vic
482 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Bruno Martins
|
9162135978 |
Merge branch 'deprecated/android-4.9-q' of https://android.googlesource.com/kernel/common into HEAD
Conflicts: arch/arm/Makefile arch/arm/include/asm/unistd.h arch/arm/kernel/calls.S arch/arm64/include/asm/assembler.h arch/arm64/include/asm/cputype.h arch/arm64/kernel/bpi.S arch/arm64/kernel/cpu_errata.c arch/arm64/kernel/setup.c arch/arm64/kernel/vdso.c arch/arm64/mm/proc.S arch/mips/include/uapi/asm/Kbuild arch/powerpc/include/uapi/asm/Kbuild drivers/char/Kconfig drivers/char/random.c drivers/clk/qcom/clk-rcg2.c drivers/gpu/drm/drm_edid.c drivers/irqchip/irq-gic.c drivers/md/dm-table.c drivers/media/dvb-core/dmxdev.c drivers/mmc/core/core.c drivers/mmc/core/host.c drivers/mmc/core/mmc.c drivers/mmc/host/sdhci.c drivers/net/usb/lan78xx.c drivers/scsi/ufs/ufs_quirks.h drivers/scsi/ufs/ufshcd.c drivers/staging/android/ion/ion-ioctl.c drivers/staging/android/ion/ion.c drivers/staging/android/ion/ion_priv.h drivers/staging/android/ion/ion_system_heap.c drivers/tty/tty_io.c drivers/usb/core/hub.c drivers/usb/core/usb.h drivers/usb/dwc3/core.c drivers/usb/dwc3/gadget.c drivers/usb/gadget/composite.c drivers/usb/gadget/configfs.c drivers/usb/gadget/function/f_accessory.c drivers/usb/gadget/function/rndis.c drivers/usb/gadget/function/rndis.h fs/eventpoll.c fs/ext4/namei.c fs/fat/fatent.c fs/gfs2/acl.c include/linux/random.h include/uapi/drm/Kbuild include/uapi/linux/Kbuild include/uapi/linux/cifs/Kbuild include/uapi/linux/genwqe/Kbuild kernel/cpu.c kernel/exit.c kernel/sched/cpufreq_schedutil.c lib/Makefile lib/string.c mm/memory.c mm/page-writeback.c mm/page_alloc.c net/ipv4/udp.c net/ipv6/datagram.c net/ipv6/ip6_output.c net/netfilter/nf_conntrack_irc.c net/netfilter/xt_quota2.c net/netlink/genetlink.c security/selinux/avc.c security/selinux/include/objsec.h sound/core/compress_offload.c Change-Id: I41982a5a8e22a21b72ec5dfa61a3680be66213f4 |
||
|
Greg Kroah-Hartman
|
5671ebb169 |
Merge 4.9.259 into android-4.9-q
Changes in 4.9.259
HID: make arrays usage and value to be the same
usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable
ntfs: check for valid standard information attribute
igb: Remove incorrect "unexpected SYS WRAP" log message
arm64: tegra: Add power-domain for Tegra210 HDA
NET: usb: qmi_wwan: Adding support for Cinterion MV31
cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath.
scripts/recordmcount.pl: support big endian for ARCH sh
kdb: Make memory allocations more robust
MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section
random: fix the RNDRESEEDCRNG ioctl
mm, thp: make do_huge_pmd_wp_page() lock page for testing mapcount
Bluetooth: Fix initializing response id after clearing struct
ARM: dts: exynos: correct PMIC interrupt trigger level on Spring
ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa
arm64: dts: exynos: correct PMIC interrupt trigger level on Espresso
Bluetooth: drop HCI device reference before return
Bluetooth: Put HCI device if inquiry procedure interrupts
ARM: dts: Configure missing thermal interrupt for 4430
usb: dwc2: Do not update data length if it is 0 on inbound transfers
usb: dwc2: Abort transaction after errors with unknown reason
usb: dwc2: Make "trimming xfer length" a debug message
arm64: dts: msm8916: Fix reserved and rfsa nodes unit address
ARM: s3c: fix fiq for clang IAS
bnxt_en: reverse order of TX disable and carrier off
xen/netback: fix spurious event detection for common event case
mac80211: fix potential overflow when multiplying to u32 integers
b43: N-PHY: Fix the update of coef for the PHY revision >= 3case
fbdev: aty: SPARC64 requires FB_ATY_CT
drm/gma500: Fix error return code in psb_driver_load()
gma500: clean up error handling in init
MIPS: c-r4k: Fix section mismatch for loongson2_sc_init
MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0
media: vsp1: Fix an error handling path in the probe function
media: media/pci: Fix memleak in empress_init
media: tm6000: Fix memleak in tm6000_start_stream
ASoC: cs42l56: fix up error handling in probe
media: lmedm04: Fix misuse of comma
media: qm1d1c0042: fix error return code in qm1d1c0042_init()
media: cx25821: Fix a bug when reallocating some dma memory
media: pxa_camera: declare variable when DEBUG is defined
media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values
ata: ahci_brcm: Add back regulators management
btrfs: clarify error returns values in __load_free_space_cache
crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key()
fs/jfs: fix potential integer overflow on shift of a int
jffs2: fix use after free in jffs2_sum_write_data()
clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL
spi: cadence-quadspi: Abort read if dummy cycles required are too many
HID: core: detect and skip invalid inputs to snto32()
dmaengine: fsldma: Fix a resource leak in the remove function
dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function
fdt: Properly handle "no-map" field in the memory region
of/fdt: Make sure no-map does not remove already reserved regions
power: reset: at91-sama5d2_shdwc: fix wkupdbc mask
clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined
regulator: axp20x: Fix reference cout leak
isofs: release buffer head before return
IB/umad: Return EIO in case of when device disassociated
powerpc/47x: Disable 256k page size
mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe
ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores
amba: Fix resource leak for drivers without .remove
tracepoint: Do not fail unregistering a probe due to memory failure
perf tools: Fix DSO filtering when not finding a map for a sampled address
RDMA/rxe: Fix coding error in rxe_recv.c
mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq()
powerpc/pseries/dlpar: handle ibm, configure-connector delay status
spi: pxa2xx: Fix the controller numbering for Wildcat Point
perf intel-pt: Fix missing CYC processing in PSB
perf test: Fix unaligned access in sample parsing test
Input: elo - fix an error code in elo_connect()
sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set
misc: eeprom_93xx46: Fix module alias to enable module autoprobe
misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users
pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare()
VMCI: Use set_page_dirty_lock() when unregistering guest memory
PCI: Align checking of syscall user config accessors
drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)
i40e: Fix flow for IPv6 next header (extension header)
net/mlx4_core: Add missed mlx4_free_cmd_mailbox()
ocfs2: fix a use after free on error
mm/memory.c: fix potential pte_unmap_unlock pte error
mm/hugetlb: fix potential double free in hugetlb_register_node() error path
arm64: Add missing ISB after invalidating TLB in __primary_switch
i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition
scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
blk-settings: align max_sectors on "logical_block_size" boundary
ACPI: configfs: add missing check after configfs_register_default_group()
Input: raydium_ts_i2c - do not send zero length
Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S
Input: joydev - prevent potential read overflow in ioctl
Input: i8042 - add ASUS Zenbook Flip to noselftest list
USB: serial: option: update interface mapping for ZTE P685M
usb: musb: Fix runtime PM race in musb_queue_resume_work
USB: serial: mos7840: fix error code in mos7840_write()
USB: serial: mos7720: fix error code in mos7720_write()
usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt
KEYS: trusted: Fix migratable=1 failing
btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root
btrfs: fix reloc root leak with 0 ref reloc roots on recovery
btrfs: fix extent buffer leak on failure to copy root
seccomp: Add missing return in non-void function
drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue
staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
x86/reboot: Force all cpus to exit VMX root if VMX is supported
floppy: reintroduce O_NDELAY fix
mtd: spi-nor: hisi-sfc: Put child node np on error path
mm: hugetlb: fix a race between freeing and dissolving the page
usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop()
libnvdimm/dimm: Avoid race between probe and available_slots_show()
module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
mmc: sdhci-esdhc-imx: fix kernel panic when remove module
gpio: pcf857x: Fix missing first interrupt
f2fs: fix out-of-repair __setattr_copy()
sparc32: fix a user-triggerable oops in clear_user()
gfs2: Don't skip dlm unlock if glock has an lvb
dm era: Recover committed writeset after crash
dm era: Verify the data block size hasn't changed
dm era: Fix bitset memory leaks
dm era: Use correct value size in equality function of writeset tree
dm era: Reinitialize bitset cache before digesting a new writeset
dm era: only resize metadata in preresume
futex: Fix OWNER_DEAD fixup
futex: fix dead code in attach_to_pi_owner()
icmp: introduce helper for nat'd source address in network device context
icmp: allow icmpv6_ndo_send to work with CONFIG_IPV6=n
gtp: use icmp_ndo_send helper
sunvnet: use icmp_ndo_send helper
ipv6: icmp6: avoid indirect call for icmpv6_send()
ipv6: silence compilation warning for non-IPV6 builds
net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending
dm era: Update in-core bitset after committing the metadata
Linux 4.9.259
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Icef5fb8e40fc531a932878e86ae352f2d5e71d53
|
||
|
Fangrui Song
|
3d852076ed |
module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
commit ebfac7b778fac8b0e8e92ec91d0b055f046b4604 upstream.
clang-12 -fno-pic (since
|
||
|
Greg Kroah-Hartman
|
00e06d5c23 |
Merge 4.9.250 into android-4.9-q
Changes in 4.9.250 x86/entry/64: Add instruction suffix ALSA: hda/ca0132 - Fix work handling in delayed HP detection ALSA: usb-audio: simplify set_sync_ep_implicit_fb_quirk ALSA: usb-audio: fix sync-ep altsetting sanity check ALSA: hda/realtek - Support Dell headset mode for ALC3271 ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 vfio/pci: Move dummy_resources_list init in vfio_pci_probe() s390/dasd: fix hanging device offline processing USB: serial: digi_acceleport: fix write-wakeup deadlocks net: ipv6: keep sk status consistent after datagram connect failure l2tp: fix races with ipv4-mapped ipv6 addresses uapi: move constants from <linux/kernel.h> to <linux/const.h> of: fix linker-section match-table corruption reiserfs: add check for an invalid ih_entry_count misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() media: gp8psk: initialize stats at power control logic ALSA: seq: Use bool for snd_seq_queue internal flags module: set MODULE_STATE_GOING state when a module fails to load quota: Don't overflow quota file offsets powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() module: delay kobject uevent until after module init call kdev_t: always inline major/minor helper functions xen/xenbus: Allow watches discard events before queueing xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() xen/xenbus/xen_bus_type: Support will_handle watch callback xen/xenbus: Count pending messages for each watch xenbus/xenbus_backend: Disallow pending watch messages iio: bmi160_core: Fix sparse warning due to incorrect type in assignment iio:imu:bmi160: Fix too large a buffer. iio:imu:bmi160: Fix alignment and data leak issues iio:magnetometer:mag3110: Fix alignment and data leak issues. mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start Linux 4.9.250 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I35cbeaf6b46f036f1d2b60182972163952c9b973 |
||
|
Jessica Yu
|
c5891b7349 |
module: delay kobject uevent until after module init call
[ Upstream commit 38dc717e97153e46375ee21797aa54777e5498f3 ] Apparently there has been a longstanding race between udev/systemd and the module loader. Currently, the module loader sends a uevent right after sysfs initialization, but before the module calls its init function. However, some udev rules expect that the module has initialized already upon receiving the uevent. This race has been triggered recently (see link in references) in some systemd mount unit files. For instance, the configfs module creates the /sys/kernel/config mount point in its init function, however the module loader issues the uevent before this happens. sys-kernel-config.mount expects to be able to mount /sys/kernel/config upon receipt of the module loading uevent, but if the configfs module has not called its init function yet, then this directory will not exist and the mount unit fails. A similar situation exists for sys-fs-fuse-connections.mount, as the fuse sysfs mount point is created during the fuse module's init function. If udev is faster than module initialization then the mount unit would fail in a similar fashion. To fix this race, delay the module KOBJ_ADD uevent until after the module has finished calling its init routine. References: https://github.com/systemd/systemd/issues/17586 Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Tested-By: Nicolas Morey-Chaisemartin <nmoreychaisemartin@suse.com> Signed-off-by: Jessica Yu <jeyu@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Miroslav Benes
|
49ccaee9a7 |
module: set MODULE_STATE_GOING state when a module fails to load
[ Upstream commit 5e8ed280dab9eeabc1ba0b2db5dbe9fe6debb6b5 ] If a module fails to load due to an error in prepare_coming_module(), the following error handling in load_module() runs with MODULE_STATE_COMING in module's state. Fix it by correctly setting MODULE_STATE_GOING under "bug_cleanup" label. Signed-off-by: Miroslav Benes <mbenes@suse.cz> Signed-off-by: Jessica Yu <jeyu@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
jianzhou
|
dc194471e3 |
Merge android-4.9.207(6f0b5b5) into msm-4.9
* refs/heads/tmp-6f0b5b5:
Linux 4.9.207
net: stmmac: don't stop NAPI processing when dropping a packet
net: stmmac: use correct DMA buffer size in the RX descriptor
xhci: fix USB3 device initiated resume race with roothub autosuspend
drm/radeon: fix r1xx/r2xx register checker for POT textures
scsi: iscsi: Fix a potential deadlock in the timeout handler
dm btree: increase rebalance threshold in __rebalance2()
dma-buf: Fix memory leak in sync_file_merge()
vfio/pci: call irq_bypass_unregister_producer() before freeing irq
ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume()
ARM: dts: s3c64xx: Fix init order of clock providers
CIFS: Respect O_SYNC and O_DIRECT flags during reconnect
xtensa: fix TLB sanity checker
PCI/MSI: Fix incorrect MSI-X masking on resume
PCI: Fix Intel ACS quirk UPDCR register address
Revert "regulator: Defer init completion for a while after late_initcall"
tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
tcp: tighten acceptance of ACKs not matching a child socket
tcp: fix rejected syncookies due to stale timestamps
inet: protect against too small mtu values.
tipc: fix ordering of tipc module init and exit routine
tcp: md5: fix potential overestimation of TCP option space
openvswitch: support asymmetric conntrack
net: ethernet: ti: cpsw: fix extra rx interrupt
net: bridge: deny dev_set_mac_address() when unregistering
nvme: host: core: fix precedence of ternary operator
kernel/module.c: wakeup processes in module_wq on module unload
net/mlx5e: Fix SFF 8472 eeprom length
sunrpc: fix crash when cache_head become valid before update
workqueue: Fix missing kfree(rescuer) in destroy_workqueue()
blk-mq: make sure that line break can be printed
ext4: fix a bug in ext4_wait_for_tail_page_commit
mm/shmem.c: cast the type of unmap_start to u64
firmware: qcom: scm: Ensure 'a0' status code is treated as signed
reiserfs: fix extended attributes on the root directory
powerpc: Fix vDSO clock_getres()
scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value
scsi: qla2xxx: Fix qla24xx_process_bidir_cmd()
scsi: qla2xxx: Fix session lookup in qlt_abort_work()
scsi: qla2xxx: Fix DMA unmap leak
pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init
ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity
ath10k: fix fw crash by moving chip reset after napi disabled
x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk
x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models
e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait
scsi: lpfc: Cap NPIV vports to 256
omap: pdata-quirks: remove openpandora quirks for mmc3 and wl1251
Btrfs: fix negative subv_writers counter and data space leak after buffered write
iio: adis16480: Add debugfs_reg_access entry
xhci: make sure interrupts are restored to correct state
xhci: Fix memory leak in xhci_add_in_port()
usb: xhci: only set D3hot for pci device
scsi: zfcp: trace channel log even for FCP command responses
quota: fix livelock in dquot_writeback_dquots
ext2: check err when partial != NULL
quota: Check that quota is not dirty before release
video/hdmi: Fix AVI bar unpack
powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB
ppdev: fix PPGETTIME/PPSETTIME ioctls
mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card
pinctrl: samsung: Fix device node refcount leaks in init code
pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init
ACPI: PM: Avoid attaching ACPI PM domain to certain devices
ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data()
ACPI: OSL: only free map once in osl.c
PM / devfreq: Lock devfreq in trans_stat_show
cpuidle: Do not unset the driver if it is there already
media: radio: wl1273: fix interrupt masking on release
media: bdisp: fix memleak on release
ar5523: check NULL before memcpy() in ar5523_cmd()
cgroup: pids: use atomic64_t for pids->limit
blk-mq: avoid sysfs buffer overflow with too many CPU cores
ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report
workqueue: Fix pwq ref leak in rescuer_thread()
workqueue: Fix spurious sanity check failures in destroy_workqueue()
ALSA: hda - Fix pending unsol events at shutdown
lib: raid6: fix awk build warnings
rtlwifi: rtl8192de: Fix missing enable interrupt flag
rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer
rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address
btrfs: record all roots for rename exchange on a subvol
Btrfs: send, skip backreference walking for extents with many references
btrfs: Remove btrfs_bio::flags member
btrfs: check page->mapping when loading free space cache
virtio-balloon: fix managed page counts when migrating pages between zones
mtd: spear_smi: Fix Write Burst mode
usb: mon: Fix a deadlock in usbmon between mmap and read
usb: core: urb: fix URB structure initialization function
USB: adutux: fix interface sanity check
USB: serial: io_edgeport: fix epic endpoint lookup
USB: idmouse: fix interface sanity checks
USB: atm: ueagle-atm: add missing endpoint check
iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting
ARM: dts: pandora-common: define wl1251 as child node of mmc3
xhci: Increase STS_HALT timeout in xhci_suspend()
staging: gigaset: add endpoint-type sanity check
staging: gigaset: fix illegal free on probe errors
staging: gigaset: fix general protection fault on probe
staging: rtl8712: fix interface sanity check
staging: rtl8188eu: fix interface sanity check
usb: Allow USB device to be warm reset in suspended state
USB: uas: heed CAPACITY_HEURISTICS
USB: uas: honor flag to avoid CAPACITY16
usb: gadget: configfs: Fix missing spin_lock_init()
appletalk: Set error code if register_snap_client failed
appletalk: Fix potential NULL pointer dereference in unregister_snap_client
KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
thermal: Fix deadlock in thermal thermal_zone_device_check
RDMA/qib: Validate ->show()/store() callbacks before calling them
spi: atmel: Fix CS high support
crypto: user - fix memory leak in crypto_report
crypto: ecdh - fix big endian bug in ECC library
crypto: ccp - fix uninitialized list head
crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr
KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES
KVM: x86: do not modify masked bits of shared MSRs
drm/i810: Prevent underflow in ioctl
jbd2: Fix possible overflow in jbd2_log_space_left()
can: slcan: Fix use-after-free Read in slcan_open
tty: vt: keyboard: reject invalid keycodes
CIFS: Fix SMB2 oplock break processing
CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect
coresight: etm4x: Fix input validation for sysfs.
Input: goodix - add upside-down quirk for Teclast X89 tablet
ALSA: pcm: oss: Avoid potential buffer overflows
fuse: verify attributes
fuse: verify nlink
sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision
ARM: dts: sunxi: Fix PMU compatible strings
mlx4: Use snprintf instead of complicated strcpy
media: stkwebcam: Bugfix for wrong return values
tty: Don't block on IO when ldisc change is pending
nfsd: Return EPERM, not EACCES, in some SETATTR cases
MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition
powerpc/math-emu: Update macros from GCC
net/mlx4_core: Fix return codes of unsupported operations
dlm: fix invalid cluster name warning
ARM: dts: realview: Fix some more duplicate regulator nodes
clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent
ARM: dts: pxa: clean up USB controller nodes
mtd: fix mtd_oobavail() incoherent returned value
kbuild: fix single target build for external module
modpost: skip ELF local symbols during section mismatch check
tcp: fix SNMP TCP timeout under-estimation
tcp: fix off-by-one bug on aborting window-probing socket
ARM: dts: realview-pbx: Fix duplicate regulator nodes
ARM: dts: mmp2: fix the gpio interrupt cell number
net/x25: fix null_x25_address handling
net/x25: fix called/calling length calculation in x25_parse_address_block
ARM: OMAP1/2: fix SoC name printing
nfsd: fix a warning in __cld_pipe_upcall()
ARM: debug: enable UART1 for socfpga Cyclone5
dlm: NULL check before kmem_cache_destroy is not needed
i2c: imx: don't print error message on probe defer
serial: imx: fix error handling in console_setup
altera-stapl: check for a null key before strcasecmp'ing it
dma-mapping: fix return type of dma_set_max_seg_size()
ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion()
usb: dwc3: don't log probe deferrals; but do log other error codes
dmaengine: coh901318: Remove unused variable
dmaengine: coh901318: Fix a double-lock bug
media: pulse8-cec: return 0 when invalidating the logical address
ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module
rtc: dt-binding: abx80x: fix resistance scale
rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()'
math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning
MIPS: OCTEON: octeon-platform: fix typing
regulator: Fix return value of _set_load() stub
Staging: iio: adt7316: Fix i2c data reading, set the data field
pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues
scsi: zfcp: drop default switch case which might paper over missing case
MIPS: SiByte: Enable ZONE_DMA32 for LittleSur
dlm: fix missing idr_destroy for recover_idr
ARM: dts: rockchip: Fix rk3288-rock2 vcc_flash name
clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering
clk: rockchip: fix rk3188 sclk_smc gate data
extcon: max8997: Fix lack of path setting in USB device mode
net/mlx5: Release resource on error flow
ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+
iwlwifi: mvm: Send non offchannel traffic via AP sta
cxgb4vf: fix memleak in mac_hlist initialization
serial: core: Allow processing sysrq at port unlock time
net: ep93xx_eth: fix mismatch of request_mem_region in remove
rsxx: add missed destroy_workqueue calls in remove
ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed()
Input: cyttsp4_core - fix use after free bug
NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error
audit_get_nd(): don't unlock parent too early
exportfs_decode_fh(): negative pinned may become positive without the parent locked
RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN
autofs: fix a leak in autofs_expire_indirect()
serial: ifx6x60: add missed pm_runtime_disable
serial: serial_core: Perform NULL checks for break_ctl ops
serial: pl011: Fix DMA ->flush_buffer()
tty: serial: msm_serial: Fix flow control
tty: serial: fsl_lpuart: use the sg count from dma_map_sg
usb: gadget: u_serial: add missing port entry locking
arm64: tegra: Fix 'active-low' warning for Jetson TX1 regulator
UPSTREAM: binder: fix incorrect calculation for num_valid
ANDROID: sched/core: Fix arm32 allmodconfig build-break
BACKPORT: bpf: permit multiple bpf attachments for a single perf event
UPSTREAM: bpf: use the same condition in perf event set/free bpf handler
BACKPORT: bpf: multi program support for cgroup+bpf
Conflicts:
drivers/usb/dwc3/core.c
drivers/usb/host/xhci.c
include/trace/events/sched.h
Change-Id: Ida9ef3977cd175731c312341385819f5812f707c
Signed-off-by: jianzhou <jianzhou@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
6f0b5b54fe |
Merge 4.9.207 into android-4.9-q
Changes in 4.9.207
arm64: tegra: Fix 'active-low' warning for Jetson TX1 regulator
usb: gadget: u_serial: add missing port entry locking
tty: serial: fsl_lpuart: use the sg count from dma_map_sg
tty: serial: msm_serial: Fix flow control
serial: pl011: Fix DMA ->flush_buffer()
serial: serial_core: Perform NULL checks for break_ctl ops
serial: ifx6x60: add missed pm_runtime_disable
autofs: fix a leak in autofs_expire_indirect()
RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN
exportfs_decode_fh(): negative pinned may become positive without the parent locked
audit_get_nd(): don't unlock parent too early
NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error
Input: cyttsp4_core - fix use after free bug
ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed()
rsxx: add missed destroy_workqueue calls in remove
net: ep93xx_eth: fix mismatch of request_mem_region in remove
serial: core: Allow processing sysrq at port unlock time
cxgb4vf: fix memleak in mac_hlist initialization
iwlwifi: mvm: Send non offchannel traffic via AP sta
ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+
net/mlx5: Release resource on error flow
extcon: max8997: Fix lack of path setting in USB device mode
clk: rockchip: fix rk3188 sclk_smc gate data
clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering
ARM: dts: rockchip: Fix rk3288-rock2 vcc_flash name
dlm: fix missing idr_destroy for recover_idr
MIPS: SiByte: Enable ZONE_DMA32 for LittleSur
scsi: zfcp: drop default switch case which might paper over missing case
pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues
Staging: iio: adt7316: Fix i2c data reading, set the data field
regulator: Fix return value of _set_load() stub
MIPS: OCTEON: octeon-platform: fix typing
math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning
rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()'
rtc: dt-binding: abx80x: fix resistance scale
ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module
media: pulse8-cec: return 0 when invalidating the logical address
dmaengine: coh901318: Fix a double-lock bug
dmaengine: coh901318: Remove unused variable
usb: dwc3: don't log probe deferrals; but do log other error codes
ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion()
dma-mapping: fix return type of dma_set_max_seg_size()
altera-stapl: check for a null key before strcasecmp'ing it
serial: imx: fix error handling in console_setup
i2c: imx: don't print error message on probe defer
dlm: NULL check before kmem_cache_destroy is not needed
ARM: debug: enable UART1 for socfpga Cyclone5
nfsd: fix a warning in __cld_pipe_upcall()
ARM: OMAP1/2: fix SoC name printing
net/x25: fix called/calling length calculation in x25_parse_address_block
net/x25: fix null_x25_address handling
ARM: dts: mmp2: fix the gpio interrupt cell number
ARM: dts: realview-pbx: Fix duplicate regulator nodes
tcp: fix off-by-one bug on aborting window-probing socket
tcp: fix SNMP TCP timeout under-estimation
modpost: skip ELF local symbols during section mismatch check
kbuild: fix single target build for external module
mtd: fix mtd_oobavail() incoherent returned value
ARM: dts: pxa: clean up USB controller nodes
clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent
ARM: dts: realview: Fix some more duplicate regulator nodes
dlm: fix invalid cluster name warning
net/mlx4_core: Fix return codes of unsupported operations
powerpc/math-emu: Update macros from GCC
MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition
nfsd: Return EPERM, not EACCES, in some SETATTR cases
tty: Don't block on IO when ldisc change is pending
media: stkwebcam: Bugfix for wrong return values
mlx4: Use snprintf instead of complicated strcpy
ARM: dts: sunxi: Fix PMU compatible strings
sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision
fuse: verify nlink
fuse: verify attributes
ALSA: pcm: oss: Avoid potential buffer overflows
Input: goodix - add upside-down quirk for Teclast X89 tablet
coresight: etm4x: Fix input validation for sysfs.
x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect
CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
CIFS: Fix SMB2 oplock break processing
tty: vt: keyboard: reject invalid keycodes
can: slcan: Fix use-after-free Read in slcan_open
jbd2: Fix possible overflow in jbd2_log_space_left()
drm/i810: Prevent underflow in ioctl
KVM: x86: do not modify masked bits of shared MSRs
KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES
crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr
crypto: ccp - fix uninitialized list head
crypto: ecdh - fix big endian bug in ECC library
crypto: user - fix memory leak in crypto_report
spi: atmel: Fix CS high support
RDMA/qib: Validate ->show()/store() callbacks before calling them
thermal: Fix deadlock in thermal thermal_zone_device_check
KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
appletalk: Fix potential NULL pointer dereference in unregister_snap_client
appletalk: Set error code if register_snap_client failed
usb: gadget: configfs: Fix missing spin_lock_init()
USB: uas: honor flag to avoid CAPACITY16
USB: uas: heed CAPACITY_HEURISTICS
usb: Allow USB device to be warm reset in suspended state
staging: rtl8188eu: fix interface sanity check
staging: rtl8712: fix interface sanity check
staging: gigaset: fix general protection fault on probe
staging: gigaset: fix illegal free on probe errors
staging: gigaset: add endpoint-type sanity check
xhci: Increase STS_HALT timeout in xhci_suspend()
ARM: dts: pandora-common: define wl1251 as child node of mmc3
iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting
USB: atm: ueagle-atm: add missing endpoint check
USB: idmouse: fix interface sanity checks
USB: serial: io_edgeport: fix epic endpoint lookup
USB: adutux: fix interface sanity check
usb: core: urb: fix URB structure initialization function
usb: mon: Fix a deadlock in usbmon between mmap and read
mtd: spear_smi: Fix Write Burst mode
virtio-balloon: fix managed page counts when migrating pages between zones
btrfs: check page->mapping when loading free space cache
btrfs: Remove btrfs_bio::flags member
Btrfs: send, skip backreference walking for extents with many references
btrfs: record all roots for rename exchange on a subvol
rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address
rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer
rtlwifi: rtl8192de: Fix missing enable interrupt flag
lib: raid6: fix awk build warnings
ALSA: hda - Fix pending unsol events at shutdown
workqueue: Fix spurious sanity check failures in destroy_workqueue()
workqueue: Fix pwq ref leak in rescuer_thread()
ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report
blk-mq: avoid sysfs buffer overflow with too many CPU cores
cgroup: pids: use atomic64_t for pids->limit
ar5523: check NULL before memcpy() in ar5523_cmd()
media: bdisp: fix memleak on release
media: radio: wl1273: fix interrupt masking on release
cpuidle: Do not unset the driver if it is there already
PM / devfreq: Lock devfreq in trans_stat_show
ACPI: OSL: only free map once in osl.c
ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data()
ACPI: PM: Avoid attaching ACPI PM domain to certain devices
pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init
pinctrl: samsung: Fix device node refcount leaks in init code
mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card
ppdev: fix PPGETTIME/PPSETTIME ioctls
powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB
video/hdmi: Fix AVI bar unpack
quota: Check that quota is not dirty before release
ext2: check err when partial != NULL
quota: fix livelock in dquot_writeback_dquots
scsi: zfcp: trace channel log even for FCP command responses
usb: xhci: only set D3hot for pci device
xhci: Fix memory leak in xhci_add_in_port()
xhci: make sure interrupts are restored to correct state
iio: adis16480: Add debugfs_reg_access entry
Btrfs: fix negative subv_writers counter and data space leak after buffered write
omap: pdata-quirks: remove openpandora quirks for mmc3 and wl1251
scsi: lpfc: Cap NPIV vports to 256
e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait
x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models
x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk
ath10k: fix fw crash by moving chip reset after napi disabled
ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity
pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init
scsi: qla2xxx: Fix DMA unmap leak
scsi: qla2xxx: Fix session lookup in qlt_abort_work()
scsi: qla2xxx: Fix qla24xx_process_bidir_cmd()
scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value
powerpc: Fix vDSO clock_getres()
reiserfs: fix extended attributes on the root directory
firmware: qcom: scm: Ensure 'a0' status code is treated as signed
mm/shmem.c: cast the type of unmap_start to u64
ext4: fix a bug in ext4_wait_for_tail_page_commit
blk-mq: make sure that line break can be printed
workqueue: Fix missing kfree(rescuer) in destroy_workqueue()
sunrpc: fix crash when cache_head become valid before update
net/mlx5e: Fix SFF 8472 eeprom length
kernel/module.c: wakeup processes in module_wq on module unload
nvme: host: core: fix precedence of ternary operator
net: bridge: deny dev_set_mac_address() when unregistering
net: ethernet: ti: cpsw: fix extra rx interrupt
openvswitch: support asymmetric conntrack
tcp: md5: fix potential overestimation of TCP option space
tipc: fix ordering of tipc module init and exit routine
inet: protect against too small mtu values.
tcp: fix rejected syncookies due to stale timestamps
tcp: tighten acceptance of ACKs not matching a child socket
tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
Revert "regulator: Defer init completion for a while after late_initcall"
PCI: Fix Intel ACS quirk UPDCR register address
PCI/MSI: Fix incorrect MSI-X masking on resume
xtensa: fix TLB sanity checker
CIFS: Respect O_SYNC and O_DIRECT flags during reconnect
ARM: dts: s3c64xx: Fix init order of clock providers
ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume()
vfio/pci: call irq_bypass_unregister_producer() before freeing irq
dma-buf: Fix memory leak in sync_file_merge()
dm btree: increase rebalance threshold in __rebalance2()
scsi: iscsi: Fix a potential deadlock in the timeout handler
drm/radeon: fix r1xx/r2xx register checker for POT textures
xhci: fix USB3 device initiated resume race with roothub autosuspend
net: stmmac: use correct DMA buffer size in the RX descriptor
net: stmmac: don't stop NAPI processing when dropping a packet
Linux 4.9.207
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Konstantin Khorenko
|
5defd32bc2 |
kernel/module.c: wakeup processes in module_wq on module unload
[ Upstream commit 5d603311615f612320bb77bd2a82553ef1ced5b7 ]
Fix the race between load and unload a kernel module.
sys_delete_module()
try_stop_module()
mod->state = _GOING
add_unformed_module()
old = find_module_all()
(old->state == _GOING =>
wait_event_interruptible())
During pre-condition
finished_loading() rets 0
schedule()
(never gets waken up later)
free_module()
mod->state = _UNFORMED
list_del_rcu(&mod->list)
(dels mod from "modules" list)
return
The race above leads to modprobe hanging forever on loading
a module.
Error paths on loading module call wake_up_all(&module_wq) after
freeing module, so let's do the same on straight module unload.
Fixes: 6e6de3dee51a ("kernel/module.c: Only return -EEXIST for modules that have finished loading")
Reviewed-by: Prarit Bhargava <prarit@redhat.com>
Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
jianzhou
|
466787ae26 |
Merge android-4.9.188 (d4fff2d) into msm-4.9
* refs/heads/tmp-d4fff2d: Linux 4.9.188 x86, mm, gup: prevent get_page() race with munmap in paravirt guest objtool: Support GCC 9 cold subfunction naming scheme include/linux/module.h: copy __init/__exit attrs to init/cleanup_module Backport minimal compiler_attributes.h to support GCC 9 eeprom: at24: make spd world-readable again coredump: fix race condition between collapse_huge_page() and core dumping infiniband: fix race condition between infiniband mlx4, mlx5 driver and core dumping coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() drivers/perf: arm_pmu: Fix failure path in PM notifier s390/dasd: fix endless loop after read unit address configuration selinux: fix memory leak in policydb_init() gpiolib: fix incorrect IRQ requesting of an active-low lineevent mmc: dw_mmc: Fix occasional hang after tuning on eMMC Btrfs: fix incremental send failure after deduplication kbuild: initialize CLANG_FLAGS correctly in the top Makefile x86, boot: Remove multiple copy of static function sanitize_boot_params() x86/kvm: Don't call kvm_spurious_fault() from .fixup ipc/mqueue.c: only perform resource calculation if user valid drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers coda: fix build using bare-metal toolchain coda: add error handling for fget mm/cma.c: fail if fixed declaration can't be honored x86: math-emu: Hide clang warnings for 16-bit overflow x86/apic: Silence -Wtype-limits compiler warnings be2net: Signal that the device cannot transmit during reconfiguration ACPI: fix false-positive -Wuninitialized warning scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized ceph: return -ERANGE if virtual xattr value didn't fit in buffer ceph: fix improper use of smp_mb__before_atomic() btrfs: fix minimum number of chunk errors for DUP fs/adfs: super: fix use-after-free bug dmaengine: rcar-dmac: Reject zero-length slave DMA requests MIPS: lantiq: Fix bitfield masking kernel/module.c: Only return -EEXIST for modules that have finished loading ftrace: Enable trampoline when rec count returns back to one ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200 ARM: riscpc: fix DMA UPSTREAM: net-ipv6-ndisc: add support for RFC7710 RA Captive Portal Identifier binder: binder: fix possible UAF when freeing buffer Revert "ANDROID: Revert "f2fs: avoid out-of-range memory access"" ANDROID: fix up 9p filesystem due to CFI non-upstream patches ANDROID: Revert "f2fs: avoid out-of-range memory access" Change-Id: I479eae2ad70f75889e4a705648e493fc879bb6b9 Signed-off-by: jianzhou <jianzhou@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
4ebd29edaf |
Merge 4.9.188 into android-4.9-q
Changes in 4.9.188 ARM: riscpc: fix DMA ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200 ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend ftrace: Enable trampoline when rec count returns back to one kernel/module.c: Only return -EEXIST for modules that have finished loading MIPS: lantiq: Fix bitfield masking dmaengine: rcar-dmac: Reject zero-length slave DMA requests fs/adfs: super: fix use-after-free bug btrfs: fix minimum number of chunk errors for DUP ceph: fix improper use of smp_mb__before_atomic() ceph: return -ERANGE if virtual xattr value didn't fit in buffer scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized ACPI: fix false-positive -Wuninitialized warning be2net: Signal that the device cannot transmit during reconfiguration x86/apic: Silence -Wtype-limits compiler warnings x86: math-emu: Hide clang warnings for 16-bit overflow mm/cma.c: fail if fixed declaration can't be honored coda: add error handling for fget coda: fix build using bare-metal toolchain uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings ipc/mqueue.c: only perform resource calculation if user valid x86/kvm: Don't call kvm_spurious_fault() from .fixup x86, boot: Remove multiple copy of static function sanitize_boot_params() kbuild: initialize CLANG_FLAGS correctly in the top Makefile Btrfs: fix incremental send failure after deduplication mmc: dw_mmc: Fix occasional hang after tuning on eMMC gpiolib: fix incorrect IRQ requesting of an active-low lineevent selinux: fix memory leak in policydb_init() s390/dasd: fix endless loop after read unit address configuration drivers/perf: arm_pmu: Fix failure path in PM notifier xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping infiniband: fix race condition between infiniband mlx4, mlx5 driver and core dumping coredump: fix race condition between collapse_huge_page() and core dumping eeprom: at24: make spd world-readable again Backport minimal compiler_attributes.h to support GCC 9 include/linux/module.h: copy __init/__exit attrs to init/cleanup_module objtool: Support GCC 9 cold subfunction naming scheme x86, mm, gup: prevent get_page() race with munmap in paravirt guest Linux 4.9.188 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
d4fff2d0a8 |
Merge 4.9.188 into android-4.9
Changes in 4.9.188 ARM: riscpc: fix DMA ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200 ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend ftrace: Enable trampoline when rec count returns back to one kernel/module.c: Only return -EEXIST for modules that have finished loading MIPS: lantiq: Fix bitfield masking dmaengine: rcar-dmac: Reject zero-length slave DMA requests fs/adfs: super: fix use-after-free bug btrfs: fix minimum number of chunk errors for DUP ceph: fix improper use of smp_mb__before_atomic() ceph: return -ERANGE if virtual xattr value didn't fit in buffer scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized ACPI: fix false-positive -Wuninitialized warning be2net: Signal that the device cannot transmit during reconfiguration x86/apic: Silence -Wtype-limits compiler warnings x86: math-emu: Hide clang warnings for 16-bit overflow mm/cma.c: fail if fixed declaration can't be honored coda: add error handling for fget coda: fix build using bare-metal toolchain uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings ipc/mqueue.c: only perform resource calculation if user valid x86/kvm: Don't call kvm_spurious_fault() from .fixup x86, boot: Remove multiple copy of static function sanitize_boot_params() kbuild: initialize CLANG_FLAGS correctly in the top Makefile Btrfs: fix incremental send failure after deduplication mmc: dw_mmc: Fix occasional hang after tuning on eMMC gpiolib: fix incorrect IRQ requesting of an active-low lineevent selinux: fix memory leak in policydb_init() s390/dasd: fix endless loop after read unit address configuration drivers/perf: arm_pmu: Fix failure path in PM notifier xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping infiniband: fix race condition between infiniband mlx4, mlx5 driver and core dumping coredump: fix race condition between collapse_huge_page() and core dumping eeprom: at24: make spd world-readable again Backport minimal compiler_attributes.h to support GCC 9 include/linux/module.h: copy __init/__exit attrs to init/cleanup_module objtool: Support GCC 9 cold subfunction naming scheme x86, mm, gup: prevent get_page() race with munmap in paravirt guest Linux 4.9.188 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Prarit Bhargava
|
1043076928 |
kernel/module.c: Only return -EEXIST for modules that have finished loading
[ Upstream commit 6e6de3dee51a439f76eb73c22ae2ffd2c9384712 ] Microsoft HyperV disables the X86_FEATURE_SMCA bit on AMD systems, and linux guests boot with repeated errors: amd64_edac_mod: Unknown symbol amd_unregister_ecc_decoder (err -2) amd64_edac_mod: Unknown symbol amd_register_ecc_decoder (err -2) amd64_edac_mod: Unknown symbol amd_report_gart_errors (err -2) amd64_edac_mod: Unknown symbol amd_unregister_ecc_decoder (err -2) amd64_edac_mod: Unknown symbol amd_register_ecc_decoder (err -2) amd64_edac_mod: Unknown symbol amd_report_gart_errors (err -2) The warnings occur because the module code erroneously returns -EEXIST for modules that have failed to load and are in the process of being removed from the module list. module amd64_edac_mod has a dependency on module edac_mce_amd. Using modules.dep, systemd will load edac_mce_amd for every request of amd64_edac_mod. When the edac_mce_amd module loads, the module has state MODULE_STATE_UNFORMED and once the module load fails and the state becomes MODULE_STATE_GOING. Another request for edac_mce_amd module executes and add_unformed_module() will erroneously return -EEXIST even though the previous instance of edac_mce_amd has MODULE_STATE_GOING. Upon receiving -EEXIST, systemd attempts to load amd64_edac_mod, which fails because of unknown symbols from edac_mce_amd. add_unformed_module() must wait to return for any case other than MODULE_STATE_LIVE to prevent a race between multiple loads of dependent modules. Signed-off-by: Prarit Bhargava <prarit@redhat.com> Signed-off-by: Barret Rhoden <brho@google.com> Cc: David Arcari <darcari@redhat.com> Cc: Jessica Yu <jeyu@kernel.org> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Jessica Yu <jeyu@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Minming Qi
|
775e2fbf78 |
Merge android-4.9.131 (7bebf33) into msm-4.9
* refs/heads/tmp-7bebf33:
Linux 4.9.131
media: v4l: event: Prevent freeing event subscriptions while accessed
arm64: KVM: Sanitize PSTATE.M when being set from userspace
i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
arm/arm64: smccc-1.1: Handle function result as parameters
arm/arm64: smccc-1.1: Make return values unsigned long
drm/amdgpu: Update power state at the end of smu hw_init.
drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode
hwmon: (adt7475) Make adt7475_read_word() return errors
hwmon: (ina2xx) fix sysfs shunt resistor read access
e1000: ensure to free old tx/rx rings in set_ringparam()
e1000: check on netif_running() before calling e1000_up()
net: hns: fix skb->truesize underestimation
net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
thermal: of-thermal: disable passive polling when thermal zone is disabled
qed: Wait for MCP halt and resume commands to take place
qed: Wait for ready indication before rereading the shmem
ext4: never move the system.data xattr out of the inode body
arm64: KVM: Tighten guest core register access from userspace
IB/hfi1: Fix SL array bounds check
serial: imx: restore handshaking irq for imx1
scsi: target: iscsi: Use bin2hex instead of a re-implementation
IB/hfi1: Fix context recovery when PBC has an UnsupportedVL
IB/hfi1: Invalid user input can result in crash
IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
Input: elantech - enable middle button of touchpad on ThinkPad P72
USB: remove LPM management from usb_driver_claim_interface()
Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()"
USB: usbdevfs: restore warning for nonsensical flags
USB: usbdevfs: sanitize flags more
media: uvcvideo: Support realtek's UVC 1.5 device
slub: make ->cpu_partial unsigned int
USB: handle NULL config in usb_find_alt_setting()
USB: fix error handling in usb_driver_claim_interface()
regulator: fix crash caused by null driver data
spi: rspi: Fix interrupted DMA transfers
spi: rspi: Fix invalid SPI use during system suspend
spi: sh-msiof: Fix handling of write value for SISTR register
spi: sh-msiof: Fix invalid SPI use during system suspend
spi: tegra20-slink: explicitly enable/disable clock
serial: cpm_uart: return immediately from console poll
tty: serial: lpuart: avoid leaking struct tty_struct
floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
ARM: dts: dra7: fix DCAN node addresses
EDAC: Fix memleak in module init error path
nfsd: fix corrupted reply to badly ordered compound
gpio: Fix wrong rounding in gpio-menz127
module: exclude SHN_UNDEF symbols from kallsyms api
ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
EDAC, i7core: Fix memleaks and use-after-free on probe and remove
scsi: megaraid_sas: Update controller info during resume
scsi: bnx2i: add error handling for ioremap_nocache
perf/x86/intel/lbr: Fix incomplete LBR call stack
HID: hid-ntrig: add error handling for sysfs_create_group
ARM: mvebu: declare asm symbols as character arrays in pmsu.c
wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
drm/sun4i: Fix releasing node when enumerating enpoints
net: phy: xgmiitorgmii: Check phy_driver ready before accessing
ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
net: phy: xgmiitorgmii: Check read_status results
ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
media: tm6000: add error handling for dvb_register_adapter
drivers/tty: add error handling for pcmcia_loop_config
staging: android: ashmem: Fix mmap size validation
media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
media: soc_camera: ov772x: correct setting of banding filter
media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
ALSA: snd-aoa: add of_node_put() in error path
s390/extmem: fix gcc 8 stringop-overflow warning
alarmtimer: Prevent overflow for relative nanosleep
powerpc/powernv/ioda2: Reduce upper limit for DMA window size
usb: wusbcore: security: cast sizeof to int for comparison
scsi: ibmvscsi: Improve strings handling
scsi: klist: Make it safe to use klists in atomic context
scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size
x86/entry/64: Add two more instruction suffixes
ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
x86/tsc: Add missing header to tsc_msr.c
media: fsl-viu: fix error handling in viu_of_probe()
powerpc/kdump: Handle crashkernel memory reservation failure
media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
IB/core: type promotion bug in rdma_rw_init_one_mr()
md-cluster: clear another node's suspend_area after the copy is finished
power: remove possible deadlock when unregistering power_supply
s390/mm: correct allocate_pgste proc_handler callback
6lowpan: iphc: reset mac_header after decompress to fix panic
USB: serial: kobil_sct: fix modem-status error handling
Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
iommu/amd: make sure TLB to be flushed before IOVA freed
power: vexpress: fix corruption in notifier registration
uwb: hwa-rc: fix memory leak at probe
staging: rts5208: fix missing error check on call to rtsx_write_register
x86/numa_emulation: Fix emulated-to-physical node mapping
vmci: type promotion bug in qp_host_get_user_memory()
tsl2550: fix lux1_input error in low light
crypto: skcipher - Fix -Wstringop-truncation warnings
ANDROID: sdcardfs: Change current->fs under lock
ANDROID: sdcardfs: Don't use OVERRIDE_CRED macro
ANDROID: arm64: kbuild: only specify code model with LTO for modules
ANDROID: kbuild: disable LTO_CLANG with KASAN
Change-Id: Ia58b0ba3b5f8294a06470d7811ddaa50de35fbbd
Signed-off-by: Minming Qi <mqi@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
7bebf33f9d |
Merge 4.9.131 into android-4.9
Changes in 4.9.131
crypto: skcipher - Fix -Wstringop-truncation warnings
tsl2550: fix lux1_input error in low light
vmci: type promotion bug in qp_host_get_user_memory()
x86/numa_emulation: Fix emulated-to-physical node mapping
staging: rts5208: fix missing error check on call to rtsx_write_register
uwb: hwa-rc: fix memory leak at probe
power: vexpress: fix corruption in notifier registration
iommu/amd: make sure TLB to be flushed before IOVA freed
Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
USB: serial: kobil_sct: fix modem-status error handling
6lowpan: iphc: reset mac_header after decompress to fix panic
s390/mm: correct allocate_pgste proc_handler callback
power: remove possible deadlock when unregistering power_supply
md-cluster: clear another node's suspend_area after the copy is finished
IB/core: type promotion bug in rdma_rw_init_one_mr()
media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
powerpc/kdump: Handle crashkernel memory reservation failure
media: fsl-viu: fix error handling in viu_of_probe()
x86/tsc: Add missing header to tsc_msr.c
ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
x86/entry/64: Add two more instruction suffixes
scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size
scsi: klist: Make it safe to use klists in atomic context
scsi: ibmvscsi: Improve strings handling
usb: wusbcore: security: cast sizeof to int for comparison
powerpc/powernv/ioda2: Reduce upper limit for DMA window size
alarmtimer: Prevent overflow for relative nanosleep
s390/extmem: fix gcc 8 stringop-overflow warning
ALSA: snd-aoa: add of_node_put() in error path
media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
media: soc_camera: ov772x: correct setting of banding filter
media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
staging: android: ashmem: Fix mmap size validation
drivers/tty: add error handling for pcmcia_loop_config
media: tm6000: add error handling for dvb_register_adapter
ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
net: phy: xgmiitorgmii: Check read_status results
ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
net: phy: xgmiitorgmii: Check phy_driver ready before accessing
drm/sun4i: Fix releasing node when enumerating enpoints
rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
ARM: mvebu: declare asm symbols as character arrays in pmsu.c
HID: hid-ntrig: add error handling for sysfs_create_group
perf/x86/intel/lbr: Fix incomplete LBR call stack
scsi: bnx2i: add error handling for ioremap_nocache
scsi: megaraid_sas: Update controller info during resume
EDAC, i7core: Fix memleaks and use-after-free on probe and remove
ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
module: exclude SHN_UNDEF symbols from kallsyms api
gpio: Fix wrong rounding in gpio-menz127
nfsd: fix corrupted reply to badly ordered compound
EDAC: Fix memleak in module init error path
ARM: dts: dra7: fix DCAN node addresses
floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
tty: serial: lpuart: avoid leaking struct tty_struct
serial: cpm_uart: return immediately from console poll
spi: tegra20-slink: explicitly enable/disable clock
spi: sh-msiof: Fix invalid SPI use during system suspend
spi: sh-msiof: Fix handling of write value for SISTR register
spi: rspi: Fix invalid SPI use during system suspend
spi: rspi: Fix interrupted DMA transfers
regulator: fix crash caused by null driver data
USB: fix error handling in usb_driver_claim_interface()
USB: handle NULL config in usb_find_alt_setting()
slub: make ->cpu_partial unsigned int
media: uvcvideo: Support realtek's UVC 1.5 device
USB: usbdevfs: sanitize flags more
USB: usbdevfs: restore warning for nonsensical flags
Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()"
USB: remove LPM management from usb_driver_claim_interface()
Input: elantech - enable middle button of touchpad on ThinkPad P72
IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
IB/hfi1: Invalid user input can result in crash
IB/hfi1: Fix context recovery when PBC has an UnsupportedVL
scsi: target: iscsi: Use bin2hex instead of a re-implementation
serial: imx: restore handshaking irq for imx1
IB/hfi1: Fix SL array bounds check
arm64: KVM: Tighten guest core register access from userspace
ext4: never move the system.data xattr out of the inode body
qed: Wait for ready indication before rereading the shmem
qed: Wait for MCP halt and resume commands to take place
thermal: of-thermal: disable passive polling when thermal zone is disabled
net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
net: hns: fix skb->truesize underestimation
e1000: check on netif_running() before calling e1000_up()
e1000: ensure to free old tx/rx rings in set_ringparam()
hwmon: (ina2xx) fix sysfs shunt resistor read access
hwmon: (adt7475) Make adt7475_read_word() return errors
drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode
drm/amdgpu: Update power state at the end of smu hw_init.
arm/arm64: smccc-1.1: Make return values unsigned long
arm/arm64: smccc-1.1: Handle function result as parameters
i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
arm64: KVM: Sanitize PSTATE.M when being set from userspace
media: v4l: event: Prevent freeing event subscriptions while accessed
Linux 4.9.131
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Jessica Yu
|
f5b9595f03 |
module: exclude SHN_UNDEF symbols from kallsyms api
[ Upstream commit 9f2d1e68cf4d641def734adaccfc3823d3575e6c ] Livepatch modules are special in that we preserve their entire symbol tables in order to be able to apply relocations after module load. The unwanted side effect of this is that undefined (SHN_UNDEF) symbols of livepatch modules are accessible via the kallsyms api and this can confuse symbol resolution in livepatch (klp_find_object_symbol()) and cause subtle bugs in livepatch. Have the module kallsyms api skip over SHN_UNDEF symbols. These symbols are usually not available for normal modules anyway as we cut down their symbol tables to just the core (non-undefined) symbols, so this should really just affect livepatch modules. Note that this patch doesn't affect the display of undefined symbols in /proc/kallsyms. Reported-by: Josh Poimboeuf <jpoimboe@redhat.com> Tested-by: Josh Poimboeuf <jpoimboe@redhat.com> Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Jessica Yu <jeyu@kernel.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Mukesh Ojha
|
8ab49564cd |
Kconfig.debug: module: Add debug config to debug modules
There can be scenario where, dynamically loadable modules adds a certain nodes in list data structure and forgot to remove reference from the list while unloading themself. And this can result in fault while accessing those dangling pointers. So If we log the module used address ranges, we could be able to tell exact victim module. And, It will be good to keep these debug logs under a config flag. So, let's add DEBUG_MODULE_LOAD_INFO config and use this in printing module used init and core layout address ranges. e.g: Core layout sections: [ 40.599573] .text [ 40.627074] .plt [ 40.603426] .rodata.str1.8 [ 40.608016] __mcount_loc [ 40.622142] .note.gnu.build-id [ 40.612654] .data [ 40.616438] .gnu.linkonce.this_module [ 40.634909] .bss Init layout sections [ 40.630781] .init.plt [ 40.638591] .symtab [ 40.642573] .strtab After this patch: / # insmod sample.ko [ 26.244768] Hi Mukesh [ 26.247314] Loaded sample: module init layout addresses range: 0xffffff9dbff8a000-0xffffff9dbff8bfff [ 26.256896] sample: core layout addresses range: 0xffffff9dbff85000-0xffffff9dbff88fff / # rmmod sample [ 63.812065] Bye Mukesh [ 63.816318] Unloaded sample: module core layout address range: 0xffffff9dbff85000-0xffffff9dbff88fff Change-Id: I4acfc4f53c561f92ca63fa3c4559148929575580 Signed-off-by: Mukesh Ojha <mojha@codeaurora.org> |
||
|
Greg Hackmann
|
05baf14727 |
Merge tag 'v4.9.93' into android-4.9
This is the 4.9.93 stable release Change-Id: I4293d83f45982c6fd479bddbf9b0f811248ddc30 Signed-off-by: Greg Hackmann <ghackmann@google.com> |
||
|
AKASHI Takahiro
|
7f9a93b30b |
module: extend 'rodata=off' boot cmdline parameter to module mappings
commit 39290b389ea upstream.
The current "rodata=off" parameter disables read-only kernel mappings
under CONFIG_DEBUG_RODATA:
commit
|
||
|
Sami Tolvanen
|
00a195e7c0 |
add support for clang Control Flow Integrity (CFI)
This change adds the CONFIG_CFI_CLANG option, CFI error handling, and a faster look-up table for cross module CFI checks. Bug: 67506682 Change-Id: Ic009f0a629b552a0eb16e6d89808c7029e91447d Signed-off-by: Sami Tolvanen <samitolvanen@google.com> |
||
|
Andi Kleen
|
a1745ad92f |
module/retpoline: Warn about missing retpoline in module
(cherry picked from commit caf7501a1b4ec964190f31f9c3f163de252273b8) There's a risk that a kernel which has full retpoline mitigations becomes vulnerable when a module gets loaded that hasn't been compiled with the right compiler or the right option. To enable detection of that mismatch at module load time, add a module info string "retpoline" at build time when the module was compiled with retpoline support. This only covers compiled C source, but assembler source or prebuilt object files are not checked. If a retpoline enabled kernel detects a non retpoline protected module at load time, print a warning and report it in the sysfs vulnerability file. [ tglx: Massaged changelog ] Signed-off-by: Andi Kleen <ak@linux.intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: David Woodhouse <dwmw2@infradead.org> Cc: gregkh@linuxfoundation.org Cc: torvalds@linux-foundation.org Cc: jeyu@kernel.org Cc: arjan@linux.intel.com Link: https://lkml.kernel.org/r/20180125235028.31211-1-andi@firstfloor.org Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Linus Torvalds
|
faaae2a581 |
Re-enable CONFIG_MODVERSIONS in a slightly weaker form
This enables CONFIG_MODVERSIONS again, but allows for missing symbol CRC information in order to work around the issue that newer binutils versions seem to occasionally drop the CRC on the floor. binutils 2.26 seems to work fine, while binutils 2.27 seems to break MODVERSIONS of symbols that have been defined in assembler files. [ We've had random missing CRC's before - it may be an old problem that just is now reliably triggered with the weak asm symbols and a new version of binutils ] Some day I really do want to remove MODVERSIONS entirely. Sadly, today does not appear to be that day: Debian people apparently do want the option to enable MODVERSIONS to make it easier to have external modules across kernel versions, and this seems to be a fairly minimal fix for the annoying problem. Cc: Ben Hutchings <ben@decadent.org.uk> Acked-by: Michal Marek <mmarek@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Josh Poimboeuf
|
2992ef29ae |
livepatch/module: make TAINT_LIVEPATCH module-specific
There's no reliable way to determine which module tainted the kernel with TAINT_LIVEPATCH. For example, /sys/module/<klp module>/taint doesn't report it. Neither does the "mod -t" command in the crash tool. Make it crystal clear who the guilty party is by associating TAINT_LIVEPATCH with any module which sets the "livepatch" modinfo attribute. The flag will still get set in the kernel like before, but now it also sets the same flag in mod->taint. Note that now the taint flag gets set when the module is loaded rather than when it's enabled. I also renamed find_livepatch_modinfo() to check_modinfo_livepatch() to better reflect its purpose: it's basically a livepatch-specific sub-function of check_modinfo(). Reported-by: Chunyu Hu <chuhu@redhat.com> Reviewed-by: Petr Mladek <pmladek@suse.com> Acked-by: Miroslav Benes <mbenes@suse.cz> Acked-by: Jessica Yu <jeyu@redhat.com> Acked-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> |
||
|
Linus Torvalds
|
fb1b83d3ff |
Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
Pull module updates from Rusty Russell: "The only interesting thing here is Jessica's patch to add ro_after_init support to modules. The rest are all trivia" * tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: extable.h: add stddef.h so "NULL" definition is not implicit modules: add ro_after_init support jump_label: disable preemption around __module_text_address(). exceptions: fork exception table content from module.h into extable.h modules: Add kernel parameter to blacklist modules module: Do a WARN_ON_ONCE() for assert module mutex not held Documentation/module-signing.txt: Note need for version info if reusing a key module: Invalidate signatures on force-loaded modules module: Issue warnings when tainting kernel module: fix redundant test. module: fix noreturn attribute for __module_put_and_exit() |
||
|
Jessica Yu
|
444d13ff10 |
modules: add ro_after_init support
Add ro_after_init support for modules by adding a new page-aligned section in the module layout (after rodata) for ro_after_init data and enabling RO protection for that section after module init runs. Signed-off-by: Jessica Yu <jeyu@redhat.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> |
||
|
Prarit Bhargava
|
be7de5f91f |
modules: Add kernel parameter to blacklist modules
Blacklisting a module in linux has long been a problem. The current procedure is to use rd.blacklist=module_name, however, that doesn't cover the case after the initramfs and before a boot prompt (where one is supposed to use /etc/modprobe.d/blacklist.conf to blacklist runtime loading). Using rd.shell to get an early prompt is hit-or-miss, and doesn't cover all situations AFAICT. This patch adds this functionality of permanently blacklisting a module by its name via the kernel parameter module_blacklist=module_name. [v2]: Rusty, use core_param() instead of __setup() which simplifies things. [v3]: Rusty, undo wreckage from strsep() [v4]: Rusty, simpler version of blacklisted() Signed-off-by: Prarit Bhargava <prarit@redhat.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: linux-doc@vger.kernel.org Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> |
||
|
Steven Rostedt
|
9502514f28 |
module: Do a WARN_ON_ONCE() for assert module mutex not held
When running with lockdep enabled, I triggered the WARN_ON() in the module code that asserts when module_mutex or rcu_read_lock_sched are not held. The issue I have is that this can also be called from the dump_stack() code, causing us to enter an infinite loop... ------------[ cut here ]------------ WARNING: CPU: 1 PID: 0 at kernel/module.c:268 module_assert_mutex_or_preempt+0x3c/0x3e Modules linked in: ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.7.0-rc3-test-00013-g501c2375253c #14 Hardware name: MSI MS-7823/CSM-H87M-G43 (MS-7823), BIOS V1.6 02/22/2014 ffff880215e8fa70 ffff880215e8fa70 ffffffff812fc8e3 0000000000000000 ffffffff81d3e55b ffff880215e8fac0 ffffffff8104fc88 ffffffff8104fcab 0000000915e88300 0000000000000046 ffffffffa019b29a 0000000000000001 Call Trace: [<ffffffff812fc8e3>] dump_stack+0x67/0x90 [<ffffffff8104fc88>] __warn+0xcb/0xe9 [<ffffffff8104fcab>] ? warn_slowpath_null+0x5/0x1f ------------[ cut here ]------------ WARNING: CPU: 1 PID: 0 at kernel/module.c:268 module_assert_mutex_or_preempt+0x3c/0x3e Modules linked in: ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.7.0-rc3-test-00013-g501c2375253c #14 Hardware name: MSI MS-7823/CSM-H87M-G43 (MS-7823), BIOS V1.6 02/22/2014 ffff880215e8f7a0 ffff880215e8f7a0 ffffffff812fc8e3 0000000000000000 ffffffff81d3e55b ffff880215e8f7f0 ffffffff8104fc88 ffffffff8104fcab 0000000915e88300 0000000000000046 ffffffffa019b29a 0000000000000001 Call Trace: [<ffffffff812fc8e3>] dump_stack+0x67/0x90 [<ffffffff8104fc88>] __warn+0xcb/0xe9 [<ffffffff8104fcab>] ? warn_slowpath_null+0x5/0x1f ------------[ cut here ]------------ WARNING: CPU: 1 PID: 0 at kernel/module.c:268 module_assert_mutex_or_preempt+0x3c/0x3e Modules linked in: ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.7.0-rc3-test-00013-g501c2375253c #14 Hardware name: MSI MS-7823/CSM-H87M-G43 (MS-7823), BIOS V1.6 02/22/2014 ffff880215e8f4d0 ffff880215e8f4d0 ffffffff812fc8e3 0000000000000000 ffffffff81d3e55b ffff880215e8f520 ffffffff8104fc88 ffffffff8104fcab 0000000915e88300 0000000000000046 ffffffffa019b29a 0000000000000001 Call Trace: [<ffffffff812fc8e3>] dump_stack+0x67/0x90 [<ffffffff8104fc88>] __warn+0xcb/0xe9 [<ffffffff8104fcab>] ? warn_slowpath_null+0x5/0x1f ------------[ cut here ]------------ WARNING: CPU: 1 PID: 0 at kernel/module.c:268 module_assert_mutex_or_preempt+0x3c/0x3e [...] Which gives us rather useless information. Worse yet, there's some race that causes this, and I seldom trigger it, so I have no idea what happened. This would not be an issue if that warning was a WARN_ON_ONCE(). Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> |
||
|
Luis de Bethencourt
|
9d5059c959 |
dynamic_debug: only add header when used
kernel.h header doesn't directly use dynamic debug, instead we can include it in module.c (which used it via kernel.h). printk.h only uses it if CONFIG_DYNAMIC_DEBUG is on, changing the inclusion to only happen in that case. Link: http://lkml.kernel.org/r/1468429793-16917-1-git-send-email-luisbg@osg.samsung.com [luisbg@osg.samsung.com: include dynamic_debug.h in drb_int.h] Link: http://lkml.kernel.org/r/1468447828-18558-2-git-send-email-luisbg@osg.samsung.com Signed-off-by: Luis de Bethencourt <luisbg@osg.samsung.com> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com> Cc: Borislav Petkov <bp@suse.de> Cc: Michal Nazarewicz <mina86@mina86.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Joe Perches <joe@perches.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Ben Hutchings
|
bca014caaa |
module: Invalidate signatures on force-loaded modules
Signing a module should only make it trusted by the specific kernel it was built for, not anything else. Loading a signed module meant for a kernel with a different ABI could have interesting effects. Therefore, treat all signatures as invalid when a module is force-loaded. Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Cc: stable@vger.kernel.org Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> |
||
|
Libor Pechacek
|
3205c36cf7 |
module: Issue warnings when tainting kernel
While most of the locations where a kernel taint bit is set are accompanied with a warning message, there are two which set their bits silently. If the tainting module gets unloaded later on, it is almost impossible to tell what was the reason for setting the flag. Signed-off-by: Libor Pechacek <lpechacek@suse.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> |
||
|
Rusty Russell
|
c75b590d60 |
module: fix redundant test.
[linux-4.5-rc4/kernel/module.c:1692]: (style) Redundant condition: attr.test.
'!attr.test || (attr.test && attr.test(mod))' is equivalent to '!attr.test ||
attr.test(mod)'
This code was added like this ten years ago, in
|
||
|
Jiri Kosina
|
bf262dcec6 |
module: fix noreturn attribute for __module_put_and_exit()
__module_put_and_exit() is makred noreturn in module.h declaration, but is lacking the attribute in the definition, which makes some tools (such as sparse) unhappy. Amend the definition with the attribute as well (and reformat the declaration so that it uses more common format). Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> |
||
|
Jessica Yu
|
1ce15ef4f6 |
module: preserve Elf information for livepatch modules
For livepatch modules, copy Elf section, symbol, and string information from the load_info struct in the module loader. Persist copies of the original symbol table and string table. Livepatch manages its own relocation sections in order to reuse module loader code to write relocations. Livepatch modules must preserve Elf information such as section indices in order to apply livepatch relocation sections using the module loader's apply_relocate_add() function. In order to apply livepatch relocation sections, livepatch modules must keep a complete copy of their original symbol table in memory. Normally, a stripped down copy of a module's symbol table (containing only "core" symbols) is made available through module->core_symtab. But for livepatch modules, the symbol table copied into memory on module load must be exactly the same as the symbol table produced when the patch module was compiled. This is because the relocations in each livepatch relocation section refer to their respective symbols with their symbol indices, and the original symbol indices (and thus the symtab ordering) must be preserved in order for apply_relocate_add() to find the right symbol. Signed-off-by: Jessica Yu <jeyu@redhat.com> Reviewed-by: Miroslav Benes <mbenes@suse.cz> Acked-by: Josh Poimboeuf <jpoimboe@redhat.com> Acked-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Jiri Kosina <jkosina@suse.cz> |
||
|
Linus Torvalds
|
0f49fc95b8 |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching
Pull livepatching update from Jiri Kosina: - cleanup of module notifiers; this depends on a module.c cleanup which has been acked by Rusty; from Jessica Yu - small assorted fixes and MAINTAINERS update * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching: livepatch/module: remove livepatch module notifier modules: split part of complete_formation() into prepare_coming_module() livepatch: Update maintainers livepatch: Fix the error message about unresolvable ambiguity klp: remove CONFIG_LIVEPATCH dependency from klp headers klp: remove superfluous errors in asm/livepatch.h |
||
|
Linus Torvalds
|
bb7aeae3d6 |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security layer updates from James Morris: "There are a bunch of fixes to the TPM, IMA, and Keys code, with minor fixes scattered across the subsystem. IMA now requires signed policy, and that policy is also now measured and appraised" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (67 commits) X.509: Make algo identifiers text instead of enum akcipher: Move the RSA DER encoding check to the crypto layer crypto: Add hash param to pkcs1pad sign-file: fix build with CMS support disabled MAINTAINERS: update tpmdd urls MODSIGN: linux/string.h should be #included to get memcpy() certs: Fix misaligned data in extra certificate list X.509: Handle midnight alternative notation in GeneralizedTime X.509: Support leap seconds Handle ISO 8601 leap seconds and encodings of midnight in mktime64() X.509: Fix leap year handling again PKCS#7: fix unitialized boolean 'want' firmware: change kernel read fail to dev_dbg() KEYS: Use the symbol value for list size, updated by scripts/insert-sys-cert KEYS: Reserve an extra certificate symbol for inserting without recompiling modsign: hide openssl output in silent builds tpm_tis: fix build warning with tpm_tis_resume ima: require signed IMA policy ima: measure and appraise the IMA policy itself ima: load policy using path ... |
||
|
Jessica Yu
|
7e545d6eca |
livepatch/module: remove livepatch module notifier
Remove the livepatch module notifier in favor of directly enabling and disabling patches to modules in the module loader. Hard-coding the function calls ensures that ftrace_module_enable() is run before klp_module_coming() during module load, and that klp_module_going() is run before ftrace_release_mod() during module unload. This way, ftrace and livepatch code is run in the correct order during the module load/unload sequence without dependence on the module notifier call chain. Signed-off-by: Jessica Yu <jeyu@redhat.com> Reviewed-by: Petr Mladek <pmladek@suse.cz> Acked-by: Josh Poimboeuf <jpoimboe@redhat.com> Acked-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Jiri Kosina <jkosina@suse.cz> |
||
|
Jessica Yu
|
4c973d1620 |
modules: split part of complete_formation() into prepare_coming_module()
Put all actions in complete_formation() that are performed after
module->state is set to MODULE_STATE_COMING into a separate function
prepare_coming_module(). This split prepares for the removal of the
livepatch module notifiers in favor of hard-coding function calls to
klp_module_{coming,going} in the module loader.
The complete_formation -> prepare_coming_module split will also make error
handling easier since we can jump to the appropriate error label to do any
module GOING cleanup after all the COMING-actions have completed.
Signed-off-by: Jessica Yu <jeyu@redhat.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Reviewed-by: Petr Mladek <pmladek@suse.cz>
Acked-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
||
|
Mimi Zohar
|
a1db742094 |
module: replace copy_module_from_fd with kernel version
Replace copy_module_from_fd() with kernel_read_file_from_fd(). Although none of the upstreamed LSMs define a kernel_module_from_file hook, IMA is called, based on policy, to prevent unsigned kernel modules from being loaded by the original kernel module syscall and to measure/appraise signed kernel modules. The security function security_kernel_module_from_file() was called prior to reading a kernel module. Preventing unsigned kernel modules from being loaded by the original kernel module syscall remains on the pre-read kernel_read_file() security hook. Instead of reading the kernel module twice, once for measuring/appraising and again for loading the kernel module, the signature validation is moved to the kernel_post_read_file() security hook. This patch removes the security_kernel_module_from_file() hook and security call. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: Kees Cook <keescook@chromium.org> Acked-by: Luis R. Rodriguez <mcgrof@kernel.org> Cc: Rusty Russell <rusty@rustcorp.com.au> |
||
|
Linus Torvalds
|
705d43dbe1 |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching
Pull livepatching fixes from Jiri Kosina: - regression (from 4.4) fix for ordering issue, introduced by an earlier ftrace change, that broke live patching of modules. The fix replaces the ftrace module notifier by direct call in order to make the ordering guaranteed and well-defined. The patch, from Jessica Yu, has been acked both by Steven and Rusty - error message fix from Miroslav Benes * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching: ftrace/module: remove ftrace module notifier livepatch: change the error message in asm/livepatch.h header files |
||
|
Jessica Yu
|
7dcd182bec |
ftrace/module: remove ftrace module notifier
Remove the ftrace module notifier in favor of directly calling
ftrace_module_enable() and ftrace_release_mod() in the module loader.
Hard-coding the function calls directly in the module loader removes
dependence on the module notifier call chain and provides better
visibility and control over what gets called when, which is important
to kernel utilities such as livepatch.
This fixes a notifier ordering issue in which the ftrace module notifier
(and hence ftrace_module_enable()) for coming modules was being called
after klp_module_notify(), which caused livepatch modules to initialize
incorrectly. This patch removes dependence on the module notifier call
chain in favor of hard coding the corresponding function calls in the
module loader. This ensures that ftrace and livepatch code get called in
the correct order on patch module load and unload.
Fixes:
|
||
|
Rusty Russell
|
8244062ef1 |
modules: fix longstanding /proc/kallsyms vs module insertion race.
For CONFIG_KALLSYMS, we keep two symbol tables and two string tables. There's one full copy, marked SHF_ALLOC and laid out at the end of the module's init section. There's also a cut-down version that only contains core symbols and strings, and lives in the module's core section. After module init (and before we free the module memory), we switch the mod->symtab, mod->num_symtab and mod->strtab to point to the core versions. We do this under the module_mutex. However, kallsyms doesn't take the module_mutex: it uses preempt_disable() and rcu tricks to walk through the modules, because it's used in the oops path. It's also used in /proc/kallsyms. There's nothing atomic about the change of these variables, so we can get the old (larger!) num_symtab and the new symtab pointer; in fact this is what I saw when trying to reproduce. By grouping these variables together, we can use a carefully-dereferenced pointer to ensure we always get one or the other (the free of the module init section is already done in an RCU callback, so that's safe). We allocate the init one at the end of the module init section, and keep the core one inside the struct module itself (it could also have been allocated at the end of the module core, but that's probably overkill). Reported-by: Weilong Chen <chenweilong@huawei.com> Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=111541 Cc: stable@kernel.org Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> |
||
|
Rusty Russell
|
2e7bac5361 |
module: wrapper for symbol name.
This trivial wrapper adds clarity and makes the following patch smaller. Cc: stable@kernel.org Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> |
||
|
Luis R. Rodriguez
|
4355efbd80 |
modules: fix modparam async_probe request
Commit |
||
|
Linus Torvalds
|
0f0836b7eb |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching
Pull livepatching updates from Jiri Kosina:
- RO/NX attribute fixes for patch module relocations from Josh
Poimboeuf. As part of this effort, module.c has been cleaned up as
well and livepatching is piggy-backing on this cleanup. Rusty is OK
with this whole lot going through livepatching tree.
- symbol disambiguation support from Chris J Arges. That series is
also
Reviewed-by: Miroslav Benes <mbenes@suse.cz>
but this came in only after I've alredy pushed out. Didn't want to
rebase because of that, hence I am mentioning it here.
- symbol lookup fix from Miroslav Benes
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching:
livepatch: Cleanup module page permission changes
module: keep percpu symbols in module's symtab
module: clean up RO/NX handling.
module: use a structure to encapsulate layout.
gcov: use within_module() helper.
module: Use the same logic for setting and unsetting RO/NX
livepatch: function,sympos scheme in livepatch sysfs directory
livepatch: add sympos as disambiguator field to klp_reloc
livepatch: add old_sympos as disambiguator field to klp_func
|
||
|
Steven Rostedt (Red Hat)
|
049fb9bd41 |
ftrace/module: Call clean up function when module init fails early
If the module init code fails after calling ftrace_module_init() and before
calling do_init_module(), we can suffer from a memory leak. This is because
ftrace_module_init() allocates pages to store the locations that ftrace
hooks are placed in the module text. If do_init_module() fails, it still
calls the MODULE_GOING notifiers which will tell ftrace to do a clean up of
the pages it allocated for the module. But if load_module() fails before
then, the pages allocated by ftrace_module_init() will never be freed.
Call ftrace_release_mod() on the module if load_module() fails before
getting to do_init_module().
Link: http://lkml.kernel.org/r/567CEA31.1070507@intel.com
Reported-by: "Qiu, PeiyangX" <peiyangx.qiu@intel.com>
Fixes:
|
||
|
Miroslav Benes
|
e022441851 |
module: keep percpu symbols in module's symtab
Currently, percpu symbols from .data..percpu ELF section of a module are not copied over and stored in final symtab array of struct module. Consequently such symbol cannot be returned via kallsyms API (for example kallsyms_lookup_name). This can be especially confusing when the percpu symbol is exported. Only its __ksymtab et al. are present in its symtab. The culprit is in layout_and_allocate() function where SHF_ALLOC flag is dropped for .data..percpu section. There is in fact no need to copy the section to final struct module, because kernel module loader allocates extra percpu section by itself. Unfortunately only symbols from SHF_ALLOC sections are copied due to a check in is_core_symbol(). The patch changes is_core_symbol() function to copy over also percpu symbols (their st_shndx points to .data..percpu ELF section). We do it only if CONFIG_KALLSYMS_ALL is set to be consistent with the rest of the function (ELF section is SHF_ALLOC but !SHF_EXECINSTR). Finally elf_type() returns type 'a' for a percpu symbol because its address is absolute. Signed-off-by: Miroslav Benes <mbenes@suse.cz> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Jiri Kosina <jkosina@suse.cz> |
||
|
Rusty Russell
|
85c898db63 |
module: clean up RO/NX handling.
Modules have three sections: text, rodata and writable data. The code handled the case where these overlapped, however they never can: debug_align() ensures they are always page-aligned. This is why we got away with manually traversing the pages in set_all_modules_text_rw() without rounding. We create three helper functions: frob_text(), frob_rodata() and frob_writable_data(). We then call these explicitly at every point, so it's clear what we're doing. We also expose module_enable_ro() and module_disable_ro() for livepatch to use. Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Jiri Kosina <jkosina@suse.cz> |
||
|
Rusty Russell
|
7523e4dc50 |
module: use a structure to encapsulate layout.
Makes it easier to handle init vs core cleanly, though the change is fairly invasive across random architectures. It simplifies the rbtree code immediately, however, while keeping the core data together in the same cachline (now iff the rbtree code is enabled). Acked-by: Peter Zijlstra <peterz@infradead.org> Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Jiri Kosina <jkosina@suse.cz> |
||
|
Josh Poimboeuf
|
20ef10c1b3 |
module: Use the same logic for setting and unsetting RO/NX
When setting a module's RO and NX permissions, set_section_ro_nx() is
used, but when clearing them, unset_module_{init,core}_ro_nx() are used.
The unset functions don't have the same checks the set function has for
partial page protections. It's probably harmless, but it's still
confusingly asymmetrical.
Instead, use the same logic to do both. Also add some new
set_module_{init,core}_ro_nx() helper functions for more symmetry with
the unset functions.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
||
|
Peter Zijlstra
|
275d7d44d8 |
module: Fix locking in symbol_put_addr()
Poma (on the way to another bug) reported an assertion triggering:
[<ffffffff81150529>] module_assert_mutex_or_preempt+0x49/0x90
[<ffffffff81150822>] __module_address+0x32/0x150
[<ffffffff81150956>] __module_text_address+0x16/0x70
[<ffffffff81150f19>] symbol_put_addr+0x29/0x40
[<ffffffffa04b77ad>] dvb_frontend_detach+0x7d/0x90 [dvb_core]
Laura Abbott <labbott@redhat.com> produced a patch which lead us to
inspect symbol_put_addr(). This function has a comment claiming it
doesn't need to disable preemption around the module lookup
because it holds a reference to the module it wants to find, which
therefore cannot go away.
This is wrong (and a false optimization too, preempt_disable() is really
rather cheap, and I doubt any of this is on uber critical paths,
otherwise it would've retained a pointer to the actual module anyway and
avoided the second lookup).
While its true that the module cannot go away while we hold a reference
on it, the data structure we do the lookup in very much _CAN_ change
while we do the lookup. Therefore fix the comment and add the
required preempt_disable().
Reported-by: poma <pomidorabelisima@gmail.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Fixes:
|