vic
325 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
363e84f635 |
Merge remote-tracking branch 'common/android-4.9-q' into android-msm-pixel-4.9
* common/android-4.9-q: Linux 4.9.335 v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails proc: proc_skip_spaces() shouldn't think it is working on C strings proc: avoid integer type confusion in get_proc_long x86/ioremap: Fix page aligned size calculation in __ioremap_caller() Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM x86/pm: Add enumeration check before spec MSRs save/restore setup x86/tsx: Add a feature bit for TSX control MSR support Revert "fbdev: fb_pm2fb: Avoid potential divide by zero error" tcp/udp: Fix memory leak in ipv6_renew_options(). iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() pinctrl: single: Fix potential division by zero ASoC: ops: Fix bounds check for _sx controls arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72 arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep" btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() hwmon: (coretemp) Check for null before removing sysfs attrs net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE net: hsr: Fix potential use-after-free net/9p: Fix a potential socket leak in p9_socket_open net: net_netdev: Fix error handling in ntb_netdev_init_module() net: phy: fix null-ptr-deref while probe() failed qlcnic: fix sleep-in-atomic-context bugs caused by msleep can: cc770: cc770_isa_probe(): add missing free_cc770dev() can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() net/mlx5: Fix uninitialized variable bug in outlen_write() hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails hwmon: (i5500_temp) fix missing pci_disable_device() iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw iio: health: afe4403: Fix oob read in afe4403_read_raw drm/amdgpu: always register an MMU notifier for userptr net: usb: qmi_wwan: add Telit 0x103a composition tcp: configurable source port perturb table size platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() xen/platform-pci: add missing free_irq() in error path serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty nios2: add FORCE for vmlinuz.gz kconfig: display recursive dependency resolution hint just once iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails iio: light: apds9960: fix wrong register for gesture gain s390/crashdump: fix TOD programmable field size net: thunderx: Fix the ACPI memory leak nfc: st-nci: fix memory leaks in EVT_TRANSACTION nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION NFC: nci: fix memory leak in nci_rx_data_packet() xfrm: Fix ignored return value in xfrm6_init() net/qla3xxx: fix potential memleak in ql3xxx_send() net/mlx4: Check retval of mlx4_bitmap_init ARM: mxs: fix memory leak in mxs_machine_init() 9p/fd: fix issue of list_del corruption in p9_fd_cancel() net: pch_gbe: fix potential memleak in pch_gbe_tx_queue() nfc/nci: fix race with opening and closing ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl bus: sunxi-rsb: Support atomic transfers af_key: Fix send_acquire race with pfkey_register MIPS: pic32: treat port as signed integer wifi: mac80211: Fix ack frame idr leak when mesh has no route audit: fix undefined behavior in bit shift for AUDIT_BIT wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support Linux 4.9.334 ntfs: check overflow when iterating ATTR_RECORDs ntfs: fix out-of-bounds read in ntfs_attr_find() ntfs: fix use-after-free in ntfs_attr_find() mm: fs: initialize fsdata passed to write_begin/write_end interface 9p/trans_fd: always use O_NONBLOCK read/write gfs2: Switch from strlcpy to strscpy gfs2: Check sb_bsize_shift after reading superblock 9p: trans_fd/p9_conn_cancel: drop client lock earlier kcm: avoid potential race in kcm_tx_work tcp: cdg: allow tcp_cdg_release() to be called multiple times serial: 8250: Flush DMA Rx on RLSI nilfs2: fix use-after-free bug of ns_writer on remount misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() mmc: core: properly select voltage range without power cycle serial: 8250_lpss: Configure DMA also w/o DMA filter serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs dm ioctl: fix misbehavior if list_versions races with module loading iio: pressure: ms5611: changed hardcoded SPI speed to value limited iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() usb: chipidea: fix deadlock in ci_otg_del_timer usb: add NO_LPM quirk for Realforce 87U Keyboard USB: serial: option: add Fibocom FM160 0x0111 composition USB: serial: option: add u-blox LARA-L6 modem USB: serial: option: add u-blox LARA-R6 00B modem USB: serial: option: remove old LARA-R6 PID USB: serial: option: add Sierra Wireless EM9191 ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() ring_buffer: Do not deactivate non-existant pages ftrace: Optimize the allocation for mcount entries ftrace: Fix the possible incorrect kernel message cifs: Fix wrong return value checking when GETFLAGS net/x25: Fix skb leak in x25_lapb_receive_frame() xen/pcpu: fix possible memory leak in register_pcpu() net: caif: fix double disconnect client in chnl_net_open() mISDN: fix misuse of put_device() in mISDN_register_device() mISDN: fix possible memory leak in mISDN_dsp_element_register() pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map parport_pc: Avoid FIFO port location truncation ASoC: soc-utils: Remove __exit for snd_soc_util_exit() tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send serial: 8250: omap: Flush PM QOS work on remove serial: 8250_omap: remove wait loop from Errata i202 workaround ASoC: core: Fix use-after-free in snd_soc_exit() Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid x86/cpu: Restore AMD's DE_CFG MSR after resume dmaengine: at_hdmac: Check return code of dma_async_device_register dmaengine: at_hdmac: Fix impossible condition dmaengine: at_hdmac: Don't allow CPU to reorder channel enable dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors dmaengine: at_hdmac: Don't start transactions at tx_submit level dmaengine: at_hdmac: Fix at_lli struct definition cert host tools: Stop complaining about deprecated OpenSSL functions udf: Fix a slab-out-of-bounds write bug in udf_find_entry() btrfs: selftests: fix wrong error check in btrfs_free_dummy_root() platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi nilfs2: fix deadlock in nilfs_count_free_blocks() ALSA: usb-audio: Add quirk entry for M-Audio Micro ALSA: hda: fix potential memleak in 'add_widget_node' net: macvlan: fix memory leaks of macvlan_common_newlink net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open() ethernet: s2io: disable napi when start nic failed in s2io_card_up() net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network hamradio: fix issue of dev reference count leakage in bpq_device_event() net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event() capabilities: fix undefined behavior in bit shift for CAP_TO_MASK net: fman: Unregister ethernet device on removal bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer net: gso: fix panic on frag_list with mixed head alloc types HID: hyperv: fix possible memory leak in mousevsc_probe() Linux 4.9.333 wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() KVM: x86: emulator: update the emulation mode after CR0 write KVM: x86: emulator: introduce emulator_recalc_and_set_mode KVM: x86: emulator: em_sysexit should update ctxt->mode KVM: x86: Mask off reserved bits in CPUID.80000008H ext4: fix warning in 'ext4_da_release_space' parisc: Export iosapic_serial_irq() symbol for serial port driver parisc: Make 8250_gsc driver dependend on CONFIG_PARISC ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices btrfs: fix type of parameter generation in btrfs_get_dentry Bluetooth: L2CAP: Fix attempting to access uninitialized memory i2c: xiic: Add platform module alias media: dvb-frontends/drxk: initialize err to 0 media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE net: mdio: fix undefined behavior in bit shift for __mdiobus_register Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu btrfs: fix ulist leaks in error paths of qgroup self tests isdn: mISDN: netjet: fix wrong check of device registration mISDN: fix possible memory leak in mISDN_register_device() rose: Fix NULL pointer dereference in rose_send_frame() ipvs: use explicitly signed chars net: sched: Fix use after free in red_enqueue() ata: pata_legacy: fix pdc20230_set_piomode() net: fec: fix improper use of NETDEV_TX_BUSY nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() nfs4: Fix kmemleak when allocate slot failed NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot NFSv4.1: Handle RECLAIM_COMPLETE trunking errors Conflicts: scripts/kconfig/symbol.c Change-Id: I4d7d00b3697fdaadad5ce8f607a612919e20c42b |
||
|
Daniil Tatianin
|
f2302d65e6 |
ring_buffer: Do not deactivate non-existant pages
commit 56f4ca0a79a9f1af98f26c54b9b89ba1f9bcc6bd upstream.
rb_head_page_deactivate() expects cpu_buffer to contain a valid list of
->pages, so verify that the list is actually present before calling it.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
Link: https://lkml.kernel.org/r/20221114143129.3534443-1-d-tatianin@yandex-team.ru
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Michael Bestas
|
2a94537a7f |
Merge remote-tracking branch 'common/android-4.9-q' into android-msm-pixel-4.9
* common/android-4.9-q: Linux 4.9.332 can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive net: ehea: fix possible memory leak in ehea_register_port() openvswitch: switch from WARN to pr_warn ALSA: aoa: Fix I2S device accounting ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() i40e: Fix ethtool rx-flow-hash setting for X722 media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' media: v4l2-dv-timings: add sanity checks for blanking values media: vivid: dev->bitmap_cap wasn't freed in all cases media: vivid: s_fbuf: add more sanity checks can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path tcp: fix indefinite deferral of RTO with SACK reneging net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY kcm: annotate data-races around kcm->rx_wait kcm: annotate data-races around kcm->rx_psock ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() arc: iounmap() arg is volatile drm/msm: Fix return type of mdp4_lvds_connector_mode_valid net: ieee802154: fix error return code in dgram_bind() mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages xen/gntdev: Prevent leaking grants Xen/gntdev: don't ignore kernel unmapping error s390/futex: add missing EX_TABLE entry to __futex_atomic_op() kernfs: fix use-after-free in __kernfs_remove mmc: core: Fix kernel panic when remove non-standard SDIO card drm/msm/hdmi: fix memory corruption with too many bridges mac802154: Fix LQI recording fbdev: smscufx: Fix several use-after-free bugs tools: iio: iio_utils: fix digit calculation xhci: Remove device endpoints from bandwidth list when freeing the device usb: bdc: change state when port disconnected USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM ALSA: au88x0: use explicitly signed char ALSA: Use del_timer_sync() before freeing timer ACPI: video: Force backlight native for more TongFang devices net: hns: fix possible memory leak in hnae_ae_register() net/atm: fix proc_mpc_write incorrect return value HID: magicmouse: Do not set BTN_MOUSE on double report arm64: errata: Remove AES hwcap for COMPAT tasks ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS ata: ahci-imx: Fix MODULE_ALIAS ocfs2: fix BUG when iput after ocfs2_mknod fails ocfs2: clear dinode links count in case of error Linux 4.9.331 gcov: support GCC 12.1 and newer compilers thermal: intel_powerclamp: Use first online CPU as control_cpu inet: fully convert sk->sk_rx_dst to RCU rules ext4: continue to expand file system when the target size doesn't reach net/ieee802154: don't warn zero-sized raw_sendmsg() net: ieee802154: return -EINVAL for unknown addr type perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc usb: idmouse: fix an uninit-value in idmouse_open Revert "usb: storage: Add quirk for Samsung Fit flash" usb: musb: Fix musb_gadget.c rxstate overflow bug usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() HID: roccat: Fix use-after-free in roccat_read() scsi: 3w-9xxx: Avoid disabling device if failing to enable it media: cx88: Fix a null-ptr-deref bug in buffer_prepare() ARM: dts: imx6sl: add missing properties for sram ARM: dts: imx6qp: add missing properties for sram ARM: dts: imx6dl: add missing properties for sram ARM: dts: imx6q: add missing properties for sram ARM: dts: imx7d-sdb: config the max pressure for tsc2046 drm/amdgpu: fix initial connector audio value platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading drm: Prevent drm_copy_field() to attempt copying a NULL pointer drm: Use size_t type for len variable in drm_copy_field() r8152: Rate limit overflow messages Bluetooth: L2CAP: Fix user-after-free wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 can: bcm: check the result of can_send() in bcm_can_tx() Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() xfrm: Update ipcomp_scratches with NULL when freed tcp: annotate data-race around tcp_md5sig_pool_populated openvswitch: Fix overreporting of drops in dropwatch openvswitch: Fix double reporting of drops in dropwatch thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue MIPS: BCM47XX: Cast memcmp() of function to (void *) ACPI: video: Add Toshiba Satellite/Portege Z830 quirk f2fs: fix race condition on setting FI_NO_EXTENT flag iommu/omap: Fix buffer overflow in debugfs powerpc: Fix SPE Power ISA properties for e500v1 platforms powerpc/pci_dn: Add missing of_node_put() powerpc/math_emu/efp: Include module.h clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() mfd: sm501: Add check for platform_driver_register() mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() mfd: lp8788: Fix an error handling path in lp8788_probe() mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() serial: 8250: Fix restoring termios speed after suspend firmware: google: Test spinlock on panic path to avoid lockups drivers: serial: jsm: fix some leaks in probe ata: fix ata_id_has_dipm() ata: fix ata_id_has_ncq_autosense() ata: fix ata_id_has_devslp() ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() dyndbg: let query-modname override actual module name dyndbg: fix module.dyndbg handling RDMA/rxe: Fix the error caused by qp->sk RDMA/rxe: Fix "kernel NULL pointer dereference" error media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init tty: xilinx_uartps: Fix the ignore_status media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop HSI: omap_ssi_port: Fix dma_map_sg error check HSI: omap_ssi: Fix refcount leak in ssi_probe clk: tegra20: Fix refcount leak in tegra20_clock_init clk: tegra: Fix refcount leak in tegra114_clock_init clk: tegra: Fix refcount leak in tegra210_clock_init iio: ABI: Fix wrong format of differential capacitance channel ABI. iio: inkern: only release the device node when done with it iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX ARM: dts: exynos: fix polarity of VBUS GPIO of Origen ARM: Drop CMDLINE_* dependency on ATAGS ARM: dts: kirkwood: lsxl: remove first ethernet port ARM: dts: kirkwood: lsxl: fix serial line soc: qcom: smem_state: Add refcounting for the 'state->of_node' soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() memory: of: Fix refcount leak bug in of_get_ddr_timings() ALSA: dmaengine: increment buffer pointer atomically ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() platform/x86: msi-laptop: Fix old-ec check for backlight registering drm/mipi-dsi: Detach devices when removing the host bnx2x: fix potential memory leak in bnx2x_tpa_stop() net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited mISDN: fix use-after-free bugs in l1oip timer handlers spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe net: fs_enet: Fix wrong check in do_pd_setup wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() wifi: mac80211: allow bw change during channel switch in mesh wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() sh: machvec: Use char[] for section boundaries selinux: use "grep -E" instead of "egrep" KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility ring-buffer: Fix race between reset page and reading page ring-buffer: Check pending waiters when doing wake ups as well ring-buffer: Allow splice to read previous partially read pages ext4: place buffer head allocation before handle start ext4: make ext4_lazyinit_thread freezable ext4: fix null-ptr-deref in ext4_write_info ext4: avoid crash when inline data creation follows DIO write nilfs2: fix use-after-free bug of struct nilfs_root fbdev: smscufx: Fix use-after-free in ufx_ops_open() PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK parisc: fbdev/stifb: Align graphics memory size to 4MB regulator: qcom_rpm: Fix circular deferral regression quota: Check next/prev free block number after reading from quota file fs: dlm: handle -EBUSY first in lock arg validation fs: dlm: fix race between test_bit() and queue_work() iio: dac: ad5593r: Fix i2c read protocol requirements ALSA: usb-audio: Fix NULL dererence at error path ALSA: usb-audio: Fix potential memory leaks ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() ALSA: oss: Fix potential deadlock at unregistration random: use expired timer rather than wq for mixing fast pool Input: xpad - fix wireless 360 controller breaking after suspend Input: xpad - add supported devices as contributed on github random: restore O_NONBLOCK support wifi: mac80211_hwsim: avoid mac80211 warning on bad rate random: avoid reading two cache lines on irq randomness USB: serial: qcserial: add new usb-id for Dell branded EM7455 scsi: stex: Properly zero out the passthrough command structure ALSA: hda: Fix position reporting on Poulsbo random: clamp credited irq bits to maximum mixed ceph: don't truncate file in atomic_open nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure nilfs2: fix leak of nilfs_root in case of writer thread creation failure nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() USB: serial: ftdi_sio: fix 300 bps rate for SIO usb: mon: make mmapped memory read only um: Cleanup compiler warning in arch/x86/um/tls_32.c um: Cleanup syscall_handler_t cast in syscalls_32.h net/ieee802154: fix uninit value bug in dgram_sendmsg ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property fs: fix UAF/GPF bug in nilfs_mdt_destroy ARM: fix function graph tracer and unwinder dependencies Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 clk: iproc: Do not rely on node name for correct PLL setup clk: iproc: Minor tidy up of iproc pll data structures selftests: Fix the if conditions of in test_extra_filter() nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices nvme: add new line after variable declatation usbnet: Fix memory leak in usbnet_disconnect() Input: melfas_mip4 - fix return value check in mip4_probe() Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" mm: prevent page_frag_alloc() from corrupting the memory mmc: moxart: fix 4-bit bus width and remove 8-bit bus width ntfs: fix BUG_ON in ntfs_lookup_inode_by_name() net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 uas: ignore UAS for Thinkplus chips usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS uas: add no-uas quirk for Hiksemi usb_disk Conflicts: net/ipv4/udp.c Change-Id: Iaca1b0be9e0b4d12ab4f9d08219668a25c130123 |
||
|
Steven Rostedt (Google)
|
d7dd5658ce |
ring-buffer: Fix race between reset page and reading page
commit a0fcaaed0c46cf9399d3a2d6e0c87ddb3df0e044 upstream.
The ring buffer is broken up into sub buffers (currently of page size).
Each sub buffer has a pointer to its "tail" (the last event written to the
sub buffer). When a new event is requested, the tail is locally
incremented to cover the size of the new event. This is done in a way that
there is no need for locking.
If the tail goes past the end of the sub buffer, the process of moving to
the next sub buffer takes place. After setting the current sub buffer to
the next one, the previous one that had the tail go passed the end of the
sub buffer needs to be reset back to the original tail location (before
the new event was requested) and the rest of the sub buffer needs to be
"padded".
The race happens when a reader takes control of the sub buffer. As readers
do a "swap" of sub buffers from the ring buffer to get exclusive access to
the sub buffer, it replaces the "head" sub buffer with an empty sub buffer
that goes back into the writable portion of the ring buffer. This swap can
happen as soon as the writer moves to the next sub buffer and before it
updates the last sub buffer with padding.
Because the sub buffer can be released to the reader while the writer is
still updating the padding, it is possible for the reader to see the event
that goes past the end of the sub buffer. This can cause obvious issues.
To fix this, add a few memory barriers so that the reader definitely sees
the updates to the sub buffer, and also waits until the writer has put
back the "tail" of the sub buffer back to the last event that was written
on it.
To be paranoid, it will only spin for 1 second, otherwise it will
warn and shutdown the ring buffer code. 1 second should be enough as
the writer does have preemption disabled. If the writer doesn't move
within 1 second (with preemption disabled) something is horribly
wrong. No interrupt should last 1 second!
Link: https://lore.kernel.org/all/20220830120854.7545-1-jiazi.li@transsion.com/
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216369
Link: https://lkml.kernel.org/r/20220929104909.0650a36c@gandalf.local.home
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Steven Rostedt (Google)
|
13b5e513c9 |
ring-buffer: Check pending waiters when doing wake ups as well
commit ec0bbc5ec5664dcee344f79373852117dc672c86 upstream.
The wake up waiters only checks the "wakeup_full" variable and not the
"full_waiters_pending". The full_waiters_pending is set when a waiter is
added to the wait queue. The wakeup_full is only set when an event is
triggered, and it clears the full_waiters_pending to avoid multiple calls
to irq_work_queue().
The irq_work callback really needs to check both wakeup_full as well as
full_waiters_pending such that this code can be used to wake up waiters
when a file is closed that represents the ring buffer and the waiters need
to be woken up.
Link: https://lkml.kernel.org/r/20220927231824.209460321@goodmis.org
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes:
|
||
|
Steven Rostedt (Google)
|
4548d9f5f9 |
ring-buffer: Allow splice to read previous partially read pages
commit fa8f4a89736b654125fb254b0db753ac68a5fced upstream.
If a page is partially read, and then the splice system call is run
against the ring buffer, it will always fail to read, no matter how much
is in the ring buffer. That's because the code path for a partial read of
the page does will fail if the "full" flag is set.
The splice system call wants full pages, so if the read of the ring buffer
is not yet full, it should return zero, and the splice will block. But if
a previous read was done, where the beginning has been consumed, it should
still be given to the splice caller if the rest of the page has been
written to.
This caused the splice command to never consume data in this scenario, and
let the ring buffer just fill up and lose events.
Link: https://lkml.kernel.org/r/20220927144317.46be6b80@gandalf.local.home
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Lucas Wei
|
65e475187b |
Merge android-4.9-q (4.9.279) into android-msm-pixel-4.9-sc-lts
Merge 4.9.279 into android-4.9-q
Linux 4.9.279
spi: mediatek: Fix fifo transfer
can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
* Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled"
net/bluetooth/hci_core.c
* net: Fix zero-copy head len calculation.
net/core/skbuff.c
* r8152: Fix potential PM refcount imbalance
drivers/net/usb/r8152.c
regulator: rt5033: Fix n_voltages settings for BUCK and LDO
btrfs: mark compressed range uptodate only if all bio succeed
Merge 4.9.278 into android-4.9-q
Linux 4.9.278
sis900: Fix missing pci_disable_device() in probe and remove
tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
net/mlx5: Fix flow table chaining
* net: llc: fix skb_over_panic
include/net/llc_pdu.h
mlx4: Fix missing error code in mlx4_load_one()
tipc: fix sleeping in tipc accept routine
netfilter: nft_nat: allow to specify layer 4 protocol NAT only
* netfilter: conntrack: adjust stop timestamp to real expiry value
net/netfilter/nf_conntrack_core.c
* cfg80211: Fix possible memory leak in function cfg80211_bss_update
net/wireless/scan.c
x86/asm: Ensure asm/proto.h can be included stand-alone
nfc: nfcsim: fix use after free during module unload
NIU: fix incorrect error return, missed in previous revert
can: esd_usb2: fix memory leak
can: ems_usb: fix memory leak
can: usb_8dev: fix memory leak
ocfs2: issue zeroout to EOF blocks
ocfs2: fix zero out valid data
x86/kvm: fix vcpu-id indexed array sizes
ARM: ensure the signal page contains defined contents
* lib/string.c: add multibyte memset functions
include/linux/string.h
lib/string.c
ARM: dts: versatile: Fix up interrupt controller node names
hfs: add lock nesting notation to hfs_find_init
hfs: fix high memory mapping in hfs_bnode_read
hfs: add missing clean-up in hfs_fill_super
* sctp: move 198 addresses from unusable to private scope
include/net/sctp/constants.h
net/802/garp: fix memleak in garp_request_join()
net/802/mrp: fix memleak in mrp_request_join()
* workqueue: fix UAF in pwq_unbound_release_workfn()
kernel/workqueue.c
* af_unix: fix garbage collect vs MSG_PEEK
net/unix/af_unix.c
* net: split out functions related to registering inflight socket files
include/net/af_unix.h
net/Makefile
net/unix/Kconfig
net/unix/Makefile
net/unix/af_unix.c
net/unix/garbage.c
net/unix/scm.c
net/unix/scm.h
tipc: Fix backport of b77413446408fdd256599daf00d5be72b5f3e7c6
iommu/amd: Fix backport of 140456f994195b568ecd7fc2287a34eadffef3ca
Merge 4.9.277 into android-4.9-q
Linux 4.9.277
btrfs: compression: don't try to compress if we don't have enough pages
iio: accel: bma180: Fix BMA25x bandwidth register values
iio: accel: bma180: Use explicit member assignment
net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear
media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
* tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
kernel/trace/ring_buffer.c
USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
USB: serial: cp210x: fix comments for GE CS1000
USB: serial: option: add support for u-blox LARA-R6 family
usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
usb: max-3421: Prevent corruption of freed memory
USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
* usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
drivers/usb/core/hub.c
KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
* xhci: Fix lost USB 2 remote wake
drivers/usb/host/xhci-hub.c
ALSA: sb: Fix potential ABBA deadlock in CSP driver
s390/ftrace: fix ftrace_update_ftrace_func implementation
Revert "MIPS: add PMD table accounting into MIPS'pmd_alloc_one"
* proc: Avoid mixing integer types in mem_rw()
fs/proc/base.c
* Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
drivers/usb/core/quirks.c
scsi: target: Fix protect handling in WRITE SAME(32)
scsi: iscsi: Fix iface sysfs attr detection
netrom: Decrease sock refcount when sock timers expire
net: decnet: Fix sleeping inside in af_decnet
net: fix uninit-value in caif_seqpkt_sendmsg
s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1]
spi: mediatek: fix fifo rx mode
perf probe-file: Delete namelist in del_events() on the error path
perf test bpf: Free obj_buf
perf lzma: Close lzma stream on exit
igb: Check if num of q_vectors is smaller than max before array access
iavf: Fix an error handling path in 'iavf_probe()'
e1000e: Fix an error handling path in 'e1000_probe()'
fm10k: Fix an error handling path in 'fm10k_probe()'
igb: Fix an error handling path in 'igb_probe()'
ixgbe: Fix an error handling path in 'ixgbe_probe()'
* ipv6: tcp: drop silly ICMPv6 packet too big messages
net/ipv4/tcp_output.c
net/ipv6/tcp_ipv6.c
* tcp: annotate data races around tp->mtu_info
net/ipv4/tcp_ipv4.c
net/ipv6/tcp_ipv6.c
* net: validate lwtstate->data before returning from skb_tunnel_info()
include/net/dst_metadata.h
net: ti: fix UAF in tlan_remove_one
net: qcom/emac: fix UAF in emac_remove
net: moxa: fix UAF in moxart_mac_probe
net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
* net: bridge: sync fdb to new unicast-filtering ports
net/bridge/br_if.c
* net: ipv6: fix return value of ip6_skb_dst_mtu
include/net/ip6_route.h
net/ipv6/xfrm6_output.c
* sched/fair: Fix CFS bandwidth hrtimer expiry type
kernel/sched/fair.c
scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
rtc: max77686: Do not enforce (incorrect) interrupt trigger type
* kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set
scripts/mkcompile_h
* thermal/core: Correct function name thermal_zone_device_unregister()
drivers/thermal/thermal_core.c
arm64: dts: juno: Update SCPI nodes as per the YAML schema
ARM: dts: stm32: fix RCC node name on stm32f429 MCU
ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info
ARM: dts: imx6: phyFLEX: Fix UART hardware flow control
ARM: dts: BCM63xx: Fix NAND nodes names
ARM: brcmstb: dts: fix NAND nodes names
reset: ti-syscon: fix to_ti_syscon_reset_data macro
ARM: dts: rockchip: Fix power-controller node names for rk3288
ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288
* ANDROID: selinux: modify RTM_GETNEIGH{TBL}
security/selinux/include/classmap.h
security/selinux/include/security.h
security/selinux/nlmsgtab.c
security/selinux/ss/policydb.c
security/selinux/ss/policydb.h
security/selinux/ss/services.c
Merge 4.9.276 into android-4.9-q
Linux 4.9.276
* seq_file: disallow extremely large seq buffer allocations
fs/seq_file.c
MIPS: vdso: Invalid GIC access through VDSO
mips: disable branch profiling in boot/decompress.o
mips: always link byteswap helpers into decompressor
scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema
memory: fsl_ifc: fix leak of private memory on probe failure
memory: fsl_ifc: fix leak of IO mapping on probe failure
* reset: bail if try_module_get() fails
drivers/reset/core.c
ARM: dts: r8a7779, marzen: Fix DU clock names
* rtc: fix snprintf() checking in is_rtc_hctosys()
drivers/rtc/rtc-proc.c
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3
hexagon: use common DISCARDS macro
ALSA: isa: Fix error return code in snd_cmi8330_probe()
x86/fpu: Limit xstate copy size in xstateregs_set()
ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
nfs: fix acl memory leak of posix_acl_create()
watchdog: aspeed: fix hardware timeout calculation
um: fix error return code in winch_tramp()
um: fix error return code in slip_open()
* power: supply: rt5033_battery: Fix device tree enumeration
drivers/power/supply/Kconfig
PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
virtio_console: Assure used length from device is limited
virtio-blk: Fix memory leak among suspend/resume procedure
ACPI: AMBA: Fix resource name in /proc/iomem
pwm: tegra: Don't modify HW state in .remove callback
power: supply: ab8500: add missing MODULE_DEVICE_TABLE
power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
orangefs: fix orangefs df output.
x86/fpu: Return proper error codes from user access functions
watchdog: Fix possible use-after-free by calling del_timer_sync()
watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
watchdog: Fix possible use-after-free in wdt_startup()
ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
power: supply: ab8500: Avoid NULL pointers
pwm: spear: Don't modify HW state in .remove callback
lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
* i2c: core: Disable client irq on reboot/shutdown
drivers/i2c/i2c-core.c
ALSA: hda: Add IRQ check for platform_get_irq()
backlight: lm3630a: Fix return code of .update_status() callback
powerpc/boot: Fixup device-tree on little endian
usb: gadget: hid: fix error return code in hid_bind()
* usb: gadget: f_hid: fix endianness issue with descriptors
drivers/usb/gadget/function/f_hid.c
* ALSA: bebob: add support for ToneWeal FW66
sound/firewire/Kconfig
* ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing()
sound/soc/soc-core.c
selftests/powerpc: Fix "no_handler" EBB selftest
ALSA: ppc: fix error return code in snd_pmac_probe()
gpio: zynq: Check return value of pm_runtime_get_sync
powerpc/ps3: Add dma_mask to ps3_dma_region
ALSA: sb: Fix potential double-free of CSP mixer elements
s390/sclp_vt220: fix console name to match device
mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
scsi: iscsi: Add iscsi_cls_conn refcount helpers
fs/jfs: Fix missing error code in lmLogInit()
tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
* Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
sound/firewire/Kconfig
misc/libmasm/module: Fix two use after free in ibmasm_init_one
tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero
* fscrypt: don't ignore minor_hash when hash is 0
fs/crypto/fname.c
tracing: Do not reference char * as a string in histograms
* scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
drivers/scsi/hosts.c
KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run()
KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled
* smackfs: restrict bytes count in smk_set_cipso()
security/smack/smackfs.c
jfs: fix GPF in diFree
media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
media: gspca/sunplus: fix zero-length control requests
media: gspca/sq905: fix control-request direction
media: zr364xx: fix memory leak in zr364xx_start_readpipe
media: dtv5100: fix control-request directions
dm btree remove: assign new_root only when removal succeeds
ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
* seq_buf: Fix overflow in seq_buf_putmem_hex()
lib/seq_buf.c
power: supply: ab8500: Fix an old bug
ipmi/watchdog: Stop watchdog timer when the current action is 'none'
qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
ASoC: tegra: Set driver_name=tegra for all machine drivers
ata: ahci_sunxi: Disable DIPM
* mmc: core: clear flags before allowing to retune
drivers/mmc/core/core.c
* mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
drivers/mmc/host/sdhci.c
drivers/mmc/host/sdhci.h
pinctrl/amd: Add device HID for new AMD GPIO controller
powerpc/barrier: Avoid collision with clang's __lwsync macro
mac80211: fix memory corruption in EAPOL handling
can: bcm: delay release of struct bcm_op after synchronize_rcu()
can: gw: synchronize rcu operations before removing gw job entry
* fuse: reject internal errno
fs/fuse/dev.c
sctp: add size validation when walking chunks
Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
* Bluetooth: Shutdown controller after workqueues are flushed or cancelled
net/bluetooth/hci_core.c
* Bluetooth: Fix the HCI to MGMT status conversion table
net/bluetooth/mgmt.c
RDMA/cma: Fix rdma_resolve_route() memory leak
* wireless: wext-spy: Fix out-of-bounds warning
net/wireless/wext-spy.c
sfc: error code if SRIOV cannot be disabled
sfc: avoid double pci_remove of VFs
RDMA/rxe: Don't overwrite errno from ib_umem_get()
atm: nicstar: register the interrupt handler in the right place
atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
MIPS: add PMD table accounting into MIPS'pmd_alloc_one
cw1200: add missing MODULE_DEVICE_TABLE
wl1251: Fix possible buffer overflow in wl1251_cmd_scan
wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
* xfrm: Fix error reporting in xfrm_state_construct.
net/xfrm/xfrm_user.c
* selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
security/selinux/avc.c
fjes: check return value after calling platform_get_resource()
net: micrel: check return value after calling platform_get_resource()
dm space maps: don't reset space map allocation cursor when committing
RDMA/cxgb4: Fix missing error code in create_qp()
* ipv6: use prandom_u32() for ID generation
net/ipv6/output_core.c
clk: tegra: Ensure that PLLU configuration is applied properly
e100: handle eeprom as little endian
udf: Fix NULL pointer dereference in udf_symlink function
drm/virtio: Fix double free on probe failure
reiserfs: add check for invalid 1st journal block
* net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
net/core/dev.c
atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
mISDN: fix possible use-after-free in HFC_cleanup()
atm: iphase: fix possible use-after-free in ia_module_exit()
hugetlb: clear huge pte during flush function on mips platform
net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
* scsi: core: Retry I/O for Notify (Enable Spinup) Required error
drivers/scsi/scsi_lib.c
mmc: vub3000: fix control-request direction
selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random
mm/huge_memory.c: don't discard hugepage if other processes are mapping it
leds: ktd2692: Fix an error handling path
* configfs: fix memleak in configfs_release_bin_file
fs/configfs/file.c
extcon: max8997: Add missing modalias string
extcon: sm5502: Drop invalid register write in sm5502_reg_data
phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe()
scsi: mpt3sas: Fix error return value in _scsih_expander_add()
* of: Fix truncation of memory sizes on 32-bit platforms
drivers/of/fdt.c
drivers/of/of_reserved_mem.c
staging: gdm724x: check for overflow in gdm_lte_netif_rx()
staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
s390: appldata depends on PROC_SYSCTL
scsi: FlashPoint: Rename si_flags field
tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol()
Input: hil_kbd - fix error return code in hil_dev_connect()
iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adis_buffer: do not return ints in irq handlers
tty: nozomi: Fix a resource leak in an error handling function
net: sched: fix warning in tcindex_alloc_perfect_hash
* writeback: fix obtain a reference to a freeing memcg css
fs/fs-writeback.c
* Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
net/bluetooth/mgmt.c
i40e: Fix error handling in i40e_vsi_open
vxlan: add missing rcu_read_lock() in neigh_reduce()
net: ethernet: ezchip: fix error handling
net: ethernet: ezchip: fix UAF in nps_enet_remove
net: ethernet: aeroflex: fix UAF in greth_of_remove
netfilter: nft_exthdr: check for IPv6 packet before further processing
* netlabel: Fix memory leak in netlbl_mgmt_add_common
net/netlabel/netlabel_mgmt.c
ath10k: Fix an error code in ath10k_add_interface()
brcmsmac: mac80211_if: Fix a resource leak in an error handling path
* wireless: carl9170: fix LEDS build errors & warnings
drivers/net/wireless/ath/carl9170/Kconfig
drm: qxl: ensure surf.data is ininitialized
RDMA/rxe: Fix failure during driver load
ehea: fix error return code in ehea_restart_qps()
net: pch_gbe: Propagate error from devm_gpio_request_one()
ocfs2: fix snprintf() checking
ACPI: sysfs: Fix a buffer overrun problem with description_show()
crypto: nx - Fix RCU warning in nx842_OF_upd_status
spi: spi-sun6i: Fix chipselect/clock bug
hwmon: (max31790) Fix fan speed reporting for fan7..12
hwmon: (max31722) Remove non-standard ACPI device IDs
media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
mmc: usdhi6rol0: fix error return code in usdhi6_probe()
media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2()
media: tc358743: Fix error return code in tc358743_probe_of()
pata_ep93xx: fix deferred probing
pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
media: I2C: change 'RST' to "RSET" to fix multiple build errors
pata_rb532_cf: fix deferred probing
sata_highbank: fix deferred probing
crypto: ux500 - Fix error return code in hash_hw_final()
crypto: ixp4xx - dma_unmap the correct address
media: s5p_cec: decrement usage count if disabled
ia64: mca_drv: fix incorrect array size calculation
ACPI: tables: Add custom DSDT file as makefile prerequisite
platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard()
ACPI: bus: Call kobject_put() in acpi_init() error path
fs: dlm: fix memory leak when fenced
* random32: Fix implicit truncation warning in prandom_seed_state()
include/linux/prandom.h
fs: dlm: cancel work sync othercon
* block_dump: remove block_dump feature in mark_inode_dirty()
fs/fs-writeback.c
ACPI: processor idle: Fix up C-state latency if not ordered
regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
* btrfs: disable build on platforms having page size 256K
fs/btrfs/Kconfig
btrfs: abort transaction if we fail to update the delayed inode
media: siano: fix device register error path
* media: dvb_net: avoid speculation from net slot
drivers/media/dvb-core/dvb_net.c
* crypto: shash - avoid comparing pointers to exported functions under CFI
crypto/shash.c
include/crypto/internal/hash.h
mmc: via-sdmmc: add a check against NULL pointer dereference
media: st-hva: Fix potential NULL pointer dereferences
media: bt8xx: Fix a missing check bug in bt878_probe
* media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
drivers/media/v4l2-core/v4l2-fh.c
crypto: qat - remove unused macro in FW loader
crypto: qat - check return code of qat_hal_rd_rel_reg()
media: pvrusb2: fix warning in pvr2_i2c_core_done
media: cobalt: fix race condition in setting HPD
media: cpia2: fix memory leak in cpia2_usb_probe
crypto: nx - add missing MODULE_DEVICE_TABLE
spi: omap-100k: Fix the length judgment problem
spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages()
spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
* fuse: check connected before queueing on fpq->io
fs/fuse/dev.c
* seq_buf: Make trace_seq_putmem_hex() support data longer than 8
lib/seq_buf.c
ssb: sdio: Don't overwrite const buffer if block_write fails
ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
serial_cs: remove wrong GLOBETROTTER.cis entry
serial_cs: Add Option International GSM-Ready 56K/ISDN modem
serial: sh-sci: Stop dmaengine transfer in sci_stop_tx()
iio: ltr501: ltr501_read_ps(): add missing endianness conversion
iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too
s390/cio: dont call css_wait_for_slow_path() inside a lock
SUNRPC: Should wake up the privileged task firstly.
SUNRPC: Fix the batch tasks count wraparound.
* ext4: fix avefreec in find_group_orlov
fs/ext4/ialloc.c
* ext4: remove check for zero nr_to_scan in ext4_es_scan()
fs/ext4/extents_status.c
* ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
fs/ext4/extents_status.c
* ext4: fix kernel infoleak via ext4_extent_header
fs/ext4/extents.c
btrfs: clear defrag status of a root if starting transaction fails
ARM: dts: at91: sama5d4: fix pinctrl muxing
Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
* iov_iter_fault_in_readable() should do nothing in xarray case
lib/iov_iter.c
ntfs: fix validity check for file name attribute
USB: cdc-acm: blacklist Heimann USB Appset device
usb: gadget: eem: fix echo command packet response issue
net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
Input: usbtouchscreen - fix control-request directions
media: dvb-usb: fix wrong definition
* ALSA: usb-audio: fix rate on Ozone Z90 USB headset
sound/usb/format.c
Merge 4.9.275 into android-4.9-q
Linux 4.9.275
xen/events: reset active flag for lateeoi events later
* kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync()
kernel/kthread.c
* kthread_worker: split code for canceling the delayed work timer
kernel/kthread.c
drm/nouveau: fix dma_address check for CPU/GPU sync
scsi: sr: Return appropriate error code when disk is ejected
* mm, futex: fix shared futex pgoff on shmem huge page
include/linux/hugetlb.h
include/linux/pagemap.h
kernel/futex.c
mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split
* mm: add VM_WARN_ON_ONCE_PAGE() macro
include/linux/mmdebug.h
* include/linux/mmdebug.h: make VM_WARN* non-rvals
include/linux/mmdebug.h
Bug: 196282886
Change-Id: I727851b06571f0e9d7751d10a59b1edae838882c
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Haoran Luo
|
7db12bae1a |
tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
commit 67f0d6d9883c13174669f88adac4f0ee656cc16a upstream.
The "rb_per_cpu_empty()" misinterpret the condition (as not-empty) when
"head_page" and "commit_page" of "struct ring_buffer_per_cpu" points to
the same buffer page, whose "buffer_data_page" is empty and "read" field
is non-zero.
An error scenario could be constructed as followed (kernel perspective):
1. All pages in the buffer has been accessed by reader(s) so that all of
them will have non-zero "read" field.
2. Read and clear all buffer pages so that "rb_num_of_entries()" will
return 0 rendering there's no more data to read. It is also required
that the "read_page", "commit_page" and "tail_page" points to the same
page, while "head_page" is the next page of them.
3. Invoke "ring_buffer_lock_reserve()" with large enough "length"
so that it shot pass the end of current tail buffer page. Now the
"head_page", "commit_page" and "tail_page" points to the same page.
4. Discard current event with "ring_buffer_discard_commit()", so that
"head_page", "commit_page" and "tail_page" points to a page whose buffer
data page is now empty.
When the error scenario has been constructed, "tracing_read_pipe" will
be trapped inside a deadloop: "trace_empty()" returns 0 since
"rb_per_cpu_empty()" returns 0 when it hits the CPU containing such
constructed ring buffer. Then "trace_find_next_entry_inc()" always
return NULL since "rb_num_of_entries()" reports there's no more entry
to read. Finally "trace_seq_to_user()" returns "-EBUSY" spanking
"tracing_read_pipe" back to the start of the "waitagain" loop.
I've also written a proof-of-concept script to construct the scenario
and trigger the bug automatically, you can use it to trace and validate
my reasoning above:
https://github.com/aegistudio/RingBufferDetonator.git
Tests has been carried out on linux kernel 5.14-rc2
(2734d6c1b1a089fb593ef6a23d4b70903526fe0c), my fixed version
of kernel (for testing whether my update fixes the bug) and
some older kernels (for range of affected kernels). Test result is
also attached to the proof-of-concept repository.
Link: https://lore.kernel.org/linux-trace-devel/YPaNxsIlb2yjSi5Y@aegistudio/
Link: https://lore.kernel.org/linux-trace-devel/YPgrN85WL9VyrZ55@aegistudio
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Lucas Wei
|
4b93cc8b15 |
Merge android-4.9-q (4.9.254) into android-msm-pixel-4.9-lts
Merge 4.9.254 into android-4.9-q
Linux 4.9.254
x86/boot/compressed: Disable relocation relaxation
* tracing: Fix race in trace_open and buffer resize call
kernel/trace/ring_buffer.c
* Revert "mm/slub: fix a memory leak in sysfs_slab_add()"
mm/slub.c
net: dsa: b53: fix an off by one in checking "vlan->vid"
net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
* ipv6: create multicast route with RTPROT_KERNEL
net/ipv6/addrconf.c
* skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too
net/core/skbuff.c
sh_eth: Fix power down vs. is_opened flag ordering
sh: dma: fix kconfig dependency for G2_DMA
* netfilter: rpfilter: mask ecn bits before fib lookup
net/ipv4/netfilter/ipt_rpfilter.c
* compiler.h: Raise minimum version of GCC to 5.1 for arm64
include/linux/compiler-gcc.h
* bpf: Fix buggy rsh min/max bounds tracking
kernel/bpf/verifier.c
xhci: tegra: Delay for disabling LFPS detector
* xhci: make sure TRB is fully written before giving it to the controller
drivers/usb/host/xhci-ring.c
* usb: bdc: Make bdc pci driver depend on BROKEN
drivers/usb/gadget/udc/bdc/Kconfig
* usb: udc: core: Use lock when write to soft_connect
drivers/usb/gadget/udc/core.c
USB: ehci: fix an interrupt calltrace error
ehci: fix EHCI host controller initialization sequence
stm class: Fix module init return on allocation failure
iio: ad5504: Fix setting power-down state
can: dev: can_restart: fix use after free bug
i2c: octeon: check correct size of maximum RECV_LEN packet
drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
drm/nouveau/bios: fix issue shadowing expansion ROMs
* scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
drivers/scsi/ufs/ufshcd.c
ASoC: Intel: haswell: Add missing pm_ops
* dm: avoid filesystem lookup in dm_get_dev_t()
drivers/md/dm-table.c
ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
ALSA: hda/via: Add minimum mute flag
ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
Merge 4.9.253 into android-4.9-q
Linux 4.9.253
spi: cadence: cache reference clock rate during probe
tipc: fix NULL deref in tipc_link_xmit()
rxrpc: Fix handling of an unsupported token type in rxrpc_read()
* net: avoid 32 x truesize under-estimation for tiny skbs
net/core/skbuff.c
* net: sit: unregister_netdevice on newlink's error path
net/ipv6/sit.c
net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
net: dcb: Validate netlink message in DCB handler
rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request
netxen_nic: fix MSI/MSI-x interrupts
* net: cdc_ncm: correct overhead in delayed_ndp_size
drivers/net/usb/cdc_ncm.c
nfsd4: readdirplus shouldn't return parent of export
usb: ohci: Make distrust_firmware param default to false
* netfilter: conntrack: fix reading nf_conntrack_buckets
net/netfilter/nf_conntrack_standalone.c
net: sunrpc: interpret the return value of kstrtou32 correctly
* mm, slub: consider rest of partial list if acquire_slab() fails
mm/slub.c
RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp
* ext4: fix superblock checksum failure when setting password salt
fs/ext4/ioctl.c
NFS: nfs_igrab_and_active must first reference the superblock
* dump_common_audit_data(): fix racy accesses to ->d_name
security/lsm_audit.c
* Input: uinput - avoid FF flush when destroying device
drivers/input/ff-core.c
drivers/input/misc/uinput.c
include/linux/input.h
ARM: picoxcell: fix missing interrupt-parent properties
* ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI
include/linux/acpi.h
net: ethernet: fs_enet: Add missing MODULE_LICENSE
* misdn: dsp: select CONFIG_BITREVERSE
drivers/isdn/mISDN/Kconfig
arch/arc: add copy_user_page() to <asm/page.h> to fix build error on ARC
ethernet: ucc_geth: fix definition and size of ucc_geth_tx_global_pram
ARC: build: add boot_targets to PHONY
* ext4: fix bug for rename with RENAME_WHITEOUT
fs/ext4/namei.c
mm/hugetlb: fix potential missing huge page size info
ACPI: scan: Harden acpi_device_add() against device ID overflows
MIPS: relocatable: fix possible boot hangup with KASLR enabled
MIPS: boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB
* ASoC: dapm: remove widget from dirty list on free
sound/soc/soc-dapm.c
Merge 4.9.252 into android-4.9-q
Linux 4.9.252
* net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet
net/core/skbuff.c
* block: fix use-after-free in disk_part_iter_next
block/genhd.c
KVM: arm64: Don't access PMCR_EL0 when no PMU is available
* wan: ds26522: select CONFIG_BITREVERSE
drivers/net/wan/Kconfig
net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups
iommu/intel: Fix memleak in intel_irq_remapping_alloc
* block: rsxx: select CONFIG_CRC32
drivers/block/Kconfig
* wil6210: select CONFIG_CRC32
drivers/net/wireless/ath/wil6210/Kconfig
dmaengine: xilinx_dma: fix mixed_enum_type coverity warning
dmaengine: xilinx_dma: check dma_async_device_register return value
cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get()
ARM: OMAP2+: omap_device: fix idling of devices during probe
spi: pxa2xx: Fix use-after-free on unbind
ubifs: wbuf: Don't leak kernel memory to flash
drm/i915: Fix mismatch between misplaced vma check and vma insert
* vmlinux.lds.h: Add PGO and AutoFDO input sections
include/asm-generic/vmlinux.lds.h
* net: fix pmtu check in nopmtudisc mode
net/ipv4/ip_tunnel.c
* net: ip: always refragment ip defragmented packets
net/ipv4/ip_output.c
powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at
target: add XCOPY target/segment desc sense codes
scsi: target: Fix XCOPY NAA identifier lookup
xcopy: loop over devices using idr helper
target: use XCOPY segment descriptor CSCD IDs
target: simplify XCOPY wwn->se_dev lookup helper
target: bounds check XCOPY segment descriptor list
ANDROID: cuttlefish_defconfig: add missing CONFIG_BLK_CGROUP
Merge 4.9.251 into android-4.9-q
Linux 4.9.251
x86/mtrr: Correct the range check before performing MTRR type lookups
netfilter: xt_RATEEST: reject non-null terminated string from userspace
netfilter: ipset: fix shift-out-of-bounds in htable_bits()
* Revert "device property: Keep secondary firmware node secondary by type"
drivers/base/core.c
ALSA: hda/conexant: add a new hda codec CX11970
x86/mm: Fix leak of pmd ptlock
USB: serial: keyspan_pda: remove unused variable
* usb: gadget: configfs: Fix use-after-free issue with udc_name
drivers/usb/gadget/configfs.c
* usb: gadget: configfs: Preserve function ordering after bind failure
drivers/usb/gadget/configfs.c
* usb: gadget: Fix spinlock lockup on usb_function_deactivate
drivers/usb/gadget/composite.c
USB: gadget: legacy: fix return error code in acm_ms_bind()
usb: gadget: function: printer: Fix a memory leak for interface descriptor
usb: gadget: f_uac2: reset wMaxPacketSize
* usb: gadget: select CONFIG_CRC32
drivers/usb/gadget/Kconfig
* ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks
sound/usb/midi.c
USB: usblp: fix DMA to stack
USB: yurex: fix control-URB timeout handling
USB: serial: option: add LongSung M5710 module support
USB: serial: iuu_phoenix: fix DMA from stack
usb: uas: Add PNY USB Portable SSD to unusual_uas
* USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set
drivers/usb/host/xhci.c
usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data()
USB: cdc-acm: blacklist another IR Droid device
* usb: gadget: enable super speed plus
drivers/usb/gadget/configfs.c
video: hyperv_fb: Fix the mmap() regression for v5.4.y and older
scripts/gdb: fix lx-version string output
scripts/gdb: lx-dmesg: use explicit encoding=utf8 errors=replace
scripts/gdb: lx-dmesg: cast log_buf to void* for addr fetch
scripts/gdb: make lx-dmesg command work (reliably)
virtio_net: Fix recursive call to cpus_read_lock()
net: sched: prevent invalid Scell_log shift count
vhost_net: fix ubuf refcount incorrectly when sendmsg fails
* CDC-NCM: remove "connected" log message
drivers/net/usb/cdc_ncm.c
net: hdlc_ppp: Fix issues when mod_timer is called while timer is running
net: hns: fix return value check in __lb_other_process()
* ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst()
net/ipv4/fib_frontend.c
net: ethernet: Fix memleak in ethoc_probe
net/ncsi: Use real net-device for response handler
atm: idt77252: call pci_disable_device() on error path
ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()
* depmod: handle the case of /sbin/depmod without /sbin in PATH
scripts/depmod.sh
* lib/genalloc: fix the overflow when size is too big
lib/genalloc.c
* workqueue: Kick a worker based on the actual activation of delayed works
kernel/workqueue.c
* kbuild: don't hardcode depmod path
Makefile
Merge 4.9.250 into android-4.9-q
Linux 4.9.250
mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
iio:magnetometer:mag3110: Fix alignment and data leak issues.
iio:imu:bmi160: Fix alignment and data leak issues
iio:imu:bmi160: Fix too large a buffer.
iio: bmi160_core: Fix sparse warning due to incorrect type in assignment
xenbus/xenbus_backend: Disallow pending watch messages
xen/xenbus: Count pending messages for each watch
xen/xenbus/xen_bus_type: Support will_handle watch callback
xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path()
xen/xenbus: Allow watches discard events before queueing
* kdev_t: always inline major/minor helper functions
include/linux/kdev_t.h
* module: delay kobject uevent until after module init call
kernel/module.c
powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe()
* quota: Don't overflow quota file offsets
fs/quota/quota_tree.c
* module: set MODULE_STATE_GOING state when a module fails to load
kernel/module.c
ALSA: seq: Use bool for snd_seq_queue internal flags
media: gp8psk: initialize stats at power control logic
misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells()
reiserfs: add check for an invalid ih_entry_count
* of: fix linker-section match-table corruption
include/linux/of.h
* uapi: move constants from <linux/kernel.h> to <linux/const.h>
include/uapi/linux/const.h
include/uapi/linux/ethtool.h
include/uapi/linux/kernel.h
include/uapi/linux/mroute6.h
include/uapi/linux/netfilter/x_tables.h
include/uapi/linux/netlink.h
include/uapi/linux/sysctl.h
* l2tp: fix races with ipv4-mapped ipv6 addresses
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
* net: ipv6: keep sk status consistent after datagram connect failure
net/ipv6/datagram.c
USB: serial: digi_acceleport: fix write-wakeup deadlocks
s390/dasd: fix hanging device offline processing
vfio/pci: Move dummy_resources_list init in vfio_pci_probe()
ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236
ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines
ALSA: hda/realtek - Support Dell headset mode for ALC3271
* ALSA: usb-audio: fix sync-ep altsetting sanity check
sound/usb/pcm.c
* ALSA: usb-audio: simplify set_sync_ep_implicit_fb_quirk
sound/usb/pcm.c
ALSA: hda/ca0132 - Fix work handling in delayed HP detection
x86/entry/64: Add instruction suffix
* ANDROID: usb: f_accessory: Don't drop NULL reference in acc_disconnect()
drivers/usb/gadget/function/f_accessory.c
* ANDROID: usb: f_accessory: Avoid bitfields for shared variables
drivers/usb/gadget/function/f_accessory.c
* ANDROID: usb: f_accessory: Cancel any pending work before teardown
drivers/usb/gadget/function/f_accessory.c
* ANDROID: usb: f_accessory: Don't corrupt global state on double registration
drivers/usb/gadget/function/f_accessory.c
* ANDROID: usb: f_accessory: Fix teardown ordering in acc_release()
drivers/usb/gadget/function/f_accessory.c
* ANDROID: usb: f_accessory: Add refcounting to global 'acc_dev'
drivers/usb/gadget/function/f_accessory.c
* UPSTREAM: locking/atomic, kref: Add KREF_INIT()
fs/fuse/fuse_i.h
include/linux/kref.h
init/version.c
kernel/pid.c
* ANDROID: usb: f_accessory: Wrap '_acc_dev' in get()/put() accessors
drivers/usb/gadget/function/f_accessory.c
* ANDROID: usb: f_accessory: Remove useless assignment
drivers/usb/gadget/function/f_accessory.c
* ANDROID: usb: f_accessory: Remove useless non-debug prints
drivers/usb/gadget/function/f_accessory.c
* ANDROID: usb: f_accessory: Remove stale comments
drivers/usb/gadget/function/f_accessory.c
* ANDROID: USB: f_accessory: Check dev pointer before decoding ctrl request
drivers/usb/gadget/function/f_accessory.c
* ANDROID: usb: gadget: f_accessory: fix CTS test stuck
drivers/usb/gadget/function/f_accessory.c
Merge 4.9.249 into android-4.9-q
Linux 4.9.249
* PCI: Fix pci_slot_release() NULL pointer dereference
drivers/pci/slot.c
xen-blkback: set ring->xenblkd to NULL after kthread_stop()
clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9
iio:pressure:mpl3115: Force alignment of buffer
iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume
iio: buffer: Fix demux update
mtd: parser: cmdline: Fix parsing of part-names with colons
soc: qcom: smp2p: Safely acquire spinlock without IRQs
spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path
spi: sc18is602: Don't leak SPI master in probe error path
spi: rb4xx: Don't leak SPI master in probe error path
spi: pic32: Don't leak DMA channels in probe error path
spi: davinci: Fix use-after-free on unbind
spi: spi-sh: Fix use-after-free on unbind
drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor()
jfs: Fix array index bounds check in dbAdjTree
jffs2: Fix GC exit abnormally
ceph: fix race in concurrent __ceph_remove_cap invocations
powerpc/xmon: Change printk() to pr_cont()
* KVM: arm64: Introduce handling of AArch32 TTBCR2 traps
arch/arm64/include/asm/kvm_host.h
* ext4: fix a memory leak of ext4_free_data
fs/ext4/mballoc.c
btrfs: fix return value mixup in btrfs_get_extent
Btrfs: fix selftests failure due to uninitialized i_mode in test inodes
btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block()
btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf
USB: serial: keyspan_pda: fix write unthrottling
USB: serial: keyspan_pda: fix tx-unthrottle use-after-free
USB: serial: keyspan_pda: fix write-wakeup use-after-free
USB: serial: keyspan_pda: fix stalled writes
USB: serial: keyspan_pda: fix write deadlock
USB: serial: keyspan_pda: fix dropped unthrottle interrupts
USB: serial: mos7720: fix parallel-port state restore
powerpc/perf: Exclude kernel samples while counting events in user space.
staging: comedi: mf6x4: Fix AI end-of-conversion detection
s390/dasd: fix list corruption of lcu list
s390/dasd: fix list corruption of pavgroup group list
s390/dasd: prevent inconsistent LCU device data
* ALSA: usb-audio: Disable sample read check if firmware doesn't give back
sound/usb/clock.c
ALSA: pcm: oss: Fix a few more UBSAN fixes
ACPI: PNP: compare the string length in the matching_id()
Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks"
Input: cyapa_gen6 - fix out-of-bounds stack access
media: netup_unidvb: Don't leak SPI master in probe error path
media: sunxi-cir: ensure IR is handled when it is continuous
media: gspca: Fix memory leak in probe
Input: goodix - add upside-down quirk for Teclast X98 Pro tablet
Input: cros_ec_keyb - send 'scancodes' in addition to key events
* cfg80211: initialize rekey_data
net/wireless/nl80211.c
clk: s2mps11: Fix a resource leak in error handling paths in the probe function
qlcnic: Fix error code in probe
perf record: Fix memory leak when using '--user-regs=?' to list registers
clk: ti: Fix memleak in ti_fapll_synth_setup
watchdog: qcom: Avoid context switch in restart handler
net: korina: fix return value
net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function
net: bcmgenet: Fix a resource leak in an error handling path in the probe functin
checkpatch: fix unescaped left brace
powerpc/ps3: use dma_mapping_error()
nfc: s3fwrn5: Release the nfc firmware
um: chan_xterm: Fix fd leak
irqchip/alpine-msi: Fix freeing of interrupts on allocation error path
ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control()
extcon: max77693: Fix modalias string
clk: tegra: Fix duplicated SE clock entry
x86/kprobes: Restore BTF if the single-stepping is cancelled
nfs_common: need lock during iterate through the list
nfsd: Fix message level for normal termination
speakup: fix uninitialized flush_lock
usb: oxu210hp-hcd: Fix memory leak in oxu_create
usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe
powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops
scsi: fnic: Fix error return code in fnic_probe()
* seq_buf: Avoid type mismatch for seq_buf_init
include/linux/seq_buf.h
include/linux/trace_seq.h
scsi: pm80xx: Fix error return in pm8001_pci_probe()
cpufreq: scpi: Add missing MODULE_ALIAS
cpufreq: loongson1: Add missing MODULE_ALIAS
cpufreq: st: Add missing MODULE_DEVICE_TABLE
cpufreq: highbank: Add missing MODULE_DEVICE_TABLE
* clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI
drivers/clocksource/arm_arch_timer.c
* dm ioctl: fix error return code in target_message
drivers/md/dm-ioctl.c
ASoC: jz4740-i2s: add missed checks for clk_get()
memstick: r592: Fix error return in r592_probe()
pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe()
clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent()
media: saa7146: fix array overflow in vidioc_s_audio()
vfio-pci: Use io_remap_pfn_range() for PCI IO memory
NFS: switch nfsiod to be an UNBOUND workqueue.
lockd: don't use interval-based rebinding over TCP
* SUNRPC: xprt_load_transport() needs to support the netid "rdma6"
include/linux/sunrpc/xprt.h
NFSv4.2: condition READDIR's mask for security label based on LSM state
ARM: dts: at91: at91sam9rl: fix ADC triggers
HSI: omap_ssi: Don't jump to free ID in ssi_add_controller()
mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
media: siano: fix memory leak of debugfs members in smsdvb_hotplug
cw1200: fix missing destroy_workqueue() on error in cw1200_init_common
orinoco: Move context allocation after processing the skb
ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host
ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host
memstick: fix a double-free bug in memstick_check
RDMA/cxgb4: Validate the number of CQEs
drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe
soc: ti: Fix reference imbalance in knav_dma_probe
soc: ti: knav_qmss: fix reference leak in knav_queue_probe
crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe
powerpc/feature: Fix CPU_FTRS_ALWAYS by removing CPU_FTRS_GENERIC_32
Input: ads7846 - fix unaligned access on 7845
Input: ads7846 - fix integer overflow on Rt calculation
drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()
media: solo6x10: fix missing snd_card_free in error handling case
staging: greybus: codecs: Fix reference counter leak in error handling
MIPS: BCM47XX: fix kconfig dependency bug for BCM47XX_BCMA
RDMa/mthca: Work around -Wenum-conversion warning
spi: tegra114: fix reference leak in tegra spi ops
spi: tegra20-sflash: fix reference leak in tegra_sflash_resume
spi: tegra20-slink: fix reference leak in slink ops of tegra20
spi: spi-ti-qspi: fix reference leak in ti_qspi_setup
* Bluetooth: Fix null pointer dereference in hci_event_packet()
net/bluetooth/hci_event.c
arm64: dts: exynos: Correct psci compatible used on Exynos7
* ASoC: pcm: DRAIN support reactivation
sound/soc/soc-pcm.c
spi: img-spfi: fix reference leak in img_spfi_resume
crypto: talitos - Fix return type of current_desc_hdr()
ARM: p2v: fix handling of LPAE translation in BE mode
RDMA/rxe: Compute PSN windows correctly
drm/gma500: fix double free of gma_connector
* Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
net/bluetooth/hci_event.c
md: fix a warning caused by a race between concurrent md_ioctl()s
media: msi2500: assign SPI bus number dynamically
* serial_core: Check for port state when tty is in error state
drivers/tty/serial/serial_core.c
HID: i2c-hid: add Vero K147 to descriptor override
ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU
ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on Exynos5410
ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU
usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul
* usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus
drivers/usb/gadget/function/f_fs.c
USB: gadget: f_rndis: fix bitrate for SuperSpeed and above
* USB: gadget: f_midi: setup SuperSpeed Plus descriptors
drivers/usb/gadget/function/f_midi.c
USB: gadget: f_acm: add support for SuperSpeed Plus
USB: serial: option: add interface-number sanity check to flag handling
soc/tegra: fuse: Fix index bug in get_process_id
* dm table: Remove BUG_ON(in_interrupt())
drivers/md/dm-table.c
scsi: mpt3sas: Increase IOCInit request timeout to 30s
drm/tegra: sor: Disable clocks on error in tegra_sor_init()
* kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling
kernel/cpu.c
RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait
can: softing: softing_netdev_open(): fix error handling
* scsi: bnx2i: Requires MMU
drivers/scsi/bnx2i/Kconfig
pinctrl: baytrail: Avoid clearing debounce value when turning it off
pinctrl: merrifield: Set default bias in case no particular value given
serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access
ALSA: pcm: oss: Fix potential out-of-bounds shift
* USB: sisusbvga: Make console support depend on BROKEN
drivers/usb/misc/sisusbvga/Kconfig
* xhci: Give USB2 ports time to enter U3 in bus suspend
drivers/usb/host/xhci-hub.c
* ALSA: usb-audio: Fix control 'access overflow' errors from chmap
sound/usb/stream.c
* ALSA: usb-audio: Fix potential out-of-bounds shift
sound/usb/format.c
* USB: add RESET_RESUME quirk for Snapscan 1212
drivers/usb/core/quirks.c
USB: dummy-hcd: Fix uninitialized array use in init()
mac80211: mesh: fix mesh_pathtbl_init() error path
net: bridge: vlan: fix error return code in __vlan_add()
net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux
net: stmmac: delete the eee_ctrl_timer after napi disabled
* tcp: fix cwnd-limited bug for TSO deferral where we send nothing
net/ipv4/tcp_output.c
net/mlx4_en: Avoid scheduling restart task if it is already running
* spi: Prevent adding devices below an unregistering controller
drivers/spi/Kconfig
drivers/spi/spi.c
scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()"
pinctrl: amd: remove debounce filter setting in IRQ type setting
Input: i8042 - add Acer laptops to the i8042 reset list
Input: cm109 - do not stomp on control URB
platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE
ARC: stack unwinding: don't assume non-current task is sleeping
arm64: dts: rockchip: Assign a fixed index to mmc devices on rk3399 boards.
iwlwifi: pcie: limit memory read spin time
spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe
spi: bcm2835aux: Fix use-after-free on unbind
Bug: 180663378
Change-Id: Icded594ca907f1cf0a53f7a506c1cb9e58cbc213
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Gaurav Kohli
|
04f51df12d |
tracing: Fix race in trace_open and buffer resize call
commit bbeb97464eefc65f506084fd9f18f21653e01137 upstream.
Below race can come, if trace_open and resize of
cpu buffer is running parallely on different cpus
CPUX CPUY
ring_buffer_resize
atomic_read(&buffer->resize_disabled)
tracing_open
tracing_reset_online_cpus
ring_buffer_reset_cpu
rb_reset_cpu
rb_update_pages
remove/insert pages
resetting pointer
This race can cause data abort or some times infinte loop in
rb_remove_pages and rb_insert_pages while checking pages
for sanity.
Take buffer lock to fix this.
Link: https://lkml.kernel.org/r/1601976833-24377-1-git-send-email-gkohli@codeaurora.org
Cc: stable@vger.kernel.org
Fixes:
|
||
|
lucaswei
|
f09d91fe02 |
Merge android-4.9-q (4.9.248) into android-msm-pixel-4.9-lts
Merge 4.9.248 into android-4.9-q
Linux 4.9.248
x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes
Input: i8042 - fix error return code in i8042_setup_aux()
i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc()
gfs2: check for empty rgrp tree in gfs2_ri_update
* tracing: Fix userstacktrace option for instances
kernel/trace/trace.c
kernel/trace/trace.h
spi: bcm2835: Release the DMA channel if probe fails after dma_init
spi: bcm2835: Fix use-after-free on unbind
spi: bcm-qspi: Fix use-after-free on unbind
* spi: Introduce device-managed SPI controller allocation
drivers/spi/spi.c
include/linux/spi/spi.h
iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs
i2c: imx: Check for I2SR_IAL after every byte
i2c: imx: Fix reset of I2SR_IAL flag
cifs: fix potential use-after-free in cifs_echo_request()
ftrace: Fix updating FTRACE_FL_TRAMP
* tty: Fix ->session locking
drivers/tty/tty_io.c
include/linux/tty.h
ALSA: hda/generic: Add option to enforce preferred_dacs pairs
ALSA: hda/realtek - Add new codec supported for ALC897
* tty: Fix ->pgrp locking in tiocspgrp()
drivers/tty/tty_io.c
USB: serial: option: add support for Thales Cinterion EXS82
USB: serial: option: add Fibocom NL668 variants
USB: serial: ch341: sort device-id entries
USB: serial: ch341: add new Product ID for CH341A
USB: serial: kl5kusb105: fix memleak on open
* usb: gadget: f_fs: Use local copy of descriptors for userspace copy
drivers/usb/gadget/function/f_fs.c
* vlan: consolidate VLAN parsing code and limit max parsing depth
include/linux/if_vlan.h
include/net/inet_ecn.h
pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH)
pinctrl: baytrail: Replace WARN with dev_info_once when setting direct-irq pin to output
btrfs: sysfs: init devices outside of the chunk_mutex
RDMA/i40iw: Address an mmap handler exploit in i40iw
* spi: Fix controller unregister order harder
drivers/spi/spi.c
Input: i8042 - add ByteSpeed touchpad to noloop table
* Input: xpad - support Ardwiino Controllers
drivers/input/joystick/xpad.c
dt-bindings: net: correct interrupt flags in examples
net/mlx5: Fix wrong address reclaim when command interface is down
net: pasemi: fix error return code in pasemi_mac_open()
cxgb3: fix error return code in t3_sge_alloc_qset()
net/x25: prevent a couple of overflows
ibmvnic: Fix TX completion error handling
ibmvnic: Ensure that SCRQ entry reads are correctly ordered
netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal
* bonding: wait for sysfs kobject destruction before freeing struct slave
drivers/net/bonding/bond_main.c
drivers/net/bonding/bond_sysfs_slave.c
include/net/bonding.h
usbnet: ipheth: fix connectivity with iOS 14
rose: Fix Null pointer dereference in rose_send_frame()
net/af_iucv: set correct sk_protocol for child sockets
ANDROID: cuttlefish_defconfig: Disable CONFIG_KSM
Merge 4.9.247 into android-4.9-q
Linux 4.9.247
* USB: core: Fix regression in Hercules audio card
drivers/usb/core/quirks.c
* USB: core: add endpoint-blacklist quirk
drivers/usb/core/config.c
drivers/usb/core/quirks.c
drivers/usb/core/usb.h
include/linux/usb/quirks.h
* regulator: workaround self-referent regulators
drivers/regulator/core.c
* regulator: avoid resolve_supply() infinite recursion
drivers/regulator/core.c
x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb
usb: gadget: Fix memleak in gadgetfs_fill_super
* usb: gadget: f_midi: Fix memleak in f_midi_alloc
drivers/usb/gadget/function/f_midi.c
* USB: core: Change %pK for __user pointers to %px
drivers/usb/core/devio.c
perf probe: Fix to die_entrypc() returns error correctly
platform/x86: toshiba_acpi: Fix the wrong variable assignment
can: gs_usb: fix endianess problem with candleLight firmware
efivarfs: revert "fix memory leak in efivarfs_create()"
ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq
net: ena: set initial DMA width to avoid intel iommu issue
nfc: s3fwrn5: use signed integer for parsing GPIO numbers
IB/mthca: fix return value of error branch in mthca_init_cq()
bnxt_en: Release PCI regions when DMA mask setup fails during probe.
video: hyperv_fb: Fix the cache type when mapping the VRAM
bnxt_en: fix error return code in bnxt_init_board()
* scsi: ufs: Fix race between shutdown and runtime resume flow
drivers/scsi/ufs/ufshcd.c
batman-adv: set .owner to THIS_MODULE
phy: tegra: xusb: Fix dangling pointer on probe failure
perf/x86: fix sysfs type mismatches
scsi: target: iscsi: Fix cmd abort fabric stop race
scsi: libiscsi: Fix NOP race condition
dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size
* proc: don't allow async path resolution of /proc/self components
fs/proc/self.c
x86/xen: don't unbind uninitialized lock_kicker_irq
dmaengine: xilinx_dma: use readl_poll_timeout_atomic variant
HID: hid-sensor-hub: Fix issue with devices with no report ID
Input: i8042 - allow insmod to succeed on devices without an i8042 controller
* HID: cypress: Support Varmilo Keyboards' media hotkeys
drivers/hid/hid-ids.h
ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close
ALSA: hda/hdmi: Use single mutex unlock in error paths
* arm64: pgtable: Fix pte_accessible()
arch/arm64/include/asm/pgtable.h
btrfs: inode: Verify inode mode to avoid NULL pointer dereference
btrfs: tree-checker: Enhance chunk checker to validate chunk profile
* PCI: Add device even if driver attach failed
drivers/pci/bus.c
btrfs: fix lockdep splat when reading qgroup config on mount
mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault()
perf event: Check ref_reloc_sym before using it
* BACKPORT: arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
arch/arm64/include/asm/efi.h
arch/arm64/include/asm/mmu_context.h
Merge 4.9.246 into android-4.9-q
Linux 4.9.246
x86/microcode/intel: Check patch signature before saving microcode for early loading
s390/cpum_sf.c: fix file permission for cpum_sfb_size
mac80211: free sta in sta_info_insert_finish() on errors
mac80211: minstrel: fix tx status processing corner case
mac80211: minstrel: remove deferred sampling code
xtensa: disable preemption around cache alias management calls
* regulator: fix memory leak with repeated set_machine_constraints()
drivers/regulator/core.c
iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum
* ext4: fix bogus warning in ext4_update_dx_flag()
fs/ext4/ext4.h
efivarfs: fix memory leak in efivarfs_create()
tty: serial: imx: keep console clocks always on
ALSA: mixart: Fix mutex deadlock
* ALSA: ctl: fix error path at adding user-defined element set
sound/core/control.c
powerpc/uaccess-flush: fix missing includes in kup-radix.h
* libfs: fix error cast of negative value in simple_attr_write()
fs/libfs.c
xfs: revert "xfs: fix rmap key and record comparison functions"
regulator: ti-abb: Fix array out of bound read access on the first transition
MIPS: Alchemy: Fix memleak in alchemy_clk_setup_cpu
can: m_can: m_can_handle_state_change(): fix state change
can: peak_usb: fix potential integer overflow on shift of a int
can: dev: can_restart(): post buffer from the right context
perf lock: Don't free "lock_seq_stat" if read_count isn't zero
ARM: dts: imx50-evk: Fix the chip select 1 IOMUX
arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy
MIPS: export has_transparent_hugepage() for modules
Input: adxl34x - clean up a data type in adxl34x_probe()
* vfs: remove lockdep bogosity in __sb_start_write
fs/super.c
* arm64: psci: Avoid printing in cpu_psci_cpu_die()
arch/arm64/kernel/psci.c
pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq
mlxsw: core: Use variable timeout for EMAD retries
net: ftgmac100: Fix crash when removing driver
tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate
net: usb: qmi_wwan: Set DTR quirk for MR400
sctp: change to hold/put transport for proto_unreach_timer
qlcnic: fix error return code in qlcnic_83xx_restart_hw()
net: x25: Increase refcnt of "struct x25_neigh" in x25_rx_call_request
net/mlx4_core: Fix init_hca fields offset
* netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist()
net/netlabel/netlabel_unlabeled.c
* netlabel: fix our progress tracking in netlbl_unlabel_staticlist()
net/netlabel/netlabel_unlabeled.c
net: Have netpoll bring-up DSA management interface
* net: bridge: add missing counters to ndo_get_stats64 callback
net/bridge/br_device.c
net: b44: fix error return code in b44_init_one()
* inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill()
net/ipv4/inet_diag.c
devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill()
bnxt_en: read EEPROM A2h address using page 0
atm: nicstar: Unmap DMA on send error
* ah6: fix error return code in ah6_input()
net/ipv6/ah6.c
Merge 4.9.245 into android-4.9-q
Linux 4.9.245
ACPI: GED: fix -Wformat
KVM: x86: clflushopt should be treated as a no-op by emulation
mac80211: always wind down STA state
Input: sunkbd - avoid use-after-free in teardown paths
powerpc/8xx: Always fault when _PAGE_ACCESSED is not set
i2c: mux: pca954x: Add missing pca9546 definition to chip_desc
i2c: imx: Fix external abort on interrupt in exit paths
i2c: imx: use clk notifier for rate changes
powerpc/64s: flush L1D after user accesses
powerpc/uaccess: Evaluate macro arguments once, before user access is allowed
powerpc: Fix __clear_user() with KUAP enabled
powerpc: Implement user_access_begin and friends
powerpc: Add a framework for user access tracking
powerpc/64s: flush L1D on kernel entry
powerpc/64s: move some exception handlers out of line
powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL
Linux 4.9.244
Convert trailing spaces and periods in path components
* ext4: fix leaking sysfs kobject after failed mount
fs/ext4/super.c
* reboot: fix overflow parsing reboot cpu number
kernel/reboot.c
* Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
kernel/reboot.c
* perf/core: Fix race in the perf_mmap_close() function
kernel/events/core.c
xen/events: block rogue events for some time
xen/events: defer eoi in case of excessive number of events
xen/events: use a common cpu hotplug hook for event channels
xen/events: switch user event channels to lateeoi model
xen/pciback: use lateeoi irq binding
xen/scsiback: use lateeoi irq binding
xen/netback: use lateeoi irq binding
xen/blkback: use lateeoi irq binding
xen/events: add a new "late EOI" evtchn framework
xen/events: fix race in evtchn_fifo_unmask()
xen/events: add a proper barrier to 2-level uevent unmasking
xen/events: avoid removing an event channel while handling it
* perf/core: Fix a memory leak in perf_event_parse_addr_filter()
kernel/events/core.c
* perf/core: Fix crash when using HW tracing kernel filters
kernel/events/core.c
* perf/core: Fix bad use of igrab()
include/linux/perf_event.h
kernel/events/core.c
x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP
* random32: make prandom_u32() output unpredictable
drivers/char/random.c
include/linux/prandom.h
kernel/time/timer.c
lib/random32.c
net: Update window_clamp if SOCK_RCVBUF is set
net/x25: Fix null-ptr-deref in x25_connect
net/af_iucv: fix null pointer dereference on shutdown
* IPv6: Set SIT tunnel hard_header_len to zero
net/ipv6/sit.c
* swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
lib/swiotlb.c
pinctrl: amd: fix incorrect way to disable debounce filter
pinctrl: amd: use higher precision for 512 RtcClk
drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
* don't dump the threads that had been already exiting when zapped.
kernel/exit.c
ocfs2: initialize ip_next_orphan
mei: protect mei_cl_mtu from null dereference
usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
* ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
fs/ext4/inline.c
* ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA
fs/ext4/super.c
* perf: Fix get_recursion_context()
kernel/events/internal.h
cosa: Add missing kfree in error path of cosa_write
* of/address: Fix of_node memory leak in of_dma_is_coherent
drivers/of/address.c
xfs: fix a missing unlock on error in xfs_fs_map_blocks
xfs: fix rmap key and record comparison functions
xfs: fix flags argument to rmap lookup when converting shared file rmaps
pinctrl: aspeed: Fix GPI only function problem.
iommu/amd: Increase interrupt remapping table limit to 512 entries
scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
* cfg80211: regulatory: Fix inconsistent format argument
net/wireless/reg.c
mac80211: fix use of skb payload instead of header
drm/amdgpu: perform srbm soft reset always on SDMA resume
scsi: hpsa: Fix memory leak in hpsa_init_one()
gfs2: check for live vs. read-only file system in gfs2_fitrim
gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
usb: gadget: goku_udc: fix potential crashes in probe
ath9k_htc: Use appropriate rs_datalen type
geneve: add transport ports in route lookup for geneve
i40e: Memory leak in i40e_config_iwarp_qvlist
i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
i40e: Wrong truncation from u16 to u8
i40e: add num_vectors checker in iwarp handler
i40e: Fix a potential NULL pointer dereference
* pinctrl: devicetree: Avoid taking direct reference to device name string
drivers/pinctrl/devicetree.c
Btrfs: fix missing error return if writeback for extent buffer never started
xfs: flush new eof page on truncate to avoid post-eof corruption
can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
can: peak_usb: add range checking in decode operations
can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames
can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
perf tools: Add missing swap for ino_generation
* net: xfrm: fix a race condition during allocing spi
net/xfrm/xfrm_state.c
* genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY
kernel/irq/Kconfig
btrfs: reschedule when cloning lots of extents
* time: Prevent undefined behaviour in timespec64_to_ns()
include/linux/time64.h
mm: mempolicy: fix potential pte_unmap_unlock pte error
gfs2: Wake up when sd_glock_disposal becomes zero
* ring-buffer: Fix recursion protection transitions between interrupt context
kernel/trace/ring_buffer.c
* regulator: defer probe when trying to get voltage from unresolved supply
drivers/regulator/core.c
UPSTREAM: thermal/drivers/hisi: Remove bogus const from function return type
* UPSTREAM: net/ipv6: don't reinitialize ndev->cnf.addr_gen_mode on new inet6_dev
net/ipv6/addrconf.c
UPSTREAM: tee: shm: fix use-after-free via temporarily dropped reference
UPSTREAM: Documentation: ip-sysctl.txt: document addr_gen_mode
UPSTREAM: net: crypto set sk to NULL when af_alg_release.
* UPSTREAM: ipv6: don't auto-add link-local address to lag ports
net/ipv6/addrconf.c
* UPSTREAM: ipv6: ndisc: RFC-ietf-6man-ra-pref64-09 is now published as RFC8781
include/net/ndisc.h
* UPSTREAM: binder: fix incorrect cmd to binder_stat_br
drivers/android/binder.c
* UPSTREAM: arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
arch/arm64/include/asm/mmu_context.h
UPSTREAM: staging: android: vsoc: fix copy_from_user overrun
Merge 4.9.243 into android-4.9-q
Linux 4.9.243
powercap: restrict energy meter to root access
Merge 4.9.242 into android-4.9-q
Linux 4.9.242
Revert "ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE"
ARC: stack unwinding: avoid indefinite looping
* USB: Add NO_LPM quirk for Kingston flash drive
drivers/usb/core/quirks.c
USB: serial: option: add Telit FN980 composition 0x1055
USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
USB: serial: cyberjack: fix write-URB completion race
serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init
serial: 8250_mtk: Fix uart_get_baud_rate warning
* fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
kernel/fork.c
* vt: Disable KD_FONT_OP_COPY
drivers/tty/vt/vt.c
ACPI: NFIT: Fix comparison to '-ENXIO'
vsock: use ns_capable_noaudit() on socket create
* scsi: core: Don't start concurrent async scan on same host
drivers/scsi/scsi_scan.c
* of: Fix reserved-memory overlap detection
drivers/of/of_reserved_mem.c
x86/kexec: Use up-to-dated screen_info copy to fill boot params
ARM: dts: sun4i-a10: fix cpu_alert temperature
* tracing: Fix out of bounds write in get_trace_buf
kernel/trace/trace.c
* ftrace: Handle tracing when switching between context
kernel/trace/trace.h
* ftrace: Fix recursion check for NMI test
kernel/trace/trace.h
* kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled
kernel/kthread.c
* ALSA: usb-audio: Add implicit feedback quirk for Qu-16
sound/usb/pcm.c
Fonts: Replace discarded const qualifier
gianfar: Account for Tx PTP timestamp in the skb headroom
gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
tipc: fix use-after-free in tipc_bcast_get_mode
xen/events: don't use chip_data for legacy IRQs
staging: octeon: Drop on uncorrectable alignment or FCS error
staging: octeon: repair "fixed-link" support
staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice
* KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR
arch/arm64/include/asm/kvm_host.h
* device property: Don't clear secondary pointer for shared primary firmware node
drivers/base/core.c
* device property: Keep secondary firmware node secondary by type
drivers/base/core.c
ARM: s3c24xx: fix missing system reset
ARM: samsung: fix PM debug build with DEBUG_LL but !MMU
hil/parisc: Disable HIL driver when it gets stuck
cachefiles: Handle readpage error correctly
* arm64: berlin: Select DW_APB_TIMER_OF
arch/arm64/Kconfig.platforms
* tty: make FONTX ioctl use the tty pointer they were actually passed
drivers/tty/vt/vt_ioctl.c
rtc: rx8010: don't modify the global rtc ops
vringh: fix __vringh_iov() when riov and wiov are different
* ring-buffer: Return 0 on success from ring_buffer_resize()
kernel/trace/ring_buffer.c
9P: Cast to loff_t before multiplying
libceph: clear con->out_msg on Policy::stateful_server faults
ceph: promote to unsigned long long before shifting
ia64: fix build error with !COREDUMP
ubi: check kthread_should_stop() after the setting of task state
ubifs: dent: Fix some potential memory leaks while iterating entries
powerpc/powernv/elog: Fix race while processing OPAL error log event.
powerpc: Warn about use of smt_snooze_delay
iio:gyro:itg3200: Fix timestamp alignment and prevent data leak.
iio:adc:ti-adc12138 Fix alignment issue with timestamp
iio:light:si1145: Fix timestamp alignment and prevent data leak.
dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status
* vt: keyboard, extend func_buf_lock to readers
drivers/tty/vt/keyboard.c
* vt: keyboard, simplify vt_kdgkbsent
drivers/tty/vt/keyboard.c
usb: host: fsl-mph-dr-of: check return of dma_set_mask()
* usb: dwc3: core: don't trigger runtime pm when remove driver
drivers/usb/dwc3/core.c
* usb: dwc3: core: add phy cleanup for probe error handling
drivers/usb/dwc3/core.c
btrfs: fix use-after-free on readahead extent after failure to create it
btrfs: cleanup cow block on error
btrfs: reschedule if necessary when logging directory items
scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
w1: mxc_w1: Fix timeout resolution problem leading to bus error
acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
ACPI: debug: don't allow debugging when ACPI is disabled
ACPI: video: use ACPI backlight for HP 635 Notebook
ACPI / extlog: Check for RDMSR failure
NFS: fix nfs_path in case of a rename retry
* fs: Don't invalidate page buffers in block_write_full_page()
fs/buffer.c
leds: bcm6328, bcm6358: use devres LED registering function
perf/x86/amd/ibs: Fix raw sample data accumulation
perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count()
md/raid5: fix oops during stripe resizing
ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node
ARM: dts: s5pv210: move PMU node out of clock controller
ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings
memory: emif: Remove bogus debugfs error handling
gfs2: add validation checks for size of superblock
* ext4: Detect already used quota file early
fs/ext4/super.c
drivers: watchdog: rdc321x_wdt: Fix race condition bugs
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
clk: ti: clockdomain: fix static checker warning
md/bitmap: md_bitmap_get_counter returns wrong blocks
power: supply: test_power: add missing newlines when printing parameters by sysfs
bus/fsl_mc: Do not rely on caller to provide non NULL mc_io
drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
* arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE
arch/arm64/include/asm/numa.h
USB: adutux: fix debugging
cpufreq: sti-cpufreq: add stih418 support
* kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
kernel/debug/debug_core.c
* printk: reduce LOG_BUF_SHIFT range for H8300
init/Kconfig
mmc: via-sdmmc: Fix data race bug
media: tw5864: check status of tw5864_frameinterval_get
ath10k: fix VHT NSS calculation when STBC is enabled
video: fbdev: pvr2fb: initialize variables
xfs: fix realtime bitmap/summary file truncation when growing rt volume
ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses
um: change sigio_spinlock to a mutex
* f2fs: fix to check segment boundary during SIT page readahead
fs/f2fs/checkpoint.c
* f2fs: add trace exit in exception path
fs/f2fs/checkpoint.c
sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
powerpc/powernv/smp: Fix spurious DBG() warning
mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
* fscrypt: use EEXIST when file already uses different policy
fs/crypto/policy.c
* fscrypto: move ioctl processing more fully into common code
fs/crypto/policy.c
fs/ext4/ext4.h
fs/ext4/ioctl.c
fs/f2fs/f2fs.h
fs/f2fs/file.c
* fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
fs/crypto/policy.c
fs/ext4/namei.c
fs/f2fs/namei.c
ata: sata_rcar: Fix DMA boundary mask
mtd: lpddr: Fix bad logic in print_drs_error
p54: avoid accessing the data mapped to streaming DMA
* fuse: fix page dereference after free
fs/fuse/dev.c
arch/x86/amd/ibs: Fix re-arming IBS Fetch
tipc: fix memory leak caused by tipc_buf_append()
ravb: Fix bit fields checking in ravb_hwtstamp_get()
efivarfs: Replace invalid slashes with exclamation marks in dentries.
powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler
* scripts/setlocalversion: make git describe output more reliable
scripts/setlocalversion
SUNRPC: ECONNREFUSED should cause a rebind.
* ANDROID: Temporarily disable XFRM_USER_COMPAT filtering
net/xfrm/xfrm_state.c
net/xfrm/xfrm_user.c
* BACKPORT: xfrm/compat: Translate 32-bit user_policy from sockptr
include/net/xfrm.h
net/xfrm/xfrm_state.c
* BACKPORT: xfrm/compat: Add 32=>64-bit messages translator
include/net/xfrm.h
net/xfrm/Kconfig
net/xfrm/xfrm_user.c
* UPSTREAM: xfrm/compat: Attach xfrm dumps to 64=>32 bit translator
net/xfrm/xfrm_user.c
* BACKPORT: xfrm/compat: Add 64=>32-bit messages translator
include/net/xfrm.h
net/xfrm/xfrm_user.c
* BACKPORT: xfrm: Provide API to register translator module
include/net/xfrm.h
net/xfrm/Kconfig
net/xfrm/Makefile
net/xfrm/xfrm_state.c
* UPSTREAM: mm/sl[uo]b: export __kmalloc_track(_node)_caller
mm/slub.c
ANDROID: Publish uncompressed Image on aarch64
* ANDROID: Makefile: append BUILD_NUMBER to version string when defined
Makefile
Change-Id: I345c9bde484cf008679253982f61b2a833527c3e
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Steven Rostedt (VMware)
|
b0db2f09db |
ring-buffer: Fix recursion protection transitions between interrupt context
[ Upstream commit b02414c8f045ab3b9afc816c3735bc98c5c3d262 ]
The recursion protection of the ring buffer depends on preempt_count() to be
correct. But it is possible that the ring buffer gets called after an
interrupt comes in but before it updates the preempt_count(). This will
trigger a false positive in the recursion code.
Use the same trick from the ftrace function callback recursion code which
uses a "transition" bit that gets set, to allow for a single recursion for
to handle transitions between contexts.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Qiujun Huang
|
f14b7bf830 |
ring-buffer: Return 0 on success from ring_buffer_resize()
commit 0a1754b2a97efa644aa6e84d1db5b17c42251483 upstream.
We don't need to check the new buffer size, and the return value
had confused resize_buffer_duplicate_size().
...
ret = ring_buffer_resize(trace_buf->buffer,
per_cpu_ptr(size_buf->data,cpu_id)->entries, cpu_id);
if (ret == 0)
per_cpu_ptr(trace_buf->data, cpu_id)->entries =
per_cpu_ptr(size_buf->data, cpu_id)->entries;
...
Link: https://lkml.kernel.org/r/20201019142242.11560-1-hqjagain@gmail.com
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Robin Peng
|
ad18574239 |
Merge android-4.9 (4.9.178) into android-msm-pixel-4.9-lts
Merge 4.9.178 into android-4.9
Linux 4.9.178
KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
* ext4: fix data corruption caused by overlapping unaligned and aligned IO
fs/ext4/file.c
* ext4: zero out the unused memory region in the extent tree block
fs/ext4/extents.c
* fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount
fs/fs-writeback.c
* writeback: synchronize sync(2) against cgroup writeback membership switches
fs/fs-writeback.c
include/linux/backing-dev-defs.h
mm/backing-dev.c
* fib_rules: fix error in backport of e9919a24d302 ("fib_rules: return 0...")
net/core/fib_rules.c
crypto: arm/aes-neonbs - don't access already-freed walk.iv
crypto: salsa20 - don't access already-freed walk.iv
* crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
crypto/gcm.c
* crypto: gcm - Fix error return code in crypto_gcm_create_common()
crypto/gcm.c
ipmi:ssif: compare block number correctly for multi-part return messages
bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
bcache: fix a race between cache register and cacheset unregister
Btrfs: do not start a transaction at iterate_extent_inodes()
* ext4: fix ext4_show_options for file systems w/o journal
fs/ext4/super.c
* ext4: actually request zeroing of inode table after grow
fs/ext4/ioctl.c
* jbd2: check superblock mapped prior to committing
fs/jbd2/journal.c
tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values
mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L
ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
* mm/mincore.c: make mincore() more conservative
mm/mincore.c
ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
ASoC: max98090: Fix restore of DAPM Muxes
ALSA: hda/realtek - EAPD turn on later
ALSA: hda/hdmi - Consider eld_valid when reporting jack event
ALSA: hda/hdmi - Read the pin sense from register when repolling
* ALSA: usb-audio: Fix a memory leak bug
sound/usb/mixer.c
crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
crypto: crct10dif-generic - fix use via crypto_shash_digest()
crypto: vmx - fix copy-paste error in CTR mode
crypto: chacha20poly1305 - set cra_name correctly
sched/x86: Save [ER]FLAGS on context switch
* arm64: Clear OSDLR_EL1 on CPU boot
arch/arm64/kernel/debug-monitors.c
* arm64: compat: Reduce address limit
arch/arm64/include/asm/processor.h
power: supply: axp288_charger: Fix unchecked return value
ARM: exynos: Fix a leaked reference by adding missing of_node_put
objtool: Fix function fallthrough detection
x86/speculation/mds: Improve CPU buffer clear documentation
x86/speculation/mds: Revert CPU buffer clear on double fault exit
PCI: hv: Fix a memory leak in hv_eject_device_work()
* locking/rwsem: Prevent decrement of reader count before increment
kernel/locking/rwsem-xadd.c
* net: core: another layer of lists, around PF_MEMALLOC skb handling
include/linux/list.h
* UPSTREAM: fib_rules: fix error in backport of e9919a24d302 ("fib_rules: return 0...")
net/core/fib_rules.c
* UPSTREAM: bpf: relax inode permission check for retrieving bpf program
kernel/bpf/inode.c
Merge 4.9.177 into android-4.9
Linux 4.9.177
powerpc/booke64: set RI in default MSR
powerpc/lib: fix book3s/32 boot failure due to code patching
drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
* bonding: fix arp_validate toggling in active-backup mode
drivers/net/bonding/bond_options.c
* ipv4: Fix raw socket lookup for local traffic
net/ipv4/raw.c
* vrf: sit mtu should not be updated when vrf netdev is the link
net/ipv6/sit.c
vlan: disable SIOCSHWTSTAMP in container
* packet: Fix error path in packet_init
net/packet/af_packet.c
net: ucc_geth - fix Oops when changing number of buffers in the ring
* fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied
net/core/fib_rules.c
* bridge: Fix error path for kobject_init_and_add()
net/bridge/br_if.c
powerpc/64s: Include cpu header
x86/vdso: Pass --eh-frame-hdr to the linker
x86/vdso: Drop implicit common-page-size linker flag
x86: vdso: Use $LD instead of $CC to link
Revert "x86: vdso: Use $LD instead of $CC to link"
Revert "x86/vdso: Drop implicit common-page-size linker flag"
Don't jump to compute_result state from check_result state
rtlwifi: rtl8723ae: Fix missing break in switch statement
* ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command
include/sound/pcm.h
sound/core/pcm_lib.c
sound/core/pcm_native.c
cw1200: fix missing unlock on error in cw1200_hw_scan()
Input: synaptics-rmi4 - fix possible double free
spi: ST ST95HF NFC: declare missing of table
spi: Micrel eth switch: declare missing of table
gpu: ipu-v3: dp: fix CSC handling
selftests/net: correct the return value for run_netsocktests
drm/sun4i: Set device driver data at bind time for use in unbind
s390: ctcm: fix ctcm_new_device error return code
MIPS: perf: ath79: Fix perfcount IRQ assignment
ipvs: do not schedule icmp errors from tunnels
selftests: netfilter: check icmp pkttoobig errors are set as related
* init: initialize jump labels before command line option parsing
init/main.c
tools lib traceevent: Fix missing equality check for strcmp
KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing
* x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T
include/linux/efi.h
mISDN: Check address length before reading address family
s390/3270: fix lockdep false positive on view->lock
mac80211: fix unaligned access in mesh table hash function
s390/dasd: Fix capacity calculation for large volumes
libnvdimm/btt: Fix a kmemdup failure check
* HID: input: add mapping for "Toggle Display" key
drivers/hid/hid-input.c
* HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
drivers/hid/hid-input.c
* HID: input: add mapping for Expose/Overview key
drivers/hid/hid-input.c
libnvdimm/namespace: Fix a potential NULL pointer dereference
iio: adc: xilinx: fix potential use-after-free on remove
USB: serial: fix unthrottle races
platform/x86: sony-laptop: Fix unintentional fall-through
* bpf: convert htab map to hlist_nulls
include/linux/list_nulls.h
include/linux/rculist_nulls.h
kernel/bpf/hashtab.c
* bpf: fix struct htab_elem layout
kernel/bpf/hashtab.c
* netfilter: compat: initialize all fields in xt_init
net/netfilter/x_tables.c
ANDROID: cuttlefish_defconfig: Disable DEVTMPFS
ANDROID: Move from clang r349610 to r353983c.
Merge upstream-f2fs-stable-linux-4.9.y into android-4.9
Merge 4.9.176 into android-4.9
Linux 4.9.176
x86/cpu/bugs: Use __initconst for 'const' init data
x86: stop exporting msr-index.h to userland
x86/speculation/mds: Fix documentation typo
Documentation: Correct the possible MDS sysfs values
x86/mds: Add MDSUM variant to the MDS documentation
x86/speculation/mds: Add 'mitigations=' support for MDS
x86/speculation: Support 'mitigations=' cmdline option
* cpu/speculation: Add 'mitigations=' cmdline option
include/linux/cpu.h
kernel/cpu.c
x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
x86/speculation/mds: Fix comment
x86/speculation/mds: Add SMT warning message
x86/speculation: Move arch_smt_update() call to after mitigation decisions
x86/speculation/mds: Add mds=full,nosmt cmdline option
Documentation: Add MDS vulnerability documentation
Documentation: Move L1TF to separate directory
x86/speculation/mds: Add mitigation mode VMWERV
* x86/speculation/mds: Add sysfs reporting for MDS
drivers/base/cpu.c
include/linux/cpu.h
x86/speculation/mds: Add mitigation control for MDS
x86/speculation/mds: Conditionally clear CPU buffers on idle entry
x86/kvm/vmx: Add MDS protection when L1D Flush is not active
x86/speculation/mds: Clear CPU buffers on exit to user
x86/speculation/mds: Add mds_clear_cpu_buffers()
x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
x86/speculation/mds: Add BUG_MSBDS_ONLY
x86/speculation/mds: Add basic bug infrastructure for MDS
x86/speculation: Consolidate CPU whitelists
x86/msr-index: Cleanup bit defines
kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
x86/speculation: Provide IBPB always command line options
x86/speculation: Add seccomp Spectre v2 user space protection mode
x86/speculation: Enable prctl mode for spectre_v2_user
* x86/speculation: Add prctl() control for indirect branch speculation
include/linux/sched.h
include/uapi/linux/prctl.h
x86/speculation: Prevent stale SPEC_CTRL msr content
x86/speculation: Prepare arch_smt_update() for PRCTL mode
x86/speculation: Split out TIF update
x86/speculation: Prepare for conditional IBPB in switch_mm()
x86/speculation: Avoid __switch_to_xtra() calls
x86/process: Consolidate and simplify switch_to_xtra() code
x86/speculation: Prepare for per task indirect branch speculation control
x86/speculation: Add command line control for indirect branch speculation
x86/speculation: Unify conditional spectre v2 print functions
x86/speculataion: Mark command line parser data __initdata
x86/speculation: Mark string arrays const correctly
x86/speculation: Reorder the spec_v2 code
x86/l1tf: Show actual SMT state
* x86/speculation: Rework SMT state change
include/linux/sched/smt.h
kernel/cpu.c
* sched: Add sched_smt_active()
include/linux/sched/smt.h
kernel/sched/core.c
kernel/sched/sched.h
x86/Kconfig: Select SCHED_SMT if SMP enabled
x86/speculation: Reorganize speculation control MSRs update
x86/speculation: Rename SSBD update functions
x86/speculation: Disable STIBP when enhanced IBRS is in use
x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common()
x86/speculation: Remove unnecessary ret variable in cpu_show_common()
x86/speculation: Clean up spectre_v2_parse_cmdline()
x86/speculation: Update the TIF_SSBD comment
x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off
x86/speculation: Propagate information about RSB filling mitigation to sysfs
* x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
kernel/cpu.c
* x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
include/linux/ptrace.h
kernel/ptrace.c
Documentation/l1tf: Fix small spelling typo
x86/cpu: Sanitize FAM6_ATOM naming
x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
* locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file
include/linux/bitops.h
include/linux/bits.h
x86/speculation: Simplify the CPU bug detection logic
* bitops: avoid integer overflow in GENMASK(_ULL)
include/linux/bitops.h
x86/mm: Use WRITE_ONCE() when setting PTEs
x86/microcode: Update the new microcode revision unconditionally
x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
x86/microcode/intel: Check microcode revision before updating sibling threads
x86/microcode/intel: Add a helper which gives the microcode revision
x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
x86/bugs: Add AMD's SPEC_CTRL MSR usage
x86/bugs: Add AMD's variant of SSB_NO
x86/cpufeatures: Hide AMD-specific speculation flags
x86/MCE: Save microcode revision in machine check records
Merge 4.9.175 into android-4.9
Linux 4.9.175
timer/debug: Change /proc/timer_stats from 0644 to 0600
ASoC: Intel: avoid Oops if DMA setup fails
UAS: fix alignment of scatter/gather segments
* Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
Bluetooth: hidp: fix buffer overflow
scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
* usb-storage: Set virt_boundary_mask to avoid SG overflows
drivers/usb/storage/scsiglue.c
USB: serial: f81232: fix interrupt worker not stop
* usb: dwc3: Fix default lpm_nyet_threshold value
drivers/usb/dwc3/core.c
* genirq: Prevent use-after-free and work list corruption
kernel/irq/manage.c
ARM: 8680/1: boot/compressed: fix inappropriate Thumb2 mnemonic for __nop
* mm: add 'try_get_page()' helper function
include/linux/mm.h
iommu/amd: Set exclusion range correctly
virtio-blk: limit number of hw queues by nr_cpu_ids
drm/mediatek: fix possible object reference leak
scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
* linux/kernel.h: Use parentheses around argument in u64_to_user_ptr()
include/linux/kernel.h
perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata()
ASoC: tlv320aic32x4: Fix Common Pins
IB/hfi1: Eliminate opcode tests on mr deref
ASoC: cs4270: Set auto-increment bit for register writes
ASoC: nau8810: fix the issue of widget with prefixed name
* ASoC:soc-pcm:fix a codec fixup issue in TDM case
sound/soc/soc-pcm.c
staging: greybus: power_supply: fix prop-descriptor request size
ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings
scsi: libsas: fix a race condition when smp task timeout
* f2fs: fix to avoid accessing xattr across the boundary
fs/f2fs/xattr.c
fs/f2fs/xattr.h
* f2fs: fix to avoid potential race on sbi->unusable_block_count access/update
fs/f2fs/checkpoint.c
fs/f2fs/segment.c
fs/f2fs/super.c
* f2fs: add tracepoint for f2fs_filemap_fault()
fs/f2fs/file.c
include/trace/events/f2fs.h
* f2fs: introduce DATA_GENERIC_ENHANCE
fs/f2fs/checkpoint.c
fs/f2fs/data.c
fs/f2fs/f2fs.h
fs/f2fs/file.c
fs/f2fs/gc.c
fs/f2fs/inode.c
fs/f2fs/node.c
fs/f2fs/recovery.c
fs/f2fs/segment.c
fs/f2fs/segment.h
* f2fs: fix to handle error in f2fs_disable_checkpoint()
fs/f2fs/super.c
* f2fs: remove redundant check in f2fs_file_write_iter()
fs/f2fs/file.c
* f2fs: fix to be aware of readonly device in write_checkpoint()
fs/f2fs/checkpoint.c
* f2fs: fix to skip recovery on readonly device
fs/f2fs/checkpoint.c
fs/f2fs/super.c
* f2fs: fix to consider multiple device for readonly check
fs/f2fs/f2fs.h
fs/f2fs/super.c
* f2fs: relocate chksum_offset for large_nat_bitmap feature
fs/f2fs/checkpoint.c
fs/f2fs/f2fs.h
* f2fs: allow unfixed f2fs_checkpoint.checksum_offset
fs/f2fs/checkpoint.c
include/linux/f2fs_fs.h
* f2fs: Replace spaces with tab
fs/f2fs/acl.c
* f2fs: insert space before the open parenthesis '('
fs/f2fs/acl.c
* f2fs: allow address pointer number of dnode aligning to specified size
fs/f2fs/f2fs.h
fs/f2fs/file.c
fs/f2fs/gc.c
fs/f2fs/node.c
fs/f2fs/super.c
include/linux/f2fs_fs.h
* f2fs: introduce f2fs_read_single_page() for cleanup
fs/f2fs/data.c
* f2fs: mark is_extension_exist() inline
fs/f2fs/namei.c
* f2fs: fix to set FI_UPDATE_WRITE correctly
fs/f2fs/data.c
* f2fs: fix to avoid panic in f2fs_inplace_write_data()
fs/f2fs/segment.c
* f2fs: fix to do sanity check on valid block count of segment
fs/f2fs/segment.h
* f2fs: fix to do sanity check on valid node/block count
fs/f2fs/super.c
* f2fs: fix to avoid panic in do_recover_data()
fs/f2fs/recovery.c
* f2fs: fix to do sanity check on free nid
fs/f2fs/node.c
* f2fs: fix to do checksum even if inode page is uptodate
fs/f2fs/inode.c
fs/f2fs/node.c
* f2fs: fix to avoid panic in f2fs_remove_inode_page()
fs/f2fs/node.c
* f2fs: fix to clear dirty inode in error path of f2fs_iget()
fs/f2fs/inode.c
* f2fs: remove new blank line of f2fs kernel message
fs/f2fs/file.c
fs/f2fs/super.c
* f2fs: fix wrong __is_meta_io() macro
fs/f2fs/checkpoint.c
fs/f2fs/data.c
fs/f2fs/f2fs.h
* f2fs: fix to avoid panic in dec_valid_node_count()
fs/f2fs/f2fs.h
* f2fs: fix to avoid panic in dec_valid_block_count()
fs/f2fs/f2fs.h
* f2fs: fix to use inline space only if inline_xattr is enable
fs/f2fs/f2fs.h
* f2fs: fix to retrieve inline xattr space
fs/f2fs/inline.c
* f2fs: fix error path of recovery
fs/f2fs/recovery.c
* f2fs: fix to avoid deadloop in foreground GC
fs/f2fs/gc.c
* f2fs: data: fix warning Using plain integer as NULL pointer
fs/f2fs/data.c
* f2fs: add tracepoint for f2fs_file_write_iter()
fs/f2fs/file.c
include/trace/events/f2fs.h
* f2fs: add comment for conditional compilation statement
fs/f2fs/f2fs.h
* f2fs: fix potential recursive call when enabling data_flush
fs/f2fs/checkpoint.c
fs/f2fs/data.c
* f2fs: improve discard handling with multi-device volumes
fs/f2fs/f2fs.h
fs/f2fs/segment.c
* f2fs: Reduce zoned block device memory usage
fs/f2fs/f2fs.h
fs/f2fs/segment.c
fs/f2fs/super.c
* f2fs: Fix use of number of devices
fs/f2fs/data.c
fs/f2fs/f2fs.h
fs/f2fs/file.c
fs/f2fs/gc.c
fs/f2fs/segment.c
* ANDROID: block/cfq-iosched: make group_idle per io cgroup tunable
block/cfq-iosched.c
Merge remote-tracking branch 'origin/upstream-f2fs-stable-linux-4.9.y' into android-4.9
ANDROID: cuttlefish_defconfig: Enable CONFIG_CPUSETS and CONFIG_CGROUP_SCHEDTUNE
ANDROID: Communicates LMK events to userland where they can be logged
Merge 4.9.174 into android-4.9
Linux 4.9.174
media: v4l2: i2c: ov7670: Fix PLL bypass register values
x86/mce: Improve error message when kernel cannot recover, p2
* selinux: never allow relabeling on context mounts
security/selinux/hooks.c
Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
scsi: RDMA/srpt: Fix a credit leak for aborted commands
staging: iio: adt7316: fix the dac write calculation
staging: iio: adt7316: fix the dac read calculation
staging: iio: adt7316: allow adt751x to use internal vref for all dacs
perf/x86/amd: Update generic hardware cache events for Family 17h
ARM: iop: don't use using 64-bit DMA masks
ARM: orion: don't use using 64-bit DMA masks
xsysace: Fix error handling in ace_setup
sh: fix multiple function definition build errors
hugetlbfs: fix memory leak for resv_map
net: hns: Fix WARNING when remove HNS driver with SMMU enabled
net: hns: Use NAPI_POLL_WEIGHT for hns driver
net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw()
scsi: storvsc: Fix calculation of sub-channel count
* scsi: core: add new RDAC LENOVO/DE_Series device
drivers/scsi/scsi_devinfo.c
vfio/pci: use correct format characters
rtc: da9063: set uie_unsupported when relevant
* debugfs: fix use-after-free on symlink traversal
fs/debugfs/inode.c
jffs2: fix use-after-free on symlink traversal
net: stmmac: don't log oversized frames
net: stmmac: fix dropping of multi-descriptor RX frames
net: stmmac: don't overwrite discard_frame status
* bonding: show full hw address in sysfs for slave entries
drivers/net/bonding/bond_sysfs_slave.c
net/mlx5: E-Switch, Fix esw manager vport indication for more vport commands
igb: Fix WARN_ONCE on runtime suspend
batman-adv: Reduce tt_global hash refcnt only for removed entry
batman-adv: Reduce tt_local hash refcnt only for removed entry
batman-adv: Reduce claim hash refcnt only for removed entry
rtc: sh: Fix invalid alarm warning for non-enabled alarm
* HID: debug: fix race condition with between rdesc_show() and device removal
drivers/hid/hid-debug.c
HID: logitech: check the return value of create_singlethread_workqueue
nvme-loop: init nvmet_ctrl fatal_err_work when allocate
* USB: core: Fix bug caused by duplicate interface PM usage counter
drivers/usb/core/driver.c
include/linux/usb.h
* USB: core: Fix unterminated string returned by usb_string()
drivers/usb/core/message.c
usb: usbip: fix isoc packet num validation in get_pipe
USB: w1 ds2490: Fix bug caused by improper use of altsetting array
USB: yurex: Fix protection fault after device removal
caif: reduce stack size with KASAN
* arm64: mm: don't print out page table entries on EL0 faults
arch/arm64/mm/fault.c
* arm64: mm: print out correct page table entries
arch/arm64/include/asm/system_misc.h
arch/arm64/mm/fault.c
* kasan: prevent compiler from optimizing away memset in tests
lib/Makefile
* arm64: proc: Set PTE_NG for table entries to avoid traversing them twice
arch/arm64/mm/proc.S
kasan: remove redundant initialization of variable 'real_size'
kasan: avoid -Wmaybe-uninitialized warning
* kasan: add a prototype of task_struct to avoid warning
include/linux/kasan.h
arm64: kasan: avoid bad virt_to_pfn()
x86/unwind: Disable KASAN checks for non-current tasks
mm/kasan: Switch to using __pa_symbol and lm_alias
x86/suspend: fix false positive KASAN warning on suspend/resume
net: phy: marvell: Fix buffer overrun with stats counters
bnxt_en: Improve multicast address setup logic.
* packet: validate msg_namelen in send directly
net/packet/af_packet.c
* ipv6: invert flowlabel sharing check in process and user mode
net/ipv6/ip6_flowlabel.c
* ipv6/flowlabel: wait rcu grace period before put_pid()
net/ipv6/ip6_flowlabel.c
* ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
net/ipv4/ip_output.c
ALSA: line6: use dynamic buffers
* ext4: don't bother checking for encryption key in ->mmap()
fs/ext4/file.c
ANDROID: cuttlefish 4.9: enable CONFIG_CRYPTO_AES_NI_INTEL=y
Merge 4.9.173 into android-4.9
Linux 4.9.173
vfio/type1: Limit DMA mappings per container
leds: pca9532: fix a potential NULL pointer dereference
kconfig/[mn]conf: handle backspace (^H) key
* gpio: of: Fix of_gpiochip_add() error path
drivers/gpio/gpiolib-of.c
libata: fix using DMA buffers on stack
scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
ceph: fix use-after-free on symlink traversal
usb: u132-hcd: fix resource leak
scsi: qla4xxx: fix a potential NULL pointer dereference
net: ethernet: ti: fix possible object reference leak
net: ibm: fix possible object reference leak
net: xilinx: fix possible object reference leak
NFS: Fix a typo in nfs_init_timeout_values()
staging: rtl8712: uninitialized memory in read_bbreg_hdl()
net: ks8851: Set initial carrier state to down
net: ks8851: Delay requesting IRQ until opened
net: ks8851: Reassert reset pin if chip ID check fails
net: ks8851: Dequeue RX packets explicitly
ARM: dts: pfla02: increase phy reset duration
usb: gadget: net2272: Fix net2272_dequeue()
usb: gadget: net2280: Fix net2280_dequeue()
usb: gadget: net2280: Fix overrun of OUT messages
serial: ar933x_uart: Fix build failure with disabled console
sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING
netfilter: nft_set_rbtree: check for inactive element after flag mismatch
qlcnic: Avoid potential NULL pointer dereference
s390: limit brk randomization to 32MB
ARM: dts: bcm283x: Fix hdmi hpd gpio pull
media: vivid: check if the cec_adapter is valid
usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
usbnet: ipheth: prevent TX queue timeouts when device not ready
Merge 4.9.172 into android-4.9
Linux 4.9.172
Documentation: Add nospectre_v1 parameter
powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
* net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c
net/ipv6/netfilter/nf_conntrack_reasm.c
* net: IP6 defrag: use rbtrees for IPv6 defrag
include/net/ipv6_frag.h
net/ipv6/reassembly.c
* ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module
include/net/ipv6.h
include/net/ipv6_frag.h
net/ipv6/netfilter/nf_conntrack_reasm.c
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
net/ipv6/reassembly.c
* net: IP defrag: encapsulate rbtree defrag code into callable functions
include/net/inet_frag.h
net/ipv4/inet_fragment.c
net/ipv4/ip_fragment.c
* ipv6: frags: fix a lockdep false positive
net/ipv6/reassembly.c
* ipv4: set the tcp_min_rtt_wlen range from 0 to one day
net/ipv4/sysctl_net_ipv4.c
net: stmmac: move stmmac_check_ether_addr() to driver probe
team: fix possible recursive locking when add slaves
net: rds: exchange of 8K and 1M pool
net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query
mlxsw: spectrum: Fix autoneg status in ethtool
* ipv4: add sanity checks in ipv4_link_failure()
net/ipv4/route.c
* Revert "block/loop: Use global lock for ioctl() operation."
drivers/block/loop.c
drivers/block/loop.h
tipc: check link name with right length in tipc_nl_compat_link_set
tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
fm10k: Fix a potential NULL pointer dereference
* netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
net/bridge/netfilter/ebtables.c
NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
* fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
fs/proc/proc_sysctl.c
intel_th: gth: Fix an off-by-one in output unassigning
* slip: make slhc_free() silently accept an error pointer
drivers/net/slip/slhc.c
tipc: handle the err returned from cmd header function
vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock
* USB: Consolidate LPM checks to avoid enabling LPM twice
drivers/usb/core/driver.c
drivers/usb/core/hub.c
drivers/usb/core/message.c
* USB: Add new USB LPM helpers
drivers/usb/core/driver.c
drivers/usb/core/hub.c
drivers/usb/core/message.c
drivers/usb/core/sysfs.c
drivers/usb/core/usb.h
drm/vc4: Fix compilation error reported by kbuild test bot
drm/vc4: Fix memory leak during gpu reset.
ARM: 8857/1: efi: enable CP15 DMB instructions before cleaning the cache
dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid
Input: synaptics-rmi4 - write config register values to the right offset
sunrpc: don't mark uninitialised items as VALID.
nfsd: Don't release the callback slot unless it was actually held
ceph: fix ci->i_head_snapc leak
ceph: ensure d_name stability in ceph_dentry_hash()
* sched/numa: Fix a possible divide-by-zero
kernel/sched/fair.c
IB/rdmavt: Fix frwr memory registration
* trace: Fix preempt_enable_no_resched() abuse
kernel/trace/ring_buffer.c
MIPS: scall64-o32: Fix indirect syscall number load
* tracing: Fix a memory leak by early error exit in trace_pid_write()
kernel/trace/trace.c
cifs: do not attempt cifs operation on smb2+ rename error
* kbuild: simplify ld-option implementation
scripts/Kbuild.include
Merge 4.9.171 into android-4.9
Linux 4.9.171
* kernel/sysctl.c: fix out-of-bounds access when setting file-max
kernel/sysctl.c
Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()"
i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array
* percpu: stop printing kernel addresses
mm/percpu.c
* ALSA: info: Fix racy addition/deletion of nodes
sound/core/info.c
* mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n
mm/vmstat.c
device_cgroup: fix RCU imbalance in error case
* sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
kernel/sched/fair.c
* Revert "kbuild: use -Oz instead of -Os when using clang"
Makefile
perf/x86/amd: Add event map for AMD Family 17h
mac80211: do not call driver wake_tx_queue op during reconfig
rt2x00: do not increment sequence number while re-transmitting
* kprobes: Fix error check when reusing optimized probes
kernel/kprobes.c
kprobes: Mark ftrace mcount handler functions nokprobe
* x86/kprobes: Verify stack frame on kretprobe
include/linux/kprobes.h
* arm64: futex: Restore oldval initialization to work around buggy compilers
arch/arm64/include/asm/futex.h
crypto: x86/poly1305 - fix overflow during partial reduction
Revert "svm: Fix AVIC incomplete IPI emulation"
Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO"
* ALSA: core: Fix card races between register and disconnect
sound/core/init.c
staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
staging: comedi: ni_usb6501: Fix use of uninitialized mutex
staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
staging: comedi: vmk80xx: Fix use of uninitialized semaphore
io: accel: kxcjk1013: restore the range after resume.
iio: adc: at91: disable adc channel interrupt in timeout case
iio: ad_sigma_delta: select channel when reading register
iio/gyro/bmg160: Use millidegrees for temperature scale
staging: iio: ad7192: Fix ad7193 channel address
KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
CIFS: keep FileInfo handle live during oplock break
tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
* modpost: file2alias: check prototype of handler
scripts/mod/file2alias.c
* modpost: file2alias: go back to simple devtable lookup
scripts/mod/file2alias.c
* mmc: sdhci: Fix data command CRC error handling
drivers/mmc/host/sdhci.c
crypto: crypto4xx - properly set IV after de- and encrypt
* ipv4: ensure rcu_read_lock() in ipv4_link_failure()
net/ipv4/route.c
* ipv4: recompile ip options in ipv4_link_failure
net/ipv4/route.c
vhost: reject zero size iova range
team: set slave to promisc if team is already in promisc mode
* tcp: tcp_grow_window() needs to respect tcp_space()
net/ipv4/tcp_input.c
net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
* net: bridge: multicast: use rcu to access port list from br_multicast_start_querier
net/bridge/br_multicast.c
* net: bridge: fix per-port af_packet sockets
net/bridge/br_input.c
net: atm: Fix potential Spectre v1 vulnerabilities
* bonding: fix event handling for stacked bonds
drivers/net/bonding/bond_main.c
* UPSTREAM: usb: hcd: use correct device pointer for dma ops
drivers/usb/core/hcd.c
UPSTREAM: usb: host: ehci: use correct device pointer for dma ops
* UPSTREAM: usb: separate out sysdev pointer from usb_bus
drivers/usb/core/buffer.c
drivers/usb/core/hcd.c
drivers/usb/core/usb.c
include/linux/usb.h
include/linux/usb/hcd.h
ANDROID: cuttlefish_defconfig: Enable CONFIG_XFRM_STATISTICS
Merge 4.9.170 into android-4.9
Linux 4.9.170
* appletalk: Fix compile regression
include/linux/atalk.h
net: stmmac: Set dma ring length before enabling the DMA
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
* include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
include/linux/swap.h
* lib/div64.c: off by one in shift
lib/div64.c
* appletalk: Fix use-after-free in atalk_proc_exit
include/linux/atalk.h
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
lkdtm: Add tests for NULL pointer dereference
soc/tegra: pmc: Drop locking from tegra_powergate_is_powered()
iommu/dmar: Fix buffer overflow during PCI bus notification
crypto: sha512/arm - fix crash bug in Thumb2 build
crypto: sha256/arm - fix crash bug in Thumb2 build
* kernel: hung_task.c: disable on suspend
kernel/hung_task.c
cifs: fallback to older infolevels on findfirst queryinfo retry
ACPI / SBS: Fix GPE storm on recent MacBookPro's
ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
HID: i2c-hid: override HID descriptors for certain devices
serial: uartps: console_setup() can't be placed to init section
* f2fs: fix to do sanity check with current segment number
fs/f2fs/super.c
9p locks: add mount option for lock retry interval
9p: do not trust pdu content for stat item size
rsi: improve kernel thread handling to fix kernel panic
gpio: pxa: handle corner case of unprobed device
* ext4: prohibit fstrim in norecovery mode
fs/ext4/ioctl.c
fix incorrect error code mapping for OBJECTID_NOT_FOUND
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
iommu/vt-d: Check capability before disabling protected memory
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
x86/hpet: Prevent potential NULL pointer dereference
irqchip/mbigen: Don't clear eventid when freeing an MSI
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test
perf evsel: Free evsel->counts in perf_evsel__exit()
perf hist: Add missing map__put() in error case
perf top: Fix error handling in cmd_top()
perf build-id: Fix memory leak in print_sdt_events()
perf config: Fix a memory leak in collect_config()
perf config: Fix an error in the config template documentation
tools/power turbostat: return the exit status of a command
thermal/int340x_thermal: fix mode setting
thermal/int340x_thermal: Add additional UUIDs
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
mmc: davinci: remove extraneous __init annotation
IB/mlx4: Fix race condition between catas error reset and aliasguid flows
ALSA: sb8: add a check for request_region
ALSA: echoaudio: add a check for ioremap_nocache
* ext4: report real fs size after failed resize
fs/ext4/resize.c
* ext4: add missing brelse() in add_new_gdb_meta_bg()
fs/ext4/resize.c
* perf/core: Restore mmap record type correctly
kernel/events/core.c
ARC: u-boot args: check that magic number is correct
ANDROID: cuttlefish_defconfig: Enable L2TP/PPTP
* ANDROID: Makefile: Properly resolve 4.9.169 merge
Makefile
Make arm64 serial port config compatible with crosvm
Merge 4.9.169 into android-4.9
Linux 4.9.169
* PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
drivers/pci/quirks.c
xtensa: fix return_address
* sched/fair: Do not re-read ->h_load_next during hierarchical load calculation
kernel/sched/fair.c
xen: Prevent buffer overflow in privcmd ioctl
parisc: Use cr16 interval timers unconditionally on qemu
* arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
arch/arm64/include/asm/futex.h
ARM: dts: at91: Fix typo in ISC_D0 on PC9
virtio: Honour 'may_reduce_num' in vring_create_virtqueue
* genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
kernel/irq/chip.c
* block: do not leak memory in bio_copy_user_iov()
block/bio.c
Btrfs: do not allow trimming when a fs is mounted with the nologreplay option
ASoC: fsl_esai: fix channel swap issue when stream starts
* include/linux/bitrev.h: fix constant bitrev
include/linux/bitrev.h
parisc: Detect QEMU earlier in boot process
ALSA: seq: Fix OOB-reads from strlcpy
* ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
net/ipv6/ip6_tunnel.c
* net: ethtool: not call vzalloc for zero sized memory request
net/core/ethtool.c
* netns: provide pure entropy for net_hash_mix()
include/net/net_namespace.h
include/net/netns/hash.h
net/core/net_namespace.c
net/mlx5e: Add a lock on tir list
bnxt_en: Improve RX consumer index validity check.
bnxt_en: Reset device on RX buffer errors.
* vrf: check accept_source_route on the original netdevice
include/net/ip.h
net/ipv4/ip_input.c
net/ipv4/ip_options.c
tcp: Ensure DCTCP reacts to losses
sctp: initialize _pad of sockaddr_in before copying to user memory
qmi_wwan: add Olicard 600
openvswitch: fix flow actions reallocation
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
kcm: switch order of device registration to fix a crash
* ipv6: sit: reset ip header pointer in ipip6_rcv
net/ipv6/sit.c
* ipv6: Fix dangling pointer when ipv6 fragment
net/ipv6/ip6_output.c
* tty: ldisc: add sysctl to prevent autoloading of ldiscs
drivers/tty/Kconfig
drivers/tty/tty_io.c
drivers/tty/tty_ldisc.c
* tty: mark Siemens R3964 line discipline as BROKEN
drivers/char/Kconfig
* arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region
arch/arm64/mm/init.c
powerpc/security: Fix spectre_v2 reporting
powerpc/fsl: Fix the flush of branch predictor.
powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
powerpc/fsl: Update Spectre v2 reporting
powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
powerpc/fsl: Flush branch predictor when entering KVM
powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
powerpc/fsl: Add nospectre_v2 command line argument
powerpc/fsl: Emulate SPRN_BUCSR register
powerpc/fsl: Fix spectre_v2 mitigations reporting
powerpc/fsl: Add macro to flush the branch predictor
powerpc/fsl: Add infrastructure to fixup branch predictor flush
powerpc/powernv: Query firmware for count cache flush settings
powerpc/pseries: Query hypervisor for count cache flush settings
powerpc/64s: Add support for software count cache flush
powerpc/64s: Add new security feature flags for count cache flush
powerpc/asm: Add a patch_site macro & helpers for patching instructions
powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
powerpc/64: Make meltdown reporting Book3S 64 specific
powerpc/64: Call setup_barrier_nospec() from setup_arch()
powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
powerpc/64: Disable the speculation barrier from the command line
powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
powerpc/64s: Enhance the information in cpu_show_spectre_v1()
powerpc/64: Use barrier_nospec in syscall entry
powerpc: Use barrier_nospec in copy_from_user()
powerpc/64s: Enable barrier_nospec based on firmware settings
powerpc/64s: Patch barrier_nospec in modules
powerpc: Avoid code patching freed init sections
powerpc/64s: Add support for ori barrier_nospec patching
powerpc/64s: Add barrier_nospec
powerpc: Fix invalid use of register expressions
* lib/string.c: implement a basic bcmp
include/linux/string.h
lib/string.c
x86/vdso: Drop implicit common-page-size linker flag
x86: vdso: Use $LD instead of $CC to link
* kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
Makefile
powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM
x86/power: Make restore_processor_context() sane
x86/power/32: Move SYSENTER MSR restoration to fix_processor_context()
x86/power/64: Use struct desc_ptr for the IDT in struct saved_context
x86/power: Fix some ordering bugs in __restore_processor_context()
* fscrypt: remove filesystem specific build config option
fs/crypto/Kconfig
fs/crypto/fscrypt_private.h
fs/ext4/Kconfig
fs/ext4/dir.c
fs/ext4/ext4.h
fs/ext4/inode.c
fs/ext4/ioctl.c
fs/ext4/namei.c
fs/ext4/page-io.c
fs/ext4/readpage.c
fs/ext4/super.c
fs/ext4/sysfs.c
fs/f2fs/Kconfig
fs/f2fs/f2fs.h
fs/f2fs/super.c
fs/f2fs/sysfs.c
include/linux/fs.h
include/linux/fscrypt.h
* f2fs: use IS_ENCRYPTED() to check encryption status
fs/f2fs/data.c
fs/f2fs/dir.c
fs/f2fs/f2fs.h
fs/f2fs/file.c
fs/f2fs/inode.c
fs/f2fs/namei.c
* ext4: use IS_ENCRYPTED() to check encryption status
fs/ext4/dir.c
fs/ext4/ext4.h
fs/ext4/ext4_jbd2.h
fs/ext4/extents.c
fs/ext4/file.c
fs/ext4/ialloc.c
fs/ext4/inode.c
fs/ext4/move_extent.c
fs/ext4/namei.c
fs/ext4/page-io.c
fs/ext4/readpage.c
* fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
fs/crypto/hooks.c
fs/crypto/policy.c
include/linux/fscrypt.h
* fscrypt: remove CRYPTO_CTR dependency
fs/crypto/Kconfig
* fscrypt: add Adiantum support / removed speck
fs/crypto/crypto.c
fs/crypto/fname.c
fs/crypto/fscrypt_private.h
fs/crypto/keyinfo.c
fs/crypto/policy.c
include/uapi/linux/fs.h
* ANDROID: Makefile: Add '-fsplit-lto-unit' to cfi-clang-flags
Makefile
Merge 4.9.168 into android-4.9
Linux 4.9.168
ACPI / video: Extend chassis-type detection with a "Lunch Box" check
* drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
drivers/gpu/drm/drm_dp_mst_topology.c
dmaengine: tegra: avoid overflow of byte tracking
x86/build: Mark per-CPU symbols as absolute explicitly for LLD
wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
* selinux: do not override context on context mounts
security/selinux/hooks.c
x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
drm/nouveau: Stop using drm_crtc_force_disable
regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
netfilter: physdev: relax br_netfilter dependency
dmaengine: qcom_hidma: assign channel cookie correctly
dmaengine: imx-dma: fix warning comparison of distinct pointer types
hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit
soc/tegra: fuse: Fix illegal free of IO base address
hwrng: virtio - Avoid repeated init of completion
media: mt9m111: set initial frame size other than 0x0
powerpc/pseries: Perform full re-add of CPU for topology update post-migration
* tty: increase the default flip buffer limit to 2*640K
drivers/tty/tty_buffer.c
ARM: avoid Cortex-A9 livelock on tight dmb loops
mt7601u: bump supported EEPROM version
soc: qcom: gsbi: Fix error handling in gsbi_probe()
ARM: dts: lpc32xx: Remove leading 0x and 0s from bindings notation
efi/memattr: Don't bail on zero VA if it equals the region's PA
ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
e1000e: fix cyclic resets at link up with active tx
cdrom: Fix race condition in cdrom_sysctl_register
* fbdev: fbmem: fix memory access if logo is bigger than the screen
drivers/video/fbdev/core/fbmem.c
iw_cxgb4: fix srqidx leak during connection abort
* genirq: Avoid summation loops for /proc/stat
include/linux/irqdesc.h
kernel/irq/chip.c
kernel/irq/internals.h
kernel/irq/irqdesc.c
bcache: improve sysfs_strtoul_clamp()
bcache: fix input overflow to sequential_cutoff
bcache: fix input overflow to cache set sysfs file io_error_halflife
* usb: f_fs: Avoid crash due to out-of-scope stack ptr access
drivers/usb/gadget/function/f_fs.c
* ALSA: PCM: check if ops are defined before suspending PCM
sound/core/pcm_native.c
ARM: 8833/1: Ensure that NEON code always compiles with Clang
* kprobes: Prohibit probing on bsearch()
lib/bsearch.c
ACPI / video: Refactor and fix dmi_is_desktop()
iwlwifi: pcie: fix emergency path
leds: lp55xx: fix null deref on firmware load failure
HID: intel-ish-hid: avoid binding wrong ishtp_cl_device
* vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1
fs/read_write.c
media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
media: s5p-g2d: Correct return type for mem2mem buffer helpers
media: s5p-jpeg: Correct return type for mem2mem buffer helpers
media: sh_veu: Correct return type for mem2mem buffer helpers
SoC: imx-sgtl5000: add missing put_device()
perf test: Fix failure of 'evsel-tp-sched' test on s390
scsi: megaraid_sas: return error when create DMA pool failed
IB/mlx4: Increase the timeout for CM cache
mlxsw: spectrum: Avoid -Wformat-truncation warnings
e1000e: Fix -Wformat-truncation warnings
mmc: omap: fix the maximum timeout setting
iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables
ARM: 8840/1: use a raw_spinlock_t in unwind
coresight: etm4x: Add support to enable ETMv4.2
* scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
drivers/scsi/scsi_scan.c
usb: chipidea: Grab the (legacy) USB PHY by phandle first
crypto: crypto4xx - add missing of_node_put after of_device_is_available
wil6210: check null pointer in _wil_cfg80211_merge_extra_ies
tools lib traceevent: Fix buffer overflow in arg_eval
* fs: fix guard_bio_eod to check for real EOD errors
fs/buffer.c
* jbd2: fix invalid descriptor block checksum
fs/jbd2/commit.c
cifs: Fix NULL pointer dereference of devname
dm thin: add sanity checks to thin-pool and external snapshot creation
cifs: use correct format characters
* fs/file.c: initialize init_files.resize_wait
fs/file.c
f2fs: do not use mutex lock in atomic context
ocfs2: fix a panic problem caused by o2cb_ctl
mm/slab.c: kmemleak no scan alien caches
* mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
mm/vmalloc.c
mm/page_ext.c: fix an imbalance with kmemleak
* mm/cma.c: cma_declare_contiguous: correct err handling
mm/cma.c
scsi: hisi_sas: Set PHY linkrate when disconnected
enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
* sysctl: handle overflow for file-max
kernel/sysctl.c
* include/linux/relay.h: fix percpu annotation in struct rchan
include/linux/relay.h
gpio: gpio-omap: fix level interrupt idling
* tracing: kdb: Fix ftdump to not sleep
include/linux/ring_buffer.h
kernel/trace/ring_buffer.c
kernel/trace/trace.c
h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
CIFS: fix POSIX lock leak and invalid ptr deref
* i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
drivers/i2c/i2c-core.c
mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
tty/serial: atmel: Add is_half_duplex helper
* lib/int_sqrt: optimize initial value compute
lib/int_sqrt.c
* ext4: cleanup bh release code in ext4_ind_remove_space()
fs/ext4/indirect.c
* arm64: debug: Ensure debug handlers check triggering exception level
arch/arm64/kernel/probes/kprobes.c
* arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
arch/arm64/mm/fault.c
* ext4: switch to fscrypt_prepare_setattr()
fs/ext4/inode.c
* ext4: switch to fscrypt_prepare_rename()
fs/ext4/namei.c
* ext4: switch to fscrypt_prepare_link()
fs/ext4/namei.c
* ext4: switch to fscrypt_file_open()
fs/ext4/file.c
* ext4, dax: set ext4_dax_aops for dax files
fs/ext4/inode.c
ANDROID: cuttlefish_defconfig: Enable CONFIG_OVERLAY_FS
ANDROID: cuttlefish: enable CONFIG_NET_SCH_INGRESS=y
Merge 4.9.167 into android-4.9
Linux 4.9.167
* arm64: support keyctl() system call in 32-bit mode
arch/arm64/Kconfig
* Revert "USB: core: only clean up what we allocated"
drivers/usb/core/config.c
* xhci: Fix port resume done detection for SS ports with LPM enabled
drivers/usb/host/xhci-ring.c
drivers/usb/host/xhci.h
* USB: gadget: f_hid: fix deadlock in f_hidg_write()
drivers/usb/gadget/function/f_hid.c
KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
KVM: Reject device ioctls from processes other than the VM's creator
x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
* cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n
kernel/cpu.c
perf intel-pt: Fix TSC slip
usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk
* usb: common: Consider only available nodes for dr_mode
drivers/usb/common/common.c
gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
* fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
fs/proc/proc_sysctl.c
Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
USB: serial: option: add Olicard 600
USB: serial: option: set driver_info for SIM5218 and compatibles
USB: serial: mos7720: fix mos_parport refcount imbalance on error path
USB: serial: ftdi_sio: add additional NovaTech products
USB: serial: cp210x: add new device id
serial: sh-sci: Fix setting SCSCR_TIE while transferring data
serial: max310x: Fix to avoid potential NULL pointer dereference
staging: vt6655: Fix interrupt race condition on device start up.
staging: vt6655: Remove vif check from vnt_interrupt
staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest
tty: atmel_serial: fix a potential NULL pointer dereference
scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices
scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
* scsi: sd: Quiesce warning if device does not report optimal I/O size
drivers/scsi/sd.c
* scsi: sd: Fix a race between closing an sd device and sd I/O
drivers/scsi/sd.c
* fs/open.c: allow opening only regular files during execve()
fs/open.c
* ALSA: pcm: Don't suspend stream in unrecoverable PCM state
sound/core/pcm_native.c
ALSA: pcm: Fix possible OOB access in PCM oss plugins
ALSA: seq: oss: Fix Spectre v1 vulnerability
* ALSA: rawmidi: Fix potential Spectre v1 vulnerability
sound/core/rawmidi.c
net: dsa: qca8k: remove leftover phy accessors
NFSv4.1 don't free interrupted slot on open
powerpc: bpf: Fix generation of load/store DW instructions
ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
btrfs: raid56: properly unmap parity page in finish_parity_scrub()
btrfs: remove WARN_ON in log_dir_items
* tun: add a missing rcu_read_unlock() in error path
drivers/net/tun.c
* tun: properly test for IFF_UP
drivers/net/tun.c
mac8390: Fix mmio access size probe
* sctp: get sctphdr by offset in sctp_compute_cksum
include/net/sctp/checksum.h
vxlan: Don't call gro_cells_destroy() before device is unregistered
* tcp: do not use ipv6 header for ipv4 flow
net/ipv6/tcp_ipv6.c
* packets: Always register packet sk in the same order
include/net/sock.h
net/packet/af_packet.c
net: rose: fix a possible stack overflow
* net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
net/packet/af_packet.c
mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
dccp: do not use ipv6 header for ipv4 flow
stmmac: copy unicast mac address to MAC registers
* cfg80211: size various nl80211 messages correctly
net/wireless/nl80211.c
video: fbdev: Set pixclock = 0 in goldfishfb
* Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
net/bluetooth/l2cap_core.c
* Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
net/bluetooth/l2cap_core.c
UPSTREAM: virt_wifi: Remove REGULATORY_WIPHY_SELF_MANAGED
Merge 4.9.166 into android-4.9
Linux 4.9.166
ath10k: avoid possible string overflow
power: supply: charger-manager: Fix incorrect return value
pwm-backlight: Enable/disable the PWM before/after LCD enable toggle.
* rtc: Fix overflow when converting time64_t to rtc_time
drivers/rtc/rtc-lib.c
* scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1
drivers/scsi/ufs/ufshcd.c
* USB: core: only clean up what we allocated
drivers/usb/core/config.c
* lib/int_sqrt: optimize small argument
lib/int_sqrt.c
serial: sprd: clear timeout interrupt only rather than all interrupts
* arm64: traps: disable irq in die()
arch/arm64/kernel/traps.c
* Hang/soft lockup in d_invalidate with simultaneous calls
fs/dcache.c
serial: sprd: adjust TIMEOUT to a big value
* tcp/dccp: drop SYN packets if accept queue is full
include/net/inet_connection_sock.h
net/ipv4/tcp_input.c
ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
ALSA: hda - Record the current power state before suspend/resume calls
locking/lockdep: Add debug_locks check in __lock_downgrade()
* Bluetooth: Fix decrementing reference count twice in releasing socket
net/bluetooth/hci_sock.c
* media: v4l2-ctrls.c/uvc: zero v4l2_event
drivers/media/v4l2-core/v4l2-ctrls.c
* ext4: brelse all indirect buffer in ext4_ind_remove_space()
fs/ext4/indirect.c
* ext4: fix data corruption caused by unaligned direct AIO
fs/ext4/file.c
* ext4: fix NULL pointer dereference while journal is aborted
fs/ext4/ext4_jbd2.h
objtool: Move objtool_file struct off the stack
* futex: Ensure that futex address is aligned in handle_futex_death()
kernel/futex.c
MIPS: Fix kernel crash for R6 in jump label branch function
MIPS: Ensure ELF appended dtb is relocated
mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
udf: Fix crash on IO error during truncate
libceph: wait for latest osdmap in ceph_monc_blacklist_add()
iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE
drm/vmwgfx: Don't double-free the mode stored in par->set_mode
mmc: pxamci: fix enum type confusion
Change-Id: I240c51a5bde3c2c7a9ada58c87d5d0966f26cb78
Signed-off-by: Robin Peng <robinpeng@google.com>
|
||
|
Peter Zijlstra
|
56f9da8521 |
trace: Fix preempt_enable_no_resched() abuse
commit d6097c9e4454adf1f8f2c9547c2fa6060d55d952 upstream.
Unless the very next line is schedule(), or implies it, one must not use
preempt_enable_no_resched(). It can cause a preemption to go missing and
thereby cause arbitrary delays, breaking the PREEMPT=y invariant.
Link: http://lkml.kernel.org/r/20190423200318.GY14281@hirez.programming.kicks-ass.net
Cc: Waiman Long <longman@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: the arch/x86 maintainers <x86@kernel.org>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: huang ying <huang.ying.caritas@gmail.com>
Cc: Roman Gushchin <guro@fb.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Douglas Anderson
|
3085d41e89 |
tracing: kdb: Fix ftdump to not sleep
[ Upstream commit 31b265b3baaf55f209229888b7ffea523ddab366 ] As reported back in 2016-11 [1], the "ftdump" kdb command triggers a BUG for "sleeping function called from invalid context". kdb's "ftdump" command wants to call ring_buffer_read_prepare() in atomic context. A very simple solution for this is to add allocation flags to ring_buffer_read_prepare() so kdb can call it without triggering the allocation error. This patch does that. Note that in the original email thread about this, it was suggested that perhaps the solution for kdb was to either preallocate the buffer ahead of time or create our own iterator. I'm hoping that this alternative of adding allocation flags to ring_buffer_read_prepare() can be considered since it means I don't need to duplicate more of the core trace code into "trace_kdb.c" (for either creating my own iterator or re-preparing a ring allocator whose memory was already allocated). NOTE: another option for kdb is to actually figure out how to make it reuse the existing ftrace_dump() function and totally eliminate the duplication. This sounds very appealing and actually works (the "sr z" command can be seen to properly dump the ftrace buffer). The downside here is that ftrace_dump() fully consumes the trace buffer. Unless that is changed I'd rather not use it because it means "ftdump | grep xyz" won't be very useful to search the ftrace buffer since it will throw away the whole trace on the first grep. A future patch to dump only the last few lines of the buffer will also be hard to implement. [1] https://lkml.kernel.org/r/20161117191605.GA21459@google.com Link: http://lkml.kernel.org/r/20190308193205.213659-1-dianders@chromium.org Reported-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Douglas Anderson <dianders@chromium.org> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Petri Gynther
|
8eb3ab0461 |
Merge 4.9.130 into android-msm-bluecross-4.9-lts
Linux 4.9.130
iw_cxgb4: only allow 1 flush on user qps
vmw_balloon: include asm/io.h
PCI: aardvark: Size bridges before resources allocation
* HID: sony: Support DS4 dongle
drivers/hid/hid-core.c
drivers/hid/hid-ids.h
* HID: sony: Update device ids
drivers/hid/hid-core.c
drivers/hid/hid-ids.h
* sched/fair: Fix vruntime_normalized() for remote non-migration wakeup
kernel/sched/fair.c
* ext4: show test_dummy_encryption mount option in /proc/mounts
fs/ext4/super.c
* ext4: don't mark mmp buffer head dirty
fs/ext4/mmp.c
* ext4: fix online resizing for bigalloc file systems with a 1k block size
fs/ext4/resize.c
* ext4: fix online resize's handling of a too-small final block group
fs/ext4/resize.c
* ext4: recalucate superblock checksum after updating free blocks/inodes
fs/ext4/super.c
* ext4: avoid divide by zero fault when deleting corrupted inline directories
fs/ext4/dir.c
fs/ext4/inline.c
* ext4: check to make sure the rename(2)'s destination is not freed
fs/ext4/namei.c
tty: vt_ioctl: fix potential Spectre v1
drm/vc4: Fix the "no scaling" case on multi-planar YUV formats
drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early
drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement
ocfs2: fix ocfs2 read block panic
scsi: target: iscsi: Use hex2bin instead of a re-implementation
* neighbour: confirm neigh entries when ARP packet is received
net/core/neighbour.c
* udp4: fix IP_CMSG_CHECKSUM for connected sockets
net/ipv4/udp.c
net: hp100: fix always-true check for link up state
net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
* ipv6: fix possible use-after-free in ip6_xmit()
net/ipv6/ip6_output.c
* gso_segment: Reset skb->mac_len after modifying network header
net/ipv4/af_inet.c
net/ipv6/ip6_offload.c
* mm: shmem.c: Correctly annotate new inodes for lockdep
mm/shmem.c
* ring-buffer: Allow for rescheduling when removing pages
kernel/trace/ring_buffer.c
* Revert "PCI: Add ACS quirk for Intel 300 series"
drivers/pci/quirks.c
xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
xen/netfront: don't bug in case of too many frags
platform/x86: alienware-wmi: Correct a memory leak
ALSA: oxfw: fix memory leak of private data
ALSA: oxfw: fix memory leak of discovered stream formats at error path
ALSA: oxfw: fix memory leak for model-dependent data at error path
ALSA: fireworks: fix memory leak of response buffer at error path
ALSA: firewire-tascam: fix memory leak of private data
ALSA: firewire-digi00x: fix memory leak of private data
ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO
ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping
ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path
ASoC: cs4265: fix MMTLR Data switch control
NFC: Fix the number of pipes
NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
Change-Id: I31421b47bb1eb984493a484a72b0b67d575ce1f4
Signed-off-by: Petri Gynther <pgynther@google.com>
|
||
|
Vaibhav Nagarnaik
|
be910e74f6 |
ring-buffer: Allow for rescheduling when removing pages
commit 83f365554e47997ec68dc4eca3f5dce525cd15c3 upstream.
When reducing ring buffer size, pages are removed by scheduling a work
item on each CPU for the corresponding CPU ring buffer. After the pages
are removed from ring buffer linked list, the pages are free()d in a
tight loop. The loop does not give up CPU until all pages are removed.
In a worst case behavior, when lot of pages are to be freed, it can
cause system stall.
After the pages are removed from the list, the free() can happen while
the work is rescheduled. Call cond_resched() in the loop to prevent the
system hangup.
Link: http://lkml.kernel.org/r/20180907223129.71994-1-vnagarnaik@google.com
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Petri Gynther
|
4f20e8d35c |
Merge 4.9.119 into android-msm-bluecross-4.9-lts
Linux 4.9.119
jfs: Fix inconsistency between memory allocation and ea_buf->max_size
IB/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values
* fork: unconditionally clear stack on fork
include/linux/thread_info.h
kernel/fork.c
* kmemleak: clear stale pointers from task stacks
include/linux/thread_info.h
kernel/fork.c
* tcp: add tcp_ooo_try_coalesce() helper
net/ipv4/tcp_input.c
Btrfs: fix file data corruption after cloning a range and fsync
i2c: imx: Fix reinit_completion() use
* ring_buffer: tracing: Inherit the tracing setting to next ring buffer
include/linux/ring_buffer.h
kernel/trace/ring_buffer.c
kernel/trace/trace.c
ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle
* ext4: fix false negatives *and* false positives in ext4_check_descriptors()
fs/ext4/super.c
* netlink: Don't shift on 64 for ngroups
net/netlink/af_netlink.c
* netlink: Don't shift with UB on nlk->ngroups
net/netlink/af_netlink.c
* netlink: Do not subscribe to non-existent groups
net/netlink/af_netlink.c
* nohz: Fix local_timer_softirq_pending()
kernel/time/tick-sched.c
* genirq: Make force irq threading setup more robust
kernel/irq/manage.c
scsi: qla2xxx: Return error when TMF returns
scsi: qla2xxx: Fix ISP recovery on unload
Change-Id: I039b9c63511f3e1644bbc9205bc731af90e2170c
Signed-off-by: Petri Gynther <pgynther@google.com>
|
||
|
Masami Hiramatsu
|
a26030a63e |
ring_buffer: tracing: Inherit the tracing setting to next ring buffer
commit 73c8d8945505acdcbae137c2e00a1232e0be709f upstream.
Maintain the tracing on/off setting of the ring_buffer when switching
to the trace buffer snapshot.
Taking a snapshot is done by swapping the backup ring buffer
(max_tr_buffer). But since the tracing on/off setting is defined
by the ring buffer, when swapping it, the tracing on/off setting
can also be changed. This causes a strange result like below:
/sys/kernel/debug/tracing # cat tracing_on
1
/sys/kernel/debug/tracing # echo 0 > tracing_on
/sys/kernel/debug/tracing # cat tracing_on
0
/sys/kernel/debug/tracing # echo 1 > snapshot
/sys/kernel/debug/tracing # cat tracing_on
1
/sys/kernel/debug/tracing # echo 1 > snapshot
/sys/kernel/debug/tracing # cat tracing_on
0
We don't touch tracing_on, but snapshot changes tracing_on
setting each time. This is an anomaly, because user doesn't know
that each "ring_buffer" stores its own tracing-enable state and
the snapshot is done by swapping ring buffers.
Link: http://lkml.kernel.org/r/153149929558.11274.11730609978254724394.stgit@devbox
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Tom Zanussi <tom.zanussi@linux.intel.com>
Cc: Hiraku Toyooka <hiraku.toyooka@cybertrust.co.jp>
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Joel Fernandes
|
5862add02e |
ANDROID: tracing/ring_buffer: Try harder to allocate
Ftrace fails to allocate large buffers on walleye/taimen due to large number of CPUs coupled with effects of large amounts of caching in the page cache. Currently the ring buffer allocation doesn't retry after direct-reclaim made some progress but still wasn't able to find a free page. On retrying I see that the allocations almost always succeed. The retry doesn't happen because GFP_NORETRY is used in the tracer to prevent the case where we might OOM, however this is incorrect in the sense a RETRY doesn't necessarily mean it will OOM (as seen in my testing, most of the time the retry just needs to loop back and find a free page). In order to retry but still prevent the OOM, I re-use the PF_DUMPCORE flag which bails out incase we are about to OOM. Test: * systrace -b 64000 and -b 100000 is working after dropping GFP_NORETRY. * Used memeater to use 3GB memory and -b 64000 and saw that OOM didn't trigger with PF_DUMPCORE (and triggered without PF_DUMPCORE). Bug: 62918608 Change-Id: I85de23e843d2a4fdf2276905b1ae8af4486b3bd7 Signed-off-by: Joel Fernandes <joelaf@google.com> |
||
|
Steven Rostedt (VMware)
|
2e0d458c31 |
ring-buffer: Mask out the info bits when returning buffer page length
commit 45d8b80c2ac5d21cd1e2954431fb676bc2b1e099 upstream.
Two info bits were added to the "commit" part of the ring buffer data page
when returned to be consumed. This was to inform the user space readers that
events have been missed, and that the count may be stored at the end of the
page.
What wasn't handled, was the splice code that actually called a function to
return the length of the data in order to zero out the rest of the page
before sending it up to user space. These data bits were returned with the
length making the value negative, and that negative value was not checked.
It was compared to PAGE_SIZE, and only used if the size was less than
PAGE_SIZE. Luckily PAGE_SIZE is unsigned long which made the compare an
unsigned compare, meaning the negative size value did not end up causing a
large portion of memory to be randomly zeroed out.
Fixes:
|
||
|
Steven Rostedt (VMware)
|
d80e90712a |
ring-buffer: Have ring_buffer_iter_empty() return true when empty
commit 78f7a45dac2a2d2002f98a3a95f7979867868d73 upstream.
I noticed that reading the snapshot file when it is empty no longer gives a
status. It suppose to show the status of the snapshot buffer as well as how
to allocate and use it. For example:
># cat snapshot
# tracer: nop
#
#
# * Snapshot is allocated *
#
# Snapshot commands:
# echo 0 > snapshot : Clears and frees snapshot buffer
# echo 1 > snapshot : Allocates snapshot buffer, if not already allocated.
# Takes a snapshot of the main buffer.
# echo 2 > snapshot : Clears snapshot buffer (but does not allocate or free)
# (Doesn't have to be '2' works with any number that
# is not a '0' or '1')
But instead it just showed an empty buffer:
># cat snapshot
# tracer: nop
#
# entries-in-buffer/entries-written: 0/0 #P:4
#
# _-----=> irqs-off
# / _----=> need-resched
# | / _---=> hardirq/softirq
# || / _--=> preempt-depth
# ||| / delay
# TASK-PID CPU# |||| TIMESTAMP FUNCTION
# | | | |||| | |
What happened was that it was using the ring_buffer_iter_empty() function to
see if it was empty, and if it was, it showed the status. But that function
was returning false when it was empty. The reason was that the iter header
page was on the reader page, and the reader page was empty, but so was the
buffer itself. The check only tested to see if the iter was on the commit
page, but the commit page was no longer pointing to the reader page, but as
all pages were empty, the buffer is also.
Fixes:
|
||
|
Wei Yongjun
|
703cebf6e9 |
ring-buffer: Fix return value check in test_ringbuffer()
commit 62277de758b155dc04b78f195a1cb5208c37b2df upstream.
In case of error, the function kthread_run() returns ERR_PTR()
and never returns NULL. The NULL test in the return value check
should be replaced with IS_ERR().
Link: http://lkml.kernel.org/r/1466184839-14927-1-git-send-email-weiyj_lk@163.com
Fixes:
|
||
|
Steven Rostedt (Red Hat)
|
59643d1535 |
ring-buffer: Prevent overflow of size in ring_buffer_resize()
If the size passed to ring_buffer_resize() is greater than MAX_LONG - BUF_PAGE_SIZE
then the DIV_ROUND_UP() will return zero.
Here's the details:
# echo 18014398509481980 > /sys/kernel/debug/tracing/buffer_size_kb
tracing_entries_write() processes this and converts kb to bytes.
18014398509481980 << 10 = 18446744073709547520
and this is passed to ring_buffer_resize() as unsigned long size.
size = DIV_ROUND_UP(size, BUF_PAGE_SIZE);
Where DIV_ROUND_UP(a, b) is (a + b - 1)/b
BUF_PAGE_SIZE is 4080 and here
18446744073709547520 + 4080 - 1 = 18446744073709551599
where 18446744073709551599 is still smaller than 2^64
2^64 - 18446744073709551599 = 17
But now 18446744073709551599 / 4080 = 4521260802379792
and size = size * 4080 = 18446744073709551360
This is checked to make sure its still greater than 2 * 4080,
which it is.
Then we convert to the number of buffer pages needed.
nr_page = DIV_ROUND_UP(size, BUF_PAGE_SIZE)
but this time size is 18446744073709551360 and
2^64 - (18446744073709551360 + 4080 - 1) = -3823
Thus it overflows and the resulting number is less than 4080, which makes
3823 / 4080 = 0
an nr_pages is set to this. As we already checked against the minimum that
nr_pages may be, this causes the logic to fail as well, and we crash the
kernel.
There's no reason to have the two DIV_ROUND_UP() (that's just result of
historical code changes), clean up the code and fix this bug.
Cc: stable@vger.kernel.org # 3.5+
Fixes:
|
||
|
Steven Rostedt (Red Hat)
|
9b94a8fba5 |
ring-buffer: Use long for nr_pages to avoid overflow failures
The size variable to change the ring buffer in ftrace is a long. The
nr_pages used to update the ring buffer based on the size is int. On 64 bit
machines this can cause an overflow problem.
For example, the following will cause the ring buffer to crash:
# cd /sys/kernel/debug/tracing
# echo 10 > buffer_size_kb
# echo 8556384240 > buffer_size_kb
Then you get the warning of:
WARNING: CPU: 1 PID: 318 at kernel/trace/ring_buffer.c:1527 rb_update_pages+0x22f/0x260
Which is:
RB_WARN_ON(cpu_buffer, nr_removed);
Note each ring buffer page holds 4080 bytes.
This is because:
1) 10 causes the ring buffer to have 3 pages.
(10kb requires 3 * 4080 pages to hold)
2) (2^31 / 2^10 + 1) * 4080 = 8556384240
The value written into buffer_size_kb is shifted by 10 and then passed
to ring_buffer_resize(). 8556384240 * 2^10 = 8761737461760
3) The size passed to ring_buffer_resize() is then divided by BUF_PAGE_SIZE
which is 4080. 8761737461760 / 4080 = 2147484672
4) nr_pages is subtracted from the current nr_pages (3) and we get:
2147484669. This value is saved in a signed integer nr_pages_to_update
5) 2147484669 is greater than 2^31 but smaller than 2^32, a signed int
turns into the value of -2147482627
6) As the value is a negative number, in update_pages_handler() it is
negated and passed to rb_remove_pages() and 2147482627 pages will
be removed, which is much larger than 3 and it causes the warning
because not all the pages asked to be removed were removed.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=118001
Cc: stable@vger.kernel.org # 2.6.28+
Fixes:
|
||
|
Steven Rostedt (Red Hat)
|
4239c38fe0 |
ring-buffer: Process commits whenever moving to a new page.
When crossing over to a new page, commit the current work. This will allow readers to get data with less latency, and also simplifies the work to get timestamps working for interrupted events. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Steven Rostedt (Red Hat)
|
70004986ff |
ring-buffer: Remove redundant update of page timestamp
The first commit of a buffer page updates the timestamp of that page. No need to have the update to the next page add the timestamp too. It will only be replaced by the first commit on that page anyway. Only update to a page if it contains an event. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Steven Rostedt (Red Hat)
|
8573636ea7 |
ring-buffer: Use READ_ONCE() for most tail_page access
As cpu_buffer->tail_page may be modified by interrupts at almost any time, the flow of logic is very important. Do not let gcc get smart with re-reading cpu_buffer->tail_page by adding READ_ONCE() around most of its accesses. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Steven Rostedt (Red Hat)
|
bd1b7cd360 |
ring-buffer: Put back the length if crossed page with add_timestamp
Commit |
||
|
Steven Rostedt (Red Hat)
|
b81f472a20 |
ring-buffer: Update read stamp with first real commit on page
Do not update the read stamp after swapping out the reader page from the write buffer. If the reader page is swapped out of the buffer before an event is written to it, then the read_stamp may get an out of date timestamp, as the page timestamp is updated on the first commit to that page. rb_get_reader_page() only returns a page if it has an event on it, otherwise it will return NULL. At that point, check if the page being returned has events and has not been read yet. Then at that point update the read_stamp to match the time stamp of the reader page. Cc: stable@vger.kernel.org # 2.6.30+ Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Yaowei Bai
|
cdb2a0a915 |
ring-buffer: rb_event_is_commit() can return boolean
Make rb_event_is_commit() return bool to improve readability due to this particular function only using either one or zero as its return value. No functional change. Link: http://lkml.kernel.org/r/1443537816-5788-7-git-send-email-bywxiaobai@163.com Signed-off-by: Yaowei Bai <bywxiaobai@163.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Yaowei Bai
|
da58834cf2 |
ring-buffer: rb_per_cpu_empty() can return boolean
Makes rb_per_cpu_empty() return bool to improve readability. No functional change. Link: http://lkml.kernel.org/r/1443537816-5788-6-git-send-email-bywxiaobai@163.com Signed-off-by: Yaowei Bai <bywxiaobai@163.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Yaowei Bai
|
3d4e204d81 |
ring_buffer: ring_buffer_empty{cpu}() can return boolean
Make ring_buffer_empty() and ring_buffer_empty_cpu() return bool. No functional change. Link: http://lkml.kernel.org/r/1443537816-5788-5-git-send-email-bywxiaobai@163.com Signed-off-by: Yaowei Bai <bywxiaobai@163.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Yaowei Bai
|
06ca320952 |
ring-buffer: rb_is_reader_page() can return boolean
Make rb_is_reader_page() return bool to improve readability due to this particular function only using either true or false as its return value. No functional change. Link: http://lkml.kernel.org/r/1443537816-5788-4-git-send-email-bywxiaobai@163.com Signed-off-by: Yaowei Bai <bywxiaobai@163.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Steven Rostedt (Red Hat)
|
b7dc42fd79 |
ring-buffer: Revert "ring-buffer: Get timestamp after event is allocated"
The commit
|
||
|
Steven Rostedt (Red Hat)
|
d90fd77402 |
ring-buffer: Reorganize function locations
Functions in ring-buffer.c have gotten interleaved between different use cases. Move the functions around to get like functions closer together. This may or may not help gcc keep cache locality, but it makes it a little easier to work with the code. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Steven Rostedt (Red Hat)
|
7d75e6833b |
ring-buffer: Make sure event has enough room for extend and padding
Now that events only add time extends after it is committed, in case an event comes in before it can discard the allocated event, the time extend needs to be stored within the event. If the event is bigger than then size needed for the time extend, padding must be added. The minimum padding size is 8 bytes. Thus if the event is 12 bytes (size of time extend + 4), there will not be enough room to add both the time extend and padding. Make sure all events are either 8 bytes or 16 or more bytes. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Steven Rostedt (Red Hat)
|
a4543a2fa9 |
ring-buffer: Get timestamp after event is allocated
Move the capturing of the timestamp to after an event is allocated. If the event is not a commit (where it is an event that preempted another event), then no timestamp is needed, because the delta of nested events is always zero. If the event starts on a new page, no delta needs to be calculated as the full timestamp will be added to the page header, and the event will have a delta of zero. Now if the event requires a time extend (the delta does not fit in the 27 bit delta slot in the header), then the event is discarded, the length is extended to hold the TIME_EXTEND event that allows for a 59 bit delta, and the commit is tried again. If the event can't be discarded (another event came in after it), then the TIME_EXTEND is added directly to the allocated event and the rest of the event is given padding. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Steven Rostedt (Red Hat)
|
9826b2733a |
ring-buffer: Move the adding of the extended timestamp out of line
Requiring a extended time stamp is an uncommon occurrence, and it is best to do it out of line when needed. Add a noinline function that handles the extended timestamp and have it called with an unlikely to completely move it out of the fast path. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Steven Rostedt (Red Hat)
|
fcc742eaad |
ring-buffer: Add event descriptor to simplify passing data
Add rb_event_info descriptor to pass event info to functions a bit easier than using a bunch of parameters. This will also allow for changing the code around a bit to find better fast paths. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Steven Rostedt (Red Hat)
|
a497adb45b |
ring-buffer: Add enum names for the context levels
Instead of having hard coded numbers for the context levels, use enums to describe them more. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Steven Rostedt (Red Hat)
|
3c6296f716 |
ring-buffer: Remove useless unused tracing_off_permanent()
The tracing_off_permanent() call is a way to disable all ring_buffers. Nothing uses it and nothing should use it, as tracing_off() and friends are better, as they disable the ring buffers related to tracing. The tracing_off_permanent() even disabled non tracing ring buffers. This is a bit drastic, and was added to handle NMIs doing outputs that could corrupt the ring buffer when only tracing used them. It is now obsolete and adds a little overhead, it should be removed. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Steven Rostedt (Red Hat)
|
289a5a25c5 |
ring-buffer: Give NMIs a chance to lock the reader_lock
Currently, if an NMI does a dump of a ring buffer, it disables all ring buffers from ever doing any writes again. This is because it wont take the locks for the cpu_buffer and this can cause corruption if it preempted a read, or a read happens on another CPU for the current cpu buffer. This is a bit overkill. First, it should at least try to take the lock, and if it fails then disable it. Also, there's no need to disable all ring buffers, even those that are unrelated to what is being read. Only disable the per cpu ring buffer that is being read if it can not get the lock for it. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Steven Rostedt (Red Hat)
|
985e871b28 |
ring-buffer: Add trace_recursive checks to ring_buffer_write()
The ring_buffer_write() function isn't protected by the trace recursive writes. Luckily, this function is not used as much and is unlikely to ever recurse. But it should still have the protection, because even a call to ring_buffer_lock_reserve() could cause ring buffer corruption if called when ring_buffer_write() is being used. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Steven Rostedt (Red Hat)
|
6776221bfe |
ring-buffer: Allways do the trace_recursive checks
Currently the trace_recursive checks are only done if CONFIG_TRACING is enabled. That was because there use to be a dependency with tracing for the recursive checks (it used the task_struct trace recursive variable). But now it uses its own variable and there is no dependency. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Steven Rostedt (Red Hat)
|
58a09ec6e3 |
ring-buffer: Move recursive check to per_cpu descriptor
Instead of using a global per_cpu variable to perform the recursive checks into the ring buffer, use the already existing per_cpu descriptor that is part of the ring buffer itself. Not only does this simplify the code, it also allows for one ring buffer to be used within the guts of the use of another ring buffer. For example trace_printk() can now be used within the ring buffer to record changes done by an instance into the main ring buffer. The recursion checks will prevent the trace_printk() itself from causing recursive issues with the main ring buffer (it is just ignored), but the recursive checks wont prevent the trace_printk() from recording other ring buffers. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Steven Rostedt (Red Hat)
|
3205f8063b |
ring-buffer: Add unlikelys to make fast path the default
I was running the trace_event benchmark and noticed that the times
to record a trace_event was all over the place. I looked at the assembly
of the ring_buffer_lock_reserver() and saw this:
<ring_buffer_lock_reserve>:
31 c0 xor %eax,%eax
48 83 3d 76 47 bd 00 cmpq $0x1,0xbd4776(%rip) # ffffffff81d10d60 <ring_buffer_flags>
01
55 push %rbp
48 89 e5 mov %rsp,%rbp
75 1d jne ffffffff8113c60d <ring_buffer_lock_reserve+0x2d>
65 ff 05 69 e3 ec 7e incl %gs:0x7eece369(%rip) # a960 <__preempt_count>
8b 47 08 mov 0x8(%rdi),%eax
85 c0 test %eax,%eax
+---- 74 12 je ffffffff8113c610 <ring_buffer_lock_reserve+0x30>
| 65 ff 0d 5b e3 ec 7e decl %gs:0x7eece35b(%rip) # a960 <__preempt_count>
| 0f 84 85 00 00 00 je ffffffff8113c690 <ring_buffer_lock_reserve+0xb0>
| 31 c0 xor %eax,%eax
| 5d pop %rbp
| c3 retq
| 90 nop
+---> 65 44 8b 05 48 e3 ec mov %gs:0x7eece348(%rip),%r8d # a960 <__preempt_count>
7e
41 81 e0 ff ff ff 7f and $0x7fffffff,%r8d
b0 08 mov $0x8,%al
65 8b 0d 58 36 ed 7e mov %gs:0x7eed3658(%rip),%ecx # fc80 <current_context>
41 f7 c0 00 ff 1f 00 test $0x1fff00,%r8d
74 1e je ffffffff8113c64f <ring_buffer_lock_reserve+0x6f>
41 f7 c0 00 00 10 00 test $0x100000,%r8d
b0 01 mov $0x1,%al
75 13 jne ffffffff8113c64f <ring_buffer_lock_reserve+0x6f>
41 81 e0 00 00 0f 00 and $0xf0000,%r8d
49 83 f8 01 cmp $0x1,%r8
19 c0 sbb %eax,%eax
83 e0 02 and $0x2,%eax
83 c0 02 add $0x2,%eax
85 c8 test %ecx,%eax
75 ab jne ffffffff8113c5fe <ring_buffer_lock_reserve+0x1e>
09 c8 or %ecx,%eax
65 89 05 24 36 ed 7e mov %eax,%gs:0x7eed3624(%rip) # fc80 <current_context>
The arrow is the fast path.
After adding the unlikely's, the fast path looks a bit better:
<ring_buffer_lock_reserve>:
31 c0 xor %eax,%eax
48 83 3d 76 47 bd 00 cmpq $0x1,0xbd4776(%rip) # ffffffff81d10d60 <ring_buffer_flags>
01
55 push %rbp
48 89 e5 mov %rsp,%rbp
75 7b jne ffffffff8113c66b <ring_buffer_lock_reserve+0x8b>
65 ff 05 69 e3 ec 7e incl %gs:0x7eece369(%rip) # a960 <__preempt_count>
8b 47 08 mov 0x8(%rdi),%eax
85 c0 test %eax,%eax
0f 85 9f 00 00 00 jne ffffffff8113c6a1 <ring_buffer_lock_reserve+0xc1>
65 8b 0d 57 e3 ec 7e mov %gs:0x7eece357(%rip),%ecx # a960 <__preempt_count>
81 e1 ff ff ff 7f and $0x7fffffff,%ecx
b0 08 mov $0x8,%al
65 8b 15 68 36 ed 7e mov %gs:0x7eed3668(%rip),%edx # fc80 <current_context>
f7 c1 00 ff 1f 00 test $0x1fff00,%ecx
75 50 jne ffffffff8113c670 <ring_buffer_lock_reserve+0x90>
85 d0 test %edx,%eax
75 7d jne ffffffff8113c6a1 <ring_buffer_lock_reserve+0xc1>
09 d0 or %edx,%eax
65 89 05 53 36 ed 7e mov %eax,%gs:0x7eed3653(%rip) # fc80 <current_context>
65 8b 05 fc da ec 7e mov %gs:0x7eecdafc(%rip),%eax # a130 <cpu_number>
89 c2 mov %eax,%edx
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
|
||
|
Steven Rostedt (Red Hat)
|
af658dca22 |
tracing: Rename ftrace_event.h to trace_events.h
The term "ftrace" is really the infrastructure of the function hooks, and not the trace events. Rename ftrace_event.h to trace_events.h to represent the trace_event infrastructure and decouple the term ftrace from it. Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
||
|
Steven Rostedt (Red Hat)
|
d631c8cceb |
ring-buffer: Remove duplicate use of '&' in recursive code
A clean up of the recursive protection code changed val = this_cpu_read(current_context); val--; val &= this_cpu_read(current_context); to val = this_cpu_read(current_context); val &= val & (val - 1); Which has a duplicate use of '&' as the above is the same as val = val & (val - 1); Actually, it would be best to remove that line altogether and just add it to where it is used. And Christoph even mentioned that it can be further compacted to just a single line: __this_cpu_and(current_context, __this_cpu_read(current_context) - 1); Link: http://lkml.kernel.org/alpine.DEB.2.11.1503271423580.23114@gentwo.org Suggested-by: Christoph Lameter <cl@linux.com> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |