[ Upstream commit f7ec1cd5cc7ef3ad964b677ba82b8b77f1c93009 ]
lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call
getrusage() at the same time and the process has NR_THREADS, spin_lock_irq
will spin with irqs disabled O(NR_CPUS * NR_THREADS) time.
Change getrusage() to use sig->stats_lock, it was specifically designed
for this type of use. This way it runs lockless in the likely case.
TODO:
- Change do_task_stat() to use sig->stats_lock too, then we can
remove spin_lock_irq(siglock) in wait_task_zombie().
- Turn sig->stats_lock into seqcount_rwlock_t, this way the
readers in the slow mode won't exclude each other. See
https://lore.kernel.org/all/20230913154907.GA26210@redhat.com/
- stats_lock has to disable irqs because ->siglock can be taken
in irq context, it would be very nice to change __exit_signal()
to avoid the siglock->stats_lock dependency.
Link: https://lkml.kernel.org/r/20240122155053.GA26214@redhat.com
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reported-by: Dylan Hatch <dylanbhatch@google.com>
Tested-by: Dylan Hatch <dylanbhatch@google.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit c96f49d3a741f6693feecdb067c442b609903d03)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
[ Upstream commit 13b7bc60b5353371460a203df6c38ccd38ad7a3a ]
do/while_each_thread should be avoided when possible.
Plus this change allows to avoid lock_task_sighand(), we can use rcu
and/or sig->stats_lock instead.
Link: https://lkml.kernel.org/r/20230909172629.GA20454@redhat.com
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Stable-dep-of: f7ec1cd5cc7e ("getrusage: use sig->stats_lock rather than lock_task_sighand()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit e24772adaaf4b81ac0855cceb17080352526f765)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
[ Upstream commit daa694e4137571b4ebec330f9a9b4d54aa8b8089 ]
Patch series "getrusage: use sig->stats_lock", v2.
This patch (of 2):
thread_group_cputime() does its own locking, we can safely shift
thread_group_cputime_adjusted() which does another for_each_thread loop
outside of ->siglock protected section.
This is also preparation for the next patch which changes getrusage() to
use stats_lock instead of siglock, thread_group_cputime() takes the same
lock. With the current implementation recursive read_seqbegin_or_lock()
is fine, thread_group_cputime() can't enter the slow mode if the caller
holds stats_lock, yet this looks more safe and better performance-wise.
Link: https://lkml.kernel.org/r/20240122155023.GA26169@redhat.com
Link: https://lkml.kernel.org/r/20240122155050.GA26205@redhat.com
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reported-by: Dylan Hatch <dylanbhatch@google.com>
Tested-by: Dylan Hatch <dylanbhatch@google.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 33ec341e3e9588962ff3cf49f642da140d3ecfc0)
[Harshit: conflicts resolved due to missing commit: d5e38d6b84d6
("y2038: rusage: use __kernel_old_timeval") in 4.14.y, also I used
ns_to_timeval() instead of ns_to_kernel_old_timeval()]
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
* The bpf programs actually still support older kernels,
we just need to bypass the very first check for kernel version
Change-Id: I4264782ee63efb26b95abd94774938d5456200a3
Changes in 4.14.304
pNFS/filelayout: Fix coalescing test for single DS
net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats
RDMA/srp: Move large values to a new enum for gcc13
f2fs: let's avoid panic if extent_tree is not created
nilfs2: fix general protection fault in nilfs_btree_insert()
xhci-pci: set the dma max_seg_size
usb: xhci: Check endpoint is valid before dereferencing it
prlimit: do_prlimit needs to have a speculation check
USB: serial: option: add Quectel EM05-G (GR) modem
USB: serial: option: add Quectel EM05-G (CS) modem
USB: serial: option: add Quectel EM05-G (RS) modem
USB: serial: option: add Quectel EC200U modem
USB: serial: option: add Quectel EM05CN (SG) modem
USB: serial: option: add Quectel EM05CN modem
USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100
usb: core: hub: disable autosuspend for TI TUSB8041
USB: serial: cp210x: add SCALANCE LPE-9000 device id
usb: host: ehci-fsl: Fix module alias
usb: gadget: g_webcam: Send color matching descriptor per frame
usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
serial: pch_uart: Pass correct sg to dma_unmap_sg()
serial: atmel: fix incorrect baudrate setup
gsmi: fix null-deref in gsmi_get_variable
x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN
Linux 4.14.304
Change-Id: I1d0be4a225148a9a518b88a5f9146278d41198c8
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 739790605705ddcf18f21782b9c99ad7d53a8c11 upstream.
do_prlimit() adds the user-controlled resource value to a pointer that
will subsequently be dereferenced. In order to help prevent this
codepath from being used as a spectre "gadget" a barrier needs to be
added after checking the range.
Reported-by: Jordy Zomer <jordyzomer@google.com>
Tested-by: Jordy Zomer <jordyzomer@google.com>
Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 4.14.248
s390/bpf: Fix optimizing out zero-extensions
rcu: Fix missed wakeup of exp_wq waiters
apparmor: remove duplicate macro list_entry_is_head()
crypto: talitos - fix max key size for sha384 and sha512
sctp: validate chunk size in __rcv_asconf_lookup
sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
9p/trans_virtio: Remove sysfs file on probe failure
prctl: allow to setup brk for et_dyn executables
profiling: fix shift-out-of-bounds bugs
pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered
Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH
parisc: Move pci_dev_is_behind_card_dino to where it is used
dmaengine: ioat: depends on !UML
dmaengine: xilinx_dma: Set DMA mask for coherent APIs
ceph: lockdep annotations for try_nonblocking_invalidate
nilfs2: fix memory leak in nilfs_sysfs_create_device_group
nilfs2: fix NULL pointer in nilfs_##name##_attr_release
nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
pwm: rockchip: Don't modify HW state in .remove() callback
blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
Linux 4.14.248
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8aca967b6e6877f9760b0609491b408d8bcdfdea
commit e1fbbd073137a9d63279f6bf363151a938347640 upstream.
Keno Fischer reported that when a binray loaded via ld-linux-x the
prctl(PR_SET_MM_MAP) doesn't allow to setup brk value because it lays
before mm:end_data.
For example a test program shows
| # ~/t
|
| start_code 401000
| end_code 401a15
| start_stack 7ffce4577dd0
| start_data 403e10
| end_data 40408c
| start_brk b5b000
| sbrk(0) b5b000
and when executed via ld-linux
| # /lib64/ld-linux-x86-64.so.2 ~/t
|
| start_code 7fc25b0a4000
| end_code 7fc25b0c4524
| start_stack 7fffcc6b2400
| start_data 7fc25b0ce4c0
| end_data 7fc25b0cff98
| start_brk 55555710c000
| sbrk(0) 55555710c000
This of course prevent criu from restoring such programs. Looking into
how kernel operates with brk/start_brk inside brk() syscall I don't see
any problem if we allow to setup brk/start_brk without checking for
end_data. Even if someone pass some weird address here on a purpose then
the worst possible result will be an unexpected unmapping of existing vma
(own vma, since prctl works with the callers memory) but test for
RLIMIT_DATA is still valid and a user won't be able to gain more memory in
case of expanding VMAs via new values shipped with prctl call.
Link: https://lkml.kernel.org/r/20210121221207.GB2174@grain
Fixes: bbdc6076d2e5 ("binfmt_elf: move brk out of mmap when doing direct loader exec")
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Reported-by: Keno Fischer <keno@juliacomputing.com>
Acked-by: Andrey Vagin <avagin@gmail.com>
Tested-by: Andrey Vagin <avagin@gmail.com>
Cc: Dmitry Safonov <0x7f454c46@gmail.com>
Cc: Kirill Tkhai <ktkhai@virtuozzo.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Cc: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 4.14.200
af_key: pfkey_dump needs parameter validation
phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init
KVM: fix memory leak in kvm_io_bus_unregister_dev()
kprobes: fix kill kprobe which has been marked as gone
mm/thp: fix __split_huge_pmd_locked() for migration PMD
RDMA/ucma: ucma_context reference leak in error path
hdlc_ppp: add range checks in ppp_cp_parse_cr()
ip: fix tos reflection in ack and reset packets
net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC
tipc: fix shutdown() of connection oriented socket
tipc: use skb_unshare() instead in tipc_buf_append()
bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex.
net: phy: Avoid NPD upon phy_detach() when driver is unbound
net: add __must_check to skb_put_padto()
ipv4: Update exception handling for multipath routes via same device
geneve: add transport ports in route lookup for geneve
serial: 8250: Avoid error message on reprobe
mm: fix double page fault on arm64 if PTE_AF is cleared
scsi: aacraid: fix illegal IO beyond last LBA
m68k: q40: Fix info-leak in rtc_ioctl
gma/gma500: fix a memory disclosure bug due to uninitialized bytes
ASoC: kirkwood: fix IRQ error handling
media: smiapp: Fix error handling at NVM reading
arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback
x86/ioapic: Unbreak check_timer()
ALSA: usb-audio: Add delay quirk for H570e USB headsets
ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
scsi: fnic: fix use after free
clk/ti/adpll: allocate room for terminating null
mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup()
mfd: mfd-core: Protect against NULL call-back function pointer
tracing: Adding NULL checks for trace_array descriptor pointer
bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
RDMA/i40iw: Fix potential use after free
xfs: fix attr leaf header freemap.size underflow
RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()'
mmc: core: Fix size overflow for mmc partitions
gfs2: clean up iopen glock mess in gfs2_create_inode
debugfs: Fix !DEBUG_FS debugfs_create_automount
CIFS: Properly process SMB3 lease breaks
kernel/sys.c: avoid copying possible padding bytes in copy_to_user
neigh_stat_seq_next() should increase position index
rt_cpu_seq_next should increase position index
seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
media: ti-vpe: cal: Restrict DMA to avoid memory corruption
ACPI: EC: Reference count query handlers under lock
dmaengine: zynqmp_dma: fix burst length configuration
powerpc/eeh: Only dump stack once if an MMIO loop is detected
tracing: Set kernel_stack's caller size properly
ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
selftests/ftrace: fix glob selftest
tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility
Bluetooth: Fix refcount use-after-free issue
mm: pagewalk: fix termination condition in walk_pte_range()
Bluetooth: prefetch channel before killing sock
KVM: fix overflow of zero page refcount with ksm running
ALSA: hda: Clear RIRB status before reading WP
skbuff: fix a data race in skb_queue_len()
audit: CONFIG_CHANGE don't log internal bookkeeping as an event
selinux: sel_avc_get_stat_idx should increase position index
scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
scsi: lpfc: Fix coverity errors in fmdi attribute handling
drm/omap: fix possible object reference leak
perf test: Fix test trace+probe_vfs_getname.sh on s390
RDMA/rxe: Fix configuration of atomic queue pair attributes
KVM: x86: fix incorrect comparison in trace event
media: staging/imx: Missing assignment in imx_media_capture_device_register()
x86/pkeys: Add check for pkey "overflow"
bpf: Remove recursion prevention from rcu free callback
dmaengine: tegra-apb: Prevent race conditions on channel's freeing
media: go7007: Fix URB type for interrupt handling
Bluetooth: guard against controllers sending zero'd events
timekeeping: Prevent 32bit truncation in scale64_check_overflow()
ext4: fix a data race at inode->i_disksize
mm: avoid data corruption on CoW fault into PFN-mapped VMA
drm/amdgpu: increase atombios cmd timeout
ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read
scsi: aacraid: Disabling TM path and only processing IOP reset
Bluetooth: L2CAP: handle l2cap config request during open state
media: tda10071: fix unsigned sign extension overflow
xfs: don't ever return a stale pointer from __xfs_dir3_free_read
tpm: ibmvtpm: Wait for buffer to be set before proceeding
rtc: ds1374: fix possible race condition
tracing: Use address-of operator on section symbols
serial: 8250_port: Don't service RX FIFO if throttled
serial: 8250_omap: Fix sleeping function called from invalid context during probe
serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
perf cpumap: Fix snprintf overflow check
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn
tools: gpio-hammer: Avoid potential overflow in main
RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
svcrdma: Fix leak of transport addresses
ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor
NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests()
mm/kmemleak.c: use address-of operator on section symbols
mm/filemap.c: clear page error before actual read
mm/vmscan.c: fix data races using kswapd_classzone_idx
mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
scsi: qedi: Fix termination timeouts in session logout
serial: uartps: Wait for tx_empty in console setup
KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
bdev: Reduce time holding bd_mutex in sync in blkdev_close()
drivers: char: tlclk.c: Avoid data race between init and interrupt handler
staging:r8188eu: avoid skb_clone for amsdu to msdu conversion
sparc64: vcc: Fix error return code in vcc_probe()
arm64: cpufeature: Relax checks for AArch32 support at EL[0-2]
dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion
atm: fix a memory leak of vcc->user_back
power: supply: max17040: Correct voltage reading
phy: samsung: s5pv210-usb2: Add delay after reset
Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
tty: serial: samsung: Correct clock selection logic
ALSA: hda: Fix potential race in unsol event handler
powerpc/traps: Make unrecoverable NMIs die instead of panic
fuse: don't check refcount after stealing page
USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register
e1000: Do not perform reset in reset_task if we are already down
drm/nouveau/debugfs: fix runtime pm imbalance on error
printk: handle blank console arguments passed in.
usb: dwc3: Increase timeout for CmdAct cleared by device controller
btrfs: don't force read-only after error in drop snapshot
vfio/pci: fix memory leaks of eventfd ctx
perf util: Fix memory leak of prefix_if_not_in
perf kcore_copy: Fix module map when there are no modules loaded
mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
ceph: fix potential race in ceph_check_caps
mm/swap_state: fix a data race in swapin_nr_pages
rapidio: avoid data race between file operation callbacks and mport_cdev_add().
mtd: parser: cmdline: Support MTD names containing one or more colons
x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
vfio/pci: Clear error and request eventfd ctx after releasing
cifs: Fix double add page to memcg when cifs_readpages
scsi: libfc: Handling of extra kref
scsi: libfc: Skip additional kref updating work event
selftests/x86/syscall_nt: Clear weird flags after each test
vfio/pci: fix racy on error and request eventfd ctx
btrfs: qgroup: fix data leak caused by race between writeback and truncate
s390/init: add missing __init annotations
i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices()
objtool: Fix noreturn detection for ignored functions
ieee802154: fix one possible memleak in ca8210_dev_com_init
ieee802154/adf7242: check status of adf7242_read_reg
clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init()
mwifiex: Increase AES key storage size to 256 bits
batman-adv: bla: fix type misuse for backbone_gw hash indexing
atm: eni: fix the missed pci_disable_device() for eni_init_one()
batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
mac802154: tx: fix use-after-free
drm/vc4/vc4_hdmi: fill ASoC card owner
net: qed: RDMA personality shouldn't fail VF load
batman-adv: Add missing include for in_interrupt()
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
ALSA: asihpi: fix iounmap in error handler
MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
s390/dasd: Fix zero write for FBA devices
kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
mm, THP, swap: fix allocating cluster for swapfile by mistake
lib/string.c: implement stpcpy
ata: define AC_ERR_OK
ata: make qc_prep return ata_completion_errors
ata: sata_mv, avoid trigerrable BUG_ON
Linux 4.14.200
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I3d3049dca196c46cb6b2a66d60a5a6a3a099efbb
A new option CONFIG_MTK_TASK_TURBO for task-turbo feature.
Task turbo provide enhancement of APP launch and lock latency
via Preempting lock waiting queue and more oppotunity to occupy
CPU resource. user can apply pid to turbo the specific task via
turbo_pid interface.
If task-turbo enabled
1) When app is TOP-APP group, turbo UI thread/Render thread
2) Inherit turbo abilty to lock holder and binders target task
3) turbo User-specified task
How to enable(default off):
Task-turbo for launch:
- echo 15 > /sys/module/task_turbo/parameters/feats
Task-turbo for lock latency:
- echo 7 > /sys/module/task_turbo/parameters/feats
Related proc node and setting:
a. cat /proc/[pid]/task/[tid]/turbo
- query turbo task status
b. echo [pid] > /sys/module/task_turbo/parameters/turbo_pid
- turbo specific task by pid
c. echo pid > /sys/module/task_turbo/parameters/unset_turbo_pid
- de-turbo specific task by pid
MTK-Commit-Id: cd06fe7846efde21e4af495da3406bca40876739
Change-Id: Ic7f0ccc00332cf1feb39bb6b9a55bf756228187d
CR-Id: ALPS04791510
Feature: System Performance
Signed-off-by: JianMin Liu <jian-min.liu@mediatek.com>
(Upstream commit 3e91ec89f527b9870fe42dcbdb74fd389d123a95).
Require that arg{3,4,5} of the PR_{SET,GET}_TAGGED_ADDR_CTRL prctl and
arg2 of the PR_GET_TAGGED_ADDR_CTRL prctl() are zero rather than ignored
for future extensions.
Acked-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Bug: 135692346
Change-Id: I8bb5c3eb4728440880c971d77904f7e45b571ddc
(Upstream commit 63f0c60379650d82250f22e4cf4137ef3dc4f43d).
It is not desirable to relax the ABI to allow tagged user addresses into
the kernel indiscriminately. This patch introduces a prctl() interface
for enabling or disabling the tagged ABI with a global sysctl control
for preventing applications from enabling the relaxed ABI (meant for
testing user-space prctl() return error checking without reconfiguring
the kernel). The ABI properties are inherited by threads of the same
application and fork()'ed children but cleared on execve(). A Kconfig
option allows the overall disabling of the relaxed ABI.
The PR_SET_TAGGED_ADDR_CTRL will be expanded in the future to handle
MTE-specific settings like imprecise vs precise exceptions.
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Will Deacon <will@kernel.org>
Change-Id: I2d52c5589b05415faab315c116245f1058d64750
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Bug: 135692346
Changes in 4.14.126
rapidio: fix a NULL pointer dereference when create_workqueue() fails
fs/fat/file.c: issue flush after the writeback of FAT
sysctl: return -EINVAL if val violates minmax
ipc: prevent lockup on alloc_msg and free_msg
ARM: prevent tracing IPI_CPU_BACKTRACE
mm/hmm: select mmu notifier when selecting HMM
hugetlbfs: on restore reserve error path retain subpool reservation
mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE
mm/cma.c: fix crash on CMA allocation if bitmap allocation fails
mm/cma.c: fix the bitmap status to show failed allocation reason
mm/cma_debug.c: fix the break condition in cma_maxchunk_get()
mm/slab.c: fix an infinite loop in leaks_show()
kernel/sys.c: prctl: fix false positive in validate_prctl_map()
thermal: rcar_gen3_thermal: disable interrupt in .remove
drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER
mfd: tps65912-spi: Add missing of table registration
mfd: intel-lpss: Set the device in reset state when init
drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration
mfd: twl6040: Fix device init errors for ACCCTL register
perf/x86/intel: Allow PEBS multi-entry in watermark mode
drm/bridge: adv7511: Fix low refresh rate selection
objtool: Don't use ignore flag for fake jumps
EDAC/mpc85xx: Prevent building as a module
pwm: meson: Use the spin-lock only to protect register modifications
ntp: Allow TAI-UTC offset to be set to zero
f2fs: fix to avoid panic in do_recover_data()
f2fs: fix to clear dirty inode in error path of f2fs_iget()
f2fs: fix to avoid panic in dec_valid_block_count()
f2fs: fix to do sanity check on valid block count of segment
percpu: remove spurious lock dependency between percpu and sched
configfs: fix possible use-after-free in configfs_register_group
uml: fix a boot splat wrt use of cpu_all_mask
mmc: mmci: Prevent polling for busy detection in IRQ context
watchdog: imx2_wdt: Fix set_timeout for big timeout values
watchdog: fix compile time error of pretimeout governors
blk-mq: move cancel of requeue_work into blk_mq_release
iommu/vt-d: Set intel_iommu_gfx_mapped correctly
misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test
nvme-pci: unquiesce admin queue on shutdown
ALSA: hda - Register irq handler after the chip initialization
nvmem: core: fix read buffer in place
fuse: retrieve: cap requested size to negotiated max_write
nfsd: allow fh_want_write to be called twice
vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING"
x86/PCI: Fix PCI IRQ routing table memory leak
platform/chrome: cros_ec_proto: check for NULL transfer function
PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64
soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288
soc: rockchip: Set the proper PWM for rk3288
ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA
ARM: dts: imx50: Specify IMX5_CLK_IPG as "ahb" clock to SDMA
ARM: dts: imx53: Specify IMX5_CLK_IPG as "ahb" clock to SDMA
ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA
ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA
PCI: rpadlpar: Fix leaked device_node references in add/remove paths
platform/x86: intel_pmc_ipc: adding error handling
power: supply: max14656: fix potential use-before-alloc
PCI: rcar: Fix a potential NULL pointer dereference
PCI: rcar: Fix 64bit MSI message address handling
video: hgafb: fix potential NULL pointer dereference
video: imsttfb: fix potential NULL pointer dereferences
block, bfq: increase idling for weight-raised queues
PCI: xilinx: Check for __get_free_pages() failure
gpio: gpio-omap: add check for off wake capable gpios
dmaengine: idma64: Use actual device for DMA transfers
pwm: tiehrpwm: Update shadow register for disabling PWMs
ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa
pwm: Fix deadlock warning when removing PWM device
ARM: exynos: Fix undefined instruction during Exynos5422 resume
usb: typec: fusb302: Check vconn is off when we start toggling
gpio: vf610: Do not share irq_chip
percpu: do not search past bitmap when allocating an area
Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections"
Revert "drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)"
drm: don't block fb changes for async plane updates
ALSA: seq: Cover unsubscribe_port() in list_mutex
Linux 4.14.126
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit a9e73998f9d705c94a8dca9687633adc0f24a19a ]
While validating new map we require the @start_data to be strictly less
than @end_data, which is fine for regular applications (this is why this
nit didn't trigger for that long). These members are set from executable
loaders such as elf handers, still it is pretty valid to have a loadable
data section with zero size in file, in such case the start_data is equal
to end_data once kernel loader finishes.
As a result when we're trying to restore such programs the procedure fails
and the kernel returns -EINVAL. From the image dump of a program:
| "mm_start_code": "0x400000",
| "mm_end_code": "0x8f5fb4",
| "mm_start_data": "0xf1bfb0",
| "mm_end_data": "0xf1bfb0",
Thus we need to change validate_prctl_map from strictly less to less or
equal operator use.
Link: http://lkml.kernel.org/r/20190408143554.GY1421@uranus.lan
Fixes: f606b77f1a ("prctl: PR_SET_MM -- introduce PR_SET_MM_MAP operation")
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Cc: Andrey Vagin <avagin@gmail.com>
Cc: Dmitry Safonov <0x7f454c46@gmail.com>
Cc: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Changes in 4.14.69
net: 6lowpan: fix reserved space for single frames
net: mac802154: tx: expand tailroom if necessary
9p/net: Fix zero-copy path in the 9p virtio transport
spi: davinci: fix a NULL pointer dereference
spi: pxa2xx: Add support for Intel Ice Lake
spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe
spi: cadence: Change usleep_range() to udelay(), for atomic context
mmc: renesas_sdhi_internal_dmac: fix #define RST_RESERVED_BITS
readahead: stricter check for bdi io_pages
block: blk_init_allocated_queue() set q->fq as NULL in the fail case
block: really disable runtime-pm for blk-mq
drm/i915/userptr: reject zero user_size
libertas: fix suspend and resume for SDIO connected cards
media: Revert "[media] tvp5150: fix pad format frame height"
mailbox: xgene-slimpro: Fix potential NULL pointer dereference
Replace magic for trusting the secondary keyring with #define
Fix kexec forbidding kernels signed with keys in the secondary keyring to boot
powerpc/fadump: handle crash memory ranges array index overflow
powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
PCI: Add wrappers for dev_printk()
powerpc/powernv/pci: Work around races in PCI bridge enabling
cxl: Fix wrong comparison in cxl_adapter_context_get()
ib_srpt: Fix a use-after-free in srpt_close_ch()
RDMA/rxe: Set wqe->status correctly if an unexpected response is received
9p: fix multiple NULL-pointer-dereferences
fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
9p/virtio: fix off-by-one error in sg list bounds check
net/9p/client.c: version pointer uninitialized
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
dm integrity: change 'suspending' variable from bool to int
dm thin: stop no_space_timeout worker when switching to write-mode
dm cache metadata: save in-core policy_hint_size to on-disk superblock
dm cache metadata: set dirty on all cache blocks after a crash
dm crypt: don't decrease device limits
uart: fix race between uart_put_char() and uart_shutdown()
Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind()
iio: sca3000: Fix missing return in switch
iio: ad9523: Fix displayed phase
iio: ad9523: Fix return value for ad952x_store()
extcon: Release locking when sending the notification of connector state
vmw_balloon: fix inflation of 64-bit GFNs
vmw_balloon: do not use 2MB without batching
vmw_balloon: VMCI_DOORBELL_SET does not check status
vmw_balloon: fix VMCI use when balloon built into kernel
rtc: omap: fix potential crash on power off
tracing: Do not call start/stop() functions when tracing_on does not change
tracing/blktrace: Fix to allow setting same value
printk/tracing: Do not trace printk_nmi_enter()
livepatch: Validate module/old func name length
uprobes: Use synchronize_rcu() not synchronize_sched()
mfd: hi655x: Fix regmap area declared size for hi655x
ovl: fix wrong use of impure dir cache in ovl_iterate()
drivers/block/zram/zram_drv.c: fix bug storing backing_dev
cpufreq: governor: Avoid accessing invalid governor_data
PM / sleep: wakeup: Fix build error caused by missing SRCU support
KVM: VMX: fixes for vmentry_l1d_flush module parameter
KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages
xtensa: limit offsets in __loop_cache_{all,page}
xtensa: increase ranges in ___invalidate_{i,d}cache_all
block, bfq: return nbytes and not zero from struct cftype .write() method
pnfs/blocklayout: off by one in bl_map_stripe()
NFSv4 client live hangs after live data migration recovery
NFSv4: Fix locking in pnfs_generic_recover_commit_reqs
NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence()
ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
mm/tlb: Remove tlb_remove_table() non-concurrent condition
iommu/vt-d: Add definitions for PFSID
iommu/vt-d: Fix dev iotlb pfsid use
sys: don't hold uts_sem while accessing userspace memory
userns: move user access out of the mutex
ubifs: Fix memory leak in lprobs self-check
Revert "UBIFS: Fix potential integer overflow in allocation"
ubifs: Check data node size before truncate
ubifs: xattr: Don't operate on deleted inodes
ubifs: Fix synced_i_size calculation for xattr inodes
pwm: tiehrpwm: Don't use emulation mode bits to control PWM output
pwm: tiehrpwm: Fix disabling of output of PWMs
fb: fix lost console when the user unplugs a USB adapter
udlfb: set optimal write delay
getxattr: use correct xattr length
libnvdimm: fix ars_status output length calculation
bcache: release dc->writeback_lock properly in bch_writeback_thread()
cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()
perf auxtrace: Fix queue resize
crypto: vmx - Fix sleep-in-atomic bugs
crypto: caam - fix DMA mapping direction for RSA forms 2 & 3
crypto: caam/jr - fix descriptor DMA unmapping
crypto: caam/qi - fix error path in xts setkey
fs/quota: Fix spectre gadget in do_quotactl
arm64: mm: always enable CONFIG_HOLES_IN_ZONE
Linux 4.14.69
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 42a0cc3478584d4d63f68f2f5af021ddbea771fa upstream.
Holding uts_sem as a writer while accessing userspace memory allows a
namespace admin to stall all processes that attempt to take uts_sem.
Instead, move data through stack buffers and don't access userspace memory
while uts_sem is held.
Cc: stable@vger.kernel.org
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 4.14.45
MIPS: c-r4k: Fix data corruption related to cache coherence
MIPS: ptrace: Expose FIR register through FP regset
MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
affs_lookup(): close a race with affs_remove_link()
fs: don't scan the inode cache before SB_BORN is set
aio: fix io_destroy(2) vs. lookup_ioctx() race
ALSA: timer: Fix pause event notification
do d_instantiate/unlock_new_inode combinations safely
mmc: sdhci-iproc: remove hard coded mmc cap 1.8v
mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus
libata: Blacklist some Sandisk SSDs for NCQ
libata: blacklist Micron 500IT SSD with MU01 firmware
xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros
arm64: lse: Add early clobbers to some input/output asm operands
powerpc/64s: Clear PCR on boot
IB/hfi1: Use after free race condition in send context error path
IB/umem: Use the correct mm during ib_umem_release
sr: pass down correctly sized SCSI sense buffer
idr: fix invalid ptr dereference on item delete
Revert "ipc/shm: Fix shmat mmap nil-page protection"
ipc/shm: fix shmat() nil address after round-down when remapping
mm/kasan: don't vfree() nonexistent vm_area
kasan: free allocated shadow memory on MEM_CANCEL_ONLINE
kasan: fix memory hotplug during boot
kernel/sys.c: fix potential Spectre v1 issue
KVM/VMX: Expose SSBD properly to guests
KVM: s390: vsie: fix < 8k check for the itdba
KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed
kvm: x86: IA32_ARCH_CAPABILITIES is always supported
x86/kvm: fix LAPIC timer drift when guest uses periodic mode
powerpc/64s: Improve RFI L1-D cache flush fallback
powerpc/pseries: Support firmware disable of RFI flush
powerpc/powernv: Support firmware disable of RFI flush
powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
powerpc/rfi-flush: Always enable fallback flush on pseries
powerpc/rfi-flush: Differentiate enabled and patched flush types
powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
powerpc: Add security feature flags for Spectre/Meltdown
powerpc/pseries: Set or clear security feature flags
powerpc/powernv: Set or clear security feature flags
powerpc/64s: Move cpu_show_meltdown()
powerpc/64s: Enhance the information in cpu_show_meltdown()
powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
powerpc/64s: Wire up cpu_show_spectre_v1()
powerpc/64s: Wire up cpu_show_spectre_v2()
powerpc/pseries: Fix clearing of security feature flags
powerpc: Move default security feature flags
powerpc/pseries: Restore default security feature flags on setup
powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
MIPS: generic: Fix machine compatible matching
mac80211: mesh: fix wrong mesh TTL offset calculation
ARC: Fix malformed ARC_EMUL_UNALIGNED default
ptr_ring: prevent integer overflow when calculating size
arm64: dts: rockchip: fix rock64 gmac2io stability issues
arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire
libata: Fix compile warning with ATA_DEBUG enabled
selftests: sync: missing CFLAGS while compiling
selftest/vDSO: fix O=
selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m
selftests: memfd: add config fragment for fuse
ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
ARM: OMAP3: Fix prm wake interrupt for resume
ARM: OMAP2+: Fix sar_base inititalization for HS omaps
ARM: OMAP1: clock: Fix debugfs_create_*() usage
ibmvnic: Wait until reset is complete to set carrier on
ibmvnic: Free RX socket buffer in case of adapter error
ibmvnic: Clean RX pool buffers during device close
tls: retrun the correct IV in getsockopt
xhci: workaround for AMD Promontory disabled ports wakeup
IB/uverbs: Fix method merging in uverbs_ioctl_merge
IB/uverbs: Fix possible oops with duplicate ioctl attributes
IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy
arm64: dts: rockchip: Fix DWMMC clocks
ARM: dts: rockchip: Fix DWMMC clocks
iwlwifi: mvm: fix security bug in PN checking
iwlwifi: mvm: fix IBSS for devices that support station type API
iwlwifi: mvm: always init rs with 20mhz bandwidth rates
NFC: llcp: Limit size of SDP URI
rxrpc: Work around usercopy check
MD: Free bioset when md_run fails
md: fix md_write_start() deadlock w/o metadata devices
s390/dasd: fix handling of internal requests
xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos
mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
mac80211: fix a possible leak of station stats
mac80211: fix calling sleeping function in atomic context
cfg80211: clear wep keys after disconnection
mac80211: Do not disconnect on invalid operating class
mac80211: Fix sending ADDBA response for an ongoing session
gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle
gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle
md raid10: fix NULL deference in handle_write_completed()
drm/exynos: g2d: use monotonic timestamps
drm/exynos: fix comparison to bitshift when dealing with a mask
drm/meson: fix vsync buffer update
arm64: perf: correct PMUVer probing
RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails
RDMA/bnxt_re: Fix system crash during load/unload
ibmvnic: Check for NULL skb's in NAPI poll routine
net/mlx5e: Return error if prio is specified when offloading eswitch vlan push
locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
md: raid5: avoid string overflow warning
virtio_net: fix XDP code path in receive_small()
kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
bug.h: work around GCC PR82365 in BUG()
selftests/memfd: add run_fuse_test.sh to TEST_FILES
seccomp: add a selftest for get_metadata
soc: imx: gpc: de-register power domains only if initialized
powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
s390/cio: fix ccw_device_start_timeout API
s390/cio: fix return code after missing interrupt
s390/cio: clear timer when terminating driver I/O
selftests/bpf/test_maps: exit child process without error in ENOMEM case
PKCS#7: fix direct verification of SignerInfo signature
arm64: dts: cavium: fix PCI bus dtc warnings
nfs: system crashes after NFS4ERR_MOVED recovery
ARM: OMAP: Fix dmtimer init for omap1
smsc75xx: fix smsc75xx_set_features()
regulatory: add NUL to request alpha2
integrity/security: fix digsig.c build error with header file
x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system
locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations
mac80211: drop frames with unexpected DS bits from fast-rx to slow path
arm64: fix unwind_frame() for filtered out fn for function graph tracing
macvlan: fix use-after-free in macvlan_common_newlink()
KVM: nVMX: Don't halt vcpu when L1 is injecting events to L2
kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds
ARM: dts: imx6dl: Include correct dtsi file for Engicam i.CoreM6 DualLite/Solo RQS
fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
fs: dcache: Use READ_ONCE when accessing i_dir_seq
md: fix a potential deadlock of raid5/raid10 reshape
md/raid1: fix NULL pointer dereference
batman-adv: fix packet checksum in receive path
batman-adv: invalidate checksum on fragment reassembly
netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount
netfilter: ipt_CLUSTERIP: put config instead of freeing it
netfilter: ebtables: convert BUG_ONs to WARN_ONs
batman-adv: Ignore invalid batadv_iv_gw during netlink send
batman-adv: Ignore invalid batadv_v_gw during netlink send
batman-adv: Fix netlink dumping of BLA claims
batman-adv: Fix netlink dumping of BLA backbones
nvme-pci: Fix nvme queue cleanup if IRQ setup fails
clocksource/drivers/fsl_ftm_timer: Fix error return checking
libceph, ceph: avoid memory leak when specifying same option several times
ceph: fix dentry leak when failing to init debugfs
xen/pvcalls: fix null pointer dereference on map->sock
ARM: orion5x: Revert commit 4904dbda41.
qrtr: add MODULE_ALIAS macro to smd
selftests/futex: Fix line continuation in Makefile
r8152: fix tx packets accounting
virtio-gpu: fix ioctl and expose the fixed status to userspace.
dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
bcache: fix kcrashes with fio in RAID5 backend dev
ip_gre: fix IFLA_MTU ignored on NEWLINK
ip6_tunnel: fix IFLA_MTU ignored on NEWLINK
sit: fix IFLA_MTU ignored on NEWLINK
nbd: fix return value in error handling path
ARM: dts: NSP: Fix amount of RAM on BCM958625HR
ARM: dts: bcm283x: Fix unit address of local_intc
powerpc/boot: Fix random libfdt related build errors
clocksource/drivers/mips-gic-timer: Use correct shift count to extract data
gianfar: Fix Rx byte accounting for ndev stats
net/tcp/illinois: replace broken algorithm reference link
nvmet: fix PSDT field check in command format
net/smc: use link_id of server in confirm link reply
mlxsw: core: Fix flex keys scratchpad offset conflict
mlxsw: spectrum: Treat IPv6 unregistered multicast as broadcast
spectrum: Reference count VLAN entries
ARC: mcip: halt GFRC counter when ARC cores halt
ARC: mcip: update MCIP debug mask when the new cpu came online
ARC: setup cpu possible mask according to possible-cpus dts property
ipvs: remove IPS_NAT_MASK check to fix passive FTP
IB/mlx: Set slid to zero in Ethernet completion struct
RDMA/bnxt_re: Unconditionly fence non wire memory operations
RDMA/bnxt_re: Fix incorrect DB offset calculation
RDMA/bnxt_re: Fix the ib_reg failure cleanup
xen/pirq: fix error path cleanup when binding MSIs
drm/amd/amdgpu: Correct VRAM width for APUs with GMC9
xfrm: Fix ESN sequence number handling for IPsec GSO packets.
arm64: dts: rockchip: Fix rk3399-gru-* s2r (pinctrl hogs, wifi reset)
drm/sun4i: Fix dclk_set_phase
btrfs: use kvzalloc to allocate btrfs_fs_info
Btrfs: send, fix issuing write op when processing hole in no data mode
Btrfs: fix log replay failure after linking special file and fsync
ceph: fix potential memory leak in init_caches()
block: display the correct diskname for bio
nvme-pci: Fix EEH failure on ppc
nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors
selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
net: ethtool: don't ignore return from driver get_fecparam method
iwlwifi: mvm: fix TX of CCMP 256
iwlwifi: mvm: Fix channel switch for count 0 and 1
iwlwifi: mvm: fix assert 0x2B00 on older FWs
iwlwifi: avoid collecting firmware dump if not loaded
iwlwifi: mvm: fix "failed to remove key" message
iwlwifi: mvm: Direct multicast frames to the correct station
iwlwifi: mvm: Correctly set the tid for mcast queue
rds: Incorrect reference counting in TCP socket creation
watchdog: f71808e_wdt: Fix magic close handling
watchdog: sbsa: use 32-bit read for WCV
batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag
hv_netvsc: use napi_schedule_irqoff
hv_netvsc: filter multicast/broadcast
hv_netvsc: propagate rx filters to VF
ARM: dts: rockchip: Add missing #sound-dai-cells on rk3288
perf record: Fix crash in pipe mode
e1000e: Fix check_for_link return value with autoneg off
e1000e: allocate ring descriptors with dma_zalloc_coherent
ia64/err-inject: Use get_user_pages_fast()
RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA
RDMA/qedr: Fix iWARP write and send with immediate
IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs
IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE
IB/mlx5: Fix an error code in __mlx5_ib_modify_qp()
fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
fsl/fman: avoid sleeping in atomic context while adding an address
qed: Free RoCE ILT Memory on rmmod qedr
net: qcom/emac: Use proper free methods during TX
net: smsc911x: Fix unload crash when link is up
IB/core: Fix possible crash to access NULL netdev
cxgb4: do not set needs_free_netdev for mgmt dev's
xen-blkfront: move negotiate_mq to cover all cases of new VBDs
xen: xenbus: use put_device() instead of kfree()
hv_netvsc: fix filter flags
hv_netvsc: fix locking for rx_mode
hv_netvsc: fix locking during VF setup
ARM: davinci: fix the GPIO lookup for omapl138-hawk
arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery
selftests/vm/run_vmtests: adjust hugetlb size according to nr_cpus
lib/test_kmod.c: fix limit check on number of test devices created
dmaengine: mv_xor_v2: Fix clock resource by adding a register clock
netfilter: ebtables: fix erroneous reject of last rule
can: m_can: change comparison to bitshift when dealing with a mask
can: m_can: select pinctrl state in each suspend/resume function
bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
workqueue: use put_device() instead of kfree()
ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
sunvnet: does not support GSO for sctp
KVM: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending
gpu: ipu-v3: prg: avoid possible array underflow
drm/imx: move arming of the vblank event to atomic_flush
drm/nouveau/bl: fix backlight regression
xfrm: fix rcu_read_unlock usage in xfrm_local_error
iwlwifi: mvm: set the correct tid when we flush the MCAST sta
iwlwifi: mvm: Correctly set IGTK for AP
iwlwifi: mvm: fix error checking for multi/broadcast sta
net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
vlan: Fix out of order vlan headers with reorder header off
batman-adv: fix header size check in batadv_dbg_arp()
net/sched: fix NULL dereference in the error path of tcf_sample_init()
batman-adv: Fix skbuff rcsum on packet reroute
vti4: Don't count header length twice on tunnel setup
ip_tunnel: Clamp MTU to bounds on new link
vti4: Don't override MTU passed on link creation via IFLA_MTU
vti6: Fix dev->max_mtu setting
iwlwifi: mvm: Increase session protection time after CS
iwlwifi: mvm: clear tx queue id when unreserving aggregation queue
iwlwifi: mvm: make sure internal station has a valid id
iwlwifi: mvm: fix array out of bounds reference
drm/tegra: Shutdown on driver unbind
perf/cgroup: Fix child event counting bug
brcmfmac: Fix check for ISO3166 code
kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races
RDMA/ucma: Correct option size check using optlen
RDMA/qedr: fix QP's ack timeout configuration
RDMA/qedr: Fix rc initialization on CNQ allocation failure
RDMA/qedr: Fix QP state initialization race
net/sched: fix idr leak on the error path of tcf_bpf_init()
net/sched: fix idr leak in the error path of tcf_simp_init()
net/sched: fix idr leak in the error path of tcf_act_police_init()
net/sched: fix idr leak in the error path of tcp_pedit_init()
net/sched: fix idr leak in the error path of __tcf_ipt_init()
net/sched: fix idr leak in the error path of tcf_skbmod_init()
net: dsa: Fix functional dsa-loop dependency on FIXED_PHY
drm/ast: Fixed 1280x800 Display Issue
mm/mempolicy.c: avoid use uninitialized preferred_node
mm, thp: do not cause memcg oom for thp
xfrm: Fix transport mode skb control buffer usage.
selftests: ftrace: Add probe event argument syntax testcase
selftests: ftrace: Add a testcase for string type with kprobe_event
selftests: ftrace: Add a testcase for probepoint
drm/amdkfd: Fix scratch memory with HWS enabled
batman-adv: fix multicast-via-unicast transmission with AP isolation
batman-adv: fix packet loss for broadcasted DHCP packets to a server
ARM: 8748/1: mm: Define vdso_start, vdso_end as array
lan78xx: Set ASD in MAC_CR when EEE is enabled.
net: qmi_wwan: add BroadMobi BM806U 2020:2033
bonding: fix the err path for dev hwaddr sync in bond_enslave
net: dsa: mt7530: fix module autoloading for OF platform drivers
net/mlx5: Make eswitch support to depend on switchdev
perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs
x86/alternatives: Fixup alternative_call_2
llc: properly handle dev_queue_xmit() return value
builddeb: Fix header package regarding dtc source links
qede: Fix barrier usage after tx doorbell write.
mm, slab: memcg_link the SLAB's kmem_cache
mm/page_owner: fix recursion bug after changing skip entries
mm/vmstat.c: fix vmstat_update() preemption BUG
mm/kmemleak.c: wait for scan completion before disabling free
hv_netvsc: enable multicast if necessary
qede: Do not drop rx-checksum invalidated packets.
net: Fix untag for vlan packets without ethernet header
vlan: Fix vlan insertion for packets without ethernet header
net: mvneta: fix enable of all initialized RXQs
sh: fix debug trap failure to process signals before return to user
firmware: dmi_scan: Fix UUID length safety check
nvme: don't send keep-alives to the discovery controller
Btrfs: clean up resources during umount after trans is aborted
Btrfs: fix loss of prealloc extents past i_size after fsync log replay
x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init
fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table
swap: divide-by-zero when zero length swap file on ssd
z3fold: fix memory leak
sr: get/drop reference to device in revalidate and check_events
Force log to disk before reading the AGF during a fstrim
cpufreq: CPPC: Initialize shared perf capabilities of CPUs
powerpc/fscr: Enable interrupts earlier before calling get_user()
perf tools: Fix perf builds with clang support
perf clang: Add support for recent clang versions
dp83640: Ensure against premature access to PHY registers after reset
ibmvnic: Zero used TX descriptor counter on reset
mm/ksm: fix interaction with THP
mm: fix races between address_space dereference and free in page_evicatable
mm: thp: fix potential clearing to referenced flag in page_idle_clear_pte_refs_one()
Btrfs: bail out on error during replay_dir_deletes
Btrfs: fix NULL pointer dereference in log_dir_items
btrfs: Fix possible softlock on single core machines
IB/rxe: Fix for oops in rxe_register_device on ppc64le arch
ocfs2/dlm: don't handle migrate lockres if already in shutdown
powerpc/64s/idle: Fix restore of AMOR on POWER9 after deep sleep
sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of this_cpu_has() in build_cr3_noflush()
KVM: VMX: raise internal error for exception during invalid protected mode state
lan78xx: Connect phy early
fscache: Fix hanging wait on page discarded by writeback
sparc64: Make atomic_xchg() an inline function rather than a macro.
net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
net: bgmac: Correctly annotate register space
powerpc/64s: sreset panic if there is no debugger or crash dump handlers
btrfs: tests/qgroup: Fix wrong tree backref level
Btrfs: fix copy_items() return value when logging an inode
btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled
rxrpc: Fix Tx ring annotation after initial Tx failure
rxrpc: Don't treat call aborts as conn aborts
xen/acpi: off by one in read_acpi_id()
drivers: macintosh: rack-meter: really fix bogus memsets
ACPI: acpi_pad: Fix memory leak in power saving threads
powerpc/mpic: Check if cpu_possible() in mpic_physmask()
ieee802154: ca8210: fix uninitialised data read
ath10k: advertize beacon_int_min_gcd
iommu/amd: Take into account that alloc_dev_data() may return NULL
intel_th: Use correct method of finding hub
m68k: set dma and coherent masks for platform FEC ethernets
iwlwifi: mvm: check if mac80211_queue is valid in iwl_mvm_disable_txq
parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
hwmon: (nct6775) Fix writing pwmX_mode
powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
powerpc/perf: Fix kernel address leak via sampling registers
rsi: fix kernel panic observed on 64bit machine
tools/thermal: tmon: fix for segfault
selftests: Print the test we're running to /dev/kmsg
net/mlx5: Protect from command bit overflow
watchdog: davinci_wdt: fix error handling in davinci_wdt_probe()
ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
nvme-pci: disable APST for Samsung NVMe SSD 960 EVO + ASUS PRIME Z370-A
ath9k: fix crash in spectral scan
cxgb4: Setup FW queues before registering netdev
ima: Fix Kconfig to select TPM 2.0 CRB interface
ima: Fallback to the builtin hash algorithm
watchdog: aspeed: Allow configuring for alternate boot
virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
arm: dts: socfpga: fix GIC PPI warning
ext4: don't complain about incorrect features when probing
drm/vmwgfx: Unpin the screen object backup buffer when not used
iommu/mediatek: Fix protect memory setting
cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
IB/mlx5: Set the default active rate and width to QDR and 4X
zorro: Set up z->dev.dma_mask for the DMA API
bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
remoteproc: imx_rproc: Fix an error handling path in 'imx_rproc_probe()'
dt-bindings: add device tree binding for Allwinner H6 main CCU
ACPICA: Events: add a return on failure from acpi_hw_register_read
ACPICA: Fix memory leak on unusual memory leak
ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
cxgb4: Fix queue free path of ULD drivers
i2c: mv64xxx: Apply errata delay only in standard mode
KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
perf top: Fix top.call-graph config option reading
perf stat: Fix core dump when flag T is used
IB/core: Honor port_num while resolving GID for IB link layer
drm/amdkfd: add missing include of mm.h
coresight: Use %px to print pcsr instead of %p
regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()'
spi: bcm-qspi: fIX some error handling paths
net/smc: pay attention to MAX_ORDER for CQ entries
MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
PCI: Restore config space on runtime resume despite being unbound
watchdog: dw: RMW the control register
watchdog: aspeed: Fix translation of reset mode to ctrl register
ipmi_ssif: Fix kernel panic at msg_done_handler
drm/meson: Fix some error handling paths in 'meson_drv_bind_master()'
drm/meson: Fix an un-handled error path in 'meson_drv_bind_master()'
powerpc: Add missing prototype for arch_irq_work_raise()
powerpc/powernv/npu: Fix deadlock in mmio_invalidate()
cxl: Check if PSL data-cache is available before issue flush request
f2fs: fix to set KEEP_SIZE bit in f2fs_zero_range
f2fs: fix to clear CP_TRIMMED_FLAG
f2fs: fix to check extent cache in f2fs_drop_extent_tree
perf/core: Fix installing cgroup events on CPU
max17042: propagate of_node to power supply device
perf/core: Fix perf_output_read_group()
drm/panel: simple: Fix the bus format for the Ontat panel
hwmon: (pmbus/max8688) Accept negative page register values
hwmon: (pmbus/adm1275) Accept negative page register values
perf/x86/intel: Properly save/restore the PMU state in the NMI handler
cdrom: do not call check_disk_change() inside cdrom_open()
efi/arm*: Only register page tables when they exist
perf/x86/intel: Fix large period handling on Broadwell CPUs
perf/x86/intel: Fix event update for auto-reload
arm64: dts: qcom: Fix SPI5 config on MSM8996
soc: qcom: wcnss_ctrl: Fix increment in NV upload
gfs2: Fix fallocate chunk size
x86/devicetree: Initialize device tree before using it
x86/devicetree: Fix device IRQ settings in DT
phy: rockchip-emmc: retry calpad busy trimming
ALSA: vmaster: Propagate slave error
phy: qcom-qmp: Fix phy pipe clock gating
drm/bridge: sii902x: Retry status read after DDI I2C
tools: hv: fix compiler warnings about major/target_fname
block: null_blk: fix 'Invalid parameters' when loading module
dmaengine: pl330: fix a race condition in case of threaded irqs
dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue()
enic: enable rq before updating rq descriptors
watchdog: asm9260_wdt: fix error handling in asm9260_wdt_probe()
hwrng: stm32 - add reset during probe
pinctrl: devicetree: Fix dt_to_map_one_config handling of hogs
pinctrl: artpec6: dt: add missing pin group uart5nocts
vfio-ccw: fence off transport mode
dmaengine: qcom: bam_dma: get num-channels and num-ees from dt
drm: omapdrm: dss: Move initialization code from component bind to probe
ARM: dts: dra71-evm: Correct evm_sd regulator max voltage
drm/amdgpu: disable GFX ring and disable PQ wptr in hw_fini
drm/amdgpu: adjust timeout for ib_ring_tests(v2)
net: stmmac: ensure that the device has released ownership before reading data
net: stmmac: ensure that the MSS desc is the last desc to set the own bit
cpufreq: Reorder cpufreq_online() error code path
dpaa_eth: fix SG mapping
PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
udf: Provide saner default for invalid uid / gid
ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode
sh_eth: fix TSU init on SH7734/R8A7740
power: supply: ltc2941-battery-gauge: Fix temperature units
ARM: dts: bcm283x: Fix probing of bcm2835-i2s
ARM: dts: bcm283x: Fix pin function of JTAG pins
PCMCIA / PM: Avoid noirq suspend aborts during suspend-to-idle
audit: return on memory error to avoid null pointer dereference
net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing()
rcu: Call touch_nmi_watchdog() while printing stall warnings
pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group
dpaa_eth: fix pause capability advertisement logic
MIPS: Octeon: Fix logging messages with spurious periods after newlines
drm/rockchip: Respect page offset for PRIME mmap calls
x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified
perf test: Fix test case inet_pton to accept inlines.
perf report: Fix wrong jump arrow
perf tests: Use arch__compare_symbol_names to compare symbols
perf report: Fix memory corruption in --branch-history mode --branch-history
perf tests: Fix dwarf unwind for stripped binaries
selftests/net: fixes psock_fanout eBPF test case
netlabel: If PF_INET6, check sk_buff ip header version
drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen3
drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen2
ARM: dts: at91: tse850: use the correct compatible for the eeprom
regmap: Correct comparison in regmap_cached
i40e: Add delay after EMP reset for firmware to recover
ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet
ARM: dts: porter: Fix HDMI output routing
regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()'
pinctrl: msm: Use dynamic GPIO numbering
pinctrl: mcp23s08: spi: Fix regmap debugfs entries
kdb: make "mdr" command repeat
drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is successful
Linux 4.14.45
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 4.14.43
usbip: usbip_host: refine probe and disconnect debug msgs to be useful
usbip: usbip_host: delete device from busid_table after rebind
usbip: usbip_host: run rebind from exit when module is removed
usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
usbip: usbip_host: fix bad unlock balance during stub_probe()
ALSA: usb: mixer: volume quirk for CM102-A+/102S+
ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
ALSA: control: fix a redundant-copy issue
spi: pxa2xx: Allow 64-bit DMA
spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master
spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL
KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls
KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock
powerpc: Don't preempt_disable() in show_cpuinfo()
vfio: ccw: fix cleanup if cp_prefetch fails
tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
tee: shm: fix use-after-free via temporarily dropped reference
netfilter: nf_tables: free set name in error path
netfilter: nf_tables: can't fail after linking rule into active rule list
netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6}
i2c: designware: fix poll-after-enable regression
powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
drm: Match sysfs name in link removal to link creation
lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly
radix tree: fix multi-order iteration race
mm: don't allow deferred pages with NEED_PER_CPU_KM
drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk
s390/qdio: fix access to uninitialized qdio_q fields
s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
s390/qdio: don't release memory in qdio_setup_irq()
s390: remove indirect branch from do_softirq_own_stack
x86/pkeys: Override pkey when moving away from PROT_EXEC
x86/pkeys: Do not special case protection key 0
efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
x86/mm: Drop TS_COMPAT on 64-bit exec() syscall
tick/broadcast: Use for_each_cpu() specially on UP kernels
ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
Btrfs: fix xattr loss after power failure
Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting
btrfs: property: Set incompat flag if lzo/zstd compression is set
btrfs: fix crash when trying to resume balance without the resume flag
btrfs: Split btrfs_del_delalloc_inode into 2 functions
btrfs: Fix delalloc inodes invalidation during transaction abort
btrfs: fix reading stale metadata blocks after degraded raid1 mounts
x86/nospec: Simplify alternative_msr_write()
x86/bugs: Concentrate bug detection into a separate function
x86/bugs: Concentrate bug reporting into a separate function
x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
x86/bugs, KVM: Support the combination of guest and host IBRS
x86/bugs: Expose /sys/../spec_store_bypass
x86/cpufeatures: Add X86_FEATURE_RDS
x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation
x86/bugs/intel: Set proper CPU features and setup RDS
x86/bugs: Whitelist allowed SPEC_CTRL MSR values
x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
x86/speculation: Create spec-ctrl.h to avoid include hell
prctl: Add speculation control prctls
x86/process: Allow runtime control of Speculative Store Bypass
x86/speculation: Add prctl for Speculative Store Bypass mitigation
nospec: Allow getting/setting on non-current task
proc: Provide details on speculation flaw mitigations
seccomp: Enable speculation flaw mitigations
x86/bugs: Make boot modes __ro_after_init
prctl: Add force disable speculation
seccomp: Use PR_SPEC_FORCE_DISABLE
seccomp: Add filter flag to opt-out of SSB mitigation
seccomp: Move speculation migitation control to arch code
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
x86/bugs: Rename _RDS to _SSBD
proc: Use underscores for SSBD in 'status'
Documentation/spec_ctrl: Do some minor cleanups
x86/bugs: Fix __ssb_select_mitigation() return type
x86/bugs: Make cpu_show_common() static
x86/bugs: Fix the parameters alignment and missing void
x86/cpu: Make alternative_msr_write work for 32-bit code
KVM: SVM: Move spec control call after restore of GS
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
x86/cpufeatures: Disentangle SSBD enumeration
x86/cpufeatures: Add FEATURE_ZEN
x86/speculation: Handle HT correctly on AMD
x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
x86/speculation: Add virtualized speculative store bypass disable support
x86/speculation: Rework speculative_store_bypass_update()
x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
x86/bugs: Expose x86_spec_ctrl_base directly
x86/bugs: Remove x86_spec_ctrl_set()
x86/bugs: Rework spec_ctrl base and mask logic
x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
x86/bugs: Rename SSBD_NO to SSB_NO
Linux 4.14.43
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
