vic
281 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
¨raystef66¨
|
670a6de715 |
Merge tag 'v4.14.322' of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux into 13.0
This is the 4.14.322 stable release |
||
|
Thomas Gleixner
|
8dc52c200b |
posix-timers: Ensure timer ID search-loop limit is valid
[ Upstream commit 8ce8849dd1e78dadcee0ec9acbd259d239b7069f ]
posix_timer_add() tries to allocate a posix timer ID by starting from the
cached ID which was stored by the last successful allocation.
This is done in a loop searching the ID space for a free slot one by
one. The loop has to terminate when the search wrapped around to the
starting point.
But that's racy vs. establishing the starting point. That is read out
lockless, which leads to the following problem:
CPU0 CPU1
posix_timer_add()
start = sig->posix_timer_id;
lock(hash_lock);
... posix_timer_add()
if (++sig->posix_timer_id < 0)
start = sig->posix_timer_id;
sig->posix_timer_id = 0;
So CPU1 can observe a negative start value, i.e. -1, and the loop break
never happens because the condition can never be true:
if (sig->posix_timer_id == start)
break;
While this is unlikely to ever turn into an endless loop as the ID space is
huge (INT_MAX), the racy read of the start value caught the attention of
KCSAN and Dmitry unearthed that incorrectness.
Rewrite it so that all id operations are under the hash lock.
Reported-by: syzbot+5c54bd3eb218bb595aa9@syzkaller.appspotmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Link: https://lore.kernel.org/r/87bkhzdn6g.ffs@tglx
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
¨raystef66¨
|
f4063f3ddb |
Merge tag 'v4.14.316' of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux into 13.0
This is the 4.14.316 stable release |
||
|
Josh Poimboeuf
|
403da142de |
sched: Fix KCSAN noinstr violation
[ Upstream commit e0b081d17a9f4e5c0cbb0e5fbeb1abe3de0f7e4e ] With KCSAN enabled, end_of_stack() can get out-of-lined. Force it inline. Fixes the following warnings: vmlinux.o: warning: objtool: check_stackleak_irqoff+0x2b: call to end_of_stack() leaves .noinstr.text section Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lore.kernel.org/r/cc1b4d73d3a428a00d206242a68fdf99a934ca7b.1681320026.git.jpoimboe@kernel.org Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
¨raystef66¨
|
a171fb7186 |
Merge tag 'v4.14.305' of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux into 13.0
This is the 4.14.305 stable release |
||
|
Eric W. Biederman
|
5eded74b49 |
exit: Add and use make_task_dead.
commit 0e25498f8cd43c1b5aa327f373dd094e9a006da7 upstream. There are two big uses of do_exit. The first is it's design use to be the guts of the exit(2) system call. The second use is to terminate a task after something catastrophic has happened like a NULL pointer in kernel code. Add a function make_task_dead that is initialy exactly the same as do_exit to cover the cases where do_exit is called to handle catastrophic failure. In time this can probably be reduced to just a light wrapper around do_task_dead. For now keep it exactly the same so that there will be no behavioral differences introducing this new concept. Replace all of the uses of do_exit that use it for catastraphic task cleanup with make_task_dead to make it clear what the code is doing. As part of this rename rewind_stack_do_exit rewind_stack_and_make_dead. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Waiman Long
|
f1ebafc434 |
locking/rwsem: Always release wait_lock before waking up tasks
With the use of wake_q, we can do task wakeups without holding the wait_lock. There is one exception in the rwsem code, though. It is when the writer in the slowpath detects that there are waiters ahead but the rwsem is not held by a writer. This can lead to a long wait_lock hold time especially when a large number of readers are to be woken up. Remediate this situation by releasing the wait_lock before waking up tasks and re-acquiring it afterward. The rwsem_try_write_lock() function is also modified to read the rwsem count directly to avoid stale count value. Suggested-by: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Waiman Long <longman@redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Tim Chen <tim.c.chen@linux.intel.com> Cc: Will Deacon <will.deacon@arm.com> Cc: huang ying <huang.ying.caritas@gmail.com> Link: https://lkml.kernel.org/r/20190520205918.22251-9-longman@redhat.com Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Danny Lin <danny@kdrag0n.dev> |
||
|
EcrosoftXiao
|
356f9b9a58 | Merge branch 'android-4.14-stable' of https://android.googlesource.com/kernel/common into HEAD | ||
|
Greg Kroah-Hartman
|
6d1f178f21 |
Merge 4.14.257 into android-4.14-stable
Changes in 4.14.257 USB: serial: option: add Telit LE910S1 0x9200 composition USB: serial: option: add Fibocom FM101-GL variants usb: hub: Fix usb enumeration issue due to address0 race usb: hub: Fix locking issues with address0_mutex binder: fix test regression due to sender_euid change ALSA: ctxfi: Fix out-of-range access media: cec: copy sequence field for the reply HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() fuse: fix page stealing xen: don't continue xenstore initialization in case of errors xen: detect uninitialized xenbus in xenbus_init tracing: Fix pid filtering when triggers are attached netfilter: ipvs: Fix reuse connection if RS weight is 0 ARM: dts: BCM5301X: Fix I2C controller interrupt ARM: dts: BCM5301X: Add interrupt properties to GPIO node ASoC: topology: Add missing rwsem around snd_ctl_remove() calls net: ieee802154: handle iftypes as u32 NFSv42: Don't fail clone() unless the OP_CLONE operation failed ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE scsi: mpt3sas: Fix kernel panic during drive powercycle test drm/vc4: fix error code in vc4_create_object() ipv6: fix typos in __ip6_finish_output() net/smc: Ensure the active closing peer first closes clcsock PM: hibernate: use correct mode for swsusp_close() tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 net/smc: Don't call clcsock shutdown twice when smc shutdown vhost/vsock: fix incorrect used length reported to the guest tracing: Check pid filtering when creating events s390/mm: validate VMA in PGSTE manipulation functions PCI: aardvark: Fix I/O space page leak PCI: aardvark: Fix a leaked reference by adding missing of_node_put() PCI: aardvark: Wait for endpoint to be ready before training link PCI: aardvark: Train link immediately after enabling training PCI: aardvark: Improve link training PCI: aardvark: Issue PERST via GPIO PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros PCI: aardvark: Indicate error in 'val' when config read fails PCI: aardvark: Introduce an advk_pcie_valid_device() helper PCI: aardvark: Don't touch PCIe registers if no card connected PCI: aardvark: Fix compilation on s390 PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() PCI: aardvark: Update comment about disabling link training PCI: aardvark: Remove PCIe outbound window configuration PCI: aardvark: Configure PCIe resources from 'ranges' DT property PCI: aardvark: Fix PCIe Max Payload Size setting PCI: Add PCI_EXP_LNKCTL2_TLS* macros PCI: aardvark: Fix link training PCI: aardvark: Fix checking for link up via LTSSM state pinctrl: armada-37xx: Correct mpp definitions pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup pinctrl: armada-37xx: Correct PWM pins definitions arm64: dts: marvell: armada-37xx: declare PCIe reset pin arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function hugetlbfs: flush TLBs correctly after huge_pmd_unshare proc/vmcore: fix clearing user buffer by properly using clear_user() NFC: add NCI_UNREG flag to eliminate the race fuse: release pipe buf after last use xen: sync include/xen/interface/io/ring.h with Xen's newest version xen/blkfront: read response from backend only once xen/blkfront: don't take local copy of a request from the ring page xen/blkfront: don't trust the backend response data blindly xen/netfront: read response from backend only once xen/netfront: don't read data from request on the ring page xen/netfront: disentangle tx_skb_freelist xen/netfront: don't trust the backend response data blindly tty: hvc: replace BUG_ON() with negative return value shm: extend forced shm destroy to support objects from several IPC nses ipc: WARN if trying to remove ipc object which is absent NFSv42: Fix pagecache invalidation after COPY/CLONE hugetlb: take PMD sharing into account when flushing tlb/caches net: return correct error code platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep s390/setup: avoid using memblock_enforce_memory_limit btrfs: check-integrity: fix a warning on write caching disabled disk thermal: core: Reset previous low and high trip during thermal zone init scsi: iscsi: Unblock session then wake up error handler ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() perf hist: Fix memory leak of a perf_hpp_fmt vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit kprobes: Limit max data_size of the kretprobe instances sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl fs: add fget_many() and fput_many() fget: check that the fd still exists after getting a ref to it natsemi: xtensa: fix section mismatch warnings net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() net: mpls: Fix notifications when deleting a device siphash: use _unaligned version by default net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available net/rds: correct socket tunable error in rds_tcp_tune() net/smc: Keep smc_close_final rc during active close parisc: Fix KBUILD_IMAGE for self-extracting kernel parisc: Fix "make install" on newer debian releases vgacon: Propagate console boot parameters before calling `vc_resize' xhci: Fix commad ring abort, write all 64 bits to CRCR register. usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect x86/64/mm: Map all kernel memory into trampoline_pgd tty: serial: msm_serial: Deactivate RX DMA for polling support serial: pl011: Add ACPI SBSA UART match id serial: core: fix transmit-buffer reset and memleak parisc: Mark cr16 CPU clocksource unstable on all SMP machines Linux 4.14.257 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I3148611f406a61ce3d7ff7dcb56977a114a4f499 |
||
|
Alexander Mikhalitsyn
|
8619236d93 |
shm: extend forced shm destroy to support objects from several IPC nses
commit 85b6d24646e4125c591639841169baa98a2da503 upstream.
Currently, the exit_shm() function not designed to work properly when
task->sysvshm.shm_clist holds shm objects from different IPC namespaces.
This is a real pain when sysctl kernel.shm_rmid_forced = 1, because it
leads to use-after-free (reproducer exists).
This is an attempt to fix the problem by extending exit_shm mechanism to
handle shm's destroy from several IPC ns'es.
To achieve that we do several things:
1. add a namespace (non-refcounted) pointer to the struct shmid_kernel
2. during new shm object creation (newseg()/shmget syscall) we
initialize this pointer by current task IPC ns
3. exit_shm() fully reworked such that it traverses over all shp's in
task->sysvshm.shm_clist and gets IPC namespace not from current task
as it was before but from shp's object itself, then call
shm_destroy(shp, ns).
Note: We need to be really careful here, because as it was said before
(1), our pointer to IPC ns non-refcnt'ed. To be on the safe side we
using special helper get_ipc_ns_not_zero() which allows to get IPC ns
refcounter only if IPC ns not in the "state of destruction".
Q/A
Q: Why can we access shp->ns memory using non-refcounted pointer?
A: Because shp object lifetime is always shorther than IPC namespace
lifetime, so, if we get shp object from the task->sysvshm.shm_clist
while holding task_lock(task) nobody can steal our namespace.
Q: Does this patch change semantics of unshare/setns/clone syscalls?
A: No. It's just fixes non-covered case when process may leave IPC
namespace without getting task->sysvshm.shm_clist list cleaned up.
Link: https://lkml.kernel.org/r/67bb03e5-f79c-1815-e2bf-949c67047418@colorfullife.com
Link: https://lkml.kernel.org/r/20211109151501.4921-1-manfred@colorfullife.com
Fixes:
|
||
|
EcrosoftXiao
|
0dbeb02b5e | Merge branch 'android-4.14-stable' of https://android.googlesource.com/kernel/common into twelve | ||
|
Greg Kroah-Hartman
|
cc48e333d0 |
Merge 4.14.256 into android-4.14-stable
Changes in 4.14.256
xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay
binder: use euid from cred instead of using task
binder: use cred instead of task for selinux checks
Input: elantench - fix misreporting trackpoint coordinates
Input: i8042 - Add quirk for Fujitsu Lifebook T725
libata: fix read log timeout value
ocfs2: fix data corruption on truncate
mmc: dw_mmc: Dont wait for DRTO on Write RSP error
parisc: Fix ptrace check on syscall return
tpm: Check for integer overflow in tpm2_map_response_body()
media: ite-cir: IR receiver stop working after receive overflow
ALSA: ua101: fix division by zero at probe
ALSA: 6fire: fix control and bulk message timeouts
ALSA: line6: fix control and interrupt message timeouts
ALSA: synth: missing check for possible NULL after the call to kstrdup
ALSA: timer: Fix use-after-free problem
ALSA: timer: Unconditionally unlink slave instances, too
x86/irq: Ensure PI wakeup handler is unregistered before module unload
cavium: Return negative value when pci_alloc_irq_vectors() fails
scsi: qla2xxx: Fix unmap of already freed sgl
cavium: Fix return values of the probe function
sfc: Don't use netif_info before net_device setup
hyperv/vmbus: include linux/bitops.h
mmc: winbond: don't build on M68K
bpf: Prevent increasing bpf_jit_limit above max
xen/netfront: stop tx queues during live migration
spi: spl022: fix Microwire full duplex mode
watchdog: Fix OMAP watchdog early handling
vmxnet3: do not stop tx queues after netif_device_detach()
btrfs: fix lost error handling when replaying directory deletes
hwmon: (pmbus/lm25066) Add offset coefficients
regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled
regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property
EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
mwifiex: fix division by zero in fw download path
ath6kl: fix division by zero in send path
ath6kl: fix control-message timeout
ath10k: fix control-message timeout
ath10k: fix division by zero in send path
PCI: Mark Atheros QCA6174 to avoid bus reset
rtl8187: fix control-message timeouts
evm: mark evm_fixmode as __ro_after_init
wcn36xx: Fix HT40 capability for 2Ghz band
mwifiex: Read a PCI register after writing the TX ring write pointer
libata: fix checking of DMA state
wcn36xx: handle connection loss indication
RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
signal: Remove the bogus sigkill_pending in ptrace_stop
signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
power: supply: max17042_battery: use VFSOC for capacity when no rsns
powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
serial: core: Fix initializing and restoring termios speed
ALSA: mixer: oss: Fix racy access to slots
ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
xen/balloon: add late_initcall_sync() for initial ballooning done
PCI: aardvark: Do not clear status bits of masked interrupts
PCI: aardvark: Do not unmask unused interrupts
PCI: aardvark: Fix return value of MSI domain .alloc() method
PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
quota: check block number when reading the block in quota file
quota: correct error number in free_dqentry()
pinctrl: core: fix possible memory leak in pinctrl_enable()
iio: dac: ad5446: Fix ad5622_write() return value
USB: serial: keyspan: fix memleak on probe errors
USB: iowarrior: fix control-message timeouts
Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
Bluetooth: fix use-after-free error in lock_sock_nested()
platform/x86: wmi: do not fail if disabling fails
MIPS: lantiq: dma: add small delay after reset
MIPS: lantiq: dma: reset correct number of channel
locking/lockdep: Avoid RCU-induced noinstr fail
smackfs: Fix use-after-free in netlbl_catmap_walk()
x86: Increase exception stack sizes
mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
mwifiex: Properly initialize private structure on interface type changes
media: mt9p031: Fix corrupted frame after restarting stream
media: netup_unidvb: handle interrupt properly according to the firmware
media: uvcvideo: Set capability in s_param
media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
media: s5p-mfc: Add checking to s5p_mfc_probe().
media: mceusb: return without resubmitting URB in case of -EPROTO error.
ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
ACPICA: Avoid evaluating methods too early during system resume
media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
tracefs: Have tracefs directories not set OTH permission bits by default
ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()
ACPI: battery: Accept charges over the design capacity as full
leaking_addresses: Always print a trailing newline
memstick: r592: Fix a UAF bug when removing the driver
lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
lib/xz: Validate the value before assigning it to an enum variable
tracing/cfi: Fix cmp_entries_* functions signature mismatch
mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
PM: hibernate: Get block device exclusively in swsusp_check()
iwlwifi: mvm: disable RX-diversity in powersave
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
ARM: clang: Do not rely on lr register for stacktrace
gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE
ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe()
parisc: fix warning in flush_tlb_all
task_stack: Fix end_of_stack() for architectures with upwards-growing stack
parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
cgroup: Make rebind_subsystems() disable v2 controllers all at once
media: dvb-usb: fix ununit-value in az6027_rc_query
media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()'
media: si470x: Avoid card name truncation
media: cx23885: Fix snd_card_free call on null card pointer
cpuidle: Fix kobject memory leaks in error paths
ath9k: Fix potential interrupt storm on queue reset
crypto: qat - detect PFVF collision after ACK
crypto: qat - disregard spurious PFVF interrupts
hwrng: mtk - Force runtime pm ops for sleep ops
b43legacy: fix a lower bounds test
b43: fix a lower bounds test
memstick: avoid out-of-range warning
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
hwmon: Fix possible memleak in __hwmon_device_register()
ath10k: fix max antenna gain unit
drm/msm: uninitialized variable in msm_gem_import()
net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
mmc: mxs-mmc: disable regulator on error and in the remove function
platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
mwifiex: Send DELBA requests according to spec
phy: micrel: ksz8041nl: do not use power down mode
PM: hibernate: fix sparse warnings
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
irq: mips: avoid nested irq_enter()
samples/kretprobes: Fix return value if register_kretprobe() failed
libertas_tf: Fix possible memory leak in probe and disconnect
libertas: Fix possible memory leak in probe and disconnect
net: amd-xgbe: Toggle PLL settings during rate change
net: phylink: avoid mvneta warning when setting pause parameters
crypto: pcrypt - Delay write to padata->info
ibmvnic: Process crqs after enabling interrupts
RDMA/rxe: Fix wrong port_cap_flags
ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
ARM: dts: at91: tse850: the emac<->phy interface is rmii
scsi: dc395: Fix error case unwinding
MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
JFS: fix memleak in jfs_mount
ALSA: hda: Reduce udelay() at SKL+ position reporting
arm: dts: omap3-gta04a4: accelerometer irq fix
soc/tegra: Fix an error handling path in tegra_powergate_power_up()
memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
video: fbdev: chipsfb: use memset_io() instead of memset()
serial: 8250_dw: Drop wrong use of ACPI_PTR()
usb: gadget: hid: fix error code in do_config()
power: supply: rt5033_battery: Change voltage values to µV
scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
RDMA/mlx4: Return missed an error if device doesn't support steering
ASoC: cs42l42: Correct some register default values
ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER
serial: xilinx_uartps: Fix race condition causing stuck TX
mips: cm: Convert to bitfield API to fix out-of-bounds access
power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
apparmor: fix error check
rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
drm/plane-helper: fix uninitialized variable reference
PCI: aardvark: Don't spam about PIO Response Status
NFS: Fix deadlocks in nfs_scan_commit_list()
fs: orangefs: fix error return code of orangefs_revalidate_lookup()
mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
auxdisplay: ht16k33: Connect backlight to fbdev
auxdisplay: ht16k33: Fix frame buffer device blanking
netfilter: nfnetlink_queue: fix OOB when mac header was cleared
dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
m68k: set a default value for MEMORY_RESERVE
watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
ar7: fix kernel builds for compiler test
scsi: qla2xxx: Turn off target reset during issue_lip
i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()'
xen-pciback: Fix return in pm_ctrl_init()
net: davinci_emac: Fix interrupt pacing disable
ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration()
llc: fix out-of-bound array index in llc_sk_dev_hash()
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
vsock: prevent unnecessary refcnt inc for nonblocking connect
USB: chipidea: fix interrupt deadlock
ARM: 9155/1: fix early early_iounmap()
ARM: 9156/1: drop cc-option fallbacks for architecture selection
powerpc/lib: Add helper to check if offset is within conditional branch range
powerpc/bpf: Validate branch ranges
powerpc/bpf: Fix BPF_SUB when imm == 0x80000000
mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
mm, oom: do not trigger out_of_memory from the #PF
s390/cio: check the subchannel validity for dev_busid
PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
ext4: fix lazy initialization next schedule time computation in more granular unit
tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT
parisc/entry: fix trace test in syscall exit path
PCI/MSI: Destroy sysfs before freeing entries
arm64: zynqmp: Fix serial compatible string
scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
usb: musb: tusb6010: check return value after calling platform_get_resource()
scsi: advansys: Fix kernel pointer leak
ARM: dts: omap: fix gpmc,mux-add-data type
usb: host: ohci-tmio: check return value after calling platform_get_resource()
tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
MIPS: sni: Fix the build
scsi: target: Fix ordered tag handling
scsi: target: Fix alua_tg_pt_gps_count tracking
powerpc/5200: dts: fix memory node unit name
ALSA: gus: fix null pointer dereference on pointer block
powerpc/dcr: Use cmplwi instead of 3-argument cmpli
sh: check return code of request_irq
maple: fix wrong return value of maple_bus_init().
sh: fix kconfig unmet dependency warning for FRAME_POINTER
sh: define __BIG_ENDIAN for math-emu
mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
net: bnx2x: fix variable dereferenced before check
iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
MIPS: generic/yamon-dt: fix uninitialized variable error
mips: bcm63xx: add support for clk_get_parent()
mips: lantiq: add support for clk_get_parent()
platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
net: virtio_net_hdr_to_skb: count transport header in UFO
i40e: Fix NULL ptr dereference on VSI filter sync
NFC: reorganize the functions in nci_request
NFC: reorder the logic in nfc_{un,}register_device
perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
tun: fix bonding active backup with arp monitoring
hexagon: export raw I/O routines for modules
mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
btrfs: fix memory ordering between normal and ordered work functions
parisc/sticon: fix reverse colors
cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
drm/udl: fix control-message timeout
drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
perf/core: Avoid put_page() when GUP fails
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
batman-adv: Consider fragmentation for needed_headroom
batman-adv: Reserve needed_*room for fragments
batman-adv: Don't always reallocate the fragmentation skb head
RDMA/netlink: Add __maybe_unused to static inline in C file
ASoC: DAPM: Cover regression by kctl change notification fix
usb: max-3421: Use driver data instead of maintaining a list of bound devices
soc/tegra: pmc: Fix imbalanced clock disabling in error code path
Linux 4.14.256
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I32f0b43f5aa192eda1aa3a220a2f348ade0536d2
|
||
|
Helge Deller
|
020acc6e86 |
task_stack: Fix end_of_stack() for architectures with upwards-growing stack
[ Upstream commit 9cc2fa4f4a92ccc6760d764e7341be46ee8aaaa1 ] The function end_of_stack() returns a pointer to the last entry of a stack. For architectures like parisc where the stack grows upwards return the pointer to the highest address in the stack. Without this change I faced a crash on parisc, because the stackleak functionality wrote STACKLEAK_POISON to the lowest address and thus overwrote the first 4 bytes of the task_struct which included the TIF_FLAGS. Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
EcrosoftXiao
|
56e2741801 | Merge branch 'android-4.14-stable' of https://android.googlesource.com/kernel/common into HEAD | ||
|
Greg Kroah-Hartman
|
9da02745a1 |
Merge 4.14.226 into android-4.14-stable
Changes in 4.14.226
uapi: nfnetlink_cthelper.h: fix userspace compilation error
ethernet: alx: fix order of calls on resume
ath9k: fix transmitting to stations in dynamic SMPS mode
net: Fix gro aggregation for udp encaps with zero csum
net: Introduce parse_protocol header_ops callback
net: check if protocol extracted by virtio_net_hdr_set_proto is correct
net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership
can: flexcan: assert FRZ bit in flexcan_chip_freeze()
can: flexcan: enable RX FIFO after FRZ/HALT valid
netfilter: x_tables: gpf inside xt_find_revision()
cifs: return proper error code in statfs(2)
scripts/recordmcount.{c,pl}: support -ffunction-sections .text.* section names
Revert "mm, slub: consider rest of partial list if acquire_slab() fails"
sh_eth: fix TRSCER mask for SH771x
net/mlx4_en: update moderation when config reset
net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10
net: sched: avoid duplicates in classes dump
net: usb: qmi_wwan: allow qmimux add/del with master up
cipso,calipso: resolve a number of problems with the DOI refcounts
net: lapbether: Remove netif_start_queue / netif_stop_queue
net: davicom: Fix regulator not turned off on failed probe
net: davicom: Fix regulator not turned off on driver removal
net: stmmac: stop each tx channel independently
perf traceevent: Ensure read cmdlines are null terminated.
s390/cio: return -EFAULT if copy_to_user() fails again
drm/compat: Clear bounce structures
drm: meson_drv add shutdown function
s390/cio: return -EFAULT if copy_to_user() fails
media: usbtv: Fix deadlock on suspend
net: phy: fix save wrong speed and duplex problem if autoneg is on
udf: fix silent AED tagLocation corruption
mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()'
mmc: mediatek: fix race condition between msdc_request_timeout and irq
powerpc: improve handling of unrecoverable system reset
powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
PCI: xgene-msi: Fix race in installing chained irq handler
PCI: mediatek: Add missing of_node_put() to fix reference leak
s390/smp: __smp_rescan_cpus() - move cpumask away from stack
scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
ALSA: hda/hdmi: Cancel pending works before suspend
ALSA: hda: Drop the BATCH workaround for AMD controllers
ALSA: hda: Avoid spurious unsol event handling during S3/S4
ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities")
s390/dasd: fix hanging DASD driver unbind
s390/dasd: fix hanging IO request during DASD driver unbind
mmc: core: Fix partition switch time for eMMC
Goodix Fingerprint device is not a modem
USB: gadget: u_ether: Fix a configfs return code
usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot
usb: gadget: f_uac1: stop playback on function disable
usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
xhci: Improve detection of device initiated wake signal.
usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing
USB: serial: io_edgeport: fix memory leak in edge_startup
USB: serial: ch341: add new Product ID
USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
USB: serial: cp210x: add some more GE USB IDs
usbip: fix stub_dev to check for stream socket
usbip: fix vhci_hcd to check for stream socket
usbip: fix vudc to check for stream socket
usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
usbip: fix vhci_hcd attach_store() races leading to gpf
staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
staging: rtl8712: unterminated string leads to read overflow
staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data()
staging: ks7010: prevent buffer overflow in ks_wlan_set_scan()
staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan
staging: comedi: addi_apci_1032: Fix endian problem for COS sample
staging: comedi: addi_apci_1500: Fix endian problem for command sample
staging: comedi: adv_pci1710: Fix endian problem for AI command data
staging: comedi: das6402: Fix endian problem for AI command data
staging: comedi: das800: Fix endian problem for AI command data
staging: comedi: dmm32at: Fix endian problem for AI command data
staging: comedi: me4000: Fix endian problem for AI command data
staging: comedi: pcl711: Fix endian problem for AI command data
staging: comedi: pcl818: Fix endian problem for AI command data
sh_eth: fix TRSCER mask for R7S72100
NFSv4.2: fix return value of _nfs4_get_security_label()
block: rsxx: fix error return code of rsxx_pci_probe()
configfs: fix a use-after-free in __configfs_open_file
stop_machine: mark helpers __always_inline
include/linux/sched/mm.h: use rcu_dereference in in_vfork()
powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
binfmt_misc: fix possible deadlock in bm_register_write
hwmon: (lm90) Fix max6658 sporadic wrong temperature reading
KVM: arm64: Fix exclusive limit for IPA size
iio: imu: adis16400: release allocated memory on failure
xen/events: reset affinity of 2-level event when tearing it down
xen/events: don't unmask an event channel when an eoi is pending
xen/events: avoid handling the same event on two cpus at the same time
Linux 4.14.226
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib4c6af910e10e6c04445ded8ccb1d877d9abb898
|
||
|
Matthew Wilcox (Oracle)
|
997e68565f |
include/linux/sched/mm.h: use rcu_dereference in in_vfork()
[ Upstream commit 149fc787353f65b7e72e05e7b75d34863266c3e2 ]
Fix a sparse warning by using rcu_dereference(). Technically this is a
bug and a sufficiently aggressive compiler could reload the `real_parent'
pointer outside the protection of the rcu lock (and access freed memory),
but I think it's pretty unlikely to happen.
Link: https://lkml.kernel.org/r/20210221194207.1351703-1-willy@infradead.org
Fixes:
|
||
|
Sultan Alsawaf
|
afabad7554 |
sched/rt: Change default SCHED_RR timeslice from 100 ms to 1 jiffy
For us, it's most helpful to have the round-robin timeslice as low as is allowed by the scheduler to reduce latency. Since it's limited by the scheduler tick rate, just set the default to 1 jiffy, which is the lowest possible value. Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com> |
||
|
Yadu MG
|
99dae5f959 |
trace/irq: sched: irq trace events should be used with !PROVE_LOCKING
When enabling PROVE_LOCKING, kernel build fails due to undefined symbol error for the irqsoff_tracing_threshold_ns which is used in sysctl interface,sysctl_irqsoff_tracing_threshold_ns. As per PREEMPTIRQ_EVENTS Kconfig help, for tracing irq disable/enable events CONFIG_PROVE_LOCKING should be disabled. This commit fixes by making the proc entry under the PROVE_LOCKING config. Change-Id: Ie28afd31013a9c393f32ad328cedfc0517867fc4 Signed-off-by: Yadu MG <ymg@codeaurora.org> Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> |
||
|
Jimmy Shiu
|
5e2b61a866 |
sched/core: fix userspace affining threads incorrectly by task name.
To identify certain apps which request max cpu freq to affine its tasks to specific cpus, besides checking its lib name, task name is also a factor that we can identify the suspcious task. Test: build and test the 'perfect kick 2' game. Bug: 163293825 Bug: 161324271 Change-Id: I4359859db743b4c9122e9df40af0b109370e8f1f Signed-off-by: Jimmy Shiu <jimmyshiu@google.com> Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> |
||
|
Pavankumar Kondeti
|
00b950bf4e |
sched: Improve the scheduler
This change is for general scheduler improvement. Change-Id: I50d41aa3338803cbd45ff6314b2bb3978c59282b Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org> Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> |
||
|
Abhijeet Dharmapurikar
|
709cc36dd3 |
sched/core: fix userspace affining threads incorrectly
Certain userspace applications, to achieve max performance, affines its threads to cpus that run the fastest. This is not always the correct strategy. For e.g. in certain architectures all the cores have the same max freq but few of them have a bigger cache. Affining to the cpus that have bigger cache is advantageous but such an application would end up affining them to all the cores. Similarly if an architecture has just one cpu that runs at max freq, it ends up crowding all its thread on that single core, which is detrimental for performance. To address this issue, we need to detect a suspicious looking affinity request from userspace and check if it links in a particular library. The latter can easily be detected by traversing executable vm areas that map a file and checking for that library name. When such a affinity request is found, change it to use a proper affinity. The suspicious affinity request, the proper affinity request and the library name can be configured by the userspace. Change-Id: I6bb8c310ca54c03261cc721f28dfd6023ab5591a Signed-off-by: Abhijeet Dharmapurikar <adharmap@codeaurora.org> Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> |
||
|
Rick Yiu
|
89ef69d781 |
sched: separate capacity margin for boosted tasks
With the introduction of placement hint patch, boosted tasks will not scheduled from big cores. We tune capacity margin to let important boosted tasks get scheduled on big cores. However, the capacity margin affects all group of tasks, so that non-boosted tasks get more chances to be scheduled on big cores, too. This could be solved by separating capacity margin for boosted tasks. Bug: 147785606 Test: margin set correctly Signed-off-by: Rick Yiu <rickyiu@google.com> Change-Id: I2b02e138e36a6844afbc1ade60fe86a001814b30 Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> |
||
|
Wilson Sung
|
4e8a61f2f8 |
Roll back performace files
File list: kernel/sched/ include/linux/sched/ Bug: 150756696 Bug: 149660093 Change-Id: Ia90f5123ef3ab0d3322e974d174b915e80ed642e Signed-off-by: Wilson Sung <wilsonsung@google.com> Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> |
||
|
Rick Yiu
|
b7ac0108f4 |
sched: use sysctl to control energy aware feature
Energy aware feature control is previously done through debugfs, which will be deprecated, so move the control to sysctl. Bug: 141333728 Test: function works as expected Change-Id: I55411d3bb2669ba1fae3225d67cdf1cf8b3b3a7f Signed-off-by: Rick Yiu <rickyiu@google.com> Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> |
||
|
Wei Wang
|
e1a94c9322 |
Revert "sched/core: fix userspace affining threads incorrectly"
This reverts commit
|
||
|
Wei Wang
|
e8790c00f6 |
Revert "sched: Improve the scheduler"
This reverts commit
|
||
|
UtsavBalar1231
|
5563a7a2b3 |
Revert "sched/fair: Improve the scheduler"
This reverts commit
|
||
|
UtsavBalar1231
|
89bfed8bb2 |
Revert "sched: Improve the scheduler"
This reverts commit
|
||
|
Roman Gushchin
|
d20d9324a5 |
BACKPORT: cgroup: cgroup v2 freezer
Cgroup v1 implements the freezer controller, which provides an ability
to stop the workload in a cgroup and temporarily free up some
resources (cpu, io, network bandwidth and, potentially, memory)
for some other tasks. Cgroup v2 lacks this functionality.
This patch implements freezer for cgroup v2.
Cgroup v2 freezer tries to put tasks into a state similar to jobctl
stop. This means that tasks can be killed, ptraced (using
PTRACE_SEIZE*), and interrupted. It is possible to attach to
a frozen task, get some information (e.g. read registers) and detach.
It's also possible to migrate a frozen tasks to another cgroup.
This differs cgroup v2 freezer from cgroup v1 freezer, which mostly
tried to imitate the system-wide freezer. However uninterruptible
sleep is fine when all tasks are going to be frozen (hibernation case),
it's not the acceptable state for some subset of the system.
Cgroup v2 freezer is not supporting freezing kthreads.
If a non-root cgroup contains kthread, the cgroup still can be frozen,
but the kthread will remain running, the cgroup will be shown
as non-frozen, and the notification will not be delivered.
* PTRACE_ATTACH is not working because non-fatal signal delivery
is blocked in frozen state.
There are some interface differences between cgroup v1 and cgroup v2
freezer too, which are required to conform the cgroup v2 interface
design principles:
1) There is no separate controller, which has to be turned on:
the functionality is always available and is represented by
cgroup.freeze and cgroup.events cgroup control files.
2) The desired state is defined by the cgroup.freeze control file.
Any hierarchical configuration is allowed.
3) The interface is asynchronous. The actual state is available
using cgroup.events control file ("frozen" field). There are no
dedicated transitional states.
4) It's allowed to make any changes with the cgroup hierarchy
(create new cgroups, remove old cgroups, move tasks between cgroups)
no matter if some cgroups are frozen.
Signed-off-by: Roman Gushchin <guro@fb.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
No-objection-from-me-by: Oleg Nesterov <oleg@redhat.com>
Cc: kernel-team@fb.com
Change-Id: I3404119678cbcd7410aa56e9334055cee79d02fa
(cherry picked from commit 76f969e8948d82e78e1bc4beb6b9465908e74873)
Bug: 154548692
Signed-off-by: Marco Ballesio <balejs@google.com>
Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com>
|
||
|
EcrosoftXiao
|
efdfd74e39 | Merge branch 'android-4.14-stable' of https://android.googlesource.com/kernel/common into eleven | ||
|
Greg Kroah-Hartman
|
9ddf99d35b |
Merge 4.14.203 into android-4.14-stable
Changes in 4.14.203 ibmveth: Switch order of ibmveth_helper calls. ibmveth: Identify ingress large send packets. ipv4: Restore flowi4_oif update before call to xfrm_lookup_route mlx4: handle non-napi callers to napi_poll net: usb: qmi_wwan: add Cellient MPL200 card tipc: fix the skb_unshare() in tipc_buf_append() net/ipv4: always honour route mtu during forwarding r8169: fix data corruption issue on RTL8402 binder: fix UAF when releasing todo list ALSA: bebob: potential info leak in hwdep_read() net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() tcp: fix to update snd_wl1 in bulk receiver fast path icmp: randomize the global rate limiter cifs: remove bogus debug code cifs: Return the error from crypt_message when enc/dec key not found. KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages KVM: SVM: Initialize prev_ga_tag before use ima: Don't ignore errors from crypto_shash_update() crypto: algif_aead - Do not set MAY_BACKLOG on the async path EDAC/i5100: Fix error handling order in i5100_init_one() x86/fpu: Allow multiple bits in clearcpuid= parameter drivers/perf: xgene_pmu: Fix uninitialized resource struct crypto: algif_skcipher - EBUSY on aio should be an error crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call media: tuner-simple: fix regression in simple_set_radio_freq media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()" media: m5mols: Check function pointer in m5mols_sensor_power media: uvcvideo: Set media controller entity functions media: omap3isp: Fix memleak in isp_probe crypto: omap-sham - fix digcnt register handling with export/import cypto: mediatek - fix leaks in mtk_desc_ring_alloc media: mx2_emmaprp: Fix memleak in emmaprp_probe media: tc358743: initialize variable media: platform: fcp: Fix a reference count leak. media: s5p-mfc: Fix a reference count leak media: ti-vpe: Fix a missing check and reference count leak regulator: resolve supply after creating regulator ath10k: provide survey info as accumulated data Bluetooth: hci_uart: Cancel init work before unregistering ath6kl: prevent potential array overflow in ath6kl_add_new_sta() ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 ASoC: qcom: lpass-platform: fix memory leak ASoC: qcom: lpass-cpu: fix concurrency issue brcmfmac: check ndev pointer mwifiex: Do not use GFP_KERNEL in atomic context drm/gma500: fix error check scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() backlight: sky81452-backlight: Fix refcount imbalance on error VMCI: check return value of get_user_pages_fast() for errors tty: serial: earlycon dependency tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup() pty: do tty_flip_buffer_push without port->lock in pty_write pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() pwm: lpss: Add range limit check for the base_unit register value drivers/virt/fsl_hypervisor: Fix error handling path video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error video: fbdev: sis: fix null ptr dereference HID: roccat: add bounds checking in kone_sysfs_write_settings() pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser pinctrl: mcp23s08: Fix mcp23x17 precious range ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() misc: mic: scif: Fix error handling path ALSA: seq: oss: Avoid mutex lock for a long-time ioctl usb: dwc2: Fix parameter type in function pointer prototype quota: clear padding in v2r1_mem2diskdqb() HID: hid-input: fix stylus battery reporting qtnfmac: fix resource leaks on unsupported iftype error return path net: enic: Cure the enic api locking trainwreck mfd: sm501: Fix leaks in probe() iwlwifi: mvm: split a print to avoid a WARNING in ROC usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above. usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well nl80211: fix non-split wiphy information usb: dwc2: Fix INTR OUT transfers in DDMA mode. scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() mwifiex: fix double free net: korina: fix kfree of rx/tx descriptor array mm/memcg: fix device private memcg accounting mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary IB/mlx4: Fix starvation in paravirt mux/demux IB/mlx4: Adjust delayed work when a dup is observed powerpc/pseries: Fix missing of_node_put() in rng_init() powerpc/icp-hv: Fix missing of_node_put() in success path mtd: lpddr: fix excessive stack usage with clang mtd: mtdoops: Don't write panic data twice ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values arc: plat-hsdk: fix kconfig dependency warning when !RESET_CONTROLLER xfs: limit entries returned when counting fsmap records RDMA/qedr: Fix use of uninitialized field powerpc/tau: Use appropriate temperature sample interval powerpc/tau: Remove duplicated set_thresholds() call powerpc/tau: Disable TAU between measurements perf intel-pt: Fix "context_switch event has no tid" error RDMA/hns: Set the unsupported wr opcode kdb: Fix pager search for multi-line strings overflow: Include header file with SIZE_MAX declaration powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints powerpc/perf/hv-gpci: Fix starting index value cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier IB/rdmavt: Fix sizeof mismatch f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info lib/crc32.c: fix trivial typo in preprocessor condition ramfs: fix nommu mmap with gaps in the page cache rapidio: fix error handling path rapidio: fix the missed put_device() for rio_mport_add_riodev mailbox: avoid timer start from callback i2c: rcar: Auto select RESET_CONTROLLER PCI: iproc: Set affinity mask on MSI interrupts clk: at91: clk-main: update key before writing AT91_CKGR_MOR clk: bcm2835: add missing release if devm_clk_hw_register fails ext4: limit entries returned when counting fsmap records vfio/pci: Clear token on bypass registration failure vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() Input: stmfts - fix a & vs && typo Input: ep93xx_keypad - fix handling of platform_get_irq() error Input: omap4-keypad - fix handling of platform_get_irq() error Input: twl4030_keypad - fix handling of platform_get_irq() error Input: sun4i-ps2 - fix handling of platform_get_irq() error KVM: x86: emulating RDPID failure shall return #UD rather than #GP memory: omap-gpmc: Fix a couple off by ones memory: fsl-corenet-cf: Fix handling of platform_get_irq() error arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers arm64: dts: zynqmp: Remove additional compatible string for i2c IPs powerpc/powernv/dump: Fix race while processing OPAL dump nvmet: fix uninitialized work for zero kato NTB: hw: amd: fix an issue about leak system resources perf: correct SNOOPX field offset i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs crypto: ccp - fix error handling media: firewire: fix memory leak media: ati_remote: sanity check for both endpoints media: st-delta: Fix reference count leak in delta_run_work media: sti: Fix reference count leaks media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync media: exynos4-is: Fix a reference count leak media: vsp1: Fix runtime PM imbalance on error media: platform: s3c-camif: Fix runtime PM imbalance on error media: platform: sti: hva: Fix runtime PM imbalance on error media: bdisp: Fix runtime PM imbalance on error media: media/pci: prevent memory leak in bttv_probe media: uvcvideo: Ensure all probed info is returned to v4l2 mmc: sdio: Check for CISTPL_VERS_1 buffer size media: saa7134: avoid a shift overflow fs: dlm: fix configfs memory leak media: venus: core: Fix runtime PM imbalance in venus_probe ntfs: add check for mft record size in superblock mac80211: handle lack of sband->bitrates in rates PM: hibernate: remove the bogus call to get_gendisk() in software_resume() scsi: mvumi: Fix error return in mvumi_io_attach() scsi: target: core: Add CONTROL field for trace events mic: vop: copy data to kernel space then write to io memory misc: vop: add round_up(x,4) for vring_size to avoid kernel panic usb: gadget: function: printer: fix use-after-free in __lock_acquire udf: Limit sparing table size udf: Avoid accessing uninitialized data on failed inode read USB: cdc-acm: handle broken union descriptors can: flexcan: flexcan_chip_stop(): add error handling and propagate error value ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() misc: rtsx: Fix memory leak in rtsx_pci_probe reiserfs: only call unlock_new_inode() if I_NEW xfs: make sure the rt allocator doesn't run off the end usb: ohci: Default to per-port over-current protection Bluetooth: Only mark socket zapped after unlocking scsi: ibmvfc: Fix error return in ibmvfc_probe() brcmsmac: fix memory leak in wlc_phy_attach_lcnphy rtl8xxxu: prevent potential memory leak Fix use after free in get_capset_info callback. scsi: qedi: Protect active command list to avoid list corruption scsi: qedi: Fix list_del corruption while removing active I/O tty: ipwireless: fix error handling ipvs: Fix uninit-value in do_ip_vs_set_ctl() reiserfs: Fix memory leak in reiserfs_parse_options() mwifiex: don't call del_timer_sync() on uninitialized timer brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach usb: core: Solve race condition in anchor cleanup functions scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() net: korina: cast KSEG0 address to pointer in kfree tty: serial: fsl_lpuart: fix lpuart32_poll_get_char usb: cdc-acm: add quirk to blacklist ETAS ES58X devices USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync(). eeprom: at25: set minimum read/write access stride to 1 usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets. powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler Linux 4.14.203 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ia4c1c9fc1a8d03c662b37fbe1448b4fb1f88007a |
||
|
Suren Baghdasaryan
|
fc7d33941b |
mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary
[ Upstream commit 67197a4f28d28d0b073ab0427b03cb2ee5382578 ]
Currently __set_oom_adj loops through all processes in the system to keep
oom_score_adj and oom_score_adj_min in sync between processes sharing
their mm. This is done for any task with more that one mm_users, which
includes processes with multiple threads (sharing mm and signals).
However for such processes the loop is unnecessary because their signal
structure is shared as well.
Android updates oom_score_adj whenever a tasks changes its role
(background/foreground/...) or binds to/unbinds from a service, making it
more/less important. Such operation can happen frequently. We noticed
that updates to oom_score_adj became more expensive and after further
investigation found out that the patch mentioned in "Fixes" introduced a
regression. Using Pixel 4 with a typical Android workload, write time to
oom_score_adj increased from ~3.57us to ~362us. Moreover this regression
linearly depends on the number of multi-threaded processes running on the
system.
Mark the mm with a new MMF_MULTIPROCESS flag bit when task is created with
(CLONE_VM && !CLONE_THREAD && !CLONE_VFORK). Change __set_oom_adj to use
MMF_MULTIPROCESS instead of mm_users to decide whether oom_score_adj
update should be synchronized between multiple processes. To prevent
races between clone() and __set_oom_adj(), when oom_score_adj of the
process being cloned might be modified from userspace, we use
oom_adj_mutex. Its scope is changed to global.
The combination of (CLONE_VM && !CLONE_THREAD) is rarely used except for
the case of vfork(). To prevent performance regressions of vfork(), we
skip taking oom_adj_mutex and setting MMF_MULTIPROCESS when CLONE_VFORK is
specified. Clearing the MMF_MULTIPROCESS flag (when the last process
sharing the mm exits) is left out of this patch to keep it simple and
because it is believed that this threading model is rare. Should there
ever be a need for optimizing that case as well, it can be done by hooking
into the exit path, likely following the mm_update_next_owner pattern.
With the combination of (CLONE_VM && !CLONE_THREAD && !CLONE_VFORK) being
quite rare, the regression is gone after the change is applied.
[surenb@google.com: v3]
Link: https://lkml.kernel.org/r/20200902012558.2335613-1-surenb@google.com
Fixes:
|
||
|
Srinivasarao P
|
f3f0576c22 |
Merge android-4.14.158 (84afceb) into msm-4.14
* refs/heads/tmp-84afceb: Linux 4.14.158 net: fec: fix clock count mis-match platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer ASoC: stm32: i2s: fix IRQ clearing ASoC: stm32: i2s: fix 16 bit format support ASoC: stm32: i2s: fix dma configuration pinctrl: stm32: fix memory leak issue mailbox: mailbox-test: fix null pointer if no mmio hwrng: stm32 - fix unbalanced pm_runtime_enable media: stm32-dcmi: fix DMA corruption when stopping streaming crypto: stm32/hash - Fix hmac issue more than 256 bytes HID: core: check whether Usage Page item is after Usage ID items futex: Prevent exit livelock futex: Provide distinct return value when owner is exiting futex: Add mutex around futex exit futex: Provide state handling for exec() as well futex: Sanitize exit state handling futex: Mark the begin of futex exit explicitly futex: Set task::futex_state to DEAD right after handling futex exit futex: Split futex_mm_release() for exit/exec exit/exec: Seperate mm_release() futex: Replace PF_EXITPIDONE with a state futex: Move futex exit handling into futex code futex: Prevent robust futex exit race y2038: futex: Move compat implementation into futex.c mtd: spi-nor: cast to u64 to avoid uint overflows mtd: rawnand: atmel: fix possible object reference leak mtd: rawnand: atmel: Fix spelling mistake in error message net: macb driver, check for SKBTX_HW_TSTAMP net: macb: Fix SUBNS increment and increase resolution watchdog: sama5d4: fix WDD value to be always set to max ext4: add more paranoia checking in ext4_expand_extra_isize handling net: sched: fix `tc -s class show` no bstats on class with nolock subqueues sctp: cache netns in sctp_ep_common tipc: fix link name length check openvswitch: remove another BUG_ON() openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() slip: Fix use-after-free Read in slip_open openvswitch: fix flow command message size net: psample: fix skb_over_panic macvlan: schedule bc_work even if error media: atmel: atmel-isc: fix INIT_WORK misplacement media: atmel: atmel-isc: fix asd memory allocation pwm: Clear chip_data in pwm_put() net: macb: fix error format in dev_err() media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE xfrm: Fix memleak on xfrm state destroy mei: bus: prefix device names on bus with the bus name USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids staging: rtl8723bs: Drop ACPI device ids staging: rtl8192e: fix potential use after free clk: at91: generated: set audio_pll_allowed in at91_clk_register_generated() clk: at91: fix update bit maps on CFG_MOR write mm, gup: add missing refcount overflow checks on s390 mtd: Remove a debug trace in mtdpart.c powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() scsi: libsas: Check SMP PHY control function result ACPI / APEI: Switch estatus pool to use vmalloc memory ACPI / APEI: Don't wait to serialise with oops messages when panic()ing scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery apparmor: delete the dentry in aafs_remove() to avoid a leak iommu/amd: Fix NULL dereference bug in match_hid_uid net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED bpf: drop refcount if bpf_map_new_fd() fails in map_create() kvm: properly check debugfs dentry before using it net: dev: Use unsigned integer as an argument to left-shift bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() sctp: don't compare hb_timer expire date before starting it net: fix possible overflow in __sk_mem_raise_allocated() sfc: initialise found bitmap in efx_ef10_mtd_probe tipc: fix skb may be leaky in tipc_link_input blktrace: Show requests without sector net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() decnet: fix DN_IFREQ_SIZE ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change serial: 8250: Fix serial8250 initialization crash net/core/neighbour: fix kmemleak minimal reference count for hash tables PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() net/core/neighbour: tell kmemleak about hash tables tipc: fix memory leak in tipc_nl_compat_publ_dump mtd: Check add_mtd_device() ret code lib/genalloc.c: include vmalloc.h drivers/base/platform.c: kmemleak ignore a known leak fork: fix some -Wmissing-prototypes warnings lib/genalloc.c: use vzalloc_node() to allocate the bitmap lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n ocfs2: clear journal dirty flag after shutdown journal net/wan/fsl_ucc_hdlc: Avoid double free in ucc_hdlc_probe() tipc: fix a missing check of genlmsg_put atl1e: checking the status of atl1e_write_phy_reg net: dsa: bcm_sf2: Propagate error value from mdio_write net: stmicro: fix a missing check of clk_prepare net: (cpts) fix a missing check of clk_prepare um: Make GCOV depend on !KCOV f2fs: fix to dirty inode synchronously net/net_namespace: Check the return value of register_pernet_subsys() net/netlink_compat: Fix a missing check of nla_parse_nested pwm: clps711x: Fix period calculation crypto: mxc-scc - fix build warnings on ARM64 powerpc/pseries: Fix node leak in update_lmb_associativity_index() powerpc/83xx: handle machine check caused by watchdog timer regulator: tps65910: fix a missing check of return value IB/rxe: Make counters thread safe drbd: fix print_st_err()'s prototype to match the definition drbd: do not block when adjusting "disk-options" while IO is frozen drbd: reject attach of unsuitable uuids even if connected drbd: ignore "all zero" peer volume sizes in handshake powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status vfio/spapr_tce: Get rid of possible infinite loop powerpc/44x/bamboo: Fix PCI range powerpc/mm: Make NULL pointer deferences explicit on bad page faults. powerpc/prom: fix early DEBUG messages powerpc/perf: Fix unit_sel/cache_sel checks ath6kl: Fix off by one error in scan completion ath6kl: Only use match sets when firmware supports it scsi: csiostor: fix incorrect dma device in case of vport scsi: qla2xxx: deadlock by configfs_depend_item RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer openrisc: Fix broken paths to arch/or32 serial: max310x: Fix tx_empty() callback Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading drivers/regulator: fix a missing check of return value powerpc/xmon: fix dump_segments() powerpc/book3s/32: fix number of bats in p/v_block_mapped() vxlan: Fix error path in __vxlan_dev_create() clocksource/drivers/fttmr010: Fix invalid interrupt register access IB/qib: Fix an error code in qib_sdma_verbs_send() xfs: Fix bulkstat compat ioctls on x32 userspace. xfs: Align compat attrlist_by_handle with native implementation. gfs2: take jdata unstuff into account in do_grow dm flakey: Properly corrupt multi-page bios. HID: doc: fix wrong data structure reference for UHID_OUTPUT pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration KVM: s390: unregister debug feature on failing arch init bnxt_en: query force speeds before disabling autoneg mode. bnxt_en: Return linux standard errors in bnxt_ethtool.c exofs_mount(): fix leaks on failure exits net/mlx5: Continue driver initialization despite debugfs failure pinctrl: xway: fix gpio-hog related boot issues vfio-mdev/samples: Use u8 instead of char for handle functions xen/pciback: Check dev_data before using it kprobes/x86/xen: blacklist non-attachable xen interrupt functions serial: 8250: Rate limit serial port rx interrupts during input overruns HID: intel-ish-hid: fixes incorrect error handling btrfs: only track ref_heads in delayed_ref_updates mtd: rawnand: sunxi: Write pageprog related opcodes to WCMD_SET mmc: meson-gx: make sure the descriptor is stopped on errors VSOCK: bind to random port for VMADDR_PORT_ANY kvm: vmx: Set IA32_TSC_AUX for legacy mode guests gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB iwlwifi: move iwl_nvm_check_version() into dvm microblaze: move "... is ready" messages to arch/microblaze/Makefile microblaze: adjust the help to the real behavior ubi: Do not drop UBI device reference before using ubi: Put MTD device after it is not used xfs: require both realtime inodes to mount rtl818x: fix potential use after free mwifiex: debugfs: correct histogram spacing, formatting mwifiex: fix potential NULL dereference and use after free crypto: user - support incremental algorithm dumps scsi: lpfc: Enable Management features for IF_TYPE=6 ACPI / LPSS: Ignore acpi_device_fix_up_power() return value ARM: ks8695: fix section mismatch warning PM / AVS: SmartReflex: NULL check before some freeing functions is not needed RDMA/vmw_pvrdma: Use atomic memory allocation in create AH ARM: OMAP1: fix USB configuration for device-only setups arm64: smp: Handle errors reported by the firmware arm64: mm: Prevent mismatched 52-bit VA support parisc: Fix HP SDC hpa address output parisc: Fix serio address output ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed ARM: dts: Fix up SQ201 flash access scsi: lpfc: Fix dif and first burst use in write commands scsi: lpfc: Fix kernel Oops due to null pring pointers pwm: bcm-iproc: Prevent unloading the driver module while in use block: drbd: remove a stray unlock in __drbd_send_protocol() mac80211: fix station inactive_time shortly after boot ceph: return -EINVAL if given fsc mount option on kernel w/o support net: bcmgenet: reapply manual settings to the PHY scripts/gdb: fix debugging modules compiled with hot/cold partitioning watchdog: meson: Fix the wrong value of left time can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open can: peak_usb: report bus recovery as well bridge: ebtables: don't crash when using dnat target in output chains net: fec: add missed clk_disable_unprepare in remove clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call x86/resctrl: Prevent NULL pointer dereference when reading mondata idr: Fix idr_alloc_u32 on 32-bit systems clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 clk: at91: avoid sleeping early reset: fix reset_control_ops kerneldoc comment clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume ASoC: kirkwood: fix external clock probe defer reset: Fix memory leak in reset_control_array_put() ASoC: compress: fix unsigned integer overflow check ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX clk: meson: gxbb: let sar_adc_clk_div set the parent clock rate Revert "KVM: nVMX: reset cache/shadows when switching loaded VMCS" UPSTREAM: dt-bindings: arm: coresight: Add support for coresight-loses-context-with-cpu BACKPORT: coresight: etm4x: Save/restore state across CPU low power states BACKPORT: ARM: 8900/1: UNWINDER_FRAME_POINTER implementation for Clang Conflicts: Documentation/devicetree/bindings/arm/coresight.txt arch/arm/Makefile drivers/hid/hid-core.c kernel/exit.c Reverted the downstream patch "HID: core: add usage_page_preceding flag for hid_concatenate_usage_page()" as original issue got fixed with upstream changes. Change-Id: I3b833825b3d1104fa07378caef144639074d0a0d Signed-off-by: Srinivasarao P <spathi@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
