-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmK22ZsACgkQONu9yGCS
aT7U7w//VnMguNsc3bGHuwAxnVqn4ByN+mcFb3Ajzz6q0HBRzkcQEqfI0WD0z9ST
RCuc4GzipwDowCkKiPRD7aWzGZm9qlXuDfyIJuu+okP6ko0A5tEOi3QSfNjI676s
NX+M22laWxtjqhV1vLL+kHCs8WSlTt1Kz3DQE+VPHBVso15H+vh4PkD1ekJa0RB+
BXHhfvVvJZGCe5Wf7EolZm4MnsVXe14YJdeI/QMd3I5UgkDv1/q1hmcRAtBskudE
2+BnWknPjbMVl98Xz5wMo5qcMZjar4PFoZ93QWnrznwj8etqDfO4/1U9pcRIzEpW
zsNf14kipqSDaXJRZXBRq/r6Y0tRXxBoESNm9GIMl8U0gKb+eSChtNRE3o4FX4a4
H0dhk+j+ZMCp3fLSmHtKP0CRrEyeJnA63qywYDV5VmoBhk81H7qC99c46g8tcyAZ
knBwQgDJejLlxFwElZNQMTzW2KR5Q71zZLJhVDJ22Dt51MLd0Fxph5VPK7iyXvFa
jAKp3lFWO7Ugx0lEPmTgEWlZLoIf6auKwpEu32+4OxQaXfSLbR4Z1F3CF3kXdpQk
CVh4NgAFXdt16MO4zE80sAevrsrrEZJzGDfs1NYgeOieMQhr4+EJoxQUBeBLmega
ARWup2Q+hcLWH3c0YR5I5GF9VkeP2d9mNEvJxn6c/T5HRHfrFHs=
=VzO0
-----END PGP SIGNATURE-----
Merge 4.14.285 into android-4.14-q
Changes in 4.14.285
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
crypto: chacha20 - Fix keystream alignment for chacha20_block()
random: always fill buffer in get_random_bytes_wait
random: optimize add_interrupt_randomness
drivers/char/random.c: remove unused dont_count_entropy
random: Fix whitespace pre random-bytes work
random: Return nbytes filled from hw RNG
random: add a config option to trust the CPU's hwrng
random: remove preempt disabled region
random: Make crng state queryable
random: make CPU trust a boot parameter
drivers/char/random.c: constify poolinfo_table
drivers/char/random.c: remove unused stuct poolinfo::poolbits
drivers/char/random.c: make primary_crng static
random: only read from /dev/random after its pool has received 128 bits
random: move rand_initialize() earlier
random: document get_random_int() family
latent_entropy: avoid build error when plugin cflags are not set
random: fix soft lockup when trying to read from an uninitialized blocking pool
random: Support freezable kthreads in add_hwgenerator_randomness()
fdt: add support for rng-seed
random: Use wait_event_freezable() in add_hwgenerator_randomness()
char/random: Add a newline at the end of the file
Revert "hwrng: core - Freeze khwrng thread during suspend"
crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array()
crypto: blake2s - generic C library implementation and selftest
lib/crypto: blake2s: move hmac construction into wireguard
lib/crypto: sha1: re-roll loops to reduce code size
random: Don't wake crng_init_wait when crng_init == 1
random: Add a urandom_read_nowait() for random APIs that don't warn
random: add GRND_INSECURE to return best-effort non-cryptographic bytes
random: ignore GRND_RANDOM in getentropy(2)
random: make /dev/random be almost like /dev/urandom
char/random: silence a lockdep splat with printk()
random: fix crash on multiple early calls to add_bootloader_randomness()
random: remove the blocking pool
random: delete code to pull data into pools
random: remove kernel.random.read_wakeup_threshold
random: remove unnecessary unlikely()
random: convert to ENTROPY_BITS for better code readability
random: Add and use pr_fmt()
random: fix typo in add_timer_randomness()
random: remove some dead code of poolinfo
random: split primary/secondary crng init paths
random: avoid warnings for !CONFIG_NUMA builds
x86: Remove arch_has_random, arch_has_random_seed
powerpc: Remove arch_has_random, arch_has_random_seed
s390: Remove arch_has_random, arch_has_random_seed
linux/random.h: Remove arch_has_random, arch_has_random_seed
linux/random.h: Use false with bool
linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
powerpc: Use bool in archrandom.h
random: add arch_get_random_*long_early()
random: avoid arch_get_random_seed_long() when collecting IRQ randomness
random: remove dead code left over from blocking pool
MAINTAINERS: co-maintain random.c
crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
crypto: blake2s - adjust include guard naming
random: document add_hwgenerator_randomness() with other input functions
random: remove unused irq_flags argument from add_interrupt_randomness()
random: use BLAKE2s instead of SHA1 in extraction
random: do not sign extend bytes for rotation when mixing
random: do not re-init if crng_reseed completes before primary init
random: mix bootloader randomness into pool
random: harmonize "crng init done" messages
random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
random: initialize ChaCha20 constants with correct endianness
random: early initialization of ChaCha constants
random: avoid superfluous call to RDRAND in CRNG extraction
random: don't reset crng_init_cnt on urandom_read()
random: fix typo in comments
random: cleanup poolinfo abstraction
crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
random: cleanup integer types
random: remove incomplete last_data logic
random: remove unused extract_entropy() reserved argument
random: try to actively add entropy rather than passively wait for it
random: rather than entropy_store abstraction, use global
random: remove unused OUTPUT_POOL constants
random: de-duplicate INPUT_POOL constants
random: prepend remaining pool constants with POOL_
random: cleanup fractional entropy shift constants
random: access input_pool_data directly rather than through pointer
random: simplify arithmetic function flow in account()
random: continually use hwgenerator randomness
random: access primary_pool directly rather than through pointer
random: only call crng_finalize_init() for primary_crng
random: use computational hash for entropy extraction
random: simplify entropy debiting
random: use linear min-entropy accumulation crediting
random: always wake up entropy writers after extraction
random: make credit_entropy_bits() always safe
random: remove use_input_pool parameter from crng_reseed()
random: remove batched entropy locking
random: fix locking in crng_fast_load()
random: use RDSEED instead of RDRAND in entropy extraction
random: inline leaves of rand_initialize()
random: ensure early RDSEED goes through mixer on init
random: do not xor RDRAND when writing into /dev/random
random: absorb fast pool into input pool after fast load
random: use hash function for crng_slow_load()
random: remove outdated INT_MAX >> 6 check in urandom_read()
random: zero buffer after reading entropy from userspace
random: tie batched entropy generation to base_crng generation
random: remove ifdef'd out interrupt bench
random: remove unused tracepoints
random: add proper SPDX header
random: deobfuscate irq u32/u64 contributions
random: introduce drain_entropy() helper to declutter crng_reseed()
random: remove useless header comment
random: remove whitespace and reorder includes
random: group initialization wait functions
random: group entropy extraction functions
random: group entropy collection functions
random: group userspace read/write functions
random: group sysctl functions
random: rewrite header introductory comment
random: defer fast pool mixing to worker
random: do not take pool spinlock at boot
random: unify early init crng load accounting
random: check for crng_init == 0 in add_device_randomness()
random: pull add_hwgenerator_randomness() declaration into random.h
random: clear fast pool, crng, and batches in cpuhp bring up
random: round-robin registers as ulong, not u32
random: only wake up writers after zap if threshold was passed
random: cleanup UUID handling
random: unify cycles_t and jiffies usage and types
random: do crng pre-init loading in worker rather than irq
random: give sysctl_random_min_urandom_seed a more sensible value
random: don't let 644 read-only sysctls be written to
random: replace custom notifier chain with standard one
random: use SipHash as interrupt entropy accumulator
random: make consistent usage of crng_ready()
random: reseed more often immediately after booting
random: check for signal and try earlier when generating entropy
random: skip fast_init if hwrng provides large chunk of entropy
random: treat bootloader trust toggle the same way as cpu trust toggle
random: re-add removed comment about get_random_{u32,u64} reseeding
random: mix build-time latent entropy into pool at init
random: do not split fast init input in add_hwgenerator_randomness()
random: do not allow user to keep crng key around on stack
random: check for signal_pending() outside of need_resched() check
random: check for signals every PAGE_SIZE chunk of /dev/[u]random
random: make random_get_entropy() return an unsigned long
random: document crng_fast_key_erasure() destination possibility
random: fix sysctl documentation nits
init: call time_init() before rand_initialize()
ia64: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
powerpc: define get_cycles macro for arch-override
timekeeping: Add raw clock fallback for random_get_entropy()
m68k: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
arm: use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
xtensa: use fallback for random_get_entropy() instead of zero
random: insist on random_get_entropy() existing in order to simplify
random: do not use batches when !crng_ready()
random: do not pretend to handle premature next security model
random: order timer entropy functions below interrupt functions
random: do not use input pool from hard IRQs
random: help compiler out with fast_mix() by using simpler arguments
siphash: use one source of truth for siphash permutations
random: use symbolic constants for crng_init states
random: avoid initializing twice in credit race
random: remove ratelimiting for in-kernel unseeded randomness
random: use proper jiffies comparison macro
random: handle latent entropy and command line from random_init()
random: credit architectural init the exact amount
random: use static branch for crng_ready()
random: remove extern from functions in header
random: use proper return types on get_random_{int,long}_wait()
random: move initialization functions out of hot pages
random: move randomize_page() into mm where it belongs
random: convert to using fops->write_iter()
random: wire up fops->splice_{read,write}_iter()
random: check for signals after page of pool writes
Revert "random: use static branch for crng_ready()"
crypto: drbg - add FIPS 140-2 CTRNG for noise source
crypto: drbg - always seeded with SP800-90B compliant noise source
crypto: drbg - prepare for more fine-grained tracking of seeding state
crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
crypto: drbg - always try to free Jitter RNG instance
crypto: drbg - make reseeding from get_random_bytes() synchronous
random: avoid checking crng_ready() twice in random_init()
random: mark bootloader randomness code as __init
random: account for arch randomness in bits
ASoC: cs42l52: Fix TLV scales for mixer controls
ASoC: cs53l30: Correct number of volume levels on SX controls
ASoC: cs42l52: Correct TLV for Bypass Volume
ASoC: cs42l56: Correct typo in minimum level for SX volume controls
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
ASoC: wm8962: Fix suspend while playing music
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
scsi: ipr: Fix missing/incorrect resource cleanup in error case
scsi: pmcraid: Fix missing resource cleanup in error case
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
random: credit cpu and bootloader seeds by default
pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
i40e: Fix call trace in setup_tx_descriptors
tty: goldfish: Fix free_irq() on remove
misc: atmel-ssc: Fix IRQ check in ssc_probe
net: bgmac: Fix an erroneous kfree() in bgmac_remove()
arm64: ftrace: fix branch range checks
certs/blacklist_hashes.c: fix const confusion in certs blacklist
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
comedi: vmk80xx: fix expression for tx buffer size
USB: serial: option: add support for Cinterion MV31 with new baseline
USB: serial: io_ti: add Agilent E5805A support
usb: dwc2: Fix memory leak in dwc2_hcd_init
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
serial: 8250: Store to lsr_save_flags after lsr read
ext4: fix bug_on ext4_mb_use_inode_pa
ext4: make variable "count" signed
ext4: add reserved GDT blocks check
virtio-pci: Remove wrong address verification in vp_del_vqs()
l2tp: don't use inet_shutdown on ppp session destroy
l2tp: fix race in pppol2tp_release with session object destroy
s390/mm: use non-quiescing sske for KVM switch to keyed guest
usb: gadget: u_ether: fix regression in setting fixed MAC address
xprtrdma: fix incorrect header size calculations
tcp: add some entropy in __inet_hash_connect()
tcp: use different parts of the port_offset for index and offset
tcp: add small random increments to the source port
tcp: dynamically allocate the perturb table used by source ports
tcp: increase source port perturb table to 2^16
tcp: drop the hash_32() part from the index calculation
Linux 4.14.285
Conflicts:
crypto/chacha20_generic.c
drivers/char/random.c
drivers/of/fdt.c
include/crypto/chacha20.h
lib/chacha20.c
Merge resolution notes:
- Added CHACHA20_KEY_SIZE and CHACHA20_BLOCK_SIZE constants to
chacha.h, to minimize changes from the 4.14.285 version of random.c
- Updated lib/vsprintf.c for
"random: replace custom notifier chain with standard one".
Change-Id: Icfe6ba9cc8d3eb9cb17696e95725d1eb4dd107c4
Signed-off-by: Eric Biggers <ebiggers@google.com>
commit 2f14062bb14b0fcfcc21e6dc7d5b5c0d25966164 upstream.
Currently, start_kernel() adds latent entropy and the command line to
the entropy bool *after* the RNG has been initialized, deferring when
it's actually used by things like stack canaries until the next time
the pool is seeded. This surely is not intended.
Rather than splitting up which entropy gets added where and when between
start_kernel() and random_init(), just do everything in random_init(),
which should eliminate these kinds of bugs in the future.
While we're at it, rename the awkwardly titled "rand_initialize()" to
the more standard "random_init()" nomenclature.
Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit fe222a6ca2d53c38433cba5d3be62a39099e708e upstream.
Currently time_init() is called after rand_initialize(), but
rand_initialize() makes use of the timer on various platforms, and
sometimes this timer needs to be initialized by time_init() first. In
order for random_get_entropy() to not return zero during early boot when
it's potentially used as an entropy source, reverse the order of these
two calls. The block doing random initialization was right before
time_init() before, so changing the order shouldn't have any complicated
effects.
Cc: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Stafford Horne <shorne@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d55535232c3dbde9a523a9d10d68670f5fe5dec3 upstream.
Right now rand_initialize() is run as an early_initcall(), but it only
depends on timekeeping_init() (for mixing ktime_get_real() into the
pools). However, the call to boot_init_stack_canary() for stack canary
initialization runs earlier, which triggers a warning at boot:
random: get_random_bytes called from start_kernel+0x357/0x548 with crng_init=0
Instead, this moves rand_initialize() to after timekeeping_init(), and moves
canary initialization here as well.
Note that this warning may still remain for machines that do not have
UEFI RNG support (which initializes the RNG pools during setup_arch()),
or for x86 machines without RDRAND (or booting without "random.trust=on"
or CONFIG_RANDOM_TRUST_CPU=y).
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmJfsXYACgkQONu9yGCS
aT4FSg/+JNuh/FNAa4Es7pC4O3BpsaIIji6MEYjSw1sMMgqtmXCnbm+1TCsgCOee
auBiVGZzNjLRNESrqOPisEA5aUs31i3fVOD0c55bHgOhqxtLxaU7HmtqIlfvnEKu
a49LRtqq3AEObilBFeBHQnUrTEGO/MnI4XoUsLdR6FWJBnYsBLczDdNGYIWZ/hCX
y129piS/P53nHfmPTMH0De6soOXFIx3d82437pwA0vDEANtMx8lyaW+kdPSsgZl7
03JAQFW1KRjiLzHt+9w7c78dbnyEIQd78W4wn4NFglN7Ybxi7NFEjaf0xnyerwG2
b38ofe8Gw5IqUzF6eCHliG1UgQwZD7pNBjOIKukrpxL3bIEcTOhIQeu1HCm901k0
/Y53ju6tNCrv2PbHVylYibasxPiA2gxzFwJW/JvWWTtZZ6AwkZV0fs3LXXpmDix3
7n/QBjQcz4sOAAWwFoaxneUOTaNoFseZtW/dgqbq+Ukgt2SCP15EUDMVjIXi3fDr
3z5+QvO5IbjbcsFShVfDQ6RfnALp4TWXbrPQ+RTK77BZTbMNg7wjKxBC2MmTmStI
8aiDYecKR4FOXdW930zxYHS76gx57V30hur7jlqjFz0uNYnXU/R42kKUxEqD/86G
UNX+zMv9uH5INANIy4P6DNZyZoTHQgdMIuuhKvntg/G3BcQ5I7k=
=zpoO
-----END PGP SIGNATURE-----
Merge 4.14.276 into android-4.14-q
Changes in 4.14.276
USB: serial: pl2303: add IBM device IDs
USB: serial: simple: add Nokia phone driver
netdevice: add the case if dev is NULL
virtio_console: break out of buf poll on remove
ethernet: sun: Free the coherent when failing in probing
spi: Fix invalid sgs value
spi: Fix erroneous sgs value with min_t()
af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
fuse: fix pipe buffer lifetime for direct_io
tpm: fix reference counting for struct tpm_chip
block: Add a helper to validate the block size
virtio-blk: Use blk_validate_block_size() to validate block size
USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
coresight: Fix TRCCONFIGR.QE sysfs interface
iio: inkern: apply consumer scale on IIO_VAL_INT cases
iio: inkern: apply consumer scale when no channel scale is available
iio: inkern: make a best effort on offset calculation
clk: uniphier: Fix fixed-rate initialization
ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
Documentation: add link to stable release candidate tree
Documentation: update stable tree link
SUNRPC: avoid race between mod_timer() and del_timer_sync()
NFSD: prevent underflow in nfssvc_decode_writeargs()
pinctrl: samsung: drop pin banks references on error paths
can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
jffs2: fix memory leak in jffs2_do_mount_fs
jffs2: fix memory leak in jffs2_scan_medium
mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
mempolicy: mbind_range() set_policy() after vma_merge()
scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
qed: display VF trust config
qed: validate and restrict untrusted VFs vlan promisc mode
Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
ALSA: cs4236: fix an incorrect NULL check on list iterator
drbd: fix potential silent data corruption
ACPI: properties: Consistently return -ENOENT if there are no more references
drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
video: fbdev: sm712fb: Fix crash in smtcfb_read()
video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
ARM: dts: exynos: add missing HDMI supplies on SMDK5250
ARM: dts: exynos: add missing HDMI supplies on SMDK5420
carl9170: fix missing bit-wise or operator for tx_params
thermal: int340x: Increase bitmap size
lib/raid6/test: fix multiple definition linking error
DEC: Limit PMAX memory probing to R3k systems
media: davinci: vpif: fix unbalanced runtime PM get
brcmfmac: firmware: Allocate space for default boardrev in nvram
brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
PCI: pciehp: Clear cmd_busy bit in polling mode
crypto: authenc - Fix sleep in atomic context in decrypt_tail
crypto: mxs-dcp - Fix scatterlist processing
spi: tegra114: Add missing IRQ check in tegra_spi_probe
selftests/x86: Add validity check and allow field splitting
spi: pxa2xx-pci: Balance reference count for PCI DMA device
hwmon: (pmbus) Add mutex to regulator ops
hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
PM: hibernate: fix __setup handler error handling
PM: suspend: fix return value of __setup handler
hwrng: atmel - disable trng on failure path
crypto: vmx - add missing dependencies
ACPI: APEI: fix return value of __setup handlers
crypto: ccp - ccp_dmaengine_unregister release dma channels
hwmon: (pmbus) Add Vin unit off handling
clocksource: acpi_pm: fix return value of __setup handler
sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
perf/core: Fix address filter parser for multiple filters
perf/x86/intel/pt: Fix address filter config for 32-bit kernel
media: coda: Fix missing put_device() call in coda_get_vdoa_data
video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
ARM: dts: qcom: ipq4019: fix sleep clock
soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
media: usb: go7007: s2250-board: fix leak in probe()
ASoC: ti: davinci-i2s: Add check for clk_enable()
ALSA: spi: Add check for clk_enable()
arm64: dts: ns2: Fix spi-cpol and spi-cpha property
arm64: dts: broadcom: Fix sata nodename
printk: fix return value of printk.devkmsg __setup handler
ASoC: mxs-saif: Handle errors for clk_enable
ASoC: atmel_ssc_dai: Handle errors for clk_enable
memory: emif: Add check for setup_interrupts
memory: emif: check the pointer temp in get_device_details()
ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED
ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
ASoC: wm8350: Handle error for wm8350_register_irq
ASoC: fsi: Add check for clk_enable
video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe
mtd: onenand: Check for error irq
drm/edid: Don't clear formats if using deep color
ath9k_htc: fix uninit value bugs
power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
ray_cs: Check ioremap return value
power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
iwlwifi: Fix -EIO error code that is never returned
dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
scsi: pm8001: Fix abort all task initialization
TOMOYO: fix __setup handlers return values
ext2: correct max file size computing
drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return
KVM: x86: Fix emulation in writing cr8
KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
i2c: xiic: Make bus names unique
power: supply: wm8350-power: Handle error for wm8350_register_irq
power: supply: wm8350-power: Add missing free in free_charger_irq
PCI: Reduce warnings on possible RW1C corruption
powerpc/sysdev: fix incorrect use to determine if list is empty
mfd: mc13xxx: Add check for mc13xxx_irq_request
vxcan: enable local echo for sent CAN frames
MIPS: RB532: fix return value of __setup handler
mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
USB: storage: ums-realtek: fix error code in rts51x_read_mem()
af_netlink: Fix shift out of bounds in group mask calculation
i2c: mux: demux-pinctrl: do not deactivate a master that is not active
tcp: ensure PMTU updates are processed during fastopen
mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
mxser: fix xmit_buf leak in activate when LSR == 0xff
pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
staging:iio:adc:ad7280a: Fix handing of device address bit reversing.
serial: 8250_mid: Balance reference count for PCI DMA device
serial: 8250: Fix race condition in RTS-after-send handling
iio: adc: Add check for devm_request_threaded_irq
clk: qcom: clk-rcg2: Update the frac table for pixel clock
remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
clk: loongson1: Terminate clk_div_table with sentinel element
clk: clps711x: Terminate clk_div_table with sentinel element
clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
NFS: remove unneeded check in decode_devicenotify_args()
pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
tty: hvc: fix return value of __setup handler
kgdboc: fix return value of __setup handler
kgdbts: fix return value of __setup handler
jfs: fix divide error in dbNextAG
netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
xen: fix is_xen_pmu()
net: phy: broadcom: Fix brcm_fet_config_init()
qlcnic: dcb: default to returning -EOPNOTSUPP
net/x25: Fix null-ptr-deref caused by x25_disconnect
NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
lib/test: use after free in register_test_dev_kmod()
selinux: use correct type for context length
loop: use sysfs_emit() in the sysfs xxx show()
Fix incorrect type in assignment of ipv6 port for audit
irqchip/nvic: Release nvic_base upon failure
ACPICA: Avoid walking the ACPI Namespace if it is not there
ACPI/APEI: Limit printable size of BERT table data
PM: core: keep irq flags in device_pm_check_callbacks()
spi: tegra20: Use of_device_get_match_data()
ext4: don't BUG if someone dirty pages without asking ext4 first
ntfs: add sanity check on allocation size
video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
video: fbdev: w100fb: Reset global state
video: fbdev: cirrusfb: check pixclock to avoid divide by zero
video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
ARM: dts: bcm2837: Add the missing L1/L2 cache information
video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
ASoC: soc-core: skip zero num_dai component in searching dai name
media: cx88-mpeg: clear interrupt status register before streaming video
ARM: tegra: tamonten: Fix I2C3 pad setting
ARM: mmp: Fix failure to remove sram device
video: fbdev: sm712fb: Fix crash in smtcfb_write()
media: hdpvr: initialize dev->worker at hdpvr_register_videodev
mmc: host: Return an error when ->enable_sdio_irq() ops is missing
powerpc/lib/sstep: Fix 'sthcx' instruction
powerpc/lib/sstep: Fix build errors with newer binutils
scsi: qla2xxx: Fix warning for missing error code
scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
KVM: Prevent module exit until all VMs are freed
ubifs: rename_whiteout: Fix double free for whiteout_ui->data
ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
ubifs: rename_whiteout: correct old_dir size computing
can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
can: mcba_usb: properly check endpoint type
gfs2: Make sure FITRIM minlen is rounded up to fs block size
pinctrl: pinconf-generic: Print arguments for bias-pull-*
ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
mm/mmap: return 1 from stack_guard_gap __setup() handler
mm/memcontrol: return 1 from cgroup.memory __setup() handler
ubi: fastmap: Return error code if memory allocation fails in add_aeb()
ASoC: topology: Allow TLV control to be either read or write
ARM: dts: spear1340: Update serial node properties
ARM: dts: spear13xx: Update SPI dma properties
openvswitch: Fixed nd target mask field in the flow dump.
KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
ubifs: Rectify space amount budget for mkdir/tmpfile operations
rtc: wm8350: Handle error for wm8350_register_irq
ARM: 9187/1: JIVE: fix return value of __setup handler
KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
ptp: replace snprintf with sysfs_emit
powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
scsi: mvsas: Replace snprintf() with sysfs_emit()
scsi: bfa: Replace snprintf() with sysfs_emit()
power: supply: axp20x_battery: properly report current when discharging
powerpc: Set crashkernel offset to mid of RMA region
PCI: aardvark: Fix support for MSI interrupts
iommu/arm-smmu-v3: fix event handling soft lockup
dm ioctl: prevent potential spectre v1 gadget
scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
scsi: aha152x: Fix aha152x_setup() __setup handler return value
net/smc: correct settings of RMB window update limit
macvtap: advertise link netns via netlink
bnxt_en: Eliminate unintended link toggle during FW reset
MIPS: fix fortify panic when copying asm exception handlers
scsi: libfc: Fix use after free in fc_exch_abts_resp()
usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
xtensa: fix DTC warning unit_address_format
Bluetooth: Fix use after free in hci_send_acl
init/main.c: return 1 from handled __setup() functions
w1: w1_therm: fixes w1_seq for ds28ea00 sensors
SUNRPC/call_alloc: async tasks mustn't block waiting for memory
NFS: swap IO handling is slightly different for O_DIRECT IO
NFS: swap-out must always use STABLE writes.
serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
virtio_console: eliminate anonymous module_init & module_exit
jfs: prevent NULL deref in diFree
parisc: Fix CPU affinity for Lasi, WAX and Dino chips
ipv6: add missing tx timestamping on IPPROTO_RAW
net: add missing SOF_TIMESTAMPING_OPT_ID support
mm: fix race between MADV_FREE reclaim and blkdev direct IO read
drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
drm/imx: Fix memory leak in imx_pd_connector_get_modes
drbd: Fix five use after free bugs in get_initial_state
Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
mm/mempolicy: fix mpol_new leak in shared_policy_replace
x86/pm: Save the MSR validity status at context setup
x86/speculation: Restore speculation related MSRs during S3 resume
btrfs: fix qgroup reserve overflow the qgroup limit
arm64: patch_text: Fixup last cpu should be master
perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
mm: don't skip swap entry even if zap_details specified
arm64: module: remove (NOLOAD) from linker script
mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning
cgroup: Use open-time credentials for process migraton perm checks
cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
cgroup: Use open-time cgroup namespace for process migration perm checks
xfrm: policy: match with both mark and mask on user interfaces
memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
veth: Ensure eth header is in skb's linear part
gpiolib: acpi: use correct format characters
mlxsw: i2c: Fix initialization error flow
net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
nfc: nci: add flush_workqueue to prevent uaf
cifs: potential buffer overflow in handling symlinks
drm/amd: Add USBC connector ID
drm/amdkfd: Check for potential null return of kmalloc_array()
Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
scsi: target: tcmu: Fix possible page UAF
scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
net: micrel: fix KS8851_MLL Kconfig
ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
gpu: ipu-v3: Fix dev_dbg frequency output
scsi: mvsas: Add PCI ID of RocketRaid 2640
drivers: net: slip: fix NPD bug in sl_tx_timeout()
mm, page_alloc: fix build_zonerefs_node()
mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
gcc-plugins: latent_entropy: use /dev/urandom
ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
ARM: davinci: da850-evm: Avoid NULL pointer dereference
smp: Fix offline cpu check in flush_smp_call_function_queue()
i2c: pasemi: Wait for write xfers to finish
Linux 4.14.276
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2d7d1f9507aade1b0415178644d9077843669975
[ Upstream commit f9a40b0890658330c83c95511f9d6b396610defc ]
initcall_blacklist() should return 1 to indicate that it handled its
cmdline arguments.
set_debug_rodata() should return 1 to indicate that it handled its
cmdline arguments. Print a warning if the option string is invalid.
This prevents these strings from being added to the 'init' program's
environment as they are not init arguments/parameters.
Link: https://lkml.kernel.org/r/20220221050901.23985-1-rdunlap@infradead.org
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmIM48wACgkQONu9yGCS
aT4sNg/+L0gb7cVGovYL5OMP+UrZuuSpbl0KgQpGBtuOyiYDFHfox0qbM2GnQtbg
UqEOYjbGPKZLSlOOpX9U5f7gWZM7CImKGMBOWOQFLXnmK9kusP/7S8xUEjjYKZL+
jVD6OY3CzRV0IpsgEnOGPp/BHDjUQAaXFDZ2ov7IPfi/XFdwPJfke0XidNHy7qVh
mW+z3nLUfY7+5oNb2WG3q8xuJhaFATJq09iSYLAraytfTqUhqbvE3jUchG8GIFbS
dhAcN8jQZ01eSQtBJPbyaZN49hFyIgglTxaOcb0nFJoinQh7r4Sts7U/+sxsUSdB
ZEYQF312tF7iR4FzMkVQ8bMm4YU0Zx6nuozVIS1LuY9yO5ejBqVD03jjDEeneYfO
voloRLxm7JyR9sKAcmJrPPOWLiFY9MhnZbfcwBkjEUfZJ49gIDSr1eLgSRqyPfbO
PJzWYXctcZyEMMOWqJOdX/4PwbMpEIQ5q72XSDDFndDAJv7kp7mcOxYIlJ7fh9BM
XnvjPC/Ec7n29trMLN05Vq4s52JeIMekOVjXuWt5afS1zylOA5zGfgmWeyKqCBy3
9WWB9GjpmYLScFhprv+cHVazU80rNcrSK5Ey9kI4I72/+0d9NcGlXlrxudLoZM5u
CMAlq5AaZDfzRe1QUsojn4OBg3o4fpQJCEZKn3A+Y4gqlN+AJo8=
=8OoT
-----END PGP SIGNATURE-----
Merge 4.14.267 into android-4.14-q
Changes in 4.14.267
integrity: check the return value of audit_log_start()
ima: Remove ima_policy file before directory
ima: Allow template selection with ima_template[_fmt]= after ima_hash=
mmc: sdhci-of-esdhc: Check for error num after setting mask
net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
NFS: Fix initialisation of nfs_client cl_flags field
NFSD: Clamp WRITE offsets
NFSv4 only print the label when its queried
nfs: nfs4clinet: check the return value of kstrdup()
NFSv4.1: Fix uninitialised variable in devicenotify
NFSv4 remove zero number of fs_locations entries error check
NFSv4 expose nfs_parse_server_name function
scsi: target: iscsi: Make sure the np under each tpg is unique
usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout()
Revert "net: axienet: Wait for PhyRstCmplt after core reset"
bpf: Add kconfig knob for disabling unpriv bpf by default
ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
ARM: dts: meson: Fix the UART compatible strings
staging: fbtft: Fix error path in fbtft_driver_module_init()
ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
usb: f_fs: Fix use-after-free for epfile
bonding: pair enable_port with slave_arr_updates
ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
net: do not keep the dst cache when uncloning an skb dst and its metadata
net: fix a memleak when uncloning an skb dst and its metadata
tipc: rate limit warning for received illegal binding update
net: amd-xgbe: disable interrupts during pci removal
vt_ioctl: fix array_index_nospec in vt_setactivate
vt_ioctl: add array_index_nospec to VT_ACTIVATE
n_tty: wake up poll(POLLRDNORM) on receiving data
usb: ulpi: Move of_node_put to ulpi_dev_release
usb: ulpi: Call of_node_put correctly
usb: dwc3: gadget: Prevent core from processing stale TRBs
USB: gadget: validate interface OS descriptor requests
usb: gadget: rndis: check size of RNDIS_MSG_SET command
USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
USB: serial: option: add ZTE MF286D modem
USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
USB: serial: cp210x: add NCR Retail IO box id
USB: serial: cp210x: add CPI Bulk Coin Recycler id
seccomp: Invalidate seccomp mode to catch death failures
hwmon: (dell-smm) Speed up setting of fan speed
perf: Fix list corruption in perf_cgroup_switch()
Linux 4.14.267
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I33284b7bd74b7ca79f8f7624e114dcd7cf0f0dae
commit 08389d888287c3823f80b0216766b71e17f0aba5 upstream.
Add a kconfig knob which allows for unprivileged bpf to be disabled by default.
If set, the knob sets /proc/sys/kernel/unprivileged_bpf_disabled to value of 2.
This still allows a transition of 2 -> {0,1} through an admin. Similarly,
this also still keeps 1 -> {1} behavior intact, so that once set to permanently
disabled, it cannot be undone aside from a reboot.
We've also added extra2 with max of 2 for the procfs handler, so that an admin
still has a chance to toggle between 0 <-> 2.
Either way, as an additional alternative, applications can make use of CAP_BPF
that we added a while ago.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/74ec548079189e4e4dffaeb42b8987bb3c852eee.1620765074.git.daniel@iogearbox.net
[fllinden@amazon.com: backported to 4.14]
Signed-off-by: Frank van der Linden <fllinden@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmDB7PYACgkQONu9yGCS
aT4sABAAo15TKI4d1BKsnGEIjv7LYtIAnkfRm4UqoJnFWe60zgdaKKPtJnEICSkF
ez0DNkDMEx4Y9uDeKzTuIYvOV+2anmZyH8xngW1UiAsKhTkofph5RExxCeze68T5
y84sAHtTpHSkuEN55R5kexZ8JkNohYuphe+7g//5zyqsgbIDzyYd2c7TUQJMOWdw
wVQtuitq2vN7EuLmEeI5jTDP3qg2gjVi/DUp/OGfeYQAaoeDl0ZMaE/vGvzZngPA
mm9EgX3eIc4k0HNAYbw693LP5FBPaAro5qiJ9yEGjbxwSFvmkLkpGFepk475c8CP
H5GILJ8RE95VGC0baK+TbMF+CGwgJorFMMniFHC0T1GApCv3vgVtxJUXZkasmcVJ
Mw/xhWI4x6zVvu9Ofq1G9eJ5MRpU+c6jpu4dUQpk3XJBihUHTaHZ6wGG48osB5/7
ajwODcnKwNAQVY/bSC5IStQsx8f7lIDTA98Pg7i3POjor40MwU8UXUub2LTvlp3y
Q4b/UP0kxC6uBtcSCyCwswBj0rLK/AS0Lesf6LKXKmtTbb3cHGP+/pbq4TqTwjSa
tAmTVrUAnVTbmTfzMZ2hYnu+qmRflEp92AvjHw8YqFcg27Shv4XIK0vSMXJu4gtK
r7yLMLltDcNU1jA1KYZ2IRDqNMWFsLuO01A3rZYtB1jhHaIs9dA=
=Nrhr
-----END PGP SIGNATURE-----
Merge 4.14.236 into android-4.14-q
Changes in 4.14.236
net: usb: cdc_ncm: don't spew notifications
efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared
efi: cper: fix snprintf() use in cper_dimm_err_location()
vfio/pci: Fix error return code in vfio_ecap_init()
vfio/pci: zap_vma_ptes() needs MMU
vfio/platform: fix module_put call in error flow
ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service
HID: pidff: fix error return code in hid_pidff_init()
HID: i2c-hid: fix format string mismatch
netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches
ieee802154: fix error return code in ieee802154_add_iface()
ieee802154: fix error return code in ieee802154_llsec_getparams()
Bluetooth: fix the erroneous flush_work() order
Bluetooth: use correct lock to prevent UAF of hdev object
net: caif: added cfserl_release function
net: caif: add proper error handling
net: caif: fix memory leak in caif_device_notify
net: caif: fix memory leak in cfusbl_device_notify
ALSA: timer: Fix master timer notification
ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
pid: take a reference when initializing `cad_pid`
ocfs2: fix data corruption by fallocate
nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
btrfs: fix error handling in btrfs_del_csums
btrfs: fixup error handling in fixup_inode_link_counts
mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY
bpf, selftests: Fix up some test_verifier cases for unprivileged
bpf: Move off_reg into sanitize_ptr_alu
bpf: Ensure off_reg has no mixed signed bounds for all types
bpf: Rework ptr_limit into alu_limit and add common error path
bpf: Improve verifier error messages for users
bpf: Refactor and streamline bounds check into helper
bpf: Move sanitize_val_alu out of op switch
bpf: Tighten speculative pointer arithmetic mask
bpf: Update selftests to reflect new error states
bpf: do not allow root to mangle valid pointers
bpf/verifier: disallow pointer subtraction
selftests/bpf: fix test_align
selftests/bpf: make 'dubious pointer arithmetic' test useful
bpf: Fix leakage of uninitialized bpf stack under speculation
bpf: Wrap aux data inside bpf_sanitize_info container
bpf: Fix mask direction swap upon off reg sign change
bpf: No need to simulate speculative domain for immediates
bnxt_en: Remove the setting of dev_port.
KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode
sched/fair: Optimize select_idle_cpu
xen-pciback: redo VF placement in the virtual topology
Linux 4.14.236
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I943bee4c74d0cc63b1a3c4a05d1bc4ff6326afeb
commit 0711f0d7050b9e07c44bc159bbc64ac0a1022c7f upstream.
During boot, kernel_init_freeable() initializes `cad_pid` to the init
task's struct pid. Later on, we may change `cad_pid` via a sysctl, and
when this happens proc_do_cad_pid() will increment the refcount on the
new pid via get_pid(), and will decrement the refcount on the old pid
via put_pid(). As we never called get_pid() when we initialized
`cad_pid`, we decrement a reference we never incremented, can therefore
free the init task's struct pid early. As there can be dangling
references to the struct pid, we can later encounter a use-after-free
(e.g. when delivering signals).
This was spotted when fuzzing v5.13-rc3 with Syzkaller, but seems to
have been around since the conversion of `cad_pid` to struct pid in
commit 9ec52099e4 ("[PATCH] replace cad_pid by a struct pid") from the
pre-KASAN stone age of v2.6.19.
Fix this by getting a reference to the init task's struct pid when we
assign it to `cad_pid`.
Full KASAN splat below.
==================================================================
BUG: KASAN: use-after-free in ns_of_pid include/linux/pid.h:153 [inline]
BUG: KASAN: use-after-free in task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509
Read of size 4 at addr ffff23794dda0004 by task syz-executor.0/273
CPU: 1 PID: 273 Comm: syz-executor.0 Not tainted 5.12.0-00001-g9aef892b2d15 #1
Hardware name: linux,dummy-virt (DT)
Call trace:
ns_of_pid include/linux/pid.h:153 [inline]
task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509
do_notify_parent+0x308/0xe60 kernel/signal.c:1950
exit_notify kernel/exit.c:682 [inline]
do_exit+0x2334/0x2bd0 kernel/exit.c:845
do_group_exit+0x108/0x2c8 kernel/exit.c:922
get_signal+0x4e4/0x2a88 kernel/signal.c:2781
do_signal arch/arm64/kernel/signal.c:882 [inline]
do_notify_resume+0x300/0x970 arch/arm64/kernel/signal.c:936
work_pending+0xc/0x2dc
Allocated by task 0:
slab_post_alloc_hook+0x50/0x5c0 mm/slab.h:516
slab_alloc_node mm/slub.c:2907 [inline]
slab_alloc mm/slub.c:2915 [inline]
kmem_cache_alloc+0x1f4/0x4c0 mm/slub.c:2920
alloc_pid+0xdc/0xc00 kernel/pid.c:180
copy_process+0x2794/0x5e18 kernel/fork.c:2129
kernel_clone+0x194/0x13c8 kernel/fork.c:2500
kernel_thread+0xd4/0x110 kernel/fork.c:2552
rest_init+0x44/0x4a0 init/main.c:687
arch_call_rest_init+0x1c/0x28
start_kernel+0x520/0x554 init/main.c:1064
0x0
Freed by task 270:
slab_free_hook mm/slub.c:1562 [inline]
slab_free_freelist_hook+0x98/0x260 mm/slub.c:1600
slab_free mm/slub.c:3161 [inline]
kmem_cache_free+0x224/0x8e0 mm/slub.c:3177
put_pid.part.4+0xe0/0x1a8 kernel/pid.c:114
put_pid+0x30/0x48 kernel/pid.c:109
proc_do_cad_pid+0x190/0x1b0 kernel/sysctl.c:1401
proc_sys_call_handler+0x338/0x4b0 fs/proc/proc_sysctl.c:591
proc_sys_write+0x34/0x48 fs/proc/proc_sysctl.c:617
call_write_iter include/linux/fs.h:1977 [inline]
new_sync_write+0x3ac/0x510 fs/read_write.c:518
vfs_write fs/read_write.c:605 [inline]
vfs_write+0x9c4/0x1018 fs/read_write.c:585
ksys_write+0x124/0x240 fs/read_write.c:658
__do_sys_write fs/read_write.c:670 [inline]
__se_sys_write fs/read_write.c:667 [inline]
__arm64_sys_write+0x78/0xb0 fs/read_write.c:667
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:49 [inline]
el0_svc_common.constprop.1+0x16c/0x388 arch/arm64/kernel/syscall.c:129
do_el0_svc+0xf8/0x150 arch/arm64/kernel/syscall.c:168
el0_svc+0x28/0x38 arch/arm64/kernel/entry-common.c:416
el0_sync_handler+0x134/0x180 arch/arm64/kernel/entry-common.c:432
el0_sync+0x154/0x180 arch/arm64/kernel/entry.S:701
The buggy address belongs to the object at ffff23794dda0000
which belongs to the cache pid of size 224
The buggy address is located 4 bytes inside of
224-byte region [ffff23794dda0000, ffff23794dda00e0)
The buggy address belongs to the page:
page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4dda0
head:(____ptrval____) order:1 compound_mapcount:0
flags: 0x3fffc0000010200(slab|head)
raw: 03fffc0000010200 dead000000000100 dead000000000122 ffff23794d40d080
raw: 0000000000000000 0000000000190019 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff23794dd9ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff23794dd9ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff23794dda0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff23794dda0080: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
ffff23794dda0100: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
==================================================================
Link: https://lkml.kernel.org/r/20210524172230.38715-1-mark.rutland@arm.com
Fixes: 9ec52099e4 ("[PATCH] replace cad_pid by a struct pid")
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Cedric Le Goater <clg@fr.ibm.com>
Cc: Christian Brauner <christian@brauner.io>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Kees Cook <keescook@chromium.org
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmBxigAACgkQONu9yGCS
aT7QRhAAmB19bMTh7ezIjmWPNfReizOdMBVXcR894fvRvwhelHkGVQsJnMXAe2XB
IcXNmsMFKoDyqh7gsJyAq8aPWdFugOYbGbLHOpcWagu5ROGnpp+6r8Hg1DjPtnnp
bR3Z+U+p6nYsr7TDYX4e4zTohNkWBEgKX6VnbRGBGqcY0KuBcu7nCr4yPZ4Oas3j
bidhkMv1orIBWoNqjp6k3uxtP1qaPHeFYa+aXq0/TfQGOd1jWl4xnMjF6UoidlkH
UUn0mW0ckoOmWQLe6J1J1acN6wvC8VMfYk4j2dkHIB3pfCGTK9yPe7PEojJn+sqP
eEX9CnDg9xIXhwQwYLldXssAp/zCw54K21UGbrp+ztv6qdPiQSX4ARNG0qsBdONf
HnFLJ5ubtAybe+4rWmcncYSdCZ2L5n52j3br2N0V/40xtk7HAKewIHpV1c6TMx4Z
/2p3ZpgxfCmnlkPilwzXkYKrzEibdbN2QdTYaPDNTycRe9njCtg+L/KoRKVLF+yr
mnJ80m1WfS60BL2udhSCkPkqz0LcY0CSJz4E58/5mqeO9fKdwYkbNWTLrDpJaE9Q
/PL0yHz2xPyu9Wnec3Sy1ihAuoGA12RozcpU95sajzCiBcY9Gt7rFr4D8/r3voaE
tLs7jg7z1kHeNyxXX7Tgwf2jWoeYR8/FDh5Mb9fE9EgCFhwTvhA=
=lOlV
-----END PGP SIGNATURE-----
Merge 4.14.230 into android-4.14-q
Changes in 4.14.230
ARM: dts: am33xx: add aliases for mmc interfaces
net: pxa168_eth: Fix a potential data race in pxa168_eth_remove
mISDN: fix crash in fritzpci
mac80211: choose first enabled channel for monitor
drm/msm: Ratelimit invalid-fence message
platform/x86: thinkpad_acpi: Allow the FnLock LED to change state
x86/build: Turn off -fcf-protection for realmode targets
scsi: target: pscsi: Clean up after failure in pscsi_map_sg()
ia64: mca: allocate early mca with GFP_ATOMIC
cifs: revalidate mapping when we open files for SMB1 POSIX
cifs: Silently ignore unknown oplock break handle
bpf, x86: Validate computation of branch displacements for x86-64
init/Kconfig: make COMPILE_TEST depend on !S390
init/Kconfig: make COMPILE_TEST depend on HAS_IOMEM
can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate
Linux 4.14.230
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib14bafcc7fa51d7fa37c307e8b3d45f22f30c0de
commit ea29b20a828511de3348334e529a3d046a180416 upstream.
I read the commit log of the following two:
- bc083a64b6 ("init/Kconfig: make COMPILE_TEST depend on !UML")
- 334ef6ed06fa ("init/Kconfig: make COMPILE_TEST depend on !S390")
Both are talking about HAS_IOMEM dependency missing in many drivers.
So, 'depends on HAS_IOMEM' seems the direct, sensible solution to me.
This does not change the behavior of UML. UML still cannot enable
COMPILE_TEST because it does not provide HAS_IOMEM.
The current dependency for S390 is too strong. Under the condition of
CONFIG_PCI=y, S390 provides HAS_IOMEM, hence can enable COMPILE_TEST.
I also removed the meaningless 'default n'.
Link: https://lkml.kernel.org/r/20210224140809.1067582-1-masahiroy@kernel.org
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Cc: Heiko Carstens <hca@linux.ibm.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Arnd Bergmann <arnd@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: KP Singh <kpsingh@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Terrell <terrelln@fb.com>
Cc: Quentin Perret <qperret@google.com>
Cc: Valentin Schneider <valentin.schneider@arm.com>
Cc: "Enrico Weigelt, metux IT consult" <lkml@metux.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 334ef6ed06fa1a54e35296b77b693bcf6d63ee9e upstream.
While allmodconfig and allyesconfig build for s390 there are also
various bots running compile tests with randconfig, where PCI is
disabled. This reveals that a lot of drivers should actually depend on
HAS_IOMEM.
Adding this to each device driver would be a never ending story,
therefore just disable COMPILE_TEST for s390.
The reasoning is more or less the same as described in
commit bc083a64b6 ("init/Kconfig: make COMPILE_TEST depend on !UML").
Reported-by: kernel test robot <lkp@intel.com>
Suggested-by: Arnd Bergmann <arnd@kernel.org>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl+jzuAACgkQONu9yGCS
aT7HQhAAgdVyTKGg2cRfirxFQ8L4kHNU7Zf0NYSeFwL9lTEaC/f6jHhqzzHln/W8
fN7u7c5KM9P7w6YjemqCeRt4b7jXuUtyx0dvGblXAGaabbUaa34yLshwv4zAW37h
FMPBjORfmI9JIh2EgcWpmECDE6HjeP5b828LL/5FTfcOamhA6XiOFO+0vNRlMRXX
IJY+GwfmcBRb7j7ks9q5At6bigow1UvAc7NXZPCTZRrM/RVK36nOq6aDyhegHtKg
h4UN2NzJcR0ItyBGKiKbeyPOQfWAVzEhvD8gjNLBRt3kb5Uc0z8XWfXhFtQiBEGm
EK4Wb8JOOcQDpUmobG9klT49sgC84qsGzwNgbSIUwyLRYxS66ouDsXf7p4T6vlKY
Msz5sEKLXGJncDPPy3E5wtIzm7Htp8cNBUkrcjjD2mZx8CuDRy7NTKrX2mjdJa5n
zLoW4QeMZAcMYqmfz+Z5edWY3PXflWv69kQhDXEs70rpnNg51OmeqSiJWfUnx+FT
o0UOVsqmUqOQfDsOIY7L2rem7K7HBX14QyYAi6ZaoXzglz1ev5VBI+PgfJtc9uLf
SMoY8K5l215zc3BWTLkLj8sq/QiZ03Jj3QKIpCZyxDiZP2/3Tn7hnprfy0x1JbqE
bX3A8DZfkH7MvW8U42vlxQNHoFYBKUx27BP8yirwkhspLt0oHxo=
=2cR2
-----END PGP SIGNATURE-----
Merge 4.14.204 into android-4.14-q
Changes in 4.14.204
scripts/setlocalversion: make git describe output more reliable
arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
efivarfs: Replace invalid slashes with exclamation marks in dentries.
gtp: fix an use-before-init in gtp_newlink()
ravb: Fix bit fields checking in ravb_hwtstamp_get()
tipc: fix memory leak caused by tipc_buf_append()
arch/x86/amd/ibs: Fix re-arming IBS Fetch
x86/xen: disable Firmware First mode for correctable memory errors
fuse: fix page dereference after free
p54: avoid accessing the data mapped to streaming DMA
mtd: lpddr: Fix bad logic in print_drs_error
ata: sata_rcar: Fix DMA boundary mask
fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels
mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
futex: Fix incorrect should_fail_futex() handling
powerpc/powernv/smp: Fix spurious DBG() warning
powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM
sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
f2fs: add trace exit in exception path
f2fs: fix to check segment boundary during SIT page readahead
um: change sigio_spinlock to a mutex
ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses
xfs: fix realtime bitmap/summary file truncation when growing rt volume
video: fbdev: pvr2fb: initialize variables
ath10k: start recovery process when payload length exceeds max htc length for sdio
ath10k: fix VHT NSS calculation when STBC is enabled
drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly
media: videodev2.h: RGB BT2020 and HSV are always full range
media: platform: Improve queue set up flow for bug fixing
usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart
media: tw5864: check status of tw5864_frameinterval_get
mmc: via-sdmmc: Fix data race bug
drm/bridge/synopsys: dsi: add support for non-continuous HS clock
printk: reduce LOG_BUF_SHIFT range for H8300
kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
cpufreq: sti-cpufreq: add stih418 support
USB: adutux: fix debugging
uio: free uio id after uio file node is freed
arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE
ACPI: Add out of bounds and numa_off protections to pxm_to_node()
drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
bus/fsl_mc: Do not rely on caller to provide non NULL mc_io
power: supply: test_power: add missing newlines when printing parameters by sysfs
md/bitmap: md_bitmap_get_counter returns wrong blocks
bnxt_en: Log unknown link speed appropriately.
clk: ti: clockdomain: fix static checker warning
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
drivers: watchdog: rdc321x_wdt: Fix race condition bugs
ext4: Detect already used quota file early
gfs2: add validation checks for size of superblock
arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes
memory: emif: Remove bogus debugfs error handling
ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings
ARM: dts: s5pv210: move PMU node out of clock controller
ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node
nbd: make the config put is called before the notifying the waiter
sgl_alloc_order: fix memory leak
nvme-rdma: fix crash when connect rejected
md/raid5: fix oops during stripe resizing
perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count()
perf/x86/amd/ibs: Fix raw sample data accumulation
leds: bcm6328, bcm6358: use devres LED registering function
fs: Don't invalidate page buffers in block_write_full_page()
NFS: fix nfs_path in case of a rename retry
ACPI / extlog: Check for RDMSR failure
ACPI: video: use ACPI backlight for HP 635 Notebook
ACPI: debug: don't allow debugging when ACPI is disabled
acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
w1: mxc_w1: Fix timeout resolution problem leading to bus error
scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
btrfs: reschedule if necessary when logging directory items
btrfs: send, recompute reference path after orphanization of a directory
btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send()
btrfs: cleanup cow block on error
btrfs: fix use-after-free on readahead extent after failure to create it
usb: dwc3: ep0: Fix ZLP for OUT ep0 requests
usb: dwc3: core: add phy cleanup for probe error handling
usb: dwc3: core: don't trigger runtime pm when remove driver
usb: cdc-acm: fix cooldown mechanism
usb: host: fsl-mph-dr-of: check return of dma_set_mask()
drm/i915: Force VT'd workarounds when running as a guest OS
vt: keyboard, simplify vt_kdgkbsent
vt: keyboard, extend func_buf_lock to readers
dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status
iio:light:si1145: Fix timestamp alignment and prevent data leak.
iio:adc:ti-adc0832 Fix alignment issue with timestamp
iio:adc:ti-adc12138 Fix alignment issue with timestamp
iio:gyro:itg3200: Fix timestamp alignment and prevent data leak.
s390/stp: add locking to sysfs functions
powerpc/rtas: Restrict RTAS requests from userspace
powerpc: Warn about use of smt_snooze_delay
powerpc/powernv/elog: Fix race while processing OPAL error log event.
NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag
NFSD: Add missing NFSv2 .pc_func methods
ubifs: dent: Fix some potential memory leaks while iterating entries
perf python scripting: Fix printable strings in python3 scripts
ubi: check kthread_should_stop() after the setting of task state
ia64: fix build error with !COREDUMP
drm/amdgpu: don't map BO in reserved region
ceph: promote to unsigned long long before shifting
libceph: clear con->out_msg on Policy::stateful_server faults
9P: Cast to loff_t before multiplying
ring-buffer: Return 0 on success from ring_buffer_resize()
vringh: fix __vringh_iov() when riov and wiov are different
ext4: fix leaking sysfs kobject after failed mount
ext4: fix error handling code in add_new_gdb
ext4: fix invalid inode checksum
drm/ttm: fix eviction valuable range check.
rtc: rx8010: don't modify the global rtc ops
tty: make FONTX ioctl use the tty pointer they were actually passed
arm64: berlin: Select DW_APB_TIMER_OF
cachefiles: Handle readpage error correctly
hil/parisc: Disable HIL driver when it gets stuck
arm: dts: mt7623: add missing pause for switchport
ARM: samsung: fix PM debug build with DEBUG_LL but !MMU
ARM: s3c24xx: fix missing system reset
device property: Keep secondary firmware node secondary by type
device property: Don't clear secondary pointer for shared primary firmware node
KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR
staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice
staging: octeon: repair "fixed-link" support
staging: octeon: Drop on uncorrectable alignment or FCS error
Linux 4.14.204
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I90aa56ba835a3d923614944744d5b4c29fff3f82
[ Upstream commit 550c10d28d21bd82a8bb48debbb27e6ed53262f6 ]
The .bss section for the h8300 is relatively small. A value of
CONFIG_LOG_BUF_SHIFT that is larger than 19 will create a static
printk ringbuffer that is too large. Limit the range appropriately
for the H8300.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20200812073122.25412-1-john.ogness@linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7Ey28ACgkQONu9yGCS
aT5HHBAApSN5pEsCeogd9V1h20Gsx9TteDrn1qVqIxa4k7FczL7TuhGZw3SH9JjI
oK7xvZK8JknVvr+GSnk+OO7oU64L3qtZ+icfrdqVecBIsxiyu3gopmazjLP+QxEo
x+9xqR9clqTjOgQx3S8rH9s09fgsZMNAp1Ga8juyGZWxFkPoLiSyB+SDEIFwL43v
IYeC2uJc5lnv8+vNGAcEHAJiphxKeWJLd/etmelIaFrp+kkmO0nIoszR9uLNkr8i
yuCqt2tCSd3vVaQqjSOpg/3u1PnQpmMqvKqWXuDKBOkr9nz7cgOf+6uWeuo3Fvro
Ji8q0Dtay1xNJLgwCGH3c98OsiRE5OMX0dIpadcDCteFwJOSryu7tkf5ODp7BA+Q
EjZx5DIhvNa/7auqarqMJvblconocZnJ+8zcN2aGL8Yn57Q0bsfyiHyB6bMW98+/
J0dMSuXl0c9MPLKa28+31hrmeThs5kG15EpTUzBrkXcTbsLGxPoJVC4IFIACwqlg
lyhokwuZ87slEZfnz91R3V2Ehdyl5d8ci2/DBzzZiPjgGsUoxWH1pwmb5WO2agNf
K9l9VVsGCAl+gqY41kI9UCf3BNzv/sc2uScjlnOIjpGrNI4IVc/bGq1y1ktIY4UC
WV3Qux5GvwHbS/Dbrapv7B5Tt9EtbLmAPbnCCJ93e1mXXEkUw3o=
=6R5g
-----END PGP SIGNATURE-----
Merge 4.14.181 into android-4.14-q
Changes in 4.14.181
USB: serial: qcserial: Add DW5816e support
dp83640: reverse arguments to list_add_tail
fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
net: macsec: preserve ingress frame ordering
net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
net: usb: qmi_wwan: add support for DW5816e
sch_choke: avoid potential panic in choke_reset()
sch_sfq: validate silly quantum values
bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features().
net/mlx5: Fix forced completion access non initialized command entry
net/mlx5: Fix command entry leak in Internal Error State
bnxt_en: Improve AER slot reset.
bnxt_en: Fix VF anti-spoof filter setup.
net: stricter validation of untrusted gso packets
ipv6: fix cleanup ordering for ip6_mr failure
HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices
geneve: only configure or fill UDP_ZERO_CSUM6_RX/TX info when CONFIG_IPV6
HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
USB: uas: add quirk for LaCie 2Big Quadra
USB: serial: garmin_gps: add sanity checking for data length
tracing: Add a vmalloc_sync_mappings() for safe measure
KVM: arm: vgic: Fix limit condition when writing to GICD_I[CS]ACTIVER
mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous()
coredump: fix crash when umh is disabled
batman-adv: fix batadv_nc_random_weight_tq
batman-adv: Fix refcnt leak in batadv_show_throughput_override
batman-adv: Fix refcnt leak in batadv_store_throughput_override
batman-adv: Fix refcnt leak in batadv_v_ogm_process
x86/entry/64: Fix unwind hints in kernel exit path
x86/entry/64: Fix unwind hints in rewind_stack_do_exit()
x86/unwind/orc: Don't skip the first frame for inactive tasks
x86/unwind/orc: Prevent unwinding before ORC initialization
x86/unwind/orc: Fix error path for bad ORC entry type
netfilter: nat: never update the UDP checksum when it's 0
objtool: Fix stack offset tracking for indirect CFAs
scripts/decodecode: fix trapping instruction formatting
net: ipv6: add net argument to ip6_dst_lookup_flow
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
blktrace: fix unlocked access to init/start-stop/teardown
blktrace: fix trace mutex deadlock
blktrace: Protect q->blk_trace with RCU
blktrace: fix dereference after null check
f2fs: introduce read_inline_xattr
f2fs: introduce read_xattr_block
f2fs: sanity check of xattr entry size
f2fs: fix to avoid accessing xattr across the boundary
f2fs: fix to avoid memory leakage in f2fs_listxattr
net: stmmac: Use mutex instead of spinlock
shmem: fix possible deadlocks on shmlock_user_lock
net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()'
net: moxa: Fix a potential double 'free_irq()'
drop_monitor: work around gcc-10 stringop-overflow warning
virtio-blk: handle block_device_operations callbacks after hot unplug
scsi: sg: add sg_remove_request in sg_write
dmaengine: pch_dma.c: Avoid data race between probe and irq handler
dmaengine: mmp_tdma: Reset channel error on release
cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once
ALSA: hda/hdmi: fix race in monitor detection during probe
drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse
x86/entry/64: Fix unwind hints in register clearing code
ipmi: Fix NULL pointer dereference in ssif_probe
pinctrl: baytrail: Enable pin configuration setting for GPIO chip
pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler
i40iw: Fix error handling in i40iw_manage_arp_cache()
netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
IB/mlx4: Test return value of calls to ib_get_cached_pkey
hwmon: (da9052) Synchronize access with mfd
pnp: Use list_for_each_entry() instead of open coding
gcc-10 warnings: fix low-hanging fruit
kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
Stop the ad-hoc games with -Wno-maybe-initialized
gcc-10: disable 'zero-length-bounds' warning for now
gcc-10: disable 'array-bounds' warning for now
gcc-10: disable 'stringop-overflow' warning for now
gcc-10: disable 'restrict' warning for now
gcc-10: avoid shadowing standard library 'free()' in crypto
x86/asm: Add instruction suffixes to bitops
net: phy: micrel: Use strlcpy() for ethtool::get_strings
net: fix a potential recursive NETDEV_FEAT_CHANGE
netlabel: cope with NULL catmap
net: phy: fix aneg restart in phy_ethtool_set_eee
Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu"
hinic: fix a bug of ndo_stop
net: dsa: loop: Add module soft dependency
net: ipv4: really enforce backoff for redirects
netprio_cgroup: Fix unlimited memory leak of v2 cgroups
net: tcp: fix rx timestamp behavior for tcp_recvmsg
ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
ALSA: rawmidi: Initialize allocated buffers
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
ARM: dts: dra7: Fix bus_dma_limit for PCIe
ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
x86: Fix early boot crash on gcc-10, third try
ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset
usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B
usb: host: xhci-plat: keep runtime active when removing host
USB: gadget: fix illegal array access in binding with UDC
usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list
x86/unwind/orc: Fix error handling in __unwind_start()
exec: Move would_dump into flush_old_exec
clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks
usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()'
usb: gadget: audio: Fix a missing error return value in audio_bind()
usb: gadget: legacy: fix error return code in gncm_bind()
usb: gadget: legacy: fix error return code in cdc_bind()
Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards
arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy
ARM: dts: r8a73a4: Add missing CMT1 interrupts
ARM: dts: r8a7740: Add missing extal2 to CPG node
KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
Makefile: disallow data races on gcc-10 as well
Linux 4.14.181
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ice6f6d32f4ed8ce1ce52232cd77e3e1cba82c654
commit a9a3ed1eff3601b63aea4fb462d8b3b92c7c1e7e upstream.
... or the odyssey of trying to disable the stack protector for the
function which generates the stack canary value.
The whole story started with Sergei reporting a boot crash with a kernel
built with gcc-10:
Kernel panic — not syncing: stack-protector: Kernel stack is corrupted in: start_secondary
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.6.0-rc5—00235—gfffb08b37df9 #139
Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./H77M—D3H, BIOS F12 11/14/2013
Call Trace:
dump_stack
panic
? start_secondary
__stack_chk_fail
start_secondary
secondary_startup_64
-—-[ end Kernel panic — not syncing: stack—protector: Kernel stack is corrupted in: start_secondary
This happens because gcc-10 tail-call optimizes the last function call
in start_secondary() - cpu_startup_entry() - and thus emits a stack
canary check which fails because the canary value changes after the
boot_init_stack_canary() call.
To fix that, the initial attempt was to mark the one function which
generates the stack canary with:
__attribute__((optimize("-fno-stack-protector"))) ... start_secondary(void *unused)
however, using the optimize attribute doesn't work cumulatively
as the attribute does not add to but rather replaces previously
supplied optimization options - roughly all -fxxx options.
The key one among them being -fno-omit-frame-pointer and thus leading to
not present frame pointer - frame pointer which the kernel needs.
The next attempt to prevent compilers from tail-call optimizing
the last function call cpu_startup_entry(), shy of carving out
start_secondary() into a separate compilation unit and building it with
-fno-stack-protector, was to add an empty asm("").
This current solution was short and sweet, and reportedly, is supported
by both compilers but we didn't get very far this time: future (LTO?)
optimization passes could potentially eliminate this, which leads us
to the third attempt: having an actual memory barrier there which the
compiler cannot ignore or move around etc.
That should hold for a long time, but hey we said that about the other
two solutions too so...
Reported-by: Sergei Trofimovich <slyfox@gentoo.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Tested-by: Kalle Valo <kvalo@codeaurora.org>
Cc: <stable@vger.kernel.org>
Link: https://lkml.kernel.org/r/20200314164451.346497-1-slyfox@gentoo.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 78a5255ffb6a1af189a83e493d916ba1c54d8c75 upstream.
We have some rather random rules about when we accept the
"maybe-initialized" warnings, and when we don't.
For example, we consider it unreliable for gcc versions < 4.9, but also
if -O3 is enabled, or if optimizing for size. And then various kernel
config options disabled it, because they know that they trigger that
warning by confusing gcc sufficiently (ie PROFILE_ALL_BRANCHES).
And now gcc-10 seems to be introducing a lot of those warnings too, so
it falls under the same heading as 4.9 did.
At the same time, we have a very straightforward way to _enable_ that
warning when wanted: use "W=2" to enable more warnings.
So stop playing these ad-hoc games, and just disable that warning by
default, with the known and straight-forward "if you want to work on the
extra compiler warnings, use W=123".
Would it be great to have code that is always so obvious that it never
confuses the compiler whether a variable is used initialized or not?
Yes, it would. In a perfect world, the compilers would be smarter, and
our source code would be simpler.
That's currently not the world we live in, though.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b303c6df80c9f8f13785aa83a0471fca7e38b24d upstream.
Since -Wmaybe-uninitialized was introduced by GCC 4.7, we have patched
various false positives:
- commit e74fc973b6 ("Turn off -Wmaybe-uninitialized when building
with -Os") turned off this option for -Os.
- commit 815eb71e71 ("Kbuild: disable 'maybe-uninitialized' warning
for CONFIG_PROFILE_ALL_BRANCHES") turned off this option for
CONFIG_PROFILE_ALL_BRANCHES
- commit a76bcf557e ("Kbuild: enable -Wmaybe-uninitialized warning
for "make W=1"") turned off this option for GCC < 4.9
Arnd provided more explanation in https://lkml.org/lkml/2017/3/14/903
I think this looks better by shifting the logic from Makefile to Kconfig.
Link: https://github.com/ClangBuiltLinux/linux/issues/350
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3pFmwACgkQONu9yGCS
aT68qg//RlehfhDnOYveXC8iOlpnzUfE0gI0Ix5CbOuPk0pjYHD+pjC22QUK8fza
LWoUH4XSmQ7k5v9xw9MXA45yEpsBajrF2uiOYEUbzEIeh2QetTa9+WlZ25wFnza9
tICP2ct9lSs+E7bs3R8RW37cRLuYfhGtc9sskMfhAdTn9MQKOf9h7jIk0lFjhMB/
GbK449Eo6+8Rh2Pai9EYhWCh70d8ZFHLN3UWZUqG8RfWj1041GwVIoNOhwh5fCOq
susq/EZI58BKsUv614sUxQ+dMaY+AOLKZAeYcP49tn/aARl2MjQaYSO8wnyUSVwn
F7VYN2uvDVKXZa1/vGNtF6Q6O3nuvVwOgaFFx0srH9rSA7s8se+ZQTHg9WqGo36l
fl2u7VN40Lq3Hv53gDV9qLHaPaxtAh39lDG9UoGnefzdbNGPVQRTqypMeRLHidwQ
CK5lmbCr9BHoOGTRE0jl147WHTXtzYxjPnUmhZlIT2vxxDXP1AQqOHLLjHviXFrp
VclLhGbJUAcB3fGSZJtLHYgPlZms+AFLxDQN4l9e3Xqu+F/W9z+NlAX7bEfYLBm0
v/x/b+BL+qtQ9DBIfc57uGxajgHzoI3ZtctiqZJ93IxFMRZEQVQsHYAh/pcK2AIh
ONu4VvFjhdxWFQuzAZe8IEDyHbhcQSL+IMmKq+wu9KtGOfLNxWg=
=D1w0
-----END PGP SIGNATURE-----
Merge 4.14.158 into android-4.14-q
Changes in 4.14.158
Revert "KVM: nVMX: reset cache/shadows when switching loaded VMCS"
clk: meson: gxbb: let sar_adc_clk_div set the parent clock rate
ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX
ASoC: compress: fix unsigned integer overflow check
reset: Fix memory leak in reset_control_array_put()
ASoC: kirkwood: fix external clock probe defer
clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume
reset: fix reset_control_ops kerneldoc comment
clk: at91: avoid sleeping early
clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18
idr: Fix idr_alloc_u32 on 32-bit systems
x86/resctrl: Prevent NULL pointer dereference when reading mondata
clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call
net: fec: add missed clk_disable_unprepare in remove
bridge: ebtables: don't crash when using dnat target in output chains
can: peak_usb: report bus recovery as well
can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open
can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak
can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max
can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM
can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors
can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error
can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error
watchdog: meson: Fix the wrong value of left time
scripts/gdb: fix debugging modules compiled with hot/cold partitioning
net: bcmgenet: reapply manual settings to the PHY
ceph: return -EINVAL if given fsc mount option on kernel w/o support
mac80211: fix station inactive_time shortly after boot
block: drbd: remove a stray unlock in __drbd_send_protocol()
pwm: bcm-iproc: Prevent unloading the driver module while in use
scsi: lpfc: Fix kernel Oops due to null pring pointers
scsi: lpfc: Fix dif and first burst use in write commands
ARM: dts: Fix up SQ201 flash access
ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed
ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication
parisc: Fix serio address output
parisc: Fix HP SDC hpa address output
arm64: mm: Prevent mismatched 52-bit VA support
arm64: smp: Handle errors reported by the firmware
ARM: OMAP1: fix USB configuration for device-only setups
RDMA/vmw_pvrdma: Use atomic memory allocation in create AH
PM / AVS: SmartReflex: NULL check before some freeing functions is not needed
ARM: ks8695: fix section mismatch warning
ACPI / LPSS: Ignore acpi_device_fix_up_power() return value
scsi: lpfc: Enable Management features for IF_TYPE=6
crypto: user - support incremental algorithm dumps
mwifiex: fix potential NULL dereference and use after free
mwifiex: debugfs: correct histogram spacing, formatting
rtl818x: fix potential use after free
xfs: require both realtime inodes to mount
ubi: Put MTD device after it is not used
ubi: Do not drop UBI device reference before using
microblaze: adjust the help to the real behavior
microblaze: move "... is ready" messages to arch/microblaze/Makefile
iwlwifi: move iwl_nvm_check_version() into dvm
gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB
kvm: vmx: Set IA32_TSC_AUX for legacy mode guests
VSOCK: bind to random port for VMADDR_PORT_ANY
mmc: meson-gx: make sure the descriptor is stopped on errors
mtd: rawnand: sunxi: Write pageprog related opcodes to WCMD_SET
btrfs: only track ref_heads in delayed_ref_updates
HID: intel-ish-hid: fixes incorrect error handling
serial: 8250: Rate limit serial port rx interrupts during input overruns
kprobes/x86/xen: blacklist non-attachable xen interrupt functions
xen/pciback: Check dev_data before using it
vfio-mdev/samples: Use u8 instead of char for handle functions
pinctrl: xway: fix gpio-hog related boot issues
net/mlx5: Continue driver initialization despite debugfs failure
exofs_mount(): fix leaks on failure exits
bnxt_en: Return linux standard errors in bnxt_ethtool.c
bnxt_en: query force speeds before disabling autoneg mode.
KVM: s390: unregister debug feature on failing arch init
pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration
pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10
HID: doc: fix wrong data structure reference for UHID_OUTPUT
dm flakey: Properly corrupt multi-page bios.
gfs2: take jdata unstuff into account in do_grow
xfs: Align compat attrlist_by_handle with native implementation.
xfs: Fix bulkstat compat ioctls on x32 userspace.
IB/qib: Fix an error code in qib_sdma_verbs_send()
clocksource/drivers/fttmr010: Fix invalid interrupt register access
vxlan: Fix error path in __vxlan_dev_create()
powerpc/book3s/32: fix number of bats in p/v_block_mapped()
powerpc/xmon: fix dump_segments()
drivers/regulator: fix a missing check of return value
Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading
serial: max310x: Fix tx_empty() callback
openrisc: Fix broken paths to arch/or32
RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer
scsi: qla2xxx: deadlock by configfs_depend_item
scsi: csiostor: fix incorrect dma device in case of vport
ath6kl: Only use match sets when firmware supports it
ath6kl: Fix off by one error in scan completion
powerpc/perf: Fix unit_sel/cache_sel checks
powerpc/prom: fix early DEBUG messages
powerpc/mm: Make NULL pointer deferences explicit on bad page faults.
powerpc/44x/bamboo: Fix PCI range
vfio/spapr_tce: Get rid of possible infinite loop
powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status
drbd: ignore "all zero" peer volume sizes in handshake
drbd: reject attach of unsuitable uuids even if connected
drbd: do not block when adjusting "disk-options" while IO is frozen
drbd: fix print_st_err()'s prototype to match the definition
IB/rxe: Make counters thread safe
regulator: tps65910: fix a missing check of return value
powerpc/83xx: handle machine check caused by watchdog timer
powerpc/pseries: Fix node leak in update_lmb_associativity_index()
crypto: mxc-scc - fix build warnings on ARM64
pwm: clps711x: Fix period calculation
net/netlink_compat: Fix a missing check of nla_parse_nested
net/net_namespace: Check the return value of register_pernet_subsys()
f2fs: fix to dirty inode synchronously
um: Make GCOV depend on !KCOV
net: (cpts) fix a missing check of clk_prepare
net: stmicro: fix a missing check of clk_prepare
net: dsa: bcm_sf2: Propagate error value from mdio_write
atl1e: checking the status of atl1e_write_phy_reg
tipc: fix a missing check of genlmsg_put
net/wan/fsl_ucc_hdlc: Avoid double free in ucc_hdlc_probe()
ocfs2: clear journal dirty flag after shutdown journal
vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n
lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk
lib/genalloc.c: use vzalloc_node() to allocate the bitmap
fork: fix some -Wmissing-prototypes warnings
drivers/base/platform.c: kmemleak ignore a known leak
lib/genalloc.c: include vmalloc.h
mtd: Check add_mtd_device() ret code
tipc: fix memory leak in tipc_nl_compat_publ_dump
net/core/neighbour: tell kmemleak about hash tables
PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity()
net/core/neighbour: fix kmemleak minimal reference count for hash tables
serial: 8250: Fix serial8250 initialization crash
gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change
sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe
ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel
decnet: fix DN_IFREQ_SIZE
net/smc: prevent races between smc_lgr_terminate() and smc_conn_free()
blktrace: Show requests without sector
tipc: fix skb may be leaky in tipc_link_input
sfc: initialise found bitmap in efx_ef10_mtd_probe
net: fix possible overflow in __sk_mem_raise_allocated()
sctp: don't compare hb_timer expire date before starting it
bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id()
net: dev: Use unsigned integer as an argument to left-shift
kvm: properly check debugfs dentry before using it
bpf: drop refcount if bpf_map_new_fd() fails in map_create()
net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED
iommu/amd: Fix NULL dereference bug in match_hid_uid
apparmor: delete the dentry in aafs_remove() to avoid a leak
scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery
ACPI / APEI: Don't wait to serialise with oops messages when panic()ing
ACPI / APEI: Switch estatus pool to use vmalloc memory
scsi: libsas: Check SMP PHY control function result
powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
mtd: Remove a debug trace in mtdpart.c
mm, gup: add missing refcount overflow checks on s390
clk: at91: fix update bit maps on CFG_MOR write
clk: at91: generated: set audio_pll_allowed in at91_clk_register_generated()
staging: rtl8192e: fix potential use after free
staging: rtl8723bs: Drop ACPI device ids
staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids
USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P
mei: bus: prefix device names on bus with the bus name
xfrm: Fix memleak on xfrm state destroy
media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE
net: macb: fix error format in dev_err()
pwm: Clear chip_data in pwm_put()
media: atmel: atmel-isc: fix asd memory allocation
media: atmel: atmel-isc: fix INIT_WORK misplacement
macvlan: schedule bc_work even if error
net: psample: fix skb_over_panic
openvswitch: fix flow command message size
slip: Fix use-after-free Read in slip_open
openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info()
openvswitch: remove another BUG_ON()
tipc: fix link name length check
sctp: cache netns in sctp_ep_common
net: sched: fix `tc -s class show` no bstats on class with nolock subqueues
ext4: add more paranoia checking in ext4_expand_extra_isize handling
watchdog: sama5d4: fix WDD value to be always set to max
net: macb: Fix SUBNS increment and increase resolution
net: macb driver, check for SKBTX_HW_TSTAMP
mtd: rawnand: atmel: Fix spelling mistake in error message
mtd: rawnand: atmel: fix possible object reference leak
mtd: spi-nor: cast to u64 to avoid uint overflows
y2038: futex: Move compat implementation into futex.c
futex: Prevent robust futex exit race
futex: Move futex exit handling into futex code
futex: Replace PF_EXITPIDONE with a state
exit/exec: Seperate mm_release()
futex: Split futex_mm_release() for exit/exec
futex: Set task::futex_state to DEAD right after handling futex exit
futex: Mark the begin of futex exit explicitly
futex: Sanitize exit state handling
futex: Provide state handling for exec() as well
futex: Add mutex around futex exit
futex: Provide distinct return value when owner is exiting
futex: Prevent exit livelock
HID: core: check whether Usage Page item is after Usage ID items
crypto: stm32/hash - Fix hmac issue more than 256 bytes
media: stm32-dcmi: fix DMA corruption when stopping streaming
hwrng: stm32 - fix unbalanced pm_runtime_enable
mailbox: mailbox-test: fix null pointer if no mmio
pinctrl: stm32: fix memory leak issue
ASoC: stm32: i2s: fix dma configuration
ASoC: stm32: i2s: fix 16 bit format support
ASoC: stm32: i2s: fix IRQ clearing
platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer
platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size
net: fec: fix clock count mis-match
Linux 4.14.158
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit fb5bf31722d0805a3f394f7d59f2e8cd07acccb7 ]
We get a warning when building kernel with W=1:
kernel/fork.c:167:13: warning: no previous prototype for `arch_release_thread_stack' [-Wmissing-prototypes]
kernel/fork.c:779:13: warning: no previous prototype for `fork_init' [-Wmissing-prototypes]
Add the missing declaration in head file to fix this.
Also, remove arch_release_thread_stack() completely because no arch
seems to implement it since bb9d81264 (arch: remove tile port).
Link: http://lkml.kernel.org/r/1542170087-23645-1-git-send-email-wang.yi59@zte.com.cn
Signed-off-by: Yi Wang <wang.yi59@zte.com.cn>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Mike Rapoport <rppt@linux.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
The WALT time accounting breaks when CFS tasks are throttled by the CPU
bandwidth control mechanism of the CPU cgroups controller. This can
result in a negative cumulative_runnable_avg, which can then lead to a
kernel panic, and the device crashing.
Although the right fix would be add support for throttled CFS tasks to
WALT, the common kernel is now in stable maintenance mode and will not
get new features which could cause issues for partners downstream.
To work around the issue, make the CFS_BANDWIDTH Kconfig option depend
on SCHED_WALT=n, hence preventing these two things from being enabled
simultaneously. This should not be an issue for most partners (nobody
had noticed the breakage for years), and those who do need the better
fix can apply it in their device kernel.
Bug: 139071966
Bug: 120440300
Change-Id: Ieb3c367ae7893ac93fb5b38c1580dc59151aacce
Signed-off-by: Quentin Perret <quentin.perret@arm.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzdoQwACgkQONu9yGCS
aT5uuQ/9EzGk9z2eFEE8pdp9KIUqC3uTDTymR6qIHBQ26PBY+1wXa60yhd0qCLVi
lycHCEE2PUn6b/5cMLmBoFr8JhM5fHHOSNY9Vi5WDm2vKGNKJ6TRE1HHjxAkXqFk
IZUk839X5b2JUYBUJfmH3gcvUGrtaIJv0Nnd/dgCAn9r2Nb0yRljKPy1PY7Gd1hS
ASE1WOvEIAZD+FESKpbnrT0W4st/AEe0hpBYCxUmPGF2q/v0ErzOKASVMtvA5zM2
xRPGAWOI9eRIbWEU1KLaI9ALEkqUnzKRsCTEmVwZSoCIaf3TmeCUd117vl3dn0IA
l/OqdNYpn2Ogx/nEYZ+duTq39QKDNkn3/y4ZHK22z2BwSrh6EFiRyOUEzgzvq8Jx
SVthwsLAjVE0Dlc/CEqnTxEvTq0yvVDxlbC9coSgcMDyEKy2FCXGvi61QpIQnla4
F89cqXZ/Rmt99OZh/rmXzqr/WuxUYdGF10gHe7gIKWoYu2TwBGW9z6pqGNfyT/h3
wKAbUYXKjDtTt0WHMAzuT6PZzg982CLIvtnE8OcpHs2DOI4LNGsyGEPmNmv/W4iR
0cf1N0Fx07JHUATNQoMcKVEUKJpMqm95jozsmDDYEpavIHPpe2J5QyMW3OuLXd+U
AeQhG4xwPH4/mNXbMWDqeCyFFidWSK/Ezct7iSUFE7vxFYcFrco=
=n2qf
-----END PGP SIGNATURE-----
Merge 4.14.120 into android-4.14-q
Changes in 4.14.120
netfilter: compat: initialize all fields in xt_init
platform/x86: sony-laptop: Fix unintentional fall-through
platform/x86: thinkpad_acpi: Disable Bluetooth for some machines
hwmon: (pwm-fan) Disable PWM if fetching cooling data fails
kernfs: fix barrier usage in __kernfs_new_node()
USB: serial: fix unthrottle races
iio: adc: xilinx: fix potential use-after-free on remove
libnvdimm/namespace: Fix a potential NULL pointer dereference
HID: input: add mapping for Expose/Overview key
HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
HID: input: add mapping for "Toggle Display" key
libnvdimm/btt: Fix a kmemdup failure check
s390/dasd: Fix capacity calculation for large volumes
mac80211: fix unaligned access in mesh table hash function
mac80211: Increase MAX_MSG_LEN
mac80211: fix memory accounting with A-MSDU aggregation
nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands
s390/3270: fix lockdep false positive on view->lock
clocksource/drivers/oxnas: Fix OX820 compatible
mISDN: Check address length before reading address family
s390/pkey: add one more argument space for debug feature entry
x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T
KVM: fix spectrev1 gadgets
KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing
tools lib traceevent: Fix missing equality check for strcmp
mm: fix inactive list balancing between NUMA nodes and cgroups
init: initialize jump labels before command line option parsing
selftests: netfilter: check icmp pkttoobig errors are set as related
ipvs: do not schedule icmp errors from tunnels
netfilter: ctnetlink: don't use conntrack/expect object addresses as id
MIPS: perf: ath79: Fix perfcount IRQ assignment
s390: ctcm: fix ctcm_new_device error return code
drm/sun4i: Set device driver data at bind time for use in unbind
selftests/net: correct the return value for run_netsocktests
gpu: ipu-v3: dp: fix CSC handling
drm/imx: don't skip DP channel disable for background plane
spi: Micrel eth switch: declare missing of table
spi: ST ST95HF NFC: declare missing of table
Input: synaptics-rmi4 - fix possible double free
sparc64: Export __node_distance.
sparc64: Make corrupted user stacks more debuggable.
MIPS: VDSO: Reduce VDSO_RANDOMIZE_SIZE to 64MB for 64bit
bcache: correct dirty data statistics
ACPICA: AML interpreter: add region addresses in global list during initialization
IB/rxe: Revise the ib_wr_opcode enum
ima: open a new file instance if no read permissions
KVM: arm/arm64: Ensure only THP is candidate for adjustment
media: cec: make cec_get_edid_spa_location() an inline function
media: cec: integrate cec_validate_phys_addr() in cec-api.c
media: adv7604: when the EDID is cleared, unconfigure CEC as well
media: adv7842: when the EDID is cleared, unconfigure CEC as well
fuse: fix possibly missed wake-up after abort
drm/i915: Disable LP3 watermarks on all SNB machines
media: ov5640: fix wrong binning value in exposure calculation
media: ov5640: fix auto controls values when switching to manual mode
net: don't keep lonely packets forever in the gro hash
tracing/fgraph: Fix set_graph_function from showing interrupts
drm/i915: Downgrade Gen9 Plane WM latency error
scsi: raid_attrs: fix unused variable warning
staging: olpc_dcon: add a missing dependency
net: stmmac: Move debugfs init/exit to ->probe()/->remove()
Btrfs: fix missing delayed iputs on unmount
x86/vdso: Pass --eh-frame-hdr to the linker
mm: introduce mm_[p4d|pud|pmd]_folded
arm64: KVM: Make VHE Stage-2 TLB invalidation operations non-interruptible
powerpc: remove old GCC version checks
leds: pwm: silently error out on EPROBE_DEFER
drm/rockchip: psr: do not dereference encoder before it is null checked.
RDMA/vmw_pvrdma: Return the correct opcode when creating WR
arm64: dts: marvell: armada-ap806: reserve PSCI area
vt: always call notifier with the console lock held
devres: Align data[] to ARCH_KMALLOC_MINALIGN
xtensa: xtfpga.dtsi: fix dtc warnings about SPI
net_sched: fix two more memory leaks in cls_tcindex
gtp: change NET_UDP_TUNNEL dependency to select
ACPICA: Namespace: remove address node from global list after method termination
Input: elan_i2c - add hardware ID for multiple Lenovo laptops
netfilter: nf_tables: warn when expr implements only one of activate/deactivate
drm/rockchip: fix for mailbox read validation.
cifs: fix memory leak in SMB2_read
x86/fpu: Don't export __kernel_fpu_{begin,end}()
net: hns: Fix WARNING when hns modules installed
mm/memory.c: fix modifying of page protection by insert_pfn()
net: fec: manage ahb clock in runtime pm
mlxsw: spectrum_switchdev: Add MDB entries in prepare phase
mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue
mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue
mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue
NFC: nci: Add some bounds checking in nci_hci_cmd_received()
nfc: nci: Potential off by one in ->pipes[] array
x86/kprobes: Avoid kretprobe recursion bug
cw1200: fix missing unlock on error in cw1200_hw_scan()
mwl8k: Fix rate_idx underflow
rtlwifi: rtl8723ae: Fix missing break in switch statement
Don't jump to compute_result state from check_result state
powerpc/64s: Include cpu header
bonding: fix arp_validate toggling in active-backup mode
bridge: Fix error path for kobject_init_and_add()
dpaa_eth: fix SG frame cleanup
fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied
ipv4: Fix raw socket lookup for local traffic
net: dsa: Fix error cleanup path in dsa_init_module
net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering
net: seeq: fix crash caused by not set dev.parent
net: ucc_geth - fix Oops when changing number of buffers in the ring
packet: Fix error path in packet_init
vlan: disable SIOCSHWTSTAMP in container
vrf: sit mtu should not be updated when vrf netdev is the link
tipc: fix hanging clients using poll with EPOLLOUT flag
drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
powerpc/powernv/idle: Restore IAMR after idle
powerpc/booke64: set RI in default MSR
s390/speculation: Fix build error caused by bad backport
Linux 4.14.120
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 6041186a32585fc7a1d0f6cfe2f138b05fdc3c82 ]
When a module option, or core kernel argument, toggles a static-key it
requires jump labels to be initialized early. While x86, PowerPC, and
ARM64 arrange for jump_label_init() to be called before parse_args(),
ARM does not.
Kernel command line: rdinit=/sbin/init page_alloc.shuffle=1 panic=-1 console=ttyAMA0,115200 page_alloc.shuffle=1
------------[ cut here ]------------
WARNING: CPU: 0 PID: 0 at ./include/linux/jump_label.h:303
page_alloc_shuffle+0x12c/0x1ac
static_key_enable(): static key 'page_alloc_shuffle_key+0x0/0x4' used
before call to jump_label_init()
Modules linked in:
CPU: 0 PID: 0 Comm: swapper Not tainted
5.1.0-rc4-next-20190410-00003-g3367c36ce744 #1
Hardware name: ARM Integrator/CP (Device Tree)
[<c0011c68>] (unwind_backtrace) from [<c000ec48>] (show_stack+0x10/0x18)
[<c000ec48>] (show_stack) from [<c07e9710>] (dump_stack+0x18/0x24)
[<c07e9710>] (dump_stack) from [<c001bb1c>] (__warn+0xe0/0x108)
[<c001bb1c>] (__warn) from [<c001bb88>] (warn_slowpath_fmt+0x44/0x6c)
[<c001bb88>] (warn_slowpath_fmt) from [<c0b0c4a8>]
(page_alloc_shuffle+0x12c/0x1ac)
[<c0b0c4a8>] (page_alloc_shuffle) from [<c0b0c550>] (shuffle_store+0x28/0x48)
[<c0b0c550>] (shuffle_store) from [<c003e6a0>] (parse_args+0x1f4/0x350)
[<c003e6a0>] (parse_args) from [<c0ac3c00>] (start_kernel+0x1c0/0x488)
Move the fallback call to jump_label_init() to occur before
parse_args().
The redundant calls to jump_label_init() in other archs are left intact
in case they have static key toggling use cases that are even earlier
than option parsing.
Link: http://lkml.kernel.org/r/155544804466.1032396.13418949511615676665.stgit@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Reported-by: Guenter Roeck <groeck@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Mike Rapoport <rppt@linux.ibm.com>
Cc: Russell King <rmk@armlinux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlyWNiQACgkQONu9yGCS
aT4jlw/+J6vIuvv0XYExoBG60RfXdYPJiO6NWoo1gj+61W+uM3JQNdO4n5aUIGdw
DMrrtdyBfGUWsP6Y+9YYvazQmUaj4dpC5soG+h9tCtKEbmwUO3zsj6Tg9W+P5fdY
SrILqbThA1l3Wn1JX2RP8OI0olYmLmhbzYYIk0cN4hUXO3yIPhmKPnVC+zmijvNI
Y5nPMRdUUvlD0ZYV7K5BNkja3I/UHY0Z9WlV0AsWQNV36oYJQL7UMINm1ysY0pLf
PXlGnKlFLveif4ElsZf+02dv79Tj3njDHUfTHh9ZhgEcwqpDJFQeMX9udyeZxE4F
b+RQzJKxBo6ffQHec7j+mlMr6tPYAfn2/nnlxMFjddXpyVVPk0jG4CpqyyzllkC2
ZGMwrUba1YTSOn7a5OUnNxuMseAn6ly2cLm0Z/BIr712NL7PT7DICtoiF+NkI0kb
kvExae+bg4OIMHJDiCH3xRx7pBtus+ABZnbcovAdJmW/ITpLJkbmrMsozpWXjNlz
FkuyInDd3jinpGX1AP5lN+QQMUPYsUs1zr7BmWpdOGL2X7/HDA/apw342o8UmffL
Rsnck/spMIm8olS1nBZiZGu8nJs8yp4lS8hT/3qevP0aaCeTfVqkyJxEMijkLm4p
g1q/yqsE9fIZTenjlSfkIETopSLbiKAwC2Lbs8pYOGiB7mhXcPg=
=sq7B
-----END PGP SIGNATURE-----
Merge 4.14.108 into android-4.14
Changes in 4.14.108
9p: use inode->i_lock to protect i_size_write() under 32-bit
9p/net: fix memory leak in p9_client_create
ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
iio: adc: exynos-adc: Fix NULL pointer exception on unbind
stm class: Fix an endless loop in channel allocation
crypto: caam - fixed handling of sg list
crypto: ahash - fix another early termination in hash walk
crypto: rockchip - fix scatterlist nents error
crypto: rockchip - update new iv to device in multiple operations
drm/imx: ignore plane updates on disabled crtcs
gpu: ipu-v3: Fix i.MX51 CSI control registers offset
drm/imx: imx-ldb: add missing of_node_puts
gpu: ipu-v3: Fix CSI offsets for imx53
s390/dasd: fix using offset into zero size array error
Input: pwm-vibra - prevent unbalanced regulator
Input: pwm-vibra - stop regulator after disabling pwm, not before
ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized
ASoC: dapm: fix out-of-bounds accesses to DAPM lookup tables
ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check
KVM: arm/arm64: Reset the VCPU without preemption and vcpu state loaded
ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug
Input: cap11xx - switch to using set_brightness_blocking()
Input: ps2-gpio - flush TX work when closing port
Input: matrix_keypad - use flush_delayed_work()
mac80211: Fix Tx aggregation session tear down with ITXQs
ipvs: fix dependency on nf_defrag_ipv6
floppy: check_events callback should not return a negative number
NFS: Don't use page_file_mapping after removing the page
mm/gup: fix gup_pmd_range() for dax
Revert "mm: use early_pfn_to_nid in page_ext_init"
mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs
net: hns: Fix object reference leaks in hns_dsaf_roce_reset()
i2c: cadence: Fix the hold bit setting
i2c: bcm2835: Clear current buffer pointers and counts after a transfer
auxdisplay: ht16k33: fix potential user-after-free on module unload
Input: st-keyscan - fix potential zalloc NULL dereference
clk: sunxi-ng: v3s: Fix TCON reset de-assert bit
clk: sunxi: A31: Fix wrong AHB gate number
esp: Skip TX bytes accounting when sending from a request socket
ARM: 8824/1: fix a migrating irq bug when hotplug cpu
af_key: unconditionally clone on broadcast
assoc_array: Fix shortcut creation
keys: Fix dependency loop between construction record and auth key
scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task
net: systemport: Fix reception of BPDUs
pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
qmi_wwan: apply SET_DTR quirk to Sierra WP7607
net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe()
mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue
ASoC: topology: free created components in tplg load error
qed: Fix iWARP syn packet mac address validation.
arm64: Relax GIC version check during early boot
net: marvell: mvneta: fix DMA debug warning
tmpfs: fix link accounting when a tmpfile is linked in
ixgbe: fix older devices that do not support IXGBE_MRQC_L3L4TXSWEN
ARCv2: lib: memcpy: fix doing prefetchw outside of buffer
ARC: uacces: remove lp_start, lp_end from clobber list
ARCv2: support manual regfile save on interrupts
phonet: fix building with clang
mac80211_hwsim: propagate genlmsg_reply return code
net: thunderx: make CFG_DONE message to run through generic send-ack sequence
nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K
nfp: bpf: fix ALU32 high bits clearance bug
net: set static variable an initial value in atl2_probe()
tmpfs: fix uninitialized return value in shmem_link
media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
stm class: Prevent division by zero
libnvdimm/label: Clear 'updating' flag after label-set update
libnvdimm, pfn: Fix over-trim in trim_pfn_device()
libnvdimm/pmem: Honor force_raw for legacy pmem regions
libnvdimm: Fix altmap reservation size calculation
fix cgroup_do_mount() handling of failure exits
crypto: arm/crct10dif - revert to C code for short inputs
crypto: arm64/crct10dif - revert to C code for short inputs
crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
crypto: testmgr - skip crc32c context test for ahash algorithms
crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine
CIFS: Do not reset lease state to NONE on lease break
CIFS: Fix read after write for files with read caching
tracing: Use strncpy instead of memcpy for string keys in hist triggers
tracing: Do not free iter->trace in fail path of tracing_open_pipe()
xen: fix dom0 boot on huge systems
ACPI / device_sysfs: Avoid OF modalias creation for removed device
mmc: sdhci-esdhc-imx: fix HS400 timing issue
spi: ti-qspi: Fix mmap read when more than one CS in use
spi: pxa2xx: Setup maximum supported DMA transfer length
regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
regulator: max77620: Initialize values for DT properties
regulator: s2mpa01: Fix step values for some LDOs
clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
s390/setup: fix early warning messages
s390/virtio: handle find on invalid queue gracefully
scsi: virtio_scsi: don't send sc payload with tmfs
scsi: aacraid: Fix performance issue on logical drives
scsi: sd: Optimal I/O size should be a multiple of physical block size
scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
fs/devpts: always delete dcache dentry-s in dput()
splice: don't merge into linked buffers
m68k: Add -ffreestanding to CFLAGS
Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl
btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
Btrfs: fix corruption reading shared and compressed extents after hole punching
crypto: pcbc - remove bogus memcpy()s with src == dest
libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer
irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table
x86/kprobes: Prohibit probing on optprobe template code
cpufreq: tegra124: add missing of_node_put()
cpufreq: pxa2xx: remove incorrect __init annotation
ext4: add mask of ext4 flags to swap
ext4: fix crash during online resizing
IB/hfi1: Close race condition on user context disable and close
cxl: Wrap iterations over afu slices inside 'afu_list_lock'
ext2: Fix underflow in ext2_max_size()
clk: uniphier: Fix update register for CPU-gear
clk: clk-twl6040: Fix imprecise external abort for pdmclk
clk: ingenic: Fix round_rate misbehaving with non-integer dividers
clk: ingenic: Fix doc of ingenic_cgu_div_info
usb: chipidea: tegra: Fix missed ci_hdrc_remove_device()
nfit: acpi_nfit_ctl(): Check out_obj->type in the right place
mm: hwpoison: fix thp split handing in soft_offline_in_use_page()
mm/vmalloc: fix size check for remap_vmalloc_range_partial()
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
device property: Fix the length used in PROPERTY_ENTRY_STRING()
intel_th: Don't reference unassigned outputs
parport_pc: fix find_superio io compare code, should use equal test.
i2c: tegra: fix maximum transfer size
crypto: arm64/aes-neonbs - fix returning final keystream block
drm/i915: Relax mmap VMA check
serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO
serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart
serial: 8250_pci: Fix number of ports for ACCES serial cards
serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup()
jbd2: clear dirty flag when revoking a buffer from an older transaction
jbd2: fix compile warning when using JBUFFER_TRACE
security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock
powerpc/32: Clear on-stack exception marker upon exception return
powerpc/wii: properly disable use of BATs when requested.
powerpc/powernv: Make opal log only readable by root
powerpc/83xx: Also save/restore SPRG4-7 during suspend
powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest
powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning
powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR configuration
powerpc/traps: fix recoverability of machine check handling on book3s/32
powerpc/traps: Fix the message printed when stack overflows
ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
arm64: Fix HCR.TGE status for NMI contexts
arm64: debug: Ensure debug handlers check triggering exception level
arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2
dm: fix to_sector() for 32bit
dm integrity: limit the rate of error messages
cpcap-charger: generate events for userspace
NFS: Fix I/O request leakages
NFS: Fix an I/O request leakage in nfs_do_recoalesce
NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
nfsd: fix memory corruption caused by readdir
nfsd: fix wrong check in write_v4_end_grace()
NFSv4.1: Reinitialise sequence results before retransmitting a request
PM / wakeup: Rework wakeup source timer cancellation
bcache: never writeback a discard operation
x86/unwind/orc: Fix ORC unwind table alignment
perf intel-pt: Fix CYC timestamp calculation after OVF
perf auxtrace: Define auxtrace record alignment
perf intel-pt: Fix overlap calculation for padding
perf intel-pt: Fix divide by zero when TSC is not available
md: Fix failed allocation of md_register_thread
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
tpm: Unify the send callback behaviour
rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
media: imx: prpencvf: Stop upstream before disabling IDMA channel
media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
media: vimc: Add vimc-streamer for stream control
media: imx: csi: Disable CSI immediately after last EOF
media: imx: csi: Stop upstream before disabling IDMA channel
drm/radeon/evergreen_cs: fix missing break in switch statement
KVM: Call kvm_arch_memslots_updated() before updating memslots
KVM: x86/mmu: Detect MMIO generation wrap in any address space
KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux
KVM: nVMX: Sign extend displacements of VMX instr's mem operands
KVM: nVMX: Apply addr size mask to effective address for VMX instructions
KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
s390/setup: fix boot crash for machine without EDAT-1
Linux 4.14.108
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 2f1ee0913ce58efe7f18fbd518bd54c598559b89 ]
This reverts commit fe53ca5427 ("mm: use early_pfn_to_nid in
page_ext_init").
When booting a system with "page_owner=on",
start_kernel
page_ext_init
invoke_init_callbacks
init_section_page_ext
init_page_owner
init_early_allocated_pages
init_zones_in_node
init_pages_in_zone
lookup_page_ext
page_to_nid
The issue here is that page_to_nid() will not work since some page flags
have no node information until later in page_alloc_init_late() due to
DEFERRED_STRUCT_PAGE_INIT. Hence, it could trigger an out-of-bounds
access with an invalid nid.
UBSAN: Undefined behaviour in ./include/linux/mm.h:1104:50
index 7 is out of range for type 'zone [5]'
Also, kernel will panic since flags were poisoned earlier with,
CONFIG_DEBUG_VM_PGFLAGS=y
CONFIG_NODE_NOT_IN_PAGE_FLAGS=n
start_kernel
setup_arch
pagetable_init
paging_init
sparse_init
sparse_init_nid
memblock_alloc_try_nid_raw
It did not handle it well in init_pages_in_zone() which ends up calling
page_to_nid().
page:ffffea0004200000 is uninitialized and poisoned
raw: ffffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffff
raw: ffffffffffffffff ffffffffffffffff ffffffffffffffff ffffffffffffffff
page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p))
page_owner info is not active (free page?)
kernel BUG at include/linux/mm.h:990!
RIP: 0010:init_page_owner+0x486/0x520
This means that assumptions behind commit fe53ca5427 ("mm: use
early_pfn_to_nid in page_ext_init") are incomplete. Therefore, revert
the commit for now. A proper way to move the page_owner initialization
to sooner is to hook into memmap initialization.
Link: http://lkml.kernel.org/r/20190115202812.75820-1-cai@lca.pw
Signed-off-by: Qian Cai <cai@lca.pw>
Acked-by: Michal Hocko <mhocko@kernel.org>
Cc: Pasha Tatashin <Pavel.Tatashin@microsoft.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Yang Shi <yang.shi@linaro.org>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
The current help text caused some confusion in online forums about
whether or not to default-enable or default-disable psi in vendor
kernels. This is because it doesn't communicate the reason for why we
made this setting configurable in the first place: that the overhead is
non-zero in an artificial scheduler stress test.
Since this isn't representative of real workloads, and the effect was
not measurable in scheduler-heavy real world applications such as the
webservers and memcache installations at Facebook, it's fair to point
out that this is a pretty cautious option to select.
Link: http://lkml.kernel.org/r/20190129233617.16767-1-hannes@cmpxchg.org
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Mel Gorman <mgorman@techsingularity.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit 7b2489d37e1e355228f7c55724f77580e1dec22a)
Bug: 127712811
Test: lmkd in PSI mode
Change-Id: I5d0cb901562fd74c82d9d211544745b802776d8a
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
The kernel commandline parameter named in CONFIG_PSI_DEFAULT_DISABLED
help text contradicts the documentation in kernel-parameters.txt, and
the code. Fix that.
Link: http://lkml.kernel.org/r/20181203213416.GA12627@cmpxchg.org
Fixes: e0c274472d ("psi: make disabling/enabling easier for vendor kernels")
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit 428a1cb4baeb9e5c7feda93af7372ba6d2491558)
Bug: 127712811
Test: lmkd in PSI mode
Change-Id: I592b66d6542f4fa7c2b6eb9f60a5dd43bcfbabf3
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Mel Gorman reports a hackbench regression with psi that would prohibit
shipping the suse kernel with it default-enabled, but he'd still like
users to be able to opt in at little to no cost to others.
With the current combination of CONFIG_PSI and the psi_disabled bool set
from the commandline, this is a challenge. Do the following things to
make it easier:
1. Add a config option CONFIG_PSI_DEFAULT_DISABLED that allows distros
to enable CONFIG_PSI in their kernel but leave the feature disabled
unless a user requests it at boot-time.
To avoid double negatives, rename psi_disabled= to psi=.
2. Make psi_disabled a static branch to eliminate any branch costs
when the feature is disabled.
In terms of numbers before and after this patch, Mel says:
: The following is a comparision using CONFIG_PSI=n as a baseline against
: your patch and a vanilla kernel
:
: 4.20.0-rc4 4.20.0-rc4 4.20.0-rc4
: kconfigdisable-v1r1 vanilla psidisable-v1r1
: Amean 1 1.3100 ( 0.00%) 1.3923 ( -6.28%) 1.3427 ( -2.49%)
: Amean 3 3.8860 ( 0.00%) 4.1230 * -6.10%* 3.8860 ( -0.00%)
: Amean 5 6.8847 ( 0.00%) 8.0390 * -16.77%* 6.7727 ( 1.63%)
: Amean 7 9.9310 ( 0.00%) 10.8367 * -9.12%* 9.9910 ( -0.60%)
: Amean 12 16.6577 ( 0.00%) 18.2363 * -9.48%* 17.1083 ( -2.71%)
: Amean 18 26.5133 ( 0.00%) 27.8833 * -5.17%* 25.7663 ( 2.82%)
: Amean 24 34.3003 ( 0.00%) 34.6830 ( -1.12%) 32.0450 ( 6.58%)
: Amean 30 40.0063 ( 0.00%) 40.5800 ( -1.43%) 41.5087 ( -3.76%)
: Amean 32 40.1407 ( 0.00%) 41.2273 ( -2.71%) 39.9417 ( 0.50%)
:
: It's showing that the vanilla kernel takes a hit (as the bisection
: indicated it would) and that disabling PSI by default is reasonably
: close in terms of performance for this particular workload on this
: particular machine so;
Link: http://lkml.kernel.org/r/20181127165329.GA29728@cmpxchg.org
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Tested-by: Mel Gorman <mgorman@techsingularity.net>
Reported-by: Mel Gorman <mgorman@techsingularity.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit e0c274472d5d27f277af722e017525e0b33784cd)
Bug: 127712811
Test: lmkd in PSI mode
Change-Id: I6cb666fa351e8901df82e4d6931bfec0c5ce230d
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
On a system that executes multiple cgrouped jobs and independent
workloads, we don't just care about the health of the overall system, but
also that of individual jobs, so that we can ensure individual job health,
fairness between jobs, or prioritize some jobs over others.
This patch implements pressure stall tracking for cgroups. In kernels
with CONFIG_PSI=y, cgroup2 groups will have cpu.pressure, memory.pressure,
and io.pressure files that track aggregate pressure stall times for only
the tasks inside the cgroup.
Link: http://lkml.kernel.org/r/20180828172258.3185-10-hannes@cmpxchg.org
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Tejun Heo <tj@kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Daniel Drake <drake@endlessm.com>
Tested-by: Suren Baghdasaryan <surenb@google.com>
Cc: Christopher Lameter <cl@linux.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Johannes Weiner <jweiner@fb.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Enderborg <peter.enderborg@sony.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: Vinayak Menon <vinmenon@codeaurora.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit 2ce7135adc9ad081aa3c49744144376ac74fea60)
Conflicts:
Documentation/cgroup-v2.txt
include/linux/psi.h
kernel/cgroup/cgroup.c
(1. manual merge from Documentation/admin-guide/cgroup-v2.rst
2. include <linux/cgroup-defs.h> into include/linux/psi.h
3. manual merge in css_free_work_fn to allow psi support only for cgroup v2
4. manual merge in cgroup_create to allow psi support only for cgroup v2)
Bug: 127712811
Test: lmkd in PSI mode
Change-Id: I163e6657aaa60aa5aab9372616a3bce2a65e90ec
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
When systems are overcommitted and resources become contended, it's hard
to tell exactly the impact this has on workload productivity, or how close
the system is to lockups and OOM kills. In particular, when machines work
multiple jobs concurrently, the impact of overcommit in terms of latency
and throughput on the individual job can be enormous.
In order to maximize hardware utilization without sacrificing individual
job health or risk complete machine lockups, this patch implements a way
to quantify resource pressure in the system.
A kernel built with CONFIG_PSI=y creates files in /proc/pressure/ that
expose the percentage of time the system is stalled on CPU, memory, or IO,
respectively. Stall states are aggregate versions of the per-task delay
accounting delays:
cpu: some tasks are runnable but not executing on a CPU
memory: tasks are reclaiming, or waiting for swapin or thrashing cache
io: tasks are waiting for io completions
These percentages of walltime can be thought of as pressure percentages,
and they give a general sense of system health and productivity loss
incurred by resource overcommit. They can also indicate when the system
is approaching lockup scenarios and OOMs.
To do this, psi keeps track of the task states associated with each CPU
and samples the time they spend in stall states. Every 2 seconds, the
samples are averaged across CPUs - weighted by the CPUs' non-idle time to
eliminate artifacts from unused CPUs - and translated into percentages of
walltime. A running average of those percentages is maintained over 10s,
1m, and 5m periods (similar to the loadaverage).
[hannes@cmpxchg.org: doc fixlet, per Randy]
Link: http://lkml.kernel.org/r/20180828205625.GA14030@cmpxchg.org
[hannes@cmpxchg.org: code optimization]
Link: http://lkml.kernel.org/r/20180907175015.GA8479@cmpxchg.org
[hannes@cmpxchg.org: rename psi_clock() to psi_update_work(), per Peter]
Link: http://lkml.kernel.org/r/20180907145404.GB11088@cmpxchg.org
[hannes@cmpxchg.org: fix build]
Link: http://lkml.kernel.org/r/20180913014222.GA2370@cmpxchg.org
Link: http://lkml.kernel.org/r/20180828172258.3185-9-hannes@cmpxchg.org
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Daniel Drake <drake@endlessm.com>
Tested-by: Suren Baghdasaryan <surenb@google.com>
Cc: Christopher Lameter <cl@linux.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Johannes Weiner <jweiner@fb.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Enderborg <peter.enderborg@sony.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Vinayak Menon <vinmenon@codeaurora.org>
Cc: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit eb414681d5a07d28d2ff90dc05f69ec6b232ebd2)
Bug: 127712811
Test: lmkd in PSI mode
Change-Id: Id00d23c977169b0c4636d92016fc1fee0274be05
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlt0UQ4ACgkQONu9yGCS
aT48UBAAgRuM+14lp73NW+p9rX8VAupzk1k9QLP7/naWg6mIppVT2/NOEqMfLPYP
xsLrkVdvMMlrTmf/LpNE4BEaE0YBD/CT/yK1NTrfLjhVoNIKhK9MEoAVyS7c3YlW
OW+/jTuTyQ1BD3RkRXFquXVCnj4aDN+nWq4j7PIsvluNYiyqk7S8RzgUkunrRZTP
ZU0EAi/cGcOYQ/iyPyKJLGyGgK8XmcjloSG75512D8SAoDymJIhvreqxFtcx9EVx
Awe88RoeZos8/xuorlo+/vjKShnmesgPV2S+Nb1ih2Y3XCktXjASDBvaRX8kMsVh
3F08OKir8ikUZx6lGnJluIDVNVXjXI6f823h8T7D/8r42r9k6EFHTWPU89dFFMda
FUyLMf6Oy4TbUSxxKgNxLomaRASaXLP/kSPamAm4KLFvSOmFk6UgOAa1GsB1Q3ad
6yE9KkDcyGxLu9p6NU6+5HgP42dbP5So3gOcLOgfRqR3+dallUqiZlmhbQkwZ1Wm
kwDKyDAgbKCGnL7WEoZuSS542h1V9UXYMLWzw04zFaMIjF76H8ee9zBv8Y3ac/ms
sM2hW6g7mfww7nvc1FPRQRDvkgfS4EE0DUzq72U0WKcK6v7ZRHUsmBQopxNVS7A4
74HYcin2b5VQw3O3aKy0h3sqKnkE/WzA+XkFo4ExNwfiCzYZeQI=
=LXnx
-----END PGP SIGNATURE-----
Merge 4.14.63 into android-4.14
Changes in 4.14.63
parisc: Enable CONFIG_MLONGCALLS by default
parisc: Define mb() and add memory barriers to assembler unlock sequences
scsi: hpsa: fix selection of reply queue
scsi: core: introduce force_blk_mq
scsi: virtio_scsi: fix IO hang caused by automatic irq vector affinity
kasan: add no_sanitize attribute for clang builds
Mark HI and TASKLET softirq synchronous
stop_machine: Disable preemption after queueing stopper threads
xen/netfront: don't cache skb_shinfo()
scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled
scsi: qla2xxx: Fix memory leak for allocating abort IOCB
init: rename and re-order boot_cpu_state_init()
root dentries need RCU-delayed freeing
make sure that __dentry_kill() always invalidates d_seq, unhashed or not
fix mntput/mntput race
fix __legitimize_mnt()/mntput() race
mtd: nand: qcom: Add a NULL check for devm_kasprintf()
phy: phy-mtk-tphy: use auto instead of force to bypass utmi signals
Bluetooth: hci_ldisc: Allow sleeping while proto locks are held.
Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
ARM: dts: imx6sx: fix irq for pcie bridge
x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
x86/speculation: Protect against userspace-userspace spectreRSB
kprobes/x86: Fix %p uses in error messages
x86/irqflags: Provide a declaration for native_save_fl
x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
x86/speculation/l1tf: Change order of offset/type in swap entry
x86/speculation/l1tf: Protect swap entries against L1TF
x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
x86/speculation/l1tf: Make sure the first page is always reserved
x86/speculation/l1tf: Add sysfs reporting for l1tf
x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
x86/speculation/l1tf: Limit swap file size to MAX_PA/2
x86/bugs: Move the l1tf function and define pr_fmt properly
sched/smt: Update sched_smt_present at runtime
x86/smp: Provide topology_is_primary_thread()
x86/topology: Provide topology_smt_supported()
cpu/hotplug: Make bringup/teardown of smp threads symmetric
cpu/hotplug: Split do_cpu_down()
cpu/hotplug: Provide knobs to control SMT
x86/cpu: Remove the pointless CPU printout
x86/cpu/AMD: Remove the pointless detect_ht() call
x86/cpu/common: Provide detect_ht_early()
x86/cpu/topology: Provide detect_extended_topology_early()
x86/cpu/intel: Evaluate smp_num_siblings early
x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info
x86/cpu/AMD: Evaluate smp_num_siblings early
x86/apic: Ignore secondary threads if nosmt=force
x86/speculation/l1tf: Extend 64bit swap file size limit
x86/cpufeatures: Add detection of L1D cache flush support.
x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
x86/speculation/l1tf: Protect PAE swap entries against L1TF
x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
Revert "x86/apic: Ignore secondary threads if nosmt=force"
cpu/hotplug: Boot HT siblings at least once
x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present
x86/KVM/VMX: Add module argument for L1TF mitigation
x86/KVM/VMX: Add L1D flush algorithm
x86/KVM/VMX: Add L1D MSR based flush
x86/KVM/VMX: Add L1D flush logic
x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers
x86/KVM/VMX: Add find_msr() helper function
x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting
x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
cpu/hotplug: Online siblings when SMT control is turned on
x86/litf: Introduce vmx status variable
x86/kvm: Drop L1TF MSR list approach
x86/l1tf: Handle EPT disabled state proper
x86/kvm: Move l1tf setup function
x86/kvm: Add static key for flush always
x86/kvm: Serialize L1D flush parameter setter
x86/kvm: Allow runtime control of L1D flush
cpu/hotplug: Expose SMT control init function
cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
Documentation: Add section about CPU vulnerabilities
x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
Documentation/l1tf: Fix typos
cpu/hotplug: detect SMT disabled by BIOS
x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
x86: Don't include linux/irq.h from asm/hardirq.h
x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr()
Documentation/l1tf: Remove Yonah processors from not vulnerable list
KVM: x86: Add a framework for supporting MSR-based features
KVM: SVM: Add MSR-based feature support for serializing LFENCE
KVM: X86: Introduce kvm_get_msr_feature()
KVM: X86: Allow userspace to define the microcode version
KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR
x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry
cpu/hotplug: Fix SMT supported evaluation
x86/speculation/l1tf: Invert all not present mappings
x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
x86/mm/pat: Make set_memory_np() L1TF safe
x86/mm/kmmio: Make the tracer robust against L1TF
tools headers: Synchronise x86 cpufeatures.h for L1TF additions
x86/microcode: Allow late microcode loading with SMT disabled
x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread
cpu/hotplug: Non-SMP machines do not make use of booted_once
x86/init: fix build with CONFIG_SWAP=n
x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present
Linux 4.14.63
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit b5b1404d0815894de0690de8a1ab58269e56eae6 upstream.
This is purely a preparatory patch for upcoming changes during the 4.19
merge window.
We have a function called "boot_cpu_state_init()" that isn't really
about the bootup cpu state: that is done much earlier by the similarly
named "boot_cpu_init()" (note lack of "state" in name).
This function initializes some hotplug CPU state, and needs to run after
the percpu data has been properly initialized. It even has a comment to
that effect.
Except it _doesn't_ actually run after the percpu data has been properly
initialized. On x86 it happens to do that, but on at least arm and
arm64, the percpu base pointers are initialized by the arch-specific
'smp_prepare_boot_cpu()' hook, which ran _after_ boot_cpu_state_init().
This had some unexpected results, and in particular we have a patch
pending for the merge window that did the obvious cleanup of using
'this_cpu_write()' in the cpu hotplug init code:
- per_cpu_ptr(&cpuhp_state, smp_processor_id())->state = CPUHP_ONLINE;
+ this_cpu_write(cpuhp_state.state, CPUHP_ONLINE);
which is obviously the right thing to do. Except because of the
ordering issue, it actually failed miserably and unexpectedly on arm64.
So this just fixes the ordering, and changes the name of the function to
be 'boot_cpu_hotplug_init()' to make it obvious that it's about cpu
hotplug state, because the core CPU state was supposed to have already
been done earlier.
Marked for stable, since the (not yet merged) patch that will show this
problem is marked for stable.
Reported-by: Vlastimil Babka <vbabka@suse.cz>
Reported-by: Mian Yousaf Kaukab <yousaf.kaukab@suse.com>
Suggested-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The PELT half-life is the time [ms] required by the PELT signal to build
up a 50% load/utilization, starting from zero. This time is currently
hardcoded to be 32ms, a value which seems to make sense for most of the
workloads.
However, 32ms has been verified to be too long for certain classes of
workloads. For example, in the mobile space many tasks affecting the
user-experience run with a 16ms or 8ms cadence, since they need to match
the common 60Hz or 120Hz refresh rate of the graphics pipeline.
This contributed so fare to the idea that "PELT is too slow" to properly
track the utilization of interactive mobile workloads, especially
compared to alternative load tracking solutions which provides a
better representation of tasks demand in the range of 10-20ms.
A faster PELT ramp-up time could give some advantages to speed-up the
time required for the signal to stabilize and thus to better represent
task demands in the mobile space. As a downside, it also reduces the
decay time, and thus we forget the load/utilization of sleeping tasks
(or idle CPUs) faster.
Fortunately, since the integration of the utilization estimation
support in mainline kernel:
commit 7f65ea42eb00 ("sched/fair: Add util_est on top of PELT")
a fast decay time is no longer an issue for tasks utilization estimation.
Although estimated utilization does not slow down the decay of blocked
utilization on idle CPUs, for mobile workloads this seems not to be a
major concern compared to the benefits in interactivity responsiveness.
Let's add a compile time option to choose the PELT speed which better
fits for a specific system. By default the current 32ms half-life is
used, but we can also compile a kernel to use a faster ramp-up time of
either 16ms or 8ms. These two configurations have been verified to give
PELT a further improvement in performance, compared to other out-of-tree
load tracking solutions, when it comes to track interactive workloads
thus better supporting both tasks placements and frequencies selections.
Signed-off-by: Patrick Bellasi <patrick.bellasi@arm.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Paul Turner <pjt@google.com>
Cc: Vincent Guittot <vincent.guittot@linaro.org>
Cc: Joel Fernandes <joelaf@google.com>
Cc: Morten Rasmussen <morten.rasmussen@arm.com>
Cc: linux-doc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
[
backport from LKML:
Message-ID: <20180409165134.707-1-patrick.bellasi@arm.com>
]
Signed-off-by: Patrick Bellasi <patrick.bellasi@arm.com>
Change-Id: I50569748918b799ac4bf4e7d2b387253080a0fd2
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlsqpOYACgkQONu9yGCS
aT7cZw/+NE0Bmn8BhIyf2h//jWKqQ50epMtuOrROhaB9onBS3gbH00JsH6Aop9jh
9SJdJPveHb+cBEcNGIlx5u/WLvRxG64mDd1GgNcGoFnYOxl9y68XPS+2zlFGI66F
CUqCDQS4DNS5KoXiLBJ48cDtuZNoSdlt8H5bC5qlFs16WIpj41CCG4cbkUk1eDzH
CCR44mw7GxnmsF/44xuswhZZjCzGuOACWnhuYh8/dspGPZYOS0vBCX9RvhjBUFwD
taLu9cm1kq8kQZBwt70+M36+OTwSS/rtVj/2g96l6QrLLCBk+OIjGO0yGaLXcTPx
WA5Lxkt3stQbuttayddNkRsFsE+Cvi0r/wye9zKFxVqhaPad4/87aklHzKAnEehg
Eu1JDR3ds2R4zSjifl7ACo2hWM//xIUcEDz4BvVjJSjVYTQamdsFHatRNl2NEW96
TYgmrbJALdYPIl5AD6hmeCwU2WqjrJPZnV0X5jVcWgVTp07mIag6qxibwUmY0TOa
IfBEXG1zHzAgYycAbQw1OFz0IHavX10tmpmoKZE4ay4vi3Rnt/OIsCZtXnabZbjy
xpiBumMUz3GGdU+5yKT4Iw1Cfg4EEAp9+sWSiJzx+frrB9pn5pafK2/RhdvOCF+8
MGyLOTbjz5v2IvprA5v76lUT1CjXcRbRE+YxmRSemAu1ruetBWY=
=eyGS
-----END PGP SIGNATURE-----
Merge 4.14.51 into android-4.14
Changes in 4.14.51
clocksource/drivers/imx-tpm: Correct some registers operation flow
Input: synaptics-rmi4 - fix an unchecked out of memory error path
KVM: X86: fix incorrect reference of trace_kvm_pi_irte_update
x86: Add check for APIC access address for vmentry of L2 guests
MIPS: io: Prevent compiler reordering writeX()
nfp: ignore signals when communicating with management FW
perf report: Fix switching to another perf.data file
fsnotify: fix ignore mask logic in send_to_group()
MIPS: io: Add barrier after register read in readX()
s390/smsgiucv: disable SMSG on module unload
isofs: fix potential memory leak in mount option parsing
MIPS: dts: Boston: Fix PCI bus dtc warnings:
spi: sh-msiof: Fix bit field overflow writes to TSCR/RSCR
doc: Add vendor prefix for Kieback & Peter GmbH
dt-bindings: pinctrl: sunxi: Fix reference to driver
dt-bindings: serial: sh-sci: Add support for r8a77965 (H)SCIF
dt-bindings: dmaengine: rcar-dmac: document R8A77965 support
clk: honor CLK_MUX_ROUND_CLOSEST in generic clk mux
ASoC: rt5514: Add the missing register in the readable table
eCryptfs: don't pass up plaintext names when using filename encryption
soc: bcm: raspberrypi-power: Fix use of __packed
soc: bcm2835: Make !RASPBERRYPI_FIRMWARE dummies return failure
PCI: kirin: Fix reset gpio name
ASoC: topology: Fix bugs of freeing soc topology
xen: xenbus_dev_frontend: Really return response string
ASoC: topology: Check widget kcontrols before deref.
spi: cadence: Add usleep_range() for cdns_spi_fill_tx_fifo()
blkcg: don't hold blkcg lock when deactivating policy
tipc: fix infinite loop when dumping link monitor summary
scsi: iscsi: respond to netlink with unicast when appropriate
scsi: megaraid_sas: Do not log an error if FW successfully initializes.
