7a9cdebdcc17 ("mm: get rid of vmacache_flush_all() entirely") removed the
VMACACHE_FULL_FLUSHES statistics, but didn't remove the corresponding
entry in vmstat_text. This causes an out-of-bounds access in
vmstat_show().
Luckily this only affects kernels with CONFIG_DEBUG_VM_VMACACHE=y, which
is probably very rare.
Change-Id: Ia4f5f0327d58a7831aff010949fa31bfd56139dc
Link: http://lkml.kernel.org/r/20181001143138.95119-1-jannh@google.com
Fixes: 7a9cdebdcc17 ("mm: get rid of vmacache_flush_all() entirely")
Signed-off-by: Jann Horn <jannh@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Roman Gushchin <guro@fb.com>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Christoph Lameter <clameter@sgi.com>
Cc: Kemi Wang <kemi.wang@intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-commit: 28e2c4bb99aa40f9d5f07ac130cbc4da0ea93079
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
commit 7a9cdebdcc17e426fb5287e4a82db1dfe86339b2 upstream.
Jann Horn points out that the vmacache_flush_all() function is not only
potentially expensive, it's buggy too. It also happens to be entirely
unnecessary, because the sequence number overflow case can be avoided by
simply making the sequence number be 64-bit. That doesn't even grow the
data structures in question, because the other adjacent fields are
already 64-bit.
So simplify the whole thing by just making the sequence number overflow
case go away entirely, which gets rid of all the complications and makes
the code faster too. Win-win.
[ Oleg Nesterov points out that the VMACACHE_FULL_FLUSHES statistics
also just goes away entirely with this ]
Change-Id: Ib485c9f33638e844f2378a1ec376e64200d30fd2
Reported-by: Jann Horn <jannh@google.com>
Suggested-by: Will Deacon <will.deacon@arm.com>
Acked-by: Davidlohr Bueso <dave@stgolabs.net>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-commit: 84580567f1f856d2c7a610273315852e345bc3ac
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
If the caller has set __GFP_NOWARN don't print the following message:
vmap allocation for size 15736832 failed: use vmalloc=<size> to increase
size.
This can happen with the ARM/Linux or ARM64/Linux module loader built
with CONFIG_ARM{,64}_MODULE_PLTS=y which does a first attempt at loading
a large module from module space, then falls back to vmalloc space.
Change-Id: Ib907156055959e22a419b79fb424772baea556d0
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Git-Commit: 03497d761c55438144fd63534d4223418fdfd345
Git-Repo: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
This size is the maximum amount of virtual address space we gather
up before attempting to purge with a TLB flush. It is 128M in most cases.
With repeated and high size vmalloc operations, it may easily generate
more fragments. This is wasting limited vmalloc area, for 32bits.
So make it configable and the default multiplier as 8, 32bits only.
Change-Id: I68a75acb16d3cff05f8b13c05ae78922269e219f
Signed-off-by: Zhenhua Huang <zhenhuah@codeaurora.org>
* refs/heads/tmp-5e24b4e
Linux 4.4.153
ovl: warn instead of error if d_type is not supported
ovl: Do d_type check only if work dir creation was successful
ovl: Ensure upper filesystem supports d_type
x86/mm: Fix use-after-free of ldt_struct
x86/mm/pat: Fix L1TF stable backport for CPA
ANDROID: x86_64_cuttlefish_defconfig: Enable lz4 compression for zram
UPSTREAM: drivers/block/zram/zram_drv.c: fix bug storing backing_dev
BACKPORT: zram: introduce zram memory tracking
BACKPORT: zram: record accessed second
BACKPORT: zram: mark incompressible page as ZRAM_HUGE
UPSTREAM: zram: correct flag name of ZRAM_ACCESS
UPSTREAM: zram: Delete gendisk before cleaning up the request queue
UPSTREAM: drivers/block/zram/zram_drv.c: make zram_page_end_io() static
BACKPORT: zram: set BDI_CAP_STABLE_WRITES once
UPSTREAM: zram: fix null dereference of handle
UPSTREAM: zram: add config and doc file for writeback feature
BACKPORT: zram: read page from backing device
BACKPORT: zram: write incompressible pages to backing device
BACKPORT: zram: identify asynchronous IO's return value
BACKPORT: zram: add free space management in backing device
UPSTREAM: zram: add interface to specif backing device
UPSTREAM: zram: rename zram_decompress_page to __zram_bvec_read
UPSTREAM: zram: inline zram_compress
UPSTREAM: zram: clean up duplicated codes in __zram_bvec_write
Linux 4.4.152
reiserfs: fix broken xattr handling (heap corruption, bad retval)
i2c: imx: Fix race condition in dma read
PCI: pciehp: Fix use-after-free on unplug
PCI: Skip MPS logic for Virtual Functions (VFs)
PCI: hotplug: Don't leak pci_slot on registration failure
parisc: Remove unnecessary barriers from spinlock.h
bridge: Propagate vlan add failure to user
packet: refine ring v3 block size test to hold one frame
netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
xfrm_user: prevent leaking 2 bytes of kernel memory
parisc: Remove ordered stores from syscall.S
ext4: fix spectre gadget in ext4_mb_regular_allocator()
KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
staging: android: ion: check for kref overflow
tcp: identify cryptic messages as TCP seq # bugs
net: qca_spi: Fix log level if probe fails
net: qca_spi: Make sure the QCA7000 reset is triggered
net: qca_spi: Avoid packet drop during initial sync
net: usb: rtl8150: demote allmulti message to dev_dbg()
net/ethernet/freescale/fman: fix cross-build error
drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply()
tcp: remove DELAYED ACK events in DCTCP
qlogic: check kstrtoul() for errors
packet: reset network header if packet shorter than ll reserved space
ixgbe: Be more careful when modifying MAC filters
ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller
ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot
perf llvm-utils: Remove bashism from kernel include fetch script
bnxt_en: Fix for system hang if request_irq fails
drm/armada: fix colorkey mode property
ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem
ieee802154: at86rf230: use __func__ macro for debug messages
ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem
ARM: pxa: irq: fix handling of ICMR registers in suspend/resume
netfilter: x_tables: set module owner for icmp(6) matches
smsc75xx: Add workaround for gigabit link up hardware errata.
kasan: fix shadow_size calculation error in kasan_module_alloc
tracing: Use __printf markup to silence compiler
ARM: imx_v4_v5_defconfig: Select ULPI support
ARM: imx_v6_v7_defconfig: Select ULPI support
HID: wacom: Correct touch maximum XY of 2nd-gen Intuos
m68k: fix "bad page state" oops on ColdFire boot
bnx2x: Fix receiving tx-timeout in error or recovery state.
drm/exynos: decon5433: Fix WINCONx reset value
drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes
drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes
md/raid10: fix that replacement cannot complete recovery after reassemble
dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate()
ARM: dts: da850: Fix interrups property for gpio
selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs
perf report powerpc: Fix crash if callchain is empty
perf test session topology: Fix test on s390
usb: xhci: increase CRS timeout value
ARM: dts: am437x: make edt-ft5x06 a wakeup source
brcmfmac: stop watchdog before detach and free everything
cxgb4: when disabling dcb set txq dcb priority to 0
Smack: Mark inode instant in smack_task_to_inode
ipv6: mcast: fix unsolicited report interval after receiving querys
locking/lockdep: Do not record IRQ state within lockdep code
net: davinci_emac: match the mdio device against its compatible if possible
ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP
net: propagate dev_get_valid_name return code
net: hamradio: use eth_broadcast_addr
enic: initialize enic->rfs_h.lock in enic_probe
qed: Add sanity check for SIMD fastpath handler.
arm64: make secondary_start_kernel() notrace
scsi: xen-scsifront: add error handling for xenbus_printf
usb: gadget: dwc2: fix memory leak in gadget_init()
usb: gadget: composite: fix delayed_status race condition when set_interface
usb: dwc2: fix isoc split in transfer with no data
ARM: dts: Cygnus: Fix I2C controller interrupt type
selftests: sync: add config fragment for testing sync framework
selftests: zram: return Kselftest Skip code for skipped tests
selftests: user: return Kselftest Skip code for skipped tests
selftests: static_keys: return Kselftest Skip code for skipped tests
selftests: pstore: return Kselftest Skip code for skipped tests
netfilter: ipv6: nf_defrag: reduce struct net memory waste
ARC: Explicitly add -mmedium-calls to CFLAGS
ANDROID: x86_64_cuttlefish_defconfig: Enable zram and zstd
BACKPORT: crypto: zstd - Add zstd support
UPSTREAM: zram: add zstd to the supported algorithms list
UPSTREAM: lib: Add zstd modules
UPSTREAM: lib: Add xxhash module
UPSTREAM: zram: rework copy of compressor name in comp_algorithm_store()
UPSTREAM: zram: constify attribute_group structures.
UPSTREAM: zram: count same page write as page_stored
UPSTREAM: zram: reduce load operation in page_same_filled
UPSTREAM: zram: use zram_free_page instead of open-coded
UPSTREAM: zram: introduce zram data accessor
UPSTREAM: zram: remove zram_meta structure
UPSTREAM: zram: use zram_slot_lock instead of raw bit_spin_lock op
BACKPORT: zram: partial IO refactoring
BACKPORT: zram: handle multiple pages attached bio's bvec
UPSTREAM: zram: fix operator precedence to get offset
BACKPORT: zram: extend zero pages to same element pages
BACKPORT: zram: remove waitqueue for IO done
UPSTREAM: zram: remove obsolete sysfs attrs
UPSTREAM: zram: support BDI_CAP_STABLE_WRITES
UPSTREAM: zram: revalidate disk under init_lock
BACKPORT: mm: support anonymous stable page
UPSTREAM: zram: use __GFP_MOVABLE for memory allocation
UPSTREAM: zram: drop gfp_t from zcomp_strm_alloc()
UPSTREAM: zram: add more compression algorithms
UPSTREAM: zram: delete custom lzo/lz4
UPSTREAM: zram: cosmetic: cleanup documentation
UPSTREAM: zram: use crypto api to check alg availability
BACKPORT: zram: switch to crypto compress API
UPSTREAM: zram: rename zstrm find-release functions
UPSTREAM: zram: introduce per-device debug_stat sysfs node
UPSTREAM: zram: remove max_comp_streams internals
UPSTREAM: zram: user per-cpu compression streams
BACKPORT: zsmalloc: require GFP in zs_malloc()
UPSTREAM: zram/zcomp: do not zero out zcomp private pages
UPSTREAM: zram: pass gfp from zcomp frontend to backend
UPSTREAM: socket: close race condition between sock_close() and sockfs_setattr()
ANDROID: Refresh x86_64_cuttlefish_defconfig
Linux 4.4.151
isdn: Disable IIOCDBGVAR
Bluetooth: avoid killing an already killed socket
x86/mm: Simplify p[g4um]d_page() macros
serial: 8250_dw: always set baud rate in dw8250_set_termios
ACPI / PM: save NVS memory for ASUS 1025C laptop
ACPI: save NVS memory for Lenovo G50-45
USB: option: add support for DW5821e
USB: serial: sierra: fix potential deadlock at close
ALSA: vxpocket: Fix invalid endian conversions
ALSA: memalloc: Don't exceed over the requested size
ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry
ALSA: cs5535audio: Fix invalid endian conversion
ALSA: virmidi: Fix too long output trigger loop
ALSA: vx222: Fix invalid endian conversions
ALSA: hda - Turn CX8200 into D3 as well upon reboot
ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs
net_sched: fix NULL pointer dereference when delete tcindex filter
vsock: split dwork to avoid reinitializations
net_sched: Fix missing res info when create new tc_index filter
llc: use refcount_inc_not_zero() for llc_sap_find()
l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache
dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart()
Conflicts:
drivers/block/zram/zram_drv.c
drivers/staging/android/ion/ion.c
include/linux/swap.h
mm/zsmalloc.c
Change-Id: I1c437ac5133503a939d06d51ec778b65371df6d1
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlt/64YACgkQONu9yGCS
aT4/pBAAynguZbVbn8QtYi37Kam0R4ZvXe7rKN8H1A7rwo9l9NJDaC4z2M0Iutfj
1CfIEOeaf7WtxL25xgvDHQEOfB3/DH0xHbP/DtwqzpT0PmOUqMPaboGqOqXb//1J
WetcluEOQfoYu1DWofPP1YkAR3vU4Bp40ucAGIN2wE4bvMTR2EMbV8Y5QYgIk6mN
6n+Smg2Xpkq6paOhIrEt3C1P3lXlpY5Hxd54TGTRQ5c+vccXNldczIcP2Z0wue9/
LRI8veyY1q/IDhVR8wCrlNb3df6kUQ0xixfTNnTkUJjLs3j+NAsaJiO8/nrdCUhJ
xQORM7gQIMlccSNanKH0MHoCxhT3iMb8S6Hixvai5O+5XjP03TA7aAZ9Cyp7UqHg
JY5SPbh7YOmvRXbx7/NAgyLYwRcJRt2PamNRApLQKFbot4bSvNJquhrAib5t6kCF
HfbXjr9N969gLR4WmGkyOi0IHt8kaVwQitfBLZdj2QdlvyYWXmj0MuJ/I4BuZqtj
0MyzS/v8cxkN/NWO1p1cB7pRzFtaXtHtC6rxzYXKCUycnHW9cJDf5PBgCfDMqyTY
SdyuCeMrUo4mNEDItrKF8nbswew1T4UsayvJ6UgKHKr3QaH3Xp1mzeyt1GU38tn1
ogKm9cVbOuAhnic67ikISFsj8oNptrq0w+Zqe3AKGO8B7CwXwis=
=Q/T6
-----END PGP SIGNATURE-----
Merge 4.4.152 into android-4.4
Changes in 4.4.152
ARC: Explicitly add -mmedium-calls to CFLAGS
netfilter: ipv6: nf_defrag: reduce struct net memory waste
selftests: pstore: return Kselftest Skip code for skipped tests
selftests: static_keys: return Kselftest Skip code for skipped tests
selftests: user: return Kselftest Skip code for skipped tests
selftests: zram: return Kselftest Skip code for skipped tests
selftests: sync: add config fragment for testing sync framework
ARM: dts: Cygnus: Fix I2C controller interrupt type
usb: dwc2: fix isoc split in transfer with no data
usb: gadget: composite: fix delayed_status race condition when set_interface
usb: gadget: dwc2: fix memory leak in gadget_init()
scsi: xen-scsifront: add error handling for xenbus_printf
arm64: make secondary_start_kernel() notrace
qed: Add sanity check for SIMD fastpath handler.
enic: initialize enic->rfs_h.lock in enic_probe
net: hamradio: use eth_broadcast_addr
net: propagate dev_get_valid_name return code
ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP
net: davinci_emac: match the mdio device against its compatible if possible
locking/lockdep: Do not record IRQ state within lockdep code
ipv6: mcast: fix unsolicited report interval after receiving querys
Smack: Mark inode instant in smack_task_to_inode
cxgb4: when disabling dcb set txq dcb priority to 0
brcmfmac: stop watchdog before detach and free everything
ARM: dts: am437x: make edt-ft5x06 a wakeup source
usb: xhci: increase CRS timeout value
perf test session topology: Fix test on s390
perf report powerpc: Fix crash if callchain is empty
selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs
ARM: dts: da850: Fix interrups property for gpio
dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate()
md/raid10: fix that replacement cannot complete recovery after reassemble
drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes
drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes
drm/exynos: decon5433: Fix WINCONx reset value
bnx2x: Fix receiving tx-timeout in error or recovery state.
m68k: fix "bad page state" oops on ColdFire boot
HID: wacom: Correct touch maximum XY of 2nd-gen Intuos
ARM: imx_v6_v7_defconfig: Select ULPI support
ARM: imx_v4_v5_defconfig: Select ULPI support
tracing: Use __printf markup to silence compiler
kasan: fix shadow_size calculation error in kasan_module_alloc
smsc75xx: Add workaround for gigabit link up hardware errata.
netfilter: x_tables: set module owner for icmp(6) matches
ARM: pxa: irq: fix handling of ICMR registers in suspend/resume
ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem
ieee802154: at86rf230: use __func__ macro for debug messages
ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem
drm/armada: fix colorkey mode property
bnxt_en: Fix for system hang if request_irq fails
perf llvm-utils: Remove bashism from kernel include fetch script
ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot
ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller
ixgbe: Be more careful when modifying MAC filters
packet: reset network header if packet shorter than ll reserved space
qlogic: check kstrtoul() for errors
tcp: remove DELAYED ACK events in DCTCP
drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply()
net/ethernet/freescale/fman: fix cross-build error
net: usb: rtl8150: demote allmulti message to dev_dbg()
net: qca_spi: Avoid packet drop during initial sync
net: qca_spi: Make sure the QCA7000 reset is triggered
net: qca_spi: Fix log level if probe fails
tcp: identify cryptic messages as TCP seq # bugs
staging: android: ion: check for kref overflow
KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
ext4: fix spectre gadget in ext4_mb_regular_allocator()
parisc: Remove ordered stores from syscall.S
xfrm_user: prevent leaking 2 bytes of kernel memory
netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
packet: refine ring v3 block size test to hold one frame
bridge: Propagate vlan add failure to user
parisc: Remove unnecessary barriers from spinlock.h
PCI: hotplug: Don't leak pci_slot on registration failure
PCI: Skip MPS logic for Virtual Functions (VFs)
PCI: pciehp: Fix use-after-free on unplug
i2c: imx: Fix race condition in dma read
reiserfs: fix broken xattr handling (heap corruption, bad retval)
Linux 4.4.152
Change-Id: I1058813031709d20abd0bc45e9ac5fc68ab3a1d7
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 1e8e18f694a52d703665012ca486826f64bac29d ]
There is a special case that the size is "(N << KASAN_SHADOW_SCALE_SHIFT)
Pages plus X", the value of X is [1, KASAN_SHADOW_SCALE_SIZE-1]. The
operation "size >> KASAN_SHADOW_SCALE_SHIFT" will drop X, and the
roundup operation can not retrieve the missed one page. For example:
size=0x28006, PAGE_SIZE=0x1000, KASAN_SHADOW_SCALE_SHIFT=3, we will get
shadow_size=0x5000, but actually we need 6 pages.
shadow_size = round_up(size >> KASAN_SHADOW_SCALE_SHIFT, PAGE_SIZE);
This can lead to a kernel crash when kasan is enabled and the value of
mod->core_layout.size or mod->init_layout.size is like above. Because
the shadow memory of X has not been allocated and mapped.
move_module:
ptr = module_alloc(mod->core_layout.size);
...
memset(ptr, 0, mod->core_layout.size); //crashed
Unable to handle kernel paging request at virtual address ffff0fffff97b000
......
Call trace:
__asan_storeN+0x174/0x1a8
memset+0x24/0x48
layout_and_allocate+0xcd8/0x1800
load_module+0x190/0x23e8
SyS_finit_module+0x148/0x180
Link: http://lkml.kernel.org/r/1529659626-12660-1-git-send-email-thunder.leizhen@huawei.com
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Reviewed-by: Dmitriy Vyukov <dvyukov@google.com>
Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Hanjun Guo <guohanjun@huawei.com>
Cc: Libin <huawei.libin@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
During developemnt for zram-swap asynchronous writeback, I found strange
corruption of compressed page, resulting in:
Modules linked in: zram(E)
CPU: 3 PID: 1520 Comm: zramd-1 Tainted: G E 4.8.0-mm1-00320-ge0d4894c9c38-dirty #3274
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
task: ffff88007620b840 task.stack: ffff880078090000
RIP: set_freeobj.part.43+0x1c/0x1f
RSP: 0018:ffff880078093ca8 EFLAGS: 00010246
RAX: 0000000000000018 RBX: ffff880076798d88 RCX: ffffffff81c408c8
RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000246
RBP: ffff880078093cb0 R08: 0000000000000000 R09: 0000000000000000
R10: ffff88005bc43030 R11: 0000000000001df3 R12: ffff880076798d88
R13: 000000000005bc43 R14: ffff88007819d1b8 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff88007e380000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc934048f20 CR3: 0000000077b01000 CR4: 00000000000406e0
Call Trace:
obj_malloc+0x22b/0x260
zs_malloc+0x1e4/0x580
zram_bvec_rw+0x4cd/0x830 [zram]
page_requests_rw+0x9c/0x130 [zram]
zram_thread+0xe6/0x173 [zram]
kthread+0xca/0xe0
ret_from_fork+0x25/0x30
With investigation, it reveals currently stable page doesn't support
anonymous page. IOW, reuse_swap_page can reuse the page without waiting
writeback completion so it can overwrite page zram is compressing.
Unfortunately, zram has used per-cpu stream feature from v4.7.
It aims for increasing cache hit ratio of scratch buffer for
compressing. Downside of that approach is that zram should ask
memory space for compressed page in per-cpu context which requires
stricted gfp flag which could be failed. If so, it retries to
allocate memory space out of per-cpu context so it could get memory
this time and compress the data again, copies it to the memory space.
In this scenario, zram assumes the data should never be changed
but it is not true unless stable page supports. So, If the data is
changed under us, zram can make buffer overrun because second
compression size could be bigger than one we got in previous trial
and blindly, copy bigger size object to smaller buffer which is
buffer overrun. The overrun breaks zsmalloc free object chaining
so system goes crash like above.
I think below is same problem.
https://bugzilla.suse.com/show_bug.cgi?id=997574
Unfortunately, reuse_swap_page should be atomic so that we cannot wait on
writeback in there so the approach in this patch is simply return false if
we found it needs stable page. Although it increases memory footprint
temporarily, it happens rarely and it should be reclaimed easily althoug
it happened. Also, It would be better than waiting of IO completion,
which is critial path for application latency.
Fixes: da9556a2367c ("zram: user per-cpu compression streams")
Link: http://lkml.kernel.org/r/20161120233015.GA14113@bbox
Link: http://lkml.kernel.org/r/1482366980-3782-2-git-send-email-minchan@kernel.org
Signed-off-by: Minchan Kim <minchan@kernel.org>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Darrick J. Wong <darrick.wong@oracle.com>
Cc: Takashi Iwai <tiwai@suse.de>
Cc: Hyeoncheol Lee <cheol.lee@lge.com>
Cc: <yjay.kim@lge.com>
Cc: Sangseok Lee <sangseok.lee@lge.com>
Cc: <stable@vger.kernel.org> [4.7+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit f05714293a591038304ddae7cb0dd747bb3786cc)
Signed-off-by: Peter Kalauskas <peskal@google.com>
Bug: 112488418
Change-Id: I0fa5012aff9daf614b2d1d04f35b86ff7043ff21
Pass GFP flags to zs_malloc() instead of using a fixed mask supplied to
zs_create_pool(), so we can be more flexible, but, more importantly, we
need this to switch zram to per-cpu compression streams -- zram will try
to allocate handle with preemption disabled in a fast path and switch to
a slow path (using different gfp mask) if the fast one has failed.
Apart from that, this also align zs_malloc() interface with zspool/zbud.
[sergey.senozhatsky@gmail.com: pass GFP flags to zs_malloc() instead of using a fixed mask]
Link: http://lkml.kernel.org/r/20160429150942.GA637@swordfish
Link: http://lkml.kernel.org/r/20160429150942.GA637@swordfish
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Acked-by: Minchan Kim <minchan@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit d0d8da2dc49dfdfe1d788eaf4d55eb5d4964d926)
Signed-off-by: Peter Kalauskas <peskal@google.com>
Bug: 112488418
Change-Id: I31276c9351be21a4ed588681b332e98142b76526
* refs/heads/tmp-f057ff9
Linux 4.4.148
x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
x86/init: fix build with CONFIG_SWAP=n
x86/speculation/l1tf: Fix up CPU feature flags
x86/mm/kmmio: Make the tracer robust against L1TF
x86/mm/pat: Make set_memory_np() L1TF safe
x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
x86/speculation/l1tf: Invert all not present mappings
x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
x86/speculation/l1tf: Protect PAE swap entries against L1TF
x86/cpufeatures: Add detection of L1D cache flush support.
x86/speculation/l1tf: Extend 64bit swap file size limit
x86/bugs: Move the l1tf function and define pr_fmt properly
x86/speculation/l1tf: Limit swap file size to MAX_PA/2
x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
mm: fix cache mode tracking in vm_insert_mixed()
mm: Add vm_insert_pfn_prot()
x86/speculation/l1tf: Add sysfs reporting for l1tf
x86/speculation/l1tf: Make sure the first page is always reserved
x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
x86/speculation/l1tf: Protect swap entries against L1TF
x86/speculation/l1tf: Change order of offset/type in swap entry
mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1
x86/mm: Fix swap entry comment and macro
x86/mm: Move swap offset/type up in PTE to work around erratum
x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
x86/irqflags: Provide a declaration for native_save_fl
kprobes/x86: Fix %p uses in error messages
x86/speculation: Protect against userspace-userspace spectreRSB
x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
ARM: dts: imx6sx: fix irq for pcie bridge
IB/ocrdma: fix out of bounds access to local buffer
IB/mlx4: Mark user MR as writable if actual virtual memory is writable
IB/core: Make testing MR flags for writability a static inline function
fix __legitimize_mnt()/mntput() race
fix mntput/mntput race
root dentries need RCU-delayed freeing
scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled
ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices
xen/netfront: don't cache skb_shinfo()
parisc: Define mb() and add memory barriers to assembler unlock sequences
parisc: Enable CONFIG_MLONGCALLS by default
fork: unconditionally clear stack on fork
ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV
tpm: fix race condition in tpm_common_write()
ext4: fix check to prevent initializing reserved inodes
Linux 4.4.147
jfs: Fix inconsistency between memory allocation and ea_buf->max_size
i2c: imx: Fix reinit_completion() use
ring_buffer: tracing: Inherit the tracing setting to next ring buffer
ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle
ext4: fix false negatives *and* false positives in ext4_check_descriptors()
netlink: Don't shift on 64 for ngroups
netlink: Don't shift with UB on nlk->ngroups
netlink: Do not subscribe to non-existent groups
nohz: Fix local_timer_softirq_pending()
genirq: Make force irq threading setup more robust
scsi: qla2xxx: Return error when TMF returns
scsi: qla2xxx: Fix ISP recovery on unload
Conflicts:
include/linux/swapfile.h
Removed CONFIG_CRYPTO_ECHAINIV from defconfig files since this upmerge is
adding this config to Kconfig file.
Change-Id: Ide96c29f919d76590c2bdccf356d1d464a892fd7
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Fix some null pointer dereference flaw and parameter not init issues.
change-Id: I0ed5f3f62c3794775bf97d353c4e50dd8ceb32da
Signed-off-by: Yao Jiang <yaojia@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlt0SdMACgkQONu9yGCS
aT4NLxAAovDVqFFejBk8M1nxAtQSqRzB2PMboc+l62clKa6BAJtWAsgPFjECgzEp
edlDeUttliQoTB6S3GYYM82oj50myUKlGvlJRptRE3Gr1iYubdB/U2RDmwEzCxbC
AEzu4tEv+Z23jaLGsuAIOg66faBTqqgVoKtp/TlKwl+Y/b6WzkI0gRzxWTBFnAlj
AKuhmoc1JoS9JF/MQ4q02gYSQ0g1eTpr1gIU2GMow9pK9Rahk4Jdl4yRjNLUFDxd
ojrBYCoElf90R3q+NvmZBbzxwanm2OgzeEBffhh647aB5kHEUd5h4z9w+sIoXmSq
50uD59q62Umdpp2O125HH5KHeHbcTUCXXp3g1VY6A/+d9dTs9GZqo//vf6aJsxEb
gixoYyNbIcqw1k0jhEEW2ah3F3j+ZHvNmLKPyV4U8h2Tw2K5QKzFu/fVnQw7Xfv6
Gv0z1TQ4Y+w2bqpzDiDBO4sRgKOXVr3hzWa0jggW5AoKWTco/oIVkE+Rqmj65AfK
DROqCMQq75K+pymrM8I3wTXRSxtSH9bO/iqCu2LiiaG+JAkvr0OIHEHgizxLtAFO
ivpREPDsWhVAYUmnoCgJa8Za1GdJk1I9uvxoJY1TBL8gbcYc61yjjeJDYqLghuNT
EhrvFvJ4r/fQ6BJ76+rO7FSJIl+Kov2Uf7CWql3Lzxps6/u5GNQ=
=73dO
-----END PGP SIGNATURE-----
Merge 4.4.148 into android-4.4
Changes in 4.4.148
ext4: fix check to prevent initializing reserved inodes
tpm: fix race condition in tpm_common_write()
ipv4+ipv6: Make INET*_ESP select CRYPTO_ECHAINIV
fork: unconditionally clear stack on fork
parisc: Enable CONFIG_MLONGCALLS by default
parisc: Define mb() and add memory barriers to assembler unlock sequences
xen/netfront: don't cache skb_shinfo()
ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices
scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled
root dentries need RCU-delayed freeing
fix mntput/mntput race
fix __legitimize_mnt()/mntput() race
IB/core: Make testing MR flags for writability a static inline function
IB/mlx4: Mark user MR as writable if actual virtual memory is writable
IB/ocrdma: fix out of bounds access to local buffer
ARM: dts: imx6sx: fix irq for pcie bridge
x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
x86/speculation: Protect against userspace-userspace spectreRSB
kprobes/x86: Fix %p uses in error messages
x86/irqflags: Provide a declaration for native_save_fl
x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
x86/mm: Move swap offset/type up in PTE to work around erratum
x86/mm: Fix swap entry comment and macro
mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1
x86/speculation/l1tf: Change order of offset/type in swap entry
x86/speculation/l1tf: Protect swap entries against L1TF
x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
x86/speculation/l1tf: Make sure the first page is always reserved
x86/speculation/l1tf: Add sysfs reporting for l1tf
mm: Add vm_insert_pfn_prot()
mm: fix cache mode tracking in vm_insert_mixed()
x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
x86/speculation/l1tf: Limit swap file size to MAX_PA/2
x86/bugs: Move the l1tf function and define pr_fmt properly
x86/speculation/l1tf: Extend 64bit swap file size limit
x86/cpufeatures: Add detection of L1D cache flush support.
x86/speculation/l1tf: Protect PAE swap entries against L1TF
x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
x86/speculation/l1tf: Invert all not present mappings
x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
x86/mm/pat: Make set_memory_np() L1TF safe
x86/mm/kmmio: Make the tracer robust against L1TF
x86/speculation/l1tf: Fix up CPU feature flags
x86/init: fix build with CONFIG_SWAP=n
x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
Linux 4.4.148
Change-Id: I83c857d9d9d74ee47e61d15eb411f276f057ba3d
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 377eeaa8e11fe815b1d07c81c4a0e2843a8c15eb upstream
For the L1TF workaround its necessary to limit the swap file size to below
MAX_PA/2, so that the higher bits of the swap offset inverted never point
to valid memory.
Add a mechanism for the architecture to override the swap file size check
in swapfile.c and add a x86 specific max swapfile check function that
enforces that limit.
The check is only enabled if the CPU is vulnerable to L1TF.
In VMs with 42bit MAX_PA the typical limit is 2TB now, on a native system
with 46bit PA it is 32TB. The limit is only per individual swap file, so
it's always possible to exceed these limits with multiple swap files or
partitions.
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Dave Hansen <dave.hansen@intel.com>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 42e4089c7890725fcd329999252dc489b72f2921 upstream
For L1TF PROT_NONE mappings are protected by inverting the PFN in the page
table entry. This sets the high bits in the CPU's address space, thus
making sure to point to not point an unmapped entry to valid cached memory.
Some server system BIOSes put the MMIO mappings high up in the physical
address space. If such an high mapping was mapped to unprivileged users
they could attack low memory by setting such a mapping to PROT_NONE. This
could happen through a special device driver which is not access
protected. Normal /dev/mem is of course access protected.
To avoid this forbid PROT_NONE mappings or mprotect for high MMIO mappings.
Valid page mappings are allowed because the system is then unsafe anyways.
It's not expected that users commonly use PROT_NONE on MMIO. But to
minimize any impact this is only enforced if the mapping actually refers to
a high MMIO address (defined as the MAX_PA-1 bit being set), and also skip
the check for root.
For mmaps this is straight forward and can be handled in vm_insert_pfn and
in remap_pfn_range().
For mprotect it's a bit trickier. At the point where the actual PTEs are
accessed a lot of state has been changed and it would be difficult to undo
on an error. Since this is a uncommon case use a separate early page talk
walk pass for MMIO PROT_NONE mappings that checks for this condition
early. For non MMIO and non PROT_NONE there are no changes.
[dwmw2: Backport to 4.9]
[groeck: Backport to 4.4]
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Acked-by: Dave Hansen <dave.hansen@intel.com>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 87744ab3832b83ba71b931f86f9cfdb000d07da5 upstream
vm_insert_mixed() unlike vm_insert_pfn_prot() and vmf_insert_pfn_pmd(),
fails to check the pgprot_t it uses for the mapping against the one
recorded in the memtype tracking tree. Add the missing call to
track_pfn_insert() to preclude cases where incompatible aliased mappings
are established for a given physical address range.
[groeck: Backport to v4.4.y]
Link: http://lkml.kernel.org/r/147328717909.35069.14256589123570653697.stgit@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Cc: David Airlie <airlied@linux.ie>
Cc: Matthew Wilcox <mawilcox@microsoft.com>
Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1745cbc5d0dee0749a6bc0ea8e872c5db0074061 upstream
The x86 vvar vma contains pages with differing cacheability
flags. x86 currently implements this by manually inserting all
the ptes using (io_)remap_pfn_range when the vma is set up.
x86 wants to move to using .fault with VM_FAULT_NOPAGE to set up
the mappings as needed. The correct API to use to insert a pfn
in .fault is vm_insert_pfn(), but vm_insert_pfn() can't override the
vma's cache mode, and the HPET page in particular needs to be
uncached despite the fact that the rest of the VMA is cached.
Add vm_insert_pfn_prot() to support varying cacheability within
the same non-COW VMA in a more sane manner.
x86 could alternatively use multiple VMAs, but that's messy,
would break CRIU, and would create unnecessary VMAs that would
waste memory.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/d2938d1eb37be7a5e4f86182db646551f11e45aa.1451446564.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-13962260
Linux 4.4.146
scsi: sg: fix minor memory leak in error path
crypto: padlock-aes - Fix Nano workaround data corruption
kvm: x86: vmx: fix vpid leak
virtio_balloon: fix another race between migration and ballooning
net: socket: fix potential spectre v1 gadget in socketcall
can: ems_usb: Fix memory leak on ems_usb_disconnect()
squashfs: more metadata hardenings
squashfs: more metadata hardening
netlink: Fix spectre v1 gadget in netlink_create()
net: dsa: Do not suspend/resume closed slave_dev
inet: frag: enforce memory limits earlier
tcp: add one more quick ack after after ECN events
tcp: refactor tcp_ecn_check_ce to remove sk type cast
tcp: do not aggressively quick ack after ECN events
tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode
tcp: do not force quickack when receiving out-of-order packets
NET: stmmac: align DMA stuff to largest cache line length
xen-netfront: wait xenbus state change when load module manually
net: lan78xx: fix rx handling before first packet is send
net: fix amd-xgbe flow-control issue
ipv4: remove BUG_ON() from fib_compute_spec_dst
ASoC: pxa: Fix module autoload for platform drivers
dmaengine: pxa_dma: remove duplicate const qualifier
ext4: check for allocation block validity with block group locked
ext4: fix inline data updates with checksums enabled
squashfs: be more careful about metadata corruption
random: mix rdrand with entropy sent in from userspace
drm: Add DP PSR2 sink enable bit
media: si470x: fix __be16 annotations
scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
scsi: scsi_dh: replace too broad "TP9" string with the exact models
media: omap3isp: fix unbalanced dma_iommu_mapping
crypto: authenc - don't leak pointers to authenc keys
crypto: authencesn - don't leak pointers to authenc keys
usb: hub: Don't wait for connect state at resume for powered-off ports
microblaze: Fix simpleImage format generation
audit: allow not equal op for audit by executable
rsi: Fix 'invalid vdd' warning in mmc
ipconfig: Correctly initialise ic_nameservers
drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
memory: tegra: Apply interrupts mask per SoC
memory: tegra: Do not handle spurious interrupts
ALSA: hda/ca0132: fix build failure when a local macro is defined
drm/atomic: Handling the case when setting old crtc for plane
media: siano: get rid of __le32/__le16 cast warnings
bpf: fix references to free_bpf_prog_info() in comments
thermal: exynos: fix setting rising_threshold for Exynos5433
scsi: megaraid: silence a static checker bug
scsi: 3w-xxxx: fix a missing-check bug
scsi: 3w-9xxx: fix a missing-check bug
perf: fix invalid bit in diagnostic entry
s390/cpum_sf: Add data entry sizes to sampling trailer entry
brcmfmac: Add support for bcm43364 wireless chipset
mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
media: saa7164: Fix driver name in debug output
libata: Fix command retry decision
media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
tty: Fix data race in tty_insert_flip_string_fixed_flag
HID: i2c-hid: check if device is there before really probing
powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet
drm/radeon: fix mode_valid's return type
HID: hid-plantronics: Re-resend Update to map button for PTT products
ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback
media: smiapp: fix timeout checking in smiapp_read_nvm
md: fix NULL dereference of mddev->pers in remove_and_add_spares()
regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
ALSA: emu10k1: Rate-limit error messages about page errors
scsi: ufs: fix exception event handling
mwifiex: correct histogram data with appropriate index
PCI: pciehp: Request control of native hotplug only if supported
pinctrl: at91-pio4: add missing of_node_put
powerpc/8xx: fix invalid register expression in head_8xx.S
powerpc/powermac: Mark variable x as unused
powerpc/powermac: Add missing prototype for note_bootable_part()
powerpc/chrp/time: Make some functions static, add missing header include
powerpc/32: Add a missing include header
ath: Add regulatory mapping for Bahamas
ath: Add regulatory mapping for Bermuda
ath: Add regulatory mapping for Serbia
ath: Add regulatory mapping for Tanzania
ath: Add regulatory mapping for Uganda
ath: Add regulatory mapping for APL2_FCCA
ath: Add regulatory mapping for APL13_WORLD
ath: Add regulatory mapping for ETSI8_WORLD
ath: Add regulatory mapping for FCC3_ETSIC
PCI: Prevent sysfs disable of device while driver is attached
btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
media: videobuf2-core: don't call memop 'finish' when queueing
wlcore: sdio: check for valid platform device data before suspend
mwifiex: handle race during mwifiex_usb_disconnect
mfd: cros_ec: Fail early if we cannot identify the EC
ASoC: dpcm: fix BE dai not hw_free and shutdown
Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
iwlwifi: pcie: fix race in Rx buffer allocator
perf/x86/intel/uncore: Correct fixed counter index check for NHM
perf/x86/intel/uncore: Correct fixed counter index check in generic code
usbip: usbip_detach: Fix memory, udev context and udev leak
f2fs: fix to don't trigger writeback during recovery
disable loading f2fs module on PAGE_SIZE > 4KB
RDMA/mad: Convert BUG_ONs to error flows
powerpc/64s: Fix compiler store ordering to SLB shadow area
hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
infiniband: fix a possible use-after-free bug
netfilter: ipset: List timing out entries with "timeout 1" instead of zero
rtc: ensure rtc_set_alarm fails when alarms are not supported
mm/slub.c: add __printf verification to slab_err()
mm: vmalloc: avoid racy handling of debugobjects in vunmap
nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
ALSA: fm801: add error handling for snd_ctl_add
ALSA: emu10k1: add error handling for snd_ctl_add
xen/netfront: raise max number of slots in xennet_get_responses()
tracing: Quiet gcc warning about maybe unused link variable
tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
tracing: Fix possible double free in event_enable_trigger_func()
tracing: Fix double free of event_trigger_data
Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
Input: elan_i2c - add ACPI ID for lenovo ideapad 330
MIPS: Fix off-by-one in pci_resource_to_user()
kernel/sys.c: fix merge error with 4.4.144
Conflicts:
drivers/scsi/ufs/ufshcd.c
include/net/tcp.h
net/socket.c
Change-Id: Ie84fdcf54b0a45508f76ef56330291f54e35ed30
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAltoWioACgkQONu9yGCS
aT6YrQ//d8dWKaNZK08Z/l2ZqRS56wlNTJyHIB81p1uM2PuPHfLjsZzLQ+HnZ3Ha
G+fedEj3sbwJp8i61TRu9Q1p/PyLWsnaryWZaK3gm4Yo8GrdVbXAY47EHwz3fbUK
yxrC0+zQmIlyZgwzbUNGspDuAdNt2MFDug97RFF8BdhJd84Rv0BbicGMwKJQFfFN
g0Tv6yB+8cjmnCMjmLreLyi+puWvXZtZXAi+idl9eTC4ysGDKNvO1ERptv2NC5C6
171cbsS/ngpY5ZIUcmLy0QPPFh/ZCeoft22R3gOxZDkjT4Ro6lY5ubPKDEcn57Hv
FSV5fuQ3cBtmsODn7LMIWqLDKuCRM/gTmvXrWxM91JDLSsuAdZWATj8k4iIoocmk
l/3iOixBMFCGToQ1I2/O33QZOssKoDIz4bpG6+HM/Cj4anSnVZKjouJSTlNZr/3i
ZJOXpu/MpQItc/RGo/PumzJLkXhS+HyGwPbTIOPy29NMqp+xvjZv4DttuJbqyHJ2
Pm/OZcvU7z1wSMhcTknvZLLMQVRIICQjfPJNDefqAdrCdd233cRo37cU8egg4A0l
F3q+ZI/ny01YWQP8KrCJyWB5lHHbEc44wUHCxet0TPZ1qaqvVcXzaWhwxP2H0L3I
7r2u9bDg15ielw3jhPpRWZMvANbQlToNoj6YROqj5ArcIowcBPc=
=7/iL
-----END PGP SIGNATURE-----
Merge 4.4.146 into android-4.4
Changes in 4.4.146
MIPS: Fix off-by-one in pci_resource_to_user()
Input: elan_i2c - add ACPI ID for lenovo ideapad 330
Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
tracing: Fix double free of event_trigger_data
tracing: Fix possible double free in event_enable_trigger_func()
tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
tracing: Quiet gcc warning about maybe unused link variable
xen/netfront: raise max number of slots in xennet_get_responses()
ALSA: emu10k1: add error handling for snd_ctl_add
ALSA: fm801: add error handling for snd_ctl_add
nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
mm: vmalloc: avoid racy handling of debugobjects in vunmap
mm/slub.c: add __printf verification to slab_err()
rtc: ensure rtc_set_alarm fails when alarms are not supported
netfilter: ipset: List timing out entries with "timeout 1" instead of zero
infiniband: fix a possible use-after-free bug
hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
powerpc/64s: Fix compiler store ordering to SLB shadow area
RDMA/mad: Convert BUG_ONs to error flows
disable loading f2fs module on PAGE_SIZE > 4KB
f2fs: fix to don't trigger writeback during recovery
usbip: usbip_detach: Fix memory, udev context and udev leak
perf/x86/intel/uncore: Correct fixed counter index check in generic code
perf/x86/intel/uncore: Correct fixed counter index check for NHM
iwlwifi: pcie: fix race in Rx buffer allocator
Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
ASoC: dpcm: fix BE dai not hw_free and shutdown
mfd: cros_ec: Fail early if we cannot identify the EC
mwifiex: handle race during mwifiex_usb_disconnect
wlcore: sdio: check for valid platform device data before suspend
media: videobuf2-core: don't call memop 'finish' when queueing
btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
PCI: Prevent sysfs disable of device while driver is attached
ath: Add regulatory mapping for FCC3_ETSIC
ath: Add regulatory mapping for ETSI8_WORLD
ath: Add regulatory mapping for APL13_WORLD
ath: Add regulatory mapping for APL2_FCCA
ath: Add regulatory mapping for Uganda
ath: Add regulatory mapping for Tanzania
ath: Add regulatory mapping for Serbia
ath: Add regulatory mapping for Bermuda
ath: Add regulatory mapping for Bahamas
powerpc/32: Add a missing include header
powerpc/chrp/time: Make some functions static, add missing header include
powerpc/powermac: Add missing prototype for note_bootable_part()
powerpc/powermac: Mark variable x as unused
powerpc/8xx: fix invalid register expression in head_8xx.S
pinctrl: at91-pio4: add missing of_node_put
PCI: pciehp: Request control of native hotplug only if supported
mwifiex: correct histogram data with appropriate index
scsi: ufs: fix exception event handling
ALSA: emu10k1: Rate-limit error messages about page errors
regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
md: fix NULL dereference of mddev->pers in remove_and_add_spares()
media: smiapp: fix timeout checking in smiapp_read_nvm
ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback
HID: hid-plantronics: Re-resend Update to map button for PTT products
drm/radeon: fix mode_valid's return type
powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet
HID: i2c-hid: check if device is there before really probing
tty: Fix data race in tty_insert_flip_string_fixed_flag
dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
libata: Fix command retry decision
media: saa7164: Fix driver name in debug output
mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
brcmfmac: Add support for bcm43364 wireless chipset
s390/cpum_sf: Add data entry sizes to sampling trailer entry
perf: fix invalid bit in diagnostic entry
scsi: 3w-9xxx: fix a missing-check bug
scsi: 3w-xxxx: fix a missing-check bug
scsi: megaraid: silence a static checker bug
thermal: exynos: fix setting rising_threshold for Exynos5433
bpf: fix references to free_bpf_prog_info() in comments
media: siano: get rid of __le32/__le16 cast warnings
drm/atomic: Handling the case when setting old crtc for plane
ALSA: hda/ca0132: fix build failure when a local macro is defined
memory: tegra: Do not handle spurious interrupts
memory: tegra: Apply interrupts mask per SoC
drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
ipconfig: Correctly initialise ic_nameservers
rsi: Fix 'invalid vdd' warning in mmc
audit: allow not equal op for audit by executable
microblaze: Fix simpleImage format generation
usb: hub: Don't wait for connect state at resume for powered-off ports
crypto: authencesn - don't leak pointers to authenc keys
crypto: authenc - don't leak pointers to authenc keys
media: omap3isp: fix unbalanced dma_iommu_mapping
scsi: scsi_dh: replace too broad "TP9" string with the exact models
scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
media: si470x: fix __be16 annotations
drm: Add DP PSR2 sink enable bit
random: mix rdrand with entropy sent in from userspace
squashfs: be more careful about metadata corruption
ext4: fix inline data updates with checksums enabled
ext4: check for allocation block validity with block group locked
dmaengine: pxa_dma: remove duplicate const qualifier
ASoC: pxa: Fix module autoload for platform drivers
ipv4: remove BUG_ON() from fib_compute_spec_dst
net: fix amd-xgbe flow-control issue
net: lan78xx: fix rx handling before first packet is send
xen-netfront: wait xenbus state change when load module manually
NET: stmmac: align DMA stuff to largest cache line length
tcp: do not force quickack when receiving out-of-order packets
tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode
tcp: do not aggressively quick ack after ECN events
tcp: refactor tcp_ecn_check_ce to remove sk type cast
tcp: add one more quick ack after after ECN events
inet: frag: enforce memory limits earlier
net: dsa: Do not suspend/resume closed slave_dev
netlink: Fix spectre v1 gadget in netlink_create()
squashfs: more metadata hardening
squashfs: more metadata hardenings
can: ems_usb: Fix memory leak on ems_usb_disconnect()
net: socket: fix potential spectre v1 gadget in socketcall
virtio_balloon: fix another race between migration and ballooning
kvm: x86: vmx: fix vpid leak
crypto: padlock-aes - Fix Nano workaround data corruption
scsi: sg: fix minor memory leak in error path
Linux 4.4.146
Change-Id: Ia7e43a90d0f5603c741811436b8de41884cb2851
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit a38965bf941b7c2af50de09c96bc5f03e136caef ]
__printf is useful to verify format and arguments. Remove the following
warning (with W=1):
mm/slub.c:721:2: warning: function might be possible candidate for `gnu_printf' format attribute [-Wsuggest-attribute=format]
Link: http://lkml.kernel.org/r/20180505200706.19986-1-malat@debian.org
Signed-off-by: Mathieu Malaterre <malat@debian.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit f3c01d2f3ade6790db67f80fef60df84424f8964 ]
Currently, __vunmap flow is,
1) Release the VM area
2) Free the debug objects corresponding to that vm area.
This leave some race window open.
1) Release the VM area
1.5) Some other client gets the same vm area
1.6) This client allocates new debug objects on the same
vm area
2) Free the debug objects corresponding to this vm area.
Here, we actually free 'other' client's debug objects.
Fix this by freeing the debug objects first and then releasing the VM
area.
Link: http://lkml.kernel.org/r/1523961828-9485-2-git-send-email-cpandya@codeaurora.org
Signed-off-by: Chintan Pandya <cpandya@codeaurora.org>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Byungchul Park <byungchul.park@lge.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Laura Abbott <labbott@redhat.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Wei Yang <richard.weiyang@gmail.com>
Cc: Yisheng Xie <xieyisheng1@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-4b2d6ba
Linux 4.4.144
ubi: fastmap: Erase outdated anchor PEBs during attach
ubi: Fix Fastmap's update_vol()
ubi: Fix races around ubi_refill_pools()
ubi: Be more paranoid while seaching for the most recent Fastmap
ubi: Rework Fastmap attach base code
ubi: Introduce vol_ignored()
clk: tegra: Fix PLL_U post divider and initial rate on Tegra30
block: do not use interruptible wait anywhere
x86/cpu: Re-apply forced caps every time CPU caps are re-read
x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
x86/bugs: Rename SSBD_NO to SSB_NO
x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
x86/bugs: Rework spec_ctrl base and mask logic
x86/bugs: Remove x86_spec_ctrl_set()
x86/bugs: Expose x86_spec_ctrl_base directly
x86/bugs: Unify x86_spec_ctrl_{set_guest, restore_host}
x86/speculation: Rework speculative_store_bypass_update()
x86/speculation: Add virtualized speculative store bypass disable support
x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
x86/speculation: Handle HT correctly on AMD
x86/cpufeatures: Add FEATURE_ZEN
x86/cpu/AMD: Fix erratum 1076 (CPB bit)
x86/cpufeatures: Disentangle SSBD enumeration
x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
x86/cpu: Make alternative_msr_write work for 32-bit code
x86/bugs: Fix the parameters alignment and missing void
x86/bugs: Make cpu_show_common() static
x86/bugs: Fix __ssb_select_mitigation() return type
Documentation/spec_ctrl: Do some minor cleanups
proc: Use underscores for SSBD in 'status'
x86/bugs: Rename _RDS to _SSBD
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
seccomp: Move speculation migitation control to arch code
seccomp: Add filter flag to opt-out of SSB mitigation
seccomp: Use PR_SPEC_FORCE_DISABLE
prctl: Add force disable speculation
seccomp: Enable speculation flaw mitigations
proc: Provide details on speculation flaw mitigations
nospec: Allow getting/setting on non-current task
x86/speculation: Add prctl for Speculative Store Bypass mitigation
x86/process: Allow runtime control of Speculative Store Bypass
x86/process: Optimize TIF_NOTSC switch
x86/process: Correct and optimize TIF_BLOCKSTEP switch
x86/process: Optimize TIF checks in __switch_to_xtra()
prctl: Add speculation control prctls
x86/speculation: Create spec-ctrl.h to avoid include hell
x86/bugs/AMD: Add support to disable RDS on Fam[15, 16, 17]h if requested
x86/bugs: Whitelist allowed SPEC_CTRL MSR values
x86/bugs/intel: Set proper CPU features and setup RDS
x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation
x86/cpufeatures: Add X86_FEATURE_RDS
x86/bugs: Expose /sys/../spec_store_bypass
x86/cpu/intel: Add Knights Mill to Intel family
x86/cpu: Rename Merrifield2 to Moorefield
x86/bugs, KVM: Support the combination of guest and host IBRS
x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
x86/bugs: Concentrate bug reporting into a separate function
x86/bugs: Concentrate bug detection into a separate function
x86/nospec: Simplify alternative_msr_write()
x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen
xen: set cpu capabilities from xen_start_kernel()
selftest/seccomp: Fix the seccomp(2) signature
selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist
x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
x86/speculation: Use IBRS if available before calling into firmware
x86/spectre_v2: Don't check microcode versions when running under hypervisors
x86/speculation: Use Indirect Branch Prediction Barrier in context switch
x86/mm: Give each mm TLB flush generation a unique ID
x86/mm: Factor out LDT init from context init
x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
x86/speculation: Add <asm/msr-index.h> dependency
x86/speculation: Fix up array_index_nospec_mask() asm constraint
x86/speculation: Clean up various Spectre related details
x86/speculation: Correct Speculation Control microcode blacklist again
x86/speculation: Update Speculation Control microcode blacklist
x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface
x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
x86/pti: Mark constant arrays as __initconst
x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
x86/cpufeatures: Clean up Spectre v2 related CPUID flags
x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
x86/msr: Add definitions for new speculation control MSRs
x86/cpufeatures: Add AMD feature bits for Speculation Control
x86/cpufeatures: Add Intel feature bits for Speculation Control
x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
x86/paravirt: Make native_save_fl() extern inline
xhci: Fix perceived dead host due to runtime suspend race with event handler
skbuff: Unconditionally copy pfmemalloc in __skb_clone()
net: Don't copy pfmemalloc flag in __copy_skb_header()
tg3: Add higher cpu clock for 5762.
ptp: fix missing break in switch
net: phy: fix flag masking in __set_phy_supported
net/ipv4: Set oif in fib_compute_spec_dst
lib/rhashtable: consider param->min_size when setting initial table size
ipv6: fix useless rol32 call on hash
ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
mm: memcg: fix use after free in mem_cgroup_iter()
ARC: mm: allow mprotect to make stack mappings executable
ARC: Fix CONFIG_SWAP
ALSA: rawmidi: Change resized buffers atomically
fat: fix memory allocation failure handling of match_strdup()
x86/MCE: Remove min interval polling limitation
KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel.
Conflicts:
drivers/mtd/ubi/wl.c
sound/core/rawmidi.c
Change-Id: I277fe9260a764e7923ddc90e7327d9aa5865a038
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
* refs/heads/tmp-8ec9fd8
ANDROID: sdcardfs: Check stacked filesystem depth
Fix backport of "tcp: detect malicious patterns in tcp_collapse_ofo_queue()"
tcp: detect malicious patterns in tcp_collapse_ofo_queue()
tcp: avoid collapses in tcp_prune_queue() if possible
x86_64_cuttlefish_defconfig: Enable android-verity
x86_64_cuttlefish_defconfig: enable verity cert
Linux 4.4.142
perf tools: Move syscall number fallbacks from perf-sys.h to tools/arch/x86/include/asm/
x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
Kbuild: fix # escaping in .cmd files for future Make
ANDROID: Fix massive cpufreq_times memory leaks
ANDROID: Reduce use of #ifdef CONFIG_CPU_FREQ_TIMES
UPSTREAM: binder: replace "%p" with "%pK"
UPSTREAM: binder: free memory on error
UPSTREAM: binder: fix proc->files use-after-free
UPSTREAM: Revert "FROMLIST: binder: fix proc->files use-after-free"
UPSTREAM: ANDROID: binder: change down_write to down_read
UPSTREAM: ANDROID: binder: correct the cmd print for BINDER_WORK_RETURN_ERROR
UPSTREAM: ANDROID: binder: remove 32-bit binder interface.
UPSTREAM: ANDROID: binder: re-order some conditions
UPSTREAM: android: binder: use VM_ALLOC to get vm area
UPSTREAM: android: binder: Use true and false for boolean values
UPSTREAM: android: binder: Use octal permissions
UPSTREAM: android: binder: Prefer __func__ to using hardcoded function name
UPSTREAM: ANDROID: binder: make binder_alloc_new_buf_locked static and indent its arguments
UPSTREAM: android: binder: Check for errors in binder_alloc_shrinker_init().
treewide: Use array_size in f2fs_kvzalloc()
treewide: Use array_size() in f2fs_kzalloc()
treewide: Use array_size() in f2fs_kmalloc()
overflow.h: Add allocation size calculation helpers
f2fs: fix to clear FI_VOLATILE_FILE correctly
f2fs: let sync node IO interrupt async one
f2fs: don't change wbc->sync_mode
f2fs: fix to update mtime correctly
fs: f2fs: insert space around that ':' and ', '
fs: f2fs: add missing blank lines after declarations
fs: f2fs: changed variable type of offset "unsigned" to "loff_t"
f2fs: clean up symbol namespace
f2fs: make set_de_type() static
f2fs: make __f2fs_write_data_pages() static
f2fs: fix to avoid accessing cross the boundary
f2fs: fix to let caller retry allocating block address
disable loading f2fs module on PAGE_SIZE > 4KB
f2fs: fix error path of move_data_page
f2fs: don't drop dentry pages after fs shutdown
f2fs: fix to avoid race during access gc_thread pointer
f2fs: clean up with clear_radix_tree_dirty_tag
f2fs: fix to don't trigger writeback during recovery
f2fs: clear discard_wake earlier
f2fs: let discard thread wait a little longer if dev is busy
f2fs: avoid stucking GC due to atomic write
f2fs: introduce sbi->gc_mode to determine the policy
f2fs: keep migration IO order in LFS mode
f2fs: fix to wait page writeback during revoking atomic write
f2fs: Fix deadlock in shutdown ioctl
f2fs: detect synchronous writeback more earlier
mm: remove nr_pages argument from pagevec_lookup_{,range}_tag()
ceph: use pagevec_lookup_range_nr_tag()
mm: add variant of pagevec_lookup_range_tag() taking number of pages
mm: use pagevec_lookup_range_tag() in write_cache_pages()
mm: use pagevec_lookup_range_tag() in __filemap_fdatawait_range()
nilfs2: use pagevec_lookup_range_tag()
gfs2: use pagevec_lookup_range_tag()
f2fs: use find_get_pages_tag() for looking up single page
f2fs: simplify page iteration loops
f2fs: use pagevec_lookup_range_tag()
ext4: use pagevec_lookup_range_tag()
ceph: use pagevec_lookup_range_tag()
btrfs: use pagevec_lookup_range_tag()
mm: implement find_get_pages_range_tag()
f2fs: clean up with is_valid_blkaddr()
f2fs: fix to initialize min_mtime with ULLONG_MAX
f2fs: fix to let checkpoint guarantee atomic page persistence
f2fs: fix to initialize i_current_depth according to inode type
Revert "f2fs: add ovp valid_blocks check for bg gc victim to fg_gc"
f2fs: don't drop any page on f2fs_cp_error() case
f2fs: fix spelling mistake: "extenstion" -> "extension"
f2fs: enhance sanity_check_raw_super() to avoid potential overflows
f2fs: treat volatile file's data as hot one
f2fs: introduce release_discard_addr() for cleanup
f2fs: fix potential overflow
f2fs: rename dio_rwsem to i_gc_rwsem
f2fs: move mnt_want_write_file after range check
f2fs: fix missing clear FI_NO_PREALLOC in some error case
f2fs: enforce fsync_mode=strict for renamed directory
f2fs: sanity check for total valid node blocks
f2fs: sanity check on sit entry
f2fs: avoid bug_on on corrupted inode
f2fs: give message and set need_fsck given broken node id
f2fs: clean up commit_inmem_pages()
f2fs: do not check F2FS_INLINE_DOTS in recover
f2fs: remove duplicated dquot_initialize and fix error handling
f2fs: stop issue discard if something wrong with f2fs
f2fs: fix return value in f2fs_ioc_commit_atomic_write
f2fs: allocate hot_data for atomic write more strictly
f2fs: check if inmem_pages list is empty correctly
f2fs: fix race in between GC and atomic open
f2fs: change le32 to le16 of f2fs_inode->i_extra_size
f2fs: check cur_valid_map_mir & raw_sit block count when flush sit entries
f2fs: correct return value of f2fs_trim_fs
f2fs: fix to show missing bits in FS_IOC_GETFLAGS
f2fs: remove unneeded F2FS_PROJINHERIT_FL
f2fs: don't use GFP_ZERO for page caches
f2fs: issue all big range discards in umount process
f2fs: remove redundant block plug
f2fs: remove unmatched zero_user_segment when convert inline dentry
f2fs: introduce private inode status mapping
fscrypt: log the crypto algorithm implementations
crypto: api - Add crypto_type_has_alg helper
crypto: skcipher - Add low-level skcipher interface
crypto: skcipher - Add helper to retrieve driver name
crypto: skcipher - Add default key size helper
fscrypt: add Speck128/256 support
fscrypt: only derive the needed portion of the key
fscrypt: separate key lookup from key derivation
fscrypt: use a common logging function
fscrypt: remove internal key size constants
fscrypt: remove unnecessary check for non-logon key type
fscrypt: make fscrypt_operations.max_namelen an integer
fscrypt: drop empty name check from fname_decrypt()
fscrypt: drop max_namelen check from fname_decrypt()
fscrypt: don't special-case EOPNOTSUPP from fscrypt_get_encryption_info()
fscrypt: don't clear flags on crypto transform
fscrypt: remove stale comment from fscrypt_d_revalidate()
fscrypt: remove error messages for skcipher_request_alloc() failure
fscrypt: remove unnecessary NULL check when allocating skcipher
fscrypt: clean up after fscrypt_prepare_lookup() conversions
fscrypt: use unbound workqueue for decryption
f2fs: run fstrim asynchronously if runtime discard is on
f2fs: turn down IO priority of discard from background
f2fs: don't split checkpoint in fstrim
f2fs: issue discard commands proactively in high fs utilization
f2fs: add fsync_mode=nobarrier for non-atomic files
f2fs: let fstrim issue discard commands in lower priority
f2fs: avoid fsync() failure caused by EAGAIN in writepage()
f2fs: clear PageError on writepage - part 2
f2fs: check cap_resource only for data blocks
Revert "f2fs: introduce f2fs_set_page_dirty_nobuffer"
f2fs: clear PageError on writepage
f2fs: call unlock_new_inode() before d_instantiate()
f2fs: refactor read path to allow multiple postprocessing steps
fscrypt: allow synchronous bio decryption
f2fs: remain written times to update inode during fsync
f2fs: make assignment of t->dentry_bitmap more readable
f2fs: truncate preallocated blocks in error case
f2fs: fix a wrong condition in f2fs_skip_inode_update
f2fs: reserve bits for fs-verity
f2fs: Add a segment type check in inplace write
f2fs: no need to initialize zero value for GFP_F2FS_ZERO
f2fs: don't track new nat entry in nat set
f2fs: clean up with F2FS_BLK_ALIGN
f2fs: check blkaddr more accuratly before issue a bio
f2fs: Set GF_NOFS in read_cache_page_gfp while doing f2fs_quota_read
f2fs: introduce a new mount option test_dummy_encryption
f2fs: introduce F2FS_FEATURE_LOST_FOUND feature
f2fs: release locks before return in f2fs_ioc_gc_range()
f2fs: align memory boundary for bitops
f2fs: remove unneeded set_cold_node()
f2fs: add nowait aio support
f2fs: wrap all options with f2fs_sb_info.mount_opt
f2fs: Don't overwrite all types of node to keep node chain
f2fs: introduce mount option for fsync mode
f2fs: fix to restore old mount option in ->remount_fs
f2fs: wrap sb_rdonly with f2fs_readonly
f2fs: avoid selinux denial on CAP_SYS_RESOURCE
f2fs: support hot file extension
f2fs: fix to avoid race in between atomic write and background GC
f2fs: do gc in greedy mode for whole range if gc_urgent mode is set
f2fs: issue discard aggressively in the gc_urgent mode
f2fs: set readdir_ra by default
f2fs: add auto tuning for small devices
f2fs: add mount option for segment allocation policy
f2fs: don't stop GC if GC is contended
f2fs: expose extension_list sysfs entry
f2fs: fix to set KEEP_SIZE bit in f2fs_zero_range
f2fs: introduce sb_lock to make encrypt pwsalt update exclusive
f2fs: remove redundant initialization of pointer 'p'
f2fs: flush cp pack except cp pack 2 page at first
f2fs: clean up f2fs_sb_has_xxx functions
f2fs: remove redundant check of page type when submit bio
f2fs: fix to handle looped node chain during recovery
f2fs: handle quota for orphan inodes
f2fs: support passing down write hints to block layer with F2FS policy
f2fs: support passing down write hints given by users to block layer
f2fs: fix to clear CP_TRIMMED_FLAG
f2fs: support large nat bitmap
f2fs: fix to check extent cache in f2fs_drop_extent_tree
f2fs: restrict inline_xattr_size configuration
f2fs: fix heap mode to reset it back
f2fs: fix potential corruption in area before F2FS_SUPER_OFFSET
fscrypt: fix build with pre-4.6 gcc versions
fscrypt: fix up fscrypt_fname_encrypted_size() for internal use
fscrypt: define fscrypt_fname_alloc_buffer() to be for presented names
fscrypt: calculate NUL-padding length in one place only
fscrypt: move fscrypt_symlink_data to fscrypt_private.h
fscrypt: remove fscrypt_fname_usr_to_disk()
f2fs: switch to fscrypt_get_symlink()
f2fs: switch to fscrypt ->symlink() helper functions
fscrypt: new helper function - fscrypt_get_symlink()
fscrypt: new helper functions for ->symlink()
fscrypt: trim down fscrypt.h includes
fscrypt: move fscrypt_is_dot_dotdot() to fs/crypto/fname.c
fscrypt: move fscrypt_valid_enc_modes() to fscrypt_private.h
fscrypt: move fscrypt_operations declaration to fscrypt_supp.h
fscrypt: split fscrypt_dummy_context_enabled() into supp/notsupp versions
fscrypt: move fscrypt_ctx declaration to fscrypt_supp.h
fscrypt: move fscrypt_info_cachep declaration to fscrypt_private.h
fscrypt: move fscrypt_control_page() to supp/notsupp headers
fscrypt: move fscrypt_has_encryption_key() to supp/notsupp headers
f2fs: don't put dentry page in pagecache into highmem
f2fs: support inode creation time
f2fs: rebuild sit page from sit info in mem
f2fs: stop issuing discard if fs is readonly
f2fs: clean up duplicated assignment in init_discard_policy
f2fs: use GFP_F2FS_ZERO for cleanup
f2fs: allow to recover node blocks given updated checkpoint
f2fs: recover some i_inline flags
f2fs: correct removexattr behavior for null valued extended attribute
f2fs: drop page cache after fs shutdown
f2fs: stop gc/discard thread after fs shutdown
f2fs: hanlde error case in f2fs_ioc_shutdown
f2fs: split need_inplace_update
f2fs: fix to update last_disk_size correctly
f2fs: kill F2FS_INLINE_XATTR_ADDRS for cleanup
f2fs: clean up error path of fill_super
f2fs: avoid hungtask when GC encrypted block if io_bits is set
f2fs: allow quota to use reserved blocks
f2fs: fix to drop all inmem pages correctly
f2fs: speed up defragment on sparse file
f2fs: support F2FS_IOC_PRECACHE_EXTENTS
f2fs: add an ioctl to disable GC for specific file
f2fs: prevent newly created inode from being dirtied incorrectly
f2fs: support FIEMAP_FLAG_XATTR
f2fs: fix to cover f2fs_inline_data_fiemap with inode_lock
f2fs: check node page again in write end io
f2fs: fix to caclulate required free section correctly
f2fs: handle newly created page when revoking inmem pages
f2fs: add resgid and resuid to reserve root blocks
f2fs: implement cgroup writeback support
f2fs: remove unused pend_list_tag
f2fs: avoid high cpu usage in discard thread
f2fs: make local functions static
f2fs: add reserved blocks for root user
f2fs: check segment type in __f2fs_replace_block
f2fs: update inode info to inode page for new file
f2fs: show precise # of blocks that user/root can use
f2fs: clean up unneeded declaration
f2fs: continue to do direct IO if we only preallocate partial blocks
f2fs: enable quota at remount from r to w
f2fs: skip stop_checkpoint for user data writes
f2fs: fix missing error number for xattr operation
f2fs: recover directory operations by fsync
f2fs: return error during fill_super
f2fs: fix an error case of missing update inode page
f2fs: fix potential hangtask in f2fs_trace_pid
f2fs: no need return value in restore summary process
f2fs: use unlikely for release case
f2fs: don't return value in truncate_data_blocks_range
f2fs: clean up f2fs_map_blocks
f2fs: clean up hash codes
f2fs: fix error handling in fill_super
f2fs: spread f2fs_k{m,z}alloc
f2fs: inject fault to kvmalloc
f2fs: inject fault to kzalloc
f2fs: remove a redundant conditional expression
f2fs: apply write hints to select the type of segment for direct write
f2fs: switch to fscrypt_prepare_setattr()
f2fs: switch to fscrypt_prepare_lookup()
f2fs: switch to fscrypt_prepare_rename()
f2fs: switch to fscrypt_prepare_link()
f2fs: switch to fscrypt_file_open()
f2fs: remove repeated f2fs_bug_on
f2fs: remove an excess variable
f2fs: fix lock dependency in between dio_rwsem & i_mmap_sem
f2fs: remove unused parameter
f2fs: still write data if preallocate only partial blocks
f2fs: introduce sysfs readdir_ra to readahead inode block in readdir
f2fs: fix concurrent problem for updating free bitmap
f2fs: remove unneeded memory footprint accounting
f2fs: no need to read nat block if nat_block_bitmap is set
f2fs: reserve nid resource for quota sysfile
fscrypt: resolve some cherry-pick bugs
fscrypt: move to generic async completion
crypto: introduce crypto wait for async op
fscrypt: lock mutex before checking for bounce page pool
fscrypt: new helper function - fscrypt_prepare_setattr()
fscrypt: new helper function - fscrypt_prepare_lookup()
fscrypt: new helper function - fscrypt_prepare_rename()
fscrypt: new helper function - fscrypt_prepare_link()
fscrypt: new helper function - fscrypt_file_open()
fscrypt: new helper function - fscrypt_require_key()
fscrypt: remove unneeded empty fscrypt_operations structs
fscrypt: remove ->is_encrypted()
fscrypt: switch from ->is_encrypted() to IS_ENCRYPTED()
fs, fscrypt: add an S_ENCRYPTED inode flag
fscrypt: clean up include file mess
fscrypt: fix dereference of NULL user_key_payload
fscrypt: make ->dummy_context() return bool
f2fs: deny accessing encryption policy if encryption is off
f2fs: inject fault in inc_valid_node_count
f2fs: fix to clear FI_NO_PREALLOC
f2fs: expose quota information in debugfs
f2fs: separate nat entry mem alloc from nat_tree_lock
f2fs: validate before set/clear free nat bitmap
f2fs: avoid opened loop codes in __add_ino_entry
f2fs: apply write hints to select the type of segments for buffered write
f2fs: introduce scan_curseg_cache for cleanup
f2fs: optimize the way of traversing free_nid_bitmap
f2fs: keep scanning until enough free nids are acquired
f2fs: trace checkpoint reason in fsync()
f2fs: keep isize once block is reserved cross EOF
f2fs: avoid race in between GC and block exchange
f2fs: save a multiplication for last_nid calculation
f2fs: fix summary info corruption
f2fs: remove dead code in update_meta_page
f2fs: remove unneeded semicolon
f2fs: don't bother with inode->i_version
f2fs: check curseg space before foreground GC
f2fs: use rw_semaphore to protect SIT cache
f2fs: support quota sys files
f2fs: add quota_ino feature infra
f2fs: optimize __update_nat_bits
f2fs: modify for accurate fggc node io stat
Revert "f2fs: handle dirty segments inside refresh_sit_entry"
f2fs: add a function to move nid
f2fs: export SSR allocation threshold
f2fs: give correct trimmed blocks in fstrim
f2fs: support bio allocation error injection
f2fs: support get_page error injection
f2fs: add missing sysfs description
f2fs: support soft block reservation
f2fs: handle error case when adding xattr entry
f2fs: support flexible inline xattr size
f2fs: show current cp state
f2fs: add missing quota_initialize
f2fs: show # of dirty segments via sysfs
f2fs: stop all the operations by cp_error flag
f2fs: remove several redundant assignments
f2fs: avoid using timespec
f2fs: fix to correct no_fggc_candidate
Revert "f2fs: return wrong error number on f2fs_quota_write"
f2fs: remove obsolete pointer for truncate_xattr_node
f2fs: retry ENOMEM for quota_read|write
f2fs: limit # of inmemory pages
f2fs: update ctx->pos correctly when hitting hole in directory
f2fs: relocate readahead codes in readdir()
f2fs: allow readdir() to be interrupted
f2fs: trace f2fs_readdir
f2fs: trace f2fs_lookup
f2fs: skip searching non-exist range in truncate_hole
f2fs: expose some sectors to user in inline data or dentry case
f2fs: avoid stale fi->gdirty_list pointer
f2fs/crypto: drop crypto key at evict_inode only
f2fs: fix to avoid race when accessing last_disk_size
f2fs: Fix bool initialization/comparison
f2fs: give up CP_TRIMMED_FLAG if it drops discards
f2fs: trace f2fs_remove_discard
f2fs: reduce cmd_lock coverage in __issue_discard_cmd
f2fs: split discard policy
f2fs: wrap discard policy
f2fs: support issuing/waiting discard in range
f2fs: fix to flush multiple device in checkpoint
f2fs: enhance multiple device flush
f2fs: fix to show ino management cache size correctly
f2fs: drop FI_UPDATE_WRITE tag after f2fs_issue_flush
f2fs: obsolete ALLOC_NID_LIST list
f2fs: convert inline data for direct I/O & FI_NO_PREALLOC
f2fs: allow readpages with NULL file pointer
f2fs: show flush list status in sysfs
f2fs: introduce read_xattr_block
f2fs: introduce read_inline_xattr
Revert "f2fs: reuse nids more aggressively"
Revert "f2fs: node segment is prior to data segment selected victim"
f2fs: fix potential panic during fstrim
f2fs: hurry up to issue discard after io interruption
f2fs: fix to show correct discard_granularity in sysfs
f2fs: detect dirty inode in evict_inode
f2fs: clear radix tree dirty tag of pages whose dirty flag is cleared
f2fs: speed up gc_urgent mode with SSR
f2fs: better to wait for fstrim completion
f2fs: avoid race in between read xattr & write xattr
f2fs: make get_lock_data_page to handle encrypted inode
f2fs: use generic terms used for encrypted block management
f2fs: introduce f2fs_encrypted_file for clean-up
Revert "f2fs: add a new function get_ssr_cost"
f2fs: constify super_operations
f2fs: fix to wake up all sleeping flusher
f2fs: avoid race in between atomic_read & atomic_inc
f2fs: remove unneeded parameter of change_curseg
f2fs: update i_flags correctly
f2fs: don't check inode's checksum if it was dirtied or writebacked
f2fs: don't need to update inode checksum for recovery
f2fs: trigger fdatasync for non-atomic_write file
f2fs: fix to avoid race in between aio and gc
f2fs: wake up discard_thread iff there is a candidate
f2fs: return error when accessing insane flie offset
f2fs: trigger normal fsync for non-atomic_write file
f2fs: clear FI_HOT_DATA correctly
f2fs: fix out-of-order execution in f2fs_issue_flush
f2fs: issue discard commands if gc_urgent is set
f2fs: introduce discard_granularity sysfs entry
f2fs: remove unused function overprovision_sections
f2fs: check hot_data for roll-forward recovery
f2fs: add tracepoint for f2fs_gc
f2fs: retry to revoke atomic commit in -ENOMEM case
f2fs: let fill_super handle roll-forward errors
f2fs: merge equivalent flags F2FS_GET_BLOCK_[READ|DIO]
f2fs: support journalled quota
f2fs: fix potential overflow when adjusting GC cycle
f2fs: avoid unneeded sync on quota file
f2fs: introduce gc_urgent mode for background GC
f2fs: use IPU for cold files
f2fs: fix the size value in __check_sit_bitmap
f2fs: add app/fs io stat
f2fs: do not change the valid_block value if cur_valid_map was wrongly set or cleared
f2fs: update cur_valid_map_mir together with cur_valid_map
f2fs: use printk_ratelimited for f2fs_msg
f2fs: expose features to sysfs entry
f2fs: support inode checksum
f2fs: return wrong error number on f2fs_quota_write
f2fs: provide f2fs_balance_fs to __write_node_page
f2fs: introduce f2fs_statfs_project
f2fs: don't need to wait for node writes for atomic write
f2fs: avoid naming confusion of sysfs init
f2fs: support project quota
f2fs: record quota during dot{,dot} recovery
f2fs: enhance on-disk inode structure scalability
f2fs: make max inline size changeable
f2fs: add ioctl to expose current features
f2fs: make background threads of f2fs being aware of freezing
f2fs: don't give partially written atomic data from process crash
f2fs: give a try to do atomic write in -ENOMEM case
f2fs: preserve i_mode if __f2fs_set_acl() fails
f2fs: alloc new nids for xattr block in recovery
f2fs: spread struct f2fs_dentry_ptr for inline path
f2fs: remove unused input parameter
f2fs: avoid cpu lockup
f2fs: include seq_file.h for sysfs.c
f2fs: Don't clear SGID when inheriting ACLs
f2fs: remove extra inode_unlock() in error path
fscrypt: add support for AES-128-CBC
fscrypt: inline fscrypt_free_filename()
f2fs: make more close to v4.13-rc1
f2fs: support plain user/group quota
f2fs: avoid deadlock caused by lock order of page and lock_op
f2fs: use spin_{,un}lock_irq{save,restore}
f2fs: relax migratepage for atomic written page
f2fs: don't count inode block in in-memory inode.i_blocks
Revert "f2fs: fix to clean previous mount option when remount_fs"
f2fs: do not set LOST_PINO for renamed dir
f2fs: do not set LOST_PINO for newly created dir
f2fs: skip ->writepages for {mete,node}_inode during recovery
f2fs: introduce __check_sit_bitmap
f2fs: stop gc/discard thread in prior during umount
f2fs: introduce reserved_blocks in sysfs
f2fs: avoid redundant f2fs_flush after remount
f2fs: report # of free inodes more precisely
f2fs: add ioctl to do gc with target block address
f2fs: don't need to check encrypted inode for partial truncation
f2fs: measure inode.i_blocks as generic filesystem
f2fs: set CP_TRIMMED_FLAG correctly
f2fs: require key for truncate(2) of encrypted file
f2fs: move sysfs code from super.c to fs/f2fs/sysfs.c
f2fs: clean up sysfs codes
f2fs: fix wrong error number of fill_super
f2fs: fix to show injection rate in ->show_options
f2fs: Fix a return value in case of error in 'f2fs_fill_super'
f2fs: use proper variable name
f2fs: fix to avoid panic when encountering corrupt node
f2fs: don't track newly allocated nat entry in list
f2fs: add f2fs_bug_on in __remove_discard_cmd
f2fs: introduce __wait_one_discard_bio
f2fs: dax: fix races between page faults and truncating pages
f2fs: simplify the way of calulating next nat address
f2fs: sanity check size of nat and sit cache
f2fs: fix a panic caused by NULL flush_cmd_control
f2fs: remove the unnecessary cast for PTR_ERR
f2fs: remove false-positive bug_on
f2fs: Do not issue small discards in LFS mode
f2fs: don't bother checking for encryption key in ->write_iter()
f2fs: don't bother checking for encryption key in ->mmap()
f2fs: wait discard IO completion without cmd_lock held
f2fs: wake up all waiters in f2fs_submit_discard_endio
f2fs: show more info if fail to issue discard
f2fs: introduce io_list for serialize data/node IOs
f2fs: split wio_mutex
f2fs: combine huge num of discard rb tree consistence checks
f2fs: fix a bug caused by NULL extent tree
f2fs: try to freeze in gc and discard threads
f2fs: add a new function get_ssr_cost
f2fs: declare load_free_nid_bitmap static
f2fs: avoid f2fs_lock_op for IPU writes
f2fs: split bio cache
f2fs: use fio instead of multiple parameters
f2fs: remove unnecessary read cases in merged IO flow
f2fs: use f2fs_submit_page_bio for ra_meta_pages
f2fs: make sure f2fs_gc returns consistent errno
f2fs: load inode's flag from disk
f2fs: sanity check checkpoint segno and blkoff
f2fs, block_dump: give WRITE direction to submit_bio
fscrypt: correct collision claim for digested names
f2fs: switch to using fscrypt_match_name()
fscrypt: introduce helper function for filename matching
fscrypt: fix context consistency check when key(s) unavailable
fscrypt: Move key structure and constants to uapi
fscrypt: remove fscrypt_symlink_data_len()
fscrypt: remove unnecessary checks for NULL operations
fscrypt: eliminate ->prepare_context() operation
fscrypt: remove broken support for detecting keyring key revocation
fscrypt: avoid collisions when presenting long encrypted filenames
f2fs: check entire encrypted bigname when finding a dentry
f2fs: sync f2fs_lookup() with ext4_lookup()
f2fs: fix a mount fail for wrong next_scan_nid
f2fs: relocate inode_{,un}lock in F2FS_IOC_SETFLAGS
f2fs: show available_nids in f2fs/status
f2fs: flush dirty nats periodically
f2fs: introduce CP_TRIMMED_FLAG to avoid unneeded discard
f2fs: allow cpc->reason to indicate more than one reason
f2fs: release cp and dnode lock before IPU
f2fs: shrink size of struct discard_cmd
f2fs: don't hold cmd_lock during waiting discard command
f2fs: nullify fio->encrypted_page for each writes
f2fs: sanity check segment count
f2fs: introduce valid_ipu_blkaddr to clean up
f2fs: lookup extent cache first under IPU scenario
f2fs: reconstruct code to write a data page
f2fs: introduce __wait_discard_cmd
f2fs: introduce __issue_discard_cmd
f2fs: enable small discard by default
f2fs: delay awaking discard thread
f2fs: seperate read nat page from nat_tree_lock
f2fs: fix multiple f2fs_add_link() having same name for inline dentry
f2fs: skip encrypted inode in ASYNC IPU policy
f2fs: fix out-of free segments
f2fs: improve definition of statistic macros
f2fs: assign allocation hint for warm/cold data
f2fs: fix _IOW usage
f2fs: add ioctl to flush data from faster device to cold area
f2fs: introduce async IPU policy
f2fs: add undiscard blocks stat
f2fs: unlock cp_rwsem early for IPU writes
f2fs: introduce __check_rb_tree_consistence
f2fs: trace __submit_discard_cmd
f2fs: in prior to issue big discard
f2fs: clean up discard_cmd_control structure
f2fs: use rb-tree to track pending discard commands
f2fs: avoid dirty node pages in check_only recovery
f2fs: fix not to set fsync/dentry mark
f2fs: allocate hot_data for atomic writes
f2fs: give time to flush dirty pages for checkpoint
f2fs: fix fs corruption due to zero inode page
f2fs: shrink blk plug region
f2fs: extract rb-tree operation infrastructure
f2fs: avoid frequent checkpoint during f2fs_gc
f2fs: clean up some macros in terms of GET_SEGNO
f2fs: clean up get_valid_blocks with consistent parameter
f2fs: use segment number for get_valid_blocks
f2fs: guard macro variables with braces
f2fs: fix comment on f2fs_flush_merged_bios() after 86531d6b
f2fs: prevent waiter encountering incorrect discard states
f2fs: introduce f2fs_wait_discard_bios
f2fs: split discard_cmd_list
Revert "f2fs: put allocate_segment after refresh_sit_entry"
f2fs: split make_dentry_ptr() into block and inline versions
f2fs: submit bio of in-place-update pages
f2fs: remove the redundant variable definition
f2fs: avoid IO split due to mixed WB_SYNC_ALL and WB_SYNC_NONE
f2fs: write small sized IO to hot log
f2fs: use bitmap in discard_entry
f2fs: clean up destroy_discard_cmd_control
f2fs: count discard command entry
f2fs: show issued flush/discard count
f2fs: relax node version check for victim data in gc
f2fs: start SSR much eariler to avoid FG_GC
f2fs: allocate node and hot data in the beginning of partition
f2fs: fix wrong max cost initialization
f2fs: allow write page cache when writting cp
f2fs: don't reserve additional space in xattr block
f2fs: clean up xattr operation
f2fs: don't track volatile file in dirty inode list
f2fs: show the max number of volatile operations
f2fs: fix race condition in between free nid allocator/initializer
f2fs: use set_page_private marcro in f2fs_trace_pid
f2fs: fix recording invalid last_victim
f2fs: more reasonable mem_size calculating of ino_entry
f2fs: calculate the f2fs_stat_info into base_mem
f2fs: avoid stat_inc_atomic_write for non-atomic file
f2fs: sanity check of crc_offset from raw checkpoint
f2fs: cleanup the disk level filename updating
f2fs: cover update_free_nid_bitmap with nid_list_lock
f2fs: fix bad prefetchw of NULL page
f2fs: clear FI_DATA_EXIST flag in truncate_inline_inode
f2fs: move mnt_want_write_file after arguments checking
f2fs: check new size by inode_newsize_ok in f2fs_insert_range
f2fs: avoid copy date to user-space if move file range fail
f2fs: drop duplicate new_size assign in f2fs_zero_range
f2fs: adjust the way of calculating nat block
f2fs: add fault injection on f2fs_truncate
f2fs: check range before defragment
f2fs: use parameter max_items instead of PIDVEC_SIZE
f2fs: add a punch discard command function
f2fs: allocate a bio for discarding when actually issuing it
f2fs: skip writeback meta pages if cp_mutex acquire failed
f2fs: show more precise message on orphan recovery failure
f2fs: remove dead macro PGOFS_OF_NEXT_DNODE
f2fs: drop duplicate radix tree lookup of nat_entry_set
f2fs: make sure trace all f2fs_issue_flush
f2fs: don't allow volatile writes for non-regular file
f2fs: don't allow atomic writes for not regular files
f2fs: fix stale ATOMIC_WRITTEN_PAGE private pointer
f2fs: build stat_info before orphan inode recovery
f2fs: fix the fault of calculating blkstart twice
f2fs: fix the fault of checking F2FS_LINK_MAX for rename inode
f2fs: don't allow to get pino when filename is encrypted
f2fs: fix wrong error injection for evict_inode
f2fs: le32_to_cpu for ckpt->cp_pack_total_block_count
f2fs: le16_to_cpu for xattr->e_value_size
f2fs: don't need to invalidate wrong node page
f2fs: fix an error return value in truncate_partial_data_page
f2fs: combine nat_bits and free_nid_bitmap cache
f2fs: skip scanning free nid bitmap of full NAT blocks
f2fs: use __set{__clear}_bit_le
f2fs: update_free_nid_bitmap() can be static
f2fs: __update_nat_bits() can be static
f2fs: le16_to_cpu for xattr->e_value_size
f2fs: don't overwrite node block by SSR
f2fs: don't need to invalidate wrong node page
f2fs: fix an error return value in truncate_partial_data_page
fscrypt: catch up to v4.11-rc1
f2fs: avoid to flush nat journal entries
f2fs: avoid to issue redundant discard commands
f2fs: fix a plint compile warning
f2fs: add f2fs_drop_inode tracepoint
f2fs: Fix zoned block device support
f2fs: remove redundant set_page_dirty()
f2fs: fix to enlarge size of write_io_dummy mempool
f2fs: fix memory leak of write_io_dummy mempool during umount
f2fs: fix to update F2FS_{CP_}WB_DATA count correctly
f2fs: use MAX_FREE_NIDS for the free nids target
f2fs: introduce free nid bitmap
f2fs: new helper cur_cp_crc() getting crc in f2fs_checkpoint
f2fs: update the comment of default nr_pages to skipping
f2fs: drop the duplicate pval in f2fs_getxattr
f2fs: Don't update the xattr data that same as the exist
f2fs: kill __is_extent_same
f2fs: avoid bggc->fggc when enough free segments are avaliable after cp
f2fs: select target segment with closer temperature in SSR mode
f2fs: show simple call stack in fault injection message
fscrypt: catch fscrypto_get_policy in v4.10-rc6
f2fs: use __clear_bit_le
f2fs: no need lock_op in f2fs_write_inline_data
f2fs: add bitmaps for empty or full NAT blocks
f2fs: replace rw semaphore extent_tree_lock with mutex lock
f2fs: avoid m_flags overlay when allocating more data blocks
f2fs: remove unsafe bitmap checking
f2fs: init local extent_info to avoid stale stack info in tp
f2fs: remove unnecessary condition check for write_checkpoint in f2fs_gc
f2fs: do SSR for node segments more aggresively
f2fs: check discard alignment only for SEQWRITE zones
f2fs: wait for discard completion after submission
f2fs: much larger batched trim_fs job
f2fs: avoid very large discard command
f2fs: find data segments across all the types
f2fs: do SSR in higher priority
f2fs: do SSR for data when there is enough free space
f2fs: node segment is prior to data segment selected victim
f2fs: put allocate_segment after refresh_sit_entry
f2fs: add ovp valid_blocks check for bg gc victim to fg_gc
f2fs: do not wait for writeback in write_begin
f2fs: replace __get_victim by dirty_segments in FG_GC
f2fs: fix multiple f2fs_add_link() calls having same name
f2fs: show actual device info in tracepoints
f2fs: use SSR for warm node as well
f2fs: enable inline_xattr by default
f2fs: introduce noinline_xattr mount option
f2fs: avoid reading NAT page by get_node_info
f2fs: remove build_free_nids() during checkpoint
f2fs: change recovery policy of xattr node block
f2fs: super: constify fscrypt_operations structure
f2fs: show checkpoint version at mount time
f2fs: remove preflush for nobarrier case
f2fs: check last page index in cached bio to decide submission
f2fs: check io submission more precisely
f2fs: fix trim_fs assignment
Revert "f2fs: remove batched discard in f2fs_trim_fs"
f2fs: fix missing bio_alloc(1)
f2fs: call internal __write_data_page directly
f2fs: avoid out-of-order execution of atomic writes
f2fs: move write_node_page above fsync_node_pages
f2fs: move flush tracepoint
f2fs: show # of APPEND and UPDATE inodes
f2fs: fix 446 coding style warnings in f2fs.h
f2fs: fix 3 coding style errors in f2fs.h
f2fs: declare missing static function
f2fs: show the fault injection mount option
f2fs: fix null pointer dereference when issuing flush in ->fsync
f2fs: fix to avoid overflow when left shifting page offset
f2fs: enhance lookup xattr
f2fs: fix a dead loop in f2fs_fiemap()
f2fs: do not preallocate blocks which has wrong buffer
f2fs: show # of on-going flush and discard bios
f2fs: add a kernel thread to issue discard commands asynchronously
f2fs: factor out discard command info into discard_cmd_control
f2fs: remove batched discard in f2fs_trim_fs
f2fs: reorganize stat information
f2fs: clean up flush/discard command namings
f2fs: check in-memory sit version bitmap
f2fs: check in-memory nat version bitmap
f2fs: check in-memory block bitmap
f2fs: introduce FI_ATOMIC_COMMIT
f2fs: clean up with list_{first, last}_entry
f2fs: return fs_trim if there is no candidate
f2fs: avoid needless checkpoint in f2fs_trim_fs
f2fs: relax async discard commands more
f2fs: drop exist_data for inline_data when truncated to 0
f2fs: don't allow encrypted operations without keys
f2fs: show the max number of atomic operations
f2fs: get io size bit from mount option
f2fs: support IO alignment for DATA and NODE writes
f2fs: add submit_bio tracepoint
f2fs: reassign new segment for mode=lfs
f2fs: fix a missing discard prefree segments
f2fs: use rb_entry_safe
f2fs: add a case of no need to read a page in write begin
f2fs: fix a problem of using memory after free
f2fs: remove unneeded condition
f2fs: don't cache nat entry if out of memory
f2fs: remove unused values in recover_fsync_data
f2fs: support async discard based on v4.9
f2fs: resolve op and op_flags confilcts
f2fs: remove wrong backported codes
f2fs: fix a missing size change in f2fs_setattr
fs/super.c: fix race between freeze_super() and thaw_super()
scripts/tags.sh: catch 4.9-rc6
f2fs: fix to access nullified flush_cmd_control pointer
f2fs: free meta pages if sanity check for ckpt is failed
f2fs: detect wrong layout
f2fs: call sync_fs when f2fs is idle
Revert "f2fs: use percpu_counter for # of dirty pages in inode"
f2fs: return AOP_WRITEPAGE_ACTIVATE for writepage
f2fs: do not activate auto_recovery for fallocated i_size
f2fs: fix 32-bit build
f2fs: set ->owner for debugfs status file's file_operations
f2fs: fix incorrect free inode count in ->statfs
f2fs: drop duplicate header timer.h
f2fs: fix wrong AUTO_RECOVER condition
f2fs: do not recover i_size if it's valid
f2fs: fix fdatasync
f2fs: fix to account total free nid correctly
f2fs: fix an infinite loop when flush nodes in cp
f2fs: don't wait writeback for datas during checkpoint
f2fs: fix wrong written_valid_blocks counting
f2fs: avoid BG_GC in f2fs_balance_fs
f2fs: fix redundant block allocation
f2fs: use err for f2fs_preallocate_blocks
f2fs: support multiple devices
f2fs: allow dio read for LFS mode
f2fs: revert segment allocation for direct IO
f2fs: return directly if block has been removed from the victim
Revert "f2fs: do not recover from previous remained wrong dnodes"
f2fs: remove checkpoint in f2fs_freeze
f2fs: assign segments correctly for direct_io
f2fs: fix wrong i_atime recovery
f2fs: record inode updating status correctly
f2fs: Trace reset zone events
f2fs: Reset sequential zones on zoned block devices
f2fs: Cache zoned block devices zone type
f2fs: Do not allow adaptive mode for host-managed zoned block devices
f2fs: Always enable discard for zoned blocks devices
f2fs: Suppress discard warning message for zoned block devices
f2fs: Check zoned block feature for host-managed zoned block devices
f2fs: Use generic zoned block device terminology
f2fs: Add missing break in switch-case
f2fs: avoid infinite loop in the EIO case on recover_orphan_inodes
f2fs: report error of f2fs_fill_dentries
fs/crypto: catch up 4.9-rc6
f2fs: hide a maybe-uninitialized warning
f2fs: remove percpu_count due to performance regression
f2fs: make clean inodes when flushing inode page
f2fs: keep dirty inodes selectively for checkpoint
f2fs: Replace CURRENT_TIME_SEC with current_time() for inode timestamps
f2fs: use BIO_MAX_PAGES for bio allocation
f2fs: declare static function for __build_free_nids
f2fs: call f2fs_balance_fs for setattr
f2fs: count dirty inodes to flush node pages during checkpoint
f2fs: avoid casted negative value as shrink count
f2fs: don't interrupt free nids building during nid allocation
f2fs: clean up free nid list operations
f2fs: split free nid list
f2fs: clear nlink if fail to add_link
f2fs: fix sparse warnings
f2fs: fix error handling in fsync_node_pages
f2fs: fix to update largest extent under lock
f2fs: be aware of extent beyond EOF in fiemap
f2fs: don't miss any f2fs_balance_fs cases
f2fs: add missing f2fs_balance_fs in f2fs_zero_range
f2fs: give a chance to detach from dirty list
f2fs: fix to release discard entries during checkpoint
f2fs: exclude free nids building and allocation
f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack
f2fs: fix overflow due to condition check order
posix_acl: Clear SGID bit when setting file permissions
f2fs: fix wrong sum_page pointer in f2fs_gc
f2fs: backport from (4c1fad64 - Merge tag 'for-f2fs-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs)
Change-Id: I6c7208efc63ce7b13f26f0ec1cd3c8aef410eff0
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAltYMlwACgkQONu9yGCS
aT5ZmxAAjAWUndXt7fTUyHgxkoG61sEkdX4jcsp6NFwQMudU0UHx4/kcZE+HdMjL
VU8BZtdUg+jMLXM4erVBpQRKY9YHIPi8nWMTm1UjduMCxVD6dVL1HU6/RXl1cYIx
rf/opYOimqT9lYCeffmd9ai2zEEJKSt7/avddcJY4qHiqLan27gbUdAq2H26aM/5
LUzAaSBzhq3VYo9Q5zv03b1+tORAxh2BIffZjGEFe8SQQl1o63WqwV4RxEhV/Bjt
hBgl/6B/+EHtQnYnbnoOT/an9Ma15ik4/z3vVv6yRLNK+hS5T31OKcYCsUrjp6O+
TQVaVLWWmn/VpIHAMkrhBs9Xxg5GmRziF77AkzyC506tK268M2+IoY77ursVl1YK
STaOwUcLUlKLbl5OADqMpYtNU9ybkP+MmgDZsIEXz9UiCZM721fL5Au2PHuzaYOD
2nE2EQb04It4k9GN8FStv2KPIiKUCEXi9MlNsHGPs6Mc+fliIigoKPhpU5JG+sxR
eJgPMNv4OWhwXWTd1wf0Gy5X+i0lQlwlGgIHFfSB8vzArJ0Y/yuPj2a6xhQshOza
Ivq7JudHvxYxhDSWYoCKgtTgzMdSBbJ3xjOoUUHy4ryamYeyaMvgFjsaCTMr0dsw
76BkgNTbpsip+I77a9h4Ozlk5QE7h61EsqjmZBkGVqLYjrUQ/IU=
=X4tZ
-----END PGP SIGNATURE-----
Merge 4.4.144 into android-4.4
Changes in 4.4.144
KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel.
x86/MCE: Remove min interval polling limitation
fat: fix memory allocation failure handling of match_strdup()
ALSA: rawmidi: Change resized buffers atomically
ARC: Fix CONFIG_SWAP
ARC: mm: allow mprotect to make stack mappings executable
mm: memcg: fix use after free in mem_cgroup_iter()
ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
ipv6: fix useless rol32 call on hash
lib/rhashtable: consider param->min_size when setting initial table size
net/ipv4: Set oif in fib_compute_spec_dst
net: phy: fix flag masking in __set_phy_supported
ptp: fix missing break in switch
tg3: Add higher cpu clock for 5762.
net: Don't copy pfmemalloc flag in __copy_skb_header()
skbuff: Unconditionally copy pfmemalloc in __skb_clone()
xhci: Fix perceived dead host due to runtime suspend race with event handler
x86/paravirt: Make native_save_fl() extern inline
x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
x86/cpufeatures: Add Intel feature bits for Speculation Control
x86/cpufeatures: Add AMD feature bits for Speculation Control
x86/msr: Add definitions for new speculation control MSRs
x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
x86/cpufeatures: Clean up Spectre v2 related CPUID flags
x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
x86/pti: Mark constant arrays as __initconst
x86/asm/entry/32: Simplify pushes of zeroed pt_regs->REGs
x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface
x86/speculation: Update Speculation Control microcode blacklist
x86/speculation: Correct Speculation Control microcode blacklist again
x86/speculation: Clean up various Spectre related details
x86/speculation: Fix up array_index_nospec_mask() asm constraint
x86/speculation: Add <asm/msr-index.h> dependency
x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend
x86/mm: Factor out LDT init from context init
x86/mm: Give each mm TLB flush generation a unique ID
x86/speculation: Use Indirect Branch Prediction Barrier in context switch
x86/spectre_v2: Don't check microcode versions when running under hypervisors
x86/speculation: Use IBRS if available before calling into firmware
x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP
x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist
selftest/seccomp: Fix the flag name SECCOMP_FILTER_FLAG_TSYNC
selftest/seccomp: Fix the seccomp(2) signature
xen: set cpu capabilities from xen_start_kernel()
x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen
x86/nospec: Simplify alternative_msr_write()
x86/bugs: Concentrate bug detection into a separate function
x86/bugs: Concentrate bug reporting into a separate function
x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
x86/bugs, KVM: Support the combination of guest and host IBRS
x86/cpu: Rename Merrifield2 to Moorefield
x86/cpu/intel: Add Knights Mill to Intel family
x86/bugs: Expose /sys/../spec_store_bypass
x86/cpufeatures: Add X86_FEATURE_RDS
x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation
x86/bugs/intel: Set proper CPU features and setup RDS
x86/bugs: Whitelist allowed SPEC_CTRL MSR values
x86/bugs/AMD: Add support to disable RDS on Fam[15, 16, 17]h if requested
x86/speculation: Create spec-ctrl.h to avoid include hell
prctl: Add speculation control prctls
x86/process: Optimize TIF checks in __switch_to_xtra()
x86/process: Correct and optimize TIF_BLOCKSTEP switch
x86/process: Optimize TIF_NOTSC switch
x86/process: Allow runtime control of Speculative Store Bypass
x86/speculation: Add prctl for Speculative Store Bypass mitigation
nospec: Allow getting/setting on non-current task
proc: Provide details on speculation flaw mitigations
seccomp: Enable speculation flaw mitigations
prctl: Add force disable speculation
seccomp: Use PR_SPEC_FORCE_DISABLE
seccomp: Add filter flag to opt-out of SSB mitigation
seccomp: Move speculation migitation control to arch code
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
x86/bugs: Rename _RDS to _SSBD
proc: Use underscores for SSBD in 'status'
Documentation/spec_ctrl: Do some minor cleanups
x86/bugs: Fix __ssb_select_mitigation() return type
x86/bugs: Make cpu_show_common() static
x86/bugs: Fix the parameters alignment and missing void
x86/cpu: Make alternative_msr_write work for 32-bit code
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
x86/cpufeatures: Disentangle SSBD enumeration
x86/cpu/AMD: Fix erratum 1076 (CPB bit)
x86/cpufeatures: Add FEATURE_ZEN
x86/speculation: Handle HT correctly on AMD
x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
x86/speculation: Add virtualized speculative store bypass disable support
x86/speculation: Rework speculative_store_bypass_update()
x86/bugs: Unify x86_spec_ctrl_{set_guest, restore_host}
x86/bugs: Expose x86_spec_ctrl_base directly
x86/bugs: Remove x86_spec_ctrl_set()
x86/bugs: Rework spec_ctrl base and mask logic
x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
x86/bugs: Rename SSBD_NO to SSB_NO
x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
x86/cpu: Re-apply forced caps every time CPU caps are re-read
block: do not use interruptible wait anywhere
clk: tegra: Fix PLL_U post divider and initial rate on Tegra30
ubi: Introduce vol_ignored()
ubi: Rework Fastmap attach base code
ubi: Be more paranoid while seaching for the most recent Fastmap
ubi: Fix races around ubi_refill_pools()
ubi: Fix Fastmap's update_vol()
ubi: fastmap: Erase outdated anchor PEBs during attach
Linux 4.4.144
Change-Id: Ia3e9b2b7bc653cba68b76878d34f8fcbbc007a13
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
6944da0a68 treewide: Use array_size in f2fs_kvzalloc()
f15443db99 treewide: Use array_size() in f2fs_kzalloc()
3ea03ea4bd treewide: Use array_size() in f2fs_kmalloc()
c41203299a overflow.h: Add allocation size calculation helpers
d400752f54 f2fs: fix to clear FI_VOLATILE_FILE correctly
853e7339b6 f2fs: let sync node IO interrupt async one
6a4540cf19 f2fs: don't change wbc->sync_mode
588ecdfd7d f2fs: fix to update mtime correctly
1ae5aadab1 fs: f2fs: insert space around that ':' and ', '
39ee53e223 fs: f2fs: add missing blank lines after declarations
d5b4710fcf fs: f2fs: changed variable type of offset "unsigned" to "loff_t"
c35da89531 f2fs: clean up symbol namespace
fcf37e16f3 f2fs: make set_de_type() static
5d1633aa10 f2fs: make __f2fs_write_data_pages() static
cc8093af7c f2fs: fix to avoid accessing cross the boundary
b7f5594670 f2fs: fix to let caller retry allocating block address
e48fcd8576 disable loading f2fs module on PAGE_SIZE > 4KB
02afc275a5 f2fs: fix error path of move_data_page
0291bd36d0 f2fs: don't drop dentry pages after fs shutdown
a1259450b6 f2fs: fix to avoid race during access gc_thread pointer
d2e0f2f786 f2fs: clean up with clear_radix_tree_dirty_tag
c74034518f f2fs: fix to don't trigger writeback during recovery
e72a2cca82 f2fs: clear discard_wake earlier
b25a1872e9 f2fs: let discard thread wait a little longer if dev is busy
b125dfb20d f2fs: avoid stucking GC due to atomic write
405909e7f5 f2fs: introduce sbi->gc_mode to determine the policy
1f62e4702a f2fs: keep migration IO order in LFS mode
c4408c2387 f2fs: fix to wait page writeback during revoking atomic write
9db5be4af8 f2fs: Fix deadlock in shutdown ioctl
ed74404955 f2fs: detect synchronous writeback more earlier
91e7d9d2dd mm: remove nr_pages argument from pagevec_lookup_{,range}_tag()
feb94dc829 ceph: use pagevec_lookup_range_nr_tag()
f3aa4a25b8 mm: add variant of pagevec_lookup_range_tag() taking number of pages
8914877e37 mm: use pagevec_lookup_range_tag() in write_cache_pages()
26778b87a0 mm: use pagevec_lookup_range_tag() in __filemap_fdatawait_range()
94f1b99298 nilfs2: use pagevec_lookup_range_tag()
160355d69f gfs2: use pagevec_lookup_range_tag()
564108e83a f2fs: use find_get_pages_tag() for looking up single page
6cf6fb8645 f2fs: simplify page iteration loops
a05d8a6a2b f2fs: use pagevec_lookup_range_tag()
18a4848ffd ext4: use pagevec_lookup_range_tag()
1c7be24f65 ceph: use pagevec_lookup_range_tag()
e25fadabb5 btrfs: use pagevec_lookup_range_tag()
bf9510b162 mm: implement find_get_pages_range_tag()
461247b21f f2fs: clean up with is_valid_blkaddr()
a5d0ccbc18 f2fs: fix to initialize min_mtime with ULLONG_MAX
9bb4d22cf5 f2fs: fix to let checkpoint guarantee atomic page persistence
cdcf2b3e25 f2fs: fix to initialize i_current_depth according to inode type
331ae0c25b Revert "f2fs: add ovp valid_blocks check for bg gc victim to fg_gc"
2494cc7c0b f2fs: don't drop any page on f2fs_cp_error() case
0037c639e6 f2fs: fix spelling mistake: "extenstion" -> "extension"
2bba5b8eb8 f2fs: enhance sanity_check_raw_super() to avoid potential overflows
9bb86b63dc f2fs: treat volatile file's data as hot one
2cf6459036 f2fs: introduce release_discard_addr() for cleanup
03279ce90b f2fs: fix potential overflow
f46eddc4da f2fs: rename dio_rwsem to i_gc_rwsem
bb01582453 f2fs: move mnt_want_write_file after range check
8bb9a8da75 f2fs: fix missing clear FI_NO_PREALLOC in some error case
cb38cc4e1d f2fs: enforce fsync_mode=strict for renamed directory
26bf4e8a96 f2fs: sanity check for total valid node blocks
78f8b0f46f f2fs: sanity check on sit entry
ab758ada22 f2fs: avoid bug_on on corrupted inode
1a5d1966c0 f2fs: give message and set need_fsck given broken node id
b025f6dfc0 f2fs: clean up commit_inmem_pages()
7aff5c69da f2fs: do not check F2FS_INLINE_DOTS in recover
23d00b0287 f2fs: remove duplicated dquot_initialize and fix error handling
937f4ef79e f2fs: stop issue discard if something wrong with f2fs
a6d74bb282 f2fs: fix return value in f2fs_ioc_commit_atomic_write
258489ec52 f2fs: allocate hot_data for atomic write more strictly
aa857e0f3b f2fs: check if inmem_pages list is empty correctly
9d77ded0a7 f2fs: fix race in between GC and atomic open
0d17eb90b5 f2fs: change le32 to le16 of f2fs_inode->i_extra_size
ea2813111f f2fs: check cur_valid_map_mir & raw_sit block count when flush sit entries
9190cadf38 f2fs: correct return value of f2fs_trim_fs
17f85d0708 f2fs: fix to show missing bits in FS_IOC_GETFLAGS
3e90db63fc f2fs: remove unneeded F2FS_PROJINHERIT_FL
298032d4d4 f2fs: don't use GFP_ZERO for page caches
fdf61219dc f2fs: issue all big range discards in umount process
cd79eb2b5e f2fs: remove redundant block plug
ec034d0f14 f2fs: remove unmatched zero_user_segment when convert inline dentry
71aaced0e1 f2fs: introduce private inode status mapping
e7724207f7 fscrypt: log the crypto algorithm implementations
4cbda579cd crypto: api - Add crypto_type_has_alg helper
b24dcaae87 crypto: skcipher - Add low-level skcipher interface
a9146e4235 crypto: skcipher - Add helper to retrieve driver name
a0ca4bdf47 crypto: skcipher - Add default key size helper
eb13e0b692 fscrypt: add Speck128/256 support
27a0e77380 fscrypt: only derive the needed portion of the key
f68a71fa8f fscrypt: separate key lookup from key derivation
52359cf4fd fscrypt: use a common logging function
ff8e7c745e fscrypt: remove internal key size constants
7149dd4d39 fscrypt: remove unnecessary check for non-logon key type
56446c9142 fscrypt: make fscrypt_operations.max_namelen an integer
f572a22ef9 fscrypt: drop empty name check from fname_decrypt()
0077eff1d2 fscrypt: drop max_namelen check from fname_decrypt()
3f7af9d27f fscrypt: don't special-case EOPNOTSUPP from fscrypt_get_encryption_info()
52c51f7b7b fscrypt: don't clear flags on crypto transform
89b7fb8298 fscrypt: remove stale comment from fscrypt_d_revalidate()
d56de4e926 fscrypt: remove error messages for skcipher_request_alloc() failure
f68d3b84ae fscrypt: remove unnecessary NULL check when allocating skcipher
fb10231825 fscrypt: clean up after fscrypt_prepare_lookup() conversions
39b1444906 fscrypt: use unbound workqueue for decryption
Change-Id: Ied79ecd97385c05ef26e6b7b24d250eee9ec4e47
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
commit 9f15bde671355c351cf20d9f879004b234353100 upstream.
It was reported that a kernel crash happened in mem_cgroup_iter(), which
can be triggered if the legacy cgroup-v1 non-hierarchical mode is used.
Unable to handle kernel paging request at virtual address 6b6b6b6b6b6b8f
......
Call trace:
mem_cgroup_iter+0x2e0/0x6d4
shrink_zone+0x8c/0x324
balance_pgdat+0x450/0x640
kswapd+0x130/0x4b8
kthread+0xe8/0xfc
ret_from_fork+0x10/0x20
mem_cgroup_iter():
......
if (css_tryget(css)) <-- crash here
break;
......
The crashing reason is that mem_cgroup_iter() uses the memcg object whose
pointer is stored in iter->position, which has been freed before and
filled with POISON_FREE(0x6b).
And the root cause of the use-after-free issue is that
invalidate_reclaim_iterators() fails to reset the value of iter->position
to NULL when the css of the memcg is released in non- hierarchical mode.
Link: http://lkml.kernel.org/r/1531994807-25639-1-git-send-email-jing.xia@unisoc.com
Fixes: 6df38689e0 ("mm: memcontrol: fix possible memcg leak due to interrupted reclaim")
Signed-off-by: Jing Xia <jing.xia.mail@gmail.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: <chunyan.zhang@unisoc.com>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-789274d
Linux 4.4.140
staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()
netfilter: nf_log: don't hold nf_log_mutex during user access
mtd: cfi_cmdset_0002: Change erase functions to check chip good only
mtd: cfi_cmdset_0002: Change erase functions to retry for error
mtd: cfi_cmdset_0002: Change definition naming to retry write operation
dm bufio: don't take the lock in dm_bufio_shrink_count
mtd: rawnand: mxc: set spare area size register explicitly
dm bufio: drop the lock when doing GFP_NOIO allocation
dm bufio: avoid sleeping while holding the dm_bufio lock
mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
media: cx25840: Use subdev host data for PLL override
x86/mce: Fix incorrect "Machine check from unknown source" message
x86/mce: Detect local MCEs properly
HID: debug: check length before copy_to_user()
HID: hiddev: fix potential Spectre v1
HID: i2c-hid: Fix "incomplete report" noise
ext4: check superblock mapped prior to committing
ext4: add more mount time checks of the superblock
ext4: add more inode number paranoia checks
ext4: clear i_data in ext4_inode_info when removing inline data
ext4: include the illegal physical block in the bad map ext4_error msg
ext4: verify the depth of extent tree in ext4_find_extent()
ext4: only look at the bg_flags field if it is valid
ext4: always check block group bounds in ext4_init_block_bitmap()
ext4: make sure bitmaps and the inode table don't overlap with bg descriptors
jbd2: don't mark block as modified if the handle is out of credits
cifs: Fix infinite loop when using hard mount option
drbd: fix access after free
s390: Correct register corruption in critical section cleanup
scsi: sg: mitigate read/write abuse
tracing: Fix missing return symbol in function_graph output
mm: hugetlb: yield when prepping struct pages
ubi: fastmap: Correctly handle interrupted erasures in EBA
ARM: dts: imx6q: Use correct SDMA script for SPI5 core
netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
nvme-pci: initialize queue memory before interrupts
kprobes/x86: Do not modify singlestep buffer while resuming
ipv4: Fix error return value in fib_convert_metrics()
i2c: rcar: fix resume by always initializing registers before transfer
ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
x86/boot: Fix early command-line parsing when matching at end
n_tty: Access echo_* variables carefully.
staging: android: ion: Return an ERR_PTR in ion_map_kernel
n_tty: Fix stall at n_tty_receive_char_special().
USB: serial: cp210x: add Silicon Labs IDs for Windows Update
USB: serial: cp210x: add CESINEL device ids
usb: cdc_acm: Add quirk for Uniden UBC125 scanner
Change-Id: I01c4fc4b6354c28a7d8ff391ff515096ed4d3da4
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAltGDlAACgkQONu9yGCS
aT4Snw/+N3Z1IpnNbtyt8i+ZgKv3B36t4bcKGRklAye7jfNPEg2nNaJxMDLNrXoE
6sUVPmle5ktDy4Kd2yfA900MkL4Z9UVD4JwufTf7tRtYgiLM+Xc0Dvx3cflgEcoq
uEUy5W+GLQflVddhdCgthKohHXVggRg4auydCr0YsvmnNiQpb/VRgKE8dWpVimQk
sV9/ZgBcG6nxi7ukpPXVMuVqs7N1nTWFagz271KdxkiOMBkEvDdqvt1gdFKk9e39
8d5iksU5dBLYHED0ihAQtpA04Pxp8nsT79h6m/pGcO0bYf2DI+f+CPkb3r5z7C2l
Dv1047Qe6VOKtgV/2914bTz2ZQaCofqM0Q+AqGPoSehBH6eOS/LCi8Hhd+FQJTjx
J7zzKlYIOZYk2eQicxKDL4Twn+jZt+dBH7qPuf4k3yTy5FFeTyR7uSLL0aIQ9ubh
4VqGVY+MN40/74Znlu1pullGUlRAFcpjvscDmMISFxpBHazLHZmCEC9NGv2x6YQx
ORLibcKO2aOa6ouwtlwuGxmM8dCwc3H5adsZtYdDs0k6E+OTki7D2mh3tZbl5ESp
VZ6u319XVqxDVoVm1tCS5LywEY0LZ1WevbFlN9VN9YqEKB+VyImxqN7l33MWuvqT
TOt4RjV+RS9rwaqA5HAbQGsPvPYsu0CvNyswbMs5O0/3CIFWZUA=
=jY+8
-----END PGP SIGNATURE-----
Merge 4.4.140 into android-4.4
Changes in 4.4.140
usb: cdc_acm: Add quirk for Uniden UBC125 scanner
USB: serial: cp210x: add CESINEL device ids
USB: serial: cp210x: add Silicon Labs IDs for Windows Update
n_tty: Fix stall at n_tty_receive_char_special().
staging: android: ion: Return an ERR_PTR in ion_map_kernel
n_tty: Access echo_* variables carefully.
x86/boot: Fix early command-line parsing when matching at end
ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
i2c: rcar: fix resume by always initializing registers before transfer
ipv4: Fix error return value in fib_convert_metrics()
kprobes/x86: Do not modify singlestep buffer while resuming
nvme-pci: initialize queue memory before interrupts
netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
ARM: dts: imx6q: Use correct SDMA script for SPI5 core
ubi: fastmap: Correctly handle interrupted erasures in EBA
mm: hugetlb: yield when prepping struct pages
tracing: Fix missing return symbol in function_graph output
scsi: sg: mitigate read/write abuse
s390: Correct register corruption in critical section cleanup
drbd: fix access after free
cifs: Fix infinite loop when using hard mount option
jbd2: don't mark block as modified if the handle is out of credits
ext4: make sure bitmaps and the inode table don't overlap with bg descriptors
ext4: always check block group bounds in ext4_init_block_bitmap()
ext4: only look at the bg_flags field if it is valid
ext4: verify the depth of extent tree in ext4_find_extent()
ext4: include the illegal physical block in the bad map ext4_error msg
ext4: clear i_data in ext4_inode_info when removing inline data
ext4: add more inode number paranoia checks
ext4: add more mount time checks of the superblock
ext4: check superblock mapped prior to committing
HID: i2c-hid: Fix "incomplete report" noise
HID: hiddev: fix potential Spectre v1
HID: debug: check length before copy_to_user()
x86/mce: Detect local MCEs properly
x86/mce: Fix incorrect "Machine check from unknown source" message
media: cx25840: Use subdev host data for PLL override
mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
dm bufio: avoid sleeping while holding the dm_bufio lock
dm bufio: drop the lock when doing GFP_NOIO allocation
mtd: rawnand: mxc: set spare area size register explicitly
dm bufio: don't take the lock in dm_bufio_shrink_count
mtd: cfi_cmdset_0002: Change definition naming to retry write operation
mtd: cfi_cmdset_0002: Change erase functions to retry for error
mtd: cfi_cmdset_0002: Change erase functions to check chip good only
netfilter: nf_log: don't hold nf_log_mutex during user access
staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()
Linux 4.4.140
Change-Id: I1eb015e1fee548fb958c7e5eb4754b425cfab6b7
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 7810e6781e0fcbca78b91cf65053f895bf59e85f upstream.
In __alloc_pages_slowpath() we reset zonelist and preferred_zoneref for
allocations that can ignore memory policies. The zonelist is obtained
from current CPU's node. This is a problem for __GFP_THISNODE
allocations that want to allocate on a different node, e.g. because the
allocating thread has been migrated to a different CPU.
This has been observed to break SLAB in our 4.4-based kernel, because
there it relies on __GFP_THISNODE working as intended. If a slab page
is put on wrong node's list, then further list manipulations may corrupt
the list because page_to_nid() is used to determine which node's
list_lock should be locked and thus we may take a wrong lock and race.
Current SLAB implementation seems to be immune by luck thanks to commit
511e3a058812 ("mm/slab: make cache_grow() handle the page allocated on
arbitrary node") but there may be others assuming that __GFP_THISNODE
works as promised.
We can fix it by simply removing the zonelist reset completely. There
is actually no reason to reset it, because memory policies and cpusets
don't affect the zonelist choice in the first place. This was different
when commit 183f6371aa ("mm: ignore mempolicies when using
ALLOC_NO_WATERMARK") introduced the code, as mempolicies provided their
own restricted zonelists.
We might consider this for 4.17 although I don't know if there's
anything currently broken.
SLAB is currently not affected, but in kernels older than 4.7 that don't
yet have 511e3a058812 ("mm/slab: make cache_grow() handle the page
allocated on arbitrary node") it is. That's at least 4.4 LTS. Older
ones I'll have to check.
So stable backports should be more important, but will have to be
reviewed carefully, as the code went through many changes. BTW I think
that also the ac->preferred_zoneref reset is currently useless if we
don't also reset ac->nodemask from a mempolicy to NULL first (which we
probably should for the OOM victims etc?), but I would leave that for a
separate patch.
Link: http://lkml.kernel.org/r/20180525130853.13915-1-vbabka@suse.cz
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Fixes: 183f6371aa ("mm: ignore mempolicies when using ALLOC_NO_WATERMARK")
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 520495fe96d74e05db585fc748351e0504d8f40d upstream.
When booting with very large numbers of gigantic (i.e. 1G) pages, the
operations in the loop of gather_bootmem_prealloc, and specifically
prep_compound_gigantic_page, takes a very long time, and can cause a
softlockup if enough pages are requested at boot.
For example booting with 3844 1G pages requires prepping
(set_compound_head, init the count) over 1 billion 4K tail pages, which
takes considerable time.
Add a cond_resched() to the outer loop in gather_bootmem_prealloc() to
prevent this lockup.
Tested: Booted with softlockup_panic=1 hugepagesz=1G hugepages=3844 and
no softlockup is reported, and the hugepages are reported as
successfully setup.
Link: http://lkml.kernel.org/r/20180627214447.260804-1-cannonmatthews@google.com
Signed-off-by: Cannon Matthews <cannonmatthews@google.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Andres Lagar-Cavilla <andreslc@google.com>
Cc: Peter Feiner <pfeiner@google.com>
Cc: Greg Thelen <gthelen@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
All users of pagevec_lookup() and pagevec_lookup_range() now pass
PAGEVEC_SIZE as a desired number of pages. Just drop the argument.
Link: http://lkml.kernel.org/r/20171009151359.31984-15-jack@suse.cz
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Currently pagevec_lookup_range_tag() takes number of pages to look up
but most users don't need this. Create a new function
pagevec_lookup_range_nr_tag() that takes maximum number of pages to
lookup for Ceph which wants this functionality so that we can drop
nr_pages argument from pagevec_lookup_range_tag().
Link: http://lkml.kernel.org/r/20171009151359.31984-13-jack@suse.cz
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Use pagevec_lookup_range_tag() in write_cache_pages() as it is
interested only in pages from given range. Remove unnecessary code
resulting from this.
Link: http://lkml.kernel.org/r/20171009151359.31984-12-jack@suse.cz
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Use pagevec_lookup_range_tag() in __filemap_fdatawait_range() as it is
interested only in pages from given range. Remove unnecessary code
resulting from this.
Link: http://lkml.kernel.org/r/20171009151359.31984-11-jack@suse.cz
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Patch series "Ranged pagevec tagged lookup", v3.
In this series I provide a ranged variant of pagevec_lookup_tag() and
use it in places where it makes sense. This series removes some common
code and it also has a potential for speeding up some operations
similarly as for pagevec_lookup_range() (but for now I can think of only
artificial cases where this happens).
This patch (of 16):
Implement a variant of find_get_pages_tag() that stops iterating at
given index. Lots of users of this function (through pagevec_lookup())
actually want a range lookup and all of them are currently open-coding
this.
Also create corresponding pagevec_lookup_range_tag() function.
Link: http://lkml.kernel.org/r/20171009151359.31984-2-jack@suse.cz
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Cc: Bob Peterson <rpeterso@redhat.com>
Cc: Chao Yu <yuchao0@huawei.com>
Cc: David Howells <dhowells@redhat.com>
Cc: David Sterba <dsterba@suse.com>
Cc: Ilya Dryomov <idryomov@gmail.com>
Cc: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Cc: Steve French <sfrench@samba.org>
Cc: "Theodore Ts'o" <tytso@mit.edu>
Cc: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* refs/heads/tmp-a2e2217
Linux 4.4.137
net: metrics: add proper netlink validation
net: phy: broadcom: Fix bcm_write_exp()
rtnetlink: validate attributes in do_setlink()
team: use netdev_features_t instead of u32
net/mlx4: Fix irq-unsafe spinlock usage
qed: Fix mask for physical address in ILT entry
packet: fix reserve calculation
net: usb: cdc_mbim: add flag FLAG_SEND_ZLP
net/packet: refine check for priv area size
netdev-FAQ: clarify DaveM's position for stable backports
isdn: eicon: fix a missing-check bug
ipv4: remove warning in ip_recv_error
ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds
enic: set DMA mask to 47 bit
dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
bnx2x: use the right constant
brcmfmac: Fix check for ISO3166 code
drm: set FMODE_UNSIGNED_OFFSET for drm files
xfs: fix incorrect log_flushed on fsync
kconfig: Avoid format overflow warning from GCC 8.1
mmap: relax file size limit for regular files
mmap: introduce sane default mmap limits
tpm: self test failure should not cause suspend to fail
tpm: do not suspend/resume if power stays on
ANDROID: Update arm64 ranchu64_defconfig
Linux 4.4.136
sparc64: Fix build warnings with gcc 7.
mm: fix the NULL mapping case in __isolate_lru_page()
fix io_destroy()/aio_complete() race
Kbuild: change CC_OPTIMIZE_FOR_SIZE definition
drm/i915: Disable LVDS on Radiant P845
hwtracing: stm: fix build error on some arches
stm class: Use vmalloc for the master map
scsi: scsi_transport_srp: Fix shost to rport translation
MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests
MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs
iio:kfifo_buf: check for uint overflow
dmaengine: usb-dmac: fix endless loop in usb_dmac_chan_terminate_all()
i2c: rcar: revoke START request early
i2c: rcar: check master irqs before slave irqs
i2c: rcar: don't issue stop when HW does it automatically
i2c: rcar: init new messages in irq
i2c: rcar: refactor setup of a msg
i2c: rcar: remove spinlock
i2c: rcar: remove unused IOERROR state
i2c: rcar: rework hw init
i2c: rcar: make sure clocks are on when doing clock calculation
tcp: avoid integer overflows in tcp_rcv_space_adjust()
irda: fix overly long udelay()
ASoC: Intel: sst: remove redundant variable dma_dev_name
rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c
cfg80211: further limit wiphy names to 64 bytes
selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
tracing: Fix crash when freeing instances with event triggers
Input: elan_i2c_smbus - fix corrupted stack
Revert "ima: limit file hash setting by user to fix and log modes"
xfs: detect agfl count corruption and reset agfl
sh: New gcc support
USB: serial: cp210x: use tcflag_t to fix incompatible pointer type
powerpc/64s: Clear PCR on boot
arm64: lse: Add early clobbers to some input/output asm operands
FROMLIST: f2fs: run fstrim asynchronously if runtime discard is on
goldfish: pipe: ANDROID: address must be written as __pa(x), not x
goldfish: pipe: ANDROID: add missing check for memory allocated
goldfish: pipe: ANDROID: remove redundant blank lines
Update arch/x86/configs/x86_64_ranchu_defconfig
ANDROID: x86_64_cuttlefish_defconfig: Enable F2FS
ANDROID: Update x86_64_cuttlefish_defconfig
FROMLIST: f2fs: early updates queued for v4.18-rc1
Change-Id: I314254168cd5ad06a7c6bca2fa68c8a6ae6c257d
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
* refs/heads/tmp-c9d74f2
Linux 4.4.135
Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU"
Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU"
Linux 4.4.134
s390/ftrace: use expoline for indirect branches
kdb: make "mdr" command repeat
Bluetooth: btusb: Add device ID for RTL8822BE
ASoC: samsung: i2s: Ensure the RCLK rate is properly determined
regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()'
scsi: lpfc: Fix frequency of Release WQE CQEs
scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
scsi: lpfc: Fix issue_lip if link is disabled
netlabel: If PF_INET6, check sk_buff ip header version
selftests/net: fixes psock_fanout eBPF test case
perf report: Fix memory corruption in --branch-history mode --branch-history
perf tests: Use arch__compare_symbol_names to compare symbols
x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified
drm/rockchip: Respect page offset for PRIME mmap calls
MIPS: Octeon: Fix logging messages with spurious periods after newlines
audit: return on memory error to avoid null pointer dereference
crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss
clk: samsung: exynos3250: Fix PLL rates
clk: samsung: exynos5250: Fix PLL rates
clk: samsung: exynos5433: Fix PLL rates
clk: samsung: exynos5260: Fix PLL rates
clk: samsung: s3c2410: Fix PLL rates
media: cx25821: prevent out-of-bounds read on array card
udf: Provide saner default for invalid uid / gid
PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
serial: arc_uart: Fix out-of-bounds access through DT alias
serial: fsl_lpuart: Fix out-of-bounds access through DT alias
serial: imx: Fix out-of-bounds access through serial port index
serial: mxs-auart: Fix out-of-bounds access through serial port index
serial: samsung: Fix out-of-bounds access through serial port index
serial: xuartps: Fix out-of-bounds access through DT alias
rtc: tx4939: avoid unintended sign extension on a 24 bit shift
staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr
hwrng: stm32 - add reset during probe
enic: enable rq before updating rq descriptors
clk: rockchip: Prevent calculating mmc phase if clock rate is zero
media: em28xx: USB bulk packet size fix
dmaengine: pl330: fix a race condition in case of threaded irqs
media: s3c-camif: fix out-of-bounds array access
media: cx23885: Set subdev host data to clk_freq pointer
media: cx23885: Override 888 ImpactVCBe crystal frequency
ALSA: vmaster: Propagate slave error
x86/devicetree: Fix device IRQ settings in DT
x86/devicetree: Initialize device tree before using it
usb: gadget: composite: fix incorrect handling of OS desc requests
usb: gadget: udc: change comparison to bitshift when dealing with a mask
gfs2: Fix fallocate chunk size
cdrom: do not call check_disk_change() inside cdrom_open()
hwmon: (pmbus/adm1275) Accept negative page register values
hwmon: (pmbus/max8688) Accept negative page register values
perf/core: Fix perf_output_read_group()
ASoC: topology: create TLV data for dapm widgets
powerpc: Add missing prototype for arch_irq_work_raise()
usb: gadget: ffs: Execute copy_to_user() with USER_DS set
usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS
usb: dwc2: Fix interval type issue
ipmi_ssif: Fix kernel panic at msg_done_handler
PCI: Restore config space on runtime resume despite being unbound
MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
xhci: zero usb device slot_id member when disabling and freeing a xhci slot
KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
i2c: mv64xxx: Apply errata delay only in standard mode
ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
ACPICA: Events: add a return on failure from acpi_hw_register_read
bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
zorro: Set up z->dev.dma_mask for the DMA API
clk: Don't show the incorrect clock phase
cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields
arm: dts: socfpga: fix GIC PPI warning
virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
ima: Fallback to the builtin hash algorithm
ima: Fix Kconfig to select TPM 2.0 CRB interface
ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
net/mlx5: Protect from command bit overflow
selftests: Print the test we're running to /dev/kmsg
tools/thermal: tmon: fix for segfault
powerpc/perf: Fix kernel address leak via sampling registers
powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
rtc: hctosys: Ensure system time doesn't overflow time_t
hwmon: (nct6775) Fix writing pwmX_mode
parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
m68k: set dma and coherent masks for platform FEC ethernets
powerpc/mpic: Check if cpu_possible() in mpic_physmask()
ACPI: acpi_pad: Fix memory leak in power saving threads
xen/acpi: off by one in read_acpi_id()
btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
Btrfs: fix copy_items() return value when logging an inode
btrfs: tests/qgroup: Fix wrong tree backref level
Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB
net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
rtc: snvs: Fix usage of snvs_rtc_enable
sparc64: Make atomic_xchg() an inline function rather than a macro.
fscache: Fix hanging wait on page discarded by writeback
KVM: VMX: raise internal error for exception during invalid protected mode state
sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
ocfs2/dlm: don't handle migrate lockres if already in shutdown
btrfs: Fix possible softlock on single core machines
Btrfs: fix NULL pointer dereference in log_dir_items
Btrfs: bail out on error during replay_dir_deletes
mm: fix races between address_space dereference and free in page_evicatable
mm/ksm: fix interaction with THP
dp83640: Ensure against premature access to PHY registers after reset
scsi: aacraid: Insure command thread is not recursively stopped
cpufreq: CPPC: Initialize shared perf capabilities of CPUs
Force log to disk before reading the AGF during a fstrim
sr: get/drop reference to device in revalidate and check_events
swap: divide-by-zero when zero length swap file on ssd
fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table
x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
sh: fix debug trap failure to process signals before return to user
net: mvneta: fix enable of all initialized RXQs
net: Fix untag for vlan packets without ethernet header
mm/kmemleak.c: wait for scan completion before disabling free
llc: properly handle dev_queue_xmit() return value
net-usb: add qmi_wwan if on lte modem wistron neweb d18q1
net/usb/qmi_wwan.c: Add USB id for lt4120 modem
net: qmi_wwan: add BroadMobi BM806U 2020:2033
ARM: 8748/1: mm: Define vdso_start, vdso_end as array
batman-adv: fix packet loss for broadcasted DHCP packets to a server
batman-adv: fix multicast-via-unicast transmission with AP isolation
selftests: ftrace: Add a testcase for probepoint
selftests: ftrace: Add a testcase for string type with kprobe_event
selftests: ftrace: Add probe event argument syntax testcase
mm/mempolicy.c: avoid use uninitialized preferred_node
RDMA/ucma: Correct option size check using optlen
perf/cgroup: Fix child event counting bug
vti4: Don't override MTU passed on link creation via IFLA_MTU
vti4: Don't count header length twice on tunnel setup
batman-adv: fix header size check in batadv_dbg_arp()
net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
sunvnet: does not support GSO for sctp
ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
workqueue: use put_device() instead of kfree()
bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
netfilter: ebtables: fix erroneous reject of last rule
USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
xen: xenbus: use put_device() instead of kfree()
fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
scsi: sd: Keep disk read-only when re-reading partition
scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
e1000e: allocate ring descriptors with dma_zalloc_coherent
e1000e: Fix check_for_link return value with autoneg off
watchdog: f71808e_wdt: Fix magic close handling
KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
Btrfs: send, fix issuing write op when processing hole in no data mode
xen/pirq: fix error path cleanup when binding MSIs
net/tcp/illinois: replace broken algorithm reference link
gianfar: Fix Rx byte accounting for ndev stats
sit: fix IFLA_MTU ignored on NEWLINK
bcache: fix kcrashes with fio in RAID5 backend dev
dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
virtio-gpu: fix ioctl and expose the fixed status to userspace.
r8152: fix tx packets accounting
clocksource/drivers/fsl_ftm_timer: Fix error return checking
nvme-pci: Fix nvme queue cleanup if IRQ setup fails
netfilter: ebtables: convert BUG_ONs to WARN_ONs
batman-adv: invalidate checksum on fragment reassembly
batman-adv: fix packet checksum in receive path
md/raid1: fix NULL pointer dereference
media: dmxdev: fix error code for invalid ioctls
x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations
locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
regulatory: add NUL to request alpha2
smsc75xx: fix smsc75xx_set_features()
ARM: OMAP: Fix dmtimer init for omap1
s390/cio: clear timer when terminating driver I/O
s390/cio: fix return code after missing interrupt
powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
md: raid5: avoid string overflow warning
locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
usb: musb: fix enumeration after resume
drm/exynos: fix comparison to bitshift when dealing with a mask
md raid10: fix NULL deference in handle_write_completed()
mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
NFC: llcp: Limit size of SDP URI
ARM: OMAP1: clock: Fix debugfs_create_*() usage
ARM: OMAP3: Fix prm wake interrupt for resume
ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
scsi: qla4xxx: skip error recovery in case of register disconnect.
scsi: aacraid: fix shutdown crash when init fails
scsi: storvsc: Increase cmd_per_lun for higher speed devices
selftests: memfd: add config fragment for fuse
usb: dwc2: Fix dwc2_hsotg_core_init_disconnected()
usb: gadget: fsl_udc_core: fix ep valid checks
usb: gadget: f_uac2: fix bFirstInterface in composite gadget
ARC: Fix malformed ARC_EMUL_UNALIGNED default
scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion()
scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
scsi: sym53c8xx_2: iterator underflow in sym_getsync()
scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
irqchip/gic-v3: Change pr_debug message to pr_devel
locking/qspinlock: Ensure node->count is updated before initialising node
tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
bcache: return attach error when no cache set exist
bcache: fix for data collapse after re-attaching an attached device
bcache: fix for allocator and register thread race
bcache: properly set task state in bch_writeback_thread()
cifs: silence compiler warnings showing up with gcc-8.0.0
proc: fix /proc/*/map_files lookup
arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
RDS: IB: Fix null pointer issue
xen/grant-table: Use put_page instead of free_page
xen-netfront: Fix race between device setup and open
MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
ACPI: processor_perflib: Do not send _PPC change notification if not ready
firmware: dmi_scan: Fix handling of empty DMI strings
x86/power: Fix swsusp_arch_resume prototype
IB/ipoib: Fix for potential no-carrier state
mm: pin address_space before dereferencing it while isolating an LRU page
asm-generic: provide generic_pmdp_establish()
mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
mm/mempolicy: fix the check of nodemask from user
ocfs2: return error when we attempt to access a dirty bh in jbd2
ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
ntb_transport: Fix bug with max_mw_size parameter
RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
powerpc/numa: Ensure nodes initialized for hotplug
powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
scsi: fas216: fix sense buffer initialization
Btrfs: fix scrub to repair raid6 corruption
btrfs: Fix out of bounds access in btrfs_search_slot
Btrfs: set plug for fsync
ipmi/powernv: Fix error return code in ipmi_powernv_probe()
mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
kconfig: Fix expr_free() E_NOT leak
kconfig: Fix automatic menu creation mem leak
kconfig: Don't leak main menus during parsing
watchdog: sp5100_tco: Fix watchdog disable bit
nfs: Do not convert nfs_idmap_cache_timeout to jiffies
dm thin: fix documentation relative to low water mark threshold
tools lib traceevent: Fix get_field_str() for dynamic strings
perf callchain: Fix attr.sample_max_stack setting
tools lib traceevent: Simplify pointer print logic and fix %pF
PCI: Add function 1 DMA alias quirk for Marvell 9128
tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
ALSA: hda - Use IS_REACHABLE() for dependency on input
NFSv4: always set NFS_LOCK_LOST when a lock is lost.
firewire-ohci: work around oversized DMA reads on JMicron controllers
do d_instantiate/unlock_new_inode combinations safely
xfs: remove racy hasattr check from attr ops
kernel/signal.c: avoid undefined behaviour in kill_something_info
kernel/sys.c: fix potential Spectre v1 issue
kasan: fix memory hotplug during boot
ipc/shm: fix shmat() nil address after round-down when remapping
Revert "ipc/shm: Fix shmat mmap nil-page protection"
xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
libata: blacklist Micron 500IT SSD with MU01 firmware
libata: Blacklist some Sandisk SSDs for NCQ
mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
ALSA: timer: Fix pause event notification
aio: fix io_destroy(2) vs. lookup_ioctx() race
affs_lookup(): close a race with affs_remove_link()
KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
MIPS: ptrace: Expose FIR register through FP regset
UPSTREAM: sched/fair: Consider RT/IRQ pressure in capacity_spare_wake
Conflicts:
drivers/media/dvb-core/dmxdev.c
drivers/scsi/sd.c
drivers/scsi/ufs/ufshcd.c
drivers/usb/gadget/function/f_fs.c
fs/ecryptfs/inode.c
Change-Id: I15751ed8c82ec65ba7eedcb0d385b9f803c333f7
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlshJwIACgkQONu9yGCS
aT79XQ//S3GUXgBKG87+4HlPW0bebORgAbMTw47VFAm09jKRlaI65TXpT+EaXy+R
iuHeyrie9SmN6eG2P5o25txl0NRL/WoZcKHBRdT3P8of19iG64g5zPd2meWgO8vO
TtGy2fTNnmYoUEcCtDIQayRTPkeWbLUNE56grA1/LtxEeCmLTsm7tzhxXy+qzQSg
YdlpKeTMTy9yUWc8Dt7Mt7Njmq+hj7HUVs42fvfddcW2y4jZl2rKnZ6HN2uADIJx
sKyzeN1i8LMBdP216kg785jeBaaMnk01hhd/F+D+S+qTBrHbacO+reO9CkEEhovM
UaneMG2j3t3THdaPs+amx/39IX3t+duiyyz+zI6kKlYJ9WrhbBuOJhG97B6jbnN2
2QNs7Ll6cucRwcOY6pMbIzh46bIsUtUODB1/gLn4ALiB8OBWh78qH5CISBwpzGVY
UNtBvV+nk9/aoo1BwdD2IZ6QQtafVwK3pzsb3bdGVJWZPkeGKbsQ3Y8ffGIdAbQg
6MsBOCyF9t+dSk9ShGwdNr5vOp7VfmbOoUtHBp+czYFObWJsMzN5bG2dfvqQU0Sd
LH0AkA4j4DWJQpl9OVhBCuUJ/SMk693b6wlO2dMnLsQg/I8j2eihtc5CTcJ6pH1V
BjO6Uc3MwqmyR4/vF8acYKhL1zY6wtZtVkTTiKDoEuyDtZTTaqs=
=Gmn/
-----END PGP SIGNATURE-----
Merge 4.4.137 into android-4.4
Changes in 4.4.137
tpm: do not suspend/resume if power stays on
tpm: self test failure should not cause suspend to fail
mmap: introduce sane default mmap limits
mmap: relax file size limit for regular files
kconfig: Avoid format overflow warning from GCC 8.1
xfs: fix incorrect log_flushed on fsync
drm: set FMODE_UNSIGNED_OFFSET for drm files
brcmfmac: Fix check for ISO3166 code
bnx2x: use the right constant
dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
enic: set DMA mask to 47 bit
ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds
ipv4: remove warning in ip_recv_error
isdn: eicon: fix a missing-check bug
netdev-FAQ: clarify DaveM's position for stable backports
net/packet: refine check for priv area size
net: usb: cdc_mbim: add flag FLAG_SEND_ZLP
packet: fix reserve calculation
qed: Fix mask for physical address in ILT entry
net/mlx4: Fix irq-unsafe spinlock usage
team: use netdev_features_t instead of u32
rtnetlink: validate attributes in do_setlink()
net: phy: broadcom: Fix bcm_write_exp()
net: metrics: add proper netlink validation
Linux 4.4.137
Change-Id: I247cc9905e330810546f7105bdf723bf84c3308f
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 423913ad4ae5b3e8fb8983f70969fb522261ba26 upstream.
Commit be83bbf80682 ("mmap: introduce sane default mmap limits") was
introduced to catch problems in various ad-hoc character device drivers
doing mmap and getting the size limits wrong. In the process, it used
"known good" limits for the normal cases of mapping regular files and
block device drivers.
It turns out that the "s_maxbytes" limit was less "known good" than I
thought. In particular, /proc doesn't set it, but exposes one regular
file to mmap: /proc/vmcore. As a result, that file got limited to the
default MAX_INT s_maxbytes value.
This went unnoticed for a while, because apparently the only thing that
needs it is the s390 kernel zfcpdump, but there might be other tools
that use this too.
Vasily suggested just changing s_maxbytes for all of /proc, which isn't
wrong, but makes me nervous at this stage. So instead, just make the
new mmap limit always be MAX_LFS_FILESIZE for regular files, which won't
affect anything else. It wasn't the regular file case I was worried
about.
I'd really prefer for maxsize to have been per-inode, but that is not
how things are today.
Fixes: be83bbf80682 ("mmap: introduce sane default mmap limits")
Reported-by: Vasily Gorbik <gor@linux.ibm.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit be83bbf806822b1b89e0a0f23cd87cddc409e429 upstream.
The internal VM "mmap()" interfaces are based on the mmap target doing
everything using page indexes rather than byte offsets, because
traditionally (ie 32-bit) we had the situation that the byte offset
didn't fit in a register. So while the mmap virtual address was limited
by the word size of the architecture, the backing store was not.
So we're basically passing "pgoff" around as a page index, in order to
be able to describe backing store locations that are much bigger than
the word size (think files larger than 4GB etc).
But while this all makes a ton of sense conceptually, we've been dogged
by various drivers that don't really understand this, and internally
work with byte offsets, and then try to work with the page index by
turning it into a byte offset with "pgoff << PAGE_SHIFT".
Which obviously can overflow.
Adding the size of the mapping to it to get the byte offset of the end
of the backing store just exacerbates the problem, and if you then use
this overflow-prone value to check various limits of your device driver
mmap capability, you're just setting yourself up for problems.
The correct thing for drivers to do is to do their limit math in page
indices, the way the interface is designed. Because the generic mmap
code _does_ test that the index doesn't overflow, since that's what the
mmap code really cares about.
HOWEVER.
Finding and fixing various random drivers is a sisyphean task, so let's
just see if we can just make the core mmap() code do the limiting for
us. Realistically, the only "big" backing stores we need to care about
are regular files and block devices, both of which are known to do this
properly, and which have nice well-defined limits for how much data they
can access.
So let's special-case just those two known cases, and then limit other
random mmap users to a backing store that still fits in "unsigned long".
Realistically, that's not much of a limit at all on 64-bit, and on
32-bit architectures the only worry might be the GPU drivers, which can
have big physical address spaces.
To make it possible for drivers like that to say that they are 64-bit
clean, this patch does repurpose the "FMODE_UNSIGNED_OFFSET" bit in the
file flags to allow drivers to mark their file descriptors as safe in
the full 64-bit mmap address space.
[ The timing for doing this is less than optimal, and this should really
go in a merge window. But realistically, this needs wide testing more
than it needs anything else, and being main-line is the only way to do
that.
So the earlier the better, even if it's outside the proper development
cycle - Linus ]
Cc: Kees Cook <keescook@chromium.org>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Dave Airlie <airlied@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 145e1a71e090575c74969e3daa8136d1e5b99fc8 upstream.
George Boole would have noticed a slight error in 4.16 commit
69d763fc6d3a ("mm: pin address_space before dereferencing it while
isolating an LRU page"). Fix it, to match both the comment above it,
and the original behaviour.
Although anonymous pages are not marked PageDirty at first, we have an
old habit of calling SetPageDirty when a page is removed from swap
cache: so there's a category of ex-swap pages that are easily
migratable, but were inadvertently excluded from compaction's async
migration in 4.16.
Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1805302014001.12558@eggly.anvils
Fixes: 69d763fc6d3a ("mm: pin address_space before dereferencing it while isolating an LRU page")
Signed-off-by: Hugh Dickins <hughd@google.com>
Acked-by: Minchan Kim <minchan@kernel.org>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Reported-by: Ivan Kalvachev <ikalvachev@gmail.com>
Cc: "Huang, Ying" <ying.huang@intel.com>
Cc: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-3f51ea2
Linux 4.4.133
x86/kexec: Avoid double free_page() upon do_kexec_load() failure
hfsplus: stop workqueue when fill_super() failed
cfg80211: limit wiphy names to 128 bytes
gpio: rcar: Add Runtime PM handling for interrupts
time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
dmaengine: ensure dmaengine helpers check valid callback
scsi: zfcp: fix infinite iteration on ERP ready list
scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
scsi: libsas: defer ata device eh commands to libata
s390: use expoline thunks in the BPF JIT
s390: extend expoline to BC instructions
s390: move spectre sysfs attribute code
s390/kernel: use expoline for indirect branches
s390/lib: use expoline for indirect branches
s390: move expoline assembler macros to a header
s390: add assembler macros for CPU alternatives
ext2: fix a block leak
tcp: purge write queue in tcp_connect_init()
sock_diag: fix use-after-free read in __sk_free
packet: in packet_snd start writing at link layer allocation
net: test tailroom before appending to linear skb
btrfs: fix reading stale metadata blocks after degraded raid1 mounts
btrfs: fix crash when trying to resume balance without the resume flag
Btrfs: fix xattr loss after power failure
ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
tick/broadcast: Use for_each_cpu() specially on UP kernels
ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
s390: remove indirect branch from do_softirq_own_stack
s390/qdio: don't release memory in qdio_setup_irq()
s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
s390/qdio: fix access to uninitialized qdio_q fields
mm: don't allow deferred pages with NEED_PER_CPU_KM
powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
procfs: fix pthread cross-thread naming if !PR_DUMPABLE
proc read mm's {arg,env}_{start,end} with mmap semaphore taken.
tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
cpufreq: intel_pstate: Enable HWP by default
signals: avoid unnecessary taking of sighand->siglock
mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete during a read
mm: filemap: remove redundant code in do_read_cache_page
proc: meminfo: estimate available memory more conservatively
vmscan: do not force-scan file lru if its absolute size is small
powerpc: Don't preempt_disable() in show_cpuinfo()
cpuidle: coupled: remove unused define cpuidle_coupled_lock
powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL
powerpc/powernv: Remove OPALv2 firmware define and references
powerpc/powernv: panic() on OPAL < V3
spi: pxa2xx: Allow 64-bit DMA
ALSA: control: fix a redundant-copy issue
ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
ALSA: usb: mixer: volume quirk for CM102-A+/102S+
usbip: usbip_host: fix bad unlock balance during stub_probe()
usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
usbip: usbip_host: run rebind from exit when module is removed
usbip: usbip_host: delete device from busid_table after rebind
usbip: usbip_host: refine probe and disconnect debug msgs to be useful
kernel/exit.c: avoid undefined behaviour when calling wait4()
futex: futex_wake_op, fix sign_extend32 sign bits
pipe: cap initial pipe capacity according to pipe-max-size limit
l2tp: revert "l2tp: fix missing print session offset info"
Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap"
lockd: lost rollback of set_grace_period() in lockd_down_net()
xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
futex: Remove duplicated code and fix undefined behaviour
futex: Remove unnecessary warning from get_futex_key
arm64: Add work around for Arm Cortex-A55 Erratum 1024718
arm64: introduce mov_q macro to move a constant into a 64-bit register
audit: move calcs after alloc and check when logging set loginuid
ALSA: timer: Call notifier in the same spinlock
sctp: delay the authentication for the duplicated cookie-echo chunk
sctp: fix the issue that the cookie-ack with auth can't get processed
tcp: ignore Fast Open on repair mode
bonding: do not allow rlb updates to invalid mac
tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
r8169: fix powering up RTL8168h
qmi_wwan: do not steal interfaces from class drivers
openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
net: support compat 64-bit time in {s,g}etsockopt
net_sched: fq: take care of throttled flows before reuse
net/mlx4_en: Verify coalescing parameters are in range
net: ethernet: sun: niu set correct packet size in skb
llc: better deal with too small mtu
ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
dccp: fix tasklet usage
bridge: check iface upper dev when setting master via ioctl
8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
BACKPORT, FROMLIST: fscrypt: add Speck128/256 support
cgroup: Disable IRQs while holding css_set_lock
Revert "cgroup: Disable IRQs while holding css_set_lock"
cgroup: Disable IRQs while holding css_set_lock
ANDROID: proc: fix undefined behavior in proc_uid_base_readdir
x86: vdso: Fix leaky vdso linker with CC=clang.
ANDROID: build: cuttlefish: Upgrade clang to newer version.
ANDROID: build: cuttlefish: Upgrade clang to newer version.
ANDROID: build: cuttlefish: Fix path to clang.
UPSTREAM: dm bufio: avoid sleeping while holding the dm_bufio lock
ANDROID: sdcardfs: Don't d_drop in d_revalidate
Conflicts:
arch/arm64/include/asm/cputype.h
fs/ext4/crypto.c
fs/ext4/ext4.h
kernel/cgroup.c
mm/vmscan.c
Change-Id: Ic10c5722b6439af1cf423fd949c493f786764d7e
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlsOO14ACgkQONu9yGCS
aT4ulhAAhMVYSRa/cOFm0BHxSL/59WmJTa3Na8TJqkTrJy+LRluBiKCywyiMZknp
4rIffv4jcxcFNCpqYTjNTSStGLWCCkBLNSzxuzFv5M89Jdx4Gz1Ww1hzMESP3gxK
puHUewSJQm7qtVOiC2l4YcW3Q6nFK0kqbCWpSkHoGVfZoX9JS2P1V8n+KFZpUH1a
UyhVW48ainUpXfhSKJZ5xABiWYM2hcSq52RW1edNZvwuKwulZ+2EME26HgGCK7ff
WHzGHECE6Lem+iunR26J/QtbTo8LKEyU0F039X21E7FIxf33S0xyPx+MGjJfWBOo
Q6A23mAEWwEhlMomNKzdd/iUzSVlWSzKe8LJa7GI5G6BxftN8Z0TGTnKzIDkw++M
T6RfK03CP6c9rQ756d0fTPxdZh6ae9EN8WSot/Sbbc9SvGSfy6o4I8Y/uJygShmF
j13JfMweC+t7/6fyUqc5dcgY0Xy7LUFiWqfPxQj6axDiT82Mx2AvQaczrPUAKr1K
KQsetmyhHC+Cpy7ILrhUGYjEWlvQm11ZiFoX8BkocFLFWk736QA63iB7mOUpCOQR
SKLK00dF163GJdQC6nb4wCtyBxnCg4pSoP/72Z1foPtaSd3ccJ4CLsIE6GY5sP/I
sDlPnIlnzEDfDPIxtVfKC8e1JINP6awXwtoJJo6MnuCuP3LDb58=
=ogZQ
-----END PGP SIGNATURE-----
Merge 4.4.134 into android-4.4
Changes in 4.4.134
MIPS: ptrace: Expose FIR register through FP regset
MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
affs_lookup(): close a race with affs_remove_link()
aio: fix io_destroy(2) vs. lookup_ioctx() race
ALSA: timer: Fix pause event notification
mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
libata: Blacklist some Sandisk SSDs for NCQ
libata: blacklist Micron 500IT SSD with MU01 firmware
xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
Revert "ipc/shm: Fix shmat mmap nil-page protection"
ipc/shm: fix shmat() nil address after round-down when remapping
kasan: fix memory hotplug during boot
kernel/sys.c: fix potential Spectre v1 issue
kernel/signal.c: avoid undefined behaviour in kill_something_info
xfs: remove racy hasattr check from attr ops
do d_instantiate/unlock_new_inode combinations safely
firewire-ohci: work around oversized DMA reads on JMicron controllers
NFSv4: always set NFS_LOCK_LOST when a lock is lost.
ALSA: hda - Use IS_REACHABLE() for dependency on input
ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
PCI: Add function 1 DMA alias quirk for Marvell 9128
tools lib traceevent: Simplify pointer print logic and fix %pF
perf callchain: Fix attr.sample_max_stack setting
tools lib traceevent: Fix get_field_str() for dynamic strings
dm thin: fix documentation relative to low water mark threshold
nfs: Do not convert nfs_idmap_cache_timeout to jiffies
watchdog: sp5100_tco: Fix watchdog disable bit
kconfig: Don't leak main menus during parsing
kconfig: Fix automatic menu creation mem leak
kconfig: Fix expr_free() E_NOT leak
mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
ipmi/powernv: Fix error return code in ipmi_powernv_probe()
Btrfs: set plug for fsync
btrfs: Fix out of bounds access in btrfs_search_slot
Btrfs: fix scrub to repair raid6 corruption
scsi: fas216: fix sense buffer initialization
HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
powerpc/numa: Ensure nodes initialized for hotplug
RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
ntb_transport: Fix bug with max_mw_size parameter
ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
ocfs2: return error when we attempt to access a dirty bh in jbd2
mm/mempolicy: fix the check of nodemask from user
mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
asm-generic: provide generic_pmdp_establish()
mm: pin address_space before dereferencing it while isolating an LRU page
IB/ipoib: Fix for potential no-carrier state
x86/power: Fix swsusp_arch_resume prototype
firmware: dmi_scan: Fix handling of empty DMI strings
ACPI: processor_perflib: Do not send _PPC change notification if not ready
bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
xen-netfront: Fix race between device setup and open
xen/grant-table: Use put_page instead of free_page
RDS: IB: Fix null pointer issue
arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
proc: fix /proc/*/map_files lookup
cifs: silence compiler warnings showing up with gcc-8.0.0
bcache: properly set task state in bch_writeback_thread()
bcache: fix for allocator and register thread race
bcache: fix for data collapse after re-attaching an attached device
bcache: return attach error when no cache set exist
tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
locking/qspinlock: Ensure node->count is updated before initialising node
irqchip/gic-v3: Change pr_debug message to pr_devel
scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
scsi: sym53c8xx_2: iterator underflow in sym_getsync()
scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion()
ARC: Fix malformed ARC_EMUL_UNALIGNED default
usb: gadget: f_uac2: fix bFirstInterface in composite gadget
usb: gadget: fsl_udc_core: fix ep valid checks
usb: dwc2: Fix dwc2_hsotg_core_init_disconnected()
selftests: memfd: add config fragment for fuse
scsi: storvsc: Increase cmd_per_lun for higher speed devices
scsi: aacraid: fix shutdown crash when init fails
scsi: qla4xxx: skip error recovery in case of register disconnect.
ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
ARM: OMAP3: Fix prm wake interrupt for resume
ARM: OMAP1: clock: Fix debugfs_create_*() usage
NFC: llcp: Limit size of SDP URI
mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
md raid10: fix NULL deference in handle_write_completed()
drm/exynos: fix comparison to bitshift when dealing with a mask
usb: musb: fix enumeration after resume
locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
md: raid5: avoid string overflow warning
kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
s390/cio: fix return code after missing interrupt
s390/cio: clear timer when terminating driver I/O
ARM: OMAP: Fix dmtimer init for omap1
smsc75xx: fix smsc75xx_set_features()
regulatory: add NUL to request alpha2
locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations
media: dmxdev: fix error code for invalid ioctls
md/raid1: fix NULL pointer dereference
batman-adv: fix packet checksum in receive path
batman-adv: invalidate checksum on fragment reassembly
netfilter: ebtables: convert BUG_ONs to WARN_ONs
nvme-pci: Fix nvme queue cleanup if IRQ setup fails
clocksource/drivers/fsl_ftm_timer: Fix error return checking
r8152: fix tx packets accounting
virtio-gpu: fix ioctl and expose the fixed status to userspace.
dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
bcache: fix kcrashes with fio in RAID5 backend dev
sit: fix IFLA_MTU ignored on NEWLINK
gianfar: Fix Rx byte accounting for ndev stats
net/tcp/illinois: replace broken algorithm reference link
xen/pirq: fix error path cleanup when binding MSIs
Btrfs: send, fix issuing write op when processing hole in no data mode
selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
watchdog: f71808e_wdt: Fix magic close handling
e1000e: Fix check_for_link return value with autoneg off
e1000e: allocate ring descriptors with dma_zalloc_coherent
usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
scsi: sd: Keep disk read-only when re-reading partition
fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
xen: xenbus: use put_device() instead of kfree()
USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
netfilter: ebtables: fix erroneous reject of last rule
bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
workqueue: use put_device() instead of kfree()
ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
sunvnet: does not support GSO for sctp
net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
batman-adv: fix header size check in batadv_dbg_arp()
vti4: Don't count header length twice on tunnel setup
vti4: Don't override MTU passed on link creation via IFLA_MTU
perf/cgroup: Fix child event counting bug
RDMA/ucma: Correct option size check using optlen
mm/mempolicy.c: avoid use uninitialized preferred_node
selftests: ftrace: Add probe event argument syntax testcase
selftests: ftrace: Add a testcase for string type with kprobe_event
selftests: ftrace: Add a testcase for probepoint
batman-adv: fix multicast-via-unicast transmission with AP isolation
batman-adv: fix packet loss for broadcasted DHCP packets to a server
ARM: 8748/1: mm: Define vdso_start, vdso_end as array
net: qmi_wwan: add BroadMobi BM806U 2020:2033
net/usb/qmi_wwan.c: Add USB id for lt4120 modem
net-usb: add qmi_wwan if on lte modem wistron neweb d18q1
llc: properly handle dev_queue_xmit() return value
mm/kmemleak.c: wait for scan completion before disabling free
net: Fix untag for vlan packets without ethernet header
net: mvneta: fix enable of all initialized RXQs
sh: fix debug trap failure to process signals before return to user
x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table
swap: divide-by-zero when zero length swap file on ssd
sr: get/drop reference to device in revalidate and check_events
Force log to disk before reading the AGF during a fstrim
cpufreq: CPPC: Initialize shared perf capabilities of CPUs
scsi: aacraid: Insure command thread is not recursively stopped
dp83640: Ensure against premature access to PHY registers after reset
mm/ksm: fix interaction with THP
mm: fix races between address_space dereference and free in page_evicatable
Btrfs: bail out on error during replay_dir_deletes
Btrfs: fix NULL pointer dereference in log_dir_items
btrfs: Fix possible softlock on single core machines
ocfs2/dlm: don't handle migrate lockres if already in shutdown
sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
KVM: VMX: raise internal error for exception during invalid protected mode state
fscache: Fix hanging wait on page discarded by writeback
sparc64: Make atomic_xchg() an inline function rather than a macro.
rtc: snvs: Fix usage of snvs_rtc_enable
net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB
btrfs: tests/qgroup: Fix wrong tree backref level
Btrfs: fix copy_items() return value when logging an inode
btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
xen/acpi: off by one in read_acpi_id()
ACPI: acpi_pad: Fix memory leak in power saving threads
powerpc/mpic: Check if cpu_possible() in mpic_physmask()
m68k: set dma and coherent masks for platform FEC ethernets
parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
hwmon: (nct6775) Fix writing pwmX_mode
rtc: hctosys: Ensure system time doesn't overflow time_t
powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
powerpc/perf: Fix kernel address leak via sampling registers
tools/thermal: tmon: fix for segfault
selftests: Print the test we're running to /dev/kmsg
net/mlx5: Protect from command bit overflow
ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
ima: Fix Kconfig to select TPM 2.0 CRB interface
ima: Fallback to the builtin hash algorithm
virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
arm: dts: socfpga: fix GIC PPI warning
usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields
cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
clk: Don't show the incorrect clock phase
zorro: Set up z->dev.dma_mask for the DMA API
bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
ACPICA: Events: add a return on failure from acpi_hw_register_read
ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
i2c: mv64xxx: Apply errata delay only in standard mode
KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
xhci: zero usb device slot_id member when disabling and freeing a xhci slot
MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
PCI: Restore config space on runtime resume despite being unbound
ipmi_ssif: Fix kernel panic at msg_done_handler
usb: dwc2: Fix interval type issue
usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS
usb: gadget: ffs: Execute copy_to_user() with USER_DS set
powerpc: Add missing prototype for arch_irq_work_raise()
ASoC: topology: create TLV data for dapm widgets
perf/core: Fix perf_output_read_group()
hwmon: (pmbus/max8688) Accept negative page register values
hwmon: (pmbus/adm1275) Accept negative page register values
cdrom: do not call check_disk_change() inside cdrom_open()
gfs2: Fix fallocate chunk size
usb: gadget: udc: change comparison to bitshift when dealing with a mask
usb: gadget: composite: fix incorrect handling of OS desc requests
x86/devicetree: Initialize device tree before using it
x86/devicetree: Fix device IRQ settings in DT
ALSA: vmaster: Propagate slave error
media: cx23885: Override 888 ImpactVCBe crystal frequency
media: cx23885: Set subdev host data to clk_freq pointer
media: s3c-camif: fix out-of-bounds array access
dmaengine: pl330: fix a race condition in case of threaded irqs
media: em28xx: USB bulk packet size fix
clk: rockchip: Prevent calculating mmc phase if clock rate is zero
enic: enable rq before updating rq descriptors
hwrng: stm32 - add reset during probe
staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr
rtc: tx4939: avoid unintended sign extension on a 24 bit shift
serial: xuartps: Fix out-of-bounds access through DT alias
serial: samsung: Fix out-of-bounds access through serial port index
serial: mxs-auart: Fix out-of-bounds access through serial port index
serial: imx: Fix out-of-bounds access through serial port index
serial: fsl_lpuart: Fix out-of-bounds access through DT alias
serial: arc_uart: Fix out-of-bounds access through DT alias
PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
udf: Provide saner default for invalid uid / gid
media: cx25821: prevent out-of-bounds read on array card
clk: samsung: s3c2410: Fix PLL rates
clk: samsung: exynos5260: Fix PLL rates
clk: samsung: exynos5433: Fix PLL rates
clk: samsung: exynos5250: Fix PLL rates
clk: samsung: exynos3250: Fix PLL rates
crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss
audit: return on memory error to avoid null pointer dereference
MIPS: Octeon: Fix logging messages with spurious periods after newlines
drm/rockchip: Respect page offset for PRIME mmap calls
x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified
perf tests: Use arch__compare_symbol_names to compare symbols
perf report: Fix memory corruption in --branch-history mode --branch-history
selftests/net: fixes psock_fanout eBPF test case
netlabel: If PF_INET6, check sk_buff ip header version
scsi: lpfc: Fix issue_lip if link is disabled
scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
scsi: lpfc: Fix frequency of Release WQE CQEs
regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()'
ASoC: samsung: i2s: Ensure the RCLK rate is properly determined
Bluetooth: btusb: Add device ID for RTL8822BE
kdb: make "mdr" command repeat
s390/ftrace: use expoline for indirect branches
Linux 4.4.134
Change-Id: Iababaf9b89bc8d0437b95e1368d8b0a9126a178c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit e92bb4dd9673945179b1fc738c9817dd91bfb629 ]
When page_mapping() is called and the mapping is dereferenced in
page_evicatable() through shrink_active_list(), it is possible for the
inode to be truncated and the embedded address space to be freed at the
same time. This may lead to the following race.
CPU1 CPU2
truncate(inode) shrink_active_list()
... page_evictable(page)
truncate_inode_page(mapping, page);
delete_from_page_cache(page)
spin_lock_irqsave(&mapping->tree_lock, flags);
__delete_from_page_cache(page, NULL)
page_cache_tree_delete(..)
... mapping = page_mapping(page);
page->mapping = NULL;
...
spin_unlock_irqrestore(&mapping->tree_lock, flags);
page_cache_free_page(mapping, page)
put_page(page)
if (put_page_testzero(page)) -> false
- inode now has no pages and can be freed including embedded address_space
mapping_unevictable(mapping)
test_bit(AS_UNEVICTABLE, &mapping->flags);
- we've dereferenced mapping which is potentially already free.
Similar race exists between swap cache freeing and page_evicatable()
too.
The address_space in inode and swap cache will be freed after a RCU
grace period. So the races are fixed via enclosing the page_mapping()
and address_space usage in rcu_read_lock/unlock(). Some comments are
added in code to make it clear what is protected by the RCU read lock.
Link: http://lkml.kernel.org/r/20180212081227.1940-1-ying.huang@intel.com
Signed-off-by: "Huang, Ying" <ying.huang@intel.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Minchan Kim <minchan@kernel.org>
Cc: "Huang, Ying" <ying.huang@intel.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 77da2ba0648a4fd52e5ff97b8b2b8dd312aec4b0 ]
This patch fixes a corner case for KSM. When two pages belong or
belonged to the same transparent hugepage, and they should be merged,
KSM fails to split the page, and therefore no merging happens.
This bug can be reproduced by:
* making sure ksm is running (in case disabling ksmtuned)
* enabling transparent hugepages
* allocating a THP-aligned 1-THP-sized buffer
e.g. on amd64: posix_memalign(&p, 1<<21, 1<<21)
* filling it with the same values
e.g. memset(p, 42, 1<<21)
* performing madvise to make it mergeable
e.g. madvise(p, 1<<21, MADV_MERGEABLE)
* waiting for KSM to perform a few scans
The expected outcome is that the all the pages get merged (1 shared and
the rest sharing); the actual outcome is that no pages get merged (1
unshared and the rest volatile)
The reason of this behaviour is that we increase the reference count
once for both pages we want to merge, but if they belong to the same
hugepage (or compound page), the reference counter used in both cases is
the one of the head of the compound page. This means that
split_huge_page will find a value of the reference counter too high and
will fail.
This patch solves this problem by testing if the two pages to merge
belong to the same hugepage when attempting to merge them. If so, the
hugepage is split safely. This means that the hugepage is not split if
not necessary.
Link: http://lkml.kernel.org/r/1521548069-24758-1-git-send-email-imbrenda@linux.vnet.ibm.com
Signed-off-by: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com>
Co-authored-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit a06ad633a37c64a0cd4c229fc605cee8725d376e ]
Calling swapon() on a zero length swap file on SSD can lead to a
divide-by-zero.
Although creating such files isn't possible with mkswap and they woud be
considered invalid, it would be better for the swapon code to be more
robust and handle this condition gracefully (return -EINVAL).
Especially since the fix is small and straightforward.
To help with wear leveling on SSD, the swapon syscall calculates a
random position in the swap file using modulo p->highest_bit, which is
set to maxpages - 1 in read_swap_header.
If the swap file is zero length, read_swap_header sets maxpages=1 and
last_page=0, resulting in p->highest_bit=0 and we divide-by-zero when we
modulo p->highest_bit in swapon syscall.
This can be prevented by having read_swap_header return zero if
last_page is zero.
Link: http://lkml.kernel.org/r/5AC747C1020000A7001FA82C@prv-mh.provo.novell.com
Signed-off-by: Thomas Abraham <tabraham@suse.com>
Reported-by: <Mark.Landis@Teradata.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 914b6dfff790544d9b77dfd1723adb3745ec9700 ]
A crash is observed when kmemleak_scan accesses the object->pointer,
likely due to the following race.
TASK A TASK B TASK C
kmemleak_write
(with "scan" and
NOT "scan=on")
kmemleak_scan()
create_object
kmem_cache_alloc fails
kmemleak_disable
kmemleak_do_cleanup
kmemleak_free_enabled = 0
kfree
kmemleak_free bails out
(kmemleak_free_enabled is 0)
slub frees object->pointer
update_checksum
crash - object->pointer
freed (DEBUG_PAGEALLOC)
kmemleak_do_cleanup waits for the scan thread to complete, but not for
direct call to kmemleak_scan via kmemleak_write. So add a wait for
kmemleak_scan completion before disabling kmemleak_free, and while at it
fix the comment on stop_scan_thread.
[vinmenon@codeaurora.org: fix stop_scan_thread comment]
Link: http://lkml.kernel.org/r/1522219972-22809-1-git-send-email-vinmenon@codeaurora.org
Link: http://lkml.kernel.org/r/1522063429-18992-1-git-send-email-vinmenon@codeaurora.org
Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Jann Horn
Linus Torvalds
Florian Fainelli
Linux Build Service Account
Zhenhua Huang
Srinivasarao P
Greg Kroah-Hartman
Zhen Lei
Minchan Kim
Sergey Senozhatsky
Yao Jiang
Andi Kleen
Dan Williams
Andy Lutomirski
Mathieu Malaterre
Chintan Pandya
Jaegeuk Kim
Jing Xia
Blagovest Kolenichev
Vlastimil Babka
Cannon Matthews
Jan Kara
Hugh Dickins
Huang Ying
Claudio Imbrenda
Tom Abraham
Vinayak Menon