mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
51694 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
qctecmdr Service
|
fe8ffc6ce6 | Merge "f2fs: show the fsync_mode=nobarrier mount option" | ||
Sahitya Tummala
|
884759fa73 |
f2fs: show the fsync_mode=nobarrier mount option
This patch shows the fsync_mode=nobarrier mount option in f2fs_show_options(). Change-Id: I31c6608cc2e3642542eaf804250a4fc9c102b5a4 Signed-off-by: Sahitya Tummala <stummala@codeaurora.org> |
||
|
Sahitya Tummala
|
8145e4913c |
f2fs: fix unnecessary periodic wakeup of discard thread when dev is busy
When dev is busy, discard thread wake up timeout can be aligned with the exact time that it needs to wait for dev to come out of busy. This helps to avoid unnecessary periodic wakeups and thus save some power. Change-Id: Ic0d113e377062146899cf14cac9c8e7a145f8484 Signed-off-by: Sahitya Tummala <stummala@codeaurora.org> |
||
Yunlei He
|
39fe1cda39 |
f2fs: let discard thread wait a little longer if dev is busy
This patch modify discard thread wait policy as below: issued io_interrupted wait time(ms) 1. 8 0 50 2. (0,8) 1 50 3. 0 1 500 (dev is busy) 4. 0 0 60000 (no candidates) Change-Id: I7fc7b56f22f7a69fe7dba332a6482a173c4a9cc9 Signed-off-by: Yunlei He <heyunlei@huawei.com> Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Git-commit: f9d1dced7583607e066527ee23d804478870d197 Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git/ Signed-off-by: Sahitya Tummala <stummala@codeaurora.org> |
||
Imran Khan
|
db1aa31ae8 |
hung task: check specific tasks for long uninterruptible sleep state
khungtask by default monitors all tasks for long unterruptible sleep. This change introduces a sysctl option, /proc/sys/kernel/ hung_task_selective_monitoring, to enable monitoring selected tasks. If this sysctl option is enabled then only the tasks with /proc/$PID/hang_detection_enabled set are to be monitored, otherwise all tasks are monitored as default case. Some tasks may intentionally moves to uninterruptable sleep state, which shouldn't leads to khungtask panics, as those are recoverable hungs. So to avoid false hung reports, add an option to select tasks to be monitored and report/panic them only. By default, enable the feature always to monitor selected tasks. Change-Id: I48cd8cfe73dbe2b577541fe9607190eac5556bb2 Signed-off-by: Imran Khan <kimran@codeaurora.org> Signed-off-by: Lingutla Chandrasekhar <clingutla@codeaurora.org> [sramana: Resolved minor merge conflict] Signed-off-by: Srinivas Ramana <sramana@codeaurora.org> |
||
|
qctecmdr Service
|
9f234b8c51 | Merge "Merge android-4.14-p.62 (366527f) into msm-4.14" | ||
Jaegeuk Kim
|
af4ef71b89 |
dm-default-key, f2fs, ICE: support dm-default-key with f2fs/ICE
This patch fixes assigning bi_crypt_key for moving data which was previously encrypted by f2fs. Note that, dm-default-key should not assign bi_crypt_key, if bi_crypt_skip is set. The bug sceanrios is: 1. write data with user key by f2fs - ENC(KU, IVU, DATA) 2. log out user key 3. read data #1 w/o user key from LBA #a 4. dm-default-key assigns default key - DEC(KD, LBA#a, ENC(KU, IVU, DATA)) 5. write data #1 w/o user key into LBA #b 6. dm-default-key assigns default key - ENC(KD, LBA#b, DEC(KD, LBA#a, ENC(KU, IVU, DATA))) 7. Read DATA out with valid logged-in user key - DEC(KU, IVU, ENC(KD, LBA#b, DEC(KD, LBA#a, ENC(KU, IVU, DATA)))) So, this patch introduces bi_crypt_skip to avoid 4. ~ 6 with right flow: 1. write data with user key by f2fs - ENC(KU, IVU, DATA) 2. log out user key 3. read data #1 w/o user key from LBA #a 4. dm-default-key skip to assign default key - ENC(KU, IVU, DATA) 5. write data #1 w/o user key into LBA #b 6. dm-default-key skips to assign default key - ENC(KU, IVU, DATA) 7. Try to read DATA with valid logged-in user key - DEC(KU, IVU, ENC(KU, IVU, DATA)) Bug: 68721442 Change-Id: Icefe85f608b7c3c84beb2bfa4267efd0f3787453 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com> Signed-off-by: Shivaprasad Hongal <shongal@codeaurora.org> |
||
Shivaprasad Hongal
|
367c46b11c |
Enable hardware based FBE on f2fs and adapt ext4 fs
Hardware File Based Encryption (FBE) uses inline crypto
engine to encrypt the user data.
1. security/pfk: changes to support per file
encryption for f2fs using hardware crypto engine.
2. fs/ext4: adapted crypto APIs for generic crypto layer.
3. fs/f2fs: support hardware crypto engine based per file
encryption.
4. fs/crypto: export APIs to support hardware crypto
engine based per file encryption.
5. security/pfe: added wrapped key support based on
upstream changes.
Other changes made to provide support framework for per
file encryption.
Reverting commit e02a4e21f640 ("ext4: Add HW File Based
Encryption on ext4 file system") and adding changes to
have FBE in sync with upstream implementation of FBE.
Change-Id: I17f9909c43ba744eb874f6d237745fbf88a2b848
Signed-off-by: Shivaprasad Hongal <shongal@codeaurora.org>
|
||
Nicolai Stange
|
c1ba697dcc |
debugfs: defer debugfs_fsdata allocation to first usage
Currently, __debugfs_create_file allocates one struct debugfs_fsdata instance for every file created. However, there are potentially many debugfs file around, most of which are never touched by userspace. Thus, defer the allocations to the first usage, i.e. to the first debugfs_file_get(). A dentry's ->d_fsdata starts out to point to the "real", user provided fops. After a debugfs_fsdata instance has been allocated (and the real fops pointer has been moved over into its ->real_fops member), ->d_fsdata is changed to point to it from then on. The two cases are distinguished by setting BIT(0) for the real fops case. struct debugfs_fsdata's foremost purpose is to track active users and to make debugfs_remove() block until they are done. Since no debugfs_fsdata instance means no active users, make debugfs_remove() return immediately in this case. Take care of possible races between debugfs_file_get() and debugfs_remove(): either debugfs_remove() must see a debugfs_fsdata instance and thus wait for possible active users or debugfs_file_get() must see a dead dentry and return immediately. Make a dentry's ->d_release(), i.e. debugfs_release_dentry(), check whether ->d_fsdata is actually a debugfs_fsdata instance before kfree()ing it. Similarly, make debugfs_real_fops() check whether ->d_fsdata is actually a debugfs_fsdata instance before returning it, otherwise emit a warning. The set of possible error codes returned from debugfs_file_get() has grown from -EIO to -EIO and -ENOMEM. Make open_proxy_open() and full_proxy_open() pass the -ENOMEM onwards to their callers. Change-Id: I22d1f399ced795620cb7a887407465293317d43f Signed-off-by: Nicolai Stange <nicstange@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Git-commit: 7d39bc50c47b3f8ed0e1a9d671ecb9ec02f10a2d Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Signed-off-by: Raghavendra Rao Ananta <rananta@codeaurora.org> |
||
Isaac J. Manjarres
|
c1085cd6f6 |
Merge android-4.14-p.62 (366527f) into msm-4.14
* remotes/origin/tmp-366527f: Linux 4.14.62 jfs: Fix inconsistency between memory allocation and ea_buf->max_size xfs: don't call xfs_da_shrink_inode with NULL bp xfs: validate cached inodes are free when allocated xfs: catch inode allocation state mismatch corruption intel_idle: Graceful probe failure when MWAIT is disabled nvmet-fc: fix target sgl list on large transfers nvme-pci: Fix queue double allocations nvme-pci: allocate device queues storage space at probe Btrfs: fix file data corruption after cloning a range and fsync i2c: imx: Fix reinit_completion() use ring_buffer: tracing: Inherit the tracing setting to next ring buffer ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle ext4: fix false negatives *and* false positives in ext4_check_descriptors() netlink: Don't shift on 64 for ngroups nohz: Fix missing tick reprogram when interrupting an inline softirq nohz: Fix local_timer_softirq_pending() genirq: Make force irq threading setup more robust scsi: qla2xxx: Return error when TMF returns scsi: qla2xxx: Fix ISP recovery on unload scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion scsi: qla2xxx: Fix unintialized List head crash Change-Id: I22b4b42fe0e8dbe3e92da168c5dd1bff1d4816e9 Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> |
||
|
Nicolai Stange
|
a9b3a61472 |
debugfs: call debugfs_real_fops() only after debugfs_file_get()
The current implementation of debugfs_real_fops() relies on a debugfs_fsdata instance to be installed at ->d_fsdata. With future patches introducing lazy allocation of these, this requirement will be guaranteed to be fullfilled only inbetween a debugfs_file_get()/debugfs_file_put() pair. The full proxies' fops implemented by debugfs happen to be the only offenders. Fix them up by moving their debugfs_real_fops() calls past those to debugfs_file_get(). full_proxy_release() is special as it doesn't invoke debugfs_file_get() at all. Leave it alone for now. Change-Id: I418a5aea3e5b086a719a780e1b77e966b6034d43 Signed-off-by: Nicolai Stange <nicstange@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Git-commit: 154b9d7512ae012aca7b4e90af67a72419ad1941 Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Signed-off-by: Raghavendra Rao Ananta <rananta@codeaurora.org> |
||
|
Nicolai Stange
|
a3b031d13a |
debugfs: purge obsolete SRCU based removal protection
Purge the SRCU based file removal race protection in favour of the new,
refcount based debugfs_file_get()/debugfs_file_put() API.
Change-Id: If1f40752474e55773aae756fdcc9c5c64891c009
Fixes: 49d200deaa68 ("debugfs: prevent access to removed files' private data")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-commit: c9afbec27089cd6b4e621b639f41c7fc726c3bf1
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Raghavendra Rao Ananta <rananta@codeaurora.org>
|
||
|
Nicolai Stange
|
2556cfd8c0 |
debugfs: convert to debugfs_file_get() and -put()
Convert all calls to the now obsolete debugfs_use_file_start() and
debugfs_use_file_finish() from the debugfs core itself to the new
debugfs_file_get() and debugfs_file_put() API.
Change-Id: Ib0f291b138c7b9eacbe80678c283051f799f5042
Fixes: 49d200deaa68 ("debugfs: prevent access to removed files' private data")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-commit: 69d29f9e6a53559895e6f785f6cf72daa738f132
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Raghavendra Rao Ananta <rananta@codeaurora.org>
|
||
|
Nicolai Stange
|
d7a077d779 |
debugfs: debugfs_real_fops(): drop __must_hold sparse annotation
Currently, debugfs_real_fops() is annotated with a __must_hold(&debugfs_srcu) sparse annotation. With the conversion of the SRCU based protection of users against concurrent file removals to a per-file refcount based scheme, this becomes wrong. Drop this annotation. Change-Id: I261ad90f4af2fe28379be1256ec86a8b41f1dd08 Signed-off-by: Nicolai Stange <nicstange@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Git-commit: 055ab8e3e3d52e005d2047b14ce63551b3a8b8b5 Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Signed-off-by: Raghavendra Rao Ananta <rananta@codeaurora.org> |
||
|
Nicolai Stange
|
9d70524d0a |
debugfs: implement per-file removal protection
Since commit 49d200deaa68 ("debugfs: prevent access to removed files'
private data"), accesses to a file's private data are protected from
concurrent removal by covering all file_operations with a SRCU read section
and sychronizing with those before returning from debugfs_remove() by means
of synchronize_srcu().
As pointed out by Johannes Berg, there are debugfs files with forever
blocking file_operations. Their corresponding SRCU read side sections would
block any debugfs_remove() forever as well, even unrelated ones. This
results in a livelock. Because a remover can't cancel any indefinite
blocking within foreign files, this is a problem.
Resolve this by introducing support for more granular protection on a
per-file basis.
This is implemented by introducing an 'active_users' refcount_t to the
per-file struct debugfs_fsdata state. At file creation time, it is set to
one and a debugfs_remove() will drop that initial reference. The new
debugfs_file_get() and debugfs_file_put(), intended to be used in place of
former debugfs_use_file_start() and debugfs_use_file_finish(), increment
and decrement it respectively. Once the count drops to zero,
debugfs_file_put() will signal a completion which is possibly being waited
for from debugfs_remove().
Thus, as long as there is a debugfs_file_get() not yet matched by a
corresponding debugfs_file_put() around, debugfs_remove() will block.
Actual users of debugfs_use_file_start() and -finish() will get converted
to the new debugfs_file_get() and debugfs_file_put() by followup patches.
Change-Id: Icfde769b8604854a2e6f91d1070ac72dc2a8f7fc
Fixes: 49d200deaa68 ("debugfs: prevent access to removed files' private data")
Reported-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-commit: e9117a5a4bf65d8e99f060d356a04d27a60b436d
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Raghavendra Rao Ananta <rananta@codeaurora.org>
|
||
|
Nicolai Stange
|
ed5be30b15 |
debugfs: add support for more elaborate ->d_fsdata
Currently, the user provided fops, "real_fops", are stored directly into ->d_fsdata. In order to be able to store more per-file state and thus prepare for more granular file removal protection, wrap the real_fops into a dynamically allocated container struct, debugfs_fsdata. A struct debugfs_fsdata gets allocated at file creation and freed from the newly intoduced ->d_release(). Finally, move the implementation of debugfs_real_fops() out of the public debugfs header such that struct debugfs_fsdata's declaration can be kept private. Change-Id: I3517697b316d5ed1bbc9e5b24b66463479c6fd4d Signed-off-by: Nicolai Stange <nicstange@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Git-commit: 7c8d469877b16d2c1cecf101a0abb7b218db85bc Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Signed-off-by: Raghavendra Rao Ananta <rananta@codeaurora.org> |
||
|
Isaac J. Manjarres
|
b2c8463039 |
Merge android-4.14-p.61 (b7e55e8) into msm-4.14
* remotes/origin/tmp-b7e55e8:
Linux 4.14.61
scsi: sg: fix minor memory leak in error path
drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats
crypto: padlock-aes - Fix Nano workaround data corruption
RDMA/uverbs: Expand primary and alt AV port checks
iwlwifi: add more card IDs for 9000 series
userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails
audit: fix potential null dereference 'context->module.name'
kvm: x86: vmx: fix vpid leak
x86/entry/64: Remove %ebx handling from error_entry/exit
x86/apic: Future-proof the TSC_DEADLINE quirk for SKX
virtio_balloon: fix another race between migration and ballooning
net: socket: fix potential spectre v1 gadget in socketcall
can: ems_usb: Fix memory leak on ems_usb_disconnect()
squashfs: more metadata hardenings
squashfs: more metadata hardening
net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager
rxrpc: Fix user call ID check in rxrpc_service_prealloc_one
net: stmmac: Fix WoL for PCI-based setups
netlink: Fix spectre v1 gadget in netlink_create()
net: dsa: Do not suspend/resume closed slave_dev
ipv4: frags: handle possible skb truesize change
inet: frag: enforce memory limits earlier
bonding: avoid lockdep confusion in bond_get_stats()
Linux 4.14.60
tcp: add one more quick ack after after ECN events
tcp: refactor tcp_ecn_check_ce to remove sk type cast
tcp: do not aggressively quick ack after ECN events
tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode
tcp: do not force quickack when receiving out-of-order packets
netlink: Don't shift with UB on nlk->ngroups
netlink: Do not subscribe to non-existent groups
xen-netfront: wait xenbus state change when load module manually
tcp_bbr: fix bw probing to raise in-flight data for very small BDPs
NET: stmmac: align DMA stuff to largest cache line length
net: mdio-mux: bcm-iproc: fix wrong getter and setter pair
net: lan78xx: fix rx handling before first packet is send
net: fix amd-xgbe flow-control issue
net: ena: Fix use of uninitialized DMA address bits field
ipv4: remove BUG_ON() from fib_compute_spec_dst
net: dsa: qca8k: Allow overwriting CPU port setting
net: dsa: qca8k: Add QCA8334 binding documentation
net: dsa: qca8k: Enable RXMAC when bringing up a port
net: dsa: qca8k: Force CPU port to its highest bandwidth
RDMA/uverbs: Protect from attempts to create flows on unsupported QP
usb: gadget: udc: renesas_usb3: should remove debugfs
ovl: Sync upper dirty data when syncing overlayfs
PCI: xgene: Remove leftover pci_scan_child_bus() call
PCI: pciehp: Assume NoCompl+ for Thunderbolt ports
ext4: fix check to prevent initializing reserved inodes
ext4: check for allocation block validity with block group locked
ext4: fix inline data updates with checksums enabled
squashfs: be more careful about metadata corruption
random: mix rdrand with entropy sent in from userspace
block: reset bi_iter.bi_done after splitting bio
blkdev: __blkdev_direct_IO_simple: fix leak in error case
block: bio_iov_iter_get_pages: fix size of last iovec
drm/dp/mst: Fix off-by-one typo when dump payload table
drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown()
drm: Add DP PSR2 sink enable bit
ASoC: topology: Add missing clock gating parameter when parsing hw_configs
ASoC: topology: Fix bclk and fsync inversion in set_link_hw_format()
media: si470x: fix __be16 annotations
media: atomisp: compat32: fix __user annotations
scsi: cxlflash: Avoid clobbering context control register value
scsi: cxlflash: Synchronize reset and remove ops
scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
scsi: scsi_dh: replace too broad "TP9" string with the exact models
regulator: Don't return or expect -errno from of_map_mode()
media: omap3isp: fix unbalanced dma_iommu_mapping
crypto: authenc - don't leak pointers to authenc keys
crypto: authencesn - don't leak pointers to authenc keys
usb: hub: Don't wait for connect state at resume for powered-off ports
microblaze: Fix simpleImage format generation
soc: imx: gpcv2: Do not pass static memory as platform data
serial: core: Make sure compiler barfs for 16-byte earlycon names
staging: lustre: ldlm: free resource when ldlm_lock_create() fails.
staging: lustre: llite: correct removexattr detection
staging: vchiq_core: Fix missing semaphore release in error case
audit: allow not equal op for audit by executable
rsi: fix nommu_map_sg overflow kernel panic
rsi: Fix 'invalid vdd' warning in mmc
ipconfig: Correctly initialise ic_nameservers
drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
igb: Fix queue selection on MAC filters on i210
arm64: defconfig: Enable Rockchip io-domain driver
nvme: lightnvm: add granby support
memory: tegra: Apply interrupts mask per SoC
memory: tegra: Do not handle spurious interrupts
delayacct: Use raw_spinlocks
stop_machine: Use raw spinlocks
backlight: pwm_bl: Don't use GPIOF_* with gpiod_get_direction
dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
net: hns3: Fixes the out of bounds access in hclge_map_tqp
spi: meson-spicc: Fix error handling in meson_spicc_probe()
dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC
mmc: pwrseq: Use kmalloc_array instead of stack VLA
mmc: dw_mmc: update actual clock for mmc debugfs
ALSA: hda/ca0132: fix build failure when a local macro is defined
drm/atomic: Handling the case when setting old crtc for plane
media: siano: get rid of __le32/__le16 cast warnings
f2fs: avoid fsync() failure caused by EAGAIN in writepage()
bpf: fix references to free_bpf_prog_info() in comments
thermal: exynos: fix setting rising_threshold for Exynos5433
staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5
staging: lustre: o2iblnd: fix race at kiblnd_connect_peer
scsi: qedf: Set the UNLOADING flag when removing a vport
scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw
scsi: megaraid: silence a static checker bug
scsi: 3w-xxxx: fix a missing-check bug
scsi: 3w-9xxx: fix a missing-check bug
bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only.
perf: fix invalid bit in diagnostic entry
s390/cpum_sf: Add data entry sizes to sampling trailer entry
brcmfmac: Add support for bcm43364 wireless chipset
mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
media: saa7164: Fix driver name in debug output
media: media-device: fix ioctl function types
ACPI / LPSS: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2
libata: Fix command retry decision
media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
net: phy: phylink: Release link GPIO
dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
tty: Fix data race in tty_insert_flip_string_fixed_flag
i40e: free the skb after clearing the bitlock
nvmem: properly handle returned value nvmem_reg_read
ARM: dts: sh73a0: Add missing interrupt-affinity to PMU node
ARM: dts: emev2: Add missing interrupt-affinity to PMU node
ARM: dts: stih407-pinctrl: Fix complain about IRQ_TYPE_NONE usage
EDAC, altera: Fix ARM64 build warning
HID: i2c-hid: check if device is there before really probing
powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet
drm/amdgpu: Remove VRAM from shared bo domains.
drm/radeon: fix mode_valid's return type
arm64: dts: renesas: salvator-common: use audio-graph-card for Sound
HID: hid-plantronics: Re-resend Update to map button for PTT products
arm64: cmpwait: Clear event register before arming exclusive monitor
media: atomisp: ov2680: don't declare unused vars
ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback
net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value
media: smiapp: fix timeout checking in smiapp_read_nvm
ixgbevf: fix MAC address changes through ixgbevf_set_mac()
md: fix NULL dereference of mddev->pers in remove_and_add_spares()
md/raid1: add error handling of read error from FailFast device
regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
ALSA: emu10k1: Rate-limit error messages about page errors
rtc: tps65910: fix possible race condition
rtc: vr41xx: fix possible race condition
rtc: tps6586x: fix possible race condition
Bluetooth: btusb: add ID for LiteOn 04ca:301a
drm/nouveau/fifo/gk104-: poll for runlist update completion
scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger
scsi: ufs: fix exception event handling
scsi: ufs: ufshcd: fix possible unclocked register access
fscrypt: use unbound workqueue for decryption
net: hns3: Fix the missing client list node initialization
spi: Add missing pm_runtime_put_noidle() after failed get
drivers/perf: arm-ccn: don't log to dmesg in event_init
ima: based on policy verify firmware signatures (pre-allocated buffer)
mwifiex: correct histogram data with appropriate index
net: dsa: qca8k: Add support for QCA8334 switch
PCI: pciehp: Request control of native hotplug only if supported
bpf: powerpc64: pad function address loads with NOPs
pinctrl: at91-pio4: add missing of_node_put
powerpc/8xx: fix invalid register expression in head_8xx.S
spi: sh-msiof: Fix setting SIRMDR1.SYNCAC to match SITMDR1.SYNCAC
powerpc: Add __printf verification to prom_printf
powerpc/powermac: Mark variable x as unused
powerpc/powermac: Add missing prototype for note_bootable_part()
powerpc/chrp/time: Make some functions static, add missing header include
powerpc/32: Add a missing include header
ath: Add regulatory mapping for Bahamas
ath: Add regulatory mapping for Bermuda
ath: Add regulatory mapping for Serbia
ath: Add regulatory mapping for Tanzania
ath: Add regulatory mapping for Uganda
ath: Add regulatory mapping for APL2_FCCA
ath: Add regulatory mapping for APL13_WORLD
ath: Add regulatory mapping for ETSI8_WORLD
ath: Add regulatory mapping for FCC3_ETSIC
nvme-pci: Fix AER reset handling
nvme-rdma: stop admin queue before freeing it
PCI: Prevent sysfs disable of device while driver is attached
PM / wakeup: Make s2idle_lock a RAW_SPINLOCK
x86/microcode: Make the late update update_lock a raw lock for RT
btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
Btrfs: don't BUG_ON() in btrfs_truncate_inode_items()
Btrfs: don't return ino to ino cache if inode item removal fails
media: videobuf2-core: don't call memop 'finish' when queueing
media: tw686x: Fix incorrect vb2_mem_ops GFP flags
net: hns3: Fixes the init of the VALID BD info in the descriptor
wlcore: sdio: check for valid platform device data before suspend
mwifiex: handle race during mwifiex_usb_disconnect
mfd: cros_ec: Fail early if we cannot identify the EC
ASoC: dpcm: fix BE dai not hw_free and shutdown
Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
iwlwifi: pcie: fix race in Rx buffer allocator
btrfs: balance dirty metadata pages in btrfs_finish_ordered_io
PCI: Fix devm_pci_alloc_host_bridge() memory leak
selftests: intel_pstate: return Kselftest Skip code for skipped tests
selftests: memfd: return Kselftest Skip code for skipped tests
selftests/intel_pstate: Improve test, minor fixes
perf/x86/intel/uncore: Correct fixed counter index check for NHM
perf/x86/intel/uncore: Correct fixed counter index check in generic code
usbip: dynamically allocate idev by nports found in sysfs
usbip: usbip_detach: Fix memory, udev context and udev leak
block, bfq: remove wrong lock in bfq_requests_merged
f2fs: fix race in between GC and atomic open
f2fs: fix to detect failure of dquot_initialize
f2fs: Fix deadlock in shutdown ioctl
f2fs: fix to wait page writeback during revoking atomic write
f2fs: fix to don't trigger writeback during recovery
f2fs: fix error path of move_data_page
disable loading f2fs module on PAGE_SIZE > 4KB
pnfs: Don't release the sequence slot until we've processed layoutget on open
netfilter: nf_tables: check msg_type before nft_trans_set(trans)
lightnvm: pblk: warn in case of corrupted write buffer
RDMA/mad: Convert BUG_ONs to error flows
powerpc/64s: Fix compiler store ordering to SLB shadow area
hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
powerpc/eeh: Fix use-after-release of EEH driver
powerpc/64s: Add barrier_nospec
powerpc/lib: Adjust .balign inside string functions for PPC32
infiniband: fix a possible use-after-free bug
e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
ceph: fix alignment of rasize
bpf, arm32: fix inconsistent naming about emit_a32_lsr_{r64,i64}
printk: drop in_nmi check from printk_safe_flush_on_panic()
watchdog: da9063: Fix updating timeout value
irqchip/ls-scfg-msi: Map MSIs in the iommu
netfilter: ipset: List timing out entries with "timeout 1" instead of zero
netfilter: ipset: forbid family for hash:mac sets
perf tools: Fix pmu events parsing rule
rtc: ensure rtc_set_alarm fails when alarms are not supported
mm/slub.c: add __printf verification to slab_err()
mm: vmalloc: avoid racy handling of debugobjects in vunmap
mm: /proc/pid/pagemap: hide swap entries from unprivileged users
kernel/hung_task.c: show all hung tasks before panic
vfio/type1: Fix task tracking for QEMU vCPU hotplug
vfio/mdev: Check globally for duplicate devices
vfio: platform: Fix reset module leak in error path
nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY
ALSA: fm801: add error handling for snd_ctl_add
ALSA: emu10k1: add error handling for snd_ctl_add
skip LAYOUTRETURN if layout is invalid
hv_netvsc: fix network namespace issues with VF support
xen/netfront: raise max number of slots in xennet_get_responses()
kcov: ensure irq code sees a valid area
mlxsw: spectrum_switchdev: Fix port_vlan refcounting
arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
tracing: Quiet gcc warning about maybe unused link variable
tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
kthread, tracing: Don't expose half-written comm when creating kthreads
tracing: Fix possible double free in event_enable_trigger_func()
tracing: Fix double free of event_trigger_data
delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
kvm, mm: account shadow page tables to kmemcg
Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
Input: elan_i2c - add ACPI ID for lenovo ideapad 330
spi: spi-s3c64xx: Fix system resume support
drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4
IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()
drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4
RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access
i2c: core: decrease reference count of device node in i2c_unregister_device
fork: unconditionally clear stack on fork
Linux 4.14.59
turn off -Wattribute-alias
can: m_can.c: fix setup of CCCR register: clear CCCR NISO bit before checking can.ctrlmode
can: peak_canfd: fix firmware < v3.3.0: limit allocation to 32-bit DMA addr only
can: xilinx_can: fix RX overflow interrupt not being enabled
can: xilinx_can: fix incorrect clear of non-processed interrupts
can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting
can: xilinx_can: fix device dropping off bus on RX overrun
can: xilinx_can: fix recovery from error states not being propagated
can: xilinx_can: fix power management handling
can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK
driver core: Partially revert "driver core: correct device's shutdown order"
usb: gadget: f_fs: Only return delayed status when len is 0
usb: dwc2: Fix DMA alignment to start at allocated boundary
usb: core: handle hub C_PORT_OVER_CURRENT condition
usb: cdc_acm: Add quirk for Castles VEGA3000
staging: speakup: fix wraparound in uaccess length check
tcp: add tcp_ooo_try_coalesce() helper
tcp: call tcp_drop() from tcp_data_queue_ofo()
tcp: detect malicious patterns in tcp_collapse_ofo_queue()
tcp: avoid collapses in tcp_prune_queue() if possible
tcp: free batches of packets in tcp_prune_ofo_queue()
tcp: do not delay ACK in DCTCP upon CE status change
tcp: do not cancel delay-AcK on DCTCP special ACK
tcp: helpers to send special DCTCP ack
tcp: fix dctcp delayed ACK schedule
vxlan: fix default fdb entry netlink notify ordering during netdev create
vxlan: make netlink notify in vxlan_fdb_destroy optional
vxlan: add new fdb alloc and create helpers
rtnetlink: add rtnl_link_state check in rtnl_configure_link
sock: fix sg page frag coalescing in sk_alloc_sg
net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv
multicast: do not restore deleted record source filter mode to new one
net/ipv6: Fix linklocal to global address with VRF
net/mlx5e: Fix quota counting in aRFS expire flow
net/mlx5e: Don't allow aRFS for encapsulated packets
net/mlx5: Adjust clock overflow work period
net: skb_segment() should not return NULL
net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper
ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
ip: hash fragments consistently
bonding: set default miimon value for non-arp modes if not set
drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs
drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit()
KVM: PPC: Check if IOMMU page is contained in the pinned physical page
xen/PVH: Set up GS segment for stack canary
MIPS: Fix off-by-one in pci_resource_to_user()
MIPS: ath79: fix register address in ath79_ddr_wb_flush()
Revert "cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting"
ANDROID: verity: really fix android-verity Kconfig
tcp: add tcp_ooo_try_coalesce() helper
tcp: call tcp_drop() from tcp_data_queue_ofo()
tcp: detect malicious patterns in tcp_collapse_ofo_queue()
tcp: avoid collapses in tcp_prune_queue() if possible
tcp: free batches of packets in tcp_prune_ofo_queue()
x86_64_cuttlefish_defconfig: Enable android-verity
x86_64_cuttlefish_defconfig: enable verity cert
ANDROID: android-verity: Fix broken parameter handling.
ANDROID: android-verity: Make it work with newer kernels
ANDROID: android-verity: Add API to verify signature with builtin keys.
ANDROID: verity: fix android-verity Kconfig dependencies
Linux 4.14.58
xhci: Fix perceived dead host due to runtime suspend race with event handler
powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle)
cxl_getfile(): fix double-iput() on alloc_file() failures
alpha: fix osf_wait4() breakage
net: usb: asix: replace mii_nway_restart in resume path
ipv6: make DAD fail with enhanced DAD when nonce length differs
net: systemport: Fix CRC forwarding check for SYSTEMPORT Lite
net/mlx4_en: Don't reuse RX page when XDP is set
hv_netvsc: Fix napi reschedule while receive completion is busy
tg3: Add higher cpu clock for 5762.
qmi_wwan: add support for Quectel EG91
ptp: fix missing break in switch
net: phy: fix flag masking in __set_phy_supported
net/ipv4: Set oif in fib_compute_spec_dst
skbuff: Unconditionally copy pfmemalloc in __skb_clone()
net: Don't copy pfmemalloc flag in __copy_skb_header()
net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort
lib/rhashtable: consider param->min_size when setting initial table size
ipv6: ila: select CONFIG_DST_CACHE
ipv6: fix useless rol32 call on hash
ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
gen_stats: Fix netlink stats dumping in the presence of padding
drm/nouveau: Avoid looping through fake MST connectors
drm/nouveau: Use drm_connector_list_iter_* for iterating connectors
drm/i915: Fix hotplug irq ack on i965/g4x
stop_machine: Disable preemption when waking two stopper threads
vfio/spapr: Use IOMMU pageshift rather than pagesize
vfio/pci: Fix potential Spectre v1
cpufreq: intel_pstate: Register when ACPI PCCH is present
mm/huge_memory.c: fix data loss when splitting a file pmd
mm: memcg: fix use after free in mem_cgroup_iter()
ARC: mm: allow mprotect to make stack mappings executable
ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
ARC: Fix CONFIG_SWAP
ARCv2: [plat-hsdk]: Save accl reg pair by default
ALSA: hda: add mute led support for HP ProBook 455 G5
ALSA: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk
ALSA: rawmidi: Change resized buffers atomically
fat: fix memory allocation failure handling of match_strdup()
x86/MCE: Remove min interval polling limitation
x86/events/intel/ds: Fix bts_interrupt_threshold alignment
x86/apm: Don't access __preempt_count with zeroed fs
KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel.
scsi: sd_zbc: Fix variable type and bogus comment
ANDROID: uid_sys_stats: Replace tasklist lock with RCU in uid_cputime_show
Linux 4.14.57
string: drop __must_check from strscpy() and restore strscpy() usages in cgroup
arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID
arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests
arm64: KVM: Add ARCH_WORKAROUND_2 support for guests
arm64: KVM: Add HYP per-cpu accessors
arm64: ssbd: Add prctl interface for per-thread mitigation
arm64: ssbd: Introduce thread flag to control userspace mitigation
arm64: ssbd: Restore mitigation status on CPU resume
arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation
arm64: ssbd: Add global mitigation state accessor
arm64: Add 'ssbd' command-line option
arm64: Add ARCH_WORKAROUND_2 probing
arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2
arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
arm/arm64: smccc: Add SMCCC-specific return codes
KVM: arm64: Avoid storing the vcpu pointer on the stack
KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state
arm64: alternatives: Add dynamic patching feature
KVM: arm64: Stop save/restoring host tpidr_el1 on VHE
arm64: alternatives: use tpidr_el2 on VHE hosts
KVM: arm64: Change hyp_panic()s dependency on tpidr_el2
KVM: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation
KVM: arm64: Store vcpu on the stack during __guest_enter()
net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
rds: avoid unenecessary cong_update in loop transport
bdi: Fix another oops in wb_workfn()
netfilter: ipv6: nf_defrag: drop skb dst before queueing
nsh: set mac len based on inner packet
autofs: fix slab out of bounds read in getname_kernel()
tls: Stricter error checking in zerocopy sendmsg path
KEYS: DNS: fix parsing multiple options
reiserfs: fix buffer overflow with long warning messages
netfilter: ebtables: reject non-bridge targets
PCI: hv: Disable/enable IRQs rather than BH in hv_compose_msi_msg()
block: do not use interruptible wait anywhere
mtd: rawnand: denali_dt: set clk_x_rate to 200 MHz unconditionally
crypto: af_alg - Initialize sg_num_bytes in error code path
clocksource: Initialize cs->wd_list
media: rc: oops in ir_timer_keyup after device unplug
xhci: Fix USB3 NULL pointer dereference at logical disconnect.
net: lan78xx: Fix race in tx pending skb size calculation
rtlwifi: rtl8821ae: fix firmware is not ready to run
rtlwifi: Fix kernel Oops "Fw download fail!!"
net: cxgb3_main: fix potential Spectre v1
VSOCK: fix loopback on big-endian systems
vhost_net: validate sock before trying to put its fd
tcp: prevent bogus FRTO undos with non-SACK flows
tcp: fix Fast Open key endianness
strparser: Remove early eaten to fix full tcp receive buffer stall
stmmac: fix DMA channel hang in half-duplex mode
r8152: napi hangup fix after disconnect
qmi_wwan: add support for the Dell Wireless 5821e module
qed: Limit msix vectors in kdump kernel to the minimum required count.
qed: Fix use of incorrect size in memcpy call.
qed: Fix setting of incorrect eswitch mode.
qede: Adverstise software timestamp caps when PHC is not available.
net/tcp: Fix socket lookups with SO_BINDTODEVICE
net: sungem: fix rx checksum support
net_sched: blackhole: tell upper qdisc about dropped packets
net/packet: fix use-after-free
net: mvneta: fix the Rx desc DMA address in the Rx path
net/mlx5: Fix wrong size allocation for QoS ETC TC regitster
net/mlx5: Fix required capability for manipulating MPFS
net/mlx5: Fix incorrect raw command length parsing
net/mlx5: Fix command interface race in polling mode
net/mlx5: E-Switch, Avoid setup attempt if not being e-switch manager
net/mlx5e: Don't attempt to dereference the ppriv struct if not being eswitch manager
net/mlx5e: Avoid dealing with vport representors if not being e-switch manager
net: macb: Fix ptp time adjustment for large negative delta
net: fix use-after-free in GRO with ESP
net: dccp: switch rx_tstamp_last_feedback to monotonic clock
net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
ixgbe: split XDP_TX tail and XDP_REDIRECT map flushing
ipvlan: fix IFLA_MTU ignored on NEWLINK
ipv6: sr: fix passing wrong flags to crypto_alloc_shash()
hv_netvsc: split sub-channel setup into async and sync
atm: zatm: Fix potential Spectre v1
atm: Preserve value of skb->truesize when accounting to vcc
alx: take rtnl before calling __alx_open from resume
crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak
crypto: crypto4xx - remove bad list_del
PCI: exynos: Fix a potential init_clk_resources NULL pointer dereference
bcm63xx_enet: do not write to random DMA channel on BCM6345
bcm63xx_enet: correct clock usage
ocfs2: ip_alloc_sem should be taken in ocfs2_get_block()
ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
xprtrdma: Fix corner cases when handling device removal
cpufreq / CPPC: Set platform specific transition_delay_us
Btrfs: fix duplicate extents after fsync of file with prealloc extents
x86/paravirt: Make native_save_fl() extern inline
x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
ANDROID: Add hold functionality to schedtune CPU boost
ANDROID: sched/rt: Add schedtune accounting to rt task enqueue/dequeue
UPSTREAM: cpuidle: menu: Avoid selecting shallow states with stopped tick
UPSTREAM: cpuidle: menu: Refine idle state selection for running tick
UPSTREAM: sched: idle: Select idle state before stopping the tick
BACKPORT: time: hrtimer: Introduce hrtimer_next_event_without()
BACKPORT: time: tick-sched: Split tick_nohz_stop_sched_tick()
UPSTREAM: cpuidle: Return nohz hint from cpuidle_select()
UPSTREAM: jiffies: Introduce USER_TICK_USEC and redefine TICK_USEC
UPSTREAM: sched: idle: Do not stop the tick before cpuidle_idle_call()
BACKPORT: sched: idle: Do not stop the tick upfront in the idle loop
BACKPORT: time: tick-sched: Reorganize idle tick management code
ANDROID: sched/fair: fix a warning
ANDROID: sched/walt: Fix compilation issue for x86_64
ANDROID: mnt: Fix next_descendent
ANDROID: sched/events: Introduce util_est trace events
ANDROID: sched/fair: schedtune: update before schedutil
FROMLIST: sched/fair: add support to tune PELT ramp/decay timings
BACKPORT: sched/fair: Update util_est before updating schedutil
BACKPORT: sched/fair: Update util_est only on util_avg updates
BACKPORT: sched/fair: Use util_est in LB and WU paths
BACKPORT: sched/fair: Add util_est on top of PELT
ANDROID: sched/fair: Cleanup cpu_util{_wake}()
ANDROID: sched: Update max cpu capacity in case of max frequency constraints
ANDROID: arm: enable max frequency capping
ANDROID: arm64: enable max frequency capping
ANDROID: implement max frequency capping
ANDROID: sched/fair: add arch scaling function for max frequency capping
ANDROID: trace: Add WALT util signal to trace event sched_load_cfs_rq
ANDROID: sched, trace: Remove trace event sched_load_avg_cpu
ANDROID: Rename and move include/linux/sched_energy.h
ANDROID: Adjust juno energy model
ANDROID: Check equality of max cap state cap and cpu scale
ANDROID: Move energy model init call into arch_topology driver
ANDROID: Streamline sched_domain_energy_f functions
ANDROID: Separate cpu_scale and energy model setup
ANDROID: update_group_capacity for single cpu in cluster
ANDROID: sched/fair: return idle CPU immediately for prefer_idle
ANDROID: sched/fair: add idle state filter to prefer_idle case
ANDROID: sched/fair: remove order from CPU selection
ANDROID: sched/fair: unify spare capacity calculation
ANDROID:sched/fair: prefer energy efficient CPUs for !prefer_idle tasks
ANDROID: sched/fair: fix CPU selection for non latency sensitive tasks
ANDROID: sched/fair: Also do misfit in overloaded groups
ANDROID: sched/fair: Don't balance misfits if it would overload local group
ANDROID: sched/fair: Attempt to improve throughput for asym cap systems
FROMLIST: sched/fair: Don't move tasks to lower capacity cpus unless necessary
FROMLIST: sched/core: Disable SD_PREFER_SIBLING on asymmetric cpu capacity domains
FROMLIST: sched/core: Disable SD_ASYM_CPUCAPACITY for root_domains without asymmetry
FROMLIST: sched/fair: Set rq->rd->overload when misfit
FROMLIST: sched: Wrap rq->rd->overload accesses with READ/WRITE_ONCE
FROMLIST: sched: Change root_domain->overload type to int
FROMLIST: sched/fair: Change prefer_sibling type to bool
FROMLIST: sched/fair: Consider misfit tasks when load-balancing
FROMLIST: sched: Add sched_group per-cpu max capacity
FROMLIST: sched/fair: Add group_misfit_task load-balance type
FROMLIST: sched: Add static_key for asymmetric cpu capacity optimizations
UPSTREAM: ANDROID: binder: change down_write to down_read
UPSTREAM: ANDROID: binder: correct the cmd print for BINDER_WORK_RETURN_ERROR
UPSTREAM: ANDROID: binder: remove 32-bit binder interface.
UPSTREAM: android: binder: Use true and false for boolean values
UPSTREAM: android: binder: Use octal permissions
UPSTREAM: android: binder: Prefer __func__ to using hardcoded function name
UPSTREAM: ANDROID: binder: make binder_alloc_new_buf_locked static and indent its arguments
UPSTREAM: android: binder: Check for errors in binder_alloc_shrinker_init().
Conflicts:
arch/arm64/Kconfig
arch/arm64/include/asm/cpucaps.h
arch/arm64/include/asm/cpufeature.h
arch/arm64/include/asm/thread_info.h
arch/arm64/kernel/cpu_errata.c
arch/arm64/kernel/cpufeature.c
arch/arm64/kernel/entry.S
arch/arm64/kernel/ssbd.c
drivers/base/arch_topology.c
drivers/md/Kconfig
drivers/scsi/ufs/ufshcd.c
drivers/usb/gadget/function/f_fs.c
include/trace/events/sched.h
kernel/sched/cpufreq_schedutil.c
kernel/sched/energy.c
kernel/sched/fair.c
kernel/sched/features.h
kernel/sched/sched.h
kernel/sched/topology.c
kernel/sched/tune.c
kernel/sched/walt.c
kernel/sched/walt.h
kernel/stop_machine.c
kernel/time/tick-sched.c
net/socket.c
sound/core/rawmidi.c
Change-Id: Ia246711317930ecd55bb42565a04e6b4fdfc26d2
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
Greg Kroah-Hartman
|
366527f0c2 |
This is the 4.14.62 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAltsFIgACgkQONu9yGCS aT6/ixAAhpkTaeRqX7q+xZMNWMOwtKa4cKGJmRw6qTahvpmORhTKtdjIEzXn5Zj0 VJDR4jla/slFIHVIWXxfOrSJ9stydhVRITJQebNNcTFMm5pCwJkuWQXhqg//g/E/ rt1MTGZkSGDdLyZm+/N2IGTf3TW9BOK84wBw/RY+N5i47BEb6DASIOC91SbN8aj7 wo8P2PtKmdwzdnYKEjdT7+5ZySx6GQOCPFvsStFbBFLptlsuOEIrXPj0NziYlzua 8u05IeazaLjClCOcwFMb2j6CfHbN8uWB3uR+PI0G9GAYunaKxgnmsEkUqDoiyW+q N49VD54LZBI9mqlZ5hOoxtYtCj68Qw6mII3e1itIJNtWnHwLA0EU95WOYSbwrKpQ R1EIwxR7634tajaL2D/Lqn9BQOhwMnNDT71ZNPoqYI99Lxrgs8LAd3/D7KNp1ALF 7+A8mtAO3ZYW6AuoJtfRSq9Qo1q+aZ6WShJfrXujI7ggjSb87SuYs84GNRUAxIDx dtCvGfm7ZRWwGQ7lj5OJz+h/cDbWicex/HmUPs7VbSHJdTczOAzSfLWEAh5jFSng H6KuEXmmjB6okElw8lrQuHMGnvhyA3wwkdILuuKltMqEfGic9JrGUP+xc8cZrFe/ KwedLWRvp3xlzJFIEMO3oRTnqkHQxNSSWRATz+KMloYmZgAGvyM= =QXYX -----END PGP SIGNATURE----- Merge 4.14.62 into android-4.14-p Changes in 4.14.62 scsi: qla2xxx: Fix unintialized List head crash scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion scsi: qla2xxx: Fix ISP recovery on unload scsi: qla2xxx: Return error when TMF returns genirq: Make force irq threading setup more robust nohz: Fix local_timer_softirq_pending() nohz: Fix missing tick reprogram when interrupting an inline softirq netlink: Don't shift on 64 for ngroups ext4: fix false negatives *and* false positives in ext4_check_descriptors() ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle ring_buffer: tracing: Inherit the tracing setting to next ring buffer i2c: imx: Fix reinit_completion() use Btrfs: fix file data corruption after cloning a range and fsync nvme-pci: allocate device queues storage space at probe nvme-pci: Fix queue double allocations nvmet-fc: fix target sgl list on large transfers intel_idle: Graceful probe failure when MWAIT is disabled xfs: catch inode allocation state mismatch corruption xfs: validate cached inodes are free when allocated xfs: don't call xfs_da_shrink_inode with NULL bp jfs: Fix inconsistency between memory allocation and ea_buf->max_size Linux 4.14.62 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Shankara Pailoor
|
7d29fb5343 |
jfs: Fix inconsistency between memory allocation and ea_buf->max_size
commit 92d34134193e5b129dc24f8d79cb9196626e8d7a upstream. The code is assuming the buffer is max_size length, but we weren't allocating enough space for it. Signed-off-by: Shankara Pailoor <shankarapailoor@gmail.com> Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com> Cc: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Eric Sandeen
|
59f35b983e |
xfs: don't call xfs_da_shrink_inode with NULL bp
commit bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a upstream. xfs_attr3_leaf_create may have errored out before instantiating a buffer, for example if the blkno is out of range. In that case there is no work to do to remove it, and in fact xfs_da_shrink_inode will lead to an oops if we try. This also seems to fix a flaw where the original error from xfs_attr3_leaf_create gets overwritten in the cleanup case, and it removes a pointless assignment to bp which isn't used after this. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199969 Reported-by: Xu, Wen <wen.xu@gatech.edu> Tested-by: Xu, Wen <wen.xu@gatech.edu> Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Cc: Eduardo Valentin <eduval@amazon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Dave Chinner
|
6f021e4ef3 |
xfs: validate cached inodes are free when allocated
commit afca6c5b2595fc44383919fba740c194b0b76aff upstream.
A recent fuzzed filesystem image cached random dcache corruption
when the reproducer was run. This often showed up as panics in
lookup_slow() on a null inode->i_ops pointer when doing pathwalks.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
....
Call Trace:
lookup_slow+0x44/0x60
walk_component+0x3dd/0x9f0
link_path_walk+0x4a7/0x830
path_lookupat+0xc1/0x470
filename_lookup+0x129/0x270
user_path_at_empty+0x36/0x40
path_listxattr+0x98/0x110
SyS_listxattr+0x13/0x20
do_syscall_64+0xf5/0x280
entry_SYSCALL_64_after_hwframe+0x42/0xb7
but had many different failure modes including deadlocks trying to
lock the inode that was just allocated or KASAN reports of
use-after-free violations.
The cause of the problem was a corrupt INOBT on a v4 fs where the
root inode was marked as free in the inobt record. Hence when we
allocated an inode, it chose the root inode to allocate, found it in
the cache and re-initialised it.
We recently fixed a similar inode allocation issue caused by inobt
record corruption problem in xfs_iget_cache_miss() in commit
ee457001ed6c ("xfs: catch inode allocation state mismatch
corruption"). This change adds similar checks to the cache-hit path
to catch it, and turns the reproducer into a corruption shutdown
situation.
Reported-by: Wen Xu <wen.xu@gatech.edu>
Signed-Off-By: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Carlos Maiolino <cmaiolino@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
[darrick: fix typos in comment]
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Cc: Eduardo Valentin <eduval@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Dave Chinner
|
27c41b1701 |
xfs: catch inode allocation state mismatch corruption
commit ee457001ed6c6f31ddad69c24c1da8f377d8472d upstream. We recently came across a V4 filesystem causing memory corruption due to a newly allocated inode being setup twice and being added to the superblock inode list twice. From code inspection, the only way this could happen is if a newly allocated inode was not marked as free on disk (i.e. di_mode wasn't zero). Running the metadump on an upstream debug kernel fails during inode allocation like so: XFS: Assertion failed: ip->i_d.di_nblocks == 0, file: fs/xfs/xfs_inod= e.c, line: 838 ------------[ cut here ]------------ kernel BUG at fs/xfs/xfs_message.c:114! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 11 PID: 3496 Comm: mkdir Not tainted 4.16.0-rc5-dgc #442 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/0= 1/2014 RIP: 0010:assfail+0x28/0x30 RSP: 0018:ffffc9000236fc80 EFLAGS: 00010202 RAX: 00000000ffffffea RBX: 0000000000004000 RCX: 0000000000000000 RDX: 00000000ffffffc0 RSI: 000000000000000a RDI: ffffffff8227211b RBP: ffffc9000236fce8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000bec R11: f000000000000000 R12: ffffc9000236fd30 R13: ffff8805c76bab80 R14: ffff8805c77ac800 R15: ffff88083fb12e10 FS: 00007fac8cbff040(0000) GS:ffff88083fd00000(0000) knlGS:0000000000000= 000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fffa6783ff8 CR3: 00000005c6e2b003 CR4: 00000000000606e0 Call Trace: xfs_ialloc+0x383/0x570 xfs_dir_ialloc+0x6a/0x2a0 xfs_create+0x412/0x670 xfs_generic_create+0x1f7/0x2c0 ? capable_wrt_inode_uidgid+0x3f/0x50 vfs_mkdir+0xfb/0x1b0 SyS_mkdir+0xcf/0xf0 do_syscall_64+0x73/0x1a0 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Extracting the inode number we crashed on from an event trace and looking at it with xfs_db: xfs_db> inode 184452204 xfs_db> p core.magic = 0x494e core.mode = 0100644 core.version = 2 core.format = 2 (extents) core.nlinkv2 = 1 core.onlink = 0 ..... Confirms that it is not a free inode on disk. xfs_repair also trips over this inode: ..... zero length extent (off = 0, fsbno = 0) in ino 184452204 correcting nextents for inode 184452204 bad attribute fork in inode 184452204, would clear attr fork bad nblocks 1 for inode 184452204, would reset to 0 bad anextents 1 for inode 184452204, would reset to 0 imap claims in-use inode 184452204 is free, would correct imap would have cleared inode 184452204 ..... disconnected inode 184452204, would move to lost+found And so we have a situation where the directory structure and the inobt thinks the inode is free, but the inode on disk thinks it is still in use. Where this corruption came from is not possible to diagnose, but we can detect it and prevent the kernel from oopsing on lookup. The reproducer now results in: $ sudo mkdir /mnt/scratch/{0,1,2,3,4,5}{0,1,2,3,4,5} mkdir: cannot create directory =E2=80=98/mnt/scratch/00=E2=80=99: File ex= ists mkdir: cannot create directory =E2=80=98/mnt/scratch/01=E2=80=99: File ex= ists mkdir: cannot create directory =E2=80=98/mnt/scratch/03=E2=80=99: Structu= re needs cleaning mkdir: cannot create directory =E2=80=98/mnt/scratch/04=E2=80=99: Input/o= utput error mkdir: cannot create directory =E2=80=98/mnt/scratch/05=E2=80=99: Input/o= utput error .... And this corruption shutdown: [ 54.843517] XFS (loop0): Corruption detected! Free inode 0xafe846c not= marked free on disk [ 54.845885] XFS (loop0): Internal error xfs_trans_cancel at line 1023 = of file fs/xfs/xfs_trans.c. Caller xfs_create+0x425/0x670 [ 54.848994] CPU: 10 PID: 3541 Comm: mkdir Not tainted 4.16.0-rc5-dgc #= 443 [ 54.850753] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIO= S 1.10.2-1 04/01/2014 [ 54.852859] Call Trace: [ 54.853531] dump_stack+0x85/0xc5 [ 54.854385] xfs_trans_cancel+0x197/0x1c0 [ 54.855421] xfs_create+0x425/0x670 [ 54.856314] xfs_generic_create+0x1f7/0x2c0 [ 54.857390] ? capable_wrt_inode_uidgid+0x3f/0x50 [ 54.858586] vfs_mkdir+0xfb/0x1b0 [ 54.859458] SyS_mkdir+0xcf/0xf0 [ 54.860254] do_syscall_64+0x73/0x1a0 [ 54.861193] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 54.862492] RIP: 0033:0x7fb73bddf547 [ 54.863358] RSP: 002b:00007ffdaa553338 EFLAGS: 00000246 ORIG_RAX: 0000= 000000000053 [ 54.865133] RAX: ffffffffffffffda RBX: 00007ffdaa55449a RCX: 00007fb73= bddf547 [ 54.866766] RDX: 0000000000000001 RSI: 00000000000001ff RDI: 00007ffda= a55449a [ 54.868432] RBP: 00007ffdaa55449a R08: 00000000000001ff R09: 00005623a= 8670dd0 [ 54.870110] R10: 00007fb73be72d5b R11: 0000000000000246 R12: 000000000= 00001ff [ 54.871752] R13: 00007ffdaa5534b0 R14: 0000000000000000 R15: 00007ffda= a553500 [ 54.873429] XFS (loop0): xfs_do_force_shutdown(0x8) called from line 1= 024 of file fs/xfs/xfs_trans.c. Return address = ffffffff814cd050 [ 54.882790] XFS (loop0): Corruption of in-memory data detected. Shutt= ing down filesystem [ 54.884597] XFS (loop0): Please umount the filesystem and rectify the = problem(s) Note that this crash is only possible on v4 filesystemsi or v5 filesystems mounted with the ikeep mount option. For all other V5 filesystems, this problem cannot occur because we don't read inodes we are allocating from disk - we simply overwrite them with the new inode information. Signed-Off-By: Dave Chinner <dchinner@redhat.com> Reviewed-by: Carlos Maiolino <cmaiolino@redhat.com> Tested-by: Carlos Maiolino <cmaiolino@redhat.com> Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Cc: Eduardo Valentin <eduval@amazon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Filipe Manana
|
0ea7fcfc7f |
Btrfs: fix file data corruption after cloning a range and fsync
commit bd3599a0e142cd73edd3b6801068ac3f48ac771a upstream.
When we clone a range into a file we can end up dropping existing
extent maps (or trimming them) and replacing them with new ones if the
range to be cloned overlaps with a range in the destination inode.
When that happens we add the new extent maps to the list of modified
extents in the inode's extent map tree, so that a "fast" fsync (the flag
BTRFS_INODE_NEEDS_FULL_SYNC not set in the inode) will see the extent maps
and log corresponding extent items. However, at the end of range cloning
operation we do truncate all the pages in the affected range (in order to
ensure future reads will not get stale data). Sometimes this truncation
will release the corresponding extent maps besides the pages from the page
cache. If this happens, then a "fast" fsync operation will miss logging
some extent items, because it relies exclusively on the extent maps being
present in the inode's extent tree, leading to data loss/corruption if
the fsync ends up using the same transaction used by the clone operation
(that transaction was not committed in the meanwhile). An extent map is
released through the callback btrfs_invalidatepage(), which gets called by
truncate_inode_pages_range(), and it calls __btrfs_releasepage(). The
later ends up calling try_release_extent_mapping() which will release the
extent map if some conditions are met, like the file size being greater
than 16Mb, gfp flags allow blocking and the range not being locked (which
is the case during the clone operation) nor being the extent map flagged
as pinned (also the case for cloning).
The following example, turned into a test for fstests, reproduces the
issue:
$ mkfs.btrfs -f /dev/sdb
$ mount /dev/sdb /mnt
$ xfs_io -f -c "pwrite -S 0x18 9000K 6908K" /mnt/foo
$ xfs_io -f -c "pwrite -S 0x20 2572K 156K" /mnt/bar
$ xfs_io -c "fsync" /mnt/bar
# reflink destination offset corresponds to the size of file bar,
# 2728Kb minus 4Kb.
$ xfs_io -c ""reflink ${SCRATCH_MNT}/foo 0 2724K 15908K" /mnt/bar
$ xfs_io -c "fsync" /mnt/bar
$ md5sum /mnt/bar
95a95813a8c2abc9aa75a6c2914a077e /mnt/bar
<power fail>
$ mount /dev/sdb /mnt
$ md5sum /mnt/bar
207fd8d0b161be8a84b945f0df8d5f8d /mnt/bar
# digest should be 95a95813a8c2abc9aa75a6c2914a077e like before the
# power failure
In the above example, the destination offset of the clone operation
corresponds to the size of the "bar" file minus 4Kb. So during the clone
operation, the extent map covering the range from 2572Kb to 2728Kb gets
trimmed so that it ends at offset 2724Kb, and a new extent map covering
the range from 2724Kb to 11724Kb is created. So at the end of the clone
operation when we ask to truncate the pages in the range from 2724Kb to
2724Kb + 15908Kb, the page invalidation callback ends up removing the new
extent map (through try_release_extent_mapping()) when the page at offset
2724Kb is passed to that callback.
Fix this by setting the bit BTRFS_INODE_NEEDS_FULL_SYNC whenever an extent
map is removed at try_release_extent_mapping(), forcing the next fsync to
search for modified extents in the fs/subvolume tree instead of relying on
the presence of extent maps in memory. This way we can continue doing a
"fast" fsync if the destination range of a clone operation does not
overlap with an existing range or if any of the criteria necessary to
remove an extent map at try_release_extent_mapping() is not met (file
size not bigger then 16Mb or gfp flags do not allow blocking).
CC: stable@vger.kernel.org # 3.16+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Theodore Ts'o
|
dd69abaccb |
ext4: fix false negatives *and* false positives in ext4_check_descriptors()
commit 44de022c4382541cebdd6de4465d1f4f465ff1dd upstream. Ext4_check_descriptors() was getting called before s_gdb_count was initialized. So for file systems w/o the meta_bg feature, allocation bitmaps could overlap the block group descriptors and ext4 wouldn't notice. For file systems with the meta_bg feature enabled, there was a fencepost error which would cause the ext4_check_descriptors() to incorrectly believe that the block allocation bitmap overlaps with the block group descriptor blocks, and it would reject the mount. Fix both of these problems. Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@vger.kernel.org Signed-off-by: Benjamin Gilbert <bgilbert@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
b7e55e8476 |
This is the 4.14.61 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAltoWUQACgkQONu9yGCS
aT6J3hAAiSI2RTbsbH/JpcVC2NbtzvJXzaEgr7AKprwrmiW2PSXZhw2rq4NxFoJg
R2WRO20K69wGaIeWzUJsA/vbkVpqawrTpmCZtUlzqz621Hl+BZ9zTPlMYX6PnLdY
r5DS9pA5qytP0rYikz5iBx2zehXDV+P/w/bul/LbigNte7RaehlKLbG8M+cUL3Eg
0tSIVa/kDSGwyaEirb2qpAmqEa00H3TK75iNe43+dvpZ23SkswVjanEdlwNAtVMj
QibeYadvwcEfewyGy/OkscnMjfqcnmhCaiAZ74aty10n0/LjTb++t1PvwInIsl++
3oapp6zqlo0pygr1V3yE437zVV/KIsxCRRrhIgcvHBgy19WAlmeG6mryFhaG4X8/
gfM7gHsWJN1COUJbDhwrlmlY073ZsexIkeaDNfn5buFRMMoGpkWUIyto1U9GF+bx
2y85B/Zo7KWVuA6sbrmHXg8bdiOOwvf2AbZpeHgHByMeobBjotN44QwQtfx7uYf0
RM/gOSl0Ep9EuWe8qrFaE6BT+EbjN7s42c/EwKE629Yvvuf6YSPTL2TU8OTwVZsX
XowTj7ZV+7Evyigxk41CkOPiRvJYeBz4zc8qehd/s2Y27IKqUMiQdIA/VvDalojB
SspGBUZMu7+KNydO2Opm2zUIiq/WnD8Zy3hdnZSsDMe3M/TRqu8=
=PhXZ
-----END PGP SIGNATURE-----
Merge 4.14.61 into android-4.14-p
Changes in 4.14.61
bonding: avoid lockdep confusion in bond_get_stats()
inet: frag: enforce memory limits earlier
ipv4: frags: handle possible skb truesize change
net: dsa: Do not suspend/resume closed slave_dev
netlink: Fix spectre v1 gadget in netlink_create()
net: stmmac: Fix WoL for PCI-based setups
rxrpc: Fix user call ID check in rxrpc_service_prealloc_one
net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager
squashfs: more metadata hardening
squashfs: more metadata hardenings
can: ems_usb: Fix memory leak on ems_usb_disconnect()
net: socket: fix potential spectre v1 gadget in socketcall
virtio_balloon: fix another race between migration and ballooning
x86/apic: Future-proof the TSC_DEADLINE quirk for SKX
x86/entry/64: Remove %ebx handling from error_entry/exit
kvm: x86: vmx: fix vpid leak
audit: fix potential null dereference 'context->module.name'
userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails
iwlwifi: add more card IDs for 9000 series
RDMA/uverbs: Expand primary and alt AV port checks
crypto: padlock-aes - Fix Nano workaround data corruption
drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats
scsi: sg: fix minor memory leak in error path
Linux 4.14.61
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Mike Rapoport
|
0eba9f5d3d |
userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails
commit 31e810aa1033a7db50a2746cd34a2432237f6420 upstream.
The fix in commit 0cbb4b4f4c44 ("userfaultfd: clear the
vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails") cleared the
vma->vm_userfaultfd_ctx but kept userfaultfd flags in vma->vm_flags
that were copied from the parent process VMA.
As the result, there is an inconsistency between the values of
vma->vm_userfaultfd_ctx.ctx and vma->vm_flags which triggers BUG_ON
in userfaultfd_release().
Clearing the uffd flags from vma->vm_flags in case of UFFD_EVENT_FORK
failure resolves the issue.
Link: http://lkml.kernel.org/r/1532931975-25473-1-git-send-email-rppt@linux.vnet.ibm.com
Fixes: 0cbb4b4f4c44 ("userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails")
Signed-off-by: Mike Rapoport <rppt@linux.vnet.ibm.com>
Reported-by: syzbot+121be635a7a35ddb7dcb@syzkaller.appspotmail.com
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Eric Biggers <ebiggers3@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Linus Torvalds
|
e7de67165e |
squashfs: more metadata hardenings
commit 71755ee5350b63fb1f283de8561cdb61b47f4d1d upstream. The squashfs fragment reading code doesn't actually verify that the fragment is inside the fragment table. The end result _is_ verified to be inside the image when actually reading the fragment data, but before that is done, we may end up taking a page fault because the fragment table itself might not even exist. Another report from Anatoly and his endless squashfs image fuzzing. Reported-by: Анатолий Тросиненко <anatoly.trosinenko@gmail.com> Acked-by:: Phillip Lougher <phillip.lougher@gmail.com>, Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Linus Torvalds
|
953f918d54 |
squashfs: more metadata hardening
commit d512584780d3e6a7cacb2f482834849453d444a1 upstream. Anatoly reports another squashfs fuzzing issue, where the decompression parameters themselves are in a compressed block. This causes squashfs_read_data() to be called in order to read the decompression options before the decompression stream having been set up, making squashfs go sideways. Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> Acked-by: Phillip Lougher <phillip.lougher@gmail.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
e88e717926 |
This is the 4.14.60 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAltj7TUACgkQONu9yGCS
aT6EYRAAvqCTCQmQfcduTp5ua9v3EatAhiCALUSS0SYwDNS0bbqRWaP7U/crvTs4
tJu2JY3bGFTvLSUHQyt/+0uwu4IKaMyerXCXdV0OcScpASsjbA18dbRY7zJEZjRt
g6seezpE9CCnWbPxh3SraIeRfxoITUCH6Gjz0NTJvKwbLiK3XgsgkItOZxBbf1ib
Qnu+9wLtbU90plBlY0ctgKpAa1UPJd3B2h7YGW4FfArEkDJ8M+loQygzd35rQfw/
s7R36nt1aaT5k+biQTxiWdpTmOL3fd1mC2OG4mBInc/u7qUtAFikBXbpQWfKochy
fSxjC+GMTWWoYmqdV7bnWuc/GgmmxXR3nBv6LZhR58i0NfMjmzU1kJhnN4Ea5xA8
4qOZcd9UFLq1Yn44skgN9dm0jDzJaSDhWe4/XX9v7I1YqbDqC1mEr0i2yLtj5FXZ
kTpcrieDBBzoY+GNZZnfWgmzg4V5W+1AM0k7PT7AoMbAJf57YF0rRoidlPE2sMQo
UEhIXTHjK/jACOFNNdFc+DsJjJz0nDV4FxZJ8Y6EGF6uJERnspAxbL8AheAl+NS1
MSuNzl/CVbpJ3C/GSgAj5aZxb4BYDdS/crCjvbgojAavfFaqWYCIj6ULPJPYYFfu
+qLPqIS7ctqXmnJ0tXA8okUrniGIUInZyhBsSee0IGp7tFfii5A=
=H+1i
-----END PGP SIGNATURE-----
Merge 4.14.60 into android-4.14-p
Changes in 4.14.60
fork: unconditionally clear stack on fork
i2c: core: decrease reference count of device node in i2c_unregister_device
RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access
drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4
IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()
drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4
spi: spi-s3c64xx: Fix system resume support
Input: elan_i2c - add ACPI ID for lenovo ideapad 330
Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
kvm, mm: account shadow page tables to kmemcg
delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
tracing: Fix double free of event_trigger_data
tracing: Fix possible double free in event_enable_trigger_func()
kthread, tracing: Don't expose half-written comm when creating kthreads
tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
tracing: Quiet gcc warning about maybe unused link variable
arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
mlxsw: spectrum_switchdev: Fix port_vlan refcounting
kcov: ensure irq code sees a valid area
xen/netfront: raise max number of slots in xennet_get_responses()
hv_netvsc: fix network namespace issues with VF support
skip LAYOUTRETURN if layout is invalid
ALSA: emu10k1: add error handling for snd_ctl_add
ALSA: fm801: add error handling for snd_ctl_add
NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY
nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
vfio: platform: Fix reset module leak in error path
vfio/mdev: Check globally for duplicate devices
vfio/type1: Fix task tracking for QEMU vCPU hotplug
kernel/hung_task.c: show all hung tasks before panic
mm: /proc/pid/pagemap: hide swap entries from unprivileged users
mm: vmalloc: avoid racy handling of debugobjects in vunmap
mm/slub.c: add __printf verification to slab_err()
rtc: ensure rtc_set_alarm fails when alarms are not supported
perf tools: Fix pmu events parsing rule
netfilter: ipset: forbid family for hash:mac sets
netfilter: ipset: List timing out entries with "timeout 1" instead of zero
irqchip/ls-scfg-msi: Map MSIs in the iommu
watchdog: da9063: Fix updating timeout value
printk: drop in_nmi check from printk_safe_flush_on_panic()
bpf, arm32: fix inconsistent naming about emit_a32_lsr_{r64,i64}
ceph: fix alignment of rasize
e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
infiniband: fix a possible use-after-free bug
powerpc/lib: Adjust .balign inside string functions for PPC32
powerpc/64s: Add barrier_nospec
powerpc/eeh: Fix use-after-release of EEH driver
hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
powerpc/64s: Fix compiler store ordering to SLB shadow area
RDMA/mad: Convert BUG_ONs to error flows
lightnvm: pblk: warn in case of corrupted write buffer
netfilter: nf_tables: check msg_type before nft_trans_set(trans)
pnfs: Don't release the sequence slot until we've processed layoutget on open
disable loading f2fs module on PAGE_SIZE > 4KB
f2fs: fix error path of move_data_page
f2fs: fix to don't trigger writeback during recovery
f2fs: fix to wait page writeback during revoking atomic write
f2fs: Fix deadlock in shutdown ioctl
f2fs: fix to detect failure of dquot_initialize
f2fs: fix race in between GC and atomic open
block, bfq: remove wrong lock in bfq_requests_merged
usbip: usbip_detach: Fix memory, udev context and udev leak
usbip: dynamically allocate idev by nports found in sysfs
perf/x86/intel/uncore: Correct fixed counter index check in generic code
perf/x86/intel/uncore: Correct fixed counter index check for NHM
selftests/intel_pstate: Improve test, minor fixes
selftests: memfd: return Kselftest Skip code for skipped tests
selftests: intel_pstate: return Kselftest Skip code for skipped tests
PCI: Fix devm_pci_alloc_host_bridge() memory leak
btrfs: balance dirty metadata pages in btrfs_finish_ordered_io
iwlwifi: pcie: fix race in Rx buffer allocator
Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
ASoC: dpcm: fix BE dai not hw_free and shutdown
mfd: cros_ec: Fail early if we cannot identify the EC
mwifiex: handle race during mwifiex_usb_disconnect
wlcore: sdio: check for valid platform device data before suspend
net: hns3: Fixes the init of the VALID BD info in the descriptor
media: tw686x: Fix incorrect vb2_mem_ops GFP flags
media: videobuf2-core: don't call memop 'finish' when queueing
Btrfs: don't return ino to ino cache if inode item removal fails
Btrfs: don't BUG_ON() in btrfs_truncate_inode_items()
btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
x86/microcode: Make the late update update_lock a raw lock for RT
PM / wakeup: Make s2idle_lock a RAW_SPINLOCK
PCI: Prevent sysfs disable of device while driver is attached
nvme-rdma: stop admin queue before freeing it
nvme-pci: Fix AER reset handling
ath: Add regulatory mapping for FCC3_ETSIC
ath: Add regulatory mapping for ETSI8_WORLD
ath: Add regulatory mapping for APL13_WORLD
ath: Add regulatory mapping for APL2_FCCA
ath: Add regulatory mapping for Uganda
ath: Add regulatory mapping for Tanzania
ath: Add regulatory mapping for Serbia
ath: Add regulatory mapping for Bermuda
ath: Add regulatory mapping for Bahamas
powerpc/32: Add a missing include header
powerpc/chrp/time: Make some functions static, add missing header include
powerpc/powermac: Add missing prototype for note_bootable_part()
powerpc/powermac: Mark variable x as unused
powerpc: Add __printf verification to prom_printf
spi: sh-msiof: Fix setting SIRMDR1.SYNCAC to match SITMDR1.SYNCAC
powerpc/8xx: fix invalid register expression in head_8xx.S
pinctrl: at91-pio4: add missing of_node_put
bpf: powerpc64: pad function address loads with NOPs
PCI: pciehp: Request control of native hotplug only if supported
net: dsa: qca8k: Add support for QCA8334 switch
mwifiex: correct histogram data with appropriate index
ima: based on policy verify firmware signatures (pre-allocated buffer)
drivers/perf: arm-ccn: don't log to dmesg in event_init
spi: Add missing pm_runtime_put_noidle() after failed get
net: hns3: Fix the missing client list node initialization
fscrypt: use unbound workqueue for decryption
scsi: ufs: ufshcd: fix possible unclocked register access
scsi: ufs: fix exception event handling
scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger
drm/nouveau/fifo/gk104-: poll for runlist update completion
Bluetooth: btusb: add ID for LiteOn 04ca:301a
rtc: tps6586x: fix possible race condition
rtc: vr41xx: fix possible race condition
rtc: tps65910: fix possible race condition
ALSA: emu10k1: Rate-limit error messages about page errors
regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
md/raid1: add error handling of read error from FailFast device
md: fix NULL dereference of mddev->pers in remove_and_add_spares()
ixgbevf: fix MAC address changes through ixgbevf_set_mac()
media: smiapp: fix timeout checking in smiapp_read_nvm
net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value
ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback
media: atomisp: ov2680: don't declare unused vars
arm64: cmpwait: Clear event register before arming exclusive monitor
HID: hid-plantronics: Re-resend Update to map button for PTT products
arm64: dts: renesas: salvator-common: use audio-graph-card for Sound
drm/radeon: fix mode_valid's return type
drm/amdgpu: Remove VRAM from shared bo domains.
powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet
HID: i2c-hid: check if device is there before really probing
EDAC, altera: Fix ARM64 build warning
ARM: dts: stih407-pinctrl: Fix complain about IRQ_TYPE_NONE usage
ARM: dts: emev2: Add missing interrupt-affinity to PMU node
ARM: dts: sh73a0: Add missing interrupt-affinity to PMU node
nvmem: properly handle returned value nvmem_reg_read
i40e: free the skb after clearing the bitlock
tty: Fix data race in tty_insert_flip_string_fixed_flag
dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
net: phy: phylink: Release link GPIO
media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
libata: Fix command retry decision
ACPI / LPSS: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2
media: media-device: fix ioctl function types
media: saa7164: Fix driver name in debug output
mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
brcmfmac: Add support for bcm43364 wireless chipset
s390/cpum_sf: Add data entry sizes to sampling trailer entry
perf: fix invalid bit in diagnostic entry
bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only.
scsi: 3w-9xxx: fix a missing-check bug
scsi: 3w-xxxx: fix a missing-check bug
scsi: megaraid: silence a static checker bug
scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw
scsi: qedf: Set the UNLOADING flag when removing a vport
staging: lustre: o2iblnd: fix race at kiblnd_connect_peer
staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5
thermal: exynos: fix setting rising_threshold for Exynos5433
bpf: fix references to free_bpf_prog_info() in comments
f2fs: avoid fsync() failure caused by EAGAIN in writepage()
media: siano: get rid of __le32/__le16 cast warnings
drm/atomic: Handling the case when setting old crtc for plane
ALSA: hda/ca0132: fix build failure when a local macro is defined
mmc: dw_mmc: update actual clock for mmc debugfs
mmc: pwrseq: Use kmalloc_array instead of stack VLA
dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC
spi: meson-spicc: Fix error handling in meson_spicc_probe()
net: hns3: Fixes the out of bounds access in hclge_map_tqp
dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
backlight: pwm_bl: Don't use GPIOF_* with gpiod_get_direction
stop_machine: Use raw spinlocks
delayacct: Use raw_spinlocks
memory: tegra: Do not handle spurious interrupts
memory: tegra: Apply interrupts mask per SoC
nvme: lightnvm: add granby support
arm64: defconfig: Enable Rockchip io-domain driver
igb: Fix queue selection on MAC filters on i210
drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
ipconfig: Correctly initialise ic_nameservers
rsi: Fix 'invalid vdd' warning in mmc
rsi: fix nommu_map_sg overflow kernel panic
audit: allow not equal op for audit by executable
staging: vchiq_core: Fix missing semaphore release in error case
staging: lustre: llite: correct removexattr detection
staging: lustre: ldlm: free resource when ldlm_lock_create() fails.
serial: core: Make sure compiler barfs for 16-byte earlycon names
soc: imx: gpcv2: Do not pass static memory as platform data
microblaze: Fix simpleImage format generation
usb: hub: Don't wait for connect state at resume for powered-off ports
crypto: authencesn - don't leak pointers to authenc keys
crypto: authenc - don't leak pointers to authenc keys
media: omap3isp: fix unbalanced dma_iommu_mapping
regulator: Don't return or expect -errno from of_map_mode()
scsi: scsi_dh: replace too broad "TP9" string with the exact models
scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
scsi: cxlflash: Synchronize reset and remove ops
scsi: cxlflash: Avoid clobbering context control register value
media: atomisp: compat32: fix __user annotations
media: si470x: fix __be16 annotations
ASoC: topology: Fix bclk and fsync inversion in set_link_hw_format()
ASoC: topology: Add missing clock gating parameter when parsing hw_configs
drm: Add DP PSR2 sink enable bit
drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown()
drm/dp/mst: Fix off-by-one typo when dump payload table
block: bio_iov_iter_get_pages: fix size of last iovec
blkdev: __blkdev_direct_IO_simple: fix leak in error case
block: reset bi_iter.bi_done after splitting bio
random: mix rdrand with entropy sent in from userspace
squashfs: be more careful about metadata corruption
ext4: fix inline data updates with checksums enabled
ext4: check for allocation block validity with block group locked
ext4: fix check to prevent initializing reserved inodes
PCI: pciehp: Assume NoCompl+ for Thunderbolt ports
PCI: xgene: Remove leftover pci_scan_child_bus() call
ovl: Sync upper dirty data when syncing overlayfs
usb: gadget: udc: renesas_usb3: should remove debugfs
RDMA/uverbs: Protect from attempts to create flows on unsupported QP
net: dsa: qca8k: Force CPU port to its highest bandwidth
net: dsa: qca8k: Enable RXMAC when bringing up a port
net: dsa: qca8k: Add QCA8334 binding documentation
net: dsa: qca8k: Allow overwriting CPU port setting
ipv4: remove BUG_ON() from fib_compute_spec_dst
net: ena: Fix use of uninitialized DMA address bits field
net: fix amd-xgbe flow-control issue
net: lan78xx: fix rx handling before first packet is send
net: mdio-mux: bcm-iproc: fix wrong getter and setter pair
NET: stmmac: align DMA stuff to largest cache line length
tcp_bbr: fix bw probing to raise in-flight data for very small BDPs
xen-netfront: wait xenbus state change when load module manually
netlink: Do not subscribe to non-existent groups
netlink: Don't shift with UB on nlk->ngroups
tcp: do not force quickack when receiving out-of-order packets
tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode
tcp: do not aggressively quick ack after ECN events
tcp: refactor tcp_ecn_check_ce to remove sk type cast
tcp: add one more quick ack after after ECN events
Linux 4.14.60
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Chengguang Xu
|
6aaaca7b81 |
ovl: Sync upper dirty data when syncing overlayfs
commit e8d4bfe3a71537284a90561f77c85dea6c154369 upstream.
When executing filesystem sync or umount on overlayfs,
dirty data does not get synced as expected on upper filesystem.
This patch fixes sync filesystem method to keep data consistency
for overlayfs.
Signed-off-by: Chengguang Xu <cgxu@mykernel.net>
Fixes: e593b2bf513d ("ovl: properly implement sync_filesystem()")
Cc: <stable@vger.kernel.org> #4.11
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Theodore Ts'o
|
f547aa20b4 |
ext4: fix check to prevent initializing reserved inodes
commit 5012284700775a4e6e3fbe7eac4c543c4874b559 upstream.
Commit 8844618d8aa7: "ext4: only look at the bg_flags field if it is
valid" will complain if block group zero does not have the
EXT4_BG_INODE_ZEROED flag set. Unfortunately, this is not correct,
since a freshly created file system has this flag cleared. It gets
almost immediately after the file system is mounted read-write --- but
the following somewhat unlikely sequence will end up triggering a
false positive report of a corrupted file system:
mkfs.ext4 /dev/vdc
mount -o ro /dev/vdc /vdc
mount -o remount,rw /dev/vdc
Instead, when initializing the inode table for block group zero, test
to make sure that itable_unused count is not too large, since that is
the case that will result in some or all of the reserved inodes
getting cleared.
This fixes the failures reported by Eric Whiteney when running
generic/230 and generic/231 in the the nojournal test case.
Fixes: 8844618d8aa7 ("ext4: only look at the bg_flags field if it is valid")
Reported-by: Eric Whitney <enwlinux@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Theodore Ts'o
|
dc1b4b710f |
ext4: check for allocation block validity with block group locked
commit 8d5a803c6a6ce4ec258e31f76059ea5153ba46ef upstream. With commit 044e6e3d74a3: "ext4: don't update checksum of new initialized bitmaps" the buffer valid bit will get set without actually setting up the checksum for the allocation bitmap, since the checksum will get calculated once we actually allocate an inode or block. If we are doing this, then we need to (re-)check the verified bit after we take the block group lock. Otherwise, we could race with another process reading and verifying the bitmap, which would then complain about the checksum being invalid. https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1780137 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Theodore Ts'o
|
cdcbe750ac |
ext4: fix inline data updates with checksums enabled
commit 362eca70b53389bddf3143fe20f53dcce2cfdf61 upstream. The inline data code was updating the raw inode directly; this is problematic since if metadata checksums are enabled, ext4_mark_inode_dirty() must be called to update the inode's checksum. In addition, the jbd2 layer requires that get_write_access() be called before the metadata buffer is modified. Fix both of these problems. https://bugzilla.kernel.org/show_bug.cgi?id=200443 Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Linus Torvalds
|
961f9feb43 |
squashfs: be more careful about metadata corruption
commit 01cfb7937a9af2abb1136c7e89fbf3fd92952956 upstream. Anatoly Trosinenko reports that a corrupted squashfs image can cause a kernel oops. It turns out that squashfs can end up being confused about negative fragment lengths. The regular squashfs_read_data() does check for negative lengths, but squashfs_read_metadata() did not, and the fragment size code just blindly trusted the on-disk value. Fix both the fragment parsing and the metadata reading code. Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Phillip Lougher <phillip@squashfs.org.uk> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Martin Wilck
|
cc5d7097ba |
blkdev: __blkdev_direct_IO_simple: fix leak in error case
commit 9362dd1109f87a9d0a798fbc890cb339c171ed35 upstream.
Fixes: 72ecad22d9f1 ("block: support a full bio worth of IO for simplified bdev direct-io")
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin Wilck <mwilck@suse.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Jaegeuk Kim
|
4bbf1ce3a1 |
f2fs: avoid fsync() failure caused by EAGAIN in writepage()
[ Upstream commit 5b19d284f5195a925dd015a6397bfce184097378 ] pageout() in MM traslates EAGAIN, so calls handle_write_error() -> mapping_set_error() -> set_bit(AS_EIO, ...). file_write_and_wait_range() will see EIO error, which is critical to return value of fsync() followed by atomic_write failure to user. Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Eric Biggers
|
63c7e58dab |
fscrypt: use unbound workqueue for decryption
[ Upstream commit 36dd26e0c8d42699eeba87431246c07c28075bae ] Improve fscrypt read performance by switching the decryption workqueue from bound to unbound. With the bound workqueue, when multiple bios completed on the same CPU, they were decrypted on that same CPU. But with the unbound queue, they are now decrypted in parallel on any CPU. Although fscrypt read performance can be tough to measure due to the many sources of variation, this change is most beneficial when decryption is slow, e.g. on CPUs without AES instructions. For example, I timed tarring up encrypted directories on f2fs. On x86 with AES-NI instructions disabled, the unbound workqueue improved performance by about 25-35%, using 1 to NUM_CPUs jobs with 4 or 8 CPUs available. But with AES-NI enabled, performance was unchanged to within ~2%. I also did the same test on a quad-core ARM CPU using xts-speck128-neon encryption. There performance was usually about 10% better with the unbound workqueue, bringing it closer to the unencrypted speed. The unbound workqueue may be worse in some cases due to worse locality, but I think it's still the better default. dm-crypt uses an unbound workqueue by default too, so this change makes fscrypt match. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Qu Wenruo
|
2737a4adec |
btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
[ Upstream commit ff3d27a048d926b3920ccdb75d98788c567cae0d ] Under the following case, qgroup rescan can double account cowed tree blocks: In this case, extent tree only has one tree block. - | transid=5 last committed=4 | btrfs_qgroup_rescan_worker() | |- btrfs_start_transaction() | | transid = 5 | |- qgroup_rescan_leaf() | |- btrfs_search_slot_for_read() on extent tree | Get the only extent tree block from commit root (transid = 4). | Scan it, set qgroup_rescan_progress to the last | EXTENT/META_ITEM + 1 | now qgroup_rescan_progress = A + 1. | | fs tree get CoWed, new tree block is at A + 16K | transid 5 get committed - | transid=6 last committed=5 | btrfs_qgroup_rescan_worker() | btrfs_qgroup_rescan_worker() | |- btrfs_start_transaction() | | transid = 5 | |- qgroup_rescan_leaf() | |- btrfs_search_slot_for_read() on extent tree | Get the only extent tree block from commit root (transid = 5). | scan it using qgroup_rescan_progress (A + 1). | found new tree block beyong A, and it's fs tree block, | account it to increase qgroup numbers. - In above case, tree block A, and tree block A + 16K get accounted twice, while qgroup rescan should stop when it already reach the last leaf, other than continue using its qgroup_rescan_progress. Such case could happen by just looping btrfs/017 and with some possibility it can hit such double qgroup accounting problem. Fix it by checking the path to determine if we should finish qgroup rescan, other than relying on next loop to exit. Reported-by: Nikolay Borisov <nborisov@suse.com> Signed-off-by: Qu Wenruo <wqu@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
David Sterba
|
31371d2dad |
btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
[ Upstream commit 3d3a2e610ea5e7c6d4f9481ecce5d8e2d8317843 ]
Currently the code assumes that there's an implied barrier by the
sequence of code preceding the wakeup, namely the mutex unlock.
As Nikolay pointed out:
I think this is wrong (not your code) but the original assumption that
the RELEASE semantics provided by mutex_unlock is sufficient.
According to memory-barriers.txt:
Section 'LOCK ACQUISITION FUNCTIONS' states:
(2) RELEASE operation implication:
Memory operations issued before the RELEASE will be completed before the
RELEASE operation has completed.
Memory operations issued after the RELEASE *may* be completed before the
RELEASE operation has completed.
(I've bolded the may portion)
The example given there:
As an example, consider the following:
*A = a;
*B = b;
ACQUIRE
*C = c;
*D = d;
RELEASE
*E = e;
*F = f;
The following sequence of events is acceptable:
ACQUIRE, {*F,*A}, *E, {*C,*D}, *B, RELEASE
So if we assume that *C is modifying the flag which the waitqueue is checking,
and *E is the actual wakeup, then those accesses can be re-ordered...
IMHO this code should be considered broken...
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Omar Sandoval
|
3bf165384e |
Btrfs: don't BUG_ON() in btrfs_truncate_inode_items()
[ Upstream commit 0552210997badb6a60740a26ff9d976a416510f0 ]
btrfs_free_extent() can fail because of ENOMEM. There's no reason to
panic here, we can just abort the transaction.
Fixes: f4b9aa8d3b87 ("btrfs_truncate")
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Omar Sandoval <osandov@fb.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Omar Sandoval
|
ef61d940cd |
Btrfs: don't return ino to ino cache if inode item removal fails
[ Upstream commit c08db7d8d295a4f3a10faaca376de011afff7950 ]
In btrfs_evict_inode(), if btrfs_truncate_inode_items() fails, the inode
item will still be in the tree but we still return the ino to the ino
cache. That will blow up later when someone tries to allocate that ino,
so don't return it to the cache.
Fixes: 581bb050941b ("Btrfs: Cache free inode numbers in memory")
Reviewed-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Ethan Lien
|
59b837d592 |
btrfs: balance dirty metadata pages in btrfs_finish_ordered_io
[ Upstream commit e73e81b6d0114d4a303205a952ab2e87c44bd279 ]
[Problem description and how we fix it]
We should balance dirty metadata pages at the end of
btrfs_finish_ordered_io, since a small, unmergeable random write can
potentially produce dirty metadata which is multiple times larger than
the data itself. For example, a small, unmergeable 4KiB write may
produce:
16KiB dirty leaf (and possibly 16KiB dirty node) in subvolume tree
16KiB dirty leaf (and possibly 16KiB dirty node) in checksum tree
16KiB dirty leaf (and possibly 16KiB dirty node) in extent tree
Although we do call balance dirty pages in write side, but in the
buffered write path, most metadata are dirtied only after we reach the
dirty background limit (which by far only counts dirty data pages) and
wakeup the flusher thread. If there are many small, unmergeable random
writes spread in a large btree, we'll find a burst of dirty pages
exceeds the dirty_bytes limit after we wakeup the flusher thread - which
is not what we expect. In our machine, it caused out-of-memory problem
since a page cannot be dropped if it is marked dirty.
Someone may worry about we may sleep in btrfs_btree_balance_dirty_nodelay,
but since we do btrfs_finish_ordered_io in a separate worker, it will not
stop the flusher consuming dirty pages. Also, we use different worker for
metadata writeback endio, sleep in btrfs_finish_ordered_io help us throttle
the size of dirty metadata pages.
[Reproduce steps]
To reproduce the problem, we need to do 4KiB write randomly spread in a
large btree. In our 2GiB RAM machine:
1) Create 4 subvolumes.
2) Run fio on each subvolume:
[global]
direct=0
rw=randwrite
ioengine=libaio
bs=4k
iodepth=16
numjobs=1
group_reporting
size=128G
runtime=1800
norandommap
time_based
randrepeat=0
3) Take snapshot on each subvolume and repeat fio on existing files.
4) Repeat step (3) until we get large btrees.
In our case, by observing btrfs_root_item->bytes_used, we have 2GiB of
metadata in each subvolume tree and 12GiB of metadata in extent tree.
5) Stop all fio, take snapshot again, and wait until all delayed work is
completed.
6) Start all fio. Few seconds later we hit OOM when the flusher starts
to work.
It can be reproduced even when using nocow write.
Signed-off-by: Ethan Lien <ethanlien@synology.com>
Reviewed-by: David Sterba <dsterba@suse.com>
[ add comment ]
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Chao Yu
|
67226fb52c |
f2fs: fix race in between GC and atomic open
[ Upstream commit 27319ba4044c0c67d62ae39e53c0118c89f0a029 ] Thread GC thread - f2fs_ioc_start_atomic_write - get_dirty_pages - filemap_write_and_wait_range - f2fs_gc - do_garbage_collect - gc_data_segment - move_data_page - f2fs_is_atomic_file - set_page_dirty - set_inode_flag(, FI_ATOMIC_FILE) Dirty data page can still be generated by GC in race condition as above call stack. This patch adds fi->dio_rwsem[WRITE] in f2fs_ioc_start_atomic_write to avoid such race. Signed-off-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Chao Yu
|
ad8d61efc9 |
f2fs: fix to detect failure of dquot_initialize
[ Upstream commit c22aecd75919511abea872b201751e0be1add898 ] dquot_initialize() can fail due to any exception inside quota subsystem, f2fs needs to be aware of it, and return correct return value to caller. Signed-off-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Sahitya Tummala
|
c92d09e35d |
f2fs: Fix deadlock in shutdown ioctl
[ Upstream commit 60b2b4ee2bc01dd052f99fa9d65da2232102ef8e ] f2fs_ioc_shutdown() ioctl gets stuck in the below path when issued with F2FS_GOING_DOWN_FULLSYNC option. __switch_to+0x90/0xc4 percpu_down_write+0x8c/0xc0 freeze_super+0xec/0x1e4 freeze_bdev+0xc4/0xcc f2fs_ioctl+0xc0c/0x1ce0 f2fs_compat_ioctl+0x98/0x1f0 Signed-off-by: Sahitya Tummala <stummala@codeaurora.org> Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Chao Yu
|
4f979af7b0 |
f2fs: fix to wait page writeback during revoking atomic write
[ Upstream commit e5e5732d8120654159254c16834bc8663d8be124 ] After revoking atomic write, related LBA can be reused by others, so we need to wait page writeback before reusing the LBA, in order to avoid interference between old atomic written in-flight IO and new IO. Signed-off-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Chao Yu
|
de13b2ac74 |
f2fs: fix to don't trigger writeback during recovery
[ Upstream commit 64c74a7ab505ea40d1b3e5d02735ecab08ae1b14 ]
- f2fs_fill_super
- recover_fsync_data
- recover_data
- del_fsync_inode
- iput
- iput_final
- write_inode_now
- f2fs_write_inode
- f2fs_balance_fs
- f2fs_balance_fs_bg
- sync_dirty_inodes
With data_flush mount option, during recovery, in order to avoid entering
above writeback flow, let's detect recovery status and do skip in
f2fs_balance_fs_bg.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Yunlei He <heyunlei@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Chao Yu
|
f3f0291977 |
f2fs: fix error path of move_data_page
[ Upstream commit 14a28559f43ac7c0b98dd1b0e73ec9ec8ab4fc45 ] This patch fixes error path of move_data_page: - clear cold data flag if it fails to write page. - redirty page for non-ENOMEM case. Signed-off-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Anatoly Pugachev
|
122031c292 |
disable loading f2fs module on PAGE_SIZE > 4KB
[ Upstream commit 4071e67cffcc5c2a007116a02437471351f550eb ] The following patch disables loading of f2fs module on architectures which have PAGE_SIZE > 4096 , since it is impossible to mount f2fs on such architectures , log messages are: mount: /mnt: wrong fs type, bad option, bad superblock on /dev/vdiskb1, missing codepage or helper program, or other error. /dev/vdiskb1: F2FS filesystem, UUID=1d8b9ca4-2389-4910-af3b-10998969f09c, volume name "" May 15 18:03:13 ttip kernel: F2FS-fs (vdiskb1): Invalid page_cache_size (8192), supports only 4KB May 15 18:03:13 ttip kernel: F2FS-fs (vdiskb1): Can't find valid F2FS filesystem in 1th superblock May 15 18:03:13 ttip kernel: F2FS-fs (vdiskb1): Invalid page_cache_size (8192), supports only 4KB May 15 18:03:13 ttip kernel: F2FS-fs (vdiskb1): Can't find valid F2FS filesystem in 2th superblock May 15 18:03:13 ttip kernel: F2FS-fs (vdiskb1): Invalid page_cache_size (8192), supports only 4KB which was introduced by git commit 5c9b469295fb6b10d98923eab5e79c4edb80ed20 tested on git kernel 4.17.0-rc6-00309-gec30dcf7f425 with patch applied: modprobe: ERROR: could not insert 'f2fs': Invalid argument May 28 01:40:28 v215 kernel: F2FS not supported on PAGE_SIZE(8192) != 4096 Signed-off-by: Anatoly Pugachev <matorola@gmail.com> Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Trond Myklebust
|
1339e2b8ea |
pnfs: Don't release the sequence slot until we've processed layoutget on open
[ Upstream commit ae55e59da0e401893b3c52b575fc18a00623d0a1 ] If the server recalls the layout that was just handed out, we risk hitting a race as described in RFC5661 Section 2.10.6.3 unless we ensure that we release the sequence slot after processing the LAYOUTGET operation that was sent as part of the OPEN compound. Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |