-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAluVX/YACgkQONu9yGCS
aT5cHhAApha2JGf7uUZP9pVDBIWh/9il4jkA6w2Fs8pj5RFwTCDtxBe9iNMOloLV
j9mPd2ToEPI4H6Je5clOiLQxkM/tZ2/MQVITLpCM+9lahWB5pOxqC9buAlEYzN0v
NQ9ppUJIakeAJwJJqFxtqhb4tL+hng9BifL57+PPFykFb2xLEcmj8zMXZL5TvaCh
MF+bckiRZgZ8HgoQ2HUC3Jl5x/4QqUjhNBEzCNJ2iC8+h94lE7LoBMiRoC+QF1th
5c3Uqg+vNS/s6FOYlFGEeL2/VvzPYboIqWUFTNb39lws+hGaQ/9Ba5soFpPMuHz4
wLS+fFWuUSWi3XO1Id1imHWFaVAnbAro5vFJ/qvM6j2m3feryI6NCWEyQsEJpoLH
SRt+Lv4lllNgm1I9ieVfEldqyVfHsW6rtp0cV9uRBCgdVMOnOktO0ra1sN25IIA4
97JgOKmrFD/OAOzr5Yz0b3WKseZw+gD4iJwVAFClX9F2n0dWbPHqPPitmxu6iafu
Z1+Pw7V2HmAT2KkaLeSFSOFBa28zbXLzkzdKSabqDr5rPS7tbz4M+Gne7D803K//
sLbRfAm4YM/OirroGVDcFpugGtu4xDmqvkVVpXvjc83CNrqKkX60Jc3kJY9gweiv
v2s+gfTrK0s+tiUcIyKjtBqlBa9jHPfbzkorq3g0ia9ioO8fSWI=
=22ds
-----END PGP SIGNATURE-----
Merge 4.9.126 into android-4.9
Changes in 4.9.126
net: 6lowpan: fix reserved space for single frames
net: mac802154: tx: expand tailroom if necessary
9p/net: Fix zero-copy path in the 9p virtio transport
spi: davinci: fix a NULL pointer dereference
spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe
drm/i915/userptr: reject zero user_size
libertas: fix suspend and resume for SDIO connected cards
mailbox: xgene-slimpro: Fix potential NULL pointer dereference
powerpc/fadump: handle crash memory ranges array index overflow
powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
PCI: Add wrappers for dev_printk()
powerpc/powernv/pci: Work around races in PCI bridge enabling
cxl: Fix wrong comparison in cxl_adapter_context_get()
ib_srpt: Fix a use-after-free in srpt_close_ch()
RDMA/rxe: Set wqe->status correctly if an unexpected response is received
fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
9p/virtio: fix off-by-one error in sg list bounds check
net/9p/client.c: version pointer uninitialized
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
dm thin: stop no_space_timeout worker when switching to write-mode
dm cache metadata: save in-core policy_hint_size to on-disk superblock
uart: fix race between uart_put_char() and uart_shutdown()
iio: ad9523: Fix displayed phase
iio: ad9523: Fix return value for ad952x_store()
vmw_balloon: fix inflation of 64-bit GFNs
vmw_balloon: do not use 2MB without batching
vmw_balloon: VMCI_DOORBELL_SET does not check status
vmw_balloon: fix VMCI use when balloon built into kernel
rtc: omap: fix potential crash on power off
tracing: Do not call start/stop() functions when tracing_on does not change
tracing/blktrace: Fix to allow setting same value
uprobes: Use synchronize_rcu() not synchronize_sched()
mfd: hi655x: Fix regmap area declared size for hi655x
9p: fix multiple NULL-pointer-dereferences
PM / sleep: wakeup: Fix build error caused by missing SRCU support
KVM: VMX: fixes for vmentry_l1d_flush module parameter
xtensa: limit offsets in __loop_cache_{all,page}
xtensa: increase ranges in ___invalidate_{i,d}cache_all
pnfs/blocklayout: off by one in bl_map_stripe()
NFSv4 client live hangs after live data migration recovery
ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
Replace magic for trusting the secondary keyring with #define
Fix kexec forbidding kernels signed with keys in the secondary keyring to boot
mm/tlb: Remove tlb_remove_table() non-concurrent condition
iommu/vt-d: Add definitions for PFSID
iommu/vt-d: Fix dev iotlb pfsid use
osf_getdomainname(): use copy_to_user()
sys: don't hold uts_sem while accessing userspace memory
userns: move user access out of the mutex
ubifs: Fix memory leak in lprobs self-check
Revert "UBIFS: Fix potential integer overflow in allocation"
ubifs: Check data node size before truncate
ubifs: Fix synced_i_size calculation for xattr inodes
pwm: tiehrpwm: Fix disabling of output of PWMs
fb: fix lost console when the user unplugs a USB adapter
udlfb: set optimal write delay
getxattr: use correct xattr length
libnvdimm: fix ars_status output length calculation
printk/tracing: Do not trace printk_nmi_enter()
bcache: release dc->writeback_lock properly in bch_writeback_thread()
perf auxtrace: Fix queue resize
crypto: vmx - Fix sleep-in-atomic bugs
crypto: caam/jr - fix descriptor DMA unmapping
fs/quota: Fix spectre gadget in do_quotactl
Linux 4.9.126
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit f143641bfef9a4a60c57af30de26c63057e7e695 upstream.
Currently, when one echo's in 1 into tracing_on, the current tracer's
"start()" function is executed, even if tracing_on was already one. This can
lead to strange side effects. One being that if the hwlat tracer is enabled,
and someone does "echo 1 > tracing_on" into tracing_on, the hwlat tracer's
start() function is called again which will recreate another kernel thread,
and make it unable to remove the old one.
Link: http://lkml.kernel.org/r/1533120354-22923-1-git-send-email-erica.bugden@linutronix.de
Cc: stable@vger.kernel.org
Fixes: 2df8f8a6a8 ("tracing: Fix regression with irqsoff tracer and tracing_on file")
Reported-by: Erica Bugden <erica.bugden@linutronix.de>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commit 939c7a4f04 ("tracing: Introduce saved_cmdlines_size file")
introduced ability to change saved cmdlines size. This resized saved
command lines but missed resizing tgid mapping as well.
Another issue is that when the resize happens, it removes saved command
lines and reallocates new memory for it. This introduced a race
condition when reading the global savecmd as this can be freed in the
middle of accessing it causing a use after free access. Fix this by
implementing locking.
Signed-off-by: Adrian Salido <salidoa@google.com>
Bug: 36007735
Change-Id: I334791ac35f8bcbd34362ed112aa624275a46947
(cherry picked from commit 7116d306da66de0de21e982024b4d3a3056f4461)
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlt/6CsACgkQONu9yGCS
aT7KOw//boywfZ/3pWvs5bp6MsNBrYxa9mzvv7MDQFj10nibTdwY+XFf7O370j3q
Udt3A3V4a57KnploVglMSv4452LETDhMFdlQlxVTMcWAISiZoviVemDTi6GoRCwI
PJg30COP3kE4u51O5i4sGDrff9mRiUPH2XR4JP27CY1aYbjE1IYoOTfB7jUSZhNn
nzghkYLuxIpXc3GlNiWwXSxjRoDz9hw/0jaY4oZC9CRGi/Z/YBqvXLvj9dMO/2R2
0R1ftiI/CEpuQ10XZ9z3h2WlgiWz9Pj183qBMwCUVR0IDVRo+A6lN1Zz7X+eG0no
+CsDAhwfxu2BmDZ4eTDCgcKTk1LDmSVAo3cOoIdW+UkNbeoz99gFivy+jhEyKwQA
KYfMciX31qmrbVfqGT9mZTsDgrYnLCqOmRnhIoAbA3Tb/4gzO6pQXt08eGK4l+LI
u2Yv4L3BiNtZlRPBZYaibtnAAWOPZEuMIf/cRxXJ4//AcWsLirS1Dy3Z70z7J6ew
jkxtDf2F34YYrj1QGRAKfELiZJOJYX7Ig81y80M4tBD2sjRfb29z7QEK5XbDrIID
OJ8Kh57YrdnkGBOFbG8Yvfy4QV1js8VsReasK1pgad8iL8suBYPTPQwmUztGWXz5
AQsU+aQxNYicTtsRIfEN4Tr1Nb/2IqfShC+lwFpcagMvjzjDT/Q=
=GH5x
-----END PGP SIGNATURE-----
Merge 4.9.124 into android-4.9
Changes in 4.9.124
x86/entry/64: Remove %ebx handling from error_entry/exit
ARC: Explicitly add -mmedium-calls to CFLAGS
usb: dwc3: of-simple: fix use-after-free on remove
netfilter: ipv6: nf_defrag: reduce struct net memory waste
selftests: pstore: return Kselftest Skip code for skipped tests
selftests: static_keys: return Kselftest Skip code for skipped tests
selftests: user: return Kselftest Skip code for skipped tests
selftests: zram: return Kselftest Skip code for skipped tests
selftests: sync: add config fragment for testing sync framework
ARM: dts: NSP: Fix i2c controller interrupt type
ARM: dts: NSP: Fix PCIe controllers interrupt types
ARM: dts: Cygnus: Fix I2C controller interrupt type
ARM: dts: Cygnus: Fix PCIe controller interrupt type
arm64: dts: ns2: Fix I2C controller interrupt type
drm: mali-dp: Enable Global SE interrupts mask for DP500
IB/rxe: Fix missing completion for mem_reg work requests
libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
usb: dwc2: fix isoc split in transfer with no data
usb: gadget: composite: fix delayed_status race condition when set_interface
usb: gadget: dwc2: fix memory leak in gadget_init()
xen: add error handling for xenbus_printf
scsi: xen-scsifront: add error handling for xenbus_printf
xen/scsiback: add error handling for xenbus_printf
arm64: make secondary_start_kernel() notrace
qed: Add sanity check for SIMD fastpath handler.
enic: initialize enic->rfs_h.lock in enic_probe
net: hamradio: use eth_broadcast_addr
net: propagate dev_get_valid_name return code
net: stmmac: socfpga: add additional ocp reset line for Stratix10
nvmet: reset keep alive timer in controller enable
ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP
net: davinci_emac: match the mdio device against its compatible if possible
KVM: arm/arm64: Drop resource size check for GICV window
locking/lockdep: Do not record IRQ state within lockdep code
ipv6: mcast: fix unsolicited report interval after receiving querys
Smack: Mark inode instant in smack_task_to_inode
batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump
batman-adv: Fix bat_v best gw refcnt after netlink dump
cxgb4: when disabling dcb set txq dcb priority to 0
iio: pressure: bmp280: fix relative humidity unit
brcmfmac: stop watchdog before detach and free everything
ARM: dts: am437x: make edt-ft5x06 a wakeup source
ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl
usb: xhci: remove the code build warning
usb: xhci: increase CRS timeout value
NFC: pn533: Fix wrong GFP flag usage
perf test session topology: Fix test on s390
perf report powerpc: Fix crash if callchain is empty
perf bench: Fix numa report output code
netfilter: nf_log: fix uninit read in nf_log_proc_dostring
ceph: fix dentry leak in splice_dentry()
selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs
selftests/x86/sigreturn: Do minor cleanups
ARM: dts: da850: Fix interrups property for gpio
dmaengine: pl330: report BURST residue granularity
dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate()
md/raid10: fix that replacement cannot complete recovery after reassemble
nl80211: relax ht operation checks for mesh
drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes
drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes
drm/exynos: decon5433: Fix WINCONx reset value
bpf, s390: fix potential memleak when later bpf_jit_prog fails
PCI: xilinx: Add missing of_node_put()
PCI: xilinx-nwl: Add missing of_node_put()
bnx2x: Fix receiving tx-timeout in error or recovery state.
acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value
m68k: fix "bad page state" oops on ColdFire boot
objtool: Support GCC 8 '-fnoreorder-functions'
ipvlan: call dev_change_flags when ipvlan mode is reset
HID: wacom: Correct touch maximum XY of 2nd-gen Intuos
ARM: imx_v6_v7_defconfig: Select ULPI support
ARM: imx_v4_v5_defconfig: Select ULPI support
tracing: Use __printf markup to silence compiler
kasan: fix shadow_size calculation error in kasan_module_alloc
smsc75xx: Add workaround for gigabit link up hardware errata.
samples/bpf: add missing <linux/if_vlan.h>
samples/bpf: Check the error of write() and read()
ieee802154: 6lowpan: set IFLA_LINK
netfilter: x_tables: set module owner for icmp(6) matches
ipv6: make ipv6_renew_options() interrupt/kernel safe
net: qrtr: Broadcast messages only from control port
sh_eth: fix invalid context bug while calling auto-negotiation by ethtool
sh_eth: fix invalid context bug while changing link options by ethtool
ravb: fix invalid context bug while calling auto-negotiation by ethtool
ravb: fix invalid context bug while changing link options by ethtool
ARM: pxa: irq: fix handling of ICMR registers in suspend/resume
net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used
ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem
ieee802154: at86rf230: use __func__ macro for debug messages
ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem
drm/armada: fix colorkey mode property
netfilter: nf_conntrack: Fix possible possible crash on module loading.
ARC: Improve cmpxchg syscall implementation
bnxt_en: Always set output parameters in bnxt_get_max_rings().
bnxt_en: Fix for system hang if request_irq fails
perf llvm-utils: Remove bashism from kernel include fetch script
nfit: fix unchecked dereference in acpi_nfit_ctl
RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path
ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot
ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores
ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller
ixgbe: Be more careful when modifying MAC filters
tools: build: Use HOSTLDFLAGS with fixdep
packet: reset network header if packet shorter than ll reserved space
qlogic: check kstrtoul() for errors
tcp: remove DELAYED ACK events in DCTCP
pinctrl: nsp: off by ones in nsp_pinmux_enable()
pinctrl: nsp: Fix potential NULL dereference
drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply()
net/ethernet/freescale/fman: fix cross-build error
net: usb: rtl8150: demote allmulti message to dev_dbg()
PCI: OF: Fix I/O space page leak
PCI: versatile: Fix I/O space page leak
net: qca_spi: Avoid packet drop during initial sync
net: qca_spi: Make sure the QCA7000 reset is triggered
net: qca_spi: Fix log level if probe fails
tcp: identify cryptic messages as TCP seq # bugs
KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
ext4: fix spectre gadget in ext4_mb_regular_allocator()
parisc: Remove ordered stores from syscall.S
xfrm_user: prevent leaking 2 bytes of kernel memory
netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
packet: refine ring v3 block size test to hold one frame
parisc: Remove unnecessary barriers from spinlock.h
PCI: hotplug: Don't leak pci_slot on registration failure
PCI: Skip MPS logic for Virtual Functions (VFs)
PCI: pciehp: Fix use-after-free on unplug
PCI: pciehp: Fix unprotected list iteration in IRQ handler
i2c: imx: Fix race condition in dma read
reiserfs: fix broken xattr handling (heap corruption, bad retval)
Linux 4.9.124
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 26b68dd2f48fe7699a89f0cfbb9f4a650dc1c837 ]
Silence warnings (triggered at W=1) by adding relevant __printf attributes.
CC kernel/trace/trace.o
kernel/trace/trace.c: In function ‘__trace_array_vprintk’:
kernel/trace/trace.c:2979:2: warning: function might be possible candidate for ‘gnu_printf’ format attribute [-Wsuggest-attribute=format]
len = vscnprintf(tbuffer, TRACE_BUF_SIZE, fmt, args);
^~~
AR kernel/trace/built-in.o
Link: http://lkml.kernel.org/r/20180308205843.27447-1-malat@debian.org
Signed-off-by: Mathieu Malaterre <malat@debian.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAltsFNgACgkQONu9yGCS
aT6ZSBAAsAf1VBFKXLJDnCfMdft7Ecrvks3Lb+55qeoPbHgCPPR7ci9R0afaifUn
46O2RFCO5PJAPSGKnLzT6vRUozNIwXbR5zsu/KA9+4zEiej/4PFlF8Ty8yh7LTRI
q0OgyRylbxeUGRjFeTJtaiMG5NIJQD6TEgMhEZoCOSPHVwWjrEyC4ka2RUuXetTw
eXXbm8c+949flMAaxz8plbTUupOQaPiNAaTHzFJR73y5jiRfNTRejgOrawB97BrF
N8uM73sNp87bQeCxQUd00SDrzhHEfCrYueeMhO/qfaduMSx/iUNPpK0KmzF6RxDy
MsmlAFjs9AnPiM7/PH6pdAgwSqsEoIzlRF/oEMOJtONLwHitwGLna8x4NP49eiaQ
7Np6UJNSUJKTyZVar2SRuzKLAsOyoeZOraey9P4OQCKDVdvlLITLSQ2jbqgEn81K
8U92W0r5E/DI6oE/wubMRgus1xPh8yrlynoaa9+wFtSt7QHvBWEpmhe8RRXzAUNv
rSJ4Ovj98IS096f2x1y4zvFfzT3k9soC+5Gxb00JUrWcSbDaffCWTCq4WhrmeasB
I8YeP3lVDSRkkkqwxy1IY5otjYmqwUqhE1wXiai14I+XZ19pIfyRxooFwlCL5wwi
vBm4Lu+cI8a6lUsM1mFk3sxYpekwY6xJt62W75RorCz36MesbLE=
=daBd
-----END PGP SIGNATURE-----
Merge 4.9.119 into android-4.9
Changes in 4.9.119
scsi: qla2xxx: Fix ISP recovery on unload
scsi: qla2xxx: Return error when TMF returns
genirq: Make force irq threading setup more robust
nohz: Fix local_timer_softirq_pending()
netlink: Do not subscribe to non-existent groups
netlink: Don't shift with UB on nlk->ngroups
netlink: Don't shift on 64 for ngroups
ext4: fix false negatives *and* false positives in ext4_check_descriptors()
ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle
ring_buffer: tracing: Inherit the tracing setting to next ring buffer
i2c: imx: Fix reinit_completion() use
Btrfs: fix file data corruption after cloning a range and fsync
tcp: add tcp_ooo_try_coalesce() helper
kmemleak: clear stale pointers from task stacks
fork: unconditionally clear stack on fork
IB/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values
jfs: Fix inconsistency between memory allocation and ea_buf->max_size
Linux 4.9.119
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 73c8d8945505acdcbae137c2e00a1232e0be709f upstream.
Maintain the tracing on/off setting of the ring_buffer when switching
to the trace buffer snapshot.
Taking a snapshot is done by swapping the backup ring buffer
(max_tr_buffer). But since the tracing on/off setting is defined
by the ring buffer, when swapping it, the tracing on/off setting
can also be changed. This causes a strange result like below:
/sys/kernel/debug/tracing # cat tracing_on
1
/sys/kernel/debug/tracing # echo 0 > tracing_on
/sys/kernel/debug/tracing # cat tracing_on
0
/sys/kernel/debug/tracing # echo 1 > snapshot
/sys/kernel/debug/tracing # cat tracing_on
1
/sys/kernel/debug/tracing # echo 1 > snapshot
/sys/kernel/debug/tracing # cat tracing_on
0
We don't touch tracing_on, but snapshot changes tracing_on
setting each time. This is an anomaly, because user doesn't know
that each "ring_buffer" stores its own tracing-enable state and
the snapshot is done by swapping ring buffers.
Link: http://lkml.kernel.org/r/153149929558.11274.11730609978254724394.stgit@devbox
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Tom Zanussi <tom.zanussi@linux.intel.com>
Cc: Hiraku Toyooka <hiraku.toyooka@cybertrust.co.jp>
Cc: stable@vger.kernel.org
Fixes: debdd57f51 ("tracing: Make a snapshot feature available from userspace")
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
[ Updated commit log and comment in the code ]
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This fixes the following clang warning:
kernel/trace/trace.c:3231:12: warning: address of array 'iter->started'
will always evaluate to 'true' [-Wpointer-bool-conversion]
if (iter->started)
Link: http://lkml.kernel.org/r/20170421234110.117075-1-mka@chromium.org
Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
(cherry picked from commit 4dbbe2d8e95c351157f292ece067f985c30c7b53)
Bug: 78886293
Change-Id: Ib17a68ce55ca80b04bdea2d232f8ca9f88b1b8a3
Signed-off-by: Alistair Strachan <astrachan@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlpL3vYACgkQONu9yGCS
aT4/aQ//VcOiG5at4QV8aEyPkmlL69jspa5yWwbbz0p3vddZrGHb72aT+lfcPgOk
tZpHR4zKOwPPu6ROgVMnyGQTks/I5ZwCqxVjuapgiXJy34QIh6JLjldKl03Bfoz8
2Q+5u1eia1R+2pLhEQLPp5siH3pbgqjMiC/jr2UtleC1QKiwOgmFApoXsl35OxUW
VkTjdqTcllxa5cFmEgb53xzH/zm0XemVe6xNH4Y+KMUmow/GcynPdxjZxkBpgl4t
HEhPR1UP708JF+LHv4FA35HujtxtK9y1UVpZmroW4Y6tW/lwwYAgvIWOC0EYv1i0
Uin5NfvG2BVkSmct19qn7IKfuVffCRb+dxvKP9I1wembqZSo68QC8rjs/dYbw+VU
SOGZM/Nd4m3yseM1QjQHc97GSvxtDwqzRBFp5c43HXrmn1ha8By9kqWa25JsiwJo
GHWmDzTWw9gW7Jp/1EVY7VGO3FNSJHy87ZIHoEnAXxzCtf7BZL2Z+myQhhPIiCXg
9jtcGkhvFVkvwjJQAAxPRr8kcNQaGZbTqh/ZhYzahl/HNAX6Ez/af30wJkmand2V
geps+QgWIzy6dgIiWr9YnJgqRbMeaHE8Ncn/Ch/8Lp30tkFnpUEOrdqFOscDtVgk
yzKFl57pnoxVdGjqejiF10v904sG1uHU8h87jtmnhxpgUz/TTLo=
=RrJV
-----END PGP SIGNATURE-----
Merge 4.9.74 into android-4.9
Changes in 4.9.74
sync objtool's copy of x86-opcode-map.txt
tracing: Remove extra zeroing out of the ring buffer page
tracing: Fix possible double free on failure of allocating trace buffer
tracing: Fix crash when it fails to alloc ring buffer
ring-buffer: Mask out the info bits when returning buffer page length
iw_cxgb4: Only validate the MSN for successful completions
ASoC: wm_adsp: Fix validation of firmware and coeff lengths
ASoC: da7218: fix fix child-node lookup
ASoC: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure
ASoC: twl4030: fix child-node lookup
ASoC: tlv320aic31xx: Fix GPIO1 register definition
ALSA: hda: Drop useless WARN_ON()
ALSA: hda - fix headset mic detection issue on a Dell machine
x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
x86/mm: Remove flush_tlb() and flush_tlb_current_task()
x86/mm: Make flush_tlb_mm_range() more predictable
x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code
x86/mm: Disable PCID on 32-bit kernels
x86/mm: Add the 'nopcid' boot option to turn off PCID
x86/mm: Enable CR4.PCIDE on supported systems
x86/mm/64: Fix reboot interaction with CR4.PCIDE
kbuild: add '-fno-stack-check' to kernel build options
ipv4: igmp: guard against silly MTU values
ipv6: mcast: better catch silly mtu values
net: fec: unmap the xmit buffer that are not transferred by DMA
net: igmp: Use correct source address on IGMPv3 reports
netlink: Add netns check on taps
net: qmi_wwan: add Sierra EM7565 1199:9091
net: reevalulate autoflowlabel setting after sysctl setting
ptr_ring: add barriers
RDS: Check cmsg_len before dereferencing CMSG_DATA
tcp_bbr: record "full bw reached" decision in new full_bw_reached bit
tcp md5sig: Use skb's saddr when replying to an incoming segment
tg3: Fix rx hang on MTU change with 5717/5719
net: ipv4: fix for a race condition in raw_sendmsg
net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case
sctp: Replace use of sockets_allocated with specified macro.
adding missing rcu_read_unlock in ipxip6_rcv
ipv4: Fix use-after-free when flushing FIB tables
net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks
net: fec: Allow reception of frames bigger than 1522 bytes
net: Fix double free and memory corruption in get_net_ns_by_id()
net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround
sock: free skb in skb_complete_tx_timestamp on error
tcp: invalidate rate samples during SACK reneging
net/mlx5: Fix rate limit packet pacing naming and struct
net/mlx5e: Fix features check of IPv6 traffic
net/mlx5e: Fix possible deadlock of VXLAN lock
net/mlx5e: Add refcount to VXLAN structure
net/mlx5e: Prevent possible races in VXLAN control flow
net/mlx5: Fix error flow in CREATE_QP command
s390/qeth: apply takeover changes when mode is toggled
s390/qeth: don't apply takeover changes to RXIP
s390/qeth: lock IP table while applying takeover changes
s390/qeth: update takeover IPs after configuration change
usbip: fix usbip bind writing random string after command in match_busid
usbip: prevent leaking socket pointer address in messages
usbip: stub: stop printing kernel pointer addresses in messages
usbip: vhci: stop printing kernel pointer addresses in messages
USB: serial: ftdi_sio: add id for Airbus DS P8GR
USB: serial: qcserial: add Sierra Wireless EM7565
USB: serial: option: add support for Telit ME910 PID 0x1101
USB: serial: option: adding support for YUGA CLM920-NC5
usb: Add device quirk for Logitech HD Pro Webcam C925e
usb: add RESET_RESUME for ELSA MicroLink 56K
USB: Fix off by one in type-specific length check of BOS SSP capability
usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201
timers: Use deferrable base independent of base::nohz_active
timers: Invoke timer_start_debug() where it makes sense
timers: Reinitialize per cpu bases on hotplug
nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()
x86/smpboot: Remove stale TLB flush invocations
n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
tty: fix tty_ldisc_receive_buf() documentation
mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP
Linux 4.9.74
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 24f2aaf952ee0b59f31c3a18b8b36c9e3d3c2cf5 upstream.
Double free of the ring buffer happens when it fails to alloc new
ring buffer instance for max_buffer if TRACER_MAX_TRACE is configured.
The root cause is that the pointer is not set to NULL after the buffer
is freed in allocate_trace_buffers(), and the freeing of the ring
buffer is invoked again later if the pointer is not equal to Null,
as:
instance_mkdir()
|-allocate_trace_buffers()
|-allocate_trace_buffer(tr, &tr->trace_buffer...)
|-allocate_trace_buffer(tr, &tr->max_buffer...)
// allocate fail(-ENOMEM),first free
// and the buffer pointer is not set to null
|-ring_buffer_free(tr->trace_buffer.buffer)
// out_free_tr
|-free_trace_buffers()
|-free_trace_buffer(&tr->trace_buffer);
//if trace_buffer is not null, free again
|-ring_buffer_free(buf->buffer)
|-rb_free_cpu_buffer(buffer->buffers[cpu])
// ring_buffer_per_cpu is null, and
// crash in ring_buffer_per_cpu->pages
Link: http://lkml.kernel.org/r/20171226071253.8968-1-chunyan.zhang@spreadtrum.com
Fixes: 737223fbca ("tracing: Consolidate buffer allocation code")
Signed-off-by: Jing Xia <jing.xia@spreadtrum.com>
Signed-off-by: Chunyan Zhang <chunyan.zhang@spreadtrum.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4397f04575c44e1440ec2e49b6302785c95fd2f8 upstream.
Jing Xia and Chunyan Zhang reported that on failing to allocate part of the
tracing buffer, memory is freed, but the pointers that point to them are not
initialized back to NULL, and later paths may try to free the freed memory
again. Jing and Chunyan fixed one of the locations that does this, but
missed a spot.
Link: http://lkml.kernel.org/r/20171226071253.8968-1-chunyan.zhang@spreadtrum.com
Fixes: 737223fbca ("tracing: Consolidate buffer allocation code")
Reported-by: Jing Xia <jing.xia@spreadtrum.com>
Reported-by: Chunyan Zhang <chunyan.zhang@spreadtrum.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 6b7e633fe9c24682df550e5311f47fb524701586 upstream.
The ring_buffer_read_page() takes care of zeroing out any extra data in the
page that it returns. There's no need to zero it out again from the
consumer. It was removed from one consumer of this function, but
read_buffers_splice_read() did not remove it, and worse, it contained a
nasty bug because of it.
Fixes: 2711ca237a ("ring-buffer: Move zeroing out excess in page to ring buffer code")
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlo6KFYACgkQONu9yGCS
aT4mzw//cSnAjc7kuTtk96GKWat1bQExyb4scmsEkArfVKhoCy0Dhyr9yr4Y6+mX
6l2uUyQ70jhqOvinWIVuoDJoiZhtloudCe6ehmXm81xZsLacmelIC9NHGZ/vx/10
vC4BIZZgft5JiL4OSp/XTd0t++8maK5RUwp8cCqqTDeUyqHKNjUg+moMuJdjvRf7
4qGoBZ4lyijUU5V+WC98KSZSPncU6U1atA6k6Yvgu7oMFGembztERCx19Ka0JxA5
mzsmAH3TIhHUSGinDpTfW9x3Cmu0Dg3H7mQ0AaEVjhAi1oKTxxp0drLCZbeJUAXX
9QPJqr20XZWkuGX/yuy1vkcVo6kRfjaPYi1yyiFoEQ23hYXAaTJyiXC/CWv6kAkc
MOIXqHQgfegDAC33EzVunp/ue0sBwVAhFTpaTwbUiKJ+lpZY74mV+bjk6gZdlGJM
9TAOE66oAPNt6SM+5QC5mtO9cC03nCDIzbud5KXzdjYH8RBfIEvidxNv5qM6x8Hb
dJn6//nQzMTYIQFHja19Sqbt0xXq2lck5DrZZ+YnXlHr5JH1DzPQfqfmu8GD094e
H3oLDUmyBVnkI5jmgo3Xc+ZLArUMX7HhTyKSp+mXxRtGNulcbbQwaSWjEUoqYSzN
twMQPS+NKu+ZuubztP+7gOvyofmAAfcPX6yZpTnPyFKEnjyU3Uw=
=nCSn
-----END PGP SIGNATURE-----
Merge 4.9.71 into android-4.9
Changes in 4.9.71
mfd: fsl-imx25: Clean up irq settings during removal
crypto: rsa - fix buffer overread when stripping leading zeroes
crypto: hmac - require that the underlying hash algorithm is unkeyed
crypto: salsa20 - fix blkcipher_walk API usage
autofs: fix careless error in recent commit
tracing: Allocate mask_str buffer dynamically
USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID
USB: core: prevent malicious bNumInterfaces overflow
usbip: fix stub_rx: get_pipe() to validate endpoint number
usb: add helper to extract bits 12:11 of wMaxPacketSize
usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
ceph: drop negative child dentries before try pruning inode's alias
usb: xhci: fix TDS for MTK xHCI1.1
Bluetooth: btusb: driver to enable the usb-wakeup feature
xhci: Don't add a virt_dev to the devs array before it's fully allocated
nfs: don't wait on commit in nfs_commit_inode() if there were no commit requests
sched/rt: Do not pull from current CPU if only one CPU to pull
eeprom: at24: change nvmem stride to 1
dmaengine: dmatest: move callback wait queue to thread context
ext4: fix fdatasync(2) after fallocate(2) operation
ext4: fix crash when a directory's i_size is too small
mac80211: Fix addition of mesh configuration element
usb: phy: isp1301: Add OF device ID table
KVM: nVMX: do not warn when MSR bitmap address is not backed
usb: xhci-mtk: check hcc_params after adding primary hcd
md-cluster: free md_cluster_info if node leave cluster
userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE
userfaultfd: selftest: vm: allow to build in vm/ directory
net: initialize msg.msg_flags in recvfrom
bnxt_en: Ignore 0 value in autoneg supported speed from firmware.
net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values
net: bcmgenet: correct MIB access of UniMAC RUNT counters
net: bcmgenet: reserved phy revisions must be checked first
net: bcmgenet: power down internal phy if open or resume fails
net: bcmgenet: synchronize irq0 status between the isr and task
net: bcmgenet: Power up the internal PHY before probing the MII
rxrpc: Wake up the transmitter if Rx window size increases on the peer
net/mlx5: Fix create autogroup prev initializer
net/mlx5: Don't save PCI state when PCI error is detected
iommu/io-pgtable-arm-v7s: Check for leaf entry before dereferencing it
drm/amdgpu: fix parser init error path to avoid crash in parser fini
NFSD: fix nfsd_minorversion(.., NFSD_AVAIL)
NFSD: fix nfsd_reset_versions for NFSv4.
Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list
drm/omap: fix dmabuf mmap for dma_alloc'ed buffers
netfilter: bridge: honor frag_max_size when refragmenting
ASoC: rsnd: fix sound route path when using SRC6/SRC9
blk-mq: Fix tagset reinit in the presence of cpu hot-unplug
writeback: fix memory leak in wb_queue_work()
net: wimax/i2400m: fix NULL-deref at probe
dmaengine: Fix array index out of bounds warning in __get_unmap_pool()
irqchip/mvebu-odmi: Select GENERIC_MSI_IRQ_DOMAIN
net: Resend IGMP memberships upon peer notification.
mlxsw: reg: Fix SPVM max record count
mlxsw: reg: Fix SPVMLR max record count
qed: Align CIDs according to DORQ requirement
qed: Fix mapping leak on LL2 rx flow
qed: Fix interrupt flags on Rx LL2
drm: amd: remove broken include path
intel_th: pci: Add Gemini Lake support
openrisc: fix issue handling 8 byte get_user calls
ASoC: rcar: clear DE bit only in PDMACHCR when it stops
scsi: hpsa: update check for logical volume status
scsi: hpsa: limit outstanding rescans
scsi: hpsa: do not timeout reset operations
fjes: Fix wrong netdevice feature flags
drm/radeon/si: add dpm quirk for Oland
Drivers: hv: util: move waiting for release to hv_utils_transport itself
iwlwifi: mvm: cleanup pending frames in DQA mode
sched/deadline: Add missing update_rq_clock() in dl_task_timer()
sched/deadline: Make sure the replenishment timer fires in the next period
sched/deadline: Throttle a constrained deadline task activated after the deadline
sched/deadline: Use deadline instead of period when calculating overflow
mmc: mediatek: Fixed bug where clock frequency could be set wrong
drm/radeon: reinstate oland workaround for sclk
afs: Fix missing put_page()
afs: Populate group ID from vnode status
afs: Adjust mode bits processing
afs: Deal with an empty callback array
afs: Flush outstanding writes when an fd is closed
afs: Migrate vlocation fields to 64-bit
afs: Prevent callback expiry timer overflow
afs: Fix the maths in afs_fs_store_data()
afs: Invalid op ID should abort with RXGEN_OPCODE
afs: Better abort and net error handling
afs: Populate and use client modification time
afs: Fix page leak in afs_write_begin()
afs: Fix afs_kill_pages()
afs: Fix abort on signal while waiting for call completion
nvme-loop: fix a possible use-after-free when destroying the admin queue
nvmet: confirm sq percpu has scheduled and switched to atomic
nvmet-rdma: Fix a possible uninitialized variable dereference
net/mlx4_core: Avoid delays during VF driver device shutdown
net: mpls: Fix nexthop alive tracking on down events
rxrpc: Ignore BUSY packets on old calls
tty: don't panic on OOM in tty_set_ldisc()
tty: fix data race in tty_ldisc_ref_wait()
perf symbols: Fix symbols__fixup_end heuristic for corner cases
efi/esrt: Cleanup bad memory map log messages
NFSv4.1 respect server's max size in CREATE_SESSION
btrfs: add missing memset while reading compressed inline extents
target: Use system workqueue for ALUA transitions
target: fix ALUA transition timeout handling
target: fix race during implicit transition work flushes
Revert "x86/acpi: Set persistent cpuid <-> nodeid mapping when booting"
HID: cp2112: fix broken gpio_direction_input callback
sfc: don't warn on successful change of MAC
fbdev: controlfb: Add missing modes to fix out of bounds access
video: udlfb: Fix read EDID timeout
video: fbdev: au1200fb: Release some resources if a memory allocation fails
video: fbdev: au1200fb: Return an error code if a memory allocation fails
rtc: pcf8563: fix output clock rate
ASoC: Intel: Skylake: Fix uuid_module memory leak in failure case
dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type
PCI/PME: Handle invalid data when reading Root Status
powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo
PCI: Do not allocate more buses than available in parent
iommu/mediatek: Fix driver name
netfilter: ipvs: Fix inappropriate output of procfs
powerpc/opal: Fix EBUSY bug in acquiring tokens
powerpc/ipic: Fix status get and status clear
platform/x86: intel_punit_ipc: Fix resource ioremap warning
target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
iscsi-target: fix memory leak in lio_target_tiqn_addtpg()
target:fix condition return in core_pr_dump_initiator_port()
target/file: Do not return error for UNMAP if length is zero
badblocks: fix wrong return value in badblocks_set if badblocks are disabled
iommu/amd: Limit the IOVA page range to the specified addresses
xfs: truncate pagecache before writeback in xfs_setattr_size()
arm-ccn: perf: Prevent module unload while PMU is in use
crypto: tcrypt - fix buffer lengths in test_aead_speed()
mm: Handle 0 flags in _calc_vm_trans() macro
clk: mediatek: add the option for determining PLL source clock
clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU
clk: hi6220: mark clock cs_atb_syspll as critical
clk: tegra: Fix cclk_lp divisor register
ppp: Destroy the mutex when cleanup
ASoC: rsnd: rsnd_ssi_run_mods() needs to care ssi_parent_mod
thermal/drivers/step_wise: Fix temperature regulation misbehavior
scsi: scsi_debug: write_same: fix error report
GFS2: Take inode off order_write list when setting jdata flag
bcache: explicitly destroy mutex while exiting
bcache: fix wrong cache_misses statistics
Ib/hfi1: Return actual operational VLs in port info query
arm64: prevent regressions in compressed kernel image size when upgrading to binutils 2.27
btrfs: tests: Fix a memory leak in error handling path in 'run_test()'
platform/x86: hp_accel: Add quirk for HP ProBook 440 G4
nvme: use kref_get_unless_zero in nvme_find_get_ns
l2tp: cleanup l2tp_tunnel_delete calls
xfs: fix log block underflow during recovery cycle verification
xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real
RDMA/cxgb4: Declare stag as __be32
PCI: Detach driver before procfs & sysfs teardown on device remove
scsi: hpsa: cleanup sas_phy structures in sysfs when unloading
scsi: hpsa: destroy sas transport properties before scsi_host
powerpc/perf/hv-24x7: Fix incorrect comparison in memord
soc: mediatek: pwrap: fix compiler errors
tty fix oops when rmmod 8250
usb: musb: da8xx: fix babble condition handling
pinctrl: adi2: Fix Kconfig build problem
raid5: Set R5_Expanded on parity devices as well as data.
scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry
IB/core: Fix calculation of maximum RoCE MTU
vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend
rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_createbss_cmd
rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_disassoc_cmd
scsi: sd: change manage_start_stop to bool in sysfs interface
scsi: sd: change allow_restart to bool in sysfs interface
scsi: bfa: integer overflow in debugfs
udf: Avoid overflow when session starts at large offset
macvlan: Only deliver one copy of the frame to the macvlan interface
RDMA/cma: Avoid triggering undefined behavior
IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop
icmp: don't fail on fragment reassembly time exceeded
ath9k: fix tx99 potential info leak
Linux 4.9.71
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 90e406f96f630c07d631a021fd4af10aac913e77 upstream.
The default NR_CPUS can be very large, but actual possible nr_cpu_ids
usually is very small. For my x86 distribution, the NR_CPUS is 8192 and
nr_cpu_ids is 4. About 2 pages are wasted.
Most machines don't have so many CPUs, so define a array with NR_CPUS
just wastes memory. So let's allocate the buffer dynamically when need.
With this change, the mutext tracing_cpumask_update_lock also can be
removed now, which was used to protect mask_str.
Link: http://lkml.kernel.org/r/1512013183-19107-1-git-send-email-changbin.du@intel.com
Fixes: 36dfe9252b ("ftrace: make use of tracing_cpumask")
Signed-off-by: Changbin Du <changbin.du@intel.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlnV4tYACgkQONu9yGCS
aT48Xg/8C8R4G3oeWMmOnEiTBk+31YjzePlE7lGOGMcaVjPd+EFWwq66ikE75c9E
GevAkUkTMSed0OnxvruNK5Sld9m31orDaIdUqX8fs/hzGTq0e5ygvLsnb5BlUxVW
Vwv49HGX3qqv5WP3Uv1rqThntizL/TxYbowtta0XZrvW4YXmSbyJnsFH5B2eavxN
7JUcmylOOQyTDngM084qrDTpFGahaRRzr7W2GYwklhYgQ+yuTdtyXLRfs/eYH6Lh
mNzDEK3siacafqOWrI5zTpQ2IWYuxxeajCJi1fH0JVDqQOLoMKCRkKXCHpd+3Qko
gkhYsItX02nfo9lSLC3+nUQP0n+HkIC8CW6/q0tsD58ccm8atKAaeJ/b7ZS2ONNA
2Dn2/s2zpunODrTBM/OkZRjtVrxPOtUeuCrxZZTERIe8AvudP+igSF1Bp9d1vtLb
AoibT3G3kiEFObF4e92yFiQRnMSZj5Nb9oep+dET8tN0aAbnx7uRbwfLYGoi1TLZ
y/PdXh/0OccGqBHRde7JrOJR8hcuvoEjg8W3su+irBm0pa1GY4W0jSg0kZI1Lt0r
FObAjKpp02UulSfIpUBdjEPCBQvVOHyh31Z2hZG+ZsZCj6p/zuh95QtZdp27R8py
2QiqXv71lAVkSBsBP8ip/+ZlWgX45dEIBJ4Hx1D/ytcjttLfyyw=
=s0r9
-----END PGP SIGNATURE-----
Merge 4.9.53 into android-4.9
Changes in 4.9.53
cifs: release cifs root_cred after exit_cifs
cifs: release auth_key.response for reconnect.
fs/proc: Report eip/esp in /prod/PID/stat for coredumping
mac80211: fix VLAN handling with TXQs
mac80211_hwsim: Use proper TX power
mac80211: flush hw_roc_start work before cancelling the ROC
genirq: Make sparse_irq_lock protect what it should protect
KVM: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce()
KVM: PPC: Book3S HV: Protect updates to spapr_tce_tables list
tracing: Fix trace_pipe behavior for instance traces
tracing: Erase irqsoff trace with empty write
md/raid5: fix a race condition in stripe batch
md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list
scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
drm/radeon: disable hard reset in hibernate for APUs
crypto: drbg - fix freeing of resources
crypto: talitos - Don't provide setkey for non hmac hashing algs.
crypto: talitos - fix sha224
crypto: talitos - fix hashing
security/keys: properly zero out sensitive key material in big_key
security/keys: rewrite all of big_key crypto
KEYS: fix writing past end of user-supplied buffer in keyring_read()
KEYS: prevent creating a different user's keyrings
KEYS: prevent KEYCTL_READ on negative key
powerpc/pseries: Fix parent_dn reference leak in add_dt_node()
powerpc/tm: Flush TM only if CPU has TM feature
powerpc/ftrace: Pass the correct stack pointer for DYNAMIC_FTRACE_WITH_REGS
s390/mm: fix write access check in gup_huge_pmd()
PM: core: Fix device_pm_check_callbacks()
Fix SMB3.1.1 guest authentication to Samba
SMB3: Warn user if trying to sign connection that authenticated as guest
SMB: Validate negotiate (to protect against downgrade) even if signing off
SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags
vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets
nl80211: check for the required netlink attributes presence
bsg-lib: don't free job in bsg_prepare_job
iw_cxgb4: remove the stid on listen create failure
iw_cxgb4: put ep reference in pass_accept_req()
selftests/seccomp: Support glibc 2.26 siginfo_t.h
seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()
arm64: Make sure SPsel is always set
arm64: fault: Route pte translation faults via do_translation_fault
KVM: VMX: extract __pi_post_block
KVM: VMX: avoid double list add with VT-d posted interrupts
KVM: VMX: simplify and fix vmx_vcpu_pi_load
kvm/x86: Handle async PF in RCU read-side critical sections
KVM: VMX: Do not BUG() on out-of-bounds guest IRQ
kvm: nVMX: Don't allow L2 to access the hardware CR8
xfs: validate bdev support for DAX inode flag
etnaviv: fix gem object list corruption
PCI: Fix race condition with driver_override
btrfs: fix NULL pointer dereference from free_reloc_roots()
btrfs: propagate error to btrfs_cmp_data_prepare caller
btrfs: prevent to set invalid default subvolid
x86/mm: Fix fault error path using unsafe vma pointer
x86/fpu: Don't let userspace set bogus xcomp_bv
gfs2: Fix debugfs glocks dump
timer/sysclt: Restrict timer migration sysctl values to 0 and 1
KVM: VMX: do not change SN bit in vmx_update_pi_irte()
KVM: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt
cxl: Fix driver use count
KVM: VMX: use cmpxchg64
video: fbdev: aty: do not leak uninitialized padding in clk to userspace
swiotlb-xen: implement xen_swiotlb_dma_mmap callback
Linux 4.9.53
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 8dd33bcb7050dd6f8c1432732f930932c9d3a33e upstream.
One convenient way to erase trace is "echo > trace". However, this
is currently broken if the current tracer is irqsoff tracer. This
is because irqsoff tracer use max_buffer as the default trace
buffer.
Set the max_buffer as the one to be cleared when it's the trace
buffer currently in use.
Link: http://lkml.kernel.org/r/1505754215-29411-1-git-send-email-byan@nvidia.com
Cc: <mingo@redhat.com>
Fixes: 4acd4d00f ("tracing: give easy way to clear trace buffer")
Signed-off-by: Bo Yan <byan@nvidia.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 75df6e688ccd517e339a7c422ef7ad73045b18a2 upstream.
When reading data from trace_pipe, tracing_wait_pipe() performs a
check to see if tracing has been turned off after some data was read.
Currently, this check always looks at global trace state, but it
should be checking the trace instance where trace_pipe is located at.
Because of this bug, cat instances/i1/trace_pipe in the following
script will immediately exit instead of waiting for data:
cd /sys/kernel/debug/tracing
echo 0 > tracing_on
mkdir -p instances/i1
echo 1 > instances/i1/tracing_on
echo 1 > instances/i1/events/sched/sched_process_exec/enable
cat instances/i1/trace_pipe
Link: http://lkml.kernel.org/r/20170917102348.1615-1-tahsin@google.com
Fixes: 10246fa35d ("tracing: give easy way to clear trace buffer")
Signed-off-by: Tahsin Erdogan <tahsin@google.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlnLnCsACgkQONu9yGCS
aT6NCRAArLcChCaHsfadu4cU3U+s2v9a0Jq9vdqpX954UYTTTKD7B9ZaLaMsS3bv
y94tzydDe6AfhUy0JhpmrX/y0VIkmF1cKt3z5vzwXSqOgMdseiMEfLW+qHHPLEjF
mPSXo88RxBad1Iyip09Olx3nL5YUXYiXHYCnbslbDlJ93FS6B+lH5T2YO9B3clyq
SpIYI8qtUyVSlqVbYmJzDU5SqfGzKR1rJwiVUmp0xpOoZiHjWYDbc8zVKYOoebpO
nwfmXnIwVRGuyZU927+KSX3+3vhhUIzKYpo3H/W/4MjMNtxrLpdq27AYs6YJS1BR
5gzaQLzYKIDGtkq5OPFszCvjcDCHeh+3e59KeMp/WRHdTGYr4ayNY/FsUMtQ0vUC
rf+kEbbLBhR/wAc0NkSLcPivmhmW0qn6EB29L4gNerkrWjyzcdxInpqEmVTc+0fU
Z3Vc6iF28pGCTxSU7GhAYdjKgrpMK9oUqFDmg7nU1biVuYKZIPs7+2utApFtuGZI
/sp4o4mLT7bxwn9qZEaVsC1/Wp6ddonKG+Yj7MStNjz2b3AOh2oGz/f0YtvRM5IM
gB6pueHLF54bxt+s9CFSGZDsXfYXERtK2kyZ1G4BifhgJVwmZUapBe/73/48vYjg
iKYabXfUFkLgdRgGP0FNgOmLKUxexId7AKJCQY9AenkthoMjhco=
=zMgQ
-----END PGP SIGNATURE-----
Merge 4.9.52 into android-4.9
Changes in 4.9.52
SUNRPC: Refactor svc_set_num_threads()
NFSv4: Fix callback server shutdown
mm: prevent double decrease of nr_reserved_highatomic
orangefs: Don't clear SGID when inheriting ACLs
IB/{qib, hfi1}: Avoid flow control testing for RDMA write operation
drm/sun4i: Implement drm_driver lastclose to restore fbdev console
IB/addr: Fix setting source address in addr6_resolve()
tty: improve tty_insert_flip_char() fast path
tty: improve tty_insert_flip_char() slow path
tty: fix __tty_insert_flip_char regression
pinctrl/amd: save pin registers over suspend/resume
Input: i8042 - add Gigabyte P57 to the keyboard reset table
MIPS: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation
MIPS: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero
MIPS: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative
MIPS: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with opposite signs
MIPS: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs
MIPS: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs
MIPS: math-emu: Handle zero accumulator case in MADDF and MSUBF separately
MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Fix NaN propagation
MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Fix some cases of infinite inputs
MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Fix some cases of zero inputs
MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Clean up "maddf_flags" enumeration
MIPS: math-emu: <MADDF|MSUBF>.S: Fix accuracy (32-bit case)
MIPS: math-emu: <MADDF|MSUBF>.D: Fix accuracy (64-bit case)
crypto: ccp - Fix XTS-AES-128 support on v5 CCPs
crypto: AF_ALG - remove SGL terminator indicator when chaining
ext4: fix incorrect quotaoff if the quota feature is enabled
ext4: fix quota inconsistency during orphan cleanup for read-only mounts
powerpc: Fix DAR reporting when alignment handler faults
block: Relax a check in blk_start_queue()
md/bitmap: disable bitmap_resize for file-backed bitmaps.
skd: Avoid that module unloading triggers a use-after-free
skd: Submit requests to firmware before triggering the doorbell
scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path
scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records
scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA
scsi: zfcp: fix missing trace records for early returns in TMF eh handlers
scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response
scsi: zfcp: trace high part of "new" 64 bit SCSI LUN
scsi: megaraid_sas: set minimum value of resetwaittime to be 1 secs
scsi: megaraid_sas: Check valid aen class range to avoid kernel panic
scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead
scsi: storvsc: fix memory leak on ring buffer busy
scsi: sg: remove 'save_scat_len'
scsi: sg: use standard lists for sg_requests
scsi: sg: off by one in sg_ioctl()
scsi: sg: factor out sg_fill_request_table()
scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
scsi: qla2xxx: Correction to vha->vref_count timeout
scsi: qla2xxx: Fix an integer overflow in sysfs code
ftrace: Fix selftest goto location on error
ftrace: Fix memleak when unregistering dynamic ops when tracing disabled
tracing: Add barrier to trace_printk() buffer nesting modification
tracing: Apply trace_clock changes to instance max buffer
ARC: Re-enable MMU upon Machine Check exception
PCI: shpchp: Enable bridge bus mastering if MSI is enabled
PCI: pciehp: Report power fault only once until we clear it
net/netfilter/nf_conntrack_core: Fix net_conntrack_lock()
s390/mm: fix local TLB flushing vs. detach of an mm address space
s390/mm: fix race on mm->context.flush_mm
media: v4l2-compat-ioctl32: Fix timespec conversion
media: uvcvideo: Prevent heap overflow when accessing mapped controls
PM / devfreq: Fix memory leak when fail to register device
bcache: initialize dirty stripes in flash_dev_run()
bcache: Fix leak of bdev reference
bcache: do not subtract sectors_to_gc for bypassed IO
bcache: correct cache_dirty_target in __update_writeback_rate()
bcache: Correct return value for sysfs attach errors
bcache: fix for gc and write-back race
bcache: fix bch_hprint crash and improve output
Linux 4.9.52
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 170b3b1050e28d1ba0700e262f0899ffa4fccc52 upstream.
Currently trace_clock timestamps are applied to both regular and max
buffers only for global trace. For instance trace, trace_clock
timestamps are applied only to regular buffer. But, regular and max
buffers can be swapped, for example, following a snapshot. So, for
instance trace, bad timestamps can be seen following a snapshot.
Let's apply trace_clock timestamps to instance max buffer as well.
Link: http://lkml.kernel.org/r/ebdb168d0be042dcdf51f81e696b17fabe3609c1.1504642143.git.tom.zanussi@linux.intel.com
Fixes: 277ba0446 ("tracing: Add interface to allow multiple trace buffers")
Signed-off-by: Baohong Liu <baohong.liu@intel.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3d9622c12c8873911f4cc0ccdabd0362c2fca06b upstream.
trace_printk() uses 4 buffers, one for each context (normal, softirq, irq
and NMI), such that it does not need to worry about one context preempting
the other. There's a nesting counter that gets incremented to figure out
which buffer to use. If the context gets preempted by another context which
calls trace_printk() it will increment the counter and use the next buffer,
and restore the counter when it is finished.
The problem is that gcc may optimize the modification of the buffer nesting
counter and it may not be incremented in memory before the buffer is used.
If this happens, and the context gets interrupted by another context, it
could pick the same buffer and corrupt the one that is being used.
Compiler barriers need to be added after the nesting variable is incremented
and before it is decremented to prevent usage of the context buffers by more
than one context at the same time.
Cc: Andy Lutomirski <luto@kernel.org>
Fixes: e2ace00117 ("tracing: Choose static tp_printk buffer by explicit nesting count")
Hat-tip-to: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlmmdlEACgkQONu9yGCS
aT7d7g/+O4JE8XMSF9PAOHQMk8ILsN1NCEZoer2HcqBYNavcRfAE70fwt92Rly34
46mPD2JTeZbr9JDGKRTnIPnfG8yJnzIhjl86jwqTxiS3YdUWOLrW7OYmDWCI0FxT
0t14DsKCoF9+DtSXIwEfjlZTqj82X8hEq2HjEJ514IDeTwzk4ftAeyu916EAt5MC
h1LJwWq4nYYTGAtgBQimeN6lk4oMXnJzVigYEDRQvPGHxAkQ5ImcfwpZFjUwrT8F
YsW9OFVw6dOEHIBkn059R18VI56sy6d0lyNFcB9n2W9n8IgB6HIwrpoDM2M7tYB1
vzIX3xlR/oH45faiTdtnlDfox3aFbXZ2NUT1q1TDv5ITTfsstFz+ZoFL7KcLF3KQ
iEyhVukI2YAqdLBLnSZy2+HHCP1ocfJT8nYqi0C2LsDapeLQ1m5MqxKO6wFIDx/e
HK0oJxNnYg3X856ZejFvShV+t3mTwAWNSkiUQYlo3HlT/5hcxnhybYpGDOjVjgar
15HAoRVp/2pZVlWriYS3edEuHwt3lcPGnp/EGDqHjZjA/qX2FYRDG/ybIrZ+j58J
m0N0MoqGs3yEp5NxTFu89y2XhvxN4sZCAnu/KmE/hNRMqwblf4fV6ZQRdhzDc9qj
MTCGThgaSFW09R+Zi3h1chi/x5p82Z0k/iEMBnFNQbad4tNQ7BA=
=BrvC
-----END PGP SIGNATURE-----
Merge 4.9.46 into android-4.9
Changes in 4.9.46
sparc64: remove unnecessary log message
af_key: do not use GFP_KERNEL in atomic contexts
dccp: purge write queue in dccp_destroy_sock()
dccp: defer ccid_hc_tx_delete() at dismantle time
ipv4: fix NULL dereference in free_fib_info_rcu()
net_sched/sfq: update hierarchical backlog when drop packet
net_sched: remove warning from qdisc_hash_add
bpf: fix bpf_trace_printk on 32 bit archs
openvswitch: fix skb_panic due to the incorrect actions attrlen
ptr_ring: use kmalloc_array()
ipv4: better IP_MAX_MTU enforcement
nfp: fix infinite loop on umapping cleanup
sctp: fully initialize the IPv6 address in sctp_v6_to_addr()
tipc: fix use-after-free
ipv6: reset fn->rr_ptr when replacing route
ipv6: repair fib6 tree in failure case
tcp: when rearming RTO, if RTO time is in past then fire RTO ASAP
net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled
irda: do not leak initialized list.dev to userspace
net: sched: fix NULL pointer dereference when action calls some targets
net_sched: fix order of queue length updates in qdisc_replace()
bpf, verifier: add additional patterns to evaluate_reg_imm_alu
bpf: adjust verifier heuristics
bpf, verifier: fix alu ops against map_value{, _adj} register types
bpf: fix mixed signed/unsigned derived min/max value bounds
bpf/verifier: fix min/max handling in BPF_SUB
Input: trackpoint - add new trackpoint firmware ID
Input: elan_i2c - add ELAN0602 ACPI ID to support Lenovo Yoga310
Input: ALPS - fix two-finger scroll breakage in right side on ALPS touchpad
KVM: s390: sthyi: fix sthyi inline assembly
KVM: s390: sthyi: fix specification exception detection
KVM: x86: block guest protection keys unless the host has them enabled
ALSA: usb-audio: Add delay quirk for H650e/Jabra 550a USB headsets
ALSA: core: Fix unexpected error at replacing user TLV
ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)
ALSA: firewire: fix NULL pointer dereference when releasing uninitialized data of iso-resource
ARCv2: PAE40: Explicitly set MSB counterpart of SLC region ops addresses
mm, shmem: fix handling /sys/kernel/mm/transparent_hugepage/shmem_enabled
i2c: designware: Fix system suspend
mm/madvise.c: fix freeing of locked page with MADV_FREE
fork: fix incorrect fput of ->exe_file causing use-after-free
mm/memblock.c: reversed logic in memblock_discard()
drm: Release driver tracking before making the object available again
drm/atomic: If the atomic check fails, return its value first
drm: rcar-du: Fix crash in encoder failure error path
drm: rcar-du: Fix display timing controller parameter
drm: rcar-du: Fix H/V sync signal polarity configuration
tracing: Call clear_boot_tracer() at lateinit_sync
tracing: Fix kmemleak in tracing_map_array_free()
tracing: Fix freeing of filter in create_filter() when set_str is false
kbuild: linker script do not match C names unless LD_DEAD_CODE_DATA_ELIMINATION is configured
cifs: Fix df output for users with quota limits
cifs: return ENAMETOOLONG for overlong names in cifs_open()/cifs_lookup()
nfsd: Limit end of page list when decoding NFSv4 WRITE
ftrace: Check for null ret_stack on profile function graph entry function
perf/core: Fix group {cpu,task} validation
perf probe: Fix --funcs to show correct symbols for offline module
perf/x86/intel/rapl: Make package handling more robust
timers: Fix excessive granularity of new timers after a nohz idle
x86/mm: Fix use-after-free of ldt_struct
net: sunrpc: svcsock: fix NULL-pointer exception
Revert "leds: handle suspend/resume in heartbeat trigger"
netfilter: nat: fix src map lookup
Bluetooth: hidp: fix possible might sleep error in hidp_session_thread
Bluetooth: cmtp: fix possible might sleep error in cmtp_session
Bluetooth: bnep: fix possible might sleep error in bnep_session
Revert "android: binder: Sanity check at binder ioctl"
binder: use group leader instead of open thread
binder: Use wake up hint for synchronous transactions.
ANDROID: binder: fix proc->tsk check.
iio: imu: adis16480: Fix acceleration scale factor for adis16480
iio: hid-sensor-trigger: Fix the race with user space powering up sensors
staging: rtl8188eu: add RNX-N150NUB support
Clarify (and fix) MAX_LFS_FILESIZE macros
ntb_transport: fix qp count bug
ntb_transport: fix bug calculating num_qps_mw
NTB: ntb_test: fix bug printing ntb_perf results
ntb: no sleep in ntb_async_tx_submit
ntb: ntb_test: ensure the link is up before trying to configure the mws
ntb: transport shouldn't disable link due to bogus values in SPADs
ACPI: ioapic: Clear on-stack resource before using it
ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal
ACPI: EC: Fix regression related to wrong ECDT initialization order
powerpc/mm: Ensure cpumask update is ordered
Linux 4.9.46
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 4bb0f0e73c8c30917d169c4a0f1ac083690c545b upstream.
The clear_boot_tracer function is used to reset the default_bootup_tracer
string to prevent it from being accessed after boot, as it originally points
to init data. But since clear_boot_tracer() is called via the
init_lateinit() call, it races with the initcall for registering the hwlat
tracer. If someone adds "ftrace=hwlat" to the kernel command line, depending
on how the linker sets up the text, the saved command line may be cleared,
and the hwlat tracer never is initialized.
Simply have the clear_boot_tracer() be called by initcall_lateinit_sync() as
that's for tasks to be called after lateinit.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=196551
Fixes: e7c15cd8a ("tracing: Added hardware latency tracer")
Reported-by: Zamir SUN <sztsian@gmail.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAll6ZF4ACgkQONu9yGCS
aT5VKQ/+LKVvOK0DDrxV4XfXWmolOfgwz00edx9+O7h75pOKS0jMBFHhGi73UhYS
DLkX5P/eTxZwAWuXlYs+Ptpt+6c7sLtsR1RkDSfCVJEWVi4VA3o3eaG6631e/BS3
dkdprCGaQnRB6fWpjRcighCe2AUi2or8RZ76fxxn2Ec/BMnjHOLzfGAZoI+KwBbv
nc5dguO1hozmiF2o2Akou7x338ZBCOOaCEevDokTI7OPSIdYynAE9IHY6LnlUkRV
/DSEykvRWgPRngIjb9WnVhx/HHhd5hvmyU1zjingzu7680eXU7yYeAe1nz6leXeG
sD0z9kVYAjsWoGL9eAx2fwbs3a44ArUhEmvUFWQ2KHUwBf9MHhWMYV5NOQoEdDUp
VAPcj8lj+swvxHZhdnQqfBJHPXpwKUZSZ1xnPAWK1stM9zq64jfq2W5E32TAn9Uw
aTz2tL1Xx5kWra9eJV9SfeHyzjZ339e24YFCuP7sddVgQkPvVMzf+E/1BoIkfE+s
LJQzfZ8s0z279oDomZre+uhdBv/QIu6angd/wAV3A6ri/ZymEl9sMExRyMNx6Kh2
sJBa2Pr9kuFc3Ext85cgKLdHpsg5VtNkP99Rr0SP0VfJuEN87WLKh0nnKm3ZBDm/
64kmEP1Q0ssE6Asv58vL9w8R7tvgKnmhmDnuKFh8cpunKaM6Wcg=
=mVtV
-----END PGP SIGNATURE-----
Merge 4.9.40 into android-4.9
Changes in 4.9.40
disable new gcc-7.1.1 warnings for now
ir-core: fix gcc-7 warning on bool arithmetic
dm mpath: cleanup -Wbool-operation warning in choose_pgpath()
s5p-jpeg: don't return a random width/height
thermal: max77620: fix device-node reference imbalance
thermal: cpu_cooling: Avoid accessing potentially freed structures
ath9k: fix tx99 use after free
ath9k: fix tx99 bus error
ath9k: fix an invalid pointer dereference in ath9k_rng_stop()
NFC: fix broken device allocation
NFC: nfcmrvl_uart: add missing tty-device sanity check
NFC: nfcmrvl: do not use device-managed resources
NFC: nfcmrvl: use nfc-device for firmware download
NFC: nfcmrvl: fix firmware-management initialisation
nfc: Ensure presence of required attributes in the activate_target handler
nfc: Fix the sockaddr length sanitization in llcp_sock_connect
NFC: Add sockaddr length checks before accessing sa_family in bind handlers
perf intel-pt: Move decoder error setting into one condition
perf intel-pt: Improve sample timestamp
perf intel-pt: Fix missing stack clear
perf intel-pt: Ensure IP is zero when state is INTEL_PT_STATE_NO_IP
perf intel-pt: Fix last_ip usage
perf intel-pt: Ensure never to set 'last_ip' when packet 'count' is zero
perf intel-pt: Use FUP always when scanning for an IP
perf intel-pt: Clear FUP flag on error
Bluetooth: use constant time memory comparison for secret values
wlcore: fix 64K page support
btrfs: Don't clear SGID when inheriting ACLs
igb: Explicitly select page 0 at initialization
ASoC: compress: Derive substream from stream based on direction
PM / Domains: Fix unsafe iteration over modified list of device links
PM / Domains: Fix unsafe iteration over modified list of domain providers
PM / Domains: Fix unsafe iteration over modified list of domains
scsi: ses: do not add a device to an enclosure if enclosure_add_links() fails.
scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state
iscsi-target: Add login_keys_workaround attribute for non RFC initiators
xen/scsiback: Fix a TMR related use-after-free
powerpc/pseries: Fix passing of pp0 in updatepp() and updateboltedpp()
powerpc/64: Fix atomic64_inc_not_zero() to return an int
powerpc: Fix emulation of mcrf in emulate_step()
powerpc: Fix emulation of mfocrf in emulate_step()
powerpc/asm: Mark cr0 as clobbered in mftb()
powerpc/mm/radix: Properly clear process table entry
af_key: Fix sadb_x_ipsecrequest parsing
PCI: Work around poweroff & suspend-to-RAM issue on Macbook Pro 11
PCI: rockchip: Use normal register bank for config accessors
PCI/PM: Restore the status of PCI devices across hibernation
ipvs: SNAT packet replies only for NATed connections
xhci: fix 20000ms port resume timeout
xhci: Fix NULL pointer dereference when cleaning up streams for removed host
xhci: Bad Ethernet performance plugged in ASM1042A host
mxl111sf: Fix driver to use heap allocate buffers for USB messages
usb: storage: return on error to avoid a null pointer dereference
USB: cdc-acm: add device-id for quirky printer
usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL
usb: renesas_usbhs: gadget: disable all eps when the driver stops
md: don't use flush_signals in userspace processes
x86/xen: allow userspace access during hypercalls
cx88: Fix regression in initial video standard setting
libnvdimm, btt: fix btt_rw_page not returning errors
libnvdimm: fix badblock range handling of ARS range
ext2: Don't clear SGID when inheriting ACLs
Raid5 should update rdev->sectors after reshape
s390/syscalls: Fix out of bounds arguments access
drm/amd/amdgpu: Return error if initiating read out of range on vram
drm/radeon/ci: disable mclk switching for high refresh rates (v2)
drm/radeon: Fix eDP for single-display iMac10,1 (v2)
ipmi: use rcu lock around call to intf->handlers->sender()
ipmi:ssif: Add missing unlock in error branch
xfs: Don't clear SGID when inheriting ACLs
f2fs: sanity check size of nat and sit cache
f2fs: Don't clear SGID when inheriting ACLs
drm/ttm: Fix use-after-free in ttm_bo_clean_mm
ovl: drop CAP_SYS_RESOURCE from saved mounter's credentials
vfio: Fix group release deadlock
vfio: New external user group/file match
nvme-rdma: remove race conditions from IB signalling
ftrace: Fix uninitialized variable in match_records()
MIPS: Fix mips_atomic_set() retry condition
MIPS: Fix mips_atomic_set() with EVA
MIPS: Negate error syscall return in trace
ubifs: Don't leak kernel memory to the MTD
ACPI / EC: Drop EC noirq hooks to fix a regression
Revert "ACPI / EC: Enable event freeze mode..." to fix a regression
x86/acpi: Prevent out of bound access caused by broken ACPI tables
x86/ioapic: Pass the correct data to unmask_ioapic_irq()
MIPS: Fix MIPS I ISA /proc/cpuinfo reporting
MIPS: Save static registers before sysmips
MIPS: Actually decode JALX in `__compute_return_epc_for_insn'
MIPS: Fix unaligned PC interpretation in `compute_return_epc'
MIPS: math-emu: Prevent wrong ISA mode instruction emulation
MIPS: Send SIGILL for BPOSGE32 in `__compute_return_epc_for_insn'
MIPS: Rename `sigill_r6' to `sigill_r2r6' in `__compute_return_epc_for_insn'
MIPS: Send SIGILL for linked branches in `__compute_return_epc_for_insn'
MIPS: Send SIGILL for R6 branches in `__compute_return_epc_for_insn'
MIPS: Fix a typo: s/preset/present/ in r2-to-r6 emulation error message
Input: i8042 - fix crash at boot time
IB/iser: Fix connection teardown race condition
IB/core: Namespace is mandatory input for address resolution
sunrpc: use constant time memory comparison for mac
NFS: only invalidate dentrys that are clearly invalid.
udf: Fix deadlock between writeback and udf_setsize()
target: Fix COMPARE_AND_WRITE caw_sem leak during se_cmd quiesce
iser-target: Avoid isert_conn->cm_id dereference in isert_login_recv_done
perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its target
Revert "perf/core: Drop kernel samples even though :u is specified"
staging: rtl8188eu: add TL-WN722N v2 support
staging: comedi: ni_mio_common: fix AO timer off-by-one regression
staging: sm750fb: avoid conflicting vesafb
staging: lustre: ko2iblnd: check copy_from_iter/copy_to_iter return code
ceph: fix race in concurrent readdir
RDMA/core: Initialize port_num in qp_attr
drm/mst: Fix error handling during MST sideband message reception
drm/mst: Avoid dereferencing a NULL mstb in drm_dp_mst_handle_up_req()
drm/mst: Avoid processing partially received up/down message transactions
mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms[] array
hfsplus: Don't clear SGID when inheriting ACLs
ovl: fix random return value on mount
acpi/nfit: Fix memory corruption/Unregister mce decoder on failure
of: device: Export of_device_{get_modalias, uvent_modalias} to modules
spmi: Include OF based modalias in device uevent
reiserfs: Don't clear SGID when inheriting ACLs
PM / Domains: defer dev_pm_domain_set() until genpd->attach_dev succeeds if present
tracing: Fix kmemleak in instance_rmdir
alarmtimer: don't rate limit one-shot timers
Linux 4.9.40
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit db9108e054700c96322b0f0028546aa4e643cf0b upstream.
Hit the kmemleak when executing instance_rmdir, it forgot releasing
mem of tracing_cpumask. With this fix, the warn does not appear any
more.
unreferenced object 0xffff93a8dfaa7c18 (size 8):
comm "mkdir", pid 1436, jiffies 4294763622 (age 9134.308s)
hex dump (first 8 bytes):
ff ff ff ff ff ff ff ff ........
backtrace:
[<ffffffff88b6567a>] kmemleak_alloc+0x4a/0xa0
[<ffffffff8861ea41>] __kmalloc_node+0xf1/0x280
[<ffffffff88b505d3>] alloc_cpumask_var_node+0x23/0x30
[<ffffffff88b5060e>] alloc_cpumask_var+0xe/0x10
[<ffffffff88571ab0>] instance_mkdir+0x90/0x240
[<ffffffff886e5100>] tracefs_syscall_mkdir+0x40/0x70
[<ffffffff886565c9>] vfs_mkdir+0x109/0x1b0
[<ffffffff8865b1d0>] SyS_mkdir+0xd0/0x100
[<ffffffff88403857>] do_syscall_64+0x67/0x150
[<ffffffff88b710e7>] return_from_SYSCALL_64+0x0/0x6a
[<ffffffffffffffff>] 0xffffffffffffffff
Link: http://lkml.kernel.org/r/1500546969-12594-1-git-send-email-chuhu@redhat.com
Fixes: ccfe9e42e4 ("tracing: Make tracing_cpumask available for all instances")
Signed-off-by: Chunyu Hu <chuhu@redhat.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAllxlFQACgkQONu9yGCS
aT42GBAAlL+49kLHeHQszHbIhCyd3bf59TC6cMZdGCA11X/TxvS4jFWpeopXQ7SR
rngaPiAItWFuakZPAIe+cdIQhA1P8o0pwr5iIj0/bXilKYF9ujNrOXxYGTD6qgeB
1G437oYOcIXZQ1sHzy0eMYxM/s8HvmFvVxCwOaISqB6LIZDtX5lYQdzSk/Iy5zAt
k0YBr+q+c6rm9039UQrvyQ0oTwUh0qSWg4rSW8tCOJcIJZP2BaD4M0BLQbaCOYWg
43Npx4MAHqIzWk38fZ7KxOo9yfNv6vbqW1WpB2WAT6i4zJJ6JtXqr7BpYVrSLDL9
NQWvxpuPbEcACL0Mt/mp2fh3bqfh5Hxl77YijyLCo5yq3XRt4w2kOsLUtEiSomQb
51rik+amM7v+ryJqPHLbSngZWbPoVZmkBO1psm5CaMcA4WnVEYy+ga9tnnXRQOzu
8irWSr4L4AxqBoxR/OjyfBcdIOlvgT9jEgnLnER1/W3vHtooyEkXBDYoZ4MszXWm
79VTDRb8i5VIm97klPUpo61D8kGnZOuXDJS2arKqJqVBjcVHeeOwU0jF/4HVpU4N
HKHS/PQRLbV8Aa1r3uADAZLs01dUV1qbdgd7EZBUWj6Vix80w4e3K+kTDIcCe8zC
1KkvGNWjP/3JxwH6GgHsz8hJ6I4Dmsl9JTRUSAFnnGeSj68UDN4=
=QrTI
-----END PGP SIGNATURE-----
Merge 4.9.39 into android-4.9
Changes in 4.9.39
xen-netfront: Rework the fix for Rx stall during OOM and network stress
net_sched: fix error recovery at qdisc creation
net: sched: Fix one possible panic when no destroy callback
net/phy: micrel: configure intterupts after autoneg workaround
ipv6: avoid unregistering inet6_dev for loopback
net: dp83640: Avoid NULL pointer dereference.
tcp: reset sk_rx_dst in tcp_disconnect()
net: prevent sign extension in dev_get_stats()
bridge: mdb: fix leak on complete_info ptr on fail path
rocker: move dereference before free
bpf: prevent leaking pointer via xadd on unpriviledged
net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()
net/mlx5: Cancel delayed recovery work when unloading the driver
liquidio: fix bug in soft reset failure detection
net/mlx5e: Fix TX carrier errors report in get stats ndo
ipv6: dad: don't remove dynamic addresses if link is down
vxlan: fix hlist corruption
net: core: Fix slab-out-of-bounds in netdev_stats_to_stats64
net: ipv6: Compare lwstate in detecting duplicate nexthops
vrf: fix bug_on triggered by rx when destroying a vrf
rds: tcp: use sock_create_lite() to create the accept socket
brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
brcmfmac: Fix a memory leak in error handling path in 'brcmf_cfg80211_attach'
brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain
sfc: don't read beyond unicast address list
cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
cfg80211: Check if PMKID attribute is of expected size
cfg80211: Check if NAN service ID is of expected size
irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity
parisc: Report SIGSEGV instead of SIGBUS when running out of stack
parisc: use compat_sys_keyctl()
parisc: DMA API: return error instead of BUG_ON for dma ops on non dma devs
parisc/mm: Ensure IRQs are off in switch_mm()
tools/lib/lockdep: Reduce MAX_LOCK_DEPTH to avoid overflowing lock_chain/: Depth
thp, mm: fix crash due race in MADV_FREE handling
kernel/extable.c: mark core_kernel_text notrace
mm/list_lru.c: fix list_lru_count_node() to be race free
fs/dcache.c: fix spin lockup issue on nlru->lock
checkpatch: silence perl 5.26.0 unescaped left brace warnings
binfmt_elf: use ELF_ET_DYN_BASE only for PIE
arm: move ELF_ET_DYN_BASE to 4MB
arm64: move ELF_ET_DYN_BASE to 4GB / 4MB
powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB
s390: reduce ELF_ET_DYN_BASE
exec: Limit arg stack to at most 75% of _STK_LIM
ARM64: dts: marvell: armada37xx: Fix timer interrupt specifiers
vt: fix unchecked __put_user() in tioclinux ioctls
rcu: Add memory barriers for NOCB leader wakeup
nvmem: core: fix leaks on registration errors
mnt: In umount propagation reparent in a separate pass
mnt: In propgate_umount handle visiting mounts in any order
mnt: Make propagate_umount less slow for overlapping mount propagation trees
selftests/capabilities: Fix the test_execve test
mm: fix overflow check in expand_upwards()
crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD
crypto: atmel - only treat EBUSY as transient if backlog
crypto: sha1-ssse3 - Disable avx2
crypto: caam - properly set IV after {en,de}crypt
crypto: caam - fix signals handling
Revert "sched/core: Optimize SCHED_SMT"
sched/fair, cpumask: Export for_each_cpu_wrap()
sched/topology: Fix building of overlapping sched-groups
sched/topology: Optimize build_group_mask()
sched/topology: Fix overlapping sched_group_mask
PM / wakeirq: Convert to SRCU
PM / QoS: return -EINVAL for bogus strings
tracing: Use SOFTIRQ_OFFSET for softirq dectection for more accurate results
kvm: vmx: Do not disable intercepts for BNDCFGS
kvm: x86: Guest BNDCFGS requires guest MPX support
kvm: vmx: Check value written to IA32_BNDCFGS
kvm: vmx: allow host to access guest MSR_IA32_BNDCFGS
4.9.39
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit c59f29cb144a6a0dfac16ede9dc8eafc02dc56ca upstream.
The 's' flag is supposed to indicate that a softirq is running. This
can be detected by testing the preempt_count with SOFTIRQ_OFFSET.
The current code tests the preempt_count with SOFTIRQ_MASK, which
would be true even when softirqs are disabled but not serving a
softirq.
Link: http://lkml.kernel.org/r/1481300417-3564-1-git-send-email-pkondeti@codeaurora.org
Signed-off-by: Pavankumar Kondeti <pkondeti@codeaurora.org>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlkBmaQACgkQONu9yGCS
aT7qahAAyxuJEAvzX+cKRegCfO0RYQrqCwvXWD/ijGtXl4Sj9JErG91RTflq6wFb
3v2b8T/iM7ekwHPgmVReUuG0kBxXuH8VrLhj4/jLFHMNhXwGOMpEKbsqhvoi5q5A
Ub++lj5i812y2Wn87Y9dwiyvgI17xVcBNCxXTVb4kLAuFiOSS5tVVqkf3w2T9uAy
/e0HlG4VSiTHanHL2EWLAqUfvYtRHPukq3EOqzHNtp+Ie4Ht9gA6h6ekXVGnpAp/
ZrA92VoQmGcyvJLvbdjwIJ3KbIWI4ryFAPWjtjEXRVMkJ8lvgtReRRQuD2rpMlAn
0p5LxvEUJq+SLxdpeTfVZy9rzrPL/GktzunvWSko/5z5haCyQCS8KPvaM8LdIGh4
FjyPHJ9+mTuJSaAcGr+j8+uz2mqffQmwS8rxZpPInk+nG1naD7oI26jlFvYaq/QJ
swf/OCWZWnafu7wfJid8o7z8aXNxNlRMI5w4EHxtHT0Zi/ByS1MFzuyYgUV8hKp0
d4wfUWYG2NCwMdCfLzGS54ajtlgTPOc++wuW5ZVH2fBIG8BhT2UHv3FNwN5hL9IE
nQD2u6fKRl7L0NF7EiK6aLix2xf7/tNMcqRRM3n+dH6Vsm6mSaTQkPz1qtEP0shT
fN++4aLQaPI9kyFAKEO0ARH9pjaKYw1YQDBm4Wksd0yCZzO6+Hk=
=oV21
-----END PGP SIGNATURE-----
Merge 4.9.25 into android-4.9
Changes in 4.9.25:
KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
KEYS: Change the name of the dead type to ".dead" to prevent user access
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
tracing: Allocate the snapshot buffer before enabling probe
ring-buffer: Have ring_buffer_iter_empty() return true when empty
mm: prevent NR_ISOLATE_* stats from going negative
cifs: Do not send echoes before Negotiate is complete
CIFS: remove bad_network_name flag
s390/mm: fix CMMA vs KSM vs others
Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled
ACPI / power: Avoid maybe-uninitialized warning
mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card
ubifs: Fix RENAME_WHITEOUT support
ubifs: Fix O_TMPFILE corner case in ubifs_link()
mac80211: reject ToDS broadcast data frames
mac80211: fix MU-MIMO follow-MAC mode
ubi/upd: Always flush after prepared for an update
powerpc/kprobe: Fix oops when kprobed on 'stdu' instruction
x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs
x86/mce: Make the MCE notifier a blocking one
device-dax: switch to srcu, fix rcu_read_lock() vs pte allocation
Linux 4.9.25
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit df62db5be2e5f070ecd1a5ece5945b590ee112e0 upstream.
Currently the snapshot trigger enables the probe and then allocates the
snapshot. If the probe triggers before the allocation, it could cause the
snapshot to fail and turn tracing off. It's best to allocate the snapshot
buffer first, and then enable the trigger. If something goes wrong in the
enabling of the trigger, the snapshot buffer is still allocated, but it can
also be freed by the user by writting zero into the snapshot buffer file.
Also add a check of the return status of alloc_snapshot().
Fixes: 77fd5c15e3 ("tracing: Add snapshot trigger to function probes")
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlj5tWEACgkQONu9yGCS
aT4noA//ZKztJudzNoXOaYThKQrbKTJeB+cL4PusLqd7gv9yKt7IJD+5+V/+jYRS
N5GlwNOS02r6tduhCz9I/XjRKzilvC2WHt3Akf8nPC2dadhzcOW3UPvT0IEoIrHy
FkTnUn/1TvBA2I1uB8k93nk/jfx7RYrO+4axiyZ0XQCMJTc7M4MmPTGw2jrzxPug
Ogy7taNpY+By7PxJyU4rH8Lh2jiIYGYDrRWExZIcL7A7IlWBPbVkagzn2PPgQbg4
XX250JZ7bQyCGcrVxlTqaBScEkdICZTUqI3d3HQUwF39QBq9z+VlqP13T5j7XMea
d7jHZswWClQj4xeGWq+iiLR0VF5OVCTkbhl61YTI9rPFEaewSwMiGrpHiidKTaOK
KAxa34dwrz1IVI/p/a9DbZBj7IpwiH3jF3rEvx1ieEbTGHxLBi/COGK3aCES5TtX
mjz/WjReo4aR3fudgNFJqNsmJmgEJ3yAO7Lk3tglBmYOgUpQhbRwClPjYvXVphzH
ClYE1KCMMV4BTcDUqEfoBL46Qd2141E9Wxgmh+KYB+14X0QqQg+qRyZYyOvUGIuD
A7J7MbXyBuM0dXS2t9olLbHb+tllGz6lBHANf8g141ot8jjlCBoP5yjBP6W0gZP8
UsKSH/sLEPGMO3KD4D2lLixkoENilS+3DhJwmrrqZAhhaqlMPEI=
=/rwk
-----END PGP SIGNATURE-----
Merge 4.9.24 into android-4.9
Changes in 4.9.24:
cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups
tcmu: Fix possible overwrite of t_data_sg's last iov[]
tcmu: Fix wrongly calculating of the base_command_size
tcmu: Skip Data-Out blocks before gathering Data-In buffer for BIDI case
thp: fix MADV_DONTNEED vs. MADV_FREE race
thp: fix MADV_DONTNEED vs clear soft dirty race
zsmalloc: expand class bit
orangefs: free superblock when mount fails
drm/nouveau/mpeg: mthd returns true on success now
drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one
drm/etnaviv: fix missing unlock on error in etnaviv_gpu_submit()
CIFS: reconnect thread reschedule itself
CIFS: store results of cifs_reopen_file to avoid infinite wait
Input: xpad - add support for Razer Wildcat gamepad
perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32()
x86/efi: Don't try to reserve runtime regions
x86/signals: Fix lower/upper bound reporting in compat siginfo
x86, pmem: fix broken __copy_user_nocache cache-bypass assumptions
x86/vdso: Ensure vdso32_enabled gets set to valid values only
x86/vdso: Plug race between mapping and ELF header setup
acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit comparison)
ACPI / scan: Set the visited flag for all enumerated devices
parisc: fix bugs in pa_memcpy
efi/libstub: Skip GOP with PIXEL_BLT_ONLY format
efi/fb: Avoid reconfiguration of BAR that covers the framebuffer
iscsi-target: Fix TMR reference leak during session shutdown
iscsi-target: Drop work-around for legacy GlobalSAN initiator
scsi: sr: Sanity check returned mode data
scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable
scsi: qla2xxx: Add fix to read correct register value for ISP82xx.
scsi: sd: Fix capacity calculation with 32-bit sector_t
target: Avoid mappedlun symlink creation during lun shutdown
xen, fbfront: fix connecting to backend
new privimitive: iov_iter_revert()
make skb_copy_datagram_msg() et.al. preserve ->msg_iter on error
libnvdimm: fix blk free space accounting
libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat
can: ifi: use correct register to read rx status
pwm: rockchip: State of PWM clock should synchronize with PWM enabled state
cpufreq: Bring CPUs up even if cpufreq_online() failed
irqchip/irq-imx-gpcv2: Fix spinlock initialization
ftrace: Fix removing of second function probe
char: lack of bool string made CONFIG_DEVPORT always on
Revert "MIPS: Lantiq: Fix cascaded IRQ setup"
kvm: fix page struct leak in handle_vmon
zram: do not use copy_page with non-page aligned address
ftrace: Fix function pid filter on instances
crypto: algif_aead - Fix bogus request dereference in completion function
crypto: ahash - Fix EINPROGRESS notification callback
parisc: Fix get_user() for 64-bit value on 32-bit kernel
ath9k: fix NULL pointer dereference
dvb-usb-v2: avoid use-after-free
ext4: fix inode checksum calculation problem if i_extra_size is small
mm: memcontrol: use special workqueue for creating per-memcg caches
drm/nouveau/disp/mcp7x: disable dptmds workaround
nbd: use loff_t for blocksize and nbd_set_size args
nbd: fix 64-bit division
ASoC: Intel: select DW_DMAC_CORE since it's mandatory
platform/x86: acer-wmi: setup accelerometer when machine has appropriate notify event
x86/xen: Fix APIC id mismatch warning on Intel
ACPI / EC: Use busy polling mode when GPE is not enabled
rtc: tegra: Implement clock handling
mm: Tighten x86 /dev/mem with zeroing reads
dvb-usb: don't use stack for firmware load
dvb-usb-firmware: don't do DMA on stack
cxusb: Use a dma capable buffer also for reading
virtio-console: avoid DMA from stack
net: ipv6: check route protocol when deleting routes
sctp: deny peeloff operation on asocs with threads sleeping on it
Linux 4.9.24
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit d879d0b8c183aabeb9a65eba91f3f9e3c7e7b905 upstream.
When function tracer has a pid filter, it adds a probe to sched_switch
to track if current task can be ignored. The probe checks the
ftrace_ignore_pid from current tr to filter tasks. But it misses to
delete the probe when removing an instance so that it can cause a crash
due to the invalid tr pointer (use-after-free).
This is easily reproducible with the following:
# cd /sys/kernel/debug/tracing
# mkdir instances/buggy
# echo $$ > instances/buggy/set_ftrace_pid
# rmdir instances/buggy
============================================================================
BUG: KASAN: use-after-free in ftrace_filter_pid_sched_switch_probe+0x3d/0x90
Read of size 8 by task kworker/0:1/17
CPU: 0 PID: 17 Comm: kworker/0:1 Tainted: G B 4.11.0-rc3 #198
Call Trace:
dump_stack+0x68/0x9f
kasan_object_err+0x21/0x70
kasan_report.part.1+0x22b/0x500
? ftrace_filter_pid_sched_switch_probe+0x3d/0x90
kasan_report+0x25/0x30
__asan_load8+0x5e/0x70
ftrace_filter_pid_sched_switch_probe+0x3d/0x90
? fpid_start+0x130/0x130
__schedule+0x571/0xce0
...
To fix it, use ftrace_clear_pids() to unregister the probe. As
instance_rmdir() already updated ftrace codes, it can just free the
filter safely.
Link: http://lkml.kernel.org/r/20170417024430.21194-2-namhyung@kernel.org
Fixes: 0c8916c342 ("tracing: Add rmdir to remove multibuffer instances")
Cc: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 93faccbbfa958a9668d3ab4e30f38dd205cee8d8 upstream.
To support unprivileged users mounting filesystems two permission
checks have to be performed: a test to see if the user allowed to
create a mount in the mount namespace, and a test to see if
the user is allowed to access the specified filesystem.
The automount case is special in that mounting the original filesystem
grants permission to mount the sub-filesystems, to any user who
happens to stumble across the their mountpoint and satisfies the
ordinary filesystem permission checks.
Attempting to handle the automount case by using override_creds
almost works. It preserves the idea that permission to mount
the original filesystem is permission to mount the sub-filesystem.
Unfortunately using override_creds messes up the filesystems
ordinary permission checks.
Solve this by being explicit that a mount is a submount by introducing
vfs_submount, and using it where appropriate.
vfs_submount uses a new mount internal mount flags MS_SUBMOUNT, to let
sget and friends know that a mount is a submount so they can take appropriate
action.
sget and sget_userns are modified to not perform any permission checks
on submounts.
follow_automount is modified to stop using override_creds as that
has proven problemantic.
do_mount is modified to always remove the new MS_SUBMOUNT flag so
that we know userspace will never by able to specify it.
autofs4 is modified to stop using current_real_cred that was put in
there to handle the previous version of submount permission checking.
cifs is modified to pass the mountpoint all of the way down to vfs_submount.
debugfs is modified to pass the mountpoint all of the way down to
trace_automount by adding a new parameter. To make this change easier
a new typedef debugfs_automount_t is introduced to capture the type of
the debugfs automount function.
Fixes: 069d5ac9ae ("autofs: Fix automounts by using current_real_cred()->uid")
Fixes: aeaa4a79ff ("fs: Call d_automount with the filesystems creds")
Reviewed-by: Trond Myklebust <trond.myklebust@primarydata.com>
Reviewed-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Unlike monotonic clock, boot clock as a trace clock will account for
time spent in suspend useful for tracing suspend/resume. This uses
earlier introduced infrastructure for using the fast boot clock.
Bug: b/33184060
Change-Id: I144f07560abc35b92ee9a54de39f33574c218302
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Richard Cochran <richardcochran@gmail.com>
Cc: Prarit Bhargava <prarit@redhat.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Joel Fernandes <joelaf@google.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
The tgids are tracked along side the saved_cmdlines tracking, and can be
included in trace output by enabling the 'print-tgid' trace option. This is
useful when doing post-processing of the trace data, as it allows events to be
grouped by tgid.
Change-Id: I52ed04c3a8ca7fddbb868b792ce5d21ceb76250e
Signed-off-by: Jamie Gennis <jgennis@google.com>
The big change is the addition of the hwlat tracer. It not only detects
SMIs, but also other latency that's caused by the hardware. I have detected
some latency from large boxes having bus contention.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJX9a77AAoJEKKk/i67LK/8UPEH/jcqMmOMhQYVQsNaJViA5uJM
SV96gaLCc9cxXY04Hf7vx8RkVIyIqTCCQZ+RVZt4RSeqpsB2IzZ1u0CNKs2Z0MTv
MdvQJoazRoDgVuPzKAsdAlDd0ykqHEFA5ayF3XDK4P2J97La+B4rQIqEiJX/aDrz
i0NQQFg2ZF46mXJXn4oXe6nmr6WnbiEduawVjd7JvgILJO2hojDicOTQlNG41Nys
68fOV8mLk0OL7sFRjySLGcbdbKhP2YbNhxILXl8geLgS9+CFZXkE8oTRjjy9IMNA
XrqbFLMWaRVv+Nig7bHIWKE8ZErC5WCYUw4LD2GTLMDx5AkAVLGFFp6TOiO4SG8=
=ke23
-----END PGP SIGNATURE-----
Merge tag 'trace-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing updates from Steven Rostedt:
"This release cycle is rather small. Just a few fixes to tracing.
The big change is the addition of the hwlat tracer. It not only
detects SMIs, but also other latency that's caused by the hardware. I
have detected some latency from large boxes having bus contention"
* tag 'trace-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing: Call traceoff trigger after event is recorded
ftrace/scripts: Add helper script to bisect function tracing problem functions
tracing: Have max_latency be defined for HWLAT_TRACER as well
tracing: Add NMI tracing in hwlat detector
tracing: Have hwlat trace migrate across tracing_cpumask CPUs
tracing: Add documentation for hwlat_detector tracer
tracing: Added hardware latency tracer
ftrace: Access ret_stack->subtime only in the function profiler
function_graph: Handle TRACE_BPUTS in print_graph_comment
tracing/uprobe: Drop isdigit() check in create_trace_uprobe
Pull perf updates from Ingo Molnar:
"The main kernel side changes were:
- uprobes enhancements (Masami Hiramatsu)
- Uncore group events enhancements (David Carrillo-Cisneros)
- x86 Intel: Add support for Skylake server uncore PMUs (Kan Liang)
- x86 Intel: LBR cleanups and enhancements, for better branch
annotation tracking (Peter Zijlstra)
- x86 Intel: Add support for PTWRITE and power event tracing
(Alexander Shishkin)
- ... various fixes, cleanups and smaller enhancements.
Lots of tooling changes - a couple of highlights:
- Support event group view with hierarchy mode in 'perf top' and
'perf report' (Namhyung Kim)
e.g.:
$ perf record -e '{cycles,instructions}' make
$ perf report --hierarchy --stdio
...
# Overhead Command / Shared Object / Symbol
# ...................... ..................................
...
25.74% 27.18%sh
19.96% 24.14%libc-2.24.so
9.55% 14.64%[.] __strcmp_sse2
1.54% 0.00%[.] __tfind
1.07% 1.13%[.] _int_malloc
0.95% 0.00%[.] __strchr_sse2
0.89% 1.39%[.] __tsearch
0.76% 0.00%[.] strlen
- Add branch stack / basic block info to 'perf annotate --stdio',
where for each branch, we add an asm comment after the instruction
with information on how often it was taken and predicted. See
example with color output at:
http://vger.kernel.org/~acme/perf/annotate_basic_blocks.png
(Peter Zijlstra)
- Add support for using symbols in address filters with Intel PT and
ARM CoreSight (hardware assisted tracing facilities) (Adrian
Hunter, Mathieu Poirier)
- Add support for interacting with Coresight PMU ETMs/PTMs, that are
IP blocks to perform hardware assisted tracing on a ARM CPU core
(Mathieu Poirier)
- Support generating cross arch probes, i.e. if you specify a vmlinux
file for different arch than the one in the host machine,
$ perf probe --definition function_name args
will generate the probe definition string needed to append to the
target machine /sys/kernel/debug/tracing/kprobes_events file, using
scripting (Masami Hiramatsu).
- Allow configuring the default 'perf report -s' sort order in
~/.perfconfig, for instance, "sym,dso" may be more fitting for
kernel developers. (Arnaldo Carvalho de Melo)
- ... plus lots of other changes, refactorings, features and fixes"
* 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (149 commits)
perf tests: Add dwarf unwind test for powerpc
perf probe: Match linkage name with mangled name
perf probe: Fix to cut off incompatible chars from group name
perf probe: Skip if the function address is 0
perf probe: Ignore the error of finding inline instance
perf intel-pt: Fix decoding when there are address filters
perf intel-pt: Enable decoder to handle TIP.PGD with missing IP
perf intel-pt: Read address filter from AUXTRACE_INFO event
perf intel-pt: Record address filter in AUXTRACE_INFO event
perf intel-pt: Add a helper function for processing AUXTRACE_INFO
perf intel-pt: Fix missing error codes processing auxtrace_info
perf intel-pt: Add support for recording the max non-turbo ratio
perf intel-pt: Fix snapshot overlap detection decoder errors
perf probe: Increase debug level of SDT debug messages
perf record: Add support for using symbols in address filters
perf symbols: Add dso__last_symbol()
perf record: Fix error paths
perf record: Rename label 'out_symbol_exit'
perf script: Fix vanished idle symbols
perf evsel: Add support for address filters
...
some issues. This contains one fix by me and one by Al. I'm sure that
he'll come up with more but for now I tested these patches and they
don't appear to have any negative impact on tracing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJX6FvrAAoJEKKk/i67LK/8EuIH/Arf6vJidYsmbe57WQp8PU3I
bldem6ePj6zgZ2ZqPlSGCs1J2DcK4Bh3lPVxdx7rRKVWSd/Zoj+i83hvObusR8M7
Qs1G92bJTvvVO3aPfiN0GvKGdKfGn45L+j0BcBauiTRKqnj3PkhOhIP2/ks0ewSk
qeq7R3xxo/FDs26AHS69Hm0PIIw7btyhXNX4GB3Il7IIA5/nUknw3C+bjVj86tYX
R4iElcHEhplgoSjKuLgNIRZGUnEFtsm/fnohYXpHacLTUKNXnTDY230x/OKc1yyB
1vOfHS/y5s3XSJ1lcgSjYeNc51lK8NiDASaptZSUnOookKSAooUTFELNzpbc0sg=
=+Fr3
-----END PGP SIGNATURE-----
Merge tag 'trace-v4.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracefs fixes from Steven Rostedt:
"Al Viro has been looking at the tracefs code, and has pointed out some
issues. This contains one fix by me and one by Al. I'm sure that
he'll come up with more but for now I tested these patches and they
don't appear to have any negative impact on tracing"
* tag 'trace-v4.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
fix memory leaks in tracing_buffers_splice_read()
tracing: Move mutex to protect against resetting of seq data
The iter->seq can be reset outside the protection of the mutex. So can
reading of user data. Move the mutex up to the beginning of the function.
Fixes: d7350c3f45 ("tracing/core: make the read callbacks reentrants")
Cc: stable@vger.kernel.org # 2.6.30+
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
The hwlat tracer uses tr->max_latency, and if it's the only tracer enabled
that uses it, the build will fail. Add max_latency and its file when the
hwlat tracer is enabled.
Link: http://lkml.kernel.org/r/d6c3b7eb-ba95-1ffa-0453-464e1e24262a@infradead.org
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
The hardware latency tracer has been in the PREEMPT_RT patch for some time.
It is used to detect possible SMIs or any other hardware interruptions that
the kernel is unaware of. Note, NMIs may also be detected, but that may be
good to note as well.
The logic is pretty simple. It simply creates a thread that spins on a
single CPU for a specified amount of time (width) within a periodic window
(window). These numbers may be adjusted by their cooresponding names in
/sys/kernel/tracing/hwlat_detector/
The defaults are window = 1000000 us (1 second)
width = 500000 us (1/2 second)
The loop consists of:
t1 = trace_clock_local();
t2 = trace_clock_local();
Where trace_clock_local() is a variant of sched_clock().
The difference of t2 - t1 is recorded as the "inner" timestamp and also the
timestamp t1 - prev_t2 is recorded as the "outer" timestamp. If either of
these differences are greater than the time denoted in
/sys/kernel/tracing/tracing_thresh then it records the event.
When this tracer is started, and tracing_thresh is zero, it changes to the
default threshold of 10 us.
The hwlat tracer in the PREEMPT_RT patch was originally written by
Jon Masters. I have modified it quite a bit and turned it into a
tracer.
Based-on-code-by: Jon Masters <jcm@redhat.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Add README entries for kprobe-events and uprobe-events.
This allows user to check what options can be acceptable
for running kernel.
E.g. perf tools can choose correct types for the kernel.
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Hemant Kumar <hemant@linux.vnet.ibm.com>
Cc: Naohiro Aota <naohiro.aota@hgst.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/r/147151069524.12957.12957179170304055028.stgit@devbox
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Commit 345ddcc882 ("ftrace: Have set_ftrace_pid use the bitmap like events
do") placed ftrace_init_tracefs into the instance creation, and encapsulated
the top level updating with an if conditional, as the top level only gets
updated at boot up. Unfortunately, this triggers section mismatch errors as
the init functions are called from a function that can be called later, and
the section mismatch logic is unaware of the if conditional that would
prevent it from happening at run time.
To make everyone happy, create a separate ftrace_init_tracefs_toplevel()
routine that only gets called by init functions, and this will be what calls
other init functions for the toplevel directory.
Link: http://lkml.kernel.org/r/20160704102139.19cbc0d9@gandalf.local.home
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Reported-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 345ddcc882 ("ftrace: Have set_ftrace_pid use the bitmap like events do")
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
# echo 1 > options/stacktrace
# echo 1 > events/sched/sched_switch/enable
# cat trace
<idle>-0 [002] d..2 1982.525169: <stack trace>
=> save_stack_trace
=> __ftrace_trace_stack
=> trace_buffer_unlock_commit_regs
=> event_trigger_unlock_commit
=> trace_event_buffer_commit
=> trace_event_raw_event_sched_switch
=> __schedule
=> schedule
=> schedule_preempt_disabled
=> cpu_startup_entry
=> start_secondary
The above shows that we are seeing 6 functions before ever making it to the
caller of the sched_switch event.
# echo stacktrace > events/sched/sched_switch/trigger
# cat trace
<idle>-0 [002] d..3 2146.335208: <stack trace>
=> trace_event_buffer_commit
=> trace_event_raw_event_sched_switch
=> __schedule
=> schedule
=> schedule_preempt_disabled
=> cpu_startup_entry
=> start_secondary
The stacktrace trigger isn't as bad, because it adds its own skip to the
stacktracing, but still has two events extra.
One issue is that if the stacktrace passes its own "regs" then there should
be no addition to the skip, as the regs will not include the functions being
called. This was an issue that was fixed by commit 7717c6be69 ("tracing:
Fix stacktrace skip depth in trace_buffer_unlock_commit_regs()" as adding
the skip number for kprobes made the probes not have any stack at all.
But since this is only an issue when regs is being used, a skip should be
added if regs is NULL. Now we have:
# echo 1 > options/stacktrace
# echo 1 > events/sched/sched_switch/enable
# cat trace
<idle>-0 [000] d..2 1297.676333: <stack trace>
=> __schedule
=> schedule
=> schedule_preempt_disabled
=> cpu_startup_entry
=> rest_init
=> start_kernel
=> x86_64_start_reservations
=> x86_64_start_kernel
# echo stacktrace > events/sched/sched_switch/trigger
# cat trace
<idle>-0 [002] d..3 1370.759745: <stack trace>
=> __schedule
=> schedule
=> schedule_preempt_disabled
=> cpu_startup_entry
=> start_secondary
And kprobes are not touched.
Reported-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Currently, the trace_printk code chooses which static buffer to use based
on what type of atomic context (NMI, IRQ, etc) it's in. Simplify the
code and make it more robust: simply count the nesting depth and choose
a buffer based on the current nesting depth.
The new code will only drop an event if we nest more than 4 deep,
and the old code was guaranteed to malfunction if that happened.
Link: http://lkml.kernel.org/r/07ab03aecfba25fcce8f9a211b14c9c5e2865c58.1464289095.git.luto@kernel.org
Acked-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Convert set_ftrace_pid to use the bitmap like set_event_pid does. This
allows for instances to use the pid filtering as well, and will allow for
function-fork option to set if the children of a traced function should be
traced or not.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
The addition of PIDs into a pid_list via the write operation of
set_event_pid is a bit complex. The same operation will be needed for
function tracing pids. Move the code into its own generic function in
trace.c, so that we can avoid duplication of this code.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
To allow other aspects of ftrace to use the pid_list logic, we need to reuse
the seq_file functions. Making the generic part into functions that can be
called by other files will help in this regard.
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Greg Kroah-Hartman
Steven Rostedt (VMware)
Adrian Salido
Mathieu Malaterre
Masami Hiramatsu
Matthias Kaehlcke
Jing Xia
Changbin Du
Bo Yan
Tahsin Erdogan
Baohong Liu
Chunyu Hu
Pavankumar Kondeti
Namhyung Kim
Eric W. Biederman
Joel Fernandes
Dmitry Shmidt
Jamie Gennis
Linus Torvalds
Al Viro
Wei Yongjun
Andy Lutomirski
