commit b1286ed7158e9b62787508066283ab0b8850b518 upstream.
New versions of gcc reasonably warn about the odd pattern of
strncpy(p, q, strlen(q));
which really doesn't make sense: the strncpy() ends up being just a slow
and odd way to write memcpy() in this case.
Apparently there was a patch for this floating around earlier, but it
got lost.
Acked-again-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 313a06e636808387822af24c507cba92703568b1 ]
The lib/raid6/test fails to build the neon objects
on arm64 because the correct machine type is 'aarch64'.
Once this is correctly enabled, the neon recovery objects
need to be added to the build.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlv1FpwACgkQONu9yGCS
aT4cVxAA18YcTMee3CSaqcGAK9JmrnApHMPHvOIzTxVy39Zk6g0m7Ck5QXVAZQH1
uMJCYFklJ+8UU8yrwZkIZbjajwNZz+u65E7vzmrWClgTN+WsLzE4iL+fRZIAyLYg
GVPuPCk+yH74k1o3ACmo+exBq9284GtXBxtrgoNbAgZdQEGOPyktWtCWm8hkKOHR
Ccl7jOnnszhF2aIALTFFk9qNuf1hJEKy6ftRT6XpofgTEJuabNizkYPjd8VGZc1s
tlbmByRYp0bZ+JqPAVswzdNxsvqMVsxHqHAowkhix9zk4bKKEebqmscL5Xg3KdEt
5BSRRSgbpeQmGxJzXuh5G9ebKS79aWDKaaUSy9SGmlEHj1iudd74aY6UYnwi2ZrK
gNYu8cKKWTqKmFtra0po0rLBp+qkvR6MIwdTuKexazVb4BoHC2mRoBYwjU8diJMl
87kUMuwXzDpFlP5yj+OhevLTUlp+rTGv+87GI1CIYYtItm99GpWDvvB4htDPrffG
v19Ut0+4hBpSU8/zDeoID5bKciOUxvqm+EGlow+EGaD7Uxvj3a0FpcBPbYTNx1nz
U1/6FY4/nsrEsY+wYWgVzl4tvUDGF+22ZipPXr3b08nccf46b2uEL5PStksNSn/S
kqNRDDfzWutzcusxRi97ox5OjZGcn5bpptNjJUCAisyz4u6V/pY=
=WHuX
-----END PGP SIGNATURE-----
Merge 4.9.138 into android-4.9
Changes in 4.9.138
powerpc/eeh: Fix possible null deref in eeh_dump_dev_log()
tty: check name length in tty_find_polling_driver()
ARM: imx_v6_v7_defconfig: Select CONFIG_TMPFS_POSIX_ACL
powerpc/nohash: fix undefined behaviour when testing page size support
drm/omap: fix memory barrier bug in DMM driver
media: pci: cx23885: handle adding to list failure
MIPS: kexec: Mark CPU offline before disabling local IRQ
powerpc/boot: Ensure _zimage_start is a weak symbol
MIPS/PCI: Call pcie_bus_configure_settings() to set MPS/MRRS
sc16is7xx: Fix for multi-channel stall
media: tvp5150: fix width alignment during set_selection()
powerpc/selftests: Wait all threads to join
9p locks: fix glock.client_id leak in do_lock
9p: clear dangling pointers in p9stat_free
cdrom: fix improper type cast, which can leat to information leak.
scsi: qla2xxx: Fix incorrect port speed being set for FC adapters
scsi: qla2xxx: shutdown chip if reset fail
fuse: Fix use-after-free in fuse_dev_do_read()
fuse: Fix use-after-free in fuse_dev_do_write()
fuse: fix blocked_waitq wakeup
fuse: set FR_SENT while locked
mm: do not bug_on on incorrect length in __mm_populate()
e1000: avoid null pointer dereference on invalid stat type
e1000: fix race condition between e1000_down() and e1000_watchdog
bna: ethtool: Avoid reading past end of buffer
parisc: Align os_hpmc_size on word boundary
parisc: Fix HPMC handler by increasing size to multiple of 16 bytes
parisc: Fix exported address of os_hpmc handler
MIPS: Loongson-3: Fix CPU UART irq delivery problem
MIPS: Loongson-3: Fix BRIDGE irq delivery problem
xtensa: add NOTES section to the linker script
xtensa: make sure bFLT stack is 16 byte aligned
xtensa: fix boot parameters address translation
clk: s2mps11: Fix matching when built as module and DT node contains compatible
clk: at91: Fix division by zero in PLL recalc_rate()
clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call
libceph: bump CEPH_MSG_MAX_DATA_LEN
Revert "ceph: fix dentry leak in splice_dentry()"
mach64: fix display corruption on big endian machines
mach64: fix image corruption due to reading accelerator registers
reset: hisilicon: fix potential NULL pointer dereference
vhost/scsi: truncate T10 PI iov_iter to prot_bytes
ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry
mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings
netfilter: conntrack: fix calculation of next bucket number in early_drop
mtd: docg3: don't set conflicting BCH_CONST_PARAMS option
of, numa: Validate some distance map rules
termios, tty/tty_baudrate.c: fix buffer overrun
arch/alpha, termios: implement BOTHER, IBSHIFT and termios2
Btrfs: fix cur_offset in the error case for nocow
Btrfs: fix data corruption due to cloning of eof block
clockevents/drivers/i8253: Add support for PIT shutdown quirk
ext4: add missing brelse() update_backups()'s error path
ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
ext4: avoid buffer leak in ext4_orphan_add() after prior errors
ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing
ext4: avoid possible double brelse() in add_new_gdb() on error path
ext4: fix possible leak of sbi->s_group_desc_leak in error path
ext4: fix possible leak of s_journal_flag_rwsem in error path
ext4: release bs.bh before re-using in ext4_xattr_block_find()
ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
ext4: fix buffer leak in __ext4_read_dirblock() on error path
mount: Retest MNT_LOCKED in do_umount
mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
mount: Prevent MNT_DETACH from disconnecting locked mounts
sunrpc: correct the computation for page_ptr when truncating
nfsd: COPY and CLONE operations require the saved filehandle to be set
rtc: hctosys: Add missing range error reporting
fuse: fix use-after-free in fuse_direct_IO()
fuse: fix leaked notify reply
configfs: replace strncpy with memcpy
lib/ubsan.c: don't mark __ubsan_handle_builtin_unreachable as noreturn
hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444!
mm: migration: fix migration of huge PMD shared pages
drm/rockchip: Allow driver to be shutdown on reboot/kexec
drm/dp_mst: Check if primary mstb is null
drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values
drm/i915/execlists: Force write serialisation into context image vs execution
KVM: arm64: Fix caching of host MDCR_EL2 value
Linux 4.9.138
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlvrJA0ACgkQONu9yGCS
aT4InBAAwJ8JvdytPuqIMrm1C2Pk0Jwq61fl02JLNdbMds+MEq3MtYkKiQPLRRb/
epkseRT6ifYxhFIgGA20mbMH7Vlo6UbKBXBBLYck10HDI03JQZ6SUjCiR2b+KX0f
a+jmg6o/SRlLrSiBuR7YofBswJt0g1wsrn9/iWu/7GvuQxVL4k4b19jcSpKu13xZ
ToeTJxJgKiW/LXESLmm9V0V2urvWFiKXO3wixnfNjqyULliae8V0X3TQD06DJh9Y
9jtG8QeWwu3Ip1Bqc6rcEMaW46xxpGlY78QtCv61/AV7VFr7TofMxHyPLFIXCN1v
OIsRguonZAC9YQF2yKNrA6XYIPZi0Cn2hjM4Tu0P40bn+FqkFC/Mdg/R5wR27+KW
oFMVivGI1f/0nDAIUERmCIouIrwKOHTdhjX117e490UyuInju2zrKYwk9AHGK8h3
GduYMTQQmUZZP3YX1LL62cgBzKsICOso2rDIa2iUN0xwPthiKrIaR6yi6dW5ewYU
jNoMkD95c1C9os/kyStGQ66uYcYddFdlkt8vV3DJdG7swMBey8n2ezroK5ca9UO3
18vJAcWQiukA/GGvIoNqUvzyxwUsP3eKQySqB1zeeL7nwP0bdYK/AYWmTzYYlH9f
6ae+SRbGY6yV36KxdZ5e6yrmjoXWokh5ryWpY9XU7ZUwskvL2+Y=
=o868
-----END PGP SIGNATURE-----
Merge 4.9.137 into android-4.9
Changes in 4.9.137
bcache: fix miss key refill->end in writeback
hwmon: (pmbus) Fix page count auto-detection.
jffs2: free jffs2_sb_info through jffs2_kill_sb()
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
ipmi: Fix timer race with module unload
parisc: Fix address in HPMC IVA
parisc: Fix map_pages() to not overwrite existing pte entries
ALSA: hda - Add quirk for ASUS G751 laptop
ALSA: hda - Fix headphone pin config for ASUS G751
ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
x86/speculation: Support Enhanced IBRS on future CPUs
bpf: do not blindly change rlimit in reuseport net selftest
Revert "perf tools: Fix PMU term format max value calculation"
xfrm: policy: use hlist rcu variants on insert
sparc: Fix single-pcr perf event counter management.
sparc64: Make proc_id signed.
sched/fair: Fix the min_vruntime update logic in dequeue_entity()
perf cpu_map: Align cpu map synthesized events properly.
x86/fpu: Remove second definition of fpu in __fpu__restore_sig()
net: qla3xxx: Remove overflowing shift statement
selftests: ftrace: Add synthetic event syntax testcase
i2c: rcar: cleanup DMA for all kinds of failure
locking/lockdep: Fix debug_locks off performance problem
ataflop: fix error handling during setup
swim: fix cleanup on setup error
tun: Consistently configure generic netdev params via rtnetlink
s390/sthyi: Fix machine name validity indication
hwmon: (pwm-fan) Set fan speed to 0 on suspend
perf tools: Free temporary 'sys' string in read_event_files()
perf tools: Cleanup trace-event-info 'tdata' leak
perf strbuf: Match va_{add,copy} with va_end
mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
iwlwifi: pcie: avoid empty free RB queue
x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC
cpufreq: dt: Try freeing static OPPs only if we have added them
Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
x86: boot: Fix EFI stub alignment
pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
brcmfmac: fix for proper support of 160MHz bandwidth
kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
pinctrl: qcom: spmi-mpp: Fix drive strength setting
pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
ixgbevf: VF2VF TCP RSS
ath10k: schedule hardware restart if WMI command times out
cgroup, netclassid: add a preemption point to write_classid
scsi: esp_scsi: Track residual for PIO transfers
scsi: megaraid_sas: fix a missing-check bug
RDMA/core: Do not expose unsupported counters
IB/ipoib: Clear IPCB before icmp_send
tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated
VMCI: Resource wildcard match fixed
usb: gadget: udc: atmel: handle at91sam9rl PMC
ext4: fix argument checking in EXT4_IOC_MOVE_EXT
MD: fix invalid stored role for a disk
PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice
coresight: etb10: Fix handling of perf mode
crypto: caam - fix implicit casts in endianness helpers
usb: chipidea: Prevent unbalanced IRQ disable
driver/dma/ioat: Call del_timer_sync() without holding prep_lock
uio: ensure class is registered before devices
scsi: lpfc: Correct soft lockup when running mds diagnostics
signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init
dmaengine: dma-jz4780: Return error if not probed from DT
ALSA: hda: Check the non-cached stream buffers more explicitly
ARM: dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes
arm: dts: exynos: Add missing cooling device properties for CPUs
ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings
ARM: dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250
xen-swiotlb: use actually allocated size on check physical continuous
tpm: Restore functionality to xen vtpm driver.
xen/blkfront: avoid NULL blkfront_info dereference on device removal
xen: fix race in xen_qlock_wait()
xen: make xen_qlock_wait() nestable
libertas: don't set URB_ZERO_PACKET on IN USB transfer
usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten
iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()
net/ipv4: defensive cipso option parsing
libnvdimm: Hold reference on parent while scheduling async init
ASoC: intel: skylake: Add missing break in skl_tplg_get_token()
jbd2: fix use after free in jbd2_log_do_checkpoint()
gfs2_meta: ->mount() can get NULL dev_name
ext4: initialize retries variable in ext4_da_write_inline_data_begin()
ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR
HID: hiddev: fix potential Spectre v1
EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting
EDAC, skx_edac: Fix logical channel intermediate decoding
PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
signal/GenWQE: Fix sending of SIGKILL
crypto: lrw - Fix out-of bounds access on counter overflow
crypto: tcrypt - fix ghash-generic speed test
ima: fix showing large 'violations' or 'runtime_measurements_count'
hugetlbfs: dirty pages as they are added to pagecache
kbuild: fix kernel/bounds.c 'W=1' warning
iio: ad5064: Fix regulator handling
iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs()
iio: adc: at91: fix acking DRDY irq on simple conversions
iio: adc: at91: fix wrong channel number in triggered buffer mode
w1: omap-hdq: fix missing bus unregister at removal
smb3: allow stats which track session and share reconnects to be reset
smb3: do not attempt cifs operation in smb3 query info error path
smb3: on kerberos mount if server doesn't specify auth type use krb5
printk: Fix panic caused by passing log_buf_len to command line
genirq: Fix race on spurious interrupt detection
NFSv4.1: Fix the r/wsize checking
nfsd: Fix an Oops in free_session()
lockd: fix access beyond unterminated strings in prints
dm ioctl: harden copy_params()'s copy_from_user() from malicious users
powerpc/msi: Fix compile error on mpc83xx
MIPS: OCTEON: fix out of bounds array access on CN68XX
TC: Set DMA masks for devices
media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD
kgdboc: Passing ekgdboc to command line causes panic
xen: fix xen_qlock_wait()
media: em28xx: use a default format if TRY_FMT fails
media: tvp5150: avoid going past array on v4l2_querymenu()
media: em28xx: fix input name for Terratec AV 350
media: em28xx: make v4l2-compliance happier by starting sequence on zero
arm64: lse: remove -fcall-used-x0 flag
rpmsg: smd: fix memory leak on channel create
Cramfs: fix abad comparison when wrap-arounds occur
arm64: dts: stratix10: Correct System Manager register size
soc/tegra: pmc: Fix child-node lookup
btrfs: Handle owner mismatch gracefully when walking up tree
btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock
btrfs: fix error handling in free_log_tree
btrfs: iterate all devices during trim, instead of fs_devices::alloc_list
btrfs: don't attempt to trim devices that don't support it
btrfs: wait on caching when putting the bg cache
btrfs: reset max_extent_size on clear in a bitmap
btrfs: make sure we create all new block groups
Btrfs: fix wrong dentries after fsync of file that got its parent replaced
btrfs: qgroup: Dirty all qgroups before rescan
Btrfs: fix null pointer dereference on compressed write path error
btrfs: set max_extent_size properly
MD: fix invalid stored role for a disk - try2
Linux 4.9.137
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlvm/IUACgkQONu9yGCS
aT6mrw//ctcqOR9aZYTODrVHFZ4puE2xhae5Hr+hwtcE2WSjHWuxJfVkrEuJGlIH
4oQpUfek+eYf3yZy8Iw9WLZH1+P3evGkR0G4gBD/A4f25qCKCcHEXOAPiKgeadnC
tj49fEkiJgO3I9vRx8yJnUvhxR/Br5CTOUMdTYsWHbCsdewzCMHWlwpJhLwV053j
P9cCrpfJLD55HDdj/jwcn2jfooIVfYsYkut8jP0qTKI04rWEZgOrCSjahN8KHtQ5
GgykDU7db8mmP1IhM+bhGuQReSX7myx/MGx5dS7Mli+5aUtYCMlkqylpL96NuBbe
axFpie4nBTny6dIHXodZx59J/T1ERBws9zLzKF1oyxANHEeTiO7q+hbaw9vRLN5G
mNWyn0KZ8T0+BWSL1pyA+oVwZkjOcMDil5Gz7Y7A9kE4xj5grrl5IevAtSD6tb9X
zwAk5hjvaBmZVVM9NgbG2bGATPNLnv1l57TCRjsx91p9uzReg8gYxNrijIwGqGip
HrR/HJvgfI9Df52X8JtGfs+397mXevxl1Lo56Pv1nkagkD1fvhqFLRZgd3y1MoIO
DNjdUohw0tBorHqdpvgnZnifuwk3AcPiCMqqfCcGwkcguoM8XFhedTkTPrut5+f4
IPK0Qh25lcT9k+GHJUvDOEzQvx4CGcG8uVj0FgiebWdlS3KZ56s=
=0M4P
-----END PGP SIGNATURE-----
Merge 4.9.136 into android-4.9
Also revert commit b91d532928df ("ipv6: set rt6i_protocol properly in
the route when it is installed") as it breaks the test systems.
Changes in 4.9.136
xfrm: Validate address prefix lengths in the xfrm selector.
xfrm6: call kfree_skb when skb is toobig
mac80211: Always report TX status
cfg80211: reg: Init wiphy_idx in regulatory_hint_core()
mac80211: fix pending queue hang due to TX_DROP
cfg80211: Address some corner cases in scan result channel updating
mac80211: TDLS: fix skb queue/priority assignment
ARM: 8799/1: mm: fix pci_ioremap_io() offset check
xfrm: validate template mode
ARM: dts: BCM63xx: Fix incorrect interrupt specifiers
net: macb: Clean 64b dma addresses if they are not detected
soc: fsl: qbman: qman: avoid allocating from non existing gen_pool
soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift()
nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
mac80211_hwsim: do not omit multicast announce of first added radio
Bluetooth: SMP: fix crash in unpairing
pxa168fb: prepare the clock
qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor
qed: Avoid constant logical operation warning in qed_vf_pf_acquire
asix: Check for supported Wake-on-LAN modes
ax88179_178a: Check for supported Wake-on-LAN modes
lan78xx: Check for supported Wake-on-LAN modes
sr9800: Check for supported Wake-on-LAN modes
r8152: Check for supported Wake-on-LAN Modes
smsc75xx: Check for Wake-on-LAN modes
smsc95xx: Check for Wake-on-LAN modes
perf/ring_buffer: Prevent concurent ring buffer access
perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX
net: fec: fix rare tx timeout
declance: Fix continuation with the adapter identification message
net: cxgb3_main: fix a missing-check bug
perf symbols: Fix memory corruption because of zero length symbols
mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
MIPS: microMIPS: Fix decoding of swsp16 instruction
MIPS: Handle non word sized instructions when examining frame
scsi: aacraid: Fix typo in blink status
f2fs: fix multiple f2fs_add_link() having same name for inline dentry
igb: Remove superfluous reset to PHY and page 0 selection
ACPI: sysfs: Make ACPI GPE mask kernel parameter cover all GPEs
PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode
i2c: bcm2835: Avoid possible NULL ptr dereference
efi/fb: Correct PCI_STD_RESOURCE_END usage
ipv6: set rt6i_protocol properly in the route when it is installed
platform/x86: acer-wmi: setup accelerometer when ACPI device was found
IB/ipoib: Do not warn if IPoIB debugfs doesn't exist
IB/core: Fix the validations of a multicast LID in attach or detach operations
orangefs: off by ones in xattr size checks
rxe: Fix a sleep-in-atomic bug in post_one_send
nvme-pci: fix CMB sysfs file removal in reset path
net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as well.
net/mlx5: Fix command completion after timeout access invalid structure
tipc: Fix tipc_sk_reinit handling of -EAGAIN
tipc: fix a race condition of releasing subscriber object
bnxt_en: Don't use rtnl lock to protect link change logic in workqueue.
ath10k: fix NAPI enable/disable symmetry for AHB interface
ARM: dts: bcm283x: Reserve first page for firmware
btrfs: fiemap: Cache and merge fiemap extent before submit it to user
ata: sata_rcar: Handle return value of clk_prepare_enable
reset: hi6220: Set module license so that it can be loaded
ASoC: Intel: Skylake: Fix to parse consecutive string tkns in manifest
arch/sparc: increase CONFIG_NODES_SHIFT on SPARC64 to 5
mac80211: fix TX aggregation start/stop callback race
libata: fix error checking in in ata_parse_force_one()
net: ethernet: stmmac: Fix altr_tse_pcs SGMII Initialization
qlcnic: Fix tunnel offload for 82xx adapters
x86/cpu/cyrix: Add alternative Device ID of Geode GX1 SoC
ARM: 8677/1: boot/compressed: fix decompressor header layout for v7-M
gpu: ipu-v3: Fix CSI selection for VDIC
elevator: fix truncation of icq_cache_name
net: stmmac: ensure jumbo_frm error return is correctly checked for -ve value
Btrfs: clear EXTENT_DEFRAG bits in finish_ordered_io
ufs: we need to sync inode before freeing it
net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare
ip6_tunnel: Correct tos value in collect_md mode
net/mlx5: Fix driver load error flow when firmware is stuck
perf evsel: Fix probing of precise_ip level for default cycles event
perf probe: Fix probe definition for inlined functions
net/mlx5: Fix health work queue spin lock to IRQ safe
usb: renesas_usbhs: gadget: fix spin_lock_init() for &uep->lock
usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
usb: dwc3: omap: remove IRQ_NOAUTOEN used with shared irq
clk: samsung: Fix m2m scaler clock on Exynos542x
ptr_ring: fix up after recent ptr_ring changes
staging: wilc1000: Fix problem with wrong vif index
rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp
iio: adc: Revert "axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications"
qed: Warn PTT usage by wrong hw-function
ocfs2: fix deadlock caused by recursive locking in xattr
net: cdc_ncm: GetNtbFormat endian fix
sctp: use right member as the param of list_for_each_entry
ALSA: hda - No loopback on ALC299 codec
ath10k: convert warning about non-existent OTP board id to debug message
ipv6: fix cleanup ordering for ip6_mr failure
IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush
IB/rxe: put the pool on allocation failure
nbd: only set MSG_MORE when we have more to send
mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()'
IB/mlx5: Avoid passing an invalid QP type to firmware
scsi: qla2xxx: Avoid double completion of abort command
drm: bochs: Don't remove uninitialized fbdev framebuffer
i40e: avoid NVM acquire deadlock during NVM update
Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0"
Btrfs: incremental send, fix invalid memory access
drm/msm: Fix possible null dereference on failure of get_pages()
module: fix DEBUG_SET_MODULE_RONX typo
iio: pressure: zpa2326: Remove always-true check which confuses gcc
l2tp: remove configurable payload offset
macsec: fix memory leaks when skb_to_sgvec fails
perf/core: Fix locking for children siblings group read
cifs: Use ULL suffix for 64-bit constant
futex: futex_wake_op, do not fail on invalid op
ALSA: hda - Fix incorrect usage of IS_REACHABLE()
test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches
xen-netfront: Update features after registering netdev
sparc64: Fix regression in pmdp_invalidate().
xen-netfront: Fix mismatched rtnl_unlock
enic: do not overwrite error code
bonding: ratelimit failed speed/duplex update warning
nvmet: fix space padding in serial number
iio: buffer: fix the function signature to match implementation
x86/paravirt: Fix some warning messages
IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()'
libertas: call into generic suspend code before turning off power
xhci: Fix USB3 NULL pointer dereference at logical disconnect.
perf tests: Fix indexing when invoking subtests
ARM: dts: imx53-qsb: disable 1.2GHz OPP
rxrpc: Don't check RXRPC_CALL_TX_LAST after calling rxrpc_rotate_tx_window()
rxrpc: Only take the rwind and mtu values from latest ACK
net: ena: fix NULL dereference due to untimely napi initialization
fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
mtd: spi-nor: Add support for is25wp series chips
Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing"
perf tools: Disable parallelism for 'make clean'
bridge: do not add port to router list when receives query with source 0.0.0.0
net: bridge: remove ipv6 zero address check in mcast queries
ipv6: mcast: fix a use-after-free in inet6_mc_check
ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called
llc: set SOCK_RCU_FREE in llc_sap_add_socket()
net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
net: sched: gred: pass the right attribute to gred_change_table_def()
net: socket: fix a missing-check bug
net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
net: udp: fix handling of CHECKSUM_COMPLETE packets
r8169: fix NAPI handling under high load
sctp: fix race on sctp_id2asoc
vhost: Fix Spectre V1 vulnerability
ethtool: fix a privilege escalation bug
bonding: fix length of actor system
net: drop skb on failure in ip_check_defrag()
net: fix pskb_trim_rcsum_slow() with odd trim offset
rtnetlink: Disallow FDB configuration for non-Ethernet device
ip6_tunnel: Fix encapsulation layout
Revert "x86/mm: Expand static page table for fixmap space"
crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned
ahci: don't ignore result code of ahci_reset_controller()
gpio: mxs: Get rid of external API call
xfs: truncate transaction does not modify the inobt
cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)
ptp: fix Spectre v1 vulnerability
drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl
RDMA/ucma: Fix Spectre v1 vulnerability
IB/ucm: Fix Spectre v1 vulnerability
cdc-acm: correct counting of UART states in serial state notification
usb: gadget: storage: Fix Spectre v1 vulnerability
USB: fix the usbfs flag sanitization for control transfers
Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM
sched/fair: Fix throttle_list starvation with low CFS quota
x86/percpu: Fix this_cpu_read()
x86/time: Correct the attribute on jiffies' definition
net: fs_enet: do not call phy_stop() in interrupts
posix-timers: Sanitize overrun handling
Linux 4.9.136
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 1c23b4108d716cc848b38532063a8aca4f86add8 upstream.
gcc-8 complains about the prototype for this function:
lib/ubsan.c:432:1: error: ignoring attribute 'noreturn' in declaration of a built-in function '__ubsan_handle_builtin_unreachable' because it conflicts with attribute 'const' [-Werror=attributes]
This is actually a GCC's bug. In GCC internals
__ubsan_handle_builtin_unreachable() declared with both 'noreturn' and
'const' attributes instead of only 'noreturn':
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84210
Workaround this by removing the noreturn attribute.
[aryabinin: add information about GCC bug in changelog]
Link: http://lkml.kernel.org/r/20181107144516.4587-1-aryabinin@virtuozzo.com
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Acked-by: Olof Johansson <olof@lixom.net>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 9506a7425b094d2f1d9c877ed5a78f416669269b ]
It was found that when debug_locks was turned off because of a problem
found by the lockdep code, the system performance could drop quite
significantly when the lock_stat code was also configured into the
kernel. For instance, parallel kernel build time on a 4-socket x86-64
server nearly doubled.
Further analysis into the cause of the slowdown traced back to the
frequent call to debug_locks_off() from the __lock_acquired() function
probably due to some inconsistent lockdep states with debug_locks
off. The debug_locks_off() function did an unconditional atomic xchg
to write a 0 value into debug_locks which had already been set to 0.
This led to severe cacheline contention in the cacheline that held
debug_locks. As debug_locks is being referenced in quite a few different
places in the kernel, this greatly slow down the system performance.
To prevent that trashing of debug_locks cacheline, lock_acquired()
and lock_contended() now checks the state of debug_locks before
proceeding. The debug_locks_off() function is also modified to check
debug_locks before calling __debug_locks_off().
Signed-off-by: Waiman Long <longman@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Link: http://lkml.kernel.org/r/1539913518-15598-1-git-send-email-longman@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 52fda36d63bfc8c8e8ae5eda8eb5ac6f52cd67ed ]
Function bpf_fill_maxinsns11 is designed to not be able to be JITed on
x86_64. So, it fails when CONFIG_BPF_JIT_ALWAYS_ON=y, and
commit 09584b406742 ("bpf: fix selftests/bpf test_kmod.sh failure when
CONFIG_BPF_JIT_ALWAYS_ON=y") makes sure that failure is detected on that
case.
However, it does not fail on other architectures, which have a different
JIT compiler design. So, test_bpf has started to fail to load on those.
After this fix, test_bpf loads fine on both x86_64 and ppc64el.
Fixes: 09584b406742 ("bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y")
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Reviewed-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlvIMtwACgkQONu9yGCS
aT5izQ/9FfGa610kIOaLi76AlGAPn5NXf5a5/pwqvmreQx5kf4zbiu7cGpPQhOpn
YtCPNcbLZ+v0ZD63IMRGUFx3I/t5WTCI6CFMPWhQJTANsFKyLRx+HzztQvY4Wsne
JGs6OYwPdqktZ6WoB1UDKww2ZN0ncDumsDuldZLVUcvrCvRaakNKso3FNHderyIp
M6L14V12dC8F7qtqTWVz0PVkwlV5OHlUrbyc5KK9rtIXPYtr06Bdhr3TC3hsZJU3
0AjLJ80Tgh9n+9jZOU9dWZSmgPQRaun8L9SMSsdHAHY/ixo6OK6F5HDgKyFq69b+
RjYQ63EVlryZ0cZ78BdCKaAAPaDJ/PQVGgXQF4WKKWKARXNi+MLKJPp0ZZNmxvoH
Dm9rb4heOlB+s4j2lBrwLKn0AHdRsICIbnv921HSXfq7qNL9ZYUz/MORCoVLUy/A
xMpDObFe1Zw3Laos2XZItuv1KCEEfiAcdTL+bKezxORbl0OEO/jlPEYc7XtlS8Cf
YpX9YvliHGgfAg9UN8+qNiq2YbOrXpxl51pSwohEdd37oS2aqUN4dxaw1qWAdb3a
6idk4ns+GJqYGKLQCim5zpIDohS7v5nKfLAXpkiK8WeEW6n3zLGM0dAEoJOJXRqC
OIVuK4Ta+9tUxgbM0NfXcZxYvcvVmV3b3yW7z9fffnk4yDjiPak=
=gUjc
-----END PGP SIGNATURE-----
Merge 4.9.134 into android-4.9
Changes in 4.9.134
ASoC: wm8804: Add ACPI support
ASoC: sigmadsp: safeload should not have lower byte limit
selftests/efivarfs: add required kernel configs
selftests: memory-hotplug: add required configs
mfd: omap-usb-host: Fix dts probe of children
scsi: iscsi: target: Don't use stack buffer for scatterlist
scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted()
sound: enable interrupt after dma buffer initialization
stmmac: fix valid numbers of unicast filter entries
net: macb: disable scatter-gather for macb on sama5d3
ARM: dts: at91: add new compatibility string for macb on sama5d3
x86/kvm/lapic: always disable MMIO interface in x2APIC mode
drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7
ext4: Fix error code in ext4_xattr_set_entry()
mm/vmstat.c: fix outdated vmstat_text
mach64: detect the dot clock divider correctly on sparc
perf script python: Fix export-to-postgresql.py occasional failure
i2c: i2c-scmi: fix for i2c_smbus_write_block_data
xhci: Don't print a warning when setting link state for disabled ports
bnxt_en: Fix TX timeout during netpoll.
bonding: avoid possible dead-lock
ip6_tunnel: be careful when accessing the inner header
ip_tunnel: be careful when accessing the inner header
ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
ipv6: take rcu lock in rawv6_send_hdrinc()
net: dsa: bcm_sf2: Call setup during switch resume
net: hns: fix for unmapping problem when SMMU is on
net: ipv4: update fnhe_pmtu when first hop's MTU changes
net/ipv6: Display all addresses in output of /proc/net/if_inet6
netlabel: check for IPV4MASK in addrinfo_get
net/usb: cancel pending work when unbinding smsc75xx
qlcnic: fix Tx descriptor corruption on 82xx devices
qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface
team: Forbid enslaving team device to itself
net: dsa: bcm_sf2: Fix unbind ordering
net: mvpp2: Extract the correct ethtype from the skb for tx csum offload
net: systemport: Fix wake-up interrupt race during resume
rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
tcp/dccp: fix lockdep issue when SYN is backlogged
inet: make sure to grab rcu_read_lock before using ireq->ireq_opt
inet: frags: change inet_frags_init_net() return value
inet: frags: add a pointer to struct netns_frags
inet: frags: refactor ipfrag_init()
inet: frags: refactor ipv6_frag_init()
inet: frags: refactor lowpan_net_frag_init()
ipv6: export ip6 fragments sysctl to unprivileged users
rhashtable: add schedule points
inet: frags: use rhashtables for reassembly units
inet: frags: remove some helpers
inet: frags: get rif of inet_frag_evicting()
inet: frags: remove inet_frag_maybe_warn_overflow()
inet: frags: break the 2GB limit for frags storage
inet: frags: do not clone skb in ip_expire()
ipv6: frags: rewrite ip6_expire_frag_queue()
rhashtable: reorganize struct rhashtable layout
inet: frags: reorganize struct netns_frags
inet: frags: get rid of ipfrag_skb_cb/FRAG_CB
inet: frags: fix ip6frag_low_thresh boundary
ip: discard IPv4 datagrams with overlapping segments.
net: speed up skb_rbtree_purge()
net: modify skb_rbtree_purge to return the truesize of all purged skbs.
ipv6: defrag: drop non-last frags smaller than min mtu
net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends
net: add rb_to_skb() and other rb tree helpers
ip: use rb trees for IP frag queue.
ip: add helpers to process in-order fragments faster.
ip: process in-order fragments efficiently
ip: frags: fix crash in ip_do_fragment()
ipv4: frags: precedence bug in ip_expire()
Linux 4.9.134
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Rehashing and destroying large hash table takes a lot of time,
and happens in process context. It is safe to add cond_resched()
in rhashtable_rehash_table() and rhashtable_free_and_destroy()
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit ae6da1f503abb5a5081f9f6c4a6881de97830f3e)
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlu1WHMACgkQONu9yGCS
aT4hyBAAzcHneF2/PsUfSfmkGFh9djX0Nyev3g3DgreVCcRJMok5Gbz4c0W2U0FN
0CdLA0XWqdjyzuSbzFr1itcaska4Vly6CSrsMJLNJcQr7rriL1Ov4AHXI+8bWAXV
81Ph7m9GGagl5SpMJOOPAghMvurp0YIiZGm8ME/tzOzTmtIwuy0iftXW/VKwQWTY
hXMmHk7pm/rkldbEdKnsuDcdx7x4HvdZJDe8opvHXZ00W90RMSbfE4geIzSQQf3y
G8eXkK6krT+dxvcaJGDyUuXPkbO97oirp2GIWAF0RTBBHH/eeHYCBXmiE8dmkisv
nvZdQrZ1wAf8IpN7iyH/CbsvTM38lFPz+gqiU9TVAlX8BPPkHrJxYJ4GYkwmQvIY
7npcHPBfAgG9fL27uCZMq63uoNh2I5kShVJHQTBTNKxoG6yoHi6utNyCWzrpK75c
EMHQL4w4ygv1dyE01NV3Cr1Pig5l+dEpE6FKoLYSyI7vPS8P3K92IArdM+TjXn96
9tm3MbeDmZTr5RJyv2j+7r55aFR2Ad43E7NHTxN92rfyZfSUw7/Egrk/3mzMivXj
kQqwrj9edta86lI9fmmMW5AywbOvVIVnG89vKk21Q7n1xnXMKwdEoJnw65yJFvTu
X0stqUubJ3U3g/WkdFcHCZFy6m3hQDCPBkyxAs/09qUIFAqKfp8=
=GmzY
-----END PGP SIGNATURE-----
Merge 4.9.131 into android-4.9
Changes in 4.9.131
crypto: skcipher - Fix -Wstringop-truncation warnings
tsl2550: fix lux1_input error in low light
vmci: type promotion bug in qp_host_get_user_memory()
x86/numa_emulation: Fix emulated-to-physical node mapping
staging: rts5208: fix missing error check on call to rtsx_write_register
uwb: hwa-rc: fix memory leak at probe
power: vexpress: fix corruption in notifier registration
iommu/amd: make sure TLB to be flushed before IOVA freed
Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
USB: serial: kobil_sct: fix modem-status error handling
6lowpan: iphc: reset mac_header after decompress to fix panic
s390/mm: correct allocate_pgste proc_handler callback
power: remove possible deadlock when unregistering power_supply
md-cluster: clear another node's suspend_area after the copy is finished
IB/core: type promotion bug in rdma_rw_init_one_mr()
media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
powerpc/kdump: Handle crashkernel memory reservation failure
media: fsl-viu: fix error handling in viu_of_probe()
x86/tsc: Add missing header to tsc_msr.c
ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
x86/entry/64: Add two more instruction suffixes
scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size
scsi: klist: Make it safe to use klists in atomic context
scsi: ibmvscsi: Improve strings handling
usb: wusbcore: security: cast sizeof to int for comparison
powerpc/powernv/ioda2: Reduce upper limit for DMA window size
alarmtimer: Prevent overflow for relative nanosleep
s390/extmem: fix gcc 8 stringop-overflow warning
ALSA: snd-aoa: add of_node_put() in error path
media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
media: soc_camera: ov772x: correct setting of banding filter
media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
staging: android: ashmem: Fix mmap size validation
drivers/tty: add error handling for pcmcia_loop_config
media: tm6000: add error handling for dvb_register_adapter
ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
net: phy: xgmiitorgmii: Check read_status results
ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
net: phy: xgmiitorgmii: Check phy_driver ready before accessing
drm/sun4i: Fix releasing node when enumerating enpoints
rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
ARM: mvebu: declare asm symbols as character arrays in pmsu.c
HID: hid-ntrig: add error handling for sysfs_create_group
perf/x86/intel/lbr: Fix incomplete LBR call stack
scsi: bnx2i: add error handling for ioremap_nocache
scsi: megaraid_sas: Update controller info during resume
EDAC, i7core: Fix memleaks and use-after-free on probe and remove
ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
module: exclude SHN_UNDEF symbols from kallsyms api
gpio: Fix wrong rounding in gpio-menz127
nfsd: fix corrupted reply to badly ordered compound
EDAC: Fix memleak in module init error path
ARM: dts: dra7: fix DCAN node addresses
floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
tty: serial: lpuart: avoid leaking struct tty_struct
serial: cpm_uart: return immediately from console poll
spi: tegra20-slink: explicitly enable/disable clock
spi: sh-msiof: Fix invalid SPI use during system suspend
spi: sh-msiof: Fix handling of write value for SISTR register
spi: rspi: Fix invalid SPI use during system suspend
spi: rspi: Fix interrupted DMA transfers
regulator: fix crash caused by null driver data
USB: fix error handling in usb_driver_claim_interface()
USB: handle NULL config in usb_find_alt_setting()
slub: make ->cpu_partial unsigned int
media: uvcvideo: Support realtek's UVC 1.5 device
USB: usbdevfs: sanitize flags more
USB: usbdevfs: restore warning for nonsensical flags
Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()"
USB: remove LPM management from usb_driver_claim_interface()
Input: elantech - enable middle button of touchpad on ThinkPad P72
IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
IB/hfi1: Invalid user input can result in crash
IB/hfi1: Fix context recovery when PBC has an UnsupportedVL
scsi: target: iscsi: Use bin2hex instead of a re-implementation
serial: imx: restore handshaking irq for imx1
IB/hfi1: Fix SL array bounds check
arm64: KVM: Tighten guest core register access from userspace
ext4: never move the system.data xattr out of the inode body
qed: Wait for ready indication before rereading the shmem
qed: Wait for MCP halt and resume commands to take place
thermal: of-thermal: disable passive polling when thermal zone is disabled
net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
net: hns: fix skb->truesize underestimation
e1000: check on netif_running() before calling e1000_up()
e1000: ensure to free old tx/rx rings in set_ringparam()
hwmon: (ina2xx) fix sysfs shunt resistor read access
hwmon: (adt7475) Make adt7475_read_word() return errors
drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode
drm/amdgpu: Update power state at the end of smu hw_init.
arm/arm64: smccc-1.1: Make return values unsigned long
arm/arm64: smccc-1.1: Handle function result as parameters
i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
arm64: KVM: Sanitize PSTATE.M when being set from userspace
media: v4l: event: Prevent freeing event subscriptions while accessed
Linux 4.9.131
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 624fa7790f80575a4ec28fbdb2034097dc18d051 ]
In the scsi_transport_srp implementation it cannot be avoided to
iterate over a klist from atomic context when using the legacy block
layer instead of blk-mq. Hence this patch that makes it safe to use
klists in atomic context. This patch avoids that lockdep reports the
following:
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&(&k->k_lock)->rlock);
local_irq_disable();
lock(&(&q->__queue_lock)->rlock);
lock(&(&k->k_lock)->rlock);
<Interrupt>
lock(&(&q->__queue_lock)->rlock);
stack backtrace:
Workqueue: kblockd blk_timeout_work
Call Trace:
dump_stack+0xa4/0xf5
check_usage+0x6e6/0x700
__lock_acquire+0x185d/0x1b50
lock_acquire+0xd2/0x260
_raw_spin_lock+0x32/0x50
klist_next+0x47/0x190
device_for_each_child+0x8e/0x100
srp_timed_out+0xaf/0x1d0 [scsi_transport_srp]
scsi_times_out+0xd4/0x410 [scsi_mod]
blk_rq_timed_out+0x36/0x70
blk_timeout_work+0x1b5/0x220
process_one_work+0x4fe/0xad0
worker_thread+0x63/0x5a0
kthread+0x1c1/0x1e0
ret_from_fork+0x24/0x30
See also commit c9ddf73476ff ("scsi: scsi_transport_srp: Fix shost to
rport translation").
Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Cc: James Bottomley <jejb@linux.vnet.ibm.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry-picked from 85caa95b9f19bb3a26d7e025d1134760b69e0c40)
The CHECK_DATA_CORRUPTION() macro was designed to have callers do
something meaningful/protective on failure. However, using "return
false" in the macro too strictly limits the design patterns of callers.
Instead, let callers handle the logic test directly, but make sure that
the result IS checked by forcing __must_check (which appears to not be
able to be used directly on macro expressions).
Change-Id: I23a87276163e3760c6eba44d6072e495fd8ec65d
Link: http://lkml.kernel.org/r/20170206204547.GA125312@beast
Signed-off-by: Kees Cook <keescook@chromium.org>
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Satya Tangirala <satyat@google.com>
(cherry-picked from de54ebbe26bb371a6f1fbc0593372232f04e3107)
The kernel checks for cases of data structure corruption under some
CONFIGs (e.g. CONFIG_DEBUG_LIST). When corruption is detected, some
systems may want to BUG() immediately instead of letting the system run
with known corruption. Usually these kinds of manipulation primitives can
be used by security flaws to gain arbitrary memory write control. This
provides a new config CONFIG_BUG_ON_DATA_CORRUPTION and a corresponding
macro CHECK_DATA_CORRUPTION for handling these situations. Notably, even
if not BUGing, the kernel should not continue processing the corrupted
structure.
This is inspired by similar hardening by Syed Rameez Mustafa in MSM
kernels, and in PaX and Grsecurity, which is likely in response to earlier
removal of the BUG calls in commit 924d9addb9 ("list debugging: use
WARN() instead of BUG()").
Change-Id: I81927d2aa3684d676934ac109833fe71f0bc0156
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Satya Tangirala <satyat@google.com>
(cherry-picked from 0cd340dcb05c4a43742fe156f36737bb2a321bfd)
Similar to the list_add() debug consolidation, this commit consolidates
the debug checking performed during CONFIG_DEBUG_LIST into a new
__list_del_entry_valid() function, and stops list updates when corruption
is found.
Refactored from same hardening in PaX and Grsecurity.
Change-Id: I4e29ce228e64ed35e218b42b82a6ec5c29abf0c7
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Satya Tangirala <satyat@google.com>
(cherry-picked from 54acd4397d7e7a725c94101180cd9f38ef701acc)
This commit consolidates the debug checking for list_add_rcu() into the
new single __list_add_valid() debug function. Notably, this commit fixes
the sanity check that was added in commit 17a801f4bf ("list_debug:
WARN for adding something already in the list"), which wasn't checking
RCU-protected lists.
Change-Id: If79fb3ce40d16ab75830ffbcfbd83f8676b1705e
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Satya Tangirala <satyat@google.com>
(cherry-picked from d7c816733d501b59dbdc2483f2cc8e4431fd9160)
Right now, __list_add() code is repeated either in list.h or in
list_debug.c, but the only differences between the two versions
are the debug checks. This commit therefore extracts these debug
checks into a separate __list_add_valid() function and consolidates
__list_add(). Additionally this new __list_add_valid() function will stop
list manipulations if a corruption is detected, instead of allowing for
further corruption that may lead to even worse conditions.
This is slight refactoring of the same hardening done in PaX and Grsecurity.
Change-Id: I654bc0aef2ca7a8ce57d1ed1683138c44a414a15
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Satya Tangirala <satyat@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlucuBEACgkQONu9yGCS
aT4HlBAAnXzLh/c8dKPdWzU3Bx6L9If7syeW0Gl06AtGsUrVqrggOnumdXRgPV3y
/4Br6piwrpjHP9P7m/pS03Ol3+DvD4JKhMRFr0VzGwk4e32wZ8cNd7qx5RF/4z9s
tpebYJVJoRRmefi1EJyj+NAGgDCk+7A1pzW3W2NK/mirQdkHywfLJHhQDyHgmWQy
jyDpz2ihNdorKHN8ogK7FYQ7JZC9tnooB4GZFObaB8nkaeMaRGD2V2jrHRi8a4tv
5Bm9HmlGJOqtsstsr1Em6W+UNRKfztfDmYuk+H9xCo8odCSHeyx30nUDxjp6Bo2f
OvC/x1x6JIVNsoAgzlRZKMJR1Lv0IK3SEVPrecOOSWeardtt92JUQjoLaLmW03xR
dlnXZyDeO75Qbdgo/5b/d6RiVNGSv0CPDOQSREDMX6Rvf9P8ezceF/iDz0SrH9Zm
GkjQCQ2yyqrrSID5baB562AHszBa+rdqgp4RBheE+M5s7UALL09tFJquaijZ8jvO
dMs6f847MeMARFIGLNKff9cvWI2zanTwOPX+E3rcj88rN79jvIsyD/hDzkqHoR7J
Rhb2K7478gC1N2XTOu97hNmB9qTNIn9U1hvS/f2d7SGyjOU9WR+XgCgDUWZsZnPP
H4eeblr9iaCUHI/4Q+nWUuQPKnCdGb9Ay9lyq9uqHIQBz+uVZ4I=
=hV8i
-----END PGP SIGNATURE-----
Merge 4.9.127 into android-4.9
Changes in 4.9.127
x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
act_ife: fix a potential use-after-free
ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state
net: bcmgenet: use MAC link status for fixed phy
net: sched: Fix memory exposure from short TCA_U32_SEL
qlge: Fix netdev features configuration.
r8169: add support for NCube 8168 network card
tcp: do not restart timewait timer on rst reception
vti6: remove !skb->ignore_df check from vti6_xmit()
sctp: hold transport before accessing its asoc in sctp_transport_get_next
vhost: correctly check the iova range when waking virtqueue
hv_netvsc: ignore devices that are not PCI
act_ife: move tcfa_lock down to where necessary
act_ife: fix a potential deadlock
net: sched: action_ife: take reference to meta module
cifs: check if SMB2 PDU size has been padded and suppress the warning
hfsplus: don't return 0 when fill_super() failed
hfs: prevent crash on exit from failed search
sunrpc: Don't use stack buffer with scatterlist
fork: don't copy inconsistent signal handler state to child
reiserfs: change j_timestamp type to time64_t
hfsplus: fix NULL dereference in hfsplus_lookup()
fat: validate ->i_start before using
scripts: modpost: check memory allocation results
virtio: pci-legacy: Validate queue pfn
mm/fadvise.c: fix signed overflow UBSAN complaint
fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
platform/x86: intel_punit_ipc: fix build errors
s390/kdump: Fix memleak in nt_vmcoreinfo
ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
mfd: sm501: Set coherent_dma_mask when creating subdevices
platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360
RDMA/hns: Fix usage of bitmap allocation functions return values
irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP
net/9p/trans_fd.c: fix race by holding the lock
net/9p: fix error path of p9_virtio_probe
powerpc: Fix size calculation using resource_size()
perf probe powerpc: Fix trace event post-processing
block: bvec_nr_vecs() returns value for wrong slab
s390/dasd: fix hanging offline processing due to canceled worker
s390/dasd: fix panic for failed online processing
ACPI / scan: Initialize status to ACPI_STA_DEFAULT
scsi: aic94xx: fix an error code in aic94xx_init()
PCI: mvebu: Fix I/O space end address calculation
dm kcopyd: avoid softlockup in run_complete_job
staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice
selftests/powerpc: Kill child processes on SIGINT
RDS: IB: fix 'passing zero to ERR_PTR()' warning
smb3: fix reset of bytes read and written stats
SMB3: Number of requests sent should be displayed for SMB3 not just CIFS
powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.
clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399
btrfs: replace: Reset on-disk dev stats value after replace
btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized
btrfs: Don't remove block group that still has pinned down bytes
arm64: rockchip: Force CONFIG_PM on Rockchip systems
ARM: rockchip: Force CONFIG_PM on Rockchip systems
drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80
tcp: Revert "tcp: tcp_probe: use spin_lock_bh()"
debugobjects: Make stack check warning more informative
x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear
kbuild: make missing $DEPMOD a Warning instead of an Error
irda: Fix memory leak caused by repeated binds of irda socket
irda: Only insert new objects into the global database via setsockopt
Revert "ARM: imx_v6_v7_defconfig: Select ULPI support"
enic: do not call enic_change_mtu in enic_probe
Fixes: Commit 2aa6d036b7 ("mm: numa: avoid waiting on freed migrated pages")
sch_htb: fix crash on init failure
sch_multiq: fix double free on init failure
sch_hhf: fix null pointer dereference on init failure
sch_netem: avoid null pointer deref on init failure
sch_tbf: fix two null pointer dereferences on init failure
mei: me: allow runtime pm for platform with D0i3
s390/lib: use expoline for all bcr instructions
ASoC: wm8994: Fix missing break in switch
btrfs: use correct compare function of dirty_metadata_bytes
arm64: Fix mismatched cache line size detection
arm64: Handle mismatched cache type
Linux 4.9.127
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit fc91a3c4c27acdca0bc13af6fbb68c35cfd519f2 upstream.
While debugging an issue debugobject tracking warned about an annotation
issue of an object on stack. It turned out that the issue was due to the
object in concern being on a different stack which was due to another
issue.
Thomas suggested to print the pointers and the location of the stack for
the currently running task. This helped to figure out that the object was
on the wrong stack.
As this is general useful information for debugging similar issues, make
the error message more informative by printing the pointers.
[ tglx: Massaged changelog ]
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Waiman Long <longman@redhat.com>
Acked-by: Yang Shi <yang.shi@linux.alibaba.com>
Cc: kernel-team@android.com
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: astrachan@google.com
Link: https://lkml.kernel.org/r/20180723212531.202328-1-joel@joelfernandes.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add zstd compression and decompression kernel modules.
zstd offers a wide varity of compression speed and quality trade-offs.
It can compress at speeds approaching lz4, and quality approaching lzma.
zstd decompressions at speeds more than twice as fast as zlib, and
decompression speed remains roughly the same across all compression levels.
The code was ported from the upstream zstd source repository. The
`linux/zstd.h` header was modified to match linux kernel style.
The cross-platform and allocation code was stripped out. Instead zstd
requires the caller to pass a preallocated workspace. The source files
were clang-formatted [1] to match the Linux Kernel style as much as
possible. Otherwise, the code was unmodified. We would like to avoid
as much further manual modification to the source code as possible, so it
will be easier to keep the kernel zstd up to date.
I benchmarked zstd compression as a special character device. I ran zstd
and zlib compression at several levels, as well as performing no
compression, which measure the time spent copying the data to kernel space.
Data is passed to the compresser 4096 B at a time. The benchmark file is
located in the upstream zstd source repository under
`contrib/linux-kernel/zstd_compress_test.c` [2].
I ran the benchmarks on a Ubuntu 14.04 VM with 2 cores and 4 GiB of RAM.
The VM is running on a MacBook Pro with a 3.1 GHz Intel Core i7 processor,
16 GB of RAM, and a SSD. I benchmarked using `silesia.tar` [3], which is
211,988,480 B large. Run the following commands for the benchmark:
sudo modprobe zstd_compress_test
sudo mknod zstd_compress_test c 245 0
sudo cp silesia.tar zstd_compress_test
The time is reported by the time of the userland `cp`.
The MB/s is computed with
1,536,217,008 B / time(buffer size, hash)
which includes the time to copy from userland.
The Adjusted MB/s is computed with
1,536,217,088 B / (time(buffer size, hash) - time(buffer size, none)).
The memory reported is the amount of memory the compressor requests.
| Method | Size (B) | Time (s) | Ratio | MB/s | Adj MB/s | Mem (MB) |
|----------|----------|----------|-------|---------|----------|----------|
| none | 11988480 | 0.100 | 1 | 2119.88 | - | - |
| zstd -1 | 73645762 | 1.044 | 2.878 | 203.05 | 224.56 | 1.23 |
| zstd -3 | 66988878 | 1.761 | 3.165 | 120.38 | 127.63 | 2.47 |
| zstd -5 | 65001259 | 2.563 | 3.261 | 82.71 | 86.07 | 2.86 |
| zstd -10 | 60165346 | 13.242 | 3.523 | 16.01 | 16.13 | 13.22 |
| zstd -15 | 58009756 | 47.601 | 3.654 | 4.45 | 4.46 | 21.61 |
| zstd -19 | 54014593 | 102.835 | 3.925 | 2.06 | 2.06 | 60.15 |
| zlib -1 | 77260026 | 2.895 | 2.744 | 73.23 | 75.85 | 0.27 |
| zlib -3 | 72972206 | 4.116 | 2.905 | 51.50 | 52.79 | 0.27 |
| zlib -6 | 68190360 | 9.633 | 3.109 | 22.01 | 22.24 | 0.27 |
| zlib -9 | 67613382 | 22.554 | 3.135 | 9.40 | 9.44 | 0.27 |
I benchmarked zstd decompression using the same method on the same machine.
The benchmark file is located in the upstream zstd repo under
`contrib/linux-kernel/zstd_decompress_test.c` [4]. The memory reported is
the amount of memory required to decompress data compressed with the given
compression level. If you know the maximum size of your input, you can
reduce the memory usage of decompression irrespective of the compression
level.
| Method | Time (s) | MB/s | Adjusted MB/s | Memory (MB) |
|----------|----------|---------|---------------|-------------|
| none | 0.025 | 8479.54 | - | - |
| zstd -1 | 0.358 | 592.15 | 636.60 | 0.84 |
| zstd -3 | 0.396 | 535.32 | 571.40 | 1.46 |
| zstd -5 | 0.396 | 535.32 | 571.40 | 1.46 |
| zstd -10 | 0.374 | 566.81 | 607.42 | 2.51 |
| zstd -15 | 0.379 | 559.34 | 598.84 | 4.61 |
| zstd -19 | 0.412 | 514.54 | 547.77 | 8.80 |
| zlib -1 | 0.940 | 225.52 | 231.68 | 0.04 |
| zlib -3 | 0.883 | 240.08 | 247.07 | 0.04 |
| zlib -6 | 0.844 | 251.17 | 258.84 | 0.04 |
| zlib -9 | 0.837 | 253.27 | 287.64 | 0.04 |
Tested in userland using the test-suite in the zstd repo under
`contrib/linux-kernel/test/UserlandTest.cpp` [5] by mocking the kernel
functions. Fuzz tested using libfuzzer [6] with the fuzz harnesses under
`contrib/linux-kernel/test/{RoundTripCrash.c,DecompressCrash.c}` [7] [8]
with ASAN, UBSAN, and MSAN. Additionaly, it was tested while testing the
BtrFS and SquashFS patches coming next.
[1] https://clang.llvm.org/docs/ClangFormat.html
[2] https://github.com/facebook/zstd/blob/dev/contrib/linux-kernel/zstd_compress_test.c
[3] http://sun.aei.polsl.pl/~sdeor/index.php?page=silesia
[4] https://github.com/facebook/zstd/blob/dev/contrib/linux-kernel/zstd_decompress_test.c
[5] https://github.com/facebook/zstd/blob/dev/contrib/linux-kernel/test/UserlandTest.cpp
[6] http://llvm.org/docs/LibFuzzer.html
[7] https://github.com/facebook/zstd/blob/dev/contrib/linux-kernel/test/RoundTripCrash.c
[8] https://github.com/facebook/zstd/blob/dev/contrib/linux-kernel/test/DecompressCrash.c
zstd source repository: https://github.com/facebook/zstd
Signed-off-by: Nick Terrell <terrelln@fb.com>
Signed-off-by: Chris Mason <clm@fb.com>
(cherry picked from commit 73f3d1b48f5069d46ba48aa28c2898dc93185560)
Signed-off-by: Peter Kalauskas <peskal@google.com>
Bug: 112488418
Change-Id: I6321071707a322683a4b35d047e7410c5a67acdc
Adds xxhash kernel module with xxh32 and xxh64 hashes. xxhash is an
extremely fast non-cryptographic hash algorithm for checksumming.
The zstd compression and decompression modules added in the next patch
require xxhash. I extracted it out from zstd since it is useful on its
own. I copied the code from the upstream XXHash source repository and
translated it into kernel style. I ran benchmarks and tests in the kernel
and tests in userland.
I benchmarked xxhash as a special character device. I ran in four modes,
no-op, xxh32, xxh64, and crc32. The no-op mode simply copies the data to
kernel space and ignores it. The xxh32, xxh64, and crc32 modes compute
hashes on the copied data. I also ran it with four different buffer sizes.
The benchmark file is located in the upstream zstd source repository under
`contrib/linux-kernel/xxhash_test.c` [1].
I ran the benchmarks on a Ubuntu 14.04 VM with 2 cores and 4 GiB of RAM.
The VM is running on a MacBook Pro with a 3.1 GHz Intel Core i7 processor,
16 GB of RAM, and a SSD. I benchmarked using the file `filesystem.squashfs`
from `ubuntu-16.10-desktop-amd64.iso`, which is 1,536,217,088 B large.
Run the following commands for the benchmark:
modprobe xxhash_test
mknod xxhash_test c 245 0
time cp filesystem.squashfs xxhash_test
The time is reported by the time of the userland `cp`.
The GB/s is computed with
1,536,217,008 B / time(buffer size, hash)
which includes the time to copy from userland.
The Normalized GB/s is computed with
1,536,217,088 B / (time(buffer size, hash) - time(buffer size, none)).
| Buffer Size (B) | Hash | Time (s) | GB/s | Adjusted GB/s |
|-----------------|-------|----------|------|---------------|
| 1024 | none | 0.408 | 3.77 | - |
| 1024 | xxh32 | 0.649 | 2.37 | 6.37 |
| 1024 | xxh64 | 0.542 | 2.83 | 11.46 |
| 1024 | crc32 | 1.290 | 1.19 | 1.74 |
| 4096 | none | 0.380 | 4.04 | - |
| 4096 | xxh32 | 0.645 | 2.38 | 5.79 |
| 4096 | xxh64 | 0.500 | 3.07 | 12.80 |
| 4096 | crc32 | 1.168 | 1.32 | 1.95 |
| 8192 | none | 0.351 | 4.38 | - |
| 8192 | xxh32 | 0.614 | 2.50 | 5.84 |
| 8192 | xxh64 | 0.464 | 3.31 | 13.60 |
| 8192 | crc32 | 1.163 | 1.32 | 1.89 |
| 16384 | none | 0.346 | 4.43 | - |
| 16384 | xxh32 | 0.590 | 2.60 | 6.30 |
| 16384 | xxh64 | 0.466 | 3.30 | 12.80 |
| 16384 | crc32 | 1.183 | 1.30 | 1.84 |
Tested in userland using the test-suite in the zstd repo under
`contrib/linux-kernel/test/XXHashUserlandTest.cpp` [2] by mocking the
kernel functions. A line in each branch of every function in `xxhash.c`
was commented out to ensure that the test-suite fails. Additionally
tested while testing zstd and with SMHasher [3].
[1] https://phabricator.intern.facebook.com/P57526246
[2] https://github.com/facebook/zstd/blob/dev/contrib/linux-kernel/test/XXHashUserlandTest.cpp
[3] https://github.com/aappleby/smhasher
zstd source repository: https://github.com/facebook/zstd
XXHash source repository: https://github.com/cyan4973/xxhash
Signed-off-by: Nick Terrell <terrelln@fb.com>
Signed-off-by: Chris Mason <clm@fb.com>
(cherry picked from commit 5d2405227a9eaea48e8cc95756a06d407b11f141)
Signed-off-by: Peter Kalauskas <peskal@google.com>
Bug: 112488418
Change-Id: Icffe9d5edd641795f40137e389672e81967c1842
commit 785a19f9d1dd8a4ab2d0633be4656653bd3de1fc upstream.
The following kernel panic was observed on ARM64 platform due to a stale
TLB entry.
1. ioremap with 4K size, a valid pte page table is set.
2. iounmap it, its pte entry is set to 0.
3. ioremap the same address with 2M size, update its pmd entry with
a new value.
4. CPU may hit an exception because the old pmd entry is still in TLB,
which leads to a kernel panic.
Commit b6bdb7517c3d ("mm/vmalloc: add interfaces to free unmapped page
table") has addressed this panic by falling to pte mappings in the above
case on ARM64.
To support pmd mappings in all cases, TLB purge needs to be performed
in this case on ARM64.
Add a new arg, 'addr', to pud_free_pmd_page() and pmd_free_pte_page()
so that TLB purge can be added later in seprate patches.
[toshi.kani@hpe.com: merge changes, rewrite patch description]
Fixes: 28ee90fe6048 ("x86/mm: implement free pmd/pte page interfaces")
Signed-off-by: Chintan Pandya <cpandya@codeaurora.org>
Signed-off-by: Toshi Kani <toshi.kani@hpe.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: mhocko@suse.com
Cc: akpm@linux-foundation.org
Cc: hpa@zytor.com
Cc: linux-mm@kvack.org
Cc: linux-arm-kernel@lists.infradead.org
Cc: Will Deacon <will.deacon@arm.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: stable@vger.kernel.org
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: <stable@vger.kernel.org>
Link: https://lkml.kernel.org/r/20180627141348.21777-3-toshi.kani@hpe.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAltYQbQACgkQONu9yGCS
aT6FKw/+IL8lHw7UCoX6FEKfd5GnEG0/g4kP+1dAX/a06wd/dXd2Ztb+YeUSCxyQ
H8zt3SmiJU51eR+1n9ClnpBQA4ZPGvLJQSwgDaVITrJ/vg0afQfxEcksmoo+BAVH
bsN2d387fwHVihSOAie5hIaYVMhbouY3myP+wMENo8AGRwtnDwtLEUaMnQSDbFAK
L0Vu0dOLV5YyHwarUre3SZzHSKc8oP3LawoJ+yPhUK3faQsXK5rEU+uz7/+0C3zf
+r0mo5equ4dezD392MX3cs2HknXykaAFEzvsjQiBd0jSAH225VuShKbjrxIdVxyo
b+PdPItXw8g2VA1bm2mWKTpTHnnMdW4jowpybm1mk9Un7JEEiynxylZxeEHkL3Ns
nPo9fNfzliJb8D1uRddvtYM3gLJc20ijZf9PQ6Dugdf/8+jZbInTQCrU0f9XuUt2
WEECKiYs67/N/5LDMjd7vy9Jj89qKAxaekbuFR5BIjiXf25rAmqRvXMYjiIOndh6
XZHV7eBj4UeVpIFfuAc0d6NRgJN01G/2JUbqm8vJZbnSF1WJDL5gTBd9/JjR4zYH
XvIoQwrtoEVz8ZeQMZAWy6yUfslASHPdyKe6ONUMwExLZhGR0qeh6cWDsIk0UE8c
EEaN10jpAT4juUmBtIwGHJyCzH6lvwjBlk29XZ2+Xsy7BKAf+Hc=
=hytF
-----END PGP SIGNATURE-----
Merge 4.9.115 into android-4.9
Changes in 4.9.115
KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel.
x86/apm: Don't access __preempt_count with zeroed fs
x86/MCE: Remove min interval polling limitation
fat: fix memory allocation failure handling of match_strdup()
ALSA: rawmidi: Change resized buffers atomically
ARC: Fix CONFIG_SWAP
ARC: mm: allow mprotect to make stack mappings executable
ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
mm: memcg: fix use after free in mem_cgroup_iter()
mm/huge_memory.c: fix data loss when splitting a file pmd
vfio/pci: Fix potential Spectre v1
drm/i915: Fix hotplug irq ack on i965/g4x
gen_stats: Fix netlink stats dumping in the presence of padding
ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
ipv6: fix useless rol32 call on hash
lib/rhashtable: consider param->min_size when setting initial table size
net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort
net/ipv4: Set oif in fib_compute_spec_dst
net: phy: fix flag masking in __set_phy_supported
ptp: fix missing break in switch
qmi_wwan: add support for Quectel EG91
tg3: Add higher cpu clock for 5762.
net: usb: asix: replace mii_nway_restart in resume path
net: Don't copy pfmemalloc flag in __copy_skb_header()
skbuff: Unconditionally copy pfmemalloc in __skb_clone()
xhci: Fix perceived dead host due to runtime suspend race with event handler
xprtrdma: Return -ENOBUFS when no pages are available
block: do not use interruptible wait anywhere
Linux 4.9.115
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 107d01f5ba10f4162c38109496607eb197059064 ]
rhashtable_init() currently does not take into account the user-passed
min_size parameter unless param->nelem_hint is set as well. As such,
the default size (number of buckets) will always be HASH_DEFAULT_SIZE
even if the smallest allowed size is larger than that. Remediate this
by unconditionally calling into rounded_hashtable_size() and handling
things accordingly.
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAls7QIYACgkQONu9yGCS
aT5uAw/9Fn18nJcN+UdW2eiUWAXEUFSGVSNpN9q9XkRBoVIeTtIRFf+dusvVMhVX
4uVMeVzjzoXSGuWQRUWGE+gfs12U55LK6ZcgNQqCrc0kdlacas7QhYHcAJyUAG95
qNuOYtYA/bcCnEN/0xZKs9e7tCKwblSV1n9J3zTd71f0l87ZfFxi/7kCNabuQCLr
d6onuOS9pDJpb6j0X5ukjHc5LMW4UmcSBdKfwi1p+6pkx0tZ1V6Zx9rDO5zGU+4A
VChyT+Cvpv+oy70LQsPjjYyAksIclDFJdDORrQqx3PWCxFTbirgrqKRehyPOi5T+
afIx1dnxOI3kdpVFZwoa9vjDegX1A6jFNMdS2Gvi14I9OWFKCPNtaPg0XrOmZ2Ck
apxXJx1hD8zUfJW1vxn6LKQ7osP6RfkGsFm0Gh0U/5tPWU+Eqsv/kWoIzQM0q8LM
ksVxu/8IVSvXA1cOc0w2lLjiD9zpG+Dma8avKhSSflK1DfCEDD/lH7OeFsI/bDWY
3Rl6h/e+2YQJI6L4BMdZ1RyaTPeaskkmtXIC4z/f9XTYHEAj/gcpbIhfqcJMgm/F
NDGVdTlcTvCk9EBDAx5sgSBA8KetDtFTUENWswM5fzbMdX/hawcQXRmzkNNaBIF5
R6CoPB05zNbsmgUhuiz5wOxFle6VfAGyhi+kiM4mVx+ywVvGxCg=
=d1H3
-----END PGP SIGNATURE-----
Merge 4.9.111 into android-4.9
Changes in 4.9.111
x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec()
x86/mce: Improve error message when kernel cannot recover
x86/mce: Check for alternate indication of machine check recovery on Skylake
x86/mce: Fix incorrect "Machine check from unknown source" message
x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out()
x86: Call fixup_exception() before notify_die() in math_error()
m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version
signal/xtensa: Consistenly use SIGBUS in do_unaligned_user
usb: do not reset if a low-speed or full-speed device timed out
1wire: family module autoload fails because of upper/lower case mismatch.
ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
ASoC: cirrus: i2s: Fix LRCLK configuration
ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup
clk: renesas: cpg-mssr: Stop using printk format %pCr
lib/vsprintf: Remove atomic-unsafe support for %pCr
mips: ftrace: fix static function graph tracing
branch-check: fix long->int truncation when profiling branches
ipmi:bt: Set the timeout before doing a capabilities check
Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader
fuse: atomic_o_trunc should truncate pagecache
fuse: don't keep dead fuse_conn at fuse_fill_super().
fuse: fix control dir setup and teardown
powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG
powerpc/ptrace: Fix enforcement of DAWR constraints
powerpc/powernv/ioda2: Remove redundant free of TCE pages
cpuidle: powernv: Fix promotion from snooze if next state disabled
powerpc/fadump: Unregister fadump on kexec down path.
ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size
arm64: kpti: Use early_param for kpti= command-line option
arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance
of: unittest: for strings, account for trailing \0 in property length field
IB/qib: Fix DMA api warning with debug kernel
IB/{hfi1, qib}: Add handling of kernel restart
IB/mlx5: Fetch soft WQE's on fatal error state
IB/isert: Fix for lib/dma_debug check_sync warning
IB/isert: fix T10-pi check mask setting
RDMA/mlx4: Discard unknown SQP work requests
mtd: cfi_cmdset_0002: Change write buffer to check correct value
mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
PCI: Add ACS quirk for Intel 7th & 8th Gen mobile
PCI: Add ACS quirk for Intel 300 series
PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume
printk: fix possible reuse of va_list variable
MIPS: io: Add barrier after register read in inX()
time: Make sure jiffies_to_msecs() preserves non-zero time periods
X.509: unpack RSA signatureValue field from BIT STRING
Btrfs: fix return value on rename exchange failure
Btrfs: fix unexpected cow in run_delalloc_nocow
iio:buffer: make length types match kfifo types
scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed
scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return
scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED
scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
linvdimm, pmem: Preserve read-only setting for pmem devices
clk: at91: PLL recalc_rate() now using cached MUL and DIV values
md: fix two problems with setting the "re-add" device state.
rpmsg: smd: do not use mananged resources for endpoints and channels
ubi: fastmap: Cancel work upon detach
ubi: fastmap: Correctly handle interrupted erasures in EBA
UBIFS: Fix potential integer overflow in allocation
backlight: as3711_bl: Fix Device Tree node lookup
backlight: max8925_bl: Fix Device Tree node lookup
backlight: tps65217_bl: Fix Device Tree node lookup
mfd: intel-lpss: Program REMAP register in PIO mode
perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING
perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP
perf intel-pt: Fix MTC timing after overflow
perf intel-pt: Fix "Unexpected indirect branch" error
perf intel-pt: Fix packet decoding of CYC packets
media: v4l2-compat-ioctl32: prevent go past max size
media: cx231xx: Add support for AverMedia DVD EZMaker 7
media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message
NFSv4: Revert commit 5f83d86cf5 ("NFSv4.x: Fix wraparound issues..")
video: uvesafb: Fix integer overflow in allocation
Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID
pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume
rbd: flush rbd_dev->watch_dwork after watch is unregistered
mm: fix devmem_is_allowed() for sub-page System RAM intersections
xen: Remove unnecessary BUG_ON from __unbind_from_irq()
udf: Detect incorrect directory size
Input: elan_i2c_smbus - fix more potential stack buffer overflows
Input: elantech - enable middle button of touchpads on ThinkPad P52
Input: elantech - fix V4 report decoding for module with middle key
ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co
ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210
block: Fix transfer when chunk sectors exceeds max
dm thin: handle running out of data space vs concurrent discard
cdc_ncm: avoid padding beyond end of skb
Linux 4.9.111
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 666902e42fd8344b923c02dc5b0f37948ff4f225 upstream.
"%pCr" formats the current rate of a clock, and calls clk_get_rate().
The latter obtains a mutex, hence it must not be called from atomic
context.
Remove support for this rarely-used format, as vsprintf() (and e.g.
printk()) must be callable from any context.
Any remaining out-of-tree users will start seeing the clock's name
printed instead of its rate.
Reported-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Fixes: 900cca2944 ("lib/vsprintf: add %pC{,n,r} format specifiers for clocks")
Link: http://lkml.kernel.org/r/1527845302-12159-5-git-send-email-geert+renesas@glider.be
To: Jia-Ju Bai <baijiaju1990@gmail.com>
To: Jonathan Corbet <corbet@lwn.net>
To: Michael Turquette <mturquette@baylibre.com>
To: Stephen Boyd <sboyd@kernel.org>
To: Zhang Rui <rui.zhang@intel.com>
To: Eduardo Valentin <edubezval@gmail.com>
To: Eric Anholt <eric@anholt.net>
To: Stefan Wahren <stefan.wahren@i2se.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: linux-doc@vger.kernel.org
Cc: linux-clk@vger.kernel.org
Cc: linux-pm@vger.kernel.org
Cc: linux-serial@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-renesas-soc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: stable@vger.kernel.org # 4.1+
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlsOO78ACgkQONu9yGCS
aT4OfBAAk3FbbltZaC/dvdJalMB1D95dL2qQcQkY45eVKpeVzmiSboEdFdqNt2oN
PtOs6tD/ao7y25CWCvYGoX3jrHUZflDv9akTDPsFyyxkbSpEZ36jTc0W6SpwZ9ez
IOtRTaUk6oXhkCr8KQRgjFQy0Ip+QRdpMucMl+LSz+HEoXgMUDqHFouznJhsjbd9
g5uVHWMvbeEWVEGlT3ch2fuO6lRoNxdO9V/DhQxviiIdGhFF+T7nZuAbH/OgXFr9
eX6UiWVGDLsjP6iSw16pVZT0Lf2RbG5oWlmGtoaj2fPf8eWeF2aJcCT3JtqTN7Bj
Bd4//X+c+GgYMZM/411+lSgPLQBhiLqPYEzubabxEm17KCi2hmiac6FN6TEVv8ZB
2I3N2APG94qExPZmYdHTgIM7SDP+vJP7hpJ63Ez2AAjgNHJVvNaLZS6ZznILtTxu
6It0PfewHgt6NWqSWutc/+gNIbvjyztYgdxRGSClYd4HwezNA8e6nrnpNoS8Pfn1
RAMg4ercWMm0hKt0ELr+pCOv8Izlo+tMWIKba/GYcX8+ab3XlTH1hWHw/gLV5ikO
HAv3CRdwr8NU3mkuNwQHJNcEXvThmsOhldH5AU1+503r7Qsjb14wI2ASF4SDYtRt
TdbolMWoVElSqgC+4AKo+d5BrC30vAmQ90bAgLF5P6/vNPSNMZc=
=nLEw
-----END PGP SIGNATURE-----
Merge 4.9.104 into android-4.9
Changes in 4.9.104
MIPS: c-r4k: Fix data corruption related to cache coherence
MIPS: ptrace: Expose FIR register through FP regset
MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
affs_lookup(): close a race with affs_remove_link()
aio: fix io_destroy(2) vs. lookup_ioctx() race
ALSA: timer: Fix pause event notification
do d_instantiate/unlock_new_inode combinations safely
mmc: sdhci-iproc: remove hard coded mmc cap 1.8v
mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
libata: Blacklist some Sandisk SSDs for NCQ
libata: blacklist Micron 500IT SSD with MU01 firmware
xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros
IB/hfi1: Use after free race condition in send context error path
Revert "ipc/shm: Fix shmat mmap nil-page protection"
ipc/shm: fix shmat() nil address after round-down when remapping
kasan: fix memory hotplug during boot
kernel/sys.c: fix potential Spectre v1 issue
kernel/signal.c: avoid undefined behaviour in kill_something_info
KVM/VMX: Expose SSBD properly to guests
KVM: s390: vsie: fix < 8k check for the itdba
KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed
kvm: x86: IA32_ARCH_CAPABILITIES is always supported
firewire-ohci: work around oversized DMA reads on JMicron controllers
x86/tsc: Allow TSC calibration without PIT
NFSv4: always set NFS_LOCK_LOST when a lock is lost.
ALSA: hda - Use IS_REACHABLE() for dependency on input
kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460
tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
PCI: Add function 1 DMA alias quirk for Marvell 9128
Input: psmouse - fix Synaptics detection when protocol is disabled
i40iw: Zero-out consumer key on allocate stag for FMR
tools lib traceevent: Simplify pointer print logic and fix %pF
perf callchain: Fix attr.sample_max_stack setting
tools lib traceevent: Fix get_field_str() for dynamic strings
perf record: Fix failed memory allocation for get_cpuid_str
iommu/vt-d: Use domain instead of cache fetching
dm thin: fix documentation relative to low water mark threshold
net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
nfs: Do not convert nfs_idmap_cache_timeout to jiffies
watchdog: sp5100_tco: Fix watchdog disable bit
kconfig: Don't leak main menus during parsing
kconfig: Fix automatic menu creation mem leak
kconfig: Fix expr_free() E_NOT leak
mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
ipmi/powernv: Fix error return code in ipmi_powernv_probe()
Btrfs: set plug for fsync
btrfs: Fix out of bounds access in btrfs_search_slot
Btrfs: fix scrub to repair raid6 corruption
btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP
HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
fm10k: fix "failed to kill vid" message for VF
device property: Define type of PROPERTY_ENRTY_*() macros
jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
powerpc/numa: Ensure nodes initialized for hotplug
RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
ntb_transport: Fix bug with max_mw_size parameter
gianfar: prevent integer wrapping in the rx handler
tcp_nv: fix potential integer overflow in tcpnv_acked
kvm: Map PFN-type memory regions as writable (if possible)
ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
ocfs2: return error when we attempt to access a dirty bh in jbd2
mm/mempolicy: fix the check of nodemask from user
mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
asm-generic: provide generic_pmdp_establish()
sparc64: update pmdp_invalidate() to return old pmd value
mm: thp: use down_read_trylock() in khugepaged to avoid long block
mm: pin address_space before dereferencing it while isolating an LRU page
mm/fadvise: discard partial page if endbyte is also EOF
openvswitch: Remove padding from packet before L3+ conntrack processing
IB/ipoib: Fix for potential no-carrier state
drm/nouveau/pmu/fuc: don't use movw directly anymore
netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure
x86/power: Fix swsusp_arch_resume prototype
firmware: dmi_scan: Fix handling of empty DMI strings
ACPI: processor_perflib: Do not send _PPC change notification if not ready
ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs
bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
MIPS: generic: Fix machine compatible matching
MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
xen-netfront: Fix race between device setup and open
xen/grant-table: Use put_page instead of free_page
RDS: IB: Fix null pointer issue
arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
proc: fix /proc/*/map_files lookup
cifs: silence compiler warnings showing up with gcc-8.0.0
bcache: properly set task state in bch_writeback_thread()
bcache: fix for allocator and register thread race
bcache: fix for data collapse after re-attaching an attached device
bcache: return attach error when no cache set exist
tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
bpf: fix rlimit in reuseport net selftest
vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page
locking/qspinlock: Ensure node->count is updated before initialising node
irqchip/gic-v3: Ignore disabled ITS nodes
cpumask: Make for_each_cpu_wrap() available on UP as well
irqchip/gic-v3: Change pr_debug message to pr_devel
ARC: Fix malformed ARC_EMUL_UNALIGNED default
ptr_ring: prevent integer overflow when calculating size
libata: Fix compile warning with ATA_DEBUG enabled
selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m
selftests: memfd: add config fragment for fuse
ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
ARM: OMAP3: Fix prm wake interrupt for resume
ARM: OMAP1: clock: Fix debugfs_create_*() usage
ibmvnic: Free RX socket buffer in case of adapter error
iwlwifi: mvm: fix security bug in PN checking
iwlwifi: mvm: always init rs with 20mhz bandwidth rates
NFC: llcp: Limit size of SDP URI
rxrpc: Work around usercopy check
mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
mac80211: fix a possible leak of station stats
mac80211: fix calling sleeping function in atomic context
mac80211: Do not disconnect on invalid operating class
md raid10: fix NULL deference in handle_write_completed()
drm/exynos: g2d: use monotonic timestamps
drm/exynos: fix comparison to bitshift when dealing with a mask
locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
md: raid5: avoid string overflow warning
kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
s390/cio: fix ccw_device_start_timeout API
s390/cio: fix return code after missing interrupt
s390/cio: clear timer when terminating driver I/O
PKCS#7: fix direct verification of SignerInfo signature
ARM: OMAP: Fix dmtimer init for omap1
smsc75xx: fix smsc75xx_set_features()
regulatory: add NUL to request alpha2
integrity/security: fix digsig.c build error with header file
locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations
mac80211: drop frames with unexpected DS bits from fast-rx to slow path
arm64: fix unwind_frame() for filtered out fn for function graph tracing
macvlan: fix use-after-free in macvlan_common_newlink()
kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds
fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
fs: dcache: Use READ_ONCE when accessing i_dir_seq
md: fix a potential deadlock of raid5/raid10 reshape
md/raid1: fix NULL pointer dereference
batman-adv: fix packet checksum in receive path
batman-adv: invalidate checksum on fragment reassembly
netfilter: ebtables: convert BUG_ONs to WARN_ONs
batman-adv: Ignore invalid batadv_iv_gw during netlink send
batman-adv: Ignore invalid batadv_v_gw during netlink send
batman-adv: Fix netlink dumping of BLA claims
batman-adv: Fix netlink dumping of BLA backbones
nvme-pci: Fix nvme queue cleanup if IRQ setup fails
clocksource/drivers/fsl_ftm_timer: Fix error return checking
ceph: fix dentry leak when failing to init debugfs
ARM: orion5x: Revert commit 4904dbda41.
qrtr: add MODULE_ALIAS macro to smd
r8152: fix tx packets accounting
virtio-gpu: fix ioctl and expose the fixed status to userspace.
dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
bcache: fix kcrashes with fio in RAID5 backend dev
ip6_tunnel: fix IFLA_MTU ignored on NEWLINK
sit: fix IFLA_MTU ignored on NEWLINK
ARM: dts: NSP: Fix amount of RAM on BCM958625HR
powerpc/boot: Fix random libfdt related build errors
gianfar: Fix Rx byte accounting for ndev stats
net/tcp/illinois: replace broken algorithm reference link
nvmet: fix PSDT field check in command format
xen/pirq: fix error path cleanup when binding MSIs
drm/sun4i: Fix dclk_set_phase
Btrfs: send, fix issuing write op when processing hole in no data mode
selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
iwlwifi: mvm: fix TX of CCMP 256
watchdog: f71808e_wdt: Fix magic close handling
watchdog: sbsa: use 32-bit read for WCV
batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag
e1000e: Fix check_for_link return value with autoneg off
e1000e: allocate ring descriptors with dma_zalloc_coherent
ia64/err-inject: Use get_user_pages_fast()
RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA
RDMA/qedr: Fix iWARP write and send with immediate
IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs
IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE
IB/mlx5: Fix an error code in __mlx5_ib_modify_qp()
fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
fsl/fman: avoid sleeping in atomic context while adding an address
net: qcom/emac: Use proper free methods during TX
net: smsc911x: Fix unload crash when link is up
IB/core: Fix possible crash to access NULL netdev
xen: xenbus: use put_device() instead of kfree()
arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery
dmaengine: mv_xor_v2: Fix clock resource by adding a register clock
netfilter: ebtables: fix erroneous reject of last rule
bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
workqueue: use put_device() instead of kfree()
ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
sunvnet: does not support GSO for sctp
drm/imx: move arming of the vblank event to atomic_flush
net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
batman-adv: fix header size check in batadv_dbg_arp()
batman-adv: Fix skbuff rcsum on packet reroute
vti4: Don't count header length twice on tunnel setup
vti4: Don't override MTU passed on link creation via IFLA_MTU
perf/cgroup: Fix child event counting bug
brcmfmac: Fix check for ISO3166 code
kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races
RDMA/ucma: Correct option size check using optlen
RDMA/qedr: fix QP's ack timeout configuration
RDMA/qedr: Fix rc initialization on CNQ allocation failure
mm/mempolicy.c: avoid use uninitialized preferred_node
mm, thp: do not cause memcg oom for thp
selftests: ftrace: Add probe event argument syntax testcase
selftests: ftrace: Add a testcase for string type with kprobe_event
selftests: ftrace: Add a testcase for probepoint
batman-adv: fix multicast-via-unicast transmission with AP isolation
batman-adv: fix packet loss for broadcasted DHCP packets to a server
ARM: 8748/1: mm: Define vdso_start, vdso_end as array
net: qmi_wwan: add BroadMobi BM806U 2020:2033
perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs
llc: properly handle dev_queue_xmit() return value
builddeb: Fix header package regarding dtc source links
mm/kmemleak.c: wait for scan completion before disabling free
net: Fix untag for vlan packets without ethernet header
net: mvneta: fix enable of all initialized RXQs
sh: fix debug trap failure to process signals before return to user
nvme: don't send keep-alives to the discovery controller
x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init
fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table
swap: divide-by-zero when zero length swap file on ssd
sr: get/drop reference to device in revalidate and check_events
Force log to disk before reading the AGF during a fstrim
cpufreq: CPPC: Initialize shared perf capabilities of CPUs
dp83640: Ensure against premature access to PHY registers after reset
mm/ksm: fix interaction with THP
mm: fix races between address_space dereference and free in page_evicatable
Btrfs: bail out on error during replay_dir_deletes
Btrfs: fix NULL pointer dereference in log_dir_items
btrfs: Fix possible softlock on single core machines
ocfs2/dlm: don't handle migrate lockres if already in shutdown
sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
KVM: VMX: raise internal error for exception during invalid protected mode state
fscache: Fix hanging wait on page discarded by writeback
sparc64: Make atomic_xchg() an inline function rather than a macro.
net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
btrfs: tests/qgroup: Fix wrong tree backref level
Btrfs: fix copy_items() return value when logging an inode
btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
rxrpc: Fix Tx ring annotation after initial Tx failure
rxrpc: Don't treat call aborts as conn aborts
xen/acpi: off by one in read_acpi_id()
drivers: macintosh: rack-meter: really fix bogus memsets
ACPI: acpi_pad: Fix memory leak in power saving threads
powerpc/mpic: Check if cpu_possible() in mpic_physmask()
m68k: set dma and coherent masks for platform FEC ethernets
parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
hwmon: (nct6775) Fix writing pwmX_mode
powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
powerpc/perf: Fix kernel address leak via sampling registers
tools/thermal: tmon: fix for segfault
selftests: Print the test we're running to /dev/kmsg
net/mlx5: Protect from command bit overflow
ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
cxgb4: Setup FW queues before registering netdev
ima: Fallback to the builtin hash algorithm
virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
arm: dts: socfpga: fix GIC PPI warning
cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
zorro: Set up z->dev.dma_mask for the DMA API
bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
ACPICA: Events: add a return on failure from acpi_hw_register_read
ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
cxgb4: Fix queue free path of ULD drivers
i2c: mv64xxx: Apply errata delay only in standard mode
KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
perf top: Fix top.call-graph config option reading
perf stat: Fix core dump when flag T is used
IB/core: Honor port_num while resolving GID for IB link layer
regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()'
spi: bcm-qspi: fIX some error handling paths
MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
PCI: Restore config space on runtime resume despite being unbound
ipmi_ssif: Fix kernel panic at msg_done_handler
powerpc: Add missing prototype for arch_irq_work_raise()
f2fs: fix to check extent cache in f2fs_drop_extent_tree
perf/core: Fix perf_output_read_group()
drm/panel: simple: Fix the bus format for the Ontat panel
hwmon: (pmbus/max8688) Accept negative page register values
hwmon: (pmbus/adm1275) Accept negative page register values
perf/x86/intel: Properly save/restore the PMU state in the NMI handler
cdrom: do not call check_disk_change() inside cdrom_open()
perf/x86/intel: Fix large period handling on Broadwell CPUs
perf/x86/intel: Fix event update for auto-reload
arm64: dts: qcom: Fix SPI5 config on MSM8996
soc: qcom: wcnss_ctrl: Fix increment in NV upload
gfs2: Fix fallocate chunk size
x86/devicetree: Initialize device tree before using it
x86/devicetree: Fix device IRQ settings in DT
ALSA: vmaster: Propagate slave error
dmaengine: pl330: fix a race condition in case of threaded irqs
dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue()
enic: enable rq before updating rq descriptors
hwrng: stm32 - add reset during probe
dmaengine: qcom: bam_dma: get num-channels and num-ees from dt
net: stmmac: ensure that the device has released ownership before reading data
net: stmmac: ensure that the MSS desc is the last desc to set the own bit
cpufreq: Reorder cpufreq_online() error code path
PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
udf: Provide saner default for invalid uid / gid
ARM: dts: bcm283x: Fix probing of bcm2835-i2s
audit: return on memory error to avoid null pointer dereference
rcu: Call touch_nmi_watchdog() while printing stall warnings
pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group
MIPS: Octeon: Fix logging messages with spurious periods after newlines
drm/rockchip: Respect page offset for PRIME mmap calls
x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified
perf tests: Use arch__compare_symbol_names to compare symbols
perf report: Fix memory corruption in --branch-history mode --branch-history
selftests/net: fixes psock_fanout eBPF test case
netlabel: If PF_INET6, check sk_buff ip header version
regmap: Correct comparison in regmap_cached
ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet
ARM: dts: porter: Fix HDMI output routing
regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()'
pinctrl: msm: Use dynamic GPIO numbering
kdb: make "mdr" command repeat
Linux 4.9.104
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlro5ncACgkQONu9yGCS
aT4mDQ//U/INSIotnD9nahF/bYu4Ga4gWN3Wy8KsZKt3hH3ZeXi3iDx8dZyY5Cce
cjTWkx0ydpBX6l+hSl+5QRg+JsuYwbceR8CyftgluTz6/TdyfJVxzEQ+hLzHNAVh
ogazH9UVmjEMCXyvz75PWdYts0azVF6htym2XPSA46/JjH9n/Y6jXLS647QyDFf+
SnqN8bAmFd87AOPAhCVm59Es6FLX6SI/eDd6HCw/2V5nA4TtV70m/dUkLi6ZHtC5
8539CWnlrjBNj5ZLKIHutMqJQ+pXr//ZXLTI0cSiNO5dDyWhLaohNAezKU8GrN6C
phM86GkeBfDCeyZnDwygEVLXAcPbvN/tZCcQRuo7d9sI378w2/T+HHLqj5v7fi2E
fcmPlqlAq8DWYj2zWML+gYJwBfSdi+AzA/+67F3+nao7ckLyC1mUDZ+LPl4eoC5s
Ci1qwczB3C8STEhssbNh7YYzuhVqdBW/WiOIupE5fq5IehD1oGlHX3MnWt81v1Ro
zseeWewgnkkGlxIT0u5bTAVby3rFseAje8p4sszqwh5oTh0e57d/ptYoW9gIiEdX
DjVojcy3+lGGxJZKF7knE3ftqXQgrFd8SLo9zxE4W3/rM9fjBxgjPzdcix/GaPr2
lDKUu4R/ykD8JR9nLTRkGDbmFKh88eDehU7zzTFr3JsoIrLtcVU=
=adH3
-----END PGP SIGNATURE-----
Merge 4.9.98 into android-4.9
Changes in 4.9.98
ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
ext4: set h_journal if there is a failure starting a reserved handle
ext4: add validity checks for bitmap block numbers
ext4: fix bitmap position validation
random: set up the NUMA crng instances after the CRNG is fully initialized
random: fix possible sleeping allocation from irq context
random: rate limit unseeded randomness warnings
usbip: usbip_event: fix to not print kernel pointer address
usbip: usbip_host: fix to hold parent lock for device_attach() calls
usbip: vhci_hcd: Fix usb device and sockfd leaks
USB: serial: simple: add libtransistor console
USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
USB: serial: cp210x: add ID for NI USB serial console
usb: core: Add quirk for HP v222w 16GB Mini
USB: Increment wakeup count on remote wakeup.
ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
virtio: add ability to iterate over vqs
virtio_console: free buffers after reset
drm/virtio: fix vq wait_event condition
tty: Don't call panic() at tty_ldisc_init()
tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
tty: Use __GFP_NOFAIL for tty_ldisc_get()
ALSA: dice: fix OUI for TC group
ALSA: dice: fix error path to destroy initialized stream data
ALSA: opl3: Hardening for potential Spectre v1
ALSA: asihpi: Hardening for potential Spectre v1
ALSA: hdspm: Hardening for potential Spectre v1
ALSA: rme9652: Hardening for potential Spectre v1
ALSA: control: Hardening for potential Spectre v1
ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
ALSA: seq: oss: Hardening for potential Spectre v1
ALSA: hda: Hardening for potential Spectre v1
ALSA: hda/realtek - Add some fixes for ALC233
mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
kobject: don't use WARN for registration failures
scsi: sd: Defer spinning up drive while SANITIZE is in progress
PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf()
PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf()
PCI: aardvark: Fix PCIe Max Read Request Size setting
ARM: amba: Make driver_override output consistent with other buses
ARM: amba: Fix race condition with driver_override
ARM: amba: Don't read past the end of sysfs "driver_override" buffer
crypto: drbg - set freed buffers to NULL
ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
libceph: un-backoff on tick when we have a authenticated session
libceph: reschedule a tick in finish_hunting()
libceph: validate con->state at the top of try_write()
earlycon: Use a pointer table to fix __earlycon_table stride
cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt
rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops
drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders
objtool, perf: Fix GCC 8 -Wrestrict error
tools/lib/subcmd/pager.c: do not alias select() params
x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
x86/smpboot: Don't use mwait_play_dead() on AMD systems
x86/microcode/intel: Save microcode patch unconditionally
powerpc/eeh: Fix race with driver un/bind
Linux 4.9.98
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlq/sz0ACgkQONu9yGCS
aT4W4w//esMh+X1T4tWptKjji4p0TamE73ptA5lI+hDeD5aDEgjTx2Ue43oyipz6
8yTDk7k/mDgb9Mr9IF0t+hhM5dVKpGYp0evJoaRTFgf6nVsZMPSN8OjmAWgLHiLt
Ki/GgGjenzrkN5kFK5/7PIzLrgrnopRvGNuPcvbDbdPDTFZbr84ABA7xFp2C/wkt
msryzsNnOYEiNKoufx8ExfvIQiUV5Bfw5RqtsJg3p70WpxIs5jlwDAZU3NmJMXzP
91IZViW7iAm84HGi5FmK4ZbVz1wFutwKH6otZGq2ViFOu9gTgbUkPFSc+q1a3NOH
/Ac8jDqk2TUjbx1zmb5T1CKU/JKCL0WysjILPDIDOgGM8wOTPKyRqCaAUDmi+TjK
UfUFfBeHngngj4y4qn5XMiUNSRp8pPlHiWNpcAecilUUedmslKrESpVD2sUHgZQv
fD47FHKQsoQy0pBa1T1VCYO8mnaQjh8ao7c2FeoK3Jw+emPiaUsmveH9aZgMC5dM
Pq4axzdRfOxtL5n5JAdApEj6Gu1l/4D9pIGTiTD9UKcGK+ef+r6zJ8/oHtdHB+EY
04mB95L+UNatrmpctQovdUp7dcDw1xIuNBTRXXF4dOZTQ6nbvrdlNsc+zm8CVgXa
UEvKWXNhxduiiR0W95rR6v1Od+XUqGk8C/lOG9Cg8F2EKymEVX0=
=0d+E
-----END PGP SIGNATURE-----
Merge 4.9.92 into android-4.9
Changes in 4.9.92
scsi: sg: don't return bogus Sg_requests
Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs"
net sched actions: return explicit error when tunnel_key mode is not specified
ppp: avoid loop in xmit recursion detection code
rhashtable: Fix rhlist duplicates insertion
sch_netem: fix skb leak in netem_enqueue()
ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
net: use skb_to_full_sk() in skb_update_prio()
net: Fix hlist corruptions in inet_evict_bucket()
dccp: check sk for closed state in dccp_sendmsg()
ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option()
l2tp: do not accept arbitrary sockets
net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred
net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface
net: fec: Fix unbalanced PM runtime calls
net/iucv: Free memory obtained by kzalloc
netlink: avoid a double skb free in genlmsg_mcast()
net: Only honor ifindex in IP_PKTINFO if non-0
skbuff: Fix not waking applications when errors are enqueued
team: Fix double free in error path
soc/fsl/qbman: fix issue in qman_delete_cgr_safe()
s390/qeth: free netdevice when removing a card
s390/qeth: when thread completes, wake up all waiters
s390/qeth: lock read device while queueing next buffer
s390/qeth: on channel error, reject further cmd requests
net: systemport: Rewrite __bcm_sysport_tx_reclaim()
kcm: lock lower socket in kcm_attach
net: hns: Fix a skb used after free bug
Linux 4.9.92
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit d3dcf8eb615537526bd42ff27a081d46d337816e ]
When inserting duplicate objects (those with the same key),
current rhlist implementation messes up the chain pointers by
updating the bucket pointer instead of prev next pointer to the
newly inserted node. This causes missing elements on removal and
travesal.
Fix that by properly updating pprev pointer to point to
the correct rhash_head next pointer.
Issue: 1241076
Change-Id: I86b2c140bcb4aeb10b70a72a267ff590bb2b17e7
Fixes: ca26893f05 ('rhashtable: Add rhlist interface')
Signed-off-by: Paul Blakey <paulb@mellanox.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlq7xT4ACgkQONu9yGCS
aT54KBAAsw3cqSI3soZ1zjsjBlwrbH1pnv1M36yUik1Jllg03PM5cBqzPHb3aDJd
zIl8p57Q4tPnsOH42S/yv6v9oFMoiOdZs7pOWvGVmb7PMe3waIPEkHhs4H6JEGO5
6dregIdYm7nowsgZk/f7ZprLJ3YouIgRM+K7CD114Tt1Mnk/jt7s/6aiE2gY1R9m
RMAH77DYJntFehazGucYdzxKsVJo5kPug+PoM3svR9A4kzl4W5WLQ3j8/Oz/M640
9CaDUXxeA6FQm+4XCdiqaIj5KcY3+kSy+QEOVy59yOMp8TOY9Yk9L8oDdl5Jgx22
WeiHnroNTbLGbSzH4tq1/DMBt9wT5FSyHDmuhjrWj5scW+PfCk3ALdFvpZD3E032
sexY1gBTDPkozwSrDdNYXST/Gi3V+2gwBH94IrDlL93IixRnbsgIt8G6Xg9MZ//X
DDGeVACKyZkUtRF7HXyHAMZ6vruj3QEUrn+pMflhdbF46jMTx4RimyT5P/NQiQNt
4L0Z9XZpv6QUAJUmmYH8nexJMOTYXy3lpjpZOrNPw5cc2z4VveFma2kDamNDw8Jk
sgJnDZOVuR70hcQUp5vmws/itlDLQBLRiwrKV28Dtid9kgW+mWzNpUM8ciUag8rf
t5KoqQjAuooZH+eISoX4hOpCMNoLHKCCibKauWfDxj9tgyL61ho=
=kgAh
-----END PGP SIGNATURE-----
Merge 4.9.91 into android-4.9
Changes in 4.9.91
MIPS: ralink: Remove ralink_halt()
iio: st_pressure: st_accel: pass correct platform data to init
ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit
ALSA: aloop: Sync stale timer before release
ALSA: aloop: Fix access to not-yet-ready substream via cable
ALSA: hda/realtek - Always immediately update mute LED with pin VREF
mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs
PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L
ahci: Add PCI-id for the Highpoint Rocketraid 644L card
clk: bcm2835: Fix ana->maskX definitions
clk: bcm2835: Protect sections updating shared registers
clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops
Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174
libata: fix length validation of ATAPI-relayed SCSI commands
libata: remove WARN() for DMA or PIO command without data
libata: don't try to pass through NCQ commands to non-NCQ devices
libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs
libata: disable LPM for Crucial BX100 SSD 500GB drive
libata: Enable queued TRIM for Samsung SSD 860
libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs
libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions
libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version
nfsd: remove blocked locks on client teardown
mm/vmalloc: add interfaces to free unmapped page table
x86/mm: implement free pmd/pte page interfaces
mm/khugepaged.c: convert VM_BUG_ON() to collapse fail
mm/thp: do not wait for lock_page() in deferred_split_scan()
mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink()
drm/vmwgfx: Fix a destoy-while-held mutex problem.
drm/radeon: Don't turn off DP sink when disconnected
drm: udl: Properly check framebuffer mmap offsets
acpi, numa: fix pxm to online numa node associations
ACPI / watchdog: Fix off-by-one error at resource assignment
libnvdimm, {btt, blk}: do integrity setup before add_disk()
brcmfmac: fix P2P_DEVICE ethernet address generation
rtlwifi: rtl8723be: Fix loss of signal
tracing: probeevent: Fix to support minus offset from symbol
mtdchar: fix usage of mtd_ooblayout_ecc()
mtd: nand: fsl_ifc: Fix nand waitfunc return value
mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0
mtd: nand: fsl_ifc: Read ECCSTAT0 and ECCSTAT1 registers for IFC 2.0
staging: ncpfs: memory corruption in ncp_read_kernel()
can: ifi: Repair the error handling
can: ifi: Check core revision upon probe
can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack
can: cc770: Fix queue stall & dropped RTR reply
can: cc770: Fix use after free in cc770_tx_interrupt()
tty: vt: fix up tabstops properly
selftests/x86/ptrace_syscall: Fix for yet more glibc interference
kvm/x86: fix icebp instruction handling
x86/build/64: Force the linker to use 2MB page size
x86/boot/64: Verify alignment of the LOAD segment
x86/entry/64: Don't use IST entry for #BP stack
perf/x86/intel/uncore: Fix Skylake UPI event format
perf stat: Fix CVS output format for non-supported counters
perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period()
perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers
iio: ABI: Fix name of timestamp sysfs file
staging: lustre: ptlrpc: kfree used instead of kvfree
selftests, x86, protection_keys: fix wrong offset in siginfo
selftests/x86/protection_keys: Fix syscall NR redefinition warnings
signal/testing: Don't look for __SI_FAULT in userspace
x86/pkeys/selftests: Rename 'si_pkey' to 'siginfo_pkey'
selftests: x86: sysret_ss_attrs doesn't build on a PIE build
kbuild: disable clang's default use of -fmerge-all-constants
bpf: skip unnecessary capability check
bpf, x64: increase number of passes
Linux 4.9.91
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit b6bdb7517c3d3f41f20e5c2948d6bc3f8897394e upstream.
On architectures with CONFIG_HAVE_ARCH_HUGE_VMAP set, ioremap() may
create pud/pmd mappings. A kernel panic was observed on arm64 systems
with Cortex-A75 in the following steps as described by Hanjun Guo.
1. ioremap a 4K size, valid page table will build,
2. iounmap it, pte0 will set to 0;
3. ioremap the same address with 2M size, pgd/pmd is unchanged,
then set the a new value for pmd;
4. pte0 is leaked;
5. CPU may meet exception because the old pmd is still in TLB,
which will lead to kernel panic.
This panic is not reproducible on x86. INVLPG, called from iounmap,
purges all levels of entries associated with purged address on x86. x86
still has memory leak.
The patch changes the ioremap path to free unmapped page table(s) since
doing so in the unmap path has the following issues:
- The iounmap() path is shared with vunmap(). Since vmap() only
supports pte mappings, making vunmap() to free a pte page is an
overhead for regular vmap users as they do not need a pte page freed
up.
- Checking if all entries in a pte page are cleared in the unmap path
is racy, and serializing this check is expensive.
- The unmap path calls free_vmap_area_noflush() to do lazy TLB purges.
Clearing a pud/pmd entry before the lazy TLB purges needs extra TLB
purge.
Add two interfaces, pud_free_pmd_page() and pmd_free_pte_page(), which
clear a given pud/pmd entry and free up a page for the lower level
entries.
This patch implements their stub functions on x86 and arm64, which work
as workaround.
[akpm@linux-foundation.org: fix typo in pmd_free_pte_page() stub]
Link: http://lkml.kernel.org/r/20180314180155.19492-2-toshi.kani@hpe.com
Fixes: e61ce6ade4 ("mm: change ioremap to set up huge I/O mappings")
Reported-by: Lei Li <lious.lilei@hisilicon.com>
Signed-off-by: Toshi Kani <toshi.kani@hpe.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Wang Xuefeng <wxf.wang@hisilicon.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Hanjun Guo <guohanjun@huawei.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Chintan Pandya <cpandya@codeaurora.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Currently there is a difficult to debug bug where an object on
the stack appears to not be on it. Discussing with tglx, he suggests
printing the pointers and the location of the stack for the currently
running task. Lets do the same, so that the error message is more
informative and can help in debugging. After debugging, we can
upstream this patch if its useful.
Bug: 72009635
Change-Id: Id50518e70a500b850580684e82b999afbf88ee75
Signed-off-by: Joel Fernandes <joelaf@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqaaZIACgkQONu9yGCS
aT7IZBAA0MHamhjJ+CRdflP5laYzQRf84vKszP4ZNYgjH7lv2dFKuJeDXX6TmZNe
v/ektyHId7DUe87KU4TbH/bbRXsSCEcEoUo9H9MDk9Z3LMllNoiCV3I7KRgwkhsI
V7JJiBucHV1ZYOSHIq3LnBQK+ywv851FKs4tMww4gRfFQkOHueF4Z6Fl68Yg46Ud
LpAdml2vIY4ClOJlKZGqLfqGTHKEfDPtkeF6Swg2OwixSrBDIJ3oNDRteXVf+r3y
RUHqp9jy2CMfET2SNr25+30l5n2ViM893BBwRfTV9bgZRCDqgGYrUmDkTULK9dSJ
Dj17tQ8JQ6ihF8fEB67V4atbWpEulyEbuo0e3AhT82lqj0s/8RV9sgoYQlT+qlJL
1MQnpuR8EiAEG38u1MnXHKehsaipJ87gKKA4rTUBjOg0/WIN2itnWjeGPbbVC7df
aqUhdo68lmfl4dy+nvjNV8VumoLInBdHACFVmsCtfmT4Qhs7qibC3I6+AnXvv8oa
lFf7ahtYf9QjXE701EUM5aj4SnpURw5Bk0oxPp35SQ96MxekfVV0qQkhsnrNcFH9
zV5F0WttNsvwACk+Z5cK1q0A8GDwpJA6sjsHHZr93cb42NYWHyLz09bFvDRo+W/1
4WkawDT4tAbGDp5JsKyTj4/qSBLsCnAZt0pZ+CtHngT/aoXfFVo=
=sj6m
-----END PGP SIGNATURE-----
Merge 4.9.86 into android-4.9
Changes in 4.9.86
hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers)
i2c: designware: must wait for enable
f2fs: fix a bug caused by NULL extent tree
dmaengine: fsl-edma: disable clks on all error paths
nvme: check hw sectors before setting chunk sectors
net: usb: qmi_wwan: add Telit ME910 PID 0x1101 support
mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM
mtd: nand: brcmnand: Zero bitflip is not an error
ipv6: icmp6: Allow icmp messages to be looped back
ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch
x86/asm: Allow again using asm.h when building for the 'bpf' clang target
sget(): handle failures of register_shrinker()
net: phy: xgene: disable clk on error paths
drm/nouveau/pci: do a msi rearm on init
mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl
spi: atmel: fixed spin_lock usage inside atmel_spi_remove
ASoC: nau8825: fix issue that pop noise when start capture
net: mediatek: setup proper state for disabled GMAC on the default
net: arc_emac: fix arc_emac_rx() error paths
ip6_tunnel: get the min mtu properly in ip6_tnl_xmit
net: stmmac: Fix TX timestamp calculation
scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error
ARM: dts: ls1021a: fix incorrect clock references
lib/mpi: Fix umul_ppmm() for MIPS64r6
tipc: error path leak fixes in tipc_enable_bearer()
tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path
tg3: Add workaround to restrict 5762 MRRS to 2048
tg3: Enable PHY reset in MTU change path for 5720
bnx2x: Improve reliability in case of nested PCI errors
led: core: Fix brightness setting when setting delay_off=0
IB/mlx5: Fix mlx5_ib_alloc_mr error flow
genirq: Guard handle_bad_irq log messages
s390/dasd: fix wrongly assigned configuration data
IB/mlx4: Fix mlx4_ib_alloc_mr error flow
IB/ipoib: Fix race condition in neigh creation
xfs: quota: fix missed destroy of qi_tree_lock
xfs: quota: check result of register_shrinker()
macvlan: Fix one possible double free
e1000: fix disabling already-disabled warning
NET: usb: qmi_wwan: add support for YUGA CLM920-NC5 PID 0x9625
drm/ttm: check the return value of kzalloc
uapi libc compat: add fallback for unsupported libcs
i40e/i40evf: Account for frags split over multiple descriptors in check linearize
nl80211: Check for the required netlink attribute presence
mac80211: mesh: drop frames appearing to be from us
can: flex_can: Correct the checking for frame length in flexcan_start_xmit()
bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine.
xen-netfront: enable device after manual module load
mdio-sun4i: Fix a memory leak
SolutionEngine771x: fix Ether platform data
xen/gntdev: Fix off-by-one error when unmapping with holes
xen/gntdev: Fix partial gntdev_mmap() cleanup
sctp: make use of pre-calculated len
net: gianfar_ptp: move set_fipers() to spinlock protecting area
KVM: arm/arm64: Fix check for hugepage size when allocating at Stage 2
MIPS: Implement __multi3 for GCC7 MIPS64r6 builds
Linux 4.9.86
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit bbc25bee37d2b32cf3a1fab9195b6da3a185614a ]
Current MIPS64r6 toolchains aren't able to generate efficient
DMULU/DMUHU based code for the C implementation of umul_ppmm(), which
performs an unsigned 64 x 64 bit multiply and returns the upper and
lower 64-bit halves of the 128-bit result. Instead it widens the 64-bit
inputs to 128-bits and emits a __multi3 intrinsic call to perform a 128
x 128 multiply. This is both inefficient, and it results in a link error
since we don't include __multi3 in MIPS linux.
For example commit 90a53e4432b1 ("cfg80211: implement regdb signature
checking") merged in v4.15-rc1 recently broke the 64r6_defconfig and
64r6el_defconfig builds by indirectly selecting MPILIB. The same build
errors can be reproduced on older kernels by enabling e.g. CRYPTO_RSA:
lib/mpi/generic_mpih-mul1.o: In function `mpihelp_mul_1':
lib/mpi/generic_mpih-mul1.c:50: undefined reference to `__multi3'
lib/mpi/generic_mpih-mul2.o: In function `mpihelp_addmul_1':
lib/mpi/generic_mpih-mul2.c:49: undefined reference to `__multi3'
lib/mpi/generic_mpih-mul3.o: In function `mpihelp_submul_1':
lib/mpi/generic_mpih-mul3.c:49: undefined reference to `__multi3'
lib/mpi/mpih-div.o In function `mpihelp_divrem':
lib/mpi/mpih-div.c:205: undefined reference to `__multi3'
lib/mpi/mpih-div.c:142: undefined reference to `__multi3'
Therefore add an efficient MIPS64r6 implementation of umul_ppmm() using
inline assembly and the DMULU/DMUHU instructions, to prevent __multi3
calls being emitted.
Fixes: 7fd08ca58a ("MIPS: Add build support for the MIPS R6 ISA")
Signed-off-by: James Hogan <jhogan@kernel.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-mips@linux-mips.org
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqSio0ACgkQONu9yGCS
aT7v/w/+OTmWpuavTV+sJz34t8UfnYtl7MnJhubkaCpaTryLXUDeWr5XGzjYRQTh
2OhvqDqoFqrKeKsMSl9x5ZBzA4CUcl5b/Umr8bqMH2iLeVr159qHoqttJ7lMwhX4
JR0avL4rZZlg/6Vbr8PjwNRn/6KF5UOQnTe4Yfpk89nDojeP5+tIZqhq7d6BFRis
Bcsb3BZg4UuJZYlJXARoXyPb4kCSEpJ6TPRM5Z1OlqbBLSCecjyqhYzW32Yj3HhT
FvV4pJLs/YBkD3GQTrWpNPmLIP/4anu+0geCviCV3SVC7UQJI46yzYLZFSaW1kg0
ol7pNONRGFNxihk4jiKMi5ON3pOMKq3qfY9KDIjGa6R8OIiQLCmC09TFFdzUjCJE
E9Q4av+KmUsCvrYtgpRTPjo/v2KGJRz8ZTuXdF9QjEIOdOomU4PMNNrXKx014goZ
r7mlxK3qW9HToBp60AAinRvNRJyFr3QH9gXjLU8fZvTVJ45eQkIwIqm5Q40Nk/IL
GrpCYkMcFouIYcpnYdurxYcaAeqwA/R4Df5WRHTaOzNXWZ5gsLRkS/muPVOL23cV
kCmlZytacE6R4TDkXzrEVfnN+n3QJWybyrx8sQbhBkT7NiEuPcqU/iGZe3uWSPS8
N2CVTW+keaPJijWeAPDqs+JEn6I/ARNq1gzw8tKjKWpEwyBa25g=
=FVgu
-----END PGP SIGNATURE-----
Merge 4.9.84 into android-4.9
Changes in 4.9.84
vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
kcm: Check if sk_user_data already set in kcm_attach
kcm: Only allow TCP sockets to be attached to a KCM mux
cfg80211: check dev_set_name() return value
xfrm: skip policies marked as dead while rehashing
mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
xfrm: Fix stack-out-of-bounds read on socket policy lookup.
xfrm: check id proto in validate_tmpl()
sctp: set frag_point in sctp_setsockopt_maxseg correctly
blktrace: fix unlocked registration of tracepoints
drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
Provide a function to create a NUL-terminated string from unterminated data
selinux: ensure the context is NUL terminated in security_context_to_sid_core()
selinux: skip bounded transition processing if the policy isn't loaded
crypto: x86/twofish-3way - Fix %rbp usage
staging: android: ion: Add __GFP_NOWARN for system contig heap
staging: android: ion: Switch from WARN to pr_warn
blk_rq_map_user_iov: fix error override
KVM: x86: fix escape of guest dr6 to the host
kcov: detect double association with a single task
netfilter: x_tables: fix int overflow in xt_alloc_table_info()
netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
netfilter: on sockopt() acquire sock lock only in the required scope
netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete
net: avoid skb_warn_bad_offload on IS_ERR
crypto: hash - annotate algorithms taking optional key
crypto: hash - prevent using keyed hashes without setting key
ASoC: ux500: add MODULE_LICENSE tag
video: fbdev/mmp: add MODULE_LICENSE
ARM: 8743/1: bL_switcher: add MODULE_LICENSE tag
arm64: dts: add #cooling-cells to CPU nodes
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
staging: android: ashmem: Fix a race condition in pin ioctls
binder: check for binder_thread allocation failure in binder_poll()
staging: iio: adc: ad7192: fix external frequency setting
staging: iio: ad5933: switch buffer mode to software
usbip: keep usbip_device sockfd state in sync with tcp_socket
usb: build drivers/usb/common/ when USB_SUPPORT is set
ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
ARM: dts: logicpd-som-lv: Fix gpmc addresses for NAND and enet
ARM: dts: logicpd-somlv: Fix wl127x pinmux
ARM: dts: am4372: Correct the interrupts_properties of McASP
ARM: dts: am437x-cm-t43: Correct the dmas property of spi0
perf top: Fix window dimensions change handling
perf bench numa: Fixup discontiguous/sparse numa nodes
media: s5k6aa: describe some function parameters
pinctrl: sunxi: Fix A80 interrupt pin bank
pinctrl: sunxi: Fix A64 UART mux value
i40iw: Correct ARP index mask
RDMA/cma: Make sure that PSN is not over max allowed
sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune
scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
ipvlan: Add the skb->mark as flow4's member to lookup route
m68k: add missing SOFTIRQENTRY_TEXT linker section
powerpc/perf: Fix oops when grouping different pmu events
s390/dasd: prevent prefix I/O error
ARM: dts: Fix elm interrupt compiler warning
gianfar: fix a flooded alignment reports because of padding issue.
net_sched: red: Avoid devision by zero
net_sched: red: Avoid illegal values
btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
brcmfmac: Avoid build error with make W=1
net: ethernet: arc: fix error handling in emac_rockchip_probe
509: fix printing uninitialized stack memory when OID is empty
gianfar: Disable EEE autoneg by default
dmaengine: ioat: Fix error handling path
dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved
clk: fix a panic error caused by accessing NULL pointer
ASoC: rockchip: disable clock on error
spi: sun4i: disable clocks in the remove function
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
drm/armada: fix leak of crtc structure
dmaengine: jz4740: disable/unprepare clk if probe fails
usb: dwc3: gadget: Wait longer for controller to end command processing
usb: dwc3: of-simple: fix missing clk_disable_unprepare
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
platform/x86: dell-laptop: Fix keyboard max lighting for Dell Latitude E6410
xen: XEN_ACPI_PROCESSOR is Dom0-only
hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
powerpc/64s: Fix conversion of slb_miss_common to use RFI_TO_USER/KERNEL
powerpc/64s: Simple RFI macro conversions
powerpc/64s: Improve RFI L1-D cache flush fallback
crypto: talitos - fix Kernel Oops on hashing an empty file
drm/i915: fix intel_backlight_device_register declaration
shmem: avoid maybe-uninitialized warning
clk: sunxi-ng: fix build error without CONFIG_RESET_CONTROLLER
vmxnet3: prevent building with 64K pages
perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
PCI: vmd: Fix suspend handlers defined-but-not-used warning
gpio: intel-mid: Fix build warning when !CONFIG_PM
platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
usb: musb: fix compilation warning on unused function
PCI: Change pci_host_common_probe() visibility
perf: xgene: Include module.h
video: fbdev: via: remove possibly unused variables
scsi: advansys: fix build warning for PCI=n
x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
gpio: xgene: mark PM functions as __maybe_unused
arm64: define BUG() instruction without CONFIG_BUG
x86/fpu/math-emu: Fix possible uninitialized variable use
tools build: Add tools tree support for 'make -s'
x86/build: Silence the build with "make -s"
thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
x86: add MULTIUSER dependency for KVM
dmaengine: zx: fix build warning
x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
x86/vm86: Fix unused variable warning if THP is disabled
scsi: advansys: fix uninitialized data access
arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
ALSA: hda/ca0132 - fix possible NULL pointer use
reiserfs: avoid a -Wmaybe-uninitialized warning
cw1200: fix bogus maybe-uninitialized warning
security/keys: BIG_KEY requires CONFIG_CRYPTO
drm: exynos: mark pm functions as __maybe_unused
rbd: silence bogus -Wmaybe-uninitialized warning
drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
KVM: add X86_LOCAL_APIC dependency
shmem: fix compilation warnings on unused functions
tc358743: fix register i2c_rd/wr functions
go7007: add MEDIA_CAMERA_SUPPORT dependency
em28xx: only use mt9v011 if camera support is enabled
tw5864: use dev_warn instead of WARN to shut up warning
ISDN: eicon: reduce stack size of sig_ind function
clk: meson: gxbb: fix build error without RESET_CONTROLLER
kasan: rework Kconfig settings
drm/i915: hide unused intel_panel_set_backlight function
arm64: sunxi: always enable reset controller
binfmt_elf: compat: avoid unused function warning
spi: bcm-qspi: shut up warning about cfi header inclusion
idle: i7300: add PCI dependency
arm64: fix warning about swapper_pg_dir overflow
usb: phy: msm add regulator dependency
x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug
KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously
KVM: VMX: clean up declaration of VPID/EPT invalidation types
KVM: nVMX: invvpid handling improvements
crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
Linux 4.9.84
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit e7c52b84fb18f08ce49b6067ae6285aca79084a8 upstream.
We get a lot of very large stack frames using gcc-7.0.1 with the default
-fsanitize-address-use-after-scope --param asan-stack=1 options, which can
easily cause an overflow of the kernel stack, e.g.
drivers/gpu/drm/i915/gvt/handlers.c:2434:1: warning: the frame size of 46176 bytes is larger than 3072 bytes
drivers/net/wireless/ralink/rt2x00/rt2800lib.c:5650:1: warning: the frame size of 23632 bytes is larger than 3072 bytes
lib/atomic64_test.c:250:1: warning: the frame size of 11200 bytes is larger than 3072 bytes
drivers/gpu/drm/i915/gvt/handlers.c:2621:1: warning: the frame size of 9208 bytes is larger than 3072 bytes
drivers/media/dvb-frontends/stv090x.c:3431:1: warning: the frame size of 6816 bytes is larger than 3072 bytes
fs/fscache/stats.c:287:1: warning: the frame size of 6536 bytes is larger than 3072 bytes
To reduce this risk, -fsanitize-address-use-after-scope is now split out
into a separate CONFIG_KASAN_EXTRA Kconfig option, leading to stack
frames that are smaller than 2 kilobytes most of the time on x86_64. An
earlier version of this patch also prevented combining KASAN_EXTRA with
KASAN_INLINE, but that is no longer necessary with gcc-7.0.1.
All patches to get the frame size below 2048 bytes with CONFIG_KASAN=y
and CONFIG_KASAN_EXTRA=n have been merged by maintainers now, so we can
bring back that default now. KASAN_EXTRA=y still causes lots of
warnings but now defaults to !COMPILE_TEST to disable it in
allmodconfig, and it remains disabled in all other defconfigs since it
is a new option. I arbitrarily raise the warning limit for KASAN_EXTRA
to 3072 to reduce the noise, but an allmodconfig kernel still has around
50 warnings on gcc-7.
I experimented a bit more with smaller stack frames and have another
follow-up series that reduces the warning limit for 64-bit architectures
to 1280 bytes (without CONFIG_KASAN).
With earlier versions of this patch series, I also had patches to address
the warnings we get with KASAN and/or KASAN_EXTRA, using a
"noinline_if_stackbloat" annotation.
That annotation now got replaced with a gcc-8 bugfix (see
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715) and a workaround for
older compilers, which means that KASAN_EXTRA is now just as bad as
before and will lead to an instant stack overflow in a few extreme
cases.
This reverts parts of commit 3f181b4d86 ("lib/Kconfig.debug: disable
-Wframe-larger-than warnings with KASAN=y"). Two patches in linux-next
should be merged first to avoid introducing warnings in an allmodconfig
build:
3cd890dbe2a4 ("media: dvb-frontends: fix i2c access helpers for KASAN")
16c3ada89cff ("media: r820t: fix r820t_write_reg for KASAN")
Do we really need to backport this?
I think we do: without this patch, enabling KASAN will lead to
unavoidable kernel stack overflow in certain device drivers when built
with gcc-7 or higher on linux-4.10+ or any version that contains a
backport of commit c5caf21ab0cf8. Most people are probably still on
older compilers, but it will get worse over time as they upgrade their
distros.
The warnings we get on kernels older than this should all be for code
that uses dangerously large stack frames, though most of them do not
cause an actual stack overflow by themselves.The asan-stack option was
added in linux-4.0, and commit 3f181b4d86 ("lib/Kconfig.debug:
disable -Wframe-larger-than warnings with KASAN=y") effectively turned
off the warning for allmodconfig kernels, so I would like to see this
fix backported to any kernels later than 4.0.
I have done dozens of fixes for individual functions with stack frames
larger than 2048 bytes with asan-stack, and I plan to make sure that
all those fixes make it into the stable kernels as well (most are
already there).
Part of the complication here is that asan-stack (from 4.0) was
originally assumed to always require much larger stacks, but that
turned out to be a combination of multiple gcc bugs that we have now
worked around and fixed, but sanitize-address-use-after-scope (from
v4.10) has a much higher inherent stack usage and also suffers from at
least three other problems that we have analyzed but not yet fixed
upstream, each of them makes the stack usage more severe than it should
be.
Link: http://lkml.kernel.org/r/20171221134744.2295529-1-arnd@arndb.de
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[arnd: rebase to v4.9; only re-enable warning]
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 8dfd2f22d3bf3ab7714f7495ad5d897b8845e8c1 ]
Callers of sprint_oid() do not check its return value before printing
the result. In the case where the OID is zero-length, -EBADMSG was
being returned without anything being written to the buffer, resulting
in uninitialized stack memory being printed. Fix this by writing
"(bad)" to the buffer in the cases where -EBADMSG is returned.
Fixes: 4f73175d03 ("X.509: Add utility functions to render OIDs as strings")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqIHkMACgkQONu9yGCS
aT7PdxAAu4CZPpSkezcI87bYNLEgmISp/d/CUuCNCE4GzURhQeR3z3NFIBdhuVry
fOiwSwRRZPJCvufmYQlwe+12Vxk2o9bvqqXNOiUYNPiDbwIGetrbN7FPUN/1qCw6
Tyl41BqyyOfEoqyrVx1dwqcpRvSu0M5LDxbm4moGfRnY/C3mm1bR/Z1WubBlxCXC
B9pjqWh/FEpZjfIHRss8vDPj1VfemxRxYhpJVkCs63m4MbSs6jc9oYtA3pTNAgz/
On2x10I7u8JG+227ESBNoVRE+GtfCT84yAoAvlPEyq+QjY+CSOVVlxyB6Y5O8HL6
wpuE75VFUVdlXFt10KoUalgJe1TouXOIDgD70JkeUlmkjp7OCzH13S2wmLueEncY
N6NE4Y4Iy8Qf/orRMKGPuUjtoJFQ4UVfQIfE8Gf4XnDrH0O7veMzAWLZli2XPtDz
SXO1WoTUSOidVSPBSLOjecRQ6L7qkp9BP5S1nrqztBBHPiQ4li+A2Z9RRwSiqPZb
vsYyn62mYalO/ZTczlmUVxroiwtkgaAXWWx6BQrlnskj0QiGFCaiiGV6ieb3WfC4
C6ZxN57BU6i5drNIYo7p7XMoGLyhAOPDOq/qIkz/tWHIjVuEabxhU1dWQm5HbCnQ
8yFyf9a/zrM5/y9RdQddYI/gsI3KddyY1ducAHw0chkRSaVnJZ4=
=/KlU
-----END PGP SIGNATURE-----
Merge 4.9.82 into android-4.9
Changes in 4.9.82
powerpc/pseries: include linux/types.h in asm/hvcall.h
cifs: Fix missing put_xid in cifs_file_strict_mmap
cifs: Fix autonegotiate security settings mismatch
CIFS: zero sensitive data when freeing
dmaengine: dmatest: fix container_of member in dmatest_callback
kaiser: fix compile error without vsyscall
posix-timer: Properly check sigevent->sigev_notify
usb: gadget: uvc: Missing files for configfs interface
sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
sched/rt: Up the root domain ref count when passing it around via IPIs
dccp: CVE-2017-8824: use-after-free in DCCP code
media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
media: hdpvr: Fix an error handling path in hdpvr_probe()
mtd: cfi: convert inline functions to macros
mtd: nand: brcmnand: Disable prefetch by default
mtd: nand: Fix nand_do_read_oob() return value
mtd: nand: sunxi: Fix ECC strength choice
ubi: fastmap: Erase outdated anchor PEBs during attach
ubi: block: Fix locking for idr_alloc/idr_remove
ubifs: Massage assert in ubifs_xattr_set() wrt. init_xattrs
nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
NFS: Add a cond_resched() to nfs_commit_release_pages()
NFS: commit direct writes even if they fail partially
NFS: reject request for id_legacy key without auxdata
NFS: Fix a race between mmap() and O_DIRECT
kernfs: fix regression in kernfs_fop_write caused by wrong type
ahci: Annotate PCI ids for mobile Intel chipsets as such
ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
ahci: Add Intel Cannon Lake PCH-H PCI ID
crypto: hash - introduce crypto_hash_alg_has_setkey()
crypto: cryptd - pass through absence of ->setkey()
crypto: mcryptd - pass through absence of ->setkey()
crypto: poly1305 - remove ->setkey() method
nsfs: mark dentry with DCACHE_RCUACCESS
media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
media: v4l2-compat-ioctl32.c: fix the indentation
media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
media: v4l2-compat-ioctl32.c: avoid sizeof(type)
media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha
media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
crypto: caam - fix endless loop when DECO acquire fails
crypto: sha512-mb - initialize pending lengths correctly
arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED
ASoC: rockchip: i2s: fix playback after runtime resume
ASoC: skl: Fix kernel warning due to zero NHTL entry
watchdog: imx2_wdt: restore previous timeout after suspend+resume
media: dvb-frontends: fix i2c access helpers for KASAN
media: ts2020: avoid integer overflows on 32 bit machines
media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
fs/proc/kcore.c: use probe_kernel_read() instead of memcpy()
kernel/async.c: revert "async: simplify lowest_in_progress()"
kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"
pipe: actually allow root to exceed the pipe buffer limits
pipe: fix off-by-one error when checking buffer limits
HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
Bluetooth: btsdio: Do not bind to non-removable BCM43341
Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version
signal/openrisc: Fix do_unaligned_access to send the proper signal
signal/sh: Ensure si_signo is initialized in do_divide_error
alpha: fix crash if pthread_create races with signal delivery
alpha: fix reboot on Avanti platform
alpha: fix formating of stack content
xtensa: fix futex_atomic_cmpxchg_inatomic
EDAC, octeon: Fix an uninitialized variable warning
pinctrl: intel: Initialize GPIO properly when used through irqchip
pktcdvd: Fix pkt_setup_dev() error path
clocksource/drivers/stm32: Fix kernel panic with multiple timers
lib/ubsan.c: s/missaligned/misaligned/
lib/ubsan: add type mismatch handler for new GCC/Clang
btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
drm/i915: Avoid PPS HW/SW state mismatch due to rounding
ACPI: sbshc: remove raw pointer from printk() message
acpi, nfit: fix register dimm error handling
ovl: fix failure to fsync lower dir
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
ftrace: Remove incorrect setting of glob search field
Linux 4.9.82
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 42440c1f9911b4b7b8ba3dc4e90c1197bc561211 upstream.
UBSAN=y fails to build with new GCC/clang:
arch/x86/kernel/head64.o: In function `sanitize_boot_params':
arch/x86/include/asm/bootparam_utils.h:37: undefined reference to `__ubsan_handle_type_mismatch_v1'
because Clang and GCC 8 slightly changed ABI for 'type mismatch' errors.
Compiler now uses new __ubsan_handle_type_mismatch_v1() function with
slightly modified 'struct type_mismatch_data'.
Let's add new 'struct type_mismatch_data_common' which is independent from
compiler's layout of 'struct type_mismatch_data'. And make
__ubsan_handle_type_mismatch[_v1]() functions transform compiler-dependent
type mismatch data to our internal representation. This way, we can
support both old and new compilers with minimal amount of change.
Link: http://lkml.kernel.org/r/20180119152853.16806-1-aryabinin@virtuozzo.com
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reported-by: Sodagudi Prasad <psodagud@codeaurora.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b8fe1120b4ba342b4f156d24e952d6e686b20298 upstream.
A vist from the spelling fairy.
Cc: David Laight <David.Laight@ACULAB.COM>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlpxrs0ACgkQONu9yGCS
aT7Yxw/+NmM+Yh70QOpW02RCFHCB+F9tnuQXNlLfEoDqlujMS/UNuVMx39gQXDaU
7T/JOmnVtp9WQL9RLgAegSc3ayIQELzvtKjDLSo/hzxYsOmr0WlN2CVTGT7hn9JH
IQdf8cR2r4FZ/XcxQLpSsRabwhqfeoND1TTm5LUNB1Ii05hUU6/s0k1rQguabuo5
vi0BzSh7v/URxlLyL0m4ZVqovWOASS5/qSv7wazd4i/bSqH3g7VXLNu93iyOB8ih
XXpeTjtfAwJ5kUXBWZPNazUzpQ7b56sQPtsvN6CrvTv8jKJ+FH+7S4d50Vgbu51X
YBC36yypYPXunMXB9iiLYkyb8jraKr12BRLXQyl3TlNANoYjBiT/a2XmHDMA1VbL
+ydbswbmcAvZ1fuAekVY+HIogEroWzN7FbhdUgV12nm7/4WfxpBTZW+M8Es/Stuh
2ACT9TWopbhwRFUhFT5kyDTTnK++NsshGzUXbR9qPQzhdaqe76RPfJ6uHV69MXxP
gE9o3NQ3fUieJO5nQj54atErX+sJ4987DnGoWrg+Ye9Svsq1oVw0K1e44VLBp08v
iZk2lvNjUWnkDGQOhsPEYCLq6KPjXkaqV4OZVS6tGxGEZ4QQJjbnYk+kPeKjrKIA
iP3nfaLJ4HQc2kvwEI41HEJGWyGUlhdrnDqfpxpWgGXOStGJrq0=
=RJ2h
-----END PGP SIGNATURE-----
Merge 4.9.79 into android-4.9
Changes in 4.9.79
x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
orangefs: use list_for_each_entry_safe in purge_waiting_ops
orangefs: initialize op on loop restart in orangefs_devreq_read
usbip: prevent vhci_hcd driver from leaking a socket pointer address
usbip: Fix implicit fallthrough warning
usbip: Fix potential format overflow in userspace tools
can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2
Prevent timer value 0 for MWAITX
drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
drivers: base: cacheinfo: fix boot error message when acpi is enabled
mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
hwpoison, memcg: forcibly uncharge LRU pages
cma: fix calculation of aligned offset
mm, page_alloc: fix potential false positive in __zone_watermark_ok
ipc: msg, make msgrcv work with LONG_MIN
ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
ACPICA: Namespace: fix operand cache leak
netfilter: nfnetlink_cthelper: Add missing permission checks
netfilter: xt_osf: Add missing permission checks
reiserfs: fix race in prealloc discard
reiserfs: don't preallocate blocks for extended attributes
fs/fcntl: f_setown, avoid undefined behaviour
scsi: libiscsi: fix shifting of DID_REQUEUE host byte
Revert "module: Add retpoline tag to VERMAGIC"
mm: fix 100% CPU kswapd busyloop on unreclaimable nodes
Input: trackpoint - force 3 buttons if 0 button is reported
orangefs: fix deadlock; do not write i_size in read_iter
um: link vmlinux with -no-pie
vsyscall: Fix permissions for emulate mode with KAISER/PTI
eventpoll.h: add missing epoll event masks
dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state
ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
ipv6: fix udpv6 sendmsg crash caused by too small MTU
ipv6: ip6_make_skb() needs to clear cork.base.dst
lan78xx: Fix failure in USB Full Speed
net: igmp: fix source address check for IGMPv3 reports
net: qdisc_pkt_len_init() should be more robust
net: tcp: close sock if net namespace is exiting
pppoe: take ->needed_headroom of lower device into account on xmit
r8169: fix memory corruption on retrieval of hardware statistics.
sctp: do not allow the v4 socket to bind a v4mapped v6 address
sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
tipc: fix a memory leak in tipc_nl_node_get_link()
vmxnet3: repair memory leak
net: Allow neigh contructor functions ability to modify the primary_key
ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY
ppp: unlock all_ppp_mutex before registering device
be2net: restore properly promisc mode after queues reconfiguration
ip6_gre: init dev->mtu and dev->hard_header_len correctly
gso: validate gso_type in GSO handlers
mlxsw: spectrum_router: Don't log an error on missing neighbor
tun: fix a memory leak for tfile->tx_array
flow_dissector: properly cap thoff field
perf/x86/amd/power: Do not load AMD power module on !AMD platforms
x86/microcode/intel: Extend BDW late-loading further with LLC size check
hrtimer: Reset hrtimer cpu base proper on CPU hotplug
x86: bpf_jit: small optimization in emit_bpf_tail_call()
bpf: fix bpf_tail_call() x64 JIT
bpf: introduce BPF_JIT_ALWAYS_ON config
bpf: arsh is not supported in 32 bit alu thus reject it
bpf: avoid false sharing of map refcount with max_entries
bpf: fix divides by zero
bpf: fix 32-bit divide by zero
bpf: reject stores into ctx via st and xadd
nfsd: auth: Fix gid sorting when rootsquash enabled
Linux 4.9.79
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ upstream commit 290af86629b25ffd1ed6232c4e9107da031705cb ]
The BPF interpreter has been used as part of the spectre 2 attack CVE-2017-5715.
A quote from goolge project zero blog:
"At this point, it would normally be necessary to locate gadgets in
the host kernel code that can be used to actually leak data by reading
from an attacker-controlled location, shifting and masking the result
appropriately and then using the result of that as offset to an
attacker-controlled address for a load. But piecing gadgets together
and figuring out which ones work in a speculation context seems annoying.
So instead, we decided to use the eBPF interpreter, which is built into
the host kernel - while there is no legitimate way to invoke it from inside
a VM, the presence of the code in the host kernel's text section is sufficient
to make it usable for the attack, just like with ordinary ROP gadgets."
To make attacker job harder introduce BPF_JIT_ALWAYS_ON config
option that removes interpreter from the kernel in favor of JIT-only mode.
So far eBPF JIT is supported by:
x64, arm64, arm32, sparc64, s390, powerpc64, mips64
The start of JITed program is randomized and code page is marked as read-only.
In addition "constant blinding" can be turned on with net.core.bpf_jit_harden
v2->v3:
- move __bpf_prog_ret0 under ifdef (Daniel)
v1->v2:
- fix init order, test_bpf and cBPF (Daniel's feedback)
- fix offloaded bpf (Jakub's feedback)
- add 'return 0' dummy in case something can invoke prog->bpf_func
- retarget bpf tree. For bpf-next the patch would need one extra hunk.
It will be sent when the trees are merged back to net-next
Considered doing:
int bpf_jit_enable __read_mostly = BPF_EBPF_JIT_DEFAULT;
but it seems better to land the patch as-is and in bpf-next remove
bpf_jit_enable global variable from all JITs, consolidate in one place
and remove this jit_init() function.
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Disable kasan after the first report. There are several reasons for
this:
- Single bug quite often has multiple invalid memory accesses causing
storm in the dmesg.
- Write OOB access might corrupt metadata so the next report will print
bogus alloc/free stacktraces.
- Reports after the first easily could be not bugs by itself but just
side effects of the first one.
Given that multiple reports usually only do harm, it makes sense to
disable kasan after the first one. If user wants to see all the
reports, the boot-time parameter kasan_multi_shot must be used.
[aryabinin@virtuozzo.com: wrote changelog and doc, added missing include]
Link: http://lkml.kernel.org/r/20170323154416.30257-1-aryabinin@virtuozzo.com
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Bug: 64145065
(cherry-picked from b0845ce58379d11dcad4cdb6824a6410de260216)
Change-Id: Ia8c6d40dd0d4f5b944bf3501c08d7a825070b116
Signed-off-by: Paul Lawrence <paullawrence@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAloyNioACgkQONu9yGCS
aT5nyA/9Eo2iA40h62JJtQDRkp7LQvFf6VwKWFaTq8fbWDjM3x9oC3KEYIY6CfVS
2yHiTT5iZmxXfVEFWYq8auVUXYzGy5UZ+Sm5ryBqB5CoGpZSTEZLZCizvqVdHx1F
eaXwZT1k0Wqslgll9xtqTNj1LzMTz1/Q5w5yVsN+9F1t4lBGKEp9/WoQzWcr/R+F
Fwz76kD5tnzls1nRu+c7DrQzaJxLnQJS+U4e8mKLdmveUTyGFura6YW3aOO9vouV
Qt5LyloYw5eN533LTxJChXLQW1QlQsKe6BSb4qzrVcbFFX5F/b5MF+SO22xvUXwT
XEVrQziDyhYq2y1y4ZGmGHQ/k9pd+gtNx/j0WBSP0BAkeABnOsQGxLWdcsDqJt63
CWyPOcOh8ldOAcX/DD3YU/jRVXzYRrjUgL5Y37XRFJbejeig2clcEf+oOBpi2y0z
CfBtcwRyG60h7+9NJNPN+3wVWhs0fhyXve5TgGNQQ3TMikft673ZM/Rt0cVBvwbC
M7y3ZPy4B7PNfTzf/itHGt3ffw9KQdcp5IiBshHJVQICC6AuvXw5QaDA28VMaeJ6
eQF4UBiGSI7O9G4bx99rYuVuMhwqa2WGau19Dm6TFzTYXbHzaZaXpPfvWbKvryfC
q/s2JF/99Vw9jFVnxY0SxJHp79g1idsWGVP3Jod0k3cn2tKKkHo=
=Jzd9
-----END PGP SIGNATURE-----
Merge 4.9.69 into android-4.9
Changes in 4.9.69
usb: gadget: udc: renesas_usb3: fix number of the pipes
can: ti_hecc: Fix napi poll return value for repoll
can: kvaser_usb: free buf in error paths
can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()
can: kvaser_usb: ratelimit errors if incomplete messages are received
can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
can: ems_usb: cancel urb on -EPIPE and -EPROTO
can: esd_usb2: cancel urb on -EPIPE and -EPROTO
can: usb_8dev: cancel urb on -EPIPE and -EPROTO
virtio: release virtio index when fail to device_register
hv: kvp: Avoid reading past allocated blocks from KVP file
isa: Prevent NULL dereference in isa_bus driver callbacks
scsi: dma-mapping: always provide dma_get_cache_alignment
scsi: use dma_get_cache_alignment() as minimum DMA alignment
scsi: libsas: align sata_device's rps_resp on a cacheline
efi: Move some sysfs files to be read-only by root
efi/esrt: Use memunmap() instead of kfree() to free the remapping
ASN.1: fix out-of-bounds read when parsing indefinite length item
ASN.1: check for error from ASN1_OP_END__ACT actions
KEYS: add missing permission check for request_key() destination
X.509: reject invalid BIT STRING for subjectPublicKey
X.509: fix comparisons of ->pkey_algo
x86/PCI: Make broadcom_postcore_init() check acpi_disabled
KVM: x86: fix APIC page invalidation
btrfs: fix missing error return in btrfs_drop_snapshot
ALSA: pcm: prevent UAF in snd_pcm_info
ALSA: seq: Remove spurious WARN_ON() at timer check
ALSA: usb-audio: Fix out-of-bound error
ALSA: usb-audio: Add check return value for usb_string()
iommu/vt-d: Fix scatterlist offset handling
smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place
s390: fix compat system call table
KVM: s390: Fix skey emulation permission check
powerpc/64s: Initialize ISAv3 MMU registers before setting partition table
brcmfmac: change driver unbind order of the sdio function devices
kdb: Fix handling of kallsyms_symbol_next() return value
drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU
media: dvb: i2c transfers over usb cannot be done from stack
arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one
arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
KVM: arm/arm64: Fix broken GICH_ELRSR big endian conversion
KVM: arm/arm64: vgic-irqfd: Fix MSI entry allocation
KVM: arm/arm64: vgic-its: Check result of allocation before use
arm64: fpsimd: Prevent registers leaking from dead tasks
bus: arm-cci: Fix use of smp_processor_id() in preemptible context
bus: arm-ccn: Check memory allocation failure
bus: arm-ccn: Fix use of smp_processor_id() in preemptible context
bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left.
crypto: talitos - fix AEAD test failures
crypto: talitos - fix memory corruption on SEC2
crypto: talitos - fix setkey to check key weakness
crypto: talitos - fix AEAD for sha224 on non sha224 capable chips
crypto: talitos - fix use of sg_link_tbl_len
crypto: talitos - fix ctr-aes-talitos
usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT
ARM: BUG if jumping to usermode address in kernel mode
ARM: avoid faulting on qemu
thp: reduce indentation level in change_huge_pmd()
thp: fix MADV_DONTNEED vs. numa balancing race
mm: drop unused pmdp_huge_get_and_clear_notify()
Revert "drm/armada: Fix compile fail"
Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA"
ARM: 8657/1: uaccess: consistently check object sizes
vti6: Don't report path MTU below IPV6_MIN_MTU.
ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure
x86/selftests: Add clobbers for int80 on x86_64
x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register
sched/fair: Make select_idle_cpu() more aggressive
x86/hpet: Prevent might sleep splat on resume
powerpc/64: Invalidate process table caching after setting process table
selftest/powerpc: Fix false failures for skipped tests
powerpc: Fix compiling a BE kernel with a powerpc64le toolchain
lirc: fix dead lock between open and wakeup_filter
module: set __jump_table alignment to 8
powerpc/64: Fix checksum folding in csum_add()
ARM: OMAP2+: Fix device node reference counts
ARM: OMAP2+: Release device node after it is no longer needed.
ASoC: rcar: avoid SSI_MODEx settings for SSI8
gpio: altera: Use handle_level_irq when configured as a level_high
HID: chicony: Add support for another ASUS Zen AiO keyboard
usb: gadget: configs: plug memory leak
USB: gadgetfs: Fix a potential memory leak in 'dev_config()'
usb: dwc3: gadget: Fix system suspend/resume on TI platforms
usb: gadget: pxa27x: Test for a valid argument pointer
usb: gadget: udc: net2280: Fix tmp reusage in net2280 driver
kvm: nVMX: VMCLEAR should not cause the vCPU to shut down
libata: drop WARN from protocol error in ata_sff_qc_issue()
workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq
scsi: qla2xxx: Fix ql_dump_buffer
scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters
irqchip/crossbar: Fix incorrect type of register size
KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset
arm: KVM: Survive unknown traps from guests
arm64: KVM: Survive unknown traps from guests
KVM: arm/arm64: VGIC: Fix command handling while ITS being disabled
spi_ks8995: fix "BUG: key accdaa28 not in .data!"
spi_ks8995: regs_size incorrect for some devices
bnx2x: prevent crash when accessing PTP with interface down
bnx2x: fix possible overrun of VFPF multicast addresses array
bnx2x: fix detection of VLAN filtering feature for VF
bnx2x: do not rollback VF MAC/VLAN filters we did not configure
rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races
ibmvnic: Fix overflowing firmware/hardware TX queue
ibmvnic: Allocate number of rx/tx buffers agreed on by firmware
ipv6: reorder icmpv6_init() and ip6_mr_init()
crypto: s5p-sss - Fix completing crypto request in IRQ handler
i2c: riic: fix restart condition
blk-mq: initialize mq kobjects in blk_mq_init_allocated_queue()
zram: set physical queue limits to avoid array out of bounds accesses
netfilter: don't track fragmented packets
axonram: Fix gendisk handling
drm/amd/amdgpu: fix console deadlock if late init failed
powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested
EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro
EDAC, i5000, i5400: Fix definition of NRECMEMB register
kbuild: pkg: use --transform option to prefix paths in tar
coccinelle: fix parallel build with CHECK=scripts/coccicheck
x86/mpx/selftests: Fix up weird arrays
mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
gre6: use log_ecn_error module parameter in ip6_tnl_rcv()
route: also update fnhe_genid when updating a route cache
route: update fnhe_expires for redirect when the fnhe exists
drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()'
lib/genalloc.c: make the avail variable an atomic_long_t
dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0
NFS: Fix a typo in nfs_rename()
sunrpc: Fix rpc_task_begin trace point
xfs: fix forgotten rcu read unlock when skipping inode reclaim
dt-bindings: usb: fix reg-property port-number range
block: wake up all tasks blocked in get_request()
sparc64/mm: set fields in deferred pages
zsmalloc: calling zs_map_object() from irq is a bug
sctp: do not free asoc when it is already dead in sctp_sendmsg
sctp: use the right sk after waking up from wait_buf sleep
bpf: fix lockdep splat
clk: uniphier: fix DAPLL2 clock rate of Pro5
atm: horizon: Fix irq release error
jump_label: Invoke jump_label_test() via early_initcall()
xfrm: Copy policy family in clone_policy
IB/mlx4: Increase maximal message size under UD QP
IB/mlx5: Assign send CQ and recv CQ of UMR QP
afs: Connect up the CB.ProbeUuid
Linux 4.9.69
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Linus Torvalds
Greg Kroah-Hartman
Jeremy Linton
Arnd Bergmann
Waiman Long
Thadeu Lima de Souza Cascardo
Eric Dumazet
Bart Van Assche
Kees Cook
Joel Fernandes (Google)
Nick Terrell
Chintan Pandya
Davidlohr Bueso
Geert Uytterhoeven
Yonghong Song
Dmitry Vyukov
Paul Blakey
Toshi Kani
Joel Fernandes
Paul Lawrence
James Hogan
Eric Biggers
Andrey Ryabinin
Andrew Morton
Alexei Starovoitov
Mark Rutland