udc
606 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Stella Bloom
|
cd68483426 | Merge branch 'linux-4.14.y' of github.com:openela/kernel-lts into HEAD | ||
|
Cyril Hrubis
|
7ccbe0f58d |
sched/rt: Disallow writing invalid values to sched_rt_period_us
[ Upstream commit 079be8fc630943d9fc70a97807feb73d169ee3fc ] The validation of the value written to sched_rt_period_us was broken because: - the sysclt_sched_rt_period is declared as unsigned int - parsed by proc_do_intvec() - the range is asserted after the value parsed by proc_do_intvec() Because of this negative values written to the file were written into a unsigned integer that were later on interpreted as large positive integers which did passed the check: if (sysclt_sched_rt_period <= 0) return EINVAL; This commit fixes the parsing by setting explicit range for both perid_us and runtime_us into the sched_rt_sysctls table and processes the values with proc_dointvec_minmax() instead. Alternatively if we wanted to use full range of unsigned int for the period value we would have to split the proc_handler and use proc_douintvec() for it however even the Documentation/scheduller/sched-rt-group.rst describes the range as 1 to INT_MAX. As far as I can tell the only problem this causes is that the sysctl file allows writing negative values which when read back may confuse userspace. There is also a LTP test being submitted for these sysctl files at: http://patchwork.ozlabs.org/project/ltp/patch/20230901144433.2526-1-chrubis@suse.cz/ Signed-off-by: Cyril Hrubis <chrubis@suse.cz> Signed-off-by: Ingo Molnar <mingo@kernel.org> Link: https://lore.kernel.org/r/20231002115553.3007-2-chrubis@suse.cz [ pvorel: rebased for 4.19 ] Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit 2d931472d4740d3ada7011cc4c3499948d3a22fa) Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> |
||
|
Matsvei Niaverau
|
c8c286e8e9 | Merge branch 'android-4.14-stable' into lineage-20 | ||
|
Greg Kroah-Hartman
|
8e45015ccc |
Merge 4.14.301 into android-4.14-stable
Changes in 4.14.301
wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
audit: fix undefined behavior in bit shift for AUDIT_BIT
wifi: mac80211: Fix ack frame idr leak when mesh has no route
spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
MIPS: pic32: treat port as signed integer
af_key: Fix send_acquire race with pfkey_register
ARM: dts: am335x-pcm-953: Define fixed regulators in root node
bus: sunxi-rsb: Support atomic transfers
ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
nfc/nci: fix race with opening and closing
net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
9p/fd: fix issue of list_del corruption in p9_fd_cancel()
ARM: mxs: fix memory leak in mxs_machine_init()
net/mlx4: Check retval of mlx4_bitmap_init
net/qla3xxx: fix potential memleak in ql3xxx_send()
xfrm: Fix ignored return value in xfrm6_init()
NFC: nci: fix memory leak in nci_rx_data_packet()
dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
s390/dasd: fix no record found for raw_track_access
nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
nfc: st-nci: fix memory leaks in EVT_TRANSACTION
net: thunderx: Fix the ACPI memory leak
s390/crashdump: fix TOD programmable field size
nios2: add FORCE for vmlinuz.gz
arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
iio: light: apds9960: fix wrong register for gesture gain
iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
kconfig: display recursive dependency resolution hint just once
nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
xen/platform-pci: add missing free_irq() in error path
platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
platform/x86: hp-wmi: Ignore Smart Experience App event
tcp: configurable source port perturb table size
net: usb: qmi_wwan: add Telit 0x103a composition
drm/amdgpu: always register an MMU notifier for userptr
iio: health: afe4403: Fix oob read in afe4403_read_raw
iio: health:
|
||
|
Linus Torvalds
|
dad6ca557f |
proc: proc_skip_spaces() shouldn't think it is working on C strings
commit bce9332220bd677d83b19d21502776ad555a0e73 upstream. proc_skip_spaces() seems to think it is working on C strings, and ends up being just a wrapper around skip_spaces() with a really odd calling convention. Instead of basing it on skip_spaces(), it should have looked more like proc_skip_char(), which really is the exact same function (except it skips a particular character, rather than whitespace). So use that as inspiration, odd coding and all. Now the calling convention actually makes sense and works for the intended purpose. Reported-and-tested-by: Kyle Zeng <zengyhkyle@gmail.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Linus Torvalds
|
4f4ff21bbc |
proc: avoid integer type confusion in get_proc_long
commit e6cfaf34be9fcd1a8285a294e18986bfc41a409c upstream. proc_get_long() is passed a size_t, but then assigns it to an 'int' variable for the length. Let's not do that, even if our IO paths are limited to MAX_RW_COUNT (exactly because of these kinds of type errors). So do the proper test in the rigth type. Reported-by: Kyle Zeng <zengyhkyle@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
2414f45b93 |
Merge 4.14.271 into android-4.14-stable
Changes in 4.14.271 x86/speculation: Merge one test in spectre_v2_user_select_mitigation() x86,bugs: Unconditionally allow spectre_v2=retpoline,amd x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE x86/speculation: Add eIBRS + Retpoline options Documentation/hw-vuln: Update spectre doc x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting x86/speculation: Use generic retpoline by default on AMD x86/speculation: Update link to AMD speculation whitepaper x86/speculation: Warn about Spectre v2 LFENCE mitigation x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT arm/arm64: Provide a wrapper for SMCCC 1.1 calls arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() ARM: report Spectre v2 status through sysfs ARM: early traps initialisation ARM: use LOADADDR() to get load address of sections ARM: Spectre-BHB workaround ARM: include unprivileged BPF status in Spectre V2 reporting ARM: fix build error when BPF_SYSCALL is disabled ARM: fix co-processor register typo ARM: Do not use NOCROSSREFS directive with ld.lld ARM: fix build warning in proc-v7-bugs.c xen/xenbus: don't let xenbus_grant_ring() remove grants in error case xen/grant-table: add gnttab_try_end_foreign_access() xen/blkfront: don't use gnttab_query_foreign_access() for mapped status xen/netfront: don't use gnttab_query_foreign_access() for mapped status xen/scsifront: don't use gnttab_query_foreign_access() for mapped status xen/gntalloc: don't use gnttab_query_foreign_access() xen: remove gnttab_query_foreign_access() xen/9p: use alloc/free_pages_exact() xen/gnttab: fix gnttab_end_foreign_access() without page specified xen/netfront: react properly to failing gnttab_end_foreign_access_ref() Linux 4.14.271 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I9f41bca7a4638913cfd2b97006d19185dd9bf584 |
||
|
Josh Poimboeuf
|
383973dc1a |
x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
commit 44a3918c8245ab10c6c9719dd12e7a8d291980d8 upstream. With unprivileged eBPF enabled, eIBRS (without retpoline) is vulnerable to Spectre v2 BHB-based attacks. When both are enabled, print a warning message and report it in the 'spectre_v2' sysfs vulnerabilities file. Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> [fllinden@amazon.com: backported to 4.14] Signed-off-by: Frank van der Linden <fllinden@amazon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
409d37b568 |
Merge 4.14.267 into android-4.14-stable
Changes in 4.14.267 integrity: check the return value of audit_log_start() ima: Remove ima_policy file before directory ima: Allow template selection with ima_template[_fmt]= after ima_hash= mmc: sdhci-of-esdhc: Check for error num after setting mask net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs NFS: Fix initialisation of nfs_client cl_flags field NFSD: Clamp WRITE offsets NFSv4 only print the label when its queried nfs: nfs4clinet: check the return value of kstrdup() NFSv4.1: Fix uninitialised variable in devicenotify NFSv4 remove zero number of fs_locations entries error check NFSv4 expose nfs_parse_server_name function scsi: target: iscsi: Make sure the np under each tpg is unique usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() Revert "net: axienet: Wait for PhyRstCmplt after core reset" bpf: Add kconfig knob for disabling unpriv bpf by default ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group ARM: dts: meson: Fix the UART compatible strings staging: fbtft: Fix error path in fbtft_driver_module_init() ARM: dts: imx6qdl-udoo: Properly describe the SD card detect usb: f_fs: Fix use-after-free for epfile bonding: pair enable_port with slave_arr_updates ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path net: do not keep the dst cache when uncloning an skb dst and its metadata net: fix a memleak when uncloning an skb dst and its metadata tipc: rate limit warning for received illegal binding update net: amd-xgbe: disable interrupts during pci removal vt_ioctl: fix array_index_nospec in vt_setactivate vt_ioctl: add array_index_nospec to VT_ACTIVATE n_tty: wake up poll(POLLRDNORM) on receiving data usb: ulpi: Move of_node_put to ulpi_dev_release usb: ulpi: Call of_node_put correctly usb: dwc3: gadget: Prevent core from processing stale TRBs USB: gadget: validate interface OS descriptor requests usb: gadget: rndis: check size of RNDIS_MSG_SET command USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 USB: serial: option: add ZTE MF286D modem USB: serial: ch341: add support for GW Instek USB2.0-Serial devices USB: serial: cp210x: add NCR Retail IO box id USB: serial: cp210x: add CPI Bulk Coin Recycler id seccomp: Invalidate seccomp mode to catch death failures hwmon: (dell-smm) Speed up setting of fan speed perf: Fix list corruption in perf_cgroup_switch() Linux 4.14.267 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ie562265e833202e361fd0734d18731990c0b1cbc |
||
|
Daniel Borkmann
|
e69f08ba23 |
bpf: Add kconfig knob for disabling unpriv bpf by default
commit 08389d888287c3823f80b0216766b71e17f0aba5 upstream.
Add a kconfig knob which allows for unprivileged bpf to be disabled by default.
If set, the knob sets /proc/sys/kernel/unprivileged_bpf_disabled to value of 2.
This still allows a transition of 2 -> {0,1} through an admin. Similarly,
this also still keeps 1 -> {1} behavior intact, so that once set to permanently
disabled, it cannot be undone aside from a reboot.
We've also added extra2 with max of 2 for the procfs handler, so that an admin
still has a chance to toggle between 0 <-> 2.
Either way, as an additional alternative, applications can make use of CAP_BPF
that we added a while ago.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/74ec548079189e4e4dffaeb42b8987bb3c852eee.1620765074.git.daniel@iogearbox.net
[fllinden@amazon.com: backported to 4.14]
Signed-off-by: Frank van der Linden <fllinden@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
skylake.huang
|
b189fe3e50 |
[ALPS05077885] [Do NOT Sync]Merge branch android-4.14 into alps-trunk-r0.basic
[Detail] Parent: |
||
|
Chinwen Chang
|
94eb5fc76e |
[ALPS04721022] FROMLIST: mm: Add a speculative page fault switch in sysctl
(from https://lore.kernel.org/patchwork/patch/1062667/) This allows to turn on/off the use of the speculative page fault handler. By default its turned on. Signed-off-by: Laurent Dufour <ldufour@linux.ibm.com> MTK-Commit-Id: 32cb5971b3e656359b2e7a6b8b320b652db311d8 Change-Id: I57f500b5ffa5e8478f8a726e5dd7c1d0131392a5 Signed-off-by: Chinwen Chang <chinwen.chang@mediatek.com> CR-Id: ALPS04721022 Feature: Memory Optimization |
||
|
chienwei.chang
|
5419eb2c8e |
[ALPS04670017] [Do NOT Sync]Merge branch android-4.14-q into alps-trunk-q0.basic
[Detail] Parent: |
||
|
chienwei.chang
|
709ee0b62c |
[ALPS04522325] [Do NOT Sync]Merge branch android-4.14-q into alps-trunk-q0.basic
[Detail] Parent: |
||
|
chienwei.chang
|
eb4002a265 |
[ALPS04413516] [Do NOT Sync]Merge branch android-4.14-q into alps-trunk-q0.basic
[Detail] Parent: |
||
|
Chinwen Chang
|
31256efb9b |
[ALPS04323145] kernel/sysctl.c: enlarge swappiness upper bound for gmo
Enlarge the upper bound of swappiness for GMO projects. MTK-Commit-Id: 4a4f44f013b950ed6d03fedc82252fd72797a816 Change-Id: I717e39ba0d0d8444aa475b128f0b938c12651f48 Signed-off-by: Chinwen Chang <chinwen.chang@mediatek.com> CR-Id: ALPS04323145 Feature: Memory Optimization |
||
|
chienwei.chang
|
8b95036430 |
[ALPS04364611] [Do NOT Sync]Merge branch android-4.14 into alps-trunk-q0.basic
[Detail] Parent: |
||
|
chienwei.chang
|
da2eaa1609 |
[ALPS04222319] [Do NOT Sync]Merge branch android-4.14 into alps-dev-q0.bsp
[Detail] Parent: |
||
|
Jing-Ting Wu
|
c303b86d1f |
[ALPS04201050] sched: add big task rotation
[Detail] Big task rotation swap current task between big cores and little cores, it could upgrade multi-core scores. If conform following condition, start big task rotation: 1. Enable big task rotation 2. little core has misfit task 3. find same capacity core fit this misfit task 4. number of misfit rq >= 4 Enable big task rotation: echo 1 > /proc/sys/kernel/sched_big_task_rotation MTK-Commit-Id: 62bb741cc5c6fc43540681f8b54e32dc652d99de Change-Id: Iebe785359a63ae06b8412cb54150fa58d8ebe160 CR-Id:ALPS04201050 Feature:Energy Aware Scheduling Plus (EAS+) Signed-off-by: Jing-Ting Wu <jing-ting.wu@mediatek.com> (cherry-pick from 4f80d6239e8179e3f64ff8551cae411c15fdad51) |
||
|
Jing-Ting Wu
|
5d6885dd0d |
[ALPS04025356] sched: introduce sched boost
[Detail]
Support sched boost to boost tasks into big cores. Enable this feature
by Kconfig (CONFIG_MTK_SCHED_BOOST=y)
Sched boost type:
0: cancel sched boost
1: prefer boost ALL task to big cores
2: foreground task move to big cores
User space interface:
/sys/devices/system/cpu/sched/sched_boost
echo [sched_boost_type] > /sys/devices/system/cpu/sched/sched_boost
Kernel API:
int set_sched_boost (unsigned int val)
ARGUMENTS
The sched boost type
RETURN
0: set successful
-1: fail to set boost
[Solution]
1. sched boost type=1
tasks prefer put on big idle cores,
2. sched boost type=2, forground task move to big cores
set the cpuset of foreground/top-app cgroup is big cores
MTK-Commit-Id: e78be2aad8e900043055b0ecf1e34481da545e10
Change-Id: I7102afe4dc974723580e6ac8f26384d1a2adc25a
CR-Id:ALPS04025356
Feature:Energy Aware Scheduling Plus (EAS+)
Signed-off-by: Jing-Ting Wu <jing-ting.wu@mediatek.com>
(cherry-pick from 756f5b0ccab9aaf562586235c71a5ecc4dbe175c)
|
||
|
Yun Hsiang
|
eb43b7dd01 |
[ALPS04128327] sched/core: uclamp: update CPUs refcount on TGs clamp changes
[Detail] When a task group refcounts a new clamp group, we need to ensure that the new clamp values are immediately enforced to all its tasks which are currently RUNNABLE. This is to ensure that all currently RUNNABLE tasks are boosted and/or clamped as requested as soon as possible. Lets ensure that, whenever a new clamp group is refcounted by a task group, all its RUNNABLE tasks are correctly accounted in their respective CPUs. We do that by slightly refactoring uclamp_group_get() to get an additional parameter *cgroup_subsys_state which, when provided, its used to walk the list of tasks in the corresponding TGs and update the RUNNABLE ones. This is a "brute force" solution which allows to reuse the same refcount update code already used by the per-task API. Thats also the only way to ensure a prompt enforcement of new clamp constraints on RUNNABLE tasks, as soon as a task group attribute is tweaked. MTK-Commit-Id: 4f948dba33bfd7ebcabfe82f40c9f9fcc70f2a8c Change-Id: I1f62beec341d5a1ec1362e021c9acdeb2507604c Signed-off-by: Yun Hsiang <yun.hsiang@mediatek.com> CR-Id: ALPS04128327 Feature: Energy Aware Scheduling Plus (EAS+) (cherry-pick from 1aef2d3bdf9a4b5b8146638dcd8f43155c32b911) |
||
|
Jing-Ting Wu
|
aa219fe4d3 |
[ALPS04025356] sched/tune: small task threshold for filter
[Detail] Filtering small task to boost. If small task getting boosted, easily migrated to big core that hurts power usually. Add API to adjust threshold for filter small task when boost. MTK-Commit-Id: 111a90d2db157675b4fe1caca89aff1021f16982 Change-Id: I6e31b068c4a61412ec110d8019f64414d475534c CR-Id:ALPS04025356 Feature:Energy Aware Scheduling Plus (EAS+) Signed-off-by: Jing-Ting Wu <jing-ting.wu@mediatek.com> (cherry-pick from 64c8b23ba5f4b15758169df3f4c7235014940b7a) |
||
|
Greg Kroah-Hartman
|
c2bd4f8f0c |
Merge 4.14.162 into android-4.14
Changes in 4.14.162 scsi: lpfc: Fix discovery failures when target device connectivity bounces scsi: mpt3sas: Fix clear pending bit in ioctl status scsi: lpfc: Fix locking on mailbox command completion Input: atmel_mxt_ts - disable IRQ across suspend iommu/tegra-smmu: Fix page tables in > 4 GiB memory scsi: target: compare full CHAP_A Algorithm strings scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices scsi: csiostor: Don't enable IRQs too early powerpc/pseries: Mark accumulate_stolen_time() as notrace powerpc/pseries: Don't fail hash page table insert for bolted mapping powerpc/tools: Don't quote $objdump in scripts dma-debug: add a schedule point in debug_dma_dump_mappings() clocksource/drivers/asm9260: Add a check for of_clk_get powerpc/security/book3s64: Report L1TF status in sysfs powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning ext4: update direct I/O read lock pattern for IOCB_NOWAIT jbd2: Fix statistics for the number of logged blocks scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow f2fs: fix to update dir's i_pino during cross_rename clk: qcom: Allow constant ratio freq tables for rcg irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary irqchip: ingenic: Error out if IRQ domain creation failed fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences scsi: ufs: fix potential bug which ends in system hang powerpc/pseries/cmm: Implement release() function for sysfs device powerpc/security: Fix wrong message when RFI Flush is disable scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE clk: pxa: fix one of the pxa RTC clocks bcache: at least try to shrink 1 node in bch_mca_scan() HID: logitech-hidpp: Silence intermittent get_battery_capacity errors libnvdimm/btt: fix variable 'rc' set but not used HID: Improve Windows Precision Touchpad detection. scsi: pm80xx: Fix for SATA device discovery scsi: ufs: Fix error handing during hibern8 enter scsi: scsi_debug: num_tgts must be >= 0 scsi: NCR5380: Add disconnect_mask module parameter scsi: iscsi: Don't send data to unbound connection scsi: target: iscsi: Wait for all commands to finish before freeing a session gpio: mpc8xxx: Don't overwrite default irq_set_type callback apparmor: fix unsigned len comparison with less than zero scripts/kallsyms: fix definitely-lost memory leak cdrom: respect device capabilities during opening action perf script: Fix brstackinsn for AUXTRACE perf regs: Make perf_reg_name() return "unknown" instead of NULL s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h s390/cpum_sf: Check for SDBT and SDB consistency ocfs2: fix passing zero to 'PTR_ERR' warning kernel: sysctl: make drop_caches write-only userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK x86/mce: Fix possibly incorrect severity calculation on AMD net, sysctl: Fix compiler warning when only cBPF is present netfilter: nf_queue: enqueue skbs with NULL dst ALSA: hda - Downgrade error message for single-cmd fallback bonding: fix active-backup transition after link failure perf strbuf: Remove redundant va_end() in strbuf_addv() Make filldir[64]() verify the directory entry filename is valid filldir[64]: remove WARN_ON_ONCE() for bad directory entries netfilter: ebtables: compat: reject all padding in matches/watchers 6pack,mkiss: fix possible deadlock netfilter: bridge: make sure to pull arp header in br_nf_forward_arp() inetpeer: fix data-race in inet_putpeer / inet_putpeer net: add a READ_ONCE() in skb_peek_tail() net: icmp: fix data-race in cmp_global_allow() hrtimer: Annotate lockless access to timer->state spi: fsl: don't map irq during probe tty/serial: atmel: fix out of range clock divider handling pinctrl: baytrail: Really serialize all register accesses net: ena: fix napi handler misbehavior when the napi budget is zero net/mlxfw: Fix out-of-memory error in mfa2 flash burning ptp: fix the race between the release of ptp_clock and cdev udp: fix integer overflow while computing available space in sk_rcvbuf vhost/vsock: accept only packets with the right dst_cid net: add bool confirm_neigh parameter for dst_ops.update_pmtu ip6_gre: do not confirm neighbor when do pmtu update gtp: do not confirm neighbor when do pmtu update net/dst: add new function skb_dst_update_pmtu_no_confirm tunnel: do not confirm neighbor when do pmtu update vti: do not confirm neighbor when do pmtu update sit: do not confirm neighbor when do pmtu update gtp: do not allow adding duplicate tid and ms_addr pdp context tcp/dccp: fix possible race __inet_lookup_established() tcp: do not send empty skb from tcp_write_xmit() gtp: fix wrong condition in gtp_genl_dump_pdp() gtp: fix an use-after-free in ipv4_pdp_find() gtp: avoid zero size hashtable spi: fsl: use platform_get_irq() instead of of_irq_to_resource() Linux 4.14.162 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Johannes Weiner
|
5dc89b665d |
kernel: sysctl: make drop_caches write-only
[ Upstream commit 204cb79ad42f015312a5bbd7012d09c93d9b46fb ]
Currently, the drop_caches proc file and sysctl read back the last value
written, suggesting this is somehow a stateful setting instead of a
one-time command. Make it write-only, like e.g. compact_memory.
While mitigating a VM problem at scale in our fleet, there was confusion
about whether writing to this file will permanently switch the kernel into
a non-caching mode. This influences the decision making in a tense
situation, where tens of people are trying to fix tens of thousands of
affected machines: Do we need a rollback strategy? What are the
performance implications of operating in a non-caching state for several
days? It also caused confusion when the kernel team said we may need to
write the file several times to make sure it's effective ("But it already
reads back 3?").
Link: http://lkml.kernel.org/r/20191031221602.9375-1-hannes@cmpxchg.org
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Chris Down <chris@chrisdown.name>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
c831306d44 |
Merge 4.14.126 into android-4.14-q
Changes in 4.14.126 rapidio: fix a NULL pointer dereference when create_workqueue() fails fs/fat/file.c: issue flush after the writeback of FAT sysctl: return -EINVAL if val violates minmax ipc: prevent lockup on alloc_msg and free_msg ARM: prevent tracing IPI_CPU_BACKTRACE mm/hmm: select mmu notifier when selecting HMM hugetlbfs: on restore reserve error path retain subpool reservation mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE mm/cma.c: fix crash on CMA allocation if bitmap allocation fails mm/cma.c: fix the bitmap status to show failed allocation reason mm/cma_debug.c: fix the break condition in cma_maxchunk_get() mm/slab.c: fix an infinite loop in leaks_show() kernel/sys.c: prctl: fix false positive in validate_prctl_map() thermal: rcar_gen3_thermal: disable interrupt in .remove drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER mfd: tps65912-spi: Add missing of table registration mfd: intel-lpss: Set the device in reset state when init drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration mfd: twl6040: Fix device init errors for ACCCTL register perf/x86/intel: Allow PEBS multi-entry in watermark mode drm/bridge: adv7511: Fix low refresh rate selection objtool: Don't use ignore flag for fake jumps EDAC/mpc85xx: Prevent building as a module pwm: meson: Use the spin-lock only to protect register modifications ntp: Allow TAI-UTC offset to be set to zero f2fs: fix to avoid panic in do_recover_data() f2fs: fix to clear dirty inode in error path of f2fs_iget() f2fs: fix to avoid panic in dec_valid_block_count() f2fs: fix to do sanity check on valid block count of segment percpu: remove spurious lock dependency between percpu and sched configfs: fix possible use-after-free in configfs_register_group uml: fix a boot splat wrt use of cpu_all_mask mmc: mmci: Prevent polling for busy detection in IRQ context watchdog: imx2_wdt: Fix set_timeout for big timeout values watchdog: fix compile time error of pretimeout governors blk-mq: move cancel of requeue_work into blk_mq_release iommu/vt-d: Set intel_iommu_gfx_mapped correctly misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test nvme-pci: unquiesce admin queue on shutdown ALSA: hda - Register irq handler after the chip initialization nvmem: core: fix read buffer in place fuse: retrieve: cap requested size to negotiated max_write nfsd: allow fh_want_write to be called twice vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING" x86/PCI: Fix PCI IRQ routing table memory leak platform/chrome: cros_ec_proto: check for NULL transfer function PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64 soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 soc: rockchip: Set the proper PWM for rk3288 ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx50: Specify IMX5_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx53: Specify IMX5_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA PCI: rpadlpar: Fix leaked device_node references in add/remove paths platform/x86: intel_pmc_ipc: adding error handling power: supply: max14656: fix potential use-before-alloc PCI: rcar: Fix a potential NULL pointer dereference PCI: rcar: Fix 64bit MSI message address handling video: hgafb: fix potential NULL pointer dereference video: imsttfb: fix potential NULL pointer dereferences block, bfq: increase idling for weight-raised queues PCI: xilinx: Check for __get_free_pages() failure gpio: gpio-omap: add check for off wake capable gpios dmaengine: idma64: Use actual device for DMA transfers pwm: tiehrpwm: Update shadow register for disabling PWMs ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa pwm: Fix deadlock warning when removing PWM device ARM: exynos: Fix undefined instruction during Exynos5422 resume usb: typec: fusb302: Check vconn is off when we start toggling gpio: vf610: Do not share irq_chip percpu: do not search past bitmap when allocating an area Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" Revert "drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)" drm: don't block fb changes for async plane updates ALSA: seq: Cover unsubscribe_port() in list_mutex Linux 4.14.126 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
cfee25d274 |
Merge 4.14.126 into android-4.14
