bka
181 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
87cf1c2fc1 |
Merge remote-tracking branch 'common/android-4.9-q' into android-msm-pixel-4.9
* common/android-4.9-q:
Linux 4.9.321
swiotlb: skip swiotlb_bounce when orig_addr is zero
kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
fdt: Update CRC check for rng-seed
xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
drm: remove drm_fb_helper_modinit
powerpc/pseries: wire up rng during setup_arch()
modpost: fix section mismatch check for exported init/exit sections
ARM: cns3xxx: Fix refcount leak in cns3xxx_init
ARM: Fix refcount leak in axxia_boot_secondary
ARM: exynos: Fix refcount leak in exynos_map_pmu
ARM: dts: imx6qdl: correct PU regulator ramp delay
powerpc: Enable execve syscall exit tracepoint
xtensa: Fix refcount leak bug in time.c
xtensa: xtfpga: Fix refcount leak bug in setup
iio: trigger: sysfs: fix use-after-free on remove
iio: accel: mma8452: ignore the return value of reset operation
iio:accel:bma180: rearrange iio trigger get and register
usb: chipidea: udc: check request status before setting device address
iio: adc: vf610: fix conversion mode sysfs node name
igb: Make DMA faster when CPU is active on the PCIe link
MIPS: Remove repetitive increase irq_err_count
x86/xen: Remove undefined behavior in setup_features()
bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers
USB: serial: option: add Telit LE910Cx 0x1250 composition
random: quiet urandom warning ratelimit suppression message
dm era: commit metadata in postsuspend after worker stops
ata: libata: add qc->flags in ata_qc_complete_template tracepoint
random: schedule mix_interrupt_randomness() less often
vt: drop old FONT ioctls
BACKPORT: l2tp: fix race in pppol2tp_release with session object destroy
BACKPORT: l2tp: don't use inet_shutdown on ppp session destroy
Linux 4.9.320
tcp: drop the hash_32() part from the index calculation
tcp: increase source port perturb table to 2^16
tcp: dynamically allocate the perturb table used by source ports
tcp: add small random increments to the source port
tcp: use different parts of the port_offset for index and offset
secure_seq: use the 64 bits of the siphash for port offset calculation
tcp: add some entropy in __inet_hash_connect()
tcp: change source port randomizarion at connect() time
fuse: fix pipe buffer lifetime for direct_io
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
swiotlb: fix info leak with DMA_FROM_DEVICE
xprtrdma: fix incorrect header size calculations
s390/mm: use non-quiescing sske for KVM switch to keyed guest
l2tp: fix race in pppol2tp_release with session object destroy
l2tp: don't use inet_shutdown on ppp session destroy
ext4: add reserved GDT blocks check
ext4: make variable "count" signed
ext4: fix bug_on ext4_mb_use_inode_pa
serial: 8250: Store to lsr_save_flags after lsr read
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
USB: serial: io_ti: add Agilent E5805A support
USB: serial: option: add support for Cinterion MV31 with new baseline
comedi: vmk80xx: fix expression for tx buffer size
irqchip/gic-v3: Iterate over possible CPUs by for_each_possible_cpu()
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
misc: atmel-ssc: Fix IRQ check in ssc_probe
pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
random: credit cpu and bootloader seeds by default
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
ASoC: wm8962: Fix suspend while playing music
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
ASoC: cs42l56: Correct typo in minimum level for SX volume controls
ASoC: cs42l52: Correct TLV for Bypass Volume
ASoC: cs53l30: Correct number of volume levels on SX controls
ASoC: cs42l52: Fix TLV scales for mixer controls
random: account for arch randomness in bits
random: mark bootloader randomness code as __init
random: avoid checking crng_ready() twice in random_init()
crypto: drbg - make reseeding from get_random_bytes() synchronous
crypto: drbg - always try to free Jitter RNG instance
crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
crypto: drbg - prepare for more fine-grained tracking of seeding state
crypto: drbg - always seeded with SP800-90B compliant noise source
crypto: drbg - add FIPS 140-2 CTRNG for noise source
Revert "random: use static branch for crng_ready()"
random: check for signals after page of pool writes
random: wire up fops->splice_{read,write}_iter()
random: convert to using fops->write_iter()
random: move randomize_page() into mm where it belongs
random: move initialization functions out of hot pages
random: use proper return types on get_random_{int,long}_wait()
random: remove extern from functions in header
random: use static branch for crng_ready()
random: credit architectural init the exact amount
random: handle latent entropy and command line from random_init()
random: use proper jiffies comparison macro
random: remove ratelimiting for in-kernel unseeded randomness
random: avoid initializing twice in credit race
random: use symbolic constants for crng_init states
siphash: use one source of truth for siphash permutations
random: help compiler out with fast_mix() by using simpler arguments
random: do not use input pool from hard IRQs
random: order timer entropy functions below interrupt functions
random: do not pretend to handle premature next security model
random: do not use batches when !crng_ready()
random: insist on random_get_entropy() existing in order to simplify
uapi: rename ext2_swab() to swab() and share globally in swab.h
xtensa: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
arm: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
m68k: use fallback for random_get_entropy() instead of zero
timekeeping: Add raw clock fallback for random_get_entropy()
powerpc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
ia64: define get_cycles macro for arch-override
init: call time_init() before rand_initialize()
random: fix sysctl documentation nits
random: document crng_fast_key_erasure() destination possibility
random: make random_get_entropy() return an unsigned long
random: check for signals every PAGE_SIZE chunk of /dev/[u]random
random: check for signal_pending() outside of need_resched() check
random: do not allow user to keep crng key around on stack
random: do not split fast init input in add_hwgenerator_randomness()
random: mix build-time latent entropy into pool at init
random: re-add removed comment about get_random_{u32,u64} reseeding
random: treat bootloader trust toggle the same way as cpu trust toggle
random: skip fast_init if hwrng provides large chunk of entropy
random: check for signal and try earlier when generating entropy
random: reseed more often immediately after booting
random: make consistent usage of crng_ready()
random: use SipHash as interrupt entropy accumulator
random: replace custom notifier chain with standard one
random: don't let 644 read-only sysctls be written to
random: give sysctl_random_min_urandom_seed a more sensible value
random: do crng pre-init loading in worker rather than irq
random: unify cycles_t and jiffies usage and types
random: cleanup UUID handling
random: only wake up writers after zap if threshold was passed
random: round-robin registers as ulong, not u32
random: clear fast pool, crng, and batches in cpuhp bring up
random: pull add_hwgenerator_randomness() declaration into random.h
hwrng: remember rng chosen by user
hwrng: use rng source with best quality
hwrng: core - remove unused PFX macro
hwrng: core - Move hwrng miscdev minor number to include/linux/miscdevice.h
hwrng: core - Rewrite the header
hwrng: core - rewrite better comparison to NULL
hwrng: core - do not use multiple blank lines
random: check for crng_init == 0 in add_device_randomness()
random: unify early init crng load accounting
random: do not take pool spinlock at boot
random: defer fast pool mixing to worker
workqueue: make workqueue available early during boot
random: rewrite header introductory comment
random: group sysctl functions
random: group userspace read/write functions
random: group entropy collection functions
random: group entropy extraction functions
random: group initialization wait functions
random: remove whitespace and reorder includes
random: remove useless header comment
random: introduce drain_entropy() helper to declutter crng_reseed()
random: deobfuscate irq u32/u64 contributions
random: add proper SPDX header
random: remove unused tracepoints
random: remove ifdef'd out interrupt bench
random: tie batched entropy generation to base_crng generation
random: zero buffer after reading entropy from userspace
random: remove outdated INT_MAX >> 6 check in urandom_read()
random: use hash function for crng_slow_load()
random: absorb fast pool into input pool after fast load
random: do not xor RDRAND when writing into /dev/random
random: ensure early RDSEED goes through mixer on init
random: inline leaves of rand_initialize()
random: use RDSEED instead of RDRAND in entropy extraction
random: fix locking in crng_fast_load()
random: remove batched entropy locking
random: remove use_input_pool parameter from crng_reseed()
random: make credit_entropy_bits() always safe
random: always wake up entropy writers after extraction
random: use linear min-entropy accumulation crediting
random: simplify entropy debiting
random: use computational hash for entropy extraction
random: only call crng_finalize_init() for primary_crng
random: access primary_pool directly rather than through pointer
random: continually use hwgenerator randomness
random: simplify arithmetic function flow in account()
random: access input_pool_data directly rather than through pointer
random: cleanup fractional entropy shift constants
random: prepend remaining pool constants with POOL_
random: de-duplicate INPUT_POOL constants
random: remove unused OUTPUT_POOL constants
random: rather than entropy_store abstraction, use global
random: try to actively add entropy rather than passively wait for it
random: remove unused extract_entropy() reserved argument
random: remove incomplete last_data logic
random: cleanup integer types
crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
random: cleanup poolinfo abstraction
random: fix typo in comments
random: don't reset crng_init_cnt on urandom_read()
random: avoid superfluous call to RDRAND in CRNG extraction
random: early initialization of ChaCha constants
random: initialize ChaCha20 constants with correct endianness
random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
random: harmonize "crng init done" messages
random: mix bootloader randomness into pool
random: do not re-init if crng_reseed completes before primary init
random: do not sign extend bytes for rotation when mixing
random: use BLAKE2s instead of SHA1 in extraction
random: remove unused irq_flags argument from add_interrupt_randomness()
random: document add_hwgenerator_randomness() with other input functions
crypto: blake2s - adjust include guard naming
crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
MAINTAINERS: co-maintain random.c
random: remove dead code left over from blocking pool
random: avoid arch_get_random_seed_long() when collecting IRQ randomness
random: add arch_get_random_*long_early()
powerpc: Use bool in archrandom.h
linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
linux/random.h: Use false with bool
linux/random.h: Remove arch_has_random, arch_has_random_seed
powerpc: Remove arch_has_random, arch_has_random_seed
x86: Remove arch_has_random, arch_has_random_seed
random: avoid warnings for !CONFIG_NUMA builds
random: split primary/secondary crng init paths
random: remove some dead code of poolinfo
random: fix typo in add_timer_randomness()
random: Add and use pr_fmt()
random: convert to ENTROPY_BITS for better code readability
random: remove unnecessary unlikely()
random: remove kernel.random.read_wakeup_threshold
random: delete code to pull data into pools
random: remove the blocking pool
random: fix crash on multiple early calls to add_bootloader_randomness()
random: make /dev/random be almost like /dev/urandom
random: ignore GRND_RANDOM in getentropy(2)
random: add GRND_INSECURE to return best-effort non-cryptographic bytes
random: Add a urandom_read_nowait() for random APIs that don't warn
random: Don't wake crng_init_wait when crng_init == 1
lib/crypto: sha1: re-roll loops to reduce code size
lib/crypto: blake2s: move hmac construction into wireguard
crypto: blake2s - generic C library implementation and selftest
crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array()
Revert "hwrng: core - Freeze khwrng thread during suspend"
char/random: Add a newline at the end of the file
random: Use wait_event_freezable() in add_hwgenerator_randomness()
fdt: add support for rng-seed
random: Support freezable kthreads in add_hwgenerator_randomness()
random: fix soft lockup when trying to read from an uninitialized blocking pool
latent_entropy: avoid build error when plugin cflags are not set
random: document get_random_int() family
random: move rand_initialize() earlier
random: only read from /dev/random after its pool has received 128 bits
drivers/char/random.c: make primary_crng static
drivers/char/random.c: remove unused stuct poolinfo::poolbits
drivers/char/random.c: constify poolinfo_table
random: make CPU trust a boot parameter
random: Make crng state queryable
random: remove preempt disabled region
random: add a config option to trust the CPU's hwrng
random: Return nbytes filled from hw RNG
random: Fix whitespace pre random-bytes work
drivers/char/random.c: remove unused dont_count_entropy
random: optimize add_interrupt_randomness
random: always fill buffer in get_random_bytes_wait
crypto: chacha20 - Fix keystream alignment for chacha20_block()
random: fix data race on crng_node_pool
random: always use batched entropy for get_random_u{32,64}
Revert "char/random: silence a lockdep splat with printk()"
char/random: silence a lockdep splat with printk()
random: add a spinlock_t to struct batched_entropy
random: rate limit unseeded randomness warnings
random: fix possible sleeping allocation from irq context
random: set up the NUMA crng instances after the CRNG is fully initialized
random: use a different mixing algorithm for add_device_randomness()
random: fix warning message on ia64 and parisc
random: reorder READ_ONCE() in get_random_uXX
random: suppress spammy warnings about unseeded randomness
random: do not ignore early device randomness
random: warn when kernel uses unseeded randomness
random: add get_random_{bytes,u32,u64,int,long,once}_wait family
random: add wait_for_random_bytes() API
random: silence compiler warnings and fix race
random: invalidate batched entropy after crng init
random: move random_min_urandom_seed into CONFIG_SYSCTL ifdef block
random: convert get_random_int/long into get_random_u32/u64
random: fix comment for unused random_min_urandom_seed
random: remove variable limit
random: remove stale urandom_init_wait
random: remove stale maybe_reseed_primary_crng
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
Linux 4.9.319
x86/speculation/mmio: Print SMT warning
KVM: x86/speculation: Disable Fill buffer clear within guests
x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
x86/speculation/srbds: Update SRBDS mitigation selection
x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data
x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
x86/speculation: Add a common function for MD_CLEAR mitigation update
x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
Documentation: Add documentation for Processor MMIO Stale Data
x86/cpu: Add another Alder Lake CPU to the Intel family
x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family
x86/cpu: Add Comet Lake to the Intel CPU models header
x86/CPU: Add more Icelake model numbers
x86/CPU: Add Icelake model number
x86/cpu: Add Cannonlake to Intel family
x86/cpu: Add Jasper Lake to Intel family
cpu/speculation: Add prototype for cpu_show_srbds()
x86/cpu: Add Elkhart Lake to Intel family
ANDROID: arch: fix backported syscall numbers
Linux 4.9.318
tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
PCI: qcom: Fix unbalanced PHY init on probe errors
mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
powerpc/32: Fix overread/overwrite of thread_struct via ptrace
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
cifs: return errors during session setup during reconnects
ALSA: hda/conexant - Fix loopback issue with CX20632
vringh: Fix loop descriptors check in the indirect cases
nodemask: Fix return values to be unsigned
modpost: fix undefined behavior of is_arm_mapping_symbol()
drm/radeon: fix a possible null pointer dereference
Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
md: protect md_unregister_thread from reentrancy
serial: msm_serial: disable interrupts in __msm_console_write()
staging: rtl8712: fix uninit-value in r871xu_drv_init()
clocksource/drivers/sp804: Avoid error on multiple instances
misc: rtsx: set NULL intfdata when probe fails
usb: dwc2: gadget: don't reset gadget's driver->bus
USB: hcd-pci: Fully suspend across freeze/thaw cycle
drivers: usb: host: Fix deadlock in oxu_bus_suspend()
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
USB: host: isp116x: check return value after calling platform_get_resource()
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
tty: Fix a possible resource leak in icom_probe
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
lkdtm/usercopy: Expand size of "out of frame" object
iio: dummy: iio_simple_dummy: check the return value of kstrdup()
net: altera: Fix refcount leak in altera_tse_mdio_create
net: xfrm: unexport __init-annotated xfrm4_protocol_init()
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
net: fix nla_strcmp to handle more then one trailing null character
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
m68knommu: fix undefined reference to `_init_sp'
m68knommu: set ZERO_PAGE() to the allocated zeroed page
i2c: cadence: Increase timeout per message if necessary
tracing: Avoid adding tracer option before update_tracer_options
tcp: tcp_rtx_synack() can be called from process context
jffs2: fix memory leak in jffs2_do_fill_super
modpost: fix removing numeric suffixes
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
serial: sh-sci: Don't allow CS5-6
serial: txx9: Don't allow CS5-6
serial: digicolor-usart: Don't allow CS5-6
serial: meson: acquire port->lock in startup()
rtc: mt6397: check return value after calling platform_get_resource()
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
pwm: lp3943: Fix duty calculation in case period was clamped
USB: storage: karma: fix rio_karma_init return
usb: usbip: add missing device lock on tweak configuration cmd
usb: usbip: fix a refcount leak in stub_probe()
staging: greybus: codecs: fix type confusion of list iterator variable
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
netfilter: nf_tables: disallow non-stateful expression in sets earlier
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
RDMA/rxe: Generate a completion for unsupported/invalid opcode
dt-bindings: gpio: altera: correct interrupt-cells
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
gma500: fix an incorrect NULL check on list iterator
carl9170: tx: fix an incorrect use of list iterator
ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
rtl818x: Prevent using not initialized queues
hugetlb: fix huge_pmd_unshare address update
nodemask.h: fix compilation error with GCC12
iommu/msm: Fix an incorrect NULL check on list iterator
um: Fix out-of-bounds read in LDT setup
um: chan_user: Fix winch_tramp() return value
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
irqchip: irq-xtensa-mx: fix initial IRQ affinity
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
RDMA/hfi1: Fix potential integer multiplication overflow errors
md: fix an incorrect NULL check in md_reload_sb
md: fix an incorrect NULL check in does_sb_need_changing
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
scsi: dc395x: Fix a missing check on list iterator
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
dlm: fix missing lkb refcount handling
dlm: fix plock invalid read
ext4: verify dir block before splitting it
ext4: fix bug_on in ext4_writepages
ext4: fix use-after-free in ext4_rename_dir_prepare
fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
iwlwifi: mvm: fix assert 1F04 upon reconfig
wifi: mac80211: fix use-after-free in chanctx code
iommu/amd: Increase timeout waiting for GA log enablement
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
Input: sparcspkr - fix refcount leak in bbc_beep_probe
tty: fix deadlock caused by calling printk() under tty_port->lock
powerpc/4xx/cpm: Fix return value of __setup() handler
powerpc/idle: Fix return value of __setup() handler
powerpc/8xx: export 'cpm_setbrg' for modules
drivers/base/node.c: fix compaction sysfs file leak
scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
rxrpc: Don't try to resend the request if we're receiving the reply
rxrpc: Fix listen() setting the bar too high for the prealloc rings
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
sctp: read sk->sk_bound_dev_if once in sctp_rcv()
m68k: math-emu: Fix dependencies of math emulation support
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
media: exynos4-is: Change clk_disable to clk_disable_unprepare
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
media: uvcvideo: Fix missing check to determine if element is found in list
drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
drm/msm/dsi: fix error checks and return values for DSI xmit functions
x86/pm: Fix false positive kmemleak report in msr_build_context()
inotify: show inotify mask flags in proc fdinfo
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
spi: img-spfi: Fix pm_runtime_get_sync() error checking
HID: hid-led: fix maximum brightness for Dream Cheeky
NFC: NULL out the dev->rfkill to prevent UAF
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
drm/mediatek: Fix mtk_cec_mask()
x86/delay: Fix the wrong asm constraint in delay_loop()
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
drm: fix EDID struct for old ARM OABI format
macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
powerpc/xics: fix refcount leak in icp_opal_init()
PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
ARM: hisi: Add missing of_node_put after of_find_compatible_node
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
ARM: versatile: Add missing of_node_put in dcscb_init
fat: add ratelimit to fat*_ent_bread()
ARM: OMAP1: clock: Fix UART rate reporting algorithm
fs: jfs: fix possible NULL pointer dereference in dbFree()
eth: tg3: silence the GCC 12 array-bounds warning
rxrpc: Return an error to sendmsg if call failed
media: exynos4-is: Fix compile warning
ASoC: rt5645: Fix errorenous cleanup order
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
openrisc: start CPU timer early in boot
ipmi:ssif: Check for NULL msg when handling events and messages
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
ASoC: dapm: Don't fold register value changes into notifications
ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
drm/amd/pm: fix the compile warning
scsi: megaraid: Fix error check return value of register_chrdev()
media: cx25821: Fix the warning when removing the module
ath9k: fix QCA9561 PA bias level
drm/amd/pm: fix double free in si_parse_power_table()
ALSA: jack: Access input_dev under mutex
ACPICA: Avoid cache flush inside virtual machines
ipw2x00: Fix potential NULL dereference in libipw_xmit()
b43: Fix assigning negative value to unsigned variable
b43legacy: Fix assigning negative value to unsigned variable
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
btrfs: add "0x" prefix for unsupported optional features
ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
USB: new quirk for Dell Gen 2 devices
BACKPORT: psi: Fix uaf issue when psi trigger is destroyed while being polled
Conflicts:
drivers/char/Kconfig
drivers/char/random.c
fs/fat/fatent.c
include/linux/random.h
init/main.c
kernel/cpu.c
lib/Makefile
Change-Id: I06579fa22a0347a0d8d2fa32bd6b7b6b54db626f
|
||
|
Eric Biggers
|
ea690b6ba4 |
Merge 4.9.320 into android-4.9-q
Changes in 4.9.320
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
random: remove stale maybe_reseed_primary_crng
random: remove stale urandom_init_wait
random: remove variable limit
random: fix comment for unused random_min_urandom_seed
random: convert get_random_int/long into get_random_u32/u64
random: move random_min_urandom_seed into CONFIG_SYSCTL ifdef block
random: invalidate batched entropy after crng init
random: silence compiler warnings and fix race
random: add wait_for_random_bytes() API
random: add get_random_{bytes,u32,u64,int,long,once}_wait family
random: warn when kernel uses unseeded randomness
random: do not ignore early device randomness
random: suppress spammy warnings about unseeded randomness
random: reorder READ_ONCE() in get_random_uXX
random: fix warning message on ia64 and parisc
random: use a different mixing algorithm for add_device_randomness()
random: set up the NUMA crng instances after the CRNG is fully initialized
random: fix possible sleeping allocation from irq context
random: rate limit unseeded randomness warnings
random: add a spinlock_t to struct batched_entropy
char/random: silence a lockdep splat with printk()
Revert "char/random: silence a lockdep splat with printk()"
random: always use batched entropy for get_random_u{32,64}
random: fix data race on crng_node_pool
crypto: chacha20 - Fix keystream alignment for chacha20_block()
random: always fill buffer in get_random_bytes_wait
random: optimize add_interrupt_randomness
drivers/char/random.c: remove unused dont_count_entropy
random: Fix whitespace pre random-bytes work
random: Return nbytes filled from hw RNG
random: add a config option to trust the CPU's hwrng
random: remove preempt disabled region
random: Make crng state queryable
random: make CPU trust a boot parameter
drivers/char/random.c: constify poolinfo_table
drivers/char/random.c: remove unused stuct poolinfo::poolbits
drivers/char/random.c: make primary_crng static
random: only read from /dev/random after its pool has received 128 bits
random: move rand_initialize() earlier
random: document get_random_int() family
latent_entropy: avoid build error when plugin cflags are not set
random: fix soft lockup when trying to read from an uninitialized blocking pool
random: Support freezable kthreads in add_hwgenerator_randomness()
fdt: add support for rng-seed
random: Use wait_event_freezable() in add_hwgenerator_randomness()
char/random: Add a newline at the end of the file
Revert "hwrng: core - Freeze khwrng thread during suspend"
crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array()
crypto: blake2s - generic C library implementation and selftest
lib/crypto: blake2s: move hmac construction into wireguard
lib/crypto: sha1: re-roll loops to reduce code size
random: Don't wake crng_init_wait when crng_init == 1
random: Add a urandom_read_nowait() for random APIs that don't warn
random: add GRND_INSECURE to return best-effort non-cryptographic bytes
random: ignore GRND_RANDOM in getentropy(2)
random: make /dev/random be almost like /dev/urandom
random: fix crash on multiple early calls to add_bootloader_randomness()
random: remove the blocking pool
random: delete code to pull data into pools
random: remove kernel.random.read_wakeup_threshold
random: remove unnecessary unlikely()
random: convert to ENTROPY_BITS for better code readability
random: Add and use pr_fmt()
random: fix typo in add_timer_randomness()
random: remove some dead code of poolinfo
random: split primary/secondary crng init paths
random: avoid warnings for !CONFIG_NUMA builds
x86: Remove arch_has_random, arch_has_random_seed
powerpc: Remove arch_has_random, arch_has_random_seed
linux/random.h: Remove arch_has_random, arch_has_random_seed
linux/random.h: Use false with bool
linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
powerpc: Use bool in archrandom.h
random: add arch_get_random_*long_early()
random: avoid arch_get_random_seed_long() when collecting IRQ randomness
random: remove dead code left over from blocking pool
MAINTAINERS: co-maintain random.c
crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
crypto: blake2s - adjust include guard naming
random: document add_hwgenerator_randomness() with other input functions
random: remove unused irq_flags argument from add_interrupt_randomness()
random: use BLAKE2s instead of SHA1 in extraction
random: do not sign extend bytes for rotation when mixing
random: do not re-init if crng_reseed completes before primary init
random: mix bootloader randomness into pool
random: harmonize "crng init done" messages
random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
random: initialize ChaCha20 constants with correct endianness
random: early initialization of ChaCha constants
random: avoid superfluous call to RDRAND in CRNG extraction
random: don't reset crng_init_cnt on urandom_read()
random: fix typo in comments
random: cleanup poolinfo abstraction
crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
random: cleanup integer types
random: remove incomplete last_data logic
random: remove unused extract_entropy() reserved argument
random: try to actively add entropy rather than passively wait for it
random: rather than entropy_store abstraction, use global
random: remove unused OUTPUT_POOL constants
random: de-duplicate INPUT_POOL constants
random: prepend remaining pool constants with POOL_
random: cleanup fractional entropy shift constants
random: access input_pool_data directly rather than through pointer
random: simplify arithmetic function flow in account()
random: continually use hwgenerator randomness
random: access primary_pool directly rather than through pointer
random: only call crng_finalize_init() for primary_crng
random: use computational hash for entropy extraction
random: simplify entropy debiting
random: use linear min-entropy accumulation crediting
random: always wake up entropy writers after extraction
random: make credit_entropy_bits() always safe
random: remove use_input_pool parameter from crng_reseed()
random: remove batched entropy locking
random: fix locking in crng_fast_load()
random: use RDSEED instead of RDRAND in entropy extraction
random: inline leaves of rand_initialize()
random: ensure early RDSEED goes through mixer on init
random: do not xor RDRAND when writing into /dev/random
random: absorb fast pool into input pool after fast load
random: use hash function for crng_slow_load()
random: remove outdated INT_MAX >> 6 check in urandom_read()
random: zero buffer after reading entropy from userspace
random: tie batched entropy generation to base_crng generation
random: remove ifdef'd out interrupt bench
random: remove unused tracepoints
random: add proper SPDX header
random: deobfuscate irq u32/u64 contributions
random: introduce drain_entropy() helper to declutter crng_reseed()
random: remove useless header comment
random: remove whitespace and reorder includes
random: group initialization wait functions
random: group entropy extraction functions
random: group entropy collection functions
random: group userspace read/write functions
random: group sysctl functions
random: rewrite header introductory comment
workqueue: make workqueue available early during boot
random: defer fast pool mixing to worker
random: do not take pool spinlock at boot
random: unify early init crng load accounting
random: check for crng_init == 0 in add_device_randomness()
hwrng: core - do not use multiple blank lines
hwrng: core - rewrite better comparison to NULL
hwrng: core - Rewrite the header
hwrng: core - Move hwrng miscdev minor number to include/linux/miscdevice.h
hwrng: core - remove unused PFX macro
hwrng: use rng source with best quality
hwrng: remember rng chosen by user
random: pull add_hwgenerator_randomness() declaration into random.h
random: clear fast pool, crng, and batches in cpuhp bring up
random: round-robin registers as ulong, not u32
random: only wake up writers after zap if threshold was passed
random: cleanup UUID handling
random: unify cycles_t and jiffies usage and types
random: do crng pre-init loading in worker rather than irq
random: give sysctl_random_min_urandom_seed a more sensible value
random: don't let 644 read-only sysctls be written to
random: replace custom notifier chain with standard one
random: use SipHash as interrupt entropy accumulator
random: make consistent usage of crng_ready()
random: reseed more often immediately after booting
random: check for signal and try earlier when generating entropy
random: skip fast_init if hwrng provides large chunk of entropy
random: treat bootloader trust toggle the same way as cpu trust toggle
random: re-add removed comment about get_random_{u32,u64} reseeding
random: mix build-time latent entropy into pool at init
random: do not split fast init input in add_hwgenerator_randomness()
random: do not allow user to keep crng key around on stack
random: check for signal_pending() outside of need_resched() check
random: check for signals every PAGE_SIZE chunk of /dev/[u]random
random: make random_get_entropy() return an unsigned long
random: document crng_fast_key_erasure() destination possibility
random: fix sysctl documentation nits
init: call time_init() before rand_initialize()
ia64: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
powerpc: define get_cycles macro for arch-override
timekeeping: Add raw clock fallback for random_get_entropy()
m68k: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
arm: use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
xtensa: use fallback for random_get_entropy() instead of zero
uapi: rename ext2_swab() to swab() and share globally in swab.h
random: insist on random_get_entropy() existing in order to simplify
random: do not use batches when !crng_ready()
random: do not pretend to handle premature next security model
random: order timer entropy functions below interrupt functions
random: do not use input pool from hard IRQs
random: help compiler out with fast_mix() by using simpler arguments
siphash: use one source of truth for siphash permutations
random: use symbolic constants for crng_init states
random: avoid initializing twice in credit race
random: remove ratelimiting for in-kernel unseeded randomness
random: use proper jiffies comparison macro
random: handle latent entropy and command line from random_init()
random: credit architectural init the exact amount
random: use static branch for crng_ready()
random: remove extern from functions in header
random: use proper return types on get_random_{int,long}_wait()
random: move initialization functions out of hot pages
random: move randomize_page() into mm where it belongs
random: convert to using fops->write_iter()
random: wire up fops->splice_{read,write}_iter()
random: check for signals after page of pool writes
Revert "random: use static branch for crng_ready()"
crypto: drbg - add FIPS 140-2 CTRNG for noise source
crypto: drbg - always seeded with SP800-90B compliant noise source
crypto: drbg - prepare for more fine-grained tracking of seeding state
crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
crypto: drbg - always try to free Jitter RNG instance
crypto: drbg - make reseeding from get_random_bytes() synchronous
random: avoid checking crng_ready() twice in random_init()
random: mark bootloader randomness code as __init
random: account for arch randomness in bits
ASoC: cs42l52: Fix TLV scales for mixer controls
ASoC: cs53l30: Correct number of volume levels on SX controls
ASoC: cs42l52: Correct TLV for Bypass Volume
ASoC: cs42l56: Correct typo in minimum level for SX volume controls
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
ASoC: wm8962: Fix suspend while playing music
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
random: credit cpu and bootloader seeds by default
pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
misc: atmel-ssc: Fix IRQ check in ssc_probe
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
irqchip/gic-v3: Iterate over possible CPUs by for_each_possible_cpu()
comedi: vmk80xx: fix expression for tx buffer size
USB: serial: option: add support for Cinterion MV31 with new baseline
USB: serial: io_ti: add Agilent E5805A support
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
serial: 8250: Store to lsr_save_flags after lsr read
ext4: fix bug_on ext4_mb_use_inode_pa
ext4: make variable "count" signed
ext4: add reserved GDT blocks check
l2tp: don't use inet_shutdown on ppp session destroy
l2tp: fix race in pppol2tp_release with session object destroy
s390/mm: use non-quiescing sske for KVM switch to keyed guest
xprtrdma: fix incorrect header size calculations
swiotlb: fix info leak with DMA_FROM_DEVICE
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
fuse: fix pipe buffer lifetime for direct_io
tcp: change source port randomizarion at connect() time
tcp: add some entropy in __inet_hash_connect()
secure_seq: use the 64 bits of the siphash for port offset calculation
tcp: use different parts of the port_offset for index and offset
tcp: add small random increments to the source port
tcp: dynamically allocate the perturb table used by source ports
tcp: increase source port perturb table to 2^16
tcp: drop the hash_32() part from the index calculation
Linux 4.9.320
Conflicts:
crypto/chacha20_generic.c
drivers/char/random.c
drivers/of/fdt.c
include/crypto/chacha20.h
lib/chacha20.c
Merge resolution notes:
- Added CHACHA20_KEY_SIZE and CHACHA20_BLOCK_SIZE constants to
chacha.h, to minimize changes from the 4.9.320 version of random.c
- Updated lib/vsprintf.c for
"random: replace custom notifier chain with standard one".
Change-Id: Ia7a12d8883b808f88bbe807d6150552bb084f6b3
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
||
|
Michael Bestas
|
43cdebbc57 |
Merge remote-tracking branch 'common/android-4.9-q' into android-msm-pixel-4.9
* common/android-4.9-q:
Linux 4.9.312
block/compat_ioctl: fix range check in BLKGETSIZE
ext4: force overhead calculation if the s_overhead_cluster makes no sense
ext4: fix overhead calculation to account for the reserved gdt blocks
ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
ARC: entry: fix syscall_trace_exit argument
e1000e: Fix possible overflow in LTR decoding
ASoC: soc-dapm: fix two incorrect uses of list iterator
openvswitch: fix OOB access in reserve_sfa_size()
dma: at_xdmac: fix a missing check on list iterator
ata: pata_marvell: Check the 'bmdma_addr' beforing reading
drm/msm/mdp5: check the return of kzalloc()
brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
cifs: Check the IOCB_DIRECT flag, not O_DIRECT
vxlan: fix error return code in vxlan_fdb_append
ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
ARM: vexpress/spc: Avoid negative array index when !SMP
netlink: reset network and mac headers in netlink_dump()
net/packet: fix packet_sock xmit return value checking
dmaengine: imx-sdma: Fix error checking in sdma_event_remap
ALSA: usb-audio: Clear MIDI port active flag after draining
gfs2: assign rgrp glock before compute_bitstructs
mm: page_alloc: fix building error on -Werror=array-compare
etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
Linux 4.9.311
gcc-plugins: latent_entropy: use /dev/urandom
i2c: pasemi: Wait for write xfers to finish
smp: Fix offline cpu check in flush_smp_call_function_queue()
ARM: davinci: da850-evm: Avoid NULL pointer dereference
ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
mm, page_alloc: fix build_zonerefs_node()
drivers: net: slip: fix NPD bug in sl_tx_timeout()
scsi: mvsas: Add PCI ID of RocketRaid 2640
gpu: ipu-v3: Fix dev_dbg frequency output
net: micrel: fix KS8851_MLL Kconfig
scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
drm/amdkfd: Check for potential null return of kmalloc_array()
cifs: potential buffer overflow in handling symlinks
nfc: nci: add flush_workqueue to prevent uaf
net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
veth: Ensure eth header is in skb's linear part
xfrm: policy: match with both mark and mask on user interfaces
arm64: module: remove (NOLOAD) from linker script
mm: don't skip swap entry even if zap_details specified
dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
arm64: patch_text: Fixup last cpu should be master
x86/speculation: Restore speculation related MSRs during S3 resume
x86/pm: Save the MSR validity status at context setup
mm/mempolicy: fix mpol_new leak in shared_policy_replace
mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
drbd: Fix five use after free bugs in get_initial_state
drm/imx: Fix memory leak in imx_pd_connector_get_modes
net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
mm: fix race between MADV_FREE reclaim and blkdev direct IO read
jfs: prevent NULL deref in diFree
virtio_console: eliminate anonymous module_init & module_exit
serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
SUNRPC/call_alloc: async tasks mustn't block waiting for memory
w1: w1_therm: fixes w1_seq for ds28ea00 sensors
init/main.c: return 1 from handled __setup() functions
Bluetooth: Fix use after free in hci_send_acl
xtensa: fix DTC warning unit_address_format
usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
scsi: libfc: Fix use after free in fc_exch_abts_resp()
MIPS: fix fortify panic when copying asm exception handlers
bnxt_en: Eliminate unintended link toggle during FW reset
scsi: aha152x: Fix aha152x_setup() __setup handler return value
scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
dm ioctl: prevent potential spectre v1 gadget
iommu/arm-smmu-v3: fix event handling soft lockup
scsi: bfa: Replace snprintf() with sysfs_emit()
scsi: mvsas: Replace snprintf() with sysfs_emit()
powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
ptp: replace snprintf with sysfs_emit
ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
ARM: 9187/1: JIVE: fix return value of __setup handler
rtc: wm8350: Handle error for wm8350_register_irq
KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
openvswitch: Fixed nd target mask field in the flow dump.
ARM: dts: spear13xx: Update SPI dma properties
ARM: dts: spear1340: Update serial node properties
ASoC: topology: Allow TLV control to be either read or write
ubi: fastmap: Return error code if memory allocation fails in add_aeb()
mm/memcontrol: return 1 from cgroup.memory __setup() handler
mm/mmap: return 1 from stack_guard_gap __setup() handler
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
pinctrl: pinconf-generic: Print arguments for bias-pull-*
gfs2: Make sure FITRIM minlen is rounded up to fs block size
ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
KVM: Prevent module exit until all VMs are freed
scsi: qla2xxx: Fix incorrect reporting of task management failure
mmc: host: Return an error when ->enable_sdio_irq() ops is missing
media: hdpvr: initialize dev->worker at hdpvr_register_videodev
video: fbdev: sm712fb: Fix crash in smtcfb_write()
ARM: mmp: Fix failure to remove sram device
ARM: tegra: tamonten: Fix I2C3 pad setting
media: cx88-mpeg: clear interrupt status register before streaming video
ASoC: soc-core: skip zero num_dai component in searching dai name
video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
ARM: dts: bcm2837: Add the missing L1/L2 cache information
ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
video: fbdev: cirrusfb: check pixclock to avoid divide by zero
video: fbdev: w100fb: Reset global state
video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
ntfs: add sanity check on allocation size
ext4: don't BUG if someone dirty pages without asking ext4 first
spi: tegra20: Use of_device_get_match_data()
PM: core: keep irq flags in device_pm_check_callbacks()
ACPI/APEI: Limit printable size of BERT table data
ACPICA: Avoid walking the ACPI Namespace if it is not there
irqchip/nvic: Release nvic_base upon failure
Fix incorrect type in assignment of ipv6 port for audit
loop: use sysfs_emit() in the sysfs xxx show()
selinux: use correct type for context length
net/x25: Fix null-ptr-deref caused by x25_disconnect
qlcnic: dcb: default to returning -EOPNOTSUPP
net: phy: broadcom: Fix brcm_fet_config_init()
netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
jfs: fix divide error in dbNextAG
kgdbts: fix return value of __setup handler
kgdboc: fix return value of __setup handler
tty: hvc: fix return value of __setup handler
pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
NFS: remove unneeded check in decode_devicenotify_args()
clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
clk: clps711x: Terminate clk_div_table with sentinel element
clk: loongson1: Terminate clk_div_table with sentinel element
remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
clk: qcom: clk-rcg2: Update the frac table for pixel clock
iio: adc: Add check for devm_request_threaded_irq
pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
mxser: fix xmit_buf leak in activate when LSR == 0xff
mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
i2c: mux: demux-pinctrl: do not deactivate a master that is not active
af_netlink: Fix shift out of bounds in group mask calculation
USB: storage: ums-realtek: fix error code in rts51x_read_mem()
MIPS: RB532: fix return value of __setup handler
mfd: mc13xxx: Add check for mc13xxx_irq_request
powerpc/sysdev: fix incorrect use to determine if list is empty
power: supply: wm8350-power: Add missing free in free_charger_irq
power: supply: wm8350-power: Handle error for wm8350_register_irq
i2c: xiic: Make bus names unique
KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
KVM: x86: Fix emulation in writing cr8
drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
ext2: correct max file size computing
TOMOYO: fix __setup handlers return values
scsi: pm8001: Fix abort all task initialization
scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
iwlwifi: Fix -EIO error code that is never returned
HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
ray_cs: Check ioremap return value
ath9k_htc: fix uninit value bugs
drm/edid: Don't clear formats if using deep color
mtd: onenand: Check for error irq
ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
ASoC: fsi: Add check for clk_enable
ASoC: wm8350: Handle error for wm8350_register_irq
ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
memory: emif: check the pointer temp in get_device_details()
memory: emif: Add check for setup_interrupts
ASoC: atmel_ssc_dai: Handle errors for clk_enable
ASoC: mxs-saif: Handle errors for clk_enable
printk: fix return value of printk.devkmsg __setup handler
arm64: dts: broadcom: Fix sata nodename
arm64: dts: ns2: Fix spi-cpol and spi-cpha property
ALSA: spi: Add check for clk_enable()
ASoC: ti: davinci-i2s: Add check for clk_enable()
media: usb: go7007: s2250-board: fix leak in probe()
soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
ARM: dts: qcom: ipq4019: fix sleep clock
video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
perf/x86/intel/pt: Fix address filter config for 32-bit kernel
perf/core: Fix address filter parser for multiple filters
sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
clocksource: acpi_pm: fix return value of __setup handler
hwmon: (pmbus) Add Vin unit off handling
crypto: ccp - ccp_dmaengine_unregister release dma channels
crypto: vmx - add missing dependencies
PM: suspend: fix return value of __setup handler
PM: hibernate: fix __setup handler error handling
hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
hwmon: (pmbus) Add mutex to regulator ops
selftests/x86: Add validity check and allow field splitting
spi: tegra114: Add missing IRQ check in tegra_spi_probe
crypto: mxs-dcp - Fix scatterlist processing
crypto: authenc - Fix sleep in atomic context in decrypt_tail
PCI: pciehp: Clear cmd_busy bit in polling mode
brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
brcmfmac: firmware: Allocate space for default boardrev in nvram
media: davinci: vpif: fix unbalanced runtime PM get
DEC: Limit PMAX memory probing to R3k systems
lib/raid6/test: fix multiple definition linking error
thermal: int340x: Increase bitmap size
carl9170: fix missing bit-wise or operator for tx_params
ARM: dts: exynos: add missing HDMI supplies on SMDK5420
ARM: dts: exynos: add missing HDMI supplies on SMDK5250
ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
video: fbdev: sm712fb: Fix crash in smtcfb_read()
drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
ALSA: cs4236: fix an incorrect NULL check on list iterator
Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
mempolicy: mbind_range() set_policy() after vma_merge()
mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
jffs2: fix memory leak in jffs2_scan_medium
jffs2: fix memory leak in jffs2_do_mount_fs
jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
NFSD: prevent underflow in nfssvc_decode_writeargs()
SUNRPC: avoid race between mod_timer() and del_timer_sync()
ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
clk: uniphier: Fix fixed-rate initialization
iio: inkern: make a best effort on offset calculation
iio: inkern: apply consumer scale on IIO_VAL_INT cases
coresight: Fix TRCCONFIGR.QE sysfs interface
USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
virtio-blk: Use blk_validate_block_size() to validate block size
block: Add a helper to validate the block size
af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
ethernet: sun: Free the coherent when failing in probing
virtio_console: break out of buf poll on remove
netdevice: add the case if dev is NULL
USB: serial: simple: add Nokia phone driver
USB: serial: pl2303: add IBM device IDs
Linux 4.9.310
arm64: Use the clearbhb instruction in mitigations
arm64: add ID_AA64ISAR2_EL1 sys register
KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
arm64: Mitigate spectre style branch history side channels
KVM: arm64: Add templates for BHB mitigation sequences
arm64: Add percpu vectors for EL1
arm64: entry: Add macro for reading symbol addresses from the trampoline
arm64: entry: Add vectors that have the bhb mitigation sequences
arm64: Move arm64_update_smccc_conduit() out of SSBD ifdef
arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
arm64: entry: Allow the trampoline text to occupy multiple pages
arm64: entry: Make the kpti trampoline's kpti sequence optional
arm64: entry: Move trampoline macros out of ifdef'd section
arm64: entry: Don't assume tramp_vectors is the start of the vectors
arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
arm64: entry: Move the trampoline data page before the text page
arm64: entry: Free up another register on kpti's tramp_exit path
arm64: entry: Make the trampoline cleanup optional
arm64: entry.S: Add ventry overflow sanity checks
arm64: Add helper to decode register from instruction
arm64: Add Cortex-X2 CPU part definition
arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
arm64: Add part number for Arm Cortex-A77
arm64: Add part number for Neoverse N1
arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT
arm64: Add silicon-errata.txt entry for ARM erratum 1188873
arm64: arch_timer: avoid unused function warning
arm64: arch_timer: Add workaround for ARM erratum 1188873
arm64: arch_timer: Add erratum handler for CPU-specific capability
arm64: arch_timer: Add infrastructure for multiple erratum detection methods
clocksource/drivers/arm_arch_timer: Introduce generic errata handling infrastructure
clocksource/drivers/arm_arch_timer: Remove fsl-a008585 parameter
arm64: capabilities: Add support for checks based on a list of MIDRs
arm64: Add helpers for checking CPU MIDR against a range
arm64: capabilities: Clean up midr range helpers
arm64: capabilities: Add flags to handle the conflicts on late CPU
arm64: capabilities: Prepare for fine grained capabilities
arm64: capabilities: Move errata processing code
arm64: capabilities: Move errata work around check on boot CPU
arm64: capabilities: Update prototype for enable call back
arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
arm64: Remove useless UAO IPI and describe how this gets enabled
arm64: errata: Provide macro for major and minor cpu revisions
Linux 4.9.309
llc: only change llc->dev when bind() succeeds
mac80211: fix potential double free on mesh join
crypto: qat - disable registration of algorithms
ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
netfilter: nf_tables: initialize registers in nft_do_chain()
ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
ALSA: cmipci: Restore aux vol on suspend/resume
ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
ALSA: pcm: Add stream lock during PCM reset ioctl operations
llc: fix netdevice reference leaks in llc_ui_bind()
staging: fbtft: fb_st7789v: reset display before initialization
net: ipv6: fix skb_over_panic in __ip6_append_data
nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
Linux 4.9.308
Input: aiptek - properly check endpoint type
usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
usb: gadget: rndis: prevent integer overflow in rndis_set_response()
atm: eni: Add check for dma_map_single
net/packet: fix slab-out-of-bounds access in packet_recvmsg()
fs: sysfs_emit: Remove PAGE_SIZE alignment check
kselftest/vm: fix tests build with old libc
sfc: extend the locking on mcdi->seqno
tcp: make tcp_read_sock() more robust
nl80211: Update bss channel on channel switch for P2P_CLIENT
atm: firestream: check the return value of ioremap() in fs_init()
can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready
ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE
MIPS: smp: fill in sibling and core maps earlier
ARM: dts: rockchip: fix a typo on rk3288 crypto-controller
xfrm: Fix xfrm migrate issues when address family changes
Linux 4.9.307
btrfs: unlock newly allocated extent buffer after error
ARM: fix Thumb2 regression with Spectre BHB
batman-adv: Don't expect inter-netns unique iflink indices
batman-adv: Request iflink once in batadv-on-batadv check
staging: gdm724x: fix use after free in gdm_lte_rx()
ARM: Spectre-BHB: provide empty stub for non-config
selftests/memfd: clean up mapping in mfd_fail_write
tracing: Ensure trace buffer is at least 4096 bytes large
Revert "xen-netback: Check for hotplug-status existence before watching"
net-sysfs: add check for netdevice being present to speed_show
sctp: fix kernel-infoleak for SCTP sockets
gpio: ts4900: Do not set DAT and OE together
NFC: port100: fix use-after-free in port100_send_complete
net/mlx5: Fix size field in bufferx_reg struct
ax25: Fix NULL pointer dereference in ax25_kill_by_device
net: ethernet: lpc_eth: Handle error for clk_enable
ethernet: Fix error handling in xemaclite_of_probe
qed: return status of qed_iov_get_link
net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare()
Linux 4.9.306
xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
xen/gnttab: fix gnttab_end_foreign_access() without page specified
xen: remove gnttab_query_foreign_access()
xen/gntalloc: don't use gnttab_query_foreign_access()
xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
xen/netfront: don't use gnttab_query_foreign_access() for mapped status
xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
xen/grant-table: add gnttab_try_end_foreign_access()
xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
ARM: fix build warning in proc-v7-bugs.c
x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE
x86/build: Fix compiler support check for CONFIG_RETPOLINE
ARM: Do not use NOCROSSREFS directive with ld.lld
ARM: fix co-processor register typo
ARM: fix build error when BPF_SYSCALL is disabled
ARM: include unprivileged BPF status in Spectre V2 reporting
ARM: Spectre-BHB workaround
ARM: use LOADADDR() to get load address of sections
ARM: early traps initialisation
ARM: report Spectre v2 status through sysfs
arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
arm/arm64: Provide a wrapper for SMCCC 1.1 calls
x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
x86/speculation: Warn about Spectre v2 LFENCE mitigation
x86/speculation: Update link to AMD speculation whitepaper
x86/speculation: Use generic retpoline by default on AMD
x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
Documentation/hw-vuln: Update spectre doc
x86/speculation: Add eIBRS + Retpoline options
x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization
Documentation: Add swapgs description to the Spectre v1 documentation
Documentation: Add section about CPU vulnerabilities for Spectre
x86/retpoline: Remove minimal retpoline support
x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant
Linux 4.9.305
hamradio: fix macro redefine warning
net: dcb: disable softirqs in dcbnl_flush_dev()
memfd: fix F_SEAL_WRITE after shmem huge page allocated
HID: add mapping for KEY_ALL_APPLICATIONS
Input: elan_i2c - fix regulator enable count imbalance after suspend/resume
Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power()
net: chelsio: cxgb3: check the return value of pci_find_capability()
soc: fsl: qe: Check of ioremap return value
ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
can: gs_usb: change active_channels's type from atomic_t to u8
efivars: Respect "block" flag in efivar_entry_set_safe()
net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
net: sxgbe: fix return value of __setup handler
net: stmmac: fix return value of __setup handler
mac80211: fix forwarded mesh frames AC & queue selection
firmware: qemu_fw_cfg: fix kobject leak in probe error path
firmware: Fix a reference count leak.
net: dcb: flush lingering app table entries for unregistered devices
netfilter: nf_queue: fix possible use-after-free
netfilter: nf_queue: don't assume sk is full socket
xfrm: fix MTU regression
ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
ata: pata_hpt37x: fix PCI clock detection
usb: gadget: clear related members when goto fail
usb: gadget: don't release an existing dev->buf
net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
i2c: qup: allow COMPILE_TEST
dmaengine: shdma: Fix runtime PM imbalance on error
cifs: fix double free race when mount fails in cifs_get_root()
Input: clear BTN_RIGHT/MIDDLE on buttonpads
i2c: bcm2835: Avoid clock stretching timeouts
mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
mac80211_hwsim: report NOACK frames in tx_status
Linux 4.9.304
fget: clarify and improve __fget_files() implementation
memblock: use kfree() to release kmalloced memblock regions
tty: n_gsm: fix proper link termination after failed open
tty: n_gsm: fix encoding of control signal octet bit DV
xhci: Prevent futile URB re-submissions due to incorrect return value.
usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
USB: serial: option: add Telit LE910R1 compositions
USB: serial: option: add support for DW5829e
tracefs: Set the group ownership in apply_options() not parse_options()
USB: gadget: validate endpoint index for xilinx udc
usb: gadget: rndis: add spinlock for rndis response list
Revert "USB: serial: ch341: add new Product ID for CH341A"
ata: pata_hpt37x: disable primary channel on HPT371
iio: adc: men_z188_adc: Fix a resource leak in an error handling path
RDMA/ib_srp: Fix a deadlock
configfs: fix a race in configfs_{,un}register_subsystem()
net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
drm/edid: Always set RGB444
openvswitch: Fix setting ipv6 fields causing hw csum failure
gso: do not skip outer ip header in case of ipip and net_failover
net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
serial: 8250: of: Fix mapped region size when using reg-offset property
serial: 8250: fix error handling in of_platform_serial_probe()
USB: zaurus: support another broken Zaurus
sr9700: sanity check for packet length
parisc/unaligned: Fix ldw() and stw() unalignment handlers
parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
Linux 4.9.303
net: usb: qmi_wwan: Add support for Dell DW5829e
tracing: Fix tp_printk option related with tp_printk_stop_on_boot
ata: libata-core: Disable TRIM on M88V29
NFS: Do not report writeback errors in nfs_getattr()
KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
lib/iov_iter: initialize "flags" in new pipe_buffer
i2c: brcmstb: fix support for DSL and CM variants
EDAC: Fix calculation of returned address and next offset in edac_align_ptr()
NFS: LOOKUP_DIRECTORY is also ok with symlinks
ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
ALSA: hda: Fix missing codec probe on Shenker Dock 15
ALSA: hda: Fix regression on forced probe mask option
libsubcmd: Fix use-after-free for realloc(..., 0)
drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
iwlwifi: pcie: fix locking when "HW not ready"
vsock: remove vsock from connected table when connect is interrupted by a signal
vsock: correct removal of socket from the list
taskstats: Cleanup the use of task->exit_code
xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
drm/radeon: Fix backlight control on iMac 12,1
quota: make dquot_quota_sync return errors from ->sync_fs
vfs: make freeze_super abort when sync_filesystem returns error
ax25: improve the incomplete fix to avoid UAF and NPD bugs
selftests/zram: Adapt the situation that /dev/zram0 is being used
selftests/zram01.sh: Fix compression ratio calculation
selftests/zram: Skip max_comp_streams interface on newer kernel
net: ieee802154: at86rf230: Stop leaking skb's
btrfs: send: in case of IO error log it
parisc: Fix sglist access in ccio-dma.c
parisc: Fix data TLB miss in sba_unmap_sg
serial: parisc: GSC: fix build when IOSAPIC is not set
net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
Makefile.extrawarn: Move -Wunaligned-access to W=1
UPSTREAM: net: fix skb_panic to output real address
UPSTREAM: xfrm: Make function xfrmi_get_link_net() static
UPSTREAM: xfrm: fix gro_cells leak when remove virtual xfrm interfaces
UPSTREAM: xfrm interface: fix memory leak on creation
UPSTREAM: xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate
UPSTREAM: xfrm/compat: Translate by copying XFRMA_UNSPEC attribute
UPSTREAM: xfrm/compat: memset(0) 64-bit padding at right place
UPSTREAM: xfrm/compat: Don't allocate memory with __GFP_ZERO
UPSTREAM: xfrm/compat: Cleanup WARN()s that can be user-triggered
UPSTREAM: net: xfrm: fix memory leak in xfrm_user_rcv_msg
UPSTREAM: arm64/vdso: don't leak kernel addresses
UPSTREAM: tracing: make PREEMPTIRQ_EVENTS depend on TRACING
UPSTREAM: trace_uprobe: Use %lx to display offset
UPSTREAM: kprobes: Fix random address output of blacklist file
UPSTREAM: mm/huge_memory.c: __split_huge_page() use atomic ClearPageDirty()
UPSTREAM: x86/realmode: Don't leak the trampoline kernel address
UPSTREAM: bpf: bpf_prog_array_alloc() should return a generic non-rcu pointer
UPSTREAM: bpf: fix rcu annotations in compute_effective_progs()
UPSTREAM: optee: add writeback to valid memory type
UPSTREAM: lib/test_printf.c: accept "ptrval" as valid result for plain 'p' tests
UPSTREAM: kdb: use correct pointer when 'btc' calls 'btt'
UPSTREAM: kdb: print real address of pointers instead of hashed addresses
UPSTREAM: powerpc/traps: Fix the message printed when stack overflows
UPSTREAM: f2fs: should use GFP_NOFS for directory inodes
UPSTREAM: zram: off by one in read_block_state()
UPSTREAM: tee: fix put order in teedev_close_context()
UPSTREAM: vsprintf: Replace memory barrier with static_key for random_ptr_key update
UPSTREAM: ARM: 8896/1: VDSO: Don't leak kernel addresses
UPSTREAM: parisc: Show unhashed hardware inventory
UPSTREAM: parisc: Show initial kernel memory layout unhashed
UPSTREAM: parisc: Show unhashed HPA of Dino chip
UPSTREAM: parisc: Show unhashed EISA EEPROM address
UPSTREAM: HID: input: throttle battery uevents
UPSTREAM: HID: steam: select CONFIG_POWER_SUPPLY
UPSTREAM: HID: sony: Fix for broken buttons on DS3 USB dongles
UPSTREAM: HID: input: do not report stylus battery state as "full"
Linux 4.9.302
HID: wacom: add USB_HID dependency
hwmon: (dell-smm) Speed up setting of fan speed
USB: serial: cp210x: add CPI Bulk Coin Recycler id
USB: serial: cp210x: add NCR Retail IO box id
USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
USB: serial: option: add ZTE MF286D modem
USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
usb: gadget: rndis: check size of RNDIS_MSG_SET command
USB: gadget: validate interface OS descriptor requests
usb: dwc3: gadget: Prevent core from processing stale TRBs
n_tty: wake up poll(POLLRDNORM) on receiving data
bpf: Add kconfig knob for disabling unpriv bpf by default
vt_ioctl: add array_index_nospec to VT_ACTIVATE
vt_ioctl: fix array_index_nospec in vt_setactivate
tipc: rate limit warning for received illegal binding update
net: fix a memleak when uncloning an skb dst and its metadata
net: do not keep the dst cache when uncloning an skb dst and its metadata
ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
bonding: pair enable_port with slave_arr_updates
ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
staging: fbtft: Fix error path in fbtft_driver_module_init()
ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
scsi: target: iscsi: Make sure the np under each tpg is unique
NFSv4 remove zero number of fs_locations entries error check
nfs: nfs4clinet: check the return value of kstrdup()
NFSv4 only print the label when its queried
Revert "net: axienet: Wait for PhyRstCmplt after core reset"
ALSA: line6: Fix misplaced backport of "Fix wrong altsetting for LINE6_PODHD500_1"
serial: sh-sci: Fix misplaced backport of "Fix late enablement of AUTORTS"
Input: i8042 - Fix misplaced backport of "add ASUS Zenbook Flip to noselftest list"
NFSD: Clamp WRITE offsets
NFS: Fix initialisation of nfs_client cl_flags field
ima: Remove ima_policy file before directory
integrity: check the return value of audit_log_start()
Revert "tracefs: Have tracefs directories not set OTH permission bits by default"
Linux 4.9.301
tipc: improve size validations for received domain records
moxart: fix potential use-after-free on remove path
cgroup-v1: Require capabilities to set release_agent
Linux 4.9.300
ext4: fix error handling in ext4_restore_inline_data()
EDAC/xgene: Fix deferred probing
EDAC/altera: Fix deferred probing
rtc: cmos: Evaluate century appropriate
nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
ASoC: fsl: Add missing error handling in pcm030_fabric_probe
net: macsec: Verify that send_sci is on when setting Tx sci explicitly
net: ieee802154: Return meaningful error codes from the netlink helpers
spi: mediatek: Avoid NULL pointer crash in interrupt
spi: bcm-qspi: check for valid cs before applying chip select
iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
drm/nouveau: fix off by one in BIOS boundary checking
ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
af_packet: fix data-race in packet_setsockopt / packet_setsockopt
rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
net: amd-xgbe: Fix skb data length underflow
net: amd-xgbe: ensure to reset the tx_timer_active flag
ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
netfilter: nat: limit port clash resolution attempts
netfilter: nat: remove l4 protocol port rovers
ipv4: tcp: send zero IPID in SYNACK messages
ipv4: raw: lock the socket in raw_bind()
hwmon: (lm90) Reduce maximum conversion rate for G781
drm/msm: Fix wrong size calculation
net-procfs: show net devices bound packet types
NFSv4: nfs_atomic_open() can race when looking up a non-regular file
NFSv4: Handle case where the lookup of a directory fails
ipv4: avoid using shared IP generator for connected sockets
net: fix information leakage in /proc/net/ptype
ipv6_tunnel: Rate limit warning messages
scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
powerpc/32: Fix boot failure with GCC latent entropy plugin
USB: core: Fix hang in usb_kill_urb by adding memory barriers
usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
tty: Add support for Brainboxes UC cards.
tty: n_gsm: fix SW flow control encoding/handling
serial: stm32: fix software flow control transfer
PM: wakeup: simplify the output logic of pm_show_wakelocks()
udf: Fix NULL ptr deref when converting from inline format
udf: Restore i_lenAlloc when inode expansion fails
scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
s390/hypfs: include z/VM guests with access control group set
Bluetooth: refactor malicious adv data check
can: bcm: fix UAF of bcm op
BACKPORT: ipv6: Implement draft-ietf-6man-rfc4941bis
Linux 4.9.299
ion: Do not 'put' ION handle until after its final use
ion: Protect kref from userspace manipulation
ion: Fix use after free during ION_IOC_ALLOC
ARM: 8800/1: use choice for kernel unwinders
KVM: X86: MMU: Use the correct inherited permissions to get shadow page
KVM: nVMX: fix EPT permissions as reported in exit qualification
NFSv4: Initialise connection to the server in nfs4_alloc_client()
media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
drm/i915: Flush TLBs before releasing backing store
Linux 4.9.298
KVM: do not allow mapping valid but non-reference-counted pages
KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()
KVM: do not assume PTE is writable after follow_pfn
mm: add follow_pte_pmd()
lib/timerqueue: Rely on rbtree semantics for next timer
rbtree: cache leftmost node internally
cipso,calipso: resolve a number of problems with the DOI refcounts
gianfar: fix jumbo packets+napi+rx overrun crash
gianfar: simplify FCS handling and fix memory leak
drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
gup: document and work around "COW can break either way" issue
Revert "gup: document and work around "COW can break either way" issue"
lib82596: Fix IRQ check in sni_82596_probe
scripts/dtc: dtx_diff: remove broken example from help text
bcmgenet: add WOL IRQ check
net_sched: restore "mpu xxx" handling
dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
dmaengine: at_xdmac: Fix lld view setting
dmaengine: at_xdmac: Print debug message after realeasing the lock
dmaengine: at_xdmac: Don't start transactions at tx_submit level
libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
netns: add schedule point in ops_exit_list()
net: axienet: fix number of TX ring slots for available check
net: axienet: Wait for PhyRstCmplt after core reset
af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
RDMA/rxe: Fix a typo in opcode name
RDMA/hns: Modify the mapping attribute of doorbell to device
drm/radeon: fix error handling in radeon_driver_open_kms
fuse: fix live lock in fuse_iget()
fuse: fix bad inode
ext4: don't use the orphan list when migrating an inode
ext4: Fix BUG_ON in ext4_bread when write quota data
ext4: set csum seed in tmp inode while migrating to extents
iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
power: bq25890: Enable continuous conversion for ADC at charging
ASoC: mediatek: mt8173: fix device_node leak
scsi: sr: Don't use GFP_DMA
MIPS: Octeon: Fix build errors using clang
i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
ALSA: seq: Set upper limit of processed events
w1: Misuse of get_user()/put_user() reported by sparse
i2c: mpc: Correct I2C reset procedure
powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
i2c: i801: Don't silently correct invalid transfer size
powerpc/btext: add missing of_node_put
powerpc/cell: add missing of_node_put
powerpc/powernv: add missing of_node_put
powerpc/6xx: add missing of_node_put
parisc: Avoid calling faulthandler_disabled() twice
serial: core: Keep mctrl register state and cached copy in sync
serial: pl010: Drop CR register reset on set_termios
dm space map common: add bounds check to sm_ll_lookup_bitmap()
dm btree: add a defensive bounds check to insert_at()
net: mdio: Demote probed message to debug print
btrfs: remove BUG_ON(!eie) in find_parent_nodes
btrfs: remove BUG_ON() in find_parent_nodes()
ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
ACPICA: Utilities: Avoid deleting the same object twice in a row
jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
um: registers: Rename function names to avoid conflicts and build problems
ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
media: igorplugusb: receiver overflow should be reported
net: bonding: debug: avoid printing debug logs when bond is not notifying peers
ath10k: Fix tx hanging
iwlwifi: mvm: synchronize with FW after multicast commands
media: m920x: don't use stack on USB reads
media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
floppy: Add max size check for user space request
mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
HSI: core: Fix return freed object in hsi_new_client
gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
media: b2c2: Add missing check in flexcop_pci_isr:
HID: apple: Do not reset quirks when the Fn key is not found
usb: gadget: f_fs: Use stream_open() for endpoint files
ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
fs: dlm: filter user dlm messages for kernel locks
Bluetooth: Fix debugfs entry leak in hci_register_dev()
RDMA/cxgb4: Set queue pair state when being queried
mips: bcm63xx: add support for clk_set_parent()
mips: lantiq: add support for clk_set_parent()
misc: lattice-ecp3-config: Fix task hung when firmware load failed
ASoC: samsung: idma: Check of ioremap return value
dmaengine: pxa/mmp: stop referencing config->slave_id
RDMA/core: Let ib_find_gid() continue search even after empty entry
scsi: ufs: Fix race conditions related to driver data
char/mwave: Adjust io port register size
ALSA: oss: fix compile error when OSS_DEBUG is enabled
powerpc/prom_init: Fix improper check of prom_getprop()
RDMA/hns: Validate the pkey index
ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
ext4: avoid trim error on fs with small groups
net: mcs7830: handle usb read errors properly
pcmcia: fix setting of kthread task states
can: xilinx_can: xcan_probe(): check for error irq
can: softing: softing_startstop(): fix set but not used variable warning
spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
fsl/fman: Check for null pointer after calling devm_ioremap
ppp: ensure minimum packet size in ppp_write()
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region()
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region()
usb: ftdi-elan: fix memory leak on device disconnect
media: msi001: fix possible null-ptr-deref in msi001_probe()
media: si2157: Fix "warm" tuner state detection
media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
media: dib8000: Fix a memleak in dib8000_init()
floppy: Fix hang in watchdog when disk is ejected
serial: amba-pl011: do not request memory region twice
drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()
drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
arm64: dts: qcom: msm8916: fix MMC controller aliases
netfilter: bridge: add support for pppoe filtering
tty: serial: atmel: Call dma_async_issue_pending()
tty: serial: atmel: Check return code of dmaengine_submit()
crypto: qce - fix uaf on qce_ahash_register_one
media: dmxdev: fix UAF when dvb_register_device() fails
Bluetooth: stop proccessing malicious adv data
wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
can: softing_cs: softingcs_probe(): fix memleak on registration failure
media: stk1160: fix control-message timeouts
media: pvrusb2: fix control-message timeouts
media: redrat3: fix control-message timeouts
media: dib0700: fix undefined behavior in tuner shutdown
media: s2255: fix control-message timeouts
media: cpia2: fix control-message timeouts
media: em28xx: fix control-message timeouts
media: mceusb: fix control-message timeouts
media: flexcop-usb: fix control-message timeouts
rtc: cmos: take rtc_lock while reading from CMOS
nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
HID: wacom: Avoid using stale array indicies to read contact count
HID: uhid: Fix worker destroying device without any protection
rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
media: uvcvideo: fix division by zero at stream start
drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn()
random: fix data race on crng init time
random: fix data race on crng_node_pool
can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data
mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
USB: core: Fix bug in resuming hub's handling of wakeup requests
Bluetooth: bfusb: fix division by zero in send path
Linux 4.9.297
power: reset: ltc2952: Fix use of floating point literals
mISDN: change function names to avoid conflicts
net: udp: fix alignment problem in udp4_seq_show()
ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
phonet: refcount leak in pep_sock_accep
arm64: sysreg: Move to use definitions for all the SCTLR bits
arm64: move !VHE work to end of el2_setup
arm64: reduce el2_setup branching
arm64: Remove a redundancy in sysreg.h
bug: split BUILD_BUG stuff out into <linux/build_bug.h>
rndis_host: support Hytera digital radios
xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
i40e: Fix incorrect netdev's real number of RX/TX queues
mac80211: initialize variable have_higher_than_11mbit
ieee802154: atusb: fix uninit value in atusb_set_extended_addr
virtio_pci: Support surprise removal of virtio pci device
tracing: Tag trace_percpu_buffer as a percpu pointer
tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models
Linux 4.9.296
net: fix use-after-free in tw_timer_handler
Input: spaceball - fix parsing of movement data packets
Input: appletouch - initialize work before device registration
scsi: vmw_pvscsi: Set residual data length conditionally
usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
uapi: fix linux/nfc.h userspace compilation errors
nfc: uapi: use kernel size_t to fix user-space builds
fsl/fman: Fix missing put_device() call in fman_port_probe
selinux: initialize proto variable in selinux_ip_postroute_compat()
recordmcount.pl: fix typo in s390 mcount regex
platform/x86: apple-gmux: use resource_size() with res
HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option
Linux 4.9.295
phonet/pep: refuse to enable an unbound pipe
hamradio: improve the incomplete fix to avoid NPD
hamradio: defer ax25 kfree after unregister_netdev
ax25: NPD bug when detaching AX25 device
hwmon: (lm90) Do not report 'busy' status bit as alarm
ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
x86/pkey: Fix undefined behaviour with PKRU_WD_BIT
ALSA: drivers: opl3: Fix incorrect use of vp->state
ALSA: jack: Check the return value of kstrdup()
hwmon: (lm90) Fix usage of CONFIG2 register in detect function
drivers: net: smc911x: Check for error irq
fjes: Check for error irq
bonding: fix ad_actor_system option setting to default
qlcnic: potential dereference null pointer of rx_queue->page_ring
IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
HID: holtek: fix mouse probing
can: kvaser_usb: get CAN clock frequency from device
net: usb: lan78xx: add Allied Telesis AT29M2-AF
Linux 4.9.294
xen/netback: don't queue unlimited number of packages
xen/netback: fix rx queue stall detection
xen/console: harden hvc_xen against event channel storms
xen/netfront: harden netfront against event channel storms
xen/blkfront: harden blkfront against event channel storms
Input: touchscreen - avoid bitwise vs logical OR warning
mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
ARM: 8805/2: remove unneeded naked function usage
net: lan78xx: Avoid unnecessary self assignment
scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
fuse: annotate lock in fuse_reverse_inval_entry()
firmware: arm_scpi: Fix string overflow in SCPI genpd driver
net: systemport: Add global locking for descriptor lifecycle
timekeeping: Really make sure wall_to_monotonic isn't positive
USB: serial: option: add Telit FN990 compositions
PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error
USB: gadget: bRequestType is a bitfield, not a enum
ixgbe: set X550 MDIO speed before talking to PHY
igbvf: fix double free in `igbvf_probe`
soc/tegra: fuse: Fix bitwise vs. logical OR warning
nfsd: fix use-after-free due to delegation race
dm btree remove: fix use after free in rebalance_children()
recordmcount.pl: look for jgnop instruction as well as bcrl on s390
mac80211: send ADDBA requests using the tid/queue of the aggregation session
hwmon: (dell-smm) Fix warning on /proc/i8k creation error
tracing: Fix a kmemleak false positive in tracing_map
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
i2c: rk3x: Handle a spurious start completion interrupt flag
parisc/agp: Annotate parisc agp init functions with __init
net/mlx4_en: Update reported link modes for 1/10G
nfc: fix segfault in nfc_genl_dump_devices_done
FROMGIT: USB: gadget: bRequestType is a bitfield, not a enum
Linux 4.9.293
irqchip: nvic: Fix offset for Interrupt Priority Offsets
irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc()
iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
iio: itg3200: Call iio_trigger_notify_done() on error
iio: kxsd9: Don't return error code in trigger handler
iio: ltr501: Don't return error code in trigger handler
iio: mma8452: Fix trigger reference couting
iio: stk3310: Don't return error code in interrupt handler
usb: core: config: using bit mask instead of individual bits
usb: core: config: fix validation of wMaxPacketValue entries
USB: gadget: zero allocate endpoint 0 buffers
USB: gadget: detect too-big endpoint 0 requests
net/qla3xxx: fix an error code in ql_adapter_up()
net, neigh: clear whole pneigh_entry at alloc time
net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
net: altera: set a couple error code in probe()
net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
tracefs: Set all files to the same group ownership as the mount option
signalfd: use wake_up_pollfree()
binder: use wake_up_pollfree()
wait: add wake_up_pollfree()
libata: add horkage for ASMedia 1092
can: pch_can: pch_can_rx_normal: fix use after free
tracefs: Have new files inherit the ownership of their parent
ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
ALSA: pcm: oss: Limit the period size to 16MB
ALSA: pcm: oss: Fix negative period/buffer sizes
ALSA: ctl: Fix copy of updated id with element read/write
mm: bdi: initialize bdi_min_ratio when bdi is unregistered
IB/hfi1: Correct guard on eager buffer deallocation
nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
can: sja1000: fix use after free in ems_pcmcia_add_card()
HID: check for valid USB device for many HID drivers
HID: wacom: fix problems when device is not a valid USB device
HID: add USB_HID dependancy on some USB HID drivers
HID: add USB_HID dependancy to hid-chicony
HID: add USB_HID dependancy to hid-prodikeys
HID: add hid_is_usb() function to make it simpler for USB detection
HID: introduce hid_is_using_ll_driver
UPSTREAM: USB: gadget: zero allocate endpoint 0 buffers
UPSTREAM: USB: gadget: detect too-big endpoint 0 requests
Conflicts:
arch/arm64/include/asm/cputype.h
arch/arm64/kernel/bpi.S
arch/arm64/kernel/cpu_errata.c
arch/arm64/kernel/vdso.c
drivers/clk/qcom/clk-rcg2.c
drivers/media/dvb-core/dmxdev.c
drivers/mmc/core/host.c
drivers/net/usb/lan78xx.c
drivers/staging/android/ion/ion-ioctl.c
drivers/staging/android/ion/ion.c
drivers/staging/android/ion/ion_priv.h
drivers/usb/gadget/composite.c
drivers/usb/gadget/function/rndis.c
drivers/usb/gadget/function/rndis.h
lib/vsprintf.c
mm/memory.c
net/ipv6/ip6_output.c
Change-Id: Ie8bf6aa5dac3ae822cef90decbba577cefedcb31
|
||
|
Steven Rostedt (VMware)
|
67694ef4b7 |
UPSTREAM: vsprintf: Replace memory barrier with static_key for random_ptr_key update
Reviewing Tobin's patches for getting pointers out early before entropy has been established, I noticed that there's a lone smp_mb() in the code. As with most lone memory barriers, this one appears to be incorrectly used. We currently basically have this: get_random_bytes(&ptr_key, sizeof(ptr_key)); /* * have_filled_random_ptr_key==true is dependent on get_random_bytes(). * ptr_to_id() needs to see have_filled_random_ptr_key==true * after get_random_bytes() returns. */ smp_mb(); WRITE_ONCE(have_filled_random_ptr_key, true); And later we have: if (unlikely(!have_filled_random_ptr_key)) return string(buf, end, "(ptrval)", spec); /* Missing memory barrier here. */ hashval = (unsigned long)siphash_1u64((u64)ptr, &ptr_key); As the CPU can perform speculative loads, we could have a situation with the following: CPU0 CPU1 ---- ---- load ptr_key = 0 store ptr_key = random smp_mb() store have_filled_random_ptr_key load have_filled_random_ptr_key = true BAD BAD BAD! (you're so bad!) Because nothing prevents CPU1 from loading ptr_key before loading have_filled_random_ptr_key. But this race is very unlikely, but we can't keep an incorrect smp_mb() in place. Instead, replace the have_filled_random_ptr_key with a static_branch not_filled_random_ptr_key, that is initialized to true and changed to false when we get enough entropy. If the update happens in early boot, the static_key is updated immediately, otherwise it will have to wait till entropy is filled and this happens in an interrupt handler which can't enable a static_key, as that requires a preemptible context. In that case, a work_queue is used to enable it, as entropy already took too long to establish in the first place waiting a little more shouldn't hurt anything. The benefit of using the static key is that the unlikely branch in vsprintf() now becomes a nop. Link: http://lkml.kernel.org/r/20180515100558.21df515e@gandalf.local.home Cc: stable@vger.kernel.org Fixes: ad67b74d2469d ("printk: hash addresses printed with %p") Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> (cherry picked from commit 85f4f12d51397f1648e1f4350f77e24039b82d61) Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I1cff63252bc4ac40795bf852c0f469ba37f4231f |
||
|
Joel Fernandes (Google)
|
0323ec8340 |
FROMLIST: vsprintf: Inline call to ptr_to_hashval
There is concern that ptr_to_hashval not being inlined can cause performance issues (unlike before where it was a static branch) with trace_printk being a hot path for it. Just create an inline version called __ptr_to_hashval(), and have the actual ptr_to_hashval() call it. Link: http://lore.kernel.org/r/20191113153816.14b95acd@gandalf.local.home Link: lore.kernel.org/r/20191114164622.GC233237@google.com Suggested-by: Steven Rostedt <rostedt@goodmis.org> Change-Id: Ie7133b9f32a8185e244db2634b028b316a3d7ea1 Signed-off-by: Joel Fernandes <joel@joelfernandes.org> Signed-off-by: Joel Fernandes <joelaf@google.com> |
||
|
Joel Fernandes
|
06e9c9aa18 |
BACKPORT: rss_stat: Add support to detect RSS updates of external mm
When a process updates the RSS of a different process, the rss_stat tracepoint appears in the context of the process doing the update. This can confuse userspace that the RSS of process doing the update is updated, while in reality a different process's RSS was updated. This issue happens in reclaim paths such as with direct reclaim or background reclaim. This patch adds more information to the tracepoint about whether the mm being updated belongs to the current process's context (curr field). We also include a hash of the mm pointer so that the process who the mm belongs to can be uniquely identified (mm_id field). Also vsprintf.c is refactored a bit to allow reuse of hashing code. Change-Id: I5bac4aa221cea0d123fdb6fcc15dede6130e9c22 Reported-by: Ioannis Ilkos <ilkos@google.com> Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Joel Fernandes <joelaf@google.com> |
||
|
Tobin C. Harding
|
5c145bd658 |
BACKPORT: vsprintf: add printk specifier %px
printk specifier %p now hashes all addresses before printing. Sometimes we need to see the actual unmodified address. This can be achieved using %lx but then we face the risk that if in future we want to change the way the Kernel handles printing of pointers we will have to grep through the already existent 50 000 %lx call sites. Let's add specifier %px as a clear, opt-in, way to print a pointer and maintain some level of isolation from all the other hex integer output within the Kernel. Add printk specifier %px to print the actual unmodified address. Signed-off-by: Tobin C. Harding <me@tobin.cc> (cherry picked from commit 7b1924a1d930eb27fc79c4e4e2a6c1c970623e68) Signed-off-by: Sandeep Patil <sspatil@android.com> Bug: 78533979 Test: Build and boot cuttlefish Change-Id: I735db3b72abb318f535d55122f1745d0ead0dbe7 |
||
|
Tobin C. Harding
|
ae89bc64b9 |
BACKPORT: printk: hash addresses printed with %p
Currently there exist approximately 14 000 places in the kernel where
addresses are being printed using an unadorned %p. This potentially
leaks sensitive information regarding the Kernel layout in memory. Many
of these calls are stale, instead of fixing every call lets hash the
address by default before printing. This will of course break some
users, forcing code printing needed addresses to be updated.
Code that _really_ needs the address will soon be able to use the new
printk specifier %px to print the address.
For what it's worth, usage of unadorned %p can be broken down as
follows (thanks to Joe Perches).
$ git grep -E '%p[^A-Za-z0-9]' | cut -f1 -d"/" | sort | uniq -c
1084 arch
20 block
10 crypto
32 Documentation
8121 drivers
1221 fs
143 include
101 kernel
69 lib
100 mm
1510 net
40 samples
7 scripts
11 security
166 sound
152 tools
2 virt
Add function ptr_to_id() to map an address to a 32 bit unique
identifier. Hash any unadorned usage of specifier %p and any malformed
specifiers.
Signed-off-by: Tobin C. Harding <me@tobin.cc>
(cherry picked from commit ad67b74d2469d9b82aaa572d76474c95bc484d57)
Signed-off-by: Sandeep Patil <sspatil@android.com>
Bug: 78533979
Test: Build and boot cuttlefish
Test: Runtime tests by enabling CONFIG_TEST_PRINTF
Change-Id: I4a12d890d7b22caa502280d78cb4f6a09c866471
|
||
|
Tobin C. Harding
|
440a6cc61a |
BACKPORT: vsprintf: refactor %pK code out of pointer()
Currently code to handle %pK is all within the switch statement in pointer(). This is the wrong level of abstraction. Each of the other switch clauses call a helper function, pK should do the same. Refactor code out of pointer() to new function restricted_pointer(). Signed-off-by: Tobin C. Harding <me@tobin.cc> (cherry picked from commit 57e734423adda83f3b05505875343284efe3b39c) Signed-off-by: Sandeep Patil <sspatil@android.com> Bug: 78533979 Test: Build and boot cuttlefish Change-Id: Ib08350851ab0e99a3569c2c2e12aa421fb6bc622 |
||
|
Geert Uytterhoeven
|
ec7bea37c8 |
lib/vsprintf: Remove atomic-unsafe support for %pCr
commit 666902e42fd8344b923c02dc5b0f37948ff4f225 upstream.
"%pCr" formats the current rate of a clock, and calls clk_get_rate().
The latter obtains a mutex, hence it must not be called from atomic
context.
Remove support for this rarely-used format, as vsprintf() (and e.g.
printk()) must be callable from any context.
Any remaining out-of-tree users will start seeing the clock's name
printed instead of its rate.
Reported-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Fixes:
|
||
|
Andy Shevchenko
|
2b1b0d6670 |
lib/uuid.c: introduce a few more generic helpers
There are new helpers in this patch: uuid_is_valid checks if a UUID is valid uuid_be_to_bin converts from string to binary (big endian) uuid_le_to_bin converts from string to binary (little endian) They will be used in future, i.e. in the following patches in the series. This also moves the indices arrays to lib/uuid.c to be shared accross modules. [andriy.shevchenko@linux.intel.com: fix typo] Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Reviewed-by: Matt Fleming <matt@codeblueprint.co.uk> Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com> Cc: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Arnd Bergmann <arnd@arndb.de> Cc: "Theodore Ts'o" <tytso@mit.edu> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Jens Axboe <axboe@kernel.dk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Andy Shevchenko
|
aa4ea1c3b3 |
lib/vsprintf: simplify UUID printing
There are few functions here and there along with type definitions that provide UUID API. This series consolidates everything under one hood and converts current users. This has been tested for a while internally, however it doesn't mean we covered all possible cases (especially accuracy of UUID constants after conversion). So, please test this as much as you can and provide your tag. We appreciate the effort. The ACPI conversion is postponed for now to sort more generic things out first. This patch (of 9): Since we have hex_byte_pack_upper() we may use it directly and avoid second loop. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Reviewed-by: Matt Fleming <matt@codeblueprint.co.uk> Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com> Cc: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Arnd Bergmann <arnd@arndb.de> Cc: "Theodore Ts'o" <tytso@mit.edu> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Jens Axboe <axboe@kernel.dk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Jessica Yu
|
f9310b2f9a |
sscanf: implement basic character sets
Implement basic character sets for the '%[' conversion specifier.
The '%[' conversion specifier matches a nonempty sequence of characters
from the specified set of accepted (or with '^', rejected) characters
between the brackets. The substring matched is to be made up of
characters in (or not in) the set. This is useful for matching
substrings that are delimited by something other than spaces.
This implementation differs from its glibc counterpart in the following ways:
(1) No support for character ranges (e.g., 'a-z' or '0-9')
(2) The hyphen '-' is not a special character
(3) The closing bracket ']' cannot be matched
(4) No support (yet) for discarding matching input ('%*[')
The bitmap code is largely based upon sample code which was provided by
Rasmus.
The motivation for adding character set support to sscanf originally
stemmed from the kernel livepatching project. An ongoing patchset
utilizes new livepatch Elf symbol and section names to store important
metadata livepatch needs to properly apply its patches. Such metadata
is stored in these section and symbol names as substrings delimited by
periods '.' and commas ','. For example, a livepatch symbol name might
look like this:
.klp.sym.vmlinux.printk,0
However, sscanf currently can only extract "substrings" delimited by
whitespace using the "%s" specifier. Thus for the above symbol name,
one cannot not use sscanf() to extract substrings "vmlinux" or
"printk", for example. A number of discussions on the livepatch
mailing list dealing with string parsing code for extracting these '.'
and ',' delimited substrings eventually led to the conclusion that such
code would be completely unnecessary if the kernel sscanf() supported
character sets. Thus only a single sscanf() call would be necessary to
extract these substrings. In addition, such an addition to sscanf()
could benefit other areas of the kernel that might have a similar need
in the future.
[akpm@linux-foundation.org: 80-col tweaks]
Signed-off-by: Jessica Yu <jeyu@redhat.com>
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Vlastimil Babka
|
edf14cdbf9 |
mm, printk: introduce new format string for flags
In mm we use several kinds of flags bitfields that are sometimes printed for debugging purposes, or exported to userspace via sysfs. To make them easier to interpret independently on kernel version and config, we want to dump also the symbolic flag names. So far this has been done with repeated calls to pr_cont(), which is unreliable on SMP, and not usable for e.g. sysfs export. To get a more reliable and universal solution, this patch extends printk() format string for pointers to handle the page flags (%pGp), gfp_flags (%pGg) and vma flags (%pGv). Existing users of dump_flag_names() are converted and simplified. It would be possible to pass flags by value instead of pointer, but the %p format string for pointers already has extensions for various kernel structures, so it's a good fit, and the extra indirection in a non-critical path is negligible. [linux@rasmusvillemoes.dk: lots of good implementation suggestions] Signed-off-by: Vlastimil Babka <vbabka@suse.cz> Acked-by: Michal Hocko <mhocko@suse.com> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> Cc: Minchan Kim <minchan@kernel.org> Cc: Sasha Levin <sasha.levin@oracle.com> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> Cc: Mel Gorman <mgorman@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Jason A. Donenfeld
|
7eb3912994 |
vsprintf: kptr_restrict is okay in IRQ when 2
The kptr_restrict flag, when set to 1, only prints the kernel address when the user has CAP_SYSLOG. When it is set to 2, the kernel address is always printed as zero. When set to 1, this needs to check whether or not we're in IRQ. However, when set to 2, this check is unneccessary, and produces confusing results in dmesg. Thus, only make sure we're not in IRQ when mode 1 is used, but not mode 2. [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Kees Cook <keescook@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Andy Shevchenko
|
5b17aecfcd |
lib/vsprintf: factor out %pN[F] handler as netdev_bits()
Move switch case to the netdev_features_string() and rename it to netdev_bits(). In the future we can extend it as needed. Here we replace the fallback of %pN from '%p' with possible flags to sticter '0x%p' without any flags variation. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Joe Perches <joe@perches.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Andy Shevchenko
|
3cab1e7112 |
lib/vsprintf: refactor duplicate code to special_hex_number()
special_hex_number() is a helper to print a fixed size type in a hex format with '0x' prefix, zero padding, and small letters. In the module we have already several copies of such code. Consolidate them under special_hex_number() helper. There are couple of differences though. It seems nobody cared about the output in case of CONFIG_KALLSYMS=n, when printing symbol address, because the asked field width is not enough to care last 2 characters in the string represantation of the pointer. Fixed here. The %pNF specifier used to be allowed with a specific field width, though there is neither any user of it nor mention the possibility in the documentation. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Joe Perches <joe@perches.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Rasmus Villemoes
|
4d72ba014b |
lib/vsprintf.c: warn about too large precisions and field widths
The field width is overloaded to pass some extra information for some %p extensions (e.g. #bits for %pb). But we might silently truncate the passed value when we stash it in struct printf_spec (see e.g. "lib/vsprintf.c: expand field_width to 24 bits"). Hopefully 23 value bits should now be enough for everybody, but if not, let's make some noise. Do the same for the precision. In both cases, clamping seems more sensible than truncating. While, according to POSIX, "A negative precision is taken as if the precision were omitted.", the kernel's printf has always treated that case as if the precision was 0, so we use that as lower bound. For the field width, the smallest representable value is actually -(1<<23), but a negative field width means 'set the LEFT flag and use the absolute value', so we want the absolute value to fit. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Al Viro <viro@ZenIV.linux.org.uk> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Joe Perches <joe@perches.com> Cc: Kees Cook <keescook@chromium.org> Cc: Maurizio Lombardi <mlombard@redhat.com> Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Rasmus Villemoes
|
1c7a8e622e |
lib/vsprintf.c: help gcc make number() smaller
One consequence of the reorganization of struct printf_spec to make field_width 24 bits was that number() gained about 180 bytes. Since spec is never passed to other functions, we can help gcc make number() lose most of that extra weight by using local variables for the field width and precision. Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com> Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Al Viro <viro@ZenIV.linux.org.uk> Cc: Ingo Molnar <mingo@kernel.org> Cc: Joe Perches <joe@perches.com> Cc: Kees Cook <keescook@chromium.org> Cc: Maurizio Lombardi <mlombard@redhat.com> Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Rasmus Villemoes
|
d048419311 |
lib/vsprintf.c: expand field_width to 24 bits
Maurizio Lombardi reported a problem [1] with the %pb extension: It doesn't work for sufficiently large bitmaps, since the size is stashed in the field_width field of the struct printf_spec, which is currently an s16. Concretely, this manifested itself in /sys/bus/pseudo/drivers/scsi_debug/map being empty, since the bitmap printer got a size of 0, which is the 16 bit truncation of the actual bitmap size. We do want to keep struct printf_spec at 8 bytes so that it can cheaply be passed by value. The qualifier field is only used for internal bookkeeping in format_decode, so we might as well use a local variable for that. This gives us an additional 8 bits, which we can then use for the field width. To stay in 8 bytes, we need to do a little rearranging and make the type member a bitfield as well. For consistency, change all the members to bit fields. gcc doesn't generate much worse code with these changes (in fact, bloat-o-meter says we save 300 bytes - which I think is a little surprising). I didn't find a BUILD_BUG/compiletime_assertion/... which would work outside function context, so for now I just open-coded it. [1] http://thread.gmane.org/gmane.linux.kernel/2034835 [akpm@linux-foundation.org: avoid open-coded BUILD_BUG_ON] Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Reported-by: Maurizio Lombardi <mlombard@redhat.com> Acked-by: Tejun Heo <tj@kernel.org> Cc: Al Viro <viro@ZenIV.linux.org.uk> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Joe Perches <joe@perches.com> Cc: Kees Cook <keescook@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Rasmus Villemoes
|
34fc8b9076 |
lib/vsprintf.c: eliminate potential race in string()
If the string corresponding to a %s specifier can change under us, we might end up copying a \0 byte to the output buffer. There might be callers who expect the output buffer to contain a genuine C string whose length is exactly the snprintf return value (assuming truncation hasn't happened or has been checked for). We can avoid this by only passing over the source string once, stopping the first time we meet a nul byte (or when we reach the given precision), and then letting widen_string() handle left/right space padding. As a small bonus, this code reuse also makes the generated code slightly smaller. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Al Viro <viro@ZenIV.linux.org.uk> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Joe Perches <joe@perches.com> Cc: Kees Cook <keescook@chromium.org> Cc: Maurizio Lombardi <mlombard@redhat.com> Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Rasmus Villemoes
|
95508cfa10 |
lib/vsprintf.c: move string() below widen_string()
This is pure code movement, making sure the widen_string() helper is defined before the string() function. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Al Viro <viro@ZenIV.linux.org.uk> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Joe Perches <joe@perches.com> Cc: Kees Cook <keescook@chromium.org> Cc: Maurizio Lombardi <mlombard@redhat.com> Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Rasmus Villemoes
|
cfccde04e2 |
lib/vsprintf.c: pull out padding code from dentry_name()
Pull out the logic in dentry_name() which handles field width space padding, in preparation for reusing it from string(). Rename the widen() helper to move_right(), since it is used for handling the !(flags & LEFT) case. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Al Viro <viro@ZenIV.linux.org.uk> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Joe Perches <joe@perches.com> Cc: Kees Cook <keescook@chromium.org> Cc: Maurizio Lombardi <mlombard@redhat.com> Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Dmitry Monakhov
|
1031bc5892 |
lib/vsprintf: add %*pg format specifier
This allow to directly print block_device name. Currently one should use bdevname() with temporal char buffer. This is very ineffective because bloat stack usage for deep IO call-traces Example: %pg -> sda, sda1 or loop0p1 [AV: fixed a minor braino - position updates should not be dependent upon having reached the of buffer] Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Rasmus Villemoes
|
d7ec9a05d6 |
lib/vsprintf.c: update documentation
%n is no longer just ignored; it results in early return from vsnprintf. Also add a request to add test cases for future %p extensions. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Reviewed-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Jonathan Corbet <corbet@lwn.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Rasmus Villemoes
|
80c9eb46fa |
lib/vsprintf.c: remove SPECIAL handling in pointer()
As a quick git grep -E '%[ +0#-]*#[ +0#-]*(\*|[0-9]+)?(\.(\*|[0-9]+)?)?p' shows, nobody uses the # flag with %p. Should one try to do so, one will be met with warning: `#' flag used with `%p' gnu_printf format [-Wformat] (POSIX and C99 both say "... For other conversion specifiers, the behavior is undefined.". Obviously, the kernel can choose to define the behaviour however it wants, but as long as gcc issues that warning, users are unlikely to show up.) Since default_width is effectively always 2*sizeof(void*), we can simplify the prologue of pointer() and save a few instructions. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Acked-by: Kees Cook <keescook@chromium.org> Cc: Martin Kletzander <mkletzan@redhat.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Rasmus Villemoes
|
762abb5154 |
lib/vsprintf.c: also improve sanity check in bstr_printf()
Quoting from
|
||
|
Rasmus Villemoes
|
b006f19b05 |
lib/vsprintf.c: handle invalid format specifiers more robustly
If we meet any invalid or unsupported format specifier, 'handling' it by just printing it as a literal string is not safe: Presumably the format string and the arguments passed gcc's type checking, but that means something like sprintf(buf, "%n %pd", &intvar, dentry) would end up interpreting &intvar as a struct dentry*. When the offending specifier was %n it used to be at the end of the format string, but we can't rely on that always being the case. Also, gcc doesn't complain about some more or less exotic qualifiers (or 'length modifiers' in posix-speak) such as 'j' or 'q', but being unrecognized by the kernel's printf implementation, they'd be interpreted as unknown specifiers, and the rest of arguments would be interpreted wrongly. So let's complain about anything we don't understand, not just %n, and stop pretending that we'd be able to make sense of the rest of the format/arguments. If the offending specifier is in a printk() call we unfortunately only get a "BUG: recent printk recursion!", but at least direct users of the sprintf family will be caught. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Acked-by: Kees Cook <keescook@chromium.org> Cc: Martin Kletzander <mkletzan@redhat.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Martin Kletzander
|
5e4ee7b13b |
printk: synchronize %p formatting documentation
Move all pointer-formatting documentation to one place in the code and one place in the documentation instead of keeping it in three places with different level of completeness. Documentation/printk-formats.txt has detailed information about each modifier, docstring above pointer() has short descriptions of them (as that is the function dealing with %p) and docstring above vsprintf() is removed as redundant. Both docstrings in the code that were modified are updated with a reminder of updating the documentation upon any further change. [akpm@linux-foundation.org: fix comment] Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Jonathan Corbet <corbet@lwn.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Stephen Boyd
|
0d1d7a5588 |
lib/vsprintf.c: Include clk.h
This file uses the clk API so it should include clk.h directly instead of indirectly including it through clk-provider.h. Acked-by: Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by: Stephen Boyd <sboyd@codeaurora.org> |
||
|
Rasmus Villemoes
|
675cf53c1d |
lib/vsprintf.c: improve put_dec_trunc8 slightly
I hadn't had enough coffee when I wrote this. Currently, the final increment of buf depends on the value loaded from the table, and causes gcc to emit a cmov immediately before the return. It is smarter to let it depend on r, since the increment can then be computed in parallel with the final load/store pair. It also shaves 16 bytes of .text. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Tejun Heo <tj@kernel.org> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Rasmus Villemoes
|
7c43d9a30c |
lib/vsprintf.c: even faster binary to decimal conversion
The most expensive part of decimal conversion is the divisions by 10 (albeit done using reciprocal multiplication with appropriately chosen constants). I decided to see if one could eliminate around half of these multiplications by emitting two digits at a time, at the cost of a 200 byte lookup table, and it does indeed seem like there is something to be gained, especially on 64 bits. Microbenchmarking shows improvements ranging from -50% (for numbers uniformly distributed in [0, 2^64-1]) to -25% (for numbers heavily biased toward the smaller end, a more realistic distribution). On a larger scale, perf shows that top, one of the big consumers of /proc data, uses 0.5-1.0% fewer cpu cycles. I had to jump through some hoops to get the 32 bit code to compile and run on my 64 bit machine, so I'm not sure how relevant these numbers are, but just for comparison the microbenchmark showed improvements between -30% and -10%. The bloat-o-meter costs are around 150 bytes (the generated code is a little smaller, so it's not the full 200 bytes) on both 32 and 64 bit. I'm aware that extra cache misses won't show up in a microbenchmark as used above, but on the other hand decimal conversions often happen in bulk (for example in the case of top). I have of course tested that the new code generates the same output as the old, for both the first and last 1e10 numbers in [0,2^64-1] and 4e9 'random' numbers in-between. Test and verification code on github: https://github.com/Villemoes/dec. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Tested-by: Jeff Epler <jepler@unpythonic.net> Cc: "Peter Zijlstra (Intel)" <peterz@infradead.org> Cc: Tejun Heo <tj@kernel.org> Cc: Joe Perches <joe@perches.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Rasmus Villemoes
|
41416f2330 |
lib/string_helpers.c: change semantics of string_escape_mem
The current semantics of string_escape_mem are inadequate for one of its
current users, vsnprintf(). If that is to honour its contract, it must
know how much space would be needed for the entire escaped buffer, and
string_escape_mem provides no way of obtaining that (short of allocating a
large enough buffer (~4 times input string) to let it play with, and
that's definitely a big no-no inside vsnprintf).
So change the semantics for string_escape_mem to be more snprintf-like:
Return the size of the output that would be generated if the destination
buffer was big enough, but of course still only write to the part of dst
it is allowed to, and (contrary to snprintf) don't do '\0'-termination.
It is then up to the caller to detect whether output was truncated and to
append a '\0' if desired. Also, we must output partial escape sequences,
otherwise a call such as snprintf(buf, 3, "%1pE", "\123") would cause
printf to write a \0 to buf[2] but leaving buf[0] and buf[1] with whatever
they previously contained.
This also fixes a bug in the escaped_string() helper function, which used
to unconditionally pass a length of "end-buf" to string_escape_mem();
since the latter doesn't check osz for being insanely large, it would
happily write to dst. For example, kasprintf(GFP_KERNEL, "something and
then %pE", ...); is an easy way to trigger an oops.
In test-string_helpers.c, the -ENOMEM test is replaced with testing for
getting the expected return value even if the buffer is too small. We
also ensure that nothing is written (by relying on a NULL pointer deref)
if the output size is 0 by passing NULL - this has to work for
kasprintf("%pE") to work.
In net/sunrpc/cache.c, I think qword_add still has the same semantics.
Someone should definitely double-check this.
In fs/proc/array.c, I made the minimum possible change, but longer-term it
should stop poking around in seq_file internals.
[andriy.shevchenko@linux.intel.com: simplify qword_add]
[andriy.shevchenko@linux.intel.com: add missed curly braces]
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Acked-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Rasmus Villemoes
|
9c98f23596 |
lib/vsprintf.c: fix potential NULL deref in hex_string
The helper hex_string() is broken in two ways. First, it doesn't increment buf regardless of whether there is room to print, so callers such as kasprintf() that try to probe the correct storage to allocate will get a too small return value. But even worse, kasprintf() (and likely anyone else trying to find the size of the result) pass NULL for buf and 0 for size, so we also have end == NULL. But this means that the end-1 in hex_string() is (char*)-1, so buf < end-1 is true and we get a NULL pointer deref. I double-checked this with a trivial kernel module that just did a kasprintf(GFP_KERNEL, "%14ph", "CrashBoomBang"). Nobody seems to be using %ph with kasprintf, but we might as well fix it before it hits someone. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Acked-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Geert Uytterhoeven
|
900cca2944 |
lib/vsprintf: add %pC{,n,r} format specifiers for clocks
Add format specifiers for printing struct clk:
- '%pC' or '%pCn': name (Common Clock Framework) or address (legacy
clock framework) of the clock,
- '%pCr': rate of the clock.
[akpm@linux-foundation.org: omit code if !CONFIG_HAVE_CLK]
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Mike Turquette <mturquette@linaro.org>
Cc: Stephen Boyd <sboyd@codeaurora.org>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Rasmus Villemoes
|
d1c1b12137 |
lib/vsprintf.c: another small hack
Making ZEROPAD == '0'-' ', we can eliminate a few more instructions. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Rasmus Villemoes
|
3ea8d440a8 |
lib/vsprintf.c: eliminate duplicate hex string array
gcc doesn't merge or overlap const char[] objects with identical contents (probably language lawyers would also insist that these things have different addresses), but there's no reason to have the string "0123456789ABCDEF" occur in multiple places. hex_asc_upper is declared in kernel.h and defined in lib/hexdump.c, which is unconditionally compiled in. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Rasmus Villemoes
|
e26c12c777 |
lib/vsprintf.c: reduce stack use in number()
At least since the initial git commit, when base was passed as a separate parameter, number() has only been called with bases 8, 10 and 16. I'm guessing that 66 was to accommodate 64 0/1, a sign and a '\0', but the buffer is only used for the actual digits. Octal digits carry 3 bits of information, so 24 is enough. Spell that 3*sizeof(num) so one less place needs to be changed should long long ever be 128 bits. Also remove the commented-out code that would handle an arbitrary base. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Tejun Heo <tj@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Rasmus Villemoes
|
51be17dfff |
lib/vsprintf.c: eliminate some branches
Since FORMAT_TYPE_INT is simply 1 more than FORMAT_TYPE_UINT, and
similarly for BYTE/UBYTE, SHORT/USHORT, LONG/ULONG, we can eliminate a few
instructions by making SIGN have the value 1 instead of 2, and then use
arithmetic instead of branches for computing the right spec->type. It's a
little hacky, but certainly in the same spirit as SMALL needing to have
the value 0x20. For example for the spec->qualifier == 'l' case, gcc now
generates
75e: 0f b6 53 01 movzbl 0x1(%rbx),%edx
762: 83 e2 01 and $0x1,%edx
765: 83 c2 09 add $0x9,%edx
768: 88 13 mov %dl,(%rbx)
instead of
763: 0f b6 53 01 movzbl 0x1(%rbx),%edx
767: 83 e2 02 and $0x2,%edx
76a: 80 fa 01 cmp $0x1,%dl
76d: 19 d2 sbb %edx,%edx
76f: 83 c2 0a add $0xa,%edx
772: 88 13 mov %dl,(%rbx)
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Tejun Heo <tj@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Tejun Heo
|
dbc760bcc1 |
lib/vsprintf: implement bitmap printing through '%*pb[l]'
bitmap and its derivatives such as cpumask and nodemask currently only provide formatting functions which put the output string into the provided buffer; however, how long this buffer should be isn't defined anywhere and given that some of these bitmaps can be too large to be formatted into an on-stack buffer it users sometimes are unnecessarily forced to come up with creative solutions and compromises for the buffer just to printk these bitmaps. There have been a couple different attempts at making this easier. 1. Way back, PeterZ tried printk '%pb' extension with the precision for bit width - '%.*pb'. This was intuitive and made sense but unfortunately triggered a compile warning about using precision for a pointer. http://lkml.kernel.org/g/1336577562.2527.58.camel@twins 2. I implemented bitmap_pr_cont[_list]() and its wrappers for cpumask and nodemask. This works but PeterZ pointed out that pr_cont's tendency to produce broken lines when multiple CPUs are printing is bothering considering the usages. http://lkml.kernel.org/g/1418226774-30215-3-git-send-email-tj@kernel.org So, this patch is another attempt at teaching printk and friends how to print bitmaps. It's almost identical to what PeterZ tried with precision but it uses the field width for the number of bits instead of precision. The format used is '%*pb[l]', with the optional trailing 'l' specifying list format instead of hex masks. This is a valid format string and doesn't trigger compiler warnings; however, it does make it impossible to specify output field width when printing bitmaps. I think this is an acceptable trade-off given how much easier it makes printing bitmaps and that we don't have any in-kernel user which is using the field width specification. If any future user wants to use field width with a bitmap, it'd have to format the bitmap into a string buffer and then print that buffer with width spec, which isn't different from how it should be done now. This patch implements bitmap[_list]_string() which are called from the vsprintf pointer() formatting function. The implementation is mostly identical to bitmap_scn[list]printf() except that the output is performed in the vsprintf way. These functions handle formatting into too small buffers and sprintf() family of functions report the correct overrun output length. bitmap_scn[list]printf() are now thin wrappers around scnprintf(). Signed-off-by: Tejun Heo <tj@kernel.org> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com> Cc: "John W. Linville" <linville@tuxdriver.com> Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Chris Metcalf <cmetcalf@tilera.com> Cc: Chris Zankel <chris@zankel.net> Cc: Christoph Lameter <cl@linux.com> Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com> Cc: Fenghua Yu <fenghua.yu@intel.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Li Zefan <lizefan@huawei.com> Cc: Max Filippov <jcmvbkbc@gmail.com> Cc: Mike Travis <travis@sgi.com> Cc: Pekka Enberg <penberg@kernel.org> Cc: Russell King <linux@arm.linux.org.uk> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Steffen Klassert <steffen.klassert@secunet.com> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Tony Luck <tony.luck@intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Rasmus Villemoes
|
43e5b666cf |
lib/vsprintf.c: replace while with do-while in skip_atoi
All callers of skip_atoi have already checked for the first character being a digit. In this case, gcc generates simpler code for a do while-loop. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Jiri Kosina <jkosina@suse.cz> Cc: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Rasmus Villemoes
|
2aa2f9e21e |
lib/vsprintf.c: improve sanity check in vsnprintf()
On 64 bit, size may very well be huge even if bit 31 happens to be 0. Somehow it doesn't feel right that one can pass a 5 GiB buffer but not a 3 GiB one. So cap at INT_MAX as was probably the intention all along. This is also the made-up value passed by sprintf and vsprintf. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Jiri Kosina <jkosina@suse.cz> Cc: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Rasmus Villemoes
|
ffbfed03b4 |
lib/vsprintf.c: consume 'p' in format_decode
It seems a little simpler to consume the p from a %p specifier in format_decode, just as it is done for the surrounding %c, %s and %% cases. While there, delete a redundant and misplaced comment. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Jiri Kosina <jkosina@suse.cz> Cc: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Andy Shevchenko
|
71dca95d5c |
lib/vsprintf: add %*pE[achnops] format specifier
This allows user to print a given buffer as an escaped string. The
rules are applied according to an optional mix of flags provided by
additional format letters.
For example, if the given buffer is:
1b 62 20 5c 43 07 22 90 0d 5d
The result strings would be:
%*pE "\eb \C\a"\220\r]"
%*pEhp "\x1bb \C\x07"\x90\x0d]"
%*pEa "\e\142\040\\\103\a\042\220\r\135"
Please, read Documentation/printk-formats.txt and lib/string_helpers.c
kernel documentation to get further information.
[akpm@linux-foundation.org: tidy up comment layout, per Joe]
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Suggested-by: Joe Perches <joe@perches.com>
Cc: "John W . Linville" <linville@tuxdriver.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Masanari Iida
|
da3dae54e4 |
Documentation: Docbook: Fix generated DocBook/kernel-api.xml
This patch fix spelling typo found in DocBook/kernel-api.xml. It is because the file is generated from the source comments, I have to fix the comments in source codes. Signed-off-by: Masanari Iida <standby24x7@gmail.com> Acked-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Jiri Kosina <jkosina@suse.cz> |
||
|
Fabian Frederick
|
3f623eba2a |
lib/vsprintf.c: fix comparison to bool
Fixing 2 coccinelle warnings: lib/vsprintf.c:2350:2-9: WARNING: Assignment of bool to 0/1 lib/vsprintf.c:2389:3-10: WARNING: Assignment of bool to 0/1 Signed-off-by: Fabian Frederick <fabf@skynet.be> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Ryan Mallon
|
708d96fd06 |
vsprintf: remove %n handling
All in-kernel users of %n in format strings have now been removed and the %n directive is ignored. Remove the handling of %n so that it is treated the same as any other invalid format string directive. Keep a warning in place to deter new instances of %n in format strings. Signed-off-by: Ryan Mallon <rmallon@gmail.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Bjorn Helgaas
|
d19cb803a2 |
vsprintf: Add support for IORESOURCE_UNSET in %pR
Sometimes we have a struct resource where we know the type (MEM/IO/etc.) and the size, but we haven't assigned address space for it. The IORESOURCE_UNSET flag is a way to indicate this situation. For these "unset" resources, the start address is meaningless, so print only the size, e.g., - pci 0000:0c:00.0: reg 184: [mem 0x00000000-0x00001fff 64bit] + pci 0000:0c:00.0: reg 184: [mem size 0x2000 64bit] For %pr (printing with raw flags), we still print the address range, because %pr is mostly used for debugging anyway. Thanks to Fengguang Wu <fengguang.wu@intel.com> for suggesting resource_size(). Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> |
||
|
Joe Perches
|
aaf07621b8 |
vsprintf: add %pad extension for dma_addr_t use
dma_addr_t's can be either u32 or u64 depending on a CONFIG option. There are a few hundred dma_addr_t's printed via either cast to unsigned long long, unsigned long or no cast at all. Add %pad to be able to emit them without the cast. Update Documentation/printk-formats.txt too. Signed-off-by: Joe Perches <joe@perches.com> Cc: "Shevchenko, Andriy" <andriy.shevchenko@intel.com> Cc: Rob Landley <rob@landley.net> Cc: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com> Cc: Julia Lawall <julia.lawall@lip6.fr> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Kees Cook
|
9196436ab2 |
vsprintf: ignore %n again
This ignores %n in printf again, as was originally documented. Implementing %n poses a greater security risk than utility, so it should stay ignored. To help anyone attempting to use %n, a warning will be emitted if it is encountered. Based on an earlier patch by Joe Perches. Because %n was designed to write to pointers on the stack, it has been frequently used as an attack vector when bugs are found that leak user-controlled strings into functions that ultimately process format strings. While this class of bug can still be turned into an information leak, removing %n eliminates the common method of elevating such a bug into an arbitrary kernel memory writing primitive, significantly reducing the danger of this class of bug. For seq_file users that need to know the length of a written string for padding, please see seq_setwidth() and seq_pad() instead. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Joe Perches <joe@perches.com> Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Cc: David Miller <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |