-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3owgEACgkQONu9yGCS
aT43zw//SS1As83XXuHr4mdWIVDjXo6RMJ6Ib7YbRi/uhBmQuUuGVFcqGxUIA9Kl
eSXu5Kt8TNmInzHq9AMYgegrELAEwPD2XfptALGDwiUHonQuiFaqOQn/bltJOm1L
PsG15A7+/gFhuhPJDp2ZfNBmZGdpXdIwD27oUDqF1XD64dMa/HPbFUVgxWn3HHkd
sm0J6Ez0eNA+BmLnHXYDiSaEYIiwvy1nN6XpyIfOyb2Tz6kPoe0vVWU00Cmy8KAU
EIWB+TBRunspgMsShL5Cl1MSFOxf9QOmgnZxcrODAQfb1TbLMACB1FGMjK4nLm+3
wPlSnC7L49ARl/pvmN5NOUrjHi8S8qq/Od9QW+UIckRI6KzOU832h99v4gFuHjSC
KFiLi5K9+uTIMgNOETmINBiKKUcUzYXYVajvm4tuAUq3HO8wy6jeALtt34OiJZQZ
DV8wyBdL9NDUFqBymFaMFA4Us/fGIREzvPgI0E0jth2ANuLFLtScrnStuWv8buwJ
JT3V9xCxHZtZ3Ctevx/Jp6OaQtnbSnWjMjrO0UDzZ6N7+g5UKmh9/R3xL6sBpFVU
Vu49J+qWU3VmbY3EIulel+yARNe7xS4ExK185JmNzpYFyOpXum14FHhhtQ6xNSeu
dRqyITI0KYP7jWtBDKCgVAWF5jC9gHP1ksrHSZMhyGrv1dC1XZM=
=KnJW
-----END PGP SIGNATURE-----
Merge 4.19.88 into android-4.19
Changes in 4.19.88
clk: meson: gxbb: let sar_adc_clk_div set the parent clock rate
clocksource/drivers/mediatek: Fix error handling
ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX
ASoC: compress: fix unsigned integer overflow check
reset: Fix memory leak in reset_control_array_put()
clk: samsung: exynos5433: Fix error paths
ASoC: kirkwood: fix external clock probe defer
ASoC: kirkwood: fix device remove ordering
clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume
pinctrl: cherryview: Allocate IRQ chip dynamic
ARM: dts: imx6qdl-sabreauto: Fix storm of accelerometer interrupts
reset: fix reset_control_ops kerneldoc comment
clk: at91: avoid sleeping early
clk: sunxi: Fix operator precedence in sunxi_divs_clk_setup
clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18
ARM: dts: sun8i-a83t-tbs-a711: Fix WiFi resume from suspend
samples/bpf: fix build by setting HAVE_ATTR_TEST to zero
powerpc/bpf: Fix tail call implementation
idr: Fix integer overflow in idr_for_each_entry
idr: Fix idr_alloc_u32 on 32-bit systems
x86/resctrl: Prevent NULL pointer dereference when reading mondata
clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call
clk: ti: clkctrl: Fix failed to enable error with double udelay timeout
net: fec: add missed clk_disable_unprepare in remove
bridge: ebtables: don't crash when using dnat target in output chains
can: peak_usb: report bus recovery as well
can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open
can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak
can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max
can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM
can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors
can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error
can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error
can: flexcan: increase error counters if skb enqueueing via can_rx_offload_queue_sorted() fails
can: mcp251x: mcp251x_restart_work_handler(): Fix potential force_quit race condition
watchdog: meson: Fix the wrong value of left time
ASoC: stm32: sai: add restriction on mmap support
scripts/gdb: fix debugging modules compiled with hot/cold partitioning
net: bcmgenet: use RGMII loopback for MAC reset
net: bcmgenet: reapply manual settings to the PHY
net: mscc: ocelot: fix __ocelot_rmw_ix prototype
ceph: return -EINVAL if given fsc mount option on kernel w/o support
net/fq_impl: Switch to kvmalloc() for memory allocation
mac80211: fix station inactive_time shortly after boot
block: drbd: remove a stray unlock in __drbd_send_protocol()
pwm: bcm-iproc: Prevent unloading the driver module while in use
scsi: target/tcmu: Fix queue_cmd_ring() declaration
scsi: lpfc: Fix kernel Oops due to null pring pointers
scsi: lpfc: Fix dif and first burst use in write commands
ARM: dts: Fix up SQ201 flash access
tracing: Lock event_mutex before synth_event_mutex
ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed
ARM: dts: imx51: Fix memory node duplication
ARM: dts: imx53: Fix memory node duplication
ARM: dts: imx31: Fix memory node duplication
ARM: dts: imx35: Fix memory node duplication
ARM: dts: imx7: Fix memory node duplication
ARM: dts: imx6ul: Fix memory node duplication
ARM: dts: imx6sx: Fix memory node duplication
ARM: dts: imx6sl: Fix memory node duplication
ARM: dts: imx50: Fix memory node duplication
ARM: dts: imx23: Fix memory node duplication
ARM: dts: imx1: Fix memory node duplication
ARM: dts: imx27: Fix memory node duplication
ARM: dts: imx25: Fix memory node duplication
ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication
parisc: Fix serio address output
parisc: Fix HP SDC hpa address output
ARM: dts: Fix hsi gdd range for omap4
arm64: mm: Prevent mismatched 52-bit VA support
arm64: smp: Handle errors reported by the firmware
bus: ti-sysc: Check for no-reset and no-idle flags at the child level
platform/x86: mlx-platform: Fix LED configuration
ARM: OMAP1: fix USB configuration for device-only setups
RDMA/hns: Fix the bug while use multi-hop of pbl
arm64: preempt: Fix big-endian when checking preempt count in assembly
RDMA/vmw_pvrdma: Use atomic memory allocation in create AH
PM / AVS: SmartReflex: NULL check before some freeing functions is not needed
xfs: zero length symlinks are not valid
ARM: ks8695: fix section mismatch warning
ACPI / LPSS: Ignore acpi_device_fix_up_power() return value
scsi: lpfc: Enable Management features for IF_TYPE=6
scsi: qla2xxx: Fix NPIV handling for FC-NVMe
scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port
nvme: provide fallback for discard alloc failure
s390/zcrypt: make sysfs reset attribute trigger queue reset
crypto: user - support incremental algorithm dumps
arm64: dts: renesas: draak: Fix CVBS input
mwifiex: fix potential NULL dereference and use after free
mwifiex: debugfs: correct histogram spacing, formatting
brcmfmac: set F2 watermark to 256 for 4373
brcmfmac: set SDIO F1 MesBusyCtrl for CYW4373
rtl818x: fix potential use after free
bcache: do not check if debug dentry is ERR or NULL explicitly on remove
bcache: do not mark writeback_running too early
xfs: require both realtime inodes to mount
nvme: fix kernel paging oops
ubifs: Fix default compression selection in ubifs
ubi: Put MTD device after it is not used
ubi: Do not drop UBI device reference before using
microblaze: adjust the help to the real behavior
microblaze: move "... is ready" messages to arch/microblaze/Makefile
microblaze: fix multiple bugs in arch/microblaze/boot/Makefile
iwlwifi: move iwl_nvm_check_version() into dvm
iwlwifi: mvm: force TCM re-evaluation on TCM resume
iwlwifi: pcie: fix erroneous print
iwlwifi: pcie: set cmd_len in the correct place
gpio: pca953x: Fix AI overflow on PCAL6524
gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB
kvm: vmx: Set IA32_TSC_AUX for legacy mode guests
Revert "KVM: nVMX: reset cache/shadows when switching loaded VMCS"
Revert "KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode()"
crypto/chelsio/chtls: listen fails with multiadapt
VSOCK: bind to random port for VMADDR_PORT_ANY
mmc: meson-gx: make sure the descriptor is stopped on errors
mtd: rawnand: sunxi: Write pageprog related opcodes to WCMD_SET
usb: ehci-omap: Fix deferred probe for phy handling
btrfs: Check for missing device before bio submission in btrfs_map_bio
btrfs: fix ncopies raid_attr for RAID56
btrfs: dev-replace: set result code of cancel by status of scrub
Btrfs: allow clear_extent_dirty() to receive a cached extent state record
btrfs: only track ref_heads in delayed_ref_updates
serial: sh-sci: Fix crash in rx_timer_fn() on PIO fallback
HID: intel-ish-hid: fixes incorrect error handling
gpio: raspberrypi-exp: decrease refcount on firmware dt node
serial: 8250: Rate limit serial port rx interrupts during input overruns
kprobes/x86/xen: blacklist non-attachable xen interrupt functions
xen/pciback: Check dev_data before using it
kprobes: Blacklist symbols in arch-defined prohibited area
kprobes/x86: Show x86-64 specific blacklisted symbols correctly
vfio-mdev/samples: Use u8 instead of char for handle functions
memory: omap-gpmc: Get the header of the enum
pinctrl: xway: fix gpio-hog related boot issues
net/mlx5: Continue driver initialization despite debugfs failure
netfilter: nf_nat_sip: fix RTP/RTCP source port translations
exofs_mount(): fix leaks on failure exits
bnxt_en: Return linux standard errors in bnxt_ethtool.c
bnxt_en: Save ring statistics before reset.
bnxt_en: query force speeds before disabling autoneg mode.
KVM: s390: unregister debug feature on failing arch init
pinctrl: sh-pfc: r8a77990: Fix MOD_SEL0 SEL_I2C1 field width
pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration
pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10
HID: doc: fix wrong data structure reference for UHID_OUTPUT
dm flakey: Properly corrupt multi-page bios.
gfs2: take jdata unstuff into account in do_grow
dm raid: fix false -EBUSY when handling check/repair message
xfs: Align compat attrlist_by_handle with native implementation.
xfs: Fix bulkstat compat ioctls on x32 userspace.
IB/qib: Fix an error code in qib_sdma_verbs_send()
clocksource/drivers/fttmr010: Fix invalid interrupt register access
vxlan: Fix error path in __vxlan_dev_create()
powerpc/book3s/32: fix number of bats in p/v_block_mapped()
powerpc/xmon: fix dump_segments()
drivers/regulator: fix a missing check of return value
Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading
serial: max310x: Fix tx_empty() callback
openrisc: Fix broken paths to arch/or32
RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer
scsi: qla2xxx: deadlock by configfs_depend_item
scsi: csiostor: fix incorrect dma device in case of vport
brcmfmac: Fix access point mode
ath6kl: Only use match sets when firmware supports it
ath6kl: Fix off by one error in scan completion
powerpc/perf: Fix unit_sel/cache_sel checks
powerpc/32: Avoid unsupported flags with clang
powerpc/prom: fix early DEBUG messages
powerpc/mm: Make NULL pointer deferences explicit on bad page faults.
powerpc/44x/bamboo: Fix PCI range
vfio/spapr_tce: Get rid of possible infinite loop
powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status
drbd: ignore "all zero" peer volume sizes in handshake
drbd: reject attach of unsuitable uuids even if connected
drbd: do not block when adjusting "disk-options" while IO is frozen
drbd: fix print_st_err()'s prototype to match the definition
IB/rxe: Make counters thread safe
bpf/cpumap: make sure frame_size for build_skb is aligned if headroom isn't
regulator: tps65910: fix a missing check of return value
powerpc/83xx: handle machine check caused by watchdog timer
powerpc/pseries: Fix node leak in update_lmb_associativity_index()
powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y
crypto: mxc-scc - fix build warnings on ARM64
pwm: clps711x: Fix period calculation
net/netlink_compat: Fix a missing check of nla_parse_nested
net/net_namespace: Check the return value of register_pernet_subsys()
f2fs: fix block address for __check_sit_bitmap
f2fs: fix to dirty inode synchronously
um: Include sys/uio.h to have writev()
um: Make GCOV depend on !KCOV
net: (cpts) fix a missing check of clk_prepare
net: stmicro: fix a missing check of clk_prepare
net: dsa: bcm_sf2: Propagate error value from mdio_write
atl1e: checking the status of atl1e_write_phy_reg
tipc: fix a missing check of genlmsg_put
net: marvell: fix a missing check of acpi_match_device
net/wan/fsl_ucc_hdlc: Avoid double free in ucc_hdlc_probe()
ocfs2: clear journal dirty flag after shutdown journal
vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n
mm/page_alloc.c: free order-0 pages through PCP in page_frag_free()
mm/page_alloc.c: use a single function to free page
mm/page_alloc.c: deduplicate __memblock_free_early() and memblock_free()
tools/vm/page-types.c: fix "kpagecount returned fewer pages than expected" failures
netfilter: nf_tables: fix a missing check of nla_put_failure
xprtrdma: Prevent leak of rpcrdma_rep objects
infiniband: bnxt_re: qplib: Check the return value of send_message
infiniband/qedr: Potential null ptr dereference of qp
firmware: arm_sdei: fix wrong of_node_put() in init function
firmware: arm_sdei: Fix DT platform device creation
lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk
lib/genalloc.c: use vzalloc_node() to allocate the bitmap
fork: fix some -Wmissing-prototypes warnings
drivers/base/platform.c: kmemleak ignore a known leak
lib/genalloc.c: include vmalloc.h
mtd: Check add_mtd_device() ret code
tipc: fix memory leak in tipc_nl_compat_publ_dump
net/core/neighbour: tell kmemleak about hash tables
ata: ahci: mvebu: do Armada 38x configuration only on relevant SoCs
PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity()
net/core/neighbour: fix kmemleak minimal reference count for hash tables
serial: 8250: Fix serial8250 initialization crash
gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change
sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe
ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel
decnet: fix DN_IFREQ_SIZE
net/smc: prevent races between smc_lgr_terminate() and smc_conn_free()
net/smc: don't wait for send buffer space when data was already sent
mm/hotplug: invalid PFNs from pfn_to_online_page()
xfs: end sync buffer I/O properly on shutdown error
net/smc: fix sender_free computation
blktrace: Show requests without sector
net/smc: fix byte_order for rx_curs_confirmed
tipc: fix skb may be leaky in tipc_link_input
ASoC: samsung: i2s: Fix prescaler setting for the secondary DAI
sfc: initialise found bitmap in efx_ef10_mtd_probe
geneve: change NET_UDP_TUNNEL dependency to select
net: fix possible overflow in __sk_mem_raise_allocated()
net: ip_gre: do not report erspan_ver for gre or gretap
net: ip6_gre: do not report erspan_ver for ip6gre or ip6gretap
sctp: don't compare hb_timer expire date before starting it
bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id()
mmc: core: align max segment size with logical block size
net: dev: Use unsigned integer as an argument to left-shift
kvm: properly check debugfs dentry before using it
bpf: drop refcount if bpf_map_new_fd() fails in map_create()
net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED
net: hns3: fix PFC not setting problem for DCB module
net: hns3: fix an issue for hclgevf_ae_get_hdev
net: hns3: fix an issue for hns3_update_new_int_gl
iommu/amd: Fix NULL dereference bug in match_hid_uid
apparmor: delete the dentry in aafs_remove() to avoid a leak
scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery
ACPI / APEI: Don't wait to serialise with oops messages when panic()ing
ACPI / APEI: Switch estatus pool to use vmalloc memory
scsi: hisi_sas: shutdown axi bus to avoid exception CQ returned
scsi: libsas: Check SMP PHY control function result
RDMA/hns: Fix the bug with updating rq head pointer when flush cqe
RDMA/hns: Bugfix for the scene without receiver queue
RDMA/hns: Fix the state of rereg mr
RDMA/hns: Use GFP_ATOMIC in hns_roce_v2_modify_qp
ASoC: rt5645: Headphone Jack sense inverts on the LattePanda board
powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
xdp: fix cpumap redirect SKB creation bug
mtd: Remove a debug trace in mtdpart.c
mm, gup: add missing refcount overflow checks on s390
clk: at91: fix update bit maps on CFG_MOR write
clk: at91: generated: set audio_pll_allowed in at91_clk_register_generated()
usb: dwc2: use a longer core rest timeout in dwc2_core_reset()
staging: rtl8192e: fix potential use after free
staging: rtl8723bs: Drop ACPI device ids
staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids
USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P
mei: bus: prefix device names on bus with the bus name
mei: me: add comet point V device id
thunderbolt: Power cycle the router if NVM authentication fails
xfrm: Fix memleak on xfrm state destroy
media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE
net: macb: fix error format in dev_err()
pwm: Clear chip_data in pwm_put()
media: atmel: atmel-isc: fix asd memory allocation
media: atmel: atmel-isc: fix INIT_WORK misplacement
macvlan: schedule bc_work even if error
net: psample: fix skb_over_panic
openvswitch: fix flow command message size
sctp: Fix memory leak in sctp_sf_do_5_2_4_dupcook
slip: Fix use-after-free Read in slip_open
openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info()
openvswitch: remove another BUG_ON()
selftests: bpf: test_sockmap: handle file creation failures gracefully
tipc: fix link name length check
sctp: cache netns in sctp_ep_common
net: sched: fix `tc -s class show` no bstats on class with nolock subqueues
net: macb: add missed tasklet_kill
ext4: add more paranoia checking in ext4_expand_extra_isize handling
watchdog: sama5d4: fix WDD value to be always set to max
net: macb: Fix SUBNS increment and increase resolution
net: macb driver, check for SKBTX_HW_TSTAMP
mtd: rawnand: atmel: Fix spelling mistake in error message
mtd: rawnand: atmel: fix possible object reference leak
mtd: spi-nor: cast to u64 to avoid uint overflows
drm/atmel-hlcdc: revert shift by 8
mailbox: stm32_ipcc: add spinlock to fix channels concurrent access
tcp: exit if nothing to retransmit on RTO timeout
HID: core: check whether Usage Page item is after Usage ID items
crypto: stm32/hash - Fix hmac issue more than 256 bytes
media: stm32-dcmi: fix DMA corruption when stopping streaming
media: stm32-dcmi: fix check of pm_runtime_get_sync return value
hwrng: stm32 - fix unbalanced pm_runtime_enable
clk: stm32mp1: fix HSI divider flag
clk: stm32mp1: fix mcu divider table
clk: stm32mp1: add CLK_SET_RATE_NO_REPARENT to Kernel clocks
clk: stm32mp1: parent clocks update
mailbox: mailbox-test: fix null pointer if no mmio
pinctrl: stm32: fix memory leak issue
ASoC: stm32: i2s: fix dma configuration
ASoC: stm32: i2s: fix 16 bit format support
ASoC: stm32: i2s: fix IRQ clearing
ASoC: stm32: sai: add missing put_device()
dmaengine: stm32-dma: check whether length is aligned on FIFO threshold
platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer
platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size
net: fec: fix clock count mis-match
Linux 4.19.88
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ifd3801a77cb551be72788031e7fcfc8a1d4fd197
[ Upstream commit 676e4a6fe7 ]
We want to avoid leaking pointer info from xdp_frame (that is placed in
top of frame) like commit 6dfb970d3d ("xdp: avoid leaking info stored in
frame data on page reuse"), and followup commit 97e19cce05 ("bpf:
reserve xdp_frame size in xdp headroom") that reserve this headroom.
These changes also affected how cpumap constructed SKBs, as xdpf->headroom
size changed, the skb data starting point were in-effect shifted with 32
bytes (sizeof xdp_frame). This was still okay, as the cpumap frame_size
calculation also included xdpf->headroom which were reduced by same amount.
A bug was introduced in commit 77ea5f4cbe ("bpf/cpumap: make sure
frame_size for build_skb is aligned if headroom isn't"), where the
xdpf->headroom became part of the SKB_DATA_ALIGN rounding up. This
round-up to find the frame_size is in principle still correct as it does
not exceed the 2048 bytes frame_size (which is max for ixgbe and i40e),
but the 32 bytes offset of pkt_data_start puts this over the 2048 bytes
limit. This cause skb_shared_info to spill into next frame. It is a little
hard to trigger, as the SKB need to use above 15 skb_shinfo->frags[] as
far as I calculate. This does happen in practise for TCP streams when
skb_try_coalesce() kicks in.
KASAN can be used to detect these wrong memory accesses, I've seen:
BUG: KASAN: use-after-free in skb_try_coalesce+0x3cb/0x760
BUG: KASAN: wild-memory-access in skb_release_data+0xe2/0x250
Driver veth also construct a SKB from xdp_frame in this way, but is not
affected, as it doesn't reserve/deduct the room (used by xdp_frame) from
the SKB headroom. Instead is clears the pointers via xdp_scrub_frame(),
and allows SKB to use this area.
The fix in this patch is to do like veth and instead allow SKB to (re)use
the area occupied by xdp_frame, by clearing via xdp_scrub_frame(). (This
does kill the idea of the SKB being able to access (mem) info from this
area, but I guess it was a bad idea anyhow, and it was already killed by
the veth changes.)
Fixes: 77ea5f4cbe ("bpf/cpumap: make sure frame_size for build_skb is aligned if headroom isn't")
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 352d20d611 ]
In bpf/syscall.c, map_create() first set map->usercnt to 1, a file
descriptor is supposed to return to userspace. When bpf_map_new_fd()
fails, drop the refcount.
Fixes: bd5f5f4ecb ("bpf: Add BPF_MAP_GET_FD_BY_ID")
Signed-off-by: Peng Sun <sironhide0null@gmail.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 781e62823c ]
In bpf/syscall.c, bpf_map_get_fd_by_id() use bpf_map_inc_not_zero()
to increase the refcount, both map->refcnt and map->usercnt. Then, if
bpf_map_new_fd() fails, should handle map->usercnt too.
Fixes: bd5f5f4ecb ("bpf: Add BPF_MAP_GET_FD_BY_ID")
Signed-off-by: Peng Sun <sironhide0null@gmail.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit fb5bf31722 ]
We get a warning when building kernel with W=1:
kernel/fork.c:167:13: warning: no previous prototype for `arch_release_thread_stack' [-Wmissing-prototypes]
kernel/fork.c:779:13: warning: no previous prototype for `fork_init' [-Wmissing-prototypes]
Add the missing declaration in head file to fix this.
Also, remove arch_release_thread_stack() completely because no arch
seems to implement it since bb9d81264 (arch: remove tile port).
Link: http://lkml.kernel.org/r/1542170087-23645-1-git-send-email-wang.yi59@zte.com.cn
Signed-off-by: Yi Wang <wang.yi59@zte.com.cn>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Mike Rapoport <rppt@linux.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 77ea5f4cbe ]
The frame_size passed to build_skb must be aligned, else it is
possible that the embedded struct skb_shared_info gets unaligned.
For correctness make sure that xdpf->headroom in included in the
alignment. No upstream drivers can hit this, as all XDP drivers provide
an aligned headroom. This was discovered when playing with implementing
XDP support for mvneta, which have a 2 bytes DSA header, and this
Marvell ARM64 platform didn't like doing atomic operations on an
unaligned skb_shinfo(skb)->dataref addresses.
Fixes: 1c601d829a ("bpf: cpumap xdp_buff to skb conversion and allocation")
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit fb1a59fae8 ]
Blacklist symbols in arch-defined probe-prohibited areas.
With this change, user can see all symbols which are prohibited
to probe in debugfs.
All archtectures which have custom prohibit areas should define
its own arch_populate_kprobe_blacklist() function, but unless that,
all symbols marked __kprobes are blacklisted.
Reported-by: Andrea Righi <righi.andrea@gmail.com>
Tested-by: Andrea Righi <righi.andrea@gmail.com>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: David S. Miller <davem@davemloft.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yonghong Song <yhs@fb.com>
Link: http://lkml.kernel.org/r/154503485491.26176.15823229545155174796.stgit@devbox
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit fc800a10be ]
synthetic event is using synth_event_mutex for protecting
synth_event_list, and event_trigger_write() path acquires
locks as below order.
event_trigger_write(event_mutex)
->trigger_process_regex(trigger_cmd_mutex)
->event_hist_trigger_func(synth_event_mutex)
On the other hand, synthetic event creation and deletion paths
call trace_add_event_call() and trace_remove_event_call()
which acquires event_mutex. In that case, if we keep the
synth_event_mutex locked while registering/unregistering synthetic
events, its dependency will be inversed.
To avoid this issue, current synthetic event is using a 2 phase
process to create/delete events. For example, it searches existing
events under synth_event_mutex to check for event-name conflicts, and
unlocks synth_event_mutex, then registers a new event under event_mutex
locked. Finally, it locks synth_event_mutex and tries to add the
new event to the list. But it can introduce complexity and a chance
for name conflicts.
To solve this simpler, this introduces trace_add_event_call_nolock()
and trace_remove_event_call_nolock() which don't acquire
event_mutex inside. synthetic event can lock event_mutex before
synth_event_mutex to solve the lock dependency issue simpler.
Link: http://lkml.kernel.org/r/154140844377.17322.13781091165954002713.stgit@devbox
Reviewed-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Tested-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3jdysACgkQONu9yGCS
aT49mhAAxl50oRh0bSk/SikbVCn7kRaoRNlCBsPtvtvbDDIpyREIzMRmIbH2OZjS
ji1umUu8iMj+HXW72dWNqPo2K337UzcNRsUXWAdJH8Et+ao+xOUV1jps/Zr3D9ca
2Cw6iTn2QFhKQythMlCxb30sf+kN4cAU1XY3M8xEWXB+4nAqc/aFW7mRAP1jusRb
1DAW+xqPiwCbaag1v5OzumAOGBhpmTcX8sfEYM+3DKcPgGL1jPyYeWlXA26nih8/
LQR6r2tAb454pipV0uApJ2u7V5nNxprcrfUNDmAfap2q/eF1w5pBbZoS5sqpf1eZ
2ycZ36w0ThE7lJKvNrfjq13Su+bGtpENxHlwesNPbsvz0F4xoEkelYSCE1gJBaHX
CZvq1Dhrk5DBvkCCElV8+CJxxuhMUZwzOwrz2iBLdPnpCpSgj8uNPLXMJno6D9fH
PZMCcBFf4WnCUBc06fB7qG+Z7y0TeAuLsNQmK3zYQoEc1gz4Yk5aFo7NgTyajqbD
YKINVP2Wj11TDBssolIA58EYcc2J38As54wuOvYtwy+k/mVkvZVhCPOtI+h3UYm4
lX2ROCHTzt+Av5qFlM8aSBcIlm1qihzSHEdnyqX2EZvUGC4C5Mc5/Eml3QJxAnVh
SzUfLZGzzfntpnWn2cJZ/EA/p6hXujG5k95LEwtAnxxYBFpLTKc=
=d8kA
-----END PGP SIGNATURE-----
Merge 4.19.87 into android-4.19
Changes in 4.19.87
mlxsw: spectrum_router: Fix determining underlay for a GRE tunnel
net/mlx4_en: fix mlx4 ethtool -N insertion
net/mlx4_en: Fix wrong limitation for number of TX rings
net: rtnetlink: prevent underflows in do_setvfinfo()
net/sched: act_pedit: fix WARN() in the traffic path
net: sched: ensure opts_len <= IP_TUNNEL_OPTS_MAX in act_tunnel_key
sfc: Only cancel the PPS workqueue if it exists
net/mlx5e: Fix set vf link state error flow
net/mlxfw: Verify FSM error code translation doesn't exceed array size
net/mlx5: Fix auto group size calculation
vhost/vsock: split packets to send using multiple buffers
gpio: max77620: Fixup debounce delays
tools: gpio: Correctly add make dependencies for gpio_utils
nbd:fix memory leak in nbd_get_socket()
virtio_console: allocate inbufs in add_port() only if it is needed
Revert "fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()"
mm/ksm.c: don't WARN if page is still mapped in remove_stable_node()
drm/amd/powerplay: issue no PPSMC_MSG_GetCurrPkgPwr on unsupported ASICs
drm/i915/pmu: "Frequency" is reported as accumulated cycles
drm/i915/userptr: Try to acquire the page lock around set_page_dirty()
mwifiex: Fix NL80211_TX_POWER_LIMITED
ALSA: isight: fix leak of reference to firewire unit in error path of .probe callback
crypto: testmgr - fix sizeof() on COMP_BUF_SIZE
printk: lock/unlock console only for new logbuf entries
printk: fix integer overflow in setup_log_buf()
pinctrl: madera: Fix uninitialized variable bug in madera_mux_set_mux
PCI: cadence: Write MSI data with 32bits
gfs2: Fix marking bitmaps non-full
pty: fix compat ioctls
synclink_gt(): fix compat_ioctl()
powerpc: Fix signedness bug in update_flash_db()
powerpc/boot: Fix opal console in boot wrapper
powerpc/boot: Disable vector instructions
powerpc/eeh: Fix null deref for devices removed during EEH
powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field
EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr()
mt76: do not store aggregation sequence number for null-data frames
mt76x0: phy: fix restore phase in mt76x0_phy_recalibrate_after_assoc
brcmsmac: AP mode: update beacon when TIM changes
ath10k: set probe request oui during driver start
ath10k: allocate small size dma memory in ath10k_pci_diag_write_mem
skd: fixup usage of legacy IO API
cdrom: don't attempt to fiddle with cdo->capability
spi: sh-msiof: fix deferred probing
mmc: mediatek: fill the actual clock for mmc debugfs
mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail
PCI: mediatek: Fix class type for MT7622 to PCI_CLASS_BRIDGE_PCI
btrfs: defrag: use btrfs_mod_outstanding_extents in cluster_pages_for_defrag
btrfs: handle error of get_old_root
gsmi: Fix bug in append_to_eventlog sysfs handler
misc: mic: fix a DMA pool free failure
w1: IAD Register is yet readable trough iad sys file. Fix snprintf (%u for unsigned, count for max size).
m68k: fix command-line parsing when passed from u-boot
scsi: hisi_sas: Feed back linkrate(max/min) when re-attached
scsi: hisi_sas: Fix the race between IO completion and timeout for SMP/internal IO
scsi: hisi_sas: Free slot later in slot_complete_vx_hw()
RDMA/bnxt_re: Avoid NULL check after accessing the pointer
RDMA/bnxt_re: Fix qp async event reporting
RDMA/bnxt_re: Avoid resource leak in case the NQ registration fails
pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()'
pwm: lpss: Only set update bit if we are actually changing the settings
amiflop: clean up on errors during setup
qed: Align local and global PTT to propagate through the APIs.
scsi: ips: fix missing break in switch
nfp: bpf: protect against mis-initializing atomic counters
KVM: nVMX: reset cache/shadows when switching loaded VMCS
KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode()
KVM/x86: Fix invvpid and invept register operand size in 64-bit mode
clk: tegra: Fixes for MBIST work around
scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler
scsi: isci: Change sci_controller_start_task's return type to sci_status
scsi: bfa: Avoid implicit enum conversion in bfad_im_post_vendor_event
scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param
crypto: ccree - avoid implicit enum conversion
nvmet: avoid integer overflow in the discard code
nvmet-fcloop: suppress a compiler warning
nvme-pci: fix hot removal during error handling
PCI: mediatek: Fixup MSI enablement logic by enabling MSI before clocks
clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk
clk: at91: audio-pll: fix audio pmc type
ASoC: tegra_sgtl5000: fix device_node refcounting
scsi: dc395x: fix dma API usage in srb_done
scsi: dc395x: fix DMA API usage in sg_update_list
scsi: zorro_esp: Limit DMA transfers to 65535 bytes
net: dsa: mv88e6xxx: Fix 88E6141/6341 2500mbps SERDES speed
net: fix warning in af_unix
net: ena: Fix Kconfig dependency on X86
xfs: fix use-after-free race in xfs_buf_rele
xfs: clear ail delwri queued bufs on unmount of shutdown fs
kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad stack
ACPI / scan: Create platform device for INT33FE ACPI nodes
PM / Domains: Deal with multiple states but no governor in genpd
ALSA: i2c/cs8427: Fix int to char conversion
macintosh/windfarm_smu_sat: Fix debug output
PCI: vmd: Detach resources after stopping root bus
USB: misc: appledisplay: fix backlight update_status return code
usbip: tools: fix atoi() on non-null terminated string
sctp: use sk_wmem_queued to check for writable space
dm raid: avoid bitmap with raid4/5/6 journal device
selftests/bpf: fix file resource leak in load_kallsyms
SUNRPC: Fix a compile warning for cmpxchg64()
sunrpc: safely reallow resvport min/max inversion
atm: zatm: Fix empty body Clang warnings
s390/perf: Return error when debug_register fails
swiotlb: do not panic on mapping failures
spi: omap2-mcspi: Set FIFO DMA trigger level to word length
x86/intel_rdt: Prevent pseudo-locking from using stale pointers
sparc: Fix parport build warnings.
scsi: hisi_sas: Fix NULL pointer dereference
powerpc/pseries: Export raw per-CPU VPA data via debugfs
powerpc/mm/radix: Fix off-by-one in split mapping logic
powerpc/mm/radix: Fix overuse of small pages in splitting logic
powerpc/mm/radix: Fix small page at boundary when splitting
powerpc/64s/radix: Fix radix__flush_tlb_collapsed_pmd double flushing pmd
selftests/bpf: fix return value comparison for tests in test_libbpf.sh
tools: bpftool: fix completion for "bpftool map update"
ceph: fix dentry leak in ceph_readdir_prepopulate
ceph: only allow punch hole mode in fallocate
rtc: s35390a: Change buf's type to u8 in s35390a_init
RISC-V: Avoid corrupting the upper 32-bit of phys_addr_t in ioremap
thermal: armada: fix a test in probe()
f2fs: fix to spread clear_cold_data()
f2fs: spread f2fs_set_inode_flags()
mISDN: Fix type of switch control variable in ctrl_teimanager
qlcnic: fix a return in qlcnic_dcb_get_capability()
net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode
mfd: arizona: Correct calling of runtime_put_sync
mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values
mfd: intel_soc_pmic_bxtwc: Chain power button IRQs as well
mfd: max8997: Enale irq-wakeup unconditionally
net: socionext: Stop PHY before resetting netsec
fs/cifs: fix uninitialised variable warnings
spi: uniphier: fix incorrect property items
selftests/ftrace: Fix to test kprobe $comm arg only if available
selftests: watchdog: fix message when /dev/watchdog open fails
selftests: watchdog: Fix error message.
selftests: kvm: Fix -Wformat warnings
selftests: fix warning: "_GNU_SOURCE" redefined
thermal: rcar_thermal: fix duplicate IRQ request
thermal: rcar_thermal: Prevent hardware access during system suspend
net: ethernet: cadence: fix socket buffer corruption problem
bpf: devmap: fix wrong interface selection in notifier_call
bpf, btf: fix a missing check bug in btf_parse
powerpc/process: Fix flush_all_to_thread for SPE
sparc64: Rework xchg() definition to avoid warnings.
arm64: lib: use C string functions with KASAN enabled
fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle()
mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock
tools/testing/selftests/vm/gup_benchmark.c: fix 'write' flag usage
mm: thp: fix MADV_DONTNEED vs migrate_misplaced_transhuge_page race condition
macsec: update operstate when lower device changes
macsec: let the administrator set UP state even if lowerdev is down
block: fix the DISCARD request merge
i2c: uniphier-f: make driver robust against concurrency
i2c: uniphier-f: fix occasional timeout error
i2c: uniphier-f: fix race condition when IRQ is cleared
um: Make line/tty semantics use true write IRQ
vfs: avoid problematic remapping requests into partial EOF block
ipv4/igmp: fix v1/v2 switchback timeout based on rfc3376, 8.12
powerpc/xmon: Relax frame size for clang
selftests/powerpc/ptrace: Fix out-of-tree build
selftests/powerpc/signal: Fix out-of-tree build
selftests/powerpc/switch_endian: Fix out-of-tree build
selftests/powerpc/cache_shape: Fix out-of-tree build
block: call rq_qos_exit() after queue is frozen
mm/gup_benchmark.c: prevent integer overflow in ioctl
linux/bitmap.h: handle constant zero-size bitmaps correctly
linux/bitmap.h: fix type of nbits in bitmap_shift_right()
lib/bitmap.c: fix remaining space computation in bitmap_print_to_pagebuf
hfsplus: fix BUG on bnode parent update
hfs: fix BUG on bnode parent update
hfsplus: prevent btree data loss on ENOSPC
hfs: prevent btree data loss on ENOSPC
hfsplus: fix return value of hfsplus_get_block()
hfs: fix return value of hfs_get_block()
hfsplus: update timestamps on truncate()
hfs: update timestamp on truncate()
fs/hfs/extent.c: fix array out of bounds read of array extent
kernel/panic.c: do not append newline to the stack protector panic string
mm/memory_hotplug: make add_memory() take the device_hotplug_lock
mm/memory_hotplug: fix online/offline_pages called w.o. mem_hotplug_lock
powerpc/powernv: hold device_hotplug_lock when calling device_online()
igb: shorten maximum PHC timecounter update interval
fm10k: ensure completer aborts are marked as non-fatal after a resume
net: hns3: bugfix for buffer not free problem during resetting
net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem
net: hns3: bugfix for is_valid_csq_clean_head()
net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read
ntb_netdev: fix sleep time mismatch
ntb: intel: fix return value for ndev_vec_mask()
irq/matrix: Fix memory overallocation
nvme-pci: fix conflicting p2p resource adds
arm64: makefile fix build of .i file in external module case
tools/power turbosat: fix AMD APIC-id output
mm: handle no memcg case in memcg_kmem_charge() properly
ocfs2: without quota support, avoid calling quota recovery
ocfs2: don't use iocb when EIOCBQUEUED returns
ocfs2: don't put and assigning null to bh allocated outside
ocfs2: fix clusters leak in ocfs2_defrag_extent()
net: do not abort bulk send on BQL status
sched/topology: Fix off by one bug
sched/fair: Don't increase sd->balance_interval on newidle balance
openvswitch: fix linking without CONFIG_NF_CONNTRACK_LABELS
ARM: dts: imx6sx-sdb: Fix enet phy regulator
clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock
soc: bcm: brcmstb: Fix re-entry point with a THUMB2_KERNEL
audit: print empty EXECVE args
sock_diag: fix autoloading of the raw_diag module
net: bpfilter: fix iptables failure if bpfilter_umh is disabled
nds32: Fix bug in bitfield.h
media: ov13858: Check for possible null pointer
btrfs: avoid link error with CONFIG_NO_AUTO_INLINE
wil6210: fix debugfs memory access alignment
wil6210: fix L2 RX status handling
wil6210: fix RGF_CAF_ICR address for Talyn-MB
wil6210: fix locking in wmi_call
ath10k: snoc: fix unbalanced clock error handling
wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()'
rtl8xxxu: Fix missing break in switch
brcmsmac: never log "tid x is not agg'able" by default
wireless: airo: potential buffer overflow in sprintf()
rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information
net: dsa: bcm_sf2: Turn on PHY to allow successful registration
scsi: mpt3sas: Fix Sync cache command failure during driver unload
scsi: mpt3sas: Don't modify EEDPTagMode field setting on SAS3.5 HBA devices
scsi: mpt3sas: Fix driver modifying persistent data in Manufacturing page11
scsi: megaraid_sas: Fix msleep granularity
scsi: megaraid_sas: Fix goto labels in error handling
scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces
scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point
scsi: lpfc: Correct loss of fc4 type on remote port address change
usb: typec: tcpm: charge current handling for sink during hard reset
dlm: fix invalid free
dlm: don't leak kernel pointer to userspace
vrf: mark skb for multicast or link-local as enslaved to VRF
clk: tegra20: Turn EMC clock gate into divider
ACPICA: Use %d for signed int print formatting instead of %u
net: bcmgenet: return correct value 'ret' from bcmgenet_power_down
of: unittest: allow base devicetree to have symbol metadata
of: unittest: initialize args before calling of_*parse_*()
tools: bpftool: pass an argument to silence open_obj_pinned()
cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces
pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues
pinctrl: bcm2835: Use define directive for BCM2835_PINCONF_PARAM_PULL
pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT
pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD
PCI: keystone: Use quirk to limit MRRS for K2G
nvme-pci: fix surprise removal
spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch
i2c: uniphier-f: fix timeout error after reading 8 bytes
mm/memory_hotplug: Do not unlock when fails to take the device_hotplug_lock
ipv6: Fix handling of LLA with VRF and sockets bound to VRF
cfg80211: call disconnect_wk when AP stops
mm/page_io.c: do not free shared swap slots
Bluetooth: Fix invalid-free in bcsp_close()
KVM: MMU: Do not treat ZONE_DEVICE pages as being reserved
ath10k: Fix a NULL-ptr-deref bug in ath10k_usb_alloc_urb_from_pipe
ath9k_hw: fix uninitialized variable data
md/raid10: prevent access of uninitialized resync_pages offset
mm/memory_hotplug: don't access uninitialized memmaps in shrink_zone_span()
net: phy: dp83867: fix speed 10 in sgmii mode
net: phy: dp83867: increase SGMII autoneg timer duration
ocfs2: remove ocfs2_is_o2cb_active()
ARM: 8904/1: skip nomap memblocks while finding the lowmem/highmem boundary
ARC: perf: Accommodate big-endian CPU
x86/insn: Fix awk regexp warnings
x86/speculation: Fix incorrect MDS/TAA mitigation status
x86/speculation: Fix redundant MDS mitigation message
nbd: prevent memory leak
y2038: futex: Move compat implementation into futex.c
futex: Prevent robust futex exit race
ALSA: usb-audio: Fix NULL dereference at parsing BADD
nfc: port100: handle command failure cleanly
media: vivid: Set vid_cap_streaming and vid_out_streaming to true
media: vivid: Fix wrong locking that causes race conditions on streaming stop
media: usbvision: Fix races among open, close, and disconnect
cpufreq: Add NULL checks to show() and store() methods of cpufreq
media: uvcvideo: Fix error path in control parsing failure
media: b2c2-flexcop-usb: add sanity checking
media: cxusb: detect cxusb_ctrl_msg error in query
media: imon: invalid dereference in imon_touch_event
virtio_ring: fix return code on DMA mapping fails
USBIP: add config dependency for SGL_ALLOC
usbip: tools: fix fd leakage in the function of read_attr_usbip_status
usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit()
usb-serial: cp201x: support Mark-10 digital force gauge
USB: chaoskey: fix error case of a timeout
appledisplay: fix error handling in the scheduled work
USB: serial: mos7840: add USB ID to support Moxa UPort 2210
USB: serial: mos7720: fix remote wakeup
USB: serial: mos7840: fix remote wakeup
USB: serial: option: add support for DW5821e with eSIM support
USB: serial: option: add support for Foxconn T77W968 LTE modules
staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error
powerpc/64s: support nospectre_v2 cmdline option
powerpc/book3s64: Fix link stack flush on context switch
KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel
PM / devfreq: Fix kernel oops on governor module load
Linux 4.19.87
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id8c8d4cd92227f8f46c48c05440e09da957fa687
commit ca16d5bee5 upstream.
Robust futexes utilize the robust_list mechanism to allow the kernel to
release futexes which are held when a task exits. The exit can be voluntary
or caused by a signal or fault. This prevents that waiters block forever.
The futex operations in user space store a pointer to the futex they are
either locking or unlocking in the op_pending member of the per task robust
list.
After a lock operation has succeeded the futex is queued in the robust list
linked list and the op_pending pointer is cleared.
After an unlock operation has succeeded the futex is removed from the
robust list linked list and the op_pending pointer is cleared.
The robust list exit code checks for the pending operation and any futex
which is queued in the linked list. It carefully checks whether the futex
value is the TID of the exiting task. If so, it sets the OWNER_DIED bit and
tries to wake up a potential waiter.
This is race free for the lock operation but unlock has two race scenarios
where waiters might not be woken up. These issues can be observed with
regular robust pthread mutexes. PI aware pthread mutexes are not affected.
(1) Unlocking task is killed after unlocking the futex value in user space
before being able to wake a waiter.
pthread_mutex_unlock()
|
V
atomic_exchange_rel (&mutex->__data.__lock, 0)
<------------------------killed
lll_futex_wake () |
|
|(__lock = 0)
|(enter kernel)
|
V
do_exit()
exit_mm()
mm_release()
exit_robust_list()
handle_futex_death()
|
|(__lock = 0)
|(uval = 0)
|
V
if ((uval & FUTEX_TID_MASK) != task_pid_vnr(curr))
return 0;
The sanity check which ensures that the user space futex is owned by
the exiting task prevents the wakeup of waiters which in consequence
block infinitely.
(2) Waiting task is killed after a wakeup and before it can acquire the
futex in user space.
OWNER WAITER
futex_wait()
pthread_mutex_unlock() |
| |
|(__lock = 0) |
| |
V |
futex_wake() ------------> wakeup()
|
|(return to userspace)
|(__lock = 0)
|
V
oldval = mutex->__data.__lock
<-----------------killed
atomic_compare_and_exchange_val_acq (&mutex->__data.__lock, |
id | assume_other_futex_waiters, 0) |
|
|
(enter kernel)|
|
V
do_exit()
|
|
V
handle_futex_death()
|
|(__lock = 0)
|(uval = 0)
|
V
if ((uval & FUTEX_TID_MASK) != task_pid_vnr(curr))
return 0;
The sanity check which ensures that the user space futex is owned
by the exiting task prevents the wakeup of waiters, which seems to
be correct as the exiting task does not own the futex value, but
the consequence is that other waiters wont be woken up and block
infinitely.
In both scenarios the following conditions are true:
- task->robust_list->list_op_pending != NULL
- user space futex value == 0
- Regular futex (not PI)
If these conditions are met then it is reasonably safe to wake up a
potential waiter in order to prevent the above problems.
As this might be a false positive it can cause spurious wakeups, but the
waiter side has to handle other types of unrelated wakeups, e.g. signals
gracefully anyway. So such a spurious wakeup will not affect the
correctness of these operations.
This workaround must not touch the user space futex value and cannot set
the OWNER_DIED bit because the lock value is 0, i.e. uncontended. Setting
OWNER_DIED in this case would result in inconsistent state and subsequently
in malfunction of the owner died handling in user space.
The rest of the user space state is still consistent as no other task can
observe the list_op_pending entry in the exiting tasks robust list.
The eventually woken up waiter will observe the uncontended lock value and
take it over.
[ tglx: Massaged changelog and comment. Made the return explicit and not
depend on the subsequent check and added constants to hand into
handle_futex_death() instead of plain numbers. Fixed a few coding
style issues. ]
Fixes: 0771dfefc9 ("[PATCH] lightweight robust futexes: core")
Signed-off-by: Yang Tao <yang.tao172@zte.com.cn>
Signed-off-by: Yi Wang <wang.yi59@zte.com.cn>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/1573010582-35297-1-git-send-email-wang.yi59@zte.com.cn
Link: https://lkml.kernel.org/r/20191106224555.943191378@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 04e7712f44 upstream.
We are going to share the compat_sys_futex() handler between 64-bit
architectures and 32-bit architectures that need to deal with both 32-bit
and 64-bit time_t, and this is easier if both entry points are in the
same file.
In fact, most other system call handlers do the same thing these days, so
let's follow the trend here and merge all of futex_compat.c into futex.c.
In the process, a few minor changes have to be done to make sure everything
still makes sense: handle_futex_death() and futex_cmpxchg_enabled() become
local symbol, and the compat version of the fetch_robust_entry() function
gets renamed to compat_fetch_robust_entry() to avoid a symbol clash.
This is intended as a purely cosmetic patch, no behavior should
change.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit ea956d8be9 ]
Empty executable arguments were being skipped when printing out the list
of arguments in an EXECVE record, making it appear they were somehow
lost. Include empty arguments as an itemized empty string.
Reproducer:
autrace /bin/ls "" "/etc"
ausearch --start recent -m execve -i | grep EXECVE
type=EXECVE msg=audit(10/03/2018 13:04:03.208:1391) : argc=3 a0=/bin/ls a2=/etc
With fix:
type=EXECVE msg=audit(10/03/2018 21:51:38.290:194) : argc=3 a0=/bin/ls a1= a2=/etc
type=EXECVE msg=audit(1538617898.290:194): argc=3 a0="/bin/ls" a1="" a2="/etc"
Passes audit-testsuite. GH issue tracker at
https://github.com/linux-audit/audit-kernel/issues/99
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[PM: cleaned up the commit metadata]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 3f130a37c4 ]
When load_balance() fails to move some load because of task affinity,
we end up increasing sd->balance_interval to delay the next periodic
balance in the hopes that next time we look, that annoying pinned
task(s) will be gone.
However, idle_balance() pays no attention to sd->balance_interval, yet
it will still lead to an increase in balance_interval in case of
pinned tasks.
If we're going through several newidle balances (e.g. we have a
periodic task), this can lead to a huge increase of the
balance_interval in a very small amount of time.
To prevent that, don't increase the balance interval when going
through a newidle balance.
This is a similar approach to what is done in commit 58b26c4c02
("sched: Increment cache_nice_tries only on periodic lb"), where we
disregard newidle balance and rely on periodic balance for more stable
results.
Signed-off-by: Valentin Schneider <valentin.schneider@arm.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Dietmar.Eggemann@arm.com
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: patrick.bellasi@arm.com
Cc: vincent.guittot@linaro.org
Link: http://lkml.kernel.org/r/1537974727-30788-2-git-send-email-valentin.schneider@arm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 993f0b0510 ]
With the addition of the NUMA identity level, we increased @level by
one and will run off the end of the array in the distance sort loop.
Fixed: 051f3ca02e ("sched/topology: Introduce NUMA identity node sched domain")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 57f01796f1 ]
IRQ_MATRIX_SIZE is the number of longs needed for a bitmap, multiplied by
the size of a long, yielding a byte count. But it is used to size an array
of longs, which is way more memory than is needed.
Change IRQ_MATRIX_SIZE so it is just the number of longs needed and the
arrays come out the correct size.
Fixes: 2f75d9e1c9 ("genirq: Implement bitmap matrix allocator")
Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: KY Srinivasan <kys@microsoft.com>
Link: https://lkml.kernel.org/r/1541032428-10392-1-git-send-email-mikelley@microsoft.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 4a6998aff8 ]
Wenwen Wang reported:
In btf_parse(), the header of the user-space btf data 'btf_data'
is firstly parsed and verified through btf_parse_hdr().
In btf_parse_hdr(), the header is copied from user-space 'btf_data'
to kernel-space 'btf->hdr' and then verified. If no error happens
during the verification process, the whole data of 'btf_data',
including the header, is then copied to 'data' in btf_parse(). It
is obvious that the header is copied twice here. More importantly,
no check is enforced after the second copy to make sure the headers
obtained in these two copies are same. Given that 'btf_data' resides
in the user space, a malicious user can race to modify the header
between these two copies. By doing so, the user can inject
inconsistent data, which can cause undefined behavior of the
kernel and introduce potential security risk.
This issue is similar to the one fixed in commit 8af03d1ae2 ("bpf:
btf: Fix a missing check bug"). To fix it, this patch copies the user
'btf_data' *before* parsing / verifying the BTF header.
Fixes: 69b693f0ae ("bpf: btf: Introduce BPF Type Format (BTF)")
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Co-developed-by: Wenwen Wang <wang6495@umn.edu>
Acked-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f592f80483 ]
The dev_map_notification() removes interface in devmap if
unregistering interface's ifindex is same.
But only checking ifindex is not enough because other netns can have
same ifindex. so that wrong interface selection could occurred.
Hence netdev pointer comparison code is added.
v2: compare netdev pointer instead of using net_eq() (Daniel Borkmann)
v1: Initial patch
Fixes: 2ddf71e23c ("net: add notifier hooks for devmap bpf map")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Acked-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 8088546832 ]
All properly written drivers now have error handling in the
dma_map_single / dma_map_page callers. As swiotlb_tbl_map_single already
prints a useful warning when running out of swiotlb pool space we can
also remove swiotlb_full entirely as it serves no purpose now.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d2130e82e9 ]
The way we calculate logbuf free space percentage overflows signed
integer:
int free;
free = __LOG_BUF_LEN - log_next_idx;
pr_info("early log buf free: %u(%u%%)\n",
free, (free * 100) / __LOG_BUF_LEN);
We support LOG_BUF_LEN of up to 1<<25 bytes. Since setup_log_buf() is
called during early init, logbuf is mostly empty, so
__LOG_BUF_LEN - log_next_idx
is close to 1<<25. Thus when we multiply it by 100, we overflow signed
integer value range: 100 is 2^6 + 2^5 + 2^2.
Example, booting with LOG_BUF_LEN 1<<25 and log_buf_len=2G
boot param:
[ 0.075317] log_buf_len: -2147483648 bytes
[ 0.075319] early log buf free: 33549896(-28%)
Make "free" unsigned integer and use appropriate printk() specifier.
Link: http://lkml.kernel.org/r/20181010113308.9337-1-sergey.senozhatsky@gmail.com
To: Steven Rostedt <rostedt@goodmis.org>
Cc: linux-kernel@vger.kernel.org
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 3ac37a93fa ]
Prior to commit 5c2992ee7f ("printk: remove console flushing special
cases for partial buffered lines") we would do console_cont_flush()
for each pr_cont() to print cont fragments, so console_unlock() would
actually print data:
pr_cont();
console_lock();
console_unlock()
console_cont_flush(); // print cont fragment
...
pr_cont();
console_lock();
console_unlock()
console_cont_flush(); // print cont fragment
We don't do console_cont_flush() anymore, so when we do pr_cont()
console_unlock() does nothing (unless we flushed the cont buffer):
pr_cont();
console_lock();
console_unlock(); // noop
...
pr_cont();
console_lock();
console_unlock(); // noop
...
pr_cont();
cont_flush();
console_lock();
console_unlock(); // print data
We also wakeup klogd purposelessly for pr_cont() output - un-flushed
cont buffer is not stored in log_buf; there is nothing to pull.
Thus we can console_lock()/console_unlock()/wake_up_klogd() only when
we know that we log_store()-ed a message and there is something to
print to the consoles/syslog.
Link: http://lkml.kernel.org/r/20181002023836.4487-3-sergey.senozhatsky@gmail.com
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Dmitriy Vyukov <dvyukov@google.com>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Tejun Heo <tj@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: LKML <linux-kernel@vger.kernel.org>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Implements CONFIG_DEBUG_STACK_USAGE for shadow stacks. When enabled,
also prints out the highest shadow stack usage per process.
Bug: 145210207
Change-Id: I4c085b51e1432e8d52e54126ffd8bf7b6e35b529
(am from https://lore.kernel.org/patchwork/patch/1149056/)
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
This change adds accounting for the memory allocated for shadow stacks.
Bug: 145210207
Change-Id: I51157fe0b23b4cb28bb33c86a5dfe3ac911296a4
(am from https://lore.kernel.org/patchwork/patch/1149055/)
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
This change adds generic support for Clang's Shadow Call Stack,
which uses a shadow stack to protect return addresses from being
overwritten by an attacker. Details are available here:
https://clang.llvm.org/docs/ShadowCallStack.html
Note that security guarantees in the kernel differ from the
ones documented for user space. The kernel must store addresses
of shadow stacks used by other tasks and interrupt handlers in
memory, which means an attacker capable reading and writing
arbitrary memory may be able to locate them and hijack control
flow by modifying shadow stacks that are not currently in use.
Bug: 145210207
Change-Id: Ia5f1650593fa95da4efcf86f84830a20989f161c
(am from https://lore.kernel.org/patchwork/patch/1149054/)
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3aL2UACgkQONu9yGCS
aT73GA//VSRJjGzdohy0+NVK3Dk7tCb2GfXFyLfRasyCbpCVGudaN9IltPU20pmj
U67BRp3jJg6AFRFDxJn4uyAxqcYF6VFp77BiBLiF6lZEv3+0xxOqdyFL2IY9Cyew
5XGNWcjXAR/bZ0r/rRXw8GUBMmW/8oewW7Iay4YhriUWv/afucbMVK7cNgyj/qvP
jSbHh4mp15BGg1aIanM7YSlJgXX2MimXwEceyHPQJgKpSx1CApI2uRMSNZw/RXeP
hFox3Ord5o/K+dowtKW+eTXUMkbm+7Htsi0p+WvE69y6KjyBzh3CEXrQqJsLtd0Y
1myphKOX42z0/hbysUZQV8AvY5jrZu/SPoH8quXD/MNxPvNe0OjO3UiMruAdohQh
I3SjKZB+HprtsCGn4X6/PiHUxq8PCLwtMaa9IIRmtFOXeuxPPeQLdEoM8m2eCEiL
DnwkDXVVtQhKymmYgWUxcAsFpXl+s3k5ZRFmWEDDTuwlyZRWMPuRaWEOH8YuIHzz
QETCyodrOis90TFgG1XJDijzPpZtxZKuJ8HdGmO7J8BMDXi6r0aoTzBk8cPAAe3A
TUqRnHoMKLLYC+9vxA90aThXsibL6DuD06beJy3H1XCSj2vKvkM/iLaL8R95JjAW
XZaEv/SH9zoEynypd+b8tOHHdPSaZcTe3pd3SDmOPLpejOuSTJU=
=VtIx
-----END PGP SIGNATURE-----
Merge 4.19.86 into android-4.19
Changes in 4.19.86
spi: mediatek: use correct mata->xfer_len when in fifo transfer
i2c: mediatek: modify threshold passed to i2c_get_dma_safe_msg_buf()
tee: optee: add missing of_node_put after of_device_is_available
Revert "OPP: Protect dev_list with opp_table lock"
net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size()
idr: Fix idr_get_next race with idr_remove
mm/memory_hotplug: don't access uninitialized memmaps in shrink_pgdat_span()
mm/memory_hotplug: fix updating the node span
arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault
fbdev: Ditch fb_edid_add_monspecs
bpf, x32: Fix bug for BPF_ALU64 | BPF_NEG
bpf, x32: Fix bug with ALU64 {LSH, RSH, ARSH} BPF_X shift by 0
bpf, x32: Fix bug with ALU64 {LSH, RSH, ARSH} BPF_K shift by 0
bpf, x32: Fix bug for BPF_JMP | {BPF_JSGT, BPF_JSLE, BPF_JSLT, BPF_JSGE}
net: ovs: fix return type of ndo_start_xmit function
net: xen-netback: fix return type of ndo_start_xmit function
ARM: dts: dra7: Enable workaround for errata i870 in PCIe host mode
ARM: dts: omap5: enable OTG role for DWC3 controller
net: hns3: Fix for netdev not up problem when setting mtu
net: hns3: Fix loss of coal configuration while doing reset
f2fs: return correct errno in f2fs_gc
ARM: dts: sun8i: h3-h5: ir register size should be the whole memory block
ARM: dts: sun8i: h3: bpi-m2-plus: Fix address for external RGMII Ethernet PHY
tcp: up initial rmem to 128KB and SYN rwin to around 64KB
SUNRPC: Fix priority queue fairness
ACPI / LPSS: Make acpi_lpss_find_device() also find PCI devices
ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq
f2fs: keep lazytime on remount
IB/hfi1: Error path MAD response size is incorrect
IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds
mt76x2: fix tx power configuration for VHT mcs 9
mt76x2: disable WLAN core before probe
mt76: fix handling ps-poll frames
iommu/io-pgtable-arm: Fix race handling in split_blk_unmap()
iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout
kvm: arm/arm64: Fix stage2_flush_memslot for 4 level page table
arm64/numa: Report correct memblock range for the dummy node
ath10k: fix vdev-start timeout on error
rtlwifi: btcoex: Use proper enumerated types for Wi-Fi only interface
ata: ahci_brcm: Allow using driver or DSL SoCs
PM / devfreq: Fix devfreq_add_device() when drivers are built as modules.
PM / devfreq: Fix handling of min/max_freq == 0
PM / devfreq: stopping the governor before device_unregister()
ath9k: fix reporting calculated new FFT upper max
selftests/tls: Fix recv(MSG_PEEK) & splice() test cases
usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status()
usb: dwc3: gadget: Check ENBLSLPM before sending ep command
nl80211: Fix a GET_KEY reply attribute
irqchip/irq-mvebu-icu: Fix wrong private data retrieval
watchdog: core: fix null pointer dereference when releasing cdev
watchdog: renesas_wdt: stop when unregistering
watchdog: sama5d4: fix timeout-sec usage
watchdog: w83627hf_wdt: Support NCT6796D, NCT6797D, NCT6798D
KVM: PPC: Inform the userspace about TCE update failures
printk: Do not miss new messages when replaying the log
printk: CON_PRINTBUFFER console registration is a bit racy
dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction
dmaengine: timb_dma: Use proper enum in td_prep_slave_sg
ALSA: hda: Fix mismatch for register mask and value in ext controller.
ext4: fix build error when DX_DEBUG is defined
clk: keystone: Enable TISCI clocks if K3_ARCH
sunrpc: Fix connect metrics
x86/PCI: Apply VMD's AERSID fixup generically
mei: samples: fix a signedness bug in amt_host_if_call()
cxgb4: Use proper enum in cxgb4_dcb_handle_fw_update
cxgb4: Use proper enum in IEEE_FAUX_SYNC
powerpc/pseries: Fix DTL buffer registration
powerpc/pseries: Fix how we iterate over the DTL entries
powerpc/xive: Move a dereference below a NULL test
ARM: dts: at91: sama5d4_xplained: fix addressable nand flash size
ARM: dts: at91: at91sam9x5cm: fix addressable nand flash size
ARM: dts: at91: sama5d2_ptc_ek: fix bootloader env offsets
mtd: rawnand: sh_flctl: Use proper enum for flctl_dma_fifo0_transfer
PM / hibernate: Check the success of generating md5 digest before hibernation
tools: PCI: Fix compilation warnings
clocksource/drivers/sh_cmt: Fixup for 64-bit machines
clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines
ice: Fix forward to queue group logic
md: allow metadata updates while suspending an array - fix
ixgbe: Fix ixgbe TX hangs with XDP_TX beyond queue limit
i40e: Use proper enum in i40e_ndo_set_vf_link_state
ixgbe: Fix crash with VFs and flow director on interface flap
IB/mthca: Fix error return code in __mthca_init_one()
IB/rxe: avoid srq memory leak
RDMA/hns: Bugfix for reserved qp number
RDMA/hns: Submit bad wr when post send wr exception
RDMA/hns: Bugfix for CM test
RDMA/hns: Limit the size of extend sge of sq
IB/mlx4: Avoid implicit enumerated type conversion
rpmsg: glink: smem: Support rx peak for size less than 4 bytes
msm/gpu/a6xx: Force of_dma_configure to setup DMA for GMU
OPP: Return error on error from dev_pm_opp_get_opp_count()
ACPICA: Never run _REG on system_memory and system_IO
cpuidle: menu: Fix wakeup statistics updates for polling state
ASoC: qdsp6: q6asm-dai: checking NULL vs IS_ERR()
powerpc/time: Use clockevents_register_device(), fixing an issue with large decrementer
powerpc/64s/radix: Explicitly flush ERAT with local LPID invalidation
ata: ep93xx: Use proper enums for directions
qed: Avoid implicit enum conversion in qed_ooo_submit_tx_buffers
media: rc: ir-rc6-decoder: enable toggle bit for Kathrein RCU-676 remote
media: pxa_camera: Fix check for pdev->dev.of_node
media: rcar-vin: fix redeclaration of symbol
media: i2c: adv748x: Support probing a single output
ALSA: hda/sigmatel - Disable automute for Elo VuPoint
bnxt_en: return proper error when FW returns HWRM_ERR_CODE_RESOURCE_ACCESS_DENIED
KVM: PPC: Book3S PR: Exiting split hack mode needs to fixup both PC and LR
USB: serial: cypress_m8: fix interrupt-out transfer length
usb: dwc2: disable power_down on rockchip devices
mtd: physmap_of: Release resources on error
cpu/SMT: State SMT is disabled even with nosmt and without "=force"
brcmfmac: reduce timeout for action frame scan
brcmfmac: fix full timeout waiting for action frame on-channel tx
qtnfmac: request userspace to do OBSS scanning if FW can not
qtnfmac: pass sgi rate info flag to wireless core
qtnfmac: inform wireless core about supported extended capabilities
qtnfmac: drop error reports for out-of-bounds key indexes
clk: samsung: Use NOIRQ stage for Exynos5433 clocks suspend/resume
clk: samsung: exynos5420: Define CLK_SECKEY gate clock only or Exynos5420
clk: samsung: Use clk_hw API for calling clk framework from clk notifiers
i2c: brcmstb: Allow enabling the driver on DSL SoCs
printk: Correct wrong casting
NFSv4.x: fix lock recovery during delegation recall
dmaengine: ioat: fix prototype of ioat_enumerate_channels
media: ov5640: fix framerate update
media: cec-gpio: select correct Signal Free Time
gfs2: slow the deluge of io error messages
i2c: omap: use core to detect 'no zero length' quirk
i2c: qup: use core to detect 'no zero length' quirk
i2c: tegra: use core to detect 'no zero length' quirk
i2c: zx2967: use core to detect 'no zero length' quirk
Input: st1232 - set INPUT_PROP_DIRECT property
Input: silead - try firmware reload after unsuccessful resume
soc: fsl: bman_portals: defer probe after bman's probe
net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware
tc-testing: fix build of eBPF programs
remoteproc: Check for NULL firmwares in sysfs interface
remoteproc: qcom: q6v5: Fix a race condition on fatal crash
kexec: Allocate decrypted control pages for kdump if SME is enabled
x86/olpc: Fix build error with CONFIG_MFD_CS5535=m
dmaengine: rcar-dmac: set scatter/gather max segment size
crypto: mxs-dcp - Fix SHA null hashes and output length
crypto: mxs-dcp - Fix AES issues
xfrm: use correct size to initialise sp->ovec
ACPI / SBS: Fix rare oops when removing modules
iwlwifi: mvm: don't send keys when entering D3
xsk: proper AF_XDP socket teardown ordering
x86/fsgsbase/64: Fix ptrace() to read the FS/GS base accurately
mmc: renesas_sdhi_internal_dmac: Whitelist r8a774a1
mmc: tmio: Fix SCC error detection
mmc: renesas_sdhi_internal_dmac: set scatter/gather max segment size
atmel_lcdfb: support native-mode display-timings
fbdev: sbuslib: use checked version of put_user()
fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper()
fbdev: fix broken menu dependencies
reset: Fix potential use-after-free in __of_reset_control_get()
bcache: account size of buckets used in uuid write to ca->meta_sectors_written
bcache: recal cached_dev_sectors on detach
platform/x86: mlx-platform: Properly use mlxplat_mlxcpld_msn201x_items
media: dw9714: Fix error handling in probe function
media: dw9807-vcm: Fix probe error handling
media: cx18: Don't check for address of video_dev
mtd: spi-nor: cadence-quadspi: Use proper enum for dma_[un]map_single
mtd: devices: m25p80: Make sure WRITE_EN is issued before each write
x86/intel_rdt: Introduce utility to obtain CDP peer
x86/intel_rdt: CBM overlap should also check for overlap with CDP peer
mmc: mmci: expand startbiterr to irqmask and error check
s390/kasan: avoid vdso instrumentation
s390/kasan: avoid instrumentation of early C code
s390/kasan: avoid user access code instrumentation
proc/vmcore: Fix i386 build error of missing copy_oldmem_page_encrypted()
backlight: lm3639: Unconditionally call led_classdev_unregister
mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable
printk: Give error on attempt to set log buffer length to over 2G
media: isif: fix a NULL pointer dereference bug
GFS2: Flush the GFS2 delete workqueue before stopping the kernel threads
media: cx231xx: fix potential sign-extension overflow on large shift
media: venus: vdec: fix decoded data size
ALSA: hda/ca0132 - Fix input effect controls for desktop cards
lightnvm: pblk: fix rqd.error return value in pblk_blk_erase_sync
lightnvm: pblk: fix incorrect min_write_pgs
lightnvm: pblk: guarantee emeta on line close
lightnvm: pblk: fix write amplificiation calculation
lightnvm: pblk: guarantee mw_cunits on read buffer
lightnvm: do no update csecs and sos on 1.2
lightnvm: pblk: fix error handling of pblk_lines_init()
lightnvm: pblk: consider max hw sectors supported for max_write_pgs
x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error
bpf: btf: Fix a missing check bug
net: fix generic XDP to handle if eth header was mangled
gpio: syscon: Fix possible NULL ptr usage
spi: fsl-lpspi: Prevent FIFO under/overrun by default
pinctrl: gemini: Mask and set properly
spi: spidev: Fix OF tree warning logic
ARM: 8802/1: Call syscall_trace_exit even when system call skipped
x86/mm: Do not warn about PCI BIOS W+X mappings
orangefs: rate limit the client not running info message
pinctrl: gemini: Fix up TVC clock group
scsi: arcmsr: clean up clang warning on extraneous parentheses
hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors
hwmon: (nct6775) Fix names of DIMM temperature sources
hwmon: (pwm-fan) Silence error on probe deferral
hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros
hwmon: (npcm-750-pwm-fan) Change initial pwm target to 255
selftests: forwarding: Have lldpad_app_wait_set() wait for unknown, too
net: sched: avoid writing on noop_qdisc
netfilter: nft_compat: do not dump private area
misc: cxl: Fix possible null pointer dereference
mac80211: minstrel: fix using short preamble CCK rates on HT clients
mac80211: minstrel: fix CCK rate group streams value
mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode
spi: rockchip: initialize dma_slave_config properly
mlxsw: spectrum_switchdev: Check notification relevance based on upper device
ARM: dts: omap5: Fix dual-role mode on Super-Speed port
tcp: start receiver buffer autotuning sooner
ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate
PM / devfreq: Fix static checker warning in try_then_request_governor
tools: PCI: Fix broken pcitest compilation
powerpc/time: Fix clockevent_decrementer initalisation for PR KVM
mmc: tmio: fix SCC error handling to avoid false positive CRC error
x86/resctrl: Fix rdt_find_domain() return value and checks
Linux 4.19.86
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib9de820e5026cadf4fab89e69d1324302cdae9c3
[ Upstream commit 8af03d1ae2 ]
In btf_parse_hdr(), the length of the btf data header is firstly copied
from the user space to 'hdr_len' and checked to see whether it is larger
than 'btf_data_size'. If yes, an error code EINVAL is returned. Otherwise,
the whole header is copied again from the user space to 'btf->hdr'.
However, after the second copy, there is no check between
'btf->hdr->hdr_len' and 'hdr_len' to confirm that the two copies get the
same value. Given that the btf data is in the user space, a malicious user
can race to change the data between the two copies. By doing so, the user
can provide malicious data to the kernel and cause undefined behavior.
This patch adds a necessary check after the second copy, to make sure
'btf->hdr->hdr_len' has the same value as 'hdr_len'. Otherwise, an error
code EINVAL will be returned.
Signed-off-by: Wenwen Wang <wang6495@umn.edu>
Acked-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit e6fe3e5b7d ]
The current printk() is ready to handle log buffer size up to 2G.
Give an explicit error for users who want to use larger log buffer.
Also fix printk formatting to show the 2G as a positive number.
Link: http://lkml.kernel.org/r/20181008135916.gg4kkmoki5bgtco5@pathway.suse.cz
Cc: rostedt@goodmis.org
Cc: linux-kernel@vger.kernel.org
Suggested-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: He Zhe <zhe.he@windriver.com>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
[pmladek: Fixed to the really safe limit 2GB.]
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d0e7d14455 ]
When booting with "nosmt=force" a message is issued into dmesg to
confirm that SMT has been force-disabled but such a message is not
issued when only "nosmt" is on the kernel command line.
Fix that.
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20181004172227.10094-1-bp@alien8.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 884e370ea8 ]
CON_PRINTBUFFER console registration requires us to do several
preparation steps:
- Rollback console_seq to replay logbuf messages which were already
seen on other consoles;
- Set exclusive_console flag so console_unlock() will ->write() logbuf
messages only to the exclusive_console driver.
The way we do it, however, is a bit racy
logbuf_lock_irqsave(flags);
console_seq = syslog_seq;
console_idx = syslog_idx;
logbuf_unlock_irqrestore(flags);
<< preemption enabled
<< irqs enabled
exclusive_console = newcon;
console_unlock();
We rollback console_seq under logbuf_lock with IRQs disabled, but
we set exclusive_console with local IRQs enabled and logbuf unlocked.
If the system oops-es or panic-s before we set exclusive_console - and
given that we have IRQs and preemption enabled there is such a
possibility - we will re-play all logbuf messages to every registered
console, which may be a bit annoying and time consuming.
Move exclusive_console assignment to the same IRQs-disabled and
logbuf_lock-protected section where we rollback console_seq.
Link: http://lkml.kernel.org/r/20180928095304.9972-1-sergey.senozhatsky@gmail.com
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f92b070f2d ]
The variable "exclusive_console" is used to reply all existing messages
on a newly registered console. It is cleared when all messages are out.
The problem is that new messages might appear in the meantime. These
are then visible only on the exclusive console.
The obvious solution is to clear "exclusive_console" after we replay
all messages that were already proceed before we started the reply.
Reported-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Link: http://lkml.kernel.org/r/20180913123406.14378-1-pmladek@suse.com
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Cc: linux-kernel@vger.kernel.org
Acked-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3VfEoACgkQONu9yGCS
aT7vHRAAv3fZQ5+Rn0zn0cgYsgG5OGbtHL01aJB99g2Dgf/VmB3OrB2rx+ZF7WVw
Uakab5XZp6rLSxG4LNQy7jjIuxADdDab5xWTlhqpEHVydsFC9IOktT91DW2luf8Y
Xyr8q7sQIS7eV67NkUnUSqri1IdsRNB5qeWmhC0l6+PSuQrk+WF0y5B4TtrjF5Er
GjYTq9RTJh7/luFKUSmxN8+TIwo4uY15b3oqX75LMPObzbH+c5iqp5QiHJh/BQ7/
awf7kxlMay0V/hPRmGomHxX70TgHTF2er0b+HyJwf1OX0zgKycsztWZT+p7qN+DT
yjPWwYJ3kGs/7GwZL7HNhk8p/3aDf9HFHFvbVSty63wgZ8dfo4EuXZ9YfWa+lfI8
Kn4wKeynUvrvNLH9iYug/XuEPjXysQeSlBaL4pZTPTWtipu1MP0OpR05l8UzO2cO
lqWgf0Y7wsunZBeyCLkWd9TCO7gd1s7csdkJAy37rG7mCjN3p83NeMznLlj+H4I8
MHlcAWdlxlWWitKohi0kr/VYiHmhBVsOZu4rQmuCBWuo++HrWwn7XaGBzYsP8Eku
7ZNaS5oJFAjBzKnQxp8i3mgE8ifODuokgPISImyyRWidedfoHcv6Kr+pdEoQ+gjk
nL5xwqKAMsh/vMyxVmetzytULHtvBqJelquzQcfnanyEvBoS46Q=
=EUxi
-----END PGP SIGNATURE-----
Merge 4.19.85 into android-4.19
Changes in 4.19.85
KVM: x86: introduce is_pae_paging
MIPS: BCM63XX: fix switch core reset on BCM6368
scsi: core: Handle drivers which set sg_tablesize to zero
ax88172a: fix information leak on short answers
ipmr: Fix skb headroom in ipmr_get_route().
net: gemini: add missed free_netdev
net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules
slip: Fix memory leak in slip_open error path
ALSA: usb-audio: Fix missing error check at mixer resolution test
ALSA: usb-audio: not submit urb for stopped endpoint
ALSA: usb-audio: Fix incorrect NULL check in create_yamaha_midi_quirk()
ALSA: usb-audio: Fix incorrect size check for processing/extension units
Btrfs: fix log context list corruption after rename exchange operation
Input: ff-memless - kill timer in destroy()
Input: synaptics-rmi4 - fix video buffer size
Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver
Input: synaptics-rmi4 - do not consume more data than we have (F11, F12)
Input: synaptics-rmi4 - clear IRQ enables for F54
Input: synaptics-rmi4 - destroy F54 poller workqueue when removing
IB/hfi1: Ensure full Gen3 speed in a Gen4 system
IB/hfi1: Use a common pad buffer for 9B and 16B packets
i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present
ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable
ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either
net: ethernet: dwmac-sun8i: Use the correct function in exit path
iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros
mm: mempolicy: fix the wrong return value and potential pages leak of mbind
mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm()
mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup()
mmc: sdhci-of-at91: fix quirk2 overwrite
iio: adc: max9611: explicitly cast gain_selectors
tee: optee: take DT status property into account
ath10k: fix kernel panic by moving pci flush after napi_disable
iio: dac: mcp4922: fix error handling in mcp4922_write_raw
clk: sunxi-ng: h6: fix PWM gate/reset offset
soundwire: Initialize completion for defer messages
soundwire: intel: Fix uninitialized adev deref
arm64: dts: allwinner: a64: Orange Pi Win: Fix SD card node
arm64: dts: allwinner: a64: Olinuxino: fix DRAM voltage
arm64: dts: allwinner: a64: NanoPi-A64: Fix DCDC1 voltage
ALSA: pcm: signedness bug in snd_pcm_plug_alloc()
soc/tegra: pmc: Fix pad voltage configuration for Tegra186
arm64: dts: tegra210-p2180: Correct sdmmc4 vqmmc-supply
y2038: make do_gettimeofday() and get_seconds() inline
ARM: dts: rcar: Correct SATA device sizes to 2 MiB
ARM: dts: at91/trivial: Fix USART1 definition for at91sam9g45
rtc: sysfs: fix NULL check in rtc_add_groups()
rtc: rv8803: fix the rv8803 id in the OF table
remoteproc/davinci: Use %zx for formating size_t
extcon: cht-wc: Return from default case to avoid warnings
cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set
ALSA: seq: Do error checks at creating system ports
ath10k: skip resetting rx filter for WCN3990
ath9k: fix tx99 with monitor mode interface
wil6210: drop Rx multicast packets that are looped-back to STA
wil6210: set edma variables only for Talyn-MB devices
wil6210: prevent usage of tx ring 0 for eDMA
wil6210: fix invalid memory access for rx_buff_mgmt debugfs
ath10k: limit available channels via DT ieee80211-freq-limit
ice: Update request resource command to latest specification
ice: Prevent control queue operations during reset
gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated
ice: Fix and update driver version string
ASoC: dapm: Don't fail creating new DAPM control on NULL pinctrl
ASoC: dpcm: Properly initialise hw->rate_max
ASoC: meson: axg-fifo: report interrupt request failure
ASoC: AMD: Change MCLK to 48Mhz
pinctrl: ingenic: Probe driver at subsys_initcall
MIPS: BCM47XX: Enable USB power on Netgear WNDR3400v3
ARM: dts: exynos: Use i2c-gpio for HDMI-DDC on Arndale
ARM: dts: exynos: Fix HDMI-HPD line handling on Arndale
ARM: dts: exynos: Fix sound in Snow-rev5 Chromebook
liquidio: fix race condition in instruction completion processing
arm64: dts: stratix10: i2c clock running out of spec
ARM: dts: exynos: Fix regulators configuration on Peach Pi/Pit Chromebooks
i40evf: Validate the number of queues a PF sends
i40e: use correct length for strncpy
i40evf: set IFF_UNICAST_FLT flag for the VF
i40e: Check and correct speed values for link on open
i40evf: Don't enable vlan stripping when rx offload is turned on
i40e: hold the rtnl lock on clearing interrupt scheme
i40evf: cancel workqueue sync for adminq when a VF is removed
i40e: Prevent deleting MAC address from VF when set by PF
IB/rxe: avoid back-to-back retries
IB/rxe: fixes for rdma read retry
iwlwifi: drop packets with bad status in CD
iwlwifi: don't WARN on trying to dump dead firmware
iwlwifi: mvm: avoid sending too many BARs
media: vicodec: fix out-of-range values when decoding
media: i2c: Fix pm_runtime_get_if_in_use() usage in sensor drivers
media: ov772x: Disable clk on error path
ARM: dts: pxa: fix the rtc controller
ARM: dts: pxa: fix power i2c base address
rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument
mwifiex: do no submit URB in suspended state
mwifex: free rx_cmd skb in suspended state
brcmfmac: fix wrong strnchr usage
mt76: Fix comparisons with invalid hardware key index
soc: imx: gpc: fix PDN delay
ASoC: rsnd: ssi: Fix issue in dma data address assignment
net: hns3: Fix for multicast failure
net: hns3: Fix error of checking used vlan id
net: hns3: Fix for loopback selftest failed problem
net: hns3: Change the dst mac addr of loopback packet
net/mlx5: Fix atomic_mode enum values
net: phy: mscc: read 'vsc8531,vddmac' as an u32
net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32
ARM: dts: meson8: fix the clock controller register size
ARM: dts: meson8b: fix the clock controller register size
mtd: rawnand: marvell: use regmap_update_bits() for syscon access
mtd: rawnand: fsl_ifc: check result of SRAM initialization
mtd: rawnand: fsl_ifc: fixup SRAM init for newer ctrl versions
mtd: rawnand: qcom: don't include dma-direct.h
IB/mlx5: Change TX affinity assignment in RoCE LAG mode
qxl: fix null-pointer crash during suspend
mac80211: fix saving a few HE values
cfg80211: validate wmm rule when setting
f2fs: avoid wrong decrypted data from disk
net: lan78xx: Bail out if lan78xx_get_endpoints fails
rtnetlink: move type calculation out of loop
ASoC: sgtl5000: avoid division by zero if lo_vag is zero
ath10k: avoid possible memory access violation
ARM: dts: exynos: Disable pull control for S5M8767 PMIC
ath10k: wmi: disable softirq's while calling ieee80211_rx
i2c: mediatek: Use DMA safe buffers for i2c transactions
IB/mlx5: Don't hold spin lock while checking device state
IB/ipoib: Ensure that MTU isn't less than minimum permitted
RDMA/core: Rate limit MAD error messages
RDMA/core: Follow correct unregister order between sysfs and cgroup
mips: txx9: fix iounmap related issue
udf: Fix crash during mount
ASoC: dapm: Avoid uninitialised variable warning
ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation
ata: Disable AHCI ALPM feature for Ampere Computing eMAG SATA
of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC
ARM: dts: omap3-gta04: give spi_lcd node a label so that we can overwrite in other DTS files
ARM: dts: omap3-gta04: fixes for tvout / venc
ARM: dts: omap3-gta04: tvout: enable as display1 alias
ARM: dts: omap3-gta04: fix touchscreen tsc2007
ARM: dts: omap3-gta04: make NAND partitions compatible with recent U-Boot
ARM: dts: omap3-gta04: keep vpll2 always on
f2fs: submit bio after shutdown
failover: Fix error return code in net_failover_create
sched/debug: Explicitly cast sched_feat() to bool
sched/debug: Use symbolic names for task state constants
firmware: arm_scmi: use strlcpy to ensure NULL-terminated strings
arm64: dts: rockchip: Fix VCC5V0_HOST_EN on rk3399-sapphire
ARM: dts: exynos: Disable pull control for PMIC IRQ line on Artik5 board
usb: mtu3: disable vbus rise/fall interrupts of ltssm
dmaengine: dma-jz4780: Don't depend on MACH_JZ4780
dmaengine: dma-jz4780: Further residue status fix
EDAC, sb_edac: Return early on ADDRV bit and address type test
rtc: mt6397: fix possible race condition
rtc: pl030: fix possible race condition
ath9k: add back support for using active monitor interfaces for tx99
dmaengine: at_xdmac: remove a stray bottom half unlock
RDMA/hns: Fix an error code in hns_roce_v2_init_eq_table()
IB/hfi1: Missing return value in error path for user sdma
signal: Always ignore SIGKILL and SIGSTOP sent to the global init
signal: Properly deliver SIGILL from uprobes
signal: Properly deliver SIGSEGV from x86 uprobes
f2fs: fix memory leak of write_io in fill_super()
f2fs: fix memory leak of percpu counter in fill_super()
f2fs: fix setattr project check upon fssetxattr ioctl
scsi: qla2xxx: Use correct qpair for ABTS/CMD
scsi: qla2xxx: Fix iIDMA error
scsi: qla2xxx: Defer chip reset until target mode is enabled
scsi: qla2xxx: Terminate Plogi/PRLI if WWN is 0
scsi: qla2xxx: Fix deadlock between ATIO and HW lock
scsi: qla2xxx: Increase abort timeout value
scsi: qla2xxx: Check for Register disconnect
scsi: qla2xxx: Fix port speed display on chip reset
scsi: qla2xxx: Fix dropped srb resource.
scsi: qla2xxx: Fix duplicate switch's Nport ID entries
scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN
scsi: lpfc: Correct invalid EQ doorbell write on if_type=6
scsi: lpfc: Fix errors in log messages.
scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir()
ARM: imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff" is set
scsi: pm80xx: Corrected dma_unmap_sg() parameter
scsi: pm80xx: Fixed system hang issue during kexec boot
kprobes: Don't call BUG_ON() if there is a kprobe in use on free list
net: aquantia: fix hw_atl_utils_fw_upload_dwords
Drivers: hv: vmbus: Fix synic per-cpu context initialization
nvmem: core: return error code instead of NULL from nvmem_device_get
media: dt-bindings: adv748x: Fix decimal unit addresses
ALSA: hda: Fix implicit definition of pci_iomap() on SH
media: fix: media: pci: meye: validate offset to avoid arbitrary access
media: dvb: fix compat ioctl translation
net: bcmgenet: Fix speed selection for reverse MII
arm64: dts: meson: libretech: update board model
arm64: dts: meson-axg: use the proper compatible for ethmac
ALSA: intel8x0m: Register irq handler after register initializations
arm64: dts: renesas: salvator-common: adv748x: Override secondary addresses
arm64: dts: renesas: r8a77965: Attach the SYS-DMAC to the IPMMU
arm64: dts: renesas: r8a77965: Fix HS-USB compatible
arm64: dts: renesas: r8a77965: Fix clock/reset for usb2_phy1
pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map()
llc: avoid blocking in llc_sap_close()
ARM: dts: qcom: ipq4019: fix cpu0's qcom,saw2 reg value
soc: qcom: geni: Don't ignore clk_round_rate() errors in geni_se_clk_tbl_get()
soc: qcom: geni: geni_se_clk_freq_match() should always accept multiples
soc: qcom: wcnss_ctrl: Avoid string overflow
soc: qcom: apr: Avoid string overflow
drivers: qcom: rpmh-rsc: clear wait_for_compl after use
arm64: dts: broadcom: Fix I2C and SPI bus warnings
ARM: dts: bcm: Fix SPI bus warnings
ARM: dts: aspeed: Fix I2C bus warnings
powerpc/vdso: Correct call frame information
ARM: dts: socfpga: Fix I2C bus unit-address error
ARM: dts: sunxi: Fix I2C bus warnings
pinctrl: at91: don't use the same irqchip with multiple gpiochips
ARM: dts: sun9i: Fix I2C bus warnings
android: binder: no outgoing transaction when thread todo has transaction
cxgb4: Fix endianness issue in t4_fwcache()
arm64: fix for bad_mode() handler to always result in panic
block, bfq: inject other-queue I/O into seeky idle queues on NCQ flash
blok, bfq: do not plug I/O if all queues are weight-raised
arm64: dts: meson: Fix erroneous SPI bus warnings
power: supply: ab8500_fg: silence uninitialized variable warnings
power: reset: at91-poweroff: do not procede if at91_shdwc is allocated
power: supply: max8998-charger: Fix platform data retrieval
component: fix loop condition to call unbind() if bind() fails
kernfs: Fix range checks in kernfs_get_target_path
ip_gre: fix parsing gre header in ipgre_err
scsi: ufshcd: Fix NULL pointer dereference for in ufshcd_init
ARM: dts: rockchip: Fix erroneous SPI bus dtc warnings on rk3036
arm64: dts: rockchip: Fix I2C bus unit-address error on rk3399-puma-haikou
ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask
netfilter: nf_tables: avoid BUG_ON usage
ath9k: Fix a locking bug in ath9k_add_interface()
s390/qeth: uninstall IRQ handler on device removal
s390/qeth: invoke softirqs after napi_schedule()
media: vsp1: Fix vsp1_regs.h license header
media: vsp1: Fix YCbCr planar formats pitch calculation
media: ov2680: don't register the v4l2 subdevice before checking chip ID
PCI/ACPI: Correct error message for ASPM disabling
net: socionext: Fix two sleep-in-atomic-context bugs in ave_rxfifo_reset()
PCI: mediatek: Fix unchecked return value
ARM: dts: xilinx: Fix I2C and SPI bus warnings
serial: uartps: Fix suspend functionality
serial: samsung: Enable baud clock for UART reset procedure in resume
serial: mxs-auart: Fix potential infinite loop
tty: serial: qcom_geni_serial: Fix serial when not used as console
arm64: dts: ti: k3-am65: Change #address-cells and #size-cells of interconnect to 2
samples/bpf: fix a compilation failure
spi/bcm63xx-hsspi: keep pll clk enabled
spi: mediatek: Don't modify spi_transfer when transfer.
ASoC: rt5682: Fix the boost volume at the begining of playback
ipmi_si_pci: fix NULL device in ipmi_si error message
ipmi_si: fix potential integer overflow on large shift
ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address
ipmi: fix return value of ipmi_set_my_LUN
net: hns3: fix return type of ndo_start_xmit function
net: cavium: fix return type of ndo_start_xmit function
net: ibm: fix return type of ndo_start_xmit function
powerpc/iommu: Avoid derefence before pointer check
selftests/powerpc: Do not fail with reschedule
powerpc/64s/hash: Fix stab_rr off by one initialization
powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request
powerpc/pseries: Disable CPU hotplug across migrations
powerpc: Fix duplicate const clang warning in user access code
RDMA/i40iw: Fix incorrect iterator type
ARM: dts: atmel: Fix I2C and SPI bus warnings
OPP: Protect dev_list with opp_table lock
of/unittest: Fix I2C bus unit-address error
libfdt: Ensure INT_MAX is defined in libfdt_env.h
power: supply: twl4030_charger: fix charging current out-of-bounds
power: supply: twl4030_charger: disable eoc interrupt on linear charge
net: mvpp2: fix the number of queues per cpu for PPv2.2
net: marvell: fix return type of ndo_start_xmit function
net: toshiba: fix return type of ndo_start_xmit function
net: xilinx: fix return type of ndo_start_xmit function
net: broadcom: fix return type of ndo_start_xmit function
net: amd: fix return type of ndo_start_xmit function
net: sun: fix return type of ndo_start_xmit function
net: hns3: Fix for setting speed for phy failed problem
net: hns3: Fix cmdq registers initialization issue for vf
net: hns3: Clear client pointer when initialize client failed or unintialize finished
net: hns3: Fix client initialize state issue when roce client initialize failed
net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg()
nfp: provide a better warning when ring allocation fails
usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started
usb: chipidea: Fix otg event handler
usb: usbtmc: Fix ioctl USBTMC_IOCTL_ABORT_BULK_OUT
s390/zcrypt: enable AP bus scan without a valid default domain
s390/vdso: avoid 64-bit vdso mapping for compat tasks
s390/vdso: correct CFI annotations of vDSO functions
brcmfmac: increase buffer for obtaining firmware capabilities
brcmsmac: Use kvmalloc() for ucode allocations
mlxsw: spectrum: Init shaper for TCs 8..15
PCI: portdrv: Initialize service drivers directly
ARM: dts: am335x-evm: fix number of cpsw
ARM: dts: ti: Fix SPI and I2C bus warnings
f2fs: avoid infinite loop in f2fs_alloc_nid
f2fs: fix to recover inode's uid/gid during POR
ARM: dts: ux500: Correct SCU unit address
ARM: dts: ux500: Fix LCDA clock line muxing
ARM: dts: ste: Fix SPI controller node names
spi: pic32: Use proper enum in dmaengine_prep_slave_rg
crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
cpufeature: avoid warning when compiling with clang
crypto: arm/crc32 - avoid warning when compiling with Clang
ARM: dts: marvell: Fix SPI and I2C bus warnings
x86/mce-inject: Reset injection struct after injection
ARM: dts: stm32: enable display on stm32mp157c-ev1 board
ARM: dts: clearfog: fix sdhci supply property name
ARM: dts: stm32: Fix SPI controller node names
bnx2x: Ignore bandwidth attention in single function mode
PCI/AER: Take reference on error devices
PCI/AER: Don't read upstream ports below fatal errors
PCI/ERR: Use slot reset if available
samples/bpf: fix compilation failure
net: phy: mdio-bcm-unimac: Allow configuring MDIO clock divider
net: micrel: fix return type of ndo_start_xmit function
net: freescale: fix return type of ndo_start_xmit function
x86/CPU: Use correct macros for Cyrix calls
x86/CPU: Change query logic so CPUID is enabled before testing
EDAC: Correct DIMM capacity unit symbol
MIPS: kexec: Relax memory restriction
arm64: dts: rockchip: Fix microSD in rk3399 sapphire board
mlxsw: Make MLXSW_SP1_FWREV_MINOR a hard requirement
media: imx: work around false-positive warning, again
media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init()
media: au0828: Fix incorrect error messages
media: davinci: Fix implicit enum conversion warning
ARM: dts: rockchip: explicitly set vcc_sd0 pin to gpio on rk3188-radxarock
usb: gadget: uvc: configfs: Drop leaked references to config items
usb: gadget: uvc: configfs: Prevent format changes after linking header
usb: gadget: uvc: configfs: Sort frame intervals upon writing
ARM: dts: exynos: Correct audio subsystem parent clock on Peach Chromebooks
i2c: aspeed: fix invalid clock parameters for very large divisors
gpiolib: Fix gpio_direction_* for single direction GPIOs
ARM: at91: pm: call put_device instead of of_node_put in at91_pm_config_ws
phy: brcm-sata: allow PHY_BRCM_SATA driver to be built for DSL SoCs
phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs
phy: phy-twl4030-usb: fix denied runtime access
ARM: dts: imx6ull: update vdd_soc voltage for 900MHz operating point
usb: gadget: uvc: Factor out video USB request queueing
usb: gadget: uvc: Only halt video streaming endpoint in bulk mode
coresight: Use ERR_CAST instead of ERR_PTR
coresight: Fix handling of sinks
coresight: perf: Fix per cpu path management
coresight: perf: Disable trace path upon source error
coresight: tmc-etr: Handle driver mode specific ETR buffers
coresight: etm4x: Configure EL2 exception level when kernel is running in HYP
coresight: tmc: Fix byte-address alignment for RRP
coresight: dynamic-replicator: Handle multiple connections
slimbus: ngd: register ngd driver only once.
slimbus: ngd: return proper error code instead of zero
silmbus: ngd: register controller after power up.
misc: kgdbts: Fix restrict error
misc: genwqe: should return proper error value.
vmbus: keep pointer to ring buffer page
vfio/pci: Fix potential memory leak in vfio_msi_cap_len
vfio/pci: Mask buggy SR-IOV VF INTx support
iw_cxgb4: Use proper enumerated type in c4iw_bar2_addrs
scsi: libsas: always unregister the old device if going to discover new
f2fs: fix remount problem of option io_bits
phy: lantiq: Fix compile warning
arm64: dts: fsl: Fix I2C and SPI bus warnings
ARM: dts: imx51-zii-rdu1: Fix the rtc compatible string
arm64: tegra: I2C on Tegra194 is not compatible with Tegra114
ARM: dts: tegra30: fix xcvr-setup-use-fuses
ARM: dts: tegra20: restore address order
ARM: tegra: apalis_t30: fix mmc1 cmd pull-up
ARM: tegra: apalis_t30: fix mcp2515 can controller interrupt polarity
ARM: tegra: colibri_t30: fix mcp2515 can controller interrupt polarity
ARM: dts: paz00: fix wakeup gpio keycode
net: smsc: fix return type of ndo_start_xmit function
net: faraday: fix return type of ndo_start_xmit function
PCI/ERR: Run error recovery callbacks for all affected devices
f2fs: update i_size after DIO completion
f2fs: fix to recover inode's project id during POR
f2fs: mark inode dirty explicitly in recover_inode()
RDMA: Fix dependencies for rdma_user_mmap_io
EDAC: Raise the maximum number of memory controllers
ARM: dts: realview: Fix SPI controller node names
firmware: dell_rbu: Make payload memory uncachable
Bluetooth: hci_serdev: clear HCI_UART_PROTO_READY to avoid closing proto races
Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS
Bluetooth: btrsi: fix bt tx timeout issue
x86/hyperv: Suppress "PCI: Fatal: No config space access function found"
crypto: s5p-sss: Fix race in error handling
crypto: s5p-sss: Fix Fix argument list alignment
crypto: fix a memory leak in rsa-kcs1pad's encryption mode
iwlwifi: dbg: don't crash if the firmware crashes in the middle of a debug dump
iwlwifi: fix non_shared_ant for 22000 devices
iwlwifi: pcie: read correct prph address for newer devices
iwlwifi: api: annotate compressed BA notif array sizes
iwlwifi: pcie: gen2: build A-MSDU only for GSO
iwlwifi: pcie: fit reclaim msg to MAX_MSG_LEN
iwlwifi: mvm: use correct FIFO length
iwlwifi: mvm: Allow TKIP for AP mode
scsi: NCR5380: Clear all unissued commands on host reset
scsi: NCR5380: Have NCR5380_select() return a bool
scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE
scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data
scsi: NCR5380: Check for invalid reselection target
scsi: NCR5380: Don't clear busy flag when abort fails
scsi: NCR5380: Don't call dsprintk() following reselection interrupt
scsi: NCR5380: Handle BUS FREE during reselection
scsi: NCR5380: Check for bus reset
arm64: dts: amd: Fix SPI bus warnings
arm64: dts: lg: Fix SPI controller node names
ARM: dts: lpc32xx: Fix SPI controller node names
rtc: isl1208: avoid possible sysfs race
rtc: tx4939: fixup nvmem name and register size
rtc: armada38x: fix possible race condition
netfilter: masquerade: don't flush all conntracks if only one address deleted on device
usb: xhci-mtk: fix ISOC error when interval is zero
usb: usbtmc: uninitialized symbol 'actual' in usbtmc_ioctl_clear
fuse: use READ_ONCE on congestion_threshold and max_background
IB/iser: Fix possible NULL deref at iser_inv_desc()
media: ov2680: fix null dereference at power on
s390/vdso: correct vdso mapping for compat tasks
net: phy: mdio-bcm-unimac: mark PM functions as __maybe_unused
memfd: Use radix_tree_deref_slot_protected to avoid the warning.
slcan: Fix memory leak in error path
Linux 4.19.85
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0857e66ee2cdd412cd736548a1395bf764a8ab0a
[ Upstream commit cbdd96f558 ]
Instead of calling BUG_ON(), if we find a kprobe in use on free kprobe
list, just remove it from the list and keep it on kprobe hash list
as same as other in-use kprobes.
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
Cc: David S . Miller <davem@davemloft.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Naveen N . Rao <naveen.n.rao@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/153666126882.21306.10738207224288507996.stgit@devbox
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 55a3235fc7 ]
For userspace to tell the difference between a random signal and an
exception, the exception must include siginfo information.
Using SEND_SIG_FORCED for SIGILL is thus wrong, and it will result
in userspace seeing si_code == SI_USER (like a random signal) instead
of si_code == SI_KERNEL or a more specific si_code as all exceptions
deliver.
Therefore replace force_sig_info(SIGILL, SEND_SIG_FORCE, current)
with force_sig(SIG_ILL, current) which gets this right and is
shorter and easier to type.
Fixes: 014940bad8 ("uprobes/x86: Send SIGILL if arch_uprobe_post_xol() fails")
Fixes: 0b5256c7f1 ("uprobes: Send SIGILL if handle_trampoline() fails")
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 86989c41b5 ]
If the first process started (aka /sbin/init) receives a SIGKILL it
will panic the system if it is delivered. Making the system unusable
and undebugable. It isn't much better if the first process started
receives SIGSTOP.
So always ignore SIGSTOP and SIGKILL sent to init.
This is done in a separate clause in sig_task_ignored as force_sig_info
can clear SIG_UNKILLABLE and this protection should work even then.
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 7e6f4c5d60 ]
LLVM has a warning that tags expressions like:
if (foo && non-bool-const)
This pattern triggers for CONFIG_SCHED_DEBUG=n where sched_feat() ends
up being whatever bit we select. Avoid the warning with an explicit
cast to bool.
Reported-by: Philipp Klocke <philipp97kl@gmail.com>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 33e2641819 ]
get_seconds() and do_gettimeofday() are only used by a few modules now any
more (waiting for the respective patches to get accepted), and they are
among the last holdouts of code that is not y2038 safe in the core kernel.
Move the implementation into the timekeeping32.h header to clean up
the core kernel and isolate the old interfaces further.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3K+EEACgkQONu9yGCS
aT5ReA/+IrdgTosfTtLizJhq+rR7UClBC4D7rOEBv6BVpKMNRdldcaVsFy6/MO6I
eq3keoicBpGxY8j6mp559GT7ACvXC3L6SALlwvfmGX6BHGVmwTE1Q6UmYbMfCoVY
kkZ6YUGc9T20hfvi1aG/bXerv90phIj3mSOttpLQsiNmlqkP4o2ayA9c/ohhINZ9
N3tEqh81vuZ9DQKdR6hY3iiqq8j3x5if5PppfdtQJMq8U7EUePHeiOrl6+j/PWXV
UHF+BGXVJBXF7Qn3NGzLAZsI5HI+PT9ec9R5/6kFwbKnD88CR80AJpwzmPXmLjTu
584oSQHzSQzSl5+r53SrK3EgOUdsduicGHJfO9RU1ttMAkkz+t+7LSSMDMX0qMFX
OGJdaiQc5arKNEcgckpnNDScRAlxK7IwUWfgcyFsjgMhLKxEfAuz8+JGJEp3QF6T
bNXupekzCnhE70j1/1MObLrTshW+BwIfYgSWwjH01Fq5h6/7IcuGWtfpuanhFj0k
sa4J02kdCvUPNAAlXAt07E/QS/4pLEV/Lh4K86MGR2ltYQjPEyYoY9LwIJAFEyQE
/DYUTS9GvlOitpbdUT48v/msZpOHWvhza8He/ZChN17RqFrIY9ykkPkA22moCqWB
w7d4HTP3dkYlt00e2DAclbCMsek9rNn+oTnY1jxGKa3pXxZAKyo=
=T5EF
-----END PGP SIGNATURE-----
Merge 4.19.84 into android-4.19
Changes in 4.19.84
bonding: fix state transition issue in link monitoring
CDC-NCM: handle incomplete transfer of MTU
ipv4: Fix table id reference in fib_sync_down_addr
net: ethernet: octeon_mgmt: Account for second possible VLAN header
net: fix data-race in neigh_event_send()
net: qualcomm: rmnet: Fix potential UAF when unregistering
net: usb: qmi_wwan: add support for DW5821e with eSIM support
NFC: fdp: fix incorrect free object
nfc: netlink: fix double device reference drop
NFC: st21nfca: fix double free
qede: fix NULL pointer deref in __qede_remove()
net: mscc: ocelot: don't handle netdev events for other netdevs
net: mscc: ocelot: fix NULL pointer on LAG slave removal
ipv6: fixes rt6_probe() and fib6_nh->last_probe init
net: hns: Fix the stray netpoll locks causing deadlock in NAPI path
ALSA: timer: Fix incorrectly assigned timer instance
ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series
ALSA: hda/ca0132 - Fix possible workqueue stall
mm: memcontrol: fix network errors from failing __GFP_ATOMIC charges
mm, meminit: recalculate pcpu batch and high limits after init completes
mm: thp: handle page cache THP correctly in PageTransCompoundMap
mm, vmstat: hide /proc/pagetypeinfo from normal users
dump_stack: avoid the livelock of the dump_lock
tools: gpio: Use !building_out_of_srctree to determine srctree
perf tools: Fix time sorting
drm/radeon: fix si_enable_smc_cac() failed issue
HID: wacom: generic: Treat serial number and related fields as unsigned
soundwire: depend on ACPI
soundwire: bus: set initial value to port_status
arm64: Do not mask out PTE_RDONLY in pte_same()
ceph: fix use-after-free in __ceph_remove_cap()
ceph: add missing check in d_revalidate snapdir handling
iio: adc: stm32-adc: fix stopping dma
iio: imu: adis16480: make sure provided frequency is positive
iio: srf04: fix wrong limitation in distance measuring
ARM: sunxi: Fix CPU powerdown on A83T
netfilter: nf_tables: Align nft_expr private data to 64-bit
netfilter: ipset: Fix an error code in ip_set_sockfn_get()
intel_th: pci: Add Comet Lake PCH support
intel_th: pci: Add Jasper Lake PCH support
x86/apic/32: Avoid bogus LDR warnings
SMB3: Fix persistent handles reconnect
can: usb_8dev: fix use-after-free on disconnect
can: flexcan: disable completely the ECC mechanism
can: c_can: c_can_poll(): only read status register after status IRQ
can: peak_usb: fix a potential out-of-sync while decoding packets
can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak
can: gs_usb: gs_can_open(): prevent memory leak
can: dev: add missing of_node_put() after calling of_get_child_by_name()
can: mcba_usb: fix use-after-free on disconnect
can: peak_usb: fix slab info leak
configfs: stash the data we need into configfs_buffer at open time
configfs_register_group() shouldn't be (and isn't) called in rmdirable parts
configfs: new object reprsenting tree fragments
configfs: provide exclusion between IO and removals
configfs: fix a deadlock in configfs_symlink()
ALSA: usb-audio: More validations of descriptor units
ALSA: usb-audio: Simplify parse_audio_unit()
ALSA: usb-audio: Unify the release of usb_mixer_elem_info objects
ALSA: usb-audio: Remove superfluous bLength checks
ALSA: usb-audio: Clean up check_input_term()
ALSA: usb-audio: Fix possible NULL dereference at create_yamaha_midi_quirk()
ALSA: usb-audio: remove some dead code
ALSA: usb-audio: Fix copy&paste error in the validator
sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices
sched/fair: Fix -Wunused-but-set-variable warnings
usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path
usbip: Implement SG support to vhci-hcd and stub driver
PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30
HID: google: add magnemite/masterball USB ids
dmaengine: xilinx_dma: Fix control reg update in vdma_channel_set_config
dmaengine: sprd: Fix the possible memory leak issue
HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring()
RDMA/mlx5: Clear old rate limit when closing QP
iw_cxgb4: fix ECN check on the passive accept
RDMA/qedr: Fix reported firmware version
net/mlx5e: TX, Fix consumer index of error cqe dump
net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq
scsi: qla2xxx: fixup incorrect usage of host_byte
RDMA/uverbs: Prevent potential underflow
net: openvswitch: free vport unless register_netdevice() succeeds
scsi: lpfc: Honor module parameter lpfc_use_adisc
scsi: qla2xxx: Initialized mailbox to prevent driver load failure
netfilter: nf_flow_table: set timeout before insertion into hashes
ipvs: don't ignore errors in case refcounting ip_vs module fails
ipvs: move old_secure_tcp into struct netns_ipvs
bonding: fix unexpected IFF_BONDING bit unset
macsec: fix refcnt leak in module exit routine
usb: fsl: Check memory resource before releasing it
usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode.
usb: gadget: composite: Fix possible double free memory bug
usb: dwc3: pci: prevent memory leak in dwc3_pci_probe
usb: gadget: configfs: fix concurrent issue between composite APIs
usb: dwc3: remove the call trace of USBx_GFLADJ
perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity
perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h)
perf/x86/uncore: Fix event group support
USB: Skip endpoints with 0 maxpacket length
USB: ldusb: use unsigned size format specifiers
usbip: tools: Fix read_usb_vudc_device() error path handling
RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case
RDMA/hns: Prevent memory leaks of eq->buf_list
scsi: qla2xxx: stop timer in shutdown path
nvme-multipath: fix possible io hang after ctrl reconnect
fjes: Handle workqueue allocation failure
net: hisilicon: Fix "Trying to free already-free IRQ"
net: mscc: ocelot: fix vlan_filtering when enslaving to bridge before link is up
net: mscc: ocelot: refuse to overwrite the port's native vlan
iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41
drm/amdgpu: If amdgpu_ib_schedule fails return back the error.
drm/amd/display: Passive DP->HDMI dongle detection fix
hv_netvsc: Fix error handling in netvsc_attach()
usb: dwc3: gadget: fix race when disabling ep with cancelled xfers
NFSv4: Don't allow a cached open with a revoked delegation
net: ethernet: arc: add the missed clk_disable_unprepare
igb: Fix constant media auto sense switching when no cable is connected
e1000: fix memory leaks
pinctrl: intel: Avoid potential glitches if pin is in GPIO mode
ocfs2: protect extent tree in ocfs2_prepare_inode_for_write()
pinctrl: cherryview: Fix irq_valid_mask calculation
blkcg: make blkcg_print_stat() print stats only for online blkgs
iio: imu: mpu6050: Add support for the ICM 20602 IMU
iio: imu: inv_mpu6050: fix no data on MPU6050
mm/filemap.c: don't initiate writeback if mapping has no dirty pages
cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead
usbip: Fix free of unallocated memory in vhci tx
netfilter: ipset: Copy the right MAC address in hash:ip,mac IPv6 sets
net: prevent load/store tearing on sk->sk_stamp
iio: imu: mpu6050: Fix FIFO layout for ICM20602
vsock/virtio: fix sock refcnt holding during the shutdown
drm/i915: Rename gen7 cmdparser tables
drm/i915: Disable Secure Batches for gen6+
drm/i915: Remove Master tables from cmdparser
drm/i915: Add support for mandatory cmdparsing
drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
drm/i915: Allow parsing of unsized batches
drm/i915: Add gen9 BCS cmdparsing
drm/i915/cmdparser: Use explicit goto for error paths
drm/i915/cmdparser: Add support for backward jumps
drm/i915/cmdparser: Ignore Length operands during command matching
drm/i915: Lower RM timeout to avoid DSI hard hangs
drm/i915/gen8+: Add RC6 CTX corruption WA
drm/i915/cmdparser: Fix jump whitelist clearing
KVM: x86: use Intel speculation bugs and features as derived in generic x86 code
x86/msr: Add the IA32_TSX_CTRL MSR
x86/cpu: Add a helper function x86_read_arch_cap_msr()
x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
x86/speculation/taa: Add mitigation for TSX Async Abort
x86/speculation/taa: Add sysfs reporting for TSX Async Abort
kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
x86/tsx: Add "auto" option to the tsx= cmdline parameter
x86/speculation/taa: Add documentation for TSX Async Abort
x86/tsx: Add config options to set tsx=on|off|auto
x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs
x86/bugs: Add ITLB_MULTIHIT bug infrastructure
x86/cpu: Add Tremont to the cpu vulnerability whitelist
cpu/speculation: Uninline and export CPU mitigations helpers
Documentation: Add ITLB_MULTIHIT documentation
kvm: x86, powerpc: do not allow clearing largepages debugfs entry
kvm: Convert kvm_lock to a mutex
kvm: mmu: Do not release the page inside mmu_set_spte()
KVM: x86: make FNAME(fetch) and __direct_map more similar
KVM: x86: remove now unneeded hugepage gfn adjustment
KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active
kvm: mmu: ITLB_MULTIHIT mitigation
kvm: Add helper function for creating VM worker threads
kvm: x86: mmu: Recovery of shattered NX large pages
Linux 4.19.84
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7a820f00c4b868ed677bb49613f835b7e67a3a06
commit 731dc9df97 upstream.
A kernel module may need to check the value of the "mitigations=" kernel
command line parameter as part of its setup when the module needs
to perform software mitigations for a CPU flaw.
Uninline and export the helper functions surrounding the cpu_mitigations
enum to allow for their usage from a module.
Lastly, privatize the enum and cpu_mitigations variable since the value of
cpu_mitigations can be checked with the exported helper functions.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 763a9ec06c upstream.
Commit:
de53fd7aed ("sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices")
introduced a few compilation warnings:
kernel/sched/fair.c: In function '__refill_cfs_bandwidth_runtime':
kernel/sched/fair.c:4365:6: warning: variable 'now' set but not used [-Wunused-but-set-variable]
kernel/sched/fair.c: In function 'start_cfs_bandwidth':
kernel/sched/fair.c:4992:6: warning: variable 'overrun' set but not used [-Wunused-but-set-variable]
Also, __refill_cfs_bandwidth_runtime() does no longer update the
expiration time, so fix the comments accordingly.
Signed-off-by: Qian Cai <cai@lca.pw>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Ben Segall <bsegall@google.com>
Reviewed-by: Dave Chiluk <chiluk+linux@indeed.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: pauld@redhat.com
Fixes: de53fd7aed ("sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices")
Link: https://lkml.kernel.org/r/1566326455-8038-1-git-send-email-cai@lca.pw
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit de53fd7aed upstream.
It has been observed, that highly-threaded, non-cpu-bound applications
running under cpu.cfs_quota_us constraints can hit a high percentage of
periods throttled while simultaneously not consuming the allocated
amount of quota. This use case is typical of user-interactive non-cpu
bound applications, such as those running in kubernetes or mesos when
run on multiple cpu cores.
This has been root caused to cpu-local run queue being allocated per cpu
bandwidth slices, and then not fully using that slice within the period.
At which point the slice and quota expires. This expiration of unused
slice results in applications not being able to utilize the quota for
which they are allocated.
The non-expiration of per-cpu slices was recently fixed by
'commit 512ac999d2 ("sched/fair: Fix bandwidth timer clock drift
condition")'. Prior to that it appears that this had been broken since
at least 'commit 51f2176d74 ("sched/fair: Fix unlocked reads of some
cfs_b->quota/period")' which was introduced in v3.16-rc1 in 2014. That
added the following conditional which resulted in slices never being
expired.
if (cfs_rq->runtime_expires != cfs_b->runtime_expires) {
/* extend local deadline, drift is bounded above by 2 ticks */
cfs_rq->runtime_expires += TICK_NSEC;
Because this was broken for nearly 5 years, and has recently been fixed
and is now being noticed by many users running kubernetes
(https://github.com/kubernetes/kubernetes/issues/67577) it is my opinion
that the mechanisms around expiring runtime should be removed
altogether.
This allows quota already allocated to per-cpu run-queues to live longer
than the period boundary. This allows threads on runqueues that do not
use much CPU to continue to use their remaining slice over a longer
period of time than cpu.cfs_period_us. However, this helps prevent the
above condition of hitting throttling while also not fully utilizing
your cpu quota.
This theoretically allows a machine to use slightly more than its
allotted quota in some periods. This overflow would be bounded by the
remaining quota left on each per-cpu runqueueu. This is typically no
more than min_cfs_rq_runtime=1ms per cpu. For CPU bound tasks this will
change nothing, as they should theoretically fully utilize all of their
quota in each period. For user-interactive tasks as described above this
provides a much better user/application experience as their cpu
utilization will more closely match the amount they requested when they
hit throttling. This means that cpu limits no longer strictly apply per
period for non-cpu bound applications, but that they are still accurate
over longer timeframes.
This greatly improves performance of high-thread-count, non-cpu bound
applications with low cfs_quota_us allocation on high-core-count
machines. In the case of an artificial testcase (10ms/100ms of quota on
80 CPU machine), this commit resulted in almost 30x performance
improvement, while still maintaining correct cpu quota restrictions.
That testcase is available at https://github.com/indeedeng/fibtest.
Fixes: 512ac999d2 ("sched/fair: Fix bandwidth timer clock drift condition")
Signed-off-by: Dave Chiluk <chiluk+linux@indeed.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Phil Auld <pauld@redhat.com>
Reviewed-by: Ben Segall <bsegall@google.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: John Hammond <jhammond@indeed.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Kyle Anderson <kwa@yelp.com>
Cc: Gabriel Munos <gmunoz@netflix.com>
Cc: Peter Oskolkov <posk@posk.io>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Brendan Gregg <bgregg@netflix.com>
Link: https://lkml.kernel.org/r/1563900266-19734-2-git-send-email-chiluk+linux@indeed.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3H5i0ACgkQONu9yGCS
aT7XGRAAoLPz4+PgbqKbF348hKVf30UD3LUH4sI4/wzfyW5WvbY/sqe3ccLqOuJA
VeixBf6P12eljER8M+vQz5S7rK9kaFJ43B+CrUhFA1mKbySNpMdmWMwktQ0UrD19
sSG1OH6R3aw7OfRMwNxfnZUzqZKKJ5GPa9Xzyxh42qhnhaBtcLUm0UrFzyi84ofP
T4ab6BeT3tXzIaGZprWEoTs34vpfNoz4qFYxtbe2ym7z7EAHmUGj0VeYTPNoFLZE
Sv7T0FHuBzdQhsKfi4SEByh+RxVYiMxF8SArYmlbIZHboCvAaMRoNS8lgala1dRc
XVLIBjh32kVh/VZIIE3iPWPaWxYpfLnrlXjEFirUcOC/ImPV0eHp0kzYKJey/k6X
4SYd8Dc3l4dCy+/sHOj1QCJX32Ah+oTIWHCTc3HcCv/g3ysLr0bxafAHxKR1xXW3
4coa80cPN5YvFZcIdy4RgmU0DpFI8QAtDyWgkvvCKV3rSusYLuvfFVAK3kwTqGge
wqZBughADqCzz1rPdHxflAbwrPrhwdT+us9s+AZosrfiCEN+1+CtFYPbgaTw8IgY
8qzlw8NKdgTG3qUTzRsAi364wOdH6djpT7dCkTxXorvTEAzUmbtyKQyvtQcr6C4f
HZALbPsof8vnSDshATr7vzmImmTPoFfdLClZrIimXVG96k/ur5A=
=syEV
-----END PGP SIGNATURE-----
Merge 4.19.83 into android-4.19
Changes in 4.19.83
kbuild: add -fcf-protection=none when using retpoline flags
regulator: of: fix suspend-min/max-voltage parsing
ASoC: wm8994: Do not register inapplicable controls for WM1811
arm64: dts: allwinner: a64: pine64-plus: Add PHY regulator delay
arm64: dts: allwinner: a64: sopine-baseboard: Add PHY regulator delay
arm64: dts: Fix gpio to pinmux mapping
regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone
ASoC: rt5682: add NULL handler to set_jack function
regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized
ASoC: wm_adsp: Don't generate kcontrols without READ flags
ASoc: rockchip: i2s: Fix RPM imbalance
ARM: dts: logicpd-torpedo-som: Remove twl_keypad
pinctrl: ns2: Fix off by one bugs in ns2_pinmux_enable()
ARM: mm: fix alignment handler faults under memory pressure
scsi: qla2xxx: fix a potential NULL pointer dereference
scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions
scsi: sni_53c710: fix compilation error
scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
ARM: dts: imx7s: Correct GPT's ipg clock source
perf c2c: Fix memory leak in build_cl_output()
8250-men-mcb: fix error checking when get_num_ports returns -ENODEV
perf kmem: Fix memory leak in compact_gfp_flags()
ARM: davinci: dm365: Fix McBSP dma_slave_map entry
drm/amdgpu: fix potential VM faults
scsi: target: core: Do not overwrite CDB byte 1
tracing: Fix "gfp_t" format for synthetic events
ARM: 8926/1: v7m: remove register save to stack before svc
of: unittest: fix memory leak in unittest_data_add
MIPS: bmips: mark exception vectors as char arrays
irqchip/gic-v3-its: Use the exact ITSList for VMOVP
i2c: stm32f7: fix first byte to send in slave mode
i2c: stm32f7: fix a race in slave mode with arbitration loss irq
i2c: stm32f7: remove warning when compiling with W=1
cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs
nbd: protect cmd->status with cmd->lock
nbd: handle racing with error'ed out commands
cxgb4: fix panic when attaching to ULD fail
dccp: do not leak jiffies on the wire
erspan: fix the tun_info options_len check for erspan
inet: stop leaking jiffies on the wire
net: annotate accesses to sk->sk_incoming_cpu
net: annotate lockless accesses to sk->sk_napi_id
net: dsa: bcm_sf2: Fix IMP setup for port different than 8
net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum
net: fix sk_page_frag() recursion from memory reclaim
net: hisilicon: Fix ping latency when deal with high throughput
net/mlx4_core: Dynamically set guaranteed amount of counters per VF
netns: fix GFP flags in rtnl_net_notifyid()
net: usb: lan78xx: Disable interrupts before calling generic_handle_irq()
net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
selftests: net: reuseport_dualstack: fix uninitalized parameter
udp: fix data-race in udp_set_dev_scratch()
vxlan: check tun_info options_len properly
net: add skb_queue_empty_lockless()
udp: use skb_queue_empty_lockless()
net: use skb_queue_empty_lockless() in poll() handlers
net: use skb_queue_empty_lockless() in busy poll contexts
net: add READ_ONCE() annotation in __skb_wait_for_more_packets()
ipv4: fix route update on metric change.
selftests: fib_tests: add more tests for metric update
net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget
r8169: fix wrong PHY ID issue with RTL8168dp
net/mlx5e: Fix ethtool self test: link speed
net: dsa: b53: Do not clear existing mirrored port mask
net: bcmgenet: don't set phydev->link from MAC
net: phy: bcm7xxx: define soft_reset for 40nm EPHY
net: bcmgenet: reset 40nm EPHY on energy detect
net: usb: lan78xx: Connect PHY before registering MAC
net: dsa: fix switch tree list
r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2
net/flow_dissector: switch to siphash
wireless: Skip directory when generating certificates
platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table
powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9
selftests/powerpc: Add test case for tlbie vs mtpidr ordering issue
selftests/powerpc: Fix compile error on tlbie_test due to newer gcc
ASoC: pcm3168a: The codec does not support S32_LE
arm64: dts: ti: k3-am65-main: Fix gic-its node unit-address
usb: gadget: udc: core: Fix segfault if udc_bind_to_driver() for pending driver fails
Linux 4.19.83
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib7f556bb3ee4310e9ff430220b36986e45266f81
(Upstream commit 52a44f83fc).
The following recent commit:
c60f83b813 ("perf, pt, coresight: Fix address filters for vmas with non-zero offset")
changes the address filtering logic to communicate filter ranges to the PMU driver
via a single address range object, instead of having the driver do the final bit of
math.
That change forgets to take into account kernel filters, which are not calculated
the same way as DSO based filters.
Fix that by passing the kernel filters the same way as file-based filters.
This doesn't require any additional changes in the drivers.
Reported-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Fixes: c60f83b813 ("perf, pt, coresight: Fix address filters for vmas with non-zero offset")
Link: https://lkml.kernel.org/r/20190329091212.29870-1-alexander.shishkin@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Bug: 140266694
Change-Id: I28472be39c9ee0f1157b51014880fc66926a39e7
Signed-off-by: Yabin Cui <yabinc@google.com>
(Upstream commit c60f83b813).
Currently, the address range calculation for file-based filters works as
long as the vma that maps the matching part of the object file starts
from offset zero into the file (vm_pgoff==0). Otherwise, the resulting
filter range would be off by vm_pgoff pages. Another related problem is
that in case of a partially matching vma, that is, a vma that matches
part of a filter region, the filter range size wouldn't be adjusted.
Fix the arithmetics around address filter range calculations, taking
into account vma offset, so that the entire calculation is done before
the filter configuration is passed to the PMU drivers instead of having
those drivers do the final bit of arithmetics.
Based on the patch by Adrian Hunter <adrian.hunter.intel.com>.
Reported-by: Adrian Hunter <adrian.hunter@intel.com>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Tested-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Cc: Jiri Olsa <jolsa@redhat.com>
Fixes: 375637bc52 ("perf/core: Introduce address range filtering")
Link: http://lkml.kernel.org/r/20190215115655.63469-3-alexander.shishkin@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Bug: 140266694
Change-Id: I248219cff1573281196d455cf39d028b68ec17a7
Signed-off-by: Yabin Cui <yabinc@google.com>
(Upstream commit 18736eef12).
When a child event is allocated in the inherit_event() path, the VMA
based filter offsets are not copied from the parent, even though the
address space mapping of the new task remains the same, which leads to
no trace for the new task until exec.
Reported-by: Mansour Alharthi <malharthi9@gatech.edu>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Tested-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Cc: Jiri Olsa <jolsa@redhat.com>
Fixes: 375637bc52 ("perf/core: Introduce address range filtering")
Link: http://lkml.kernel.org/r/20190215115655.63469-2-alexander.shishkin@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Bug: 140266694
Change-Id: I14af7095b0712ee6fc427eafc3d3486f0fc1b07c
Signed-off-by: Yabin Cui <yabinc@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3Ct0gACgkQONu9yGCS
aT46EQ//SsO3zq9K1P9HVRCQh5+ZPrk2uynVQIlMunhvhix8+SA+UopfNWwqM30n
aEUPHk9snHTiRm5VRCBip8ea3/uZCpLTAwm/L0OKSyHpZ/GDGIQxNP5svjMQePYp
57mmhVEV387gHoJiXxi8OiOYuPagscw809UkMBTIgl1g3B+vicy6IYEjlvmwr+vy
6ghqEDkrR+2+25n/yrPPfesL+rlpE4nB6QvNkYnDSzyJTTKP76Wh21bP4r0mV2RN
U4X5irbdfTSEYcK5DbNTUgMsUEk1ixxY6vHy7yWSe8ED9oMHdfjzfUS15pjbyrxD
GLXw3o7Lv/ES7HGZpG073QLIp9oJPtvhrFHvIwBicE2pvBE3++zmmCFdQMx/tY25
sUUctWvpeizX0qD+7mH6VrMXZB7DbHTUGfxdtfPJfk3l+c4NtSxe6hPaOC1MDJaY
qBj7tDCoeB1HkLSqKkCGlMu9v1/V6+8E0Gqb6DbPC3IRwezHLq0U/LDCoTf874Qs
0Fx5t+9Fxk5oeG6ifEmaYP0xT9untUi5EfFAYGCdEGYv5GZskmQgi7BLrnzUCfqM
T+oruajADfSfe0ylgcXp9vdVkVWx/arbftOH3IVAZhe6Qj1jq57sMmSaLii7QyCC
Z+rRwGNCO3WhkobBbLpF75uLMYulMqtlsep0Y2JIxdhcticiQbE=
=1W43
-----END PGP SIGNATURE-----
Merge 4.19.82 into android-4.19
Changes in 4.19.82
zram: fix race between backing_dev_show and backing_dev_store
dm snapshot: introduce account_start_copy() and account_end_copy()
dm snapshot: rework COW throttling to fix deadlock
Btrfs: fix inode cache block reserve leak on failure to allocate data space
Btrfs: fix memory leak due to concurrent append writes with fiemap
btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents()
btrfs: tracepoints: Fix wrong parameter order for qgroup events
wil6210: fix freeing of rx buffers in EDMA mode
f2fs: flush quota blocks after turnning it off
scsi: lpfc: Fix a duplicate 0711 log message number.
sc16is7xx: Fix for "Unexpected interrupt: 8"
powerpc/powernv: hold device_hotplug_lock when calling memtrace_offline_pages()
f2fs: fix to recover inode's i_gc_failures during POR
f2fs: fix to recover inode->i_flags of inode block during POR
HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override
usb: dwc2: fix unbalanced use of external vbus-supply
tools/power turbostat: fix goldmont C-state limit decoding
x86/cpu: Add Atom Tremont (Jacobsville)
drm/msm/dpu: handle failures while initializing displays
bcache: fix input overflow to writeback_rate_minimum
PCI: Fix Switchtec DMA aliasing quirk dmesg noise
Btrfs: fix deadlock on tree root leaf when finding free extent
netfilter: ipset: Make invalid MAC address checks consistent
HID: i2c-hid: Disable runtime PM for LG touchscreen
HID: i2c-hid: Ignore input report if there's no data present on Elan touchpanels
HID: i2c-hid: Add Odys Winbook 13 to descriptor override
platform/x86: Add the VLV ISP PCI ID to atomisp2_pm
platform/x86: Fix config space access for intel_atomisp2_pm
ath10k: assign 'n_cipher_suites = 11' for WCN3990 to enable WPA3
clk: boston: unregister clks on failure in clk_boston_setup()
scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks
staging: mt7621-pinctrl: use pinconf-generic for 'dt_node_to_map' and 'dt_free_map'
HID: Add ASUS T100CHI keyboard dock battery quirks
NFSv4: Ensure that the state manager exits the loop on SIGKILL
HID: steam: fix boot loop with bluetooth firmware
HID: steam: fix deadlock with input devices.
samples: bpf: fix: seg fault with NULL pointer arg
usb: dwc3: gadget: early giveback if End Transfer already completed
usb: dwc3: gadget: clear DWC3_EP_TRANSFER_STARTED on cmd complete
ALSA: usb-audio: Cleanup DSD whitelist
usb: handle warm-reset port requests on hub resume
rtc: pcf8523: set xtal load capacitance from DT
arm64: Add MIDR encoding for HiSilicon Taishan CPUs
arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs
mlxsw: spectrum: Set LAG port collector only when active
scsi: lpfc: Correct localport timeout duration error
CIFS: Respect SMB2 hdr preamble size in read responses
cifs: add credits from unmatched responses/messages
ALSA: hda/realtek - Apply ALC294 hp init also for S4 resume
media: vimc: Remove unused but set variables
ext4: disallow files with EXT4_JOURNAL_DATA_FL from EXT4_IOC_SWAP_BOOT
exec: load_script: Do not exec truncated interpreter path
net: dsa: mv88e6xxx: Release lock while requesting IRQ
PCI/PME: Fix possible use-after-free on remove
drm/amd/display: fix odm combine pipe reset
power: supply: max14656: fix potential use-after-free
iio: adc: meson_saradc: Fix memory allocation order
iio: fix center temperature of bmc150-accel-core
libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature
perf tests: Avoid raising SEGV using an obvious NULL dereference
perf map: Fix overlapped map handling
perf script brstackinsn: Fix recovery from LBR/binary mismatch
perf jevents: Fix period for Intel fixed counters
perf tools: Propagate get_cpuid() error
perf annotate: Propagate perf_env__arch() error
perf annotate: Fix the signedness of failure returns
perf annotate: Propagate the symbol__annotate() error return
perf annotate: Return appropriate error code for allocation failures
staging: rtl8188eu: fix null dereference when kzalloc fails
RDMA/hfi1: Prevent memory leak in sdma_init
RDMA/iwcm: Fix a lock inversion issue
HID: hyperv: Use in-place iterator API in the channel callback
nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419
tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()'
tty: n_hdlc: fix build on SPARC
gpio: max77620: Use correct unit for debounce times
fs: cifs: mute -Wunused-const-variable message
serial: mctrl_gpio: Check for NULL pointer
efi/cper: Fix endianness of PCIe class code
efi/x86: Do not clean dummy variable in kexec path
MIPS: include: Mark __cmpxchg as __always_inline
x86/xen: Return from panic notifier
ocfs2: clear zero in unaligned direct IO
fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock()
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc()
arm64: armv8_deprecated: Checking return value for memory allocation
x86/cpu: Add Comet Lake to the Intel CPU models header
sched/vtime: Fix guest/system mis-accounting on task switch
perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp
drm/amdgpu: fix memory leak
iio: imu: adis16400: release allocated memory on failure
MIPS: include: Mark __xchg as __always_inline
MIPS: fw: sni: Fix out of bounds init of o32 stack
virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr
nbd: fix possible sysfs duplicate warning
NFSv4: Fix leak of clp->cl_acceptor string
s390/uaccess: avoid (false positive) compiler warnings
tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
ARM: 8914/1: NOMMU: Fix exc_ret for XIP
ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360
iwlwifi: exclude GEO SAR support for 3168
nbd: verify socket is supported during setup
USB: legousbtower: fix a signedness bug in tower_probe()
thunderbolt: Use 32-bit writes when writing ring producer/consumer
ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
fuse: flush dirty data/metadata before non-truncate setattr
fuse: truncate pending writes on O_TRUNC
ALSA: bebob: Fix prototype of helper function to return negative value
ALSA: hda/realtek - Fix 2 front mics of codec 0x623
ALSA: hda/realtek - Add support for ALC623
UAS: Revert commit 3ae62a4209 ("UAS: fix alignment of scatter/gather segments")
USB: gadget: Reject endpoints with 0 maxpacket value
usb-storage: Revert commit 747668dbc0 ("usb-storage: Set virt_boundary_mask to avoid SG overflows")
USB: ldusb: fix ring-buffer locking
USB: ldusb: fix control-message timeout
usb: xhci: fix __le32/__le64 accessors in debugfs code
USB: serial: whiteheat: fix potential slab corruption
USB: serial: whiteheat: fix line-speed endianness
scsi: target: cxgbit: Fix cxgbit_fw4_ack()
HID: i2c-hid: add Trekstor Primebook C11B to descriptor override
HID: Fix assumption that devices have inputs
HID: fix error message in hid_open_report()
nl80211: fix validation of mesh path nexthop
s390/cmm: fix information leak in cmm_timeout_handler()
s390/idle: fix cpu idle time calculation
arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default
rtlwifi: Fix potential overflow on P2P code
dmaengine: qcom: bam_dma: Fix resource leak
dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle
drm/amdgpu/powerplay/vega10: allow undervolting in p7
NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid()
batman-adv: Avoid free/alloc race when handling OGM buffer
llc: fix sk_buff leak in llc_sap_state_process()
llc: fix sk_buff leak in llc_conn_service()
rxrpc: Fix call ref leak
rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record
rxrpc: Fix trace-after-put looking at the put peer record
NFC: pn533: fix use-after-free and memleaks
bonding: fix potential NULL deref in bond_update_slave_arr
net: usb: sr9800: fix uninitialized local variable
sch_netem: fix rcu splat in netem_enqueue()
ALSA: timer: Simplify error path in snd_timer_open()
ALSA: timer: Fix mutex deadlock at releasing card
ALSA: usb-audio: DSD auto-detection for Playback Designs
ALSA: usb-audio: Update DSD support quirks for Oppo and Rotel
ALSA: usb-audio: Add DSD support for Gustard U16/X26 USB Interface
powerpc/powernv: Fix CPU idle to be called with IRQs disabled
Revert "ALSA: hda: Flush interrupts on disabling"
Linux 4.19.82
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I79ced3dcffed0086af7d8a77116e8061915677a1
[ Upstream commit d303de1fcf ]
A customer reported the following softlockup:
[899688.160002] NMI watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [test.sh:16464]
[899688.160002] CPU: 0 PID: 16464 Comm: test.sh Not tainted 4.12.14-6.23-azure #1 SLE12-SP4
[899688.160002] RIP: 0010:up_write+0x1a/0x30
[899688.160002] Kernel panic - not syncing: softlockup: hung tasks
[899688.160002] RIP: 0010:up_write+0x1a/0x30
[899688.160002] RSP: 0018:ffffa86784d4fde8 EFLAGS: 00000257 ORIG_RAX: ffffffffffffff12
[899688.160002] RAX: ffffffff970fea00 RBX: 0000000000000001 RCX: 0000000000000000
[899688.160002] RDX: ffffffff00000001 RSI: 0000000000000080 RDI: ffffffff970fea00
[899688.160002] RBP: ffffffffffffffff R08: ffffffffffffffff R09: 0000000000000000
[899688.160002] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8b59014720d8
[899688.160002] R13: ffff8b59014720c0 R14: ffff8b5901471090 R15: ffff8b5901470000
[899688.160002] tracing_read_pipe+0x336/0x3c0
[899688.160002] __vfs_read+0x26/0x140
[899688.160002] vfs_read+0x87/0x130
[899688.160002] SyS_read+0x42/0x90
[899688.160002] do_syscall_64+0x74/0x160
It caught the process in the middle of trace_access_unlock(). There is
no loop. So, it must be looping in the caller tracing_read_pipe()
via the "waitagain" label.
Crashdump analyze uncovered that iter->seq was completely zeroed
at this point, including iter->seq.seq.size. It means that
print_trace_line() was never able to print anything and
there was no forward progress.
The culprit seems to be in the code:
/* reset all but tr, trace, and overruns */
memset(&iter->seq, 0,
sizeof(struct trace_iterator) -
offsetof(struct trace_iterator, seq));
It was added by the commit 53d0aa7730 ("ftrace:
add logic to record overruns"). It was v2.6.27-rc1.
It was the time when iter->seq looked like:
struct trace_seq {
unsigned char buffer[PAGE_SIZE];
unsigned int len;
};
There was no "size" variable and zeroing was perfectly fine.
The solution is to reinitialize the structure after or without
zeroing.
Link: http://lkml.kernel.org/r/20191011142134.11997-1-pmladek@suse.com
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 68e7a4d66b ]
vtime_account_system() assumes that the target task to account cputime
to is always the current task. This is most often true indeed except on
task switch where we call:
vtime_common_task_switch(prev)
vtime_account_system(prev)
Here prev is the scheduling-out task where we account the cputime to. It
doesn't match current that is already the scheduling-in task at this
stage of the context switch.
So we end up checking the wrong task flags to determine if we are
accounting guest or system time to the previous task.
As a result the wrong task is used to check if the target is running in
guest mode. We may then spuriously account or leak either system or
guest time on task switch.
Fix this assumption and also turn vtime_guest_enter/exit() to use the
task passed in parameter as well to avoid future similar issues.
Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Wanpeng Li <wanpengli@tencent.com>
Fixes: 2a42eb9594 ("sched/cputime: Accumulate vtime on top of nsec clocksource")
Link: https://lkml.kernel.org/r/20190925214242.21873-1-frederic@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Greg Kroah-Hartman