84afceb668 |
Merge 4.14.158 into android-4.14
Changes in 4.14.158 Revert "KVM: nVMX: reset cache/shadows when switching loaded VMCS" clk: meson: gxbb: let sar_adc_clk_div set the parent clock rate ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX ASoC: compress: fix unsigned integer overflow check reset: Fix memory leak in reset_control_array_put() ASoC: kirkwood: fix external clock probe defer clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume reset: fix reset_control_ops kerneldoc comment clk: at91: avoid sleeping early clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 idr: Fix idr_alloc_u32 on 32-bit systems x86/resctrl: Prevent NULL pointer dereference when reading mondata clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call net: fec: add missed clk_disable_unprepare in remove bridge: ebtables: don't crash when using dnat target in output chains can: peak_usb: report bus recovery as well can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error watchdog: meson: Fix the wrong value of left time scripts/gdb: fix debugging modules compiled with hot/cold partitioning net: bcmgenet: reapply manual settings to the PHY ceph: return -EINVAL if given fsc mount option on kernel w/o support mac80211: fix station inactive_time shortly after boot block: drbd: remove a stray unlock in __drbd_send_protocol() pwm: bcm-iproc: Prevent unloading the driver module while in use scsi: lpfc: Fix kernel Oops due to null pring pointers scsi: lpfc: Fix dif and first burst use in write commands ARM: dts: Fix up SQ201 flash access ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication parisc: Fix serio address output parisc: Fix HP SDC hpa address output arm64: mm: Prevent mismatched 52-bit VA support arm64: smp: Handle errors reported by the firmware ARM: OMAP1: fix USB configuration for device-only setups RDMA/vmw_pvrdma: Use atomic memory allocation in create AH PM / AVS: SmartReflex: NULL check before some freeing functions is not needed ARM: ks8695: fix section mismatch warning ACPI / LPSS: Ignore acpi_device_fix_up_power() return value scsi: lpfc: Enable Management features for IF_TYPE=6 crypto: user - support incremental algorithm dumps mwifiex: fix potential NULL dereference and use after free mwifiex: debugfs: correct histogram spacing, formatting rtl818x: fix potential use after free xfs: require both realtime inodes to mount ubi: Put MTD device after it is not used ubi: Do not drop UBI device reference before using microblaze: adjust the help to the real behavior microblaze: move "... is ready" messages to arch/microblaze/Makefile iwlwifi: move iwl_nvm_check_version() into dvm gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB kvm: vmx: Set IA32_TSC_AUX for legacy mode guests VSOCK: bind to random port for VMADDR_PORT_ANY mmc: meson-gx: make sure the descriptor is stopped on errors mtd: rawnand: sunxi: Write pageprog related opcodes to WCMD_SET btrfs: only track ref_heads in delayed_ref_updates HID: intel-ish-hid: fixes incorrect error handling serial: 8250: Rate limit serial port rx interrupts during input overruns kprobes/x86/xen: blacklist non-attachable xen interrupt functions xen/pciback: Check dev_data before using it vfio-mdev/samples: Use u8 instead of char for handle functions pinctrl: xway: fix gpio-hog related boot issues net/mlx5: Continue driver initialization despite debugfs failure exofs_mount(): fix leaks on failure exits bnxt_en: Return linux standard errors in bnxt_ethtool.c bnxt_en: query force speeds before disabling autoneg mode. KVM: s390: unregister debug feature on failing arch init pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 HID: doc: fix wrong data structure reference for UHID_OUTPUT dm flakey: Properly corrupt multi-page bios. gfs2: take jdata unstuff into account in do_grow xfs: Align compat attrlist_by_handle with native implementation. xfs: Fix bulkstat compat ioctls on x32 userspace. IB/qib: Fix an error code in qib_sdma_verbs_send() clocksource/drivers/fttmr010: Fix invalid interrupt register access vxlan: Fix error path in __vxlan_dev_create() powerpc/book3s/32: fix number of bats in p/v_block_mapped() powerpc/xmon: fix dump_segments() drivers/regulator: fix a missing check of return value Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading serial: max310x: Fix tx_empty() callback openrisc: Fix broken paths to arch/or32 RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer scsi: qla2xxx: deadlock by configfs_depend_item scsi: csiostor: fix incorrect dma device in case of vport ath6kl: Only use match sets when firmware supports it ath6kl: Fix off by one error in scan completion powerpc/perf: Fix unit_sel/cache_sel checks powerpc/prom: fix early DEBUG messages powerpc/mm: Make NULL pointer deferences explicit on bad page faults. powerpc/44x/bamboo: Fix PCI range vfio/spapr_tce: Get rid of possible infinite loop powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status drbd: ignore "all zero" peer volume sizes in handshake drbd: reject attach of unsuitable uuids even if connected drbd: do not block when adjusting "disk-options" while IO is frozen drbd: fix print_st_err()'s prototype to match the definition IB/rxe: Make counters thread safe regulator: tps65910: fix a missing check of return value powerpc/83xx: handle machine check caused by watchdog timer powerpc/pseries: Fix node leak in update_lmb_associativity_index() crypto: mxc-scc - fix build warnings on ARM64 pwm: clps711x: Fix period calculation net/netlink_compat: Fix a missing check of nla_parse_nested net/net_namespace: Check the return value of register_pernet_subsys() f2fs: fix to dirty inode synchronously um: Make GCOV depend on !KCOV net: (cpts) fix a missing check of clk_prepare net: stmicro: fix a missing check of clk_prepare net: dsa: bcm_sf2: Propagate error value from mdio_write atl1e: checking the status of atl1e_write_phy_reg tipc: fix a missing check of genlmsg_put net/wan/fsl_ucc_hdlc: Avoid double free in ucc_hdlc_probe() ocfs2: clear journal dirty flag after shutdown journal vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk lib/genalloc.c: use vzalloc_node() to allocate the bitmap fork: fix some -Wmissing-prototypes warnings drivers/base/platform.c: kmemleak ignore a known leak lib/genalloc.c: include vmalloc.h mtd: Check add_mtd_device() ret code tipc: fix memory leak in tipc_nl_compat_publ_dump net/core/neighbour: tell kmemleak about hash tables PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() net/core/neighbour: fix kmemleak minimal reference count for hash tables serial: 8250: Fix serial8250 initialization crash gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel decnet: fix DN_IFREQ_SIZE net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() blktrace: Show requests without sector tipc: fix skb may be leaky in tipc_link_input sfc: initialise found bitmap in efx_ef10_mtd_probe net: fix possible overflow in __sk_mem_raise_allocated() sctp: don't compare hb_timer expire date before starting it bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() net: dev: Use unsigned integer as an argument to left-shift kvm: properly check debugfs dentry before using it bpf: drop refcount if bpf_map_new_fd() fails in map_create() net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED iommu/amd: Fix NULL dereference bug in match_hid_uid apparmor: delete the dentry in aafs_remove() to avoid a leak scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery ACPI / APEI: Don't wait to serialise with oops messages when panic()ing ACPI / APEI: Switch estatus pool to use vmalloc memory scsi: libsas: Check SMP PHY control function result powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() mtd: Remove a debug trace in mtdpart.c mm, gup: add missing refcount overflow checks on s390 clk: at91: fix update bit maps on CFG_MOR write clk: at91: generated: set audio_pll_allowed in at91_clk_register_generated() staging: rtl8192e: fix potential use after free staging: rtl8723bs: Drop ACPI device ids staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P mei: bus: prefix device names on bus with the bus name xfrm: Fix memleak on xfrm state destroy media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE net: macb: fix error format in dev_err() pwm: Clear chip_data in pwm_put() media: atmel: atmel-isc: fix asd memory allocation media: atmel: atmel-isc: fix INIT_WORK misplacement macvlan: schedule bc_work even if error net: psample: fix skb_over_panic openvswitch: fix flow command message size slip: Fix use-after-free Read in slip_open openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() openvswitch: remove another BUG_ON() tipc: fix link name length check sctp: cache netns in sctp_ep_common net: sched: fix `tc -s class show` no bstats on class with nolock subqueues ext4: add more paranoia checking in ext4_expand_extra_isize handling watchdog: sama5d4: fix WDD value to be always set to max net: macb: Fix SUBNS increment and increase resolution net: macb driver, check for SKBTX_HW_TSTAMP mtd: rawnand: atmel: Fix spelling mistake in error message mtd: rawnand: atmel: fix possible object reference leak mtd: spi-nor: cast to u64 to avoid uint overflows y2038: futex: Move compat implementation into futex.c futex: Prevent robust futex exit race futex: Move futex exit handling into futex code futex: Replace PF_EXITPIDONE with a state exit/exec: Seperate mm_release() futex: Split futex_mm_release() for exit/exec futex: Set task::futex_state to DEAD right after handling futex exit futex: Mark the begin of futex exit explicitly futex: Sanitize exit state handling futex: Provide state handling for exec() as well futex: Add mutex around futex exit futex: Provide distinct return value when owner is exiting futex: Prevent exit livelock HID: core: check whether Usage Page item is after Usage ID items crypto: stm32/hash - Fix hmac issue more than 256 bytes media: stm32-dcmi: fix DMA corruption when stopping streaming hwrng: stm32 - fix unbalanced pm_runtime_enable mailbox: mailbox-test: fix null pointer if no mmio pinctrl: stm32: fix memory leak issue ASoC: stm32: i2s: fix dma configuration ASoC: stm32: i2s: fix 16 bit format support ASoC: stm32: i2s: fix IRQ clearing platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size net: fec: fix clock count mis-match Linux 4.14.158 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Thomas Gleixner
|
7d79d1c681 |
exit/exec: Seperate mm_release()
commit 4610ba7ad877fafc0a25a30c6c82015304120426 upstream. mm_release() contains the futex exit handling. mm_release() is called from do_exit()->exit_mm() and from exec()->exec_mm(). In the exit_mm() case PF_EXITING and the futex state is updated. In the exec_mm() case these states are not touched. As the futex exit code needs further protections against exit races, this needs to be split into two functions. Preparatory only, no functional change. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Ingo Molnar <mingo@kernel.org> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/20191106224556.240518241@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Yi Wang
|
7c2ec471cf |
fork: fix some -Wmissing-prototypes warnings
[ Upstream commit fb5bf31722d0805a3f394f7d59f2e8cd07acccb7 ] We get a warning when building kernel with W=1: kernel/fork.c:167:13: warning: no previous prototype for `arch_release_thread_stack' [-Wmissing-prototypes] kernel/fork.c:779:13: warning: no previous prototype for `fork_init' [-Wmissing-prototypes] Add the missing declaration in head file to fix this. Also, remove arch_release_thread_stack() completely because no arch seems to implement it since bb9d81264 (arch: remove tile port). Link: http://lkml.kernel.org/r/1542170087-23645-1-git-send-email-wang.yi59@zte.com.cn Signed-off-by: Yi Wang <wang.yi59@zte.com.cn> Acked-by: Michal Hocko <mhocko@suse.com> Acked-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Yadu MG
|
e339a2357a |
trace/irq: sched: irq trace events should be used with !PROVE_LOCKING
When enabling PROVE_LOCKING, kernel build fails due to undefined symbol error for the irqsoff_tracing_threshold_ns which is used in sysctl interface,sysctl_irqsoff_tracing_threshold_ns. As per PREEMPTIRQ_EVENTS Kconfig help, for tracing irq disable/enable events CONFIG_PROVE_LOCKING should be disabled. This commit fixes by making the proc entry under the PROVE_LOCKING config. Change-Id: Ie28afd31013a9c393f32ad328cedfc0517867fc4 Signed-off-by: Yadu MG <ymg@codeaurora.org> |
