mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
51477 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
qctecmdr Service
|
f29e796dd9 | Merge "Merge android-4.14.43 (4c9e0a9) into msm-4.14" | ||
Blagovest Kolenichev
|
0e1a219e24 |
Merge android-4.14.43 (4c9e0a9) into msm-4.14
* refs/heads/tmp-4c9e0a9
Linux 4.14.43
x86/bugs: Rename SSBD_NO to SSB_NO
KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
x86/bugs: Rework spec_ctrl base and mask logic
x86/bugs: Remove x86_spec_ctrl_set()
x86/bugs: Expose x86_spec_ctrl_base directly
x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
x86/speculation: Rework speculative_store_bypass_update()
x86/speculation: Add virtualized speculative store bypass disable support
x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
x86/speculation: Handle HT correctly on AMD
x86/cpufeatures: Add FEATURE_ZEN
x86/cpufeatures: Disentangle SSBD enumeration
x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
KVM: SVM: Move spec control call after restore of GS
x86/cpu: Make alternative_msr_write work for 32-bit code
x86/bugs: Fix the parameters alignment and missing void
x86/bugs: Make cpu_show_common() static
x86/bugs: Fix __ssb_select_mitigation() return type
Documentation/spec_ctrl: Do some minor cleanups
proc: Use underscores for SSBD in 'status'
x86/bugs: Rename _RDS to _SSBD
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
seccomp: Move speculation migitation control to arch code
seccomp: Add filter flag to opt-out of SSB mitigation
seccomp: Use PR_SPEC_FORCE_DISABLE
prctl: Add force disable speculation
x86/bugs: Make boot modes __ro_after_init
seccomp: Enable speculation flaw mitigations
proc: Provide details on speculation flaw mitigations
nospec: Allow getting/setting on non-current task
x86/speculation: Add prctl for Speculative Store Bypass mitigation
x86/process: Allow runtime control of Speculative Store Bypass
prctl: Add speculation control prctls
x86/speculation: Create spec-ctrl.h to avoid include hell
x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
x86/bugs: Whitelist allowed SPEC_CTRL MSR values
x86/bugs/intel: Set proper CPU features and setup RDS
x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation
x86/cpufeatures: Add X86_FEATURE_RDS
x86/bugs: Expose /sys/../spec_store_bypass
x86/bugs, KVM: Support the combination of guest and host IBRS
x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
x86/bugs: Concentrate bug reporting into a separate function
x86/bugs: Concentrate bug detection into a separate function
x86/nospec: Simplify alternative_msr_write()
btrfs: fix reading stale metadata blocks after degraded raid1 mounts
btrfs: Fix delalloc inodes invalidation during transaction abort
btrfs: Split btrfs_del_delalloc_inode into 2 functions
btrfs: fix crash when trying to resume balance without the resume flag
btrfs: property: Set incompat flag if lzo/zstd compression is set
Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting
Btrfs: fix xattr loss after power failure
ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
tick/broadcast: Use for_each_cpu() specially on UP kernels
x86/mm: Drop TS_COMPAT on 64-bit exec() syscall
ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
x86/pkeys: Do not special case protection key 0
x86/pkeys: Override pkey when moving away from PROT_EXEC
s390: remove indirect branch from do_softirq_own_stack
s390/qdio: don't release memory in qdio_setup_irq()
s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
s390/qdio: fix access to uninitialized qdio_q fields
drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk
mm: don't allow deferred pages with NEED_PER_CPU_KM
radix tree: fix multi-order iteration race
lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly
drm: Match sysfs name in link removal to link creation
powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
i2c: designware: fix poll-after-enable regression
netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6}
netfilter: nf_tables: can't fail after linking rule into active rule list
netfilter: nf_tables: free set name in error path
tee: shm: fix use-after-free via temporarily dropped reference
tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
vfio: ccw: fix cleanup if cp_prefetch fails
powerpc: Don't preempt_disable() in show_cpuinfo()
KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock
KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls
spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL
spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master
spi: pxa2xx: Allow 64-bit DMA
ALSA: control: fix a redundant-copy issue
ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
ALSA: usb: mixer: volume quirk for CM102-A+/102S+
usbip: usbip_host: fix bad unlock balance during stub_probe()
usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
usbip: usbip_host: run rebind from exit when module is removed
usbip: usbip_host: delete device from busid_table after rebind
usbip: usbip_host: refine probe and disconnect debug msgs to be useful
Linux 4.14.42
proc: do not access cmdline nor environ from file-backed areas
l2tp: revert "l2tp: fix missing print session offset info"
xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
btrfs: Take trans lock before access running trans in check_delayed_ref
xfrm: Use __skb_queue_tail in xfrm_trans_queue
scsi: aacraid: Correct hba_send to include iu_type
udp: fix SO_BINDTODEVICE
nsh: fix infinite loop
net/mlx5e: Allow offloading ipv4 header re-write for icmp
ipv6: fix uninit-value in ip6_multipath_l3_keys()
hv_netvsc: set master device
net/mlx5: Avoid cleaning flow steering table twice during error flow
net/mlx5e: TX, Use correct counter in dma_map error flow
net: sched: fix error path in tcf_proto_create() when modules are not configured
bonding: send learning packets for vlans on slave
bonding: do not allow rlb updates to invalid mac
tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
tcp: ignore Fast Open on repair mode
tcp_bbr: fix to zero idle_restart only upon S/ACKed data
sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
sctp: fix the issue that the cookie-ack with auth can't get processed
sctp: delay the authentication for the duplicated cookie-echo chunk
rds: do not leak kernel memory to user land
r8169: fix powering up RTL8168h
qmi_wwan: do not steal interfaces from class drivers
openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
net/tls: Fix connection stall on partial tls record
net/tls: Don't recursively call push_record during tls_write_space callbacks
net: support compat 64-bit time in {s,g}etsockopt
net_sched: fq: take care of throttled flows before reuse
net sched actions: fix refcnt leak in skbmod
net/mlx5: E-Switch, Include VF RDMA stats in vport statistics
net/mlx5e: Err if asked to offload TC match on frag being first
net/mlx4_en: Verify coalescing parameters are in range
net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()'
net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode
net: ethernet: sun: niu set correct packet size in skb
llc: better deal with too small mtu
ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
ipv4: fix fnhe usage by non-cached routes
dccp: fix tasklet usage
bridge: check iface upper dev when setting master via ioctl
8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
ANDROID: sdcardfs: Don't d_drop in d_revalidate
FROMLIST: brcmfmac: fix initialization of struct cfg80211_inform_bss variable
FROMLIST: brcmfmac: reports boottime_ns while informing bss
Change-Id: I43c27b71b153a2a87070de3ea393002769856960
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
Greg Kroah-Hartman
|
4c9e0a9b25 |
This is the 4.14.43 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlsESzAACgkQONu9yGCS
aT71uhAAtwH5Dvy395KPNS+IqabGaFnEeVpIEsxtBlIa7crspp9eUqiqEWP6nAGg
dPeBE4jLEf8lVed0ErZ+p0eJTuhjgUmve4/5+LBWQtZIz+9ppttwklRysxCfPixs
/cPBfSbfjQTqeQqpB3jOpQAZXnyeipxFMMjxlLoXEcKxcVM9qr3b+oNJ1lw/ETH3
3NMIYL+PSKyYp2cnAFUpUeU7grJQeTAwPDVy+ziZ8tF0aU5JbHMNRL19d9NxhQCX
efk4sr8smkKUv9wayM63FMtjlm/MYc6cxLRz2DsWEAQuC6qkEEqwf7vZ4XEGrqci
1tGWibzzTpo1v+01r57U5VXkS+DMyjYajikZNTe3ixUp19iKQyMSsMrBNupapOMy
s2x+lZLKFa3q8PGpIy0kJ8yCYw2DZMlrEC+VAfr1S9M3vz9pPzLv398r7eYcHhJb
Q8hHPdWgX3dcsYhju5/gekDFn7M41dsU3vtoooz50HKDcqVovJNwZNgzsLR8Fs4F
X3yanXyP5rjBnM9dQUnhi0PvJA6E/ZWDmp6LF9ZiySX1xJ9+5gflI+MnvxRvVuXk
UP3f8ace87x3zWYzmGin7vouUzsIOueCJXKZCGCvcV5/NLMGAW3NBGCZWnnH6OTy
RPsDUeKj36QBmalitR9yYF25Ss/zDx1b8RRdeVkD1E0YpfgMubg=
=opxx
-----END PGP SIGNATURE-----
Merge 4.14.43 into android-4.14
Changes in 4.14.43
usbip: usbip_host: refine probe and disconnect debug msgs to be useful
usbip: usbip_host: delete device from busid_table after rebind
usbip: usbip_host: run rebind from exit when module is removed
usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
usbip: usbip_host: fix bad unlock balance during stub_probe()
ALSA: usb: mixer: volume quirk for CM102-A+/102S+
ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
ALSA: control: fix a redundant-copy issue
spi: pxa2xx: Allow 64-bit DMA
spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master
spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL
KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls
KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock
powerpc: Don't preempt_disable() in show_cpuinfo()
vfio: ccw: fix cleanup if cp_prefetch fails
tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
tee: shm: fix use-after-free via temporarily dropped reference
netfilter: nf_tables: free set name in error path
netfilter: nf_tables: can't fail after linking rule into active rule list
netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6}
i2c: designware: fix poll-after-enable regression
powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
drm: Match sysfs name in link removal to link creation
lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly
radix tree: fix multi-order iteration race
mm: don't allow deferred pages with NEED_PER_CPU_KM
drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk
s390/qdio: fix access to uninitialized qdio_q fields
s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
s390/qdio: don't release memory in qdio_setup_irq()
s390: remove indirect branch from do_softirq_own_stack
x86/pkeys: Override pkey when moving away from PROT_EXEC
x86/pkeys: Do not special case protection key 0
efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
x86/mm: Drop TS_COMPAT on 64-bit exec() syscall
tick/broadcast: Use for_each_cpu() specially on UP kernels
ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
Btrfs: fix xattr loss after power failure
Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting
btrfs: property: Set incompat flag if lzo/zstd compression is set
btrfs: fix crash when trying to resume balance without the resume flag
btrfs: Split btrfs_del_delalloc_inode into 2 functions
btrfs: Fix delalloc inodes invalidation during transaction abort
btrfs: fix reading stale metadata blocks after degraded raid1 mounts
x86/nospec: Simplify alternative_msr_write()
x86/bugs: Concentrate bug detection into a separate function
x86/bugs: Concentrate bug reporting into a separate function
x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
x86/bugs, KVM: Support the combination of guest and host IBRS
x86/bugs: Expose /sys/../spec_store_bypass
x86/cpufeatures: Add X86_FEATURE_RDS
x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation
x86/bugs/intel: Set proper CPU features and setup RDS
x86/bugs: Whitelist allowed SPEC_CTRL MSR values
x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
x86/speculation: Create spec-ctrl.h to avoid include hell
prctl: Add speculation control prctls
x86/process: Allow runtime control of Speculative Store Bypass
x86/speculation: Add prctl for Speculative Store Bypass mitigation
nospec: Allow getting/setting on non-current task
proc: Provide details on speculation flaw mitigations
seccomp: Enable speculation flaw mitigations
x86/bugs: Make boot modes __ro_after_init
prctl: Add force disable speculation
seccomp: Use PR_SPEC_FORCE_DISABLE
seccomp: Add filter flag to opt-out of SSB mitigation
seccomp: Move speculation migitation control to arch code
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
x86/bugs: Rename _RDS to _SSBD
proc: Use underscores for SSBD in 'status'
Documentation/spec_ctrl: Do some minor cleanups
x86/bugs: Fix __ssb_select_mitigation() return type
x86/bugs: Make cpu_show_common() static
x86/bugs: Fix the parameters alignment and missing void
x86/cpu: Make alternative_msr_write work for 32-bit code
KVM: SVM: Move spec control call after restore of GS
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
x86/cpufeatures: Disentangle SSBD enumeration
x86/cpufeatures: Add FEATURE_ZEN
x86/speculation: Handle HT correctly on AMD
x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
x86/speculation: Add virtualized speculative store bypass disable support
x86/speculation: Rework speculative_store_bypass_update()
x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
x86/bugs: Expose x86_spec_ctrl_base directly
x86/bugs: Remove x86_spec_ctrl_set()
x86/bugs: Rework spec_ctrl base and mask logic
x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
x86/bugs: Rename SSBD_NO to SSB_NO
Linux 4.14.43
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Konrad Rzeszutek Wilk
|
43c47eb2a2 |
proc: Use underscores for SSBD in 'status'
commit e96f46ee8587607a828f783daa6eb5b44d25004d upstream
The style for the 'status' file is CamelCase or this. _.
Fixes: fae1fa0fc ("proc: Provide details on speculation flaw mitigations")
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Thomas Gleixner
|
20d036a2e2 |
prctl: Add force disable speculation
commit 356e4bfff2c5489e016fdb925adbf12a1e3950ee upstream For certain use cases it is desired to enforce mitigations so they cannot be undone afterwards. That's important for loader stubs which want to prevent a child from disabling the mitigation again. Will also be used for seccomp(). The extra state preserving of the prctl state for SSB is a preparatory step for EBPF dymanic speculation control. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Kees Cook
|
dd88d569ee |
proc: Provide details on speculation flaw mitigations
commit fae1fa0fc6cca8beee3ab8ed71d54f9a78fa3f64 upstream As done with seccomp and no_new_privs, also show speculation flaw mitigation state in /proc/$pid/status. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Liu Bo
|
671c9a69f4 |
btrfs: fix reading stale metadata blocks after degraded raid1 mounts
commit 02a3307aa9c20b4f6626255b028f07f6cfa16feb upstream.
If a btree block, aka. extent buffer, is not available in the extent
buffer cache, it'll be read out from the disk instead, i.e.
btrfs_search_slot()
read_block_for_search() # hold parent and its lock, go to read child
btrfs_release_path()
read_tree_block() # read child
Unfortunately, the parent lock got released before reading child, so
commit 5bdd3536cbbe ("Btrfs: Fix block generation verification race") had
used 0 as parent transid to read the child block. It forces
read_tree_block() not to check if parent transid is different with the
generation id of the child that it reads out from disk.
A simple PoC is included in btrfs/124,
0. A two-disk raid1 btrfs,
1. Right after mkfs.btrfs, block A is allocated to be device tree's root.
2. Mount this filesystem and put it in use, after a while, device tree's
root got COW but block A hasn't been allocated/overwritten yet.
3. Umount it and reload the btrfs module to remove both disks from the
global @fs_devices list.
4. mount -odegraded dev1 and write some data, so now block A is allocated
to be a leaf in checksum tree. Note that only dev1 has the latest
metadata of this filesystem.
5. Umount it and mount it again normally (with both disks), since raid1
can pick up one disk by the writer task's pid, if btrfs_search_slot()
needs to read block A, dev2 which does NOT have the latest metadata
might be read for block A, then we got a stale block A.
6. As parent transid is not checked, block A is marked as uptodate and
put into the extent buffer cache, so the future search won't bother
to read disk again, which means it'll make changes on this stale
one and make it dirty and flush it onto disk.
To avoid the problem, parent transid needs to be passed to
read_tree_block().
In order to get a valid parent transid, we need to hold the parent's
lock until finishing reading child.
This patch needs to be slightly adapted for stable kernels, the
&first_key parameter added to read_tree_block() is from 4.16+
(581c1760415c4). The fix is to replace 0 by 'gen'.
Fixes: 5bdd3536cbbe ("Btrfs: Fix block generation verification race")
CC: stable@vger.kernel.org # 4.4+
Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com>
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
[ update changelog ]
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Nikolay Borisov
|
7ea5cff55c |
btrfs: Fix delalloc inodes invalidation during transaction abort
commit fe816d0f1d4c31c4c31d42ca78a87660565fc800 upstream. When a transaction is aborted btrfs_cleanup_transaction is called to cleanup all the various in-flight bits and pieces which migth be active. One of those is delalloc inodes - inodes which have dirty pages which haven't been persisted yet. Currently the process of freeing such delalloc inodes in exceptional circumstances such as transaction abort boiled down to calling btrfs_invalidate_inodes whose sole job is to invalidate the dentries for all inodes related to a root. This is in fact wrong and insufficient since such delalloc inodes will likely have pending pages or ordered-extents and will be linked to the sb->s_inode_list. This means that unmounting a btrfs instance with an aborted transaction could potentially lead inodes/their pages visible to the system long after their superblock has been freed. This in turn leads to a "use-after-free" situation once page shrink is triggered. This situation could be simulated by running generic/019 which would cause such inodes to be left hanging, followed by generic/176 which causes memory pressure and page eviction which lead to touching the freed super block instance. This situation is additionally detected by the unmount code of VFS with the following message: "VFS: Busy inodes after unmount of Self-destruct in 5 seconds. Have a nice day..." Additionally btrfs hits WARN_ON(!RB_EMPTY_ROOT(&root->inode_tree)); in free_fs_root for the same reason. This patch aims to rectify the sitaution by doing the following: 1. Change btrfs_destroy_delalloc_inodes so that it calls invalidate_inode_pages2 for every inode on the delalloc list, this ensures that all the pages of the inode are released. This function boils down to calling btrfs_releasepage. During test I observed cases where inodes on the delalloc list were having an i_count of 0, so this necessitates using igrab to be sure we are working on a non-freed inode. 2. Since calling btrfs_releasepage might queue delayed iputs move the call out to btrfs_cleanup_transaction in btrfs_error_commit_super before calling run_delayed_iputs for the last time. This is necessary to ensure that delayed iputs are run. Note: this patch is tagged for 4.14 stable but the fix applies to older versions too but needs to be backported manually due to conflicts. CC: stable@vger.kernel.org # 4.14.x: 2b8773313494: btrfs: Split btrfs_del_delalloc_inode into 2 functions CC: stable@vger.kernel.org # 4.14.x Signed-off-by: Nikolay Borisov <nborisov@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> [ add comment to igrab ] Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Nikolay Borisov
|
0d670384af |
btrfs: Split btrfs_del_delalloc_inode into 2 functions
commit 2b8773313494ede83a26fb372466e634564002ed upstream. This is in preparation of fixing delalloc inodes leakage on transaction abort. Also export the new function. Signed-off-by: Nikolay Borisov <nborisov@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Reviewed-by: Anand Jain <anand.jain@oracle.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Anand Jain
|
1d16f615bb |
btrfs: fix crash when trying to resume balance without the resume flag
commit 02ee654d3a04563c67bfe658a05384548b9bb105 upstream. We set the BTRFS_BALANCE_RESUME flag in the btrfs_recover_balance() only, which isn't called during the remount. So when resuming from the paused balance we hit the bug: kernel: kernel BUG at fs/btrfs/volumes.c:3890! :: kernel: balance_kthread+0x51/0x60 [btrfs] kernel: kthread+0x111/0x130 :: kernel: RIP: btrfs_balance+0x12e1/0x1570 [btrfs] RSP: ffffba7d0090bde8 Reproducer: On a mounted filesystem: btrfs balance start --full-balance /btrfs btrfs balance pause /btrfs mount -o remount,ro /dev/sdb /btrfs mount -o remount,rw /dev/sdb /btrfs To fix this set the BTRFS_BALANCE_RESUME flag in btrfs_resume_balance_async(). CC: stable@vger.kernel.org # 4.4+ Signed-off-by: Anand Jain <anand.jain@oracle.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Misono Tomohiro
|
f9b02febea |
btrfs: property: Set incompat flag if lzo/zstd compression is set
commit 1a63c198ddb810c790101d693c7071cca703b3c7 upstream.
Incompat flag of LZO/ZSTD compression should be set at:
1. mount time (-o compress/compress-force)
2. when defrag is done
3. when property is set
Currently 3. is missing and this commit adds this.
This could lead to a filesystem that uses ZSTD but is not marked as
such. If a kernel without a ZSTD support encounteres a ZSTD compressed
extent, it will handle that but this could be confusing to the user.
Typically the filesystem is mounted with the ZSTD option, but the
discrepancy can arise when a filesystem is never mounted with ZSTD and
then the property on some file is set (and some new extents are
written). A simple mount with -o compress=zstd will fix that up on an
unpatched kernel.
Same goes for LZO, but this has been around for a very long time
(2.6.37) so it's unlikely that a pre-LZO kernel would be used.
Fixes: 5c1aab1dd544 ("btrfs: Add zstd support")
CC: stable@vger.kernel.org # 4.14+
Signed-off-by: Tomohiro Misono <misono.tomohiro@jp.fujitsu.com>
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
[ add user visible impact ]
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Robbie Ko
|
de1f96cc4a |
Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting
commit 6f2f0b394b54e2b159ef969a0b5274e9bbf82ff2 upstream. [BUG] btrfs incremental send BUG happens when creating a snapshot of snapshot that is being used by send. [REASON] The problem can happen if while we are doing a send one of the snapshots used (parent or send) is snapshotted, because snapshoting implies COWing the root of the source subvolume/snapshot. 1. When doing an incremental send, the send process will get the commit roots from the parent and send snapshots, and add references to them through extent_buffer_get(). 2. When a snapshot/subvolume is snapshotted, its root node is COWed (transaction.c:create_pending_snapshot()). 3. COWing releases the space used by the node immediately, through: __btrfs_cow_block() --btrfs_free_tree_block() ----btrfs_add_free_space(bytenr of node) 4. Because send doesn't hold a transaction open, it's possible that the transaction used to create the snapshot commits, switches the commit root and the old space used by the previous root node gets assigned to some other node allocation. Allocation of a new node will use the existing extent buffer found in memory, which we previously got a reference through extent_buffer_get(), and allow the extent buffer's content (pages) to be modified: btrfs_alloc_tree_block --btrfs_reserve_extent ----find_free_extent (get bytenr of old node) --btrfs_init_new_buffer (use bytenr of old node) ----btrfs_find_create_tree_block ------alloc_extent_buffer --------find_extent_buffer (get old node) 5. So send can access invalid memory content and have unpredictable behaviour. [FIX] So we fix the problem by copying the commit roots of the send and parent snapshots and use those copies. CallTrace looks like this: ------------[ cut here ]------------ kernel BUG at fs/btrfs/ctree.c:1861! invalid opcode: 0000 [#1] SMP CPU: 6 PID: 24235 Comm: btrfs Tainted: P O 3.10.105 #23721 ffff88046652d680 ti: ffff88041b720000 task.ti: ffff88041b720000 RIP: 0010:[<ffffffffa08dd0e8>] read_node_slot+0x108/0x110 [btrfs] RSP: 0018:ffff88041b723b68 EFLAGS: 00010246 RAX: ffff88043ca6b000 RBX: ffff88041b723c50 RCX: ffff880000000000 RDX: 000000000000004c RSI: ffff880314b133f8 RDI: ffff880458b24000 RBP: 0000000000000000 R08: 0000000000000001 R09: ffff88041b723c66 R10: 0000000000000001 R11: 0000000000001000 R12: ffff8803f3e48890 R13: ffff8803f3e48880 R14: ffff880466351800 R15: 0000000000000001 FS: 00007f8c321dc8c0(0000) GS:ffff88047fcc0000(0000) CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 R2: 00007efd1006d000 CR3: 0000000213a24000 CR4: 00000000003407e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: ffff88041b723c50 ffff8803f3e48880 ffff8803f3e48890 ffff8803f3e48880 ffff880466351800 0000000000000001 ffffffffa08dd9d7 ffff88041b723c50 ffff8803f3e48880 ffff88041b723c66 ffffffffa08dde85 a9ff88042d2c4400 Call Trace: [<ffffffffa08dd9d7>] ? tree_move_down.isra.33+0x27/0x50 [btrfs] [<ffffffffa08dde85>] ? tree_advance+0xb5/0xc0 [btrfs] [<ffffffffa08e83d4>] ? btrfs_compare_trees+0x2d4/0x760 [btrfs] [<ffffffffa0982050>] ? finish_inode_if_needed+0x870/0x870 [btrfs] [<ffffffffa09841ea>] ? btrfs_ioctl_send+0xeda/0x1050 [btrfs] [<ffffffffa094bd3d>] ? btrfs_ioctl+0x1e3d/0x33f0 [btrfs] [<ffffffff81111133>] ? handle_pte_fault+0x373/0x990 [<ffffffff8153a096>] ? atomic_notifier_call_chain+0x16/0x20 [<ffffffff81063256>] ? set_task_cpu+0xb6/0x1d0 [<ffffffff811122c3>] ? handle_mm_fault+0x143/0x2a0 [<ffffffff81539cc0>] ? __do_page_fault+0x1d0/0x500 [<ffffffff81062f07>] ? check_preempt_curr+0x57/0x90 [<ffffffff8115075a>] ? do_vfs_ioctl+0x4aa/0x990 [<ffffffff81034f83>] ? do_fork+0x113/0x3b0 [<ffffffff812dd7d7>] ? trace_hardirqs_off_thunk+0x3a/0x6c [<ffffffff81150cc8>] ? SyS_ioctl+0x88/0xa0 [<ffffffff8153e422>] ? system_call_fastpath+0x16/0x1b ---[ end trace 29576629ee80b2e1 ]--- Fixes: 7069830a9e38 ("Btrfs: add btrfs_compare_trees function") CC: stable@vger.kernel.org # 3.6+ Signed-off-by: Robbie Ko <robbieko@synology.com> Reviewed-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Filipe Manana
|
59bbb5ca4d |
Btrfs: fix xattr loss after power failure
commit 9a8fca62aacc1599fea8e813d01e1955513e4fad upstream.
If a file has xattrs, we fsync it, to ensure we clear the flags
BTRFS_INODE_NEEDS_FULL_SYNC and BTRFS_INODE_COPY_EVERYTHING from its
inode, the current transaction commits and then we fsync it (without
either of those bits being set in its inode), we end up not logging
all its xattrs. This results in deleting all xattrs when replying the
log after a power failure.
Trivial reproducer
$ mkfs.btrfs -f /dev/sdb
$ mount /dev/sdb /mnt
$ touch /mnt/foobar
$ setfattr -n user.xa -v qwerty /mnt/foobar
$ xfs_io -c "fsync" /mnt/foobar
$ sync
$ xfs_io -c "pwrite -S 0xab 0 64K" /mnt/foobar
$ xfs_io -c "fsync" /mnt/foobar
<power failure>
$ mount /dev/sdb /mnt
$ getfattr --absolute-names --dump /mnt/foobar
<empty output>
$
So fix this by making sure all xattrs are logged if we log a file's inode
item and neither the flags BTRFS_INODE_NEEDS_FULL_SYNC nor
BTRFS_INODE_COPY_EVERYTHING were set in the inode.
Fixes: 36283bf777d9 ("Btrfs: fix fsync xattr loss in the fast fsync path")
Cc: <stable@vger.kernel.org> # 4.2+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Laura Abbott
|
aa9442760f |
fs/buffer.c: Revoke LRU when trying to drop buffers
When a buffer is added to the LRU list, a reference is taken which is not dropped until the buffer is evicted from the LRU list. This is the correct behavior, however this LRU reference will prevent the buffer from being dropped. This means that the buffer can't actually be dropped until it is selected for eviction. There's no bound on the time spent on the LRU list, which means that the buffer may be undroppable for very long periods of time. Given that migration involves dropping buffers, the associated page is now unmigratible for long periods of time as well. CMA relies on being able to migrate a specific range of pages, so these these types of failures make CMA significantly less reliable, especially under high filesystem usage. Rather than waiting for the LRU algorithm to eventually kick out the buffer, explicitly remove the buffer from the LRU list when trying to drop it. There is still the possibility that the buffer could be added back on the list, but that indicates the buffer is still in use and would probably have other 'in use' indicates to prevent dropping. Change-Id: I253f4ee2069e190c1115afc421dadd27a7fa87dc Signed-off-by: Laura Abbott <lauraa@codeaurora.org> Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
2b59cb7780 |
This is the 4.14.42 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlr/3ksACgkQONu9yGCS
aT5vdg/+NrZhrryO0+MisGGRnym0awDDo+TV0Wxuw2VCoCxAGbH0sGSJp9DtKcet
TDtLmw8RuJFU2NPBcN4aPuGFby5kLmlOslQhKg32mKcW0tnhK67DFhiqceZB/FeY
JdReYzvMv0UBsr5QFzPA3F5rbwjGV8N//3+spXOt3DykjtwR9wddGp7GxqWxIm/x
wF28tHr9LAdVuwPHw/Tpkl5ouDn8TGsuNejgv544EDWbACurZCKxxG7IYKD0vFTG
vrDPTuBoAXpzW/QI2kF7j6hy1hlzREGRak9CLYz2YAcMvXi2Lxlx5eL8lYMjTk5M
3uvkZQ6lXjIZpKd8mRxUzj6TtZ/g3iM/mTozLBFw/JIsnCNIzyHheVZRuPARd5xT
PF56P0cLrpO4d7Tdsn5bTcjuZDqNHn+II2ZvB9TaynJD1kDw5bpbfLi/KwZWAEHj
2KVl4AR1swpoGsQBcjH+w2k3zYHhX1WmrAzMaN/wnybcVwxwVizpWpIIMb6t6ejk
llG8va2ZSF8UA+OfwrTLUr483kSg3hYW72+85DdvL64K8yMOvmYhV2TncEQBH4aK
YGjomZDKcT10afIpY5/vAVFdtCBvSB3ar/6pMS/tio0UK/SBwTV81nYCoPWoB8R5
2gq6JJxjf92AMQhhbGnmPX8knDmbBOodDq3W8thLISIOG1qnJBA=
=w3oc
-----END PGP SIGNATURE-----
Merge 4.14.42 into android-4.14
Changes in 4.14.42
8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
bridge: check iface upper dev when setting master via ioctl
dccp: fix tasklet usage
ipv4: fix fnhe usage by non-cached routes
ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
llc: better deal with too small mtu
net: ethernet: sun: niu set correct packet size in skb
net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode
net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()'
net/mlx4_en: Verify coalescing parameters are in range
net/mlx5e: Err if asked to offload TC match on frag being first
net/mlx5: E-Switch, Include VF RDMA stats in vport statistics
net sched actions: fix refcnt leak in skbmod
net_sched: fq: take care of throttled flows before reuse
net: support compat 64-bit time in {s,g}etsockopt
net/tls: Don't recursively call push_record during tls_write_space callbacks
net/tls: Fix connection stall on partial tls record
openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
qmi_wwan: do not steal interfaces from class drivers
r8169: fix powering up RTL8168h
rds: do not leak kernel memory to user land
sctp: delay the authentication for the duplicated cookie-echo chunk
sctp: fix the issue that the cookie-ack with auth can't get processed
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg
sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
tcp_bbr: fix to zero idle_restart only upon S/ACKed data
tcp: ignore Fast Open on repair mode
tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
bonding: do not allow rlb updates to invalid mac
bonding: send learning packets for vlans on slave
net: sched: fix error path in tcf_proto_create() when modules are not configured
net/mlx5e: TX, Use correct counter in dma_map error flow
net/mlx5: Avoid cleaning flow steering table twice during error flow
hv_netvsc: set master device
ipv6: fix uninit-value in ip6_multipath_l3_keys()
net/mlx5e: Allow offloading ipv4 header re-write for icmp
nsh: fix infinite loop
udp: fix SO_BINDTODEVICE
scsi: aacraid: Correct hba_send to include iu_type
xfrm: Use __skb_queue_tail in xfrm_trans_queue
btrfs: Take trans lock before access running trans in check_delayed_ref
xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
l2tp: revert "l2tp: fix missing print session offset info"
proc: do not access cmdline nor environ from file-backed areas
Linux 4.14.42
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Willy Tarreau
|
5c9a9508de |
proc: do not access cmdline nor environ from file-backed areas
commit 7f7ccc2ccc2e70c6054685f5e3522efa81556830 upstream. proc_pid_cmdline_read() and environ_read() directly access the target process' VM to retrieve the command line and environment. If this process remaps these areas onto a file via mmap(), the requesting process may experience various issues such as extra delays if the underlying device is slow to respond. Let's simply refuse to access file-backed areas in these functions. For this we add a new FOLL_ANON gup flag that is passed to all calls to access_remote_vm(). The code already takes care of such failures (including unmapped areas). Accesses via /proc/pid/mem were not changed though. This was assigned CVE-2018-1120. Note for stable backports: the patch may apply to kernels prior to 4.11 but silently miss one location; it must be checked that no call to access_remote_vm() keeps zero as the last argument. Reported-by: Qualys Security Advisory <qsa@qualys.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Oleg Nesterov <oleg@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Willy Tarreau <w@1wt.eu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
ethanwu
|
b0e5b437ec |
btrfs: Take trans lock before access running trans in check_delayed_ref
commit 998ac6d21cfd6efd58f5edf420bae8839dda9f2a upstream.
In preivous patch:
Btrfs: kill trans in run_delalloc_nocow and btrfs_cross_ref_exist
We avoid starting btrfs transaction and get this information from
fs_info->running_transaction directly.
When accessing running_transaction in check_delayed_ref, there's a
chance that current transaction will be freed by commit transaction
after the NULL pointer check of running_transaction is passed.
After looking all the other places using fs_info->running_transaction,
they are either protected by trans_lock or holding the transactions.
Fix this by using trans_lock and increasing the use_count.
Fixes: e4c3b2dcd144 ("Btrfs: kill trans in run_delalloc_nocow and btrfs_cross_ref_exist")
CC: stable@vger.kernel.org # 4.14+
Signed-off-by: ethanwu <ethanwu@synology.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Daniel Rosenberg
|
cc15bd0026 |
ANDROID: sdcardfs: Don't d_drop in d_revalidate
After d_revalidate returns 0, the vfs will call d_invalidate, which will call d_drop itself, along with other cleanup. Bug: 78262592 Change-Id: Idbb30e008c05d62edf2217679cb6a5517d8d1a2c Signed-off-by: Daniel Rosenberg <drosen@google.com> |
||
|
Blagovest Kolenichev
|
f4d73128a3 |
Merge android-4.14.41 (04f740d) into msm-4.14
* refs/heads/tmp-04f740d Linux 4.14.41 KVM: x86: remove APIC Timer periodic/oneshot spikes KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* tracing/uprobe_event: Fix strncpy corner case sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] smb3: directory sync should not return an error nvme: add quirk to force medium priority for SQ creation thermal: exynos: Propagate error value from tmu_read() thermal: exynos: Reading temperature makes sense only when TMU is turned on Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome chipsets Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" cpufreq: schedutil: Avoid using invalid next_freq PCI / PM: Check device_may_wakeup() in pci_enable_wake() PCI / PM: Always check PME wakeup capability for runtime wakeup support atm: zatm: Fix potential Spectre v1 net: atm: Fix potential Spectre v1 drm/atomic: Clean private obj old_state/new_state in drm_atomic_state_default_clear() drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear() drm/nouveau: Fix deadlock in nv50_mstm_register_connector() drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log drm/vc4: Fix scaling of uni-planar formats can: hi311x: Work around TX complete interrupt erratum can: hi311x: Acquire SPI lock on ->do_get_berr_counter can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() ceph: fix rsize/wsize capping in ceph_direct_read_write() mm, oom: fix concurrent munlock and oom reaper unmap, v3 mm: sections are not offlined during memory hotremove z3fold: fix reclaim lock-ups tracing: Fix regex_match_front() to not over compare the test string dm integrity: use kvfree for kvmalloc'd memory libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs rfkill: gpio: fix memory leak in probe error path gpio: fix error path in lineevent_create gpio: fix aspeed_gpio unmask irq gpioib: do not free unrequested descriptors compat: fix 4-byte infoleak via uninitialized struct field arm64: Add work around for Arm Cortex-A55 Erratum 1024718 KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing KVM: PPC: Book3S HV: Fix guest time accounting with VIRT_CPU_ACCOUNTING_GEN KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry bdi: Fix oops in wb_workfn() bdi: wake up concurrent wb_shutdown() callers. tcp: fix TCP_REPAIR_QUEUE bound checking perf: Remove superfluous allocation error check memcg: fix per_node_info cleanup inetpeer: fix uninit-value in inet_getpeer soreuseport: initialise timewait reuseport field ipv4: fix uninit-value in ip_route_output_key_hash_rcu() dccp: initialize ireq->ir_mark net: fix uninit-value in __hw_addr_add_ex() net: initialize skb->peeked when cloning net: fix rtnh_ok() netlink: fix uninit-value in netlink_sendmsg crypto: af_alg - fix possible uninit-value in alg_bind() kcm: Call strp_stop before strp_done in kcm_attach netfilter: ebtables: don't attempt to allocate 0-sized compat array ipvs: fix rtnl_lock lockups caused by start_sync_thread ANDROID: goldfish: drop CONFIG_INPUT_KEYCHORD Linux 4.14.40 tracing: Fix bad use of igrab in trace_uprobe.c irqchip/qcom: Fix check for spurious interrupts platform/x86: asus-wireless: Fix NULL pointer dereference usb: musb: trace: fix NULL pointer dereference in musb_g_tx() usb: musb: host: fix potential NULL pointer dereference USB: serial: option: adding support for ublox R410M USB: serial: option: reimplement interface masking USB: Accept bulk endpoints with 1024-byte maxpacket usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue USB: serial: visor: handle potential invalid device configuration errseq: Always report a writeback error once test_firmware: fix setting old custom fw path back on exit, second try drm/bridge: vga-dac: Fix edid memory leak drm/vmwgfx: Fix a buffer object leak iw_cxgb4: Atomically flush per QP HW CQEs IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used IB/hfi1: Fix loss of BECN with AHG IB/hfi1: Fix handling of FECN marked multicast packet IB/mlx5: Use unlimited rate when static rate is not supported NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 RDMA/mlx5: Protect from shift operand overflow RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow RDMA/ucma: Allow resolving address w/o specifying source address RDMA/cxgb4: release hw resources on device removal xfs: prevent creating negative-sized file via INSERT_RANGE rtlwifi: cleanup 8723be ant_sel definition rtlwifi: btcoex: Add power_on_setting routine Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro Input: leds - fix out of bound access scsi: target: Fix fortify_panic kernel exception tracepoint: Do not warn on ENOMEM ALSA: aloop: Add missing cable lock to ctl API callbacks ALSA: aloop: Mark paused device as inactive ALSA: dice: fix kernel NULL pointer dereference due to invalid calculation for array index ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() ALSA: pcm: Check PCM state at xfern compat ioctl ALSA: hda - Fix incorrect usage of IS_REACHABLE() USB: serial: option: Add support for Quectel EP06 ACPI / button: make module loadable when booted in non-ACPI mode crypto: talitos - fix IPsec cipher in length percpu: include linux/sched.h for cond_resched() net: don't call update_pmtu unconditionally geneve: update skb dst pmtu on tx path UPSTREAM: f2fs: avoid fsync() failure caused by EAGAIN in writepage() UPSTREAM: f2fs: clear PageError on writepage - part 2 ANDROID: build.config: enforce trace_printk check FROMLIST: staging: Fix sparse warnings in vsoc driver. FROMLIST: staging: vsoc: Fix a i386-randconfig warning. FROMLIST: staging: vsoc: Create wc kernel mapping for region shm. Change-Id: I697004775203b8bb5cace4fdf7e6489cfd32b54b Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
04f740d4da |
This is the 4.14.41 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlr753gACgkQONu9yGCS aT7p/Q//TIC9EKe21E2Lb1Kh4lL5SDjmwe/rkA3PxiqxbkXfUDBehMCfDk4YVNVG TlH1TXOubzpS/8cZJPRFHEkrYXPKIA3+hKlAvJukUJCBQqmW1ILEAX5m7jrSmf+B tLe/r0ijOtlfB1xQdUs5RxXGIndw0gMGhpo/QTXPAC0hGh0Ykd8v2s4YAjxOvdKw z4DaUKtZGEPBWFVK/Bx1Fv3iAmJMt2yerERUqz8MVegYXJt+2RUGoJtsxHuvOk1p 9q0lzHBWYihQVt1tJ0es/8cB7WsYt8txnVmeN907sryUhDjvTWIxQJb5jEV0gxxK AL89PHy4Hfki6l6r+tqYi92frFda8aLfsaSseOhlmqsv0MlwngW2dx3UbjaYd4If IQA6n0hWHuxUvjrjsPpsMAa4lvTW+/kFilb0mD6Vixy3ru+/RelKnuawJm6kbMNu Cb8QSVSJrhvC/UZLvwO7a3viJdKoI5B9pTh5FTKcY5wUPI1k01pg3WlWNxmnv4ZJ LPImR06aoJYhvbutf94AvxbCOt/au8sY4s/yk9oHgvGUEIccrGYf3BwX6ciWRt4b r4ZN92C9ZuD+u/ATFgi/akngtjjixw5YrZ20aX86dYcBZ25hYOiIMoc482tYQ12Z 1vqyvKg9o1oMypG9orF09PWstbNRu3ihGATKdXL9lfAhDklOTKc= =zWTK -----END PGP SIGNATURE----- Merge 4.14.41 into android-4.14 Changes in 4.14.41 ipvs: fix rtnl_lock lockups caused by start_sync_thread netfilter: ebtables: don't attempt to allocate 0-sized compat array kcm: Call strp_stop before strp_done in kcm_attach crypto: af_alg - fix possible uninit-value in alg_bind() netlink: fix uninit-value in netlink_sendmsg net: fix rtnh_ok() net: initialize skb->peeked when cloning net: fix uninit-value in __hw_addr_add_ex() dccp: initialize ireq->ir_mark ipv4: fix uninit-value in ip_route_output_key_hash_rcu() soreuseport: initialise timewait reuseport field inetpeer: fix uninit-value in inet_getpeer memcg: fix per_node_info cleanup perf: Remove superfluous allocation error check tcp: fix TCP_REPAIR_QUEUE bound checking bdi: wake up concurrent wb_shutdown() callers. bdi: Fix oops in wb_workfn() KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry KVM: PPC: Book3S HV: Fix guest time accounting with VIRT_CPU_ACCOUNTING_GEN KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing arm64: Add work around for Arm Cortex-A55 Erratum 1024718 compat: fix 4-byte infoleak via uninitialized struct field gpioib: do not free unrequested descriptors gpio: fix aspeed_gpio unmask irq gpio: fix error path in lineevent_create rfkill: gpio: fix memory leak in probe error path libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs dm integrity: use kvfree for kvmalloc'd memory tracing: Fix regex_match_front() to not over compare the test string z3fold: fix reclaim lock-ups mm: sections are not offlined during memory hotremove mm, oom: fix concurrent munlock and oom reaper unmap, v3 ceph: fix rsize/wsize capping in ceph_direct_read_write() can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() can: hi311x: Acquire SPI lock on ->do_get_berr_counter can: hi311x: Work around TX complete interrupt erratum drm/vc4: Fix scaling of uni-planar formats drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log drm/nouveau: Fix deadlock in nv50_mstm_register_connector() drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear() drm/atomic: Clean private obj old_state/new_state in drm_atomic_state_default_clear() net: atm: Fix potential Spectre v1 atm: zatm: Fix potential Spectre v1 PCI / PM: Always check PME wakeup capability for runtime wakeup support PCI / PM: Check device_may_wakeup() in pci_enable_wake() cpufreq: schedutil: Avoid using invalid next_freq Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome chipsets thermal: exynos: Reading temperature makes sense only when TMU is turned on thermal: exynos: Propagate error value from tmu_read() nvme: add quirk to force medium priority for SQ creation smb3: directory sync should not return an error sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] tracing/uprobe_event: Fix strncpy corner case perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler KVM: x86: remove APIC Timer periodic/oneshot spikes Linux 4.14.41 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Steve French
|
f2a42c6bca |
smb3: directory sync should not return an error
commit 6e70c267e68d77679534dcf4aaf84e66f2cf1425 upstream. As with NFS, which ignores sync on directory handles, fsync on a directory handle is a noop for CIFS/SMB3. Do not return an error on it. It breaks some database apps otherwise. Signed-off-by: Steve French <smfrench@gmail.com> CC: Stable <stable@vger.kernel.org> Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com> Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Ilya Dryomov
|
4636b4e251 |
ceph: fix rsize/wsize capping in ceph_direct_read_write()
commit 3a15b38fd2efc1d648cb33186bf71e9138c93491 upstream. rsize/wsize cap should be applied before ceph_osdc_new_request() is called. Otherwise, if the size is limited by the cap instead of the stripe unit, ceph_osdc_new_request() would setup an extent op that is bigger than what dio_get_pages_alloc() would pin and add to the page vector, triggering asserts in the messenger. Cc: stable@vger.kernel.org Fixes: 95cca2b44e54 ("ceph: limit osd write size") Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: "Yan, Zheng" <zyan@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Jan Kara
|
683b4520d0 |
bdi: Fix oops in wb_workfn()
commit b8b784958eccbf8f51ebeee65282ca3fd59ea391 upstream. Syzbot has reported that it can hit a NULL pointer dereference in wb_workfn() due to wb->bdi->dev being NULL. This indicates that wb_workfn() was called for an already unregistered bdi which should not happen as wb_shutdown() called from bdi_unregister() should make sure all pending writeback works are completed before bdi is unregistered. Except that wb_workfn() itself can requeue the work with: mod_delayed_work(bdi_wq, &wb->dwork, 0); and if this happens while wb_shutdown() is waiting in: flush_delayed_work(&wb->dwork); the dwork can get executed after wb_shutdown() has finished and bdi_unregister() has cleared wb->bdi->dev. Make wb_workfn() use wakeup_wb() for requeueing the work which takes all the necessary precautions against racing with bdi unregistration. CC: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> CC: Tejun Heo <tj@kernel.org> Fixes: 839a8e8660b6777e7fe4e80af1a048aebe2b5977 Reported-by: syzbot <syzbot+9873874c735f2892e7e9@syzkaller.appspotmail.com> Reviewed-by: Dave Chinner <dchinner@redhat.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
c89418ee18 |
This is the 4.14.40 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlryqJwACgkQONu9yGCS aT4TlxAApPkv3brRm/VkYEQKp+JXU9Yz9MvX+UQ8tmqmwAE2HxmKZTScMNGD+dvu tgoZEdS7i23G52Qjn1RFn1Zw4HKgW3ZJMAvrRJJJVOlNnccRrvx9wUFOiqYeUFFC NCgiKckBPbFZvLe7IMWVz1KyrotogXEWP12scuV4CG792hxzZRa1unBfrIvUi9p4 fp4IcyYucTcmQqzW4EPmOeE+iahJGTTLngyqL5uwZVegzxwQzVB+Kpc05pU0PpIo vgThcBNWaxHD8cyXFVISWoHjdMvUjvkNuDWJPUACT8Tpo4Q/r2ToPEnoEJ2meVos jlzBDQ0IwXb7L2GkTlvRLBlCCFcYizTN59LMiaApVSW1bwXS+eJef+zWlHCvmaRs /g5SU4OQUnv58j4nr/Uumjx79u4rcpVyINbuvzpKi85wInrrswVFQ5Eo+nac1r7j 3ttifyhKfxrTHCbPULX5nNYF98tP38iz4I+M8Q5jjAGB71vJ5Lrvfl5nf6K/VamS jy1R0rLo/DCkb7bym49nI+WUBs9M8+TfAEtRAB9BklPBvdA8ktrkuD/OVcJ4pWej GKmd6yi6gfuPBHDJxQyqb8Ll8IUVDTld0dMg+WZa0GsJpko39K8XuqgEwwBewlUJ yCFYrm6F939Ra2WWvUEpPjChYeoG90vaaDZGuvPB7EOeFWJjcEQ= =IWvJ -----END PGP SIGNATURE----- Merge 4.14.40 into android-4.14 Changes in 4.14.40 geneve: update skb dst pmtu on tx path net: don't call update_pmtu unconditionally percpu: include linux/sched.h for cond_resched() crypto: talitos - fix IPsec cipher in length ACPI / button: make module loadable when booted in non-ACPI mode USB: serial: option: Add support for Quectel EP06 ALSA: hda - Fix incorrect usage of IS_REACHABLE() ALSA: pcm: Check PCM state at xfern compat ioctl ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() ALSA: dice: fix kernel NULL pointer dereference due to invalid calculation for array index ALSA: aloop: Mark paused device as inactive ALSA: aloop: Add missing cable lock to ctl API callbacks tracepoint: Do not warn on ENOMEM scsi: target: Fix fortify_panic kernel exception Input: leds - fix out of bound access Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro rtlwifi: btcoex: Add power_on_setting routine rtlwifi: cleanup 8723be ant_sel definition xfs: prevent creating negative-sized file via INSERT_RANGE RDMA/cxgb4: release hw resources on device removal RDMA/ucma: Allow resolving address w/o specifying source address RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow RDMA/mlx5: Protect from shift operand overflow NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 IB/mlx5: Use unlimited rate when static rate is not supported IB/hfi1: Fix handling of FECN marked multicast packet IB/hfi1: Fix loss of BECN with AHG IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used iw_cxgb4: Atomically flush per QP HW CQEs drm/vmwgfx: Fix a buffer object leak drm/bridge: vga-dac: Fix edid memory leak test_firmware: fix setting old custom fw path back on exit, second try errseq: Always report a writeback error once USB: serial: visor: handle potential invalid device configuration usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue USB: Accept bulk endpoints with 1024-byte maxpacket USB: serial: option: reimplement interface masking USB: serial: option: adding support for ublox R410M usb: musb: host: fix potential NULL pointer dereference usb: musb: trace: fix NULL pointer dereference in musb_g_tx() platform/x86: asus-wireless: Fix NULL pointer dereference irqchip/qcom: Fix check for spurious interrupts tracing: Fix bad use of igrab in trace_uprobe.c Linux 4.14.40 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Darrick J. Wong
|
bd9ca962ee |
xfs: prevent creating negative-sized file via INSERT_RANGE
commit 7d83fb14258b9961920cd86f0b921caaeb3ebe85 upstream.
During the "insert range" fallocate operation, i_size grows by the
specified 'len' bytes. XFS verifies that i_size + len < s_maxbytes, as
it should. But this comparison is done using the signed 'loff_t', and
'i_size + len' can wrap around to a negative value, causing the check to
incorrectly pass, resulting in an inode with "negative" i_size. This is
possible on 64-bit platforms, where XFS sets s_maxbytes = LLONG_MAX.
ext4 and f2fs don't run into this because they set a smaller s_maxbytes.
Fix it by using subtraction instead.
Reproducer:
xfs_io -f file -c "truncate $(((1<<63)-1))" -c "finsert 0 4096"
Fixes: a904b1ca5751 ("xfs: Add support FALLOC_FL_INSERT_RANGE for fallocate")
Cc: <stable@vger.kernel.org> # v4.1+
Originally-From: Eric Biggers <ebiggers@google.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
[darrick: fix signed integer addition overflow too]
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Jaegeuk Kim
|
2ae4606507 |
UPSTREAM: f2fs: avoid fsync() failure caused by EAGAIN in writepage()
pageout() in MM traslates EAGAIN, so calls handle_write_error() -> mapping_set_error() -> set_bit(AS_EIO, ...). file_write_and_wait_range() will see EIO error, which is critical to return value of fsync() followed by atomic_write failure to user. Change-Id: Ifdd5e09defcf0705901ff7f23001d68a811da3af Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> (cherry picked from commit 1ccd6c4ff9ccd74bb87903067618815d326af242) |
||
|
Jaegeuk Kim
|
99e5f1a4b9 |
UPSTREAM: f2fs: clear PageError on writepage - part 2
This patch clears PageError in some pages tagged by read path, but when we write the pages with valid contents, writepage should clear the bit likewise ext4. Change-Id: I9a5362d46de8a0e70274d1e1af17ec6b83b543af Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> (cherry picked from commit ea3ffc6f12afa6e3c84173ec94601bc635e0900e) |
||
|
qctecmdr Service
|
8d86cfc2f3 | Merge "Merge remote-tracking branch 'remotes/origin/tmp-c50e5cb' into msm-4.14" | ||
|
qctecmdr Service
|
b88e16ce68 | Merge "proc: Add files for specifying scheduling related per-task attributes" | ||
Pavankumar Kondeti
|
7e56ff05a2 |
proc: Add files for specifying scheduling related per-task attributes
Add procfs files for specifying the scheduling related per-task attributes like wake_up_idle, init_task_load and sched_group_id. Change-Id: I97db385522c7317fbc6f78cbae5c2550b73afd27 Signed-off-by: Srivatsa Vaddagiri <vatsa@codeaurora.org> Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org> Signed-off-by: Puja Gupta <pujag@codeaurora.org> |
||
Isaac J. Manjarres
|
8cfb73341f |
Merge remote-tracking branch 'remotes/origin/tmp-c50e5cb' into msm-4.14
* remotes/origin/tmp-c50e5cb:
Linux 4.14.39
powerpc/eeh: Fix race with driver un/bind
arm/arm64: KVM: Add PSCI version selection API
tick/sched: Do not mess with an enqueued hrtimer
x86/microcode: Do not exit early from __reload_late()
x86/microcode/intel: Save microcode patch unconditionally
x86/smpboot: Don't use mwait_play_dead() on AMD systems
x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
tools/lib/subcmd/pager.c: do not alias select() params
objtool, perf: Fix GCC 8 -Wrestrict error
drm/i915: Enable display WA#1183 from its correct spot
drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders
rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops
cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt
earlycon: Use a pointer table to fix __earlycon_table stride
fpga-manager: altera-ps-spi: preserve nCONFIG state
libceph: validate con->state at the top of try_write()
libceph: reschedule a tick in finish_hunting()
libceph: un-backoff on tick when we have a authenticated session
ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
crypto: drbg - set freed buffers to NULL
powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large address range
powerpc/mm: Flush cache on memory hot(un)plug
KVM: arm/arm64: Close VMID generation race
ARM: socfpga_defconfig: Remove QSPI Sector 4K size force
ARM: amba: Don't read past the end of sysfs "driver_override" buffer
ARM: amba: Fix race condition with driver_override
ARM: amba: Make driver_override output consistent with other buses
PCI: aardvark: Fix PCIe Max Read Request Size setting
PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode
PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf()
PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf()
ANDROID: binder: prevent transactions into own process.
vfio: ccw: process ssch with interrupts disabled
bfq-iosched: ensure to clear bic/bfqq pointers when preparing request
scsi: sd: Defer spinning up drive while SANITIZE is in progress
kobject: don't use WARN for registration failures
mtd: rawnand: tango: Fix struct clk memory leak
mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic
ALSA: hda/realtek - change the location for one of two front mics
ALSA: hda/realtek - Update ALC255 depop optimize
ALSA: hda/realtek - Add some fixes for ALC233
ALSA: hda: Hardening for potential Spectre v1
ALSA: seq: oss: Hardening for potential Spectre v1
ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
ALSA: pcm: Return negative delays from SNDRV_PCM_IOCTL_DELAY.
ALSA: control: Hardening for potential Spectre v1
ALSA: rme9652: Hardening for potential Spectre v1
ALSA: hdspm: Hardening for potential Spectre v1
ALSA: asihpi: Hardening for potential Spectre v1
ALSA: opl3: Hardening for potential Spectre v1
ALSA: hda - Skip jack and others for non-existing PCM streams
ALSA: dice: fix error path to destroy initialized stream data
ALSA: dice: fix OUI for TC group
tty: Use __GFP_NOFAIL for tty_ldisc_get()
tty: Avoid possible error pointer dereference at tty_ldisc_restore().
tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
tty: Don't call panic() at tty_ldisc_init()
drm/virtio: fix vq wait_event condition
virtio_console: reset on out of memory
virtio_console: move removal code
virtio_console: drop custom control queue cleanup
virtio_console: free buffers after reset
virtio_console: don't tie bufs to a vq
virtio: add ability to iterate over vqs
ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
USB: Increment wakeup count on remote wakeup.
usb: core: Add quirk for HP v222w 16GB Mini
usb: typec: ucsi: Increase command completion timeout value
USB: serial: cp210x: add ID for NI USB serial console
USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
USB: serial: simple: add libtransistor console
xhci: Fix USB ports for Dell Inspiron 5775
Revert "xhci: plat: Register shutdown for xhci_plat"
usbip: vhci_hcd: check rhport before using in vhci_hub_control()
usbip: vhci_hcd: Fix usb device and sockfd leaks
usbip: usbip_host: fix to hold parent lock for device_attach() calls
usbip: usbip_event: fix to not print kernel pointer address
random: rate limit unseeded randomness warnings
random: fix possible sleeping allocation from irq context
random: set up the NUMA crng instances after the CRNG is fully initialized
ext4: fix bitmap position validation
ext4: add validity checks for bitmap block numbers
ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs
ext4: set h_journal if there is a failure starting a reserved handle
ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
cfi: print target address on failure
Change-Id: I9a3d0c10b1a2d2c28872401cb656d490604352a7
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
c50e5cb3fa |
This is the 4.14.39 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlroxuQACgkQONu9yGCS
aT5H3BAAq+AfTWGEbNgjlDMh0nNSzNG4QyitI79Y6fsJrXCy669X/+b0V7s7+RoL
R+UBw1REIG7cnDBOgNNYoyoC7UGGstBxD7X4TnnWZsGpYeilCdqETUfRT1UBIXMM
ZVnLgUcje/smCUIkJbmPzGQb6j+fRbanyynkeQ4PyXd5rHd7ncKyyYjXVE38dUm3
HiczG+F3KD6tkHcaA5PFt1Afw0EQACUYapIZIQgd7XISbskHSH9TMohrA+cTREpH
HSPw64KbTR0SuhfJiUJILTbsUNe9EHD7iEvT/wjwmD+pEgMrWxVfdFquaHX/HIBZ
Ex1brCNCvw8PCzMxhpLfkBxhc/I1swktO6/B87tWaeQtRLEaybuchaCsUuppfcPP
tCokNu2IDmLuhIEVl/kyD+GwQ3Xs95I5+o9wytpCYdS4NplX2AWsvQb00v2ZXuo6
VDa0x4aPUyLIGPITSYi2lmS10mrvCkzuvd0seuaPbM87Q2+5Mq1RxmQCvFzTgfGZ
Y+jKS3nomgP5b/QzhKM5O9y3DBMMyDx6zjwzPmhnR4mM2b1aBguk2Q1YbqXgwPJk
7GIUFeb+xD6pdWtK4lZc7Apxc2CUE7lTC0gn90EWwS5+vu+cljt4uvMmsuYLRVaw
/0+zLv+jMxkvEoI2Y0i+FuuJ2k46q8YFy1Lga0+xeVWdd1D84GI=
=0Lwm
-----END PGP SIGNATURE-----
Merge 4.14.39 into android-4.14
Changes in 4.14.39
ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
ext4: set h_journal if there is a failure starting a reserved handle
ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs
ext4: add validity checks for bitmap block numbers
ext4: fix bitmap position validation
random: set up the NUMA crng instances after the CRNG is fully initialized
random: fix possible sleeping allocation from irq context
random: rate limit unseeded randomness warnings
usbip: usbip_event: fix to not print kernel pointer address
usbip: usbip_host: fix to hold parent lock for device_attach() calls
usbip: vhci_hcd: Fix usb device and sockfd leaks
usbip: vhci_hcd: check rhport before using in vhci_hub_control()
Revert "xhci: plat: Register shutdown for xhci_plat"
xhci: Fix USB ports for Dell Inspiron 5775
USB: serial: simple: add libtransistor console
USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
USB: serial: cp210x: add ID for NI USB serial console
usb: typec: ucsi: Increase command completion timeout value
usb: core: Add quirk for HP v222w 16GB Mini
USB: Increment wakeup count on remote wakeup.
ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
virtio: add ability to iterate over vqs
virtio_console: don't tie bufs to a vq
virtio_console: free buffers after reset
virtio_console: drop custom control queue cleanup
virtio_console: move removal code
virtio_console: reset on out of memory
drm/virtio: fix vq wait_event condition
tty: Don't call panic() at tty_ldisc_init()
tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
tty: Avoid possible error pointer dereference at tty_ldisc_restore().
tty: Use __GFP_NOFAIL for tty_ldisc_get()
ALSA: dice: fix OUI for TC group
ALSA: dice: fix error path to destroy initialized stream data
ALSA: hda - Skip jack and others for non-existing PCM streams
ALSA: opl3: Hardening for potential Spectre v1
ALSA: asihpi: Hardening for potential Spectre v1
ALSA: hdspm: Hardening for potential Spectre v1
ALSA: rme9652: Hardening for potential Spectre v1
ALSA: control: Hardening for potential Spectre v1
ALSA: pcm: Return negative delays from SNDRV_PCM_IOCTL_DELAY.
ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
ALSA: seq: oss: Hardening for potential Spectre v1
ALSA: hda: Hardening for potential Spectre v1
ALSA: hda/realtek - Add some fixes for ALC233
ALSA: hda/realtek - Update ALC255 depop optimize
ALSA: hda/realtek - change the location for one of two front mics
mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic
mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
mtd: rawnand: tango: Fix struct clk memory leak
kobject: don't use WARN for registration failures
scsi: sd: Defer spinning up drive while SANITIZE is in progress
bfq-iosched: ensure to clear bic/bfqq pointers when preparing request
vfio: ccw: process ssch with interrupts disabled
ANDROID: binder: prevent transactions into own process.
PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf()
PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf()
PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode
PCI: aardvark: Fix PCIe Max Read Request Size setting
ARM: amba: Make driver_override output consistent with other buses
ARM: amba: Fix race condition with driver_override
ARM: amba: Don't read past the end of sysfs "driver_override" buffer
ARM: socfpga_defconfig: Remove QSPI Sector 4K size force
KVM: arm/arm64: Close VMID generation race
powerpc/mm: Flush cache on memory hot(un)plug
powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large address range
crypto: drbg - set freed buffers to NULL
ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
libceph: un-backoff on tick when we have a authenticated session
libceph: reschedule a tick in finish_hunting()
libceph: validate con->state at the top of try_write()
fpga-manager: altera-ps-spi: preserve nCONFIG state
earlycon: Use a pointer table to fix __earlycon_table stride
cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt
rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops
drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders
drm/i915: Enable display WA#1183 from its correct spot
objtool, perf: Fix GCC 8 -Wrestrict error
tools/lib/subcmd/pager.c: do not alias select() params
x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
x86/smpboot: Don't use mwait_play_dead() on AMD systems
x86/microcode/intel: Save microcode patch unconditionally
x86/microcode: Do not exit early from __reload_late()
tick/sched: Do not mess with an enqueued hrtimer
arm/arm64: KVM: Add PSCI version selection API
powerpc/eeh: Fix race with driver un/bind
Linux 4.14.39
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Lukas Czerner
|
ae0db58dab |
ext4: fix bitmap position validation
commit 22be37acce25d66ecf6403fc8f44df9c5ded2372 upstream. Currently in ext4_valid_block_bitmap() we expect the bitmap to be positioned anywhere between 0 and s_blocksize clusters, but that's wrong because the bitmap can be placed anywhere in the block group. This causes false positives when validating bitmaps on perfectly valid file system layouts. Fix it by checking whether the bitmap is within the group boundary. The problem can be reproduced using the following mkfs -t ext3 -E stride=256 /dev/vdb1 mount /dev/vdb1 /mnt/test cd /mnt/test wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz tar xf linux-4.16.3.tar.xz This will result in the warnings in the logs EXT4-fs error (device vdb1): ext4_validate_block_bitmap:399: comm tar: bg 84: block 2774529: invalid block bitmap [ Changed slightly for clarity and to not drop a overflow test -- TYT ] Signed-off-by: Lukas Czerner <lczerner@redhat.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reported-by: Ilya Dryomov <idryomov@gmail.com> Fixes: 7dac4a1726a9 ("ext4: add validity checks for bitmap block numbers") Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Theodore Ts'o
|
b39430ea06 |
ext4: add validity checks for bitmap block numbers
commit 7dac4a1726a9c64a517d595c40e95e2d0d135f6f upstream. An privileged attacker can cause a crash by mounting a crafted ext4 image which triggers a out-of-bounds read in the function ext4_valid_block_bitmap() in fs/ext4/balloc.c. This issue has been assigned CVE-2018-1093. BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=199181 BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1560782 Reported-by: Wen Xu <wen.xu@gatech.edu> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Theodore Ts'o
|
55cc3bb0a6 |
ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs
commit 7ef79ad52136712172eb0525bf0b462516bf2f93 upstream.
Fixes: a45403b51582 ("ext4: always initialize the crc32c checksum driver")
Reported-by: François Valenduc <francoisvalenduc@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Theodore Ts'o
|
4a3674acbf |
ext4: set h_journal if there is a failure starting a reserved handle
commit b2569260d55228b617bd82aba6d0db2faeeb4116 upstream. If ext4 tries to start a reserved handle via jbd2_journal_start_reserved(), and the journal has been aborted, this can result in a NULL pointer dereference. This is because the fields h_journal and h_transaction in the handle structure share the same memory, via a union, so jbd2_journal_start_reserved() will clear h_journal before calling start_this_handle(). If this function fails due to an aborted handle, h_journal will still be NULL, and the call to jbd2_journal_free_reserved() will pass a NULL journal to sub_reserve_credits(). This can be reproduced by running "kvm-xfstests -c dioread_nolock generic/475". Cc: stable@kernel.org # 3.11 Fixes: 8f7d89f36829b ("jbd2: transaction reservation support") Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Andreas Dilger <adilger@dilger.ca> Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Eric Biggers
|
1a538cb087 |
ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
commit 349fa7d6e1935f49bf4161c4900711b2989180a9 upstream.
During the "insert range" fallocate operation, extents starting at the
range offset are shifted "right" (to a higher file offset) by the range
length. But, as shown by syzbot, it's not validated that this doesn't
cause extents to be shifted beyond EXT_MAX_BLOCKS. In that case
->ee_block can wrap around, corrupting the extent tree.
Fix it by returning an error if the space between the end of the last
extent and EXT4_MAX_BLOCKS is smaller than the range being inserted.
This bug can be reproduced by running the following commands when the
current directory is on an ext4 filesystem with a 4k block size:
fallocate -l 8192 file
fallocate --keep-size -o 0xfffffffe000 -l 4096 -n file
fallocate --insert-range -l 8192 file
Then after unmounting the filesystem, e2fsck reports corruption.
Reported-by: syzbot+06c885be0edcdaeab40c@syzkaller.appspotmail.com
Fixes: 331573febb6a ("ext4: Add support FALLOC_FL_INSERT_RANGE for fallocate")
Cc: stable@vger.kernel.org # v4.2+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Isaac J. Manjarres
|
2f44069aee |
Merge remote-tracking branch 'remotes/origin/tmp-3f8d191' into msm-4.14
* remotes/origin/tmp-3f8d191:
Linux 4.14.38
ACPI / video: Only default only_lcd to true on Win8-ready _desktops_
s390/uprobes: implement arch_uretprobe_is_alive()
s390/dasd: fix IO error for newly defined devices
s390/cio: update chpid descriptor after resource accessibility event
tracing: Fix missing tab for hwlat_detector print format
block/swim: Fix IO error at end of medium
block/swim: Fix array bounds check
block/swim: Select appropriate drive on device open
block/swim: Rename macros to avoid inconsistent inverted logic
block/swim: Remove extra put_disk() call from error path
block/swim: Don't log an error message for an invalid ioctl
block/swim: Check drive type
m68k/mac: Don't remap SWIM MMIO region
fsnotify: Fix fsnotify_mark_connector race
cdrom: information leak in cdrom_ioctl_media_changed()
scsi: mptsas: Disable WRITE SAME
commoncap: Handle memory allocation failure.
Revert "mm/hmm: fix header file if/else/endif maze"
arm64: dts: rockchip: remove vdd_log from rk3399-puma
microblaze: Setup dependencies for ASM optimized lib functions
s390: correct module section names for expoline code revert
s390: correct nospec auto detection init order
s390: add sysfs attributes for spectre
s390: report spectre mitigation via syslog
s390: add automatic detection of the spectre defense
s390: move nobp parameter functions to nospec-branch.c
s390/entry.S: fix spurious zeroing of r0
s390: do not bypass BPENTER for interrupt system calls
s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*)
KVM: s390: force bp isolation for VSIE
s390: introduce execute-trampolines for branches
s390: run user space and KVM guests with modified branch prediction
s390: add options to change branch prediction behaviour for the kernel
s390/alternative: use a copy of the facility bit mask
s390: add optimized array_index_mask_nospec
s390: scrub registers on kernel entry and KVM exit
KVM: s390: wire up bpb feature
s390: enable CPU alternatives unconditionally
s390: introduce CPU alternatives
virtio_net: fix adding vids on big-endian
virtio_net: split out ctrl buffer
net: ethernet: ti: cpsw: fix tx vlan priority mapping
llc: fix NULL pointer deref for SOCK_ZAPPED
llc: hold llc_sap before release_sock()
net: sched: ife: check on metadata length
net: sched: ife: handle malformed tlv length
tcp: clear tp->packets_out when purging write queue
net: sched: ife: signal not finding metaid
strparser: Fix incorrect strp->need_bytes value.
amd-xgbe: Only use the SFP supported transceiver signals
strparser: Do not call mod_delayed_work with a timeout of LONG_MAX
amd-xgbe: Improve KR auto-negotiation and training
sctp: do not check port in sctp_inet6_cmp_addr
amd-xgbe: Add pre/post auto-negotiation phy hooks
vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
pppoe: check sockaddr length in pppoe_connect()
tipc: add policy for TIPC_NLA_NET_ADDR
packet: fix bitfield update race
team: fix netconsole setup over team
net/smc: fix shutdown in state SMC_LISTEN
team: avoid adding twice the same option to the event list
net: fix deadlock while clearing neighbor proxy table
tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets
net: af_packet: fix race in PACKET_{R|T}X_RING
tcp: don't read out-of-bounds opsize
llc: delete timers synchronously in llc_sk_free()
net: validate attribute sizes in neigh_dump_table()
l2tp: check sockaddr length in pppol2tp_connect()
KEYS: DNS: limit the length of option strings
ipv6: sr: fix NULL pointer dereference in seg6_do_srh_encap()- v4 pkts
ipv6: add RTA_TABLE and RTA_PREFSRC to rtm_ipv6_policy
bonding: do not set slave_dev npinfo before slave_enable_netpoll in bond_enslave
Revert "ath10k: send (re)assoc peer command when NSS changed"
tpm: add retry logic
tpm: tpm-interface: fix tpm_transmit/_cmd kdoc
tpm: cmd_ready command can be issued only after granting locality
i40e: Fix attach VF to VM issue
drm: bridge: dw-hdmi: Fix overflow workaround for Amlogic Meson GX SoCs
Revert "pinctrl: intel: Initialize GPIO properly when used through irqchip"
ANDROID: staging: lustre: fix filler function type
ANDROID: fs: gfs2: fix filler function type
ANDROID: fs: exofs: fix filler function type
ANDROID: fs: afs: fix filler function type
ANDROID: fs: nfs: fix filler function type
ANDROID: fs: fuse: fix filler function type mismatch
ANDROID: mm: fix filler function type mismatch
ANDROID: media-device: fix ioctl function types
ANDROID: v4l2-ioctl: fix function types for IOCTL_INFO_STD
ANDROID: arch/arm64/crypto: fix CFI in SHA CE
ANDROID: arm64: kvm: disable CFI
ANDROID: arm64: mark kpti_install_ng_mappings as __nocfi
ANDROID: arm64: disable CFI for cpu_replace_ttbr1
ANDROID: kallsyms: strip the .cfi postfix from symbols with CONFIG_CFI_CLANG
ANDROID: add support for clang Control Flow Integrity (CFI)
ANDROID: HACK: init: ensure initcall ordering with LTO
ANDROID: drivers/misc: disable LTO for lkdtm_rodata.o
ANDROID: arm64: vdso: disable LTO
FROMLIST: arm64: select ARCH_SUPPORTS_LTO_CLANG
FROMLIST: arm64: disable RANDOMIZE_MODULE_REGION_FULL with LTO_CLANG
ANDROID: arm64: disable ARM64_ERRATUM_843419 for clang LTO
ANDROID: arm64: pass code model to LLVMgold
FROMLIST: arm64: make mrs_s and msr_s macros work with LTO
FROMLIST: efi/libstub: disable LTO
FROMLIST: scripts/mod: disable LTO for empty.c
FROMLIST: kbuild: fix dynamic ftrace with clang LTO
FROMLIST: kbuild: add support for clang LTO
FROMLIST: arm64: fix -m for GNU gold
FROMLIST: arm64: add a workaround for GNU gold with ARM64_MODULE_PLTS
FROMLIST: arm64: explicitly pass --no-fix-cortex-a53-843419 to GNU gold
FROMLIST: kbuild: add __ld-ifversion and linker-specific macros
FROMLIST: kbuild: add ld-name macro
FROMLIST: arm64: keep .altinstructions and .altinstr_replacement
ANDROID: arm64: fix LD_DEAD_CODE_DATA_ELIMINATION
FROMLIST: kbuild: fix LD_DEAD_CODE_DATA_ELIMINATION
FROMLIST: kbuild: add __cc-ifversion and compiler-specific variants
UPSTREAM: console: Drop added "static" for newport_con
UPSTREAM: tracing: always define trace_{irq,preempt}_{enable_disable}
Conflicts:
Makefile
Change-Id: Ied1a215e68f428eff9c1911491a4e364ffd1f679
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
|
qctecmdr Service
|
309c887b38 | Merge "defconfig: qcs405: Enable CONFIG_NEON support for qcs405" | ||
Sami Tolvanen
|
3faaae7b99 |
ANDROID: fs: gfs2: fix filler function type
Bug: 67506682 Change-Id: I50a3f85965de6e041d0f40e7bf9c2ced15ccfd49 Signed-off-by: Sami Tolvanen <samitolvanen@google.com> |
||
|
Sami Tolvanen
|
982dcb70b2 |
ANDROID: fs: exofs: fix filler function type
Bug: 67506682 Change-Id: I42f297bfe07a1b7916790415f35ad4f2574ceec7 Signed-off-by: Sami Tolvanen <samitolvanen@google.com> |
||
|
Sami Tolvanen
|
cf1e629fd5 |
ANDROID: fs: afs: fix filler function type
Bug: 67506682 Change-Id: I76d208c8606ee5af144891d14bd309912d4d788d Signed-off-by: Sami Tolvanen <samitolvanen@google.com> |
||
|
Sami Tolvanen
|
5785368dfd |
ANDROID: fs: nfs: fix filler function type
Bug: 67506682 Change-Id: I04d4b1b9ab0720a4f342d6617dd132de8654b94c Signed-off-by: Sami Tolvanen <samitolvanen@google.com> |
||
|
Sami Tolvanen
|
f8a66951fe |
ANDROID: fs: fuse: fix filler function type mismatch
Bug: 67506682 Change-Id: Iabe7cdcc90dd2ea62976860531b8cbfcd76bd64b Signed-off-by: Sami Tolvanen <samitolvanen@google.com> |
||
|
Isaac J. Manjarres
|
4f5d011e6d |
Merge remote-tracking branch 'remotes/origin/tmp-bb60f28' into msm-4.14
* remotes/origin/tmp-bb60f28:
Linux 4.14.37
mac80211_hwsim: fix use-after-free bug in hwsim_exit_net
Revert "KVM: X86: Fix SMRAM accessing even if VM is shutdown"
RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs
perf: Return proper values for user stack errors
perf: Fix sample_max_stack maximum check
netfilter: x_tables: limit allocation requests for blob rule heads
netfilter: compat: reject huge allocation requests
netfilter: compat: prepare xt_compat_init_offsets to return errors
netfilter: x_tables: add counters allocation wrapper
netfilter: x_tables: cap allocations at 512 mbyte
alarmtimer: Init nanosleep alarm timer on stack
RDMA/core: Reduce poll batch for direct cq polling
irqchip/gic-v3: Change pr_debug message to pr_devel
cpumask: Make for_each_cpu_wrap() available on UP as well
irqchip/gic-v3: Ignore disabled ITS nodes
perf test: Fix test trace+probe_libc_inet_pton.sh for s390x
powerpc/powernv: IMC fix out of bounds memory access at shutdown
locking/qspinlock: Ensure node->count is updated before initialising node
x86/platform/UV: Fix GAM Range Table entries less than 1GB
powerpc/mm/hash64: Zero PGD pages on allocation
vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page
PM / wakeirq: Fix unbalanced IRQ enable for wakeirq
ACPI / EC: Restore polling during noirq suspend/resume phases
bpf: fix rlimit in reuseport net selftest
net: stmmac: discard disabled flags in interrupt status register
SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context
KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code
tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
net: Extra '_get' in declaration of arch_get_platform_mac_address
svcrdma: Fix Read chunk round-up
rxrpc: Don't put crypto buffers on the stack
selftests/ftrace: Add some missing glob checks
cpufreq: intel_pstate: Enable HWP during system resume on CPU0
bcache: return attach error when no cache set exist
bcache: fix for data collapse after re-attaching an attached device
bcache: fix for allocator and register thread race
bcache: properly set task state in bch_writeback_thread()
cifs: silence compiler warnings showing up with gcc-8.0.0
PM / domains: Fix up domain-idle-states OF parsing
proc: fix /proc/*/map_files lookup
arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
RDS: IB: Fix null pointer issue
bpf: sockmap, fix leaking maps with attached but not detached progs
xen/grant-table: Use put_page instead of free_page
xen-netfront: Fix race between device setup and open
perf evsel: Fix period/freq terms setup
MIPS: Generic: Support GIC in EIC mode
perf record: Fix period option handling
MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs
ACPI / bus: Do not call _STA on battery devices with unmet dependencies
ACPI: processor_perflib: Do not send _PPC change notification if not ready
firmware: dmi_scan: Fix handling of empty DMI strings
x86/dumpstack: Avoid uninitlized variable
x86/power: Fix swsusp_arch_resume prototype
netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure
s390/eadm: fix CONFIG_BLOCK include dependency
drm/nouveau/pmu/fuc: don't use movw directly anymore
IB/core: Map iWarp AH type to undefined in rdma_ah_find_type
IB/ipoib: Fix for potential no-carrier state
IB/hfi1: Fix for potential refcount leak in hfi1_open_file()
IB/hfi1: Re-order IRQ cleanup to address driver cleanup race
blk-mq: fix discard merge with scheduler attached
openvswitch: Remove padding from packet before L3+ conntrack processing
mm/fadvise: discard partial page if endbyte is also EOF
mm: pin address_space before dereferencing it while isolating an LRU page
mm: thp: use down_read_trylock() in khugepaged to avoid long block
sparc64: update pmdp_invalidate() to return old pmd value
asm-generic: provide generic_pmdp_establish()
mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
mm/mempolicy: fix the check of nodemask from user
ocfs2: return error when we attempt to access a dirty bh in jbd2
ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
fs/dax.c: release PMD lock even when there is no PMD support in DAX
x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested
kvm: Map PFN-type memory regions as writable (if possible)
tcp_nv: fix potential integer overflow in tcpnv_acked
netfilter: x_tables: fix pointer leaks to userspace
x86/hyperv: Check for required priviliges in hyperv_init()
gianfar: prevent integer wrapping in the rx handler
ntb_transport: Fix bug with max_mw_size parameter
RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
powerpc/numa: Ensure nodes initialized for hotplug
powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
samples/bpf: Partially fixes the bpf.o build
i40e: fix reported mask for ntuple filters
i40e: program fragmented IPv4 filter input set
ixgbe: don't set RXDCTL.RLPML for 82599
jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
RDMA/uverbs: Use an unambiguous errno for method not supported
crypto: artpec6 - remove select on non-existing CRYPTO_SHA384
device property: Define type of PROPERTY_ENRTY_*() macros
tty: serial: exar: Relocate sleep wake-up handling
x86/hyperv: Stop suppressing X86_FEATURE_PCID
fm10k: fix "failed to kill vid" message for VF
igb: Clear TXSTMP when ptp_tx_work() is timeout
igb: Allow to remove administratively set MAC on VFs
ASoC: rockchip: Use dummy_dai for rt5514 dsp dailink
blk-mq-debugfs: don't allow write on attributes with seq_operations set
KVM: s390: vsie: use READ_ONCE to access some SCB fields
platform/x86: thinkpad_acpi: suppress warning about palm detection
i40evf: ignore link up if not running
i40evf: Don't schedule reset_task when device is being removed
bpf: test_maps: cleanup sockmaps when test ends
block: Set BIO_TRACE_COMPLETION on new bio during split
nfp: fix error return code in nfp_pci_probe()
HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
Input: stmfts - set IRQ_NOAUTOEN to the irq flag
scsi: fas216: fix sense buffer initialization
scsi: devinfo: fix format of the device list
f2fs: avoid hungtask when GC encrypted block if io_bits is set
RDMA/cma: Check existence of netdevice during port validation
Btrfs: raid56: fix race between merge_bio and rbio_orig_end_io
Btrfs: fix unexpected EEXIST from btrfs_get_extent
btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP
Btrfs: fix scrub to repair raid6 corruption
btrfs: Fix out of bounds access in btrfs_search_slot
Btrfs: set plug for fsync
ipmi/powernv: Fix error return code in ipmi_powernv_probe()
mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
kconfig: Fix expr_free() E_NOT leak
kconfig: Fix automatic menu creation mem leak
kconfig: Don't leak main menus during parsing
watchdog: sp5100_tco: Fix watchdog disable bit
PCI: Add dummy pci_irqd_intx_xlate() for CONFIG_PCI=n build
MIPS: Fix clean of vmlinuz.{32,ecoff,bin,srec}
nfs: Do not convert nfs_idmap_cache_timeout to jiffies
IB/cq: Don't force IB_POLL_DIRECT poll context for ib_process_cq_direct
spi: a3700: Clear DATA_OUT when performing a read
net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
ubifs: Fix uninitialized variable in search_dh_cookie()
blk-mq: turn WARN_ON in __blk_mq_run_hw_queue into printk
dm mpath: return DM_MAPIO_REQUEUE on blk-mq rq allocation failure
dm thin: fix documentation relative to low water mark threshold
iommu/vt-d: Use domain instead of cache fetching
powerpc: System reset avoid interleaving oops using die synchronisation
iommu/exynos: Don't unconditionally steal bus ops
perf record: Fix failed memory allocation for get_cpuid_str
tools lib traceevent: Fix get_field_str() for dynamic strings
perf callchain: Fix attr.sample_max_stack setting
tools lib traceevent: Simplify pointer print logic and fix %pF
perf unwind: Do not look just at the global callchain_param.record_mode
scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout()
i40iw: Zero-out consumer key on allocate stag for FMR
i40iw: Free IEQ resources
Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes
libbpf: Makefile set specified permission mode
Input: psmouse - fix Synaptics detection when protocol is disabled
PCI: Add function 1 DMA alias quirk for Marvell 9128
selftest: ftrace: Fix to pick text symbols for kprobes
xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
platform/x86: dell-laptop: Filter out spurious keyboard backlight change events
KVM: s390: use created_vcpus in more places
tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460
KVM: PPC: Book3S HV: Enable migration of decrementer register
RDMA/core: Clarify rdma_ah_find_type
kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
ALSA: hda - Use IS_REACHABLE() for dependency on input
ACPI / LPSS: Do not instiate platform_dev for devs without MMIO resources
NFSv4: always set NFS_LOCK_LOST when a lock is lost.
x86/tsc: Allow TSC calibration without PIT
firewire-ohci: work around oversized DMA reads on JMicron controllers
usb: musb: Fix external abort in musb_remove on omap2430
usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
usb: musb: fix enumeration after resume
drm/i915/bxt, glk: Increase PCODE timeouts during CDCLK freq changing
drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state
drm/i915: Do no use kfree() to free a kmem_cache_alloc() return value
drm/i915/audio: Fix audio detection issue on GLK
drm/i915/gvt: throw error on unhandled vfio ioctls
drm/vc4: Fix memory leak during BO teardown
x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
clocksource/imx-tpm: Correct -ETIME return condition check
x86/acpi: Prevent X2APIC id 0xffffffff from being accounted
btrfs: fix unaligned access in readdir
cifs: do not allow creating sockets except with SMB1 posix exensions
UPSTREAM: module: Do not paper over type mismatches in module_param_call()
UPSTREAM: treewide: Fix function prototypes for module_param_call()
UPSTREAM: module: Prepare to convert all module_param_call() prototypes
UPSTREAM: kbuild: add clang-version.sh
UPSTREAM: console: Expand dummy functions for CFI
UPSTREAM: console: SisUSB2VGA: Drop dummy con_font_get()
ANDROID: sdcardfs: Set s_root to NULL after putting
ANDROID: sdcardfs: d_make_root calls iput
ANDROID: sdcardfs: Check for private data earlier
ANDROID: sched: Remove duplicate const specifier
Conflicts:
kernel/sched/sched.h
Change in module_param_call() definition requires alignment in:
drivers/hwtracing/coresight/coresight-event.c
drivers/power/reset/msm-poweroff.c
Change-Id: I0114d2226301af0b1775b37d79db5529653b135d
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
Avaneesh Kumar Dwivedi
|
45bade4adf |
fs: Add noinline to reduce core_sys_select stack size
Maximum stack size for arm32 devices is (configured by FRAME_WARN) 1024. Core_sys_select()'s stacksize (=1208) exceeds this limit. Adding noinline attribute to reduce stack size. Change-Id: I7dbbc99987baf57c91241f6972996541bec0a2c2 Signed-off-by: Avaneesh Kumar Dwivedi <akdwived@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
bb60f28e48 |
This is the 4.14.37 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlrhlZ8ACgkQONu9yGCS
aT6VhBAAkG3u95ECjzudalQDGkXvWoV7YDpBsAn+npc8NjNsiORZoEWZGofflbIm
mnZdNvEpEJ2hDin53NBRwEicY3SAREU5ym9xvApg4YPjYDUN4ENqQZHBgvswq6cP
BlOs7JNTDKSycrxbYyaamPQNr7QBV72/Y8nRcBlnrpVuSgjPNJWMTNs7Gie/mufu
MyzX2vQ0Yz+KAZAD4y1bzQ37ByR1/u+4r/1Hq/lHdVXbmBkGHxQq+OgQvScmKmC3
XpFv5J5NGUQHL5jGe7bCfrfhN7U84Codeur4bzJzqQ3O+RL2uu9eZDAkeSw3HbxG
YHRqGo5yi1lR33sazA92mBDxbteLUX+pDGMZ8LkfHqmMXhTMFCVWnxmDxMiji5G1
+xMjxXH4b5WOquyR+y7LoLvirkYNYJa2mkPDuSitgiTCVRh4o6aP5UziBLao9SRy
Uke1983VluEowQu8QSNjAX4vZUm7j44UKWWQqpqgjKV4PUr8iilPsG9Z3AoRqRV+
u8ZI2FqUGl7hG+XsfDIlc/0Qz72u/OluSkLnNAcSh5rAxHQIuDG2ELcGpwHm5yd9
SBclUH9/cDlfOnlvZKPVAIDFhc23Ez4i+IWmObQ4VsIsrOq0WSzj+oYnWsqeNNw9
NiDQwym4eGWGPs9+GMsKfVAmfpv1HjA0LM6/wNvzYaACU56Lp+o=
=5URr
-----END PGP SIGNATURE-----
Merge 4.14.37 into android-4.14
Changes in 4.14.37
cifs: do not allow creating sockets except with SMB1 posix exensions
btrfs: fix unaligned access in readdir
x86/acpi: Prevent X2APIC id 0xffffffff from being accounted
clocksource/imx-tpm: Correct -ETIME return condition check
x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
drm/vc4: Fix memory leak during BO teardown
drm/i915/gvt: throw error on unhandled vfio ioctls
drm/i915/audio: Fix audio detection issue on GLK
drm/i915: Do no use kfree() to free a kmem_cache_alloc() return value
drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state
drm/i915/bxt, glk: Increase PCODE timeouts during CDCLK freq changing
usb: musb: fix enumeration after resume
usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
usb: musb: Fix external abort in musb_remove on omap2430
firewire-ohci: work around oversized DMA reads on JMicron controllers
x86/tsc: Allow TSC calibration without PIT
NFSv4: always set NFS_LOCK_LOST when a lock is lost.
ACPI / LPSS: Do not instiate platform_dev for devs without MMIO resources
ALSA: hda - Use IS_REACHABLE() for dependency on input
ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
RDMA/core: Clarify rdma_ah_find_type
KVM: PPC: Book3S HV: Enable migration of decrementer register
netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460
tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
KVM: s390: use created_vcpus in more places
platform/x86: dell-laptop: Filter out spurious keyboard backlight change events
xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
selftest: ftrace: Fix to pick text symbols for kprobes
PCI: Add function 1 DMA alias quirk for Marvell 9128
Input: psmouse - fix Synaptics detection when protocol is disabled
libbpf: Makefile set specified permission mode
Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes
i40iw: Free IEQ resources
i40iw: Zero-out consumer key on allocate stag for FMR
scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout()
perf unwind: Do not look just at the global callchain_param.record_mode
tools lib traceevent: Simplify pointer print logic and fix %pF
perf callchain: Fix attr.sample_max_stack setting
tools lib traceevent: Fix get_field_str() for dynamic strings
perf record: Fix failed memory allocation for get_cpuid_str
iommu/exynos: Don't unconditionally steal bus ops
powerpc: System reset avoid interleaving oops using die synchronisation
iommu/vt-d: Use domain instead of cache fetching
dm thin: fix documentation relative to low water mark threshold
dm mpath: return DM_MAPIO_REQUEUE on blk-mq rq allocation failure
blk-mq: turn WARN_ON in __blk_mq_run_hw_queue into printk
ubifs: Fix uninitialized variable in search_dh_cookie()
net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
spi: a3700: Clear DATA_OUT when performing a read
IB/cq: Don't force IB_POLL_DIRECT poll context for ib_process_cq_direct
nfs: Do not convert nfs_idmap_cache_timeout to jiffies
MIPS: Fix clean of vmlinuz.{32,ecoff,bin,srec}
PCI: Add dummy pci_irqd_intx_xlate() for CONFIG_PCI=n build
watchdog: sp5100_tco: Fix watchdog disable bit
kconfig: Don't leak main menus during parsing
kconfig: Fix automatic menu creation mem leak
kconfig: Fix expr_free() E_NOT leak
mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
ipmi/powernv: Fix error return code in ipmi_powernv_probe()
Btrfs: set plug for fsync
btrfs: Fix out of bounds access in btrfs_search_slot
Btrfs: fix scrub to repair raid6 corruption
btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP
Btrfs: fix unexpected EEXIST from btrfs_get_extent
Btrfs: raid56: fix race between merge_bio and rbio_orig_end_io
RDMA/cma: Check existence of netdevice during port validation
f2fs: avoid hungtask when GC encrypted block if io_bits is set
scsi: devinfo: fix format of the device list
scsi: fas216: fix sense buffer initialization
Input: stmfts - set IRQ_NOAUTOEN to the irq flag
HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
nfp: fix error return code in nfp_pci_probe()
block: Set BIO_TRACE_COMPLETION on new bio during split
bpf: test_maps: cleanup sockmaps when test ends
i40evf: Don't schedule reset_task when device is being removed
i40evf: ignore link up if not running
platform/x86: thinkpad_acpi: suppress warning about palm detection
KVM: s390: vsie: use READ_ONCE to access some SCB fields
blk-mq-debugfs: don't allow write on attributes with seq_operations set
ASoC: rockchip: Use dummy_dai for rt5514 dsp dailink
igb: Allow to remove administratively set MAC on VFs
igb: Clear TXSTMP when ptp_tx_work() is timeout
fm10k: fix "failed to kill vid" message for VF
x86/hyperv: Stop suppressing X86_FEATURE_PCID
tty: serial: exar: Relocate sleep wake-up handling
device property: Define type of PROPERTY_ENRTY_*() macros
crypto: artpec6 - remove select on non-existing CRYPTO_SHA384
RDMA/uverbs: Use an unambiguous errno for method not supported
jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
ixgbe: don't set RXDCTL.RLPML for 82599
i40e: program fragmented IPv4 filter input set
i40e: fix reported mask for ntuple filters
samples/bpf: Partially fixes the bpf.o build
powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
powerpc/numa: Ensure nodes initialized for hotplug
RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
ntb_transport: Fix bug with max_mw_size parameter
gianfar: prevent integer wrapping in the rx handler
x86/hyperv: Check for required priviliges in hyperv_init()
netfilter: x_tables: fix pointer leaks to userspace
tcp_nv: fix potential integer overflow in tcpnv_acked
kvm: Map PFN-type memory regions as writable (if possible)
x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested
fs/dax.c: release PMD lock even when there is no PMD support in DAX
ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
ocfs2: return error when we attempt to access a dirty bh in jbd2
mm/mempolicy: fix the check of nodemask from user
mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
asm-generic: provide generic_pmdp_establish()
sparc64: update pmdp_invalidate() to return old pmd value
mm: thp: use down_read_trylock() in khugepaged to avoid long block
mm: pin address_space before dereferencing it while isolating an LRU page
mm/fadvise: discard partial page if endbyte is also EOF
openvswitch: Remove padding from packet before L3+ conntrack processing
blk-mq: fix discard merge with scheduler attached
IB/hfi1: Re-order IRQ cleanup to address driver cleanup race
IB/hfi1: Fix for potential refcount leak in hfi1_open_file()
IB/ipoib: Fix for potential no-carrier state
IB/core: Map iWarp AH type to undefined in rdma_ah_find_type
drm/nouveau/pmu/fuc: don't use movw directly anymore
s390/eadm: fix CONFIG_BLOCK include dependency
netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure
x86/power: Fix swsusp_arch_resume prototype
x86/dumpstack: Avoid uninitlized variable
firmware: dmi_scan: Fix handling of empty DMI strings
ACPI: processor_perflib: Do not send _PPC change notification if not ready
ACPI / bus: Do not call _STA on battery devices with unmet dependencies
ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs
bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
perf record: Fix period option handling
MIPS: Generic: Support GIC in EIC mode
perf evsel: Fix period/freq terms setup
xen-netfront: Fix race between device setup and open
xen/grant-table: Use put_page instead of free_page
bpf: sockmap, fix leaking maps with attached but not detached progs
RDS: IB: Fix null pointer issue
arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
proc: fix /proc/*/map_files lookup
PM / domains: Fix up domain-idle-states OF parsing
cifs: silence compiler warnings showing up with gcc-8.0.0
bcache: properly set task state in bch_writeback_thread()
bcache: fix for allocator and register thread race
bcache: fix for data collapse after re-attaching an attached device
bcache: return attach error when no cache set exist
cpufreq: intel_pstate: Enable HWP during system resume on CPU0
selftests/ftrace: Add some missing glob checks
rxrpc: Don't put crypto buffers on the stack
svcrdma: Fix Read chunk round-up
net: Extra '_get' in declaration of arch_get_platform_mac_address
tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code
SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context
net: stmmac: discard disabled flags in interrupt status register
bpf: fix rlimit in reuseport net selftest
ACPI / EC: Restore polling during noirq suspend/resume phases
PM / wakeirq: Fix unbalanced IRQ enable for wakeirq
vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page
powerpc/mm/hash64: Zero PGD pages on allocation
x86/platform/UV: Fix GAM Range Table entries less than 1GB
locking/qspinlock: Ensure node->count is updated before initialising node
powerpc/powernv: IMC fix out of bounds memory access at shutdown
perf test: Fix test trace+probe_libc_inet_pton.sh for s390x
irqchip/gic-v3: Ignore disabled ITS nodes
cpumask: Make for_each_cpu_wrap() available on UP as well
irqchip/gic-v3: Change pr_debug message to pr_devel
RDMA/core: Reduce poll batch for direct cq polling
alarmtimer: Init nanosleep alarm timer on stack
netfilter: x_tables: cap allocations at 512 mbyte
netfilter: x_tables: add counters allocation wrapper
netfilter: compat: prepare xt_compat_init_offsets to return errors
netfilter: compat: reject huge allocation requests
netfilter: x_tables: limit allocation requests for blob rule heads
perf: Fix sample_max_stack maximum check
perf: Return proper values for user stack errors
RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs
Revert "KVM: X86: Fix SMRAM accessing even if VM is shutdown"
mac80211_hwsim: fix use-after-free bug in hwsim_exit_net
Linux 4.14.37
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Jia Zhang
|
f4d6e4598a |
vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page
[ Upstream commit 595dd46ebfc10be041a365d0a3fa99df50b6ba73 ]
Commit:
df04abfd181a ("fs/proc/kcore.c: Add bounce buffer for ktext data")
... introduced a bounce buffer to work around CONFIG_HARDENED_USERCOPY=y.
However, accessing the vsyscall user page will cause an SMAP fault.
Replace memcpy() with copy_from_user() to fix this bug works, but adding
a common way to handle this sort of user page may be useful for future.
Currently, only vsyscall page requires KCORE_USER.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
Reviewed-by: Jiri Olsa <jolsa@kernel.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: jolsa@redhat.com
Link: http://lkml.kernel.org/r/1518446694-21124-2-git-send-email-zhang.jia@linux.alibaba.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Arnd Bergmann
|
05921c492f |
cifs: silence compiler warnings showing up with gcc-8.0.0
[ Upstream commit ade7db991b47ab3016a414468164f4966bd08202 ]
This bug was fixed before, but came up again with the latest
compiler in another function:
fs/cifs/cifssmb.c: In function 'CIFSSMBSetEA':
fs/cifs/cifssmb.c:6362:3: error: 'strncpy' offset 8 is out of the bounds [0, 4] [-Werror=array-bounds]
strncpy(parm_data->list[0].name, ea_name, name_len);
Let's apply the same fix that was used for the other instances.
Fixes: b2a3ad9ca502 ("cifs: silence compiler warnings showing up with gcc-4.7.0")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Steve French <smfrench@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Alexey Dobriyan
|
05e52e5bd1 |
proc: fix /proc/*/map_files lookup
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ] Current code does: if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2) However sscanf() is broken garbage. It silently accepts whitespace between format specifiers (did you know that?). It silently accepts valid strings which result in integer overflow. Do not use sscanf() for any even remotely reliable parsing code. OK # readlink '/proc/1/map_files/55a23af39000-55a23b05b000' /lib/systemd/systemd broken # readlink '/proc/1/map_files/ 55a23af39000-55a23b05b000' /lib/systemd/systemd broken # readlink '/proc/1/map_files/55a23af39000-55a23b05b000 ' /lib/systemd/systemd very broken # readlink '/proc/1/map_files/1000000000000000055a23af39000-55a23b05b000' /lib/systemd/systemd Andrei said: : This patch breaks criu. It was a bug in criu. And this bug is on a minor : path, which works when memfd_create() isn't available. It is a reason why : I ask to not backport this patch to stable kernels. : : In CRIU this bug can be triggered, only if this patch will be backported : to a kernel which version is lower than v3.16. Link: http://lkml.kernel.org/r/20171120212706.GA14325@avx2 Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: Pavel Emelyanov <xemul@openvz.org> Cc: Andrei Vagin <avagin@virtuozzo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |