Squashed commit of the following:
commit 259593385c05a430c4685b611c0e43b4272c22f8
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 08:30:37 2024 -0500
bpf: squash revert spoofing and some backports:
Squashed commit of the following:
commit 8ac5df9c8bc9575059fff6cea0c40463b96fc129
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:58:17 2024 -0500
Revert "BACKPORT: bpf: add skb_load_bytes_relative helper"
This reverts commit 029893dcc5d67af16fdf0723bacaae37ec567f67.
commit dbcbceafe848744ec188f74e87e9717916d359ea
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:58:13 2024 -0500
Revert "BACKPORT: bpf: encapsulate verifier log state into a structure"
This reverts commit d861145b97d247cbd9fe1400df52155f48639126.
commit 478f4dfee0406b54525e68764cc9ba48af1624fc
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:58:10 2024 -0500
Revert "BACKPORT: bpf: Rename bpf_verifer_log"
This reverts commit 5d088635de1bf2d6ae9ea94e3dd1c601d30c0cce.
commit 7bc7c24beb82168b49337530cb56b5dfeeafe19a
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:58:07 2024 -0500
Revert "BACKPORT: bpf: btf: Introduce BPF Type Format (BTF)"
This reverts commit 93d34e26514b4d9d15fd176706f57634b2e97485.
commit 7106457ba90a459b6241fdd44df658c1b52c0e4b
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:58:03 2024 -0500
Revert "bpf: Update logging functions to work with BTF"
This reverts commit 97e6c528eb2f76c58a3b6a4c1e7fbeafcd97633a.
commit 08e68c7ba56f5e78fd1afcd5a2164716a75b0fe3
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:58:00 2024 -0500
Revert "bpf: btf: Validate type reference"
This reverts commit c7b7eecbc1134e5d8865af2cc0692fc7156175d5.
commit 7763cf0831970a64ed62f9b7362fca02ab6e83f1
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:57:51 2024 -0500
Revert "bpf: btf: Check members of struct/union"
This reverts commit 9a77b51cad6f04866ca067ca0e70a89b9f59ed56.
commit eb033235f666b5f66995f4cf89702de7ab4721f8
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:57:47 2024 -0500
Revert "bpf: btf: Add pretty print capability for data with BTF type info"
This reverts commit 745692103435221d6e39bc177811769995540525.
commit c32995674ace91e06c591d2f63177585e81adc75
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:57:43 2024 -0500
Revert "BACKPORT: bpf: btf: Add BPF_BTF_LOAD command"
This reverts commit 4e0afd38e20e5aa2df444361309bc07251ca6b2a.
commit 1310bc8d4aca0015c8723e7624121eddf76b3244
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:57:38 2024 -0500
Revert "bpf: btf: Add BPF_OBJ_GET_INFO_BY_FD support to BTF fd"
This reverts commit d4b5d76d9101b97e6fe5181bcefe7f601ed19926.
commit 881a49445608712bdb0a0f0c959838bdbc725f62
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:57:34 2024 -0500
Revert "BACKPORT: bpf: btf: Clean up btf.h in uapi"
This reverts commit 26b661822933d41b3feb59bb284334bfbbc82af4.
commit e2109fd858ebd5fe392c8bf579b9350fbca35a35
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:57:29 2024 -0500
Revert "bpf: btf: Avoid WARN_ON when CONFIG_REFCOUNT_FULL=y"
This reverts commit 9abf878903404e649fef4ad0b189eec1c13d29fe.
commit 088a7d9137f03da4e0fc1d72add3901823081ccd
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:57:23 2024 -0500
Revert "bpf: Fix compiler warning on info.map_ids for 32bit platform"
This reverts commit a3a278e1f6cf167d538ac52f4ad60bb9cf8d4129.
commit 6e14aed6b63f2b266982454d83678445c062cf39
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:57:13 2024 -0500
Revert "bpf: btf: Change how section is supported in btf_header"
This reverts commit 4b60ffd683eb623a184b46761777838d7c49e707.
commit 151a60855c23bf0317734031481d779efb369d6c
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:57:08 2024 -0500
Revert "bpf: btf: Check array->index_type"
This reverts commit b00e10f1a073fadce178b6fb62496722e16db303.
commit 49775e9074a54ac5f60f518e6fc5a26172996eae
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:57:01 2024 -0500
Revert "bpf: btf: Remove unused bits from uapi/linux/btf.h"
This reverts commit c90c6ad34f7a8f565f351d21c2d5b9706838767d.
commit b6d6c6ab28e4b018da6ce9e64125e63f4191d3d9
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:56:58 2024 -0500
Revert "bpf: btf: Avoid variable length array"
This reverts commit fe7d1f7750242e77a73839d173ac36c3e39d4171.
commit a45bedecb9b1175fef96f2d64fba2d61777dbf35
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:56:49 2024 -0500
Revert "bpf: btf: avoid -Wreturn-type warning"
This reverts commit 78214f1e390bf1d69d9ae4ee80072ac85c34619e.
commit 445efb8465b9fa5706d81098417f15656265322e
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:56:46 2024 -0500
Revert "bpf: btf: Check array t->size"
This reverts commit aed532e7466f77885a362e4b863bf90c41e834ba.
commit 8aada590d525de735cf39196d88722e727c141e9
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:56:42 2024 -0500
Revert "bpf: btf: Ensure t->type == 0 for BTF_KIND_FWD"
This reverts commit 8c8b601dcc2e62e1276b73dfee8b49e40fb65944.
commit ed67ad09e866c9c30897488088bbb4555ea3dc80
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:56:38 2024 -0500
Revert "bpf: btf: Fix bitfield extraction for big endian"
This reverts commit b0696a226c52868d64963f01665dd1a640a92f2b.
commit 5cc64db782daf86cdf7ac77133ca94181bb29146
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:56:35 2024 -0500
Revert "bpf: btf: Clean up BTF_INT_BITS() in uapi btf.h"
This reverts commit 0f008594540b09c667ea88fc87cf289b8db334da.
commit 3a5c6b9010426449c08ecdcc10e758431b1e515f
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:56:31 2024 -0500
Revert "bpf: btf: Ensure the member->offset is in the right order"
This reverts commit c5e361ecd6d45a7cdbffda02e4691a7a37198bdd.
commit bd6173c1ac458b08d6cedaf06e6e53c93e6b0cc5
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:56:26 2024 -0500
Revert "bpf: fix bpf_skb_load_bytes_relative pkt length check"
This reverts commit 9ea14969874cd7896588df435c890f6f2f547821.
commit 0b61d26b25a65d9ded4611426c6da9c78e41567c
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:56:22 2024 -0500
Revert "bpf: btf: Fix end boundary calculation for type section"
This reverts commit 08ef221c7fb604cb60c490fa999ec7254d492f05.
commit 72fb2b9bb5b90f60ab71915fe4e57eeee3308163
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:56:18 2024 -0500
Revert "bpf: btf: Fix a missing check bug"
This reverts commit 594687e3e01e26086f3b0173e5eda9b9f0b672f8.
commit 575a34ceba4013ad0230038f29f6ea0b3ba41a7e
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:56:15 2024 -0500
Revert "bpf, btf: fix a missing check bug in btf_parse"
This reverts commit 6bf31bbc438663756e92fb0aad4f5a35fd730fb0.
commit bcca98c0bc5e19b38af3ddcd0feee80ad26e1f96
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:56:11 2024 -0500
Revert "bpf: fix BTF limits"
This reverts commit e351b26ae671dfacd82f27c1c5f66cf8089d930d.
commit f71c484e340041d8828c94b39a233ea587d8cc09
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:56:07 2024 -0500
Revert "bpf/btf: Fix BTF verification of enum members in struct/union"
This reverts commit 861e65b744c171d59850e61a01715f194f25e45c.
commit eca310722a2624d33cd49884aa18c36d435b10f8
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:56:02 2024 -0500
Revert "bpf: btf: fix truncated last_member_type_id in btf_struct_resolve"
This reverts commit d6cd1eac41b10e606ec7f445162a0617c01be973.
commit caae5c99a3ca7bed0e318b31b6aa7ca8260a1c52
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:55:58 2024 -0500
Revert "BACKPORT: net: bpf: rename ndo_xdp to ndo_bpf"
This reverts commit 2a1ddcb6a384745195d57b4e4cdda2a55d2cbe47.
commit f90bdcdaa095a4f10268bb740470a3e0893be21b
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:55:54 2024 -0500
Revert "BACKPORT: bpf: offload: add infrastructure for loading programs for a specific netdev"
This reverts commit a9516d402726094eafccce26a99cf5110d188be9.
commit c6e0ce9019c06d9a45c030a2bc38eed320afd45a
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:55:50 2024 -0500
Revert "bpf: offload: rename the ifindex field"
This reverts commit 36bc9c7351a1dc78b3e71571998af381e876b4cb.
commit 88b6a4d41b69df804b846a8ebdca410517e08343
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:55:46 2024 -0500
Revert "BACKPORT: bpf: Check attach type at prog load time"
This reverts commit fe5a0d514e4970d86983458136d4a2f6caeee365.
commit 9ccfaa66a5ea042331f0aacdb3667e23c8ed363e
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:55:43 2024 -0500
Revert "BACKPORT: bpf: introduce BPF_PROG_QUERY command"
This reverts commit a5720688858170f1054f9549b5a628db1c252a88.
commit adab2743b3fa0853d0351b33b0a286de745025e5
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:55:37 2024 -0500
Revert "BACKPORT: bpf: Hooks for sys_bind"
This reverts commit e484887c7e7aa026521ddc1773233368a6304b24.
commit d462e09db98ad89b3a836f9b9a925812b0d8cfe7
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:55:33 2024 -0500
Revert "BACKPORT: net: Introduce __inet_bind() and __inet6_bind"
This reverts commit 41a3131c3e94c28fd084dd6f4358baee3824fd17.
commit cdf7f55dc65b4bdf7ecfc924be77c6a039709b3d
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:55:29 2024 -0500
Revert "BACKPORT: bpf: Hooks for sys_connect"
This reverts commit f26fe7233e2885ef489707ab5a5a5dda9f081b80.
commit 97685d5058f76ba4ea6dd2db157f4537f3a8953d
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:55:23 2024 -0500
Revert "BACKPORT: bpf: Post-hooks for sys_bind"
This reverts commit 284ac5bc7c70dac338301445e94e1ad40fb40fdb.
commit d03d9c05036d3109eae643f473cc5a5ad0a80721
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:55:19 2024 -0500
Revert "kernel: bpf: devmap: Create __dev_map_alloc_node"
This reverts commit db726149fa9abfd1ca9add3e2db6b1524f7e90a3.
commit 8c34bcb3e4c6630799764871b4af2e5f9344a371
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:55:15 2024 -0500
Revert "BACKPORT: xdp: Add devmap_hash map type for looking up devices by hashed index"
This reverts commit c4d4e1d201d8433e06b2ac66041d7105095a0204.
commit ef277c7b3a08fd59943eb2b47af64afc513de008
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:55:11 2024 -0500
Revert "BACKPORT: devmap: Allow map lookups from eBPF"
This reverts commit 24d196375871c72de0de977de79afede5a7d1780.
commit 4fcd87869c55c28ed59bff916d640147601816d2
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:55:07 2024 -0500
Revert "gen_headers_{arm, arm64}: Add btf.h to the list"
This reverts commit 37edfe7c90bac355885ffec3327b338a34619792.
commit b89560e0b405b58ecc5fc12c15ad4f56147760d6
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:55:03 2024 -0500
Revert "syscall: Fake uname to 4.19 for bpfloader/netd"
This reverts commit 186e74af61269602d0c068d98928b1f25e03eba2.
commit fd49f8c35eb7875d6810a5a52877ebc59bfd4530
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:54:59 2024 -0500
Revert "syscall: Fake uname to 4.19 also for netbpfload"
This reverts commit 34b9a1ab387d7dc83ede613b2c12b3741ea08edb.
commit b853fcf2ff892664d0ff522ca7fd530bc94c023e
Author: John Galt <johngaltfirstrun@gmail.com>
Date: Fri Dec 13 07:54:53 2024 -0500
Revert "syscall: Increase bpf fake uname to 5.4"
This reverts commit 9cdc014e11b410a7f03d8c968a35ee0dd6a28fff.
# Conflicts:
# net/ipv4/af_inet.c
# net/ipv6/af_inet6.c
commit 4a0143fa36d300485650dc447b580151a69a3be2
Author: kondors1995 <normandija1945@gmail.com>
Date: Wed Dec 18 13:48:16 2024 +0200
Revert "syscall: Fake uname to 4.19 for bpfloader/netd"
This reverts commit 417f37c97f.
commit 6f512c5c7341a51d7bbc9cdd93814764cae8868f
Author: kondors1995 <normandija1945@gmail.com>
Date: Wed Dec 18 13:48:16 2024 +0200
Revert "syscall: Fake uname to 4.19 also for netbpfload"
This reverts commit a4c61c3d97.
commit 41f326616251f0122d81e518082ef7faaad4b2e5
Author: kondors1995 <normandija1945@gmail.com>
Date: Wed Dec 18 13:48:15 2024 +0200
Revert "syscall: Increase bpf fake uname to 5.4"
This reverts commit 4a906017d4.
commit a0d3db72a836096cf533516d56c81a43150976ed
Author: kondors1995 <normandija1945@gmail.com>
Date: Wed Dec 18 13:46:12 2024 +0200
Revert "bpf: Hooks for sys_sendmsg"
This reverts commit 735c155332.
commit 246eb3d90b95e0ab5aee8d5a9e9cd639c7beb174
Author: kondors1995 <normandija1945@gmail.com>
Date: Wed Dec 18 13:45:08 2024 +0200
Revert "syscall: Increase fake uname to 6.6.40"
This reverts commit 92494b9920.
commit c56eaa5b7f170f58f2ade14bb71aaad2964b9018
Author: kondors1995 <normandija1945@gmail.com>
Date: Mon Dec 9 21:35:20 2024 +0200
raphael_defconfig: increase sbalance pooling rate to 10s
commit 54d190b8af
Author: Sultan Alsawaf <sultan@kerneltoast.com>
Date: Wed Dec 4 15:53:22 2024 -0800
sbalance: Fix severe misattribution of movable IRQs to the last active CPU
Due to a horrible omission in the big IRQ list traversal, all movable IRQs
are misattributed to the last active CPU in the system since that's what
`bd` is last set to in the loop prior. This horribly breaks SBalance's
notion of balance, producing nonsensical balancing decisions and failing to
balance IRQs even when they are heavily imbalanced.
Fix the massive breakage by adding the missing line of code to set `bd` to
the CPU an IRQ actually belongs to, so that it's added to the correct CPU's
movable IRQs list.
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
commit f2fa2db581
Author: Sultan Alsawaf <sultan@kerneltoast.com>
Date: Wed Dec 4 14:31:52 2024 -0800
sbalance: Don't race with CPU hotplug
When a CPU is hotplugged, cpu_active_mask is modified without any RCU
synchronization. As a result, the only synchronization for cpu_active_mask
provided by the hotplug code is the CPU hotplug lock.
Furthermore, since IRQ balance is majorly disrupted during CPU hotplug due
to mass IRQ migration off a dying CPU, SBalance just shouldn't operate
while a CPU hotplug is in progress.
Take the CPU hotplug lock in balance_irqs() to prevent races and mishaps
during CPU hotplugs.
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
commit a4e81ff60a
Author: Sultan Alsawaf <sultan@kerneltoast.com>
Date: Wed Dec 4 14:16:48 2024 -0800
sbalance: Convert various IRQ counter types to unsigned ints
These counted values are actually unsigned ints, not unsigned longs.
Convert them to unsigned ints since there's no reason for them to be longs.
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
[ Upstream commit a1fd0b9d751f840df23ef0e75b691fc00cfd4743 ]
Change relax_domain_level checks so that it would be possible
to include or exclude all domains from newidle balancing.
This matches the behavior described in the documentation:
-1 no request. use system default or follow request of others.
0 no search.
1 search siblings (hyperthreads in a core).
"2" enables levels 0 and 1, level_max excludes the last (level_max)
level, and level_max+1 includes all levels.
Fixes: 1d3504fcf5 ("sched, cpuset: customize sched domains, core")
Signed-off-by: Vitalii Bursov <vitaly@bursov.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Tested-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Reviewed-by: Vincent Guittot <vincent.guittot@linaro.org>
Reviewed-by: Valentin Schneider <vschneid@redhat.com>
Link: https://lore.kernel.org/r/bd6de28e80073c79466ec6401cdeae78f0d4423d.1714488502.git.vitaly@bursov.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 454de5ed81766fbbf4777c43392d8b0b35e7e16d)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
introduce BPF_PROG_QUERY command to retrieve a set of either
attached programs to given cgroup or a set of effective programs
that will execute for events within a cgroup
Change-Id: I05e0ed5f6eddc30f4a18216d4541448816fd1ae5
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
for cgroup bits
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Cyber Knight <cyberknight755@gmail.com>
Changes in 4.14.328
RDMA/cxgb4: Check skb value for failure to allocate
HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
drm: etvnaviv: fix bad backport leading to warning
ieee802154: ca8210: Fix a potential UAF in ca8210_probe
drm/vmwgfx: fix typo of sizeof argument
ixgbe: fix crash with empty VF macvlan list
nfc: nci: assert requested protocol is valid
workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask()
usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer
net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read
usb: musb: Get the musb_qh poniter after musb_giveback
usb: musb: Modify the "HWVers" register address
iio: pressure: bmp280: Fix NULL pointer exception
iio: pressure: ms5611: ms5611_prom_is_valid false negative bug
mcb: remove is_added flag from mcb_device struct
ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
Input: powermate - fix use-after-free in powermate_config_complete
Input: xpad - add PXN V900 support
cgroup: Remove duplicates in cgroup v1 tasks file
pinctrl: avoid unsafe code pattern in find_pinctrl()
usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call
x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs
usb: hub: Guard against accesses to uninitialized BOS descriptors
Bluetooth: hci_event: Ignore NULL link key
Bluetooth: Reject connection with the device which has same BD_ADDR
Bluetooth: Fix a refcnt underflow problem for hci_conn
Bluetooth: vhci: Fix race when opening vhci device
Bluetooth: hci_event: Fix coding style
Bluetooth: avoid memcmp() out of bounds warning
nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
regmap: fix NULL deref on lookup
KVM: x86: Mask LVTPC when handling a PMI
netfilter: nft_payload: fix wrong mac header matching
xfrm: fix a data-race in xfrm_gen_index()
net: ipv4: fix return value check in esp_remove_trailer
net: ipv6: fix return value check in esp_remove_trailer
net: rfkill: gpio: prevent value glitch during probe
net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
i40e: prevent crash on probe if hw registers have invalid values
ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone
btrfs: initialize start_slot in btrfs_log_prealloc_extents
i2c: mux: Avoid potential false error message in i2c_mux_add_adapter
overlayfs: set ctime when setting mtime and atime
gpio: timberdale: Fix potential deadlock on &tgpio->lock
ata: libata-eh: Fix compilation warning in ata_eh_link_report()
tracing: relax trace_event_eval_update() execution with cond_resched()
HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event
Bluetooth: Avoid redundant authentication
Bluetooth: hci_core: Fix build warnings
wifi: mac80211: allow transmitting EAPOL frames with tainted key
wifi: cfg80211: avoid leaking stack data into trace
sky2: Make sure there is at least one frag_addr available
mmc: core: Capture correct oemid-bits for eMMC cards
Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()"
ACPI: irq: Fix incorrect return value in acpi_register_gsi()
USB: serial: option: add Telit LE910C4-WWX 0x1035 composition
USB: serial: option: add entry for Sierra EM9191 with new firmware
USB: serial: option: add Fibocom to DELL custom modem FM101R-GL
perf: Disallow mis-matched inherited group reads
s390/pci: fix iommu bitmap allocation
gpio: vf610: set value before the direction to avoid a glitch
Bluetooth: hci_sock: fix slab oob read in create_monitor_event
Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
Bluetooth: hci_event: Fix using memcmp when comparing keys
Linux 4.14.328
Change-Id: I0ad6691640e3f75a6016e2004f005414a50dc7b9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 1ca0b605150501b7dc59f3016271da4eb3e96fce upstream.
One PID may appear multiple times in a preloaded pidlist.
(Possibly due to PID recycling but we have reports of the same
task_struct appearing with different PIDs, thus possibly involving
transfer of PID via de_thread().)
Because v1 seq_file iterator uses PIDs as position, it leads to
a message:
> seq_file: buggy .next function kernfs_seq_next did not update position index
Conservative and quick fix consists of removing duplicates from `tasks`
file (as opposed to removing pidlists altogether). It doesn't affect
correctness (it's sufficient to show a PID once), performance impact
would be hidden by unconditional sorting of the pidlist already in place
(asymptotically).
Link: https://lore.kernel.org/r/20230823174804.23632-1-mkoutny@suse.com/
Suggested-by: Firo Yang <firo.yang@suse.com>
Signed-off-by: Michal Koutný <mkoutny@suse.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 4.14.326
ARM: pxa: remove use of symbol_get()
mmc: au1xmmc: force non-modular build and remove symbol_get usage
rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
USB: serial: option: add Quectel EM05G variant (0x030e)
USB: serial: option: add FOXCONN T99W368/T99W373 product
HID: wacom: remove the battery when the EKR is off
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition
serial: sc16is7xx: fix bug when first setting GPIO direction
nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
pinctrl: amd: Don't show `Invalid config param` errors
lib/ubsan: remove returns-nonnull-attribute checks
9p: virtio: make sure 'offs' is initialized in zc_request
ASoC: da7219: Flush pending AAD IRQ when suspending
ethernet: atheros: fix return value check in atl1c_tso_csum()
m68k: Fix invalid .section syntax
s390/dasd: use correct number of retries for ERP requests
fs/nls: make load_nls() take a const parameter
ASoc: codecs: ES8316: Fix DMIC config
security: keys: perform capable check only on privileged operations
net: usb: qmi_wwan: add Quectel EM05GV2
idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM
scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock
netlabel: fix shift wrapping bug in netlbl_catmap_setlong()
bnx2x: fix page fault following EEH recovery
sctp: handle invalid error codes without calling BUG()
cifs: add a warning when the in-flight count goes negative
ALSA: seq: oss: Fix racy open/close of MIDI devices
powerpc/32: Include .branch_lt in data section
powerpc/32s: Fix assembler warning about r0
udf: Check consistency of Space Bitmap Descriptor
udf: Handle error when adding extent to a file
Revert "net: macsec: preserve ingress frame ordering"
reiserfs: Check the return value from __getblk()
fs: Fix error checking for d_hash_and_lookup()
cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit()
regmap: rbtree: Use alloc_flags for memory allocations
spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe()
can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM
wifi: mwifiex: Fix OOB and integer underflow when rx packets
Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe()
net: tcp: fix unexcepted socket die when snd_wnd is 0
crypto: caam - fix unchecked return value error
lwt: Check LWTUNNEL_XMIT_CONTINUE strictly
fs: ocfs2: namei: check return value of ocfs2_add_entry()
wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
wifi: mwifiex: Fix missed return in oob checks failed path
wifi: ath9k: protect WMI command response buffer replacement with a lock
wifi: mwifiex: avoid possible NULL skb pointer dereference
wifi: ath9k: use IS_ERR() with debugfs_create_dir()
net: arcnet: Do not call kfree_skb() under local_irq_disable()
netrom: Deny concurrent connect().
ARM: dts: BCM53573: Add cells sizes to PCIe node
ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split)
ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split)
drm: adv7511: Fix low refresh rate register for ADV7533/5
of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name()
smackfs: Prevent underflow in smk_set_cipso()
audit: fix possible soft lockup in __audit_inode_child()
ALSA: ac97: Fix possible error value of *rac97
drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init()
clk: sunxi-ng: Modify mismatched function name
PCI: Mark NVIDIA T4 GPUs to avoid bus reset
PCI: pciehp: Use RMW accessors for changing LNKCTL
wifi: ath10k: Use RMW accessors for changing LNKCTL
nfs/blocklayout: Use the passed in gfp flags
powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
jfs: validate max amount of blocks before allocation.
fs: lockd: avoid possible wrong NULL parameter
NFSD: da_addr_body field missing in some GETDEVICEINFO replies
drivers: usb: smsusb: fix error handling code in smsusb_init_device
media: dib7000p: Fix potential division by zero
media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()
media: cx24120: Add retval check for cx24120_message_send()
media: mediatek: vcodec: Return NULL if no vdec_fb is found
usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host()
scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param()
scsi: be2iscsi: Add length check when parsing nlattrs
scsi: qla4xxx: Add length check when parsing nlattrs
x86/APM: drop the duplicate APM_MINOR_DEV macro
scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly
scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly
dma-buf/sync_file: Fix docs syntax
media: go7007: Remove redundant if statement
USB: gadget: f_mass_storage: Fix unused variable warning
cgroup:namespace: Remove unused cgroup_namespaces_init()
scsi: core: Use 32-bit hostnum in scsi_host_lookup()
scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock
serial: tegra: handle clk prepare error in tegra_uart_hw_init()
amba: bus: fix refcount leak
Revert "IB/isert: Fix incorrect release of isert connection"
HID: multitouch: Correct devm device reference for hidinput input_dev name
rpmsg: glink: Add check for kstrdup
dmaengine: ste_dma40: Add missing IRQ check in d40_probe
igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
netfilter: xt_u32: validate user space input
netfilter: xt_sctp: validate the flag_info count
igb: set max size RX buffer when store bad packet is enabled
PM / devfreq: Fix leak in devfreq_dev_release()
ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl
ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch()
backlight/gpio_backlight: Compare against struct fb_info.device
backlight/bd6107: Compare against struct fb_info.device
backlight/lv5207lp: Compare against struct fb_info.device
media: dvb: symbol fixup for dvb_attach()
ntb: Drop packets when qp link is down
ntb: Clean up tx tail index on link down
ntb: Fix calculation ntb_transport_tx_free_entry()
Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
procfs: block chmod on /proc/thread-self/comm
parisc: Fix /proc/cpuinfo output for lscpu
dccp: Fix out of bounds access in DCCP error handler
X.509: if signature is unsupported skip validation
net: handle ARPHRD_PPP in dev_is_mac_header_xmit()
pstore/ram: Check start of empty przs during init
crypto: stm32 - fix loop iterating through scatterlist for DMA
scsi: qla2xxx: fix inconsistent TMF timeout
scsi: qla2xxx: Turn off noisy message log
fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
drm/ast: Fix DRAM init on AST2200
parisc: led: Fix LAN receive and transmit LEDs
parisc: led: Reduce CPU overhead for disk & lan LED computation
clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
pwm: lpc32xx: Remove handling of PWM channels
net: read sk->sk_family once in sk_mc_loop()
igb: disable virtualization features on 82580
net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr
af_unix: Fix data-races around user->unix_inflight.
af_unix: Fix data-race around unix_tot_inflight.
af_unix: Fix data-races around sk->sk_shutdown.
af_unix: Fix data race around sk->sk_err.
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
kcm: Destroy mutex in kcm_exit_net()
igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80
igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
ata: sata_gemini: Add missing MODULE_DESCRIPTION
ata: pata_ftide010: Add missing MODULE_DESCRIPTION
net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()
kcm: Fix memory leak in error path of kcm_sendmsg()
ixgbe: fix timestamp configuration code
kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
parisc: Drop loops_per_jiffy from per_cpu struct
autofs: fix memory leak of waitqueues in autofs_catatonic_mode
btrfs: output extra debug info if we failed to find an inline backref
ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer
ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470
hw_breakpoint: fix single-stepping when using bpf_overflow_handler
wifi: ath9k: fix printk specifier
wifi: mwifiex: fix fortify warning
crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
tpm_tis: Resend command to recover from data transfer errors
alx: fix OOB-read compiler warning
drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable()
md: raid1: fix potential OOB in raid1_remove_disk()
ext2: fix datatype of block number in ext2_xattr_set2()
fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()
media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
media: anysee: fix null-ptr-deref in anysee_master_xfer
media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
iio: core: Use min() instead of min_t() to make code more robust
media: tuners: qt1010: replace BUG_ON with a regular error
media: pci: cx23885: replace BUG with error return
usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc
scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
serial: cpm_uart: Avoid suspicious locking
kobject: Add sanity check for kset->kobj.ktype in kset_register()
md/raid1: fix error: ISO C90 forbids mixed declarations
attr: block mode changes of symlinks
btrfs: fix lockdep splat and potential deadlock after failure running delayed items
nfsd: fix change_info in NFSv4 RENAME replies
mtd: rawnand: brcmnand: Fix crash during the panic_write
mtd: rawnand: brcmnand: Fix potential false time out warning
mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller
mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
net/sched: Retire rsvp classifier
Linux 4.14.326
Change-Id: I22815ecf1b4b346f889ccaa561b7cb9a20f204ce
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 82b90b6c5b38e457c7081d50dff11ecbafc1e61a ]
cgroup_namspace_init() just return 0. Therefore, there is no need to
call it during start_kernel. Just remove it.
Fixes: a79a908fd2 ("cgroup: introduce cgroup namespaces")
Signed-off-by: Lu Jialin <lujialin4@huawei.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
e7fd37ba1217 ("cgroup: avoid copying strings longer than the buffers")
converted possibly unsafe strncpy() usages in cgroup to strscpy().
However, although the callsites are completely fine with truncated
copied, because strscpy() is marked __must_check, it led to the
following warnings.
kernel/cgroup/cgroup.c: In function ‘cgroup_file_name’:
kernel/cgroup/cgroup.c:1400:10: warning: ignoring return value of ‘strscpy’, declared with attribute warn_unused_result [-Wunused-result]
strscpy(buf, cft->name, CGROUP_FILE_NAME_MAX);
^
To avoid the warnings, 50034ed49645 ("cgroup: use strlcpy() instead of
strscpy() to avoid spurious warning") switched them to strlcpy().
strlcpy() is worse than strlcpy() because it unconditionally runs
strlen() on the source string, and the only reason we switched to
strlcpy() here was because it was lacking __must_check, which doesn't
reflect any material differences between the two function. It's just
that someone added __must_check to strscpy() and not to strlcpy().
These basic string copy operations are used in variety of ways, and
one of not-so-uncommon use cases is safely handling truncated copies,
where the caller naturally doesn't care about the return value. The
__must_check doesn't match the actual use cases and forces users to
opt for inferior variants which lack __must_check by happenstance or
spread ugly (void) casts.
Remove __must_check from strscpy() and restore strscpy() usages in
cgroup.
Signed-off-by: Tejun Heo <tj@kernel.org>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Chris Metcalf <cmetcalf@ezchip.com>
(cherry picked from commit 08a77676f9c5fc69a681ccd2cd8140e65dcb26c7)
[backport the cgroup portions that weren't applied with the earlier
patch
779128d80c 'string: drop __must_check from
strscpy() and restore strscpy() usages in cgroup']
Bug: 154548692
Signed-off-by: Marco Ballesio <balejs@google.com>
Change-Id: Iaa636d39d15c44be47fc6b6ba202ecb7ff73c5e7
(cherry picked from commit 0b9e380c2246e105f27816258f030bebdabb598c)
Signed-off-by: Panchajanya1999 <panchajanya@azure-dev.live>
As long as cft->name is guaranteed to be NUL-terminated, using strlcpy() would
work just as well and avoid that warning, so the change below could be folded
into that commit.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Tejun Heo <tj@kernel.org>
Change-Id: I8215beea12d94fda6a7834f8be6f8e0891285d0e
(cherry picked from commit 50034ed49645463a16327cad05694e201e6b4126)
Bug: 154548692
Signed-off-by: Marco Ballesio <balejs@google.com>
(cherry picked from commit f6a58f922163cba0a99c1588b094f127982e87af)
Signed-off-by: Panchajanya1999 <panchajanya@azure-dev.live>
e7fd37ba1217 ("cgroup: avoid copying strings longer than the buffers")
converted possibly unsafe strncpy() usages in cgroup to strscpy().
However, although the callsites are completely fine with truncated
copied, because strscpy() is marked __must_check, it led to the
following warnings.
kernel/cgroup/cgroup.c: In function ‘cgroup_file_name’:
kernel/cgroup/cgroup.c:1400:10: warning: ignoring return value of ‘strscpy’, declared with attribute warn_unused_result [-Wunused-result]
strscpy(buf, cft->name, CGROUP_FILE_NAME_MAX);
^
To avoid the warnings, 50034ed49645 ("cgroup: use strlcpy() instead of
strscpy() to avoid spurious warning") switched them to strlcpy().
strlcpy() is worse than strlcpy() because it unconditionally runs
strlen() on the source string, and the only reason we switched to
strlcpy() here was because it was lacking __must_check, which doesn't
reflect any material differences between the two function. It's just
that someone added __must_check to strscpy() and not to strlcpy().
These basic string copy operations are used in variety of ways, and
one of not-so-uncommon use cases is safely handling truncated copies,
where the caller naturally doesn't care about the return value. The
__must_check doesn't match the actual use cases and forces users to
opt for inferior variants which lack __must_check by happenstance or
spread ugly (void) casts.
Remove __must_check from strscpy() and restore strscpy() usages in
cgroup.
Signed-off-by: Tejun Heo <tj@kernel.org>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Chris Metcalf <cmetcalf@ezchip.com>
(cherry picked from commit 08a77676f9c5fc69a681ccd2cd8140e65dcb26c7)
[backport the cgroup portions that weren't applied with the earlier
patch
779128d80c 'string: drop __must_check from
strscpy() and restore strscpy() usages in cgroup']
Bug: 154548692
Signed-off-by: Marco Ballesio <balejs@google.com>
Change-Id: Iaa636d39d15c44be47fc6b6ba202ecb7ff73c5e7
(cherry picked from commit 0b9e380c2246e105f27816258f030bebdabb598c)
Signed-off-by: Panchajanya1999 <panchajanya@azure-dev.live>
As long as cft->name is guaranteed to be NUL-terminated, using strlcpy() would
work just as well and avoid that warning, so the change below could be folded
into that commit.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Tejun Heo <tj@kernel.org>
Change-Id: I8215beea12d94fda6a7834f8be6f8e0891285d0e
(cherry picked from commit 50034ed49645463a16327cad05694e201e6b4126)
Bug: 154548692
Signed-off-by: Marco Ballesio <balejs@google.com>
(cherry picked from commit f6a58f922163cba0a99c1588b094f127982e87af)
Signed-off-by: Panchajanya1999 <panchajanya@azure-dev.live>
Changes in 4.14.320
serial: lantiq: add missing interrupt ack
nilfs2: reject devices with insufficient block count
nilfs2: fix buffer corruption due to concurrent device reads
Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
cgroup: Do not corrupt task iteration when rebinding subsystem
nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
xfrm: Linearize the skb after offloading if needed.
net: qca_spi: Avoid high load if QCA7000 is not available
mmc: mtk-sd: fix deferred probing
mmc: omap: fix deferred probing
mmc: omap_hsmmc: fix deferred probing
mmc: usdhi60rol0: fix deferred probing
be2net: Extend xmit workaround to BE3 chip
netfilter: nf_tables: disallow element updates of bound anonymous sets
scsi: target: iscsi: Prevent login threads from racing between each other
HID: wacom: Add error check to wacom_parse_and_register()
arm64: Add missing Set/Way CMO encodings
nfcsim.c: Fix error checking for debugfs_create_dir
fbdev: imsttfb: Release framebuffer and dealloc cmap on error path
usb: gadget: udc: fix NULL dereference in remove()
s390/cio: unregister device when the only path is gone
drm/exynos: vidi: fix a wrong error return
drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle
Linux 4.14.320
Change-Id: Ie099bcd37431671a217ea32b54bef6d5f29c122d
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 6f363f5aa845561f7ea496d8b1175e3204470486 upstream.
We found a refcount UAF bug as follows:
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 1 PID: 342 at lib/refcount.c:25 refcount_warn_saturate+0xa0/0x148
Workqueue: events cpuset_hotplug_workfn
Call trace:
refcount_warn_saturate+0xa0/0x148
__refcount_add.constprop.0+0x5c/0x80
css_task_iter_advance_css_set+0xd8/0x210
css_task_iter_advance+0xa8/0x120
css_task_iter_next+0x94/0x158
update_tasks_root_domain+0x58/0x98
rebuild_root_domains+0xa0/0x1b0
rebuild_sched_domains_locked+0x144/0x188
cpuset_hotplug_workfn+0x138/0x5a0
process_one_work+0x1e8/0x448
worker_thread+0x228/0x3e0
kthread+0xe0/0xf0
ret_from_fork+0x10/0x20
then a kernel panic will be triggered as below:
Unable to handle kernel paging request at virtual address 00000000c0000010
Call trace:
cgroup_apply_control_disable+0xa4/0x16c
rebind_subsystems+0x224/0x590
cgroup_destroy_root+0x64/0x2e0
css_free_rwork_fn+0x198/0x2a0
process_one_work+0x1d4/0x4bc
worker_thread+0x158/0x410
kthread+0x108/0x13c
ret_from_fork+0x10/0x18
The race that cause this bug can be shown as below:
(hotplug cpu) | (umount cpuset)
mutex_lock(&cpuset_mutex) | mutex_lock(&cgroup_mutex)
cpuset_hotplug_workfn |
rebuild_root_domains | rebind_subsystems
update_tasks_root_domain | spin_lock_irq(&css_set_lock)
css_task_iter_start | list_move_tail(&cset->e_cset_node[ss->id]
while(css_task_iter_next) | &dcgrp->e_csets[ss->id]);
css_task_iter_end | spin_unlock_irq(&css_set_lock)
mutex_unlock(&cpuset_mutex) | mutex_unlock(&cgroup_mutex)
Inside css_task_iter_start/next/end, css_set_lock is hold and then
released, so when iterating task(left side), the css_set may be moved to
another list(right side), then it->cset_head points to the old list head
and it->cset_pos->next points to the head node of new list, which can't
be used as struct css_set.
To fix this issue, switch from all css_sets to only scgrp's css_sets to
patch in-flight iterators to preserve correct iteration, and then
update it->cset_head as well.
Reported-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Link: https://www.spinics.net/lists/cgroups/msg37935.html
Suggested-by: Michal Koutný <mkoutny@suse.com>
Link: https://lore.kernel.org/all/20230526114139.70274-1-xiujianfeng@huaweicloud.com/
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Fixes: 2d8f243a5e ("cgroup: implement cgroup->e_csets[]")
Cc: stable@vger.kernel.org # v3.16+
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
e7fd37ba1217 ("cgroup: avoid copying strings longer than the buffers")
converted possibly unsafe strncpy() usages in cgroup to strscpy().
However, although the callsites are completely fine with truncated
copied, because strscpy() is marked __must_check, it led to the
following warnings.
kernel/cgroup/cgroup.c: In function ‘cgroup_file_name’:
kernel/cgroup/cgroup.c:1400:10: warning: ignoring return value of ‘strscpy’, declared with attribute warn_unused_result [-Wunused-result]
strscpy(buf, cft->name, CGROUP_FILE_NAME_MAX);
^
To avoid the warnings, 50034ed49645 ("cgroup: use strlcpy() instead of
strscpy() to avoid spurious warning") switched them to strlcpy().
strlcpy() is worse than strlcpy() because it unconditionally runs
strlen() on the source string, and the only reason we switched to
strlcpy() here was because it was lacking __must_check, which doesn't
reflect any material differences between the two function. It's just
that someone added __must_check to strscpy() and not to strlcpy().
These basic string copy operations are used in variety of ways, and
one of not-so-uncommon use cases is safely handling truncated copies,
where the caller naturally doesn't care about the return value. The
__must_check doesn't match the actual use cases and forces users to
opt for inferior variants which lack __must_check by happenstance or
spread ugly (void) casts.
Remove __must_check from strscpy() and restore strscpy() usages in
cgroup.
Signed-off-by: Tejun Heo <tj@kernel.org>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Chris Metcalf <cmetcalf@ezchip.com>
(cherry picked from commit 08a77676f9c5fc69a681ccd2cd8140e65dcb26c7)
[backport the cgroup portions that weren't applied with the earlier
patch
779128d80c 'string: drop __must_check from
strscpy() and restore strscpy() usages in cgroup']
Bug: 154548692
Signed-off-by: Marco Ballesio <balejs@google.com>
Change-Id: Iaa636d39d15c44be47fc6b6ba202ecb7ff73c5e7
(cherry picked from commit 0b9e380c2246e105f27816258f030bebdabb598c)
Signed-off-by: Panchajanya1999 <panchajanya@azure-dev.live>
As long as cft->name is guaranteed to be NUL-terminated, using strlcpy() would
work just as well and avoid that warning, so the change below could be folded
into that commit.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Tejun Heo <tj@kernel.org>
Change-Id: I8215beea12d94fda6a7834f8be6f8e0891285d0e
(cherry picked from commit 50034ed49645463a16327cad05694e201e6b4126)
Bug: 154548692
Signed-off-by: Marco Ballesio <balejs@google.com>
(cherry picked from commit f6a58f922163cba0a99c1588b094f127982e87af)
Signed-off-by: Panchajanya1999 <panchajanya@azure-dev.live>
Changes in 4.14.313
pwm: cros-ec: Explicitly set .polarity in .get_state()
wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
icmp: guard against too small mtu
ipv6: Fix an uninit variable access bug in __ip6_make_skb()
gpio: davinci: Add irq chip flag to skip set wake
USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
USB: serial: option: add Telit FE990 compositions
USB: serial: option: add Quectel RM500U-CN modem
iio: dac: cio-dac: Fix max DAC write value check for 12-bit
tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
nilfs2: fix sysfs interface lifetime
perf/core: Fix the same task check in perf_event_set_output
ftrace: Mark get_lock_parent_ip() __always_inline
ring-buffer: Fix race while reader and writer are on the same page
mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
ALSA: emu10k1: fix capture interrupt handler unlinking
ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
ALSA: i2c/cs8427: fix iec958 mixer control deactivation
ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
Bluetooth: Fix race condition in hidp_session_thread
mtdblock: tolerate corrected bit-flips
9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
niu: Fix missing unwind goto in niu_alloc_channels()
qlcnic: check pci_reset_function result
net: macb: fix a memory corruption in extended buffer descriptor mode
i2c: imx-lpi2c: clean rx/tx buffers upon new message
efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
verify_pefile: relax wrapper length check
ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
watchdog: sbsa_wdog: Make sure the timeout programming is within the limits
coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
KVM: arm64: Factor out core register ID enumeration
KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST
arm64: KVM: Fix system register enumeration
Linux 4.14.313
Change-Id: I9dcef9855d47e02e4ccbfcc7dd59e976c6ab9fb1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit ba9182a89626d5f83c2ee4594f55cb9c1e60f0e2 upstream.
After a successful cpuset_can_attach() call which increments the
attach_in_progress flag, either cpuset_cancel_attach() or cpuset_attach()
will be called later. In cpuset_attach(), tasks in cpuset_attach_wq,
if present, will be woken up at the end. That is not the case in
cpuset_cancel_attach(). So missed wakeup is possible if the attach
operation is somehow cancelled. Fix that by doing the wakeup in
cpuset_cancel_attach() as well.
Fixes: e44193d39e ("cpuset: let hotplug propagation work wait for task attaching")
Signed-off-by: Waiman Long <longman@redhat.com>
Reviewed-by: Michal Koutný <mkoutny@suse.com>
Cc: stable@vger.kernel.org # v3.11+
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4a7ba45b1a435e7097ca0f79a847d0949d0eb088 upstream.
memcg_write_event_control() accesses the dentry->d_name of the specified
control fd to route the write call. As a cgroup interface file can't be
renamed, it's safe to access d_name as long as the specified file is a
regular cgroup file. Also, as these cgroup interface files can't be
removed before the directory, it's safe to access the parent too.
Prior to 347c4a8747 ("memcg: remove cgroup_event->cft"), there was a
call to __file_cft() which verified that the specified file is a regular
cgroupfs file before further accesses. The cftype pointer returned from
__file_cft() was no longer necessary and the commit inadvertently dropped
the file type check with it allowing any file to slip through. With the
invarients broken, the d_name and parent accesses can now race against
renames and removals of arbitrary files and cause use-after-free's.
Fix the bug by resurrecting the file type check in __file_cft(). Now that
cgroupfs is implemented through kernfs, checking the file operations needs
to go through a layer of indirection. Instead, let's check the superblock
and dentry type.
Link: https://lkml.kernel.org/r/Y5FRm/cfcKPGzWwl@slm.duckdns.org
Fixes: 347c4a8747 ("memcg: remove cgroup_event->cft")
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Jann Horn <jannh@google.com>
Acked-by: Roman Gushchin <roman.gushchin@linux.dev>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: <stable@vger.kernel.org> [3.14+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:
struct foo {
int stuff;
void *entry[];
};
instance = kmalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);
Instead of leaving these open-coded and prone to type mistakes, we can
now use the new struct_size() helper:
instance = kmalloc(struct_size(instance, entry, count), GFP_KERNEL);
This patch makes the changes for kmalloc()-family (and kvmalloc()-family)
uses. It was done via automatic conversion with manual review for the
"CHECKME" non-standard cases noted below, using the following Coccinelle
script:
// pkey_cache = kmalloc(sizeof *pkey_cache + tprops->pkey_tbl_len *
// sizeof *pkey_cache->table, GFP_KERNEL);
@@
identifier alloc =~ "kmalloc|kzalloc|kvmalloc|kvzalloc";
expression GFP;
identifier VAR, ELEMENT;
expression COUNT;
@@
- alloc(sizeof(*VAR) + COUNT * sizeof(*VAR->ELEMENT), GFP)
+ alloc(struct_size(VAR, ELEMENT, COUNT), GFP)
// mr = kzalloc(sizeof(*mr) + m * sizeof(mr->map[0]), GFP_KERNEL);
@@
identifier alloc =~ "kmalloc|kzalloc|kvmalloc|kvzalloc";
expression GFP;
identifier VAR, ELEMENT;
expression COUNT;
@@
- alloc(sizeof(*VAR) + COUNT * sizeof(VAR->ELEMENT[0]), GFP)
+ alloc(struct_size(VAR, ELEMENT, COUNT), GFP)
// Same pattern, but can't trivially locate the trailing element name,
// or variable name.
@@
identifier alloc =~ "kmalloc|kzalloc|kvmalloc|kvzalloc";
expression GFP;
expression SOMETHING, COUNT, ELEMENT;
@@
- alloc(sizeof(SOMETHING) + COUNT * sizeof(ELEMENT), GFP)
+ alloc(CHECKME_struct_size(&SOMETHING, ELEMENT, COUNT), GFP)
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Adam W. Willis <return.of.octobot@gmail.com>
Signed-off-by: Fiqri Ardyansyah <fiqri15072019@gmail.com>
This is based on:
7725cb5bc1
With the following modifications:
- Completely remove CPUSET_ASSIST dependency
- Fix potential bootloop issues on some devices
- Place the Kconfig entry appropriately
- Improve code styling and readability
In commit:
sched/uclamp: Move all tunables to cpusets,
We directly modified and exported *_{read, write, show} functions
to cpuset code.This makes the resulting code quite inconsistent with
the upstream version.
We now use wrappers to reflect the original function, and to preserve
the code in accordance with upstream/mainline.
This is a purely cosmetic change, and no new behaviour should be
exhibited on applying this commit.
