vic
371 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
kondors1995
|
2d5c481f29 |
bpf: squash revert spoofing and some backports:
Squashed commit of the following: commit 259593385c05a430c4685b611c0e43b4272c22f8 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 08:30:37 2024 -0500 bpf: squash revert spoofing and some backports: Squashed commit of the following: commit 8ac5df9c8bc9575059fff6cea0c40463b96fc129 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:58:17 2024 -0500 Revert "BACKPORT: bpf: add skb_load_bytes_relative helper" This reverts commit 029893dcc5d67af16fdf0723bacaae37ec567f67. commit dbcbceafe848744ec188f74e87e9717916d359ea Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:58:13 2024 -0500 Revert "BACKPORT: bpf: encapsulate verifier log state into a structure" This reverts commit d861145b97d247cbd9fe1400df52155f48639126. commit 478f4dfee0406b54525e68764cc9ba48af1624fc Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:58:10 2024 -0500 Revert "BACKPORT: bpf: Rename bpf_verifer_log" This reverts commit 5d088635de1bf2d6ae9ea94e3dd1c601d30c0cce. commit 7bc7c24beb82168b49337530cb56b5dfeeafe19a Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:58:07 2024 -0500 Revert "BACKPORT: bpf: btf: Introduce BPF Type Format (BTF)" This reverts commit 93d34e26514b4d9d15fd176706f57634b2e97485. commit 7106457ba90a459b6241fdd44df658c1b52c0e4b Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:58:03 2024 -0500 Revert "bpf: Update logging functions to work with BTF" This reverts commit 97e6c528eb2f76c58a3b6a4c1e7fbeafcd97633a. commit 08e68c7ba56f5e78fd1afcd5a2164716a75b0fe3 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:58:00 2024 -0500 Revert "bpf: btf: Validate type reference" This reverts commit c7b7eecbc1134e5d8865af2cc0692fc7156175d5. commit 7763cf0831970a64ed62f9b7362fca02ab6e83f1 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:57:51 2024 -0500 Revert "bpf: btf: Check members of struct/union" This reverts commit 9a77b51cad6f04866ca067ca0e70a89b9f59ed56. commit eb033235f666b5f66995f4cf89702de7ab4721f8 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:57:47 2024 -0500 Revert "bpf: btf: Add pretty print capability for data with BTF type info" This reverts commit 745692103435221d6e39bc177811769995540525. commit c32995674ace91e06c591d2f63177585e81adc75 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:57:43 2024 -0500 Revert "BACKPORT: bpf: btf: Add BPF_BTF_LOAD command" This reverts commit 4e0afd38e20e5aa2df444361309bc07251ca6b2a. commit 1310bc8d4aca0015c8723e7624121eddf76b3244 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:57:38 2024 -0500 Revert "bpf: btf: Add BPF_OBJ_GET_INFO_BY_FD support to BTF fd" This reverts commit d4b5d76d9101b97e6fe5181bcefe7f601ed19926. commit 881a49445608712bdb0a0f0c959838bdbc725f62 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:57:34 2024 -0500 Revert "BACKPORT: bpf: btf: Clean up btf.h in uapi" This reverts commit 26b661822933d41b3feb59bb284334bfbbc82af4. commit e2109fd858ebd5fe392c8bf579b9350fbca35a35 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:57:29 2024 -0500 Revert "bpf: btf: Avoid WARN_ON when CONFIG_REFCOUNT_FULL=y" This reverts commit 9abf878903404e649fef4ad0b189eec1c13d29fe. commit 088a7d9137f03da4e0fc1d72add3901823081ccd Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:57:23 2024 -0500 Revert "bpf: Fix compiler warning on info.map_ids for 32bit platform" This reverts commit a3a278e1f6cf167d538ac52f4ad60bb9cf8d4129. commit 6e14aed6b63f2b266982454d83678445c062cf39 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:57:13 2024 -0500 Revert "bpf: btf: Change how section is supported in btf_header" This reverts commit 4b60ffd683eb623a184b46761777838d7c49e707. commit 151a60855c23bf0317734031481d779efb369d6c Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:57:08 2024 -0500 Revert "bpf: btf: Check array->index_type" This reverts commit b00e10f1a073fadce178b6fb62496722e16db303. commit 49775e9074a54ac5f60f518e6fc5a26172996eae Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:57:01 2024 -0500 Revert "bpf: btf: Remove unused bits from uapi/linux/btf.h" This reverts commit c90c6ad34f7a8f565f351d21c2d5b9706838767d. commit b6d6c6ab28e4b018da6ce9e64125e63f4191d3d9 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:56:58 2024 -0500 Revert "bpf: btf: Avoid variable length array" This reverts commit fe7d1f7750242e77a73839d173ac36c3e39d4171. commit a45bedecb9b1175fef96f2d64fba2d61777dbf35 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:56:49 2024 -0500 Revert "bpf: btf: avoid -Wreturn-type warning" This reverts commit 78214f1e390bf1d69d9ae4ee80072ac85c34619e. commit 445efb8465b9fa5706d81098417f15656265322e Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:56:46 2024 -0500 Revert "bpf: btf: Check array t->size" This reverts commit aed532e7466f77885a362e4b863bf90c41e834ba. commit 8aada590d525de735cf39196d88722e727c141e9 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:56:42 2024 -0500 Revert "bpf: btf: Ensure t->type == 0 for BTF_KIND_FWD" This reverts commit 8c8b601dcc2e62e1276b73dfee8b49e40fb65944. commit ed67ad09e866c9c30897488088bbb4555ea3dc80 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:56:38 2024 -0500 Revert "bpf: btf: Fix bitfield extraction for big endian" This reverts commit b0696a226c52868d64963f01665dd1a640a92f2b. commit 5cc64db782daf86cdf7ac77133ca94181bb29146 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:56:35 2024 -0500 Revert "bpf: btf: Clean up BTF_INT_BITS() in uapi btf.h" This reverts commit 0f008594540b09c667ea88fc87cf289b8db334da. commit 3a5c6b9010426449c08ecdcc10e758431b1e515f Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:56:31 2024 -0500 Revert "bpf: btf: Ensure the member->offset is in the right order" This reverts commit c5e361ecd6d45a7cdbffda02e4691a7a37198bdd. commit bd6173c1ac458b08d6cedaf06e6e53c93e6b0cc5 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:56:26 2024 -0500 Revert "bpf: fix bpf_skb_load_bytes_relative pkt length check" This reverts commit 9ea14969874cd7896588df435c890f6f2f547821. commit 0b61d26b25a65d9ded4611426c6da9c78e41567c Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:56:22 2024 -0500 Revert "bpf: btf: Fix end boundary calculation for type section" This reverts commit 08ef221c7fb604cb60c490fa999ec7254d492f05. commit 72fb2b9bb5b90f60ab71915fe4e57eeee3308163 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:56:18 2024 -0500 Revert "bpf: btf: Fix a missing check bug" This reverts commit 594687e3e01e26086f3b0173e5eda9b9f0b672f8. commit 575a34ceba4013ad0230038f29f6ea0b3ba41a7e Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:56:15 2024 -0500 Revert "bpf, btf: fix a missing check bug in btf_parse" This reverts commit 6bf31bbc438663756e92fb0aad4f5a35fd730fb0. commit bcca98c0bc5e19b38af3ddcd0feee80ad26e1f96 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:56:11 2024 -0500 Revert "bpf: fix BTF limits" This reverts commit e351b26ae671dfacd82f27c1c5f66cf8089d930d. commit f71c484e340041d8828c94b39a233ea587d8cc09 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:56:07 2024 -0500 Revert "bpf/btf: Fix BTF verification of enum members in struct/union" This reverts commit 861e65b744c171d59850e61a01715f194f25e45c. commit eca310722a2624d33cd49884aa18c36d435b10f8 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:56:02 2024 -0500 Revert "bpf: btf: fix truncated last_member_type_id in btf_struct_resolve" This reverts commit d6cd1eac41b10e606ec7f445162a0617c01be973. commit caae5c99a3ca7bed0e318b31b6aa7ca8260a1c52 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:55:58 2024 -0500 Revert "BACKPORT: net: bpf: rename ndo_xdp to ndo_bpf" This reverts commit 2a1ddcb6a384745195d57b4e4cdda2a55d2cbe47. commit f90bdcdaa095a4f10268bb740470a3e0893be21b Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:55:54 2024 -0500 Revert "BACKPORT: bpf: offload: add infrastructure for loading programs for a specific netdev" This reverts commit a9516d402726094eafccce26a99cf5110d188be9. commit c6e0ce9019c06d9a45c030a2bc38eed320afd45a Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:55:50 2024 -0500 Revert "bpf: offload: rename the ifindex field" This reverts commit 36bc9c7351a1dc78b3e71571998af381e876b4cb. commit 88b6a4d41b69df804b846a8ebdca410517e08343 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:55:46 2024 -0500 Revert "BACKPORT: bpf: Check attach type at prog load time" This reverts commit fe5a0d514e4970d86983458136d4a2f6caeee365. commit 9ccfaa66a5ea042331f0aacdb3667e23c8ed363e Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:55:43 2024 -0500 Revert "BACKPORT: bpf: introduce BPF_PROG_QUERY command" This reverts commit a5720688858170f1054f9549b5a628db1c252a88. commit adab2743b3fa0853d0351b33b0a286de745025e5 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:55:37 2024 -0500 Revert "BACKPORT: bpf: Hooks for sys_bind" This reverts commit e484887c7e7aa026521ddc1773233368a6304b24. commit d462e09db98ad89b3a836f9b9a925812b0d8cfe7 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:55:33 2024 -0500 Revert "BACKPORT: net: Introduce __inet_bind() and __inet6_bind" This reverts commit 41a3131c3e94c28fd084dd6f4358baee3824fd17. commit cdf7f55dc65b4bdf7ecfc924be77c6a039709b3d Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:55:29 2024 -0500 Revert "BACKPORT: bpf: Hooks for sys_connect" This reverts commit f26fe7233e2885ef489707ab5a5a5dda9f081b80. commit 97685d5058f76ba4ea6dd2db157f4537f3a8953d Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:55:23 2024 -0500 Revert "BACKPORT: bpf: Post-hooks for sys_bind" This reverts commit 284ac5bc7c70dac338301445e94e1ad40fb40fdb. commit d03d9c05036d3109eae643f473cc5a5ad0a80721 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:55:19 2024 -0500 Revert "kernel: bpf: devmap: Create __dev_map_alloc_node" This reverts commit db726149fa9abfd1ca9add3e2db6b1524f7e90a3. commit 8c34bcb3e4c6630799764871b4af2e5f9344a371 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:55:15 2024 -0500 Revert "BACKPORT: xdp: Add devmap_hash map type for looking up devices by hashed index" This reverts commit c4d4e1d201d8433e06b2ac66041d7105095a0204. commit ef277c7b3a08fd59943eb2b47af64afc513de008 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:55:11 2024 -0500 Revert "BACKPORT: devmap: Allow map lookups from eBPF" This reverts commit 24d196375871c72de0de977de79afede5a7d1780. commit 4fcd87869c55c28ed59bff916d640147601816d2 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:55:07 2024 -0500 Revert "gen_headers_{arm, arm64}: Add btf.h to the list" This reverts commit 37edfe7c90bac355885ffec3327b338a34619792. commit b89560e0b405b58ecc5fc12c15ad4f56147760d6 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:55:03 2024 -0500 Revert "syscall: Fake uname to 4.19 for bpfloader/netd" This reverts commit 186e74af61269602d0c068d98928b1f25e03eba2. commit fd49f8c35eb7875d6810a5a52877ebc59bfd4530 Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:54:59 2024 -0500 Revert "syscall: Fake uname to 4.19 also for netbpfload" This reverts commit 34b9a1ab387d7dc83ede613b2c12b3741ea08edb. commit b853fcf2ff892664d0ff522ca7fd530bc94c023e Author: John Galt <johngaltfirstrun@gmail.com> Date: Fri Dec 13 07:54:53 2024 -0500 Revert "syscall: Increase bpf fake uname to 5.4" This reverts commit 9cdc014e11b410a7f03d8c968a35ee0dd6a28fff. # Conflicts: # net/ipv4/af_inet.c # net/ipv6/af_inet6.c commit 4a0143fa36d300485650dc447b580151a69a3be2 Author: kondors1995 <normandija1945@gmail.com> Date: Wed Dec 18 13:48:16 2024 +0200 Revert "syscall: Fake uname to 4.19 for bpfloader/netd" This reverts commit |
||
|
Tim Zimmermann
|
92494b9920 |
syscall: Increase fake uname to 6.6.40
Change-Id: I77a8c5cd0e74eff97ae9b6b7e37812e2972cb3c8 |
||
|
Tim Zimmermann
|
31f7a8793a |
syscall: Only fake uname on very first call of netbpfload
* The bpf programs actually still support older kernels, we just need to bypass the very first check for kernel version Change-Id: I4264782ee63efb26b95abd94774938d5456200a3 |
||
|
Sultan Alsawaf
|
3a21b1231c |
kernel/sys.c: Strip localversion from uname for GMS processes
Play Integrity now hashes the kernel's localversion and compares it to a blacklist of localversion hashes for the purpose of failing Play Integrity attestation. Among the banned localversion hashes are "-Sultan" and "-sultan". Since this is biased and doesn't improve security for end users in any way, strip the localversion from uname for processes which are part of GMS's thread group so that Play Integrity doesn't fail due to this. Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com> |
||
|
Sasha Levin
|
acf20ff78b |
kbuild: simplify access to the kernel's version
Instead of storing the version in a single integer and having various kernel (and userspace) code how it's constructed, export individual (major, patchlevel, sublevel) components and simplify kernel code that uses it. This should also make it easier on userspace. Signed-off-by: Sasha Levin <sashal@kernel.org> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> |
||
|
kondors1995
|
bcaa6a3480 | Merge remote-tracking branch 'openela/linux-4.14.y' into 14.0 | ||
|
Oleg Nesterov
|
8d11949c47 |
getrusage: use sig->stats_lock rather than lock_task_sighand()
[ Upstream commit f7ec1cd5cc7ef3ad964b677ba82b8b77f1c93009 ] lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call getrusage() at the same time and the process has NR_THREADS, spin_lock_irq will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change getrusage() to use sig->stats_lock, it was specifically designed for this type of use. This way it runs lockless in the likely case. TODO: - Change do_task_stat() to use sig->stats_lock too, then we can remove spin_lock_irq(siglock) in wait_task_zombie(). - Turn sig->stats_lock into seqcount_rwlock_t, this way the readers in the slow mode won't exclude each other. See https://lore.kernel.org/all/20230913154907.GA26210@redhat.com/ - stats_lock has to disable irqs because ->siglock can be taken in irq context, it would be very nice to change __exit_signal() to avoid the siglock->stats_lock dependency. Link: https://lkml.kernel.org/r/20240122155053.GA26214@redhat.com Signed-off-by: Oleg Nesterov <oleg@redhat.com> Reported-by: Dylan Hatch <dylanbhatch@google.com> Tested-by: Dylan Hatch <dylanbhatch@google.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit c96f49d3a741f6693feecdb067c442b609903d03) Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> |
||
|
Oleg Nesterov
|
82f1e0dc48 |
getrusage: use __for_each_thread()
[ Upstream commit 13b7bc60b5353371460a203df6c38ccd38ad7a3a ] do/while_each_thread should be avoided when possible. Plus this change allows to avoid lock_task_sighand(), we can use rcu and/or sig->stats_lock instead. Link: https://lkml.kernel.org/r/20230909172629.GA20454@redhat.com Signed-off-by: Oleg Nesterov <oleg@redhat.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Stable-dep-of: f7ec1cd5cc7e ("getrusage: use sig->stats_lock rather than lock_task_sighand()") Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit e24772adaaf4b81ac0855cceb17080352526f765) Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> |
||
|
Oleg Nesterov
|
c048d8254a |
getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()
[ Upstream commit daa694e4137571b4ebec330f9a9b4d54aa8b8089 ] Patch series "getrusage: use sig->stats_lock", v2. This patch (of 2): thread_group_cputime() does its own locking, we can safely shift thread_group_cputime_adjusted() which does another for_each_thread loop outside of ->siglock protected section. This is also preparation for the next patch which changes getrusage() to use stats_lock instead of siglock, thread_group_cputime() takes the same lock. With the current implementation recursive read_seqbegin_or_lock() is fine, thread_group_cputime() can't enter the slow mode if the caller holds stats_lock, yet this looks more safe and better performance-wise. Link: https://lkml.kernel.org/r/20240122155023.GA26169@redhat.com Link: https://lkml.kernel.org/r/20240122155050.GA26205@redhat.com Signed-off-by: Oleg Nesterov <oleg@redhat.com> Reported-by: Dylan Hatch <dylanbhatch@google.com> Tested-by: Dylan Hatch <dylanbhatch@google.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 33ec341e3e9588962ff3cf49f642da140d3ecfc0) [Harshit: conflicts resolved due to missing commit: d5e38d6b84d6 ("y2038: rusage: use __kernel_old_timeval") in 4.14.y, also I used ns_to_timeval() instead of ns_to_kernel_old_timeval()] Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> |
||
|
Oleg Nesterov
|
f2348ee837 |
getrusage: add the "signal_struct *sig" local variable
[ Upstream commit c7ac8231ace9b07306d0299969e42073b189c70a ] No functional changes, cleanup/preparation. Link: https://lkml.kernel.org/r/20230909172554.GA20441@redhat.com Signed-off-by: Oleg Nesterov <oleg@redhat.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Stable-dep-of: daa694e41375 ("getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()") Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit e904c9a4834888cb2b37607d9571f49964f4603f) Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> |
||
|
Tim Zimmermann
|
4a906017d4 |
syscall: Increase bpf fake uname to 5.4
Change-Id: I50bfa0d35d81f1c8cc21530ea0524a6752d0d34c Signed-off-by: Cyber Knight <cyberknight755@gmail.com> |
||
|
Tim Zimmermann
|
a4c61c3d97 |
syscall: Fake uname to 4.19 also for netbpfload
* This is required for U QPR2 Change-Id: I0321c64f77fccf74ff2472c3abd29e8b6b4be1ce Signed-off-by: Cyber Knight <cyberknight755@gmail.com> |
||
|
Tim Zimmermann
|
417f37c97f |
syscall: Fake uname to 4.19 for bpfloader/netd
* Google is attempting to kill 4.14 in
|
||
|
pwnrazr
|
f43ffedb30 | Merge remote-tracking branch 'android-stable/android-4.14-stable' | ||
|
Greg Kroah-Hartman
|
291a0395bb |
prlimit: do_prlimit needs to have a speculation check
commit 739790605705ddcf18f21782b9c99ad7d53a8c11 upstream. do_prlimit() adds the user-controlled resource value to a pointer that will subsequently be dereferenced. In order to help prevent this codepath from being used as a spectre "gadget" a barrier needs to be added after checking the range. Reported-by: Jordy Zomer <jordyzomer@google.com> Tested-by: Jordy Zomer <jordyzomer@google.com> Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
kondors1995
|
45d8f1201e | Merge branch 'android11-base' of github.com:UtsavBalar1231/kernel_xiaomi_raphael into 11.0 | ||
|
UtsavBalar1231
|
8dcc1922ac |
Merge remote-tracking branch 'aosp/android-4.14-stable' into android11-base
* aosp/android-4.14-stable: Linux 4.14.248 drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() pwm: rockchip: Don't modify HW state in .remove() callback nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group nilfs2: fix NULL pointer in nilfs_##name##_attr_release nilfs2: fix memory leak in nilfs_sysfs_create_device_group ceph: lockdep annotations for try_nonblocking_invalidate dmaengine: xilinx_dma: Set DMA mask for coherent APIs dmaengine: ioat: depends on !UML parisc: Move pci_dev_is_behind_card_dino to where it is used Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered profiling: fix shift-out-of-bounds bugs prctl: allow to setup brk for et_dyn executables 9p/trans_virtio: Remove sysfs file on probe failure thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() dmaengine: acpi: Avoid comparison GSI with Linux vIRQ sctp: add param size validation for SCTP_PARAM_SET_PRIMARY sctp: validate chunk size in __rcv_asconf_lookup crypto: talitos - fix max key size for sha384 and sha512 apparmor: remove duplicate macro list_entry_is_head() rcu: Fix missed wakeup of exp_wq waiters s390/bpf: Fix optimizing out zero-extensions Linux 4.14.247 s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant net: renesas: sh_eth: Fix freeing wrong tx descriptor qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom netfilter: socket: icmp6: fix use-after-scope net: dsa: b53: Fix calculating number of switch ports ARC: export clear_user_page() for modules mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n ethtool: Fix an error code in cxgb2.c net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 PCI: Add ACS quirks for Cavium multi-function devices mfd: Don't use irq_create_mapping() to resolve a mapping dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() net/af_unix: fix a data-race in unix_dgram_poll events: Reuse value read using READ_ONCE instead of re-reading it tipc: increase timeout in tipc_sk_enqueue() r6040: Restore MDIO clock frequency after MAC reset net/l2tp: Fix reference count leak in l2tp_udp_recv_core dccp: don't duplicate ccid when cloning dccp sock ptp: dp83640: don't define PAGE0 net-caif: avoid user-triggerable WARN_ON(1) x86/mm: Fix kern_addr_valid() to cope with existing but not present entries PM: base: power: don't try to use non-existing RTC for storing data bnx2x: Fix enabling network interfaces without VFs xen: reset legacy rtc flag for PV domU platform/chrome: cros_ec_proto: Send command again when timeout occurs memcg: enable accounting for pids in nested pid namespaces mm/hugetlb: initialize hugetlb_usage in mm_init cpufreq: powernv: Fix init_chip_info initialization in numa=off scsi: qla2xxx: Sync queue idx with queue_pair_map idx scsi: BusLogic: Fix missing pr_cont() use parisc: fix crash with signals and alloca net: w5100: check return value after calling platform_get_resource() net: fix NULL pointer reference in cipso_v4_doi_free ath9k: fix sleeping in atomic context ath9k: fix OOB read ar9300_eeprom_restore_internal parport: remove non-zero check on count ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B ASoC: rockchip: i2s: Fix regmap_ops hang usbip:vhci_hcd USB port can get stuck in the disabled state usbip: give back URBs for unsent unlink requests during cleanup usb: musb: musb_dsps: request_irq() after initializing musb Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" cifs: fix wrong release in sess_alloc_buffer() failed path selftests/bpf: Enlarge select() timeout for test_maps mmc: rtsx_pci: Fix long reads when clock is prescaled mmc: sdhci-of-arasan: Check return value of non-void funtions gfs2: Don't call dlm after protocol is unmounted staging: rts5208: Fix get_ms_information() heap buffer size rpc: fix gss_svc_init cleanup on failure ARM: tegra: tamonten: Fix UART pad setting gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() Bluetooth: avoid circular locks in sco_sock_connect net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() arm64: dts: qcom: sdm660: use reg value for memory node media: v4l2-dv-timings.c: fix wrong condition in two for-loops ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output Bluetooth: skip invalid hci_sync_conn_complete_evt ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() staging: ks7010: Fix the initialization of the 'sleep_status' structure serial: 8250_pci: make setup_port() parameters explicitly unsigned hvsi: don't panic on tty_register_driver failure xtensa: ISS: don't panic in rs_init serial: 8250: Define RX trigger levels for OxSemi 950 devices s390/jump_label: print real address in a case of a jump label bug flow_dissector: Fix out-of-bounds warnings ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() video: fbdev: riva: Error out if 'pixclock' equals zero video: fbdev: kyro: Error out if 'pixclock' equals zero video: fbdev: asiliantfb: Error out if 'pixclock' equals zero bpf/tests: Do not PASS tests without actually testing the result bpf/tests: Fix copy-and-paste error in double word test tty: serial: jsm: hold port lock when reporting modem line changes staging: board: Fix uninitialized spinlock when attaching genpd usb: gadget: composite: Allow bMaxPower=0 if self-powered usb: gadget: u_ether: fix a potential null pointer dereference usb: host: fotg210: fix the actual_length of an iso packet usb: host: fotg210: fix the endpoint's transactional opportunities calculation Smack: Fix wrong semantics in smk_access_entry() netlink: Deal with ESRCH error in nlmsg_notify() video: fbdev: kyro: fix a DoS bug by restricting user input ARM: dts: qcom: apq8064: correct clock names iio: dac: ad5624r: Fix incorrect handling of an optional regulator. PCI: Use pci_update_current_state() in pci_enable_device_flags() crypto: mxs-dcp - Use sg_mapping_iter to copy data media: dib8000: rewrite the init prbs logic MIPS: Malta: fix alignment of the devicetree buffer scsi: qedi: Fix error codes in qedi_alloc_global_queues() pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() openrisc: don't printk() unconditionally vfio: Use config not menuconfig for VFIO_NOIOMMU pinctrl: samsung: Fix pinctrl bank pin count docs: Fix infiniband uverbs minor number RDMA/iwcm: Release resources if iw_cm module initialization fails HID: input: do not report stylus battery state as "full" PCI: aardvark: Fix masking and unmasking legacy INTx interrupts PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response PCI: xilinx-nwl: Enable the clock through CCF PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported ARM: 9105/1: atags_to_fdt: don't warn about stack size libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs media: rc-loopback: return number of emitters rather than error media: uvc: don't do DMA on stack VMCI: fix NULL pointer dereference when unmapping queue pair dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() power: supply: max17042: handle fails of reading status register block: bfq: fix bfq_set_next_ioprio_data() crypto: public_key: fix overflow during implicit conversion soc: aspeed: lpc-ctrl: Fix boundary check for mmap 9p/xen: Fix end of loop tests for list_for_each_entry include/linux/list.h: add a macro to test if entry is pointing to the head xen: fix setting of max_pfn in shared_info powerpc/perf/hv-gpci: Fix counter value parsing PCI/MSI: Skip masking MSI-X on Xen PV blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN blk-zoned: allow zone management send operations without CAP_SYS_ADMIN rtc: tps65910: Correct driver module alias fbmem: don't allow too huge resolutions clk: kirkwood: Fix a clocking boot regression backlight: pwm_bl: Improve bootloader/kernel device handover IMA: remove -Wmissing-prototypes warning KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted x86/resctrl: Fix a maybe-uninitialized build warning treated as error tty: Fix data race between tiocsti() and flush_to_ldisc() netns: protect netns ID lookups with RCU net: qualcomm: fix QCA7000 checksum handling net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed ipv4: make exception cache less predictible bcma: Fix memory leak for internally-handled cores ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() tty: serial: fsl_lpuart: fix the wrong mapbase value usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available usb: ehci-orion: Handle errors of clk_prepare_enable() in probe i2c: mt65xx: fix IRQ check CIFS: Fix a potencially linear read overflow mmc: moxart: Fix issue with uninitialized dma_slave_config mmc: dw_mmc: Fix issue with uninitialized dma_slave_config i2c: s3c2410: fix IRQ check i2c: iop3xx: fix deferred probing Bluetooth: add timeout sanity check to hci_inquiry usb: gadget: mv_u3d: request_irq() after initializing UDC mac80211: Fix insufficient headroom issue for AMSDU usb: phy: tahvo: add IRQ check usb: host: ohci-tmio: add IRQ check Bluetooth: Move shutdown callback before flushing tx and rx queue usb: phy: twl6030: add IRQ checks usb: phy: fsl-usb: add IRQ check usb: gadget: udc: at91: add IRQ check drm/msm/dsi: Fix some reference counted resource leaks Bluetooth: fix repeated calls to sco_sock_kill arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7 Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow soc: qcom: smsm: Fix missed interrupts if state changes while masked PCI: PM: Enable PME if it can be signaled from D3cold PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently media: em28xx-input: fix refcount bug in em28xx_usb_disconnect i2c: highlander: add IRQ check net: cipso: fix warnings in netlbl_cipsov4_add_std tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos Bluetooth: sco: prevent information leak in sco_conn_defer_accept() media: go7007: remove redundant initialization media: dvb-usb: fix uninit-value in vp702x_read_mac_addr media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init soc: rockchip: ROCKCHIP_GRF should not default to y, unconditionally certs: Trigger creation of RSA module signing key if it's not an RSA key crypto: qat - use proper type for vf_mask clocksource/drivers/sh_cmt: Fix wrong setting if don't request IRQ for clock source channel spi: spi-pic32: Fix issue with uninitialized dma_slave_config spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config m68k: emu: Fix invalid free in nfeth_cleanup() udf_get_extendedattr() had no boundary checks. crypto: qat - do not export adf_iov_putmsg() crypto: qat - fix naming for init/shutdown VF to PF notifications crypto: qat - fix reuse of completion variable crypto: qat - handle both source of interrupt in VF ISR crypto: qat - do not ignore errors from enable_vf2pf_comms() libata: fix ata_host_start() s390/cio: add dev_busid sysfs entry for each subchannel power: supply: max17042_battery: fix typo in MAx17042_TOFF nvme-rdma: don't update queue count when failing to set io queues isofs: joliet: Fix iocharset=utf8 mount option udf: Check LVID earlier crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors crypto: mxs-dcp - Check for DMA mapping errors regmap: fix the offset of register error log PCI: Call Max Payload Size-related fixup quirks early x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions usb: host: xhci-rcar: Don't reload firmware after the completion Revert "btrfs: compression: don't try to compress if we don't have enough pages" mm/page_alloc: speed up the iteration of max_order net: ll_temac: Remove left-over debug message powerpc/boot: Delete unneeded .globl _zimage_start powerpc/module64: Fix comment in R_PPC64_ENTRY handling crypto: talitos - reduce max key size for SEC1 mm/kmemleak.c: make cond_resched() rate-limiting more efficient s390/disassembler: correct disassembly lines alignment ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) ath10k: fix recent bandwidth conversion bug f2fs: fix potential overflow USB: serial: mos7720: improve OOM-handling in read_mos_reg() igmp: Add ip_mc_list lock in ip_check_mc_rcu media: stkwebcam: fix memory leak in stk_camera_probe clk: fix build warning for orphan_list ALSA: pcm: fix divide error in snd_pcm_lib_ioctl ARM: 8918/2: only build return_address() if needed cryptoloop: add a deprecation warning perf/x86/amd/ibs: Work around erratum #1197 perf/x86/intel/pt: Fix mask of num_address_ranges qede: Fix memset corruption net: macb: Add a NULL check on desc_ptp qed: Fix the VF msix vectors flow xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG ext4: fix race writing to an inline_data file while its xattrs are changing Change-Id: I7165243ad48c1c66c9026321358efa3c019d9ecd Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> Conflicts: drivers/clk/clk.c |
||
|
Greg Kroah-Hartman
|
1a9762f5e7 |
Merge 4.14.248 into android-4.14-stable
Changes in 4.14.248 s390/bpf: Fix optimizing out zero-extensions rcu: Fix missed wakeup of exp_wq waiters apparmor: remove duplicate macro list_entry_is_head() crypto: talitos - fix max key size for sha384 and sha512 sctp: validate chunk size in __rcv_asconf_lookup sctp: add param size validation for SCTP_PARAM_SET_PRIMARY dmaengine: acpi: Avoid comparison GSI with Linux vIRQ thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() 9p/trans_virtio: Remove sysfs file on probe failure prctl: allow to setup brk for et_dyn executables profiling: fix shift-out-of-bounds bugs pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH parisc: Move pci_dev_is_behind_card_dino to where it is used dmaengine: ioat: depends on !UML dmaengine: xilinx_dma: Set DMA mask for coherent APIs ceph: lockdep annotations for try_nonblocking_invalidate nilfs2: fix memory leak in nilfs_sysfs_create_device_group nilfs2: fix NULL pointer in nilfs_##name##_attr_release nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group pwm: rockchip: Don't modify HW state in .remove() callback blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV Linux 4.14.248 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I8aca967b6e6877f9760b0609491b408d8bcdfdea |
||
|
Cyrill Gorcunov
|
5f83a3a14b |
prctl: allow to setup brk for et_dyn executables
commit e1fbbd073137a9d63279f6bf363151a938347640 upstream. Keno Fischer reported that when a binray loaded via ld-linux-x the prctl(PR_SET_MM_MAP) doesn't allow to setup brk value because it lays before mm:end_data. For example a test program shows | # ~/t | | start_code 401000 | end_code 401a15 | start_stack 7ffce4577dd0 | start_data 403e10 | end_data 40408c | start_brk b5b000 | sbrk(0) b5b000 and when executed via ld-linux | # /lib64/ld-linux-x86-64.so.2 ~/t | | start_code 7fc25b0a4000 | end_code 7fc25b0c4524 | start_stack 7fffcc6b2400 | start_data 7fc25b0ce4c0 | end_data 7fc25b0cff98 | start_brk 55555710c000 | sbrk(0) 55555710c000 This of course prevent criu from restoring such programs. Looking into how kernel operates with brk/start_brk inside brk() syscall I don't see any problem if we allow to setup brk/start_brk without checking for end_data. Even if someone pass some weird address here on a purpose then the worst possible result will be an unexpected unmapping of existing vma (own vma, since prctl works with the callers memory) but test for RLIMIT_DATA is still valid and a user won't be able to gain more memory in case of expanding VMAs via new values shipped with prctl call. Link: https://lkml.kernel.org/r/20210121221207.GB2174@grain Fixes: bbdc6076d2e5 ("binfmt_elf: move brk out of mmap when doing direct loader exec") Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> Reported-by: Keno Fischer <keno@juliacomputing.com> Acked-by: Andrey Vagin <avagin@gmail.com> Tested-by: Andrey Vagin <avagin@gmail.com> Cc: Dmitry Safonov <0x7f454c46@gmail.com> Cc: Kirill Tkhai <ktkhai@virtuozzo.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Cc: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Danny Lin
|
7376898eb2 |
f2fs: Add support for reporting a fake kernel version to fsck
fsck.f2fs forces a filesystem fix on boot if it detects that the current kernel version differs from the one saved in the superblock, which results in fsck blocking boot for a long time (~35 seconds). This commit provides a way to report a constant fake kernel version to fsck to avoid triggering the version check, which is useful if you boot new kernel builds frequently. Signed-off-by: Danny Lin <danny@kdrag0n.dev> |
||
|
Srinivasarao P
|
b9641f1aea |
Merge android-4.14-stable.200 (c1013a4) into msm-4.14
* refs/heads/tmp-c1013a4: Linux 4.14.200 ata: sata_mv, avoid trigerrable BUG_ON ata: make qc_prep return ata_completion_errors ata: define AC_ERR_OK lib/string.c: implement stpcpy mm, THP, swap: fix allocating cluster for swapfile by mistake kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() s390/dasd: Fix zero write for FBA devices MIPS: Add the missing 'CPU_1074K' into __get_cpu_type() ALSA: asihpi: fix iounmap in error handler batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh batman-adv: Add missing include for in_interrupt() net: qed: RDMA personality shouldn't fail VF load drm/vc4/vc4_hdmi: fill ASoC card owner mac802154: tx: fix use-after-free batman-adv: mcast/TT: fix wrongly dropped or rerouted packets atm: eni: fix the missed pci_disable_device() for eni_init_one() batman-adv: bla: fix type misuse for backbone_gw hash indexing mwifiex: Increase AES key storage size to 256 bits clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() ieee802154/adf7242: check status of adf7242_read_reg ieee802154: fix one possible memleak in ca8210_dev_com_init objtool: Fix noreturn detection for ignored functions i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() s390/init: add missing __init annotations btrfs: qgroup: fix data leak caused by race between writeback and truncate vfio/pci: fix racy on error and request eventfd ctx selftests/x86/syscall_nt: Clear weird flags after each test scsi: libfc: Skip additional kref updating work event scsi: libfc: Handling of extra kref cifs: Fix double add page to memcg when cifs_readpages vfio/pci: Clear error and request eventfd ctx after releasing x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline mtd: parser: cmdline: Support MTD names containing one or more colons rapidio: avoid data race between file operation callbacks and mport_cdev_add(). mm/swap_state: fix a data race in swapin_nr_pages ceph: fix potential race in ceph_check_caps mtd: rawnand: omap_elm: Fix runtime PM imbalance on error perf kcore_copy: Fix module map when there are no modules loaded perf util: Fix memory leak of prefix_if_not_in vfio/pci: fix memory leaks of eventfd ctx btrfs: don't force read-only after error in drop snapshot usb: dwc3: Increase timeout for CmdAct cleared by device controller printk: handle blank console arguments passed in. drm/nouveau/debugfs: fix runtime pm imbalance on error e1000: Do not perform reset in reset_task if we are already down arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int fuse: don't check refcount after stealing page powerpc/traps: Make unrecoverable NMIs die instead of panic ALSA: hda: Fix potential race in unsol event handler tty: serial: samsung: Correct clock selection logic USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() Bluetooth: Handle Inquiry Cancel error after Inquiry Complete phy: samsung: s5pv210-usb2: Add delay after reset power: supply: max17040: Correct voltage reading atm: fix a memory leak of vcc->user_back dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion arm64: cpufeature: Relax checks for AArch32 support at EL[0-2] sparc64: vcc: Fix error return code in vcc_probe() staging:r8188eu: avoid skb_clone for amsdu to msdu conversion drivers: char: tlclk.c: Avoid data race between init and interrupt handler bdev: Reduce time holding bd_mutex in sync in blkdev_close() KVM: Remove CREATE_IRQCHIP/SET_PIT2 race serial: uartps: Wait for tx_empty in console setup scsi: qedi: Fix termination timeouts in session logout mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area mm/vmscan.c: fix data races using kswapd_classzone_idx mm/filemap.c: clear page error before actual read mm/kmemleak.c: use address-of operator on section symbols NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests() ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len svcrdma: Fix leak of transport addresses SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices tools: gpio-hammer: Avoid potential overflow in main cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn perf cpumap: Fix snprintf overflow check serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout serial: 8250_omap: Fix sleeping function called from invalid context during probe serial: 8250_port: Don't service RX FIFO if throttled tracing: Use address-of operator on section symbols rtc: ds1374: fix possible race condition tpm: ibmvtpm: Wait for buffer to be set before proceeding xfs: don't ever return a stale pointer from __xfs_dir3_free_read media: tda10071: fix unsigned sign extension overflow Bluetooth: L2CAP: handle l2cap config request during open state scsi: aacraid: Disabling TM path and only processing IOP reset ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read drm/amdgpu: increase atombios cmd timeout mm: avoid data corruption on CoW fault into PFN-mapped VMA ext4: fix a data race at inode->i_disksize timekeeping: Prevent 32bit truncation in scale64_check_overflow() Bluetooth: guard against controllers sending zero'd events media: go7007: Fix URB type for interrupt handling dmaengine: tegra-apb: Prevent race conditions on channel's freeing bpf: Remove recursion prevention from rcu free callback x86/pkeys: Add check for pkey "overflow" media: staging/imx: Missing assignment in imx_media_capture_device_register() KVM: x86: fix incorrect comparison in trace event RDMA/rxe: Fix configuration of atomic queue pair attributes perf test: Fix test trace+probe_vfs_getname.sh on s390 drm/omap: fix possible object reference leak scsi: lpfc: Fix coverity errors in fmdi attribute handling scsi: lpfc: Fix RQ buffer leakage when no IOCBs available selinux: sel_avc_get_stat_idx should increase position index audit: CONFIG_CHANGE don't log internal bookkeeping as an event skbuff: fix a data race in skb_queue_len() ALSA: hda: Clear RIRB status before reading WP KVM: fix overflow of zero page refcount with ksm running Bluetooth: prefetch channel before killing sock mm: pagewalk: fix termination condition in walk_pte_range() Bluetooth: Fix refcount use-after-free issue tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility selftests/ftrace: fix glob selftest ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter tracing: Set kernel_stack's caller size properly powerpc/eeh: Only dump stack once if an MMIO loop is detected dmaengine: zynqmp_dma: fix burst length configuration ACPI: EC: Reference count query handlers under lock media: ti-vpe: cal: Restrict DMA to avoid memory corruption seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier rt_cpu_seq_next should increase position index neigh_stat_seq_next() should increase position index kernel/sys.c: avoid copying possible padding bytes in copy_to_user CIFS: Properly process SMB3 lease breaks debugfs: Fix !DEBUG_FS debugfs_create_automount gfs2: clean up iopen glock mess in gfs2_create_inode mmc: core: Fix size overflow for mmc partitions RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' xfs: fix attr leaf header freemap.size underflow RDMA/i40iw: Fix potential use after free bcache: fix a lost wake-up problem caused by mca_cannibalize_lock tracing: Adding NULL checks for trace_array descriptor pointer mfd: mfd-core: Protect against NULL call-back function pointer mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup() clk/ti/adpll: allocate room for terminating null scsi: fnic: fix use after free PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged ALSA: usb-audio: Add delay quirk for H570e USB headsets x86/ioapic: Unbreak check_timer() arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback media: smiapp: Fix error handling at NVM reading ASoC: kirkwood: fix IRQ error handling gma/gma500: fix a memory disclosure bug due to uninitialized bytes m68k: q40: Fix info-leak in rtc_ioctl scsi: aacraid: fix illegal IO beyond last LBA mm: fix double page fault on arm64 if PTE_AF is cleared serial: 8250: Avoid error message on reprobe geneve: add transport ports in route lookup for geneve ipv4: Update exception handling for multipath routes via same device net: add __must_check to skb_put_padto() net: phy: Avoid NPD upon phy_detach() when driver is unbound bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex. tipc: use skb_unshare() instead in tipc_buf_append() tipc: fix shutdown() of connection oriented socket net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC ip: fix tos reflection in ack and reset packets hdlc_ppp: add range checks in ppp_cp_parse_cr() RDMA/ucma: ucma_context reference leak in error path mm/thp: fix __split_huge_pmd_locked() for migration PMD kprobes: fix kill kprobe which has been marked as gone KVM: fix memory leak in kvm_io_bus_unregister_dev() phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init af_key: pfkey_dump needs parameter validation ANDROID: Fix 64/32 compat issue with virtio_gpu_resource_create_blob ANDROID: Delete goldfish build configs and defconfigs Linux 4.14.199 x86/defconfig: Enable CONFIG_USB_XHCI_HCD=y powerpc/dma: Fix dma_map_ops::get_required_mask ehci-hcd: Move include to keep CRC stable serial: 8250_pci: Add Realtek 816a and 816b Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists Input: trackpoint - add new trackpoint variant IDs percpu: fix first chunk size calculation for populated bitmap i2c: i801: Fix resume bug usblp: fix race between disconnect() and read() USB: UAS: fix disconnect by unplugging a hub USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata() drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail MIPS: SNI: Fix spurious interrupts fbcon: Fix user font detection test at fbcon_resize(). perf test: Free formats for perf pmu parse test MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload clk: rockchip: Fix initialization of mux_pll_src_4plls_p KVM: MIPS: Change the definition of kvm type spi: Fix memory leak on splited transfers i2c: algo: pca: Reapply i2c bus settings after reset f2fs: fix indefinite loop scanning for free nid nvme-fc: cancel async events before freeing event struct rapidio: Replace 'select' DMAENGINES 'with depends on' SUNRPC: stop printk reading past end of string spi: spi-loopback-test: Fix out-of-bounds read scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery scsi: libfc: Fix for double free() scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall hv_netvsc: Remove "unlikely" from netvsc_select_queue net: handle the return value of pskb_carve_frag_list() correctly gfs2: initialize transaction tr_ailX_lists earlier gcov: add support for GCC 10.1 usb: typec: ucsi: acpi: Check the _DEP dependencies usb: Fix out of sync data toggle if a configured device is reconfigured USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules USB: serial: option: support dynamic Quectel USB compositions USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter usb: core: fix slab-out-of-bounds Read in read_descriptors staging: greybus: audio: fix uninitialized value issue video: fbdev: fix OOB read in vga_8planes_imageblit() ARM: dts: vfxxx: Add syscon compatible with OCOTP KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit vgacon: remove software scrollback support fbcon: remove now unusued 'softback_lines' cursor() argument fbcon: remove soft scrollback code RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars rbd: require global CAP_SYS_ADMIN for mapping and unmapping scsi: target: iscsi: Fix hang in iscsit_access_np() when getting tpg->np_login_sem scsi: target: iscsi: Fix data digest calculation regulator: push allocation in set_consumer_device_supply() out of lock btrfs: fix wrong address when faulting in pages in the search ioctl btrfs: fix lockdep splat in add_missing_dev btrfs: require only sector size alignment for parent eb bytenr staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() iio:accel:mma8452: Fix timestamp alignment and prevent data leak. iio:accel:mma7455: Fix timestamp alignment and prevent data leak. iio: accel: kxsd9: Fix alignment of local buffer. iio:chemical:ccs811: Fix timestamp alignment and prevent data leak. iio:light:max44000 Fix timestamp alignment and prevent data leak. iio:magnetometer:ak8975 Fix alignment and data leak issues. iio:adc:ti-adc081c Fix alignment and data leak issues iio:adc:max1118 Fix alignment of timestamp and data leak issues iio:adc:ina2xx Fix timestamp alignment issue. iio:adc:ti-adc084s021 Fix alignment and data leak issues. iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak. iio:light:ltr501 Fix timestamp alignment issue. iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set iio: adc: mcp3422: fix locking on error path iio: adc: mcp3422: fix locking scope gcov: Disable gcov build with GCC 10 ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled cpufreq: intel_pstate: Refuse to turn off with HWP enabled ARC: [plat-hsdk]: Switch ethernet phy-mode to rgmii-id drivers/net/wan/hdlc_cisco: Add hard_header_len irqchip/eznps: Fix build error for !ARC700 builds xfs: initialize the shortform attr header padding entry drivers/net/wan/lapbether: Set network_header before transmitting ALSA: hda: Fix 2 channel swapping for Tegra firestream: Fix memleak in fs_open NFC: st95hf: Fix memleak in st95hf_in_send_cmd drivers/net/wan/lapbether: Added needed_tailroom dmaengine: acpi: Put the CSRT table after using it ARC: HSDK: wireup perf irq arm64: dts: ns2: Fixed QSPI compatible string ARM: dts: BCM5301X: Fixed QSPI compatible string mmc: sdhci-msm: Add retries when all tuning phases are found valid RDMA/core: Fix reported speed and width scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA RDMA/rxe: Drop pointless checks in rxe_init_ports RDMA/rxe: Fix memleak in rxe_mem_init_user ARM: dts: socfpga: fix register entry for timer3 on Arria10 ANDROID: Add INIT_STACK_ALL_ZERO to the list of Clang-specific options Conflicts: arch/arm/configs/ranchu_defconfig arch/arm64/configs/ranchu64_defconfig arch/x86/configs/i386_ranchu_defconfig arch/x86/configs/x86_64_ranchu_defconfig drivers/mmc/host/sdhci-msm.c drivers/usb/dwc3/gadget.c mm/memory.c Change-Id: I7ec205f8d58125c2d2dcab7bfe944f5cf36b4bc9 Signed-off-by: Srinivasarao P <spathi@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
c1013a481e |
Merge 4.14.200 into android-4.14-stable
Changes in 4.14.200 af_key: pfkey_dump needs parameter validation phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init KVM: fix memory leak in kvm_io_bus_unregister_dev() kprobes: fix kill kprobe which has been marked as gone mm/thp: fix __split_huge_pmd_locked() for migration PMD RDMA/ucma: ucma_context reference leak in error path hdlc_ppp: add range checks in ppp_cp_parse_cr() ip: fix tos reflection in ack and reset packets net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC tipc: fix shutdown() of connection oriented socket tipc: use skb_unshare() instead in tipc_buf_append() bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex. net: phy: Avoid NPD upon phy_detach() when driver is unbound net: add __must_check to skb_put_padto() ipv4: Update exception handling for multipath routes via same device geneve: add transport ports in route lookup for geneve serial: 8250: Avoid error message on reprobe mm: fix double page fault on arm64 if PTE_AF is cleared scsi: aacraid: fix illegal IO beyond last LBA m68k: q40: Fix info-leak in rtc_ioctl gma/gma500: fix a memory disclosure bug due to uninitialized bytes ASoC: kirkwood: fix IRQ error handling media: smiapp: Fix error handling at NVM reading arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback x86/ioapic: Unbreak check_timer() ALSA: usb-audio: Add delay quirk for H570e USB headsets ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out scsi: fnic: fix use after free clk/ti/adpll: allocate room for terminating null mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup() mfd: mfd-core: Protect against NULL call-back function pointer tracing: Adding NULL checks for trace_array descriptor pointer bcache: fix a lost wake-up problem caused by mca_cannibalize_lock RDMA/i40iw: Fix potential use after free xfs: fix attr leaf header freemap.size underflow RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' mmc: core: Fix size overflow for mmc partitions gfs2: clean up iopen glock mess in gfs2_create_inode debugfs: Fix !DEBUG_FS debugfs_create_automount CIFS: Properly process SMB3 lease breaks kernel/sys.c: avoid copying possible padding bytes in copy_to_user neigh_stat_seq_next() should increase position index rt_cpu_seq_next should increase position index seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier media: ti-vpe: cal: Restrict DMA to avoid memory corruption ACPI: EC: Reference count query handlers under lock dmaengine: zynqmp_dma: fix burst length configuration powerpc/eeh: Only dump stack once if an MMIO loop is detected tracing: Set kernel_stack's caller size properly ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter selftests/ftrace: fix glob selftest tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility Bluetooth: Fix refcount use-after-free issue mm: pagewalk: fix termination condition in walk_pte_range() Bluetooth: prefetch channel before killing sock KVM: fix overflow of zero page refcount with ksm running ALSA: hda: Clear RIRB status before reading WP skbuff: fix a data race in skb_queue_len() audit: CONFIG_CHANGE don't log internal bookkeeping as an event selinux: sel_avc_get_stat_idx should increase position index scsi: lpfc: Fix RQ buffer leakage when no IOCBs available scsi: lpfc: Fix coverity errors in fmdi attribute handling drm/omap: fix possible object reference leak perf test: Fix test trace+probe_vfs_getname.sh on s390 RDMA/rxe: Fix configuration of atomic queue pair attributes KVM: x86: fix incorrect comparison in trace event media: staging/imx: Missing assignment in imx_media_capture_device_register() x86/pkeys: Add check for pkey "overflow" bpf: Remove recursion prevention from rcu free callback dmaengine: tegra-apb: Prevent race conditions on channel's freeing media: go7007: Fix URB type for interrupt handling Bluetooth: guard against controllers sending zero'd events timekeeping: Prevent 32bit truncation in scale64_check_overflow() ext4: fix a data race at inode->i_disksize mm: avoid data corruption on CoW fault into PFN-mapped VMA drm/amdgpu: increase atombios cmd timeout ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read scsi: aacraid: Disabling TM path and only processing IOP reset Bluetooth: L2CAP: handle l2cap config request during open state media: tda10071: fix unsigned sign extension overflow xfs: don't ever return a stale pointer from __xfs_dir3_free_read tpm: ibmvtpm: Wait for buffer to be set before proceeding rtc: ds1374: fix possible race condition tracing: Use address-of operator on section symbols serial: 8250_port: Don't service RX FIFO if throttled serial: 8250_omap: Fix sleeping function called from invalid context during probe serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout perf cpumap: Fix snprintf overflow check cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn tools: gpio-hammer: Avoid potential overflow in main RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' svcrdma: Fix leak of transport addresses ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests() mm/kmemleak.c: use address-of operator on section symbols mm/filemap.c: clear page error before actual read mm/vmscan.c: fix data races using kswapd_classzone_idx mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area scsi: qedi: Fix termination timeouts in session logout serial: uartps: Wait for tx_empty in console setup KVM: Remove CREATE_IRQCHIP/SET_PIT2 race bdev: Reduce time holding bd_mutex in sync in blkdev_close() drivers: char: tlclk.c: Avoid data race between init and interrupt handler staging:r8188eu: avoid skb_clone for amsdu to msdu conversion sparc64: vcc: Fix error return code in vcc_probe() arm64: cpufeature: Relax checks for AArch32 support at EL[0-2] dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion atm: fix a memory leak of vcc->user_back power: supply: max17040: Correct voltage reading phy: samsung: s5pv210-usb2: Add delay after reset Bluetooth: Handle Inquiry Cancel error after Inquiry Complete USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() tty: serial: samsung: Correct clock selection logic ALSA: hda: Fix potential race in unsol event handler powerpc/traps: Make unrecoverable NMIs die instead of panic fuse: don't check refcount after stealing page USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register e1000: Do not perform reset in reset_task if we are already down drm/nouveau/debugfs: fix runtime pm imbalance on error printk: handle blank console arguments passed in. usb: dwc3: Increase timeout for CmdAct cleared by device controller btrfs: don't force read-only after error in drop snapshot vfio/pci: fix memory leaks of eventfd ctx perf util: Fix memory leak of prefix_if_not_in perf kcore_copy: Fix module map when there are no modules loaded mtd: rawnand: omap_elm: Fix runtime PM imbalance on error ceph: fix potential race in ceph_check_caps mm/swap_state: fix a data race in swapin_nr_pages rapidio: avoid data race between file operation callbacks and mport_cdev_add(). mtd: parser: cmdline: Support MTD names containing one or more colons x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline vfio/pci: Clear error and request eventfd ctx after releasing cifs: Fix double add page to memcg when cifs_readpages scsi: libfc: Handling of extra kref scsi: libfc: Skip additional kref updating work event selftests/x86/syscall_nt: Clear weird flags after each test vfio/pci: fix racy on error and request eventfd ctx btrfs: qgroup: fix data leak caused by race between writeback and truncate s390/init: add missing __init annotations i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() objtool: Fix noreturn detection for ignored functions ieee802154: fix one possible memleak in ca8210_dev_com_init ieee802154/adf7242: check status of adf7242_read_reg clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() mwifiex: Increase AES key storage size to 256 bits batman-adv: bla: fix type misuse for backbone_gw hash indexing atm: eni: fix the missed pci_disable_device() for eni_init_one() batman-adv: mcast/TT: fix wrongly dropped or rerouted packets mac802154: tx: fix use-after-free drm/vc4/vc4_hdmi: fill ASoC card owner net: qed: RDMA personality shouldn't fail VF load batman-adv: Add missing include for in_interrupt() batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh ALSA: asihpi: fix iounmap in error handler MIPS: Add the missing 'CPU_1074K' into __get_cpu_type() s390/dasd: Fix zero write for FBA devices kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() mm, THP, swap: fix allocating cluster for swapfile by mistake lib/string.c: implement stpcpy ata: define AC_ERR_OK ata: make qc_prep return ata_completion_errors ata: sata_mv, avoid trigerrable BUG_ON Linux 4.14.200 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I3d3049dca196c46cb6b2a66d60a5a6a3a099efbb |
||
|
Joe Perches
|
62fd2fcca3 |
kernel/sys.c: avoid copying possible padding bytes in copy_to_user
[ Upstream commit 5e1aada08cd19ea652b2d32a250501d09b02ff2e ] Initialization is not guaranteed to zero padding bytes so use an explicit memset instead to avoid leaking any kernel content in any possible padding bytes. Link: http://lkml.kernel.org/r/dfa331c00881d61c8ee51577a082d8bebd61805c.camel@perches.com Signed-off-by: Joe Perches <joe@perches.com> Cc: Dan Carpenter <error27@gmail.com> Cc: Julia Lawall <julia.lawall@lip6.fr> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Kees Cook <keescook@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Blagovest Kolenichev
|
8ad87c80a2 |
Merge android-4.14.151 (2bb70f4) into msm-4.14
* refs/heads/tmp-2bb70f4:
ANDROID: virtio: virtio_input: Set the amount of multitouch slots in virtio input
ANDROID: dummy_cpufreq: Implement get()
rtlwifi: Fix potential overflow on P2P code
ANDROID: cpufreq: create dummy cpufreq driver
ANDROID: Allow DRM_IOCTL_MODE_*_DUMB for render clients.
ANDROID: sdcardfs: evict dentries on fscrypt key removal
ANDROID: fscrypt: add key removal notifier chain
ANDROID: Move from clang r353983c to r365631c
ANDROID: move up spin_unlock_bh() ahead of remove_proc_entry()
BACKPORT: arm64: tags: Preserve tags for addresses translated via TTBR1
UPSTREAM: arm64: memory: Implement __tag_set() as common function
UPSTREAM: arm64/mm: fix variable 'tag' set but not used
UPSTREAM: arm64: avoid clang warning about self-assignment
ANDROID: refactor build.config files to remove duplication
UPSTREAM: mm: vmalloc: show number of vmalloc pages in /proc/meminfo
BACKPORT: PM/sleep: Expose suspend stats in sysfs
UPSTREAM: power: supply: Init device wakeup after device_add()
UPSTREAM: PM / wakeup: Unexport wakeup_source_sysfs_{add,remove}()
UPSTREAM: PM / wakeup: Register wakeup class kobj after device is added
BACKPORT: PM / wakeup: Fix sysfs registration error path
BACKPORT: PM / wakeup: Show wakeup sources stats in sysfs
UPSTREAM: PM / wakeup: Print warn if device gets enabled as wakeup source during sleep
UPSTREAM: PM / wakeup: Use wakeup_source_register() in wakelock.c
UPSTREAM: PM / wakeup: Only update last time for active wakeup sources
UPSTREAM: PM / core: Add support to skip power management in device/driver model
cuttlefish-4.14: Enable CONFIG_DM_SNAPSHOT
ANDROID: cuttlefish_defconfig: Enable BPF_JIT and BPF_JIT_ALWAYS_ON
UPSTREAM: netfilter: xt_IDLETIMER: fix sysfs callback function type
UPSTREAM: mm: untag user pointers in mmap/munmap/mremap/brk
UPSTREAM: vfio/type1: untag user pointers in vaddr_get_pfn
UPSTREAM: media/v4l2-core: untag user pointers in videobuf_dma_contig_user_get
UPSTREAM: drm/radeon: untag user pointers in radeon_gem_userptr_ioctl
BACKPORT: drm/amdgpu: untag user pointers
UPSTREAM: userfaultfd: untag user pointers
UPSTREAM: fs/namespace: untag user pointers in copy_mount_options
UPSTREAM: mm: untag user pointers in get_vaddr_frames
UPSTREAM: mm: untag user pointers in mm/gup.c
BACKPORT: mm: untag user pointers passed to memory syscalls
BACKPORT: lib: untag user pointers in strn*_user
UPSTREAM: arm64: Fix reference to docs for ARM64_TAGGED_ADDR_ABI
UPSTREAM: selftests, arm64: add kernel headers path for tags_test
BACKPORT: arm64: Relax Documentation/arm64/tagged-pointers.rst
UPSTREAM: arm64: Define Documentation/arm64/tagged-address-abi.rst
UPSTREAM: arm64: Change the tagged_addr sysctl control semantics to only prevent the opt-in
UPSTREAM: arm64: Tighten the PR_{SET, GET}_TAGGED_ADDR_CTRL prctl() unused arguments
UPSTREAM: selftests, arm64: fix uninitialized symbol in tags_test.c
UPSTREAM: arm64: mm: Really fix sparse warning in untagged_addr()
UPSTREAM: selftests, arm64: add a selftest for passing tagged pointers to kernel
BACKPORT: arm64: Introduce prctl() options to control the tagged user addresses ABI
UPSTREAM: thread_info: Add update_thread_flag() helpers
UPSTREAM: arm64: untag user pointers in access_ok and __uaccess_mask_ptr
UPSTREAM: uaccess: add noop untagged_addr definition
BACKPORT: block: annotate refault stalls from IO submission
ext4: add verity flag check for dax
ANDROID: usb: gadget: Fix dependency for f_accessory
ANDROID: sched: fair: balance for single core cluster
UPSTREAM: mm/kasan: fix false positive invalid-free reports with CONFIG_KASAN_SW_TAGS=y
f2fs: add a condition to detect overflow in f2fs_ioc_gc_range()
f2fs: fix to add missing F2FS_IO_ALIGNED() condition
f2fs: fix to fallback to buffered IO in IO aligned mode
f2fs: fix to handle error path correctly in f2fs_map_blocks
f2fs: fix extent corrupotion during directIO in LFS mode
f2fs: check all the data segments against all node ones
f2fs: Add a small clarification to CONFIG_FS_F2FS_FS_SECURITY
f2fs: fix inode rwsem regression
f2fs: fix to avoid accessing uninitialized field of inode page in is_alive()
f2fs: avoid infinite GC loop due to stale atomic files
f2fs: Fix indefinite loop in f2fs_gc()
f2fs: convert inline_data in prior to i_size_write
f2fs: fix error path of f2fs_convert_inline_page()
f2fs: add missing documents of reserve_root/resuid/resgid
f2fs: fix flushing node pages when checkpoint is disabled
f2fs: enhance f2fs_is_checkpoint_ready()'s readability
f2fs: clean up __bio_alloc()'s parameter
f2fs: fix wrong error injection path in inc_valid_block_count()
f2fs: fix to writeout dirty inode during node flush
f2fs: optimize case-insensitive lookups
f2fs: introduce f2fs_match_name() for cleanup
f2fs: Fix indefinite loop in f2fs_gc()
f2fs: allocate memory in batch in build_sit_info()
f2fs: fix to avoid data corruption by forbidding SSR overwrite
f2fs: Fix build error while CONFIG_NLS=m
Revert "f2fs: avoid out-of-range memory access"
f2fs: cleanup the code in build_sit_entries.
f2fs: fix wrong available node count calculation
f2fs: remove duplicate code in f2fs_file_write_iter
f2fs: fix to migrate blocks correctly during defragment
f2fs: use wrapped f2fs_cp_error()
f2fs: fix to use more generic EOPNOTSUPP
f2fs: use wrapped IS_SWAPFILE()
f2fs: Support case-insensitive file name lookups
f2fs: include charset encoding information in the superblock
fs: Reserve flag for casefolding
f2fs: fix to avoid call kvfree under spinlock
fs: f2fs: Remove unnecessary checks of SM_I(sbi) in update_general_status()
f2fs: disallow direct IO in atomic write
f2fs: fix to handle quota_{on,off} correctly
f2fs: fix to detect cp error in f2fs_setxattr()
f2fs: fix to spread f2fs_is_checkpoint_ready()
f2fs: support fiemap() for directory inode
f2fs: fix to avoid discard command leak
f2fs: fix to avoid tagging SBI_QUOTA_NEED_REPAIR incorrectly
f2fs: fix to drop meta/node pages during umount
f2fs: disallow switching io_bits option during remount
f2fs: fix panic of IO alignment feature
f2fs: introduce {page,io}_is_mergeable() for readability
f2fs: fix livelock in swapfile writes
f2fs: add fs-verity support
ext4: update on-disk format documentation for fs-verity
ext4: add fs-verity read support
ext4: add basic fs-verity support
fs-verity: support builtin file signatures
fs-verity: add SHA-512 support
fs-verity: implement FS_IOC_MEASURE_VERITY ioctl
fs-verity: implement FS_IOC_ENABLE_VERITY ioctl
fs-verity: add data verification hooks for ->readpages()
fs-verity: add the hook for file ->setattr()
fs-verity: add the hook for file ->open()
fs-verity: add inode and superblock fields
fs-verity: add Kconfig and the helper functions for hashing
fs: uapi: define verity bit for FS_IOC_GETFLAGS
fs-verity: add UAPI header
fs-verity: add MAINTAINERS file entry
fs-verity: add a documentation file
ext4: fix kernel oops caused by spurious casefold flag
ext4: fix coverity warning on error path of filename setup
ext4: optimize case-insensitive lookups
ext4: fix dcache lookup of !casefolded directories
unicode: update to Unicode 12.1.0 final
unicode: add missing check for an error return from utf8lookup()
ext4: export /sys/fs/ext4/feature/casefold if Unicode support is present
unicode: refactor the rule for regenerating utf8data.h
ext4: Support case-insensitive file name lookups
ext4: include charset encoding information in the superblock
unicode: update unicode database unicode version 12.1.0
unicode: introduce test module for normalized utf8 implementation
unicode: implement higher level API for string handling
unicode: reduce the size of utf8data[]
unicode: introduce code for UTF-8 normalization
unicode: introduce UTF-8 character database
ext4 crypto: fix to check feature status before get policy
fscrypt: document the new ioctls and policy version
ubifs: wire up new fscrypt ioctls
f2fs: wire up new fscrypt ioctls
ext4: wire up new fscrypt ioctls
fscrypt: require that key be added when setting a v2 encryption policy
fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS ioctl
fscrypt: allow unprivileged users to add/remove keys for v2 policies
fscrypt: v2 encryption policy support
fscrypt: add an HKDF-SHA512 implementation
fscrypt: add FS_IOC_GET_ENCRYPTION_KEY_STATUS ioctl
fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
fscrypt: add FS_IOC_ADD_ENCRYPTION_KEY ioctl
fscrypt: rename keyinfo.c to keysetup.c
fscrypt: move v1 policy key setup to keysetup_v1.c
fscrypt: refactor key setup code in preparation for v2 policies
fscrypt: rename fscrypt_master_key to fscrypt_direct_key
fscrypt: add ->ci_inode to fscrypt_info
fscrypt: use FSCRYPT_* definitions, not FS_*
fscrypt: use FSCRYPT_ prefix for uapi constants
fs, fscrypt: move uapi definitions to new header <linux/fscrypt.h>
fscrypt: use ENOPKG when crypto API support missing
fscrypt: improve warnings for missing crypto API support
fscrypt: improve warning messages for unsupported encryption contexts
fscrypt: make fscrypt_msg() take inode instead of super_block
fscrypt: clean up base64 encoding/decoding
fscrypt: remove loadable module related code
ANDROID: arm64: bpf: implement arch_bpf_jit_check_func
ANDROID: bpf: validate bpf_func when BPF_JIT is enabled with CFI
UPSTREAM: kcm: use BPF_PROG_RUN
UPSTREAM: psi: get poll_work to run when calling poll syscall next time
UPSTREAM: sched/psi: Do not require setsched permission from the trigger creator
UPSTREAM: sched/psi: Reduce psimon FIFO priority
BACKPORT: arm64: Add support for relocating the kernel with RELR relocations
ANDROID: Log which device failed to suspend in dpm_suspend_start()
ANDROID: Revert "ANDROID: sched: Disallow WALT with CFS bandwidth control"
ANDROID: sched: WALT: Add support for CFS_BANDWIDTH
ANDROID: sched: WALT: Refactor cumulative runnable average fixup
ANDROID: sched: Disallow WALT with CFS bandwidth control
fscrypt: document testing with xfstests
fscrypt: remove selection of CONFIG_CRYPTO_SHA256
fscrypt: remove unnecessary includes of ratelimit.h
fscrypt: don't set policy for a dead directory
fscrypt: decrypt only the needed blocks in __fscrypt_decrypt_bio()
fscrypt: support decrypting multiple filesystem blocks per page
fscrypt: introduce fscrypt_decrypt_block_inplace()
fscrypt: handle blocksize < PAGE_SIZE in fscrypt_zeroout_range()
fscrypt: support encrypting multiple filesystem blocks per page
fscrypt: introduce fscrypt_encrypt_block_inplace()
fscrypt: clean up some BUG_ON()s in block encryption/decryption
fscrypt: rename fscrypt_do_page_crypto() to fscrypt_crypt_block()
fscrypt: remove the "write" part of struct fscrypt_ctx
fscrypt: simplify bounce page handling
ANDROID: fiq_debugger: remove
UPSTREAM: lib/test_meminit.c: use GFP_ATOMIC in RCU critical section
UPSTREAM: mm: slub: Fix slab walking for init_on_free
UPSTREAM: lib/test_meminit.c: minor test fixes
UPSTREAM: lib/test_meminit.c: fix -Wmaybe-uninitialized false positive
UPSTREAM: lib: introduce test_meminit module
UPSTREAM: mm: init: report memory auto-initialization features at boot time
BACKPORT: mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options
UPSTREAM: arm64: move jump_label_init() before parse_early_param()
ANDROID: Add a tracepoint for mapping inode to full path
BACKPORT: arch: add pidfd and io_uring syscalls everywhere
UPSTREAM: dma-buf: add show_fdinfo handler
UPSTREAM: dma-buf: add DMA_BUF_SET_NAME ioctls
BACKPORT: dma-buf: give each buffer a full-fledged inode
ANDROID: fix kernelci build-break
UPSTREAM: drm/virtio: Fix cache entry creation race.
UPSTREAM: drm/virtio: Wake up all waiters when capset response comes in.
UPSTREAM: drm/virtio: Ensure cached capset entries are valid before copying.
UPSTREAM: drm/virtio: use u64_to_user_ptr macro
UPSTREAM: drm/virtio: remove irrelevant DRM_UNLOCKED flag
UPSTREAM: drm/virtio: Remove redundant return type
UPSTREAM: drm/virtio: allocate fences with GFP_KERNEL
UPSTREAM: drm/virtio: add trace events for commands
UPSTREAM: drm/virtio: trace drm_fence_emit
BACKPORT: drm/virtio: set seqno for dma-fence
BACKPORT: drm/virtio: move drm_connector_update_edid_property() call
UPSTREAM: drm/virtio: add missing drm_atomic_helper_shutdown() call.
BACKPORT: drm/virtio: rework resource creation workflow.
UPSTREAM: drm/virtio: params struct for virtio_gpu_cmd_create_resource_3d()
BACKPORT: drm/virtio: params struct for virtio_gpu_cmd_create_resource()
BACKPORT: drm/virtio: use struct to pass params to virtio_gpu_object_create()
UPSTREAM: drm/virtio: add virtio-gpu-features debugfs file.
UPSTREAM: drm/virtio: remove set but not used variable 'vgdev'
BACKPORT: drm/virtio: implement prime export
UPSTREAM: drm/virtio: remove prime pin/unpin callbacks.
UPSTREAM: drm/virtio: implement prime mmap
UPSTREAM: drm/virtio: drop virtio_gpu_fence_cleanup()
UPSTREAM: drm/virtio: fix pageflip flush
UPSTREAM: drm/virtio: log error responses
UPSTREAM: drm/virtio: Add missing virtqueue reset
UPSTREAM: drm/virtio: Remove incorrect kfree()
UPSTREAM: drm/virtio: virtio_gpu_cmd_resource_create_3d: drop unused fence arg
UPSTREAM: drm/virtio: fence: pass plain pointer
BACKPORT: drm/virtio: add edid support
UPSTREAM: virtio-gpu: add VIRTIO_GPU_F_EDID feature
BACKPORT: drm/virtio: fix memory leak of vfpriv on error return path
UPSTREAM: drm/virtio: bump driver version after explicit synchronization addition
UPSTREAM: drm/virtio: add in/out fence support for explicit synchronization
UPSTREAM: drm/virtio: add uapi for in and out explicit fences
UPSTREAM: drm/virtio: add virtio_gpu_alloc_fence()
UPSTREAM: drm/virtio: Handle error from virtio_gpu_resource_id_get
UPSTREAM: gpu/drm/virtio/virtgpu_vq.c: Use kmem_cache_zalloc
UPSTREAM: drm/virtio: fix resource id handling
UPSTREAM: drm/virtio: drop resource_id argument.
UPSTREAM: drm/virtio: use virtio_gpu_object->hw_res_handle in virtio_gpu_resource_create_ioctl()
UPSTREAM: drm/virtio: use virtio_gpu_object->hw_res_handle in virtio_gpu_mode_dumb_create()
UPSTREAM: drm/virtio: use virtio_gpu_object->hw_res_handle in virtio_gpufb_create()
BACKPORT: drm/virtio: track created object state
UPSTREAM: drm/virtio: document drm_dev_set_unique workaround
UPSTREAM: virtio: Support prime objects vmap/vunmap
UPSTREAM: virtio: Rework virtio_gpu_object_kmap()
UPSTREAM: virtio: Add virtio_gpu_object_kunmap()
UPSTREAM: drm/virtio: pass virtio_gpu_object to virtio_gpu_cmd_transfer_to_host_{2d, 3d}
UPSTREAM: drm/virtio: add dma sync for dma mapped virtio gpu framebuffer pages
UPSTREAM: drm/virtio: Remove set but not used variable 'bo'
UPSTREAM: drm/virtio: add iommu support.
UPSTREAM: drm/virtio: add virtio_gpu_object_detach() function
UPSTREAM: drm/virtio: track virtual output state
UPSTREAM: drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset()
UPSTREAM: gpu: drm: virtio: code cleanup
UPSTREAM: drm/virtio: Place GEM BOs in drm_framebuffer
UPSTREAM: drm/virtio: fix mode_valid's return type
UPSTREAM: drm/virtio: Add spaces around operators
UPSTREAM: drm/virtio: Remove multiple blank lines
UPSTREAM: drm/virtio: Replace 'unsigned' for 'unsigned int'
UPSTREAM: drm/virtio: Remove return from void function
UPSTREAM: drm/virtio: Add */ in block comments to separate line
UPSTREAM: drm/virtio: Add blank line after variable declarations
UPSTREAM: drm/virtio: Add tabs at the start of a line
UPSTREAM: drm/virtio: Don't return invalid caps on timeout
UPSTREAM: virtgpu: remove redundant task_comm copying
UPSTREAM: drm/virtio: add create_handle support.
UPSTREAM: drm: virtio: replace reference/unreference with get/put
UPSTREAM: drm/virtio: Replace instances of reference/unreference with get/put
UPSTREAM: drm: byteorder: add DRM_FORMAT_HOST_*
UPSTREAM: drm: add drm_connector_attach_edid_property()
BACKPORT: drm/prime: Add drm_gem_prime_mmap()
f2fs: fix build error on android tracepoints
ANDROID: cuttlefish_defconfig: Enable CAN/VCAN
UPSTREAM: pidfd: fix a poll race when setting exit_state
BACKPORT: arch: wire-up pidfd_open()
BACKPORT: pid: add pidfd_open()
UPSTREAM: pidfd: add polling support
UPSTREAM: signal: improve comments
UPSTREAM: fork: do not release lock that wasn't taken
BACKPORT: signal: support CLONE_PIDFD with pidfd_send_signal
BACKPORT: clone: add CLONE_PIDFD
UPSTREAM: Make anon_inodes unconditional
UPSTREAM: signal: use fdget() since we don't allow O_PATH
UPSTREAM: signal: don't silently convert SI_USER signals to non-current pidfd
BACKPORT: signal: add pidfd_send_signal() syscall
UPSTREAM: net-ipv6-ndisc: add support for RFC7710 RA Captive Portal Identifier
ANDROID: fix up 9p filesystem due to CFI non-upstream patches
f2fs: use EINVAL for superblock with invalid magic
f2fs: fix to read source block before invalidating it
f2fs: remove redundant check from f2fs_setflags_common()
f2fs: use generic checking function for FS_IOC_FSSETXATTR
f2fs: use generic checking and prep function for FS_IOC_SETFLAGS
ubifs, fscrypt: cache decrypted symlink target in ->i_link
vfs: use READ_ONCE() to access ->i_link
fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory
ANDROID: (arm64) cuttlefish_defconfig: enable CONFIG_CPU_FREQ_TIMES
ANDROID: xfrm: remove in_compat_syscall() checks
ANDROID: enable CONFIG_RTC_DRV_TEST on cuttlefish
UPSTREAM: binder: Set end of SG buffer area properly.
ANDROID: x86_64_cuttlefish_defconfig: enable CONFIG_CPU_FREQ_TIMES
ANDROID: f2fs: add android fsync tracepoint
ANDROID: f2fs: fix wrong android tracepoint
fscrypt: cache decrypted symlink target in ->i_link
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
fscrypt: only set dentry_operations on ciphertext dentries
fscrypt: fix race allowing rename() and link() of ciphertext dentries
fscrypt: clean up and improve dentry revalidation
fscrypt: use READ_ONCE() to access ->i_crypt_info
fscrypt: remove WARN_ON_ONCE() when decryption fails
fscrypt: drop inode argument from fscrypt_get_ctx()
f2fs: improve print log in f2fs_sanity_check_ckpt()
f2fs: avoid out-of-range memory access
f2fs: fix to avoid long latency during umount
f2fs: allow all the users to pin a file
f2fs: support swap file w/ DIO
f2fs: allocate blocks for pinned file
f2fs: fix is_idle() check for discard type
f2fs: add a rw_sem to cover quota flag changes
f2fs: set SBI_NEED_FSCK for xattr corruption case
f2fs: use generic EFSBADCRC/EFSCORRUPTED
f2fs: Use DIV_ROUND_UP() instead of open-coding
f2fs: print kernel message if filesystem is inconsistent
f2fs: introduce f2fs_<level> macros to wrap f2fs_printk()
f2fs: avoid get_valid_blocks() for cleanup
f2fs: ioctl for removing a range from F2FS
f2fs: only set project inherit bit for directory
f2fs: separate f2fs i_flags from fs_flags and ext4 i_flags
UPSTREAM: kasan: initialize tag to 0xff in __kasan_kmalloc
UPSTREAM: x86/boot: Provide KASAN compatible aliases for string routines
UPSTREAM: mm/kasan: Remove the ULONG_MAX stack trace hackery
UPSTREAM: x86/uaccess, kasan: Fix KASAN vs SMAP
UPSTREAM: x86/uaccess: Introduce user_access_{save,restore}()
UPSTREAM: kasan: fix variable 'tag' set but not used warning
UPSTREAM: Revert "x86_64: Increase stack size for KASAN_EXTRA"
UPSTREAM: kasan: fix coccinelle warnings in kasan_p*_table
UPSTREAM: kasan: fix kasan_check_read/write definitions
BACKPORT: kasan: remove use after scope bugs detection.
BACKPORT: kasan: turn off asan-stack for clang-8 and earlier
UPSTREAM: slub: fix a crash with SLUB_DEBUG + KASAN_SW_TAGS
UPSTREAM: kasan, slab: remove redundant kasan_slab_alloc hooks
UPSTREAM: kasan, slab: make freelist stored without tags
UPSTREAM: kasan, slab: fix conflicts with CONFIG_HARDENED_USERCOPY
UPSTREAM: kasan: prevent tracing of tags.c
UPSTREAM: kasan: fix random seed generation for tag-based mode
UPSTREAM: slub: fix SLAB_CONSISTENCY_CHECKS + KASAN_SW_TAGS
UPSTREAM: kasan, slub: fix more conflicts with CONFIG_SLAB_FREELIST_HARDENED
UPSTREAM: kasan, slub: fix conflicts with CONFIG_SLAB_FREELIST_HARDENED
UPSTREAM: kasan, slub: move kasan_poison_slab hook before page_address
UPSTREAM: kasan, kmemleak: pass tagged pointers to kmemleak
UPSTREAM: kasan: fix assigning tags twice
UPSTREAM: kasan: mark file common so ftrace doesn't trace it
UPSTREAM: kasan, arm64: remove redundant ARCH_SLAB_MINALIGN define
UPSTREAM: kasan: fix krealloc handling for tag-based mode
UPSTREAM: kasan: make tag based mode work with CONFIG_HARDENED_USERCOPY
UPSTREAM: kasan, arm64: use ARCH_SLAB_MINALIGN instead of manual aligning
BACKPORT: mm/memblock.c: skip kmemleak for kasan_init()
UPSTREAM: kasan: add SPDX-License-Identifier mark to source files
BACKPORT: kasan: update documentation
UPSTREAM: kasan, arm64: select HAVE_ARCH_KASAN_SW_TAGS
UPSTREAM: kasan: add __must_check annotations to kasan hooks
BACKPORT: kasan, mm, arm64: tag non slab memory allocated via pagealloc
UPSTREAM: kasan, arm64: add brk handler for inline instrumentation
UPSTREAM: kasan: add hooks implementation for tag-based mode
UPSTREAM: mm: move obj_to_index to include/linux/slab_def.h
UPSTREAM: kasan: add bug reporting routines for tag-based mode
UPSTREAM: kasan: split out generic_report.c from report.c
UPSTREAM: kasan, mm: perform untagged pointers comparison in krealloc
BACKPORT: kasan, arm64: enable top byte ignore for the kernel
BACKPORT: kasan, arm64: fix up fault handling logic
UPSTREAM: kasan: preassign tags to objects with ctors or SLAB_TYPESAFE_BY_RCU
UPSTREAM: kasan, arm64: untag address in _virt_addr_is_linear
UPSTREAM: kasan: add tag related helper functions
BACKPORT: arm64: move untagged_addr macro from uaccess.h to memory.h
BACKPORT: kasan: initialize shadow to 0xff for tag-based mode
BACKPORT: kasan: rename kasan_zero_page to kasan_early_shadow_page
BACKPORT: kasan, arm64: adjust shadow size for tag-based mode
BACKPORT: kasan: add CONFIG_KASAN_GENERIC and CONFIG_KASAN_SW_TAGS
UPSTREAM: kasan: rename source files to reflect the new naming scheme
BACKPORT: kasan: move common generic and tag-based code to common.c
UPSTREAM: kasan, slub: handle pointer tags in early_kmem_cache_node_alloc
UPSTREAM: kasan, mm: change hooks signatures
UPSTREAM: arm64: add EXPORT_SYMBOL_NOKASAN()
BACKPORT: compiler: remove __no_sanitize_address_or_inline again
UPSTREAM: mm/kasan/quarantine.c: make quarantine_lock a raw_spinlock_t
UPSTREAM: lib/test_kasan.c: add tests for several string/memory API functions
UPSTREAM: arm64: lib: use C string functions with KASAN enabled
UPSTREAM: compiler: introduce __no_sanitize_address_or_inline
UPSTREAM: arm64: Fix typo in a comment in arch/arm64/mm/kasan_init.c
BACKPORT: kernel/memremap, kasan: make ZONE_DEVICE with work with KASAN
BACKPORT: mm/mempool.c: remove unused argument in kasan_unpoison_element() and remove_element()
UPSTREAM: kasan: only select SLUB_DEBUG with SYSFS=y
UPSTREAM: kasan: depend on CONFIG_SLUB_DEBUG
UPSTREAM: KASAN: prohibit KASAN+STRUCTLEAK combination
UPSTREAM: arm64: kasan: avoid pfn_to_nid() before page array is initialized
UPSTREAM: kasan: fix invalid-free test crashing the kernel
UPSTREAM: kasan, slub: fix handling of kasan_slab_free hook
UPSTREAM: slab, slub: skip unnecessary kasan_cache_shutdown()
BACKPORT: kasan: make kasan_cache_create() work with 32-bit slab cache sizes
UPSTREAM: locking/atomics: Instrument cmpxchg_double*()
UPSTREAM: locking/atomics: Instrument xchg()
UPSTREAM: locking/atomics: Simplify cmpxchg() instrumentation
UPSTREAM: locking/atomics/x86: Reduce arch_cmpxchg64*() instrumentation
UPSTREAM: locking/atomic, asm-generic, x86: Add comments for atomic instrumentation
UPSTREAM: locking/atomic, asm-generic: Add KASAN instrumentation to atomic operations
UPSTREAM: locking/atomic/x86: Switch atomic.h to use atomic-instrumented.h
UPSTREAM: locking/atomic, asm-generic: Add asm-generic/atomic-instrumented.h
BACKPORT: kasan, arm64: clean up KASAN_SHADOW_SCALE_SHIFT usage
UPSTREAM: kasan: clean up KASAN_SHADOW_SCALE_SHIFT usage
UPSTREAM: kasan: fix prototype author email address
UPSTREAM: kasan: detect invalid frees
UPSTREAM: kasan: unify code between kasan_slab_free() and kasan_poison_kfree()
UPSTREAM: kasan: detect invalid frees for large mempool objects
UPSTREAM: kasan: don't use __builtin_return_address(1)
UPSTREAM: kasan: detect invalid frees for large objects
UPSTREAM: kasan: add functions for unpoisoning stack variables
UPSTREAM: kasan: add tests for alloca poisoning
UPSTREAM: kasan: support alloca() poisoning
UPSTREAM: kasan/Makefile: support LLVM style asan parameters
BACKPORT: kasan: add compiler support for clang
BACKPORT: fs: dcache: Revert "manually unpoison dname after allocation to shut up kasan's reports"
UPSTREAM: fs/dcache: Use read_word_at_a_time() in dentry_string_cmp()
UPSTREAM: lib/strscpy: Shut up KASAN false-positives in strscpy()
UPSTREAM: compiler.h: Add read_word_at_a_time() function.
UPSTREAM: compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
UPSTREAM: arm64/mm/kasan: don't use vmemmap_populate() to initialize shadow
UPSTREAM: Documentation/features/KASAN: mark KASAN as supported only on 64-bit on x86
f2fs: Add option to limit required GC for checkpoint=disable
f2fs: Fix accounting for unusable blocks
f2fs: Fix root reserved on remount
f2fs: Lower threshold for disable_cp_again
f2fs: fix sparse warning
f2fs: fix f2fs_show_options to show nodiscard mount option
f2fs: add error prints for debugging mount failure
f2fs: fix to do sanity check on segment bitmap of LFS curseg
f2fs: add missing sysfs entries in documentation
f2fs: fix to avoid deadloop if data_flush is on
f2fs: always assume that the device is idle under gc_urgent
f2fs: add bio cache for IPU
f2fs: allow ssr block allocation during checkpoint=disable period
f2fs: fix to check layout on last valid checkpoint park
Conflicts:
arch/arm64/configs/cuttlefish_defconfig
arch/arm64/include/asm/memory.h
arch/arm64/include/asm/thread_info.h
arch/x86/configs/x86_64_cuttlefish_defconfig
build.config.common
drivers/dma-buf/dma-buf.c
fs/crypto/Makefile
fs/crypto/bio.c
fs/crypto/fscrypt_private.h
fs/crypto/keyinfo.c
fs/ext4/page-io.c
fs/f2fs/data.c
fs/f2fs/f2fs.h
fs/f2fs/inode.c
fs/f2fs/segment.c
fs/userfaultfd.c
include/linux/dma-buf.h
include/linux/fscrypt.h
include/linux/kasan.h
include/linux/platform_data/ds2482.h
include/uapi/linux/fs.h
kernel/sched/deadline.c
kernel/sched/fair.c
kernel/sched/rt.c
kernel/sched/sched.h
kernel/sched/stop_task.c
kernel/sched/walt.c
kernel/sched/walt.h
lib/test_kasan.c
mm/kasan/common.c
mm/kasan/kasan.h
mm/kasan/report.c
mm/slub.c
mm/vmalloc.c
scripts/Makefile.kasan
Changed below files to fix build errors:
drivers/char/diag/diagchar_core.c
drivers/power/supply/qcom/battery.c
drivers/power/supply/qcom/smb1390-charger-psy.c
drivers/power/supply/qcom/smb1390-charger.c
drivers/power/supply/qcom/step-chg-jeita.c
fs/crypto/fscrypt_ice.c
fs/crypto/fscrypt_private.h
fs/f2fs/inode.c
include/uapi/linux/fscrypt.h
net/qrtr/qrtr.c
gen_headers_arm.bp
gen_headers_arm64.bp
Extra added fixes in fs/f2fs/data.c for FBE:
* Fix FBE regression with
|
||
|
Catalin Marinas
|
cde9b8ce92 |
UPSTREAM: arm64: Tighten the PR_{SET, GET}_TAGGED_ADDR_CTRL prctl() unused arguments
(Upstream commit 3e91ec89f527b9870fe42dcbdb74fd389d123a95).
Require that arg{3,4,5} of the PR_{SET,GET}_TAGGED_ADDR_CTRL prctl and
arg2 of the PR_GET_TAGGED_ADDR_CTRL prctl() are zero rather than ignored
for future extensions.
Acked-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Bug: 135692346
Change-Id: I8bb5c3eb4728440880c971d77904f7e45b571ddc
|
||
|
Catalin Marinas
|
aa5a358032 |
BACKPORT: arm64: Introduce prctl() options to control the tagged user addresses ABI
(Upstream commit 63f0c60379650d82250f22e4cf4137ef3dc4f43d). It is not desirable to relax the ABI to allow tagged user addresses into the kernel indiscriminately. This patch introduces a prctl() interface for enabling or disabling the tagged ABI with a global sysctl control for preventing applications from enabling the relaxed ABI (meant for testing user-space prctl() return error checking without reconfiguring the kernel). The ABI properties are inherited by threads of the same application and fork()'ed children but cleared on execve(). A Kconfig option allows the overall disabling of the relaxed ABI. The PR_SET_TAGGED_ADDR_CTRL will be expanded in the future to handle MTE-specific settings like imprecise vs precise exceptions. Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: Will Deacon <will@kernel.org> Change-Id: I2d52c5589b05415faab315c116245f1058d64750 Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Bug: 135692346 |
||
|
Blagovest Kolenichev
|
80e9b1ab39 |
Merge android-4.14.126 (cfee25d) into msm-4.14
* refs/heads/tmp-cfee25d: Linux 4.14.126 ALSA: seq: Cover unsubscribe_port() in list_mutex drm: don't block fb changes for async plane updates Revert "drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)" Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" percpu: do not search past bitmap when allocating an area gpio: vf610: Do not share irq_chip usb: typec: fusb302: Check vconn is off when we start toggling ARM: exynos: Fix undefined instruction during Exynos5422 resume pwm: Fix deadlock warning when removing PWM device ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa pwm: tiehrpwm: Update shadow register for disabling PWMs dmaengine: idma64: Use actual device for DMA transfers gpio: gpio-omap: add check for off wake capable gpios PCI: xilinx: Check for __get_free_pages() failure block, bfq: increase idling for weight-raised queues video: imsttfb: fix potential NULL pointer dereferences video: hgafb: fix potential NULL pointer dereference PCI: rcar: Fix 64bit MSI message address handling PCI: rcar: Fix a potential NULL pointer dereference power: supply: max14656: fix potential use-before-alloc platform/x86: intel_pmc_ipc: adding error handling PCI: rpadlpar: Fix leaked device_node references in add/remove paths ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx53: Specify IMX5_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx50: Specify IMX5_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA soc: rockchip: Set the proper PWM for rk3288 clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64 platform/chrome: cros_ec_proto: check for NULL transfer function x86/PCI: Fix PCI IRQ routing table memory leak vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING" nfsd: allow fh_want_write to be called twice fuse: retrieve: cap requested size to negotiated max_write nvmem: core: fix read buffer in place ALSA: hda - Register irq handler after the chip initialization nvme-pci: unquiesce admin queue on shutdown misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test iommu/vt-d: Set intel_iommu_gfx_mapped correctly blk-mq: move cancel of requeue_work into blk_mq_release watchdog: fix compile time error of pretimeout governors watchdog: imx2_wdt: Fix set_timeout for big timeout values mmc: mmci: Prevent polling for busy detection in IRQ context uml: fix a boot splat wrt use of cpu_all_mask configfs: fix possible use-after-free in configfs_register_group percpu: remove spurious lock dependency between percpu and sched f2fs: fix to do sanity check on valid block count of segment f2fs: fix to avoid panic in dec_valid_block_count() f2fs: fix to clear dirty inode in error path of f2fs_iget() f2fs: fix to avoid panic in do_recover_data() ntp: Allow TAI-UTC offset to be set to zero pwm: meson: Use the spin-lock only to protect register modifications EDAC/mpc85xx: Prevent building as a module objtool: Don't use ignore flag for fake jumps drm/bridge: adv7511: Fix low refresh rate selection perf/x86/intel: Allow PEBS multi-entry in watermark mode mfd: twl6040: Fix device init errors for ACCCTL register drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration mfd: intel-lpss: Set the device in reset state when init mfd: tps65912-spi: Add missing of table registration drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER thermal: rcar_gen3_thermal: disable interrupt in .remove kernel/sys.c: prctl: fix false positive in validate_prctl_map() mm/slab.c: fix an infinite loop in leaks_show() mm/cma_debug.c: fix the break condition in cma_maxchunk_get() mm/cma.c: fix the bitmap status to show failed allocation reason mm/cma.c: fix crash on CMA allocation if bitmap allocation fails mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE hugetlbfs: on restore reserve error path retain subpool reservation mm/hmm: select mmu notifier when selecting HMM ARM: prevent tracing IPI_CPU_BACKTRACE ipc: prevent lockup on alloc_msg and free_msg sysctl: return -EINVAL if val violates minmax fs/fat/file.c: issue flush after the writeback of FAT rapidio: fix a NULL pointer dereference when create_workqueue() fails BACKPORT: kheaders: Do not regenerate archive if config is not changed BACKPORT: kheaders: Move from proc to sysfs BACKPORT: Provide in-kernel headers to make extending kernel easier UPSTREAM: binder: check for overflow when alloc for security context Conflicts: arch/arm/kernel/smp.c Change-Id: I93aaeb09806bd05b4bb216aa12d7ba8007fbc3e9 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
cfee25d274 |
Merge 4.14.126 into android-4.14
Changes in 4.14.126 rapidio: fix a NULL pointer dereference when create_workqueue() fails fs/fat/file.c: issue flush after the writeback of FAT sysctl: return -EINVAL if val violates minmax ipc: prevent lockup on alloc_msg and free_msg ARM: prevent tracing IPI_CPU_BACKTRACE mm/hmm: select mmu notifier when selecting HMM hugetlbfs: on restore reserve error path retain subpool reservation mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE mm/cma.c: fix crash on CMA allocation if bitmap allocation fails mm/cma.c: fix the bitmap status to show failed allocation reason mm/cma_debug.c: fix the break condition in cma_maxchunk_get() mm/slab.c: fix an infinite loop in leaks_show() kernel/sys.c: prctl: fix false positive in validate_prctl_map() thermal: rcar_gen3_thermal: disable interrupt in .remove drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER mfd: tps65912-spi: Add missing of table registration mfd: intel-lpss: Set the device in reset state when init drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration mfd: twl6040: Fix device init errors for ACCCTL register perf/x86/intel: Allow PEBS multi-entry in watermark mode drm/bridge: adv7511: Fix low refresh rate selection objtool: Don't use ignore flag for fake jumps EDAC/mpc85xx: Prevent building as a module pwm: meson: Use the spin-lock only to protect register modifications ntp: Allow TAI-UTC offset to be set to zero f2fs: fix to avoid panic in do_recover_data() f2fs: fix to clear dirty inode in error path of f2fs_iget() f2fs: fix to avoid panic in dec_valid_block_count() f2fs: fix to do sanity check on valid block count of segment percpu: remove spurious lock dependency between percpu and sched configfs: fix possible use-after-free in configfs_register_group uml: fix a boot splat wrt use of cpu_all_mask mmc: mmci: Prevent polling for busy detection in IRQ context watchdog: imx2_wdt: Fix set_timeout for big timeout values watchdog: fix compile time error of pretimeout governors blk-mq: move cancel of requeue_work into blk_mq_release iommu/vt-d: Set intel_iommu_gfx_mapped correctly misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test nvme-pci: unquiesce admin queue on shutdown ALSA: hda - Register irq handler after the chip initialization nvmem: core: fix read buffer in place fuse: retrieve: cap requested size to negotiated max_write nfsd: allow fh_want_write to be called twice vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING" x86/PCI: Fix PCI IRQ routing table memory leak platform/chrome: cros_ec_proto: check for NULL transfer function PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64 soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 soc: rockchip: Set the proper PWM for rk3288 ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx50: Specify IMX5_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx53: Specify IMX5_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA PCI: rpadlpar: Fix leaked device_node references in add/remove paths platform/x86: intel_pmc_ipc: adding error handling power: supply: max14656: fix potential use-before-alloc PCI: rcar: Fix a potential NULL pointer dereference PCI: rcar: Fix 64bit MSI message address handling video: hgafb: fix potential NULL pointer dereference video: imsttfb: fix potential NULL pointer dereferences block, bfq: increase idling for weight-raised queues PCI: xilinx: Check for __get_free_pages() failure gpio: gpio-omap: add check for off wake capable gpios dmaengine: idma64: Use actual device for DMA transfers pwm: tiehrpwm: Update shadow register for disabling PWMs ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa pwm: Fix deadlock warning when removing PWM device ARM: exynos: Fix undefined instruction during Exynos5422 resume usb: typec: fusb302: Check vconn is off when we start toggling gpio: vf610: Do not share irq_chip percpu: do not search past bitmap when allocating an area Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" Revert "drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)" drm: don't block fb changes for async plane updates ALSA: seq: Cover unsubscribe_port() in list_mutex Linux 4.14.126 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Cyrill Gorcunov
|
a84bd98db8 |
kernel/sys.c: prctl: fix false positive in validate_prctl_map()
[ Upstream commit a9e73998f9d705c94a8dca9687633adc0f24a19a ]
While validating new map we require the @start_data to be strictly less
than @end_data, which is fine for regular applications (this is why this
nit didn't trigger for that long). These members are set from executable
loaders such as elf handers, still it is pretty valid to have a loadable
data section with zero size in file, in such case the start_data is equal
to end_data once kernel loader finishes.
As a result when we're trying to restore such programs the procedure fails
and the kernel returns -EINVAL. From the image dump of a program:
| "mm_start_code": "0x400000",
| "mm_end_code": "0x8f5fb4",
| "mm_start_data": "0xf1bfb0",
| "mm_end_data": "0xf1bfb0",
Thus we need to change validate_prctl_map from strictly less to less or
equal operator use.
Link: http://lkml.kernel.org/r/20190408143554.GY1421@uranus.lan
Fixes:
|
||
|
Yang Shi
|
1022f84ec6 |
mm: introduce arg_lock to protect arg_start|end and env_start|end in mm_struct
mmap_sem is on the hot path of kernel, and it very contended, but it is
abused too. It is used to protect arg_start|end and evn_start|end when
reading /proc/$PID/cmdline and /proc/$PID/environ, but it doesn't make
sense since those proc files just expect to read 4 values atomically and
not related to VM, they could be set to arbitrary values by C/R.
And, the mmap_sem contention may cause unexpected issue like below:
INFO: task ps:14018 blocked for more than 120 seconds.
Tainted: G E 4.9.79-009.ali3000.alios7.x86_64 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this
message.
ps D 0 14018 1 0x00000004
Call Trace:
schedule+0x36/0x80
rwsem_down_read_failed+0xf0/0x150
call_rwsem_down_read_failed+0x18/0x30
down_read+0x20/0x40
proc_pid_cmdline_read+0xd9/0x4e0
__vfs_read+0x37/0x150
vfs_read+0x96/0x130
SyS_read+0x55/0xc0
entry_SYSCALL_64_fastpath+0x1a/0xc5
Both Alexey Dobriyan and Michal Hocko suggested to use dedicated lock
for them to mitigate the abuse of mmap_sem.
So, introduce a new spinlock in mm_struct to protect the concurrent
access to arg_start|end, env_start|end and others, as well as replace
write map_sem to read to protect the race condition between prctl and
sys_brk which might break check_data_rlimit(), and makes prctl more
friendly to other VM operations.
This patch just eliminates the abuse of mmap_sem, but it can't resolve
the above hung task warning completely since the later
access_remote_vm() call needs acquire mmap_sem. The mmap_sem
scalability issue will be solved in the future.
Change-Id: Ifa8f001ee2fc4f0ce60c18e771cebcf8a1f0943e
[yang.shi@linux.alibaba.com: add comment about mmap_sem and arg_lock]
Link: http://lkml.kernel.org/r/1524077799-80690-1-git-send-email-yang.shi@linux.alibaba.com
Link: http://lkml.kernel.org/r/1523730291-109696-1-git-send-email-yang.shi@linux.alibaba.com
Signed-off-by: Yang Shi <yang.shi@linux.alibaba.com>
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Mateusz Guzik <mguzik@redhat.com>
Cc: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Git-commit: 88aa7cc688d48ddd84558b41d5905a0db9535c4b
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Srinivas Ramana <sramana@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
c535ee76cd |
Merge 4.14.69 into android-4.14-p
Changes in 4.14.69
net: 6lowpan: fix reserved space for single frames
net: mac802154: tx: expand tailroom if necessary
9p/net: Fix zero-copy path in the 9p virtio transport
spi: davinci: fix a NULL pointer dereference
spi: pxa2xx: Add support for Intel Ice Lake
spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe
spi: cadence: Change usleep_range() to udelay(), for atomic context
mmc: renesas_sdhi_internal_dmac: fix #define RST_RESERVED_BITS
readahead: stricter check for bdi io_pages
block: blk_init_allocated_queue() set q->fq as NULL in the fail case
block: really disable runtime-pm for blk-mq
drm/i915/userptr: reject zero user_size
libertas: fix suspend and resume for SDIO connected cards
media: Revert "[media] tvp5150: fix pad format frame height"
mailbox: xgene-slimpro: Fix potential NULL pointer dereference
Replace magic for trusting the secondary keyring with #define
Fix kexec forbidding kernels signed with keys in the secondary keyring to boot
powerpc/fadump: handle crash memory ranges array index overflow
powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
PCI: Add wrappers for dev_printk()
powerpc/powernv/pci: Work around races in PCI bridge enabling
cxl: Fix wrong comparison in cxl_adapter_context_get()
ib_srpt: Fix a use-after-free in srpt_close_ch()
RDMA/rxe: Set wqe->status correctly if an unexpected response is received
9p: fix multiple NULL-pointer-dereferences
fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
9p/virtio: fix off-by-one error in sg list bounds check
net/9p/client.c: version pointer uninitialized
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
dm integrity: change 'suspending' variable from bool to int
dm thin: stop no_space_timeout worker when switching to write-mode
dm cache metadata: save in-core policy_hint_size to on-disk superblock
dm cache metadata: set dirty on all cache blocks after a crash
dm crypt: don't decrease device limits
uart: fix race between uart_put_char() and uart_shutdown()
Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind()
iio: sca3000: Fix missing return in switch
iio: ad9523: Fix displayed phase
iio: ad9523: Fix return value for ad952x_store()
extcon: Release locking when sending the notification of connector state
vmw_balloon: fix inflation of 64-bit GFNs
vmw_balloon: do not use 2MB without batching
vmw_balloon: VMCI_DOORBELL_SET does not check status
vmw_balloon: fix VMCI use when balloon built into kernel
rtc: omap: fix potential crash on power off
tracing: Do not call start/stop() functions when tracing_on does not change
tracing/blktrace: Fix to allow setting same value
printk/tracing: Do not trace printk_nmi_enter()
livepatch: Validate module/old func name length
uprobes: Use synchronize_rcu() not synchronize_sched()
mfd: hi655x: Fix regmap area declared size for hi655x
ovl: fix wrong use of impure dir cache in ovl_iterate()
drivers/block/zram/zram_drv.c: fix bug storing backing_dev
cpufreq: governor: Avoid accessing invalid governor_data
PM / sleep: wakeup: Fix build error caused by missing SRCU support
KVM: VMX: fixes for vmentry_l1d_flush module parameter
KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages
xtensa: limit offsets in __loop_cache_{all,page}
xtensa: increase ranges in ___invalidate_{i,d}cache_all
block, bfq: return nbytes and not zero from struct cftype .write() method
pnfs/blocklayout: off by one in bl_map_stripe()
NFSv4 client live hangs after live data migration recovery
NFSv4: Fix locking in pnfs_generic_recover_commit_reqs
NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence()
ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
mm/tlb: Remove tlb_remove_table() non-concurrent condition
iommu/vt-d: Add definitions for PFSID
iommu/vt-d: Fix dev iotlb pfsid use
sys: don't hold uts_sem while accessing userspace memory
userns: move user access out of the mutex
ubifs: Fix memory leak in lprobs self-check
Revert "UBIFS: Fix potential integer overflow in allocation"
ubifs: Check data node size before truncate
ubifs: xattr: Don't operate on deleted inodes
ubifs: Fix synced_i_size calculation for xattr inodes
pwm: tiehrpwm: Don't use emulation mode bits to control PWM output
pwm: tiehrpwm: Fix disabling of output of PWMs
fb: fix lost console when the user unplugs a USB adapter
udlfb: set optimal write delay
getxattr: use correct xattr length
libnvdimm: fix ars_status output length calculation
bcache: release dc->writeback_lock properly in bch_writeback_thread()
cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()
perf auxtrace: Fix queue resize
crypto: vmx - Fix sleep-in-atomic bugs
crypto: caam - fix DMA mapping direction for RSA forms 2 & 3
crypto: caam/jr - fix descriptor DMA unmapping
crypto: caam/qi - fix error path in xts setkey
fs/quota: Fix spectre gadget in do_quotactl
arm64: mm: always enable CONFIG_HOLES_IN_ZONE
Linux 4.14.69
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
fc59235394 |
Merge 4.14.69 into android-4.14
Changes in 4.14.69
net: 6lowpan: fix reserved space for single frames
net: mac802154: tx: expand tailroom if necessary
9p/net: Fix zero-copy path in the 9p virtio transport
spi: davinci: fix a NULL pointer dereference
spi: pxa2xx: Add support for Intel Ice Lake
spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe
spi: cadence: Change usleep_range() to udelay(), for atomic context
mmc: renesas_sdhi_internal_dmac: fix #define RST_RESERVED_BITS
readahead: stricter check for bdi io_pages
block: blk_init_allocated_queue() set q->fq as NULL in the fail case
block: really disable runtime-pm for blk-mq
drm/i915/userptr: reject zero user_size
libertas: fix suspend and resume for SDIO connected cards
media: Revert "[media] tvp5150: fix pad format frame height"
mailbox: xgene-slimpro: Fix potential NULL pointer dereference
Replace magic for trusting the secondary keyring with #define
Fix kexec forbidding kernels signed with keys in the secondary keyring to boot
powerpc/fadump: handle crash memory ranges array index overflow
powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
PCI: Add wrappers for dev_printk()
powerpc/powernv/pci: Work around races in PCI bridge enabling
cxl: Fix wrong comparison in cxl_adapter_context_get()
ib_srpt: Fix a use-after-free in srpt_close_ch()
RDMA/rxe: Set wqe->status correctly if an unexpected response is received
9p: fix multiple NULL-pointer-dereferences
fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
9p/virtio: fix off-by-one error in sg list bounds check
net/9p/client.c: version pointer uninitialized
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
dm integrity: change 'suspending' variable from bool to int
dm thin: stop no_space_timeout worker when switching to write-mode
dm cache metadata: save in-core policy_hint_size to on-disk superblock
dm cache metadata: set dirty on all cache blocks after a crash
dm crypt: don't decrease device limits
uart: fix race between uart_put_char() and uart_shutdown()
Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind()
iio: sca3000: Fix missing return in switch
iio: ad9523: Fix displayed phase
iio: ad9523: Fix return value for ad952x_store()
extcon: Release locking when sending the notification of connector state
vmw_balloon: fix inflation of 64-bit GFNs
vmw_balloon: do not use 2MB without batching
vmw_balloon: VMCI_DOORBELL_SET does not check status
vmw_balloon: fix VMCI use when balloon built into kernel
rtc: omap: fix potential crash on power off
tracing: Do not call start/stop() functions when tracing_on does not change
tracing/blktrace: Fix to allow setting same value
printk/tracing: Do not trace printk_nmi_enter()
livepatch: Validate module/old func name length
uprobes: Use synchronize_rcu() not synchronize_sched()
mfd: hi655x: Fix regmap area declared size for hi655x
ovl: fix wrong use of impure dir cache in ovl_iterate()
drivers/block/zram/zram_drv.c: fix bug storing backing_dev
cpufreq: governor: Avoid accessing invalid governor_data
PM / sleep: wakeup: Fix build error caused by missing SRCU support
KVM: VMX: fixes for vmentry_l1d_flush module parameter
KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages
xtensa: limit offsets in __loop_cache_{all,page}
xtensa: increase ranges in ___invalidate_{i,d}cache_all
block, bfq: return nbytes and not zero from struct cftype .write() method
pnfs/blocklayout: off by one in bl_map_stripe()
NFSv4 client live hangs after live data migration recovery
NFSv4: Fix locking in pnfs_generic_recover_commit_reqs
NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence()
ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
mm/tlb: Remove tlb_remove_table() non-concurrent condition
iommu/vt-d: Add definitions for PFSID
iommu/vt-d: Fix dev iotlb pfsid use
sys: don't hold uts_sem while accessing userspace memory
userns: move user access out of the mutex
ubifs: Fix memory leak in lprobs self-check
Revert "UBIFS: Fix potential integer overflow in allocation"
ubifs: Check data node size before truncate
ubifs: xattr: Don't operate on deleted inodes
ubifs: Fix synced_i_size calculation for xattr inodes
pwm: tiehrpwm: Don't use emulation mode bits to control PWM output
pwm: tiehrpwm: Fix disabling of output of PWMs
fb: fix lost console when the user unplugs a USB adapter
udlfb: set optimal write delay
getxattr: use correct xattr length
libnvdimm: fix ars_status output length calculation
bcache: release dc->writeback_lock properly in bch_writeback_thread()
cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()
perf auxtrace: Fix queue resize
crypto: vmx - Fix sleep-in-atomic bugs
crypto: caam - fix DMA mapping direction for RSA forms 2 & 3
crypto: caam/jr - fix descriptor DMA unmapping
crypto: caam/qi - fix error path in xts setkey
fs/quota: Fix spectre gadget in do_quotactl
arm64: mm: always enable CONFIG_HOLES_IN_ZONE
Linux 4.14.69
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Jann Horn
|
b692c405a1 |
sys: don't hold uts_sem while accessing userspace memory
commit 42a0cc3478584d4d63f68f2f5af021ddbea771fa upstream.
Holding uts_sem as a writer while accessing userspace memory allows a
namespace admin to stall all processes that attempt to take uts_sem.
Instead, move data through stack buffers and don't access userspace memory
while uts_sem is held.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Greg Kroah-Hartman
|
503f6fecb8 |
Merge 4.14.45 into android-4.14
Changes in 4.14.45
MIPS: c-r4k: Fix data corruption related to cache coherence
MIPS: ptrace: Expose FIR register through FP regset
MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
affs_lookup(): close a race with affs_remove_link()
fs: don't scan the inode cache before SB_BORN is set
aio: fix io_destroy(2) vs. lookup_ioctx() race
ALSA: timer: Fix pause event notification
do d_instantiate/unlock_new_inode combinations safely
mmc: sdhci-iproc: remove hard coded mmc cap 1.8v
mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus
libata: Blacklist some Sandisk SSDs for NCQ
libata: blacklist Micron 500IT SSD with MU01 firmware
xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros
arm64: lse: Add early clobbers to some input/output asm operands
powerpc/64s: Clear PCR on boot
IB/hfi1: Use after free race condition in send context error path
IB/umem: Use the correct mm during ib_umem_release
sr: pass down correctly sized SCSI sense buffer
idr: fix invalid ptr dereference on item delete
Revert "ipc/shm: Fix shmat mmap nil-page protection"
ipc/shm: fix shmat() nil address after round-down when remapping
mm/kasan: don't vfree() nonexistent vm_area
kasan: free allocated shadow memory on MEM_CANCEL_ONLINE
kasan: fix memory hotplug during boot
kernel/sys.c: fix potential Spectre v1 issue
KVM/VMX: Expose SSBD properly to guests
KVM: s390: vsie: fix < 8k check for the itdba
KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed
kvm: x86: IA32_ARCH_CAPABILITIES is always supported
x86/kvm: fix LAPIC timer drift when guest uses periodic mode
powerpc/64s: Improve RFI L1-D cache flush fallback
powerpc/pseries: Support firmware disable of RFI flush
powerpc/powernv: Support firmware disable of RFI flush
powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
powerpc/rfi-flush: Always enable fallback flush on pseries
powerpc/rfi-flush: Differentiate enabled and patched flush types
powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
powerpc: Add security feature flags for Spectre/Meltdown
powerpc/pseries: Set or clear security feature flags
powerpc/powernv: Set or clear security feature flags
powerpc/64s: Move cpu_show_meltdown()
powerpc/64s: Enhance the information in cpu_show_meltdown()
powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
powerpc/64s: Wire up cpu_show_spectre_v1()
powerpc/64s: Wire up cpu_show_spectre_v2()
powerpc/pseries: Fix clearing of security feature flags
powerpc: Move default security feature flags
powerpc/pseries: Restore default security feature flags on setup
powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
MIPS: generic: Fix machine compatible matching
mac80211: mesh: fix wrong mesh TTL offset calculation
ARC: Fix malformed ARC_EMUL_UNALIGNED default
ptr_ring: prevent integer overflow when calculating size
arm64: dts: rockchip: fix rock64 gmac2io stability issues
arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire
libata: Fix compile warning with ATA_DEBUG enabled
selftests: sync: missing CFLAGS while compiling
selftest/vDSO: fix O=
selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m
selftests: memfd: add config fragment for fuse
ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
ARM: OMAP3: Fix prm wake interrupt for resume
ARM: OMAP2+: Fix sar_base inititalization for HS omaps
ARM: OMAP1: clock: Fix debugfs_create_*() usage
ibmvnic: Wait until reset is complete to set carrier on
ibmvnic: Free RX socket buffer in case of adapter error
ibmvnic: Clean RX pool buffers during device close
tls: retrun the correct IV in getsockopt
xhci: workaround for AMD Promontory disabled ports wakeup
IB/uverbs: Fix method merging in uverbs_ioctl_merge
IB/uverbs: Fix possible oops with duplicate ioctl attributes
IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy
arm64: dts: rockchip: Fix DWMMC clocks
ARM: dts: rockchip: Fix DWMMC clocks
iwlwifi: mvm: fix security bug in PN checking
iwlwifi: mvm: fix IBSS for devices that support station type API
iwlwifi: mvm: always init rs with 20mhz bandwidth rates
NFC: llcp: Limit size of SDP URI
rxrpc: Work around usercopy check
MD: Free bioset when md_run fails
md: fix md_write_start() deadlock w/o metadata devices
s390/dasd: fix handling of internal requests
xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos
mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
mac80211: fix a possible leak of station stats
mac80211: fix calling sleeping function in atomic context
cfg80211: clear wep keys after disconnection
mac80211: Do not disconnect on invalid operating class
mac80211: Fix sending ADDBA response for an ongoing session
gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle
gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle
md raid10: fix NULL deference in handle_write_completed()
drm/exynos: g2d: use monotonic timestamps
drm/exynos: fix comparison to bitshift when dealing with a mask
drm/meson: fix vsync buffer update
arm64: perf: correct PMUVer probing
RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails
RDMA/bnxt_re: Fix system crash during load/unload
ibmvnic: Check for NULL skb's in NAPI poll routine
net/mlx5e: Return error if prio is specified when offloading eswitch vlan push
locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
md: raid5: avoid string overflow warning
virtio_net: fix XDP code path in receive_small()
kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
bug.h: work around GCC PR82365 in BUG()
selftests/memfd: add run_fuse_test.sh to TEST_FILES
seccomp: add a selftest for get_metadata
soc: imx: gpc: de-register power domains only if initialized
powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
s390/cio: fix ccw_device_start_timeout API
s390/cio: fix return code after missing interrupt
s390/cio: clear timer when terminating driver I/O
selftests/bpf/test_maps: exit child process without error in ENOMEM case
PKCS#7: fix direct verification of SignerInfo signature
arm64: dts: cavium: fix PCI bus dtc warnings
nfs: system crashes after NFS4ERR_MOVED recovery
ARM: OMAP: Fix dmtimer init for omap1
smsc75xx: fix smsc75xx_set_features()
regulatory: add NUL to request alpha2
integrity/security: fix digsig.c build error with header file
x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system
locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations
mac80211: drop frames with unexpected DS bits from fast-rx to slow path
arm64: fix unwind_frame() for filtered out fn for function graph tracing
macvlan: fix use-after-free in macvlan_common_newlink()
KVM: nVMX: Don't halt vcpu when L1 is injecting events to L2
kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds
ARM: dts: imx6dl: Include correct dtsi file for Engicam i.CoreM6 DualLite/Solo RQS
fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
fs: dcache: Use READ_ONCE when accessing i_dir_seq
md: fix a potential deadlock of raid5/raid10 reshape
md/raid1: fix NULL pointer dereference
batman-adv: fix packet checksum in receive path
batman-adv: invalidate checksum on fragment reassembly
netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount
netfilter: ipt_CLUSTERIP: put config instead of freeing it
netfilter: ebtables: convert BUG_ONs to WARN_ONs
batman-adv: Ignore invalid batadv_iv_gw during netlink send
batman-adv: Ignore invalid batadv_v_gw during netlink send
batman-adv: Fix netlink dumping of BLA claims
batman-adv: Fix netlink dumping of BLA backbones
nvme-pci: Fix nvme queue cleanup if IRQ setup fails
clocksource/drivers/fsl_ftm_timer: Fix error return checking
libceph, ceph: avoid memory leak when specifying same option several times
ceph: fix dentry leak when failing to init debugfs
xen/pvcalls: fix null pointer dereference on map->sock
ARM: orion5x: Revert commit
|
||
|
Gustavo A. R. Silva
|
058dfcf9c2 |
kernel/sys.c: fix potential Spectre v1 issue
commit 23d6aef74da86a33fa6bb75f79565e0a16ee97c2 upstream. `resource' can be controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: kernel/sys.c:1474 __do_compat_sys_old_getrlimit() warn: potential spectre issue 'get_current()->signal->rlim' (local cap) kernel/sys.c:1455 __do_sys_old_getrlimit() warn: potential spectre issue 'get_current()->signal->rlim' (local cap) Fix this by sanitizing *resource* before using it to index current->signal->rlim Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Link: http://lkml.kernel.org/r/20180515030038.GA11822@embeddedor.com Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
4c9e0a9b25 |
Merge 4.14.43 into android-4.14
Changes in 4.14.43
usbip: usbip_host: refine probe and disconnect debug msgs to be useful
usbip: usbip_host: delete device from busid_table after rebind
usbip: usbip_host: run rebind from exit when module is removed
usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
usbip: usbip_host: fix bad unlock balance during stub_probe()
ALSA: usb: mixer: volume quirk for CM102-A+/102S+
ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
ALSA: control: fix a redundant-copy issue
spi: pxa2xx: Allow 64-bit DMA
spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master
spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL
KVM: arm/arm64: VGIC/ITS save/restore: protect kvm_read_guest() calls
KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock
powerpc: Don't preempt_disable() in show_cpuinfo()
vfio: ccw: fix cleanup if cp_prefetch fails
tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
tee: shm: fix use-after-free via temporarily dropped reference
netfilter: nf_tables: free set name in error path
netfilter: nf_tables: can't fail after linking rule into active rule list
netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6}
i2c: designware: fix poll-after-enable regression
powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
drm: Match sysfs name in link removal to link creation
lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly
radix tree: fix multi-order iteration race
mm: don't allow deferred pages with NEED_PER_CPU_KM
drm/i915/gen9: Add WaClearHIZ_WM_CHICKEN3 for bxt and glk
s390/qdio: fix access to uninitialized qdio_q fields
s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
s390/qdio: don't release memory in qdio_setup_irq()
s390: remove indirect branch from do_softirq_own_stack
x86/pkeys: Override pkey when moving away from PROT_EXEC
x86/pkeys: Do not special case protection key 0
efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
x86/mm: Drop TS_COMPAT on 64-bit exec() syscall
tick/broadcast: Use for_each_cpu() specially on UP kernels
ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
Btrfs: fix xattr loss after power failure
Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting
btrfs: property: Set incompat flag if lzo/zstd compression is set
btrfs: fix crash when trying to resume balance without the resume flag
btrfs: Split btrfs_del_delalloc_inode into 2 functions
btrfs: Fix delalloc inodes invalidation during transaction abort
btrfs: fix reading stale metadata blocks after degraded raid1 mounts
x86/nospec: Simplify alternative_msr_write()
x86/bugs: Concentrate bug detection into a separate function
x86/bugs: Concentrate bug reporting into a separate function
x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
x86/bugs, KVM: Support the combination of guest and host IBRS
x86/bugs: Expose /sys/../spec_store_bypass
x86/cpufeatures: Add X86_FEATURE_RDS
x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation
x86/bugs/intel: Set proper CPU features and setup RDS
x86/bugs: Whitelist allowed SPEC_CTRL MSR values
x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
x86/speculation: Create spec-ctrl.h to avoid include hell
prctl: Add speculation control prctls
x86/process: Allow runtime control of Speculative Store Bypass
x86/speculation: Add prctl for Speculative Store Bypass mitigation
nospec: Allow getting/setting on non-current task
proc: Provide details on speculation flaw mitigations
seccomp: Enable speculation flaw mitigations
x86/bugs: Make boot modes __ro_after_init
prctl: Add force disable speculation
seccomp: Use PR_SPEC_FORCE_DISABLE
seccomp: Add filter flag to opt-out of SSB mitigation
seccomp: Move speculation migitation control to arch code
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
x86/bugs: Rename _RDS to _SSBD
proc: Use underscores for SSBD in 'status'
Documentation/spec_ctrl: Do some minor cleanups
x86/bugs: Fix __ssb_select_mitigation() return type
x86/bugs: Make cpu_show_common() static
x86/bugs: Fix the parameters alignment and missing void
x86/cpu: Make alternative_msr_write work for 32-bit code
KVM: SVM: Move spec control call after restore of GS
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
x86/cpufeatures: Disentangle SSBD enumeration
x86/cpufeatures: Add FEATURE_ZEN
x86/speculation: Handle HT correctly on AMD
x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
x86/speculation: Add virtualized speculative store bypass disable support
x86/speculation: Rework speculative_store_bypass_update()
x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
x86/bugs: Expose x86_spec_ctrl_base directly
x86/bugs: Remove x86_spec_ctrl_set()
x86/bugs: Rework spec_ctrl base and mask logic
x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
x86/bugs: Rename SSBD_NO to SSB_NO
Linux 4.14.43
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Kees Cook
|
7d1254a148 |
nospec: Allow getting/setting on non-current task
commit 7bbf1373e228840bb0295a2ca26d548ef37f448e upstream Adjust arch_prctl_get/set_spec_ctrl() to operate on tasks other than current. This is needed both for /proc/$pid/status queries and for seccomp (since thread-syncing can trigger seccomp in non-current threads). Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Thomas Gleixner
|
33f6a06810 |
prctl: Add speculation control prctls
commit b617cfc858161140d69cc0b5cc211996b557a1c7 upstream
Add two new prctls to control aspects of speculation related vulnerabilites
and their mitigations to provide finer grained control over performance
impacting mitigations.
PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature
which is selected with arg2 of prctl(2). The return value uses bit 0-2 with
the following meaning:
Bit Define Description
0 PR_SPEC_PRCTL Mitigation can be controlled per task by
PR_SET_SPECULATION_CTRL
1 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is
disabled
2 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is
enabled
If all bits are 0 the CPU is not affected by the speculation misfeature.
If PR_SPEC_PRCTL is set, then the per task control of the mitigation is
available. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation
misfeature will fail.
PR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which
is selected by arg2 of prctl(2) per task. arg3 is used to hand in the
control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE.
The common return values are:
EINVAL prctl is not implemented by the architecture or the unused prctl()
arguments are not 0
ENODEV arg2 is selecting a not supported speculation misfeature
PR_SET_SPECULATION_CTRL has these additional return values:
ERANGE arg3 is incorrect, i.e. it's not either PR_SPEC_ENABLE or PR_SPEC_DISABLE
ENXIO prctl control of the selected speculation misfeature is disabled
The first supported controlable speculation misfeature is
PR_SPEC_STORE_BYPASS. Add the define so this can be shared between
architectures.
Based on an initial patch from Tim Chen and mostly rewritten.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Colin Cross
|
8392add7be |
ANDROID: mm: add a field to store names for private anonymous memory
Userspace processes often have multiple allocators that each do
anonymous mmaps to get memory. When examining memory usage of
individual processes or systems as a whole, it is useful to be
able to break down the various heaps that were allocated by
each layer and examine their size, RSS, and physical memory
usage.
This patch adds a user pointer to the shared union in
vm_area_struct that points to a null terminated string inside
the user process containing a name for the vma. vmas that
point to the same address will be merged, but vmas that
point to equivalent strings at different addresses will
not be merged.
Userspace can set the name for a region of memory by calling
prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, start, len, (unsigned long)name);
Setting the name to NULL clears it.
The names of named anonymous vmas are shown in /proc/pid/maps
as [anon:<name>] and in /proc/pid/smaps in a new "Name" field
that is only present for named vmas. If the userspace pointer
is no longer valid all or part of the name will be replaced
with "<fault>".
The idea to store a userspace pointer to reduce the complexity
within mm (at the expense of the complexity of reading
/proc/pid/mem) came from Dave Hansen. This results in no
runtime overhead in the mm subsystem other than comparing
the anon_name pointers when considering vma merging. The pointer
is stored in a union with fieds that are only used on file-backed
mappings, so it does not increase memory usage.
Includes fix from Jed Davis <jld@mozilla.com> for typo in
prctl_set_vma_anon_name, which could attempt to set the name
across two vmas at the same time due to a typo, which might
corrupt the vma list. Fix it to use tmp instead of end to limit
the name setting to a single vma at a time.
Change-Id: I9aa7b6b5ef536cd780599ba4e2fba8ceebe8b59f
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
[AmitP: Fix get_user_pages_remote() call to align with upstream commit
|
||
|
Greg Kroah-Hartman
|
b24413180f |
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Many source files in the tree are missing licensing information, which makes it harder for compliance tools to determine the correct license. By default all files without license information are under the default license of the kernel, which is GPL version 2. Update the files which contain no license information with the 'GPL-2.0' SPDX license identifier. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. This patch is based on work done by Thomas Gleixner and Kate Stewart and Philippe Ombredanne. How this work was done: Patches were generated and checked against linux-4.14-rc6 for a subset of the use cases: - file had no licensing information it it. - file was a */uapi/* one with no licensing information in it, - file was a */uapi/* one with existing licensing information, Further patches will be generated in subsequent months to fix up cases where non-standard license headers were used, and references to license had to be inferred by heuristics based on keywords. The analysis to determine which SPDX License Identifier to be applied to a file was done in a spreadsheet of side by side results from of the output of two independent scanners (ScanCode & Windriver) producing SPDX tag:value files created by Philippe Ombredanne. Philippe prepared the base worksheet, and did an initial spot review of a few 1000 files. The 4.13 kernel was the starting point of the analysis with 60,537 files assessed. Kate Stewart did a file by file comparison of the scanner results in the spreadsheet to determine which SPDX license identifier(s) to be applied to the file. She confirmed any determination that was not immediately clear with lawyers working with the Linux Foundation. Criteria used to select files for SPDX license identifier tagging was: - Files considered eligible had to be source code files. - Make and config files were included as candidates if they contained >5 lines of source - File already had some variant of a license header in it (even if <5 lines). All documentation files were explicitly excluded. The following heuristics were used to determine which SPDX license identifiers to apply. - when both scanners couldn't find any license traces, file was considered to have no license information in it, and the top level COPYING file license applied. For non */uapi/* files that summary was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 11139 and resulted in the first patch in this series. If that file was a */uapi/* path one, it was "GPL-2.0 WITH Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 WITH Linux-syscall-note 930 and resulted in the second patch in this series. - if a file had some form of licensing information in it, and was one of the */uapi/* ones, it was denoted with the Linux-syscall-note if any GPL family license was found in the file or had no licensing in it (per prior point). Results summary: SPDX license identifier # files ---------------------------------------------------|------ GPL-2.0 WITH Linux-syscall-note 270 GPL-2.0+ WITH Linux-syscall-note 169 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17 LGPL-2.1+ WITH Linux-syscall-note 15 GPL-1.0+ WITH Linux-syscall-note 14 ((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5 LGPL-2.0+ WITH Linux-syscall-note 4 LGPL-2.1 WITH Linux-syscall-note 3 ((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3 ((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1 and that resulted in the third patch in this series. - when the two scanners agreed on the detected license(s), that became the concluded license(s). - when there was disagreement between the two scanners (one detected a license but the other didn't, or they both detected different licenses) a manual inspection of the file occurred. - In most cases a manual inspection of the information in the file resulted in a clear resolution of the license that should apply (and which scanner probably needed to revisit its heuristics). - When it was not immediately clear, the license identifier was confirmed with lawyers working with the Linux Foundation. - If there was any question as to the appropriate license identifier, the file was flagged for further research and to be revisited later in time. In total, over 70 hours of logged manual review was done on the spreadsheet to determine the SPDX license identifiers to apply to the source files by Kate, Philippe, Thomas and, in some cases, confirmation by lawyers working with the Linux Foundation. Kate also obtained a third independent scan of the 4.13 code base from FOSSology, and compared selected files where the other two scanners disagreed against that SPDX file, to see if there was new insights. The Windriver scanner is based on an older version of FOSSology in part, so they are related. Thomas did random spot checks in about 500 files from the spreadsheets for the uapi headers and agreed with SPDX license identifier in the files he inspected. For the non-uapi files Thomas did random spot checks in about 15000 files. In initial set of patches against 4.14-rc6, 3 files were found to have copy/paste license identifier errors, and have been fixed to reflect the correct identifier. Additionally Philippe spent 10 hours this week doing a detailed manual inspection and review of the 12,461 patched files from the initial patch version early this week with: - a full scancode scan run, collecting the matched texts, detected license ids and scores - reviewing anything where there was a license detected (about 500+ files) to ensure that the applied SPDX license was correct - reviewing anything where there was no detection but the patch license was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied SPDX license was correct This produced a worksheet with 20 files needing minor correction. This worksheet was then exported into 3 different .csv files for the different types of files to be modified. These .csv files were then reviewed by Greg. Thomas wrote a script to parse the csv files and add the proper SPDX tag to the file, in the format that the file expected. This script was further refined by Greg based on the output to detect more types of files automatically and to distinguish between header and source .c files (which need different comment types.) Finally Greg ran the script using the .csv files to generate the patches. Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Kirill Tkhai
|
4d28df6152 |
prctl: Allow local CAP_SYS_ADMIN changing exe_file
During checkpointing and restore of userspace tasks we bumped into the situation, that it's not possible to restore the tasks, which user namespace does not have uid 0 or gid 0 mapped. People create user namespace mappings like they want, and there is no a limitation on obligatory uid and gid "must be mapped". So, if there is no uid 0 or gid 0 in the mapping, it's impossible to restore mm->exe_file of the processes belonging to this user namespace. Also, there is no a workaround. It's impossible to create a temporary uid/gid mapping, because only one write to /proc/[pid]/uid_map and gid_map is allowed during a namespace lifetime. If there is an entry, then no more mapings can't be written. If there isn't an entry, we can't write there too, otherwise user task won't be able to do that in the future. The patch changes the check, and looks for CAP_SYS_ADMIN instead of zero uid and gid. This allows to restore a task independently of its user namespace mappings. Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> CC: Andrew Morton <akpm@linux-foundation.org> CC: Serge Hallyn <serge@hallyn.com> CC: "Eric W. Biederman" <ebiederm@xmission.com> CC: Oleg Nesterov <oleg@redhat.com> CC: Michal Hocko <mhocko@suse.com> CC: Andrei Vagin <avagin@openvz.org> CC: Cyrill Gorcunov <gorcunov@openvz.org> CC: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com> CC: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> |
||
|
Al Viro
|
58c7ffc074 |
fix a braino in compat_sys_getrlimit()
Reported-and-tested-by: Meelis Roos <mroos@linux.ee>
Fixes: commit
|
||
|
Michal Hocko
|
1860033237 |
mm: make PR_SET_THP_DISABLE immediately active
PR_SET_THP_DISABLE has a rather subtle semantic. It doesn't affect any
existing mapping because it only updated mm->def_flags which is a
template for new mappings.
The mappings created after prctl(PR_SET_THP_DISABLE) have VM_NOHUGEPAGE
flag set. This can be quite surprising for all those applications which
do not do prctl(); fork() & exec() and want to control their own THP
behavior.
Another usecase when the immediate semantic of the prctl might be useful
is a combination of pre- and post-copy migration of containers with
CRIU. In this case CRIU populates a part of a memory region with data
that was saved during the pre-copy stage. Afterwards, the region is
registered with userfaultfd and CRIU expects to get page faults for the
parts of the region that were not yet populated. However, khugepaged
collapses the pages and the expected page faults do not occur.
In more general case, the prctl(PR_SET_THP_DISABLE) could be used as a
temporary mechanism for enabling/disabling THP process wide.
Implementation wise, a new MMF_DISABLE_THP flag is added. This flag is
tested when decision whether to use huge pages is taken either during
page fault of at the time of THP collapse.
It should be noted, that the new implementation makes PR_SET_THP_DISABLE
master override to any per-VMA setting, which was not the case
previously.
Fixes:
|
||
|
Linus Torvalds
|
c856863988 |
Merge branch 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull misc compat stuff updates from Al Viro:
"This part is basically untangling various compat stuff. Compat
syscalls moved to their native counterparts, getting rid of quite a
bit of double-copying and/or set_fs() uses. A lot of field-by-field
copyin/copyout killed off.
- kernel/compat.c is much closer to containing just the
copyin/copyout of compat structs. Not all compat syscalls are gone
from it yet, but it's getting there.
- ipc/compat_mq.c killed off completely.
- block/compat_ioctl.c cleaned up; floppy compat ioctls moved to
drivers/block/floppy.c where they belong. Yes, there are several
drivers that implement some of the same ioctls. Some are m68k and
one is 32bit-only pmac. drivers/block/floppy.c is the only one in
that bunch that can be built on biarch"
* 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
mqueue: move compat syscalls to native ones
usbdevfs: get rid of field-by-field copyin
compat_hdio_ioctl: get rid of set_fs()
take floppy compat ioctls to sodding floppy.c
ipmi: get rid of field-by-field __get_user()
ipmi: get COMPAT_IPMICTL_RECEIVE_MSG in sync with the native one
rt_sigtimedwait(): move compat to native
select: switch compat_{get,put}_fd_set() to compat_{get,put}_bitmap()
put_compat_rusage(): switch to copy_to_user()
sigpending(): move compat to native
getrlimit()/setrlimit(): move compat to native
times(2): move compat to native
compat_{get,put}_bitmap(): use unsafe_{get,put}_user()
fb_get_fscreeninfo(): don't bother with do_fb_ioctl()
do_sigaltstack(): lift copying to/from userland into callers
take compat_sys_old_getrlimit() to native syscall
trim __ARCH_WANT_SYS_OLD_GETRLIMIT
|
||
|
Al Viro
|
d9e968cb9f |
getrlimit()/setrlimit(): move compat to native
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Al Viro
|
ca2406ed58 |
times(2): move compat to native
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Al Viro
|
613763a1f0 |
take compat_sys_old_getrlimit() to native syscall
... and sanitize the ifdefs in there Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Al Viro
|
ce72a16fa7 |
wait4(2)/waitid(2): separate copying rusage to userland
New helpers: kernel_waitid() and kernel_wait4(). sys_waitid(), sys_wait4() and their compat variants switched to those. Copying struct rusage to userland is left to syscall itself. For compat_sys_wait4() that eliminates the use of set_fs() completely. For compat_sys_waitid() it's still needed (for siginfo handling); that will change shortly. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Linus Torvalds
|
e579dde654 |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull namespace updates from Eric Biederman: "This is a set of small fixes that were mostly stumbled over during more significant development. This proc fix and the fix to posix-timers are the most significant of the lot. There is a lot of good development going on but unfortunately it didn't quite make the merge window" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: proc: Fix unbalanced hard link numbers signal: Make kill_proc_info static rlimit: Properly call security_task_setrlimit signal: Remove unused definition of sig_user_definied ia64: Remove unused IA64_TASK_SIGHAND_OFFSET and IA64_SIGHAND_SIGLOCK_OFFSET ipc: Remove unused declaration of recompute_msgmni posix-timers: Correct sanity check in posix_cpu_nsleep sysctl: Remove dead register_sysctl_root |
||
|
Eric W. Biederman
|
cad4ea546b |
rlimit: Properly call security_task_setrlimit
Modify do_prlimit to call security_task_setrlimit passing the task whose rlimit we are changing not the tsk->group_leader. In general this should not matter as the lsms implementing security_task_setrlimit apparmor and selinux both examine the task->cred to see what should be allowed on the destination task. That task->cred is shared between tasks created with CLONE_THREAD unless thread keyrings are in play, in which case both apparmor and selinux create duplicate security contexts. So the only time when it will matter which thread is passed to security_task_setrlimit is if one of the threads of a process performs an operation that changes only it's credentials. At which point if a thread has done that we don't want to hide that information from the lsms. So fix the call of security_task_setrlimit. With the removal of tsk->group_leader this makes the code slightly faster, more comprehensible and maintainable. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |