-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4xT1kACgkQONu9yGCS
aT7d9Q/9FvxHEFvYlet8Bfx/uLFsVGOKwDiZ+e7eQhYqzamdl75qLbPbPqcyfeDO
hCa87JFJCCpRlcHjSvdNk/IF9rRpA6+Wi7FijX/UjgmWNPCao6qb5vBRoH9KMgOk
rtDnIp+klLcG+xLAnTkLgAVCm7osGMVZgwKKqhCLEKdVIT38VlP9nCipehTeMmrS
1f8sqQhqXt0FpticFP5JVJXg3iH5bdqXNc9eCXuF1h7nudYEut8v5NFoF3w0EInZ
iMKnLhbfR9ScOpzaWE/Hg5tJIUwFG9l/IhlDDJJk3O0oTKzs+ZM4N8+RzZ3iFy+N
JNzspQatLKIHSbGGyGK61bu4Eq2bGdCaQMPcMmFHiDKtz7+thE7bjZOcPjzo4pjA
3JJ9ytVUAujIXKryed5E/vNfG6W/puIY6xaM1LPJPIYGa20/0gJGiWXnsXBk6NxG
EvkuC1nwYcIdkopYqM4OZz8n63ywya0pY5JifVW6q3zYU8sqwC9mkkAYGjT0IRb8
llvUyaO05nIDJkY2mgv124cxxyKTsUYPc7+c/VTW7HGyzAc7MLPOpYDbXZHW9WWT
GNGhlBJlk1UK87CRoHswuPgmx+eABXtGjmwHQJbxRmf1y7aWFNjYBKAyQCi9y/sm
XW4LT4l4JhT3xB5SFcti1iqchD2OFk65CKCFeHkm54URXb68Qjs=
=PuM5
-----END PGP SIGNATURE-----
Merge 4.9.212 into android-4.9-q
Changes in 4.9.212
xfs: Sanity check flags of Q_XQUOTARM call
powerpc/archrandom: fix arch_get_random_seed_int()
mt7601u: fix bbp version check in mt7601u_wait_bbp_ready
drm/sti: do not remove the drm_bridge that was never added
drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset()
ALSA: hda: fix unused variable warning
IB/rxe: replace kvfree with vfree
ALSA: usb-audio: update quirk for B&W PX to remove microphone
staging: comedi: ni_mio_common: protect register write overflow
pwm: lpss: Release runtime-pm reference from the driver's remove callback
mlxsw: reg: QEEC: Add minimum shaper fields
pcrypt: use format specifier in kobject_add
exportfs: fix 'passing zero to ERR_PTR()' warning
drm/dp_mst: Skip validating ports during destruction, just ref
net: phy: Fix not to call phy_resume() if PHY is not attached
pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group
pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group
pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group
pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group
pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group
pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field
pinctrl: sh-pfc: sh7734: Add missing IPSR11 field
pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field
pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value
Input: nomadik-ske-keypad - fix a loop timeout test
clk: highbank: fix refcount leak in hb_clk_init()
clk: qoriq: fix refcount leak in clockgen_init()
clk: socfpga: fix refcount leak
clk: samsung: exynos4: fix refcount leak in exynos4_get_xom()
clk: imx6q: fix refcount leak in imx6q_clocks_init()
clk: imx6sx: fix refcount leak in imx6sx_clocks_init()
clk: imx7d: fix refcount leak in imx7d_clocks_init()
clk: vf610: fix refcount leak in vf610_clocks_init()
clk: armada-370: fix refcount leak in a370_clk_init()
clk: kirkwood: fix refcount leak in kirkwood_clk_init()
clk: armada-xp: fix refcount leak in axp_clk_init()
clk: dove: fix refcount leak in dove_clk_init()
IB/usnic: Fix out of bounds index check in query pkey
RDMA/ocrdma: Fix out of bounds index check in query pkey
RDMA/qedr: Fix out of bounds index check in query pkey
arm64: dts: apq8016-sbc: Increase load on l11 for SDCARD
drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump()
media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL
crypto: tgr192 - fix unaligned memory access
ASoC: imx-sgtl5000: put of nodes if finding codec fails
IB/iser: Pass the correct number of entries for dma mapped SGL
rtc: cmos: ignore bogus century byte
clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it
iwlwifi: mvm: fix A-MPDU reference assignment
tty: ipwireless: Fix potential NULL pointer dereference
crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments
ARM: dts: lpc32xx: add required clocks property to keypad device node
ARM: dts: lpc32xx: reparent keypad controller to SIC1
ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller variant
ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller clocks property
ARM: dts: lpc32xx: phy3250: fix SD card regulator voltage
iwlwifi: mvm: fix RSS config command
staging: most: cdev: add missing check for cdev_add failure
rtc: ds1672: fix unintended sign extension
thermal: mediatek: fix register index error
net: phy: fixed_phy: Fix fixed_phy not checking GPIO
rtc: 88pm860x: fix unintended sign extension
rtc: 88pm80x: fix unintended sign extension
rtc: pm8xxx: fix unintended sign extension
fbdev: chipsfb: remove set but not used variable 'size'
iw_cxgb4: use tos when importing the endpoint
iw_cxgb4: use tos when finding ipv6 routes
pinctrl: sh-pfc: emev2: Add missing pinmux functions
pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group
pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group
pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups
usb: phy: twl6030-usb: fix possible use-after-free on remove
block: don't use bio->bi_vcnt to figure out segment number
keys: Timestamp new keys
vfio_pci: Enable memory accesses before calling pci_map_rom
dmaengine: mv_xor: Use correct device for DMA API
cdc-wdm: pass return value of recover_from_urb_loss
regulator: pv88060: Fix array out-of-bounds access
regulator: pv88080: Fix array out-of-bounds access
regulator: pv88090: Fix array out-of-bounds access
net: dsa: qca8k: Enable delay for RGMII_ID mode
drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON
drm/nouveau/pmu: don't print reply values if exec is false
ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of()
fs/nfs: Fix nfs_parse_devname to not modify it's argument
NFS: Fix a soft lockup in the delegation recovery code
clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable
clocksource/drivers/exynos_mct: Fix error path in timer resources initialization
mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe
ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used
ARM: 8848/1: virt: Align GIC version check with arm64 counterpart
regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA
nios2: ksyms: Add missing symbol exports
scsi: megaraid_sas: reduce module load time
drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen()
xen, cpu_hotplug: Prevent an out of bounds access
net: sh_eth: fix a missing check of of_get_phy_mode
media: ivtv: update *pos correctly in ivtv_read_pos()
media: cx18: update *pos correctly in cx18_read_pos()
media: wl128x: Fix an error code in fm_download_firmware()
media: cx23885: check allocation return
regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB
jfs: fix bogus variable self-initialization
tipc: tipc clang warning
m68k: mac: Fix VIA timer counter accesses
ARM: OMAP2+: Fix potentially uninitialized return value for _setup_reset()
media: davinci-isif: avoid uninitialized variable use
media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame
spi: tegra114: clear packed bit for unpacked mode
spi: tegra114: fix for unpacked mode transfers
soc/fsl/qe: Fix an error code in qe_pin_request()
spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios
ehea: Fix a copy-paste err in ehea_init_port_res
scsi: qla2xxx: Unregister chrdev if module initialization fails
ARM: pxa: ssp: Fix "WARNING: invalid free of devm_ allocated data"
hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses
tipc: set sysctl_tipc_rmem and named_timeout right range
powerpc: vdso: Make vdso32 installation conditional in vdso_install
ARM: dts: ls1021: Fix SGMII PCS link remaining down after PHY disconnect
media: ov2659: fix unbalanced mutex_lock/unlock
6lowpan: Off by one handling ->nexthdr
dmaengine: axi-dmac: Don't check the number of frames for alignment
ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk()
packet: in recvmsg msg_name return at least sizeof sockaddr_ll
ASoC: fix valid stream condition
usb: gadget: fsl: fix link error against usb-gadget module
IB/mlx5: Add missing XRC options to QP optional params mask
iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry
net: ena: fix: Free napi resources when ena_up() fails
net: ena: fix incorrect test of supported hash function
net: ena: fix ena_com_fill_hash_function() implementation
dmaengine: tegra210-adma: restore channel status
l2tp: Fix possible NULL pointer dereference
media: omap_vout: potential buffer overflow in vidioc_dqbuf()
media: davinci/vpbe: array underflow in vpbe_enum_outputs()
platform/x86: alienware-wmi: printing the wrong error code
netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule
pwm: meson: Don't disable PWM when setting duty repeatedly
ARM: riscpc: fix lack of keyboard interrupts after irq conversion
kdb: do a sanity check on the cpu in kdb_per_cpu()
backlight: lm3630a: Return 0 on success in update_status functions
thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power
dmaengine: tegra210-adma: Fix crash during probe
spi: spi-fsl-spi: call spi_finalize_current_message() at the end
crypto: ccp - fix AES CFB error exposed by new test vectors
serial: stm32: fix transmit_chars when tx is stopped
misc: sgi-xp: Properly initialize buf in xpc_get_rsvd_page_pa
iommu: Use right function to get group for device
signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig
inet: frags: call inet_frags_fini() after unregister_pernet_subsys()
media: vivid: fix incorrect assignment operation when setting video mode
powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
drm/msm/mdp5: Fix mdp5_cfg_init error return
net: netem: fix backlog accounting for corrupted GSO frames
net/af_iucv: always register net_device notifier
ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs
rtc: pcf8563: Clear event flags and disable interrupts before requesting irq
drm/msm/a3xx: remove TPL1 regs from snapshot
perf/ioctl: Add check for the sample_period value
dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width"
clk: qcom: Fix -Wunused-const-variable
iommu/amd: Make iommu_disable safer
mfd: intel-lpss: Release IDA resources
rxrpc: Fix uninitialized error code in rxrpc_send_data_packet()
devres: allow const resource arguments
RDMA/hns: Fixs hw access invalid dma memory error
net: pasemi: fix an use-after-free in pasemi_mac_phy_init()
scsi: libfc: fix null pointer dereference on a null lport
libertas_tf: Use correct channel range in lbtf_geo_init
qed: reduce maximum stack frame size
usb: host: xhci-hub: fix extra endianness conversion
mic: avoid statically declaring a 'struct device'.
x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI
ALSA: aoa: onyx: always initialize register read value
net/mlx5: Fix mlx5_ifc_query_lag_out_bits
cifs: fix rmmod regression in cifs.ko caused by force_sig changes
crypto: caam - free resources in case caam_rng registration failed
ext4: set error return correctly when ext4_htree_store_dirent fails
ASoC: es8328: Fix copy-paste error in es8328_right_line_controls
ASoC: cs4349: Use PM ops 'cs4349_runtime_pm'
ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls
signal: Allow cifs and drbd to receive their terminating signals
ASoC: sun4i-i2s: RX and TX counter registers are swapped
dmaengine: dw: platform: Switch to acpi_dma_controller_register()
mac80211: minstrel_ht: fix per-group max throughput rate initialization
mips: avoid explicit UB in assignment of mips_io_port_base
ahci: Do not export local variable ahci_em_messages
Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()"
hwmon: (lm75) Fix write operations for negative temperatures
power: supply: Init device wakeup after device_add()
x86, perf: Fix the dependency of the x86 insn decoder selftest
staging: greybus: light: fix a couple double frees
bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA
iio: dac: ad5380: fix incorrect assignment to val
ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init
net: sonic: return NETDEV_TX_OK if failed to map buffer
Btrfs: fix hang when loading existing inode cache off disk
hwmon: (shtc1) fix shtc1 and shtw1 id mask
net: sonic: replace dev_kfree_skb in sonic_send_packet
net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names'
iommu/amd: Wait for completion of IOTLB flush in attach_device
net: hisilicon: Fix signedness bug in hix5hd2_dev_probe()
net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
net: stmmac: dwmac-meson8b: Fix signedness bug in probe
of: mdio: Fix a signedness bug in of_phy_get_and_connect()
net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()
nvme: retain split access workaround for capability reads
net: stmmac: gmac4+: Not all Unicast addresses may be available
mac80211: accept deauth frames in IBSS mode
llc: fix another potential sk_buff leak in llc_ui_sendmsg()
llc: fix sk_buff refcounting in llc_conn_state_process()
net: stmmac: fix length of PTP clock's name string
act_mirred: Fix mirred_init_module error handling
drm/msm/dsi: Implement reset correctly
dmaengine: imx-sdma: fix size check for sdma script_number
net: netem: fix error path for corrupted GSO frames
net: netem: correct the parent's backlog when corrupted packet was dropped
net: qca_spi: Move reset_count to struct qcaspi
afs: Fix large file support
media: ov6650: Fix incorrect use of JPEG colorspace
media: ov6650: Fix some format attributes not under control
media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support
MIPS: Loongson: Fix return value of loongson_hwmon_init
net: neigh: use long type to store jiffies delta
packet: fix data-race in fanout_flow_is_huge()
dmaengine: ti: edma: fix missed failure handling
drm/radeon: fix bad DMA from INTERRUPT_CNTL2
arm64: dts: juno: Fix UART frequency
IB/iser: Fix dma_nents type definition
m68k: Call timer_interrupt() with interrupts disabled
net: ethtool: Add back transceiver type
net: phy: Keep reporting transceiver type
can, slip: Protect tty->disc_data in write_wakeup and close with RCU
firestream: fix memory leaks
net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM
net, ip6_tunnel: fix namespaces move
net, ip_tunnel: fix namespaces move
net_sched: fix datalen for ematch
tcp_bbr: improve arithmetic division in bbr_update_bw()
net: usb: lan78xx: Add .ndo_features_check
gtp: make sure only SOCK_DGRAM UDP sockets are accepted
hwmon: (adt7475) Make volt2reg return same reg as reg2volt input
hwmon: (core) Simplify sysfs attribute name allocation
hwmon: Deal with errors from the thermal subsystem
hwmon: (core) Fix double-free in __hwmon_device_register()
hwmon: (core) Do not use device managed functions for memory allocations
Input: keyspan-remote - fix control-message timeouts
ARM: 8950/1: ftrace/recordmcount: filter relocation types
mmc: tegra: fix SDR50 tuning override
mmc: sdhci: fix minimum clock rate for v3 controller
Input: sur40 - fix interface sanity checks
Input: gtco - fix endpoint sanity check
Input: aiptek - fix endpoint sanity check
Input: pegasus_notetaker - fix endpoint sanity check
Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register
hwmon: (nct7802) Fix voltage limits to wrong registers
scsi: RDMA/isert: Fix a recently introduced regression related to logout
tracing: xen: Ordered comparison of function pointers
do_last(): fetch directory ->i_mode and ->i_uid before it's too late
Documentation: Document arm64 kpti control
arm64: kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field
coresight: etb10: Do not call smp_processor_id from preemptible
coresight: tmc-etf: Do not call smp_processor_id from preemptible
libertas: Fix two buffer overflows at parsing bss descriptor
bcache: silence static checker warning
scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
md: Avoid namespace collision with bitmap API
bitmap: Add bitmap_alloc(), bitmap_zalloc() and bitmap_free()
netfilter: ipset: use bitmap infrastructure completely
net/x25: fix nonblocking connect
Linux 4.9.212
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2e83a05c5f119a7467a4d6984045d45d0c06b764
[ Upstream commit 7a14826ede1d714f0bb56de8167c0e519041eeda ]
Currently when the call to ext4_htree_store_dirent fails the error return
variable 'ret' is is not being set to the error code and variable count is
instead, hence the error code is not being returned. Fix this by assigning
ret to the error return code.
Addresses-Coverity: ("Unused value")
Fixes: 8af0f08227 ("ext4: fix readdir error in the case of inline_data+dir_index")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlw/nkEACgkQONu9yGCS
aT75AQ/+K8lXM/dgsAYZ+FbPutYlrW1NUuuVxHKvaO2bdE9N9bPz9IercXmhgZQG
K8GHO+nmbF0IONzZAitnwxfLw15wcL6qmR/K1OmvKGhYtRNuIcJgAKvLgNXbpeiV
+v9/8SUyLeZuDSauwLtkxxfj3EpL7+6Zsn6amdbQn6sm5S61XHGXJX65ebI47zJ7
++znj5TYkULlJUe+nhYVjx4mKGuyp0Wk3cO5+W3TNS2fWE3OrO9m8KoT+fGHpziB
IMzRYYEuYGvOra0TbbrokSCtj/wmq55vk5WlTNq/N6tPHhcz7VJIflaMVmnNLFDr
CU5/yHdoV/H3KF6ODM9zBxJmUrs6fzuW4uD6DczZAhyTXxtW/W7BBOEB4d5QyQvt
9e9x5HZDAvARoTXNywMOuQHY49wR6Ca+9nrE1P2qEVeBFvgp+bkoyKr/sTdrJV6y
uOKPi4j6nUWYZTNT1kOisYPNf7sZrtuT2TDW9F55YgcHQWN6AURRggRvtYMP4Zsp
hiLwH0z2PehybLARH9OHZulHf3bykCv6H5M81U8bn65xtKbwQTpsgBIQEGXVFLMN
wCCif3OMuncvXmu9Kh8AodhUiugf1THv7Q3iWBU+TjFoJ/afvQIeFaBRLjzp36AH
05Nlm8jwHXRIatiU74TZv3ZyurEq2QlBokgsW6KX6Ha9EaBgLW0=
=9N08
-----END PGP SIGNATURE-----
Merge 4.9.151 into android-4.9
Changes in 4.9.151
ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
CIFS: Do not hide EINTR after sending network packets
cifs: Fix potential OOB access of lock element array
usb: cdc-acm: send ZLP for Telit 3G Intel based modems
USB: storage: don't insert sane sense for SPC3+ when bad sense specified
USB: storage: add quirk for SMI SM3350
USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
slab: alien caches must not be initialized if the allocation of the alien cache failed
mm: page_mapped: don't assume compound page is huge or THP
ACPI: power: Skip duplicate power resource references in _PRx
i2c: dev: prevent adapter retries and timeout being set as minus value
rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set
ext4: make sure enough credits are reserved for dioread_nolock writes
ext4: fix a potential fiemap/page fault deadlock w/ inline_data
ext4: avoid kernel warning when writing the superblock to a dead device
sunrpc: use-after-free in svc_process_common()
Linux 4.9.151
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 2b08b1f12cd664dc7d5c84ead9ff25ae97ad5491 upstream.
The ext4_inline_data_fiemap() function calls fiemap_fill_next_extent()
while still holding the xattr semaphore. This is not necessary and it
triggers a circular lockdep warning. This is because
fiemap_fill_next_extent() could trigger a page fault when it writes
into page which triggers a page fault. If that page is mmaped from
the inline file in question, this could very well result in a
deadlock.
This problem can be reproduced using generic/519 with a file system
configuration which has the inline_data feature enabled.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlw2EF8ACgkQONu9yGCS
aT60Uw//dk+Mshl6uj1zeD5ZIBYZqIH3pQqEgPO6/wFmT4Koxl4rajbsj60r1qrB
qZnIpiLQhyBhb0TaVMMEyHbDB0US1gzOeQDShIWFVzUwZix+O8iL0s24NAMbLWZz
L2b62hphcj6I3K30Ly7BQgIlKhwecPEeftejSC4A/UQ5I2x3qe5dp3KFEShK4Oob
rR9CFZD2DV0u/G6u4AsP33oE1Zx7d26U6RazNgWZfMW1/Sb3n/d4ihHVNENsXR5U
wiB0Y2zWogKSkj5l4ZkIpPeQYgYfVsQlC/i749yWi/ng833guratUefusLO3n/jr
efhTsQP1OgesogO3apx9WOHj+9Eqhr/rRYJbeGcn5oG0S9Hbg+3honYb53FY+mrb
n3mEwAJDI+ntZDEdRl+ZZA4kSD1pXTn7ddy5VqZ/B81RZPudYWeJiB1USIcoqjmj
bJtS/ZtIKwfVzd745Drg+Ko9D96xfQETvJE7OM7iUzdBS+ONI9CaUt3dawoBj6pc
IFnAX5vJ1ruzB44iWc8rJhmCTJ/ww7jkKhl2Av8Q7UG2rJ7r4xzgTkislUxQQamw
+by07OxeK8T0mahuRTlZbU27lnRK5xQ+H9+G1n6KoGNjjl0jBhDjnFZ56kUkNXuw
V8SsC7PoCpR7zEZUButg83qrvLXpDcM9A8arWyqgl4WKF4AVUZk=
=qO5G
-----END PGP SIGNATURE-----
Merge 4.9.149 into android-4.9
Changes in 4.9.149
NFC: nxp-nci: Include unaligned.h instead of access_ok.h
ip6mr: Fix potential Spectre v1 vulnerability
ipv4: Fix potential Spectre v1 vulnerability
ax25: fix a use-after-free in ax25_fillin_cb()
ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
ieee802154: lowpan_header_create check must check daddr
ipv6: explicitly initialize udp6_addr in udp_sock_create6()
ipv6: tunnels: fix two use-after-free
isdn: fix kernel-infoleak in capi_unlocked_ioctl
net: ipv4: do not handle duplicate fragments as overlapping
net: phy: Fix the issue that netif always links up after resuming
netrom: fix locking in nr_find_socket()
net/wan: fix a double free in x25_asy_open_tty()
packet: validate address length
packet: validate address length if non-zero
sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
tipc: fix a double kfree_skb()
vhost: make sure used idx is seen before log in vhost_add_used_n()
VSOCK: Send reset control packet when socket is partially bound
xen/netfront: tolerate frags with no data
tipc: use lock_sock() in tipc_sk_reinit()
tipc: compare remote and local protocols in tipc_udp_enable()
gro_cell: add napi_disable in gro_cells_destroy
net/mlx5e: Remove the false indication of software timestamping support
net/mlx5: Typo fix in del_sw_hw_rule
sock: Make sock->sk_stamp thread-safe
ptr_ring: wrap back ->producer in __ptr_ring_swap_queue()
ALSA: rme9652: Fix potential Spectre v1 vulnerability
ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
ALSA: pcm: Fix potential Spectre v1 vulnerability
ALSA: emux: Fix potential Spectre v1 vulnerabilities
mtd: atmel-quadspi: disallow building on ebsa110
ALSA: hda: add mute LED support for HP EliteBook 840 G4
ALSA: hda/tegra: clear pending irq handlers
USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
USB: serial: option: add Fibocom NL678 series
usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()
staging: wilc1000: fix missing read_write setting when reading data
qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID
Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
platform-msi: Free descriptors in platform_msi_domain_free()
perf pmu: Suppress potential format-truncation warning
ext4: fix possible use after free in ext4_quota_enable
ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
ext4: fix EXT4_IOC_GROUP_ADD ioctl
ext4: include terminating u32 in size of xattr entries when expanding inodes
ext4: force inode writes when nfsd calls commit_metadata()
spi: bcm2835: Fix race on DMA termination
spi: bcm2835: Fix book-keeping of DMA termination
spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
clk: rockchip: fix typo in rk3188 spdif_frac parent
cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
f2fs: fix validation of the block count in sanity_check_raw_super
serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly
media: vivid: free bitmap_cap when updating std/timings/etc.
media: v4l2-tpg: array index could become negative
MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
MIPS: Align kernel load address to 64KB
MIPS: OCTEON: mark RGMII interface disabled on OCTEON III
CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested
arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1
rtc: m41t80: Correct alarm month range with RTC reads
tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x
spi: bcm2835: Unbreak the build of esoteric configs
Linux 4.9.149
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 132d00becb31e88469334e1e62751c81345280e0 upstream.
In case of error, ext4_try_to_write_inline_data() should unlock
and release the page it holds.
Fixes: f19d5870cb ("ext4: add normal write support for inline data")
Cc: stable@kernel.org # 3.8
Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlvrJA0ACgkQONu9yGCS
aT4InBAAwJ8JvdytPuqIMrm1C2Pk0Jwq61fl02JLNdbMds+MEq3MtYkKiQPLRRb/
epkseRT6ifYxhFIgGA20mbMH7Vlo6UbKBXBBLYck10HDI03JQZ6SUjCiR2b+KX0f
a+jmg6o/SRlLrSiBuR7YofBswJt0g1wsrn9/iWu/7GvuQxVL4k4b19jcSpKu13xZ
ToeTJxJgKiW/LXESLmm9V0V2urvWFiKXO3wixnfNjqyULliae8V0X3TQD06DJh9Y
9jtG8QeWwu3Ip1Bqc6rcEMaW46xxpGlY78QtCv61/AV7VFr7TofMxHyPLFIXCN1v
OIsRguonZAC9YQF2yKNrA6XYIPZi0Cn2hjM4Tu0P40bn+FqkFC/Mdg/R5wR27+KW
oFMVivGI1f/0nDAIUERmCIouIrwKOHTdhjX117e490UyuInju2zrKYwk9AHGK8h3
GduYMTQQmUZZP3YX1LL62cgBzKsICOso2rDIa2iUN0xwPthiKrIaR6yi6dW5ewYU
jNoMkD95c1C9os/kyStGQ66uYcYddFdlkt8vV3DJdG7swMBey8n2ezroK5ca9UO3
18vJAcWQiukA/GGvIoNqUvzyxwUsP3eKQySqB1zeeL7nwP0bdYK/AYWmTzYYlH9f
6ae+SRbGY6yV36KxdZ5e6yrmjoXWokh5ryWpY9XU7ZUwskvL2+Y=
=o868
-----END PGP SIGNATURE-----
Merge 4.9.137 into android-4.9
Changes in 4.9.137
bcache: fix miss key refill->end in writeback
hwmon: (pmbus) Fix page count auto-detection.
jffs2: free jffs2_sb_info through jffs2_kill_sb()
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
ipmi: Fix timer race with module unload
parisc: Fix address in HPMC IVA
parisc: Fix map_pages() to not overwrite existing pte entries
ALSA: hda - Add quirk for ASUS G751 laptop
ALSA: hda - Fix headphone pin config for ASUS G751
ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
x86/speculation: Support Enhanced IBRS on future CPUs
bpf: do not blindly change rlimit in reuseport net selftest
Revert "perf tools: Fix PMU term format max value calculation"
xfrm: policy: use hlist rcu variants on insert
sparc: Fix single-pcr perf event counter management.
sparc64: Make proc_id signed.
sched/fair: Fix the min_vruntime update logic in dequeue_entity()
perf cpu_map: Align cpu map synthesized events properly.
x86/fpu: Remove second definition of fpu in __fpu__restore_sig()
net: qla3xxx: Remove overflowing shift statement
selftests: ftrace: Add synthetic event syntax testcase
i2c: rcar: cleanup DMA for all kinds of failure
locking/lockdep: Fix debug_locks off performance problem
ataflop: fix error handling during setup
swim: fix cleanup on setup error
tun: Consistently configure generic netdev params via rtnetlink
s390/sthyi: Fix machine name validity indication
hwmon: (pwm-fan) Set fan speed to 0 on suspend
perf tools: Free temporary 'sys' string in read_event_files()
perf tools: Cleanup trace-event-info 'tdata' leak
perf strbuf: Match va_{add,copy} with va_end
mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
iwlwifi: pcie: avoid empty free RB queue
x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC
cpufreq: dt: Try freeing static OPPs only if we have added them
Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
x86: boot: Fix EFI stub alignment
pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
brcmfmac: fix for proper support of 160MHz bandwidth
kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
pinctrl: qcom: spmi-mpp: Fix drive strength setting
pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
ixgbevf: VF2VF TCP RSS
ath10k: schedule hardware restart if WMI command times out
cgroup, netclassid: add a preemption point to write_classid
scsi: esp_scsi: Track residual for PIO transfers
scsi: megaraid_sas: fix a missing-check bug
RDMA/core: Do not expose unsupported counters
IB/ipoib: Clear IPCB before icmp_send
tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated
VMCI: Resource wildcard match fixed
usb: gadget: udc: atmel: handle at91sam9rl PMC
ext4: fix argument checking in EXT4_IOC_MOVE_EXT
MD: fix invalid stored role for a disk
PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice
coresight: etb10: Fix handling of perf mode
crypto: caam - fix implicit casts in endianness helpers
usb: chipidea: Prevent unbalanced IRQ disable
driver/dma/ioat: Call del_timer_sync() without holding prep_lock
uio: ensure class is registered before devices
scsi: lpfc: Correct soft lockup when running mds diagnostics
signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init
dmaengine: dma-jz4780: Return error if not probed from DT
ALSA: hda: Check the non-cached stream buffers more explicitly
ARM: dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes
arm: dts: exynos: Add missing cooling device properties for CPUs
ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings
ARM: dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250
xen-swiotlb: use actually allocated size on check physical continuous
tpm: Restore functionality to xen vtpm driver.
xen/blkfront: avoid NULL blkfront_info dereference on device removal
xen: fix race in xen_qlock_wait()
xen: make xen_qlock_wait() nestable
libertas: don't set URB_ZERO_PACKET on IN USB transfer
usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten
iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()
net/ipv4: defensive cipso option parsing
libnvdimm: Hold reference on parent while scheduling async init
ASoC: intel: skylake: Add missing break in skl_tplg_get_token()
jbd2: fix use after free in jbd2_log_do_checkpoint()
gfs2_meta: ->mount() can get NULL dev_name
ext4: initialize retries variable in ext4_da_write_inline_data_begin()
ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR
HID: hiddev: fix potential Spectre v1
EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting
EDAC, skx_edac: Fix logical channel intermediate decoding
PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
signal/GenWQE: Fix sending of SIGKILL
crypto: lrw - Fix out-of bounds access on counter overflow
crypto: tcrypt - fix ghash-generic speed test
ima: fix showing large 'violations' or 'runtime_measurements_count'
hugetlbfs: dirty pages as they are added to pagecache
kbuild: fix kernel/bounds.c 'W=1' warning
iio: ad5064: Fix regulator handling
iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs()
iio: adc: at91: fix acking DRDY irq on simple conversions
iio: adc: at91: fix wrong channel number in triggered buffer mode
w1: omap-hdq: fix missing bus unregister at removal
smb3: allow stats which track session and share reconnects to be reset
smb3: do not attempt cifs operation in smb3 query info error path
smb3: on kerberos mount if server doesn't specify auth type use krb5
printk: Fix panic caused by passing log_buf_len to command line
genirq: Fix race on spurious interrupt detection
NFSv4.1: Fix the r/wsize checking
nfsd: Fix an Oops in free_session()
lockd: fix access beyond unterminated strings in prints
dm ioctl: harden copy_params()'s copy_from_user() from malicious users
powerpc/msi: Fix compile error on mpc83xx
MIPS: OCTEON: fix out of bounds array access on CN68XX
TC: Set DMA masks for devices
media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD
kgdboc: Passing ekgdboc to command line causes panic
xen: fix xen_qlock_wait()
media: em28xx: use a default format if TRY_FMT fails
media: tvp5150: avoid going past array on v4l2_querymenu()
media: em28xx: fix input name for Terratec AV 350
media: em28xx: make v4l2-compliance happier by starting sequence on zero
arm64: lse: remove -fcall-used-x0 flag
rpmsg: smd: fix memory leak on channel create
Cramfs: fix abad comparison when wrap-arounds occur
arm64: dts: stratix10: Correct System Manager register size
soc/tegra: pmc: Fix child-node lookup
btrfs: Handle owner mismatch gracefully when walking up tree
btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock
btrfs: fix error handling in free_log_tree
btrfs: iterate all devices during trim, instead of fs_devices::alloc_list
btrfs: don't attempt to trim devices that don't support it
btrfs: wait on caching when putting the bg cache
btrfs: reset max_extent_size on clear in a bitmap
btrfs: make sure we create all new block groups
Btrfs: fix wrong dentries after fsync of file that got its parent replaced
btrfs: qgroup: Dirty all qgroups before rescan
Btrfs: fix null pointer dereference on compressed write path error
btrfs: set max_extent_size properly
MD: fix invalid stored role for a disk - try2
Linux 4.9.137
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 625ef8a3acd111d5f496d190baf99d1a815bd03e upstream.
Variable retries is not initialized in ext4_da_write_inline_data_begin()
which can lead to nondeterministic number of retries in case we hit
ENOSPC. Initialize retries to zero as we do everywhere else.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Fixes: bc0ca9df3b ("ext4: retry allocation when inline->extent conversion failed")
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlvK3oUACgkQONu9yGCS
aT5B6g/+PWLmbE2+6OEFwQ95zE/F1pLIqhrcgX3Vj4uJJoAnFP6US2WUzbO3T1CU
EHQG3pllgLvKtNM/txNdNRdr4RI7qv6NJ8XSdl+64PPClMGbIiSVwKtnwut82tdR
LAJoscg9ckZ3voxkSHScd+OAqFvxaR5Wu12Fzknordd0CygSov8jk32QdK1lsDPm
xFQcH0UaU7HUGGXfZVryYaoG6cF7E9AKy+NQI3lIOmYZrUNPdP/XnW+kc3BqfZiL
E4ARYS2zvUwXPL/tXFEd/Eph5+6cb6XZl02Pp70FCcsZwNiHktEvmBOSUPI44Ax0
OSyQrnYZUc0NT6lz9bNQKvtMnpK+cyqS7XycWlU267o30vGR9JVfwgTL3nfL34Tv
dTteUTowWzGOgDYSqhCEBhNl42YNGqIyVRBB/vLY0NKoZchvxrk3ehADB6pc5vQM
bvBCdT1VO7YTQFcVzRVzs8Z2hqswEfdo6Jf+ga7HPHmo7Z2CnQXHAehtBq4mxw8r
RZ0ZytFY8WctwlwJ8SmRJSuZqbDXiFXDHvJDRI42Dw0Eamso/yNwW6XwzaKK3I8A
1uzQ1zL3wymDIvbTIs91b+8FY0MkjA/inQ0ihZwM7lWDfweZvkrNk1v7q74w/6iK
RURTqu3H7+JRUPcrG/4irpea0AQjIkFhZbA0QRTHoJCDbJhBYcM=
=hBl5
-----END PGP SIGNATURE-----
Merge 4.9.135 into android-4.9
Changes in 4.9.135
media: af9035: prevent buffer overflow on write
batman-adv: Fix segfault when writing to throughput_override
batman-adv: Fix segfault when writing to sysfs elp_interval
batman-adv: Prevent duplicated nc_node entry
batman-adv: Prevent duplicated softif_vlan entry
batman-adv: Prevent duplicated global TT entry
batman-adv: Prevent duplicated tvlv handler
batman-adv: fix backbone_gw refcount on queue_work() failure
batman-adv: fix hardif_neigh refcount on queue_work() failure
clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs
scsi: ibmvscsis: Fix a stringop-overflow warning
scsi: ibmvscsis: Ensure partition name is properly NUL terminated
Input: atakbd - fix Atari keymap
Input: atakbd - fix Atari CapsLock behaviour
ravb: do not write 1 to reserved bits
drm: mali-dp: Call drm_crtc_vblank_reset on device init
scsi: sd: don't crash the host on invalid commands
net/mlx4: Use cpumask_available for eq->affinity_mask
powerpc/tm: Fix userspace r13 corruption
powerpc/tm: Avoid possible userspace r1 corruption on reclaim
iommu/amd: Return devid as alias for ACPI HID devices
mremap: properly flush TLB before releasing the page
mm: Preserve _PAGE_DEVMAP across mprotect() calls
netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info
ARC: build: Get rid of toolchain check
ARC: build: Don't set CROSS_COMPILE in arch's Makefile
HID: quirks: fix support for Apple Magic Keyboards
usb: gadget: serial: fix oops when data rx'd after close
sched/cputime: Convert kcpustat to nsecs
macintosh/rack-meter: Convert cputime64_t use to u64
sched/cputime: Increment kcpustat directly on irqtime account
sched/cputime: Fix ksoftirqd cputime accounting regression
ext4: avoid running out of journal credits when appending to an inline file
HV: properly delay KVP packets when negotiation is in progress
Linux 4.9.135
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 8bc1379b82b8e809eef77a9fedbb75c6c297be19 upstream.
Use a separate journal transaction if it turns out that we need to
convert an inline file to use an data block. Otherwise we could end
up failing due to not having journal credits.
This addresses CVE-2018-10883.
https://bugzilla.kernel.org/show_bug.cgi?id=200071
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
[fengc@google.com: 4.4 and 4.9 backport: adjust context]
Signed-off-by: Chenbo Feng <fengc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAluvTugACgkQONu9yGCS
aT7VlA/9EmN7I6hHlA0CiHZF8UI86zHMXmHNTF8gF/X5mQs1vcKGtSJMnsCjTzki
l/dPU22eci+xdHwHkuKb7ZkDilu8dMNW8nTkqSoXBfGUviomgTyCgP68vOO5UIDM
8m+wGsAuvuPBQccTd6XdpSRJdz7TSO41t3d/F3IH4KCPWWOp4O8WLYkbUdmXX+Ys
qyPBfP+qtfkgBwexpMBqdzzGgdh3JszBYmWV9EUo9hPVcylcWjUlGwK2sIVB9gDH
CiMHV2TYVv3jI7km9+R2tqY+kWfBWqaLTxRGuYlvFR8smMaWUiRhrWN9ce0BRYzO
dVqgGp/CJsgb/zhAxNQ0PfQ20FtSiM+mSZ2F4DDOjFt0GE0QkcxvN/jaJsfqy/K4
5nteK4yU3X5CpBeVurjaSSMNI1Q3P9aIWTf+FgatUGBWGhxvTKsSxzfSnBAZdV8X
r1ahCmutf0fjT1IuIDj+6/GrqhucugbsWo6y49bxjlrShsOsbdMVKgzLTzjPwEf/
gDBHoenEnz1NuzWCbZTm2g0GxrVAIvNVzyzlQDjeQe/2t5EN1ymJY4RT9fbfN8Lc
zOGmlR7qjkvtcjvXVsNtaqsE+bnBRyeLMYhlHN55X8q9dBVltVvNxLtyvbCRar8G
ptx56z+/jNPk4iFf3AhDzp4UbNfz0C0TO+eL1F6UAGpVYlYQu+k=
=eQ3Q
-----END PGP SIGNATURE-----
Merge 4.9.130 into android-4.9
Changes in 4.9.130
NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
NFC: Fix the number of pipes
ASoC: cs4265: fix MMTLR Data switch control
ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path
ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping
ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO
ALSA: firewire-digi00x: fix memory leak of private data
ALSA: firewire-tascam: fix memory leak of private data
ALSA: fireworks: fix memory leak of response buffer at error path
ALSA: oxfw: fix memory leak for model-dependent data at error path
ALSA: oxfw: fix memory leak of discovered stream formats at error path
ALSA: oxfw: fix memory leak of private data
platform/x86: alienware-wmi: Correct a memory leak
xen/netfront: don't bug in case of too many frags
xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
Revert "PCI: Add ACS quirk for Intel 300 series"
ring-buffer: Allow for rescheduling when removing pages
mm: shmem.c: Correctly annotate new inodes for lockdep
gso_segment: Reset skb->mac_len after modifying network header
ipv6: fix possible use-after-free in ip6_xmit()
net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
net: hp100: fix always-true check for link up state
udp4: fix IP_CMSG_CHECKSUM for connected sockets
neighbour: confirm neigh entries when ARP packet is received
scsi: target: iscsi: Use hex2bin instead of a re-implementation
ocfs2: fix ocfs2 read block panic
drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement
drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect()
drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early
drm/vc4: Fix the "no scaling" case on multi-planar YUV formats
tty: vt_ioctl: fix potential Spectre v1
ext4: check to make sure the rename(2)'s destination is not freed
ext4: avoid divide by zero fault when deleting corrupted inline directories
ext4: recalucate superblock checksum after updating free blocks/inodes
ext4: fix online resize's handling of a too-small final block group
ext4: fix online resizing for bigalloc file systems with a 1k block size
ext4: don't mark mmp buffer head dirty
ext4: show test_dummy_encryption mount option in /proc/mounts
sched/fair: Fix vruntime_normalized() for remote non-migration wakeup
HID: sony: Update device ids
HID: sony: Support DS4 dongle
PCI: aardvark: Size bridges before resources allocation
vmw_balloon: include asm/io.h
iw_cxgb4: only allow 1 flush on user qps
Linux 4.9.130
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 4d982e25d0bdc83d8c64e66fdeca0b89240b3b85 upstream.
A specially crafted file system can trick empty_inline_dir() into
reading past the last valid entry in a inline directory, and then run
into the end of xattr marker. This will trigger a divide by zero
fault. Fix this by using the size of the inline directory instead of
dir->i_size.
Also clean up error reporting in __ext4_check_dir_entry so that the
message is clearer and more understandable --- and avoids the division
by zero trap if the size passed in is zero. (I'm not sure why we
coded it that way in the first place; printing offset % size is
actually more confusing and less useful.)
https://bugzilla.kernel.org/show_bug.cgi?id=200933
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reported-by: Wen Xu <wen.xu@gatech.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAltj7k8ACgkQONu9yGCS
aT54oRAAxn5rT7Mp5coJqSYFgkzVPOSzuVy8BKq+cwJYe50Ut5nkmWr11jJEkEi6
GZw8xahCuHECM6yl4NjvKqlM8PyvswZEnsIw5V4A1tjLWBPbatz5pZ3qEOIYt1iE
2EB8Bq/kxW8kLHWxFJqV2mH0w8/6o8IcejdPhN3IEiPouB0aRtzbcF9X3GjVh8Ec
6lX9iDn4lodC/EmGJqBbuWj8DjHyTuMZOd/WUkLlFGCLK2KlF+/AIy3rYlkPf2R2
HQOLXy2ZSeyG3EI+hNHilEr1OVBkddX04QtNzUWDCHaK+OSRl0jamX/J3qymA0WT
OgfwQ67SLqG9QRtM2SpozPq1MjE8SW40pyNePtj6zbndJMEEGRhPYFyyJeL9MtLw
0j63qaQ7A3BygTvj/N194aNyoLZeZ0qMzL9hqP9yGcsh+sW6WkYRdwy6bNGHSzcy
B81XrmObYPVT4tlEFv4wftUFBWQKM6Gv4+VNCEpDVkZCCqnxFN3el1zqMmDjcrPn
rJOsDMwnFS5kj7kDjvQUQc+rRVUi3Xmc4z3D/OYGEQcRHhI0ztcdmqzdGRR54LfO
TL4WnpbIVchKP40RsbcoqgwD/MSThjPbPyXe0Y8cYWae2yigoPe74wvALOHuJ1sv
VXWVBIFQOQmH7Iw8hc20Uwm9wd4DxoVbax8urGON6FJlYviBwlI=
=tLp7
-----END PGP SIGNATURE-----
Merge 4.9.117 into android-4.9
Changes in 4.9.117
Input: elan_i2c - add ACPI ID for lenovo ideapad 330
Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
kvm, mm: account shadow page tables to kmemcg
tracing: Fix double free of event_trigger_data
tracing: Fix possible double free in event_enable_trigger_func()
kthread, tracing: Don't expose half-written comm when creating kthreads
tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
tracing: Quiet gcc warning about maybe unused link variable
arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
usb: dwc2: Fix DMA alignment to start at allocated boundary
kcov: ensure irq code sees a valid area
xen/netfront: raise max number of slots in xennet_get_responses()
ALSA: emu10k1: add error handling for snd_ctl_add
ALSA: fm801: add error handling for snd_ctl_add
nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
vfio: platform: Fix reset module leak in error path
mm: vmalloc: avoid racy handling of debugobjects in vunmap
mm/slub.c: add __printf verification to slab_err()
rtc: ensure rtc_set_alarm fails when alarms are not supported
perf tools: Fix pmu events parsing rule
netfilter: ipset: List timing out entries with "timeout 1" instead of zero
infiniband: fix a possible use-after-free bug
powerpc/eeh: Fix use-after-release of EEH driver
hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
powerpc/64s: Fix compiler store ordering to SLB shadow area
RDMA/mad: Convert BUG_ONs to error flows
netfilter: nf_tables: check msg_type before nft_trans_set(trans)
pnfs: Don't release the sequence slot until we've processed layoutget on open
disable loading f2fs module on PAGE_SIZE > 4KB
f2fs: fix error path of move_data_page
f2fs: fix to don't trigger writeback during recovery
f2fs: fix to wait page writeback during revoking atomic write
f2fs: Fix deadlock in shutdown ioctl
f2fs: fix race in between GC and atomic open
usbip: usbip_detach: Fix memory, udev context and udev leak
perf/x86/intel/uncore: Correct fixed counter index check in generic code
perf/x86/intel/uncore: Correct fixed counter index check for NHM
selftests/intel_pstate: Improve test, minor fixes
iwlwifi: pcie: fix race in Rx buffer allocator
Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
ASoC: dpcm: fix BE dai not hw_free and shutdown
mfd: cros_ec: Fail early if we cannot identify the EC
mwifiex: handle race during mwifiex_usb_disconnect
wlcore: sdio: check for valid platform device data before suspend
media: tw686x: Fix incorrect vb2_mem_ops GFP flags
media: videobuf2-core: don't call memop 'finish' when queueing
btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
PCI: Prevent sysfs disable of device while driver is attached
ath: Add regulatory mapping for FCC3_ETSIC
ath: Add regulatory mapping for ETSI8_WORLD
ath: Add regulatory mapping for APL13_WORLD
ath: Add regulatory mapping for APL2_FCCA
ath: Add regulatory mapping for Uganda
ath: Add regulatory mapping for Tanzania
ath: Add regulatory mapping for Serbia
ath: Add regulatory mapping for Bermuda
ath: Add regulatory mapping for Bahamas
powerpc/32: Add a missing include header
powerpc/chrp/time: Make some functions static, add missing header include
powerpc/powermac: Add missing prototype for note_bootable_part()
powerpc/powermac: Mark variable x as unused
powerpc/8xx: fix invalid register expression in head_8xx.S
pinctrl: at91-pio4: add missing of_node_put
bpf: powerpc64: pad function address loads with NOPs
PCI: pciehp: Request control of native hotplug only if supported
net: dsa: qca8k: Add support for QCA8334 switch
mwifiex: correct histogram data with appropriate index
ima: based on policy verify firmware signatures (pre-allocated buffer)
drivers/perf: arm-ccn: don't log to dmesg in event_init
fscrypt: use unbound workqueue for decryption
scsi: ufs: fix exception event handling
ALSA: emu10k1: Rate-limit error messages about page errors
regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
md: fix NULL dereference of mddev->pers in remove_and_add_spares()
ixgbevf: fix MAC address changes through ixgbevf_set_mac()
media: smiapp: fix timeout checking in smiapp_read_nvm
net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value
ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback
arm64: cmpwait: Clear event register before arming exclusive monitor
HID: hid-plantronics: Re-resend Update to map button for PTT products
drm/radeon: fix mode_valid's return type
powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet
HID: i2c-hid: check if device is there before really probing
EDAC, altera: Fix ARM64 build warning
ARM: dts: emev2: Add missing interrupt-affinity to PMU node
ARM: dts: sh73a0: Add missing interrupt-affinity to PMU node
nvmem: properly handle returned value nvmem_reg_read
tty: Fix data race in tty_insert_flip_string_fixed_flag
dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
libata: Fix command retry decision
media: media-device: fix ioctl function types
media: saa7164: Fix driver name in debug output
mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
brcmfmac: Add support for bcm43364 wireless chipset
s390/cpum_sf: Add data entry sizes to sampling trailer entry
perf: fix invalid bit in diagnostic entry
bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only.
scsi: 3w-9xxx: fix a missing-check bug
scsi: 3w-xxxx: fix a missing-check bug
scsi: megaraid: silence a static checker bug
staging: lustre: o2iblnd: fix race at kiblnd_connect_peer
thermal: exynos: fix setting rising_threshold for Exynos5433
bpf: fix references to free_bpf_prog_info() in comments
media: siano: get rid of __le32/__le16 cast warnings
drm/atomic: Handling the case when setting old crtc for plane
ALSA: hda/ca0132: fix build failure when a local macro is defined
mmc: dw_mmc: update actual clock for mmc debugfs
mmc: pwrseq: Use kmalloc_array instead of stack VLA
dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC
dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
stop_machine: Use raw spinlocks
memory: tegra: Do not handle spurious interrupts
memory: tegra: Apply interrupts mask per SoC
arm64: defconfig: Enable Rockchip io-domain driver
drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
ipconfig: Correctly initialise ic_nameservers
rsi: Fix 'invalid vdd' warning in mmc
audit: allow not equal op for audit by executable
staging: lustre: llite: correct removexattr detection
staging: lustre: ldlm: free resource when ldlm_lock_create() fails.
serial: core: Make sure compiler barfs for 16-byte earlycon names
microblaze: Fix simpleImage format generation
usb: hub: Don't wait for connect state at resume for powered-off ports
crypto: authencesn - don't leak pointers to authenc keys
crypto: authenc - don't leak pointers to authenc keys
media: omap3isp: fix unbalanced dma_iommu_mapping
scsi: scsi_dh: replace too broad "TP9" string with the exact models
scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
media: si470x: fix __be16 annotations
drm: Add DP PSR2 sink enable bit
random: mix rdrand with entropy sent in from userspace
squashfs: be more careful about metadata corruption
ext4: fix inline data updates with checksums enabled
ext4: check for allocation block validity with block group locked
RDMA/uverbs: Protect from attempts to create flows on unsupported QP
net: dsa: qca8k: Force CPU port to its highest bandwidth
net: dsa: qca8k: Enable RXMAC when bringing up a port
net: dsa: qca8k: Add QCA8334 binding documentation
net: dsa: qca8k: Allow overwriting CPU port setting
Linux 4.9.117
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 362eca70b53389bddf3143fe20f53dcce2cfdf61 upstream.
The inline data code was updating the raw inode directly; this is
problematic since if metadata checksums are enabled,
ext4_mark_inode_dirty() must be called to update the inode's checksum.
In addition, the jbd2 layer requires that get_write_access() be called
before the metadata buffer is modified. Fix both of these problems.
https://bugzilla.kernel.org/show_bug.cgi?id=200443
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAltGE6YACgkQONu9yGCS
aT4a9A//ap2CPrG5XxpkUc49TOmaVqE8XS044kX90BCiqwd4u5tKdT/cQZpkoGXo
+BkU43oRCf6Net2bfGDrdQBFV5VH+2ekuhyOaCXo5SXbLw3t4QqiVq4LWh/biwwP
5bfiJvb/8eyRBQfyQJosNMS5z9oNLkN+vZ9Y7W49BV6PV92/RMq2bgTshDaztMIA
fMCOONJX5nZgbRja+WeXOA01NFK2w6wSc+hz3pSVYAwdCYK0ypQllwswYk67+m9P
4BrUJnX+3wlSteJc3etTcm0qk/g+ed+bqsIuhDc9bzIiWvhCa7hIaWcqtJuoExra
jFWu37QGH8D82pvwN9cpJV8JQogiFJqqVmmZ1V9aBym8iKMU73/pAWFdKcp5NQWH
916JRe/b4+Ge0oZ1d1p69IDb92H49XaID9BqxRxvy2GjBDjFsLY6XfeBug/uB0xU
llU9k8e0fCm7Wvr4JZMkMNlQyzDIpFTav0mTHam4AkjMp2ujbuHP6j3amTRplAVf
RIDos296gZvqHq9A2KpTbpLYtZKVk5uFyYI+zaLD2xf8RIOvoa8a0ua8bNv+nBDA
YMtTYrHbGkGG8zhoYBG5ko5paYjWjKZq447VxfOHRgmQRmFzGunY25ONXPmFvLWw
mXdSFkMvqstxbVgak7Fvu0jS4vK4GzUVVJXO38cOXZQqJ/F1B20=
=mDnR
-----END PGP SIGNATURE-----
Merge 4.9.112 into android-4.9
Changes in 4.9.112
usb: cdc_acm: Add quirk for Uniden UBC125 scanner
USB: serial: cp210x: add CESINEL device ids
USB: serial: cp210x: add Silicon Labs IDs for Windows Update
usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub
n_tty: Fix stall at n_tty_receive_char_special().
n_tty: Access echo_* variables carefully.
staging: android: ion: Return an ERR_PTR in ion_map_kernel
vt: prevent leaking uninitialized data to userspace via /dev/vcs*
i2c: rcar: fix resume by always initializing registers before transfer
ipv4: Fix error return value in fib_convert_metrics()
kprobes/x86: Do not modify singlestep buffer while resuming
netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
Revert "sit: reload iphdr in ipip6_rcv"
net: phy: micrel: fix crash when statistic requested for KSZ9031 phy
ARM: dts: imx6q: Use correct SDMA script for SPI5 core
IB/hfi1: Fix user context tail allocation for DMA_RTAIL
x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
x86/cpu: Re-apply forced caps every time CPU caps are re-read
mm: hugetlb: yield when prepping struct pages
tracing: Fix missing return symbol in function_graph output
scsi: sg: mitigate read/write abuse
s390: Correct register corruption in critical section cleanup
drbd: fix access after free
cifs: Fix infinite loop when using hard mount option
drm/udl: fix display corruption of the last line
jbd2: don't mark block as modified if the handle is out of credits
ext4: make sure bitmaps and the inode table don't overlap with bg descriptors
ext4: always check block group bounds in ext4_init_block_bitmap()
ext4: only look at the bg_flags field if it is valid
ext4: verify the depth of extent tree in ext4_find_extent()
ext4: include the illegal physical block in the bad map ext4_error msg
ext4: clear i_data in ext4_inode_info when removing inline data
ext4: add more inode number paranoia checks
ext4: add more mount time checks of the superblock
ext4: check superblock mapped prior to committing
mlxsw: spectrum: Forbid linking of VLAN devices to devices that have uppers
HID: i2c-hid: Fix "incomplete report" noise
HID: hiddev: fix potential Spectre v1
HID: debug: check length before copy_to_user()
PM / OPP: Update voltage in case freq == old_freq
Kbuild: fix # escaping in .cmd files for future Make
media: cx25840: Use subdev host data for PLL override
mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
dm bufio: avoid sleeping while holding the dm_bufio lock
dm bufio: drop the lock when doing GFP_NOIO allocation
mtd: rawnand: mxc: set spare area size register explicitly
dm bufio: don't take the lock in dm_bufio_shrink_count
mtd: cfi_cmdset_0002: Change definition naming to retry write operation
mtd: cfi_cmdset_0002: Change erase functions to retry for error
mtd: cfi_cmdset_0002: Change erase functions to check chip good only
netfilter: nf_log: don't hold nf_log_mutex during user access
staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()
Linux 4.9.112
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 6e8ab72a812396996035a37e5ca4b3b99b5d214b upstream.
When converting from an inode from storing the data in-line to a data
block, ext4_destroy_inline_data_nolock() was only clearing the on-disk
copy of the i_blocks[] array. It was not clearing copy of the
i_blocks[] in ext4_inode_info, in i_data[], which is the copy actually
used by ext4_map_blocks().
This didn't matter much if we are using extents, since the extents
header would be invalid and thus the extents could would re-initialize
the extents tree. But if we are using indirect blocks, the previous
contents of the i_blocks array will be treated as block numbers, with
potentially catastrophic results to the file system integrity and/or
user data.
This gets worse if the file system is using a 1k block size and
s_first_data is zero, but even without this, the file system can get
quite badly corrupted.
This addresses CVE-2018-10881.
https://bugzilla.kernel.org/show_bug.cgi?id=200015
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cherry-picked from upstream-f2fs-stable-linux-4.9.y
Changes include:
commit 30da3a4de9 ("f2fs: hurry up to issue discard after io interruption")
commit d1c363b483 ("f2fs: fix to show correct discard_granularity in sysfs")
...
commit e6b120d4d0 ("f2fs/fscrypt: catch up to v4.12")
commit 4d7931d727 ("KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload()")
Signed-off-by: Hyojun Kim <hyojun@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAljcttMACgkQONu9yGCS
aT6QpBAAiikkI2QliPhA8MrLU6COLKnSC+a84mGlBC7pVbTyWDQuS2BVbhAVxV6r
pOqardeN8UJuDXVb6jXTilojxku7urcRSrsdOHoGHS4mjB3/EZZWB2mEyPipDPh7
OeyiL5ZbTj/6XncR74Z+8TKbEdFU9mM7mY+vxdiGUrHdKlI15M+N4inrIWXoQYBm
4cNRM0kIaZza/IOgPdIPH8C01sgMmSrOn6CCLT9rFHSWEWQEqYk/6H9Zc+lyo94U
OWyfIjf220Axf0DszBU2mEAldWcR/QFTUW6qfi11buOUxF3sZP6i71VNAlqX6zbX
CfhPGe4PHZars5CzLnENHc88t61dcxtH7VivWSLllErUg8y8n5It3zKpSMTEYfjd
dXko6k7jAJlPIOIi1ZHD71q6T145B5srAfGDV/SAq584imZnBM3xesijFpr5vonV
0tEOZ3nMnhxL55XKIDJI86IyPVHAySG8WqtaYWy8GieV7EEZTs+8/Sy1AvT8Skr/
4GSfpVEZDLjixQyDM/roUtp/2fTg/s9iNCTDw/zrCCCSE7Q4AEMyd4iyc4dWU2XT
NuRdy5vDeIjqculLqM0LTB/5hlTVKLRlpkHyaxl7LNxMpV9JHKDqgzGYkbvWZNWH
7k1IJ9VbXxd06IQEZhUqv7FccGwRFtyzblaDgCBgnksWmbxHvtg=
=rkSm
-----END PGP SIGNATURE-----
Merge 4.9.19 into android-4.9
Changes in 4.9.19:
net/openvswitch: Set the ipv6 source tunnel key address attribute correctly
net: bcmgenet: Do not suspend PHY if Wake-on-LAN is enabled
net: properly release sk_frag.page
amd-xgbe: Fix jumbo MTU processing on newer hardware
openvswitch: Add missing case OVS_TUNNEL_KEY_ATTR_PAD
net: unix: properly re-increment inflight counter of GC discarded candidates
qmi_wwan: add Dell DW5811e
net: vrf: Reset rt6i_idev in local dst after put
net/mlx5: Add missing entries for set/query rate limit commands
net/mlx5e: Use the proper UAPI values when offloading TC vlan actions
net/mlx5: Increase number of max QPs in default profile
net/mlx5e: Count GSO packets correctly
net/mlx5e: Count LRO packets correctly
ipv6: make sure to initialize sockc.tsflags before first use
net: bcmgenet: remove bcmgenet_internal_phy_setup()
ipv4: provide stronger user input validation in nl_fib_input()
socket, bpf: fix sk_filter use after free in sk_clone_lock
tcp: initialize icsk_ack.lrcvtime at session start time
Input: ALPS - fix V8+ protocol handling (73 03 28)
Input: ALPS - fix trackstick button handling on V8 devices
Input: elan_i2c - add ASUS EeeBook X205TA special touchpad fw
Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000
Input: iforce - validate number of endpoints before using them
Input: ims-pcu - validate number of endpoints before using them
Input: hanwang - validate number of endpoints before using them
Input: yealink - validate number of endpoints before using them
Input: cm109 - validate number of endpoints before using them
Input: kbtab - validate number of endpoints before using them
Input: sur40 - validate number of endpoints before using them
ALSA: seq: Fix racy cell insertions during snd_seq_pool_done()
ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call
ALSA: hda - Adding a group of pin definition to fix headset problem
USB: serial: option: add Quectel UC15, UC20, EC21, and EC25 modems
USB: serial: qcserial: add Dell DW5811e
ACM gadget: fix endianness in notifications
usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's wBytesPerInterval
usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk
USB: uss720: fix NULL-deref at probe
USB: lvtest: fix NULL-deref at probe
USB: idmouse: fix NULL-deref at probe
USB: wusbcore: fix NULL-deref at probe
usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer
usb: hub: Fix crash after failure to read BOS descriptor
USB: usbtmc: add missing endpoint sanity check
USB: usbtmc: fix probe error path
uwb: i1480-dfu: fix NULL-deref at probe
uwb: hwa-rc: fix NULL-deref at probe
mmc: ushc: fix NULL-deref at probe
iio: adc: ti_am335x_adc: fix fifo overrun recovery
iio: sw-device: Fix config group initialization
iio: hid-sensor-trigger: Change get poll value function order to avoid sensor properties losing after resume from S3
iio: magnetometer: ak8974: remove incorrect __exit markups
parport: fix attempt to write duplicate procfiles
ext4: mark inode dirty after converting inline directory
ext4: lock the xattr block before checksuming it
powerpc/64s: Fix idle wakeup potential to clobber registers
mmc: sdhci-of-at91: Support external regulators
mmc: sdhci-of-arasan: fix incorrect timeout clock
mmc: sdhci: Do not disable interrupts while waiting for clock
mmc: sdhci-pci: Do not disable interrupts in sdhci_intel_set_power
hwrng: amd - Revert managed API changes
hwrng: geode - Revert managed API changes
clk: sunxi-ng: sun6i: Fix enable bit offset for hdmi-ddc module clock
clk: sunxi-ng: mp: Adjust parent rate for pre-dividers
mwifiex: pcie: don't leak DMA buffers when removing
crypto: ccp - Assign DMA commands to the channel's CCP
xen/acpi: upload PM state from init-domain to Xen
iommu/vt-d: Fix NULL pointer dereference in device_to_iommu
Revert "ARM: at91/dt: sama5d2: Use new compatible for ohci node"
ARM: at91: pm: cpu_idle: switch DDR to power-down mode
arm64: kaslr: Fix up the kernel image alignment
cpufreq: Restore policy min/max limits on CPU online
cgroup, net_cls: iterate the fds of only the tasks which are being migrated
blk-mq: don't complete un-started request in timeout handler
drm/amdgpu: reinstate oland workaround for sclk
auxdisplay: img-ascii-lcd: add missing sentinel entry in img_ascii_lcd_matches
jbd2: don't leak memory if setting up journal fails
intel_th: Don't leak module refcount on failure to activate
Drivers: hv: vmbus: Don't leak channel ids
Drivers: hv: vmbus: Don't leak memory when a channel is rescinded
libceph: don't set weight to IN when OSD is destroyed
device-dax: fix pmd/pte fault fallback handling
drm/bridge: analogix dp: Fix runtime PM state on driver bind
nl80211: fix dumpit error path RTNL deadlocks
drm: reference count event->completion
fbcon: Fix vc attr at deinit
crypto: algif_hash - avoid zero-sized array
Linux 4.9.19
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit b9cf625d6ecde0d372e23ae022feead72b4228a6 upstream.
If ext4_convert_inline_data() was called on a directory with inline
data, the filesystem was left in an inconsistent state (as considered by
e2fsck) because the file size was not increased to cover the new block.
This happened because the inode was not marked dirty after i_disksize
was updated. Fix this by marking the inode dirty at the end of
ext4_finish_convert_inline_dir().
This bug was probably not noticed before because most users mark the
inode dirty afterwards for other reasons. But if userspace executed
FS_IOC_SET_ENCRYPTION_POLICY with invalid parameters, as exercised by
'kvm-xfstests -c adv generic/396', then the inode was never marked dirty
after updating i_disksize.
Fixes: 3c47d54170
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit eb5efbcb762aee4b454b04f7115f73ccbcf8f0ef upstream.
The write_end() function must always unlock the page and drop its ref
count, even on an error.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Refactor the fs readpage/write tracepoints to move the
inode->path lookup outside the tracepoint code, and pass a pointer
to the path into the tracepoint code instead. This is necessary
because the tracepoint code runs non-preemptible. Thanks to
Trilok Soni for catching this in 4.4.
Signed-off-by: Mohan Srinivasan <srmohan@google.com>
Adds tracepoints in ext4/f2fs/mpage to track readpages/buffered
write()s. This allows us to track files that are being read/written
to PIDs. (Merged from android4.4-common).
Signed-off-by: Mohan Srinivasan <srmohan@google.com>
commit 578620f451f836389424833f1454eeeb2ffc9e9f upstream.
We should set the error code if kzalloc() fails.
Fixes: 67cf5b09a4 ("ext4: add the basic function for inline data support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch removes the most parts of internal crypto codes.
And then, it modifies and adds some ext4-specific crypt codes to use the generic
facility.
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Messages passed to ext4_warning() or ext4_error() don't need trailing
newlines, because these function add the newlines themselves.
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} macros were introduced *long* time
ago with promise that one day it will be possible to implement page
cache with bigger chunks than PAGE_SIZE.
This promise never materialized. And unlikely will.
We have many places where PAGE_CACHE_SIZE assumed to be equal to
PAGE_SIZE. And it's constant source of confusion on whether
PAGE_CACHE_* or PAGE_* constant should be used in a particular case,
especially on the border between fs and mm.
Global switching to PAGE_CACHE_SIZE != PAGE_SIZE would cause to much
breakage to be doable.
Let's stop pretending that pages in page cache are special. They are
not.
The changes are pretty straight-forward:
- <foo> << (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>;
- <foo> >> (PAGE_CACHE_SHIFT - PAGE_SHIFT) -> <foo>;
- PAGE_CACHE_{SIZE,SHIFT,MASK,ALIGN} -> PAGE_{SIZE,SHIFT,MASK,ALIGN};
- page_cache_get() -> get_page();
- page_cache_release() -> put_page();
This patch contains automated changes generated with coccinelle using
script below. For some reason, coccinelle doesn't patch header files.
I've called spatch for them manually.
The only adjustment after coccinelle is revert of changes to
PAGE_CAHCE_ALIGN definition: we are going to drop it later.
There are few places in the code where coccinelle didn't reach. I'll
fix them manually in a separate patch. Comments and documentation also
will be addressed with the separate patch.
virtual patch
@@
expression E;
@@
- E << (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E
@@
expression E;
@@
- E >> (PAGE_CACHE_SHIFT - PAGE_SHIFT)
+ E
@@
@@
- PAGE_CACHE_SHIFT
+ PAGE_SHIFT
@@
@@
- PAGE_CACHE_SIZE
+ PAGE_SIZE
@@
@@
- PAGE_CACHE_MASK
+ PAGE_MASK
@@
expression E;
@@
- PAGE_CACHE_ALIGN(E)
+ PAGE_ALIGN(E)
@@
expression E;
@@
- page_cache_get(E)
+ get_page(E)
@@
expression E;
@@
- page_cache_release(E)
+ put_page(E)
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
BUFFER_TRACE info "call ext4_handle_dirty_metadata" doesn't match the
code, so drop it.
Signed-off-by: Geliang Tang <geliangtang@163.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Rename ext4_get_blocks_write() to ext4_get_blocks_unwritten() to better
describe what it does. Also split out get blocks functions for direct
IO. Later we move functionality from _ext4_get_blocks() there. There's no
functional change in this patch.
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
A number of functions include ext4_add_dx_entry, make_indexed_dir,
etc. are being passed a dentry even though the only thing they use is
the containing parent. We can shrink the code size slightly by making
this replacement. This will also be useful in cases where we don't
have a dentry as the argument to the directory entry insert functions.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Create separate predicate functions to test/set/clear feature flags,
thereby replacing the wordy old macros. Furthermore, clean out the
places where we open-coded feature tests.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Encrypt the filename as soon it is passed in by the user. This avoids
our needing to encrypt the filename 2 or 3 times while in the process
of creating a filename.
Similarly, when looking up a directory entry, encrypt the filename
early, or if the encryption key is not available, base-64 decode the
file syystem so that the hash value and the last 16 bytes of the
encrypted filename is available in the new struct ext4_filename data
structure.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Pull fourth vfs update from Al Viro:
"d_inode() annotations from David Howells (sat in for-next since before
the beginning of merge window) + four assorted fixes"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
RCU pathwalk breakage when running into a symlink overmounting something
fix I_DIO_WAKEUP definition
direct-io: only inc/dec inode->i_dio_count for file systems
fs/9p: fix readdir()
VFS: assorted d_backing_inode() annotations
VFS: fs/inode.c helpers: d_inode() annotations
VFS: fs/cachefiles: d_backing_inode() annotations
VFS: fs library helpers: d_inode() annotations
VFS: assorted weird filesystems: d_inode() annotations
VFS: normal filesystems (and lustre): d_inode() annotations
VFS: security/: d_inode() annotations
VFS: security/: d_backing_inode() annotations
VFS: net/: d_inode() annotations
VFS: net/unix: d_backing_inode() annotations
VFS: kernel/: d_inode() annotations
VFS: audit: d_backing_inode() annotations
VFS: Fix up some ->d_inode accesses in the chelsio driver
VFS: Cachefiles should perform fs modifications on the top layer only
VFS: AF_UNIX sockets should call mknod on the top layer only
that's the bulk of filesystem drivers dealing with inodes of their own
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
For encrypted directories, we need to pass in a separate parameter for
the decrypted filename, since the directory entry contains the
encrypted filename.
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
According to C99, %*.s means the same as %*.0s, in other words, print as
many spaces as the field width argument says and effectively ignore the
string argument. That is certainly not what was meant here. The kernel's
printf implementation, however, treats it as if the . was not there,
i.e. as %*s. I don't know if de->name is nul-terminated or not, but in
any case I'm guessing the intention was to use de->name_len as precision
instead of field width.
[ Note: this is debugging code which is commented out, so this is not
security issue; a developer would have to explicitly enable
INLINE_DIR_DEBUG before this would be an issue. ]
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Currently ext4_inline_data_fiemap ignores requested arguments (start
and len) which may lead endless loop if start != 0. Also fix incorrect
extent length determination.
Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
ext4_da_convert_inline_data_to_extent() invokes
grab_cache_page_write_begin(). grab_cache_page_write_begin performs
memory allocation, so fs-reentrance should be prohibited because we
are inside journal transaction.
Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Besides the fact that this replacement improves code readability
it also protects from errors caused direct EXT4_S(sb)->s_es manipulation
which may result attempt to use uninitialized csum machinery.
#Testcase_BEGIN
IMG=/dev/ram0
MNT=/mnt
mkfs.ext4 $IMG
mount $IMG $MNT
#Enable feature directly on disk, on mounted fs
tune2fs -O metadata_csum $IMG
# Provoke metadata update, likey result in OOPS
touch $MNT/test
umount $MNT
#Testcase_END
# Replacement script
@@
expression E;
@@
- EXT4_HAS_RO_COMPAT_FEATURE(E, EXT4_FEATURE_RO_COMPAT_METADATA_CSUM)
+ ext4_has_metadata_csum(E)
https://bugzilla.kernel.org/show_bug.cgi?id=82201
Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
If inline->extent conversion fails (most probably due to ENOSPC) and
we release the temporary page that we allocated to transfer the file
contents, don't keep using the page pointer after releasing the page.
This occasionally leads to complaints about evicting locked pages or
hangs when blocksize > pagesize, because it's possible for the page to
get reallocated elsewhere in the meantime.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: Tao Ma <tm@tao.ma>
Before converting an inline directory to a regular directory, check
the directory entries to make sure they're not obviously broken.
This helps us to avoid a BUG_ON if one of the dirents is trashed.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
Now ext4_has_inline_data() is used in wide spread codepaths. So we need
to make it as a inline function to avoid burning some CPU cycles.
Change in text size:
text data bss dec hex filename
before: 326110 19258 5528 350896 55ab0 fs/ext4/ext4.o
after: 326227 19258 5528 351013 55b25 fs/ext4/ext4.o
I use the following script to measure the CPU usage.
#!/bin/bash
shm_base='/dev/shm'
img=${shm_base}/ext4-img
mnt=/mnt/loop
e2fsprgs_base=$HOME/e2fsprogs
mkfs=${e2fsprgs_base}/misc/mke2fs
fsck=${e2fsprgs_base}/e2fsck/e2fsck
sudo umount $mnt
dd if=/dev/zero of=$img bs=4k count=3145728
${mkfs} -t ext4 -O inline_data -F $img
sudo mount -t ext4 -o loop $img $mnt
# start testing...
testdir="${mnt}/testdir"
mkdir $testdir
cd $testdir
echo "start testing..."
for ((cnt=0;cnt<100;cnt++)); do
for ((i=0;i<5;i++)); do
for ((j=0;j<5;j++)); do
for ((k=0;k<5;k++)); do
for ((l=0;l<5;l++)); do
mkdir -p $i/$j/$k/$l
echo "$i-$j-$k-$l" > $i/$j/$k/$l/testfile
done
done
done
done
ls -R $testdir > /dev/null
rm -rf $testdir/*
done
The result of `perf top -G -U` is as below.
vanilla:
13.92% [ext4] [k] ext4_do_update_inode
9.36% [ext4] [k] __ext4_get_inode_loc
4.07% [ext4] [k] ftrace_define_fields_ext4_writepages
3.83% [ext4] [k] __ext4_handle_dirty_metadata
3.42% [ext4] [k] ext4_get_inode_flags
2.71% [ext4] [k] ext4_mark_iloc_dirty
2.46% [ext4] [k] ftrace_define_fields_ext4_direct_IO_enter
2.26% [ext4] [k] ext4_get_inode_loc
2.22% [ext4] [k] ext4_has_inline_data
[...]
After applied the patch, we don't see ext4_has_inline_data() because it
has been inlined and perf couldn't sample it. Although it doesn't mean
that the CPU cycles can be saved but at least the overhead of function
calls can be eliminated. So IMHO we'd better inline this function.
Cc: Andreas Dilger <adilger.kernel@dilger.ca>
Signed-off-by: Zheng Liu <wenqing.lz@taobao.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
I have been running make namespacecheck to look for unneeded globals, and
found these in ext4.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
