mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
4606 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
a5847ae74b |
This is the 4.14.135 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1BJxsACgkQONu9yGCS
aT4wBxAAymuWVXtmeWFQSFNji/RAJcHBAOvydIRMr7vwCXpojuRerNolo7WibM/B
Mgx2OISn0d8rg98Cc3wiM6WUN9AeHr3lSWXORg3iBr0zP+ZO5Vs0Y2w9gueEJS+i
egMvi2KZyS3Esrfmxv62pJ9DIVqyPVlvzN/Y79BARcwIeZOt+puycR5XV3WROzX9
Wy2JBz5f56m9qzPGKXGRLlvq7LghZ5EbyFoIb/fj9K6pFdVBrpSEOeocCQos9IEz
0+1TiWAkqOGLGZWJ3CFW/6Nbn1JO3hZpIgqxVczZXR+4UVhR+yniHUzZ20g89DzE
mmprjKGv/8/7pXyXtGhjXuaZN5r1ldUje5SZf1X7SzxLuABSKIHykYJjKUQY2O3b
8tpPULGA77V7Ww4TtyRLeOVPqaVslWFgLP6snyileSdoxfISebo2KptQn0pmuFX2
Y0ePPot/aHHXmhrn5mAY9UZO9etqko8LjvVHDOsQQ99GJJ1BAz73w+wkKDtHXGuo
iqUlSSW2YpThnAkufUlyhk10y6itGmy0P7GSrw8PCd9As2/LAz6c9+8+NPp/2P2Z
Ffl2q7eUCqb0HixAnq5KqcPDSVdyqVtQ7XeN3lAEWVGmwpiu2xyuZgpQyT5FRqOZ
mLYHZJF7FEZOZo+hkbH4O6j3umJ0QFJakVwrEiQ/ha0yLZpS3OM=
=u0hP
-----END PGP SIGNATURE-----
Merge 4.14.135 into android-4.14
Changes in 4.14.135
MIPS: ath79: fix ar933x uart parity mode
MIPS: fix build on non-linux hosts
arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
scsi: iscsi: set auth_protocol back to NULL if CHAP_A value is not supported
dmaengine: imx-sdma: fix use-after-free on probe error path
wil6210: fix potential out-of-bounds read
ath10k: Do not send probe response template for mesh
ath9k: Check for errors when reading SREV register
ath6kl: add some bounds checking
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
batman-adv: fix for leaked TVLV handler.
media: dvb: usb: fix use after free in dvb_usb_device_exit
media: spi: IR LED: add missing of table registration
crypto: talitos - fix skcipher failure due to wrong output IV
media: marvell-ccic: fix DMA s/g desc number calculation
media: vpss: fix a potential NULL pointer dereference
media: media_device_enum_links32: clean a reserved field
net: stmmac: dwmac1000: Clear unused address entries
net: stmmac: dwmac4/5: Clear unused address entries
qed: Set the doorbell address correctly
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
af_key: fix leaks in key_pol_get_resp and dump_sp.
xfrm: Fix xfrm sel prefix length validation
fscrypt: clean up some BUG_ON()s in block encryption/decryption
media: mc-device.c: don't memset __user pointer contents
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
net: phy: Check against net_device being NULL
crypto: talitos - properly handle split ICV.
crypto: talitos - Align SEC1 accesses to 32 bits boundaries.
tua6100: Avoid build warnings.
locking/lockdep: Fix merging of hlocks with non-zero references
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
cpupower : frequency-set -r option misses the last cpu in related cpu list
net: stmmac: dwmac4: fix flow control issue
net: fec: Do not use netdev messages too early
net: axienet: Fix race condition causing TX hang
s390/qdio: handle PENDING state for QEBSM devices
RAS/CEC: Fix pfn insertion
net: sfp: add mutex to prevent concurrent state checks
ipset: Fix memory accounting for hash types on resize
perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
perf test 6: Fix missing kvm module load for s390
media: fdp1: Support M3N and E3 platforms
iommu: Fix a leak in iommu_insert_resv_region
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
gpio: omap: ensure irq is enabled before wakeup
regmap: fix bulk writes on paged registers
bpf: silence warning messages in core
rcu: Force inlining of rcu_read_lock()
x86/cpufeatures: Add FDP_EXCPTN_ONLY and ZERO_FCS_FDS
blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration
xfrm: fix sa selector validation
sched/core: Add __sched tag for io_schedule()
x86/atomic: Fix smp_mb__{before,after}_atomic()
perf evsel: Make perf_evsel__name() accept a NULL argument
vhost_net: disable zerocopy by default
ipoib: correcly show a VF hardware address
EDAC/sysfs: Fix memory leak when creating a csrow object
ipsec: select crypto ciphers for xfrm_algo
ipvs: defer hook registration to avoid leaks
media: s5p-mfc: Make additional clocks optional
media: i2c: fix warning same module names
ntp: Limit TAI-UTC offset
timer_list: Guard procfs specific code
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
media: coda: fix mpeg2 sequence number handling
media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP
media: coda: increment sequence offset for the last returned frame
media: vimc: cap: check v4l2_fill_pixfmt return value
media: hdpvr: fix locking and a missing msleep
rtlwifi: rtl8192cu: fix error handle when usb probe failed
mt7601u: do not schedule rx_tasklet when the device has been disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: fix possible memory leak when the device is disconnected
ipvs: fix tinfo memory leak in start_sync_thread
ath10k: add missing error handling
ath10k: fix PCIE device wake up failed
perf tools: Increase MAX_NR_CPUS and MAX_CACHES
libata: don't request sense data on !ZAC ATA devices
clocksource/drivers/exynos_mct: Increase priority over ARM arch timer
rslib: Fix decoding of shortened codes
rslib: Fix handling of of caller provided syndrome
ixgbe: Check DDM existence in transceiver before access
crypto: serpent - mark __serpent_setkey_sbox noinline
crypto: asymmetric_keys - select CRYPTO_HASH where needed
EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
net: hns3: fix a -Wformat-nonliteral compile warning
net: hns3: add some error checking in hclge_tm module
ath10k: destroy sdio workqueue while remove sdio module
iwlwifi: mvm: Drop large non sta frames
perf stat: Make metric event lookup more robust
net: usb: asix: init MAC address buffers
gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
Bluetooth: 6lowpan: search for destination address in all peers
Bluetooth: Check state in l2cap_disconnect_rsp
gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable()
Bluetooth: validate BLE connection interval updates
gtp: fix suspicious RCU usage
gtp: fix Illegal context switch in RCU read-side critical section.
gtp: fix use-after-free in gtp_encap_destroy()
gtp: fix use-after-free in gtp_newlink()
net: mvmdio: defer probe of orion-mdio if a clock is not ready
iavf: fix dereference of null rx_buffer pointer
floppy: fix div-by-zero in setup_format_params
floppy: fix out-of-bounds read in next_valid_format
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in copy_buffer
xen: let alloc_xenballooned_pages() fail if not enough memory free
scsi: NCR5380: Reduce goto statements in NCR5380_select()
scsi: NCR5380: Always re-enable reselection interrupt
Revert "scsi: ncr5380: Increase register polling limit"
scsi: core: Fix race on creating sense cache
scsi: megaraid_sas: Fix calculation of target ID
scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
scsi: mac_scsi: Fix pseudo DMA implementation, take 2
crypto: ghash - fix unaligned memory access in ghash_setkey()
crypto: ccp - Validate the the error value used to index error messages
crypto: arm64/sha1-ce - correct digest for empty data in finup
crypto: arm64/sha2-ce - correct digest for empty data in finup
crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
crypto: ccp - memset structure fields to zero before reuse
crypto: ccp/gcm - use const time tag comparison.
crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
Input: gtco - bounds check collection indent level
Input: alps - don't handle ALPS cs19 trackpoint-only device
Input: synaptics - whitelist Lenovo T580 SMBus intertouch
Input: alps - fix a mismatch between a condition check and its comment
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
arm64: tegra: Update Jetson TX1 GPU regulator timings
iwlwifi: pcie: don't service an interrupt that was masked
iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X
NFSv4: Handle the special Linux file open access mode
pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error
lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
ASoC: dapm: Adapt for debugfs API change
ALSA: seq: Break too long mutex context in the write loop
ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine
media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
media: coda: Remove unbalanced and unneeded mutex unlock
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
arm64: tegra: Fix AGIC register range
fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.
drm/nouveau/i2c: Enable i2c pads & busses during preinit
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
dm zoned: fix zone state management race
xen/events: fix binding user event channels to cpus
9p/xen: Add cleanup path in p9_trans_xen_init
9p/virtio: Add cleanup path in p9_virtio_init
x86/boot: Fix memory leak in default_get_smp_config()
perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs
perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs
intel_th: pci: Add Ice Lake NNPI support
PCI: Do not poll for PME if the device is in D3cold
Btrfs: fix data loss after inode eviction, renaming it, and fsync it
Btrfs: fix fsync not persisting dentry deletions due to inode evictions
Btrfs: add missing inode version, ctime and mtime updates when punching hole
HID: wacom: generic: only switch the mode on devices with LEDs
HID: wacom: correct touch resolution x/y typo
libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
coda: pass the host file in vma->vm_file on mmap
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
crypto: caam - limit output IV to CBC to work around CTR mode DMA issue
parisc: Ensure userspace privilege for ptraced processes in regset functions
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
powerpc/watchpoint: Restore NV GPRs while returning from exception
eCryptfs: fix a couple type promotion bugs
intel_th: msu: Fix single mode with disabled IOMMU
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
usb: Handle USB3 remote wakeup for LPM enabled devices correctly
net: mvmdio: allow up to four clocks to be specified for orion-mdio
dt-bindings: allow up to four clocks for orion-mdio
dm bufio: fix deadlock with loop device
compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
compiler.h: Add read_word_at_a_time() function.
lib/strscpy: Shut up KASAN false-positives in strscpy()
bnx2x: Prevent load reordering in tx completion processing
bnx2x: Prevent ptp_task to be rescheduled indefinitely
caif-hsi: fix possible deadlock in cfhsi_exit_module()
igmp: fix memory leak in igmpv3_del_delrec()
ipv4: don't set IPv6 only flags to IPv4 addresses
net: bcmgenet: use promisc for unsupported filters
net: dsa: mv88e6xxx: wait after reset deactivation
net: neigh: fix multiple neigh timer scheduling
net: openvswitch: fix csum updates for MPLS actions
nfc: fix potential illegal memory access
rxrpc: Fix send on a connected, but unbound socket
sky2: Disable MSI on ASUS P6T
vrf: make sure skb->data contains ip header to make routing
macsec: fix use-after-free of skb during RX
macsec: fix checksumming after decryption
netrom: fix a memory leak in nr_rx_frame()
netrom: hold sock when setting skb->destructor
bonding: validate ip header before check IPPROTO_IGMP
net: make skb_dst_force return true when dst is refcounted
tcp: fix tcp_set_congestion_control() use from bpf hook
tcp: Reset bytes_acked and bytes_received when disconnecting
net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net: bridge: stp: don't cache eth dest pointer before skb pull
dma-buf: balance refcount inbalance
dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc
MIPS: lb60: Fix pin mappings
ext4: don't allow any modifications to an immutable file
ext4: enforce the immutable flag on open files
mm: add filemap_fdatawait_range_keep_errors()
jbd2: introduce jbd2_inode dirty range scoping
ext4: use jbd2_inode dirty range scoping
ext4: allow directory holes
mm: vmscan: scan anonymous pages on file refaults
perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id
NFSv4: Fix open create exclusive when the server reboots
nfsd: increase DRC cache limit
nfsd: give out fewer session slots as limit approaches
nfsd: fix performance-limiting session calculation
nfsd: Fix overflow causing non-working mounts on 1 TB machines
hvsock: fix epollout hang from race condition
drm/panel: simple: Fix panel_simple_dsi_probe
usb: core: hub: Disable hub-initiated U1/U2
tty: max310x: Fix invalid baudrate divisors calculator
pinctrl: rockchip: fix leaked of_node references
tty: serial: cpm_uart - fix init when SMC is relocated
drm/edid: Fix a missing-check bug in drm_load_edid_firmware()
PCI: Return error if cannot probe VF
drm/bridge: tc358767: read display_props in get_modes()
drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz
drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry
memstick: Fix error cleanup path of memstick_init
tty/serial: digicolor: Fix digicolor-usart already registered warning
tty: serial: msm_serial: avoid system lockup condition
serial: 8250: Fix TX interrupt handling condition
drm/virtio: Add memory barriers for capset cache.
phy: renesas: rcar-gen2: Fix memory leak at error paths
powerpc/pseries/mobility: prevent cpu hotplug during DT update
drm/rockchip: Properly adjust to a true clock in adjusted_mode
tty: serial_core: Set port active bit in uart_port_activate
usb: gadget: Zero ffs_io_data
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
drm/msm: Depopulate platform on probe failure
serial: mctrl_gpio: Check if GPIO property exisits before requesting it
PCI: sysfs: Ignore lockdep for remove attribute
kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS
PCI: xilinx-nwl: Fix Multi MSI data programming
iio: iio-utils: Fix possible incorrect mask calculation
powerpc/xmon: Fix disabling tracing while in xmon
recordmcount: Fix spurious mcount entries on powerpc
mfd: core: Set fwnode for created devices
mfd: arizona: Fix undefined behavior
mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk
um: Silence lockdep complaint about mmap_sem
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
RDMA/i40iw: Set queue pair state when being queried
serial: sh-sci: Terminate TX DMA during buffer flushing
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
kallsyms: exclude kasan local symbols on s390
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
perf session: Fix potential NULL pointer dereference found by the smatch tool
perf annotate: Fix dereferencing freed memory found by the smatch tool
RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM
PCI: dwc: pci-dra7xx: Fix compilation when !CONFIG_GPIOLIB
powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h
f2fs: avoid out-of-range memory access
mailbox: handle failed named mailbox channel request
powerpc/eeh: Handle hugepages in ioremap space
block/bio-integrity: fix a memory leak bug
sh: prevent warnings when using iounmap
mm/kmemleak.c: fix check for softirq context
9p: pass the correct prototype to read_cache_page
mm/gup.c: mark undo_dev_pagemap as __maybe_unused
mm/gup.c: remove some BUG_ONs from get_gate_page()
mm/mmu_notifier: use hlist_add_head_rcu()
locking/lockdep: Fix lock used or unused stats error
locking/lockdep: Hide unused 'class' variable
drm/crc: Only report a single overflow when a CRC fd is opened
drm/crc-debugfs: Also sprinkle irqrestore over early exits
usb: wusbcore: fix unbalanced get/put cluster_id
usb: pci-quirks: Correct AMD PLL quirk detection
KVM: nVMX: do not use dangling shadow VMCS after guest reset
btrfs: inode: Don't compress if NODATASUM or NODATACOW set
x86/sysfb_efi: Add quirks for some devices with swapped width and height
x86/speculation/mds: Apply more accurate check on hypervisor platform
binder: prevent transactions to context manager from its own process.
fpga-manager: altera-ps-spi: Fix build error
hpet: Fix division by zero in hpet_time_div()
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
ALSA: hda - Add a conexant codec entry to let mute led work
powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask()
powerpc/tm: Fix oops on sigreturn on systems without TM
access: avoid the RCU grace period for the temporary subjective credentials
Linux 4.14.135
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Andrey Ryabinin
|
9ce0c09dc2 |
lib/strscpy: Shut up KASAN false-positives in strscpy()
[ Upstream commit 1a3241ff10d038ecd096d03380327f2a0b5840a6 ]
strscpy() performs the word-at-a-time optimistic reads. So it may may
access the memory past the end of the object, which is perfectly fine
since strscpy() doesn't use that (past-the-end) data and makes sure the
optimistic read won't cross a page boundary.
Use new read_word_at_a_time() to shut up the KASAN.
Note that this potentially could hide some bugs. In example bellow,
stscpy() will copy more than we should (1-3 extra uninitialized bytes):
char dst[8];
char *src;
src = kmalloc(5, GFP_KERNEL);
memset(src, 0xff, 5);
strscpy(dst, src, 8);
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Christophe Leroy
|
c78c33a262 |
lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
commit aeb87246537a83c2aff482f3f34a2e0991e02cbc upstream.
All mapping iterator logic is based on the assumption that sg->offset
is always lower than PAGE_SIZE.
But there are situations where sg->offset is such that the SG item
is on the second page. In that case sg_copy_to_buffer() fails
properly copying the data into the buffer. One of the reason is
that the data will be outside the kmapped area used to access that
data.
This patch fixes the issue by adjusting the mapping iterator
offset and pgoffset fields such that offset is always lower than
PAGE_SIZE.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Fixes: 4225fc8555a9 ("lib/scatterlist: use page iterator in the mapping iterator")
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Ferdinand Blomqvist
|
9a3d442c24 |
rslib: Fix handling of of caller provided syndrome
[ Upstream commit ef4d6a8556b637ad27c8c2a2cff1dda3da38e9a9 ] Check if the syndrome provided by the caller is zero, and act accordingly. Signed-off-by: Ferdinand Blomqvist <ferdinand.blomqvist@gmail.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lkml.kernel.org/r/20190620141039.9874-6-ferdinand.blomqvist@gmail.com Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Ferdinand Blomqvist
|
a5a0c29fa4 |
rslib: Fix decoding of shortened codes
[ Upstream commit 2034a42d1747fc1e1eeef2c6f1789c4d0762cb9c ] The decoding of shortenend codes is broken. It only works as expected if there are no erasures. When decoding with erasures, Lambda (the error and erasure locator polynomial) is initialized from the given erasure positions. The pad parameter is not accounted for by the initialisation code, and hence Lambda is initialized from incorrect erasure positions. The fix is to adjust the erasure positions by the supplied pad. Signed-off-by: Ferdinand Blomqvist <ferdinand.blomqvist@gmail.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lkml.kernel.org/r/20190620141039.9874-3-ferdinand.blomqvist@gmail.com Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Andrey Ryabinin
|
e3ea178cf1 |
BACKPORT: kasan: remove use after scope bugs detection.
Upstream commit 7771bdbbfd3d6f204631b6fd9e1bbc30cd15918e. Use after scope bugs detector seems to be almost entirely useless for the linux kernel. It exists over two years, but I've seen only one valid bug so far [1]. And the bug was fixed before it has been reported. There were some other use-after-scope reports, but they were false-positives due to different reasons like incompatibility with structleak plugin. This feature significantly increases stack usage, especially with GCC < 9 version, and causes a 32K stack overflow. It probably adds performance penalty too. Given all that, let's remove use-after-scope detector entirely. While preparing this patch I've noticed that we mistakenly enable use-after-scope detection for clang compiler regardless of CONFIG_KASAN_EXTRA setting. This is also fixed now. [1] http://lkml.kernel.org/r/<20171129052106.rhgbjhhis53hkgfn@wfg-t540p.sh.intel.com> Link: http://lkml.kernel.org/r/20190111185842.13978-1-aryabinin@virtuozzo.com Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Acked-by: Will Deacon <will.deacon@arm.com> [arm64] Cc: Qian Cai <cai@lca.pw> Cc: Alexander Potapenko <glider@google.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Change-Id: I67be36061700f476683933db9e9a901a582b7553 Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Bug: 128674696 |
||
Arnd Bergmann
|
b6029bd949 |
BACKPORT: kasan: turn off asan-stack for clang-8 and earlier
Upstream commit 6baec880d7a53cbc2841123e56ee31e830df9b49. Building an arm64 allmodconfig kernel with clang results in over 140 warnings about overly large stack frames, the worst ones being: drivers/gpu/drm/panel/panel-sitronix-st7789v.c:196:12: error: stack frame size of 20224 bytes in function 'st7789v_prepare' drivers/video/fbdev/omap2/omapfb/displays/panel-tpo-td028ttec1.c:196:12: error: stack frame size of 13120 bytes in function 'td028ttec1_panel_enable' drivers/usb/host/max3421-hcd.c:1395:1: error: stack frame size of 10048 bytes in function 'max3421_spi_thread' drivers/net/wan/slic_ds26522.c:209:12: error: stack frame size of 9664 bytes in function 'slic_ds26522_probe' drivers/crypto/ccp/ccp-ops.c:2434:5: error: stack frame size of 8832 bytes in function 'ccp_run_cmd' drivers/media/dvb-frontends/stv0367.c:1005:12: error: stack frame size of 7840 bytes in function 'stv0367ter_algo' None of these happen with gcc today, and almost all of these are the result of a single known issue in llvm. Hopefully it will eventually get fixed with the clang-9 release. In the meantime, the best idea I have is to turn off asan-stack for clang-8 and earlier, so we can produce a kernel that is safe to run. I have posted three patches that address the frame overflow warnings that are not addressed by turning off asan-stack, so in combination with this change, we get much closer to a clean allmodconfig build, which in turn is necessary to do meaningful build regression testing. It is still possible to turn on the CONFIG_ASAN_STACK option on all versions of clang, and it's always enabled for gcc, but when CONFIG_COMPILE_TEST is set, the option remains invisible, so allmodconfig and randconfig builds (which are normally done with a forced CONFIG_COMPILE_TEST) will still result in a mostly clean build. Link: http://lkml.kernel.org/r/20190222222950.3997333-1-arnd@arndb.de Link: https://bugs.llvm.org/show_bug.cgi?id=38809 Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Qian Cai <cai@lca.pw> Reviewed-by: Mark Brown <broonie@kernel.org> Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: Kostya Serebryany <kcc@google.com> Cc: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Change-Id: I192f354c22105e91e3816dd03f0cf794a4e6ffed Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Bug: 128674696 |
||
Andrey Konovalov
|
8a94e7d158 |
BACKPORT: kasan: add CONFIG_KASAN_GENERIC and CONFIG_KASAN_SW_TAGS
Upstream commit 2bd926b439b4cb6b9ed240a9781cd01958b53d85. There were a couple of issues during backport. The first one is caused by the upstream commit using cc-option in Kconfig, which android kernel doesn't support. Instead of using cc-option, this backport moves the compiler check to the Makefile. The other one is that older GCCs (before version 5) don't support the __has_attribute macro. The upstream has dealt with this via a special header file (compiler_attributes.h) that emulates this macro for some cases. Instead of backporting the whole series that adds this header do a direct GCC version check to determine the presense of the no_sanitize_address attribute. This commit splits the current CONFIG_KASAN config option into two: 1. CONFIG_KASAN_GENERIC, that enables the generic KASAN mode (the one that exists now); 2. CONFIG_KASAN_SW_TAGS, that enables the software tag-based KASAN mode. The name CONFIG_KASAN_SW_TAGS is chosen as in the future we will have another hardware tag-based KASAN mode, that will rely on hardware memory tagging support in arm64. With CONFIG_KASAN_SW_TAGS enabled, compiler options are changed to instrument kernel files with -fsantize=kernel-hwaddress (except the ones for which KASAN_SANITIZE := n is set). Both CONFIG_KASAN_GENERIC and CONFIG_KASAN_SW_TAGS support both CONFIG_KASAN_INLINE and CONFIG_KASAN_OUTLINE instrumentation modes. This commit also adds empty placeholder (for now) implementation of tag-based KASAN specific hooks inserted by the compiler and adjusts common hooks implementation. While this commit adds the CONFIG_KASAN_SW_TAGS config option, this option is not selectable, as it depends on HAVE_ARCH_KASAN_SW_TAGS, which we will enable once all the infrastracture code has been added. Link: http://lkml.kernel.org/r/b2550106eb8a68b10fefbabce820910b115aa853.1544099024.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Reviewed-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Reviewed-by: Dmitry Vyukov <dvyukov@google.com> Cc: Christoph Lameter <cl@linux.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Will Deacon <will.deacon@arm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Change-Id: Iaf18eccf0c6ee952a14bb13cd14dc1ddaf9e7698 Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Bug: 128674696 |
||
|
Andrey Ryabinin
|
b61883aa21 |
UPSTREAM: lib/test_kasan.c: add tests for several string/memory API functions
Upstream commit 0c96350a2d2f64fe777b444c995f6bb633c5d069. Arch code may have asm implementation of string/memory API functions instead of using generic one from lib/string.c. KASAN don't see memory accesses in asm code, thus can miss many bugs. E.g. on ARM64 KASAN don't see bugs in memchr(), memcmp(), str[r]chr(), str[n]cmp(), str[n]len(). Add tests for these functions to be sure that we notice the problem on other architectures. Link: http://lkml.kernel.org/r/20180920135631.23833-3-aryabinin@virtuozzo.com Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Alexander Potapenko <glider@google.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Kyeongdon Kim <kyeongdon.kim@lge.com> Cc: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Change-Id: I546c6a4329ca40d95acf3df197e5dc4e636a7d02 Bug: 128674696 |
||
|
Arnd Bergmann
|
2bc9437dfd |
UPSTREAM: kasan: only select SLUB_DEBUG with SYSFS=y
Upstream commit 03758dbbe2b5c0627b361ad5b4a2c60f9964ccde.
Building with KASAN and SLUB but without sysfs now results in a
build-time error:
WARNING: unmet direct dependencies detected for SLUB_DEBUG
Depends on [n]: SLUB [=y] && SYSFS [=n]
Selected by [y]:
- KASAN [=y] && HAVE_ARCH_KASAN [=y] && (SLUB [=y] || SLAB [=n] && !DEBUG_SLAB [=n]) && SLUB [=y]
mm/slub.c:4565:12: error: 'list_locations' defined but not used [-Werror=unused-function]
static int list_locations(struct kmem_cache *s, char *buf,
^~~~~~~~~~~~~~
mm/slub.c:4406:13: error: 'validate_slab_cache' defined but not used [-Werror=unused-function]
static long validate_slab_cache(struct kmem_cache *s)
This disallows that broken configuration in Kconfig.
Link: http://lkml.kernel.org/r/20180709154019.1693026-1-arnd@arndb.de
Fixes: dd275caf4a0d ("kasan: depend on CONFIG_SLUB_DEBUG")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Christoph Lameter <cl@linux.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Change-Id: I26407d0d1b0c5bac3de75ddabb4fd33dde2a9146
Bug: 128674696
|
||
Jason A. Donenfeld
|
e8eab7c612 |
UPSTREAM: kasan: depend on CONFIG_SLUB_DEBUG
Upstream commit dd275caf4a0d9b219fffe49288b6cc33cd564312. KASAN depends on having access to some of the accounting that SLUB_DEBUG does; without it, there are immediate crashes [1]. So, the natural thing to do is to make KASAN select SLUB_DEBUG. [1] http://lkml.kernel.org/r/CAHmME9rtoPwxUSnktxzKso14iuVCWT7BE_-_8PAC=pGw1iJnQg@mail.gmail.com Link: http://lkml.kernel.org/r/20180622154623.25388-1-Jason@zx2c4.com Fixes: f9e13c0a5a33 ("slab, slub: skip unnecessary kasan_cache_shutdown()") Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Acked-by: Michal Hocko <mhocko@suse.com> Reviewed-by: Shakeel Butt <shakeelb@google.com> Acked-by: Christoph Lameter <cl@linux.com> Cc: Shakeel Butt <shakeelb@google.com> Cc: David Rientjes <rientjes@google.com> Cc: Pekka Enberg <penberg@kernel.org> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Change-Id: Ie105ac15679576a6bdec1cd2931f90ed518e5272 Bug: 128674696 |
||
|
Andrey Konovalov
|
746f60f238 |
UPSTREAM: kasan: fix invalid-free test crashing the kernel
Upstream commit 91c93ed07f04f5b32a30321d522d8ca9504745bf. When an invalid-free is triggered by one of the KASAN tests, the object doesn't actually get freed. This later leads to a BUG failure in kmem_cache_destroy that checks that there are no allocated objects in the cache that is being destroyed. Fix this by calling kmem_cache_free with the proper object address after the call that triggers invalid-free. Link: http://lkml.kernel.org/r/286eaefc0a6c3fa9b83b87e7d6dc0fbb5b5c9926.1519924383.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Alexander Potapenko <glider@google.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Cc: Nick Terrell <terrelln@fb.com> Cc: Chris Mason <clm@fb.com> Cc: Yury Norov <ynorov@caviumnetworks.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: "Luis R . Rodriguez" <mcgrof@kernel.org> Cc: Palmer Dabbelt <palmer@dabbelt.com> Cc: "Paul E . McKenney" <paulmck@linux.vnet.ibm.com> Cc: Jeff Layton <jlayton@redhat.com> Cc: "Jason A . Donenfeld" <Jason@zx2c4.com> Cc: Kostya Serebryany <kcc@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Change-Id: I73c3ae90a54a1fa840636dbf9f6ce3c9ea7f80c3 Bug: 128674696 |
||
Dmitry Vyukov
|
8bb837f698 |
UPSTREAM: kasan: detect invalid frees
Upstream commit b1d5728939ebe01a773a75a72e7161408ec9805e. Detect frees of pointers into middle of heap objects. Link: http://lkml.kernel.org/r/cb569193190356beb018a03bb8d6fbae67e7adbc.1514378558.git.dvyukov@google.com Signed-off-by: Dmitry Vyukov <dvyukov@google.com> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>a Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Change-Id: Ife74864d3465730bdf195155c9747f7a375081da Bug: 128674696 |
||
|
Dmitry Vyukov
|
d80cc7c859 |
UPSTREAM: kasan: detect invalid frees for large objects
Upstream commit 47adccce3e8a31d315f47183ab1185862b2fc5d4. Patch series "kasan: detect invalid frees". KASAN detects double-frees, but does not detect invalid-frees (when a pointer into a middle of heap object is passed to free). We recently had a very unpleasant case in crypto code which freed an inner object inside of a heap allocation. This left unnoticed during free, but totally corrupted heap and later lead to a bunch of random crashes all over kernel code. Detect invalid frees. This patch (of 5): Detect frees of pointers into middle of large heap objects. I dropped const from kasan_kfree_large() because it starts propagating through a bunch of functions in kasan_report.c, slab/slub nearest_obj(), all of their local variables, fixup_red_left(), etc. Link: http://lkml.kernel.org/r/1b45b4fe1d20fc0de1329aab674c1dd973fee723.1514378558.git.dvyukov@google.com Signed-off-by: Dmitry Vyukov <dvyukov@google.com> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>a Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Change-Id: I9bbb41f6d0eb6bdcd8811a32d22565aac84296ee Bug: 128674696 |
||
Paul Lawrence
|
ff31781e80 |
UPSTREAM: kasan: add tests for alloca poisoning
Upstream commit 00a14294bb33af533f7ac002fb20623fdd8ea0d7. Link: http://lkml.kernel.org/r/20171204191735.132544-5-paullawrence@google.com Signed-off-by: Greg Hackmann <ghackmann@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com> Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Alexander Potapenko <glider@google.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Masahiro Yamada <yamada.masahiro@socionext.com> Cc: Matthias Kaehlcke <mka@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Change-Id: Icac3cef4c07f321fa9be6332a5759a32c31edac3 Bug: 128674696 |
||
|
Andrey Ryabinin
|
bd4d1f46ee |
UPSTREAM: lib/strscpy: Shut up KASAN false-positives in strscpy()
Upstream commit 1a3241ff10d038ecd096d03380327f2a0b5840a6.
strscpy() performs the word-at-a-time optimistic reads. So it may may
access the memory past the end of the object, which is perfectly fine
since strscpy() doesn't use that (past-the-end) data and makes sure the
optimistic read won't cross a page boundary.
Use new read_word_at_a_time() to shut up the KASAN.