scsi: target: fix crash with iscsi target and dvd
netfilter: nf_tables: NAT chain and extensions require NF_TABLES
netfilter: nf_tables: fix out-of-bounds in nft_chain_commit_update
ASoC: msm8916-wcd-analog: use threaded context for mbhc events
drm/msm: Fix possible null dereference on failure of get_pages()
drm/msm/dsi: use correct enum in dsi_get_cmd_fmt
drm/msm: don't deref error pointer in the msm_fbdev_create error path
blkcg: init root blkcg_gq under lock
net: hns: Avoid action name truncation
vfs: Undo an overly zealous MS_RDONLY -> SB_RDONLY conversion
parisc: time: Convert read_persistent_clock() to read_persistent_clock64()
scsi: storvsc: Set up correct queue depth values for IDE devices
scsi: isci: Fix infinite loop in while loop
mm, pagemap: fix swap offset value for PMD migration entry
proc: revalidate kernel thread inodes to root:root
kexec_file: do not add extra alignment to efi memmap
mm: memcg: add __GFP_NOWARN in __memcg_schedule_kmem_cache_create()
usb: typec: ucsi: fix tracepoint related build error
ACPI / PM: Blacklist Low Power S0 Idle _DSM for ThinkPad X1 Tablet(2016)
dt-bindings: meson-uart: DT fix s/clocks-names/clock-names/
powerpc/powernv/memtrace: Let the arch hotunplug code flush cache
net: phy: marvell: clear wol event before setting it
ARM: dts: da850: fix W=1 warnings with pinmux node
ACPI / watchdog: Prefer iTCO_wdt on Lenovo Z50-70
drm/amdkfd: fix clock counter retrieval for node without GPU
thermal: int3403_thermal: Fix NULL pointer deref on module load / probe
net: ethtool: Add missing kernel doc for FEC parameters
arm64: ptrace: remove addr_limit manipulation
HID: lenovo: Add support for IBM/Lenovo Scrollpoint mice
HID: wacom: Release device resource data obtained by devres_alloc()
selftests: ftrace: Add a testcase for multiple actions on trigger
rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp
perf/x86/intel: Don't enable freeze-on-smi for PerfMon V1
remoteproc: qcom: Fix potential device node leaks
rpmsg: added MODULE_ALIAS for rpmsg_char
HID: intel-ish-hid: use put_device() instead of kfree()
blk-mq: fix sysfs inflight counter
arm64: fix possible spectre-v1 in ptrace_hbp_get_event()
KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_mmio_read_apr()
libahci: Allow drivers to override stop_engine
ata: ahci: mvebu: override ahci_stop_engine for mvebu AHCI
x86/cpu/intel: Add missing TLB cpuid values
bpf: fix uninitialized variable in bpf tools
i2c: sprd: Prevent i2c accesses after suspend is called
i2c: sprd: Fix the i2c count issue
tipc: fix bug in function tipc_nl_node_dump_monitor
nvme: depend on INFINIBAND_ADDR_TRANS
nvmet-rdma: depend on INFINIBAND_ADDR_TRANS
ib_srpt: depend on INFINIBAND_ADDR_TRANS
ib_srp: depend on INFINIBAND_ADDR_TRANS
IB: make INFINIBAND_ADDR_TRANS configurable
IB/uverbs: Fix validating mandatory attributes
RDMA/cma: Fix use after destroy access to net namespace for IPoIB
RDMA/iwpm: fix memory leak on map_info
IB/rxe: add RXE_START_MASK for rxe_opcode IB_OPCODE_RC_SEND_ONLY_INV
IB/rxe: avoid double kfree_skb
<linux/stringhash.h>: fix end_name_hash() for 64bit long
IB/core: Make ib_mad_client_id atomic
ARM: davinci: board-da830-evm: fix GPIO lookup for MMC/SD
ARM: davinci: board-da850-evm: fix GPIO lookup for MMC/SD
ARM: davinci: board-omapl138-hawk: fix GPIO numbers for MMC/SD lookup
ARM: davinci: board-dm355-evm: fix broken networking
dt-bindings: panel: lvds: Fix path to display timing bindings
ARM: OMAP2+: powerdomain: use raw_smp_processor_id() for trace
ARM: dts: logicpd-som-lv: Fix WL127x Startup Issues
ARM: dts: logicpd-som-lv: Fix Audio Mute
Input: atmel_mxt_ts - fix the firmware update
hexagon: add memset_io() helper
hexagon: export csum_partial_copy_nocheck
scsi: vmw-pvscsi: return DID_BUS_BUSY for adapter-initated aborts
bpf, x64: fix memleak when not converging after image
parisc: drivers.c: Fix section mismatches
stop_machine, sched: Fix migrate_swap() vs. active_balance() deadlock
kthread, sched/wait: Fix kthread_parkme() wait-loop
arm64: tegra: Make BCM89610 PHY interrupt as active low
iommu/vt-d: fix shift-out-of-bounds in bug checking
nvme: fix potential memory leak in option parsing
nvme: Set integrity flag for user passthrough commands
ARM: OMAP1: ams-delta: fix deferred_fiq handler
smc: fix sendpage() call
IB/hfi1 Use correct type for num_user_context
IB/hfi1: Fix memory leak in exception path in get_irq_affinity()
RDMA/cma: Do not query GID during QP state transition to RTR
spi: bcm2835aux: ensure interrupts are enabled for shared handler
sched/core: Introduce set_special_state()
sh: fix build failure for J2 cpu with SMP disabled
tee: check shm references are consistent in offset/size
mac80211: Adjust SAE authentication timeout
drm/omap: silence unititialized variable warning
drm/omap: fix uninitialized ret variable
drm/omap: fix possible NULL ref issue in tiler_reserve_2d
drm/omap: check return value from soc_device_match
drm/omap: handle alloc failures in omap_connector
driver core: add __printf verification to __ata_ehi_pushv_desc
ARM: dts: cygnus: fix irq type for arm global timer
mac80211: use timeout from the AddBA response instead of the request
x86/xen: Reset VCPU0 info pointer after shared_info remap
net: aquantia: driver should correctly declare vlan_features bits
can: dev: increase bus-off message severity
arm64: Add MIDR encoding for NVIDIA CPUs
cifs: smb2ops: Fix listxattr() when there are no EAs
agp: uninorth: make two functions static
tipc: eliminate KMSAN uninit-value in strcmp complaint
qed: Fix l2 initializations over iWARP personality
qede: Fix gfp flags sent to rdma event node allocation
rxrpc: Fix error reception on AF_INET6 sockets
rxrpc: Fix the min security level for kernel calls
KVM: Extend MAX_IRQ_ROUTES to 4096 for all archs
x86: Delay skip of emulated hypercall instruction
ixgbe: return error on unsupported SFP module when resetting
net sched actions: fix invalid pointer dereferencing if skbedit flags missing
init: fix false positives in W+X checking
proc/kcore: don't bounds check against address 0
ocfs2: take inode cluster lock before moving reflinked inode from orphan dir
kprobes/x86: Prohibit probing on exception masking instructions
uprobes/x86: Prohibit probing on MOV SS instruction
objtool, kprobes/x86: Sync the latest <asm/insn.h> header with tools/objtool/arch/x86/include/asm/insn.h
x86/pkeys/selftests: Adjust the self-test to fresh distros that export the pkeys ABI
x86/mpx/selftests: Adjust the self-test to fresh distros that export the MPX ABI
x86/selftests: Add mov_to_ss test
x86/pkeys/selftests: Give better unexpected fault error messages
x86/pkeys/selftests: Stop using assert()
x86/pkeys/selftests: Remove dead debugging code, fix dprint_in_signal
x86/pkeys/selftests: Allow faults on unknown keys
x86/pkeys/selftests: Factor out "instruction page"
x86/pkeys/selftests: Add PROT_EXEC test
x86/pkeys/selftests: Fix pkey exhaustion test off-by-one
x86/pkeys/selftests: Fix pointer math
x86/pkeys/selftests: Save off 'prot' for allocations
x86/pkeys/selftests: Add a test for pkey 0
mtd: Fix comparison in map_word_andequal()
afs: Fix the non-encryption of calls
usb: musb: fix remote wakeup racing with suspend
ARM: keystone: fix platform_domain_notifier array overrun
i2c: pmcmsp: return message count on master_xfer success
i2c: pmcmsp: fix error return from master_xfer
i2c: viperboard: return message count on master_xfer success
ARM: davinci: dm646x: fix timer interrupt generation
ARM: davinci: board-dm646x-evm: pass correct I2C adapter id for VPIF
ARM: davinci: board-dm646x-evm: set VPIF capture card name
clk: imx6ull: use OSC clock during AXI rate change
locking/rwsem: Add a new RWSEM_ANONYMOUSLY_OWNED flag
locking/percpu-rwsem: Annotate rwsem ownership transfer by setting RWSEM_OWNER_UNKNOWN
drm/dumb-buffers: Integer overflow in drm_mode_create_ioctl()
sched/debug: Move the print_rt_rq() and print_dl_rq() declarations to kernel/sched/sched.h
sched/deadline: Make the grub_reclaim() function static
parisc: Move setup_profiling_timer() out of init section
efi/libstub/arm64: Handle randomized TEXT_OFFSET
ARM: 8753/1: decompressor: add a missing parameter to the addruart macro
ARM: 8758/1: decompressor: restore r1 and r2 just before jumping to the kernel
ARM: kexec: fix kdump register saving on panic()
Revert "Btrfs: fix scrub to repair raid6 corruption"
Btrfs: fix scrub to repair raid6 corruption
Btrfs: make raid6 rebuild retry more
tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
Linux 4.14.51
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit ae646f0b9ca135b87bc73ff606ef996c3029780a ]
load_module() creates W+X mappings via __vmalloc_node_range() (from
layout_and_allocate()->move_module()->module_alloc()) by using
PAGE_KERNEL_EXEC. These mappings are later cleaned up via
"call_rcu_sched(&freeinit->rcu, do_free_init)" from do_init_module().
This is a problem because call_rcu_sched() queues work, which can be run
after debug_checkwx() is run, resulting in a race condition. If hit,
the race results in a nasty splat about insecure W+X mappings, which
results in a poor user experience as these are not the mappings that
debug_checkwx() is intended to catch.
This issue is observed on multiple arm64 platforms, and has been
artificially triggered on an x86 platform.
Address the race by flushing the queued work before running the
arch-defined mark_rodata_ro() which then calls debug_checkwx().
Link: http://lkml.kernel.org/r/1525103946-29526-1-git-send-email-jhugo@codeaurora.org
Fixes: e1a58320a3 ("x86/mm: Warn on W^X mappings")
Signed-off-by: Jeffrey Hugo <jhugo@codeaurora.org>
Reported-by: Timur Tabi <timur@codeaurora.org>
Reported-by: Jan Glauber <jan.glauber@caviumnetworks.com>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Will Deacon <will.deacon@arm.com>
Acked-by: Laura Abbott <labbott@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This change adds the CONFIG_CFI_CLANG option, CFI error handling,
and a faster look-up table for cross module CFI checks.
Bug: 67506682
Change-Id: Ic009f0a629b552a0eb16e6d89808c7029e91447d
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqO1toACgkQONu9yGCS
aT49JhAAjKxDe1PA6lq51uyWHlR73vJ93SvtDCHuM8s6aj/rb880vjeZumWcEAdR
nl2Yj/T0z9yZkBrw8Om/3BX4PfsF6hqq1TAufxYeKs08nVQ60v3/a4Mz9CYu8e0A
mXdK6DvSEQRS6S0vc83W2+fj5e05Vfvv23FlsngtH6IxaOL7mnRTxNmP5/PMP3QX
xtOKRBB7ghqqfV8U+yAJ0fbTKu0a+ztPLxCe2Lk+7U7yFpqLudzBfTV06QpcqwSF
fXdRWv8319c24585qubm2N1zDJ8PsxlcFWmvgbcZgO+lk1Zf4XuzxjsElg6PpYvT
m+8L1/Qo4k+L3eXJJiwLPqd6LP9VtspvRItZKMFMPZJNWLdk9tnjcLuA/HpTUvo9
EO/fXBP3YrX48TrjGIu9K4ToZvLFWGcDno5Vges0fb2MkixWF5b2naEdeS+B7SF2
ckYAWuoZPErmmNo6bhIkdizube6k8t+Ch7JxkxWgZh+Jw80drqSBzfdWKTLMl3k0
Nvo8RdbuSrDSg40NHT/d46tBguMp9n/J8eu6f/poN1VZRdqZkgqZ7xHjl7vgRRkg
nfcVndDTw099hhC0OuWVHJMpk62wVz+tRPNOR/yCucDPH1//HuEZ62sQzcjpPQ9l
ML2MD4zrTORK9VuztJFET8feWQ4KrqoSdE8HMD+TtMhhShcZcJA=
=vnDS
-----END PGP SIGNATURE-----
Merge 4.14.21 into android-4.14
Changes in 4.14.21
tracing: Prevent PROFILE_ALL_BRANCHES when FORTIFY_SOURCE=y
scsi: smartpqi: allow static build ("built-in")
IB/umad: Fix use of unprotected device pointer
IB/qib: Fix comparison error with qperf compare/swap test
IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports
IB/core: Fix two kernel warnings triggered by rxe registration
IB/core: Fix ib_wc structure size to remain in 64 bytes boundary
IB/core: Avoid a potential OOPs for an unused optional parameter
selftests: seccomp: fix compile error seccomp_bpf
kselftest: fix OOM in memory compaction test
RDMA/rxe: Fix a race condition related to the QP error state
RDMA/rxe: Fix a race condition in rxe_requester()
RDMA/rxe: Fix rxe_qp_cleanup()
cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin
swiotlb: suppress warning when __GFP_NOWARN is set
PM / devfreq: Propagate error from devfreq_add_device()
mwifiex: resolve reset vs. remove()/shutdown() deadlocks
ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE
powerpc/radix: Remove trace_tlbie call from radix__flush_tlb_all
powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove
powerpc/mm: Flush radix process translations when setting MMU type
powerpc/xive: Use hw CPU ids when configuring the CPU queues
powerpc: Fix DABR match on hash based systems
dma-buf: fix reservation_object_wait_timeout_rcu once more v2
s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
arm64: dts: msm8916: Correct ipc references for smsm
ARM: lpc3250: fix uda1380 gpio numbers
ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
ARM: dts: nomadik: add interrupt-parent for clcd
arm: dts: mt7623: fix card detection issue on bananapi-r2
arm: spear600: Add missing interrupt-parent of rtc
arm: spear13xx: Fix dmas cells
arm: spear13xx: Fix spics gpio controller's warning
drm/i915: add GT number to intel_device_info
drm/i915/kbl: Change a KBL pci id to GT2 from GT1.5
x86/gpu: add CFL to early quirks
x86/kexec: Make kexec (mostly) work in 5-level paging mode
x86/xen: init %gs very early to avoid page faults with stack protector
x86: PM: Make APM idle driver initialize polling state
x86/entry/64: Clear extra registers beyond syscall arguments, to reduce speculation attack surface
x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface
compiler-gcc.h: Introduce __optimize function attribute
compiler-gcc.h: __nostackprotector needs gcc-4.4 and up
crypto: sun4i_ss_prng - fix return value of sun4i_ss_prng_generate
crypto: sun4i_ss_prng - convert lock to _bh in sun4i_ss_prng_generate
powerpc/mm/radix: Split linear mapping on hot-unplug
x86/mm/pti: Fix PTI comment in entry_SYSCALL_64()
x86/speculation: Update Speculation Control microcode blacklist
x86/speculation: Correct Speculation Control microcode blacklist again
Revert "x86/speculation: Simplify indirect_branch_prediction_barrier()"
KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods
X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
KVM/nVMX: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap
x86/speculation: Clean up various Spectre related details
PM / runtime: Update links_count also if !CONFIG_SRCU
PM: cpuidle: Fix cpuidle_poll_state_init() prototype
x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface
x86/entry/64: Merge SAVE_C_REGS and SAVE_EXTRA_REGS, remove unused extensions
x86/entry/64: Merge the POP_C_REGS and POP_EXTRA_REGS macros into a single POP_REGS macro
x86/entry/64: Interleave XOR register clearing with PUSH instructions
x86/entry/64: Introduce the PUSH_AND_CLEAN_REGS macro
x86/entry/64: Use PUSH_AND_CLEAN_REGS in more cases
x86/entry/64: Get rid of the ALLOC_PT_GPREGS_ON_STACK and SAVE_AND_CLEAR_REGS macros
x86/entry/64: Indent PUSH_AND_CLEAR_REGS and POP_REGS properly
x86/entry/64: Fix paranoid_entry() frame pointer warning
x86/entry/64: Remove the unused 'icebp' macro
selftests/x86: Fix vDSO selftest segfault for vsyscall=none
selftests/x86: Clean up and document sscanf() usage
selftests/x86/pkeys: Remove unused functions
selftests/x86: Do not rely on "int $0x80" in test_mremap_vdso.c
selftests/x86: Do not rely on "int $0x80" in single_step_syscall.c
selftests/x86: Disable tests requiring 32-bit support on pure 64-bit systems
objtool: Fix segfault in ignore_unreachable_insn()
x86/debug, objtool: Annotate WARN()-related UD2 as reachable
x86/debug: Use UD2 for WARN()
x86/speculation: Fix up array_index_nospec_mask() asm constraint
nospec: Move array_index_nospec() parameter checking into separate macro
x86/speculation: Add <asm/msr-index.h> dependency
kmemcheck: remove annotations
kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
kmemcheck: remove whats left of NOTRACK flags
kmemcheck: rip it out
kmemcheck: rip it out for real
x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]()
selftests/x86/mpx: Fix incorrect bounds with old _sigfault
x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
x86/spectre: Fix an error message
x86/cpu: Change type of x86_cache_size variable to unsigned int
x86/entry/64: Fix CR3 restore in paranoid_exit()
drm/ttm: Don't add swapped BOs to swap-LRU list
drm/ttm: Fix 'buf' pointer update in ttm_bo_vm_access_kmap() (v2)
drm/qxl: unref cursor bo when finished with it
drm/amd/powerplay: Fix smu_table_entry.handle type
drm/ast: Load lut in crtc_commit
arm64: Add missing Falkor part number for branch predictor hardening
drm/radeon: Add dpm quirk for Jet PRO (v2)
drm/radeon: adjust tested variable
rtc-opal: Fix handling of firmware error codes, prevent busy loops
mbcache: initialize entry->e_referenced in mb_cache_entry_create()
mmc: sdhci: Implement an SDHCI-specific bounce buffer
mmc: bcm2835: Don't overwrite max frequency unconditionally
Revert "mmc: meson-gx: include tx phase in the tuning process"
mlx5: fix mlx5_get_vector_affinity to start from completion vector 0
Revert "apple-gmux: lock iGP IO to protect from vgaarb changes"
jbd2: fix sphinx kernel-doc build warnings
ext4: fix a race in the ext4 shutdown path
ext4: save error to disk in __ext4_grp_locked_error()
ext4: correct documentation for grpid mount option
mm: hide a #warning for COMPILE_TEST
mm: Fix memory size alignment in devm_memremap_pages_release()
MIPS: Fix typo BIG_ENDIAN to CPU_BIG_ENDIAN
MIPS: Fix incorrect mem=X@Y handling
PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode
PCI: iproc: Fix NULL pointer dereference for BCMA
PCI: keystone: Fix interrupt-controller-node lookup
video: fbdev: atmel_lcdfb: fix display-timings lookup
console/dummy: leave .con_font_get set to NULL
rbd: whitelist RBD_FEATURE_OPERATIONS feature bit
xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests
xenbus: track caller request id
seq_file: fix incomplete reset on read from zero offset
tracing: Fix parsing of globs with a wildcard at the beginning
mpls, nospec: Sanitize array index in mpls_label_ok()
rtlwifi: rtl8821ae: Fix connection lost problem correctly
arm64: proc: Set PTE_NG for table entries to avoid traversing them twice
qxl: alloc & use shadow for dumb buffers
drm/qxl: reapply cursor after resetting primary
xprtrdma: Fix calculation of ri_max_send_sges
xprtrdma: Fix BUG after a device removal
blk-wbt: account flush requests correctly
target/iscsi: avoid NULL dereference in CHAP auth error path
iscsi-target: make sure to wake up sleeping login worker
dm: correctly handle chained bios in dec_pending()
Btrfs: fix deadlock in run_delalloc_nocow
Btrfs: fix crash due to not cleaning up tree log block's dirty bits
Btrfs: fix extent state leak from tree log
Btrfs: fix btrfs_evict_inode to handle abnormal inodes correctly
Btrfs: fix use-after-free on root->orphan_block_rsv
Btrfs: fix unexpected -EEXIST when creating new inode
9p/trans_virtio: discard zero-length reply
mtd: nand: vf610: set correct ooblayout
ALSA: hda - Fix headset mic detection problem for two Dell machines
ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
ALSA: hda/realtek - Add headset mode support for Dell laptop
ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform
ALSA: hda/realtek: PCI quirk for Fujitsu U7x7
ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204
ALSA: usb: add more device quirks for USB DSD devices
ALSA: seq: Fix racy pool initializations
mvpp2: fix multicast address filter
usb: Move USB_UHCI_BIG_ENDIAN_* out of USB_SUPPORT
x86/mm, mm/hwpoison: Don't unconditionally unmap kernel 1:1 pages
scsi: core: check for device state in __scsi_remove_target()
Bluetooth: BT_HCIUART now depends on SERIAL_DEV_BUS
ARM: dts: exynos: fix RTC interrupt for exynos5410
ARM: pxa/tosa-bt: add MODULE_LICENSE tag
arm64: dts: msm8916: Add missing #phy-cells
ARM: dts: s5pv210: add interrupt-parent for ohci
arm: dts: mt7623: Update ethsys binding
arm: dts: mt2701: Add reset-cells
ARM: dts: Delete bogus reference to the charlcd
media: r820t: fix r820t_write_reg for KASAN
mmc: sdhci-of-esdhc: disable SD clock for clock value 0
mmc: sdhci-of-esdhc: fix eMMC couldn't work after kexec
mmc: sdhci-of-esdhc: fix the mmc error after sleep on ls1046ardb
ASoC: acpi: fix machine driver selection based on quirk
ovl: hash directory inodes for fsnotify
Linux 4.14.21
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 75f296d93bcebcfe375884ddac79e30263a31766 upstream.
Convert all allocations that used a NOTRACK flag to stop using it.
Link: http://lkml.kernel.org/r/20171007030159.22241-3-alexander.levin@verizon.com
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Tim Hansen <devtimhansen@gmail.com>
Cc: Vegard Nossum <vegardno@ifi.uio.no>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4950276672fce5c241857540f8561c440663673d upstream.
Patch series "kmemcheck: kill kmemcheck", v2.
As discussed at LSF/MM, kill kmemcheck.
KASan is a replacement that is able to work without the limitation of
kmemcheck (single CPU, slow). KASan is already upstream.
We are also not aware of any users of kmemcheck (or users who don't
consider KASan as a suitable replacement).
The only objection was that since KASAN wasn't supported by all GCC
versions provided by distros at that time we should hold off for 2
years, and try again.
Now that 2 years have passed, and all distros provide gcc that supports
KASAN, kill kmemcheck again for the very same reasons.
This patch (of 4):
Remove kmemcheck annotations, and calls to kmemcheck from the kernel.
[alexander.levin@verizon.com: correctly remove kmemcheck call from dma_map_sg_attrs]
Link: http://lkml.kernel.org/r/20171012192151.26531-1-alexander.levin@verizon.com
Link: http://lkml.kernel.org/r/20171007030159.22241-2-alexander.levin@verizon.com
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Tim Hansen <devtimhansen@gmail.com>
Cc: Vegard Nossum <vegardno@ifi.uio.no>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlpxv2AACgkQONu9yGCS
aT4U/w//T4qrABtOm4N7gTp5hIYnAPon8W3hOVZ1DUofH99cDDlB8UCtl5+4317b
HCr0Yh/vs9iQzjc9Zs1apBjTOZVAAfFWUUVj5bjqerFdBgHWzJGMpyi8jFN582LY
JCgk2Z3S8akRXmDt5o+sLeFxHKtFlmyaFkpfy2TqCNVxW8cayPh6cCg8+IiCL7qg
jPxvaSvw+gRnDUWrCoJGYTvRY2SlMxXir225vL6eAuiS1E5h/WkWdlVQItAtwHqi
qDYX7AB5UIhF5tUl7w/DYuXnLaY2gsqsUnPELaUPXVR1N55dVRkUCnMTPT5s2wWD
cX0CJKS7dsVWpvPR1o0TNMWMGX6KXcIl/CqxAp1C/iSweAKwxnpX293oQ5xv6WlS
xkDAXcrkGVFtQiMclQIw4E+4v29S2WbBxq1VjBCg/hkW9AGyDCLfKLaeCMUbTFe3
hX7PldzXzJ+CDtrKBZM19k8w0wqSP+U8p7FU/dwya5qNd0RWMb+QVdktDRt7gXit
+RTJK2ZiJof4ByUzla/IrHGNEPjb9opR3GtqIewDe+deE/7SVxw2OkwWoXBcHALa
8UtgKVft4M6qUW15e5awlKXMlPYJFU9YrXAyrZNxlaMwJ7JytFAa/siYZZJS8t1w
uRly6MSna3zCox4XFxP9Wp6MF/sraFVzIF/ntvj9VciuorUL4vo=
=MtGW
-----END PGP SIGNATURE-----
Merge 4.14.16 into android-4.14
Changes in 4.14.16
orangefs: use list_for_each_entry_safe in purge_waiting_ops
orangefs: initialize op on loop restart in orangefs_devreq_read
mm, page_alloc: fix potential false positive in __zone_watermark_ok
netfilter: nfnetlink_cthelper: Add missing permission checks
netfilter: xt_osf: Add missing permission checks
xfrm: Fix a race in the xdst pcpu cache.
Revert "module: Add retpoline tag to VERMAGIC"
Input: xpad - add support for PDP Xbox One controllers
Input: trackpoint - force 3 buttons if 0 button is reported
Input: trackpoint - only expose supported controls for Elan, ALPS and NXP
Btrfs: fix stale entries in readdir
KVM: s390: add proper locking for CMMA migration bitmap
orangefs: fix deadlock; do not write i_size in read_iter
ARM: net: bpf: avoid 'bx' instruction on non-Thumb capable CPUs
ARM: net: bpf: fix tail call jumps
ARM: net: bpf: fix stack alignment
ARM: net: bpf: move stack documentation
ARM: net: bpf: correct stack layout documentation
ARM: net: bpf: fix register saving
ARM: net: bpf: fix LDX instructions
ARM: net: bpf: clarify tail_call index
drm/vc4: Fix NULL pointer dereference in vc4_save_hang_state()
net: Allow neigh contructor functions ability to modify the primary_key
ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY
dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state
ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
ipv6: fix udpv6 sendmsg crash caused by too small MTU
ipv6: ip6_make_skb() needs to clear cork.base.dst
lan78xx: Fix failure in USB Full Speed
net: igmp: fix source address check for IGMPv3 reports
net: qdisc_pkt_len_init() should be more robust
net: tcp: close sock if net namespace is exiting
net/tls: Fix inverted error codes to avoid endless loop
net: vrf: Add support for sends to local broadcast address
pppoe: take ->needed_headroom of lower device into account on xmit
r8169: fix memory corruption on retrieval of hardware statistics.
sctp: do not allow the v4 socket to bind a v4mapped v6 address
sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
tipc: fix a memory leak in tipc_nl_node_get_link()
{net,ib}/mlx5: Don't disable local loopback multicast traffic when needed
net/mlx5: Fix get vector affinity helper function
ppp: unlock all_ppp_mutex before registering device
be2net: restore properly promisc mode after queues reconfiguration
ip6_gre: init dev->mtu and dev->hard_header_len correctly
gso: validate gso_type in GSO handlers
mlxsw: spectrum_router: Don't log an error on missing neighbor
tun: fix a memory leak for tfile->tx_array
flow_dissector: properly cap thoff field
sctp: reinit stream if stream outcnt has been change by sinit in sendmsg
netlink: extack needs to be reset each time through loop
net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare
nfp: use the correct index for link speed table
netlink: reset extack earlier in netlink_rcv_skb
net/tls: Only attach to sockets in ESTABLISHED state
tls: fix sw_ctx leak
tls: return -EBUSY if crypto_info is already set
tls: reset crypto_info when do_tls_setsockopt_tx fails
net: ipv4: Make "ip route get" match iif lo rules again.
vmxnet3: repair memory leak
perf/x86/amd/power: Do not load AMD power module on !AMD platforms
x86/microcode/intel: Extend BDW late-loading further with LLC size check
x86/microcode: Fix again accessing initrd after having been freed
x86/mm/64: Fix vmapped stack syncing on very-large-memory 4-level systems
hrtimer: Reset hrtimer cpu base proper on CPU hotplug
bpf: introduce BPF_JIT_ALWAYS_ON config
bpf: avoid false sharing of map refcount with max_entries
bpf: fix divides by zero
bpf: fix 32-bit divide by zero
bpf: reject stores into ctx via st and xadd
bpf, arm64: fix stack_depth tracking in combination with tail calls
cpufreq: governor: Ensure sufficiently large sampling intervals
nfsd: auth: Fix gid sorting when rootsquash enabled
Linux 4.14.16
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ upstream commit 290af86629b25ffd1ed6232c4e9107da031705cb ]
The BPF interpreter has been used as part of the spectre 2 attack CVE-2017-5715.
A quote from goolge project zero blog:
"At this point, it would normally be necessary to locate gadgets in
the host kernel code that can be used to actually leak data by reading
from an attacker-controlled location, shifting and masking the result
appropriately and then using the result of that as offset to an
attacker-controlled address for a load. But piecing gadgets together
and figuring out which ones work in a speculation context seems annoying.
So instead, we decided to use the eBPF interpreter, which is built into
the host kernel - while there is no legitimate way to invoke it from inside
a VM, the presence of the code in the host kernel's text section is sufficient
to make it usable for the attack, just like with ordinary ROP gadgets."
To make attacker job harder introduce BPF_JIT_ALWAYS_ON config
option that removes interpreter from the kernel in favor of JIT-only mode.
So far eBPF JIT is supported by:
x64, arm64, arm32, sparc64, s390, powerpc64, mips64
The start of JITed program is randomized and code page is marked as read-only.
In addition "constant blinding" can be turned on with net.core.bpf_jit_harden
v2->v3:
- move __bpf_prog_ret0 under ifdef (Daniel)
v1->v2:
- fix init order, test_bpf and cBPF (Daniel's feedback)
- fix offloaded bpf (Jakub's feedback)
- add 'return 0' dummy in case something can invoke prog->bpf_func
- retarget bpf tree. For bpf-next the patch would need one extra hunk.
It will be sent when the trees are merged back to net-next
Considered doing:
int bpf_jit_enable __read_mostly = BPF_EBPF_JIT_DEFAULT;
but it seems better to land the patch as-is and in bpf-next remove
bpf_jit_enable global variable from all JITs, consolidate in one place
and remove this jit_init() function.
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlpL3gcACgkQONu9yGCS
aT5Mtg//ZLHXxfOvt7JDOBw1iWR/ysgrS/8p2ora3zjGUCtsYSkGqRmRrAj9CiFD
ihbb8pGvdDu4JzOVJxIbT6hLBcK93RqeYVlK4qm5G3ja4ddik3Y9Ue0JkjqWbBDD
4BNGdixwlOEA5EhCBsZTESFDReox9sg4eUcw5X2bDKoo3in3ZSWVtzmGw6lqgSj3
c7HkScjc2aqp8rs1hKwkwfjfhF3uT7qqOmcNopoTJmwyoritC8bcRtAukqKP+eQR
vXp15vApC0IpBwU7iChAAl165looT9PjRMvPOwkORkBnWf7H1Y2weOk2hE4LF1yy
2zdM3b1qqEsjpKi1N8Pin70RyNxjTr8OOhEBdIwl/FrJ02lKsCxKXig0UsFL0Skj
lfQWyyg5qkkK4TK/F36f6RrqatN74O3nuPGcRG+vldHcP/sangKF09/+a3pDW0oZ
Kvi7HLSscZsuSD1VMIzf/+9PgrR5gSmlpe8G/3SHsShxfO2P21WUkOX1nmpciAd2
VFm6BvPmmW6Rm/GKkf1vl/a/X9HtrQeCkmsYVlSxGLJ6smnoXLzkNHcqb8Jhnoh8
xKgdrUXqp0Om10hLty2dNzwoaSOKo93eq2fxlftT5lKazxBYAVUZg4tW5LppYZeK
kKBTycrFxxt9UFJ8NP9zMPIsleuOeItWzMnNExncVHlxdu+fjbQ=
=EJtN
-----END PGP SIGNATURE-----
Merge 4.14.11 into android-4.14
Changes in 4.14.11
tracing: Remove extra zeroing out of the ring buffer page
tracing: Fix possible double free on failure of allocating trace buffer
tracing: Fix crash when it fails to alloc ring buffer
x86/cpufeatures: Add X86_BUG_CPU_INSECURE
x86/mm/pti: Disable global pages if PAGE_TABLE_ISOLATION=y
x86/mm/pti: Prepare the x86/entry assembly code for entry/exit CR3 switching
x86/mm/pti: Add infrastructure for page table isolation
x86/pti: Add the pti= cmdline option and documentation
x86/mm/pti: Add mapping helper functions
x86/mm/pti: Allow NX poison to be set in p4d/pgd
x86/mm/pti: Allocate a separate user PGD
x86/mm/pti: Populate user PGD
x86/mm/pti: Add functions to clone kernel PMDs
x86/mm/pti: Force entry through trampoline when PTI active
x86/mm/pti: Share cpu_entry_area with user space page tables
x86/entry: Align entry text section to PMD boundary
x86/mm/pti: Share entry text PMD
x86/mm/pti: Map ESPFIX into user space
x86/cpu_entry_area: Add debugstore entries to cpu_entry_area
x86/events/intel/ds: Map debug buffers in cpu_entry_area
x86/mm/64: Make a full PGD-entry size hole in the memory map
x86/pti: Put the LDT in its own PGD if PTI is on
x86/pti: Map the vsyscall page if needed
x86/mm: Allow flushing for future ASID switches
x86/mm: Abstract switching CR3
x86/mm: Use/Fix PCID to optimize user/kernel switches
x86/mm: Optimize RESTORE_CR3
x86/mm: Use INVPCID for __native_flush_tlb_single()
x86/mm: Clarify the whole ASID/kernel PCID/user PCID naming
x86/dumpstack: Indicate in Oops whether PTI is configured and enabled
x86/mm/pti: Add Kconfig
x86/mm/dump_pagetables: Add page table directory to the debugfs VFS hierarchy
x86/mm/dump_pagetables: Check user space page table for WX pages
x86/mm/dump_pagetables: Allow dumping current pagetables
x86/ldt: Make the LDT mapping RO
ring-buffer: Mask out the info bits when returning buffer page length
ring-buffer: Do no reuse reader page if still in use
iw_cxgb4: Only validate the MSN for successful completions
ASoC: codecs: msm8916-wcd: Fix supported formats
ASoC: wm_adsp: Fix validation of firmware and coeff lengths
ASoC: da7218: fix fix child-node lookup
ASoC: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure
ASoC: twl4030: fix child-node lookup
ASoC: tlv320aic31xx: Fix GPIO1 register definition
gpio: fix "gpio-line-names" property retrieval
IB/hfi: Only read capability registers if the capability exists
IB/mlx5: Serialize access to the VMA list
IB/uverbs: Fix command checking as part of ib_uverbs_ex_modify_qp()
IB/core: Verify that QP is security enabled in create and destroy
ALSA: hda: Drop useless WARN_ON()
ALSA: hda - Add MIC_NO_PRESENCE fixup for 2 HP machines
ALSA: hda - change the location for one mic on a Lenovo machine
ALSA: hda - fix headset mic detection issue on a Dell machine
ALSA: hda - Fix missing COEF init for ALC225/295/299
cpufreq: schedutil: Use idle_calls counter of the remote CPU
block: fix blk_rq_append_bio
block: don't let passthrough IO go into .make_request_fn()
kbuild: add '-fno-stack-check' to kernel build options
ipv4: igmp: guard against silly MTU values
ipv6: mcast: better catch silly mtu values
net: fec: unmap the xmit buffer that are not transferred by DMA
net: igmp: Use correct source address on IGMPv3 reports
netlink: Add netns check on taps
net: qmi_wwan: add Sierra EM7565 1199:9091
net: reevalulate autoflowlabel setting after sysctl setting
ptr_ring: add barriers
RDS: Check cmsg_len before dereferencing CMSG_DATA
tcp_bbr: record "full bw reached" decision in new full_bw_reached bit
tcp md5sig: Use skb's saddr when replying to an incoming segment
tg3: Fix rx hang on MTU change with 5717/5719
tcp_bbr: reset full pipe detection on loss recovery undo
tcp_bbr: reset long-term bandwidth sampling on loss recovery undo
s390/qeth: apply takeover changes when mode is toggled
s390/qeth: don't apply takeover changes to RXIP
s390/qeth: lock IP table while applying takeover changes
s390/qeth: update takeover IPs after configuration change
net: ipv4: fix for a race condition in raw_sendmsg
net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case
sctp: Replace use of sockets_allocated with specified macro.
adding missing rcu_read_unlock in ipxip6_rcv
ip6_gre: fix device features for ioctl setup
ipv4: Fix use-after-free when flushing FIB tables
net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks
net: Fix double free and memory corruption in get_net_ns_by_id()
net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround
sock: free skb in skb_complete_tx_timestamp on error
tcp: invalidate rate samples during SACK reneging
net/mlx5: Fix rate limit packet pacing naming and struct
net/mlx5e: Fix possible deadlock of VXLAN lock
net/mlx5e: Fix features check of IPv6 traffic
net/mlx5e: Add refcount to VXLAN structure
net/mlx5e: Prevent possible races in VXLAN control flow
net/mlx5: Fix error flow in CREATE_QP command
openvswitch: Fix pop_vlan action for double tagged frames
sfc: pass valid pointers from efx_enqueue_unwind
net: dsa: bcm_sf2: Clear IDDQ_GLOBAL_PWR bit for PHY
s390/qeth: fix error handling in checksum cmd callback
sctp: make sure stream nums can match optlen in sctp_setsockopt_reset_streams
tipc: fix hanging poll() for stream sockets
mlxsw: spectrum: Disable MAC learning for ovs port
tcp: fix potential underestimation on rcv_rtt
net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as well.
ipv6: Honor specified parameters in fibmatch lookup
tcp: refresh tcp_mstamp from timers callbacks
net/mlx5: FPGA, return -EINVAL if size is zero
vxlan: restore dev->mtu setting based on lower device
net: sched: fix static key imbalance in case of ingress/clsact_init error
bnxt_en: Fix sources of spurious netpoll warnings
phylink: ensure the PHY interface mode is appropriately set
phylink: ensure AN is enabled
ipv4: fib: Fix metrics match when deleting a route
ipv6: set all.accept_dad to 0 by default
Revert "mlx5: move affinity hints assignments to generic code"
skbuff: orphan frags before zerocopy clone
skbuff: skb_copy_ubufs must release uarg even without user frags
skbuff: in skb_copy_ubufs unclone before releasing zerocopy
sparc64: repair calling incorrect hweight function from stubs
usbip: fix usbip bind writing random string after command in match_busid
usbip: prevent leaking socket pointer address in messages
usbip: stub: stop printing kernel pointer addresses in messages
usbip: vhci: stop printing kernel pointer addresses in messages
USB: chipidea: msm: fix ulpi-node lookup
USB: serial: ftdi_sio: add id for Airbus DS P8GR
USB: serial: qcserial: add Sierra Wireless EM7565
USB: serial: option: add support for Telit ME910 PID 0x1101
USB: serial: option: adding support for YUGA CLM920-NC5
usb: Add device quirk for Logitech HD Pro Webcam C925e
usb: add RESET_RESUME for ELSA MicroLink 56K
USB: Fix off by one in type-specific length check of BOS SSP capability
usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201
timers: Use deferrable base independent of base::nohz_active
timers: Invoke timer_start_debug() where it makes sense
timers: Reinitialize per cpu bases on hotplug
binder: fix proc->files use-after-free
phy: tegra: fix device-tree node lookups
drivers: base: cacheinfo: fix cache type for non-architected system cache
staging: android: ion: Fix dma direction for dma_sync_sg_for_cpu/device
nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()
x86/smpboot: Remove stale TLB flush invocations
x86/mm: Remove preempt_disable/enable() from __native_flush_tlb()
x86-32: Fix kexec with stack canary (CONFIG_CC_STACKPROTECTOR)
x86/espfix/64: Fix espfix double-fault handling on 5-level systems
x86/ldt: Plug memory leak in error path
x86/ldt: Make LDT pgtable free conditional
n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
tty: fix tty_ldisc_receive_buf() documentation
Linux 4.14.11
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlpGcx8ACgkQONu9yGCS
aT645g/+ONd4UyxTgGHcIvczv7mBewAa67cgikmX94nMYU2MjVErda1N+TFinOeK
aJleP7FVSPjF8Fc/xsX8axJ+fz1Lvcz5xWofldqtD580yCVmfsBncAKaO7HadeZL
UytXxXncPhYMl84G4PwJwYYHDClKGH+5RaSDF6Qb972KCVRTQsDII9GKGMfYho41
dfiKsv0G/6SuwaToQHtEreeoLlLY+80q+owoUHEYr9wxjUHIa0pxXEcW/eNjWNxO
YQbnQVx1Sjwmk8bZz/lq5sEHWincZXHF/H1wScMskf1KQuimLmyiGb6Wi5CBV8JC
sS08sKTT1A0PnxFahQBsdm01O+ZWYI0RLaD5DcEzH4eHeme3x+8KUQTFzbEIiXsi
+3pZJ00vYMdp3KHJYOTuBNAC4iUjzr3R1Z4PM0TvEOmzry8Pws0adBqcmhSg62tg
JmRVSg6XJfPLsc23lD26kPruWF0BDb0ypzx/KAJ2svHE6wMC35LSgNrfzTS7gtUp
v/w4+JNsvGFR1C906GLaWAgjRyT5X5uSvUepiIv9DBawHMdztt4GUoSLUi1YekQ1
m6aK5t5EjI6ywGdsXRNWnlAWv/TSIxQe6KvULEK4T/kVNrkC3qputXymbgPwOks7
I2YfKYHd/nE3AmDEusxHL2L6t/Ynaw/RKSW4N5VOH34KQwmtoCs=
=oXpe
-----END PGP SIGNATURE-----
Merge 4.14.10 into android-4.14
Changes in 4.14.10
Revert "ipv6: grab rt->rt6i_ref before allocating pcpu rt"
objtool: Move synced files to their original relative locations
objtool: Move kernel headers/code sync check to a script
objtool: Fix cross-build
tools/headers: Sync objtool UAPI header
objtool: Fix 64-bit build on 32-bit host
x86/decoder: Fix and update the opcodes map
x86/insn-eval: Add utility functions to get segment selector
x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount
x86/mm/dump_pagetables: Check PAGE_PRESENT for real
x86/mm/dump_pagetables: Make the address hints correct and readable
x86/vsyscall/64: Explicitly set _PAGE_USER in the pagetable hierarchy
x86/vsyscall/64: Warn and fail vsyscall emulation in NATIVE mode
arch, mm: Allow arch_dup_mmap() to fail
x86/ldt: Rework locking
x86/ldt: Prevent LDT inheritance on exec
x86/mm/64: Improve the memory map documentation
x86/doc: Remove obvious weirdnesses from the x86 MM layout documentation
x86/entry: Rename SYSENTER_stack to CPU_ENTRY_AREA_entry_stack
x86/uv: Use the right TLB-flush API
x86/microcode: Dont abuse the TLB-flush interface
x86/mm: Use __flush_tlb_one() for kernel memory
x86/mm: Remove superfluous barriers
x86/mm: Add comments to clarify which TLB-flush functions are supposed to flush what
x86/mm: Move the CR3 construction functions to tlbflush.h
x86/mm: Remove hard-coded ASID limit checks
x86/mm: Put MMU to hardware ASID translation in one place
x86/mm: Create asm/invpcid.h
x86/cpu_entry_area: Move it to a separate unit
x86/cpu_entry_area: Move it out of the fixmap
init: Invoke init_espfix_bsp() from mm_init()
x86/cpu_entry_area: Prevent wraparound in setup_cpu_entry_area_ptes() on 32bit
ACPI: APEI / ERST: Fix missing error handling in erst_reader()
acpi, nfit: fix health event notification
crypto: skcipher - set walk.iv for zero-length inputs
crypto: mcryptd - protect the per-CPU queue with a lock
crypto: af_alg - wait for data at beginning of recvmsg
crypto: af_alg - fix race accessing cipher request
mfd: cros ec: spi: Don't send first message too soon
mfd: twl4030-audio: Fix sibling-node lookup
mfd: twl6040: Fix child-node lookup
ALSA: rawmidi: Avoid racy info ioctl via ctl device
ALSA: hda/realtek - Fix Dell AIO LineOut issue
ALSA: hda - Add vendor id for Cannonlake HDMI codec
ALSA: usb-audio: Add native DSD support for Esoteric D-05X
ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU
PCI / PM: Force devices to D0 in pci_pm_thaw_noirq()
block: unalign call_single_data in struct request
block-throttle: avoid double charge
parisc: Align os_hpmc_size on word boundary
parisc: Fix indenting in puts()
parisc: Hide Diva-built-in serial aux and graphics card
Revert "parisc: Re-enable interrupts early"
spi: xilinx: Detect stall with Unknown commands
spi: a3700: Fix clk prescaling for coefficient over 15
pinctrl: cherryview: Mask all interrupts on Intel_Strago based systems
arm64: kvm: Prevent restoring stale PMSCR_EL1 for vcpu
KVM: arm/arm64: Fix HYP unmapping going off limits
KVM: PPC: Book3S: fix XIVE migration of pending interrupts
KVM: PPC: Book3S HV: Fix pending_pri value in kvmppc_xive_get_icp()
KVM: MMU: Fix infinite loop when there is no available mmu page
KVM: X86: Fix load RFLAGS w/o the fixed bit
kvm: x86: fix RSM when PCID is non-zero
clk: sunxi: sun9i-mmc: Implement reset callback for reset controls
powerpc/perf: Dereference BHRB entries safely
drm/i915: Flush pending GTT writes before unbinding
drm/sun4i: Fix error path handling
libnvdimm, dax: fix 1GB-aligned namespaces vs physical misalignment
libnvdimm, btt: Fix an incompatibility in the log layout
libnvdimm, pfn: fix start_pad handling for aligned namespaces
net: mvneta: clear interface link status on port disable
net: mvneta: use proper rxq_number in loop on rx queues
net: mvneta: eliminate wrong call to handle rx descriptor error
Revert "ipmi_si: fix memory leak on new_smi"
Linux 4.14.10
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Eric Biggers
Jason A. Donenfeld
Kees Cook
Greg Kroah-Hartman
Randy Dunlap
Daniel Borkmann
Mark Rutland
Masahiro Yamada
Heiko Carstens
John Ogness
Borislav Petkov
Linus Torvalds
Masahiro Yamada
Yi Wang
Quentin Perret
Dan Williams
Sandeep Patil
Qian Cai
Johannes Weiner
Baruch Siach
Patrick Bellasi
Jeffrey Hugo
Sami Tolvanen
Levin, Alexander (Sasha Levin)
Alexei Starovoitov
Thomas Gleixner
