "This is the final step of Protection Keys support which adds the syscalls so user space can actually allocate keys and protect memory areas with them. Details and usage examples can be found in the documentation. The mm side of this has been acked by Mel" * 'mm-pkeys-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/pkeys: Update documentation x86/mm/pkeys: Do not skip PKRU register if debug registers are not used x86/pkeys: Fix pkeys build breakage for some non-x86 arches x86/pkeys: Add self-tests x86/pkeys: Allow configuration of init_pkru x86/pkeys: Default to a restrictive init PKRU pkeys: Add details of system call use to Documentation/ generic syscalls: Wire up memory protection keys syscalls x86: Wire up protection keys system calls x86/pkeys: Allocation/free syscalls x86/pkeys: Make mprotect_key() mask off additional vm_flags mm: Implement new pkey_mprotect() system call x86/pkeys: Add fault handling for PF_PK page fault bit	2016-10-10 11:01:51 -07:00
Andrea Arcangeli	e86f15ee64	mm: vma_merge: fix vm_page_prot SMP race condition against rmap_walk ... The rmap_walk can access vm_page_prot (and potentially vm_flags in the pte/pmd manipulations). So it's not safe to wait the caller to update the vm_page_prot/vm_flags after vma_merge returned potentially removing the "next" vma and extending the "current" vma over the next->vm_start,vm_end range, but still with the "current" vma vm_page_prot, after releasing the rmap locks. The vm_page_prot/vm_flags must be transferred from the "next" vma to the current vma while vma_merge still holds the rmap locks. The side effect of this race condition is pte corruption during migrate as remove_migration_ptes when run on a address of the "next" vma that got removed, used the vm_page_prot of the current vma. migrate mprotect ------------ ------------- migrating in "next" vma vma_merge() # removes "next" vma and # extends "current" vma # current vma is not with # vm_page_prot updated remove_migration_ptes read vm_page_prot of current "vma" establish pte with wrong permissions vm_set_page_prot(vma) # too late! change_protection in the old vma range only, next range is not updated This caused segmentation faults and potentially memory corruption in heavy mprotect loads with some light page migration caused by compaction in the background. Hugh Dickins pointed out the comment about the Odd case 8 in vma_merge which confirms the case 8 is only buggy one where the race can trigger, in all other vma_merge cases the above cannot happen. This fix removes the oddness factor from case 8 and it converts it from: AAAA PPPPNNNNXXXX -> PPPPNNNNNNNN to: AAAA PPPPNNNNXXXX -> PPPPXXXXXXXX XXXX has the right vma properties for the whole merged vma returned by vma_adjust, so it solves the problem fully. It has the added benefits that the callers could stop updating vma properties when vma_merge succeeds however the callers are not updated by this patch (there are bits like VM_SOFTDIRTY that still need special care for the whole range, as the vma merging ignores them, but as long as they're not processed by rmap walks and instead they're accessed with the mmap_sem at least for reading, they are fine not to be updated within vma_adjust before releasing the rmap_locks). Link: http://lkml.kernel.org/r/1474309513-20313-1-git-send-email-aarcange@redhat.com Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> Reported-by: Aditya Mandaleeka <adityam@microsoft.com> Cc: Rik van Riel <riel@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Mel Gorman <mgorman@techsingularity.net> Cc: Jan Vorlicek <janvorli@microsoft.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2016-10-07 18:46:29 -07:00
Andrea Arcangeli	6d2329f887	mm: vm_page_prot: update with WRITE_ONCE/READ_ONCE ... vma->vm_page_prot is read lockless from the rmap_walk, it may be updated concurrently and this prevents the risk of reading intermediate values. Link: http://lkml.kernel.org/r/1474660305-19222-1-git-send-email-aarcange@redhat.com Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> Cc: Rik van Riel <riel@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Mel Gorman <mgorman@techsingularity.net> Cc: Jan Vorlicek <janvorli@microsoft.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2016-10-07 18:46:29 -07:00
Dave Hansen	e8c24d3a23	x86/pkeys: Allocation/free syscalls ... This patch adds two new system calls: int pkey_alloc(unsigned long flags, unsigned long init_access_rights) int pkey_free(int pkey); These implement an "allocator" for the protection keys themselves, which can be thought of as analogous to the allocator that the kernel has for file descriptors. The kernel tracks which numbers are in use, and only allows operations on keys that are valid. A key which was not obtained by pkey_alloc() may not, for instance, be passed to pkey_mprotect(). These system calls are also very important given the kernel's use of pkeys to implement execute-only support. These help ensure that userspace can never assume that it has control of a key unless it first asks the kernel. The kernel does not promise to preserve PKRU (right register) contents except for allocated pkeys. The 'init_access_rights' argument to pkey_alloc() specifies the rights that will be established for the returned pkey. For instance: pkey = pkey_alloc(flags, PKEY_DENY_WRITE); will allocate 'pkey', but also sets the bits in PKRU[1] such that writing to 'pkey' is already denied. The kernel does not prevent pkey_free() from successfully freeing in-use pkeys (those still assigned to a memory range by pkey_mprotect()). It would be expensive to implement the checks for this, so we instead say, "Just don't do it" since sane software will never do it anyway. Any piece of userspace calling pkey_alloc() needs to be prepared for it to fail. Why? pkey_alloc() returns the same error code (ENOSPC) when there are no pkeys and when pkeys are unsupported. They can be unsupported for a whole host of reasons, so apps must be prepared for this. Also, libraries or LD_PRELOADs might steal keys before an application gets access to them. This allocation mechanism could be implemented in userspace. Even if we did it in userspace, we would still need additional user/kernel interfaces to tell userspace which keys are being used by the kernel internally (such as for execute-only mappings). Having the kernel provide this facility completely removes the need for these additional interfaces, or having an implementation of this in userspace at all. Note that we have to make changes to all of the architectures that do not use mman-common.h because we use the new PKEY_DENY_ACCESS/WRITE macros in arch-independent code. 1. PKRU is the Protection Key Rights User register. It is a usermode-accessible register that controls whether writes and/or access to each individual pkey is allowed or denied. Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Acked-by: Mel Gorman <mgorman@techsingularity.net> Cc: linux-arch@vger.kernel.org Cc: Dave Hansen <dave@sr71.net> Cc: arnd@arndb.de Cc: linux-api@vger.kernel.org Cc: linux-mm@kvack.org Cc: luto@kernel.org Cc: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org Link: http://lkml.kernel.org/r/20160729163015.444FE75F@viggo.jf.intel.com Signed-off-by: Thomas Gleixner <tglx@linutronix.de>	2016-09-09 13:02:27 +02:00
Dave Hansen	a8502b67d7	x86/pkeys: Make mprotect_key() mask off additional vm_flags ... Today, mprotect() takes 4 bits of data: PROT_READ/WRITE/EXEC/NONE. Three of those bits: READ/WRITE/EXEC get translated directly in to vma->vm_flags by calc_vm_prot_bits(). If a bit is unset in mprotect()'s 'prot' argument then it must be cleared in vma->vm_flags during the mprotect() call. We do this clearing today by first calculating the VMA flags we want set, then clearing the ones we do not want to inherit from the original VMA: vm_flags = calc_vm_prot_bits(prot, key); ... newflags = vm_flags; newflags |= (vma->vm_flags & ~(VM_READ | VM_WRITE | VM_EXEC)); However, we *also* want to mask off the original VMA's vm_flags in which we store the protection key. To do that, this patch adds a new macro: ARCH_VM_PKEY_FLAGS which allows the architecture to specify additional bits that it would like cleared. We use that to ensure that the VM_PKEY_BIT* bits get cleared. Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Acked-by: Mel Gorman <mgorman@techsingularity.net> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Cc: linux-arch@vger.kernel.org Cc: Dave Hansen <dave@sr71.net> Cc: arnd@arndb.de Cc: linux-api@vger.kernel.org Cc: linux-mm@kvack.org Cc: luto@kernel.org Cc: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org Link: http://lkml.kernel.org/r/20160729163013.E48D6981@viggo.jf.intel.com Signed-off-by: Thomas Gleixner <tglx@linutronix.de>	2016-09-09 13:02:26 +02:00
Dave Hansen	7d06d9c9bd	mm: Implement new pkey_mprotect() system call ... pkey_mprotect() is just like mprotect, except it also takes a protection key as an argument. On systems that do not support protection keys, it still works, but requires that key=0. Otherwise it does exactly what mprotect does. I expect it to get used like this, if you want to guarantee that any mapping you create can *never* be accessed without the right protection keys set up. int real_prot = PROT_READ|PROT_WRITE; pkey = pkey_alloc(0, PKEY_DENY_ACCESS); ptr = mmap(NULL, PAGE_SIZE, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0); ret = pkey_mprotect(ptr, PAGE_SIZE, real_prot, pkey); This way, there is *no* window where the mapping is accessible since it was always either PROT_NONE or had a protection key set that denied all access. We settled on 'unsigned long' for the type of the key here. We only need 4 bits on x86 today, but I figured that other architectures might need some more space. Semantically, we have a bit of a problem if we combine this syscall with our previously-introduced execute-only support: What do we do when we mix execute-only pkey use with pkey_mprotect() use? For instance: pkey_mprotect(ptr, PAGE_SIZE, PROT_WRITE, 6); // set pkey=6 mprotect(ptr, PAGE_SIZE, PROT_EXEC); // set pkey=X_ONLY_PKEY? mprotect(ptr, PAGE_SIZE, PROT_WRITE); // is pkey=6 again? To solve that, we make the plain-mprotect()-initiated execute-only support only apply to VMAs that have the default protection key (0) set on them. Proposed semantics: 1. protection key 0 is special and represents the default, "unassigned" protection key. It is always allocated. 2. mprotect() never affects a mapping's pkey_mprotect()-assigned protection key. A protection key of 0 (even if set explicitly) represents an unassigned protection key. 2a. mprotect(PROT_EXEC) on a mapping with an assigned protection key may or may not result in a mapping with execute-only properties. pkey_mprotect() plus pkey_set() on all threads should be used to _guarantee_ execute-only semantics if this is not a strong enough semantic. 3. mprotect(PROT_EXEC) may result in an "execute-only" mapping. The kernel will internally attempt to allocate and dedicate a protection key for the purpose of execute-only mappings. This may not be possible in cases where there are no free protection keys available. It can also happen, of course, in situations where there is no hardware support for protection keys. Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Acked-by: Mel Gorman <mgorman@techsingularity.net> Cc: linux-arch@vger.kernel.org Cc: Dave Hansen <dave@sr71.net> Cc: arnd@arndb.de Cc: linux-api@vger.kernel.org Cc: linux-mm@kvack.org Cc: luto@kernel.org Cc: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org Link: http://lkml.kernel.org/r/20160729163012.3DDD36C4@viggo.jf.intel.com Signed-off-by: Thomas Gleixner <tglx@linutronix.de>	2016-09-09 13:02:26 +02:00
Naoya Horiguchi	337d9abf1c	mm: thp: check pmd_trans_unstable() after split_huge_pmd() ... split_huge_pmd() doesn't guarantee that the pmd is normal pmd pointing to pte entries, which can be checked with pmd_trans_unstable(). Some callers make this assertion and some do it differently and some not, so let's do it in a unified manner. Link: http://lkml.kernel.org/r/1464741400-12143-1-git-send-email-n-horiguchi@ah.jp.nec.com Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com> Cc: "Kirill A. Shutemov" <kirill@shutemov.name> Cc: Hugh Dickins <hughd@google.com> Cc: Mel Gorman <mgorman@techsingularity.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2016-07-26 16:19:19 -07:00
Michal Hocko	dc0ef0df7b	mm: make mmap_sem for write waits killable for mm syscalls ... This is a follow up work for oom_reaper [1]. As the async OOM killing depends on oom_sem for read we would really appreciate if a holder for write didn't stood in the way. This patchset is changing many of down_write calls to be killable to help those cases when the writer is blocked and waiting for readers to release the lock and so help __oom_reap_task to process the oom victim. Most of the patches are really trivial because the lock is help from a shallow syscall paths where we can return EINTR trivially and allow the current task to die (note that EINTR will never get to the userspace as the task has fatal signal pending). Others seem to be easy as well as the callers are already handling fatal errors and bail and return to userspace which should be sufficient to handle the failure gracefully. I am not familiar with all those code paths so a deeper review is really appreciated. As this work is touching more areas which are not directly connected I have tried to keep the CC list as small as possible and people who I believed would be familiar are CCed only to the specific patches (all should have received the cover though). This patchset is based on linux-next and it depends on down_write_killable for rw_semaphores which got merged into tip locking/rwsem branch and it is merged into this next tree. I guess it would be easiest to route these patches via mmotm because of the dependency on the tip tree but if respective maintainers prefer other way I have no objections. I haven't covered all the mmap_write(mm->mmap_sem) instances here $ git grep "down_write(.*\<mmap_sem\>)" next/master | wc -l 98 $ git grep "down_write(.*\<mmap_sem\>)" | wc -l 62 I have tried to cover those which should be relatively easy to review in this series because this alone should be a nice improvement. Other places can be changed on top. [0] http://lkml.kernel.org/r/1456752417-9626-1-git-send-email-mhocko@kernel.org [1] http://lkml.kernel.org/r/1452094975-551-1-git-send-email-mhocko@kernel.org [2] http://lkml.kernel.org/r/1456750705-7141-1-git-send-email-mhocko@kernel.org This patch (of 18): This is the first step in making mmap_sem write waiters killable. It focuses on the trivial ones which are taking the lock early after entering the syscall and they are not changing state before. Therefore it is very easy to change them to use down_write_killable and immediately return with -EINTR. This will allow the waiter to pass away without blocking the mmap_sem which might be required to make a forward progress. E.g. the oom reaper will need the lock for reading to dismantle the OOM victim address space. The only tricky function in this patch is vm_mmap_pgoff which has many call sites via vm_mmap. To reduce the risk keep vm_mmap with the original non-killable semantic for now. vm_munmap callers do not bother checking the return value so open code it into the munmap syscall path for now for simplicity. Signed-off-by: Michal Hocko <mhocko@suse.com> Acked-by: Vlastimil Babka <vbabka@suse.cz> Cc: Mel Gorman <mgorman@suse.de> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> Cc: Konstantin Khlebnikov <koct9i@gmail.com> Cc: Hugh Dickins <hughd@google.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: David Rientjes <rientjes@google.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2016-05-23 17:04:14 -07:00
Piotr Kwapulinski	f138556daf	mm/mprotect.c: don't imply PROT_EXEC on non-exec fs ... The mprotect(PROT_READ) fails when called by the READ_IMPLIES_EXEC binary on a memory mapped file located on non-exec fs. The mprotect does not check whether fs is _executable_ or not. The PROT_EXEC flag is set automatically even if a memory mapped file is located on non-exec fs. Fix it by checking whether a memory mapped file is located on a non-exec fs. If so the PROT_EXEC is not implied by the PROT_READ. The implementation uses the VM_MAYEXEC flag set properly in mmap. Now it is consistent with mmap. I did the isolated tests (PT_GNU_STACK X/NX, multiple VMAs, X/NX fs). I also patched the official 3.19.0-47-generic Ubuntu 14.04 kernel and it seems to work. Signed-off-by: Piotr Kwapulinski <kwapulinski.piotr@gmail.com> Cc: Mel Gorman <mgorman@suse.de> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Konstantin Khlebnikov <koct9i@gmail.com> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2016-03-22 15:36:02 -07:00
Dave Hansen	62b5f7d013	mm/core, x86/mm/pkeys: Add execute-only protection keys support ... Protection keys provide new page-based protection in hardware. But, they have an interesting attribute: they only affect data accesses and never affect instruction fetches. That means that if we set up some memory which is set as "access-disabled" via protection keys, we can still execute from it. This patch uses protection keys to set up mappings to do just that. If a user calls: mmap(..., PROT_EXEC); or mprotect(ptr, sz, PROT_EXEC); (note PROT_EXEC-only without PROT_READ/WRITE), the kernel will notice this, and set a special protection key on the memory. It also sets the appropriate bits in the Protection Keys User Rights (PKRU) register so that the memory becomes unreadable and unwritable. I haven't found any userspace that does this today. With this facility in place, we expect userspace to move to use it eventually. Userspace _could_ start doing this today. Any PROT_EXEC calls get converted to PROT_READ inside the kernel, and would transparently be upgraded to "true" PROT_EXEC with this code. IOW, userspace never has to do any PROT_EXEC runtime detection. This feature provides enhanced protection against leaking executable memory contents. This helps thwart attacks which are attempting to find ROP gadgets on the fly. But, the security provided by this approach is not comprehensive. The PKRU register which controls access permissions is a normal user register writable from unprivileged userspace. An attacker who can execute the 'wrpkru' instruction can easily disable the protection provided by this feature. The protection key that is used for execute-only support is permanently dedicated at compile time. This is fine for now because there is currently no API to set a protection key other than this one. Despite there being a constant PKRU value across the entire system, we do not set it unless this feature is in use in a process. That is to preserve the PKRU XSAVE 'init state', which can lead to faster context switches. PKRU *is* a user register and the kernel is modifying it. That means that code doing: pkru = rdpkru() pkru |= 0x100; mmap(..., PROT_EXEC); wrpkru(pkru); could lose the bits in PKRU that enforce execute-only permissions. To avoid this, we suggest avoiding ever calling mmap() or mprotect() when the PKRU value is expected to be unstable. Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Andy Lutomirski <luto@kernel.org> Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Borislav Petkov <bp@suse.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Chen Gang <gang.chen.5i5j@gmail.com> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Dave Chinner <david@fromorbit.com> Cc: Dave Hansen <dave@sr71.net> Cc: David Hildenbrand <dahi@linux.vnet.ibm.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Kees Cook <keescook@chromium.org> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Konstantin Khlebnikov <koct9i@gmail.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mel Gorman <mgorman@suse.de> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Piotr Kwapulinski <kwapulinski.piotr@gmail.com> Cc: Rik van Riel <riel@redhat.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Vladimir Murzin <vladimir.murzin@arm.com> Cc: Will Deacon <will.deacon@arm.com> Cc: keescook@google.com Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org Link: http://lkml.kernel.org/r/20160212210240.CB4BB5CA@viggo.jf.intel.com Signed-off-by: Ingo Molnar <mingo@kernel.org>	2016-02-18 19:46:33 +01:00
Dave Hansen	e6bfb70959	mm/core, arch, powerpc: Pass a protection key in to calc_vm_flag_bits() ... This plumbs a protection key through calc_vm_flag_bits(). We could have done this in calc_vm_prot_bits(), but I did not feel super strongly which way to go. It was pretty arbitrary which one to use. Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Arve Hjønnevåg <arve@android.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Chen Gang <gang.chen.5i5j@gmail.com> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Dave Chinner <david@fromorbit.com> Cc: Dave Hansen <dave@sr71.net> Cc: David Airlie <airlied@linux.ie> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Geliang Tang <geliangtang@163.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Konstantin Khlebnikov <koct9i@gmail.com> Cc: Leon Romanovsky <leon@leon.nu> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Masahiro Yamada <yamada.masahiro@socionext.com> Cc: Maxime Coquelin <mcoquelin.stm32@gmail.com> Cc: Mel Gorman <mgorman@suse.de> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Paul Gortmaker <paul.gortmaker@windriver.com> Cc: Paul Mackerras <paulus@samba.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Rik van Riel <riel@redhat.com> Cc: Riley Andrews <riandrews@android.com> Cc: Vladimir Davydov <vdavydov@virtuozzo.com> Cc: devel@driverdev.osuosl.org Cc: linux-api@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/20160212210231.E6F1F0D6@viggo.jf.intel.com Signed-off-by: Ingo Molnar <mingo@kernel.org>	2016-02-18 19:46:30 +01:00
Kirill A. Shutemov	6b9116a652	mm, dax: check for pmd_none() after split_huge_pmd() ... DAX implements split_huge_pmd() by clearing pmd. This simple approach reduces memory overhead, as we don't need to deposit page table on huge page mapping to make split_huge_pmd() never-fail. PTE table can be allocated and populated later on page fault from backing store. But one side effect is that have to check if pmd is pmd_none() after split_huge_pmd(). In most places we do this already to deal with parallel MADV_DONTNEED. But I found two call sites which is not affected by MADV_DONTNEED (due down_write(mmap_sem)), but need to have the check to work with DAX properly. Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Matthew Wilcox <willy@linux.intel.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Ross Zwisler <ross.zwisler@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2016-02-11 18:35:48 -08:00
Dan Williams	5c7fb56e5e	mm, dax: dax-pmd vs thp-pmd vs hugetlbfs-pmd ... A dax-huge-page mapping while it uses some thp helpers is ultimately not a transparent huge page. The distinction is especially important in the get_user_pages() path. pmd_devmap() is used to distinguish dax-pmds from pmd_huge() and pmd_trans_huge() which have slightly different semantics. Explicitly mark the pmd_trans_huge() helpers that dax needs by adding pmd_devmap() checks. [kirill.shutemov@linux.intel.com: fix regression in handling mlocked pages in __split_huge_pmd()] Signed-off-by: Dan Williams <dan.j.williams@intel.com> Cc: Dave Hansen <dave@sr71.net> Cc: Mel Gorman <mgorman@suse.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Matthew Wilcox <willy@linux.intel.com> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2016-01-15 17:56:32 -08:00
Kirill A. Shutemov	78ddc53473	thp: rename split_huge_page_pmd() to split_huge_pmd() ... We are going to decouple splitting THP PMD from splitting underlying compound page. This patch renames split_huge_page_pmd*() functions to split_huge_pmd*() to reflect the fact that it doesn't imply page splitting, only PMD. Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Tested-by: Sasha Levin <sasha.levin@oracle.com> Tested-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Acked-by: Jerome Marchand <jmarchan@redhat.com> Acked-by: Vlastimil Babka <vbabka@suse.cz> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Mel Gorman <mgorman@suse.de> Cc: Rik van Riel <riel@redhat.com> Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com> Cc: Steve Capper <steve.capper@linaro.org> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@suse.cz> Cc: Christoph Lameter <cl@linux.com> Cc: David Rientjes <rientjes@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2016-01-15 17:56:32 -08:00
Konstantin Khlebnikov	8463833590	mm: rework virtual memory accounting ... When inspecting a vague code inside prctl(PR_SET_MM_MEM) call (which testing the RLIMIT_DATA value to figure out if we're allowed to assign new @start_brk, @brk, @start_data, @end_data from mm_struct) it's been commited that RLIMIT_DATA in a form it's implemented now doesn't do anything useful because most of user-space libraries use mmap() syscall for dynamic memory allocations. Linus suggested to convert RLIMIT_DATA rlimit into something suitable for anonymous memory accounting. But in this patch we go further, and the changes are bundled together as: * keep vma counting if CONFIG_PROC_FS=n, will be used for limits * replace mm->shared_vm with better defined mm->data_vm * account anonymous executable areas as executable * account file-backed growsdown/up areas as stack * drop struct file* argument from vm_stat_account * enforce RLIMIT_DATA for size of data areas This way code looks cleaner: now code/stack/data classification depends only on vm_flags state: VM_EXEC & ~VM_WRITE -> code (VmExe + VmLib in proc) VM_GROWSUP | VM_GROWSDOWN -> stack (VmStk) VM_WRITE & ~VM_SHARED & !stack -> data (VmData) The rest (VmSize - VmData - VmStk - VmExe - VmLib) could be called "shared", but that might be strange beast like readonly-private or VM_IO area. - RLIMIT_AS limits whole address space "VmSize" - RLIMIT_STACK limits stack "VmStk" (but each vma individually) - RLIMIT_DATA now limits "VmData" Signed-off-by: Konstantin Khlebnikov <koct9i@gmail.com> Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org> Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com> Cc: Vegard Nossum <vegard.nossum@oracle.com> Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Willy Tarreau <w@1wt.eu> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Kees Cook <keescook@google.com> Cc: Vladimir Davydov <vdavydov@virtuozzo.com> Cc: Pavel Emelyanov <xemul@virtuozzo.com> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2016-01-14 16:00:49 -08:00
