mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
1725 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Christian Brauner
|
c8b9b2c5cc |
BACKPORT: signal: add pidfd_send_signal() syscall
The kill() syscall operates on process identifiers (pid). After a process
has exited its pid can be reused by another process. If a caller sends a
signal to a reused pid it will end up signaling the wrong process. This
issue has often surfaced and there has been a push to address this problem [1].
This patch uses file descriptors (fd) from proc/<pid> as stable handles on
struct pid. Even if a pid is recycled the handle will not change. The fd
can be used to send signals to the process it refers to.
Thus, the new syscall pidfd_send_signal() is introduced to solve this
problem. Instead of pids it operates on process fds (pidfd).
/* prototype and argument /*
long pidfd_send_signal(int pidfd, int sig, siginfo_t *info, unsigned int flags);
/* syscall number 424 */
The syscall number was chosen to be 424 to align with Arnd's rework in his
y2038 to minimize merge conflicts (cf. [25]).
In addition to the pidfd and signal argument it takes an additional
siginfo_t and flags argument. If the siginfo_t argument is NULL then
pidfd_send_signal() is equivalent to kill(<positive-pid>, <signal>). If it
is not NULL pidfd_send_signal() is equivalent to rt_sigqueueinfo().
The flags argument is added to allow for future extensions of this syscall.
It currently needs to be passed as 0. Failing to do so will cause EINVAL.
/* pidfd_send_signal() replaces multiple pid-based syscalls */
The pidfd_send_signal() syscall currently takes on the job of
rt_sigqueueinfo(2) and parts of the functionality of kill(2), Namely, when a
positive pid is passed to kill(2). It will however be possible to also
replace tgkill(2) and rt_tgsigqueueinfo(2) if this syscall is extended.
/* sending signals to threads (tid) and process groups (pgid) */
Specifically, the pidfd_send_signal() syscall does currently not operate on
process groups or threads. This is left for future extensions.
In order to extend the syscall to allow sending signal to threads and
process groups appropriately named flags (e.g. PIDFD_TYPE_PGID, and
PIDFD_TYPE_TID) should be added. This implies that the flags argument will
determine what is signaled and not the file descriptor itself. Put in other
words, grouping in this api is a property of the flags argument not a
property of the file descriptor (cf. [13]). Clarification for this has been
requested by Eric (cf. [19]).
When appropriate extensions through the flags argument are added then
pidfd_send_signal() can additionally replace the part of kill(2) which
operates on process groups as well as the tgkill(2) and
rt_tgsigqueueinfo(2) syscalls.
How such an extension could be implemented has been very roughly sketched
in [14], [15], and [16]. However, this should not be taken as a commitment
to a particular implementation. There might be better ways to do it.
Right now this is intentionally left out to keep this patchset as simple as
possible (cf. [4]).
/* naming */
The syscall had various names throughout iterations of this patchset:
- procfd_signal()
- procfd_send_signal()
- taskfd_send_signal()
In the last round of reviews it was pointed out that given that if the
flags argument decides the scope of the signal instead of different types
of fds it might make sense to either settle for "procfd_" or "pidfd_" as
prefix. The community was willing to accept either (cf. [17] and [18]).
Given that one developer expressed strong preference for the "pidfd_"
prefix (cf. [13]) and with other developers less opinionated about the name
we should settle for "pidfd_" to avoid further bikeshedding.
The "_send_signal" suffix was chosen to reflect the fact that the syscall
takes on the job of multiple syscalls. It is therefore intentional that the
name is not reminiscent of neither kill(2) nor rt_sigqueueinfo(2). Not the
fomer because it might imply that pidfd_send_signal() is a replacement for
kill(2), and not the latter because it is a hassle to remember the correct
spelling - especially for non-native speakers - and because it is not
descriptive enough of what the syscall actually does. The name
"pidfd_send_signal" makes it very clear that its job is to send signals.
/* zombies */
Zombies can be signaled just as any other process. No special error will be
reported since a zombie state is an unreliable state (cf. [3]). However,
this can be added as an extension through the @flags argument if the need
ever arises.
/* cross-namespace signals */
The patch currently enforces that the signaler and signalee either are in
the same pid namespace or that the signaler's pid namespace is an ancestor
of the signalee's pid namespace. This is done for the sake of simplicity
and because it is unclear to what values certain members of struct
siginfo_t would need to be set to (cf. [5], [6]).
/* compat syscalls */
It became clear that we would like to avoid adding compat syscalls
(cf. [7]). The compat syscall handling is now done in kernel/signal.c
itself by adding __copy_siginfo_from_user_generic() which lets us avoid
compat syscalls (cf. [8]). It should be noted that the addition of
__copy_siginfo_from_user_any() is caused by a bug in the original
implementation of rt_sigqueueinfo(2) (cf. 12).
With upcoming rework for syscall handling things might improve
significantly (cf. [11]) and __copy_siginfo_from_user_any() will not gain
any additional callers.
/* testing */
This patch was tested on x64 and x86.
/* userspace usage */
An asciinema recording for the basic functionality can be found under [9].
With this patch a process can be killed via:
#define _GNU_SOURCE
#include <errno.h>
#include <fcntl.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>
static inline int do_pidfd_send_signal(int pidfd, int sig, siginfo_t *info,
unsigned int flags)
{
#ifdef __NR_pidfd_send_signal
return syscall(__NR_pidfd_send_signal, pidfd, sig, info, flags);
#else
return -ENOSYS;
#endif
}
int main(int argc, char *argv[])
{
int fd, ret, saved_errno, sig;
if (argc < 3)
exit(EXIT_FAILURE);
fd = open(argv[1], O_DIRECTORY | O_CLOEXEC);
if (fd < 0) {
printf("%s - Failed to open \"%s\"\n", strerror(errno), argv[1]);
exit(EXIT_FAILURE);
}
sig = atoi(argv[2]);
printf("Sending signal %d to process %s\n", sig, argv[1]);
ret = do_pidfd_send_signal(fd, sig, NULL, 0);
saved_errno = errno;
close(fd);
errno = saved_errno;
if (ret < 0) {
printf("%s - Failed to send signal %d to process %s\n",
strerror(errno), sig, argv[1]);
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}
/* Q&A
* Given that it seems the same questions get asked again by people who are
* late to the party it makes sense to add a Q&A section to the commit
* message so it's hopefully easier to avoid duplicate threads.
*
* For the sake of progress please consider these arguments settled unless
* there is a new point that desperately needs to be addressed. Please make
* sure to check the links to the threads in this commit message whether
* this has not already been covered.
*/
Q-01: (Florian Weimer [20], Andrew Morton [21])
What happens when the target process has exited?
A-01: Sending the signal will fail with ESRCH (cf. [22]).
Q-02: (Andrew Morton [21])
Is the task_struct pinned by the fd?
A-02: No. A reference to struct pid is kept. struct pid - as far as I
understand - was created exactly for the reason to not require to
pin struct task_struct (cf. [22]).
Q-03: (Andrew Morton [21])
Does the entire procfs directory remain visible? Just one entry
within it?
A-03: The same thing that happens right now when you hold a file descriptor
to /proc/<pid> open (cf. [22]).
Q-04: (Andrew Morton [21])
Does the pid remain reserved?
A-04: No. This patchset guarantees a stable handle not that pids are not
recycled (cf. [22]).
Q-05: (Andrew Morton [21])
Do attempts to signal that fd return errors?
A-05: See {Q,A}-01.
Q-06: (Andrew Morton [22])
Is there a cleaner way of obtaining the fd? Another syscall perhaps.
A-06: Userspace can already trivially retrieve file descriptors from procfs
so this is something that we will need to support anyway. Hence,
there's no immediate need to add another syscalls just to make
pidfd_send_signal() not dependent on the presence of procfs. However,
adding a syscalls to get such file descriptors is planned for a
future patchset (cf. [22]).
Q-07: (Andrew Morton [21] and others)
This fd-for-a-process sounds like a handy thing and people may well
think up other uses for it in the future, probably unrelated to
signals. Are the code and the interface designed to permit such
future applications?
A-07: Yes (cf. [22]).
Q-08: (Andrew Morton [21] and others)
Now I think about it, why a new syscall? This thing is looking
rather like an ioctl?
A-08: This has been extensively discussed. It was agreed that a syscall is
preferred for a variety or reasons. Here are just a few taken from
prior threads. Syscalls are safer than ioctl()s especially when
signaling to fds. Processes are a core kernel concept so a syscall
seems more appropriate. The layout of the syscall with its four
arguments would require the addition of a custom struct for the
ioctl() thereby causing at least the same amount or even more
complexity for userspace than a simple syscall. The new syscall will
replace multiple other pid-based syscalls (see description above).
The file-descriptors-for-processes concept introduced with this
syscall will be extended with other syscalls in the future. See also
[22], [23] and various other threads already linked in here.
Q-09: (Florian Weimer [24])
What happens if you use the new interface with an O_PATH descriptor?
A-09:
pidfds opened as O_PATH fds cannot be used to send signals to a
process (cf. [2]). Signaling processes through pidfds is the
equivalent of writing to a file. Thus, this is not an operation that
operates "purely at the file descriptor level" as required by the
open(2) manpage. See also [4].
/* References */
[1]: https://lore.kernel.org/lkml/20181029221037.87724-1-dancol@google.com/
[2]: https://lore.kernel.org/lkml/874lbtjvtd.fsf@oldenburg2.str.redhat.com/
[3]: https://lore.kernel.org/lkml/20181204132604.aspfupwjgjx6fhva@brauner.io/
[4]: https://lore.kernel.org/lkml/20181203180224.fkvw4kajtbvru2ku@brauner.io/
[5]: https://lore.kernel.org/lkml/20181121213946.GA10795@mail.hallyn.com/
[6]: https://lore.kernel.org/lkml/20181120103111.etlqp7zop34v6nv4@brauner.io/
[7]: https://lore.kernel.org/lkml/36323361-90BD-41AF-AB5B-EE0D7BA02C21@amacapital.net/
[8]: https://lore.kernel.org/lkml/87tvjxp8pc.fsf@xmission.com/
[9]: https://asciinema.org/a/IQjuCHew6bnq1cr78yuMv16cy
[11]: https://lore.kernel.org/lkml/F53D6D38-3521-4C20-9034-5AF447DF62FF@amacapital.net/
[12]: https://lore.kernel.org/lkml/87zhtjn8ck.fsf@xmission.com/
[13]: https://lore.kernel.org/lkml/871s6u9z6u.fsf@xmission.com/
[14]: https://lore.kernel.org/lkml/20181206231742.xxi4ghn24z4h2qki@brauner.io/
[15]: https://lore.kernel.org/lkml/20181207003124.GA11160@mail.hallyn.com/
[16]: https://lore.kernel.org/lkml/20181207015423.4miorx43l3qhppfz@brauner.io/
[17]: https://lore.kernel.org/lkml/CAGXu5jL8PciZAXvOvCeCU3wKUEB_dU-O3q0tDw4uB_ojMvDEew@mail.gmail.com/
[18]: https://lore.kernel.org/lkml/20181206222746.GB9224@mail.hallyn.com/
[19]: https://lore.kernel.org/lkml/20181208054059.19813-1-christian@brauner.io/
[20]: https://lore.kernel.org/lkml/8736rebl9s.fsf@oldenburg.str.redhat.com/
[21]: https://lore.kernel.org/lkml/20181228152012.dbf0508c2508138efc5f2bbe@linux-foundation.org/
[22]: https://lore.kernel.org/lkml/20181228233725.722tdfgijxcssg76@brauner.io/
[23]: https://lwn.net/Articles/773459/
[24]: https://lore.kernel.org/lkml/8736rebl9s.fsf@oldenburg.str.redhat.com/
[25]: https://lore.kernel.org/lkml/CAK8P3a0ej9NcJM8wXNPbcGUyOUZYX+VLoDFdbenW3s3114oQZw@mail.gmail.com/
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jann Horn <jannh@google.com>
Cc: Andy Lutomirsky <luto@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Christian Brauner <christian@brauner.io>
Reviewed-by: Tycho Andersen <tycho@tycho.ws>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: David Howells <dhowells@redhat.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Serge Hallyn <serge@hallyn.com>
Acked-by: Aleksa Sarai <cyphar@cyphar.com>
(cherry picked from commit 3eb39f47934f9d5a3027fe00d906a45fe3a15fad)
Conflicts:
arch/x86/entry/syscalls/syscall_32.tbl - trivial manual merge
arch/x86/entry/syscalls/syscall_64.tbl - trivial manual merge
include/linux/proc_fs.h - trivial manual merge
include/linux/syscalls.h - trivial manual merge
include/uapi/asm-generic/unistd.h - trivial manual merge
kernel/signal.c - struct kernel_siginfo does not exist in 4.14
kernel/sys_ni.c - cond_syscall is used instead of COND_SYSCALL
arch/x86/entry/syscalls/syscall_32.tbl
arch/x86/entry/syscalls/syscall_64.tbl
(1. manual merges because of 4.14 differences
2. change prepare_kill_siginfo() to use struct siginfo instead of
kernel_siginfo
3. use copy_from_user() instead of copy_siginfo_from_user() in copy_siginfo_from_user_any()
4. replaced COND_SYSCALL with cond_syscall
5. Removed __ia32_sys_pidfd_send_signal in arch/x86/entry/syscalls/syscall_32.tbl.
6. Replaced __x64_sys_pidfd_send_signal with sys_pidfd_send_signal in arch/x86/entry/syscalls/syscall_64.tbl.)
Bug: 135608568
Test: test program using syscall(__NR_pidfd_send_signal,..) to send SIGKILL
Change-Id: I34da11c63ac8cafb0353d9af24c820cef519ec27
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
|
||
Greg Kroah-Hartman
|
a5847ae74b |
This is the 4.14.135 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1BJxsACgkQONu9yGCS
aT4wBxAAymuWVXtmeWFQSFNji/RAJcHBAOvydIRMr7vwCXpojuRerNolo7WibM/B
Mgx2OISn0d8rg98Cc3wiM6WUN9AeHr3lSWXORg3iBr0zP+ZO5Vs0Y2w9gueEJS+i
egMvi2KZyS3Esrfmxv62pJ9DIVqyPVlvzN/Y79BARcwIeZOt+puycR5XV3WROzX9
Wy2JBz5f56m9qzPGKXGRLlvq7LghZ5EbyFoIb/fj9K6pFdVBrpSEOeocCQos9IEz
0+1TiWAkqOGLGZWJ3CFW/6Nbn1JO3hZpIgqxVczZXR+4UVhR+yniHUzZ20g89DzE
mmprjKGv/8/7pXyXtGhjXuaZN5r1ldUje5SZf1X7SzxLuABSKIHykYJjKUQY2O3b
8tpPULGA77V7Ww4TtyRLeOVPqaVslWFgLP6snyileSdoxfISebo2KptQn0pmuFX2
Y0ePPot/aHHXmhrn5mAY9UZO9etqko8LjvVHDOsQQ99GJJ1BAz73w+wkKDtHXGuo
iqUlSSW2YpThnAkufUlyhk10y6itGmy0P7GSrw8PCd9As2/LAz6c9+8+NPp/2P2Z
Ffl2q7eUCqb0HixAnq5KqcPDSVdyqVtQ7XeN3lAEWVGmwpiu2xyuZgpQyT5FRqOZ
mLYHZJF7FEZOZo+hkbH4O6j3umJ0QFJakVwrEiQ/ha0yLZpS3OM=
=u0hP
-----END PGP SIGNATURE-----
Merge 4.14.135 into android-4.14
Changes in 4.14.135
MIPS: ath79: fix ar933x uart parity mode
MIPS: fix build on non-linux hosts
arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
scsi: iscsi: set auth_protocol back to NULL if CHAP_A value is not supported
dmaengine: imx-sdma: fix use-after-free on probe error path
wil6210: fix potential out-of-bounds read
ath10k: Do not send probe response template for mesh
ath9k: Check for errors when reading SREV register
ath6kl: add some bounds checking
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
batman-adv: fix for leaked TVLV handler.
media: dvb: usb: fix use after free in dvb_usb_device_exit
media: spi: IR LED: add missing of table registration
crypto: talitos - fix skcipher failure due to wrong output IV
media: marvell-ccic: fix DMA s/g desc number calculation
media: vpss: fix a potential NULL pointer dereference
media: media_device_enum_links32: clean a reserved field
net: stmmac: dwmac1000: Clear unused address entries
net: stmmac: dwmac4/5: Clear unused address entries
qed: Set the doorbell address correctly
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
af_key: fix leaks in key_pol_get_resp and dump_sp.
xfrm: Fix xfrm sel prefix length validation
fscrypt: clean up some BUG_ON()s in block encryption/decryption
media: mc-device.c: don't memset __user pointer contents
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
net: phy: Check against net_device being NULL
crypto: talitos - properly handle split ICV.
crypto: talitos - Align SEC1 accesses to 32 bits boundaries.
tua6100: Avoid build warnings.
locking/lockdep: Fix merging of hlocks with non-zero references
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
cpupower : frequency-set -r option misses the last cpu in related cpu list
net: stmmac: dwmac4: fix flow control issue
net: fec: Do not use netdev messages too early
net: axienet: Fix race condition causing TX hang
s390/qdio: handle PENDING state for QEBSM devices
RAS/CEC: Fix pfn insertion
net: sfp: add mutex to prevent concurrent state checks
ipset: Fix memory accounting for hash types on resize
perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
perf test 6: Fix missing kvm module load for s390
media: fdp1: Support M3N and E3 platforms
iommu: Fix a leak in iommu_insert_resv_region
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
gpio: omap: ensure irq is enabled before wakeup
regmap: fix bulk writes on paged registers
bpf: silence warning messages in core
rcu: Force inlining of rcu_read_lock()
x86/cpufeatures: Add FDP_EXCPTN_ONLY and ZERO_FCS_FDS
blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration
xfrm: fix sa selector validation
sched/core: Add __sched tag for io_schedule()
x86/atomic: Fix smp_mb__{before,after}_atomic()
perf evsel: Make perf_evsel__name() accept a NULL argument
vhost_net: disable zerocopy by default
ipoib: correcly show a VF hardware address
EDAC/sysfs: Fix memory leak when creating a csrow object
ipsec: select crypto ciphers for xfrm_algo
ipvs: defer hook registration to avoid leaks
media: s5p-mfc: Make additional clocks optional
media: i2c: fix warning same module names
ntp: Limit TAI-UTC offset
timer_list: Guard procfs specific code
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
media: coda: fix mpeg2 sequence number handling
media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP
media: coda: increment sequence offset for the last returned frame
media: vimc: cap: check v4l2_fill_pixfmt return value
media: hdpvr: fix locking and a missing msleep
rtlwifi: rtl8192cu: fix error handle when usb probe failed
mt7601u: do not schedule rx_tasklet when the device has been disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: fix possible memory leak when the device is disconnected
ipvs: fix tinfo memory leak in start_sync_thread
ath10k: add missing error handling
ath10k: fix PCIE device wake up failed
perf tools: Increase MAX_NR_CPUS and MAX_CACHES
libata: don't request sense data on !ZAC ATA devices
clocksource/drivers/exynos_mct: Increase priority over ARM arch timer
rslib: Fix decoding of shortened codes
rslib: Fix handling of of caller provided syndrome
ixgbe: Check DDM existence in transceiver before access
crypto: serpent - mark __serpent_setkey_sbox noinline
crypto: asymmetric_keys - select CRYPTO_HASH where needed
EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
net: hns3: fix a -Wformat-nonliteral compile warning
net: hns3: add some error checking in hclge_tm module
ath10k: destroy sdio workqueue while remove sdio module
iwlwifi: mvm: Drop large non sta frames
perf stat: Make metric event lookup more robust
net: usb: asix: init MAC address buffers
gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
Bluetooth: 6lowpan: search for destination address in all peers
Bluetooth: Check state in l2cap_disconnect_rsp
gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable()
Bluetooth: validate BLE connection interval updates
gtp: fix suspicious RCU usage
gtp: fix Illegal context switch in RCU read-side critical section.
gtp: fix use-after-free in gtp_encap_destroy()
gtp: fix use-after-free in gtp_newlink()
net: mvmdio: defer probe of orion-mdio if a clock is not ready
iavf: fix dereference of null rx_buffer pointer
floppy: fix div-by-zero in setup_format_params
floppy: fix out-of-bounds read in next_valid_format
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in copy_buffer
xen: let alloc_xenballooned_pages() fail if not enough memory free
scsi: NCR5380: Reduce goto statements in NCR5380_select()
scsi: NCR5380: Always re-enable reselection interrupt
Revert "scsi: ncr5380: Increase register polling limit"
scsi: core: Fix race on creating sense cache
scsi: megaraid_sas: Fix calculation of target ID
scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
scsi: mac_scsi: Fix pseudo DMA implementation, take 2
crypto: ghash - fix unaligned memory access in ghash_setkey()
crypto: ccp - Validate the the error value used to index error messages
crypto: arm64/sha1-ce - correct digest for empty data in finup
crypto: arm64/sha2-ce - correct digest for empty data in finup
crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
crypto: ccp - memset structure fields to zero before reuse
crypto: ccp/gcm - use const time tag comparison.
crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
Input: gtco - bounds check collection indent level
Input: alps - don't handle ALPS cs19 trackpoint-only device
Input: synaptics - whitelist Lenovo T580 SMBus intertouch
Input: alps - fix a mismatch between a condition check and its comment
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
arm64: tegra: Update Jetson TX1 GPU regulator timings
iwlwifi: pcie: don't service an interrupt that was masked
iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X
NFSv4: Handle the special Linux file open access mode
pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error
lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
ASoC: dapm: Adapt for debugfs API change
ALSA: seq: Break too long mutex context in the write loop
ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine
media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
media: coda: Remove unbalanced and unneeded mutex unlock
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
arm64: tegra: Fix AGIC register range
fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.
drm/nouveau/i2c: Enable i2c pads & busses during preinit
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
dm zoned: fix zone state management race
xen/events: fix binding user event channels to cpus
9p/xen: Add cleanup path in p9_trans_xen_init
9p/virtio: Add cleanup path in p9_virtio_init
x86/boot: Fix memory leak in default_get_smp_config()
perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs
perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs
intel_th: pci: Add Ice Lake NNPI support
PCI: Do not poll for PME if the device is in D3cold
Btrfs: fix data loss after inode eviction, renaming it, and fsync it
Btrfs: fix fsync not persisting dentry deletions due to inode evictions
Btrfs: add missing inode version, ctime and mtime updates when punching hole
HID: wacom: generic: only switch the mode on devices with LEDs
HID: wacom: correct touch resolution x/y typo
libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
coda: pass the host file in vma->vm_file on mmap
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
crypto: caam - limit output IV to CBC to work around CTR mode DMA issue
parisc: Ensure userspace privilege for ptraced processes in regset functions
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
powerpc/watchpoint: Restore NV GPRs while returning from exception
eCryptfs: fix a couple type promotion bugs
intel_th: msu: Fix single mode with disabled IOMMU
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
usb: Handle USB3 remote wakeup for LPM enabled devices correctly
net: mvmdio: allow up to four clocks to be specified for orion-mdio
dt-bindings: allow up to four clocks for orion-mdio
dm bufio: fix deadlock with loop device
compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
compiler.h: Add read_word_at_a_time() function.
lib/strscpy: Shut up KASAN false-positives in strscpy()
bnx2x: Prevent load reordering in tx completion processing
bnx2x: Prevent ptp_task to be rescheduled indefinitely
caif-hsi: fix possible deadlock in cfhsi_exit_module()
igmp: fix memory leak in igmpv3_del_delrec()
ipv4: don't set IPv6 only flags to IPv4 addresses
net: bcmgenet: use promisc for unsupported filters
net: dsa: mv88e6xxx: wait after reset deactivation
net: neigh: fix multiple neigh timer scheduling
net: openvswitch: fix csum updates for MPLS actions
nfc: fix potential illegal memory access
rxrpc: Fix send on a connected, but unbound socket
sky2: Disable MSI on ASUS P6T
vrf: make sure skb->data contains ip header to make routing
macsec: fix use-after-free of skb during RX
macsec: fix checksumming after decryption
netrom: fix a memory leak in nr_rx_frame()
netrom: hold sock when setting skb->destructor
bonding: validate ip header before check IPPROTO_IGMP
net: make skb_dst_force return true when dst is refcounted
tcp: fix tcp_set_congestion_control() use from bpf hook
tcp: Reset bytes_acked and bytes_received when disconnecting
net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net: bridge: stp: don't cache eth dest pointer before skb pull
dma-buf: balance refcount inbalance
dma-buf: Discard old fence_excl on retrying get_fences_rcu for realloc
MIPS: lb60: Fix pin mappings
ext4: don't allow any modifications to an immutable file
ext4: enforce the immutable flag on open files
mm: add filemap_fdatawait_range_keep_errors()
jbd2: introduce jbd2_inode dirty range scoping
ext4: use jbd2_inode dirty range scoping
ext4: allow directory holes
mm: vmscan: scan anonymous pages on file refaults
perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id
NFSv4: Fix open create exclusive when the server reboots
nfsd: increase DRC cache limit
nfsd: give out fewer session slots as limit approaches
nfsd: fix performance-limiting session calculation
nfsd: Fix overflow causing non-working mounts on 1 TB machines
hvsock: fix epollout hang from race condition
drm/panel: simple: Fix panel_simple_dsi_probe
usb: core: hub: Disable hub-initiated U1/U2
tty: max310x: Fix invalid baudrate divisors calculator
pinctrl: rockchip: fix leaked of_node references
tty: serial: cpm_uart - fix init when SMC is relocated
drm/edid: Fix a missing-check bug in drm_load_edid_firmware()
PCI: Return error if cannot probe VF
drm/bridge: tc358767: read display_props in get_modes()
drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz
drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry
memstick: Fix error cleanup path of memstick_init
tty/serial: digicolor: Fix digicolor-usart already registered warning
tty: serial: msm_serial: avoid system lockup condition
serial: 8250: Fix TX interrupt handling condition
drm/virtio: Add memory barriers for capset cache.
phy: renesas: rcar-gen2: Fix memory leak at error paths
powerpc/pseries/mobility: prevent cpu hotplug during DT update
drm/rockchip: Properly adjust to a true clock in adjusted_mode
tty: serial_core: Set port active bit in uart_port_activate
usb: gadget: Zero ffs_io_data
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
drm/msm: Depopulate platform on probe failure
serial: mctrl_gpio: Check if GPIO property exisits before requesting it
PCI: sysfs: Ignore lockdep for remove attribute
kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS
PCI: xilinx-nwl: Fix Multi MSI data programming
iio: iio-utils: Fix possible incorrect mask calculation
powerpc/xmon: Fix disabling tracing while in xmon
recordmcount: Fix spurious mcount entries on powerpc
mfd: core: Set fwnode for created devices
mfd: arizona: Fix undefined behavior
mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk
um: Silence lockdep complaint about mmap_sem
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
RDMA/i40iw: Set queue pair state when being queried
serial: sh-sci: Terminate TX DMA during buffer flushing
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
kallsyms: exclude kasan local symbols on s390
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
perf session: Fix potential NULL pointer dereference found by the smatch tool
perf annotate: Fix dereferencing freed memory found by the smatch tool
RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM
PCI: dwc: pci-dra7xx: Fix compilation when !CONFIG_GPIOLIB
powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h
f2fs: avoid out-of-range memory access
mailbox: handle failed named mailbox channel request
powerpc/eeh: Handle hugepages in ioremap space
block/bio-integrity: fix a memory leak bug
sh: prevent warnings when using iounmap
mm/kmemleak.c: fix check for softirq context
9p: pass the correct prototype to read_cache_page
mm/gup.c: mark undo_dev_pagemap as __maybe_unused
mm/gup.c: remove some BUG_ONs from get_gate_page()
mm/mmu_notifier: use hlist_add_head_rcu()
locking/lockdep: Fix lock used or unused stats error
locking/lockdep: Hide unused 'class' variable
drm/crc: Only report a single overflow when a CRC fd is opened
drm/crc-debugfs: Also sprinkle irqrestore over early exits
usb: wusbcore: fix unbalanced get/put cluster_id
usb: pci-quirks: Correct AMD PLL quirk detection
KVM: nVMX: do not use dangling shadow VMCS after guest reset
btrfs: inode: Don't compress if NODATASUM or NODATACOW set
x86/sysfb_efi: Add quirks for some devices with swapped width and height
x86/speculation/mds: Apply more accurate check on hypervisor platform
binder: prevent transactions to context manager from its own process.
fpga-manager: altera-ps-spi: Fix build error
hpet: Fix division by zero in hpet_time_div()
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
ALSA: hda - Add a conexant codec entry to let mute led work
powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask()
powerpc/tm: Fix oops on sigreturn on systems without TM
access: avoid the RCU grace period for the temporary subjective credentials
Linux 4.14.135
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Radoslaw Burny
|
2cbf2af144 |
fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.
commit 5ec27ec735ba0477d48c80561cc5e856f0c5dfaf upstream. Normally, the inode's i_uid/i_gid are translated relative to s_user_ns, but this is not a correct behavior for proc. Since sysctl permission check in test_perm is done against GLOBAL_ROOT_[UG]ID, it makes more sense to use these values in u_[ug]id of proc inodes. In other words: although uid/gid in the inode is not read during test_perm, the inode logically belongs to the root of the namespace. I have confirmed this with Eric Biederman at LPC and in this thread: https://lore.kernel.org/lkml/87k1kzjdff.fsf@xmission.com Consequences ============ Since the i_[ug]id values of proc nodes are not used for permissions checks, this change usually makes no functional difference. However, it causes an issue in a setup where: * a namespace container is created without root user in container - hence the i_[ug]id of proc nodes are set to INVALID_[UG]ID * container creator tries to configure it by writing /proc/sys files, e.g. writing /proc/sys/kernel/shmmax to configure shared memory limit Kernel does not allow to open an inode for writing if its i_[ug]id are invalid, making it impossible to write shmmax and thus - configure the container. Using a container with no root mapping is apparently rare, but we do use this configuration at Google. Also, we use a generic tool to configure the container limits, and the inability to write any of them causes a failure. History ======= The invalid uids/gids in inodes first appeared due to 81754357770e (fs: Update i_[ug]id_(read|write) to translate relative to s_user_ns). However, AFAIK, this did not immediately cause any issues. The inability to write to these "invalid" inodes was only caused by a later commit 0bd23d09b874 (vfs: Don't modify inodes with a uid or gid unknown to the vfs). Tested: Used a repro program that creates a user namespace without any mapping and stat'ed /proc/$PID/root/proc/sys/kernel/shmmax from outside. Before the change, it shows the overflow uid, with the change it's 0. The overflow uid indicates that the uid in the inode is not correct and thus it is not possible to open the file for writing. Link: http://lkml.kernel.org/r/20190708115130.250149-1-rburny@google.com Fixes: 0bd23d09b874 ("vfs: Don't modify inodes with a uid or gid unknown to the vfs") Signed-off-by: Radoslaw Burny <rburny@google.com> Acked-by: Luis Chamberlain <mcgrof@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: "Eric W . Biederman" <ebiederm@xmission.com> Cc: Seth Forshee <seth.forshee@canonical.com> Cc: John Sperbeck <jsperbeck@google.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: <stable@vger.kernel.org> [4.8+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
0dcd8eb0ae |
This is the 4.14.132 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl0cjnQACgkQONu9yGCS aT6wVRAAoL5ffO+WBrxRKBYweeprTlFTpvI2ZuMN12hONL0AcOocdRrlK4sgD8RW 8CWHU65BihYDE19OKLsQf+5M/ov78cokfq4NsnWHXalSDXwrBt1cle5kGOFFdOSE 5IE8Dfal6v5YxyORVSu3ls19cjy9AO8q53Sdi8N3CRJAVho0UavJQyLkUhJXlNtM +q0ohE8XGwX5+UAORuULb7rqeuIwKzEUu3npZzNB9OnThbStepgJUFxHKvFVOei8 McEC6/ifJnxD0hDmmgt7WSJWPjnv85c5oReJeceerF83i5h1MZUicNtMWOjbV7lH vv/B4m5Un2T3cflGuarhpNdfjHs2PqRXO7T5+Fs2t8WIA7uuAedhhlEHir0bTOfB uj7yBND35SVsQzmzw58j7XPREEmpQBgpI1K4YYFQzrdfddtxFIC46LjTxa2Hk5OB z1n2Tq7lQaYddUMpmBbab6+znHef1Ts++g0aof5JyBnx3heBdUYNBDUYXBpGAD9Y +pFmR1ZULScm3btwCNxiEIn+YWYNO+GV9BibXTXag3URPC4Ff1damstOOZwXkaxg CPJagiufQgXQQjDUPt0GolJz3Dd/T9YN6mNmqTQhqxFfY5kAeDVsqhIPN1ZKZY5u /40rDoKyxJSzxrKRIqAKTm6wWELq4hS14LlVSQJRmxK2RXJFwlE= =Mmka -----END PGP SIGNATURE----- Merge 4.14.132 into android-4.14 Changes in 4.14.132 perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit set nul perf help: Remove needless use of strncpy() perf header: Fix unchecked usage of strncpy() Revert "x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP" IB/hfi1: Close PSM sdma_progress sleep window block: add a lower-level bio_add_page interface block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs 9p/xen: fix check for xenbus_read error in front_probe 9p/rdma: do not disconnect on down_interruptible EAGAIN 9p: acl: fix uninitialized iattr access 9p/rdma: remove useless check in cm_event_handler 9p: p9dirent_read: check network-provided name length net/9p: include trans_common.h to fix missing prototype warning. qmi_wwan: Fix out-of-bounds read Revert "compiler.h: update definition of unreachable()" fs/proc/array.c: allow reporting eip/esp for all coredumping threads mm/mempolicy.c: fix an incorrect rebind node in mpol_rebind_nodemask fs/binfmt_flat.c: make load_flat_shared_library() work mm/page_idle.c: fix oops because end_pfn is larger than max_pfn dm log writes: make sure super sector log updates are written in order scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() x86/speculation: Allow guests to use SSBD even if host does not x86/microcode: Fix the microcode load on CPU hotplug for real NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O cpu/speculation: Warn on unsupported mitigations= parameter eeprom: at24: fix unexpected timeout under high load af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop net/packet: fix memory leak in packet_set_ring() net: remove duplicate fetch in sock_getsockopt net: stmmac: fixed new system time seconds value calculation sctp: change to hold sk after auth shkey is created successfully tipc: change to use register_pernet_device tipc: check msg->req data len in tipc_nl_compat_bearer_disable tun: wake up waitqueues after IFF_UP is set team: Always enable vlan tx offload bonding: Always enable vlan tx offload bpf: udp: Avoid calling reuseport's bpf_prog from udp_gro bpf: udp: ipv6: Avoid running reuseport's bpf_prog from __udp6_lib_err arm64: futex: Avoid copying out uninitialised stack in failed cmpxchg() bpf, arm64: use more scalable stadd over ldxr / stxr loop in xadd futex: Update comments and docs about return values of arch futex code tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb arm64: insn: Fix ldadd instruction encoding Linux 4.14.132 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
John Ogness
|
7cc3997787 |
fs/proc/array.c: allow reporting eip/esp for all coredumping threads
commit cb8f381f1613cafe3aec30809991cd56e7135d92 upstream.
0a1eb2d474ed ("fs/proc: Stop reporting eip and esp in /proc/PID/stat")
stopped reporting eip/esp and fd7d56270b52 ("fs/proc: Report eip/esp in
/prod/PID/stat for coredumping") reintroduced the feature to fix a
regression with userspace core dump handlers (such as minicoredumper).
Because PF_DUMPCORE is only set for the primary thread, this didn't fix
the original problem for secondary threads. Allow reporting the eip/esp
for all threads by checking for PF_EXITING as well. This is set for all
the other threads when they are killed. coredump_wait() waits for all the
tasks to become inactive before proceeding to invoke a core dumper.
Link: http://lkml.kernel.org/r/87y32p7i7a.fsf@linutronix.de
Link: http://lkml.kernel.org/r/20190522161614.628-1-jlu@pengutronix.de
Fixes: fd7d56270b526ca3 ("fs/proc: Report eip/esp in /prod/PID/stat for coredumping")
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Reported-by: Jan Luebbe <jlu@pengutronix.de>
Tested-by: Jan Luebbe <jlu@pengutronix.de>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
b5123fd473 |
This is the 4.14.115 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzKnvMACgkQONu9yGCS aT6vPRAAgy8sPwaOoETexGtsEaVVaZX2Yt20ekTuNbKHZKBJKXlq+pcfXawwotUE dr+/jRrpUrOD7Ta4y+qU+mKV3eS4FZ8bJaYvEOKkf/wSFG5sWF6pE7jmgnJ2lJVj SafR601YTCh2eZm+rLogqEF+lXZ9rNUCJlnO6q4APnpvuOGqX6kPaqTxDRK+Qfzz mkij3bnw43YAX5lkx9l2OzreNU5jlh2RSamrF0YrqoL01E/7IXYeAnxQl+Atmjmu pLWsWl/rdxVAnDPwpiZZZAEs3/DYpVtP1bcCH7tESLWICawajUsffn5/yVtwl1UW BKl0mFom7K9tZOhSxmf7kvK+Yq8p5AdyooIFVEfoObYMCZAyXarpnBiey4SeqqQU GRi6fLfMeXrk3ikkI3qGbClbjLhiGmUIyYWz0VI2mxf7+SRnOzHsxgILiaJHPQOn 4+6Y8n1XINMMOu6p0apVSZAAlKjnLsUX0gocTaRQsFTzY9Zqm+/hePe6x7Xm+h66 X4e9NAy/RxZog78aVxTihphAX6V5gbRgcYku+UvWTDoIB13XZ7qxcjyod3DiLvZT n3APkif2sC2ATFmJ3eRSLSitFQ2igIAfW3ob9GtdYb/13I7Zsh0K0FqH1icuKVVm VBsTtvNahCMMKXT/Z5hJOO2agXPprx0kGnn1J6vazh/Bs94QBLw= =tLin -----END PGP SIGNATURE----- Merge 4.14.115 into android-4.14 Changes in 4.14.115 kbuild: simplify ld-option implementation cifs: do not attempt cifs operation on smb2+ rename error tracing: Fix a memory leak by early error exit in trace_pid_write() tracing: Fix buffer_ref pipe ops zram: pass down the bvec we need to read into in the work struct lib/Kconfig.debug: fix build error without CONFIG_BLOCK MIPS: scall64-o32: Fix indirect syscall number load trace: Fix preempt_enable_no_resched() abuse IB/rdmavt: Fix frwr memory registration sched/numa: Fix a possible divide-by-zero ceph: only use d_name directly when parent is locked ceph: ensure d_name stability in ceph_dentry_hash() ceph: fix ci->i_head_snapc leak nfsd: Don't release the callback slot unless it was actually held sunrpc: don't mark uninitialised items as VALID. Input: synaptics-rmi4 - write config register values to the right offset vfio/type1: Limit DMA mappings per container dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid ARM: 8857/1: efi: enable CP15 DMB instructions before cleaning the cache drm/vc4: Fix memory leak during gpu reset. Revert "drm/i915/fbdev: Actually configure untiled displays" drm/vc4: Fix compilation error reported by kbuild test bot USB: Add new USB LPM helpers USB: Consolidate LPM checks to avoid enabling LPM twice ext4: fix some error pointer dereferences vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock tipc: handle the err returned from cmd header function slip: make slhc_free() silently accept an error pointer intel_th: gth: Fix an off-by-one in output unassigning fs/proc/proc_sysctl.c: Fix a NULL pointer dereference ipvs: fix warning on unused variable binder: fix handling of misaligned binder object sched/deadline: Correctly handle active 0-lag timers NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON fm10k: Fix a potential NULL pointer dereference tipc: check bearer name with right length in tipc_nl_compat_bearer_enable tipc: check link name with right length in tipc_nl_compat_link_set dm integrity: change memcmp to strncmp in dm_integrity_ctr x86, retpolines: Raise limit for generating indirect calls from switch-case x86/retpolines: Disable switch jump tables when retpolines are enabled mm: Fix warning in insert_pfn() Revert "block/loop: Use global lock for ioctl() operation." ipv4: add sanity checks in ipv4_link_failure() mlxsw: spectrum: Fix autoneg status in ethtool net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query net: rds: exchange of 8K and 1M pool net: stmmac: move stmmac_check_ether_addr() to driver probe stmmac: pci: Adjust IOT2000 matching team: fix possible recursive locking when add slaves net/rose: Convert timers to use timer_setup() net/rose: fix unbound loop in rose_loopback_timer() ipv4: set the tcp_min_rtt_wlen range from 0 to one day powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg Documentation: Add nospectre_v1 parameter Linux 4.14.115 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
YueHaibing
|
a50d8db5f3 |
fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
commit 89189557b47b35683a27c80ee78aef18248eefb4 upstream. Syzkaller report this: sysctl could not get directory: /net//bridge -12 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN PTI CPU: 1 PID: 7027 Comm: syz-executor.0 Tainted: G C 5.1.0-rc3+ #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 RIP: 0010:__write_once_size include/linux/compiler.h:220 [inline] RIP: 0010:__rb_change_child include/linux/rbtree_augmented.h:144 [inline] RIP: 0010:__rb_erase_augmented include/linux/rbtree_augmented.h:186 [inline] RIP: 0010:rb_erase+0x5f4/0x19f0 lib/rbtree.c:459 Code: 00 0f 85 60 13 00 00 48 89 1a 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 75 0c 00 00 4d 85 ed 4c 89 2e 74 ce 4c 89 ea 48 RSP: 0018:ffff8881bb507778 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffff8881f224b5b8 RCX: ffffffff818f3f6a RDX: 000000000000000a RSI: 0000000000000050 RDI: ffff8881f224b568 RBP: 0000000000000000 R08: ffffed10376a0ef4 R09: ffffed10376a0ef4 R10: 0000000000000001 R11: ffffed10376a0ef4 R12: ffff8881f224b558 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f3e7ce13700(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd60fbe9398 CR3: 00000001cb55c001 CR4: 00000000007606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: erase_entry fs/proc/proc_sysctl.c:178 [inline] erase_header+0xe3/0x160 fs/proc/proc_sysctl.c:207 start_unregistering fs/proc/proc_sysctl.c:331 [inline] drop_sysctl_table+0x558/0x880 fs/proc/proc_sysctl.c:1631 get_subdir fs/proc/proc_sysctl.c:1022 [inline] __register_sysctl_table+0xd65/0x1090 fs/proc/proc_sysctl.c:1335 br_netfilter_init+0x68/0x1000 [br_netfilter] do_one_initcall+0xbc/0x47d init/main.c:901 do_init_module+0x1b5/0x547 kernel/module.c:3456 load_module+0x6405/0x8c10 kernel/module.c:3804 __do_sys_finit_module+0x162/0x190 kernel/module.c:3898 do_syscall_64+0x9f/0x450 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Modules linked in: br_netfilter(+) backlight comedi(C) hid_sensor_hub max3100 ti_ads8688 udc_core fddi snd_mona leds_gpio rc_streamzap mtd pata_netcell nf_log_common rc_winfast udp_tunnel snd_usbmidi_lib snd_usb_toneport snd_usb_line6 snd_rawmidi snd_seq_device snd_hwdep videobuf2_v4l2 videobuf2_common videodev media videobuf2_vmalloc videobuf2_memops rc_gadmei_rm008z 8250_of smm665 hid_tmff hid_saitek hwmon_vid rc_ati_tv_wonder_hd_600 rc_core pata_pdc202xx_old dn_rtmsg as3722 ad714x_i2c ad714x snd_soc_cs4265 hid_kensington panel_ilitek_ili9322 drm drm_panel_orientation_quirks ipack cdc_phonet usbcore phonet hid_jabra hid extcon_arizona can_dev industrialio_triggered_buffer kfifo_buf industrialio adm1031 i2c_mux_ltc4306 i2c_mux ipmi_msghandler mlxsw_core snd_soc_cs35l34 snd_soc_core snd_pcm_dmaengine snd_pcm snd_timer ac97_bus snd_compress snd soundcore gpio_da9055 uio ecdh_generic mdio_thunder of_mdio fixed_phy libphy mdio_cavium iptable_security iptable_raw iptable_mangle iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter bpfilter ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel hsr veth netdevsim vxcan batman_adv cfg80211 rfkill chnl_net caif nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun joydev mousedev ppdev tpm kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel ide_pci_generic piix aes_x86_64 crypto_simd cryptd ide_core glue_helper input_leds psmouse intel_agp intel_gtt serio_raw ata_generic i2c_piix4 agpgart pata_acpi parport_pc parport floppy rtc_cmos sch_fq_codel ip_tables x_tables sha1_ssse3 sha1_generic ipv6 [last unloaded: br_netfilter] Dumping ftrace buffer: (ftrace buffer empty) ---[ end trace 68741688d5fbfe85 ]--- commit 23da9588037e ("fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links") forgot to handle start_unregistering() case, while header->parent is NULL, it calls erase_header() and as seen in the above syzkaller call trace, accessing &header->parent->root will trigger a NULL pointer dereference. As that commit explained, there is also no need to call start_unregistering() if header->parent is NULL. Link: http://lkml.kernel.org/r/20190409153622.28112-1-yuehaibing@huawei.com Fixes: 23da9588037e ("fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links") Fixes: 0e47c99d7fe25 ("sysctl: Replace root_list with links between sysctl_table_sets") Signed-off-by: YueHaibing <yuehaibing@huawei.com> Reported-by: Hulk Robot <hulkci@huawei.com> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: Luis Chamberlain <mcgrof@kernel.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
c680586c4f |
This is the 4.14.114 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzEBk4ACgkQONu9yGCS aT7oPg/+LqGEp+af4Q2623Y5tzG+pV580Xzzeyu+ZulmfTiG8yylSCxtVKvzjlmf omeCYxZXCNDtOn1aWFWvM+cZlNC90gOem2Xm2P7KEx25QZflFFI+Uzt+7sKrLr1l v/6YOf2cjvfOAlYF6euI98Ja6+m+OWXhWDUQUEUbl0X8Of2pXW9opWsf13LKT/BT p9WpVjDN+pow1kGl1Sk4zu11LBZsN0PI5ZW64PTSG2AuSIMQ9pHZzxrGD7/vhQMC 50s2WsJxlIvuE3tmWDnpqfR0WjzaUk59hHrrBM9YLDlqjzFZNgD2ziRn0A0sfW1n us81cw6Wz+LcykK3D2qvIvhZkRkDVI7J6LQSzeNaBWl3AkEEjwYw3cSwD5jl5+xn cbTgaBjKursuBZU5rdXPcabAhFIlL6NIt43n6DYRl/MYSpFvzifLKnCso2fPNNgT lXZuwH1qDBepVVQ0YrTnOBf+7u822lPuGyIq1Nz4YUBhKAAlBTV/Hxv3gJCXTihO 6NW42qk44VLjmu/Gpo5Q4Nc6EWeujwZRXNEZo8m5YfV92VteJTs3520iPRB0qFga aPOyiMNIKyhzZ3CPxxkDXgeRDh7AFznwcljlDE6DiCVmbPaUucJkvad/TwyFf4ul Wp1zZ2aCrt/oO5GK/MQfGNh4rmN/0qB9cxYoBDWbOJSG4R1+PTI= =dQgB -----END PGP SIGNATURE----- Merge 4.14.114 into android-4.14 Changes in 4.14.114 bonding: fix event handling for stacked bonds net: atm: Fix potential Spectre v1 vulnerabilities net: bridge: fix per-port af_packet sockets net: bridge: multicast: use rcu to access port list from br_multicast_start_querier net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv tcp: tcp_grow_window() needs to respect tcp_space() team: set slave to promisc if team is already in promisc mode vhost: reject zero size iova range ipv4: recompile ip options in ipv4_link_failure ipv4: ensure rcu_read_lock() in ipv4_link_failure() net: thunderx: raise XDP MTU to 1508 net: thunderx: don't allow jumbo frames with XDP CIFS: keep FileInfo handle live during oplock break KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU KVM: x86: svm: make sure NMI is injected after nmi_singlestep Staging: iio: meter: fixed typo staging: iio: ad7192: Fix ad7193 channel address iio: gyro: mpu3050: fix chip ID reading iio/gyro/bmg160: Use millidegrees for temperature scale iio: cros_ec: Fix the maths for gyro scale calculation iio: ad_sigma_delta: select channel when reading register iio: dac: mcp4725: add missing powerdown bits in store eeprom iio: Fix scan mask selection iio: adc: at91: disable adc channel interrupt in timeout case iio: core: fix a possible circular locking dependency io: accel: kxcjk1013: restore the range after resume. staging: comedi: vmk80xx: Fix use of uninitialized semaphore staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf staging: comedi: ni_usb6501: Fix use of uninitialized mutex staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf ALSA: hda/realtek - add two more pin configuration sets to quirk table ALSA: core: Fix card races between register and disconnect scsi: core: set result when the command cannot be dispatched Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO" Revert "svm: Fix AVIC incomplete IPI emulation" coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping crypto: x86/poly1305 - fix overflow during partial reduction arm64: futex: Restore oldval initialization to work around buggy compilers x86/kprobes: Verify stack frame on kretprobe kprobes: Mark ftrace mcount handler functions nokprobe kprobes: Fix error check when reusing optimized probes rt2x00: do not increment sequence number while re-transmitting mac80211: do not call driver wake_tx_queue op during reconfig perf/x86/amd: Add event map for AMD Family 17h x86/cpu/bugs: Use __initconst for 'const' init data perf/x86: Fix incorrect PEBS_REGS x86/speculation: Prevent deadlock on ssb_state::lock crypto: crypto4xx - properly set IV after de- and encrypt mmc: sdhci: Fix data command CRC error handling mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR mmc: sdhci: Handle auto-command errors modpost: file2alias: go back to simple devtable lookup modpost: file2alias: check prototype of handler tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete ipv6: frags: fix a lockdep false positive net: IP defrag: encapsulate rbtree defrag code into callable functions ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module net: IP6 defrag: use rbtrees for IPv6 defrag net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c Revert "kbuild: use -Oz instead of -Os when using clang" sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup device_cgroup: fix RCU imbalance in error case mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n ALSA: info: Fix racy addition/deletion of nodes percpu: stop printing kernel addresses tools include: Adopt linux/bits.h iomap: report collisions between directio and buffered writes to userspace xfs: add the ability to join a held buffer to a defer_ops xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()" kernel/sysctl.c: fix out-of-bounds access when setting file-max Linux 4.14.114 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Andrea Arcangeli
|
bb461ad8e6 |
coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
commit 04f5866e41fb70690e28397487d8bd8eea7d712a upstream. The core dumping code has always run without holding the mmap_sem for writing, despite that is the only way to ensure that the entire vma layout will not change from under it. Only using some signal serialization on the processes belonging to the mm is not nearly enough. This was pointed out earlier. For example in Hugh's post from Jul 2017: https://lkml.kernel.org/r/alpine.LSU.2.11.1707191716030.2055@eggly.anvils "Not strictly relevant here, but a related note: I was very surprised to discover, only quite recently, how handle_mm_fault() may be called without down_read(mmap_sem) - when core dumping. That seems a misguided optimization to me, which would also be nice to correct" In particular because the growsdown and growsup can move the vm_start/vm_end the various loops the core dump does around the vma will not be consistent if page faults can happen concurrently. Pretty much all users calling mmget_not_zero()/get_task_mm() and then taking the mmap_sem had the potential to introduce unexpected side effects in the core dumping code. Adding mmap_sem for writing around the ->core_dump invocation is a viable long term fix, but it requires removing all copy user and page faults and to replace them with get_dump_page() for all binary formats which is not suitable as a short term fix. For the time being this solution manually covers the places that can confuse the core dump either by altering the vma layout or the vma flags while it runs. Once ->core_dump runs under mmap_sem for writing the function mmget_still_valid() can be dropped. Allowing mmap_sem protected sections to run in parallel with the coredump provides some minor parallelism advantage to the swapoff code (which seems to be safe enough by never mangling any vma field and can keep doing swapins in parallel to the core dumping) and to some other corner case. In order to facilitate the backporting I added "Fixes: 86039bd3b4e6" however the side effect of this same race condition in /proc/pid/mem should be reproducible since before 2.6.12-rc2 so I couldn't add any other "Fixes:" because there's no hash beyond the git genesis commit. Because find_extend_vma() is the only location outside of the process context that could modify the "mm" structures under mmap_sem for reading, by adding the mmget_still_valid() check to it, all other cases that take the mmap_sem for reading don't need the new check after mmget_not_zero()/get_task_mm(). The expand_stack() in page fault context also doesn't need the new check, because all tasks under core dumping are frozen. Link: http://lkml.kernel.org/r/20190325224949.11068-1-aarcange@redhat.com Fixes: 86039bd3b4e6 ("userfaultfd: add new syscall to provide memory externalization") Signed-off-by: Andrea Arcangeli <aarcange@redhat.com> Reported-by: Jann Horn <jannh@google.com> Suggested-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Peter Xu <peterx@redhat.com> Reviewed-by: Mike Rapoport <rppt@linux.ibm.com> Reviewed-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Jann Horn <jannh@google.com> Acked-by: Jason Gunthorpe <jgg@mellanox.com> Acked-by: Michal Hocko <mhocko@suse.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
588c629944 |
This is the 4.14.110 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlykNbEACgkQONu9yGCS aT5HyQ//X23Zk/FFcyVZv3U/CTmuLGDyLDiVFAKoGwngGhYVSpH5LuF7al/Csihc pKiwi+oz3qj89+/Rx3OvtHUTnIE2sBcuN0nBclwHY+5uTmv6m9a358/LPRWEDl19 HUSFwrRS0bmOcrG5W+p+XSQ/VBv/UhigLQ5PJ9ezvcgUW/kh0SuVd0FTUGxse8wi jaJSaKISSHtwoqoWjLUHeyWR+pl8rRZx6ujfcQXl9+0Ei9Rl/osDezexDNfaoKBA CGHYdFNVlYMhPIO0Z5X0jsIUUnCn5DwmHEFqjQsPq49y1sJhd5yCTciF0VtMaFQm r1+VCNXTEWaEOrHrL8DzkOKXm+mKjY72P1tsodpjGwBb1y1gEtQwH3jf9jhUQvrh 0/YN39BKjE5f0X4Nusri35r+8DgjK9aab5AlMBezIm8luTAkQzfsWjrdo7N00szc GmlxSyqsaMwU9KUPEUD/ILlJaxvTX8eKZtOPourpmVileEjQ5lQvFtu4b8OWgDs3 5UdPbDiaYcQAMTbcJQ4z8DNwOoW9/OHGY2YmOdvbqamRr7T25Eku9v5yjLnR7mIm F1kkx5fhPkMd/zfM27hEavNcpq5sojCCccsm8IwuOcKZxytONpWnDbcVLT7znGEt WArxqoxHfnJ5IbxXSb5xCQdhNg/Fe7JvcF6ztM+C5oy0J7e3Erw= =de4i -----END PGP SIGNATURE----- Merge 4.14.110 into android-4.14 Changes in 4.14.110 Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer video: fbdev: Set pixclock = 0 in goldfishfb stmmac: copy unicast mac address to MAC registers dccp: do not use ipv6 header for ipv4 flow genetlink: Fix a memory leak on error path mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S net: datagram: fix unbounded loop in __skb_try_recv_datagram() net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec net: rose: fix a possible stack overflow net: stmmac: fix memory corruption with large MTUs net-sysfs: call dev_hold if kobject_init_and_add success packets: Always register packet sk in the same order rhashtable: Still do rehash when we get EEXIST tcp: do not use ipv6 header for ipv4 flow thunderx: enable page recycling for non-XDP case thunderx: eliminate extra calls to put_page() for pages held for recycling vxlan: Don't call gro_cells_destroy() before device is unregistered sctp: get sctphdr by offset in sctp_compute_cksum net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 mac8390: Fix mmio access size probe tun: properly test for IFF_UP tun: add a missing rcu_read_unlock() in error path powerpc/64s: Add support for ori barrier_nospec patching powerpc/64s: Patch barrier_nospec in modules powerpc/64s: Enable barrier_nospec based on firmware settings powerpc: Use barrier_nospec in copy_from_user() powerpc/64: Use barrier_nospec in syscall entry powerpc/64s: Enhance the information in cpu_show_spectre_v1() powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 powerpc/64: Disable the speculation barrier from the command line powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC powerpc/64: Call setup_barrier_nospec() from setup_arch() powerpc/64: Make meltdown reporting Book3S 64 specific powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms powerpc/asm: Add a patch_site macro & helpers for patching instructions powerpc/64s: Add new security feature flags for count cache flush powerpc/64s: Add support for software count cache flush powerpc/pseries: Query hypervisor for count cache flush settings powerpc/powernv: Query firmware for count cache flush settings powerpc/fsl: Add infrastructure to fixup branch predictor flush powerpc/fsl: Add macro to flush the branch predictor powerpc/fsl: Fix spectre_v2 mitigations reporting powerpc/fsl: Emulate SPRN_BUCSR register powerpc/fsl: Add nospectre_v2 command line argument powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) powerpc/fsl: Flush branch predictor when entering KVM powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used powerpc/fsl: Update Spectre v2 reporting powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' powerpc/fsl: Fix the flush of branch predictor. powerpc/security: Fix spectre_v2 reporting Btrfs: fix incorrect file size after shrinking truncate and fsync btrfs: remove WARN_ON in log_dir_items btrfs: raid56: properly unmap parity page in finish_parity_scrub() ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time powerpc: bpf: Fix generation of load/store DW instructions NFSv4.1 don't free interrupted slot on open net: dsa: qca8k: remove leftover phy accessors ALSA: rawmidi: Fix potential Spectre v1 vulnerability ALSA: seq: oss: Fix Spectre v1 vulnerability ALSA: pcm: Fix possible OOB access in PCM oss plugins ALSA: pcm: Don't suspend stream in unrecoverable PCM state ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB kbuild: modversions: Fix relative CRC byte order interpretation fs/open.c: allow opening only regular files during execve() ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock scsi: sd: Fix a race between closing an sd device and sd I/O scsi: sd: Quiesce warning if device does not report optimal I/O size scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices tty: atmel_serial: fix a potential NULL pointer dereference staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest staging: vt6655: Remove vif check from vnt_interrupt staging: vt6655: Fix interrupt race condition on device start up. serial: max310x: Fix to avoid potential NULL pointer dereference serial: sh-sci: Fix setting SCSCR_TIE while transferring data USB: serial: cp210x: add new device id USB: serial: ftdi_sio: add additional NovaTech products USB: serial: mos7720: fix mos_parport refcount imbalance on error path USB: serial: option: set driver_info for SIM5218 and compatibles USB: serial: option: add support for Quectel EM12 USB: serial: option: add Olicard 600 Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links drm/vgem: fix use-after-free when drm_gem_handle_create() fails gpio: exar: add a check for the return value of ida_simple_get fails gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs usb: mtu3: fix EXTCON dependency USB: gadget: f_hid: fix deadlock in f_hidg_write() usb: common: Consider only available nodes for dr_mode usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk xhci: Fix port resume done detection for SS ports with LPM enabled usb: cdc-acm: fix race during wakeup blocking TX traffic mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate perf intel-pt: Fix TSC slip cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y KVM: Reject device ioctls from processes other than the VM's creator KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts Revert "USB: core: only clean up what we allocated" vfio: ccw: only free cp on final interrupt Linux 4.14.110 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
YueHaibing
|
0d9ef3f5b0 |
fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
commit 23da9588037ecdd4901db76a5b79a42b529c4ec3 upstream. Syzkaller reports: kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN PTI CPU: 1 PID: 5373 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 RIP: 0010:put_links+0x101/0x440 fs/proc/proc_sysctl.c:1599 Code: 00 0f 85 3a 03 00 00 48 8b 43 38 48 89 44 24 20 48 83 c0 38 48 89 c2 48 89 44 24 28 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 fe 02 00 00 48 8b 74 24 20 48 c7 c7 60 2a 9d 91 RSP: 0018:ffff8881d828f238 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffff8881e01b1140 RCX: ffffffff8ee98267 RDX: 0000000000000007 RSI: ffffc90001479000 RDI: ffff8881e01b1178 RBP: dffffc0000000000 R08: ffffed103ee27259 R09: ffffed103ee27259 R10: 0000000000000001 R11: ffffed103ee27258 R12: fffffffffffffff4 R13: 0000000000000006 R14: ffff8881f59838c0 R15: dffffc0000000000 FS: 00007f072254f700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff8b286668 CR3: 00000001f0542002 CR4: 00000000007606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: drop_sysctl_table+0x152/0x9f0 fs/proc/proc_sysctl.c:1629 get_subdir fs/proc/proc_sysctl.c:1022 [inline] __register_sysctl_table+0xd65/0x1090 fs/proc/proc_sysctl.c:1335 br_netfilter_init+0xbc/0x1000 [br_netfilter] do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x462e99 Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f072254ec58 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99 RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 RBP: 00007f072254ec70 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f072254f6bc R13: 00000000004bcefa R14: 00000000006f6fb0 R15: 0000000000000004 Modules linked in: br_netfilter(+) dvb_usb_dibusb_mc_common dib3000mc dibx000_common dvb_usb_dibusb_common dvb_usb_dw2102 dvb_usb classmate_laptop palmas_regulator cn videobuf2_v4l2 v4l2_common snd_soc_bd28623 mptbase snd_usb_usx2y snd_usbmidi_lib snd_rawmidi wmi libnvdimm lockd sunrpc grace rc_kworld_pc150u rc_core rtc_da9063 sha1_ssse3 i2c_cros_ec_tunnel adxl34x_spi adxl34x nfnetlink lib80211 i5500_temp dvb_as102 dvb_core videobuf2_common videodev media videobuf2_vmalloc videobuf2_memops udc_core lnbp22 leds_lp3952 hid_roccat_ryos s1d13xxxfb mtd vport_geneve openvswitch nf_conncount nf_nat_ipv6 nsh geneve udp_tunnel ip6_udp_tunnel snd_soc_mt6351 sis_agp phylink snd_soc_adau1761_spi snd_soc_adau1761 snd_soc_adau17x1 snd_soc_core snd_pcm_dmaengine ac97_bus snd_compress snd_soc_adau_utils snd_soc_sigmadsp_regmap snd_soc_sigmadsp raid_class hid_roccat_konepure hid_roccat_common hid_roccat c2port_duramar2150 core mdio_bcm_unimac iptable_security iptable_raw iptable_mangle iptable_nat nf_nat_ipv4 nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter bpfilter ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel hsr veth netdevsim devlink vxcan batman_adv cfg80211 rfkill chnl_net caif nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel joydev mousedev ide_pci_generic piix aesni_intel aes_x86_64 ide_core crypto_simd atkbd cryptd glue_helper serio_raw ata_generic pata_acpi i2c_piix4 floppy sch_fq_codel ip_tables x_tables ipv6 [last unloaded: lm73] Dumping ftrace buffer: (ftrace buffer empty) ---[ end trace 770020de38961fd0 ]--- A new dir entry can be created in get_subdir and its 'header->parent' is set to NULL. Only after insert_header success, it will be set to 'dir', otherwise 'header->parent' is set to NULL and drop_sysctl_table is called. However in err handling path of get_subdir, drop_sysctl_table also be called on 'new->header' regardless its value of parent pointer. Then put_links is called, which triggers NULL-ptr deref when access member of header->parent. In fact we have multiple error paths which call drop_sysctl_table() there, upon failure on insert_links() we also call drop_sysctl_table().And even in the successful case on __register_sysctl_table() we still always call drop_sysctl_table().This patch fix it. Link: http://lkml.kernel.org/r/20190314085527.13244-1-yuehaibing@huawei.com Fixes: 0e47c99d7fe25 ("sysctl: Replace root_list with links between sysctl_table_sets") Signed-off-by: YueHaibing <yuehaibing@huawei.com> Reported-by: Hulk Robot <hulkci@huawei.com> Acked-by: Luis Chamberlain <mcgrof@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: <stable@vger.kernel.org> [3.4+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Johannes Weiner
|
d900bee055 |
BACKPORT: sched: loadavg: consolidate LOAD_INT, LOAD_FRAC, CALC_LOAD
There are several definitions of those functions/macros in places that mess with fixed-point load averages. Provide an official version. [akpm@linux-foundation.org: fix missed conversion in block/blk-iolatency.c] Link: http://lkml.kernel.org/r/20180828172258.3185-5-hannes@cmpxchg.org Signed-off-by: Johannes Weiner <hannes@cmpxchg.org> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Tested-by: Suren Baghdasaryan <surenb@google.com> Tested-by: Daniel Drake <drake@endlessm.com> Cc: Christopher Lameter <cl@linux.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Johannes Weiner <jweiner@fb.com> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Enderborg <peter.enderborg@sony.com> Cc: Randy Dunlap <rdunlap@infradead.org> Cc: Shakeel Butt <shakeelb@google.com> Cc: Tejun Heo <tj@kernel.org> Cc: Vinayak Menon <vinmenon@codeaurora.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit 8508cf3ffad4defa202b303e5b6379efc4cd9054) Conflicts: block/blk-iolatency.c (1. skipped changes in block/blk-iolatency.c as file does not exist in 4.14) Bug: 127712811 Test: lmkd in PSI mode Change-Id: Ifb7e12280b2aa4d379df29e24bbeab3e82a0bff8 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Greg Kroah-Hartman
|
0cc8f104f4 |
This is the 4.14.104 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlx2U3kACgkQONu9yGCS
aT6ocg//RY5zNiVm1frgw1M6HrUUfPO0nXMs67X93sIZ+Iwym5gUBWAK9wfyLn/h
7G5bGnKya9IS1ltU1Z2fwaIt+N7Wnih3sMk/6ypmf4VdDVE2mGrML0D3nPW7fO3A
iiXzdixDQlt/VHNB2CXg/z0a7cvtw6ZNF+69QR+plHEGgy40tNvIYPbeCMgfKBAk
hkv1BjN3SdHzM0CbIDBx/Wq/kFP/pUEcmVJ0gafdZiYAQM69nkQvFcoSslASfbP4
/VP1vlXO0EINgGn8u6/C+iGoGbPYCXOcwafUXEFVh2bQML4IfOiX1mGE3ve5Pe5Z
ooYbbhsyKfEtclNfBKUjuTfdrkHBedyoeohkEhzDzpQBpeoW3yp5y/1sTdIMHeHs
j4L1qmgX3QfWrJXyaBWKaHOQjK+rpZPfbt+pfxE9l8+M+6jzHtnmabVdjxZ70LNn
YySa4eCW57HIV3Z3aMDL9fWNEAYxsXNtfc0h9rh0Byery44HNDAAeBaVSDsZFcbI
uLslCcKWNyJ/52Z+XkFWKzSYKHdpe2TvPzsDllokE7OpCRF35Wsdsf6V0LJrOXRO
t5O4t6rimhCF/Icd1oJmyV/SmDd8yrw3tE9JBdzZEmlBZpKDP0UCx8fMsQNPgE8y
NmKeDp0L4w44PBeTjqSrE8Q3o6BdtWsZEXz3x+zmkLyiZ7N6mzc=
=ODN3
-----END PGP SIGNATURE-----
Merge 4.14.104 into android-4.14
Changes in 4.14.104
ARM: 8834/1: Fix: kprobes: optimized kprobes illegal instruction
tracing: Fix number of entries in trace header
MIPS: eBPF: Always return sign extended 32b values
mac80211: Restore vif beacon interval if start ap fails
mac80211: Free mpath object when rhashtable insertion fails
libceph: handle an empty authorize reply
ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
proc, oom: do not report alien mms when setting oom_score_adj
KEYS: allow reaching the keys quotas exactly
mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
pvcalls-back: set -ENOTCONN in pvcalls_conn_back_read
mfd: twl-core: Fix section annotations on {,un}protect_pm_master
mfd: db8500-prcmu: Fix some section annotations
mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported
mfd: ab8500-core: Return zero in get_register_interruptible()
mfd: bd9571mwv: Add volatile register to make DVFS work
mfd: qcom_rpm: write fw_version to CTRL_REG
mfd: wm5110: Add missing ASRC rate register
mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe()
mfd: mc13xxx: Fix a missing check of a register-read failure
xen/pvcalls: remove set but not used variable 'intf'
qed: Fix qed_chain_set_prod() for PBL chains with non power of 2 page count
qed: Fix qed_ll2_post_rx_buffer_notify_fw() by adding a write memory barrier
net: hns: Fix use after free identified by SLUB debug
MIPS: ath79: Enable OF serial ports in the default config
netfilter: nf_tables: fix leaking object reference count
scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
scsi: isci: initialize shost fully before calling scsi_add_host()
MIPS: jazz: fix 64bit build
bpf: correctly set initial window on active Fast Open sender
net: stmmac: Fix PCI module removal leak
isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
scsi: ufs: Fix system suspend status
scsi: qedi: Add ep_state for login completion on un-reachable targets
always clear the X2APIC_ENABLE bit for PV guest
drm/meson: add missing of_node_put
atm: he: fix sign-extension overflow on large shift
hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table
leds: lp5523: fix a missing check of return value of lp55xx_read
bpf: bpf_setsockopt: reset sock dst on SO_MARK changes
mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky
net/mlx5e: Fix wrong (zero) TX drop counter indication for representor
isdn: avm: Fix string plus integer warning from Clang
batman-adv: fix uninit-value in batadv_interface_tx()
ipv6: propagate genlmsg_reply return code
net/mlx5e: Don't overwrite pedit action when multiple pedit used
net/packet: fix 4gb buffer limit due to overflow check
net: sfp: do not probe SFP module before we're attached
sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment
team: avoid complex list operations in team_nl_cmd_options_set()
sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
inet_diag: fix reporting cgroup classid and fallback to priority
RDMA/srp: Rework SCSI device reset handling
KEYS: user: Align the payload buffer
KEYS: always initialize keyring_index_key::desc_len
parisc: Fix ptrace syscall number modification
ARCv2: Enable unaligned access in early ASM code
ARC: U-boot: check arguments paranoidly
ARC: define ARCH_SLAB_MINALIGN = 8
drm/i915/fbdev: Actually configure untiled displays
net: validate untrusted gso packets without csum offload
net: avoid false positives in untrusted gso validation
Revert "bridge: do not add port to router list when receives query with source 0.0.0.0"
netfilter: nf_tables: fix flush after rule deletion in the same batch
netfilter: nft_compat: use-after-free when deleting targets
netfilter: ipv6: Don't preserve original oif for loopback address
pinctrl: max77620: Use define directive for max77620_pinconf_param values
phy: tegra: remove redundant self assignment of 'map'
sched/sysctl: Fix attributes of some extern declarations
net: phylink: avoid resolving link state too early
Linux 4.14.104
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Michal Hocko
|
e69eb7e8a0 |
proc, oom: do not report alien mms when setting oom_score_adj
commit b2b469939e93458753cfbf8282ad52636495965e upstream.
Tetsuo has reported that creating a thousands of processes sharing MM
without SIGHAND (aka alien threads) and setting
/proc/<pid>/oom_score_adj will swamp the kernel log and takes ages [1]
to finish. This is especially worrisome that all that printing is done
under RCU lock and this can potentially trigger RCU stall or softlockup
detector.
The primary reason for the printk was to catch potential users who might
depend on the behavior prior to 44a70adec910 ("mm, oom_adj: make sure
processes sharing mm have same view of oom_score_adj") but after more
than 2 years without a single report I guess it is safe to simply remove
the printk altogether.
The next step should be moving oom_score_adj over to the mm struct and
remove all the tasks crawling as suggested by [2]
[1] http://lkml.kernel.org/r/97fce864-6f75-bca5-14bc-12c9f890e740@i-love.sakura.ne.jp
[2] http://lkml.kernel.org/r/20190117155159.GA4087@dhcp22.suse.cz
Link: http://lkml.kernel.org/r/20190212102129.26288-1-mhocko@kernel.org
Signed-off-by: Michal Hocko <mhocko@suse.com>
Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Yong-Taek Lee <ytk.lee@samsung.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
01709c953f |
This is the 4.14.102 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxtG/gACgkQONu9yGCS aT7ZKxAA1PZRUjg4Q7m0zI6VXIKoQrlgbdaFC9xMJ1ySYDCRUbLnHXzBp3GuksEs s8n/dHfLRRy9HEs5g6KLgTvI/mNjQNZXJ7pKtcVnU5o6O7Oz4t8+Fr+zkyXTGKky eB+IS8IodW1xKrcYUIVzqiovt2O8bbwLBQ4xdAOdJClf/SiMZyuP2IN1bXKqXbQ6 D82Lbl0IJotaceF9V4CtrJhfEolqpU+6LW0gtdTEd00OLotK5svmVRvW71mNv+PK 5Njx3428rs0Y8iEgiunpX7hrLsekqeE610iDiHkC6kMp1gaNVdG0hSRDquwRzVrO 5R+SQqi3nd+k0Wt6beJE1xjdWwGkfZXZJYqK0AQY2kdnEA7sONDYt72at+5KchX5 GrkdQVNqvZfKAAXvAFNqd9xDCWItl4mZPS4wFaY8LYJpzgWjNGuNHi+QmzQP08Kd pJoNOf3183tNMaf3iUzCkyyctbVMTlPwaqZKnUMOGvlpxrVi5qvWpgTxPHKZ5+BW TBW2FDiZfO5bcAMoJdbSPOJb1V6GnPojjNkU1UdInj6HVBTAvVNvCa9Tvfn5X5yO 8QkS3wDGpKNGKGfSBkZvOTtY+2YByKI07K6f7ljqEt2xZGbHuK2swQZ7WDtFL82B klL+hDGzzfOilUidMVceYe2fi8d48YoXDVDSNSxPPJAPTDP+K20= =55az -----END PGP SIGNATURE----- Merge 4.14.102 into android-4.14 Changes in 4.14.102 dt-bindings: eeprom: at24: add "atmel,24c2048" compatible string eeprom: at24: add support for 24c2048 blk-mq: fix a hung issue when fsync uapi/if_ether.h: prevent redefinition of struct ethhdr ARM: 8789/1: signal: copy registers using __copy_to_user() ARM: 8790/1: signal: always use __copy_to_user to save iwmmxt context ARM: 8791/1: vfp: use __copy_to_user() when saving VFP state ARM: 8792/1: oabi-compat: copy oabi events using __copy_to_user() ARM: 8793/1: signal: replace __put_user_error with __put_user ARM: 8794/1: uaccess: Prevent speculative use of the current addr_limit ARM: 8795/1: spectre-v1.1: use put_user() for __put_user() ARM: 8796/1: spectre-v1,v1.1: provide helpers for address sanitization ARM: 8797/1: spectre-v1.1: harden __copy_to_user ARM: 8810/1: vfp: Fix wrong assignement to ufp_exc ARM: make lookup_processor_type() non-__init ARM: split out processor lookup ARM: clean up per-processor check_bugs method call ARM: add PROC_VTABLE and PROC_TABLE macros ARM: spectre-v2: per-CPU vtables to work around big.Little systems ARM: ensure that processor vtables is not lost after boot ARM: fix the cockup in the previous patch net: create skb_gso_validate_mac_len() bnx2x: disable GSO where gso_size is too big for hardware ACPI: NUMA: Use correct type for printing addresses on i386-PAE perf test shell: Use a fallback to get the pathname in vfs_getname cpufreq: check if policy is inactive early in __cpufreq_get() drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE drm/bridge: tc358767: fix single lane configuration drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value drm/bridge: tc358767: reject modes which require too much BW drm/bridge: tc358767: fix output H/V syncs nvme-pci: use the same attributes when freeing host_mem_desc_bufs. ARM: dts: da850-evm: Correct the sound card name ARM: dts: da850-lcdk: Correct the sound card name ARM: dts: kirkwood: Fix polarity of GPIO fan lines gpio: pl061: handle failed allocations drm/nouveau: Don't disable polling in fallback mode drm/nouveau/falcon: avoid touching registers if engine is off cifs: Limit memory used by lock request calls to a page Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK perf/core: Fix impossible ring-buffer sizes warning perf/x86: Add check_period PMU callback ALSA: hda - Add quirk for HP EliteBook 840 G5 ALSA: usb-audio: Fix implicit fb endpoint setup by quirk kvm: vmx: Fix entry number check for add_atomic_switch_msr() Input: bma150 - register input device after setting private data Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 mm: proc: smaps_rollup: fix pss_locked calculation alpha: fix page fault handling for r16-r18 targets alpha: Fix Eiger NR_IRQS to 128 tracing/uprobes: Fix output for multiple string arguments x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls signal: Restore the stop PTRACE_EVENT_EXIT md/raid1: don't clear bitmap bits on interrupted recovery. x86/a.out: Clear the dump structure initially dm crypt: don't overallocate the integrity tag space dm thin: fix bug where bio that overwrites thin block ignores FUA drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set sched, trace: Fix prev_state output in sched_switch tracepoint futex: Cure exit race pinctrl: msm: fix gpio-hog related boot issues uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define Linux 4.14.102 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Sandeep Patil
|
716926f409 |
mm: proc: smaps_rollup: fix pss_locked calculation
commit 27dd768ed8db48beefc4d9e006c58e7a00342bde upstream. The 'pss_locked' field of smaps_rollup was being calculated incorrectly. It accumulated the current pss everytime a locked VMA was found. Fix that by adding to 'pss_locked' the same time as that of 'pss' if the vma being walked is locked. Link: http://lkml.kernel.org/r/20190203065425.14650-1-sspatil@android.com Fixes: 493b0e9d945f ("mm: add /proc/pid/smaps_rollup") Signed-off-by: Sandeep Patil <sspatil@android.com> Acked-by: Vlastimil Babka <vbabka@suse.cz> Reviewed-by: Joel Fernandes (Google) <joel@joelfernandes.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Daniel Colascione <dancol@google.com> Cc: <stable@vger.kernel.org> [4.14.x, 4.19.x] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
7d2d5fc1ac |
This is the 4.14.91 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlwnau8ACgkQONu9yGCS aT7RJA/8Cbl1Gyw8rN8gZyvkgPnjFfJN5uRC2pvsa5Va7lsZTtOd8pzFE/vywcXM YlbIfFzCKsCFJCEEe0ovwB1smrA83DmlZ8sUIVw+t0pj6xMTKnnIa8oX4jbC9gug uarJjWJDcWwkwN6tcEhfQdATIzgGxhqCB1DJn+isYGOBCIdmjPOxX2Z/vL/kRFMV 1BwqD8Izi51USWrxDNW3DlEO1ytOWwz4PtIlbF+m9KUZpKtBrCuMbgYL/wQdzlM6 23GDvdpO23F456QR3z36JbfjGfcurrGquIOJPXPqQ0DxCTEb89nukUKuBmZMR+dO UIq2pW2XlLsm6cSwQRUiidhfapEHHPQ39YlAeQi39+DspeSHFNDgZxDjf0hnfK2+ PhYIOIcCF2gO8qG8D8dWwEU82++IUzT2P/HjwrAF9K4ywaGPHxCvn4Evf87cTJvd 9BI8RCSi/WrI7s6l4IoelmCfc6OrEbqKEFQo8beXtixv54vMKwgzui1/DcnbYv82 7xSEa5etfSh4Gxnof3dYUz8O88YJBdZzN8yNxb3zG8eBJr2l2hBxsKN1ufF/SmYL iUcRMmocW0dpAZf6usxZTt8flRmYKeAbfjT7S1BNuhmey1berLyXhmfXYmMelrgw EcRZl0h5LUzvg48tx7valkYByMjc8AJOXylUcAWuqRKt+VCq178= =hU+5 -----END PGP SIGNATURE----- Merge 4.14.91 into android-4.14 Changes in 4.14.91 block: break discard submissions into the user defined size block: fix infinite loop if the device loses discard capability ASoC: sta32x: set ->component pointer in private struct ubifs: Fix directory size calculation for symlinks ib_srpt: Fix a use-after-free in __srpt_close_all_ch() perf record: Synthesize features before events in pipe mode cifs: integer overflow in in SMB2_ioctl() USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only USB: xhci: fix 'broken_suspend' placement in struct xchi_hcd USB: serial: option: add GosunCn ZTE WeLink ME3630 USB: serial: option: add HP lt4132 USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) USB: serial: option: add Fibocom NL668 series USB: serial: option: add Telit LN940 series scsi: sd: use mempool for discard special page mmc: core: Reset HPI enabled state during re-init and in case of errors mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl mmc: omap_hsmmc: fix DMA API warning gpio: max7301: fix driver for use with CONFIG_VMAP_STACK gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers posix-timers: Fix division by zero bug kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs KVM: Fix UAF in nested posted interrupt processing Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels x86/mtrr: Don't copy uninitialized gentry fields back to userspace panic: avoid deadlocks in re-entrant console drivers iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT to old firmwares iwlwifi: add new cards for 9560, 9462, 9461 and killer series spi: imx: add a device specific prepare_message callback spi: imx: mx51-ecspi: Move some initialisation to prepare_message hook. ubifs: Handle re-linking of inodes correctly while recovery mm: don't miss the last page because of round-off error proc/sysctl: don't return ENOMEM on lookup when a table is unregistering drm/ioctl: Fix Spectre v1 vulnerabilities Linux 4.14.91 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Ivan Delalande
|
5cebd962c9 |
proc/sysctl: don't return ENOMEM on lookup when a table is unregistering
commit ea5751ccd665a2fd1b24f9af81f6167f0718c5f6 upstream.
proc_sys_lookup can fail with ENOMEM instead of ENOENT when the
corresponding sysctl table is being unregistered. In our case we see
this upon opening /proc/sys/net/*/conf files while network interfaces
are being deleted, which confuses our configuration daemon.
The problem was successfully reproduced and this fix tested on v4.9.122
and v4.20-rc6.
v2: return ERR_PTRs in all cases when proc_sys_make_inode fails instead
of mixing them with NULL. Thanks Al Viro for the feedback.
Fixes: ace0c791e6c3 ("proc/sysctl: Don't grab i_lock under sysctl_lock.")
Cc: stable@vger.kernel.org
Signed-off-by: Ivan Delalande <colona@arista.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Alistair Strachan
|
eff0c5c06e |
Revert "proc: Convert proc_mount to use mount_ns."
This reverts commit e94591d0d90c13166cb6eb54ce5f96ed13d81b55. This cleanup broke the parsing of procfs mount parameters. Bug: 79705088 Change-Id: I0f07180ef9a994c884abfa269ffb273ee0bcbc0d Signed-off-by: Alistair Strachan <astrachan@google.com> |
||
|
Greg Kroah-Hartman
|
4e76528bd4 |
This is the 4.14.81 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlvrIsYACgkQONu9yGCS
aT7AahAAn0IfSox3VzHgWzpZJts8jGyziMbP15hjSJjYlZSrrxUVKW3H5Kf0CUmR
33GaUM3CbfWAlQdqcgHbIoydQwY38Rggmuc/zonC+Bo0tPjfYGGGF6iFfNnwe+1L
nwYa2G/iPH776/+JkkSYbSsYnu5jHqGdkpai5zA5BFXd0HgD1vjRlsh7oKi2hwzk
ktWPVNQjucBOmXcG2hDzP685hj/e49trHzkCxwZG0CDJBbWHN8c5gxaTGf8QstuS
JvRts1Uh7w2kUkMh0oGcsFsEXJtupiAwUR36CqWA/kIfGBT+3D0XLCmWsDEqMxKQ
XWJXMAL/gPXi2b8bJaL4jyvuKwF4auWOWWP0rwRzyZKwHk2Mxa1aAc7QM6KgKoLx
DG4m+OLcCVFtHZDb70EXtl8qPtF6CBsY/EqbC1vaaFtwj0s3ytS/P6S37oPyJhC6
JF5O+k9cz9/C+2rkKrrzGnVrXoVlySczHxORkkdcTksRj/fxZ9j0C/+r5ZJbDy7k
8dzDJaThzLxS9nnD0ctGNIHzBr1iubyWGWN6dWHT2JlpcF9l1o6zlV3uIAnGiO+R
Qa3kNhIGKP265wqn/wGZpQX1aK4cO8e9FEaOQNpKzP4AB9whUpf/unDe9M/LVqRM
PEESzW8XLMaFL6WJlz3ZvO+C0LiUkbwAadLtsMaOGLcSh90C3jc=
=vsAz
-----END PGP SIGNATURE-----
Merge 4.14.81 into android-4.14
Changes in 4.14.81
mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB
spi: bcm-qspi: switch back to reading flash using smaller chunks
bcache: trace missed reading by cache_missed
bcache: fix miss key refill->end in writeback
hwmon: (pmbus) Fix page count auto-detection.
jffs2: free jffs2_sb_info through jffs2_kill_sb()
cpufreq: conservative: Take limits changes into account properly
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
ipmi: Fix timer race with module unload
parisc: Fix address in HPMC IVA
parisc: Fix map_pages() to not overwrite existing pte entries
parisc: Fix exported address of os_hpmc handler
ALSA: hda - Add quirk for ASUS G751 laptop
ALSA: hda - Fix headphone pin config for ASUS G751
ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
x86/xen: Fix boot loader version reported for PVH guests
x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
x86/mm/pat: Disable preemption around __flush_tlb_all()
x86/speculation: Support Enhanced IBRS on future CPUs
ARM: dts: exynos: Disable pull control for MAX8997 interrupts on Origen
bpf: do not blindly change rlimit in reuseport net selftest
Revert "perf tools: Fix PMU term format max value calculation"
xfrm: policy: use hlist rcu variants on insert
perf vendor events intel: Fix wrong filter_band* values for uncore events
sparc: Fix single-pcr perf event counter management.
sparc: Throttle perf events properly.
sparc64: Make proc_id signed.
sched/fair: Fix the min_vruntime update logic in dequeue_entity()
perf tools: Fix use of alternatives to find JDIR
perf cpu_map: Align cpu map synthesized events properly.
x86/fpu: Remove second definition of fpu in __fpu__restore_sig()
net: qla3xxx: Remove overflowing shift statement
selftests: ftrace: Add synthetic event syntax testcase
i2c: rcar: cleanup DMA for all kinds of failure
locking/lockdep: Fix debug_locks off performance problem
ataflop: fix error handling during setup
swim: fix cleanup on setup error
nfp: devlink port split support for 1x100G CXP NIC
tun: Consistently configure generic netdev params via rtnetlink
s390/sthyi: Fix machine name validity indication
hwmon: (pwm-fan) Set fan speed to 0 on suspend
lightnvm: pblk: fix two sleep-in-atomic-context bugs
spi: spi-ep93xx: Use dma_data_direction for ep93xx_spi_dma_{finish,prepare}
perf tools: Free temporary 'sys' string in read_event_files()
perf tools: Cleanup trace-event-info 'tdata' leak
perf strbuf: Match va_{add,copy} with va_end
cpupower: Fix coredump on VMWare
mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
iwlwifi: pcie: avoid empty free RB queue
iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface
x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC
ACPI / processor: Fix the return value of acpi_processor_ids_walk()
cpufreq: dt: Try freeing static OPPs only if we have added them
mtd: rawnand: atmel: Fix potential NULL pointer dereference
signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
x86: boot: Fix EFI stub alignment
pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
brcmfmac: fix for proper support of 160MHz bandwidth
net: phy: phylink: ensure the carrier is off when starting phylink
block, bfq: correctly charge and reset entity service in all cases
kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
pinctrl: qcom: spmi-mpp: Fix drive strength setting
pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
net: dsa: mv88e6xxx: Fix writing to a PHY page.
iwlwifi: mvm: fix BAR seq ctrl reporting
ixgbevf: VF2VF TCP RSS
ath10k: schedule hardware restart if WMI command times out
thermal: da9062/61: Prevent hardware access during system suspend
cgroup, netclassid: add a preemption point to write_classid
scsi: esp_scsi: Track residual for PIO transfers
UAPI: ndctl: Fix g++-unsupported initialisation in headers
KVM: nVMX: Clear reserved bits of #DB exit qualification
scsi: megaraid_sas: fix a missing-check bug
RDMA/core: Do not expose unsupported counters
IB/ipoib: Clear IPCB before icmp_send
RDMA/bnxt_re: Fix recursive lock warning in debug kernel
usb: host: ohci-at91: fix request of irq for optional gpio
PCI: mediatek: Fix mtk_pcie_find_port() endpoint/port matching logic
tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated
Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask
VMCI: Resource wildcard match fixed
PCI / ACPI: Enable wake automatically for power managed bridges
usb: gadget: udc: atmel: handle at91sam9rl PMC
ext4: fix argument checking in EXT4_IOC_MOVE_EXT
MD: fix invalid stored role for a disk
f2fs: fix to recover inode's i_flags during POR
PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice
coresight: etb10: Fix handling of perf mode
PCI: dwc: pci-dra7xx: Enable errata i870 for both EP and RC mode
crypto: caam - fix implicit casts in endianness helpers
usb: chipidea: Prevent unbalanced IRQ disable
driver/dma/ioat: Call del_timer_sync() without holding prep_lock
uio: ensure class is registered before devices
scsi: lpfc: Correct soft lockup when running mds diagnostics
scsi: lpfc: Correct race with abort on completion path
f2fs: report error if quota off error during umount
signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init
mfd: menelaus: Fix possible race condition and leak
dmaengine: dma-jz4780: Return error if not probed from DT
IB/rxe: fix for duplicate request processing and ack psns
ALSA: hda: Check the non-cached stream buffers more explicitly
cpupower: Fix AMD Family 0x17 msr_pstate size
Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()"
f2fs: fix to account IO correctly
ARM: dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes
arm: dts: exynos: Add missing cooling device properties for CPUs
ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings
ARM: dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250
xen-swiotlb: use actually allocated size on check physical continuous
tpm: Restore functionality to xen vtpm driver.
xen/blkfront: avoid NULL blkfront_info dereference on device removal
xen/balloon: Support xend-based toolstack
xen: fix race in xen_qlock_wait()
xen: make xen_qlock_wait() nestable
xen/pvh: increase early stack size
xen/pvh: don't try to unplug emulated devices
libertas: don't set URB_ZERO_PACKET on IN USB transfer
usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten
usb: gadget: udc: renesas_usb3: Fix b-device mode for "workaround"
iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()
net/ipv4: defensive cipso option parsing
dmaengine: ppc4xx: fix off-by-one build failure
dmaengine: stm32-dma: fix incomplete configuration in cyclic mode
libnvdimm: Hold reference on parent while scheduling async init
libnvdimm, region: Fail badblocks listing for inactive regions
ASoC: intel: skylake: Add missing break in skl_tplg_get_token()
IB/mlx5: Fix MR cache initialization
jbd2: fix use after free in jbd2_log_do_checkpoint()
gfs2_meta: ->mount() can get NULL dev_name
ext4: initialize retries variable in ext4_da_write_inline_data_begin()
ext4: fix setattr project check in fssetxattr ioctl
ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR
ext4: fix use-after-free race in ext4_remount()'s error path
HID: hiddev: fix potential Spectre v1
EDAC, amd64: Add Family 17h, models 10h-2fh support
EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting
EDAC, skx_edac: Fix logical channel intermediate decoding
ARM: dts: dra7: Fix up unaligned access setting for PCIe EP
PCI/ASPM: Fix link_state teardown on device removal
PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
PCI: vmd: White list for fast interrupt handlers
signal/GenWQE: Fix sending of SIGKILL
signal: Guard against negative signal numbers in copy_siginfo_from_user32
crypto: lrw - Fix out-of bounds access on counter overflow
crypto: tcrypt - fix ghash-generic speed test
mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range()
ima: fix showing large 'violations' or 'runtime_measurements_count'
hugetlbfs: dirty pages as they are added to pagecache
mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly
KVM: arm64: Fix caching of host MDCR_EL2 value
kbuild: fix kernel/bounds.c 'W=1' warning
iio: ad5064: Fix regulator handling
iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs()
iio: adc: at91: fix acking DRDY irq on simple conversions
iio: adc: at91: fix wrong channel number in triggered buffer mode
w1: omap-hdq: fix missing bus unregister at removal
smb3: allow stats which track session and share reconnects to be reset
smb3: do not attempt cifs operation in smb3 query info error path
smb3: on kerberos mount if server doesn't specify auth type use krb5
printk: Fix panic caused by passing log_buf_len to command line
genirq: Fix race on spurious interrupt detection
NFSv4.1: Fix the r/wsize checking
nfs: Fix a missed page unlock after pg_doio()
nfsd: Fix an Oops in free_session()
lockd: fix access beyond unterminated strings in prints
dm ioctl: harden copy_params()'s copy_from_user() from malicious users
dm zoned: fix metadata block ref counting
dm zoned: fix various dmz_get_mblock() issues
powerpc/msi: Fix compile error on mpc83xx
MIPS: OCTEON: fix out of bounds array access on CN68XX
iommu/arm-smmu: Ensure that page-table updates are visible before TLBI
TC: Set DMA masks for devices
media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD
kgdboc: Passing ekgdboc to command line causes panic
xen: fix xen_qlock_wait()
xen-blkfront: fix kernel panic with negotiate_mq error path
media: em28xx: use a default format if TRY_FMT fails
media: tvp5150: avoid going past array on v4l2_querymenu()
media: em28xx: fix input name for Terratec AV 350
media: em28xx: make v4l2-compliance happier by starting sequence on zero
media: media colorspaces*.rst: rename AdobeRGB to opRGB
arm64: lse: remove -fcall-used-x0 flag
rpmsg: smd: fix memory leak on channel create
Cramfs: fix abad comparison when wrap-arounds occur
ARM: dts: socfpga: Fix SDRAM node address for Arria10
arm64: dts: stratix10: Correct System Manager register size
soc/tegra: pmc: Fix child-node lookup
selftests/powerpc: Fix ptrace tm failure
btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled
btrfs: Handle owner mismatch gracefully when walking up tree
btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock
btrfs: fix error handling in free_log_tree
btrfs: Enhance btrfs_trim_fs function to handle error better
btrfs: Ensure btrfs_trim_fs can trim the whole filesystem
btrfs: iterate all devices during trim, instead of fs_devices::alloc_list
btrfs: don't attempt to trim devices that don't support it
btrfs: wait on caching when putting the bg cache
btrfs: protect space cache inode alloc with GFP_NOFS
btrfs: reset max_extent_size on clear in a bitmap
btrfs: make sure we create all new block groups
Btrfs: fix warning when replaying log after fsync of a tmpfile
Btrfs: fix wrong dentries after fsync of file that got its parent replaced
btrfs: qgroup: Dirty all qgroups before rescan
Btrfs: fix null pointer dereference on compressed write path error
Btrfs: fix assertion on fsync of regular file when using no-holes feature
btrfs: set max_extent_size properly
btrfs: don't use ctl->free_space for max_extent_size
btrfs: only free reserved extent if we didn't insert it
btrfs: don't run delayed_iputs in commit
btrfs: move the dio_sem higher up the callchain
Btrfs: fix use-after-free during inode eviction
Btrfs: fix use-after-free when dumping free space
Btrfs: fix fsync after hole punching when using no-holes feature
net: sched: Remove TCA_OPTIONS from policy
bpf: wait for running BPF programs when updating map-in-map
MD: fix invalid stored role for a disk - try2
Linux 4.14.81
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Vlastimil Babka
|
0c5e357fa8 |
mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range()
commit fa76da461bb0be13c8339d984dcf179151167c8f upstream. Leonardo reports an apparent regression in 4.19-rc7: BUG: unable to handle kernel NULL pointer dereference at 00000000000000f0 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 3 PID: 6032 Comm: python Not tainted 4.19.0-041900rc7-lowlatency #201810071631 Hardware name: LENOVO 80UG/Toronto 4A2, BIOS 0XCN45WW 08/09/2018 RIP: 0010:smaps_pte_range+0x32d/0x540 Code: 80 00 00 00 00 74 a9 48 89 de 41 f6 40 52 40 0f 85 04 02 00 00 49 2b 30 48 c1 ee 0c 49 03 b0 98 00 00 00 49 8b 80 a0 00 00 00 <48> 8b b8 f0 00 00 00 e8 b7 ef ec ff 48 85 c0 0f 84 71 ff ff ff a8 RSP: 0018:ffffb0cbc484fb88 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000560ddb9e9000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000560ddb9e9 RDI: 0000000000000001 RBP: ffffb0cbc484fbc0 R08: ffff94a5a227a578 R09: ffff94a5a227a578 R10: 0000000000000000 R11: 0000560ddbbe7000 R12: ffffe903098ba728 R13: ffffb0cbc484fc78 R14: ffffb0cbc484fcf8 R15: ffff94a5a2e9cf48 FS: 00007f6dfb683740(0000) GS:ffff94a5aaf80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000f0 CR3: 000000011c118001 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __walk_page_range+0x3c2/0x6f0 walk_page_vma+0x42/0x60 smap_gather_stats+0x79/0xe0 ? gather_pte_stats+0x320/0x320 ? gather_hugetlb_stats+0x70/0x70 show_smaps_rollup+0xcd/0x1c0 seq_read+0x157/0x400 __vfs_read+0x3a/0x180 ? security_file_permission+0x93/0xc0 ? security_file_permission+0x93/0xc0 vfs_read+0x8f/0x140 ksys_read+0x55/0xc0 __x64_sys_read+0x1a/0x20 do_syscall_64+0x5a/0x110 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Decoded code matched to local compilation+disassembly points to smaps_pte_entry(): } else if (unlikely(IS_ENABLED(CONFIG_SHMEM) && mss->check_shmem_swap && pte_none(*pte))) { page = find_get_entry(vma->vm_file->f_mapping, linear_page_index(vma, addr)); Here, vma->vm_file is NULL. mss->check_shmem_swap should be false in that case, however for smaps_rollup, smap_gather_stats() can set the flag true for one vma and leave it true for subsequent vma's where it should be false. To fix, reset the check_shmem_swap flag to false. There's also related bug which sets mss->swap to shmem_swapped, which in the context of smaps_rollup overwrites any value accumulated from previous vma's. Fix that as well. Note that the report suggests a regression between 4.17.19 and 4.19-rc7, which makes the 4.19 series ending with commit 258f669e7e88 ("mm: /proc/pid/smaps_rollup: convert to single value seq_file") suspicious. But the mss was reused for rollup since 493b0e9d945f ("mm: add /proc/pid/smaps_rollup") so let's play it safe with the stable backport. Link: http://lkml.kernel.org/r/555fbd1f-4ac9-0b58-dcd4-5dc4380ff7ca@suse.cz Link: https://bugzilla.kernel.org/show_bug.cgi?id=201377 Fixes: 493b0e9d945f ("mm: add /proc/pid/smaps_rollup") Signed-off-by: Vlastimil Babka <vbabka@suse.cz> Reported-by: Leonardo Soares Müller <leozinho29_eu@hotmail.com> Tested-by: Leonardo Soares Müller <leozinho29_eu@hotmail.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Daniel Colascione <dancol@google.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
b7e40c3d44 |
This is the 4.14.75 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlu9ojQACgkQONu9yGCS aT4mEQ/7Bca7+NaEbjKlb/x5VjEqc0IVxT+bIyctDe5Z4wV7vFh1hj2JyhowmOr4 duX1BWv6ERbHvbwDF+HwOodvQFeufxwbvjz+5HL/XxCjos8V6pWyguqQbjmzJ4QH CfTdQdj65AsSFzWlBhbqWgHza5EM2nMeoxoiTjip8wjDCFe4/8Sk72nNZV6uuqBX eG8GfkKsYrYxo9Nn21AM6N8AVV+IPZ4evTMdb4lNsMJwY5rG7isoB1NysJHtysIk vWncvXcwSrrg0LioWRG6+GN42Xpv2JRCgoDuX9FS6cDMS3FMEdfxzMu/Gg4NfYlA koo83pgLGsoE8QOkwa+db7ksHF06/NUDOXVP3WYYZ8nh0hovD5O8aG4Di9JpETdg DQCvKQEUVPIDjGU7CfJkIdpEfp5xly4bn8IoYsCPDVRbaF4HiM0OU+FYiVf7lEZV XDCdhFdcqeHIKlTaVtrJcO4ebO+dE9npnUZljYpRK5INjazN3YsD9RuBBQEIuF6A kYoGvOjEFzU/b9BoTXE8b5nB4Q+uL+euEc2XvhvTzuAcm2uOlf+EIQytIjhGO71n Kv6z8fcATNV1wbdtHz9/ZJKfxR/8pPpSZtIt4TGnhmS8aa4dNrqQmGb6ezymW3nr lZGmB3ig+4wt8DPtJ4rYER1hyOevKWtM+u6pAXFPGjhF18/u+fI= =u+8a -----END PGP SIGNATURE----- Merge 4.14.75 into android-4.14 Changes in 4.14.75 drm/amd/pp: initialize result to before or'ing in data drm/amdgpu: add another ATPX quirk for TOPAZ serial: mvebu-uart: Fix reporting of effective CSIZE to userspace tools/power turbostat: fix possible sprintf buffer overflow mac80211: Run TXQ teardown code before de-registering interfaces mac80211_hwsim: require at least one channel KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function btrfs: btrfs_shrink_device should call commit transaction at the end scsi: csiostor: add a check for NULL pointer after kmalloc() mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X gpio: adp5588: Fix sleep-in-atomic-context bug mac80211: mesh: fix HWMP sequence numbering to follow standard mac80211: avoid kernel panic when building AMSDU from non-linear SKB gpiolib: acpi: Switch to cansleep version of GPIO library call gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall net: hns: add the code for cleaning pkt in chip net: hns: add netif_carrier_off before change speed and duplex cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE mac80211: do not convert to A-MSDU if frag/subframe limited mac80211: always account for A-MSDU header changes tools/kvm_stat: fix python3 issues tools/kvm_stat: fix handling of invalid paths in debugfs provider gpio: Fix crash due to registration race ARC: atomics: unbork atomic_fetch_##op() md/raid5-cache: disable reshape completely RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 i2c: uniphier: issue STOP only for last message or I2C_M_STOP i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() fs/cifs: don't translate SFM_SLASH (U+F026) to backslash mac80211: fix an off-by-one issue in A-MSDU max_subframe computation cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() mac80211: fix a race between restart and CSA flows mac80211: Fix station bandwidth setting after channel switch mac80211: don't Tx a deauth frame if the AP forbade Tx mac80211: shorten the IBSS debug messages tools/vm/slabinfo.c: fix sign-compare warning tools/vm/page-types.c: fix "defined but not used" warning mm: madvise(MADV_DODUMP): allow hugetlbfs pages bpf: 32-bit RSH verification must truncate input before the ALU op netfilter: xt_cluster: add dependency on conntrack module HID: add support for Apple Magic Keyboards usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] HID: hid-saitek: Add device ID for RAT 7 Contagion scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails scsi: qedi: Add the CRC size within iSCSI NVM image perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() perf util: Fix bad memory access in trace info. perf probe powerpc: Ignore SyS symbols irrespective of endianness netfilter: nf_tables: release chain in flushing set Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" RDMA/ucma: check fd type in ucma_migrate_id() HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report USB: yurex: Check for truncation in yurex_read() nvmet-rdma: fix possible bogus dereference under heavy load net/mlx5: Consider PCI domain in search for next dev drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS drm/nouveau/disp: fix DP disable race dm raid: fix rebuild of specific devices by updating superblock fs/cifs: suppress a string overflow warning net: ena: fix driver when PAGE_SIZE == 64kB net: ena: fix missing calls to READ_ONCE perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs dm thin metadata: try to avoid ever aborting transactions arch/hexagon: fix kernel/dma.c build warning hexagon: modify ffs() and fls() to return int arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED s390/qeth: use vzalloc for QUERY OAT buffer s390/qeth: don't dump past end of unknown HW header cifs: read overflow in is_valid_oplock_break() xen/manage: don't complain about an empty value in control/sysrq node xen: avoid crash in disable_hotplug_cpu xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage ovl: fix access beyond unterminated strings ovl: fix memory leak on unlink of indexed file ovl: fix format of setxattr debug sysfs: Do not return POSIX ACL xattrs via listxattr smb2: fix missing files in root share directory listing iommu/amd: Clear memory encryption mask from physical address ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() crypto: mxs-dcp - Fix wait logic on chan threads crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic gpiolib: Free the last requested descriptor Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() tools: hv: fcopy: set 'error' in case an unknown operation was requested proc: restrict kernel stack dumps to root ocfs2: fix locking for res->tracking and dlm->tracking_list ixgbe: check return value of napi_complete_done() dm thin metadata: fix __udivdi3 undefined on 32-bit Linux 4.14.75 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Jann Horn
|
f8566a92ab |
proc: restrict kernel stack dumps to root
commit f8a00cef17206ecd1b30d3d9f99e10d9fa707aa7 upstream. Currently, you can use /proc/self/task/*/stack to cause a stack walk on a task you control while it is running on another CPU. That means that the stack can change under the stack walker. The stack walker does have guards against going completely off the rails and into random kernel memory, but it can interpret random data from your kernel stack as instruction pointers and stack pointers. This can cause exposure of kernel stack contents to userspace. Restrict the ability to inspect kernel stacks of arbitrary tasks to root in order to prevent a local attacker from exploiting racy stack unwinding to leak kernel task stack contents. See the added comment for a longer rationale. There don't seem to be any users of this userspace API that can't gracefully bail out if reading from the file fails. Therefore, I believe that this change is unlikely to break things. In the case that this patch does end up needing a revert, the next-best solution might be to fake a single-entry stack based on wchan. Link: http://lkml.kernel.org/r/20180927153316.200286-1-jannh@google.com Fixes: 2ec220e27f50 ("proc: add /proc/*/stack") Signed-off-by: Jann Horn <jannh@google.com> Acked-by: Kees Cook <keescook@chromium.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Ken Chen <kenchen@google.com> Cc: Will Deacon <will.deacon@arm.com> Cc: Laura Abbott <labbott@redhat.com> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: "H . Peter Anvin" <hpa@zytor.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
f8223ece3a |
This is the 4.14.70 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlucuKEACgkQONu9yGCS aT7nVw/+LAUm8xUhcFT2d8wLDhXxjtUN0lwzu9DPk6U4Dp1VGvdLpqcWx7XSD3Wo fzvn8XOjDCEmorrCSrAfcYGJpBucra0Wil2XhqXSxcdEBLe+Xc93WKkHJTnRIgYe K2gZG1N45b+F9/exTrxKEfVyrEKXjYX2wY3mgwVmVvaLZCQlf7qqB6pePrdxblvK WYhWZBWByOXXCgNpgBRvz9KcZUfQtaFszVBUsBQCJyTP0CX6sUPQpDyl7HXKlr3E vohdUHMKkGaMc57equyo8QZHTPWYZ5pfb1yu0AR+bE96SLTOrhlsfR/4u4yZRARa PlvDn67tJjt0TSqOnzoYLaJsl7bU9uYAS6LfV3eGz6UDXBuNOWJhifoovMDnycy/ Zj/aJ5icVJAJGUKxQk4V9TbG8VNQTOJDbGN4v7m213D7NXBoaT744oiiR2pCxfRV pkS5ZUXu5H/+yr7ixtn3kIkKnPew+mt+rOlei/XT2s+mqHwH+0a9NT7fbRxXloGN +V9FSUbvQBiJ+xKfscS7WRXDoctdSbcm/n/gLkUVsH/C/rc5Cor54dQ3iXgkb/JR atFgX2N2/m0X4vh0qC6+bZYUu9PSegQzEwiLNzMqA23weJuqPwlUrr/w7xSxwgPD kPMI+mMtR1gDpHlEmsLlXboO95xZh4Xp2AyWsSp465pT7UxwSkI= =dm6d -----END PGP SIGNATURE----- Merge 4.14.70 into android-4.14 Changes in 4.14.70 act_ife: fix a potential use-after-free ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state net: bcmgenet: use MAC link status for fixed phy net: macb: do not disable MDIO bus at open/close time net: sched: Fix memory exposure from short TCA_U32_SEL qlge: Fix netdev features configuration. r8169: add support for NCube 8168 network card tcp: do not restart timewait timer on rst reception vti6: remove !skb->ignore_df check from vti6_xmit() net/sched: act_pedit: fix dump of extended layered op tipc: fix a missing rhashtable_walk_exit() nfp: wait for posted reconfigs when disabling the device sctp: hold transport before accessing its asoc in sctp_transport_get_next mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge vhost: correctly check the iova range when waking virtqueue hv_netvsc: ignore devices that are not PCI hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() act_ife: move tcfa_lock down to where necessary act_ife: fix a potential deadlock net: sched: action_ife: take reference to meta module cifs: check if SMB2 PDU size has been padded and suppress the warning hfsplus: don't return 0 when fill_super() failed hfs: prevent crash on exit from failed search sunrpc: Don't use stack buffer with scatterlist fork: don't copy inconsistent signal handler state to child reiserfs: change j_timestamp type to time64_t hfsplus: fix NULL dereference in hfsplus_lookup() fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries fat: validate ->i_start before using scripts: modpost: check memory allocation results virtio: pci-legacy: Validate queue pfn x86/mce: Add notifier_block forward declaration IB/hfi1: Invalid NUMA node information can cause a divide by zero pwm: meson: Fix mux clock names mm/fadvise.c: fix signed overflow UBSAN complaint fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() platform/x86: intel_punit_ipc: fix build errors netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses s390/kdump: Fix memleak in nt_vmcoreinfo ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() mfd: sm501: Set coherent_dma_mask when creating subdevices platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 netfilter: fix memory leaks on netlink_dump_start error tcp, ulp: add alias for all ulp modules RDMA/hns: Fix usage of bitmap allocation functions return values net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero net: hns3: Fix for phy link issue when using marvell phy driver perf tools: Check for null when copying nsinfo. irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP net/9p/trans_fd.c: fix race by holding the lock net/9p: fix error path of p9_virtio_probe f2fs: fix to clear PG_checked flag in set_page_dirty() powerpc/uaccess: Enable get_user(u64, *p) on 32-bit powerpc: Fix size calculation using resource_size() perf probe powerpc: Fix trace event post-processing block: bvec_nr_vecs() returns value for wrong slab s390/dasd: fix hanging offline processing due to canceled worker s390/dasd: fix panic for failed online processing ACPI / scan: Initialize status to ACPI_STA_DEFAULT scsi: aic94xx: fix an error code in aic94xx_init() NFSv4: Fix error handling in nfs4_sp4_select_mode() Input: do not use WARN() in input_alloc_absinfo() xen/balloon: fix balloon initialization for PVH Dom0 PCI: mvebu: Fix I/O space end address calculation dm kcopyd: avoid softlockup in run_complete_job staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice ASoC: rt5677: Fix initialization of rt5677_of_match.data iommu/omap: Fix cache flushes on L2 table entries selftests/powerpc: Kill child processes on SIGINT RDS: IB: fix 'passing zero to ERR_PTR()' warning cfq: Suppress compiler warnings about comparisons smb3: fix reset of bytes read and written stats SMB3: Number of requests sent should be displayed for SMB3 not just CIFS powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning powerpc/64s: Make rfi_flush_fallback a little more robust powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 KVM: vmx: track host_state.loaded using a loaded_vmcs pointer kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 btrfs: Exit gracefully when chunk map cannot be inserted to the tree btrfs: replace: Reset on-disk dev stats value after replace btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized btrfs: Don't remove block group that still has pinned down bytes arm64: rockchip: Force CONFIG_PM on Rockchip systems ARM: rockchip: Force CONFIG_PM on Rockchip systems drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks" drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode drm/amd/pp/Polaris12: Fix a chunk of registers missed to program drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 drm/amdgpu: update tmr mc address drm/amdgpu:add tmr mc address into amdgpu_firmware_info drm/amdgpu:add new firmware id for VCN drm/amdgpu:add VCN support in PSP driver drm/amdgpu:add VCN booting with firmware loaded by PSP uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name debugobjects: Make stack check warning more informative sched/deadline: Fix switching to -deadline lightnvm: pblk: free padded entries in write buffer mm: Fix devm_memremap_pages() collision handling HID: add quirk for another PIXART OEM mouse used by HP usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear x86/xen: don't write ptes directly in 32-bit PV guests drm/i915: Increase LSPCON timeout kbuild: make missing $DEPMOD a Warning instead of an Error s390/lib: use expoline for all bcr instructions irda: Fix memory leak caused by repeated binds of irda socket irda: Only insert new objects into the global database via setsockopt Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" kvm: x86: Set highest physical address bits in non-present/reserved SPTEs x86: kvm: avoid unused variable warning arm64: cpu_errata: include required headers ASoC: wm8994: Fix missing break in switch arm64: Fix mismatched cache line size detection arm64: Handle mismatched cache type Linux 4.14.70 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
James Morse
|
305277dae9 |
fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries
[ Upstream commit df865e8337c397471b95f51017fea559bc8abb4a ] elf_kcore_store_hdr() uses __pa() to find the physical address of KCORE_RAM or KCORE_TEXT entries exported as program headers. This trips CONFIG_DEBUG_VIRTUAL's checks, as the KCORE_TEXT entries are not in the linear map. Handle these two cases separately, using __pa_symbol() for the KCORE_TEXT entries. Link: http://lkml.kernel.org/r/20180711131944.15252-1-james.morse@arm.com Signed-off-by: James Morse <james.morse@arm.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Omar Sandoval <osandov@fb.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
6f2e09c90a |
This is the 4.14.60 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAltj7TUACgkQONu9yGCS
aT6EYRAAvqCTCQmQfcduTp5ua9v3EatAhiCALUSS0SYwDNS0bbqRWaP7U/crvTs4
tJu2JY3bGFTvLSUHQyt/+0uwu4IKaMyerXCXdV0OcScpASsjbA18dbRY7zJEZjRt
g6seezpE9CCnWbPxh3SraIeRfxoITUCH6Gjz0NTJvKwbLiK3XgsgkItOZxBbf1ib
Qnu+9wLtbU90plBlY0ctgKpAa1UPJd3B2h7YGW4FfArEkDJ8M+loQygzd35rQfw/
s7R36nt1aaT5k+biQTxiWdpTmOL3fd1mC2OG4mBInc/u7qUtAFikBXbpQWfKochy
fSxjC+GMTWWoYmqdV7bnWuc/GgmmxXR3nBv6LZhR58i0NfMjmzU1kJhnN4Ea5xA8
4qOZcd9UFLq1Yn44skgN9dm0jDzJaSDhWe4/XX9v7I1YqbDqC1mEr0i2yLtj5FXZ
kTpcrieDBBzoY+GNZZnfWgmzg4V5W+1AM0k7PT7AoMbAJf57YF0rRoidlPE2sMQo
UEhIXTHjK/jACOFNNdFc+DsJjJz0nDV4FxZJ8Y6EGF6uJERnspAxbL8AheAl+NS1
MSuNzl/CVbpJ3C/GSgAj5aZxb4BYDdS/crCjvbgojAavfFaqWYCIj6ULPJPYYFfu
+qLPqIS7ctqXmnJ0tXA8okUrniGIUInZyhBsSee0IGp7tFfii5A=
=H+1i
-----END PGP SIGNATURE-----
Merge 4.14.60 into android-4.14
Changes in 4.14.60
fork: unconditionally clear stack on fork
i2c: core: decrease reference count of device node in i2c_unregister_device
RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access
drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4
IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()
drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4
spi: spi-s3c64xx: Fix system resume support
Input: elan_i2c - add ACPI ID for lenovo ideapad 330
Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
kvm, mm: account shadow page tables to kmemcg
delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
tracing: Fix double free of event_trigger_data
tracing: Fix possible double free in event_enable_trigger_func()
kthread, tracing: Don't expose half-written comm when creating kthreads
tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
tracing: Quiet gcc warning about maybe unused link variable
arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
mlxsw: spectrum_switchdev: Fix port_vlan refcounting
kcov: ensure irq code sees a valid area
xen/netfront: raise max number of slots in xennet_get_responses()
hv_netvsc: fix network namespace issues with VF support
skip LAYOUTRETURN if layout is invalid
ALSA: emu10k1: add error handling for snd_ctl_add
ALSA: fm801: add error handling for snd_ctl_add
NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY
nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
vfio: platform: Fix reset module leak in error path
vfio/mdev: Check globally for duplicate devices
vfio/type1: Fix task tracking for QEMU vCPU hotplug
kernel/hung_task.c: show all hung tasks before panic
mm: /proc/pid/pagemap: hide swap entries from unprivileged users
mm: vmalloc: avoid racy handling of debugobjects in vunmap
mm/slub.c: add __printf verification to slab_err()
rtc: ensure rtc_set_alarm fails when alarms are not supported
perf tools: Fix pmu events parsing rule
netfilter: ipset: forbid family for hash:mac sets
netfilter: ipset: List timing out entries with "timeout 1" instead of zero
irqchip/ls-scfg-msi: Map MSIs in the iommu
watchdog: da9063: Fix updating timeout value
printk: drop in_nmi check from printk_safe_flush_on_panic()
bpf, arm32: fix inconsistent naming about emit_a32_lsr_{r64,i64}
ceph: fix alignment of rasize
e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
infiniband: fix a possible use-after-free bug
powerpc/lib: Adjust .balign inside string functions for PPC32
powerpc/64s: Add barrier_nospec
powerpc/eeh: Fix use-after-release of EEH driver
hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
powerpc/64s: Fix compiler store ordering to SLB shadow area
RDMA/mad: Convert BUG_ONs to error flows
lightnvm: pblk: warn in case of corrupted write buffer
netfilter: nf_tables: check msg_type before nft_trans_set(trans)
pnfs: Don't release the sequence slot until we've processed layoutget on open
disable loading f2fs module on PAGE_SIZE > 4KB
f2fs: fix error path of move_data_page
f2fs: fix to don't trigger writeback during recovery
f2fs: fix to wait page writeback during revoking atomic write
f2fs: Fix deadlock in shutdown ioctl
f2fs: fix to detect failure of dquot_initialize
f2fs: fix race in between GC and atomic open
block, bfq: remove wrong lock in bfq_requests_merged
usbip: usbip_detach: Fix memory, udev context and udev leak
usbip: dynamically allocate idev by nports found in sysfs
perf/x86/intel/uncore: Correct fixed counter index check in generic code
perf/x86/intel/uncore: Correct fixed counter index check for NHM
selftests/intel_pstate: Improve test, minor fixes
selftests: memfd: return Kselftest Skip code for skipped tests
selftests: intel_pstate: return Kselftest Skip code for skipped tests
PCI: Fix devm_pci_alloc_host_bridge() memory leak
btrfs: balance dirty metadata pages in btrfs_finish_ordered_io
iwlwifi: pcie: fix race in Rx buffer allocator
Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
ASoC: dpcm: fix BE dai not hw_free and shutdown
mfd: cros_ec: Fail early if we cannot identify the EC
mwifiex: handle race during mwifiex_usb_disconnect
wlcore: sdio: check for valid platform device data before suspend
net: hns3: Fixes the init of the VALID BD info in the descriptor
media: tw686x: Fix incorrect vb2_mem_ops GFP flags
media: videobuf2-core: don't call memop 'finish' when queueing
Btrfs: don't return ino to ino cache if inode item removal fails
Btrfs: don't BUG_ON() in btrfs_truncate_inode_items()
btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
x86/microcode: Make the late update update_lock a raw lock for RT
PM / wakeup: Make s2idle_lock a RAW_SPINLOCK
PCI: Prevent sysfs disable of device while driver is attached
nvme-rdma: stop admin queue before freeing it
nvme-pci: Fix AER reset handling
ath: Add regulatory mapping for FCC3_ETSIC
ath: Add regulatory mapping for ETSI8_WORLD
ath: Add regulatory mapping for APL13_WORLD
ath: Add regulatory mapping for APL2_FCCA
ath: Add regulatory mapping for Uganda
ath: Add regulatory mapping for Tanzania
ath: Add regulatory mapping for Serbia
ath: Add regulatory mapping for Bermuda
ath: Add regulatory mapping for Bahamas
powerpc/32: Add a missing include header
powerpc/chrp/time: Make some functions static, add missing header include
powerpc/powermac: Add missing prototype for note_bootable_part()
powerpc/powermac: Mark variable x as unused
powerpc: Add __printf verification to prom_printf
spi: sh-msiof: Fix setting SIRMDR1.SYNCAC to match SITMDR1.SYNCAC
powerpc/8xx: fix invalid register expression in head_8xx.S
pinctrl: at91-pio4: add missing of_node_put
bpf: powerpc64: pad function address loads with NOPs
PCI: pciehp: Request control of native hotplug only if supported
net: dsa: qca8k: Add support for QCA8334 switch
mwifiex: correct histogram data with appropriate index
ima: based on policy verify firmware signatures (pre-allocated buffer)
drivers/perf: arm-ccn: don't log to dmesg in event_init
spi: Add missing pm_runtime_put_noidle() after failed get
net: hns3: Fix the missing client list node initialization
fscrypt: use unbound workqueue for decryption
scsi: ufs: ufshcd: fix possible unclocked register access
scsi: ufs: fix exception event handling
scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger
drm/nouveau/fifo/gk104-: poll for runlist update completion
Bluetooth: btusb: add ID for LiteOn 04ca:301a
rtc: tps6586x: fix possible race condition
rtc: vr41xx: fix possible race condition
rtc: tps65910: fix possible race condition
ALSA: emu10k1: Rate-limit error messages about page errors
regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
md/raid1: add error handling of read error from FailFast device
md: fix NULL dereference of mddev->pers in remove_and_add_spares()
ixgbevf: fix MAC address changes through ixgbevf_set_mac()
media: smiapp: fix timeout checking in smiapp_read_nvm
net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value
ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback
media: atomisp: ov2680: don't declare unused vars
arm64: cmpwait: Clear event register before arming exclusive monitor
HID: hid-plantronics: Re-resend Update to map button for PTT products
arm64: dts: renesas: salvator-common: use audio-graph-card for Sound
drm/radeon: fix mode_valid's return type
drm/amdgpu: Remove VRAM from shared bo domains.
powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet
HID: i2c-hid: check if device is there before really probing
EDAC, altera: Fix ARM64 build warning
ARM: dts: stih407-pinctrl: Fix complain about IRQ_TYPE_NONE usage
ARM: dts: emev2: Add missing interrupt-affinity to PMU node
ARM: dts: sh73a0: Add missing interrupt-affinity to PMU node
nvmem: properly handle returned value nvmem_reg_read
i40e: free the skb after clearing the bitlock
tty: Fix data race in tty_insert_flip_string_fixed_flag
dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
net: phy: phylink: Release link GPIO
media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
libata: Fix command retry decision
ACPI / LPSS: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2
media: media-device: fix ioctl function types
media: saa7164: Fix driver name in debug output
mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
brcmfmac: Add support for bcm43364 wireless chipset
s390/cpum_sf: Add data entry sizes to sampling trailer entry
perf: fix invalid bit in diagnostic entry
bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only.
scsi: 3w-9xxx: fix a missing-check bug
scsi: 3w-xxxx: fix a missing-check bug
scsi: megaraid: silence a static checker bug
scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw
scsi: qedf: Set the UNLOADING flag when removing a vport
staging: lustre: o2iblnd: fix race at kiblnd_connect_peer
staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5
thermal: exynos: fix setting rising_threshold for Exynos5433
bpf: fix references to free_bpf_prog_info() in comments
f2fs: avoid fsync() failure caused by EAGAIN in writepage()
media: siano: get rid of __le32/__le16 cast warnings
drm/atomic: Handling the case when setting old crtc for plane
ALSA: hda/ca0132: fix build failure when a local macro is defined
mmc: dw_mmc: update actual clock for mmc debugfs
mmc: pwrseq: Use kmalloc_array instead of stack VLA
dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC
spi: meson-spicc: Fix error handling in meson_spicc_probe()
net: hns3: Fixes the out of bounds access in hclge_map_tqp
dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
backlight: pwm_bl: Don't use GPIOF_* with gpiod_get_direction
stop_machine: Use raw spinlocks
delayacct: Use raw_spinlocks
memory: tegra: Do not handle spurious interrupts
memory: tegra: Apply interrupts mask per SoC
nvme: lightnvm: add granby support
arm64: defconfig: Enable Rockchip io-domain driver
igb: Fix queue selection on MAC filters on i210
drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
ipconfig: Correctly initialise ic_nameservers
rsi: Fix 'invalid vdd' warning in mmc
rsi: fix nommu_map_sg overflow kernel panic
audit: allow not equal op for audit by executable
staging: vchiq_core: Fix missing semaphore release in error case
staging: lustre: llite: correct removexattr detection
staging: lustre: ldlm: free resource when ldlm_lock_create() fails.
serial: core: Make sure compiler barfs for 16-byte earlycon names
soc: imx: gpcv2: Do not pass static memory as platform data
microblaze: Fix simpleImage format generation
usb: hub: Don't wait for connect state at resume for powered-off ports
crypto: authencesn - don't leak pointers to authenc keys
crypto: authenc - don't leak pointers to authenc keys
media: omap3isp: fix unbalanced dma_iommu_mapping
regulator: Don't return or expect -errno from of_map_mode()
scsi: scsi_dh: replace too broad "TP9" string with the exact models
scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
scsi: cxlflash: Synchronize reset and remove ops
scsi: cxlflash: Avoid clobbering context control register value
media: atomisp: compat32: fix __user annotations
media: si470x: fix __be16 annotations
ASoC: topology: Fix bclk and fsync inversion in set_link_hw_format()
ASoC: topology: Add missing clock gating parameter when parsing hw_configs
drm: Add DP PSR2 sink enable bit
drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown()
drm/dp/mst: Fix off-by-one typo when dump payload table
block: bio_iov_iter_get_pages: fix size of last iovec
blkdev: __blkdev_direct_IO_simple: fix leak in error case
block: reset bi_iter.bi_done after splitting bio
random: mix rdrand with entropy sent in from userspace
squashfs: be more careful about metadata corruption
ext4: fix inline data updates with checksums enabled
ext4: check for allocation block validity with block group locked
ext4: fix check to prevent initializing reserved inodes
PCI: pciehp: Assume NoCompl+ for Thunderbolt ports
PCI: xgene: Remove leftover pci_scan_child_bus() call
ovl: Sync upper dirty data when syncing overlayfs
usb: gadget: udc: renesas_usb3: should remove debugfs
RDMA/uverbs: Protect from attempts to create flows on unsupported QP
net: dsa: qca8k: Force CPU port to its highest bandwidth
net: dsa: qca8k: Enable RXMAC when bringing up a port
net: dsa: qca8k: Add QCA8334 binding documentation
net: dsa: qca8k: Allow overwriting CPU port setting
ipv4: remove BUG_ON() from fib_compute_spec_dst
net: ena: Fix use of uninitialized DMA address bits field
net: fix amd-xgbe flow-control issue
net: lan78xx: fix rx handling before first packet is send
net: mdio-mux: bcm-iproc: fix wrong getter and setter pair
NET: stmmac: align DMA stuff to largest cache line length
tcp_bbr: fix bw probing to raise in-flight data for very small BDPs
xen-netfront: wait xenbus state change when load module manually
netlink: Do not subscribe to non-existent groups
netlink: Don't shift with UB on nlk->ngroups
tcp: do not force quickack when receiving out-of-order packets
tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode
tcp: do not aggressively quick ack after ECN events
tcp: refactor tcp_ecn_check_ce to remove sk type cast
tcp: add one more quick ack after after ECN events
Linux 4.14.60
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Huang Ying
|
9e1a1fc0cd |
mm: /proc/pid/pagemap: hide swap entries from unprivileged users
[ Upstream commit ab6ecf247a9321e3180e021a6a60164dee53ab2e ]
In commit ab676b7d6fbf ("pagemap: do not leak physical addresses to
non-privileged userspace"), the /proc/PID/pagemap is restricted to be
readable only by CAP_SYS_ADMIN to address some security issue.
In commit 1c90308e7a77 ("pagemap: hide physical addresses from
non-privileged users"), the restriction is relieved to make
/proc/PID/pagemap readable, but hide the physical addresses for
non-privileged users.
But the swap entries are readable for non-privileged users too. This
has some security issues. For example, for page under migrating, the
swap entry has physical address information. So, in this patch, the
swap entries are hided for non-privileged users too.
Link: http://lkml.kernel.org/r/20180508012745.7238-1-ying.huang@intel.com
Fixes: 1c90308e7a77 ("pagemap: hide physical addresses from non-privileged users")
Signed-off-by: "Huang, Ying" <ying.huang@intel.com>
Suggested-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Reviewed-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Reviewed-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Cc: Andrei Vagin <avagin@openvz.org>
Cc: Jerome Glisse <jglisse@redhat.com>
Cc: Daniel Colascione <dancol@google.com>
Cc: Zi Yan <zi.yan@cs.rutgers.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
818299f6bd |
This is the 4.14.56 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAltNuVYACgkQONu9yGCS aT7kTA/+MRHC5oFvdnhSsF6jAHsY9rgJNQXPtZCFhZnHhhYHtubQ2OJOmSZ7IfM0 9yhz/7vijC9+tLufXQxQnu2UUL3ojNu1+l+q9s0U1GUzNiONlJ9q/CyB4xjXFRCS 1RdiDZaQbIqUCYs38UCTsEJF65uKjzQ6dpF21XdIXp5FPxgiZawo4HpjQRJswbAl Du97ybMEPN3XnAn207GjZwy58ubRLF5HDG1sqNGfjVWJ7oMTi+QJOCvY3PJtU3j2 unS0qjxLU432rOyDfaJK7Yj9s61zu0PurbJrHo+dw3O3hd/Og7soqoqohUEjZWXd z7jjrntXZOZ/0st2yHmygfAPUJm/8jsh7Pd39Jgyfeu/3Clo51gO494rwATQsyE5 mwIdllyzyMNBEJI2F2fxE60WlFsbTjeBOX3BaOwnF8pGRJWsCAfbFknRbuKh1fO5 czFbUSOi00POw4WHT1rxV9u0yDBXmP47fy9zHquOim+PfK8pFvWuf6GSFjvqRTv8 20w1w7eixMi09ZXOkgTJ3S00MKHSpxoaenI3n2NcEVVRgDEVfh3C/zelvvfCDMHD i36DN39Sj41PNA/R4n0TIA4W+ab9qBVzQl16yaj9JURR2rA92GyMVC1+Xjqo1Py3 GRFOf2Gprlm0/vfkiRsMu9coAJuKV6+8fHXQU4mzHulKUaDWuJ0= =/wBU -----END PGP SIGNATURE----- Merge 4.14.56 into android-4.14 Changes in 4.14.56 media: rc: mce_kbd decoder: fix stuck keys ASoC: mediatek: preallocate pages use platform device MIPS: Call dump_stack() from show_regs() MIPS: Use async IPIs for arch_trigger_cpumask_backtrace() MIPS: Fix ioremap() RAM check mmc: sdhci-esdhc-imx: allow 1.8V modes without 100/200MHz pinctrl states mmc: dw_mmc: fix card threshold control configuration ibmasm: don't write out of bounds in read handler staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data(). staging: r8822be: Fix RTL8822be can't find any wireless AP ata: Fix ZBC_OUT command block check ata: Fix ZBC_OUT all bit handling vmw_balloon: fix inflation with batching ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS USB: serial: ch341: fix type promotion bug in ch341_control_in() USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick USB: serial: keyspan_pda: fix modem-status error handling USB: yurex: fix out-of-bounds uaccess in read handler USB: serial: mos7840: fix status-register error handling usb: quirks: add delay quirks for Corsair Strafe xhci: xhci-mem: off by one in xhci_stream_id_to_ring() devpts: hoist out check for DEVPTS_SUPER_MAGIC devpts: resolve devpts bind-mounts Fix up non-directory creation in SGID directories genirq/affinity: assign vectors to all possible CPUs scsi: megaraid_sas: use adapter_type for all gen controllers scsi: megaraid_sas: replace instance->ctrl_context checks with instance->adapter_type scsi: megaraid_sas: replace is_ventura with adapter_type checks scsi: megaraid_sas: Create separate functions to allocate ctrl memory scsi: megaraid_sas: fix selection of reply queue ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION ALSA: hda - Handle pm failure during hotplug mm: do not drop unused pages when userfaultd is running fs/proc/task_mmu.c: fix Locked field in /proc/pid/smaps* fs, elf: make sure to page align bss in load_elf_library mm: do not bug_on on incorrect length in __mm_populate() tracing: Reorder display of TGID to be after PID kbuild: delete INSTALL_FW_PATH from kbuild documentation arm64: neon: Fix function may_use_simd() return error status tools build: fix # escaping in .cmd files for future Make IB/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values i2c: tegra: Fix NACK error handling iw_cxgb4: correctly enforce the max reg_mr depth xen: setup pv irq ops vector earlier nvme-pci: Remap CMB SQ entries on every controller reset crypto: x86/salsa20 - remove x86 salsa20 implementations uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() netfilter: nf_queue: augment nfqa_cfg_policy netfilter: x_tables: initialise match/target check parameter struct loop: add recursion validation to LOOP_CHANGE_FD PM / hibernate: Fix oops at snapshot_write() RDMA/ucm: Mark UCM interface as BROKEN loop: remember whether sysfs_create_group() was done f2fs: give message and set need_fsck given broken node id Linux 4.14.56 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Vlastimil Babka
|
e6f011384c |
fs/proc/task_mmu.c: fix Locked field in /proc/pid/smaps*
commit e70cc2bd579e8a9d6d153762f0fe294d0e652ff0 upstream.
Thomas reports:
"While looking around in /proc on my v4.14.52 system I noticed that all
processes got a lot of "Locked" memory in /proc/*/smaps. A lot more
memory than a regular user can usually lock with mlock().
Commit 493b0e9d945f (in v4.14-rc1) seems to have changed the behavior
of "Locked".
Before that commit the code was like this. Notice the VM_LOCKED check.
(vma->vm_flags & VM_LOCKED) ?
(unsigned long)(mss.pss >> (10 + PSS_SHIFT)) : 0);
After that commit Locked is now the same as Pss:
(unsigned long)(mss->pss >> (10 + PSS_SHIFT)));
This looks like a mistake."
Indeed, the commit has added mss->pss_locked with the correct value that
depends on VM_LOCKED, but forgot to actually use it. Fix it.
Link: http://lkml.kernel.org/r/ebf6c7fb-fec3-6a26-544f-710ed193c154@suse.cz
Fixes: 493b0e9d945f ("mm: add /proc/pid/smaps_rollup")
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Reported-by: Thomas Lindroth <thomas.lindroth@gmail.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Daniel Colascione <dancol@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
a51b40cc70 |
This is the 4.14.51 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlsqpOYACgkQONu9yGCS aT7cZw/+NE0Bmn8BhIyf2h//jWKqQ50epMtuOrROhaB9onBS3gbH00JsH6Aop9jh 9SJdJPveHb+cBEcNGIlx5u/WLvRxG64mDd1GgNcGoFnYOxl9y68XPS+2zlFGI66F CUqCDQS4DNS5KoXiLBJ48cDtuZNoSdlt8H5bC5qlFs16WIpj41CCG4cbkUk1eDzH CCR44mw7GxnmsF/44xuswhZZjCzGuOACWnhuYh8/dspGPZYOS0vBCX9RvhjBUFwD taLu9cm1kq8kQZBwt70+M36+OTwSS/rtVj/2g96l6QrLLCBk+OIjGO0yGaLXcTPx WA5Lxkt3stQbuttayddNkRsFsE+Cvi0r/wye9zKFxVqhaPad4/87aklHzKAnEehg Eu1JDR3ds2R4zSjifl7ACo2hWM//xIUcEDz4BvVjJSjVYTQamdsFHatRNl2NEW96 TYgmrbJALdYPIl5AD6hmeCwU2WqjrJPZnV0X5jVcWgVTp07mIag6qxibwUmY0TOa IfBEXG1zHzAgYycAbQw1OFz0IHavX10tmpmoKZE4ay4vi3Rnt/OIsCZtXnabZbjy xpiBumMUz3GGdU+5yKT4Iw1Cfg4EEAp9+sWSiJzx+frrB9pn5pafK2/RhdvOCF+8 MGyLOTbjz5v2IvprA5v76lUT1CjXcRbRE+YxmRSemAu1ruetBWY= =eyGS -----END PGP SIGNATURE----- Merge 4.14.51 into android-4.14 Changes in 4.14.51 clocksource/drivers/imx-tpm: Correct some registers operation flow Input: synaptics-rmi4 - fix an unchecked out of memory error path KVM: X86: fix incorrect reference of trace_kvm_pi_irte_update x86: Add check for APIC access address for vmentry of L2 guests MIPS: io: Prevent compiler reordering writeX() nfp: ignore signals when communicating with management FW perf report: Fix switching to another perf.data file fsnotify: fix ignore mask logic in send_to_group() MIPS: io: Add barrier after register read in readX() s390/smsgiucv: disable SMSG on module unload isofs: fix potential memory leak in mount option parsing MIPS: dts: Boston: Fix PCI bus dtc warnings: spi: sh-msiof: Fix bit field overflow writes to TSCR/RSCR doc: Add vendor prefix for Kieback & Peter GmbH dt-bindings: pinctrl: sunxi: Fix reference to driver dt-bindings: serial: sh-sci: Add support for r8a77965 (H)SCIF dt-bindings: dmaengine: rcar-dmac: document R8A77965 support clk: honor CLK_MUX_ROUND_CLOSEST in generic clk mux ASoC: rt5514: Add the missing register in the readable table eCryptfs: don't pass up plaintext names when using filename encryption soc: bcm: raspberrypi-power: Fix use of __packed soc: bcm2835: Make !RASPBERRYPI_FIRMWARE dummies return failure PCI: kirin: Fix reset gpio name ASoC: topology: Fix bugs of freeing soc topology xen: xenbus_dev_frontend: Really return response string ASoC: topology: Check widget kcontrols before deref. spi: cadence: Add usleep_range() for cdns_spi_fill_tx_fifo() blkcg: don't hold blkcg lock when deactivating policy tipc: fix infinite loop when dumping link monitor summary scsi: iscsi: respond to netlink with unicast when appropriate scsi: megaraid_sas: Do not log an error if FW successfully initializes. scsi: target: fix crash with iscsi target and dvd netfilter: nf_tables: NAT chain and extensions require NF_TABLES netfilter: nf_tables: fix out-of-bounds in nft_chain_commit_update ASoC: msm8916-wcd-analog: use threaded context for mbhc events drm/msm: Fix possible null dereference on failure of get_pages() drm/msm/dsi: use correct enum in dsi_get_cmd_fmt drm/msm: don't deref error pointer in the msm_fbdev_create error path blkcg: init root blkcg_gq under lock net: hns: Avoid action name truncation vfs: Undo an overly zealous MS_RDONLY -> SB_RDONLY conversion parisc: time: Convert read_persistent_clock() to read_persistent_clock64() scsi: storvsc: Set up correct queue depth values for IDE devices scsi: isci: Fix infinite loop in while loop mm, pagemap: fix swap offset value for PMD migration entry proc: revalidate kernel thread inodes to root:root kexec_file: do not add extra alignment to efi memmap mm: memcg: add __GFP_NOWARN in __memcg_schedule_kmem_cache_create() usb: typec: ucsi: fix tracepoint related build error ACPI / PM: Blacklist Low Power S0 Idle _DSM for ThinkPad X1 Tablet(2016) dt-bindings: meson-uart: DT fix s/clocks-names/clock-names/ powerpc/powernv/memtrace: Let the arch hotunplug code flush cache net: phy: marvell: clear wol event before setting it ARM: dts: da850: fix W=1 warnings with pinmux node ACPI / watchdog: Prefer iTCO_wdt on Lenovo Z50-70 drm/amdkfd: fix clock counter retrieval for node without GPU thermal: int3403_thermal: Fix NULL pointer deref on module load / probe net: ethtool: Add missing kernel doc for FEC parameters arm64: ptrace: remove addr_limit manipulation HID: lenovo: Add support for IBM/Lenovo Scrollpoint mice HID: wacom: Release device resource data obtained by devres_alloc() selftests: ftrace: Add a testcase for multiple actions on trigger rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp perf/x86/intel: Don't enable freeze-on-smi for PerfMon V1 remoteproc: qcom: Fix potential device node leaks rpmsg: added MODULE_ALIAS for rpmsg_char HID: intel-ish-hid: use put_device() instead of kfree() blk-mq: fix sysfs inflight counter arm64: fix possible spectre-v1 in ptrace_hbp_get_event() KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_mmio_read_apr() libahci: Allow drivers to override stop_engine ata: ahci: mvebu: override ahci_stop_engine for mvebu AHCI x86/cpu/intel: Add missing TLB cpuid values bpf: fix uninitialized variable in bpf tools i2c: sprd: Prevent i2c accesses after suspend is called i2c: sprd: Fix the i2c count issue tipc: fix bug in function tipc_nl_node_dump_monitor nvme: depend on INFINIBAND_ADDR_TRANS nvmet-rdma: depend on INFINIBAND_ADDR_TRANS ib_srpt: depend on INFINIBAND_ADDR_TRANS ib_srp: depend on INFINIBAND_ADDR_TRANS IB: make INFINIBAND_ADDR_TRANS configurable IB/uverbs: Fix validating mandatory attributes RDMA/cma: Fix use after destroy access to net namespace for IPoIB RDMA/iwpm: fix memory leak on map_info IB/rxe: add RXE_START_MASK for rxe_opcode IB_OPCODE_RC_SEND_ONLY_INV IB/rxe: avoid double kfree_skb <linux/stringhash.h>: fix end_name_hash() for 64bit long IB/core: Make ib_mad_client_id atomic ARM: davinci: board-da830-evm: fix GPIO lookup for MMC/SD ARM: davinci: board-da850-evm: fix GPIO lookup for MMC/SD ARM: davinci: board-omapl138-hawk: fix GPIO numbers for MMC/SD lookup ARM: davinci: board-dm355-evm: fix broken networking dt-bindings: panel: lvds: Fix path to display timing bindings ARM: OMAP2+: powerdomain: use raw_smp_processor_id() for trace ARM: dts: logicpd-som-lv: Fix WL127x Startup Issues ARM: dts: logicpd-som-lv: Fix Audio Mute Input: atmel_mxt_ts - fix the firmware update hexagon: add memset_io() helper hexagon: export csum_partial_copy_nocheck scsi: vmw-pvscsi: return DID_BUS_BUSY for adapter-initated aborts bpf, x64: fix memleak when not converging after image parisc: drivers.c: Fix section mismatches stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock kthread, sched/wait: Fix kthread_parkme() wait-loop arm64: tegra: Make BCM89610 PHY interrupt as active low iommu/vt-d: fix shift-out-of-bounds in bug checking nvme: fix potential memory leak in option parsing nvme: Set integrity flag for user passthrough commands ARM: OMAP1: ams-delta: fix deferred_fiq handler smc: fix sendpage() call IB/hfi1 Use correct type for num_user_context IB/hfi1: Fix memory leak in exception path in get_irq_affinity() RDMA/cma: Do not query GID during QP state transition to RTR spi: bcm2835aux: ensure interrupts are enabled for shared handler sched/core: Introduce set_special_state() sh: fix build failure for J2 cpu with SMP disabled tee: check shm references are consistent in offset/size mac80211: Adjust SAE authentication timeout drm/omap: silence unititialized variable warning drm/omap: fix uninitialized ret variable drm/omap: fix possible NULL ref issue in tiler_reserve_2d drm/omap: check return value from soc_device_match drm/omap: handle alloc failures in omap_connector driver core: add __printf verification to __ata_ehi_pushv_desc ARM: dts: cygnus: fix irq type for arm global timer mac80211: use timeout from the AddBA response instead of the request x86/xen: Reset VCPU0 info pointer after shared_info remap net: aquantia: driver should correctly declare vlan_features bits can: dev: increase bus-off message severity arm64: Add MIDR encoding for NVIDIA CPUs cifs: smb2ops: Fix listxattr() when there are no EAs agp: uninorth: make two functions static tipc: eliminate KMSAN uninit-value in strcmp complaint qed: Fix l2 initializations over iWARP personality qede: Fix gfp flags sent to rdma event node allocation rxrpc: Fix error reception on AF_INET6 sockets rxrpc: Fix the min security level for kernel calls KVM: Extend MAX_IRQ_ROUTES to 4096 for all archs x86: Delay skip of emulated hypercall instruction ixgbe: return error on unsupported SFP module when resetting net sched actions: fix invalid pointer dereferencing if skbedit flags missing init: fix false positives in W+X checking proc/kcore: don't bounds check against address 0 ocfs2: take inode cluster lock before moving reflinked inode from orphan dir kprobes/x86: Prohibit probing on exception masking instructions uprobes/x86: Prohibit probing on MOV SS instruction objtool, kprobes/x86: Sync the latest <asm/insn.h> header with tools/objtool/arch/x86/include/asm/insn.h x86/pkeys/selftests: Adjust the self-test to fresh distros that export the pkeys ABI x86/mpx/selftests: Adjust the self-test to fresh distros that export the MPX ABI x86/selftests: Add mov_to_ss test x86/pkeys/selftests: Give better unexpected fault error messages x86/pkeys/selftests: Stop using assert() x86/pkeys/selftests: Remove dead debugging code, fix dprint_in_signal x86/pkeys/selftests: Allow faults on unknown keys x86/pkeys/selftests: Factor out "instruction page" x86/pkeys/selftests: Add PROT_EXEC test x86/pkeys/selftests: Fix pkey exhaustion test off-by-one x86/pkeys/selftests: Fix pointer math x86/pkeys/selftests: Save off 'prot' for allocations x86/pkeys/selftests: Add a test for pkey 0 mtd: Fix comparison in map_word_andequal() afs: Fix the non-encryption of calls usb: musb: fix remote wakeup racing with suspend ARM: keystone: fix platform_domain_notifier array overrun i2c: pmcmsp: return message count on master_xfer success i2c: pmcmsp: fix error return from master_xfer i2c: viperboard: return message count on master_xfer success ARM: davinci: dm646x: fix timer interrupt generation ARM: davinci: board-dm646x-evm: pass correct I2C adapter id for VPIF ARM: davinci: board-dm646x-evm: set VPIF capture card name clk: imx6ull: use OSC clock during AXI rate change locking/rwsem: Add a new RWSEM_ANONYMOUSLY_OWNED flag locking/percpu-rwsem: Annotate rwsem ownership transfer by setting RWSEM_OWNER_UNKNOWN drm/dumb-buffers: Integer overflow in drm_mode_create_ioctl() sched/debug: Move the print_rt_rq() and print_dl_rq() declarations to kernel/sched/sched.h sched/deadline: Make the grub_reclaim() function static parisc: Move setup_profiling_timer() out of init section efi/libstub/arm64: Handle randomized TEXT_OFFSET ARM: 8753/1: decompressor: add a missing parameter to the addruart macro ARM: 8758/1: decompressor: restore r1 and r2 just before jumping to the kernel ARM: kexec: fix kdump register saving on panic() Revert "Btrfs: fix scrub to repair raid6 corruption" Btrfs: fix scrub to repair raid6 corruption Btrfs: make raid6 rebuild retry more tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() Linux 4.14.51 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Laura Abbott
|
553495752c |
proc/kcore: don't bounds check against address 0
[ Upstream commit 3955333df9a50e8783d115613a397ae55d905080 ] The existing kcore code checks for bad addresses against __va(0) with the assumption that this is the lowest address on the system. This may not hold true on some systems (e.g. arm64) and produce overflows and crashes. Switch to using other functions to validate the address range. It's currently only seen on arm64 and it's not clear if anyone wants to use that particular combination on a stable release. So this is not urgent for stable. Link: http://lkml.kernel.org/r/20180501201143.15121-1-labbott@redhat.com Signed-off-by: Laura Abbott <labbott@redhat.com> Tested-by: Dave Anderson <anderson@redhat.com> Cc: Kees Cook <keescook@chromium.org> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Ingo Molnar <mingo@kernel.org> Cc: Andi Kleen <andi@firstfloor.org> Cc: Alexey Dobriyan <adobriyan@gmail.com>a Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Alexey Dobriyan
|
d497efd805 |
proc: revalidate kernel thread inodes to root:root
[ Upstream commit 2e0ad552f5f8cd0fda02bc45fcd2b89821c62fd1 ]
task_dump_owner() has the following code:
mm = task->mm;
if (mm) {
if (get_dumpable(mm) != SUID_DUMP_USER) {
uid = ...
}
}
Check for ->mm is buggy -- kernel thread might be borrowing mm
and inode will go to some random uid:gid pair.
Link: http://lkml.kernel.org/r/20180412220109.GA20978@avx2
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Huang Ying
|
a206007623 |
mm, pagemap: fix swap offset value for PMD migration entry
[ Upstream commit 88c28f2469151b031f8cea9b28ed5be1b74a4172 ] The swap offset reported by /proc/<pid>/pagemap may be not correct for PMD migration entries. If addr passed into pagemap_pmd_range() isn't aligned with PMD start address, the swap offset reported doesn't reflect this. And in the loop to report information of each sub-page, the swap offset isn't increased accordingly as that for PFN. This may happen after opening /proc/<pid>/pagemap and seeking to a page whose address doesn't align with a PMD start address. I have verified this with a simple test program. BTW: migration swap entries have PFN information, do we need to restrict whether to show them? [akpm@linux-foundation.org: fix typo, per Huang, Ying] Link: http://lkml.kernel.org/r/20180408033737.10897-1-ying.huang@intel.com Signed-off-by: "Huang, Ying" <ying.huang@intel.com> Cc: Michal Hocko <mhocko@suse.com> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> Cc: Andrei Vagin <avagin@openvz.org> Cc: Dan Williams <dan.j.williams@intel.com> Cc: "Jerome Glisse" <jglisse@redhat.com> Cc: Daniel Colascione <dancol@google.com> Cc: Zi Yan <zi.yan@cs.rutgers.edu> Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
503f6fecb8 |
This is the 4.14.45 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlsOPCoACgkQONu9yGCS aT4vYBAAoESFP3oUtpyrPQU2yWQx7sRq/Dd8WyNlHlq2nRU8Y42ynB8TdRpAIces 3aP7vPwFLaK4H0SZt4oA+NialRMhC/bN6BmKaoTUXq2nmE2XzDkcPDu0zHnqQt9C vc5wa2hd+H95wj9cdkkPwdlmgVhHztowJ3uqqNaPql2MVjDLKxziNVMv7lAIGPk3 TycD9SihGAEKFjI2WIXaX6hm+3gGRnuK2ovlqnlF24dLRFiGIBL+fUp5ZGoxVlRP W260tQnTv/TvWUJ7V3x6rZ04kgV7LcaZrwSyN7GLJmhoi9Bw0BmL1N3cEAfEZdy2 YoGqDemLW9bEiHBhFuPOcFr7tyAz8EsVH4/KUwkIMgWNbV8DmTKT2nbfzG9ju6Hb q9q3OJyLPBamGxTuiXUspRhQJrVrMX6sahHQDj5786AVgBDoGVFw1d+v9kJCoSAv lnA7qTbCFeq288dJ3sU7OZhmApC1oMPjMjmfVWwuQKBz81xqsquAjQRkBY3Odw+j yreZ9PS2Krk3bpf9QoDf/NGM+zpFyyy3xbrHpMkIEv48VGYrpe0nP6TZRfEgF65L 036uZCPzpH+vFdyjMPWUPPXGZCD7q6DGk+wKit2eMFKOXB477yKA2+qAWs0GAeKo g7N0Rql7YZQK+Zu+1YvtfqF4WUBBP0uAb7FSuyVKVIzI3LfPCQk= =m2qv -----END PGP SIGNATURE----- Merge 4.14.45 into android-4.14 Changes in 4.14.45 MIPS: c-r4k: Fix data corruption related to cache coherence MIPS: ptrace: Expose FIR register through FP regset MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" affs_lookup(): close a race with affs_remove_link() fs: don't scan the inode cache before SB_BORN is set aio: fix io_destroy(2) vs. lookup_ioctx() race ALSA: timer: Fix pause event notification do d_instantiate/unlock_new_inode combinations safely mmc: sdhci-iproc: remove hard coded mmc cap 1.8v mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus libata: Blacklist some Sandisk SSDs for NCQ libata: blacklist Micron 500IT SSD with MU01 firmware xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros arm64: lse: Add early clobbers to some input/output asm operands powerpc/64s: Clear PCR on boot IB/hfi1: Use after free race condition in send context error path IB/umem: Use the correct mm during ib_umem_release sr: pass down correctly sized SCSI sense buffer idr: fix invalid ptr dereference on item delete Revert "ipc/shm: Fix shmat mmap nil-page protection" ipc/shm: fix shmat() nil address after round-down when remapping mm/kasan: don't vfree() nonexistent vm_area kasan: free allocated shadow memory on MEM_CANCEL_ONLINE kasan: fix memory hotplug during boot kernel/sys.c: fix potential Spectre v1 issue KVM/VMX: Expose SSBD properly to guests KVM: s390: vsie: fix < 8k check for the itdba KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed kvm: x86: IA32_ARCH_CAPABILITIES is always supported x86/kvm: fix LAPIC timer drift when guest uses periodic mode powerpc/64s: Improve RFI L1-D cache flush fallback powerpc/pseries: Support firmware disable of RFI flush powerpc/powernv: Support firmware disable of RFI flush powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again powerpc/rfi-flush: Always enable fallback flush on pseries powerpc/rfi-flush: Differentiate enabled and patched flush types powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags powerpc: Add security feature flags for Spectre/Meltdown powerpc/pseries: Set or clear security feature flags powerpc/powernv: Set or clear security feature flags powerpc/64s: Move cpu_show_meltdown() powerpc/64s: Enhance the information in cpu_show_meltdown() powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() powerpc/64s: Wire up cpu_show_spectre_v1() powerpc/64s: Wire up cpu_show_spectre_v2() powerpc/pseries: Fix clearing of security feature flags powerpc: Move default security feature flags powerpc/pseries: Restore default security feature flags on setup powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit MIPS: generic: Fix machine compatible matching mac80211: mesh: fix wrong mesh TTL offset calculation ARC: Fix malformed ARC_EMUL_UNALIGNED default ptr_ring: prevent integer overflow when calculating size arm64: dts: rockchip: fix rock64 gmac2io stability issues arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire libata: Fix compile warning with ATA_DEBUG enabled selftests: sync: missing CFLAGS while compiling selftest/vDSO: fix O= selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m selftests: memfd: add config fragment for fuse ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt ARM: OMAP3: Fix prm wake interrupt for resume ARM: OMAP2+: Fix sar_base inititalization for HS omaps ARM: OMAP1: clock: Fix debugfs_create_*() usage ibmvnic: Wait until reset is complete to set carrier on ibmvnic: Free RX socket buffer in case of adapter error ibmvnic: Clean RX pool buffers during device close tls: retrun the correct IV in getsockopt xhci: workaround for AMD Promontory disabled ports wakeup IB/uverbs: Fix method merging in uverbs_ioctl_merge IB/uverbs: Fix possible oops with duplicate ioctl attributes IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy arm64: dts: rockchip: Fix DWMMC clocks ARM: dts: rockchip: Fix DWMMC clocks iwlwifi: mvm: fix security bug in PN checking iwlwifi: mvm: fix IBSS for devices that support station type API iwlwifi: mvm: always init rs with 20mhz bandwidth rates NFC: llcp: Limit size of SDP URI rxrpc: Work around usercopy check MD: Free bioset when md_run fails md: fix md_write_start() deadlock w/o metadata devices s390/dasd: fix handling of internal requests xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 mac80211: fix a possible leak of station stats mac80211: fix calling sleeping function in atomic context cfg80211: clear wep keys after disconnection mac80211: Do not disconnect on invalid operating class mac80211: Fix sending ADDBA response for an ongoing session gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle md raid10: fix NULL deference in handle_write_completed() drm/exynos: g2d: use monotonic timestamps drm/exynos: fix comparison to bitshift when dealing with a mask drm/meson: fix vsync buffer update arm64: perf: correct PMUVer probing RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails RDMA/bnxt_re: Fix system crash during load/unload ibmvnic: Check for NULL skb's in NAPI poll routine net/mlx5e: Return error if prio is specified when offloading eswitch vlan push locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() md: raid5: avoid string overflow warning virtio_net: fix XDP code path in receive_small() kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE bug.h: work around GCC PR82365 in BUG() selftests/memfd: add run_fuse_test.sh to TEST_FILES seccomp: add a selftest for get_metadata soc: imx: gpc: de-register power domains only if initialized powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access s390/cio: fix ccw_device_start_timeout API s390/cio: fix return code after missing interrupt s390/cio: clear timer when terminating driver I/O selftests/bpf/test_maps: exit child process without error in ENOMEM case PKCS#7: fix direct verification of SignerInfo signature arm64: dts: cavium: fix PCI bus dtc warnings nfs: system crashes after NFS4ERR_MOVED recovery ARM: OMAP: Fix dmtimer init for omap1 smsc75xx: fix smsc75xx_set_features() regulatory: add NUL to request alpha2 integrity/security: fix digsig.c build error with header file x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations mac80211: drop frames with unexpected DS bits from fast-rx to slow path arm64: fix unwind_frame() for filtered out fn for function graph tracing macvlan: fix use-after-free in macvlan_common_newlink() KVM: nVMX: Don't halt vcpu when L1 is injecting events to L2 kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds ARM: dts: imx6dl: Include correct dtsi file for Engicam i.CoreM6 DualLite/Solo RQS fs: dcache: Avoid livelock between d_alloc_parallel and __d_add fs: dcache: Use READ_ONCE when accessing i_dir_seq md: fix a potential deadlock of raid5/raid10 reshape md/raid1: fix NULL pointer dereference batman-adv: fix packet checksum in receive path batman-adv: invalidate checksum on fragment reassembly netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount netfilter: ipt_CLUSTERIP: put config instead of freeing it netfilter: ebtables: convert BUG_ONs to WARN_ONs batman-adv: Ignore invalid batadv_iv_gw during netlink send batman-adv: Ignore invalid batadv_v_gw during netlink send batman-adv: Fix netlink dumping of BLA claims batman-adv: Fix netlink dumping of BLA backbones nvme-pci: Fix nvme queue cleanup if IRQ setup fails clocksource/drivers/fsl_ftm_timer: Fix error return checking libceph, ceph: avoid memory leak when specifying same option several times ceph: fix dentry leak when failing to init debugfs xen/pvcalls: fix null pointer dereference on map->sock ARM: orion5x: Revert commit 4904dbda41c8. qrtr: add MODULE_ALIAS macro to smd selftests/futex: Fix line continuation in Makefile r8152: fix tx packets accounting virtio-gpu: fix ioctl and expose the fixed status to userspace. dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 bcache: fix kcrashes with fio in RAID5 backend dev ip_gre: fix IFLA_MTU ignored on NEWLINK ip6_tunnel: fix IFLA_MTU ignored on NEWLINK sit: fix IFLA_MTU ignored on NEWLINK nbd: fix return value in error handling path ARM: dts: NSP: Fix amount of RAM on BCM958625HR ARM: dts: bcm283x: Fix unit address of local_intc powerpc/boot: Fix random libfdt related build errors clocksource/drivers/mips-gic-timer: Use correct shift count to extract data gianfar: Fix Rx byte accounting for ndev stats net/tcp/illinois: replace broken algorithm reference link nvmet: fix PSDT field check in command format net/smc: use link_id of server in confirm link reply mlxsw: core: Fix flex keys scratchpad offset conflict mlxsw: spectrum: Treat IPv6 unregistered multicast as broadcast spectrum: Reference count VLAN entries ARC: mcip: halt GFRC counter when ARC cores halt ARC: mcip: update MCIP debug mask when the new cpu came online ARC: setup cpu possible mask according to possible-cpus dts property ipvs: remove IPS_NAT_MASK check to fix passive FTP IB/mlx: Set slid to zero in Ethernet completion struct RDMA/bnxt_re: Unconditionly fence non wire memory operations RDMA/bnxt_re: Fix incorrect DB offset calculation RDMA/bnxt_re: Fix the ib_reg failure cleanup xen/pirq: fix error path cleanup when binding MSIs drm/amd/amdgpu: Correct VRAM width for APUs with GMC9 xfrm: Fix ESN sequence number handling for IPsec GSO packets. arm64: dts: rockchip: Fix rk3399-gru-* s2r (pinctrl hogs, wifi reset) drm/sun4i: Fix dclk_set_phase btrfs: use kvzalloc to allocate btrfs_fs_info Btrfs: send, fix issuing write op when processing hole in no data mode Btrfs: fix log replay failure after linking special file and fsync ceph: fix potential memory leak in init_caches() block: display the correct diskname for bio nvme-pci: Fix EEH failure on ppc nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable net: ethtool: don't ignore return from driver get_fecparam method iwlwifi: mvm: fix TX of CCMP 256 iwlwifi: mvm: Fix channel switch for count 0 and 1 iwlwifi: mvm: fix assert 0x2B00 on older FWs iwlwifi: avoid collecting firmware dump if not loaded iwlwifi: mvm: fix "failed to remove key" message iwlwifi: mvm: Direct multicast frames to the correct station iwlwifi: mvm: Correctly set the tid for mcast queue rds: Incorrect reference counting in TCP socket creation watchdog: f71808e_wdt: Fix magic close handling watchdog: sbsa: use 32-bit read for WCV batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag hv_netvsc: use napi_schedule_irqoff hv_netvsc: filter multicast/broadcast hv_netvsc: propagate rx filters to VF ARM: dts: rockchip: Add missing #sound-dai-cells on rk3288 perf record: Fix crash in pipe mode e1000e: Fix check_for_link return value with autoneg off e1000e: allocate ring descriptors with dma_zalloc_coherent ia64/err-inject: Use get_user_pages_fast() RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA RDMA/qedr: Fix iWARP write and send with immediate IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). fsl/fman: avoid sleeping in atomic context while adding an address qed: Free RoCE ILT Memory on rmmod qedr net: qcom/emac: Use proper free methods during TX net: smsc911x: Fix unload crash when link is up IB/core: Fix possible crash to access NULL netdev cxgb4: do not set needs_free_netdev for mgmt dev's xen-blkfront: move negotiate_mq to cover all cases of new VBDs xen: xenbus: use put_device() instead of kfree() hv_netvsc: fix filter flags hv_netvsc: fix locking for rx_mode hv_netvsc: fix locking during VF setup ARM: davinci: fix the GPIO lookup for omapl138-hawk arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery selftests/vm/run_vmtests: adjust hugetlb size according to nr_cpus lib/test_kmod.c: fix limit check on number of test devices created dmaengine: mv_xor_v2: Fix clock resource by adding a register clock netfilter: ebtables: fix erroneous reject of last rule can: m_can: change comparison to bitshift when dealing with a mask can: m_can: select pinctrl state in each suspend/resume function bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). workqueue: use put_device() instead of kfree() ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu sunvnet: does not support GSO for sctp KVM: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending gpu: ipu-v3: prg: avoid possible array underflow drm/imx: move arming of the vblank event to atomic_flush drm/nouveau/bl: fix backlight regression xfrm: fix rcu_read_unlock usage in xfrm_local_error iwlwifi: mvm: set the correct tid when we flush the MCAST sta iwlwifi: mvm: Correctly set IGTK for AP iwlwifi: mvm: fix error checking for multi/broadcast sta net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off vlan: Fix out of order vlan headers with reorder header off batman-adv: fix header size check in batadv_dbg_arp() net/sched: fix NULL dereference in the error path of tcf_sample_init() batman-adv: Fix skbuff rcsum on packet reroute vti4: Don't count header length twice on tunnel setup ip_tunnel: Clamp MTU to bounds on new link vti4: Don't override MTU passed on link creation via IFLA_MTU vti6: Fix dev->max_mtu setting iwlwifi: mvm: Increase session protection time after CS iwlwifi: mvm: clear tx queue id when unreserving aggregation queue iwlwifi: mvm: make sure internal station has a valid id iwlwifi: mvm: fix array out of bounds reference drm/tegra: Shutdown on driver unbind perf/cgroup: Fix child event counting bug brcmfmac: Fix check for ISO3166 code kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races RDMA/ucma: Correct option size check using optlen RDMA/qedr: fix QP's ack timeout configuration RDMA/qedr: Fix rc initialization on CNQ allocation failure RDMA/qedr: Fix QP state initialization race net/sched: fix idr leak on the error path of tcf_bpf_init() net/sched: fix idr leak in the error path of tcf_simp_init() net/sched: fix idr leak in the error path of tcf_act_police_init() net/sched: fix idr leak in the error path of tcp_pedit_init() net/sched: fix idr leak in the error path of __tcf_ipt_init() net/sched: fix idr leak in the error path of tcf_skbmod_init() net: dsa: Fix functional dsa-loop dependency on FIXED_PHY drm/ast: Fixed 1280x800 Display Issue mm/mempolicy.c: avoid use uninitialized preferred_node mm, thp: do not cause memcg oom for thp xfrm: Fix transport mode skb control buffer usage. selftests: ftrace: Add probe event argument syntax testcase selftests: ftrace: Add a testcase for string type with kprobe_event selftests: ftrace: Add a testcase for probepoint drm/amdkfd: Fix scratch memory with HWS enabled batman-adv: fix multicast-via-unicast transmission with AP isolation batman-adv: fix packet loss for broadcasted DHCP packets to a server ARM: 8748/1: mm: Define vdso_start, vdso_end as array lan78xx: Set ASD in MAC_CR when EEE is enabled. net: qmi_wwan: add BroadMobi BM806U 2020:2033 bonding: fix the err path for dev hwaddr sync in bond_enslave net: dsa: mt7530: fix module autoloading for OF platform drivers net/mlx5: Make eswitch support to depend on switchdev perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs x86/alternatives: Fixup alternative_call_2 llc: properly handle dev_queue_xmit() return value builddeb: Fix header package regarding dtc source links qede: Fix barrier usage after tx doorbell write. mm, slab: memcg_link the SLAB's kmem_cache mm/page_owner: fix recursion bug after changing skip entries mm/vmstat.c: fix vmstat_update() preemption BUG mm/kmemleak.c: wait for scan completion before disabling free hv_netvsc: enable multicast if necessary qede: Do not drop rx-checksum invalidated packets. net: Fix untag for vlan packets without ethernet header vlan: Fix vlan insertion for packets without ethernet header net: mvneta: fix enable of all initialized RXQs sh: fix debug trap failure to process signals before return to user firmware: dmi_scan: Fix UUID length safety check nvme: don't send keep-alives to the discovery controller Btrfs: clean up resources during umount after trans is aborted Btrfs: fix loss of prealloc extents past i_size after fsync log replay x86/pgtable: Don't set huge PUD/PMD on non-leaf entries x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table swap: divide-by-zero when zero length swap file on ssd z3fold: fix memory leak sr: get/drop reference to device in revalidate and check_events Force log to disk before reading the AGF during a fstrim cpufreq: CPPC: Initialize shared perf capabilities of CPUs powerpc/fscr: Enable interrupts earlier before calling get_user() perf tools: Fix perf builds with clang support perf clang: Add support for recent clang versions dp83640: Ensure against premature access to PHY registers after reset ibmvnic: Zero used TX descriptor counter on reset mm/ksm: fix interaction with THP mm: fix races between address_space dereference and free in page_evicatable mm: thp: fix potential clearing to referenced flag in page_idle_clear_pte_refs_one() Btrfs: bail out on error during replay_dir_deletes Btrfs: fix NULL pointer dereference in log_dir_items btrfs: Fix possible softlock on single core machines IB/rxe: Fix for oops in rxe_register_device on ppc64le arch ocfs2/dlm: don't handle migrate lockres if already in shutdown powerpc/64s/idle: Fix restore of AMOR on POWER9 after deep sleep sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of this_cpu_has() in build_cr3_noflush() KVM: VMX: raise internal error for exception during invalid protected mode state lan78xx: Connect phy early fscache: Fix hanging wait on page discarded by writeback sparc64: Make atomic_xchg() an inline function rather than a macro. net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() net: bgmac: Correctly annotate register space powerpc/64s: sreset panic if there is no debugger or crash dump handlers btrfs: tests/qgroup: Fix wrong tree backref level Btrfs: fix copy_items() return value when logging an inode btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled rxrpc: Fix Tx ring annotation after initial Tx failure rxrpc: Don't treat call aborts as conn aborts xen/acpi: off by one in read_acpi_id() drivers: macintosh: rack-meter: really fix bogus memsets ACPI: acpi_pad: Fix memory leak in power saving threads powerpc/mpic: Check if cpu_possible() in mpic_physmask() ieee802154: ca8210: fix uninitialised data read ath10k: advertize beacon_int_min_gcd iommu/amd: Take into account that alloc_dev_data() may return NULL intel_th: Use correct method of finding hub m68k: set dma and coherent masks for platform FEC ethernets iwlwifi: mvm: check if mac80211_queue is valid in iwl_mvm_disable_txq parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode hwmon: (nct6775) Fix writing pwmX_mode powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer powerpc/perf: Fix kernel address leak via sampling registers rsi: fix kernel panic observed on 64bit machine tools/thermal: tmon: fix for segfault selftests: Print the test we're running to /dev/kmsg net/mlx5: Protect from command bit overflow watchdog: davinci_wdt: fix error handling in davinci_wdt_probe() ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) nvme-pci: disable APST for Samsung NVMe SSD 960 EVO + ASUS PRIME Z370-A ath9k: fix crash in spectral scan cxgb4: Setup FW queues before registering netdev ima: Fix Kconfig to select TPM 2.0 CRB interface ima: Fallback to the builtin hash algorithm watchdog: aspeed: Allow configuring for alternate boot virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS arm: dts: socfpga: fix GIC PPI warning ext4: don't complain about incorrect features when probing drm/vmwgfx: Unpin the screen object backup buffer when not used iommu/mediatek: Fix protect memory setting cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path IB/mlx5: Set the default active rate and width to QDR and 4X zorro: Set up z->dev.dma_mask for the DMA API bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set remoteproc: imx_rproc: Fix an error handling path in 'imx_rproc_probe()' dt-bindings: add device tree binding for Allwinner H6 main CCU ACPICA: Events: add a return on failure from acpi_hw_register_read ACPICA: Fix memory leak on unusual memory leak ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c cxgb4: Fix queue free path of ULD drivers i2c: mv64xxx: Apply errata delay only in standard mode KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use perf top: Fix top.call-graph config option reading perf stat: Fix core dump when flag T is used IB/core: Honor port_num while resolving GID for IB link layer drm/amdkfd: add missing include of mm.h coresight: Use %px to print pcsr instead of %p regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()' spi: bcm-qspi: fIX some error handling paths net/smc: pay attention to MAX_ORDER for CQ entries MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset PCI: Restore config space on runtime resume despite being unbound watchdog: dw: RMW the control register watchdog: aspeed: Fix translation of reset mode to ctrl register ipmi_ssif: Fix kernel panic at msg_done_handler drm/meson: Fix some error handling paths in 'meson_drv_bind_master()' drm/meson: Fix an un-handled error path in 'meson_drv_bind_master()' powerpc: Add missing prototype for arch_irq_work_raise() powerpc/powernv/npu: Fix deadlock in mmio_invalidate() cxl: Check if PSL data-cache is available before issue flush request f2fs: fix to set KEEP_SIZE bit in f2fs_zero_range f2fs: fix to clear CP_TRIMMED_FLAG f2fs: fix to check extent cache in f2fs_drop_extent_tree perf/core: Fix installing cgroup events on CPU max17042: propagate of_node to power supply device perf/core: Fix perf_output_read_group() drm/panel: simple: Fix the bus format for the Ontat panel hwmon: (pmbus/max8688) Accept negative page register values hwmon: (pmbus/adm1275) Accept negative page register values perf/x86/intel: Properly save/restore the PMU state in the NMI handler cdrom: do not call check_disk_change() inside cdrom_open() efi/arm*: Only register page tables when they exist perf/x86/intel: Fix large period handling on Broadwell CPUs perf/x86/intel: Fix event update for auto-reload arm64: dts: qcom: Fix SPI5 config on MSM8996 soc: qcom: wcnss_ctrl: Fix increment in NV upload gfs2: Fix fallocate chunk size x86/devicetree: Initialize device tree before using it x86/devicetree: Fix device IRQ settings in DT phy: rockchip-emmc: retry calpad busy trimming ALSA: vmaster: Propagate slave error phy: qcom-qmp: Fix phy pipe clock gating drm/bridge: sii902x: Retry status read after DDI I2C tools: hv: fix compiler warnings about major/target_fname block: null_blk: fix 'Invalid parameters' when loading module dmaengine: pl330: fix a race condition in case of threaded irqs dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() enic: enable rq before updating rq descriptors watchdog: asm9260_wdt: fix error handling in asm9260_wdt_probe() hwrng: stm32 - add reset during probe pinctrl: devicetree: Fix dt_to_map_one_config handling of hogs pinctrl: artpec6: dt: add missing pin group uart5nocts vfio-ccw: fence off transport mode dmaengine: qcom: bam_dma: get num-channels and num-ees from dt drm: omapdrm: dss: Move initialization code from component bind to probe ARM: dts: dra71-evm: Correct evm_sd regulator max voltage drm/amdgpu: disable GFX ring and disable PQ wptr in hw_fini drm/amdgpu: adjust timeout for ib_ring_tests(v2) net: stmmac: ensure that the device has released ownership before reading data net: stmmac: ensure that the MSS desc is the last desc to set the own bit cpufreq: Reorder cpufreq_online() error code path dpaa_eth: fix SG mapping PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 udf: Provide saner default for invalid uid / gid ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode sh_eth: fix TSU init on SH7734/R8A7740 power: supply: ltc2941-battery-gauge: Fix temperature units ARM: dts: bcm283x: Fix probing of bcm2835-i2s ARM: dts: bcm283x: Fix pin function of JTAG pins PCMCIA / PM: Avoid noirq suspend aborts during suspend-to-idle audit: return on memory error to avoid null pointer dereference net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() rcu: Call touch_nmi_watchdog() while printing stall warnings pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group dpaa_eth: fix pause capability advertisement logic MIPS: Octeon: Fix logging messages with spurious periods after newlines drm/rockchip: Respect page offset for PRIME mmap calls x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified perf test: Fix test case inet_pton to accept inlines. perf report: Fix wrong jump arrow perf tests: Use arch__compare_symbol_names to compare symbols perf report: Fix memory corruption in --branch-history mode --branch-history perf tests: Fix dwarf unwind for stripped binaries selftests/net: fixes psock_fanout eBPF test case netlabel: If PF_INET6, check sk_buff ip header version drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen3 drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen2 ARM: dts: at91: tse850: use the correct compatible for the eeprom regmap: Correct comparison in regmap_cached i40e: Add delay after EMP reset for firmware to recover ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet ARM: dts: porter: Fix HDMI output routing regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' pinctrl: msm: Use dynamic GPIO numbering pinctrl: mcp23s08: spi: Fix regmap debugfs entries kdb: make "mdr" command repeat drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is successful Linux 4.14.45 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Danilo Krummrich
|
9c9844d9c9 |
fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table
[ Upstream commit a0b0d1c345d0317efe594df268feb5ccc99f651e ] proc_sys_link_fill_cache() does not take currently unregistering sysctl tables into account, which might result into a page fault in sysctl_follow_link() - add a check to fix it. This bug has been present since v3.4. Link: http://lkml.kernel.org/r/20180228013506.4915-1-danilokrummrich@dk-develop.de Fixes: 0e47c99d7fe25 ("sysctl: Replace root_list with links between sysctl_table_sets") Signed-off-by: Danilo Krummrich <danilokrummrich@dk-develop.de> Acked-by: Kees Cook <keescook@chromium.org> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: "Luis R . Rodriguez" <mcgrof@kernel.org> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Connor O'Brien
|
6d4fa70c7e |
ANDROID: proc: fix undefined behavior in proc_uid_base_readdir
When uid_base_stuff has no entries, proc_uid_base_readdir tries to compute an address before the start of the array. Revise this check to use uid_base_stuff + nents instead, which makes the code valid regardless of array size. Bug: 80158484 Test: No more compiler warning with CONFIG_CPU_FREQ_TIMES=n Change-Id: I6e55b27c3ba8210cee194f6d27bbd62c0b263796 Signed-off-by: Connor O'Brien <connoro@google.com> |
||
|
Greg Kroah-Hartman
|
4c9e0a9b25 |
This is the 4.14.43 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlsESzAACgkQONu9yGCS
aT71uhAAtwH5Dvy395KPNS+IqabGaFnEeVpIEsxtBlIa7crspp9eUqiqEWP6nAGg
dPeBE4jLEf8lVed0ErZ+p0eJTuhjgUmve4/5+LBWQtZIz+9ppttwklRysxCfPixs
/cPBfSbfjQTqeQqpB3jOpQAZXnyeipxFMMjxlLoXEcKxcVM9qr3b+oNJ1lw/ETH3
3NMIYL+PSKyYp2cnAFUpUeU7grJQeTAwPDVy+ziZ8tF0aU5JbHMNRL19d9NxhQCX
efk4sr8smkKUv9wayM63FMtjlm/MYc6cxLRz2DsWEAQuC6qkEEqwf7vZ4XEGrqci
1tGWibzzTpo1v+01r57U5VXkS+DMyjYajikZNTe3ixUp19iKQyMSsMrBNupapOMy
s2x+lZLKFa3q8PGpIy0kJ8yCYw2DZMlrEC+VAfr1S9M3vz9pPzLv398r7eYcHhJb
Q8hHPdWgX3dcsYhju5/gekDFn7M41dsU3vtoooz50HKDcqVovJNwZNgzsLR8Fs4F
X3yanXyP5rjBnM9dQUnhi0PvJA6E/ZWDmp6LF9ZiySX1xJ9+5gflI+MnvxRvVuXk
UP3f8ace87x3zWYzmGin7vouUzsIOueCJXKZCGCvcV5/NLMGAW3NBGCZWnnH6OTy
RPsDUeKj36QBmalitR9yYF25Ss/zDx1b8RRdeVkD1E0YpfgMubg=
=opxx
-----END PGP SIGNATURE-----
Merge 4.14.43 into android-4.14
Changes in 4.14.43
usbip: usbip_host: refine probe and disconnect debug msgs to be useful
usbip: usbip_host: delete device from busid_table after rebind
usbip: usbip_host: run rebind from exit when module is removed
usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
usbip: usbip_host: fix bad unlock balance during stub_probe()
ALSA: usb: mixer: volume quirk for CM102-A+/102S+
ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
ALSA: control: fix a redundant-copy issue
spi: pxa2xx: Allow 64-bit DMA
spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master
spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL
KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls
KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock
powerpc: Don't preempt_disable() in show_cpuinfo()
vfio: ccw: fix cleanup if cp_prefetch fails
tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
tee: shm: fix use-after-free via temporarily dropped reference
netfilter: nf_tables: free set name in error path
netfilter: nf_tables: can't fail after linking rule into active rule list
netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6}
i2c: designware: fix poll-after-enable regression
powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
drm: Match sysfs name in link removal to link creation
lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly
radix tree: fix multi-order iteration race
mm: don't allow deferred pages with NEED_PER_CPU_KM
drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk
s390/qdio: fix access to uninitialized qdio_q fields
s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
s390/qdio: don't release memory in qdio_setup_irq()
s390: remove indirect branch from do_softirq_own_stack
x86/pkeys: Override pkey when moving away from PROT_EXEC
x86/pkeys: Do not special case protection key 0
efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
x86/mm: Drop TS_COMPAT on 64-bit exec() syscall
tick/broadcast: Use for_each_cpu() specially on UP kernels
ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
Btrfs: fix xattr loss after power failure
Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting
btrfs: property: Set incompat flag if lzo/zstd compression is set
btrfs: fix crash when trying to resume balance without the resume flag
btrfs: Split btrfs_del_delalloc_inode into 2 functions
btrfs: Fix delalloc inodes invalidation during transaction abort
btrfs: fix reading stale metadata blocks after degraded raid1 mounts
x86/nospec: Simplify alternative_msr_write()
x86/bugs: Concentrate bug detection into a separate function
x86/bugs: Concentrate bug reporting into a separate function
x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
x86/bugs, KVM: Support the combination of guest and host IBRS
x86/bugs: Expose /sys/../spec_store_bypass
x86/cpufeatures: Add X86_FEATURE_RDS
x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation
x86/bugs/intel: Set proper CPU features and setup RDS
x86/bugs: Whitelist allowed SPEC_CTRL MSR values
x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
x86/speculation: Create spec-ctrl.h to avoid include hell
prctl: Add speculation control prctls
x86/process: Allow runtime control of Speculative Store Bypass
x86/speculation: Add prctl for Speculative Store Bypass mitigation
nospec: Allow getting/setting on non-current task
proc: Provide details on speculation flaw mitigations
seccomp: Enable speculation flaw mitigations
x86/bugs: Make boot modes __ro_after_init
prctl: Add force disable speculation
seccomp: Use PR_SPEC_FORCE_DISABLE
seccomp: Add filter flag to opt-out of SSB mitigation
seccomp: Move speculation migitation control to arch code
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
x86/bugs: Rename _RDS to _SSBD
proc: Use underscores for SSBD in 'status'
Documentation/spec_ctrl: Do some minor cleanups
x86/bugs: Fix __ssb_select_mitigation() return type
x86/bugs: Make cpu_show_common() static
x86/bugs: Fix the parameters alignment and missing void
x86/cpu: Make alternative_msr_write work for 32-bit code
KVM: SVM: Move spec control call after restore of GS
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
x86/cpufeatures: Disentangle SSBD enumeration
x86/cpufeatures: Add FEATURE_ZEN
x86/speculation: Handle HT correctly on AMD
x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
x86/speculation: Add virtualized speculative store bypass disable support
x86/speculation: Rework speculative_store_bypass_update()
x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
x86/bugs: Expose x86_spec_ctrl_base directly
x86/bugs: Remove x86_spec_ctrl_set()
x86/bugs: Rework spec_ctrl base and mask logic
x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
x86/bugs: Rename SSBD_NO to SSB_NO
Linux 4.14.43
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Konrad Rzeszutek Wilk
|
43c47eb2a2 |
proc: Use underscores for SSBD in 'status'
commit e96f46ee8587607a828f783daa6eb5b44d25004d upstream
The style for the 'status' file is CamelCase or this. _.
Fixes: fae1fa0fc ("proc: Provide details on speculation flaw mitigations")
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Thomas Gleixner
|
20d036a2e2 |
prctl: Add force disable speculation
commit 356e4bfff2c5489e016fdb925adbf12a1e3950ee upstream For certain use cases it is desired to enforce mitigations so they cannot be undone afterwards. That's important for loader stubs which want to prevent a child from disabling the mitigation again. Will also be used for seccomp(). The extra state preserving of the prctl state for SSB is a preparatory step for EBPF dymanic speculation control. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Kees Cook
|
dd88d569ee |
proc: Provide details on speculation flaw mitigations
commit fae1fa0fc6cca8beee3ab8ed71d54f9a78fa3f64 upstream As done with seccomp and no_new_privs, also show speculation flaw mitigation state in /proc/$pid/status. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
2b59cb7780 |
This is the 4.14.42 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlr/3ksACgkQONu9yGCS
aT5vdg/+NrZhrryO0+MisGGRnym0awDDo+TV0Wxuw2VCoCxAGbH0sGSJp9DtKcet
TDtLmw8RuJFU2NPBcN4aPuGFby5kLmlOslQhKg32mKcW0tnhK67DFhiqceZB/FeY
JdReYzvMv0UBsr5QFzPA3F5rbwjGV8N//3+spXOt3DykjtwR9wddGp7GxqWxIm/x
wF28tHr9LAdVuwPHw/Tpkl5ouDn8TGsuNejgv544EDWbACurZCKxxG7IYKD0vFTG
vrDPTuBoAXpzW/QI2kF7j6hy1hlzREGRak9CLYz2YAcMvXi2Lxlx5eL8lYMjTk5M
3uvkZQ6lXjIZpKd8mRxUzj6TtZ/g3iM/mTozLBFw/JIsnCNIzyHheVZRuPARd5xT
PF56P0cLrpO4d7Tdsn5bTcjuZDqNHn+II2ZvB9TaynJD1kDw5bpbfLi/KwZWAEHj
2KVl4AR1swpoGsQBcjH+w2k3zYHhX1WmrAzMaN/wnybcVwxwVizpWpIIMb6t6ejk
llG8va2ZSF8UA+OfwrTLUr483kSg3hYW72+85DdvL64K8yMOvmYhV2TncEQBH4aK
YGjomZDKcT10afIpY5/vAVFdtCBvSB3ar/6pMS/tio0UK/SBwTV81nYCoPWoB8R5
2gq6JJxjf92AMQhhbGnmPX8knDmbBOodDq3W8thLISIOG1qnJBA=
=w3oc
-----END PGP SIGNATURE-----
Merge 4.14.42 into android-4.14
Changes in 4.14.42
8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
bridge: check iface upper dev when setting master via ioctl
dccp: fix tasklet usage
ipv4: fix fnhe usage by non-cached routes
ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
llc: better deal with too small mtu
net: ethernet: sun: niu set correct packet size in skb
net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode
net/mlx4_en: Fix an error handling path in 'mlx4_en_init_netdev()'
net/mlx4_en: Verify coalescing parameters are in range
net/mlx5e: Err if asked to offload TC match on frag being first
net/mlx5: E-Switch, Include VF RDMA stats in vport statistics
net sched actions: fix refcnt leak in skbmod
net_sched: fq: take care of throttled flows before reuse
net: support compat 64-bit time in {s,g}etsockopt
net/tls: Don't recursively call push_record during tls_write_space callbacks
net/tls: Fix connection stall on partial tls record
openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
qmi_wwan: do not steal interfaces from class drivers
r8169: fix powering up RTL8168h
rds: do not leak kernel memory to user land
sctp: delay the authentication for the duplicated cookie-echo chunk
sctp: fix the issue that the cookie-ack with auth can't get processed
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg
sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
tcp_bbr: fix to zero idle_restart only upon S/ACKed data
tcp: ignore Fast Open on repair mode
tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
bonding: do not allow rlb updates to invalid mac
bonding: send learning packets for vlans on slave
net: sched: fix error path in tcf_proto_create() when modules are not configured
net/mlx5e: TX, Use correct counter in dma_map error flow
net/mlx5: Avoid cleaning flow steering table twice during error flow
hv_netvsc: set master device
ipv6: fix uninit-value in ip6_multipath_l3_keys()
net/mlx5e: Allow offloading ipv4 header re-write for icmp
nsh: fix infinite loop
udp: fix SO_BINDTODEVICE
scsi: aacraid: Correct hba_send to include iu_type
xfrm: Use __skb_queue_tail in xfrm_trans_queue
btrfs: Take trans lock before access running trans in check_delayed_ref
xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
l2tp: revert "l2tp: fix missing print session offset info"
proc: do not access cmdline nor environ from file-backed areas
Linux 4.14.42
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Willy Tarreau
|
5c9a9508de |
proc: do not access cmdline nor environ from file-backed areas
commit 7f7ccc2ccc2e70c6054685f5e3522efa81556830 upstream. proc_pid_cmdline_read() and environ_read() directly access the target process' VM to retrieve the command line and environment. If this process remaps these areas onto a file via mmap(), the requesting process may experience various issues such as extra delays if the underlying device is slow to respond. Let's simply refuse to access file-backed areas in these functions. For this we add a new FOLL_ANON gup flag that is passed to all calls to access_remote_vm(). The code already takes care of such failures (including unmapped areas). Accesses via /proc/pid/mem were not changed though. This was assigned CVE-2018-1120. Note for stable backports: the patch may apply to kernels prior to 4.11 but silently miss one location; it must be checked that no call to access_remote_vm() keeps zero as the last argument. Reported-by: Qualys Security Advisory <qsa@qualys.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Oleg Nesterov <oleg@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Willy Tarreau <w@1wt.eu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
bb60f28e48 |
This is the 4.14.37 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlrhlZ8ACgkQONu9yGCS
aT6VhBAAkG3u95ECjzudalQDGkXvWoV7YDpBsAn+npc8NjNsiORZoEWZGofflbIm
mnZdNvEpEJ2hDin53NBRwEicY3SAREU5ym9xvApg4YPjYDUN4ENqQZHBgvswq6cP
BlOs7JNTDKSycrxbYyaamPQNr7QBV72/Y8nRcBlnrpVuSgjPNJWMTNs7Gie/mufu
MyzX2vQ0Yz+KAZAD4y1bzQ37ByR1/u+4r/1Hq/lHdVXbmBkGHxQq+OgQvScmKmC3
XpFv5J5NGUQHL5jGe7bCfrfhN7U84Codeur4bzJzqQ3O+RL2uu9eZDAkeSw3HbxG
YHRqGo5yi1lR33sazA92mBDxbteLUX+pDGMZ8LkfHqmMXhTMFCVWnxmDxMiji5G1
+xMjxXH4b5WOquyR+y7LoLvirkYNYJa2mkPDuSitgiTCVRh4o6aP5UziBLao9SRy
Uke1983VluEowQu8QSNjAX4vZUm7j44UKWWQqpqgjKV4PUr8iilPsG9Z3AoRqRV+
u8ZI2FqUGl7hG+XsfDIlc/0Qz72u/OluSkLnNAcSh5rAxHQIuDG2ELcGpwHm5yd9
SBclUH9/cDlfOnlvZKPVAIDFhc23Ez4i+IWmObQ4VsIsrOq0WSzj+oYnWsqeNNw9
NiDQwym4eGWGPs9+GMsKfVAmfpv1HjA0LM6/wNvzYaACU56Lp+o=
=5URr
-----END PGP SIGNATURE-----
Merge 4.14.37 into android-4.14
Changes in 4.14.37
cifs: do not allow creating sockets except with SMB1 posix exensions
btrfs: fix unaligned access in readdir
x86/acpi: Prevent X2APIC id 0xffffffff from being accounted
clocksource/imx-tpm: Correct -ETIME return condition check
x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
drm/vc4: Fix memory leak during BO teardown
drm/i915/gvt: throw error on unhandled vfio ioctls
drm/i915/audio: Fix audio detection issue on GLK
drm/i915: Do no use kfree() to free a kmem_cache_alloc() return value
drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state
drm/i915/bxt, glk: Increase PCODE timeouts during CDCLK freq changing
usb: musb: fix enumeration after resume
usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
usb: musb: Fix external abort in musb_remove on omap2430
firewire-ohci: work around oversized DMA reads on JMicron controllers
x86/tsc: Allow TSC calibration without PIT
NFSv4: always set NFS_LOCK_LOST when a lock is lost.
ACPI / LPSS: Do not instiate platform_dev for devs without MMIO resources
ALSA: hda - Use IS_REACHABLE() for dependency on input
ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
RDMA/core: Clarify rdma_ah_find_type
KVM: PPC: Book3S HV: Enable migration of decrementer register
netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460
tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
KVM: s390: use created_vcpus in more places
platform/x86: dell-laptop: Filter out spurious keyboard backlight change events
xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
selftest: ftrace: Fix to pick text symbols for kprobes
PCI: Add function 1 DMA alias quirk for Marvell 9128
Input: psmouse - fix Synaptics detection when protocol is disabled
libbpf: Makefile set specified permission mode
Input: synaptics - reset the ABS_X/Y fuzz after initializing MT axes
i40iw: Free IEQ resources
i40iw: Zero-out consumer key on allocate stag for FMR
scsi: qla2xxx: Fix warning in qla2x00_async_iocb_timeout()
perf unwind: Do not look just at the global callchain_param.record_mode
tools lib traceevent: Simplify pointer print logic and fix %pF
perf callchain: Fix attr.sample_max_stack setting
tools lib traceevent: Fix get_field_str() for dynamic strings
perf record: Fix failed memory allocation for get_cpuid_str
iommu/exynos: Don't unconditionally steal bus ops
powerpc: System reset avoid interleaving oops using die synchronisation
iommu/vt-d: Use domain instead of cache fetching
dm thin: fix documentation relative to low water mark threshold
dm mpath: return DM_MAPIO_REQUEUE on blk-mq rq allocation failure
blk-mq: turn WARN_ON in __blk_mq_run_hw_queue into printk
ubifs: Fix uninitialized variable in search_dh_cookie()
net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
spi: a3700: Clear DATA_OUT when performing a read
IB/cq: Don't force IB_POLL_DIRECT poll context for ib_process_cq_direct
nfs: Do not convert nfs_idmap_cache_timeout to jiffies
MIPS: Fix clean of vmlinuz.{32,ecoff,bin,srec}
PCI: Add dummy pci_irqd_intx_xlate() for CONFIG_PCI=n build
watchdog: sp5100_tco: Fix watchdog disable bit
kconfig: Don't leak main menus during parsing
kconfig: Fix automatic menu creation mem leak
kconfig: Fix expr_free() E_NOT leak
mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
ipmi/powernv: Fix error return code in ipmi_powernv_probe()
Btrfs: set plug for fsync
btrfs: Fix out of bounds access in btrfs_search_slot
Btrfs: fix scrub to repair raid6 corruption
btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP
Btrfs: fix unexpected EEXIST from btrfs_get_extent
Btrfs: raid56: fix race between merge_bio and rbio_orig_end_io
RDMA/cma: Check existence of netdevice during port validation
f2fs: avoid hungtask when GC encrypted block if io_bits is set
scsi: devinfo: fix format of the device list
scsi: fas216: fix sense buffer initialization
Input: stmfts - set IRQ_NOAUTOEN to the irq flag
HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
nfp: fix error return code in nfp_pci_probe()
block: Set BIO_TRACE_COMPLETION on new bio during split
bpf: test_maps: cleanup sockmaps when test ends
i40evf: Don't schedule reset_task when device is being removed
i40evf: ignore link up if not running
platform/x86: thinkpad_acpi: suppress warning about palm detection
KVM: s390: vsie: use READ_ONCE to access some SCB fields
blk-mq-debugfs: don't allow write on attributes with seq_operations set
ASoC: rockchip: Use dummy_dai for rt5514 dsp dailink
igb: Allow to remove administratively set MAC on VFs
igb: Clear TXSTMP when ptp_tx_work() is timeout
fm10k: fix "failed to kill vid" message for VF
x86/hyperv: Stop suppressing X86_FEATURE_PCID
tty: serial: exar: Relocate sleep wake-up handling
device property: Define type of PROPERTY_ENRTY_*() macros
crypto: artpec6 - remove select on non-existing CRYPTO_SHA384
RDMA/uverbs: Use an unambiguous errno for method not supported
jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
ixgbe: don't set RXDCTL.RLPML for 82599
i40e: program fragmented IPv4 filter input set
i40e: fix reported mask for ntuple filters
samples/bpf: Partially fixes the bpf.o build
powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
powerpc/numa: Ensure nodes initialized for hotplug
RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
ntb_transport: Fix bug with max_mw_size parameter
gianfar: prevent integer wrapping in the rx handler
x86/hyperv: Check for required priviliges in hyperv_init()
netfilter: x_tables: fix pointer leaks to userspace
tcp_nv: fix potential integer overflow in tcpnv_acked
kvm: Map PFN-type memory regions as writable (if possible)
x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested
fs/dax.c: release PMD lock even when there is no PMD support in DAX
ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
ocfs2: return error when we attempt to access a dirty bh in jbd2
mm/mempolicy: fix the check of nodemask from user
mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
asm-generic: provide generic_pmdp_establish()
sparc64: update pmdp_invalidate() to return old pmd value
mm: thp: use down_read_trylock() in khugepaged to avoid long block
mm: pin address_space before dereferencing it while isolating an LRU page
mm/fadvise: discard partial page if endbyte is also EOF
openvswitch: Remove padding from packet before L3+ conntrack processing
blk-mq: fix discard merge with scheduler attached
IB/hfi1: Re-order IRQ cleanup to address driver cleanup race
IB/hfi1: Fix for potential refcount leak in hfi1_open_file()
IB/ipoib: Fix for potential no-carrier state
IB/core: Map iWarp AH type to undefined in rdma_ah_find_type
drm/nouveau/pmu/fuc: don't use movw directly anymore
s390/eadm: fix CONFIG_BLOCK include dependency
netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure
x86/power: Fix swsusp_arch_resume prototype
x86/dumpstack: Avoid uninitlized variable
firmware: dmi_scan: Fix handling of empty DMI strings
ACPI: processor_perflib: Do not send _PPC change notification if not ready
ACPI / bus: Do not call _STA on battery devices with unmet dependencies
ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs
bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
perf record: Fix period option handling
MIPS: Generic: Support GIC in EIC mode
perf evsel: Fix period/freq terms setup
xen-netfront: Fix race between device setup and open
xen/grant-table: Use put_page instead of free_page
bpf: sockmap, fix leaking maps with attached but not detached progs
RDS: IB: Fix null pointer issue
arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
proc: fix /proc/*/map_files lookup
PM / domains: Fix up domain-idle-states OF parsing
cifs: silence compiler warnings showing up with gcc-8.0.0
bcache: properly set task state in bch_writeback_thread()
bcache: fix for allocator and register thread race
bcache: fix for data collapse after re-attaching an attached device
bcache: return attach error when no cache set exist
cpufreq: intel_pstate: Enable HWP during system resume on CPU0
selftests/ftrace: Add some missing glob checks
rxrpc: Don't put crypto buffers on the stack
svcrdma: Fix Read chunk round-up
net: Extra '_get' in declaration of arch_get_platform_mac_address
tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
KVM: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code
SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context
net: stmmac: discard disabled flags in interrupt status register
bpf: fix rlimit in reuseport net selftest
ACPI / EC: Restore polling during noirq suspend/resume phases
PM / wakeirq: Fix unbalanced IRQ enable for wakeirq
vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page
powerpc/mm/hash64: Zero PGD pages on allocation
x86/platform/UV: Fix GAM Range Table entries less than 1GB
locking/qspinlock: Ensure node->count is updated before initialising node
powerpc/powernv: IMC fix out of bounds memory access at shutdown
perf test: Fix test trace+probe_libc_inet_pton.sh for s390x
irqchip/gic-v3: Ignore disabled ITS nodes
cpumask: Make for_each_cpu_wrap() available on UP as well
irqchip/gic-v3: Change pr_debug message to pr_devel
RDMA/core: Reduce poll batch for direct cq polling
alarmtimer: Init nanosleep alarm timer on stack
netfilter: x_tables: cap allocations at 512 mbyte
netfilter: x_tables: add counters allocation wrapper
netfilter: compat: prepare xt_compat_init_offsets to return errors
netfilter: compat: reject huge allocation requests
netfilter: x_tables: limit allocation requests for blob rule heads
perf: Fix sample_max_stack maximum check
perf: Return proper values for user stack errors
RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs
Revert "KVM: X86: Fix SMRAM accessing even if VM is shutdown"
mac80211_hwsim: fix use-after-free bug in hwsim_exit_net
Linux 4.14.37
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Jia Zhang
|
f4d6e4598a |
vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page
[ Upstream commit 595dd46ebfc10be041a365d0a3fa99df50b6ba73 ]
Commit:
df04abfd181a ("fs/proc/kcore.c: Add bounce buffer for ktext data")
... introduced a bounce buffer to work around CONFIG_HARDENED_USERCOPY=y.
However, accessing the vsyscall user page will cause an SMAP fault.
Replace memcpy() with copy_from_user() to fix this bug works, but adding
a common way to handle this sort of user page may be useful for future.
Currently, only vsyscall page requires KCORE_USER.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
Reviewed-by: Jiri Olsa <jolsa@kernel.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: jolsa@redhat.com
Link: http://lkml.kernel.org/r/1518446694-21124-2-git-send-email-zhang.jia@linux.alibaba.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Alexey Dobriyan
|
05e52e5bd1 |
proc: fix /proc/*/map_files lookup
[ Upstream commit ac7f1061c2c11bb8936b1b6a94cdb48de732f7a4 ] Current code does: if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2) However sscanf() is broken garbage. It silently accepts whitespace between format specifiers (did you know that?). It silently accepts valid strings which result in integer overflow. Do not use sscanf() for any even remotely reliable parsing code. OK # readlink '/proc/1/map_files/55a23af39000-55a23b05b000' /lib/systemd/systemd broken # readlink '/proc/1/map_files/ 55a23af39000-55a23b05b000' /lib/systemd/systemd broken # readlink '/proc/1/map_files/55a23af39000-55a23b05b000 ' /lib/systemd/systemd very broken # readlink '/proc/1/map_files/1000000000000000055a23af39000-55a23b05b000' /lib/systemd/systemd Andrei said: : This patch breaks criu. It was a bug in criu. And this bug is on a minor : path, which works when memfd_create() isn't available. It is a reason why : I ask to not backport this patch to stable kernels. : : In CRIU this bug can be triggered, only if this patch will be backported : to a kernel which version is lower than v3.16. Link: http://lkml.kernel.org/r/20171120212706.GA14325@avx2 Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: Pavel Emelyanov <xemul@openvz.org> Cc: Andrei Vagin <avagin@virtuozzo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Connor O'Brien
|
5a476c5656 |
ANDROID: cpufreq: Add time_in_state to /proc/uid directories
Add per-uid files that report the data in binary format rather than text, to allow faster reading & parsing by userspace. Signed-off-by: Connor O'Brien <connoro@google.com> Bug: 72339335 Test: compare values to those reported in /proc/uid_time_in_state Change-Id: I463039ea7f17b842be4c70024fe772539fe2ce02 |
||
|
Connor O'Brien
|
2c718becc7 |
ANDROID: proc: Add /proc/uid directory
Add support for reporting per-uid information through procfs, roughly following the approach used for per-tid and per-tgid directories in fs/proc/base.c. This also entails some new tracking of which uids have been used, to avoid losing information when the last task with a given uid exits. Signed-off-by: Connor O'Brien <connoro@google.com> Bug: 72339335 Test: ls /proc/uid/; compare with UIDs in /proc/uid_time_in_state Change-Id: I0908f0c04438b11ceb673d860e58441bf503d478 |
||
|
Connor O'Brien
|
1302a3d8ce |
ANDROID: cpufreq: track per-task time in state
Add time in state data to task structs, and create /proc/<pid>/time_in_state files to show how long each individual task has run at each frequency. Create a CONFIG_CPU_FREQ_TIMES option to enable/disable this tracking. Signed-off-by: Connor O'Brien <connoro@google.com> Bug: 72339335 Test: Read /proc/<pid>/time_in_state Change-Id: Ia6456754f4cb1e83b2bc35efa8fbe9f8696febc8 |
||
|
Greg Kroah-Hartman
|
0a91e84c5c |
This is the 4.14.20 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqHL6UACgkQONu9yGCS
aT47Lg/+Mbq1s2Vu+ZZ0Qt0fTsZeNE9GcM5tPgb0rcsoaBZUWncSCaFwI3M3RUPb
tQDrq+Fqmi/mloSuNFw1nGajWoilUB5KJOeRRXpPkS3Zzc92z8GW+12erHAiYXGt
XVK54PzIQNSeoBVJrtP+AYH7TSisj9cVJqe6Dz/GYIXY4aBA2xn1EvN/dkp/4YOX
S7w+RDS7BnNwqxpGy4l+/3m84j/IwG44kKG8RLiF1IPItK5BvlQJQDiUUDX0nLx+
1Tr2kMDN10YdrLV4dNGRZg54Va7wvmJ17ecN7F3JaIKOlJ+hvpoLndOR/mMVuj84
cixnr5ATug1RJmjrqloA95//jqecMzfn4ogATi8KiY6O7adnH0+/DcpQ14LXuRJx
WGP1S2xsvrSqqs2io0yWv+WFIhKBAE6RAa7gjMdz9I+/dy3eNMbzCS3y4q7VcYOB
xAT478ZtuZYEmseYM2lPNK51AkobO2pGC+TCBst6VQvbMN5BETdI4irj6yBOLez5
rgTVXJfogEUUhLFGNR26sytFbT1+RfEqQwe9EZlm2b/Aa5RB7MBOKSk82Jw/IQ9g
4TG0DNvakhWnJwfIHjraJ8uiB+uAGYfSRarIlle/Xb9WtNhfvhudUISlbPVHBh10
Z7rQpt52/xx0io5lg7d3VSbg/4mQQ2VYY6O5Y/6Ilqda51UVt9M=
=+7+H
-----END PGP SIGNATURE-----
Merge 4.14.20 into android-4.14
Changes in 4.14.20
watchdog: indydog: Add dependency on SGI_HAS_INDYDOG
powerpc/pseries: include linux/types.h in asm/hvcall.h
cifs: Fix missing put_xid in cifs_file_strict_mmap
cifs: Fix autonegotiate security settings mismatch
CIFS: zero sensitive data when freeing
cpufreq: mediatek: add mediatek related projects into blacklist
dmaengine: dmatest: fix container_of member in dmatest_callback
sched/wait: Fix add_wait_queue() behavioral change
watchdog: gpio_wdt: set WDOG_HW_RUNNING in gpio_wdt_stop
arm64: Define cputype macros for Falkor CPU
arm64: Add software workaround for Falkor erratum 1041
KVM MMU: check pending exception before injecting APF
sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
sched/rt: Up the root domain ref count when passing it around via IPIs
drm/i915: Add .get_hw_state() method for planes
drm/i915: Redo plane sanitation during readout
drm/i915: Fix deadlock in i830_disable_pipe()
dccp: CVE-2017-8824: use-after-free in DCCP code
media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
media: hdpvr: Fix an error handling path in hdpvr_probe()
arm64: move TASK_* definitions to <asm/processor.h>
arm64: mm: Use non-global mappings for kernel space
arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN
arm64: mm: Move ASID from TTBR0 to TTBR1
arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003
arm64: mm: Rename post_ttbr0_update_workaround
arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN
arm64: mm: Allocate ASIDs in pairs
arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
arm64: entry: Add exception trampoline page for exceptions from EL0
arm64: mm: Map entry trampoline into trampoline and kernel page tables
arm64: entry: Explicitly pass exception level to kernel_ventry macro
arm64: entry: Hook up entry trampoline to exception vectors
arm64: erratum: Work around Falkor erratum #E1003 in trampoline code
arm64: cpu_errata: Add Kryo to Falkor 1003 errata
arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
arm64: kaslr: Put kernel vectors address in separate data page
arm64: use RET instruction for exiting the trampoline
arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
arm64: Take into account ID_AA64PFR0_EL1.CSV3
arm64: capabilities: Handle duplicate entries for a capability
arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
arm64: kpti: Fix the interaction between ASID switching and software PAN
arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
arm64: Turn on KPTI only on CPUs that need it
arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
arm64: mm: Permit transitioning from Global to Non-Global without BBM
arm64: kpti: Add ->enable callback to remap swapper using nG mappings
arm64: Force KPTI to be disabled on Cavium ThunderX
arm64: entry: Reword comment about post_ttbr_update_workaround
arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives
arm64: barrier: Add CSDB macros to control data-value prediction
arm64: Implement array_index_mask_nospec()
arm64: Make USER_DS an inclusive limit
arm64: Use pointer masking to limit uaccess speculation
arm64: entry: Ensure branch through syscall table is bounded under speculation
arm64: uaccess: Prevent speculative use of the current addr_limit
arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user
arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
arm64: futex: Mask __user pointers prior to dereference
arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early
arm64: Run enable method for errata work arounds on late CPUs
arm64: cpufeature: Pass capability structure to ->enable callback
drivers/firmware: Expose psci_get_version through psci_ops structure
arm64: Move post_ttbr_update_workaround to C code
arm64: Add skeleton to harden the branch predictor against aliasing attacks
arm64: Move BP hardening to check_and_switch_context
arm64: KVM: Use per-CPU vector when BP hardening is enabled
arm64: entry: Apply BP hardening for high-priority synchronous exceptions
arm64: entry: Apply BP hardening for suspicious interrupts from EL0
arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
arm64: Implement branch predictor hardening for affected Cortex-A CPUs
arm64: Implement branch predictor hardening for Falkor
arm64: Branch predictor hardening for Cavium ThunderX2
arm64: KVM: Increment PC after handling an SMC trap
arm/arm64: KVM: Consolidate the PSCI include files
arm/arm64: KVM: Add PSCI_VERSION helper
arm/arm64: KVM: Add smccc accessors to PSCI code
arm/arm64: KVM: Implement PSCI 1.0 support
arm/arm64: KVM: Advertise SMCCC v1.1
arm64: KVM: Make PSCI_VERSION a fast path
arm/arm64: KVM: Turn kvm_psci_version into a static inline
arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
firmware/psci: Expose PSCI conduit
firmware/psci: Expose SMCCC version through psci_ops
arm/arm64: smccc: Make function identifiers an unsigned quantity
arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
mtd: cfi: convert inline functions to macros
mtd: nand: brcmnand: Disable prefetch by default
mtd: nand: Fix nand_do_read_oob() return value
mtd: nand: sunxi: Fix ECC strength choice
ubi: Fix race condition between ubi volume creation and udev
ubi: fastmap: Erase outdated anchor PEBs during attach
ubi: block: Fix locking for idr_alloc/idr_remove
ubifs: free the encrypted symlink target
nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE
NFS: Add a cond_resched() to nfs_commit_release_pages()
NFS: Fix nfsstat breakage due to LOOKUPP
NFS: commit direct writes even if they fail partially
NFS: reject request for id_legacy key without auxdata
NFS: Fix a race between mmap() and O_DIRECT
kernfs: fix regression in kernfs_fop_write caused by wrong type
ahci: Annotate PCI ids for mobile Intel chipsets as such
ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
ahci: Add Intel Cannon Lake PCH-H PCI ID
crypto: hash - introduce crypto_hash_alg_has_setkey()
crypto: cryptd - pass through absence of ->setkey()
crypto: mcryptd - pass through absence of ->setkey()
crypto: poly1305 - remove ->setkey() method
crypto: hash - annotate algorithms taking optional key
crypto: hash - prevent using keyed hashes without setting key
media: v4l2-ioctl.c: use check_fmt for enum/g/s/try_fmt
media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
media: v4l2-compat-ioctl32.c: fix the indentation
media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
media: v4l2-compat-ioctl32.c: avoid sizeof(type)
media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
crypto: caam - fix endless loop when DECO acquire fails
crypto: sha512-mb - initialize pending lengths correctly
arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
KVM: nVMX: Fix bug of injecting L2 exception into L1
KVM: PPC: Book3S HV: Make sure we don't re-enter guest without XIVE loaded
KVM: PPC: Book3S HV: Drop locks before reading guest memory
KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED
KVM: PPC: Book3S PR: Fix broken select due to misspelling
ASoC: rockchip: i2s: fix playback after runtime resume
ASoC: skl: Fix kernel warning due to zero NHTL entry
watchdog: imx2_wdt: restore previous timeout after suspend+resume
Btrfs: raid56: iterate raid56 internal bio with bio_for_each_segment_all
kasan: don't emit builtin calls when sanitization is off
kasan: rework Kconfig settings
media: dvb-frontends: fix i2c access helpers for KASAN
media: ts2020: avoid integer overflows on 32 bit machines
media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
fs/proc/kcore.c: use probe_kernel_read() instead of memcpy()
kernel/async.c: revert "async: simplify lowest_in_progress()"
kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"
pipe: actually allow root to exceed the pipe buffer limits
pipe: fix off-by-one error when checking buffer limits
HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
Bluetooth: btsdio: Do not bind to non-removable BCM43341
Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version
ipmi: use dynamic memory for DMI driver override
signal/openrisc: Fix do_unaligned_access to send the proper signal
signal/sh: Ensure si_signo is initialized in do_divide_error
alpha: fix crash if pthread_create races with signal delivery
alpha: osf_sys.c: fix put_tv32 regression
alpha: Fix mixed up args in EXC macro in futex operations
alpha: fix reboot on Avanti platform
alpha: fix formating of stack content
xtensa: fix futex_atomic_cmpxchg_inatomic
EDAC, octeon: Fix an uninitialized variable warning
pinctrl: intel: Initialize GPIO properly when used through irqchip
pinctrl: mcp23s08: fix irq setup order
pinctrl: sx150x: Unregister the pinctrl on release
pinctrl: sx150x: Register pinctrl before adding the gpiochip
pinctrl: sx150x: Add a static gpio/pinctrl pin range mapping
pktcdvd: Fix pkt_setup_dev() error path
pktcdvd: Fix a recently introduced NULL pointer dereference
blk-mq: quiesce queue before freeing queue
clocksource/drivers/stm32: Fix kernel panic with multiple timers
lib/ubsan.c: s/missaligned/misaligned/
lib/ubsan: add type mismatch handler for new GCC/Clang
btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
objtool: Fix switch-table detection
arm64: dts: marvell: add Ethernet aliases
drm/i915: Avoid PPS HW/SW state mismatch due to rounding
ACPI: sbshc: remove raw pointer from printk() message
acpi, nfit: fix register dimm error handling
ovl: fix failure to fsync lower dir
ovl: take mnt_want_write() for removing impure xattr
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
devpts: fix error handling in devpts_mntget()
ftrace: Remove incorrect setting of glob search field
scsi: core: Ensure that the SCSI error handler gets woken up
rcu: Export init_rcu_head() and destroy_rcu_head() to GPL modules
scsi: lpfc: Fix crash after bad bar setup on driver attachment
scsi: cxlflash: Reset command ioasc
Linux 4.14.20
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Heiko Carstens
|
7e54b58285 |
fs/proc/kcore.c: use probe_kernel_read() instead of memcpy()
commit d0290bc20d4739b7a900ae37eb5d4cc3be2b393f upstream.
Commit df04abfd181a ("fs/proc/kcore.c: Add bounce buffer for ktext
data") added a bounce buffer to avoid hardened usercopy checks. Copying
to the bounce buffer was implemented with a simple memcpy() assuming
that it is always valid to read from kernel memory iff the
kern_addr_valid() check passed.
A simple, but pointless, test case like "dd if=/proc/kcore of=/dev/null"
now can easily crash the kernel, since the former execption handling on
invalid kernel addresses now doesn't work anymore.
Also adding a kern_addr_valid() implementation wouldn't help here. Most
architectures simply return 1 here, while a couple implemented a page
table walk to figure out if something is mapped at the address in
question.
With DEBUG_PAGEALLOC active mappings are established and removed all the
time, so that relying on the result of kern_addr_valid() before
executing the memcpy() also doesn't work.
Therefore simply use probe_kernel_read() to copy to the bounce buffer.
This also allows to simplify read_kcore().
At least on s390 this fixes the observed crashes and doesn't introduce
warnings that were removed with df04abfd181a ("fs/proc/kcore.c: Add
bounce buffer for ktext data"), even though the generic
probe_kernel_read() implementation uses uaccess functions.
While looking into this I'm also wondering if kern_addr_valid() could be
completely removed...(?)
Link: http://lkml.kernel.org/r/20171202132739.99971-1-heiko.carstens@de.ibm.com
Fixes: df04abfd181a ("fs/proc/kcore.c: Add bounce buffer for ktext data")
Fixes: f5509cc18daa ("mm: Hardened usercopy")
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|