Changes in 4.14.126 rapidio: fix a NULL pointer dereference when create_workqueue() fails fs/fat/file.c: issue flush after the writeback of FAT sysctl: return -EINVAL if val violates minmax ipc: prevent lockup on alloc_msg and free_msg ARM: prevent tracing IPI_CPU_BACKTRACE mm/hmm: select mmu notifier when selecting HMM hugetlbfs: on restore reserve error path retain subpool reservation mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE mm/cma.c: fix crash on CMA allocation if bitmap allocation fails mm/cma.c: fix the bitmap status to show failed allocation reason mm/cma_debug.c: fix the break condition in cma_maxchunk_get() mm/slab.c: fix an infinite loop in leaks_show() kernel/sys.c: prctl: fix false positive in validate_prctl_map() thermal: rcar_gen3_thermal: disable interrupt in .remove drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER mfd: tps65912-spi: Add missing of table registration mfd: intel-lpss: Set the device in reset state when init drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration mfd: twl6040: Fix device init errors for ACCCTL register perf/x86/intel: Allow PEBS multi-entry in watermark mode drm/bridge: adv7511: Fix low refresh rate selection objtool: Don't use ignore flag for fake jumps EDAC/mpc85xx: Prevent building as a module pwm: meson: Use the spin-lock only to protect register modifications ntp: Allow TAI-UTC offset to be set to zero f2fs: fix to avoid panic in do_recover_data() f2fs: fix to clear dirty inode in error path of f2fs_iget() f2fs: fix to avoid panic in dec_valid_block_count() f2fs: fix to do sanity check on valid block count of segment percpu: remove spurious lock dependency between percpu and sched configfs: fix possible use-after-free in configfs_register_group uml: fix a boot splat wrt use of cpu_all_mask mmc: mmci: Prevent polling for busy detection in IRQ context watchdog: imx2_wdt: Fix set_timeout for big timeout values watchdog: fix compile time error of pretimeout governors blk-mq: move cancel of requeue_work into blk_mq_release iommu/vt-d: Set intel_iommu_gfx_mapped correctly misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test nvme-pci: unquiesce admin queue on shutdown ALSA: hda - Register irq handler after the chip initialization nvmem: core: fix read buffer in place fuse: retrieve: cap requested size to negotiated max_write nfsd: allow fh_want_write to be called twice vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING" x86/PCI: Fix PCI IRQ routing table memory leak platform/chrome: cros_ec_proto: check for NULL transfer function PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64 soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 soc: rockchip: Set the proper PWM for rk3288 ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx50: Specify IMX5_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx53: Specify IMX5_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA PCI: rpadlpar: Fix leaked device_node references in add/remove paths platform/x86: intel_pmc_ipc: adding error handling power: supply: max14656: fix potential use-before-alloc PCI: rcar: Fix a potential NULL pointer dereference PCI: rcar: Fix 64bit MSI message address handling video: hgafb: fix potential NULL pointer dereference video: imsttfb: fix potential NULL pointer dereferences block, bfq: increase idling for weight-raised queues PCI: xilinx: Check for __get_free_pages() failure gpio: gpio-omap: add check for off wake capable gpios dmaengine: idma64: Use actual device for DMA transfers pwm: tiehrpwm: Update shadow register for disabling PWMs ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa pwm: Fix deadlock warning when removing PWM device ARM: exynos: Fix undefined instruction during Exynos5422 resume usb: typec: fusb302: Check vconn is off when we start toggling gpio: vf610: Do not share irq_chip percpu: do not search past bitmap when allocating an area Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" Revert "drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)" drm: don't block fb changes for async plane updates ALSA: seq: Cover unsubscribe_port() in list_mutex Linux 4.14.126 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Christian Brauner
|
869febe16b |
sysctl: return -EINVAL if val violates minmax
[ Upstream commit e260ad01f0aa9e96b5386d5cd7184afd949dc457 ] Currently when userspace gives us a values that overflow e.g. file-max and other callers of __do_proc_doulongvec_minmax() we simply ignore the new value and leave the current value untouched. This can be problematic as it gives the illusion that the limit has indeed be bumped when in fact it failed. This commit makes sure to return EINVAL when an overflow is detected. Please note that this is a userspace facing change. Link: http://lkml.kernel.org/r/20190210203943.8227-4-christian@brauner.io Signed-off-by: Christian Brauner <christian@brauner.io> Acked-by: Luis Chamberlain <mcgrof@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Dominik Brodowski <linux@dominikbrodowski.net> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Joe Lawrence <joe.lawrence@redhat.com> Cc: Waiman Long <longman@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
8448bfb4c9 |
Merge 4.14.114 into android-4.14-q
Changes in 4.14.114 bonding: fix event handling for stacked bonds net: atm: Fix potential Spectre v1 vulnerabilities net: bridge: fix per-port af_packet sockets net: bridge: multicast: use rcu to access port list from br_multicast_start_querier net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv tcp: tcp_grow_window() needs to respect tcp_space() team: set slave to promisc if team is already in promisc mode vhost: reject zero size iova range ipv4: recompile ip options in ipv4_link_failure ipv4: ensure rcu_read_lock() in ipv4_link_failure() net: thunderx: raise XDP MTU to 1508 net: thunderx: don't allow jumbo frames with XDP CIFS: keep FileInfo handle live during oplock break KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU KVM: x86: svm: make sure NMI is injected after nmi_singlestep Staging: iio: meter: fixed typo staging: iio: ad7192: Fix ad7193 channel address iio: gyro: mpu3050: fix chip ID reading iio/gyro/bmg160: Use millidegrees for temperature scale iio: cros_ec: Fix the maths for gyro scale calculation iio: ad_sigma_delta: select channel when reading register iio: dac: mcp4725: add missing powerdown bits in store eeprom iio: Fix scan mask selection iio: adc: at91: disable adc channel interrupt in timeout case iio: core: fix a possible circular locking dependency io: accel: kxcjk1013: restore the range after resume. staging: comedi: vmk80xx: Fix use of uninitialized semaphore staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf staging: comedi: ni_usb6501: Fix use of uninitialized mutex staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf ALSA: hda/realtek - add two more pin configuration sets to quirk table ALSA: core: Fix card races between register and disconnect scsi: core: set result when the command cannot be dispatched Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO" Revert "svm: Fix AVIC incomplete IPI emulation" coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping crypto: x86/poly1305 - fix overflow during partial reduction arm64: futex: Restore oldval initialization to work around buggy compilers x86/kprobes: Verify stack frame on kretprobe kprobes: Mark ftrace mcount handler functions nokprobe kprobes: Fix error check when reusing optimized probes rt2x00: do not increment sequence number while re-transmitting mac80211: do not call driver wake_tx_queue op during reconfig perf/x86/amd: Add event map for AMD Family 17h x86/cpu/bugs: Use __initconst for 'const' init data perf/x86: Fix incorrect PEBS_REGS x86/speculation: Prevent deadlock on ssb_state::lock crypto: crypto4xx - properly set IV after de- and encrypt mmc: sdhci: Fix data command CRC error handling mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR mmc: sdhci: Handle auto-command errors modpost: file2alias: go back to simple devtable lookup modpost: file2alias: check prototype of handler tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete ipv6: frags: fix a lockdep false positive net: IP defrag: encapsulate rbtree defrag code into callable functions ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module net: IP6 defrag: use rbtrees for IPv6 defrag net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c Revert "kbuild: use -Oz instead of -Os when using clang" sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup device_cgroup: fix RCU imbalance in error case mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n ALSA: info: Fix racy addition/deletion of nodes percpu: stop printing kernel addresses tools include: Adopt linux/bits.h iomap: report collisions between directio and buffered writes to userspace xfs: add the ability to join a held buffer to a defer_ops xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()" kernel/sysctl.c: fix out-of-bounds access when setting file-max Linux 4.14.114 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
c680586c4f |
Merge 4.14.114 into android-4.14
Changes in 4.14.114 bonding: fix event handling for stacked bonds net: atm: Fix potential Spectre v1 vulnerabilities net: bridge: fix per-port af_packet sockets net: bridge: multicast: use rcu to access port list from br_multicast_start_querier net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv tcp: tcp_grow_window() needs to respect tcp_space() team: set slave to promisc if team is already in promisc mode vhost: reject zero size iova range ipv4: recompile ip options in ipv4_link_failure ipv4: ensure rcu_read_lock() in ipv4_link_failure() net: thunderx: raise XDP MTU to 1508 net: thunderx: don't allow jumbo frames with XDP CIFS: keep FileInfo handle live during oplock break KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU KVM: x86: svm: make sure NMI is injected after nmi_singlestep Staging: iio: meter: fixed typo staging: iio: ad7192: Fix ad7193 channel address iio: gyro: mpu3050: fix chip ID reading iio/gyro/bmg160: Use millidegrees for temperature scale iio: cros_ec: Fix the maths for gyro scale calculation iio: ad_sigma_delta: select channel when reading register iio: dac: mcp4725: add missing powerdown bits in store eeprom iio: Fix scan mask selection iio: adc: at91: disable adc channel interrupt in timeout case iio: core: fix a possible circular locking dependency io: accel: kxcjk1013: restore the range after resume. staging: comedi: vmk80xx: Fix use of uninitialized semaphore staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf staging: comedi: ni_usb6501: Fix use of uninitialized mutex staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf ALSA: hda/realtek - add two more pin configuration sets to quirk table ALSA: core: Fix card races between register and disconnect scsi: core: set result when the command cannot be dispatched Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO" Revert "svm: Fix AVIC incomplete IPI emulation" coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping crypto: x86/poly1305 - fix overflow during partial reduction arm64: futex: Restore oldval initialization to work around buggy compilers x86/kprobes: Verify stack frame on kretprobe kprobes: Mark ftrace mcount handler functions nokprobe kprobes: Fix error check when reusing optimized probes rt2x00: do not increment sequence number while re-transmitting mac80211: do not call driver wake_tx_queue op during reconfig perf/x86/amd: Add event map for AMD Family 17h x86/cpu/bugs: Use __initconst for 'const' init data perf/x86: Fix incorrect PEBS_REGS x86/speculation: Prevent deadlock on ssb_state::lock crypto: crypto4xx - properly set IV after de- and encrypt mmc: sdhci: Fix data command CRC error handling mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR mmc: sdhci: Handle auto-command errors modpost: file2alias: go back to simple devtable lookup modpost: file2alias: check prototype of handler tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete ipv6: frags: fix a lockdep false positive net: IP defrag: encapsulate rbtree defrag code into callable functions ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module net: IP6 defrag: use rbtrees for IPv6 defrag net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c Revert "kbuild: use -Oz instead of -Os when using clang" sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup device_cgroup: fix RCU imbalance in error case mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n ALSA: info: Fix racy addition/deletion of nodes percpu: stop printing kernel addresses tools include: Adopt linux/bits.h iomap: report collisions between directio and buffered writes to userspace xfs: add the ability to join a held buffer to a defer_ops xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()" kernel/sysctl.c: fix out-of-bounds access when setting file-max Linux 4.14.114 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Will Deacon
|
62c1af5fb3 |
kernel/sysctl.c: fix out-of-bounds access when setting file-max
commit 9002b21465fa4d829edfc94a5a441005cffaa972 upstream.
Commit 32a5ad9c2285 ("sysctl: handle overflow for file-max") hooked up
min/max values for the file-max sysctl parameter via the .extra1 and
.extra2 fields in the corresponding struct ctl_table entry.
Unfortunately, the minimum value points at the global 'zero' variable,
which is an int. This results in a KASAN splat when accessed as a long
by proc_doulongvec_minmax on 64-bit architectures:
| BUG: KASAN: global-out-of-bounds in __do_proc_doulongvec_minmax+0x5d8/0x6a0
| Read of size 8 at addr ffff2000133d1c20 by task systemd/1
|
| CPU: 0 PID: 1 Comm: systemd Not tainted 5.1.0-rc3-00012-g40b114779944 #2
| Hardware name: linux,dummy-virt (DT)
| Call trace:
| dump_backtrace+0x0/0x228
| show_stack+0x14/0x20
| dump_stack+0xe8/0x124
| print_address_description+0x60/0x258
| kasan_report+0x140/0x1a0
| __asan_report_load8_noabort+0x18/0x20
| __do_proc_doulongvec_minmax+0x5d8/0x6a0
| proc_doulongvec_minmax+0x4c/0x78
| proc_sys_call_handler.isra.19+0x144/0x1d8
| proc_sys_write+0x34/0x58
| __vfs_write+0x54/0xe8
| vfs_write+0x124/0x3c0
| ksys_write+0xbc/0x168
| __arm64_sys_write+0x68/0x98
| el0_svc_common+0x100/0x258
| el0_svc_handler+0x48/0xc0
| el0_svc+0x8/0xc
|
| The buggy address belongs to the variable:
| zero+0x0/0x40
|
| Memory state around the buggy address:
| ffff2000133d1b00: 00 00 00 00 00 00 00 00 fa fa fa fa 04 fa fa fa
| ffff2000133d1b80: fa fa fa fa 04 fa fa fa fa fa fa fa 04 fa fa fa
| >ffff2000133d1c00: fa fa fa fa 04 fa fa fa fa fa fa fa 00 00 00 00
| ^
| ffff2000133d1c80: fa fa fa fa 00 fa fa fa fa fa fa fa 00 00 00 00
| ffff2000133d1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Fix the splat by introducing a unsigned long 'zero_ul' and using that
instead.
Link: http://lkml.kernel.org/r/20190403153409.17307-1-will.deacon@arm.com
Fixes: 32a5ad9c2285 ("sysctl: handle overflow for file-max")
Signed-off-by: Will Deacon <will.deacon@arm.com>
Acked-by: Christian Brauner <christian@brauner.io>
Cc: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Matteo Croce <mcroce@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
d5d9c959f5 |
Merge 4.14.111 into android-4.14-q
Changes in 4.14.111 arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals ext4: cleanup bh release code in ext4_ind_remove_space() lib/int_sqrt: optimize initial value compute tty/serial: atmel: Add is_half_duplex helper tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified CIFS: fix POSIX lock leak and invalid ptr deref h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux- f2fs: fix to avoid deadlock in f2fs_read_inline_dir() tracing: kdb: Fix ftdump to not sleep net/mlx5: Avoid panic when setting vport rate net/mlx5: Avoid panic when setting vport mac, getting vport config gpio: gpio-omap: fix level interrupt idling include/linux/relay.h: fix percpu annotation in struct rchan sysctl: handle overflow for file-max enic: fix build warning without CONFIG_CPUMASK_OFFSTACK scsi: hisi_sas: Set PHY linkrate when disconnected iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver perf c2c: Fix c2c report for empty numa node mm/cma.c: cma_declare_contiguous: correct err handling mm/page_ext.c: fix an imbalance with kmemleak mm, mempolicy: fix uninit memory access mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! mm/slab.c: kmemleak no scan alien caches ocfs2: fix a panic problem caused by o2cb_ctl f2fs: do not use mutex lock in atomic context fs/file.c: initialize init_files.resize_wait page_poison: play nicely with KASAN cifs: use correct format characters dm thin: add sanity checks to thin-pool and external snapshot creation cifs: Fix NULL pointer dereference of devname jbd2: fix invalid descriptor block checksum fs: fix guard_bio_eod to check for real EOD errors tools lib traceevent: Fix buffer overflow in arg_eval PCI/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() wil6210: check null pointer in _wil_cfg80211_merge_extra_ies crypto: crypto4xx - add missing of_node_put after of_device_is_available crypto: cavium/zip - fix collision with generic cra_driver_name usb: chipidea: Grab the (legacy) USB PHY by phandle first scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc coresight: etm4x: Add support to enable ETMv4.2 serial: 8250_pxa: honor the port number from devicetree ARM: 8840/1: use a raw_spinlock_t in unwind iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback mmc: omap: fix the maximum timeout setting e1000e: Fix -Wformat-truncation warnings mlxsw: spectrum: Avoid -Wformat-truncation warnings IB/mlx4: Increase the timeout for CM cache clk: fractional-divider: check parent rate only if flag is set cpufreq: acpi-cpufreq: Report if CPU doesn't support boost technologies efi: cper: Fix possible out-of-bounds access scsi: megaraid_sas: return error when create DMA pool failed scsi: fcoe: make use of fip_mode enum complete perf test: Fix failure of 'evsel-tp-sched' test on s390 SoC: imx-sgtl5000: add missing put_device() media: sh_veu: Correct return type for mem2mem buffer helpers media: s5p-jpeg: Correct return type for mem2mem buffer helpers media: s5p-g2d: Correct return type for mem2mem buffer helpers media: mx2_emmaprp: Correct return type for mem2mem buffer helpers media: mtk-jpeg: Correct return type for mem2mem buffer helpers vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 HID: intel-ish-hid: avoid binding wrong ishtp_cl_device jbd2: fix race when writing superblock leds: lp55xx: fix null deref on firmware load failure iwlwifi: pcie: fix emergency path ACPI / video: Refactor and fix dmi_is_desktop() kprobes: Prohibit probing on bsearch() netfilter: conntrack: fix cloned unconfirmed skb->_nfct race in __nf_conntrack_confirm ARM: 8833/1: Ensure that NEON code always compiles with Clang ALSA: PCM: check if ops are defined before suspending PCM usb: f_fs: Avoid crash due to out-of-scope stack ptr access sched/topology: Fix percpu data types in struct sd_data & struct s_data bcache: fix input overflow to cache set sysfs file io_error_halflife bcache: fix input overflow to sequential_cutoff bcache: improve sysfs_strtoul_clamp() genirq: Avoid summation loops for /proc/stat iw_cxgb4: fix srqidx leak during connection abort fbdev: fbmem: fix memory access if logo is bigger than the screen cdrom: Fix race condition in cdrom_sysctl_register e1000e: fix cyclic resets at link up with active tx platform/x86: intel_pmc_core: Fix PCH IP sts reading ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe sched/debug: Initialize sd_sysctl_cpus if !CONFIG_CPUMASK_OFFSTACK efi/memattr: Don't bail on zero VA if it equals the region's PA ARM: dts: lpc32xx: Remove leading 0x and 0s from bindings notation efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted soc: qcom: gsbi: Fix error handling in gsbi_probe() mt7601u: bump supported EEPROM version ARM: 8830/1: NOMMU: Toggle only bits in EXC_RETURN we are really care of ARM: avoid Cortex-A9 livelock on tight dmb loops bpf: fix missing prototype warnings cgroup/pids: turn cgroup_subsys->free() into cgroup_subsys->release() to fix the accounting backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial state tty: increase the default flip buffer limit to 2*640K powerpc/pseries: Perform full re-add of CPU for topology update post-migration usb: dwc3: gadget: Fix OTG events when gadget driver isn't loaded media: mt9m111: set initial frame size other than 0x0 hwrng: virtio - Avoid repeated init of completion soc/tegra: fuse: Fix illegal free of IO base address HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable cpu/hotplug: Mute hotplug lockdep during init dmaengine: imx-dma: fix warning comparison of distinct pointer types dmaengine: qcom_hidma: assign channel cookie correctly dmaengine: qcom_hidma: initialize tx flags in hidma_prep_dma_* netfilter: physdev: relax br_netfilter dependency media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting drm: Auto-set allow_fb_modifiers when given modifiers at plane init drm/nouveau: Stop using drm_crtc_force_disable x86/build: Specify elf_i386 linker emulation explicitly for i386 objects selinux: do not override context on context mounts wlcore: Fix memory leak in case wl12xx_fetch_firmware failure x86/build: Mark per-CPU symbols as absolute explicitly for LLD clk: rockchip: fix frac settings of GPLL clock for rk3328 dmaengine: tegra: avoid overflow of byte tracking drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers ACPI / video: Extend chassis-type detection with a "Lunch Box" check Linux 4.14.111 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
171fc237b3 |
Merge 4.14.111 into android-4.14
Changes in 4.14.111 arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals ext4: cleanup bh release code in ext4_ind_remove_space() lib/int_sqrt: optimize initial value compute tty/serial: atmel: Add is_half_duplex helper tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified CIFS: fix POSIX lock leak and invalid ptr deref h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux- f2fs: fix to avoid deadlock in f2fs_read_inline_dir() tracing: kdb: Fix ftdump to not sleep net/mlx5: Avoid panic when setting vport rate net/mlx5: Avoid panic when setting vport mac, getting vport config gpio: gpio-omap: fix level interrupt idling include/linux/relay.h: fix percpu annotation in struct rchan sysctl: handle overflow for file-max enic: fix build warning without CONFIG_CPUMASK_OFFSTACK scsi: hisi_sas: Set PHY linkrate when disconnected iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver perf c2c: Fix c2c report for empty numa node mm/cma.c: cma_declare_contiguous: correct err handling mm/page_ext.c: fix an imbalance with kmemleak mm, mempolicy: fix uninit memory access mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! mm/slab.c: kmemleak no scan alien caches ocfs2: fix a panic problem caused by o2cb_ctl f2fs: do not use mutex lock in atomic context fs/file.c: initialize init_files.resize_wait page_poison: play nicely with KASAN cifs: use correct format characters dm thin: add sanity checks to thin-pool and external snapshot creation cifs: Fix NULL pointer dereference of devname jbd2: fix invalid descriptor block checksum fs: fix guard_bio_eod to check for real EOD errors tools lib traceevent: Fix buffer overflow in arg_eval PCI/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() wil6210: check null pointer in _wil_cfg80211_merge_extra_ies crypto: crypto4xx - add missing of_node_put after of_device_is_available crypto: cavium/zip - fix collision with generic cra_driver_name usb: chipidea: Grab the (legacy) USB PHY by phandle first scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc coresight: etm4x: Add support to enable ETMv4.2 serial: 8250_pxa: honor the port number from devicetree ARM: 8840/1: use a raw_spinlock_t in unwind iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback mmc: omap: fix the maximum timeout setting e1000e: Fix -Wformat-truncation warnings mlxsw: spectrum: Avoid -Wformat-truncation warnings IB/mlx4: Increase the timeout for CM cache clk: fractional-divider: check parent rate only if flag is set cpufreq: acpi-cpufreq: Report if CPU doesn't support boost technologies efi: cper: Fix possible out-of-bounds access scsi: megaraid_sas: return error when create DMA pool failed scsi: fcoe: make use of fip_mode enum complete perf test: Fix failure of 'evsel-tp-sched' test on s390 SoC: imx-sgtl5000: add missing put_device() media: sh_veu: Correct return type for mem2mem buffer helpers media: s5p-jpeg: Correct return type for mem2mem buffer helpers media: s5p-g2d: Correct return type for mem2mem buffer helpers media: mx2_emmaprp: Correct return type for mem2mem buffer helpers media: mtk-jpeg: Correct return type for mem2mem buffer helpers vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 HID: intel-ish-hid: avoid binding wrong ishtp_cl_device jbd2: fix race when writing superblock leds: lp55xx: fix null deref on firmware load failure iwlwifi: pcie: fix emergency path ACPI / video: Refactor and fix dmi_is_desktop() kprobes: Prohibit probing on bsearch() netfilter: conntrack: fix cloned unconfirmed skb->_nfct race in __nf_conntrack_confirm ARM: 8833/1: Ensure that NEON code always compiles with Clang ALSA: PCM: check if ops are defined before suspending PCM usb: f_fs: Avoid crash due to out-of-scope stack ptr access sched/topology: Fix percpu data types in struct sd_data & struct s_data bcache: fix input overflow to cache set sysfs file io_error_halflife bcache: fix input overflow to sequential_cutoff bcache: improve sysfs_strtoul_clamp() genirq: Avoid summation loops for /proc/stat iw_cxgb4: fix srqidx leak during connection abort fbdev: fbmem: fix memory access if logo is bigger than the screen cdrom: Fix race condition in cdrom_sysctl_register e1000e: fix cyclic resets at link up with active tx platform/x86: intel_pmc_core: Fix PCH IP sts reading ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe sched/debug: Initialize sd_sysctl_cpus if !CONFIG_CPUMASK_OFFSTACK efi/memattr: Don't bail on zero VA if it equals the region's PA ARM: dts: lpc32xx: Remove leading 0x and 0s from bindings notation efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted soc: qcom: gsbi: Fix error handling in gsbi_probe() mt7601u: bump supported EEPROM version ARM: 8830/1: NOMMU: Toggle only bits in EXC_RETURN we are really care of ARM: avoid Cortex-A9 livelock on tight dmb loops bpf: fix missing prototype warnings cgroup/pids: turn cgroup_subsys->free() into cgroup_subsys->release() to fix the accounting backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial state tty: increase the default flip buffer limit to 2*640K powerpc/pseries: Perform full re-add of CPU for topology update post-migration usb: dwc3: gadget: Fix OTG events when gadget driver isn't loaded media: mt9m111: set initial frame size other than 0x0 hwrng: virtio - Avoid repeated init of completion soc/tegra: fuse: Fix illegal free of IO base address HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable cpu/hotplug: Mute hotplug lockdep during init dmaengine: imx-dma: fix warning comparison of distinct pointer types dmaengine: qcom_hidma: assign channel cookie correctly dmaengine: qcom_hidma: initialize tx flags in hidma_prep_dma_* netfilter: physdev: relax br_netfilter dependency media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting drm: Auto-set allow_fb_modifiers when given modifiers at plane init drm/nouveau: Stop using drm_crtc_force_disable x86/build: Specify elf_i386 linker emulation explicitly for i386 objects selinux: do not override context on context mounts wlcore: Fix memory leak in case wl12xx_fetch_firmware failure x86/build: Mark per-CPU symbols as absolute explicitly for LLD clk: rockchip: fix frac settings of GPLL clock for rk3328 dmaengine: tegra: avoid overflow of byte tracking drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers ACPI / video: Extend chassis-type detection with a "Lunch Box" check Linux 4.14.111 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Christian Brauner
|
1306ff8bf9 |
sysctl: handle overflow for file-max
[ Upstream commit 32a5ad9c22852e6bd9e74bdec5934ef9d1480bc5 ] Currently, when writing echo 18446744073709551616 > /proc/sys/fs/file-max /proc/sys/fs/file-max will overflow and be set to 0. That quickly crashes the system. This commit sets the max and min value for file-max. The max value is set to long int. Any higher value cannot currently be used as the percpu counters are long ints and not unsigned integers. Note that the file-max value is ultimately parsed via __do_proc_doulongvec_minmax(). This function does not report error when min or max are exceeded. Which means if a value largen that long int is written userspace will not receive an error instead the old value will be kept. There is an argument to be made that this should be changed and __do_proc_doulongvec_minmax() should return an error when a dedicated min or max value are exceeded. However this has the potential to break userspace so let's defer this to an RFC patch. Link: http://lkml.kernel.org/r/20190107222700.15954-3-christian@brauner.io Signed-off-by: Christian Brauner <christian@brauner.io> Acked-by: Kees Cook <keescook@chromium.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Dominik Brodowski <linux@dominikbrodowski.net> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Joe Lawrence <joe.lawrence@redhat.com> Cc: Luis Chamberlain <mcgrof@kernel.org> Cc: Waiman Long <longman@redhat.com> [christian@brauner.io: v4] Link: http://lkml.kernel.org/r/20190210203943.8227-3-christian@brauner.io Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
4344de2f79 |
Merge 4.14.108 into android-4.14
Changes in 4.14.108 9p: use inode->i_lock to protect i_size_write() under 32-bit 9p/net: fix memory leak in p9_client_create ASoC: fsl_esai: fix register setting issue in RIGHT_J mode iio: adc: exynos-adc: Fix NULL pointer exception on unbind stm class: Fix an endless loop in channel allocation crypto: caam - fixed handling of sg list crypto: ahash - fix another early termination in hash walk crypto: rockchip - fix scatterlist nents error crypto: rockchip - update new iv to device in multiple operations drm/imx: ignore plane updates on disabled crtcs gpu: ipu-v3: Fix i.MX51 CSI control registers offset drm/imx: imx-ldb: add missing of_node_puts gpu: ipu-v3: Fix CSI offsets for imx53 s390/dasd: fix using offset into zero size array error Input: pwm-vibra - prevent unbalanced regulator Input: pwm-vibra - stop regulator after disabling pwm, not before ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized ASoC: dapm: fix out-of-bounds accesses to DAPM lookup tables ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check KVM: arm/arm64: Reset the VCPU without preemption and vcpu state loaded ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug Input: cap11xx - switch to using set_brightness_blocking() Input: ps2-gpio - flush TX work when closing port Input: matrix_keypad - use flush_delayed_work() mac80211: Fix Tx aggregation session tear down with ITXQs ipvs: fix dependency on nf_defrag_ipv6 floppy: check_events callback should not return a negative number NFS: Don't use page_file_mapping after removing the page mm/gup: fix gup_pmd_range() for dax Revert "mm: use early_pfn_to_nid in page_ext_init" mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs net: hns: Fix object reference leaks in hns_dsaf_roce_reset() i2c: cadence: Fix the hold bit setting i2c: bcm2835: Clear current buffer pointers and counts after a transfer auxdisplay: ht16k33: fix potential user-after-free on module unload Input: st-keyscan - fix potential zalloc NULL dereference clk: sunxi-ng: v3s: Fix TCON reset de-assert bit clk: sunxi: A31: Fix wrong AHB gate number esp: Skip TX bytes accounting when sending from a request socket ARM: 8824/1: fix a migrating irq bug when hotplug cpu af_key: unconditionally clone on broadcast assoc_array: Fix shortcut creation keys: Fix dependency loop between construction record and auth key scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task net: systemport: Fix reception of BPDUs pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins qmi_wwan: apply SET_DTR quirk to Sierra WP7607 net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue ASoC: topology: free created components in tplg load error qed: Fix iWARP syn packet mac address validation. arm64: Relax GIC version check during early boot net: marvell: mvneta: fix DMA debug warning tmpfs: fix link accounting when a tmpfile is linked in ixgbe: fix older devices that do not support IXGBE_MRQC_L3L4TXSWEN ARCv2: lib: memcpy: fix doing prefetchw outside of buffer ARC: uacces: remove lp_start, lp_end from clobber list ARCv2: support manual regfile save on interrupts phonet: fix building with clang mac80211_hwsim: propagate genlmsg_reply return code net: thunderx: make CFG_DONE message to run through generic send-ack sequence nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K nfp: bpf: fix ALU32 high bits clearance bug net: set static variable an initial value in atl2_probe() tmpfs: fix uninitialized return value in shmem_link media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() stm class: Prevent division by zero libnvdimm/label: Clear 'updating' flag after label-set update libnvdimm, pfn: Fix over-trim in trim_pfn_device() libnvdimm/pmem: Honor force_raw for legacy pmem regions libnvdimm: Fix altmap reservation size calculation fix cgroup_do_mount() handling of failure exits crypto: arm/crct10dif - revert to C code for short inputs crypto: arm64/crct10dif - revert to C code for short inputs crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails crypto: testmgr - skip crc32c context test for ahash algorithms crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine CIFS: Do not reset lease state to NONE on lease break CIFS: Fix read after write for files with read caching tracing: Use strncpy instead of memcpy for string keys in hist triggers tracing: Do not free iter->trace in fail path of tracing_open_pipe() xen: fix dom0 boot on huge systems ACPI / device_sysfs: Avoid OF modalias creation for removed device mmc: sdhci-esdhc-imx: fix HS400 timing issue spi: ti-qspi: Fix mmap read when more than one CS in use spi: pxa2xx: Setup maximum supported DMA transfer length regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 regulator: max77620: Initialize values for DT properties regulator: s2mpa01: Fix step values for some LDOs clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown s390/setup: fix early warning messages s390/virtio: handle find on invalid queue gracefully scsi: virtio_scsi: don't send sc payload with tmfs scsi: aacraid: Fix performance issue on logical drives scsi: sd: Optimal I/O size should be a multiple of physical block size scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock fs/devpts: always delete dcache dentry-s in dput() splice: don't merge into linked buffers m68k: Add -ffreestanding to CFLAGS Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl btrfs: ensure that a DUP or RAID1 block group has exactly two stripes Btrfs: fix corruption reading shared and compressed extents after hole punching crypto: pcbc - remove bogus memcpy()s with src == dest libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table x86/kprobes: Prohibit probing on optprobe template code cpufreq: tegra124: add missing of_node_put() cpufreq: pxa2xx: remove incorrect __init annotation ext4: add mask of ext4 flags to swap ext4: fix crash during online resizing IB/hfi1: Close race condition on user context disable and close cxl: Wrap iterations over afu slices inside 'afu_list_lock' ext2: Fix underflow in ext2_max_size() clk: uniphier: Fix update register for CPU-gear clk: clk-twl6040: Fix imprecise external abort for pdmclk clk: ingenic: Fix round_rate misbehaving with non-integer dividers clk: ingenic: Fix doc of ingenic_cgu_div_info usb: chipidea: tegra: Fix missed ci_hdrc_remove_device() nfit: acpi_nfit_ctl(): Check out_obj->type in the right place mm: hwpoison: fix thp split handing in soft_offline_in_use_page() mm/vmalloc: fix size check for remap_vmalloc_range_partial() kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv device property: Fix the length used in PROPERTY_ENTRY_STRING() intel_th: Don't reference unassigned outputs parport_pc: fix find_superio io compare code, should use equal test. i2c: tegra: fix maximum transfer size crypto: arm64/aes-neonbs - fix returning final keystream block drm/i915: Relax mmap VMA check serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart serial: 8250_pci: Fix number of ports for ACCES serial cards serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() jbd2: clear dirty flag when revoking a buffer from an older transaction jbd2: fix compile warning when using JBUFFER_TRACE security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock powerpc/32: Clear on-stack exception marker upon exception return powerpc/wii: properly disable use of BATs when requested. powerpc/powernv: Make opal log only readable by root powerpc/83xx: Also save/restore SPRG4-7 during suspend powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR configuration powerpc/traps: fix recoverability of machine check handling on book3s/32 powerpc/traps: Fix the message printed when stack overflows ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify arm64: Fix HCR.TGE status for NMI contexts arm64: debug: Ensure debug handlers check triggering exception level arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 dm: fix to_sector() for 32bit dm integrity: limit the rate of error messages cpcap-charger: generate events for userspace NFS: Fix I/O request leakages NFS: Fix an I/O request leakage in nfs_do_recoalesce NFS: Don't recoalesce on error in nfs_pageio_complete_mirror() nfsd: fix memory corruption caused by readdir nfsd: fix wrong check in write_v4_end_grace() NFSv4.1: Reinitialise sequence results before retransmitting a request PM / wakeup: Rework wakeup source timer cancellation bcache: never writeback a discard operation x86/unwind/orc: Fix ORC unwind table alignment perf intel-pt: Fix CYC timestamp calculation after OVF perf auxtrace: Define auxtrace record alignment perf intel-pt: Fix overlap calculation for padding perf intel-pt: Fix divide by zero when TSC is not available md: Fix failed allocation of md_register_thread tpm/tpm_crb: Avoid unaligned reads in crb_recv() tpm: Unify the send callback behaviour rcu: Do RCU GP kthread self-wakeup from softirq and interrupt media: imx: prpencvf: Stop upstream before disabling IDMA channel media: uvcvideo: Avoid NULL pointer dereference at the end of streaming media: vimc: Add vimc-streamer for stream control media: imx: csi: Disable CSI immediately after last EOF media: imx: csi: Stop upstream before disabling IDMA channel drm/radeon/evergreen_cs: fix missing break in switch statement KVM: Call kvm_arch_memslots_updated() before updating memslots KVM: x86/mmu: Detect MMIO generation wrap in any address space KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux KVM: nVMX: Sign extend displacements of VMX instr's mem operands KVM: nVMX: Apply addr size mask to effective address for VMX instructions KVM: nVMX: Ignore limit checks on VMX instructions using flat segments s390/setup: fix boot crash for machine without EDAT-1 Linux 4.14.108 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Zev Weiss
|
73a79d1bb2 |
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
commit 8cf7630b29701d364f8df4a50e4f1f5e752b2778 upstream. This bug has apparently existed since the introduction of this function in the pre-git era (4500e91754d3 in Thomas Gleixner's history.git, "[NET]: Add proc_dointvec_userhz_jiffies, use it for proper handling of neighbour sysctls."). As a minimal fix we can simply duplicate the corresponding check in do_proc_dointvec_conv(). Link: http://lkml.kernel.org/r/20190207123426.9202-3-zev@bewilderbeest.net Signed-off-by: Zev Weiss <zev@bewilderbeest.net> Cc: Brendan Higgins <brendanhiggins@google.com> Cc: Iurii Zaikin <yzaikin@google.com> Cc: Kees Cook <keescook@chromium.org> Cc: Luis Chamberlain <mcgrof@kernel.org> Cc: <stable@vger.kernel.org> [2.6.2+] Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
0951849351 |
Merge 4.14.99 into android-4.14
Changes in 4.14.99
drm/bufs: Fix Spectre v1 vulnerability
staging: iio: adc: ad7280a: handle error from __ad7280_read32()
drm/vgem: Fix vgem_init to get drm device available.
pinctrl: bcm2835: Use raw spinlock for RT compatibility
ASoC: Intel: mrfld: fix uninitialized variable access
gpu: ipu-v3: image-convert: Prevent race between run and unprepare
ath9k: dynack: use authentication messages for 'late' ack
scsi: lpfc: Correct LCB RJT handling
scsi: mpt3sas: Call sas_remove_host before removing the target devices
scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event
ARM: 8808/1: kexec:offline panic_smp_self_stop CPU
clk: boston: fix possible memory leak in clk_boston_setup()
dlm: Don't swamp the CPU with callbacks queued during recovery
x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
powerpc/pseries: add of_node_put() in dlpar_detach_node()
crypto: aes_ti - disable interrupts while accessing S-box
drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE
serial: fsl_lpuart: clear parity enable bit when disable parity
ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
MIPS: Boston: Disable EG20T prefetch
staging:iio:ad2s90: Make probe handle spi_setup failure
fpga: altera-cvp: Fix registration for CvP incapable devices
Tools: hv: kvp: Fix a warning of buffer overflow with gcc 8.0.1
platform/chrome: don't report EC_MKBP_EVENT_SENSOR_FIFO as wakeup
staging: iio: ad7780: update voltage on read
usbnet: smsc95xx: fix rx packet alignment
drm/rockchip: fix for mailbox read size
ARM: OMAP2+: hwmod: Fix some section annotations
net/mlx5: EQ, Use the right place to store/read IRQ affinity hint
modpost: validate symbol names also in find_elf_symbol
perf tools: Add Hygon Dhyana support
soc/tegra: Don't leak device tree node reference
media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm()
ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll
iio: adc: meson-saradc: check for devm_kasprintf failure
iio: adc: meson-saradc: fix internal clock names
iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID
media: adv*/tc358743/ths8200: fill in min width/height/pixelclock
ACPI: SPCR: Consider baud rate 0 as preconfigured state
staging: pi433: fix potential null dereference
f2fs: move dir data flush to write checkpoint process
f2fs: fix race between write_checkpoint and write_begin
f2fs: fix wrong return value of f2fs_acl_create
i2c: sh_mobile: add support for r8a77990 (R-Car E3)
arm64: io: Ensure calls to delay routines are ordered against prior readX()
sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN
soc: bcm: brcmstb: Don't leak device tree node reference
nfsd4: fix crash on writing v4_end_grace before nfsd startup
drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state()
arm64: io: Ensure value passed to __iormb() is held in a 64-bit register
Thermal: do not clear passive state during system sleep
firmware/efi: Add NULL pointer checks in efivars API functions
s390/zcrypt: improve special ap message cmd handling
arm64: ftrace: don't adjust the LR value
ARM: dts: mmp2: fix TWSI2
x86/fpu: Add might_fault() to user_insn()
media: DaVinci-VPBE: fix error handling in vpbe_initialize()
smack: fix access permissions for keyring
usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb()
usb: hub: delay hub autosuspend if USB3 port is still link training
timekeeping: Use proper seqcount initializer
usb: mtu3: fix the issue about SetFeature(U1/U2_Enable)
clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks
driver core: Move async_synchronize_full call
kobject: return error code if writing /sys/.../uevent fails
IB/hfi1: Unreserve a reserved request when it is completed
usb: dwc3: trace: add missing break statement to make compiler happy
pinctrl: sx150x: handle failure case of devm_kstrdup
iommu/amd: Fix amd_iommu=force_isolation
ARM: dts: Fix OMAP4430 SDP Ethernet startup
mips: bpf: fix encoding bug for mm_srlv32_op
media: coda: fix H.264 deblocking filter controls
ARM: dts: Fix up the D-Link DIR-685 MTD partition info
watchdog: renesas_wdt: don't set divider while watchdog is running
usb: dwc3: gadget: Disable CSP for stream OUT ep
iommu/arm-smmu: Add support for qcom,smmu-v2 variant
iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
sata_rcar: fix deferred probing
clk: imx6sl: ensure MMDC CH0 handshake is bypassed
cpuidle: big.LITTLE: fix refcount leak
OPP: Use opp_table->regulators to verify no regulator case
i2c-axxia: check for error conditions first
phy: sun4i-usb: add support for missing USB PHY index
udf: Fix BUG on corrupted inode
switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite
selftests/bpf: use __bpf_constant_htons in test_prog.c
ARM: pxa: avoid section mismatch warning
ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M
KVM: PPC: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv machines
mmc: bcm2835: Recover from MMC_SEND_EXT_CSD
mmc: bcm2835: reset host on timeout
memstick: Prevent memstick host from getting runtime suspended during card detection
mmc: sdhci-of-esdhc: Fix timeout checks
mmc: sdhci-xenon: Fix timeout checks
tty: serial: samsung: Properly set flags in autoCTS mode
perf test: Fix perf_event_attr test failure
perf header: Fix unchecked usage of strncpy()
perf probe: Fix unchecked usage of strncpy()
arm64: KVM: Skip MMIO insn after emulation
usb: musb: dsps: fix otg state machine
percpu: convert spin_lock_irq to spin_lock_irqsave.
powerpc/uaccess: fix warning/error with access_ok()
mac80211: fix radiotap vendor presence bitmap handling
xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
Bluetooth: Fix unnecessary error message for HCI request completion
mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG
scsi: smartpqi: correct host serial num for ssa
scsi: smartpqi: correct volume status
scsi: smartpqi: increase fw status register read timeout
cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
powerpc/perf: Fix thresholding counter data for unknown type
drbd: narrow rcu_read_lock in drbd_sync_handshake
drbd: disconnect, if the wrong UUIDs are attached on a connected peer
drbd: skip spurious timeout (ping-timeo) when failing promote
drbd: Avoid Clang warning about pointless switch statment
video: clps711x-fb: release disp device node in probe()
md: fix raid10 hang issue caused by barrier
fbdev: fbmem: behave better with small rotated displays and many CPUs
i40e: define proper net_device::neigh_priv_len
igb: Fix an issue that PME is not enabled during runtime suspend
ACPI/APEI: Clear GHES block_status before panic()
fbdev: fbcon: Fix unregister crash when more than one framebuffer
powerpc/mm: Fix reporting of kernel execute faults on the 8xx
pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins
pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins
KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
powerpc/fadump: Do not allow hot-remove memory from fadump reserved area.
kvm: Change offset in kvm_write_guest_offset_cached to unsigned
NFS: nfs_compare_mount_options always compare auth flavors.
hwmon: (lm80) fix a missing check of the status of SMBus read
hwmon: (lm80) fix a missing check of bus read in lm80 probe
seq_buf: Make seq_buf_puts() null-terminate the buffer
crypto: ux500 - Use proper enum in cryp_set_dma_transfer
crypto: ux500 - Use proper enum in hash_set_dma_transfer
MIPS: ralink: Select CONFIG_CPU_MIPSR2_IRQ_VI on MT7620/8
cifs: check ntwrk_buf_start for NULL before dereferencing it
um: Avoid marking pages with "changed protection"
niu: fix missing checks of niu_pci_eeprom_read
f2fs: fix sbi->extent_list corruption issue
cgroup: fix parsing empty mount option string
scripts/decode_stacktrace: only strip base path when a prefix of the path
ocfs2: don't clear bh uptodate for block read
ocfs2: improve ocfs2 Makefile
isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw()
gdrom: fix a memory leak bug
fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address()
block/swim3: Fix -EBUSY error when re-opening device after unmount
thermal: bcm2835: enable hwmon explicitly
kdb: Don't back trace on a cpu that didn't round up
thermal: generic-adc: Fix adc to temp interpolation
HID: lenovo: Add checks to fix of_led_classdev_register
kernel/hung_task.c: break RCU locks based on jiffies
proc/sysctl: fix return error for proc_doulongvec_minmax()
kernel/hung_task.c: force console verbose before panic
fs/epoll: drop ovflist branch prediction
exec: load_script: don't blindly truncate shebang string
scripts/gdb: fix lx-version string output
thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set
dccp: fool proof ccid_hc_[rt]x_parse_options()
enic: fix checksum validation for IPv6
net: dp83640: expire old TX-skb
rxrpc: bad unlock balance in rxrpc_recvmsg
skge: potential memory corruption in skge_get_regs()
rds: fix refcount bug in rds_sock_addref
net: systemport: Fix WoL with password after deep sleep
net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames
net: dsa: slave: Don't propagate flag changes on down slave interfaces
ALSA: compress: Fix stop handling on compressed capture streams
ALSA: hda - Serialize codec registrations
fuse: call pipe_buf_release() under pipe lock
fuse: decrement NR_WRITEBACK_TEMP on the right page
fuse: handle zero sized retrieve correctly
dmaengine: bcm2835: Fix interrupt race on RT
dmaengine: bcm2835: Fix abort of transactions
dmaengine: imx-dma: fix wrong callback invoke
futex: Handle early deadlock return correctly
irqchip/gic-v3-its: Plug allocation race for devices sharing a DevID
usb: phy: am335x: fix race condition in _probe
usb: dwc3: gadget: Handle 0 xfer length for OUT EP
usb: gadget: udc: net2272: Fix bitwise and boolean operations
usb: gadget: musb: fix short isoc packets with inventra dma
staging: speakup: fix tty-operation NULL derefs
scsi: cxlflash: Prevent deadlock when adapter probe fails
scsi: aic94xx: fix module loading
KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM
perf/x86/intel/uncore: Add Node ID mask
x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out()
perf/core: Don't WARN() for impossible ring-buffer sizes
perf tests evsel-tp-sched: Fix bitwise operator
serial: fix race between flush_to_ldisc and tty_open
serial: 8250_pci: Make PCI class test non fatal
nfsd4: fix cached replies to solo SEQUENCE compounds
nfsd4: catch some false session retries
IB/hfi1: Add limit test for RC/UC send via loopback
perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu()
ath9k: dynack: make ewma estimation faster
ath9k: dynack: check da->enabled first in sampling routines
Linux 4.14.99
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Cheng Lin
|
ff9c3ae8c8 |
proc/sysctl: fix return error for proc_doulongvec_minmax()
[ Upstream commit 09be178400829dddc1189b50a7888495dd26aa84 ]
If the number of input parameters is less than the total parameters, an
EINVAL error will be returned.
For example, we use proc_doulongvec_minmax to pass up to two parameters
with kern_table:
{
.procname = "monitor_signals",
.data = &monitor_sigs,
.maxlen = 2*sizeof(unsigned long),
.mode = 0644,
.proc_handler = proc_doulongvec_minmax,
},
Reproduce:
When passing two parameters, it's work normal. But passing only one
parameter, an error "Invalid argument"(EINVAL) is returned.
[root@cl150 ~]# echo 1 2 > /proc/sys/kernel/monitor_signals
[root@cl150 ~]# cat /proc/sys/kernel/monitor_signals
1 2
[root@cl150 ~]# echo 3 > /proc/sys/kernel/monitor_signals
-bash: echo: write error: Invalid argument
[root@cl150 ~]# echo $?
1
[root@cl150 ~]# cat /proc/sys/kernel/monitor_signals
3 2
[root@cl150 ~]#
The following is the result after apply this patch. No error is
returned when the number of input parameters is less than the total
parameters.
[root@cl150 ~]# echo 1 2 > /proc/sys/kernel/monitor_signals
[root@cl150 ~]# cat /proc/sys/kernel/monitor_signals
1 2
[root@cl150 ~]# echo 3 > /proc/sys/kernel/monitor_signals
[root@cl150 ~]# echo $?
0
[root@cl150 ~]# cat /proc/sys/kernel/monitor_signals
3 2
[root@cl150 ~]#
There are three processing functions dealing with digital parameters,
__do_proc_dointvec/__do_proc_douintvec/__do_proc_doulongvec_minmax.
This patch deals with __do_proc_doulongvec_minmax, just as
__do_proc_dointvec does, adding a check for parameters 'left'. In
__do_proc_douintvec, its code implementation explicitly does not support
multiple inputs.
static int __do_proc_douintvec(...){
...
/*
* Arrays are not supported, keep this simple. *Do not* add
* support for them.
*/
if (vleft != 1) {
*lenp = 0;
return -EINVAL;
}
...
}
So, just __do_proc_doulongvec_minmax has the problem. And most use of
proc_doulongvec_minmax/proc_doulongvec_ms_jiffies_minmax just have one
parameter.
Link: http://lkml.kernel.org/r/1544081775-15720-1-git-send-email-cheng.lin130@zte.com.cn
Signed-off-by: Cheng Lin <cheng.lin130@zte.com.cn>
Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
d11d7f1ccf |
Merge 4.14.85 into android-4.14
Changes in 4.14.85 efi/libstub: arm: support building with clang ARM: 8766/1: drop no-thumb-interwork in EABI mode ARM: 8767/1: add support for building ARM kernel with clang bus: arm-cci: remove unnecessary unreachable() ARM: trusted_foundations: do not use naked function usb: core: Fix hub port connection events lost usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers usb: dwc3: gadget: Properly check last unaligned/zero chain TRB usb: dwc3: core: Clean up ULPI device xhci: Add check for invalid byte size error when UAS devices are connected. usb: xhci: fix timeout for transition from RExit to U0 ALSA: oss: Use kvzalloc() for local buffer allocations MAINTAINERS: Add Sasha as a stable branch maintainer mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL gpio: don't free unallocated ida on gpiochip_add_data_with_key() error path iwlwifi: mvm: support sta_statistics() even on older firmware iwlwifi: mvm: fix regulatory domain update when the firmware starts iwlwifi: mvm: don't use SAR Geo if basic SAR is not used brcmfmac: fix reporting support for 160 MHz channels tools/power/cpupower: fix compilation with STATIC=true v9fs_dir_readdir: fix double-free on p9stat_read error selinux: Add __GFP_NOWARN to allocation at str_read() Input: synaptics - avoid using uninitialized variable when probing bfs: add sanity check at bfs_fill_super() sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd llc: do not use sk_eat_skb() mm: don't warn about large allocations for slab mm/memory.c: recheck page table entry with page table lock held tcp: do not release socket ownership in tcp_close() IB/core: Perform modify QP on real one usb: xhci: Prevent bus suspend if a port connect change or polling state is detected drm/ast: change resolution may cause screen blurred drm/ast: fixed cursor may disappear sometimes drm/ast: Remove existing framebuffers before loading driver can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb is accessed out of bounds can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions can: rx-offload: rename can_rx_offload_irq_queue_err_skb() to can_rx_offload_queue_tail() can: raw: check for CAN FD capable netdev in raw_sendmsg() can: hi311x: Use level-triggered interrupt IB/hfi1: Eliminate races in the SDMA send error path pinctrl: meson: fix pinconf bias disable KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE cpufreq: imx6q: add return value check for voltage scale rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write crypto: simd - correctly take reqsize of wrapped skcipher into account floppy: fix race condition in __floppy_read_block_0() powerpc/io: Fix the IO workarounds code to work with Radix perf/x86/intel/uncore: Add more IMC PCI IDs for KabyLake and CoffeeLake CPUs SUNRPC: Fix a bogus get/put in generic_key_to_expire() kdb: Use strscpy with destination buffer size powerpc/numa: Suppress "VPHN is not supported" messages efi/arm: Revert deferred unmap of early memmap mapping z3fold: fix possible reclaim races tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset mm, page_alloc: check for max order in hot path of: add helper to lookup compatible child node NFC: nfcmrvl_uart: fix OF child-node lookup net: bcmgenet: fix OF child-node lookup drm/mediatek: fix OF sibling-node lookup power: supply: twl4030-charger: fix OF sibling-node lookup arm64: remove no-op -p linker flag xhci: Allow more than 32 quirks xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc mtd: rawnand: atmel: fix OF child-node lookup ubi: fastmap: Check each mapping only once Input: xpad - add PDP device id 0x02a4 Input: xpad - fix some coding style issues Input: xpad - avoid using __set_bit() for capabilities Input: xpad - add support for Xbox1 PDP Camo series gamepad iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE kbuild: allow to use GCC toolchain not in Clang search path PCI: endpoint: Populate func_no before calling pci_epc_add_epf() net/mlx4_core: Fix wrong calculation of free counters i40iw: Fix memory leak in error path of create QP rtc: omap: fix error path when pinctrl_register fails clk: samsung: exynos5250: Add missing clocks for FIMC LITE SYSMMU devices ARM: dts: exynos: Fix invalid node referenced by i2c20 alias in Peach Pit and Pi driver core: Move device_links_purge() after bus_remove_device() include/linux/pfn_t.h: force '~' to be parsed as an unary operator tty: wipe buffer. tty: wipe buffer if not echoing data usb: xhci: fix uninitialized completion when USB3 port got wrong status namei: allow restricted O_CREAT of FIFOs and regular files lan78xx: Read MAC address from DT if present s390/mm: Check for valid vma before zapping in gmap_discard rcu: Make need_resched() respond to urgent RCU-QS needs net: ieee802154: 6lowpan: fix frag reassembly ima: always measure and audit files in policy EVM: Add support for portable signature format ima: re-introduce own integrity cache lock ima: re-initialize iint->atomic_flags Linux 4.14.85 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Salvatore Mesoraca
|
7bcfd8f985 |
namei: allow restricted O_CREAT of FIFOs and regular files
commit 30aba6656f61ed44cba445a3c0d38b296fa9e8f5 upstream. Disallows open of FIFOs or regular files not owned by the user in world writable sticky directories, unless the owner is the same as that of the directory or the file is opened without the O_CREAT flag. The purpose is to make data spoofing attacks harder. This protection can be turned on and off separately for FIFOs and regular files via sysctl, just like the symlinks/hardlinks protection. This patch is based on Openwall's "HARDEN_FIFO" feature by Solar Designer. This is a brief list of old vulnerabilities that could have been prevented by this feature, some of them even allow for privilege escalation: CVE-2000-1134 CVE-2007-3852 CVE-2008-0525 CVE-2009-0416 CVE-2011-4834 CVE-2015-1838 CVE-2015-7442 CVE-2016-7489 This list is not meant to be complete. It's difficult to track down all vulnerabilities of this kind because they were often reported without any mention of this particular attack vector. In fact, before hardlinks/symlinks restrictions, fifos/regular files weren't the favorite vehicle to exploit them. [s.mesoraca16@gmail.com: fix bug reported by Dan Carpenter] Link: https://lkml.kernel.org/r/20180426081456.GA7060@mwanda Link: http://lkml.kernel.org/r/1524829819-11275-1-git-send-email-s.mesoraca16@gmail.com [keescook@chromium.org: drop pr_warn_ratelimited() in favor of audit changes in the future] [keescook@chromium.org: adjust commit subjet] Link: http://lkml.kernel.org/r/20180416175918.GA13494@beast Signed-off-by: Salvatore Mesoraca <s.mesoraca16@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Suggested-by: Solar Designer <solar@openwall.com> Suggested-by: Kees Cook <keescook@chromium.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Loic <hackurx@opensec.fr> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Rik van Riel
|
019b711f9e |
ANDROID: add extra free kbytes tunable
Add a userspace visible knob to tell the VM to keep an extra amount of memory free, by increasing the gap between each zone's min and low watermarks. This is useful for realtime applications that call system calls and have a bound on the number of allocations that happen in any short time period. In this application, extra_free_kbytes would be left at an amount equal to or larger than than the maximum number of allocations that happen in any burst. It may also be useful to reduce the memory use of virtual machines (temporarily?), in a way that does not cause memory fragmentation like ballooning does. [ccross] Revived for use on old kernels where no other solution exists. The tunable will be removed on kernels that do better at avoiding direct reclaim. [surenb] Will be reverted as soon as Android framework is reworked to use upstream-supported watermark_scale_factor instead of extra_free_kbytes. Bug: 86445363 Change-Id: I765a42be8e964bfd3e2886d1ca85a29d60c3bb3e Signed-off-by: Rik van Riel<riel@redhat.com> Signed-off-by: Colin Cross <ccross@android.com> Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Greg Kroah-Hartman
|
474d3c467b |
Merge 4.14.21 into android-4.14
Changes in 4.14.21
tracing: Prevent PROFILE_ALL_BRANCHES when FORTIFY_SOURCE=y
scsi: smartpqi: allow static build ("built-in")
IB/umad: Fix use of unprotected device pointer
IB/qib: Fix comparison error with qperf compare/swap test
IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports
IB/core: Fix two kernel warnings triggered by rxe registration
IB/core: Fix ib_wc structure size to remain in 64 bytes boundary
IB/core: Avoid a potential OOPs for an unused optional parameter
selftests: seccomp: fix compile error seccomp_bpf
kselftest: fix OOM in memory compaction test
RDMA/rxe: Fix a race condition related to the QP error state
RDMA/rxe: Fix a race condition in rxe_requester()
RDMA/rxe: Fix rxe_qp_cleanup()
cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin
swiotlb: suppress warning when __GFP_NOWARN is set
PM / devfreq: Propagate error from devfreq_add_device()
mwifiex: resolve reset vs. remove()/shutdown() deadlocks
ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE
powerpc/radix: Remove trace_tlbie call from radix__flush_tlb_all
powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove
powerpc/mm: Flush radix process translations when setting MMU type
powerpc/xive: Use hw CPU ids when configuring the CPU queues
powerpc: Fix DABR match on hash based systems
dma-buf: fix reservation_object_wait_timeout_rcu once more v2
s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
arm64: dts: msm8916: Correct ipc references for smsm
ARM: lpc3250: fix uda1380 gpio numbers
ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
ARM: dts: nomadik: add interrupt-parent for clcd
arm: dts: mt7623: fix card detection issue on bananapi-r2
arm: spear600: Add missing interrupt-parent of rtc
arm: spear13xx: Fix dmas cells
arm: spear13xx: Fix spics gpio controller's warning
drm/i915: add GT number to intel_device_info
drm/i915/kbl: Change a KBL pci id to GT2 from GT1.5
x86/gpu: add CFL to early quirks
x86/kexec: Make kexec (mostly) work in 5-level paging mode
x86/xen: init %gs very early to avoid page faults with stack protector
x86: PM: Make APM idle driver initialize polling state
x86/entry/64: Clear extra registers beyond syscall arguments, to reduce speculation attack surface
x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface
compiler-gcc.h: Introduce __optimize function attribute
compiler-gcc.h: __nostackprotector needs gcc-4.4 and up
crypto: sun4i_ss_prng - fix return value of sun4i_ss_prng_generate
crypto: sun4i_ss_prng - convert lock to _bh in sun4i_ss_prng_generate
powerpc/mm/radix: Split linear mapping on hot-unplug
x86/mm/pti: Fix PTI comment in entry_SYSCALL_64()
x86/speculation: Update Speculation Control microcode blacklist
x86/speculation: Correct Speculation Control microcode blacklist again
Revert "x86/speculation: Simplify indirect_branch_prediction_barrier()"
KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods
X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
KVM/nVMX: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap
x86/speculation: Clean up various Spectre related details
PM / runtime: Update links_count also if !CONFIG_SRCU
PM: cpuidle: Fix cpuidle_poll_state_init() prototype
x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface
x86/entry/64: Merge SAVE_C_REGS and SAVE_EXTRA_REGS, remove unused extensions
x86/entry/64: Merge the POP_C_REGS and POP_EXTRA_REGS macros into a single POP_REGS macro
x86/entry/64: Interleave XOR register clearing with PUSH instructions
x86/entry/64: Introduce the PUSH_AND_CLEAN_REGS macro
x86/entry/64: Use PUSH_AND_CLEAN_REGS in more cases
x86/entry/64: Get rid of the ALLOC_PT_GPREGS_ON_STACK and SAVE_AND_CLEAR_REGS macros
x86/entry/64: Indent PUSH_AND_CLEAR_REGS and POP_REGS properly
x86/entry/64: Fix paranoid_entry() frame pointer warning
x86/entry/64: Remove the unused 'icebp' macro
selftests/x86: Fix vDSO selftest segfault for vsyscall=none
selftests/x86: Clean up and document sscanf() usage
selftests/x86/pkeys: Remove unused functions
selftests/x86: Do not rely on "int $0x80" in test_mremap_vdso.c
selftests/x86: Do not rely on "int $0x80" in single_step_syscall.c
selftests/x86: Disable tests requiring 32-bit support on pure 64-bit systems
objtool: Fix segfault in ignore_unreachable_insn()
x86/debug, objtool: Annotate WARN()-related UD2 as reachable
x86/debug: Use UD2 for WARN()
x86/speculation: Fix up array_index_nospec_mask() asm constraint
nospec: Move array_index_nospec() parameter checking into separate macro
x86/speculation: Add <asm/msr-index.h> dependency
kmemcheck: remove annotations
kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
kmemcheck: remove whats left of NOTRACK flags
kmemcheck: rip it out
kmemcheck: rip it out for real
x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]()
selftests/x86/mpx: Fix incorrect bounds with old _sigfault
x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
x86/spectre: Fix an error message
x86/cpu: Change type of x86_cache_size variable to unsigned int
x86/entry/64: Fix CR3 restore in paranoid_exit()
drm/ttm: Don't add swapped BOs to swap-LRU list
drm/ttm: Fix 'buf' pointer update in ttm_bo_vm_access_kmap() (v2)
drm/qxl: unref cursor bo when finished with it
drm/amd/powerplay: Fix smu_table_entry.handle type
drm/ast: Load lut in crtc_commit
arm64: Add missing Falkor part number for branch predictor hardening
drm/radeon: Add dpm quirk for Jet PRO (v2)
drm/radeon: adjust tested variable
rtc-opal: Fix handling of firmware error codes, prevent busy loops
mbcache: initialize entry->e_referenced in mb_cache_entry_create()
mmc: sdhci: Implement an SDHCI-specific bounce buffer
mmc: bcm2835: Don't overwrite max frequency unconditionally
Revert "mmc: meson-gx: include tx phase in the tuning process"
mlx5: fix mlx5_get_vector_affinity to start from completion vector 0
Revert "apple-gmux: lock iGP IO to protect from vgaarb changes"
jbd2: fix sphinx kernel-doc build warnings
ext4: fix a race in the ext4 shutdown path
ext4: save error to disk in __ext4_grp_locked_error()
ext4: correct documentation for grpid mount option
mm: hide a #warning for COMPILE_TEST
mm: Fix memory size alignment in devm_memremap_pages_release()
MIPS: Fix typo BIG_ENDIAN to CPU_BIG_ENDIAN
MIPS: Fix incorrect mem=X@Y handling
PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode
PCI: iproc: Fix NULL pointer dereference for BCMA
PCI: keystone: Fix interrupt-controller-node lookup
video: fbdev: atmel_lcdfb: fix display-timings lookup
console/dummy: leave .con_font_get set to NULL
rbd: whitelist RBD_FEATURE_OPERATIONS feature bit
xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests
xenbus: track caller request id
seq_file: fix incomplete reset on read from zero offset
tracing: Fix parsing of globs with a wildcard at the beginning
mpls, nospec: Sanitize array index in mpls_label_ok()
rtlwifi: rtl8821ae: Fix connection lost problem correctly
arm64: proc: Set PTE_NG for table entries to avoid traversing them twice
qxl: alloc & use shadow for dumb buffers
drm/qxl: reapply cursor after resetting primary
xprtrdma: Fix calculation of ri_max_send_sges
xprtrdma: Fix BUG after a device removal
blk-wbt: account flush requests correctly
target/iscsi: avoid NULL dereference in CHAP auth error path
iscsi-target: make sure to wake up sleeping login worker
dm: correctly handle chained bios in dec_pending()
Btrfs: fix deadlock in run_delalloc_nocow
Btrfs: fix crash due to not cleaning up tree log block's dirty bits
Btrfs: fix extent state leak from tree log
Btrfs: fix btrfs_evict_inode to handle abnormal inodes correctly
Btrfs: fix use-after-free on root->orphan_block_rsv
Btrfs: fix unexpected -EEXIST when creating new inode
9p/trans_virtio: discard zero-length reply
mtd: nand: vf610: set correct ooblayout
ALSA: hda - Fix headset mic detection problem for two Dell machines
ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
ALSA: hda/realtek - Add headset mode support for Dell laptop
ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform
ALSA: hda/realtek: PCI quirk for Fujitsu U7x7
ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204
ALSA: usb: add more device quirks for USB DSD devices
ALSA: seq: Fix racy pool initializations
mvpp2: fix multicast address filter
usb: Move USB_UHCI_BIG_ENDIAN_* out of USB_SUPPORT
x86/mm, mm/hwpoison: Don't unconditionally unmap kernel 1:1 pages
scsi: core: check for device state in __scsi_remove_target()
Bluetooth: BT_HCIUART now depends on SERIAL_DEV_BUS
ARM: dts: exynos: fix RTC interrupt for exynos5410
ARM: pxa/tosa-bt: add MODULE_LICENSE tag
arm64: dts: msm8916: Add missing #phy-cells
ARM: dts: s5pv210: add interrupt-parent for ohci
arm: dts: mt7623: Update ethsys binding
arm: dts: mt2701: Add reset-cells
ARM: dts: Delete bogus reference to the charlcd
media: r820t: fix r820t_write_reg for KASAN
mmc: sdhci-of-esdhc: disable SD clock for clock value 0
mmc: sdhci-of-esdhc: fix eMMC couldn't work after kexec
mmc: sdhci-of-esdhc: fix the mmc error after sleep on ls1046ardb
ASoC: acpi: fix machine driver selection based on quirk
ovl: hash directory inodes for fsnotify
Linux 4.14.21
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Levin, Alexander (Sasha Levin)
|
f369f14861 |
kmemcheck: rip it out
commit 4675ff05de2d76d167336b368bd07f3fef6ed5a6 upstream. Fix up makefiles, remove references, and git rm kmemcheck. Link: http://lkml.kernel.org/r/20171007030159.22241-4-alexander.levin@verizon.com Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Vegard Nossum <vegardno@ifi.uio.no> Cc: Pekka Enberg <penberg@kernel.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Alexander Potapenko <glider@google.com> Cc: Tim Hansen <devtimhansen@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
20f3b53781 |
Merge 4.14.6 into android-4.14
Changes in 4.14.6 usb: gadget: udc: renesas_usb3: fix number of the pipes usb: gadget: core: Fix ->udc_set_speed() speed handling serdev: ttyport: add missing receive_buf sanity checks serdev: ttyport: fix NULL-deref on hangup serdev: ttyport: fix tty locking in close usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT can: mcba_usb: fix device disconnect bug can: peak/pci: fix potential bug when probe() fails can: flexcan: fix VF610 state transition issue can: ti_hecc: Fix napi poll return value for repoll can: kvaser_usb: free buf in error paths can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() can: kvaser_usb: ratelimit errors if incomplete messages are received can: kvaser_usb: cancel urb on -EPIPE and -EPROTO can: mcba_usb: cancel urb on -EPROTO can: ems_usb: cancel urb on -EPIPE and -EPROTO can: esd_usb2: cancel urb on -EPIPE and -EPROTO can: usb_8dev: cancel urb on -EPIPE and -EPROTO can: peak/pcie_fd: fix potential bug in restarting tx queue virtio: release virtio index when fail to device_register iio: stm32: fix adc/trigger link error iio: health: max30102: Temperature should be in milli Celsius iio: adc: cpcap: fix incorrect validation iio: adc: meson-saradc: fix the bit_idx of the adc_en clock iio: adc: meson-saradc: initialize the bandgap correctly on older SoCs iio: adc: meson-saradc: Meson8 and Meson8b do not have REG11 and REG13 pinctrl: armada-37xx: Fix direction_output() callback behavior Drivers: hv: vmbus: Fix a rescind issue hv: kvp: Avoid reading past allocated blocks from KVP file firmware: cleanup FIRMWARE_IN_KERNEL message firmware: vpd: Destroy vpd sections in remove function firmware: vpd: Tie firmware kobject to device lifetime firmware: vpd: Fix platform driver and device registration/unregistration isa: Prevent NULL dereference in isa_bus driver callbacks scsi: dma-mapping: always provide dma_get_cache_alignment scsi: use dma_get_cache_alignment() as minimum DMA alignment scsi: libsas: align sata_device's rps_resp on a cacheline efi: Move some sysfs files to be read-only by root efi/esrt: Use memunmap() instead of kfree() to free the remapping ASN.1: fix out-of-bounds read when parsing indefinite length item ASN.1: check for error from ASN1_OP_END__ACT actions KEYS: add missing permission check for request_key() destination KEYS: reject NULL restriction string when type is specified X.509: reject invalid BIT STRING for subjectPublicKey X.509: fix comparisons of ->pkey_algo x86/idt: Load idt early in start_secondary x86/PCI: Make broadcom_postcore_init() check acpi_disabled KVM: x86: fix APIC page invalidation btrfs: fix missing error return in btrfs_drop_snapshot btrfs: handle errors while updating refcounts in update_ref_for_cow ALSA: hda/realtek - New codec support for ALC257 ALSA: pcm: prevent UAF in snd_pcm_info ALSA: seq: Remove spurious WARN_ON() at timer check ALSA: usb-audio: Fix out-of-bound error ALSA: usb-audio: Add check return value for usb_string() iommu/vt-d: Fix scatterlist offset handling smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place s390: always save and restore all registers on context switch s390/mm: fix off-by-one bug in 5-level page table handling s390: fix compat system call table KVM: s390: Fix skey emulation permission check Revert "powerpc: Do not call ppc_md.panic in fadump panic notifier" powerpc/64s: Initialize ISAv3 MMU registers before setting partition table iwlwifi: mvm: mark MIC stripped MPDUs iwlwifi: mvm: don't use transmit queue hang detection when it is not possible iwlwifi: mvm: flush queue before deleting ROC iwlwifi: add new cards for 9260 and 22000 series iwlwifi: mvm: fix packet injection iwlwifi: mvm: enable RX offloading with TKIP and WEP brcmfmac: change driver unbind order of the sdio function devices kdb: Fix handling of kallsyms_symbol_next() return value md/r5cache: move mddev_lock() out of r5c_journal_mode_set() drm/bridge: analogix dp: Fix runtime PM state in get_modes() callback drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU drm/i915: Fix vblank timestamp/frame counter jumps on gen2 media: dvb: i2c transfers over usb cannot be done from stack media: rc: sir_ir: detect presence of port media: rc: partial revert of "media: rc: per-protocol repeat period" arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one KVM: VMX: remove I/O port 0x80 bypass on Intel hosts KVM: arm/arm64: Fix broken GICH_ELRSR big endian conversion KVM: arm/arm64: vgic-irqfd: Fix MSI entry allocation KVM: arm/arm64: vgic: Preserve the revious read from the pending table KVM: arm/arm64: vgic-its: Check result of allocation before use arm64: fpsimd: Prevent registers leaking from dead tasks arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb Revert "ARM: dts: imx53: add srtc node" bus: arm-cci: Fix use of smp_processor_id() in preemptible context bus: arm-ccn: Check memory allocation failure bus: arm-ccn: Fix use of smp_processor_id() in preemptible context bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left. IB/core: Avoid unnecessary return value check IB/core: Only enforce security for InfiniBand crypto: talitos - fix AEAD test failures crypto: talitos - fix memory corruption on SEC2 crypto: talitos - fix setkey to check key weakness crypto: talitos - fix AEAD for sha224 on non sha224 capable chips crypto: talitos - fix use of sg_link_tbl_len crypto: talitos - fix ctr-aes-talitos ARM: BUG if jumping to usermode address in kernel mode ARM: avoid faulting on qemu irqchip/qcom: Fix u32 comparison with value less than zero net/smc: use sk_rcvbuf as start for rmb creation kbuild: pkg: use --transform option to prefix paths in tar coccinelle: fix parallel build with CHECK=scripts/coccicheck powerpc/perf: Fix pmu_count to count only nest imc pmus apparmor: fix leak of null profile name if profile allocation fails x86/mpx/selftests: Fix up weird arrays mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() gre6: use log_ecn_error module parameter in ip6_tnl_rcv() route: also update fnhe_genid when updating a route cache route: update fnhe_expires for redirect when the fnhe exists rsi: fix memory leak on buf and usb_reg_buf drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' pipe: match pipe_max_size data type with procfs lib/genalloc.c: make the avail variable an atomic_long_t dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 NFS: Fix a typo in nfs_rename() sunrpc: Fix rpc_task_begin trace point nfp: inherit the max_mtu from the PF netdev nfp: fix flower offload metadata flag usage xfs: fix forgotten rcu read unlock when skipping inode reclaim dt-bindings: usb: fix reg-property port-number range block: wake up all tasks blocked in get_request() sparc64/mm: set fields in deferred pages zsmalloc: calling zs_map_object() from irq is a bug slub: fix sysfs duplicate filename creation when slub_debug=O sctp: do not free asoc when it is already dead in sctp_sendmsg sctp: use the right sk after waking up from wait_buf sleep fcntl: don't leak fd reference when fixup_compat_flock fails geneve: fix fill_info when link down bpf: fix lockdep splat clk: stm32h7: fix test of clock config clk: sunxi-ng: a83t: Fix i2c buses bits clk: qcom: common: fix legacy board-clock registration clk: uniphier: fix DAPLL2 clock rate of Pro5 clk: hi3660: fix incorrect uart3 clock freqency mailbox: mailbox-test: don't rely on rx_buffer content to signal data ready kbuild: rpm-pkg: fix jobserver unavailable warning atm: horizon: Fix irq release error jump_label: Invoke jump_label_test() via early_initcall() tls: Use kzalloc for aead_request allocation xfrm: Copy policy family in clone_policy f2fs: fix to clear FI_NO_PREALLOC bnxt_re: changing the ip address shouldn't affect new connections IB/mlx4: Increase maximal message size under UD QP IB/mlx5: Assign send CQ and recv CQ of UMR QP afs: Fix total-length calculation for multiple-page send afs: Connect up the CB.ProbeUuid Linux 4.14.6 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Srivatsa Vaddagiri
|
0bb35550c3 |
ANDROID: sched: Introduce Window Assisted Load Tracking (WALT)
This patch is a combination of many many patches which have been previously applied to Android/EAS kernels. Similarly to other EAS components, we are squashing these to present a more orderly view of component history and relationships. The original description of WALT was: Use a window based view of time in order to track task demand and CPU utilization in the scheduler. WALT accounts two major statistics; CPU load and cumulative tasks demand. The CPU load which is account of accumulated each CPU's absolute execution time is for CPU frequency guidance. Whereas cumulative tasks demand which is each CPU's instantaneous load to reflect CPU's load at given time is for task placement decision. Use cumulative tasks demand for cpu_util() for task placement and introduce cpu_util_freq() for frequency guidance. This version includes the "cumulative window demand" statistic which was originally described as: Energy cost estimation has been a long lasting challenge for WALT because WALT guides CPU frequency based on the CPU utilization of previous window. Consequently it's not possible to know newly waking-up task's energy cost until WALT's end of the current window. The WALT already tracks 'Previous Runnable Sum' (prev_runnable_sum) and 'Cumulative Runnable Average' (cr_avg). They are designed for CPU frequency guidance and task placement but unfortunately both are not suitable for the energy cost estimation. It's because using prev_runnable_sum for energy cost calculation would make us to account CPU and task's energy solely based on activity in the previous window so for example, any task didn't have an activity in the previous window will be accounted as a 'zero energy cost' task. Energy estimation with cr_avg is what energy_diff() relies on at present. However cr_avg can only represent instantaneous picture of energy cost thus for example, if a CPU was fully occupied for an entire WALT window and became idle just before window boundary, and if there is a wake-up, energy_diff() accounts that CPU is a 'zero energy cost' CPU. As a result, introduce a new accounting unit 'Cumulative Window Demand'. The cumulative window demand tracks all the tasks' demands have seen in current window which is neither instantaneous nor actual execution time. Because task demand represents estimated scaled execution time when the task runs a full window, accumulation of all the demands represents predicted CPU load at the end of window. Thus we can estimate CPU's frequency at the end of current WALT window with the cumulative window demand. This version is extracted wholesale from the version currently available in android-4.4 and android-4.9. Window Assisted Load Tracking (WALT) implementation credits: Srivatsa Vaddagiri, Steve Muckle, Syed Rameez Mustafa, Joonwoo Park, Pavan Kumar Kondeti, Olav Haugan, Srinath Sridharan, Vikram Mulukutla, Todd Kjos, Juri Lelli, John Stultz, Andres Oportus Change-Id: If92dd9db843374073be59d2cb83febfef993b562 Signed-off-by: Chris Redpath <chris.redpath@arm.com> |
||
|
Srinath Sridharan
|
7f6fb825d6 |
ANDROID: sched: EAS: take cstate into account when selecting idle core
Introduce a new sysctl for this option, 'sched_cstate_aware'. When this is enabled, select_idle_sibling in CFS is modified to choose the idle CPU in the sibling group which has the lowest idle state index - idle state indexes are assumed to increase as sleep depth and hence wakeup latency increase. In this way, we attempt to minimise wakeup latency when an idle CPU is required. Signed-off-by: Srinath Sridharan <srinathsr@google.com> Includes: sched: EAS: fix select_idle_sibling when sysctl_sched_cstate_aware is enabled, best_idle cpu will not be chosen in the original flow because it will goto done directly Bug: 30107557 Change-Id: Ie09c2e3960cafbb976f8d472747faefab3b4d6ac Signed-off-by: martin_liu <martin_liu@htc.com> Signed-off-by: Andres Oportus <andresoportus@google.com> [refactored and fixed conflicts] Signed-off-by: Chris Redpath <chris.redpath@arm.com> |
||
|
Chris Redpath
|
f1ec666a62 |
ANDROID: sched: Unconditionally honor sync flag for energy-aware wakeups
Since we don't do energy-aware wakeups when we are overutilized, always honoring sync wakeups in this state does not prevent wake-wide mechanics overruling the flag as normal. This patch is based upon previous work to build EAS for android products. sync-hint code taken from commit 4a5e890ec60d "sched/fair: add tunable to force selection at cpu granularity" written by Juri Lelli <juri.lelli@arm.com> Change-Id: I4b3d79141fc8e53dc51cd63ac11096c2e3cb10f5 Signed-off-by: Chris Redpath <chris.redpath@arm.com> |
||
|
Joe Lawrence
|
30c2f774e1 |
pipe: match pipe_max_size data type with procfs
[ Upstream commit 98159d977f71c3b3dee898d1c34e56f520b094e7 ]
Patch series "A few round_pipe_size() and pipe-max-size fixups", v3.
While backporting Michael's "pipe: fix limit handling" patchset to a
distro-kernel, Mikulas noticed that current upstream pipe limit handling
contains a few problems:
1 - procfs signed wrap: echo'ing a large number into
/proc/sys/fs/pipe-max-size and then cat'ing it back out shows a
negative value.
2 - round_pipe_size() nr_pages overflow on 32bit: this would
subsequently try roundup_pow_of_two(0), which is undefined.
3 - visible non-rounded pipe-max-size value: there is no mutual
exclusion or protection between the time pipe_max_size is assigned
a raw value from proc_dointvec_minmax() and when it is rounded.
4 - unsigned long -> unsigned int conversion makes for potential odd
return errors from do_proc_douintvec_minmax_conv() and
do_proc_dopipe_max_size_conv().
This version underwent the same testing as v1:
https://marc.info/?l=linux-kernel&m=150643571406022&w=2
This patch (of 4):
pipe_max_size is defined as an unsigned int:
unsigned int pipe_max_size = 1048576;
but its procfs/sysctl representation is an integer:
static struct ctl_table fs_table[] = {
...
{
.procname = "pipe-max-size",
.data = &pipe_max_size,
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = &pipe_proc_fn,
.extra1 = &pipe_min_size,
},
...
that is signed:
int pipe_proc_fn(struct ctl_table *table, int write, void __user *buf,
size_t *lenp, loff_t *ppos)
{
...
ret = proc_dointvec_minmax(table, write, buf, lenp, ppos)
This leads to signed results via procfs for large values of pipe_max_size:
% echo 2147483647 >/proc/sys/fs/pipe-max-size
% cat /proc/sys/fs/pipe-max-size
-2147483648
Use unsigned operations on this variable to avoid such negative values.
Link: http://lkml.kernel.org/r/1507658689-11669-2-git-send-email-joe.lawrence@redhat.com
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Reviewed-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Linus Torvalds
|
27efed3e83 |
Merge branch 'core-watchdog-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull watchddog clean-up and fixes from Thomas Gleixner:
"The watchdog (hard/softlockup detector) code is pretty much broken in
its current state. The patch series addresses this by removing all
duct tape and refactoring it into a workable state.
The reasons why I ask for inclusion that late in the cycle are:
1) The code causes lockdep splats vs. hotplug locking which get
reported over and over. Unfortunately there is no easy fix.
2) The risk of breakage is minimal because it's already broken
3) As 4.14 is a long term stable kernel, I prefer to have working
watchdog code in that and the lockdep issues resolved. I wouldn't
ask you to pull if 4.14 wouldn't be a LTS kernel or if the
solution would be easy to backport.
4) The series was around before the merge window opened, but then got
delayed due to the UP failure caused by the for_each_cpu()
surprise which we discussed recently.
Changes vs. V1:
- Addressed your review points
- Addressed the warning in the powerpc code which was discovered late
- Changed two function names which made sense up to a certain point
in the series. Now they match what they do in the end.
- Fixed a 'unused variable' warning, which got not detected by the
intel robot. I triggered it when trying all possible related config
combinations manually. Randconfig testing seems not random enough.
The changes have been tested by and reviewed by Don Zickus and tested
and acked by Micheal Ellerman for powerpc"
* 'core-watchdog-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (36 commits)
watchdog/core: Put softlockup_threads_initialized under ifdef guard
watchdog/core: Rename some softlockup_* functions
powerpc/watchdog: Make use of watchdog_nmi_probe()
watchdog/core, powerpc: Lock cpus across reconfiguration
watchdog/core, powerpc: Replace watchdog_nmi_reconfigure()
watchdog/hardlockup/perf: Fix spelling mistake: "permanetely" -> "permanently"
watchdog/hardlockup/perf: Cure UP damage
watchdog/hardlockup: Clean up hotplug locking mess
watchdog/hardlockup/perf: Simplify deferred event destroy
watchdog/hardlockup/perf: Use new perf CPU enable mechanism
watchdog/hardlockup/perf: Implement CPU enable replacement
watchdog/hardlockup/perf: Implement init time detection of perf
watchdog/hardlockup/perf: Implement init time perf validation
watchdog/core: Get rid of the racy update loop
watchdog/core, powerpc: Make watchdog_nmi_reconfigure() two stage
watchdog/sysctl: Clean up sysctl variable name space
watchdog/sysctl: Get rid of the #ifdeffery
watchdog/core: Clean up header mess
watchdog/core: Further simplify sysctl handling
watchdog/core: Get rid of the thread teardown/setup dance
...
|
||
|
Luis R. Rodriguez
|
3181c38e4d |
kernel/sysctl.c: remove duplicate UINT_MAX check on do_proc_douintvec_conv()
do_proc_douintvec_conv() has two UINT_MAX checks, we can remove one.
This has no functional changes other than fixing a compiler warning:
kernel/sysctl.c:2190]: (warning) Identical condition '*lvalp>UINT_MAX', second condition is always false
Fixes:
|
||
|
Ethan Zhao
|
5ccba44ba1 |
sched/sysctl: Check user input value of sysctl_sched_time_avg
System will hang if user set sysctl_sched_time_avg to 0:
[root@XXX ~]# sysctl kernel.sched_time_avg_ms=0
Stack traceback for pid 0
0xffff883f6406c600 0 0 1 3 R 0xffff883f6406cf50 *swapper/3
ffff883f7ccc3ae8 0000000000000018 ffffffff810c4dd0 0000000000000000
0000000000017800 ffff883f7ccc3d78 0000000000000003 ffff883f7ccc3bf8
ffffffff810c4fc9 ffff883f7ccc3c08 00000000810c5043 ffff883f7ccc3c08
Call Trace:
<IRQ> [<ffffffff810c4dd0>] ? update_group_capacity+0x110/0x200
[<ffffffff810c4fc9>] ? update_sd_lb_stats+0x109/0x600
[<ffffffff810c5507>] ? find_busiest_group+0x47/0x530
[<ffffffff810c5b84>] ? load_balance+0x194/0x900
[<ffffffff810ad5ca>] ? update_rq_clock.part.83+0x1a/0xe0
[<ffffffff810c6d42>] ? rebalance_domains+0x152/0x290
[<ffffffff810c6f5c>] ? run_rebalance_domains+0xdc/0x1d0
[<ffffffff8108a75b>] ? __do_softirq+0xfb/0x320
[<ffffffff8108ac85>] ? irq_exit+0x125/0x130
[<ffffffff810b3a17>] ? scheduler_ipi+0x97/0x160
[<ffffffff81052709>] ? smp_reschedule_interrupt+0x29/0x30
[<ffffffff8173a1be>] ? reschedule_interrupt+0x6e/0x80
<EOI> [<ffffffff815bc83c>] ? cpuidle_enter_state+0xcc/0x230
[<ffffffff815bc80c>] ? cpuidle_enter_state+0x9c/0x230
[<ffffffff815bc9d7>] ? cpuidle_enter+0x17/0x20
[<ffffffff810cd6dc>] ? cpu_startup_entry+0x38c/0x420
[<ffffffff81053373>] ? start_secondary+0x173/0x1e0
Because divide-by-zero error happens in function:
update_group_capacity()
update_cpu_capacity()
scale_rt_capacity()
{
...
total = sched_avg_period() + delta;
used = div_u64(avg, total);
...
}
To fix this issue, check user input value of sysctl_sched_time_avg, keep
it unchanged when hitting invalid input, and set the minimum limit of
sysctl_sched_time_avg to 1 ms.
Reported-by: James Puthukattukaran <james.puthukattukaran@oracle.com>
Signed-off-by: Ethan Zhao <ethan.zhao@oracle.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: efault@gmx.de
Cc: ethan.kernel@gmail.com
Cc: keescook@chromium.org
Cc: mcgrof@kernel.org
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/1504504774-18253-1-git-send-email-ethan.zhao@oracle.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|