* refs/heads/tmp-7ba5557
Linux 4.4.139
Bluetooth: Fix connection if directed advertising and privacy is used
cdc_ncm: avoid padding beyond end of skb
dm thin: handle running out of data space vs concurrent discard
block: Fix transfer when chunk sectors exceeds max
spi: Fix scatterlist elements size in spi_map_buf
Btrfs: fix unexpected cow in run_delalloc_nocow
ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210
Input: elantech - fix V4 report decoding for module with middle key
Input: elantech - enable middle button of touchpads on ThinkPad P52
Input: elan_i2c_smbus - fix more potential stack buffer overflows
udf: Detect incorrect directory size
xen: Remove unnecessary BUG_ON from __unbind_from_irq()
Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID
video: uvesafb: Fix integer overflow in allocation
NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message
nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
media: cx231xx: Add support for AverMedia DVD EZMaker 7
media: v4l2-compat-ioctl32: prevent go past max size
perf intel-pt: Fix packet decoding of CYC packets
perf intel-pt: Fix "Unexpected indirect branch" error
perf intel-pt: Fix MTC timing after overflow
perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP
perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING
perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
mfd: intel-lpss: Program REMAP register in PIO mode
backlight: tps65217_bl: Fix Device Tree node lookup
backlight: max8925_bl: Fix Device Tree node lookup
backlight: as3711_bl: Fix Device Tree node lookup
xfrm: skip policies marked as dead while rehashing
xfrm: Ignore socket policies when rebuilding hash tables
UBIFS: Fix potential integer overflow in allocation
ubi: fastmap: Cancel work upon detach
md: fix two problems with setting the "re-add" device state.
linvdimm, pmem: Preserve read-only setting for pmem devices
scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED
scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return
scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed
scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
iio:buffer: make length types match kfifo types
Btrfs: fix clone vs chattr NODATASUM race
time: Make sure jiffies_to_msecs() preserves non-zero time periods
MIPS: io: Add barrier after register read in inX()
PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume
MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
mtd: cfi_cmdset_0002: Change write buffer to check correct value
RDMA/mlx4: Discard unknown SQP work requests
IB/qib: Fix DMA api warning with debug kernel
of: unittest: for strings, account for trailing \0 in property length field
ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size
powerpc/fadump: Unregister fadump on kexec down path.
cpuidle: powernv: Fix promotion from snooze if next state disabled
powerpc/ptrace: Fix enforcement of DAWR constraints
powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG
powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
fuse: fix control dir setup and teardown
fuse: don't keep dead fuse_conn at fuse_fill_super().
fuse: atomic_o_trunc should truncate pagecache
Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader
ipmi:bt: Set the timeout before doing a capabilities check
branch-check: fix long->int truncation when profiling branches
mips: ftrace: fix static function graph tracing
lib/vsprintf: Remove atomic-unsafe support for %pCr
ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup
ASoC: cirrus: i2s: Fix LRCLK configuration
ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
1wire: family module autoload fails because of upper/lower case mismatch.
usb: do not reset if a low-speed or full-speed device timed out
signal/xtensa: Consistenly use SIGBUS in do_unaligned_user
serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version
m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec()
fs/binfmt_misc.c: do not allow offset overflow
w1: mxc_w1: Enable clock before calling clk_get_rate() on it
libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
libata: zpodd: small read overflow in eject_tray()
libata: zpodd: make arrays cdb static, reduces object code size
cpufreq: Fix new policy initialization during limits updates via sysfs
ALSA: hda: add dock and led support for HP ProBook 640 G4
ALSA: hda: add dock and led support for HP EliteBook 830 G5
ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
btrfs: scrub: Don't use inode pages for device replace
driver core: Don't ignore class_dir_create_and_add() failure.
ext4: fix fencepost error in check for inode count overflow during resize
ext4: update mtime in ext4_punch_hole even if no blocks are released
tcp: verify the checksum of the first data segment in a new connection
bonding: re-evaluate force_primary when the primary slave name changes
usb: musb: fix remote wakeup racing with suspend
Btrfs: make raid6 rebuild retry more
tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
Revert "Btrfs: fix scrub to repair raid6 corruption"
net/sonic: Use dma_mapping_error()
net: qmi_wwan: Add Netgear Aircard 779S
atm: zatm: fix memcmp casting
ipvs: fix buffer overflow with sync daemon and service
netfilter: ebtables: handle string from userspace with care
xfrm6: avoid potential infinite loop in _decode_session6()
ANDROID: Add kconfig to make dm-verity check_at_most_once default enabled
ANDROID: sdcardfs: fix potential crash when reserved_mb is not zero
Change-Id: Ibcd2b6614843e4e8fd5a57acf350a9e83e1c0dbc
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAls7QB8ACgkQONu9yGCS
aT6trQ/9EO1dgc0lZO0zGCxFFiikPzzMp1auSKd99FhSaqlrCPutT5K0gBVc1rug
EvggbqWj2MBX2HZvxQR8LbGNvp7+kkM3apIdYOqyTQPvs7x03YNeuvXZUF3EFyPO
eDZ71nLuwgnEeySceJ+Z9HcVBcWR/0dEkwjhjpIJ2IO25tcecWzbqOOdzNypBIKK
EG4dGhO5JY6jLqxbEFZ9d302bGZQozOQHiDfEZz6NueI0yYVJIjQQvuLp/V0ChDg
TN+PgTOdzxIPCpZw9y4XzN4nhdsOial1xeX7agzAkZDjdbprNpbZrxjfY0NLdpQ0
4ZV3vLqIZ5rs8xuCRgNJ7yTVt6X7miw/h7TQp30qpeDuRf1SHZa4ITqMzdXJUahW
BT+XkjrrCjKxXkCH+rWy0txtouUaVwM+sKHIW0bvrOJwHM0UJXNAUppt4NrBtgtD
7Zt/FDKAHCJk1GuW3U5zXOHmgn+QkRNEndpwbUjwRowvHcE5jVSLLkH4XZkA0+SL
ucQCxOqGKrbHjhyXT+e2Kpx4Z5sqJIUHhc4iw6gi7xyaoJ55kHZ2S+sCwo3cjreq
B43SrwkQ0EJXwHzcrmvDfnvEFf7ylDVWH597lQsIQMNI7Gg04fXixYpvr6DYOBSN
AKHvoqd7VztHnX/ZogyLXp4jWiU5dU6qYXdj/zEs+tB8DYPZ4+c=
=Mli0
-----END PGP SIGNATURE-----
Merge 4.4.139 into android-4.4
Changes in 4.4.139
xfrm6: avoid potential infinite loop in _decode_session6()
netfilter: ebtables: handle string from userspace with care
ipvs: fix buffer overflow with sync daemon and service
atm: zatm: fix memcmp casting
net: qmi_wwan: Add Netgear Aircard 779S
net/sonic: Use dma_mapping_error()
Revert "Btrfs: fix scrub to repair raid6 corruption"
tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
Btrfs: make raid6 rebuild retry more
usb: musb: fix remote wakeup racing with suspend
bonding: re-evaluate force_primary when the primary slave name changes
tcp: verify the checksum of the first data segment in a new connection
ext4: update mtime in ext4_punch_hole even if no blocks are released
ext4: fix fencepost error in check for inode count overflow during resize
driver core: Don't ignore class_dir_create_and_add() failure.
btrfs: scrub: Don't use inode pages for device replace
ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
ALSA: hda: add dock and led support for HP EliteBook 830 G5
ALSA: hda: add dock and led support for HP ProBook 640 G4
cpufreq: Fix new policy initialization during limits updates via sysfs
libata: zpodd: make arrays cdb static, reduces object code size
libata: zpodd: small read overflow in eject_tray()
libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
w1: mxc_w1: Enable clock before calling clk_get_rate() on it
fs/binfmt_misc.c: do not allow offset overflow
x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec()
m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version
signal/xtensa: Consistenly use SIGBUS in do_unaligned_user
usb: do not reset if a low-speed or full-speed device timed out
1wire: family module autoload fails because of upper/lower case mismatch.
ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
ASoC: cirrus: i2s: Fix LRCLK configuration
ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup
lib/vsprintf: Remove atomic-unsafe support for %pCr
mips: ftrace: fix static function graph tracing
branch-check: fix long->int truncation when profiling branches
ipmi:bt: Set the timeout before doing a capabilities check
Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader
fuse: atomic_o_trunc should truncate pagecache
fuse: don't keep dead fuse_conn at fuse_fill_super().
fuse: fix control dir setup and teardown
powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG
powerpc/ptrace: Fix enforcement of DAWR constraints
cpuidle: powernv: Fix promotion from snooze if next state disabled
powerpc/fadump: Unregister fadump on kexec down path.
ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size
of: unittest: for strings, account for trailing \0 in property length field
IB/qib: Fix DMA api warning with debug kernel
RDMA/mlx4: Discard unknown SQP work requests
mtd: cfi_cmdset_0002: Change write buffer to check correct value
mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume
MIPS: io: Add barrier after register read in inX()
time: Make sure jiffies_to_msecs() preserves non-zero time periods
Btrfs: fix clone vs chattr NODATASUM race
iio:buffer: make length types match kfifo types
scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed
scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return
scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED
scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
linvdimm, pmem: Preserve read-only setting for pmem devices
md: fix two problems with setting the "re-add" device state.
ubi: fastmap: Cancel work upon detach
UBIFS: Fix potential integer overflow in allocation
xfrm: Ignore socket policies when rebuilding hash tables
xfrm: skip policies marked as dead while rehashing
backlight: as3711_bl: Fix Device Tree node lookup
backlight: max8925_bl: Fix Device Tree node lookup
backlight: tps65217_bl: Fix Device Tree node lookup
mfd: intel-lpss: Program REMAP register in PIO mode
perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING
perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP
perf intel-pt: Fix MTC timing after overflow
perf intel-pt: Fix "Unexpected indirect branch" error
perf intel-pt: Fix packet decoding of CYC packets
media: v4l2-compat-ioctl32: prevent go past max size
media: cx231xx: Add support for AverMedia DVD EZMaker 7
media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message
video: uvesafb: Fix integer overflow in allocation
Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID
xen: Remove unnecessary BUG_ON from __unbind_from_irq()
udf: Detect incorrect directory size
Input: elan_i2c_smbus - fix more potential stack buffer overflows
Input: elantech - enable middle button of touchpads on ThinkPad P52
Input: elantech - fix V4 report decoding for module with middle key
ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210
Btrfs: fix unexpected cow in run_delalloc_nocow
spi: Fix scatterlist elements size in spi_map_buf
block: Fix transfer when chunk sectors exceeds max
dm thin: handle running out of data space vs concurrent discard
cdc_ncm: avoid padding beyond end of skb
Bluetooth: Fix connection if directed advertising and privacy is used
Linux 4.4.139
Change-Id: I93013bedf2ebe3e6a8718972d8854723609963cc
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit eab6870fee877258122a042bfd99ee7908c40280 upstream.
Mark Rutland noticed that GCC optimization passes have the potential to elide
necessary invocations of the array_index_mask_nospec() instruction sequence,
so mark the asm() volatile.
Mark explains:
"The volatile will inhibit *some* cases where the compiler could lift the
array_index_nospec() call out of a branch, e.g. where there are multiple
invocations of array_index_nospec() with the same arguments:
if (idx < foo) {
idx1 = array_idx_nospec(idx, foo)
do_something(idx1);
}
< some other code >
if (idx < foo) {
idx2 = array_idx_nospec(idx, foo);
do_something_else(idx2);
}
... since the compiler can determine that the two invocations yield the same
result, and reuse the first result (likely the same register as idx was in
originally) for the second branch, effectively re-writing the above as:
if (idx < foo) {
idx = array_idx_nospec(idx, foo);
do_something(idx);
}
< some other code >
if (idx < foo) {
do_something_else(idx);
}
... if we don't take the first branch, then speculatively take the second, we
lose the nospec protection.
There's more info on volatile asm in the GCC docs:
https://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html#Volatile
"
Reported-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: <stable@vger.kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Fixes: babdde2698d4 ("x86: Implement array_index_mask_nospec")
Link: https://lkml.kernel.org/lkml/152838798950.14521.4893346294059739135.stgit@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-a2e2217
Linux 4.4.137
net: metrics: add proper netlink validation
net: phy: broadcom: Fix bcm_write_exp()
rtnetlink: validate attributes in do_setlink()
team: use netdev_features_t instead of u32
net/mlx4: Fix irq-unsafe spinlock usage
qed: Fix mask for physical address in ILT entry
packet: fix reserve calculation
net: usb: cdc_mbim: add flag FLAG_SEND_ZLP
net/packet: refine check for priv area size
netdev-FAQ: clarify DaveM's position for stable backports
isdn: eicon: fix a missing-check bug
ipv4: remove warning in ip_recv_error
ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds
enic: set DMA mask to 47 bit
dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
bnx2x: use the right constant
brcmfmac: Fix check for ISO3166 code
drm: set FMODE_UNSIGNED_OFFSET for drm files
xfs: fix incorrect log_flushed on fsync
kconfig: Avoid format overflow warning from GCC 8.1
mmap: relax file size limit for regular files
mmap: introduce sane default mmap limits
tpm: self test failure should not cause suspend to fail
tpm: do not suspend/resume if power stays on
ANDROID: Update arm64 ranchu64_defconfig
Linux 4.4.136
sparc64: Fix build warnings with gcc 7.
mm: fix the NULL mapping case in __isolate_lru_page()
fix io_destroy()/aio_complete() race
Kbuild: change CC_OPTIMIZE_FOR_SIZE definition
drm/i915: Disable LVDS on Radiant P845
hwtracing: stm: fix build error on some arches
stm class: Use vmalloc for the master map
scsi: scsi_transport_srp: Fix shost to rport translation
MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests
MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs
iio:kfifo_buf: check for uint overflow
dmaengine: usb-dmac: fix endless loop in usb_dmac_chan_terminate_all()
i2c: rcar: revoke START request early
i2c: rcar: check master irqs before slave irqs
i2c: rcar: don't issue stop when HW does it automatically
i2c: rcar: init new messages in irq
i2c: rcar: refactor setup of a msg
i2c: rcar: remove spinlock
i2c: rcar: remove unused IOERROR state
i2c: rcar: rework hw init
i2c: rcar: make sure clocks are on when doing clock calculation
tcp: avoid integer overflows in tcp_rcv_space_adjust()
irda: fix overly long udelay()
ASoC: Intel: sst: remove redundant variable dma_dev_name
rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c
cfg80211: further limit wiphy names to 64 bytes
selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
tracing: Fix crash when freeing instances with event triggers
Input: elan_i2c_smbus - fix corrupted stack
Revert "ima: limit file hash setting by user to fix and log modes"
xfs: detect agfl count corruption and reset agfl
sh: New gcc support
USB: serial: cp210x: use tcflag_t to fix incompatible pointer type
powerpc/64s: Clear PCR on boot
arm64: lse: Add early clobbers to some input/output asm operands
FROMLIST: f2fs: run fstrim asynchronously if runtime discard is on
goldfish: pipe: ANDROID: address must be written as __pa(x), not x
goldfish: pipe: ANDROID: add missing check for memory allocated
goldfish: pipe: ANDROID: remove redundant blank lines
Update arch/x86/configs/x86_64_ranchu_defconfig
ANDROID: x86_64_cuttlefish_defconfig: Enable F2FS
ANDROID: Update x86_64_cuttlefish_defconfig
FROMLIST: f2fs: early updates queued for v4.18-rc1
Change-Id: I314254168cd5ad06a7c6bca2fa68c8a6ae6c257d
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
* refs/heads/tmp-c9d74f2
Linux 4.4.135
Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU"
Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU"
Linux 4.4.134
s390/ftrace: use expoline for indirect branches
kdb: make "mdr" command repeat
Bluetooth: btusb: Add device ID for RTL8822BE
ASoC: samsung: i2s: Ensure the RCLK rate is properly determined
regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()'
scsi: lpfc: Fix frequency of Release WQE CQEs
scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
scsi: lpfc: Fix issue_lip if link is disabled
netlabel: If PF_INET6, check sk_buff ip header version
selftests/net: fixes psock_fanout eBPF test case
perf report: Fix memory corruption in --branch-history mode --branch-history
perf tests: Use arch__compare_symbol_names to compare symbols
x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified
drm/rockchip: Respect page offset for PRIME mmap calls
MIPS: Octeon: Fix logging messages with spurious periods after newlines
audit: return on memory error to avoid null pointer dereference
crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss
clk: samsung: exynos3250: Fix PLL rates
clk: samsung: exynos5250: Fix PLL rates
clk: samsung: exynos5433: Fix PLL rates
clk: samsung: exynos5260: Fix PLL rates
clk: samsung: s3c2410: Fix PLL rates
media: cx25821: prevent out-of-bounds read on array card
udf: Provide saner default for invalid uid / gid
PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
serial: arc_uart: Fix out-of-bounds access through DT alias
serial: fsl_lpuart: Fix out-of-bounds access through DT alias
serial: imx: Fix out-of-bounds access through serial port index
serial: mxs-auart: Fix out-of-bounds access through serial port index
serial: samsung: Fix out-of-bounds access through serial port index
serial: xuartps: Fix out-of-bounds access through DT alias
rtc: tx4939: avoid unintended sign extension on a 24 bit shift
staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr
hwrng: stm32 - add reset during probe
enic: enable rq before updating rq descriptors
clk: rockchip: Prevent calculating mmc phase if clock rate is zero
media: em28xx: USB bulk packet size fix
dmaengine: pl330: fix a race condition in case of threaded irqs
media: s3c-camif: fix out-of-bounds array access
media: cx23885: Set subdev host data to clk_freq pointer
media: cx23885: Override 888 ImpactVCBe crystal frequency
ALSA: vmaster: Propagate slave error
x86/devicetree: Fix device IRQ settings in DT
x86/devicetree: Initialize device tree before using it
usb: gadget: composite: fix incorrect handling of OS desc requests
usb: gadget: udc: change comparison to bitshift when dealing with a mask
gfs2: Fix fallocate chunk size
cdrom: do not call check_disk_change() inside cdrom_open()
hwmon: (pmbus/adm1275) Accept negative page register values
hwmon: (pmbus/max8688) Accept negative page register values
perf/core: Fix perf_output_read_group()
ASoC: topology: create TLV data for dapm widgets
powerpc: Add missing prototype for arch_irq_work_raise()
usb: gadget: ffs: Execute copy_to_user() with USER_DS set
usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS
usb: dwc2: Fix interval type issue
ipmi_ssif: Fix kernel panic at msg_done_handler
PCI: Restore config space on runtime resume despite being unbound
MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
xhci: zero usb device slot_id member when disabling and freeing a xhci slot
KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
i2c: mv64xxx: Apply errata delay only in standard mode
ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
ACPICA: Events: add a return on failure from acpi_hw_register_read
bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
zorro: Set up z->dev.dma_mask for the DMA API
clk: Don't show the incorrect clock phase
cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields
arm: dts: socfpga: fix GIC PPI warning
virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
ima: Fallback to the builtin hash algorithm
ima: Fix Kconfig to select TPM 2.0 CRB interface
ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
net/mlx5: Protect from command bit overflow
selftests: Print the test we're running to /dev/kmsg
tools/thermal: tmon: fix for segfault
powerpc/perf: Fix kernel address leak via sampling registers
powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
rtc: hctosys: Ensure system time doesn't overflow time_t
hwmon: (nct6775) Fix writing pwmX_mode
parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
m68k: set dma and coherent masks for platform FEC ethernets
powerpc/mpic: Check if cpu_possible() in mpic_physmask()
ACPI: acpi_pad: Fix memory leak in power saving threads
xen/acpi: off by one in read_acpi_id()
btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
Btrfs: fix copy_items() return value when logging an inode
btrfs: tests/qgroup: Fix wrong tree backref level
Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB
net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
rtc: snvs: Fix usage of snvs_rtc_enable
sparc64: Make atomic_xchg() an inline function rather than a macro.
fscache: Fix hanging wait on page discarded by writeback
KVM: VMX: raise internal error for exception during invalid protected mode state
sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
ocfs2/dlm: don't handle migrate lockres if already in shutdown
btrfs: Fix possible softlock on single core machines
Btrfs: fix NULL pointer dereference in log_dir_items
Btrfs: bail out on error during replay_dir_deletes
mm: fix races between address_space dereference and free in page_evicatable
mm/ksm: fix interaction with THP
dp83640: Ensure against premature access to PHY registers after reset
scsi: aacraid: Insure command thread is not recursively stopped
cpufreq: CPPC: Initialize shared perf capabilities of CPUs
Force log to disk before reading the AGF during a fstrim
sr: get/drop reference to device in revalidate and check_events
swap: divide-by-zero when zero length swap file on ssd
fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table
x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
sh: fix debug trap failure to process signals before return to user
net: mvneta: fix enable of all initialized RXQs
net: Fix untag for vlan packets without ethernet header
mm/kmemleak.c: wait for scan completion before disabling free
llc: properly handle dev_queue_xmit() return value
net-usb: add qmi_wwan if on lte modem wistron neweb d18q1
net/usb/qmi_wwan.c: Add USB id for lt4120 modem
net: qmi_wwan: add BroadMobi BM806U 2020:2033
ARM: 8748/1: mm: Define vdso_start, vdso_end as array
batman-adv: fix packet loss for broadcasted DHCP packets to a server
batman-adv: fix multicast-via-unicast transmission with AP isolation
selftests: ftrace: Add a testcase for probepoint
selftests: ftrace: Add a testcase for string type with kprobe_event
selftests: ftrace: Add probe event argument syntax testcase
mm/mempolicy.c: avoid use uninitialized preferred_node
RDMA/ucma: Correct option size check using optlen
perf/cgroup: Fix child event counting bug
vti4: Don't override MTU passed on link creation via IFLA_MTU
vti4: Don't count header length twice on tunnel setup
batman-adv: fix header size check in batadv_dbg_arp()
net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
sunvnet: does not support GSO for sctp
ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
workqueue: use put_device() instead of kfree()
bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
netfilter: ebtables: fix erroneous reject of last rule
USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
xen: xenbus: use put_device() instead of kfree()
fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
scsi: sd: Keep disk read-only when re-reading partition
scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
e1000e: allocate ring descriptors with dma_zalloc_coherent
e1000e: Fix check_for_link return value with autoneg off
watchdog: f71808e_wdt: Fix magic close handling
KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
Btrfs: send, fix issuing write op when processing hole in no data mode
xen/pirq: fix error path cleanup when binding MSIs
net/tcp/illinois: replace broken algorithm reference link
gianfar: Fix Rx byte accounting for ndev stats
sit: fix IFLA_MTU ignored on NEWLINK
bcache: fix kcrashes with fio in RAID5 backend dev
dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
virtio-gpu: fix ioctl and expose the fixed status to userspace.
r8152: fix tx packets accounting
clocksource/drivers/fsl_ftm_timer: Fix error return checking
nvme-pci: Fix nvme queue cleanup if IRQ setup fails
netfilter: ebtables: convert BUG_ONs to WARN_ONs
batman-adv: invalidate checksum on fragment reassembly
batman-adv: fix packet checksum in receive path
md/raid1: fix NULL pointer dereference
media: dmxdev: fix error code for invalid ioctls
x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations
locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
regulatory: add NUL to request alpha2
smsc75xx: fix smsc75xx_set_features()
ARM: OMAP: Fix dmtimer init for omap1
s390/cio: clear timer when terminating driver I/O
s390/cio: fix return code after missing interrupt
powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
md: raid5: avoid string overflow warning
locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
usb: musb: fix enumeration after resume
drm/exynos: fix comparison to bitshift when dealing with a mask
md raid10: fix NULL deference in handle_write_completed()
mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
NFC: llcp: Limit size of SDP URI
ARM: OMAP1: clock: Fix debugfs_create_*() usage
ARM: OMAP3: Fix prm wake interrupt for resume
ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
scsi: qla4xxx: skip error recovery in case of register disconnect.
scsi: aacraid: fix shutdown crash when init fails
scsi: storvsc: Increase cmd_per_lun for higher speed devices
selftests: memfd: add config fragment for fuse
usb: dwc2: Fix dwc2_hsotg_core_init_disconnected()
usb: gadget: fsl_udc_core: fix ep valid checks
usb: gadget: f_uac2: fix bFirstInterface in composite gadget
ARC: Fix malformed ARC_EMUL_UNALIGNED default
scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion()
scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
scsi: sym53c8xx_2: iterator underflow in sym_getsync()
scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
irqchip/gic-v3: Change pr_debug message to pr_devel
locking/qspinlock: Ensure node->count is updated before initialising node
tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
bcache: return attach error when no cache set exist
bcache: fix for data collapse after re-attaching an attached device
bcache: fix for allocator and register thread race
bcache: properly set task state in bch_writeback_thread()
cifs: silence compiler warnings showing up with gcc-8.0.0
proc: fix /proc/*/map_files lookup
arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
RDS: IB: Fix null pointer issue
xen/grant-table: Use put_page instead of free_page
xen-netfront: Fix race between device setup and open
MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
ACPI: processor_perflib: Do not send _PPC change notification if not ready
firmware: dmi_scan: Fix handling of empty DMI strings
x86/power: Fix swsusp_arch_resume prototype
IB/ipoib: Fix for potential no-carrier state
mm: pin address_space before dereferencing it while isolating an LRU page
asm-generic: provide generic_pmdp_establish()
mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
mm/mempolicy: fix the check of nodemask from user
ocfs2: return error when we attempt to access a dirty bh in jbd2
ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
ntb_transport: Fix bug with max_mw_size parameter
RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
powerpc/numa: Ensure nodes initialized for hotplug
powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
scsi: fas216: fix sense buffer initialization
Btrfs: fix scrub to repair raid6 corruption
btrfs: Fix out of bounds access in btrfs_search_slot
Btrfs: set plug for fsync
ipmi/powernv: Fix error return code in ipmi_powernv_probe()
mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
kconfig: Fix expr_free() E_NOT leak
kconfig: Fix automatic menu creation mem leak
kconfig: Don't leak main menus during parsing
watchdog: sp5100_tco: Fix watchdog disable bit
nfs: Do not convert nfs_idmap_cache_timeout to jiffies
dm thin: fix documentation relative to low water mark threshold
tools lib traceevent: Fix get_field_str() for dynamic strings
perf callchain: Fix attr.sample_max_stack setting
tools lib traceevent: Simplify pointer print logic and fix %pF
PCI: Add function 1 DMA alias quirk for Marvell 9128
tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
ALSA: hda - Use IS_REACHABLE() for dependency on input
NFSv4: always set NFS_LOCK_LOST when a lock is lost.
firewire-ohci: work around oversized DMA reads on JMicron controllers
do d_instantiate/unlock_new_inode combinations safely
xfs: remove racy hasattr check from attr ops
kernel/signal.c: avoid undefined behaviour in kill_something_info
kernel/sys.c: fix potential Spectre v1 issue
kasan: fix memory hotplug during boot
ipc/shm: fix shmat() nil address after round-down when remapping
Revert "ipc/shm: Fix shmat mmap nil-page protection"
xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
libata: blacklist Micron 500IT SSD with MU01 firmware
libata: Blacklist some Sandisk SSDs for NCQ
mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
ALSA: timer: Fix pause event notification
aio: fix io_destroy(2) vs. lookup_ioctx() race
affs_lookup(): close a race with affs_remove_link()
KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
MIPS: ptrace: Expose FIR register through FP regset
UPSTREAM: sched/fair: Consider RT/IRQ pressure in capacity_spare_wake
Conflicts:
drivers/media/dvb-core/dmxdev.c
drivers/scsi/sd.c
drivers/scsi/ufs/ufshcd.c
drivers/usb/gadget/function/f_fs.c
fs/ecryptfs/inode.c
Change-Id: I15751ed8c82ec65ba7eedcb0d385b9f803c333f7
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
commit 3c9fa24ca7c9c47605672916491f79e8ccacb9e6 upstream.
The functions that were used in the emulation of fxrstor, fxsave, sgdt and
sidt were originally meant for task switching, and as such they did not
check privilege levels. This is very bad when the same functions are used
in the emulation of unprivileged instructions. This is CVE-2018-10853.
The obvious fix is to add a new argument to ops->read_std and ops->write_std,
which decides whether the access is a "system" access or should use the
processor's CPL.
Fixes: 129a72a0d3c8 ("KVM: x86: Introduce segmented_write_std", 2017-01-12)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ce14e868a54edeb2e30cb7a7b104a2fc4b9d76ca upstream.
Int the next patch the emulator's .read_std and .write_std callbacks will
grow another argument, which is not needed in kvm_read_guest_virt and
kvm_write_guest_virt_system's callers. Since we have to make separate
functions, let's give the currently existing names a nicer interface, too.
Fixes: 129a72a0d3c8 ("KVM: x86: Introduce segmented_write_std", 2017-01-12)
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 79367a65743975e5cac8d24d08eccc7fdae832b0 upstream.
Wrap the common invocation of ctxt->ops->read_std and ctxt->ops->write_std, so
as to have a smaller patch when the functions grow another argument.
Fixes: 129a72a0d3c8 ("KVM: x86: Introduce segmented_write_std", 2017-01-12)
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 02f39b2379fb81557ae864ec8f85421c0250c954 upstream.
The crypto code was checking both use_eager_fpu() and
defined(X86_FEATURE_EAGER_FPU). The latter was nonsensical, so
remove it. This will avoid breakage when we remove
X86_FEATURE_EAGER_FPU.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Rik van Riel <riel@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: pbonzini@redhat.com
Link: http://lkml.kernel.org/r/1475627678-20788-2-git-send-email-riel@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4ecd16ec7059390b430af34bd8bc3ca2b5dcef9a upstream.
Systems without an FPU are generally old and therefore use lazy FPU
switching. Unsurprisingly, math emulation in eager FPU mode is a
bit buggy. Fix it.
There were two bugs involving kernel code trying to use the FPU
registers in eager mode even if they didn't exist and one BUG_ON()
that was incorrect.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: yu-cheng yu <yu-cheng.yu@intel.com>
Link: http://lkml.kernel.org/r/b4b8d112436bd6fab866e1b4011131507e8d7fbe.1453675014.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5ed73f40735c68d8a656b46d09b1885d3b8740ae upstream.
In eager fpu mode, having deactivated FPU without immediately
reloading some other context is illegal. Therefore, to recover from
FNSAVE, we can't just deactivate the state -- we need to reload it
if we're not actively context switching.
We had this wrong in fpu__save() and fpu__copy(). Fix both.
__kernel_fpu_begin() was fine -- add a comment.
This fixes a warning triggerable with nofxsr eagerfpu=on.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: yu-cheng yu <yu-cheng.yu@intel.com>
Link: http://lkml.kernel.org/r/60662444e13c76f06e23c15c5dcdba31b4ac3d67.1453675014.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ca6938a1cd8a1c5e861a99b67f84ac166fc2b9e7 upstream.
Since commit:
58122bf1d856 ("x86/fpu: Default eagerfpu=on on all CPUs")
... in Linux 4.6, eager FPU mode has been the default on all x86
systems, and no one has reported any regressions.
This patch removes the ability to enable lazy mode: use_eager_fpu()
becomes "return true" and all of the FPU mode selection machinery is
removed.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Rik van Riel <riel@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: pbonzini@redhat.com
Link: http://lkml.kernel.org/r/1475627678-20788-3-git-send-email-riel@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 6e6867093de35141f0a76b66ac13f9f2e2c8e77a upstream.
i486 derived cores like Intel Quark support only the very old,
legacy x87 FPU (FSAVE/FRSTOR, CPUID bit FXSR is not set), and
our FPU code wasn't handling the saving and restoring there
properly in the 'eagerfpu' case.
So after we made eagerfpu the default for all CPU types:
58122bf1d856 x86/fpu: Default eagerfpu=on on all CPUs
these old FPU designs broke. First, Andy Shevchenko reported a splat:
WARNING: CPU: 0 PID: 823 at arch/x86/include/asm/fpu/internal.h:163 fpu__clear+0x8c/0x160
which was us trying to execute FXRSTOR on those machines even though
they don't support it.
After taking care of that, Bryan O'Donoghue reported that a simple FPU
test still failed because we weren't initializing the FPU state properly
on those machines.
Take care of all that.
Reported-and-tested-by: Bryan O'Donoghue <pure.logic@nexus-software.ie>
Reported-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Yu-cheng <yu-cheng.yu@intel.com>
Link: http://lkml.kernel.org/r/20160311113206.GD4312@pd.tnic
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a65050c6f17e52442716138d48d0a47301a8344b upstream.
Leonid Shatz noticed that the SDM interpretation of the following
recent commit:
394db20ca240741 ("x86/fpu: Disable AVX when eagerfpu is off")
... is incorrect and that the original behavior of the FPU code was correct.
Because AVX is not stated in CR0 TS bit description, it was mistakenly
believed to be not supported for lazy context switch. This turns out
to be false:
Intel Software Developer's Manual Vol. 3A, Sec. 2.5 Control Registers:
'TS Task Switched bit (bit 3 of CR0) -- Allows the saving of the x87 FPU/
MMX/SSE/SSE2/SSE3/SSSE3/SSE4 context on a task switch to be delayed until
an x87 FPU/MMX/SSE/SSE2/SSE3/SSSE3/SSE4 instruction is actually executed
by the new task.'
Intel Software Developer's Manual Vol. 2A, Sec. 2.4 Instruction Exception
Specification:
'AVX instructions refer to exceptions by classes that include #NM
"Device Not Available" exception for lazy context switch.'
So revert the commit.
Reported-by: Leonid Shatz <leonid.shatz@ravellosystems.com>
Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/1457569734-3785-1-git-send-email-yu-cheng.yu@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f363938c70a04e6bc99023a5e0c44ef7879b903f upstream.
After fixing FPU option parsing, we now parse the 'no387' boot option
too early: no387 clears X86_FEATURE_FPU before it's even probed, so
the boot CPU promptly re-enables it.
I suspect it gets even more confused on SMP.
Fix the probing code to leave X86_FEATURE_FPU off if it's been
disabled by setup_clear_cpu_cap().
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: yu-cheng yu <yu-cheng.yu@intel.com>
Fixes: 4f81cbafcce2 ("x86/fpu: Fix early FPU command-line parsing")
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 58122bf1d856a4ea9581d62a07c557d997d46a19 upstream.
We have eager and lazy FPU modes, introduced in:
304bceda6a ("x86, fpu: use non-lazy fpu restore for processors supporting xsave")
The result is rather messy. There are two code paths in almost all
of the FPU code, and only one of them (the eager case) is tested
frequently, since most kernel developers have new enough hardware
that we use eagerfpu.
It seems that, on any remotely recent hardware, eagerfpu is a win:
glibc uses SSE2, so laziness is probably overoptimistic, and, in any
case, manipulating TS is far slower that saving and restoring the
full state. (Stores to CR0.TS are serializing and are poorly
optimized.)
To try to shake out any latent issues on old hardware, this changes
the default to eager on all CPUs. If no performance or functionality
problems show up, a subsequent patch could remove lazy mode entirely.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: yu-cheng yu <yu-cheng.yu@intel.com>
Link: http://lkml.kernel.org/r/ac290de61bf08d9cfc2664a4f5080257ffc1075a.1453675014.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 394db20ca240741a08d472173db13d6f6a6e5a28 upstream.
When "eagerfpu=off" is given as a command-line input, the kernel
should disable AVX support.
The Task Switched bit used for lazy context switching does not
support AVX. If AVX is enabled without eagerfpu context
switching, one task's AVX state could become corrupted or leak
to other tasks. This is a bug and has bad security implications.
This only affects systems that have AVX/AVX2/AVX512 and this
issue will be found only when one actually uses AVX/AVX2/AVX512
_AND_ does eagerfpu=off.
Reference: Intel Software Developer's Manual Vol. 3A
Sec. 2.5 Control Registers:
TS Task Switched bit (bit 3 of CR0) -- Allows the saving of the
x87 FPU/ MMX/SSE/SSE2/SSE3/SSSE3/SSE4 context on a task switch
to be delayed until an x87 FPU/MMX/SSE/SSE2/SSE3/SSSE3/SSE4
instruction is actually executed by the new task.
Sec. 13.4.1 Using the TS Flag to Control the Saving of the X87
FPU and SSE State
When the TS flag is set, the processor monitors the instruction
stream for x87 FPU, MMX, SSE instructions. When the processor
detects one of these instructions, it raises a
device-not-available exeception (#NM) prior to executing the
instruction.
Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Borislav Petkov <bp@suse.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: yu-cheng yu <yu-cheng.yu@intel.com>
Link: http://lkml.kernel.org/r/1452119094-7252-5-git-send-email-yu-cheng.yu@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a5fe93a549c54838063d2952dd9643b0b18aa67f upstream.
This issue is a fallout from the command-line parsing move.
When "eagerfpu=off" is given as a command-line input, the kernel
should disable MPX support. The decision for turning off MPX was
made in fpu__init_system_ctx_switch(), which is after the
selection of the XSAVE format. This patch fixes it by getting
that decision done earlier in fpu__init_system_xstate().
Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Borislav Petkov <bp@suse.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: yu-cheng yu <yu-cheng.yu@intel.com>
Link: http://lkml.kernel.org/r/1452119094-7252-4-git-send-email-yu-cheng.yu@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 362f924b64ba0f4be2ee0cb697690c33d40be721 upstream.
Those are stupid and code should use static_cpu_has_safe() or
boot_cpu_has() instead. Kill the least used and unused ones.
The remaining ones need more careful inspection before a conversion can
happen. On the TODO.
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: http://lkml.kernel.org/r/1449481182-27541-4-git-send-email-bp@alien8.de
Cc: David Sterba <dsterba@suse.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Matt Mackall <mpm@selenic.com>
Cc: Chris Mason <clm@fb.com>
Cc: Josef Bacik <jbacik@fb.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4f81cbafcce2c603db7865e9d0e461f7947d77d4 upstream.
The function fpu__init_system() is executed before
parse_early_param(). This causes wrong FPU configuration. This
patch fixes this issue by parsing boot_command_line in the
beginning of fpu__init_system().
With all four patches in this series, each parameter disables
features as the following:
eagerfpu=off: eagerfpu, avx, avx2, avx512, mpx
no387: fpu
nofxsr: fxsr, fxsropt, xmm
noxsave: xsave, xsaveopt, xsaves, xsavec, avx, avx2, avx512,
mpx, xgetbv1 noxsaveopt: xsaveopt
noxsaves: xsaves
Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Borislav Petkov <bp@suse.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Cc: Ravi V. Shankar <ravi.v.shankar@intel.com>
Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: yu-cheng yu <yu-cheng.yu@intel.com>
Link: http://lkml.kernel.org/r/1452119094-7252-2-git-send-email-yu-cheng.yu@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Merge with the configs from kernel/configs.git added recently.
This should fix ipsec VPN functionality.
Bug: 80540078
Change-Id: I9cc99f5e34d2809670fe2fc0df121610657f6769
Signed-off-by: Alistair Strachan <astrachan@google.com>
* refs/heads/tmp-3f51ea2
Linux 4.4.133
x86/kexec: Avoid double free_page() upon do_kexec_load() failure
hfsplus: stop workqueue when fill_super() failed
cfg80211: limit wiphy names to 128 bytes
gpio: rcar: Add Runtime PM handling for interrupts
time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
dmaengine: ensure dmaengine helpers check valid callback
scsi: zfcp: fix infinite iteration on ERP ready list
scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
scsi: libsas: defer ata device eh commands to libata
s390: use expoline thunks in the BPF JIT
s390: extend expoline to BC instructions
s390: move spectre sysfs attribute code
s390/kernel: use expoline for indirect branches
s390/lib: use expoline for indirect branches
s390: move expoline assembler macros to a header
s390: add assembler macros for CPU alternatives
ext2: fix a block leak
tcp: purge write queue in tcp_connect_init()
sock_diag: fix use-after-free read in __sk_free
packet: in packet_snd start writing at link layer allocation
net: test tailroom before appending to linear skb
btrfs: fix reading stale metadata blocks after degraded raid1 mounts
btrfs: fix crash when trying to resume balance without the resume flag
Btrfs: fix xattr loss after power failure
ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
tick/broadcast: Use for_each_cpu() specially on UP kernels
ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
s390: remove indirect branch from do_softirq_own_stack
s390/qdio: don't release memory in qdio_setup_irq()
s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
s390/qdio: fix access to uninitialized qdio_q fields
mm: don't allow deferred pages with NEED_PER_CPU_KM
powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
procfs: fix pthread cross-thread naming if !PR_DUMPABLE
proc read mm's {arg,env}_{start,end} with mmap semaphore taken.
tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
cpufreq: intel_pstate: Enable HWP by default
signals: avoid unnecessary taking of sighand->siglock
mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete during a read
mm: filemap: remove redundant code in do_read_cache_page
proc: meminfo: estimate available memory more conservatively
vmscan: do not force-scan file lru if its absolute size is small
powerpc: Don't preempt_disable() in show_cpuinfo()
cpuidle: coupled: remove unused define cpuidle_coupled_lock
powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL
powerpc/powernv: Remove OPALv2 firmware define and references
powerpc/powernv: panic() on OPAL < V3
spi: pxa2xx: Allow 64-bit DMA
ALSA: control: fix a redundant-copy issue
ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
ALSA: usb: mixer: volume quirk for CM102-A+/102S+
usbip: usbip_host: fix bad unlock balance during stub_probe()
usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
usbip: usbip_host: run rebind from exit when module is removed
usbip: usbip_host: delete device from busid_table after rebind
usbip: usbip_host: refine probe and disconnect debug msgs to be useful
kernel/exit.c: avoid undefined behaviour when calling wait4()
futex: futex_wake_op, fix sign_extend32 sign bits
pipe: cap initial pipe capacity according to pipe-max-size limit
l2tp: revert "l2tp: fix missing print session offset info"
Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap"
lockd: lost rollback of set_grace_period() in lockd_down_net()
xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
futex: Remove duplicated code and fix undefined behaviour
futex: Remove unnecessary warning from get_futex_key
arm64: Add work around for Arm Cortex-A55 Erratum 1024718
arm64: introduce mov_q macro to move a constant into a 64-bit register
audit: move calcs after alloc and check when logging set loginuid
ALSA: timer: Call notifier in the same spinlock
sctp: delay the authentication for the duplicated cookie-echo chunk
sctp: fix the issue that the cookie-ack with auth can't get processed
tcp: ignore Fast Open on repair mode
bonding: do not allow rlb updates to invalid mac
tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
r8169: fix powering up RTL8168h
qmi_wwan: do not steal interfaces from class drivers
openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
net: support compat 64-bit time in {s,g}etsockopt
net_sched: fq: take care of throttled flows before reuse
net/mlx4_en: Verify coalescing parameters are in range
net: ethernet: sun: niu set correct packet size in skb
llc: better deal with too small mtu
ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
dccp: fix tasklet usage
bridge: check iface upper dev when setting master via ioctl
8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
BACKPORT, FROMLIST: fscrypt: add Speck128/256 support
cgroup: Disable IRQs while holding css_set_lock
Revert "cgroup: Disable IRQs while holding css_set_lock"
cgroup: Disable IRQs while holding css_set_lock
ANDROID: proc: fix undefined behavior in proc_uid_base_readdir
x86: vdso: Fix leaky vdso linker with CC=clang.
ANDROID: build: cuttlefish: Upgrade clang to newer version.
ANDROID: build: cuttlefish: Upgrade clang to newer version.
ANDROID: build: cuttlefish: Fix path to clang.
UPSTREAM: dm bufio: avoid sleeping while holding the dm_bufio lock
ANDROID: sdcardfs: Don't d_drop in d_revalidate
Conflicts:
arch/arm64/include/asm/cputype.h
fs/ext4/crypto.c
fs/ext4/ext4.h
kernel/cgroup.c
mm/vmscan.c
Change-Id: Ic10c5722b6439af1cf423fd949c493f786764d7e
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlsOO14ACgkQONu9yGCS
aT4ulhAAhMVYSRa/cOFm0BHxSL/59WmJTa3Na8TJqkTrJy+LRluBiKCywyiMZknp
4rIffv4jcxcFNCpqYTjNTSStGLWCCkBLNSzxuzFv5M89Jdx4Gz1Ww1hzMESP3gxK
puHUewSJQm7qtVOiC2l4YcW3Q6nFK0kqbCWpSkHoGVfZoX9JS2P1V8n+KFZpUH1a
UyhVW48ainUpXfhSKJZ5xABiWYM2hcSq52RW1edNZvwuKwulZ+2EME26HgGCK7ff
WHzGHECE6Lem+iunR26J/QtbTo8LKEyU0F039X21E7FIxf33S0xyPx+MGjJfWBOo
Q6A23mAEWwEhlMomNKzdd/iUzSVlWSzKe8LJa7GI5G6BxftN8Z0TGTnKzIDkw++M
T6RfK03CP6c9rQ756d0fTPxdZh6ae9EN8WSot/Sbbc9SvGSfy6o4I8Y/uJygShmF
j13JfMweC+t7/6fyUqc5dcgY0Xy7LUFiWqfPxQj6axDiT82Mx2AvQaczrPUAKr1K
KQsetmyhHC+Cpy7ILrhUGYjEWlvQm11ZiFoX8BkocFLFWk736QA63iB7mOUpCOQR
SKLK00dF163GJdQC6nb4wCtyBxnCg4pSoP/72Z1foPtaSd3ccJ4CLsIE6GY5sP/I
sDlPnIlnzEDfDPIxtVfKC8e1JINP6awXwtoJJo6MnuCuP3LDb58=
=ogZQ
-----END PGP SIGNATURE-----
Merge 4.4.134 into android-4.4
Changes in 4.4.134
MIPS: ptrace: Expose FIR register through FP regset
MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
affs_lookup(): close a race with affs_remove_link()
aio: fix io_destroy(2) vs. lookup_ioctx() race
ALSA: timer: Fix pause event notification
mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
libata: Blacklist some Sandisk SSDs for NCQ
libata: blacklist Micron 500IT SSD with MU01 firmware
xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
Revert "ipc/shm: Fix shmat mmap nil-page protection"
ipc/shm: fix shmat() nil address after round-down when remapping
kasan: fix memory hotplug during boot
kernel/sys.c: fix potential Spectre v1 issue
kernel/signal.c: avoid undefined behaviour in kill_something_info
xfs: remove racy hasattr check from attr ops
do d_instantiate/unlock_new_inode combinations safely
firewire-ohci: work around oversized DMA reads on JMicron controllers
NFSv4: always set NFS_LOCK_LOST when a lock is lost.
ALSA: hda - Use IS_REACHABLE() for dependency on input
ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
PCI: Add function 1 DMA alias quirk for Marvell 9128
tools lib traceevent: Simplify pointer print logic and fix %pF
perf callchain: Fix attr.sample_max_stack setting
tools lib traceevent: Fix get_field_str() for dynamic strings
dm thin: fix documentation relative to low water mark threshold
nfs: Do not convert nfs_idmap_cache_timeout to jiffies
watchdog: sp5100_tco: Fix watchdog disable bit
kconfig: Don't leak main menus during parsing
kconfig: Fix automatic menu creation mem leak
kconfig: Fix expr_free() E_NOT leak
mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
ipmi/powernv: Fix error return code in ipmi_powernv_probe()
Btrfs: set plug for fsync
btrfs: Fix out of bounds access in btrfs_search_slot
Btrfs: fix scrub to repair raid6 corruption
scsi: fas216: fix sense buffer initialization
HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
powerpc/numa: Ensure nodes initialized for hotplug
RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
ntb_transport: Fix bug with max_mw_size parameter
ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
ocfs2: return error when we attempt to access a dirty bh in jbd2
mm/mempolicy: fix the check of nodemask from user
mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
asm-generic: provide generic_pmdp_establish()
mm: pin address_space before dereferencing it while isolating an LRU page
IB/ipoib: Fix for potential no-carrier state
x86/power: Fix swsusp_arch_resume prototype
firmware: dmi_scan: Fix handling of empty DMI strings
ACPI: processor_perflib: Do not send _PPC change notification if not ready
bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
xen-netfront: Fix race between device setup and open
xen/grant-table: Use put_page instead of free_page
RDS: IB: Fix null pointer issue
arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
proc: fix /proc/*/map_files lookup
cifs: silence compiler warnings showing up with gcc-8.0.0
bcache: properly set task state in bch_writeback_thread()
bcache: fix for allocator and register thread race
bcache: fix for data collapse after re-attaching an attached device
bcache: return attach error when no cache set exist
tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
locking/qspinlock: Ensure node->count is updated before initialising node
irqchip/gic-v3: Change pr_debug message to pr_devel
scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
scsi: sym53c8xx_2: iterator underflow in sym_getsync()
scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion()
ARC: Fix malformed ARC_EMUL_UNALIGNED default
usb: gadget: f_uac2: fix bFirstInterface in composite gadget
usb: gadget: fsl_udc_core: fix ep valid checks
usb: dwc2: Fix dwc2_hsotg_core_init_disconnected()
selftests: memfd: add config fragment for fuse
scsi: storvsc: Increase cmd_per_lun for higher speed devices
scsi: aacraid: fix shutdown crash when init fails
scsi: qla4xxx: skip error recovery in case of register disconnect.
ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
ARM: OMAP3: Fix prm wake interrupt for resume
ARM: OMAP1: clock: Fix debugfs_create_*() usage
NFC: llcp: Limit size of SDP URI
mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
md raid10: fix NULL deference in handle_write_completed()
drm/exynos: fix comparison to bitshift when dealing with a mask
usb: musb: fix enumeration after resume
locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
md: raid5: avoid string overflow warning
kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
s390/cio: fix return code after missing interrupt
s390/cio: clear timer when terminating driver I/O
ARM: OMAP: Fix dmtimer init for omap1
smsc75xx: fix smsc75xx_set_features()
regulatory: add NUL to request alpha2
locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations
media: dmxdev: fix error code for invalid ioctls
md/raid1: fix NULL pointer dereference
batman-adv: fix packet checksum in receive path
batman-adv: invalidate checksum on fragment reassembly
netfilter: ebtables: convert BUG_ONs to WARN_ONs
nvme-pci: Fix nvme queue cleanup if IRQ setup fails
clocksource/drivers/fsl_ftm_timer: Fix error return checking
r8152: fix tx packets accounting
virtio-gpu: fix ioctl and expose the fixed status to userspace.
dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
bcache: fix kcrashes with fio in RAID5 backend dev
sit: fix IFLA_MTU ignored on NEWLINK
gianfar: Fix Rx byte accounting for ndev stats
net/tcp/illinois: replace broken algorithm reference link
xen/pirq: fix error path cleanup when binding MSIs
Btrfs: send, fix issuing write op when processing hole in no data mode
selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
watchdog: f71808e_wdt: Fix magic close handling
e1000e: Fix check_for_link return value with autoneg off
e1000e: allocate ring descriptors with dma_zalloc_coherent
usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers
scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM
scsi: sd: Keep disk read-only when re-reading partition
fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
xen: xenbus: use put_device() instead of kfree()
USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
netfilter: ebtables: fix erroneous reject of last rule
bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
workqueue: use put_device() instead of kfree()
ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
sunvnet: does not support GSO for sctp
net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
batman-adv: fix header size check in batadv_dbg_arp()
vti4: Don't count header length twice on tunnel setup
vti4: Don't override MTU passed on link creation via IFLA_MTU
perf/cgroup: Fix child event counting bug
RDMA/ucma: Correct option size check using optlen
mm/mempolicy.c: avoid use uninitialized preferred_node
selftests: ftrace: Add probe event argument syntax testcase
selftests: ftrace: Add a testcase for string type with kprobe_event
selftests: ftrace: Add a testcase for probepoint
batman-adv: fix multicast-via-unicast transmission with AP isolation
batman-adv: fix packet loss for broadcasted DHCP packets to a server
ARM: 8748/1: mm: Define vdso_start, vdso_end as array
net: qmi_wwan: add BroadMobi BM806U 2020:2033
net/usb/qmi_wwan.c: Add USB id for lt4120 modem
net-usb: add qmi_wwan if on lte modem wistron neweb d18q1
llc: properly handle dev_queue_xmit() return value
mm/kmemleak.c: wait for scan completion before disabling free
net: Fix untag for vlan packets without ethernet header
net: mvneta: fix enable of all initialized RXQs
sh: fix debug trap failure to process signals before return to user
x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table
swap: divide-by-zero when zero length swap file on ssd
sr: get/drop reference to device in revalidate and check_events
Force log to disk before reading the AGF during a fstrim
cpufreq: CPPC: Initialize shared perf capabilities of CPUs
scsi: aacraid: Insure command thread is not recursively stopped
dp83640: Ensure against premature access to PHY registers after reset
mm/ksm: fix interaction with THP
mm: fix races between address_space dereference and free in page_evicatable
Btrfs: bail out on error during replay_dir_deletes
Btrfs: fix NULL pointer dereference in log_dir_items
btrfs: Fix possible softlock on single core machines
ocfs2/dlm: don't handle migrate lockres if already in shutdown
sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
KVM: VMX: raise internal error for exception during invalid protected mode state
fscache: Fix hanging wait on page discarded by writeback
sparc64: Make atomic_xchg() an inline function rather than a macro.
rtc: snvs: Fix usage of snvs_rtc_enable
net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB
btrfs: tests/qgroup: Fix wrong tree backref level
Btrfs: fix copy_items() return value when logging an inode
btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
xen/acpi: off by one in read_acpi_id()
ACPI: acpi_pad: Fix memory leak in power saving threads
powerpc/mpic: Check if cpu_possible() in mpic_physmask()
m68k: set dma and coherent masks for platform FEC ethernets
parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
hwmon: (nct6775) Fix writing pwmX_mode
rtc: hctosys: Ensure system time doesn't overflow time_t
powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
powerpc/perf: Fix kernel address leak via sampling registers
tools/thermal: tmon: fix for segfault
selftests: Print the test we're running to /dev/kmsg
net/mlx5: Protect from command bit overflow
ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
ima: Fix Kconfig to select TPM 2.0 CRB interface
ima: Fallback to the builtin hash algorithm
virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
arm: dts: socfpga: fix GIC PPI warning
usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields
cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
clk: Don't show the incorrect clock phase
zorro: Set up z->dev.dma_mask for the DMA API
bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
ACPICA: Events: add a return on failure from acpi_hw_register_read
ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
i2c: mv64xxx: Apply errata delay only in standard mode
KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
xhci: zero usb device slot_id member when disabling and freeing a xhci slot
MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
PCI: Restore config space on runtime resume despite being unbound
ipmi_ssif: Fix kernel panic at msg_done_handler
usb: dwc2: Fix interval type issue
usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS
usb: gadget: ffs: Execute copy_to_user() with USER_DS set
powerpc: Add missing prototype for arch_irq_work_raise()
ASoC: topology: create TLV data for dapm widgets
perf/core: Fix perf_output_read_group()
hwmon: (pmbus/max8688) Accept negative page register values
hwmon: (pmbus/adm1275) Accept negative page register values
cdrom: do not call check_disk_change() inside cdrom_open()
gfs2: Fix fallocate chunk size
usb: gadget: udc: change comparison to bitshift when dealing with a mask
usb: gadget: composite: fix incorrect handling of OS desc requests
x86/devicetree: Initialize device tree before using it
x86/devicetree: Fix device IRQ settings in DT
ALSA: vmaster: Propagate slave error
media: cx23885: Override 888 ImpactVCBe crystal frequency
media: cx23885: Set subdev host data to clk_freq pointer
media: s3c-camif: fix out-of-bounds array access
dmaengine: pl330: fix a race condition in case of threaded irqs
media: em28xx: USB bulk packet size fix
clk: rockchip: Prevent calculating mmc phase if clock rate is zero
enic: enable rq before updating rq descriptors
hwrng: stm32 - add reset during probe
staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr
rtc: tx4939: avoid unintended sign extension on a 24 bit shift
serial: xuartps: Fix out-of-bounds access through DT alias
serial: samsung: Fix out-of-bounds access through serial port index
serial: mxs-auart: Fix out-of-bounds access through serial port index
serial: imx: Fix out-of-bounds access through serial port index
serial: fsl_lpuart: Fix out-of-bounds access through DT alias
serial: arc_uart: Fix out-of-bounds access through DT alias
PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
udf: Provide saner default for invalid uid / gid
media: cx25821: prevent out-of-bounds read on array card
clk: samsung: s3c2410: Fix PLL rates
clk: samsung: exynos5260: Fix PLL rates
clk: samsung: exynos5433: Fix PLL rates
clk: samsung: exynos5250: Fix PLL rates
clk: samsung: exynos3250: Fix PLL rates
crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss
audit: return on memory error to avoid null pointer dereference
MIPS: Octeon: Fix logging messages with spurious periods after newlines
drm/rockchip: Respect page offset for PRIME mmap calls
x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified
perf tests: Use arch__compare_symbol_names to compare symbols
perf report: Fix memory corruption in --branch-history mode --branch-history
selftests/net: fixes psock_fanout eBPF test case
netlabel: If PF_INET6, check sk_buff ip header version
scsi: lpfc: Fix issue_lip if link is disabled
scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
scsi: lpfc: Fix frequency of Release WQE CQEs
regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()'
ASoC: samsung: i2s: Ensure the RCLK rate is properly determined
Bluetooth: btusb: Add device ID for RTL8822BE
kdb: make "mdr" command repeat
s390/ftrace: use expoline for indirect branches
Linux 4.4.134
Change-Id: Iababaf9b89bc8d0437b95e1368d8b0a9126a178c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit bee3204ec3c49f6f53add9c3962c9012a5c036fa ]
Currently the kdump kernel becomes very slow if 'noapic' is specified.
Normal kernel doesn't have this bug.
Kernel parameter 'noapic' is used to disable IO-APIC in system for
testing or special purpose. Here the root cause is that in kdump
kernel LAPIC is disabled since commit:
522e664644 ("x86/apic: Disable I/O APIC before shutdown of the local APIC")
In this case we need set up through-local-APIC on boot CPU in
setup_local_APIC().
In normal kernel the legacy irq mode is enabled by the BIOS. If
it is virtual wire mode, the local-APIC has been enabled and set as
through-local-APIC.
Though we fixed the regression introduced by commit 522e664644,
to further improve robustness set up the through-local-APIC mode
explicitly, do not rely on the default boot IRQ mode.
Signed-off-by: Baoquan He <bhe@redhat.com>
Reviewed-by: Eric W. Biederman <ebiederm@xmission.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: douly.fnst@cn.fujitsu.com
Cc: joro@8bytes.org
Cc: prarit@redhat.com
Cc: uobergfe@redhat.com
Link: http://lkml.kernel.org/r/20180214054656.3780-7-bhe@redhat.com
[ Rewrote the changelog. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 0a5169add90e43ab45ab1ba34223b8583fcaf675 ]
IRQ parameters for the SoC devices connected directly to I/O APIC lines
(without PCI IRQ routing) may be specified in the Device Tree.
Called from DT IRQ parser, irq_create_fwspec_mapping() calls
irq_domain_alloc_irqs() with a pointer to irq_fwspec structure as @arg.
But x86-specific DT IRQ allocation code casts @arg to of_phandle_args
structure pointer and crashes trying to read the IRQ parameters. The
function was not converted when the mapping descriptor was changed to
irq_fwspec in the generic irqdomain code.
Fixes: 11e4438ee3 ("irqdomain: Introduce a firmware-specific IRQ specifier structure")
Signed-off-by: Ivan Gorinov <ivan.gorinov@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Rob Herring <robh+dt@kernel.org>
Link: https://lkml.kernel.org/r/a234dee27ea60ce76141872da0d6bdb378b2a9ee.1520450752.git.ivan.gorinov@intel.com
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 628df9dc5ad886b0a9b33c75a7b09710eb859ca1 ]
Commit 08d53aa58c added CRC32 calculation in early_init_dt_verify() and
checking in late initcall of_fdt_raw_init(), making early_init_dt_verify()
mandatory.
The required call to early_init_dt_verify() was not added to the
x86-specific implementation, causing failure to create the sysfs entry in
of_fdt_raw_init().
Fixes: 08d53aa58c ("of/fdt: export fdt blob as /sys/firmware/fdt")
Signed-off-by: Ivan Gorinov <ivan.gorinov@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Rob Herring <robh+dt@kernel.org>
Link: https://lkml.kernel.org/r/c8c7e941efc63b5d25ebf9b6350b0f3df38f6098.1520450752.git.ivan.gorinov@intel.com
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 0bcc3fb95b97ac2ca223a5a870287b37f56265ac ]
Devices which use level-triggered interrupts under Windows 2016 with
Hyper-V role enabled don't work: Windows disables EOI broadcast in SPIV
unconditionally. Our in-kernel IOAPIC implementation emulates an old IOAPIC
version which has no EOI register so EOI never happens.
The issue was discovered and discussed a while ago:
https://www.spinics.net/lists/kvm/msg148098.html
While this is a guest OS bug (it should check that IOAPIC has the required
capabilities before disabling EOI broadcast) we can workaround it in KVM:
advertising DIRECTED_EOI with in-kernel IOAPIC makes little sense anyway.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit add5ff7a216ee545a214013f26d1ef2f44a9c9f8 ]
Exit to userspace with KVM_INTERNAL_ERROR_EMULATION if we encounter
an exception in Protected Mode while emulating guest due to invalid
guest state. Unlike Big RM, KVM doesn't support emulating exceptions
in PM, i.e. PM exceptions are always injected via the VMCS. Because
we will never do VMRESUME due to emulation_required, the exception is
never realized and we'll keep emulating the faulting instruction over
and over until we receive a signal.
Exit to userspace iff there is a pending exception, i.e. don't exit
simply on a requested event. The purpose of this check and exit is to
aid in debugging a guest that is in all likelihood already doomed.
Invalid guest state in PM is extremely limited in normal operation,
e.g. it generally only occurs for a few instructions early in BIOS,
and any exception at this time is all but guaranteed to be fatal.
Non-vectored interrupts, e.g. INIT, SIPI and SMI, can be cleanly
handled/emulated, while checking for vectored interrupts, e.g. INTR
and NMI, without hitting false positives would add a fair amount of
complexity for almost no benefit (getting hit by lightning seems
more likely than encountering this specific scenario).
Add a WARN_ON_ONCE to vmx_queue_exception() if we try to inject an
exception via the VMCS and emulation_required is true.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit e3e288121408c3abeed5af60b87b95c847143845 ]
The pmd_set_huge() and pud_set_huge() functions are used from
the generic ioremap() code to establish large mappings where this
is possible.
But the generic ioremap() code does not check whether the
PMD/PUD entries are already populated with a non-leaf entry,
so that any page-table pages these entries point to will be
lost.
Further, on x86-32 with SHARED_KERNEL_PMD=0, this causes a
BUG_ON() in vmalloc_sync_one() when PMD entries are synced
from swapper_pg_dir to the current page-table. This happens
because the PMD entry from swapper_pg_dir was promoted to a
huge-page entry while the current PGD still contains the
non-leaf entry. Because both entries are present and point
to a different page, the BUG_ON() triggers.
This was actually triggered with pti-x32 enabled in a KVM
virtual machine by the graphics driver.
A real and better fix for that would be to improve the
page-table handling in the generic ioremap() code. But that is
out-of-scope for this patch-set and left for later work.
Reported-by: David H. Gutteridge <dhgutteridge@sympatico.ca>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Eduardo Valentin <eduval@amazon.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Waiman Long <llong@redhat.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: aliguori@amazon.com
Cc: daniel.gruss@iaik.tugraz.at
Cc: hughd@google.com
Cc: keescook@google.com
Cc: linux-mm@kvack.org
Link: http://lkml.kernel.org/r/20180411152437.GC15462@8bytes.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 4596749339e06dc7a424fc08a15eded850ed78b7 ]
Without this fix, /proc/cpuinfo will display an incorrect amount
of CPU cores, after bringing them offline and online again, as
exemplified below:
$ cat /proc/cpuinfo | grep cores
cpu cores : 4
cpu cores : 8
cpu cores : 8
cpu cores : 20
cpu cores : 4
cpu cores : 3
cpu cores : 2
cpu cores : 2
This patch fixes this by always zeroing the booted_cores variable
upon turning off a logical CPU.
Tested-by: Dou Liyang <douly.fnst@cn.fujitsu.com>
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: jgross@suse.com
Cc: luto@kernel.org
Cc: prarit@redhat.com
Cc: vkuznets@redhat.com
Link: http://lkml.kernel.org/r/20180221205036.5244-1-sneves@dei.uc.pt
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 328008a72d38b5bde6491e463405c34a81a65d3e ]
The declaration for swsusp_arch_resume marks it as 'asmlinkage', but the
definition in x86-32 does not, and it fails to include the header with the
declaration. This leads to a warning when building with
link-time-optimizations:
kernel/power/power.h:108:23: error: type of 'swsusp_arch_resume' does not match original declaration [-Werror=lto-type-mismatch]
extern asmlinkage int swsusp_arch_resume(void);
^
arch/x86/power/hibernate_32.c:148:0: note: 'swsusp_arch_resume' was previously declared here
int swsusp_arch_resume(void)
This moves the declaration into a globally visible header file and fixes up
both x86 definitions to match it.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Len Brown <len.brown@intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Nicolas Pitre <nico@linaro.org>
Cc: linux-pm@vger.kernel.org
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Bart Van Assche <bart.vanassche@wdc.com>
Link: https://lkml.kernel.org/r/20180202145634.200291-2-arnd@arndb.de
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 51776043afa415435c7e4636204fbe4f7edc4501 ]
This ioctl is obsolete (it was used by Xenner as far as I know) but
still let's not break it gratuitously... Its handler is copying
directly into struct kvm. Go through a bounce buffer instead, with
the added benefit that we can actually do something useful with the
flags argument---the previous code was exiting with -EINVAL but still
doing the copy.
This technically is a userspace ABI breakage, but since no one should be
using the ioctl, it's a good occasion to see if someone actually
complains.
Cc: kernel-hardening@lists.openwall.com
Cc: Kees Cook <keescook@chromium.org>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlsJA10ACgkQONu9yGCS
aT4NqRAAr+4+KwFqbdUDDAdYMLgomybjLVNxbI80CvOTF24NIKfKIKUn+Q3e2qCE
11y2Q+PixE9qbujYPg+qoC3Xux+S6DAj9QOJPJpuJVQhBRRmnFugKlAq630kaoxx
VOPJx1x+244Q1OsAJMRDqEJEtMEFew/r0VGQ1yrXd9APYgc0KvDKHfjt8rXzGGuA
sdf5GsbxSxptMCF6nnUAGcyfuRBVIBW0v6NOEnj5m/K6f4oESQb+uKk7R8MO7m3U
kc2ggTALxA1u/0iAsfxScfaFkT865+2IxCz4i4N13PUmxuJJTDF0xshAOSdlrSxV
j8x7B+YmVaPgs63m2EyClQpVitqkcgyfiPZ0byWEcaKtuYXavcOO77aGB7W/QUSw
ZfGJeDhz0hkjOCSGD2LCx062clMSpqqZn20MUDyF32HiRl1mIf6prac/LBXphNHh
l+arXyzRk9rVTgtfbqcKBgi8h5n0LKzqbfD4f+8hrhv8q0i+9tNoM1lW8R+GL4RC
nXfCuhCEIEXbsfQIJeSkEp6AH8N9guMcbw9jOiji9HvNFQZj3RpfkuCHGGggBlwa
EiD3GzMhwFyJmIzWqdYCSGfCh6YI6FA7KpspOKhUKZKkHVDfJ7M+A8lBQmOZGRBQ
G44XJJvaKB7l/I0ux2S0C5CdcyBb7EMjD8tXXLnRjMEGjLoKpqM=
=s+Ms
-----END PGP SIGNATURE-----
Merge 4.4.133 into android-4.4
Changes in 4.4.133
8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
bridge: check iface upper dev when setting master via ioctl
dccp: fix tasklet usage
ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
llc: better deal with too small mtu
net: ethernet: sun: niu set correct packet size in skb
net/mlx4_en: Verify coalescing parameters are in range
net_sched: fq: take care of throttled flows before reuse
net: support compat 64-bit time in {s,g}etsockopt
openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
qmi_wwan: do not steal interfaces from class drivers
r8169: fix powering up RTL8168h
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
bonding: do not allow rlb updates to invalid mac
tcp: ignore Fast Open on repair mode
sctp: fix the issue that the cookie-ack with auth can't get processed
sctp: delay the authentication for the duplicated cookie-echo chunk
ALSA: timer: Call notifier in the same spinlock
audit: move calcs after alloc and check when logging set loginuid
arm64: introduce mov_q macro to move a constant into a 64-bit register
arm64: Add work around for Arm Cortex-A55 Erratum 1024718
futex: Remove unnecessary warning from get_futex_key
futex: Remove duplicated code and fix undefined behaviour
xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
lockd: lost rollback of set_grace_period() in lockd_down_net()
Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap"
l2tp: revert "l2tp: fix missing print session offset info"
pipe: cap initial pipe capacity according to pipe-max-size limit
futex: futex_wake_op, fix sign_extend32 sign bits
kernel/exit.c: avoid undefined behaviour when calling wait4()
usbip: usbip_host: refine probe and disconnect debug msgs to be useful
usbip: usbip_host: delete device from busid_table after rebind
usbip: usbip_host: run rebind from exit when module is removed
usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
usbip: usbip_host: fix bad unlock balance during stub_probe()
ALSA: usb: mixer: volume quirk for CM102-A+/102S+
ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
ALSA: control: fix a redundant-copy issue
spi: pxa2xx: Allow 64-bit DMA
powerpc/powernv: panic() on OPAL < V3
powerpc/powernv: Remove OPALv2 firmware define and references
powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL
cpuidle: coupled: remove unused define cpuidle_coupled_lock
powerpc: Don't preempt_disable() in show_cpuinfo()
vmscan: do not force-scan file lru if its absolute size is small
proc: meminfo: estimate available memory more conservatively
mm: filemap: remove redundant code in do_read_cache_page
mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete during a read
signals: avoid unnecessary taking of sighand->siglock
cpufreq: intel_pstate: Enable HWP by default
tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
proc read mm's {arg,env}_{start,end} with mmap semaphore taken.
procfs: fix pthread cross-thread naming if !PR_DUMPABLE
powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
mm: don't allow deferred pages with NEED_PER_CPU_KM
s390/qdio: fix access to uninitialized qdio_q fields
s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
s390/qdio: don't release memory in qdio_setup_irq()
s390: remove indirect branch from do_softirq_own_stack
efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
tick/broadcast: Use for_each_cpu() specially on UP kernels
ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
Btrfs: fix xattr loss after power failure
btrfs: fix crash when trying to resume balance without the resume flag
btrfs: fix reading stale metadata blocks after degraded raid1 mounts
net: test tailroom before appending to linear skb
packet: in packet_snd start writing at link layer allocation
sock_diag: fix use-after-free read in __sk_free
tcp: purge write queue in tcp_connect_init()
ext2: fix a block leak
s390: add assembler macros for CPU alternatives
s390: move expoline assembler macros to a header
s390/lib: use expoline for indirect branches
s390/kernel: use expoline for indirect branches
s390: move spectre sysfs attribute code
s390: extend expoline to BC instructions
s390: use expoline thunks in the BPF JIT
scsi: libsas: defer ata device eh commands to libata
scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
scsi: zfcp: fix infinite iteration on ERP ready list
dmaengine: ensure dmaengine helpers check valid callback
time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
gpio: rcar: Add Runtime PM handling for interrupts
cfg80211: limit wiphy names to 128 bytes
hfsplus: stop workqueue when fill_super() failed
x86/kexec: Avoid double free_page() upon do_kexec_load() failure
Linux 4.4.133
Change-Id: I0554b12889bc91add2a444da95f18d59c6fb9cdb
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit a466ef76b815b86748d9870ef2a430af7b39c710 upstream.
>From ff82bedd3e12f0d3353282054ae48c3bd8c72012 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Wed, 9 May 2018 12:12:39 +0900
Subject: x86/kexec: Avoid double free_page() upon do_kexec_load() failure
syzbot is reporting crashes after memory allocation failure inside
do_kexec_load() [1]. This is because free_transition_pgtable() is called
by both init_transition_pgtable() and machine_kexec_cleanup() when memory
allocation failed inside init_transition_pgtable().
Regarding 32bit code, machine_kexec_free_page_tables() is called by both
machine_kexec_alloc_page_tables() and machine_kexec_cleanup() when memory
allocation failed inside machine_kexec_alloc_page_tables().
Fix this by leaving the error handling to machine_kexec_cleanup()
(and optionally setting NULL after free_page()).
[1] https://syzkaller.appspot.com/bug?id=91e52396168cf2bdd572fe1e1bc0bc645c1c6b40
Fixes: f5deb79679 ("x86: kexec: Use one page table in x86_64 machine_kexec")
Fixes: 92be3d6bdf ("kexec/i386: allocate page table pages dynamically")
Reported-by: syzbot <syzbot+d96f60296ef613fe1d69@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Baoquan He <bhe@redhat.com>
Cc: thomas.lendacky@amd.com
Cc: prudo@linux.vnet.ibm.com
Cc: Huang Ying <ying.huang@intel.com>
Cc: syzkaller-bugs@googlegroups.com
Cc: takahiro.akashi@linaro.org
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: akpm@linux-foundation.org
Cc: dyoung@redhat.com
Cc: kirill.shutemov@linux.intel.com
Link: https://lkml.kernel.org/r/201805091942.DGG12448.tMFVFSJFQOOLHO@I-love.SAKURA.ne.jp
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0b3225ab9407f557a8e20f23f37aa7236c10a9b1 upstream.
Mixed mode allows a kernel built for x86_64 to interact with 32-bit
EFI firmware, but requires us to define all struct definitions carefully
when it comes to pointer sizes.
'struct efi_pci_io_protocol_32' currently uses a 'void *' for the
'romimage' field, which will be interpreted as a 64-bit field
on such kernels, potentially resulting in bogus memory references
and subsequent crashes.
Tested-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: <stable@vger.kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20180504060003.19618-13-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 45dd9b0666a162f8e4be76096716670cf1741f0e upstream.
Doing an audit of trace events, I discovered two trace events in the xen
subsystem that use a hack to create zero data size trace events. This is not
what trace events are for. Trace events add memory footprint overhead, and
if all you need to do is see if a function is hit or not, simply make that
function noinline and use function tracer filtering.
Worse yet, the hack used was:
__array(char, x, 0)
Which creates a static string of zero in length. There's assumptions about
such constructs in ftrace that this is a dynamic string that is nul
terminated. This is not the case with these tracepoints and can cause
problems in various parts of ftrace.
Nuke the trace events!
Link: http://lkml.kernel.org/r/20180509144605.5a220327@gandalf.local.home
Cc: stable@vger.kernel.org
Fixes: 95a7d76897 ("xen/mmu: Use Xen specific TLB flush instead of the generic one.")
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 30d6e0a4190d37740e9447e4e4815f06992dd8c3 upstream.
There is code duplicated over all architecture's headers for
futex_atomic_op_inuser. Namely op decoding, access_ok check for uaddr,
and comparison of the result.
Remove this duplication and leave up to the arches only the needed
assembly which is now in arch_futex_atomic_op_inuser.
This effectively distributes the Will Deacon's arm64 fix for undefined
behaviour reported by UBSAN to all architectures. The fix was done in
commit 5f16a046f8e1 (arm64: futex: Fix undefined behaviour with
FUTEX_OP_OPARG_SHIFT usage). Look there for an example dump.
And as suggested by Thomas, check for negative oparg too, because it was
also reported to cause undefined behaviour report.
Note that s390 removed access_ok check in d12a29703 ("s390/uaccess:
remove pointless access_ok() checks") as access_ok there returns true.
We introduce it back to the helper for the sake of simplicity (it gets
optimized away anyway).
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Russell King <rmk+kernel@armlinux.org.uk>
Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc)
Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com> [s390]
Acked-by: Chris Metcalf <cmetcalf@mellanox.com> [for tile]
Reviewed-by: Darren Hart (VMware) <dvhart@infradead.org>
Reviewed-by: Will Deacon <will.deacon@arm.com> [core/arm64]
Cc: linux-mips@linux-mips.org
Cc: Rich Felker <dalias@libc.org>
Cc: linux-ia64@vger.kernel.org
Cc: linux-sh@vger.kernel.org
Cc: peterz@infradead.org
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Max Filippov <jcmvbkbc@gmail.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: sparclinux@vger.kernel.org
Cc: Jonas Bonn <jonas@southpole.se>
Cc: linux-s390@vger.kernel.org
Cc: linux-arch@vger.kernel.org
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Cc: linux-hexagon@vger.kernel.org
Cc: Helge Deller <deller@gmx.de>
Cc: "James E.J. Bottomley" <jejb@parisc-linux.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Matt Turner <mattst88@gmail.com>
Cc: linux-snps-arc@lists.infradead.org
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: linux-xtensa@linux-xtensa.org
Cc: Stefan Kristiansson <stefan.kristiansson@saunalahti.fi>
Cc: openrisc@lists.librecores.org
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Stafford Horne <shorne@gmail.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: Richard Henderson <rth@twiddle.net>
Cc: Chris Zankel <chris@zankel.net>
Cc: Michal Simek <monstr@monstr.eu>
Cc: Tony Luck <tony.luck@intel.com>
Cc: linux-parisc@vger.kernel.org
Cc: Vineet Gupta <vgupta@synopsys.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Richard Kuo <rkuo@codeaurora.org>
Cc: linux-alpha@vger.kernel.org
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: "David S. Miller" <davem@davemloft.net>
Link: http://lkml.kernel.org/r/20170824073105.3901-1-jslaby@suse.cz
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The vdso{32,64}.so can fail to build when CC=clang when clang tries to
find a suitable GCC toolchain to link these libraries with.
/usr/bin/ld: arch/x86/entry/vdso/vclock_gettime.o: access beyond end of merged section (782)
This happens because the host environment leaked into the CROSS_COMPILE
environment due to the way clang searches for suitable GCC toolchains.
Most of the time this goes unnoticed because the host linker is new
enough to work anyway, but on this particular machine it was not.
Extract the needed --target and --gcc-toolchain flags added in the top
level Makefile from KBUILD_CFLAGS.
Bug: 63889157
Change-Id: If7d4097d1d2eaf95f18d0295483bde8792a06844
Signed-off-by: Alistair Strachan <astrachan@google.com>
* refs/heads/tmp-46155cc
Linux 4.4.132
perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
tracing/uprobe_event: Fix strncpy corner case
Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"
atm: zatm: Fix potential Spectre v1
net: atm: Fix potential Spectre v1
can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()
tracing: Fix regex_match_front() to not over compare the test string
libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
rfkill: gpio: fix memory leak in probe error path
xfrm_user: fix return value from xfrm_user_rcv_msg
f2fs: fix a dead loop in f2fs_fiemap()
bdi: Fix oops in wb_workfn()
tcp: fix TCP_REPAIR_QUEUE bound checking
perf: Remove superfluous allocation error check
soreuseport: initialise timewait reuseport field
dccp: initialize ireq->ir_mark
net: fix uninit-value in __hw_addr_add_ex()
net: initialize skb->peeked when cloning
net: fix rtnh_ok()
netlink: fix uninit-value in netlink_sendmsg
crypto: af_alg - fix possible uninit-value in alg_bind()
ipvs: fix rtnl_lock lockups caused by start_sync_thread
usb: musb: host: fix potential NULL pointer dereference
USB: serial: option: adding support for ublox R410M
USB: serial: option: reimplement interface masking
USB: Accept bulk endpoints with 1024-byte maxpacket
USB: serial: visor: handle potential invalid device configuration
test_firmware: fix setting old custom fw path back on exit, second try
drm/vmwgfx: Fix a buffer object leak
IB/mlx5: Use unlimited rate when static rate is not supported
NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2
RDMA/mlx5: Protect from shift operand overflow
RDMA/ucma: Allow resolving address w/o specifying source address
xfs: prevent creating negative-sized file via INSERT_RANGE
Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro
Input: leds - fix out of bound access
tracepoint: Do not warn on ENOMEM
ALSA: aloop: Add missing cable lock to ctl API callbacks
ALSA: aloop: Mark paused device as inactive
ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
ALSA: pcm: Check PCM state at xfern compat ioctl
USB: serial: option: Add support for Quectel EP06
gpmi-nand: Handle ECC Errors in erased pages
ath10k: rebuild crypto header in rx data frames
ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
mac80211: Add RX flag to indicate ICV stripped
mac80211: allow same PN for AMSDU sub-frames
mac80211: allow not sending MIC up from driver for HW crypto
percpu: include linux/sched.h for cond_resched()
KVM: s390: Enable all facility bits that are known good for passthrough
bpf: map_get_next_key to return first key on NULL
perf/core: Fix the perf_cpu_time_max_percent check
goldfish: pipe: ANDROID: mark local functions static
Revert "goldfish: pipe: ANDROID: Allocate memory with GFP_KERNEL."
UPSTREAM: ANDROID: binder: prevent transactions into own process.
goldfish: pipe: ANDROID: Add DMA support
UPSTREAM: f2fs: clear PageError on writepage - part 2
UPSTREAM: f2fs: avoid fsync() failure caused by EAGAIN in writepage()
ANDROID: build.config: enforce trace_printk check
ANDROID: x86_64_cuttlefish_defconfig: Disable KPTI
UPSTREAM: mac80211: ibss: Fix channel type enum in ieee80211_sta_join_ibss()
UPSTREAM: mac80211: Fix clang warning about constant operand in logical operation
UPSTREAM: nl80211: Fix enum type of variable in nl80211_put_sta_rate()
UPSTREAM: sysfs: remove signedness from sysfs_get_dirent
UPSTREAM: tracing: Use cpumask_available() to check if cpumask variable may be used
BACKPORT: clocksource: Use GENMASK_ULL in definition of CLOCKSOURCE_MASK
UPSTREAM: netpoll: Fix device name check in netpoll_setup()
FROMLIST: staging: Fix sparse warnings in vsoc driver.
FROMLIST: staging: vsoc: Fix a i386-randconfig warning.
FROMLIST: staging: vsoc: Create wc kernel mapping for region shm.
Revert "goldfish: pipe: ANDROID: remove a redundant target"
goldfish: pipe: ANDROID: Replace writel with gf_write_ptr
goldfish: pipe: ANDROID: Use dev_ logging instead of pr_
goldfish: pipe: ANDROID: fix checkpatch warnings
goldfish: pipe: ANDROID: Update module license
Conflicts:
drivers/net/wireless/ath/ath10k/core.c
drivers/net/wireless/ath/ath10k/core.h
drivers/net/wireless/ath/ath10k/htt_rx.c
Change-Id: If2ede1dea6a07b3fd498724e83071fd547170e1c
[spathi@codeaurora.org: resolved compilation errors in ath10k
by rebuilding crypto header in rx data frames]
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlr75p0ACgkQONu9yGCS
aT7YbhAApRoY4GSubs/BHl0Rp24ElRrfxYzyAuB3BLkiMchnP2/5QvqVP1rUk44s
GjceRff2+Ylk8BmgbmynuXYnNuKss8QC+yk0HB5RGu5GkwWWj1XnP/TUkHCaWR0a
WeGs2L4anmg5yvf9gHkEjVKBxNTy/xKhGCKqnNEyZ6KE5o3mHigNZl0yW2yNWLSg
XItDPGSnanhRwDUZv5j7TBsH5K9YFtjT9m631NiTGF0I0MI5UDnnKvXqjLsO2qxs
oHerdOQcMZFCScn1GMSGDpz4kAp/JjQIAnwOsgw92usk2H8i6vGExIOKLGt5Jn/O
3a9hp4cn8dQiZ9oofPC43N3XmH3XfGQnQllkX7Zoh4qB6gheVHwiY0+rH9IDrdkn
/Mv6HCMTSGJ7CcLwMRxBqvOKX6DT1iNaw2n2zzOwoLecDYRYn1W6pgOHWKl4uBcd
j0xKEf1lUM0WrboOdF3j1slJXgpXXvJOrr7tPABbEKNcaOXdmIttN8CLRG5tV3GP
TLH+Qz+xDzYH2chy4RVsCXO9S2gwXgtladXVh4LR913sY+k5J6KWPkmmCmwZD3Z5
txUG13UtAiThrijoRngtz0MDYXyh6Mn/9ylChRcQSYecFD2awGXjORKcWQUXfH1n
2Wq00QC6wNYirpqpGWlS1mi9XGTTpkRgPN0cWV3+QLG3D0lofhU=
=bVRt
-----END PGP SIGNATURE-----
Merge 4.4.132 into android-4.4
Changes in 4.4.132
perf/core: Fix the perf_cpu_time_max_percent check
bpf: map_get_next_key to return first key on NULL
KVM: s390: Enable all facility bits that are known good for passthrough
percpu: include linux/sched.h for cond_resched()
mac80211: allow not sending MIC up from driver for HW crypto
mac80211: allow same PN for AMSDU sub-frames
mac80211: Add RX flag to indicate ICV stripped
ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
ath10k: rebuild crypto header in rx data frames
gpmi-nand: Handle ECC Errors in erased pages
USB: serial: option: Add support for Quectel EP06
ALSA: pcm: Check PCM state at xfern compat ioctl
ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
ALSA: aloop: Mark paused device as inactive
ALSA: aloop: Add missing cable lock to ctl API callbacks
tracepoint: Do not warn on ENOMEM
Input: leds - fix out of bound access
Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro
xfs: prevent creating negative-sized file via INSERT_RANGE
RDMA/ucma: Allow resolving address w/o specifying source address
RDMA/mlx5: Protect from shift operand overflow
NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2
IB/mlx5: Use unlimited rate when static rate is not supported
drm/vmwgfx: Fix a buffer object leak
test_firmware: fix setting old custom fw path back on exit, second try
USB: serial: visor: handle potential invalid device configuration
USB: Accept bulk endpoints with 1024-byte maxpacket
USB: serial: option: reimplement interface masking
USB: serial: option: adding support for ublox R410M
usb: musb: host: fix potential NULL pointer dereference
ipvs: fix rtnl_lock lockups caused by start_sync_thread
crypto: af_alg - fix possible uninit-value in alg_bind()
netlink: fix uninit-value in netlink_sendmsg
net: fix rtnh_ok()
net: initialize skb->peeked when cloning
net: fix uninit-value in __hw_addr_add_ex()
dccp: initialize ireq->ir_mark
soreuseport: initialise timewait reuseport field
perf: Remove superfluous allocation error check
tcp: fix TCP_REPAIR_QUEUE bound checking
bdi: Fix oops in wb_workfn()
f2fs: fix a dead loop in f2fs_fiemap()
xfrm_user: fix return value from xfrm_user_rcv_msg
rfkill: gpio: fix memory leak in probe error path
libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs
tracing: Fix regex_match_front() to not over compare the test string
can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg()
net: atm: Fix potential Spectre v1
atm: zatm: Fix potential Spectre v1
Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174"
tracing/uprobe_event: Fix strncpy corner case
perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_*
perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map()
Linux 4.4.132
Change-Id: I66c21e374dff5a5735f1c5958021612387c635bf
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Blagovest Kolenichev
Greg Kroah-Hartman
Dan Williams
Srinivasarao P
Paolo Bonzini
Andy Lutomirski
Borislav Petkov
Yu-cheng Yu
Borislav Petkov
Juergen Gross
Roman Kiryanov
Alistair Strachan
Baoquan He
Ivan Gorinov
Vitaly Kuznetsov
Sean Christopherson
Joerg Roedel
Samuel Neves
Arnd Bergmann
Tetsuo Handa
Ard Biesheuvel
Steven Rostedt (VMware)
Jiri Slaby
Peter Zijlstra
Greg Hartman