Andrea Arcangeli	19a809afe2	userfaultfd: teach vma_merge to merge across vma->vm_userfaultfd_ctx ... vma->vm_userfaultfd_ctx is yet another vma parameter that vma_merge must be aware about so that we can merge vmas back like they were originally before arming the userfaultfd on some memory range. Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> Acked-by: Pavel Emelyanov <xemul@parallels.com> Cc: Sanidhya Kashyap <sanidhya.gatech@gmail.com> Cc: zhang.zhanghailiang@huawei.com Cc: "Kirill A. Shutemov" <kirill@shutemov.name> Cc: Andres Lagar-Cavilla <andreslc@google.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Rik van Riel <riel@redhat.com> Cc: Mel Gorman <mgorman@suse.de> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Hugh Dickins <hughd@google.com> Cc: Peter Feiner <pfeiner@google.com> Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: "Huangpeng (Peter)" <peter.huangpeng@huawei.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2015-09-04 16:54:41 -07:00
Kirill A. Shutemov	36f881883c	mm: fix mprotect() behaviour on VM_LOCKED VMAs ... On mlock(2) we trigger COW on private writable VMA to avoid faults in future. mm/gup.c: 840 long populate_vma_page_range(struct vm_area_struct *vma, 841 unsigned long start, unsigned long end, int *nonblocking) 842 { ... 855 * We want to touch writable mappings with a write fault in order 856 * to break COW, except for shared mappings because these don't COW 857 * and we would not want to dirty them for nothing. 858 */ 859 if ((vma->vm_flags & (VM_WRITE | VM_SHARED)) == VM_WRITE) 860 gup_flags |= FOLL_WRITE; But we miss this case when we make VM_LOCKED VMA writeable via mprotect(2). The test case: #define _GNU_SOURCE #include <fcntl.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <sys/mman.h> #include <sys/resource.h> #include <sys/stat.h> #include <sys/time.h> #include <sys/types.h> #define PAGE_SIZE 4096 int main(int argc, char **argv) { struct rusage usage; long before; char *p; int fd; /* Create a file and populate first page of page cache */ fd = open("/tmp", O_TMPFILE | O_RDWR, S_IRUSR | S_IWUSR); write(fd, "1", 1); /* Create a *read-only* *private* mapping of the file */ p = mmap(NULL, PAGE_SIZE, PROT_READ, MAP_PRIVATE, fd, 0); /* * Since the mapping is read-only, mlock() will populate the mapping * with PTEs pointing to page cache without triggering COW. */ mlock(p, PAGE_SIZE); /* * Mapping became read-write, but it's still populated with PTEs * pointing to page cache. */ mprotect(p, PAGE_SIZE, PROT_READ | PROT_WRITE); getrusage(RUSAGE_SELF, &usage); before = usage.ru_minflt; /* Trigger COW: fault in mlock()ed VMA. */ *p = 1; getrusage(RUSAGE_SELF, &usage); printf("faults: %ld\n", usage.ru_minflt - before); return 0; } $ ./test faults: 1 Let's fix it by triggering populating of VMA in mprotect_fixup() on this condition. We don't care about population error as we don't in other similar cases i.e. mremap. [akpm@linux-foundation.org: tweak comment text] Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2015-06-24 17:49:41 -07:00
Mel Gorman	b191f9b106	mm: numa: preserve PTE write permissions across a NUMA hinting fault ... Protecting a PTE to trap a NUMA hinting fault clears the writable bit and further faults are needed after trapping a NUMA hinting fault to set the writable bit again. This patch preserves the writable bit when trapping NUMA hinting faults. The impact is obvious from the number of minor faults trapped during the basis balancing benchmark and the system CPU usage; autonumabench 4.0.0-rc4 4.0.0-rc4 baseline preserve Time System-NUMA01 107.13 ( 0.00%) 103.13 ( 3.73%) Time System-NUMA01_THEADLOCAL 131.87 ( 0.00%) 83.30 ( 36.83%) Time System-NUMA02 8.95 ( 0.00%) 10.72 (-19.78%) Time System-NUMA02_SMT 4.57 ( 0.00%) 3.99 ( 12.69%) Time Elapsed-NUMA01 515.78 ( 0.00%) 517.26 ( -0.29%) Time Elapsed-NUMA01_THEADLOCAL 384.10 ( 0.00%) 384.31 ( -0.05%) Time Elapsed-NUMA02 48.86 ( 0.00%) 48.78 ( 