Note that this potentially could hide some bugs. In example bellow,
stscpy() will copy more than we should (1-3 extra uninitialized bytes):
char dst[8];
char *src;
src = kmalloc(5, GFP_KERNEL);
memset(src, 0xff, 5);
strscpy(dst, src, 8);
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Change-Id: Iaec12827555f2f64710f7bfe6cc2075cf2a1b346
Bug: 128674696
|
||
|
Greg Kroah-Hartman
|
86281ad1a4 |
This is the 4.14.133 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl0lmcMACgkQONu9yGCS
aT5mWw/8D+Dm4ZnoimKHY+I1lEMPrRrPIODEIAL8ttN7NoMccXgWNtNyS++uNaU1
Ht6TAIDQHWi1Q2ofDYnfhj6cOL3jSSL3I38gjwB/RUx9vbX+w0O12U0kRA8yTPcQ
ZXJnMA1He8nX4d1ZY0R3deyB/FFn6AR1hIGE5slgi5dDW5yfgTWVeMkMOaGEk5h3
5+Qmj7duhBSaUZEjOykJaHGvLniLBSsxIIVvSbNNxOVQVEsGCRb7EBX9SL3mINXl
U0WFux2+lGAhXoEPOlPC/lUkd+wud8PhriHOBgA1soqHpbgM6JNsdGwj+CHzlw+J
lMKJoJObi7A2xMvADITv1Dy426ukNy2MDNq+DLkv37mssoltZ+SNk5kw0g+PB8pq
xJs3hrkc9KAqIbYUUpTEwU1rMWmFkaT8APwSyEhPJtcbLG6gwrJLidE+QF8qJc1X
ICDc8MiNqPGWCoIgTn++PteQN+FP5jBMTOItkNWYvm6zQdx8MRoyVK9g+9JvF9ga
Px414So9pS1dszl7iz6eMYXLdFJ8VWYJOgjylausOT28ThZ5L2V6++NmTSgCUUwc
IMVBnKJNlG7rSsmjiSwBvYflqiXRBc3k99xA2IgzyMuQGDnY4Esd59w6rI7I6C5Q
l9ja1HDi+Uq4lE+dZp07gLs4QVwDuFSf1vQn+uDCjFObFf/uSL0=
=hX0C
-----END PGP SIGNATURE-----
Merge 4.14.133 into android-4.14
Changes in 4.14.133
Bluetooth: Fix faulty expression for minimum encryption key size check
ASoC : cs4265 : readable register too low
ASoC: soc-pcm: BE dai needs prepare when pause release after resume
spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
drm/mediatek: fix unbind functions
drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver
drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable()
ASoC: max98090: remove 24-bit format support if RJ is 0
ASoC: sun4i-i2s: Fix sun8i tx channel offset mask
ASoC: sun4i-i2s: Add offset to RX channel select
usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
SoC: rt274: Fix internal jack assignment in set_jack callback
scsi: hpsa: correct ioaccel2 chaining
platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration
cpuset: restore sanity to cpuset_cpus_allowed_fallback()
scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE
mm/mlock.c: change count_mm_mlocked_page_nr return type
module: Fix livepatch/ftrace module text permissions race
ftrace: Fix NULL pointer dereference in free_ftrace_func_mapper()
MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
drm/i915/dmc: protect against reading random memory
ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
crypto: user - prevent operating on larval algorithms
crypto: cryptd - Fix skcipher instance memory leak
ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
ALSA: line6: Fix write on zero-sized buffer
ALSA: usb-audio: fix sign unintended sign extension on left shifts
ALSA: hda/realtek - Change front mic location for Lenovo M710q
lib/mpi: Fix karactx leak in mpi_powm
tracing/snapshot: Resize spare buffer if size changed
arm64: kaslr: keep modules inside module region when KASAN is enabled
drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE
drm/imx: notify drm core before sending event during crtc disable
drm/imx: only send event on crtc disable if kept disabled
ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code()
mm/vmscan.c: prevent useless kswapd loops
btrfs: Ensure replaced device doesn't have pending chunk allocation
vhost-net: set packet weight of tx polling to 2 * vq size
vhost_net: use packet weight for rx handler, too
vhost_net: introduce vhost_exceeds_weight()
vhost: introduce vhost_exceeds_weight()
vhost_net: fix possible infinite loop
vhost: vsock: add weight support
vhost: scsi: add weight support
tty: rocket: fix incorrect forward declaration of 'rp_init()'
ARC: handle gcc generated __builtin_trap for older compiler
KVM: x86: degrade WARN to pr_warn_ratelimited
KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC
svcrdma: Ignore source port when computing DRC hash
MIPS: Fix bounds check virt_addr_valid
MIPS: Add missing EHB in mtc0 -> mfc0 sequence.
dmaengine: imx-sdma: remove BD_INTR for channel0
stable/btrfs: fix backport bug in d819d97ea025 ("btrfs: honor path->skip_locking in backref code")
Linux 4.14.133
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Herbert Xu
|
9fbe87fc25 |
lib/mpi: Fix karactx leak in mpi_powm
commit c8ea9fce2baf7b643384f36f29e4194fa40d33a6 upstream. Sometimes mpi_powm will leak karactx because a memory allocation failure causes a bail-out that skips the freeing of karactx. This patch moves the freeing of karactx to the end of the function like everything else so that it can't be skipped. Reported-by: syzbot+f7baccc38dcc1e094e77@syzkaller.appspotmail.com Fixes: cdec9cb5167a ("crypto: GnuPG based MPI lib - source files...") Cc: <stable@vger.kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
dc5b5874e1 |
This is the 4.14.125 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlz/gL8ACgkQONu9yGCS
aT4seg//QP6cbLk/0iW5pvrB3pYigMD8Y0O4z3e0QrJrjOhnFYqQqWx8WYZaIoh8
rx49qfk/wz1ck1sXMa1Uj3X+WUJW0D741DdEva9jVko5aRG80MIX9MxIAOM5xc5c
lg1cJWZVlAdRQK2rp6unddRgbFlfuBuae+6Gn10TYYDASH/yjKzCC9Kfztn2IViB
Gtydz+QMpSw6713QS+/gmjzHQyrhD9lkmYFQI0kf8DZwswk7NEf8ZU8jcf9JhZRJ
EfzBy2ExglCNJyCufvaO7HNuP0TSEOKF9KY4ScydzpXvbcBNTyljWF64Y8EO6fop
oK0zDTSw3LmwRi9q2yZjsD1JVapvO00To9v8BpPhEazNNpKXicVutl+CqBVTy+4w
kzESY1jnJesRdtEmbVjgfDpwU/K4FM5ATo/SI5zBObtpsuxHjwivsgvtQWy1Ul9a
N3e3yUVtvE9Z42pz5sXGWo5AH70oFdTs8CB93LVfPpDN7nJiyPJci5BZX0kkYI3s
gb/ix8pBdrwYY9xWBbi5Y+6h0iPvMZA4o5+rR6NitzjmAvt8JbWfEB6W8Fd2Q/1g
1XadZkv1BnmuGL3mc4r6j3WsoRiNaCll65OmV7oAyIMqBWDhk7HxozYdPZlAhCJe
QfdQh16h2IBhL44kUEKzp+29AAqofUEw+i4XjGHP1QFuOv9nNTg=
=2ESo
-----END PGP SIGNATURE-----
Merge 4.14.125 into android-4.14
Changes in 4.14.125
ethtool: fix potential userspace buffer overflow
Fix memory leak in sctp_process_init
neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
net: rds: fix memory leak in rds_ib_flush_mr_pool
pktgen: do not sleep with the thread lock held.
ipv6: fix EFAULT on sendto with icmpv6 and hdrincl
ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
net: sfp: read eeprom in maximum 16 byte increments
ipv6: fix the check before getting the cookie in rt6_get_cookie
Revert "fib_rules: fix error in backport of e9919a24d302 ("fib_rules: return 0...")"
Revert "fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied"
rcu: locking and unlocking need to always be at least barriers
parisc: Use implicit space register selection for loading the coherence index of I/O pdirs
fuse: fallocate: fix return with locked inode
pstore: Remove needless lock during console writes
pstore: Convert buf_lock to semaphore
pstore/ram: Run without kernel crash dump region
x86/power: Fix 'nosmt' vs hibernation triple fault during resume
i2c: xiic: Add max_read_len quirk
MIPS: Bounds check virt_addr_valid
MIPS: pistachio: Build uImage.gz by default
Revert "MIPS: perf: ath79: Fix perfcount IRQ assignment"
genwqe: Prevent an integer overflow in the ioctl
test_firmware: Use correct snprintf() limit
drm/gma500/cdv: Check vbt config bits when detecting lvds panels
drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)
drm/amdgpu/psp: move psp version specific function pointers to early_init
drm/radeon: prefer lower reference dividers
drm/i915: Fix I915_EXEC_RING_MASK
drm/i915/fbc: disable framebuffer compression on GeminiLake
TTY: serial_core, add ->install
qmi_wwan: Add quirk for Quectel dynamic config
fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
fuse: Add FOPEN_STREAM to use stream_open()
ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
ethtool: check the return value of get_regs_len
Linux 4.14.125
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Dan Carpenter
|
2418da0204 |
test_firmware: Use correct snprintf() limit
commit bd17cc5a20ae9aaa3ed775f360b75ff93cd66a1d upstream.
The limit here is supposed to be how much of the page is left, but it's
just using PAGE_SIZE as the limit.
The other thing to remember is that snprintf() returns the number of
bytes which would have been copied if we had had enough room. So that
means that if we run out of space then this code would end up passing a
negative value as the limit and the kernel would print an error message.
I have change the code to use scnprintf() which returns the number of
bytes that were successfully printed (not counting the NUL terminator).
Fixes: c92316bf8e94 ("test_firmware: add batched firmware tests")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
acd501fffb |
This is the 4.14.123 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzxMHgACgkQONu9yGCS aT5I0w/+OblFNqCut1rrLwYKOTuF0Xwt6/V6+be+I9r35OyF/ZVm5mLzNfS6GFFO 1l6ZAhHrRzmRZr6nwkmQcrE3miP66PEePRMYTMs38Baz9TW38hA+bEcKvNmNM7Em Y90KPTd4iktHkrw83MPUIucc/F3o3+SaIC/L/uPmQzJc4odRRZZP7qRCIVTwGC5Z 8oxFKBxEUJ6uUmyF1UrCg5TdSmttW2679C6kBFMO2leLmY9nNYjYIwZ8SxRI2OJp CgDDhAF3JgwYRJq9lPtR6+HakB+RhR/YMhcaC3+sjGmryII90D7kBzeL3ozRbI/f MwGI1IsVgl7Qkk/hxaXZACjiUuHPUOu++biAQl2HMlUQ6VkHt8z+yZzxRQg4tOUU W/1LPvSx2MzRNhqn1IxaEcI20qwtVl07U40swN0VU7s7nlwt9Gz0XZRVxzQpY8Fl c1/zzET/4sus8sEMUE6Dbmx7Nyb5Q/KJjt46f8ZeML3/VTeCfdxhlJv0jDjqLPaO QaYf/dTYAWH47MOuIArW6wRmhVDxpQ/b67vfkCe1aOKrXHsjrfwqN8xZkE4yeWTS xj91v7ZlmLhg5lRT0NbCaCK8Ku9stbadcqllWNjAsuWctmsA3+8/GWkjV5hrG/pw DeO5uhtYdOT5B4UeYlP8/rwZYVH1vKwNSelBwKmMjzyYf42VFGg= =6Rms -----END PGP SIGNATURE----- Merge 4.14.123 into android-4.14 Changes in 4.14.123 x86: Hide the int3_emulate_call/jmp functions from UML ext4: do not delete unlinked inode from orphan list on failed truncate f2fs: Fix use of number of devices KVM: x86: fix return value for reserved EFER bio: fix improper use of smp_mb__before_atomic() sbitmap: fix improper use of smp_mb__before_atomic() Revert "scsi: sd: Keep disk read-only when re-reading partition" crypto: vmx - CTR: always increment IV as quadword mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem kvm: svm/avic: fix off-by-one in checking host APIC ID libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead libnvdimm/namespace: Fix label tracking error arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable gfs2: Fix sign extension bug in gfs2_update_stats Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path Btrfs: avoid fallback to transaction commit during fsync of files with holes Btrfs: fix race between ranged fsync and writeback of adjacent ranges btrfs: sysfs: Fix error path kobject memory leak btrfs: sysfs: don't leak memory when failing add fsid fbdev: fix divide error in fb_var_to_videomode hugetlb: use same fault hash key for shared and private mappings brcmfmac: assure SSID length from firmware is limited brcmfmac: add subtype check for event handling in data path btrfs: honor path->skip_locking in backref code fbdev: fix WARNING in __alloc_pages_nodemask bug media: cpia2: Fix use-after-free in cpia2_exit media: serial_ir: Fix use-after-free in serial_ir_init_module media: vivid: use vfree() instead of kfree() for dev->bitmap_cap ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit bpf: devmap: fix use-after-free Read in __dev_map_entry_free batman-adv: mcast: fix multicast tt/tvlv worker locking at76c50x-usb: Don't register led_trigger if usb_register_driver failed net: erspan: fix use-after-free Revert "btrfs: Honour FITRIM range constraints during free space trim" gfs2: Fix lru_count going negative cxgb4: Fix error path in cxgb4_init_module NFS: make nfs_match_client killable IB/hfi1: Fix WQ_MEM_RECLAIM warning gfs2: Fix occasional glock use-after-free mmc: core: Verify SD bus width tools/bpf: fix perf build error with uClibc (seen on ARC) dmaengine: tegra210-dma: free dma controller in remove() net: ena: gcc 8: fix compilation warning pinctrl: zte: fix leaked of_node references ASoC: hdmi-codec: unlock the device on startup errors powerpc/perf: Return accordingly on invalid chip-id in powerpc/boot: Fix missing check of lseek() return value ASoC: imx: fix fiq dependencies spi: pxa2xx: fix SCR (divisor) calculation brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() ARM: vdso: Remove dependency with the arch_timer driver internals arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable sched/cpufreq: Fix kobject memleak scsi: qla2xxx: Fix a qla24xx_enable_msix() error path scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve btrfs: fix panic during relocation after ENOSPC before writeback happens btrfs: Don't panic when we can't find a root key iwlwifi: pcie: don't crash on invalid RX interrupt rtc: 88pm860x: prevent use-after-free on device remove scsi: qedi: Abort ep termination if offload not scheduled w1: fix the resume command API dmaengine: pl330: _stop: clear interrupt status mac80211/cfg80211: update bss channel on channel switch libbpf: fix samples/bpf build failure due to undefined UINT32_MAX ASoC: fsl_sai: Update is_slave_mode with correct value mwifiex: prevent an array overflow net: cw1200: fix a NULL pointer dereference crypto: sun4i-ss - Fix invalid calculation of hash end bcache: return error immediately in bch_journal_replay() bcache: fix failure in journal relplay bcache: add failure check to run_cache_set() for journal replay bcache: avoid clang -Wunintialized warning vfio-ccw: Do not call flush_workqueue while holding the spinlock vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev x86/build: Move _etext to actual end of .text smpboot: Place the __percpu annotation correctly x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions HID: logitech-hidpp: use RAP instead of FAP to get the protocol version pinctrl: pistachio: fix leaked of_node references pinctrl: samsung: fix leaked of_node references clk: rockchip: undo several noc and special clocks as critical on rk3288 dmaengine: at_xdmac: remove BUG_ON macro in tasklet media: coda: clear error return value before picture run media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper media: au0828: stop video streaming only when last user stops media: ov2659: make S_FMT succeed even if requested format doesn't match audit: fix a memory leak bug media: stm32-dcmi: fix crash when subdev do not expose any formats media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() media: pvrusb2: Prevent a buffer overflow powerpc/numa: improve control of topology updates powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX random: add a spinlock_t to struct batched_entropy cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock sched/core: Check quota and period overflow at usec to nsec conversion sched/rt: Check integer overflow at usec to nsec conversion sched/core: Handle overflow in cpu_shares_write_u64 drm/msm: a5xx: fix possible object reference leak USB: core: Don't unbind interfaces following device reset failure x86/irq/64: Limit IST stack overflow check to #DB stack phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode i40e: Able to add up to 16 MAC filters on an untrusted VF i40e: don't allow changes to HW VLAN stripping on active port VLANs arm64: vdso: Fix clock_getres() for CLOCK_REALTIME RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure hwmon: (vt1211) Use request_muxed_region for Super-IO accesses hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses hwmon: (pc87427) Use request_muxed_region for Super-IO accesses hwmon: (f71805f) Use request_muxed_region for Super-IO accesses scsi: libsas: Do discovery on empty PHY to update PHY info mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers mmc_spi: add a status check for spi_sync_locked mmc: sdhci-of-esdhc: add erratum eSDHC5 support mmc: sdhci-of-esdhc: add erratum A-009204 support mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support drm/amdgpu: fix old fence check in amdgpu_fence_emit PM / core: Propagate dev->power.wakeup_path when no callbacks clk: rockchip: Fix video codec clocks on rk3288 extcon: arizona: Disable mic detect if running when driver is removed clk: rockchip: Make rkpwm a critical clock on rk3288 s390: zcrypt: initialize variables before_use x86/microcode: Fix the ancient deprecated microcode loading method s390: cio: fix cio_irb declaration cpufreq: ppc_cbe: fix possible object reference leak cpufreq/pasemi: fix possible object reference leak cpufreq: pmac32: fix possible object reference leak cpufreq: kirkwood: fix possible object reference leak block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR x86/build: Keep local relocations with ld.lld iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion iio: hmc5843: fix potential NULL pointer dereferences iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data rtlwifi: fix a potential NULL pointer dereference mwifiex: Fix mem leak in mwifiex_tm_cmd brcmfmac: fix missing checks for kmemdup b43: shut up clang -Wuninitialized variable warning brcmfmac: convert dev_init_lock mutex to completion brcmfmac: fix WARNING during USB disconnect in case of unempty psq brcmfmac: fix race during disconnect when USB completion is in progress brcmfmac: fix Oops when bringing up interface during USB disconnect rtc: xgene: fix possible race condition rtlwifi: fix potential NULL pointer dereference scsi: ufs: Fix regulator load and icc-level configuration scsi: ufs: Avoid configuring regulator with undefined voltage range arm64: cpu_ops: fix a leaked reference by adding missing of_node_put x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP x86/uaccess, signal: Fix AC=1 bloat x86/ia32: Fix ia32_restore_sigcontext() AC leak chardev: add additional check for minor range overlap RDMA/hns: Fix bad endianess of port_pd variable HID: core: move Usage Page concatenation to Main item ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put cxgb3/l2t: Fix undefined behaviour HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent spi: tegra114: reset controller on probe kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice. media: video-mux: fix null pointer dereferences media: wl128x: prevent two potential buffer overflows scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check virtio_console: initialize vtermno value for ports tty: ipwireless: fix missing checks for ioremap x86/mce: Fix machine_check_poll() tests for error types rcutorture: Fix cleanup path for invalid torture_type strings rcuperf: Fix cleanup path for invalid perf_type strings usb: core: Add PM runtime calls to usb_hcd_platform_shutdown scsi: qla4xxx: avoid freeing unallocated dma memory batman-adv: allow updating DAT entry timeouts on incoming ARP Replies dmaengine: tegra210-adma: use devm_clk_*() helpers hwrng: omap - Set default quality thunderbolt: Fix to check for kmemdup failure media: m88ds3103: serialize reset messages in m88ds3103_set_frontend media: vimc: stream: fix thread state before sleep media: go7007: avoid clang frame overflow warning with KASAN media: vimc: zero the media_device on probe scsi: lpfc: Fix FDMI manufacturer attribute value scsi: lpfc: Fix fc4type information for FDMI media: saa7146: avoid high stack usage with clang scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices spi : spi-topcliff-pch: Fix to handle empty DMA buffers spi: rspi: Fix sequencer reset during initialization spi: Fix zero length xfer bug ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM drm/drv: Hold ref on parent device during drm_device lifetime drm: Wake up next in drm_read() chain if we are forced to putback the event vfio-ccw: Prevent quiesce function going into an infinite loop NFS: Fix a double unlock from nfs_match,get_client Linux 4.14.123 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Tetsuo Handa
|
ce4390fb19 |
kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice.
