mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
4582 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Nicolai Stange
|
a3b031d13a |
debugfs: purge obsolete SRCU based removal protection
Purge the SRCU based file removal race protection in favour of the new,
refcount based debugfs_file_get()/debugfs_file_put() API.
Change-Id: If1f40752474e55773aae756fdcc9c5c64891c009
Fixes: 49d200deaa68 ("debugfs: prevent access to removed files' private data")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-commit: c9afbec27089cd6b4e621b639f41c7fc726c3bf1
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Raghavendra Rao Ananta <rananta@codeaurora.org>
|
||
Isaac J. Manjarres
|
44984fa144 |
Merge android-4.14.53 (57c2874) into msm-4.14
* remotes/origin/tmp-57c2874:
Linux 4.14.53
xhci: Fix use-after-free in xhci_free_virt_device
dm thin: handle running out of data space vs concurrent discard
dm zoned: avoid triggering reclaim from inside dmz_map()
x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y
block: Fix cloning of requests with a special payload
block: Fix transfer when chunk sectors exceeds max
slub: fix failure when we delete and create a slab cache
ALSA: hda/realtek - Fix the problem of two front mics on more machines
ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210
ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co
ALSA: timer: Fix UBSAN warning at SNDRV_TIMER_IOCTL_NEXT_DEVICE ioctl
Input: elantech - fix V4 report decoding for module with middle key
Input: elantech - enable middle button of touchpads on ThinkPad P52
Input: elan_i2c_smbus - fix more potential stack buffer overflows
Input: xpad - fix GPD Win 2 controller name
udf: Detect incorrect directory size
xen: Remove unnecessary BUG_ON from __unbind_from_irq()
mm: fix devmem_is_allowed() for sub-page System RAM intersections
mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm()
rbd: flush rbd_dev->watch_dwork after watch is unregistered
pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume
Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID
ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices
video: uvesafb: Fix integer overflow in allocation
NFSv4: Fix a typo in nfs41_sequence_process
NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..")
NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message
nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
media: cx231xx: Add support for AverMedia DVD EZMaker 7
media: v4l2-compat-ioctl32: prevent go past max size
media: vsp1: Release buffers for each video node
perf/x86/intel/uncore: Add event constraint for BDX PCU
perf vendor events: Add Goldmont Plus V1 event file
perf intel-pt: Fix packet decoding of CYC packets
perf intel-pt: Fix "Unexpected indirect branch" error
perf intel-pt: Fix MTC timing after overflow
perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP
perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING
perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
arm: dts: mt7623: fix invalid memory node being generated
mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock
mfd: intel-lpss: Program REMAP register in PIO mode
backlight: tps65217_bl: Fix Device Tree node lookup
backlight: max8925_bl: Fix Device Tree node lookup
backlight: as3711_bl: Fix Device Tree node lookup
UBIFS: Fix potential integer overflow in allocation
ubi: fastmap: Correctly handle interrupted erasures in EBA
ubi: fastmap: Cancel work upon detach
rpmsg: smd: do not use mananged resources for endpoints and channels
md: fix two problems with setting the "re-add" device state.
rtc: sun6i: Fix bit_idx value for clk_register_gate
clk: at91: PLL recalc_rate() now using cached MUL and DIV values
linvdimm, pmem: Preserve read-only setting for pmem devices
scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED
scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return
scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed
scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
scsi: qla2xxx: Mask off Scope bits in retry delay
scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
scsi: hpsa: disable device during shutdown
mm: fix __gup_device_huge vs unmap
iio: sca3000: Fix an error handling path in 'sca3000_probe()'
iio: adc: ad7791: remove sample freq sysfs attributes
Btrfs: fix return value on rename exchange failure
X.509: unpack RSA signatureValue field from BIT STRING
irqchip/gic-v3-its: Don't bind LPI to unavailable NUMA node
time: Make sure jiffies_to_msecs() preserves non-zero time periods
MIPS: io: Add barrier after register read in inX()
cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0
pinctrl: devicetree: Fix pctldev pointer overwrite
pinctrl: samsung: Correct EINTG banks order
auxdisplay: fix broken menu
PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume
PCI: Add ACS quirk for Intel 300 series
PCI: Add ACS quirk for Intel 7th & 8th Gen mobile
PCI: hv: Make sure the bus domain is really unique
MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
mtd: cfi_cmdset_0002: Change write buffer to check correct value
xprtrdma: Return -ENOBUFS when no pages are available
RDMA/mlx4: Discard unknown SQP work requests
IB/hfi1: Fix user context tail allocation for DMA_RTAIL
IB/hfi1: Optimize kthread pointer locking when queuing CQ entries
IB/hfi1: Reorder incorrect send context disable
IB/hfi1: Fix fault injection init/exit issues
IB/isert: fix T10-pi check mask setting
IB/isert: Fix for lib/dma_debug check_sync warning
IB/mlx5: Fetch soft WQE's on fatal error state
IB/core: Make testing MR flags for writability a static inline function
IB/mlx4: Mark user MR as writable if actual virtual memory is writable
IB/{hfi1, qib}: Add handling of kernel restart
IB/qib: Fix DMA api warning with debug kernel
tpm: fix race condition in tpm_common_write()
tpm: fix use after free in tpm2_load_context()
of: platform: stop accessing invalid dev in of_platform_device_destroy
of: unittest: for strings, account for trailing \0 in property length field
of: overlay: validate offset from property fixups
ARM64: dts: meson: disable sd-uhs modes on the libretech-cc
arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance
arm64: kpti: Use early_param for kpti= command-line option
arm64: Fix syscall restarting around signal suppressed by tracer
ARM: dts: socfpga: Fix NAND controller node compatible for Arria10
ARM: dts: socfpga: Fix NAND controller clock supply
ARM: dts: socfpga: Fix NAND controller node compatible
ARM: dts: Fix SPI node for Arria10
ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size
cxl: Disable prefault_mode in Radix mode
soc: rockchip: power-domain: Fix wrong value when power up pd with writemask
powerpc/fadump: Unregister fadump on kexec down path.
cpuidle: powernv: Fix promotion from snooze if next state disabled
powerpc/powernv/cpuidle: Init all present cpus for deep states
powerpc/powernv: copy/paste - Mask SO bit in CR
powerpc/powernv/ioda2: Remove redundant free of TCE pages
powerpc/ptrace: Fix enforcement of DAWR constraints
powerpc/perf: Fix memory allocation for core-imc based on num_possible_cpus()
powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG
powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
fuse: fix control dir setup and teardown
fuse: don't keep dead fuse_conn at fuse_fill_super().
fuse: atomic_o_trunc should truncate pagecache
fuse: fix congested state leak on aborted connections
printk: fix possible reuse of va_list variable
Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader
ipmi:bt: Set the timeout before doing a capabilities check
branch-check: fix long->int truncation when profiling branches
mips: ftrace: fix static function graph tracing
ftrace/selftest: Have the reset_trigger code be a bit more careful
lib/vsprintf: Remove atomic-unsafe support for %pCr
clk: renesas: cpg-mssr: Stop using printk format %pCr
thermal: bcm2835: Stop using printk format %pCr
ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup
ASoC: cirrus: i2s: Fix LRCLK configuration
ASoC: cs35l35: Add use_single_rw to regmap config
ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
1wire: family module autoload fails because of upper/lower case mismatch.
usb: do not reset if a low-speed or full-speed device timed out
PM / OPP: Update voltage in case freq == old_freq
PM / core: Fix supplier device runtime PM usage counter imbalance
PM / Domains: Fix error path during attach in genpd
signal/xtensa: Consistenly use SIGBUS in do_unaligned_user
serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version
m68k/mac: Fix SWIM memory resource end address
m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
x86: Call fixup_exception() before notify_die() in math_error()
x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out()
x86/mce: Fix incorrect "Machine check from unknown source" message
x86/mce: Check for alternate indication of machine check recovery on Skylake
x86/mce: Improve error message when kernel cannot recover
x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec()
FROMLIST: trace: Reorder display of TGID to be after PID
Change-Id: I2e5135127f9d81a39dc77bc84fa50c76ec0b58af
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
Geert Uytterhoeven
|
ea0ac01f68 |
lib/vsprintf: Remove atomic-unsafe support for %pCr
commit 666902e42fd8344b923c02dc5b0f37948ff4f225 upstream.
"%pCr" formats the current rate of a clock, and calls clk_get_rate().
The latter obtains a mutex, hence it must not be called from atomic
context.
Remove support for this rarely-used format, as vsprintf() (and e.g.
printk()) must be callable from any context.
Any remaining out-of-tree users will start seeing the clock's name
printed instead of its rate.
Reported-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Fixes: 900cca2944254edd ("lib/vsprintf: add %pC{,n,r} format specifiers for clocks")
Link: http://lkml.kernel.org/r/1527845302-12159-5-git-send-email-geert+renesas@glider.be
To: Jia-Ju Bai <baijiaju1990@gmail.com>
To: Jonathan Corbet <corbet@lwn.net>
To: Michael Turquette <mturquette@baylibre.com>
To: Stephen Boyd <sboyd@kernel.org>
To: Zhang Rui <rui.zhang@intel.com>
To: Eduardo Valentin <edubezval@gmail.com>
To: Eric Anholt <eric@anholt.net>
To: Stefan Wahren <stefan.wahren@i2se.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: linux-doc@vger.kernel.org
Cc: linux-clk@vger.kernel.org
Cc: linux-pm@vger.kernel.org
Cc: linux-serial@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-renesas-soc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: stable@vger.kernel.org # 4.1+
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Yogesh Lal
|
1c462be3af |
lib: stackdepot: Add support to configure STACK_HASH_SIZE
Use STACK_HASH_ORDER_SHIFT to configure STACK_HASH_SIZE. Aim is to have configurable value for STACK_HASH_SIZE, so depend on use case one can configure it. One example is of Page Owner, default value of STACK_HASH_SIZE lead stack depot to consume 8MB of static memory. Making it configurable and use lower value helps to enable features like CONFIG_PAGE_OWNER without any significant overhead. Change-Id: If6b64d4d4d42c763b00e2719fde5a25e94c10597 Signed-off-by: Yogesh Lal <ylal@codeaurora.org> |
||
|
Isaac J. Manjarres
|
47984a2cfd |
Merge remote-tracking branch 'remotes/origin/tmp-cb1f148' into msm-4.14
* remotes/origin/tmp-cb1f148: Linux 4.14.47 Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU" Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU" Linux 4.14.46 Revert "perf record: Fix crash in pipe mode" tools: sync up .h files with the repective arch and uapi .h files perf tools: Add trace/beauty/generated/ into .gitignore Linux 4.14.45 drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is successful kdb: make "mdr" command repeat pinctrl: mcp23s08: spi: Fix regmap debugfs entries pinctrl: msm: Use dynamic GPIO numbering regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' ARM: dts: porter: Fix HDMI output routing ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet i40e: Add delay after EMP reset for firmware to recover regmap: Correct comparison in regmap_cached ARM: dts: at91: tse850: use the correct compatible for the eeprom drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen2 drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen3 netlabel: If PF_INET6, check sk_buff ip header version selftests/net: fixes psock_fanout eBPF test case perf tests: Fix dwarf unwind for stripped binaries perf report: Fix memory corruption in --branch-history mode --branch-history perf tests: Use arch__compare_symbol_names to compare symbols perf report: Fix wrong jump arrow perf test: Fix test case inet_pton to accept inlines. x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified drm/rockchip: Respect page offset for PRIME mmap calls MIPS: Octeon: Fix logging messages with spurious periods after newlines dpaa_eth: fix pause capability advertisement logic pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group rcu: Call touch_nmi_watchdog() while printing stall warnings net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() audit: return on memory error to avoid null pointer dereference PCMCIA / PM: Avoid noirq suspend aborts during suspend-to-idle ARM: dts: bcm283x: Fix pin function of JTAG pins ARM: dts: bcm283x: Fix probing of bcm2835-i2s power: supply: ltc2941-battery-gauge: Fix temperature units sh_eth: fix TSU init on SH7734/R8A7740 ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode udf: Provide saner default for invalid uid / gid PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 dpaa_eth: fix SG mapping cpufreq: Reorder cpufreq_online() error code path net: stmmac: ensure that the MSS desc is the last desc to set the own bit net: stmmac: ensure that the device has released ownership before reading data drm/amdgpu: adjust timeout for ib_ring_tests(v2) drm/amdgpu: disable GFX ring and disable PQ wptr in hw_fini ARM: dts: dra71-evm: Correct evm_sd regulator max voltage drm: omapdrm: dss: Move initialization code from component bind to probe dmaengine: qcom: bam_dma: get num-channels and num-ees from dt vfio-ccw: fence off transport mode pinctrl: artpec6: dt: add missing pin group uart5nocts pinctrl: devicetree: Fix dt_to_map_one_config handling of hogs hwrng: stm32 - add reset during probe watchdog: asm9260_wdt: fix error handling in asm9260_wdt_probe() enic: enable rq before updating rq descriptors dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() dmaengine: pl330: fix a race condition in case of threaded irqs block: null_blk: fix 'Invalid parameters' when loading module tools: hv: fix compiler warnings about major/target_fname drm/bridge: sii902x: Retry status read after DDI I2C phy: qcom-qmp: Fix phy pipe clock gating ALSA: vmaster: Propagate slave error phy: rockchip-emmc: retry calpad busy trimming x86/devicetree: Fix device IRQ settings in DT x86/devicetree: Initialize device tree before using it gfs2: Fix fallocate chunk size soc: qcom: wcnss_ctrl: Fix increment in NV upload arm64: dts: qcom: Fix SPI5 config on MSM8996 perf/x86/intel: Fix event update for auto-reload perf/x86/intel: Fix large period handling on Broadwell CPUs efi/arm*: Only register page tables when they exist cdrom: do not call check_disk_change() inside cdrom_open() perf/x86/intel: Properly save/restore the PMU state in the NMI handler hwmon: (pmbus/adm1275) Accept negative page register values hwmon: (pmbus/max8688) Accept negative page register values drm/panel: simple: Fix the bus format for the Ontat panel perf/core: Fix perf_output_read_group() max17042: propagate of_node to power supply device perf/core: Fix installing cgroup events on CPU f2fs: fix to check extent cache in f2fs_drop_extent_tree f2fs: fix to clear CP_TRIMMED_FLAG f2fs: fix to set KEEP_SIZE bit in f2fs_zero_range cxl: Check if PSL data-cache is available before issue flush request powerpc/powernv/npu: Fix deadlock in mmio_invalidate() powerpc: Add missing prototype for arch_irq_work_raise() drm/meson: Fix an un-handled error path in 'meson_drv_bind_master()' drm/meson: Fix some error handling paths in 'meson_drv_bind_master()' ipmi_ssif: Fix kernel panic at msg_done_handler watchdog: aspeed: Fix translation of reset mode to ctrl register watchdog: dw: RMW the control register PCI: Restore config space on runtime resume despite being unbound MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset net/smc: pay attention to MAX_ORDER for CQ entries spi: bcm-qspi: fIX some error handling paths regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()' coresight: Use %px to print pcsr instead of %p drm/amdkfd: add missing include of mm.h IB/core: Honor port_num while resolving GID for IB link layer perf stat: Fix core dump when flag T is used perf top: Fix top.call-graph config option reading KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use i2c: mv64xxx: Apply errata delay only in standard mode cxgb4: Fix queue free path of ULD drivers ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c ACPICA: Fix memory leak on unusual memory leak ACPICA: Events: add a return on failure from acpi_hw_register_read dt-bindings: add device tree binding for Allwinner H6 main CCU remoteproc: imx_rproc: Fix an error handling path in 'imx_rproc_probe()' bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set zorro: Set up z->dev.dma_mask for the DMA API IB/mlx5: Set the default active rate and width to QDR and 4X cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path iommu/mediatek: Fix protect memory setting drm/vmwgfx: Unpin the screen object backup buffer when not used ext4: don't complain about incorrect features when probing arm: dts: socfpga: fix GIC PPI warning virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS watchdog: aspeed: Allow configuring for alternate boot ima: Fallback to the builtin hash algorithm ima: Fix Kconfig to select TPM 2.0 CRB interface cxgb4: Setup FW queues before registering netdev ath9k: fix crash in spectral scan nvme-pci: disable APST for Samsung NVMe SSD 960 EVO + ASUS PRIME Z370-A ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) watchdog: davinci_wdt: fix error handling in davinci_wdt_probe() net/mlx5: Protect from command bit overflow selftests: Print the test we're running to /dev/kmsg tools/thermal: tmon: fix for segfault rsi: fix kernel panic observed on 64bit machine powerpc/perf: Fix kernel address leak via sampling registers powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer hwmon: (nct6775) Fix writing pwmX_mode parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode iwlwifi: mvm: check if mac80211_queue is valid in iwl_mvm_disable_txq m68k: set dma and coherent masks for platform FEC ethernets intel_th: Use correct method of finding hub iommu/amd: Take into account that alloc_dev_data() may return NULL ath10k: advertize beacon_int_min_gcd ieee802154: ca8210: fix uninitialised data read powerpc/mpic: Check if cpu_possible() in mpic_physmask() ACPI: acpi_pad: Fix memory leak in power saving threads drivers: macintosh: rack-meter: really fix bogus memsets xen/acpi: off by one in read_acpi_id() rxrpc: Don't treat call aborts as conn aborts rxrpc: Fix Tx ring annotation after initial Tx failure btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers Btrfs: fix copy_items() return value when logging an inode btrfs: tests/qgroup: Fix wrong tree backref level powerpc/64s: sreset panic if there is no debugger or crash dump handlers net: bgmac: Correctly annotate register space net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() sparc64: Make atomic_xchg() an inline function rather than a macro. fscache: Fix hanging wait on page discarded by writeback lan78xx: Connect phy early KVM: VMX: raise internal error for exception during invalid protected mode state x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of this_cpu_has() in build_cr3_noflush() sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning powerpc/64s/idle: Fix restore of AMOR on POWER9 after deep sleep ocfs2/dlm: don't handle migrate lockres if already in shutdown IB/rxe: Fix for oops in rxe_register_device on ppc64le arch btrfs: Fix possible softlock on single core machines Btrfs: fix NULL pointer dereference in log_dir_items Btrfs: bail out on error during replay_dir_deletes mm: thp: fix potential clearing to referenced flag in page_idle_clear_pte_refs_one() mm: fix races between address_space dereference and free in page_evicatable mm/ksm: fix interaction with THP ibmvnic: Zero used TX descriptor counter on reset dp83640: Ensure against premature access to PHY registers after reset perf clang: Add support for recent clang versions perf tools: Fix perf builds with clang support powerpc/fscr: Enable interrupts earlier before calling get_user() cpufreq: CPPC: Initialize shared perf capabilities of CPUs Force log to disk before reading the AGF during a fstrim sr: get/drop reference to device in revalidate and check_events z3fold: fix memory leak swap: divide-by-zero when zero length swap file on ssd fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init x86/pgtable: Don't set huge PUD/PMD on non-leaf entries Btrfs: fix loss of prealloc extents past i_size after fsync log replay Btrfs: clean up resources during umount after trans is aborted nvme: don't send keep-alives to the discovery controller firmware: dmi_scan: Fix UUID length safety check sh: fix debug trap failure to process signals before return to user net: mvneta: fix enable of all initialized RXQs vlan: Fix vlan insertion for packets without ethernet header net: Fix untag for vlan packets without ethernet header qede: Do not drop rx-checksum invalidated packets. hv_netvsc: enable multicast if necessary mm/kmemleak.c: wait for scan completion before disabling free mm/vmstat.c: fix vmstat_update() preemption BUG mm/page_owner: fix recursion bug after changing skip entries mm, slab: memcg_link the SLAB's kmem_cache qede: Fix barrier usage after tx doorbell write. builddeb: Fix header package regarding dtc source links llc: properly handle dev_queue_xmit() return value x86/alternatives: Fixup alternative_call_2 perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs net/mlx5: Make eswitch support to depend on switchdev net: dsa: mt7530: fix module autoloading for OF platform drivers bonding: fix the err path for dev hwaddr sync in bond_enslave net: qmi_wwan: add BroadMobi BM806U 2020:2033 lan78xx: Set ASD in MAC_CR when EEE is enabled. ARM: 8748/1: mm: Define vdso_start, vdso_end as array batman-adv: fix packet loss for broadcasted DHCP packets to a server batman-adv: fix multicast-via-unicast transmission with AP isolation drm/amdkfd: Fix scratch memory with HWS enabled selftests: ftrace: Add a testcase for probepoint selftests: ftrace: Add a testcase for string type with kprobe_event selftests: ftrace: Add probe event argument syntax testcase xfrm: Fix transport mode skb control buffer usage. mm, thp: do not cause memcg oom for thp mm/mempolicy.c: avoid use uninitialized preferred_node drm/ast: Fixed 1280x800 Display Issue net: dsa: Fix functional dsa-loop dependency on FIXED_PHY net/sched: fix idr leak in the error path of tcf_skbmod_init() net/sched: fix idr leak in the error path of __tcf_ipt_init() net/sched: fix idr leak in the error path of tcp_pedit_init() net/sched: fix idr leak in the error path of tcf_act_police_init() net/sched: fix idr leak in the error path of tcf_simp_init() net/sched: fix idr leak on the error path of tcf_bpf_init() RDMA/qedr: Fix QP state initialization race RDMA/qedr: Fix rc initialization on CNQ allocation failure RDMA/qedr: fix QP's ack timeout configuration RDMA/ucma: Correct option size check using optlen kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races brcmfmac: Fix check for ISO3166 code perf/cgroup: Fix child event counting bug drm/tegra: Shutdown on driver unbind iwlwifi: mvm: fix array out of bounds reference iwlwifi: mvm: make sure internal station has a valid id iwlwifi: mvm: clear tx queue id when unreserving aggregation queue iwlwifi: mvm: Increase session protection time after CS vti6: Fix dev->max_mtu setting vti4: Don't override MTU passed on link creation via IFLA_MTU ip_tunnel: Clamp MTU to bounds on new link vti4: Don't count header length twice on tunnel setup batman-adv: Fix skbuff rcsum on packet reroute net/sched: fix NULL dereference in the error path of tcf_sample_init() batman-adv: fix header size check in batadv_dbg_arp() vlan: Fix out of order vlan headers with reorder header off net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off iwlwifi: mvm: fix error checking for multi/broadcast sta iwlwifi: mvm: Correctly set IGTK for AP iwlwifi: mvm: set the correct tid when we flush the MCAST sta xfrm: fix rcu_read_unlock usage in xfrm_local_error drm/nouveau/bl: fix backlight regression drm/imx: move arming of the vblank event to atomic_flush gpu: ipu-v3: prg: avoid possible array underflow KVM: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending sunvnet: does not support GSO for sctp ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu workqueue: use put_device() instead of kfree() bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). can: m_can: select pinctrl state in each suspend/resume function can: m_can: change comparison to bitshift when dealing with a mask netfilter: ebtables: fix erroneous reject of last rule dmaengine: mv_xor_v2: Fix clock resource by adding a register clock lib/test_kmod.c: fix limit check on number of test devices created selftests/vm/run_vmtests: adjust hugetlb size according to nr_cpus arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery ARM: davinci: fix the GPIO lookup for omapl138-hawk hv_netvsc: fix locking during VF setup hv_netvsc: fix locking for rx_mode hv_netvsc: fix filter flags xen: xenbus: use put_device() instead of kfree() xen-blkfront: move negotiate_mq to cover all cases of new VBDs cxgb4: do not set needs_free_netdev for mgmt dev's IB/core: Fix possible crash to access NULL netdev net: smsc911x: Fix unload crash when link is up net: qcom/emac: Use proper free methods during TX qed: Free RoCE ILT Memory on rmmod qedr fsl/fman: avoid sleeping in atomic context while adding an address fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs RDMA/qedr: Fix iWARP write and send with immediate RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA ia64/err-inject: Use get_user_pages_fast() e1000e: allocate ring descriptors with dma_zalloc_coherent e1000e: Fix check_for_link return value with autoneg off perf record: Fix crash in pipe mode ARM: dts: rockchip: Add missing #sound-dai-cells on rk3288 hv_netvsc: propagate rx filters to VF hv_netvsc: filter multicast/broadcast hv_netvsc: use napi_schedule_irqoff batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag watchdog: sbsa: use 32-bit read for WCV watchdog: f71808e_wdt: Fix magic close handling rds: Incorrect reference counting in TCP socket creation iwlwifi: mvm: Correctly set the tid for mcast queue iwlwifi: mvm: Direct multicast frames to the correct station iwlwifi: mvm: fix "failed to remove key" message iwlwifi: avoid collecting firmware dump if not loaded iwlwifi: mvm: fix assert 0x2B00 on older FWs iwlwifi: mvm: Fix channel switch for count 0 and 1 iwlwifi: mvm: fix TX of CCMP 256 net: ethtool: don't ignore return from driver get_fecparam method selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors nvme-pci: Fix EEH failure on ppc block: display the correct diskname for bio ceph: fix potential memory leak in init_caches() Btrfs: fix log replay failure after linking special file and fsync Btrfs: send, fix issuing write op when processing hole in no data mode btrfs: use kvzalloc to allocate btrfs_fs_info drm/sun4i: Fix dclk_set_phase arm64: dts: rockchip: Fix rk3399-gru-* s2r (pinctrl hogs, wifi reset) xfrm: Fix ESN sequence number handling for IPsec GSO packets. drm/amd/amdgpu: Correct VRAM width for APUs with GMC9 xen/pirq: fix error path cleanup when binding MSIs RDMA/bnxt_re: Fix the ib_reg failure cleanup RDMA/bnxt_re: Fix incorrect DB offset calculation RDMA/bnxt_re: Unconditionly fence non wire memory operations IB/mlx: Set slid to zero in Ethernet completion struct ipvs: remove IPS_NAT_MASK check to fix passive FTP ARC: setup cpu possible mask according to possible-cpus dts property ARC: mcip: update MCIP debug mask when the new cpu came online ARC: mcip: halt GFRC counter when ARC cores halt spectrum: Reference count VLAN entries mlxsw: spectrum: Treat IPv6 unregistered multicast as broadcast mlxsw: core: Fix flex keys scratchpad offset conflict net/smc: use link_id of server in confirm link reply nvmet: fix PSDT field check in command format net/tcp/illinois: replace broken algorithm reference link gianfar: Fix Rx byte accounting for ndev stats clocksource/drivers/mips-gic-timer: Use correct shift count to extract data powerpc/boot: Fix random libfdt related build errors ARM: dts: bcm283x: Fix unit address of local_intc ARM: dts: NSP: Fix amount of RAM on BCM958625HR nbd: fix return value in error handling path sit: fix IFLA_MTU ignored on NEWLINK ip6_tunnel: fix IFLA_MTU ignored on NEWLINK ip_gre: fix IFLA_MTU ignored on NEWLINK bcache: fix kcrashes with fio in RAID5 backend dev dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 virtio-gpu: fix ioctl and expose the fixed status to userspace. r8152: fix tx packets accounting selftests/futex: Fix line continuation in Makefile qrtr: add MODULE_ALIAS macro to smd ARM: orion5x: Revert commit 4904dbda41c8. xen/pvcalls: fix null pointer dereference on map->sock ceph: fix dentry leak when failing to init debugfs libceph, ceph: avoid memory leak when specifying same option several times clocksource/drivers/fsl_ftm_timer: Fix error return checking nvme-pci: Fix nvme queue cleanup if IRQ setup fails batman-adv: Fix netlink dumping of BLA backbones batman-adv: Fix netlink dumping of BLA claims batman-adv: Ignore invalid batadv_v_gw during netlink send batman-adv: Ignore invalid batadv_iv_gw during netlink send netfilter: ebtables: convert BUG_ONs to WARN_ONs netfilter: ipt_CLUSTERIP: put config instead of freeing it netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount batman-adv: invalidate checksum on fragment reassembly batman-adv: fix packet checksum in receive path md/raid1: fix NULL pointer dereference md: fix a potential deadlock of raid5/raid10 reshape fs: dcache: Use READ_ONCE when accessing i_dir_seq fs: dcache: Avoid livelock between d_alloc_parallel and __d_add ARM: dts: imx6dl: Include correct dtsi file for Engicam i.CoreM6 DualLite/Solo RQS kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds KVM: nVMX: Don't halt vcpu when L1 is injecting events to L2 macvlan: fix use-after-free in macvlan_common_newlink() arm64: fix unwind_frame() for filtered out fn for function graph tracing mac80211: drop frames with unexpected DS bits from fast-rx to slow path x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system integrity/security: fix digsig.c build error with header file regulatory: add NUL to request alpha2 smsc75xx: fix smsc75xx_set_features() ARM: OMAP: Fix dmtimer init for omap1 nfs: system crashes after NFS4ERR_MOVED recovery arm64: dts: cavium: fix PCI bus dtc warnings PKCS#7: fix direct verification of SignerInfo signature selftests/bpf/test_maps: exit child process without error in ENOMEM case s390/cio: clear timer when terminating driver I/O s390/cio: fix return code after missing interrupt s390/cio: fix ccw_device_start_timeout API powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access soc: imx: gpc: de-register power domains only if initialized seccomp: add a selftest for get_metadata selftests/memfd: add run_fuse_test.sh to TEST_FILES bug.h: work around GCC PR82365 in BUG() kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE virtio_net: fix XDP code path in receive_small() md: raid5: avoid string overflow warning locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() net/mlx5e: Return error if prio is specified when offloading eswitch vlan push ibmvnic: Check for NULL skb's in NAPI poll routine RDMA/bnxt_re: Fix system crash during load/unload RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails arm64: perf: correct PMUVer probing drm/meson: fix vsync buffer update drm/exynos: fix comparison to bitshift when dealing with a mask drm/exynos: g2d: use monotonic timestamps md raid10: fix NULL deference in handle_write_completed() gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle mac80211: Fix sending ADDBA response for an ongoing session mac80211: Do not disconnect on invalid operating class cfg80211: clear wep keys after disconnection mac80211: fix calling sleeping function in atomic context mac80211: fix a possible leak of station stats mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos s390/dasd: fix handling of internal requests md: fix md_write_start() deadlock w/o metadata devices MD: Free bioset when md_run fails rxrpc: Work around usercopy check NFC: llcp: Limit size of SDP URI iwlwifi: mvm: always init rs with 20mhz bandwidth rates iwlwifi: mvm: fix IBSS for devices that support station type API iwlwifi: mvm: fix security bug in PN checking ARM: dts: rockchip: Fix DWMMC clocks arm64: dts: rockchip: Fix DWMMC clocks IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy IB/uverbs: Fix possible oops with duplicate ioctl attributes IB/uverbs: Fix method merging in uverbs_ioctl_merge xhci: workaround for AMD Promontory disabled ports wakeup tls: retrun the correct IV in getsockopt ibmvnic: Clean RX pool buffers during device close ibmvnic: Free RX socket buffer in case of adapter error ibmvnic: Wait until reset is complete to set carrier on ARM: OMAP1: clock: Fix debugfs_create_*() usage ARM: OMAP2+: Fix sar_base inititalization for HS omaps ARM: OMAP3: Fix prm wake interrupt for resume ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt selftests: memfd: add config fragment for fuse selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m selftest/vDSO: fix O= selftests: sync: missing CFLAGS while compiling libata: Fix compile warning with ATA_DEBUG enabled arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire arm64: dts: rockchip: fix rock64 gmac2io stability issues ptr_ring: prevent integer overflow when calculating size ARC: Fix malformed ARC_EMUL_UNALIGNED default mac80211: mesh: fix wrong mesh TTL offset calculation MIPS: generic: Fix machine compatible matching powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() powerpc/pseries: Restore default security feature flags on setup powerpc: Move default security feature flags powerpc/pseries: Fix clearing of security feature flags powerpc/64s: Wire up cpu_show_spectre_v2() powerpc/64s: Wire up cpu_show_spectre_v1() powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() powerpc/64s: Enhance the information in cpu_show_meltdown() powerpc/64s: Move cpu_show_meltdown() powerpc/powernv: Set or clear security feature flags powerpc/pseries: Set or clear security feature flags powerpc: Add security feature flags for Spectre/Meltdown powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration powerpc/rfi-flush: Differentiate enabled and patched flush types powerpc/rfi-flush: Always enable fallback flush on pseries powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code powerpc/powernv: Support firmware disable of RFI flush powerpc/pseries: Support firmware disable of RFI flush powerpc/64s: Improve RFI L1-D cache flush fallback x86/kvm: fix LAPIC timer drift when guest uses periodic mode kvm: x86: IA32_ARCH_CAPABILITIES is always supported KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed KVM: s390: vsie: fix < 8k check for the itdba KVM/VMX: Expose SSBD properly to guests kernel/sys.c: fix potential Spectre v1 issue kasan: fix memory hotplug during boot kasan: free allocated shadow memory on MEM_CANCEL_ONLINE mm/kasan: don't vfree() nonexistent vm_area ipc/shm: fix shmat() nil address after round-down when remapping Revert "ipc/shm: Fix shmat mmap nil-page protection" idr: fix invalid ptr dereference on item delete sr: pass down correctly sized SCSI sense buffer IB/umem: Use the correct mm during ib_umem_release IB/hfi1: Use after free race condition in send context error path powerpc/64s: Clear PCR on boot arm64: lse: Add early clobbers to some input/output asm operands drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent libata: blacklist Micron 500IT SSD with MU01 firmware libata: Blacklist some Sandisk SSDs for NCQ mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register mmc: sdhci-iproc: remove hard coded mmc cap 1.8v do d_instantiate/unlock_new_inode combinations safely ALSA: timer: Fix pause event notification aio: fix io_destroy(2) vs. lookup_ioctx() race fs: don't scan the inode cache before SB_BORN is set affs_lookup(): close a race with affs_remove_link() KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs MIPS: ptrace: Expose FIR register through FP regset MIPS: c-r4k: Fix data corruption related to cache coherence UPSTREAM: sched/fair: Consider RT/IRQ pressure in capacity_spare_wake BACKPORT, FROMLIST: fscrypt: add Speck128/256 support Change-Id: I64e5327b80b23c1ef79abed4b67bdb6a5684ec43 Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> |
||
Luis R. Rodriguez
|
e2d9442dfe |
lib/test_kmod.c: fix limit check on number of test devices created
[ Upstream commit ac68b1b3b9c73e652dc7ce0585672e23c5a2dca4 ] As reported by Dan the parentheses is in the wrong place, and since unlikely() call returns either 0 or 1 it's never less than zero. The second issue is that signed integer overflows like "INT_MAX + 1" are undefined behavior. Since num_test_devs represents the number of devices, we want to stop prior to hitting the max, and not rely on the wrap arround at all. So just cap at num_test_devs + 1, prior to assigning a new device. Link: http://lkml.kernel.org/r/20180224030046.24238-1-mcgrof@kernel.org Fixes: d9c6a72d6fa2 ("kmod: add test driver to stress test the module loader") Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Luis R. Rodriguez <mcgrof@kernel.org> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Matthew Wilcox
|
0472f94cef |
idr: fix invalid ptr dereference on item delete
commit 7a4deea1aa8bddfed4ef1b35fc2b6732563d8ad5 upstream. If the radix tree underlying the IDR happens to be full and we attempt to remove an id which is larger than any id in the IDR, we will call __radix_tree_delete() with an uninitialised 'slot' pointer, at which point anything could happen. This was easiest to hit with a single entry at id 0 and attempting to remove a non-0 id, but it could have happened with 64 entries and attempting to remove an id >= 64. Roman said: The syzcaller test boils down to opening /dev/kvm, creating an eventfd, and calling a couple of KVM ioctls. None of this requires superuser. And the result is dereferencing an uninitialized pointer which is likely a crash. The specific path caught by syzbot is via KVM_HYPERV_EVENTD ioctl which is new in 4.17. But I guess there are other user-triggerable paths, so cc:stable is probably justified. Matthew added: We have around 250 calls to idr_remove() in the kernel today. Many of them pass an ID which is embedded in the object they're removing, so they're safe. Picking a few likely candidates: drivers/firewire/core-cdev.c looks unsafe; the ID comes from an ioctl. drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c is similar drivers/atm/nicstar.c could be taken down by a handcrafted packet Link: http://lkml.kernel.org/r/20180518175025.GD6361@bombadil.infradead.org Fixes: 0a835c4f090a ("Reimplement IDR and IDA using the radix tree") Reported-by: <syzbot+35666cba7f0a337e2e79@syzkaller.appspotmail.com> Debugged-by: Roman Kagan <rkagan@virtuozzo.com> Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Blagovest Kolenichev
|
0e1a219e24 |
Merge android-4.14.43 (4c9e0a9) into msm-4.14
* refs/heads/tmp-4c9e0a9
Linux 4.14.43
x86/bugs: Rename SSBD_NO to SSB_NO
KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
x86/bugs: Rework spec_ctrl base and mask logic
x86/bugs: Remove x86_spec_ctrl_set()
x86/bugs: Expose x86_spec_ctrl_base directly
x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
x86/speculation: Rework speculative_store_bypass_update()
x86/speculation: Add virtualized speculative store bypass disable support
x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
x86/speculation: Handle HT correctly on AMD
x86/cpufeatures: Add FEATURE_ZEN
x86/cpufeatures: Disentangle SSBD enumeration
x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
KVM: SVM: Move spec control call after restore of GS
x86/cpu: Make alternative_msr_write work for 32-bit code
x86/bugs: Fix the parameters alignment and missing void
x86/bugs: Make cpu_show_common() static
x86/bugs: Fix __ssb_select_mitigation() return type
Documentation/spec_ctrl: Do some minor cleanups
proc: Use underscores for SSBD in 'status'
x86/bugs: Rename _RDS to _SSBD
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
seccomp: Move speculation migitation control to arch code
seccomp: Add filter flag to opt-out of SSB mitigation
seccomp: Use PR_SPEC_FORCE_DISABLE
prctl: Add force disable speculation
x86/bugs: Make boot modes __ro_after_init
seccomp: Enable speculation flaw mitigations
proc: Provide details on speculation flaw mitigations
nospec: Allow getting/setting on non-current task
x86/speculation: Add prctl for Speculative Store Bypass mitigation
x86/process: Allow runtime control of Speculative Store Bypass
prctl: Add speculation control prctls
x86/speculation: Create spec-ctrl.h to avoid include hell
x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
x86/bugs: Whitelist allowed SPEC_CTRL MSR values
x86/bugs/intel: Set proper CPU features and setup RDS
x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation
x86/cpufeatures: Add X86_FEATURE_RDS
x86/bugs: Expose /sys/../spec_store_bypass
x86/bugs, KVM: Support the combination of guest and host IBRS
x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
x86/bugs: Concentrate bug reporting into a separate function
x86/bugs: Concentrate bug detection into a separate function
x86/nospec: Simplify alternative_msr_write()
btrfs: fix reading stale metadata blocks after degraded raid1 mounts
btrfs: Fix delalloc inodes invalidation during transaction abort
btrfs: Split btrfs_del_delalloc_inode into 2 functions
btrfs: fix crash when trying to resume balance without the resume flag
btrfs: property: Set incompat flag if lzo/zstd compression is set
Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting
Btrfs: fix xattr loss after power failure
ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
tick/broadcast: Use for_each_cpu() specially on UP kernels
x86/mm: Drop TS_COMPAT on 64-bit exec() syscall
ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
x86/pkeys: Do not special case protection key 0
x86/pkeys: Override pkey when moving away from PROT_EXEC
s390: remove indirect branch from do_softirq_own_stack
s390/qdio: don't release memory in qdio_setup_irq()
s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
s390/qdio: fix access to uninitialized qdio_q fields
drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk
mm: don't allow deferred pages with NEED_PER_CPU_KM
radix tree: fix multi-order iteration race
lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly
drm: Match sysfs name in link removal to link creation
powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
i2c: designware: fix poll-after-enable regression
netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6}
netfilter: nf_tables: can't fail after linking rule into active rule list
netfilter: nf_tables: free set name in error path
tee: shm: fix use-after-free via temporarily dropped reference
tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
vfio: ccw: fix cleanup if cp_prefetch fails
powerpc: Don't preempt_disable() in show_cpuinfo()
KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock
KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls
spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL
spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master
spi: pxa2xx: Allow 64-bit DMA
ALSA: control: fix a redundant-copy issue
ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
ALSA: usb: mixer: volume quirk for CM102-A+/102S+
usbip: usbip_host: fix bad unlock balance during stub_probe()
usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
usbip: usbip_host: run rebind from exit when module is removed
usbip: usbip_host: delete device from busid_table after rebind
usbip: usbip_host: refine probe and disconnect debug msgs to be useful
Linux 4.14.42
proc: do not access cmdline nor environ from file-backed areas
l2tp: revert "l2tp: fix missing print session offset info"
xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
btrfs: Take trans lock before access running trans in check_delayed_ref
xfrm: Use __skb_queue_tail in xfrm_trans_queue
scsi: aacraid: Correct hba_send to include iu_type
udp: fix SO_BINDTODEVICE
nsh: fix infinite loop
net/mlx5e: Allow offloading ipv4 header re-write for icmp
ipv6: fix uninit-value in ip6_multipath_l3_keys()
hv_netvsc: set master device
net/mlx5: Avoid cleaning flow steering table twice during error flow
net/mlx5e: TX, Use correct counter in dma_map error flow
net: sched: fix error path in tcf_proto_create() when modules are not configured
bonding: send learning packets for vlans on slave
bonding: do not allow rlb updates to invalid mac
tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
tcp: ignore Fast Open on repair mode
tcp_bbr: fix to zero idle_restart only upon S/ACKed data
sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
sctp: fix the issue that the cookie-ack with auth can't get processed
sctp: delay the authentication for the duplicated cookie-echo chunk
rds: do not leak kernel memory to user land
r8169: fix powering up RTL8168h
qmi_wwan: do not steal interfaces from class drivers
openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
net/tls: Fix connection stall on partial tls record
net/tls: Don't recursively call push_record during tls_write_space callbacks
net: support compat 64-bit time in {s,g}etsockopt
net_sched: fq: take care of throttled flows before reuse
net sched actions: fix refcnt leak in skbmod
net/mlx5: E-Switch, Include VF RDMA stats in vport statistics
net/mlx5e: Err if asked to offload TC match on frag being first
net/mlx4_en: Verify coalescing parameters are in range
net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()'
net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode
net: ethernet: sun: niu set correct packet size in skb
llc: better deal with too small mtu
ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
ipv4: fix fnhe usage by non-cached routes
dccp: fix tasklet usage
bridge: check iface upper dev when setting master via ioctl
8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
ANDROID: sdcardfs: Don't d_drop in d_revalidate
FROMLIST: brcmfmac: fix initialization of struct cfg80211_inform_bss variable
FROMLIST: brcmfmac: reports boottime_ns while informing bss
Change-Id: I43c27b71b153a2a87070de3ea393002769856960
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
Ross Zwisler
|
572e2385ae |
radix tree: fix multi-order iteration race
commit 9f418224e8114156d995b98fa4e0f4fd21f685fe upstream.
Fix a race in the multi-order iteration code which causes the kernel to
hit a GP fault. This was first seen with a production v4.15 based
kernel (4.15.6-300.fc27.x86_64) utilizing a DAX workload which used
order 9 PMD DAX entries.
The race has to do with how we tear down multi-order sibling entries
when we are removing an item from the tree. Remember for example that
an order 2 entry looks like this:
struct radix_tree_node.slots[] = [entry][sibling][sibling][sibling]
where 'entry' is in some slot in the struct radix_tree_node, and the
three slots following 'entry' contain sibling pointers which point back
to 'entry.'
When we delete 'entry' from the tree, we call :
radix_tree_delete()
radix_tree_delete_item()
__radix_tree_delete()
replace_slot()
replace_slot() first removes the siblings in order from the first to the
last, then at then replaces 'entry' with NULL. This means that for a
brief period of time we end up with one or more of the siblings removed,
so:
struct radix_tree_node.slots[] = [entry][NULL][sibling][sibling]
This causes an issue if you have a reader iterating over the slots in
the tree via radix_tree_for_each_slot() while only under
rcu_read_lock()/rcu_read_unlock() protection. This is a common case in
mm/filemap.c.
The issue is that when __radix_tree_next_slot() => skip_siblings() tries
to skip over the sibling entries in the slots, it currently does so with
an exact match on the slot directly preceding our current slot.
Normally this works:
V preceding slot
struct radix_tree_node.slots[] = [entry][sibling][sibling][sibling]
^ current slot
This lets you find the first sibling, and you skip them all in order.
But in the case where one of the siblings is NULL, that slot is skipped
and then our sibling detection is interrupted:
V preceding slot
struct radix_tree_node.slots[] = [entry][NULL][sibling][sibling]
^ current slot
This means that the sibling pointers aren't recognized since they point
all the way back to 'entry', so we think that they are normal internal
radix tree pointers. This causes us to think we need to walk down to a
struct radix_tree_node starting at the address of 'entry'.
In a real running kernel this will crash the thread with a GP fault when
you try and dereference the slots in your broken node starting at
'entry'.
We fix this race by fixing the way that skip_siblings() detects sibling
nodes. Instead of testing against the preceding slot we instead look
for siblings via is_sibling_entry() which compares against the position
of the struct radix_tree_node.slots[] array. This ensures that sibling
entries are properly identified, even if they are no longer contiguous
with the 'entry' they point to.
Link: http://lkml.kernel.org/r/20180503192430.7582-6-ross.zwisler@linux.intel.com
Fixes: 148deab223b2 ("radix-tree: improve multiorder iterators")
Signed-off-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Reported-by: CR, Sapthagirish <sapthagirish.cr@intel.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Dave Chinner <david@fromorbit.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Matthew Wilcox
|
f6c0f020ee |
lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly
commit 1e3054b98c5415d5cb5f8824fc33b548ae5644c3 upstream. I had neglected to increment the error counter when the tests failed, which made the tests noisy when they fail, but not actually return an error code. Link: http://lkml.kernel.org/r/20180509114328.9887-1-mpe@ellerman.id.au Fixes: 3cc78125a081 ("lib/test_bitmap.c: add optimisation tests") Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Reported-by: Michael Ellerman <mpe@ellerman.id.au> Tested-by: Michael Ellerman <mpe@ellerman.id.au> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: Yury Norov <ynorov@caviumnetworks.com> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Cc: <stable@vger.kernel.org> [4.13+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Blagovest Kolenichev
|
f4d73128a3 |
Merge android-4.14.41 (04f740d) into msm-4.14
* refs/heads/tmp-04f740d Linux 4.14.41 KVM: x86: remove APIC Timer periodic/oneshot spikes KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* tracing/uprobe_event: Fix strncpy corner case sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] smb3: directory sync should not return an error nvme: add quirk to force medium priority for SQ creation thermal: exynos: Propagate error value from tmu_read() thermal: exynos: Reading temperature makes sense only when TMU is turned on Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome chipsets Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" cpufreq: schedutil: Avoid using invalid next_freq PCI / PM: Check device_may_wakeup() in pci_enable_wake() PCI / PM: Always check PME wakeup capability for runtime wakeup support atm: zatm: Fix potential Spectre v1 net: atm: Fix potential Spectre v1 drm/atomic: Clean private obj old_state/new_state in drm_atomic_state_default_clear() drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear() drm/nouveau: Fix deadlock in nv50_mstm_register_connector() drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log drm/vc4: Fix scaling of uni-planar formats can: hi311x: Work around TX complete interrupt erratum can: hi311x: Acquire SPI lock on ->do_get_berr_counter can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() ceph: fix rsize/wsize capping in ceph_direct_read_write() mm, oom: fix concurrent munlock and oom reaper unmap, v3 mm: sections are not offlined during memory hotremove z3fold: fix reclaim lock-ups tracing: Fix regex_match_front() to not over compare the test string dm integrity: use kvfree for kvmalloc'd memory libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs rfkill: gpio: fix memory leak in probe error path gpio: fix error path in lineevent_create gpio: fix aspeed_gpio unmask irq gpioib: do not free unrequested descriptors compat: fix 4-byte infoleak via uninitialized struct field arm64: Add work around for Arm Cortex-A55 Erratum 1024718 KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing KVM: PPC: Book3S HV: Fix guest time accounting with VIRT_CPU_ACCOUNTING_GEN KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry bdi: Fix oops in wb_workfn() bdi: wake up concurrent wb_shutdown() callers. tcp: fix TCP_REPAIR_QUEUE bound checking perf: Remove superfluous allocation error check memcg: fix per_node_info cleanup inetpeer: fix uninit-value in inet_getpeer soreuseport: initialise timewait reuseport field ipv4: fix uninit-value in ip_route_output_key_hash_rcu() dccp: initialize ireq->ir_mark net: fix uninit-value in __hw_addr_add_ex() net: initialize skb->peeked when cloning net: fix rtnh_ok() netlink: fix uninit-value in netlink_sendmsg crypto: af_alg - fix possible uninit-value in alg_bind() kcm: Call strp_stop before strp_done in kcm_attach netfilter: ebtables: don't attempt to allocate 0-sized compat array ipvs: fix rtnl_lock lockups caused by start_sync_thread ANDROID: goldfish: drop CONFIG_INPUT_KEYCHORD Linux 4.14.40 tracing: Fix bad use of igrab in trace_uprobe.c irqchip/qcom: Fix check for spurious interrupts platform/x86: asus-wireless: Fix NULL pointer dereference usb: musb: trace: fix NULL pointer dereference in musb_g_tx() usb: musb: host: fix potential NULL pointer dereference USB: serial: option: adding support for ublox R410M USB: serial: option: reimplement interface masking USB: Accept bulk endpoints with 1024-byte maxpacket usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue USB: serial: visor: handle potential invalid device configuration errseq: Always report a writeback error once test_firmware: fix setting old custom fw path back on exit, second try drm/bridge: vga-dac: Fix edid memory leak drm/vmwgfx: Fix a buffer object leak iw_cxgb4: Atomically flush per QP HW CQEs IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used IB/hfi1: Fix loss of BECN with AHG IB/hfi1: Fix handling of FECN marked multicast packet IB/mlx5: Use unlimited rate when static rate is not supported NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 RDMA/mlx5: Protect from shift operand overflow RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow RDMA/ucma: Allow resolving address w/o specifying source address RDMA/cxgb4: release hw resources on device removal xfs: prevent creating negative-sized file via INSERT_RANGE rtlwifi: cleanup 8723be ant_sel definition rtlwifi: btcoex: Add power_on_setting routine Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro Input: leds - fix out of bound access scsi: target: Fix fortify_panic kernel exception tracepoint: Do not warn on ENOMEM ALSA: aloop: Add missing cable lock to ctl API callbacks ALSA: aloop: Mark paused device as inactive ALSA: dice: fix kernel NULL pointer dereference due to invalid calculation for array index ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() ALSA: pcm: Check PCM state at xfern compat ioctl ALSA: hda - Fix incorrect usage of IS_REACHABLE() USB: serial: option: Add support for Quectel EP06 ACPI / button: make module loadable when booted in non-ACPI mode crypto: talitos - fix IPsec cipher in length percpu: include linux/sched.h for cond_resched() net: don't call update_pmtu unconditionally geneve: update skb dst pmtu on tx path UPSTREAM: f2fs: avoid fsync() failure caused by EAGAIN in writepage() UPSTREAM: f2fs: clear PageError on writepage - part 2 ANDROID: build.config: enforce trace_printk check FROMLIST: staging: Fix sparse warnings in vsoc driver. FROMLIST: staging: vsoc: Fix a i386-randconfig warning. FROMLIST: staging: vsoc: Create wc kernel mapping for region shm. Change-Id: I697004775203b8bb5cace4fdf7e6489cfd32b54b Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> |
||
|
Isaac J. Manjarres
|
7b6565dbcb |
lib: refcount: Cause kernel panic on refcount error detection
Currently, when using the refcount API functions, a warning is printed out once to let a user of the refcount API know that an error case has been detected. Then the refcount functions will silently return, without modifying the reference count, which could be mistaken for a successful modification. This can allow for improper use of the object associated with that refcount later. Trigger a kernel panic in case of refcount error detection to prevent misuse of objects associated with refcounts. Change-Id: Ifb6a331d08a7d6c285225bc9667d2f4054db3561 Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> |
||
Matthew Wilcox
|
0799a0ea96 |
errseq: Always report a writeback error once
commit b4678df184b314a2bd47d2329feca2c2534aa12b upstream. The errseq_t infrastructure assumes that errors which occurred before the file descriptor was opened are of no interest to the application. This turns out to be a regression for some applications, notably Postgres. Before errseq_t, a writeback error would be reported exactly once (as long as the inode remained in memory), so Postgres could open a file, call fsync() and find out whether there had been a writeback error on that file from another process. This patch changes the errseq infrastructure to report errors to all file descriptors which are opened after the error occurred, but before it was reported to any file descriptor. This restores the user-visible behaviour. Cc: stable@vger.kernel.org Fixes: 5660e13d2fd6 ("fs: new infrastructure for writeback error handling and reporting") Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com> Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
qctecmdr Service
|
8d86cfc2f3 | Merge "Merge remote-tracking branch 'remotes/origin/tmp-c50e5cb' into msm-4.14" | ||
|
Isaac J. Manjarres
|
8cfb73341f |
Merge remote-tracking branch 'remotes/origin/tmp-c50e5cb' into msm-4.14
* remotes/origin/tmp-c50e5cb:
Linux 4.14.39
powerpc/eeh: Fix race with driver un/bind
arm/arm64: KVM: Add PSCI version selection API
tick/sched: Do not mess with an enqueued hrtimer
x86/microcode: Do not exit early from __reload_late()
x86/microcode/intel: Save microcode patch unconditionally
x86/smpboot: Don't use mwait_play_dead() on AMD systems
x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
tools/lib/subcmd/pager.c: do not alias select() params
objtool, perf: Fix GCC 8 -Wrestrict error
drm/i915: Enable display WA#1183 from its correct spot
drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders
rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops
cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt
earlycon: Use a pointer table to fix __earlycon_table stride
fpga-manager: altera-ps-spi: preserve nCONFIG state
libceph: validate con->state at the top of try_write()
libceph: reschedule a tick in finish_hunting()
libceph: un-backoff on tick when we have a authenticated session
ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
crypto: drbg - set freed buffers to NULL
powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large address range
powerpc/mm: Flush cache on memory hot(un)plug
KVM: arm/arm64: Close VMID generation race
ARM: socfpga_defconfig: Remove QSPI Sector 4K size force
ARM: amba: Don't read past the end of sysfs "driver_override" buffer
ARM: amba: Fix race condition with driver_override
ARM: amba: Make driver_override output consistent with other buses
PCI: aardvark: Fix PCIe Max Read Request Size setting
PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode
PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf()
PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf()
ANDROID: binder: prevent transactions into own process.
vfio: ccw: process ssch with interrupts disabled
bfq-iosched: ensure to clear bic/bfqq pointers when preparing request
scsi: sd: Defer spinning up drive while SANITIZE is in progress
kobject: don't use WARN for registration failures
mtd: rawnand: tango: Fix struct clk memory leak
mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic
ALSA: hda/realtek - change the location for one of two front mics
ALSA: hda/realtek - Update ALC255 depop optimize
ALSA: hda/realtek - Add some fixes for ALC233
ALSA: hda: Hardening for potential Spectre v1
ALSA: seq: oss: Hardening for potential Spectre v1
ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
ALSA: pcm: Return negative delays from SNDRV_PCM_IOCTL_DELAY.
ALSA: control: Hardening for potential Spectre v1
ALSA: rme9652: Hardening for potential Spectre v1
ALSA: hdspm: Hardening for potential Spectre v1
ALSA: asihpi: Hardening for potential Spectre v1
ALSA: opl3: Hardening for potential Spectre v1
ALSA: hda - Skip jack and others for non-existing PCM streams
ALSA: dice: fix error path to destroy initialized stream data
ALSA: dice: fix OUI for TC group
tty: Use __GFP_NOFAIL for tty_ldisc_get()
tty: Avoid possible error pointer dereference at tty_ldisc_restore().
tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
tty: Don't call panic() at tty_ldisc_init()
drm/virtio: fix vq wait_event condition
virtio_console: reset on out of memory
virtio_console: move removal code
virtio_console: drop custom control queue cleanup
virtio_console: free buffers after reset
virtio_console: don't tie bufs to a vq
virtio: add ability to iterate over vqs
ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
USB: Increment wakeup count on remote wakeup.
usb: core: Add quirk for HP v222w 16GB Mini
usb: typec: ucsi: Increase command completion timeout value
USB: serial: cp210x: add ID for NI USB serial console
USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
USB: serial: simple: add libtransistor console
xhci: Fix USB ports for Dell Inspiron 5775
Revert "xhci: plat: Register shutdown for xhci_plat"
usbip: vhci_hcd: check rhport before using in vhci_hub_control()
usbip: vhci_hcd: Fix usb device and sockfd leaks
usbip: usbip_host: fix to hold parent lock for device_attach() calls
usbip: usbip_event: fix to not print kernel pointer address
random: rate limit unseeded randomness warnings
random: fix possible sleeping allocation from irq context
random: set up the NUMA crng instances after the CRNG is fully initialized
ext4: fix bitmap position validation
ext4: add validity checks for bitmap block numbers
ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs
ext4: set h_journal if there is a failure starting a reserved handle
ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
cfi: print target address on failure
Change-Id: I9a3d0c10b1a2d2c28872401cb656d490604352a7
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
Matt Wagantall
|
6499baf92d |
exit: Add PANIC_ON_RECURSIVE_FAULT Kconfig option
If a recursive fault is detected during do_exit(), tasks are left to sit and wait in an un-interruptible sleep until the system reboots (typically manually). Add Kconfig option to change this behaviour and force a panic. This is particularly important if a critical system task encounters a recursive fault (ex. a kworker). Otherwise, the system may be unusable, but since the scheduler is still running system watchdogs may continue to be pet. Change-Id: Ifc26fc79d6066f05a3b2c4d27f78bf4f8d2bd640 Signed-off-by: Matt Wagantall <mattw@codeaurora.org> |
||
Dmitry Vyukov
|
a5f4276787 |
kobject: don't use WARN for registration failures
commit 3e14c6abbfb5c94506edda9d8e2c145d79375798 upstream. This WARNING proved to be noisy. The function still returns an error and callers should handle it. That's how most of kernel code works. Downgrade the WARNING to pr_err() and leave WARNINGs for kernel bugs. Signed-off-by: Dmitry Vyukov <dvyukov@google.com> Reported-by: syzbot+209c0f67f99fec8eb14b@syzkaller.appspotmail.com Reported-by: syzbot+7fb6d9525a4528104e05@syzkaller.appspotmail.com Reported-by: syzbot+2e63711063e2d8f9ea27@syzkaller.appspotmail.com Reported-by: syzbot+de73361ee4971b6e6f75@syzkaller.appspotmail.com Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Isaac J. Manjarres
|
4f5d011e6d |
Merge remote-tracking branch 'remotes/origin/tmp-bb60f28' into msm-4.14
* remotes/origin/tmp-bb60f28:
Linux 4.14.37
mac80211_hwsim: fix use-after-free bug in hwsim_exit_net
Revert "KVM: X86: Fix SMRAM accessing even if VM is shutdown"
RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs
perf: Return proper values for user stack errors
perf: Fix sample_max_stack maximum check
netfilter: x_tables: limit allocation requests for blob rule heads
netfilter: compat: reject huge allocation requests
netfilter: compat: prepare xt_compat_init_offsets to return errors
netfilter: x_tables: add counters allocation wrapper
netfilter: x_tables: cap allocations at 512 mbyte
alarmtimer: Init nanosleep alarm timer on stack
RDMA/core: Reduce poll batch for direct cq polling
irqchip/gic-v3: Change pr_debug message to pr_devel
cpumask: Make for_each_cpu_wrap() available on UP as well
irqchip/gic-v3: Ignore disabled ITS nodes
perf test: Fix test trace+probe_libc_inet_pton.sh for s390x
powerpc/powernv: IMC fix out of bounds memory access at shutdown
locking/qspinlock: Ensure node->count is updated before initialising node
x86/platform/UV: Fix GAM Range Table entries less than 1GB
powerpc/mm/hash64: Zero PGD pages on allocation
vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page
PM / wakeirq: Fix unbalanced IRQ enable for wakeirq
ACPI / EC: Restore polling during noirq suspend/resume phases
bpf: fix rlimit in reuseport net selftest
net: stmmac: discard disabled flags in interrupt status register
SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context
KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code
tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
net: Extra '_get' in declaration of arch_get_platform_mac_address
svcrdma: Fix Read chunk round-up
rxrpc: Don't put crypto buffers on the stack
selftests/ftrace: Add some missing glob checks
cpufreq: intel_pstate: Enable HWP during system resume on CPU0
bcache: return attach error when no cache set exist
bcache: fix for data collapse after re-attaching an attached device
bcache: fix for allocator and register thread race
bcache: properly set task state in bch_writeback_thread()
cifs: silence compiler warnings showing up with gcc-8.0.0
PM / domains: Fix up domain-idle-states OF parsing
proc: fix /proc/*/map_files lookup
arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
RDS: IB: Fix null pointer issue
bpf: sockmap, fix leaking maps with attached but not detached progs
xen/grant-table: Use put_page instead of free_page
xen-netfront: Fix race between device setup and open
perf evsel: Fix period/freq terms setup
MIPS: Generic: Support GIC in EIC mode
perf record: Fix period option handling
MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs
ACPI / bus: Do not call _STA on battery devices with unmet dependencies
ACPI: processor_perflib: Do not send _PPC change notification if not ready
firmware: dmi_scan: Fix handling of empty DMI strings
x86/dumpstack: Avoid uninitlized variable
x86/power: Fix swsusp_arch_resume prototype
netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure
s390/eadm: fix CONFIG_BLOCK include dependency
drm/nouveau/pmu/fuc: don't use movw directly anymore
IB/core: Map iWarp AH type to undefined in rdma_ah_find_type
IB/ipoib: Fix for potential no-carrier state
IB/hfi1: Fix for potential refcount leak in hfi1_open_file()
IB/hfi1: Re-order IRQ cleanup to address driver cleanup race
blk-mq: fix discard merge with scheduler attached
openvswitch: Remove padding from packet before L3+ conntrack processing
mm/fadvise: discard partial page if endbyte is also EOF
mm: pin address_space before dereferencing it while isolating an LRU page
mm: thp: use down_read_trylock() in khugepaged to avoid long block
sparc64: update pmdp_invalidate() to return old pmd value
asm-generic: provide generic_pmdp_establish()
mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
mm/mempolicy: fix the check of nodemask from user
ocfs2: return error when we attempt to access a dirty bh in jbd2
ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
fs/dax.c: release PMD lock even when there is no PMD support in DAX
x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested
kvm: Map PFN-type memory regions as writable (if possible)
tcp_nv: fix potential integer overflow in tcpnv_acked
netfilter: x_tables: fix pointer leaks to userspace
x86/hyperv: Check for required priviliges in hyperv_init()
gianfar: prevent integer wrapping in the rx handler
ntb_transport: Fix bug with max_mw_size parameter
RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
powerpc/numa: Ensure nodes initialized for hotplug
powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
samples/bpf: Partially fixes the bpf.o build
i40e: fix reported mask for ntuple filters
i40e: program fragmented IPv4 filter input set
ixgbe: don't set RXDCTL.RLPML for 82599
jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
RDMA/uverbs: Use an unambiguous errno for method not supported
crypto: artpec6 - remove select on non-existing CRYPTO_SHA384
device property: Define type of PROPERTY_ENRTY_*() macros
tty: serial: exar: Relocate sleep wake-up handling
x86/hyperv: Stop suppressing X86_FEATURE_PCID
fm10k: fix "failed to kill vid" message for VF
igb: Clear TXSTMP when ptp_tx_work() is timeout
igb: Allow to remove administratively set MAC on VFs
ASoC: rockchip: Use dummy_dai for rt5514 dsp dailink
blk-mq-debugfs: don't allow write on attributes with seq_operations set
KVM: s390: vsie: use READ_ONCE to access some SCB fields
platform/x86: thinkpad_acpi: suppress warning about palm detection
i40evf: ignore link up if not running
i40evf: Don't schedule reset_task when device is being removed
bpf: test_maps: cleanup sockmaps when test ends
block: Set BIO_TRACE_COMPLETION on new bio during split
nfp: fix error return code in nfp_pci_probe()
HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
Input: stmfts - set IRQ_NOAUTOEN to the irq flag
scsi: fas216: fix sense buffer initialization
scsi: devinfo: fix format of the device list
f2fs: avoid hungtask when GC encrypted block if io_bits is set
RDMA/cma: Check existence of netdevice during port validation
Btrfs: raid56: fix race between merge_bio and rbio_orig_end_io
Btrfs: fix unexpected EEXIST from btrfs_get_extent
btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP
Btrfs: fix scrub to repair raid6 corruption
btrfs: Fix out of bounds access in btrfs_search_slot
Btrfs: set plug for fsync
ipmi/powernv: Fix error return code in ipmi_powernv_probe()
mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
kconfig: Fix expr_free() E_NOT leak
kconfig: Fix automatic menu creation mem leak
kconfig: Don't leak main menus during parsing
watchdog: sp5100_tco: Fix watchdog disable bit
PCI: Add dummy pci_irqd_intx_xlate() for CONFIG_PCI=n build
MIPS: Fix clean of vmlinuz.{32,ecoff,bin,srec}
nfs: Do not convert nfs_idmap_cache_timeout to jiffies
IB/cq: Don't force IB_POLL_DIRECT poll context for ib_process_cq_direct
spi: a3700: Clear DATA_OUT when performing a read
net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
ubifs: Fix uninitialized variable in search_dh_cookie()
blk-mq: turn WARN_ON in __blk_mq_run_hw_queue into printk
dm mpath: return DM_MAPIO_REQUEUE on blk-mq rq allocation failure
dm thin: fix documentation relative to low water mark threshold
iommu/vt-d: Use domain instead of cache fetching
powerpc: System reset avoid interleaving oops using die synchronisation
iommu/exynos: Don't unconditionally steal bus ops
perf record: Fix failed memory allocation for get_cpuid_str
tools lib traceevent: Fix get_field_str() for dynamic strings
perf callchain: Fix attr.sample_max_stack setting
tools lib traceevent: Simplify pointer print logic and fix %pF
perf unwind: Do not look just at the global callchain_param.record_mode
scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout()
i40iw: Zero-out consumer key on allocate stag for FMR
i40iw: Free IEQ resources
Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes
libbpf: Makefile set specified permission mode
Input: psmouse - fix Synaptics detection when protocol is disabled
PCI: Add function 1 DMA alias quirk for Marvell 9128
selftest: ftrace: Fix to pick text symbols for kprobes
xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
platform/x86: dell-laptop: Filter out spurious keyboard backlight change events
KVM: s390: use created_vcpus in more places
tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460
KVM: PPC: Book3S HV: Enable migration of decrementer register
RDMA/core: Clarify rdma_ah_find_type
kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
ALSA: hda - Use IS_REACHABLE() for dependency on input
ACPI / LPSS: Do not instiate platform_dev for devs without MMIO resources
NFSv4: always set NFS_LOCK_LOST when a lock is lost.
x86/tsc: Allow TSC calibration without PIT
firewire-ohci: work around oversized DMA reads on JMicron controllers
usb: musb: Fix external abort in musb_remove on omap2430
usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
usb: musb: fix enumeration after resume
drm/i915/bxt, glk: Increase PCODE timeouts during CDCLK freq changing
drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state
drm/i915: Do no use kfree() to free a kmem_cache_alloc() return value
drm/i915/audio: Fix audio detection issue on GLK
drm/i915/gvt: throw error on unhandled vfio ioctls
drm/vc4: Fix memory leak during BO teardown
x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
clocksource/imx-tpm: Correct -ETIME return condition check
x86/acpi: Prevent X2APIC id 0xffffffff from being accounted
btrfs: fix unaligned access in readdir
cifs: do not allow creating sockets except with SMB1 posix exensions
UPSTREAM: module: Do not paper over type mismatches in module_param_call()
UPSTREAM: treewide: Fix function prototypes for module_param_call()
UPSTREAM: module: Prepare to convert all module_param_call() prototypes
UPSTREAM: kbuild: add clang-version.sh
UPSTREAM: console: Expand dummy functions for CFI
UPSTREAM: console: SisUSB2VGA: Drop dummy con_font_get()
ANDROID: sdcardfs: Set s_root to NULL after putting
ANDROID: sdcardfs: d_make_root calls iput
ANDROID: sdcardfs: Check for private data earlier
ANDROID: sched: Remove duplicate const specifier
Conflicts:
kernel/sched/sched.h
Change in module_param_call() definition requires alignment in:
drivers/hwtracing/coresight/coresight-event.c
drivers/power/reset/msm-poweroff.c
Change-Id: I0114d2226301af0b1775b37d79db5529653b135d
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
Yonghong Song
|
3e01c16d87 |
bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
[ Upstream commit 09584b406742413ac4c8d7e030374d4daa045b69 ] With CONFIG_BPF_JIT_ALWAYS_ON is defined in the config file, tools/testing/selftests/bpf/test_kmod.sh failed like below: [root@localhost bpf]# ./test_kmod.sh sysctl: setting key "net.core.bpf_jit_enable": Invalid argument [ JIT enabled:0 hardened:0 ] [ 132.175681] test_bpf: #297 BPF_MAXINSNS: Jump, gap, jump, ... FAIL to prog_create err=-524 len=4096 [ 132.458834] test_bpf: Summary: 348 PASSED, 1 FAILED, [340/340 JIT'ed] [ JIT enabled:1 hardened:0 ] [ 133.456025] test_bpf: #297 BPF_MAXINSNS: Jump, gap, jump, ... FAIL to prog_create err=-524 len=4096 [ 133.730935] test_bpf: Summary: 348 PASSED, 1 FAILED, [340/340 JIT'ed] [ JIT enabled:1 hardened:1 ] [ 134.769730] test_bpf: #297 BPF_MAXINSNS: Jump, gap, jump, ... FAIL to prog_create err=-524 len=4096 [ 135.050864] test_bpf: Summary: 348 PASSED, 1 FAILED, [340/340 JIT'ed] [ JIT enabled:1 hardened:2 ] [ 136.442882] test_bpf: #297 BPF_MAXINSNS: Jump, gap, jump, ... FAIL to prog_create err=-524 len=4096 [ 136.821810] test_bpf: Summary: 348 PASSED, 1 FAILED, [340/340 JIT'ed] [root@localhost bpf]# The test_kmod.sh load/remove test_bpf.ko multiple times with different settings for sysctl net.core.bpf_jit_{enable,harden}. The failed test #297 of test_bpf.ko is designed such that JIT always fails. Commit 290af86629b2 (bpf: introduce BPF_JIT_ALWAYS_ON config) introduced the following tightening logic: ... if (!bpf_prog_is_dev_bound(fp->aux)) { fp = bpf_int_jit_compile(fp); #ifdef CONFIG_BPF_JIT_ALWAYS_ON if (!fp->jited) { *err = -ENOTSUPP; return fp; } #endif ... With this logic, Test #297 always gets return value -ENOTSUPP when CONFIG_BPF_JIT_ALWAYS_ON is defined, causing the test failure. This patch fixed the failure by marking Test #297 as expected failure when CONFIG_BPF_JIT_ALWAYS_ON is defined. Fixes: 290af86629b2 (bpf: introduce BPF_JIT_ALWAYS_ON config) Signed-off-by: Yonghong Song <yhs@fb.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Blagovest Kolenichev
|
bce6a97741 |
Merge android-4.14.35 (07e1389) into msm-4.14
* refs/heads/tmp-07e1389 Linux 4.14.35 nfsd: fix incorrect umasks hugetlbfs: fix bug in pgoff overflow checking xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling ovl: fix lookup with middle layer opaque dir and absolute path redirects blk-mq: don't keep offline CPUs mapped to hctx 0 lib: fix stall in __bitmap_parselist() f2fs: fix heap mode to reset it back sunrpc: remove incorrect HMAC request initialization ath9k: Protect queue draining by rcu_read_lock() hwmon: (ina2xx) Fix access to uninitialized mutex x86/mce/AMD: Get address from already initialized block x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type x86/mce/AMD: Pass the bank number to smca_get_bank_type() x86/MCE: Report only DRAM ECC as memory errors on AMD systems rtl8187: Fix NULL pointer dereference in priv->conf_mutex Bluetooth: hci_bcm: Treat Interrupt ACPI resources as always being active-low Bluetooth: Fix connection if directed advertising and privacy is used getname_kernel() needs to make sure that ->name != ->iname in long case get_user_pages_fast(): return -EFAULT on access_ok failure s390/ipl: ensure loadparm valid flag is set s390/qdio: don't merge ERROR output buffers s390/qdio: don't retry EQBS after CCQ 96 nfit: fix region registration vs block-data-window ranges block/loop: fix deadlock after loop_set_status apparmor: fix resource audit messages when auditing peer apparmor: fix display of .ns_name for containers apparmor: fix logging of the existence test for signals scsi: qla2xxx: Fix small memory leak in qla2x00_probe_one on probe failure x86/MCE/AMD: Define a function to get SMCA bank type radeon: hide pointless #warning when compile testing perf/core: Fix use-after-free in uprobe_perf_close() perf intel-pt: Fix timestamp following overflow perf intel-pt: Fix error recovery from missing TIP packet perf intel-pt: Fix sync_switch perf intel-pt: Fix overlap detection to identify consecutive buffers correctly KVM: PPC: Book3S HV: trace_tlbie must not be called in realmode PCI: hv: Serialize the present and eject work items Drivers: hv: vmbus: do not mark HV_PCIE as perf_device parisc: Fix HPMC handler by increasing size to multiple of 16 bytes parisc: Fix out of array access in match_pci_device() media: v4l: vsp1: Fix header display list status check in continuous mode media: v4l2-compat-ioctl32: don't oops on overlay lan78xx: Correctly indicate invalid OTP vhost: Fix vhost_copy_to_user() vhost: fix vhost_vq_access_ok() log check slip: Check if rstate is initialized before uncompressing rds: MP-RDS may use an invalid c_path cdc_ether: flag the Cinterion AHS8 modem by gemalto as WWAN netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit() ANDROID: Add build server config for cuttlefish. ANDROID: Add defconfig for cuttlefish. FROMLIST: staging: Android: Add 'vsoc' driver for cuttlefish. ANDROID: cpufreq: Add time_in_state to /proc/uid directories ANDROID: proc: Add /proc/uid directory ANDROID: cpufreq: times: track per-uid time in state ANDROID: cpufreq: track per-task time in state f2fs/fscrypt: updates to v4.17-rc1 Change-Id: I0fdc9762e63ff9a9abb25e6adea0c723e517a2a6 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> |
||
Yury Norov
|
a333a284ff |
lib: fix stall in __bitmap_parselist()
commit 8351760ff5b2042039554b4948ddabaac644a976 upstream. syzbot is catching stalls at __bitmap_parselist() (https://syzkaller.appspot.com/bug?id=ad7e0351fbc90535558514a71cd3edc11681997a). The trigger is unsigned long v = 0; bitmap_parselist("7:,", &v, BITS_PER_LONG); which results in hitting infinite loop at while (a <= b) { off = min(b - a + 1, used_size); bitmap_set(maskp, a, off); a += group_size; } due to used_size == group_size == 0. Link: http://lkml.kernel.org/r/20180404162647.15763-1-ynorov@caviumnetworks.com Fixes: 0a5ce0831d04382a ("lib/bitmap.c: make bitmap_parselist() thread-safe and much faster") Signed-off-by: Yury Norov <ynorov@caviumnetworks.com> Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+6887cbb011c8054e8a3d@syzkaller.appspotmail.com> Cc: Noam Camus <noamca@mellanox.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Matthew Wilcox <mawilcox@microsoft.com> Cc: Mauro Carvalho Chehab <mchehab@kernel.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Isaac J. Manjarres
|
7ed7e2acf0 |
Merge remote-tracking branch 'remotes/origin/tmp-51e322a' into msm-4.14
* remotes/origin/tmp-51e322a: Linux 4.14.32 s390/qeth: on channel error, reject further cmd requests s390/qeth: lock read device while queueing next buffer s390/qeth: when thread completes, wake up all waiters s390/qeth: free netdevice when removing a card dpaa_eth: remove duplicate increment of the tx_errors counter dpaa_eth: increment the RX dropped counter when needed dpaa_eth: remove duplicate initialization dpaa_eth: fix error in dpaa_remove() soc/fsl/qbman: fix issue in qman_delete_cgr_safe() team: Fix double free in error path skbuff: Fix not waking applications when errors are enqueued qede: Fix qedr link update net: systemport: Rewrite __bcm_sysport_tx_reclaim() net: Only honor ifindex in IP_PKTINFO if non-0 netlink: avoid a double skb free in genlmsg_mcast() net/iucv: Free memory obtained by kzalloc net: fec: Fix unbalanced PM runtime calls net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred l2tp: do not accept arbitrary sockets ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() dccp: check sk for closed state in dccp_sendmsg() net: Fix hlist corruptions in inet_evict_bucket() net: use skb_to_full_sk() in skb_update_prio() ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() sch_netem: fix skb leak in netem_enqueue() kcm: lock lower socket in kcm_attach rhashtable: Fix rhlist duplicates insertion ppp: avoid loop in xmit recursion detection code net sched actions: return explicit error when tunnel_key mode is not specified net: phy: Tell caller result of phy_change() mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state ipv6: sr: fix NULL pointer dereference when setting encap source address ipv6: old_dport should be a __be16 in __ip6_datagram_connect() net: ipv6: keep sk status consistent after datagram connect failure macvlan: filter out unsupported feature flags devlink: Remove redundant free on error path net: phy: relax error checking when creating sysfs link netdev->phydev sysfs: symlink: export sysfs_create_link_nowarn() qed: Fix non TCP packets should be dropped on iWARP ll2 connection tcp: purge write queue upon aborting the connection tcp: reset sk_send_head in tcp_write_queue_purge Change-Id: Ief39b9585daef847f0456cfe8fa70ba0178ea127 Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> |
||
|
Isaac J. Manjarres
|
976852dffe |
Merge remote-tracking branch 'remotes/origin/tmp-331d833' into msm-4.14
* remotes/origin/tmp-331d833:
Linux 4.14.31
bpf, x64: increase number of passes
bpf: skip unnecessary capability check
kbuild: disable clang's default use of -fmerge-all-constants
x86/pkeys/selftests: Rename 'si_pkey' to 'siginfo_pkey'
usb: xhci: Fix potential memory leak in xhci_disable_slot()
usb: xhci: Disable slot even when virt-dev is null
staging: lustre: ptlrpc: kfree used instead of kvfree
staging: android: ion: Zero CMA allocated memory
iio: imu: st_lsm6dsx: fix endianness in st_lsm6dsx_read_oneshot()
iio: ABI: Fix name of timestamp sysfs file
perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers
perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period()
perf/core: Fix ctx_event_type in ctx_resched()
perf stat: Fix CVS output format for non-supported counters
perf/x86/intel/uncore: Fix Skylake UPI event format
drm/syncobj: Stop reusing the same struct file for all syncobj -> fd
x86/boot/64: Verify alignment of the LOAD segment
x86/build/64: Force the linker to use 2MB page size
kvm/x86: fix icebp instruction handling
posix-timers: Protect posix clock array access against speculation
x86/efi: Free efi_pgd with free_pages()
x86/vsyscall/64: Use proper accessor to update P4D entry
selftests/x86/ptrace_syscall: Fix for yet more glibc interference
x86/entry/64: Don't use IST entry for #BP stack
tty: vt: fix up tabstops properly
can: cc770: Fix use after free in cc770_tx_interrupt()
can: cc770: Fix queue stall & dropped RTR reply
can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack
can: ifi: Check core revision upon probe
can: ifi: Repair the error handling
can: peak/pcie_fd: remove useless code when interface starts
can: peak/pcie_fd: fix echo_skb is occupied! bug
staging: ncpfs: memory corruption in ncp_read_kernel()
mtd: nand: fsl_ifc: Read ECCSTAT0 and ECCSTAT1 registers for IFC 2.0
mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0
mtd: nand: fsl_ifc: Fix nand waitfunc return value
mtdchar: fix usage of mtd_ooblayout_ecc()
tracing: probeevent: Fix to support minus offset from symbol
rtlwifi: rtl8723be: Fix loss of signal
brcmfmac: fix P2P_DEVICE ethernet address generation
libnvdimm, {btt, blk}: do integrity setup before add_disk()
ACPI / watchdog: Fix off-by-one error at resource assignment
acpi, numa: fix pxm to online numa node associations
mm/vmscan: wake up flushers for legacy cgroups too
drm: udl: Properly check framebuffer mmap offsets
drm: Reject getfb for multi-plane framebuffers
drm/radeon: Don't turn off DP sink when disconnected
drm/vmwgfx: Fix a destoy-while-held mutex problem.
drm/vmwgfx: Fix black screen and device errors when running without fbdev
Revert "mm: page_alloc: skip over regions of invalid pfns where possible"
mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink()
mm/thp: do not wait for lock_page() in deferred_split_scan()
mm/khugepaged.c: convert VM_BUG_ON() to collapse fail
x86/mm: implement free pmd/pte page interfaces
mm/vmalloc: add interfaces to free unmapped page table
h8300: remove extraneous __BIG_ENDIAN definition
hugetlbfs: check for pgoff value overflow
nfsd: remove blocked locks on client teardown
cgroup: fix rule checking for threaded mode switching
libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version
libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions
libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs
libata: Enable queued TRIM for Samsung SSD 860
libata: disable LPM for Crucial BX100 SSD 500GB drive
libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs
libata: don't try to pass through NCQ commands to non-NCQ devices
libata: remove WARN() for DMA or PIO command without data
libata: fix length validation of ATAPI-relayed SCSI commands
Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174
Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table
Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table
pinctrl: samsung: Validate alias coming from DT
Drivers: hv: vmbus: Fix ring buffer signaling
RDMA/mlx5: Fix crash while accessing garbage pointer and freed memory
clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops
clk: bcm2835: Protect sections updating shared registers
clk: bcm2835: Fix ana->maskX definitions
lockdep: fix fs_reclaim warning
ahci: Add PCI-id for the Highpoint Rocketraid 644L card
PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L
mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs
mmc: dw_mmc: exynos: fix the suspend/resume issue for exynos5433
mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems
mmc: block: fix updating ext_csd caches on ioctl call
mmc: core: Disable HPI for certain Micron (Numonyx) eMMC cards
mmc: core: Fix tracepoint print of blk_addr and blksz
ALSA: hda/realtek - Always immediately update mute LED with pin VREF
ALSA: hda/realtek - Fix Dell headset Mic can't record
ALSA: hda/realtek - Fix speaker no sound after system resume
ALSA: hda - Force polling mode on CFL for fixing codec communication
ALSA: aloop: Fix access to not-yet-ready substream via cable
ALSA: aloop: Sync stale timer before release
ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit
iio: adc: meson-saradc: unlock on error in meson_sar_adc_lock()
iio: st_pressure: st_accel: pass correct platform data to init
iio: chemical: ccs811: Corrected firmware boot/application mode transition
MIPS: lantiq: ase: Enable MFD_SYSCON
MIPS: lantiq: Enable AHB Bus for USB
MIPS: lantiq: Fix Danube USB clock
MIPS: ralink: Fix booting on MT7621
MIPS: ralink: Remove ralink_halt()
ANDROID: arm64: Image.gz-dtb build target depends on Image.gz
Conflicts:
drivers/staging/android/ion/ion_cma_heap.c
Change-Id: I1ed32b5d3bcf4db15991859bdd89fed0d70fdb86
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
Paul Blakey
|
07cf9d303c |
rhashtable: Fix rhlist duplicates insertion
[ Upstream commit d3dcf8eb615537526bd42ff27a081d46d337816e ]
When inserting duplicate objects (those with the same key),
current rhlist implementation messes up the chain pointers by
updating the bucket pointer instead of prev next pointer to the
newly inserted node. This causes missing elements on removal and
travesal.
Fix that by properly updating pprev pointer to point to
the correct rhash_head next pointer.
Issue: 1241076
Change-Id: I86b2c140bcb4aeb10b70a72a267ff590bb2b17e7
Fixes: ca26893f05e8 ('rhashtable: Add rhlist interface')
Signed-off-by: Paul Blakey <paulb@mellanox.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Toshi Kani
|
acdb498164 |
mm/vmalloc: add interfaces to free unmapped page table
commit b6bdb7517c3d3f41f20e5c2948d6bc3f8897394e upstream.
On architectures with CONFIG_HAVE_ARCH_HUGE_VMAP set, ioremap() may
create pud/pmd mappings. A kernel panic was observed on arm64 systems
with Cortex-A75 in the following steps as described by Hanjun Guo.
1. ioremap a 4K size, valid page table will build,
2. iounmap it, pte0 will set to 0;
3. ioremap the same address with 2M size, pgd/pmd is unchanged,
then set the a new value for pmd;
4. pte0 is leaked;
5. CPU may meet exception because the old pmd is still in TLB,
which will lead to kernel panic.
This panic is not reproducible on x86. INVLPG, called from iounmap,
purges all levels of entries associated with purged address on x86. x86
still has memory leak.
The patch changes the ioremap path to free unmapped page table(s) since
doing so in the unmap path has the following issues:
- The iounmap() path is shared with vunmap(). Since vmap() only
supports pte mappings, making vunmap() to free a pte page is an
overhead for regular vmap users as they do not need a pte page freed
up.
- Checking if all entries in a pte page are cleared in the unmap path
is racy, and serializing this check is expensive.
- The unmap path calls free_vmap_area_noflush() to do lazy TLB purges.
Clearing a pud/pmd entry before the lazy TLB purges needs extra TLB
purge.
Add two interfaces, pud_free_pmd_page() and pmd_free_pte_page(), which
clear a given pud/pmd entry and free up a page for the lower level
entries.
This patch implements their stub functions on x86 and arm64, which work
as workaround.
[akpm@linux-foundation.org: fix typo in pmd_free_pte_page() stub]
Link: http://lkml.kernel.org/r/20180314180155.19492-2-toshi.kani@hpe.com
Fixes: e61ce6ade404e ("mm: change ioremap to set up huge I/O mappings")
Reported-by: Lei Li <lious.lilei@hisilicon.com>
Signed-off-by: Toshi Kani <toshi.kani@hpe.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Wang Xuefeng <wxf.wang@hisilicon.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Hanjun Guo <guohanjun@huawei.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Chintan Pandya <cpandya@codeaurora.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Blagovest Kolenichev
|
24b2e60f51 |
Merge android-4.14.29 (45c8dbe) into msm-4.14
* refs/heads/tmp-45c8dbe
Linux 4.14.29
usb: dwc3: Fix GDBGFIFOSPACE_TYPE values
USB: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe()
scsi: qla2xxx: Fix crashes in qla2x00_probe_one on probe failure
scsi: qla2xxx: Fix logo flag for qlt_free_session_done()
scsi: qla2xxx: Fix NULL pointer access for fcport structure
scsi: qla2xxx: Fix smatch warning in qla25xx_delete_{rsp|req}_que
btrfs: Fix memory barriers usage with device stats counters
btrfs: remove spurious WARN_ON(ref->count < 0) in find_parent_nodes
btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device
btrfs: alloc_chunk: fix DUP stripe size handling
btrfs: add missing initialization in btrfs_check_shared
btrfs: Fix NULL pointer exception in find_bio_stripe
irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis
RDMAVT: Fix synchronization around percpu_ref
fs/aio: Use RCU accessors for kioctx_table->table[]
fs/aio: Add explicit RCU grace period when freeing kioctx
lock_parent() needs to recheck if dentry got __dentry_kill'ed under it
KVM: arm/arm64: vgic: Don't populate multiple LRs with the same vintid
kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3
KVM: arm/arm64: Reduce verbosity of KVM init log
fs: Teach path_connected to handle nfs filesystems with multiple roots.
drm/amdgpu/dce: Don't turn off DP sink when disconnected
drm/radeon: fix prime teardown order
drm/amdgpu: fix prime teardown order
drm/nouveau/bl: Fix oops on driver unbind
ALSA: seq: Clear client entry before deleting else at closing
ALSA: seq: Fix possible UAF in snd_seq_check_queue()
ALSA: hda - Revert power_save option default value
ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
parisc: Handle case where flush_cache_range is called with no context
x86/mm: Fix vmalloc_fault to use pXd_large
KVM: x86: Fix device passthrough when SME is active
x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist
x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32-bit kernels
x86/vm86/32: Fix POPF emulation
selftests/x86/entry_from_vm86: Add test cases for POPF
selftests/x86: Add tests for the STR and SLDT instructions
selftests/x86: Add tests for User-Mode Instruction Prevention
selftests/x86/entry_from_vm86: Exit with 1 if we fail
x86/cpufeatures: Add Intel PCONFIG cpufeature
x86/cpufeatures: Add Intel Total Memory Encryption cpufeature
ANDROID: arm-smccc: fix clang build
staging: android: ashmem: Fix possible deadlock in ashmem_ioctl
Linux 4.14.28
drm/i915/glk: Disable Guc and HuC on GLK
dmaengine: qcom_hidma: check pending interrupts
IB/mlx5: revisit -Wmaybe-uninitialized warning
ima: relax requiring a file signature for new files with zero length
locking/locktorture: Fix num reader/writer corner cases
rcutorture/configinit: Fix build directory error message
ipvlan: add L2 check for packets arriving via virtual devices
Fix misannotated out-of-line _copy_to_user()
mmc: mmc_test: Ensure command queue is disabled for testing
ASoC: nuc900: Fix a loop timeout test
crypto: caam/qi - use correct print specifier for size_t
mac80211: remove BUG() when interface type is invalid
mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED
agp/intel: Flush all chipset writes after updating the GGTT
arm64: dts: renesas: salvator-common: Add EthernetAVB PHY reset
powerpc/64: Don't trace irqs-off at interrupt return to soft-disabled context
powerpc/modules: Don't try to restore r2 after a sibling call
drm/amdkfd: Fix memory leaks in kfd topology
veth: set peer GSO values
net: sched: drop qdisc_reset from dev_graft_qdisc
virtio_net: Disable interrupts if napi_complete_done rescheduled napi
media: davinci: vpif_capture: add NULL check on devm_kzalloc return value
media: cpia2: Fix a couple off by one bugs
dm raid: fix raid set size revalidation
media: vsp1: Prevent suspending and resuming DRM pipelines
scsi: dh: add new rdac devices
scsi: devinfo: apply to HP XP the same flags as Hitachi VSP
scsi: core: scsi_get_device_flags_keyed(): Always return device flags
bnxt_en: Don't print "Link speed -1 no longer supported" messages.
spi: sun6i: disable/unprepare clocks on remove
tools/usbip: fixes build with musl libc toolchain
ath10k: fix invalid STS_CAP_OFFSET_MASK
mwifiex: cfg80211: do not change virtual interface during scan processing
clk: qcom: msm8916: fix mnd_width for codec_digcodec
drm/amdgpu:fix virtual dce bug
iwlwifi: mvm: avoid dumping assert log when device is stopped
perf annotate: Fix objdump comment parsing for Intel mov dissassembly
perf annotate: Fix unnecessary memory allocation for s390x
pinctrl: sh-pfc: r8a7795-es1: Fix MOD_SEL1 bit[25:24] to 0x3 when using STP_ISEN_1_D
pinctrl: sh-pfc: r8a7791: Add can_clk function
drm/sun4i: Fix format mask in DE2 driver
pwm: stmpe: Fix wrong register offset for hwpwm=2 case
scsi: ses: don't ask for diagnostic pages repeatedly during probe
drm/amdgpu:fix random missing of FLR NOTIFY
cpufreq: Fix governor module removal race
ath10k: update tdls teardown state to target
iio: health: max30102: Add power enable parameter to get_temp function
iio: adc: ina2xx: Shift bus voltage register to mask flag bits
drm/etnaviv: make THERMAL selectable
power: supply: ab8500_charger: Bail out in case of error in 'ab8500_charger_init_hw_registers()'
power: supply: ab8500_charger: Fix an error handling path
leds: pm8058: Silence pointer to integer size warning
xfrm: Fix xfrm_replay_overflow_offload_esn
userns: Don't fail follow_automount based on s_user_ns
mtd: nand: ifc: update bufnum mask for ver >= 2.0.0
ARM: dts: omap3-n900: Fix the audio CODEC's reset pin
ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin
net: thunderx: Set max queue count taking XDP_TX into account
mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]()
net: xfrm: allow clearing socket xfrm policies.
rtc: brcmstb-waketimer: fix error handling in brcmstb_waketmr_probe()
net: ieee802154: adf7242: Fix bug if defined DEBUG
test_firmware: fix setting old custom fw path back on exit
crypto: cavium - fix memory leak on info
crypto: ecc - Fix NULL pointer deref. on no default_rng
sched: Stop resched_cpu() from sending IPIs to offline CPUs
sched: Stop switched_to_rt() from sending IPIs to offline CPUs
USB: ledtrig-usbport: fix of-node leak
typec: tcpm: fusb302: Resolve out of order messaging events
staging: rtl8822be: fix missing null check on dev_alloc_skb return
drm/amdgpu: fix get_max_engine_clock_in_mhz
ARM: dts: exynos: Correct Trats2 panel reset line
clk: meson: gxbb: fix wrong clock for SARADC/SANA
ARM: dts: koelsch: Move cec_clock to root node
iwlwifi: mvm: rs: don't override the rate history in the search cycle
HID: elo: clear BTN_LEFT mapping
HID: multitouch: Only look at non touch fields in first packet of a frame
video/hdmi: Allow "empty" HDMI infoframes
dma-buf/fence: Fix lock inversion within dma-fence-array
drm/edid: set ELD connector type in drm_edid_to_eld()
Revert "btrfs: use proper endianness accessors for super_copy"
dm mpath: fix passing integrity data
earlycon: add reg-offset to physical address before mapping
serial: core: mark port as initialized in autoconfig
serial: 8250_pci: Add Brainboxes UC-260 4 port serial device
usb: dwc3: Fix lock-up on ID change during system suspend/resume
usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb()
usb: usbmon: Read text within supplied buffer size
usb: quirks: add control message delay for 1b1c:1b20
usbip: vudc: fix null pointer dereference on udc->lock
USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h
staging: android: ashmem: Fix lockdep issue during llseek
staging: comedi: fix comedi_nsamples_left.
uas: fix comparison for error code
tty/serial: atmel: add new version check for usart
serial: sh-sci: prevent lockup on full TTY buffers
xhci: fix endpoint context tracer output
xhci: Fix front USB ports on ASUS PRIME B350M-A
usb: host: xhci-rcar: add support for r8a77965
ASoC: rt5651: Fix regcache sync errors on resume
ASoC: wm_adsp: For TLV controls only register TLV get/set
ASoC: sgtl5000: Fix suspend/resume
ASoC: sun4i-i2s: Fix RX slot number of SUN8I
x86: Treat R_X86_64_PLT32 as R_X86_64_PC32
net: phy: Restore phy_resume() locking assumption
net: phy: fix resume handling
ANDROID: sdcardfs: fix lock issue on 32 bit/SMP architectures
Change-Id: Ida88909c333e059adf42a8794c3b92b1d15252f7
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
Christophe Leroy
|
0ced0c46b4 |
Fix misannotated out-of-line _copy_to_user()
[ Upstream commit a0e94598e6b6c0d1df6a5fa14eb7c767ca817a20 ]
Destination is a kernel pointer and source - a userland one
in _copy_from_user(); _copy_to_user() is the other way round.
Fixes: d597580d37377 ("generic ...copy_..._user primitives")
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Linux Build Service Account
|
be49c61378 | Merge "Merge remote-tracking branch 'remotes/origin/tmp-df0daba' into msm-4.14" into msm-4.14 | ||
|
Linux Build Service Account
|
14b1002220 | Merge "lib: ubsan: Fix compilation issues for ubsan" into msm-4.14 | ||
|
Isaac J. Manjarres
|
3ba3c6ce0a |
Merge remote-tracking branch 'remotes/origin/tmp-df0daba' into msm-4.14
* remotes/origin/tmp-df0daba: Linux 4.14.27 x86/kprobes: Fix kernel crash when probing .entry_trampoline code objtool: Fix 32-bit build objtool: Fix another switch table detection issue objtool, retpolines: Integrate objtool with retpoline support more closely objtool: Add module specific retpoline rules kbuild: move cc-option and cc-disable-warning after incl. arch Makefile kbuild: Set KBUILD_CFLAGS before incl. arch Makefile kbuild: re-order the code to not parse unnecessary variables objtool: Add retpoline validation objtool: Use existing global variables for options x86/mm/sme, objtool: Annotate indirect call in sme_encrypt_execute() x86/boot, objtool: Annotate indirect jump in secondary_startup_64() x86/paravirt, objtool: Annotate indirect calls x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP x86/speculation, objtool: Annotate indirect calls/jumps for objtool x86/retpoline: Support retpoline builds with Clang x86/speculation: Use IBRS if available before calling into firmware Revert "x86/retpoline: Simplify vmexit_fill_RSB()" x86-64/realmode: Add instruction suffix x86/LDT: Avoid warning in 32-bit builds with older gcc x86/asm: Improve how GEN_*_SUFFIXED_RMWcc() specify clobbers x86/mm: Remove stale comment about KMEMCHECK x86/entry/64: Use 'xorl' for faster register clearing x86/entry: Reduce the code footprint of the 'idtentry' macro nospec: Include <asm/barrier.h> dependency nospec: Kill array_index_nospec_mask_check() MIPS: CPC: Map registers using DT in mips_cpc_default_phys_base() dt-bindings: Document mti,mips-cpc binding scsi: qla2xxx: Fix recursion while sending terminate exchange scsi: qla2xxx: Fix NULL pointer crash due to probe failure ALSA: hda: add dock and led support for HP ProBook 640 G2 ALSA: hda: add dock and led support for HP EliteBook 820 G3 ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines ALSA: seq: More protection for concurrent write and ioctl races ALSA: seq: Don't allow resizing pool in use ALSA: hda/realtek - Make dock sound work on ThinkPad L570 ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520 ALSA: hda/realtek: Limit mic boost on T480 ALSA: hda/realtek - Add headset mode support for Dell laptop ALSA: hda/realtek - Add support headset mode for DELL WYSE x86/spectre_v2: Don't check microcode versions when running under hypervisors perf tools: Fix trigger class trigger_on() x86/MCE: Serialize sysfs changes x86/MCE: Save microcode revision in machine check records bcache: don't attach backing with duplicate UUID bcache: fix crashes in duplicate cache device register IB/mlx5: Fix incorrect size of klms in the memory region dm bufio: avoid false-positive Wmaybe-uninitialized warning kbuild: Handle builtin dtb file names containing hyphens IB/core: Fix missing RDMA cgroups release in case of failure to register device arm64: mm: fix thinko in non-global page table attribute check KVM: s390: fix memory overwrites when not using SCA entries virtio_ring: fix num_free handling in error case loop: Fix lost writes caused by missing flag Documentation/sphinx: Fix Directive import error mm/memblock.c: hardcode the end_pfn being -1 lib/bug.c: exclude non-BUG/WARN exceptions from report_bug() Input: matrix_keypad - fix race when disabling interrupts PCI: dwc: Fix enumeration end when reaching root subordinate MIPS: OCTEON: irq: Check for null return on kzalloc allocation MIPS: ath25: Check for kzalloc allocation failure MIPS: BMIPS: Do not mask IPIs during suspend drm/amdgpu:Always save uvd vcpu_bo in VM Mode drm/amdgpu:Correct max uvd handles drm/amdgpu: fix KV harvesting drm/radeon: fix KV harvesting drm/amdgpu: Notify sbios device ready before send request drm/amdgpu: used cached pcie gen info for SI (v2) drm/amd/powerplay: fix power over limit on Fiji drm/radeon: insist on 32-bit DMA for Cedar on PPC64/PPC64LE Revert "drm/radeon/pm: autoswitch power state when in balanced mode" drm/amd/powerplay/vega10: allow mclk switching with no displays drm/amd/powerplay/smu7: allow mclk switching with no displays drm/nouveau: prefer XBGR2101010 for addfb ioctl drm/amdgpu: Fix deadlock on runtime suspend drm/radeon: Fix deadlock on runtime suspend drm/nouveau: Fix deadlock on runtime suspend drm: Allow determining if current task is output poll worker workqueue: Allow retrieval of current task's work struct drm/i915: Always call to intel_display_set_init_power() in resume_early. scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS scsi: core: Avoid that ATA error handling can trigger a kernel hang or oops drm/i915/perf: fix perf stream opening lock drm/i915: Try EDID bitbanging on HDMI after failed read drm/i915: Update watermark state correctly in sanitize_watermarks drm/i915: Disable DC states around GMBUS on GLK drm/i915: Clear the in-use marker on execbuf failure drm/i915: Fix rsvd2 mask when out-fence is returned regulator: stm32-vrefbuf: fix check on ready flag net/smc: fix NULL pointer dereference on sock_create_kern() error path IB/uverbs: Improve lockdep_check RDMA/mlx5: Fix integer overflow while resizing CQ RDMA/ucma: Check that user doesn't overflow QP state RDMA/ucma: Limit possible option size NFS: Fix unstable write completion pNFS: Prevent the layout header refcount going to zero in pnfs_roc() NFS: Fix an incorrect type in struct nfs_direct_req scsi: qla2xxx: Fix memory leak in dual/target mode scsi: qla2xxx: Fix system crash in qlt_plogi_ack_unref scsi: qla2xxx: Remove aborting ELS IOCB call issued as part of timeout. scsi: qla2xxx: Defer processing of GS IOCB calls scsi: qla2xxx: Clear loop id after delete scsi: qla2xxx: Fix scan state field for fcport scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport scsi: qla2xxx: Fix abort command deadlock due to spinlock scsi: qla2xxx: Fix PRLI state check scsi: qla2xxx: Fix Relogin being triggered too fast scsi: qla2xxx: Fix NPIV host cleanup in target mode scsi: qla2xxx: Fix login state machine stuck at GPDB scsi: qla2xxx: Serialize GPNID for multiple RSCN scsi: qla2xxx: Retry switch command on time out scsi: qla2xxx: Fix re-login for Nport Handle in use scsi: qla2xxx: Skip IRQ affinity for Target QPairs scsi: qla2xxx: Move session delete to driver work queue scsi: qla2xxx: Fix gpnid error processing scsi: qla2xxx: Fix system crash for Notify ack timeout handling tpm: only attempt to disable the LPC CLKRUN if is already enabled tpm: remove unused variables tpm: delete the TPM_TIS_CLK_ENABLE flag tpm: Keep CLKRUN enabled throughout the duration of transmit_cmd() tpm_tis: Move ilb_base_addr to tpm_tis_data netfilter: use skb_to_full_sk in ip6_route_me_harder netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt netfilter: bridge: ebt_among: add missing match size checks netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets netfilter: IDLETIMER: be syzkaller friendly netfilter: nat: cope with negative port range netfilter: x_tables: fix missing timer initialization in xt_LED netfilter: xt_hashlimit: fix lock imbalance netfilter: ipt_CLUSTERIP: fix a race condition of proc file creation netfilter: add back stackpointer size checks ASoC: Intel: kbl: fix jack name ASoC: Intel: Skylake: Fix jack name format substitution ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds watchdog: hpwdt: Remove legacy NMI sourcing. watchdog: hpwdt: fix unused variable warning watchdog: hpwdt: Check source of NMI watchdog: hpwdt: SMBIOS check kbuild: move "_all" target out of $(KBUILD_SRC) conditional FROMLIST: f2fs: don't put dentry page in pagecache into highmem Conflicts: Makefile Change-Id: I9c0acaa8aea9f4986bf01898de8d4be4658c64ce Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> |
||
Kees Cook
|
d50cb5cedb |
lib/bug.c: exclude non-BUG/WARN exceptions from report_bug()
commit 1b4cfe3c0a30dde968fb43c577a8d7e262a145ee upstream.
Commit b8347c219649 ("x86/debug: Handle warnings before the notifier
chain, to fix KGDB crash") changed the ordering of fixups, and did not
take into account the case of x86 processing non-WARN() and non-BUG()
exceptions. This would lead to output of a false BUG line with no other
information.
In the case of a refcount exception, it would be immediately followed by
the refcount WARN(), producing very strange double-"cut here":
lkdtm: attempting bad refcount_inc() overflow
------------[ cut here ]------------
Kernel BUG at 0000000065f29de5 [verbose debug info unavailable]
------------[ cut here ]------------
refcount_t overflow at lkdtm_REFCOUNT_INC_OVERFLOW+0x6b/0x90 in cat[3065], uid/euid: 0/0
WARNING: CPU: 0 PID: 3065 at kernel/panic.c:657 refcount_error_report+0x9a/0xa4
...
In the prior ordering, exceptions were searched first:
do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str,
...
if (fixup_exception(regs, trapnr))
return 0;
- if (fixup_bug(regs, trapnr))
- return 0;
-
As a result, fixup_bugs()'s is_valid_bugaddr() didn't take into account
needing to search the exception list first, since that had already
happened.
So, instead of searching the exception list twice (once in
is_valid_bugaddr() and then again in fixup_exception()), just add a
simple sanity check to report_bug() that will immediately bail out if a
BUG() (or WARN()) entry is not found.
Link: http://lkml.kernel.org/r/20180301225934.GA34350@beast
Fixes: b8347c219649 ("x86/debug: Handle warnings before the notifier chain, to fix KGDB crash")
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Richard Weinberger <richard.weinberger@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Isaac J. Manjarres
|
a7ea4f03e5 |
lib: ubsan: Fix compilation issues for ubsan
Currently, multiple declarations of data structures and functions exist, as well as dead code that was meant to be removed earlier. Remove dead code and multiple declarations for ubsan. Change-Id: I2b1d27ab2edc9852a3cd286c70fe8990aa0e0754 Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> |
||
|
Isaac J. Manjarres
|
07f0d9dd34 |
Merge remote-tracking branch 'remotes/origin/tmp-85ab9a0' into msm-4.14
* remotes/origin/tmp-85ab9a0: Linux 4.14.24 net: sched: fix use-after-free in tcf_block_put_ext net_sched: get rid of rcu_barrier() in tcf_block_put_ext() net: sched: crash on blocks with goto chain action net: sched: fix crash when deleting secondary chains arm64: dts: marvell: mcbin: add comphy references to Ethernet ports arm64: dts: marvell: add comphy nodes on cp110 master and slave powerpc/pseries: Enable RAS hotplug events later MIPS: Implement __multi3 for GCC7 MIPS64r6 builds mlxsw: pci: Wait after reset before accessing HW nfp: always unmask aux interrupts at init of_mdio: avoid MDIO bus removal when a PHY is missing net: gianfar_ptp: move set_fipers() to spinlock protecting area sctp: make use of pre-calculated len sctp: add a ceiling to optlen in some sockopts xen/gntdev: Fix partial gntdev_mmap() cleanup xen/gntdev: Fix off-by-one error when unmapping with holes SolutionEngine771x: fix Ether platform data mdio-sun4i: Fix a memory leak xen-netfront: enable device after manual module load bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. bnxt_en: Fix population of flow_type in bnxt_hwrm_cfa_flow_alloc() x86/platform/intel-mid: Revert "Make 'bt_sfi_data' const" nvme-fabrics: initialize default host->id in nvmf_host_default() powerpc/pseries: Make RAS IRQ explicitly dependent on DLPAR WQ leds: core: Fix regression caused by commit 2b83ff96f51d bpf: sockmap missing NULL psock check ia64, sched/cputime: Fix build error if CONFIG_VIRT_CPU_ACCOUNTING_NATIVE=y block: drain queue before waiting for q_usage_counter becoming zero wcn36xx: Fix dynamic power saving can: flex_can: Correct the checking for frame length in flexcan_start_xmit() mac80211: mesh: drop frames appearing to be from us nl80211: Check for the required netlink attribute presence net: ena: unmask MSI-X only after device initialization is completed i40e: don't remove netdev->dev_addr when syncing uc list i40e/i40evf: Account for frags split over multiple descriptors in check linearize uapi libc compat: add fallback for unsupported libcs x86/efi: Fix kernel param add_efi_memmap regression RDMA/netlink: Fix locking around __ib_get_device_by_index drm/ttm: check the return value of kzalloc NET: usb: qmi_wwan: add support for YUGA CLM920-NC5 PID 0x9625 e1000: fix disabling already-disabled warning macvlan: Fix one possible double free xfs: quota: check result of register_shrinker() xfs: quota: fix missed destroy of qi_tree_lock IB/ipoib: Fix race condition in neigh creation IB/mlx4: Fix mlx4_ib_alloc_mr error flow Input: xen-kbdfront - do not advertise multi-touch pressure support ip6_tunnel: allow ip6gre dev mtu to be set below 1280 btrfs: Fix flush bio leak s390/dasd: fix wrongly assigned configuration data afs: Fix missing error handling in afs_write_end() genirq: Guard handle_bad_irq log messages IB/mlx5: Fix mlx5_ib_alloc_mr error flow led: core: Fix brightness setting when setting delay_off=0 perf/x86/intel: Plug memory leak in intel_pmu_init() bnx2x: Improve reliability in case of nested PCI errors tg3: Enable PHY reset in MTU change path for 5720 tg3: Add workaround to restrict 5762 MRRS to 2048 tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path tipc: error path leak fixes in tipc_enable_bearer() netfilter: nf_tables: fix potential NULL-ptr deref in nf_tables_dump_obj_done() crypto: inside-secure - fix request allocations in invalidation path crypto: inside-secure - free requests even if their handling failed crypto: inside-secure - per request invalidation arm64: dts: renesas: ulcb: Remove renesas, no-ether-link property lib/mpi: Fix umul_ppmm() for MIPS64r6 crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t ARM: dts: ls1021a: fix incorrect clock references RDMA/vmw_pvrdma: Call ib_umem_release on destroy QP path i915: Reject CCS modifiers for pipe C on Geminilake netfilter: uapi: correct UNTRACKED conntrack state bit number scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error netfilter: nf_tables: fix chain filter in nf_tables_dump_rules() xen/balloon: Mark unallocated host memory as UNUSABLE ASoC: rsnd: fixup ADG register mask net/mlx5: Stay in polling mode when command EQ destroy fails net/mlx5: Cleanup IRQs in case of unload failure net/mlx5e: Fix ETS BW check net: stmmac: Fix bad RX timestamp extraction net: stmmac: Fix TX timestamp calculation ip6_tunnel: get the min mtu properly in ip6_tnl_xmit ip6_gre: remove the incorrect mtu limit for ipgre tap ip_gre: remove the incorrect mtu limit for ipgre tap vxlan: update skb dst pmtu on tx path net: arc_emac: fix arc_emac_rx() error paths net: mediatek: setup proper state for disabled GMAC on the default x86-64/Xen: eliminate W+X mappings staging: ion: Fix ion_cma_heap allocations cgroup: Fix deadlock in cpu hotplug path ASoC: nau8825: fix issue that pop noise when start capture spi: atmel: fixed spin_lock usage inside atmel_spi_remove mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl x86/stacktrace: Make zombie stack traces reliable xfrm: Reinject transport-mode packets through tasklet drm/nouveau/pci: do a msi rearm on init net: phy: xgene: disable clk on error paths sget(): handle failures of register_shrinker() sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege x86/asm: Allow again using asm.h when building for the 'bpf' clang target ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch parisc: Reduce thread stack to 16 kb ipv6: icmp6: Allow icmp messages to be looped back mtd: nand: brcmnand: Zero bitflip is not an error mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM net: usb: qmi_wwan: add Telit ME910 PID 0x1101 support net: aquantia: Fix hardware DMA stream overload on large MRRS net: aquantia: Fix actual speed capabilities reporting nvme: check hw sectors before setting chunk sectors nvme-fc: remove double put reference if admin connect fails phy: cpcap-usb: Fix platform_get_irq_byname's error checking. dmaengine: fsl-edma: disable clks on all error paths scsi: aacraid: Fix I/O drop during reset mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()' exec: avoid gcc-8 warning for get_task_comm hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) Conflicts: drivers/staging/android/ion/Kconfig drivers/staging/android/ion/ion_cma_heap.c Change-Id: I58485dd9ac8092a184c42a8e125e44523221e3ea Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> |
||
James Hogan
|
22d5e20c6a |
lib/mpi: Fix umul_ppmm() for MIPS64r6
[ Upstream commit bbc25bee37d2b32cf3a1fab9195b6da3a185614a ]
Current MIPS64r6 toolchains aren't able to generate efficient
DMULU/DMUHU based code for the C implementation of umul_ppmm(), which
performs an unsigned 64 x 64 bit multiply and returns the upper and
lower 64-bit halves of the 128-bit result. Instead it widens the 64-bit
inputs to 128-bits and emits a __multi3 intrinsic call to perform a 128
x 128 multiply. This is both inefficient, and it results in a link error
since we don't include __multi3 in MIPS linux.
For example commit 90a53e4432b1 ("cfg80211: implement regdb signature
checking") merged in v4.15-rc1 recently broke the 64r6_defconfig and
64r6el_defconfig builds by indirectly selecting MPILIB. The same build
errors can be reproduced on older kernels by enabling e.g. CRYPTO_RSA:
lib/mpi/generic_mpih-mul1.o: In function `mpihelp_mul_1':
lib/mpi/generic_mpih-mul1.c:50: undefined reference to `__multi3'
lib/mpi/generic_mpih-mul2.o: In function `mpihelp_addmul_1':
lib/mpi/generic_mpih-mul2.c:49: undefined reference to `__multi3'
lib/mpi/generic_mpih-mul3.o: In function `mpihelp_submul_1':
lib/mpi/generic_mpih-mul3.c:49: undefined reference to `__multi3'
lib/mpi/mpih-div.o In function `mpihelp_divrem':
lib/mpi/mpih-div.c:205: undefined reference to `__multi3'
lib/mpi/mpih-div.c:142: undefined reference to `__multi3'
Therefore add an efficient MIPS64r6 implementation of umul_ppmm() using
inline assembly and the DMULU/DMUHU instructions, to prevent __multi3
calls being emitted.
Fixes: 7fd08ca58ae6 ("MIPS: Add build support for the MIPS R6 ISA")
Signed-off-by: James Hogan <jhogan@kernel.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-mips@linux-mips.org
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Isaac J. Manjarres
|
9636a4ea18 |
Merge remote-tracking branch 'remotes/origin/tmp-af3b8e6' into msm-4.14
* remotes/origin/tmp-af3b8e6:
Linux 4.14.22
vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems
mei: me: add cannon point device ids for 4th device
mei: me: add cannon point device ids
crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
drm/i915: fix intel_backlight_device_register declaration
crypto: talitos - fix Kernel Oops on hashing an empty file
hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
powerpc/perf/imc: Fix nest-imc cpuhotplug callback failure
PCI: rcar: Fix use-after-free in probe error path
xen: XEN_ACPI_PROCESSOR is Dom0-only
platform/x86: dell-laptop: Fix keyboard max lighting for Dell Latitude E6410
x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
usb: dwc3: of-simple: fix missing clk_disable_unprepare
usb: dwc3: gadget: Wait longer for controller to end command processing
dmaengine: jz4740: disable/unprepare clk if probe fails
drm/vc4: Release fence after signalling
ASoC: rsnd: ssi: fix race condition in rsnd_ssi_pointer_update
drm/armada: fix leak of crtc structure
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
IB/mlx4: Fix RSS hash fields restrictions
spi: sun4i: disable clocks in the remove function
ASoC: rockchip: disable clock on error
staging: ccree: Uninitialized return in ssi_ahash_import()
clk: fix a panic error caused by accessing NULL pointer
netfilter: xt_bpf: add overflow checks
xfrm: Fix xfrm_input() to verify state is valid when (encap_type < 0)
dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved
dmaengine: ioat: Fix error handling path
scsi: bfa: fix type conversion warning
scsi: bfa: fix access to bfad_im_port_s
scsi: lpfc: Use after free in lpfc_rq_buf_free()
gianfar: Disable EEE autoneg by default
509: fix printing uninitialized stack memory when OID is empty
net: dsa: mv88e6xxx: Unregister MDIO bus on error path
net: dsa: mv88e6xxx: Fix interrupt masking on removal
net: ethernet: arc: fix error handling in emac_rockchip_probe
virtio_net: fix return value check in receive_mergeable()
brcmfmac: Avoid build error with make W=1
btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
Btrfs: disable FUA if mounted with nobarrier
btrfs: Fix quota reservation leak on preallocated files
locking/lockdep: Fix possible NULL deref
net: qualcomm: rmnet: Fix leak on transmit failure
KVM: VMX: fix page leak in hardware_setup()
VSOCK: fix outdated sk_state value in hvs_release()
net_sched: red: Avoid illegal values
net_sched: red: Avoid devision by zero
gianfar: fix a flooded alignment reports because of padding issue.
nfp: fix port stats for mac representors
ARM: dts: Fix elm interrupt compiler warning
s390/dasd: prevent prefix I/O error
s390/virtio: add BSD license to virtio-ccw
PM / runtime: Fix handling of suppliers with disabled runtime PM
powerpc/perf: Fix oops when grouping different pmu events
m68k: add missing SOFTIRQENTRY_TEXT linker section
ipvlan: Add the skb->mark as flow4's member to lookup route
bnxt_en: Need to unconditionally shut down RoCE in bnxt_shutdown
scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
iio: fix kernel-doc build errors
iio: proximity: sx9500: Assign interrupt from GpioIo()
md/raid1/10: add missed blk plug
phylink: ensure we take the link down when phylink_stop() is called
sfp: fix RX_LOS signal handling
sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune
md/raid5: correct degraded calculation in raid5_error
IB/core: Init subsys if compiled to vmlinuz-core
RDMA/cma: Make sure that PSN is not over max allowed
i40iw: Correct ARP index mask
i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE
i40iw: Allocate a sdbuf per CQP WQE
KVM: arm/arm64: Fix spinlock acquisition in vgic_set_owner
meson-gx-socinfo: Fix package id parsing
IB/hfi1: Initialize bth1 in 16B rc ack builder
pinctrl: sunxi: Fix A64 UART mux value
pinctrl: sunxi: Fix A80 interrupt pin bank
gpio: davinci: Assign first bank regs for unbanked case
gpio: 74x164: Fix crash during .remove()
net: mvpp2: allocate zeroed tx descriptors
media: ov13858: Select V4L2_FWNODE
media: s5k6aa: describe some function parameters
trace/xdp: fix compile warning: 'struct bpf_map' declared inside parameter list
kvm: arm: don't treat unavailable HYP mode as an error
pinctrl: denverton: Fix UART2 RTS pin mode
perf test: Fix test 21 for s390x
perf bench numa: Fixup discontiguous/sparse numa nodes
perf top: Fix window dimensions change handling
perf: Fix header.size for namespace events
perf test shell: Fix check open filename arg using 'perf trace' on s390x
perf annotate: Do not truncate instruction names at 6 chars
perf help: Fix a bug during strstart() conversion
perf record: Fix -c/-F options for cpu event aliases
ARM: dts: am437x-cm-t43: Correct the dmas property of spi0
ARM: dts: am4372: Correct the interrupts_properties of McASP
ARM: dts: logicpd-somlv: Fix wl127x pinmux
ARM: dts: logicpd-som-lv: Fix gpmc addresses for NAND and enet
ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
serdev: fix receive_buf return value when no callback
usb: build drivers/usb/common/ when USB_SUPPORT is set
usbip: keep usbip_device sockfd state in sync with tcp_socket
staging: iio: ad5933: switch buffer mode to software
staging: iio: adc: ad7192: fix external frequency setting
staging: fsl-mc: fix build testing on x86
binder: replace "%p" with "%pK"
binder: check for binder_thread allocation failure in binder_poll()
staging: android: ashmem: Fix a race condition in pin ioctls
ANDROID: binder: synchronize_rcu() when using POLLFREE.
ANDROID: binder: remove WARN() for redundant txn error
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
arm64: dts: add #cooling-cells to CPU nodes
ARM: 8743/1: bL_switcher: add MODULE_LICENSE tag
video: fbdev/mmp: add MODULE_LICENSE
ASoC: ux500: add MODULE_LICENSE tag
net_sched: gen_estimator: fix lockdep splat
net: avoid skb_warn_bad_offload on IS_ERR
rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete
rds: tcp: correctly sequence cleanup on netns deletion.
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
netfilter: on sockopt() acquire sock lock only in the required scope
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
netfilter: x_tables: fix int overflow in xt_alloc_table_info()
kcov: detect double association with a single task
KVM: x86: fix escape of guest dr6 to the host
blk_rq_map_user_iov: fix error override
staging: android: ion: Switch from WARN to pr_warn
staging: android: ion: Add __GFP_NOWARN for system contig heap
crypto: x86/twofish-3way - Fix %rbp usage
media: pvrusb2: properly check endpoint types
selinux: skip bounded transition processing if the policy isn't loaded
selinux: ensure the context is NUL terminated in security_context_to_sid_core()
ptr_ring: try vmalloc() when kmalloc() fails
ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
ALSA: bcd2000: Add a sanity check for invalid EPs
ALSA: caiaq: Add a sanity check for invalid EPs
ALSA: line6: Add a sanity check for invalid EPs
drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
dnotify: Handle errors from fsnotify_add_mark_locked() in fcntl_dirnotify()
blktrace: fix unlocked registration of tracepoints
sctp: set frag_point in sctp_setsockopt_maxseg correctly
xfrm: check id proto in validate_tmpl()
xfrm: Fix stack-out-of-bounds read on socket policy lookup.
RDMA/netlink: Fix general protection fault
KVM/x86: Check input paging mode when cs.l is set
mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
xfrm: skip policies marked as dead while rehashing
xfrm: fix rcu usage in xfrm_get_type_offload
xfrm: don't call xfrm_policy_cache_flush while holding spinlock
esp: Fix GRO when the headers not fully in the linear part of the skb.
mac80211_hwsim: validate number of different channels
cfg80211: check dev_set_name() return value
bpf: mark dst unknown on inconsistent {s, u}bounds adjustments
kcm: Only allow TCP sockets to be attached to a KCM mux
kcm: Check if sk_user_data already set in kcm_attach
vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
usb: core: Add a helper function to check the validity of EP type in URB
ANDROID: sdcardfs: Hold i_mutex for i_size_write
FROMGIT: crypto: speck - add test vectors for Speck64-XTS
FROMGIT: crypto: speck - add test vectors for Speck128-XTS
FROMGIT: crypto: arm/speck - add NEON-accelerated implementation of Speck-XTS
FROMGIT: crypto: speck - export common helpers
FROMGIT: crypto: speck - add support for the Speck block cipher
f2fs: updates on v4.16-rc1
Conflicts:
drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
Change-Id: I420172cd4438ce010645ceb00a71c4e3f03596d8
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
Eric Biggers
|
f2f12ea19f |
509: fix printing uninitialized stack memory when OID is empty
[ Upstream commit 8dfd2f22d3bf3ab7714f7495ad5d897b8845e8c1 ]
Callers of sprint_oid() do not check its return value before printing
the result. In the case where the OID is zero-length, -EBADMSG was
being returned without anything being written to the buffer, resulting
in uninitialized stack memory being printed. Fix this by writing
"(bad)" to the buffer in the cases where -EBADMSG is returned.
Fixes: 4f73175d0375 ("X.509: Add utility functions to render OIDs as strings")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Isaac J. Manjarres
|
2c7009015c |
Merge remote-tracking branch 'remotes/origin/tmp-474d3c4' into msm-4.14
* remotes/origin/tmp-474d3c4:
Linux 4.14.21
ovl: hash directory inodes for fsnotify
ASoC: acpi: fix machine driver selection based on quirk
mmc: sdhci-of-esdhc: fix the mmc error after sleep on ls1046ardb
mmc: sdhci-of-esdhc: fix eMMC couldn't work after kexec
mmc: sdhci-of-esdhc: disable SD clock for clock value 0
media: r820t: fix r820t_write_reg for KASAN
ARM: dts: Delete bogus reference to the charlcd
arm: dts: mt2701: Add reset-cells
arm: dts: mt7623: Update ethsys binding
ARM: dts: s5pv210: add interrupt-parent for ohci
arm64: dts: msm8916: Add missing #phy-cells
ARM: pxa/tosa-bt: add MODULE_LICENSE tag
ARM: dts: exynos: fix RTC interrupt for exynos5410
Bluetooth: BT_HCIUART now depends on SERIAL_DEV_BUS
scsi: core: check for device state in __scsi_remove_target()
x86/mm, mm/hwpoison: Don't unconditionally unmap kernel 1:1 pages
usb: Move USB_UHCI_BIG_ENDIAN_* out of USB_SUPPORT
mvpp2: fix multicast address filter
ALSA: seq: Fix racy pool initializations
ALSA: usb: add more device quirks for USB DSD devices
ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204
ALSA: hda/realtek: PCI quirk for Fujitsu U7x7
ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform
ALSA: hda/realtek - Add headset mode support for Dell laptop
ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
ALSA: hda - Fix headset mic detection problem for two Dell machines
mtd: nand: vf610: set correct ooblayout
9p/trans_virtio: discard zero-length reply
Btrfs: fix unexpected -EEXIST when creating new inode
Btrfs: fix use-after-free on root->orphan_block_rsv
Btrfs: fix btrfs_evict_inode to handle abnormal inodes correctly
Btrfs: fix extent state leak from tree log
Btrfs: fix crash due to not cleaning up tree log block's dirty bits
Btrfs: fix deadlock in run_delalloc_nocow
dm: correctly handle chained bios in dec_pending()
iscsi-target: make sure to wake up sleeping login worker
target/iscsi: avoid NULL dereference in CHAP auth error path
blk-wbt: account flush requests correctly
xprtrdma: Fix BUG after a device removal
xprtrdma: Fix calculation of ri_max_send_sges
drm/qxl: reapply cursor after resetting primary
qxl: alloc & use shadow for dumb buffers
arm64: proc: Set PTE_NG for table entries to avoid traversing them twice
rtlwifi: rtl8821ae: Fix connection lost problem correctly
mpls, nospec: Sanitize array index in mpls_label_ok()
tracing: Fix parsing of globs with a wildcard at the beginning
seq_file: fix incomplete reset on read from zero offset
xenbus: track caller request id
xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests
rbd: whitelist RBD_FEATURE_OPERATIONS feature bit
console/dummy: leave .con_font_get set to NULL
video: fbdev: atmel_lcdfb: fix display-timings lookup
PCI: keystone: Fix interrupt-controller-node lookup
PCI: iproc: Fix NULL pointer dereference for BCMA
PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode
MIPS: Fix incorrect mem=X@Y handling
MIPS: Fix typo BIG_ENDIAN to CPU_BIG_ENDIAN
mm: Fix memory size alignment in devm_memremap_pages_release()
mm: hide a #warning for COMPILE_TEST
ext4: correct documentation for grpid mount option
ext4: save error to disk in __ext4_grp_locked_error()
ext4: fix a race in the ext4 shutdown path
jbd2: fix sphinx kernel-doc build warnings
Revert "apple-gmux: lock iGP IO to protect from vgaarb changes"
mlx5: fix mlx5_get_vector_affinity to start from completion vector 0
Revert "mmc: meson-gx: include tx phase in the tuning process"
mmc: bcm2835: Don't overwrite max frequency unconditionally
mmc: sdhci: Implement an SDHCI-specific bounce buffer
mbcache: initialize entry->e_referenced in mb_cache_entry_create()
rtc-opal: Fix handling of firmware error codes, prevent busy loops
drm/radeon: adjust tested variable
drm/radeon: Add dpm quirk for Jet PRO (v2)
arm64: Add missing Falkor part number for branch predictor hardening
drm/ast: Load lut in crtc_commit
drm/amd/powerplay: Fix smu_table_entry.handle type
drm/qxl: unref cursor bo when finished with it
drm/ttm: Fix 'buf' pointer update in ttm_bo_vm_access_kmap() (v2)
drm/ttm: Don't add swapped BOs to swap-LRU list
x86/entry/64: Fix CR3 restore in paranoid_exit()
x86/cpu: Change type of x86_cache_size variable to unsigned int
x86/spectre: Fix an error message
x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
selftests/x86/mpx: Fix incorrect bounds with old _sigfault
x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]()
kmemcheck: rip it out for real
kmemcheck: rip it out
kmemcheck: remove whats left of NOTRACK flags
kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
kmemcheck: remove annotations
x86/speculation: Add <asm/msr-index.h> dependency
nospec: Move array_index_nospec() parameter checking into separate macro
x86/speculation: Fix up array_index_nospec_mask() asm constraint
x86/debug: Use UD2 for WARN()
x86/debug, objtool: Annotate WARN()-related UD2 as reachable
objtool: Fix segfault in ignore_unreachable_insn()
selftests/x86: Disable tests requiring 32-bit support on pure 64-bit systems
selftests/x86: Do not rely on "int $0x80" in single_step_syscall.c
selftests/x86: Do not rely on "int $0x80" in test_mremap_vdso.c
selftests/x86/pkeys: Remove unused functions
selftests/x86: Clean up and document sscanf() usage
selftests/x86: Fix vDSO selftest segfault for vsyscall=none
x86/entry/64: Remove the unused 'icebp' macro
x86/entry/64: Fix paranoid_entry() frame pointer warning
x86/entry/64: Indent PUSH_AND_CLEAR_REGS and POP_REGS properly
x86/entry/64: Get rid of the ALLOC_PT_GPREGS_ON_STACK and SAVE_AND_CLEAR_REGS macros
x86/entry/64: Use PUSH_AND_CLEAN_REGS in more cases
x86/entry/64: Introduce the PUSH_AND_CLEAN_REGS macro
x86/entry/64: Interleave XOR register clearing with PUSH instructions
x86/entry/64: Merge the POP_C_REGS and POP_EXTRA_REGS macros into a single POP_REGS macro
x86/entry/64: Merge SAVE_C_REGS and SAVE_EXTRA_REGS, remove unused extensions
x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface
PM: cpuidle: Fix cpuidle_poll_state_init() prototype
PM / runtime: Update links_count also if !CONFIG_SRCU
x86/speculation: Clean up various Spectre related details
KVM/nVMX: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap
X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods
Revert "x86/speculation: Simplify indirect_branch_prediction_barrier()"
x86/speculation: Correct Speculation Control microcode blacklist again
x86/speculation: Update Speculation Control microcode blacklist
x86/mm/pti: Fix PTI comment in entry_SYSCALL_64()
powerpc/mm/radix: Split linear mapping on hot-unplug
crypto: sun4i_ss_prng - convert lock to _bh in sun4i_ss_prng_generate
crypto: sun4i_ss_prng - fix return value of sun4i_ss_prng_generate
compiler-gcc.h: __nostackprotector needs gcc-4.4 and up
compiler-gcc.h: Introduce __optimize function attribute
x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface
x86/entry/64: Clear extra registers beyond syscall arguments, to reduce speculation attack surface
x86: PM: Make APM idle driver initialize polling state
x86/xen: init %gs very early to avoid page faults with stack protector
x86/kexec: Make kexec (mostly) work in 5-level paging mode
x86/gpu: add CFL to early quirks
drm/i915/kbl: Change a KBL pci id to GT2 from GT1.5
drm/i915: add GT number to intel_device_info
arm: spear13xx: Fix spics gpio controller's warning
arm: spear13xx: Fix dmas cells
arm: spear600: Add missing interrupt-parent of rtc
arm: dts: mt7623: fix card detection issue on bananapi-r2
ARM: dts: nomadik: add interrupt-parent for clcd
ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
ARM: lpc3250: fix uda1380 gpio numbers
arm64: dts: msm8916: Correct ipc references for smsm
s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
dma-buf: fix reservation_object_wait_timeout_rcu once more v2
powerpc: Fix DABR match on hash based systems
powerpc/xive: Use hw CPU ids when configuring the CPU queues
powerpc/mm: Flush radix process translations when setting MMU type
powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove
powerpc/radix: Remove trace_tlbie call from radix__flush_tlb_all
ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE
mwifiex: resolve reset vs. remove()/shutdown() deadlocks
PM / devfreq: Propagate error from devfreq_add_device()
swiotlb: suppress warning when __GFP_NOWARN is set
cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin
RDMA/rxe: Fix rxe_qp_cleanup()
RDMA/rxe: Fix a race condition in rxe_requester()
RDMA/rxe: Fix a race condition related to the QP error state
kselftest: fix OOM in memory compaction test
selftests: seccomp: fix compile error seccomp_bpf
IB/core: Avoid a potential OOPs for an unused optional parameter
IB/core: Fix ib_wc structure size to remain in 64 bytes boundary
IB/core: Fix two kernel warnings triggered by rxe registration
IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports
IB/qib: Fix comparison error with qperf compare/swap test
IB/umad: Fix use of unprotected device pointer
scsi: smartpqi: allow static build ("built-in")
tracing: Prevent PROFILE_ALL_BRANCHES when FORTIFY_SOURCE=y
Change-Id: I351a603ea607d9c158727d60c8915981a555044f
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
Levin, Alexander (Sasha Levin)
|
f369f14861 |
kmemcheck: rip it out
commit 4675ff05de2d76d167336b368bd07f3fef6ed5a6 upstream. Fix up makefiles, remove references, and git rm kmemcheck. Link: http://lkml.kernel.org/r/20171007030159.22241-4-alexander.levin@verizon.com Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Vegard Nossum <vegardno@ifi.uio.no> Cc: Pekka Enberg <penberg@kernel.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Alexander Potapenko <glider@google.com> Cc: Tim Hansen <devtimhansen@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Christian König
|
37efa60e16 |
swiotlb: suppress warning when __GFP_NOWARN is set
commit d0bc0c2a31c95002d37c3cc511ffdcab851b3256 upstream. TTM tries to allocate coherent memory in chunks of 2MB first to improve TLB efficiency and falls back to allocating 4K pages if that fails. Suppress the warning when the 2MB allocations fails since there is a valid fall back path. Signed-off-by: Christian König <christian.koenig@amd.com> Reported-by: Mike Galbraith <efault@gmx.de> Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104082 Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Isaac J. Manjarres
|
2ba985d87a |
Merge remote-tracking branch 'remotes/origin/tmp-0a91e84' into msm-4.14
* remotes/origin/tmp-0a91e84:
Linux 4.14.20
scsi: cxlflash: Reset command ioasc
scsi: lpfc: Fix crash after bad bar setup on driver attachment
rcu: Export init_rcu_head() and destroy_rcu_head() to GPL modules
scsi: core: Ensure that the SCSI error handler gets woken up
ftrace: Remove incorrect setting of glob search field
devpts: fix error handling in devpts_mntget()
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
ovl: take mnt_want_write() for removing impure xattr
ovl: fix failure to fsync lower dir
acpi, nfit: fix register dimm error handling
ACPI: sbshc: remove raw pointer from printk() message
drm/i915: Avoid PPS HW/SW state mismatch due to rounding
arm64: dts: marvell: add Ethernet aliases
objtool: Fix switch-table detection
btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
lib/ubsan: add type mismatch handler for new GCC/Clang
lib/ubsan.c: s/missaligned/misaligned/
clocksource/drivers/stm32: Fix kernel panic with multiple timers
blk-mq: quiesce queue before freeing queue
pktcdvd: Fix a recently introduced NULL pointer dereference
pktcdvd: Fix pkt_setup_dev() error path
pinctrl: sx150x: Add a static gpio/pinctrl pin range mapping
pinctrl: sx150x: Register pinctrl before adding the gpiochip
pinctrl: sx150x: Unregister the pinctrl on release
pinctrl: mcp23s08: fix irq setup order
pinctrl: intel: Initialize GPIO properly when used through irqchip
EDAC, octeon: Fix an uninitialized variable warning
xtensa: fix futex_atomic_cmpxchg_inatomic
alpha: fix formating of stack content
alpha: fix reboot on Avanti platform
alpha: Fix mixed up args in EXC macro in futex operations
alpha: osf_sys.c: fix put_tv32 regression
alpha: fix crash if pthread_create races with signal delivery
signal/sh: Ensure si_signo is initialized in do_divide_error
signal/openrisc: Fix do_unaligned_access to send the proper signal
ipmi: use dynamic memory for DMI driver override
Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version
Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
Bluetooth: btsdio: Do not bind to non-removable BCM43341
HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
pipe: fix off-by-one error when checking buffer limits
pipe: actually allow root to exceed the pipe buffer limits
kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"
kernel/async.c: revert "async: simplify lowest_in_progress()"
fs/proc/kcore.c: use probe_kernel_read() instead of memcpy()
media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
media: ts2020: avoid integer overflows on 32 bit machines
media: dvb-frontends: fix i2c access helpers for KASAN
kasan: rework Kconfig settings
kasan: don't emit builtin calls when sanitization is off
Btrfs: raid56: iterate raid56 internal bio with bio_for_each_segment_all
watchdog: imx2_wdt: restore previous timeout after suspend+resume
ASoC: skl: Fix kernel warning due to zero NHTL entry
ASoC: rockchip: i2s: fix playback after runtime resume
KVM: PPC: Book3S PR: Fix broken select due to misspelling
KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED
KVM: PPC: Book3S HV: Drop locks before reading guest memory
KVM: PPC: Book3S HV: Make sure we don't re-enter guest without XIVE loaded
KVM: nVMX: Fix bug of injecting L2 exception into L1
KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
crypto: sha512-mb - initialize pending lengths correctly
crypto: caam - fix endless loop when DECO acquire fails
media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
media: v4l2-compat-ioctl32.c: avoid sizeof(type)
media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
media: v4l2-compat-ioctl32.c: fix the indentation
media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
media: v4l2-ioctl.c: use check_fmt for enum/g/s/try_fmt
crypto: hash - prevent using keyed hashes without setting key
crypto: hash - annotate algorithms taking optional key
crypto: poly1305 - remove ->setkey() method
crypto: mcryptd - pass through absence of ->setkey()
crypto: cryptd - pass through absence of ->setkey()
crypto: hash - introduce crypto_hash_alg_has_setkey()
ahci: Add Intel Cannon Lake PCH-H PCI ID
ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
ahci: Annotate PCI ids for mobile Intel chipsets as such
kernfs: fix regression in kernfs_fop_write caused by wrong type
NFS: Fix a race between mmap() and O_DIRECT
NFS: reject request for id_legacy key without auxdata
NFS: commit direct writes even if they fail partially
NFS: Fix nfsstat breakage due to LOOKUPP
NFS: Add a cond_resched() to nfs_commit_release_pages()
nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE
nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
ubifs: free the encrypted symlink target
ubi: block: Fix locking for idr_alloc/idr_remove
ubi: fastmap: Erase outdated anchor PEBs during attach
ubi: Fix race condition between ubi volume creation and udev
mtd: nand: sunxi: Fix ECC strength choice
mtd: nand: Fix nand_do_read_oob() return value
mtd: nand: brcmnand: Disable prefetch by default
mtd: cfi: convert inline functions to macros
arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
arm/arm64: smccc: Make function identifiers an unsigned quantity
firmware/psci: Expose SMCCC version through psci_ops
firmware/psci: Expose PSCI conduit
arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
arm/arm64: KVM: Turn kvm_psci_version into a static inline
arm64: KVM: Make PSCI_VERSION a fast path
arm/arm64: KVM: Advertise SMCCC v1.1
arm/arm64: KVM: Implement PSCI 1.0 support
arm/arm64: KVM: Add smccc accessors to PSCI code
arm/arm64: KVM: Add PSCI_VERSION helper
arm/arm64: KVM: Consolidate the PSCI include files
arm64: KVM: Increment PC after handling an SMC trap
arm64: Branch predictor hardening for Cavium ThunderX2
arm64: Implement branch predictor hardening for Falkor
arm64: Implement branch predictor hardening for affected Cortex-A CPUs
arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
arm64: entry: Apply BP hardening for suspicious interrupts from EL0
arm64: entry: Apply BP hardening for high-priority synchronous exceptions
arm64: KVM: Use per-CPU vector when BP hardening is enabled
arm64: Move BP hardening to check_and_switch_context
arm64: Add skeleton to harden the branch predictor against aliasing attacks
arm64: Move post_ttbr_update_workaround to C code
drivers/firmware: Expose psci_get_version through psci_ops structure
arm64: cpufeature: Pass capability structure to ->enable callback
arm64: Run enable method for errata work arounds on late CPUs
arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early
arm64: futex: Mask __user pointers prior to dereference
arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user
arm64: uaccess: Prevent speculative use of the current addr_limit
arm64: entry: Ensure branch through syscall table is bounded under speculation
arm64: Use pointer masking to limit uaccess speculation
arm64: Make USER_DS an inclusive limit
arm64: Implement array_index_mask_nospec()
arm64: barrier: Add CSDB macros to control data-value prediction
arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives
arm64: entry: Reword comment about post_ttbr_update_workaround
arm64: Force KPTI to be disabled on Cavium ThunderX
arm64: kpti: Add ->enable callback to remap swapper using nG mappings
arm64: mm: Permit transitioning from Global to Non-Global without BBM
arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
arm64: Turn on KPTI only on CPUs that need it
arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
arm64: kpti: Fix the interaction between ASID switching and software PAN
arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
arm64: capabilities: Handle duplicate entries for a capability
arm64: Take into account ID_AA64PFR0_EL1.CSV3
arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
arm64: use RET instruction for exiting the trampoline
arm64: kaslr: Put kernel vectors address in separate data page
arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
arm64: cpu_errata: Add Kryo to Falkor 1003 errata
arm64: erratum: Work around Falkor erratum #E1003 in trampoline code
arm64: entry: Hook up entry trampoline to exception vectors
arm64: entry: Explicitly pass exception level to kernel_ventry macro
arm64: mm: Map entry trampoline into trampoline and kernel page tables
arm64: entry: Add exception trampoline page for exceptions from EL0
arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
arm64: mm: Allocate ASIDs in pairs
arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN
arm64: mm: Rename post_ttbr0_update_workaround
arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003
arm64: mm: Move ASID from TTBR0 to TTBR1
arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN
arm64: mm: Use non-global mappings for kernel space
arm64: move TASK_* definitions to <asm/processor.h>
media: hdpvr: Fix an error handling path in hdpvr_probe()
media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
dccp: CVE-2017-8824: use-after-free in DCCP code
drm/i915: Fix deadlock in i830_disable_pipe()
drm/i915: Redo plane sanitation during readout
drm/i915: Add .get_hw_state() method for planes
sched/rt: Up the root domain ref count when passing it around via IPIs
sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
KVM MMU: check pending exception before injecting APF
arm64: Add software workaround for Falkor erratum 1041
arm64: Define cputype macros for Falkor CPU
watchdog: gpio_wdt: set WDOG_HW_RUNNING in gpio_wdt_stop
sched/wait: Fix add_wait_queue() behavioral change
dmaengine: dmatest: fix container_of member in dmatest_callback
cpufreq: mediatek: add mediatek related projects into blacklist
CIFS: zero sensitive data when freeing
cifs: Fix autonegotiate security settings mismatch
cifs: Fix missing put_xid in cifs_file_strict_mmap
powerpc/pseries: include linux/types.h in asm/hvcall.h
watchdog: indydog: Add dependency on SGI_HAS_INDYDOG
ANDROID: Fixup 64/32-bit divide confusion for WALT configs
Conflicts:
include/trace/events/sched.h
kernel/sched/sched.h
lib/ubsan.c
lib/ubsan.h
arch/arm64/configs/sdm855_defconfig
arch/arm64/configs/sdm855-perf_defconfig
Change-Id: I034588046a45f3d8be0615bed40d2ddd334ebd74
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
Andrey Ryabinin
|
2617e62c2f |
lib/ubsan: add type mismatch handler for new GCC/Clang
commit 42440c1f9911b4b7b8ba3dc4e90c1197bc561211 upstream.
UBSAN=y fails to build with new GCC/clang:
arch/x86/kernel/head64.o: In function `sanitize_boot_params':
arch/x86/include/asm/bootparam_utils.h:37: undefined reference to `__ubsan_handle_type_mismatch_v1'
because Clang and GCC 8 slightly changed ABI for 'type mismatch' errors.
Compiler now uses new __ubsan_handle_type_mismatch_v1() function with
slightly modified 'struct type_mismatch_data'.
Let's add new 'struct type_mismatch_data_common' which is independent from
compiler's layout of 'struct type_mismatch_data'. And make
__ubsan_handle_type_mismatch[_v1]() functions transform compiler-dependent
type mismatch data to our internal representation. This way, we can
support both old and new compilers with minimal amount of change.
Link: http://lkml.kernel.org/r/20180119152853.16806-1-aryabinin@virtuozzo.com
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reported-by: Sodagudi Prasad <psodagud@codeaurora.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Andrew Morton
|
5a5df77710 |
lib/ubsan.c: s/missaligned/misaligned/
commit b8fe1120b4ba342b4f156d24e952d6e686b20298 upstream. A vist from the spelling fairy. Cc: David Laight <David.Laight@ACULAB.COM> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Arnd Bergmann
|
062cd3463c |
kasan: rework Kconfig settings
commit e7c52b84fb18f08ce49b6067ae6285aca79084a8 upstream. We get a lot of very large stack frames using gcc-7.0.1 with the default -fsanitize-address-use-after-scope --param asan-stack=1 options, which can easily cause an overflow of the kernel stack, e.g. drivers/gpu/drm/i915/gvt/handlers.c:2434:1: warning: the frame size of 46176 bytes is larger than 3072 bytes drivers/net/wireless/ralink/rt2x00/rt2800lib.c:5650:1: warning: the frame size of 23632 bytes is larger than 3072 bytes lib/atomic64_test.c:250:1: warning: the frame size of 11200 bytes is larger than 3072 bytes drivers/gpu/drm/i915/gvt/handlers.c:2621:1: warning: the frame size of 9208 bytes is larger than 3072 bytes drivers/media/dvb-frontends/stv090x.c:3431:1: warning: the frame size of 6816 bytes is larger than 3072 bytes fs/fscache/stats.c:287:1: warning: the frame size of 6536 bytes is larger than 3072 bytes To reduce this risk, -fsanitize-address-use-after-scope is now split out into a separate CONFIG_KASAN_EXTRA Kconfig option, leading to stack frames that are smaller than 2 kilobytes most of the time on x86_64. An earlier version of this patch also prevented combining KASAN_EXTRA with KASAN_INLINE, but that is no longer necessary with gcc-7.0.1. All patches to get the frame size below 2048 bytes with CONFIG_KASAN=y and CONFIG_KASAN_EXTRA=n have been merged by maintainers now, so we can bring back that default now. KASAN_EXTRA=y still causes lots of warnings but now defaults to !COMPILE_TEST to disable it in allmodconfig, and it remains disabled in all other defconfigs since it is a new option. I arbitrarily raise the warning limit for KASAN_EXTRA to 3072 to reduce the noise, but an allmodconfig kernel still has around 50 warnings on gcc-7. I experimented a bit more with smaller stack frames and have another follow-up series that reduces the warning limit for 64-bit architectures to 1280 bytes (without CONFIG_KASAN). With earlier versions of this patch series, I also had patches to address the warnings we get with KASAN and/or KASAN_EXTRA, using a "noinline_if_stackbloat" annotation. That annotation now got replaced with a gcc-8 bugfix (see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715) and a workaround for older compilers, which means that KASAN_EXTRA is now just as bad as before and will lead to an instant stack overflow in a few extreme cases. This reverts parts of commit 3f181b4d8652 ("lib/Kconfig.debug: disable -Wframe-larger-than warnings with KASAN=y"). Two patches in linux-next should be merged first to avoid introducing warnings in an allmodconfig build: 3cd890dbe2a4 ("media: dvb-frontends: fix i2c access helpers for KASAN") 16c3ada89cff ("media: r820t: fix r820t_write_reg for KASAN") Do we really need to backport this? I think we do: without this patch, enabling KASAN will lead to unavoidable kernel stack overflow in certain device drivers when built with gcc-7 or higher on linux-4.10+ or any version that contains a backport of commit c5caf21ab0cf8. Most people are probably still on older compilers, but it will get worse over time as they upgrade their distros. The warnings we get on kernels older than this should all be for code that uses dangerously large stack frames, though most of them do not cause an actual stack overflow by themselves.The asan-stack option was added in linux-4.0, and commit 3f181b4d8652 ("lib/Kconfig.debug: disable -Wframe-larger-than warnings with KASAN=y") effectively turned off the warning for allmodconfig kernels, so I would like to see this fix backported to any kernels later than 4.0. I have done dozens of fixes for individual functions with stack frames larger than 2048 bytes with asan-stack, and I plan to make sure that all those fixes make it into the stable kernels as well (most are already there). Part of the complication here is that asan-stack (from 4.0) was originally assumed to always require much larger stacks, but that turned out to be a combination of multiple gcc bugs that we have now worked around and fixed, but sanitize-address-use-after-scope (from v4.10) has a much higher inherent stack usage and also suffers from at least three other problems that we have analyzed but not yet fixed upstream, each of them makes the stack usage more severe than it should be. Link: http://lkml.kernel.org/r/20171221134744.2295529-1-arnd@arndb.de Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Mauro Carvalho Chehab <mchehab@kernel.org> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Alexander Potapenko <glider@google.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Dmitry Vyukov
|
e35bdb81ad |
kasan: detect invalid frees
Detect frees of pointers into middle of heap objects. Change-Id: Ia3660c0ac4d4af89caa072d69fbc54cbcbcc3c19 Link: http://lkml.kernel.org/r/cb569193190356beb018a03bb8d6fbae67e7adbc.1514378558.git.dvyukov@google.com Signed-off-by: Dmitry Vyukov <dvyukov@google.com> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>a Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Git-commit: b1d5728939ebe01a773a75a72e7161408ec9805e Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org> |
||
|
Dmitry Vyukov
|
8ea798b106 |
kasan: detect invalid frees for large objects
Patch series "kasan: detect invalid frees". KASAN detects double-frees, but does not detect invalid-frees (when a pointer into a middle of heap object is passed to free). We recently had a very unpleasant case in crypto code which freed an inner object inside of a heap allocation. This left unnoticed during free, but totally corrupted heap and later lead to a bunch of random crashes all over kernel code. Detect invalid frees. This patch (of 5): Detect frees of pointers into middle of large heap objects. I dropped const from kasan_kfree_large() because it starts propagating through a bunch of functions in kasan_report.c, slab/slub nearest_obj(), all of their local variables, fixup_red_left(), etc. Change-Id: I37dbb7cf8b8ceeb594e537396222b29bef6a0eea Link: http://lkml.kernel.org/r/1b45b4fe1d20fc0de1329aab674c1dd973fee723.1514378558.git.dvyukov@google.com Signed-off-by: Dmitry Vyukov <dvyukov@google.com> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>a Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Git-commit: 47adccce3e8a31d315f47183ab1185862b2fc5d4 Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org> |
||
|
Linux Build Service Account
|
82eaa9584e | Merge "Merge remote-tracking branch 'remotes/origin/tmp-faeb94c' into msm-4.14" | ||
|
Linux Build Service Account
|
3b3f58815a | Merge "Merge remote-tracking branch 'remotes/origin/tmp-c3a2eda' into msm-4.14" | ||
Linux Build Service Account
|
c8dd3996fe | Merge "lib/ubsan: remove returns-nonnull-attribute checks" | ||
|
Linux Build Service Account
|
2ee8a3fa72 | Merge "lib/ubsan: add type mismatch handler for new GCC/Clang" | ||
|
Linux Build Service Account
|
03ad3d9351 | Merge "lib/ubsan.c: s/missaligned/misaligned/" |