0.16%) Time Elapsed-NUMA02_SMT 47.98 ( 0.00%) 48.12 ( -0.29%) 4.0.0-rc4 4.0.0-rc4 baseline preserve User 44383.95 43971.89 System 252.61 201.24 Elapsed 998.68 1000.94 Minor Faults 2597249 1981230 Major Faults 365 364 There is a similar drop in system CPU usage using Dave Chinner's xfsrepair workload 4.0.0-rc4 4.0.0-rc4 baseline preserve Amean real-xfsrepair 454.14 ( 0.00%) 442.36 ( 2.60%) Amean syst-xfsrepair 277.20 ( 0.00%) 204.68 ( 26.16%) The patch looks hacky but the alternatives looked worse. The tidest was to rewalk the page tables after a hinting fault but it was more complex than this approach and the performance was worse. It's not generally safe to just mark the page writable during the fault if it's a write fault as it may have been read-only for COW so that approach was discarded. Signed-off-by: Mel Gorman <mgorman@suse.de> Reported-by: Dave Chinner <david@fromorbit.com> Tested-by: Dave Chinner <david@fromorbit.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Aneesh Kumar <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2015-03-25 16:20:31 -07:00
Mel Gorman	10c1045f28	mm: numa: avoid unnecessary TLB flushes when setting NUMA hinting entries ... If a PTE or PMD is already marked NUMA when scanning to mark entries for NUMA hinting then it is not necessary to update the entry and incur a TLB flush penalty. Avoid the avoidhead where possible. Signed-off-by: Mel Gorman <mgorman@suse.de> Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Dave Jones <davej@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Kirill Shutemov <kirill.shutemov@linux.intel.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Rik van Riel <riel@redhat.com> Cc: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2015-02-12 18:54:08 -08:00
Mel Gorman	e944fd67b6	mm: numa: do not trap faults on the huge zero page ... Faults on the huge zero page are pointless and there is a BUG_ON to catch them during fault time. This patch reintroduces a check that avoids marking the zero page PAGE_NONE. Signed-off-by: Mel Gorman <mgorman@suse.de> Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Dave Jones <davej@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Kirill Shutemov <kirill.shutemov@linux.intel.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Rik van Riel <riel@redhat.com> Cc: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2015-02-12 18:54:08 -08:00
Mel Gorman	4d94246699	mm: convert p[te|md]_mknonnuma and remaining page table manipulations ... With PROT_NONE, the traditional page table manipulation functions are sufficient. [andre.przywara@arm.com: fix compiler warning in pmdp_invalidate()] [akpm@linux-foundation.org: fix build with STRICT_MM_TYPECHECKS] Signed-off-by: Mel Gorman <mgorman@suse.de> Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Acked-by: Aneesh Kumar <aneesh.kumar@linux.vnet.ibm.com> Tested-by: Sasha Levin <sasha.levin@oracle.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Dave Jones <davej@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Kirill Shutemov <kirill.shutemov@linux.intel.com> Cc: Paul Mackerras <paulus@samba.org> Cc: Rik van Riel <riel@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2015-02-12 18:54:08 -08:00
Mel Gorman	8a0516ed8b	mm: convert p[te|md]_numa users to p[te|md]_protnone_numa ... Convert existing users of pte_numa and friends to the new helper. Note that the kernel is broken after this patch is applied until the other page table modifiers are also altered. This patch layout is to make review easier. Signed-off-by: Mel Gorman <mgorman@suse.de> Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Acked-by: Aneesh Kumar <aneesh.kumar@linux.vnet.ibm.com> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Tested-by: Sasha Levin <sasha.levin@oracle.com> Cc: Dave Jones <davej@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Kirill Shutemov <kirill.shutemov@linux.intel.com> Cc: Paul Mackerras <paulus@samba.org> Cc: Rik van Riel <riel@redhat.com> Cc: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2015-02-12 18:54:08 -08:00
Kirill A. Shutemov	0661a33611	mm: remove rest usage of VM_NONLINEAR and pte_file() ... One bit in ->vm_flags is unused now! Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Dan Carpenter <dan.carpenter@oracle.com> Cc: Michal Hocko <mhocko@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>	2015-02-10 14:30:31 -08:00