[ Upstream commit c03a0fd0b609e2f5c669c2b7f27c8e1928e9196e ]
syzbot is hitting use-after-free bug in uinput module [1]. This is because
kobject_uevent(KOBJ_REMOVE) is called again due to commit 0f4dafc0563c6c49
("Kobject: auto-cleanup on final unref") after memory allocation fault
injection made kobject_uevent(KOBJ_REMOVE) from device_del() from
input_unregister_device() fail, while uinput_destroy_device() is expecting
that kobject_uevent(KOBJ_REMOVE) is not called after device_del() from
input_unregister_device() completed.
That commit intended to catch cases where nobody even attempted to send
"remove" uevents. But there is no guarantee that an event will ultimately
be sent. We are at the point of no return as far as the rest of the kernel
is concerned; there are no repeats or do-overs.
Also, it is not clear whether some subsystem depends on that commit.
If no subsystem depends on that commit, it will be better to remove
the state_{add,remove}_uevent_sent logic. But we don't want to risk
a regression (in a patch which will be backported) by trying to remove
that logic. Therefore, as a first step, let's avoid the use-after-free bug
by making sure that kobject_uevent(KOBJ_REMOVE) won't be triggered twice.
[1] https://syzkaller.appspot.com/bug?id=8b17c134fe938bbddd75a45afaa9e68af43a362d
Reported-by: syzbot <syzbot+f648cfb7e0b52bf7ae32@syzkaller.appspotmail.com>
Analyzed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Fixes: 0f4dafc0563c6c49 ("Kobject: auto-cleanup on final unref")
Cc: Kay Sievers <kay@vrfy.org>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Peter Zijlstra
|
a7ab08b7c3 |
mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions
[ Upstream commit 29da93fea3ea39ab9b12270cc6be1b70ef201c9e ] Randy reported objtool triggered on his (GCC-7.4) build: lib/strncpy_from_user.o: warning: objtool: strncpy_from_user()+0x315: call to __ubsan_handle_add_overflow() with UACCESS enabled lib/strnlen_user.o: warning: objtool: strnlen_user()+0x337: call to __ubsan_handle_sub_overflow() with UACCESS enabled This is due to UBSAN generating signed-overflow-UB warnings where it should not. Prior to GCC-8 UBSAN ignored -fwrapv (which the kernel uses through -fno-strict-overflow). Make the functions use 'unsigned long' throughout. Reported-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Randy Dunlap <rdunlap@infradead.org> # build-tested Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: luto@kernel.org Link: http://lkml.kernel.org/r/20190424072208.754094071@infradead.org Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Andrea Parri
|
fce095450b |
sbitmap: fix improper use of smp_mb__before_atomic()
commit a0934fd2b1208458e55fc4b48f55889809fce666 upstream.
This barrier only applies to the read-modify-write operations; in
particular, it does not apply to the atomic_set() primitive.
Replace the barrier with an smp_mb().
Fixes: 6c0ca7ae292ad ("sbitmap: fix wakeup hang after sbq resize")
Cc: stable@vger.kernel.org
Reported-by: "Paul E. McKenney" <paulmck@linux.ibm.com>
Reported-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Andrea Parri <andrea.parri@amarulasolutions.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Omar Sandoval <osandov@fb.com>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: linux-block@vger.kernel.org
Cc: "Paul E. McKenney" <paulmck@linux.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
fd9e32a025 |
This is the 4.14.122 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzpbIIACgkQONu9yGCS aT7bGhAAs0CR9GnL3sgl9AlMJ3SHGMnWA+KVt3KCPnIJMMz7QNJrhAUxpg/vBN3l UqOGey7+T4l8KYXzVZyO1Fd9qyQ+qZSr25V/U9FmqboKLxtaG44/R9S8UfhwaWXg RHlWdWc8gwrIcIsXlN+DmDfC3xGvCSC8M2Fh3xXtBR8agK4B06cuCKIFkwBKuOxI zR9WLvGb1Ytletr4ev8yISzEPS8EKPra0Reh6k3cKB8SvVPB5mKfwu7t/7Vqf8/3 HcXvwEXeiz8JTEciWB6ThSNRZ9oWd41jfVAvQb1zLGXaQmAFVve5Q0IOqLkMXIzw RA6p2nsRIGKsZw6LdBz3lmNqOIBgBLS5rmwIUju7BdoVHqVYzBTIz7oEBI0V4xXe XdNexC7IIWGwKcYcWxCIqzSE5JU4dwbYLktZFvqibE7IyslhN2d54Zz/dFycG5YM 6RM1HdEUmJ6lwxXWUCcpCJnObOvhQwCaP5QpCjak/XZvaIJubGhunePOnNbnzUz/ JfWXWEJ+64dv3ZxzqvpZYEb8iBPUMqcavmrIF8lWoKlwcOtnGpWnYzh+kgANw5jF XDij9Riq+9b79fQa0CXKaDik75pNkYucPLTkATBX/mROEHb1mIoxR1Z7Bil6PPiR yUNOfhPBZJ5FcM4eCfTRO3yFuJedfBEyFLnlNtNedM/W8dqu4/0= =3Yy7 -----END PGP SIGNATURE----- Merge 4.14.122 into android-4.14 Changes in 4.14.122 net: avoid weird emergency message net/mlx4_core: Change the error print to info print net: test nouarg before dereferencing zerocopy pointers net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions ppp: deflate: Fix possible crash in deflate_init tipc: switch order of device registration to fix a crash vsock/virtio: free packets during the socket release tipc: fix modprobe tipc failed after switch order of device registration vsock/virtio: Initialize core virtio vsock before registering the driver net: Always descend into dsa/ parisc: Export running_on_qemu symbol for modules parisc: Skip registering LED when running in QEMU parisc: Use PA_ASM_LEVEL in boot code parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with DRBD code stm class: Fix channel free in stm output free path md: add mddev->pers to avoid potential NULL pointer dereference intel_th: msu: Fix single mode with IOMMU p54: drop device reference count if fails to enable device of: fix clang -Wunsequenced for be32_to_cpu() cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() media: ov6650: Fix sensor possibly not detected on probe Revert "cifs: fix memory leak in SMB2_read" NFS4: Fix v4.0 client state corruption when mount PNFS fallback to MDS if no deviceid found clk: hi3660: Mark clk_gate_ufs_subsys as critical clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider clk: rockchip: fix wrong clock definitions for rk3328 fuse: fix writepages on 32bit fuse: honor RLIMIT_FSIZE in fuse_file_fallocate iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114 ceph: flush dirty inodes before proceeding with remount x86_64: Add gap to int3 to allow for call emulation x86_64: Allow breakpoints to emulate call instructions ftrace/x86_64: Emulate call function while updating in breakpoint handler tracing: Fix partial reading of trace event's id file memory: tegra: Fix integer overflow on tick value calculation perf intel-pt: Fix instructions sampling rate perf intel-pt: Fix improved sample timestamp perf intel-pt: Fix sample timestamp wrt non-taken branches objtool: Allow AR to be overridden with HOSTAR fbdev: sm712fb: fix brightness control on reboot, don't set SR30 fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75 fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM fbdev: sm712fb: fix support for 1024x768-16 mode fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken PCI: Mark Atheros AR9462 to avoid bus reset PCI: Factor out pcie_retrain_link() function PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum dm cache metadata: Fix loading discard bitset dm zoned: Fix zone report handling dm delay: fix a crash when invalid device is specified xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module vti4: ipip tunnel deregistration fixes. esp4: add length check for UDP encapsulation xfrm4: Fix uninitialized memory read in _decode_session4 power: supply: cpcap-battery: Fix division by zero securityfs: fix use-after-free on symlink traversal apparmorfs: fix use-after-free on symlink traversal mac80211: Fix kernel panic due to use of txq after free KVM: arm/arm64: Ensure vcpu target is unset on reset failure power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() sched/cpufreq: Fix kobject memleak x86/mm/mem_encrypt: Disable all instrumentation for early SME setup ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour perf bench numa: Add define for RUSAGE_THREAD if not present Revert "Don't jump to compute_result state from check_result state" md/raid: raid5 preserve the writeback action after the parity check driver core: Postpone DMA tear-down until after devres release for probe failure bpf: add map_lookup_elem_sys_only for lookups from syscall side bpf, lru: avoid messing with eviction heuristics upon syscall lookup btrfs: Honour FITRIM range constraints during free space trim fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough Linux 4.14.122 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Gary Hook
|
489e5d8c76 |
x86/mm/mem_encrypt: Disable all instrumentation for early SME setup
[ Upstream commit b51ce3744f115850166f3d6c292b9c8cb849ad4f ]
Enablement of AMD's Secure Memory Encryption feature is determined very
early after start_kernel() is entered. Part of this procedure involves
scanning the command line for the parameter 'mem_encrypt'.
To determine intended state, the function sme_enable() uses library
functions cmdline_find_option() and strncmp(). Their use occurs early
enough such that it cannot be assumed that any instrumentation subsystem
is initialized.
For example, making calls to a KASAN-instrumented function before KASAN
is set up will result in the use of uninitialized memory and a boot
failure.
When AMD's SME support is enabled, conditionally disable instrumentation
of these dependent functions in lib/string.c and arch/x86/lib/cmdline.c.
[ bp: Get rid of intermediary nostackp var and cleanup whitespace. ]
Fixes: aca20d546214 ("x86/mm: Add support to make use of Secure Memory Encryption")
Reported-by: Li RongQing <lirongqing@baidu.com>
Signed-off-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Boris Brezillon <bbrezillon@kernel.org>
Cc: Coly Li <colyli@suse.de>
Cc: "dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Kent Overstreet <kent.overstreet@gmail.com>
Cc: "luto@kernel.org" <luto@kernel.org>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: "mingo@redhat.com" <mingo@redhat.com>
Cc: "peterz@infradead.org" <peterz@infradead.org>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/155657657552.7116.18363762932464011367.stgit@sosrh3.amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
2470653b00 |
This is the 4.14.121 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzkLE0ACgkQONu9yGCS
aT4ZkhAAoiWU5PcwwGtVonrlrtUlwFF14ZyDOMh1hkK7EWHWE+8r3In4BnUz6nW/
wA5IZvIClDPn0go44uhGdZG078q7EqBnY2nhTEseG7XYTWSkIOaMsbcW8f5NFkCC
Z9x7KKIIDRGt/uVNKXgIk5nqmFP7ycNgxUfq3bxMkproFLgeHmFihG43YC0O62b2
nAF/q8OVpONqU9zPGwdVoBY+LQIfhsJi04Raoexr4+UFkvoUZF5zDKl6QZVPCXXT
ETi7CXqntfFt92S6Y4rQfZe883oYFfWzi7GFhNL/oU4TMYDG+J8/PBS4rG3nosSp
Lk81SCmTkAaOhG0rBvdkZFthHibGk3+kKuGWehvAhb5qFEJx+znsbwTVWIPTchAc
axxfHOpW1X2rfrPnH/hkHb5unuJTfolquBmmy2D1Glv46LvI19rn1xgHtyGlb5dt
84Gh8Bew372LkUeG7+CCsCKOuMu/8YuvAZ3DMntwGPo7GAnC052MqcpdyV+pj78z
2y7mO8g9BVizaf5NkoZrf58KuSZDTLf1TfTRKHQVvTuxhzrnt/UIUF/BQmY216kd
pEFp1Qq3zAwTaQgCV6s1ZWGHVidFIPQo7xtFND7MIZQYaZfFZivYS3AVdlox1KGd
k2Rsb/Ub2R/KRrfMdjgIkNbEzauOS9miQTjwMr7zt2AsZJFXDwQ=
=CsUM
-----END PGP SIGNATURE-----
Merge 4.14.121 into android-4.14
Changes in 4.14.121
net: core: another layer of lists, around PF_MEMALLOC skb handling
locking/rwsem: Prevent decrement of reader count before increment
PCI: hv: Fix a memory leak in hv_eject_device_work()
PCI: hv: Add hv_pci_remove_slots() when we unload the driver
PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary
x86/speculation/mds: Revert CPU buffer clear on double fault exit
x86/speculation/mds: Improve CPU buffer clear documentation
objtool: Fix function fallthrough detection
ARM: dts: exynos: Fix interrupt for shared EINTs on Exynos5260
ARM: dts: exynos: Fix audio (microphone) routing on Odroid XU3
ARM: exynos: Fix a leaked reference by adding missing of_node_put
power: supply: axp288_charger: Fix unchecked return value
arm64: compat: Reduce address limit
arm64: Clear OSDLR_EL1 on CPU boot
arm64: Save and restore OSDLR_EL1 across suspend/resume
sched/x86: Save [ER]FLAGS on context switch
crypto: chacha20poly1305 - set cra_name correctly
crypto: vmx - fix copy-paste error in CTR mode
crypto: skcipher - don't WARN on unprocessed data after slow walk step
crypto: crct10dif-generic - fix use via crypto_shash_digest()
crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
crypto: rockchip - update IV buffer to contain the next IV
crypto: arm/aes-neonbs - don't access already-freed walk.iv
ALSA: usb-audio: Fix a memory leak bug
ALSA: hda/hdmi - Read the pin sense from register when repolling
ALSA: hda/hdmi - Consider eld_valid when reporting jack event
ALSA: hda/realtek - EAPD turn on later
ASoC: max98090: Fix restore of DAPM Muxes
ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
bpf, arm64: remove prefetch insn in xadd mapping
mm/mincore.c: make mincore() more conservative
ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
userfaultfd: use RCU to free the task struct when fork fails
mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L
mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values
mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write
tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0
tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
jbd2: check superblock mapped prior to committing
ext4: make sanity check in mballoc more strict
ext4: ignore e_value_offs for xattrs with value-in-ea-inode
ext4: avoid drop reference to iloc.bh twice
Btrfs: do not start a transaction during fiemap
Btrfs: do not start a transaction at iterate_extent_inodes()
bcache: fix a race between cache register and cacheset unregister
bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
ext4: fix use-after-free race with debug_want_extra_isize
ext4: actually request zeroing of inode table after grow
ext4: fix ext4_show_options for file systems w/o journal
ipmi:ssif: compare block number correctly for multi-part return messages
crypto: arm64/aes-neonbs - don't access already-freed walk.iv
crypto: salsa20 - don't access already-freed walk.iv
crypto: ccm - fix incompatibility between "ccm" and "ccm_base"
fib_rules: fix error in backport of e9919a24d302 ("fib_rules: return 0...")
fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount
ext4: zero out the unused memory region in the extent tree block
ext4: fix data corruption caused by overlapping unaligned and aligned IO
ext4: fix use-after-free in dx_release()
ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
iov_iter: optimize page_copy_sane()
ext4: fix compile error when using BUFFER_TRACE
Linux 4.14.121
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Eric Dumazet
|
d58465aec7 |
iov_iter: optimize page_copy_sane()
commit 6daef95b8c914866a46247232a048447fff97279 upstream. Avoid cache line miss dereferencing struct page if we can. page_copy_sane() mostly deals with order-0 pages. Extra cache line miss is visible on TCP recvmsg() calls dealing with GRO packets (typically 45 page frags are attached to one skb). Bringing the 45 struct pages into cpu cache while copying the data is not free, since the freeing of the skb (and associated page frags put_page()) can happen after cache lines have been evicted. Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Cc: Matthew Wilcox <willy@infradead.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
db393694d6 |
This is the 4.14.118 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzVnmsACgkQONu9yGCS aT6XoBAAzvBXcFwl1t1ELq5YJ9qsChTdnjF15ohgVFaWdM4SDKIM/Unv07P4x8kN BLqK+5u9mjj8jc51WT4GMGFNa2u4bwGtk4yTSEiRWKvZMZlihKBu3CSKD+EL38RF h0J8Z8tPHrfuaByggSI+xd0Pwkf0Ofc2JMoRb8u8MlsQzHMMFbY4brqKxgfl8Zi7 izd25V38rioKs2cSWqQVDjelPRQtOWkKclvwT2WHRQXqC3L2mZ/FsFiHNj/CoptD bQLnycDD9aPx/9kgcVhodPA4xBCuV93EUi9cFb/9SFWPB/JaHCkO1GV0v7DL9YrD RZ7rATAOgXYpTGrM3YK388a7hF4u98G+cGW6v4lCe5uOKFQcUMZVCys3b4rmqgQS c920wwmyUJL+i+48Z+LuK4yLHzfL/YH+3AVYUQ2CSjXFibXi0agKOFfvIYnXZCNI 9ut9N/cNkALib0IwWcadx0uCaq8u1meVoTJ2SQtcIhWU4MKNtqPLWA9vMH98U5M2 lP0lVaBePXU6XqrlGC/RnR1fH2iqmqosmmwi+XAMHqqxMfHIg5blxoD2nTEUeGcr ow54Tp6KSo9TsoHOyzDcB7d7iMaTEcLIKFGbpRkcMj/n3itdpdq7XxYQpGzDpqjq /V/8cfSqIwfPQ1rdByXITxfl8pYy0+ybYFVsE032ZAyzUkA+vsw= =OrBm -----END PGP SIGNATURE----- Merge 4.14.118 into android-4.14 Changes in 4.14.118 scsi: libsas: fix a race condition when smp task timeout Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings staging: greybus: power_supply: fix prop-descriptor request size ASoC: hdmi-codec: fix S/PDIF DAI ASoC:soc-pcm:fix a codec fixup issue in TDM case ASoC: nau8824: fix the issue of the widget with prefix name ASoC: nau8810: fix the issue of widget with prefixed name ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate ASoC: wm_adsp: Add locking to wm_adsp2_bus_error ASoC: cs4270: Set auto-increment bit for register writes IB/hfi1: Eliminate opcode tests on mr deref MIPS: KGDB: fix kgdb support for SMP platforms. ASoC: tlv320aic32x4: Fix Common Pins drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata() perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS perf/x86/intel: Initialize TFA MSR linux/kernel.h: Use parentheses around argument in u64_to_user_ptr() ASoC: rockchip: pdm: fix regmap_ops hang issue slab: fix a crash by reading /proc/slab_allocators virtio_pci: fix a NULL pointer reference in vp_del_vqs RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove scsi: csiostor: fix missing data copy in csio_scsi_err_handler() drm/mediatek: fix possible object reference leak ASoC: Intel: kbl: fix wrong number of channels virtio-blk: limit number of hw queues by nr_cpu_ids platform/x86: pmc_atom: Drop __initconst on dmi table iommu/amd: Set exclusion range correctly genirq: Prevent use-after-free and work list corruption usb: dwc3: Fix default lpm_nyet_threshold value USB: serial: f81232: fix interrupt worker not stop USB: cdc-acm: fix unthrottle races usb-storage: Set virt_boundary_mask to avoid SG overflows intel_th: pci: Add Comet Lake support scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines Bluetooth: hidp: fix buffer overflow Bluetooth: Align minimum encryption key size for LE and BR/EDR connections UAS: fix alignment of scatter/gather segments ASoC: Intel: avoid Oops if DMA setup fails locking/futex: Allow low-level atomic operations to return -EAGAIN arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP Linux 4.14.118 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Andrey Ryabinin
|
4b2bff7b81 |
ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings
commit f0996bc2978e02d2ea898101462b960f6119b18f upstream.
Building lib/ubsan.c with gcc-9 results in a ton of nasty warnings like
this one:
lib/ubsan.c warning: conflicting types for built-in function
‘__ubsan_handle_negate_overflow’; expected ‘void(void *, void *)’ [-Wbuiltin-declaration-mismatch]
The kernel's declarations of __ubsan_handle_*() often uses 'unsigned
long' types in parameters while GCC these parameters as 'void *' types,
hence the mismatch.
Fix this by using 'void *' to match GCC's declarations.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Fixes: c6d308534aef ("UBSAN: run-time undefined behavior sanity checker")
Cc: <stable@vger.kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
74196c0ea4 |
This is the 4.14.117 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzSZzYACgkQONu9yGCS aT5DQRAAkerBQJtIfamUTQvLOjpfHtDgGkfm4rI93sfBdU5vxO45yP04XiFwKXXU RTTc7wc9YKqVWuUnhcVHhvzkud5pBDICs+aNAiLjuopir7CbbOg3k/nTfFncEqfQ weClaKxfiPBP5a9vlh9LZzW8TixIT9+3Z7/gwuYLMhv4sq5CwCqe1ttFn/DKs9+t EsS5fKNsKgwc8YXK6t8L71kyeDA54TZp9T+yYUy53+4ijSvqGOIVGcK53awUzlhW 64G+nALSjWXnA7z5DFcyFL6hOv7SgShVBYvGd4HsyCSF23xX7MLg6gekP/BBfOeF XT2HiPxEiMaUkUFG21QTxNL27VJqUkiBgf58pO2GdxFc3y5zpwCZ80buG8tMtkKB EYzPKIHGH3VUyqlcNjyw3yVvJJS+Gg+Q8yd0WmZzu8NyDGDVHIOqw9yh2hJqQ+5g DRXEflnnzVQbzymsn4kRyi3uwBbHzdrnVX9uFLxBIKl+0VoE6pUOriwBsnl4OqaI CsS4XngoH94vUspKozxWfRq6Zzo45c/4WB/R2DxaQHYTyoksc4x5COOxkOrcPZEa EqOY63+GM7yiXp+GQHEA94ZwRTq0E544xRvgVtiktoWzZ2N28aNnA9x9/LCOXRFE qQy6/kU6ydDE9x1ioU1zwV+INFh2xTvY/tT0iEousd8tDLCQ5l0= =BZNt -----END PGP SIGNATURE----- Merge 4.14.117 into android-4.14 Changes in 4.14.117 ALSA: line6: use dynamic buffers ipv4: ip_do_fragment: Preserve skb_iif during fragmentation ipv6/flowlabel: wait rcu grace period before put_pid() ipv6: invert flowlabel sharing check in process and user mode sctp: avoid running the sctp state machine recursively packet: validate msg_namelen in send directly bnxt_en: Improve multicast address setup logic. bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() rxrpc: Fix net namespace cleanup net: phy: marvell: Fix buffer overrun with stats counters net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc kasan: remove redundant initialization of variable 'real_size' kasan: prevent compiler from optimizing away memset in tests arm64: Fix single stepping in kernel traps arm64: only advance singlestep for user instruction traps caif: reduce stack size with KASAN ALSA: hda/realtek - Add new Dell platform for headset mode ALSA: hda/realtek - Fixed Dell AIO speaker noise USB: yurex: Fix protection fault after device removal USB: w1 ds2490: Fix bug caused by improper use of altsetting array usb: usbip: fix isoc packet num validation in get_pipe USB: core: Fix unterminated string returned by usb_string() USB: core: Fix bug caused by duplicate interface PM usage counter mm: do not stall register_shrinker() nvme-loop: init nvmet_ctrl fatal_err_work when allocate HID: logitech: check the return value of create_singlethread_workqueue HID: debug: fix race condition with between rdesc_show() and device removal rtc: sh: Fix invalid alarm warning for non-enabled alarm batman-adv: Reduce claim hash refcnt only for removed entry batman-adv: Reduce tt_local hash refcnt only for removed entry batman-adv: Reduce tt_global hash refcnt only for removed entry ARM: dts: rockchip: Fix gpu opp node names for rk3288 igb: Fix WARN_ONCE on runtime suspend net/mlx5: E-Switch, Fix esw manager vport indication for more vport commands bonding: show full hw address in sysfs for slave entries net: stmmac: ratelimit RX error logs net: stmmac: don't overwrite discard_frame status net: stmmac: fix dropping of multi-descriptor RX frames net: stmmac: don't log oversized frames jffs2: fix use-after-free on symlink traversal debugfs: fix use-after-free on symlink traversal rtc: da9063: set uie_unsupported when relevant HID: input: add mapping for Assistant key vfio/pci: use correct format characters scsi: core: add new RDAC LENOVO/DE_Series device scsi: storvsc: Fix calculation of sub-channel count net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() net: hns: Use NAPI_POLL_WEIGHT for hns driver net: hns: Fix probabilistic memory overwrite when HNS driver initialized net: hns: fix ICMP6 neighbor solicitation messages discard problem net: hns: Fix WARNING when remove HNS driver with SMMU enabled kmemleak: powerpc: skip scanning holes in the .bss section hugetlbfs: fix memory leak for resv_map sh: fix multiple function definition build errors xsysace: Fix error handling in ace_setup ARM: orion: don't use using 64-bit DMA masks ARM: iop: don't use using 64-bit DMA masks perf/x86/amd: Update generic hardware cache events for Family 17h Bluetooth: btusb: request wake pin with NOAUTOEN staging: iio: adt7316: allow adt751x to use internal vref for all dacs staging: iio: adt7316: fix the dac read calculation staging: iio: adt7316: fix the dac write calculation scsi: RDMA/srpt: Fix a credit leak for aborted commands ASoC: stm32: fix sai driver name initialisation IB/core: Unregister notifier before freeing MAD security IB/core: Fix potential memory leak while creating MAD agents IB/core: Destroy QP if XRC QP fails Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ Input: stmfts - acknowledge that setting brightness is a blocking call selinux: never allow relabeling on context mounts powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search x86/mce: Improve error message when kernel cannot recover, p2 clk: x86: Add system specific quirk to mark clocks as critical i2c: i2c-stm32f7: Fix SDADEL minimum formula media: v4l2: i2c: ov7670: Fix PLL bypass register values mm/kmemleak.c: fix unused-function warning Linux 4.14.117 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Andrey Konovalov
|
bd6afee7a5 |
kasan: prevent compiler from optimizing away memset in tests
commit 69ca372c100fba99c78ef826a1795aa86e4f01a8 upstream. A compiler can optimize away memset calls by replacing them with mov instructions. There are KASAN tests that specifically test that KASAN correctly handles memset calls so we don't want this optimization to happen. The solution is to add -fno-builtin flag to test_kasan.ko Link: http://lkml.kernel.org/r/105ec9a308b2abedb1a0d1fdced0c22d765e4732.1519924383.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Alexander Potapenko <glider@google.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Cc: Nick Terrell <terrelln@fb.com> Cc: Chris Mason <clm@fb.com> Cc: Yury Norov <ynorov@caviumnetworks.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: "Luis R . Rodriguez" <mcgrof@kernel.org> Cc: Palmer Dabbelt <palmer@dabbelt.com> Cc: "Paul E . McKenney" <paulmck@linux.vnet.ibm.com> Cc: Jeff Layton <jlayton@redhat.com> Cc: "Jason A . Donenfeld" <Jason@zx2c4.com> Cc: Kostya Serebryany <kcc@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Colin Ian King
|
13a1d1adad |
kasan: remove redundant initialization of variable 'real_size'
commit 48c232395431c23d35cf3b4c5a090bd793316578 upstream. Variable real_size is initialized with a value that is never read, it is re-assigned a new value later on, hence the initialization is redundant and can be removed. Cleans up clang warning: lib/test_kasan.c:422:21: warning: Value stored to 'real_size' during its initialization is never read Link: http://lkml.kernel.org/r/20180206144950.32457-1-colin.king@canonical.com Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: Alexander Potapenko <glider@google.com> Cc: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
b5123fd473 |
This is the 4.14.115 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzKnvMACgkQONu9yGCS aT6vPRAAgy8sPwaOoETexGtsEaVVaZX2Yt20ekTuNbKHZKBJKXlq+pcfXawwotUE dr+/jRrpUrOD7Ta4y+qU+mKV3eS4FZ8bJaYvEOKkf/wSFG5sWF6pE7jmgnJ2lJVj SafR601YTCh2eZm+rLogqEF+lXZ9rNUCJlnO6q4APnpvuOGqX6kPaqTxDRK+Qfzz mkij3bnw43YAX5lkx9l2OzreNU5jlh2RSamrF0YrqoL01E/7IXYeAnxQl+Atmjmu pLWsWl/rdxVAnDPwpiZZZAEs3/DYpVtP1bcCH7tESLWICawajUsffn5/yVtwl1UW BKl0mFom7K9tZOhSxmf7kvK+Yq8p5AdyooIFVEfoObYMCZAyXarpnBiey4SeqqQU GRi6fLfMeXrk3ikkI3qGbClbjLhiGmUIyYWz0VI2mxf7+SRnOzHsxgILiaJHPQOn 4+6Y8n1XINMMOu6p0apVSZAAlKjnLsUX0gocTaRQsFTzY9Zqm+/hePe6x7Xm+h66 X4e9NAy/RxZog78aVxTihphAX6V5gbRgcYku+UvWTDoIB13XZ7qxcjyod3DiLvZT n3APkif2sC2ATFmJ3eRSLSitFQ2igIAfW3ob9GtdYb/13I7Zsh0K0FqH1icuKVVm VBsTtvNahCMMKXT/Z5hJOO2agXPprx0kGnn1J6vazh/Bs94QBLw= =tLin -----END PGP SIGNATURE----- Merge 4.14.115 into android-4.14 Changes in 4.14.115 kbuild: simplify ld-option implementation cifs: do not attempt cifs operation on smb2+ rename error tracing: Fix a memory leak by early error exit in trace_pid_write() tracing: Fix buffer_ref pipe ops zram: pass down the bvec we need to read into in the work struct lib/Kconfig.debug: fix build error without CONFIG_BLOCK MIPS: scall64-o32: Fix indirect syscall number load trace: Fix preempt_enable_no_resched() abuse IB/rdmavt: Fix frwr memory registration sched/numa: Fix a possible divide-by-zero ceph: only use d_name directly when parent is locked ceph: ensure d_name stability in ceph_dentry_hash() ceph: fix ci->i_head_snapc leak nfsd: Don't release the callback slot unless it was actually held sunrpc: don't mark uninitialised items as VALID. Input: synaptics-rmi4 - write config register values to the right offset vfio/type1: Limit DMA mappings per container dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid ARM: 8857/1: efi: enable CP15 DMB instructions before cleaning the cache drm/vc4: Fix memory leak during gpu reset. Revert "drm/i915/fbdev: Actually configure untiled displays" drm/vc4: Fix compilation error reported by kbuild test bot USB: Add new USB LPM helpers USB: Consolidate LPM checks to avoid enabling LPM twice ext4: fix some error pointer dereferences vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock tipc: handle the err returned from cmd header function slip: make slhc_free() silently accept an error pointer intel_th: gth: Fix an off-by-one in output unassigning fs/proc/proc_sysctl.c: Fix a NULL pointer dereference ipvs: fix warning on unused variable binder: fix handling of misaligned binder object sched/deadline: Correctly handle active 0-lag timers NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON fm10k: Fix a potential NULL pointer dereference tipc: check bearer name with right length in tipc_nl_compat_bearer_enable tipc: check link name with right length in tipc_nl_compat_link_set dm integrity: change memcmp to strncmp in dm_integrity_ctr x86, retpolines: Raise limit for generating indirect calls from switch-case x86/retpolines: Disable switch jump tables when retpolines are enabled mm: Fix warning in insert_pfn() Revert "block/loop: Use global lock for ioctl() operation." ipv4: add sanity checks in ipv4_link_failure() mlxsw: spectrum: Fix autoneg status in ethtool net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query net: rds: exchange of 8K and 1M pool net: stmmac: move stmmac_check_ether_addr() to driver probe stmmac: pci: Adjust IOT2000 matching team: fix possible recursive locking when add slaves net/rose: Convert timers to use timer_setup() net/rose: fix unbound loop in rose_loopback_timer() ipv4: set the tcp_min_rtt_wlen range from 0 to one day powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg Documentation: Add nospectre_v1 parameter Linux 4.14.115 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
YueHaibing
|
7a326879fc |
lib/Kconfig.debug: fix build error without CONFIG_BLOCK
commit ae3d6a323347940f0548bbb4b17f0bb2e9164169 upstream. If CONFIG_TEST_KMOD is set to M, while CONFIG_BLOCK is not set, XFS and BTRFS can not be compiled successly. Link: http://lkml.kernel.org/r/20190410075434.35220-1-yuehaibing@huawei.com Fixes: d9c6a72d6fa2 ("kmod: add test driver to stress test the module loader") Signed-off-by: YueHaibing <yuehaibing@huawei.com> Reported-by: Hulk Robot <hulkci@huawei.com> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: Masahiro Yamada <yamada.masahiro@socionext.com> Cc: Petr Mladek <pmladek@suse.com> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Joe Lawrence <joe.lawrence@redhat.com> Cc: Robin Murphy <robin.murphy@arm.com> Cc: Luis Chamberlain <mcgrof@kernel.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
fde41616bc |
This is the 4.14.113 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAly6xv4ACgkQONu9yGCS
aT4RCw/+KeapZUb7jKuLeYCVUiP4NTkLB5TsgxidbaF1wQEpDuMaYXEiZftX0/IN
iCnn6sBO/VIA1l0PA2cGcpBKFRHJVa+tBArj91Z4lJ4eorc0yQDK/iGTjQEZtkHR
DMkMDJ7MTYlvIk97krg26+duVk6FCgy3SYHw8yOMBOI+fZTTmwL6OMMGl9n3MA5Q
tGD+cppZtmsb59wXuEm2AkTnghd+NN2tl8ObKBd2hEym0lLO4gE9bWBwW6+M6eVx
NrEUgHrP0ASXX7kgC6g7liXSuqq15t7GbdJZEXDRFOKgwYK8L15SnYAnYLpjyvnA
1GFSjje/hnFPD5TklNxojOFYT/yQ6a2fZNMb/ZHQMDgzmmXWggG1FXk0f5Otnh/1
2WRvZVPnZI9+GaArzo0uqPAwez7Q7Id5LzfyfZS5tWIyJSgA/pdit1C51vGLe1sB
rmW+QM4DtLh8DLF/Nmpj7AmiwEdpJuAQF5Y4T4LPyXBTSaj1nBPKz77UFfr38Jew
FzrIi9wZGHv48lTniK7wAErwtPcEg63C8WqEkM3W1gMHQWw2N5diN0OdAA5V8+Gt
WF8u2xUtuT44FgOdG94IRwF1tQmJaHZYmJJcx4Bvq9FRTCLCZtMcI3YSkdxRZSB/
YHqjuOuOTH34nnL39vrryw+fyXPp2IQwrsYFiu7UrGR8JiNP3B4=
=uZIa
-----END PGP SIGNATURE-----
Merge 4.14.113 into android-4.14
Changes in 4.14.113
ARC: u-boot args: check that magic number is correct
arc: hsdk_defconfig: Enable CONFIG_BLK_DEV_RAM
perf/core: Restore mmap record type correctly
ext4: add missing brelse() in add_new_gdb_meta_bg()
ext4: report real fs size after failed resize
ALSA: echoaudio: add a check for ioremap_nocache
ALSA: sb8: add a check for request_region
auxdisplay: hd44780: Fix memory leak on ->remove()
IB/mlx4: Fix race condition between catas error reset and aliasguid flows
mmc: davinci: remove extraneous __init annotation
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
thermal/intel_powerclamp: fix __percpu declaration of worker_data
thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs
thermal/int340x_thermal: Add additional UUIDs
thermal/int340x_thermal: fix mode setting
thermal/intel_powerclamp: fix truncated kthread name
scsi: iscsi: flush running unbind operations when removing a session
x86/mm: Don't leak kernel addresses
tools/power turbostat: return the exit status of a command
perf list: Don't forget to drop the reference to the allocated thread_map
perf config: Fix an error in the config template documentation
perf config: Fix a memory leak in collect_config()
perf build-id: Fix memory leak in print_sdt_events()
perf top: Fix error handling in cmd_top()
perf hist: Add missing map__put() in error case
perf evsel: Free evsel->counts in perf_evsel__exit()
perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test
perf tests: Fix memory leak by expr__find_other() in test__expr()
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
irqchip/mbigen: Don't clear eventid when freeing an MSI
x86/hpet: Prevent potential NULL pointer dereference
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure
iommu/vt-d: Check capability before disabling protected memory
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
fix incorrect error code mapping for OBJECTID_NOT_FOUND
ext4: prohibit fstrim in norecovery mode
gpio: pxa: handle corner case of unprobed device
rsi: improve kernel thread handling to fix kernel panic
9p: do not trust pdu content for stat item size
9p locks: add mount option for lock retry interval
f2fs: fix to do sanity check with current segment number
netfilter: xt_cgroup: shrink size of v2 path
serial: uartps: console_setup() can't be placed to init section
powerpc/pseries: Remove prrn_work workqueue
media: au0828: cannot kfree dev before usb disconnect
HID: i2c-hid: override HID descriptors for certain devices
ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
usbip: fix vhci_hcd controller counting
ACPI / SBS: Fix GPE storm on recent MacBookPro's
KVM: nVMX: restore host state in nested_vmx_vmexit for VMFail
compiler.h: update definition of unreachable()
cifs: fallback to older infolevels on findfirst queryinfo retry
kernel: hung_task.c: disable on suspend
crypto: sha256/arm - fix crash bug in Thumb2 build
crypto: sha512/arm - fix crash bug in Thumb2 build
iommu/dmar: Fix buffer overflow during PCI bus notification
soc/tegra: pmc: Drop locking from tegra_powergate_is_powered()
lkdtm: Print real addresses
lkdtm: Add tests for NULL pointer dereference
drm/panel: panel-innolux: set display off in innolux_panel_unprepare
crypto: axis - fix for recursive locking from bottom half
Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk"
coresight: cpu-debug: Support for CA73 CPUs
drm/nouveau/volt/gf117: fix speedo readout register
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
drm/amdkfd: use init_mqd function to allocate object for hid_mqd (CI)
appletalk: Fix use-after-free in atalk_proc_exit
lib/div64.c: off by one in shift
include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
bpf: fix use after free in bpf_evict_inode
dm: disable CRYPTO_TFM_REQ_MAY_SLEEP to fix a GFP_KERNEL recursion deadlock
bpf: reduce verifier memory consumption
bpf: fix verifier memory leaks
bpf: fix verifier NULL pointer dereference
bpf: fix stack state printing in verifier log
bpf: move {prev_,}insn_idx into verifier env
bpf: move tmp variable into ax register in interpreter
bpf: enable access to ax register also from verifier rewrite
bpf: restrict map value pointer arithmetic for unprivileged
bpf: restrict stack pointer arithmetic for unprivileged
bpf: restrict unknown scalars of mixed signed bounds for unprivileged
bpf: fix check_map_access smin_value test when pointer contains offset
bpf: prevent out of bounds speculation on pointer arithmetic
bpf: fix sanitation of alu op with pointer / scalar type from different paths
bpf: fix inner map masking to prevent oob under speculation
bpf: do not restore dst_reg when cur_state is freed
bpf: fix sanitation rewrite in case of non-pointers
bpf: Fix selftests are changes for CVE 2019-7308
net: stmmac: Set dma ring length before enabling the DMA
mm: hide incomplete nr_indirectly_reclaimable in sysfs
appletalk: Fix compile regression
Linux 4.14.113
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Stanislaw Gruszka
|
6dc75ccba5 |
lib/div64.c: off by one in shift
[ Upstream commit cdc94a37493135e355dfc0b0e086d84e3eadb50d ] fls counts bits starting from 1 to 32 (returns 0 for zero argument). If we add 1 we shift right one bit more and loose precision from divisor, what cause function incorect results with some numbers. Corrected code was tested in user-space, see bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202391 Link: http://lkml.kernel.org/r/1548686944-11891-1-git-send-email-sgruszka@redhat.com Fixes: 658716d19f8f ("div64_u64(): improve precision on 32bit platforms") Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Reported-by: Siarhei Volkau <lis8215@gmail.com> Tested-by: Siarhei Volkau <lis8215@gmail.com> Acked-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
ff17dbeb19 |
This is the 4.14.112 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAly2ycMACgkQONu9yGCS aT7C5hAA0R6ogtbWP8zWyYUPC5hMQUW5QZvbtxAYmdqYHaXZMmu6Zpwi4fwjIXTO SZmLYLNdZCo56hVTsyiBNKIK+5MzQLzce4bftnrO7XyMT+qqxFHoIRrb/LZ9g1Zj 51bPQ1ctCRQi1YcCVqcA18MDy2Vm6BvKgFlQt9A6p9anxlnyldsphl5Af9VaSg3W LgMhoDLYUzG2oqKm2GIy9FrTU/rO5i7nVc2sBQKjol/IPlmiHO+dRCLkjTHTTaI/ 35tu0VZD7BUEmOMtZ3CMi3IgYaBF60Ii7JrXi5/UqOP6cVH1ILNm4PLI0lK4lIM2 BsReZtJSDJazQznygvc9o88SCqCR45HF+zAK80z6O9qQAQ4JXEcyA04sD4enJjVC NB5sgzaJtoNvQpEmfkeQXxH96IamiQJW1SiojTjVG+8CFjpsmLyAs1iQSga17hQI ib+aFvZOCodh/a0sA69vho+9bK0Hq7oGXfaew0Tqw/SX40TPrHt2Oyg7SXv9A6ME M+w3a3DtWcKnUTGyEaM5PSWnNLd7QOlZh+JqD7FTKJHoXmW4ImssicPPVAxrVhp+ gsA29FW+RZbgykAFLnSMIsZWaQwRq54wRER/yFOYeAydmOJkQorja6i7iEClohFD Bgd91KAzCHiBuAe12mdWhhcsR/wcJ6+SPlwst6DrJ7ZIQJJYORo= =HUau -----END PGP SIGNATURE----- Merge 4.14.112 into android-4.14 Changes in 4.14.112 net: sfp: move sfp_register_socket call from sfp_remove to sfp_probe x86/power: Fix some ordering bugs in __restore_processor_context() x86/power/64: Use struct desc_ptr for the IDT in struct saved_context x86/power/32: Move SYSENTER MSR restoration to fix_processor_context() x86/power: Make restore_processor_context() sane drm/i915/gvt: do not let pin count of shadow mm go negative powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD x86: vdso: Use $LD instead of $CC to link x86/vdso: Drop implicit common-page-size linker flag lib/string.c: implement a basic bcmp stating: ccree: revert "staging: ccree: fix leak of import() after init()" arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region tty: mark Siemens R3964 line discipline as BROKEN tty: ldisc: add sysctl to prevent autoloading of ldiscs ipv6: Fix dangling pointer when ipv6 fragment ipv6: sit: reset ip header pointer in ipip6_rcv kcm: switch order of device registration to fix a crash net-gro: Fix GRO flush when receiving a GSO packet. net/mlx5: Decrease default mr cache size net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock(). net/sched: fix ->get helper of the matchall cls openvswitch: fix flow actions reallocation qmi_wwan: add Olicard 600 sctp: initialize _pad of sockaddr_in before copying to user memory tcp: Ensure DCTCP reacts to losses vrf: check accept_source_route on the original netdevice net/mlx5e: Fix error handling when refreshing TIRs net/mlx5e: Add a lock on tir list nfp: validate the return code from dev_queue_xmit() bnxt_en: Improve RX consumer index validity check. bnxt_en: Reset device on RX buffer errors. net/sched: act_sample: fix divide by zero in the traffic path netns: provide pure entropy for net_hash_mix() net: ethtool: not call vzalloc for zero sized memory request ALSA: seq: Fix OOB-reads from strlcpy ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type hv_netvsc: Fix unwanted wakeup after tx_disable arm64: dts: rockchip: fix rk3328 sdmmc0 write errors parisc: Detect QEMU earlier in boot process parisc: regs_return_value() should return gpr28 alarmtimer: Return correct remaining time drm/udl: add a release method and delay modeset teardown include/linux/bitrev.h: fix constant bitrev ASoC: fsl_esai: fix channel swap issue when stream starts Btrfs: do not allow trimming when a fs is mounted with the nologreplay option btrfs: prop: fix zstd compression parameter validation btrfs: prop: fix vanished compression property after failed set block: do not leak memory in bio_copy_user_iov() block: fix the return errno for direct IO genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n virtio: Honour 'may_reduce_num' in vring_create_virtqueue ARM: dts: am335x-evmsk: Correct the regulators for the audio codec ARM: dts: am335x-evm: Correct the regulators for the audio codec ARM: dts: at91: Fix typo in ISC_D0 on PC9 arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value arm64: dts: rockchip: fix rk3328 rgmii high tx error rate arm64: backtrace: Don't bother trying to unwind the userspace stack xen: Prevent buffer overflow in privcmd ioctl sched/fair: Do not re-read ->h_load_next during hierarchical load calculation xtensa: fix return_address x86/perf/amd: Resolve race condition when disabling PMC x86/perf/amd: Resolve NMI latency issues for active PMCs x86/perf/amd: Remove need to check "running" bit in NMI handler PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors arm64: dts: rockchip: fix vcc_host1_5v pin assign on rk3328-rock64 arm64: dts: rockchip: Fix vcc_host1_5v GPIO polarity on rk3328-rock64 Linux 4.14.112 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Nick Desaulniers
|
56dbdae0c4 |
lib/string.c: implement a basic bcmp
[ Upstream commit 5f074f3e192f10c9fade898b9b3b8812e3d83342 ]
A recent optimization in Clang (r355672) lowers comparisons of the
return value of memcmp against zero to comparisons of the return value
of bcmp against zero. This helps some platforms that implement bcmp
more efficiently than memcmp. glibc simply aliases bcmp to memcmp, but
an optimized implementation is in the works.
This results in linkage failures for all targets with Clang due to the
undefined symbol. For now, just implement bcmp as a tailcail to memcmp
to unbreak the build. This routine can be further optimized in the
future.
Other ideas discussed:
* A weak alias was discussed, but breaks for architectures that define
their own implementations of memcmp since aliases to declarations are
not permitted (only definitions). Arch-specific memcmp
implementations typically declare memcmp in C headers, but implement
them in assembly.
* -ffreestanding also is used sporadically throughout the kernel.
* -fno-builtin-bcmp doesn't work when doing LTO.
Link: https://bugs.llvm.org/show_bug.cgi?id=41035
Link: https://code.woboq.org/userspace/glibc/string/memcmp.c.html#bcmp
Link:
|
||
|
Greg Kroah-Hartman
|
171fc237b3 |
This is the 4.14.111 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlynuywACgkQONu9yGCS aT4XGg/9GLwb77V/72a76DfadTeygFT80UZTrIuvIRLUI5T7Hrn89ZuhFRq8EK0C 5qW1OzrKsioNO/7aniz2bArll+uK5Bln1ENX2+xD76b1ZHfK78Z2sKCXx7Z/eBkG qoa+GONc0vhboqIBz7vEf/O0d+kPlXjfzwBR/fPFXGPk1L87ZRD/ISDtg7z6nECL rghvcGhdHnebDJXfJ8BC/kTaj9Ftk0dZR2tqwWW0wV21QpFKyD/8JDbnQI7cVfKu 30gUlBclFilISZBckwTbFb8t2FQfYvAgvORmeSftsgzrrzrvH8IhWpHh3egj/YOU jOS6sE/FU59KVY4+D59HOVne+K+rLfbPN1xeY9TfcwbfwPfYr1c1NzWd+aZ3+cQ/ IasZ/oAWgNUzBwb8+rpySq9nFaXQhxQ+W1fkCR1MqADLaFLiDRXhCenBIki3YyU8 opyNgpFB3rNgkTYTNxL/wofmUBGec3+9Ir3Rs6NlVkw0ucOvlebRWcU1gQugz5QX l6u0D3B5V7Jee5zjFwIYhK0EhiHsku+X8MOmkgFQTzz6kG9xT3xyamd+woqOT7kZ f8Fve14o4YCugpllxUym+2WtxNZK8jN4UhBMzjYaV8pdR+G+fZE+j9ELjmEGnDc7 E2dsJZCquLtTxa7Gu0ZL9XedCVle3tF6JThUvWtD76mWDXJ5dis= =uoou -----END PGP SIGNATURE----- Merge 4.14.111 into android-4.14 Changes in 4.14.111 arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals ext4: cleanup bh release code in ext4_ind_remove_space() lib/int_sqrt: optimize initial value compute tty/serial: atmel: Add is_half_duplex helper tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified CIFS: fix POSIX lock leak and invalid ptr deref h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux- f2fs: fix to avoid deadlock in f2fs_read_inline_dir() tracing: kdb: Fix ftdump to not sleep net/mlx5: Avoid panic when setting vport rate net/mlx5: Avoid panic when setting vport mac, getting vport config gpio: gpio-omap: fix level interrupt idling include/linux/relay.h: fix percpu annotation in struct rchan sysctl: handle overflow for file-max enic: fix build warning without CONFIG_CPUMASK_OFFSTACK scsi: hisi_sas: Set PHY linkrate when disconnected iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver perf c2c: Fix c2c report for empty numa node mm/cma.c: cma_declare_contiguous: correct err handling mm/page_ext.c: fix an imbalance with kmemleak mm, mempolicy: fix uninit memory access mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! mm/slab.c: kmemleak no scan alien caches ocfs2: fix a panic problem caused by o2cb_ctl f2fs: do not use mutex lock in atomic context fs/file.c: initialize init_files.resize_wait page_poison: play nicely with KASAN cifs: use correct format characters dm thin: add sanity checks to thin-pool and external snapshot creation cifs: Fix NULL pointer dereference of devname jbd2: fix invalid descriptor block checksum fs: fix guard_bio_eod to check for real EOD errors tools lib traceevent: Fix buffer overflow in arg_eval PCI/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() wil6210: check null pointer in _wil_cfg80211_merge_extra_ies crypto: crypto4xx - add missing of_node_put after of_device_is_available crypto: cavium/zip - fix collision with generic cra_driver_name usb: chipidea: Grab the (legacy) USB PHY by phandle first scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc coresight: etm4x: Add support to enable ETMv4.2 serial: 8250_pxa: honor the port number from devicetree ARM: 8840/1: use a raw_spinlock_t in unwind iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback mmc: omap: fix the maximum timeout setting e1000e: Fix -Wformat-truncation warnings mlxsw: spectrum: Avoid -Wformat-truncation warnings IB/mlx4: Increase the timeout for CM cache clk: fractional-divider: check parent rate only if flag is set cpufreq: acpi-cpufreq: Report if CPU doesn't support boost technologies efi: cper: Fix possible out-of-bounds access scsi: megaraid_sas: return error when create DMA pool failed scsi: fcoe: make use of fip_mode enum complete perf test: Fix failure of 'evsel-tp-sched' test on s390 SoC: imx-sgtl5000: add missing put_device() media: sh_veu: Correct return type for mem2mem buffer helpers media: s5p-jpeg: Correct return type for mem2mem buffer helpers media: s5p-g2d: Correct return type for mem2mem buffer helpers media: mx2_emmaprp: Correct return type for mem2mem buffer helpers media: mtk-jpeg: Correct return type for mem2mem buffer helpers vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 HID: intel-ish-hid: avoid binding wrong ishtp_cl_device jbd2: fix race when writing superblock leds: lp55xx: fix null deref on firmware load failure iwlwifi: pcie: fix emergency path ACPI / video: Refactor and fix dmi_is_desktop() kprobes: Prohibit probing on bsearch() netfilter: conntrack: fix cloned unconfirmed skb->_nfct race in __nf_conntrack_confirm ARM: 8833/1: Ensure that NEON code always compiles with Clang ALSA: PCM: check if ops are defined before suspending PCM usb: f_fs: Avoid crash due to out-of-scope stack ptr access sched/topology: Fix percpu data types in struct sd_data & struct s_data bcache: fix input overflow to cache set sysfs file io_error_halflife bcache: fix input overflow to sequential_cutoff bcache: improve sysfs_strtoul_clamp() genirq: Avoid summation loops for /proc/stat iw_cxgb4: fix srqidx leak during connection abort fbdev: fbmem: fix memory access if logo is bigger than the screen cdrom: Fix race condition in cdrom_sysctl_register e1000e: fix cyclic resets at link up with active tx platform/x86: intel_pmc_core: Fix PCH IP sts reading ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe sched/debug: Initialize sd_sysctl_cpus if !CONFIG_CPUMASK_OFFSTACK efi/memattr: Don't bail on zero VA if it equals the region's PA ARM: dts: lpc32xx: Remove leading 0x and 0s from bindings notation efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted soc: qcom: gsbi: Fix error handling in gsbi_probe() mt7601u: bump supported EEPROM version ARM: 8830/1: NOMMU: Toggle only bits in EXC_RETURN we are really care of ARM: avoid Cortex-A9 livelock on tight dmb loops bpf: fix missing prototype warnings cgroup/pids: turn cgroup_subsys->free() into cgroup_subsys->release() to fix the accounting backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial state tty: increase the default flip buffer limit to 2*640K powerpc/pseries: Perform full re-add of CPU for topology update post-migration usb: dwc3: gadget: Fix OTG events when gadget driver isn't loaded media: mt9m111: set initial frame size other than 0x0 hwrng: virtio - Avoid repeated init of completion soc/tegra: fuse: Fix illegal free of IO base address HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable cpu/hotplug: Mute hotplug lockdep during init dmaengine: imx-dma: fix warning comparison of distinct pointer types dmaengine: qcom_hidma: assign channel cookie correctly dmaengine: qcom_hidma: initialize tx flags in hidma_prep_dma_* netfilter: physdev: relax br_netfilter dependency media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting drm: Auto-set allow_fb_modifiers when given modifiers at plane init drm/nouveau: Stop using drm_crtc_force_disable x86/build: Specify elf_i386 linker emulation explicitly for i386 objects selinux: do not override context on context mounts wlcore: Fix memory leak in case wl12xx_fetch_firmware failure x86/build: Mark per-CPU symbols as absolute explicitly for LLD clk: rockchip: fix frac settings of GPLL clock for rk3328 dmaengine: tegra: avoid overflow of byte tracking drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers ACPI / video: Extend chassis-type detection with a "Lunch Box" check Linux 4.14.111 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Nathan Chancellor
|
416b593a22 |
ARM: 8833/1: Ensure that NEON code always compiles with Clang
[ Upstream commit de9c0d49d85dc563549972edc5589d195cd5e859 ]
While building arm32 allyesconfig, I ran into the following errors:
arch/arm/lib/xor-neon.c:17:2: error: You should compile this file with
'-mfloat-abi=softfp -mfpu=neon'
In file included from lib/raid6/neon1.c:27:
/home/nathan/cbl/prebuilt/lib/clang/8.0.0/include/arm_neon.h:28:2:
error: "NEON support not enabled"
Building V=1 showed NEON_FLAGS getting passed along to Clang but
__ARM_NEON__ was not getting defined. Ultimately, it boils down to Clang
only defining __ARM_NEON__ when targeting armv7, rather than armv6k,
which is the '-march' value for allyesconfig.
>From lib/Basic/Targets/ARM.cpp in the Clang source:
// This only gets set when Neon instructions are actually available, unlike
// the VFP define, hence the soft float and arch check. This is subtly
// different from gcc, we follow the intent which was that it should be set
// when Neon instructions are actually available.
if ((FPU & NeonFPU) && !SoftFloat && ArchVersion >= 7) {
Builder.defineMacro("__ARM_NEON", "1");
Builder.defineMacro("__ARM_NEON__");
// current AArch32 NEON implementations do not support double-precision
// floating-point even when it is present in VFP.
Builder.defineMacro("__ARM_NEON_FP",
"0x" + Twine::utohexstr(HW_FP & ~HW_FP_DP));
}
Ard Biesheuvel recommended explicitly adding '-march=armv7-a' at the
beginning of the NEON_FLAGS definitions so that __ARM_NEON__ always gets
definined by Clang. This doesn't functionally change anything because
that code will only run where NEON is supported, which is implicitly
armv7.
Link: https://github.com/ClangBuiltLinux/linux/issues/287
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Acked-by: Nicolas Pitre <nico@linaro.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Andrea Righi
|
e62824d1f8 |
kprobes: Prohibit probing on bsearch()
[ Upstream commit 02106f883cd745523f7766d90a739f983f19e650 ]
Since kprobe breakpoing handler is using bsearch(), probing on this
routine can cause recursive breakpoint problem.
int3
->do_int3()
->ftrace_int3_handler()
->ftrace_location()
->ftrace_location_range()
->bsearch() -> int3
Prohibit probing on bsearch().
Signed-off-by: Andrea Righi <righi.andrea@gmail.com>
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/154998813406.31052.8791425358974650922.stgit@devbox
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Peter Zijlstra
|
083aa6a5d3 |
lib/int_sqrt: optimize initial value compute
commit f8ae107eef209bff29a5816bc1aad40d5cd69a80 upstream.
The initial value (@m) compute is:
m = 1UL << (BITS_PER_LONG - 2);
while (m > x)
m >>= 2;
Which is a linear search for the highest even bit smaller or equal to @x
We can implement this using a binary search using __fls() (or better when
its hardware implemented).
m = 1UL << (__fls(x) & ~1UL);
Especially for small values of @x; which are the more common arguments
when doing a CDF on idle times; the linear search is near to worst case,
while the binary search of __fls() is a constant 6 (or 5 on 32bit)
branches.
cycles: branches: branch-misses:
PRE:
hot: 43.633557 +- 0.034373 45.333132 +- 0.002277 0.023529 +- 0.000681
cold: 207.438411 +- 0.125840 45.333132 +- 0.002277 6.976486 +- 0.004219
SOFTWARE FLS:
hot: 29.576176 +- 0.028850 26.666730 +- 0.004511 0.019463 +- 0.000663
cold: 165.947136 +- 0.188406 26.666746 +- 0.004511 6.133897 +- 0.004386
HARDWARE FLS:
hot: 24.720922 +- 0.025161 20.666784 +- 0.004509 0.020836 +- 0.000677
cold: 132.777197 +- 0.127471 20.666776 +- 0.004509 5.080285 +- 0.003874
Averages computed over all values <128k using a LFSR to generate order.
Cold numbers have a LFSR based branch trace buffer 'confuser' ran between
each int_sqrt() invocation.
Link: http://lkml.kernel.org/r/20171020164644.936577234@infradead.org
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Suggested-by: Joe Perches <joe@perches.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Anshul Garg <aksgarg1989@gmail.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: David Miller <davem@davemloft.net>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Matthew Wilcox <mawilcox@microsoft.com>
Cc: Michael Davidson <md@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Joe Perches <joe@perches.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
588c629944 |
This is the 4.14.110 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlykNbEACgkQONu9yGCS aT5HyQ//X23Zk/FFcyVZv3U/CTmuLGDyLDiVFAKoGwngGhYVSpH5LuF7al/Csihc pKiwi+oz3qj89+/Rx3OvtHUTnIE2sBcuN0nBclwHY+5uTmv6m9a358/LPRWEDl19 HUSFwrRS0bmOcrG5W+p+XSQ/VBv/UhigLQ5PJ9ezvcgUW/kh0SuVd0FTUGxse8wi jaJSaKISSHtwoqoWjLUHeyWR+pl8rRZx6ujfcQXl9+0Ei9Rl/osDezexDNfaoKBA CGHYdFNVlYMhPIO0Z5X0jsIUUnCn5DwmHEFqjQsPq49y1sJhd5yCTciF0VtMaFQm r1+VCNXTEWaEOrHrL8DzkOKXm+mKjY72P1tsodpjGwBb1y1gEtQwH3jf9jhUQvrh 0/YN39BKjE5f0X4Nusri35r+8DgjK9aab5AlMBezIm8luTAkQzfsWjrdo7N00szc GmlxSyqsaMwU9KUPEUD/ILlJaxvTX8eKZtOPourpmVileEjQ5lQvFtu4b8OWgDs3 5UdPbDiaYcQAMTbcJQ4z8DNwOoW9/OHGY2YmOdvbqamRr7T25Eku9v5yjLnR7mIm F1kkx5fhPkMd/zfM27hEavNcpq5sojCCccsm8IwuOcKZxytONpWnDbcVLT7znGEt WArxqoxHfnJ5IbxXSb5xCQdhNg/Fe7JvcF6ztM+C5oy0J7e3Erw= =de4i -----END PGP SIGNATURE----- Merge 4.14.110 into android-4.14 Changes in 4.14.110 Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer video: fbdev: Set pixclock = 0 in goldfishfb stmmac: copy unicast mac address to MAC registers dccp: do not use ipv6 header for ipv4 flow genetlink: Fix a memory leak on error path mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S net: datagram: fix unbounded loop in __skb_try_recv_datagram() net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec net: rose: fix a possible stack overflow net: stmmac: fix memory corruption with large MTUs net-sysfs: call dev_hold if kobject_init_and_add success packets: Always register packet sk in the same order rhashtable: Still do rehash when we get EEXIST tcp: do not use ipv6 header for ipv4 flow thunderx: enable page recycling for non-XDP case thunderx: eliminate extra calls to put_page() for pages held for recycling vxlan: Don't call gro_cells_destroy() before device is unregistered sctp: get sctphdr by offset in sctp_compute_cksum net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 mac8390: Fix mmio access size probe tun: properly test for IFF_UP tun: add a missing rcu_read_unlock() in error path powerpc/64s: Add support for ori barrier_nospec patching powerpc/64s: Patch barrier_nospec in modules powerpc/64s: Enable barrier_nospec based on firmware settings powerpc: Use barrier_nospec in copy_from_user() powerpc/64: Use barrier_nospec in syscall entry powerpc/64s: Enhance the information in cpu_show_spectre_v1() powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 powerpc/64: Disable the speculation barrier from the command line powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC powerpc/64: Call setup_barrier_nospec() from setup_arch() powerpc/64: Make meltdown reporting Book3S 64 specific powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms powerpc/asm: Add a patch_site macro & helpers for patching instructions powerpc/64s: Add new security feature flags for count cache flush powerpc/64s: Add support for software count cache flush powerpc/pseries: Query hypervisor for count cache flush settings powerpc/powernv: Query firmware for count cache flush settings powerpc/fsl: Add infrastructure to fixup branch predictor flush powerpc/fsl: Add macro to flush the branch predictor powerpc/fsl: Fix spectre_v2 mitigations reporting powerpc/fsl: Emulate SPRN_BUCSR register powerpc/fsl: Add nospectre_v2 command line argument powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) powerpc/fsl: Flush branch predictor when entering KVM powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used powerpc/fsl: Update Spectre v2 reporting powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' powerpc/fsl: Fix the flush of branch predictor. powerpc/security: Fix spectre_v2 reporting Btrfs: fix incorrect file size after shrinking truncate and fsync btrfs: remove WARN_ON in log_dir_items btrfs: raid56: properly unmap parity page in finish_parity_scrub() ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time powerpc: bpf: Fix generation of load/store DW instructions NFSv4.1 don't free interrupted slot on open net: dsa: qca8k: remove leftover phy accessors ALSA: rawmidi: Fix potential Spectre v1 vulnerability ALSA: seq: oss: Fix Spectre v1 vulnerability ALSA: pcm: Fix possible OOB access in PCM oss plugins ALSA: pcm: Don't suspend stream in unrecoverable PCM state ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB kbuild: modversions: Fix relative CRC byte order interpretation fs/open.c: allow opening only regular files during execve() ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock scsi: sd: Fix a race between closing an sd device and sd I/O scsi: sd: Quiesce warning if device does not report optimal I/O size scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices tty: atmel_serial: fix a potential NULL pointer dereference staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest staging: vt6655: Remove vif check from vnt_interrupt staging: vt6655: Fix interrupt race condition on device start up. serial: max310x: Fix to avoid potential NULL pointer dereference serial: sh-sci: Fix setting SCSCR_TIE while transferring data USB: serial: cp210x: add new device id USB: serial: ftdi_sio: add additional NovaTech products USB: serial: mos7720: fix mos_parport refcount imbalance on error path USB: serial: option: set driver_info for SIM5218 and compatibles USB: serial: option: add support for Quectel EM12 USB: serial: option: add Olicard 600 Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links drm/vgem: fix use-after-free when drm_gem_handle_create() fails gpio: exar: add a check for the return value of ida_simple_get fails gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs usb: mtu3: fix EXTCON dependency USB: gadget: f_hid: fix deadlock in f_hidg_write() usb: common: Consider only available nodes for dr_mode usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk xhci: Fix port resume done detection for SS ports with LPM enabled usb: cdc-acm: fix race during wakeup blocking TX traffic mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate perf intel-pt: Fix TSC slip cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y KVM: Reject device ioctls from processes other than the VM's creator KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts Revert "USB: core: only clean up what we allocated" vfio: ccw: only free cp on final interrupt Linux 4.14.110 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Herbert Xu
|
9f6e90284f |
rhashtable: Still do rehash when we get EEXIST
[ Upstream commit 408f13ef358aa5ad56dc6230c2c7deb92cf462b1 ]
As it stands if a shrink is delayed because of an outstanding
rehash, we will go into a rescheduling loop without ever doing
the rehash.
This patch fixes this by still carrying out the rehash and then
rescheduling so that we can shrink after the completion of the
rehash should it still be necessary.
The return value of EEXIST captures this case and other cases
(e.g., another thread expanded/rehashed the table at the same
time) where we should still proceed with the rehash.
Fixes: da20420f83ea ("rhashtable: Add nested tables")
Reported-by: Josh Elsasser <jelsasser@appneta.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Josh Elsasser <jelsasser@appneta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
80571db8bc |
This is the 4.14.109 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlybBpQACgkQONu9yGCS aT4EthAAu0ZHorEo34Ws8VShc5l3/DN/hFP2a/Gv53qQzF4vjp1Tsw6mDH5B6BJP 4Dce05pDYeTXec9+2dHO8p3lumB4V+7M9RuiWaD/CPIVaNL+ahjU5hKBsgVx8KdM sTBnCm15jx/7bK8qqHr2I8DeOPzIJmUugRqvpF2aFmIvRySakmTiI7euWcRFwCIq X/3mdqDpAuXHTnfbKMugKRGnagWy2JFBQtwT6HTh9VF0Zjyi0BTGjdyCq0HZ03o9 NhgVcfu3SFiHGQ1rCGwP1frKPnVpGG95i8eb4j4V0rMdg5AmAjQOqr6tAHa++60H b7UzrRgfvHvDcV7aTjBgdxDgWvSqs4p/8LwhhYHGq0fAqcRiAZAgZqPoKB8HKPSe vQaPL+EdiXCNGm514DyP4cDZwAbcXk7xYp6xCzivlj0VNiTFm7ehfkFDLZZn01l6 s06aVfTlu8yxZDFMO0WAKm9D9pM7TB019qjrhWSwj2bqLVE9mkQ4kfCsOp3eQuYR qhmmgvprJ6WQUVJ7wbcFadsl4xOqyhNWW4bawuHtLlcueGLPawhhPeEdWrZ8Ax4q zCj+weIGw2wgQS6wi1g/Eh5igLi+2ITbkIrljpKzTXgxbUFrwODt5ylg8EXwlixC LXXgwEI61UwkNjuN7f6dvbfagYfsr2DnhaxgB40bjfY8eB6L9uk= =Ur6G -----END PGP SIGNATURE----- Merge 4.14.109 into android-4.14 Changes in 4.14.109 mmc: pxamci: fix enum type confusion drm/vmwgfx: Don't double-free the mode stored in par->set_mode iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE libceph: wait for latest osdmap in ceph_monc_blacklist_add() udf: Fix crash on IO error during truncate mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction. MIPS: Ensure ELF appended dtb is relocated MIPS: Fix kernel crash for R6 in jump label branch function scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton scsi: ibmvscsi: Fix empty event pool access during host removal futex: Ensure that futex address is aligned in handle_futex_death() perf probe: Fix getting the kernel map objtool: Move objtool_file struct off the stack ALSA: x86: Fix runtime PM for hdmi-lpe-audio ext4: fix NULL pointer dereference while journal is aborted ext4: fix data corruption caused by unaligned direct AIO ext4: brelse all indirect buffer in ext4_ind_remove_space() media: v4l2-ctrls.c/uvc: zero v4l2_event Bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() Bluetooth: Fix decrementing reference count twice in releasing socket Bluetooth: hci_ldisc: Initialize hci_dev before open() Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() drm: Reorder set_property_atomic to avoid returning with an active ww_ctx netfilter: ebtables: remove BUGPRINT messages x86/unwind: Handle NULL pointer calls better in frame unwinder x86/unwind: Add hardcoded ORC entry for NULL locking/lockdep: Add debug_locks check in __lock_downgrade() ALSA: hda - Record the current power state before suspend/resume calls ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec lib/int_sqrt: optimize small argument USB: core: only clean up what we allocated scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 PCI: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits PCI: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable PCI: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() rtc: Fix overflow when converting time64_t to rtc_time sched/cpufreq/schedutil: Fix error path mutex unlock pwm-backlight: Enable/disable the PWM before/after LCD enable toggle. power: supply: charger-manager: Fix incorrect return value ath10k: avoid possible string overflow Linux 4.14.109 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Tobin C. Harding
|
b27ce7346e |
UPSTREAM: vsprintf: add printk specifier %px
printk specifier %p now hashes all addresses before printing. Sometimes we need to see the actual unmodified address. This can be achieved using %lx but then we face the risk that if in future we want to change the way the Kernel handles printing of pointers we will have to grep through the already existent 50 000 %lx call sites. Let's add specifier %px as a clear, opt-in, way to print a pointer and maintain some level of isolation from all the other hex integer output within the Kernel. Add printk specifier %px to print the actual unmodified address. Signed-off-by: Tobin C. Harding <me@tobin.cc> (cherry picked from commit 7b1924a1d930eb27fc79c4e4e2a6c1c970623e68) Signed-off-by: Sandeep Patil <sspatil@android.com> Bug: 78533979 Test: Build and boot cuttlefish Change-Id: I3fe64ef81cfb62d49822511cf8087e17abc6da37 |
||
|
Tobin C. Harding
|
d3ad09e4f7 |
UPSTREAM: printk: hash addresses printed with %p
Currently there exist approximately 14 000 places in the kernel where
addresses are being printed using an unadorned %p. This potentially
leaks sensitive information regarding the Kernel layout in memory. Many
of these calls are stale, instead of fixing every call lets hash the
address by default before printing. This will of course break some
users, forcing code printing needed addresses to be updated.
Code that _really_ needs the address will soon be able to use the new
printk specifier %px to print the address.
For what it's worth, usage of unadorned %p can be broken down as
follows (thanks to Joe Perches).
$ git grep -E '%p[^A-Za-z0-9]' | cut -f1 -d"/" | sort | uniq -c
1084 arch
20 block
10 crypto
32 Documentation
8121 drivers
1221 fs
143 include
101 kernel
69 lib
100 mm
1510 net
40 samples
7 scripts
11 security
166 sound
152 tools
2 virt
Add function ptr_to_id() to map an address to a 32 bit unique
identifier. Hash any unadorned usage of specifier %p and any malformed
specifiers.
Signed-off-by: Tobin C. Harding <me@tobin.cc>
(cherry picked from commit ad67b74d2469d9b82aaa572d76474c95bc484d57)
Signed-off-by: Sandeep Patil <sspatil@android.com>
Bug: 78533979
Test: Build and boot cuttlefish
Test: CONFIG_TEST_PRINTF
Change-Id: I9aa3dea0d40a13f5c858ad2253a8a712195ab1d5
|
||
|
Tobin C. Harding
|
3a8bb21cd5 |
UPSTREAM: vsprintf: refactor %pK code out of pointer()
Currently code to handle %pK is all within the switch statement in pointer(). This is the wrong level of abstraction. Each of the other switch clauses call a helper function, pK should do the same. Refactor code out of pointer() to new function restricted_pointer(). Signed-off-by: Tobin C. Harding <me@tobin.cc> (cherry picked from commit 57e734423adda83f3b05505875343284efe3b39c) Signed-off-by: Sandeep Patil <sspatil@android.com> Bug: 78533979 Test: Build and boot cuttlefish Change-Id: Ie78731eb52813a696a33d831b52ae7542ab2a90f |
||
|
Peter Zijlstra
|
aab8621776 |
lib/int_sqrt: optimize small argument
commit 3f3295709edea6268ff1609855f498035286af73 upstream.
The current int_sqrt() computation is sub-optimal for the case of small
@x. Which is the interesting case when we're going to do cumulative
distribution functions on idle times, which we assume to be a random
variable, where the target residency of the deepest idle state gives an
upper bound on the variable (5e6ns on recent Intel chips).
In the case of small @x, the compute loop:
while (m != 0) {
b = y + m;
y >>= 1;
if (x >= b) {
x -= b;
y += m;
}
m >>= 2;
}
can be reduced to:
while (m > x)
m >>= 2;
Because y==0, b==m and until x>=m y will remain 0.
And while this is computationally equivalent, it runs much faster
because there's less code, in particular less branches.
cycles: branches: branch-misses:
OLD:
hot: 45.109444 +- 0.044117 44.333392 +- 0.002254 0.018723 +- 0.000593
cold: 187.737379 +- 0.156678 44.333407 +- 0.002254 6.272844 +- 0.004305
PRE:
hot: 67.937492 +- 0.064124 66.999535 +- 0.000488 0.066720 +- 0.001113
cold: 232.004379 +- 0.332811 66.999527 +- 0.000488 6.914634 +- 0.006568
POST:
hot: 43.633557 +- 0.034373 45.333132 +- 0.002277 0.023529 +- 0.000681
cold: 207.438411 +- 0.125840 45.333132 +- 0.002277 6.976486 +- 0.004219
Averages computed over all values <128k using a LFSR to generate order.
Cold numbers have a LFSR based branch trace buffer 'confuser' ran between
each int_sqrt() invocation.
Link: http://lkml.kernel.org/r/20171020164644.876503355@infradead.org
Fixes: 30493cc9dddb ("lib/int_sqrt.c: optimize square root algorithm")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Suggested-by: Anshul Garg <aksgarg1989@gmail.com>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Joe Perches <joe@perches.com>
Cc: David Miller <davem@davemloft.net>
Cc: Matthew Wilcox <mawilcox@microsoft.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Michael Davidson <md@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|