||
|
Pavankumar Kondeti
|
d3f96d211b |
sched: Improve the scheduler
This change is for general scheduler improvement. Change-Id: If1ee58a8ed59e4a9ee25dfa6fa2a1c1654e00e6d Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org> |
||
|
Pavankumar Kondeti
|
04d07a9b6e |
sched/fair: Improve the scheduler
This change is for general scheduler improvement. Change-Id: I9216f9316e2bad067c10762de8d67912826b7bc7 Signed-off-by: Maria Yu <aiquny@codeaurora.org> Co-developed-by: Pavankumar Kondeti <pkondeti@codeaurora.org> [pkondeti@codeaurora.org: skip_cpu argument is implemented for fbt] Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org> |
||
|
Blagovest Kolenichev
|
50f461f659 |
Merge android-4.14-q.136 (7870b28) into msm-4.14
* refs/heads/tmp-7870b28: Linux 4.14.136 ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL ceph: hold i_ceph_lock when removing caps for freeing inode Fix allyesconfig output. drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl sched/fair: Don't free p->numa_faults with concurrent readers Bluetooth: hci_uart: check for missing tty operations hv_sock: Add support for delayed close iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA iommu/vt-d: Don't queue_iova() if there is no flush queue media: radio-raremono: change devm_k*alloc to k*alloc NFS: Cleanup if nfs_match_client is interrupted media: pvrusb2: use a different format for warnings media: cpia2_usb: first wake up, then free in disconnect ath10k: Change the warning message string media: au0828: fix null dereference in error path ISDN: hfcsusb: checking idx of ep configuration binder: fix possible UAF when freeing buffer arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ i2c: qup: fixed releasing dma without flush operation completion arm64: dts: marvell: Fix A37xx UART0 register size NFSv4: Fix lookup revalidate of regular files NFS: Refactor nfs_lookup_revalidate() NFS: Fix dentry revalidation on NFSv4 lookup vsock: correct removal of socket from the list VSOCK: use TCP state constants for sk_state ANDROID: fix up 9p filesystem due to CFI non-upstream patches Change-Id: I2838e5b80d1ff80132d5cbbe113ecc0037df9d5d Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
7870b283a5 |
Merge 4.14.136 into android-4.14-q
Changes in 4.14.136 VSOCK: use TCP state constants for sk_state vsock: correct removal of socket from the list NFS: Fix dentry revalidation on NFSv4 lookup NFS: Refactor nfs_lookup_revalidate() NFSv4: Fix lookup revalidate of regular files arm64: dts: marvell: Fix A37xx UART0 register size i2c: qup: fixed releasing dma without flush operation completion arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ binder: fix possible UAF when freeing buffer ISDN: hfcsusb: checking idx of ep configuration media: au0828: fix null dereference in error path ath10k: Change the warning message string media: cpia2_usb: first wake up, then free in disconnect media: pvrusb2: use a different format for warnings NFS: Cleanup if nfs_match_client is interrupted media: radio-raremono: change devm_k*alloc to k*alloc iommu/vt-d: Don't queue_iova() if there is no flush queue iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA hv_sock: Add support for delayed close Bluetooth: hci_uart: check for missing tty operations sched/fair: Don't free p->numa_faults with concurrent readers drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl Fix allyesconfig output. ceph: hold i_ceph_lock when removing caps for freeing inode ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL Linux 4.14.136 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
20c71e6d5a |
Merge 4.14.136 into android-4.14
Changes in 4.14.136 VSOCK: use TCP state constants for sk_state vsock: correct removal of socket from the list NFS: Fix dentry revalidation on NFSv4 lookup NFS: Refactor nfs_lookup_revalidate() NFSv4: Fix lookup revalidate of regular files arm64: dts: marvell: Fix A37xx UART0 register size i2c: qup: fixed releasing dma without flush operation completion arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ binder: fix possible UAF when freeing buffer ISDN: hfcsusb: checking idx of ep configuration media: au0828: fix null dereference in error path ath10k: Change the warning message string media: cpia2_usb: first wake up, then free in disconnect media: pvrusb2: use a different format for warnings NFS: Cleanup if nfs_match_client is interrupted media: radio-raremono: change devm_k*alloc to k*alloc iommu/vt-d: Don't queue_iova() if there is no flush queue iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA hv_sock: Add support for delayed close Bluetooth: hci_uart: check for missing tty operations sched/fair: Don't free p->numa_faults with concurrent readers drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl Fix allyesconfig output. ceph: hold i_ceph_lock when removing caps for freeing inode ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL Linux 4.14.136 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Jann Horn
|
d0919216e4 |
sched/fair: Don't free p->numa_faults with concurrent readers
commit 16d51a590a8ce3befb1308e0e7ab77f3b661af33 upstream.
When going through execve(), zero out the NUMA fault statistics instead of
freeing them.
During execve, the task is reachable through procfs and the scheduler. A
concurrent /proc/*/sched reader can read data from a freed ->numa_faults
allocation (confirmed by KASAN) and write it back to userspace.
I believe that it would also be possible for a use-after-free read to occur
through a race between a NUMA fault and execve(): task_numa_fault() can
lead to task_numa_compare(), which invokes task_weight() on the currently
running task of a different CPU.
Another way to fix this would be to make ->numa_faults RCU-managed or add
extra locking, but it seems easier to wipe the NUMA fault statistics on
execve.
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will@kernel.org>
Fixes:
|
||
|
Blagovest Kolenichev
|
a1476870e4 |
Merge android-4.14.129 (93c338c) into msm-4.14
* refs/heads/tmp-93c338c:
Linux 4.14.129
Abort file_remove_privs() for non-reg. files
infiniband: fix race condition between infiniband mlx4, mlx5 driver and core dumping
coredump: fix race condition between collapse_huge_page() and core dumping
HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact
HID: wacom: Don't report anything prior to the tool entering range
HID: wacom: Don't set tool type until we're in range
mlxsw: spectrum: Prevent force of 56G
scsi: libsas: delete sas port if expander discover failed
scsi: scsi_dh_alua: Fix possible null-ptr-deref
scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask
scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
net: phy: dp83867: Set up RGMII TX delay
net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs
KVM: PPC: Book3S HV: Don't take kvm->lock around kvm_for_each_vcpu
KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list
ia64: fix build errors by exporting paddr_to_nid()
perf record: Fix s390 missing module symbol and warning for non-root users
perf data: Fix 'strncat may truncate' build failure with recent gcc
configfs: Fix use-after-free when accessing sd->s_dentry
ALSA: hda - Force polling mode on CNL for fixing codec communication
i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
net: aquantia: fix LRO with FCS error
net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE()
gpio: fix gpio-adp5588 build errors
perf/ring-buffer: Always use {READ,WRITE}_ONCE() for rb->user_page data
perf/ring_buffer: Add ordering to rb->nest increment
perf/ring_buffer: Fix exposing a temporarily decreased data_head
x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor
mISDN: make sure device name is NUL terminated
powerpc/powernv: Return for invalid IMC domain
clk: ti: clkctrl: Fix clkdm_clk handling
selftests: netfilter: missing error check when setting up veth interface
ipvs: Fix use-after-free in ip_vs_in
netfilter: nf_queue: fix reinject verdict handling
perf/x86/intel/ds: Fix EVENT vs. UEVENT PEBS constraints
Staging: vc04_services: Fix a couple error codes
sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
sctp: Free cookie before we memdup a new one
net: openvswitch: do not free vport if register_netdevice() is failed.
neigh: fix use-after-free read in pneigh_get_next
lapb: fixed leak of control-blocks.
ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
be2net: Fix number of Rx queues used for flow hashing
ax25: fix inconsistent lock state in ax25_destroy_timer
perf machine: Guard against NULL in machine__exit()
Conflicts:
fs/configfs/dir.c
Change-Id: I4045364b79aa23d85fc008fe99d858b24406bd2f
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Blagovest Kolenichev
|
d4dcd34c67 |
Merge android-4.14.116 (85dc1a5) into msm-4.14
* refs/heads/tmp-85dc1a5:
Linux 4.14.116
leds: pca9532: fix a potential NULL pointer dereference
ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK
iommu/amd: Reserve exclusion range in iova-domain
kconfig/[mn]conf: handle backspace (^H) key
gpio: of: Fix of_gpiochip_add() error path
libata: fix using DMA buffers on stack
scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
ceph: fix use-after-free on symlink traversal
usb: u132-hcd: fix resource leak
usb: usb251xb: fix to avoid potential NULL pointer dereference
scsi: qla4xxx: fix a potential NULL pointer dereference
drm/meson: Uninstall IRQ handler
drm/meson: Fix invalid pointer in meson_drv_unbind()
gpio: aspeed: fix a potential NULL pointer dereference
net: ethernet: ti: fix possible object reference leak
net: ibm: fix possible object reference leak
net: xilinx: fix possible object reference leak
NFS: Fix a typo in nfs_init_timeout_values()
ARM: dts: imx6qdl: Fix typo in imx6qdl-icore-rqs.dtsi
net/sched: don't dereference a->goto_chain to read the chain index
net: macb: Add null check for PCLK and HCLK
staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc
staging: rtl8712: uninitialized memory in read_bbreg_hdl()
staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference
staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc
net: ks8851: Set initial carrier state to down
net: ks8851: Delay requesting IRQ until opened
net: ks8851: Reassert reset pin if chip ID check fails
net: ks8851: Dequeue RX packets explicitly
ARM: dts: pfla02: increase phy reset duration
usb: gadget: net2272: Fix net2272_dequeue()
usb: gadget: net2280: Fix net2280_dequeue()
usb: gadget: net2280: Fix overrun of OUT messages
KVM: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots
serial: ar933x_uart: Fix build failure with disabled console
sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
s390/qeth: fix race when initializing the IP address table
netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING
netfilter: nft_set_rbtree: check for inactive element after flag mismatch
qlcnic: Avoid potential NULL pointer dereference
s390: limit brk randomization to 32MB
ARM: dts: bcm283x: Fix hdmi hpd gpio pull
fs: prevent page refcount overflow in pipe_buf_get
mm: prevent get_user_pages() from overflowing page refcount
mm: add 'try_get_page()' helper function
mm: make page ref count overflow check tighter and more explicit
usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
usbnet: ipheth: prevent TX queue timeouts when device not ready
selinux: use kernel linux/socket.h for genheaders and mdp
Change-Id: I4c096d869f0c685cf3a107748bba0ffe3b20c029
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Blagovest Kolenichev
|
dc1d03db8d |
Merge android-4.14.114 (c680586) into msm-4.14
* refs/heads/tmp-c680586:
dm: Restore reverted changes
Linux 4.14.114
kernel/sysctl.c: fix out-of-bounds access when setting file-max
Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()"
i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array
xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute
xfs: add the ability to join a held buffer to a defer_ops
iomap: report collisions between directio and buffered writes to userspace
tools include: Adopt linux/bits.h
percpu: stop printing kernel addresses
ALSA: info: Fix racy addition/deletion of nodes
mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n
device_cgroup: fix RCU imbalance in error case
sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
Revert "kbuild: use -Oz instead of -Os when using clang"
net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c
net: IP6 defrag: use rbtrees for IPv6 defrag
ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module
net: IP defrag: encapsulate rbtree defrag code into callable functions
ipv6: frags: fix a lockdep false positive
tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
modpost: file2alias: check prototype of handler
modpost: file2alias: go back to simple devtable lookup
mmc: sdhci: Handle auto-command errors
mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR
mmc: sdhci: Fix data command CRC error handling
crypto: crypto4xx - properly set IV after de- and encrypt
x86/speculation: Prevent deadlock on ssb_state::lock
perf/x86: Fix incorrect PEBS_REGS
x86/cpu/bugs: Use __initconst for 'const' init data
perf/x86/amd: Add event map for AMD Family 17h
mac80211: do not call driver wake_tx_queue op during reconfig
rt2x00: do not increment sequence number while re-transmitting
kprobes: Fix error check when reusing optimized probes
kprobes: Mark ftrace mcount handler functions nokprobe
x86/kprobes: Verify stack frame on kretprobe
arm64: futex: Restore oldval initialization to work around buggy compilers
crypto: x86/poly1305 - fix overflow during partial reduction
coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
Revert "svm: Fix AVIC incomplete IPI emulation"
Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO"
scsi: core: set result when the command cannot be dispatched
ALSA: core: Fix card races between register and disconnect
ALSA: hda/realtek - add two more pin configuration sets to quirk table
staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
staging: comedi: ni_usb6501: Fix use of uninitialized mutex
staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
staging: comedi: vmk80xx: Fix use of uninitialized semaphore
io: accel: kxcjk1013: restore the range after resume.
iio: core: fix a possible circular locking dependency
iio: adc: at91: disable adc channel interrupt in timeout case
iio: Fix scan mask selection
iio: dac: mcp4725: add missing powerdown bits in store eeprom
iio: ad_sigma_delta: select channel when reading register
iio: cros_ec: Fix the maths for gyro scale calculation
iio/gyro/bmg160: Use millidegrees for temperature scale
iio: gyro: mpu3050: fix chip ID reading
staging: iio: ad7192: Fix ad7193 channel address
Staging: iio: meter: fixed typo
KVM: x86: svm: make sure NMI is injected after nmi_singlestep
KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
CIFS: keep FileInfo handle live during oplock break
net: thunderx: don't allow jumbo frames with XDP
net: thunderx: raise XDP MTU to 1508
ipv4: ensure rcu_read_lock() in ipv4_link_failure()
ipv4: recompile ip options in ipv4_link_failure
vhost: reject zero size iova range
team: set slave to promisc if team is already in promisc mode
tcp: tcp_grow_window() needs to respect tcp_space()
net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
net: bridge: multicast: use rcu to access port list from br_multicast_start_querier
net: bridge: fix per-port af_packet sockets
net: atm: Fix potential Spectre v1 vulnerabilities
bonding: fix event handling for stacked bonds
ANDROID: cuttlefish_defconfig: Enable CONFIG_XFRM_STATISTICS
Linux 4.14.113
appletalk: Fix compile regression
mm: hide incomplete nr_indirectly_reclaimable in sysfs
net: stmmac: Set dma ring length before enabling the DMA
bpf: Fix selftests are changes for CVE 2019-7308
bpf: fix sanitation rewrite in case of non-pointers
bpf: do not restore dst_reg when cur_state is freed
bpf: fix inner map masking to prevent oob under speculation
bpf: fix sanitation of alu op with pointer / scalar type from different paths
bpf: prevent out of bounds speculation on pointer arithmetic
bpf: fix check_map_access smin_value test when pointer contains offset
bpf: restrict unknown scalars of mixed signed bounds for unprivileged
bpf: restrict stack pointer arithmetic for unprivileged
bpf: restrict map value pointer arithmetic for unprivileged
bpf: enable access to ax register also from verifier rewrite
bpf: move tmp variable into ax register in interpreter
bpf: move {prev_,}insn_idx into verifier env
bpf: fix stack state printing in verifier log
bpf: fix verifier NULL pointer dereference
bpf: fix verifier memory leaks
bpf: reduce verifier memory consumption
dm: disable CRYPTO_TFM_REQ_MAY_SLEEP to fix a GFP_KERNEL recursion deadlock
bpf: fix use after free in bpf_evict_inode
include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
lib/div64.c: off by one in shift
appletalk: Fix use-after-free in atalk_proc_exit
drm/amdkfd: use init_mqd function to allocate object for hid_mqd (CI)
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
drm/nouveau/volt/gf117: fix speedo readout register
coresight: cpu-debug: Support for CA73 CPUs
Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk"
crypto: axis - fix for recursive locking from bottom half
drm/panel: panel-innolux: set display off in innolux_panel_unprepare
lkdtm: Add tests for NULL pointer dereference
lkdtm: Print real addresses
soc/tegra: pmc: Drop locking from tegra_powergate_is_powered()
iommu/dmar: Fix buffer overflow during PCI bus notification
crypto: sha512/arm - fix crash bug in Thumb2 build
crypto: sha256/arm - fix crash bug in Thumb2 build
kernel: hung_task.c: disable on suspend
cifs: fallback to older infolevels on findfirst queryinfo retry
compiler.h: update definition of unreachable()
KVM: nVMX: restore host state in nested_vmx_vmexit for VMFail
ACPI / SBS: Fix GPE storm on recent MacBookPro's
usbip: fix vhci_hcd controller counting
ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
HID: i2c-hid: override HID descriptors for certain devices
media: au0828: cannot kfree dev before usb disconnect
powerpc/pseries: Remove prrn_work workqueue
serial: uartps: console_setup() can't be placed to init section
netfilter: xt_cgroup: shrink size of v2 path
f2fs: fix to do sanity check with current segment number
9p locks: add mount option for lock retry interval
9p: do not trust pdu content for stat item size
rsi: improve kernel thread handling to fix kernel panic
gpio: pxa: handle corner case of unprobed device
ext4: prohibit fstrim in norecovery mode
fix incorrect error code mapping for OBJECTID_NOT_FOUND
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
iommu/vt-d: Check capability before disabling protected memory
drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
x86/hpet: Prevent potential NULL pointer dereference
irqchip/mbigen: Don't clear eventid when freeing an MSI
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
perf tests: Fix memory leak by expr__find_other() in test__expr()
perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test
perf evsel: Free evsel->counts in perf_evsel__exit()
perf hist: Add missing map__put() in error case
perf top: Fix error handling in cmd_top()
perf build-id: Fix memory leak in print_sdt_events()
perf config: Fix a memory leak in collect_config()
perf config: Fix an error in the config template documentation
perf list: Don't forget to drop the reference to the allocated thread_map
tools/power turbostat: return the exit status of a command
x86/mm: Don't leak kernel addresses
scsi: iscsi: flush running unbind operations when removing a session
thermal/intel_powerclamp: fix truncated kthread name
thermal/int340x_thermal: fix mode setting
thermal/int340x_thermal: Add additional UUIDs
thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs
thermal/intel_powerclamp: fix __percpu declaration of worker_data
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
mmc: davinci: remove extraneous __init annotation
IB/mlx4: Fix race condition between catas error reset and aliasguid flows
auxdisplay: hd44780: Fix memory leak on ->remove()
ALSA: sb8: add a check for request_region
ALSA: echoaudio: add a check for ioremap_nocache
ext4: report real fs size after failed resize
ext4: add missing brelse() in add_new_gdb_meta_bg()
perf/core: Restore mmap record type correctly
arc: hsdk_defconfig: Enable CONFIG_BLK_DEV_RAM
ARC: u-boot args: check that magic number is correct
ANDROID: cuttlefish_defconfig: Enable L2TP/PPTP
ANDROID: Makefile: Properly resolve 4.14.112 merge
Make arm64 serial port config compatible with crosvm
Linux 4.14.112
arm64: dts: rockchip: Fix vcc_host1_5v GPIO polarity on rk3328-rock64
arm64: dts: rockchip: fix vcc_host1_5v pin assign on rk3328-rock64
dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors
PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
x86/perf/amd: Remove need to check "running" bit in NMI handler
x86/perf/amd: Resolve NMI latency issues for active PMCs
x86/perf/amd: Resolve race condition when disabling PMC
xtensa: fix return_address
sched/fair: Do not re-read ->h_load_next during hierarchical load calculation
xen: Prevent buffer overflow in privcmd ioctl
arm64: backtrace: Don't bother trying to unwind the userspace stack
arm64: dts: rockchip: fix rk3328 rgmii high tx error rate
arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
ARM: dts: at91: Fix typo in ISC_D0 on PC9
ARM: dts: am335x-evm: Correct the regulators for the audio codec
ARM: dts: am335x-evmsk: Correct the regulators for the audio codec
virtio: Honour 'may_reduce_num' in vring_create_virtqueue
genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n
genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
block: fix the return errno for direct IO
block: do not leak memory in bio_copy_user_iov()
btrfs: prop: fix vanished compression property after failed set
btrfs: prop: fix zstd compression parameter validation
Btrfs: do not allow trimming when a fs is mounted with the nologreplay option
ASoC: fsl_esai: fix channel swap issue when stream starts
include/linux/bitrev.h: fix constant bitrev
drm/udl: add a release method and delay modeset teardown
alarmtimer: Return correct remaining time
parisc: regs_return_value() should return gpr28
parisc: Detect QEMU earlier in boot process
arm64: dts: rockchip: fix rk3328 sdmmc0 write errors
hv_netvsc: Fix unwanted wakeup after tx_disable
ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
ALSA: seq: Fix OOB-reads from strlcpy
net: ethtool: not call vzalloc for zero sized memory request
netns: provide pure entropy for net_hash_mix()
net/sched: act_sample: fix divide by zero in the traffic path
bnxt_en: Reset device on RX buffer errors.
bnxt_en: Improve RX consumer index validity check.
nfp: validate the return code from dev_queue_xmit()
net/mlx5e: Add a lock on tir list
net/mlx5e: Fix error handling when refreshing TIRs
vrf: check accept_source_route on the original netdevice
tcp: Ensure DCTCP reacts to losses
sctp: initialize _pad of sockaddr_in before copying to user memory
qmi_wwan: add Olicard 600
openvswitch: fix flow actions reallocation
net/sched: fix ->get helper of the matchall cls
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
net/mlx5: Decrease default mr cache size
net-gro: Fix GRO flush when receiving a GSO packet.
kcm: switch order of device registration to fix a crash
ipv6: sit: reset ip header pointer in ipip6_rcv
ipv6: Fix dangling pointer when ipv6 fragment
tty: ldisc: add sysctl to prevent autoloading of ldiscs
tty: mark Siemens R3964 line discipline as BROKEN
arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region
stating: ccree: revert "staging: ccree: fix leak of import() after init()"
lib/string.c: implement a basic bcmp
x86/vdso: Drop implicit common-page-size linker flag
x86: vdso: Use $LD instead of $CC to link
kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM
drm/i915/gvt: do not let pin count of shadow mm go negative
x86/power: Make restore_processor_context() sane
x86/power/32: Move SYSENTER MSR restoration to fix_processor_context()
x86/power/64: Use struct desc_ptr for the IDT in struct saved_context
x86/power: Fix some ordering bugs in __restore_processor_context()
net: sfp: move sfp_register_socket call from sfp_remove to sfp_probe
Revert "CHROMIUM: dm: boot time specification of dm="
Revert "ANDROID: dm: do_mounts_dm: Rebase on top of 4.9"
Revert "ANDROID: dm: do_mounts_dm: fix dm_substitute_devices()"
Revert "ANDROID: dm: do_mounts_dm: Update init/do_mounts_dm.c to the latest ChromiumOS version."
sched/fair: remove printk while schedule is in progress
ANDROID: Makefile: Add '-fsplit-lto-unit' to cfi-clang-flags
ANDROID: cfi: Remove unused variable in ptr_to_check_fn
ANDROID: cuttlefish_defconfig: Enable CONFIG_FUSE_FS
Conflicts:
arch/arm64/kernel/traps.c
drivers/mmc/host/sdhci.c
drivers/mmc/host/sdhci.h
drivers/tty/Kconfig
kernel/sched/fair.c
Change-Id: Ic4c01204f58cdb536e2cab04e4f1a2451977f6a3
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
db9094736a |
Merge 4.14.129 into android-4.14-q
Changes in 4.14.129
perf machine: Guard against NULL in machine__exit()
ax25: fix inconsistent lock state in ax25_destroy_timer
be2net: Fix number of Rx queues used for flow hashing
ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
lapb: fixed leak of control-blocks.
neigh: fix use-after-free read in pneigh_get_next
net: openvswitch: do not free vport if register_netdevice() is failed.
sctp: Free cookie before we memdup a new one
sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
Staging: vc04_services: Fix a couple error codes
perf/x86/intel/ds: Fix EVENT vs. UEVENT PEBS constraints
netfilter: nf_queue: fix reinject verdict handling
ipvs: Fix use-after-free in ip_vs_in
selftests: netfilter: missing error check when setting up veth interface
clk: ti: clkctrl: Fix clkdm_clk handling
powerpc/powernv: Return for invalid IMC domain
mISDN: make sure device name is NUL terminated
x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor
perf/ring_buffer: Fix exposing a temporarily decreased data_head
perf/ring_buffer: Add ordering to rb->nest increment
perf/ring-buffer: Always use {READ,WRITE}_ONCE() for rb->user_page data
gpio: fix gpio-adp5588 build errors
net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE()
net: aquantia: fix LRO with FCS error
i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
ALSA: hda - Force polling mode on CNL for fixing codec communication
configfs: Fix use-after-free when accessing sd->s_dentry
perf data: Fix 'strncat may truncate' build failure with recent gcc
perf record: Fix s390 missing module symbol and warning for non-root users
ia64: fix build errors by exporting paddr_to_nid()
KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list
KVM: PPC: Book3S HV: Don't take kvm->lock around kvm_for_each_vcpu
net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs
net: phy: dp83867: Set up RGMII TX delay
scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask
scsi: scsi_dh_alua: Fix possible null-ptr-deref
scsi: libsas: delete sas port if expander discover failed
mlxsw: spectrum: Prevent force of 56G
HID: wacom: Don't set tool type until we're in range
HID: wacom: Don't report anything prior to the tool entering range
HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact
coredump: fix race condition between collapse_huge_page() and core dumping
infiniband: fix race condition between infiniband mlx4, mlx5 driver and core dumping
Abort file_remove_privs() for non-reg. files
Linux 4.14.129
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
93c338c2e7 |
Merge 4.14.129 into android-4.14
Changes in 4.14.129
perf machine: Guard against NULL in machine__exit()
ax25: fix inconsistent lock state in ax25_destroy_timer
be2net: Fix number of Rx queues used for flow hashing
ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
lapb: fixed leak of control-blocks.
neigh: fix use-after-free read in pneigh_get_next
net: openvswitch: do not free vport if register_netdevice() is failed.
sctp: Free cookie before we memdup a new one
sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
Staging: vc04_services: Fix a couple error codes
perf/x86/intel/ds: Fix EVENT vs. UEVENT PEBS constraints
netfilter: nf_queue: fix reinject verdict handling
ipvs: Fix use-after-free in ip_vs_in
selftests: netfilter: missing error check when setting up veth interface
clk: ti: clkctrl: Fix clkdm_clk handling
powerpc/powernv: Return for invalid IMC domain
mISDN: make sure device name is NUL terminated
x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor
perf/ring_buffer: Fix exposing a temporarily decreased data_head
perf/ring_buffer: Add ordering to rb->nest increment
perf/ring-buffer: Always use {READ,WRITE}_ONCE() for rb->user_page data
gpio: fix gpio-adp5588 build errors
net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE()
net: aquantia: fix LRO with FCS error
i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
ALSA: hda - Force polling mode on CNL for fixing codec communication
configfs: Fix use-after-free when accessing sd->s_dentry
perf data: Fix 'strncat may truncate' build failure with recent gcc
perf record: Fix s390 missing module symbol and warning for non-root users
ia64: fix build errors by exporting paddr_to_nid()
KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list
KVM: PPC: Book3S HV: Don't take kvm->lock around kvm_for_each_vcpu
net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs
net: phy: dp83867: Set up RGMII TX delay
scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask
scsi: scsi_dh_alua: Fix possible null-ptr-deref
scsi: libsas: delete sas port if expander discover failed
mlxsw: spectrum: Prevent force of 56G
HID: wacom: Don't set tool type until we're in range
HID: wacom: Don't report anything prior to the tool entering range
HID: wacom: Send BTN_TOUCH in response to INTUOSP2_BT eraser contact
coredump: fix race condition between collapse_huge_page() and core dumping
infiniband: fix race condition between infiniband mlx4, mlx5 driver and core dumping
Abort file_remove_privs() for non-reg. files
Linux 4.14.129
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Andrea Arcangeli
|
dc30d2ceeb |
coredump: fix race condition between collapse_huge_page() and core dumping
commit 59ea6d06cfa9247b586a695c21f94afa7183af74 upstream.
When fixing the race conditions between the coredump and the mmap_sem
holders outside the context of the process, we focused on
mmget_not_zero()/get_task_mm() callers in 04f5866e41fb70 ("coredump: fix
race condition between mmget_not_zero()/get_task_mm() and core
dumping"), but those aren't the only cases where the mmap_sem can be
taken outside of the context of the process as Michal Hocko noticed
while backporting that commit to older -stable kernels.
If mmgrab() is called in the context of the process, but then the
mm_count reference is transferred outside the context of the process,
that can also be a problem if the mmap_sem has to be taken for writing
through that mm_count reference.
khugepaged registration calls mmgrab() in the context of the process,
but the mmap_sem for writing is taken later in the context of the
khugepaged kernel thread.
collapse_huge_page() after taking the mmap_sem for writing doesn't
modify any vma, so it's not obvious that it could cause a problem to the
coredump, but it happens to modify the pmd in a way that breaks an
invariant that pmd_trans_huge_lock() relies upon. collapse_huge_page()
needs the mmap_sem for writing just to block concurrent page faults that
call pmd_trans_huge_lock().
Specifically the invariant that "!pmd_trans_huge()" cannot become a
"pmd_trans_huge()" doesn't hold while collapse_huge_page() runs.
The coredump will call __get_user_pages() without mmap_sem for reading,
which eventually can invoke a lockless page fault which will need a
functional pmd_trans_huge_lock().
So collapse_huge_page() needs to use mmget_still_valid() to check it's
not running concurrently with the coredump... as long as the coredump
can invoke page faults without holding the mmap_sem for reading.
This has "Fixes: khugepaged" to facilitate backporting, but in my view
it's more a bug in the coredump code that will eventually have to be
rewritten to stop invoking page faults without the mmap_sem for reading.
So the long term plan is still to drop all mmget_still_valid().
Link: http://lkml.kernel.org/r/20190607161558.32104-1-aarcange@redhat.com
Fixes:
|
||
|
Blagovest Kolenichev
|
5d880f1ba0 |
Merge android-4.14.111 (171fc23) into msm-4.14
* refs/heads/tmp-171fc23: Revert "usb: dwc3: gadget: Fix OTG events when gadget driver isn't loaded" Revert "coresight: etm4x: Add support to enable ETMv4.2" Linux 4.14.111 ACPI / video: Extend chassis-type detection with a "Lunch Box" check drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers dmaengine: tegra: avoid overflow of byte tracking clk: rockchip: fix frac settings of GPLL clock for rk3328 x86/build: Mark per-CPU symbols as absolute explicitly for LLD wlcore: Fix memory leak in case wl12xx_fetch_firmware failure selinux: do not override context on context mounts x86/build: Specify elf_i386 linker emulation explicitly for i386 objects drm/nouveau: Stop using drm_crtc_force_disable drm: Auto-set allow_fb_modifiers when given modifiers at plane init regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration netfilter: physdev: relax br_netfilter dependency dmaengine: qcom_hidma: initialize tx flags in hidma_prep_dma_* dmaengine: qcom_hidma: assign channel cookie correctly dmaengine: imx-dma: fix warning comparison of distinct pointer types cpu/hotplug: Mute hotplug lockdep during init hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit soc/tegra: fuse: Fix illegal free of IO base address hwrng: virtio - Avoid repeated init of completion media: mt9m111: set initial frame size other than 0x0 usb: dwc3: gadget: Fix OTG events when gadget driver isn't loaded powerpc/pseries: Perform full re-add of CPU for topology update post-migration tty: increase the default flip buffer limit to 2*640K backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial state cgroup/pids: turn cgroup_subsys->free() into cgroup_subsys->release() to fix the accounting bpf: fix missing prototype warnings ARM: avoid Cortex-A9 livelock on tight dmb loops ARM: 8830/1: NOMMU: Toggle only bits in EXC_RETURN we are really care of mt7601u: bump supported EEPROM version soc: qcom: gsbi: Fix error handling in gsbi_probe() efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted ARM: dts: lpc32xx: Remove leading 0x and 0s from bindings notation efi/memattr: Don't bail on zero VA if it equals the region's PA sched/debug: Initialize sd_sysctl_cpus if !CONFIG_CPUMASK_OFFSTACK ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe platform/x86: intel_pmc_core: Fix PCH IP sts reading e1000e: fix cyclic resets at link up with active tx cdrom: Fix race condition in cdrom_sysctl_register fbdev: fbmem: fix memory access if logo is bigger than the screen iw_cxgb4: fix srqidx leak during connection abort genirq: Avoid summation loops for /proc/stat bcache: improve sysfs_strtoul_clamp() bcache: fix input overflow to sequential_cutoff bcache: fix input overflow to cache set sysfs file io_error_halflife sched/topology: Fix percpu data types in struct sd_data & struct s_data usb: f_fs: Avoid crash due to out-of-scope stack ptr access ALSA: PCM: check if ops are defined before suspending PCM ARM: 8833/1: Ensure that NEON code always compiles with Clang netfilter: conntrack: fix cloned unconfirmed skb->_nfct race in __nf_conntrack_confirm kprobes: Prohibit probing on bsearch() ACPI / video: Refactor and fix dmi_is_desktop() iwlwifi: pcie: fix emergency path leds: lp55xx: fix null deref on firmware load failure jbd2: fix race when writing superblock HID: intel-ish-hid: avoid binding wrong ishtp_cl_device vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 media: mtk-jpeg: Correct return type for mem2mem buffer helpers media: mx2_emmaprp: Correct return type for mem2mem buffer helpers media: s5p-g2d: Correct return type for mem2mem buffer helpers media: s5p-jpeg: Correct return type for mem2mem buffer helpers media: sh_veu: Correct return type for mem2mem buffer helpers SoC: imx-sgtl5000: add missing put_device() perf test: Fix failure of 'evsel-tp-sched' test on s390 scsi: fcoe: make use of fip_mode enum complete scsi: megaraid_sas: return error when create DMA pool failed efi: cper: Fix possible out-of-bounds access cpufreq: acpi-cpufreq: Report if CPU doesn't support boost technologies clk: fractional-divider: check parent rate only if flag is set IB/mlx4: Increase the timeout for CM cache mlxsw: spectrum: Avoid -Wformat-truncation warnings e1000e: Fix -Wformat-truncation warnings mmc: omap: fix the maximum timeout setting powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables ARM: 8840/1: use a raw_spinlock_t in unwind serial: 8250_pxa: honor the port number from devicetree coresight: etm4x: Add support to enable ETMv4.2 powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c usb: chipidea: Grab the (legacy) USB PHY by phandle first crypto: cavium/zip - fix collision with generic cra_driver_name crypto: crypto4xx - add missing of_node_put after of_device_is_available wil6210: check null pointer in _wil_cfg80211_merge_extra_ies PCI/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() tools lib traceevent: Fix buffer overflow in arg_eval fs: fix guard_bio_eod to check for real EOD errors jbd2: fix invalid descriptor block checksum cifs: Fix NULL pointer dereference of devname dm thin: add sanity checks to thin-pool and external snapshot creation cifs: use correct format characters page_poison: play nicely with KASAN fs/file.c: initialize init_files.resize_wait f2fs: do not use mutex lock in atomic context ocfs2: fix a panic problem caused by o2cb_ctl mm/slab.c: kmemleak no scan alien caches mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! mm, mempolicy: fix uninit memory access mm/page_ext.c: fix an imbalance with kmemleak mm/cma.c: cma_declare_contiguous: correct err handling perf c2c: Fix c2c report for empty numa node iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver scsi: hisi_sas: Set PHY linkrate when disconnected enic: fix build warning without CONFIG_CPUMASK_OFFSTACK sysctl: handle overflow for file-max include/linux/relay.h: fix percpu annotation in struct rchan gpio: gpio-omap: fix level interrupt idling net/mlx5: Avoid panic when setting vport mac, getting vport config net/mlx5: Avoid panic when setting vport rate tracing: kdb: Fix ftdump to not sleep f2fs: fix to avoid deadlock in f2fs_read_inline_dir() h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux- CIFS: fix POSIX lock leak and invalid ptr deref mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped tty/serial: atmel: Add is_half_duplex helper lib/int_sqrt: optimize initial value compute ext4: cleanup bh release code in ext4_ind_remove_space() arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals ANDROID: cuttlefish_defconfig: Enable CONFIG_OVERLAY_FS ANDROID: cuttlefish: enable CONFIG_NET_SCH_INGRESS=y Conflicts: drivers/usb/gadget/function/f_fs.c mm/page_alloc.c net/netfilter/nf_conntrack_core.c Change-Id: I4a3db0717eb4f0f0d89e57f3167129bcd2419599 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |