mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
398 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Sharath Chandra Vurukala
|
033f2e4393 |
net:sockev: hold file reference till the sock event is sent
Hold file reference till the sock event is sent. Change-Id: I14d581f210c86e5771bec22a9aca7c78630e9ac1 Signed-off-by: Sharath Chandra Vurukala <sharathv@codeaurora.org> |
||
Srinivasarao P
|
62eedc7cb9 |
Merge android-4.14.166 (d4dd59f) into msm-4.14
* refs/heads/tmp-d4dd59f: Linux 4.14.166 ocfs2: call journal flush to mark journal as empty after journal recovery when mount hexagon: work around compiler crash hexagon: parenthesize registers in asm predicates ioat: ioat_alloc_ring() failure handling. dmaengine: k3dma: Avoid null pointer traversal MIPS: Prevent link failure with kcov instrumentation mips: cacheinfo: report shared CPU map rseq/selftests: Turn off timeout setting scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() gpio: mpc8xxx: Add platform device to gpiochip->parent rtc: msm6242: Fix reading of 10-hour digit f2fs: fix potential overflow rtlwifi: Remove unnecessary NULL check in rtl_regd_init spi: atmel: fix handling of cs_change set on non-last xfer mtd: spi-nor: fix silent truncation in spi_nor_read_raw() mtd: spi-nor: fix silent truncation in spi_nor_read() media: exynos4-is: Fix recursive locking in isp_video_release() media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support media: ov6650: Fix some format attributes not under control media: ov6650: Fix incorrect use of JPEG colorspace tty: serial: pch_uart: correct usage of dma_unmap_sg tty: serial: imx: use the sg count from dma_map_sg powerpc/powernv: Disable native PCIe port management PCI/PTM: Remove spurious "d" from granularity message compat_ioctl: handle SIOCOUTQNSD af_unix: add compat_ioctl support arm64: dts: apq8096-db820c: Increase load on l21 for SDCARD scsi: sd: enable compat ioctls for sed-opal pinctrl: lewisburg: Update pin list according to v1.1v6 pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume mei: fix modalias documentation iio: imu: adis16480: assign bias value only if operation succeeded NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn xprtrdma: Fix completion wait during device removal platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI scsi: enclosure: Fix stale device oops with hot replug arm64: Check for errata before evaluating cpu features arm64: add sentinel to kpti_safe_list RDMA/srpt: Report the SCSI residual to the initiator RDMA/mlx5: Return proper error value btrfs: simplify inode locking for RWF_NOWAIT cifs: Adjust indentation in smb2_open_file hsr: reset network header when supervision frame is created gpio: Fix error message on out-of-range GPIO in lookup table iommu: Remove device link to group on failure gpio: zynq: Fix for bug in zynq_gpio_restore_context API ASoC: stm32: spdifrx: fix race condition in irq handler ASoC: stm32: spdifrx: fix inconsistent lock state RDMA/bnxt_re: Fix Send Work Entry state check while polling completions rtc: mt6397: fix alarm register overwrite drm/i915: Fix use-after-free when destroying GEM context dccp: Fix memleak in __feat_register_sp iwlwifi: dbg_ini: fix memory leak in alloc_sgtable wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle wimax: i2400: fix memory leak cifs: Fix lease buffer length error media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap mac80211: Do not send Layer 2 Update frame before authorization cfg80211/mac80211: make ieee80211_send_layer2_update a public function arm64: Make sure permission updates happen for pmd/pud arm64: Enforce BBM for huge IO/VMAP mappings arm64: mm: Change page table pointer name in p[md]_set_huge() arm64: don't open code page table entry creation rsi: add fix for crash during assertions fs/select: avoid clang stack usage warning ethtool: reduce stack usage with clang HID: hidraw, uhid: Always report EPOLLOUT HID: hidraw: Fix returning EPOLLOUT from hidraw_poll hidraw: Return EPOLLOUT from hidraw_poll cuttlefish: enable CONFIG_DUMMY=y Conflicts: arch/arm64/mm/mmu.c net/core/ethtool.c net/wireless/util.c Change-Id: I9062404104c97a86c4960f768e0be9220f69d192 Signed-off-by: Srinivasarao P <spathi@codeaurora.org> |
||
|
Srinivasarao P
|
84303e9b45 |
Merge android-4.14.163 (1cfd841) into msm-4.14
* refs/heads/tmp-1cfd841:
Revert "BACKPORT: perf_event: Add support for LSM and SELinux checks"
Linux 4.14.163
perf/x86/intel/bts: Fix the use of page_private()
xen/blkback: Avoid unmapping unmapped grant pages
s390/smp: fix physical to logical CPU map for SMT
net: add annotations on hh->hh_len lockless accesses
arm64: dts: meson: odroid-c2: Disable usb_otg bus to avoid power failed warning
ath9k_htc: Discard undersized packets
ath9k_htc: Modify byte order for an error message
rxrpc: Fix possible NULL pointer access in ICMP handling
selftests: rtnetlink: add addresses with fixed life time
powerpc/pseries/hvconsole: Fix stack overread via udbg
drm/mst: Fix MST sideband up-reply failure handling
scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails
fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP
tty: serial: msm_serial: Fix lockup for sysrq and oops
dt-bindings: clock: renesas: rcar-usb2-clock-sel: Fix typo in example
media: usb: fix memory leak in af9005_identify_state
regulator: ab8500: Remove AB8505 USB regulator
media: flexcop-usb: ensure -EIO is returned on error condition
Bluetooth: Fix memory leak in hci_connect_le_scan
Bluetooth: delete a stray unlock
Bluetooth: btusb: fix PM leak in error case of setup
platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table
xfs: don't check for AG deadlock for realtime files in bunmapi
scsi: qla2xxx: Drop superfluous INIT_WORK of del_work
nfsd4: fix up replay_matches_cache()
PM / devfreq: Check NULL governor in available_governors_show
arm64: Revert support for execute-only user mappings
ftrace: Avoid potential division by zero in function profiler
exit: panic before exit_mm() on global init exit
ALSA: firewire-motu: Correct a typo in the clock proc string
ALSA: cs4236: fix error return comparison of an unsigned integer
tracing: Have the histogram compare functions convert to u64 first
tracing: Fix lock inversion in trace_event_enable_tgid_record()
gpiolib: fix up emulated open drain outputs
ata: ahci_brcm: Fix AHCI resources management
ata: ahci_brcm: Allow optional reset controller to be used
ata: libahci_platform: Export again ahci_platform_<en/dis>able_phys()
compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE
compat_ioctl: block: handle Persistent Reservations
dmaengine: Fix access to uninitialized dma_slave_caps
locks: print unsigned ino in /proc/locks
pstore/ram: Write new dumps to start of recycled zones
memcg: account security cred as well to kmemcg
mm/zsmalloc.c: fix the migrated zspage statistics.
media: cec: avoid decrementing transmit_queue_sz if it is 0
media: cec: CEC 2.0-only bcast messages were ignored
media: pulse8-cec: fix lost cec_transmit_attempt_done() call
MIPS: Avoid VDSO ABI breakage due to global register variable
drm/sun4i: hdmi: Remove duplicate cleanup calls
ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code
drm: limit to INT_MAX in create_blob ioctl
taskstats: fix data-race
xfs: fix mount failure crash on invalid iclog memory access
PM / hibernate: memory_bm_find_bit(): Tighten node optimisation
xen/balloon: fix ballooned page accounting without hotplug enabled
xen-blkback: prevent premature module unload
IB/mlx4: Follow mirror sequence of device add during device removal
s390/cpum_sf: Avoid SBD overflow condition in irq handler
s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits
md: raid1: check rdev before reference in raid1_sync_request func
net: make socket read/write_iter() honor IOCB_NOWAIT
usb: gadget: fix wrong endpoint desc
drm/nouveau: Move the declaration of struct nouveau_conn_atom up a bit
scsi: libsas: stop discovering if oob mode is disconnected
scsi: iscsi: qla4xxx: fix double free in probe
scsi: qla2xxx: Don't call qlt_async_event twice
scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func
rxe: correctly calculate iCRC for unaligned payloads
RDMA/cma: add missed unregister_pernet_subsys in init failure
PM / devfreq: Don't fail devfreq_dev_release if not in list
iio: adc: max9611: Fix too short conversion time delay
nvme_fc: add module to ops template to allow module references
UPSTREAM: selinux: sidtab reverse lookup hash table
UPSTREAM: selinux: avoid atomic_t usage in sidtab
UPSTREAM: selinux: check sidtab limit before adding a new entry
UPSTREAM: selinux: fix context string corruption in convert_context()
BACKPORT: selinux: overhaul sidtab to fix bug and improve performance
UPSTREAM: selinux: refactor mls_context_to_sid() and make it stricter
UPSTREAM: selinux: Cleanup printk logging in services
UPSTREAM: scsi: ilog2: create truly constant version for sparse
BACKPORT: selinux: use separate table for initial SID lookup
UPSTREAM: selinux: make "selinux_policycap_names[]" const char *
UPSTREAM: selinux: refactor sidtab conversion
BACKPORT: selinux: wrap AVC state
UPSTREAM: selinux: wrap selinuxfs state
UPSTREAM: selinux: rename the {is,set}_enforcing() functions
BACKPORT: selinux: wrap global selinux state
UPSTREAM: selinux: Use kmem_cache for hashtab_node
BACKPORT: perf_event: Add support for LSM and SELinux checks
UPSTREAM: binder: Add binder_proc logging to binderfs
UPSTREAM: binder: Make transaction_log available in binderfs
UPSTREAM: binder: Add stats, state and transactions files
UPSTREAM: binder: add a mount option to show global stats
UPSTREAM: binder: Validate the default binderfs device names.
UPSTREAM: binder: Add default binder devices through binderfs when configured
UPSTREAM: binder: fix CONFIG_ANDROID_BINDER_DEVICES
UPSTREAM: android: binder: use kstrdup instead of open-coding it
UPSTREAM: binderfs: remove separate device_initcall()
BACKPORT: binderfs: respect limit on binder control creation
UPSTREAM: binderfs: switch from d_add() to d_instantiate()
UPSTREAM: binderfs: drop lock in binderfs_binder_ctl_create
UPSTREAM: binderfs: kill_litter_super() before cleanup
UPSTREAM: binderfs: rework binderfs_binder_device_create()
UPSTREAM: binderfs: rework binderfs_fill_super()
UPSTREAM: binderfs: prevent renaming the control dentry
UPSTREAM: binderfs: remove outdated comment
UPSTREAM: binderfs: fix error return code in binderfs_fill_super()
UPSTREAM: binderfs: handle !CONFIG_IPC_NS builds
BACKPORT: binderfs: reserve devices for initial mount
UPSTREAM: binderfs: rename header to binderfs.h
BACKPORT: binderfs: implement "max" mount option
UPSTREAM: binderfs: make each binderfs mount a new instance
UPSTREAM: binderfs: remove wrong kern_mount() call
BACKPORT: binder: implement binderfs
UPSTREAM: binder: remove BINDER_DEBUG_ENTRY()
UPSTREAM: seq_file: Introduce DEFINE_SHOW_ATTRIBUTE() helper macro
UPSTREAM: exit: panic before exit_mm() on global init exit
Conflicts:
drivers/gpu/drm/drm_property.c
security/selinux/avc.c
security/selinux/hooks.c
security/selinux/include/security.h
security/selinux/ss/services.c
Changed below files to fix build errors:
gen_headers_arm64.bp
gen_headers_arm.bp
Change-Id: Ie7e5cd66a03cfaa765a491598302b8f073ac159c
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
||
Arnd Bergmann
|
2e3f1f153b |
compat_ioctl: handle SIOCOUTQNSD
commit 9d7bf41fafa5b5ddd4c13eb39446b0045f0a8167 upstream.
Unlike the normal SIOCOUTQ, SIOCOUTQNSD was never handled in compat
mode. Add it to the common socket compat handler along with similar
ones.
Fixes: 2f4e1b397097 ("tcp: ioctl type SIOCOUTQNSD returns amount of data not sent")
Cc: Eric Dumazet <edumazet@google.com>
Cc: netdev@vger.kernel.org
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Jens Axboe
|
f42504ab0a |
net: make socket read/write_iter() honor IOCB_NOWAIT
[ Upstream commit ebfcd8955c0b52eb793bcbc9e71140e3d0cdb228 ] The socket read/write helpers only look at the file O_NONBLOCK. not the iocb IOCB_NOWAIT flag. This breaks users like preadv2/pwritev2 and io_uring that rely on not having the file itself marked nonblocking, but rather the iocb itself. Cc: netdev@vger.kernel.org Acked-by: David Miller <davem@davemloft.net> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Blagovest Kolenichev
|
8b902c6d60 |
Merge android-4.14-q.140 (2f8eadd) into msm-4.14
* refs/heads/tmp-2f8eadd: Linux 4.14.140 xfrm: policy: remove pcpu policy cache mmc: sdhci-of-arasan: Do now show error message in case of deffered probe bonding: Add vlan tx offload to hw_enc_features team: Add vlan tx offload to hw_enc_features net/mlx5e: Use flow keys dissector to parse packets for ARFS net/mlx5e: Only support tx/rx pause setting for port owner xen/netback: Reset nr_frags before freeing skb sctp: fix the transport error_count check net/packet: fix race in tpacket_snd() net/mlx4_en: fix a memory leak bug bnx2x: Fix VF's VLAN reconfiguration in reload. iommu/amd: Move iommu_init_pci() to .init section Input: psmouse - fix build error of multiple definition netfilter: conntrack: Use consistent ct id hash calculation arm64: ftrace: Ensure module ftrace trampoline is coherent with I-side arm64: compat: Allow single-byte watchpoints on all addresses Revert "tcp: Clear sk_send_head after purging the write queue" bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K USB: serial: option: Add Motorola modem UARTs USB: serial: option: add the BroadMobi BM818 card USB: serial: option: Add support for ZTE MF871A USB: serial: option: add D-Link DWM-222 device ID USB: CDC: fix sanity checks in CDC union parser usb: cdc-acm: make sure a refcount is taken early enough usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role" USB: core: Fix races in character device registration and deregistraion iio: adc: max9611: Fix temperature reading in probe staging: comedi: dt3000: Fix rounding up of timer divisor staging: comedi: dt3000: Fix signed integer overflow 'divider * base' KVM: arm/arm64: Sync ICH_VMCR_EL2 back when about to block asm-generic: fix -Wtype-limits compiler warnings ocfs2: remove set but not used variable 'last_hash' drm: msm: Fix add_gpu_components IB/mad: Fix use-after-free in ib mad completion handling IB/core: Add mitigation for Spectre V1 arm64/mm: fix variable 'pud' set but not used arm64: unwind: Prohibit probing on return_address() arm64/efi: fix variable 'si' set but not used kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules ata: libahci: do not complain in case of deferred probe scsi: qla2xxx: Fix possible fcport null-pointer dereferences scsi: hpsa: correct scsi command status issue after reset drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m libata: zpodd: Fix small read overflow in zpodd_get_mech_type() perf header: Fix use of unitialized value warning perf header: Fix divide by zero error if f_header.attr_size==0 irqchip/irq-imx-gpcv2: Forward irq type to parent irqchip/gic-v3-its: Free unused vpt_page when alloc vpe table fail xen/pciback: remove set but not used variable 'old_state' clk: renesas: cpg-mssr: Fix reset control race condition clk: at91: generated: Truncate divisor to GENERATED_MAX_DIV + 1 netfilter: ebtables: also count base chain policies net: usb: pegasus: fix improper read if get_registers() fail Input: iforce - add sanity checks Input: kbtab - sanity check for endpoint type HID: hiddev: do cleanup in failure of opening a device HID: hiddev: avoid opening a disconnected device HID: holtek: test for sanity of intfdata ALSA: hda - Let all conexant codec enter D3 when rebooting ALSA: hda - Add a generic reboot_notify ALSA: hda - Fix a memory leak bug ALSA: hda - Apply workaround for another AMD chip 1022:1487 xtensa: add missing isync to the cpu_reset TLB code x86/mm: Use WRITE_ONCE() when setting PTEs bpf: add bpf_jit_limit knob to restrict unpriv allocations bpf: restrict access to core bpf sysctls bpf: get rid of pure_initcall dependency to enable jits mm/memcontrol.c: fix use after free in mem_cgroup_iter() mm/usercopy: use memory range to be accessed for wraparound check sh: kernel: hw_breakpoint: Fix missing break in switch statement scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA Change-Id: I6365fb1dd47655e268bbd361acf0ad5e7ff9d433 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
Daniel Borkmann
|
234646dcfc |
bpf: get rid of pure_initcall dependency to enable jits
commit fa9dd599b4dae841924b022768354cfde9affecb upstream. Having a pure_initcall() callback just to permanently enable BPF JITs under CONFIG_BPF_JIT_ALWAYS_ON is unnecessary and could leave a small race window in future where JIT is still disabled on boot. Since we know about the setting at compilation time anyway, just initialize it properly there. Also consolidate all the individual bpf_jit_enable variables into a single one and move them under one location. Moreover, don't allow for setting unspecified garbage values on them. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Alexei Starovoitov <ast@kernel.org> [bwh: Backported to 4.14 as dependency of commit 2e4a30983b0f "bpf: restrict access to core bpf sysctls": - Adjust context] Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Blagovest Kolenichev
|
b36940959e |
Merge android-4.14.106 (8ed9bc6) into msm-4.14
* refs/heads/tmp-8ed9bc6:
Revert "staging: android: ion: fix sys heap pool's gfp_flags"
Linux 4.14.106
perf/x86/intel: Implement support for TSX Force Abort
x86: Add TSX Force Abort CPUID/MSR
perf/x86/intel: Generalize dynamic constraint creation
perf/x86/intel: Make cpuc allocations consistent
driver core: Postpone DMA tear-down until after devres release
ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom
gfs2: Fix missed wakeups in find_insert_glock
ARM: 8781/1: Fix Thumb-2 syscall return for binutils 2.29+
drm: disable uncached DMA optimization for ARM and arm64
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
ARM: dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3
arm64: dts: hikey: Give wifi some time after power-on
scsi: aacraid: Fix missing break in switch statement
iscsi_ibft: Fix missing break in switch statement
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
qed: Consider TX tcs while deriving the max num_queues for PF.
qed: Fix EQ full firmware assert.
fs: ratelimit __find_get_block_slow() failure message.
i2c: omap: Use noirq system sleep pm ops to idle device for suspend
MIPS: Remove function size check in get_frame_info()
perf trace: Support multiple "vfs_getname" probes
perf symbols: Filter out hidden symbols from labels
s390/qeth: fix use-after-free in error path
netfilter: nf_nat: skip nat clash resolution for same-origin entries
selftests: netfilter: add simple masq/redirect test cases
selftests: netfilter: fix config fragment CONFIG_NF_TABLES_INET
dmaengine: dmatest: Abort test in case of mapping error
vsock/virtio: reset connected sockets on device removal
vsock/virtio: fix kernel panic after device hot-unplug
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init
bpf: fix lockdep false positive in percpu_freelist
bpf, selftests: fix handling of sparse CPU allocations
relay: check return of create_buf_file() properly
irqchip/gic-v3-its: Fix ITT_entry_size accessor
net: stmmac: Disable EEE mode earlier in XMIT callback
net: stmmac: Send TSO packets always from Queue 0
net: stmmac: Fallback to Platform Data clock in Watchdog conversion
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
usb: phy: fix link errors
DTS: CI20: Fix bugs in ci20's device tree.
arm64: dts: add msm8996 compatible to gicv3
ARM: pxa: ssp: unneeded to free devm_ allocated data
bpf: sock recvbuff must be limited by rmem_max in bpf_setsockopt()
soc: fsl: qbman: avoid race in clearing QMan interrupt
arm64: dts: renesas: r8a7796: Enable DMA for SCIF2
ARM: dts: omap4-droid4: Fix typo in cpcap IRQ flags
autofs: fix error return in autofs_fill_super()
autofs: drop dentry reference only when it is never used
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
lib/test_kmod.c: potential double free in error handling
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
x86_64: increase stack size for KASAN_EXTRA
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
apparmor: Fix aa_label_build() error handling for failed merges
arm64: kprobe: Always blacklist the KVM world-switch code
x86/microcode/amd: Don't falsely trick the late loading mechanism
cifs: fix computation for MAX_SMB2_HDR_SIZE
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
scsi: 53c700: pass correct "dev" to dma_alloc_attrs()
scsi: libfc: free skb when receiving invalid flogi resp
qed: Fix stack out of bounds bug
qed: Fix system crash in ll2 xmit
qed: Fix VF probe failure while FLR
qed: Fix LACP pdu drops for VFs
qed: Fix bug in tx promiscuous mode settings
nfs: Fix NULL pointer dereference of dev_name
selftests: timers: use LDLIBS instead of LDFLAGS
gpio: vf610: Mask all GPIO interrupts
netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: hns: Restart autoneg need return failed when autoneg off
net: hns: Fix for missing of_node_put() after of_parse_phandle()
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
xtensa: SMP: limit number of possible CPUs by NR_CPUS
xtensa: SMP: mark each possible CPU as present
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: fix secondary CPU initialization
selftests: cpu-hotplug: fix case where CPUs offline > CPUs present
xtensa: SMP: fix ccount_timer_shutdown
iommu/amd: Fix IOMMU page flush when detach device from a domain
ipvs: Fix signed integer overflow when setsockopt timeout
iommu/amd: Unmap all mapped pages in error path of map_sg
iommu/amd: Call free_iova_fast with pfn in map_sg
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
perf tools: Handle TOPOLOGY headers with no CPU
perf core: Fix perf_proc_update_handler() bug
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
media: uvcvideo: Fix 'type' check leading to overflow
scsi: core: reset host byte in DID_NEXUS_FAILURE case
exec: Fix mem leak in kernel_read_file
Bluetooth: Fix locking in bt_accept_enqueue() for BH context
xtensa: fix get_wchan
hugetlbfs: fix races and page leaks during migration
MIPS: irq: Allocate accurate order pages for irq stack
applicom: Fix potential Spectre v1 vulnerabilities
x86/CPU/AMD: Set the CPB bit unconditionally on F17h
net: dsa: mv88e6xxx: Fix statistics on mv88e6161
net: phy: Micrel KSZ8061: link failure after cable connect
tun: remove unnecessary memory barrier
tun: fix blocking read
mpls: Return error for RTA_GATEWAY attribute
ipv6: Return error for RTA_VIA attribute
ipv4: Return error for RTA_VIA attribute
net: avoid use IPCB in cipso_v4_error
net: Add __icmp_send helper.
xen-netback: fix occasional leak of grant ref mappings under memory pressure
xen-netback: don't populate the hash cache on XenBus disconnect
net: socket: set sock->sk to NULL after calling proto_ops::release()
net: sit: fix memory leak in sit_init_net()
net: phy: phylink: fix uninitialized variable in phylink_get_mac_state
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
net: netem: fix skb length BUG_ON in __skb_to_sgvec
netlabel: fix out-of-bounds memory accesses
net: dsa: mv88e6xxx: Fix u64 statistics
hv_netvsc: Fix IP header checksum for coalesced packets
geneve: correctly handle ipv6.disable module parameter
bnxt_en: Drop oversize TX packets to prevent errors.
tipc: fix RDM/DGRAM connect() regression
team: Free BPF filter when unregistering netdev
sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
net-sysfs: Fix mem leak in netdev_register_kobject
net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex
ip6mr: Do not call __IP6_INC_STATS() from preemptible context
staging: android: ion: fix sys heap pool's gfp_flags
staging: wilc1000: fix to set correct value for 'vif_num'
staging: comedi: ni_660x: fix missing break in switch statement
USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
USB: serial: cp210x: add ID for Ingenico 3070
USB: serial: option: add Telit ME910 ECM composition
cpufreq: Use struct kobj_attribute instead of struct global_attr
ANDROID: cuttlefish: enable CONFIG_INET_UDP_DIAG=y
ANDROID: cuttlefish: enable CONFIG_USB_RTL8152=y
Change-Id: Id5bc9a3c0ca235fcf07904455ea829c7f49618ad
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
Eric Biggers
|
e5e8350da5 |
net: socket: set sock->sk to NULL after calling proto_ops::release()
[ Upstream commit ff7b11aa481f682e0e9711abfeb7d03f5cd612bf ]
Commit 9060cb719e61 ("net: crypto set sk to NULL when af_alg_release.")
fixed a use-after-free in sockfs_setattr() when an AF_ALG socket is
closed concurrently with fchownat(). However, it ignored that many
other proto_ops::release() methods don't set sock->sk to NULL and
therefore allow the same use-after-free:
- base_sock_release
- bnep_sock_release
- cmtp_sock_release
- data_sock_release
- dn_release
- hci_sock_release
- hidp_sock_release
- iucv_sock_release
- l2cap_sock_release
- llcp_sock_release
- llc_ui_release
- rawsock_release
- rfcomm_sock_release
- sco_sock_release
- svc_release
- vcc_release
- x25_release
Rather than fixing all these and relying on every socket type to get
this right forever, just make __sock_release() set sock->sk to NULL
itself after calling proto_ops::release().
Reproducer that produces the KASAN splat when any of these socket types
are configured into the kernel:
#include <pthread.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <unistd.h>
pthread_t t;
volatile int fd;
void *close_thread(void *arg)
{
for (;;) {
usleep(rand() % 100);
close(fd);
}
}
int main()
{
pthread_create(&t, NULL, close_thread, NULL);
for (;;) {
fd = socket(rand() % 50, rand() % 11, 0);
fchownat(fd, "", 1000, 1000, 0x1000);
close(fd);
}
}
Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Blagovest Kolenichev
|
07d9065fbe |
Merge android-4.14-p.79 (f9cf23e) into msm-4.14
* refs/heads/tmp-f9cf23e: Revert "net: qualcomm: rmnet: Skip processing loopback packets" Linux 4.14.79 net/mlx5: Fix build break when CONFIG_SMP=n net/sched: cls_api: add missing validation of netlink attributes net: bcmgenet: Poll internal PHY for GENETv5 net: ipmr: fix unresolved entry dumps rtnetlink: Disallow FDB configuration for non-Ethernet device net/mlx5e: fix csum adjustments caused by RXFCS net: fix pskb_trim_rcsum_slow() with odd trim offset net: drop skb on failure in ip_check_defrag() net: sched: Fix for duplicate class dump net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type openvswitch: Fix push/pop ethernet validation ip6_tunnel: Fix encapsulation layout bonding: fix length of actor system ethtool: fix a privilege escalation bug virtio_net: avoid using netif_tx_disable() for serializing tx routine vhost: Fix Spectre V1 vulnerability udp6: fix encap return code for resubmitting sctp: fix race on sctp_id2asoc r8169: fix NAPI handling under high load net: udp: fix handling of CHECKSUM_COMPLETE packets net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules net: socket: fix a missing-check bug net: sched: gred: pass the right attribute to gred_change_table_def() net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs net: fec: don't dump RX FIFO register when not available llc: set SOCK_RCU_FREE in llc_sap_add_socket() ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called ipv6: mcast: fix a use-after-free in inet6_mc_check net: bridge: remove ipv6 zero address check in mcast queries bridge: do not add port to router list when receives query with source 0.0.0.0 drm/i915/gvt: fix memory leak of a cmd_entry struct on error exit path perf tools: Disable parallelism for 'make clean' Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing" ALSA: usx2y: Fix invalid stream URBs media: uvcvideo: Fix driver reference counting ARM: dts: r8a7790: Correct critical CPU temperature kvm: x86: fix WARN due to uninitialized guest FPU state mtd: spi-nor: Add support for is25wp series chips sch_netem: restore skb->dev after dequeuing from the rbtree fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() selftests: rtnetlink.sh explicitly requires bash. net: ena: fix NULL dereference due to untimely napi initialization net: ena: fix warning in rmmod caused by double iounmap rxrpc: Fix connection-level abort handling rxrpc: Only take the rwind and mtu values from latest ACK rxrpc: Don't check RXRPC_CALL_TX_LAST after calling rxrpc_rotate_tx_window() perf python: Use -Wno-redundant-decls to build with PYTHON=python3 ARM: dts: imx53-qsb: disable 1.2GHz OPP compiler.h: Allow arch-specific asm/compiler.h perf tests: Fix indexing when invoking subtests libertas: call into generic suspend code before turning off power kconfig: fix the rule of mainmenu_stmt symbol net: stmmac: mark PM functions as __maybe_unused x86/paravirt: Fix some warning messages net: phy: phylink: Don't release NULL GPIO btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf scsi: sd: Remember that READ CAPACITY(16) succeeded scsi: ibmvfc: Avoid unnecessary port relogin selftests/powerpc: Add ptrace hw breakpoint test iio: buffer: fix the function signature to match implementation enic: do not overwrite error code lan78xx: Don't reset the interface on open MIPS: Workaround GCC __builtin_unreachable reordering bug mmc: dw_mmc-rockchip: correct property names in debug IB/usnic: Update with bug fixes from core code xen-netfront: Fix mismatched rtnl_unlock xen-netfront: Update features after registering netdev tpm: tpm_crb: relinquish locality on error path. bpf: sockmap, map_release does not hold refcnt for pinned maps tpm: move the delay_msec increment after sleep in tpm_transmit() sparc64: Fix regression in pmdp_invalidate(). KVM: x86: Update the exit_qualification access bits while walking an address test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches cifs: Use ULL suffix for 64-bit constant l2tp: remove configurable payload offset ARM: tegra: Fix ULPI regression on Tegra20 IB/mlx5: Avoid passing an invalid QP type to firmware kbuild: set no-integrated-as before incl. arch Makefile scsi: qla2xxx: Avoid double completion of abort command net/mlx5e: Refine ets validation function net: phy: Add general dummy stubs for MMD register access net: phy: realtek: Use the dummy stubs for MMD register access for rtl8211b dm integrity: fail early if required HMAC key is not available powerpc/pseries: Add empty update_numa_cpu_lookup_table() for NUMA=n net/mlx5: Fix mlx5_get_vector_affinity function s390/qeth: fix error handling in adapter command callbacks IB/rxe: put the pool on allocation failure IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush scsi: aacraid: address UBSAN warning regression usbip: vhci_hcd: update 'status' file header and format tools/testing/nvdimm: unit test clear-error commands iwlwifi: fix the ALIVE notification layout iwlwifi: dbg: allow wrt collection before ALIVE iwlwifi: mvm: check for short GI only for OFDM ocfs2: fix crash in ocfs2_duplicate_clusters_by_page() yam: fix a missing-check bug net: cxgb3_main: fix a missing-check bug be2net: don't flip hw_features when VXLANs are added/deleted locking/ww_mutex: Fix runtime warning in the WW mutex selftest net: qualcomm: rmnet: Skip processing loopback packets declance: Fix continuation with the adapter identification message net: fec: fix rare tx timeout perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX perf/ring_buffer: Prevent concurent ring buffer access perf/core: Fix perf_pmu_unregister() locking cfg80211: fix use-after-free in reg_process_hint() smsc95xx: Check for Wake-on-LAN modes smsc75xx: Check for Wake-on-LAN modes r8152: Check for supported Wake-on-LAN Modes sr9800: Check for supported Wake-on-LAN modes lan78xx: Check for supported Wake-on-LAN modes ax88179_178a: Check for supported Wake-on-LAN modes asix: Check for supported Wake-on-LAN modes nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt qed: Avoid constant logical operation warning in qed_vf_pf_acquire qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv qed: Avoid implicit enum conversion in qed_set_tunn_cls_info pxa168fb: prepare the clock Bluetooth: SMP: fix crash in unpairing mac80211_hwsim: do not omit multicast announce of first added radio nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift() soc: fsl: qbman: qman: avoid allocating from non existing gen_pool net: macb: Clean 64b dma addresses if they are not detected ARM: dts: BCM63xx: Fix incorrect interrupt specifiers arm64: hugetlb: Fix handling of young ptes netfilter: bridge: Don't sabotage nf_hook calls from an l3mdev xfrm: validate template mode ARM: 8799/1: mm: fix pci_ioremap_io() offset check xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry. mac80211: fix TX status reporting for ieee80211s mac80211: TDLS: fix skb queue/priority assignment cfg80211: Address some corner cases in scan result channel updating mac80211: fix pending queue hang due to TX_DROP cfg80211: reg: Init wiphy_idx in regulatory_hint_core() mac80211: Always report TX status xfrm: reset crypto_done when iterating over multiple input xfrms xfrm: reset transport header back to network header after all input transforms ahave been applied xfrm6: call kfree_skb when skb is toobig xfrm: Validate address prefix lengths in the xfrm selector. Conflicts: arch/Kconfig Change-Id: I93e1459c0e7511f2d30bd01fc3f5bf81f23a7bf6 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
Wenwen Wang
|
7d58456872 |
net: socket: fix a missing-check bug
[ Upstream commit b6168562c8ce2bd5a30e213021650422e08764dc ] In ethtool_ioctl(), the ioctl command 'ethcmd' is checked through a switch statement to see whether it is necessary to pre-process the ethtool structure, because, as mentioned in the comment, the structure ethtool_rxnfc is defined with padding. If yes, a user-space buffer 'rxnfc' is allocated through compat_alloc_user_space(). One thing to note here is that, if 'ethcmd' is ETHTOOL_GRXCLSRLALL, the size of the buffer 'rxnfc' is partially determined by 'rule_cnt', which is actually acquired from the user-space buffer 'compat_rxnfc', i.e., 'compat_rxnfc->rule_cnt', through get_user(). After 'rxnfc' is allocated, the data in the original user-space buffer 'compat_rxnfc' is then copied to 'rxnfc' through copy_in_user(), including the 'rule_cnt' field. However, after this copy, no check is re-enforced on 'rxnfc->rule_cnt'. So it is possible that a malicious user race to change the value in the 'compat_rxnfc->rule_cnt' between these two copies. Through this way, the attacker can bypass the previous check on 'rule_cnt' and inject malicious data. This can cause undefined behavior of the kernel and introduce potential security risk. This patch avoids the above issue via copying the value acquired by get_user() to 'rxnfc->rule_cn', if 'ethcmd' is ETHTOOL_GRXCLSRLALL. Signed-off-by: Wenwen Wang <wang6495@umn.edu> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Isaac J. Manjarres
|
b2c8463039 |
Merge android-4.14-p.61 (b7e55e8) into msm-4.14
* remotes/origin/tmp-b7e55e8:
Linux 4.14.61
scsi: sg: fix minor memory leak in error path
drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats
crypto: padlock-aes - Fix Nano workaround data corruption
RDMA/uverbs: Expand primary and alt AV port checks
iwlwifi: add more card IDs for 9000 series
userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails
audit: fix potential null dereference 'context->module.name'
kvm: x86: vmx: fix vpid leak
x86/entry/64: Remove %ebx handling from error_entry/exit
x86/apic: Future-proof the TSC_DEADLINE quirk for SKX
virtio_balloon: fix another race between migration and ballooning
net: socket: fix potential spectre v1 gadget in socketcall
can: ems_usb: Fix memory leak on ems_usb_disconnect()
squashfs: more metadata hardenings
squashfs: more metadata hardening
net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager
rxrpc: Fix user call ID check in rxrpc_service_prealloc_one
net: stmmac: Fix WoL for PCI-based setups
netlink: Fix spectre v1 gadget in netlink_create()
net: dsa: Do not suspend/resume closed slave_dev
ipv4: frags: handle possible skb truesize change
inet: frag: enforce memory limits earlier
bonding: avoid lockdep confusion in bond_get_stats()
Linux 4.14.60
tcp: add one more quick ack after after ECN events
tcp: refactor tcp_ecn_check_ce to remove sk type cast
tcp: do not aggressively quick ack after ECN events
tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode
tcp: do not force quickack when receiving out-of-order packets
netlink: Don't shift with UB on nlk->ngroups
netlink: Do not subscribe to non-existent groups
xen-netfront: wait xenbus state change when load module manually
tcp_bbr: fix bw probing to raise in-flight data for very small BDPs
NET: stmmac: align DMA stuff to largest cache line length
net: mdio-mux: bcm-iproc: fix wrong getter and setter pair
net: lan78xx: fix rx handling before first packet is send
net: fix amd-xgbe flow-control issue
net: ena: Fix use of uninitialized DMA address bits field
ipv4: remove BUG_ON() from fib_compute_spec_dst
net: dsa: qca8k: Allow overwriting CPU port setting
net: dsa: qca8k: Add QCA8334 binding documentation
net: dsa: qca8k: Enable RXMAC when bringing up a port
net: dsa: qca8k: Force CPU port to its highest bandwidth
RDMA/uverbs: Protect from attempts to create flows on unsupported QP
usb: gadget: udc: renesas_usb3: should remove debugfs
ovl: Sync upper dirty data when syncing overlayfs
PCI: xgene: Remove leftover pci_scan_child_bus() call
PCI: pciehp: Assume NoCompl+ for Thunderbolt ports
ext4: fix check to prevent initializing reserved inodes
ext4: check for allocation block validity with block group locked
ext4: fix inline data updates with checksums enabled
squashfs: be more careful about metadata corruption
random: mix rdrand with entropy sent in from userspace
block: reset bi_iter.bi_done after splitting bio
blkdev: __blkdev_direct_IO_simple: fix leak in error case
block: bio_iov_iter_get_pages: fix size of last iovec
drm/dp/mst: Fix off-by-one typo when dump payload table
drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown()
drm: Add DP PSR2 sink enable bit
ASoC: topology: Add missing clock gating parameter when parsing hw_configs
ASoC: topology: Fix bclk and fsync inversion in set_link_hw_format()
media: si470x: fix __be16 annotations
media: atomisp: compat32: fix __user annotations
scsi: cxlflash: Avoid clobbering context control register value
scsi: cxlflash: Synchronize reset and remove ops
scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
scsi: scsi_dh: replace too broad "TP9" string with the exact models
regulator: Don't return or expect -errno from of_map_mode()
media: omap3isp: fix unbalanced dma_iommu_mapping
crypto: authenc - don't leak pointers to authenc keys
crypto: authencesn - don't leak pointers to authenc keys
usb: hub: Don't wait for connect state at resume for powered-off ports
microblaze: Fix simpleImage format generation
soc: imx: gpcv2: Do not pass static memory as platform data
serial: core: Make sure compiler barfs for 16-byte earlycon names
staging: lustre: ldlm: free resource when ldlm_lock_create() fails.
staging: lustre: llite: correct removexattr detection
staging: vchiq_core: Fix missing semaphore release in error case
audit: allow not equal op for audit by executable
rsi: fix nommu_map_sg overflow kernel panic
rsi: Fix 'invalid vdd' warning in mmc
ipconfig: Correctly initialise ic_nameservers
drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
igb: Fix queue selection on MAC filters on i210
arm64: defconfig: Enable Rockchip io-domain driver
nvme: lightnvm: add granby support
memory: tegra: Apply interrupts mask per SoC
memory: tegra: Do not handle spurious interrupts
delayacct: Use raw_spinlocks
stop_machine: Use raw spinlocks
backlight: pwm_bl: Don't use GPIOF_* with gpiod_get_direction
dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
net: hns3: Fixes the out of bounds access in hclge_map_tqp
spi: meson-spicc: Fix error handling in meson_spicc_probe()
dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC
mmc: pwrseq: Use kmalloc_array instead of stack VLA
mmc: dw_mmc: update actual clock for mmc debugfs
ALSA: hda/ca0132: fix build failure when a local macro is defined
drm/atomic: Handling the case when setting old crtc for plane
media: siano: get rid of __le32/__le16 cast warnings
f2fs: avoid fsync() failure caused by EAGAIN in writepage()
bpf: fix references to free_bpf_prog_info() in comments
thermal: exynos: fix setting rising_threshold for Exynos5433
staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5
staging: lustre: o2iblnd: fix race at kiblnd_connect_peer
scsi: qedf: Set the UNLOADING flag when removing a vport
scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw
scsi: megaraid: silence a static checker bug
scsi: 3w-xxxx: fix a missing-check bug
scsi: 3w-9xxx: fix a missing-check bug
bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only.
perf: fix invalid bit in diagnostic entry
s390/cpum_sf: Add data entry sizes to sampling trailer entry
brcmfmac: Add support for bcm43364 wireless chipset
mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
media: saa7164: Fix driver name in debug output
media: media-device: fix ioctl function types
ACPI / LPSS: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2
libata: Fix command retry decision
media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
net: phy: phylink: Release link GPIO
dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
tty: Fix data race in tty_insert_flip_string_fixed_flag
i40e: free the skb after clearing the bitlock
nvmem: properly handle returned value nvmem_reg_read
ARM: dts: sh73a0: Add missing interrupt-affinity to PMU node
ARM: dts: emev2: Add missing interrupt-affinity to PMU node
ARM: dts: stih407-pinctrl: Fix complain about IRQ_TYPE_NONE usage
EDAC, altera: Fix ARM64 build warning
HID: i2c-hid: check if device is there before really probing
powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet
drm/amdgpu: Remove VRAM from shared bo domains.
drm/radeon: fix mode_valid's return type
arm64: dts: renesas: salvator-common: use audio-graph-card for Sound
HID: hid-plantronics: Re-resend Update to map button for PTT products
arm64: cmpwait: Clear event register before arming exclusive monitor
media: atomisp: ov2680: don't declare unused vars
ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback
net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value
media: smiapp: fix timeout checking in smiapp_read_nvm
ixgbevf: fix MAC address changes through ixgbevf_set_mac()
md: fix NULL dereference of mddev->pers in remove_and_add_spares()
md/raid1: add error handling of read error from FailFast device
regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
ALSA: emu10k1: Rate-limit error messages about page errors
rtc: tps65910: fix possible race condition
rtc: vr41xx: fix possible race condition
rtc: tps6586x: fix possible race condition
Bluetooth: btusb: add ID for LiteOn 04ca:301a
drm/nouveau/fifo/gk104-: poll for runlist update completion
scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger
scsi: ufs: fix exception event handling
scsi: ufs: ufshcd: fix possible unclocked register access
fscrypt: use unbound workqueue for decryption
net: hns3: Fix the missing client list node initialization
spi: Add missing pm_runtime_put_noidle() after failed get
drivers/perf: arm-ccn: don't log to dmesg in event_init
ima: based on policy verify firmware signatures (pre-allocated buffer)
mwifiex: correct histogram data with appropriate index
net: dsa: qca8k: Add support for QCA8334 switch
PCI: pciehp: Request control of native hotplug only if supported
bpf: powerpc64: pad function address loads with NOPs
pinctrl: at91-pio4: add missing of_node_put
powerpc/8xx: fix invalid register expression in head_8xx.S
spi: sh-msiof: Fix setting SIRMDR1.SYNCAC to match SITMDR1.SYNCAC
powerpc: Add __printf verification to prom_printf
powerpc/powermac: Mark variable x as unused
powerpc/powermac: Add missing prototype for note_bootable_part()
powerpc/chrp/time: Make some functions static, add missing header include
powerpc/32: Add a missing include header
ath: Add regulatory mapping for Bahamas
ath: Add regulatory mapping for Bermuda
ath: Add regulatory mapping for Serbia
ath: Add regulatory mapping for Tanzania
ath: Add regulatory mapping for Uganda
ath: Add regulatory mapping for APL2_FCCA
ath: Add regulatory mapping for APL13_WORLD
ath: Add regulatory mapping for ETSI8_WORLD
ath: Add regulatory mapping for FCC3_ETSIC
nvme-pci: Fix AER reset handling
nvme-rdma: stop admin queue before freeing it
PCI: Prevent sysfs disable of device while driver is attached
PM / wakeup: Make s2idle_lock a RAW_SPINLOCK
x86/microcode: Make the late update update_lock a raw lock for RT
btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
Btrfs: don't BUG_ON() in btrfs_truncate_inode_items()
Btrfs: don't return ino to ino cache if inode item removal fails
media: videobuf2-core: don't call memop 'finish' when queueing
media: tw686x: Fix incorrect vb2_mem_ops GFP flags
net: hns3: Fixes the init of the VALID BD info in the descriptor
wlcore: sdio: check for valid platform device data before suspend
mwifiex: handle race during mwifiex_usb_disconnect
mfd: cros_ec: Fail early if we cannot identify the EC
ASoC: dpcm: fix BE dai not hw_free and shutdown
Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
iwlwifi: pcie: fix race in Rx buffer allocator
btrfs: balance dirty metadata pages in btrfs_finish_ordered_io
PCI: Fix devm_pci_alloc_host_bridge() memory leak
selftests: intel_pstate: return Kselftest Skip code for skipped tests
selftests: memfd: return Kselftest Skip code for skipped tests
selftests/intel_pstate: Improve test, minor fixes
perf/x86/intel/uncore: Correct fixed counter index check for NHM
perf/x86/intel/uncore: Correct fixed counter index check in generic code
usbip: dynamically allocate idev by nports found in sysfs
usbip: usbip_detach: Fix memory, udev context and udev leak
block, bfq: remove wrong lock in bfq_requests_merged
f2fs: fix race in between GC and atomic open
f2fs: fix to detect failure of dquot_initialize
f2fs: Fix deadlock in shutdown ioctl
f2fs: fix to wait page writeback during revoking atomic write
f2fs: fix to don't trigger writeback during recovery
f2fs: fix error path of move_data_page
disable loading f2fs module on PAGE_SIZE > 4KB
pnfs: Don't release the sequence slot until we've processed layoutget on open
netfilter: nf_tables: check msg_type before nft_trans_set(trans)
lightnvm: pblk: warn in case of corrupted write buffer
RDMA/mad: Convert BUG_ONs to error flows
powerpc/64s: Fix compiler store ordering to SLB shadow area
hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
powerpc/eeh: Fix use-after-release of EEH driver
powerpc/64s: Add barrier_nospec
powerpc/lib: Adjust .balign inside string functions for PPC32
infiniband: fix a possible use-after-free bug
e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
ceph: fix alignment of rasize
bpf, arm32: fix inconsistent naming about emit_a32_lsr_{r64,i64}
printk: drop in_nmi check from printk_safe_flush_on_panic()
watchdog: da9063: Fix updating timeout value
irqchip/ls-scfg-msi: Map MSIs in the iommu
netfilter: ipset: List timing out entries with "timeout 1" instead of zero
netfilter: ipset: forbid family for hash:mac sets
perf tools: Fix pmu events parsing rule
rtc: ensure rtc_set_alarm fails when alarms are not supported
mm/slub.c: add __printf verification to slab_err()
mm: vmalloc: avoid racy handling of debugobjects in vunmap
mm: /proc/pid/pagemap: hide swap entries from unprivileged users
kernel/hung_task.c: show all hung tasks before panic
vfio/type1: Fix task tracking for QEMU vCPU hotplug
vfio/mdev: Check globally for duplicate devices
vfio: platform: Fix reset module leak in error path
nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY
ALSA: fm801: add error handling for snd_ctl_add
ALSA: emu10k1: add error handling for snd_ctl_add
skip LAYOUTRETURN if layout is invalid
hv_netvsc: fix network namespace issues with VF support
xen/netfront: raise max number of slots in xennet_get_responses()
kcov: ensure irq code sees a valid area
mlxsw: spectrum_switchdev: Fix port_vlan refcounting
arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
tracing: Quiet gcc warning about maybe unused link variable
tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
kthread, tracing: Don't expose half-written comm when creating kthreads
tracing: Fix possible double free in event_enable_trigger_func()
tracing: Fix double free of event_trigger_data
delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
kvm, mm: account shadow page tables to kmemcg
Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
Input: elan_i2c - add ACPI ID for lenovo ideapad 330
spi: spi-s3c64xx: Fix system resume support
drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4
IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()
drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4
RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access
i2c: core: decrease reference count of device node in i2c_unregister_device
fork: unconditionally clear stack on fork
Linux 4.14.59
turn off -Wattribute-alias
can: m_can.c: fix setup of CCCR register: clear CCCR NISO bit before checking can.ctrlmode
can: peak_canfd: fix firmware < v3.3.0: limit allocation to 32-bit DMA addr only
can: xilinx_can: fix RX overflow interrupt not being enabled
can: xilinx_can: fix incorrect clear of non-processed interrupts
can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting
can: xilinx_can: fix device dropping off bus on RX overrun
can: xilinx_can: fix recovery from error states not being propagated
can: xilinx_can: fix power management handling
can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK
driver core: Partially revert "driver core: correct device's shutdown order"
usb: gadget: f_fs: Only return delayed status when len is 0
usb: dwc2: Fix DMA alignment to start at allocated boundary
usb: core: handle hub C_PORT_OVER_CURRENT condition
usb: cdc_acm: Add quirk for Castles VEGA3000
staging: speakup: fix wraparound in uaccess length check
tcp: add tcp_ooo_try_coalesce() helper
tcp: call tcp_drop() from tcp_data_queue_ofo()
tcp: detect malicious patterns in tcp_collapse_ofo_queue()
tcp: avoid collapses in tcp_prune_queue() if possible
tcp: free batches of packets in tcp_prune_ofo_queue()
tcp: do not delay ACK in DCTCP upon CE status change
tcp: do not cancel delay-AcK on DCTCP special ACK
tcp: helpers to send special DCTCP ack
tcp: fix dctcp delayed ACK schedule
vxlan: fix default fdb entry netlink notify ordering during netdev create
vxlan: make netlink notify in vxlan_fdb_destroy optional
vxlan: add new fdb alloc and create helpers
rtnetlink: add rtnl_link_state check in rtnl_configure_link
sock: fix sg page frag coalescing in sk_alloc_sg
net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv
multicast: do not restore deleted record source filter mode to new one
net/ipv6: Fix linklocal to global address with VRF
net/mlx5e: Fix quota counting in aRFS expire flow
net/mlx5e: Don't allow aRFS for encapsulated packets
net/mlx5: Adjust clock overflow work period
net: skb_segment() should not return NULL
net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper
ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
ip: hash fragments consistently
bonding: set default miimon value for non-arp modes if not set
drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs
drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit()
KVM: PPC: Check if IOMMU page is contained in the pinned physical page
xen/PVH: Set up GS segment for stack canary
MIPS: Fix off-by-one in pci_resource_to_user()
MIPS: ath79: fix register address in ath79_ddr_wb_flush()
Revert "cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting"
ANDROID: verity: really fix android-verity Kconfig
tcp: add tcp_ooo_try_coalesce() helper
tcp: call tcp_drop() from tcp_data_queue_ofo()
tcp: detect malicious patterns in tcp_collapse_ofo_queue()
tcp: avoid collapses in tcp_prune_queue() if possible
tcp: free batches of packets in tcp_prune_ofo_queue()
x86_64_cuttlefish_defconfig: Enable android-verity
x86_64_cuttlefish_defconfig: enable verity cert
ANDROID: android-verity: Fix broken parameter handling.
ANDROID: android-verity: Make it work with newer kernels
ANDROID: android-verity: Add API to verify signature with builtin keys.
ANDROID: verity: fix android-verity Kconfig dependencies
Linux 4.14.58
xhci: Fix perceived dead host due to runtime suspend race with event handler
powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle)
cxl_getfile(): fix double-iput() on alloc_file() failures
alpha: fix osf_wait4() breakage
net: usb: asix: replace mii_nway_restart in resume path
ipv6: make DAD fail with enhanced DAD when nonce length differs
net: systemport: Fix CRC forwarding check for SYSTEMPORT Lite
net/mlx4_en: Don't reuse RX page when XDP is set
hv_netvsc: Fix napi reschedule while receive completion is busy
tg3: Add higher cpu clock for 5762.
qmi_wwan: add support for Quectel EG91
ptp: fix missing break in switch
net: phy: fix flag masking in __set_phy_supported
net/ipv4: Set oif in fib_compute_spec_dst
skbuff: Unconditionally copy pfmemalloc in __skb_clone()
net: Don't copy pfmemalloc flag in __copy_skb_header()
net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort
lib/rhashtable: consider param->min_size when setting initial table size
ipv6: ila: select CONFIG_DST_CACHE
ipv6: fix useless rol32 call on hash
ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
gen_stats: Fix netlink stats dumping in the presence of padding
drm/nouveau: Avoid looping through fake MST connectors
drm/nouveau: Use drm_connector_list_iter_* for iterating connectors
drm/i915: Fix hotplug irq ack on i965/g4x
stop_machine: Disable preemption when waking two stopper threads
vfio/spapr: Use IOMMU pageshift rather than pagesize
vfio/pci: Fix potential Spectre v1
cpufreq: intel_pstate: Register when ACPI PCCH is present
mm/huge_memory.c: fix data loss when splitting a file pmd
mm: memcg: fix use after free in mem_cgroup_iter()
ARC: mm: allow mprotect to make stack mappings executable
ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
ARC: Fix CONFIG_SWAP
ARCv2: [plat-hsdk]: Save accl reg pair by default
ALSA: hda: add mute led support for HP ProBook 455 G5
ALSA: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk
ALSA: rawmidi: Change resized buffers atomically
fat: fix memory allocation failure handling of match_strdup()
x86/MCE: Remove min interval polling limitation
x86/events/intel/ds: Fix bts_interrupt_threshold alignment
x86/apm: Don't access __preempt_count with zeroed fs
KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel.
scsi: sd_zbc: Fix variable type and bogus comment
ANDROID: uid_sys_stats: Replace tasklist lock with RCU in uid_cputime_show
Linux 4.14.57
string: drop __must_check from strscpy() and restore strscpy() usages in cgroup
arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID
arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests
arm64: KVM: Add ARCH_WORKAROUND_2 support for guests
arm64: KVM: Add HYP per-cpu accessors
arm64: ssbd: Add prctl interface for per-thread mitigation
arm64: ssbd: Introduce thread flag to control userspace mitigation
arm64: ssbd: Restore mitigation status on CPU resume
arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation
arm64: ssbd: Add global mitigation state accessor
arm64: Add 'ssbd' command-line option
arm64: Add ARCH_WORKAROUND_2 probing
arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2
arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
arm/arm64: smccc: Add SMCCC-specific return codes
KVM: arm64: Avoid storing the vcpu pointer on the stack
KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state
arm64: alternatives: Add dynamic patching feature
KVM: arm64: Stop save/restoring host tpidr_el1 on VHE
arm64: alternatives: use tpidr_el2 on VHE hosts
KVM: arm64: Change hyp_panic()s dependency on tpidr_el2
KVM: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation
KVM: arm64: Store vcpu on the stack during __guest_enter()
net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
rds: avoid unenecessary cong_update in loop transport
bdi: Fix another oops in wb_workfn()
netfilter: ipv6: nf_defrag: drop skb dst before queueing
nsh: set mac len based on inner packet
autofs: fix slab out of bounds read in getname_kernel()
tls: Stricter error checking in zerocopy sendmsg path
KEYS: DNS: fix parsing multiple options
reiserfs: fix buffer overflow with long warning messages
netfilter: ebtables: reject non-bridge targets
PCI: hv: Disable/enable IRQs rather than BH in hv_compose_msi_msg()
block: do not use interruptible wait anywhere
mtd: rawnand: denali_dt: set clk_x_rate to 200 MHz unconditionally
crypto: af_alg - Initialize sg_num_bytes in error code path
clocksource: Initialize cs->wd_list
media: rc: oops in ir_timer_keyup after device unplug
xhci: Fix USB3 NULL pointer dereference at logical disconnect.
net: lan78xx: Fix race in tx pending skb size calculation
rtlwifi: rtl8821ae: fix firmware is not ready to run
rtlwifi: Fix kernel Oops "Fw download fail!!"
net: cxgb3_main: fix potential Spectre v1
VSOCK: fix loopback on big-endian systems
vhost_net: validate sock before trying to put its fd
tcp: prevent bogus FRTO undos with non-SACK flows
tcp: fix Fast Open key endianness
strparser: Remove early eaten to fix full tcp receive buffer stall
stmmac: fix DMA channel hang in half-duplex mode
r8152: napi hangup fix after disconnect
qmi_wwan: add support for the Dell Wireless 5821e module
qed: Limit msix vectors in kdump kernel to the minimum required count.
qed: Fix use of incorrect size in memcpy call.
qed: Fix setting of incorrect eswitch mode.
qede: Adverstise software timestamp caps when PHC is not available.
net/tcp: Fix socket lookups with SO_BINDTODEVICE
net: sungem: fix rx checksum support
net_sched: blackhole: tell upper qdisc about dropped packets
net/packet: fix use-after-free
net: mvneta: fix the Rx desc DMA address in the Rx path
net/mlx5: Fix wrong size allocation for QoS ETC TC regitster
net/mlx5: Fix required capability for manipulating MPFS
net/mlx5: Fix incorrect raw command length parsing
net/mlx5: Fix command interface race in polling mode
net/mlx5: E-Switch, Avoid setup attempt if not being e-switch manager
net/mlx5e: Don't attempt to dereference the ppriv struct if not being eswitch manager
net/mlx5e: Avoid dealing with vport representors if not being e-switch manager
net: macb: Fix ptp time adjustment for large negative delta
net: fix use-after-free in GRO with ESP
net: dccp: switch rx_tstamp_last_feedback to monotonic clock
net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
ixgbe: split XDP_TX tail and XDP_REDIRECT map flushing
ipvlan: fix IFLA_MTU ignored on NEWLINK
ipv6: sr: fix passing wrong flags to crypto_alloc_shash()
hv_netvsc: split sub-channel setup into async and sync
atm: zatm: Fix potential Spectre v1
atm: Preserve value of skb->truesize when accounting to vcc
alx: take rtnl before calling __alx_open from resume
crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak
crypto: crypto4xx - remove bad list_del
PCI: exynos: Fix a potential init_clk_resources NULL pointer dereference
bcm63xx_enet: do not write to random DMA channel on BCM6345
bcm63xx_enet: correct clock usage
ocfs2: ip_alloc_sem should be taken in ocfs2_get_block()
ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
xprtrdma: Fix corner cases when handling device removal
cpufreq / CPPC: Set platform specific transition_delay_us
Btrfs: fix duplicate extents after fsync of file with prealloc extents
x86/paravirt: Make native_save_fl() extern inline
x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
ANDROID: Add hold functionality to schedtune CPU boost
ANDROID: sched/rt: Add schedtune accounting to rt task enqueue/dequeue
UPSTREAM: cpuidle: menu: Avoid selecting shallow states with stopped tick
UPSTREAM: cpuidle: menu: Refine idle state selection for running tick
UPSTREAM: sched: idle: Select idle state before stopping the tick
BACKPORT: time: hrtimer: Introduce hrtimer_next_event_without()
BACKPORT: time: tick-sched: Split tick_nohz_stop_sched_tick()
UPSTREAM: cpuidle: Return nohz hint from cpuidle_select()
UPSTREAM: jiffies: Introduce USER_TICK_USEC and redefine TICK_USEC
UPSTREAM: sched: idle: Do not stop the tick before cpuidle_idle_call()
BACKPORT: sched: idle: Do not stop the tick upfront in the idle loop
BACKPORT: time: tick-sched: Reorganize idle tick management code
ANDROID: sched/fair: fix a warning
ANDROID: sched/walt: Fix compilation issue for x86_64
ANDROID: mnt: Fix next_descendent
ANDROID: sched/events: Introduce util_est trace events
ANDROID: sched/fair: schedtune: update before schedutil
FROMLIST: sched/fair: add support to tune PELT ramp/decay timings
BACKPORT: sched/fair: Update util_est before updating schedutil
BACKPORT: sched/fair: Update util_est only on util_avg updates
BACKPORT: sched/fair: Use util_est in LB and WU paths
BACKPORT: sched/fair: Add util_est on top of PELT
ANDROID: sched/fair: Cleanup cpu_util{_wake}()
ANDROID: sched: Update max cpu capacity in case of max frequency constraints
ANDROID: arm: enable max frequency capping
ANDROID: arm64: enable max frequency capping
ANDROID: implement max frequency capping
ANDROID: sched/fair: add arch scaling function for max frequency capping
ANDROID: trace: Add WALT util signal to trace event sched_load_cfs_rq
ANDROID: sched, trace: Remove trace event sched_load_avg_cpu
ANDROID: Rename and move include/linux/sched_energy.h
ANDROID: Adjust juno energy model
ANDROID: Check equality of max cap state cap and cpu scale
ANDROID: Move energy model init call into arch_topology driver
ANDROID: Streamline sched_domain_energy_f functions
ANDROID: Separate cpu_scale and energy model setup
ANDROID: update_group_capacity for single cpu in cluster
ANDROID: sched/fair: return idle CPU immediately for prefer_idle
ANDROID: sched/fair: add idle state filter to prefer_idle case
ANDROID: sched/fair: remove order from CPU selection
ANDROID: sched/fair: unify spare capacity calculation
ANDROID:sched/fair: prefer energy efficient CPUs for !prefer_idle tasks
ANDROID: sched/fair: fix CPU selection for non latency sensitive tasks
ANDROID: sched/fair: Also do misfit in overloaded groups
ANDROID: sched/fair: Don't balance misfits if it would overload local group
ANDROID: sched/fair: Attempt to improve throughput for asym cap systems
FROMLIST: sched/fair: Don't move tasks to lower capacity cpus unless necessary
FROMLIST: sched/core: Disable SD_PREFER_SIBLING on asymmetric cpu capacity domains
FROMLIST: sched/core: Disable SD_ASYM_CPUCAPACITY for root_domains without asymmetry
FROMLIST: sched/fair: Set rq->rd->overload when misfit
FROMLIST: sched: Wrap rq->rd->overload accesses with READ/WRITE_ONCE
FROMLIST: sched: Change root_domain->overload type to int
FROMLIST: sched/fair: Change prefer_sibling type to bool
FROMLIST: sched/fair: Consider misfit tasks when load-balancing
FROMLIST: sched: Add sched_group per-cpu max capacity
FROMLIST: sched/fair: Add group_misfit_task load-balance type
FROMLIST: sched: Add static_key for asymmetric cpu capacity optimizations
UPSTREAM: ANDROID: binder: change down_write to down_read
UPSTREAM: ANDROID: binder: correct the cmd print for BINDER_WORK_RETURN_ERROR
UPSTREAM: ANDROID: binder: remove 32-bit binder interface.
UPSTREAM: android: binder: Use true and false for boolean values
UPSTREAM: android: binder: Use octal permissions
UPSTREAM: android: binder: Prefer __func__ to using hardcoded function name
UPSTREAM: ANDROID: binder: make binder_alloc_new_buf_locked static and indent its arguments
UPSTREAM: android: binder: Check for errors in binder_alloc_shrinker_init().
Conflicts:
arch/arm64/Kconfig
arch/arm64/include/asm/cpucaps.h
arch/arm64/include/asm/cpufeature.h
arch/arm64/include/asm/thread_info.h
arch/arm64/kernel/cpu_errata.c
arch/arm64/kernel/cpufeature.c
arch/arm64/kernel/entry.S
arch/arm64/kernel/ssbd.c
drivers/base/arch_topology.c
drivers/md/Kconfig
drivers/scsi/ufs/ufshcd.c
drivers/usb/gadget/function/f_fs.c
include/trace/events/sched.h
kernel/sched/cpufreq_schedutil.c
kernel/sched/energy.c
kernel/sched/fair.c
kernel/sched/features.h
kernel/sched/sched.h
kernel/sched/topology.c
kernel/sched/tune.c
kernel/sched/walt.c
kernel/sched/walt.h
kernel/stop_machine.c
kernel/time/tick-sched.c
net/socket.c
sound/core/rawmidi.c
Change-Id: Ia246711317930ecd55bb42565a04e6b4fdfc26d2
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
Jeremy Cline
|
45c8178cf6 |
net: socket: fix potential spectre v1 gadget in socketcall
commit c8e8cd579bb4265651df8223730105341e61a2d1 upstream. 'call' is a user-controlled value, so sanitize the array index after the bounds check to avoid speculating past the bounds of the 'nargs' array. Found with the help of Smatch: net/socket.c:2508 __do_sys_socketcall() warn: potential spectre issue 'nargs' [r] (local cap) Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Jeremy Cline <jcline@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Isaac J. Manjarres
|
d46b5c945c |
Merge android-4.14.52 (08850d5) into msm-4.14
* remotes/origin/tmp-08850d5: Linux 4.14.52 mm, page_alloc: do not break __GFP_THISNODE by zonelist reset fs/binfmt_misc.c: do not allow offset overflow vhost: fix info leak due to uninitialized memory HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation orangefs: report attributes_mask and attributes for statx orangefs: set i_size on new symlink iwlwifi: fw: harden page loading code x86/intel_rdt: Enable CMT and MBM on new Skylake stepping w1: mxc_w1: Enable clock before calling clk_get_rate() on it libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk libata: zpodd: small read overflow in eject_tray() cpufreq: governors: Fix long idle detection logic in load calculation cpufreq: Fix new policy initialization during limits updates via sysfs bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue blk-mq: reinit q->tag_set_list entry only after grace period nbd: use bd_set_size when updating disk size nbd: update size when connected nbd: fix nbd device deletion cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class CIFS: 511c54a2f69195b28afb9dd119f03787b1625bb4 adds a check for session expiry smb3: on reconnect set PreviousSessionId field smb3: fix various xid leaks x86/MCE: Fix stack out-of-bounds write in mce-inject.c: Flags_read() ALSA: hda: add dock and led support for HP ProBook 640 G4 ALSA: hda: add dock and led support for HP EliteBook 830 G5 ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs btrfs: scrub: Don't use inode pages for device replace btrfs: return error value if create_io_em failed in cow_file_range Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2() Btrfs: fix clone vs chattr NODATASUM race driver core: Don't ignore class_dir_create_and_add() failure. ext4: fix fencepost error in check for inode count overflow during resize ext4: correctly handle a zero-length xattr with a non-zero e_value_offs ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget() ext4: do not allow external inodes for inline data ext4: update mtime in ext4_punch_hole even if no blocks are released ext4: fix hole length detection in ext4_ind_map_blocks() NFSv4.1: Fix up replays of interrupted requests tls: fix use-after-free in tls_push_record hv_netvsc: Fix a network regression after ifdown/ifup net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds vlan udp: fix rx queue len reported by diag and proc interface socket: close race condition between sock_close() and sockfs_setattr() tcp: verify the checksum of the first data segment in a new connection net/sched: act_simple: fix parsing of TCA_DEF_DATA net: dsa: add error handling for pskb_trim_rcsum ipv6: allow PMTU exceptions to local routes cdc_ncm: avoid padding beyond end of skb bonding: re-evaluate force_primary when the primary slave name changes ANDROID: sdcardfs: fix potential crash when reserved_mb is not zero ANDROID: xt_qtaguid: Remove unnecessary null checks to device's name ANDROID: Add kconfig to make dm-verity check_at_most_once default enabled Conflicts: net/netfilter/xt_qtaguid.c Change-Id: I5c94ff8a691b9d84899d7863fbd309aa41c5c338 Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> |
||
Cong Wang
|
91717ffc90 |
socket: close race condition between sock_close() and sockfs_setattr()
[ Upstream commit 6d8c50dcb029872b298eea68cc6209c866fd3e14 ]
fchownat() doesn't even hold refcnt of fd until it figures out
fd is really needed (otherwise is ignored) and releases it after
it resolves the path. This means sock_close() could race with
sockfs_setattr(), which leads to a NULL pointer dereference
since typically we set sock->sk to NULL in ->release().
As pointed out by Al, this is unique to sockfs. So we can fix this
in socket layer by acquiring inode_lock in sock_close() and
checking against NULL in sockfs_setattr().
sock_release() is called in many places, only the sock_close()
path matters here. And fortunately, this should not affect normal
sock_close() as it is only called when the last fd refcnt is gone.
It only affects sock_close() with a parallel sockfs_setattr() in
progress, which is not common.
Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.")
Reported-by: shankarapailoor <shankarapailoor@gmail.com>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Lorenzo Colitti <lorenzo@google.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Naresh Maradana
|
4438d0403a |
seemp: port instrumentation and logging service
Port seemp related instrumentation and logging service to from msm-4.9 to msm-4.14. This change serves two purposes: - Enable logging service for API events âogged events are read by userspace components. - Log relevant kernel events. Change-Id: I6eeadc0cb0033d167dde49703269946c77f2acda Signed-off-by: Yida Wang <yidaw@codeaurora.org> Signed-off-by: Naresh Maradana <nmardana@codeaurora.org> |
||
Devi Sandeep Endluri V V
|
4c159b2a80 |
net: socket: Added notifier chains for socket administrative functions
Allows other areas in the kernel to register notifier callbacks which get invoked whenever something performs an administrative action on a socket. This patch adds hooks in socket(), bind(), listen(), accept(), shutdown(). CRs-Fixed: 626021 Change-Id: I4ae99cb2206d7c4eddba69757335c18d10143045 Acked-by: Manoj Basapathi <manojbm@qti.qualcomm.com> Signed-off-by: Devi Sandeep Endluri V V <dendluri@codeaurora.org> Signed-off-by: Tejaswi Tanikella <tejaswit@codeaurora.org> |
||
Levin, Alexander (Sasha Levin)
|
2abfcdf8e7 |
kmemcheck: remove annotations
commit 4950276672fce5c241857540f8561c440663673d upstream. Patch series "kmemcheck: kill kmemcheck", v2. As discussed at LSF/MM, kill kmemcheck. KASan is a replacement that is able to work without the limitation of kmemcheck (single CPU, slow). KASan is already upstream. We are also not aware of any users of kmemcheck (or users who don't consider KASan as a suitable replacement). The only objection was that since KASAN wasn't supported by all GCC versions provided by distros at that time we should hold off for 2 years, and try again. Now that 2 years have passed, and all distros provide gcc that supports KASAN, kill kmemcheck again for the very same reasons. This patch (of 4): Remove kmemcheck annotations, and calls to kmemcheck from the kernel. [alexander.levin@verizon.com: correctly remove kmemcheck call from dma_map_sg_attrs] Link: http://lkml.kernel.org/r/20171012192151.26531-1-alexander.levin@verizon.com Link: http://lkml.kernel.org/r/20171007030159.22241-2-alexander.levin@verizon.com Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Cc: Alexander Potapenko <glider@google.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Michal Hocko <mhocko@kernel.org> Cc: Pekka Enberg <penberg@kernel.org> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Tim Hansen <devtimhansen@gmail.com> Cc: Vegard Nossum <vegardno@ifi.uio.no> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Alexei Starovoitov
|
6fde36d5ce |
bpf: introduce BPF_JIT_ALWAYS_ON config
[ upstream commit 290af86629b25ffd1ed6232c4e9107da031705cb ] The BPF interpreter has been used as part of the spectre 2 attack CVE-2017-5715. A quote from goolge project zero blog: "At this point, it would normally be necessary to locate gadgets in the host kernel code that can be used to actually leak data by reading from an attacker-controlled location, shifting and masking the result appropriately and then using the result of that as offset to an attacker-controlled address for a load. But piecing gadgets together and figuring out which ones work in a speculation context seems annoying. So instead, we decided to use the eBPF interpreter, which is built into the host kernel - while there is no legitimate way to invoke it from inside a VM, the presence of the code in the host kernel's text section is sufficient to make it usable for the attack, just like with ordinary ROP gadgets." To make attacker job harder introduce BPF_JIT_ALWAYS_ON config option that removes interpreter from the kernel in favor of JIT-only mode. So far eBPF JIT is supported by: x64, arm64, arm32, sparc64, s390, powerpc64, mips64 The start of JITed program is randomized and code page is marked as read-only. In addition "constant blinding" can be turned on with net.core.bpf_jit_harden v2->v3: - move __bpf_prog_ret0 under ifdef (Daniel) v1->v2: - fix init order, test_bpf and cBPF (Daniel's feedback) - fix offloaded bpf (Jakub's feedback) - add 'return 0' dummy in case something can invoke prog->bpf_func - retarget bpf tree. For bpf-next the patch would need one extra hunk. It will be sent when the trees are merged back to net-next Considered doing: int bpf_jit_enable __read_mostly = BPF_EBPF_JIT_DEFAULT; but it seems better to land the patch as-is and in bpf-next remove bpf_jit_enable global variable from all JITs, consolidate in one place and remove this jit_init() function. Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
John Fastabend
|
db5980d804 |
net: fixes for skb_send_sock
A couple fixes to new skb_send_sock infrastructure. However, no users
currently exist for this code (adding user in next handful of patches)
so it should not be possible to trigger a panic with existing in-kernel
code.
Fixes: 306b13eb3cf9 ("proto_ops: Add locked held versions of sendmsg and sendpage")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
Tom Herbert
|
306b13eb3c |
proto_ops: Add locked held versions of sendmsg and sendpage
Add new proto_ops sendmsg_locked and sendpage_locked that can be called when the socket lock is already held. Correspondingly, add kernel_sendmsg_locked and kernel_sendpage_locked as front end functions. These functions will be used in zero proxy so that we can take the socket lock in a ULP sendmsg/sendpage and then directly call the backend transport proto_ops functions. Signed-off-by: Tom Herbert <tom@quantonium.net> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
David S. Miller
|
29fda25a2d |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Two minor conflicts in virtio_net driver (bug fix overlapping addition of a helper) and MAINTAINERS (new driver edit overlapping revamp of PHY entry). Signed-off-by: David S. Miller <davem@davemloft.net> |
||
stephen hemminger
|
614d79c09e |
socket: fix set not used warning
The variable owned_by_user is always set, but only used when kernel is configured with LOCKDEP enabled. Get rid of the warning by moving the code to put the call to owned_by_user into the the rcu_protected call. Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
Paolo Abeni
|
864d966424 |
net/socket: fix type in assignment and trim long line
The commit ffb07550c76f ("copy_msghdr_from_user(): get rid of
field-by-field copyin") introduce a new sparse warning:
net/socket.c:1919:27: warning: incorrect type in assignment (different address spaces)
net/socket.c:1919:27: expected void *msg_control
net/socket.c:1919:27: got void [noderef] <asn:1>*[addressable] msg_control
and a line above 80 chars, let's fix them
Fixes: ffb07550c76f ("copy_msghdr_from_user(): get rid of field-by-field copyin")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
Linus Torvalds
|
2173bd0631 |
Merge branch 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull network field-by-field copy-in updates from Al Viro: "This part of the misc compat queue was held back for review from networking folks and since davem has jus ACKed those..." * 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: get_compat_bpf_fprog(): don't copyin field-by-field get_compat_msghdr(): get rid of field-by-field copyin copy_msghdr_from_user(): get rid of field-by-field copyin |
||
|
Linus Torvalds
|
3bad2f1c67 |
Merge branch 'work.misc-set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull misc user access cleanups from Al Viro:
"The first pile is assorted getting rid of cargo-culted access_ok(),
cargo-culted set_fs() and field-by-field copyouts.
The same description applies to a lot of stuff in other branches -
this is just the stuff that didn't fit into a more specific topical
branch"
* 'work.misc-set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
Switch flock copyin/copyout primitives to copy_{from,to}_user()
fs/fcntl: return -ESRCH in f_setown when pid/pgid can't be found
fs/fcntl: f_setown, avoid undefined behaviour
fs/fcntl: f_setown, allow returning error
lpfc debugfs: get rid of pointless access_ok()
adb: get rid of pointless access_ok()
isdn: get rid of pointless access_ok()
compat statfs: switch to copy_to_user()
fs/locks: don't mess with the address limit in compat_fcntl64
nfsd_readlink(): switch to vfs_get_link()
drbd: ->sendpage() never needed set_fs()
fs/locks: pass kernel struct flock to fcntl_getlk/setlk
fs: locks: Fix some troubles at kernel-doc comments
|
||
Al Viro
|
ffb07550c7 |
copy_msghdr_from_user(): get rid of field-by-field copyin
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
Jiri Slaby
|
393cc3f511 |
fs/fcntl: f_setown, allow returning error
Allow f_setown to return an error value. We will fail in the next patch with EINVAL for bad input to f_setown, so tile the path for the later patch. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Reviewed-by: Jeff Layton <jlayton@redhat.com> Cc: Jeff Layton <jlayton@poochiereds.net> Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Jeff Layton <jlayton@redhat.com> |
||
Rosen, Rami
|
241c4667fc |
net: socket: fix a typo in sockfd_lookup().
This patch fixes a typo in sockfd_lookup() in net/socket.c. Signed-off-by: Rami Rosen <rami.rosen@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
Miroslav Lichvar
|
b50a5c70ff |
net: allow simultaneous SW and HW transmit timestamping
Add SOF_TIMESTAMPING_OPT_TX_SWHW option to allow an outgoing packet to be looped to the socket's error queue with a software timestamp even when a hardware transmit timestamp is expected to be provided by the driver. Applications using this option will receive two separate messages from the error queue, one with a software timestamp and the other with a hardware timestamp. As the hardware timestamp is saved to the shared skb info, which may happen before the first message with software timestamp is received by the application, the hardware timestamp is copied to the SCM_TIMESTAMPING control message only when the skb has no software timestamp or it is an incoming packet. While changing sw_tx_timestamp(), inline it in skb_tx_timestamp() as there are no other users. CC: Richard Cochran <richardcochran@gmail.com> CC: Willem de Bruijn <willemb@google.com> Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com> Acked-by: Willem de Bruijn <willemb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Miroslav Lichvar
|
aad9c8c470 |
net: add new control message for incoming HW-timestamped packets
Add SOF_TIMESTAMPING_OPT_PKTINFO option to request a new control message for incoming packets with hardware timestamps. It contains the index of the real interface which received the packet and the length of the packet at layer 2. The index is useful with bonding, bridges and other interfaces, where IP_PKTINFO doesn't allow applications to determine which PHC made the timestamp. With the L2 length (and link speed) it is possible to transpose preamble timestamps to trailer timestamps, which are used in the NTP protocol. While this information could be provided by two new socket options independently from timestamping, it doesn't look like they would be very useful. With this option any performance impact is limited to hardware timestamping. Use dev_get_by_napi_id() to get the device and its index. On kernels with disabled CONFIG_NET_RX_BUSY_POLL or drivers not using NAPI, a zero index will be returned in the control message. CC: Richard Cochran <richardcochran@gmail.com> Acked-by: Willem de Bruijn <willemb@google.com> Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
R. Parameswaran
|
57240d0078 |
l2tp: device MTU setup, tunnel socket needs a lock
The MTU overhead calculation in L2TP device set-up merged via commit b784e7ebfce8cfb16c6f95e14e8532d0768ab7ff needs to be adjusted to lock the tunnel socket while referencing the sub-data structures to derive the socket's IP overhead. Reported-by: Guillaume Nault <g.nault@alphalink.fr> Tested-by: Guillaume Nault <g.nault@alphalink.fr> Signed-off-by: R. Parameswaran <rparames@brocade.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
R. Parameswaran
|
113c307593 |
New kernel function to get IP overhead on a socket.
A new function, kernel_sock_ip_overhead(), is provided to calculate the cumulative overhead imposed by the IP Header and IP options, if any, on a socket's payload. The new function returns an overhead of zero for sockets that do not belong to the IPv4 or IPv6 address families. This is used in the L2TP code path to compute the total outer IP overhead on the L2TP tunnel socket when calculating the default MTU for Ethernet pseudowires. Signed-off-by: R. Parameswaran <rparames@brocade.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
Soheil Hassas Yeganeh
|
4ef1b28694 |
tcp: mark skbs with SCM_TIMESTAMPING_OPT_STATS
SOF_TIMESTAMPING_OPT_STATS can be enabled and disabled
while packets are collected on the error queue.
So, checking SOF_TIMESTAMPING_OPT_STATS in sk->sk_tsflags
is not enough to safely assume that the skb contains
OPT_STATS data.
Add a bit in sock_exterr_skb to indicate whether the
skb contains opt_stats data.
Fixes: 1c885808e456 ("tcp: SOF_TIMESTAMPING_OPT_STATS option for SO_TIMESTAMPING")
Reported-by: JongHwan Kim <zzoru007@gmail.com>
Signed-off-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
|
Soheil Hassas Yeganeh
|
8605330aac |
tcp: fix SCM_TIMESTAMPING_OPT_STATS for normal skbs
__sock_recv_timestamp can be called for both normal skbs (for
receive timestamps) and for skbs on the error queue (for transmit
timestamps).
Commit 1c885808e456
(tcp: SOF_TIMESTAMPING_OPT_STATS option for SO_TIMESTAMPING)
assumes any skb passed to __sock_recv_timestamp are from
the error queue, containing OPT_STATS in the content of the skb.
This results in accessing invalid memory or generating junk
data.
To fix this, set skb->pkt_type to PACKET_OUTGOING for packets
on the error queue. This is safe because on the receive path
on local sockets skb->pkt_type is never set to PACKET_OUTGOING.
With that, copy OPT_STATS from a packet, only if its pkt_type
is PACKET_OUTGOING.
Fixes: 1c885808e456 ("tcp: SOF_TIMESTAMPING_OPT_STATS option for SO_TIMESTAMPING")
Reported-by: JongHwan Kim <zzoru007@gmail.com>
Signed-off-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
David Howells
|
cdfbabfb2f |
net: Work around lockdep limitation in sockets that use sockets
Lockdep issues a circular dependency warning when AFS issues an operation
through AF_RXRPC from a context in which the VFS/VM holds the mmap_sem.
The theory lockdep comes up with is as follows:
(1) If the pagefault handler decides it needs to read pages from AFS, it
calls AFS with mmap_sem held and AFS begins an AF_RXRPC call, but
creating a call requires the socket lock:
mmap_sem must be taken before sk_lock-AF_RXRPC
(2) afs_open_socket() opens an AF_RXRPC socket and binds it. rxrpc_bind()
binds the underlying UDP socket whilst holding its socket lock.
inet_bind() takes its own socket lock:
sk_lock-AF_RXRPC must be taken before sk_lock-AF_INET
(3) Reading from a TCP socket into a userspace buffer might cause a fault
and thus cause the kernel to take the mmap_sem, but the TCP socket is
locked whilst doing this:
sk_lock-AF_INET must be taken before mmap_sem
However, lockdep's theory is wrong in this instance because it deals only
with lock classes and not individual locks. The AF_INET lock in (2) isn't
really equivalent to the AF_INET lock in (3) as the former deals with a
socket entirely internal to the kernel that never sees userspace. This is
a limitation in the design of lockdep.
Fix the general case by:
(1) Double up all the locking keys used in sockets so that one set are
used if the socket is created by userspace and the other set is used
if the socket is created by the kernel.
(2) Store the kern parameter passed to sk_alloc() in a variable in the
sock struct (sk_kern_sock). This informs sock_lock_init(),
sock_init_data() and sk_clone_lock() as to the lock keys to be used.
Note that the child created by sk_clone_lock() inherits the parent's
kern setting.
(3) Add a 'kern' parameter to ->accept() that is analogous to the one
passed in to ->create() that distinguishes whether kernel_accept() or
sys_accept4() was the caller and can be passed to sk_alloc().
Note that a lot of accept functions merely dequeue an already
allocated socket. I haven't touched these as the new socket already
exists before we get the parameter.
Note also that there are a couple of places where I've made the accepted
socket unconditionally kernel-based:
irda_accept()
rds_rcp_accept_one()
tcp_accept_from_sock()
because they follow a sock_create_kern() and accept off of that.
Whilst creating this, I noticed that lustre and ocfs don't create sockets
through sock_create_kern() and thus they aren't marked as for-kernel,
though they appear to be internal. I wonder if these should do that so
that they use the new set of lock keys.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
Alexander Potapenko
|
9f138fa609 |
net: initialize msg.msg_flags in recvfrom
KMSAN reports a use of uninitialized memory in put_cmsg() because msg.msg_flags in recvfrom haven't been initialized properly. The flag values don't affect the result on this path, but it's still a good idea to initialize them explicitly. Signed-off-by: Alexander Potapenko <glider@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
Maxime Jayat
|
e623a9e9de |
net: socket: fix recvmmsg not returning error from sock_error
Commit 34b88a68f26a ("net: Fix use after free in the recvmmsg exit path"),
changed the exit path of recvmmsg to always return the datagrams
variable and modified the error paths to set the variable to the error
code returned by recvmsg if necessary.
However in the case sock_error returned an error, the error code was
then ignored, and recvmmsg returned 0.
Change the error path of recvmmsg to correctly return the error code
of sock_error.
The bug was triggered by using recvmmsg on a CAN interface which was
not up. Linux 4.6 and later return 0 in this case while earlier
releases returned -ENETDOWN.
Fixes: 34b88a68f26a ("net: Fix use after free in the recvmmsg exit path")
Signed-off-by: Maxime Jayat <maxime.jayat@mobile-devices.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
|
David S. Miller
|
02ac5d1487 |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Two AF_* families adding entries to the lockdep tables at the same time. Signed-off-by: David S. Miller <davem@davemloft.net> |
||
Tobias Klauser
|
dc647ec88e |
net: socket: Make unnecessarily global sockfs_setattr() static
Make sockfs_setattr() static as it is not used outside of net/socket.c
This fixes the following GCC warning:
net/socket.c:534:5: warning: no previous prototype for ‘sockfs_setattr’ [-Wmissing-prototypes]
Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.")
Cc: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Acked-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
yuan linyu
|
1e9116327e |
net: change init_inodecache() return void
sock_init() call it but not check it's return value, so change it to void return and add an internal BUG_ON() check. Signed-off-by: yuan linyu <Linyu.Yuan@alcatel-sbell.com.cn> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
David S. Miller
|
76eb75be79 | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net | ||
|
David S. Miller
|
ac4340fc3c |
net: Assert at build time the assumptions we make about the CMSG header.
It must always be the case that CMSG_ALIGN(sizeof(hdr)) == sizeof(hdr). Otherwise there are missing adjustments in the various calculations that parse and build these things. Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Eric Biggers
|
e1a3a60a2e |
net: socket: don't set sk_uid to garbage value in ->setattr()
->setattr() was recently implemented for socket files to sync the socket
inode's uid to the new 'sk_uid' member of struct sock. It does this by
copying over the ia_uid member of struct iattr. However, ia_uid is
actually only valid when ATTR_UID is set in ia_valid, indicating that
the uid is being changed, e.g. by chown. Other metadata operations such
as chmod or utimes leave ia_uid uninitialized. Therefore, sk_uid could
be set to a "garbage" value from the stack.
Fix this by only copying the uid over when ATTR_UID is set.
Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Tested-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
Thomas Gleixner
|
2456e85535 |
ktime: Get rid of the union
ktime is a union because the initial implementation stored the time in scalar nanoseconds on 64 bit machine and in a endianess optimized timespec variant for 32bit machines. The Y2038 cleanup removed the timespec variant and switched everything to scalar nanoseconds. The union remained, but become completely pointless. Get rid of the union and just keep ktime_t as simple typedef of type s64. The conversion was done with coccinelle and some manual mopping up. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Peter Zijlstra <peterz@infradead.org> |
||
|
Linus Torvalds
|
7c0f6ba682 |
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
This was entirely automated, using the script by Al:
PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*<asm/uaccess.h>'
sed -i -e "s!$PATT!#include <linux/uaccess.h>!" \
$(git grep -l "$PATT"|grep -v ^include/linux/uaccess.h)
to do the replacement at the end of the merge window.
Requested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
Amit Kushwaha
|
fa1bd57a63 |
net: socket: removed an unnecessary newline
This patch removes a newline which was added in socket.c file in net-next Signed-off-by: Amit Kushwaha <kushwaha.a@samsung.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Amit Kushwaha
|
846cc1231a |
net: socket: preferred __aligned(size) for control buffer
This patch cleanup checkpatch.pl warning WARNING: __aligned(size) is preferred over __attribute__((aligned(size))) Signed-off-by: Amit Kushwaha <kushwaha.a@samsung.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
Francis Yan
|
1c885808e4 |
tcp: SOF_TIMESTAMPING_OPT_STATS option for SO_TIMESTAMPING
This patch exports the sender chronograph stats via the socket SO_TIMESTAMPING channel. Currently we can instrument how long a particular application unit of data was queued in TCP by tracking SOF_TIMESTAMPING_TX_SOFTWARE and SOF_TIMESTAMPING_TX_SCHED. Having these sender chronograph stats exported simultaneously along with these timestamps allow further breaking down the various sender limitation. For example, a video server can tell if a particular chunk of video on a connection takes a long time to deliver because TCP was experiencing small receive window. It is not possible to tell before this patch without packet traces. To prepare these stats, the user needs to set SOF_TIMESTAMPING_OPT_STATS and SOF_TIMESTAMPING_OPT_TSONLY flags while requesting other SOF_TIMESTAMPING TX timestamps. When the timestamps are available in the error queue, the stats are returned in a separate control message of type SCM_TIMESTAMPING_OPT_STATS, in a list of TLVs (struct nlattr) of types: TCP_NLA_BUSY_TIME, TCP_NLA_RWND_LIMITED, TCP_NLA_SNDBUF_LIMITED. Unit is microsecond. Signed-off-by: Francis Yan <francisyyan@gmail.com> Signed-off-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: Soheil Hassas Yeganeh <soheil@google.com> Acked-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
David S. Miller
|
f9aa9dc7d2 |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
All conflicts were simple overlapping changes except perhaps for the Thunder driver. That driver has a change_mtu method explicitly for sending a message to the hardware. If that fails it returns an error. Normally a driver doesn't need an ndo_change_mtu method becuase those are usually just range changes, which are now handled generically. But since this extra operation is needed in the Thunder driver, it has to stay. However, if the message send fails we have to restore the original MTU before the change because the entire call chain expects that if an error is thrown by ndo_change_mtu then the MTU did not change. Therefore code is added to nicvf_change_mtu to remember the original MTU, and to restore it upon nicvf_update_hw_max_frs() failue. Signed-off-by: David S. Miller <davem@davemloft.net> |