mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
498 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Linus Torvalds
|
022773be03 |
dcache: Move the DCACHE_OP_COMPARE case out of the __d_lookup_rcu loop
__d_lookup_rcu() is one of the hottest functions in the kernel on certain loads, and it is complicated by filesystems that might want to have their own name compare function. We can improve code generation by moving the test of DCACHE_OP_COMPARE outside the loop, which makes the loop itself much simpler, at the cost of some code duplication. But both cases end up being simpler, and the "native" direct case-sensitive compare particularly so. Change-Id: Ib45cdc9d56c950f472cf2bea34330c18926ba925 Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Richard Raya <rdxzv.dev@gmail.com> |
||
Richard Raya
|
f15dbc5435 |
This is the 4.14.352 OpenELA-Extended LTS stable release
-----BEGIN PGP SIGNATURE----- iQJNBAABCAA3FiEERFwmR4yFob14UDOYC8702P6YulgFAmbMN2wZHHZlZ2FyZC5u b3NzdW1Ab3JhY2xlLmNvbQAKCRALzvTY/pi6WI/OD/0df1vNkreJiEgYmrzoT5rG FekNwYxJLpnN2cIk5qZv5SUSrZDfqPEMzhz4tuv0kVMv8gb+k8tXpBGr6rfZlYEw UoDAZzAN0Ns0JwxtPoIIJrjfD1a0xq8teSGhbphUDLA/fH/M66pTPtJrDjia/99E 0Ymhc+8pv77UljmaxjEoQ8a0hXoe/TxoxwJpUdklwhcXZ+u4+FwJfxxHd4webnGs XiC1rrq4fYOX5MaomrGhKQBFv/iQAM+U9VHn4m1yLqDXYXn3j7stOa8dPY5g6EJw kzPsure193EXj9Tp5Y+sC+aExLGfaO7MB+hlXR0El/cHboTFJshafVuIhHp93zlI 4NVExnDe3Xmrb7U4hCJd2L2z3Vgq8jSH0R1FwZqfZruOo+B1zG9/SIiM96pD5YR1 ugk2P9XAXEpDUoMv4XPCNlpMetT7HBdUWIJCZQDCTl1axiGWnqs1MpGVHfavoTLz CKuoluR/0vL5lVX7vrc1Pb6+7APaY0U9ehVDlMbumS2PmpkLsoaTbTLlJsnVBrmg fkN4sjja0mszL4f5zzPCZ/9G8opf63+LLiheUNdnB4yWn7VoK4+kH3v3dW3e2gzJ t5IYygJ8Ys8pCLAueuiRb3pce59HrEq8mFtoF+MXlLN4fVHFwKbTtJWiEvEl5x3E Ks8j03Ywad/Zcl5GiwnnEw== =AZG+ -----END PGP SIGNATURE----- Merge tag 'v4.14.352-openela' of https://github.com/openela/kernel-lts This is the 4.14.352 OpenELA-Extended LTS stable release * tag 'v4.14.352-openela' of https://github.com/openela/kernel-lts: (32 commits) LTS: Update to 4.14.352 filelock: Fix fcntl/close race recovery compat path jfs: don't walk off the end of ealist ocfs2: add bounds checking to ocfs2_check_dir_entry() net: relax socket state check at accept time. ACPI: processor_idle: Fix invalid comparison with insertion sort for latency ARM: 9324/1: fix get_user() broken with veneer filelock: Remove locks reliably when fcntl/close race is detected hfsplus: fix uninit-value in copy_name selftests/vDSO: fix clang build errors and warnings spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices fs: better handle deep ancestor chains in is_subdir() Bluetooth: hci_core: cancel all works upon hci_unregister_dev() net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() net: usb: qmi_wwan: add Telit FN912 compositions ALSA: dmaengine_pcm: terminate dmaengine before synchronize s390/sclp: Fix sclp_init() cleanup on failure Input: elantech - fix touchpad state on resume for Lenovo N24 wifi: cfg80211: wext: add extra SIOCSIWSCAN data check mei: demote client disconnect warning on suspend to debug ... Change-Id: I4cbdfa0321bf83d62ac62f386eb77d21c5785dec Signed-off-by: Richard Raya <rdxzv.dev@gmail.com> |
||
Christian Brauner
|
fe34d279af |
fs: better handle deep ancestor chains in is_subdir()
[ Upstream commit 391b59b045004d5b985d033263ccba3e941a7740 ] Jan reported that 'cd ..' may take a long time in deep directory hierarchies under a bind-mount. If concurrent renames happen it is possible to livelock in is_subdir() because it will keep retrying. Change is_subdir() from simply retrying over and over to retry once and then acquire the rename lock to handle deep ancestor chains better. The list of alternatives to this approach were less then pleasant. Change the scope of rcu lock to cover the whole walk while at it. A big thanks to Jan and Linus. Both Jan and Linus had proposed effectively the same thing just that one version ended up being slightly more elegant. Reported-by: Jan Kara <jack@suse.cz> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit a5c4645346b0efb5a10ed28ae281a9af29037608) Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> |
||
Sultan Alsawaf
|
403bf49c69 |
mm: Eliminate d_path_outlen() and further speed up show_map_vma()
d_path_outlen() isn't needed because we know that d_path() always populates the given buffer backwards starting from the last byte; with this, we can easily calculate the length of the generated string by using the returned pointer from d_path() and the size of the buffer given to d_path(). This eliminates the need for d_path_outlen() and removes the bizarre strlen() usage, which makes things simpler and faster. We also now avoid a memmove() when d_path() completely uses up its provided buffer. Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com> Change-Id: I3c8a961f4c6c98e51557ad0254b39575b716569b Signed-off-by: Richard Raya <rdxzv.dev@gmail.com> |
||
|
Sultan Alsawaf
|
a2a670c583 |
mm: Micro-optimize PID map reads for arm64 while retaining output format
Android and various applications in Android need to read PID map data in order to work. Some processes can contain over 10,000 mappings, which results in lots of time wasted on simply generating strings. This wasted time adds up, especially in the case of Unity-based games, which utilize the Boehm garbage collector. A game's main process typically has well over 10,000 mappings due to the loaded textures, and the Boehm GC reads PID maps several times a second. This results in over 100,000 map entries being printed out per second, so micro-optimization here is important. Before this commit, show_vma_header_prefix() would typically take around 1000 ns to run on a Snapdragon 855; now it only takes about 50 ns to run, which is a 20x improvement. The primary micro-optimizations here assume that there are no more than 40 bits in the virtual address space, hence the CONFIG_ARM64_VA_BITS check. Arm64 uses a virtual address size of 39 bits, so this perfectly covers it. This also removes padding used to beautify PID map output to further speed up reads and reduce the amount of bytes printed, and optimizes the dentry path retrieval for file-backed mappings. Note, however, that the trailing space at the end of the line for non-file-backed mappings cannot be omitted, as it breaks some PID map parsers. This still retains insignificant leading zeros from printed hex values to maintain the current output format. Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com> Change-Id: Ia703df17eaec24c045f1bb23f88d2f1d092d33c6 Signed-off-by: Richard Raya <rdxzv.dev@gmail.com> |
||
|
Richard Raya
|
fec6892d1c |
mm: Revert PID optimizations
Change-Id: I61da569fb17d5a5ac5e814bcbeed8013c6e5a7a2 Signed-off-by: Richard Raya <rdxzv.dev@gmail.com> |
||
|
Richard Raya
|
a9e2d194be |
Merge branch 'linux-4.14.y' of https://github.com/openela/kernel-lts
* 'linux-4.14.y' of https://github.com/openela/kernel-lts: (350 commits) LTS: Update to 4.14.340 fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() PCI/MSI: Prevent MSI hardware interrupt number truncation s390: use the correct count for __iowrite64_copy() packet: move from strlcpy with unused retval to strscpy ipv6: sr: fix possible use-after-free and null-ptr-deref nouveau: fix function cast warnings scsi: jazz_esp: Only build if SCSI core is builtin RDMA/srpt: fix function pointer cast warnings RDMA/srpt: Support specifying the srpt_service_guid parameter IB/hfi1: Fix a memleak in init_credit_return usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs l2tp: pass correct message length to ip6_append_data gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() dm-crypt: don't modify the data when using authenticated encryption mm: memcontrol: switch to rcu protection in drain_all_stock() s390/qeth: Fix potential loss of L3-IP@ in case of network issues virtio-blk: Ensure no requests in virtqueues before deleting vqs. firewire: core: send bus reset promptly on gap count error ... Change-Id: Ieafdd459ee41343bf15ed781b3e45adc2be29cc1 Signed-off-by: Richard Raya <rdxzv.dev@gmail.com> |
||
Al Viro
|
658d3409ac |
fast_dput(): handle underflows gracefully
[ Upstream commit 504e08cebe1d4e1efe25f915234f646e74a364a8 ]
If refcount is less than 1, we should just warn, unlock dentry and
return true, so that the caller doesn't try to do anything else.
Taking care of that leaves the rest of "lockref_put_return() has
failed" case equivalent to "decrement refcount and rejoin the
normal slow path after the point where we grab ->d_lock".
NOTE: lockref_put_return() is strictly a fastpath thing - unlike
the rest of lockref primitives, it does not contain a fallback.
Caller (and it looks like fast_dput() is the only legitimate one
in the entire kernel) has to do that itself. Reasons for
lockref_put_return() failures:
* ->d_lock held by somebody
* refcount <= 0
* ... or an architecture not supporting lockref use of
cmpxchg - sparc, anything non-SMP, config with spinlock debugging...
We could add a fallback, but it would be a clumsy API - we'd have
to distinguish between:
(1) refcount > 1 - decremented, lock not held on return
(2) refcount < 1 - left alone, probably no sense to hold the lock
(3) refcount is 1, no cmphxcg - decremented, lock held on return
(4) refcount is 1, cmphxcg supported - decremented, lock *NOT* held
on return.
We want to return with no lock held in case (4); that's the whole point of that
thing. We very much do not want to have the fallback in case (3) return without
a lock, since the caller might have to retake it in that case.
So it wouldn't be more convenient than doing the fallback in the caller and
it would be very easy to screw up, especially since the test coverage would
suck - no way to test (3) and (4) on the same kernel build.
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit fabeeafdab5e1239e794b8ce72df02503d0ced83)
[vegard: fix trivial conflict due to missing commit
7964410fcf135d7e76deef4e475816ec02482f7b ("fs: dcache: Use true and
false for boolean values")]
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
|
||
|
Sultan Alsawaf
|
229b6a0378
|
mm: Micro-optimize PID map reads for arm64 while retaining output format
Android and various applications in Android need to read PID map data in order to work. Some processes can contain over 10,000 mappings, which results in lots of time wasted on simply generating strings. This wasted time adds up, especially in the case of Unity-based games, which utilize the Boehm garbage collector. A game's main process typically has well over 10,000 mappings due to the loaded textures, and the Boehm GC reads PID maps several times a second. This results in over 100,000 map entries being printed out per second, so micro-optimization here is important. Before this commit, show_vma_header_prefix() would typically take around 1000 ns to run on a Snapdragon 855; now it only takes about 50 ns to run, which is a 20x improvement. The primary micro-optimizations here assume that there are no more than 40 bits in the virtual address space, hence the CONFIG_ARM64_VA_BITS check. Arm64 uses a virtual address size of 39 bits, so this perfectly covers it. This also removes padding used to beautify PID map output to further speed up reads and reduce the amount of bytes printed, and optimizes the dentry path retrieval for file-backed mappings. Note, however, that the trailing space at the end of the line for non-file-backed mappings cannot be omitted, as it breaks some PID map parsers. This still retains insignificant leading zeros from printed hex values to maintain the current output format. Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com> Signed-off-by: azrim <mirzaspc@gmail.com> |
||
Vlastimil Babka
|
5bd16ffb96 |
UPSTREAM: dcache: allocate external names from reclaimable kmalloc caches
We can use the newly introduced kmalloc-reclaimable-X caches, to allocate
external names in dcache, which will take care of the proper accounting
automatically, and also improve anti-fragmentation page grouping.
This effectively reverts commit f1782c9bc547 ("dcache: account external
names as indirectly reclaimable memory") and instead passes
__GFP_RECLAIMABLE to kmalloc(). The accounting thus moves from
NR_INDIRECTLY_RECLAIMABLE_BYTES to NR_SLAB_RECLAIMABLE, which is also
considered in MemAvailable calculation and overcommit decisions.
Link: http://lkml.kernel.org/r/20180731090649.16028-4-vbabka@suse.cz
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Acked-by: Roman Gushchin <guro@fb.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Laura Abbott <labbott@redhat.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Cc: Vijayanand Jitta <vjitta@codeaurora.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit 2e03b4bc4ae84fcc0eee00e5ba5d228901d38809)
Bug: 138148041
Test: verify KReclaimable accounting after ION allocation+deallocation
Change-Id: Ib395c861580501c754835736bfc03464d26b9aeb
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
|
||
Jaegeuk Kim
|
2ea8815046 |
Merge remote-tracking branch 'origin/upstream-f2fs-stable-linux-4.14.y' into android-4.14
* origin/upstream-f2fs-stable-linux-4.14.y: f2fs: use EINVAL for superblock with invalid magic f2fs: fix to read source block before invalidating it f2fs: remove redundant check from f2fs_setflags_common() f2fs: use generic checking function for FS_IOC_FSSETXATTR f2fs: use generic checking and prep function for FS_IOC_SETFLAGS ubifs, fscrypt: cache decrypted symlink target in ->i_link vfs: use READ_ONCE() to access ->i_link fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory fscrypt: cache decrypted symlink target in ->i_link fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext fscrypt: only set dentry_operations on ciphertext dentries fscrypt: fix race allowing rename() and link() of ciphertext dentries fscrypt: clean up and improve dentry revalidation fscrypt: use READ_ONCE() to access ->i_crypt_info fscrypt: remove WARN_ON_ONCE() when decryption fails fscrypt: drop inode argument from fscrypt_get_ctx() f2fs: improve print log in f2fs_sanity_check_ckpt() f2fs: avoid out-of-range memory access f2fs: fix to avoid long latency during umount f2fs: allow all the users to pin a file f2fs: support swap file w/ DIO f2fs: allocate blocks for pinned file f2fs: fix is_idle() check for discard type f2fs: add a rw_sem to cover quota flag changes f2fs: set SBI_NEED_FSCK for xattr corruption case f2fs: use generic EFSBADCRC/EFSCORRUPTED f2fs: Use DIV_ROUND_UP() instead of open-coding f2fs: print kernel message if filesystem is inconsistent f2fs: introduce f2fs_<level> macros to wrap f2fs_printk() f2fs: avoid get_valid_blocks() for cleanup f2fs: ioctl for removing a range from F2FS f2fs: only set project inherit bit for directory f2fs: separate f2fs i_flags from fs_flags and ext4 i_flags f2fs: Add option to limit required GC for checkpoint=disable f2fs: Fix accounting for unusable blocks f2fs: Fix root reserved on remount f2fs: Lower threshold for disable_cp_again f2fs: fix sparse warning f2fs: fix f2fs_show_options to show nodiscard mount option f2fs: add error prints for debugging mount failure f2fs: fix to do sanity check on segment bitmap of LFS curseg f2fs: add missing sysfs entries in documentation f2fs: fix to avoid deadloop if data_flush is on f2fs: always assume that the device is idle under gc_urgent f2fs: add bio cache for IPU f2fs: allow ssr block allocation during checkpoint=disable period f2fs: fix to check layout on last valid checkpoint park Change-Id: I765f6ed215533097c63d1207a7d60ce7fc4a7269 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com> |
||
Eric Biggers
|
8d4184593a |
fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory
Make __d_move() clear DCACHE_ENCRYPTED_NAME on the source dentry. This
is needed for when d_splice_alias() moves a directory's encrypted alias
to its decrypted alias as a result of the encryption key being added.
Otherwise, the decrypted alias will incorrectly be invalidated on the
next lookup, causing problems such as unmounting a mount the user just
mount()ed there.
Note that we don't have to support arbitrary moves of this flag because
fscrypt doesn't allow dentries with DCACHE_ENCRYPTED_NAME to be the
source or target of a rename().
Fixes: 28b4c263961c ("ext4 crypto: revalidate dentry after adding or removing the key")
Reported-by: Sarthak Kukreti <sarthakkukreti@chromium.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||
Andrey Ryabinin
|
5b2e1e02f6 |
BACKPORT: fs: dcache: Revert "manually unpoison dname after allocation to shut up kasan's reports"
Upstream commit babcbbc7c4e2fa7fa76417ece7c57083bee971f1. This reverts commit df4c0e36f1b1782b0611a77c52cc240e5c4752dd. It's no longer needed since dentry_string_cmp() now uses read_word_at_a_time() to avoid kasan's reports. Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Change-Id: I923fa1cdd8aa1910e37fe95254c9da3ff16cba15 Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Bug: 128674696 |
||
|
Andrey Ryabinin
|
8c76c81b61 |
UPSTREAM: fs/dcache: Use read_word_at_a_time() in dentry_string_cmp()
Upstream commit bfe7aa6c39b12a6ab1e95f50271c53e47d6dd060.
dentry_string_cmp() performs the word-at-a-time reads from 'cs' and may
read slightly more than it was requested in kmallac(). Normally this
would make KASAN to report out-of-bounds access, but this was
workarounded by commit df4c0e36f1b1 ("fs: dcache: manually unpoison
dname after allocation to shut up kasan's reports").
This workaround is not perfect, since it allows out-of-bounds access to
dentry's name for all the code, not just in dentry_string_cmp().
So it would be better to use read_word_at_a_time() instead and revert
commit df4c0e36f1b1.
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Change-Id: Iddbf21aa8db1bd68b0012ddf12ef8ee4b465bce3
Bug: 128674696
|
||
Greg Kroah-Hartman
|
16edd85b60 |
This is the 4.14.98 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxbC+kACgkQONu9yGCS aT42nw/+JRU1ek6PaT+4Pzr9HDac3qQP9pQ4WG80X1ZqYdQYGcDkhmoQcHqaXCDe 089OjoPlPToEdjpQhqfmN5i/TNLag4TuZLN6T3LpORWQWEfgnKt3TboSB/MWzCwr g9qVBEi9xVPU/no/I8M+XshE3v994wf5dhgEFiSxR5kDMwgbq6EdIWQeJZ2OdJg1 x8LRQwqkcvnVns1khKOGweCQAL5GdeXbz+BxNaPs+g1R7li8GUS+UL16yEWvPpMq +emae6MqKcoyr3leV+dMd1RY+ICJjCPr1RJJlr3M3KYDU5OEfnaih2MxBT1optoI iABQFs8MNnU/zKt8k2CwMJuXdW6+OnVQq2+gC8ye6aQAQ0dWureyy8zj06vidI7a eIGDiLGudW8sUtyQOdGko7j9AHmxaTcNPby0voJuj3lJgguThaW+BlIhOct6wBz4 6Em8jnQuaYqA9BG6UChHkf7o8vpfu4r4tI/IY07h7HN4r3HWZJy8F6NszTg531KK YWEiq6vV+hYHB2t21EEIWy8Ew1sZWo2Nt3Xayk8en23VENaXv7DGxmpQ30Rg6h07 iA1ewCDcps20LlHbROAR73EBF4047R57X1E4TQLyhVncgyPVLvntDodhJSfKe3Ve UEC+wSWU/eKM11DF/gOjslN/s/JM3EeVmnIeolSkCvRqtIysGFs= =kskL -----END PGP SIGNATURE----- Merge 4.14.98 into android-4.14 Changes in 4.14.98 Fix "net: ipv4: do not handle duplicate fragments as overlapping" ipv6: Consider sk_bound_dev_if when binding a socket to an address ipv6: sr: clear IP6CB(skb) on SRH ip4ip6 encapsulation l2tp: copy 4 more bytes to linear part if necessary net/mlx4_core: Add masking for a few queries on HCA caps netrom: switch to sock timer API net/rose: fix NULL ax25_cb kernel panic net: set default network namespace in init_dummy_netdev() ucc_geth: Reset BQL queue when stopping device net/mlx5e: Allow MAC invalidation while spoofchk is ON Revert "net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager" virtio_net: Don't enable NAPI when interface is down virtio_net: Don't call free_old_xmit_skbs for xdp_frames virtio_net: Fix not restoring real_num_rx_queues sctp: improve the events for sctp stream adding sctp: improve the events for sctp stream reset l2tp: remove l2specific_len dependency in l2tp_core l2tp: fix reading optional fields of L2TPv3 ipvlan, l3mdev: fix broken l3s mode wrt local routes CIFS: Do not count -ENODATA as failure for query directory fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() selftests/seccomp: Enhance per-arch ptrace syscall skip tests NFS: Fix up return value on fatal errors in nfs_page_async_flush() ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment arm64: kaslr: ensure randomized quantities are clean also when kaslr is off arm64: hyp-stub: Forbid kprobing of the hyp-stub arm64: hibernate: Clean the __hyp_text to PoC after resume gpio: altera-a10sr: Set proper output level for direction_output gpio: pcf857x: Fix interrupts on multiple instances gfs2: Revert "Fix loop in gfs2_rbm_find" mmc: bcm2835: Fix DMA channel leak on probe error ALSA: hda/realtek - Fixed hp_pin no value IB/hfi1: Remove overly conservative VM_EXEC flag check platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes mmc: sdhci-iproc: handle mmc_of_parse() errors during probe kernel/exit.c: release ptraced tasks before zap_pid_ns_processes oom, oom_reaper: do not enqueue same task twice mm, oom: fix use-after-free in oom_kill_process mm: hwpoison: use do_send_sig_info() instead of force_sig() mm: migrate: don't rely on __PageMovable() of newpage after unlocking it md/raid5: fix 'out of memory' during raid cache recovery cifs: Always resolve hostname before reconnecting drivers: core: Remove glue dirs from sysfs earlier fanotify: fix handling of events on child sub-directory Linux 4.14.98 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Waiman Long
|
b30b0fdaae |
fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb()
commit 1dbd449c9943e3145148cc893c2461b72ba6fef0 upstream.
The nr_dentry_unused per-cpu counter tracks dentries in both the LRU
lists and the shrink lists where the DCACHE_LRU_LIST bit is set.
The shrink_dcache_sb() function moves dentries from the LRU list to a
shrink list and subtracts the dentry count from nr_dentry_unused. This
is incorrect as the nr_dentry_unused count will also be decremented in
shrink_dentry_list() via d_shrink_del().
To fix this double decrement, the decrement in the shrink_dcache_sb()
function is taken out.
Fixes: 4e717f5c1083 ("list_lru: remove special case function list_lru_dispose_all."
Cc: stable@kernel.org
Signed-off-by: Waiman Long <longman@redhat.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
0ff0788d6a |
This is the 4.14.77 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlvIM0wACgkQONu9yGCS aT5bkRAAqvQaEuy5Cm0BNrn5/f3SIo5H9NcEipxNX8/5KMG2FKT982VkxW5NFDBa AiHuzSUSAwufpBJai5TS0VhyjzkhYucoKsmgiIC+Or5rGZGWIkf6yw9LJXwEs3Jl xtuhCjs23CqlBjivPFMmFeDN74eIoPcLxjagLjjvSPEusYM8MNXedf87MUd1CNa3 E07k/8CpD8RiDgQBi8ehjL19TSD4OhhhdPzQqEx1nGLsyiBrv4KsfOSOslZPUw0m Wv5X5JJnyk0+nUhtq2KJwkgTqz54IMJzmGvaMPGLrZq2ArwT6ac3Ru3rMYZaDido TTy4f3mHb25upZHJ2QjCeuKxFpQMJfvkObj/rB4fOQSu/7MERiKK4jINWRL/g1h8 g5tKOf16uR7c3ItjXHnracoc3hKSEr4KguvoLit+CQAslcaXSnyxdKmRuEy9Akar 5nK6GsbxzHnT55ZsgxYMaCIfy4J9K2E61qoggJ+Dif8Cm97CGMkzb2mxygvKLXiV ROQ8DWyDvOqUerYBVu06aRfXNZWsBPzyZFsgKUYTKzYelY0AaiFe69D19NazfTGC XiFWhSgTlgzhBgtTJByrcGAUBelORfQP+nzB2rtZ3qfacGaJUskRpZn/Ii96a2Cb RBVyxs5oarmsdhSqn/0rTXsnOGsz3kIfQFl/AlbzmeRzhD+rbxE= =Z+mk -----END PGP SIGNATURE----- Merge 4.14.77 into android-4.14 Changes in 4.14.77 bnxt_en: Fix TX timeout during netpoll. bnxt_en: free hwrm resources, if driver probe fails. bonding: avoid possible dead-lock ip6_tunnel: be careful when accessing the inner header ip_tunnel: be careful when accessing the inner header ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() ipv6: take rcu lock in rawv6_send_hdrinc() net: dsa: bcm_sf2: Call setup during switch resume net: hns: fix for unmapping problem when SMMU is on net: ipv4: update fnhe_pmtu when first hop's MTU changes net/ipv6: Display all addresses in output of /proc/net/if_inet6 netlabel: check for IPV4MASK in addrinfo_get net: mvpp2: Extract the correct ethtype from the skb for tx csum offload net: mvpp2: fix a txq_done race condition net: sched: Add policy validation for tc attributes net: systemport: Fix wake-up interrupt race during resume net/usb: cancel pending work when unbinding smsc75xx qlcnic: fix Tx descriptor corruption on 82xx devices qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface rtnetlink: fix rtnl_fdb_dump() for ndmsg header rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 sctp: update dst pmtu with the correct daddr team: Forbid enslaving team device to itself tipc: fix flow control accounting for implicit connect udp: Unbreak modules that rely on external __skb_recv_udp() availability net: stmmac: Fixup the tail addr setting in xmit path net/packet: fix packet drop as of virtio gso net: dsa: bcm_sf2: Fix unbind ordering net/mlx5e: Set vlan masks for all offloaded TC rules net: aquantia: memory corruption on jumbo frames net/mlx5: E-Switch, Fix out of bound access when setting vport rate bonding: pass link-local packets to bonding master also. bonding: fix warning message nfp: avoid soft lockups under control message storm bnxt_en: don't try to offload VLAN 'modify' action net-ethtool: ETHTOOL_GUFO did not and should not require CAP_NET_ADMIN tcp/dccp: fix lockdep issue when SYN is backlogged inet: make sure to grab rcu_read_lock before using ireq->ireq_opt ASoC: rt5514: Fix the issue of the delay volume applied again ASoC: wm8804: Add ACPI support ASoC: sigmadsp: safeload should not have lower byte limit selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs ASoC: rsnd: adg: care clock-frequency size ASoC: rsnd: don't fallback to PIO mode when -EPROBE_DEFER Bluetooth: hci_ldisc: Free rw_semaphore on close mfd: omap-usb-host: Fix dts probe of children scsi: iscsi: target: Don't use stack buffer for scatterlist scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() sound: enable interrupt after dma buffer initialization sound: don't call skl_init_chip() to reset intel skl soc hv_netvsc: fix schedule in RCU context stmmac: fix valid numbers of unicast filter entries net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 PCI: hv: support reporting serial number as slot information clk: x86: add "ether_clk" alias for Bay Trail / Cherry Trail clk: x86: Stop marking clocks as CLK_IS_CRITICAL x86/kvm/lapic: always disable MMIO interface in x2APIC mode drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 mm/vmstat.c: fix outdated vmstat_text MIPS: VDSO: Always map near top of user memory mach64: detect the dot clock divider correctly on sparc percpu: stop leaking bitmap metadata blocks perf script python: Fix export-to-postgresql.py occasional failure perf script python: Fix export-to-sqlite.py sample columns s390/cio: Fix how vfio-ccw checks pinned pages dm cache: destroy migration_cache if cache target registration failed dm: fix report zone remapping to account for partition offset dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled dm linear: fix linear_end_io conditional definition cgroup: Fix dom_cgrp propagation when enabling threaded mode mmc: block: avoid multiblock reads for the last sector in SPI mode pinctrl: mcp23s08: fix irq and irqchip setup order arm64: perf: Reject stand-alone CHAIN events for PMUv3 mm/thp: fix call to mmu_notifier in set_pmd_migration_entry() v2 mm: Preserve _PAGE_DEVMAP across mprotect() calls i2c: i2c-scmi: fix for i2c_smbus_write_block_data xhci: Don't print a warning when setting link state for disabled ports mm: introduce NR_INDIRECTLY_RECLAIMABLE_BYTES mm: treat indirectly reclaimable memory as available in MemAvailable dcache: account external names as indirectly reclaimable memory mm: treat indirectly reclaimable memory as free in overcommit logic mm: don't show nr_indirectly_reclaimable in /proc/vmstat ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs ARM: bugs: prepare processor bug infrastructure ARM: bugs: hook processor bug checking into SMP and suspend paths ARM: bugs: add support for per-processor bug checking ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre ARM: spectre-v2: harden branch predictor on context switches ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit ARM: spectre-v2: harden user aborts in kernel space ARM: spectre-v2: add firmware based hardening ARM: spectre-v2: warn about incorrect context switching functions ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 ARM: KVM: invalidate icache on guest exit for Cortex-A15 ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1 ARM: spectre-v1: add speculation barrier (csdb) macros ARM: spectre-v1: add array_index_mask_nospec() implementation ARM: spectre-v1: fix syscall entry ARM: signal: copy registers using __copy_from_user() ARM: vfp: use __copy_from_user() when restoring VFP state ARM: oabi-compat: copy semops using __copy_from_user() ARM: use __inttype() in get_user() ARM: spectre-v1: use get_user() for __get_user() ARM: spectre-v1: mitigate user accesses perf tools: Fix snprint warnings for gcc 8 Linux 4.14.77 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Roman Gushchin
|
6d7942377c |
dcache: account external names as indirectly reclaimable memory
commit f1782c9bc547754f4bd3043fe8cfda53db85f13f upstream.
I received a report about suspicious growth of unreclaimable slabs on
some machines. I've found that it happens on machines with low memory
pressure, and these unreclaimable slabs are external names attached to
dentries.
External names are allocated using generic kmalloc() function, so they
are accounted as unreclaimable. But they are held by dentries, which
are reclaimable, and they will be reclaimed under the memory pressure.
In particular, this breaks MemAvailable calculation, as it doesn't take
unreclaimable slabs into account. This leads to a silly situation, when
a machine is almost idle, has no memory pressure and therefore has a big
dentry cache. And the resulting MemAvailable is too low to start a new
workload.
To address the issue, the NR_INDIRECTLY_RECLAIMABLE_BYTES counter is
used to track the amount of memory, consumed by external names. The
counter is increased in the dentry allocation path, if an external name
structure is allocated; and it's decreased in the dentry freeing path.
To reproduce the problem I've used the following Python script:
import os
for iter in range (0, 10000000):
try:
name = ("/some_long_name_%d" % iter) + "_" * 220
os.stat(name)
except Exception:
pass
Without this patch:
$ cat /proc/meminfo | grep MemAvailable
MemAvailable: 7811688 kB
$ python indirect.py
$ cat /proc/meminfo | grep MemAvailable
MemAvailable: 2753052 kB
With the patch:
$ cat /proc/meminfo | grep MemAvailable
MemAvailable: 7809516 kB
$ python indirect.py
$ cat /proc/meminfo | grep MemAvailable
MemAvailable: 7749144 kB
[guro@fb.com: fix indirectly reclaimable memory accounting for CONFIG_SLOB]
Link: http://lkml.kernel.org/r/20180312194140.19517-1-guro@fb.com
[guro@fb.com: fix indirectly reclaimable memory accounting]
Link: http://lkml.kernel.org/r/20180313125701.7955-1-guro@fb.com
Link: http://lkml.kernel.org/r/20180305133743.12746-5-guro@fb.com
Signed-off-by: Roman Gushchin <guro@fb.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Mel Gorman <mgorman@techsingularity.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
f8223ece3a |
This is the 4.14.70 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlucuKEACgkQONu9yGCS aT7nVw/+LAUm8xUhcFT2d8wLDhXxjtUN0lwzu9DPk6U4Dp1VGvdLpqcWx7XSD3Wo fzvn8XOjDCEmorrCSrAfcYGJpBucra0Wil2XhqXSxcdEBLe+Xc93WKkHJTnRIgYe K2gZG1N45b+F9/exTrxKEfVyrEKXjYX2wY3mgwVmVvaLZCQlf7qqB6pePrdxblvK WYhWZBWByOXXCgNpgBRvz9KcZUfQtaFszVBUsBQCJyTP0CX6sUPQpDyl7HXKlr3E vohdUHMKkGaMc57equyo8QZHTPWYZ5pfb1yu0AR+bE96SLTOrhlsfR/4u4yZRARa PlvDn67tJjt0TSqOnzoYLaJsl7bU9uYAS6LfV3eGz6UDXBuNOWJhifoovMDnycy/ Zj/aJ5icVJAJGUKxQk4V9TbG8VNQTOJDbGN4v7m213D7NXBoaT744oiiR2pCxfRV pkS5ZUXu5H/+yr7ixtn3kIkKnPew+mt+rOlei/XT2s+mqHwH+0a9NT7fbRxXloGN +V9FSUbvQBiJ+xKfscS7WRXDoctdSbcm/n/gLkUVsH/C/rc5Cor54dQ3iXgkb/JR atFgX2N2/m0X4vh0qC6+bZYUu9PSegQzEwiLNzMqA23weJuqPwlUrr/w7xSxwgPD kPMI+mMtR1gDpHlEmsLlXboO95xZh4Xp2AyWsSp465pT7UxwSkI= =dm6d -----END PGP SIGNATURE----- Merge 4.14.70 into android-4.14 Changes in 4.14.70 act_ife: fix a potential use-after-free ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state net: bcmgenet: use MAC link status for fixed phy net: macb: do not disable MDIO bus at open/close time net: sched: Fix memory exposure from short TCA_U32_SEL qlge: Fix netdev features configuration. r8169: add support for NCube 8168 network card tcp: do not restart timewait timer on rst reception vti6: remove !skb->ignore_df check from vti6_xmit() net/sched: act_pedit: fix dump of extended layered op tipc: fix a missing rhashtable_walk_exit() nfp: wait for posted reconfigs when disabling the device sctp: hold transport before accessing its asoc in sctp_transport_get_next mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge vhost: correctly check the iova range when waking virtqueue hv_netvsc: ignore devices that are not PCI hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() act_ife: move tcfa_lock down to where necessary act_ife: fix a potential deadlock net: sched: action_ife: take reference to meta module cifs: check if SMB2 PDU size has been padded and suppress the warning hfsplus: don't return 0 when fill_super() failed hfs: prevent crash on exit from failed search sunrpc: Don't use stack buffer with scatterlist fork: don't copy inconsistent signal handler state to child reiserfs: change j_timestamp type to time64_t hfsplus: fix NULL dereference in hfsplus_lookup() fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries fat: validate ->i_start before using scripts: modpost: check memory allocation results virtio: pci-legacy: Validate queue pfn x86/mce: Add notifier_block forward declaration IB/hfi1: Invalid NUMA node information can cause a divide by zero pwm: meson: Fix mux clock names mm/fadvise.c: fix signed overflow UBSAN complaint fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() platform/x86: intel_punit_ipc: fix build errors netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses s390/kdump: Fix memleak in nt_vmcoreinfo ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() mfd: sm501: Set coherent_dma_mask when creating subdevices platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 netfilter: fix memory leaks on netlink_dump_start error tcp, ulp: add alias for all ulp modules RDMA/hns: Fix usage of bitmap allocation functions return values net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero net: hns3: Fix for phy link issue when using marvell phy driver perf tools: Check for null when copying nsinfo. irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP net/9p/trans_fd.c: fix race by holding the lock net/9p: fix error path of p9_virtio_probe f2fs: fix to clear PG_checked flag in set_page_dirty() powerpc/uaccess: Enable get_user(u64, *p) on 32-bit powerpc: Fix size calculation using resource_size() perf probe powerpc: Fix trace event post-processing block: bvec_nr_vecs() returns value for wrong slab s390/dasd: fix hanging offline processing due to canceled worker s390/dasd: fix panic for failed online processing ACPI / scan: Initialize status to ACPI_STA_DEFAULT scsi: aic94xx: fix an error code in aic94xx_init() NFSv4: Fix error handling in nfs4_sp4_select_mode() Input: do not use WARN() in input_alloc_absinfo() xen/balloon: fix balloon initialization for PVH Dom0 PCI: mvebu: Fix I/O space end address calculation dm kcopyd: avoid softlockup in run_complete_job staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice ASoC: rt5677: Fix initialization of rt5677_of_match.data iommu/omap: Fix cache flushes on L2 table entries selftests/powerpc: Kill child processes on SIGINT RDS: IB: fix 'passing zero to ERR_PTR()' warning cfq: Suppress compiler warnings about comparisons smb3: fix reset of bytes read and written stats SMB3: Number of requests sent should be displayed for SMB3 not just CIFS powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning powerpc/64s: Make rfi_flush_fallback a little more robust powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 KVM: vmx: track host_state.loaded using a loaded_vmcs pointer kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 btrfs: Exit gracefully when chunk map cannot be inserted to the tree btrfs: replace: Reset on-disk dev stats value after replace btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized btrfs: Don't remove block group that still has pinned down bytes arm64: rockchip: Force CONFIG_PM on Rockchip systems ARM: rockchip: Force CONFIG_PM on Rockchip systems drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks" drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode drm/amd/pp/Polaris12: Fix a chunk of registers missed to program drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 drm/amdgpu: update tmr mc address drm/amdgpu:add tmr mc address into amdgpu_firmware_info drm/amdgpu:add new firmware id for VCN drm/amdgpu:add VCN support in PSP driver drm/amdgpu:add VCN booting with firmware loaded by PSP uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name debugobjects: Make stack check warning more informative sched/deadline: Fix switching to -deadline lightnvm: pblk: free padded entries in write buffer mm: Fix devm_memremap_pages() collision handling HID: add quirk for another PIXART OEM mouse used by HP usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear x86/xen: don't write ptes directly in 32-bit PV guests drm/i915: Increase LSPCON timeout kbuild: make missing $DEPMOD a Warning instead of an Error s390/lib: use expoline for all bcr instructions irda: Fix memory leak caused by repeated binds of irda socket irda: Only insert new objects into the global database via setsockopt Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" kvm: x86: Set highest physical address bits in non-present/reserved SPTEs x86: kvm: avoid unused variable warning arm64: cpu_errata: include required headers ASoC: wm8994: Fix missing break in switch arm64: Fix mismatched cache line size detection arm64: Handle mismatched cache type Linux 4.14.70 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Tetsuo Handa
|
e20c4abf91 |
fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
[ Upstream commit 6cd00a01f0c1ae6a852b09c59b8dd55cc6c35d1d ]
Since only dentry->d_name.len + 1 bytes out of DNAME_INLINE_LEN bytes
are initialized at __d_alloc(), we can't copy the whole size
unconditionally.
WARNING: kmemcheck: Caught 32-bit read from uninitialized memory (ffff8fa27465ac50)
636f6e66696766732e746d70000000000010000000000000020000000188ffff
i i i i i i i i i i i i i u u u u u u u u u u i i i i i u u u u
^
RIP: 0010:take_dentry_name_snapshot+0x28/0x50
RSP: 0018:ffffa83000f5bdf8 EFLAGS: 00010246
RAX: 0000000000000020 RBX: ffff8fa274b20550 RCX: 0000000000000002
RDX: ffffa83000f5be40 RSI: ffff8fa27465ac50 RDI: ffffa83000f5be60
RBP: ffffa83000f5bdf8 R08: ffffa83000f5be48 R09: 0000000000000001
R10: ffff8fa27465ac00 R11: ffff8fa27465acc0 R12: ffff8fa27465ac00
R13: ffff8fa27465acc0 R14: 0000000000000000 R15: 0000000000000000
FS: 00007f79737ac8c0(0000) GS:ffffffff8fc30000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8fa274c0b000 CR3: 0000000134aa7002 CR4: 00000000000606f0
take_dentry_name_snapshot+0x28/0x50
vfs_rename+0x128/0x870
SyS_rename+0x3b2/0x3d0
entry_SYSCALL_64_fastpath+0x1a/0xa4
0xffffffffffffffff
Link: http://lkml.kernel.org/r/201709131912.GBG39012.QMJLOVFSFFOOtH@I-love.SAKURA.ne.jp
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Vegard Nossum <vegard.nossum@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
1f648790fe |
This is the 4.14.63 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlt0UQ4ACgkQONu9yGCS aT48UBAAgRuM+14lp73NW+p9rX8VAupzk1k9QLP7/naWg6mIppVT2/NOEqMfLPYP xsLrkVdvMMlrTmf/LpNE4BEaE0YBD/CT/yK1NTrfLjhVoNIKhK9MEoAVyS7c3YlW OW+/jTuTyQ1BD3RkRXFquXVCnj4aDN+nWq4j7PIsvluNYiyqk7S8RzgUkunrRZTP ZU0EAi/cGcOYQ/iyPyKJLGyGgK8XmcjloSG75512D8SAoDymJIhvreqxFtcx9EVx Awe88RoeZos8/xuorlo+/vjKShnmesgPV2S+Nb1ih2Y3XCktXjASDBvaRX8kMsVh 3F08OKir8ikUZx6lGnJluIDVNVXjXI6f823h8T7D/8r42r9k6EFHTWPU89dFFMda FUyLMf6Oy4TbUSxxKgNxLomaRASaXLP/kSPamAm4KLFvSOmFk6UgOAa1GsB1Q3ad 6yE9KkDcyGxLu9p6NU6+5HgP42dbP5So3gOcLOgfRqR3+dallUqiZlmhbQkwZ1Wm kwDKyDAgbKCGnL7WEoZuSS542h1V9UXYMLWzw04zFaMIjF76H8ee9zBv8Y3ac/ms sM2hW6g7mfww7nvc1FPRQRDvkgfS4EE0DUzq72U0WKcK6v7ZRHUsmBQopxNVS7A4 74HYcin2b5VQw3O3aKy0h3sqKnkE/WzA+XkFo4ExNwfiCzYZeQI= =LXnx -----END PGP SIGNATURE----- Merge 4.14.63 into android-4.14 Changes in 4.14.63 parisc: Enable CONFIG_MLONGCALLS by default parisc: Define mb() and add memory barriers to assembler unlock sequences scsi: hpsa: fix selection of reply queue scsi: core: introduce force_blk_mq scsi: virtio_scsi: fix IO hang caused by automatic irq vector affinity kasan: add no_sanitize attribute for clang builds Mark HI and TASKLET softirq synchronous stop_machine: Disable preemption after queueing stopper threads xen/netfront: don't cache skb_shinfo() scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled scsi: qla2xxx: Fix memory leak for allocating abort IOCB init: rename and re-order boot_cpu_state_init() root dentries need RCU-delayed freeing make sure that __dentry_kill() always invalidates d_seq, unhashed or not fix mntput/mntput race fix __legitimize_mnt()/mntput() race mtd: nand: qcom: Add a NULL check for devm_kasprintf() phy: phy-mtk-tphy: use auto instead of force to bypass utmi signals Bluetooth: hci_ldisc: Allow sleeping while proto locks are held. Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops ARM: dts: imx6sx: fix irq for pcie bridge x86/paravirt: Fix spectre-v2 mitigations for paravirt guests x86/speculation: Protect against userspace-userspace spectreRSB kprobes/x86: Fix %p uses in error messages x86/irqflags: Provide a declaration for native_save_fl x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT x86/speculation/l1tf: Change order of offset/type in swap entry x86/speculation/l1tf: Protect swap entries against L1TF x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation x86/speculation/l1tf: Make sure the first page is always reserved x86/speculation/l1tf: Add sysfs reporting for l1tf x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings x86/speculation/l1tf: Limit swap file size to MAX_PA/2 x86/bugs: Move the l1tf function and define pr_fmt properly sched/smt: Update sched_smt_present at runtime x86/smp: Provide topology_is_primary_thread() x86/topology: Provide topology_smt_supported() cpu/hotplug: Make bringup/teardown of smp threads symmetric cpu/hotplug: Split do_cpu_down() cpu/hotplug: Provide knobs to control SMT x86/cpu: Remove the pointless CPU printout x86/cpu/AMD: Remove the pointless detect_ht() call x86/cpu/common: Provide detect_ht_early() x86/cpu/topology: Provide detect_extended_topology_early() x86/cpu/intel: Evaluate smp_num_siblings early x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info x86/cpu/AMD: Evaluate smp_num_siblings early x86/apic: Ignore secondary threads if nosmt=force x86/speculation/l1tf: Extend 64bit swap file size limit x86/cpufeatures: Add detection of L1D cache flush support. x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings x86/speculation/l1tf: Protect PAE swap entries against L1TF x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Revert "x86/apic: Ignore secondary threads if nosmt=force" cpu/hotplug: Boot HT siblings at least once x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present x86/KVM/VMX: Add module argument for L1TF mitigation x86/KVM/VMX: Add L1D flush algorithm x86/KVM/VMX: Add L1D MSR based flush x86/KVM/VMX: Add L1D flush logic x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers x86/KVM/VMX: Add find_msr() helper function x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required cpu/hotplug: Online siblings when SMT control is turned on x86/litf: Introduce vmx status variable x86/kvm: Drop L1TF MSR list approach x86/l1tf: Handle EPT disabled state proper x86/kvm: Move l1tf setup function x86/kvm: Add static key for flush always x86/kvm: Serialize L1D flush parameter setter x86/kvm: Allow runtime control of L1D flush cpu/hotplug: Expose SMT control init function cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early x86/bugs, kvm: Introduce boot-time control of L1TF mitigations Documentation: Add section about CPU vulnerabilities x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content Documentation/l1tf: Fix typos cpu/hotplug: detect SMT disabled by BIOS x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d x86: Don't include linux/irq.h from asm/hardirq.h x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Documentation/l1tf: Remove Yonah processors from not vulnerable list KVM: x86: Add a framework for supporting MSR-based features KVM: SVM: Add MSR-based feature support for serializing LFENCE KVM: X86: Introduce kvm_get_msr_feature() KVM: X86: Allow userspace to define the microcode version KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR x86/speculation: Simplify sysfs report of VMX L1TF vulnerability x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry cpu/hotplug: Fix SMT supported evaluation x86/speculation/l1tf: Invert all not present mappings x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/mm/pat: Make set_memory_np() L1TF safe x86/mm/kmmio: Make the tracer robust against L1TF tools headers: Synchronise x86 cpufeatures.h for L1TF additions x86/microcode: Allow late microcode loading with SMT disabled x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread cpu/hotplug: Non-SMP machines do not make use of booted_once x86/init: fix build with CONFIG_SWAP=n x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present Linux 4.14.63 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Al Viro
|
d5426a3841 |
make sure that __dentry_kill() always invalidates d_seq, unhashed or not
commit 4c0d7cd5c8416b1ef41534d19163cb07ffaa03ab upstream. RCU pathwalk relies upon the assumption that anything that changes ->d_inode of a dentry will invalidate its ->d_seq. That's almost true - the one exception is that the final dput() of already unhashed dentry does *not* touch ->d_seq at all. Unhashing does, though, so for anything we'd found by RCU dcache lookup we are fine. Unfortunately, we can *start* with an unhashed dentry or jump into it. We could try and be careful in the (few) places where that could happen. Or we could just make the final dput() invalidate the damn thing, unhashed or not. The latter is much simpler and easier to backport, so let's do it that way. Reported-by: "Dae R. Jeong" <threeearcat@gmail.com> Cc: stable@vger.kernel.org Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Al Viro
|
abfc0ec698 |
root dentries need RCU-delayed freeing
commit 90bad5e05bcdb0308cfa3d3a60f5c0b9c8e2efb3 upstream.
Since mountpoint crossing can happen without leaving lazy mode,
root dentries do need the same protection against having their
memory freed without RCU delay as everything else in the tree.
It's partially hidden by RCU delay between detaching from the
mount tree and dropping the vfsmount reference, but the starting
point of pathwalk can be on an already detached mount, in which
case umount-caused RCU delay has already passed by the time the
lazy pathwalk grabs rcu_read_lock(). If the starting point
happens to be at the root of that vfsmount *and* that vfsmount
covers the entire filesystem, we get trouble.
Fixes: 48a066e72d97 ("RCU'd vsfmounts")
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
503f6fecb8 |
This is the 4.14.45 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlsOPCoACgkQONu9yGCS aT4vYBAAoESFP3oUtpyrPQU2yWQx7sRq/Dd8WyNlHlq2nRU8Y42ynB8TdRpAIces 3aP7vPwFLaK4H0SZt4oA+NialRMhC/bN6BmKaoTUXq2nmE2XzDkcPDu0zHnqQt9C vc5wa2hd+H95wj9cdkkPwdlmgVhHztowJ3uqqNaPql2MVjDLKxziNVMv7lAIGPk3 TycD9SihGAEKFjI2WIXaX6hm+3gGRnuK2ovlqnlF24dLRFiGIBL+fUp5ZGoxVlRP W260tQnTv/TvWUJ7V3x6rZ04kgV7LcaZrwSyN7GLJmhoi9Bw0BmL1N3cEAfEZdy2 YoGqDemLW9bEiHBhFuPOcFr7tyAz8EsVH4/KUwkIMgWNbV8DmTKT2nbfzG9ju6Hb q9q3OJyLPBamGxTuiXUspRhQJrVrMX6sahHQDj5786AVgBDoGVFw1d+v9kJCoSAv lnA7qTbCFeq288dJ3sU7OZhmApC1oMPjMjmfVWwuQKBz81xqsquAjQRkBY3Odw+j yreZ9PS2Krk3bpf9QoDf/NGM+zpFyyy3xbrHpMkIEv48VGYrpe0nP6TZRfEgF65L 036uZCPzpH+vFdyjMPWUPPXGZCD7q6DGk+wKit2eMFKOXB477yKA2+qAWs0GAeKo g7N0Rql7YZQK+Zu+1YvtfqF4WUBBP0uAb7FSuyVKVIzI3LfPCQk= =m2qv -----END PGP SIGNATURE----- Merge 4.14.45 into android-4.14 Changes in 4.14.45 MIPS: c-r4k: Fix data corruption related to cache coherence MIPS: ptrace: Expose FIR register through FP regset MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" affs_lookup(): close a race with affs_remove_link() fs: don't scan the inode cache before SB_BORN is set aio: fix io_destroy(2) vs. lookup_ioctx() race ALSA: timer: Fix pause event notification do d_instantiate/unlock_new_inode combinations safely mmc: sdhci-iproc: remove hard coded mmc cap 1.8v mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus libata: Blacklist some Sandisk SSDs for NCQ libata: blacklist Micron 500IT SSD with MU01 firmware xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros arm64: lse: Add early clobbers to some input/output asm operands powerpc/64s: Clear PCR on boot IB/hfi1: Use after free race condition in send context error path IB/umem: Use the correct mm during ib_umem_release sr: pass down correctly sized SCSI sense buffer idr: fix invalid ptr dereference on item delete Revert "ipc/shm: Fix shmat mmap nil-page protection" ipc/shm: fix shmat() nil address after round-down when remapping mm/kasan: don't vfree() nonexistent vm_area kasan: free allocated shadow memory on MEM_CANCEL_ONLINE kasan: fix memory hotplug during boot kernel/sys.c: fix potential Spectre v1 issue KVM/VMX: Expose SSBD properly to guests KVM: s390: vsie: fix < 8k check for the itdba KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed kvm: x86: IA32_ARCH_CAPABILITIES is always supported x86/kvm: fix LAPIC timer drift when guest uses periodic mode powerpc/64s: Improve RFI L1-D cache flush fallback powerpc/pseries: Support firmware disable of RFI flush powerpc/powernv: Support firmware disable of RFI flush powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again powerpc/rfi-flush: Always enable fallback flush on pseries powerpc/rfi-flush: Differentiate enabled and patched flush types powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags powerpc: Add security feature flags for Spectre/Meltdown powerpc/pseries: Set or clear security feature flags powerpc/powernv: Set or clear security feature flags powerpc/64s: Move cpu_show_meltdown() powerpc/64s: Enhance the information in cpu_show_meltdown() powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() powerpc/64s: Wire up cpu_show_spectre_v1() powerpc/64s: Wire up cpu_show_spectre_v2() powerpc/pseries: Fix clearing of security feature flags powerpc: Move default security feature flags powerpc/pseries: Restore default security feature flags on setup powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit MIPS: generic: Fix machine compatible matching mac80211: mesh: fix wrong mesh TTL offset calculation ARC: Fix malformed ARC_EMUL_UNALIGNED default ptr_ring: prevent integer overflow when calculating size arm64: dts: rockchip: fix rock64 gmac2io stability issues arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire libata: Fix compile warning with ATA_DEBUG enabled selftests: sync: missing CFLAGS while compiling selftest/vDSO: fix O= selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m selftests: memfd: add config fragment for fuse ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt ARM: OMAP3: Fix prm wake interrupt for resume ARM: OMAP2+: Fix sar_base inititalization for HS omaps ARM: OMAP1: clock: Fix debugfs_create_*() usage ibmvnic: Wait until reset is complete to set carrier on ibmvnic: Free RX socket buffer in case of adapter error ibmvnic: Clean RX pool buffers during device close tls: retrun the correct IV in getsockopt xhci: workaround for AMD Promontory disabled ports wakeup IB/uverbs: Fix method merging in uverbs_ioctl_merge IB/uverbs: Fix possible oops with duplicate ioctl attributes IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy arm64: dts: rockchip: Fix DWMMC clocks ARM: dts: rockchip: Fix DWMMC clocks iwlwifi: mvm: fix security bug in PN checking iwlwifi: mvm: fix IBSS for devices that support station type API iwlwifi: mvm: always init rs with 20mhz bandwidth rates NFC: llcp: Limit size of SDP URI rxrpc: Work around usercopy check MD: Free bioset when md_run fails md: fix md_write_start() deadlock w/o metadata devices s390/dasd: fix handling of internal requests xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 mac80211: fix a possible leak of station stats mac80211: fix calling sleeping function in atomic context cfg80211: clear wep keys after disconnection mac80211: Do not disconnect on invalid operating class mac80211: Fix sending ADDBA response for an ongoing session gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle md raid10: fix NULL deference in handle_write_completed() drm/exynos: g2d: use monotonic timestamps drm/exynos: fix comparison to bitshift when dealing with a mask drm/meson: fix vsync buffer update arm64: perf: correct PMUVer probing RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails RDMA/bnxt_re: Fix system crash during load/unload ibmvnic: Check for NULL skb's in NAPI poll routine net/mlx5e: Return error if prio is specified when offloading eswitch vlan push locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() md: raid5: avoid string overflow warning virtio_net: fix XDP code path in receive_small() kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE bug.h: work around GCC PR82365 in BUG() selftests/memfd: add run_fuse_test.sh to TEST_FILES seccomp: add a selftest for get_metadata soc: imx: gpc: de-register power domains only if initialized powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access s390/cio: fix ccw_device_start_timeout API s390/cio: fix return code after missing interrupt s390/cio: clear timer when terminating driver I/O selftests/bpf/test_maps: exit child process without error in ENOMEM case PKCS#7: fix direct verification of SignerInfo signature arm64: dts: cavium: fix PCI bus dtc warnings nfs: system crashes after NFS4ERR_MOVED recovery ARM: OMAP: Fix dmtimer init for omap1 smsc75xx: fix smsc75xx_set_features() regulatory: add NUL to request alpha2 integrity/security: fix digsig.c build error with header file x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations mac80211: drop frames with unexpected DS bits from fast-rx to slow path arm64: fix unwind_frame() for filtered out fn for function graph tracing macvlan: fix use-after-free in macvlan_common_newlink() KVM: nVMX: Don't halt vcpu when L1 is injecting events to L2 kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds ARM: dts: imx6dl: Include correct dtsi file for Engicam i.CoreM6 DualLite/Solo RQS fs: dcache: Avoid livelock between d_alloc_parallel and __d_add fs: dcache: Use READ_ONCE when accessing i_dir_seq md: fix a potential deadlock of raid5/raid10 reshape md/raid1: fix NULL pointer dereference batman-adv: fix packet checksum in receive path batman-adv: invalidate checksum on fragment reassembly netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount netfilter: ipt_CLUSTERIP: put config instead of freeing it netfilter: ebtables: convert BUG_ONs to WARN_ONs batman-adv: Ignore invalid batadv_iv_gw during netlink send batman-adv: Ignore invalid batadv_v_gw during netlink send batman-adv: Fix netlink dumping of BLA claims batman-adv: Fix netlink dumping of BLA backbones nvme-pci: Fix nvme queue cleanup if IRQ setup fails clocksource/drivers/fsl_ftm_timer: Fix error return checking libceph, ceph: avoid memory leak when specifying same option several times ceph: fix dentry leak when failing to init debugfs xen/pvcalls: fix null pointer dereference on map->sock ARM: orion5x: Revert commit 4904dbda41c8. qrtr: add MODULE_ALIAS macro to smd selftests/futex: Fix line continuation in Makefile r8152: fix tx packets accounting virtio-gpu: fix ioctl and expose the fixed status to userspace. dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 bcache: fix kcrashes with fio in RAID5 backend dev ip_gre: fix IFLA_MTU ignored on NEWLINK ip6_tunnel: fix IFLA_MTU ignored on NEWLINK sit: fix IFLA_MTU ignored on NEWLINK nbd: fix return value in error handling path ARM: dts: NSP: Fix amount of RAM on BCM958625HR ARM: dts: bcm283x: Fix unit address of local_intc powerpc/boot: Fix random libfdt related build errors clocksource/drivers/mips-gic-timer: Use correct shift count to extract data gianfar: Fix Rx byte accounting for ndev stats net/tcp/illinois: replace broken algorithm reference link nvmet: fix PSDT field check in command format net/smc: use link_id of server in confirm link reply mlxsw: core: Fix flex keys scratchpad offset conflict mlxsw: spectrum: Treat IPv6 unregistered multicast as broadcast spectrum: Reference count VLAN entries ARC: mcip: halt GFRC counter when ARC cores halt ARC: mcip: update MCIP debug mask when the new cpu came online ARC: setup cpu possible mask according to possible-cpus dts property ipvs: remove IPS_NAT_MASK check to fix passive FTP IB/mlx: Set slid to zero in Ethernet completion struct RDMA/bnxt_re: Unconditionly fence non wire memory operations RDMA/bnxt_re: Fix incorrect DB offset calculation RDMA/bnxt_re: Fix the ib_reg failure cleanup xen/pirq: fix error path cleanup when binding MSIs drm/amd/amdgpu: Correct VRAM width for APUs with GMC9 xfrm: Fix ESN sequence number handling for IPsec GSO packets. arm64: dts: rockchip: Fix rk3399-gru-* s2r (pinctrl hogs, wifi reset) drm/sun4i: Fix dclk_set_phase btrfs: use kvzalloc to allocate btrfs_fs_info Btrfs: send, fix issuing write op when processing hole in no data mode Btrfs: fix log replay failure after linking special file and fsync ceph: fix potential memory leak in init_caches() block: display the correct diskname for bio nvme-pci: Fix EEH failure on ppc nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable net: ethtool: don't ignore return from driver get_fecparam method iwlwifi: mvm: fix TX of CCMP 256 iwlwifi: mvm: Fix channel switch for count 0 and 1 iwlwifi: mvm: fix assert 0x2B00 on older FWs iwlwifi: avoid collecting firmware dump if not loaded iwlwifi: mvm: fix "failed to remove key" message iwlwifi: mvm: Direct multicast frames to the correct station iwlwifi: mvm: Correctly set the tid for mcast queue rds: Incorrect reference counting in TCP socket creation watchdog: f71808e_wdt: Fix magic close handling watchdog: sbsa: use 32-bit read for WCV batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag hv_netvsc: use napi_schedule_irqoff hv_netvsc: filter multicast/broadcast hv_netvsc: propagate rx filters to VF ARM: dts: rockchip: Add missing #sound-dai-cells on rk3288 perf record: Fix crash in pipe mode e1000e: Fix check_for_link return value with autoneg off e1000e: allocate ring descriptors with dma_zalloc_coherent ia64/err-inject: Use get_user_pages_fast() RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA RDMA/qedr: Fix iWARP write and send with immediate IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). fsl/fman: avoid sleeping in atomic context while adding an address qed: Free RoCE ILT Memory on rmmod qedr net: qcom/emac: Use proper free methods during TX net: smsc911x: Fix unload crash when link is up IB/core: Fix possible crash to access NULL netdev cxgb4: do not set needs_free_netdev for mgmt dev's xen-blkfront: move negotiate_mq to cover all cases of new VBDs xen: xenbus: use put_device() instead of kfree() hv_netvsc: fix filter flags hv_netvsc: fix locking for rx_mode hv_netvsc: fix locking during VF setup ARM: davinci: fix the GPIO lookup for omapl138-hawk arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery selftests/vm/run_vmtests: adjust hugetlb size according to nr_cpus lib/test_kmod.c: fix limit check on number of test devices created dmaengine: mv_xor_v2: Fix clock resource by adding a register clock netfilter: ebtables: fix erroneous reject of last rule can: m_can: change comparison to bitshift when dealing with a mask can: m_can: select pinctrl state in each suspend/resume function bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). workqueue: use put_device() instead of kfree() ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu sunvnet: does not support GSO for sctp KVM: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending gpu: ipu-v3: prg: avoid possible array underflow drm/imx: move arming of the vblank event to atomic_flush drm/nouveau/bl: fix backlight regression xfrm: fix rcu_read_unlock usage in xfrm_local_error iwlwifi: mvm: set the correct tid when we flush the MCAST sta iwlwifi: mvm: Correctly set IGTK for AP iwlwifi: mvm: fix error checking for multi/broadcast sta net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off vlan: Fix out of order vlan headers with reorder header off batman-adv: fix header size check in batadv_dbg_arp() net/sched: fix NULL dereference in the error path of tcf_sample_init() batman-adv: Fix skbuff rcsum on packet reroute vti4: Don't count header length twice on tunnel setup ip_tunnel: Clamp MTU to bounds on new link vti4: Don't override MTU passed on link creation via IFLA_MTU vti6: Fix dev->max_mtu setting iwlwifi: mvm: Increase session protection time after CS iwlwifi: mvm: clear tx queue id when unreserving aggregation queue iwlwifi: mvm: make sure internal station has a valid id iwlwifi: mvm: fix array out of bounds reference drm/tegra: Shutdown on driver unbind perf/cgroup: Fix child event counting bug brcmfmac: Fix check for ISO3166 code kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races RDMA/ucma: Correct option size check using optlen RDMA/qedr: fix QP's ack timeout configuration RDMA/qedr: Fix rc initialization on CNQ allocation failure RDMA/qedr: Fix QP state initialization race net/sched: fix idr leak on the error path of tcf_bpf_init() net/sched: fix idr leak in the error path of tcf_simp_init() net/sched: fix idr leak in the error path of tcf_act_police_init() net/sched: fix idr leak in the error path of tcp_pedit_init() net/sched: fix idr leak in the error path of __tcf_ipt_init() net/sched: fix idr leak in the error path of tcf_skbmod_init() net: dsa: Fix functional dsa-loop dependency on FIXED_PHY drm/ast: Fixed 1280x800 Display Issue mm/mempolicy.c: avoid use uninitialized preferred_node mm, thp: do not cause memcg oom for thp xfrm: Fix transport mode skb control buffer usage. selftests: ftrace: Add probe event argument syntax testcase selftests: ftrace: Add a testcase for string type with kprobe_event selftests: ftrace: Add a testcase for probepoint drm/amdkfd: Fix scratch memory with HWS enabled batman-adv: fix multicast-via-unicast transmission with AP isolation batman-adv: fix packet loss for broadcasted DHCP packets to a server ARM: 8748/1: mm: Define vdso_start, vdso_end as array lan78xx: Set ASD in MAC_CR when EEE is enabled. net: qmi_wwan: add BroadMobi BM806U 2020:2033 bonding: fix the err path for dev hwaddr sync in bond_enslave net: dsa: mt7530: fix module autoloading for OF platform drivers net/mlx5: Make eswitch support to depend on switchdev perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs x86/alternatives: Fixup alternative_call_2 llc: properly handle dev_queue_xmit() return value builddeb: Fix header package regarding dtc source links qede: Fix barrier usage after tx doorbell write. mm, slab: memcg_link the SLAB's kmem_cache mm/page_owner: fix recursion bug after changing skip entries mm/vmstat.c: fix vmstat_update() preemption BUG mm/kmemleak.c: wait for scan completion before disabling free hv_netvsc: enable multicast if necessary qede: Do not drop rx-checksum invalidated packets. net: Fix untag for vlan packets without ethernet header vlan: Fix vlan insertion for packets without ethernet header net: mvneta: fix enable of all initialized RXQs sh: fix debug trap failure to process signals before return to user firmware: dmi_scan: Fix UUID length safety check nvme: don't send keep-alives to the discovery controller Btrfs: clean up resources during umount after trans is aborted Btrfs: fix loss of prealloc extents past i_size after fsync log replay x86/pgtable: Don't set huge PUD/PMD on non-leaf entries x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table swap: divide-by-zero when zero length swap file on ssd z3fold: fix memory leak sr: get/drop reference to device in revalidate and check_events Force log to disk before reading the AGF during a fstrim cpufreq: CPPC: Initialize shared perf capabilities of CPUs powerpc/fscr: Enable interrupts earlier before calling get_user() perf tools: Fix perf builds with clang support perf clang: Add support for recent clang versions dp83640: Ensure against premature access to PHY registers after reset ibmvnic: Zero used TX descriptor counter on reset mm/ksm: fix interaction with THP mm: fix races between address_space dereference and free in page_evicatable mm: thp: fix potential clearing to referenced flag in page_idle_clear_pte_refs_one() Btrfs: bail out on error during replay_dir_deletes Btrfs: fix NULL pointer dereference in log_dir_items btrfs: Fix possible softlock on single core machines IB/rxe: Fix for oops in rxe_register_device on ppc64le arch ocfs2/dlm: don't handle migrate lockres if already in shutdown powerpc/64s/idle: Fix restore of AMOR on POWER9 after deep sleep sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of this_cpu_has() in build_cr3_noflush() KVM: VMX: raise internal error for exception during invalid protected mode state lan78xx: Connect phy early fscache: Fix hanging wait on page discarded by writeback sparc64: Make atomic_xchg() an inline function rather than a macro. net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() net: bgmac: Correctly annotate register space powerpc/64s: sreset panic if there is no debugger or crash dump handlers btrfs: tests/qgroup: Fix wrong tree backref level Btrfs: fix copy_items() return value when logging an inode btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled rxrpc: Fix Tx ring annotation after initial Tx failure rxrpc: Don't treat call aborts as conn aborts xen/acpi: off by one in read_acpi_id() drivers: macintosh: rack-meter: really fix bogus memsets ACPI: acpi_pad: Fix memory leak in power saving threads powerpc/mpic: Check if cpu_possible() in mpic_physmask() ieee802154: ca8210: fix uninitialised data read ath10k: advertize beacon_int_min_gcd iommu/amd: Take into account that alloc_dev_data() may return NULL intel_th: Use correct method of finding hub m68k: set dma and coherent masks for platform FEC ethernets iwlwifi: mvm: check if mac80211_queue is valid in iwl_mvm_disable_txq parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode hwmon: (nct6775) Fix writing pwmX_mode powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer powerpc/perf: Fix kernel address leak via sampling registers rsi: fix kernel panic observed on 64bit machine tools/thermal: tmon: fix for segfault selftests: Print the test we're running to /dev/kmsg net/mlx5: Protect from command bit overflow watchdog: davinci_wdt: fix error handling in davinci_wdt_probe() ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) nvme-pci: disable APST for Samsung NVMe SSD 960 EVO + ASUS PRIME Z370-A ath9k: fix crash in spectral scan cxgb4: Setup FW queues before registering netdev ima: Fix Kconfig to select TPM 2.0 CRB interface ima: Fallback to the builtin hash algorithm watchdog: aspeed: Allow configuring for alternate boot virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS arm: dts: socfpga: fix GIC PPI warning ext4: don't complain about incorrect features when probing drm/vmwgfx: Unpin the screen object backup buffer when not used iommu/mediatek: Fix protect memory setting cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path IB/mlx5: Set the default active rate and width to QDR and 4X zorro: Set up z->dev.dma_mask for the DMA API bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set remoteproc: imx_rproc: Fix an error handling path in 'imx_rproc_probe()' dt-bindings: add device tree binding for Allwinner H6 main CCU ACPICA: Events: add a return on failure from acpi_hw_register_read ACPICA: Fix memory leak on unusual memory leak ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c cxgb4: Fix queue free path of ULD drivers i2c: mv64xxx: Apply errata delay only in standard mode KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use perf top: Fix top.call-graph config option reading perf stat: Fix core dump when flag T is used IB/core: Honor port_num while resolving GID for IB link layer drm/amdkfd: add missing include of mm.h coresight: Use %px to print pcsr instead of %p regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()' spi: bcm-qspi: fIX some error handling paths net/smc: pay attention to MAX_ORDER for CQ entries MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset PCI: Restore config space on runtime resume despite being unbound watchdog: dw: RMW the control register watchdog: aspeed: Fix translation of reset mode to ctrl register ipmi_ssif: Fix kernel panic at msg_done_handler drm/meson: Fix some error handling paths in 'meson_drv_bind_master()' drm/meson: Fix an un-handled error path in 'meson_drv_bind_master()' powerpc: Add missing prototype for arch_irq_work_raise() powerpc/powernv/npu: Fix deadlock in mmio_invalidate() cxl: Check if PSL data-cache is available before issue flush request f2fs: fix to set KEEP_SIZE bit in f2fs_zero_range f2fs: fix to clear CP_TRIMMED_FLAG f2fs: fix to check extent cache in f2fs_drop_extent_tree perf/core: Fix installing cgroup events on CPU max17042: propagate of_node to power supply device perf/core: Fix perf_output_read_group() drm/panel: simple: Fix the bus format for the Ontat panel hwmon: (pmbus/max8688) Accept negative page register values hwmon: (pmbus/adm1275) Accept negative page register values perf/x86/intel: Properly save/restore the PMU state in the NMI handler cdrom: do not call check_disk_change() inside cdrom_open() efi/arm*: Only register page tables when they exist perf/x86/intel: Fix large period handling on Broadwell CPUs perf/x86/intel: Fix event update for auto-reload arm64: dts: qcom: Fix SPI5 config on MSM8996 soc: qcom: wcnss_ctrl: Fix increment in NV upload gfs2: Fix fallocate chunk size x86/devicetree: Initialize device tree before using it x86/devicetree: Fix device IRQ settings in DT phy: rockchip-emmc: retry calpad busy trimming ALSA: vmaster: Propagate slave error phy: qcom-qmp: Fix phy pipe clock gating drm/bridge: sii902x: Retry status read after DDI I2C tools: hv: fix compiler warnings about major/target_fname block: null_blk: fix 'Invalid parameters' when loading module dmaengine: pl330: fix a race condition in case of threaded irqs dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() enic: enable rq before updating rq descriptors watchdog: asm9260_wdt: fix error handling in asm9260_wdt_probe() hwrng: stm32 - add reset during probe pinctrl: devicetree: Fix dt_to_map_one_config handling of hogs pinctrl: artpec6: dt: add missing pin group uart5nocts vfio-ccw: fence off transport mode dmaengine: qcom: bam_dma: get num-channels and num-ees from dt drm: omapdrm: dss: Move initialization code from component bind to probe ARM: dts: dra71-evm: Correct evm_sd regulator max voltage drm/amdgpu: disable GFX ring and disable PQ wptr in hw_fini drm/amdgpu: adjust timeout for ib_ring_tests(v2) net: stmmac: ensure that the device has released ownership before reading data net: stmmac: ensure that the MSS desc is the last desc to set the own bit cpufreq: Reorder cpufreq_online() error code path dpaa_eth: fix SG mapping PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 udf: Provide saner default for invalid uid / gid ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode sh_eth: fix TSU init on SH7734/R8A7740 power: supply: ltc2941-battery-gauge: Fix temperature units ARM: dts: bcm283x: Fix probing of bcm2835-i2s ARM: dts: bcm283x: Fix pin function of JTAG pins PCMCIA / PM: Avoid noirq suspend aborts during suspend-to-idle audit: return on memory error to avoid null pointer dereference net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() rcu: Call touch_nmi_watchdog() while printing stall warnings pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group dpaa_eth: fix pause capability advertisement logic MIPS: Octeon: Fix logging messages with spurious periods after newlines drm/rockchip: Respect page offset for PRIME mmap calls x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified perf test: Fix test case inet_pton to accept inlines. perf report: Fix wrong jump arrow perf tests: Use arch__compare_symbol_names to compare symbols perf report: Fix memory corruption in --branch-history mode --branch-history perf tests: Fix dwarf unwind for stripped binaries selftests/net: fixes psock_fanout eBPF test case netlabel: If PF_INET6, check sk_buff ip header version drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen3 drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen2 ARM: dts: at91: tse850: use the correct compatible for the eeprom regmap: Correct comparison in regmap_cached i40e: Add delay after EMP reset for firmware to recover ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet ARM: dts: porter: Fix HDMI output routing regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' pinctrl: msm: Use dynamic GPIO numbering pinctrl: mcp23s08: spi: Fix regmap debugfs entries kdb: make "mdr" command repeat drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is successful Linux 4.14.45 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Will Deacon
|
2565b271ae |
fs: dcache: Use READ_ONCE when accessing i_dir_seq
[ Upstream commit 8cc07c808c9d595e81cbe5aad419b7769eb2e5c9 ] i_dir_seq is subject to concurrent modification by a cmpxchg or store-release operation, so ensure that the relaxed access in d_alloc_parallel uses READ_ONCE. Reported-by: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Will Deacon
|
3623c1f37e |
fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
[ Upstream commit 015555fd4d2930bc0c86952c46ad88b3392f66e4 ]
If d_alloc_parallel runs concurrently with __d_add, it is possible for
d_alloc_parallel to continuously retry whilst i_dir_seq has been
incremented to an odd value by __d_add:
CPU0:
__d_add
n = start_dir_add(dir);
cmpxchg(&dir->i_dir_seq, n, n + 1) == n
CPU1:
d_alloc_parallel
retry:
seq = smp_load_acquire(&parent->d_inode->i_dir_seq) & ~1;
hlist_bl_lock(b);
bit_spin_lock(0, (unsigned long *)b); // Always succeeds
CPU0:
__d_lookup_done(dentry)
hlist_bl_lock
bit_spin_lock(0, (unsigned long *)b); // Never succeeds
CPU1:
if (unlikely(parent->d_inode->i_dir_seq != seq)) {
hlist_bl_unlock(b);
goto retry;
}
Since the simple bit_spin_lock used to implement hlist_bl_lock does not
provide any fairness guarantees, then CPU1 can starve CPU0 of the lock
and prevent it from reaching end_dir_add(dir), therefore CPU1 cannot
exit its retry loop because the sequence number always has the bottom
bit set.
This patch resolves the livelock by not taking hlist_bl_lock in
d_alloc_parallel if the sequence counter is odd, since any subsequent
masked comparison with i_dir_seq will fail anyway.
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Reported-by: Naresh Madhusudana <naresh.madhusudana@arm.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Matthew Wilcox <mawilcox@microsoft.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Al Viro
|
f440ea85d4 |
do d_instantiate/unlock_new_inode combinations safely
commit 1e2e547a93a00ebc21582c06ca3c6cfea2a309ee upstream. For anything NFS-exported we do _not_ want to unlock new inode before it has grown an alias; original set of fixes got the ordering right, but missed the nasty complication in case of lockdep being enabled - unlock_new_inode() does lockdep_annotate_inode_mutex_key(inode) which can only be done before anyone gets a chance to touch ->i_mutex. Unfortunately, flipping the order and doing unlock_new_inode() before d_instantiate() opens a window when mkdir can race with open-by-fhandle on a guessed fhandle, leading to multiple aliases for a directory inode and all the breakage that follows from that. Correct solution: a new primitive (d_instantiate_new()) combining these two in the right order - lockdep annotate, then d_instantiate(), then the rest of unlock_new_inode(). All combinations of d_instantiate() with unlock_new_inode() should be converted to that. Cc: stable@kernel.org # 2.6.29 and later Tested-by: Mike Marshall <hubcap@omnibond.com> Reviewed-by: Andreas Dilger <adilger@dilger.ca> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
7e76ead2d2 |
This is the 4.14.34 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlrPNhoACgkQONu9yGCS aT6BgRAAlQVoTa9PEk/vyJACP/IDnzW/UUhUatTTBcsj8hAOzeF5tpFPvvqG+Aoj TfjujeFN8YgqepBKEWdAvUknJtO9Ka+1Q7elBg1A9ygwPXn4XCVV1Cu+Q7w9gmci OJd/3ubevqGV0enA9wzxsczhG8ua/8EZiBM5pz8NDXy4nZ7rtxCUs+8npCj23/dJ klN70Gv58ClSaI4CUTXejBxm9/EGIrY0+SoS3+M1rj8vV8kgr8uzqDuk/Kv12YL8 /XVbB6QHPauvJAw9QFaP9xi2M7hZ03YJlo0hHMoPUXyLK2CJ5w/NJmJcKOu+eKx0 GGn/qQ0C8uAXGFfJjwHNj3MHDgPVayIvE7SMVKRIY8EcSYv9AsL+YDo6KK9WRmuE 3VLxOFO8Z2vVaVATU3U/m/+lK+kyDqStwwp7IFTbYSb3GpSD8JeruBWcbM2ywPCX J+n3DWrvwcvIsS1+URJogiaamo7J6u4upyz9ilym7XovMub5RfjmhIAKBsd3DqEL PZ+MLM+TMUq6smSlSFdrSuU+aquhbaKaD/LdXmVlsIjMQOOkQCU8d6mHYfW7jBEP 6oE/VjXSewMdsrux3C4rKW/TnnXRWNHPY47SqObkqEx1uf2uFPSi5jIKRCBZtNfT 2nMEfDnW/FBuQVoWvBx01eiSeupNRl0ULbdtdrMS7YMFY8gaVOY= =+4X0 -----END PGP SIGNATURE----- Merge 4.14.34 into android-4.14 Changes in 4.14.34 i40iw: Fix sequence number for the first partial FPDU i40iw: Correct Q1/XF object count equation i40iw: Validate correct IRD/ORD connection parameters clk: meson: mpll: use 64-bit maths in params_from_rate ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node Bluetooth: Add a new 04ca:3015 QCA_ROME device ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT thermal: power_allocator: fix one race condition issue for thermal_instances list perf probe: Find versioned symbols from map perf probe: Add warning message if there is unexpected event name perf evsel: Enable ignore_missing_thread for pid option net: hns3: free the ring_data structrue when change tqps net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg l2tp: fix missing print session offset info rds; Reset rs->rs_bound_addr in rds_add_bound() failure path ACPI / video: Default lcd_only to true on Win8-ready and newer machines net/mlx4_en: Change default QoS settings VFS: close race between getcwd() and d_move() watchdog: dw_wdt: add stop watchdog operation clk: divider: fix incorrect usage of container_of PM / devfreq: Fix potential NULL pointer dereference in governor_store selftests/net: fix bugs in address and port initialization RDMA/cma: Mark end of CMA ID messages hwmon: (ina2xx) Make calibration register value fixed clk: sunxi-ng: a83t: Add M divider to TCON1 clock media: videobuf2-core: don't go out of the buffer range ASoC: Intel: Skylake: Disable clock gating during firmware and library download ASoC: Intel: cht_bsw_rt5645: Analog Mic support spi: sh-msiof: Fix timeout failures for TX-only DMA transfers scsi: libiscsi: Allow sd_shutdown on bad transport scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag. irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry ACPI: EC: Fix debugfs_create_*() usage mac80211: Fix setting TX power on monitor interfaces vfb: fix video mode and line_length being set when loaded gpio: label descriptors using the device name powernv-cpufreq: Add helper to extract pstate from PMSR IB/rdmavt: Allocate CQ memory on the correct node blk-mq: avoid to map CPU into stale hw queue blk-mq: fix race between updating nr_hw_queues and switching io sched backlight: tdo24m: Fix the SPI CS between transfers pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts nvme_fcloop: disassocate local port structs nvme_fcloop: fix abort race condition tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented perf report: Fix a no annotate browser displayed issue staging: lustre: disable preempt while sampling processor id. ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()' power: supply: axp288_charger: Properly stop work on probe-error / remove rt2x00: do not pause queue unconditionally on error path wl1251: check return from call to wl1251_acx_arp_ip_filter net/mlx5: Fix race for multiple RoCE enable net: hns3: Fix an error of total drop packet statistics net: hns3: Fix a loop index error of tqp statistics query net: hns3: Fix an error macro definition of HNS3_TQP_STAT net: hns3: fix for changing MTU bcache: ret IOERR when read meets metadata error bcache: stop writeback thread after detaching bcache: segregate flash only volume write streams scsi: libsas: fix memory leak in sas_smp_get_phy_events() scsi: libsas: fix error when getting phy events scsi: libsas: initialize sas_phy status according to response of DISCOVER blk-mq: fix kernel oops in blk_mq_tag_idle() tty: n_gsm: Allow ADM response in addition to UA for control dlci block, bfq: put async queues for root bfq groups too EDAC, mv64x60: Fix an error handling path uio_hv_generic: check that host supports monitor page i40evf: don't rely on netif_running() outside rtnl_lock() cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware in RAID map scsi: megaraid_sas: unload flag should be set after scsi_remove_host is called RDMA/cma: Fix rdma_cm path querying for RoCE gpio: thunderx: fix error return code in thunderx_gpio_probe() x86/gart: Exclude GART aperture from vmcore sdhci: Advertise 2.0v supply on SDIO host controller ibmvnic: Don't handle RX interrupts when not up. Input: goodix - disable IRQs while suspended mtd: mtd_oobtest: Handle bitflips during reads crypto: aes-generic - build with -Os on gcc-7+ perf tools: Fix copyfile_offset update of output offset tcmu: release blocks for partially setup cmds thermal: int3400_thermal: fix error handling in int3400_thermal_probe() objtool: Add Clang support crypto: arm64/aes-ce-cipher - move assembler code to .S file x86/microcode: Propagate return value from updating functions x86/CPU: Add a microcode loader callback x86/CPU: Check CPU feature bits after microcode upgrade x86/microcode: Get rid of struct apply_microcode_ctx x86/microcode/intel: Check microcode revision before updating sibling threads x86/microcode/intel: Writeback and invalidate caches before updating microcode x86/microcode: Do not upload microcode if CPUs are offline x86/microcode/intel: Look into the patch cache first x86/microcode: Request microcode on the BSP x86/microcode: Synchronize late microcode loading x86/microcode: Attempt late loading only when new microcode is present x86/microcode: Fix CPU synchronization routine arp: fix arp_filter on l3slave devices ipv6: the entire IPv6 header chain must fit the first fragment lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write) net: fix possible out-of-bound read in skb_network_protocol() net/ipv6: Fix route leaking between VRFs net/ipv6: Increment OUTxxx counters after netfilter hook netlink: make sure nladdr has correct size in netlink_connect() net sched actions: fix dumping which requires several messages to user space net/sched: fix NULL dereference in the error path of tcf_bpf_init() pptp: remove a buggy dst release in pptp_connect() r8169: fix setting driver_data after register_netdev sctp: do not leak kernel memory to user space sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 sky2: Increase D3 delay to sky2 stops working after suspend vhost: correctly remove wait queue during poll failure vlan: also check phy_driver ts_info for vlan's real device vrf: Fix use after free and double free in vrf_finish_output bonding: fix the err path for dev hwaddr sync in bond_enslave bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave bonding: process the err returned by dev_set_allmulti properly in bond_enslave net: fool proof dev_valid_name() ip_tunnel: better validate user provided tunnel names ipv6: sit: better validate user provided tunnel names ip6_gre: better validate user provided tunnel names ip6_tunnel: better validate user provided tunnel names vti6: better validate user provided tunnel names net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path net/mlx5e: Fix memory usage issues in offloading TC flows nfp: use full 40 bits of the NSP buffer address ipv6: sr: fix seg6 encap performances with TSO enabled net/mlx5e: Don't override vport admin link state in switchdev mode net/mlx5e: Sync netdev vxlan ports at open net/sched: fix NULL dereference in the error path of tunnel_key_init() net/sched: fix NULL dereference on the error path of tcf_skbmod_init() strparser: Fix sign of err codes net/mlx4_en: Fix mixed PFC and Global pause user control requests net/mlx5e: Fix traffic being dropped on VF representor vhost: validate log when IOTLB is enabled route: check sysctl_fib_multipath_use_neigh earlier than hash team: move dev_mc_sync after master_upper_dev_link in team_port_add vhost_net: add missing lock nesting notation net/mlx4_core: Fix memory leak while delete slave's resources Linux 4.14.34 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
NeilBrown
|
db470ce8c6 |
VFS: close race between getcwd() and d_move()
[ Upstream commit 61647823aa920e395afcce4b57c32afb51456cab ] d_move() will call __d_drop() and then __d_rehash() on the dentry being moved. This creates a small window when the dentry appears to be unhashed. Many tests of d_unhashed() are made under ->d_lock and so are safe from racing with this window, but some aren't. In particular, getcwd() calls d_unlinked() (which calls d_unhashed()) without d_lock protection, so it can race. This races has been seen in practice with lustre, which uses d_move() as part of name lookup. See: https://jira.hpdd.intel.com/browse/LU-9735 It could race with a regular rename(), and result in ENOENT instead of either the 'before' or 'after' name. The race can be demonstrated with a simple program which has two threads, one renaming a directory back and forth while another calls getcwd() within that directory: it should never fail, but does. See: https://patchwork.kernel.org/patch/9455345/ We could fix this race by taking d_lock and rechecking when d_unhashed() reports true. Alternately when can remove the window, which is the approach this patch takes. ___d_drop() is introduce which does *not* clear d_hash.pprev so the dentry still appears to be hashed. __d_drop() calls ___d_drop(), then clears d_hash.pprev. __d_move() now uses ___d_drop() and only clears d_hash.pprev when not rehashing. Signed-off-by: NeilBrown <neilb@suse.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
45c8dbed17 |
This is the 4.14.29 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqyPMUACgkQONu9yGCS
aT520BAAy2D8GgiOXzjy95u2B76qXeMTMd8aeGwXoxe6YTuDZ+sLIzShBUf/itth
nrMOU+0rD2rjKJ/vp3Okm2XK08T08YV8aENE2CzG2vu0hYL+GYAXgQ6TpjYa/Vqh
Hv8AloyPs7eV1NN5Bd3OIwFWLeNKIYYJ33vlXaYWgkwYXZP5ZUicHcDXIDp6H0RU
Y5DoVF0N/GQkPVXsODSC/Ts0Xsi1IQCb41sn50PY2BwI62ZXip7nlWE59nsSd9gg
GYlLRhsXpJxvaMCwoOckbO8TcGYkHPVgLCLJmXv4b5NnvEptyRCnJcWxE7fmlzpE
4qlMn3Cin/Ve3hzw+HOiwR6WA/lUML/gUEnA6779RhAiJ+XkT6tnm8JZj9nrXW5i
nKET4hUFOY/Rnrd5OQmzhbOAQ2LYBkAupvZGJzLG9vyqlfg9T3HRV/f3+Ruz1wI/
c5b3EiSQlQ+ibn7ecyFUC3sDnqifXcc2fzEcEowtDrQ7KoVabTXXCH6e017S94uR
Ox4m1ICEplcOVitTvRYdP3fgOcGeyOxuq97t61SysFEauwz4F9p1Dfy4ou6oSdzl
yN4CJ7NS2xtV4A+y6sQEj85oDc84kWFlxvHmkayDoDXtwJu+wMncT9nFSHEssUsc
wgL3X2Mq/C9NUf2N4qlNH1PMCPO9CRgeCuUYBZHqsNpA/6u5wDE=
=kcqi
-----END PGP SIGNATURE-----
Merge 4.14.29 into android-4.14
Changes in 4.14.29
x86/cpufeatures: Add Intel Total Memory Encryption cpufeature
x86/cpufeatures: Add Intel PCONFIG cpufeature
selftests/x86/entry_from_vm86: Exit with 1 if we fail
selftests/x86: Add tests for User-Mode Instruction Prevention
selftests/x86: Add tests for the STR and SLDT instructions
selftests/x86/entry_from_vm86: Add test cases for POPF
x86/vm86/32: Fix POPF emulation
x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32-bit kernels
x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist
KVM: x86: Fix device passthrough when SME is active
x86/mm: Fix vmalloc_fault to use pXd_large
parisc: Handle case where flush_cache_range is called with no context
ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
ALSA: hda - Revert power_save option default value
ALSA: seq: Fix possible UAF in snd_seq_check_queue()
ALSA: seq: Clear client entry before deleting else at closing
drm/nouveau/bl: Fix oops on driver unbind
drm/amdgpu: fix prime teardown order
drm/radeon: fix prime teardown order
drm/amdgpu/dce: Don't turn off DP sink when disconnected
fs: Teach path_connected to handle nfs filesystems with multiple roots.
KVM: arm/arm64: Reduce verbosity of KVM init log
kvm: arm/arm64: vgic-v3: Tighten synchronization for guests using v2 on v3
KVM: arm/arm64: vgic: Don't populate multiple LRs with the same vintid
lock_parent() needs to recheck if dentry got __dentry_kill'ed under it
fs/aio: Add explicit RCU grace period when freeing kioctx
fs/aio: Use RCU accessors for kioctx_table->table[]
RDMAVT: Fix synchronization around percpu_ref
irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis
btrfs: Fix NULL pointer exception in find_bio_stripe
btrfs: add missing initialization in btrfs_check_shared
btrfs: alloc_chunk: fix DUP stripe size handling
btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device
btrfs: remove spurious WARN_ON(ref->count < 0) in find_parent_nodes
btrfs: Fix memory barriers usage with device stats counters
scsi: qla2xxx: Fix smatch warning in qla25xx_delete_{rsp|req}_que
scsi: qla2xxx: Fix NULL pointer access for fcport structure
scsi: qla2xxx: Fix logo flag for qlt_free_session_done()
scsi: qla2xxx: Fix crashes in qla2x00_probe_one on probe failure
USB: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe()
usb: dwc3: Fix GDBGFIFOSPACE_TYPE values
Linux 4.14.29
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Al Viro
|
b071bce3ff |
lock_parent() needs to recheck if dentry got __dentry_kill'ed under it
commit 3b821409632ab778d46e807516b457dfa72736ed upstream. In case when dentry passed to lock_parent() is protected from freeing only by the fact that it's on a shrink list and trylock of parent fails, we could get hit by __dentry_kill() (and subsequent dentry_kill(parent)) between unlocking dentry and locking presumed parent. We need to recheck that dentry is alive once we lock both it and parent *and* postpone rcu_read_unlock() until after that point. Otherwise we could return a pointer to struct dentry that already is rcu-scheduled for freeing, with ->d_lock held on it; caller's subsequent attempt to unlock it can end up with memory corruption. Cc: stable@vger.kernel.org # 3.12+, counting backports Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
474d3c467b |
This is the 4.14.21 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqO1toACgkQONu9yGCS
aT49JhAAjKxDe1PA6lq51uyWHlR73vJ93SvtDCHuM8s6aj/rb880vjeZumWcEAdR
nl2Yj/T0z9yZkBrw8Om/3BX4PfsF6hqq1TAufxYeKs08nVQ60v3/a4Mz9CYu8e0A
mXdK6DvSEQRS6S0vc83W2+fj5e05Vfvv23FlsngtH6IxaOL7mnRTxNmP5/PMP3QX
xtOKRBB7ghqqfV8U+yAJ0fbTKu0a+ztPLxCe2Lk+7U7yFpqLudzBfTV06QpcqwSF
fXdRWv8319c24585qubm2N1zDJ8PsxlcFWmvgbcZgO+lk1Zf4XuzxjsElg6PpYvT
m+8L1/Qo4k+L3eXJJiwLPqd6LP9VtspvRItZKMFMPZJNWLdk9tnjcLuA/HpTUvo9
EO/fXBP3YrX48TrjGIu9K4ToZvLFWGcDno5Vges0fb2MkixWF5b2naEdeS+B7SF2
ckYAWuoZPErmmNo6bhIkdizube6k8t+Ch7JxkxWgZh+Jw80drqSBzfdWKTLMl3k0
Nvo8RdbuSrDSg40NHT/d46tBguMp9n/J8eu6f/poN1VZRdqZkgqZ7xHjl7vgRRkg
nfcVndDTw099hhC0OuWVHJMpk62wVz+tRPNOR/yCucDPH1//HuEZ62sQzcjpPQ9l
ML2MD4zrTORK9VuztJFET8feWQ4KrqoSdE8HMD+TtMhhShcZcJA=
=vnDS
-----END PGP SIGNATURE-----
Merge 4.14.21 into android-4.14
Changes in 4.14.21
tracing: Prevent PROFILE_ALL_BRANCHES when FORTIFY_SOURCE=y
scsi: smartpqi: allow static build ("built-in")
IB/umad: Fix use of unprotected device pointer
IB/qib: Fix comparison error with qperf compare/swap test
IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports
IB/core: Fix two kernel warnings triggered by rxe registration
IB/core: Fix ib_wc structure size to remain in 64 bytes boundary
IB/core: Avoid a potential OOPs for an unused optional parameter
selftests: seccomp: fix compile error seccomp_bpf
kselftest: fix OOM in memory compaction test
RDMA/rxe: Fix a race condition related to the QP error state
RDMA/rxe: Fix a race condition in rxe_requester()
RDMA/rxe: Fix rxe_qp_cleanup()
cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin
swiotlb: suppress warning when __GFP_NOWARN is set
PM / devfreq: Propagate error from devfreq_add_device()
mwifiex: resolve reset vs. remove()/shutdown() deadlocks
ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE
powerpc/radix: Remove trace_tlbie call from radix__flush_tlb_all
powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove
powerpc/mm: Flush radix process translations when setting MMU type
powerpc/xive: Use hw CPU ids when configuring the CPU queues
powerpc: Fix DABR match on hash based systems
dma-buf: fix reservation_object_wait_timeout_rcu once more v2
s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
arm64: dts: msm8916: Correct ipc references for smsm
ARM: lpc3250: fix uda1380 gpio numbers
ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
ARM: dts: nomadik: add interrupt-parent for clcd
arm: dts: mt7623: fix card detection issue on bananapi-r2
arm: spear600: Add missing interrupt-parent of rtc
arm: spear13xx: Fix dmas cells
arm: spear13xx: Fix spics gpio controller's warning
drm/i915: add GT number to intel_device_info
drm/i915/kbl: Change a KBL pci id to GT2 from GT1.5
x86/gpu: add CFL to early quirks
x86/kexec: Make kexec (mostly) work in 5-level paging mode
x86/xen: init %gs very early to avoid page faults with stack protector
x86: PM: Make APM idle driver initialize polling state
x86/entry/64: Clear extra registers beyond syscall arguments, to reduce speculation attack surface
x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface
compiler-gcc.h: Introduce __optimize function attribute
compiler-gcc.h: __nostackprotector needs gcc-4.4 and up
crypto: sun4i_ss_prng - fix return value of sun4i_ss_prng_generate
crypto: sun4i_ss_prng - convert lock to _bh in sun4i_ss_prng_generate
powerpc/mm/radix: Split linear mapping on hot-unplug
x86/mm/pti: Fix PTI comment in entry_SYSCALL_64()
x86/speculation: Update Speculation Control microcode blacklist
x86/speculation: Correct Speculation Control microcode blacklist again
Revert "x86/speculation: Simplify indirect_branch_prediction_barrier()"
KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods
X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
KVM/nVMX: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap
x86/speculation: Clean up various Spectre related details
PM / runtime: Update links_count also if !CONFIG_SRCU
PM: cpuidle: Fix cpuidle_poll_state_init() prototype
x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface
x86/entry/64: Merge SAVE_C_REGS and SAVE_EXTRA_REGS, remove unused extensions
x86/entry/64: Merge the POP_C_REGS and POP_EXTRA_REGS macros into a single POP_REGS macro
x86/entry/64: Interleave XOR register clearing with PUSH instructions
x86/entry/64: Introduce the PUSH_AND_CLEAN_REGS macro
x86/entry/64: Use PUSH_AND_CLEAN_REGS in more cases
x86/entry/64: Get rid of the ALLOC_PT_GPREGS_ON_STACK and SAVE_AND_CLEAR_REGS macros
x86/entry/64: Indent PUSH_AND_CLEAR_REGS and POP_REGS properly
x86/entry/64: Fix paranoid_entry() frame pointer warning
x86/entry/64: Remove the unused 'icebp' macro
selftests/x86: Fix vDSO selftest segfault for vsyscall=none
selftests/x86: Clean up and document sscanf() usage
selftests/x86/pkeys: Remove unused functions
selftests/x86: Do not rely on "int $0x80" in test_mremap_vdso.c
selftests/x86: Do not rely on "int $0x80" in single_step_syscall.c
selftests/x86: Disable tests requiring 32-bit support on pure 64-bit systems
objtool: Fix segfault in ignore_unreachable_insn()
x86/debug, objtool: Annotate WARN()-related UD2 as reachable
x86/debug: Use UD2 for WARN()
x86/speculation: Fix up array_index_nospec_mask() asm constraint
nospec: Move array_index_nospec() parameter checking into separate macro
x86/speculation: Add <asm/msr-index.h> dependency
kmemcheck: remove annotations
kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
kmemcheck: remove whats left of NOTRACK flags
kmemcheck: rip it out
kmemcheck: rip it out for real
x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]()
selftests/x86/mpx: Fix incorrect bounds with old _sigfault
x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
x86/spectre: Fix an error message
x86/cpu: Change type of x86_cache_size variable to unsigned int
x86/entry/64: Fix CR3 restore in paranoid_exit()
drm/ttm: Don't add swapped BOs to swap-LRU list
drm/ttm: Fix 'buf' pointer update in ttm_bo_vm_access_kmap() (v2)
drm/qxl: unref cursor bo when finished with it
drm/amd/powerplay: Fix smu_table_entry.handle type
drm/ast: Load lut in crtc_commit
arm64: Add missing Falkor part number for branch predictor hardening
drm/radeon: Add dpm quirk for Jet PRO (v2)
drm/radeon: adjust tested variable
rtc-opal: Fix handling of firmware error codes, prevent busy loops
mbcache: initialize entry->e_referenced in mb_cache_entry_create()
mmc: sdhci: Implement an SDHCI-specific bounce buffer
mmc: bcm2835: Don't overwrite max frequency unconditionally
Revert "mmc: meson-gx: include tx phase in the tuning process"
mlx5: fix mlx5_get_vector_affinity to start from completion vector 0
Revert "apple-gmux: lock iGP IO to protect from vgaarb changes"
jbd2: fix sphinx kernel-doc build warnings
ext4: fix a race in the ext4 shutdown path
ext4: save error to disk in __ext4_grp_locked_error()
ext4: correct documentation for grpid mount option
mm: hide a #warning for COMPILE_TEST
mm: Fix memory size alignment in devm_memremap_pages_release()
MIPS: Fix typo BIG_ENDIAN to CPU_BIG_ENDIAN
MIPS: Fix incorrect mem=X@Y handling
PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode
PCI: iproc: Fix NULL pointer dereference for BCMA
PCI: keystone: Fix interrupt-controller-node lookup
video: fbdev: atmel_lcdfb: fix display-timings lookup
console/dummy: leave .con_font_get set to NULL
rbd: whitelist RBD_FEATURE_OPERATIONS feature bit
xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests
xenbus: track caller request id
seq_file: fix incomplete reset on read from zero offset
tracing: Fix parsing of globs with a wildcard at the beginning
mpls, nospec: Sanitize array index in mpls_label_ok()
rtlwifi: rtl8821ae: Fix connection lost problem correctly
arm64: proc: Set PTE_NG for table entries to avoid traversing them twice
qxl: alloc & use shadow for dumb buffers
drm/qxl: reapply cursor after resetting primary
xprtrdma: Fix calculation of ri_max_send_sges
xprtrdma: Fix BUG after a device removal
blk-wbt: account flush requests correctly
target/iscsi: avoid NULL dereference in CHAP auth error path
iscsi-target: make sure to wake up sleeping login worker
dm: correctly handle chained bios in dec_pending()
Btrfs: fix deadlock in run_delalloc_nocow
Btrfs: fix crash due to not cleaning up tree log block's dirty bits
Btrfs: fix extent state leak from tree log
Btrfs: fix btrfs_evict_inode to handle abnormal inodes correctly
Btrfs: fix use-after-free on root->orphan_block_rsv
Btrfs: fix unexpected -EEXIST when creating new inode
9p/trans_virtio: discard zero-length reply
mtd: nand: vf610: set correct ooblayout
ALSA: hda - Fix headset mic detection problem for two Dell machines
ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
ALSA: hda/realtek - Add headset mode support for Dell laptop
ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform
ALSA: hda/realtek: PCI quirk for Fujitsu U7x7
ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204
ALSA: usb: add more device quirks for USB DSD devices
ALSA: seq: Fix racy pool initializations
mvpp2: fix multicast address filter
usb: Move USB_UHCI_BIG_ENDIAN_* out of USB_SUPPORT
x86/mm, mm/hwpoison: Don't unconditionally unmap kernel 1:1 pages
scsi: core: check for device state in __scsi_remove_target()
Bluetooth: BT_HCIUART now depends on SERIAL_DEV_BUS
ARM: dts: exynos: fix RTC interrupt for exynos5410
ARM: pxa/tosa-bt: add MODULE_LICENSE tag
arm64: dts: msm8916: Add missing #phy-cells
ARM: dts: s5pv210: add interrupt-parent for ohci
arm: dts: mt7623: Update ethsys binding
arm: dts: mt2701: Add reset-cells
ARM: dts: Delete bogus reference to the charlcd
media: r820t: fix r820t_write_reg for KASAN
mmc: sdhci-of-esdhc: disable SD clock for clock value 0
mmc: sdhci-of-esdhc: fix eMMC couldn't work after kexec
mmc: sdhci-of-esdhc: fix the mmc error after sleep on ls1046ardb
ASoC: acpi: fix machine driver selection based on quirk
ovl: hash directory inodes for fsnotify
Linux 4.14.21
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Levin, Alexander (Sasha Levin)
|
2abfcdf8e7 |
kmemcheck: remove annotations
commit 4950276672fce5c241857540f8561c440663673d upstream. Patch series "kmemcheck: kill kmemcheck", v2. As discussed at LSF/MM, kill kmemcheck. KASan is a replacement that is able to work without the limitation of kmemcheck (single CPU, slow). KASan is already upstream. We are also not aware of any users of kmemcheck (or users who don't consider KASan as a suitable replacement). The only objection was that since KASAN wasn't supported by all GCC versions provided by distros at that time we should hold off for 2 years, and try again. Now that 2 years have passed, and all distros provide gcc that supports KASAN, kill kmemcheck again for the very same reasons. This patch (of 4): Remove kmemcheck annotations, and calls to kmemcheck from the kernel. [alexander.levin@verizon.com: correctly remove kmemcheck call from dma_map_sg_attrs] Link: http://lkml.kernel.org/r/20171012192151.26531-1-alexander.levin@verizon.com Link: http://lkml.kernel.org/r/20171007030159.22241-2-alexander.levin@verizon.com Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Cc: Alexander Potapenko <glider@google.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Michal Hocko <mhocko@kernel.org> Cc: Pekka Enberg <penberg@kernel.org> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Tim Hansen <devtimhansen@gmail.com> Cc: Vegard Nossum <vegardno@ifi.uio.no> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Guenter Roeck
|
71929920df |
ANDROID: fs: Export d_absolute_path
The 0-day build bot reports the following build error, seen if SDCARD_FS
is built as module.
ERROR: "d_absolute_path" undefined!
Fixes: 84a1b7d3d312 ("Included sdcardfs source code for kernel 3.0")
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Guenter Roeck <groeck@chromium.org>
|
||
|
Will Deacon
|
5383f45db3 |
locking/barriers: Convert users of lockless_dereference() to READ_ONCE()
commit 3382290ed2d5e275429cef510ab21889d3ccd164 upstream.
[ Note, this is a Git cherry-pick of the following commit:
506458efaf15 ("locking/barriers: Convert users of lockless_dereference() to READ_ONCE()")
... for easier x86 PTI code testing and back-porting. ]
READ_ONCE() now has an implicit smp_read_barrier_depends() call, so it
can be used instead of lockless_dereference() without any change in
semantics.
Signed-off-by: Will Deacon <will.deacon@arm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/1508840570-22169-4-git-send-email-will.deacon@arm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Linus Torvalds
|
78dcf73421 |
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull ->s_options removal from Al Viro: "Preparations for fsmount/fsopen stuff (coming next cycle). Everything gets moved to explicit ->show_options(), killing ->s_options off + some cosmetic bits around fs/namespace.c and friends. Basically, the stuff needed to work with fsmount series with minimum of conflicts with other work. It's not strictly required for this merge window, but it would reduce the PITA during the coming cycle, so it would be nice to have those bits and pieces out of the way" * 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: isofs: Fix isofs_show_options() VFS: Kill off s_options and helpers orangefs: Implement show_options 9p: Implement show_options isofs: Implement show_options afs: Implement show_options affs: Implement show_options befs: Implement show_options spufs: Implement show_options bpf: Implement show_options ramfs: Implement show_options pstore: Implement show_options omfs: Implement show_options hugetlbfs: Implement show_options VFS: Don't use save/replace_mount_options if not using generic_show_options VFS: Provide empty name qstr VFS: Make get_filesystem() return the affected filesystem VFS: Clean up whitespace in fs/namespace.c and fs/super.c Provide a function to create a NUL-terminated string from unterminated data |
||
Sahitya Tummala
|
b17c070fb6 |
fs/dcache.c: fix spin lockup issue on nlru->lock
__list_lru_walk_one() acquires nlru spin lock (nlru->lock) for longer duration if there are more number of items in the lru list. As per the current code, it can hold the spin lock for upto maximum UINT_MAX entries at a time. So if there are more number of items in the lru list, then "BUG: spinlock lockup suspected" is observed in the below path: spin_bug+0x90 do_raw_spin_lock+0xfc _raw_spin_lock+0x28 list_lru_add+0x28 dput+0x1c8 path_put+0x20 terminate_walk+0x3c path_lookupat+0x100 filename_lookup+0x6c user_path_at_empty+0x54 SyS_faccessat+0xd0 el0_svc_naked+0x24 This nlru->lock is acquired by another CPU in this path - d_lru_shrink_move+0x34 dentry_lru_isolate_shrink+0x48 __list_lru_walk_one.isra.10+0x94 list_lru_walk_node+0x40 shrink_dcache_sb+0x60 do_remount_sb+0xbc do_emergency_remount+0xb0 process_one_work+0x228 worker_thread+0x2e0 kthread+0xf4 ret_from_fork+0x10 Fix this lockup by reducing the number of entries to be shrinked from the lru list to 1024 at once. Also, add cond_resched() before processing the lru list again. Link: http://marc.info/?t=149722864900001&r=1&w=2 Link: http://lkml.kernel.org/r/1498707575-2472-1-git-send-email-stummala@codeaurora.org Signed-off-by: Sahitya Tummala <stummala@codeaurora.org> Suggested-by: Jan Kara <jack@suse.cz> Suggested-by: Vladimir Davydov <vdavydov.dev@gmail.com> Acked-by: Vladimir Davydov <vdavydov.dev@gmail.com> Cc: Alexander Polakov <apolyakov@beget.ru> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Linus Torvalds
|
b8d4c1f9f4 |
Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull misc filesystem updates from Al Viro: "Assorted normal VFS / filesystems stuff..." * 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: dentry name snapshots Make statfs properly return read-only state after emergency remount fs/dcache: init in_lookup_hashtable minix: Deinline get_block, save 2691 bytes fs: Reorder inode_owner_or_capable() to avoid needless fs: warn in case userspace lied about modprobe return |
||
|
Al Viro
|
49d31c2f38 |
dentry name snapshots
take_dentry_name_snapshot() takes a safe snapshot of dentry name; if the name is a short one, it gets copied into caller-supplied structure, otherwise an extra reference to external name is grabbed (those are never modified). In either case the pointer to stable string is stored into the same structure. dentry must be held by the caller of take_dentry_name_snapshot(), but may be freely dropped afterwards - the snapshot will stay until destroyed by release_dentry_name_snapshot(). Intended use: struct name_snapshot s; take_dentry_name_snapshot(&s, dentry); ... access s.name ... release_dentry_name_snapshot(&s); Replaces fsnotify_oldname_...(), gets used in fsnotify to obtain the name to pass down with event. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
Pavel Tatashin
|
3d375d7859 |
mm: update callers to use HASH_ZERO flag
Update dcache, inode, pid, mountpoint, and mount hash tables to use HASH_ZERO, and remove initialization after allocations. In case of places where HASH_EARLY was used such as in __pv_init_lock_hash the zeroed hash table was already assumed, because memblock zeroes the memory. CPU: SPARC M6, Memory: 7T Before fix: Dentry cache hash table entries: 1073741824 Inode-cache hash table entries: 536870912 Mount-cache hash table entries: 16777216 Mountpoint-cache hash table entries: 16777216 ftrace: allocating 20414 entries in 40 pages Total time: 11.798s After fix: Dentry cache hash table entries: 1073741824 Inode-cache hash table entries: 536870912 Mount-cache hash table entries: 16777216 Mountpoint-cache hash table entries: 16777216 ftrace: allocating 20414 entries in 40 pages Total time: 3.198s CPU: Intel Xeon E5-2630, Memory: 2.2T: Before fix: Dentry cache hash table entries: 536870912 Inode-cache hash table entries: 268435456 Mount-cache hash table entries: 8388608 Mountpoint-cache hash table entries: 8388608 CPU: Physical Processor ID: 0 Total time: 3.245s After fix: Dentry cache hash table entries: 536870912 Inode-cache hash table entries: 268435456 Mount-cache hash table entries: 8388608 Mountpoint-cache hash table entries: 8388608 CPU: Physical Processor ID: 0 Total time: 3.244s Link: http://lkml.kernel.org/r/1488432825-92126-4-git-send-email-pasha.tatashin@oracle.com Signed-off-by: Pavel Tatashin <pasha.tatashin@oracle.com> Reviewed-by: Babu Moger <babu.moger@oracle.com> Cc: David Miller <davem@davemloft.net> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
David Howells
|
cdf01226b2 |
VFS: Provide empty name qstr
Provide an empty name (ie. "") qstr for general use. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
Sebastian Andrzej Siewior
|
6916363f30 |
fs/dcache: init in_lookup_hashtable
in_lookup_hashtable was introduced in commit 94bdd655caba ("parallel
lookups machinery, part 3") and never initialized but since it is in
the data it is all zeros. But we need this for -RT.
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
||
|
Al Viro
|
81be24d263 |
Hang/soft lockup in d_invalidate with simultaneous calls
It's not hard to trigger a bunch of d_invalidate() on the same dentry in parallel. They end up fighting each other - any dentry picked for removal by one will be skipped by the rest and we'll go for the next iteration through the entire subtree, even if everything is being skipped. Morevoer, we immediately go back to scanning the subtree. The only thing we really need is to dissolve all mounts in the subtree and as soon as we've nothing left to do, we can just unhash the dentry and bugger off. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
Josef Bacik
|
563f40019d |
fs: don't set *REFERENCED on single use objects
By default we set DCACHE_REFERENCED and I_REFERENCED on any dentry or inode we create. This is problematic as this means that it takes two trips through the LRU for any of these objects to be reclaimed, regardless of their actual lifetime. With enough pressure from these caches we can easily evict our working set from page cache with single use objects. So instead only set *REFERENCED if we've already been added to the LRU list. This means that we've been touched since the first time we were accessed, and so more likely to need to hang out in cache. To illustrate this issue I wrote the following scripts https://github.com/josefbacik/debug-scripts/tree/master/cache-pressure on my test box. It is a single socket 4 core CPU with 16gib of RAM and I tested on an Intel 2tib NVME drive. The cache-pressure.sh script creates a new file system and creates 2 6.5gib files in order to take up 13gib of the 16gib of ram with pagecache. Then it runs a test program that reads these 2 files in a loop, and keeps track of how often it has to read bytes for each loop. On an ideal system with no pressure we should have to read 0 bytes indefinitely. The second thing this script does is start a fs_mark job that creates a ton of 0 length files, putting pressure on the system with slab only allocations. On exit the script prints out how many bytes were read by the read-file program. The results are as follows Without patch: /mnt/btrfs-test/reads/file1: total read during loops 27262988288 /mnt/btrfs-test/reads/file2: total read during loops 27262976000 With patch: /mnt/btrfs-test/reads/file2: total read during loops 18640457728 /mnt/btrfs-test/reads/file1: total read during loops 9565376512 This patch results in a 50% reduction of the amount of pages evicted from our working set. Signed-off-by: Josef Bacik <jbacik@fb.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
Eric W. Biederman
|
3895dbf898 |
mnt: Protect the mountpoint hashtable with mount_lock
Protecting the mountpoint hashtable with namespace_sem was sufficient until a call to umount_mnt was added to mntput_no_expire. At which point it became possible for multiple calls of put_mountpoint on the same hash chain to happen on the same time. Kristen Johansen <kjlx@templeofstupid.com> reported: > This can cause a panic when simultaneous callers of put_mountpoint > attempt to free the same mountpoint. This occurs because some callers > hold the mount_hash_lock, while others hold the namespace lock. Some > even hold both. > > In this submitter's case, the panic manifested itself as a GP fault in > put_mountpoint() when it called hlist_del() and attempted to dereference > a m_hash.pprev that had been poisioned by another thread. Al Viro observed that the simple fix is to switch from using the namespace_sem to the mount_lock to protect the mountpoint hash table. I have taken Al's suggested patch moved put_mountpoint in pivot_root (instead of taking mount_lock an additional time), and have replaced new_mountpoint with get_mountpoint a function that does the hash table lookup and addition under the mount_lock. The introduction of get_mounptoint ensures that only the mount_lock is needed to manipulate the mountpoint hashtable. d_set_mounted is modified to only set DCACHE_MOUNTED if it is not already set. This allows get_mountpoint to use the setting of DCACHE_MOUNTED to ensure adding a struct mountpoint for a dentry happens exactly once. Cc: stable@vger.kernel.org Fixes: ce07d891a089 ("mnt: Honor MNT_LOCKED when detaching mounts") Reported-by: Krister Johansen <kjlx@templeofstupid.com> Suggested-by: Al Viro <viro@ZenIV.linux.org.uk> Acked-by: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
|
Linus Torvalds
|
7c0f6ba682 |
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
This was entirely automated, using the script by Al:
PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*<asm/uaccess.h>'
sed -i -e "s!$PATT!#include <linux/uaccess.h>!" \
$(git grep -l "$PATT"|grep -v ^include/linux/uaccess.h)
to do the replacement at the end of the merge window.
Requested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
Ian Kent
|
f74e7b33c3 |
vfs: remove unused have_submounts() function
Now that path_has_submounts() has been added have_submounts() is no longer used so remove it. Link: http://lkml.kernel.org/r/20161011053428.27645.12310.stgit@pluto.themaw.net Signed-off-by: Ian Kent <raven@themaw.net> Cc: Al Viro <viro@ZenIV.linux.org.uk> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Omar Sandoval <osandov@osandov.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Ian Kent
|
01619491a5 |
vfs: add path_has_submounts()
d_mountpoint() can only be used reliably to establish if a dentry is not mounted in any namespace. It isn't aware of the possibility there may be multiple mounts using the given dentry, possibly in a different namespace. Add function, path_has_submounts(), that checks is a struct path contains mounts (or is a mountpoint itself) to handle this case. Link: http://lkml.kernel.org/r/20161011053403.27645.55242.stgit@pluto.themaw.net Signed-off-by: Ian Kent <raven@themaw.net> Cc: Al Viro <viro@ZenIV.linux.org.uk> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Omar Sandoval <osandov@osandov.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Linus Torvalds
|
fe64f3283f |
Merge branch 'for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull more vfs updates from Al Viro: "Assorted cleanups and fixes. In the "trivial API change" department - ->d_compare() losing 'parent' argument" * 'for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: cachefiles: Fix race between inactivating and culling a cache object 9p: use clone_fid() 9p: fix braino introduced in "9p: new helper - v9fs_parent_fid()" vfs: make dentry_needs_remove_privs() internal vfs: remove file_needs_remove_privs() vfs: fix deadlock in file_remove_privs() on overlayfs get rid of 'parent' argument of ->d_compare() cifs, msdos, vfat, hfs+: don't bother with parent in ->d_compare() affs ->d_compare(): don't bother with ->d_inode fold _d_rehash() and __d_rehash() together fold dentry_rcuwalk_invalidate() into its only remaining caller |
||
|
Linus Torvalds
|
835c92d43b |
Merge branch 'work.const-qstr' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull qstr constification updates from Al Viro: "Fairly self-contained bunch - surprising lot of places passes struct qstr * as an argument when const struct qstr * would suffice; it complicates analysis for no good reason. I'd prefer to feed that separately from the assorted fixes (those are in #for-linus and with somewhat trickier topology)" * 'work.const-qstr' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: qstr: constify instances in adfs qstr: constify instances in lustre qstr: constify instances in f2fs qstr: constify instances in ext2 qstr: constify instances in vfat qstr: constify instances in procfs qstr: constify instances in fuse qstr constify instances in fs/dcache.c qstr: constify instances in nfs qstr: constify instances in ocfs2 qstr: constify instances in autofs4 qstr: constify instances in hfs qstr: constify instances in hfsplus qstr: constify instances in logfs qstr: constify dentry_init_security |