49eea524bebea0d2b7dfa1c709a6694de808eb8a
754 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Blagovest Kolenichev
|
5d703979bf |
Merge android-4.9-o.75 (2007563) into msm-4.9
* refs/heads/tmp-2007563: Linux 4.9.75 kaiser: Set _PAGE_NX only if supported KPTI: Report when enabled KPTI: Rename to PAGE_TABLE_ISOLATION x86/kaiser: Move feature detection up kaiser: disabled on Xen PV x86/kaiser: Reenable PARAVIRT x86/paravirt: Dont patch flush_tlb_single kaiser: kaiser_flush_tlb_on_return_to_user() check PCID kaiser: asm/tlbflush.h handle noPGE at lower level kaiser: drop is_atomic arg to kaiser_pagetable_walk() kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush x86/kaiser: Check boottime cmdline params x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling kaiser: add "nokaiser" boot option, using ALTERNATIVE kaiser: fix unlikely error in alloc_ldt_struct() kaiser: kaiser_remove_mapping() move along the pgd kaiser: paranoid_entry pass cr3 need to paranoid_exit kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user kaiser: PCID 0 for kernel and 128 for user kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user kaiser: enhanced by kernel and user PCIDs kaiser: vmstat show NR_KAISERTABLE as nr_overhead kaiser: delete KAISER_REAL_SWITCH option kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET kaiser: cleanups while trying for gold link kaiser: align addition to x86/mm/Makefile kaiser: tidied up kaiser_add/remove_mapping slightly kaiser: tidied up asm/kaiser.h somewhat kaiser: ENOMEM if kaiser_pagetable_walk() NULL kaiser: fix perf crashes kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER kaiser: KAISER depends on SMP kaiser: fix build and FIXME in alloc_ldt_struct() kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE kaiser: do not set _PAGE_NX on pgd_none kaiser: merged update KAISER: Kernel Address Isolation x86/boot: Add early cmdline parsing for options with arguments tcp_bbr: reset long-term bandwidth sampling on loss recovery undo tcp_bbr: reset full pipe detection on loss recovery undo Conflicts: security/Kconfig Change-Id: I4fea07f15ed92a33aa9475745506cb01bae95438 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Hugh Dickins
|
0994a2cf8f |
kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
Kaiser only needs to map one page of the stack; and kernel/fork.c did not build on powerpc (no __PAGE_KERNEL). It's all cleaner if linux/kaiser.h provides kaiser_map_thread_stack() and kaiser_unmap_thread_stack() wrappers around asm/kaiser.h's kaiser_add_mapping() and kaiser_remove_mapping(). And use linux/kaiser.h in init/main.c to avoid the #ifdefs there. Signed-off-by: Hugh Dickins <hughd@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Dave Hansen
|
8f0baadf2b |
kaiser: merged update
Merged fixes and cleanups, rebased to 4.9.51 tree (no 5-level paging). Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Signed-off-by: Hugh Dickins <hughd@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Richard Fellner
|
13be4483bb |
KAISER: Kernel Address Isolation
This patch introduces our implementation of KAISER (Kernel Address Isolation to
have Side-channels Efficiently Removed), a kernel isolation technique to close
hardware side channels on kernel address information.
More information about the patch can be found on:
https://github.com/IAIK/KAISER
From: Richard Fellner <richard.fellner@student.tugraz.at>
From: Daniel Gruss <daniel.gruss@iaik.tugraz.at>
Subject: [RFC, PATCH] x86_64: KAISER - do not map kernel in user mode
Date: Thu, 4 May 2017 14:26:50 +0200
Link: http://marc.info/?l=linux-kernel&m=149390087310405&w=2
Kaiser-4.10-SHA1: c4b1831d44c6144d3762ccc72f0c4e71a0c713e5
To: <linux-kernel@vger.kernel.org>
To: <kernel-hardening@lists.openwall.com>
Cc: <clementine.maurice@iaik.tugraz.at>
Cc: <moritz.lipp@iaik.tugraz.at>
Cc: Michael Schwarz <michael.schwarz@iaik.tugraz.at>
Cc: Richard Fellner <richard.fellner@student.tugraz.at>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: <kirill.shutemov@linux.intel.com>
Cc: <anders.fogh@gdata-adan.de>
After several recent works [1,2,3] KASLR on x86_64 was basically
considered dead by many researchers. We have been working on an
efficient but effective fix for this problem and found that not mapping
the kernel space when running in user mode is the solution to this
problem [4] (the corresponding paper [5] will be presented at ESSoS17).
With this RFC patch we allow anybody to configure their kernel with the
flag CONFIG_KAISER to add our defense mechanism.
If there are any questions we would love to answer them.
We also appreciate any comments!
Cheers,
Daniel (+ the KAISER team from Graz University of Technology)
[1] http://www.ieee-security.org/TC/SP2013/papers/4977a191.pdf
[2] https://www.blackhat.com/docs/us-16/materials/us-16-Fogh-Using-Undocumented-CPU-Behaviour-To-See-Into-Kernel-Mode-And-Break-KASLR-In-The-Process.pdf
[3] https://www.blackhat.com/docs/us-16/materials/us-16-Jang-Breaking-Kernel-Address-Space-Layout-Randomization-KASLR-With-Intel-TSX.pdf
[4] https://github.com/IAIK/KAISER
[5] https://gruss.cc/files/kaiser.pdf
[patch based also on
https://raw.githubusercontent.com/IAIK/KAISER/master/KAISER/0001-KAISER-Kernel-Address-Isolation.patch]
Signed-off-by: Richard Fellner <richard.fellner@student.tugraz.at>
Signed-off-by: Moritz Lipp <moritz.lipp@iaik.tugraz.at>
Signed-off-by: Daniel Gruss <daniel.gruss@iaik.tugraz.at>
Signed-off-by: Michael Schwarz <michael.schwarz@iaik.tugraz.at>
Acked-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Andrea Arcangeli
|
07b039e9f2 |
mm: oom: let oom_reap_task and exit_mmap run concurrently
This is purely required because exit_aio() may block and exit_mmap() may
never start, if the oom_reap_task cannot start running on a mm with
mm_users == 0.
At the same time if the OOM reaper doesn't wait at all for the memory of
the current OOM candidate to be freed by exit_mmap->unmap_vmas, it would
generate a spurious OOM kill.
If it wasn't because of the exit_aio or similar blocking functions in
the last mmput, it would be enough to change the oom_reap_task() in the
case it finds mm_users == 0, to wait for a timeout or to wait for
__mmput to set MMF_OOM_SKIP itself, but it's not just exit_mmap the
problem here so the concurrency of exit_mmap and oom_reap_task is
apparently warranted.
It's a non standard runtime, exit_mmap() runs without mmap_sem, and
oom_reap_task runs with the mmap_sem for reading as usual (kind of
MADV_DONTNEED).
The race between the two is solved with a combination of
tsk_is_oom_victim() (serialized by task_lock) and MMF_OOM_SKIP
(serialized by a dummy down_write/up_write cycle on the same lines of
the ksm_exit method).
If the oom_reap_task() may be running concurrently during exit_mmap,
exit_mmap will wait it to finish in down_write (before taking down mm
structures that would make the oom_reap_task fail with use after free).
If exit_mmap comes first, oom_reap_task() will skip the mm if
MMF_OOM_SKIP is already set and in turn all memory is already freed and
furthermore the mm data structures may already have been taken down by
free_pgtables.
[aarcange@redhat.com: incremental one liner]
Link: http://lkml.kernel.org/r/20170726164319.GC29716@redhat.com
[rientjes@google.com: remove unused mmput_async]
Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1708141733130.50317@chino.kir.corp.google.com
[aarcange@redhat.com: microoptimization]
Link: http://lkml.kernel.org/r/20170817171240.GB5066@redhat.com
Link: http://lkml.kernel.org/r/20170726162912.GA29716@redhat.com
Fixes:
|
||
|
Kyle Yan
|
7d337cc7f9 |
Merge remote-tracking branch '4.9/tmp-85e1c01' into 4.9
* 4.9/tmp-85e1c01:
Linux 4.9.48
epoll: fix race between ep_poll_callback(POLLFREE) and ep_free()/ep_remove()
kvm: arm/arm64: Force reading uncached stage2 PGD
drm/ttm: Fix accounting error when fail to get pages for pool
xfrm: policy: check policy direction value
lib/mpi: kunmap after finishing accessing buffer
wl1251: add a missing spin_lock_init()
CIFS: remove endian related sparse warning
CIFS: Fix maximum SMB2 header size
alpha: uapi: Add support for __SANE_USERSPACE_TYPES__
cpuset: Fix incorrect memory_pressure control file mapping
cpumask: fix spurious cpumask_of_node() on non-NUMA multi-node configs
ceph: fix readpage from fscache
mm, madvise: ensure poisoned pages are removed from per-cpu lists
mm, uprobes: fix multiple free of ->uprobes_state.xol_area
crypto: algif_skcipher - only call put_page on referenced and used pages
i2c: ismt: Return EMSGSIZE for block reads with bogus length
i2c: ismt: Don't duplicate the receive length for block reads
irqchip: mips-gic: SYNC after enabling GIC region
ANDROID: fiq_debugger: Fix minor bug in code
ANDROID: configs: remove requirement for CONFIG_SYNC
FROMLIST: binder: fix an ret value override
FROMLIST: binder: fix memory corruption in binder_transaction binder
Linux 4.9.47
lz4: fix bogus gcc warning
scsi: sg: reset 'res_in_use' after unlinking reserved array
scsi: sg: protect accesses to 'reserved' page array
locking/spinlock/debug: Remove spinlock lockup detection code
arm64: fpsimd: Prevent registers leaking across exec
x86/io: Add "memory" clobber to insb/insw/insl/outsb/outsw/outsl
arm64: mm: abort uaccess retries upon fatal signal
kvm: arm/arm64: Fix race in resetting stage2 PGD
gcov: support GCC 7.1
staging: wilc1000: simplify vif[i]->ndev accesses
scsi: isci: avoid array subscript warning
p54: memset(0) whole array
FROMLIST: android: binder: Add page usage in binder stats
FROMLIST: android: binder: Add shrinker tracepoints
FROMLIST: android: binder: Add global lru shrinker to binder
FROMLIST: android: binder: Move buffer out of area shared with user space
FROMLIST: android: binder: Add allocator selftest
FROMLIST: android: binder: Refactor prev and next buffer into a helper function
android: android-base.config: enable IP6_NF_MATCH_RPFILTER
Linux 4.9.46
powerpc/mm: Ensure cpumask update is ordered
ACPI: EC: Fix regression related to wrong ECDT initialization order
ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal
ACPI: ioapic: Clear on-stack resource before using it
ntb: transport shouldn't disable link due to bogus values in SPADs
ntb: ntb_test: ensure the link is up before trying to configure the mws
ntb: no sleep in ntb_async_tx_submit
NTB: ntb_test: fix bug printing ntb_perf results
ntb_transport: fix bug calculating num_qps_mw
ntb_transport: fix qp count bug
Clarify (and fix) MAX_LFS_FILESIZE macros
staging: rtl8188eu: add RNX-N150NUB support
iio: hid-sensor-trigger: Fix the race with user space powering up sensors
iio: imu: adis16480: Fix acceleration scale factor for adis16480
ANDROID: binder: fix proc->tsk check.
binder: Use wake up hint for synchronous transactions.
binder: use group leader instead of open thread
Revert "android: binder: Sanity check at binder ioctl"
Bluetooth: bnep: fix possible might sleep error in bnep_session
Bluetooth: cmtp: fix possible might sleep error in cmtp_session
Bluetooth: hidp: fix possible might sleep error in hidp_session_thread
netfilter: nat: fix src map lookup
Revert "leds: handle suspend/resume in heartbeat trigger"
net: sunrpc: svcsock: fix NULL-pointer exception
x86/mm: Fix use-after-free of ldt_struct
timers: Fix excessive granularity of new timers after a nohz idle
perf/x86/intel/rapl: Make package handling more robust
perf probe: Fix --funcs to show correct symbols for offline module
perf/core: Fix group {cpu,task} validation
ftrace: Check for null ret_stack on profile function graph entry function
nfsd: Limit end of page list when decoding NFSv4 WRITE
cifs: return ENAMETOOLONG for overlong names in cifs_open()/cifs_lookup()
cifs: Fix df output for users with quota limits
kbuild: linker script do not match C names unless LD_DEAD_CODE_DATA_ELIMINATION is configured
tracing: Fix freeing of filter in create_filter() when set_str is false
tracing: Fix kmemleak in tracing_map_array_free()
tracing: Call clear_boot_tracer() at lateinit_sync
drm: rcar-du: Fix H/V sync signal polarity configuration
drm: rcar-du: Fix display timing controller parameter
drm: rcar-du: Fix crash in encoder failure error path
drm/atomic: If the atomic check fails, return its value first
drm: Release driver tracking before making the object available again
mm/memblock.c: reversed logic in memblock_discard()
fork: fix incorrect fput of ->exe_file causing use-after-free
mm/madvise.c: fix freeing of locked page with MADV_FREE
i2c: designware: Fix system suspend
mm, shmem: fix handling /sys/kernel/mm/transparent_hugepage/shmem_enabled
ARCv2: PAE40: Explicitly set MSB counterpart of SLC region ops addresses
ALSA: firewire: fix NULL pointer dereference when releasing uninitialized data of iso-resource
ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)
ALSA: core: Fix unexpected error at replacing user TLV
ALSA: usb-audio: Add delay quirk for H650e/Jabra 550a USB headsets
KVM: x86: block guest protection keys unless the host has them enabled
KVM: s390: sthyi: fix specification exception detection
KVM: s390: sthyi: fix sthyi inline assembly
Input: ALPS - fix two-finger scroll breakage in right side on ALPS touchpad
Input: elan_i2c - add ELAN0602 ACPI ID to support Lenovo Yoga310
Input: trackpoint - add new trackpoint firmware ID
bpf/verifier: fix min/max handling in BPF_SUB
bpf: fix mixed signed/unsigned derived min/max value bounds
bpf, verifier: fix alu ops against map_value{, _adj} register types
bpf: adjust verifier heuristics
bpf, verifier: add additional patterns to evaluate_reg_imm_alu
net_sched: fix order of queue length updates in qdisc_replace()
net: sched: fix NULL pointer dereference when action calls some targets
irda: do not leak initialized list.dev to userspace
net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled
tcp: when rearming RTO, if RTO time is in past then fire RTO ASAP
ipv6: repair fib6 tree in failure case
ipv6: reset fn->rr_ptr when replacing route
tipc: fix use-after-free
sctp: fully initialize the IPv6 address in sctp_v6_to_addr()
nfp: fix infinite loop on umapping cleanup
ipv4: better IP_MAX_MTU enforcement
ptr_ring: use kmalloc_array()
openvswitch: fix skb_panic due to the incorrect actions attrlen
bpf: fix bpf_trace_printk on 32 bit archs
net_sched: remove warning from qdisc_hash_add
net_sched/sfq: update hierarchical backlog when drop packet
ipv4: fix NULL dereference in free_fib_info_rcu()
dccp: defer ccid_hc_tx_delete() at dismantle time
dccp: purge write queue in dccp_destroy_sock()
af_key: do not use GFP_KERNEL in atomic contexts
sparc64: remove unnecessary log message
ANDROID: NFC: st21nfca: Fix memory OOB and leak issues in connectivity events handler
Linux 4.9.45
usb: qmi_wwan: add D-Link DWM-222 device ID
usb: optimize acpi companion search for usb port devices
pids: make task_tgid_nr_ns() safe
Sanitize 'move_pages()' permission checks
genirq/ipi: Fixup checks against nr_cpu_ids
genirq: Restore trigger settings in irq_modify_status()
irqchip/atmel-aic: Fix unbalanced refcount in aic_common_rtc_irq_fixup()
irqchip/atmel-aic: Fix unbalanced of_node_put() in aic_common_irq_fixup()
x86/asm/64: Clear AC on NMI entries
xen-blkfront: use a right index when checking requests
powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC
blk-mq-pci: add a fallback when pci_irq_get_affinity returns NULL
xen: fix bio vec merging
mm: revert x86_64 and arm64 ELF_ET_DYN_BASE base changes
mm/mempolicy: fix use after free when calling get_mempolicy
mm: fix double mmap_sem unlock on MMF_UNSTABLE enforced SIGBUS
mm: discard memblock data later
ALSA: usb-audio: Add mute TLV for playback volumes on C-Media devices
ALSA: usb-audio: Apply sample rate quirk to Sennheiser headset
ALSA: seq: 2nd attempt at fixing race creating a queue
Input: elan_i2c - Add antoher Lenovo ACPI ID for upcoming Lenovo NB
Input: elan_i2c - add ELAN0608 to the ACPI table
crypto: x86/sha1 - Fix reads beyond the number of blocks passed
crypto: ixp4xx - Fix error handling path in 'aead_perform()'
parisc: pci memory bar assignment fails with 64bit kernels on dino/cujo
audit: Fix use after free in audit_remove_watch_rule()
netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister
ANDROID: check dir value of xfrm_userpolicy_id
ANDROID: NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
ANDROID: nfc: fdp: Fix possible buffer overflow in WCS4000 NFC driver
ANDROID: NFC: st21nfca: Fix out of bounds kernel access when handling ATR_REQ
ANDROID: usb: gadget: assign no-op request complete callbacks
ANDROID: usb: gadget: configfs: fix null ptr in android_disconnect
ANDROID: uid_sys_stats: Fix implicit declaration of get_cmdline()
uid_sys_stats: log task io with a debug flag
Linux 4.9.44
MIPS: DEC: Fix an int-handler.S CPU_DADDI_WORKAROUNDS regression
pinctrl: meson-gxbb: Add missing GPIODV_18 pin entry
pinctrl: samsung: Remove bogus irq_[un]mask from resource management
pinctrl: uniphier: fix WARN_ON() of pingroups dump on LD20
pinctrl: uniphier: fix WARN_ON() of pingroups dump on LD11
pinctrl: intel: merrifield: Correct UART pin lists
pinctrl: sunxi: add a missing function of A10/A20 pinctrl driver
pnfs/blocklayout: require 64-bit sector_t
iio: adc: vf610_adc: Fix VALT selection value for REFSEL bits
usb:xhci:Add quirk for Certain failing HP keyboard on reset after resume
usb: quirks: Add no-lpm quirk for Moshi USB to Ethernet Adapter
usb: core: unlink urbs from the tail of the endpoint's urb_list
USB: Check for dropped connection before switching to full speed
usb: renesas_usbhs: Fix UGCTRL2 value for R-Car Gen3
usb: gadget: udc: renesas_usb3: Fix usb_gadget_giveback_request() calling
uas: Add US_FL_IGNORE_RESIDUE for Initio Corporation INIC-3069
staging: comedi: comedi_fops: do not call blocking ops when !TASK_RUNNING
iio: light: tsl2563: use correct event code
iio: accel: bmc150: Always restore device to normal mode after suspend-resume
staging:iio:resolver:ad2s1210 fix negative IIO_ANGL_VEL read
USB: hcd: Mark secondary HCD as dead if the primary one died
usb: musb: fix tx fifo flush handling again
USB: serial: pl2303: add new ATEN device id
USB: serial: cp210x: add support for Qivicon USB ZigBee dongle
USB: serial: option: add D-Link DWM-222 device ID
drm/i915: Fix out-of-bounds array access in bdw_load_gamma_lut
drm/etnaviv: Fix off-by-one error in reloc checking
nfs/flexfiles: fix leak of nfs4_ff_ds_version arrays
mmc: mmc: correct the logic for setting HS400ES signal voltage
nand: fix wrong default oob layout for small pages using soft ecc
fuse: initialize the flock flag in fuse_file on allocation
target: Fix node_acl demo-mode + uncached dynamic shutdown regression
iscsi-target: Fix iscsi_np reset hung task during parallel delete
iscsi-target: fix memory leak in iscsit_setup_text_cmd()
mtd: nand: Fix timing setup for NANDs that do not support SET FEATURES
xtensa: don't limit csum_partial export by CONFIG_NET
xtensa: mm/cache: add missing EXPORT_SYMBOLs
xtensa: fix cache aliasing handling code for WT cache
futex: Remove unnecessary warning from get_futex_key
mm: fix list corruptions on shmem shrinklist
mm: ratelimit PFNs busy info message
ANDROID: Use sk_uid to replace uid get from socket file
Linux 4.9.43
Revert "ARM: dts: sun8i: Support DTB build for NanoPi M1"
KVM: arm/arm64: Handle hva aging while destroying the vm
sparc64: Prevent perf from running during super critical sections
udp: consistently apply ufo or fragmentation
revert "ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output"
revert "net: account for current skb length when deciding about UFO"
packet: fix tp_reserve race in packet_set_ring
igmp: Fix regression caused by igmp sysctl namespace code.
net: avoid skb_warn_bad_offload false positives on UFO
tcp: fastopen: tcp_connect() must refresh the route
net: sched: set xt_tgchk_param par.nft_compat as 0 in ipt_init_target
net/mlx4_en: don't set CHECKSUM_COMPLETE on SCTP packets
bpf, s390: fix jit branch offset related to ldimm64
net: fix keepalive code vs TCP_FASTOPEN_CONNECT
tcp: avoid setting cwnd to invalid ssthresh after cwnd reduction states
ppp: fix xmit recursion detection on ppp channels
ppp: Fix false xmit recursion detect with two ppp devices
Linux 4.9.42
workqueue: implicit ordered attribute should be overridable
net: phy: Fix PHY unbind crash
net: account for current skb length when deciding about UFO
ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output
net/mlx5: E-Switch, Re-enable RoCE on mode change only after FDB destroy
mm: don't dereference struct page fields of invalid pages
signal: protect SIGNAL_UNKILLABLE from unintentional clearing.
lib/Kconfig.debug: fix frv build failure
mm, slab: make sure that KMALLOC_MAX_SIZE will fit into MAX_ORDER
ARM: 8632/1: ftrace: fix syscall name matching
virtio_blk: fix panic in initialization error path
nbd: blk_mq_init_queue returns an error code on failure, not NULL
iw_cxgb4: do not send RX_DATA_ACK CPLs after close/abort
ARM: dts: sunxi: Change node name for pwrseq pin on Olinuxino-lime2-emmc
ARM: dts: sun8i: Support DTB build for NanoPi M1
drm/virtio: fix framebuffer sparse warning
scsi: qla2xxx: Get mutex lock before checking optrom_state
clk/samsung: exynos542x: mark some clocks as critical
ipv4: make tcp_notsent_lowat sysctl knob behave as true unsigned int
phy state machine: failsafe leave invalid RUNNING state
netfilter: use fwmark_reflect in nf_send_reset
ASoC: rt5645: set sel_i2s_pre_div1 to 2
spi: spi-axi: Free resources on error path
x86/boot: Add missing declaration of string functions
tg3: Fix race condition in tg3_get_stats64().
net: phy: dp83867: fix irq generation
sh_eth: R8A7740 supports packet shecksumming
sh_eth: fix EESIPR values for SH77{34|63}
wext: handle NULL extra data in iwe_stream_add_point better
sparc64: Fix exception handling in UltraSPARC-III memcpy.
sparc64: Measure receiver forward progress to avoid send mondo timeout
xen-netback: correctly schedule rate-limited queues
net: phy: Correctly process PHY_HALTED in phy_stop_machine()
net/mlx5e: Schedule overflow check work to mlx5e workqueue
net/mlx5e: Fix wrong delay calculation for overflow check scheduling
net/mlx5e: Fix outer_header_zero() check size
net/mlx5: Fix command bad flow on command entry allocation failure
net/mlx5: Consider tx_enabled in all modes on remap
sctp: fix the check for _sctp_walk_params and _sctp_walk_errors
sctp: don't dereference ptr before leaving _sctp_walk_{params, errors}()
dccp: fix a memleak for dccp_feat_init err process
dccp: fix a memleak that dccp_ipv4 doesn't put reqsk properly
dccp: fix a memleak that dccp_ipv6 doesn't put reqsk properly
net: ethernet: nb8800: Handle all 4 RGMII modes identically
ipv6: Don't increase IPSTATS_MIB_FRAGFAILS twice in ip6_fragment()
packet: fix use-after-free in prb_retire_rx_blk_timer_expired()
openvswitch: fix potential out of bound access in parse_ct
mcs7780: Fix initialization when CONFIG_VMAP_STACK is enabled
rtnetlink: allocate more memory for dev_set_mac_address()
ipv4: initialize fib_trie prior to register_netdev_notifier call.
net: dsa: b53: Add missing ARL entries for BCM53125
ipv6: avoid overflow of offset in ip6_find_1stfragopt
net: Zero terminate ifr_name in dev_ifname().
ipv4: ipv6: initialize treq->txhash in cookie_v[46]_check()
tcp_bbr: init pacing rate on first RTT sample
tcp_bbr: remove sk_pacing_rate=0 transient during init
tcp_bbr: introduce bbr_init_pacing_rate_from_rtt() helper
tcp_bbr: introduce bbr_bw_to_pacing_rate() helper
tcp_bbr: cut pacing rate only if filled pipe
saa7164: fix double fetch PCIe access condition
Btrfs: fix early ENOSPC due to delalloc
f2fs: sanity check checkpoint segno and blkoff
media: lirc: LIRC_GET_REC_RESOLUTION should return microseconds
mmc: core: Use device_property_read instead of of_property_read
mmc: dw_mmc: Use device_property_read instead of of_property_read
iscsi-target: Fix initial login PDU asynchronous socket close OOPs
media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl
ARM: dts: tango4: Request RGMII RX and TX clock delays
ARM: dts: armada-38x: Fix irq type for pca955
ext4: fix overflow caused by missing cast in ext4_resize_fs()
ext4: fix SEEK_HOLE/SEEK_DATA for blocksize < pagesize
gpiolib: skip unwanted events, don't convert them to opposite edge
iommu/amd: Enable ga_log_intr when enabling guest_mode
powerpc/64: Fix __check_irq_replay missing decrementer interrupt
powerpc/tm: Fix saving of TM SPRs in core dump
timers: Fix overflow in get_next_timer_interrupt
mm/page_alloc: Remove kernel address exposure in free_reserved_area()
KVM: async_pf: make rcu irq exit if not triggered from idle task
ASoC: do not close shared backend dailink
drm/amdgpu: Fix undue fallthroughs in golden registers initialization
ALSA: hda - Fix speaker output from VAIO VPCL14M1R
cpuset: fix a deadlock due to incomplete patching of cpusets_enabled()
mm, mprotect: flush TLB if potentially racing with a parallel reclaim leaving stale TLB entries
mmc: core: Fix access to HS400-ES devices
device property: Make dev_fwnode() public
mmc: sdhci-of-at91: force card detect value for non removable devices
NFSv4: Fix EXCHANGE_ID corrupt verifier issue
brcmfmac: fix memleak due to calling brcmf_sdiod_sgtable_alloc() twice
iwlwifi: dvm: prevent an out of bounds access
workqueue: restore WQ_UNBOUND/max_active==1 to be ordered
libata: array underflow in ata_find_dev()
cgroup: fix error return value from cgroup_subtree_control()
cgroup: create dfl_root files on subsys registration
parisc: Handle vma's whose context is not current in flush_cache_range
ANDROID: binder: don't queue async transactions to thread.
ANDROID: binder: don't enqueue death notifications to thread todo.
ANDROID: binder: call poll_wait() unconditionally.
ANDROID: keychord: Fix for a memory leak in keychord.
ANDROID: keychord: Fix races in keychord_write.
android: configs: move quota-related configs to recommended
ANDROID: sdcardfs: override credential for ioctl to lower fs
ANDROID: xt_qtaguid: handle properly request sockets
Conflicts:
drivers/staging/android/fiq_debugger/fiq_debugger.c
include/linux/sched.h
kernel/locking/spinlock_debug.c
sound/soc/soc-pcm.c
Change-Id: I163a8c98f1737eeb01b9c8a0636a91d552ef349f
Signed-off-by: Kyle Yan <kyan@codeaurora.org>
|
||
|
Eric Biggers
|
17c564f629 |
mm, uprobes: fix multiple free of ->uprobes_state.xol_area
commit 355627f518978b5167256d27492fe0b343aaf2f2 upstream. Commit |
||
|
Eric Biggers
|
b65b6ac52e |
fork: fix incorrect fput of ->exe_file causing use-after-free
commit 2b7e8665b4ff51c034c55df3cff76518d1a9ee3a upstream. Commit |
||
|
Vegard Nossum
|
5218d13b2d |
kthread: Fix use-after-free if kthread fork fails
If a kthread forks (e.g. usermodehelper since commit 1da5c46fa965) but
fails in copy_process() between calling dup_task_struct() and setting
p->set_child_tid, then the value of p->set_child_tid will be inherited
from the parent and get prematurely freed by free_kthread_struct().
kthread()
- worker_thread()
- process_one_work()
| - call_usermodehelper_exec_work()
| - kernel_thread()
| - _do_fork()
| - copy_process()
| - dup_task_struct()
| - arch_dup_task_struct()
| - tsk->set_child_tid = current->set_child_tid // implied
| - ...
| - goto bad_fork_*
| - ...
| - free_task(tsk)
| - free_kthread_struct(tsk)
| - kfree(tsk->set_child_tid)
- ...
- schedule()
- __schedule()
- wq_worker_sleeping()
- kthread_data(task)->flags // UAF
The problem started showing up with commit 1da5c46fa965 since it reused
->set_child_tid for the kthread worker data.
A better long-term solution might be to get rid of the ->set_child_tid
abuse. The comment in set_kthread_struct() also looks slightly wrong.
Change-Id: Iebc93dc79b84cc7390c95fc6b50ac9b7588dc714
Debugged-by: Jamie Iles <jamie.iles@oracle.com>
Fixes: 1da5c46fa965 ("kthread: Make struct kthread kmalloc'ed")
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Jamie Iles <jamie.iles@oracle.com>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/20170509073959.17858-1-vegard.nossum@oracle.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Git-commit: 4d6501dce079c1eb6bf0b1d8f528a5e81770109e
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Olav Haugan <ohaugan@codeaurora.org>
|
||
|
Kyle Yan
|
3dfb68c8ba |
Merge remote-tracking branch '4.9/tmp-9ae2c67' into 4.9
* 4.9/tmp-9ae2c67:
Linux 4.9.40
alarmtimer: don't rate limit one-shot timers
tracing: Fix kmemleak in instance_rmdir
PM / Domains: defer dev_pm_domain_set() until genpd->attach_dev succeeds if present
reiserfs: Don't clear SGID when inheriting ACLs
spmi: Include OF based modalias in device uevent
of: device: Export of_device_{get_modalias, uvent_modalias} to modules
acpi/nfit: Fix memory corruption/Unregister mce decoder on failure
ovl: fix random return value on mount
hfsplus: Don't clear SGID when inheriting ACLs
mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms[] array
drm/mst: Avoid processing partially received up/down message transactions
drm/mst: Avoid dereferencing a NULL mstb in drm_dp_mst_handle_up_req()
drm/mst: Fix error handling during MST sideband message reception
RDMA/core: Initialize port_num in qp_attr
ceph: fix race in concurrent readdir
staging: lustre: ko2iblnd: check copy_from_iter/copy_to_iter return code
staging: sm750fb: avoid conflicting vesafb
staging: comedi: ni_mio_common: fix AO timer off-by-one regression
staging: rtl8188eu: add TL-WN722N v2 support
Revert "perf/core: Drop kernel samples even though :u is specified"
perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its target
iser-target: Avoid isert_conn->cm_id dereference in isert_login_recv_done
target: Fix COMPARE_AND_WRITE caw_sem leak during se_cmd quiesce
udf: Fix deadlock between writeback and udf_setsize()
NFS: only invalidate dentrys that are clearly invalid.
sunrpc: use constant time memory comparison for mac
IB/core: Namespace is mandatory input for address resolution
IB/iser: Fix connection teardown race condition
Input: i8042 - fix crash at boot time
MIPS: Fix a typo: s/preset/present/ in r2-to-r6 emulation error message
MIPS: Send SIGILL for R6 branches in `__compute_return_epc_for_insn'
MIPS: Send SIGILL for linked branches in `__compute_return_epc_for_insn'
MIPS: Rename `sigill_r6' to `sigill_r2r6' in `__compute_return_epc_for_insn'
MIPS: Send SIGILL for BPOSGE32 in `__compute_return_epc_for_insn'
MIPS: math-emu: Prevent wrong ISA mode instruction emulation
MIPS: Fix unaligned PC interpretation in `compute_return_epc'
MIPS: Actually decode JALX in `__compute_return_epc_for_insn'
MIPS: Save static registers before sysmips
MIPS: Fix MIPS I ISA /proc/cpuinfo reporting
x86/ioapic: Pass the correct data to unmask_ioapic_irq()
x86/acpi: Prevent out of bound access caused by broken ACPI tables
Revert "ACPI / EC: Enable event freeze mode..." to fix a regression
ACPI / EC: Drop EC noirq hooks to fix a regression
ubifs: Don't leak kernel memory to the MTD
MIPS: Negate error syscall return in trace
MIPS: Fix mips_atomic_set() with EVA
MIPS: Fix mips_atomic_set() retry condition
ftrace: Fix uninitialized variable in match_records()
nvme-rdma: remove race conditions from IB signalling
vfio: New external user group/file match
vfio: Fix group release deadlock
ovl: drop CAP_SYS_RESOURCE from saved mounter's credentials
drm/ttm: Fix use-after-free in ttm_bo_clean_mm
f2fs: Don't clear SGID when inheriting ACLs
f2fs: sanity check size of nat and sit cache
xfs: Don't clear SGID when inheriting ACLs
ipmi:ssif: Add missing unlock in error branch
ipmi: use rcu lock around call to intf->handlers->sender()
drm/radeon: Fix eDP for single-display iMac10,1 (v2)
drm/radeon/ci: disable mclk switching for high refresh rates (v2)
drm/amd/amdgpu: Return error if initiating read out of range on vram
s390/syscalls: Fix out of bounds arguments access
Raid5 should update rdev->sectors after reshape
ext2: Don't clear SGID when inheriting ACLs
libnvdimm: fix badblock range handling of ARS range
libnvdimm, btt: fix btt_rw_page not returning errors
cx88: Fix regression in initial video standard setting
x86/xen: allow userspace access during hypercalls
md: don't use flush_signals in userspace processes
usb: renesas_usbhs: gadget: disable all eps when the driver stops
usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL
USB: cdc-acm: add device-id for quirky printer
usb: storage: return on error to avoid a null pointer dereference
mxl111sf: Fix driver to use heap allocate buffers for USB messages
xhci: Bad Ethernet performance plugged in ASM1042A host
xhci: Fix NULL pointer dereference when cleaning up streams for removed host
xhci: fix 20000ms port resume timeout
ipvs: SNAT packet replies only for NATed connections
PCI/PM: Restore the status of PCI devices across hibernation
PCI: rockchip: Use normal register bank for config accessors
PCI: Work around poweroff & suspend-to-RAM issue on Macbook Pro 11
af_key: Fix sadb_x_ipsecrequest parsing
powerpc/mm/radix: Properly clear process table entry
powerpc/asm: Mark cr0 as clobbered in mftb()
powerpc: Fix emulation of mfocrf in emulate_step()
powerpc: Fix emulation of mcrf in emulate_step()
powerpc/64: Fix atomic64_inc_not_zero() to return an int
powerpc/pseries: Fix passing of pp0 in updatepp() and updateboltedpp()
xen/scsiback: Fix a TMR related use-after-free
iscsi-target: Add login_keys_workaround attribute for non RFC initiators
scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state
scsi: ses: do not add a device to an enclosure if enclosure_add_links() fails.
PM / Domains: Fix unsafe iteration over modified list of domains
PM / Domains: Fix unsafe iteration over modified list of domain providers
PM / Domains: Fix unsafe iteration over modified list of device links
ASoC: compress: Derive substream from stream based on direction
igb: Explicitly select page 0 at initialization
btrfs: Don't clear SGID when inheriting ACLs
wlcore: fix 64K page support
Bluetooth: use constant time memory comparison for secret values
perf intel-pt: Clear FUP flag on error
perf intel-pt: Use FUP always when scanning for an IP
perf intel-pt: Ensure never to set 'last_ip' when packet 'count' is zero
perf intel-pt: Fix last_ip usage
perf intel-pt: Ensure IP is zero when state is INTEL_PT_STATE_NO_IP
perf intel-pt: Fix missing stack clear
perf intel-pt: Improve sample timestamp
perf intel-pt: Move decoder error setting into one condition
NFC: Add sockaddr length checks before accessing sa_family in bind handlers
nfc: Fix the sockaddr length sanitization in llcp_sock_connect
nfc: Ensure presence of required attributes in the activate_target handler
NFC: nfcmrvl: fix firmware-management initialisation
NFC: nfcmrvl: use nfc-device for firmware download
NFC: nfcmrvl: do not use device-managed resources
NFC: nfcmrvl_uart: add missing tty-device sanity check
NFC: fix broken device allocation
ath9k: fix an invalid pointer dereference in ath9k_rng_stop()
ath9k: fix tx99 bus error
ath9k: fix tx99 use after free
thermal: cpu_cooling: Avoid accessing potentially freed structures
thermal: max77620: fix device-node reference imbalance
s5p-jpeg: don't return a random width/height
dm mpath: cleanup -Wbool-operation warning in choose_pgpath()
ir-core: fix gcc-7 warning on bool arithmetic
disable new gcc-7.1.1 warnings for now
Use %zu to print resid (size_t).
ANDROID: keychord: Fix a slab out-of-bounds read.
UPSTREAM: af_key: Fix sadb_x_ipsecrequest parsing
ANDROID: lowmemorykiller: Add tgid to kill message
Revert "ANDROID: proc: smaps: Allow smaps access for CAP_SYS_RESOURCE"
4.9.39
kvm: vmx: allow host to access guest MSR_IA32_BNDCFGS
kvm: vmx: Check value written to IA32_BNDCFGS
kvm: x86: Guest BNDCFGS requires guest MPX support
kvm: vmx: Do not disable intercepts for BNDCFGS
tracing: Use SOFTIRQ_OFFSET for softirq dectection for more accurate results
PM / QoS: return -EINVAL for bogus strings
PM / wakeirq: Convert to SRCU
sched/topology: Fix overlapping sched_group_mask
sched/topology: Optimize build_group_mask()
sched/topology: Fix building of overlapping sched-groups
sched/fair, cpumask: Export for_each_cpu_wrap()
Revert "sched/core: Optimize SCHED_SMT"
crypto: caam - fix signals handling
crypto: caam - properly set IV after {en,de}crypt
crypto: sha1-ssse3 - Disable avx2
crypto: atmel - only treat EBUSY as transient if backlog
crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD
mm: fix overflow check in expand_upwards()
selftests/capabilities: Fix the test_execve test
mnt: Make propagate_umount less slow for overlapping mount propagation trees
mnt: In propgate_umount handle visiting mounts in any order
mnt: In umount propagation reparent in a separate pass
nvmem: core: fix leaks on registration errors
rcu: Add memory barriers for NOCB leader wakeup
vt: fix unchecked __put_user() in tioclinux ioctls
ARM64: dts: marvell: armada37xx: Fix timer interrupt specifiers
exec: Limit arg stack to at most 75% of _STK_LIM
s390: reduce ELF_ET_DYN_BASE
powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB
arm64: move ELF_ET_DYN_BASE to 4GB / 4MB
arm: move ELF_ET_DYN_BASE to 4MB
binfmt_elf: use ELF_ET_DYN_BASE only for PIE
checkpatch: silence perl 5.26.0 unescaped left brace warnings
fs/dcache.c: fix spin lockup issue on nlru->lock
mm/list_lru.c: fix list_lru_count_node() to be race free
kernel/extable.c: mark core_kernel_text notrace
thp, mm: fix crash due race in MADV_FREE handling
tools/lib/lockdep: Reduce MAX_LOCK_DEPTH to avoid overflowing lock_chain/: Depth
parisc/mm: Ensure IRQs are off in switch_mm()
parisc: DMA API: return error instead of BUG_ON for dma ops on non dma devs
parisc: use compat_sys_keyctl()
parisc: Report SIGSEGV instead of SIGBUS when running out of stack
irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity
cfg80211: Check if NAN service ID is of expected size
cfg80211: Check if PMKID attribute is of expected size
cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
sfc: don't read beyond unicast address list
brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain
brcmfmac: Fix a memory leak in error handling path in 'brcmf_cfg80211_attach'
brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
rds: tcp: use sock_create_lite() to create the accept socket
vrf: fix bug_on triggered by rx when destroying a vrf
net: ipv6: Compare lwstate in detecting duplicate nexthops
net: core: Fix slab-out-of-bounds in netdev_stats_to_stats64
vxlan: fix hlist corruption
ipv6: dad: don't remove dynamic addresses if link is down
net/mlx5e: Fix TX carrier errors report in get stats ndo
liquidio: fix bug in soft reset failure detection
net/mlx5: Cancel delayed recovery work when unloading the driver
net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()
bpf: prevent leaking pointer via xadd on unpriviledged
rocker: move dereference before free
bridge: mdb: fix leak on complete_info ptr on fail path
net: prevent sign extension in dev_get_stats()
tcp: reset sk_rx_dst in tcp_disconnect()
net: dp83640: Avoid NULL pointer dereference.
ipv6: avoid unregistering inet6_dev for loopback
net/phy: micrel: configure intterupts after autoneg workaround
net: sched: Fix one possible panic when no destroy callback
net_sched: fix error recovery at qdisc creation
xen-netfront: Rework the fix for Rx stall during OOM and network stress
ANDROID: android-verity: mark dev as rw for linear target
ANDROID: sdcardfs: Remove unnecessary lock
ANDROID: binder: don't check prio permissions on restore.
Add BINDER_GET_NODE_DEBUG_INFO ioctl
ANDROID: binder: add RT inheritance flag to node.
ANDROID: binder: improve priority inheritance.
ANDROID: binder: add min sched_policy to node.
ANDROID: binder: add support for RT prio inheritance.
ANDROID: binder: push new transactions to waiting threads.
ANDROID: binder: remove proc waitqueue
Conflicts:
drivers/staging/android/lowmemorykiller.c
Change-Id: I2954e47d7e4fc74cf9bb5033fc151537958b78af
Signed-off-by: Kyle Yan <kyan@codeaurora.org>
|
||
|
Daniel Mentz
|
5b07c2d252 |
Revert "ANDROID: proc: smaps: Allow smaps access for CAP_SYS_RESOURCE"
This reverts commit
|
||
|
Liam Mark
|
4f1cdd2baf |
android/lowmemorykiller: Ignore tasks with freed mm
A killed task can stay in the task list long after its memory has been returned to the system, therefore ignore any tasks whose mm struct has been freed. Change-Id: I76394b203b4ab2312437c839976f0ecb7b6dde4e Signed-off-by: Liam Mark <lmark@codeaurora.org> Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> |
||
|
Kyle Yan
|
d523ad4fa3 |
Merge remote-tracking branch '4.9/tmp-951d823' into msm-4.9
* 4.9/tmp-951d823: Linux 4.9.30 drm/i915/gvt: Disable access to stolen memory as a guest drivers: char: mem: Check for address space wraparound with mmap() nfsd: encoders mustn't use unitialized values in error cases nfsd: fix undefined behavior in nfsd4_layout_verify NFS: Use GFP_NOIO for two allocations in writeback NFS: Fix use after free in write error path NFSv4: Fix a hang in OPEN related to server reboot drm/edid: Add 10 bpc quirk for LGD 764 panel in HP zBook 17 G2 mtd: nand: add ooblayout for old hamming layout mtd: nand: omap2: Fix partition creation via cmdline mtdparts mtd: nand: orion: fix clk handling PCI: Freeze PME scan before suspending devices PCI: Only allow WC mmap on prefetchable resources PCI: Fix another sanity check bug in /proc/pci mmap PCI: Fix pci_mmap_fits() for HAVE_PCI_RESOURCE_TO_USER platforms PCI: hv: Specify CPU_AFFINITY_ALL for MSI affinity when >= 32 CPUs PCI: hv: Allocate interrupt descriptors with GFP_ATOMIC tracing/kprobes: Enforce kprobes teardown after testing um: Fix to call read_initrd after init_bootmem osf_wait4(): fix infoleak MIPS: Loongson-3: Select MIPS_L1_CACHE_SHIFT_6 nvme: unmap CMB and remove sysfs file in reset path genirq: Fix chained interrupt data ordering uwb: fix device quirk on big-endian hosts stackprotector: Increase the per-task stack canary's random range from 32 bits to 64 bits on 64-bit platforms metag/uaccess: Check access_ok in strncpy_from_user metag/uaccess: Fix access_ok() iommu/vt-d: Flush the IOTLB to get rid of the initial kdump mappings staging: rtl8192e: GetTs Fix invalid TID 7 warning. staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of EPROM_CMD. staging: rtl8192e: fix 2 byte alignment of register BSSIDR. staging: rtl8192e: rtl92e_fill_tx_desc fix write to mapped out memory. arm64: documentation: document tagged pointer stack constraints arm64: uaccess: ensure extension of access_ok() addr arm64: armv8_deprecated: ensure extension of addr arm64: ensure extension of smp_store_release value arm64: xchg: hazard against entire exchange variable arm64: dts: hi6220: Reset the mmc hosts ARM: dts: imx6sx-sdb: Remove OPP override ARM: dts: at91: sama5d3_xplained: not all ADC channels are available ARM: dts: at91: sama5d3_xplained: fix ADC vref ARM: 8670/1: V7M: Do not corrupt vector table around v7m_invalidate_l1 call ARM: 8662/1: module: split core and init PLT sections KVM: arm: plug potential guest hardware debug leakage arm: KVM: Do not use stack-protector to compile HYP code arm64: KVM: Do not use stack-protector to compile EL2 code powerpc/tm: Fix FP and VMX register corruption powerpc/64e: Fix hang when debugging programs with relocated kernel powerpc/iommu: Do not call PageTransHuge() on tail pages powerpc/pseries: Fix of_node_put() underflow during DLPAR remove powerpc/book3s/mce: Move add_taint() later in virtual mode powerpc/eeh: Avoid use after free in eeh_handle_special_event() powerpc/mm: Ensure IRQs are off in switch_mm() cx231xx-cards: fix NULL-deref at probe cx231xx-audio: fix NULL-deref at probe cx231xx-audio: fix init error path dw2102: limit messages to buffer size digitv: limit messages to buffer size dvb-frontends/cxd2841er: define symbol_rate_min/max in T/C fe-ops zr364xx: enforce minimum size when reading header dib0700: fix NULL-deref at probe s5p-mfc: Fix unbalanced call to clock management gspca: konica: add missing endpoint sanity check s5p-mfc: Fix race between interrupt routine and device functions iio: hid-sensor: Store restore poll and hysteresis on S3 iio: proximity: as3935: fix as3935_write ipx: call ipxitf_put() in ioctl error path USB: hub: fix non-SS hub-descriptor handling USB: hub: fix SS hub-descriptor handling USB: serial: io_ti: fix div-by-zero in set_termios USB: serial: mct_u232: fix big-endian baud-rate handling USB: serial: qcserial: add more Lenovo EM74xx device IDs usb: serial: option: add Telit ME910 support USB: iowarrior: fix info ioctl on big-endian hosts usb: musb: Fix trying to suspend while active for OTG configurations usb: musb: tusb6010_omap: Do not reset the other direction's packet size usb: dwc3: gadget: Prevent losing events in event cache dvb-usb-dibusb-mc-common: Add MODULE_LICENSE ttusb2: limit messages to buffer size mceusb: fix NULL-deref at probe usbvision: fix NULL-deref at probe net: irda: irda-usb: fix firmware name on big-endian hosts usb: host: xhci-mem: allocate zeroed Scratchpad Buffer xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton usb: host: xhci-plat: propagate return value of platform_get_irq() xhci: remove GFP_DMA flag from allocation libnvdimm: fix clear length of nvdimm_forget_poison() fscrypt: avoid collisions when presenting long encrypted filenames f2fs: check entire encrypted bigname when finding a dentry USB: chaoskey: fix Alea quirk on big-endian hosts USB: serial: ftdi_sio: add Olimex ARM-USB-TINY(H) PIDs USB: serial: ftdi_sio: fix setting latency for unprivileged users pid_ns: Fix race between setns'ed fork() and zap_pid_ns_processes() pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes IB/hfi1: Fix a subcontext memory leak IB/hfi1: Return an error on memory allocation failure IIO: bmp280-core.c: fix error in humidity calculation iio: dac: ad7303: fix channel description ibmvscsis: Do not send aborted task response of: fdt: add missing allocation-failure check of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes() of: fix sparse warning in of_pci_range_parser_one proc: Fix unbalanced hard link numbers cxl: Route eeh events to all drivers in cxl_pci_error_detected() cxl: Force context lock during EEH flow ohci-pci: add qemu quirk cdc-acm: fix possible invalid access when processing notification gpio: omap: return error if requested debounce time is not possible drm/nouveau/tmr: handle races with hw when updating the next alarm time drm/nouveau/tmr: avoid processing completed alarms when adding a new one drm/nouveau/tmr: fix corruption of the pending list when rescheduling an alarm drm/nouveau/tmr: ack interrupt before processing alarms drm/nouveau/therm: remove ineffective workarounds for alarm bugs drm/amdgpu: Add missing lb_vblank_lead_lines setup to DCE-6 path. drm/amdgpu: Avoid overflows/divide-by-zero in latency_watermark calculations. drm/amdgpu: Make display watermark calculations more accurate ath9k_htc: fix NULL-deref at probe ath9k_htc: Add support of AirTies 1eda:2315 AR9271 device s390/cputime: fix incorrect system time s390/kdump: Add final note regulator: tps65023: Fix inverted core enable logic. regulator: rk808: Fix RK818 LDO2 x86: fix 32-bit case of __get_user_asm_u64() KVM: X86: Fix read out-of-bounds vulnerability in kvm pio emulation KVM: x86: Fix potential preemption when get the current kvmclock timestamp KVM: x86: Fix load damaged SSEx MXCSR register ima: accept previously set IMA_NEW_FILE mwifiex: pcie: fix cmd_buf use-after-free in remove/reset mwifiex: MAC randomization should not be persistent rtlwifi: rtl8821ae: setup 8812ae RFE according to device type md: MD_CLOSING needs to be cleared after called md_set_readonly or do_md_stop md: update slab_cache before releasing new stripes when stripes resizing dm space map disk: fix some book keeping in the disk space map dm thin metadata: call precommit before saving the roots dm bufio: make the parameter "retain_bytes" unsigned long dm cache metadata: fail operations if fail_io mode has been established dm mpath: split and rename activate_path() to prepare for its expanded use dm bufio: check new buffer allocation watermark every 30 seconds dm bufio: avoid a possible ABBA deadlock dm raid: select the Kconfig option CONFIG_MD_RAID0 dm btree: fix for dm_btree_find_lowest_key() infiniband: call ipv6 route lookup via the stub interface mlx5: Fix mlx5_ib_map_mr_sg mr length ASoC: cs4271: configure reset GPIO as output tpm_crb: check for bad response size tpm: add sleep only for retry in i2c_nuvoton_write_status() tpm: msleep() delays - replace with usleep_range() in i2c nuvoton driver tpm_tis_spi: Add small delay after last transfer tpm_tis_spi: Remove limitation of transfers to MAX_SPI_FRAMESIZE bytes tpm_tis_spi: Check correct byte for wait state indicator tpm_tis_spi: Abort transfer when too many wait states are signaled tpm_tis_spi: Use single function to transfer data fanotify: don't expose EOPENSTALE to userspace ARM: tegra: paz00: Mark panel regulator as enabled on boot ALSA: hda: Fix cpu lockup when stopping the cmd dmas tpm_tis_core: Choose appropriate timeout for reading burstcount USB: core: replace %p with %pK char: lp: fix possible integer overflow in lp_setup() watchdog: pcwd_usb: fix NULL-deref at probe USB: ene_usb6250: fix DMA to the stack usb: misc: legousbtower: Fix memory leak usb: misc: legousbtower: Fix buffers on stack UPSTREAM: drm/fb_cma_helper: Add missing forward declaration ANDROID: uid_sys_stats: defer io stats calulation for dead tasks BACKPORT: drm/fence: fix memory overwrite when setting out_fence fd BACKPORT: drm/fence: add drm_crtc_create_fence() UPSTREAM: drm/fences: add DOC: for explicit fencing UPSTREAM: drm/atomic: Fix double free in drm_atomic_state_default_clear BACKPORT: drm/fence: add out-fences support BACKPORT: drm/fence: add fence timeline to drm_crtc BACKPORT: drm/fence: add in-fences support BACKPORT: dma-buf: Use fence_get_rcu_safe() for retrieving the exclusive fence BACKPORT: drm/fb_cma_helper: Add drm_fb_cma_prepare_fb() helper BACKPORT: drm/atomic: add drm_atomic_set_fence_for_plane() UPSTREAM: dma-buf: Update kerneldoc for sync_file_create UPSTREAM: Revert "dma-buf/sync-file: Avoid enable fence signaling if poll(.timeout=0)" UPSTREAM: reservation: revert "wait only with non-zero timeout specified (v3)" v2 BACKPORT: dma-buf/fence: revert "don't wait when specified timeout is zero" (v2) UPSTREAM: dma-buf/sw_sync: put fence reference from the fence creation UPSTREAM: dma-buf/fence: add an lockdep_assert_held() UPSTREAM: dma-buf/sync_file: hold reference to fence when creating sync_file UPSTREAM: drm/fence: release fence reference when canceling event UPSTREAM: dma-buf: Restart reservation_object_test_signaled_rcu() after writes UPSTREAM: dma-buf: Restart reservation_object_wait_timeout_rcu() after writes UPSTREAM: dma-buf: Restart reservation_object_get_fences_rcu() after writes UPSTREAM: dma-buf: Introduce fence_get_rcu_safe() ANDROID: sdcardfs: Check for NULL in revalidate ANDROID: Add CGROUP_BPF to android base config BACKPORT: UPSTREAM: bpf: pass sk to helper functions BACKPORT: UPSTREAM: Add a eBPF helper function to retrieve socket uid BACKPORT: UPSTREAM: Add a helper function to get socket cookie in eBPF ANDROID: Fix missing uapi headers UPSTREAM: cgroup: Fix CGROUP_BPF config UPSTREAM: samples: bpf: add userspace example for attaching eBPF programs to cgroups UPSTREAM: net: ipv4, ipv6: run cgroup eBPF egress programs UPSTREAM: net: filter: run cgroup eBPF ingress programs UPSTREAM: bpf: add BPF_PROG_ATTACH and BPF_PROG_DETACH commands UPSTREAM: cgroup: add support for eBPF programs UPSTREAM: bpf: add new prog type for cgroup socket filtering Change-Id: Ic92b4df2a2fd08d1ec4bbcf6a5d6e100acfa5b61 Signed-off-by: Kyle Yan <kyan@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
951d823c04 |
Merge 4.9.30 into android-4.9
Changes in 4.9.30 usb: misc: legousbtower: Fix buffers on stack usb: misc: legousbtower: Fix memory leak USB: ene_usb6250: fix DMA to the stack watchdog: pcwd_usb: fix NULL-deref at probe char: lp: fix possible integer overflow in lp_setup() USB: core: replace %p with %pK tpm_tis_core: Choose appropriate timeout for reading burstcount ALSA: hda: Fix cpu lockup when stopping the cmd dmas ARM: tegra: paz00: Mark panel regulator as enabled on boot fanotify: don't expose EOPENSTALE to userspace tpm_tis_spi: Use single function to transfer data tpm_tis_spi: Abort transfer when too many wait states are signaled tpm_tis_spi: Check correct byte for wait state indicator tpm_tis_spi: Remove limitation of transfers to MAX_SPI_FRAMESIZE bytes tpm_tis_spi: Add small delay after last transfer tpm: msleep() delays - replace with usleep_range() in i2c nuvoton driver tpm: add sleep only for retry in i2c_nuvoton_write_status() tpm_crb: check for bad response size ASoC: cs4271: configure reset GPIO as output mlx5: Fix mlx5_ib_map_mr_sg mr length infiniband: call ipv6 route lookup via the stub interface dm btree: fix for dm_btree_find_lowest_key() dm raid: select the Kconfig option CONFIG_MD_RAID0 dm bufio: avoid a possible ABBA deadlock dm bufio: check new buffer allocation watermark every 30 seconds dm mpath: split and rename activate_path() to prepare for its expanded use dm cache metadata: fail operations if fail_io mode has been established dm bufio: make the parameter "retain_bytes" unsigned long dm thin metadata: call precommit before saving the roots dm space map disk: fix some book keeping in the disk space map md: update slab_cache before releasing new stripes when stripes resizing md: MD_CLOSING needs to be cleared after called md_set_readonly or do_md_stop rtlwifi: rtl8821ae: setup 8812ae RFE according to device type mwifiex: MAC randomization should not be persistent mwifiex: pcie: fix cmd_buf use-after-free in remove/reset ima: accept previously set IMA_NEW_FILE KVM: x86: Fix load damaged SSEx MXCSR register KVM: x86: Fix potential preemption when get the current kvmclock timestamp KVM: X86: Fix read out-of-bounds vulnerability in kvm pio emulation x86: fix 32-bit case of __get_user_asm_u64() regulator: rk808: Fix RK818 LDO2 regulator: tps65023: Fix inverted core enable logic. s390/kdump: Add final note s390/cputime: fix incorrect system time ath9k_htc: Add support of AirTies 1eda:2315 AR9271 device ath9k_htc: fix NULL-deref at probe drm/amdgpu: Make display watermark calculations more accurate drm/amdgpu: Avoid overflows/divide-by-zero in latency_watermark calculations. drm/amdgpu: Add missing lb_vblank_lead_lines setup to DCE-6 path. drm/nouveau/therm: remove ineffective workarounds for alarm bugs drm/nouveau/tmr: ack interrupt before processing alarms drm/nouveau/tmr: fix corruption of the pending list when rescheduling an alarm drm/nouveau/tmr: avoid processing completed alarms when adding a new one drm/nouveau/tmr: handle races with hw when updating the next alarm time gpio: omap: return error if requested debounce time is not possible cdc-acm: fix possible invalid access when processing notification ohci-pci: add qemu quirk cxl: Force context lock during EEH flow cxl: Route eeh events to all drivers in cxl_pci_error_detected() proc: Fix unbalanced hard link numbers of: fix sparse warning in of_pci_range_parser_one of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes() of: fdt: add missing allocation-failure check ibmvscsis: Do not send aborted task response iio: dac: ad7303: fix channel description IIO: bmp280-core.c: fix error in humidity calculation IB/hfi1: Return an error on memory allocation failure IB/hfi1: Fix a subcontext memory leak pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes pid_ns: Fix race between setns'ed fork() and zap_pid_ns_processes() USB: serial: ftdi_sio: fix setting latency for unprivileged users USB: serial: ftdi_sio: add Olimex ARM-USB-TINY(H) PIDs USB: chaoskey: fix Alea quirk on big-endian hosts f2fs: check entire encrypted bigname when finding a dentry fscrypt: avoid collisions when presenting long encrypted filenames libnvdimm: fix clear length of nvdimm_forget_poison() xhci: remove GFP_DMA flag from allocation usb: host: xhci-plat: propagate return value of platform_get_irq() xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton usb: host: xhci-mem: allocate zeroed Scratchpad Buffer net: irda: irda-usb: fix firmware name on big-endian hosts usbvision: fix NULL-deref at probe mceusb: fix NULL-deref at probe ttusb2: limit messages to buffer size dvb-usb-dibusb-mc-common: Add MODULE_LICENSE usb: dwc3: gadget: Prevent losing events in event cache usb: musb: tusb6010_omap: Do not reset the other direction's packet size usb: musb: Fix trying to suspend while active for OTG configurations USB: iowarrior: fix info ioctl on big-endian hosts usb: serial: option: add Telit ME910 support USB: serial: qcserial: add more Lenovo EM74xx device IDs USB: serial: mct_u232: fix big-endian baud-rate handling USB: serial: io_ti: fix div-by-zero in set_termios USB: hub: fix SS hub-descriptor handling USB: hub: fix non-SS hub-descriptor handling ipx: call ipxitf_put() in ioctl error path iio: proximity: as3935: fix as3935_write iio: hid-sensor: Store restore poll and hysteresis on S3 s5p-mfc: Fix race between interrupt routine and device functions gspca: konica: add missing endpoint sanity check s5p-mfc: Fix unbalanced call to clock management dib0700: fix NULL-deref at probe zr364xx: enforce minimum size when reading header dvb-frontends/cxd2841er: define symbol_rate_min/max in T/C fe-ops digitv: limit messages to buffer size dw2102: limit messages to buffer size cx231xx-audio: fix init error path cx231xx-audio: fix NULL-deref at probe cx231xx-cards: fix NULL-deref at probe powerpc/mm: Ensure IRQs are off in switch_mm() powerpc/eeh: Avoid use after free in eeh_handle_special_event() powerpc/book3s/mce: Move add_taint() later in virtual mode powerpc/pseries: Fix of_node_put() underflow during DLPAR remove powerpc/iommu: Do not call PageTransHuge() on tail pages powerpc/64e: Fix hang when debugging programs with relocated kernel powerpc/tm: Fix FP and VMX register corruption arm64: KVM: Do not use stack-protector to compile EL2 code arm: KVM: Do not use stack-protector to compile HYP code KVM: arm: plug potential guest hardware debug leakage ARM: 8662/1: module: split core and init PLT sections ARM: 8670/1: V7M: Do not corrupt vector table around v7m_invalidate_l1 call ARM: dts: at91: sama5d3_xplained: fix ADC vref ARM: dts: at91: sama5d3_xplained: not all ADC channels are available ARM: dts: imx6sx-sdb: Remove OPP override arm64: dts: hi6220: Reset the mmc hosts arm64: xchg: hazard against entire exchange variable arm64: ensure extension of smp_store_release value arm64: armv8_deprecated: ensure extension of addr arm64: uaccess: ensure extension of access_ok() addr arm64: documentation: document tagged pointer stack constraints staging: rtl8192e: rtl92e_fill_tx_desc fix write to mapped out memory. staging: rtl8192e: fix 2 byte alignment of register BSSIDR. staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of EPROM_CMD. staging: rtl8192e: GetTs Fix invalid TID 7 warning. iommu/vt-d: Flush the IOTLB to get rid of the initial kdump mappings metag/uaccess: Fix access_ok() metag/uaccess: Check access_ok in strncpy_from_user stackprotector: Increase the per-task stack canary's random range from 32 bits to 64 bits on 64-bit platforms uwb: fix device quirk on big-endian hosts genirq: Fix chained interrupt data ordering nvme: unmap CMB and remove sysfs file in reset path MIPS: Loongson-3: Select MIPS_L1_CACHE_SHIFT_6 osf_wait4(): fix infoleak um: Fix to call read_initrd after init_bootmem tracing/kprobes: Enforce kprobes teardown after testing PCI: hv: Allocate interrupt descriptors with GFP_ATOMIC PCI: hv: Specify CPU_AFFINITY_ALL for MSI affinity when >= 32 CPUs PCI: Fix pci_mmap_fits() for HAVE_PCI_RESOURCE_TO_USER platforms PCI: Fix another sanity check bug in /proc/pci mmap PCI: Only allow WC mmap on prefetchable resources PCI: Freeze PME scan before suspending devices mtd: nand: orion: fix clk handling mtd: nand: omap2: Fix partition creation via cmdline mtdparts mtd: nand: add ooblayout for old hamming layout drm/edid: Add 10 bpc quirk for LGD 764 panel in HP zBook 17 G2 NFSv4: Fix a hang in OPEN related to server reboot NFS: Fix use after free in write error path NFS: Use GFP_NOIO for two allocations in writeback nfsd: fix undefined behavior in nfsd4_layout_verify nfsd: encoders mustn't use unitialized values in error cases drivers: char: mem: Check for address space wraparound with mmap() drm/i915/gvt: Disable access to stolen memory as a guest Linux 4.9.30 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Daniel Micay
|
f157261b55 |
stackprotector: Increase the per-task stack canary's random range from 32 bits to 64 bits on 64-bit platforms
commit 5ea30e4e58040cfd6434c2f33dc3ea76e2c15b05 upstream. The stack canary is an 'unsigned long' and should be fully initialized to random data rather than only 32 bits of random data. Signed-off-by: Daniel Micay <danielmicay@gmail.com> Acked-by: Arjan van de Ven <arjan@linux.intel.com> Acked-by: Rik van Riel <riel@redhat.com> Acked-by: Kees Cook <keescook@chromium.org> Cc: Arjan van Ven <arjan@linux.intel.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: kernel-hardening@lists.openwall.com Link: http://lkml.kernel.org/r/20170504133209.3053-1-danielmicay@gmail.com Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Kirill Tkhai
|
2ea2f891fa |
pid_ns: Fix race between setns'ed fork() and zap_pid_ns_processes()
commit 3fd37226216620c1a468afa999739d5016fbc349 upstream.
Imagine we have a pid namespace and a task from its parent's pid_ns,
which made setns() to the pid namespace. The task is doing fork(),
while the pid namespace's child reaper is dying. We have the race
between them:
Task from parent pid_ns Child reaper
copy_process() ..
alloc_pid() ..
.. zap_pid_ns_processes()
.. disable_pid_allocation()
.. read_lock(&tasklist_lock)
.. iterate over pids in pid_ns
.. kill tasks linked to pids
.. read_unlock(&tasklist_lock)
write_lock_irq(&tasklist_lock); ..
attach_pid(p, PIDTYPE_PID); ..
.. ..
So, just created task p won't receive SIGKILL signal,
and the pid namespace will be in contradictory state.
Only manual kill will help there, but does the userspace
care about this? I suppose, the most users just inject
a task into a pid namespace and wait a SIGCHLD from it.
The patch fixes the problem. It simply checks for
(pid_ns->nr_hashed & PIDNS_HASH_ADDING) in copy_process().
We do it under the tasklist_lock, and can't skip
PIDNS_HASH_ADDING as noted by Oleg:
"zap_pid_ns_processes() does disable_pid_allocation()
and then takes tasklist_lock to kill the whole namespace.
Given that copy_process() checks PIDNS_HASH_ADDING
under write_lock(tasklist) they can't race;
if copy_process() takes this lock first, the new child will
be killed, otherwise copy_process() can't miss
the change in ->nr_hashed."
If allocation is disabled, we just return -ENOMEM
like it's made for such cases in alloc_pid().
v2: Do not move disable_pid_allocation(), do not
introduce a new variable in copy_process() and simplify
the patch as suggested by Oleg Nesterov.
Account the problem with double irq enabling
found by Eric W. Biederman.
Fixes:
|
||
|
Channagoud Kadabi
|
8810e5fa00 |
Merge remote-tracking branch 'origin/tmp-dcb6110' into 4.8
* origin/tmp-dcb6110:
ANDROID: goldfish_sync: 32 max cmds to save stack
ANDROID: sched/walt: use div_u64 instead of do_div
Linux 4.9.9
drm/i915/execlists: Reset RING registers upon resume
fs: break out of iomap_file_buffered_write on fatal signals
iw_cxgb4: set correct FetchBurstMax for QPs
x86/irq: Make irq activate operations symmetric
irqdomain: Avoid activating interrupts more than once
iio: health: max30100: fixed parenthesis around FIFO count check
iio: dht11: Use usleep_range instead of msleep for start signal
iio: health: afe4403: retrieve a valid iio_dev in suspend/resume
iio: health: afe4404: retrieve a valid iio_dev in suspend/resume
iio: adc: palmas_gpadc: retrieve a valid iio_dev in suspend/resume
staging: greybus: timesync: validate platform state callback
USB: serial: option: add device ID for HP lt2523 (Novatel E371)
usb: gadget: f_fs: Assorted buffer overflow checks.
usb: musb: Fix host mode error -71 regression
USB: Add quirk for WORLDE easykey.25 MIDI keyboard
USB: serial: pl2303: add ATEN device ID
USB: serial: qcserial: add Dell DW5570 QDL
KVM: x86: do not save guest-unsupported XSAVE state
dmaengine: cppi41: Fix oops in cppi41_runtime_resume
dmaengine: cppi41: Fix runtime PM timeouts with USB mass storage
perf/x86/intel/uncore: Clean up hotplug conversion fallout
HID: wacom: Fix poor prox handling in 'wacom_pl_irq'
HID: hid-lg: Fix immediate disconnection of Logitech Rumblepad 2
HID: usbhid: Quirk a AMI virtual mouse and keyboard with ALWAYS_POLL
iwlwifi: mvm: avoid crash on restart w/o reserved queues
iwlwifi: fix double hyphen in MODULE_FIRMWARE for 8000
pinctrl: intel: merrifield: Add missed check in mrfld_config_set()
pinctrl: baytrail: Debounce register is one per community
Revert "vring: Force use of DMA API for ARM-based systems with legacy devices"
Revert "bcma: init serial console directly from ChipCommon code"
percpu-refcount: fix reference leak during percpu-atomic transition
regulator: axp20x: AXP806: Fix dcdcb being set instead of dcdce
vhost: fix initialization for vq->is_le
mmc: sdhci: Ignore unexpected CARD_INT interrupts
cgroup: don't online subsystems before cgroup_name/path() are operational
can: bcm: fix hrtimer/tasklet termination in bcm op removal
tracing: Fix hwlat kthread migration
mm, fs: check for fatal signals in do_generic_file_read()
base/memory, hotplug: fix a kernel oops in show_valid_zones()
mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone()
cifs: initialize file_info_lock
zswap: disable changing params if init fails
svcrpc: fix oops in absence of krb5 module
NFSD: Fix a null reference case in find_or_create_lock_stateid()
powerpc/mm: Use the correct pointer when setting a 2MB pte
powerpc: Fix build failure with clang due to BUILD_BUG_ON()
powerpc: Add missing error check to prom_find_boot_cpu()
powerpc/eeh: Fix wrong flag passed to eeh_unfreeze_pe()
libata: Fix ATA request sense
libata: apply MAX_SEC_1024 to all CX1-JB*-HP devices
ata: sata_mv:- Handle return value of devm_ioremap.
perf/core: Fix PERF_RECORD_MMAP2 prot/flags for anonymous memory
perf/core: Fix use-after-free bug
crypto: arm64/aes-blk - honour iv_out requirement in CBC and CTR modes
crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg
drm/nouveau/nv1a,nv1f/disp: fix memory clock rate retrieval
drm/nouveau/disp/gt215: Fix HDA ELD handling (thus, HDMI audio) on gt215
drm/amdgpu/si: fix crash on headless asics
pinctrl: baytrail: Add missing spinlock usage in byt_gpio_irq_handler
HID: cp2112: fix gpio-callback error handling
HID: cp2112: fix sleep-while-atomic
xtensa: fix noMMU build on cores with MMU
efi/fdt: Avoid FDT manipulation after ExitBootServices()
x86/efi: Always map the first physical page into the EFI pagetables
ext4: validate s_first_meta_bg at mount time
PCI/ASPM: Handle PCI-to-PCIe bridges as roots of PCIe hierarchies
ANDROID: sched: Add Kconfig option DEFAULT_USE_ENERGY_AWARE to set ENERGY_AWARE feature flag
ANDROID: goldfish_sync: Fix sync_file_obj is NULL but dereferenced problem
ANDROID: goldfish_sync: Isolate single module to fix compilation
ANDROID: goldfish_sync: update defconfig for 4.9-compatible version
ANDROID: goldfish_sync: upgrade to new fence sync api
Linux 4.9.8
xfs: fix bmv_count confusion w/ shared extents
xfs: clear _XBF_PAGES from buffers when readahead page
xfs: extsize hints are not unlikely in xfs_bmap_btalloc
xfs: remove racy hasattr check from attr ops
xfs: verify dirblocklog correctly
xfs: fix COW writeback race
xfs: fix xfs_mode_to_ftype() prototype
xfs: don't wrap ID in xfs_dq_get_next_id
xfs: sanity check inode di_mode
xfs: sanity check inode mode when creating new dentry
xfs: replace xfs_mode_to_ftype table with switch statement
xfs: add missing include dependencies to xfs_dir2.h
xfs: sanity check directory inode di_size
xfs: make the ASSERT() condition likely
xfs: don't print warnings when xfs_log_force fails
xfs: don't rely on ->total in xfs_alloc_space_available
xfs: adjust allocation length in xfs_alloc_space_available
xfs: fix bogus minleft manipulations
xfs: bump up reserved blocks in xfs_alloc_set_aside
net: dsa: Bring back device detaching in dsa_slave_suspend()
lwtunnel: Fix oops on state free after encap module unload
net: Specify the owning module for lwtunnel ops
qmi_wwan/cdc_ether: add device ID for HP lt2523 (Novatel E371) WWAN card
af_unix: move unix_mknod() out of bindlock
r8152: don't execute runtime suspend if the tx is not empty
net: mpls: Fix multipath selection for LSR use case
bridge: netlink: call br_changelink() during br_dev_newlink()
net/mlx5e: Do not recycle pages from emergency reserve
tcp: initialize max window for a new fastopen socket
ipv6: addrconf: Avoid addrconf_disable_change() using RCU read-side lock
lwtunnel: fix autoload of lwt modules
net: phy: bcm63xx: Utilize correct config_intr function
net: fix harmonize_features() vs NETIF_F_HIGHDMA
vxlan: fix byte order of vxlan-gpe port number
virtio-net: restore VIRTIO_HDR_F_DATA_VALID on receiving
virtio: don't set VIRTIO_NET_HDR_F_DATA_VALID on xmit
net sched actions: fix refcnt when GETing of action after bind
ax25: Fix segfault after sock connection timeout
ip6_tunnel: Account for tunnel header in tunnel MTU
ravb: do not use zero-length alignment DMA descriptor
mlx4: do not call napi_schedule() without care
openvswitch: maintain correct checksum state in conntrack actions
tcp: fix tcp_fastopen unaligned access complaints on sparc
net: systemport: Decouple flow control from __bcm_sysport_tx_reclaim
net: ipv4: fix table id in getroute response
net: lwtunnel: Handle lwtunnel_fill_encap failure
mlxsw: pci: Fix EQE structure definition
mlxsw: switchx2: Fix memory leak at skb reallocation
mlxsw: spectrum: Fix memory leak at skb reallocation
netvsc: add rcu_read locking to netvsc callback
r8152: fix the sw rx checksum is unavailable
FROMLIST: 9p: fix a potential acl leak
ANDROID: sched/walt: use do_div instead of division operator
ANDROID: sched: fix wrong truncation of walt_avg
ANDROID: arm: Fix #if/#ifdef typo in topology.c
ANDROID: arm: Fix build error "conflicting types for 'scale_cpu_capacity'"
ANDROID: net: ipv6: remove unused variable ifindex in
ANDROID: DEBUG: cpufreq: fix cpu_capacity tracing build for non-smp systems
ANDROID: arm: topology: Define TC2 energy and provide it to the scheduler
ANDROID: binder: fix format specifier for type binder_size_t
Linux 4.9.7
drm/i915: Remove WaDisableLSQCROPERFforOCL KBL workaround.
perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race
mm, memcg: do not retry precharge charges
platform/x86: intel_mid_powerbtn: Set IRQ_ONESHOT
platform/x86: mlx-platform: free first dev on error
virtio_mmio: Set DMA masks appropriately
memory_hotplug: make zone_can_shift() return a boolean value
pinctrl: baytrail: Rectify debounce support
pinctrl: uniphier: fix Ethernet (RMII) pin-mux setting for LD20
pinctrl: broxton: Use correct PADCFGLOCK offset
s5k4ecgx: select CRC32 helper
IB/rxe: Prevent from completer to operate on non valid QP
IB/rxe: Fix rxe dev insertion to rxe_dev_list
IB/umem: Release pid in error and ODP flow
drm/i915: Check for NULL atomic state in intel_crtc_disable_noatomic()
drm/i915: Fix calculation of rotated x and y offsets for planar formats
drm/i915: Don't init hpd polling for vlv and chv from runtime_suspend()
drm/i915: Don't leak edid in intel_crt_detect_ddc()
drm/i915: prevent crash with .disable_display parameter
drm/i915: Clear ret before unbinding in i915_gem_evict_something()
v4l: tvp5150: Don't override output pinmuxing at stream on/off time
v4l: tvp5150: Fix comment regarding output pin muxing
v4l: tvp5150: Reset device at probe time, not in get/set format handlers
pctv452e: move buffer to heap, no mutex
iw_cxgb4: free EQ queue memory on last deref
SUNRPC: cleanup ida information when removing sunrpc module
NFSv4.0: always send mode in SETATTR after EXCLUSIVE4
NFSv4.1: Fix a deadlock in layoutget
nfs: Don't increment lock sequence ID after NFS4ERR_MOVED
parisc: Don't use BITS_PER_LONG in userspace-exported swab.h header
ARC: [arcompact] handle unaligned access delay slot corner case
ARC: udelay: fix inline assembler by adding LP_COUNT to clobber list
can: ti_hecc: add missing prepare and unprepare of the clock
can: c_can_pci: fix null-pointer-deref in c_can_start() - set device pointer
IB/srp: fix invalid indirect_sg_entries parameter value
IB/srp: fix mr allocation when the device supports sg gaps
IB/iser: Fix sg_tablesize calculation
IB/cxgb3: fix misspelling in header guard
s390/ptrace: Preserve previous registers for short regset write
s390/mm: Fix cmma unused transfer from pgste into pte
RDMA/cma: Fix unknown symbol when CONFIG_IPV6 is not enabled
Btrfs: remove ->{get, set}_acl() from btrfs_dir_ro_inode_operations
Btrfs: disable xattr operations on subvolume directories
Btrfs: remove old tree_root case in btrfs_read_locked_inode()
ISDN: eicon: silence misleading array-bounds warning
xfs: prevent quotacheck from overloading inode lru
sysctl: fix proc_doulongvec_ms_jiffies_minmax()
userns: Make ucounts lock irq-safe
vring: Force use of DMA API for ARM-based systems with legacy devices
mm, page_alloc: fix premature OOM when racing with cpuset mems update
mm, page_alloc: move cpuset seqcount checking to slowpath
mm, page_alloc: fix fast-path race with cpuset update or removal
mm, page_alloc: fix check for NULL preferred_zone
mm/mempolicy.c: do not put mempolicy before using its nodemask
mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp
drm/atomic: clear out fence when duplicating state
Revert "drm/radeon: always apply pci shutdown callbacks"
drm/vc4: fix a bounds check
drm/vc4: Return -EINVAL on the overflow checks failing.
drm/vc4: Fix an integer overflow in temporary allocation layout.
drm/vc4: Fix memory leak of the CRTC state.
drm/i915: Ignore bogus plane coordinates on SKL when the plane is not visible
drm: Fix broken VT switch with video=1366x768 option
drm: Schedule the output_poll_work with 1s delay if we have delayed event
tile/ptrace: Preserve previous registers for short regset write
fbdev: color map copying bounds checking
ANDROID: sched/walt: Drop arch-specific timer access
ANDROID: sched/walt: include missing header for arm_timer_read_counter()
ANDROID: fs: Export vfs_rmdir2
ANDROID: fs: Export free_fs_struct and set_fs_pwd
ANDROID: cpufreq: interactive: Use idle-end notifiers
FROMLIST: cpufreq: Add android's 'interactive' governor
ANDROID: cpufreq: conservative: fix duplicate 'static' error
ANDROID: sdcardfs: eliminate the offset argument to ->direct_IO
ANDROID: sdcardfs: make it use new .rename i_op
ANDROID: sdcardfs: Propagate dentry down to inode_change_ok()
ANDROID: sdcardfs: get rid of 'parent' argument of ->d_compare()
ANDROID: sdcardfs: add parent pointer into dentry name hash
ANDROID: sdcardfs: use wrappers to access i_mutex
ANDROID: mnt: remount should propagate to slaves of slaves
ANDROID: sdcardfs: Fix locking issue with permision fix up
ANDROID: sdcardfs: Switch ->d_inode to d_inode()
ANDROID: sdcardfs: Change magic value
ANDROID: sdcardfs: Use per mount permissions
ANDROID: sdcardfs: Add gid and mask to private mount data
ANDROID: sdcardfs: User new permission2 functions
ANDROID: vfs: Add permission2 for filesystems with per mount permissions
ANDROID: vfs: Add setattr2 for filesystems with per mount permissions
ANDROID: vfs: Allow filesystems to access their private mount data
ANDROID: mnt: Add filesystem private data to mount points
ANDROID: sdcardfs: Move directory unlock before touch
ANDROID: sdcardfs: fix external storage exporting incorrect uid
ANDROID: sdcardfs: Added top to sdcardfs_inode_info
ANDROID: sdcardfs: Switch package list to RCU
ANDROID: sdcardfs: Fix locking for permission fix up
ANDROID: sdcardfs: Check for other cases on path lookup
ANDROID: sdcardfs: override umask on mkdir and create
ANDROID: sched/debug: Add energy procfs interface
ANDROID: cpufreq: sched: Fix kernel crash on accessing sysfs file
ANDROID: FIXUP: sched/tune: add fixes missing from a previous patch
ANDROID: sched: tune: Fix lacking spinlock initialization
ANDROID: cgroup: Remove leftover instances of allow_attach
ANDROID: FIXUP: sched: scheduler-driven cpu frequency selection
ANDROID: sched/rt: Add Kconfig option to enable panicking for RT throttling
ANDROID: sched/rt: print RT tasks when RT throttling is activated
ANDROID: sched/fair: Favor higher cpus only for boosted tasks
ANDROID: sched/fair: call OPP update when going idle after migration
ANDROID: sched/cpufreq_sched: fix thermal capping events
ANDROID: sched/fair: Picking cpus with low OPPs for tasks that prefer idle CPUs
ANDROID: FIXUP: sched/tune: do initialization as a postcore_initicall
ANDROID: DEBUG: sched: add tracepoint for RD overutilized
ANDROID: sched/tune: Introducing a new schedtune attribute prefer_idle
ANDROID: sched: use util instead of capacity to select busy cpu
ANDROID: arch_timer: add error handling when the MPM global timer is cleared
ANDROID: FIXUP: sched: Fix double-release of spinlock in move_queued_task
ANDROID: FIXUP: sched/fair: Fix hang during suspend in sched_group_energy
ANDROID: FIXUP: sched: fix SchedFreq integration for both PELT and WALT
ANDROID: sched: EAS: Avoid causing spikes to max-freq unnecessarily
ANDROID: FIXUP: sched: fix set_cfs_cpu_capacity when WALT is in use
ANDROID: sched/walt: Accounting for number of irqs pending on each core
ANDROID: sched: Introduce Window Assisted Load Tracking (WALT)
ANDROID: sched/tune: fix PB and PC cuts indexes definition
ANDROID: sched/fair: optimize idle cpu selection for boosted tasks
ANDROID: FIXUP: sched/tune: fix accounting for runnable tasks
ANDROID: sched/tune: use a single initialisation function
ANDROID: FIXUP: sched/tune: fix payoff calculation for boost region
ANDROID: sched/tune: Add support for negative boost values
ANDROID: FIX: sched/tune: move schedtune_nornalize_energy into fair.c
ANDROID: FIX: sched/tune: update usage of boosted task utilisation on CPU selection
ANDROID: sched/fair: add tunable to set initial task load
ANDROID: sched/fair: add tunable to force selection at cpu granularity
ANDROID: sched: EAS: take cstate into account when selecting idle core
ANDROID: sched/cpufreq_sched: Consolidated update
ANDROID: FIXUP: sched: fix build for non-SMP target
ANDROID: DEBUG: sched/tune: add tracepoint on P-E space filtering
ANDROID: DEBUG: sched/tune: add tracepoint for energy_diff() values
ANDROID: DEBUG: sched/tune: add tracepoint for task boost signal
CHROMIUM: sched: update the average of nr_running
ANDROID: DEBUG: schedtune: add tracepoint for schedtune_tasks_update() values
ANDROID: DEBUG: schedtune: add tracepoint for CPU boost signal
ANDROID: DEBUG: schedtune: add tracepoint for SchedTune configuration update
ANDROID: DEBUG: sched,cpufreq: add cpu_capacity change tracepoint
ANDROID: DEBUG: sched: add tracepoint for CPU load/util signals
ANDROID: DEBUG: sched: add tracepoint for task load/util signals
ANDROID: DEBUG: sched: add tracepoint for cpu/freq scale invariance
ANDROID: sched/fair: filter energy_diff() based on energy_payoff value
ANDROID: sched/tune: add support to compute normalized energy
ANDROID: sched/fair: keep track of energy/capacity variations
ANDROID: sched/fair: add boosted task utilization
ANDROID: sched/{fair,tune}: track RUNNABLE tasks impact on per CPU boost value
ANDROID: sched/tune: compute and keep track of per CPU boost value
ANDROID: sched/tune: add initial support for CGroups based boosting
ANDROID: sched/fair: add boosted CPU usage
ANDROID: sched/fair: add function to convert boost value into "margin"
ANDROID: sched/tune: add sysctl interface to define a boost value
ANDROID: sched/tune: add detailed documentation
ANDROID: fixup! sched: scheduler-driven cpu frequency selection
ANDROID: sched: remove call of sched_avg_update from sched_rt_avg_update
ANDROID: sched/cpufreq_sched: add trace events
ANDROID: sched/fair: jump to max OPP when crossing UP threshold
ANDROID: sched/fair: cpufreq_sched triggers for load balancing
ANDROID: sched/{core,fair}: trigger OPP change request on fork()
ANDROID: sched/fair: add triggers for OPP change requests
ANDROID: sched: scheduler-driven cpu frequency selection
ANDROID: cpufreq: introduce cpufreq_driver_is_slow
ANDROID: sched: Add group_misfit_task load-balance type
ANDROID: sched: Add per-cpu max capacity to sched_group_capacity
ANDROID: sched: Do eas idle balance regardless of the rq avg idle value
ANDROID: arm64: Enable max freq invariant scheduler load-tracking and capacity support
ANDROID: arm: Enable max freq invariant scheduler load-tracking and capacity support
ANDROID: sched: Update max cpu capacity in case of max frequency constraints
ANDROID: cpufreq: Max freq invariant scheduler load-tracking and cpu capacity support
ANDROID: sched: Disable energy-unfriendly nohz kicks
ANDROID: sched: Consider a not over-utilized energy-aware system as balanced
ANDROID: sched: Energy-aware wake-up task placement
ANDROID: sched: Determine the current sched_group idle-state
ANDROID: sched, cpuidle: Track cpuidle state index in the scheduler
ANDROID: sched: Add over-utilization/tipping point indicator
ANDROID: sched: Estimate energy impact of scheduling decisions
ANDROID: sched: Extend sched_group_energy to test load-balancing decisions
ANDROID: sched: Calculate energy consumption of sched_group
ANDROID: sched: Highest energy aware balancing sched_domain level pointer
ANDROID: sched: Relocated cpu_util() and change return type
ANDROID: sched: Compute cpu capacity available at current frequency
ANDROID: sched: Support for extracting EAS energy costs from DT
ANDROID: arm64, topology: Updates to use DT bindings for EAS costing data
ANDROID: arm64: Cpu invariant scheduler load-tracking and capacity support
ANDROID: arm: Cpu invariant scheduler load-tracking and capacity support
ANDROID: sched: Introduce SD_SHARE_CAP_STATES sched_domain flag
ANDROID: sched: Initialize energy data structures
ANDROID: sched: Make energy awareness a sched feature
ANDROID: sched: Documentation for scheduler energy cost model
ANDROID: sched: Prevent unnecessary active balance of single task in sched group
ANDROID: sched: Enable idle balance to pull single task towards cpu with higher capacity
ANDROID: sched: Consider spare cpu capacity at task wake-up
ANDROID: sched: Add cpu capacity awareness to wakeup balancing
ANDROID: arm: Update arch_scale_cpu_capacity() to reflect change to define
ANDROID: arm64: Enable frequency invariant scheduler load-tracking support
ANDROID: arm: Enable frequency invariant scheduler load-tracking support
ANDROID: cpufreq: Frequency invariant scheduler load-tracking support
ANDROID: [CPUFREQ] Don't export governors for default governor
ANDROID: kernel/configs: recommended: CONFIG_ARM64_SW_TTBR0_PAN=y
ANDROID: kernel/configs: base: Enable QUOTA related configs
ANDROID: kernel/configs: recommended: Enable MEMORY_STATE_TIME
FROMLIST: config: android-base: enable hardened usercopy and kernel ASLR
FROMLIST: config: android-recommended: disable aio support
ANDROID: kernel/configs: recommended: enable fstack-protector-strong
ANDROID: kernel/configs: base: enable UID_CPUTIME
ANDROID: kernel/configs: base: restrict access to perf events
ANDROID: configs: base: enable configfs gadget functions
ANDROID: configs: merge AOSP config fragments
ANDROID: Implement memory_state_time, used by qcom,cpubw
ANDROID: dm: rebase for 4.9
ANDROID: usb: otg-wakelock: Remove wakelock.h dependencies
ANDROID: gpio_matrix: Remove wakelock.h dependencies
ANDROID: fiq_debugger: Remove wakelock.h dependencies
UPSTREAM: net: socket: don't set sk_uid to garbage value in ->setattr()
ANDROID: trace: net: use %pK for kernel pointers
UPSTREAM: net: ipv4: Don't crash if passing a null sk to ip_rt_update_pmtu.
UPSTREAM: net: inet: Support UID-based routing in IP protocols.
UPSTREAM: net: core: add UID to flows, rules, and routes
UPSTREAM: net: core: Add a UID field to struct sock.
ANDROID: fs: FS tracepoints to track IO.
ANDROID: MMC/UFS IO Latency Histograms.
CHROMIUM: fix warning when releasing active sync point
ANDROID: goldfish_pipe: fix allmodconfig build
ANDROID: goldfish: goldfish_pipe: fix locking errors
ANDROID: goldfish_pipe: fix call_kern.cocci warnings
ANDROID: goldfish_pipe: An implementation of more parallel pipe
ANDROID: goldfish_pipe: bugfixes and performance improvements.
ANDROID: goldfish: disable GOLDFISH_SYNC
ANDROID: goldfish: enable CONFIG_INET_DIAG_DESTROY
ANDROID: build: fix build config kernel_dir
ANDROID: dm verity: add minimum prefetch size
ANDROID: build: add build server configs for goldfish
UPSTREAM: trace: Update documentation for mono, mono_raw and boot clock
UPSTREAM: trace: Add an option for boot clock as trace clock
UPSTREAM: timekeeping: Add a fast and NMI safe boot clock
ANDROID: video: goldfishfb: fix platform_no_drv_owner.cocci warnings
ANDROID: arm64: rename ranchu defconfig to ranchu64
ANDROID: arch: x86: disable pic for Android toolchain
ANDROID: goldfish: Add goldfish sync driver
ANDROID: goldfish: add ranchu defconfigs
ANDROID: goldfish_audio: Clear audio read buffer status after each read
ANDROID: goldfish_events: no extra EV_SYN; register goldfish
ANDROID: goldfish_fb: Set pixclock = 0
ANDROID: goldfish: Enable ACPI-based enumeration for goldfish audio
ANDROID: goldfish: Enable ACPI-based enumeration for goldfish framebuffer
ANDROID: video: goldfishfb: add devicetree bindings
ANDROID: usb: gadget: function: cleanup: Add blank line after declaration
ANDROID: usb: gadget: f_mtp: simplify ptp NULL pointer check
ANDROID: usb: gadget: audio_source: fix comparison of distinct pointer types
ANDROID: binder: support for file-descriptor arrays.
ANDROID: binder: support for scatter-gather.
ANDROID: binder: add extra size to allocator.
ANDROID: binder: refactor binder_transact()
ANDROID: binder: support multiple /dev instances.
ANDROID: binder: deal with contexts in debugfs.
ANDROID: binder: support multiple context managers.
ANDROID: binder: split flat_binder_object.
ANDROID: [RFC]cgroup: Change from CAP_SYS_NICE to CAP_SYS_RESOURCE for cgroup migration permissions
CHROMIUM: cgroups: relax permissions on moving tasks between cgroups
ANDROID: dm: android-verity: Remove fec_header location constraint
ANDROID: fiq_debugger: Pass task parameter to unwind_frame()
ANDROID: input: keyreset: switch to orderly_reboot
ANDROID: cpuset: Make cpusets restore on hotplug
ANDROID: Don't show empty tag stats for unprivileged uids
ANDROID: dm: android-verity: Allow android-verity to be compiled as an independent module
ANDROID: dm-verity: adopt changes made to dm callbacks
ANDROID: dm verity fec: pack the fec_header structure
ANDROID: dm: android-verity: Verify header before fetching table
ANDROID: dm: allow adb disable-verity only in userdebug
ANDROID: dm: mount as linear target if eng build
ANDROID: dm: use default verity public key
ANDROID: dm: fix signature verification flag
ANDROID: dm: use name_to_dev_t
ANDROID: dm: rename dm-linear methods for dm-android-verity
ANDROID: dm: Minor cleanup
ANDROID: dm: Mounting root as linear device when verity disabled
ANDROID: dm-android-verity: Rebase on top of 4.1
ANDROID: dm: Add android verity target
ANDROID: dm: fix dm_substitute_devices()
ANDROID: dm: Rebase on top of 4.9
CHROMIUM: dm: boot time specification of dm=
ANDROID: usb: gadget: f_accessory: remove duplicate endpoint alloc
ANDROID: sdcardfs: fix itnull.cocci warnings
ANDROID: sdcardfs: Truncate packages_gid.list on overflow
ANDROID: netfilter: xt_quota2: make quota2_log work well
ANDROID: cpu: send KOBJ_ONLINE event when enabling cpus
ANDROID: dm verity fec: initialize recursion level
ANDROID: dm verity fec: add missing release from fec_ktype
ANDROID: dm verity fec: limit error correction recursion
FROMLIST: security,perf: Allow further restriction of perf_event_open
ANDROID: ARM64: Ignore Image-dtb from git point of view
ANDROID: arm64: add option to build Image-dtb
ANDROID: usb: gadget: f_midi: set fi->f to NULL when free f_midi function
ANDROID: xt_qtaguid: Fix panic caused by processing non-full socket.
ANDROID: fiq_debugger: Add fiq_debugger.disable option
FROMLIST: wlcore: Disable filtering in AP role
ANDROID: fiq_debugger: Add option to apply uart overlay by FIQ_DEBUGGER_UART_OVERLAY
ANDROID: usb: dual-role: make stub functions inline
ANDROID: quick selinux support for tracefs
ANDROID: xt_qtaguid: Fix panic caused by synack processing
ANDROID: fuse: Add support for d_canonical_path
ANDROID: vfs: change d_canonical_path to take two paths
ANDROID: netfilter: xt_qtaguid: seq_printf fixes
ANDROID: mmc: Add CONFIG_MMC_SIMULATE_MAX_SPEED
ANDROID: dm verity fec: add sysfs attribute fec/corrected
ANDROID: mm: Export do_munmap
ANDROID: sdcardfs: remove unneeded __init and __exit
ANDROID: sdcardfs: Remove unused code
ANDROID: fs: Export d_absolute_path
ANDROID: sdcardfs: remove effectless config option
ANDROID: inotify: Fix erroneous update of bit count
ANDROID: fs: sdcardfs: Declare LOOKUP_CASE_INSENSITIVE unconditionally
ANDROID: trace: cpufreq: fix typo in min/max cpufreq
ANDROID: sdcardfs: Add support for d_canonical_path
ANDROID: vfs: add d_canonical_path for stacked filesystem support
ANDROID: sdcardfs: Bring up to date with Android M permissions:
ANDROID: Changed type-casting in packagelist management
ANDROID: Port of sdcardfs to 4.4
ANDROID: Included sdcardfs source code for kernel 3.0
ANDROID: usb: gadget: Add support for MTP OS desc
CHROMIUM: usb: gadget: f_accessory: add .raw_request callback
CHROMIUM: usb: gadget: audio_source: add .free_func callback
CHROMIUM: usb: gadget: f_mtp: fix usb_ss_ep_comp_descriptor
CHROMIUM: usb: gadget: f_mtp: Add SuperSpeed support
ANDROID: dm-crypt: run in a WQ_HIGHPRI workqueue
ANDROID: power: Provide dummy log_suspend_abort_reason() if SUSPEND is disabled
ANDROID: PM / suspend: Add dependency on RTC_LIB
ANDROID: net: pppolac/pppopns: Replace msg.msg_iov with iov_iter_kvec()
ANDROID: mmc: sdio: Disable retuning in sdio_reset_comm()
ANDROID: kernel/watchdog: fix unused variable warning
ANDROID: usb: gadget: f_mtp: don't use le16 for u8 field
ANDROID: lowmemorykiller: fix declaration order warnings
ANDROID: mmc: move to a SCHED_FIFO thread
ANDROID: skip building drivers as modules
ANDROID: wakeup: Add the guard condition for len in pm_get_active_wakeup_sources
ANDROID: goldfish: pipe: fix platform_no_drv_owner.cocci warnings
ANDROID: epoll: use freezable blocking call
ANDROID: Fix for in kernel emergency remount when loop mounts are used
ANDROID: kbuild: Makefile.clean: make Kbuild and Makefile optional
ANDROID: kbuild: make it possible to specify the module output dir
ANDROID: ext4: Add support for FIDTRIM, a best-effort ioctl for deep discard trim
ANDROID: hardlockup: detect hard lockups without NMIs using secondary cpus
ANDROID: rtc-palmas: correct for bcd year
ANDROID: w1: ds2482: Manage SLPZ pin sleep state
ANDROID: fuse: Freeze client on suspend when request sent to userspace
ANDROID: serial_core: Add wake_peer uart operation
ANDROID: mm: add a field to store names for private anonymous memory
ANDROID: pstore/ram: Add ramoops_console_write_buf api
ANDROID: pstore: Update Documentation/android.txt
ANDROID: initramfs: Add skip_initramfs command line option
ANDROID: of: Fix build warnings
ANDROID: of: fix CONFIG_CMDLINE_EXTEND
ANDROID: ARM64: copy CONFIG_CMDLINE_EXTEND from ARM
ANDROID: of: Support CONFIG_CMDLINE_EXTEND config option
ANDROID: ARM: decompressor: Flush tlb before swiching domain 0 to client mode
ANDROID: ARM64: add option to build Image.gz/dtb combo
ANDROID: ARM: convert build of appended dtb zImage to list of dtbs
ANDROID: ARM: add config option to build zImage/dtb combo
ANDROID: ARM: Fix dtb list when DTB_IMAGE_NAMES is empty
ANDROID: arm64: pass return address to dma_common_contiguous_remap
ANDROID: arch: arm64: force -fno-pic
ANDROID: arm64: process: dump memory around registers when displaying regs
ANDROID: arm64: check for upper PAGE_SHIFT bits in pfn_valid()
ANDROID: ARM: fault: assume no context when IRQs are disabled during data abort.
ANDROID: ARM: Fix "Make low-level printk work" to use a separate config option
ANDROID: ARM: add option to flush console before reboot
ANDROID: ARM: Make low-level printk work
ANDROID: Optionally flush entire dcache from v6_dma_flush_range
ANDROID: process: Add display of memory around registers when displaying regs.
ANDROID: security: Add proper checks for Android specific capability checks
ANDROID: uid_cputime: skip power reporting per uid for now
ANDROID: uid_cputime: Check for the range while removing range of UIDs.
ANDROID: uid_cputime: Iterates over all the threads instead of processes.
ANDROID: uid_cputime: fix cputime overflow
ANDROID: uid_cputime: Avoids double accounting of process stime, utime and cpu_power in task exit.
ANDROID: uid_cputime: Extends the cputime functionality to report power per uid
ANDROID: proc: uid_cputime: fix show_uid_stat permission
ANDROID: proc: uid_cputime: create uids from kuids
ANDROID: proc: uid: Adds accounting for the cputimes per uid.
ANDROID: fixup! proc: make oom adjustment files user read-only
ANDROID: proc: make oom adjustment files user read-only
ANDROID: proc: smaps: Allow smaps access for CAP_SYS_RESOURCE
ANDROID: wakeup_reason: use vsnprintf instead of snsprintf for vargs.
ANDROID: power: wakeup_reason: fix suspend time reporting
ANDROID: wakeup: Add last wake up source logging for suspend abort reason.
ANDROID: Power: Report suspend times from last_suspend_time
ANDROID: Make suspend abort reason logging depend on CONFIG_PM_SLEEP
ANDROID: power: Add check_wakeup_reason() to verify wakeup source irq
ANDROID: power: Adds functionality to log the last suspend abort reason.
ANDROID: power: Avoids bogus error messages for the suspend aborts.
ANDROID: power: Add property CHARGE_COUNTER_EXT and 64-bit precision properties
ANDROID: Power: Changes the permission to read only for sysfs file /sys/kernel/wakeup_reasons/last_resume_reason
ANDROID: power: wakeup_reason: rename irq_count to irqcount
ANDROID: Power: Add guard condition for maximum wakeup reasons
ANDROID: POWER: fix compile warnings in log_wakeup_reason
ANDROID: Power: add an API to log wakeup reasons
ANDROID: PM / Suspend: Print wall time at suspend entry and exit
ANDROID: power: power_supply: add POWER_SUPPLY_PROP_CHARGE_ENABLED
ANDROID: power: power_supply: add POWER_SUPPLY_PROP_USB_OTG
ANDROID: power: power_supply: move POWER_SUPPLY_PROP_USB_HC to type 'int' order
ANDROID: power_supply: Add custom property for USB High Current mode
ANDROID: trace: power: add trace_clock_set_parent
ANDROID: trace: cpufreq: Add tracing for min/max cpufreq
ANDROID: trace: fix compilation for 4.1
ANDROID: trace/events: fix gpu event timestamp formatting
ANDROID: trace: add non-hierarchical function_graph option
ANDROID: trace: Add an option to show tgids in trace output
ANDROID: trace/events: add gpu trace events
ANDROID: sync: add Documentation/sync.txt
ANDROID: ARM: Call idle notifiers
ANDROID: Move x86_64 idle notifiers to generic
ANDROID: cpuidle: governor: menu: don't use loadavg
ANDROID: sched: add sched blocked tracepoint which dumps out context of sleep.
ANDROID: sched: Enable might_sleep before initializing drivers.
ANDROID: fiq_debugger: Build fixes for 4.1
ANDROID: fiq_debugger: Add fiq_watchdog_triggered api
ANDROID: fiq_debugger: Call fiq_debugger_printf through a function pointer from cpu specific code
ANDROID: fiq_debugger: add ARM64 support
ANDROID: fiq_debugger: split arm support into fiq_debugger_arm.c
ANDROID: fiq_debugger: use pt_regs for registers
ANDROID: fiq_debugger: allow compiling without CONFIG_FIQ_GLUE
ANDROID: fiq_debugger: rename debug->fiq_debugger
ANDROID: fiq_debugger: move into drivers/staging/android/fiq_debugger/
ANDROID: ARM: fiq_glue: Add custom fiq return handler api.
ANDROID: ARM: kgdb: ignore breakpoint instructions from user mode
ANDROID: ARM: fiq_debugger: Update tty code for 3.9
ANDROID: ARM: fiq_debugger: Use kmsg_dumper to dump kernel logs
ANDROID: ARM: fiq_debugger: Fix to compile on 3.7
ANDROID: ARM: fiq_debugger: fix uninitialised spin_lock.
ANDROID: ARM: fiq_debugger: lock between tty and console writes
ANDROID: ARM: fiq_debugger: add process context reboot command
ANDROID: ARM: fiq_debugger: fix multiple consoles and make it a preferred console
ANDROID: kdb: support new lines without carriage returns
ANDROID: ARM: fiq_debugger: add support for kgdb
ANDROID: ARM: fiq_debugger: add debug_putc
ANDROID: ARM: fiq_debugger: add support for reboot commands
ANDROID: ARM: fiq_debugger: fix compiling for v3.3
ANDROID: ARM: Add generic fiq serial debugger
ANDROID: ARM: Add fiq_glue
ANDROID: fix false disconnect due to a signal sent to the reading process
ANDROID: usb: gadget: cleanup: fix unused variable and function warnings
ANDROID: usb: gadget: build audio_source function only if SND is enabled
ANDROID: usb: gadget: configfs: handle gadget reset request for android
ANDROID: usb: gadget: create F_midi device
ANDROID: usb: gadget: Add device attribute to determine gadget state
ANDROID: usb: phy: fix dual role sysfs build if kernel modules are supported
ANDROID: usb: phy: Dual role sysfs class definition
ANDROID: usb: gadget: fix NULL ptr derefer while symlinking PTP func
ANDROID: usb:gadget:Add "state" attribute to android_device
ANDROID: usb: gadget: Do not disconnect unregistered dev
ANDROID: usb: gadget: Relocate f_accessory
ANDROID: usb: gadget: Accessory:Migrate to USB_FUNCTION API
ANDROID: usb: gadget: Move gadget functions code
ANDROID: usb:gadget:audio_source: Move to USB_FUNCTION API
ANDROID: usb: gadget: Add function devices to the parent
ANDROID: usb: gadget: f_audio_source:replace deprecated API
ANDROID: usb: gadget: check for accessory device before disconnecting HIDs
ANDROID: usb: gadget: Add Uevent to notify userspace
ANDROID: usb: gadget: configfs: Add usb_function ptr to fi struct
ANDROID: usb: gadget: mtp/ptp: Migrate functions to the USB_FUNCTION interface
Linux 4.9.6
libceph: stop allocating a new cipher on every crypto request
libceph: uninline ceph_crypto_key_destroy()
tools/virtio/ringtest: fix run-on-all.sh for offline cpus
selftest/powerpc: Wrong PMC initialized in pmc56_overflow test
soc: ti: wkup_m3_ipc: Fix error return code in wkup_m3_ipc_probe()
spi: pxa2xx: add missed break
dmaengine: pl330: Fix runtime PM support for terminated transfers
dmaengine: rcar-dmac: unmap slave resource when channel is freed
s5p-mfc: Fix clock management in s5p_mfc_release() function
s5p-cec: mark PM functions as __maybe_unused again
st-hva: fix some error handling in hva_hw_probe()
ite-cir: initialize use_demodulator before using it
gs1662: drop kfree for memory allocated with devm_kzalloc
platform: pxa_camera: add VIDEO_V4L2 dependency
blackfin: check devm_pinctrl_get() for errors
rpmsg: virtio_rpmsg_bus: fix channel creation
mtd: spi-nor: Fix some error codes in cqspi_setup_flash()
mtd: spi-nor: Off by one in cqspi_setup_flash()
PM / devfreq: Fix the bug of devfreq_add_device when governor is NULL
PM / devfreq: exynos-bus: Fix the wrong return value
scsi: mpt3sas: fix hang on ata passthrough commands
scsi: ses: Fix SAS device detection in enclosure
swiotlb: Add swiotlb=noforce debug option
swiotlb: Convert swiotlb_force from int to enum
arm64: Fix swiotlb fallback allocation
arm64: mm: avoid name clash in __page_to_voff()
xprtrdma: Squelch "max send, max recv" messages at connect time
xprtrdma: Make FRWR send queue entry accounting more accurate
libceph: make sure ceph_aes_crypt() IV is aligned
ceph: fix endianness bug in frag_tree_split_cmp
ceph: fix endianness of getattr mask in ceph_d_revalidate
ceph: fix ceph_get_caps() interruption
ceph: fix scheduler warning due to nested blocking
ARM: 8613/1: Fix the uaccess crash on PB11MPCore
ARM: ux500: fix prcmu_is_cpu_in_wfi() calculation
ARM: dts: omap3: Fix Card Detect and Write Protect on Logic PD SOM-LV
ARM: dts: imx6qdl-nitrogen6_max: fix sgtl5000 pinctrl init
ARM: dts: omap2: Add an empty chosen node to top level DTSI
ARM: dts: omap3: Add an empty chosen node to top level DTSI
ARM: dts: am4372: Add an empty chosen node to top level DTSI
ARM: dts: omap5: Add an empty chosen node to top level DTSI
ARM: dts: omap4: Add an empty chosen node to top level DTSI
ARM: dts: am33xx: Add an empty chosen node to top level DTSI
ARM: dts: dm814x: Add an empty chosen node to top level DTSI
ARM: dts: dm816x: Add an empty chosen node to top level DTSI
ARM: dts: dra7: Add an empty chosen node to top level DTSI
libceph: remove now unused ceph_*{en,de}crypt*() functions
libceph: switch ceph_x_decrypt() to ceph_crypt()
libceph: switch ceph_x_encrypt() to ceph_crypt()
libceph: tweak calcu_signature() a little
libceph: rename and align ceph_x_authorizer::reply_buf
libceph: introduce ceph_crypt() for in-place en/decryption
libceph: introduce ceph_x_encrypt_offset()
libceph: old_key in process_one_ticket() is redundant
libceph: ceph_x_encrypt_buflen() takes in_len
Input: ALPS - fix TrackStick support for SS5 hardware
arm64/ptrace: Reject attempts to set incomplete hardware breakpoint fields
arm64/ptrace: Avoid uninitialised struct padding in fpr_set()
arm64/ptrace: Preserve previous registers for short regset write - 3
arm64/ptrace: Preserve previous registers for short regset write - 2
arm64/ptrace: Preserve previous registers for short regset write
arm64: avoid returning from bad_mode
ARM: dts: da850-evm: fix read access to SPI flash
ARM: dts: OMAP5 / DRA7: indicate that SATA port 0 is available.
ceph: fix bad endianness handling in parse_reply_info_extra
ibmvscsis: Fix max transfer length
ibmvscsis: Fix sleeping in interrupt context
ARM: 8634/1: hw_breakpoint: blacklist Scorpion CPUs
svcrdma: avoid duplicate dma unmapping during error recovery
clocksource/exynos_mct: Clear interrupt when cpu is shut down
ubifs: Fix journal replay wrt. xattr nodes
mac80211: implement multicast forwarding on fast-RX path
qla2xxx: Fix crash due to null pointer access
x86/ioapic: Restore IO-APIC irq_chip retrigger callback
powerpc: Ignore reserved field in DCSR and PVR reads and writes
powerpc/ptrace: Preserve previous TM fprs/vsrs on short regset write
powerpc/ptrace: Preserve previous fprs/vsrs on short regset write
powerpc/perf: Fix PM_BRU_CMPL event code for power9
powerpc/icp-opal: Fix missing KVM case and harden replay
KVM: arm/arm64: vgic: Fix deadlock on error handling
KVM: s390: do not expose random data via facility bitmap
mtd: nand: xway: fix build because of module functions
mtd: nand: xway: disable module support
mtd: nand: lpc32xx: fix invalid error handling of a requested irq
ieee802154: atusb: do not use the stack for buffers to make them DMA able
mmc: mxs-mmc: Fix additional cycles after transmission stop
mmc: sdhci-acpi: Only powered up enabled acpi child devices
HID: corsair: fix control-transfer error handling
HID: corsair: fix DMA buffers on stack
PCI: Enumerate switches below PCI-to-PCIe bridges
PCI: designware: Check for iATU unroll only on platforms that use ATU
fuse: fix time_to_jiffies nsec sanity check
fuse: clear FR_PENDING flag when moving requests out of pending queue
ARC: module: Fix !CONFIG_ARC_DW2_UNWIND builds
libnvdimm, namespace: fix pmem namespace leak, delete when size set to zero
svcrpc: don't leak contexts on PROC_DESTROY
sunrpc: don't call sleeping functions from the notifier block callbacks
rcu: Narrow early boot window of illegal synchronous grace periods
rcu: Remove cond_resched() from Tiny synchronize_sched()
x86/PCI: Ignore _CRS on Supermicro X8DTH-i/6/iF/6F
tmpfs: clear S_ISGID when setting posix ACLs
ARM: dts: omap3: Add DTS for Logic PD SOM-LV 37xx Dev Kit
ARM: dts: imx31: fix AVIC base address
ARM: dts: imx31: move CCM device node to AIPS2 bus devices
ARM: dts: imx31: fix clock control module interrupts description
ARM: dts: imx6q-cm-fx6: fix fec pinctrl
ARM: dts: r8a7794: remove Z clock
ARM: dts: r8a7794: Use SYSC "always-on" PM Domain for sound
ARM: dts: bcm283x: fix typo in mailbox address
perf jit: Enable jitdump support without dwarf
perf scripting: Avoid leaking the scripting_context variable
perf callchain: Fixup help/config for no-unwinding
perf diff: Do not overwrite valid build id
perf trace: Check if MAP_32BIT is defined (again)
perf mem: Fix --all-user/--all-kernel options
perf trace: Use the syscall raw_syscalls:sys_enter timestamp
IB/IPoIB: Remove can't use GFP_NOIO warning
IB/mlx4: Check if GRH is available before using it
IB/mlx4: When no DMFS for IPoIB, don't allow NET_IF QPs
IB/mlx4: Fix port query for 56Gb Ethernet links
IB/mlx4: Handle well-known-gid in mad_demux processing
IB/mlx4: Fix out-of-range array index in destroy qp flow
IB/mlx4: Set traffic class in AH
IB/mlx5: Wait for all async command completions to complete
IB/mlx5: Assign SRQ type earlier
IB/mlx5: Fix reported max SGE calculation
IB/mlx5: Avoid system crash when enabling many VFs
IB/rxe: avoid putting a large struct rxe_qp on stack
IB/rxe: Increase max number of completions to 32k
IB/core: Release allocated memory in cache setup failure
Linux 4.9.5
ANDROID: usb: gadget: f_audio_source: Fixed USB Audio Class Interface Descriptor
ANDROID: usb: gadget: f_audio_source: change max ISO packet size
ANDROID: usb: gadget: f_accessory: Enabled Zero Length Packet (ZLP) for acc_write
ANDROID: drivers: usb: gadget: 64-bit related type fixes
ANDROID: usb: gadget: f_accessory: move userspace interface to uapi
ANDROID: usb: gadget: f_mtp: move userspace interface to uapi
ANDROID: USB: remove duplicate out endpoint creation in MTP mode
ANDROID: usb: gadget: Fix android gadget driver build
ANDROID: usb: gadget: Fixes and hacks to make android usb gadget compile on 3.8
ANDROID: usb: otg: otg-wakelock: Fix build for 3.7
ANDROID: usb: gadget: accessory: Fix section mismatch (again)
ANDROID: USB: gadget: f_audio_source: New gadget driver for audio output
ANDROID: USB: gadget: f_accessory: Add support for HID input devices
ANDROID: USB: gadget: Add ACCESSORY_SET_AUDIO_MODE control request and ioctl
ANDROID: usb: gadget: accessory: Fix section mismatch
ANDROID: usb: otg: otg-wakelock: Fix build for 3.4
ANDROID: usb: gadget: adb: Only enable the gadget when adbd is ready
ANDROID: usb: gadget: adb: do not set error flag when dequeuing req
ANDROID: usb: gadget: adb: allow freezing in adb_read
ANDROID: usb: gadget: accessory: Add Android Accessory function
ANDROID: usb: gadget: adb: Add ADB function
ANDROID: usb: gadget: mtp: Add MTP/PTP function
ANDROID: usb: otg: otg-wakelock: fix build for 3.3
ANDROID: usb: otg: Temporarily grab wakelock on charger and disconnect events
ANDROID: USB: OTG: Take wakelock when VBUS present
ANDROID: wlan: Add get_wake_irq functionality
ANDROID: Add flags parameter to get_country_code template
ANDROID: net: wireless: Add get_country_code functionality to platform
ANDROID: network: wireless: Add get_mac_addr functionality to platform
ANDROID: wlan: Create generic wlan platform data header
ANDROID: net: wireless: Decrease scan entry expiration to avoid stall results
ANDROID: bridge: Have tx_bytes count headers like rx_bytes.
ANDROID: rfkill: Introduce CONFIG_RFKILL_PM and use instead of CONFIG_PM to power down
ANDROID: net: ipv6: fix virtual tunneling build
ANDROID: tcp: fix tcp_default_init_rwnd() for 4.1
ANDROID: net: support marking accepting TCP sockets
ANDROID: tcp: add a sysctl to config the tcp_default_init_rwnd
ANDROID: xt_qtaguid: fix a race condition in if_tag_stat_update
ANDROID: netfilter: xt_qtaguid/socket: build fixes for 4.4
ANDROID: netfilter: xt_qtaguid: xt_socket: build fixes
ANDROID: net: xt_qtaguid/xt_socket: fix refcount underflow and crash
ANDROID: xt_qtaguid: use sock_gen_put() instead of xt_socket_put_sk()
ANDROID: xt_qtaguid: Use sk_callback_lock read locks before reading sk->sk_socket
ANDROID: xt_qtaguid: fix broken uid/gid range check
ANDROID: netfilter: Build fixups - kuid/kguid changes & xt_socket_get/put_sk
ANDROID: net: ipv6: autoconf routes into per-device tables
ANDROID: nf: IDLETIMER: Fix broken uid field in the msg
ANDROID: nf: IDLETIMER: Adds the uid field in the msg
ANDROID: netfilter: fix seq_printf type mismatch warning
ANDROID: nf: Remove compilation error caused by e8430cbed3ef15fdb1ac26cfd020e010aa5f1c35
ANDROID: nf: IDLETIMER: time-stamp and suspend/resume handling.
ANDROID: xt_qtaguid: Fix boot panic
ANDROID: net: kuid/kguid build fixes
ANDROID: netfilter: ipv6: fix crash caused by ipv6_find_hdr()
ANDROID: netfilter: xt_qtaguid: 64-bit warning fixes
ANDROID: netfilter: xt_qtaguid: fix memory leak in seq_file handlers
ANDROID: netfilter: xt_qtaguid: fix bad tcp_time_wait sock handling
ANDROID: netfilter: xt_qtaguid: 3.10 fixes
ANDROID: netfilter: xt_quota2: 3.10 fixes.
ANDROID: netfilter: qtaguid: rate limit some of the printks
ANDROID: netfilter: xt_qtaguid: Allow tracking loopback
ANDROID: netfilter: xt_qtaguid: extend iface stat to report protocols
ANDROID: netfilter: xt_qtaguid: remove AID_* dependency for access control
ANDROID: netfilter: qtaguid: Don't BUG_ON if create_if_tag_stat fails
ANDROID: netfilter: xt_qtaguid: fix error exit that would keep a spinlock.
ANDROID: netfilter: xt_qtaguid: report only uid tags to non-privileged processes
ANDROID: netfilter: xt_qtaguid: start tracking iface rx/tx at low level
ANDROID: netfilter: xt_IDLETIMER: Add new netlink msg type
ANDROID: netfilter: xt_qtaguid: fix ipv6 protocol lookup
ANDROID: netfilter: qtaguid: initialize a local var to keep compiler happy.
ANDROID: netfilter: fixup the quota2, and enable.
ANDROID: netfilter: adding the original quota2 from xtables-addons
ANDROID: netfilter: add xt_qtaguid matching module
ANDROID: net: PPPoPNS and PPPoLAC build fixes for 4.4
ANDROID: Hack: net: PPPoPNS and PPPoLAC build fixes for 4.1
ANDROID: net: pppopns: pppolac: fix sendmsg function calls
ANDROID: net: PPPoPNS: Remove length argument from data_ready
ANDROID: net: move PPPoLAC and PPPoPNS headers to uapi
ANDROID: Include if_pppolac.h and if_pppopns.h into header-y target
ANDROID: net: PPPoPNS and PPPoLAC update to use PPP_MRU instead of PPP_MRU
ANDROID: net: Reorder incoming packets in PPPoLAC and PPPoPNS.
ANDROID: net: PPPoPNS and PPPoLAC fixes.
ANDROID: net: add PPP on PPTP Network Server (PPPoPNS) driver.
ANDROID: net: add PPP on L2TP Access Concentrator (PPPoLAC) driver.
ANDROID: sysfs_net_ipv4: Add sysfs-based knobs for controlling TCP window size
ANDROID: net: Only NET_ADMIN is allowed to fully control TUN interfaces.
ANDROID: net: Replace AID_NET_RAW checks with capable(CAP_NET_RAW).
ANDROID: security: Add AID_NET_RAW and AID_NET_ADMIN capability check in cap_capable().
ANDROID: Paranoid network.
ANDROID: Add android_aid.h
ANDROID: fs: block_dump: Don't display inode changes if block_dump < 2
ANDROID: mmc: core: Remove stray CONFIG_EXPERIMENTAL dependencies
ANDROID: mmc: Add "ignore mmc pm notify" functionality
ANDROID: mmc: sdio: Fix sdio_reset_comm for sync
ANDROID: mmc: sdio: fix sdio_reset_comm() voltage selection
ANDROID: mmc: sdio: Fix enable_hs and enable_wide in sdio_reset_comm()
ANDROID: mmc: sdio: Add high speed support to sdio_reset_comm()
ANDROID: mmc: sdio: Claim host in sdio_reset_comm()
ANDROID: mmc: Add new API call 'sdio_reset_comm' for resetting communication with an SDIO device
ANDROID: mmc: Add sdio_readb_ext() function
ANDROID: mmc: Add concept of an 'embedded' SDIO device.
ANDROID: mmc: sd: Add retries in re-detection
ANDROID: mmc: sd: When resuming, try a little harder to init the card
ANDROID: mmc: sd: Add new CONFIG_MMC_PARANOID_SD_INIT for enabling retries during SD detection
ANDROID: mtd: nand: Allow NAND chip ids to be included standalone.
ANDROID: gpio_input: convert from wakelocks to wakeup sources
ANDROID: input: Made keyreset more robust
ANDROID: input: Changed keyreset to act as a wrapper for keycombo.
ANDROID: input: add keycombo, a general key combo driver.
ANDROID: input: misc: keychord: move header to uapi
ANDROID: input: misc: keychord: log when keychord triggered
ANDROID: input: keychord: Add keychord driver
ANDROID: input: Add keyreset driver.
ANDROID: input: misc: gpio_event: remove early suspend
ANDROID: Input: Generic GPIO Input device.
ANDROID: lowmemorykiller: use module_param_cb instead of __module_param_call
ANDROID: lowmemorykiller: trace kill events.
ANDROID: staging: lowmemorykiller: Add config option to support oom_adj values
pinctrl: sh-pfc: Do not unconditionally support PIN_CONFIG_BIAS_DISABLE
arm64: hugetlb: fix the wrong return value for huge_ptep_set_access_flags
arm64: hugetlb: remove the wrong pmd check in find_num_contig()
arm64: hugetlb: fix the wrong address for several functions
powerpc/powernv: Don't warn on PE init if unfreeze is unsupported
powerpc/ibmebus: Fix device reference leaks in sysfs interface
powerpc/ibmebus: Fix further device reference leaks
powerpc/mm: Correct process and partition table max size
bus: vexpress-config: fix device reference leak
blk-mq: Always schedule hctx->next_cpu
power: supply: bq27xxx_battery: Fix register map for BQ27510 and BQ27520
bq24190_charger: Fix PM runtime use for bq24190_battery_set_property
iw_cxgb4: Fix error return code in c4iw_rdev_open()
powercap/intel_rapl: fix and tidy up error handling
ACPI / APEI: Fix NMI notification handling
block: cfq_cpd_alloc() should use @gfp
block: Change extern inline to static inline
ACPI / CPPC: set an error code on probe error path
regulators: helpers: Fix handling of bypass_val_on in get_bypass_regmap
cpufreq: powernv: Disable preemption while checking CPU throttling state
powerpc/64: Simplify adaptation to new ISA v3.00 HPTE format
remoteproc: st: Fix error return code in st_rproc_probe()
remoteproc: qcom_wcnss: Fix circular module dependency
drm: Initialise drm_mm.head_node.allocated
drm/i915: Move the min_pixclk[] handling to the end of readout
drm/panel: simple: Check against num_timings when setting preferred for timing
drm: avoid uninitialized timestamp use in wait_vblank
drm/i915/gen9: Fix PCODE polling during SAGV disabling
i2c: mux: pca954x: fix i2c mux selection caching
NFSv4.1: nfs4_fl_prepare_ds must be careful about reporting success.
NFS: Fix a performance regression in readdir
pNFS: Fix race in pnfs_wait_on_layoutreturn
NFS: fix typo in parameter description
pinctrl: meson: fix gpio request disabling other modes
btrfs: fix error handling when run_delayed_extent_op fails
btrfs: fix locking when we put back a delayed ref that's too new
nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too
x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option
i2c: piix4: Avoid race conditions with IMC
net/mlx5: Only cancel recovery work when cleaning up device
USB: serial: ch341: fix modem-control and B0 handling
drm/amdgpu: drop verde dpm quirks
drm/amdgpu: update si kicker smc firmware
drm/radeon: drop verde dpm quirks
drm/radeon: update smc firmware selection for SI
drm: Clean up planes in atomic commit helper failure path
drm/i915/gen9: Fix PCODE polling timeout in stable backport
net/af_iucv: don't use paged skbs for TX on HiperSockets
sysctl: Drop reference added by grab_header in proc_sys_readdir
Clearing FIFOs in RS485 emulation mode causes subsequent transmits to break
extcon: return error code on failure
sysrq: attach sysrq handler correctly for 32-bit kernel
orinoco: Use shash instead of ahash for MIC calculations
ibmvscsis: Fix srp_transfer_data fail return code
tty/serial: atmel_serial: BUG: stop DMA from transmitting in stop_tx
tty/serial: atmel: RS485 half duplex w/DMA: enable RX after TX is done
virtio_blk: avoid DMA to stack for the sense buffer
dmaengine: omap-dma: Fix dynamic lch_map allocation
drivers: char: mem: Fix thinkos in kmem address checks
mnt: Protect the mountpoint hashtable with mount_lock
pid: fix lockdep deadlock warning due to ucount_lock
vme: Fix wrong pointer utilization in ca91cx42_slave_get
Revert "tty: serial: 8250: add CON_CONSDEV to flags"
ASoC: hdmi-codec: use unsigned type to structure members with bit-field
btrfs: fix crash when tracepoint arguments are freed by wq callbacks
xhci: fix deadlock at host remove by running watchdog correctly
fix a fencepost error in pipe_advance()
i2c: fix kernel memory disclosure in dev interface
i2c: print correct device invalid address
Input: elants_i2c - avoid divide by 0 errors on bad touchscreen data
USB: serial: ch341: fix open and resume after B0
USB: serial: ch341: fix control-message error handling
USB: serial: ch341: fix open error handling
USB: serial: ch341: fix resume after reset
USB: serial: ch341: fix initial modem-control state
USB: serial: kl5kusb105: fix line-state error handling
usb: musb: fix runtime PM in debugfs
wusbcore: Fix one more crypto-on-the-stack bug
x86/CPU/AMD: Fix Bulldozer topology
x86/bugs: Separate AMD E400 erratum and C1E bug
x86/cpu/AMD: Clean up cpu_llc_id assignment per topology feature
bridge: netfilter: Fix dropping packets that moving through bridge interface
xfs: Timely free truncated dirty pages
gpio: Move freeing of GPIO hogs before numbing of the device
nl80211: fix sched scan netlink socket owner destruction
x86/efi: Don't allocate memmap through memblock after mm_init()
efi/x86: Prune invalid memory map entries and fix boot regression
efi/libstub/arm*: Pass latest memory map to the kernel
KVM: x86: Introduce segmented_write_std
KVM: x86: emulate FXSAVE and FXRSTOR
KVM: x86: add asm_safe wrapper
KVM: x86: add Align16 instruction flag
KVM: x86: fix NULL deref in vcpu_scan_ioapic
KVM: x86: flush pending lapic jump label updates on module unload
jump_labels: API for flushing deferred jump label updates
KVM: eventfd: fix NULL deref irqbypass consumer
KVM: x86: fix emulation of "MOV SS, null selector"
mm/hugetlb.c: fix reservation race when freeing surplus pages
mm/slab.c: fix SLAB freelist randomization duplicate entries
mm: support anonymous stable page
mm, memcg: fix the active list aging for lowmem requests when memcg is enabled
ocfs2: fix crash caused by stale lvb with fsdlm plugin
mm: fix devm_memremap_pages crash, use mem_hotplug_{begin, done}
mm: pmd dirty emulation in page fault handler
dax: fix deadlock with DAX 4k holes
zram: support BDI_CAP_STABLE_WRITES
zram: revalidate disk under init_lock
selftests: do not require bash for the generated test
selftests: do not require bash to run netsocktests testcase
drm/savage: dereferencing an error pointer
drm/vc4: Fix a couple error codes in vc4_cl_lookup_bos()
drm/tegra: dpaux: Fix error handling
regulator: axp20x: Fix axp809 ldo_io registration error on cold boot
regulator: tps65086: Fix 25mV ranges for BUCK regulators
pinctrl: sh-pfc: Add helper to handle bias lookup table
pinctrl: sh-pfc: r8a7795: Use lookup function for bias data
pinctrl: imx: fix imx_pinctrl_desc initialization
Input: i8042 - add Pegatron touchpad to noloop table
Input: xpad - use correct product id for x360w controllers
Linux 4.9.4
rtlwifi: rtl_usb: Fix missing entry in USB driver's private data
rtlwifi: Fix enter/exit power_save
drm/i915/gen9: Fix PCODE polling during CDCLK change notification
ALSA: usb-audio: Add a quirk for Plantronics BT600
spi: mvebu: fix baudrate calculation for armada variant
ARM: omap2+: am437x: rollback to use omap3_gptimer_timer_init()
ARM: 8631/1: clkdev: Detect errors in clk_hw_register_clkdev() for mass registration
ARM: OMAP4+: Fix bad fallthrough for cpuidle
ARM: OMAP5: Fix build for PM code
ARM: OMAP5: Fix mpuss_early_init
bus: arm-ccn: Prevent hotplug callback leak
svcrdma: Clear xpt_bc_xps in xprt_setup_rdma_bc() error exit arm
ARM: qcom_defconfig: Fix MDM9515 LCC and GCC config
ARM: zynq: Reserve correct amount of non-DMA RAM
ARM: pxa: fix pxa25x interrupt init
ARM64: dts: bcm2835: Fix bcm2837 compatible string
ARM64: dts: bcm2837-rpi-3-b: remove incorrect pwr LED
arm64: dts: mt8173: Fix auxadc node
tools/virtio: fix READ_ONCE()
powerpc: Fix build warning on 32-bit PPC
ALSA: firewire-tascam: Fix to handle error from initialization of stream data
HID: hid-cypress: validate length of report
net: vrf: do not allow table id 0
net: ipv4: Fix multipath selection with vrf
net/mlx5e: Remove WARN_ONCE from adaptive moderation code
gro: Disable frag0 optimization on IPv6 ext headers
gro: use min_t() in skb_gro_reset_offset()
gro: Enter slow-path if there is no tailroom
net: add the AF_QIPCRTR entries to family name tables
net: dsa: Ensure validity of dst->ds[0]
r8152: fix rx issue for runtime suspend
r8152: split rtl8152_suspend function
net: dsa: bcm_sf2: Utilize nested MDIO read/write
net: dsa: bcm_sf2: Do not clobber b53_switch_ops
bpf: change back to orig prog on too many passes
net: vrf: Add missing Rx counters
ipv4: Do not allow MAIN to be alias for new LOCAL w/ custom rules
igmp: Make igmp group member RFC 3376 compliant
flow_dissector: Update pptp handling to avoid null pointer deref.
drop_monitor: consider inserted data in genlmsg_end
drop_monitor: add missing call to genlmsg_end
net: ipv4: dst for local input routes should use l3mdev if relevant
net: fix incorrect original ingress device index in PKTINFO
rtnl: stats - add missing netlink message size checks
net/mlx5e: Disable netdev after close
net/mlx5e: Don't sync netdev state when not registered
net/mlx5: Prevent setting multicast macs for VFs
net/mlx5: Mask destination mac value in ethtool steering rules
net/mlx5: Avoid shadowing numa_node
net/mlx5: Cancel recovery work in remove flow
net/mlx5: Check FW limitations on log_max_qp before setting it
net/sched: cls_flower: Fix missing addr_type in classify
net: stmmac: Fix race between stmmac_drv_probe and stmmac_open
net, sched: fix soft lockup in tc_classify
ipv6: handle -EFAULT from skb_copy_bits
inet: fix IP(V6)_RECVORIGDSTADDR for udp sockets
sctp: sctp_transport_lookup_process should rcu_read_unlock when transport is null
net: vrf: Drop conntrack data after pass through VRF device on Tx
net: vrf: Fix NAT within a VRF
Linux 4.9.3
usb: gadget: composite: always set ep->mult to a sensible value
Revert "usb: gadget: composite: always set ep->mult to a sensible value"
Revert "rtlwifi: Fix enter/exit power_save"
tick/broadcast: Prevent NULL pointer dereference
clocksource/dummy_timer: Move hotplug callback after the real timers
xfs: fix max_retries _show and _store functions
xfs: fix crash and data corruption due to removal of busy COW extents
xfs: use the actual AG length when reserving blocks
xfs: fix double-cleanup when CUI recovery fails
xfs: use GPF_NOFS when allocating btree cursors
xfs: ignore leaf attr ichdr.count in verifier during log replay
xfs: don't cap maximum dedupe request length
xfs: don't allow di_size with high bit set
xfs: error out if trying to add attrs and anextents > 0
xfs: don't crash if reading a directory results in an unexpected hole
xfs: complain if we don't get nextents bmap records
xfs: check for bogus values in btree block headers
xfs: forbid AG btrees with level == 0
xfs: handle cow fork in xfs_bmap_trace_exlist
xfs: pass state not whichfork to trace_xfs_extlist
xfs: Move AGI buffer type setting to xfs_read_agi
xfs: pass post-eof speculative prealloc blocks to bmapi
xfs: use new extent lookup helpers xfs_file_iomap_begin_delay
xfs: clean up cow fork reservation and tag inodes correctly
xfs: use new extent lookup helpers in __xfs_reflink_reserve_cow
xfs: track preallocation separately in xfs_bmapi_reserve_delalloc()
xfs: remove prev argument to xfs_bmapi_reserve_delalloc
xfs: always succeed when deduping zero bytes
xfs: factor rmap btree size into the indlen calculations
xfs: new inode extent list lookup helpers
xfs: fix unbalanced inode reclaim flush locking
xfs: check minimum block size for CRC filesystems
xfs: provide helper for counting extents from if_bytes
xfs: don't BUG() on mixed direct and mapped I/O
xfs: don't skip cow forks w/ delalloc blocks in cowblocks scan
xfs: check return value of _trans_reserve_quota_nblks
xfs: don't call xfs_sb_quota_from_disk twice
tpm_tis: Check return values from get_burstcount.
drm/i915/gen9: fix the WM memory bandwidth WA for Y tiling cases
drm/i915/gen9: unconditionally apply the memory bandwidth WA
drm/i915: disable PSR by default on HSW/BDW
drm/radeon: Always store CRTC relative radeon_crtc->cursor_x/y values
s390/pci: fix dma address calculation in map_sg
s390/topology: always use s390 specific sched_domain_topology_level
powerpc/pci/rpadlpar: Fix device reference leaks
PCI: Enable access to non-standard VPD for Chelsio devices (cxgb3)
PCI: Support INTx masking on ConnectX-4 with firmware x.14.1100+
PCI: Convert Mellanox broken INTx quirks to be for listed devices only
PCI: Convert broken INTx masking quirks from HEADER to FINAL
PCI: Add Mellanox device IDs
PCI: rockchip: Correct the use of FTS mask
PCI: rockchip: Fix negotiated lanes calculation
staging: media: davinci_vpfe: unlock on error in vpfe_reqbufs()
f2fs: hide a maybe-uninitialized warning
f2fs: remove percpu_count due to performance regression
md: fix refcount problem on mddev when stopping array.
md: MD_RECOVERY_NEEDED is set for mddev->recovery
crypto: arm64/aes-ce - fix for big endian
crypto: arm64/aes-xts-ce: fix for big endian
crypto: arm64/sha1-ce - fix for big endian
crypto: arm64/aes-neon - fix for big endian
crypto: arm64/aes-ccm-ce: fix for big endian
crypto: arm/aes-ce - fix for big endian
crypto: arm64/ghash-ce - fix for big endian
crypto: arm64/sha2-ce - fix for big endian
s390/crypto: unlock on error in prng_tdes_read()
mm, compaction: fix NR_ISOLATED_* stats for pfn based migration
mm: khugepaged: fix radix tree node leak in shmem collapse error path
mm: khugepaged: close use-after-free race during shmem collapsing
docs-rst: fix LaTeX \DURole renewcommand with Sphinx 1.3+
mm/hugetlb.c: use the right pte val for compare in hugetlb_cow
rpmsg: qcom_smd: Correct return value for O_NONBLOCK
mmc: mmc_test: Uninitialized return value
genirq/affinity: Fix node generation from cpumask
PM / wakeirq: Fix dedicated wakeirq for drivers not using autosuspend
irqchip/bcm7038-l1: Implement irq_cpu_offline() callback
PCI/MSI: Check for NULL affinity mask in pci_irq_get_affinity()
ima: fix memory leak in ima_release_policy
relay: check array offset before using it
sbp-target: Fix second argument of percpu_ida_alloc()
target/iscsi: Fix double free in lio_target_tiqn_addtpg()
scsi: mvsas: fix command_active typo
scsi: g_NCR5380: Fix release_region in error handling
ASoC: samsung: i2s: Fixup last IRQ unsafe spin lock call
ASoC: Intel: Skylake: Fix a shift wrapping bug
ASoC: cht_bsw_rt5645: Fix leftover kmalloc
ASoC: lpass-platform: initialize dma channel number
iommu/vt-d: Flush old iommu caches for kdump when the device gets context mapped
iommu/vt-d: Fix pasid table size encoding
iommu/amd: Fix the left value check of cmd buffer
iommu/amd: Missing error code in amd_iommu_init_device()
clk: renesas: mstp: Support 8-bit registers for r7s72100
clk: imx31: fix rewritten input argument of mx31_clocks_init()
clk: sunxi-ng: sun8i-h3: Set CLK_SET_RATE_PARENT for audio module clocks
clk: sunxi-ng: sun8i-a23: Set CLK_SET_RATE_PARENT for audio module clocks
clk: ti: dra7: fix "failed to lookup clock node gmac_gmii_ref_clk_div" boot message
clk: clk-wm831x: fix a logic error
clk: qcom: ipq806x: Fix board clk rates
Input: synaptics-rmi4 - unlock on error
hwmon: (lm90) fix temp1_max_alarm attribute
hwmon: (g762) Fix overflows and crash seen when writing limit attributes
hwmon: (nct7802) Fix overflows seen when writing into limit attributes
hwmon: (ds620) Fix overflows seen when writing temperature limits
hwmon: (amc6821) sign extension temperature
hwmon: (scpi) Fix module autoload
platform/x86: fujitsu-laptop: use brightness_set_blocking for LED-setting callbacks
x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
x86/prctl/uapi: Remove #ifdef for CHECKPOINT_RESTORE
debugfs: improve DEFINE_DEBUGFS_ATTRIBUTE for !CONFIG_DEBUG_FS
clk: renesas: cpg-mssr: Fix inverted debug check
efi/efivar_ssdt_load: Don't return success on allocation failure
cris: Only build flash rescue image if CONFIG_ETRAX_AXISFLASHMAP is selected
ath10k: use the right length of "background"
mfd: tps65217: Fix page fault on unloading modules
ath10k: fix failure to send NULL func frame for 10.4
nl80211: Use different attrs for BSSID and random MAC addr in scan req
mac80211: fix tid_agg_rx NULL dereference
drm/i915: tune down the fast link training vs boot fail
drm/i915/dp: add lane_count check in intel_dp_check_link_status
usb: dwc3: gadget: always unmap EP0 requests
usb: dwc3: ep0: explicitly call dwc3_ep0_prepare_one_trb()
usb: dwc3: ep0: add dwc3_ep0_prepare_one_trb()
iio: accel: st_accel: fix LIS3LV02 reading and scaling
staging: iio: ad7606: fix improper setting of oversampling pins
mei: move write cb to completion on credentials failures
mei: bus: fix mei_cldev_enable KDoc
mei: fix parameter rename KDoc
USB: serial: io_ti: bind to interface after fw download
dibusb: fix possible memory leak in dibusb_rc_query()
ARM: dts: sun7i: bananapi-m1-plus: Enable USB PHY for USB host support
arm64: dts: hip06: Correct hardware pin number of usb node
USB: phy: am335x-control: fix device and of_node leaks
ARM: dts: r8a7794: Correct hsusb parent clock
usb: gadget: fix request length error for isoc transfer
usb: gadget: Fix second argument of percpu_ida_alloc()
USB: serial: kl5kusb105: abort on open exception path
ALSA: usb-audio: Fix bogus error return in snd_usb_create_stream()
usb: musb: blackfin: add bfin_fifo_offset in bfin_ops
usb: gadget: udc: core: fix return code of usb_gadget_probe_driver()
usb: hub: Move hub_port_disable() to fix warning if PM is disabled
usb: musb: Fix trying to free already-free IRQ 4
usb: dwc3: gadget: Fix full speed mode
usb: dwc3: pci: Fix dr_mode misspelling
usb: dwc3: pci: add Intel Gemini Lake PCI ID
xhci: Fix race related to abort operation
xhci: Use delayed_work instead of timer for command timeout
usb: xhci-mem: use passed in GFP flags instead of GFP_KERNEL
USB: serial: mos7720: fix parallel probe
USB: serial: mos7720: fix parport use-after-free on probe errors
USB: serial: mos7720: fix use-after-free on probe errors
USB: serial: mos7720: fix NULL-deref at open
USB: serial: mos7840: fix NULL-deref at open
USB: serial: kobil_sct: fix NULL-deref in write
USB: serial: cyberjack: fix NULL-deref at open
USB: serial: oti6858: fix NULL-deref at open
USB: serial: io_edgeport: fix NULL-deref at open
USB: serial: ti_usb_3410_5052: fix NULL-deref at open
USB: serial: garmin_gps: fix memory leak on failed URB submit
USB: serial: iuu_phoenix: fix NULL-deref at open
USB: serial: io_ti: fix I/O after disconnect
USB: serial: io_ti: fix another NULL-deref at open
USB: serial: io_ti: fix NULL-deref at open
USB: serial: spcp8x5: fix NULL-deref at open
USB: serial: keyspan_pda: verify endpoints at probe
USB: serial: pl2303: fix NULL-deref at open
USB: serial: quatech2: fix sleep-while-atomic in close
USB: serial: omninet: fix NULL-derefs at open and disconnect
usb: return error code when platform_get_irq fails
usb: xhci: hold lock over xhci_abort_cmd_ring()
xhci: Handle command completion and timeout race
usb: host: xhci: Fix possible wild pointer when handling abort command
usb: xhci: fix return value of xhci_setup_device()
xhci: free xhci virtual devices with leaf nodes first
usb: xhci: apply XHCI_PME_STUCK_QUIRK to Intel Apollo Lake
usb: xhci: fix possible wild pointer
usb: dwc3: core: avoid Overflow events
usb: gadget: composite: Test get_alt() presence instead of set_alt()
USB: dummy-hcd: fix bug in stop_activity (handle ep0)
USB: fix problems with duplicate endpoint addresses
USB: gadgetfs: fix checks of wTotalLength in config descriptors
USB: gadgetfs: fix use-after-free bug
USB: gadgetfs: fix unbounded memory allocation bug
usb: gadgetfs: restrict upper bound on device configuration size
usb: storage: unusual_uas: Add JMicron JMS56x to unusual device
usb: musb: dsps: implement clear_ep_rxintr() callback
usb: musb: core: add clear_ep_rxintr() to musb_platform_ops
KVM: MIPS: Flush KVM entry code from icache globally
KVM: MIPS: Don't clobber CP0_Status.UX
KVM: x86: reset MMU on KVM_SET_VCPU_EVENTS
drm/i915: Initialize overlay->last_flip properly
drm/i915: Force VDD off on the new power seqeuencer before starting to use it
drm/i915: Fix oops in overlay due to frontbuffer tracking
drm/i915: Fix oopses in the overlay code due to i915_gem_active stuff
gcc-plugins: update gcc-common.h for gcc-7
asm-prototypes: Clear any CPP defines before declaring the functions
mac80211: initialize fast-xmit 'info' later
pinctrl/amd: Set the level based on ACPI tables
ARM: davinci: da850: don't add emac clock to lookup table twice
HID: sensor-hub: Move the memset to sensor_hub_get_feature()
parisc: Mark cr16 clocksource unstable on SMP systems
parisc: Add line-break when printing segfault info
fscrypt: fix renaming and linking special files
ALSA: usb-audio: Fix irq/process data synchronization
ALSA: hda - Apply asus-mode8 fixup to ASUS X71SL
ALSA: hda - Fix up GPIO for ASUS ROG Ranger
staging: octeon: Call SET_NETDEV_DEV()
iio: bmi160: Fix time needed to sleep after command execution
iio: max44000: correct value in illuminance_integration_time_available
iio: common: st_sensors: fix channel data parsing
Linux 4.9.2
drm/i915: Fix setting of boost freq tunable
drm/i915: skip the first 4k of stolen memory on everything >= gen8
drm/i915: Initialize dev_priv->atomic_cdclk_freq at init time
drm/i915: Fix cdclk vs. dev_cdclk mess when not recomputing things
drm/i915/dsi: Do not clear DPOUNIT_CLOCK_GATE_DISABLE from vlv_init_display_clock_gating
drm/i915/dsi: Fix chv_exec_gpio disabling the GPIOs it is setting
net: mvpp2: fix dma unmapping of TX buffers for fragments
sg_write()/bsg_write() is not fit to be called under KERNEL_DS
kconfig/nconf: Fix hang when editing symbol with a long prompt
target/user: Fix use-after-free of tcmu_cmds if they are expired
libnvdimm, pfn: fix align attribute
of, numa: Return NUMA_NO_NODE from disable of_node_to_nid() if nid not possible.
powerpc/boot: Request no dynamic linker for boot wrapper
powerpc/ps3: Fix system hang with GCC 5 builds
powerpc/64e: Convert cmpi to cmpwi in head_64.S
SUNRPC: fix refcounting problems with auth_gss messages.
pNFS: Fix a deadlock between read resends and layoutreturn
pNFS: Clear NFS_LAYOUT_RETURN_REQUESTED when invalidating the layout stateid
pNFS: Don't clear the layout stateid if a layout return is outstanding
pNFS: On error, do not send LAYOUTGET until the LAYOUTRETURN has completed
nfs_write_end(): fix handling of short copies
libceph: verify authorize reply on connect
PCI: Check for PME in targeted sleep state
i40iw: Use correct src address in memcpy to rdma stats counters
bad_inode: add missing i_op initializers
Input: drv260x - fix input device's parent assignment
v4l: tvp5150: Add missing break in set control handler
media: solo6x10: fix lockup by avoiding delayed register write
s5p-mfc: fix failure path of s5p_mfc_alloc_memdev()
mn88473: fix chip id check on probe
mn88472: fix chip id check on probe
IB/cma: Fix a race condition in iboe_addr_get_sgid()
IB/rxe: Fix a memory leak in rxe_qp_cleanup()
IB/multicast: Check ib_find_pkey() return value
IPoIB: Avoid reading an uninitialized member variable
IB/mad: Fix an array index check
fgraph: Handle a case where a tracer ignores set_graph_notrace
x86/smpboot: Make logical package management more robust
platform/x86: asus-nb-wmi.c: Add X45U quirk
ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps to it
vsock/virtio: fix src/dst cid format
fsnotify: Fix possible use-after-free in inode iteration on umount
kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)
KVM: PPC: Book3S HV: Don't lose hardware R/C bit updates in H_PROTECT
KVM: PPC: Book3S HV: Save/restore XER in checkpointed register state
scsi: aacraid: remove wildcard for series 9 controllers
md/raid5: limit request size according to implementation limits
sc16is7xx: Drop bogus use of IRQF_ONESHOT
latent_entropy: fix ARM build error on earlier gcc
arm64: KVM: pmu: Reset PMSELR_EL0.SEL to a sane value before entering the guest
s390/kexec: use node 0 when re-adding crash kernel memory
s390/vmlogrdr: fix IUCV buffer allocation
firmware: fix usermode helper fallback loading
ARC: mm: arc700: Don't assume 2 colours for aliasing VIPT dcache
scsi: avoid a permanent stop of the scsi device's request queue
scsi: zfcp: fix rport unblock race with LUN recovery
scsi: zfcp: do not trace pure benign residual HBA responses at default level
scsi: zfcp: fix use-after-"free" in FC ingress path after TMF
iscsi-target: Return error if unable to add network portal
scsi: megaraid_sas: Do not set MPI2_TYPE_CUDA for JBOD FP path for FW which does not support JBOD sequence map
scsi: megaraid_sas: For SRIOV enabled firmware, ensure VF driver waits for 30secs before reset
stm class: Fix device leak in open error path
vt: fix Scroll Lock LED trigger name
block: protect iterate_bdevs() against concurrent close
mei: me: add lewisburg device ids
mei: request async autosuspend at the end of enumeration
drivers/gpu/drm/ast: Fix infinite loop if read fails
drm/amdgpu: fix init save/restore list in gfx_v8.0
drm/amdgpu: fix enable_cp_power_gating in gfx_v8.0.
drm/amd/powerplay: bypass fan table setup if no fan connected
drm/gma500: Add compat ioctl
drm/radeon/si: load the proper firmware on 0x87 oland boards
drm/radeon: add additional pci revision to dpm workaround
drm/radeon: Hide the HW cursor while it's out of bounds
drm/radeon: Also call cursor_move_locked when the cursor size changes
drm/nouveau/fifo/gf100-: protect channel preempt with subdev mutex
drm/nouveau/i2c/gk110b,gm10x: use the correct implementation
drm/nouveau/ttm: wait for bo fence to signal before unmapping vmas
drm/nouveau/ltc: protect clearing of comptags with mutex
drm/nouveau/bios: require checksum to match for fast acpi shadow method
drm/nouveau/kms: lvds panel strap moved again on maxwell
drm/nouveau/gr: fallback to legacy paths during firmware lookup
drm/amd/amdgpu: enable GUI idle INT after enabling CGCG
drm/amdgpu: Also call cursor_move_locked when the cursor size changes
drm/amdgpu: Store CRTC relative amdgpu_crtc->cursor_x/y values
drm/amdgpu: add additional pci revision to dpm workaround
drm/amdgpu/si: load the proper firmware on 0x87 oland boards
ACPI / video: Add force_native quirk for HP Pavilion dv6
ACPI / video: Add force_native quirk for Dell XPS 17 L702X
staging: comedi: ni_mio_common: fix E series ni_ai_insn_read() data
staging: comedi: ni_mio_common: fix M Series ni_ai_insn_read() data mask
staging: lustre: ldlm: pl_recalc time handling is wrong
staging/lustre/osc: Revert erroneous list_for_each_entry_safe use
hv: acquire vmbus_connection.channel_mutex in vmbus_free_channels()
docs: sphinx-extensions: make rstFlatTable work with docutils 0.13
thermal: hwmon: Properly report critical temperature in sysfs
clk: bcm2835: Avoid overwriting the div info when disabling a pll_div clk
arm64: tegra: Add VDD_GPU regulator to Jetson TX1
gpio: chardev: Return error for seek operations
gpio: stmpe: fix interrupt handling bug
timekeeping_Force_unsigned_clocksource_to_nanoseconds_conversion
mmc: sd: Meet alignment requirements for raw_ssr DMA
regulator: stw481x-vmmc: fix ages old enable error
mmc: sdhci: Fix recovery from tuning timeout
Revert "mmc: sdhci: Reset cmd and data circuits after tuning failure"
ath9k: do not return early to fix rcu unlocking
ath9k: Really fix LED polarity for some Mini PCI AR9220 MB92 cards.
ath9k: fix ath9k_hw_gpio_get() to return 0 or 1 on success
cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts
rtl8xxxu: Work around issue with 8192eu and 8723bu devices not reconnecting
perf/x86/intel/cstate: Prevent hotplug callback leak
perf annotate: Don't throw error for zero length symbols
perf/x86: Fix exclusion of BTS and LBR for Goldmont
rtlwifi: Fix enter/exit power_save
ath10k: fix soft lockup during firmware crash/hw-restart
ssb: Fix error routine when fallback SPROM fails
Linux 4.9.1
x86/kbuild: enable modversions for symbols exported from asm
builddeb: fix cross-building to arm64 producing host-arch debs
xfs: set AGI buffer type in xlog_recover_clear_agi_bucket
xfs: fix up xfs_swap_extent_forks inline extent handling
arm/xen: Use alloc_percpu rather than __alloc_percpu
xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing
tpm xen: Remove bogus tpm_chip_unregister
kernel/debug/debug_core.c: more properly delay for secondary CPUs
watchdog: qcom: fix kernel panic due to external abort on non-linefetch
watchdog: mei_wdt: request stop on reboot to prevent false positive event
kernel/watchdog: use nmi registers snapshot in hardlockup handler
CIFS: Fix a possible memory corruption in push locks
CIFS: Decrease verbosity of ioctl call
CIFS: Fix a possible double locking of mutex during reconnect
CIFS: Fix missing nls unload in smb2_reconnect()
CIFS: Fix a possible memory corruption during reconnect
cifs: Fix smbencrypt() to stop pointing a scatterlist at the stack
ASoC: intel: Fix crash at suspend/resume without card registration
dm space map metadata: fix 'struct sm_metadata' leak on failed create
dm raid: fix discard support regression
dm rq: fix a race condition in rq_completed()
dm crypt: mark key as invalid until properly loaded
dm flakey: return -EINVAL on interval bounds error in flakey_ctr()
dm table: an 'all_blk_mq' table must be loaded for a blk-mq DM device
dm table: fix 'all_blk_mq' inconsistency when an empty table is loaded
blk-mq: Do not invoke .queue_rq() for a stopped queue
PM / OPP: Don't use OPP structure outside of rcu protected section
PM / OPP: Pass opp_table to dev_pm_opp_put_regulator()
usb: gadget: composite: always set ep->mult to a sensible value
mm, page_alloc: keep pcp count and list contents in sync if struct page is corrupted
mm/vmscan.c: set correct defer count for shrinker
nvmet: Fix possible infinite loop triggered on hot namespace removal
loop: return proper error from loop_queue_rq()
f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack
f2fs: fix overflow due to condition check order
f2fs: set ->owner for debugfs status file's file_operations
Revert "f2fs: use percpu_counter for # of dirty pages in inode"
ext4: do not perform data journaling when data is encrypted
ext4: return -ENOMEM instead of success
ext4: reject inodes with negative size
ext4: add sanity checking to count_overhead()
ext4: fix in-superblock mount options processing
ext4: use more strict checks for inodes_per_block on mount
ext4: fix stack memory corruption with 64k block size
ext4: fix mballoc breakage with 64k block size
ext4: don't lock buffer in ext4_commit_super if holding spinlock
crypto: caam - fix AEAD givenc descriptors
ptrace: Don't allow accessing an undumpable mm
ptrace: Capture the ptracer's creds not PT_PTRACE_CAP
vfs,mm: fix return value of read() at s_maxbytes
mm: Add a user_ns owner to mm_struct and fix ptrace permission checks
block_dev: don't test bdev->bd_contains when it is not stable
splice: reinstate SIGPIPE/EPIPE handling
fs: exec: apply CLOEXEC before changing dumpable task flags
exec: Ensure mm->user_ns contains the execed files
clk: ti: omap36xx: Work around sprz319 advisory 2.1
ALSA: hda: when comparing pin configurations, ignore assoc in addition to seq
ALSA: hda - Gate the mic jack on HP Z1 Gen3 AiO
ALSA: hda - fix headset-mic problem on a Dell laptop
ALSA: hda - ignore the assoc and seq when comparing pin configurations
ALSA: hda/ca0132 - Add quirk for Alienware 15 R2 2016
ALSA: hiface: Fix M2Tech hiFace driver sampling rate change
ALSA: usb-audio: Add QuickCam Communicate Deluxe/S7500 to volume_control_quirks
usbip: vudc: fix: Clear already_seen flag also for ep0
USB: UHCI: report non-PME wakeup signalling for Intel hardware
usb: gadget: composite: correctly initialize ep->maxpacket
usb: gadget: f_uac2: fix error handling at afunc_bind
usb: core: usbport: Use proper LED API to fix potential crash
usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices
usb: dwc3: gadget: set PCM1 field of isochronous-first TRBs
USB: cdc-acm: add device id for GW Instek AFG-125
USB: serial: kl5kusb105: fix open error path
USB: serial: option: add dlink dwm-158
USB: serial: option: add support for Telit LE922A PIDs 0x1040, 0x1041
Btrfs: fix qgroup rescan worker initialization
Btrfs: fix emptiness check for dirtied extent buffers at check_leaf()
btrfs: store and load values of stripes_min/stripes_max in balance status item
Btrfs: fix relocation incorrectly dropping data references
Btrfs: fix tree search logic when replaying directory entry deletes
Btrfs: fix deadlock caused by fsync when logging directory entries
Btrfs: fix BUG_ON in btrfs_mark_buffer_dirty
btrfs: limit async_work allocation and worker func duration
hotplug: Make register and unregister notifier API symmetric
ANDROID: Shrink ashmem directly through shmem_fallocate
ANDROID: ashmem: Add shmem_set_file to mm/shmem.c
ANDROID: Add android config documentation to boot framework.
Conflicts:
Documentation/android.txt
Documentation/cpu-freq/governors.txt
Documentation/networking/ip-sysctl.txt
arch/arm64/boot/Makefile
arch/arm64/kernel/process.c
arch/arm64/kernel/topology.c
arch/arm64/mm/dma-mapping.c
drivers/cpufreq/cpufreq_interactive.c
drivers/input/misc/gpio_matrix.c
drivers/md/Kconfig
drivers/md/dm-android-verity.c
drivers/md/dm-android-verity.h
drivers/md/dm-linear.c
drivers/md/dm-verity-fec.h
drivers/mmc/core/host.c
drivers/platform/goldfish/goldfish_pipe.c
drivers/power/supply/power_supply_sysfs.c
drivers/scsi/ufs/ufshcd.c
drivers/scsi/ufs/ufshcd.h
drivers/staging/android/fiq_debugger/fiq_debugger.c
drivers/staging/android/lowmemorykiller.c
drivers/usb/dwc3/core.h
drivers/usb/gadget/Kconfig
drivers/usb/gadget/configfs.c
drivers/usb/gadget/function/Makefile
drivers/usb/gadget/function/f_accessory.c
drivers/usb/gadget/function/f_audio_source.c
drivers/usb/gadget/function/f_fs.c
drivers/usb/gadget/function/f_mtp.c
drivers/usb/phy/Kconfig
drivers/usb/phy/otg-wakelock.c
fs/ext4/inode.c
fs/ext4/ioctl.c
fs/f2fs/data.c
fs/proc/task_mmu.c
fs/sdcardfs/derived_perm.c
fs/sdcardfs/file.c
fs/sdcardfs/inode.c
fs/sdcardfs/lookup.c
fs/sdcardfs/main.c
fs/sdcardfs/packagelist.c
fs/sdcardfs/sdcardfs.h
fs/sdcardfs/super.c
include/linux/mmc/core.h
include/linux/power_supply.h
include/linux/sched.h
include/linux/usb/f_mtp.h
include/net/fib_rules.h
include/net/route.h
include/trace/events/cpufreq_interactive.h
include/trace/events/power.h
include/trace/events/sched.h
include/uapi/linux/magic.h
include/uapi/linux/prctl.h
init/Kconfig
kernel/cgroup.c
kernel/configs/android-base.config
kernel/power/process.c
kernel/sched/Makefile
kernel/sched/core.c
kernel/sched/cputime.c
kernel/sched/fair.c
kernel/sched/rt.c
kernel/sched/sched.h
kernel/sched/stop_task.c
kernel/sched/tune.c
lib/Kconfig.debug
net/core/fib_rules.c
net/ipv4/inet_connection_sock.c
net/ipv4/ping.c
net/ipv4/raw.c
net/ipv4/route.c
net/ipv4/syncookies.c
net/ipv4/udp.c
net/ipv6/af_inet6.c
net/ipv6/ah6.c
net/ipv6/datagram.c
net/ipv6/esp6.c
net/ipv6/icmp.c
net/ipv6/inet6_connection_sock.c
net/ipv6/ip6_vti.c
net/ipv6/ipcomp6.c
net/ipv6/ping.c
net/ipv6/raw.c
net/ipv6/route.c
net/ipv6/syncookies.c
net/ipv6/tcp_ipv6.c
net/ipv6/udp.c
Change-Id: I82455dc7b564fc5d3ad2b784a0eb8f96c6b05d4c
Signed-off-by: Channagoud Kadabi <ckadabi@codeaurora.org>
|
||
|
Syed Rameez Mustafa
|
88040bd2f4 |
sched/hmp: Fix memory leak when task fork fails
The scheduler allocates memory for the task load structures during fork. It then relies to sched_exit() to be called to free that memory. However, if the fork itself fails at any point after the allocation, the memory is left unclaimed forever. Fix this memory leak by freeing the allocated memory under error conditions. Change-Id: I14a8290c9fcc4174ec80560e9f9d7bcdb119761f Signed-off-by: Syed Rameez Mustafa <rameezmustafa@codeaurora.org> |
||
|
Syed Rameez Mustafa
|
60cef216d7 |
sched: Add per CPU load tracking for each task
Keeping a track of the load footprint of each task on every CPU that it executed on gives the scheduler much more flexibility in terms of the number of frequency guidance policies. These new fields will be used in subsequent patches as we alter the load fixup mechanism upon task migration. We still need to maintain the curr/prev_window sums as they will also be required in subsequent patches as we start to track top tasks based on cumulative load. Also, we need to call init_new_task_load() for the idle task. This is an existing harmless bug as load tracking for the idle task is irrelevant. However, in this patch we are adding pointers to the ravg structure. These pointers have to be initialized even for the idle task. Finally move init_new_task_load() to sched_fork(). This was always the more appropriate place, however, following the introduction of new pointers in the ravg struct, this is necessary to avoid races with functions such as reset_all_task_stats(). Change-Id: Ib584372eb539706da4319973314e54dae04e5934 Signed-off-by: Syed Rameez Mustafa <rameezmustafa@codeaurora.org> |
||
|
Dmitry Shmidt
|
cd08287396 |
Merge tag 'v4.9.6' into android-4.9
This is the 4.9.6 stable release Change-Id: I318df4b9d706d50c13fe3969d734117c25fc94bc |
||
|
San Mehat
|
ff8b80819c |
ANDROID: proc: smaps: Allow smaps access for CAP_SYS_RESOURCE
Signed-off-by: San Mehat <san@google.com> |
||
|
Eric W. Biederman
|
694a95fa6d |
mm: Add a user_ns owner to mm_struct and fix ptrace permission checks
commit bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 upstream.
During exec dumpable is cleared if the file that is being executed is
not readable by the user executing the file. A bug in
ptrace_may_access allows reading the file if the executable happens to
enter into a subordinate user namespace (aka clone(CLONE_NEWUSER),
unshare(CLONE_NEWUSER), or setns(fd, CLONE_NEWUSER).
This problem is fixed with only necessary userspace breakage by adding
a user namespace owner to mm_struct, captured at the time of exec, so
it is clear in which user namespace CAP_SYS_PTRACE must be present in
to be able to safely give read permission to the executable.
The function ptrace_may_access is modified to verify that the ptracer
has CAP_SYS_ADMIN in task->mm->user_ns instead of task->cred->user_ns.
This ensures that if the task changes it's cred into a subordinate
user namespace it does not become ptraceable.
The function ptrace_attach is modified to only set PT_PTRACE_CAP when
CAP_SYS_PTRACE is held over task->mm->user_ns. The intent of
PT_PTRACE_CAP is to be a flag to note that whatever permission changes
the task might go through the tracer has sufficient permissions for
it not to be an issue. task->cred->user_ns is always the same
as or descendent of mm->user_ns. Which guarantees that having
CAP_SYS_PTRACE over mm->user_ns is the worst case for the tasks
credentials.
To prevent regressions mm->dumpable and mm->user_ns are not considered
when a task has no mm. As simply failing ptrace_may_attach causes
regressions in privileged applications attempting to read things
such as /proc/<pid>/stat
Acked-by: Kees Cook <keescook@chromium.org>
Tested-by: Cyrill Gorcunov <gorcunov@openvz.org>
Fixes:
|
||
|
Channagoud Kadabi
|
dd5e9ddd9c |
Merge remote-tracking branch 'origin/tmp-bc33b0c' into 4.8
* origin/tmp-bc33b0c:
Linux 4.9-rc4
PCI: designware: Check for iATU unroll support after initializing host
i2c: core: fix NULL pointer dereference under race condition
MIPS: Fix max_low_pfn with disabled highmem
MIPS: Correct MIPS I FP sigcontext layout
MIPS: Fix ISA I/II FP signal context offsets
MIPS: Remove FIR from ISA I FP signal context
MIPS: Fix ISA I FP sigcontext access violation handling
MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue
MIPS: ptrace: Also initialize the FP context on individual FCSR writes
MIPS: dump_tlb: Fix printk continuations
MIPS: Fix __show_regs() output
MIPS: traps: Fix output of show_code
MIPS: traps: Fix output of show_stacktrace
MIPS: traps: Fix output of show_backtrace
MIPS: Fix build of compressed image
MIPS: generic: Fix KASLR for generic kernel.
MIPS: KASLR: Fix handling of NULL FDT
MIPS: Malta: Fixup reboot
MIPS: CPC: Provide default mips_cpc_default_phys_base to ignore CPC
firewire: net: fix fragmented datagram_size off-by-one
firewire: net: guard against rx buffer overflows
sched/core: Remove pointless printout in sched_show_task()
sched/core: Fix oops in sched_show_task()
virtio-gpu: fix vblank events
parisc: Ignore the pkey system calls for now
parisc: Use LINUX_GATEWAY_ADDR define instead of hardcoded value
parisc: Ensure consistent state when switching to kernel stack at syscall entry
parisc: Avoid trashing sr2 and sr3 in LWS code
parisc: use KERN_CONT when printing device inventory
kvm: x86: Check memopp before dereference (CVE-2016-8630)
kvm: nVMX: VMCLEAR an active shadow VMCS after last use
KVM: x86: drop TSC offsetting kvm_x86_ops to fix KVM_GET/SET_CLOCK
nfsd: Fix general protection fault in release_lock_stateid()
svcrdma: backchannel cannot share a page for send and rcv buffers
gpio/mvebu: Use irq_domain_add_linear
fork: Add task stack refcounting sanity check and prevent premature task stack freeing
drm/nouveau/acpi: fix check for power resources support
gpio: of: fix GPIO drivers with multiple gpio_chip for a single node
gpio: GPIO_GET_LINE{HANDLE,EVENT}_IOCTL: Fix file descriptor leak
latent_entropy: Fix wrong gcc code generation with 64 bit variables
gcc-plugins: Export symbols needed by gcc
tpm: remove invalid min length check from tpm_do_selftest()
ovl: fsync after copy-up
ovl: fix get_acl() on tmpfs
ovl: update S_ISGID when setting posix ACLs
virtio_ring: mark vring_dma_dev inline
virtio/vhost: add Jason to list of maintainers
virtio_blk: Delete an unnecessary initialisation in init_vq()
virtio_blk: Use kmalloc_array() in init_vq()
virtio: remove config.c
virtio: console: Unlock vqs while freeing buffers
ringtest: poll for new buffers once before updating event index
ringtest: commonize implementation of poll_avail/poll_used
ringtest: use link-time optimization
virtio: update balloon size in balloon "probe"
virtio_ring: Make interrupt suppression spec compliant
virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices
geneve: avoid using stale geneve socket.
vxlan: avoid using stale vxlan socket.
qede: Fix out-of-bound fastpath memory access
net: phy: dp83848: add dp83822 PHY support
enic: fix rq disable
tipc: fix broadcast link synchronization problem
ibmvnic: Fix missing brackets in init_sub_crq_irqs
ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context
Revert "ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context"
arch/powerpc: Update parameters for csum_tcpudp_magic & csum_tcpudp_nofold
net/mlx4_en: Save slave ethtool stats command
net/mlx4_en: Fix potential deadlock in port statistics flow
net/mlx4: Fix firmware command timeout during interrupt test
net/mlx4_core: Do not access comm channel if it has not yet been initialized
net/mlx4_en: Fix panic during reboot
net/mlx4_en: Process all completions in RX rings after port goes up
net/mlx4_en: Resolve dividing by zero in 32-bit system
net/mlx4_core: Change the default value of enable_qos
net/mlx4_core: Avoid setting ports to auto when only one port type is supported
net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec
rds: debug messages are enabled by default
ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context
net: mv643xx_eth: Fetch the phy connection type from DT
Revert "hv_netvsc: report vmbus name in ethtool"
packet: on direct_xmit, limit tso and csum to supported devices
net_sched actions: use nla_parse_nested()
cxgb4: Fix error handling in alloc_uld_rxqs().
IB/mlx4: avoid a -Wmaybe-uninitialize warning
spi: dspi: clear SPI_SR before enable interrupt
ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit()
bpf: fix samples to add fake KBUILD_MODNAME
inet: Fix missing return value in inet6_hash
net/mlx5: Avoid passing dma address 0 to firmware
net/mlx5: PCI error recovery health care simulation
net/mlx5: Fix race between PCI error handlers and health work
net/mlx5: Clear health sick bit when starting health poll
net/mlx5: Change the acl enable prototype to return status
net/mlx5e: Unregister netdev before detaching it
net/mlx5e: Choose best nearest LRO timeout
net/mlx5: Correctly initialize last use of flow counters
net/mlx5: Fix autogroups groups num not decreasing
net/mlx5: Keep autogroups list ordered
net/mlx5: Always Query HCA caps after setting them
{net, ib}/mlx5: Make cache line size determination at runtime.
sctp: validate chunk len before actually using it
md: be careful not lot leak internal curr_resync value into metadata. -- (all)
raid1: handle read error also in readonly mode
raid5-cache: correct condition for empty metadata write
sunrpc: fix some missing rq_rbuffer assignments
mlxsw: spectrum_router: Compare only trees which are in use during tree get
mlxsw: spectrum_router: Save requested prefix bitlist when creating tree
regulator: core: silence warning: "VDD1: ramp_delay not set"
regmap: Rename ret variable in regmap_read_poll_timeout
drm/i915: Fix SKL+ 90/270 degree rotated plane coordinate computation
drm/i915: Remove two invalid warns
drm/i915: Rotated view does not need a fence
drm/i915/fbc: fix CFB size calculation for gen8+
drm: i915: Wait for fences on new fb, not old
drm/i915: Clean up DDI DDC/AUX CH sanitation
drm/i915: Respect alternate_aux_channel for all DDI ports
drm/i915/gen9: fix watermarks when using the pipe scaler
drm/i915: Fix mismatched INIT power domain disabling during suspend
drm/i915: fix a read size argument
drm/i915: Use fence_write() from rpm resume
drm/i915/gen9: fix DDB partitioning for multi-screen cases
drm/i915: workaround sparse warning on variable length arrays
drm/i915: keep declarations in i915_drv.h
KVM: x86: fix wbinvd_dirty_mask use-after-free
mtd: mtk: avoid warning in mtk_ecc_encode
mtd: nand: Fix data interface configuration logic
mtd: nand: gpmi: disable the clocks on errors
i40e: fix call of ndo_dflt_bridge_getlink()
net sched filters: fix notification of filter delete with proper handle
i40e: disable MSI-X interrupts if we cannot reserve enough vectors
i40e: Fix configure TCs after initial DCB disable
ixgbe: fix panic when using macvlan with l2-fwd-offload enabled
net: bgmac: fix spelling mistake: "connecton" -> "connection"
flow_dissector: fix vlan tag handling
net: ipv6: Do not consider link state for nexthop validation
net: ipv6: Fix processing of RAs in presence of VRF
kalmia: avoid potential uninitialized variable use
MAINTAINERS: add more people to the MTD maintainer team
macsec: Fix header length if SCI is added if explicitly disabled
MAINTAINERS: add a maintainer for the SPI NOR subsystem
at803x: double check SGMII side autoneg
Revert "at803x: fix suspend/resume for SGMII link"
kvm/x86: Show WRMSR data is in hex
drm/amd/powerplay: fix bug get wrong evv voltage of Polaris.
drm/amdgpu/si_dpm: workaround for SI kickers
sparc64: Handle extremely large kernel TLB range flushes more gracefully.
kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
KVM: document lock orders
mmc: sdhci-msm: Fix error return code in sdhci_msm_probe()
MAINTAINERS: Update qlogic networking drivers
netvsc: fix incorrect receive checksum offloading
scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded
udp: fix IP_CHECKSUM handling
sctp: fix the panic caused by route update
doc: update docbook annotations for socket and skb
rocker: fix error return code in rocker_world_check_init()
sunrpc: don't pass on-stack memory to sg_set_buf
vfio/pci: Fix integer overflows, bitmask check
PCI: qcom: Fix pp->dev usage before assignment
drm/radeon/si_dpm: workaround for SI kickers
drm/amdgpu: fix s3 resume back, uvd dpm randomly can't disable.
sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call code.
sparc64: Fix instruction count in comment for __hypervisor_flush_tlb_pending.
drm/dp/mst: Check peer device type before attempting EDID read
drm/dp/mst: Clear port->pdt when tearing down the i2c adapter
drm/fb-helper: Keep references for the current set of used connectors
drm: Don't force all planes to be added to the state due to zpos
drm/fb-helper: Fix connector ref leak on error
KVM: fix OOPS on flush_work
KVM: s390: Fix STHYI buffer alignment for diag224
KVM: MIPS: Precalculate MMIO load resume PC
KVM: MIPS: Make ERET handle ERL before EXL
KVM: MIPS: Fix lazy user ASID regenerate for SMP
spi: fsl-espi: avoid processing uninitalized data on error
drm/fb-helper: Don't call dirty callback for untouched clips
drm: Release reference from blob lookup after replacing property
mac80211: fix some sphinx warnings
cfg80211: process events caused by suspend before suspending
sparc64: Handle extremely large kernel TSB range flushes sanely.
sparc: Handle negative offsets in arch_jump_label_transform
sparc64: Fix illegal relative branches in hypervisor patched TLB code.
drm/radeon: drop register readback in cayman_cp_int_cntl_setup
drm/amdgpu/vce3: only enable 3 rings on new enough firmware (v2)
mmc: dw_mmc-pltfm: fix the potential NULL pointer dereference
sparc64: Delete now unused user copy fixup functions.
sparc64: Delete now unused user copy assembler helpers.
sparc64: Convert U3copy_{from,to}_user to accurate exception reporting.
sparc64: Convert NG2copy_{from,to}_user to accurate exception reporting.
sparc64: Convert NGcopy_{from,to}_user to accurate exception reporting.
sparc64: Convert NG4copy_{from,to}_user to accurate exception reporting.
scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices
Input: psmouse - cleanup Focaltech code
md: report 'write_pending' state when array in sync
md/raid5: write an empty meta-block when creating log super-block
md/raid5: initialize next_checkpoint field before use
RAID10: ignore discard error
RAID1: ignore discard error
drm/amdgpu: fix fence slab teardown
drm/amdgpu: update kernel-doc for some functions
drm/amdgpu: fix a vm_flush fence leak
drm/amdgpu: fix sched fence slab teardown
Revert "drm/radeon: fix DP link training issue with second 4K monitor"
drm/amdgpu/dpm: flush any thermal work on fini
drm/amdgpu: cancel reset work on fini
nfsd: move blocked lock handling under a dedicated spinlock
sparc64: Convert U1copy_{from,to}_user to accurate exception reporting.
sparc64: Convert GENcopy_{from,to}_user to accurate exception reporting.
sparc64: Convert copy_in_user to accurate exception reporting.
sparc64: Prepare to move to more saner user copy exception handling.
sparc64: Delete __ret_efault.
sparc32: Fix old style declaration GCC warnings
sparc64: Fix old style declaration GCC warnings
sparc64: Setup a scheduling domain for highest level cache.
spi: mark device nodes only in case of successful instantiation
btrfs: fix WARNING in btrfs_select_ref_head()
Btrfs: remove some no-op casts
btrfs: pass correct args to btrfs_async_run_delayed_refs()
btrfs: make file clone aware of fatal signals
btrfs: qgroup: Prevent qgroup->reserved from going subzero
net: sctp, forbid negative length
net: fec: Call swap_buffer() prior to IP header alignment
ipv6: do not increment mac header when it's unset
bnx2x: Use the correct divisor value for PHC clock readings.
qede: Fix incorrrect usage of APIs for un-mapping DMA memory
qed: Zero-out the buffer paased to dcbx_query() API
qede: Reconfigure rss indirection direction table when rss count is updated
qed*: Reduce the memory footprint for Rx path
qede: Loopback implementation should ignore the normal traffic
qede: Do not allow RSS config for 100G devices
qede: get_channels() need to populate max tx/rx coalesce values
ipv4: use the right lock for ping_group_range
net: dsa: bcm_sf2: Do not rely on kexec_in_progress
Revert "kexec: Export kexec_in_progress to modules"
netns: revert "netns: avoid disabling irq for netns id"
ipv6: fix a potential deadlock in do_ipv6_setsockopt()
drm/amd/powerplay: don't give up if DPM is already running
drm/amd/powerplay: fix static checker warning in process_pptables_v1_0.c
drm/amdgpu: avoid drm error log during S3 on RHEL7.3
drm/amdgpu: explicitly set pg_flags for ST
drm/amdgpu/st: move ATC CG golden init from gfx to mc
drm/amd/amdgpu: expose max engine and memory clock for powerplay enabled case
drm/amdgpu: move atom scratch register save/restore to common code
drm/amdgpu: drop atom scratch save/restore in gpu reset
drm/radeon/si_dpm: Limit clocks on HD86xx part
drm/amdgpu/powerplay/smu7: fix static checker warning
batman-adv: fix splat on disabling an interface
kexec: Export kexec_in_progress to modules
ipv4: disable BH in set_ping_group_range()
udp: must lock the socket in udp_disconnect()
net: dsa: bcm_sf2: Prevent GPHY shutdown for kexec'd kernels
bpf, test: fix ld_abs + vlan push/pop stress test
net: add recursion limit to GRO
ipv6: properly prevent temp_prefered_lft sysctl race
netfilter: fix nf_queue handling
netfilter: conntrack: restart gc immediately if GC_MAX_EVICTS is reached
stmmac: display the descriptors if DES0 = 0
net/ncsi: Improve HNCDSC AEN handler
net/ncsi: Choose hot channel as active one if necessary
net/ncsi: Fix stale link state of inactive channels on failover
net/ncsi: Avoid if statements in ncsi_suspend_channel()
net/sched: act_mirred: Use passed lastuse argument
mlxsw: pci: Fix reset wait for SwitchX2
mlxsw: switchx2: Fix ethernet port initialization
mlxsw: spectrum_router: Make mlxsw_sp_router_fib4_del return void and remove warn
mlxsw: spectrum_router: Use correct tree index for binding
drm/imx: ipuv3-plane: disable local alpha for planes without alpha channel
drm/imx: ipuv3-plane: make sure x/y offsets are even in case of chroma subsampling
Bluetooth: btwilink: Fix probe return value
stmmac: fix and review the ptp registration.
Input: i8042 - add XMG C504 to keyboard reset table
Bluetooth: Fix append max 11 bytes of name to scan rsp data
netfilter: x_tables: suppress kmemcheck warning
tcp: do not export sysctl_tcp_low_latency
rtnetlink: Add rtnexthop offload flag to compare mask
switchdev: Execute bridge ndos only for bridge ports
net: core: Correctly iterate over lower adjacency list
flow_dissector: Check skb for VLAN only if skb specified.
ARM: wire up new pkey syscalls
ARM: fix oops when using older ARMv4T CPUs
qed: Use list_move_tail instead of list_del/list_add_tail
rocker: fix maybe-uninitialized warning
net/hyperv: avoid uninitialized variable
net: bcm63xx: avoid referencing uninitialized variable
soreuseport: do not export reuseport_add_sock()
ibmvnic: Update MTU after device initialization
ibmvnic: Fix GFP_KERNEL allocation in interrupt context
ibmvnic: Driver Version 1.0.1
bridge: multicast: restore perm router ports on multicast enable
netfilter: nf_tables: avoid uninitialized variable warning
tcp: Remove unused but set variable
cxgb4: Fix number of queue sets corssing the limit
ipv4: Remove unused but set variable
dwc_eth_qos: enable flow control by default
dwc_eth_qos: do not clear pause flags from phy_device->supported
net/hsr: Remove unused but set variable
bnx2: fix locking when netconsole is used
drm/imx: ipuv3-plane: Access old u/vbo properly in ->atomic_check for YU12/YV12
drm/imx: drm_dev_alloc() returns error pointers
drm/imx: ipuv3-plane: Skip setting u/vbo only when we don't need modeset
drm/imx: ipuv3-plane: Switch EBA buffer only when we don't need modeset
net: dsa: bcm_sf2: Fix module autoload for OF registration
net: dsa: b53: Fix module autoload
net: hisilicon: Fix hns_mdio module autoload for OF registration
net: qcom/emac: Fix module autoload for OF registration
net: hns: Fix hns_dsaf module autoload for OF registration
net: ethernet: nb8800: Fix module autoload
net: nps_enet: Fix module autoload
netfilter: nft_range: validate operation netlink attribute
netfilter: nft_exthdr: fix error handling in nft_exthdr_init()
netfilter: nf_tables: underflow in nft_parse_u32_check()
netfilter: nft_hash: add missing NFTA_HASH_OFFSET's nla_policy
netfilter: xt_ipcomp: add "ip[6]t_ipcomp" module alias name
netfilter: xt_NFLOG: fix unexpected truncated packet
netfilter: conntrack: remove obsolete sysctl (nf_conntrack_events_retry_timeout)
netfilter: nft_dynset: fix element timeout for HZ != 1000
netfilter: xt_hashlimit: Add missing ULL suffixes for 64-bit constants
cxgb4: fix memory leak of qe on error exit path
net: pktgen: remove rcu locking in pktgen_change_name()
net: Require exact match for TCP socket lookups if dif is l3mdev
mac80211: move struct aead_req off the stack
[media] radio-bcm2048: don't ignore errors
batman-adv: Add BATADV_DBG_TP_METER to BATADV_DBG_ALL
batman-adv: Modify neigh_list only with rcu-list functions
Btrfs: kill BUG_ON in do_relocation
gpu: ipu-v3: Use ERR_CAST instead of ERR_PTR(PTR_ERR())
drm/imx: hide an unused label
vmxnet3: avoid assumption about invalid dma_pa in vmxnet3_set_mc()
stmmac: fix an error code in stmmac_ptp_register()
net: qcom/emac: disable interrupts before calling phy_disconnect
r8169: set coherent DMA mask as well as streaming DMA mask
net: asix: Avoid looping when the device does not respond
ethtool: silence warning on bit loss
[media] pctv452e: fix semicolon.cocci warnings
[media] flexcop-usb: don't use stack for DMA
[media] stk-webcam: don't use stack for DMA
[media] s2255drv: don't use stack for DMA
[media] cpia2_usb: don't use stack for DMA
[media] digitv: handle error code on RC query
[media] dw2102: return error if su3000_power_ctrl() fails
[media] nova-t-usb2: handle error code on RC query
[media] technisat-usb2: use DMA buffers for I2C transfers
[media] pctv452e: don't call BUG_ON() on non-fatal error
[media] pctv452e: don't do DMA on stack
[media] nova-t-usb2: don't do DMA on stack
[media] gp8psk: don't go past the buffer size
[media] gp8psk: don't do DMA on stack
[media] dtv5100: don't do DMA on stack
[media] dtt200u: handle USB control message errors
[media] dtt200u: don't do DMA on stack
[media] dtt200u-fe: handle errors on USB control messages
[media] dtt200u-fe: don't do DMA on stack
[media] dtt200u-fe: don't keep waiting for lock at set_frontend()
[media] digitv: don't do DMA on stack
[media] dibusb: handle error code on RC query
[media] dibusb: don't do DMA on stack
[media] dib0700_core: don't use stack on I2C reads
[media] dib0700: be sure that dib0700_ctrl_rd() users can do DMA
[media] cxusb: don't do DMA on stack
[media] cinergyT2-fe: don't do DMA on stack
[media] cinergyT2-fe: cache stats at cinergyt2_fe_read_status()
[media] cinergyT2-core: handle error code on RC query
[media] cinergyT2-core: don't do DMA on stack
[media] af9005: don't do DMA on stack
net/mlx4_en: fixup xdp tx irq to match rx
qed: Additional work toward cleaning C=1
qed*: Fix Kconfig dependencies with INFINIBAND_QEDR
qed: Fix static checker warning.
IPv6: fix DESYNC_FACTOR
IPv6: Drop the temporary address regen_timer
IB/ipoib: move back IB LL address into the hard header
Documentation/networking: update git urls to use https over http
net: wan: slic_ds26522: Allow driver to built if COMPILE_TEST is enabled
net: wan: slic_ds26522: Export OF module alias information
net: wan: slic_ds26522: add SPI device ID table to fix module autoload
ipv6: correctly add local routes when lo goes up
ip6_tunnel: fix ip6_tnl_lookup
afs: call->operation_ID sometimes used as __be32 sometimes as u32
regmap: include <linux/delay.h> from include/linux/regmap.h
ath6kl: add Dell OEM SDIO I/O for the Venue 8 Pro
Revert "ath9k_hw: implement temperature compensation support for AR9003+"
ath10k: cache calibration data when the core is stopped
rtlwifi: Fix regression caused by commit
|
||
|
Andy Lutomirski
|
405c075971 |
fork: Add task stack refcounting sanity check and prevent premature task stack freeing
If something goes wrong with task stack refcounting and a stack refcount hits zero too early, warn and leak it rather than potentially freeing it early (and silently). Signed-off-by: Andy Lutomirski <luto@kernel.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Link: http://lkml.kernel.org/r/f29119c783a9680a4b4656e751b6123917ace94b.1477926663.git.luto@kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
San Mehat
|
a4dd61e87e |
proc: smaps: Allow smaps access for CAP_SYS_RESOURCE
Signed-off-by: San Mehat <san@google.com> |
||
|
Linus Torvalds
|
9ffc66941d |
Merge tag 'gcc-plugins-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull gcc plugins update from Kees Cook: "This adds a new gcc plugin named "latent_entropy". It is designed to extract as much possible uncertainty from a running system at boot time as possible, hoping to capitalize on any possible variation in CPU operation (due to runtime data differences, hardware differences, SMP ordering, thermal timing variation, cache behavior, etc). At the very least, this plugin is a much more comprehensive example for how to manipulate kernel code using the gcc plugin internals" * tag 'gcc-plugins-v4.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: latent_entropy: Mark functions with __latent_entropy gcc-plugins: Add latent_entropy plugin |
||
|
Emese Revfy
|
0766f788eb |
latent_entropy: Mark functions with __latent_entropy
The __latent_entropy gcc attribute can be used only on functions and variables. If it is on a function then the plugin will instrument it for gathering control-flow entropy. If the attribute is on a variable then the plugin will initialize it with random contents. The variable must be an integer, an integer array type or a structure with integer fields. These specific functions have been selected because they are init functions (to help gather boot-time entropy), are called at unpredictable times, or they have variable loops, each of which provide some level of latent entropy. Signed-off-by: Emese Revfy <re.emese@gmail.com> [kees: expanded commit message] Signed-off-by: Kees Cook <keescook@chromium.org> |
||
|
Emese Revfy
|
38addce8b6 |
gcc-plugins: Add latent_entropy plugin
This adds a new gcc plugin named "latent_entropy". It is designed to extract as much possible uncertainty from a running system at boot time as possible, hoping to capitalize on any possible variation in CPU operation (due to runtime data differences, hardware differences, SMP ordering, thermal timing variation, cache behavior, etc). At the very least, this plugin is a much more comprehensive example for how to manipulate kernel code using the gcc plugin internals. The need for very-early boot entropy tends to be very architecture or system design specific, so this plugin is more suited for those sorts of special cases. The existing kernel RNG already attempts to extract entropy from reliable runtime variation, but this plugin takes the idea to a logical extreme by permuting a global variable based on any variation in code execution (e.g. a different value (and permutation function) is used to permute the global based on loop count, case statement, if/then/else branching, etc). To do this, the plugin starts by inserting a local variable in every marked function. The plugin then adds logic so that the value of this variable is modified by randomly chosen operations (add, xor and rol) and random values (gcc generates separate static values for each location at compile time and also injects the stack pointer at runtime). The resulting value depends on the control flow path (e.g., loops and branches taken). Before the function returns, the plugin mixes this local variable into the latent_entropy global variable. The value of this global variable is added to the kernel entropy pool in do_one_initcall() and _do_fork(), though it does not credit any bytes of entropy to the pool; the contents of the global are just used to mix the pool. Additionally, the plugin can pre-initialize arrays with build-time random contents, so that two different kernel builds running on identical hardware will not have the same starting values. Signed-off-by: Emese Revfy <re.emese@gmail.com> [kees: expanded commit message and code comments] Signed-off-by: Kees Cook <keescook@chromium.org> |
||
|
Aaron Lu
|
6fcb52a56f |
thp: reduce usage of huge zero page's atomic counter
The global zero page is used to satisfy an anonymous read fault. If
THP(Transparent HugePage) is enabled then the global huge zero page is
used. The global huge zero page uses an atomic counter for reference
counting and is allocated/freed dynamically according to its counter
value.
CPU time spent on that counter will greatly increase if there are a lot
of processes doing anonymous read faults. This patch proposes a way to
reduce the access to the global counter so that the CPU load can be
reduced accordingly.
To do this, a new flag of the mm_struct is introduced:
MMF_USED_HUGE_ZERO_PAGE. With this flag, the process only need to touch
the global counter in two cases:
1 The first time it uses the global huge zero page;
2 The time when mm_user of its mm_struct reaches zero.
Note that right now, the huge zero page is eligible to be freed as soon
as its last use goes away. With this patch, the page will not be
eligible to be freed until the exit of the last process from which it
was ever used.
And with the use of mm_user, the kthread is not eligible to use huge
zero page either. Since no kthread is using huge zero page today, there
is no difference after applying this patch. But if that is not desired,
I can change it to when mm_count reaches zero.
Case used for test on Haswell EP:
usemem -n 72 --readonly -j 0x200000 100G
Which spawns 72 processes and each will mmap 100G anonymous space and
then do read only access to that space sequentially with a step of 2MB.
CPU cycles from perf report for base commit:
54.03% usemem [kernel.kallsyms] [k] get_huge_zero_page
CPU cycles from perf report for this commit:
0.11% usemem [kernel.kallsyms] [k] mm_get_huge_zero_page
Performance(throughput) of the workload for base commit: 1784430792
Performance(throughput) of the workload for this commit: 4726928591
164% increase.
Runtime of the workload for base commit: 707592 us
Runtime of the workload for this commit: 303970 us
50% drop.
Link: http://lkml.kernel.org/r/fe51a88f-446a-4622-1363-ad1282d71385@intel.com
Signed-off-by: Aaron Lu <aaron.lu@intel.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Huang Ying <ying.huang@intel.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Jerome Marchand <jmarchan@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Ebru Akagunduz <ebru.akagunduz@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Michal Hocko
|
862e3073b3 |
mm, oom: get rid of signal_struct::oom_victims
After "oom: keep mm of the killed task available" we can safely detect an oom victim by checking task->signal->oom_mm so we do not need the signal_struct counter anymore so let's get rid of it. This alone wouldn't be sufficient for nommu archs because exit_oom_victim doesn't hide the process from the oom killer anymore. We can, however, mark the mm with a MMF flag in __mmput. We can reuse MMF_OOM_REAPED and rename it to a more generic MMF_OOM_SKIP. Link: http://lkml.kernel.org/r/1472119394-11342-6-git-send-email-mhocko@kernel.org Signed-off-by: Michal Hocko <mhocko@suse.com> Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Cc: Oleg Nesterov <oleg@redhat.com> Cc: David Rientjes <rientjes@google.com> Cc: Vladimir Davydov <vdavydov@parallels.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Michal Hocko
|
7283094ec3 |
kernel, oom: fix potential pgd_lock deadlock from __mmdrop
Lockdep complains that __mmdrop is not safe from the softirq context:
=================================
[ INFO: inconsistent lock state ]
4.6.0-oomfortification2-00011-geeb3eadeab96-dirty #949 Tainted: G W
---------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
swapper/1/0 [HC0[0]:SC1[1]:HE1:SE0] takes:
(pgd_lock){+.?...}, at: pgd_free+0x19/0x6b
{SOFTIRQ-ON-W} state was registered at:
__lock_acquire+0xa06/0x196e
lock_acquire+0x139/0x1e1
_raw_spin_lock+0x32/0x41
__change_page_attr_set_clr+0x2a5/0xacd
change_page_attr_set_clr+0x16f/0x32c
set_memory_nx+0x37/0x3a
free_init_pages+0x9e/0xc7
alternative_instructions+0xa2/0xb3
check_bugs+0xe/0x2d
start_kernel+0x3ce/0x3ea
x86_64_start_reservations+0x2a/0x2c
x86_64_start_kernel+0x17a/0x18d
irq event stamp: 105916
hardirqs last enabled at (105916): free_hot_cold_page+0x37e/0x390
hardirqs last disabled at (105915): free_hot_cold_page+0x2c1/0x390
softirqs last enabled at (105878): _local_bh_enable+0x42/0x44
softirqs last disabled at (105879): irq_exit+0x6f/0xd1
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(pgd_lock);
<Interrupt>
lock(pgd_lock);
*** DEADLOCK ***
1 lock held by swapper/1/0:
#0: (rcu_callback){......}, at: rcu_process_callbacks+0x390/0x800
stack backtrace:
CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 4.6.0-oomfortification2-00011-geeb3eadeab96-dirty #949
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
Call Trace:
<IRQ>
print_usage_bug.part.25+0x259/0x268
mark_lock+0x381/0x567
__lock_acquire+0x993/0x196e
lock_acquire+0x139/0x1e1
_raw_spin_lock+0x32/0x41
pgd_free+0x19/0x6b
__mmdrop+0x25/0xb9
__put_task_struct+0x103/0x11e
delayed_put_task_struct+0x157/0x15e
rcu_process_callbacks+0x660/0x800
__do_softirq+0x1ec/0x4d5
irq_exit+0x6f/0xd1
smp_apic_timer_interrupt+0x42/0x4d
apic_timer_interrupt+0x8e/0xa0
<EOI>
arch_cpu_idle+0xf/0x11
default_idle_call+0x32/0x34
cpu_startup_entry+0x20c/0x399
start_secondary+0xfe/0x101
More over commit
|
||
|
Michal Hocko
|
26db62f179 |
oom: keep mm of the killed task available
oom_reap_task has to call exit_oom_victim in order to make sure that the
oom vicim will not block the oom killer for ever. This is, however,
opening new problems (e.g oom_killer_disable exclusion - see commit
|
||
|
Linus Torvalds
|
14986a34e1 |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull namespace updates from Eric Biederman:
"This set of changes is a number of smaller things that have been
overlooked in other development cycles focused on more fundamental
change. The devpts changes are small things that were a distraction
until we managed to kill off DEVPTS_MULTPLE_INSTANCES. There is an
trivial regression fix to autofs for the unprivileged mount changes
that went in last cycle. A pair of ioctls has been added by Andrey
Vagin making it is possible to discover the relationships between
namespaces when referring to them through file descriptors.
The big user visible change is starting to add simple resource limits
to catch programs that misbehave. With namespaces in general and user
namespaces in particular allowing users to use more kinds of
resources, it has become important to have something to limit errant
programs. Because the purpose of these limits is to catch errant
programs the code needs to be inexpensive to use as it always on, and
the default limits need to be high enough that well behaved programs
on well behaved systems don't encounter them.
To this end, after some review I have implemented per user per user
namespace limits, and use them to limit the number of namespaces. The
limits being per user mean that one user can not exhause the limits of
another user. The limits being per user namespace allow contexts where
the limit is 0 and security conscious folks can remove from their
threat anlysis the code used to manage namespaces (as they have
historically done as it root only). At the same time the limits being
per user namespace allow other parts of the system to use namespaces.
Namespaces are increasingly being used in application sand boxing
scenarios so an all or nothing disable for the entire system for the
security conscious folks makes increasing use of these sandboxes
impossible.
There is also added a limit on the maximum number of mounts present in
a single mount namespace. It is nontrivial to guess what a reasonable
system wide limit on the number of mount structure in the kernel would
be, especially as it various based on how a system is using
containers. A limit on the number of mounts in a mount namespace
however is much easier to understand and set. In most cases in
practice only about 1000 mounts are used. Given that some autofs
scenarious have the potential to be 30,000 to 50,000 mounts I have set
the default limit for the number of mounts at 100,000 which is well
above every known set of users but low enough that the mount hash
tables don't degrade unreaonsably.
These limits are a start. I expect this estabilishes a pattern that
other limits for resources that namespaces use will follow. There has
been interest in making inotify event limits per user per user
namespace as well as interest expressed in making details about what
is going on in the kernel more visible"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (28 commits)
autofs: Fix automounts by using current_real_cred()->uid
mnt: Add a per mount namespace limit on the number of mounts
netns: move {inc,dec}_net_namespaces into #ifdef
nsfs: Simplify __ns_get_path
tools/testing: add a test to check nsfs ioctl-s
nsfs: add ioctl to get a parent namespace
nsfs: add ioctl to get an owning user namespace for ns file descriptor
kernel: add a helper to get an owning user namespace for a namespace
devpts: Change the owner of /dev/pts/ptmx to the mounter of /dev/pts
devpts: Remove sync_filesystems
devpts: Make devpts_kill_sb safe if fsi is NULL
devpts: Simplify devpts_mount by using mount_nodev
devpts: Move the creation of /dev/pts/ptmx into fill_super
devpts: Move parse_mount_options into fill_super
userns: When the per user per user namespace limit is reached return ENOSPC
userns; Document per user per user namespace limits.
mntns: Add a limit on the number of mount namespaces.
netns: Add a limit on the number of net namespaces
cgroupns: Add a limit on the number of cgroup namespaces
ipcns: Add a limit on the number of ipc namespaces
...
|
||
|
Andy Lutomirski
|
ac496bf48d |
fork: Optimize task creation by caching two thread stacks per CPU if CONFIG_VMAP_STACK=y
vmalloc() is a bit slow, and pounding vmalloc()/vfree() will eventually force a global TLB flush. To reduce pressure on them, if CONFIG_VMAP_STACK=y, cache two thread stacks per CPU. This will let us quickly allocate a hopefully cache-hot, TLB-hot stack under heavy forking workloads (shell script style). On my silly pthread_create() benchmark, it saves about 2 µs per pthread_create()+join() with CONFIG_VMAP_STACK=y. Signed-off-by: Andy Lutomirski <luto@kernel.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jann Horn <jann@thejh.net> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Link: http://lkml.kernel.org/r/94811d8e3994b2e962f88866290017d498eb069c.1474003868.git.luto@kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Andy Lutomirski
|
68f24b08ee |
sched/core: Free the stack early if CONFIG_THREAD_INFO_IN_TASK
We currently keep every task's stack around until the task_struct itself is freed. This means that we keep the stack allocation alive for longer than necessary and that, under load, we free stacks in big batches whenever RCU drops the last task reference. Neither of these is good for reuse of cache-hot memory, and freeing in batches prevents us from usefully caching small numbers of vmalloced stacks. On architectures that have thread_info on the stack, we can't easily change this, but on architectures that set THREAD_INFO_IN_TASK, we can free it as soon as the task is dead. Signed-off-by: Andy Lutomirski <luto@kernel.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jann Horn <jann@thejh.net> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Link: http://lkml.kernel.org/r/08ca06cde00ebed0046c5d26cbbf3fbb7ef5b812.1474003868.git.luto@kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Ingo Molnar
|
d4b80afbba |
Merge branch 'linus' into x86/asm, to pick up recent fixes
Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Linus Torvalds
|
b9677faf45 |
Merge branch 'akpm' (patches from Andrew)
Merge fixes from Andrew Morton: "14 fixes" * emailed patches from Andrew Morton <akpm@linux-foundation.org>: rapidio/tsi721: fix incorrect detection of address translation condition rapidio/documentation/mport_cdev: add missing parameter description kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd MAINTAINERS: Vladimir has moved mm, mempolicy: task->mempolicy must be NULL before dropping final reference printk/nmi: avoid direct printk()-s from __printk_nmi_flush() treewide: remove references to the now unnecessary DEFINE_PCI_DEVICE_TABLE drivers/scsi/wd719x.c: remove last declaration using DEFINE_PCI_DEVICE_TABLE mm, vmscan: only allocate and reclaim from zones with pages managed by the buddy allocator lib/test_hash.c: fix warning in preprocessor symbol evaluation lib/test_hash.c: fix warning in two-dimensional array init kconfig: tinyconfig: provide whole choice blocks to avoid warnings kexec: fix double-free when failing to relocate the purgatory mm, oom: prevent premature OOM killer invocation for high order request |
||
|
Michal Hocko
|
735f2770a7 |
kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd
Commit |
||
|
Linus Torvalds
|
511a8cdb65 |
Merge branch 'stable-4.8' of git://git.infradead.org/users/pcmoore/audit
Pull audit fixes from Paul Moore: "Two small patches to fix some bugs with the audit-by-executable functionality we introduced back in v4.3 (both patches are marked for the stable folks)" * 'stable-4.8' of git://git.infradead.org/users/pcmoore/audit: audit: fix exe_file access in audit_exe_compare mm: introduce get_task_exe_file |
||
|
Mateusz Guzik
|
cd81a9170e |
mm: introduce get_task_exe_file
For more convenient access if one has a pointer to the task. As a minor nit take advantage of the fact that only task lock + rcu are needed to safely grab ->exe_file. This saves mm refcount dance. Use the helper in proc_exe_link. Signed-off-by: Mateusz Guzik <mguzik@redhat.com> Acked-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Acked-by: Richard Guy Briggs <rgb@redhat.com> Cc: <stable@vger.kernel.org> # 4.3.x Signed-off-by: Paul Moore <paul@paul-moore.com> |
||
|
Andy Lutomirski
|
ba14a194a4 |
fork: Add generic vmalloced stack support
If CONFIG_VMAP_STACK=y is selected, kernel stacks are allocated with __vmalloc_node_range(). Grsecurity has had a similar feature (called GRKERNSEC_KSTACKOVERFLOW=y) for a long time. Signed-off-by: Andy Lutomirski <luto@kernel.org> Acked-by: Michal Hocko <mhocko@suse.com> Cc: Alexander Potapenko <glider@google.com> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Link: http://lkml.kernel.org/r/14c07d4fd173a5b117f51e8b939f9f4323e39899.1470907718.git.luto@kernel.org [ Minor edits. ] Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Balbir Singh
|
568ac88821 |
cgroup: reduce read locked section of cgroup_threadgroup_rwsem during fork
cgroup_threadgroup_rwsem is acquired in read mode during process exit and fork. It is also grabbed in write mode during __cgroups_proc_write(). I've recently run into a scenario with lots of memory pressure and OOM and I am beginning to see systemd __switch_to+0x1f8/0x350 __schedule+0x30c/0x990 schedule+0x48/0xc0 percpu_down_write+0x114/0x170 __cgroup_procs_write.isra.12+0xb8/0x3c0 cgroup_file_write+0x74/0x1a0 kernfs_fop_write+0x188/0x200 __vfs_write+0x6c/0xe0 vfs_write+0xc0/0x230 SyS_write+0x6c/0x110 system_call+0x38/0xb4 This thread is waiting on the reader of cgroup_threadgroup_rwsem to exit. The reader itself is under memory pressure and has gone into reclaim after fork. There are times the reader also ends up waiting on oom_lock as well. __switch_to+0x1f8/0x350 __schedule+0x30c/0x990 schedule+0x48/0xc0 jbd2_log_wait_commit+0xd4/0x180 ext4_evict_inode+0x88/0x5c0 evict+0xf8/0x2a0 dispose_list+0x50/0x80 prune_icache_sb+0x6c/0x90 super_cache_scan+0x190/0x210 shrink_slab.part.15+0x22c/0x4c0 shrink_zone+0x288/0x3c0 do_try_to_free_pages+0x1dc/0x590 try_to_free_pages+0xdc/0x260 __alloc_pages_nodemask+0x72c/0xc90 alloc_pages_current+0xb4/0x1a0 page_table_alloc+0xc0/0x170 __pte_alloc+0x58/0x1f0 copy_page_range+0x4ec/0x950 copy_process.isra.5+0x15a0/0x1870 _do_fork+0xa8/0x4b0 ppc_clone+0x8/0xc In the meanwhile, all processes exiting/forking are blocked almost stalling the system. This patch moves the threadgroup_change_begin from before cgroup_fork() to just before cgroup_canfork(). There is no nee to worry about threadgroup changes till the task is actually added to the threadgroup. This avoids having to call reclaim with cgroup_threadgroup_rwsem held. tj: Subject and description edits. Signed-off-by: Balbir Singh <bsingharora@gmail.com> Acked-by: Zefan Li <lizefan@huawei.com> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: stable@vger.kernel.org # v4.2+ Signed-off-by: Tejun Heo <tj@kernel.org> |
||
|
Eric W. Biederman
|
25f9c0817c |
userns: Generalize the user namespace count into ucount
The same kind of recursive sane default limit and policy countrol that has been implemented for the user namespace is desirable for the other namespaces, so generalize the user namespace refernce count into a ucount. Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
|
Eric W. Biederman
|
f6b2db1a3e |
userns: Make the count of user namespaces per user
Add a structure that is per user and per user ns and use it to hold the count of user namespaces. This makes prevents one user from creating denying service to another user by creating the maximum number of user namespaces. Rename the sysctl export of the maximum count from /proc/sys/userns/max_user_namespaces to /proc/sys/user/max_user_namespaces to reflect that the count is now per user. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
|
Eric W. Biederman
|
b376c3e1b6 |
userns: Add a limit on the number of user namespaces
Export the export the maximum number of user namespaces as /proc/sys/userns/max_user_namespaces. Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
|
Andy Lutomirski
|
efdc949079 |
mm: fix memcg stack accounting for sub-page stacks
We should account for stacks regardless of stack size, and we need to
account in sub-page units if THREAD_SIZE < PAGE_SIZE. Change the units
to kilobytes and Move it into account_kernel_stack().
Fixes:
|
||
|
Andy Lutomirski
|
d30dd8be06 |
mm: track NR_KERNEL_STACK in KiB instead of number of stacks
Currently, NR_KERNEL_STACK tracks the number of kernel stacks in a zone. This only makes sense if each kernel stack exists entirely in one zone, and allowing vmapped stacks could break this assumption. Since frv has THREAD_SIZE < PAGE_SIZE, we need to track kernel stack allocations in a unit that divides both THREAD_SIZE and PAGE_SIZE on all architectures. Keep it simple and use KiB. Link: http://lkml.kernel.org/r/083c71e642c5fa5f1b6898902e1b2db7b48940d4.1468523549.git.luto@kernel.org Signed-off-by: Andy Lutomirski <luto@kernel.org> Cc: Vladimir Davydov <vdavydov@virtuozzo.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@kernel.org> Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> Reviewed-by: Vladimir Davydov <vdavydov@virtuozzo.com> Acked-by: Michal Hocko <mhocko@suse.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Vladimir Davydov
|
4949148ad4 |
mm: charge/uncharge kmemcg from generic page allocator paths
Currently, to charge a non-slab allocation to kmemcg one has to use alloc_kmem_pages helper with __GFP_ACCOUNT flag. A page allocated with this helper should finally be freed using free_kmem_pages, otherwise it won't be uncharged. This API suits its current users fine, but it turns out to be impossible to use along with page reference counting, i.e. when an allocation is supposed to be freed with put_page, as it is the case with pipe or unix socket buffers. To overcome this limitation, this patch moves charging/uncharging to generic page allocator paths, i.e. to __alloc_pages_nodemask and free_pages_prepare, and zaps alloc/free_kmem_pages helpers. This way, one can use any of the available page allocation functions to get the allocated page charged to kmemcg - it's enough to pass __GFP_ACCOUNT, just like in case of kmalloc and friends. A charged page will be automatically uncharged on free. To make it possible, we need to mark pages charged to kmemcg somehow. To avoid introducing a new page flag, we make use of page->_mapcount for marking such pages. Since pages charged to kmemcg are not supposed to be mapped to userspace, it should work just fine. There are other (ab)users of page->_mapcount - buddy and balloon pages - but we don't conflict with them. In case kmemcg is compiled out or not used at runtime, this patch introduces no overhead to generic page allocator paths. If kmemcg is used, it will be plus one gfp flags check on alloc and plus one page->_mapcount check on free, which shouldn't hurt performance, because the data accessed are hot. Link: http://lkml.kernel.org/r/a9736d856f895bcb465d9f257b54efe32eda6f99.1464079538.git.vdavydov@virtuozzo.com Signed-off-by: Vladimir Davydov <vdavydov@virtuozzo.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: Minchan Kim <minchan@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Michael Ellerman
|
9521d39976 |
Fix build break in fork.c when THREAD_SIZE < PAGE_SIZE
Commit |
||
|
Linus Torvalds
|
b235beea9e |
Clarify naming of thread info/stack allocators
We've had the thread info allocated together with the thread stack for most architectures for a long time (since the thread_info was split off from the task struct), but that is about to change. But the patches that move the thread info to be off-stack (and a part of the task struct instead) made it clear how confused the allocator and freeing functions are. Because the common case was that we share an allocation with the thread stack and the thread_info, the two pointers were identical. That identity then meant that we would have things like ti = alloc_thread_info_node(tsk, node); ... tsk->stack = ti; which certainly _worked_ (since stack and thread_info have the same value), but is rather confusing: why are we assigning a thread_info to the stack? And if we move the thread_info away, the "confusing" code just gets to be entirely bogus. So remove all this confusion, and make it clear that we are doing the stack allocation by renaming and clarifying the function names to be about the stack. The fact that the thread_info then shares the allocation is an implementation detail, and not really about the allocation itself. This is a pure renaming and type fix: we pass in the same pointer, it's just that we clarify what the pointer means. The ia64 code that actually only has one single allocation (for all of task_struct, thread_info and kernel thread stack) now looks a bit odd, but since "tsk->stack" is actually not even used there, that oddity doesn't matter. It would be a separate thing to clean that up, I intentionally left the ia64 changes as a pure brute-force renaming and type change. Acked-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |