vic
1517 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Bruno Martins
|
9162135978 |
Merge branch 'deprecated/android-4.9-q' of https://android.googlesource.com/kernel/common into HEAD
Conflicts: arch/arm/Makefile arch/arm/include/asm/unistd.h arch/arm/kernel/calls.S arch/arm64/include/asm/assembler.h arch/arm64/include/asm/cputype.h arch/arm64/kernel/bpi.S arch/arm64/kernel/cpu_errata.c arch/arm64/kernel/setup.c arch/arm64/kernel/vdso.c arch/arm64/mm/proc.S arch/mips/include/uapi/asm/Kbuild arch/powerpc/include/uapi/asm/Kbuild drivers/char/Kconfig drivers/char/random.c drivers/clk/qcom/clk-rcg2.c drivers/gpu/drm/drm_edid.c drivers/irqchip/irq-gic.c drivers/md/dm-table.c drivers/media/dvb-core/dmxdev.c drivers/mmc/core/core.c drivers/mmc/core/host.c drivers/mmc/core/mmc.c drivers/mmc/host/sdhci.c drivers/net/usb/lan78xx.c drivers/scsi/ufs/ufs_quirks.h drivers/scsi/ufs/ufshcd.c drivers/staging/android/ion/ion-ioctl.c drivers/staging/android/ion/ion.c drivers/staging/android/ion/ion_priv.h drivers/staging/android/ion/ion_system_heap.c drivers/tty/tty_io.c drivers/usb/core/hub.c drivers/usb/core/usb.h drivers/usb/dwc3/core.c drivers/usb/dwc3/gadget.c drivers/usb/gadget/composite.c drivers/usb/gadget/configfs.c drivers/usb/gadget/function/f_accessory.c drivers/usb/gadget/function/rndis.c drivers/usb/gadget/function/rndis.h fs/eventpoll.c fs/ext4/namei.c fs/fat/fatent.c fs/gfs2/acl.c include/linux/random.h include/uapi/drm/Kbuild include/uapi/linux/Kbuild include/uapi/linux/cifs/Kbuild include/uapi/linux/genwqe/Kbuild kernel/cpu.c kernel/exit.c kernel/sched/cpufreq_schedutil.c lib/Makefile lib/string.c mm/memory.c mm/page-writeback.c mm/page_alloc.c net/ipv4/udp.c net/ipv6/datagram.c net/ipv6/ip6_output.c net/netfilter/nf_conntrack_irc.c net/netfilter/xt_quota2.c net/netlink/genetlink.c security/selinux/avc.c security/selinux/include/objsec.h sound/core/compress_offload.c Change-Id: I41982a5a8e22a21b72ec5dfa61a3680be66213f4 |
||
|
Greg Kroah-Hartman
|
7e6dfb2786 |
Merge 4.9.337 into android-4.9-q
Changes in 4.9.337
mm/khugepaged: fix GUP-fast interaction by sending IPI
mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
block: unhash blkdev part inode when the part is deleted
ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
can: sja1000: fix size of OCR_MODE_MASK define
ASoC: ops: Correct bounds check for second channel on SX controls
udf: Discard preallocation before extending file with a hole
udf: Drop unused arguments of udf_delete_aext()
udf: Fix preallocation discarding at indirect extent boundary
udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size
udf: Fix extending file within last block
usb: gadget: uvc: Prevent buffer overflow in setup handler
USB: serial: cp210x: add Kamstrup RF sniffer PIDs
Bluetooth: L2CAP: Fix u8 overflow
net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
arm: dts: spear600: Fix clcd interrupt
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
ARM: mmp: fix timer_read delay
pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
cpuidle: dt: Return the correct numbers of parsed idle states
alpha: fix syscall entry in !AUDUT_SYSCALL case
PM: hibernate: Fix mistake in kerneldoc comment
fs: don't audit the capability check in simple_xattr_list()
perf: Fix possible memleak in pmu_dev_alloc()
timerqueue: Use rb_entry_safe() in timerqueue_getnext()
ocfs2: fix memory leak in ocfs2_stack_glue_init()
MIPS: vpe-mt: fix possible memory leak while module exiting
MIPS: vpe-cmp: fix possible memory leak while module exiting
PNP: fix name memory leak in pnp_alloc_dev()
irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
lib/notifier-error-inject: fix error when writing -errno to debugfs file
rapidio: fix possible name leaks when rio_add_device() fails
rapidio: rio: fix possible name leak in rio_register_mport()
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
x86/xen: Fix memory leak in xen_init_lock_cpu()
MIPS: BCM63xx: Add check for NULL for clk in clk_enable
fs: sysv: Fix sysv_nblocks() returns wrong value
rapidio: fix possible UAF when kfifo_alloc() fails
eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
hfs: Fix OOB Write in hfs_asc2mac
rapidio: devices: fix missing put_device in mport_cdev_open
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
media: i2c: ad5820: Fix error path
media: vivid: fix compose size exceed boundary
mtd: Fix device name leak when register device failed in add_mtd_device()
ASoC: pxa: fix null-pointer dereference in filter()
regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
wifi: ath10k: Fix return value in ath10k_pci_init()
mtd: lpddr2_nvm: Fix possible null-ptr-deref
Input: elants_i2c - properly handle the reset GPIO when power is off
media: solo6x10: fix possible memory leak in solo_sysfs_init()
media: platform: exynos4-is: Fix error handling in fimc_md_init()
HID: hid-sensor-custom: set fixed size for custom attributes
ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
mtd: maps: pxa2xx-flash: fix memory leak in probe
media: imon: fix a race condition in send_packet()
pinctrl: pinconf-generic: add missing of_node_put()
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
NFSv4.2: Fix a memory stomp in decode_attr_security_label
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
ALSA: asihpi: fix missing pci_disable_device()
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
bonding: uninitialized variable in bond_miimon_inspect()
regulator: core: fix module refcount leak in set_supply()
media: saa7164: fix missing pci_disable_device()
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
SUNRPC: Fix missing release socket in rpc_sockname()
mmc: moxart: fix return value check of mmc_add_host()
mmc: mxcmmc: fix return value check of mmc_add_host()
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
mmc: toshsd: fix return value check of mmc_add_host()
mmc: vub300: fix return value check of mmc_add_host()
mmc: via-sdmmc: fix return value check of mmc_add_host()
mmc: wbsd: fix return value check of mmc_add_host()
mmc: mmci: fix return value check of mmc_add_host()
media: c8sectpfe: Add of_node_put() when breaking out of loop
media: coda: Add check for dcoda_iram_alloc
media: coda: Add check for kmalloc
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
blktrace: Fix output non-blktrace event when blk_classic option enabled
net: vmw_vsock: vmci: Check memcpy_from_msg()
net: defxx: Fix missing err handling in dfx_init()
drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
net: farsync: Fix kmemleak when rmmods farsync
net/tunnel: wait until all sk_user_data reader finish before releasing the sock
net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
ntb_netdev: Use dev_kfree_skb_any() in interrupt context
Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
stmmac: fix potential division by 0
scsi: hpsa: Fix error handling in hpsa_add_sas_host()
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
scsi: fcoe: Fix possible name leak when device_register() fails
scsi: ipr: Fix WARNING in ipr_init()
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
scsi: snic: Fix possible UAF in snic_tgt_create()
orangefs: Fix sysfs not cleanup when dev init failed
crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
hwrng: amd - Fix PCI device refcount leak
hwrng: geode - Fix PCI device refcount leak
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
drivers: dio: fix possible memory leak in dio_init()
vfio: platform: Do not pass return buffer to ACPI _RST method
uio: uio_dmem_genirq: Fix missing unlock in irq configuration
uio: uio_dmem_genirq: Fix deadlock between irq config and handling
usb: fotg210-udc: Fix ages old endianness issues
staging: vme_user: Fix possible UAF in tsi148_dma_list_add
serial: amba-pl011: avoid SBSA UART accessing DMACR register
serial: pch: Fix PCI device refcount leak in pch_request_dma()
serial: sunsab: Fix error handling in sunsab_init()
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
drivers: mcb: fix resource leak in mcb_probe()
mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
chardev: fix error handling in cdev_device_add()
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
staging: rtl8192u: Fix use after free in ieee80211_rx()
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
vme: Fix error not catched in fake_init()
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
usb: storage: Add check for kcalloc
fbdev: ssd1307fb: Drop optional dependency
fbdev: pm2fb: fix missing pci_disable_device()
fbdev: via: Fix error in via_core_init()
fbdev: vermilion: decrease reference count in error path
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
power: supply: fix residue sysfs file in error handle route of __power_supply_register()
HSI: omap_ssi_core: Fix error handling in ssi_init()
include/uapi/linux/swab: Fix potentially missing __always_inline
rtc: snvs: Allow a time difference on clock register read
iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
macintosh: fix possible memory leak in macio_add_one_device()
macintosh/macio-adb: check the return value of ioremap()
powerpc/52xx: Fix a resource leak in an error handling path
powerpc/perf: callchain validate kernel stack pointer bounds
powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
powerpc/hv-gpci: Fix hv_gpci event list
selftests/powerpc: Fix resource leaks
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
nfc: pn533: Clear nfc_target before being used
r6040: Fix kmemleak in probe and remove
openvswitch: Fix flow lookup to use unmasked key
skbuff: Account for tail adjustment during pull operations
net_sched: reject TCF_EM_SIMPLE case for complex ematch module
myri10ge: Fix an error handling path in myri10ge_probe()
net: stream: purge sk_error_queue in sk_stream_kill_queues()
binfmt_misc: fix shift-out-of-bounds in check_special_flags
fs: jfs: fix shift-out-of-bounds in dbAllocAG
udf: Avoid double brelse() in udf_rename()
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
ACPICA: Fix error code path in acpi_ds_call_control_method()
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
acct: fix potential integer overflow in encode_comp_t()
hfs: fix OOB Read in __hfs_brec_find
wifi: ath9k: verify the expected usb_endpoints are present
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
ipmi: fix memleak when unload ipmi driver
net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
hamradio: baycom_epp: Fix return type of baycom_send_packet()
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
igb: Do not free q_vector unless new one was allocated
s390/ctcm: Fix return type of ctc{mp,}m_tx()
s390/netiucv: Fix return type of netiucv_tx()
s390/lcs: Fix return type of lcs_start_xmit()
drm/sti: Use drm_mode_copy()
md/raid1: stop mdx_raid1 thread when raid1 array run failed
mrp: introduce active flags to prevent UAF when applicant uninit
ppp: associate skb with a device at tx
media: dvb-frontends: fix leak of memory fw
media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
blk-mq: fix possible memleak when register 'hctx' failed
mmc: f-sdh30: Add quirks for broken timeout clock capability
media: si470x: Fix use-after-free in si470x_int_in_callback()
clk: st: Fix memory leak in st_of_quadfs_setup()
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
ASoC: wm8994: Fix potential deadlock
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
ASoC: rt5670: Remove unbalanced pm_runtime_put()
HID: wacom: Ensure bootloader PID is usable in hidraw mode
reiserfs: Add missing calls to reiserfs_security_free()
iio: adc: ad_sigma_delta: do not use internal iio_dev lock
gcov: add support for checksum field
powerpc/rtas: avoid scheduling in rtas_os_term()
HID: plantronics: Additional PIDs for double volume key presses quirk
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
ALSA: line6: correct midi status byte when receiving data from podxt
ALSA: line6: fix stack overflow in line6_midi_transmit
pnode: terminate at peers of source
md: fix a crash in mempool_free
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
media: stv0288: use explicitly signed char
ktest.pl minconfig: Unset configs instead of just removing them
ARM: ux500: do not directly dereference __iomem
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
dm thin: Use last transaction's pmd->root when commit failed
dm thin: Fix UAF in run_timer_softirq()
dm cache: Fix UAF in destroy()
dm cache: set needs_check flag after aborting metadata
tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
media: dvb-core: Fix double free in dvb_register_device()
cifs: fix confusing debug message
PCI/sysfs: Fix double free in error path
crypto: n2 - add missing hash statesize
iommu/amd: Fix ivrs_acpihid cmdline parsing code
parisc: led: Fix potential null-ptr-deref in start_task()
device_cgroup: Roll back to original exceptions after copy failure
drm/connector: send hotplug uevent on connector cleanup
drm/vmwgfx: Validate the box size for the snooped cursor
ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
ext4: fix undefined behavior in bit shift for ext4_check_flag_values
ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
ext4: init quota for 'old.inode' in 'ext4_rename'
ext4: fix error code return to user-space in ext4_get_branch()
ext4: avoid BUG_ON when creating xattrs
ext4: initialize quota before expanding inode in setproject ioctl
Linux 4.9.337
Change-Id: I923e3fef499ae1688b25c70a1a805b55a9f4f027
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Jann Horn
|
588be4a04b |
mm/khugepaged: fix GUP-fast interaction by sending IPI
commit 2ba99c5e08812494bc57f319fb562f527d9bacd8 upstream.
Since commit 70cbc3cc78a99 ("mm: gup: fix the fast GUP race against THP
collapse"), the lockless_pages_from_mm() fastpath rechecks the pmd_t to
ensure that the page table was not removed by khugepaged in between.
However, lockless_pages_from_mm() still requires that the page table is
not concurrently freed. Fix it by sending IPIs (if the architecture uses
semi-RCU-style page table freeing) before freeing/reusing page tables.
Link: https://lkml.kernel.org/r/20221129154730.2274278-2-jannh@google.com
Link: https://lkml.kernel.org/r/20221128180252.1684965-2-jannh@google.com
Link: https://lkml.kernel.org/r/20221125213714.4115729-2-jannh@google.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
1f866c53ec |
Merge 4.9.327 into android-4.9-q
Changes in 4.9.327 parisc: Fix exception handler for fldw and fstw instructions xfrm: fix refcount leak in __xfrm_policy_check() af_key: Do not call xfrm_probe_algs in parallel rose: check NULL rose_loopback_neigh->loopback bonding: 802.3ad: fix no transmission of LACPDUs netfilter: nft_payload: report ERANGE for too long offset and length ratelimit: Fix data-races in ___ratelimit(). net: Fix a data-race around sysctl_tstamp_allow_data. net: Fix a data-race around sysctl_net_busy_poll. net: Fix a data-race around sysctl_net_busy_read. net: Fix a data-race around sysctl_somaxconn. ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter btrfs: check if root is readonly while setting security xattr loop: Check for overflow while configuring loop asm-generic: sections: refactor memory_intersects mm/hugetlb: fix hugetlb not supporting softdirty tracking mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() s390/mm: do not trigger write fault when vma does not allow VM_WRITE x86/cpu: Add Tiger Lake to Intel family x86/bugs: Add "unknown" reporting for MMIO Stale Data kbuild: Fix include path in scripts/Makefile.modpost Bluetooth: L2CAP: Fix build errors in some archs media: pvrusb2: fix memory leak in pvr_probe HID: hidraw: fix memory leak in hidraw_release() fbdev: fb_pm2fb: Avoid potential divide by zero error ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead arm64: map FDT as RW for early_init_dt_scan() s390/hypfs: avoid error message under KVM netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse kprobes: don't call disarm_kprobe() for disabled kprobes Linux 4.9.327 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I6944c82cad25fbe5a35384f4ef0b7fb485203a05 |
||
|
Quanyang Wang
|
6a0108b137 |
asm-generic: sections: refactor memory_intersects
commit 0c7d7cc2b4fe2e74ef8728f030f0f1674f9f6aee upstream.
There are two problems with the current code of memory_intersects:
First, it doesn't check whether the region (begin, end) falls inside the
region (virt, vend), that is (virt < begin && vend > end).
The second problem is if vend is equal to begin, it will return true but
this is wrong since vend (virt + size) is not the last address of the
memory region but (virt + size -1) is. The wrong determination will
trigger the misreporting when the function check_for_illegal_area calls
memory_intersects to check if the dma region intersects with stext region.
The misreporting is as below (stext is at 0x80100000):
WARNING: CPU: 0 PID: 77 at kernel/dma/debug.c:1073 check_for_illegal_area+0x130/0x168
DMA-API: chipidea-usb2 e0002000.usb: device driver maps memory from kernel text or rodata [addr=800f0000] [len=65536]
Modules linked in:
CPU: 1 PID: 77 Comm: usb-storage Not tainted 5.19.0-yocto-standard #5
Hardware name: Xilinx Zynq Platform
unwind_backtrace from show_stack+0x18/0x1c
show_stack from dump_stack_lvl+0x58/0x70
dump_stack_lvl from __warn+0xb0/0x198
__warn from warn_slowpath_fmt+0x80/0xb4
warn_slowpath_fmt from check_for_illegal_area+0x130/0x168
check_for_illegal_area from debug_dma_map_sg+0x94/0x368
debug_dma_map_sg from __dma_map_sg_attrs+0x114/0x128
__dma_map_sg_attrs from dma_map_sg_attrs+0x18/0x24
dma_map_sg_attrs from usb_hcd_map_urb_for_dma+0x250/0x3b4
usb_hcd_map_urb_for_dma from usb_hcd_submit_urb+0x194/0x214
usb_hcd_submit_urb from usb_sg_wait+0xa4/0x118
usb_sg_wait from usb_stor_bulk_transfer_sglist+0xa0/0xec
usb_stor_bulk_transfer_sglist from usb_stor_bulk_srb+0x38/0x70
usb_stor_bulk_srb from usb_stor_Bulk_transport+0x150/0x360
usb_stor_Bulk_transport from usb_stor_invoke_transport+0x38/0x440
usb_stor_invoke_transport from usb_stor_control_thread+0x1e0/0x238
usb_stor_control_thread from kthread+0xf8/0x104
kthread from ret_from_fork+0x14/0x2c
Refactor memory_intersects to fix the two problems above.
Before the 1d7db834a027e ("dma-debug: use memory_intersects()
directly"), memory_intersects is called only by printk_late_init:
printk_late_init -> init_section_intersects ->memory_intersects.
There were few places where memory_intersects was called.
When commit 1d7db834a027e ("dma-debug: use memory_intersects()
directly") was merged and CONFIG_DMA_API_DEBUG is enabled, the DMA
subsystem uses it to check for an illegal area and the calltrace above
is triggered.
[akpm@linux-foundation.org: fix nearby comment typo]
Link: https://lkml.kernel.org/r/20220819081145.948016-1-quanyang.wang@windriver.com
Fixes:
|
||
|
Bruno Martins
|
dbcc8fefd9 |
treewide: Import Samsung changes from T725XXU2DUD1
Change-Id: I5c31dc4a8006a967910963fb9e7d1a0ab4ab9731 |
||
|
Greg Kroah-Hartman
|
0b84e6eefd |
Merge 4.9.292 into android-4.9-q
Changes in 4.9.292 staging: ion: Prevent incorrect reference counting behavour USB: serial: option: add Telit LE910S1 0x9200 composition USB: serial: option: add Fibocom FM101-GL variants usb: hub: Fix usb enumeration issue due to address0 race usb: hub: Fix locking issues with address0_mutex binder: fix test regression due to sender_euid change ALSA: ctxfi: Fix out-of-range access staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() fuse: fix page stealing xen: don't continue xenstore initialization in case of errors xen: detect uninitialized xenbus in xenbus_init tracing: Fix pid filtering when triggers are attached ARM: dts: BCM5301X: Add interrupt properties to GPIO node ASoC: topology: Add missing rwsem around snd_ctl_remove() calls net: ieee802154: handle iftypes as u32 NFSv42: Don't fail clone() unless the OP_CLONE operation failed ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE scsi: mpt3sas: Fix kernel panic during drive powercycle test drm/vc4: fix error code in vc4_create_object() PM: hibernate: use correct mode for swsusp_close() tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows tracing: Check pid filtering when creating events hugetlbfs: flush TLBs correctly after huge_pmd_unshare vhost/vsock: fix incorrect used length reported to the guest proc/vmcore: fix clearing user buffer by properly using clear_user() NFC: add NCI_UNREG flag to eliminate the race fuse: release pipe buf after last use xen: sync include/xen/interface/io/ring.h with Xen's newest version xen/blkfront: read response from backend only once xen/blkfront: don't take local copy of a request from the ring page xen/blkfront: don't trust the backend response data blindly xen/netfront: read response from backend only once xen/netfront: don't read data from request on the ring page xen/netfront: disentangle tx_skb_freelist xen/netfront: don't trust the backend response data blindly tty: hvc: replace BUG_ON() with negative return value shm: extend forced shm destroy to support objects from several IPC nses NFSv42: Fix pagecache invalidation after COPY/CLONE hugetlb: take PMD sharing into account when flushing tlb/caches net: return correct error code platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep s390/setup: avoid using memblock_enforce_memory_limit thermal: core: Reset previous low and high trip during thermal zone init scsi: iscsi: Unblock session then wake up error handler ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit kprobes: Limit max data_size of the kretprobe instances sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl fs: add fget_many() and fput_many() fget: check that the fd still exists after getting a ref to it natsemi: xtensa: fix section mismatch warnings net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() siphash: use _unaligned version by default net/rds: correct socket tunable error in rds_tcp_tune() parisc: Fix "make install" on newer debian releases vgacon: Propagate console boot parameters before calling `vc_resize' tty: serial: msm_serial: Deactivate RX DMA for polling support serial: pl011: Add ACPI SBSA UART match id serial: core: fix transmit-buffer reset and memleak Linux 4.9.292 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I98a677406cfca6a63fffa4a94e45edbd45fd671a |
||
|
Nadav Amit
|
8e80bf5d00 |
hugetlbfs: flush TLBs correctly after huge_pmd_unshare
commit a4a118f2eead1d6c49e00765de89878288d4b890 upstream.
When __unmap_hugepage_range() calls to huge_pmd_unshare() succeed, a TLB
flush is missing. This TLB flush must be performed before releasing the
i_mmap_rwsem, in order to prevent an unshared PMDs page from being
released and reused before the TLB flush took place.
Arguably, a comprehensive solution would use mmu_gather interface to
batch the TLB flushes and the PMDs page release, however it is not an
easy solution: (1) try_to_unmap_one() and try_to_migrate_one() also call
huge_pmd_unshare() and they cannot use the mmu_gather interface; and (2)
deferring the release of the page reference for the PMDs page until
after i_mmap_rwsem is dropeed can confuse huge_pmd_unshare() into
thinking PMDs are shared when they are not.
Fix __unmap_hugepage_range() by adding the missing TLB flush, and
forcing a flush when unshare is successful.
Fixes:
|
||
|
Greg Kroah-Hartman
|
0de1fb122e |
Merge 4.9.290 into android-4.9-q
Changes in 4.9.290 scsi: core: Put LLD module refcnt after SCSI device is released mm/zsmalloc: Prepare to variable MAX_PHYSMEM_BITS arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" net: hso: register netdev later to avoid a race condition usb: hso: fix error handling code of hso_create_net_device Revert "x86/kvm: fix vcpu-id indexed array sizes" IB/qib: Use struct_size() helper IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields usb: gadget: Mark USB_FSL_QE broken on 64-bit usb: musb: Balance list entry in musb_gadget_queue usb-storage: Add compatibility quirk flags for iODD 2531/2541 printk/console: Allow to disable console output by using console="" or console=null isofs: Fix out of bound access for corrupted isofs image comedi: dt9812: fix DMA buffers on stack comedi: ni_usb6501: fix NULL-deref in command paths comedi: vmk80xx: fix transfer-buffer overflows comedi: vmk80xx: fix bulk-buffer overflow comedi: vmk80xx: fix bulk and interrupt message timeouts staging: r8712u: fix control-message timeout staging: rtl8192u: fix control-message timeouts rsi: fix control-message timeout Linux 4.9.290 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I91380c82e93a66d0c1738c710264741b907553c1 |
||
|
Arnd Bergmann
|
5928b788fa |
arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed
[ Upstream commit cef397038167ac15d085914493d6c86385773709 ]
Stefan Agner reported a bug when using zsram on 32-bit Arm machines
with RAM above the 4GB address boundary:
Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = a27bd01c
[00000000] *pgd=236a0003, *pmd=1ffa64003
Internal error: Oops: 207 [#1] SMP ARM
Modules linked in: mdio_bcm_unimac(+) brcmfmac cfg80211 brcmutil raspberrypi_hwmon hci_uart crc32_arm_ce bcm2711_thermal phy_generic genet
CPU: 0 PID: 123 Comm: mkfs.ext4 Not tainted 5.9.6 #1
Hardware name: BCM2711
PC is at zs_map_object+0x94/0x338
LR is at zram_bvec_rw.constprop.0+0x330/0xa64
pc : [<c0602b38>] lr : [<c0bda6a0>] psr: 60000013
sp : e376bbe0 ip : 00000000 fp : c1e2921c
r10: 00000002 r9 : c1dda730 r8 : 00000000
r7 : e8ff7a00 r6 : 00000000 r5 : 02f9ffa0 r4 : e3710000
r3 : 000fdffe r2 : c1e0ce80 r1 : ebf979a0 r0 : 00000000
Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
Control: 30c5383d Table: 235c2a80 DAC: fffffffd
Process mkfs.ext4 (pid: 123, stack limit = 0x495a22e6)
Stack: (0xe376bbe0 to 0xe376c000)
As it turns out, zsram needs to know the maximum memory size, which
is defined in MAX_PHYSMEM_BITS when CONFIG_SPARSEMEM is set, or in
MAX_POSSIBLE_PHYSMEM_BITS on the x86 architecture.
The same problem will be hit on all 32-bit architectures that have a
physical address space larger than 4GB and happen to not enable sparsemem
and include asm/sparsemem.h from asm/pgtable.h.
After the initial discussion, I suggested just always defining
MAX_POSSIBLE_PHYSMEM_BITS whenever CONFIG_PHYS_ADDR_T_64BIT is
set, or provoking a build error otherwise. This addresses all
configurations that can currently have this runtime bug, but
leaves all other configurations unchanged.
I looked up the possible number of bits in source code and
datasheets, here is what I found:
- on ARC, CONFIG_ARC_HAS_PAE40 controls whether 32 or 40 bits are used
- on ARM, CONFIG_LPAE enables 40 bit addressing, without it we never
support more than 32 bits, even though supersections in theory allow
up to 40 bits as well.
- on MIPS, some MIPS32r1 or later chips support 36 bits, and MIPS32r5
XPA supports up to 60 bits in theory, but 40 bits are more than
anyone will ever ship
- On PowerPC, there are three different implementations of 36 bit
addressing, but 32-bit is used without CONFIG_PTE_64BIT
- On RISC-V, the normal page table format can support 34 bit
addressing. There is no highmem support on RISC-V, so anything
above 2GB is unused, but it might be useful to eventually support
CONFIG_ZRAM for high pages.
Fixes:
|
||
|
Greg Kroah-Hartman
|
85d9096763 |
Merge 4.9.281 into android-4.9-q
Changes in 4.9.281
iio: adc: Fix incorrect exit of for-loop
ASoC: intel: atom: Fix reference to PCM buffer address
i2c: dev: zero out array used for i2c reads from userspace
ACPI: NFIT: Fix support for virtual SPA ranges
ppp: Fix generating ifname when empty IFLA_IFNAME is specified
net: Fix memory leak in ieee802154_raw_deliver
net: bridge: fix memleak in br_add_if()
tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets
xen/events: Fix race in set_evtchn_to_irq
x86/tools: Fix objdump version check again
PCI/MSI: Enable and mask MSI-X early
PCI/MSI: Do not set invalid bits in MSI mask
PCI/MSI: Correct misleading comments
PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown()
PCI/MSI: Protect msi_desc::masked for multi-MSI
PCI/MSI: Mask all unused MSI-X entries
PCI/MSI: Enforce that MSI-X table entry is masked for update
PCI/MSI: Enforce MSI[X] entry updates to be visible
vmlinux.lds.h: Handle clang's module.{c,d}tor sections
mac80211: drop data frames without key on encrypted links
KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
x86/fpu: Make init_fpstate correct with optimized XSAVE
dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()
ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218
dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available
scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
ARM: dts: nomadik: Fix up interrupt controller node names
Bluetooth: hidp: use correct wait queue when removing ctrl_wait
dccp: add do-while-0 stubs for dccp_pr_debug macros
vhost: Fix the calculation in vhost_overflow()
net: 6pack: fix slab-out-of-bounds in decode_data
net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
mmc: dw_mmc: call the dw_mci_prep_stop_abort() by default
mmc: dw_mmc: Fix hang on data CRC error
ALSA: hda - fix the 'Capture Switch' value change notifications
ipack: tpci200: fix many double free issues in tpci200_pci_probe
btrfs: prevent rename2 from exchanging a subvol with a directory from different parents
ASoC: intel: atom: Fix breakage for PCM buffer address setup
locks: print a warning when mount fails due to lack of "mand" support
fs: warn about impending deprecation of mandatory locks
Linux 4.9.281
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0f50adb340b9ef3eb12acf7f244b283ab16ae3bf
|
||
|
Nathan Chancellor
|
2c20065df8 |
vmlinux.lds.h: Handle clang's module.{c,d}tor sections
commit 848378812e40152abe9b9baf58ce2004f76fb988 upstream.
A recent change in LLVM causes module_{c,d}tor sections to appear when
CONFIG_K{A,C}SAN are enabled, which results in orphan section warnings
because these are not handled anywhere:
ld.lld: warning: arch/x86/pci/built-in.a(legacy.o):(.text.asan.module_ctor) is being placed in '.text.asan.module_ctor'
ld.lld: warning: arch/x86/pci/built-in.a(legacy.o):(.text.asan.module_dtor) is being placed in '.text.asan.module_dtor'
ld.lld: warning: arch/x86/pci/built-in.a(legacy.o):(.text.tsan.module_ctor) is being placed in '.text.tsan.module_ctor'
Fangrui explains: "the function asan.module_ctor has the SHF_GNU_RETAIN
flag, so it is in a separate section even with -fno-function-sections
(default)".
Place them in the TEXT_TEXT section so that these technologies continue
to work with the newer compiler versions. All of the KASAN and KCSAN
KUnit tests continue to pass after this change.
Cc: stable@vger.kernel.org
Link: https://github.com/ClangBuiltLinux/linux/issues/1432
Link:
|
||
|
Greg Kroah-Hartman
|
1b43cb8b40 |
Merge 4.9.252 into android-4.9-q
Changes in 4.9.252
target: bounds check XCOPY segment descriptor list
target: simplify XCOPY wwn->se_dev lookup helper
target: use XCOPY segment descriptor CSCD IDs
xcopy: loop over devices using idr helper
scsi: target: Fix XCOPY NAA identifier lookup
target: add XCOPY target/segment desc sense codes
powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at
net: ip: always refragment ip defragmented packets
net: fix pmtu check in nopmtudisc mode
vmlinux.lds.h: Add PGO and AutoFDO input sections
drm/i915: Fix mismatch between misplaced vma check and vma insert
ubifs: wbuf: Don't leak kernel memory to flash
spi: pxa2xx: Fix use-after-free on unbind
ARM: OMAP2+: omap_device: fix idling of devices during probe
cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get()
dmaengine: xilinx_dma: check dma_async_device_register return value
dmaengine: xilinx_dma: fix mixed_enum_type coverity warning
wil6210: select CONFIG_CRC32
block: rsxx: select CONFIG_CRC32
iommu/intel: Fix memleak in intel_irq_remapping_alloc
net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups
wan: ds26522: select CONFIG_BITREVERSE
KVM: arm64: Don't access PMCR_EL0 when no PMU is available
block: fix use-after-free in disk_part_iter_next
net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet
Linux 4.9.252
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic275c99bd03b788c7fdfffb6ed8529b0556a044c
|
||
|
Nick Desaulniers
|
7bae4bc9b4 |
vmlinux.lds.h: Add PGO and AutoFDO input sections
commit eff8728fe69880d3f7983bec3fb6cea4c306261f upstream.
Basically, consider .text.{hot|unlikely|unknown}.* part of .text, too.
When compiling with profiling information (collected via PGO
instrumentations or AutoFDO sampling), Clang will separate code into
.text.hot, .text.unlikely, or .text.unknown sections based on profiling
information. After D79600 (clang-11), these sections will have a
trailing `.` suffix, ie. .text.hot., .text.unlikely., .text.unknown..
When using -ffunction-sections together with profiling infomation,
either explicitly (FGKASLR) or implicitly (LTO), code may be placed in
sections following the convention:
.text.hot.<foo>, .text.unlikely.<bar>, .text.unknown.<baz>
where <foo>, <bar>, and <baz> are functions. (This produces one section
per function; we generally try to merge these all back via linker script
so that we don't have 50k sections).
For the above cases, we need to teach our linker scripts that such
sections might exist and that we'd explicitly like them grouped
together, otherwise we can wind up with code outside of the
_stext/_etext boundaries that might not be mapped properly for some
architectures, resulting in boot failures.
If the linker script is not told about possible input sections, then
where the section is placed as output is a heuristic-laiden mess that's
non-portable between linkers (ie. BFD and LLD), and has resulted in many
hard to debug bugs. Kees Cook is working on cleaning this up by adding
--orphan-handling=warn linker flag used in ARCH=powerpc to additional
architectures. In the case of linker scripts, borrowing from the Zen of
Python: explicit is better than implicit.
Also, ld.bfd's internal linker script considers .text.hot AND
.text.hot.* to be part of .text, as well as .text.unlikely and
.text.unlikely.*. I didn't see support for .text.unknown.*, and didn't
see Clang producing such code in our kernel builds, but I see code in
LLVM that can produce such section names if profiling information is
missing. That may point to a larger issue with generating or collecting
profiles, but I would much rather be safe and explicit than have to
debug yet another issue related to orphan section placement.
Reported-by: Jian Cai <jiancai@google.com>
Suggested-by: Fāng-ruì Sòng <maskray@google.com>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Tested-by: Luis Lozano <llozano@google.com>
Tested-by: Manoj Gupta <manojgupta@google.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: linux-arch@vger.kernel.org
Cc: stable@vger.kernel.org
Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=add44f8d5c5c05e08b11e033127a744d61c26aee
Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1de778ed23ce7492c523d5850c6c6dbb34152655
Link: https://reviews.llvm.org/D79600
Link: https://bugs.chromium.org/p/chromium/issues/detail?id=1084760
Link: https://lore.kernel.org/r/20200821194310.3089815-7-keescook@chromium.org
Debugged-by: Luis Lozano <llozano@google.com>
[nc: Fix small conflict around lack of NOINSTR_TEXT and .text..refcount]
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
1e7b6edbb5 |
Merge 4.9.233 into android-4.9-q
Changes in 4.9.233
xfs: catch inode allocation state mismatch corruption
xfs: validate cached inodes are free when allocated
xfs: don't call xfs_da_shrink_inode with NULL bp
net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()
crypto: ccp - Release all allocated memory if sha type is invalid
media: rc: prevent memory leak in cx23888_ir_probe
ath9k_htc: release allocated buffer if timed out
ath9k: release allocated buffer if timed out
PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
drm: hold gem reference until object is no longer accessed
f2fs: check memory boundary by insane namelen
f2fs: check if file namelen exceeds max value
9p/trans_fd: abort p9_read_work if req status changed
9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work
x86/build/lto: Fix truncated .bss with -fdata-sections
x86, vmlinux.lds: Page-align end of ..page_aligned sections
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
rds: Prevent kernel-infoleak in rds_notify_queue_get()
xfs: fix missed wakeup on l_flush_wait
uapi: includes linux/types.h before exporting files
install several missing uapi headers
net/x25: Fix x25_neigh refcnt leak when x25 disconnect
net/x25: Fix null-ptr-deref in x25_disconnect
sh: Fix validation of system call number
net: lan78xx: add missing endpoint sanity check
net: lan78xx: fix transfer-buffer memory leak
mlx4: disable device on shutdown
mlxsw: core: Increase scope of RCU read-side critical section
mlxsw: core: Free EMAD transactions using kfree_rcu()
ibmvnic: Fix IRQ mapping disposal in error path
mac80211: mesh: Free ie data when leaving mesh
mac80211: mesh: Free pending skb when destroying a mpath
arm64: csum: Fix handling of bad packets
usb: hso: Fix debug compile warning on sparc32
qed: Disable "MFW indication via attention" SPAM every 5 minutes
nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
parisc: add support for cmpxchg on u8 pointers
net: ethernet: ravb: exit if re-initialization fails in tx timeout
Revert "i2c: cadence: Fix the hold bit setting"
xen-netfront: fix potential deadlock in xennet_remove()
KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled
x86/i8259: Use printk_deferred() to prevent deadlock
random32: update the net random state on interrupt and activity
ARM: percpu.h: fix build error
random: fix circular include dependency on arm64 after addition of percpu.h
random32: remove net_rand_state from the latent entropy gcc plugin
random32: move the pseudo-random 32-bit definitions to prandom.h
ext4: fix direct I/O read error
USB: serial: qcserial: add EM7305 QDL product ID
net/mlx5e: Don't support phys switch id if not in switchdev mode
ALSA: seq: oss: Serialize ioctls
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
omapfb: dss: Fix max fclk divider for omap36xx
vgacon: Fix for missing check in scrollback handling
mtd: properly check all write ioctls for permissions
leds: wm831x-status: fix use-after-free on unbind
leds: da903x: fix use-after-free on unbind
leds: lm3533: fix use-after-free on unbind
leds: 88pm860x: fix use-after-free on unbind
net/9p: validate fds in p9_fd_open
drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason
cfg80211: check vendor command doit pointer before use
igb: reinit_locked() should be called with rtnl_lock
atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
tools lib traceevent: Fix memory leak in process_dynamic_array_len
xattr: break delegations in {set,remove}xattr
binder: Prevent context manager from incrementing ref 0
ipv4: Silence suspicious RCU usage warning
ipv6: fix memory leaks on IPV6_ADDRFORM path
vxlan: Ensure FDB dump is performed under RCU
net: lan78xx: replace bogus endpoint lookup
Revert "vxlan: fix tos value before xmit"
usb: hso: check for return value in hso_serial_common_create()
Smack: fix use-after-free in smk_write_relabel_self()
tracepoint: Mark __tracepoint_string's __used
gpio: fix oops resulting from calling of_get_named_gpio(NULL, ...)
cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone()
EDAC: Fix reference count leaks
arm64: dts: qcom: msm8916: Replace invalid bias-pull-none property
arm64: dts: exynos: Fix silent hang after boot on Espresso
m68k: mac: Don't send IOP message until channel is idle
m68k: mac: Fix IOP status/control register writes
platform/x86: intel-hid: Fix return value check in check_acpi_dev()
platform/x86: intel-vbtn: Fix return value check in check_acpi_dev()
ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh()
drm/tilcdc: fix leak & null ref in panel_connector_get_modes
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
video: fbdev: neofb: fix memory leak in neo_scan_monitor()
md-cluster: fix wild pointer of unlock_all_bitmaps()
drm/nouveau: fix multiple instances of reference count leaks
drm/debugfs: fix plain echo to connector "force" attribute
mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
brcmfmac: To fix Bss Info flag definition Bug
iwlegacy: Check the return value of pcie_capability_read_*()
usb: gadget: net2280: fix memory leak on probe error handling paths
bdc: Fix bug causing crash after multiple disconnects
dyndbg: fix a BUG_ON in ddebug_describe_flags
bcache: fix super block seq numbers comparision in register_cache_set()
ACPICA: Do not increment operation_region reference counts for field units
agp/intel: Fix a memory leak on module initialisation failure
video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
console: newport_con: fix an issue about leak related system resources
video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call
iio: improve IIO_CONCENTRATION channel type description
leds: lm355x: avoid enum conversion warning
media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities()
scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline
cxl: Fix kobject memleak
drm/radeon: fix array out-of-bounds read and write issues
scsi: powertec: Fix different dev_id between request_irq() and free_irq()
scsi: eesox: Fix different dev_id between request_irq() and free_irq()
media: firewire: Using uninitialized values in node_probe()
media: exynos4-is: Add missed check for pinctrl_lookup_state()
xfs: fix reflink quota reservation accounting error
PCI: Fix pci_cfg_wait queue locking problem
leds: core: Flush scheduled work for system suspend
drm: panel: simple: Fix bpc for LG LB070WV8 panel
scsi: scsi_debug: Add check for sdebug_max_queue during module init
mwifiex: Prevent memory corruption handling keys
powerpc/vdso: Fix vdso cpu truncation
staging: rtl8192u: fix a dubious looking mask before a shift
PCI/ASPM: Add missing newline in sysfs 'policy'
drm/imx: tve: fix regulator_disable error path
USB: serial: iuu_phoenix: fix led-activity helpers
usb: dwc2: Fix error path in gadget registration
scsi: mesh: Fix panic after host or bus reset
Smack: fix another vsscanf out of bounds
Smack: prevent underflow in smk_set_cipso()
power: supply: check if calc_soc succeeded in pm860x_init_battery
selftests/powerpc: Fix CPU affinity for child process
selftests/powerpc: Fix online CPU selection
s390/qeth: don't process empty bridge port events
wl1251: fix always return 0 error
net: spider_net: Fix the size used in a 'dma_free_coherent()' call
fsl/fman: use 32-bit unsigned integer
fsl/fman: fix dereference null return value
fsl/fman: fix unreachable code
fsl/fman: check dereferencing null pointer
fsl/fman: fix eth hash table allocation
dlm: Fix kobject memleak
pinctrl-single: fix pcs_parse_pinconf() return value
drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
net/nfc/rawsock.c: add CAP_NET_RAW check.
net: Set fput_needed iff FDPUT_FPUT is set
USB: serial: cp210x: re-enable auto-RTS on open
USB: serial: cp210x: enable usb generic throttle/unthrottle
ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
ALSA: usb-audio: add quirk for Pioneer DDJ-RB
crypto: qat - fix double free in qat_uclo_create_batch_init_list
crypto: ccp - Fix use of merged scatterlists
fs/minix: check return value of sb_getblk()
fs/minix: don't allow getting deleted inodes
fs/minix: reject too-large maximum file size
ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
9p: Fix memory leak in v9fs_mount
parisc: mask out enable and reserved bits from sba imask
ARM: 8992/1: Fix unwind_frame for clang-built kernels
xen/balloon: fix accounting in alloc_xenballooned_pages error path
xen/balloon: make the balloon wait interruptible
smb3: warn on confusing error scenario with sec=krb5
PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
btrfs: don't allocate anonymous block device for user invisible roots
btrfs: only search for left_info if there is no right_info in try_merge_free_space
btrfs: fix memory leaks after failure to lookup checksums during inode logging
iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
xtensa: fix xtensa_pmu_setup prototype
powerpc: Fix circular dependency between percpu.h and mmu.h
net: ethernet: stmmac: Disable hardware multicast filter
net: stmmac: dwmac1000: provide multicast filter fallback
net/compat: Add missing sock updates for SCM_RIGHTS
md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
bcache: allocate meta data pages as compound pages
mac80211: fix misplaced while instead of if
MIPS: CPU#0 is not hotpluggable
ext2: fix missing percpu_counter_inc
ocfs2: change slot number type s16 to u16
ftrace: Setup correct FTRACE_FL_REGS flags for module
kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options
watchdog: f71808e_wdt: remove use of wrong watchdog_info option
watchdog: f71808e_wdt: clear watchdog timeout occurred flag
pseries: Fix 64 bit logical memory block panic
mfd: arizona: Ensure 32k clock is put on driver unbind and error
USB: serial: ftdi_sio: make process-packet buffer unsigned
USB: serial: ftdi_sio: clean up receive processing
gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers
iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
iommu/vt-d: Enforce PASID devTLB field mask
i2c: rcar: slave: only send STOP event when we have been addressed
clk: clk-atlas6: fix return value check in atlas6_clk_init()
pwm: bcm-iproc: handle clk_get_rate() return
Input: sentelic - fix error return when fsp_reg_write fails
drm/vmwgfx: Fix two list_for_each loop exit tests
net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init
nfs: Fix getxattr kernel panic and memory overflow
fs/ufs: avoid potential u32 multiplication overflow
mfd: dln2: Run event handler loop under spinlock
ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
sh: landisk: Add missing initialization of sh_io_port_base
khugepaged: retract_page_tables() remember to test exit
mm: Avoid calling build_all_zonelists_init under hotplug context
Linux 4.9.233
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ied62cb0768f5bd8e989d75e7c2ccf6f1e6f2efd4
|
||
|
Joerg Roedel
|
ce93e0169b |
x86, vmlinux.lds: Page-align end of ..page_aligned sections
[ Upstream commit de2b41be8fcccb2f5b6c480d35df590476344201 ] On x86-32 the idt_table with 256 entries needs only 2048 bytes. It is page-aligned, but the end of the .bss..page_aligned section is not guaranteed to be page-aligned. As a result, objects from other .bss sections may end up on the same 4k page as the idt_table, and will accidentially get mapped read-only during boot, causing unexpected page-faults when the kernel writes to them. This could be worked around by making the objects in the page aligned sections page sized, but that's wrong. Explicit sections which store only page aligned objects have an implicit guarantee that the object is alone in the page in which it is placed. That works for all objects except the last one. That's inconsistent. Enforcing page sized objects for these sections would wreckage memory sanitizers, because the object becomes artificially larger than it should be and out of bound access becomes legit. Align the end of the .bss..page_aligned and .data..page_aligned section on page-size so all objects places in these sections are guaranteed to have their own page. [ tglx: Amended changelog ] Signed-off-by: Joerg Roedel <jroedel@suse.de> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org Link: https://lkml.kernel.org/r/20200721093448.10417-1-joro@8bytes.org Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Linux Build Service Account
|
7098fc0378 |
Merge "Merge android-4.9.226(92339d6) into msm-4.9"
|
||
|
jianzhou
|
0fa749aba7 |
Merge android-4.9.226(92339d6) into msm-4.9
* refs/heads/tmp-92339d6: Linux 4.9.226 scsi: zfcp: fix request object use-after-free in send path causing wrong traces net: hns: Fixes the missing put_device in positive leg for roce reset sc16is7xx: move label 'err_spi' to correct section mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap() net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags genirq/generic_pending: Do not lose pending affinity update netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build bonding: Fix reference count leak in bond_sysfs_slave_add. qlcnic: fix missing release in qlcnic_83xx_interrupt_test. netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code netfilter: ipset: Fix subcounter update skip netfilter: nft_reject_bridge: enable reject with bridge vlan ip_vti: receive ipip packet by calling ip_tunnel_rcv vti4: eliminated some duplicate code. xfrm: fix a NULL-ptr deref in xfrm_local_error xfrm: fix a warning in xfrm_policy_insert_list xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input x86/dma: Fix max PFN arithmetic overflow on 32 bit systems mac80211: mesh: fix discovery timer re-arming issue / crash parisc: Fix kernel panic in mem_init() iommu: Fix reference count leak in iommu_group_alloc. include/asm-generic/topology.h: guard cpumask_of_node() macro argument fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() libceph: ignore pool overlay and cache logic on redirects exec: Always set cap_ambient in cap_bprm_set_creds ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC ALSA: hwdep: fix a left shifting 1 by 31 UB bug ARM: dts/imx6q-bx50v3: Set display interface clock parents ARM: dts: imx6q-bx50v3: Add internal switch ARM: dts: imx: Correct B850v3 clock assignment IB/qib: Call kobject_put() when kobject_init_and_add() fails Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() Input: i8042 - add ThinkPad S230u to i8042 reset list Input: xpad - add custom init packet for Xbox One S controllers Input: evdev - call input_flush_device() on release(), not flush() Input: usbtouchscreen - add support for BonXeon TP cifs: Fix null pointer check in cifs_read usb: gadget: legacy: fix redundant initialization warnings cachefiles: Fix race between read_waiter and read_copier involving op->to_do gfs2: move privileged user check to gfs2_quota_lock_check net: microchip: encx24j600: add missed kthread_stop gpio: tegra: mask GPIO IRQs during IRQ shutdown IB/cma: Fix reference count leak when no ipv4 addresses are set uapi: fix linux/if_pppol2tp.h userspace compilation errors net/mlx4_core: fix a memory leak bug. net: sun: fix missing release regions in cas_init_one(). net/mlx5: Add command entry handling completion net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() net/mlx5e: Update netdev txq on completions during closure sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed net sched: fix reporting the first-time use timestamp net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" net: ipip: fix wrong address family in init error path ax25: fix setsockopt(SO_BINDTODEVICE) ANDROID: cuttlefish defconfig - enable mount/net/uts namespaces. Conflicts: sound/usb/mixer.c Change-Id: I6b5883ef36cd7172641fb624ca22b6645cc52002 Signed-off-by: jianzhou <jianzhou@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
92339d658c |
Merge 4.9.226 into android-4.9-q
Changes in 4.9.226 ax25: fix setsockopt(SO_BINDTODEVICE) net: ipip: fix wrong address family in init error path net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" net sched: fix reporting the first-time use timestamp sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed net/mlx5e: Update netdev txq on completions during closure net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() net/mlx5: Add command entry handling completion net: sun: fix missing release regions in cas_init_one(). net/mlx4_core: fix a memory leak bug. uapi: fix linux/if_pppol2tp.h userspace compilation errors IB/cma: Fix reference count leak when no ipv4 addresses are set gpio: tegra: mask GPIO IRQs during IRQ shutdown net: microchip: encx24j600: add missed kthread_stop gfs2: move privileged user check to gfs2_quota_lock_check cachefiles: Fix race between read_waiter and read_copier involving op->to_do usb: gadget: legacy: fix redundant initialization warnings cifs: Fix null pointer check in cifs_read Input: usbtouchscreen - add support for BonXeon TP Input: evdev - call input_flush_device() on release(), not flush() Input: xpad - add custom init packet for Xbox One S controllers Input: i8042 - add ThinkPad S230u to i8042 reset list Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() IB/qib: Call kobject_put() when kobject_init_and_add() fails ARM: dts: imx: Correct B850v3 clock assignment ARM: dts: imx6q-bx50v3: Add internal switch ARM: dts/imx6q-bx50v3: Set display interface clock parents ALSA: hwdep: fix a left shifting 1 by 31 UB bug ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC exec: Always set cap_ambient in cap_bprm_set_creds libceph: ignore pool overlay and cache logic on redirects mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() include/asm-generic/topology.h: guard cpumask_of_node() macro argument iommu: Fix reference count leak in iommu_group_alloc. parisc: Fix kernel panic in mem_init() mac80211: mesh: fix discovery timer re-arming issue / crash x86/dma: Fix max PFN arithmetic overflow on 32 bit systems xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input xfrm: fix a warning in xfrm_policy_insert_list xfrm: fix a NULL-ptr deref in xfrm_local_error vti4: eliminated some duplicate code. ip_vti: receive ipip packet by calling ip_tunnel_rcv netfilter: nft_reject_bridge: enable reject with bridge vlan netfilter: ipset: Fix subcounter update skip netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code qlcnic: fix missing release in qlcnic_83xx_interrupt_test. bonding: Fix reference count leak in bond_sysfs_slave_add. netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build genirq/generic_pending: Do not lose pending affinity update net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap() sc16is7xx: move label 'err_spi' to correct section net: hns: Fixes the missing put_device in positive leg for roce reset scsi: zfcp: fix request object use-after-free in send path causing wrong traces Linux 4.9.226 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I64b95b6296df8de22f3f7ee64b13140f04215478 |
||
|
Arnd Bergmann
|
4f4a4bc907 |
include/asm-generic/topology.h: guard cpumask_of_node() macro argument
[ Upstream commit 4377748c7b5187c3342a60fa2ceb60c8a57a8488 ]
drivers/hwmon/amd_energy.c:195:15: error: invalid operands to binary expression ('void' and 'int')
(channel - data->nr_cpus));
~~~~~~~~~^~~~~~~~~~~~~~~~~
include/asm-generic/topology.h:51:42: note: expanded from macro 'cpumask_of_node'
#define cpumask_of_node(node) ((void)node, cpu_online_mask)
^~~~
include/linux/cpumask.h:618:72: note: expanded from macro 'cpumask_first_and'
#define cpumask_first_and(src1p, src2p) cpumask_next_and(-1, (src1p), (src2p))
^~~~~
Fixes:
|
||
|
Nicolas Dichtel
|
3b0fe0b203 |
uapi: export all headers under uapi directories
Regularly, when a new header is created in include/uapi/, the developer forgets to add it in the corresponding Kbuild file. This error is usually detected after the release is out. In fact, all headers under uapi directories should be exported, thus it's useless to have an exhaustive list. After this patch, the following files, which were not exported, are now exported (with make headers_install_all): asm-arc/kvm_para.h asm-arc/ucontext.h asm-blackfin/shmparam.h asm-blackfin/ucontext.h asm-c6x/shmparam.h asm-c6x/ucontext.h asm-cris/kvm_para.h asm-h8300/shmparam.h asm-h8300/ucontext.h asm-hexagon/shmparam.h asm-m32r/kvm_para.h asm-m68k/kvm_para.h asm-m68k/shmparam.h asm-metag/kvm_para.h asm-metag/shmparam.h asm-metag/ucontext.h asm-mips/hwcap.h asm-mips/reg.h asm-mips/ucontext.h asm-nios2/kvm_para.h asm-nios2/ucontext.h asm-openrisc/shmparam.h asm-parisc/kvm_para.h asm-powerpc/perf_regs.h asm-sh/kvm_para.h asm-sh/ucontext.h asm-tile/shmparam.h asm-unicore32/shmparam.h asm-unicore32/ucontext.h asm-x86/hwcap2.h asm-xtensa/kvm_para.h drm/armada_drm.h drm/etnaviv_drm.h drm/vgem_drm.h linux/aspeed-lpc-ctrl.h linux/auto_dev-ioctl.h linux/bcache.h linux/btrfs_tree.h linux/can/vxcan.h linux/cifs/cifs_mount.h linux/coresight-stm.h linux/cryptouser.h linux/fsmap.h linux/genwqe/genwqe_card.h linux/hash_info.h linux/kcm.h linux/kcov.h linux/kfd_ioctl.h linux/lightnvm.h linux/module.h linux/nbd-netlink.h linux/nilfs2_api.h linux/nilfs2_ondisk.h linux/nsfs.h linux/pr.h linux/qrtr.h linux/rpmsg.h linux/sched/types.h linux/sed-opal.h linux/smc.h linux/smc_diag.h linux/stm.h linux/switchtec_ioctl.h linux/vfio_ccw.h linux/wil6210_uapi.h rdma/bnxt_re-abi.h Note that I have removed from this list the files which are generated in every exported directories (like .install or .install.cmd). Thanks to Julien Floret <julien.floret@6wind.com> for the tip to get all subdirs with a pure makefile command. For the record, note that exported files for asm directories are a mix of files listed by: - include/uapi/asm-generic/Kbuild.asm; - arch/<arch>/include/uapi/asm/Kbuild; - arch/<arch>/include/asm/Kbuild. Change-Id: I132df74f736b8f35f77390eaa12804e74ef536ee Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch> Acked-by: Russell King <rmk+kernel@armlinux.org.uk> Acked-by: Mark Salter <msalter@redhat.com> Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc) Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Git-Commit: fcc8487d477a3452a1d0ccbdd4c5e0e1e3cb8bed Git-Repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git [bharad@codeaurora.org: resolve trivial merge conflicts] Signed-off-by: Naitik Bharadiya <bharad@codeaurora.org> |
||
|
jianzhou
|
dca3398ea7 |
Merge android-4.9.190 (476e7ea) into msm-4.9
* refs/heads/tmp-476e7ea: Linux 4.9.190 bonding: Add vlan tx offload to hw_enc_features team: Add vlan tx offload to hw_enc_features net/mlx5e: Use flow keys dissector to parse packets for ARFS net/mlx5e: Only support tx/rx pause setting for port owner xen/netback: Reset nr_frags before freeing skb sctp: fix the transport error_count check net/packet: fix race in tpacket_snd() bnx2x: Fix VF's VLAN reconfiguration in reload. iommu/amd: Move iommu_init_pci() to .init section Input: psmouse - fix build error of multiple definition netfilter: conntrack: Use consistent ct id hash calculation arm64: compat: Allow single-byte watchpoints on all addresses bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K asm-generic: fix -Wtype-limits compiler warnings USB: serial: option: Add Motorola modem UARTs USB: serial: option: add the BroadMobi BM818 card USB: serial: option: Add support for ZTE MF871A USB: serial: option: add D-Link DWM-222 device ID USB: CDC: fix sanity checks in CDC union parser usb: cdc-acm: make sure a refcount is taken early enough USB: core: Fix races in character device registration and deregistraion staging: comedi: dt3000: Fix rounding up of timer divisor staging: comedi: dt3000: Fix signed integer overflow 'divider * base' ocfs2: remove set but not used variable 'last_hash' IB/mad: Fix use-after-free in ib mad completion handling IB/core: Add mitigation for Spectre V1 arm64/mm: fix variable 'pud' set but not used arm64/efi: fix variable 'si' set but not used kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules ata: libahci: do not complain in case of deferred probe scsi: hpsa: correct scsi command status issue after reset libata: zpodd: Fix small read overflow in zpodd_get_mech_type() perf header: Fix use of unitialized value warning perf header: Fix divide by zero error if f_header.attr_size==0 irqchip/irq-imx-gpcv2: Forward irq type to parent xen/pciback: remove set but not used variable 'old_state' net: usb: pegasus: fix improper read if get_registers() fail Input: iforce - add sanity checks Input: kbtab - sanity check for endpoint type HID: hiddev: do cleanup in failure of opening a device HID: hiddev: avoid opening a disconnected device HID: holtek: test for sanity of intfdata ALSA: hda - Let all conexant codec enter D3 when rebooting ALSA: hda - Add a generic reboot_notify ALSA: hda - Fix a memory leak bug xtensa: add missing isync to the cpu_reset TLB code netfilter: ctnetlink: don't use conntrack/expect object addresses as id inet: switch IP ID generator to siphash siphash: implement HalfSipHash1-3 for hash tables siphash: add cryptographically secure PRF vhost: scsi: add weight support vhost_net: fix possible infinite loop vhost: introduce vhost_exceeds_weight() vhost_net: introduce vhost_exceeds_weight() vhost_net: use packet weight for rx handler, too vhost-net: set packet weight of tx polling to 2 * vq size bpf: add bpf_jit_limit knob to restrict unpriv allocations bpf: restrict access to core bpf sysctls bpf: get rid of pure_initcall dependency to enable jits mm/memcontrol.c: fix use after free in mem_cgroup_iter() mm/usercopy: use memory range to be accessed for wraparound check sh: kernel: hw_breakpoint: Fix missing break in switch statement scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA iwlwifi: don't unmap as page memory that was mapped as single mwifiex: fix 802.11n/WPA detection smb3: send CAP_DFS capability during session setup SMB3: Fix deadlock in validate negotiate hits reconnect mac80211: don't WARN on short WMM parameters from AP ALSA: hda - Don't override global PCM hw info flag ALSA: firewire: fix a memory leak bug hwmon: (nct7802) Fix wrong detection of in4 presence can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices perf/core: Fix creating kernel counters for PMUs that override event->cpu tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG scsi: ibmvfc: fix WARN_ON during event pool release scsi: megaraid_sas: fix panic on loading firmware crashdump ARM: davinci: fix sleep.S build error on ARMv4 ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() drbd: dynamically allocate shash descriptor perf probe: Avoid calling freeing routine multiple times for same pointer ALSA: compress: Be more restrictive about when a drain is allowed ALSA: compress: Don't allow paritial drain operations on capture streams ALSA: compress: Prevent bypasses of set_params ALSA: compress: Fix regression on compressed capture streams s390/qdio: add sanity checks to the fast-requeue path cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 mac80211: don't warn about CW params when not using them iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND netfilter: nfnetlink: avoid deadlock due to synchronous request_module can: peak_usb: fix potential double kfree_skb() usb: yurex: Fix use-after-free in yurex_delete perf record: Fix module size on s390 perf db-export: Fix thread__exec_comm() perf record: Fix wrong size in perf_record_mmap for last kernel module mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() x86/mm: Sync also unmappings in vmalloc_sync_all() x86/mm: Check for pfn instead of page in vmalloc_sync_one() sound: fix a memory leak bug usb: iowarrior: fix deadlock on disconnect usb: usbfs: fix double-free of usb memory upon submiturb error BACKPORT: arch: add pidfd and io_uring syscalls everywhere ANDROID: arch: add missing pidfd_open definitions for arm32 ANDROID: fix kernelci build-break in lowmemorykiller f2fs: fix build error on android tracepoints ANDROID: Avoid taking multiple locks in handle_lmk_event UPSTREAM: net/ipv6: allow sysctl to change link-local address generation mode ANDROID: fix binder change in merge of 4.9.188 UPSTREAM: pidfd: fix a poll race when setting exit_state BACKPORT: arch: wire-up pidfd_open() BACKPORT: pid: add pidfd_open() UPSTREAM: pidfd: add polling support UPSTREAM: signal: improve comments BACKPORT: fork: do not release lock that wasn't taken BACKPORT: signal: support CLONE_PIDFD with pidfd_send_signal BACKPORT: clone: add CLONE_PIDFD UPSTREAM: Make anon_inodes unconditional UPSTREAM: signal: use fdget() since we don't allow O_PATH UPSTREAM: signal: don't silently convert SI_USER signals to non-current pidfd BACKPORT: signal: add pidfd_send_signal() syscall Conflicts: drivers/staging/android/lowmemorykiller.c include/linux/ipv6.h net/ipv6/addrconf.c sound/core/compress_offload.c Change-Id: I18be309a1a2fd17077b949c7b7113f407a9033a8 Signed-off-by: jianzhou <jianzhou@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
476e7ea6e7 |
Merge 4.9.190 into android-4.9
Changes in 4.9.190 usb: usbfs: fix double-free of usb memory upon submiturb error usb: iowarrior: fix deadlock on disconnect sound: fix a memory leak bug x86/mm: Check for pfn instead of page in vmalloc_sync_one() x86/mm: Sync also unmappings in vmalloc_sync_all() mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() perf record: Fix wrong size in perf_record_mmap for last kernel module perf db-export: Fix thread__exec_comm() perf record: Fix module size on s390 usb: yurex: Fix use-after-free in yurex_delete can: peak_usb: fix potential double kfree_skb() netfilter: nfnetlink: avoid deadlock due to synchronous request_module iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND mac80211: don't warn about CW params when not using them hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() s390/qdio: add sanity checks to the fast-requeue path ALSA: compress: Fix regression on compressed capture streams ALSA: compress: Prevent bypasses of set_params ALSA: compress: Don't allow paritial drain operations on capture streams ALSA: compress: Be more restrictive about when a drain is allowed perf probe: Avoid calling freeing routine multiple times for same pointer drbd: dynamically allocate shash descriptor ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() ARM: davinci: fix sleep.S build error on ARMv4 scsi: megaraid_sas: fix panic on loading firmware crashdump scsi: ibmvfc: fix WARN_ON during event pool release scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop perf/core: Fix creating kernel counters for PMUs that override event->cpu can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices hwmon: (nct7802) Fix wrong detection of in4 presence ALSA: firewire: fix a memory leak bug ALSA: hda - Don't override global PCM hw info flag mac80211: don't WARN on short WMM parameters from AP SMB3: Fix deadlock in validate negotiate hits reconnect smb3: send CAP_DFS capability during session setup mwifiex: fix 802.11n/WPA detection iwlwifi: don't unmap as page memory that was mapped as single scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA sh: kernel: hw_breakpoint: Fix missing break in switch statement mm/usercopy: use memory range to be accessed for wraparound check mm/memcontrol.c: fix use after free in mem_cgroup_iter() bpf: get rid of pure_initcall dependency to enable jits bpf: restrict access to core bpf sysctls bpf: add bpf_jit_limit knob to restrict unpriv allocations vhost-net: set packet weight of tx polling to 2 * vq size vhost_net: use packet weight for rx handler, too vhost_net: introduce vhost_exceeds_weight() vhost: introduce vhost_exceeds_weight() vhost_net: fix possible infinite loop vhost: scsi: add weight support siphash: add cryptographically secure PRF siphash: implement HalfSipHash1-3 for hash tables inet: switch IP ID generator to siphash netfilter: ctnetlink: don't use conntrack/expect object addresses as id xtensa: add missing isync to the cpu_reset TLB code ALSA: hda - Fix a memory leak bug ALSA: hda - Add a generic reboot_notify ALSA: hda - Let all conexant codec enter D3 when rebooting HID: holtek: test for sanity of intfdata HID: hiddev: avoid opening a disconnected device HID: hiddev: do cleanup in failure of opening a device Input: kbtab - sanity check for endpoint type Input: iforce - add sanity checks net: usb: pegasus: fix improper read if get_registers() fail xen/pciback: remove set but not used variable 'old_state' irqchip/irq-imx-gpcv2: Forward irq type to parent perf header: Fix divide by zero error if f_header.attr_size==0 perf header: Fix use of unitialized value warning libata: zpodd: Fix small read overflow in zpodd_get_mech_type() scsi: hpsa: correct scsi command status issue after reset ata: libahci: do not complain in case of deferred probe kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules arm64/efi: fix variable 'si' set but not used arm64/mm: fix variable 'pud' set but not used IB/core: Add mitigation for Spectre V1 IB/mad: Fix use-after-free in ib mad completion handling ocfs2: remove set but not used variable 'last_hash' staging: comedi: dt3000: Fix signed integer overflow 'divider * base' staging: comedi: dt3000: Fix rounding up of timer divisor USB: core: Fix races in character device registration and deregistraion usb: cdc-acm: make sure a refcount is taken early enough USB: CDC: fix sanity checks in CDC union parser USB: serial: option: add D-Link DWM-222 device ID USB: serial: option: Add support for ZTE MF871A USB: serial: option: add the BroadMobi BM818 card USB: serial: option: Add Motorola modem UARTs asm-generic: fix -Wtype-limits compiler warnings bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K arm64: compat: Allow single-byte watchpoints on all addresses netfilter: conntrack: Use consistent ct id hash calculation Input: psmouse - fix build error of multiple definition iommu/amd: Move iommu_init_pci() to .init section bnx2x: Fix VF's VLAN reconfiguration in reload. net/packet: fix race in tpacket_snd() sctp: fix the transport error_count check xen/netback: Reset nr_frags before freeing skb net/mlx5e: Only support tx/rx pause setting for port owner net/mlx5e: Use flow keys dissector to parse packets for ARFS team: Add vlan tx offload to hw_enc_features bonding: Add vlan tx offload to hw_enc_features Linux 4.9.190 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
9595aa8719 |
Merge 4.9.190 into android-4.9-q
Changes in 4.9.190 usb: usbfs: fix double-free of usb memory upon submiturb error usb: iowarrior: fix deadlock on disconnect sound: fix a memory leak bug x86/mm: Check for pfn instead of page in vmalloc_sync_one() x86/mm: Sync also unmappings in vmalloc_sync_all() mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() perf record: Fix wrong size in perf_record_mmap for last kernel module perf db-export: Fix thread__exec_comm() perf record: Fix module size on s390 usb: yurex: Fix use-after-free in yurex_delete can: peak_usb: fix potential double kfree_skb() netfilter: nfnetlink: avoid deadlock due to synchronous request_module iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND mac80211: don't warn about CW params when not using them hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() s390/qdio: add sanity checks to the fast-requeue path ALSA: compress: Fix regression on compressed capture streams ALSA: compress: Prevent bypasses of set_params ALSA: compress: Don't allow paritial drain operations on capture streams ALSA: compress: Be more restrictive about when a drain is allowed perf probe: Avoid calling freeing routine multiple times for same pointer drbd: dynamically allocate shash descriptor ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id() ARM: davinci: fix sleep.S build error on ARMv4 scsi: megaraid_sas: fix panic on loading firmware crashdump scsi: ibmvfc: fix WARN_ON during event pool release scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop perf/core: Fix creating kernel counters for PMUs that override event->cpu can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices hwmon: (nct7802) Fix wrong detection of in4 presence ALSA: firewire: fix a memory leak bug ALSA: hda - Don't override global PCM hw info flag mac80211: don't WARN on short WMM parameters from AP SMB3: Fix deadlock in validate negotiate hits reconnect smb3: send CAP_DFS capability during session setup mwifiex: fix 802.11n/WPA detection iwlwifi: don't unmap as page memory that was mapped as single scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA sh: kernel: hw_breakpoint: Fix missing break in switch statement mm/usercopy: use memory range to be accessed for wraparound check mm/memcontrol.c: fix use after free in mem_cgroup_iter() bpf: get rid of pure_initcall dependency to enable jits bpf: restrict access to core bpf sysctls bpf: add bpf_jit_limit knob to restrict unpriv allocations vhost-net: set packet weight of tx polling to 2 * vq size vhost_net: use packet weight for rx handler, too vhost_net: introduce vhost_exceeds_weight() vhost: introduce vhost_exceeds_weight() vhost_net: fix possible infinite loop vhost: scsi: add weight support siphash: add cryptographically secure PRF siphash: implement HalfSipHash1-3 for hash tables inet: switch IP ID generator to siphash netfilter: ctnetlink: don't use conntrack/expect object addresses as id xtensa: add missing isync to the cpu_reset TLB code ALSA: hda - Fix a memory leak bug ALSA: hda - Add a generic reboot_notify ALSA: hda - Let all conexant codec enter D3 when rebooting HID: holtek: test for sanity of intfdata HID: hiddev: avoid opening a disconnected device HID: hiddev: do cleanup in failure of opening a device Input: kbtab - sanity check for endpoint type Input: iforce - add sanity checks net: usb: pegasus: fix improper read if get_registers() fail xen/pciback: remove set but not used variable 'old_state' irqchip/irq-imx-gpcv2: Forward irq type to parent perf header: Fix divide by zero error if f_header.attr_size==0 perf header: Fix use of unitialized value warning libata: zpodd: Fix small read overflow in zpodd_get_mech_type() scsi: hpsa: correct scsi command status issue after reset ata: libahci: do not complain in case of deferred probe kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules arm64/efi: fix variable 'si' set but not used arm64/mm: fix variable 'pud' set but not used IB/core: Add mitigation for Spectre V1 IB/mad: Fix use-after-free in ib mad completion handling ocfs2: remove set but not used variable 'last_hash' staging: comedi: dt3000: Fix signed integer overflow 'divider * base' staging: comedi: dt3000: Fix rounding up of timer divisor USB: core: Fix races in character device registration and deregistraion usb: cdc-acm: make sure a refcount is taken early enough USB: CDC: fix sanity checks in CDC union parser USB: serial: option: add D-Link DWM-222 device ID USB: serial: option: Add support for ZTE MF871A USB: serial: option: add the BroadMobi BM818 card USB: serial: option: Add Motorola modem UARTs asm-generic: fix -Wtype-limits compiler warnings bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K arm64: compat: Allow single-byte watchpoints on all addresses netfilter: conntrack: Use consistent ct id hash calculation Input: psmouse - fix build error of multiple definition iommu/amd: Move iommu_init_pci() to .init section bnx2x: Fix VF's VLAN reconfiguration in reload. net/packet: fix race in tpacket_snd() sctp: fix the transport error_count check xen/netback: Reset nr_frags before freeing skb net/mlx5e: Only support tx/rx pause setting for port owner net/mlx5e: Use flow keys dissector to parse packets for ARFS team: Add vlan tx offload to hw_enc_features bonding: Add vlan tx offload to hw_enc_features Linux 4.9.190 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Qian Cai
|
912420e525 |
asm-generic: fix -Wtype-limits compiler warnings
[ Upstream commit cbedfe11347fe418621bd188d58a206beb676218 ] Commit |
||
|
jianzhou
|
dd975756e3 |
Merge android-4.9.185 (70d52cb) into msm-4.9
* refs/heads/tmp-70d52cb:
Linux 4.9.185
arm64: kaslr: keep modules inside module region when KASAN is enabled
dmaengine: imx-sdma: remove BD_INTR for channel0
MIPS: Add missing EHB in mtc0 -> mfc0 sequence.
IB/hfi1: Close PSM sdma_progress sleep window
KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC
arm64, vdso: Define vdso_{start,end} as array
tty: rocket: fix incorrect forward declaration of 'rp_init()'
btrfs: Ensure replaced device doesn't have pending chunk allocation
drm/imx: only send event on crtc disable if kept disabled
drm/imx: notify drm core before sending event during crtc disable
lib/mpi: Fix karactx leak in mpi_powm
ALSA: usb-audio: fix sign unintended sign extension on left shifts
ALSA: line6: Fix write on zero-sized buffer
ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
crypto: user - prevent operating on larval algorithms
ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
MIPS: Workaround GCC __builtin_unreachable reordering bug
drm/i915/dmc: protect against reading random memory
KVM: x86: degrade WARN to pr_warn_ratelimited
clk: sunxi: fix uninitialized access
ARC: handle gcc generated __builtin_trap for older compiler
bug.h: work around GCC PR82365 in BUG()
ARC: fix allnoconfig build warning
mfd: omap-usb-tll: Fix register offsets
MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
MIPS: math-emu: do not use bools for arithmetic
mm/mlock.c: change count_mm_mlocked_page_nr return type
scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE
scsi: hpsa: correct ioaccel2 chaining
usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
ASoC: max98090: remove 24-bit format support if RJ is 0
drm/mediatek: fix unbind functions
spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
ASoC: soc-pcm: BE dai needs prepare when pause release after resume
ASoC : cs4265 : readable register too low
Bluetooth: Fix faulty expression for minimum encryption key size check
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
bpf: udp: ipv6: Avoid running reuseport's bpf_prog from __udp6_lib_err
bpf: udp: Avoid calling reuseport's bpf_prog from udp_gro
net: check before dereferencing netdev_ops during busy poll
ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop
bonding: Always enable vlan tx offload
team: Always enable vlan tx offload
tun: wake up waitqueues after IFF_UP is set
tipc: check msg->req data len in tipc_nl_compat_bearer_disable
tipc: change to use register_pernet_device
sctp: change to hold sk after auth shkey is created successfully
net: stmmac: fixed new system time seconds value calculation
af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET
cpu/speculation: Warn on unsupported mitigations= parameter
NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O
x86/speculation: Allow guests to use SSBD even if host does not
scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
fs/binfmt_flat.c: make load_flat_shared_library() work
fs/proc/array.c: allow reporting eip/esp for all coredumping threads
net/9p: include trans_common.h to fix missing prototype warning.
9p: p9dirent_read: check network-provided name length
9p/rdma: remove useless check in cm_event_handler
9p: acl: fix uninitialized iattr access
9p/rdma: do not disconnect on down_interruptible EAGAIN
perf header: Fix unchecked usage of strncpy()
perf help: Remove needless use of strncpy()
perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit set nul
IB/hfi1: Avoid hardlockup with flushlist_lock
mac80211: Do not use stack memory with scatterlist for GMAC
mac80211: drop robust management frames from unknown TA
cfg80211: fix memory leak of wiphy device name
Bluetooth: Fix regression with minimum encryption key size alignment
Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
powerpc/bpf: use unsigned division instruction for 64-bit operations
can: purge socket error queue on sock destruct
can: flexcan: fix timeout when set small bitrate
btrfs: start readahead also in seed devices
nvme: Fix u32 overflow in the number of namespace list calculation
hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
scsi: ufs: Check that space was properly alloced in copy_query_response
scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
drm/arm/hdlcd: Allow a bit of clock tolerance
net: ethernet: mediatek: Use NET_IP_ALIGN to judge if HW RX_2BYTE_OFFSET is enabled
net: ethernet: mediatek: Use hw_feature to judge if HWLRO is supported
sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
net: hns: Fix loopback test failed at copper ports
net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0
MIPS: uprobes: remove set but not used variable 'epc'
IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value
IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
IB/rdmavt: Fix alloc_qpn() WARN_ON()
parisc: Fix compiler warnings in float emulation code
parport: Fix mem leak in parport_register_dev_model
ARC: fix build warnings with !CONFIG_KPROBES
apparmor: enforce nullbyte at end of tag string
Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
IB/hfi1: Silence txreq allocation warnings
usb: chipidea: udc: workaround for endpoint conflict issue
scsi: ufs: Avoid runtime suspend possibly being blocked forever
gcc-9: silence 'address-of-packed-member' warning
tracing: Silence GCC 9 array bounds warning
BACKPORT: kheaders: Do not regenerate archive if config is not changed
BACKPORT: kheaders: Move from proc to sysfs
BACKPORT: Provide in-kernel headers to make extending kernel easier
Change-Id: I2fc2e9b2019708f0febb754efbf2a63e47ad5b81
Signed-off-by: jianzhou <jianzhou@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
39eed54804 |
Merge 4.9.185 into android-4.9-q
Changes in 4.9.185
tracing: Silence GCC 9 array bounds warning
gcc-9: silence 'address-of-packed-member' warning
scsi: ufs: Avoid runtime suspend possibly being blocked forever
usb: chipidea: udc: workaround for endpoint conflict issue
IB/hfi1: Silence txreq allocation warnings
Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
apparmor: enforce nullbyte at end of tag string
ARC: fix build warnings with !CONFIG_KPROBES
parport: Fix mem leak in parport_register_dev_model
parisc: Fix compiler warnings in float emulation code
IB/rdmavt: Fix alloc_qpn() WARN_ON()
IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value
MIPS: uprobes: remove set but not used variable 'epc'
net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0
net: hns: Fix loopback test failed at copper ports
sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
net: ethernet: mediatek: Use hw_feature to judge if HWLRO is supported
net: ethernet: mediatek: Use NET_IP_ALIGN to judge if HW RX_2BYTE_OFFSET is enabled
drm/arm/hdlcd: Allow a bit of clock tolerance
scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
scsi: ufs: Check that space was properly alloced in copy_query_response
s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
nvme: Fix u32 overflow in the number of namespace list calculation
btrfs: start readahead also in seed devices
can: flexcan: fix timeout when set small bitrate
can: purge socket error queue on sock destruct
powerpc/bpf: use unsigned division instruction for 64-bit operations
ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
Bluetooth: Fix regression with minimum encryption key size alignment
cfg80211: fix memory leak of wiphy device name
mac80211: drop robust management frames from unknown TA
mac80211: Do not use stack memory with scatterlist for GMAC
IB/hfi1: Avoid hardlockup with flushlist_lock
perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit set nul
perf help: Remove needless use of strncpy()
perf header: Fix unchecked usage of strncpy()
9p/rdma: do not disconnect on down_interruptible EAGAIN
9p: acl: fix uninitialized iattr access
9p/rdma: remove useless check in cm_event_handler
9p: p9dirent_read: check network-provided name length
net/9p: include trans_common.h to fix missing prototype warning.
fs/proc/array.c: allow reporting eip/esp for all coredumping threads
fs/binfmt_flat.c: make load_flat_shared_library() work
mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
x86/speculation: Allow guests to use SSBD even if host does not
NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O
cpu/speculation: Warn on unsupported mitigations= parameter
af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET
net: stmmac: fixed new system time seconds value calculation
sctp: change to hold sk after auth shkey is created successfully
tipc: change to use register_pernet_device
tipc: check msg->req data len in tipc_nl_compat_bearer_disable
tun: wake up waitqueues after IFF_UP is set
team: Always enable vlan tx offload
bonding: Always enable vlan tx offload
ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop
net: check before dereferencing netdev_ops during busy poll
bpf: udp: Avoid calling reuseport's bpf_prog from udp_gro
bpf: udp: ipv6: Avoid running reuseport's bpf_prog from __udp6_lib_err
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
Bluetooth: Fix faulty expression for minimum encryption key size check
ASoC : cs4265 : readable register too low
ASoC: soc-pcm: BE dai needs prepare when pause release after resume
spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
drm/mediatek: fix unbind functions
ASoC: max98090: remove 24-bit format support if RJ is 0
usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
scsi: hpsa: correct ioaccel2 chaining
scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE
mm/mlock.c: change count_mm_mlocked_page_nr return type
MIPS: math-emu: do not use bools for arithmetic
MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
mfd: omap-usb-tll: Fix register offsets
ARC: fix allnoconfig build warning
bug.h: work around GCC PR82365 in BUG()
ARC: handle gcc generated __builtin_trap for older compiler
clk: sunxi: fix uninitialized access
KVM: x86: degrade WARN to pr_warn_ratelimited
drm/i915/dmc: protect against reading random memory
MIPS: Workaround GCC __builtin_unreachable reordering bug
ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
crypto: user - prevent operating on larval algorithms
ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
ALSA: line6: Fix write on zero-sized buffer
ALSA: usb-audio: fix sign unintended sign extension on left shifts
lib/mpi: Fix karactx leak in mpi_powm
drm/imx: notify drm core before sending event during crtc disable
drm/imx: only send event on crtc disable if kept disabled
btrfs: Ensure replaced device doesn't have pending chunk allocation
tty: rocket: fix incorrect forward declaration of 'rp_init()'
arm64, vdso: Define vdso_{start,end} as array
KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC
IB/hfi1: Close PSM sdma_progress sleep window
MIPS: Add missing EHB in mtc0 -> mfc0 sequence.
dmaengine: imx-sdma: remove BD_INTR for channel0
arm64: kaslr: keep modules inside module region when KASAN is enabled
Linux 4.9.185
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
70d52cb2bb |
Merge 4.9.185 into android-4.9
Changes in 4.9.185
tracing: Silence GCC 9 array bounds warning
gcc-9: silence 'address-of-packed-member' warning
scsi: ufs: Avoid runtime suspend possibly being blocked forever
usb: chipidea: udc: workaround for endpoint conflict issue
IB/hfi1: Silence txreq allocation warnings
Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
apparmor: enforce nullbyte at end of tag string
ARC: fix build warnings with !CONFIG_KPROBES
parport: Fix mem leak in parport_register_dev_model
parisc: Fix compiler warnings in float emulation code
IB/rdmavt: Fix alloc_qpn() WARN_ON()
IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value
MIPS: uprobes: remove set but not used variable 'epc'
net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0
net: hns: Fix loopback test failed at copper ports
sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
net: ethernet: mediatek: Use hw_feature to judge if HWLRO is supported
net: ethernet: mediatek: Use NET_IP_ALIGN to judge if HW RX_2BYTE_OFFSET is enabled
drm/arm/hdlcd: Allow a bit of clock tolerance
scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
scsi: ufs: Check that space was properly alloced in copy_query_response
s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
nvme: Fix u32 overflow in the number of namespace list calculation
btrfs: start readahead also in seed devices
can: flexcan: fix timeout when set small bitrate
can: purge socket error queue on sock destruct
powerpc/bpf: use unsigned division instruction for 64-bit operations
ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
Bluetooth: Fix regression with minimum encryption key size alignment
cfg80211: fix memory leak of wiphy device name
mac80211: drop robust management frames from unknown TA
mac80211: Do not use stack memory with scatterlist for GMAC
IB/hfi1: Avoid hardlockup with flushlist_lock
perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit set nul
perf help: Remove needless use of strncpy()
perf header: Fix unchecked usage of strncpy()
9p/rdma: do not disconnect on down_interruptible EAGAIN
9p: acl: fix uninitialized iattr access
9p/rdma: remove useless check in cm_event_handler
9p: p9dirent_read: check network-provided name length
net/9p: include trans_common.h to fix missing prototype warning.
fs/proc/array.c: allow reporting eip/esp for all coredumping threads
fs/binfmt_flat.c: make load_flat_shared_library() work
mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
x86/speculation: Allow guests to use SSBD even if host does not
NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O
cpu/speculation: Warn on unsupported mitigations= parameter
af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET
net: stmmac: fixed new system time seconds value calculation
sctp: change to hold sk after auth shkey is created successfully
tipc: change to use register_pernet_device
tipc: check msg->req data len in tipc_nl_compat_bearer_disable
tun: wake up waitqueues after IFF_UP is set
team: Always enable vlan tx offload
bonding: Always enable vlan tx offload
ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop
net: check before dereferencing netdev_ops during busy poll
bpf: udp: Avoid calling reuseport's bpf_prog from udp_gro
bpf: udp: ipv6: Avoid running reuseport's bpf_prog from __udp6_lib_err
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
Bluetooth: Fix faulty expression for minimum encryption key size check
ASoC : cs4265 : readable register too low
ASoC: soc-pcm: BE dai needs prepare when pause release after resume
spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
drm/mediatek: fix unbind functions
ASoC: max98090: remove 24-bit format support if RJ is 0
usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
scsi: hpsa: correct ioaccel2 chaining
scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE
mm/mlock.c: change count_mm_mlocked_page_nr return type
MIPS: math-emu: do not use bools for arithmetic
MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
mfd: omap-usb-tll: Fix register offsets
ARC: fix allnoconfig build warning
bug.h: work around GCC PR82365 in BUG()
ARC: handle gcc generated __builtin_trap for older compiler
clk: sunxi: fix uninitialized access
KVM: x86: degrade WARN to pr_warn_ratelimited
drm/i915/dmc: protect against reading random memory
MIPS: Workaround GCC __builtin_unreachable reordering bug
ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
crypto: user - prevent operating on larval algorithms
ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
ALSA: line6: Fix write on zero-sized buffer
ALSA: usb-audio: fix sign unintended sign extension on left shifts
lib/mpi: Fix karactx leak in mpi_powm
drm/imx: notify drm core before sending event during crtc disable
drm/imx: only send event on crtc disable if kept disabled
btrfs: Ensure replaced device doesn't have pending chunk allocation
tty: rocket: fix incorrect forward declaration of 'rp_init()'
arm64, vdso: Define vdso_{start,end} as array
KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC
IB/hfi1: Close PSM sdma_progress sleep window
MIPS: Add missing EHB in mtc0 -> mfc0 sequence.
dmaengine: imx-sdma: remove BD_INTR for channel0
arm64: kaslr: keep modules inside module region when KASAN is enabled
Linux 4.9.185
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Arnd Bergmann
|
074d0aaec0 |
bug.h: work around GCC PR82365 in BUG()
[ Upstream commit 173a3efd3edb2ef6ef07471397c5f542a360e9c1 ] Looking at functions with large stack frames across all architectures led me discovering that BUG() suffers from the same problem as fortify_panic(), which I've added a workaround for already. In short, variables that go out of scope by calling a noreturn function or __builtin_unreachable() keep using stack space in functions afterwards. A workaround that was identified is to insert an empty assembler statement just before calling the function that doesn't return. I'm adding a macro "barrier_before_unreachable()" to document this, and insert calls to that in all instances of BUG() that currently suffer from this problem. The files that saw the largest change from this had these frame sizes before, and much less with my patch: fs/ext4/inode.c:82:1: warning: the frame size of 1672 bytes is larger than 800 bytes [-Wframe-larger-than=] fs/ext4/namei.c:434:1: warning: the frame size of 904 bytes is larger than 800 bytes [-Wframe-larger-than=] fs/ext4/super.c:2279:1: warning: the frame size of 1160 bytes is larger than 800 bytes [-Wframe-larger-than=] fs/ext4/xattr.c:146:1: warning: the frame size of 1168 bytes is larger than 800 bytes [-Wframe-larger-than=] fs/f2fs/inode.c:152:1: warning: the frame size of 1424 bytes is larger than 800 bytes [-Wframe-larger-than=] net/netfilter/ipvs/ip_vs_core.c:1195:1: warning: the frame size of 1068 bytes is larger than 800 bytes [-Wframe-larger-than=] net/netfilter/ipvs/ip_vs_core.c:395:1: warning: the frame size of 1084 bytes is larger than 800 bytes [-Wframe-larger-than=] net/netfilter/ipvs/ip_vs_ftp.c:298:1: warning: the frame size of 928 bytes is larger than 800 bytes [-Wframe-larger-than=] net/netfilter/ipvs/ip_vs_ftp.c:418:1: warning: the frame size of 908 bytes is larger than 800 bytes [-Wframe-larger-than=] net/netfilter/ipvs/ip_vs_lblcr.c:718:1: warning: the frame size of 960 bytes is larger than 800 bytes [-Wframe-larger-than=] drivers/net/xen-netback/netback.c:1500:1: warning: the frame size of 1088 bytes is larger than 800 bytes [-Wframe-larger-than=] In case of ARC and CRIS, it turns out that the BUG() implementation actually does return (or at least the compiler thinks it does), resulting in lots of warnings about uninitialized variable use and leaving noreturn functions, such as: block/cfq-iosched.c: In function 'cfq_async_queue_prio': block/cfq-iosched.c:3804:1: error: control reaches end of non-void function [-Werror=return-type] include/linux/dmaengine.h: In function 'dma_maxpq': include/linux/dmaengine.h:1123:1: error: control reaches end of non-void function [-Werror=return-type] This makes them call __builtin_trap() instead, which should normally dump the stack and kill the current process, like some of the other architectures already do. I tried adding barrier_before_unreachable() to panic() and fortify_panic() as well, but that had very little effect, so I'm not submitting that patch. Vineet said: : For ARC, it is double win. : : 1. Fixes 3 -Wreturn-type warnings : : | ../net/core/ethtool.c:311:1: warning: control reaches end of non-void function : [-Wreturn-type] : | ../kernel/sched/core.c:3246:1: warning: control reaches end of non-void function : [-Wreturn-type] : | ../include/linux/sunrpc/svc_xprt.h:180:1: warning: control reaches end of : non-void function [-Wreturn-type] : : 2. bloat-o-meter reports code size improvements as gcc elides the : generated code for stack return. Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82365 Link: http://lkml.kernel.org/r/20171219114112.939391-1-arnd@arndb.de Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Vineet Gupta <vgupta@synopsys.com> [arch/arc] Tested-by: Vineet Gupta <vgupta@synopsys.com> [arch/arc] Cc: Mikael Starvik <starvik@axis.com> Cc: Jesper Nilsson <jesper.nilsson@axis.com> Cc: Tony Luck <tony.luck@intel.com> Cc: Fenghua Yu <fenghua.yu@intel.com> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Christopher Li <sparse@chrisli.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Kees Cook <keescook@chromium.org> Cc: Ingo Molnar <mingo@kernel.org> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Will Deacon <will.deacon@arm.com> Cc: "Steven Rostedt (VMware)" <rostedt@goodmis.org> Cc: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> [removed cris chunks - gregkh] Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
jianzhou
|
2f8eb1ca38 |
Merge android-4.9.155 (32e6695) into msm-4.9
* refs/heads/tmp-32e6695:
Linux 4.9.155
fanotify: fix handling of events on child sub-directory
fs: don't scan the inode cache before SB_BORN is set
drivers: core: Remove glue dirs from sysfs earlier
cifs: Always resolve hostname before reconnecting
mm: migrate: don't rely on __PageMovable() of newpage after unlocking it
mm: hwpoison: use do_send_sig_info() instead of force_sig()
mm, oom: fix use-after-free in oom_kill_process
kernel/exit.c: release ptraced tasks before zap_pid_ns_processes
mmc: sdhci-iproc: handle mmc_of_parse() errors during probe
platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes
platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK
gfs2: Revert "Fix loop in gfs2_rbm_find"
arm64: hibernate: Clean the __hyp_text to PoC after resume
arm64: hyp-stub: Forbid kprobing of the hyp-stub
arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment
fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb()
CIFS: Do not count -ENODATA as failure for query directory
ipvlan, l3mdev: fix broken l3s mode wrt local routes
l2tp: fix reading optional fields of L2TPv3
l2tp: remove l2specific_len dependency in l2tp_core
net/mlx5e: Allow MAC invalidation while spoofchk is ON
ucc_geth: Reset BQL queue when stopping device
net/rose: fix NULL ax25_cb kernel panic
netrom: switch to sock timer API
net/mlx4_core: Add masking for a few queries on HCA caps
l2tp: copy 4 more bytes to linear part if necessary
ipv6: Consider sk_bound_dev_if when binding a socket to an address
fs: add the fsnotify call to vfs_iter_write
Fix "net: ipv4: do not handle duplicate fragments as overlapping"
BACKPORT: net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP
UPSTREAM: binder: filter out nodes when showing binder procs
UPSTREAM: xfrm: Make set-mark default behavior backward compatible
ANDROID: cuttlefish_defconfig: Enable CONFIG_RTC_HCTOSYS
ANDROID: zram: fix incorrect assignment for access time
UPSTREAM: zram: idle writeback fixes and cleanup
UPSTREAM: zram: writeback throttle
UPSTREAM: zram: add bd_stat statistics
BACKPORT: zram: support idle/huge page writeback
UPSTREAM: zram: introduce ZRAM_IDLE flag
BACKPORT: zram: refactor flags and writeback stuff
UPSTREAM: zram: fix double free backing device
UPSTREAM: zram: fix lockdep warning of free block handling
Linux 4.9.154
btrfs: dev-replace: go back to suspended state if target device is missing
btrfs: fix error handling in btrfs_dev_replace_start
f2fs: read page index before freeing
nvmet-rdma: fix null dereference under heavy load
nvmet-rdma: Add unlikely for response allocated check
s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU
irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size
perf unwind: Take pgoff into account when reporting elf to libdwfl
perf unwind: Unwind with libdw doesn't take symfs into account
vt: invoke notifier on screen size change
can: bcm: check timer values before ktime conversion
can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it
x86/kaslr: Fix incorrect i8254 outb() parameters
x86/selftests/pkeys: Fork() to check for state being preserved
KVM: x86: Fix single-step debugging
dm thin: fix passdown_double_checking_shared_status()
acpi/nfit: Fix command-supported detection
acpi/nfit: Block function zero DSMs
Input: uinput - fix undefined behavior in uinput_validate_absinfo()
compiler.h: enable builtin overflow checkers and add fallback code
Input: xpad - add support for SteelSeries Stratus Duo
CIFS: Fix possible hang during async MTU reads and writes
tty/n_hdlc: fix __might_sleep warning
uart: Fix crash in uart_write and uart_put_char
tty: Handle problem if line discipline does not have receive_buf
staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1
char/mwave: fix potential Spectre v1 vulnerability
s390/smp: fix CPU hotplug deadlock with CPU rescan
s390/early: improve machine detection
ARC: perf: map generic branches to correct hardware condition
ARCv2: lib: memeset: fix doing prefetchw outside of buffer
ASoC: rt5514-spi: Fix potential NULL pointer dereference
ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages
USB: serial: pl2303: add new PID to support PL2303TB
USB: serial: simple: add Motorola Tetra TPG2200 device id
ipfrag: really prevent allocation on netns exit
net_sched: refetch skb protocol for each filter
net: ipv4: Fix memory leak in network namespace dismantle
vhost: log dirty page correctly
openvswitch: Avoid OOB read when parsing flow nlattrs
net: Fix usage of pskb_trim_rcsum
net: bridge: Fix ethernet header pointer before check skb forwardable
Linux 4.9.153
locking/qspinlock: Pull in asm/byteorder.h to ensure correct endianness
ipmi:ssif: Fix handling of multi-part return messages
mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
mm/page-writeback.c: don't break integrity writeback on ->writepage() error
ocfs2: fix panic due to unrecovered local alloc
scsi: megaraid: fix out-of-bound array accesses
scsi: smartpqi: correct lun reset issues
sysfs: Disable lockdep for driver bind/unbind files
ALSA: bebob: fix model-id of unit for Apogee Ensemble
dm snapshot: Fix excessive memory usage and workqueue stalls
tools lib subcmd: Don't add the kernel sources to the include path
dm kcopyd: Fix bug causing workqueue stalls
perf parse-events: Fix unchecked usage of strncpy()
perf svghelper: Fix unchecked usage of strncpy()
perf intel-pt: Fix error with config term "pt=0"
tty/serial: do not free trasnmit buffer page under port lock
mmc: atmel-mci: do not assume idle after atmci_request_end
kconfig: fix memory leak when EOF is encountered in quotation
kconfig: fix file name and line number of warn_ignored_character()
clk: imx6q: reset exclusive gates on init
scsi: target: use consistent left-aligned ASCII INQUIRY data
net: call sk_dst_reset when set SO_DONTROUTE
media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
powerpc/pseries/cpuidle: Fix preempt warning
powerpc/xmon: Fix invocation inside lock region
pstore/ram: Do not treat empty buffers as valid
jffs2: Fix use of uninitialized delayed_work, lockdep breakage
rxe: IB_WR_REG_MR does not capture MR's iova field
selinux: always allow mounting submounts
arm64: perf: set suppress_bind_attrs flag to true
MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
ALSA: oxfw: add support for APOGEE duet FireWire
serial: set suppress_bind_attrs flag only if builtin
writeback: don't decrement wb->refcnt if !wb->bdi
e1000e: allow non-monotonic SYSTIM readings
platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey
ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
r8169: Add support for new Realtek Ethernet
ANDROID: cfi: fix shadow rebasing
UPSTREAM: dm: do not allow readahead to limit IO size
UPSTREAM: readahead: stricter check for bdi io_pages
UPSTREAM: mm: don't cap request size based on read-ahead setting
Revert "UPSTREAM: dm: do not allow readahead to limit IO size"
UPSTREAM: dm: do not allow readahead to limit IO size
UPSTREAM: ppp: Move PFC decompression to PPP generic layer
UPSTREAM: l2tp: Add protocol field decompression
BACKPORT: l2tp: remove ->recv_payload_hook
Change-Id: Ied9b99c5d4cec558b44c3cb720257458d7e3f40e
Signed-off-by: jianzhou <jianzhou@codeaurora.org>
|
||
|
jianzhou
|
b62aeea0ec |
Merge android-4.9.149 (ed0b11d) into msm-4.9
* refs/heads/tmp-ed0b11d:
Linux 4.9.149
spi: bcm2835: Unbreak the build of esoteric configs
tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x
rtc: m41t80: Correct alarm month range with RTC reads
arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1
x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested
CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
MIPS: OCTEON: mark RGMII interface disabled on OCTEON III
MIPS: Align kernel load address to 64KB
MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
media: v4l2-tpg: array index could become negative
media: vivid: free bitmap_cap when updating std/timings/etc.
serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly
f2fs: fix validation of the block count in sanity_check_raw_super
cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
clk: rockchip: fix typo in rk3188 spdif_frac parent
spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
spi: bcm2835: Fix book-keeping of DMA termination
spi: bcm2835: Fix race on DMA termination
ext4: force inode writes when nfsd calls commit_metadata()
ext4: include terminating u32 in size of xattr entries when expanding inodes
ext4: fix EXT4_IOC_GROUP_ADD ioctl
ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
ext4: fix possible use after free in ext4_quota_enable
perf pmu: Suppress potential format-truncation warning
platform-msi: Free descriptors in platform_msi_domain_free()
KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID
staging: wilc1000: fix missing read_write setting when reading data
usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()
USB: serial: option: add Fibocom NL678 series
USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
ALSA: hda/tegra: clear pending irq handlers
ALSA: hda: add mute LED support for HP EliteBook 840 G4
mtd: atmel-quadspi: disallow building on ebsa110
ALSA: emux: Fix potential Spectre v1 vulnerabilities
ALSA: pcm: Fix potential Spectre v1 vulnerability
ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
ALSA: rme9652: Fix potential Spectre v1 vulnerability
ptr_ring: wrap back ->producer in __ptr_ring_swap_queue()
sock: Make sock->sk_stamp thread-safe
net/mlx5: Typo fix in del_sw_hw_rule
net/mlx5e: Remove the false indication of software timestamping support
gro_cell: add napi_disable in gro_cells_destroy
tipc: compare remote and local protocols in tipc_udp_enable()
tipc: use lock_sock() in tipc_sk_reinit()
xen/netfront: tolerate frags with no data
VSOCK: Send reset control packet when socket is partially bound
vhost: make sure used idx is seen before log in vhost_add_used_n()
tipc: fix a double kfree_skb()
sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
packet: validate address length if non-zero
packet: validate address length
net/wan: fix a double free in x25_asy_open_tty()
netrom: fix locking in nr_find_socket()
net: phy: Fix the issue that netif always links up after resuming
net: ipv4: do not handle duplicate fragments as overlapping
isdn: fix kernel-infoleak in capi_unlocked_ioctl
ipv6: tunnels: fix two use-after-free
ipv6: explicitly initialize udp6_addr in udp_sock_create6()
ieee802154: lowpan_header_create check must check daddr
ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
ax25: fix a use-after-free in ax25_fillin_cb()
ipv4: Fix potential Spectre v1 vulnerability
ip6mr: Fix potential Spectre v1 vulnerability
NFC: nxp-nci: Include unaligned.h instead of access_ok.h
UPSTREAM: mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range()
BACKPORT: fs/proc/task_mmu.c: fix Locked field in /proc/pid/smaps*
BACKPORT: mm: add /proc/pid/smaps_rollup
ANDROID: cuttlefish_defconfig: Enable VIRTIO_INPUT
Linux 4.9.148
drm/ioctl: Fix Spectre v1 vulnerabilities
proc/sysctl: don't return ENOMEM on lookup when a table is unregistering
panic: avoid deadlocks in re-entrant console drivers
ubifs: Handle re-linking of inodes correctly while recovery
x86/fpu: Disable bottom halves while loading FPU registers
x86/mtrr: Don't copy uninitialized gentry fields back to userspace
Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
mmc: omap_hsmmc: fix DMA API warning
mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl
mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support
mmc: core: Reset HPI enabled state during re-init and in case of errors
USB: serial: option: add Telit LN940 series
USB: serial: option: add Fibocom NL668 series
USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
USB: serial: option: add HP lt4132
USB: serial: option: add GosunCn ZTE WeLink ME3630
xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
ib_srpt: Fix a use-after-free in __srpt_close_all_ch()
block: fix infinite loop if the device loses discard capability
block: break discard submissions into the user defined size
Linux 4.9.147
rtc: snvs: Add timeouts to avoid kernel lockups
rtc: snvs: add a missing write sync
nvmet-rdma: fix response use after free
i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node
i2c: axxia: properly handle master timeout
vhost/vsock: fix reset orphans race with close timeout
cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)
drm/ast: Fix connector leak during driver unload
ethernet: fman: fix wrong of_node_put() in probe function
ARM: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart
ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling
bpf: check pending signals while verifying programs
net/mlx4_en: Fix build break when CONFIG_INET is off
mv88e6060: disable hardware level MAC learning
libata: whitelist all SAMSUNG MZ7KM* solid-state disks
Input: omap-keypad - fix keyboard debounce configuration
clk: mmp: Off by one in mmp_clk_add()
clk: mvebu: Off by one bugs in cp110_of_clk_get()
ide: pmac: add of_node_put()
drivers/tty: add missing of_node_put()
drivers/sbus/char: add of_node_put()
sbus: char: add of_node_put()
SUNRPC: Fix a potential race in xprt_connect()
nfs: don't dirty kernel pages read by direct-io
bonding: fix 802.3ad state sent to partner when unbinding slave
ARC: io.h: Implement reads{x}()/writes{x}()
drm/msm: Grab a vblank reference when waiting for commit_done
x86/earlyprintk/efi: Fix infinite loop on some screen widths
scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload
scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset
mac80211_hwsim: fix module init error paths for netlink
locking/qspinlock: Fix build for anonymous union in older GCC compilers
locking/qspinlock, x86: Provide liveness guarantee
locking/qspinlock/x86: Increase _Q_PENDING_LOOPS upper bound
locking/qspinlock: Re-order code
locking/qspinlock: Kill cmpxchg() loop when claiming lock from head of queue
locking/qspinlock: Remove duplicate clear_pending() function from PV code
locking/qspinlock: Remove unbounded cmpxchg() loop from locking slowpath
locking/qspinlock: Merge 'struct __qspinlock' into 'struct qspinlock'
locking/qspinlock: Bound spinning on pending->locked transition in slowpath
locking/qspinlock: Ensure node is initialised before updating prev->next
locking: Remove smp_read_barrier_depends() from queued_spin_lock_slowpath()
IB/hfi1: Remove race conditions in user_sdma send path
mac80211: Fix condition validating WMM IE
mac80211: don't WARN on bad WMM parameters from buggy APs
drm/i915/execlists: Apply a full mb before execution for Braswell
Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec"
powerpc/msi: Fix NULL pointer access in teardown code
tracing: Fix memory leak of instance function hash filters
tracing: Fix memory leak in set_trigger_filter()
ARM: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt
MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310
aio: fix spectre gadget in lookup_ioctx
pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11
timer/debug: Change /proc/timer_list from 0444 to 0400
lib/interval_tree_test.c: allow users to limit scope of endpoint
lib/rbtree-test: lower default params
lib/rbtree_test.c: make input module parameters
lib/interval_tree_test.c: allow full tree search
lib/interval_tree_test.c: make test options module parameters
signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
ANDROID: Revert fs/squashfs back to linux-4.9.y
BACKPORT, FROMGIT: dm verity: log the hash algorithm implementation
BACKPORT, FROMGIT: dm crypt: log the encryption algorithm implementation
Linux 4.9.146
staging: speakup: Replace strncpy with memcpy
pstore: Convert console write to use ->write_buf
ocfs2: fix potential use after free
debugobjects: avoid recursive calls with kmemleak
hfsplus: do not free node before using
hfs: do not free node before using
ocfs2: fix deadlock caused by ocfs2_defrag_extent()
fscache, cachefiles: remove redundant variable 'cache'
fscache: fix race between enablement and dropping of object
xen: xlate_mmu: add missing header to fix 'W=1' warning
drm/ast: fixed reading monitor EDID not stable issue
net: hisilicon: remove unexpected free_netdev
ixgbe: recognize 1000BaseLX SFP modules as 1Gbps
igb: fix uninitialized variables
cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active
net: thunderx: fix NULL pointer dereference in nic_remove
x86/kvm/vmx: fix old-style function declaration
KVM: x86: fix empty-body warnings
USB: omap_udc: fix USB gadget functionality on Palm Tungsten E
USB: omap_udc: fix omap_udc_start() on 15xx machines
USB: omap_udc: fix crashes on probe error and module removal
USB: omap_udc: use devm_request_irq()
ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf
bpf: fix check of allowed specifiers in bpf_trace_printk
exportfs: do not read dentry after free
ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE
ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE
RDMA/mlx5: Fix fence type for IB_WR_LOCAL_INV WR
Btrfs: send, fix infinite loop due to directory rename dependencies
objtool: Fix segfault in .cold detection with -ffunction-sections
objtool: Fix double-free in .cold detection error path
hwmon: (w83795) temp4_type has writable permission
ASoC: dapm: Recalculate audio map forcely when card instantiated
ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing
hwmon: (ina2xx) Fix current value calculation
s390/cpum_cf: Reject request for sampling in event initialization
selftests: add script to stress-test nft packet path vs. control plane
sysv: return 'err' instead of 0 in __sysv_write_inode
ARM: OMAP1: ams-delta: Fix possible use of uninitialized field
ARM: dts: logicpd-somlv: Fix interrupt on mmc3_dat1
ARM: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup
neighbour: Avoid writing before skb->head in neigh_hh_output()
tun: forbid iface creation with rtnl ops
tcp: fix NULL ref in tail loss probe
rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices
net: Prevent invalid access to skb->prev in __qdisc_drop_all
net: phy: don't allow __set_phy_supported to add unsupported modes
net/mlx4_core: Correctly set PFC param if global pause is turned off.
net: 8139cp: fix a BUG triggered by changing mtu with network traffic
ipv6: Check available headroom in ip6_xmit() even without options
Makefile: Properly resolve conflict from 4.9.145
ANDROID: cuttlefish_defconfig: Enable CONFIG_CRYPTO_ADIANTUM
UPSTREAM: dm crypt: don't decrease device limits
BACKPORT: dm crypt: allow unaligned bv_offset
BACKPORT: dm crypt: reject sector_size feature if device length is not aligned to it
BACKPORT: dm crypt: use shifts instead of sector_div
BACKPORT: dm crypt: optionally support larger encryption sector size
BACKPORT, FROMGIT: fscrypt: add Adiantum support
BACKPORT, FROMGIT: crypto: adiantum - add Adiantum support
FROMGIT: crypto: arm/nhpoly1305 - add NEON-accelerated NHPoly1305
BACKPORT, FROMGIT: crypto: nhpoly1305 - add NHPoly1305 support
FROMGIT: crypto: poly1305 - add Poly1305 core API
FROMGIT: crypto: poly1305 - use structures for key and accumulator
BACKPORT, FROMGIT: crypto: arm/chacha - add XChaCha12 support
BACKPORT, FROMGIT: crypto: arm/chacha20 - refactor to allow varying number of rounds
BACKPORT, FROMGIT: crypto: arm/chacha20 - add XChaCha20 support
BACKPORT, FROMGIT: crypto: arm/chacha20 - limit the preemption-disabled section
BACKPORT, FROMGIT: crypto: chacha - add XChaCha12 support
BACKPORT, FROMGIT: crypto: chacha20-generic - refactor to allow varying number of rounds
BACKPORT, FROMGIT: crypto: chacha20-generic - add XChaCha20 support
FROMGIT: crypto: chacha20-generic - add HChaCha20 library function
FROMGIT: crypto: arm/aes - add some hardening against cache-timing attacks
UPSTREAM: crypto: arm/aes-cipher - move S-box to .rodata section
UPSTREAM: crypto: arm/aes - avoid expanded lookup tables in the final round
UPSTREAM: crypto: arm/aes - avoid reserved 'tt' mnemonic in asm code
BACKPORT: crypto: arm/aes - replace scalar AES cipher
UPSTREAM: crypto: poly1305 - use unaligned access macros to output digest
UPSTREAM: crypto: poly1305 - Use unaligned access where required
UPSTREAM: crypto: arm/chacha20 - faster 8-bit rotations and other optimizations
UPSTREAM: crypto: arm/chacha20 - always use vrev for 16-bit rotates
BACKPORT: crypto: arm/chacha20 - implement NEON version based on SSE3 code
BACKPORT: crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
UPSTREAM: crypto: chacha20 - use rol32() macro from bitops.h
BACKPORT: crypto: chacha20 - Fix keystream alignment for chacha20_block()
UPSTREAM: crypto: chacha20 - Use unaligned access macros when loading key and IV
UPSTREAM: crypto: chacha20 - Fix unaligned access when loading constants
UPSTREAM: crypto: testmgr - fix overlap in chunked tests again
UPSTREAM: crypto: testmgr - avoid overlap in chunked tests
ANDROID: cuttlefish_defconfig: Enable VIRT_WIFI
FROMGIT, BACKPORT: mac80211-next: rtnetlink wifi simulation device
ANDROID: cuttlefish_defconfig: Enable CONFIG_ARM64_LSE_ATOMICS
ANDROID: Move from clang r328903 to r346389b.
ANDROID: arm64 defconfig / build config for cuttlefish
Conflicts:
drivers/char/random.c
drivers/md/dm-crypt.c
drivers/mmc/core/mmc.c
drivers/net/wireless/Kconfig
drivers/net/wireless/Makefile
fs/crypto/fscrypt_private.h
fs/crypto/keyinfo.c
include/uapi/linux/fs.h
Change-Id: I3f7617ac7ab346b0650757e25ef3e7daf4d97a1e
Signed-off-by: jianzhou <jianzhou@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
fe0eb27ac6 |
Merge 4.9.153 into android-4.9
Changes in 4.9.153
r8169: Add support for new Realtek Ethernet
ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey
e1000e: allow non-monotonic SYSTIM readings
writeback: don't decrement wb->refcnt if !wb->bdi
serial: set suppress_bind_attrs flag only if builtin
ALSA: oxfw: add support for APOGEE duet FireWire
MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
arm64: perf: set suppress_bind_attrs flag to true
selinux: always allow mounting submounts
rxe: IB_WR_REG_MR does not capture MR's iova field
jffs2: Fix use of uninitialized delayed_work, lockdep breakage
pstore/ram: Do not treat empty buffers as valid
powerpc/xmon: Fix invocation inside lock region
powerpc/pseries/cpuidle: Fix preempt warning
media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
net: call sk_dst_reset when set SO_DONTROUTE
scsi: target: use consistent left-aligned ASCII INQUIRY data
clk: imx6q: reset exclusive gates on init
kconfig: fix file name and line number of warn_ignored_character()
kconfig: fix memory leak when EOF is encountered in quotation
mmc: atmel-mci: do not assume idle after atmci_request_end
tty/serial: do not free trasnmit buffer page under port lock
perf intel-pt: Fix error with config term "pt=0"
perf svghelper: Fix unchecked usage of strncpy()
perf parse-events: Fix unchecked usage of strncpy()
dm kcopyd: Fix bug causing workqueue stalls
tools lib subcmd: Don't add the kernel sources to the include path
dm snapshot: Fix excessive memory usage and workqueue stalls
ALSA: bebob: fix model-id of unit for Apogee Ensemble
sysfs: Disable lockdep for driver bind/unbind files
scsi: smartpqi: correct lun reset issues
scsi: megaraid: fix out-of-bound array accesses
ocfs2: fix panic due to unrecovered local alloc
mm/page-writeback.c: don't break integrity writeback on ->writepage() error
mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
ipmi:ssif: Fix handling of multi-part return messages
locking/qspinlock: Pull in asm/byteorder.h to ensure correct endianness
Linux 4.9.153
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Dave Airlie
|
4b527f25a4 |
locking/qspinlock: Pull in asm/byteorder.h to ensure correct endianness
This commit is not required upstream, but is required for the 4.9.y
stable series.
Upstream commit 101110f6271c ("Kbuild: always define endianess in
kconfig.h") ensures that either __LITTLE_ENDIAN or __BIG_ENDIAN is
defined to reflect the endianness of the target CPU architecture
regardless of whether or not <asm/byteorder.h> has been #included. The
upstream definition of 'struct qspinlock' relies on this property.
Unfortunately, the 4.9.y stable series does not provide this guarantee,
so the 'spin_unlock()' routine can erroneously treat the underlying
lockword as big-endian on little-endian architectures using native
qspinlock (i.e. x86_64 without PV) if the caller has not included
<asm/byteorder.h>. This can lead to hangs such as the one in
'i915_gem_request()' reported via bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=202063
Fix the issue by ensuring that <asm/byteorder.h> is #included in
<asm/qspinlock_types.h>, where 'struct qspinlock' is defined.
Cc: <stable@vger.kernel.org> # 4.9
Signed-off-by: Dave Airlie <airlied@redhat.com>
[will: wrote commit message]
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
a2f9236e81 |
Merge 4.9.147 into android-4.9
Changes in 4.9.147
signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
lib/interval_tree_test.c: make test options module parameters
lib/interval_tree_test.c: allow full tree search
lib/rbtree_test.c: make input module parameters
lib/rbtree-test: lower default params
lib/interval_tree_test.c: allow users to limit scope of endpoint
timer/debug: Change /proc/timer_list from 0444 to 0400
pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11
aio: fix spectre gadget in lookup_ioctx
MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310
ARM: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt
tracing: Fix memory leak in set_trigger_filter()
tracing: Fix memory leak of instance function hash filters
powerpc/msi: Fix NULL pointer access in teardown code
Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec"
drm/i915/execlists: Apply a full mb before execution for Braswell
mac80211: don't WARN on bad WMM parameters from buggy APs
mac80211: Fix condition validating WMM IE
IB/hfi1: Remove race conditions in user_sdma send path
locking: Remove smp_read_barrier_depends() from queued_spin_lock_slowpath()
locking/qspinlock: Ensure node is initialised before updating prev->next
locking/qspinlock: Bound spinning on pending->locked transition in slowpath
locking/qspinlock: Merge 'struct __qspinlock' into 'struct qspinlock'
locking/qspinlock: Remove unbounded cmpxchg() loop from locking slowpath
locking/qspinlock: Remove duplicate clear_pending() function from PV code
locking/qspinlock: Kill cmpxchg() loop when claiming lock from head of queue
locking/qspinlock: Re-order code
locking/qspinlock/x86: Increase _Q_PENDING_LOOPS upper bound
locking/qspinlock, x86: Provide liveness guarantee
locking/qspinlock: Fix build for anonymous union in older GCC compilers
mac80211_hwsim: fix module init error paths for netlink
scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset
scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload
x86/earlyprintk/efi: Fix infinite loop on some screen widths
drm/msm: Grab a vblank reference when waiting for commit_done
ARC: io.h: Implement reads{x}()/writes{x}()
bonding: fix 802.3ad state sent to partner when unbinding slave
nfs: don't dirty kernel pages read by direct-io
SUNRPC: Fix a potential race in xprt_connect()
sbus: char: add of_node_put()
drivers/sbus/char: add of_node_put()
drivers/tty: add missing of_node_put()
ide: pmac: add of_node_put()
clk: mvebu: Off by one bugs in cp110_of_clk_get()
clk: mmp: Off by one in mmp_clk_add()
Input: omap-keypad - fix keyboard debounce configuration
libata: whitelist all SAMSUNG MZ7KM* solid-state disks
mv88e6060: disable hardware level MAC learning
net/mlx4_en: Fix build break when CONFIG_INET is off
bpf: check pending signals while verifying programs
ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling
ARM: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart
ethernet: fman: fix wrong of_node_put() in probe function
drm/ast: Fix connector leak during driver unload
cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)
vhost/vsock: fix reset orphans race with close timeout
i2c: axxia: properly handle master timeout
i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node
nvmet-rdma: fix response use after free
rtc: snvs: add a missing write sync
rtc: snvs: Add timeouts to avoid kernel lockups
Linux 4.9.147
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Steven Rostedt (VMware)
|
c6bcf40f76 |
locking/qspinlock: Fix build for anonymous union in older GCC compilers
[ Upstream commit 6cc65be4f6f2a7186af8f3e09900787c7912dad2 ]
One of my tests compiles the kernel with gcc 4.5.3, and I hit the
following build error:
include/linux/semaphore.h: In function 'sema_init':
include/linux/semaphore.h:35:17: error: unknown field 'val' specified in initializer
include/linux/semaphore.h:35:17: warning: missing braces around initializer
include/linux/semaphore.h:35:17: warning: (near initialization for '(anonymous).raw_lock.<anonymous>.val')
I bisected it down to:
625e88be1f41 ("locking/qspinlock: Merge 'struct __qspinlock' into 'struct qspinlock'")
... which makes qspinlock have an anonymous union, which makes initializing it special
for older compilers. By adding strategic brackets, it makes the build
happy again.
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Acked-by: Waiman Long <longman@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Boqun Feng <boqun.feng@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Fixes: 625e88be1f41 ("locking/qspinlock: Merge 'struct __qspinlock' into 'struct qspinlock'")
Link: http://lkml.kernel.org/r/20180621203526.172ab5c4@vmware.local.home
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Will Deacon
|
60668f3cdd |
locking/qspinlock: Merge 'struct __qspinlock' into 'struct qspinlock'
commit 625e88be1f41b53cec55827c984e4a89ea8ee9f9 upstream. 'struct __qspinlock' provides a handy union of fields so that subcomponents of the lockword can be accessed by name, without having to manage shifts and masks explicitly and take endianness into account. This is useful in qspinlock.h and also potentially in arch headers, so move the 'struct __qspinlock' into 'struct qspinlock' and kill the extra definition. Signed-off-by: Will Deacon <will.deacon@arm.com> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Waiman Long <longman@redhat.com> Acked-by: Boqun Feng <boqun.feng@gmail.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-arm-kernel@lists.infradead.org Cc: paulmck@linux.vnet.ibm.com Link: http://lkml.kernel.org/r/1524738868-31318-3-git-send-email-will.deacon@arm.com Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Carl van Schaik
|
fc8ada64ad |
aarch64: add core okl4 hypervisor config
Adds the OKL4_GUEST config to the arm64 architecture, which serves as a root selector to enable additional drivers for running on the OKL4 hypervisor. include/asm-generic/okl4_virq.h: A generic helper for OKL4 hypervisor aware drivers. Change-Id: Ie89c5341cad762812485115bbe45c3bb4a1d7a15 Signed-off-by: Carl van Schaik <carl@cog.systems> Git-commit: 936194027fc9abaacec9b253c0f3e468a3d51577 Git-repo: https://github.com/CogSystems/linux-msm.git Signed-off-by: Minming Qi <mqi@codeaurora.org> |
||
|
Minming Qi
|
1f33e242b8 |
Merge android-4.9.121 (681e57b) into msm-4.9
* refs/heads/tmp-681e57b: Linux 4.9.121 x86/mm: Add TLB purge to free pmd/pte page interfaces ioremap: Update pgtable free interfaces with addr Bluetooth: hidp: buffer overflow in hidp_process_report ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization crypto: ablkcipher - fix crash flushing dcache in error path crypto: blkcipher - fix crash flushing dcache in error path crypto: vmac - separate tfm and request context crypto: vmac - require a block cipher with 128-bit block size crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2() kbuild: verify that $DEPMOD is installed i2c: ismt: fix wrong device address when unmap the data buffer kasan: don't emit builtin calls when sanitization is off x86/mm: Disable ioremap free page handling on x86-PAE x86: i8259: Add missing include file x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled Change-Id: Icbae426a49bcaa4d7432dc596e20553965431e93 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> Signed-off-by: Minming Qi <mqi@codeaurora.org> |
||
|
Minming Qi
|
a3ab5da4eb |
Merge android-4.9.120 (f85543b) into msm-4.9
* refs/heads/tmp-f85543b: Linux 4.9.120 x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present x86/cpu/amd: Limit cpu_core_id fixup to families older than F17h x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures x86/init: fix build with CONFIG_SWAP=n cpu/hotplug: Non-SMP machines do not make use of booted_once x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread x86/microcode: Allow late microcode loading with SMT disabled x86/microcode: Do not upload microcode if CPUs are offline tools headers: Synchronise x86 cpufeatures.h for L1TF additions x86/mm/kmmio: Make the tracer robust against L1TF x86/mm/pat: Make set_memory_np() L1TF safe x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/speculation/l1tf: Invert all not present mappings cpu/hotplug: Fix SMT supported evaluation KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry x86/speculation: Simplify sysfs report of VMX L1TF vulnerability KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR KVM: X86: Allow userspace to define the microcode version KVM: X86: Introduce kvm_get_msr_feature() KVM: SVM: Add MSR-based feature support for serializing LFENCE KVM: x86: Add a framework for supporting MSR-based features Documentation/l1tf: Remove Yonah processors from not vulnerable list x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d x86: Don't include linux/irq.h from asm/hardirq.h x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() cpu/hotplug: detect SMT disabled by BIOS Documentation/l1tf: Fix typos x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content Documentation: Add section about CPU vulnerabilities x86/bugs, kvm: Introduce boot-time control of L1TF mitigations cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early cpu/hotplug: Expose SMT control init function x86/kvm: Allow runtime control of L1D flush x86/kvm: Serialize L1D flush parameter setter x86/kvm: Add static key for flush always x86/kvm: Move l1tf setup function x86/l1tf: Handle EPT disabled state proper x86/kvm: Drop L1TF MSR list approach x86/litf: Introduce vmx status variable cpu/hotplug: Online siblings when SMT control is turned on x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting x86/KVM/VMX: Add find_msr() helper function x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers kvm: nVMX: Update MSR load counts on a VMCS switch x86/KVM/VMX: Add L1D flush logic x86/KVM/VMX: Add L1D MSR based flush x86/KVM/VMX: Add L1D flush algorithm x86/KVM/VMX: Add module argument for L1TF mitigation x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present cpu/hotplug: Boot HT siblings at least once Revert "x86/apic: Ignore secondary threads if nosmt=force" x86/speculation/l1tf: Fix up pte->pfn conversion for PAE x86/speculation/l1tf: Protect PAE swap entries against L1TF x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings x86/cpufeatures: Add detection of L1D cache flush support. x86/speculation/l1tf: Extend 64bit swap file size limit x86/apic: Ignore secondary threads if nosmt=force x86/cpu/AMD: Evaluate smp_num_siblings early x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info x86/cpu/intel: Evaluate smp_num_siblings early x86/cpu/topology: Provide detect_extended_topology_early() x86/cpu/common: Provide detect_ht_early() x86/cpu/AMD: Remove the pointless detect_ht() call x86/cpu: Remove the pointless CPU printout cpu/hotplug: Provide knobs to control SMT cpu/hotplug: Split do_cpu_down() cpu/hotplug: Make bringup/teardown of smp threads symmetric x86/topology: Provide topology_smt_supported() x86/smp: Provide topology_is_primary_thread() x86/bugs: Move the l1tf function and define pr_fmt properly x86/speculation/l1tf: Limit swap file size to MAX_PA/2 x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings x86/speculation/l1tf: Add sysfs reporting for l1tf x86/speculation/l1tf: Make sure the first page is always reserved x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation x86/speculation/l1tf: Protect swap entries against L1TF x86/speculation/l1tf: Change order of offset/type in swap entry mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT x86/irqflags: Provide a declaration for native_save_fl kprobes/x86: Fix %p uses in error messages x86/speculation: Protect against userspace-userspace spectreRSB x86/paravirt: Fix spectre-v2 mitigations for paravirt guests ARM: dts: imx6sx: fix irq for pcie bridge IB/ocrdma: fix out of bounds access to local buffer mtd: nand: qcom: Add a NULL check for devm_kasprintf() IB/mlx4: Mark user MR as writable if actual virtual memory is writable IB/core: Make testing MR flags for writability a static inline function proc: Fix proc_sys_prune_dcache to hold a sb reference proc/sysctl: Don't grab i_lock under sysctl_lock. proc/sysctl: prune stale dentries during unregistering fix __legitimize_mnt()/mntput() race fix mntput/mntput race make sure that __dentry_kill() always invalidates d_seq, unhashed or not root dentries need RCU-delayed freeing init: rename and re-order boot_cpu_state_init() scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices xen/netfront: don't cache skb_shinfo() Mark HI and TASKLET softirq synchronous kasan: add no_sanitize attribute for clang builds parisc: Define mb() and add memory barriers to assembler unlock sequences parisc: Enable CONFIG_MLONGCALLS by default tpm: fix race condition in tpm_common_write() ext4: fix check to prevent initializing reserved inodes ANDROID: AVB error handler to invalidate vbmeta partition. Conflicts: include/linux/swapfile.h kernel/smp.c kernel/softirq.c Change-Id: Ied9792f455e336bf7e3bdcf9a6c21f7a212b6db6 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> Signed-off-by: Minming Qi <mqi@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
681e57bb08 |
Merge 4.9.121 into android-4.9
Changes in 4.9.121 x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled x86: i8259: Add missing include file x86/mm: Disable ioremap free page handling on x86-PAE kasan: don't emit builtin calls when sanitization is off i2c: ismt: fix wrong device address when unmap the data buffer kbuild: verify that $DEPMOD is installed crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2() crypto: vmac - require a block cipher with 128-bit block size crypto: vmac - separate tfm and request context crypto: blkcipher - fix crash flushing dcache in error path crypto: ablkcipher - fix crash flushing dcache in error path ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization Bluetooth: hidp: buffer overflow in hidp_process_report ioremap: Update pgtable free interfaces with addr x86/mm: Add TLB purge to free pmd/pte page interfaces Linux 4.9.121 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Chintan Pandya
|
6e6b637779 |
ioremap: Update pgtable free interfaces with addr
commit 785a19f9d1dd8a4ab2d0633be4656653bd3de1fc upstream.
The following kernel panic was observed on ARM64 platform due to a stale
TLB entry.
1. ioremap with 4K size, a valid pte page table is set.
2. iounmap it, its pte entry is set to 0.
3. ioremap the same address with 2M size, update its pmd entry with
a new value.
4. CPU may hit an exception because the old pmd entry is still in TLB,
which leads to a kernel panic.
Commit b6bdb7517c3d ("mm/vmalloc: add interfaces to free unmapped page
table") has addressed this panic by falling to pte mappings in the above
case on ARM64.
To support pmd mappings in all cases, TLB purge needs to be performed
in this case on ARM64.
Add a new arg, 'addr', to pud_free_pmd_page() and pmd_free_pte_page()
so that TLB purge can be added later in seprate patches.
[toshi.kani@hpe.com: merge changes, rewrite patch description]
Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces")
Signed-off-by: Chintan Pandya <cpandya@codeaurora.org>
Signed-off-by: Toshi Kani <toshi.kani@hpe.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: mhocko@suse.com
Cc: akpm@linux-foundation.org
Cc: hpa@zytor.com
Cc: linux-mm@kvack.org
Cc: linux-arm-kernel@lists.infradead.org
Cc: Will Deacon <will.deacon@arm.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: stable@vger.kernel.org
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: <stable@vger.kernel.org>
Link: https://lkml.kernel.org/r/20180627141348.21777-3-toshi.kani@hpe.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
f85543ba3c |
Merge 4.9.120 into android-4.9
Changes in 4.9.120 ext4: fix check to prevent initializing reserved inodes tpm: fix race condition in tpm_common_write() parisc: Enable CONFIG_MLONGCALLS by default parisc: Define mb() and add memory barriers to assembler unlock sequences kasan: add no_sanitize attribute for clang builds Mark HI and TASKLET softirq synchronous xen/netfront: don't cache skb_shinfo() ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled init: rename and re-order boot_cpu_state_init() root dentries need RCU-delayed freeing make sure that __dentry_kill() always invalidates d_seq, unhashed or not fix mntput/mntput race fix __legitimize_mnt()/mntput() race proc/sysctl: prune stale dentries during unregistering proc/sysctl: Don't grab i_lock under sysctl_lock. proc: Fix proc_sys_prune_dcache to hold a sb reference IB/core: Make testing MR flags for writability a static inline function IB/mlx4: Mark user MR as writable if actual virtual memory is writable mtd: nand: qcom: Add a NULL check for devm_kasprintf() IB/ocrdma: fix out of bounds access to local buffer ARM: dts: imx6sx: fix irq for pcie bridge x86/paravirt: Fix spectre-v2 mitigations for paravirt guests x86/speculation: Protect against userspace-userspace spectreRSB kprobes/x86: Fix %p uses in error messages x86/irqflags: Provide a declaration for native_save_fl x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 x86/speculation/l1tf: Change order of offset/type in swap entry x86/speculation/l1tf: Protect swap entries against L1TF x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation x86/speculation/l1tf: Make sure the first page is always reserved x86/speculation/l1tf: Add sysfs reporting for l1tf x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings x86/speculation/l1tf: Limit swap file size to MAX_PA/2 x86/bugs: Move the l1tf function and define pr_fmt properly x86/smp: Provide topology_is_primary_thread() x86/topology: Provide topology_smt_supported() cpu/hotplug: Make bringup/teardown of smp threads symmetric cpu/hotplug: Split do_cpu_down() cpu/hotplug: Provide knobs to control SMT x86/cpu: Remove the pointless CPU printout x86/cpu/AMD: Remove the pointless detect_ht() call x86/cpu/common: Provide detect_ht_early() x86/cpu/topology: Provide detect_extended_topology_early() x86/cpu/intel: Evaluate smp_num_siblings early x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info x86/cpu/AMD: Evaluate smp_num_siblings early x86/apic: Ignore secondary threads if nosmt=force x86/speculation/l1tf: Extend 64bit swap file size limit x86/cpufeatures: Add detection of L1D cache flush support. x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings x86/speculation/l1tf: Protect PAE swap entries against L1TF x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Revert "x86/apic: Ignore secondary threads if nosmt=force" cpu/hotplug: Boot HT siblings at least once x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present x86/KVM/VMX: Add module argument for L1TF mitigation x86/KVM/VMX: Add L1D flush algorithm x86/KVM/VMX: Add L1D MSR based flush x86/KVM/VMX: Add L1D flush logic kvm: nVMX: Update MSR load counts on a VMCS switch x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers x86/KVM/VMX: Add find_msr() helper function x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required cpu/hotplug: Online siblings when SMT control is turned on x86/litf: Introduce vmx status variable x86/kvm: Drop L1TF MSR list approach x86/l1tf: Handle EPT disabled state proper x86/kvm: Move l1tf setup function x86/kvm: Add static key for flush always x86/kvm: Serialize L1D flush parameter setter x86/kvm: Allow runtime control of L1D flush cpu/hotplug: Expose SMT control init function cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early x86/bugs, kvm: Introduce boot-time control of L1TF mitigations Documentation: Add section about CPU vulnerabilities x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content Documentation/l1tf: Fix typos cpu/hotplug: detect SMT disabled by BIOS x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d x86: Don't include linux/irq.h from asm/hardirq.h x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Documentation/l1tf: Remove Yonah processors from not vulnerable list KVM: x86: Add a framework for supporting MSR-based features KVM: SVM: Add MSR-based feature support for serializing LFENCE KVM: X86: Introduce kvm_get_msr_feature() KVM: X86: Allow userspace to define the microcode version KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR x86/speculation: Simplify sysfs report of VMX L1TF vulnerability x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry cpu/hotplug: Fix SMT supported evaluation x86/speculation/l1tf: Invert all not present mappings x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/mm/pat: Make set_memory_np() L1TF safe x86/mm/kmmio: Make the tracer robust against L1TF tools headers: Synchronise x86 cpufeatures.h for L1TF additions x86/microcode: Do not upload microcode if CPUs are offline x86/microcode: Allow late microcode loading with SMT disabled x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread cpu/hotplug: Non-SMP machines do not make use of booted_once x86/init: fix build with CONFIG_SWAP=n x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures x86/cpu/amd: Limit cpu_core_id fixup to families older than F17h x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present Linux 4.9.120 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Jiri Kosina
|
b4f17de89e |
x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
commit 6c26fcd2abfe0a56bbd95271fce02df2896cfd24 upstream.
pfn_modify_allowed() and arch_has_pfn_modify_check() are outside of the
!__ASSEMBLY__ section in include/asm-generic/pgtable.h, which confuses
assembler on archs that don't have __HAVE_ARCH_PFN_MODIFY_ALLOWED (e.g.
ia64) and breaks build:
include/asm-generic/pgtable.h: Assembler messages:
include/asm-generic/pgtable.h:538: Error: Unknown opcode `static inline bool pfn_modify_allowed(unsigned long pfn,pgprot_t prot)'
include/asm-generic/pgtable.h:540: Error: Unknown opcode `return true'
include/asm-generic/pgtable.h:543: Error: Unknown opcode `static inline bool arch_has_pfn_modify_check(void)'
include/asm-generic/pgtable.h:545: Error: Unknown opcode `return false'
arch/ia64/kernel/entry.S:69: Error: `mov' does not fit into bundle
Move those two static inlines into the !__ASSEMBLY__ section so that they
don't confuse the asm build pass.
Fixes: 42e4089c7890 ("x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings")
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
[groeck: Context changes]
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Andi Kleen
|
7c5b42f82c |
x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
commit 42e4089c7890725fcd329999252dc489b72f2921 upstream For L1TF PROT_NONE mappings are protected by inverting the PFN in the page table entry. This sets the high bits in the CPU's address space, thus making sure to point to not point an unmapped entry to valid cached memory. Some server system BIOSes put the MMIO mappings high up in the physical address space. If such an high mapping was mapped to unprivileged users they could attack low memory by setting such a mapping to PROT_NONE. This could happen through a special device driver which is not access protected. Normal /dev/mem is of course access protected. To avoid this forbid PROT_NONE mappings or mprotect for high MMIO mappings. Valid page mappings are allowed because the system is then unsafe anyways. It's not expected that users commonly use PROT_NONE on MMIO. But to minimize any impact this is only enforced if the mapping actually refers to a high MMIO address (defined as the MAX_PA-1 bit being set), and also skip the check for root. For mmaps this is straight forward and can be handled in vm_insert_pfn and in remap_pfn_range(). For mprotect it's a bit trickier. At the point where the actual PTEs are accessed a lot of state has been changed and it would be difficult to undo on an error. Since this is a uncommon case use a separate early page talk walk pass for MMIO PROT_NONE mappings that checks for this condition early. For non MMIO and non PROT_NONE there are no changes. [dwmw2: Backport to 4.9] Signed-off-by: Andi Kleen <ak@linux.intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> Acked-by: Dave Hansen <dave.hansen@intel.com> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Linux Build Service Account
|
696d37fc99 |
Merge "Merge android-4.9.106 (8b94b87) into msm-4.9"
|
||
|
Will Deacon
|
748ac62882 |
locking/qrwlock: Prevent slowpath writers getting held up by fastpath
When a prospective writer takes the qrwlock locking slowpath due to the lock being held, it attempts to cmpxchg the wmode field from 0 to _QW_WAITING so that concurrent lockers also take the slowpath and queue on the spinlock accordingly, allowing the lockers to drain. Unfortunately, this isn't fair, because a fastpath writer that comes in after the lock is made available but before the _QW_WAITING flag is set can effectively jump the queue. If there is a steady stream of prospective writers, then the waiter will be held off indefinitely. This patch restores fairness by separating _QW_WAITING and _QW_LOCKED into two distinct fields: _QW_LOCKED continues to occupy the bottom byte of the lockword so that it can be cleared unconditionally when unlocking, but _QW_WAITING now occupies what used to be the bottom bit of the reader count. This then forces the slow-path for concurrent lockers. Change-Id: Ib7649f4b1740c5c8a892c23864370115fdf003b3 Tested-by: Waiman Long <longman@redhat.com> Tested-by: Jeremy Linton <jeremy.linton@arm.com> Tested-by: Adam Wallis <awallis@codeaurora.org> Tested-by: Jan Glauber <jglauber@cavium.com> Signed-off-by: Will Deacon <will.deacon@arm.com> Acked-by: Peter Zijlstra <peterz@infradead.org> Cc: Boqun Feng <boqun.feng@gmail.com> Cc: Jeremy.Linton@arm.com Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/1507810851-306-6-git-send-email-will.deacon@arm.com Signed-off-by: Ingo Molnar <mingo@kernel.org> Git-commit: d133166146333e1f13fc81c0e6c43c8d99290a8a Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org> Signed-off-by: Mukesh Ojha <mojha@codeaurora.org> |
||
|
Will Deacon
|
64b4552b78 |
locking/qrwlock: Use atomic_cond_read_acquire() when spinning in qrwlock
The qrwlock slowpaths involve spinning when either a prospective reader is waiting for a concurrent writer to drain, or a prospective writer is waiting for concurrent readers to drain. In both of these situations, atomic_cond_read_acquire() can be used to avoid busy-waiting and make use of any backoff functionality provided by the architecture. This patch replaces the open-code loops and rspin_until_writer_unlock() implementation with atomic_cond_read_acquire(). The write mode transition zero to _QW_WAITING is left alone, since (a) this doesn't need acquire semantics and (b) should be fast. Change-Id: I314a7f74b744a0530e9ff5d4eaf505ec2674e8cf Tested-by: Waiman Long <longman@redhat.com> Tested-by: Jeremy Linton <jeremy.linton@arm.com> Tested-by: Adam Wallis <awallis@codeaurora.org> Tested-by: Jan Glauber <jglauber@cavium.com> Signed-off-by: Will Deacon <will.deacon@arm.com> Acked-by: Peter Zijlstra <peterz@infradead.org> Cc: Boqun Feng <boqun.feng@gmail.com> Cc: Jeremy.Linton@arm.com Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/1507810851-306-4-git-send-email-will.deacon@arm.com Signed-off-by: Ingo Molnar <mingo@kernel.org> Git-commit: b519b56e378ee82caf9b079b04f5db87dedc3251 Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org> Signed-off-by: Mukesh Ojha <mojha@codeaurora.org> |
||
|
Will Deacon
|
75a7ea0cd5 |
locking/atomic: Add atomic_cond_read_acquire()
smp_cond_load_acquire() provides a way to spin on a variable with acquire semantics until some conditional expression involving the variable is satisfied. Architectures such as arm64 can potentially enter a low-power state, waking up only when the value of the variable changes, which reduces the system impact of tight polling loops. This patch makes the same interface available to users of atomic_t, atomic64_t and atomic_long_t, rather than require messy accesses to the structure internals. Change-Id: I5ef2f84dfe810b4e4d26bbb0617c2070f4ccb678 Signed-off-by: Will Deacon <will.deacon@arm.com> Acked-by: Peter Zijlstra <peterz@infradead.org> Cc: Boqun Feng <boqun.feng@gmail.com> Cc: Jeremy.Linton@arm.com Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Waiman Long <longman@redhat.com> Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/1507810851-306-3-git-send-email-will.deacon@arm.com Signed-off-by: Ingo Molnar <mingo@kernel.org> Git-commit: 4df714be4dcf40bfb0d4af0f851a6e1977afa02e Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org> Signed-off-by: Mukesh Ojha <mojha@codeaurora.org> |
||
|
Will Deacon
|
22a84c5bf9 |
locking/qrwlock: Use 'struct qrwlock' instead of 'struct __qrwlock'
There's no good reason to keep the internal structure of struct qrwlock hidden from qrwlock.h, particularly as it's actually needed for unlock and ends up being abstracted independently behind the __qrwlock_write_byte() function. Stop pretending we can hide this stuff, and move the __qrwlock definition into qrwlock, removing the __qrwlock_write_byte() nastiness and using the same struct definition everywhere instead. Change-Id: Iead0ac0d520d347c9125ca2444b4aefa355ecf94 Signed-off-by: Will Deacon <will.deacon@arm.com> Acked-by: Peter Zijlstra <peterz@infradead.org> Cc: Boqun Feng <boqun.feng@gmail.com> Cc: Jeremy.Linton@arm.com Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Waiman Long <longman@redhat.com> Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/1507810851-306-2-git-send-email-will.deacon@arm.com Signed-off-by: Ingo Molnar <mingo@kernel.org> Git-commit: e0d02285f16e8d5810f3d5d5e8a5886ca0015d3b Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org> Signed-off-by: Mukesh Ojha <mojha@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
9797dcb8c7 |
Merge 4.9.104 into android-4.9
Changes in 4.9.104
MIPS: c-r4k: Fix data corruption related to cache coherence
MIPS: ptrace: Expose FIR register through FP regset
MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
affs_lookup(): close a race with affs_remove_link()
aio: fix io_destroy(2) vs. lookup_ioctx() race
ALSA: timer: Fix pause event notification
do d_instantiate/unlock_new_inode combinations safely
mmc: sdhci-iproc: remove hard coded mmc cap 1.8v
mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
libata: Blacklist some Sandisk SSDs for NCQ
libata: blacklist Micron 500IT SSD with MU01 firmware
xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros
IB/hfi1: Use after free race condition in send context error path
Revert "ipc/shm: Fix shmat mmap nil-page protection"
ipc/shm: fix shmat() nil address after round-down when remapping
kasan: fix memory hotplug during boot
kernel/sys.c: fix potential Spectre v1 issue
kernel/signal.c: avoid undefined behaviour in kill_something_info
KVM/VMX: Expose SSBD properly to guests
KVM: s390: vsie: fix < 8k check for the itdba
KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed
kvm: x86: IA32_ARCH_CAPABILITIES is always supported
firewire-ohci: work around oversized DMA reads on JMicron controllers
x86/tsc: Allow TSC calibration without PIT
NFSv4: always set NFS_LOCK_LOST when a lock is lost.
ALSA: hda - Use IS_REACHABLE() for dependency on input
kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460
tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
PCI: Add function 1 DMA alias quirk for Marvell 9128
Input: psmouse - fix Synaptics detection when protocol is disabled
i40iw: Zero-out consumer key on allocate stag for FMR
tools lib traceevent: Simplify pointer print logic and fix %pF
perf callchain: Fix attr.sample_max_stack setting
tools lib traceevent: Fix get_field_str() for dynamic strings
perf record: Fix failed memory allocation for get_cpuid_str
iommu/vt-d: Use domain instead of cache fetching
dm thin: fix documentation relative to low water mark threshold
net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
nfs: Do not convert nfs_idmap_cache_timeout to jiffies
watchdog: sp5100_tco: Fix watchdog disable bit
kconfig: Don't leak main menus during parsing
kconfig: Fix automatic menu creation mem leak
kconfig: Fix expr_free() E_NOT leak
mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
ipmi/powernv: Fix error return code in ipmi_powernv_probe()
Btrfs: set plug for fsync
btrfs: Fix out of bounds access in btrfs_search_slot
Btrfs: fix scrub to repair raid6 corruption
btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP
HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
fm10k: fix "failed to kill vid" message for VF
device property: Define type of PROPERTY_ENRTY_*() macros
jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
powerpc/numa: Ensure nodes initialized for hotplug
RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
ntb_transport: Fix bug with max_mw_size parameter
gianfar: prevent integer wrapping in the rx handler
tcp_nv: fix potential integer overflow in tcpnv_acked
kvm: Map PFN-type memory regions as writable (if possible)
ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
ocfs2: return error when we attempt to access a dirty bh in jbd2
mm/mempolicy: fix the check of nodemask from user
mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
asm-generic: provide generic_pmdp_establish()
sparc64: update pmdp_invalidate() to return old pmd value
mm: thp: use down_read_trylock() in khugepaged to avoid long block
mm: pin address_space before dereferencing it while isolating an LRU page
mm/fadvise: discard partial page if endbyte is also EOF
openvswitch: Remove padding from packet before L3+ conntrack processing
IB/ipoib: Fix for potential no-carrier state
drm/nouveau/pmu/fuc: don't use movw directly anymore
netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure
x86/power: Fix swsusp_arch_resume prototype
firmware: dmi_scan: Fix handling of empty DMI strings
ACPI: processor_perflib: Do not send _PPC change notification if not ready
ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs
bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
MIPS: generic: Fix machine compatible matching
MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
xen-netfront: Fix race between device setup and open
xen/grant-table: Use put_page instead of free_page
RDS: IB: Fix null pointer issue
arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
proc: fix /proc/*/map_files lookup
cifs: silence compiler warnings showing up with gcc-8.0.0
bcache: properly set task state in bch_writeback_thread()
bcache: fix for allocator and register thread race
bcache: fix for data collapse after re-attaching an attached device
bcache: return attach error when no cache set exist
tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
bpf: fix rlimit in reuseport net selftest
vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page
locking/qspinlock: Ensure node->count is updated before initialising node
irqchip/gic-v3: Ignore disabled ITS nodes
cpumask: Make for_each_cpu_wrap() available on UP as well
irqchip/gic-v3: Change pr_debug message to pr_devel
ARC: Fix malformed ARC_EMUL_UNALIGNED default
ptr_ring: prevent integer overflow when calculating size
libata: Fix compile warning with ATA_DEBUG enabled
selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m
selftests: memfd: add config fragment for fuse
ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
ARM: OMAP3: Fix prm wake interrupt for resume
ARM: OMAP1: clock: Fix debugfs_create_*() usage
ibmvnic: Free RX socket buffer in case of adapter error
iwlwifi: mvm: fix security bug in PN checking
iwlwifi: mvm: always init rs with 20mhz bandwidth rates
NFC: llcp: Limit size of SDP URI
rxrpc: Work around usercopy check
mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
mac80211: fix a possible leak of station stats
mac80211: fix calling sleeping function in atomic context
mac80211: Do not disconnect on invalid operating class
md raid10: fix NULL deference in handle_write_completed()
drm/exynos: g2d: use monotonic timestamps
drm/exynos: fix comparison to bitshift when dealing with a mask
locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
md: raid5: avoid string overflow warning
kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
s390/cio: fix ccw_device_start_timeout API
s390/cio: fix return code after missing interrupt
s390/cio: clear timer when terminating driver I/O
PKCS#7: fix direct verification of SignerInfo signature
ARM: OMAP: Fix dmtimer init for omap1
smsc75xx: fix smsc75xx_set_features()
regulatory: add NUL to request alpha2
integrity/security: fix digsig.c build error with header file
locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations
mac80211: drop frames with unexpected DS bits from fast-rx to slow path
arm64: fix unwind_frame() for filtered out fn for function graph tracing
macvlan: fix use-after-free in macvlan_common_newlink()
kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds
fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
fs: dcache: Use READ_ONCE when accessing i_dir_seq
md: fix a potential deadlock of raid5/raid10 reshape
md/raid1: fix NULL pointer dereference
batman-adv: fix packet checksum in receive path
batman-adv: invalidate checksum on fragment reassembly
netfilter: ebtables: convert BUG_ONs to WARN_ONs
batman-adv: Ignore invalid batadv_iv_gw during netlink send
batman-adv: Ignore invalid batadv_v_gw during netlink send
batman-adv: Fix netlink dumping of BLA claims
batman-adv: Fix netlink dumping of BLA backbones
nvme-pci: Fix nvme queue cleanup if IRQ setup fails
clocksource/drivers/fsl_ftm_timer: Fix error return checking
ceph: fix dentry leak when failing to init debugfs
ARM: orion5x: Revert commit
|