94de3b405c8dee0ffc8de5c06b32fbf00fc4e8f9
38873 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Andrey Konovalov
|
cdb4c18935 |
FROMLIST: kasan, fork: reset pointer tags of vmapped stacks
[Combines a FROMGIT patch and a FROMLIST fix for it.] Once tag-based KASAN modes start tagging vmalloc() allocations, kernel stacks start getting tagged if CONFIG_VMAP_STACK is enabled. Reset the tag of kernel stack pointers after allocation in alloc_thread_stack_node(). For SW_TAGS KASAN, when CONFIG_KASAN_STACK is enabled, the instrumentation can't handle the SP register being tagged. For HW_TAGS KASAN, there's no instrumentation-related issues. However, the impact of having a tagged SP register needs to be properly evaluated, so keep it non-tagged for now. Note, that the memory for the stack allocation still gets tagged to catch vmalloc-into-stack out-of-bounds accesses. Link: https://lkml.kernel.org/r/c6c96f012371ecd80e1936509ebcd3b07a5956f7.1643047180.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Reviewed-by: Alexander Potapenko <glider@google.com> Acked-by: Marco Elver <elver@google.com> Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Evgenii Stepanov <eugenis@google.com> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Peter Collingbourne <pcc@google.com> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> (cherry picked from commit 9d2dae85d689202c56068ce62e20821ad91c3606 git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git akpm) Link: https://lore.kernel.org/linux-mm/f50c5f96ef896d7936192c888b0c0a7674e33184.1644943792.git.andreyknvl@google.com/ Bug: 217222520 Change-Id: Ie723b03f1b857bc841cffc9a424b2791c97044a6 Signed-off-by: Andrey Konovalov <andreyknvl@google.com> |
||
|
Jun Miao
|
2f8e463885 |
UPSTREAM: rcu: Avoid alloc_pages() when recording stack
The default kasan_record_aux_stack() calls stack_depot_save() with GFP_NOWAIT, which in turn can then call alloc_pages(GFP_NOWAIT, ...). In general, however, it is not even possible to use either GFP_ATOMIC nor GFP_NOWAIT in certain non-preemptive contexts/RT kernel including raw_spin_locks (see gfp.h and |
||
|
Marco Elver
|
507128e800 |
UPSTREAM: workqueue, kasan: avoid alloc_pages() when recording stack
Shuah Khan reported:
| When CONFIG_PROVE_RAW_LOCK_NESTING=y and CONFIG_KASAN are enabled,
| kasan_record_aux_stack() runs into "BUG: Invalid wait context" when
| it tries to allocate memory attempting to acquire spinlock in page
| allocation code while holding workqueue pool raw_spinlock.
|
| There are several instances of this problem when block layer tries
| to __queue_work(). Call trace from one of these instances is below:
|
| kblockd_mod_delayed_work_on()
| mod_delayed_work_on()
| __queue_delayed_work()
| __queue_work() (rcu_read_lock, raw_spin_lock pool->lock held)
| insert_work()
| kasan_record_aux_stack()
| kasan_save_stack()
| stack_depot_save()
| alloc_pages()
| __alloc_pages()
| get_page_from_freelist()
| rm_queue()
| rm_queue_pcplist()
| local_lock_irqsave(&pagesets.lock, flags);
| [ BUG: Invalid wait context triggered ]
The default kasan_record_aux_stack() calls stack_depot_save() with
GFP_NOWAIT, which in turn can then call alloc_pages(GFP_NOWAIT, ...).
In general, however, it is not even possible to use either GFP_ATOMIC
nor GFP_NOWAIT in certain non-preemptive contexts, including
raw_spin_locks (see gfp.h and commmit
|
||
|
keystone-kernel-automerger
|
8da0359d2d |
Merge remote-tracking branch into HEAD
* keystone/mirror-android13-5.15: ANDROID: GKI: enable hung task detector ANDROID: kleaf: make a note to sync define_common_kernels() and KMI_SYMBOL_LIST(S). Linux 5.15.23 tipc: improve size validations for received domain records crypto: api - Move cryptomgr soft dependency into algapi ksmbd: fix SMB 3.11 posix extension mount failure KVM: s390: Return error on SIDA memop on normal guest arm64: Add Cortex-A510 CPU part definition moxart: fix potential use-after-free on remove path ANDROID: GKI: Enable CONFIG_SERIAL_8250_RUNTIME_UARTS=0 ANDROID: clang: update to 14.0.2 ANDROID: remoteproc: core: Export the rproc coredump APIs ANDROID: sched: Don't allow frozen asymmetric tasks to remain on the rq FROMLIST: sched: Defer wakeup in ttwu() for unschedulable frozen tasks FROMLIST: freezer: Add frozen_or_skipped() helper function Signed-off-by: keystone-kernel-automerger <keystone-kernel-automerger@google.com> Change-Id: I1372e09d922fa0e4d513bb9b0347cb0496615df1 |
||
|
Will Deacon
|
ccabb0e365 |
ANDROID: sched: Don't allow frozen asymmetric tasks to remain on the rq
If a task with a restricted possible CPU mask and PF_FROZEN or PF_FREEZER_SKIP set blocks, then we must not put it back on the runqueue to handle a signal because this could lead to migration failures later on if the suspending CPU is not capable of running it. Return such a task to the runqueue only if a fatal signal is pending, and otherwise allow the task to block. Bug: 202918514 Signed-off-by: Will Deacon <willdeacon@google.com> Change-Id: I04cc9e65751f2bffc556c4da9ef02fe386764324 |
||
|
Will Deacon
|
6ebb3c5057 |
FROMLIST: sched: Defer wakeup in ttwu() for unschedulable frozen tasks
Asymmetric systems may not offer the same level of userspace ISA support across all CPUs, meaning that some applications cannot be executed by some CPUs. As a concrete example, upcoming arm64 big.LITTLE designs do not feature support for 32-bit applications on both clusters. Although we take care to prevent explicit hot-unplug of all 32-bit capable CPUs on such a system, this is required when suspending on some SoCs where the firmware mandates that the suspend/resume operation is handled by CPU 0, which may not be capable of running 32-bit tasks. Consequently, there is a window on the resume path where no 32-bit capable CPUs are available for scheduling and waking up a 32-bit task will result in a scheduler BUG() due to failure of select_fallback_rq(): | kernel BUG at kernel/sched/core.c:2858! | Internal error: Oops - BUG: 0 [#1] PREEMPT SMP | ... | Call trace: | select_fallback_rq+0x4b0/0x4e4 | try_to_wake_up.llvm.4388853297126348405+0x460/0x5b0 | default_wake_function+0x1c/0x30 | autoremove_wake_function+0x1c/0x60 | __wake_up_common.llvm.11763074518265335900+0x100/0x1b8 | __wake_up+0x78/0xc4 | ep_poll_callback+0x20c/0x3fc Prevent wakeups of unschedulable frozen tasks in ttwu() and instead defer the wakeup to __thaw_tasks(), which runs only once all the secondary CPUs are back online. Signed-off-by: Will Deacon <will@kernel.org> Link: https://lore.kernel.org/linux-arch/20210525151432.16875-17-will@kernel.org/ Bug: 186372082 Signed-off-by: Will Deacon <willdeacon@google.com> Change-Id: I5a0531b48d537a79e1926289b5a87edcd7dd78ad (cherry picked from commit 94155f60a54df82652117b58c124a529556db6be) |
||
|
Will Deacon
|
56dcbabd69 |
FROMLIST: freezer: Add frozen_or_skipped() helper function
Occasionally it is necessary to see if a task is either frozen or sleeping in the PF_FREEZER_SKIP state. In preparation for adding additional users of this check, introduce a frozen_or_skipped() helper function and convert the hung task detector over to using it. Signed-off-by: Will Deacon <will@kernel.org> Link: https://lore.kernel.org/linux-arch/20210525151432.16875-16-will@kernel.org/ Bug: 186372082 Signed-off-by: Will Deacon <willdeacon@google.com> Change-Id: I138ffe2fae5a2da96df6f30d50d3a8a0dc61724c (cherry picked from commit 9c12d3611791b3d5fcba8ee47648c812f60cb3ac) |
||
|
keystone-kernel-automerger
|
e5d7e760cd |
Merge remote-tracking branch into HEAD
* keystone/mirror-android13-5.15: (116 commits) Revert "ANDROID: GKI: defconfig: enable BTF debug info" UPSTREAM: firmware: arm_ffa: Remove unused 'compat_version' variable UPSTREAM: firmware: arm_ffa: Add support for MEM_LEND UPSTREAM: firmware: arm_ffa: Handle compatibility with different firmware versions Linux 5.15.22 selftests: netfilter: check stateless nat udp checksum fixup selftests: nft_concat_range: add test for reload with no element add/del gpio: mpc8xxx: Fix an ignored error return from platform_get_irq() gpio: idt3243x: Fix an ignored error return from platform_get_irq() tools include UAPI: Sync sound/asound.h copy with the kernel sources cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY ext4: fix incorrect type issue during replay_del_range ext4: fix error handling in ext4_fc_record_modified_inode() ext4: fix error handling in ext4_restore_inline_data() ext4: modify the logic of ext4_mb_new_blocks_simple ext4: prevent used blocks from being allocated during fast commit replay EDAC/xgene: Fix deferred probing EDAC/altera: Fix deferred probing x86/perf: Default set FREEZE_ON_SMI for all ... Signed-off-by: keystone-kernel-automerger <keystone-kernel-automerger@google.com> Change-Id: I128ee16b32abc7dfdbbf610142c76c89a1a20573 |
||
|
Greg Kroah-Hartman
|
a74d4e284c |
Merge 5.15.22 into android13-5.15
Changes in 5.15.22
drm/i915: Disable DSB usage for now
selinux: fix double free of cond_list on error paths
audit: improve audit queue handling when "audit=1" on cmdline
ipc/sem: do not sleep with a spin lock held
spi: stm32-qspi: Update spi registering
ASoC: hdmi-codec: Fix OOB memory accesses
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
ALSA: usb-audio: Correct quirk for VF0770
ALSA: hda: Fix UAF of leds class devs at unbinding
ALSA: hda: realtek: Fix race at concurrent COEF updates
ALSA: hda/realtek: Add quirk for ASUS GU603
ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks
ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset)
ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows
btrfs: don't start transaction for scrub if the fs is mounted read-only
btrfs: fix deadlock between quota disable and qgroup rescan worker
btrfs: fix use-after-free after failure to create a snapshot
Revert "fs/9p: search open fids first"
drm/nouveau: fix off by one in BIOS boundary checking
drm/i915/adlp: Fix TypeC PHY-ready status readout
drm/amd/pm: correct the MGpuFanBoost support for Beige Goby
drm/amd/display: watermark latencies is not enough on DCN31
drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15" Apple Retina panels
nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
mm/debug_vm_pgtable: remove pte entry from the page table
mm/pgtable: define pte_index so that preprocessor could recognize it
mm/kmemleak: avoid scanning potential huge holes
block: bio-integrity: Advance seed correctly for larger interval sizes
dma-buf: heaps: Fix potential spectre v1 gadget
IB/hfi1: Fix AIP early init panic
Revert "fbcon: Disable accelerated scrolling"
fbcon: Add option to enable legacy hardware acceleration
mptcp: fix msk traversal in mptcp_nl_cmd_set_flags()
Revert "ASoC: mediatek: Check for error clk pointer"
KVM: arm64: Avoid consuming a stale esr value when SError occur
KVM: arm64: Stop handle_exit() from handling HVC twice when an SError occurs
RDMA/cma: Use correct address when leaving multicast group
RDMA/ucma: Protect mc during concurrent multicast leaves
RDMA/siw: Fix refcounting leak in siw_create_qp()
IB/rdmavt: Validate remote_addr during loopback atomic tests
RDMA/siw: Fix broken RDMA Read Fence/Resume logic.
RDMA/mlx4: Don't continue event handler after memory allocation failure
ALSA: usb-audio: initialize variables that could ignore errors
ALSA: hda: Fix signedness of sscanf() arguments
ALSA: hda: Skip codec shutdown in case the codec is not registered
iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
spi: bcm-qspi: check for valid cs before applying chip select
spi: mediatek: Avoid NULL pointer crash in interrupt
spi: meson-spicc: add IRQ check in meson_spicc_probe
spi: uniphier: fix reference count leak in uniphier_spi_probe()
IB/hfi1: Fix tstats alloc and dealloc
IB/cm: Release previously acquired reference counter in the cm_id_priv
net: ieee802154: hwsim: Ensure proper channel selection at probe time
net: ieee802154: mcr20a: Fix lifs/sifs periods
net: ieee802154: ca8210: Stop leaking skb's
netfilter: nft_reject_bridge: Fix for missing reply from prerouting
net: ieee802154: Return meaningful error codes from the netlink helpers
net/smc: Forward wakeup to smc socket waitqueue after fallback
net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected speed request.
net: stmmac: properly handle with runtime pm in stmmac_dvr_remove()
net: macsec: Fix offload support for NETDEV_UNREGISTER event
net: macsec: Verify that send_sci is on when setting Tx sci explicitly
net: stmmac: dump gmac4 DMA registers correctly
net: stmmac: ensure PTP time register reads are consistent
drm/kmb: Fix for build errors with Warray-bounds
drm/i915/overlay: Prevent divide by zero bugs in scaling
drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled
ASoC: fsl: Add missing error handling in pcm030_fabric_probe
ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes
ASoC: simple-card: fix probe failure on platform component
ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name
ASoC: max9759: fix underflow in speaker_gain_control_put()
ASoC: codecs: wcd938x: fix incorrect used of portid
ASoC: codecs: lpass-rx-macro: fix sidetone register offsets
ASoC: codecs: wcd938x: fix return value of mixer put function
pinctrl: sunxi: Fix H616 I2S3 pin data
pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line
pinctrl: intel: fix unexpected interrupt
pinctrl: bcm2835: Fix a few error paths
scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
gve: fix the wrong AdminQ buffer queue index check
bpf: Use VM_MAP instead of VM_ALLOC for ringbuf
selftests/exec: Remove pipe from TEST_GEN_FILES
selftests: futex: Use variable MAKE instead of make
tools/resolve_btfids: Do not print any commands when building silently
e1000e: Separate ADP board type from TGP
rtc: cmos: Evaluate century appropriate
kvm: add guest_state_{enter,exit}_irqoff()
kvm/arm64: rework guest entry logic
perf: Copy perf_event_attr::sig_data on modification
perf stat: Fix display of grouped aliased events
perf/x86/intel/pt: Fix crash with stop filters in single-range mode
x86/perf: Default set FREEZE_ON_SMI for all
EDAC/altera: Fix deferred probing
EDAC/xgene: Fix deferred probing
ext4: prevent used blocks from being allocated during fast commit replay
ext4: modify the logic of ext4_mb_new_blocks_simple
ext4: fix error handling in ext4_restore_inline_data()
ext4: fix error handling in ext4_fc_record_modified_inode()
ext4: fix incorrect type issue during replay_del_range
net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY
cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning
tools include UAPI: Sync sound/asound.h copy with the kernel sources
gpio: idt3243x: Fix an ignored error return from platform_get_irq()
gpio: mpc8xxx: Fix an ignored error return from platform_get_irq()
selftests: nft_concat_range: add test for reload with no element add/del
selftests: netfilter: check stateless nat udp checksum fixup
Linux 5.15.22
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9143b858b768a8497c1df9440a74d8c105c32271
|
||
|
keystone-kernel-automerger
|
79971cce6a |
Merge remote-tracking branch into HEAD
* keystone/mirror-android13-5.15: ANDROID: GKI: update the pixel symbol list ANDROID: sched: Add trace for __setscheduler_uclamp ANDROID: sched: Add vendor hook for util_est_update ANDROID: sched: Add vendor hook for uclamp_eff_get ANDROID: sched: Add vendor hook for cpu_overutilized Signed-off-by: keystone-kernel-automerger <keystone-kernel-automerger@google.com> Change-Id: I26753ac86c18280f66c85925d756fea94ad18630 |
||
|
Rick Yiu
|
97d6c580df |
ANDROID: sched: Add trace for __setscheduler_uclamp
To know per-task uclamp request. Bug: 191973176 Signed-off-by: Rick Yiu <rickyiu@google.com> Change-Id: Ibd40391f2228db5daa410198339237879e67a078 Signed-off-by: Will McVicker <willmcvicker@google.com> |
||
|
Rick Yiu
|
265615cfd3 |
ANDROID: sched: Add vendor hook for util_est_update
Vendor may have its own estimated utilization. Bug: 170508405 Signed-off-by: Rick Yiu <rickyiu@google.com> Change-Id: I6055907de75ace4586c3ad854d40f42e3bf40147 Signed-off-by: Will McVicker <willmcvicker@google.com> |
||
|
Rick Yiu
|
abf44714df |
ANDROID: sched: Add vendor hook for uclamp_eff_get
Vendor may have their own behavior for determing uclamp value. Also uclamp_eff_get() is used in uclamp_rq_inc_id() when task is enqueued, and it is contained in uclamp_eff_value(), there is no much benefit to hook uclamp_eff_value(), so remove the hook in uclamp_eff_value(). Bug: 170507972 Bug: 180859906 Signed-off-by: Rick Yiu <rickyiu@google.com> Change-Id: Ibf7c043188a77c40baf5b4040b198a4197236089 Signed-off-by: Will McVicker <willmcvicker@google.com> |
||
|
Rick Yiu
|
87475cbbe1 |
ANDROID: sched: Add vendor hook for cpu_overutilized
Currently, cpu_overutilized uses the threshold 80% of cpu capacity, Add vendor hook so that vendor could define other values. Bug: 176722431 Signed-off-by: Rick Yiu <rickyiu@google.com> Change-Id: Ic10bd8ebb40f7321cfa10e33ac020e3347ca6550 (cherry picked from commit b199c6e8795791e008cfff6e214676857cd0651c) Signed-off-by: J. Avila <elavila@google.com> (cherry picked from commit f5998fbf2dbbcdda953018d95150b394b02b286b) |
||
|
Waiman Long
|
f5afdefe18 |
cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning
commit 2bdfd2825c9662463371e6691b1a794e97fa36b4 upstream.
It was found that a "suspicious RCU usage" lockdep warning was issued
with the rcu_read_lock() call in update_sibling_cpumasks(). It is
because the update_cpumasks_hier() function may sleep. So we have
to release the RCU lock, call update_cpumasks_hier() and reacquire
it afterward.
Also add a percpu_rwsem_assert_held() in update_sibling_cpumasks()
instead of stating that in the comment.
Fixes:
|
||
|
Marco Elver
|
64e133ce28 |
perf: Copy perf_event_attr::sig_data on modification
[ Upstream commit 3c25fc97f5590060464cabfa25710970ecddbc96 ]
The intent has always been that perf_event_attr::sig_data should also be
modifiable along with PERF_EVENT_IOC_MODIFY_ATTRIBUTES, because it is
observable by user space if SIGTRAP on events is requested.
Currently only PERF_TYPE_BREAKPOINT is modifiable, and explicitly copies
relevant breakpoint-related attributes in hw_breakpoint_copy_attr().
This misses copying perf_event_attr::sig_data.
Since sig_data is not specific to PERF_TYPE_BREAKPOINT, introduce a
helper to copy generic event-type-independent attributes on
modification.
Fixes:
|
||
|
Hou Tao
|
5e457aeab5 |
bpf: Use VM_MAP instead of VM_ALLOC for ringbuf
commit b293dcc473d22a62dc6d78de2b15e4f49515db56 upstream.
After commit 2fd3fb0be1d1 ("kasan, vmalloc: unpoison VM_ALLOC pages
after mapping"), non-VM_ALLOC mappings will be marked as accessible
in __get_vm_area_node() when KASAN is enabled. But now the flag for
ringbuf area is VM_ALLOC, so KASAN will complain out-of-bound access
after vmap() returns. Because the ringbuf area is created by mapping
allocated pages, so use VM_MAP instead.
After the change, info in /proc/vmallocinfo also changes from
[start]-[end] 24576 ringbuf_map_alloc+0x171/0x290 vmalloc user
to
[start]-[end] 24576 ringbuf_map_alloc+0x171/0x290 vmap user
Fixes:
|
||
|
Paul Moore
|
b8d9e0aec1 |
audit: improve audit queue handling when "audit=1" on cmdline
commit f26d04331360d42dbd6b58448bd98e4edbfbe1c5 upstream.
When an admin enables audit at early boot via the "audit=1" kernel
command line the audit queue behavior is slightly different; the
audit subsystem goes to greater lengths to avoid dropping records,
which unfortunately can result in problems when the audit daemon is
forcibly stopped for an extended period of time.
This patch makes a number of changes designed to improve the audit
queuing behavior so that leaving the audit daemon in a stopped state
for an extended period does not cause a significant impact to the
system.
- kauditd_send_queue() is now limited to looping through the
passed queue only once per call. This not only prevents the
function from looping indefinitely when records are returned
to the current queue, it also allows any recovery handling in
kauditd_thread() to take place when kauditd_send_queue()
returns.
- Transient netlink send errors seen as -EAGAIN now cause the
record to be returned to the retry queue instead of going to
the hold queue. The intention of the hold queue is to store,
perhaps for an extended period of time, the events which led
up to the audit daemon going offline. The retry queue remains
a temporary queue intended to protect against transient issues
between the kernel and the audit daemon.
- The retry queue is now limited by the audit_backlog_limit
setting, the same as the other queues. This allows admins
to bound the size of all of the audit queues on the system.
- kauditd_rehold_skb() now returns records to the end of the
hold queue to ensure ordering is preserved in the face of
recent changes to kauditd_send_queue().
Cc: stable@vger.kernel.org
Fixes:
|
||
|
keystone-kernel-automerger
|
926aed5b64 |
Merge remote-tracking branch into HEAD
* keystone/mirror-android13-5.15: (35 commits) Linux 5.15.20 ovl: fix NULL pointer dereference in copy up warning tcp: add missing tcp_skb_can_collapse() test in tcp_shift_skb_data() af_packet: fix data-race in packet_setsockopt / packet_setsockopt e1000e: Handshake with CSME starts from ADL platforms cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() net: sched: fix use-after-free in tc_new_tfilter() fanotify: Fix stale file descriptor in copy_event_to_user() net: amd-xgbe: Fix skb data length underflow net: amd-xgbe: ensure to reset the tx_timer_active flag i40e: Fix reset path while removing the driver i40e: Fix reset bw limit when DCB enabled with 1 TC ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback net/mlx5: E-Switch, Fix uninitialized variable modact net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion net/mlx5e: Don't treat small ceil values as unlimited in HTB offload net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE net/mlx5e: Fix module EEPROM query net/mlx5: Use del_timer_sync in fw reset flow of halting poll ... Signed-off-by: keystone-kernel-automerger <keystone-kernel-automerger@google.com> Change-Id: Iec48389b1a2ac8535cd834f3867dd7404836e484 |
||
|
Greg Kroah-Hartman
|
344a3ff87c |
Merge 5.15.20 into android13-5.15
Changes in 5.15.20 PCI: pciehp: Fix infinite loop in IRQ handler upon power fault selftests: mptcp: fix ipv6 routing setup net: ipa: use a bitmap for endpoint replenish_enabled net: ipa: prevent concurrent replenish drm/vc4: hdmi: Make sure the device is powered with CEC cgroup-v1: Require capabilities to set release_agent Revert "mm/gup: small refactoring: simplify try_grab_page()" ovl: don't fail copy up if no fileattr support on upper lockd: fix server crash on reboot of client holding lock lockd: fix failure to cleanup client locks net/mlx5e: IPsec: Fix tunnel mode crypto offload for non TCP/UDP traffic net/mlx5: Bridge, take rtnl lock in init error handler net/mlx5: Bridge, ensure dev_name is null-terminated net/mlx5e: Fix handling of wrong devices during bond netevent net/mlx5: Use del_timer_sync in fw reset flow of halting poll net/mlx5e: Fix module EEPROM query net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE net/mlx5e: Don't treat small ceil values as unlimited in HTB offload net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion net/mlx5: E-Switch, Fix uninitialized variable modact ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback i40e: Fix reset bw limit when DCB enabled with 1 TC i40e: Fix reset path while removing the driver net: amd-xgbe: ensure to reset the tx_timer_active flag net: amd-xgbe: Fix skb data length underflow fanotify: Fix stale file descriptor in copy_event_to_user() net: sched: fix use-after-free in tc_new_tfilter() rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() e1000e: Handshake with CSME starts from ADL platforms af_packet: fix data-race in packet_setsockopt / packet_setsockopt tcp: add missing tcp_skb_can_collapse() test in tcp_shift_skb_data() ovl: fix NULL pointer dereference in copy up warning Linux 5.15.20 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ia50333eff81881fac62eb52455b502e6c46ff3d9 |
||
|
Tianchen Ding
|
6be2349177 |
cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask()
commit c80d401c52a2d1baf2a5afeb06f0ffe678e56d23 upstream.
subparts_cpus should be limited as a subset of cpus_allowed, but it is
updated wrongly by using cpumask_andnot(). Use cpumask_and() instead to
fix it.
Fixes:
|
||
|
Eric W. Biederman
|
4b1c32bfaa |
cgroup-v1: Require capabilities to set release_agent
commit 24f6008564183aa120d07c03d9289519c2fe02af upstream.
The cgroup release_agent is called with call_usermodehelper. The function
call_usermodehelper starts the release_agent with a full set fo capabilities.
Therefore require capabilities when setting the release_agaent.
Reported-by: Tabitha Sable <tabitha.c.sable@gmail.com>
Tested-by: Tabitha Sable <tabitha.c.sable@gmail.com>
Fixes:
|
||
|
keystone-kernel-automerger
|
1db087dab6 |
Merge remote-tracking branch into HEAD
* keystone/mirror-android13-5.15: (171 commits) FROMGIT: f2fs: move f2fs to use reader-unfair rwsems ANDROID: build/build-tools -> build/kernel/build-tools. ANDROID: incremental-fs: populate userns before calling vfs_rename ANDROID: incremental-fs: remove index and incomplete dir on umount Linux 5.15.19 mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip() block: Fix wrong offset in bio_truncate() fsnotify: invalidate dcache before IN_DELETE event usr/include/Makefile: add linux/nfc.h to the compile-test coverage usb: dwc3: xilinx: fix uninitialized return value psi: fix "defined but not used" warnings when CONFIG_PROC_FS=n psi: fix "no previous prototype" warnings when CONFIG_CGROUPS=n perf/core: Fix cgroup event list management dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config irqchip/realtek-rtl: Fix off-by-one in routing irqchip/realtek-rtl: Map control data to virq Bluetooth: refactor malicious adv data check net: bridge: vlan: fix memory leak in __allowed_ingress ipv4: remove sparse error in ip_neigh_gw4() ipv4: tcp: send zero IPID in SYNACK messages ... Signed-off-by: keystone-kernel-automerger <keystone-kernel-automerger@google.com> Change-Id: I28d92c429253e4755afb11c5611b05b7b9ed35c3 |
||
|
Greg Kroah-Hartman
|
8222792e8e |
Merge 5.15.19 into android13-5.15
Changes in 5.15.19
can: m_can: m_can_fifo_{read,write}: don't read or write from/to FIFO if length is 0
net: sfp: ignore disabled SFP node
net: stmmac: configure PTP clock source prior to PTP initialization
net: stmmac: skip only stmmac_ptp_register when resume from suspend
ARM: 9179/1: uaccess: avoid alignment faults in copy_[from|to]_kernel_nofault
ARM: 9180/1: Thumb2: align ALT_UP() sections in modules sufficiently
KVM: arm64: Use shadow SPSR_EL1 when injecting exceptions on !VHE
s390/module: fix loading modules with a lot of relocations
s390/hypfs: include z/VM guests with access control group set
s390/nmi: handle guarded storage validity failures for KVM guests
s390/nmi: handle vector validity failures for KVM guests
bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack()
powerpc32/bpf: Fix codegen for bpf-to-bpf calls
powerpc/bpf: Update ldimm64 instructions during extra pass
ucount: Make get_ucount a safe get_user replacement
scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
udf: Restore i_lenAlloc when inode expansion fails
udf: Fix NULL ptr deref when converting from inline format
efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
PM: wakeup: simplify the output logic of pm_show_wakelocks()
tracing/histogram: Fix a potential memory leak for kstrdup()
tracing: Don't inc err_log entry count if entry allocation fails
ceph: properly put ceph_string reference after async create attempt
ceph: set pool_ns in new inode layout for async creates
fsnotify: fix fsnotify hooks in pseudo filesystems
Revert "KVM: SVM: avoid infinite loop on NPF from bad address"
psi: Fix uaf issue when psi trigger is destroyed while being polled
powerpc/audit: Fix syscall_get_arch()
perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX
perf/x86/intel: Add a quirk for the calculation of the number of counters on Alder Lake
drm/etnaviv: relax submit size limits
drm/atomic: Add the crtc to affected crtc only if uapi.enable = true
drm/amd/display: Fix FP start/end for dcn30_internal_validate_bw.
KVM: LAPIC: Also cancel preemption timer during SET_LAPIC
KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests
KVM: SVM: Don't intercept #GP for SEV guests
KVM: x86: nSVM: skip eax alignment check for non-SVM instructions
KVM: x86: Forcibly leave nested virt when SMM state is toggled
KVM: x86: Keep MSR_IA32_XSS unchanged for INIT
KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS
KVM: x86: Sync the states size with the XCR0/IA32_XSS at, any time
KVM: PPC: Book3S HV Nested: Fix nested HFSCR being clobbered with multiple vCPUs
dm: revert partial fix for redundant bio-based IO accounting
block: add bio_start_io_acct_time() to control start_time
dm: properly fix redundant bio-based IO accounting
serial: pl011: Fix incorrect rs485 RTS polarity on set_mctrl
serial: 8250: of: Fix mapped region size when using reg-offset property
serial: stm32: fix software flow control transfer
tty: n_gsm: fix SW flow control encoding/handling
tty: Partially revert the removal of the Cyclades public API
tty: Add support for Brainboxes UC cards.
kbuild: remove include/linux/cyclades.h from header file check
usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
usb: xhci-plat: fix crash when suspend if remote wake enable
usb: common: ulpi: Fix crash in ulpi_match()
usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
usb: cdnsp: Fix segmentation fault in cdns_lost_power function
usb: dwc3: xilinx: Skip resets and USB3 register settings for USB2.0 mode
usb: dwc3: xilinx: Fix error handling when getting USB3 PHY
USB: core: Fix hang in usb_kill_urb by adding memory barriers
usb: typec: tcpci: don't touch CC line if it's Vconn source
usb: typec: tcpm: Do not disconnect while receiving VBUS off
usb: typec: tcpm: Do not disconnect when receiving VSAFE0V
ucsi_ccg: Check DEV_INT bit only when starting CCG4
mm, kasan: use compare-exchange operation to set KASAN page tag
jbd2: export jbd2_journal_[grab|put]_journal_head
ocfs2: fix a deadlock when commit trans
sched/membarrier: Fix membarrier-rseq fence command missing from query bitmask
PCI/sysfs: Find shadow ROM before static attribute initialization
x86/MCE/AMD: Allow thresholding interface updates after init
x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN
powerpc/32s: Allocate one 256k IBAT instead of two consecutives 128k IBATs
powerpc/32s: Fix kasan_init_region() for KASAN
powerpc/32: Fix boot failure with GCC latent entropy plugin
i40e: Increase delay to 1 s after global EMP reset
i40e: Fix issue when maximum queues is exceeded
i40e: Fix queues reservation for XDP
i40e: Fix for failed to init adminq while VF reset
i40e: fix unsigned stat widths
usb: roles: fix include/linux/usb/role.h compile issue
rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev
scsi: elx: efct: Don't use GFP_KERNEL under spin lock
scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
ipv6_tunnel: Rate limit warning messages
ARM: 9170/1: fix panic when kasan and kprobe are enabled
net: fix information leakage in /proc/net/ptype
hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649
hwmon: (lm90) Mark alert as broken for MAX6680
ping: fix the sk_bound_dev_if match in ping_lookup
ipv4: avoid using shared IP generator for connected sockets
hwmon: (lm90) Reduce maximum conversion rate for G781
NFSv4: Handle case where the lookup of a directory fails
NFSv4: nfs_atomic_open() can race when looking up a non-regular file
net-procfs: show net devices bound packet types
drm/msm: Fix wrong size calculation
drm/msm/dsi: Fix missing put_device() call in dsi_get_phy
drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
ipv6: annotate accesses to fn->fn_sernum
NFS: Ensure the server has an up to date ctime before hardlinking
NFS: Ensure the server has an up to date ctime before renaming
KVM: arm64: pkvm: Use the mm_ops indirection for cache maintenance
SUNRPC: Use BIT() macro in rpc_show_xprt_state()
SUNRPC: Don't dereference xprt->snd_task if it's a cookie
powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
netfilter: conntrack: don't increment invalid counter on NF_REPEAT
powerpc/64s: Mask SRR0 before checking against the masked NIP
perf: Fix perf_event_read_local() time
sched/pelt: Relax the sync of util_sum with util_avg
net: phy: broadcom: hook up soft_reset for BCM54616S
net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL
net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode
phylib: fix potential use-after-free
octeontx2-af: Do not fixup all VF action entries
octeontx2-af: Fix LBK backpressure id count
octeontx2-af: Retry until RVU block reset complete
octeontx2-pf: cn10k: Ensure valid pointers are freed to aura
octeontx2-af: verify CQ context updates
octeontx2-af: Increase link credit restore polling timeout
octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces
octeontx2-pf: Forward error codes to VF
rxrpc: Adjust retransmission backoff
efi/libstub: arm64: Fix image check alignment at entry
io_uring: fix bug in slow unregistering of nodes
Drivers: hv: balloon: account for vmbus packet header in max_pkt_size
hwmon: (lm90) Re-enable interrupts after alert clears
hwmon: (lm90) Mark alert as broken for MAX6654
hwmon: (lm90) Fix sysfs and udev notifications
hwmon: (adt7470) Prevent divide by zero in adt7470_fan_write()
powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending
ipv4: fix ip option filtering for locally generated fragments
ibmvnic: Allow extra failures before disabling
ibmvnic: init ->running_cap_crqs early
ibmvnic: don't spin in tasklet
net/smc: Transitional solution for clcsock race issue
video: hyperv_fb: Fix validation of screen resolution
can: tcan4x5x: regmap: fix max register value
drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc
drm/msm/a6xx: Add missing suspend_count increment
yam: fix a memory leak in yam_siocdevprivate()
net: cpsw: Properly initialise struct page_pool_params
net: hns3: handle empty unknown interrupt for VF
sch_htb: Fail on unsupported parameters when offload is requested
Revert "drm/ast: Support 1600x900 with 108MHz PCLK"
KVM: selftests: Don't skip L2's VMCALL in SMM test for SVM guest
ceph: put the requests/sessions when it fails to alloc memory
gve: Fix GFP flags when allocing pages
Revert "ipv6: Honor all IPv6 PIO Valid Lifetime values"
net: bridge: vlan: fix single net device option dumping
ipv4: raw: lock the socket in raw_bind()
ipv4: tcp: send zero IPID in SYNACK messages
ipv4: remove sparse error in ip_neigh_gw4()
net: bridge: vlan: fix memory leak in __allowed_ingress
Bluetooth: refactor malicious adv data check
irqchip/realtek-rtl: Map control data to virq
irqchip/realtek-rtl: Fix off-by-one in routing
dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config
perf/core: Fix cgroup event list management
psi: fix "no previous prototype" warnings when CONFIG_CGROUPS=n
psi: fix "defined but not used" warnings when CONFIG_PROC_FS=n
usb: dwc3: xilinx: fix uninitialized return value
usr/include/Makefile: add linux/nfc.h to the compile-test coverage
fsnotify: invalidate dcache before IN_DELETE event
block: Fix wrong offset in bio_truncate()
mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip()
Linux 5.15.19
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I66399d45af362fa8e1672ba38c0d672e21afc716
|
||
|
keystone-kernel-automerger
|
3c76299190 |
Merge remote-tracking branch into HEAD
* keystone/mirror-android13-5.15: ANDROID: Incremental fs: Mark merkle tree pages uptodate ANDROID: iommu/io-pgtable-arm: Add IOMMU_CACHE_ICACHE_OCACHE_NWA ANDROID: iommu/dma: Add support for DMA_ATTR_SYS_CACHE_ONLY_NWA ANDROID: iommu/dma: Add support fo DMA_ATTR_SYS_CACHE_ONLY ANDROID: arm64: Add support for system cache memory type ANDROID: Update QCOM symbol list Revert "ANDROID: GKI: enable test_stackinit kernel module" FROMLIST: Revert mm/gup: small refactoring: simplify try_grab_page() ANDROID: qcom: iommu: Use restricted vendor hook for dma ops ANDROID: Update QCOM symbol list ANDROID: Sort QCOM symbol list Signed-off-by: keystone-kernel-automerger <keystone-kernel-automerger@google.com> Change-Id: I33453a4eefd55be72dea5b177d2499c4a5d62a68 |
||
|
Isaac J. Manjarres
|
ec1e52f1ca |
ANDROID: iommu/dma: Add support for DMA_ATTR_SYS_CACHE_ONLY_NWA
IOMMU_SYS_CACHE_ONLY_NWA allows buffers for non-coherent devices to be mapped with the correct memory attributes so that the buffers can be cached in the system cache, with a no write allocate cache policy. However, this property is only usable by drivers that invoke the IOMMU API directly; it is not usable by drivers that use the DMA API. Thus, introduce DMA_ATTR_SYS_CACHE_ONLY_NWA, so that drivers for non-coherent devices that use the DMA API can use it to specify if they want a buffer to be cached in the system cache. Bug: 189339242 Change-Id: Ic812a1fb144a58deb4279c2bf121fc6cc4c3b208 Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> Signed-off-by: Georgi Djakov <quic_c_gdjako@quicinc.com> |
||
|
Isaac J. Manjarres
|
69c6228a2c |
ANDROID: iommu/dma: Add support fo DMA_ATTR_SYS_CACHE_ONLY
IOMMU_SYS_CACHE_ONLY allows buffers for non-coherent devices to be mapped with the correct memory attributes so that the buffers can be cached in the system cache. However, this property is only usable by drivers that invoke the IOMMU API directly; it is not usable by drivers that use the DMA API. Thus, introduce DMA_ATTR_SYS_CACHE_ONLY, so that drivers for non-coherent devices that use the DMA API can use it to specify if they want a buffer to be cached in the system cache. Bug: 189339242 Change-Id: I849d7a3f36b689afd2f6ee400507223fd6395158 Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> Signed-off-by: Georgi Djakov <quic_c_gdjako@quicinc.com> |
||
|
Suren Baghdasaryan
|
442414e8c4 |
psi: fix "defined but not used" warnings when CONFIG_PROC_FS=n
commit 44585f7bc0cb01095bc2ad4258049c02bbad21ef upstream.
When CONFIG_PROC_FS is disabled psi code generates the following
warnings:
kernel/sched/psi.c:1364:30: warning: 'psi_cpu_proc_ops' defined but not used [-Wunused-const-variable=]
1364 | static const struct proc_ops psi_cpu_proc_ops = {
| ^~~~~~~~~~~~~~~~
kernel/sched/psi.c:1355:30: warning: 'psi_memory_proc_ops' defined but not used [-Wunused-const-variable=]
1355 | static const struct proc_ops psi_memory_proc_ops = {
| ^~~~~~~~~~~~~~~~~~~
kernel/sched/psi.c:1346:30: warning: 'psi_io_proc_ops' defined but not used [-Wunused-const-variable=]
1346 | static const struct proc_ops psi_io_proc_ops = {
| ^~~~~~~~~~~~~~~
Make definitions of these structures and related functions conditional
on CONFIG_PROC_FS config.
Link: https://lkml.kernel.org/r/20220119223940.787748-3-surenb@google.com
Fixes:
|
||
|
Namhyung Kim
|
fd26531855 |
perf/core: Fix cgroup event list management
commit c5de60cd622a2607c043ba65e25a6e9998a369f9 upstream. The active cgroup events are managed in the per-cpu cgrp_cpuctx_list. This list is only accessed from current cpu and not protected by any locks. But from the commit |
||
|
Vincent Guittot
|
58e81159b4 |
sched/pelt: Relax the sync of util_sum with util_avg
[ Upstream commit 98b0d890220d45418cfbc5157b3382e6da5a12ab ]
Rick reported performance regressions in bugzilla because of cpu frequency
being lower than before:
https://bugzilla.kernel.org/show_bug.cgi?id=215045
He bisected the problem to:
commit
|
||
|
Peter Zijlstra
|
767060539a |
perf: Fix perf_event_read_local() time
[ Upstream commit 09f5e7dc7ad705289e1b1ec065439aa3c42951c4 ]
Time readers that cannot take locks (due to NMI etc..) currently make
use of perf_event::shadow_ctx_time, which, for that event gives:
time' = now + (time - timestamp)
or, alternatively arranged:
time' = time + (now - timestamp)
IOW, the progression of time since the last time the shadow_ctx_time
was updated.
There's problems with this:
A) the shadow_ctx_time is per-event, even though the ctx_time it
reflects is obviously per context. The direct concequence of this
is that the context needs to iterate all events all the time to
keep the shadow_ctx_time in sync.
B) even with the prior point, the context itself might not be active
meaning its time should not advance to begin with.
C) shadow_ctx_time isn't consistently updated when ctx_time is
There are 3 users of this stuff, that suffer differently from this:
- calc_timer_values()
- perf_output_read()
- perf_event_update_userpage() /* A */
- perf_event_read_local() /* A,B */
In particular, perf_output_read() doesn't suffer at all, because it's
sample driven and hence only relevant when the event is actually
running.
This same was supposed to be true for perf_event_update_userpage(),
after all self-monitoring implies the context is active *HOWEVER*, as
per commit
|
||
|
Mathieu Desnoyers
|
cef9335c46 |
sched/membarrier: Fix membarrier-rseq fence command missing from query bitmask
commit 809232619f5b15e31fb3563985e705454f32621f upstream.
The membarrier command MEMBARRIER_CMD_QUERY allows querying the
available membarrier commands. When the membarrier-rseq fence commands
were added, a new MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ_BITMASK was
introduced with the intent to expose them with the MEMBARRIER_CMD_QUERY
command, the but it was never added to MEMBARRIER_CMD_BITMASK.
The membarrier-rseq fence commands are therefore not wired up with the
query command.
Rename MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ_BITMASK to
MEMBARRIER_PRIVATE_EXPEDITED_RSEQ_BITMASK (the bitmask is not a command
per-se), and change the erroneous
MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED_RSEQ_BITMASK (which does not
actually exist) to MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED_RSEQ.
Wire up MEMBARRIER_PRIVATE_EXPEDITED_RSEQ_BITMASK in
MEMBARRIER_CMD_BITMASK. Fixing this allows discovering availability of
the membarrier-rseq fence feature.
Fixes:
|
||
|
Suren Baghdasaryan
|
d3e4c61e14 |
psi: Fix uaf issue when psi trigger is destroyed while being polled
commit a06247c6804f1a7c86a2e5398a4c1f1db1471848 upstream.
With write operation on psi files replacing old trigger with a new one,
the lifetime of its waitqueue is totally arbitrary. Overwriting an
existing trigger causes its waitqueue to be freed and pending poll()
will stumble on trigger->event_wait which was destroyed.
Fix this by disallowing to redefine an existing psi trigger. If a write
operation is used on a file descriptor with an already existing psi
trigger, the operation will fail with EBUSY error.
Also bypass a check for psi_disabled in the psi_trigger_destroy as the
flag can be flipped after the trigger is created, leading to a memory
leak.
Fixes:
|
||
|
Tom Zanussi
|
4e5dcbedd4 |
tracing: Don't inc err_log entry count if entry allocation fails
commit 67ab5eb71b37b55f7c5522d080a1b42823351776 upstream.
tr->n_err_log_entries should only be increased if entry allocation
succeeds.
Doing it when it fails won't cause any problems other than wasting an
entry, but should be fixed anyway.
Link: https://lkml.kernel.org/r/cad1ab28f75968db0f466925e7cba5970cec6c29.1643319703.git.zanussi@kernel.org
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Xiaoke Wang
|
e33fa4a46e |
tracing/histogram: Fix a potential memory leak for kstrdup()
commit e629e7b525a179e29d53463d992bdee759c950fb upstream.
kfree() is missing on an error path to free the memory allocated by
kstrdup():
p = param = kstrdup(data->params[i], GFP_KERNEL);
So it is better to free it via kfree(p).
Link: https://lkml.kernel.org/r/tencent_C52895FD37802832A3E5B272D05008866F0A@qq.com
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Greg Kroah-Hartman
|
fb9b60bbda |
PM: wakeup: simplify the output logic of pm_show_wakelocks()
commit c9d967b2ce40d71e968eb839f36c936b8a9cf1ea upstream. The buffer handling in pm_show_wakelocks() is tricky, and hopefully correct. Ensure it really is correct by using sysfs_emit_at() which handles all of the tricky string handling logic in a PAGE_SIZE buffer for us automatically as this is a sysfs file being read from. Reviewed-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric W. Biederman
|
348a8501e6 |
ucount: Make get_ucount a safe get_user replacement
commit f9d87929d451d3e649699d0f1d74f71f77ad38f5 upstream. When the ucount code was refactored to create get_ucount it was missed that some of the contexts in which a rlimit is kept elevated can be the only reference to the user/ucount in the system. Ordinary ucount references exist in places that also have a reference to the user namspace, but in POSIX message queues, the SysV shm code, and the SIGPENDING code there is no independent user namespace reference. Inspection of the the user_namespace show no instance of circular references between struct ucounts and the user_namespace. So hold a reference from struct ucount to i's user_namespace to resolve this problem. Link: https://lore.kernel.org/lkml/YZV7Z+yXbsx9p3JN@fixkernel.com/ Reported-by: Qian Cai <quic_qiancai@quicinc.com> Reported-by: Mathias Krause <minipli@grsecurity.net> Tested-by: Mathias Krause <minipli@grsecurity.net> Reviewed-by: Mathias Krause <minipli@grsecurity.net> Reviewed-by: Alexey Gladkov <legion@kernel.org> Fixes: |
||
|
Naveen N. Rao
|
0bcd484587 |
bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack()
commit b992f01e66150fc5e90be4a96f5eb8e634c8249e upstream.
task_pt_regs() can return NULL on powerpc for kernel threads. This is
then used in __bpf_get_stack() to check for user mode, resulting in a
kernel oops. Guard against this by checking return value of
task_pt_regs() before trying to obtain the call chain.
Fixes:
|
||
|
keystone-kernel-automerger
|
43cefd934f |
Merge remote-tracking branch into HEAD
* keystone/mirror-android13-5.15: (859 commits) ANDROID: gic: change gic resume vendor hook para ANDROID: hung_task: Add vendor hook for hung task detect ANDROID: KVM: arm64: pkvm: Prevent the donation of no-map pages Linux 5.15.18 drm/vmwgfx: Fix stale file descriptors on failed usercopy arm64/bpf: Remove 128MB limit for BPF JIT programs drm/amdgpu: Use correct VIEWPORT_DIMENSION for DCN2 select: Fix indefinitely sleeping task in poll_schedule_timeout() rcu: Tighten rcu_advance_cbs_nowake() checks memcg: better bounds on the memcg stats updates memcg: unify memcg stat flushing memcg: flush stats only if updated bnx2x: Invalidate fastpath HSI version for VFs bnx2x: Utilize firmware 7.13.21.0 io_uring: fix not released cached task refs drm/amd/display: reset dcn31 SMU mailbox on failures drm/i915: Flush TLBs before releasing backing store Linux 5.15.17 scripts: sphinx-pre-install: Fix ctex support on Debian scripts: sphinx-pre-install: add required ctex dependency ... Signed-off-by: keystone-kernel-automerger <keystone-kernel-automerger@google.com> Change-Id: If9810a1c17363021613d6022ec578562f31c4934 |
||
|
Huang Yiwei
|
88c67dcda4 |
ANDROID: hung_task: Add vendor hook for hung task detect
Add vendor hook for hung task detect, so we can decide which threads need to check, avoiding false alarms. Bug: 188684133 Change-Id: I5d7dfeb071cbfda8121134c38a458202aaa3a8c6 Signed-off-by: Huang Yiwei <hyiwei@codeaurora.org> Signed-off-by: Vamsi Krishna Lanka <quic_vamslank@quicinc.com> |
||
|
Greg Kroah-Hartman
|
2eebe00fce |
Merge 5.15.18 into android13-5.15
Changes in 5.15.18 drm/i915: Flush TLBs before releasing backing store drm/amd/display: reset dcn31 SMU mailbox on failures io_uring: fix not released cached task refs bnx2x: Utilize firmware 7.13.21.0 bnx2x: Invalidate fastpath HSI version for VFs memcg: flush stats only if updated memcg: unify memcg stat flushing memcg: better bounds on the memcg stats updates rcu: Tighten rcu_advance_cbs_nowake() checks select: Fix indefinitely sleeping task in poll_schedule_timeout() drm/amdgpu: Use correct VIEWPORT_DIMENSION for DCN2 arm64/bpf: Remove 128MB limit for BPF JIT programs drm/vmwgfx: Fix stale file descriptors on failed usercopy Linux 5.15.18 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I8ca482966310c5ee8381951ba81e31ee894b6d1f |
||
|
Greg Kroah-Hartman
|
a8b5dc3032 |
Merge 5.15.17 into android13-5.15
Changes in 5.15.17
KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU
KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock
HID: Ignore battery for Elan touchscreen on HP Envy X360 15t-dr100
HID: uhid: Fix worker destroying device without any protection
HID: wacom: Reset expected and received contact counts at the same time
HID: wacom: Ignore the confidence flag when a touch is removed
HID: wacom: Avoid using stale array indicies to read contact count
ALSA: core: Fix SSID quirk lookup for subvendor=0
f2fs: fix to do sanity check on inode type during garbage collection
f2fs: fix to do sanity check in is_alive()
f2fs: avoid EINVAL by SBI_NEED_FSCK when pinning a file
nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
mtd: Fixed breaking list in __mtd_del_partition.
mtd: rawnand: davinci: Don't calculate ECC when reading page
mtd: rawnand: davinci: Avoid duplicated page read
mtd: rawnand: davinci: Rewrite function description
mtd: rawnand: Export nand_read_page_hwecc_oob_first()
mtd: rawnand: ingenic: JZ4740 needs 'oob_first' read page function
riscv: Get rid of MAXPHYSMEM configs
RISC-V: Use common riscv_cpuid_to_hartid_mask() for both SMP=y and SMP=n
riscv: try to allocate crashkern region from 32bit addressible memory
riscv: Don't use va_pa_offset on kdump
riscv: use hart id instead of cpu id on machine_kexec
riscv: mm: fix wrong phys_ram_base value for RV64
x86/gpu: Reserve stolen memory for first integrated Intel GPU
tools/nolibc: x86-64: Fix startup code bug
crypto: x86/aesni - don't require alignment of data
tools/nolibc: i386: fix initial stack alignment
tools/nolibc: fix incorrect truncation of exit code
rtc: cmos: take rtc_lock while reading from CMOS
net: phy: marvell: add Marvell specific PHY loopback
ksmbd: uninitialized variable in create_socket()
ksmbd: fix guest connection failure with nautilus
ksmbd: add support for smb2 max credit parameter
ksmbd: move credit charge deduction under processing request
ksmbd: limits exceeding the maximum allowable outstanding requests
ksmbd: add reserved room in ipc request/response
media: cec: fix a deadlock situation
media: ov8865: Disable only enabled regulators on error path
media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
media: flexcop-usb: fix control-message timeouts
media: mceusb: fix control-message timeouts
media: em28xx: fix control-message timeouts
media: cpia2: fix control-message timeouts
media: s2255: fix control-message timeouts
media: dib0700: fix undefined behavior in tuner shutdown
media: redrat3: fix control-message timeouts
media: pvrusb2: fix control-message timeouts
media: stk1160: fix control-message timeouts
media: cec-pin: fix interrupt en/disable handling
can: softing_cs: softingcs_probe(): fix memleak on registration failure
mei: hbm: fix client dma reply status
iio: adc: ti-adc081c: Partial revert of removal of ACPI IDs
iio: trigger: Fix a scheduling whilst atomic issue seen on tsc2046
lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
bus: mhi: pci_generic: Graceful shutdown on freeze
bus: mhi: core: Fix reading wake_capable channel configuration
bus: mhi: core: Fix race while handling SYS_ERR at power up
cxl/pmem: Fix reference counting for delayed work
arm64: errata: Fix exec handling in erratum
|
||
|
Paul E. McKenney
|
c3156dbd50 |
rcu: Tighten rcu_advance_cbs_nowake() checks
commit 614ddad17f22a22e035e2ea37a04815f50362017 upstream. Currently, rcu_advance_cbs_nowake() checks that a grace period is in progress, however, that grace period could end just after the check. This commit rechecks that a grace period is still in progress while holding the rcu_node structure's lock. The grace period cannot end while the current CPU's rcu_node structure's ->lock is held, thus avoiding false positives from the WARN_ON_ONCE(). As Daniel Vacek noted, it is not necessary for the rcu_node structure to have a CPU that has not yet passed through its quiescent state. Tested-by: Guillaume Morin <guillaume@morinfr.org> Signed-off-by: Paul E. McKenney <paulmck@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
keystone-kernel-automerger
|
5dcdc3f722 |
Merge remote-tracking branch into HEAD
* keystone/mirror-android13-5.15: UPSTREAM: scsi: ufs: core: Export hibern8 entry and exit functions ANDROID: KVM: arm64: Don't remove shadow table entry twice on teardown ANDROID: Update QCOM symbol list BACKPORT: FROMLIST: misc: open-dice: Add driver to expose DICE data to userspace FROMLIST: dt-bindings: reserved-memory: Open Profile for DICE Revert "BACKPORT: FROMLIST: misc: open-dice: Add driver to expose DICE data to userspace" Revert "FROMLIST: dt-bindings: reserved-memory: Open Profile for DICE" ANDROID: remove extra !SMP inline for __migrate_task ANDROID: Incremental-fs: Doc: correct a sysfs path in incfs.rst ANDROID: selftests: fix incfs_test ANDROID: incremental-fs: fix mount_fs issue ANDROID: incremental-fs: fix GPF in pending_reads_dispatch_ioctl Signed-off-by: keystone-kernel-automerger <keystone-kernel-automerger@google.com> Change-Id: I694aa0dc157b21d0aa0ca33cde5f3f9026db83ed |
||
|
Eric W. Biederman
|
0288b85d75 |
taskstats: Cleanup the use of task->exit_code
commit 1b5a42d9c85f0e731f01c8d1129001fd8531a8a0 upstream. In the function bacct_add_task the code reading task->exit_code was introduced in commit |
||
|
Daniel Borkmann
|
95429d6b64 |
bpf: Mark PTR_TO_FUNC register initially with zero offset
commit d400a6cf1c8a57cdf10f35220ead3284320d85ff upstream.
Similar as with other pointer types where we use ldimm64, clear the register
content to zero first, and then populate the PTR_TO_FUNC type and subprogno
number. Currently this is not done, and leads to reuse of stale register
tracking data.
Given for special ldimm64 cases we always clear the register offset, make it
common for all cases, so it won't be forgotten in future.
Fixes:
|
||
|
Yafang Shao
|
20ceec871b |
bpf: Fix mount source show for bpffs
commit 1e9d74660d4df625b0889e77018f9e94727ceacd upstream. We noticed our tc ebpf tools can't start after we upgrade our in-house kernel version from 4.19 to 5.10. That is because of the behaviour change in bpffs caused by commit |
||
|
Nikita Yushchenko
|
cb77c81d34 |
tracing/osnoise: Properly unhook events if start_per_cpu_kthreads() fails
commit 0878355b51f5f26632e652c848a8e174bb02d22d upstream.
If start_per_cpu_kthreads() called from osnoise_workload_start() returns
error, event hooks are left in broken state: unhook_irq_events() called
but unhook_thread_events() and unhook_softirq_events() not called, and
trace_osnoise_callback_enabled flag not cleared.
On the next tracer enable, hooks get not installed due to
trace_osnoise_callback_enabled flag.
And on the further tracer disable an attempt to remove non-installed
hooks happened, hitting a WARN_ON_ONCE() in tracepoint_remove_func().
Fix the error path by adding the missing part of cleanup.
While at this, introduce osnoise_unhook_events() to avoid code
duplication between this error path and normal tracer disable.
Link: https://lkml.kernel.org/r/20220109153459.3701773-1-nikita.yushchenko@virtuozzo.com
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Steven Rostedt
|
74c0c6483b |
tracing: Have syscall trace events use trace_event_buffer_lock_reserve()
commit 3e2a56e6f639492311e0a8533f0a7aed60816308 upstream.
Currently, the syscall trace events call trace_buffer_lock_reserve()
directly, which means that it misses out on some of the filtering
optimizations provided by the helper function
trace_event_buffer_lock_reserve(). Have the syscall trace events call that
instead, as it was missed when adding the update to use the temp buffer
when filtering.
Link: https://lkml.kernel.org/r/20220107225839.823118570@goodmis.org
Cc: stable@vger.kernel.org
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Tom Zanussi <zanussi@kernel.org>
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Fixes:
|
||
|
Xiangyang Zhang
|
40022b3682 |
tracing/kprobes: 'nmissed' not showed correctly for kretprobe
commit dfea08a2116fe327f79d8f4d4b2cf6e0c88be11f upstream.
The 'nmissed' column of the 'kprobe_profile' file for kretprobe is
not showed correctly, kretprobe can be skipped by two reasons,
shortage of kretprobe_instance which is counted by tk->rp.nmissed,
and kprobe itself is missed by some reason, so to show the sum.
Link: https://lkml.kernel.org/r/20220107150242.5019-1-xyz.sun.ok@gmail.com
Cc: stable@vger.kernel.org
Fixes:
|