62b159444e
Linux 4.4.196
NFC: fix attrs checks in netlink interface
* smack: use GFP_NOFS while holding inode_smack::smk_lock
security/smack/smack_access.c
security/smack/smack_lsm.c
* Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
security/smack/smack_lsm.c
sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
net/rds: Fix error handling in rds_ib_add_one()
xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
sch_dsmark: fix potential NULL deref in dsmark_init()
nfc: fix memory leak in llcp_sock_bind()
net: qlogic: Fix memory leak in ql_alloc_large_buffers
* net: ipv4: avoid mixed n_redirects and rate_tokens usage
net/ipv4/route.c
* ipv6: drop incoming packets having a v4mapped source address
net/ipv6/ip6_input.c
hso: fix NULL-deref on tty open
* ANDROID: binder: synchronize_rcu() when using POLLFREE.
drivers/android/binder.c
* ANDROID: binder: remove waitqueue when thread exits.
drivers/android/binder.c
* kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
lib/Kconfig.debug
ocfs2: wait for recovering done after direct unlock request
hypfs: Fix error number left in struct pointer member
* fat: work around race with userspace's read via blockdev while mounting
fs/fat/dir.c
fs/fat/fatent.c
* security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()
security/smack/smack_lsm.c
* HID: apple: Fix stuck function keys when using FN
drivers/hid/hid-apple.c
ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes
mfd: intel-lpss: Remove D3cold delay
* scsi: core: Reduce memory required for SCSI logging
drivers/scsi/scsi_logging.c
include/scsi/scsi_dbg.h
powerpc/pseries: correctly track irq state in default idle
powerpc/64s/exception: machine check use correct cfar for late handler
vfio_pci: Restore original state on release
pinctrl: tegra: Fix write barrier placement in pmx_writel
powerpc/pseries/mobility: use cond_resched when updating device tree
powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function
powerpc/rtas: use device model APIs and serialization during LPM
clk: sirf: Don't reference clk_init_data after registration
clk: qoriq: Fix -Wunused-const-variable
ipmi_si: Only schedule continuously in the thread in maintenance mode
gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property()
video: ssd1307fb: Start page range at page_offset
Linux 4.4.195
Btrfs: fix race setting up and completing qgroup rescan workers
btrfs: Relinquish CPUs in btrfs_compare_trees
Btrfs: fix use-after-free when using the tree modification log
* ovl: filter of trusted xattr results in audit
fs/overlayfs/inode.c
CIFS: Fix oplock handling for SMB 2.1+ protocols
i2c: riic: Clear NACK in tend isr
* hwrng: core - don't wait on add_early_randomness()
drivers/char/hw_random/core.c
* quota: fix wrong condition in is_quota_modification()
include/linux/quotaops.h
* ext4: fix punch hole for inline_data file systems
fs/ext4/inode.c
* /dev/mem: Bail out upon SIGKILL.
drivers/char/mem.c
* cfg80211: Purge frame registrations on iftype change
net/wireless/util.c
md/raid6: Set R5_ReadError when there is read failure on parity disk
* alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
kernel/time/alarmtimer.c
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
ASoC: Intel: Fix use of potentially uninitialized variable
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
KVM: x86: Manually calculate reserved bits when loading PDPTRS
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: always stop emulation on page fault
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
* fuse: fix missing unlock_page in fuse_writepage()
fs/fuse/file.c
* printk: Do not lose last line in kmsg buffer dump
kernel/printk/printk.c
ALSA: firewire-tascam: check intermediate state of clock status and retry
ALSA: firewire-tascam: handle error code when getting current source of clock
media: omap3isp: Set device on omap3isp subdevs
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
libertas: Add missing sentinel at end of if_usb.c fw_table
mmc: sdhci: Fix incorrect switch to HS mode
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
* kprobes: Prohibit probing on BUG() and WARN() address
include/linux/bug.h
dmaengine: ti: edma: Do not reset reserved paRAM slots
md/raid1: fail run raid1 array when active disk less than one
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
ACPI: custom_method: fix memory leaks
libtraceevent: Change users plugin directory
ACPI / CPPC: do not require the _PSD method
media: ov9650: add a sanity check
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
media: cpia2_usb: fix memory leaks
media: saa7146: add cleanup in hexium_attach()
media: hdpvr: add terminating 0 at end of string
media: radio/si470x: kill urb on error
net: lpc-enet: fix printk format strings
media: omap3isp: Don't set streaming state on random subdevs
dmaengine: iop-adma: use correct printk format strings
media: gspca: zero usb_buf on error
efi: cper: print AER info of PCIe fatal error
* md: don't set In_sync if array is frozen
drivers/md/md.c
* md: don't call spare_active in md_reap_sync_thread if all member devices can't work
drivers/md/md.c
ia64:unwind: fix double free for mod->arch.init_unw_table
* ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
sound/usb/pcm.c
* base: soc: Export soc_device_register/unregister APIs
drivers/base/soc.c
media: iguanair: add sanity checks
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
ALSA: hda - Show the fatal CORB/RIRB error more clearly
x86/apic: Soft disable APIC before initializing it
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
* sched/core: Fix CPU controller for !RT_GROUP_SCHED
kernel/sched/core.c
* sched/fair: Fix imbalance due to CPU affinity
kernel/sched/fair.c
media: hdpvr: Add device num check and handling
media: dib0700: fix link error for dibx000_i2c_set_speed
leds: leds-lp5562 allow firmware files up to the maximum length
dmaengine: bcm2835: Print error in case setting DMA mask fails
ASoC: sgtl5000: Fix charge pump source assignment
ALSA: hda: Flush interrupts on disabling
nfc: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
mISDN: enforce CAP_NET_RAW for raw sockets
* usbnet: sanity checking of packet sizes and device mtu
drivers/net/usb/usbnet.c
* usbnet: ignore endpoints with invalid wMaxPacketSize
drivers/net/usb/usbnet.c
skge: fix checksum byte order
sch_netem: fix a divide by zero in tabledist()
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
net/phy: fix DP83865 10 Mbps HDX loopback disable function
* cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
drivers/net/usb/cdc_ncm.c
arcnet: provide a buffer big enough to actually receive packets
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
drm: Flush output polling on shutdown
f2fs: fix to do sanity check on segment bitmap of LFS curseg
Revert "f2fs: avoid out-of-range memory access"
f2fs: check all the data segments against all node ones
* irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
drivers/irqchip/irq-gic-v3-its.c
locking/lockdep: Add debug_locks check in __lock_downgrade()
mac80211: handle deauthentication/disassociation from TDLS peer
mac80211: Print text for disassociation reason
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
net: rds: Fix NULL ptr use in rds_tcp_kill_sock
crypto: talitos - fix missing break in switch statement
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
* HID: hidraw: Fix invalid read in hidraw_ioctl
drivers/hid/hidraw.c
* HID: logitech: Fix general protection fault caused by Logitech driver
drivers/hid/hid-lg.c
drivers/hid/hid-lg4ff.c
* HID: lg: make transfer buffers DMA capable
drivers/hid/hid-lg.c
HID: prodikeys: Fix general protection fault during probe
* Revert "Bluetooth: validate BLE connection interval updates"
net/bluetooth/hci_event.c
net/bluetooth/l2cap_core.c
Linux 4.4.194
* net_sched: let qdisc_put() accept NULL pointer
net/sched/sch_generic.c
ARC: export "abort" for modules
media: technisat-usb2: break out of loop at end of buffer
floppy: fix usercopy direction
* keys: Fix missing null pointer check in request_key_auth_describe()
security/keys/request_key_auth.c
dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
net: seeq: Fix the function used to release some memory in an error handling path
tools/power turbostat: fix buffer overrun
sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
cifs: Use kzfree() to zero out the password
cifs: set domainName when a domain-key is used in multiuser
NFSv2: Fix write regression
NFSv2: Fix eof handling
* netfilter: nf_conntrack_ftp: Fix debug output
net/netfilter/nf_conntrack_ftp.c
x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
* r8152: Set memory to all 0xFFs on failed reg reads
drivers/net/usb/r8152.c
ARM: 8874/1: mm: only adjust sections of valid mm structures
* Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105
drivers/atm/Kconfig
NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
NFSv4: Fix return values for nfs4_file_open()
s390/bpf: use 32-bit index for tail calls
ARM: OMAP2+: Fix omap4 errata warning on other SoCs
s390/bpf: fix lcgr instruction encoding
mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
tty/serial: atmel: reschedule TX after RX was started
serial: sprd: correct the wrong sequence of arguments
KVM: coalesced_mmio: add bounds checking
xen-netfront: do not assume sk_buff_head list is empty in error handling
x86/boot: Add missing bootparam that breaks boot on some platforms
media: tm6000: double free if usb disconnect while streaming
* USB: usbcore: Fix slab-out-of-bounds bug during device reset
drivers/usb/core/config.c
ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning
crypto: talitos - check data blocksize in ablkcipher.
crypto: talitos - check AES key size
* driver core: Fix use-after-free and double free on glue directory
drivers/base/core.c
clk: rockchip: Don't yell about bad mmc phases when getting
MIPS: VDSO: Use same -m%-float cflag as the kernel proper
MIPS: VDSO: Prevent use of smp_processor_id()
KVM: nVMX: handle page fault in vmread
KVM: x86: work around leak of uninitialized stack contents
KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
* genirq: Prevent NULL pointer dereference in resend_irqs()
kernel/irq/resend.c
Btrfs: fix assertion failure during fsync and use of stale transaction
Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
* tun: fix use-after-free when register netdev failed
drivers/net/tun.c
tipc: add NULL pointer check before calling kfree_rcu
* tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
net/ipv4/tcp_input.c
sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
* net: Fix null de-reference of device refcount
net/core/dev.c
isdn/capi: check message length in capi_write()
* ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
net/ipv6/ping.c
* cdc_ether: fix rndis support for Mediatek based smartphones
drivers/net/usb/cdc_ether.c
* bridge/mdb: remove wrong use of NLM_F_MULTI
net/bridge/br_mdb.c
Linux 4.4.193
vhost: make sure log_num < in_num
* af_packet: tone down the Tx-ring unsupported spew.
net/packet/af_packet.c
x86, boot: Remove multiple copy of static function sanitize_boot_params()
clk: s2mps11: Add used attribute to s2mps11_dt_match
scripts/decode_stacktrace: match basepath using shell prefix operator, not regex
vhost/test: fix build for vhost test
* xfrm: clean up xfrm protocol checks
include/net/xfrm.h
net/key/af_key.c
net/xfrm/xfrm_state.c
net/xfrm/xfrm_user.c
ALSA: hda/realtek - Fix overridden device-specific initialization
ALSA: hda - Fix potential endless loop at applying quirks
Linux 4.4.192
net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
net: fix skb use after free in netpoll
Revert "x86/apic: Include the LDR when clearing out APIC registers"
spi: bcm2835aux: fix corruptions for longer spi transfers
spi: bcm2835aux: remove dangerous uncontrolled read of fifo
spi: bcm2835aux: unifying code between polling and interrupt driven code
spi: bcm2835aux: ensure interrupts are enabled for shared handler
libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
KVM: arm/arm64: Only skip MMIO insn once
ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
IB/mlx4: Fix memory leaks
Tools: hv: kvp: eliminate 'may be used uninitialized' warning
ravb: Fix use-after-free ravb_tstamp_skb
wimax/i2400m: fix a memory leak bug
net: kalmia: fix memory leaks
cx82310_eth: fix a memory leak bug
net: myri10ge: fix memory leaks
cxgb4: fix a memory leak bug
* gpio: Fix build error of function redefinition
include/linux/gpio.h
ibmveth: Convert multicast list size for little-endian system
Bluetooth: btqca: Add a short delay before downloading the NVM
net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context
Linux 4.4.191
x86/ptrace: fix up botched merge of spectrev1 fix
mac80211: fix possible sta leak
* Revert "cfg80211: fix processing world regdomain when non modular"
net/wireless/reg.c
VMCI: Release resource if the work is already queued
stm class: Fix a double free of stm_source_device
mmc: core: Fix init of SD cards reporting an invalid VDD range
mmc: sdhci-of-at91: add quirk for broken HS200
uprobes/x86: Fix detection of 32-bit user mode
ptrace,x86: Make user_64bit_mode() available to 32-bit builds
USB: storage: ums-realtek: Whitelist auto-delink support
USB: storage: ums-realtek: Update module parameter description for auto_delink_en
usb: host: ohci: fix a race condition between shutdown and irq
USB: cdc-wdm: fix race between write and disconnect due to flag abuse
* usb-storage: Add new JMS567 revision to unusual_devs
drivers/usb/storage/unusual_devs.h
x86/apic: Include the LDR when clearing out APIC registers
x86/apic: Do not initialize LDR and DFR for bigsmp
KVM: x86: Don't update RIP or do single-step on faulting emulation
ALSA: seq: Fix potential concurrent access to the deleted pool
* tcp: make sure EPOLLOUT wont be missed
net/core/stream.c
* ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
sound/usb/mixer.c
* ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
sound/usb/mixer.c
* tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
include/net/tcp.h
watchdog: bcm2835_wdt: Fix module autoload
tools: hv: fix KVP and VSS daemons exit code
usb: host: fotg2: restart hcd after port reset
* usb: gadget: composite: Clear "suspended" on reset/disconnect
drivers/usb/gadget/composite.c
dmaengine: ste_dma40: fix unneeded variable warning
* scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm()
drivers/scsi/ufs/ufshcd.c
x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
x86/pm: Introduce quirk framework to save/restore extra MSR registers around suspend/resume
Revert "perf test 6: Fix missing kvm module load for s390"
* netfilter: conntrack: Use consistent ct id hash calculation
net/netfilter/nf_conntrack_core.c
* netfilter: ctnetlink: don't use conntrack/expect object addresses as id
include/net/netfilter/nf_conntrack.h
net/netfilter/nf_conntrack_core.c
net/netfilter/nf_conntrack_netlink.c
* inet: switch IP ID generator to siphash
include/linux/siphash.h
include/net/netns/ipv4.h
net/ipv4/route.c
net/ipv6/output_core.c
* siphash: implement HalfSipHash1-3 for hash tables
include/linux/siphash.h
lib/siphash.c
* siphash: add cryptographically secure PRF
include/linux/siphash.h
lib/Kconfig.debug
lib/Makefile
lib/siphash.c
vhost: scsi: add weight support
vhost_net: fix possible infinite loop
vhost: introduce vhost_exceeds_weight()
vhost_net: introduce vhost_exceeds_weight()
vhost_net: use packet weight for rx handler, too
vhost-net: set packet weight of tx polling to 2 * vq size
net: arc_emac: fix koops caused by sk_buff free
GFS2: don't set rgrp gl_object until it's inserted into rgrp tree
* cgroup: Disable IRQs while holding css_set_lock
kernel/cgroup.c
* dm table: fix invalid memory accesses with too high sector number
drivers/md/dm-table.c
dm space map metadata: fix missing store of apply_bops() return value
dm btree: fix order of block initialization in btree_split_beneath
x86/boot: Fix boot regression caused by bootparam sanitizing
x86/boot: Save fields explicitly, zero out everything else
x86/apic: Handle missing global clockevent gracefully
x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
* Revert "dm bufio: fix deadlock with loop device"
drivers/md/dm-bufio.c
* HID: wacom: correct misreported EKR ring values
drivers/hid/wacom_wac.c
selftests: kvm: Adding config fragments
libata: add SG safety checks in SFF pio transfers
net: hisilicon: Fix dma_map_single failed on arm64
net: hisilicon: fix hip04-xmit never return TX_BUSY
net: hisilicon: make hip04_tx_reclaim non-reentrant
net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
can: peak_usb: force the string buffer NULL-terminated
can: sja1000: force the string buffer NULL-terminated
perf bench numa: Fix cpu0 binding
isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain()
net: usb: qmi_wwan: Add the BroadMobi BM818 card
ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
st_nci_hci_connectivity_event_received: null check the allocation
st21nfca_connectivity_event_received: null check the allocation
can: dev: call netif_carrier_off() in register_candev()
* bonding: Force slave speed check after link state recovery for 802.3ad
drivers/net/bonding/bond_main.c
* netfilter: ebtables: fix a memory leak bug in compat
net/bridge/netfilter/ebtables.c
MIPS: kernel: only use i8253 clocksource with periodic clockevent
* HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
drivers/hid/hid-tmff.c
Linux 4.4.190
* bonding: Add vlan tx offload to hw_enc_features
drivers/net/bonding/bond_main.c
sctp: fix the transport error_count check
net/mlx5e: Only support tx/rx pause setting for port owner
xen/netback: Reset nr_frags before freeing skb
* net/packet: fix race in tpacket_snd()
net/packet/af_packet.c
x86/boot: Disable the address-of-packed-member compiler warning
iommu/amd: Move iommu_init_pci() to .init section
x86/vdso: Remove direct HPET access through the vDSO
IB/mlx5: Make coding style more consistent
RDMA: Directly cast the sockaddr union to sockaddr
scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
* asm-generic: default BUG_ON(x) to if(x)BUG()
include/asm-generic/bug.h
Input: psmouse - fix build error of multiple definition
* arm64: compat: Allow single-byte watchpoints on all addresses
arch/arm64/kernel/hw_breakpoint.c
* include/linux/module.h: copy __init/__exit attrs to init/cleanup_module
include/linux/module.h
* Backport minimal compiler_attributes.h to support GCC 9
include/linux/compiler.h
USB: serial: option: Add Motorola modem UARTs
USB: serial: option: add the BroadMobi BM818 card
USB: serial: option: Add support for ZTE MF871A
USB: serial: option: add D-Link DWM-222 device ID
usb: cdc-acm: make sure a refcount is taken early enough
* USB: core: Fix races in character device registration and deregistraion
drivers/usb/core/file.c
staging: comedi: dt3000: Fix rounding up of timer divisor
staging: comedi: dt3000: Fix signed integer overflow 'divider * base'
* asm-generic: fix -Wtype-limits compiler warnings
include/asm-generic/getorder.h
ocfs2: remove set but not used variable 'last_hash'
IB/core: Add mitigation for Spectre V1
* kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules
scripts/Makefile.modpost
ata: libahci: do not complain in case of deferred probe
scsi: hpsa: correct scsi command status issue after reset
libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
perf header: Fix use of unitialized value warning
perf header: Fix divide by zero error if f_header.attr_size==0
irqchip/irq-imx-gpcv2: Forward irq type to parent
xen/pciback: remove set but not used variable 'old_state'
net: usb: pegasus: fix improper read if get_registers() fail
Input: iforce - add sanity checks
Input: kbtab - sanity check for endpoint type
HID: hiddev: do cleanup in failure of opening a device
HID: hiddev: avoid opening a disconnected device
HID: holtek: test for sanity of intfdata
ALSA: hda - Fix a memory leak bug
mm/memcontrol.c: fix use after free in mem_cgroup_iter()
* USB: gadget: f_midi: fixing a possible double-free in f_midi
drivers/usb/gadget/function/f_midi.c
drivers/usb/gadget/u_f.h
* usb: gadget: f_midi: fail if set_alt fails to allocate requests
drivers/usb/gadget/function/f_midi.c
sh: kernel: hw_breakpoint: Fix missing break in switch statement
scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA
mwifiex: fix 802.11n/WPA detection
smb3: send CAP_DFS capability during session setup
SMB3: Fix deadlock in validate negotiate hits reconnect
mac80211: don't WARN on short WMM parameters from AP
ALSA: firewire: fix a memory leak bug
hwmon: (nct7802) Fix wrong detection of in4 presence
can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
* perf/core: Fix creating kernel counters for PMUs that override event->cpu
kernel/events/core.c
* tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
drivers/tty/tty_ldsem.c
scsi: ibmvfc: fix WARN_ON during event pool release
scsi: megaraid_sas: fix panic on loading firmware crashdump
ARM: davinci: fix sleep.S build error on ARMv4
perf probe: Avoid calling freeing routine multiple times for same pointer
* ALSA: compress: Be more restrictive about when a drain is allowed
sound/core/compress_offload.c
* ALSA: compress: Prevent bypasses of set_params
sound/core/compress_offload.c
* ALSA: compress: Fix regression on compressed capture streams
include/sound/compress_driver.h
sound/core/compress_offload.c
s390/qdio: add sanity checks to the fast-requeue path
cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
mac80211: don't warn about CW params when not using them
* iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
drivers/firmware/Kconfig
* netfilter: nfnetlink: avoid deadlock due to synchronous request_module
net/netfilter/nfnetlink.c
can: peak_usb: fix potential double kfree_skb()
usb: yurex: Fix use-after-free in yurex_delete
perf db-export: Fix thread__exec_comm()
* mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
mm/vmalloc.c
x86/mm: Sync also unmappings in vmalloc_sync_all()
x86/mm: Check for pfn instead of page in vmalloc_sync_one()
* sound: fix a memory leak bug
sound/sound_core.c
usb: iowarrior: fix deadlock on disconnect
Linux 4.4.189
x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
x86/entry/64: Use JMP instead of JMPQ
x86/speculation: Enable Spectre v1 swapgs mitigations
x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
x86/entry/64: Fix context tracking state warning when load_gs_index fails
x86: cpufeatures: Sort feature word 7
spi: bcm2835: Fix 3-wire mode if DMA is enabled
* block: blk_init_allocated_queue() set q->fq as NULL in the fail case
block/blk-core.c
* compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
drivers/net/ppp/pppoe.c
drivers/net/ppp/pppox.c
fs/compat_ioctl.c
include/linux/if_pppox.h
net/l2tp/l2tp_ppp.c
bnx2x: Disable multi-cos feature.
net/mlx5: Use reversed order when unregister devices
net: sched: Fix a possible null-pointer dereference in dequeue_func()
tipc: compat: allow tipc commands without arguments
* net: fix ifindex collision during namespace removal
net/core/dev.c
net: bridge: delete local fdb on device init failure
atm: iphase: Fix Spectre v1 vulnerability
* tcp: be more careful in tcp_fragment()
include/net/tcp.h
net/ipv4/tcp_output.c
* HID: Add quirk for HP X1200 PIXART OEM mouse
drivers/hid/hid-ids.h
drivers/hid/usbhid/hid-quirks.c
netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter
* arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
arch/arm64/include/asm/cpufeature.h
arch/arm64/kernel/cpufeature.c
* arm64: cpufeature: Fix CTR_EL0 field definitions
arch/arm64/kernel/cpufeature.c
Linux 4.4.188
xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
s390/dasd: fix endless loop after read unit address configuration
* selinux: fix memory leak in policydb_init()
security/selinux/ss/policydb.c
x86/kvm: Don't call kvm_spurious_fault() from .fixup
ipc/mqueue.c: only perform resource calculation if user valid
uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers
coda: fix build using bare-metal toolchain
coda: add error handling for fget
* mm/cma.c: fail if fixed declaration can't be honored
mm/cma.c
x86: math-emu: Hide clang warnings for 16-bit overflow
x86/apic: Silence -Wtype-limits compiler warnings
be2net: Signal that the device cannot transmit during reconfiguration
* ACPI: fix false-positive -Wuninitialized warning
include/linux/acpi.h
scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
ceph: fix improper use of smp_mb__before_atomic()
btrfs: fix minimum number of chunk errors for DUP
fs/adfs: super: fix use-after-free bug
dmaengine: rcar-dmac: Reject zero-length slave DMA requests
MIPS: lantiq: Fix bitfield masking
* kernel/module.c: Only return -EEXIST for modules that have finished loading
kernel/module.c
ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
ARM: riscpc: fix DMA
Linux 4.4.187
ceph: hold i_ceph_lock when removing caps for freeing inode
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
* sched/fair: Don't free p->numa_faults with concurrent readers
fs/exec.c
include/linux/sched.h
kernel/fork.c
kernel/sched/fair.c
Bluetooth: hci_uart: check for missing tty operations
media: radio-raremono: change devm_k*alloc to k*alloc
media: cpia2_usb: first wake up, then free in disconnect
ISDN: hfcsusb: checking idx of ep configuration
* tcp: reset sk_send_head in tcp_write_queue_purge
include/net/tcp.h
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
* mm, vmstat: make quiet_vmstat lighter
mm/vmstat.c
* vmstat: Remove BUG_ON from vmstat_update
mm/vmstat.c
* access: avoid the RCU grace period for the temporary subjective credentials
fs/open.c
include/linux/cred.h
kernel/cred.c
powerpc/tm: Fix oops on sigreturn on systems without TM
ALSA: hda - Add a conexant codec entry to let mute led work
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
hpet: Fix division by zero in hpet_time_div()
x86/speculation/mds: Apply more accurate check on hypervisor platform
x86/sysfb_efi: Add quirks for some devices with swapped width and height
* usb: pci-quirks: Correct AMD PLL quirk detection
drivers/usb/host/pci-quirks.c
usb: wusbcore: fix unbalanced get/put cluster_id
locking/lockdep: Hide unused 'class' variable
locking/lockdep: Fix lock used or unused stats error
mm/mmu_notifier: use hlist_add_head_rcu()
9p: pass the correct prototype to read_cache_page
mm/kmemleak.c: fix check for softirq context
sh: prevent warnings when using iounmap
powerpc/eeh: Handle hugepages in ioremap space
mailbox: handle failed named mailbox channel request
f2fs: avoid out-of-range memory access
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
* kallsyms: exclude kasan local symbols on s390
scripts/kallsyms.c
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
um: Silence lockdep complaint about mmap_sem
mfd: arizona: Fix undefined behavior
* mfd: core: Set fwnode for created devices
drivers/mfd/mfd-core.c
recordmcount: Fix spurious mcount entries on powerpc
iio: iio-utils: Fix possible incorrect mask calculation
* PCI: sysfs: Ignore lockdep for remove attribute
drivers/pci/pci-sysfs.c
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
* usb: gadget: Zero ffs_io_data
drivers/usb/gadget/function/f_fs.c
phy: renesas: rcar-gen2: Fix memory leak at error paths
drm/virtio: Add memory barriers for capset cache.
* tty: serial: msm_serial: avoid system lockup condition
drivers/tty/serial/msm_serial.c
tty/serial: digicolor: Fix digicolor-usart already registered warning
memstick: Fix error cleanup path of memstick_init
tty: serial: cpm_uart - fix init when SMC is relocated
pinctrl: rockchip: fix leaked of_node references
tty: max310x: Fix invalid baudrate divisors calculator
* usb: core: hub: Disable hub-initiated U1/U2
drivers/usb/core/hub.c
drm/panel: simple: Fix panel_simple_dsi_probe
nfsd: Fix overflow causing non-working mounts on 1 TB machines
nfsd: fix performance-limiting session calculation
nfsd: give out fewer session slots as limit approaches
nfsd: increase DRC cache limit
NFSv4: Fix open create exclusive when the server reboots
* elevator: fix truncation of icq_cache_name
include/linux/elevator.h
* net: bridge: stp: don't cache eth dest pointer before skb pull
net/bridge/br_stp_bpdu.c
* net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net/bridge/br_multicast.c
* net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
net/bridge/br_multicast.c
* bonding: validate ip header before check IPPROTO_IGMP
drivers/net/bonding/bond_main.c
* tcp: Reset bytes_acked and bytes_received when disconnecting
net/ipv4/tcp.c
netrom: hold sock when setting skb->destructor
netrom: fix a memory leak in nr_rx_frame()
sky2: Disable MSI on ASUS P6T
nfc: fix potential illegal memory access
* net: neigh: fix multiple neigh timer scheduling
net/core/neighbour.c
net: bcmgenet: use promisc for unsupported filters
* ipv4: don't set IPv6 only flags to IPv4 addresses
net/ipv4/devinet.c
caif-hsi: fix possible deadlock in cfhsi_exit_module()
bnx2x: Prevent load reordering in tx completion processing
* dm bufio: fix deadlock with loop device
drivers/md/dm-bufio.c
* usb: Handle USB3 remote wakeup for LPM enabled devices correctly
drivers/usb/core/hub.c
* Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
net/bluetooth/smp.c
intel_th: msu: Fix single mode with disabled IOMMU
eCryptfs: fix a couple type promotion bugs
powerpc/watchpoint: Restore NV GPRs while returning from exception
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
coda: pass the host file in vma->vm_file on mmap
floppy: fix out-of-bounds read in copy_buffer
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in next_valid_format
floppy: fix div-by-zero in setup_format_params
* take floppy compat ioctls to sodding floppy.c
block/compat_ioctl.c
* PCI: Do not poll for PME if the device is in D3cold
drivers/pci/pci.c
9p/virtio: Add cleanup path in p9_virtio_init
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
drm/nouveau/i2c: Enable i2c pads & busses during preinit
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
media: coda: Remove unbalanced and unneeded mutex unlock
* media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
drivers/media/v4l2-core/v4l2-ctrls.c
ALSA: seq: Break too long mutex context in the write loop
* lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
lib/scatterlist.c
NFSv4: Handle the special Linux file open access mode
* tracing/snapshot: Resize spare buffer if size changed
kernel/trace/trace.c
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
Input: gtco - bounds check collection indent level
* crypto: arm64/sha2-ce - correct digest for empty data in finup
arch/arm64/crypto/sha2-ce-glue.c
* crypto: arm64/sha1-ce - correct digest for empty data in finup
arch/arm64/crypto/sha1-ce-glue.c
* crypto: ghash - fix unaligned memory access in ghash_setkey()
crypto/ghash-generic.c
* Bluetooth: validate BLE connection interval updates
net/bluetooth/hci_event.c
net/bluetooth/l2cap_core.c
* Bluetooth: Check state in l2cap_disconnect_rsp
net/bluetooth/l2cap_core.c
Bluetooth: 6lowpan: search for destination address in all peers
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
* EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
drivers/edac/edac_mc_sysfs.c
drivers/edac/edac_module.h
ixgbe: Check DDM existence in transceiver before access
* rslib: Fix handling of of caller provided syndrome
lib/reed_solomon/decode_rs.c
* rslib: Fix decoding of shortened codes
lib/reed_solomon/decode_rs.c
ath10k: fix PCIE device wake up failed
mt7601u: fix possible memory leak when the device is disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: do not schedule rx_tasklet when the device has been disconnected
media: coda: increment sequence offset for the last returned frame
media: coda: fix mpeg2 sequence number handling
* acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
arch/arm64/kernel/acpi.c
* timer_list: Guard procfs specific code
kernel/time/timer_list.c
* ntp: Limit TAI-UTC offset
kernel/time/ntp.c
* media: i2c: fix warning same module names
drivers/media/i2c/Makefile
* EDAC/sysfs: Fix memory leak when creating a csrow object
drivers/edac/edac_mc_sysfs.c
vhost_net: disable zerocopy by default
perf evsel: Make perf_evsel__name() accept a NULL argument
* xfrm: fix sa selector validation
net/xfrm/xfrm_user.c
* rcu: Force inlining of rcu_read_lock()
include/linux/rcupdate.h
* bpf: silence warning messages in core
kernel/bpf/Makefile
* regmap: fix bulk writes on paged registers
drivers/base/regmap/regmap.c
gpio: omap: ensure irq is enabled before wakeup
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
perf test 6: Fix missing kvm module load for s390
s390/qdio: handle PENDING state for QEBSM devices
net: axienet: Fix race condition causing TX hang
net: fec: Do not use netdev messages too early
cpupower : frequency-set -r option misses the last cpu in related cpu list
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
locking/lockdep: Fix merging of hlocks with non-zero references
tua6100: Avoid build warnings.
* net: phy: Check against net_device being NULL
drivers/net/phy/phy_device.c
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
* xfrm: Fix xfrm sel prefix length validation
net/xfrm/xfrm_user.c
* af_key: fix leaks in key_pol_get_resp and dump_sp.
net/key/af_key.c
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
net: stmmac: dwmac1000: Clear unused address entries
media: vpss: fix a potential NULL pointer dereference
media: marvell-ccic: fix DMA s/g desc number calculation
crypto: talitos - fix skcipher failure due to wrong output IV
media: dvb: usb: fix use after free in dvb_usb_device_exit
batman-adv: fix for leaked TVLV handler.
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
ath6kl: add some bounds checking
ath9k: Check for errors when reading SREV register
ath10k: Do not send probe response template for mesh
dmaengine: imx-sdma: fix use-after-free on probe error path
MIPS: fix build on non-linux hosts
MIPS: ath79: fix ar933x uart parity mode
Linux 4.4.186
KVM: x86: protect KVM_CREATE_PIT/KVM_CREATE_PIT2 with kvm->lock
s390/qdio: don't touch the dsci in tiqdio_add_input_queues()
s390/qdio: (re-)initialize tiqdio list entries
s390: fix stfle zero padding
ARC: hide unused function unw_hdr_alloc
kvm: x86: avoid warning on repeated KVM_SET_TSS_ADDR
dm verity: use message limit for data block corruption message
sis900: fix TX completion
* ppp: mppe: Add softdep to arc4
drivers/net/ppp/ppp_mppe.c
be2net: fix link failure after ethtool offline test
ARM: omap2: remove incorrect __init annotation
* perf/core: Fix perf_sample_regs_user() mm check
kernel/events/core.c
e1000e: start network tx queue only when link is up
MIPS: Remove superfluous check for __linux__
VMCI: Fix integer overflow in VMCI handle arrays
carl9170: fix misuse of device driver API
staging: comedi: amplc_pci230: fix null pointer deref on interrupt
staging: comedi: dt282x: fix a null pointer deref on interrupt
usb: renesas_usbhs: add a workaround for a race condition of workqueue
* usb: gadget: ether: Fix race between gether_disconnect and rx_submit
drivers/usb/gadget/function/u_ether.c
USB: serial: option: add support for GosunCn ME3630 RNDIS mode
USB: serial: ftdi_sio: add ID for isodebug v1
mwifiex: Don't abort on small, spec-compliant vendor IEs
* fscrypt: don't set policy for a dead directory
fs/ext4/crypto_policy.c
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
mwifiex: Abort at too short BSS descriptor element
x86/tls: Fix possible spectre-v1 in do_get_thread_area()
x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()
udf: Fix incorrect final NOT_ALLOCATED (hole) extent length
bnx2x: Check if transceiver implements DDM before access
* md: fix for divide error in status_resync
drivers/md/md.c
ARM: davinci: da8xx: specify dma_coherent_mask for lcdc
ARM: davinci: da850-evm: call regulator_has_full_constraints()
Input: imx_keypad - make sure keyboard can always wake up system
* can: mcp251x: add support for mcp25625
drivers/net/can/spi/Kconfig
dt-bindings: can: mcp251x: add mcp25625 support
mwifiex: Fix possible buffer overflows at parsing bss descriptor
mac80211: mesh: fix RCU warning
samples, bpf: fix to change the buffer size for read()
Input: elantech - enable middle button support on 2 ThinkPads
Linux 4.4.185
dmaengine: imx-sdma: remove BD_INTR for channel0
KVM: x86: degrade WARN to pr_warn_ratelimited
* arm64, vdso: Define vdso_{start,end} as array
arch/arm64/kernel/vdso.c
ARC: handle gcc generated __builtin_trap for older compiler
tty: rocket: fix incorrect forward declaration of 'rp_init()'
btrfs: Ensure replaced device doesn't have pending chunk allocation
* lib/mpi: Fix karactx leak in mpi_powm
lib/mpi/mpi-pow.c
* ALSA: usb-audio: fix sign unintended sign extension on left shifts
sound/usb/mixer_quirks.c
ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
crypto: user - prevent operating on larval algorithms
* ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
kernel/ptrace.c
MIPS: Workaround GCC __builtin_unreachable reordering bug
* bug.h: work around GCC PR82365 in BUG()
include/asm-generic/bug.h
include/linux/compiler-gcc.h
include/linux/compiler.h
* swiotlb: Make linux/swiotlb.h standalone includible
include/linux/swiotlb.h
mfd: omap-usb-tll: Fix register offsets
MIPS: math-emu: do not use bools for arithmetic
ARC: fix build warning in elf.h
ARC: Assume multiplier is always present
scsi: hpsa: correct ioaccel2 chaining
usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
ASoC: max98090: remove 24-bit format support if RJ is 0
spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
ASoC : cs4265 : readable register too low
um: Compile with modern headers
* Bluetooth: Fix faulty expression for minimum encryption key size check
net/bluetooth/l2cap_core.c
* net: check before dereferencing netdev_ops during busy poll
include/net/busy_poll.h
* bonding: Always enable vlan tx offload
drivers/net/bonding/bond_main.c
* ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop
net/ipv4/raw.c
team: Always enable vlan tx offload
tipc: check msg->req data len in tipc_nl_compat_bearer_disable
tipc: change to use register_pernet_device
sctp: change to hold sk after auth shkey is created successfully
* cpu/speculation: Warn on unsupported mitigations= parameter
kernel/cpu.c
x86/speculation: Allow guests to use SSBD even if host does not
* ovl: modify ovl_permission() to do checks on two inodes
fs/overlayfs/inode.c
KVM: X86: Fix scan ioapic use-before-initialization
net/9p: include trans_common.h to fix missing prototype warning.
9p: p9dirent_read: check network-provided name length
9p/rdma: remove useless check in cm_event_handler
9p: acl: fix uninitialized iattr access
9p/rdma: do not disconnect on down_interruptible EAGAIN
perf help: Remove needless use of strncpy()
perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit set nul
mac80211: drop robust management frames from unknown TA
* cfg80211: fix memory leak of wiphy device name
net/wireless/core.c
SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write
* Bluetooth: Fix regression with minimum encryption key size alignment
net/bluetooth/hci_conn.c
net/bluetooth/l2cap_core.c
* Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
can: purge socket error queue on sock destruct
can: flexcan: fix timeout when set small bitrate
btrfs: start readahead also in seed devices
Btrfs: fix race between readahead and device replace/removal
hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
* scsi: ufs: Check that space was properly alloced in copy_query_response
drivers/scsi/ufs/ufshcd.c
scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
net: hns: Fix loopback test failed at copper ports
MIPS: uprobes: remove set but not used variable 'epc'
IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
parisc: Fix compiler warnings in float emulation code
parport: Fix mem leak in parport_register_dev_model
apparmor: enforce nullbyte at end of tag string
* Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
drivers/input/misc/uinput.c
usb: chipidea: udc: workaround for endpoint conflict issue
* gcc-9: silence 'address-of-packed-member' warning
Makefile
* tracing: Silence GCC 9 array bounds warning
kernel/trace/trace.c
kernel/trace/trace.h
scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
fs/binfmt_flat.c: make load_flat_shared_library() work
Linux 4.4.184
* tcp: refine memory limit test in tcp_fragment()
net/ipv4/tcp_output.c
Linux 4.4.183
* Abort file_remove_privs() for non-reg. files
fs/inode.c
* coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
drivers/android/binder.c
fs/proc/task_mmu.c
include/linux/mm.h
mm/mmap.c
Revert "crypto: crypto4xx - properly set IV after de- and encrypt"
scsi: libsas: delete sas port if expander discover failed
scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs
KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list
ia64: fix build errors by exporting paddr_to_nid()
* configfs: Fix use-after-free when accessing sd->s_dentry
fs/configfs/dir.c
* i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
drivers/i2c/i2c-dev.c
net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE()
* gpio: fix gpio-adp5588 build errors
drivers/gpio/Kconfig
* perf/ring_buffer: Add ordering to rb->nest increment
kernel/events/ring_buffer.c
* perf/ring_buffer: Fix exposing a temporarily decreased data_head
kernel/events/ring_buffer.c
x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor
mISDN: make sure device name is NUL terminated
sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
* neigh: fix use-after-free read in pneigh_get_next
net/core/neighbour.c
lapb: fixed leak of control-blocks.
* ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
net/ipv6/ip6_flowlabel.c
be2net: Fix number of Rx queues used for flow hashing
ax25: fix inconsistent lock state in ax25_destroy_timer
USB: serial: option: add Telit 0x1260 and 0x1261 compositions
USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode
USB: serial: pl2303: add Allied Telesis VT-Kit3
* USB: usb-storage: Add new ID to ums-realtek
drivers/usb/storage/unusual_realtek.h
* USB: Fix chipmunk-like voice when using Logitech C270 for recording audio.
drivers/usb/core/quirks.c
drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read
KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
KVM: x86/pmu: do not mask the value that is written to fixed PMUs
usbnet: ipheth: fix racing condition
scsi: bnx2fc: fix incorrect cast to u64 on shift operation
scsi: lpfc: add check for loss of ndlp when sending RRQ
Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var
ASoC: cs42xx8: Add regcache mask dirty
* cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css()
include/linux/cgroup.h
bcache: fix stack corruption by PRECEDING_KEY()
i2c: acorn: fix i2c warning
* ptrace: restore smp_rmb() in __ptrace_may_access()
kernel/cred.c
kernel/ptrace.c
* signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
kernel/ptrace.c
fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
* mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node
mm/list_lru.c
libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk
ALSA: seq: Cover unsubscribe_port() in list_mutex
* Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections"
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
* futex: Fix futex lock the wrong page
kernel/futex.c
ARM: exynos: Fix undefined instruction during Exynos5422 resume
* pwm: Fix deadlock warning when removing PWM device
drivers/pwm/core.c
drivers/pwm/sysfs.c
include/linux/pwm.h
ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa
pwm: tiehrpwm: Update shadow register for disabling PWMs
dmaengine: idma64: Use actual device for DMA transfers
gpio: gpio-omap: add check for off wake capable gpios
PCI: xilinx: Check for __get_free_pages() failure
video: imsttfb: fix potential NULL pointer dereferences
video: hgafb: fix potential NULL pointer dereference
PCI: rcar: Fix a potential NULL pointer dereference
PCI: rpadlpar: Fix leaked device_node references in add/remove paths
ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA
clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288
soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
platform/chrome: cros_ec_proto: check for NULL transfer function
x86/PCI: Fix PCI IRQ routing table memory leak
nfsd: allow fh_want_write to be called twice
* fuse: retrieve: cap requested size to negotiated max_write
fs/fuse/dev.c
nvmem: core: fix read buffer in place
ALSA: hda - Register irq handler after the chip initialization
iommu/vt-d: Set intel_iommu_gfx_mapped correctly
f2fs: fix to do sanity check on valid block count of segment
f2fs: fix to avoid panic in do_recover_data()
* ntp: Allow TAI-UTC offset to be set to zero
kernel/time/ntp.c
drm/bridge: adv7511: Fix low refresh rate selection
perf/x86/intel: Allow PEBS multi-entry in watermark mode
mfd: twl6040: Fix device init errors for ACCCTL register
mfd: intel-lpss: Set the device in reset state when init
* kernel/sys.c: prctl: fix false positive in validate_prctl_map()
kernel/sys.c
* mm/cma_debug.c: fix the break condition in cma_maxchunk_get()
mm/cma_debug.c
* mm/cma.c: fix crash on CMA allocation if bitmap allocation fails
mm/cma.c
hugetlbfs: on restore reserve error path retain subpool reservation
ipc: prevent lockup on alloc_msg and free_msg
* sysctl: return -EINVAL if val violates minmax
kernel/sysctl.c
* fs/fat/file.c: issue flush after the writeback of FAT
fs/fat/file.c
Linux 4.4.182
* tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
net/ipv4/tcp_timer.c
* tcp: add tcp_min_snd_mss sysctl
include/net/netns/ipv4.h
net/ipv4/sysctl_net_ipv4.c
net/ipv4/tcp_ipv4.c
net/ipv4/tcp_output.c
* tcp: tcp_fragment() should apply sane memory limits
include/uapi/linux/snmp.h
net/ipv4/proc.c
net/ipv4/tcp_output.c
* tcp: limit payload size of sacked skbs
include/linux/tcp.h
include/net/tcp.h
net/ipv4/tcp.c
net/ipv4/tcp_input.c
net/ipv4/tcp_output.c
Linux 4.4.181
* ethtool: check the return value of get_regs_len
net/core/ethtool.c
* ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
include/net/arp.h
* fuse: Add FOPEN_STREAM to use stream_open()
fs/fuse/file.c
include/uapi/linux/fuse.h
* fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
fs/open.c
fs/read_write.c
include/linux/fs.h
drm/gma500/cdv: Check vbt config bits when detecting lvds panels
genwqe: Prevent an integer overflow in the ioctl
MIPS: pistachio: Build uImage.gz by default
* fuse: fallocate: fix return with locked inode
fs/fuse/file.c
parisc: Use implicit space register selection for loading the coherence index of I/O pdirs
* rcu: locking and unlocking need to always be at least barriers
include/linux/rcupdate.h
pktgen: do not sleep with the thread lock held.
net: rds: fix memory leak in rds_ib_flush_mr_pool
net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
* neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
net/core/neighbour.c
* ethtool: fix potential userspace buffer overflow
net/core/ethtool.c
media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
* usb: gadget: fix request length error for isoc transfer
include/linux/usb/gadget.h
* net: cdc_ncm: GetNtbFormat endian fix
drivers/net/usb/cdc_ncm.c
Revert "x86/build: Move _etext to actual end of .text"
* userfaultfd: don't pin the user memory in userfaultfd_file_create()
include/linux/sched.h
brcmfmac: add subtype check for event handling in data path
brcmfmac: add length checks in scheduled scan result handler
brcmfmac: fix incorrect event channel deduction
brcmfmac: revise handling events in receive path
brcmfmac: screening firmware event packet
brcmfmac: Add length checks on firmware events
bnx2x: disable GSO where gso_size is too big for hardware
* net: create skb_gso_validate_mac_len()
include/linux/skbuff.h
* binder: replace "%p" with "%pK"
drivers/android/binder.c
* binder: Replace "%p" with "%pK" for stable
drivers/android/binder.c
CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM
* kernel/signal.c: trace_signal_deliver when signal_group_exit
kernel/signal.c
* memcg: make it work on sparse non-0-node systems
include/linux/list_lru.h
mm/list_lru.c
tty: max310x: Fix external crystal register setup
* tty: serial: msm_serial: Fix XON/XOFF
drivers/tty/serial/msm_serial.c
drm/nouveau/i2c: Disable i2c bus access after ->fini()
ALSA: hda/realtek - Set default power save node to 0
Btrfs: fix race updating log root item during fsync
scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
media: smsusb: better handle optional alignment
media: usb: siano: Fix false-positive "uninitialized variable" warning
media: usb: siano: Fix general protection fault in smsusb
USB: rio500: fix memory leak in close after disconnect
USB: rio500: refuse more than one device at a time
* USB: Add LPM quirk for Surface Dock GigE adapter
drivers/usb/core/quirks.c
USB: sisusbvga: fix oops in error path of sisusb_probe
* USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
drivers/usb/core/config.c
* usb: xhci: avoid null pointer deref when bos field is NULL
drivers/usb/host/xhci.c
* xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
drivers/usb/host/xhci.c
* include/linux/bitops.h: sanitize rotate primitives
include/linux/bitops.h
sparc64: Fix regression in non-hypervisor TLB flush xcall
tipc: fix modprobe tipc failed after switch order of device registration -v2
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
crypto: vmx - ghash: do nosimd fallback manually
net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
bnxt_en: Fix aggregation buffer leak under OOM condition.
tipc: Avoid copying bytes beyond the supplied data
* usbnet: fix kernel crash after disconnect
drivers/net/usb/usbnet.c
net: stmmac: fix reset gpio free missing
* net-gro: fix use-after-free read in napi_gro_frags()
net/core/dev.c
* llc: fix skb leak in llc_build_and_send_ui_pkt()
net/llc/llc_output.c
* ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
net/ipv6/raw.c
ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
* spi: Fix zero length xfer bug
drivers/spi/spi.c
spi: rspi: Fix sequencer reset during initialization
spi : spi-topcliff-pch: Fix to handle empty DMA buffers
scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
media: saa7146: avoid high stack usage with clang
media: go7007: avoid clang frame overflow warning with KASAN
media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
scsi: qla4xxx: avoid freeing unallocated dma memory
* usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
drivers/usb/core/hcd.c
rcutorture: Fix cleanup path for invalid torture_type strings
tty: ipwireless: fix missing checks for ioremap
virtio_console: initialize vtermno value for ports
media: wl128x: prevent two potential buffer overflows
spi: tegra114: reset controller on probe
cxgb3/l2t: Fix undefined behaviour
ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
* HID: core: move Usage Page concatenation to Main item
drivers/hid/hid-core.c
include/linux/hid.h
* chardev: add additional check for minor range overlap
fs/char_dev.c
x86/ia32: Fix ia32_restore_sigcontext() AC leak
* arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
arch/arm64/kernel/cpu_ops.c
* scsi: ufs: Avoid configuring regulator with undefined voltage range
drivers/scsi/ufs/ufshcd.c
* scsi: ufs: Fix regulator load and icc-level configuration
drivers/scsi/ufs/ufshcd.c
brcmfmac: fix race during disconnect when USB completion is in progress
brcmfmac: convert dev_init_lock mutex to completion
b43: shut up clang -Wuninitialized variable warning
brcmfmac: fix missing checks for kmemdup
rtlwifi: fix a potential NULL pointer dereference
iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data
iio: hmc5843: fix potential NULL pointer dereferences
iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
x86/build: Keep local relocations with ld.lld
cpufreq: pmac32: fix possible object reference leak
cpufreq/pasemi: fix possible object reference leak
cpufreq: ppc_cbe: fix possible object reference leak
s390: cio: fix cio_irb declaration
extcon: arizona: Disable mic detect if running when driver is removed
* PM / core: Propagate dev->power.wakeup_path when no callbacks
drivers/base/power/main.c
mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
mmc: sdhci-of-esdhc: add erratum eSDHC5 support
mmc_spi: add a status check for spi_sync_locked
scsi: libsas: Do discovery on empty PHY to update PHY info
hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
i40e: don't allow changes to HW VLAN stripping on active port VLANs
x86/irq/64: Limit IST stack overflow check to #DB stack
* USB: core: Don't unbind interfaces following device reset failure
drivers/usb/core/hub.c
* sched/core: Handle overflow in cpu_shares_write_u64
kernel/sched/core.c
* sched/core: Check quota and period overflow at usec to nsec conversion
kernel/sched/core.c
powerpc/numa: improve control of topology updates
media: pvrusb2: Prevent a buffer overflow
media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
* audit: fix a memory leak bug
kernel/auditfilter.c
media: ov2659: make S_FMT succeed even if requested format doesn't match
media: au0828: stop video streaming only when last user stops
media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
media: coda: clear error return value before picture run
dmaengine: at_xdmac: remove BUG_ON macro in tasklet
pinctrl: pistachio: fix leaked of_node references
* HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
drivers/hid/hid-logitech-hidpp.c
* mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions
lib/strncpy_from_user.c
lib/strnlen_user.c
x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault()
* smpboot: Place the __percpu annotation correctly
include/linux/smpboot.h
x86/build: Move _etext to actual end of .text
bcache: avoid clang -Wunintialized warning
bcache: add failure check to run_cache_set() for journal replay
bcache: fix failure in journal relplay
bcache: return error immediately in bch_journal_replay()
net: cw1200: fix a NULL pointer dereference
mwifiex: prevent an array overflow
ASoC: fsl_sai: Update is_slave_mode with correct value
* mac80211/cfg80211: update bss channel on channel switch
net/wireless/nl80211.c
dmaengine: pl330: _stop: clear interrupt status
w1: fix the resume command API
rtc: 88pm860x: prevent use-after-free on device remove
brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler()
spi: pxa2xx: fix SCR (divisor) calculation
* ASoC: imx: fix fiq dependencies
sound/soc/fsl/Kconfig
powerpc/boot: Fix missing check of lseek() return value
mmc: core: Verify SD bus width
cxgb4: Fix error path in cxgb4_init_module
gfs2: Fix lru_count going negative
tools include: Adopt linux/bits.h
perf tools: No need to include bitops.h in util.h
at76c50x-usb: Don't register led_trigger if usb_register_driver failed
ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
media: cpia2: Fix use-after-free in cpia2_exit
* fbdev: fix WARNING in __alloc_pages_nodemask bug
drivers/video/fbdev/core/fbcmap.c
* hugetlb: use same fault hash key for shared and private mappings
include/linux/hugetlb.h
* fbdev: fix divide error in fb_var_to_videomode
drivers/video/fbdev/core/modedb.c
btrfs: sysfs: don't leak memory when failing add fsid
Btrfs: fix race between ranged fsync and writeback of adjacent ranges
gfs2: Fix sign extension bug in gfs2_update_stats
crypto: vmx - CTR: always increment IV as quadword
* Revert "scsi: sd: Keep disk read-only when re-reading partition"
drivers/scsi/sd.c
* bio: fix improper use of smp_mb__before_atomic()
include/linux/bio.h
KVM: x86: fix return value for reserved EFER
* ext4: do not delete unlinked inode from orphan list on failed truncate
fs/ext4/inode.c
fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
btrfs: Honour FITRIM range constraints during free space trim
md/raid: raid5 preserve the writeback action after the parity check
Revert "Don't jump to compute_result state from check_result state"
perf bench numa: Add define for RUSAGE_THREAD if not present
ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
* power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG
drivers/power/power_supply_sysfs.c
KVM: arm/arm64: Ensure vcpu target is unset on reset failure
* xfrm4: Fix uninitialized memory read in _decode_session4
net/ipv4/xfrm4_policy.c
* vti4: ipip tunnel deregistration fixes.
net/ipv4/ip_vti.c
* xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
net/ipv6/xfrm6_tunnel.c
* xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
net/xfrm/xfrm_user.c
dm delay: fix a crash when invalid device is specified
* PCI: Mark Atheros AR9462 to avoid bus reset
drivers/pci/quirks.c
fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
fbdev: sm712fb: fix support for 1024x768-16 mode
fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM
fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
fbdev: sm712fb: fix brightness control on reboot, don't set SR30
perf intel-pt: Fix sample timestamp wrt non-taken branches
perf intel-pt: Fix improved sample timestamp
perf intel-pt: Fix instructions sampling rate
memory: tegra: Fix integer overflow on tick value calculation
* tracing: Fix partial reading of trace event's id file
kernel/trace/trace_events.c
ceph: flush dirty inodes before proceeding with remount
iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
* fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
fs/fuse/file.c
* fuse: fix writepages on 32bit
fs/fuse/file.c
clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
NFS4: Fix v4.0 client state corruption when mount
media: ov6650: Fix sensor possibly not detected on probe
cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level()
* of: fix clang -Wunsequenced for be32_to_cpu()
include/linux/of.h
intel_th: msu: Fix single mode with IOMMU
* md: add mddev->pers to avoid potential NULL pointer dereference
drivers/md/md.c
stm class: Fix channel free in stm output free path
tipc: fix modprobe tipc failed after switch order of device registration
tipc: switch order of device registration to fix a crash
* ppp: deflate: Fix possible crash in deflate_init
drivers/net/ppp/ppp_deflate.c
net/mlx4_core: Change the error print to info print
* net: avoid weird emergency message
net/core/dev.c
KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
* ext4: zero out the unused memory region in the extent tree block
fs/ext4/extents.c
* fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount
fs/fs-writeback.c
* writeback: synchronize sync(2) against cgroup writeback membership switches
fs/fs-writeback.c
include/linux/backing-dev-defs.h
mm/backing-dev.c
crypto: arm/aes-neonbs - don't access already-freed walk.iv
crypto: salsa20 - don't access already-freed walk.iv
crypto: chacha20poly1305 - set cra_name correctly
* crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
crypto/gcm.c
* crypto: gcm - Fix error return code in crypto_gcm_create_common()
crypto/gcm.c
ipmi:ssif: compare block number correctly for multi-part return messages
bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
bcache: fix a race between cache register and cacheset unregister
Btrfs: do not start a transaction at iterate_extent_inodes()
* ext4: fix ext4_show_options for file systems w/o journal
fs/ext4/super.c
* ext4: actually request zeroing of inode table after grow
fs/ext4/ioctl.c
tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L
ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
* mm/mincore.c: make mincore() more conservative
mm/mincore.c
ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
ASoC: max98090: Fix restore of DAPM Muxes
ALSA: hda/realtek - EAPD turn on later
ALSA: hda/hdmi - Consider eld_valid when reporting jack event
* ALSA: usb-audio: Fix a memory leak bug
sound/usb/mixer.c
crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
crypto: crct10dif-generic - fix use via crypto_shash_digest()
crypto: vmx - fix copy-paste error in CTR mode
ARM: exynos: Fix a leaked reference by adding missing of_node_put
x86/speculation/mds: Improve CPU buffer clear documentation
x86/speculation/mds: Revert CPU buffer clear on double fault exit
Linux 4.4.180
powerpc/lib: fix book3s/32 boot failure due to code patching
powerpc/booke64: set RI in default MSR
drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
* bonding: fix arp_validate toggling in active-backup mode
drivers/net/bonding/bond_options.c
* ipv4: Fix raw socket lookup for local traffic
net/ipv4/raw.c
* vrf: sit mtu should not be updated when vrf netdev is the link
net/ipv6/sit.c
vlan: disable SIOCSHWTSTAMP in container
* packet: Fix error path in packet_init
net/packet/af_packet.c
net: ucc_geth - fix Oops when changing number of buffers in the ring
* bridge: Fix error path for kobject_init_and_add()
net/bridge/br_if.c
powerpc/64s: Include cpu header
USB: serial: fix unthrottle races
USB: serial: use variable for status
x86/bugs: Change L1TF mitigation string to match upstream
x86/speculation/mds: Fix documentation typo
Documentation: Correct the possible MDS sysfs values
x86/mds: Add MDSUM variant to the MDS documentation
x86/speculation/mds: Add 'mitigations=' support for MDS
x86/speculation: Support 'mitigations=' cmdline option
* cpu/speculation: Add 'mitigations=' cmdline option
include/linux/cpu.h
kernel/cpu.c
x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
x86/speculation/mds: Fix comment
x86/speculation/mds: Add SMT warning message
x86/speculation: Move arch_smt_update() call to after mitigation decisions
x86/cpu/bugs: Use __initconst for 'const' init data
Documentation: Add MDS vulnerability documentation
Documentation: Move L1TF to separate directory
x86/speculation/mds: Add mitigation mode VMWERV
* x86/speculation/mds: Add sysfs reporting for MDS
drivers/base/cpu.c
include/linux/cpu.h
x86/speculation/l1tf: Document l1tf in sysfs
x86/speculation/mds: Add mitigation control for MDS
x86/speculation/mds: Conditionally clear CPU buffers on idle entry
x86/speculation/mds: Clear CPU buffers on exit to user
x86/speculation/mds: Add mds_clear_cpu_buffers()
x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
x86/speculation/mds: Add BUG_MSBDS_ONLY
x86/speculation/mds: Add basic bug infrastructure for MDS
x86/speculation: Consolidate CPU whitelists
x86/msr-index: Cleanup bit defines
kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
x86/speculation: Provide IBPB always command line options
x86/speculation: Add seccomp Spectre v2 user space protection mode
x86/speculation: Enable prctl mode for spectre_v2_user
* x86/speculation: Add prctl() control for indirect branch speculation
include/linux/sched.h
include/uapi/linux/prctl.h
x86/speculation: Prevent stale SPEC_CTRL msr content
x86/speculation: Prepare arch_smt_update() for PRCTL mode
x86/speculation: Split out TIF update
x86/speculation: Prepare for conditional IBPB in switch_mm()
x86/speculation: Avoid __switch_to_xtra() calls
x86/process: Consolidate and simplify switch_to_xtra() code
x86/speculation: Prepare for per task indirect branch speculation control
x86/speculation: Add command line control for indirect branch speculation
x86/speculation: Unify conditional spectre v2 print functions
x86/speculataion: Mark command line parser data __initdata
x86/speculation: Mark string arrays const correctly
x86/speculation: Reorder the spec_v2 code
* x86/speculation: Rework SMT state change
include/linux/sched/smt.h
kernel/cpu.c
* sched: Add sched_smt_active()
include/linux/sched/smt.h
kernel/sched/core.c
kernel/sched/sched.h
x86/Kconfig: Select SCHED_SMT if SMP enabled
x86/speculation: Reorganize speculation control MSRs update
x86/speculation: Rename SSBD update functions
x86/speculation: Disable STIBP when enhanced IBRS is in use
x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common()
x86/speculation: Remove unnecessary ret variable in cpu_show_common()
x86/speculation: Clean up spectre_v2_parse_cmdline()
x86/speculation: Update the TIF_SSBD comment
x86/speculation: Propagate information about RSB filling mitigation to sysfs
x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
* x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
include/linux/ptrace.h
kernel/ptrace.c
x86/mm: Use WRITE_ONCE() when setting PTEs
KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
x86/cpu: Sanitize FAM6_ATOM naming
x86/microcode: Update the new microcode revision unconditionally
x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
* locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file
include/linux/bitops.h
include/linux/bits.h
x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
x86/bugs: Add AMD's SPEC_CTRL MSR usage
x86/bugs: Add AMD's variant of SSB_NO
x86/speculation: Simplify the CPU bug detection logic
x86/speculation: Support Enhanced IBRS on future CPUs
x86/cpufeatures: Hide AMD-specific speculation flags
x86/MCE: Save microcode revision in machine check records
x86/microcode/intel: Check microcode revision before updating sibling threads
* bitops: avoid integer overflow in GENMASK(_ULL)
include/linux/bitops.h
x86: stop exporting msr-index.h to userland
x86/microcode/intel: Add a helper which gives the microcode revision
* locking/static_keys: Provide DECLARE and well as DEFINE macros
include/linux/jump_label.h
Don't jump to compute_result state from check_result state
x86/vdso: Pass --eh-frame-hdr to the linker
cw1200: fix missing unlock on error in cw1200_hw_scan()
gpu: ipu-v3: dp: fix CSC handling
selftests/net: correct the return value for run_netsocktests
s390: ctcm: fix ctcm_new_device error return code
ipvs: do not schedule icmp errors from tunnels
* init: initialize jump labels before command line option parsing
init/main.c
tools lib traceevent: Fix missing equality check for strcmp
KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing
s390/3270: fix lockdep false positive on view->lock
s390/dasd: Fix capacity calculation for large volumes
libnvdimm/btt: Fix a kmemdup failure check
* HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
drivers/hid/hid-input.c
* HID: input: add mapping for Expose/Overview key
drivers/hid/hid-input.c
iio: adc: xilinx: fix potential use-after-free on remove
platform/x86: sony-laptop: Fix unintentional fall-through
* netfilter: compat: initialize all fields in xt_init
net/netfilter/x_tables.c
* timer/debug: Change /proc/timer_stats from 0644 to 0600
kernel/time/timer_stats.c
ASoC: Intel: avoid Oops if DMA setup fails
* ipv6: fix a potential deadlock in do_ipv6_setsockopt()
include/net/addrconf.h
net/ipv6/ipv6_sockglue.c
net/ipv6/mcast.c
UAS: fix alignment of scatter/gather segments
* Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
Bluetooth: hidp: fix buffer overflow
scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
* usb: dwc3: Fix default lpm_nyet_threshold value
drivers/usb/dwc3/core.c
* genirq: Prevent use-after-free and work list corruption
kernel/irq/manage.c
iommu/amd: Set exclusion range correctly
scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
ASoC: tlv320aic32x4: Fix Common Pins
ASoC: cs4270: Set auto-increment bit for register writes
* ASoC:soc-pcm:fix a codec fixup issue in TDM case
sound/soc/soc-pcm.c
scsi: libsas: fix a race condition when smp task timeout
media: v4l2: i2c: ov7670: Fix PLL bypass register values
x86/mce: Improve error message when kernel cannot recover, p2
* selinux: never allow relabeling on context mounts
security/selinux/hooks.c
Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
staging: iio: adt7316: fix the dac write calculation
staging: iio: adt7316: fix the dac read calculation
staging: iio: adt7316: allow adt751x to use internal vref for all dacs
usb: usbip: fix isoc packet num validation in get_pipe
ARM: iop: don't use using 64-bit DMA masks
ARM: orion: don't use using 64-bit DMA masks
xsysace: Fix error handling in ace_setup
hugetlbfs: fix memory leak for resv_map
net: hns: Fix WARNING when remove HNS driver with SMMU enabled
net: hns: Use NAPI_POLL_WEIGHT for hns driver
scsi: storvsc: Fix calculation of sub-channel count
vfio/pci: use correct format characters
rtc: da9063: set uie_unsupported when relevant
* debugfs: fix use-after-free on symlink traversal
fs/debugfs/inode.c
jffs2: fix use-after-free on symlink traversal
* bonding: show full hw address in sysfs for slave entries
drivers/net/bonding/bond_sysfs_slave.c
igb: Fix WARN_ONCE on runtime suspend
rtc: sh: Fix invalid alarm warning for non-enabled alarm
* HID: debug: fix race condition with between rdesc_show() and device removal
drivers/hid/hid-debug.c
* USB: core: Fix bug caused by duplicate interface PM usage counter
drivers/usb/core/driver.c
include/linux/usb.h
* USB: core: Fix unterminated string returned by usb_string()
drivers/usb/core/message.c
USB: w1 ds2490: Fix bug caused by improper use of altsetting array
USB: yurex: Fix protection fault after device removal
* packet: validate msg_namelen in send directly
net/packet/af_packet.c
bnxt_en: Improve multicast address setup logic.
* ipv6: invert flowlabel sharing check in process and user mode
net/ipv6/ip6_flowlabel.c
* ipv6/flowlabel: wait rcu grace period before put_pid()
net/ipv6/ip6_flowlabel.c
* ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
net/ipv4/ip_output.c
ALSA: line6: use dynamic buffers
vfio/type1: Limit DMA mappings per container
kconfig/[mn]conf: handle backspace (^H) key
libata: fix using DMA buffers on stack
scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
ceph: fix use-after-free on symlink traversal
usb: u132-hcd: fix resource leak
scsi: qla4xxx: fix a potential NULL pointer dereference
net: ethernet: ti: fix possible object reference leak
net: ibm: fix possible object reference leak
net: xilinx: fix possible object reference leak
net: ks8851: Set initial carrier state to down
net: ks8851: Delay requesting IRQ until opened
net: ks8851: Reassert reset pin if chip ID check fails
net: ks8851: Dequeue RX packets explicitly
ARM: dts: pfla02: increase phy reset duration
usb: gadget: net2272: Fix net2272_dequeue()
usb: gadget: net2280: Fix net2280_dequeue()
usb: gadget: net2280: Fix overrun of OUT messages
sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING
qlcnic: Avoid potential NULL pointer dereference
usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
usbnet: ipheth: prevent TX queue timeouts when device not ready
Documentation: Add nospectre_v1 parameter
powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
powerpc/fsl: Emulate SPRN_BUCSR register
powerpc/fsl: Flush branch predictor when entering KVM
powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
* ipv4: set the tcp_min_rtt_wlen range from 0 to one day
net/ipv4/sysctl_net_ipv4.c
net: stmmac: move stmmac_check_ether_addr() to driver probe
team: fix possible recursive locking when add slaves
* ipv4: add sanity checks in ipv4_link_failure()
net/ipv4/route.c
* Revert "block/loop: Use global lock for ioctl() operation."
drivers/block/loop.c
drivers/block/loop.h
* bpf: reject wrong sized filters earlier
net/core/filter.c
tipc: check link name with right length in tipc_nl_compat_link_set
tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
* netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
net/bridge/netfilter/ebtables.c
NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
* fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
fs/proc/proc_sysctl.c
intel_th: gth: Fix an off-by-one in output unassigning
* slip: make slhc_free() silently accept an error pointer
drivers/net/slip/slhc.c
tipc: handle the err returned from cmd header function
powerpc/fsl: Fix the flush of branch predictor.
powerpc/security: Fix spectre_v2 reporting
powerpc/fsl: Update Spectre v2 reporting
powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
powerpc/fsl: Add nospectre_v2 command line argument
powerpc/fsl: Fix spectre_v2 mitigations reporting
powerpc/fsl: Add macro to flush the branch predictor
powerpc/fsl: Add infrastructure to fixup branch predictor flush
powerpc: Avoid code patching freed init sections
powerpc/powernv: Query firmware for count cache flush settings
powerpc/pseries: Query hypervisor for count cache flush settings
powerpc/64s: Add support for software count cache flush
powerpc/64s: Add new security feature flags for count cache flush
powerpc/asm: Add a patch_site macro & helpers for patching instructions
powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
powerpc/64: Make meltdown reporting Book3S 64 specific
powerpc/64: Call setup_barrier_nospec() from setup_arch()
powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
powerpc/64: Disable the speculation barrier from the command line
powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
powerpc/64s: Enhance the information in cpu_show_spectre_v1()
powerpc: Use barrier_nospec in copy_from_user()
powerpc/64: Use barrier_nospec in syscall entry
powerpc/64s: Enable barrier_nospec based on firmware settings
powerpc/64s: Patch barrier_nospec in modules
powerpc/64s: Add support for ori barrier_nospec patching
powerpc/64s: Add barrier_nospec
powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
powerpc/pseries: Restore default security feature flags on setup
powerpc: Move default security feature flags
powerpc/pseries: Fix clearing of security feature flags
powerpc/64s: Wire up cpu_show_spectre_v2()
powerpc/64s: Wire up cpu_show_spectre_v1()
powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
powerpc/64s: Enhance the information in cpu_show_meltdown()
powerpc/64s: Move cpu_show_meltdown()
powerpc/powernv: Set or clear security feature flags
powerpc/pseries: Set or clear security feature flags
powerpc: Add security feature flags for Spectre/Meltdown
powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
powerpc/rfi-flush: Differentiate enabled and patched flush types
powerpc/rfi-flush: Always enable fallback flush on pseries
powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
powerpc/powernv: Support firmware disable of RFI flush
powerpc/pseries: Support firmware disable of RFI flush
powerpc/64s: Improve RFI L1-D cache flush fallback
powerpc/xmon: Add RFI flush related fields to paca dump
* USB: Consolidate LPM checks to avoid enabling LPM twice
drivers/usb/core/driver.c
drivers/usb/core/hub.c
drivers/usb/core/message.c
* USB: Add new USB LPM helpers
drivers/usb/core/driver.c
drivers/usb/core/hub.c
drivers/usb/core/message.c
drivers/usb/core/sysfs.c
drivers/usb/core/usb.h
sunrpc: don't mark uninitialised items as VALID.
nfsd: Don't release the callback slot unless it was actually held
ceph: fix ci->i_head_snapc leak
ceph: ensure d_name stability in ceph_dentry_hash()
* sched/numa: Fix a possible divide-by-zero
kernel/sched/fair.c
* trace: Fix preempt_enable_no_resched() abuse
kernel/trace/ring_buffer.c
MIPS: scall64-o32: Fix indirect syscall number load
cifs: do not attempt cifs operation on smb2+ rename error
KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number
* kbuild: simplify ld-option implementation
scripts/Kbuild.include
Linux 4.4.179
* kernel/sysctl.c: fix out-of-bounds access when setting file-max
kernel/sysctl.c
Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()"
* ALSA: info: Fix racy addition/deletion of nodes
sound/core/info.c
* mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n
mm/vmstat.c
device_cgroup: fix RCU imbalance in error case
* sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
kernel/sched/fair.c
* Revert "kbuild: use -Oz instead of -Os when using clang"
Makefile
mac80211: do not call driver wake_tx_queue op during reconfig
kprobes: Fix error check when reusing optimized probes
kprobes: Mark ftrace mcount handler functions nokprobe
* x86/kprobes: Verify stack frame on kretprobe
include/linux/kprobes.h
* arm64: futex: Restore oldval initialization to work around buggy compilers
arch/arm64/include/asm/futex.h
crypto: x86/poly1305 - fix overflow during partial reduction
* ALSA: core: Fix card races between register and disconnect
sound/core/init.c
staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
staging: comedi: ni_usb6501: Fix use of uninitialized mutex
staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
staging: comedi: vmk80xx: Fix use of uninitialized semaphore
io: accel: kxcjk1013: restore the range after resume.
iio: adc: at91: disable adc channel interrupt in timeout case
iio: ad_sigma_delta: select channel when reading register
iio/gyro/bmg160: Use millidegrees for temperature scale
KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
* modpost: file2alias: check prototype of handler
scripts/mod/file2alias.c
* modpost: file2alias: go back to simple devtable lookup
scripts/mod/file2alias.c
crypto: crypto4xx - properly set IV after de- and encrypt
* ipv4: ensure rcu_read_lock() in ipv4_link_failure()
net/ipv4/route.c
* ipv4: recompile ip options in ipv4_link_failure
net/ipv4/route.c
* tcp: tcp_grow_window() needs to respect tcp_space()
net/ipv4/tcp_input.c
net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
* net: bridge: multicast: use rcu to access port list from br_multicast_start_querier
net/bridge/br_multicast.c
net: atm: Fix potential Spectre v1 vulnerabilities
* bonding: fix event handling for stacked bonds
drivers/net/bonding/bond_main.c
* appletalk: Fix compile regression
include/linux/atalk.h
* ovl: fix uid/gid when creating over whiteout
fs/overlayfs/dir.c
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
* include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
include/linux/swap.h
* lib/div64.c: off by one in shift
lib/div64.c
* appletalk: Fix use-after-free in atalk_proc_exit
include/linux/atalk.h
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
iommu/dmar: Fix buffer overflow during PCI bus notification
crypto: sha512/arm - fix crash bug in Thumb2 build
crypto: sha256/arm - fix crash bug in Thumb2 build
cifs: fallback to older infolevels on findfirst queryinfo retry
ACPI / SBS: Fix GPE storm on recent MacBookPro's
ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
serial: uartps: console_setup() can't be placed to init section
f2fs: fix to do sanity check with current segment number
9p locks: add mount option for lock retry interval
9p: do not trust pdu content for stat item size
rsi: improve kernel thread handling to fix kernel panic
* ext4: prohibit fstrim in norecovery mode
fs/ext4/ioctl.c
fix incorrect error code mapping for OBJECTID_NOT_FOUND
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
iommu/vt-d: Check capability before disabling protected memory
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
x86/hpet: Prevent potential NULL pointer dereference
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test
perf evsel: Free evsel->counts in perf_evsel__exit()
perf top: Fix error handling in cmd_top()
tools/power turbostat: return the exit status of a command
thermal/int340x_thermal: fix mode setting
thermal/int340x_thermal: Add additional UUIDs
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
mmc: davinci: remove extraneous __init annotation
IB/mlx4: Fix race condition between catas error reset and aliasguid flows
ALSA: sb8: add a check for request_region
ALSA: echoaudio: add a check for ioremap_nocache
* ext4: report real fs size after failed resize
fs/ext4/resize.c
* ext4: add missing brelse() in add_new_gdb_meta_bg()
fs/ext4/resize.c
* perf/core: Restore mmap record type correctly
kernel/events/core.c
* PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
drivers/pci/quirks.c
xtensa: fix return_address
* sched/fair: Do not re-read ->h_load_next during hierarchical load calculation
kernel/sched/fair.c
xen: Prevent buffer overflow in privcmd ioctl
* arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
arch/arm64/include/asm/futex.h
ARM: dts: at91: Fix typo in ISC_D0 on PC9
* genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
kernel/irq/chip.c
* block: do not leak memory in bio_copy_user_iov()
block/bio.c
ASoC: fsl_esai: fix channel swap issue when stream starts
* include/linux/bitrev.h: fix constant bitrev
include/linux/bitrev.h
ALSA: seq: Fix OOB-reads from strlcpy
* ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
net/ipv6/ip6_tunnel.c
* net: ethtool: not call vzalloc for zero sized memory request
net/core/ethtool.c
* netns: provide pure entropy for net_hash_mix()
include/net/net_namespace.h
include/net/netns/hash.h
net/core/net_namespace.c
tcp: Ensure DCTCP reacts to losses
sctp: initialize _pad of sockaddr_in before copying to user memory
qmi_wwan: add Olicard 600
openvswitch: fix flow actions reallocation
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
* ipv6: sit: reset ip header pointer in ipip6_rcv
net/ipv6/sit.c
* ipv6: Fix dangling pointer when ipv6 fragment
net/ipv6/ip6_output.c
* tty: ldisc: add sysctl to prevent autoloading of ldiscs
drivers/tty/Kconfig
drivers/tty/tty_io.c
drivers/tty/tty_ldisc.c
* tty: mark Siemens R3964 line discipline as BROKEN
drivers/char/Kconfig
* lib/string.c: implement a basic bcmp
include/linux/string.h
lib/string.c
x86/vdso: Drop implicit common-page-size linker flag
x86: vdso: Use $LD instead of $CC to link
x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
* kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
Makefile
* binfmt_elf: switch to new creds when switching to new mm
fs/binfmt_elf.c
drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
dmaengine: tegra: avoid overflow of byte tracking
x86/build: Mark per-CPU symbols as absolute explicitly for LLD
wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
netfilter: physdev: relax br_netfilter dependency
dmaengine: imx-dma: fix warning comparison of distinct pointer types
hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
soc/tegra: fuse: Fix illegal free of IO base address
hwrng: virtio - Avoid repeated init of completion
media: mt9m111: set initial frame size other than 0x0
* tty: increase the default flip buffer limit to 2*640K
drivers/tty/tty_buffer.c
ARM: avoid Cortex-A9 livelock on tight dmb loops
mt7601u: bump supported EEPROM version
soc: qcom: gsbi: Fix error handling in gsbi_probe()
ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
cdrom: Fix race condition in cdrom_sysctl_register
* fbdev: fbmem: fix memory access if logo is bigger than the screen
drivers/video/fbdev/core/fbmem.c
bcache: improve sysfs_strtoul_clamp()
bcache: fix input overflow to sequential_cutoff
bcache: fix input overflow to cache set sysfs file io_error_halflife
* ALSA: PCM: check if ops are defined before suspending PCM
sound/core/pcm_native.c
ARM: 8833/1: Ensure that NEON code always compiles with Clang
* kprobes: Prohibit probing on bsearch()
lib/bsearch.c
leds: lp55xx: fix null deref on firmware load failure
media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
media: s5p-g2d: Correct return type for mem2mem buffer helpers
media: s5p-jpeg: Correct return type for mem2mem buffer helpers
media: sh_veu: Correct return type for mem2mem buffer helpers
SoC: imx-sgtl5000: add missing put_device()
perf test: Fix failure of 'evsel-tp-sched' test on s390
scsi: megaraid_sas: return error when create DMA pool failed
IB/mlx4: Increase the timeout for CM cache
e1000e: Fix -Wformat-truncation warnings
mmc: omap: fix the maximum timeout setting
ARM: 8840/1: use a raw_spinlock_t in unwind
coresight: etm4x: Add support to enable ETMv4.2
* scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
drivers/scsi/scsi_scan.c
usb: chipidea: Grab the (legacy) USB PHY by phandle first
tools lib traceevent: Fix buffer overflow in arg_eval
* fs: fix guard_bio_eod to check for real EOD errors
fs/buffer.c
cifs: Fix NULL pointer dereference of devname
dm thin: add sanity checks to thin-pool and external snapshot creation
cifs: use correct format characters
* fs/file.c: initialize init_files.resize_wait
fs/file.c
f2fs: do not use mutex lock in atomic context
ocfs2: fix a panic problem caused by o2cb_ctl
mm/slab.c: kmemleak no scan alien caches
* mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
mm/vmalloc.c
mm/page_ext.c: fix an imbalance with kmemleak
* mm/cma.c: cma_declare_contiguous: correct err handling
mm/cma.c
enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
* sysctl: handle overflow for file-max
kernel/sysctl.c
gpio: gpio-omap: fix level interrupt idling
* tracing: kdb: Fix ftdump to not sleep
include/linux/ring_buffer.h
kernel/trace/ring_buffer.c
kernel/trace/trace.c
h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
CIFS: fix POSIX lock leak and invalid ptr deref
tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
* Bluetooth: Fix decrementing reference count twice in releasing socket
net/bluetooth/hci_sock.c
* i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
drivers/i2c/i2c-core.c
mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
tty/serial: atmel: Add is_half_duplex helper
* lib/int_sqrt: optimize initial value compute
lib/int_sqrt.c
* ext4: cleanup bh release code in ext4_ind_remove_space()
fs/ext4/indirect.c
arm64: debug: Ensure debug handlers check triggering exception level
* arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
arch/arm64/mm/fault.c
Linux 4.4.178
* stm class: Hide STM-specific options if STM is disabled
drivers/hwtracing/stm/Kconfig
coresight: removing bind/unbind options from sysfs
* arm64: support keyctl() system call in 32-bit mode
arch/arm64/Kconfig
* Revert "USB: core: only clean up what we allocated"
drivers/usb/core/config.c
* xhci: Fix port resume done detection for SS ports with LPM enabled
drivers/usb/host/xhci-ring.c
drivers/usb/host/xhci.h
KVM: Reject device ioctls from processes other than the VM's creator
x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
perf intel-pt: Fix TSC slip
gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
* fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
fs/proc/proc_sysctl.c
Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
USB: serial: option: add Olicard 600
USB: serial: option: set driver_info for SIM5218 and compatibles
USB: serial: mos7720: fix mos_parport refcount imbalance on error path
USB: serial: ftdi_sio: add additional NovaTech products
USB: serial: cp210x: add new device id
serial: sh-sci: Fix setting SCSCR_TIE while transferring data
serial: max310x: Fix to avoid potential NULL pointer dereference
staging: vt6655: Fix interrupt race condition on device start up.
staging: vt6655: Remove vif check from vnt_interrupt
tty: atmel_serial: fix a potential NULL pointer dereference
scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices
scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
* scsi: sd: Fix a race between closing an sd device and sd I/O
drivers/scsi/sd.c
* ALSA: pcm: Don't suspend stream in unrecoverable PCM state
sound/core/pcm_native.c
ALSA: pcm: Fix possible OOB access in PCM oss plugins
ALSA: seq: oss: Fix Spectre v1 vulnerability
* ALSA: rawmidi: Fix potential Spectre v1 vulnerability
sound/core/rawmidi.c
* ALSA: compress: add support for 32bit calls in a 64bit kernel
sound/core/compress_offload.c
ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
btrfs: raid56: properly unmap parity page in finish_parity_scrub()
btrfs: remove WARN_ON in log_dir_items
mac8390: Fix mmio access size probe
* sctp: get sctphdr by offset in sctp_compute_cksum
include/net/sctp/checksum.h
vxlan: Don't call gro_cells_destroy() before device is unregistered
* tcp: do not use ipv6 header for ipv4 flow
net/ipv6/tcp_ipv6.c
* packets: Always register packet sk in the same order
include/net/sock.h
net/packet/af_packet.c
* Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net)
include/linux/rculist.h
net: rose: fix a possible stack overflow
* net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
net/packet/af_packet.c
mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
dccp: do not use ipv6 header for ipv4 flow
stmmac: copy unicast mac address to MAC registers
* cfg80211: size various nl80211 messages correctly
net/wireless/nl80211.c
mmc: mmc: fix switch timeout issue caused by jiffies precision
* arm64: kconfig: drop CONFIG_RTC_LIB dependency
arch/arm64/Kconfig
video: fbdev: Set pixclock = 0 in goldfishfb
* cpu/hotplug: Handle unbalanced hotplug enable/disable
kernel/cpu.c
* usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG
drivers/usb/gadget/function/rndis.c
* usb: gadget: configfs: add mutex lock before unregister gadget
drivers/usb/gadget/configfs.c
* ipv6: fix endianness error in icmpv6_err
net/ipv6/icmp.c
stm class: Fix stm device initialization order
stm class: Do not leak the chrdev in error path
PM / Hibernate: Call flush_icache_range() on pages restored in-place
* arm64: kernel: Include _AC definition in page.h
arch/arm64/include/asm/page.h
* perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops
kernel/events/ring_buffer.c
mac80211: fix "warning: ‘target_metric’ may be used uninitialized"
* arm64/kernel: fix incorrect EL0 check in inv_entry macro
arch/arm64/kernel/entry.S
ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies
staging: goldfish: audio: fix compiliation on arm
* staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT
drivers/staging/android/ion/ion_carveout_heap.c
* staging: ashmem: Add missing include
drivers/staging/android/uapi/ashmem.h
* staging: ashmem: Avoid deadlock with mmap/shrink
drivers/staging/android/ashmem.c
* asm-generic: Fix local variable shadow in __set_fixmap_offset
include/asm-generic/fixmap.h
coresight: etm4x: Check every parameter used by dma_xx_coherent.
coresight: "DEVICE_ATTR_RO" should defined as static.
stm class: Fix a race in unlinking
stm class: Fix unbalanced module/device refcounting
stm class: Guard output assignment against concurrency
stm class: Fix unlocking braino in the error path
stm class: Support devices with multiple instances
stm class: Prevent user-controllable allocations
stm class: Fix link list locking
stm class: Fix locking in unbinding policy path
coresight: remove csdev's link from topology
coresight: release reference taken by 'bus_find_device()'
coresight: coresight_unregister() function cleanup
coresight: fixing lockdep error
* writeback: initialize inode members that track writeback history
fs/inode.c
Revert "mmc: block: don't use parameter prefix if built as module"
* net: diag: support v4mapped sockets in inet_diag_find_one_icsk()
net/ipv4/inet_diag.c
* perf: Synchronously free aux pages in case of allocation failure
kernel/events/ring_buffer.c
* arm64: hide __efistub_ aliases from kallsyms
arch/arm64/kernel/image.h
hid-sensor-hub.c: fix wrong do_div() usage
* vmstat: make vmstat_updater deferrable again and shut down on idle
include/linux/vmstat.h
kernel/sched/idle.c
mm/vmstat.c
* android: unconditionally remove callbacks in sync_fence_free()
drivers/staging/android/sync.c
ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor
ARM: 8458/1: bL_switcher: add GIC dependency
* efi: stub: define DISABLE_BRANCH_PROFILING for all architectures
drivers/firmware/efi/libstub/Makefile
* arm64: fix COMPAT_SHMLBA definition for large pages
arch/arm64/include/asm/shmparam.h
mmc: block: Allow more than 8 partitions per card
* sched/fair: Fix new task's load avg removed from source CPU in wake_up_new_task()
kernel/sched/fair.c
* Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
net/bluetooth/l2cap_core.c
* Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
net/bluetooth/l2cap_core.c
ath10k: avoid possible string overflow
* rtc: Fix overflow when converting time64_t to rtc_time
drivers/rtc/rtc-lib.c
* USB: core: only clean up what we allocated
drivers/usb/core/config.c
* lib/int_sqrt: optimize small argument
lib/int_sqrt.c
serial: sprd: clear timeout interrupt only rather than all interrupts
usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
* arm64: traps: disable irq in die()
arch/arm64/kernel/traps.c
* Hang/soft lockup in d_invalidate with simultaneous calls
fs/dcache.c
serial: sprd: adjust TIMEOUT to a big value
* tcp/dccp: drop SYN packets if accept queue is full
include/net/inet_connection_sock.h
net/ipv4/tcp_input.c
usb: gadget: Add the gserial port checking in gs_start_tx()
* usb: gadget: composite: fix dereference after null check coverify warning
drivers/usb/gadget/composite.c
* kbuild: setlocalversion: print error to STDERR
scripts/setlocalversion
extcon: usb-gpio: Don't miss event during suspend/resume
* mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
mm/rmap.c
mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
* arm64: mm: Add trace_irqflags annotations to do_debug_exception()
arch/arm64/mm/fault.c
* usb: dwc3: gadget: Fix suspend/resume during device mode
drivers/usb/dwc3/gadget.c
mmc: core: shut up "voltage-ranges unspecified" pr_info()
mmc: sanitize 'bus width' in debug output
mmc: make MAN_BKOPS_EN message a debug
mmc: debugfs: Add a restriction to mmc debugfs clock setting
mmc: pwrseq_simple: Make reset-gpios optional to match doc
ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
ALSA: hda - Record the current power state before suspend/resume calls
locking/lockdep: Add debug_locks check in __lock_downgrade()
* media: v4l2-ctrls.c/uvc: zero v4l2_event
drivers/media/v4l2-core/v4l2-ctrls.c
mmc: tmio_mmc_core: don't claim spurious interrupts
* ext4: brelse all indirect buffer in ext4_ind_remove_space()
fs/ext4/indirect.c
* ext4: fix data corruption caused by unaligned direct AIO
fs/ext4/file.c
* ext4: fix NULL pointer dereference while journal is aborted
fs/ext4/ext4_jbd2.h
* futex: Ensure that futex address is aligned in handle_futex_death()
kernel/futex.c
MIPS: Fix kernel crash for R6 in jump label branch function
mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
udf: Fix crash on IO error during truncate
drm/vmwgfx: Don't double-free the mode stored in par->set_mode
mmc: pxamci: fix enum type confusion
Change-Id: Ib7e4ac2952d7fc0808e515749ea6b3c2bbfc40e5
Signed-off-by: Robin Peng <robinpeng@google.com>
1790 lines
49 KiB
C
1790 lines
49 KiB
C
/*
|
|
* mm/rmap.c - physical to virtual reverse mappings
|
|
*
|
|
* Copyright 2001, Rik van Riel <riel@conectiva.com.br>
|
|
* Released under the General Public License (GPL).
|
|
*
|
|
* Simple, low overhead reverse mapping scheme.
|
|
* Please try to keep this thing as modular as possible.
|
|
*
|
|
* Provides methods for unmapping each kind of mapped page:
|
|
* the anon methods track anonymous pages, and
|
|
* the file methods track pages belonging to an inode.
|
|
*
|
|
* Original design by Rik van Riel <riel@conectiva.com.br> 2001
|
|
* File methods by Dave McCracken <dmccr@us.ibm.com> 2003, 2004
|
|
* Anonymous methods by Andrea Arcangeli <andrea@suse.de> 2004
|
|
* Contributions by Hugh Dickins 2003, 2004
|
|
*/
|
|
|
|
/*
|
|
* Lock ordering in mm:
|
|
*
|
|
* inode->i_mutex (while writing or truncating, not reading or faulting)
|
|
* mm->mmap_sem
|
|
* page->flags PG_locked (lock_page)
|
|
* mapping->i_mmap_rwsem
|
|
* anon_vma->rwsem
|
|
* mm->page_table_lock or pte_lock
|
|
* zone->lru_lock (in mark_page_accessed, isolate_lru_page)
|
|
* swap_lock (in swap_duplicate, swap_info_get)
|
|
* mmlist_lock (in mmput, drain_mmlist and others)
|
|
* mapping->private_lock (in __set_page_dirty_buffers)
|
|
* mem_cgroup_{begin,end}_page_stat (memcg->move_lock)
|
|
* mapping->tree_lock (widely used)
|
|
* inode->i_lock (in set_page_dirty's __mark_inode_dirty)
|
|
* bdi.wb->list_lock (in set_page_dirty's __mark_inode_dirty)
|
|
* sb_lock (within inode_lock in fs/fs-writeback.c)
|
|
* mapping->tree_lock (widely used, in set_page_dirty,
|
|
* in arch-dependent flush_dcache_mmap_lock,
|
|
* within bdi.wb->list_lock in __sync_single_inode)
|
|
*
|
|
* anon_vma->rwsem,mapping->i_mutex (memory_failure, collect_procs_anon)
|
|
* ->tasklist_lock
|
|
* pte map lock
|
|
*/
|
|
|
|
#include <linux/mm.h>
|
|
#include <linux/pagemap.h>
|
|
#include <linux/swap.h>
|
|
#include <linux/swapops.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/init.h>
|
|
#include <linux/ksm.h>
|
|
#include <linux/rmap.h>
|
|
#include <linux/rcupdate.h>
|
|
#include <linux/export.h>
|
|
#include <linux/memcontrol.h>
|
|
#include <linux/mmu_notifier.h>
|
|
#include <linux/migrate.h>
|
|
#include <linux/hugetlb.h>
|
|
#include <linux/backing-dev.h>
|
|
#include <linux/page_idle.h>
|
|
|
|
#include <asm/tlbflush.h>
|
|
|
|
#include <trace/events/tlb.h>
|
|
|
|
#include "internal.h"
|
|
|
|
static struct kmem_cache *anon_vma_cachep;
|
|
static struct kmem_cache *anon_vma_chain_cachep;
|
|
|
|
static inline struct anon_vma *anon_vma_alloc(void)
|
|
{
|
|
struct anon_vma *anon_vma;
|
|
|
|
anon_vma = kmem_cache_alloc(anon_vma_cachep, GFP_KERNEL);
|
|
if (anon_vma) {
|
|
atomic_set(&anon_vma->refcount, 1);
|
|
anon_vma->degree = 1; /* Reference for first vma */
|
|
anon_vma->parent = anon_vma;
|
|
/*
|
|
* Initialise the anon_vma root to point to itself. If called
|
|
* from fork, the root will be reset to the parents anon_vma.
|
|
*/
|
|
anon_vma->root = anon_vma;
|
|
}
|
|
|
|
return anon_vma;
|
|
}
|
|
|
|
static inline void anon_vma_free(struct anon_vma *anon_vma)
|
|
{
|
|
VM_BUG_ON(atomic_read(&anon_vma->refcount));
|
|
|
|
/*
|
|
* Synchronize against page_lock_anon_vma_read() such that
|
|
* we can safely hold the lock without the anon_vma getting
|
|
* freed.
|
|
*
|
|
* Relies on the full mb implied by the atomic_dec_and_test() from
|
|
* put_anon_vma() against the acquire barrier implied by
|
|
* down_read_trylock() from page_lock_anon_vma_read(). This orders:
|
|
*
|
|
* page_lock_anon_vma_read() VS put_anon_vma()
|
|
* down_read_trylock() atomic_dec_and_test()
|
|
* LOCK MB
|
|
* atomic_read() rwsem_is_locked()
|
|
*
|
|
* LOCK should suffice since the actual taking of the lock must
|
|
* happen _before_ what follows.
|
|
*/
|
|
might_sleep();
|
|
if (rwsem_is_locked(&anon_vma->root->rwsem)) {
|
|
anon_vma_lock_write(anon_vma);
|
|
anon_vma_unlock_write(anon_vma);
|
|
}
|
|
|
|
kmem_cache_free(anon_vma_cachep, anon_vma);
|
|
}
|
|
|
|
static inline struct anon_vma_chain *anon_vma_chain_alloc(gfp_t gfp)
|
|
{
|
|
return kmem_cache_alloc(anon_vma_chain_cachep, gfp);
|
|
}
|
|
|
|
static void anon_vma_chain_free(struct anon_vma_chain *anon_vma_chain)
|
|
{
|
|
kmem_cache_free(anon_vma_chain_cachep, anon_vma_chain);
|
|
}
|
|
|
|
static void anon_vma_chain_link(struct vm_area_struct *vma,
|
|
struct anon_vma_chain *avc,
|
|
struct anon_vma *anon_vma)
|
|
{
|
|
avc->vma = vma;
|
|
avc->anon_vma = anon_vma;
|
|
list_add(&avc->same_vma, &vma->anon_vma_chain);
|
|
anon_vma_interval_tree_insert(avc, &anon_vma->rb_root);
|
|
}
|
|
|
|
/**
|
|
* anon_vma_prepare - attach an anon_vma to a memory region
|
|
* @vma: the memory region in question
|
|
*
|
|
* This makes sure the memory mapping described by 'vma' has
|
|
* an 'anon_vma' attached to it, so that we can associate the
|
|
* anonymous pages mapped into it with that anon_vma.
|
|
*
|
|
* The common case will be that we already have one, but if
|
|
* not we either need to find an adjacent mapping that we
|
|
* can re-use the anon_vma from (very common when the only
|
|
* reason for splitting a vma has been mprotect()), or we
|
|
* allocate a new one.
|
|
*
|
|
* Anon-vma allocations are very subtle, because we may have
|
|
* optimistically looked up an anon_vma in page_lock_anon_vma_read()
|
|
* and that may actually touch the spinlock even in the newly
|
|
* allocated vma (it depends on RCU to make sure that the
|
|
* anon_vma isn't actually destroyed).
|
|
*
|
|
* As a result, we need to do proper anon_vma locking even
|
|
* for the new allocation. At the same time, we do not want
|
|
* to do any locking for the common case of already having
|
|
* an anon_vma.
|
|
*
|
|
* This must be called with the mmap_sem held for reading.
|
|
*/
|
|
int anon_vma_prepare(struct vm_area_struct *vma)
|
|
{
|
|
struct anon_vma *anon_vma = vma->anon_vma;
|
|
struct anon_vma_chain *avc;
|
|
|
|
might_sleep();
|
|
if (unlikely(!anon_vma)) {
|
|
struct mm_struct *mm = vma->vm_mm;
|
|
struct anon_vma *allocated;
|
|
|
|
avc = anon_vma_chain_alloc(GFP_KERNEL);
|
|
if (!avc)
|
|
goto out_enomem;
|
|
|
|
anon_vma = find_mergeable_anon_vma(vma);
|
|
allocated = NULL;
|
|
if (!anon_vma) {
|
|
anon_vma = anon_vma_alloc();
|
|
if (unlikely(!anon_vma))
|
|
goto out_enomem_free_avc;
|
|
allocated = anon_vma;
|
|
}
|
|
|
|
anon_vma_lock_write(anon_vma);
|
|
/* page_table_lock to protect against threads */
|
|
spin_lock(&mm->page_table_lock);
|
|
if (likely(!vma->anon_vma)) {
|
|
vma->anon_vma = anon_vma;
|
|
anon_vma_chain_link(vma, avc, anon_vma);
|
|
/* vma reference or self-parent link for new root */
|
|
anon_vma->degree++;
|
|
allocated = NULL;
|
|
avc = NULL;
|
|
}
|
|
spin_unlock(&mm->page_table_lock);
|
|
anon_vma_unlock_write(anon_vma);
|
|
|
|
if (unlikely(allocated))
|
|
put_anon_vma(allocated);
|
|
if (unlikely(avc))
|
|
anon_vma_chain_free(avc);
|
|
}
|
|
return 0;
|
|
|
|
out_enomem_free_avc:
|
|
anon_vma_chain_free(avc);
|
|
out_enomem:
|
|
return -ENOMEM;
|
|
}
|
|
|
|
/*
|
|
* This is a useful helper function for locking the anon_vma root as
|
|
* we traverse the vma->anon_vma_chain, looping over anon_vma's that
|
|
* have the same vma.
|
|
*
|
|
* Such anon_vma's should have the same root, so you'd expect to see
|
|
* just a single mutex_lock for the whole traversal.
|
|
*/
|
|
static inline struct anon_vma *lock_anon_vma_root(struct anon_vma *root, struct anon_vma *anon_vma)
|
|
{
|
|
struct anon_vma *new_root = anon_vma->root;
|
|
if (new_root != root) {
|
|
if (WARN_ON_ONCE(root))
|
|
up_write(&root->rwsem);
|
|
root = new_root;
|
|
down_write(&root->rwsem);
|
|
}
|
|
return root;
|
|
}
|
|
|
|
static inline void unlock_anon_vma_root(struct anon_vma *root)
|
|
{
|
|
if (root)
|
|
up_write(&root->rwsem);
|
|
}
|
|
|
|
/*
|
|
* Attach the anon_vmas from src to dst.
|
|
* Returns 0 on success, -ENOMEM on failure.
|
|
*
|
|
* If dst->anon_vma is NULL this function tries to find and reuse existing
|
|
* anon_vma which has no vmas and only one child anon_vma. This prevents
|
|
* degradation of anon_vma hierarchy to endless linear chain in case of
|
|
* constantly forking task. On the other hand, an anon_vma with more than one
|
|
* child isn't reused even if there was no alive vma, thus rmap walker has a
|
|
* good chance of avoiding scanning the whole hierarchy when it searches where
|
|
* page is mapped.
|
|
*/
|
|
int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src)
|
|
{
|
|
struct anon_vma_chain *avc, *pavc;
|
|
struct anon_vma *root = NULL;
|
|
|
|
list_for_each_entry_reverse(pavc, &src->anon_vma_chain, same_vma) {
|
|
struct anon_vma *anon_vma;
|
|
|
|
avc = anon_vma_chain_alloc(GFP_NOWAIT | __GFP_NOWARN);
|
|
if (unlikely(!avc)) {
|
|
unlock_anon_vma_root(root);
|
|
root = NULL;
|
|
avc = anon_vma_chain_alloc(GFP_KERNEL);
|
|
if (!avc)
|
|
goto enomem_failure;
|
|
}
|
|
anon_vma = pavc->anon_vma;
|
|
root = lock_anon_vma_root(root, anon_vma);
|
|
anon_vma_chain_link(dst, avc, anon_vma);
|
|
|
|
/*
|
|
* Reuse existing anon_vma if its degree lower than two,
|
|
* that means it has no vma and only one anon_vma child.
|
|
*
|
|
* Do not chose parent anon_vma, otherwise first child
|
|
* will always reuse it. Root anon_vma is never reused:
|
|
* it has self-parent reference and at least one child.
|
|
*/
|
|
if (!dst->anon_vma && anon_vma != src->anon_vma &&
|
|
anon_vma->degree < 2)
|
|
dst->anon_vma = anon_vma;
|
|
}
|
|
if (dst->anon_vma)
|
|
dst->anon_vma->degree++;
|
|
unlock_anon_vma_root(root);
|
|
return 0;
|
|
|
|
enomem_failure:
|
|
/*
|
|
* dst->anon_vma is dropped here otherwise its degree can be incorrectly
|
|
* decremented in unlink_anon_vmas().
|
|
* We can safely do this because callers of anon_vma_clone() don't care
|
|
* about dst->anon_vma if anon_vma_clone() failed.
|
|
*/
|
|
dst->anon_vma = NULL;
|
|
unlink_anon_vmas(dst);
|
|
return -ENOMEM;
|
|
}
|
|
|
|
/*
|
|
* Attach vma to its own anon_vma, as well as to the anon_vmas that
|
|
* the corresponding VMA in the parent process is attached to.
|
|
* Returns 0 on success, non-zero on failure.
|
|
*/
|
|
int anon_vma_fork(struct vm_area_struct *vma, struct vm_area_struct *pvma)
|
|
{
|
|
struct anon_vma_chain *avc;
|
|
struct anon_vma *anon_vma;
|
|
int error;
|
|
|
|
/* Don't bother if the parent process has no anon_vma here. */
|
|
if (!pvma->anon_vma)
|
|
return 0;
|
|
|
|
/* Drop inherited anon_vma, we'll reuse existing or allocate new. */
|
|
vma->anon_vma = NULL;
|
|
|
|
/*
|
|
* First, attach the new VMA to the parent VMA's anon_vmas,
|
|
* so rmap can find non-COWed pages in child processes.
|
|
*/
|
|
error = anon_vma_clone(vma, pvma);
|
|
if (error)
|
|
return error;
|
|
|
|
/* An existing anon_vma has been reused, all done then. */
|
|
if (vma->anon_vma)
|
|
return 0;
|
|
|
|
/* Then add our own anon_vma. */
|
|
anon_vma = anon_vma_alloc();
|
|
if (!anon_vma)
|
|
goto out_error;
|
|
avc = anon_vma_chain_alloc(GFP_KERNEL);
|
|
if (!avc)
|
|
goto out_error_free_anon_vma;
|
|
|
|
/*
|
|
* The root anon_vma's spinlock is the lock actually used when we
|
|
* lock any of the anon_vmas in this anon_vma tree.
|
|
*/
|
|
anon_vma->root = pvma->anon_vma->root;
|
|
anon_vma->parent = pvma->anon_vma;
|
|
/*
|
|
* With refcounts, an anon_vma can stay around longer than the
|
|
* process it belongs to. The root anon_vma needs to be pinned until
|
|
* this anon_vma is freed, because the lock lives in the root.
|
|
*/
|
|
get_anon_vma(anon_vma->root);
|
|
/* Mark this anon_vma as the one where our new (COWed) pages go. */
|
|
vma->anon_vma = anon_vma;
|
|
anon_vma_lock_write(anon_vma);
|
|
anon_vma_chain_link(vma, avc, anon_vma);
|
|
anon_vma->parent->degree++;
|
|
anon_vma_unlock_write(anon_vma);
|
|
|
|
return 0;
|
|
|
|
out_error_free_anon_vma:
|
|
put_anon_vma(anon_vma);
|
|
out_error:
|
|
unlink_anon_vmas(vma);
|
|
return -ENOMEM;
|
|
}
|
|
|
|
void unlink_anon_vmas(struct vm_area_struct *vma)
|
|
{
|
|
struct anon_vma_chain *avc, *next;
|
|
struct anon_vma *root = NULL;
|
|
|
|
/*
|
|
* Unlink each anon_vma chained to the VMA. This list is ordered
|
|
* from newest to oldest, ensuring the root anon_vma gets freed last.
|
|
*/
|
|
list_for_each_entry_safe(avc, next, &vma->anon_vma_chain, same_vma) {
|
|
struct anon_vma *anon_vma = avc->anon_vma;
|
|
|
|
root = lock_anon_vma_root(root, anon_vma);
|
|
anon_vma_interval_tree_remove(avc, &anon_vma->rb_root);
|
|
|
|
/*
|
|
* Leave empty anon_vmas on the list - we'll need
|
|
* to free them outside the lock.
|
|
*/
|
|
if (RB_EMPTY_ROOT(&anon_vma->rb_root)) {
|
|
anon_vma->parent->degree--;
|
|
continue;
|
|
}
|
|
|
|
list_del(&avc->same_vma);
|
|
anon_vma_chain_free(avc);
|
|
}
|
|
if (vma->anon_vma)
|
|
vma->anon_vma->degree--;
|
|
unlock_anon_vma_root(root);
|
|
|
|
/*
|
|
* Iterate the list once more, it now only contains empty and unlinked
|
|
* anon_vmas, destroy them. Could not do before due to __put_anon_vma()
|
|
* needing to write-acquire the anon_vma->root->rwsem.
|
|
*/
|
|
list_for_each_entry_safe(avc, next, &vma->anon_vma_chain, same_vma) {
|
|
struct anon_vma *anon_vma = avc->anon_vma;
|
|
|
|
VM_WARN_ON(anon_vma->degree);
|
|
put_anon_vma(anon_vma);
|
|
|
|
list_del(&avc->same_vma);
|
|
anon_vma_chain_free(avc);
|
|
}
|
|
}
|
|
|
|
static void anon_vma_ctor(void *data)
|
|
{
|
|
struct anon_vma *anon_vma = data;
|
|
|
|
init_rwsem(&anon_vma->rwsem);
|
|
atomic_set(&anon_vma->refcount, 0);
|
|
anon_vma->rb_root = RB_ROOT;
|
|
}
|
|
|
|
void __init anon_vma_init(void)
|
|
{
|
|
anon_vma_cachep = kmem_cache_create("anon_vma", sizeof(struct anon_vma),
|
|
0, SLAB_DESTROY_BY_RCU|SLAB_PANIC, anon_vma_ctor);
|
|
anon_vma_chain_cachep = KMEM_CACHE(anon_vma_chain, SLAB_PANIC);
|
|
}
|
|
|
|
/*
|
|
* Getting a lock on a stable anon_vma from a page off the LRU is tricky!
|
|
*
|
|
* Since there is no serialization what so ever against page_remove_rmap()
|
|
* the best this function can do is return a locked anon_vma that might
|
|
* have been relevant to this page.
|
|
*
|
|
* The page might have been remapped to a different anon_vma or the anon_vma
|
|
* returned may already be freed (and even reused).
|
|
*
|
|
* In case it was remapped to a different anon_vma, the new anon_vma will be a
|
|
* child of the old anon_vma, and the anon_vma lifetime rules will therefore
|
|
* ensure that any anon_vma obtained from the page will still be valid for as
|
|
* long as we observe page_mapped() [ hence all those page_mapped() tests ].
|
|
*
|
|
* All users of this function must be very careful when walking the anon_vma
|
|
* chain and verify that the page in question is indeed mapped in it
|
|
* [ something equivalent to page_mapped_in_vma() ].
|
|
*
|
|
* Since anon_vma's slab is DESTROY_BY_RCU and we know from page_remove_rmap()
|
|
* that the anon_vma pointer from page->mapping is valid if there is a
|
|
* mapcount, we can dereference the anon_vma after observing those.
|
|
*/
|
|
struct anon_vma *page_get_anon_vma(struct page *page)
|
|
{
|
|
struct anon_vma *anon_vma = NULL;
|
|
unsigned long anon_mapping;
|
|
|
|
rcu_read_lock();
|
|
anon_mapping = (unsigned long)READ_ONCE(page->mapping);
|
|
if ((anon_mapping & PAGE_MAPPING_FLAGS) != PAGE_MAPPING_ANON)
|
|
goto out;
|
|
if (!page_mapped(page))
|
|
goto out;
|
|
|
|
anon_vma = (struct anon_vma *) (anon_mapping - PAGE_MAPPING_ANON);
|
|
if (!atomic_inc_not_zero(&anon_vma->refcount)) {
|
|
anon_vma = NULL;
|
|
goto out;
|
|
}
|
|
|
|
/*
|
|
* If this page is still mapped, then its anon_vma cannot have been
|
|
* freed. But if it has been unmapped, we have no security against the
|
|
* anon_vma structure being freed and reused (for another anon_vma:
|
|
* SLAB_DESTROY_BY_RCU guarantees that - so the atomic_inc_not_zero()
|
|
* above cannot corrupt).
|
|
*/
|
|
if (!page_mapped(page)) {
|
|
rcu_read_unlock();
|
|
put_anon_vma(anon_vma);
|
|
return NULL;
|
|
}
|
|
out:
|
|
rcu_read_unlock();
|
|
|
|
return anon_vma;
|
|
}
|
|
|
|
/*
|
|
* Similar to page_get_anon_vma() except it locks the anon_vma.
|
|
*
|
|
* Its a little more complex as it tries to keep the fast path to a single
|
|
* atomic op -- the trylock. If we fail the trylock, we fall back to getting a
|
|
* reference like with page_get_anon_vma() and then block on the mutex.
|
|
*/
|
|
struct anon_vma *page_lock_anon_vma_read(struct page *page)
|
|
{
|
|
struct anon_vma *anon_vma = NULL;
|
|
struct anon_vma *root_anon_vma;
|
|
unsigned long anon_mapping;
|
|
|
|
rcu_read_lock();
|
|
anon_mapping = (unsigned long)READ_ONCE(page->mapping);
|
|
if ((anon_mapping & PAGE_MAPPING_FLAGS) != PAGE_MAPPING_ANON)
|
|
goto out;
|
|
if (!page_mapped(page))
|
|
goto out;
|
|
|
|
anon_vma = (struct anon_vma *) (anon_mapping - PAGE_MAPPING_ANON);
|
|
root_anon_vma = READ_ONCE(anon_vma->root);
|
|
if (down_read_trylock(&root_anon_vma->rwsem)) {
|
|
/*
|
|
* If the page is still mapped, then this anon_vma is still
|
|
* its anon_vma, and holding the mutex ensures that it will
|
|
* not go away, see anon_vma_free().
|
|
*/
|
|
if (!page_mapped(page)) {
|
|
up_read(&root_anon_vma->rwsem);
|
|
anon_vma = NULL;
|
|
}
|
|
goto out;
|
|
}
|
|
|
|
/* trylock failed, we got to sleep */
|
|
if (!atomic_inc_not_zero(&anon_vma->refcount)) {
|
|
anon_vma = NULL;
|
|
goto out;
|
|
}
|
|
|
|
if (!page_mapped(page)) {
|
|
rcu_read_unlock();
|
|
put_anon_vma(anon_vma);
|
|
return NULL;
|
|
}
|
|
|
|
/* we pinned the anon_vma, its safe to sleep */
|
|
rcu_read_unlock();
|
|
anon_vma_lock_read(anon_vma);
|
|
|
|
if (atomic_dec_and_test(&anon_vma->refcount)) {
|
|
/*
|
|
* Oops, we held the last refcount, release the lock
|
|
* and bail -- can't simply use put_anon_vma() because
|
|
* we'll deadlock on the anon_vma_lock_write() recursion.
|
|
*/
|
|
anon_vma_unlock_read(anon_vma);
|
|
__put_anon_vma(anon_vma);
|
|
anon_vma = NULL;
|
|
}
|
|
|
|
return anon_vma;
|
|
|
|
out:
|
|
rcu_read_unlock();
|
|
return anon_vma;
|
|
}
|
|
|
|
void page_unlock_anon_vma_read(struct anon_vma *anon_vma)
|
|
{
|
|
anon_vma_unlock_read(anon_vma);
|
|
}
|
|
|
|
/*
|
|
* At what user virtual address is page expected in @vma?
|
|
*/
|
|
static inline unsigned long
|
|
__vma_address(struct page *page, struct vm_area_struct *vma)
|
|
{
|
|
pgoff_t pgoff = page_to_pgoff(page);
|
|
return vma->vm_start + ((pgoff - vma->vm_pgoff) << PAGE_SHIFT);
|
|
}
|
|
|
|
inline unsigned long
|
|
vma_address(struct page *page, struct vm_area_struct *vma)
|
|
{
|
|
unsigned long address = __vma_address(page, vma);
|
|
|
|
/* page should be within @vma mapping range */
|
|
VM_BUG_ON_VMA(address < vma->vm_start || address >= vma->vm_end, vma);
|
|
|
|
return address;
|
|
}
|
|
|
|
#ifdef CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH
|
|
/*
|
|
* Flush TLB entries for recently unmapped pages from remote CPUs. It is
|
|
* important if a PTE was dirty when it was unmapped that it's flushed
|
|
* before any IO is initiated on the page to prevent lost writes. Similarly,
|
|
* it must be flushed before freeing to prevent data leakage.
|
|
*/
|
|
void try_to_unmap_flush(void)
|
|
{
|
|
struct tlbflush_unmap_batch *tlb_ubc = ¤t->tlb_ubc;
|
|
int cpu;
|
|
|
|
if (!tlb_ubc->flush_required)
|
|
return;
|
|
|
|
cpu = get_cpu();
|
|
|
|
if (cpumask_test_cpu(cpu, &tlb_ubc->cpumask)) {
|
|
count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
|
|
local_flush_tlb();
|
|
trace_tlb_flush(TLB_LOCAL_SHOOTDOWN, TLB_FLUSH_ALL);
|
|
}
|
|
|
|
if (cpumask_any_but(&tlb_ubc->cpumask, cpu) < nr_cpu_ids)
|
|
flush_tlb_others(&tlb_ubc->cpumask, NULL, 0, TLB_FLUSH_ALL);
|
|
cpumask_clear(&tlb_ubc->cpumask);
|
|
tlb_ubc->flush_required = false;
|
|
tlb_ubc->writable = false;
|
|
put_cpu();
|
|
}
|
|
|
|
/* Flush iff there are potentially writable TLB entries that can race with IO */
|
|
void try_to_unmap_flush_dirty(void)
|
|
{
|
|
struct tlbflush_unmap_batch *tlb_ubc = ¤t->tlb_ubc;
|
|
|
|
if (tlb_ubc->writable)
|
|
try_to_unmap_flush();
|
|
}
|
|
|
|
static void set_tlb_ubc_flush_pending(struct mm_struct *mm,
|
|
struct page *page, bool writable)
|
|
{
|
|
struct tlbflush_unmap_batch *tlb_ubc = ¤t->tlb_ubc;
|
|
|
|
cpumask_or(&tlb_ubc->cpumask, &tlb_ubc->cpumask, mm_cpumask(mm));
|
|
tlb_ubc->flush_required = true;
|
|
|
|
/*
|
|
* Ensure compiler does not re-order the setting of tlb_flush_batched
|
|
* before the PTE is cleared.
|
|
*/
|
|
barrier();
|
|
mm->tlb_flush_batched = true;
|
|
|
|
/*
|
|
* If the PTE was dirty then it's best to assume it's writable. The
|
|
* caller must use try_to_unmap_flush_dirty() or try_to_unmap_flush()
|
|
* before the page is queued for IO.
|
|
*/
|
|
if (writable)
|
|
tlb_ubc->writable = true;
|
|
}
|
|
|
|
/*
|
|
* Returns true if the TLB flush should be deferred to the end of a batch of
|
|
* unmap operations to reduce IPIs.
|
|
*/
|
|
static bool should_defer_flush(struct mm_struct *mm, enum ttu_flags flags)
|
|
{
|
|
bool should_defer = false;
|
|
|
|
if (!(flags & TTU_BATCH_FLUSH))
|
|
return false;
|
|
|
|
/* If remote CPUs need to be flushed then defer batch the flush */
|
|
if (cpumask_any_but(mm_cpumask(mm), get_cpu()) < nr_cpu_ids)
|
|
should_defer = true;
|
|
put_cpu();
|
|
|
|
return should_defer;
|
|
}
|
|
|
|
/*
|
|
* Reclaim unmaps pages under the PTL but do not flush the TLB prior to
|
|
* releasing the PTL if TLB flushes are batched. It's possible for a parallel
|
|
* operation such as mprotect or munmap to race between reclaim unmapping
|
|
* the page and flushing the page. If this race occurs, it potentially allows
|
|
* access to data via a stale TLB entry. Tracking all mm's that have TLB
|
|
* batching in flight would be expensive during reclaim so instead track
|
|
* whether TLB batching occurred in the past and if so then do a flush here
|
|
* if required. This will cost one additional flush per reclaim cycle paid
|
|
* by the first operation at risk such as mprotect and mumap.
|
|
*
|
|
* This must be called under the PTL so that an access to tlb_flush_batched
|
|
* that is potentially a "reclaim vs mprotect/munmap/etc" race will synchronise
|
|
* via the PTL.
|
|
*/
|
|
void flush_tlb_batched_pending(struct mm_struct *mm)
|
|
{
|
|
if (mm->tlb_flush_batched) {
|
|
flush_tlb_mm(mm);
|
|
|
|
/*
|
|
* Do not allow the compiler to re-order the clearing of
|
|
* tlb_flush_batched before the tlb is flushed.
|
|
*/
|
|
barrier();
|
|
mm->tlb_flush_batched = false;
|
|
}
|
|
}
|
|
#else
|
|
static void set_tlb_ubc_flush_pending(struct mm_struct *mm,
|
|
struct page *page, bool writable)
|
|
{
|
|
}
|
|
|
|
static bool should_defer_flush(struct mm_struct *mm, enum ttu_flags flags)
|
|
{
|
|
return false;
|
|
}
|
|
#endif /* CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH */
|
|
|
|
/*
|
|
* At what user virtual address is page expected in vma?
|
|
* Caller should check the page is actually part of the vma.
|
|
*/
|
|
unsigned long page_address_in_vma(struct page *page, struct vm_area_struct *vma)
|
|
{
|
|
unsigned long address;
|
|
if (PageAnon(page)) {
|
|
struct anon_vma *page__anon_vma = page_anon_vma(page);
|
|
/*
|
|
* Note: swapoff's unuse_vma() is more efficient with this
|
|
* check, and needs it to match anon_vma when KSM is active.
|
|
*/
|
|
if (!vma->anon_vma || !page__anon_vma ||
|
|
vma->anon_vma->root != page__anon_vma->root)
|
|
return -EFAULT;
|
|
} else if (page->mapping) {
|
|
if (!vma->vm_file || vma->vm_file->f_mapping != page->mapping)
|
|
return -EFAULT;
|
|
} else
|
|
return -EFAULT;
|
|
address = __vma_address(page, vma);
|
|
if (unlikely(address < vma->vm_start || address >= vma->vm_end))
|
|
return -EFAULT;
|
|
return address;
|
|
}
|
|
|
|
pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address)
|
|
{
|
|
pgd_t *pgd;
|
|
pud_t *pud;
|
|
pmd_t *pmd = NULL;
|
|
pmd_t pmde;
|
|
|
|
pgd = pgd_offset(mm, address);
|
|
if (!pgd_present(*pgd))
|
|
goto out;
|
|
|
|
pud = pud_offset(pgd, address);
|
|
if (!pud_present(*pud))
|
|
goto out;
|
|
|
|
pmd = pmd_offset(pud, address);
|
|
/*
|
|
* Some THP functions use the sequence pmdp_huge_clear_flush(), set_pmd_at()
|
|
* without holding anon_vma lock for write. So when looking for a
|
|
* genuine pmde (in which to find pte), test present and !THP together.
|
|
*/
|
|
pmde = *pmd;
|
|
barrier();
|
|
if (!pmd_present(pmde) || pmd_trans_huge(pmde))
|
|
pmd = NULL;
|
|
out:
|
|
return pmd;
|
|
}
|
|
|
|
/*
|
|
* Check that @page is mapped at @address into @mm.
|
|
*
|
|
* If @sync is false, page_check_address may perform a racy check to avoid
|
|
* the page table lock when the pte is not present (helpful when reclaiming
|
|
* highly shared pages).
|
|
*
|
|
* On success returns with pte mapped and locked.
|
|
*/
|
|
pte_t *__page_check_address(struct page *page, struct mm_struct *mm,
|
|
unsigned long address, spinlock_t **ptlp, int sync)
|
|
{
|
|
pmd_t *pmd;
|
|
pte_t *pte;
|
|
spinlock_t *ptl;
|
|
|
|
if (unlikely(PageHuge(page))) {
|
|
/* when pud is not present, pte will be NULL */
|
|
pte = huge_pte_offset(mm, address);
|
|
if (!pte)
|
|
return NULL;
|
|
|
|
ptl = huge_pte_lockptr(page_hstate(page), mm, pte);
|
|
goto check;
|
|
}
|
|
|
|
pmd = mm_find_pmd(mm, address);
|
|
if (!pmd)
|
|
return NULL;
|
|
|
|
pte = pte_offset_map(pmd, address);
|
|
/* Make a quick check before getting the lock */
|
|
if (!sync && !pte_present(*pte)) {
|
|
pte_unmap(pte);
|
|
return NULL;
|
|
}
|
|
|
|
ptl = pte_lockptr(mm, pmd);
|
|
check:
|
|
spin_lock(ptl);
|
|
if (pte_present(*pte) && page_to_pfn(page) == pte_pfn(*pte)) {
|
|
*ptlp = ptl;
|
|
return pte;
|
|
}
|
|
pte_unmap_unlock(pte, ptl);
|
|
return NULL;
|
|
}
|
|
|
|
/**
|
|
* page_mapped_in_vma - check whether a page is really mapped in a VMA
|
|
* @page: the page to test
|
|
* @vma: the VMA to test
|
|
*
|
|
* Returns 1 if the page is mapped into the page tables of the VMA, 0
|
|
* if the page is not mapped into the page tables of this VMA. Only
|
|
* valid for normal file or anonymous VMAs.
|
|
*/
|
|
int page_mapped_in_vma(struct page *page, struct vm_area_struct *vma)
|
|
{
|
|
unsigned long address;
|
|
pte_t *pte;
|
|
spinlock_t *ptl;
|
|
|
|
address = __vma_address(page, vma);
|
|
if (unlikely(address < vma->vm_start || address >= vma->vm_end))
|
|
return 0;
|
|
pte = page_check_address(page, vma->vm_mm, address, &ptl, 1);
|
|
if (!pte) /* the page is not in this mm */
|
|
return 0;
|
|
pte_unmap_unlock(pte, ptl);
|
|
|
|
return 1;
|
|
}
|
|
|
|
struct page_referenced_arg {
|
|
int mapcount;
|
|
int referenced;
|
|
unsigned long vm_flags;
|
|
struct mem_cgroup *memcg;
|
|
};
|
|
/*
|
|
* arg: page_referenced_arg will be passed
|
|
*/
|
|
static int page_referenced_one(struct page *page, struct vm_area_struct *vma,
|
|
unsigned long address, void *arg)
|
|
{
|
|
struct mm_struct *mm = vma->vm_mm;
|
|
spinlock_t *ptl;
|
|
int referenced = 0;
|
|
struct page_referenced_arg *pra = arg;
|
|
|
|
if (unlikely(PageTransHuge(page))) {
|
|
pmd_t *pmd;
|
|
|
|
/*
|
|
* rmap might return false positives; we must filter
|
|
* these out using page_check_address_pmd().
|
|
*/
|
|
pmd = page_check_address_pmd(page, mm, address,
|
|
PAGE_CHECK_ADDRESS_PMD_FLAG, &ptl);
|
|
if (!pmd)
|
|
return SWAP_AGAIN;
|
|
|
|
if (vma->vm_flags & VM_LOCKED) {
|
|
spin_unlock(ptl);
|
|
pra->vm_flags |= VM_LOCKED;
|
|
return SWAP_FAIL; /* To break the loop */
|
|
}
|
|
|
|
/* go ahead even if the pmd is pmd_trans_splitting() */
|
|
if (pmdp_clear_flush_young_notify(vma, address, pmd))
|
|
referenced++;
|
|
spin_unlock(ptl);
|
|
} else {
|
|
pte_t *pte;
|
|
|
|
/*
|
|
* rmap might return false positives; we must filter
|
|
* these out using page_check_address().
|
|
*/
|
|
pte = page_check_address(page, mm, address, &ptl, 0);
|
|
if (!pte)
|
|
return SWAP_AGAIN;
|
|
|
|
if (vma->vm_flags & VM_LOCKED) {
|
|
pte_unmap_unlock(pte, ptl);
|
|
pra->vm_flags |= VM_LOCKED;
|
|
return SWAP_FAIL; /* To break the loop */
|
|
}
|
|
|
|
if (ptep_clear_flush_young_notify(vma, address, pte)) {
|
|
/*
|
|
* Don't treat a reference through a sequentially read
|
|
* mapping as such. If the page has been used in
|
|
* another mapping, we will catch it; if this other
|
|
* mapping is already gone, the unmap path will have
|
|
* set PG_referenced or activated the page.
|
|
*/
|
|
if (likely(!(vma->vm_flags & VM_SEQ_READ)))
|
|
referenced++;
|
|
}
|
|
pte_unmap_unlock(pte, ptl);
|
|
}
|
|
|
|
if (referenced)
|
|
clear_page_idle(page);
|
|
if (test_and_clear_page_young(page))
|
|
referenced++;
|
|
|
|
if (referenced) {
|
|
pra->referenced++;
|
|
pra->vm_flags |= vma->vm_flags;
|
|
}
|
|
|
|
pra->mapcount--;
|
|
if (!pra->mapcount)
|
|
return SWAP_SUCCESS; /* To break the loop */
|
|
|
|
return SWAP_AGAIN;
|
|
}
|
|
|
|
static bool invalid_page_referenced_vma(struct vm_area_struct *vma, void *arg)
|
|
{
|
|
struct page_referenced_arg *pra = arg;
|
|
struct mem_cgroup *memcg = pra->memcg;
|
|
|
|
if (!mm_match_cgroup(vma->vm_mm, memcg))
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* page_referenced - test if the page was referenced
|
|
* @page: the page to test
|
|
* @is_locked: caller holds lock on the page
|
|
* @memcg: target memory cgroup
|
|
* @vm_flags: collect encountered vma->vm_flags who actually referenced the page
|
|
*
|
|
* Quick test_and_clear_referenced for all mappings to a page,
|
|
* returns the number of ptes which referenced the page.
|
|
*/
|
|
int page_referenced(struct page *page,
|
|
int is_locked,
|
|
struct mem_cgroup *memcg,
|
|
unsigned long *vm_flags)
|
|
{
|
|
int ret;
|
|
int we_locked = 0;
|
|
struct page_referenced_arg pra = {
|
|
.mapcount = page_mapcount(page),
|
|
.memcg = memcg,
|
|
};
|
|
struct rmap_walk_control rwc = {
|
|
.rmap_one = page_referenced_one,
|
|
.arg = (void *)&pra,
|
|
.anon_lock = page_lock_anon_vma_read,
|
|
};
|
|
|
|
*vm_flags = 0;
|
|
if (!page_mapped(page))
|
|
return 0;
|
|
|
|
if (!page_rmapping(page))
|
|
return 0;
|
|
|
|
if (!is_locked && (!PageAnon(page) || PageKsm(page))) {
|
|
we_locked = trylock_page(page);
|
|
if (!we_locked)
|
|
return 1;
|
|
}
|
|
|
|
/*
|
|
* If we are reclaiming on behalf of a cgroup, skip
|
|
* counting on behalf of references from different
|
|
* cgroups
|
|
*/
|
|
if (memcg) {
|
|
rwc.invalid_vma = invalid_page_referenced_vma;
|
|
}
|
|
|
|
ret = rmap_walk(page, &rwc);
|
|
*vm_flags = pra.vm_flags;
|
|
|
|
if (we_locked)
|
|
unlock_page(page);
|
|
|
|
return pra.referenced;
|
|
}
|
|
|
|
static int page_mkclean_one(struct page *page, struct vm_area_struct *vma,
|
|
unsigned long address, void *arg)
|
|
{
|
|
struct mm_struct *mm = vma->vm_mm;
|
|
pte_t *pte;
|
|
spinlock_t *ptl;
|
|
int ret = 0;
|
|
int *cleaned = arg;
|
|
|
|
pte = page_check_address(page, mm, address, &ptl, 1);
|
|
if (!pte)
|
|
goto out;
|
|
|
|
if (pte_dirty(*pte) || pte_write(*pte)) {
|
|
pte_t entry;
|
|
|
|
flush_cache_page(vma, address, pte_pfn(*pte));
|
|
entry = ptep_clear_flush(vma, address, pte);
|
|
entry = pte_wrprotect(entry);
|
|
entry = pte_mkclean(entry);
|
|
set_pte_at(mm, address, pte, entry);
|
|
ret = 1;
|
|
}
|
|
|
|
pte_unmap_unlock(pte, ptl);
|
|
|
|
if (ret) {
|
|
mmu_notifier_invalidate_page(mm, address);
|
|
(*cleaned)++;
|
|
}
|
|
out:
|
|
return SWAP_AGAIN;
|
|
}
|
|
|
|
static bool invalid_mkclean_vma(struct vm_area_struct *vma, void *arg)
|
|
{
|
|
if (vma->vm_flags & VM_SHARED)
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
int page_mkclean(struct page *page)
|
|
{
|
|
int cleaned = 0;
|
|
struct address_space *mapping;
|
|
struct rmap_walk_control rwc = {
|
|
.arg = (void *)&cleaned,
|
|
.rmap_one = page_mkclean_one,
|
|
.invalid_vma = invalid_mkclean_vma,
|
|
};
|
|
|
|
BUG_ON(!PageLocked(page));
|
|
|
|
if (!page_mapped(page))
|
|
return 0;
|
|
|
|
mapping = page_mapping(page);
|
|
if (!mapping)
|
|
return 0;
|
|
|
|
rmap_walk(page, &rwc);
|
|
|
|
return cleaned;
|
|
}
|
|
EXPORT_SYMBOL_GPL(page_mkclean);
|
|
|
|
/**
|
|
* page_move_anon_rmap - move a page to our anon_vma
|
|
* @page: the page to move to our anon_vma
|
|
* @vma: the vma the page belongs to
|
|
* @address: the user virtual address mapped
|
|
*
|
|
* When a page belongs exclusively to one process after a COW event,
|
|
* that page can be moved into the anon_vma that belongs to just that
|
|
* process, so the rmap code will not search the parent or sibling
|
|
* processes.
|
|
*/
|
|
void page_move_anon_rmap(struct page *page,
|
|
struct vm_area_struct *vma, unsigned long address)
|
|
{
|
|
struct anon_vma *anon_vma = vma->anon_vma;
|
|
|
|
VM_BUG_ON_PAGE(!PageLocked(page), page);
|
|
VM_BUG_ON_VMA(!anon_vma, vma);
|
|
VM_BUG_ON_PAGE(page->index != linear_page_index(vma, address), page);
|
|
|
|
anon_vma = (void *) anon_vma + PAGE_MAPPING_ANON;
|
|
/*
|
|
* Ensure that anon_vma and the PAGE_MAPPING_ANON bit are written
|
|
* simultaneously, so a concurrent reader (eg page_referenced()'s
|
|
* PageAnon()) will not see one without the other.
|
|
*/
|
|
WRITE_ONCE(page->mapping, (struct address_space *) anon_vma);
|
|
}
|
|
|
|
/**
|
|
* __page_set_anon_rmap - set up new anonymous rmap
|
|
* @page: Page to add to rmap
|
|
* @vma: VM area to add page to.
|
|
* @address: User virtual address of the mapping
|
|
* @exclusive: the page is exclusively owned by the current process
|
|
*/
|
|
static void __page_set_anon_rmap(struct page *page,
|
|
struct vm_area_struct *vma, unsigned long address, int exclusive)
|
|
{
|
|
struct anon_vma *anon_vma = vma->anon_vma;
|
|
|
|
BUG_ON(!anon_vma);
|
|
|
|
if (PageAnon(page))
|
|
return;
|
|
|
|
/*
|
|
* If the page isn't exclusively mapped into this vma,
|
|
* we must use the _oldest_ possible anon_vma for the
|
|
* page mapping!
|
|
*/
|
|
if (!exclusive)
|
|
anon_vma = anon_vma->root;
|
|
|
|
anon_vma = (void *) anon_vma + PAGE_MAPPING_ANON;
|
|
page->mapping = (struct address_space *) anon_vma;
|
|
page->index = linear_page_index(vma, address);
|
|
}
|
|
|
|
/**
|
|
* __page_check_anon_rmap - sanity check anonymous rmap addition
|
|
* @page: the page to add the mapping to
|
|
* @vma: the vm area in which the mapping is added
|
|
* @address: the user virtual address mapped
|
|
*/
|
|
static void __page_check_anon_rmap(struct page *page,
|
|
struct vm_area_struct *vma, unsigned long address)
|
|
{
|
|
#ifdef CONFIG_DEBUG_VM
|
|
/*
|
|
* The page's anon-rmap details (mapping and index) are guaranteed to
|
|
* be set up correctly at this point.
|
|
*
|
|
* We have exclusion against page_add_anon_rmap because the caller
|
|
* always holds the page locked, except if called from page_dup_rmap,
|
|
* in which case the page is already known to be setup.
|
|
*
|
|
* We have exclusion against page_add_new_anon_rmap because those pages
|
|
* are initially only visible via the pagetables, and the pte is locked
|
|
* over the call to page_add_new_anon_rmap.
|
|
*/
|
|
BUG_ON(page_anon_vma(page)->root != vma->anon_vma->root);
|
|
BUG_ON(page->index != linear_page_index(vma, address));
|
|
#endif
|
|
}
|
|
|
|
/**
|
|
* page_add_anon_rmap - add pte mapping to an anonymous page
|
|
* @page: the page to add the mapping to
|
|
* @vma: the vm area in which the mapping is added
|
|
* @address: the user virtual address mapped
|
|
*
|
|
* The caller needs to hold the pte lock, and the page must be locked in
|
|
* the anon_vma case: to serialize mapping,index checking after setting,
|
|
* and to ensure that PageAnon is not being upgraded racily to PageKsm
|
|
* (but PageKsm is never downgraded to PageAnon).
|
|
*/
|
|
void page_add_anon_rmap(struct page *page,
|
|
struct vm_area_struct *vma, unsigned long address)
|
|
{
|
|
do_page_add_anon_rmap(page, vma, address, 0);
|
|
}
|
|
|
|
/*
|
|
* Special version of the above for do_swap_page, which often runs
|
|
* into pages that are exclusively owned by the current process.
|
|
* Everybody else should continue to use page_add_anon_rmap above.
|
|
*/
|
|
void do_page_add_anon_rmap(struct page *page,
|
|
struct vm_area_struct *vma, unsigned long address, int exclusive)
|
|
{
|
|
int first = atomic_inc_and_test(&page->_mapcount);
|
|
if (first) {
|
|
/*
|
|
* We use the irq-unsafe __{inc|mod}_zone_page_stat because
|
|
* these counters are not modified in interrupt context, and
|
|
* pte lock(a spinlock) is held, which implies preemption
|
|
* disabled.
|
|
*/
|
|
if (PageTransHuge(page))
|
|
__inc_zone_page_state(page,
|
|
NR_ANON_TRANSPARENT_HUGEPAGES);
|
|
__mod_zone_page_state(page_zone(page), NR_ANON_PAGES,
|
|
hpage_nr_pages(page));
|
|
}
|
|
if (unlikely(PageKsm(page)))
|
|
return;
|
|
|
|
VM_BUG_ON_PAGE(!PageLocked(page), page);
|
|
/* address might be in next vma when migration races vma_adjust */
|
|
if (first)
|
|
__page_set_anon_rmap(page, vma, address, exclusive);
|
|
else
|
|
__page_check_anon_rmap(page, vma, address);
|
|
}
|
|
|
|
/**
|
|
* page_add_new_anon_rmap - add pte mapping to a new anonymous page
|
|
* @page: the page to add the mapping to
|
|
* @vma: the vm area in which the mapping is added
|
|
* @address: the user virtual address mapped
|
|
*
|
|
* Same as page_add_anon_rmap but must only be called on *new* pages.
|
|
* This means the inc-and-test can be bypassed.
|
|
* Page does not have to be locked.
|
|
*/
|
|
void page_add_new_anon_rmap(struct page *page,
|
|
struct vm_area_struct *vma, unsigned long address)
|
|
{
|
|
VM_BUG_ON_VMA(address < vma->vm_start || address >= vma->vm_end, vma);
|
|
SetPageSwapBacked(page);
|
|
atomic_set(&page->_mapcount, 0); /* increment count (starts at -1) */
|
|
if (PageTransHuge(page))
|
|
__inc_zone_page_state(page, NR_ANON_TRANSPARENT_HUGEPAGES);
|
|
__mod_zone_page_state(page_zone(page), NR_ANON_PAGES,
|
|
hpage_nr_pages(page));
|
|
__page_set_anon_rmap(page, vma, address, 1);
|
|
}
|
|
|
|
/**
|
|
* page_add_file_rmap - add pte mapping to a file page
|
|
* @page: the page to add the mapping to
|
|
*
|
|
* The caller needs to hold the pte lock.
|
|
*/
|
|
void page_add_file_rmap(struct page *page)
|
|
{
|
|
struct mem_cgroup *memcg;
|
|
|
|
memcg = mem_cgroup_begin_page_stat(page);
|
|
if (atomic_inc_and_test(&page->_mapcount)) {
|
|
__inc_zone_page_state(page, NR_FILE_MAPPED);
|
|
mem_cgroup_inc_page_stat(memcg, MEM_CGROUP_STAT_FILE_MAPPED);
|
|
}
|
|
mem_cgroup_end_page_stat(memcg);
|
|
}
|
|
|
|
static void page_remove_file_rmap(struct page *page)
|
|
{
|
|
struct mem_cgroup *memcg;
|
|
|
|
memcg = mem_cgroup_begin_page_stat(page);
|
|
|
|
/* page still mapped by someone else? */
|
|
if (!atomic_add_negative(-1, &page->_mapcount))
|
|
goto out;
|
|
|
|
/* Hugepages are not counted in NR_FILE_MAPPED for now. */
|
|
if (unlikely(PageHuge(page)))
|
|
goto out;
|
|
|
|
/*
|
|
* We use the irq-unsafe __{inc|mod}_zone_page_stat because
|
|
* these counters are not modified in interrupt context, and
|
|
* pte lock(a spinlock) is held, which implies preemption disabled.
|
|
*/
|
|
__dec_zone_page_state(page, NR_FILE_MAPPED);
|
|
mem_cgroup_dec_page_stat(memcg, MEM_CGROUP_STAT_FILE_MAPPED);
|
|
|
|
if (unlikely(PageMlocked(page)))
|
|
clear_page_mlock(page);
|
|
out:
|
|
mem_cgroup_end_page_stat(memcg);
|
|
}
|
|
|
|
/**
|
|
* page_remove_rmap - take down pte mapping from a page
|
|
* @page: page to remove mapping from
|
|
*
|
|
* The caller needs to hold the pte lock.
|
|
*/
|
|
void page_remove_rmap(struct page *page)
|
|
{
|
|
if (!PageAnon(page)) {
|
|
page_remove_file_rmap(page);
|
|
return;
|
|
}
|
|
|
|
/* page still mapped by someone else? */
|
|
if (!atomic_add_negative(-1, &page->_mapcount))
|
|
return;
|
|
|
|
/* Hugepages are not counted in NR_ANON_PAGES for now. */
|
|
if (unlikely(PageHuge(page)))
|
|
return;
|
|
|
|
/*
|
|
* We use the irq-unsafe __{inc|mod}_zone_page_stat because
|
|
* these counters are not modified in interrupt context, and
|
|
* pte lock(a spinlock) is held, which implies preemption disabled.
|
|
*/
|
|
if (PageTransHuge(page))
|
|
__dec_zone_page_state(page, NR_ANON_TRANSPARENT_HUGEPAGES);
|
|
|
|
__mod_zone_page_state(page_zone(page), NR_ANON_PAGES,
|
|
-hpage_nr_pages(page));
|
|
|
|
if (unlikely(PageMlocked(page)))
|
|
clear_page_mlock(page);
|
|
|
|
/*
|
|
* It would be tidy to reset the PageAnon mapping here,
|
|
* but that might overwrite a racing page_add_anon_rmap
|
|
* which increments mapcount after us but sets mapping
|
|
* before us: so leave the reset to free_hot_cold_page,
|
|
* and remember that it's only reliable while mapped.
|
|
* Leaving it set also helps swapoff to reinstate ptes
|
|
* faster for those pages still in swapcache.
|
|
*/
|
|
}
|
|
|
|
/*
|
|
* @arg: enum ttu_flags will be passed to this argument
|
|
*/
|
|
static int try_to_unmap_one(struct page *page, struct vm_area_struct *vma,
|
|
unsigned long address, void *arg)
|
|
{
|
|
struct mm_struct *mm = vma->vm_mm;
|
|
pte_t *pte;
|
|
pte_t pteval;
|
|
spinlock_t *ptl;
|
|
int ret = SWAP_AGAIN;
|
|
unsigned long sh_address;
|
|
bool pmd_sharing_possible = false;
|
|
unsigned long spmd_start, spmd_end;
|
|
enum ttu_flags flags = (enum ttu_flags)arg;
|
|
|
|
/* munlock has nothing to gain from examining un-locked vmas */
|
|
if ((flags & TTU_MUNLOCK) && !(vma->vm_flags & VM_LOCKED))
|
|
goto out;
|
|
|
|
/*
|
|
* Only use the range_start/end mmu notifiers if huge pmd sharing
|
|
* is possible. In the normal case, mmu_notifier_invalidate_page
|
|
* is sufficient as we only unmap a page. However, if we unshare
|
|
* a pmd, we will unmap a PUD_SIZE range.
|
|
*/
|
|
if (PageHuge(page)) {
|
|
spmd_start = address;
|
|
spmd_end = spmd_start + vma_mmu_pagesize(vma);
|
|
|
|
/*
|
|
* Check if pmd sharing is possible. If possible, we could
|
|
* unmap a PUD_SIZE range. spmd_start/spmd_end will be
|
|
* modified if sharing is possible.
|
|
*/
|
|
adjust_range_if_pmd_sharing_possible(vma, &spmd_start,
|
|
&spmd_end);
|
|
if (spmd_end - spmd_start != vma_mmu_pagesize(vma)) {
|
|
sh_address = address;
|
|
|
|
pmd_sharing_possible = true;
|
|
mmu_notifier_invalidate_range_start(vma->vm_mm,
|
|
spmd_start, spmd_end);
|
|
}
|
|
}
|
|
|
|
pte = page_check_address(page, mm, address, &ptl, 0);
|
|
if (!pte)
|
|
goto out;
|
|
|
|
/*
|
|
* If the page is mlock()d, we cannot swap it out.
|
|
* If it's recently referenced (perhaps page_referenced
|
|
* skipped over this mm) then we should reactivate it.
|
|
*/
|
|
if (!(flags & TTU_IGNORE_MLOCK)) {
|
|
if (vma->vm_flags & VM_LOCKED) {
|
|
/* Holding pte lock, we do *not* need mmap_sem here */
|
|
mlock_vma_page(page);
|
|
ret = SWAP_MLOCK;
|
|
goto out_unmap;
|
|
}
|
|
if (flags & TTU_MUNLOCK)
|
|
goto out_unmap;
|
|
}
|
|
if (!(flags & TTU_IGNORE_ACCESS)) {
|
|
if (ptep_clear_flush_young_notify(vma, address, pte)) {
|
|
ret = SWAP_FAIL;
|
|
goto out_unmap;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Call huge_pmd_unshare to potentially unshare a huge pmd. Pass
|
|
* sh_address as it will be modified if unsharing is successful.
|
|
*/
|
|
if (PageHuge(page) && huge_pmd_unshare(mm, &sh_address, pte)) {
|
|
/*
|
|
* huge_pmd_unshare unmapped an entire PMD page. There is
|
|
* no way of knowing exactly which PMDs may be cached for
|
|
* this mm, so flush them all. spmd_start/spmd_end cover
|
|
* this PUD_SIZE range.
|
|
*/
|
|
flush_cache_range(vma, spmd_start, spmd_end);
|
|
flush_tlb_range(vma, spmd_start, spmd_end);
|
|
|
|
/*
|
|
* The ref count of the PMD page was dropped which is part
|
|
* of the way map counting is done for shared PMDs. When
|
|
* there is no other sharing, huge_pmd_unshare returns false
|
|
* and we will unmap the actual page and drop map count
|
|
* to zero.
|
|
*/
|
|
goto out_unmap;
|
|
}
|
|
|
|
/* Nuke the page table entry. */
|
|
flush_cache_page(vma, address, page_to_pfn(page));
|
|
if (should_defer_flush(mm, flags)) {
|
|
/*
|
|
* We clear the PTE but do not flush so potentially a remote
|
|
* CPU could still be writing to the page. If the entry was
|
|
* previously clean then the architecture must guarantee that
|
|
* a clear->dirty transition on a cached TLB entry is written
|
|
* through and traps if the PTE is unmapped.
|
|
*/
|
|
pteval = ptep_get_and_clear(mm, address, pte);
|
|
|
|
set_tlb_ubc_flush_pending(mm, page, pte_dirty(pteval));
|
|
} else {
|
|
pteval = ptep_clear_flush(vma, address, pte);
|
|
}
|
|
|
|
/* Move the dirty bit to the physical page now the pte is gone. */
|
|
if (pte_dirty(pteval))
|
|
set_page_dirty(page);
|
|
|
|
/* Update high watermark before we lower rss */
|
|
update_hiwater_rss(mm);
|
|
|
|
if (PageHWPoison(page) && !(flags & TTU_IGNORE_HWPOISON)) {
|
|
if (PageHuge(page)) {
|
|
hugetlb_count_sub(1 << compound_order(page), mm);
|
|
} else {
|
|
dec_mm_counter(mm, mm_counter(page));
|
|
}
|
|
set_pte_at(mm, address, pte,
|
|
swp_entry_to_pte(make_hwpoison_entry(page)));
|
|
} else if (pte_unused(pteval)) {
|
|
/*
|
|
* The guest indicated that the page content is of no
|
|
* interest anymore. Simply discard the pte, vmscan
|
|
* will take care of the rest.
|
|
*/
|
|
dec_mm_counter(mm, mm_counter(page));
|
|
} else if (IS_ENABLED(CONFIG_MIGRATION) && (flags & TTU_MIGRATION)) {
|
|
swp_entry_t entry;
|
|
pte_t swp_pte;
|
|
/*
|
|
* Store the pfn of the page in a special migration
|
|
* pte. do_swap_page() will wait until the migration
|
|
* pte is removed and then restart fault handling.
|
|
*/
|
|
entry = make_migration_entry(page, pte_write(pteval));
|
|
swp_pte = swp_entry_to_pte(entry);
|
|
if (pte_soft_dirty(pteval))
|
|
swp_pte = pte_swp_mksoft_dirty(swp_pte);
|
|
set_pte_at(mm, address, pte, swp_pte);
|
|
} else if (PageAnon(page)) {
|
|
swp_entry_t entry = { .val = page_private(page) };
|
|
pte_t swp_pte;
|
|
/*
|
|
* Store the swap location in the pte.
|
|
* See handle_pte_fault() ...
|
|
*/
|
|
VM_BUG_ON_PAGE(!PageSwapCache(page), page);
|
|
if (swap_duplicate(entry) < 0) {
|
|
set_pte_at(mm, address, pte, pteval);
|
|
ret = SWAP_FAIL;
|
|
goto out_unmap;
|
|
}
|
|
if (list_empty(&mm->mmlist)) {
|
|
spin_lock(&mmlist_lock);
|
|
if (list_empty(&mm->mmlist))
|
|
list_add(&mm->mmlist, &init_mm.mmlist);
|
|
spin_unlock(&mmlist_lock);
|
|
}
|
|
dec_mm_counter(mm, MM_ANONPAGES);
|
|
inc_mm_counter(mm, MM_SWAPENTS);
|
|
swp_pte = swp_entry_to_pte(entry);
|
|
if (pte_soft_dirty(pteval))
|
|
swp_pte = pte_swp_mksoft_dirty(swp_pte);
|
|
set_pte_at(mm, address, pte, swp_pte);
|
|
} else
|
|
dec_mm_counter(mm, mm_counter_file(page));
|
|
|
|
page_remove_rmap(page);
|
|
page_cache_release(page);
|
|
|
|
out_unmap:
|
|
pte_unmap_unlock(pte, ptl);
|
|
if (ret != SWAP_FAIL && ret != SWAP_MLOCK && !(flags & TTU_MUNLOCK))
|
|
mmu_notifier_invalidate_page(mm, address);
|
|
out:
|
|
if (pmd_sharing_possible)
|
|
mmu_notifier_invalidate_range_end(vma->vm_mm,
|
|
spmd_start, spmd_end);
|
|
return ret;
|
|
}
|
|
|
|
bool is_vma_temporary_stack(struct vm_area_struct *vma)
|
|
{
|
|
int maybe_stack = vma->vm_flags & (VM_GROWSDOWN | VM_GROWSUP);
|
|
|
|
if (!maybe_stack)
|
|
return false;
|
|
|
|
if ((vma->vm_flags & VM_STACK_INCOMPLETE_SETUP) ==
|
|
VM_STACK_INCOMPLETE_SETUP)
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
static bool invalid_migration_vma(struct vm_area_struct *vma, void *arg)
|
|
{
|
|
return is_vma_temporary_stack(vma);
|
|
}
|
|
|
|
static int page_not_mapped(struct page *page)
|
|
{
|
|
return !page_mapped(page);
|
|
};
|
|
|
|
/**
|
|
* try_to_unmap - try to remove all page table mappings to a page
|
|
* @page: the page to get unmapped
|
|
* @flags: action and flags
|
|
*
|
|
* Tries to remove all the page table entries which are mapping this
|
|
* page, used in the pageout path. Caller must hold the page lock.
|
|
* Return values are:
|
|
*
|
|
* SWAP_SUCCESS - we succeeded in removing all mappings
|
|
* SWAP_AGAIN - we missed a mapping, try again later
|
|
* SWAP_FAIL - the page is unswappable
|
|
* SWAP_MLOCK - page is mlocked.
|
|
*/
|
|
int try_to_unmap(struct page *page, enum ttu_flags flags)
|
|
{
|
|
int ret;
|
|
struct rmap_walk_control rwc = {
|
|
.rmap_one = try_to_unmap_one,
|
|
.arg = (void *)flags,
|
|
.done = page_not_mapped,
|
|
.anon_lock = page_lock_anon_vma_read,
|
|
};
|
|
|
|
VM_BUG_ON_PAGE(!PageHuge(page) && PageTransHuge(page), page);
|
|
|
|
/*
|
|
* During exec, a temporary VMA is setup and later moved.
|
|
* The VMA is moved under the anon_vma lock but not the
|
|
* page tables leading to a race where migration cannot
|
|
* find the migration ptes. Rather than increasing the
|
|
* locking requirements of exec(), migration skips
|
|
* temporary VMAs until after exec() completes.
|
|
*/
|
|
if ((flags & TTU_MIGRATION) && !PageKsm(page) && PageAnon(page))
|
|
rwc.invalid_vma = invalid_migration_vma;
|
|
|
|
ret = rmap_walk(page, &rwc);
|
|
|
|
if (ret != SWAP_MLOCK && !page_mapped(page))
|
|
ret = SWAP_SUCCESS;
|
|
return ret;
|
|
}
|
|
|
|
/**
|
|
* try_to_munlock - try to munlock a page
|
|
* @page: the page to be munlocked
|
|
*
|
|
* Called from munlock code. Checks all of the VMAs mapping the page
|
|
* to make sure nobody else has this page mlocked. The page will be
|
|
* returned with PG_mlocked cleared if no other vmas have it mlocked.
|
|
*
|
|
* Return values are:
|
|
*
|
|
* SWAP_AGAIN - no vma is holding page mlocked, or,
|
|
* SWAP_AGAIN - page mapped in mlocked vma -- couldn't acquire mmap sem
|
|
* SWAP_FAIL - page cannot be located at present
|
|
* SWAP_MLOCK - page is now mlocked.
|
|
*/
|
|
int try_to_munlock(struct page *page)
|
|
{
|
|
int ret;
|
|
struct rmap_walk_control rwc = {
|
|
.rmap_one = try_to_unmap_one,
|
|
.arg = (void *)TTU_MUNLOCK,
|
|
.done = page_not_mapped,
|
|
.anon_lock = page_lock_anon_vma_read,
|
|
|
|
};
|
|
|
|
VM_BUG_ON_PAGE(!PageLocked(page) || PageLRU(page), page);
|
|
|
|
ret = rmap_walk(page, &rwc);
|
|
return ret;
|
|
}
|
|
|
|
void __put_anon_vma(struct anon_vma *anon_vma)
|
|
{
|
|
struct anon_vma *root = anon_vma->root;
|
|
|
|
anon_vma_free(anon_vma);
|
|
if (root != anon_vma && atomic_dec_and_test(&root->refcount))
|
|
anon_vma_free(root);
|
|
}
|
|
|
|
static struct anon_vma *rmap_walk_anon_lock(struct page *page,
|
|
struct rmap_walk_control *rwc)
|
|
{
|
|
struct anon_vma *anon_vma;
|
|
|
|
if (rwc->anon_lock)
|
|
return rwc->anon_lock(page);
|
|
|
|
/*
|
|
* Note: remove_migration_ptes() cannot use page_lock_anon_vma_read()
|
|
* because that depends on page_mapped(); but not all its usages
|
|
* are holding mmap_sem. Users without mmap_sem are required to
|
|
* take a reference count to prevent the anon_vma disappearing
|
|
*/
|
|
anon_vma = page_anon_vma(page);
|
|
if (!anon_vma)
|
|
return NULL;
|
|
|
|
anon_vma_lock_read(anon_vma);
|
|
return anon_vma;
|
|
}
|
|
|
|
/*
|
|
* rmap_walk_anon - do something to anonymous page using the object-based
|
|
* rmap method
|
|
* @page: the page to be handled
|
|
* @rwc: control variable according to each walk type
|
|
*
|
|
* Find all the mappings of a page using the mapping pointer and the vma chains
|
|
* contained in the anon_vma struct it points to.
|
|
*
|
|
* When called from try_to_munlock(), the mmap_sem of the mm containing the vma
|
|
* where the page was found will be held for write. So, we won't recheck
|
|
* vm_flags for that VMA. That should be OK, because that vma shouldn't be
|
|
* LOCKED.
|
|
*/
|
|
static int rmap_walk_anon(struct page *page, struct rmap_walk_control *rwc)
|
|
{
|
|
struct anon_vma *anon_vma;
|
|
pgoff_t pgoff;
|
|
struct anon_vma_chain *avc;
|
|
int ret = SWAP_AGAIN;
|
|
|
|
anon_vma = rmap_walk_anon_lock(page, rwc);
|
|
if (!anon_vma)
|
|
return ret;
|
|
|
|
pgoff = page_to_pgoff(page);
|
|
anon_vma_interval_tree_foreach(avc, &anon_vma->rb_root, pgoff, pgoff) {
|
|
struct vm_area_struct *vma = avc->vma;
|
|
unsigned long address = vma_address(page, vma);
|
|
|
|
cond_resched();
|
|
|
|
if (rwc->invalid_vma && rwc->invalid_vma(vma, rwc->arg))
|
|
continue;
|
|
|
|
ret = rwc->rmap_one(page, vma, address, rwc->arg);
|
|
if (ret != SWAP_AGAIN)
|
|
break;
|
|
if (rwc->done && rwc->done(page))
|
|
break;
|
|
}
|
|
anon_vma_unlock_read(anon_vma);
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* rmap_walk_file - do something to file page using the object-based rmap method
|
|
* @page: the page to be handled
|
|
* @rwc: control variable according to each walk type
|
|
*
|
|
* Find all the mappings of a page using the mapping pointer and the vma chains
|
|
* contained in the address_space struct it points to.
|
|
*
|
|
* When called from try_to_munlock(), the mmap_sem of the mm containing the vma
|
|
* where the page was found will be held for write. So, we won't recheck
|
|
* vm_flags for that VMA. That should be OK, because that vma shouldn't be
|
|
* LOCKED.
|
|
*/
|
|
static int rmap_walk_file(struct page *page, struct rmap_walk_control *rwc)
|
|
{
|
|
struct address_space *mapping = page->mapping;
|
|
pgoff_t pgoff;
|
|
struct vm_area_struct *vma;
|
|
int ret = SWAP_AGAIN;
|
|
|
|
/*
|
|
* The page lock not only makes sure that page->mapping cannot
|
|
* suddenly be NULLified by truncation, it makes sure that the
|
|
* structure at mapping cannot be freed and reused yet,
|
|
* so we can safely take mapping->i_mmap_rwsem.
|
|
*/
|
|
VM_BUG_ON_PAGE(!PageLocked(page), page);
|
|
|
|
if (!mapping)
|
|
return ret;
|
|
|
|
pgoff = page_to_pgoff(page);
|
|
i_mmap_lock_read(mapping);
|
|
vma_interval_tree_foreach(vma, &mapping->i_mmap, pgoff, pgoff) {
|
|
unsigned long address = vma_address(page, vma);
|
|
|
|
cond_resched();
|
|
|
|
if (rwc->invalid_vma && rwc->invalid_vma(vma, rwc->arg))
|
|
continue;
|
|
|
|
ret = rwc->rmap_one(page, vma, address, rwc->arg);
|
|
if (ret != SWAP_AGAIN)
|
|
goto done;
|
|
if (rwc->done && rwc->done(page))
|
|
goto done;
|
|
}
|
|
|
|
done:
|
|
i_mmap_unlock_read(mapping);
|
|
return ret;
|
|
}
|
|
|
|
int rmap_walk(struct page *page, struct rmap_walk_control *rwc)
|
|
{
|
|
if (unlikely(PageKsm(page)))
|
|
return rmap_walk_ksm(page, rwc);
|
|
else if (PageAnon(page))
|
|
return rmap_walk_anon(page, rwc);
|
|
else
|
|
return rmap_walk_file(page, rwc);
|
|
}
|
|
|
|
#ifdef CONFIG_HUGETLB_PAGE
|
|
/*
|
|
* The following three functions are for anonymous (private mapped) hugepages.
|
|
* Unlike common anonymous pages, anonymous hugepages have no accounting code
|
|
* and no lru code, because we handle hugepages differently from common pages.
|
|
*/
|
|
static void __hugepage_set_anon_rmap(struct page *page,
|
|
struct vm_area_struct *vma, unsigned long address, int exclusive)
|
|
{
|
|
struct anon_vma *anon_vma = vma->anon_vma;
|
|
|
|
BUG_ON(!anon_vma);
|
|
|
|
if (PageAnon(page))
|
|
return;
|
|
if (!exclusive)
|
|
anon_vma = anon_vma->root;
|
|
|
|
anon_vma = (void *) anon_vma + PAGE_MAPPING_ANON;
|
|
page->mapping = (struct address_space *) anon_vma;
|
|
page->index = linear_page_index(vma, address);
|
|
}
|
|
|
|
void hugepage_add_anon_rmap(struct page *page,
|
|
struct vm_area_struct *vma, unsigned long address)
|
|
{
|
|
struct anon_vma *anon_vma = vma->anon_vma;
|
|
int first;
|
|
|
|
BUG_ON(!PageLocked(page));
|
|
BUG_ON(!anon_vma);
|
|
/* address might be in next vma when migration races vma_adjust */
|
|
first = atomic_inc_and_test(&page->_mapcount);
|
|
if (first)
|
|
__hugepage_set_anon_rmap(page, vma, address, 0);
|
|
}
|
|
|
|
void hugepage_add_new_anon_rmap(struct page *page,
|
|
struct vm_area_struct *vma, unsigned long address)
|
|
{
|
|
BUG_ON(address < vma->vm_start || address >= vma->vm_end);
|
|
atomic_set(&page->_mapcount, 0);
|
|
__hugepage_set_anon_rmap(page, vma, address, 1);
|
|
}
|
|
#endif /* CONFIG_HUGETLB_PAGE */
|