udc
558 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Lucas Wei
|
28ab10340e |
Merge android-4.9-q (4.9.258) into android-msm-pixel-4.9-lts
Merge 4.9.258 into android-4.9-q
Linux 4.9.258
kvm: check tlbs_dirty directly
scsi: qla2xxx: Fix crash during driver load on big endian machines
xen-blkback: fix error handling in xen_blkbk_map()
xen-scsiback: don't "handle" error by BUG()
xen-netback: don't "handle" error by BUG()
xen-blkback: don't "handle" error by BUG()
xen/arm: don't ignore return errors from set_phys_to_machine
Xen/gntdev: correct error checking in gntdev_map_grant_pages()
Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()
Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()
Xen/x86: don't bail early from clear_foreign_p2m_mapping()
* tracing: Avoid calling cc-option -mrecord-mcount for every Makefile
Makefile
scripts/Makefile.build
* tracing: Fix SKIP_STACK_VALIDATION=1 build due to bad merge with -mrecord-mcount
scripts/Makefile.build
* trace: Use -mcount-record for dynamic ftrace
scripts/Makefile.build
x86/build: Disable CET instrumentation in the kernel for 32-bit too
vsock: fix locking in vsock_shutdown()
vsock/virtio: update credit only if socket is not closed
* net: watchdog: hold device global xmit lock during tx disable
include/linux/netdevice.h
net/vmw_vsock: improve locking in vsock_connect_timeout()
usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one
usb: dwc3: ulpi: fix checkpatch warning
h8300: fix PREEMPTION build, TI_PRE_COUNT undefined
* netfilter: conntrack: skip identical origin tuple in same zone only
net/netfilter/nf_conntrack_core.c
xen/netback: avoid race in xenvif_rx_ring_slots_available()
netfilter: xt_recent: Fix attempt to update deleted entry
* bpf: Check for integer overflow when using roundup_pow_of_two()
kernel/bpf/stackmap.c
* memblock: do not start bottom-up allocations with kernel_end
mm/memblock.c
ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL
* ovl: skip getxattr of security labels
fs/overlayfs/copy_up.c
* tracing: Check length before giving out the filter buffer
kernel/trace/trace.c
* tracing: Do not count ftrace events in top level enable output
kernel/trace/trace_events.c
squashfs: add more sanity checks in xattr id lookup
squashfs: add more sanity checks in inode lookup
squashfs: add more sanity checks in id lookup
* futex: Cure exit race
kernel/futex.c
* futex: Change locking rules
kernel/futex.c
* futex: Ensure the correct return value from futex_lock_pi()
kernel/futex.c
* memcg: fix a crash in wb_workfn when a device disappears
fs/fs-writeback.c
include/linux/backing-dev.h
include/trace/events/writeback.h
mm/backing-dev.c
* include/trace/events/writeback.h: fix -Wstringop-truncation warnings
include/trace/events/writeback.h
* lib/string: Add strscpy_pad() function
include/linux/string.h
lib/string.c
SUNRPC: Handle 0 length opaque XDR object data properly
* SUNRPC: Move simple_get_bytes and simple_get_netobj into private header
include/linux/sunrpc/xdr.h
iwlwifi: mvm: guard against device removal in reprobe
iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap
iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time()
* af_key: relax availability checks for skb size calculation
net/key/af_key.c
remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load
* fgraph: Initialize tracing_graph_pause at task creation
include/linux/ftrace.h
* mm: memcontrol: fix NULL pointer crash in test_clear_page_writeback()
include/linux/memcontrol.h
mm/page-writeback.c
Merge 4.9.257 into android-4.9-q
Linux 4.9.257
ALSA: hda/realtek - Fix typo of pincfg for Dell quirk
iommu/vt-d: Do not use flush-queue when caching-mode is on
ACPI: thermal: Do not call acpi_thermal_check() directly
* Input: xpad - sync supported devices with fork on GitHub
drivers/input/joystick/xpad.c
x86/apic: Add extra serialization for non-serializing MSRs
* x86/build: Disable CET instrumentation in the kernel
Makefile
mm: thp: fix MADV_REMOVE deadlock on shmem THP
mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active
mm: hugetlb: fix a race between isolating and freeing page
* mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page
include/linux/hugetlb.h
ARM: footbridge: fix dc21285 PCI configuration accessors
* mmc: core: Limit retries when analyse of SDIO tuples fails
drivers/mmc/core/sdio_cis.c
cifs: report error instead of invalid when revalidating a dentry fails
* xhci: fix bounce buffer usage for non-sg list case
drivers/usb/host/xhci-ring.c
kretprobe: Avoid re-registration of the same kretprobe earlier
mac80211: fix station rate table updates on assoc
usb: dwc2: Fix endpoint direction check in ep_from_windex
USB: usblp: don't call usb_set_interface if there's a single alt
USB: gadget: legacy: fix an error code in eth_bind()
* elfcore: fix building with clang
include/linux/elfcore.h
kernel/Makefile
net: lapb: Copy the skb before sending a packet
Input: i8042 - unbreak Pegatron C15B
USB: serial: option: Adding support for Cinterion MV31
USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000
USB: serial: cp210x: add pid/vid for WSDA-200-USB
* stable: clamp SUBLEVEL in 4.4 and 4.9
Makefile
objtool: Don't fail on missing symbol table
scsi: ibmvfc: Set default timeout to avoid crash during migration
mac80211: fix fast-rx encryption check
scsi: libfc: Avoid invoking response handler twice if ep is already completed
* futex: Handle faults correctly for PI futexes
kernel/futex.c
* futex: Simplify fixup_pi_state_owner()
kernel/futex.c
* futex: Use pi_state_update_owner() in put_pi_state()
kernel/futex.c
* rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
kernel/futex.c
kernel/locking/rtmutex.c
kernel/locking/rtmutex_common.h
* futex: Provide and use pi_state_update_owner()
kernel/futex.c
* futex: Replace pointless printk in fixup_owner()
kernel/futex.c
* futex: Avoid violating the 10th rule of futex
kernel/futex.c
kernel/locking/rtmutex.c
kernel/locking/rtmutex_common.h
* futex: Rework inconsistent rt_mutex/futex_q state
kernel/futex.c
* futex: Remove rt_mutex_deadlock_account_*()
kernel/locking/rtmutex.c
kernel/locking/rtmutex.h
* futex,rt_mutex: Provide futex specific rt_mutex API
kernel/futex.c
kernel/locking/rtmutex.c
kernel/locking/rtmutex_common.h
* net_sched: reject silly cell_log in qdisc_get_rtab()
net/sched/sch_api.c
ibmvnic: Ensure that CRQ entry read are correctly ordered
net: dsa: bcm_sf2: put device node before return
Merge 4.9.256 into android-4.9-q
Linux 4.9.256
Merge 4.9.255 into android-4.9-q
Linux 4.9.255
NFC: fix possible resource leak
NFC: fix resource leak when target index is invalid
iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built
iommu/vt-d: Gracefully handle DMAR units with no supported address widths
can: dev: prevent potential information leak in can_fill_info()
mac80211: pause TX while changing interface type
iwlwifi: pcie: reschedule in long-running memory reads
iwlwifi: pcie: use jiffies for memory read spin time limit
RDMA/cxgb4: Fix the reported max_recv_sge value
* xfrm: Fix oops in xfrm_replay_advance_bmp
net/xfrm/xfrm_input.c
netfilter: nft_dynset: add timeout extension to template
ARM: imx: build suspend-imx6.S with arm instruction set
mt7601u: fix rx buffer refcounting
mt7601u: fix kernel crash unplugging the device
* leds: trigger: fix potential deadlock with libata
drivers/leds/led-triggers.c
KVM: x86: get smi pending status correctly
KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[]
* futex: Prevent exit livelock
kernel/futex.c
* futex: Provide distinct return value when owner is exiting
kernel/futex.c
* futex: Add mutex around futex exit
include/linux/futex.h
include/linux/sched.h
kernel/futex.c
* futex: Provide state handling for exec() as well
kernel/futex.c
* futex: Sanitize exit state handling
kernel/futex.c
* futex: Mark the begin of futex exit explicitly
include/linux/futex.h
kernel/exit.c
kernel/futex.c
* futex: Set task::futex_state to DEAD right after handling futex exit
kernel/exit.c
kernel/futex.c
* futex: Split futex_mm_release() for exit/exec
include/linux/futex.h
kernel/fork.c
kernel/futex.c
* exit/exec: Seperate mm_release()
fs/exec.c
include/linux/sched.h
kernel/exit.c
kernel/fork.c
* futex: Replace PF_EXITPIDONE with a state
include/linux/futex.h
include/linux/sched.h
kernel/exit.c
kernel/futex.c
* futex: Move futex exit handling into futex code
include/linux/compat.h
include/linux/futex.h
kernel/fork.c
kernel/futex.c
* y2038: futex: Move compat implementation into futex.c
include/linux/futex.h
kernel/Makefile
kernel/futex.c
net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
* wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
net/wireless/wext-core.c
ACPI: sysfs: Prefer "compatible" modalias
Bug: 181732917
Change-Id: Ice169f5980390199db8f86d42e944cdf5f37c562
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
2a2b02a000 |
Merge 4.9.255 into android-4.9-q
Changes in 4.9.255 ACPI: sysfs: Prefer "compatible" modalias wext: fix NULL-ptr-dereference with cfg80211's lack of commit() net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family y2038: futex: Move compat implementation into futex.c futex: Move futex exit handling into futex code futex: Replace PF_EXITPIDONE with a state exit/exec: Seperate mm_release() futex: Split futex_mm_release() for exit/exec futex: Set task::futex_state to DEAD right after handling futex exit futex: Mark the begin of futex exit explicitly futex: Sanitize exit state handling futex: Provide state handling for exec() as well futex: Add mutex around futex exit futex: Provide distinct return value when owner is exiting futex: Prevent exit livelock KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] KVM: x86: get smi pending status correctly leds: trigger: fix potential deadlock with libata mt7601u: fix kernel crash unplugging the device mt7601u: fix rx buffer refcounting ARM: imx: build suspend-imx6.S with arm instruction set netfilter: nft_dynset: add timeout extension to template xfrm: Fix oops in xfrm_replay_advance_bmp RDMA/cxgb4: Fix the reported max_recv_sge value iwlwifi: pcie: use jiffies for memory read spin time limit iwlwifi: pcie: reschedule in long-running memory reads mac80211: pause TX while changing interface type can: dev: prevent potential information leak in can_fill_info() iommu/vt-d: Gracefully handle DMAR units with no supported address widths iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built NFC: fix resource leak when target index is invalid NFC: fix possible resource leak Linux 4.9.255 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I1ead684216d7f27b8209f4d680f40b3619d16e3a |
||
|
Thomas Gleixner
|
32d782808b |
futex: Mark the begin of futex exit explicitly
commit 18f694385c4fd77a09851fd301236746ca83f3cb upstream. Instead of relying on PF_EXITING use an explicit state for the futex exit and set it in the futex exit function. This moves the smp barrier and the lock/unlock serialization into the futex code. As with the DEAD state this is restricted to the exit path as exec continues to use the same task struct. This allows to simplify that logic in a next step. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Ingo Molnar <mingo@kernel.org> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/20191106224556.539409004@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Thomas Gleixner
|
c2fd4e1198 |
futex: Set task::futex_state to DEAD right after handling futex exit
commit f24f22435dcc11389acc87e5586239c1819d217c upstream. Setting task::futex_state in do_exit() is rather arbitrarily placed for no reason. Move it into the futex code. Note, this is only done for the exit cleanup as the exec cleanup cannot set the state to FUTEX_STATE_DEAD because the task struct is still in active use. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Ingo Molnar <mingo@kernel.org> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/20191106224556.439511191@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Thomas Gleixner
|
394ff1207f |
exit/exec: Seperate mm_release()
commit 4610ba7ad877fafc0a25a30c6c82015304120426 upstream. mm_release() contains the futex exit handling. mm_release() is called from do_exit()->exit_mm() and from exec()->exec_mm(). In the exit_mm() case PF_EXITING and the futex state is updated. In the exec_mm() case these states are not touched. As the futex exit code needs further protections against exit races, this needs to be split into two functions. Preparatory only, no functional change. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Ingo Molnar <mingo@kernel.org> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/20191106224556.240518241@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Thomas Gleixner
|
2c11689578 |
futex: Replace PF_EXITPIDONE with a state
commit 3d4775df0a89240f671861c6ab6e8d59af8e9e41 upstream. The futex exit handling relies on PF_ flags. That's suboptimal as it requires a smp_mb() and an ugly lock/unlock of the exiting tasks pi_lock in the middle of do_exit() to enforce the observability of PF_EXITING in the futex code. Add a futex_state member to task_struct and convert the PF_EXITPIDONE logic over to the new state. The PF_EXITING dependency will be cleaned up in a later step. This prepares for handling various futex exit issues later. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Ingo Molnar <mingo@kernel.org> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/20191106224556.149449274@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
lucaswei
|
f09d91fe02 |
Merge android-4.9-q (4.9.248) into android-msm-pixel-4.9-lts
Merge 4.9.248 into android-4.9-q
Linux 4.9.248
x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes
Input: i8042 - fix error return code in i8042_setup_aux()
i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc()
gfs2: check for empty rgrp tree in gfs2_ri_update
* tracing: Fix userstacktrace option for instances
kernel/trace/trace.c
kernel/trace/trace.h
spi: bcm2835: Release the DMA channel if probe fails after dma_init
spi: bcm2835: Fix use-after-free on unbind
spi: bcm-qspi: Fix use-after-free on unbind
* spi: Introduce device-managed SPI controller allocation
drivers/spi/spi.c
include/linux/spi/spi.h
iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs
i2c: imx: Check for I2SR_IAL after every byte
i2c: imx: Fix reset of I2SR_IAL flag
cifs: fix potential use-after-free in cifs_echo_request()
ftrace: Fix updating FTRACE_FL_TRAMP
* tty: Fix ->session locking
drivers/tty/tty_io.c
include/linux/tty.h
ALSA: hda/generic: Add option to enforce preferred_dacs pairs
ALSA: hda/realtek - Add new codec supported for ALC897
* tty: Fix ->pgrp locking in tiocspgrp()
drivers/tty/tty_io.c
USB: serial: option: add support for Thales Cinterion EXS82
USB: serial: option: add Fibocom NL668 variants
USB: serial: ch341: sort device-id entries
USB: serial: ch341: add new Product ID for CH341A
USB: serial: kl5kusb105: fix memleak on open
* usb: gadget: f_fs: Use local copy of descriptors for userspace copy
drivers/usb/gadget/function/f_fs.c
* vlan: consolidate VLAN parsing code and limit max parsing depth
include/linux/if_vlan.h
include/net/inet_ecn.h
pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH)
pinctrl: baytrail: Replace WARN with dev_info_once when setting direct-irq pin to output
btrfs: sysfs: init devices outside of the chunk_mutex
RDMA/i40iw: Address an mmap handler exploit in i40iw
* spi: Fix controller unregister order harder
drivers/spi/spi.c
Input: i8042 - add ByteSpeed touchpad to noloop table
* Input: xpad - support Ardwiino Controllers
drivers/input/joystick/xpad.c
dt-bindings: net: correct interrupt flags in examples
net/mlx5: Fix wrong address reclaim when command interface is down
net: pasemi: fix error return code in pasemi_mac_open()
cxgb3: fix error return code in t3_sge_alloc_qset()
net/x25: prevent a couple of overflows
ibmvnic: Fix TX completion error handling
ibmvnic: Ensure that SCRQ entry reads are correctly ordered
netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal
* bonding: wait for sysfs kobject destruction before freeing struct slave
drivers/net/bonding/bond_main.c
drivers/net/bonding/bond_sysfs_slave.c
include/net/bonding.h
usbnet: ipheth: fix connectivity with iOS 14
rose: Fix Null pointer dereference in rose_send_frame()
net/af_iucv: set correct sk_protocol for child sockets
ANDROID: cuttlefish_defconfig: Disable CONFIG_KSM
Merge 4.9.247 into android-4.9-q
Linux 4.9.247
* USB: core: Fix regression in Hercules audio card
drivers/usb/core/quirks.c
* USB: core: add endpoint-blacklist quirk
drivers/usb/core/config.c
drivers/usb/core/quirks.c
drivers/usb/core/usb.h
include/linux/usb/quirks.h
* regulator: workaround self-referent regulators
drivers/regulator/core.c
* regulator: avoid resolve_supply() infinite recursion
drivers/regulator/core.c
x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb
usb: gadget: Fix memleak in gadgetfs_fill_super
* usb: gadget: f_midi: Fix memleak in f_midi_alloc
drivers/usb/gadget/function/f_midi.c
* USB: core: Change %pK for __user pointers to %px
drivers/usb/core/devio.c
perf probe: Fix to die_entrypc() returns error correctly
platform/x86: toshiba_acpi: Fix the wrong variable assignment
can: gs_usb: fix endianess problem with candleLight firmware
efivarfs: revert "fix memory leak in efivarfs_create()"
ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq
net: ena: set initial DMA width to avoid intel iommu issue
nfc: s3fwrn5: use signed integer for parsing GPIO numbers
IB/mthca: fix return value of error branch in mthca_init_cq()
bnxt_en: Release PCI regions when DMA mask setup fails during probe.
video: hyperv_fb: Fix the cache type when mapping the VRAM
bnxt_en: fix error return code in bnxt_init_board()
* scsi: ufs: Fix race between shutdown and runtime resume flow
drivers/scsi/ufs/ufshcd.c
batman-adv: set .owner to THIS_MODULE
phy: tegra: xusb: Fix dangling pointer on probe failure
perf/x86: fix sysfs type mismatches
scsi: target: iscsi: Fix cmd abort fabric stop race
scsi: libiscsi: Fix NOP race condition
dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size
* proc: don't allow async path resolution of /proc/self components
fs/proc/self.c
x86/xen: don't unbind uninitialized lock_kicker_irq
dmaengine: xilinx_dma: use readl_poll_timeout_atomic variant
HID: hid-sensor-hub: Fix issue with devices with no report ID
Input: i8042 - allow insmod to succeed on devices without an i8042 controller
* HID: cypress: Support Varmilo Keyboards' media hotkeys
drivers/hid/hid-ids.h
ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close
ALSA: hda/hdmi: Use single mutex unlock in error paths
* arm64: pgtable: Fix pte_accessible()
arch/arm64/include/asm/pgtable.h
btrfs: inode: Verify inode mode to avoid NULL pointer dereference
btrfs: tree-checker: Enhance chunk checker to validate chunk profile
* PCI: Add device even if driver attach failed
drivers/pci/bus.c
btrfs: fix lockdep splat when reading qgroup config on mount
mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault()
perf event: Check ref_reloc_sym before using it
* BACKPORT: arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
arch/arm64/include/asm/efi.h
arch/arm64/include/asm/mmu_context.h
Merge 4.9.246 into android-4.9-q
Linux 4.9.246
x86/microcode/intel: Check patch signature before saving microcode for early loading
s390/cpum_sf.c: fix file permission for cpum_sfb_size
mac80211: free sta in sta_info_insert_finish() on errors
mac80211: minstrel: fix tx status processing corner case
mac80211: minstrel: remove deferred sampling code
xtensa: disable preemption around cache alias management calls
* regulator: fix memory leak with repeated set_machine_constraints()
drivers/regulator/core.c
iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum
* ext4: fix bogus warning in ext4_update_dx_flag()
fs/ext4/ext4.h
efivarfs: fix memory leak in efivarfs_create()
tty: serial: imx: keep console clocks always on
ALSA: mixart: Fix mutex deadlock
* ALSA: ctl: fix error path at adding user-defined element set
sound/core/control.c
powerpc/uaccess-flush: fix missing includes in kup-radix.h
* libfs: fix error cast of negative value in simple_attr_write()
fs/libfs.c
xfs: revert "xfs: fix rmap key and record comparison functions"
regulator: ti-abb: Fix array out of bound read access on the first transition
MIPS: Alchemy: Fix memleak in alchemy_clk_setup_cpu
can: m_can: m_can_handle_state_change(): fix state change
can: peak_usb: fix potential integer overflow on shift of a int
can: dev: can_restart(): post buffer from the right context
perf lock: Don't free "lock_seq_stat" if read_count isn't zero
ARM: dts: imx50-evk: Fix the chip select 1 IOMUX
arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy
MIPS: export has_transparent_hugepage() for modules
Input: adxl34x - clean up a data type in adxl34x_probe()
* vfs: remove lockdep bogosity in __sb_start_write
fs/super.c
* arm64: psci: Avoid printing in cpu_psci_cpu_die()
arch/arm64/kernel/psci.c
pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq
mlxsw: core: Use variable timeout for EMAD retries
net: ftgmac100: Fix crash when removing driver
tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate
net: usb: qmi_wwan: Set DTR quirk for MR400
sctp: change to hold/put transport for proto_unreach_timer
qlcnic: fix error return code in qlcnic_83xx_restart_hw()
net: x25: Increase refcnt of "struct x25_neigh" in x25_rx_call_request
net/mlx4_core: Fix init_hca fields offset
* netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist()
net/netlabel/netlabel_unlabeled.c
* netlabel: fix our progress tracking in netlbl_unlabel_staticlist()
net/netlabel/netlabel_unlabeled.c
net: Have netpoll bring-up DSA management interface
* net: bridge: add missing counters to ndo_get_stats64 callback
net/bridge/br_device.c
net: b44: fix error return code in b44_init_one()
* inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill()
net/ipv4/inet_diag.c
devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill()
bnxt_en: read EEPROM A2h address using page 0
atm: nicstar: Unmap DMA on send error
* ah6: fix error return code in ah6_input()
net/ipv6/ah6.c
Merge 4.9.245 into android-4.9-q
Linux 4.9.245
ACPI: GED: fix -Wformat
KVM: x86: clflushopt should be treated as a no-op by emulation
mac80211: always wind down STA state
Input: sunkbd - avoid use-after-free in teardown paths
powerpc/8xx: Always fault when _PAGE_ACCESSED is not set
i2c: mux: pca954x: Add missing pca9546 definition to chip_desc
i2c: imx: Fix external abort on interrupt in exit paths
i2c: imx: use clk notifier for rate changes
powerpc/64s: flush L1D after user accesses
powerpc/uaccess: Evaluate macro arguments once, before user access is allowed
powerpc: Fix __clear_user() with KUAP enabled
powerpc: Implement user_access_begin and friends
powerpc: Add a framework for user access tracking
powerpc/64s: flush L1D on kernel entry
powerpc/64s: move some exception handlers out of line
powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL
Linux 4.9.244
Convert trailing spaces and periods in path components
* ext4: fix leaking sysfs kobject after failed mount
fs/ext4/super.c
* reboot: fix overflow parsing reboot cpu number
kernel/reboot.c
* Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
kernel/reboot.c
* perf/core: Fix race in the perf_mmap_close() function
kernel/events/core.c
xen/events: block rogue events for some time
xen/events: defer eoi in case of excessive number of events
xen/events: use a common cpu hotplug hook for event channels
xen/events: switch user event channels to lateeoi model
xen/pciback: use lateeoi irq binding
xen/scsiback: use lateeoi irq binding
xen/netback: use lateeoi irq binding
xen/blkback: use lateeoi irq binding
xen/events: add a new "late EOI" evtchn framework
xen/events: fix race in evtchn_fifo_unmask()
xen/events: add a proper barrier to 2-level uevent unmasking
xen/events: avoid removing an event channel while handling it
* perf/core: Fix a memory leak in perf_event_parse_addr_filter()
kernel/events/core.c
* perf/core: Fix crash when using HW tracing kernel filters
kernel/events/core.c
* perf/core: Fix bad use of igrab()
include/linux/perf_event.h
kernel/events/core.c
x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP
* random32: make prandom_u32() output unpredictable
drivers/char/random.c
include/linux/prandom.h
kernel/time/timer.c
lib/random32.c
net: Update window_clamp if SOCK_RCVBUF is set
net/x25: Fix null-ptr-deref in x25_connect
net/af_iucv: fix null pointer dereference on shutdown
* IPv6: Set SIT tunnel hard_header_len to zero
net/ipv6/sit.c
* swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
lib/swiotlb.c
pinctrl: amd: fix incorrect way to disable debounce filter
pinctrl: amd: use higher precision for 512 RtcClk
drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
* don't dump the threads that had been already exiting when zapped.
kernel/exit.c
ocfs2: initialize ip_next_orphan
mei: protect mei_cl_mtu from null dereference
usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
* ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
fs/ext4/inline.c
* ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA
fs/ext4/super.c
* perf: Fix get_recursion_context()
kernel/events/internal.h
cosa: Add missing kfree in error path of cosa_write
* of/address: Fix of_node memory leak in of_dma_is_coherent
drivers/of/address.c
xfs: fix a missing unlock on error in xfs_fs_map_blocks
xfs: fix rmap key and record comparison functions
xfs: fix flags argument to rmap lookup when converting shared file rmaps
pinctrl: aspeed: Fix GPI only function problem.
iommu/amd: Increase interrupt remapping table limit to 512 entries
scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
* cfg80211: regulatory: Fix inconsistent format argument
net/wireless/reg.c
mac80211: fix use of skb payload instead of header
drm/amdgpu: perform srbm soft reset always on SDMA resume
scsi: hpsa: Fix memory leak in hpsa_init_one()
gfs2: check for live vs. read-only file system in gfs2_fitrim
gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
usb: gadget: goku_udc: fix potential crashes in probe
ath9k_htc: Use appropriate rs_datalen type
geneve: add transport ports in route lookup for geneve
i40e: Memory leak in i40e_config_iwarp_qvlist
i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
i40e: Wrong truncation from u16 to u8
i40e: add num_vectors checker in iwarp handler
i40e: Fix a potential NULL pointer dereference
* pinctrl: devicetree: Avoid taking direct reference to device name string
drivers/pinctrl/devicetree.c
Btrfs: fix missing error return if writeback for extent buffer never started
xfs: flush new eof page on truncate to avoid post-eof corruption
can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
can: peak_usb: add range checking in decode operations
can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames
can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
perf tools: Add missing swap for ino_generation
* net: xfrm: fix a race condition during allocing spi
net/xfrm/xfrm_state.c
* genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY
kernel/irq/Kconfig
btrfs: reschedule when cloning lots of extents
* time: Prevent undefined behaviour in timespec64_to_ns()
include/linux/time64.h
mm: mempolicy: fix potential pte_unmap_unlock pte error
gfs2: Wake up when sd_glock_disposal becomes zero
* ring-buffer: Fix recursion protection transitions between interrupt context
kernel/trace/ring_buffer.c
* regulator: defer probe when trying to get voltage from unresolved supply
drivers/regulator/core.c
UPSTREAM: thermal/drivers/hisi: Remove bogus const from function return type
* UPSTREAM: net/ipv6: don't reinitialize ndev->cnf.addr_gen_mode on new inet6_dev
net/ipv6/addrconf.c
UPSTREAM: tee: shm: fix use-after-free via temporarily dropped reference
UPSTREAM: Documentation: ip-sysctl.txt: document addr_gen_mode
UPSTREAM: net: crypto set sk to NULL when af_alg_release.
* UPSTREAM: ipv6: don't auto-add link-local address to lag ports
net/ipv6/addrconf.c
* UPSTREAM: ipv6: ndisc: RFC-ietf-6man-ra-pref64-09 is now published as RFC8781
include/net/ndisc.h
* UPSTREAM: binder: fix incorrect cmd to binder_stat_br
drivers/android/binder.c
* UPSTREAM: arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
arch/arm64/include/asm/mmu_context.h
UPSTREAM: staging: android: vsoc: fix copy_from_user overrun
Merge 4.9.243 into android-4.9-q
Linux 4.9.243
powercap: restrict energy meter to root access
Merge 4.9.242 into android-4.9-q
Linux 4.9.242
Revert "ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE"
ARC: stack unwinding: avoid indefinite looping
* USB: Add NO_LPM quirk for Kingston flash drive
drivers/usb/core/quirks.c
USB: serial: option: add Telit FN980 composition 0x1055
USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
USB: serial: cyberjack: fix write-URB completion race
serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init
serial: 8250_mtk: Fix uart_get_baud_rate warning
* fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
kernel/fork.c
* vt: Disable KD_FONT_OP_COPY
drivers/tty/vt/vt.c
ACPI: NFIT: Fix comparison to '-ENXIO'
vsock: use ns_capable_noaudit() on socket create
* scsi: core: Don't start concurrent async scan on same host
drivers/scsi/scsi_scan.c
* of: Fix reserved-memory overlap detection
drivers/of/of_reserved_mem.c
x86/kexec: Use up-to-dated screen_info copy to fill boot params
ARM: dts: sun4i-a10: fix cpu_alert temperature
* tracing: Fix out of bounds write in get_trace_buf
kernel/trace/trace.c
* ftrace: Handle tracing when switching between context
kernel/trace/trace.h
* ftrace: Fix recursion check for NMI test
kernel/trace/trace.h
* kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled
kernel/kthread.c
* ALSA: usb-audio: Add implicit feedback quirk for Qu-16
sound/usb/pcm.c
Fonts: Replace discarded const qualifier
gianfar: Account for Tx PTP timestamp in the skb headroom
gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
tipc: fix use-after-free in tipc_bcast_get_mode
xen/events: don't use chip_data for legacy IRQs
staging: octeon: Drop on uncorrectable alignment or FCS error
staging: octeon: repair "fixed-link" support
staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice
* KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR
arch/arm64/include/asm/kvm_host.h
* device property: Don't clear secondary pointer for shared primary firmware node
drivers/base/core.c
* device property: Keep secondary firmware node secondary by type
drivers/base/core.c
ARM: s3c24xx: fix missing system reset
ARM: samsung: fix PM debug build with DEBUG_LL but !MMU
hil/parisc: Disable HIL driver when it gets stuck
cachefiles: Handle readpage error correctly
* arm64: berlin: Select DW_APB_TIMER_OF
arch/arm64/Kconfig.platforms
* tty: make FONTX ioctl use the tty pointer they were actually passed
drivers/tty/vt/vt_ioctl.c
rtc: rx8010: don't modify the global rtc ops
vringh: fix __vringh_iov() when riov and wiov are different
* ring-buffer: Return 0 on success from ring_buffer_resize()
kernel/trace/ring_buffer.c
9P: Cast to loff_t before multiplying
libceph: clear con->out_msg on Policy::stateful_server faults
ceph: promote to unsigned long long before shifting
ia64: fix build error with !COREDUMP
ubi: check kthread_should_stop() after the setting of task state
ubifs: dent: Fix some potential memory leaks while iterating entries
powerpc/powernv/elog: Fix race while processing OPAL error log event.
powerpc: Warn about use of smt_snooze_delay
iio:gyro:itg3200: Fix timestamp alignment and prevent data leak.
iio:adc:ti-adc12138 Fix alignment issue with timestamp
iio:light:si1145: Fix timestamp alignment and prevent data leak.
dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status
* vt: keyboard, extend func_buf_lock to readers
drivers/tty/vt/keyboard.c
* vt: keyboard, simplify vt_kdgkbsent
drivers/tty/vt/keyboard.c
usb: host: fsl-mph-dr-of: check return of dma_set_mask()
* usb: dwc3: core: don't trigger runtime pm when remove driver
drivers/usb/dwc3/core.c
* usb: dwc3: core: add phy cleanup for probe error handling
drivers/usb/dwc3/core.c
btrfs: fix use-after-free on readahead extent after failure to create it
btrfs: cleanup cow block on error
btrfs: reschedule if necessary when logging directory items
scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
w1: mxc_w1: Fix timeout resolution problem leading to bus error
acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
ACPI: debug: don't allow debugging when ACPI is disabled
ACPI: video: use ACPI backlight for HP 635 Notebook
ACPI / extlog: Check for RDMSR failure
NFS: fix nfs_path in case of a rename retry
* fs: Don't invalidate page buffers in block_write_full_page()
fs/buffer.c
leds: bcm6328, bcm6358: use devres LED registering function
perf/x86/amd/ibs: Fix raw sample data accumulation
perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count()
md/raid5: fix oops during stripe resizing
ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node
ARM: dts: s5pv210: move PMU node out of clock controller
ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings
memory: emif: Remove bogus debugfs error handling
gfs2: add validation checks for size of superblock
* ext4: Detect already used quota file early
fs/ext4/super.c
drivers: watchdog: rdc321x_wdt: Fix race condition bugs
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
clk: ti: clockdomain: fix static checker warning
md/bitmap: md_bitmap_get_counter returns wrong blocks
power: supply: test_power: add missing newlines when printing parameters by sysfs
bus/fsl_mc: Do not rely on caller to provide non NULL mc_io
drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
* arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE
arch/arm64/include/asm/numa.h
USB: adutux: fix debugging
cpufreq: sti-cpufreq: add stih418 support
* kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
kernel/debug/debug_core.c
* printk: reduce LOG_BUF_SHIFT range for H8300
init/Kconfig
mmc: via-sdmmc: Fix data race bug
media: tw5864: check status of tw5864_frameinterval_get
ath10k: fix VHT NSS calculation when STBC is enabled
video: fbdev: pvr2fb: initialize variables
xfs: fix realtime bitmap/summary file truncation when growing rt volume
ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses
um: change sigio_spinlock to a mutex
* f2fs: fix to check segment boundary during SIT page readahead
fs/f2fs/checkpoint.c
* f2fs: add trace exit in exception path
fs/f2fs/checkpoint.c
sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
powerpc/powernv/smp: Fix spurious DBG() warning
mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
* fscrypt: use EEXIST when file already uses different policy
fs/crypto/policy.c
* fscrypto: move ioctl processing more fully into common code
fs/crypto/policy.c
fs/ext4/ext4.h
fs/ext4/ioctl.c
fs/f2fs/f2fs.h
fs/f2fs/file.c
* fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
fs/crypto/policy.c
fs/ext4/namei.c
fs/f2fs/namei.c
ata: sata_rcar: Fix DMA boundary mask
mtd: lpddr: Fix bad logic in print_drs_error
p54: avoid accessing the data mapped to streaming DMA
* fuse: fix page dereference after free
fs/fuse/dev.c
arch/x86/amd/ibs: Fix re-arming IBS Fetch
tipc: fix memory leak caused by tipc_buf_append()
ravb: Fix bit fields checking in ravb_hwtstamp_get()
efivarfs: Replace invalid slashes with exclamation marks in dentries.
powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler
* scripts/setlocalversion: make git describe output more reliable
scripts/setlocalversion
SUNRPC: ECONNREFUSED should cause a rebind.
* ANDROID: Temporarily disable XFRM_USER_COMPAT filtering
net/xfrm/xfrm_state.c
net/xfrm/xfrm_user.c
* BACKPORT: xfrm/compat: Translate 32-bit user_policy from sockptr
include/net/xfrm.h
net/xfrm/xfrm_state.c
* BACKPORT: xfrm/compat: Add 32=>64-bit messages translator
include/net/xfrm.h
net/xfrm/Kconfig
net/xfrm/xfrm_user.c
* UPSTREAM: xfrm/compat: Attach xfrm dumps to 64=>32 bit translator
net/xfrm/xfrm_user.c
* BACKPORT: xfrm/compat: Add 64=>32-bit messages translator
include/net/xfrm.h
net/xfrm/xfrm_user.c
* BACKPORT: xfrm: Provide API to register translator module
include/net/xfrm.h
net/xfrm/Kconfig
net/xfrm/Makefile
net/xfrm/xfrm_state.c
* UPSTREAM: mm/sl[uo]b: export __kmalloc_track(_node)_caller
mm/slub.c
ANDROID: Publish uncompressed Image on aarch64
* ANDROID: Makefile: append BUILD_NUMBER to version string when defined
Makefile
Change-Id: I345c9bde484cf008679253982f61b2a833527c3e
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
a3ba0ea9cb |
Merge 4.9.245 into android-4.9-q
Changes in 4.9.245 powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL powerpc/64s: move some exception handlers out of line powerpc/64s: flush L1D on kernel entry powerpc: Add a framework for user access tracking powerpc: Implement user_access_begin and friends powerpc: Fix __clear_user() with KUAP enabled powerpc/uaccess: Evaluate macro arguments once, before user access is allowed powerpc/64s: flush L1D after user accesses i2c: imx: use clk notifier for rate changes i2c: imx: Fix external abort on interrupt in exit paths i2c: mux: pca954x: Add missing pca9546 definition to chip_desc powerpc/8xx: Always fault when _PAGE_ACCESSED is not set Input: sunkbd - avoid use-after-free in teardown paths mac80211: always wind down STA state KVM: x86: clflushopt should be treated as a no-op by emulation ACPI: GED: fix -Wformat Linux 4.9.245 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I688b066e99eeb16270414e0c4cb4dc3bb244486c |
||
|
Al Viro
|
951cb4f231 |
don't dump the threads that had been already exiting when zapped.
commit 77f6ab8b7768cf5e6bdd0e72499270a0671506ee upstream. Coredump logics needs to report not only the registers of the dumping thread, but (since 2.5.43) those of other threads getting killed. Doing that might require extra state saved on the stack in asm glue at kernel entry; signal delivery logics does that (we need to be able to save sigcontext there, at the very least) and so does seccomp. That covers all callers of do_coredump(). Secondary threads get hit with SIGKILL and caught as soon as they reach exit_mm(), which normally happens in signal delivery, so those are also fine most of the time. Unfortunately, it is possible to end up with secondary zapped when it has already entered exit(2) (or, worse yet, is oopsing). In those cases we reach exit_mm() when mm->core_state is already set, but the stack contents is not what we would have in signal delivery. At least on two architectures (alpha and m68k) it leads to infoleaks - we end up with a chunk of kernel stack written into coredump, with the contents consisting of normal C stack frames of the call chain leading to exit_mm() instead of the expected copy of userland registers. In case of alpha we leak 312 bytes of stack. Other architectures (including the regset-using ones) might have similar problems - the normal user of regsets is ptrace and the state of tracee at the time of such calls is special in the same way signal delivery is. Note that had the zapper gotten to the exiting thread slightly later, it wouldn't have been included into coredump anyway - we skip the threads that have already cleared their ->mm. So let's pretend that zapper always loses the race. IOW, have exit_mm() only insert into the dumper list if we'd gotten there from handling a fatal signal[*] As the result, the callers of do_exit() that have *not* gone through get_signal() are not seen by coredump logics as secondary threads. Which excludes voluntary exit()/oopsen/traps/etc. The dumper thread itself is unaffected by that, so seccomp is fine. [*] originally I intended to add a new flag in tsk->flags, but ebiederman pointed out that PF_SIGNALED is already doing just what we need. Cc: stable@vger.kernel.org Fixes: d89f3847def4 ("[PATCH] thread-aware coredumps, 2.5.43-C3") History-tree: https://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
lucaswei
|
ec98b24735 |
Merge android-4.9-q (4.9.228) into android-msm-pixel-4.9-lts
Merge 4.9.228 into android-4.9-q
Linux 4.9.228
perf symbols: Fix debuginfo search for Ubuntu
perf probe: Do not show the skipped events
w1: omap-hdq: cleanup to add missing newline for some dev_dbg
mtd: rawnand: pasemi: Fix the probe error path
mtd: rawnand: brcmnand: fix hamming oob layout
* sunrpc: clean up properly in gss_mech_unregister()
include/linux/sunrpc/gss_api.h
sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations.
* kbuild: force to build vmlinux if CONFIG_MODVERSION=y
Makefile
drivers/macintosh: Fix memleak in windfarm_pm112 driver
ARM: tegra: Correct PL310 Auxiliary Control Register initialization
* kernel/cpu_pm: Fix uninitted local in cpu_pm
kernel/cpu_pm.c
sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
sparc32: fix register window handling in genregs32_[gs]et()
pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
power: vexpress: add suppress_bind_attrs to true
igb: Report speed and duplex as unknown when device is runtime suspended
b43_legacy: Fix connection problem with WPA3
b43: Fix connection problem with WPA3
b43legacy: Fix case where channel status is corrupted
media: go7007: fix a miss of snd_card_free
carl9170: remove P2P_GO support
e1000e: Relax condition to trigger reset for ME workaround
* PCI: Program MPS for RCiEP devices
drivers/pci/probe.c
* blk-mq: move blk_mq_update_nr_hw_queues synchronize_rcu call
block/blk-mq.c
btrfs: fix error handling when submitting direct I/O bio
* ext4: fix race between ext4_sync_parent() and rename()
fs/ext4/fsync.c
* ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
fs/ext4/ext4_extents.h
evm: Fix possible memory leak in evm_calc_hmac_or_hash()
ima: Directly assign the ima_default_policy pointer to ima_rules
ima: Fix ima digest hash table key calculation
mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
btrfs: send: emit file capabilities after chown
* cpuidle: Fix three reference count leaks
drivers/cpuidle/sysfs.c
spi: dw: Return any value retrieved from the dma_transfer callback
mmc: sdhci-esdhc-imx: fix the mask for tuning start point
ixgbe: fix signed-integer-overflow warning
staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core
MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
* PCI: Don't disable decoding when mmio_always_on is set
drivers/pci/probe.c
macvlan: Skip loopback packets in RX handler
m68k: mac: Don't call via_flush_cache() on Mac IIfx
x86/mm: Stop printing BRK addresses
mips: Add udelay lpj numbers adjustment
x86/boot: Correct relocation destination on old linkers
mwifiex: Fix memory corruption in dump_station
rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup()
md: don't flush workqueue unconditionally in md_open
* kgdb: Fix spurious true from in_dbg_master()
include/linux/kgdb.h
mips: cm: Fix an invalid error code of INTVN_*_ERR
MIPS: Truncate link address into 32bit for 32bit kernel
powerpc/spufs: fix copy_to_user while atomic
net: allwinner: Fix use correct return type for ndo_start_xmit()
net: lpc-enet: fix error return code in lpc_mii_init()
* exit: Move preemption fixup up, move blocking operations down
kernel/exit.c
* lib/mpi: Fix 64-bit MIPS build with Clang
lib/mpi/longlong.h
netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
MIPS: Make sparse_init() using top-down allocation
media: platform: fcp: Set appropriate DMA parameters
media: dvb: return -EREMOTEIO on i2c transfer failure.
dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
e1000: Distribute switch variables for initialization
* staging: android: ion: use vmap instead of vm_map_ram
drivers/staging/android/ion/ion_heap.c
net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss()
* x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit
include/uapi/linux/kvm.h
ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
clocksource: dw_apb_timer_of: Fix missing clockevent timers
spi: dw: Enable interrupts in accordance with DMA xfer mode
* kgdb: Prevent infinite recursive entries to the debugger
kernel/debug/debug_core.c
* Bluetooth: Add SCO fallback for invalid LMP parameters error
net/bluetooth/hci_event.c
spi: dw: Zero DMA Tx and Rx configurations on stack
net: ena: fix error returning in ena_com_get_hash_function()
objtool: Ignore empty alternatives
media: si2157: Better check for running tuner in init
ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
* media: dvb_frontend: ensure that inital front end status initialized
drivers/media/dvb-core/dvb_frontend.c
include/uapi/linux/dvb/frontend.h
can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
agp/intel: Reinforce the barrier after GTT updates
* perf: Add cond_resched() to task_function_call()
kernel/events/core.c
* fat: don't allow to mount if the FAT length == 0
fs/fat/inode.c
* mm/slub: fix a memory leak in sysfs_slab_add()
mm/slub.c
* Smack: slab-out-of-bounds in vsscanf
security/smack/smackfs.c
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
* KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
arch/arm64/include/asm/kvm_host.h
KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits
KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
KVM: nSVM: leave ASID aside in copy_vmcb_control_area
video: fbdev: w100fb: Fix a potential double free.
* proc: Use new_inode not new_inode_pseudo
fs/proc/inode.c
fs/proc/self.c
fs/proc/thread_self.c
* ovl: initialize error in ovl_copy_xattr
fs/overlayfs/copy_up.c
spi: bcm2835: Fix controller unregister order
spi: pxa2xx: Fix controller unregister order
* spi: Fix controller unregister order
drivers/spi/spi.c
* spi: No need to assign dummy value in spi_unregister_controller()
drivers/spi/spi.c
spi: dw: Fix controller unregister order
spi: dw: fix possible race condition
x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
x86/speculation: Add support for STIBP always-on preferred mode
x86/speculation: Change misspelled STIPB to STIBP
* ALSA: pcm: disallow linking stream to itself
sound/core/pcm_native.c
spi: bcm-qspi: when tx/rx buffer is NULL set to 0
spi: bcm2835aux: Fix controller unregister order
nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
* cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
fs/fs-writeback.c
ACPI: PM: Avoid using power resources if there are none for D0
ACPI: GED: add support for _Exx / _Lxx handler methods
ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
* ALSA: usb-audio: Fix inconsistent card PM state after resume
sound/usb/card.c
sound/usb/usbaudio.h
ALSA: es1688: Add the missed snd_card_free()
efi/efivars: Add missing kobject_put() in sysfs entry creation error path
x86/reboot/quirks: Add MacBook6,1 reboot quirk
x86/speculation: Prevent rogue cross-process SSBD shutdown
x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs
x86_64: Fix jiffies ODR violation
ath9k_htc: Silence undersized packet warnings
drivers/net/ibmvnic: Update VNIC protocol version reporting
* sched/fair: Don't NUMA balance for kthreads
kernel/sched/fair.c
ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
crypto: talitos - fix ECB and CBC algs ivsize
* scsi: return correct blkprep status code in case scsi_init_io() fails.
drivers/scsi/scsi_lib.c
vxlan: Avoid infinite loop when suppressing NS messages with invalid options
* ipv6: fix IPV6_ADDRFORM operation logic
net/ipv6/ipv6_sockglue.c
Merge 4.9.227 into android-4.9-q
Linux 4.9.227
uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned
iio: vcnl4000: Fix i2c swapped word reading.
x86/speculation: Add Ivy Bridge to affected list
x86/speculation: Add SRBDS vulnerability and mitigation documentation
* x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation
drivers/base/cpu.c
x86/cpu: Add 'table' argument to cpu_matches()
* x86/cpu: Add a steppings field to struct x86_cpu_id
include/linux/mod_devicetable.h
* nvmem: qfprom: remove incorrect write support
drivers/nvmem/qfprom.c
staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
tty: hvc_console, fix crashes on parallel open/close
* vt: keyboard: avoid signed integer overflow in k_ascii
drivers/tty/vt/keyboard.c
usb: musb: Fix runtime PM imbalance on error
USB: serial: option: add Telit LE910C1-EUX compositions
USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
USB: serial: qcserial: add DW5816e QDL support
* l2tp: add sk_family checks to l2tp_validate_socket
net/l2tp/l2tp_core.c
vsock: fix timeout in vsock_accept()
NFC: st21nfca: add missed kfree_skb() in an error path
net: usb: qmi_wwan: add Telit LE910C1-EUX composition
* l2tp: do not use inet_hash()/inet_unhash()
net/l2tp/l2tp_ip.c
net/l2tp/l2tp_ip6.c
* devinet: fix memleak in inetdev_init()
net/ipv4/devinet.c
airo: Fix read overflows sending packets
* scsi: ufs: Release clock if DMA map fails
drivers/scsi/ufs/ufshcd.c
slip: not call free_netdev before rtnl_unlock in slip_open
slcan: Fix double-free on slcan_open() error path
* mmc: fix compilation of user API
include/uapi/linux/mmc/ioctl.h
kernel/relay.c: handle alloc_percpu returning NULL in relay_open
p54usb: add AirVasT USB stick device-id
HID: i2c-hid: add Schneider SCL142ALM to descriptor override
* mm: Fix mremap not considering huge pmd devmap
mm/mremap.c
* pppoe: only process PADT targeted at local interfaces
drivers/net/ppp/pppoe.c
net: smsc911x: Fix runtime PM imbalance on error
net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x
net/ethernet/freescale: rework quiesce/activate for ucc_geth
net: bmac: Fix read of MAC address from ROM
x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables
ARC: Fix ICCM & DCCM runtime size checks
s390/ftrace: save traced function caller
spi: dw: use "smp_mb()" to avoid sending spi data error
* esp6: fix memleak on error path in esp6_input
net/ipv6/esp6.c
usb: gadget: f_uac2: fix error handling in afunc_bind (again)
* scsi: scsi_devinfo: fixup string compare
drivers/scsi/scsi_devinfo.c
Merge 4.9.226 into android-4.9-q
Linux 4.9.226
scsi: zfcp: fix request object use-after-free in send path causing wrong traces
net: hns: Fixes the missing put_device in positive leg for roce reset
sc16is7xx: move label 'err_spi' to correct section
* mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap()
mm/vmalloc.c
* net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
net/core/rtnetlink.c
genirq/generic_pending: Do not lose pending affinity update
* netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
include/linux/netfilter/nf_conntrack_pptp.h
net/netfilter/nf_conntrack_pptp.c
* bonding: Fix reference count leak in bond_sysfs_slave_add.
drivers/net/bonding/bond_sysfs_slave.c
qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
* netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
include/linux/netfilter/nf_conntrack_pptp.h
net/ipv4/netfilter/nf_nat_pptp.c
net/netfilter/nf_conntrack_pptp.c
netfilter: ipset: Fix subcounter update skip
netfilter: nft_reject_bridge: enable reject with bridge vlan
* ip_vti: receive ipip packet by calling ip_tunnel_rcv
net/ipv4/ip_vti.c
* vti4: eliminated some duplicate code.
net/ipv4/ip_vti.c
* xfrm: fix a NULL-ptr deref in xfrm_local_error
net/xfrm/xfrm_output.c
* xfrm: fix a warning in xfrm_policy_insert_list
net/xfrm/xfrm_policy.c
* xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
net/xfrm/xfrm_input.c
x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
mac80211: mesh: fix discovery timer re-arming issue / crash
parisc: Fix kernel panic in mem_init()
* iommu: Fix reference count leak in iommu_group_alloc.
drivers/iommu/iommu.c
* include/asm-generic/topology.h: guard cpumask_of_node() macro argument
include/asm-generic/topology.h
* fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
fs/binfmt_elf.c
* mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
include/linux/mm.h
libceph: ignore pool overlay and cache logic on redirects
* exec: Always set cap_ambient in cap_bprm_set_creds
security/commoncap.c
* ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
sound/usb/mixer.c
* ALSA: hwdep: fix a left shifting 1 by 31 UB bug
sound/core/hwdep.c
ARM: dts/imx6q-bx50v3: Set display interface clock parents
ARM: dts: imx6q-bx50v3: Add internal switch
ARM: dts: imx: Correct B850v3 clock assignment
IB/qib: Call kobject_put() when kobject_init_and_add() fails
Input: synaptics-rmi4 - fix error return code in rmi_driver_probe()
Input: i8042 - add ThinkPad S230u to i8042 reset list
* Input: xpad - add custom init packet for Xbox One S controllers
drivers/input/joystick/xpad.c
* Input: evdev - call input_flush_device() on release(), not flush()
drivers/input/evdev.c
Input: usbtouchscreen - add support for BonXeon TP
cifs: Fix null pointer check in cifs_read
usb: gadget: legacy: fix redundant initialization warnings
cachefiles: Fix race between read_waiter and read_copier involving op->to_do
gfs2: move privileged user check to gfs2_quota_lock_check
net: microchip: encx24j600: add missed kthread_stop
gpio: tegra: mask GPIO IRQs during IRQ shutdown
IB/cma: Fix reference count leak when no ipv4 addresses are set
* uapi: fix linux/if_pppol2tp.h userspace compilation errors
include/uapi/linux/l2tp.h
net/mlx4_core: fix a memory leak bug.
net: sun: fix missing release regions in cas_init_one().
net/mlx5: Add command entry handling completion
net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
net/mlx5e: Update netdev txq on completions during closure
sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed
* net sched: fix reporting the first-time use timestamp
include/net/act_api.h
* net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()"
net/ipv4/route.c
net: ipip: fix wrong address family in init error path
ax25: fix setsockopt(SO_BINDTODEVICE)
ANDROID: cuttlefish defconfig - enable mount/net/uts namespaces.
Merge 4.9.225 into android-4.9-q
Linux 4.9.225
iio: sca3000: Remove an erroneous 'get_device()'
rapidio: fix an error in get_user_pages_fast() error handling
mei: release me_cl object reference
iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()'
staging: greybus: Fix uninitialized scalar variable
staging: iio: ad2s1210: Fix SPI reading
Revert "gfs2: Don't demote a glock until its revokes are written"
cxgb4/cxgb4vf: Fix mac_hlist initialization and free
cxgb4: free mac_hlist properly
libnvdimm/btt: Remove unnecessary code in btt_freelist_init
platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
* ubsan: build ubsan.c more conservatively
lib/Makefile
* x86/uaccess, ubsan: Fix UBSAN vs. SMAP
lib/Makefile
* l2tp: device MTU setup, tunnel socket needs a lock
include/linux/net.h
net/l2tp/l2tp_eth.c
net/socket.c
dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()'
* ALSA: pcm: fix incorrect hw_base increase
sound/core/pcm_lib.c
* l2tp: initialise PPP sessions before registering them
net/l2tp/l2tp_ppp.c
* l2tp: protect sock pointer of struct pppol2tp_session with RCU
net/l2tp/l2tp_ppp.c
* l2tp: initialise l2tp_eth sessions before registering them
net/l2tp/l2tp_eth.c
* l2tp: don't register sessions in l2tp_session_create()
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
net/l2tp/l2tp_eth.c
net/l2tp/l2tp_ppp.c
* l2tp: fix l2tp_eth module loading
net/l2tp/l2tp_eth.c
* l2tp: pass tunnel pointer to ->session_create()
net/l2tp/l2tp_core.h
net/l2tp/l2tp_eth.c
net/l2tp/l2tp_netlink.c
net/l2tp/l2tp_ppp.c
* l2tp: prevent creation of sessions on terminated tunnels
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
* l2tp: hold tunnel used while creating sessions with netlink
net/l2tp/l2tp_netlink.c
* l2tp: hold tunnel while handling genl TUNNEL_GET commands
net/l2tp/l2tp_netlink.c
* l2tp: hold tunnel while handling genl tunnel updates
net/l2tp/l2tp_netlink.c
* l2tp: hold tunnel while processing genl delete command
net/l2tp/l2tp_netlink.c
* l2tp: hold tunnel while looking up sessions in l2tp_netlink
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
net/l2tp/l2tp_netlink.c
* l2tp: initialise session's refcount before making it reachable
net/l2tp/l2tp_core.c
* l2tp: define parameters of l2tp_tunnel_find*() as "const"
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
* l2tp: define parameters of l2tp_session_get*() as "const"
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
* l2tp: remove l2tp_session_find()
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
* l2tp: remove useless duplicate session detection in l2tp_netlink
net/l2tp/l2tp_netlink.c
* L2TP:Adjust intf MTU, add underlay L3, L2 hdrs.
net/l2tp/l2tp_eth.c
* New kernel function to get IP overhead on a socket.
include/linux/net.h
net/socket.c
* net: l2tp: ppp: change PPPOL2TP_MSG_* => L2TP_MSG_*
net/l2tp/l2tp_ppp.c
* net: l2tp: deprecate PPPOL2TP_MSG_* in favour of L2TP_MSG_*
include/uapi/linux/if_pppol2tp.h
* net: l2tp: export debug flags to UAPI
include/uapi/linux/l2tp.h
net/l2tp/l2tp_core.h
* watchdog: Fix the race between the release of watchdog_core_data and cdev
drivers/watchdog/watchdog_dev.c
arm64: fix the flush_icache_range arguments in machine_kexec
padata: purge get_cpu and reorder_via_wq from padata_do_serial
padata: initialize pd->cpu with effective cpumask
padata: Replace delayed timer with immediate workqueue in padata_reorder
padata: set cpu_index of unused CPUs to -1
* i2c: dev: Fix the race between the release of i2c_dev and cdev
drivers/i2c/i2c-dev.c
ARM: futex: Address build warning
platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
* USB: core: Fix misleading driver bug report
drivers/usb/core/message.c
ceph: fix double unlock in handle_cap_export()
gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp()
* component: Silence bind error on -EPROBE_DEFER
drivers/base/component.c
* configfs: fix config_item refcnt leak in configfs_rmdir()
fs/configfs/dir.c
* HID: multitouch: add eGalaxTouch P80H84 support
drivers/hid/hid-ids.h
drivers/hid/hid-multitouch.c
* gcc-common.h: Update for GCC 10
scripts/gcc-plugins/Makefile
i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()'
iommu/amd: Fix over-read of ACPI UID from IVRS table
* fix multiplication overflow in copy_fdtable()
fs/file.c
ima: Fix return value of ima_write_policy()
evm: Check also if *tfm is an error pointer in init_desc()
padata: ensure padata_do_serial() runs on the correct CPU
padata: ensure the reorder timer callback runs on the correct CPU
padata: get_next is never NULL
padata: Remove unused but set variables
igb: use igb_adapter->io_addr instead of e1000_hw->hw_addr
Merge 4.9.224 into android-4.9-q
Linux 4.9.224
* Makefile: disallow data races on gcc-10 as well
Makefile
KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
ARM: dts: r8a7740: Add missing extal2 to CPG node
ARM: dts: r8a73a4: Add missing CMT1 interrupts
Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
usb: gadget: legacy: fix error return code in cdc_bind()
usb: gadget: legacy: fix error return code in gncm_bind()
usb: gadget: audio: Fix a missing error return value in audio_bind()
usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()'
* exec: Move would_dump into flush_old_exec
fs/exec.c
* x86: Fix early boot crash on gcc-10, third try
include/linux/compiler.h
init/main.c
ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
* usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list
drivers/usb/host/xhci-ring.c
* USB: gadget: fix illegal array access in binding with UDC
drivers/usb/gadget/configfs.c
* ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset
sound/usb/quirks.c
* ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
include/sound/rawmidi.h
sound/core/rawmidi.c
* ALSA: rawmidi: Initialize allocated buffers
sound/core/rawmidi.c
ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
netprio_cgroup: Fix unlimited memory leak of v2 cgroups
* net: ipv4: really enforce backoff for redirects
net/ipv4/route.c
* Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu"
net/ipv6/route.c
* netlabel: cope with NULL catmap
net/ipv4/cipso_ipv4.c
net/ipv6/calipso.c
net/netlabel/netlabel_kapi.c
* net: fix a potential recursive NETDEV_FEAT_CHANGE
net/core/dev.c
* gcc-10: disable 'restrict' warning for now
Makefile
* gcc-10: disable 'stringop-overflow' warning for now
Makefile
* gcc-10: disable 'array-bounds' warning for now
Makefile
* gcc-10: disable 'zero-length-bounds' warning for now
Makefile
* gcc-10: avoid shadowing standard library 'free()' in crypto
crypto/xts.c
net: phy: micrel: Use strlcpy() for ethtool::get_strings
* Stop the ad-hoc games with -Wno-maybe-initialized
Makefile
init/Kconfig
kernel/trace/Kconfig
* kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
Makefile
init/Kconfig
kernel/trace/Kconfig
* gcc-10 warnings: fix low-hanging fruit
include/linux/fs.h
include/linux/tty.h
pnp: Use list_for_each_entry() instead of open coding
IB/mlx4: Test return value of calls to ib_get_cached_pkey
* netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
include/net/netfilter/nf_conntrack.h
net/netfilter/nf_conntrack_core.c
i40iw: Fix error handling in i40iw_manage_arp_cache()
pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler
ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
ALSA: hda/hdmi: fix race in monitor detection during probe
dmaengine: mmp_tdma: Reset channel error on release
dmaengine: pch_dma.c: Avoid data race between probe and irq handler
cifs: Fix a race condition with cifs_echo_request
cifs: Check for timeout on Negotiate stage
spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
* scsi: sg: add sg_remove_request in sg_write
drivers/scsi/sg.c
drop_monitor: work around gcc-10 stringop-overflow warning
net: moxa: Fix a potential double 'free_irq()'
net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()'
* shmem: fix possible deadlocks on shmlock_user_lock
mm/shmem.c
ptp: free ptp device pin descriptors properly
* ptp: fix the race between the release of ptp_clock and cdev
include/linux/posix-clock.h
kernel/time/posix-clock.c
ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
* chardev: add helper function to register char devs with a struct device
fs/char_dev.c
include/linux/cdev.h
ptp: create "pins" together with the rest of attributes
ptp: use is_visible method to hide unused attributes
ptp: do not explicitly set drvdata in ptp_clock_register()
* blktrace: fix dereference after null check
kernel/trace/blktrace.c
* blktrace: Protect q->blk_trace with RCU
include/linux/blkdev.h
include/linux/blktrace_api.h
kernel/trace/blktrace.c
* blktrace: fix trace mutex deadlock
kernel/trace/blktrace.c
* blktrace: fix unlocked access to init/start-stop/teardown
kernel/trace/blktrace.c
* blktrace: Fix potential deadlock between delete & sysfs ops
block/blk-core.c
include/linux/blkdev.h
kernel/trace/blktrace.c
* net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
include/net/addrconf.h
net/ipv6/addrconf_core.c
net/ipv6/af_inet6.c
* net: ipv6: add net argument to ip6_dst_lookup_flow
include/net/ipv6.h
net/ipv6/af_inet6.c
net/ipv6/datagram.c
net/ipv6/inet6_connection_sock.c
net/ipv6/ip6_output.c
net/ipv6/raw.c
net/ipv6/tcp_ipv6.c
net/l2tp/l2tp_ip6.c
* ext4: add cond_resched() to ext4_protect_reserved_inode
fs/ext4/block_validity.c
* binfmt_elf: Do not move brk for INTERP-less ET_EXEC
fs/binfmt_elf.c
scripts/decodecode: fix trapping instruction formatting
objtool: Fix stack offset tracking for indirect CFAs
batman-adv: Fix refcnt leak in batadv_v_ogm_process
batman-adv: Fix refcnt leak in batadv_store_throughput_override
batman-adv: Fix refcnt leak in batadv_show_throughput_override
batman-adv: fix batadv_nc_random_weight_tq
* mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous()
mm/page_alloc.c
* tracing: Add a vmalloc_sync_mappings() for safe measure
kernel/trace/trace.c
USB: serial: garmin_gps: add sanity checking for data length
USB: uas: add quirk for LaCie 2Big Quadra
* binfmt_elf: move brk out of mmap when doing direct loader exec
fs/binfmt_elf.c
Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"
bnxt_en: Improve AER slot reset.
net/mlx5: Fix command entry leak in Internal Error State
net/mlx5: Fix forced completion access non initialized command entry
bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features().
sch_sfq: validate silly quantum values
sch_choke: avoid potential panic in choke_reset()
net: usb: qmi_wwan: add support for DW5816e
net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
net: macsec: preserve ingress frame ordering
* fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
net/sched/sch_fq_codel.c
dp83640: reverse arguments to list_add_tail
USB: serial: qcserial: Add DW5816e support
* ANDROID: hid: steam: remove BT controller matching
drivers/hid/hid-core.c
drivers/hid/hid-ids.h
* UPSTREAM: HID: steam: Fix input device disappearing
drivers/hid/hid-steam.c
Change-Id: I03104a17738ef3d28a296ca370185f58396c9262
Signed-off-by: lucaswei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
0f1687ebb5 |
Merge 4.9.228 into android-4.9-q
Changes in 4.9.228 ipv6: fix IPV6_ADDRFORM operation logic vxlan: Avoid infinite loop when suppressing NS messages with invalid options scsi: return correct blkprep status code in case scsi_init_io() fails. crypto: talitos - fix ECB and CBC algs ivsize ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook sched/fair: Don't NUMA balance for kthreads drivers/net/ibmvnic: Update VNIC protocol version reporting ath9k_htc: Silence undersized packet warnings x86_64: Fix jiffies ODR violation x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs x86/speculation: Prevent rogue cross-process SSBD shutdown x86/reboot/quirks: Add MacBook6,1 reboot quirk efi/efivars: Add missing kobject_put() in sysfs entry creation error path ALSA: es1688: Add the missed snd_card_free() ALSA: usb-audio: Fix inconsistent card PM state after resume ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() ACPI: GED: add support for _Exx / _Lxx handler methods ACPI: PM: Avoid using power resources if there are none for D0 cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() spi: bcm2835aux: Fix controller unregister order spi: bcm-qspi: when tx/rx buffer is NULL set to 0 ALSA: pcm: disallow linking stream to itself x86/speculation: Change misspelled STIPB to STIBP x86/speculation: Add support for STIBP always-on preferred mode x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. spi: dw: fix possible race condition spi: dw: Fix controller unregister order spi: No need to assign dummy value in spi_unregister_controller() spi: Fix controller unregister order spi: pxa2xx: Fix controller unregister order spi: bcm2835: Fix controller unregister order ovl: initialize error in ovl_copy_xattr proc: Use new_inode not new_inode_pseudo video: fbdev: w100fb: Fix a potential double free. KVM: nSVM: leave ASID aside in copy_vmcb_control_area KVM: nVMX: Consult only the "basic" exit reason when routing nested exit KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx ath9k: Fix use-after-free Write in ath9k_htc_rx_msg ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb Smack: slab-out-of-bounds in vsscanf mm/slub: fix a memory leak in sysfs_slab_add() fat: don't allow to mount if the FAT length == 0 perf: Add cond_resched() to task_function_call() agp/intel: Reinforce the barrier after GTT updates can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices media: dvb_frontend: ensure that inital front end status initialized ACPI: GED: use correct trigger type field in _Exx / _Lxx handling media: si2157: Better check for running tuner in init objtool: Ignore empty alternatives net: ena: fix error returning in ena_com_get_hash_function() spi: dw: Zero DMA Tx and Rx configurations on stack Bluetooth: Add SCO fallback for invalid LMP parameters error kgdb: Prevent infinite recursive entries to the debugger spi: dw: Enable interrupts in accordance with DMA xfer mode clocksource: dw_apb_timer_of: Fix missing clockevent timers btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() staging: android: ion: use vmap instead of vm_map_ram e1000: Distribute switch variables for initialization dt-bindings: display: mediatek: control dpi pins mode to avoid leakage media: dvb: return -EREMOTEIO on i2c transfer failure. media: platform: fcp: Set appropriate DMA parameters MIPS: Make sparse_init() using top-down allocation netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported lib/mpi: Fix 64-bit MIPS build with Clang exit: Move preemption fixup up, move blocking operations down net: lpc-enet: fix error return code in lpc_mii_init() net: allwinner: Fix use correct return type for ndo_start_xmit() powerpc/spufs: fix copy_to_user while atomic MIPS: Truncate link address into 32bit for 32bit kernel mips: cm: Fix an invalid error code of INTVN_*_ERR kgdb: Fix spurious true from in_dbg_master() md: don't flush workqueue unconditionally in md_open rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() mwifiex: Fix memory corruption in dump_station x86/boot: Correct relocation destination on old linkers mips: Add udelay lpj numbers adjustment x86/mm: Stop printing BRK addresses m68k: mac: Don't call via_flush_cache() on Mac IIfx macvlan: Skip loopback packets in RX handler PCI: Don't disable decoding when mmio_always_on is set MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe() staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core ixgbe: fix signed-integer-overflow warning mmc: sdhci-esdhc-imx: fix the mask for tuning start point spi: dw: Return any value retrieved from the dma_transfer callback cpuidle: Fix three reference count leaks btrfs: send: emit file capabilities after chown mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() ima: Fix ima digest hash table key calculation ima: Directly assign the ima_default_policy pointer to ima_rules evm: Fix possible memory leak in evm_calc_hmac_or_hash() ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max ext4: fix race between ext4_sync_parent() and rename() btrfs: fix error handling when submitting direct I/O bio blk-mq: move blk_mq_update_nr_hw_queues synchronize_rcu call PCI: Program MPS for RCiEP devices e1000e: Relax condition to trigger reset for ME workaround carl9170: remove P2P_GO support media: go7007: fix a miss of snd_card_free b43legacy: Fix case where channel status is corrupted b43: Fix connection problem with WPA3 b43_legacy: Fix connection problem with WPA3 igb: Report speed and duplex as unknown when device is runtime suspended power: vexpress: add suppress_bind_attrs to true pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs sparc32: fix register window handling in genregs32_[gs]et() sparc64: fix misuses of access_process_vm() in genregs32_[sg]et() kernel/cpu_pm: Fix uninitted local in cpu_pm ARM: tegra: Correct PL310 Auxiliary Control Register initialization drivers/macintosh: Fix memleak in windfarm_pm112 driver kbuild: force to build vmlinux if CONFIG_MODVERSION=y sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations. sunrpc: clean up properly in gss_mech_unregister() mtd: rawnand: brcmnand: fix hamming oob layout mtd: rawnand: pasemi: Fix the probe error path w1: omap-hdq: cleanup to add missing newline for some dev_dbg perf probe: Do not show the skipped events perf symbols: Fix debuginfo search for Ubuntu Linux 4.9.228 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I26fadb036b8aab801c0ba5e7e5ed99170cf0f783 |
||
|
Jann Horn
|
1e587ce792 |
exit: Move preemption fixup up, move blocking operations down
[ Upstream commit 586b58cac8b4683eb58a1446fbc399de18974e40 ]
With CONFIG_DEBUG_ATOMIC_SLEEP=y and CONFIG_CGROUPS=y, kernel oopses in
non-preemptible context look untidy; after the main oops, the kernel prints
a "sleeping function called from invalid context" report because
exit_signals() -> cgroup_threadgroup_change_begin() -> percpu_down_read()
can sleep, and that happens before the preempt_count_set(PREEMPT_ENABLED)
fixup.
It looks like the same thing applies to profile_task_exit() and
kcov_task_exit().
Fix it by moving the preemption fixup up and the calls to
profile_task_exit() and kcov_task_exit() down.
Fixes:
|
||
|
Stephen Smalley
|
67e6b9b013 |
UPSTREAM: security,selinux,smack: kill security_task_wait hook
As reported by yangshukui, a permission denial from security_task_wait() can lead to a soft lockup in zap_pid_ns_processes() since it only expects sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can in general lead to zombies; in the absence of some way to automatically reparent a child process upon a denial, the hook is not useful. Remove the security hook and its implementations in SELinux and Smack. Smack already removed its check from its hook. Reported-by: yangshukui <yangshukui@huawei.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (cherry picked from commit 3a2f5a59a695a73e0cde9a61e0feae5fa730e936) Change-Id: Ie52e96a1158fcb5769a8bdca16fb4d316d4b20dc Bug: 140252993 Signed-off-by: Jeff Vander Stoep <jeffv@google.com> |
||
|
Robin Peng
|
d5bdee4cf1 |
Merge android-4.9-q (4.9.192) into android-msm-pixel-4.9-lts
Merge 4.9.192 into android-4.9-q
Linux 4.9.192
* mld: fix memory leak in mld_del_delrec()
net/ipv6/mcast.c
* tcp: inherit timestamp on mtu probe
net/ipv4/tcp_output.c
net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
net: fix skb use after free in netpoll
Revert "x86/apic: Include the LDR when clearing out APIC registers"
spi: bcm2835aux: fix corruptions for longer spi transfers
spi: bcm2835aux: remove dangerous uncontrolled read of fifo
spi: bcm2835aux: unifying code between polling and interrupt driven code
spi: bcm2835aux: ensure interrupts are enabled for shared handler
libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
KVM: arm/arm64: Only skip MMIO insn once
ceph: fix buffer free while holding i_ceph_lock in fill_inode()
ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
IB/mlx4: Fix memory leaks
Tools: hv: kvp: eliminate 'may be used uninitialized' warning
ravb: Fix use-after-free ravb_tstamp_skb
wimax/i2400m: fix a memory leak bug
net: kalmia: fix memory leaks
cx82310_eth: fix a memory leak bug
net: myri10ge: fix memory leaks
cxgb4: fix a memory leak bug
* gpio: Fix build error of function redefinition
include/linux/gpio.h
ibmveth: Convert multicast list size for little-endian system
Bluetooth: btqca: Add a short delay before downloading the NVM
net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context
Merge 4.9.191 into android-4.9-q
Linux 4.9.191
* mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n
mm/zsmalloc.c
x86/ptrace: fix up botched merge of spectrev1 fix
i2c: piix4: Fix port selection for AMD Family 16h Model 30h
KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI
KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is long
mac80211: fix possible sta leak
* Revert "cfg80211: fix processing world regdomain when non modular"
net/wireless/reg.c
VMCI: Release resource if the work is already queued
stm class: Fix a double free of stm_source_device
* mmc: core: Fix init of SD cards reporting an invalid VDD range
drivers/mmc/core/sd.c
mmc: sdhci-of-at91: add quirk for broken HS200
uprobes/x86: Fix detection of 32-bit user mode
ptrace,x86: Make user_64bit_mode() available to 32-bit builds
USB: storage: ums-realtek: Whitelist auto-delink support
USB: storage: ums-realtek: Update module parameter description for auto_delink_en
usb: host: xhci: rcar: Fix typo in compatible string matching
usb: host: ohci: fix a race condition between shutdown and irq
usb: chipidea: udc: don't do hardware access if gadget has stopped
USB: cdc-wdm: fix race between write and disconnect due to flag abuse
* usb-storage: Add new JMS567 revision to unusual_devs
drivers/usb/storage/unusual_devs.h
* mm/zsmalloc.c: fix race condition in zs_destroy_pool
mm/zsmalloc.c
x86/apic: Include the LDR when clearing out APIC registers
x86/apic: Do not initialize LDR and DFR for bigsmp
KVM: x86: Don't update RIP or do single-step on faulting emulation
ALSA: seq: Fix potential concurrent access to the deleted pool
ALSA: line6: Fix memory leak at line6_init_pcm() error path
* tcp: make sure EPOLLOUT wont be missed
net/core/stream.c
* ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
sound/usb/mixer.c
* ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
sound/usb/mixer.c
* tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
include/net/tcp.h
* scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value
drivers/scsi/ufs/unipro.h
watchdog: bcm2835_wdt: Fix module autoload
tools: hv: fix KVP and VSS daemons exit code
usb: host: fotg2: restart hcd after port reset
i2c: emev2: avoid race when unregistering slave client
xen/blkback: fix memory leaks
* usb: gadget: composite: Clear "suspended" on reset/disconnect
drivers/usb/gadget/composite.c
* iommu/dma: Handle SG length overflow better
drivers/iommu/dma-iommu.c
dmaengine: ste_dma40: fix unneeded variable warning
x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
Revert "perf test 6: Fix missing kvm module load for s390"
xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
* mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely
mm/zsmalloc.c
mm, page_owner: handle THP splits correctly
* genirq: Properly pair kobject_del() with kobject_add()
kernel/irq/irqdesc.c
* dm table: fix invalid memory accesses with too high sector number
drivers/md/dm-table.c
dm space map metadata: fix missing store of apply_bops() return value
dm btree: fix order of block initialization in btree_split_beneath
x86/boot: Fix boot regression caused by bootparam sanitizing
x86/boot: Save fields explicitly, zero out everything else
x86/apic: Handle missing global clockevent gracefully
x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
* gpiolib: never report open-drain/source lines as 'input' to user-space
drivers/gpio/gpiolib.c
* Revert "dm bufio: fix deadlock with loop device"
drivers/md/dm-bufio.c
HID: wacom: Correct distance scale for 2nd-gen Intuos devices
HID: wacom: correct misreported EKR ring values
selftests: kvm: Adding config fragments
perf pmu-events: Fix missing "cpu_clk_unhalted.core" event
drm/vmwgfx: fix memory leak when too many retries have occurred
x86/lib/cpu: Address missing prototypes warning
libata: add SG safety checks in SFF pio transfers
net: hisilicon: Fix dma_map_single failed on arm64
net: hisilicon: fix hip04-xmit never return TX_BUSY
net: hisilicon: make hip04_tx_reclaim non-reentrant
net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
HID: input: fix a4tech horizontal wheel custom usage
NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
can: peak_usb: force the string buffer NULL-terminated
can: sja1000: force the string buffer NULL-terminated
perf bench numa: Fix cpu0 binding
isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain()
net: usb: qmi_wwan: Add the BroadMobi BM818 card
ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
st_nci_hci_connectivity_event_received: null check the allocation
st21nfca_connectivity_event_received: null check the allocation
can: dev: call netif_carrier_off() in register_candev()
* bonding: Force slave speed check after link state recovery for 802.3ad
drivers/net/bonding/bond_main.c
* ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
sound/soc/soc-dapm.c
* netfilter: ebtables: fix a memory leak bug in compat
net/bridge/netfilter/ebtables.c
MIPS: kernel: only use i8253 clocksource with periodic clockevent
HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
* BACKPORT: arch: add pidfd and io_uring syscalls everywhere
arch/arm64/include/asm/unistd32.h
* UPSTREAM: pidfd: fix a poll race when setting exit_state
kernel/exit.c
* BACKPORT: arch: wire-up pidfd_open()
arch/arm64/include/asm/unistd.h
arch/arm64/include/asm/unistd32.h
arch/x86/entry/syscalls/syscall_32.tbl
include/uapi/asm-generic/unistd.h
* BACKPORT: pid: add pidfd_open()
include/linux/syscalls.h
kernel/pid.c
* UPSTREAM: pidfd: add polling support
include/linux/pid.h
kernel/fork.c
kernel/pid.c
kernel/signal.c
* UPSTREAM: signal: improve comments
kernel/signal.c
* BACKPORT: fork: do not release lock that wasn't taken
kernel/fork.c
* BACKPORT: signal: support CLONE_PIDFD with pidfd_send_signal
kernel/signal.c
kernel/sys_ni.c
* BACKPORT: clone: add CLONE_PIDFD
include/linux/pid.h
include/uapi/linux/sched.h
kernel/fork.c
* UPSTREAM: Make anon_inodes unconditional
arch/arm64/kvm/Kconfig
drivers/base/Kconfig
drivers/char/tpm/Kconfig
drivers/dma-buf/Kconfig
drivers/gpio/Kconfig
drivers/iio/Kconfig
drivers/infiniband/Kconfig
drivers/vfio/Kconfig
fs/Makefile
fs/notify/fanotify/Kconfig
fs/notify/inotify/Kconfig
init/Kconfig
* UPSTREAM: signal: use fdget() since we don't allow O_PATH
kernel/signal.c
* UPSTREAM: signal: don't silently convert SI_USER signals to non-current pidfd
kernel/signal.c
* BACKPORT: signal: add pidfd_send_signal() syscall
arch/x86/entry/syscalls/syscall_32.tbl
fs/proc/base.c
include/linux/proc_fs.h
include/linux/syscalls.h
include/uapi/asm-generic/unistd.h
kernel/signal.c
kernel/sys_ni.c
* ANDROID: sched: Disallow WALT with CFS bandwidth control
init/Kconfig
* ANDROID: fiq_debugger: remove
drivers/staging/android/Kconfig
drivers/staging/android/Makefile
Merge 4.9.190 into android-4.9-q
Linux 4.9.190
* bonding: Add vlan tx offload to hw_enc_features
drivers/net/bonding/bond_main.c
team: Add vlan tx offload to hw_enc_features
net/mlx5e: Use flow keys dissector to parse packets for ARFS
net/mlx5e: Only support tx/rx pause setting for port owner
xen/netback: Reset nr_frags before freeing skb
sctp: fix the transport error_count check
* net/packet: fix race in tpacket_snd()
net/packet/af_packet.c
bnx2x: Fix VF's VLAN reconfiguration in reload.
iommu/amd: Move iommu_init_pci() to .init section
Input: psmouse - fix build error of multiple definition
* netfilter: conntrack: Use consistent ct id hash calculation
net/netfilter/nf_conntrack_core.c
* arm64: compat: Allow single-byte watchpoints on all addresses
arch/arm64/kernel/hw_breakpoint.c
* bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K
include/linux/filter.h
kernel/bpf/core.c
net/core/sysctl_net_core.c
* asm-generic: fix -Wtype-limits compiler warnings
include/asm-generic/getorder.h
USB: serial: option: Add Motorola modem UARTs
USB: serial: option: add the BroadMobi BM818 card
USB: serial: option: Add support for ZTE MF871A
USB: serial: option: add D-Link DWM-222 device ID
* USB: CDC: fix sanity checks in CDC union parser
drivers/usb/core/message.c
usb: cdc-acm: make sure a refcount is taken early enough
* USB: core: Fix races in character device registration and deregistraion
drivers/usb/core/file.c
staging: comedi: dt3000: Fix rounding up of timer divisor
staging: comedi: dt3000: Fix signed integer overflow 'divider * base'
ocfs2: remove set but not used variable 'last_hash'
IB/mad: Fix use-after-free in ib mad completion handling
IB/core: Add mitigation for Spectre V1
* arm64/mm: fix variable 'pud' set but not used
arch/arm64/include/asm/pgtable.h
* arm64/efi: fix variable 'si' set but not used
arch/arm64/include/asm/efi.h
* kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules
scripts/Makefile.modpost
ata: libahci: do not complain in case of deferred probe
scsi: hpsa: correct scsi command status issue after reset
libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
perf header: Fix use of unitialized value warning
perf header: Fix divide by zero error if f_header.attr_size==0
irqchip/irq-imx-gpcv2: Forward irq type to parent
xen/pciback: remove set but not used variable 'old_state'
net: usb: pegasus: fix improper read if get_registers() fail
Input: iforce - add sanity checks
Input: kbtab - sanity check for endpoint type
* HID: hiddev: do cleanup in failure of opening a device
drivers/hid/usbhid/hiddev.c
* HID: hiddev: avoid opening a disconnected device
drivers/hid/usbhid/hiddev.c
HID: holtek: test for sanity of intfdata
ALSA: hda - Let all conexant codec enter D3 when rebooting
ALSA: hda - Add a generic reboot_notify
ALSA: hda - Fix a memory leak bug
xtensa: add missing isync to the cpu_reset TLB code
* netfilter: ctnetlink: don't use conntrack/expect object addresses as id
include/net/netfilter/nf_conntrack.h
net/netfilter/nf_conntrack_core.c
net/netfilter/nf_conntrack_netlink.c
* inet: switch IP ID generator to siphash
include/linux/siphash.h
include/net/netns/ipv4.h
net/ipv4/route.c
net/ipv6/output_core.c
* siphash: implement HalfSipHash1-3 for hash tables
include/linux/siphash.h
lib/siphash.c
* siphash: add cryptographically secure PRF
include/linux/siphash.h
lib/Kconfig.debug
lib/Makefile
lib/siphash.c
vhost: scsi: add weight support
vhost_net: fix possible infinite loop
vhost: introduce vhost_exceeds_weight()
vhost_net: introduce vhost_exceeds_weight()
vhost_net: use packet weight for rx handler, too
vhost-net: set packet weight of tx polling to 2 * vq size
* bpf: add bpf_jit_limit knob to restrict unpriv allocations
include/linux/filter.h
kernel/bpf/core.c
net/core/sysctl_net_core.c
* bpf: restrict access to core bpf sysctls
net/core/sysctl_net_core.c
* bpf: get rid of pure_initcall dependency to enable jits
kernel/bpf/core.c
net/core/sysctl_net_core.c
net/socket.c
* mm/memcontrol.c: fix use after free in mem_cgroup_iter()
mm/memcontrol.c
* mm/usercopy: use memory range to be accessed for wraparound check
mm/usercopy.c
sh: kernel: hw_breakpoint: Fix missing break in switch statement
scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA
iwlwifi: don't unmap as page memory that was mapped as single
mwifiex: fix 802.11n/WPA detection
smb3: send CAP_DFS capability during session setup
SMB3: Fix deadlock in validate negotiate hits reconnect
mac80211: don't WARN on short WMM parameters from AP
ALSA: hda - Don't override global PCM hw info flag
ALSA: firewire: fix a memory leak bug
hwmon: (nct7802) Fix wrong detection of in4 presence
can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
* perf/core: Fix creating kernel counters for PMUs that override event->cpu
kernel/events/core.c
* tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
drivers/tty/tty_ldsem.c
scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG
scsi: ibmvfc: fix WARN_ON during event pool release
scsi: megaraid_sas: fix panic on loading firmware crashdump
ARM: davinci: fix sleep.S build error on ARMv4
ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id()
drbd: dynamically allocate shash descriptor
perf probe: Avoid calling freeing routine multiple times for same pointer
* ALSA: compress: Be more restrictive about when a drain is allowed
sound/core/compress_offload.c
* ALSA: compress: Don't allow paritial drain operations on capture streams
sound/core/compress_offload.c
* ALSA: compress: Prevent bypasses of set_params
sound/core/compress_offload.c
* ALSA: compress: Fix regression on compressed capture streams
include/sound/compress_driver.h
sound/core/compress_offload.c
s390/qdio: add sanity checks to the fast-requeue path
cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
mac80211: don't warn about CW params when not using them
* iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
drivers/firmware/Kconfig
* netfilter: nfnetlink: avoid deadlock due to synchronous request_module
net/netfilter/nfnetlink.c
can: peak_usb: fix potential double kfree_skb()
usb: yurex: Fix use-after-free in yurex_delete
perf record: Fix module size on s390
perf db-export: Fix thread__exec_comm()
perf record: Fix wrong size in perf_record_mmap for last kernel module
* mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
mm/vmalloc.c
x86/mm: Sync also unmappings in vmalloc_sync_all()
x86/mm: Check for pfn instead of page in vmalloc_sync_one()
* sound: fix a memory leak bug
sound/sound_core.c
usb: iowarrior: fix deadlock on disconnect
* usb: usbfs: fix double-free of usb memory upon submiturb error
drivers/usb/core/devio.c
ANDROID: fix kernelci build-break in lowmemorykiller
ANDROID: Fixes to locking around handle_lmk_event
* UPSTREAM: net/ipv6: allow sysctl to change link-local address generation mode
include/linux/ipv6.h
include/net/if_inet6.h
net/ipv6/addrconf.c
* ANDROID: fix binder change in merge of 4.9.188
drivers/android/binder_alloc.c
Merge 4.9.189 into android-4.9-q
Linux 4.9.189
x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
x86/entry/64: Use JMP instead of JMPQ
x86/speculation: Enable Spectre v1 swapgs mitigations
x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
x86: cpufeatures: Sort feature word 7
spi: bcm2835: Fix 3-wire mode if DMA is enabled
* block: blk_init_allocated_queue() set q->fq as NULL in the fail case
block/blk-core.c
bnx2x: Disable multi-cos feature.
ife: error out when nla attributes are empty
* ip6_tunnel: fix possible use-after-free on xmit
net/ipv6/ip6_tunnel.c
* compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
drivers/net/ppp/pppoe.c
drivers/net/ppp/pppox.c
fs/compat_ioctl.c
include/linux/if_pppox.h
net/l2tp/l2tp_ppp.c
tipc: compat: allow tipc commands without arguments
net: sched: Fix a possible null-pointer dereference in dequeue_func()
net/mlx5: Use reversed order when unregister devices
* net: fix ifindex collision during namespace removal
net/core/dev.c
* net: bridge: mcast: don't delete permanent entries when fast leave is enabled
net/bridge/br_multicast.c
net: bridge: delete local fdb on device init failure
atm: iphase: Fix Spectre v1 vulnerability
libceph: use kbasename() and kill ceph_file_part()
objtool: Add rewind_stack_do_exit() to the noreturn list
objtool: Add machine_real_restart() to the noreturn list
IB: directly cast the sockaddr union to aockaddr
RDMA: Directly cast the sockaddr union to sockaddr
* HID: Add quirk for HP X1200 PIXART OEM mouse
drivers/hid/hid-ids.h
drivers/hid/usbhid/hid-quirks.c
HID: wacom: fix bit shift for Cintiq Companion 2
* tcp: be more careful in tcp_fragment()
include/net/tcp.h
net/ipv4/tcp_output.c
* arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
arch/arm64/include/asm/cpufeature.h
arch/arm64/kernel/cpufeature.c
* arm64: cpufeature: Fix CTR_EL0 field definitions
arch/arm64/kernel/cpufeature.c
ARM: dts: logicpd-som-lv: Fix Audio Mute
ARM: dts: Add pinmuxing for i2c2 and i2c3 for LogicPD torpedo
ARM: dts: Add pinmuxing for i2c2 and i2c3 for LogicPD SOM-LV
scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
* fs/crypto: Fix 4.9.186 missmerge
fs/crypto/policy.c
Merge 4.9.188 into android-4.9-q
Linux 4.9.188
x86, mm, gup: prevent get_page() race with munmap in paravirt guest
objtool: Support GCC 9 cold subfunction naming scheme
* include/linux/module.h: copy __init/__exit attrs to init/cleanup_module
include/linux/module.h
* Backport minimal compiler_attributes.h to support GCC 9
include/linux/compiler.h
eeprom: at24: make spd world-readable again
* coredump: fix race condition between collapse_huge_page() and core dumping
include/linux/mm.h
infiniband: fix race condition between infiniband mlx4, mlx5 driver and core dumping
* coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
drivers/android/binder.c
fs/proc/task_mmu.c
include/linux/mm.h
mm/mmap.c
IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification
xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
* drivers/perf: arm_pmu: Fix failure path in PM notifier
drivers/perf/arm_pmu.c
s390/dasd: fix endless loop after read unit address configuration
* selinux: fix memory leak in policydb_init()
security/selinux/ss/policydb.c
* gpiolib: fix incorrect IRQ requesting of an active-low lineevent
drivers/gpio/gpiolib.c
mmc: dw_mmc: Fix occasional hang after tuning on eMMC
Btrfs: fix incremental send failure after deduplication
* kbuild: initialize CLANG_FLAGS correctly in the top Makefile
Makefile
x86, boot: Remove multiple copy of static function sanitize_boot_params()
x86/kvm: Don't call kvm_spurious_fault() from .fixup
ipc/mqueue.c: only perform resource calculation if user valid
drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings
uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers
coda: fix build using bare-metal toolchain
coda: add error handling for fget
* mm/cma.c: fail if fixed declaration can't be honored
mm/cma.c
x86: math-emu: Hide clang warnings for 16-bit overflow
x86/apic: Silence -Wtype-limits compiler warnings
be2net: Signal that the device cannot transmit during reconfiguration
* ACPI: fix false-positive -Wuninitialized warning
include/linux/acpi.h
scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
ceph: return -ERANGE if virtual xattr value didn't fit in buffer
ceph: fix improper use of smp_mb__before_atomic()
btrfs: fix minimum number of chunk errors for DUP
fs/adfs: super: fix use-after-free bug
dmaengine: rcar-dmac: Reject zero-length slave DMA requests
MIPS: lantiq: Fix bitfield masking
* kernel/module.c: Only return -EEXIST for modules that have finished loading
kernel/module.c
ftrace: Enable trampoline when rec count returns back to one
ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again
ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200
ARM: riscpc: fix DMA
* UPSTREAM: net-ipv6-ndisc: add support for RFC7710 RA Captive Portal Identifier
include/net/ndisc.h
net/ipv6/ndisc.c
ANDROID: fix up 9p filesystem due to CFI non-upstream patches
Merge 4.9.187 into android-4.9-q
Linux 4.9.187
ceph: hold i_ceph_lock when removing caps for freeing inode
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
* sched/fair: Don't free p->numa_faults with concurrent readers
fs/exec.c
include/linux/sched.h
kernel/fork.c
kernel/sched/fair.c
Bluetooth: hci_uart: check for missing tty operations
media: radio-raremono: change devm_k*alloc to k*alloc
media: cpia2_usb: first wake up, then free in disconnect
media: au0828: fix null dereference in error path
ISDN: hfcsusb: checking idx of ep configuration
* arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ
arch/arm64/include/asm/compat.h
i2c: qup: fixed releasing dma without flush operation completion
arm64: dts: marvell: Fix A37xx UART0 register size
* tcp: reset sk_send_head in tcp_write_queue_purge
include/net/tcp.h
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
* access: avoid the RCU grace period for the temporary subjective credentials
fs/open.c
include/linux/cred.h
kernel/cred.c
powerpc/tm: Fix oops on sigreturn on systems without TM
ALSA: hda - Add a conexant codec entry to let mute led work
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
hpet: Fix division by zero in hpet_time_div()
x86/speculation/mds: Apply more accurate check on hypervisor platform
x86/sysfb_efi: Add quirks for some devices with swapped width and height
* usb: pci-quirks: Correct AMD PLL quirk detection
drivers/usb/host/pci-quirks.c
usb: wusbcore: fix unbalanced get/put cluster_id
locking/lockdep: Hide unused 'class' variable
locking/lockdep: Fix lock used or unused stats error
mm/mmu_notifier: use hlist_add_head_rcu()
9p: pass the correct prototype to read_cache_page
mm/kmemleak.c: fix check for softirq context
sh: prevent warnings when using iounmap
powerpc/eeh: Handle hugepages in ioremap space
* mailbox: handle failed named mailbox channel request
drivers/mailbox/mailbox.c
* f2fs: avoid out-of-range memory access
fs/f2fs/segment.c
powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h
RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
* kallsyms: exclude kasan local symbols on s390
scripts/kallsyms.c
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
serial: sh-sci: Terminate TX DMA during buffer flushing
RDMA/i40iw: Set queue pair state when being queried
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
um: Silence lockdep complaint about mmap_sem
mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk
mfd: arizona: Fix undefined behavior
* mfd: core: Set fwnode for created devices
drivers/mfd/mfd-core.c
recordmcount: Fix spurious mcount entries on powerpc
iio: iio-utils: Fix possible incorrect mask calculation
PCI: xilinx-nwl: Fix Multi MSI data programming
* kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS
Makefile
* PCI: sysfs: Ignore lockdep for remove attribute
drivers/pci/pci-sysfs.c
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
* usb: gadget: Zero ffs_io_data
drivers/usb/gadget/function/f_fs.c
* tty: serial_core: Set port active bit in uart_port_activate
drivers/tty/serial/serial_core.c
drm/rockchip: Properly adjust to a true clock in adjusted_mode
phy: renesas: rcar-gen2: Fix memory leak at error paths
drm/virtio: Add memory barriers for capset cache.
serial: 8250: Fix TX interrupt handling condition
tty: serial: msm_serial: avoid system lockup condition
tty/serial: digicolor: Fix digicolor-usart already registered warning
memstick: Fix error cleanup path of memstick_init
drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz
drm/bridge: tc358767: read display_props in get_modes()
tty: serial: cpm_uart - fix init when SMC is relocated
pinctrl: rockchip: fix leaked of_node references
tty: max310x: Fix invalid baudrate divisors calculator
* usb: core: hub: Disable hub-initiated U1/U2
drivers/usb/core/hub.c
drm/panel: simple: Fix panel_simple_dsi_probe
nfsd: Fix overflow causing non-working mounts on 1 TB machines
nfsd: fix performance-limiting session calculation
nfsd: give out fewer session slots as limit approaches
nfsd: increase DRC cache limit
NFSv4: Fix open create exclusive when the server reboots
perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id
perf/x86/amd/uncore: Get correct number of cores sharing last level cache
perf/x86/amd/uncore: Rename 'L2' to 'LLC'
* net: bridge: stp: don't cache eth dest pointer before skb pull
net/bridge/br_stp_bpdu.c
* net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net/bridge/br_multicast.c
* net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
net/bridge/br_multicast.c
* tcp: Reset bytes_acked and bytes_received when disconnecting
net/ipv4/tcp.c
* bonding: validate ip header before check IPPROTO_IGMP
drivers/net/bonding/bond_main.c
netrom: hold sock when setting skb->destructor
netrom: fix a memory leak in nr_rx_frame()
macsec: fix checksumming after decryption
macsec: fix use-after-free of skb during RX
vrf: make sure skb->data contains ip header to make routing
sky2: Disable MSI on ASUS P6T
rxrpc: Fix send on a connected, but unbound socket
nfc: fix potential illegal memory access
net: openvswitch: fix csum updates for MPLS actions
* net: neigh: fix multiple neigh timer scheduling
net/core/neighbour.c
net: dsa: mv88e6xxx: wait after reset deactivation
net: bcmgenet: use promisc for unsupported filters
* ipv4: don't set IPv6 only flags to IPv4 addresses
net/ipv4/devinet.c
* igmp: fix memory leak in igmpv3_del_delrec()
net/ipv4/igmp.c
caif-hsi: fix possible deadlock in cfhsi_exit_module()
bnx2x: Prevent ptp_task to be rescheduled indefinitely
bnx2x: Prevent load reordering in tx completion processing
* ext4: allow directory holes
fs/ext4/dir.c
fs/ext4/namei.c
* lib/strscpy: Shut up KASAN false-positives in strscpy()
lib/string.c
* compiler.h: Add read_word_at_a_time() function.
include/linux/compiler.h
* compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
include/linux/compiler.h
* dm bufio: fix deadlock with loop device
drivers/md/dm-bufio.c
* usb: Handle USB3 remote wakeup for LPM enabled devices correctly
drivers/usb/core/hub.c
* Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
net/bluetooth/smp.c
intel_th: msu: Fix single mode with disabled IOMMU
* eCryptfs: fix a couple type promotion bugs
fs/ecryptfs/crypto.c
powerpc/watchpoint: Restore NV GPRs while returning from exception
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
parisc: Ensure userspace privilege for ptraced processes in regset functions
um: Fix FP register size for XSTATE/XSAVE
um: Allow building and running on older hosts
crypto: caam - limit output IV to CBC to work around CTR mode DMA issue
PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
PCI: hv: Delete the device earlier from hbus->children for hot-remove
crypto: ccp - Validate the the error value used to index error messages
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
coda: pass the host file in vma->vm_file on mmap
floppy: fix out-of-bounds read in copy_buffer
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in next_valid_format
floppy: fix div-by-zero in setup_format_params
* take floppy compat ioctls to sodding floppy.c
block/compat_ioctl.c
libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
Btrfs: add missing inode version, ctime and mtime updates when punching hole
* PCI: Do not poll for PME if the device is in D3cold
drivers/pci/pci.c
9p/virtio: Add cleanup path in p9_virtio_init
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
drm/nouveau/i2c: Enable i2c pads & busses during preinit
* fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.
fs/proc/proc_sysctl.c
arm64: tegra: Fix AGIC register range
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
media: coda: Remove unbalanced and unneeded mutex unlock
* media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
drivers/media/v4l2-core/v4l2-ctrls.c
ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine
ALSA: seq: Break too long mutex context in the write loop
* lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
lib/scatterlist.c
NFSv4: Handle the special Linux file open access mode
* tracing/snapshot: Resize spare buffer if size changed
kernel/trace/trace.c
iwlwifi: pcie: don't service an interrupt that was masked
arm64: tegra: Update Jetson TX1 GPU regulator timings
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
Input: gtco - bounds check collection indent level
crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
* crypto: arm64/sha2-ce - correct digest for empty data in finup
arch/arm64/crypto/sha2-ce-glue.c
* crypto: arm64/sha1-ce - correct digest for empty data in finup
arch/arm64/crypto/sha1-ce-glue.c
* crypto: ghash - fix unaligned memory access in ghash_setkey()
crypto/ghash-generic.c
scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
scsi: NCR5380: Always re-enable reselection interrupt
scsi: NCR5380: Reduce goto statements in NCR5380_select()
xen: let alloc_xenballooned_pages() fail if not enough memory free
gtp: fix use-after-free in gtp_newlink()
gtp: fix Illegal context switch in RCU read-side critical section.
* Bluetooth: validate BLE connection interval updates
net/bluetooth/hci_event.c
net/bluetooth/l2cap_core.c
* Bluetooth: Check state in l2cap_disconnect_rsp
net/bluetooth/l2cap_core.c
Bluetooth: 6lowpan: search for destination address in all peers
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
* gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
drivers/gpio/gpiolib.c
* net: usb: asix: init MAC address buffers
drivers/net/usb/asix_devices.c
iwlwifi: mvm: Drop large non sta frames
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
* EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
drivers/edac/edac_mc_sysfs.c
drivers/edac/edac_module.h
* crypto: asymmetric_keys - select CRYPTO_HASH where needed
crypto/asymmetric_keys/Kconfig
ixgbe: Check DDM existence in transceiver before access
* rslib: Fix handling of of caller provided syndrome
lib/reed_solomon/decode_rs.c
* rslib: Fix decoding of shortened codes
lib/reed_solomon/decode_rs.c
* clocksource/drivers/exynos_mct: Increase priority over ARM arch timer
include/linux/cpuhotplug.h
libata: don't request sense data on !ZAC ATA devices
perf tools: Increase MAX_NR_CPUS and MAX_CACHES
ath10k: fix PCIE device wake up failed
mt7601u: fix possible memory leak when the device is disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: do not schedule rx_tasklet when the device has been disconnected
media: coda: increment sequence offset for the last returned frame
media: coda: fix mpeg2 sequence number handling
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
* timer_list: Guard procfs specific code
kernel/time/timer_list.c
* ntp: Limit TAI-UTC offset
kernel/time/ntp.c
* media: i2c: fix warning same module names
drivers/media/i2c/Makefile
* ipsec: select crypto ciphers for xfrm_algo
net/xfrm/Kconfig
* EDAC/sysfs: Fix memory leak when creating a csrow object
drivers/edac/edac_mc_sysfs.c
ipoib: correcly show a VF hardware address
vhost_net: disable zerocopy by default
perf evsel: Make perf_evsel__name() accept a NULL argument
* xfrm: fix sa selector validation
net/xfrm/xfrm_user.c
* blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration
fs/fs-writeback.c
* rcu: Force inlining of rcu_read_lock()
include/linux/rcupdate.h
* bpf: silence warning messages in core
kernel/bpf/Makefile
* regmap: fix bulk writes on paged registers
drivers/base/regmap/regmap.c
gpio: omap: ensure irq is enabled before wakeup
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
perf test 6: Fix missing kvm module load for s390
perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
s390/qdio: handle PENDING state for QEBSM devices
net: axienet: Fix race condition causing TX hang
net: fec: Do not use netdev messages too early
cpupower : frequency-set -r option misses the last cpu in related cpu list
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
locking/lockdep: Fix merging of hlocks with non-zero references
tua6100: Avoid build warnings.
crypto: talitos - Align SEC1 accesses to 32 bits boundaries.
crypto: talitos - properly handle split ICV.
* net: phy: Check against net_device being NULL
drivers/net/phy/phy_device.c
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
* media: mc-device.c: don't memset __user pointer contents
drivers/media/media-device.c
* xfrm: Fix xfrm sel prefix length validation
net/xfrm/xfrm_user.c
* af_key: fix leaks in key_pol_get_resp and dump_sp.
net/key/af_key.c
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
net: stmmac: dwmac4/5: Clear unused address entries
net: stmmac: dwmac1000: Clear unused address entries
* media: media_device_enum_links32: clean a reserved field
drivers/media/media-device.c
media: vpss: fix a potential NULL pointer dereference
media: marvell-ccic: fix DMA s/g desc number calculation
crypto: talitos - fix skcipher failure due to wrong output IV
media: dvb: usb: fix use after free in dvb_usb_device_exit
batman-adv: fix for leaked TVLV handler.
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
ath6kl: add some bounds checking
ath9k: Check for errors when reading SREV register
ath10k: Do not send probe response template for mesh
dmaengine: imx-sdma: fix use-after-free on probe error path
* arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
arch/arm64/kernel/image.h
MIPS: fix build on non-linux hosts
MIPS: ath79: fix ar933x uart parity mode
ANDROID: enable CONFIG_RTC_DRV_TEST on cuttlefish
* ANDROID: xfrm: remove in_compat_syscall() checks
net/xfrm/xfrm_state.c
net/xfrm/xfrm_user.c
* UPSTREAM: binder: Set end of SG buffer area properly.
drivers/android/binder.c
Merge 4.9.186 into android-4.9-q
Linux 4.9.186
s390/qdio: don't touch the dsci in tiqdio_add_input_queues()
s390/qdio: (re-)initialize tiqdio list entries
s390: fix stfle zero padding
ARC: hide unused function unw_hdr_alloc
* dm verity: use message limit for data block corruption message
drivers/md/dm-verity-target.c
ARM: dts: imx6ul: fix PWM[1-4] interrupts
sis900: fix TX completion
* ppp: mppe: Add softdep to arc4
drivers/net/ppp/ppp_mppe.c
be2net: fix link failure after ethtool offline test
ARM: omap2: remove incorrect __init annotation
* perf/core: Fix perf_sample_regs_user() mm check
kernel/events/core.c
arm64: crypto: remove accidentally backported files
nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header
e1000e: start network tx queue only when link is up
Revert "e1000e: fix cyclic resets at link up with active tx"
MIPS: Remove superfluous check for __linux__
VMCI: Fix integer overflow in VMCI handle arrays
carl9170: fix misuse of device driver API
staging: comedi: amplc_pci230: fix null pointer deref on interrupt
staging: comedi: dt282x: fix a null pointer deref on interrupt
usb: renesas_usbhs: add a workaround for a race condition of workqueue
* usb: gadget: ether: Fix race between gether_disconnect and rx_submit
drivers/usb/gadget/function/u_ether.c
p54usb: Fix race between disconnect and firmware loading
Revert "serial: 8250: Don't service RX FIFO if interrupts are disabled"
USB: serial: option: add support for GosunCn ME3630 RNDIS mode
USB: serial: ftdi_sio: add ID for isodebug v1
mwifiex: Don't abort on small, spec-compliant vendor IEs
* fscrypt: don't set policy for a dead directory
fs/crypto/policy.c
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
mwifiex: Abort at too short BSS descriptor element
x86/tls: Fix possible spectre-v1 in do_get_thread_area()
x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()
udf: Fix incorrect final NOT_ALLOCATED (hole) extent length
net :sunrpc :clnt :Fix xps refcount imbalance on the error path
* ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL
include/net/ip6_tunnel.h
bnx2x: Check if transceiver implements DDM before access
md: fix for divide error in status_resync
mac80211: only warn once on chanctx_conf being NULL
ARM: davinci: da8xx: specify dma_coherent_mask for lcdc
ARM: davinci: da850-evm: call regulator_has_full_constraints()
mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed
KVM: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy
Input: imx_keypad - make sure keyboard can always wake up system
* can: mcp251x: add support for mcp25625
drivers/net/can/spi/Kconfig
dt-bindings: can: mcp251x: add mcp25625 support
* netfilter: ipv6: nf_defrag: accept duplicate fragments again
net/ipv6/netfilter/nf_conntrack_reasm.c
* netfilter: ipv6: nf_defrag: fix leakage of unqueued fragments
net/ipv6/netfilter/nf_conntrack_reasm.c
mwifiex: Fix possible buffer overflows at parsing bss descriptor
mac80211: free peer keys before vif down in mesh
mac80211: mesh: fix RCU warning
staging:iio:ad7150: fix threshold mode config bit
samples, bpf: fix to change the buffer size for read()
Input: elantech - enable middle button support on 2 ThinkPads
crypto: talitos - rename alternative AEAD algos.
Change-Id: Ic17f4ff767e98db1ddee5f127d7de4a4c314e026
Signed-off-by: Robin Peng <robinpeng@google.com>
|
||
|
Suren Baghdasaryan
|
42cafda296 |
UPSTREAM: pidfd: fix a poll race when setting exit_state
There is a race between reading task->exit_state in pidfd_poll and
writing it after do_notify_parent calls do_notify_pidfd. Expected
sequence of events is:
CPU 0 CPU 1
------------------------------------------------
exit_notify
do_notify_parent
do_notify_pidfd
tsk->exit_state = EXIT_DEAD
pidfd_poll
if (tsk->exit_state)
However nothing prevents the following sequence:
CPU 0 CPU 1
------------------------------------------------
exit_notify
do_notify_parent
do_notify_pidfd
pidfd_poll
if (tsk->exit_state)
tsk->exit_state = EXIT_DEAD
This causes a polling task to wait forever, since poll blocks because
exit_state is 0 and the waiting task is not notified again. A stress
test continuously doing pidfd poll and process exits uncovered this bug.
To fix it, we make sure that the task's exit_state is always set before
calling do_notify_pidfd.
Fixes: b53b0b9d9a6 ("pidfd: add polling support")
Cc: kernel-team@android.com
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Link: https://lore.kernel.org/r/20190717172100.261204-1-joel@joelfernandes.org
[christian@brauner.io: adapt commit message and drop unneeded changes from wait_task_zombie]
Signed-off-by: Christian Brauner <christian@brauner.io>
(cherry picked from commit b191d6491be67cef2b3fa83015561caca1394ab9)
Bug: 135608568
Test: test program using syscall(__NR_sys_pidfd_open,..) and poll()
Change-Id: Ia9419ceac08497523c4d830160df49f582075070
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
|
||
|
Greg Kroah-Hartman
|
254bca9acd |
Merge 4.9.155 android-msm-wahoo-4.4-lts
Linux 4.9.155
* fanotify: fix handling of events on child sub-directory
fs/notify/fsnotify.c
* fs: don't scan the inode cache before SB_BORN is set
fs/super.c
* drivers: core: Remove glue dirs from sysfs earlier
drivers/base/core.c
include/linux/kobject.h
cifs: Always resolve hostname before reconnecting
* mm: migrate: don't rely on __PageMovable() of newpage after unlocking it
mm/migrate.c
mm: hwpoison: use do_send_sig_info() instead of force_sig()
* mm, oom: fix use-after-free in oom_kill_process
mm/oom_kill.c
* kernel/exit.c: release ptraced tasks before zap_pid_ns_processes
kernel/exit.c
mmc: sdhci-iproc: handle mmc_of_parse() errors during probe
platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes
platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK
gfs2: Revert "Fix loop in gfs2_rbm_find"
arm64: hibernate: Clean the __hyp_text to PoC after resume
* arm64: hyp-stub: Forbid kprobing of the hyp-stub
arch/arm64/kernel/hyp-stub.S
* arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
arch/arm64/kernel/kaslr.c
ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment
* fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb()
fs/dcache.c
CIFS: Do not count -ENODATA as failure for query directory
* ipvlan, l3mdev: fix broken l3s mode wrt local routes
include/linux/netdevice.h
include/net/l3mdev.h
* l2tp: fix reading optional fields of L2TPv3
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
net/l2tp/l2tp_ip.c
net/l2tp/l2tp_ip6.c
* l2tp: remove l2specific_len dependency in l2tp_core
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
net/mlx5e: Allow MAC invalidation while spoofchk is ON
ucc_geth: Reset BQL queue when stopping device
net/rose: fix NULL ax25_cb kernel panic
netrom: switch to sock timer API
net/mlx4_core: Add masking for a few queries on HCA caps
* l2tp: copy 4 more bytes to linear part if necessary
net/l2tp/l2tp_core.c
* ipv6: Consider sk_bound_dev_if when binding a socket to an address
net/ipv6/af_inet6.c
* fs: add the fsnotify call to vfs_iter_write
fs/read_write.c
* Fix "net: ipv4: do not handle duplicate fragments as overlapping"
net/ipv4/ip_fragment.c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
32e6695e35 |
Merge 4.9.155 into android-4.9
Changes in 4.9.155 Fix "net: ipv4: do not handle duplicate fragments as overlapping" fs: add the fsnotify call to vfs_iter_write ipv6: Consider sk_bound_dev_if when binding a socket to an address l2tp: copy 4 more bytes to linear part if necessary net/mlx4_core: Add masking for a few queries on HCA caps netrom: switch to sock timer API net/rose: fix NULL ax25_cb kernel panic ucc_geth: Reset BQL queue when stopping device net/mlx5e: Allow MAC invalidation while spoofchk is ON l2tp: remove l2specific_len dependency in l2tp_core l2tp: fix reading optional fields of L2TPv3 ipvlan, l3mdev: fix broken l3s mode wrt local routes CIFS: Do not count -ENODATA as failure for query directory fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment arm64: kaslr: ensure randomized quantities are clean also when kaslr is off arm64: hyp-stub: Forbid kprobing of the hyp-stub arm64: hibernate: Clean the __hyp_text to PoC after resume gfs2: Revert "Fix loop in gfs2_rbm_find" platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes mmc: sdhci-iproc: handle mmc_of_parse() errors during probe kernel/exit.c: release ptraced tasks before zap_pid_ns_processes mm, oom: fix use-after-free in oom_kill_process mm: hwpoison: use do_send_sig_info() instead of force_sig() mm: migrate: don't rely on __PageMovable() of newpage after unlocking it cifs: Always resolve hostname before reconnecting drivers: core: Remove glue dirs from sysfs earlier fs: don't scan the inode cache before SB_BORN is set fanotify: fix handling of events on child sub-directory Linux 4.9.155 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Andrei Vagin
|
44ccc0cce1 |
kernel/exit.c: release ptraced tasks before zap_pid_ns_processes
commit 8fb335e078378c8426fabeed1ebee1fbf915690c upstream.
Currently, exit_ptrace() adds all ptraced tasks in a dead list, then
zap_pid_ns_processes() waits on all tasks in a current pidns, and only
then are tasks from the dead list released.
zap_pid_ns_processes() can get stuck on waiting tasks from the dead
list. In this case, we will have one unkillable process with one or
more dead children.
Thanks to Oleg for the advice to release tasks in find_child_reaper().
Link: http://lkml.kernel.org/r/20190110175200.12442-1-avagin@gmail.com
Fixes:
|
||
|
Sami Tolvanen
|
ddab5886dd |
Revert "add support for clang SafeStack"
This reverts commit
|
||
|
Petri Gynther
|
0f7b7610eb |
Merge 4.9.101 into android-msm-bluecross-4.9-lts
Linux 4.9.101
* kernel/exit.c: avoid undefined behaviour when calling wait4()
kernel/exit.c
* futex: futex_wake_op, fix sign_extend32 sign bits
kernel/futex.c
* proc: do not access cmdline nor environ from file-backed areas
fs/proc/base.c
include/linux/mm.h
mm/gup.c
nfp: TX time stamp packets before HW doorbell is rung
* l2tp: revert "l2tp: fix missing print session offset info"
net/l2tp/l2tp_netlink.c
Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap"
lockd: lost rollback of set_grace_period() in lockd_down_net()
* xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
net/xfrm/xfrm_state.c
* futex: Remove duplicated code and fix undefined behaviour
arch/arm64/include/asm/futex.h
kernel/futex.c
serial: sccnxp: Fix error handling in sccnxp_probe()
sctp: delay the authentication for the duplicated cookie-echo chunk
sctp: fix the issue that the cookie-ack with auth can't get processed
* tcp: ignore Fast Open on repair mode
net/ipv4/tcp.c
* bonding: send learning packets for vlans on slave
drivers/net/bonding/bond_alb.c
drivers/net/bonding/bond_main.c
include/net/bonding.h
net/mlx5: Avoid cleaning flow steering table twice during error flow
* bonding: do not allow rlb updates to invalid mac
drivers/net/bonding/bond_alb.c
tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
tcp_bbr: fix to zero idle_restart only upon S/ACKed data
sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
r8169: fix powering up RTL8168h
qmi_wwan: do not steal interfaces from class drivers
openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
* net: support compat 64-bit time in {s,g}etsockopt
net/compat.c
net_sched: fq: take care of throttled flows before reuse
net/mlx5: E-Switch, Include VF RDMA stats in vport statistics
net/mlx4_en: Verify coalescing parameters are in range
net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode
net: ethernet: sun: niu set correct packet size in skb
llc: better deal with too small mtu
* ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
net/ipv4/ping.c
net/ipv4/udp.c
dccp: fix tasklet usage
* bridge: check iface upper dev when setting master via ioctl
net/bridge/br_if.c
8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
Change-Id: I2591da22d157b5a2cae003f49afd719892efde21
Signed-off-by: Petri Gynther <pgynther@google.com>
|
||
|
Sultan Alsawaf
|
47bbcd6bf8 |
ANDROID: Fix massive cpufreq_times memory leaks
Every time _cpu_up() is called for a CPU, idle_thread_get() is called which then re-initializes a CPU's idle thread that was already previously created and cached in a global variable in smpboot.c. idle_thread_get() calls init_idle() which then calls __sched_fork(). __sched_fork() is where cpufreq_task_times_init() is, and cpufreq_task_times_init() allocates memory for the task struct's time_in_state array. Since idle_thread_get() reuses a task struct instance that was already previously created, this means that every time it calls init_idle(), cpufreq_task_times_init() allocates this array again and overwrites the existing allocation that the idle thread already had. This causes memory to be leaked every time a CPU is onlined. In order to fix this, move allocation of time_in_state into _do_fork to avoid allocating it at all for idle threads. The cpufreq times interface is intended to be used for tracking userspace tasks, so we can safely remove it from the kernel's idle threads without killing any functionality. But that's not all! Task structs can be freed outside of release_task(), which creates another memory leak because a task struct can be freed without having its cpufreq times allocation freed. To fix this, free the cpufreq times allocation at the same time that task struct allocations are freed, in free_task(). Since free_task() can also be called in error paths of copy_process() after dup_task_struct(), set time_in_state to NULL immediately after calling dup_task_struct() to avoid possible double free. Bug description and fix adapted from patch submitted by Sultan Alsawaf <sultanxda@gmail.com> at https://android-review.googlesource.com/c/kernel/msm/+/700134 Bug: 110044919 Test: Hikey960 builds, boots & reports /proc/<pid>/time_in_state correctly Change-Id: I12fe7611fc88eb7f6c39f8f7629ad27b6ec4722c Signed-off-by: Connor O'Brien <connoro@google.com> |
||
|
Connor O'Brien
|
23a1412b82 |
ANDROID: Reduce use of #ifdef CONFIG_CPU_FREQ_TIMES
Add empty versions of functions to cpufreq_times.h to cut down on use of #ifdef in .c files. Test: kernel builds with and without CONFIG_CPU_FREQ_TIMES=y Change-Id: I49ac364fac3d42bba0ca1801e23b15081094fb12 Signed-off-by: Connor O'Brien <connoro@google.com> |
||
|
Wei Wang
|
c1268f08ce |
kernel: initialize and free cpufreq stats properly
Initialize task's cpufreq to NULL including for idle Make sure free task's cpufreq when free task struct Bug: 110044919 Change-Id: I5fdb3f4bd5b7d7629b5ff2c60cb64483add809cb Signed-off-by: Wei Wang <wvw@google.com> |
||
|
Cyan_Hsieh
|
e9eb3984e2 |
Merge LA.UM.7.3.9.08.00.00.385.328 via branch qcom-msm-4.9 into android-msm-bluecross-4.9
Merge Qualcomm's LA.UM.7.3.9.08.00.00.385.328 Removed camera related changes with git checkout partner/android-msm-bluecross-4.9 -- drivers/media/platform/msm/camera/ \ drivers/media/platform/msm/camera_v2/ \ include/uapi/media/cam_req_mgr.h Conflicts: Documentation/devicetree/bindings/drm/msm/mdss-dsi-panel.txt Documentation/filesystems/f2fs.txt Makefile arch/Kconfig arch/arm64/Kconfig arch/arm64/boot/dts/qcom/sdm845-v2.dtsi arch/arm64/crypto/Makefile arch/arm64/kernel/entry.S arch/arm64/kernel/vdso/Makefile drivers/firmware/efi/libstub/Makefile drivers/gpu/drm/msm/dsi-staging/dsi_display.c drivers/gpu/drm/msm/sde/sde_kms.c drivers/hwtracing/coresight/coresight-event.c drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c drivers/misc/Makefile drivers/power/supply/qcom/Kconfig drivers/power/supply/qcom/Makefile fs/crypto/fscrypt_private.h fs/f2fs/data.c fs/f2fs/f2fs.h fs/f2fs/file.c fs/f2fs/segment.c fs/f2fs/super.c fs/f2fs/inode.c fs/f2fs/sysfs.c include/linux/compiler-clang.h include/linux/compiler.h include/linux/fscrypt.h include/linux/init.h include/linux/jiffies.h include/trace/events/sched.h kernel/Makefile kernel/cfi.c kernel/sched/core.c kernel/sched/fair.c mm/filemap.c Bug: 80274434 Change-Id: I8640c44aa3978666364fd08bb9b8748e95a1e3ff Signed-off-by: aaronding <aaronding@google.com> Signed-off-by: Cyan_Hsieh <cyanhsieh@google.com> |
||
|
Greg Kroah-Hartman
|
aef17a58e8 |
Merge 4.9.101 into android-4.9
Changes in 4.9.101
8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
bridge: check iface upper dev when setting master via ioctl
dccp: fix tasklet usage
ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
llc: better deal with too small mtu
net: ethernet: sun: niu set correct packet size in skb
net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode
net/mlx4_en: Verify coalescing parameters are in range
net/mlx5: E-Switch, Include VF RDMA stats in vport statistics
net_sched: fq: take care of throttled flows before reuse
net: support compat 64-bit time in {s,g}etsockopt
openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
qmi_wwan: do not steal interfaces from class drivers
r8169: fix powering up RTL8168h
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg
sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
tcp_bbr: fix to zero idle_restart only upon S/ACKed data
tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
bonding: do not allow rlb updates to invalid mac
net/mlx5: Avoid cleaning flow steering table twice during error flow
bonding: send learning packets for vlans on slave
tcp: ignore Fast Open on repair mode
sctp: fix the issue that the cookie-ack with auth can't get processed
sctp: delay the authentication for the duplicated cookie-echo chunk
serial: sccnxp: Fix error handling in sccnxp_probe()
futex: Remove duplicated code and fix undefined behaviour
xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
lockd: lost rollback of set_grace_period() in lockd_down_net()
Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap"
l2tp: revert "l2tp: fix missing print session offset info"
nfp: TX time stamp packets before HW doorbell is rung
proc: do not access cmdline nor environ from file-backed areas
futex: futex_wake_op, fix sign_extend32 sign bits
kernel/exit.c: avoid undefined behaviour when calling wait4()
Linux 4.9.101
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
zhongjiang
|
04103c29b6 |
kernel/exit.c: avoid undefined behaviour when calling wait4()
commit dd83c161fbcc5d8be637ab159c0de015cbff5ba4 upstream. wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined behaviour in kernel/exit.c:1651:9 The related calltrace is as follows: negation of -2147483648 cannot be represented in type 'int': CPU: 9 PID: 16482 Comm: zj Tainted: G B ---- ------- 3.10.0-327.53.58.71.x86_64+ #66 Hardware name: Huawei Technologies Co., Ltd. Tecal RH2285 /BC11BTSA , BIOS CTSAV036 04/27/2011 Call Trace: dump_stack+0x19/0x1b ubsan_epilogue+0xd/0x50 __ubsan_handle_negate_overflow+0x109/0x14e SyS_wait4+0x1cb/0x1e0 system_call_fastpath+0x16/0x1b Exclude the overflow to avoid the UBSAN warning. Link: http://lkml.kernel.org/r/1497264618-20212-1-git-send-email-zhongjiang@huawei.com Signed-off-by: zhongjiang <zhongjiang@huawei.com> Cc: Oleg Nesterov <oleg@redhat.com> Cc: David Rientjes <rientjes@google.com> Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Cc: Xishi Qiu <qiuxishi@huawei.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Blagovest Kolenichev
|
f4b8243182 |
Merge android-4.9.93 (05baf14) into msm-4.9
* refs/heads/tmp-05baf14: Linux 4.9.93 spi: davinci: fix up dma_mapping_error() incorrect patch Revert "ip6_vti: adjust vti mtu according to mtu of lower device" Revert "mtip32xx: use runtime tag to initialize command header" Revert "spi: bcm-qspi: shut up warning about cfi header inclusion" Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin" Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin" Fix slab name "biovec-(1<<(21-12))" net: hns: Fix ethtool private flags md/raid10: reset the 'first' at the end of loop ARM: dts: am57xx-idk-common: Add overide powerhold property ARM: dts: am57xx-beagle-x15-common: Add overide powerhold property ARM: dts: dra7: Add power hold and power controller properties to palmas Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition vt: change SGR 21 to follow the standards Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list Input: ALPS - fix TrackStick detection on Thinkpad L570 and Latitude 7370 staging: comedi: ni_mio_common: ack ai fifo error interrupts. crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one crypto: ahash - Fix early termination in hash walk parport_pc: Add support for WCH CH382L PCI-E single parallel port card. media: usbtv: prevent double free in error case mei: remove dev_err message on an unsupported ioctl USB: serial: cp210x: add ELDAT Easywave RX09 id USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator USB: serial: ftdi_sio: add RT Systems VX-8 cable arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives arm64: entry: Reword comment about post_ttbr_update_workaround arm64: Force KPTI to be disabled on Cavium ThunderX arm64: kpti: Add ->enable callback to remap swapper using nG mappings arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0() arm64: Turn on KPTI only on CPUs that need it arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs arm64: capabilities: Handle duplicate entries for a capability arm64: Allow checking of a CPU-local erratum arm64: Take into account ID_AA64PFR0_EL1.CSV3 arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 arm64: use RET instruction for exiting the trampoline arm64: kaslr: Put kernel vectors address in separate data page arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks arm64: entry: Hook up entry trampoline to exception vectors arm64: entry: Explicitly pass exception level to kernel_ventry macro arm64: mm: Map entry trampoline into trampoline and kernel page tables arm64: entry: Add exception trampoline page for exceptions from EL0 module: extend 'rodata=off' boot cmdline parameter to module mappings arm64: factor out entry stack manipulation arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI arm64: mm: Add arm64_kernel_unmapped_at_el0 helper arm64: mm: Allocate ASIDs in pairs arm64: mm: Move ASID from TTBR0 to TTBR1 arm64: mm: Use non-global mappings for kernel space usb: dwc2: Improve gadget state disconnection handling scsi: virtio_scsi: always read VPD pages for multiqueue too llist: clang: introduce member_address_is_nonnull() Bluetooth: Fix missing encryption refresh on Security Request netfilter: x_tables: add and use xt_check_proc_name netfilter: bridge: ebt_among: add more missing match size checks xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() RDMA/ucma: Introduce safer rdma_addr_size() variants RDMA/ucma: Check that device exists prior to accessing it RDMA/ucma: Check that device is connected prior to access it RDMA/ucma: Ensure that CM_ID exists prior to access it RDMA/ucma: Fix use-after-free access in ucma_close RDMA/ucma: Check AF family prior resolving address xfrm_user: uncoditionally validate esn replay attribute struct mm/vmscan.c: fix unsequenced modification and access warning selinux: Remove redundant check for unknown labeling behavior arm64: avoid overflow in VA_START and PAGE_OFFSET btrfs: Remove extra parentheses from condition in copy_items() mac80211: ibss: Fix channel type enum in ieee80211_sta_join_ibss() mac80211: Fix clang warning about constant operand in logical operation netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch HID: sony: Use LED_CORE_SUSPENDRESUME cfg80211: Fix array-bounds warning in fragment copy nl80211: Fix enum type of variable in nl80211_put_sta_rate() xgene_enet: remove bogus forward declarations usb: gadget: remove redundant self assignment frv: declare jiffies to be located in the .data section jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp fs: compat: Remove warning from COMPATIBLE_IOCTL selinux: Remove unnecessary check of array base in selinux_set_mapping() cpumask: Add helper cpumask_available() genirq: Use cpumask_available() for check of cpumask variable netfilter: nf_nat_h323: fix logical-not-parentheses warning Input: mousedev - fix implicit conversion warning dm ioctl: remove double parentheses PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant kprobes/x86: Fix to set RWX bits correctly before releasing trampoline partitions/msdos: Unable to mount UFS 44bsd partitions powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened ipc/shm.c: add split function to shm_vm_ops ceph: only dirty ITER_IOVEC pages for direct read perf/hwbp: Simplify the perf-hwbp code, fix documentation ALSA: pcm: potential uninitialized return values ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() ALSA: usb-audio: Add native DSD support for TEAC UD-301 mtd: jedec_probe: Fix crash in jedec_read_mfr() ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] ANDROID: fuse: Add null terminator to path in canonical path to avoid issue ANDROID: sdcardfs: Fix sdcardfs to stop creating cases-sensitive duplicate entries. ANDROID: cpufreq: times: skip printing invalid frequencies ANDROID: cpufreq: Add time_in_state to /proc/uid directories ANDROID: proc: Add /proc/uid directory ANDROID: cpufreq: times: track per-uid time in state ANDROID: cpufreq: track per-task time in state arm64: fix show_data fallout from KERN_CONT changes arm: fix show_data fallout from KERN_CONT changes Conflicts: arch/arm64/include/asm/assembler.h arch/arm64/include/asm/cputype.h arch/arm64/include/asm/sysreg.h arch/arm64/kernel/cpufeature.c kernel/sched/core.c Change-Id: If39e1c5577a1c9345b1b2739f4a5368422cef135 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Matt Wagantall
|
72633f8045 |
exit: Add PANIC_ON_RECURSIVE_FAULT Kconfig option
If a recursive fault is detected during do_exit(), tasks are left to sit and wait in an un-interruptible sleep until the system reboots (typically manually). Add Kconfig option to change this behaviour and force a panic. This is particularly important if a critical system task encounters a recursive fault (ex. a kworker). Otherwise, the system may be unusable, but since the scheduler is still running system watchdogs may continue to be pet. Change-Id: Ifc26fc79d6066f05a3b2c4d27f78bf4f8d2bd640 Signed-off-by: Matt Wagantall <mattw@codeaurora.org> |
||
|
Connor O'Brien
|
6d3bc788b6 |
cpufreq: track per-task time in state
Add time in state data to task structs, and create /proc/<pid>/time_in_state files to show how long each individual task has run at each frequency. Create a CONFIG_CPU_FREQ_TIMES option to enable/disable this tracking. Signed-off-by: Connor O'Brien <connoro@google.com> Bug: 74242328 Test: Read /proc/<pid>/time_in_state Change-Id: Ia6456754f4cb1e83b2bc35efa8fbe9f8696febc8 |
||
|
Connor O'Brien
|
6e7b83d80b |
ANDROID: cpufreq: track per-task time in state
Add time in state data to task structs, and create /proc/<pid>/time_in_state files to show how long each individual task has run at each frequency. Create a CONFIG_CPU_FREQ_TIMES option to enable/disable this tracking. Signed-off-by: Connor O'Brien <connoro@google.com> Bug: 72339335 Bug: 70951257 Test: Read /proc/<pid>/time_in_state Change-Id: Ia6456754f4cb1e83b2bc35efa8fbe9f8696febc8 |
||
|
Sami Tolvanen
|
26a804d93d |
add support for clang SafeStack
This change adds support for clang SafeStack, which protects function return addresses against attacks based on stack buffer overflows: https://clang.llvm.org/docs/SafeStack.html SafeStack splits the kernel stack into safe and unsafe parts. Safe stack is used only for data that's at compile time determined to be only accessed in a safe way. This prevents a buffer overflow in the unsafe stack from overwriting any data in the safe stack, including the return address. Bug: 67506682 Bug: 67507327 Change-Id: I6ce8dbf80dfd8a97d16e049531bba900eb8699b3 Signed-off-by: Sami Tolvanen <samitolvanen@google.com> |
||
|
Liam Mark
|
4f1cdd2baf |
android/lowmemorykiller: Ignore tasks with freed mm
A killed task can stay in the task list long after its memory has been returned to the system, therefore ignore any tasks whose mm struct has been freed. Change-Id: I76394b203b4ab2312437c839976f0ecb7b6dde4e Signed-off-by: Liam Mark <lmark@codeaurora.org> Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> |
||
|
Syed Rameez Mustafa
|
d5b9f97f3c |
sched: Call sched_exit() when a task is exiting
The scheduler needs to do some book-keeping when a task exits. Call the scheduler hook sched_exit() that takes care of all of that necessary book-keeping. Change-Id: I551aead70248b06f9d918e6d032075d6ecaa7fed Signed-off-by: Syed Rameez Mustafa <rameezmustafa@codeaurora.org> |
||
|
Patrick Bellasi
|
d248900606 |
ANDROID: FIXUP: sched/tune: fix accounting for runnable tasks
Contains:
sched/tune: fix accounting for runnable tasks (1/5)
The accounting for tasks into boost groups of different CPUs is currently
broken mainly because:
a) we do not properly track the change of boost group of a RUNNABLE task
b) there are race conditions between migration code and accounting code
This patch provides a fixes to ensure enqueue/dequeue
accounting also for throttled tasks.
Without this patch is can happen that a task is enqueued into a throttled
RQ thus not being accounted for the boosting of the corresponding RQ.
We could argue that a throttled task should not boost a CPU, however:
a) properly implementing CPU boosting considering throttled tasks will
increase a lot the complexity of the solution
b) it's not easy to quantify the benefits introduced by such a more
complex solution
Since task throttling requires the usage of the CFS bandwidth controller,
which is not widely used on mobile systems (at least not by Android kernels
so far), for the time being we go for the simple solution and boost also
for throttled RQs.
sched/tune: fix accounting for runnable tasks (2/5)
This patch provides the code required to enforce proper locking.
A per boost group spinlock has been added to grant atomic
accounting of tasks as well as to serialise enqueue/dequeue operations,
triggered by tasks migrations, with cgroups's attach/detach operations.
sched/tune: fix accounting for runnable tasks (3/5)
This patch adds cgroups {allow,can,cancel}_attach callbacks.
Since a task can be migrated between boost groups while it's running,
the CGroups's attach callbacks have been added to properly migrate
boost contributions of RUNNABLE tasks.
The RQ's lock is used to serialise enqueue/dequeue operations, triggered
by tasks migrations, with cgroups's attach/detach operations. While the
SchedTune's CPU lock is used to grant atrocity of the accounting within
the CPU.
NOTE: the current implementation does not allows a concurrent CPU migration
and CGroups change.
sched/tune: fix accounting for runnable tasks (4/5)
This fixes accounting for exiting tasks by adding a dedicated call early
in the do_exit() syscall, which disables SchedTune accounting as soon as a
task is flagged PF_EXITING.
This flag is set before the multiple dequeue/enqueue dance triggered
by cgroup_exit() which is useful only to inject useless tasks movements
thus increasing possibilities for race conditions with the migration code.
The schedtune_exit_task() call does the last dequeue of a task from its
current boost group. This is a solution more aligned with what happens in
mainline kernels (>v4.4) where the exit_cgroup does not move anymore a dying
task to the root control group.
sched/tune: fix accounting for runnable tasks (5/5)
To avoid accounting issues at startup, this patch disable the SchedTune
accounting until the required data structures have been properly
initialized.
Signed-off-by: Patrick Bellasi <patrick.bellasi@arm.com>
[jstultz: fwdported to 4.4]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Andres Oportus <andresoportus@google.com>
|
||
|
Oleg Nesterov
|
8e5bfa8c1f |
sched/autogroup: Do not use autogroup->tg in zombie threads
Exactly because for_each_thread() in autogroup_move_group() can't see it and update its ->sched_task_group before _put() and possibly free(). So the exiting task needs another sched_move_task() before exit_notify() and we need to re-introduce the PF_EXITING (or similar) check removed by the previous change for another reason. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: hartsjc@redhat.com Cc: vbendel@redhat.com Cc: vlovejoy@redhat.com Link: http://lkml.kernel.org/r/20161114184612.GA15968@redhat.com Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Tetsuo Handa
|
38531201c1 |
mm, oom: enforce exit_oom_victim on current task
There are no users of exit_oom_victim on !current task anymore so enforce the API to always work on the current. Link: http://lkml.kernel.org/r/1472119394-11342-8-git-send-email-mhocko@kernel.org Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Michal Hocko <mhocko@suse.com> Cc: Oleg Nesterov <oleg@redhat.com> Cc: David Rientjes <rientjes@google.com> Cc: Vladimir Davydov <vdavydov@parallels.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Peter Zijlstra
|
9af6528ee9 |
sched/core: Optimize __schedule()
Oleg noted that by making do_exit() use __schedule() for the TASK_DEAD context switch, we can avoid the TASK_DEAD special case currently in __schedule() because that avoids the extra preempt_disable() from schedule(). In order to facilitate this, create a do_task_dead() helper which we place in the scheduler code, such that it can access __schedule(). Also add some __noreturn annotations to the functions, there's no coming back from do_exit(). Suggested-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Cheng Chao <cs.os.kernel@gmail.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: akpm@linux-foundation.org Cc: chris@chris-wilson.co.uk Cc: tj@kernel.org Link: http://lkml.kernel.org/r/20160913163729.GB5012@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
David Rientjes
|
c11600e4fe |
mm, mempolicy: task->mempolicy must be NULL before dropping final reference
KASAN allocates memory from the page allocator as part of
kmem_cache_free(), and that can reference current->mempolicy through any
number of allocation functions. It needs to be NULL'd out before the
final reference is dropped to prevent a use-after-free bug:
BUG: KASAN: use-after-free in alloc_pages_current+0x363/0x370 at addr ffff88010b48102c
CPU: 0 PID: 15425 Comm: trinity-c2 Not tainted 4.8.0-rc2+ #140
...
Call Trace:
dump_stack
kasan_object_err
kasan_report_error
__asan_report_load2_noabort
alloc_pages_current <-- use after free
depot_save_stack
save_stack
kasan_slab_free
kmem_cache_free
__mpol_put <-- free
do_exit
This patch sets current->mempolicy to NULL before dropping the final
reference.
Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1608301442180.63329@chino.kir.corp.google.com
Fixes:
|
||
|
Anton Blanchard
|
627393d448 |
kernel/exit.c: quieten greatest stack depth printk
Many targets enable CONFIG_DEBUG_STACK_USAGE, and while the information is useful, it isn't worthy of pr_warn(). Reduce it to pr_info(). Link: http://lkml.kernel.org/r/1466982072-29836-1-git-send-email-anton@ozlabs.org Signed-off-by: Anton Blanchard <anton@samba.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Linus Torvalds
|
cca08cd66c |
Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler updates from Ingo Molnar: - introduce and use task_rcu_dereference()/try_get_task_struct() to fix and generalize task_struct handling (Oleg Nesterov) - do various per entity load tracking (PELT) fixes and optimizations (Peter Zijlstra) - cputime virt-steal time accounting enhancements/fixes (Wanpeng Li) - introduce consolidated cputime output file cpuacct.usage_all and related refactorings (Zhao Lei) - ... plus misc fixes and enhancements * 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/core: Panic on scheduling while atomic bugs if kernel.panic_on_warn is set sched/cpuacct: Introduce cpuacct.usage_all to show all CPU stats together sched/cpuacct: Use loop to consolidate code in cpuacct_stats_show() sched/cpuacct: Merge cpuacct_usage_index and cpuacct_stat_index enums sched/fair: Rework throttle_count sync sched/core: Fix sched_getaffinity() return value kerneldoc comment sched/fair: Reorder cgroup creation code sched/fair: Apply more PELT fixes sched/fair: Fix PELT integrity for new tasks sched/cgroup: Fix cpu_cgroup_fork() handling sched/fair: Fix PELT integrity for new groups sched/fair: Fix and optimize the fork() path sched/cputime: Add steal time support to full dynticks CPU time accounting sched/cputime: Fix prev steal time accouting during CPU hotplug KVM: Fix steal clock warp during guest CPU hotplug sched/debug: Always show 'nr_migrations' sched/fair: Use task_rcu_dereference() sched/api: Introduce task_rcu_dereference() and try_get_task_struct() sched/idle: Optimize the generic idle loop sched/fair: Fix the wrong throttled clock time for cfs_rq_clock_task() |
||
|
Peter Zijlstra
|
be3e784498 |
locking/spinlock: Update spin_unlock_wait() users
With the modified semantics of spin_unlock_wait() a number of explicit barriers can be removed. Also update the comment for the do_exit() usecase, as that was somewhat stale/obscure. Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Oleg Nesterov
|
150593bf86 |
sched/api: Introduce task_rcu_dereference() and try_get_task_struct()
Generally task_struct is only protected by RCU if it was found on a RCU protected list (say, for_each_process() or find_task_by_vpid()). As Kirill pointed out rq->curr isn't protected by RCU, the scheduler drops the (potentially) last reference without RCU gp, this means that we need to fix the code which uses foreign_rq->curr under rcu_read_lock(). Add a new helper which can be used to dereference rq->curr or any other pointer to task_struct assuming that it should be cleared or updated before the final put_task_struct(). It returns non-NULL only if this task can't go away before rcu_read_unlock(). ( Also add try_get_task_struct() to make it easier to use this API correctly. ) Suggested-by: Kirill Tkhai <ktkhai@parallels.com> Signed-off-by: Oleg Nesterov <oleg@redhat.com> [ Updated comments; added try_get_task_struct()] Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Chris Metcalf <cmetcalf@ezchip.com> Cc: Christoph Lameter <cl@linux.com> Cc: Kirill Tkhai <tkhai@yandex.ru> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vladimir Davydov <vdavydov@parallels.com> Link: http://lkml.kernel.org/r/20160518170218.GY3192@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Oleg Nesterov
|
91c4e8ea8f |
wait: allow sys_waitid() to accept __WNOTHREAD/__WCLONE/__WALL
I see no reason why waitid() can't support other linux-specific flags
allowed in sys_wait4().
In particular this change can help if we reconsider the previous change
("wait/ptrace: assume __WALL if the child is traced") which adds the
"automagical" __WALL for debugger.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Jan Kratochvil <jan.kratochvil@redhat.com>
Cc: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Cc: Pedro Alves <palves@redhat.com>
Cc: Roland McGrath <roland@hack.frob.com>
Cc: <syzkaller@googlegroups.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Oleg Nesterov
|
bf959931dd |
wait/ptrace: assume __WALL if the child is traced
The following program (simplified version of generated by syzkaller)
#include <pthread.h>
#include <unistd.h>
#include <sys/ptrace.h>
#include <stdio.h>
#include <signal.h>
void *thread_func(void *arg)
{
ptrace(PTRACE_TRACEME, 0,0,0);
return 0;
}
int main(void)
{
pthread_t thread;
if (fork())
return 0;
while (getppid() != 1)
;
pthread_create(&thread, NULL, thread_func, NULL);
pthread_join(thread, NULL);
return 0;
}
creates an unreapable zombie if /sbin/init doesn't use __WALL.
This is not a kernel bug, at least in a sense that everything works as
expected: debugger should reap a traced sub-thread before it can reap the
leader, but without __WALL/__WCLONE do_wait() ignores sub-threads.
Unfortunately, it seems that /sbin/init in most (all?) distributions
doesn't use it and we have to change the kernel to avoid the problem.
Note also that most init's use sys_waitid() which doesn't allow __WALL, so
the necessary user-space fix is not that trivial.
This patch just adds the "ptrace" check into eligible_child(). To some
degree this matches the "tsk->ptrace" in exit_notify(), ->exit_signal is
mostly ignored when the tracee reports to debugger. Or WSTOPPED, the
tracer doesn't need to set this flag to wait for the stopped tracee.
This obviously means the user-visible change: __WCLONE and __WALL no
longer have any meaning for debugger. And I can only hope that this won't
break something, but at least strace/gdb won't suffer.
We could make a more conservative change. Say, we can take __WCLONE into
account, or !thread_group_leader(). But it would be nice to not
complicate these historical/confusing checks.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Jan Kratochvil <jan.kratochvil@redhat.com>
Cc: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Cc: Pedro Alves <palves@redhat.com>
Cc: Roland McGrath <roland@hack.frob.com>
Cc: <syzkaller@googlegroups.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Jiri Slaby
|
e64646946e |
exit_thread: accept a task parameter to be exited
We need to call exit_thread from copy_process in a fail path. So make it accept task_struct as a parameter. [v2] * s390: exit_thread_runtime_instr doesn't make sense to be called for non-current tasks. * arm: fix the comment in vfp_thread_copy * change 'me' to 'tsk' for task_struct * now we can change only archs that actually have exit_thread [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Jiri Slaby <jslaby@suse.cz> Cc: "David S. Miller" <davem@davemloft.net> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: "James E.J. Bottomley" <jejb@parisc-linux.org> Cc: Aurelien Jacquiot <a-jacquiot@ti.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Chen Liqin <liqin.linux@gmail.com> Cc: Chris Metcalf <cmetcalf@mellanox.com> Cc: Chris Zankel <chris@zankel.net> Cc: David Howells <dhowells@redhat.com> Cc: Fenghua Yu <fenghua.yu@intel.com> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Cc: Guan Xuetao <gxt@mprc.pku.edu.cn> Cc: Haavard Skinnemoen <hskinnemoen@gmail.com> Cc: Hans-Christian Egtvedt <egtvedt@samfundet.no> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Helge Deller <deller@gmx.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Cc: James Hogan <james.hogan@imgtec.com> Cc: Jeff Dike <jdike@addtoit.com> Cc: Jesper Nilsson <jesper.nilsson@axis.com> Cc: Jiri Slaby <jslaby@suse.cz> Cc: Jonas Bonn <jonas@southpole.se> Cc: Koichi Yasutake <yasutake.koichi@jp.panasonic.com> Cc: Lennox Wu <lennox.wu@gmail.com> Cc: Ley Foon Tan <lftan@altera.com> Cc: Mark Salter <msalter@redhat.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Matt Turner <mattst88@gmail.com> Cc: Max Filippov <jcmvbkbc@gmail.com> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Michal Simek <monstr@monstr.eu> Cc: Mikael Starvik <starvik@axis.com> Cc: Paul Mackerras <paulus@samba.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Rich Felker <dalias@libc.org> Cc: Richard Henderson <rth@twiddle.net> Cc: Richard Kuo <rkuo@codeaurora.org> Cc: Richard Weinberger <richard@nod.at> Cc: Russell King <linux@arm.linux.org.uk> Cc: Steven Miao <realmz6@gmail.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Tony Luck <tony.luck@intel.com> Cc: Vineet Gupta <vgupta@synopsys.com> Cc: Will Deacon <will.deacon@arm.com> Cc: Yoshinori Sato <ysato@users.sourceforge.jp> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Michal Hocko
|
36324a990c |
oom: clear TIF_MEMDIE after oom_reaper managed to unmap the address space
When oom_reaper manages to unmap all the eligible vmas there shouldn't be much of the freable memory held by the oom victim left anymore so it makes sense to clear the TIF_MEMDIE flag for the victim and allow the OOM killer to select another task. The lack of TIF_MEMDIE also means that the victim cannot access memory reserves anymore but that shouldn't be a problem because it would get the access again if it needs to allocate and hits the OOM killer again due to the fatal_signal_pending resp. PF_EXITING check. We can safely hide the task from the OOM killer because it is clearly not a good candidate anymore as everyhing reclaimable has been torn down already. This patch will allow to cap the time an OOM victim can keep TIF_MEMDIE and thus hold off further global OOM killer actions granted the oom reaper is able to take mmap_sem for the associated mm struct. This is not guaranteed now but further steps should make sure that mmap_sem for write should be blocked killable which will help to reduce such a lock contention. This is not done by this patch. Note that exit_oom_victim might be called on a remote task from __oom_reap_task now so we have to check and clear the flag atomically otherwise we might race and underflow oom_victims or wake up waiters too early. Signed-off-by: Michal Hocko <mhocko@suse.com> Suggested-by: Johannes Weiner <hannes@cmpxchg.org> Suggested-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Cc: Andrea Argangeli <andrea@kernel.org> Cc: David Rientjes <rientjes@google.com> Cc: Hugh Dickins <hughd@google.com> Cc: Mel Gorman <mgorman@suse.de> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Rik van Riel <riel@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Dmitry Vyukov
|
5c9a8750a6 |
kernel: add kcov code coverage
kcov provides code coverage collection for coverage-guided fuzzing (randomized testing). Coverage-guided fuzzing is a testing technique that uses coverage feedback to determine new interesting inputs to a system. A notable user-space example is AFL (http://lcamtuf.coredump.cx/afl/). However, this technique is not widely used for kernel testing due to missing compiler and kernel support. kcov does not aim to collect as much coverage as possible. It aims to collect more or less stable coverage that is function of syscall inputs. To achieve this goal it does not collect coverage in soft/hard interrupts and instrumentation of some inherently non-deterministic or non-interesting parts of kernel is disbled (e.g. scheduler, locking). Currently there is a single coverage collection mode (tracing), but the API anticipates additional collection modes. Initially I also implemented a second mode which exposes coverage in a fixed-size hash table of counters (what Quentin used in his original patch). I've dropped the second mode for simplicity. This patch adds the necessary support on kernel side. The complimentary compiler support was added in gcc revision 231296. We've used this support to build syzkaller system call fuzzer, which has found 90 kernel bugs in just 2 months: https://github.com/google/syzkaller/wiki/Found-Bugs We've also found 30+ bugs in our internal systems with syzkaller. Another (yet unexplored) direction where kcov coverage would greatly help is more traditional "blob mutation". For example, mounting a random blob as a filesystem, or receiving a random blob over wire. Why not gcov. Typical fuzzing loop looks as follows: (1) reset coverage, (2) execute a bit of code, (3) collect coverage, repeat. A typical coverage can be just a dozen of basic blocks (e.g. an invalid input). In such context gcov becomes prohibitively expensive as reset/collect coverage steps depend on total number of basic blocks/edges in program (in case of kernel it is about 2M). Cost of kcov depends only on number of executed basic blocks/edges. On top of that, kernel requires per-thread coverage because there are always background threads and unrelated processes that also produce coverage. With inlined gcov instrumentation per-thread coverage is not possible. kcov exposes kernel PCs and control flow to user-space which is insecure. But debugfs should not be mapped as user accessible. Based on a patch by Quentin Casasnovas. [akpm@linux-foundation.org: make task_struct.kcov_mode have type `enum kcov_mode'] [akpm@linux-foundation.org: unbreak allmodconfig] [akpm@linux-foundation.org: follow x86 Makefile layout standards] Signed-off-by: Dmitry Vyukov <dvyukov@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: syzkaller <syzkaller@googlegroups.com> Cc: Vegard Nossum <vegard.nossum@oracle.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Tavis Ormandy <taviso@google.com> Cc: Will Deacon <will.deacon@arm.com> Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com> Cc: Kostya Serebryany <kcc@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Alexander Potapenko <glider@google.com> Cc: Kees Cook <keescook@google.com> Cc: Bjorn Helgaas <bhelgaas@google.com> Cc: Sasha Levin <sasha.levin@oracle.com> Cc: David Drysdale <drysdale@google.com> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com> Cc: Kirill A. Shutemov <kirill@shutemov.name> Cc: Jiri Slaby <jslaby@suse.cz> Cc: Ingo Molnar <mingo@elte.hu> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: "H. Peter Anvin" <hpa@zytor.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Dmitry Safonov
|
c428fbdbf3 |
exit: remove unneeded declaration of exit_mm()
Signed-off-by: Dmitry Safonov <0x7f454c46@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Oleg Nesterov
|
570ac9337b |
ptrace: task_stopped_code(ptrace => true) can't see TASK_STOPPED task
task_stopped_code()->task_is_stopped_or_traced() doesn't look right, the traced task must never be TASK_STOPPED. We can not add WARN_ON(task_is_stopped(p)), but this is only because do_wait() can race with PTRACE_ATTACH from another thread. [akpm@linux-foundation.org: teeny cleanup] Signed-off-by: Oleg Nesterov <oleg@redhat.com> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Roland McGrath <roland@hack.frob.com> Acked-by: Tejun Heo <tj@kernel.org> Cc: Pedro Alves <palves@redhat.com> Cc: Jan Kratochvil <jan.kratochvil@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Linus Torvalds
|
53528695ff |
Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler changes from Ingo Molnar:
"The main changes in this cycle were:
- sched/fair load tracking fixes and cleanups (Byungchul Park)
- Make load tracking frequency scale invariant (Dietmar Eggemann)
- sched/deadline updates (Juri Lelli)
- stop machine fixes, cleanups and enhancements for bugs triggered by
CPU hotplug stress testing (Oleg Nesterov)
- scheduler preemption code rework: remove PREEMPT_ACTIVE and related
cleanups (Peter Zijlstra)
- Rework the sched_info::run_delay code to fix races (Peter Zijlstra)
- Optimize per entity utilization tracking (Peter Zijlstra)
- ... misc other fixes, cleanups and smaller updates"
* 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (57 commits)
sched: Don't scan all-offline ->cpus_allowed twice if !CONFIG_CPUSETS
sched: Move cpu_active() tests from stop_two_cpus() into migrate_swap_stop()
sched: Start stopper early
stop_machine: Kill cpu_stop_threads->setup() and cpu_stop_unpark()
stop_machine: Kill smp_hotplug_thread->pre_unpark, introduce stop_machine_unpark()
stop_machine: Change cpu_stop_queue_two_works() to rely on stopper->enabled
stop_machine: Introduce __cpu_stop_queue_work() and cpu_stop_queue_two_works()
stop_machine: Ensure that a queued callback will be called before cpu_stop_park()
sched/x86: Fix typo in __switch_to() comments
sched/core: Remove a parameter in the migrate_task_rq() function
sched/core: Drop unlikely behind BUG_ON()
sched/core: Fix task and run queue sched_info::run_delay inconsistencies
sched/numa: Fix task_tick_fair() from disabling numa_balancing
sched/core: Add preempt_count invariant check
sched/core: More notrace annotations
sched/core: Kill PREEMPT_ACTIVE
sched/core, sched/x86: Kill thread_info::saved_preempt_count
sched/core: Simplify preempt_count tests
sched/core: Robustify preemption leak checks
sched/core: Stop setting PREEMPT_ACTIVE
...
|