commit 7fc5854f8c6efae9e7624970ab49a1eac2faefb1 upstream.
sync_inodes_sb() can race against cgwb (cgroup writeback) membership
switches and fail to writeback some inodes. For example, if an inode
switches to another wb while sync_inodes_sb() is in progress, the new
wb might not be visible to bdi_split_work_to_wbs() at all or the inode
might jump from a wb which hasn't issued writebacks yet to one which
already has.
This patch adds backing_dev_info->wb_switch_rwsem to synchronize cgwb
switch path against sync_inodes_sb() so that sync_inodes_sb() is
guaranteed to see all the target wbs and inodes can't jump wbs to
escape syncing.
v2: Fixed misplaced rwsem init. Spotted by Jiufei.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Jiufei Xue <xuejiufei@gmail.com>
Link: http://lkml.kernel.org/r/dc694ae2-f07f-61e1-7097-7c8411cee12d@gmail.com
Acked-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 134fca9063ad4851de767d1768180e5dede9a881 upstream.
The semantics of what mincore() considers to be resident is not
completely clear, but Linux has always (since 2.3.52, which is when
mincore() was initially done) treated it as "page is available in page
cache".
That's potentially a problem, as that [in]directly exposes
meta-information about pagecache / memory mapping state even about
memory not strictly belonging to the process executing the syscall,
opening possibilities for sidechannel attacks.
Change the semantics of mincore() so that it only reveals pagecache
information for non-anonymous mappings that belog to files that the
calling process could (if it tried to) successfully open for writing;
otherwise we'd be including shared non-exclusive mappings, which
- is the sidechannel
- is not the usecase for mincore(), as that's primarily used for data,
not (shared) text
[jkosina@suse.cz: v2]
Link: http://lkml.kernel.org/r/20190312141708.6652-2-vbabka@suse.cz
[mhocko@suse.com: restructure can_do_mincore() conditions]
Link: http://lkml.kernel.org/r/nycvar.YFH.7.76.1903062342020.19912@cbobk.fhfr.pm
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: Josh Snyder <joshs@netflix.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Originally-by: Linus Torvalds <torvalds@linux-foundation.org>
Originally-by: Dominique Martinet <asmadeus@codewreck.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Dave Chinner <david@fromorbit.com>
Cc: Kevin Easton <kevin@guarana.org>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Cyril Hrubis <chrubis@suse.cz>
Cc: Tejun Heo <tj@kernel.org>
Cc: Kirill A. Shutemov <kirill@shutemov.name>
Cc: Daniel Gruss <daniel@gruss.cc>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-aab9adb
Linux 4.4.179
kernel/sysctl.c: fix out-of-bounds access when setting file-max
Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()"
ALSA: info: Fix racy addition/deletion of nodes
mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n
device_cgroup: fix RCU imbalance in error case
sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
Revert "kbuild: use -Oz instead of -Os when using clang"
mac80211: do not call driver wake_tx_queue op during reconfig
kprobes: Fix error check when reusing optimized probes
kprobes: Mark ftrace mcount handler functions nokprobe
x86/kprobes: Verify stack frame on kretprobe
arm64: futex: Restore oldval initialization to work around buggy compilers
crypto: x86/poly1305 - fix overflow during partial reduction
ALSA: core: Fix card races between register and disconnect
staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
staging: comedi: ni_usb6501: Fix use of uninitialized mutex
staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
staging: comedi: vmk80xx: Fix use of uninitialized semaphore
io: accel: kxcjk1013: restore the range after resume.
iio: adc: at91: disable adc channel interrupt in timeout case
iio: ad_sigma_delta: select channel when reading register
iio/gyro/bmg160: Use millidegrees for temperature scale
KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
modpost: file2alias: check prototype of handler
modpost: file2alias: go back to simple devtable lookup
crypto: crypto4xx - properly set IV after de- and encrypt
ipv4: ensure rcu_read_lock() in ipv4_link_failure()
ipv4: recompile ip options in ipv4_link_failure
tcp: tcp_grow_window() needs to respect tcp_space()
net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
net: bridge: multicast: use rcu to access port list from br_multicast_start_querier
net: atm: Fix potential Spectre v1 vulnerabilities
bonding: fix event handling for stacked bonds
appletalk: Fix compile regression
ovl: fix uid/gid when creating over whiteout
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
lib/div64.c: off by one in shift
appletalk: Fix use-after-free in atalk_proc_exit
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
iommu/dmar: Fix buffer overflow during PCI bus notification
crypto: sha512/arm - fix crash bug in Thumb2 build
crypto: sha256/arm - fix crash bug in Thumb2 build
cifs: fallback to older infolevels on findfirst queryinfo retry
ACPI / SBS: Fix GPE storm on recent MacBookPro's
ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
serial: uartps: console_setup() can't be placed to init section
f2fs: fix to do sanity check with current segment number
9p locks: add mount option for lock retry interval
9p: do not trust pdu content for stat item size
rsi: improve kernel thread handling to fix kernel panic
ext4: prohibit fstrim in norecovery mode
fix incorrect error code mapping for OBJECTID_NOT_FOUND
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
iommu/vt-d: Check capability before disabling protected memory
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
x86/hpet: Prevent potential NULL pointer dereference
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test
perf evsel: Free evsel->counts in perf_evsel__exit()
perf top: Fix error handling in cmd_top()
tools/power turbostat: return the exit status of a command
thermal/int340x_thermal: fix mode setting
thermal/int340x_thermal: Add additional UUIDs
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
mmc: davinci: remove extraneous __init annotation
IB/mlx4: Fix race condition between catas error reset and aliasguid flows
ALSA: sb8: add a check for request_region
ALSA: echoaudio: add a check for ioremap_nocache
ext4: report real fs size after failed resize
ext4: add missing brelse() in add_new_gdb_meta_bg()
perf/core: Restore mmap record type correctly
PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
xtensa: fix return_address
sched/fair: Do not re-read ->h_load_next during hierarchical load calculation
xen: Prevent buffer overflow in privcmd ioctl
arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
ARM: dts: at91: Fix typo in ISC_D0 on PC9
genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
block: do not leak memory in bio_copy_user_iov()
ASoC: fsl_esai: fix channel swap issue when stream starts
include/linux/bitrev.h: fix constant bitrev
ALSA: seq: Fix OOB-reads from strlcpy
ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
net: ethtool: not call vzalloc for zero sized memory request
netns: provide pure entropy for net_hash_mix()
tcp: Ensure DCTCP reacts to losses
sctp: initialize _pad of sockaddr_in before copying to user memory
qmi_wwan: add Olicard 600
openvswitch: fix flow actions reallocation
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
ipv6: sit: reset ip header pointer in ipip6_rcv
ipv6: Fix dangling pointer when ipv6 fragment
tty: ldisc: add sysctl to prevent autoloading of ldiscs
tty: mark Siemens R3964 line discipline as BROKEN
lib/string.c: implement a basic bcmp
x86/vdso: Drop implicit common-page-size linker flag
x86: vdso: Use $LD instead of $CC to link
x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
binfmt_elf: switch to new creds when switching to new mm
drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
dmaengine: tegra: avoid overflow of byte tracking
x86/build: Mark per-CPU symbols as absolute explicitly for LLD
wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
netfilter: physdev: relax br_netfilter dependency
dmaengine: imx-dma: fix warning comparison of distinct pointer types
hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
soc/tegra: fuse: Fix illegal free of IO base address
hwrng: virtio - Avoid repeated init of completion
media: mt9m111: set initial frame size other than 0x0
tty: increase the default flip buffer limit to 2*640K
ARM: avoid Cortex-A9 livelock on tight dmb loops
mt7601u: bump supported EEPROM version
soc: qcom: gsbi: Fix error handling in gsbi_probe()
ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
cdrom: Fix race condition in cdrom_sysctl_register
fbdev: fbmem: fix memory access if logo is bigger than the screen
bcache: improve sysfs_strtoul_clamp()
bcache: fix input overflow to sequential_cutoff
bcache: fix input overflow to cache set sysfs file io_error_halflife
ALSA: PCM: check if ops are defined before suspending PCM
ARM: 8833/1: Ensure that NEON code always compiles with Clang
kprobes: Prohibit probing on bsearch()
leds: lp55xx: fix null deref on firmware load failure
media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
media: s5p-g2d: Correct return type for mem2mem buffer helpers
media: s5p-jpeg: Correct return type for mem2mem buffer helpers
media: sh_veu: Correct return type for mem2mem buffer helpers
SoC: imx-sgtl5000: add missing put_device()
perf test: Fix failure of 'evsel-tp-sched' test on s390
scsi: megaraid_sas: return error when create DMA pool failed
IB/mlx4: Increase the timeout for CM cache
e1000e: Fix -Wformat-truncation warnings
mmc: omap: fix the maximum timeout setting
ARM: 8840/1: use a raw_spinlock_t in unwind
coresight: etm4x: Add support to enable ETMv4.2
scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
usb: chipidea: Grab the (legacy) USB PHY by phandle first
tools lib traceevent: Fix buffer overflow in arg_eval
fs: fix guard_bio_eod to check for real EOD errors
cifs: Fix NULL pointer dereference of devname
dm thin: add sanity checks to thin-pool and external snapshot creation
cifs: use correct format characters
fs/file.c: initialize init_files.resize_wait
f2fs: do not use mutex lock in atomic context
ocfs2: fix a panic problem caused by o2cb_ctl
mm/slab.c: kmemleak no scan alien caches
mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
mm/page_ext.c: fix an imbalance with kmemleak
mm/cma.c: cma_declare_contiguous: correct err handling
enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
sysctl: handle overflow for file-max
gpio: gpio-omap: fix level interrupt idling
tracing: kdb: Fix ftdump to not sleep
h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
CIFS: fix POSIX lock leak and invalid ptr deref
tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
Bluetooth: Fix decrementing reference count twice in releasing socket
i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
tty/serial: atmel: Add is_half_duplex helper
lib/int_sqrt: optimize initial value compute
ext4: cleanup bh release code in ext4_ind_remove_space()
arm64: debug: Ensure debug handlers check triggering exception level
arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
Make arm64 serial port config compatible with crosvm
Fix merge issue with 4.4.178
Fix merge issue with 4.4.177
ANDROID: cuttlefish_defconfig: Enable CONFIG_OVERLAY_FS
Change-Id: I0d6e7b00f0198867803d5fe305ce13e205cc7518
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzEBesACgkQONu9yGCS
aT4KhA//fTPDn1cwSHYX7vCK1gWVfAC+d7SnWcdlyjiCzuUNOHeGtwYl2xIi2pmH
7cnxCpzKRbxgPCuawj/T4MrZoKtc2fH8sduQGQtiIgtz4rew9vqYcQTIxO0AF8cI
KcqZefj7L6M04RxSq+F0O2MpXtPCIfDnoYej44Espa5tCt1tWJLxQvaEV4waHmA1
+6/Sh9ZlWzMF/vcyTJS0RpCSNrHDVjaoQjgQuaDNGaGhPhaWqvPavd4eSzLrOQ4U
r54X+T3vqQuF3gjSVywGgSvRkpFX+ZTsgPtg9mkm3oJTNoLUa9nnCRl1p6ig+moI
+7ZPFbk0Duhi+N34GpSL2MXbFkMz49Cvon+kDlQrO0LvETWha39VyEG/GcHSCm+o
ISNWwEY//rsYl8JF3rZIzfbw973/x0QKZeNQySs184ls4pwnIo3To3fL2Wv9ArA1
jCIHT3lFwBkNZUMfK9hz8e7fC93QZPIgDLGx/HWBDPRE05D5O29kRSuj6cQ10GFk
PChQiV3WLiwgwEhq3/tIso3052MheAVaNsz76wYbpakTrupjkapNeN64bOOZO2FD
BzdLkpSjOIe5kaSMzzVCTt9A25M0t8iz/rj7/6OEPYtaT8T49t1ZtTxjrAzqL2nc
oyB0U20t67uMoaloZUQF6kYmMirvnYYVwDWSHXQ568bU5wXhI0U=
=pJ1x
-----END PGP SIGNATURE-----
Merge 4.4.179 into android-4.4
Changes in 4.4.179
arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
arm64: debug: Ensure debug handlers check triggering exception level
ext4: cleanup bh release code in ext4_ind_remove_space()
lib/int_sqrt: optimize initial value compute
tty/serial: atmel: Add is_half_duplex helper
mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
Bluetooth: Fix decrementing reference count twice in releasing socket
tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
CIFS: fix POSIX lock leak and invalid ptr deref
h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
tracing: kdb: Fix ftdump to not sleep
gpio: gpio-omap: fix level interrupt idling
sysctl: handle overflow for file-max
enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
mm/cma.c: cma_declare_contiguous: correct err handling
mm/page_ext.c: fix an imbalance with kmemleak
mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
mm/slab.c: kmemleak no scan alien caches
ocfs2: fix a panic problem caused by o2cb_ctl
f2fs: do not use mutex lock in atomic context
fs/file.c: initialize init_files.resize_wait
cifs: use correct format characters
dm thin: add sanity checks to thin-pool and external snapshot creation
cifs: Fix NULL pointer dereference of devname
fs: fix guard_bio_eod to check for real EOD errors
tools lib traceevent: Fix buffer overflow in arg_eval
usb: chipidea: Grab the (legacy) USB PHY by phandle first
scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
coresight: etm4x: Add support to enable ETMv4.2
ARM: 8840/1: use a raw_spinlock_t in unwind
mmc: omap: fix the maximum timeout setting
e1000e: Fix -Wformat-truncation warnings
IB/mlx4: Increase the timeout for CM cache
scsi: megaraid_sas: return error when create DMA pool failed
perf test: Fix failure of 'evsel-tp-sched' test on s390
SoC: imx-sgtl5000: add missing put_device()
media: sh_veu: Correct return type for mem2mem buffer helpers
media: s5p-jpeg: Correct return type for mem2mem buffer helpers
media: s5p-g2d: Correct return type for mem2mem buffer helpers
media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
leds: lp55xx: fix null deref on firmware load failure
kprobes: Prohibit probing on bsearch()
ARM: 8833/1: Ensure that NEON code always compiles with Clang
ALSA: PCM: check if ops are defined before suspending PCM
bcache: fix input overflow to cache set sysfs file io_error_halflife
bcache: fix input overflow to sequential_cutoff
bcache: improve sysfs_strtoul_clamp()
fbdev: fbmem: fix memory access if logo is bigger than the screen
cdrom: Fix race condition in cdrom_sysctl_register
ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
soc: qcom: gsbi: Fix error handling in gsbi_probe()
mt7601u: bump supported EEPROM version
ARM: avoid Cortex-A9 livelock on tight dmb loops
tty: increase the default flip buffer limit to 2*640K
media: mt9m111: set initial frame size other than 0x0
hwrng: virtio - Avoid repeated init of completion
soc/tegra: fuse: Fix illegal free of IO base address
hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
dmaengine: imx-dma: fix warning comparison of distinct pointer types
netfilter: physdev: relax br_netfilter dependency
media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
x86/build: Mark per-CPU symbols as absolute explicitly for LLD
dmaengine: tegra: avoid overflow of byte tracking
drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
binfmt_elf: switch to new creds when switching to new mm
kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
x86: vdso: Use $LD instead of $CC to link
x86/vdso: Drop implicit common-page-size linker flag
lib/string.c: implement a basic bcmp
tty: mark Siemens R3964 line discipline as BROKEN
tty: ldisc: add sysctl to prevent autoloading of ldiscs
ipv6: Fix dangling pointer when ipv6 fragment
ipv6: sit: reset ip header pointer in ipip6_rcv
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
openvswitch: fix flow actions reallocation
qmi_wwan: add Olicard 600
sctp: initialize _pad of sockaddr_in before copying to user memory
tcp: Ensure DCTCP reacts to losses
netns: provide pure entropy for net_hash_mix()
net: ethtool: not call vzalloc for zero sized memory request
ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
ALSA: seq: Fix OOB-reads from strlcpy
include/linux/bitrev.h: fix constant bitrev
ASoC: fsl_esai: fix channel swap issue when stream starts
block: do not leak memory in bio_copy_user_iov()
genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
ARM: dts: at91: Fix typo in ISC_D0 on PC9
arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
xen: Prevent buffer overflow in privcmd ioctl
sched/fair: Do not re-read ->h_load_next during hierarchical load calculation
xtensa: fix return_address
PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
perf/core: Restore mmap record type correctly
ext4: add missing brelse() in add_new_gdb_meta_bg()
ext4: report real fs size after failed resize
ALSA: echoaudio: add a check for ioremap_nocache
ALSA: sb8: add a check for request_region
IB/mlx4: Fix race condition between catas error reset and aliasguid flows
mmc: davinci: remove extraneous __init annotation
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
thermal/int340x_thermal: Add additional UUIDs
thermal/int340x_thermal: fix mode setting
tools/power turbostat: return the exit status of a command
perf top: Fix error handling in cmd_top()
perf evsel: Free evsel->counts in perf_evsel__exit()
perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
x86/hpet: Prevent potential NULL pointer dereference
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
iommu/vt-d: Check capability before disabling protected memory
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
fix incorrect error code mapping for OBJECTID_NOT_FOUND
ext4: prohibit fstrim in norecovery mode
rsi: improve kernel thread handling to fix kernel panic
9p: do not trust pdu content for stat item size
9p locks: add mount option for lock retry interval
f2fs: fix to do sanity check with current segment number
serial: uartps: console_setup() can't be placed to init section
ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
ACPI / SBS: Fix GPE storm on recent MacBookPro's
cifs: fallback to older infolevels on findfirst queryinfo retry
crypto: sha256/arm - fix crash bug in Thumb2 build
crypto: sha512/arm - fix crash bug in Thumb2 build
iommu/dmar: Fix buffer overflow during PCI bus notification
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
appletalk: Fix use-after-free in atalk_proc_exit
lib/div64.c: off by one in shift
include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
ovl: fix uid/gid when creating over whiteout
appletalk: Fix compile regression
bonding: fix event handling for stacked bonds
net: atm: Fix potential Spectre v1 vulnerabilities
net: bridge: multicast: use rcu to access port list from br_multicast_start_querier
net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
tcp: tcp_grow_window() needs to respect tcp_space()
ipv4: recompile ip options in ipv4_link_failure
ipv4: ensure rcu_read_lock() in ipv4_link_failure()
crypto: crypto4xx - properly set IV after de- and encrypt
modpost: file2alias: go back to simple devtable lookup
modpost: file2alias: check prototype of handler
tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
iio/gyro/bmg160: Use millidegrees for temperature scale
iio: ad_sigma_delta: select channel when reading register
iio: adc: at91: disable adc channel interrupt in timeout case
io: accel: kxcjk1013: restore the range after resume.
staging: comedi: vmk80xx: Fix use of uninitialized semaphore
staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
staging: comedi: ni_usb6501: Fix use of uninitialized mutex
staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
ALSA: core: Fix card races between register and disconnect
crypto: x86/poly1305 - fix overflow during partial reduction
arm64: futex: Restore oldval initialization to work around buggy compilers
x86/kprobes: Verify stack frame on kretprobe
kprobes: Mark ftrace mcount handler functions nokprobe
kprobes: Fix error check when reusing optimized probes
mac80211: do not call driver wake_tx_queue op during reconfig
Revert "kbuild: use -Oz instead of -Os when using clang"
sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
device_cgroup: fix RCU imbalance in error case
mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n
ALSA: info: Fix racy addition/deletion of nodes
Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()"
kernel/sysctl.c: fix out-of-bounds access when setting file-max
Linux 4.4.179
Change-Id: Ib81a248d73ba7504649be93bd6882b290e548882
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzEBesACgkQONu9yGCS
aT4KhA//fTPDn1cwSHYX7vCK1gWVfAC+d7SnWcdlyjiCzuUNOHeGtwYl2xIi2pmH
7cnxCpzKRbxgPCuawj/T4MrZoKtc2fH8sduQGQtiIgtz4rew9vqYcQTIxO0AF8cI
KcqZefj7L6M04RxSq+F0O2MpXtPCIfDnoYej44Espa5tCt1tWJLxQvaEV4waHmA1
+6/Sh9ZlWzMF/vcyTJS0RpCSNrHDVjaoQjgQuaDNGaGhPhaWqvPavd4eSzLrOQ4U
r54X+T3vqQuF3gjSVywGgSvRkpFX+ZTsgPtg9mkm3oJTNoLUa9nnCRl1p6ig+moI
+7ZPFbk0Duhi+N34GpSL2MXbFkMz49Cvon+kDlQrO0LvETWha39VyEG/GcHSCm+o
ISNWwEY//rsYl8JF3rZIzfbw973/x0QKZeNQySs184ls4pwnIo3To3fL2Wv9ArA1
jCIHT3lFwBkNZUMfK9hz8e7fC93QZPIgDLGx/HWBDPRE05D5O29kRSuj6cQ10GFk
PChQiV3WLiwgwEhq3/tIso3052MheAVaNsz76wYbpakTrupjkapNeN64bOOZO2FD
BzdLkpSjOIe5kaSMzzVCTt9A25M0t8iz/rj7/6OEPYtaT8T49t1ZtTxjrAzqL2nc
oyB0U20t67uMoaloZUQF6kYmMirvnYYVwDWSHXQ568bU5wXhI0U=
=pJ1x
-----END PGP SIGNATURE-----
Merge 4.4.179 into android-4.4-p
Changes in 4.4.179
arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
arm64: debug: Ensure debug handlers check triggering exception level
ext4: cleanup bh release code in ext4_ind_remove_space()
lib/int_sqrt: optimize initial value compute
tty/serial: atmel: Add is_half_duplex helper
mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
Bluetooth: Fix decrementing reference count twice in releasing socket
tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
CIFS: fix POSIX lock leak and invalid ptr deref
h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
tracing: kdb: Fix ftdump to not sleep
gpio: gpio-omap: fix level interrupt idling
sysctl: handle overflow for file-max
enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
mm/cma.c: cma_declare_contiguous: correct err handling
mm/page_ext.c: fix an imbalance with kmemleak
mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
mm/slab.c: kmemleak no scan alien caches
ocfs2: fix a panic problem caused by o2cb_ctl
f2fs: do not use mutex lock in atomic context
fs/file.c: initialize init_files.resize_wait
cifs: use correct format characters
dm thin: add sanity checks to thin-pool and external snapshot creation
cifs: Fix NULL pointer dereference of devname
fs: fix guard_bio_eod to check for real EOD errors
tools lib traceevent: Fix buffer overflow in arg_eval
usb: chipidea: Grab the (legacy) USB PHY by phandle first
scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
coresight: etm4x: Add support to enable ETMv4.2
ARM: 8840/1: use a raw_spinlock_t in unwind
mmc: omap: fix the maximum timeout setting
e1000e: Fix -Wformat-truncation warnings
IB/mlx4: Increase the timeout for CM cache
scsi: megaraid_sas: return error when create DMA pool failed
perf test: Fix failure of 'evsel-tp-sched' test on s390
SoC: imx-sgtl5000: add missing put_device()
media: sh_veu: Correct return type for mem2mem buffer helpers
media: s5p-jpeg: Correct return type for mem2mem buffer helpers
media: s5p-g2d: Correct return type for mem2mem buffer helpers
media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
leds: lp55xx: fix null deref on firmware load failure
kprobes: Prohibit probing on bsearch()
ARM: 8833/1: Ensure that NEON code always compiles with Clang
ALSA: PCM: check if ops are defined before suspending PCM
bcache: fix input overflow to cache set sysfs file io_error_halflife
bcache: fix input overflow to sequential_cutoff
bcache: improve sysfs_strtoul_clamp()
fbdev: fbmem: fix memory access if logo is bigger than the screen
cdrom: Fix race condition in cdrom_sysctl_register
ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
soc: qcom: gsbi: Fix error handling in gsbi_probe()
mt7601u: bump supported EEPROM version
ARM: avoid Cortex-A9 livelock on tight dmb loops
tty: increase the default flip buffer limit to 2*640K
media: mt9m111: set initial frame size other than 0x0
hwrng: virtio - Avoid repeated init of completion
soc/tegra: fuse: Fix illegal free of IO base address
hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
dmaengine: imx-dma: fix warning comparison of distinct pointer types
netfilter: physdev: relax br_netfilter dependency
media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
x86/build: Mark per-CPU symbols as absolute explicitly for LLD
dmaengine: tegra: avoid overflow of byte tracking
drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
binfmt_elf: switch to new creds when switching to new mm
kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
x86: vdso: Use $LD instead of $CC to link
x86/vdso: Drop implicit common-page-size linker flag
lib/string.c: implement a basic bcmp
tty: mark Siemens R3964 line discipline as BROKEN
tty: ldisc: add sysctl to prevent autoloading of ldiscs
ipv6: Fix dangling pointer when ipv6 fragment
ipv6: sit: reset ip header pointer in ipip6_rcv
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
openvswitch: fix flow actions reallocation
qmi_wwan: add Olicard 600
sctp: initialize _pad of sockaddr_in before copying to user memory
tcp: Ensure DCTCP reacts to losses
netns: provide pure entropy for net_hash_mix()
net: ethtool: not call vzalloc for zero sized memory request
ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
ALSA: seq: Fix OOB-reads from strlcpy
include/linux/bitrev.h: fix constant bitrev
ASoC: fsl_esai: fix channel swap issue when stream starts
block: do not leak memory in bio_copy_user_iov()
genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
ARM: dts: at91: Fix typo in ISC_D0 on PC9
arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
xen: Prevent buffer overflow in privcmd ioctl
sched/fair: Do not re-read ->h_load_next during hierarchical load calculation
xtensa: fix return_address
PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
perf/core: Restore mmap record type correctly
ext4: add missing brelse() in add_new_gdb_meta_bg()
ext4: report real fs size after failed resize
ALSA: echoaudio: add a check for ioremap_nocache
ALSA: sb8: add a check for request_region
IB/mlx4: Fix race condition between catas error reset and aliasguid flows
mmc: davinci: remove extraneous __init annotation
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
thermal/int340x_thermal: Add additional UUIDs
thermal/int340x_thermal: fix mode setting
tools/power turbostat: return the exit status of a command
perf top: Fix error handling in cmd_top()
perf evsel: Free evsel->counts in perf_evsel__exit()
perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
x86/hpet: Prevent potential NULL pointer dereference
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
iommu/vt-d: Check capability before disabling protected memory
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
fix incorrect error code mapping for OBJECTID_NOT_FOUND
ext4: prohibit fstrim in norecovery mode
rsi: improve kernel thread handling to fix kernel panic
9p: do not trust pdu content for stat item size
9p locks: add mount option for lock retry interval
f2fs: fix to do sanity check with current segment number
serial: uartps: console_setup() can't be placed to init section
ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
ACPI / SBS: Fix GPE storm on recent MacBookPro's
cifs: fallback to older infolevels on findfirst queryinfo retry
crypto: sha256/arm - fix crash bug in Thumb2 build
crypto: sha512/arm - fix crash bug in Thumb2 build
iommu/dmar: Fix buffer overflow during PCI bus notification
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
appletalk: Fix use-after-free in atalk_proc_exit
lib/div64.c: off by one in shift
include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
ovl: fix uid/gid when creating over whiteout
appletalk: Fix compile regression
bonding: fix event handling for stacked bonds
net: atm: Fix potential Spectre v1 vulnerabilities
net: bridge: multicast: use rcu to access port list from br_multicast_start_querier
net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
tcp: tcp_grow_window() needs to respect tcp_space()
ipv4: recompile ip options in ipv4_link_failure
ipv4: ensure rcu_read_lock() in ipv4_link_failure()
crypto: crypto4xx - properly set IV after de- and encrypt
modpost: file2alias: go back to simple devtable lookup
modpost: file2alias: check prototype of handler
tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
iio/gyro/bmg160: Use millidegrees for temperature scale
iio: ad_sigma_delta: select channel when reading register
iio: adc: at91: disable adc channel interrupt in timeout case
io: accel: kxcjk1013: restore the range after resume.
staging: comedi: vmk80xx: Fix use of uninitialized semaphore
staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
staging: comedi: ni_usb6501: Fix use of uninitialized mutex
staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
ALSA: core: Fix card races between register and disconnect
crypto: x86/poly1305 - fix overflow during partial reduction
arm64: futex: Restore oldval initialization to work around buggy compilers
x86/kprobes: Verify stack frame on kretprobe
kprobes: Mark ftrace mcount handler functions nokprobe
kprobes: Fix error check when reusing optimized probes
mac80211: do not call driver wake_tx_queue op during reconfig
Revert "kbuild: use -Oz instead of -Os when using clang"
sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
device_cgroup: fix RCU imbalance in error case
mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n
ALSA: info: Fix racy addition/deletion of nodes
Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()"
kernel/sysctl.c: fix out-of-bounds access when setting file-max
Linux 4.4.179
Change-Id: Ia88dbd6c37250a682098a4a8540672869c6adf42
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit e8277b3b52240ec1caad8e6df278863e4bf42eac upstream.
Commit 58bc4c34d249 ("mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly")
depends on skipping vmstat entries with empty name introduced in
7aaf77272358 ("mm: don't show nr_indirectly_reclaimable in
/proc/vmstat") but reverted in b29940c1abd7 ("mm: rename and change
semantics of nr_indirectly_reclaimable_bytes").
So skipping no longer works and /proc/vmstat has misformatted lines " 0".
This patch simply shows debug counters "nr_tlb_remote_*" for UP.
Link: http://lkml.kernel.org/r/155481488468.467.4295519102880913454.stgit@buzz
Fixes: 58bc4c34d249 ("mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly")
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Roman Gushchin <guro@fb.com>
Cc: Jann Horn <jannh@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit afd07389d3f4933c7f7817a92fb5e053d59a3182 ]
One of the vmalloc stress test case triggers the kernel BUG():
<snip>
[60.562151] ------------[ cut here ]------------
[60.562154] kernel BUG at mm/vmalloc.c:512!
[60.562206] invalid opcode: 0000 [#1] PREEMPT SMP PTI
[60.562247] CPU: 0 PID: 430 Comm: vmalloc_test/0 Not tainted 4.20.0+ #161
[60.562293] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[60.562351] RIP: 0010:alloc_vmap_area+0x36f/0x390
<snip>
it can happen due to big align request resulting in overflowing of
calculated address, i.e. it becomes 0 after ALIGN()'s fixup.
Fix it by checking if calculated address is within vstart/vend range.
Link: http://lkml.kernel.org/r/20190124115648.9433-2-urezki@gmail.com
Signed-off-by: Uladzislau Rezki (Sony) <urezki@gmail.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Joel Fernandes <joelaf@google.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Oleksiy Avramchenko <oleksiy.avramchenko@sonymobile.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Tejun Heo <tj@kernel.org>
Cc: Thomas Garnier <thgarnie@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 0d3bd18a5efd66097ef58622b898d3139790aa9d ]
In case cma_init_reserved_mem failed, need to free the memblock
allocated by memblock_reserve or memblock_alloc_range.
Quote Catalin's comments:
https://lkml.org/lkml/2019/2/26/482
Kmemleak is supposed to work with the memblock_{alloc,free} pair and it
ignores the memblock_reserve() as a memblock_alloc() implementation
detail. It is, however, tolerant to memblock_free() being called on
a sub-range or just a different range from a previous memblock_alloc().
So the original patch looks fine to me. FWIW:
Link: http://lkml.kernel.org/r/20190227144631.16708-1-peng.fan@nxp.com
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Reviewed-by: Mike Rapoport <rppt@linux.ibm.com>
Cc: Laura Abbott <labbott@redhat.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit a7f40cfe3b7ada57af9b62fd28430eeb4a7cfcb7 upstream.
When MPOL_MF_STRICT was specified and an existing page was already on a
node that does not follow the policy, mbind() should return -EIO. But
commit 6f4576e368 ("mempolicy: apply page table walker on
queue_pages_range()") broke the rule.
And commit c8633798497c ("mm: mempolicy: mbind and migrate_pages support
thp migration") didn't return the correct value for THP mbind() too.
If MPOL_MF_STRICT is set, ignore vma_migratable() to make sure it
reaches queue_pages_to_pte_range() or queue_pages_pmd() to check if an
existing page was already on a node that does not follow the policy.
And, non-migratable vma may be used, return -EIO too if MPOL_MF_MOVE or
MPOL_MF_MOVE_ALL was specified.
Tested with https://github.com/metan-ucw/ltp/blob/master/testcases/kernel/syscalls/mbind/mbind02.c
[akpm@linux-foundation.org: tweak code comment]
Link: http://lkml.kernel.org/r/1553020556-38583-1-git-send-email-yang.shi@linux.alibaba.com
Fixes: 6f4576e368 ("mempolicy: apply page table walker on queue_pages_range()")
Signed-off-by: Yang Shi <yang.shi@linux.alibaba.com>
Signed-off-by: Oscar Salvador <osalvador@suse.de>
Reported-by: Cyril Hrubis <chrubis@suse.cz>
Suggested-by: Kirill A. Shutemov <kirill@shutemov.name>
Acked-by: Rafael Aquini <aquini@redhat.com>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-7af10f2
Linux 4.4.178
stm class: Hide STM-specific options if STM is disabled
coresight: removing bind/unbind options from sysfs
arm64: support keyctl() system call in 32-bit mode
Revert "USB: core: only clean up what we allocated"
xhci: Fix port resume done detection for SS ports with LPM enabled
KVM: Reject device ioctls from processes other than the VM's creator
x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
perf intel-pt: Fix TSC slip
gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
USB: serial: option: add Olicard 600
USB: serial: option: set driver_info for SIM5218 and compatibles
USB: serial: mos7720: fix mos_parport refcount imbalance on error path
USB: serial: ftdi_sio: add additional NovaTech products
USB: serial: cp210x: add new device id
serial: sh-sci: Fix setting SCSCR_TIE while transferring data
serial: max310x: Fix to avoid potential NULL pointer dereference
staging: vt6655: Fix interrupt race condition on device start up.
staging: vt6655: Remove vif check from vnt_interrupt
tty: atmel_serial: fix a potential NULL pointer dereference
scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices
scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
scsi: sd: Fix a race between closing an sd device and sd I/O
ALSA: pcm: Don't suspend stream in unrecoverable PCM state
ALSA: pcm: Fix possible OOB access in PCM oss plugins
ALSA: seq: oss: Fix Spectre v1 vulnerability
ALSA: rawmidi: Fix potential Spectre v1 vulnerability
ALSA: compress: add support for 32bit calls in a 64bit kernel
ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
btrfs: raid56: properly unmap parity page in finish_parity_scrub()
btrfs: remove WARN_ON in log_dir_items
mac8390: Fix mmio access size probe
sctp: get sctphdr by offset in sctp_compute_cksum
vxlan: Don't call gro_cells_destroy() before device is unregistered
tcp: do not use ipv6 header for ipv4 flow
packets: Always register packet sk in the same order
Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net)
net: rose: fix a possible stack overflow
net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
dccp: do not use ipv6 header for ipv4 flow
stmmac: copy unicast mac address to MAC registers
cfg80211: size various nl80211 messages correctly
mmc: mmc: fix switch timeout issue caused by jiffies precision
arm64: kconfig: drop CONFIG_RTC_LIB dependency
video: fbdev: Set pixclock = 0 in goldfishfb
cpu/hotplug: Handle unbalanced hotplug enable/disable
usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG
usb: gadget: configfs: add mutex lock before unregister gadget
ipv6: fix endianness error in icmpv6_err
stm class: Fix stm device initialization order
stm class: Do not leak the chrdev in error path
PM / Hibernate: Call flush_icache_range() on pages restored in-place
arm64: kernel: Include _AC definition in page.h
perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops
mac80211: fix "warning: ‘target_metric’ may be used uninitialized"
arm64/kernel: fix incorrect EL0 check in inv_entry macro
ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies
staging: goldfish: audio: fix compiliation on arm
staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT
staging: ashmem: Add missing include
staging: ashmem: Avoid deadlock with mmap/shrink
asm-generic: Fix local variable shadow in __set_fixmap_offset
coresight: etm4x: Check every parameter used by dma_xx_coherent.
coresight: "DEVICE_ATTR_RO" should defined as static.
stm class: Fix a race in unlinking
stm class: Fix unbalanced module/device refcounting
stm class: Guard output assignment against concurrency
stm class: Fix unlocking braino in the error path
stm class: Support devices with multiple instances
stm class: Prevent user-controllable allocations
stm class: Fix link list locking
stm class: Fix locking in unbinding policy path
coresight: remove csdev's link from topology
coresight: release reference taken by 'bus_find_device()'
coresight: coresight_unregister() function cleanup
coresight: fixing lockdep error
writeback: initialize inode members that track writeback history
Revert "mmc: block: don't use parameter prefix if built as module"
net: diag: support v4mapped sockets in inet_diag_find_one_icsk()
perf: Synchronously free aux pages in case of allocation failure
arm64: hide __efistub_ aliases from kallsyms
hid-sensor-hub.c: fix wrong do_div() usage
vmstat: make vmstat_updater deferrable again and shut down on idle
android: unconditionally remove callbacks in sync_fence_free()
ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor
ARM: 8458/1: bL_switcher: add GIC dependency
efi: stub: define DISABLE_BRANCH_PROFILING for all architectures
arm64: fix COMPAT_SHMLBA definition for large pages
mmc: block: Allow more than 8 partitions per card
sched/fair: Fix new task's load avg removed from source CPU in wake_up_new_task()
Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
ath10k: avoid possible string overflow
rtc: Fix overflow when converting time64_t to rtc_time
USB: core: only clean up what we allocated
lib/int_sqrt: optimize small argument
serial: sprd: clear timeout interrupt only rather than all interrupts
usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
arm64: traps: disable irq in die()
Hang/soft lockup in d_invalidate with simultaneous calls
serial: sprd: adjust TIMEOUT to a big value
tcp/dccp: drop SYN packets if accept queue is full
usb: gadget: Add the gserial port checking in gs_start_tx()
usb: gadget: composite: fix dereference after null check coverify warning
kbuild: setlocalversion: print error to STDERR
extcon: usb-gpio: Don't miss event during suspend/resume
mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
arm64: mm: Add trace_irqflags annotations to do_debug_exception()
usb: dwc3: gadget: Fix suspend/resume during device mode
mmc: core: shut up "voltage-ranges unspecified" pr_info()
mmc: sanitize 'bus width' in debug output
mmc: make MAN_BKOPS_EN message a debug
mmc: debugfs: Add a restriction to mmc debugfs clock setting
mmc: pwrseq_simple: Make reset-gpios optional to match doc
ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
ALSA: hda - Record the current power state before suspend/resume calls
locking/lockdep: Add debug_locks check in __lock_downgrade()
media: v4l2-ctrls.c/uvc: zero v4l2_event
mmc: tmio_mmc_core: don't claim spurious interrupts
ext4: brelse all indirect buffer in ext4_ind_remove_space()
ext4: fix data corruption caused by unaligned direct AIO
ext4: fix NULL pointer dereference while journal is aborted
futex: Ensure that futex address is aligned in handle_futex_death()
MIPS: Fix kernel crash for R6 in jump label branch function
mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
udf: Fix crash on IO error during truncate
drm/vmwgfx: Don't double-free the mode stored in par->set_mode
mmc: pxamci: fix enum type confusion
ANDROID: drop CONFIG_INPUT_KEYCHORD from cuttlefish and ranchu
UPSTREAM: virt_wifi: Remove REGULATORY_WIPHY_SELF_MANAGED
UPSTREAM: net: socket: set sock->sk to NULL after calling proto_ops::release()
f2fs: set pin_file under CAP_SYS_ADMIN
f2fs: fix to avoid deadlock in f2fs_read_inline_dir()
f2fs: fix to adapt small inline xattr space in __find_inline_xattr()
f2fs: fix to do sanity check with inode.i_inline_xattr_size
f2fs: give some messages for inline_xattr_size
f2fs: don't trigger read IO for beyond EOF page
f2fs: fix to add refcount once page is tagged PG_private
f2fs: remove wrong comment in f2fs_invalidate_page()
f2fs: fix to use kvfree instead of kzfree
f2fs: print more parameters in trace_f2fs_map_blocks
f2fs: trace f2fs_ioc_shutdown
f2fs: fix to avoid deadlock of atomic file operations
f2fs: fix to dirty inode for i_mode recovery
f2fs: give random value to i_generation
f2fs: no need to take page lock in readdir
f2fs: fix to update iostat correctly in IPU path
f2fs: fix encrypted page memory leak
f2fs: make fault injection covering __submit_flush_wait()
f2fs: fix to retry fill_super only if recovery failed
f2fs: silence VM_WARN_ON_ONCE in mempool_alloc
f2fs: correct spelling mistake
f2fs: fix wrong #endif
f2fs: don't clear CP_QUOTA_NEED_FSCK_FLAG
f2fs: don't allow negative ->write_io_size_bits
f2fs: fix to check inline_xattr_size boundary correctly
Revert "f2fs: fix to avoid deadlock of atomic file operations"
Revert "f2fs: fix to check inline_xattr_size boundary correctly"
f2fs: do not use mutex lock in atomic context
f2fs: fix potential data inconsistence of checkpoint
f2fs: fix to avoid deadlock of atomic file operations
f2fs: fix to check inline_xattr_size boundary correctly
f2fs: jump to label 'free_node_inode' when failing from d_make_root()
f2fs: fix to document inline_xattr_size option
f2fs: fix to data block override node segment by mistake
f2fs: fix typos in code comments
f2fs: sync filesystem after roll-forward recovery
fs: export evict_inodes
f2fs: flush quota blocks after turnning it off
f2fs: avoid null pointer exception in dcc_info
f2fs: don't wake up too frequently, if there is lots of IOs
f2fs: try to keep CP_TRIMMED_FLAG after successful umount
f2fs: add quick mode of checkpoint=disable for QA
f2fs: run discard jobs when put_super
f2fs: fix to set sbi dirty correctly
f2fs: UBSAN: set boolean value iostat_enable correctly
f2fs: add brackets for macros
f2fs: check if file namelen exceeds max value
f2fs: fix to trigger fsck if dirent.name_len is zero
f2fs: no need to check return value of debugfs_create functions
f2fs: export FS_NOCOW_FL flag to user
f2fs: check inject_rate validity during configuring
f2fs: remove set but not used variable 'err'
f2fs: fix compile warnings: 'struct *' declared inside parameter list
f2fs: change error code to -ENOMEM from -EINVAL
Conflicts:
arch/arm/Kconfig
arch/arm64/kernel/traps.c
drivers/hwtracing/coresight/coresight-etm4x.c
drivers/hwtracing/coresight/coresight-tmc.c
drivers/hwtracing/stm/Kconfig
drivers/hwtracing/stm/core.c
drivers/mmc/core/mmc.c
drivers/usb/gadget/function/u_serial.c
kernel/events/ring_buffer.c
net/wireless/nl80211.c
sound/core/compress_offload.c
Change-Id: I33783dbd0a25d678d6c61204f9e67690e57bed8f
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlykNUEACgkQONu9yGCS
aT6n6A//QT/8UQ8IWU2J1iTtlxX95RWxfgbsip0bBh8PdVOhRAalR6+fa6F/Fh9D
kM82QHro5R9ZO48mkQ1yF4ooJmVapabS4bvlgLil+/La9gDsF/Z2T/wxsUht2nCm
aic3ZjLX2mtte75zQAL+lvEjPR6q92PibNOgBvt51ueLK7Hcxga4uiAzpdlZausp
YKAtqwhaj7AD2xUqPuyB9xHw5tvFbGqiN6rMmxIbQSOUhgtiUxiiLHRM8ppanoHv
D2fMKKj8Pz5FGgzd7c0b9fZUERFNqHeKSTPgxNENzLS0TCRexP94Ihp5FoWN4tY+
HPQT291DrWyquSl0c7FrI1BuF41fmKJ+CZHbvXBwT429bJQQ2dehgIUfdGYgrSBt
J/zbh0OO2fkLCxNDVpA0cNm+tlYUGbc+TCG4R2I3V2dn5yTxru/w+TdG/GyM8h75
jUAGS3hFKBCFQSLC8M+nRcOsLsV1H4H9/MnQ84+wpXXC/Z5MseYHo07E1xWNViUW
UHuM6PlGRUPJ0JrC6J6wLkkvHDyjXbaSitligH8K2aW9PtCU814T7+4rwgyaHCVr
OMizAmy65Y2lutJ4mtMNc05mKlQRlGfWu/EOBgTRzB+V4hadp2NRZ1b9rk3MFRgk
ckxiYM91MjtuvHV/SrLd3e2PlnvouGw30jaWhScy2Sl5D4g76ok=
=zBsi
-----END PGP SIGNATURE-----
Merge 4.4.178 into android-4.4
Changes in 4.4.178
mmc: pxamci: fix enum type confusion
drm/vmwgfx: Don't double-free the mode stored in par->set_mode
udf: Fix crash on IO error during truncate
mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
MIPS: Fix kernel crash for R6 in jump label branch function
futex: Ensure that futex address is aligned in handle_futex_death()
ext4: fix NULL pointer dereference while journal is aborted
ext4: fix data corruption caused by unaligned direct AIO
ext4: brelse all indirect buffer in ext4_ind_remove_space()
mmc: tmio_mmc_core: don't claim spurious interrupts
media: v4l2-ctrls.c/uvc: zero v4l2_event
locking/lockdep: Add debug_locks check in __lock_downgrade()
ALSA: hda - Record the current power state before suspend/resume calls
ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
mmc: pwrseq_simple: Make reset-gpios optional to match doc
mmc: debugfs: Add a restriction to mmc debugfs clock setting
mmc: make MAN_BKOPS_EN message a debug
mmc: sanitize 'bus width' in debug output
mmc: core: shut up "voltage-ranges unspecified" pr_info()
usb: dwc3: gadget: Fix suspend/resume during device mode
arm64: mm: Add trace_irqflags annotations to do_debug_exception()
mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
extcon: usb-gpio: Don't miss event during suspend/resume
kbuild: setlocalversion: print error to STDERR
usb: gadget: composite: fix dereference after null check coverify warning
usb: gadget: Add the gserial port checking in gs_start_tx()
tcp/dccp: drop SYN packets if accept queue is full
serial: sprd: adjust TIMEOUT to a big value
Hang/soft lockup in d_invalidate with simultaneous calls
arm64: traps: disable irq in die()
usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
serial: sprd: clear timeout interrupt only rather than all interrupts
lib/int_sqrt: optimize small argument
USB: core: only clean up what we allocated
rtc: Fix overflow when converting time64_t to rtc_time
ath10k: avoid possible string overflow
Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
sched/fair: Fix new task's load avg removed from source CPU in wake_up_new_task()
mmc: block: Allow more than 8 partitions per card
arm64: fix COMPAT_SHMLBA definition for large pages
efi: stub: define DISABLE_BRANCH_PROFILING for all architectures
ARM: 8458/1: bL_switcher: add GIC dependency
ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor
android: unconditionally remove callbacks in sync_fence_free()
vmstat: make vmstat_updater deferrable again and shut down on idle
hid-sensor-hub.c: fix wrong do_div() usage
arm64: hide __efistub_ aliases from kallsyms
perf: Synchronously free aux pages in case of allocation failure
net: diag: support v4mapped sockets in inet_diag_find_one_icsk()
Revert "mmc: block: don't use parameter prefix if built as module"
writeback: initialize inode members that track writeback history
coresight: fixing lockdep error
coresight: coresight_unregister() function cleanup
coresight: release reference taken by 'bus_find_device()'
coresight: remove csdev's link from topology
stm class: Fix locking in unbinding policy path
stm class: Fix link list locking
stm class: Prevent user-controllable allocations
stm class: Support devices with multiple instances
stm class: Fix unlocking braino in the error path
stm class: Guard output assignment against concurrency
stm class: Fix unbalanced module/device refcounting
stm class: Fix a race in unlinking
coresight: "DEVICE_ATTR_RO" should defined as static.
coresight: etm4x: Check every parameter used by dma_xx_coherent.
asm-generic: Fix local variable shadow in __set_fixmap_offset
staging: ashmem: Avoid deadlock with mmap/shrink
staging: ashmem: Add missing include
staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT
staging: goldfish: audio: fix compiliation on arm
ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies
arm64/kernel: fix incorrect EL0 check in inv_entry macro
mac80211: fix "warning: ‘target_metric’ may be used uninitialized"
perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops
arm64: kernel: Include _AC definition in page.h
PM / Hibernate: Call flush_icache_range() on pages restored in-place
stm class: Do not leak the chrdev in error path
stm class: Fix stm device initialization order
ipv6: fix endianness error in icmpv6_err
usb: gadget: configfs: add mutex lock before unregister gadget
usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG
cpu/hotplug: Handle unbalanced hotplug enable/disable
video: fbdev: Set pixclock = 0 in goldfishfb
arm64: kconfig: drop CONFIG_RTC_LIB dependency
mmc: mmc: fix switch timeout issue caused by jiffies precision
cfg80211: size various nl80211 messages correctly
stmmac: copy unicast mac address to MAC registers
dccp: do not use ipv6 header for ipv4 flow
mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
net: rose: fix a possible stack overflow
Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net)
packets: Always register packet sk in the same order
tcp: do not use ipv6 header for ipv4 flow
vxlan: Don't call gro_cells_destroy() before device is unregistered
sctp: get sctphdr by offset in sctp_compute_cksum
mac8390: Fix mmio access size probe
btrfs: remove WARN_ON in log_dir_items
btrfs: raid56: properly unmap parity page in finish_parity_scrub()
ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
ALSA: compress: add support for 32bit calls in a 64bit kernel
ALSA: rawmidi: Fix potential Spectre v1 vulnerability
ALSA: seq: oss: Fix Spectre v1 vulnerability
ALSA: pcm: Fix possible OOB access in PCM oss plugins
ALSA: pcm: Don't suspend stream in unrecoverable PCM state
scsi: sd: Fix a race between closing an sd device and sd I/O
scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices
tty: atmel_serial: fix a potential NULL pointer dereference
staging: vt6655: Remove vif check from vnt_interrupt
staging: vt6655: Fix interrupt race condition on device start up.
serial: max310x: Fix to avoid potential NULL pointer dereference
serial: sh-sci: Fix setting SCSCR_TIE while transferring data
USB: serial: cp210x: add new device id
USB: serial: ftdi_sio: add additional NovaTech products
USB: serial: mos7720: fix mos_parport refcount imbalance on error path
USB: serial: option: set driver_info for SIM5218 and compatibles
USB: serial: option: add Olicard 600
Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
perf intel-pt: Fix TSC slip
x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
KVM: Reject device ioctls from processes other than the VM's creator
xhci: Fix port resume done detection for SS ports with LPM enabled
Revert "USB: core: only clean up what we allocated"
arm64: support keyctl() system call in 32-bit mode
coresight: removing bind/unbind options from sysfs
stm class: Hide STM-specific options if STM is disabled
Linux 4.4.178
Change-Id: Ia7fc9419e85c78352eef494a0c914dec7650062f
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlykNUEACgkQONu9yGCS
aT6n6A//QT/8UQ8IWU2J1iTtlxX95RWxfgbsip0bBh8PdVOhRAalR6+fa6F/Fh9D
kM82QHro5R9ZO48mkQ1yF4ooJmVapabS4bvlgLil+/La9gDsF/Z2T/wxsUht2nCm
aic3ZjLX2mtte75zQAL+lvEjPR6q92PibNOgBvt51ueLK7Hcxga4uiAzpdlZausp
YKAtqwhaj7AD2xUqPuyB9xHw5tvFbGqiN6rMmxIbQSOUhgtiUxiiLHRM8ppanoHv
D2fMKKj8Pz5FGgzd7c0b9fZUERFNqHeKSTPgxNENzLS0TCRexP94Ihp5FoWN4tY+
HPQT291DrWyquSl0c7FrI1BuF41fmKJ+CZHbvXBwT429bJQQ2dehgIUfdGYgrSBt
J/zbh0OO2fkLCxNDVpA0cNm+tlYUGbc+TCG4R2I3V2dn5yTxru/w+TdG/GyM8h75
jUAGS3hFKBCFQSLC8M+nRcOsLsV1H4H9/MnQ84+wpXXC/Z5MseYHo07E1xWNViUW
UHuM6PlGRUPJ0JrC6J6wLkkvHDyjXbaSitligH8K2aW9PtCU814T7+4rwgyaHCVr
OMizAmy65Y2lutJ4mtMNc05mKlQRlGfWu/EOBgTRzB+V4hadp2NRZ1b9rk3MFRgk
ckxiYM91MjtuvHV/SrLd3e2PlnvouGw30jaWhScy2Sl5D4g76ok=
=zBsi
-----END PGP SIGNATURE-----
Merge 4.4.178 into android-4.4-p
Changes in 4.4.178
mmc: pxamci: fix enum type confusion
drm/vmwgfx: Don't double-free the mode stored in par->set_mode
udf: Fix crash on IO error during truncate
mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
MIPS: Fix kernel crash for R6 in jump label branch function
futex: Ensure that futex address is aligned in handle_futex_death()
ext4: fix NULL pointer dereference while journal is aborted
ext4: fix data corruption caused by unaligned direct AIO
ext4: brelse all indirect buffer in ext4_ind_remove_space()
mmc: tmio_mmc_core: don't claim spurious interrupts
media: v4l2-ctrls.c/uvc: zero v4l2_event
locking/lockdep: Add debug_locks check in __lock_downgrade()
ALSA: hda - Record the current power state before suspend/resume calls
ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
mmc: pwrseq_simple: Make reset-gpios optional to match doc
mmc: debugfs: Add a restriction to mmc debugfs clock setting
mmc: make MAN_BKOPS_EN message a debug
mmc: sanitize 'bus width' in debug output
mmc: core: shut up "voltage-ranges unspecified" pr_info()
usb: dwc3: gadget: Fix suspend/resume during device mode
arm64: mm: Add trace_irqflags annotations to do_debug_exception()
mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
extcon: usb-gpio: Don't miss event during suspend/resume
kbuild: setlocalversion: print error to STDERR
usb: gadget: composite: fix dereference after null check coverify warning
usb: gadget: Add the gserial port checking in gs_start_tx()
tcp/dccp: drop SYN packets if accept queue is full
serial: sprd: adjust TIMEOUT to a big value
Hang/soft lockup in d_invalidate with simultaneous calls
arm64: traps: disable irq in die()
usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
serial: sprd: clear timeout interrupt only rather than all interrupts
lib/int_sqrt: optimize small argument
USB: core: only clean up what we allocated
rtc: Fix overflow when converting time64_t to rtc_time
ath10k: avoid possible string overflow
Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
sched/fair: Fix new task's load avg removed from source CPU in wake_up_new_task()
mmc: block: Allow more than 8 partitions per card
arm64: fix COMPAT_SHMLBA definition for large pages
efi: stub: define DISABLE_BRANCH_PROFILING for all architectures
ARM: 8458/1: bL_switcher: add GIC dependency
ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor
android: unconditionally remove callbacks in sync_fence_free()
vmstat: make vmstat_updater deferrable again and shut down on idle
hid-sensor-hub.c: fix wrong do_div() usage
arm64: hide __efistub_ aliases from kallsyms
perf: Synchronously free aux pages in case of allocation failure
net: diag: support v4mapped sockets in inet_diag_find_one_icsk()
Revert "mmc: block: don't use parameter prefix if built as module"
writeback: initialize inode members that track writeback history
coresight: fixing lockdep error
coresight: coresight_unregister() function cleanup
coresight: release reference taken by 'bus_find_device()'
coresight: remove csdev's link from topology
stm class: Fix locking in unbinding policy path
stm class: Fix link list locking
stm class: Prevent user-controllable allocations
stm class: Support devices with multiple instances
stm class: Fix unlocking braino in the error path
stm class: Guard output assignment against concurrency
stm class: Fix unbalanced module/device refcounting
stm class: Fix a race in unlinking
coresight: "DEVICE_ATTR_RO" should defined as static.
coresight: etm4x: Check every parameter used by dma_xx_coherent.
asm-generic: Fix local variable shadow in __set_fixmap_offset
staging: ashmem: Avoid deadlock with mmap/shrink
staging: ashmem: Add missing include
staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT
staging: goldfish: audio: fix compiliation on arm
ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies
arm64/kernel: fix incorrect EL0 check in inv_entry macro
mac80211: fix "warning: ‘target_metric’ may be used uninitialized"
perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops
arm64: kernel: Include _AC definition in page.h
PM / Hibernate: Call flush_icache_range() on pages restored in-place
stm class: Do not leak the chrdev in error path
stm class: Fix stm device initialization order
ipv6: fix endianness error in icmpv6_err
usb: gadget: configfs: add mutex lock before unregister gadget
usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG
cpu/hotplug: Handle unbalanced hotplug enable/disable
video: fbdev: Set pixclock = 0 in goldfishfb
arm64: kconfig: drop CONFIG_RTC_LIB dependency
mmc: mmc: fix switch timeout issue caused by jiffies precision
cfg80211: size various nl80211 messages correctly
stmmac: copy unicast mac address to MAC registers
dccp: do not use ipv6 header for ipv4 flow
mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
net: rose: fix a possible stack overflow
Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net)
packets: Always register packet sk in the same order
tcp: do not use ipv6 header for ipv4 flow
vxlan: Don't call gro_cells_destroy() before device is unregistered
sctp: get sctphdr by offset in sctp_compute_cksum
mac8390: Fix mmio access size probe
btrfs: remove WARN_ON in log_dir_items
btrfs: raid56: properly unmap parity page in finish_parity_scrub()
ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
ALSA: compress: add support for 32bit calls in a 64bit kernel
ALSA: rawmidi: Fix potential Spectre v1 vulnerability
ALSA: seq: oss: Fix Spectre v1 vulnerability
ALSA: pcm: Fix possible OOB access in PCM oss plugins
ALSA: pcm: Don't suspend stream in unrecoverable PCM state
scsi: sd: Fix a race between closing an sd device and sd I/O
scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices
tty: atmel_serial: fix a potential NULL pointer dereference
staging: vt6655: Remove vif check from vnt_interrupt
staging: vt6655: Fix interrupt race condition on device start up.
serial: max310x: Fix to avoid potential NULL pointer dereference
serial: sh-sci: Fix setting SCSCR_TIE while transferring data
USB: serial: cp210x: add new device id
USB: serial: ftdi_sio: add additional NovaTech products
USB: serial: mos7720: fix mos_parport refcount imbalance on error path
USB: serial: option: set driver_info for SIM5218 and compatibles
USB: serial: option: add Olicard 600
Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
perf intel-pt: Fix TSC slip
x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
KVM: Reject device ioctls from processes other than the VM's creator
xhci: Fix port resume done detection for SS ports with LPM enabled
Revert "USB: core: only clean up what we allocated"
arm64: support keyctl() system call in 32-bit mode
coresight: removing bind/unbind options from sysfs
stm class: Hide STM-specific options if STM is disabled
Linux 4.4.178
Change-Id: Iac01be124213731798a36b20d80ea3a8e911d025
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 0eb77e9880321915322d42913c3b53241739c8aa ]
Currently the vmstat updater is not deferrable as a result of commit
ba4877b9ca ("vmstat: do not use deferrable delayed work for
vmstat_update"). This in turn can cause multiple interruptions of the
applications because the vmstat updater may run at
Make vmstate_update deferrable again and provide a function that folds
the differentials when the processor is going to idle mode thus
addressing the issue of the above commit in a clean way.
Note that the shepherd thread will continue scanning the differentials
from another processor and will reenable the vmstat workers if it
detects any changes.
Fixes: ba4877b9ca ("vmstat: do not use deferrable delayed work for vmstat_update")
Signed-off-by: Christoph Lameter <cl@linux.com>
Cc: Michal Hocko <mhocko@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit e4c5800a3991f0c6a766983535dfc10d51802cf6 upstream.
This check effectively catches anon vma hierarchy inconsistence and some
vma corruptions. It was effective for catching corner cases in anon vma
reusing logic. For now this code seems stable so check could be hidden
under CONFIG_DEBUG_VM and replaced with WARN because it's not so fatal.
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Suggested-by: Vasily Averin <vvs@virtuozzo.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-0c3b8c4
Linux 4.4.177
KVM: X86: Fix residual mmio emulation request to userspace
KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
KVM: nVMX: Sign extend displacements of VMX instr's mem operands
drm/radeon/evergreen_cs: fix missing break in switch statement
media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
PM / wakeup: Rework wakeup source timer cancellation
nfsd: fix wrong check in write_v4_end_grace()
nfsd: fix memory corruption caused by readdir
NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
NFS: Fix an I/O request leakage in nfs_do_recoalesce
md: Fix failed allocation of md_register_thread
perf intel-pt: Fix overlap calculation for padding
perf auxtrace: Define auxtrace record alignment
perf intel-pt: Fix CYC timestamp calculation after OVF
NFS41: pop some layoutget errors to application
dm: fix to_sector() for 32bit
ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
powerpc/83xx: Also save/restore SPRG4-7 during suspend
powerpc/powernv: Make opal log only readable by root
powerpc/wii: properly disable use of BATs when requested.
powerpc/32: Clear on-stack exception marker upon exception return
jbd2: fix compile warning when using JBUFFER_TRACE
jbd2: clear dirty flag when revoking a buffer from an older transaction
serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup()
serial: 8250_pci: Fix number of ports for ACCES serial cards
perf bench: Copy kernel files needed to build mem{cpy,set} x86_64 benchmarks
i2c: tegra: fix maximum transfer size
parport_pc: fix find_superio io compare code, should use equal test.
intel_th: Don't reference unassigned outputs
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
mm/vmalloc: fix size check for remap_vmalloc_range_partial()
dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
clk: ingenic: Fix round_rate misbehaving with non-integer dividers
ext2: Fix underflow in ext2_max_size()
ext4: fix crash during online resizing
cpufreq: pxa2xx: remove incorrect __init annotation
cpufreq: tegra124: add missing of_node_put()
crypto: pcbc - remove bogus memcpy()s with src == dest
Btrfs: fix corruption reading shared and compressed extents after hole punching
btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
m68k: Add -ffreestanding to CFLAGS
scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
scsi: virtio_scsi: don't send sc payload with tmfs
s390/virtio: handle find on invalid queue gracefully
clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
regulator: s2mpa01: Fix step values for some LDOs
regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
ACPI / device_sysfs: Avoid OF modalias creation for removed device
tracing: Do not free iter->trace in fail path of tracing_open_pipe()
CIFS: Fix read after write for files with read caching
crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
stm class: Prevent division by zero
tmpfs: fix uninitialized return value in shmem_link
net: set static variable an initial value in atl2_probe()
mac80211_hwsim: propagate genlmsg_reply return code
phonet: fix building with clang
ARC: uacces: remove lp_start, lp_end from clobber list
tmpfs: fix link accounting when a tmpfile is linked in
arm64: Relax GIC version check during early boot
ASoC: topology: free created components in tplg load error
net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe()
pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
net: systemport: Fix reception of BPDUs
scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task
assoc_array: Fix shortcut creation
ARM: 8824/1: fix a migrating irq bug when hotplug cpu
Input: st-keyscan - fix potential zalloc NULL dereference
i2c: cadence: Fix the hold bit setting
Input: matrix_keypad - use flush_delayed_work()
ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized
s390/dasd: fix using offset into zero size array error
gpu: ipu-v3: Fix CSI offsets for imx53
gpu: ipu-v3: Fix i.MX51 CSI control registers offset
crypto: ahash - fix another early termination in hash walk
crypto: caam - fixed handling of sg list
stm class: Fix an endless loop in channel allocation
ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
9p/net: fix memory leak in p9_client_create
9p: use inode->i_lock to protect i_size_write() under 32-bit
media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
It's wrong to add len to sector_nr in raid10 reshape twice
fs/9p: use fscache mutex rather than spinlock
ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56
tcp/dccp: remove reqsk_put() from inet_child_forget()
gro_cells: make sure device is up in gro_cells_receive()
net/hsr: fix possible crash in add_timer()
vxlan: Fix GRO cells race condition between receive and link delete
vxlan: test dev->flags & IFF_UP before calling gro_cells_receive()
ipvlan: disallow userns cap_net_admin to change global mode/flags
missing barriers in some of unix_sock ->addr and ->path accesses
net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255
mdio_bus: Fix use-after-free on device_register fails
net/x25: fix a race in x25_bind()
net/mlx4_core: Fix qp mtt size calculation
net/mlx4_core: Fix reset flow when in command polling mode
tcp: handle inet_csk_reqsk_queue_add() failures
route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race
ravb: Decrease TxFIFO depth of Q3 and Q2 to one
pptp: dst_release sk_dst_cache in pptp_sock_destruct
net/x25: reset state in x25_connect()
net/x25: fix use-after-free in x25_device_event()
net: sit: fix UBSAN Undefined behaviour in check_6rd
net: hsr: fix memory leak in hsr_dev_finalize()
l2tp: fix infoleak in l2tp_ip6_recvmsg()
KEYS: restrict /proc/keys by credentials at open time
netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options
netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters
netfilter: nfnetlink_log: just returns error for unknown command
netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES
udplite: call proper backlog handlers
ARM: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420
Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls"
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
iscsi_ibft: Fix missing break in switch statement
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
MIPS: Remove function size check in get_frame_info()
perf symbols: Filter out hidden symbols from labels
s390/qeth: fix use-after-free in error path
dmaengine: dmatest: Abort test in case of mapping error
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
ARM: pxa: ssp: unneeded to free devm_ allocated data
autofs: fix error return in autofs_fill_super()
autofs: drop dentry reference only when it is never used
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
x86_64: increase stack size for KASAN_EXTRA
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
cifs: fix computation for MAX_SMB2_HDR_SIZE
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
scsi: libfc: free skb when receiving invalid flogi resp
nfs: Fix NULL pointer dereference of dev_name
gpio: vf610: Mask all GPIO interrupts
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
xtensa: SMP: limit number of possible CPUs by NR_CPUS
xtensa: SMP: mark each possible CPU as present
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: fix secondary CPU initialization
xtensa: SMP: fix ccount_timer_shutdown
iommu/amd: Fix IOMMU page flush when detach device from a domain
ipvs: Fix signed integer overflow when setsockopt timeout
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
perf tools: Handle TOPOLOGY headers with no CPU
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
media: uvcvideo: Fix 'type' check leading to overflow
ip6mr: Do not call __IP6_INC_STATS() from preemptible context
net: dsa: mv88e6xxx: Fix u64 statistics
netlabel: fix out-of-bounds memory accesses
hugetlbfs: fix races and page leaks during migration
MIPS: irq: Allocate accurate order pages for irq stack
applicom: Fix potential Spectre v1 vulnerabilities
x86/CPU/AMD: Set the CPB bit unconditionally on F17h
net: phy: Micrel KSZ8061: link failure after cable connect
net: avoid use IPCB in cipso_v4_error
net: Add __icmp_send helper.
xen-netback: fix occasional leak of grant ref mappings under memory pressure
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
bnxt_en: Drop oversize TX packets to prevent errors.
team: Free BPF filter when unregistering netdev
sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
net-sysfs: Fix mem leak in netdev_register_kobject
staging: lustre: fix buffer overflow of string buffer
isdn: isdn_tty: fix build warning of strncpy
ncpfs: fix build warning of strncpy
sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names
cpufreq: Use struct kobj_attribute instead of struct global_attr
USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
USB: serial: cp210x: add ID for Ingenico 3070
USB: serial: option: add Telit ME910 ECM composition
x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
mm: enforce min addr even if capable() in expand_downwards()
mmc: spi: Fix card detection during probe
powerpc: Always initialize input array when calling epapr_hypercall()
KVM: arm/arm64: Fix MMIO emulation data handling
arm/arm64: KVM: Feed initialized memory to MMIO accesses
KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1
cfg80211: extend range deviation for DMG
mac80211: don't initiate TDLS connection if station is not associated to AP
ibmveth: Do not process frames after calling napi_reschedule
net: altera_tse: fix connect_local_phy error path
scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
mac80211: fix miscounting of ttl-dropped frames
ARC: fix __ffs return value to avoid build warnings
ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
ASoC: dapm: change snprintf to scnprintf for possible overflow
usb: gadget: Potential NULL dereference on allocation error
usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
ALSA: compress: prevent potential divide by zero bugs
ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
drm/msm: Unblock writer if reader closes file
scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached
libceph: handle an empty authorize reply
Revert "bridge: do not add port to router list when receives query with source 0.0.0.0"
ARCv2: Enable unaligned access in early ASM code
net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
team: avoid complex list operations in team_nl_cmd_options_set()
net/packet: fix 4gb buffer limit due to overflow check
batman-adv: fix uninit-value in batadv_interface_tx()
KEYS: always initialize keyring_index_key::desc_len
KEYS: user: Align the payload buffer
RDMA/srp: Rework SCSI device reset handling
isdn: avm: Fix string plus integer warning from Clang
leds: lp5523: fix a missing check of return value of lp55xx_read
atm: he: fix sign-extension overflow on large shift
isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
MIPS: jazz: fix 64bit build
scsi: isci: initialize shost fully before calling scsi_add_host()
scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
MIPS: ath79: Enable OF serial ports in the default config
net: hns: Fix use after free identified by SLUB debug
mfd: mc13xxx: Fix a missing check of a register-read failure
mfd: wm5110: Add missing ASRC rate register
mfd: qcom_rpm: write fw_version to CTRL_REG
mfd: ab8500-core: Return zero in get_register_interruptible()
mfd: db8500-prcmu: Fix some section annotations
mfd: twl-core: Fix section annotations on {,un}protect_pm_master
mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
KEYS: allow reaching the keys quotas exactly
numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
Revert "ANDROID: arm: process: Add display of memory around registers when displaying regs."
ANDROID: mnt: Propagate remount correctly
ANDROID: cuttlefish_defconfig: Add support for AC97 audio
ANDROID: overlayfs: override_creds=off option bypass creator_cred
FROMGIT: binder: create node flag to request sender's security context
Conflicts:
arch/arm/kernel/irq.c
drivers/media/v4l2-core/videobuf2-v4l2.c
sound/core/compress_offload.c
Change-Id: I998f8d53b0c5b8a7102816034452b1779a3b69a3
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlyV4+kACgkQONu9yGCS
aT5T2RAAn9hyo4LmxMvxab61d+PSEfn9TKhNjEtF8vFKNiYb+W+vI0ALHYSWcT1Z
O5T4d1TeSeMrs9G1McL/D80vMJFIzcg0a9QIYuFObFAB21VpDiiGcVc74d+6fHtH
m6loPE1d2GCpzwJ7VOCvdC9DR8C9SK0IVANyMJApXUL8mkNRo2H6vY/NGt65+5zb
vioEbGbXZQJl1GvvwquM6cX9ABH4nyAU1yTX9r2CHMFCBQ0JDkpY4yxClY1NBZ02
1Rc1NpJCR6OJUPvQUpyHuY5rkkPfM12Iz9dxFHARXvtTsmzm3AFdkev5GEMlR5e1
hNXs6ZPyTADJL/fKO8nmeKwKf30xTaWObgMw9A3d8FOFSmDXAW6FLKAmIz+yZBGc
27Tta1pGkZscC1iajEX2dcp5Zjkwr4y/HA5EJJ3jCCwrfTPDL5u8N900GbKMx4Lk
EgPB3byZUAn/9k1m5HEA8RS08LqsNTAEA2Q6nZZhuhmqGJQPRtbBPG7tib9bvhUy
KBLQdqJ8ubi9T1EopHu8xZdpZbbB/uCS+FB6NIkXuWR1IHkAGdEPheHrv3tuR5rf
8/2OU970h63ztE5qHFsBci2uC4htiZFY62NULiPbI7HjeEUdym0AGK4JzGnn0lnX
8McOBeOKwQwR5XuHZcMKWrsstt4mv9zo5QOdCJ1XDxFv628G2dQ=
=eGAC
-----END PGP SIGNATURE-----
Merge 4.4.177 into android-4.4-p
Changes in 4.4.177
ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
KEYS: allow reaching the keys quotas exactly
mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
mfd: twl-core: Fix section annotations on {,un}protect_pm_master
mfd: db8500-prcmu: Fix some section annotations
mfd: ab8500-core: Return zero in get_register_interruptible()
mfd: qcom_rpm: write fw_version to CTRL_REG
mfd: wm5110: Add missing ASRC rate register
mfd: mc13xxx: Fix a missing check of a register-read failure
net: hns: Fix use after free identified by SLUB debug
MIPS: ath79: Enable OF serial ports in the default config
scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
scsi: isci: initialize shost fully before calling scsi_add_host()
MIPS: jazz: fix 64bit build
isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
atm: he: fix sign-extension overflow on large shift
leds: lp5523: fix a missing check of return value of lp55xx_read
isdn: avm: Fix string plus integer warning from Clang
RDMA/srp: Rework SCSI device reset handling
KEYS: user: Align the payload buffer
KEYS: always initialize keyring_index_key::desc_len
batman-adv: fix uninit-value in batadv_interface_tx()
net/packet: fix 4gb buffer limit due to overflow check
team: avoid complex list operations in team_nl_cmd_options_set()
sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
ARCv2: Enable unaligned access in early ASM code
Revert "bridge: do not add port to router list when receives query with source 0.0.0.0"
libceph: handle an empty authorize reply
scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached
drm/msm: Unblock writer if reader closes file
ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
ALSA: compress: prevent potential divide by zero bugs
thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
usb: gadget: Potential NULL dereference on allocation error
ASoC: dapm: change snprintf to scnprintf for possible overflow
ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
ARC: fix __ffs return value to avoid build warnings
mac80211: fix miscounting of ttl-dropped frames
serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
net: altera_tse: fix connect_local_phy error path
ibmveth: Do not process frames after calling napi_reschedule
mac80211: don't initiate TDLS connection if station is not associated to AP
cfg80211: extend range deviation for DMG
KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1
arm/arm64: KVM: Feed initialized memory to MMIO accesses
KVM: arm/arm64: Fix MMIO emulation data handling
powerpc: Always initialize input array when calling epapr_hypercall()
mmc: spi: Fix card detection during probe
mm: enforce min addr even if capable() in expand_downwards()
x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
USB: serial: option: add Telit ME910 ECM composition
USB: serial: cp210x: add ID for Ingenico 3070
USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
cpufreq: Use struct kobj_attribute instead of struct global_attr
sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names
ncpfs: fix build warning of strncpy
isdn: isdn_tty: fix build warning of strncpy
staging: lustre: fix buffer overflow of string buffer
net-sysfs: Fix mem leak in netdev_register_kobject
sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
team: Free BPF filter when unregistering netdev
bnxt_en: Drop oversize TX packets to prevent errors.
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
xen-netback: fix occasional leak of grant ref mappings under memory pressure
net: Add __icmp_send helper.
net: avoid use IPCB in cipso_v4_error
net: phy: Micrel KSZ8061: link failure after cable connect
x86/CPU/AMD: Set the CPB bit unconditionally on F17h
applicom: Fix potential Spectre v1 vulnerabilities
MIPS: irq: Allocate accurate order pages for irq stack
hugetlbfs: fix races and page leaks during migration
netlabel: fix out-of-bounds memory accesses
net: dsa: mv88e6xxx: Fix u64 statistics
ip6mr: Do not call __IP6_INC_STATS() from preemptible context
media: uvcvideo: Fix 'type' check leading to overflow
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
perf tools: Handle TOPOLOGY headers with no CPU
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
ipvs: Fix signed integer overflow when setsockopt timeout
iommu/amd: Fix IOMMU page flush when detach device from a domain
xtensa: SMP: fix ccount_timer_shutdown
xtensa: SMP: fix secondary CPU initialization
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: mark each possible CPU as present
xtensa: SMP: limit number of possible CPUs by NR_CPUS
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
gpio: vf610: Mask all GPIO interrupts
nfs: Fix NULL pointer dereference of dev_name
scsi: libfc: free skb when receiving invalid flogi resp
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
cifs: fix computation for MAX_SMB2_HDR_SIZE
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
x86_64: increase stack size for KASAN_EXTRA
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
autofs: drop dentry reference only when it is never used
autofs: fix error return in autofs_fill_super()
ARM: pxa: ssp: unneeded to free devm_ allocated data
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
dmaengine: dmatest: Abort test in case of mapping error
s390/qeth: fix use-after-free in error path
perf symbols: Filter out hidden symbols from labels
MIPS: Remove function size check in get_frame_info()
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
iscsi_ibft: Fix missing break in switch statement
futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls"
ARM: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420
udplite: call proper backlog handlers
netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES
netfilter: nfnetlink_log: just returns error for unknown command
netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters
netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options
KEYS: restrict /proc/keys by credentials at open time
l2tp: fix infoleak in l2tp_ip6_recvmsg()
net: hsr: fix memory leak in hsr_dev_finalize()
net: sit: fix UBSAN Undefined behaviour in check_6rd
net/x25: fix use-after-free in x25_device_event()
net/x25: reset state in x25_connect()
pptp: dst_release sk_dst_cache in pptp_sock_destruct
ravb: Decrease TxFIFO depth of Q3 and Q2 to one
route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race
tcp: handle inet_csk_reqsk_queue_add() failures
net/mlx4_core: Fix reset flow when in command polling mode
net/mlx4_core: Fix qp mtt size calculation
net/x25: fix a race in x25_bind()
mdio_bus: Fix use-after-free on device_register fails
net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255
missing barriers in some of unix_sock ->addr and ->path accesses
ipvlan: disallow userns cap_net_admin to change global mode/flags
vxlan: test dev->flags & IFF_UP before calling gro_cells_receive()
vxlan: Fix GRO cells race condition between receive and link delete
net/hsr: fix possible crash in add_timer()
gro_cells: make sure device is up in gro_cells_receive()
tcp/dccp: remove reqsk_put() from inet_child_forget()
ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56
fs/9p: use fscache mutex rather than spinlock
It's wrong to add len to sector_nr in raid10 reshape twice
media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
9p: use inode->i_lock to protect i_size_write() under 32-bit
9p/net: fix memory leak in p9_client_create
ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
stm class: Fix an endless loop in channel allocation
crypto: caam - fixed handling of sg list
crypto: ahash - fix another early termination in hash walk
gpu: ipu-v3: Fix i.MX51 CSI control registers offset
gpu: ipu-v3: Fix CSI offsets for imx53
s390/dasd: fix using offset into zero size array error
ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized
Input: matrix_keypad - use flush_delayed_work()
i2c: cadence: Fix the hold bit setting
Input: st-keyscan - fix potential zalloc NULL dereference
ARM: 8824/1: fix a migrating irq bug when hotplug cpu
assoc_array: Fix shortcut creation
scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task
net: systemport: Fix reception of BPDUs
pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe()
ASoC: topology: free created components in tplg load error
arm64: Relax GIC version check during early boot
tmpfs: fix link accounting when a tmpfile is linked in
ARC: uacces: remove lp_start, lp_end from clobber list
phonet: fix building with clang
mac80211_hwsim: propagate genlmsg_reply return code
net: set static variable an initial value in atl2_probe()
tmpfs: fix uninitialized return value in shmem_link
stm class: Prevent division by zero
crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
CIFS: Fix read after write for files with read caching
tracing: Do not free iter->trace in fail path of tracing_open_pipe()
ACPI / device_sysfs: Avoid OF modalias creation for removed device
regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
regulator: s2mpa01: Fix step values for some LDOs
clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
s390/virtio: handle find on invalid queue gracefully
scsi: virtio_scsi: don't send sc payload with tmfs
scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
m68k: Add -ffreestanding to CFLAGS
btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
Btrfs: fix corruption reading shared and compressed extents after hole punching
crypto: pcbc - remove bogus memcpy()s with src == dest
cpufreq: tegra124: add missing of_node_put()
cpufreq: pxa2xx: remove incorrect __init annotation
ext4: fix crash during online resizing
ext2: Fix underflow in ext2_max_size()
clk: ingenic: Fix round_rate misbehaving with non-integer dividers
dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
mm/vmalloc: fix size check for remap_vmalloc_range_partial()
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
intel_th: Don't reference unassigned outputs
parport_pc: fix find_superio io compare code, should use equal test.
i2c: tegra: fix maximum transfer size
perf bench: Copy kernel files needed to build mem{cpy,set} x86_64 benchmarks
serial: 8250_pci: Fix number of ports for ACCES serial cards
serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup()
jbd2: clear dirty flag when revoking a buffer from an older transaction
jbd2: fix compile warning when using JBUFFER_TRACE
powerpc/32: Clear on-stack exception marker upon exception return
powerpc/wii: properly disable use of BATs when requested.
powerpc/powernv: Make opal log only readable by root
powerpc/83xx: Also save/restore SPRG4-7 during suspend
ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
dm: fix to_sector() for 32bit
NFS41: pop some layoutget errors to application
perf intel-pt: Fix CYC timestamp calculation after OVF
perf auxtrace: Define auxtrace record alignment
perf intel-pt: Fix overlap calculation for padding
md: Fix failed allocation of md_register_thread
NFS: Fix an I/O request leakage in nfs_do_recoalesce
NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
nfsd: fix memory corruption caused by readdir
nfsd: fix wrong check in write_v4_end_grace()
PM / wakeup: Rework wakeup source timer cancellation
rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
drm/radeon/evergreen_cs: fix missing break in switch statement
KVM: nVMX: Sign extend displacements of VMX instr's mem operands
KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
KVM: X86: Fix residual mmio emulation request to userspace
Linux 4.4.177
Change-Id: Ia33b88c9634e04612874d79ce4cc166e8aa8096a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlyV4+kACgkQONu9yGCS
aT5T2RAAn9hyo4LmxMvxab61d+PSEfn9TKhNjEtF8vFKNiYb+W+vI0ALHYSWcT1Z
O5T4d1TeSeMrs9G1McL/D80vMJFIzcg0a9QIYuFObFAB21VpDiiGcVc74d+6fHtH
m6loPE1d2GCpzwJ7VOCvdC9DR8C9SK0IVANyMJApXUL8mkNRo2H6vY/NGt65+5zb
vioEbGbXZQJl1GvvwquM6cX9ABH4nyAU1yTX9r2CHMFCBQ0JDkpY4yxClY1NBZ02
1Rc1NpJCR6OJUPvQUpyHuY5rkkPfM12Iz9dxFHARXvtTsmzm3AFdkev5GEMlR5e1
hNXs6ZPyTADJL/fKO8nmeKwKf30xTaWObgMw9A3d8FOFSmDXAW6FLKAmIz+yZBGc
27Tta1pGkZscC1iajEX2dcp5Zjkwr4y/HA5EJJ3jCCwrfTPDL5u8N900GbKMx4Lk
EgPB3byZUAn/9k1m5HEA8RS08LqsNTAEA2Q6nZZhuhmqGJQPRtbBPG7tib9bvhUy
KBLQdqJ8ubi9T1EopHu8xZdpZbbB/uCS+FB6NIkXuWR1IHkAGdEPheHrv3tuR5rf
8/2OU970h63ztE5qHFsBci2uC4htiZFY62NULiPbI7HjeEUdym0AGK4JzGnn0lnX
8McOBeOKwQwR5XuHZcMKWrsstt4mv9zo5QOdCJ1XDxFv628G2dQ=
=eGAC
-----END PGP SIGNATURE-----
Merge 4.4.177 into android-4.4
Changes in 4.4.177
ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
KEYS: allow reaching the keys quotas exactly
mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
mfd: twl-core: Fix section annotations on {,un}protect_pm_master
mfd: db8500-prcmu: Fix some section annotations
mfd: ab8500-core: Return zero in get_register_interruptible()
mfd: qcom_rpm: write fw_version to CTRL_REG
mfd: wm5110: Add missing ASRC rate register
mfd: mc13xxx: Fix a missing check of a register-read failure
net: hns: Fix use after free identified by SLUB debug
MIPS: ath79: Enable OF serial ports in the default config
scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
scsi: isci: initialize shost fully before calling scsi_add_host()
MIPS: jazz: fix 64bit build
isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
atm: he: fix sign-extension overflow on large shift
leds: lp5523: fix a missing check of return value of lp55xx_read
isdn: avm: Fix string plus integer warning from Clang
RDMA/srp: Rework SCSI device reset handling
KEYS: user: Align the payload buffer
KEYS: always initialize keyring_index_key::desc_len
batman-adv: fix uninit-value in batadv_interface_tx()
net/packet: fix 4gb buffer limit due to overflow check
team: avoid complex list operations in team_nl_cmd_options_set()
sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
ARCv2: Enable unaligned access in early ASM code
Revert "bridge: do not add port to router list when receives query with source 0.0.0.0"
libceph: handle an empty authorize reply
scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached
drm/msm: Unblock writer if reader closes file
ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
ALSA: compress: prevent potential divide by zero bugs
thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
usb: gadget: Potential NULL dereference on allocation error
ASoC: dapm: change snprintf to scnprintf for possible overflow
ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
ARC: fix __ffs return value to avoid build warnings
mac80211: fix miscounting of ttl-dropped frames
serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
net: altera_tse: fix connect_local_phy error path
ibmveth: Do not process frames after calling napi_reschedule
mac80211: don't initiate TDLS connection if station is not associated to AP
cfg80211: extend range deviation for DMG
KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1
arm/arm64: KVM: Feed initialized memory to MMIO accesses
KVM: arm/arm64: Fix MMIO emulation data handling
powerpc: Always initialize input array when calling epapr_hypercall()
mmc: spi: Fix card detection during probe
mm: enforce min addr even if capable() in expand_downwards()
x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
USB: serial: option: add Telit ME910 ECM composition
USB: serial: cp210x: add ID for Ingenico 3070
USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
cpufreq: Use struct kobj_attribute instead of struct global_attr
sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names
ncpfs: fix build warning of strncpy
isdn: isdn_tty: fix build warning of strncpy
staging: lustre: fix buffer overflow of string buffer
net-sysfs: Fix mem leak in netdev_register_kobject
sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
team: Free BPF filter when unregistering netdev
bnxt_en: Drop oversize TX packets to prevent errors.
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
xen-netback: fix occasional leak of grant ref mappings under memory pressure
net: Add __icmp_send helper.
net: avoid use IPCB in cipso_v4_error
net: phy: Micrel KSZ8061: link failure after cable connect
x86/CPU/AMD: Set the CPB bit unconditionally on F17h
applicom: Fix potential Spectre v1 vulnerabilities
MIPS: irq: Allocate accurate order pages for irq stack
hugetlbfs: fix races and page leaks during migration
netlabel: fix out-of-bounds memory accesses
net: dsa: mv88e6xxx: Fix u64 statistics
ip6mr: Do not call __IP6_INC_STATS() from preemptible context
media: uvcvideo: Fix 'type' check leading to overflow
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
perf tools: Handle TOPOLOGY headers with no CPU
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
ipvs: Fix signed integer overflow when setsockopt timeout
iommu/amd: Fix IOMMU page flush when detach device from a domain
xtensa: SMP: fix ccount_timer_shutdown
xtensa: SMP: fix secondary CPU initialization
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: mark each possible CPU as present
xtensa: SMP: limit number of possible CPUs by NR_CPUS
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
gpio: vf610: Mask all GPIO interrupts
nfs: Fix NULL pointer dereference of dev_name
scsi: libfc: free skb when receiving invalid flogi resp
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
cifs: fix computation for MAX_SMB2_HDR_SIZE
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
x86_64: increase stack size for KASAN_EXTRA
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
autofs: drop dentry reference only when it is never used
autofs: fix error return in autofs_fill_super()
ARM: pxa: ssp: unneeded to free devm_ allocated data
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
dmaengine: dmatest: Abort test in case of mapping error
s390/qeth: fix use-after-free in error path
perf symbols: Filter out hidden symbols from labels
MIPS: Remove function size check in get_frame_info()
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
iscsi_ibft: Fix missing break in switch statement
futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls"
ARM: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420
udplite: call proper backlog handlers
netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES
netfilter: nfnetlink_log: just returns error for unknown command
netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters
netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options
KEYS: restrict /proc/keys by credentials at open time
l2tp: fix infoleak in l2tp_ip6_recvmsg()
net: hsr: fix memory leak in hsr_dev_finalize()
net: sit: fix UBSAN Undefined behaviour in check_6rd
net/x25: fix use-after-free in x25_device_event()
net/x25: reset state in x25_connect()
pptp: dst_release sk_dst_cache in pptp_sock_destruct
ravb: Decrease TxFIFO depth of Q3 and Q2 to one
route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race
tcp: handle inet_csk_reqsk_queue_add() failures
net/mlx4_core: Fix reset flow when in command polling mode
net/mlx4_core: Fix qp mtt size calculation
net/x25: fix a race in x25_bind()
mdio_bus: Fix use-after-free on device_register fails
net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255
missing barriers in some of unix_sock ->addr and ->path accesses
ipvlan: disallow userns cap_net_admin to change global mode/flags
vxlan: test dev->flags & IFF_UP before calling gro_cells_receive()
vxlan: Fix GRO cells race condition between receive and link delete
net/hsr: fix possible crash in add_timer()
gro_cells: make sure device is up in gro_cells_receive()
tcp/dccp: remove reqsk_put() from inet_child_forget()
ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56
fs/9p: use fscache mutex rather than spinlock
It's wrong to add len to sector_nr in raid10 reshape twice
media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
9p: use inode->i_lock to protect i_size_write() under 32-bit
9p/net: fix memory leak in p9_client_create
ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
stm class: Fix an endless loop in channel allocation
crypto: caam - fixed handling of sg list
crypto: ahash - fix another early termination in hash walk
gpu: ipu-v3: Fix i.MX51 CSI control registers offset
gpu: ipu-v3: Fix CSI offsets for imx53
s390/dasd: fix using offset into zero size array error
ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized
Input: matrix_keypad - use flush_delayed_work()
i2c: cadence: Fix the hold bit setting
Input: st-keyscan - fix potential zalloc NULL dereference
ARM: 8824/1: fix a migrating irq bug when hotplug cpu
assoc_array: Fix shortcut creation
scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task
net: systemport: Fix reception of BPDUs
pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe()
ASoC: topology: free created components in tplg load error
arm64: Relax GIC version check during early boot
tmpfs: fix link accounting when a tmpfile is linked in
ARC: uacces: remove lp_start, lp_end from clobber list
phonet: fix building with clang
mac80211_hwsim: propagate genlmsg_reply return code
net: set static variable an initial value in atl2_probe()
tmpfs: fix uninitialized return value in shmem_link
stm class: Prevent division by zero
crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
CIFS: Fix read after write for files with read caching
tracing: Do not free iter->trace in fail path of tracing_open_pipe()
ACPI / device_sysfs: Avoid OF modalias creation for removed device
regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
regulator: s2mpa01: Fix step values for some LDOs
clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
s390/virtio: handle find on invalid queue gracefully
scsi: virtio_scsi: don't send sc payload with tmfs
scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
m68k: Add -ffreestanding to CFLAGS
btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
Btrfs: fix corruption reading shared and compressed extents after hole punching
crypto: pcbc - remove bogus memcpy()s with src == dest
cpufreq: tegra124: add missing of_node_put()
cpufreq: pxa2xx: remove incorrect __init annotation
ext4: fix crash during online resizing
ext2: Fix underflow in ext2_max_size()
clk: ingenic: Fix round_rate misbehaving with non-integer dividers
dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
mm/vmalloc: fix size check for remap_vmalloc_range_partial()
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
intel_th: Don't reference unassigned outputs
parport_pc: fix find_superio io compare code, should use equal test.
i2c: tegra: fix maximum transfer size
perf bench: Copy kernel files needed to build mem{cpy,set} x86_64 benchmarks
serial: 8250_pci: Fix number of ports for ACCES serial cards
serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup()
jbd2: clear dirty flag when revoking a buffer from an older transaction
jbd2: fix compile warning when using JBUFFER_TRACE
powerpc/32: Clear on-stack exception marker upon exception return
powerpc/wii: properly disable use of BATs when requested.
powerpc/powernv: Make opal log only readable by root
powerpc/83xx: Also save/restore SPRG4-7 during suspend
ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
dm: fix to_sector() for 32bit
NFS41: pop some layoutget errors to application
perf intel-pt: Fix CYC timestamp calculation after OVF
perf auxtrace: Define auxtrace record alignment
perf intel-pt: Fix overlap calculation for padding
md: Fix failed allocation of md_register_thread
NFS: Fix an I/O request leakage in nfs_do_recoalesce
NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
nfsd: fix memory corruption caused by readdir
nfsd: fix wrong check in write_v4_end_grace()
PM / wakeup: Rework wakeup source timer cancellation
rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
drm/radeon/evergreen_cs: fix missing break in switch statement
KVM: nVMX: Sign extend displacements of VMX instr's mem operands
KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
KVM: X86: Fix residual mmio emulation request to userspace
Linux 4.4.177
Change-Id: Ide9813404248e6d7f9dc4024ac244dc1fbdd21b6
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 401592d2e095947344e10ec0623adbcd58934dd4 upstream.
When VM_NO_GUARD is not set area->size includes adjacent guard page,
thus for correct size checking get_vm_area_size() should be used, but
not area->size.
This fixes possible kernel oops when userspace tries to mmap an area on
1 page bigger than was allocated by vmalloc_user() call: the size check
inside remap_vmalloc_range_partial() accounts non-existing guard page
also, so check successfully passes but vmalloc_to_page() returns NULL
(guard page does not physically exist).
The following code pattern example should trigger an oops:
static int oops_mmap(struct file *file, struct vm_area_struct *vma)
{
void *mem;
mem = vmalloc_user(4096);
BUG_ON(!mem);
/* Do not care about mem leak */
return remap_vmalloc_range(vma, mem, 0);
}
And userspace simply mmaps size + PAGE_SIZE:
mmap(NULL, 8192, PROT_WRITE|PROT_READ, MAP_PRIVATE, fd, 0);
Possible candidates for oops which do not have any explicit size
checks:
*** drivers/media/usb/stkwebcam/stk-webcam.c:
v4l_stk_mmap[789] ret = remap_vmalloc_range(vma, sbuf->buffer, 0);
Or the following one:
*** drivers/video/fbdev/core/fbmem.c
static int
fb_mmap(struct file *file, struct vm_area_struct * vma)
...
res = fb->fb_mmap(info, vma);
Where fb_mmap callback calls remap_vmalloc_range() directly without any
explicit checks:
*** drivers/video/fbdev/vfb.c
static int vfb_mmap(struct fb_info *info,
struct vm_area_struct *vma)
{
return remap_vmalloc_range(vma, (void *)info->fix.smem_start, vma->vm_pgoff);
}
Link: http://lkml.kernel.org/r/20190103145954.16942-2-rpenyaev@suse.de
Signed-off-by: Roman Penyaev <rpenyaev@suse.de>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Joe Perches <joe@perches.com>
Cc: "Luis R. Rodriguez" <mcgrof@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 29b00e609960ae0fcff382f4c7079dd0874a5311 ]
When we made the shmem_reserve_inode call in shmem_link conditional, we
forgot to update the declaration for ret so that it always has a known
value. Dan Carpenter pointed out this deficiency in the original patch.
Fixes: 1062af920c07 ("tmpfs: fix link accounting when a tmpfile is linked in")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Hugh Dickins <hughd@google.com>
Cc: Matej Kupljen <matej.kupljen@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 1062af920c07f5b54cf5060fde3339da6df0cf6b ]
tmpfs has a peculiarity of accounting hard links as if they were
separate inodes: so that when the number of inodes is limited, as it is
by default, a user cannot soak up an unlimited amount of unreclaimable
dcache memory just by repeatedly linking a file.
But when v3.11 added O_TMPFILE, and the ability to use linkat() on the
fd, we missed accommodating this new case in tmpfs: "df -i" shows that
an extra "inode" remains accounted after the file is unlinked and the fd
closed and the actual inode evicted. If a user repeatedly links
tmpfiles into a tmpfs, the limit will be hit (ENOSPC) even after they
are deleted.
Just skip the extra reservation from shmem_link() in this case: there's
a sense in which this first link of a tmpfile is then cheaper than a
hard link of another file, but the accounting works out, and there's
still good limiting, so no need to do anything more complicated.
Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1902182134370.7035@eggly.anvils
Fixes: f4e0c30c19 ("allow the temp files created by open() to be linked to")
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Hugh Dickins <hughd@google.com>
Reported-by: Matej Kupljen <matej.kupljen@gmail.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 24feb47c5fa5b825efb0151f28906dfdad027e61 ]
If memory end is not aligned with the sparse memory section boundary,
the mapping of such a section is only partly initialized. This may lead
to VM_BUG_ON due to uninitialized struct pages access from
test_pages_in_a_zone() function triggered by memory_hotplug sysfs
handlers.
Here are the the panic examples:
CONFIG_DEBUG_VM_PGFLAGS=y
kernel parameter mem=2050M
--------------------------
page:000003d082008000 is uninitialized and poisoned
page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p))
Call Trace:
test_pages_in_a_zone+0xde/0x160
show_valid_zones+0x5c/0x190
dev_attr_show+0x34/0x70
sysfs_kf_seq_show+0xc8/0x148
seq_read+0x204/0x480
__vfs_read+0x32/0x178
vfs_read+0x82/0x138
ksys_read+0x5a/0xb0
system_call+0xdc/0x2d8
Last Breaking-Event-Address:
test_pages_in_a_zone+0xde/0x160
Kernel panic - not syncing: Fatal exception: panic_on_oops
Fix this by checking whether the pfn to check is within the zone.
[mhocko@suse.com: separated this change from http://lkml.kernel.org/r/20181105150401.97287-2-zaslonko@linux.ibm.com]
Link: http://lkml.kernel.org/r/20190128144506.15603-3-mhocko@kernel.org
[mhocko@suse.com: separated this change from
http://lkml.kernel.org/r/20181105150401.97287-2-zaslonko@linux.ibm.com]
Signed-off-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Mikhail Zaslonko <zaslonko@linux.ibm.com>
Tested-by: Mikhail Gavrilov <mikhail.v.gavrilov@gmail.com>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Tested-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Mikhail Gavrilov <mikhail.v.gavrilov@gmail.com>
Cc: Pavel Tatashin <pasha.tatashin@soleen.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit efad4e475c312456edb3c789d0996d12ed744c13 ]
Patch series "mm, memory_hotplug: fix uninitialized pages fallouts", v2.
Mikhail Zaslonko has posted fixes for the two bugs quite some time ago
[1]. I have pushed back on those fixes because I believed that it is
much better to plug the problem at the initialization time rather than
play whack-a-mole all over the hotplug code and find all the places
which expect the full memory section to be initialized.
We have ended up with commit 2830bf6f05fb ("mm, memory_hotplug:
initialize struct pages for the full memory section") merged and cause a
regression [2][3]. The reason is that there might be memory layouts
when two NUMA nodes share the same memory section so the merged fix is
simply incorrect.
In order to plug this hole we really have to be zone range aware in
those handlers. I have split up the original patch into two. One is
unchanged (patch 2) and I took a different approach for `removable'
crash.
[1] http://lkml.kernel.org/r/20181105150401.97287-2-zaslonko@linux.ibm.com
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1666948
[3] http://lkml.kernel.org/r/20190125163938.GA20411@dhcp22.suse.cz
This patch (of 2):
Mikhail has reported the following VM_BUG_ON triggered when reading sysfs
removable state of a memory block:
page:000003d08300c000 is uninitialized and poisoned
page dumped because: VM_BUG_ON_PAGE(PagePoisoned(p))
Call Trace:
is_mem_section_removable+0xb4/0x190
show_mem_removable+0x9a/0xd8
dev_attr_show+0x34/0x70
sysfs_kf_seq_show+0xc8/0x148
seq_read+0x204/0x480
__vfs_read+0x32/0x178
vfs_read+0x82/0x138
ksys_read+0x5a/0xb0
system_call+0xdc/0x2d8
Last Breaking-Event-Address:
is_mem_section_removable+0xb4/0x190
Kernel panic - not syncing: Fatal exception: panic_on_oops
The reason is that the memory block spans the zone boundary and we are
stumbling over an unitialized struct page. Fix this by enforcing zone
range in is_mem_section_removable so that we never run away from a zone.
Link: http://lkml.kernel.org/r/20190128144506.15603-2-mhocko@kernel.org
Signed-off-by: Michal Hocko <mhocko@suse.com>
Reported-by: Mikhail Zaslonko <zaslonko@linux.ibm.com>
Debugged-by: Mikhail Zaslonko <zaslonko@linux.ibm.com>
Tested-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Tested-by: Mikhail Gavrilov <mikhail.v.gavrilov@gmail.com>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Cc: Pavel Tatashin <pasha.tatashin@soleen.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit cb6acd01e2e43fd8bad11155752b7699c3d0fb76 upstream.
hugetlb pages should only be migrated if they are 'active'. The
routines set/clear_page_huge_active() modify the active state of hugetlb
pages.
When a new hugetlb page is allocated at fault time, set_page_huge_active
is called before the page is locked. Therefore, another thread could
race and migrate the page while it is being added to page table by the
fault code. This race is somewhat hard to trigger, but can be seen by
strategically adding udelay to simulate worst case scheduling behavior.
Depending on 'how' the code races, various BUG()s could be triggered.
To address this issue, simply delay the set_page_huge_active call until
after the page is successfully added to the page table.
Hugetlb pages can also be leaked at migration time if the pages are
associated with a file in an explicitly mounted hugetlbfs filesystem.
For example, consider a two node system with 4GB worth of huge pages
available. A program mmaps a 2G file in a hugetlbfs filesystem. It
then migrates the pages associated with the file from one node to
another. When the program exits, huge page counts are as follows:
node0
1024 free_hugepages
1024 nr_hugepages
node1
0 free_hugepages
1024 nr_hugepages
Filesystem Size Used Avail Use% Mounted on
nodev 4.0G 2.0G 2.0G 50% /var/opt/hugepool
That is as expected. 2G of huge pages are taken from the free_hugepages
counts, and 2G is the size of the file in the explicitly mounted
filesystem. If the file is then removed, the counts become:
node0
1024 free_hugepages
1024 nr_hugepages
node1
1024 free_hugepages
1024 nr_hugepages
Filesystem Size Used Avail Use% Mounted on
nodev 4.0G 2.0G 2.0G 50% /var/opt/hugepool
Note that the filesystem still shows 2G of pages used, while there
actually are no huge pages in use. The only way to 'fix' the filesystem
accounting is to unmount the filesystem
If a hugetlb page is associated with an explicitly mounted filesystem,
this information in contained in the page_private field. At migration
time, this information is not preserved. To fix, simply transfer
page_private from old to new page at migration time if necessary.
There is a related race with removing a huge page from a file and
migration. When a huge page is removed from the pagecache, the
page_mapping() field is cleared, yet page_private remains set until the
page is actually freed by free_huge_page(). A page could be migrated
while in this state. However, since page_mapping() is not set the
hugetlbfs specific routine to transfer page_private is not called and we
leak the page count in the filesystem.
To fix that, check for this condition before migrating a huge page. If
the condition is detected, return EBUSY for the page.
Link: http://lkml.kernel.org/r/74510272-7319-7372-9ea6-ec914734c179@oracle.com
Link: http://lkml.kernel.org/r/20190212221400.3512-1-mike.kravetz@oracle.com
Fixes: bcc5422230 ("mm: hugetlb: introduce page_huge_active")
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Reviewed-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: <stable@vger.kernel.org>
[mike.kravetz@oracle.com: v2]
Link: http://lkml.kernel.org/r/7534d322-d782-8ac6-1c8d-a8dc380eb3ab@oracle.com
[mike.kravetz@oracle.com: update comment and changelog]
Link: http://lkml.kernel.org/r/420bcfd6-158b-38e4-98da-26d0cd85bd01@oracle.com
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0a1d52994d440e21def1c2174932410b4f2a98a1 upstream.
security_mmap_addr() does a capability check with current_cred(), but
we can reach this code from contexts like a VFS write handler where
current_cred() must not be used.
This can be abused on systems without SMAP to make NULL pointer
dereferences exploitable again.
Fixes: 8869477a49 ("security: protect from stack expansion into low vm addresses")
Cc: stable@kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 050c17f239fd53adb55aa768d4f41bc76c0fe045 upstream.
The system call, get_mempolicy() [1], passes an unsigned long *nodemask
pointer and an unsigned long maxnode argument which specifies the length
of the user's nodemask array in bits (which is rounded up). The manual
page says that if the maxnode value is too small, get_mempolicy will
return EINVAL but there is no system call to return this minimum value.
To determine this value, some programs search /proc/<pid>/status for a
line starting with "Mems_allowed:" and use the number of digits in the
mask to determine the minimum value. A recent change to the way this line
is formatted [2] causes these programs to compute a value less than
MAX_NUMNODES so get_mempolicy() returns EINVAL.
Change get_mempolicy(), the older compat version of get_mempolicy(), and
the copy_nodes_to_user() function to use nr_node_ids instead of
MAX_NUMNODES, thus preserving the defacto method of computing the minimum
size for the nodemask array and the maxnode argument.
[1] http://man7.org/linux/man-pages/man2/get_mempolicy.2.html
[2] https://lore.kernel.org/lkml/1545405631-6808-1-git-send-email-longman@redhat.com
Link: http://lkml.kernel.org/r/20190211180245.22295-1-rcampbell@nvidia.com
Fixes: 4fb8e5b89bcbbbb ("include/linux/nodemask.h: use nr_node_ids (not MAX_NUMNODES) in __nodemask_pr_numnodes()")
Signed-off-by: Ralph Campbell <rcampbell@nvidia.com>
Suggested-by: Alexander Duyck <alexander.duyck@gmail.com>
Cc: Waiman Long <longman@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-08d5867
Linux 4.4.175
uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define
pinctrl: msm: fix gpio-hog related boot issues
usb: dwc2: Remove unnecessary kfree
kaweth: use skb_cow_head() to deal with cloned skbs
ch9200: use skb_cow_head() to deal with cloned skbs
smsc95xx: Use skb_cow_head to deal with cloned skbs
dm thin: fix bug where bio that overwrites thin block ignores FUA
x86/a.out: Clear the dump structure initially
signal: Restore the stop PTRACE_EVENT_EXIT
x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls
tracing/uprobes: Fix output for multiple string arguments
alpha: Fix Eiger NR_IRQS to 128
alpha: fix page fault handling for r16-r18 targets
Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780
Input: bma150 - register input device after setting private data
ALSA: usb-audio: Fix implicit fb endpoint setup by quirk
ALSA: hda - Add quirk for HP EliteBook 840 G5
perf/core: Fix impossible ring-buffer sizes warning
Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK
Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G"
Documentation/network: reword kernel version reference
cifs: Limit memory used by lock request calls to a page
gpio: pl061: handle failed allocations
ARM: dts: kirkwood: Fix polarity of GPIO fan lines
ARM: dts: da850-evm: Correct the sound card name
uapi/if_ether.h: prevent redefinition of struct ethhdr
Revert "exec: load_script: don't blindly truncate shebang string"
batman-adv: Force mac header to start of data on xmit
batman-adv: Avoid WARN on net_device without parent in netns
xfrm: refine validation of template and selector families
libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()
Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)"
NFC: nxp-nci: Include unaligned.h instead of access_ok.h
HID: debug: fix the ring buffer implementation
drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user
drm/vmwgfx: Fix setting of dma masks
drm/modes: Prevent division by zero htotal
mac80211: ensure that mgmt tx skbs have tailroom for encryption
ARM: iop32x/n2100: fix PCI IRQ mapping
MIPS: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds
MIPS: OCTEON: don't set octeon_dma_bar_type if PCI is disabled
mips: cm: reprime error cause
debugfs: fix debugfs_rename parameter checking
misc: vexpress: Off by one in vexpress_syscfg_exec()
signal: Better detection of synchronous signals
signal: Always notice exiting tasks
mtd: rawnand: gpmi: fix MX28 bus master lockup problem
perf tests evsel-tp-sched: Fix bitwise operator
perf/core: Don't WARN() for impossible ring-buffer sizes
x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out()
perf/x86/intel/uncore: Add Node ID mask
KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
usb: gadget: udc: net2272: Fix bitwise and boolean operations
usb: phy: am335x: fix race condition in _probe
dmaengine: imx-dma: fix wrong callback invoke
fuse: handle zero sized retrieve correctly
fuse: decrement NR_WRITEBACK_TEMP on the right page
fuse: call pipe_buf_release() under pipe lock
ALSA: hda - Serialize codec registrations
ALSA: compress: Fix stop handling on compressed capture streams
net: dsa: slave: Don't propagate flag changes on down slave interfaces
net: systemport: Fix WoL with password after deep sleep
skge: potential memory corruption in skge_get_regs()
net: dp83640: expire old TX-skb
enic: fix checksum validation for IPv6
dccp: fool proof ccid_hc_[rt]x_parse_options()
string: drop __must_check from strscpy() and restore strscpy() usages in cgroup
tipc: use destination length for copy string
test_hexdump: use memcpy instead of strncpy
thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set
exec: load_script: don't blindly truncate shebang string
fs/epoll: drop ovflist branch prediction
kernel/hung_task.c: break RCU locks based on jiffies
HID: lenovo: Add checks to fix of_led_classdev_register
block/swim3: Fix -EBUSY error when re-opening device after unmount
gdrom: fix a memory leak bug
isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw()
ocfs2: don't clear bh uptodate for block read
scripts/decode_stacktrace: only strip base path when a prefix of the path
niu: fix missing checks of niu_pci_eeprom_read
um: Avoid marking pages with "changed protection"
cifs: check ntwrk_buf_start for NULL before dereferencing it
crypto: ux500 - Use proper enum in hash_set_dma_transfer
crypto: ux500 - Use proper enum in cryp_set_dma_transfer
seq_buf: Make seq_buf_puts() null-terminate the buffer
hwmon: (lm80) fix a missing check of bus read in lm80 probe
hwmon: (lm80) fix a missing check of the status of SMBus read
NFS: nfs_compare_mount_options always compare auth flavors.
KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
fbdev: fbcon: Fix unregister crash when more than one framebuffer
igb: Fix an issue that PME is not enabled during runtime suspend
fbdev: fbmem: behave better with small rotated displays and many CPUs
video: clps711x-fb: release disp device node in probe()
drbd: Avoid Clang warning about pointless switch statment
drbd: skip spurious timeout (ping-timeo) when failing promote
drbd: disconnect, if the wrong UUIDs are attached on a connected peer
drbd: narrow rcu_read_lock in drbd_sync_handshake
cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
Bluetooth: Fix unnecessary error message for HCI request completion
xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
mac80211: fix radiotap vendor presence bitmap handling
powerpc/uaccess: fix warning/error with access_ok()
arm64: KVM: Skip MMIO insn after emulation
tty: serial: samsung: Properly set flags in autoCTS mode
memstick: Prevent memstick host from getting runtime suspended during card detection
ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M
ARM: pxa: avoid section mismatch warning
udf: Fix BUG on corrupted inode
i2c-axxia: check for error conditions first
cpuidle: big.LITTLE: fix refcount leak
clk: imx6sl: ensure MMDC CH0 handshake is bypassed
sata_rcar: fix deferred probing
iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
mips: bpf: fix encoding bug for mm_srlv32_op
ARM: dts: Fix OMAP4430 SDP Ethernet startup
timekeeping: Use proper seqcount initializer
usb: hub: delay hub autosuspend if USB3 port is still link training
smack: fix access permissions for keyring
media: DaVinci-VPBE: fix error handling in vpbe_initialize()
x86/fpu: Add might_fault() to user_insn()
ARM: dts: mmp2: fix TWSI2
arm64: ftrace: don't adjust the LR value
nfsd4: fix crash on writing v4_end_grace before nfsd startup
sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN
f2fs: fix wrong return value of f2fs_acl_create
f2fs: move dir data flush to write checkpoint process
soc/tegra: Don't leak device tree node reference
perf tools: Add Hygon Dhyana support
modpost: validate symbol names also in find_elf_symbol
ARM: OMAP2+: hwmod: Fix some section annotations
staging: iio: ad7780: update voltage on read
staging:iio:ad2s90: Make probe handle spi_setup failure
ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
serial: fsl_lpuart: clear parity enable bit when disable parity
powerpc/pseries: add of_node_put() in dlpar_detach_node()
x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
dlm: Don't swamp the CPU with callbacks queued during recovery
ARM: 8808/1: kexec:offline panic_smp_self_stop CPU
scsi: lpfc: Correct LCB RJT handling
ASoC: Intel: mrfld: fix uninitialized variable access
staging: iio: adc: ad7280a: handle error from __ad7280_read32()
drm/bufs: Fix Spectre v1 vulnerability
BACKPORT: userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
ANDROID: cuttlefish_defconfig: Enable DEBUG_SET_MODULE_RONX
ANDROID: Move from clang r346389b to r349610.
UPSTREAM: virt_wifi: fix error return code in virt_wifi_newlink()
ion: Disable ION_HEAP_TYPE_SYSTEM_CONTIG
Change-Id: I8456a2f1d229a2d454295d660f749a2b436c6440
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
commit 29ec90660d68bbdd69507c1c8b4e33aa299278b1 upstream.
After the VMA to register the uffd onto is found, check that it has
VM_MAYWRITE set before allowing registration. This way we inherit all
common code checks before allowing to fill file holes in shmem and
hugetlbfs with UFFDIO_COPY.
The userfaultfd memory model is not applicable for readonly files unless
it's a MAP_PRIVATE.
Change-Id: I55976c6eda20d68bdb8708d3b244731e3e4ce55c
Link: http://lkml.kernel.org/r/20181126173452.26955-4-aarcange@redhat.com
Fixes: ff62a3421044 ("hugetlb: implement memfd sealing")
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Reviewed-by: Mike Rapoport <rppt@linux.ibm.com>
Reviewed-by: Hugh Dickins <hughd@google.com>
Reported-by: Jann Horn <jannh@google.com>
Fixes: 4c27fe4c4c84 ("userfaultfd: shmem: add shmem_mcopy_atomic_pte for userfaultfd support")
Cc: <stable@vger.kernel.org>
Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Joel Fernandes <joelaf@google.com>
* refs/heads/tmp-64b5644
Linux 4.4.173
fs: don't scan the inode cache before SB_BORN is set
mm: migrate: don't rely on __PageMovable() of newpage after unlocking it
drivers: core: Remove glue dirs from sysfs earlier
cifs: Always resolve hostname before reconnecting
mm, oom: fix use-after-free in oom_kill_process
kernel/exit.c: release ptraced tasks before zap_pid_ns_processes
mmc: sdhci-iproc: handle mmc_of_parse() errors during probe
platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes
platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK
gfs2: Revert "Fix loop in gfs2_rbm_find"
arm64: hyp-stub: Forbid kprobing of the hyp-stub
ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment
fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb()
CIFS: Do not count -ENODATA as failure for query directory
l2tp: fix reading optional fields of L2TPv3
l2tp: remove l2specific_len dependency in l2tp_core
ucc_geth: Reset BQL queue when stopping device
net/rose: fix NULL ax25_cb kernel panic
netrom: switch to sock timer API
net/mlx4_core: Add masking for a few queries on HCA caps
l2tp: copy 4 more bytes to linear part if necessary
ipv6: Consider sk_bound_dev_if when binding a socket to an address
fs: add the fsnotify call to vfs_iter_write
s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU
Revert "loop: Fold __loop_release into loop_release"
Revert "loop: Get rid of loop_index_mutex"
Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()"
f2fs: read page index before freeing
arm64: mm: remove page_mapping check in __sync_icache_dcache
irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size
perf unwind: Take pgoff into account when reporting elf to libdwfl
perf unwind: Unwind with libdw doesn't take symfs into account
vt: invoke notifier on screen size change
can: bcm: check timer values before ktime conversion
can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it
x86/kaslr: Fix incorrect i8254 outb() parameters
KVM: x86: Fix single-step debugging
Input: xpad - add support for SteelSeries Stratus Duo
CIFS: Fix possible hang during async MTU reads and writes
tty/n_hdlc: fix __might_sleep warning
tty: Handle problem if line discipline does not have receive_buf
staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1
char/mwave: fix potential Spectre v1 vulnerability
s390/smp: fix CPU hotplug deadlock with CPU rescan
s390/early: improve machine detection
ARC: perf: map generic branches to correct hardware condition
ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages
USB: serial: pl2303: add new PID to support PL2303TB
USB: serial: simple: add Motorola Tetra TPG2200 device id
net: bridge: Fix ethernet header pointer before check skb forwardable
net_sched: refetch skb protocol for each filter
net: ipv4: Fix memory leak in network namespace dismantle
openvswitch: Avoid OOB read when parsing flow nlattrs
net: Fix usage of pskb_trim_rcsum
UPSTREAM: binder: filter out nodes when showing binder procs
ANDROID: cuttlefish_defconfig: Enable CONFIG_RTC_HCTOSYS
Conflicts:
mm/migrate.c
Change-Id: I7986dc89d88607986d00d56f01812fe806d7f4dc
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxbKr0ACgkQONu9yGCS
aT5TfBAAhlyPx+CrOsKhOi9zCb2ZkLrAwMQ8E1LpiHOnCDgzt75zGempUqwVAKq5
JmRay3Tt/YDK5+cDuT/3/ahHXcS3xvyJ/8kSanyPfB0KMkNL1nv1fU0oAb4+OLm6
C63YmUpFQPGyD8R3BLmeIcBIUvEF0l+eZB3lrBjVz+tUKhuiIiBW6NtaHTyOhA9C
KUXHN53CuZG4p7xdaevH5yt43sJGkb9FNDblaCLS9AVC1LiVOBGz/LSXiAiJfyU1
u6zl9U9ZL33oU+cRbz2pulfsd+8CZpZEONPDjzDN11ahA+W8HQ81JabO1bZKkY9h
geshJxrPM06/WS/NxEEPV1/MKPIuSDBxCdOMuGPzXTkpE1YB2EZRU6ONc1I11cYV
hESoSjSMSbVRHfPANjgTz9DauvT7+CBkjZNAgfjT4gKDeIcQhvQXPOcfNnuCfFww
eIdFdvxcBA2mCLz5lmkkH5tlN9fY7Bw7Y5eKknIoMSKGfckCUq5idEVDpTMKjFbP
fcPk5u2MFDmI+EuVQ4FO5bY4cDqRXRpyDYFVl3OKTj5pyU5gfN30WGpNZ4U9sLFb
kXXvoAwjiOmP/7H1fWB28C1Pnz1GaKImFhNmWKaOAfVWUEFto6otVqYRV1najAIv
j1Hq44h47iqhDgAYgL2QtYiaGiyUJfd4lvGYzjM5OwJOEQyeErA=
=bEr6
-----END PGP SIGNATURE-----
Merge 4.4.173 into android-4.4-p
Changes in 4.4.173
net: Fix usage of pskb_trim_rcsum
openvswitch: Avoid OOB read when parsing flow nlattrs
net: ipv4: Fix memory leak in network namespace dismantle
net_sched: refetch skb protocol for each filter
net: bridge: Fix ethernet header pointer before check skb forwardable
USB: serial: simple: add Motorola Tetra TPG2200 device id
USB: serial: pl2303: add new PID to support PL2303TB
ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages
ARC: perf: map generic branches to correct hardware condition
s390/early: improve machine detection
s390/smp: fix CPU hotplug deadlock with CPU rescan
char/mwave: fix potential Spectre v1 vulnerability
staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1
tty: Handle problem if line discipline does not have receive_buf
tty/n_hdlc: fix __might_sleep warning
CIFS: Fix possible hang during async MTU reads and writes
Input: xpad - add support for SteelSeries Stratus Duo
KVM: x86: Fix single-step debugging
x86/kaslr: Fix incorrect i8254 outb() parameters
can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it
can: bcm: check timer values before ktime conversion
vt: invoke notifier on screen size change
perf unwind: Unwind with libdw doesn't take symfs into account
perf unwind: Take pgoff into account when reporting elf to libdwfl
irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size
arm64: mm: remove page_mapping check in __sync_icache_dcache
f2fs: read page index before freeing
Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()"
Revert "loop: Get rid of loop_index_mutex"
Revert "loop: Fold __loop_release into loop_release"
s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU
fs: add the fsnotify call to vfs_iter_write
ipv6: Consider sk_bound_dev_if when binding a socket to an address
l2tp: copy 4 more bytes to linear part if necessary
net/mlx4_core: Add masking for a few queries on HCA caps
netrom: switch to sock timer API
net/rose: fix NULL ax25_cb kernel panic
ucc_geth: Reset BQL queue when stopping device
l2tp: remove l2specific_len dependency in l2tp_core
l2tp: fix reading optional fields of L2TPv3
CIFS: Do not count -ENODATA as failure for query directory
fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb()
ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment
arm64: hyp-stub: Forbid kprobing of the hyp-stub
gfs2: Revert "Fix loop in gfs2_rbm_find"
platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK
platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes
mmc: sdhci-iproc: handle mmc_of_parse() errors during probe
kernel/exit.c: release ptraced tasks before zap_pid_ns_processes
mm, oom: fix use-after-free in oom_kill_process
cifs: Always resolve hostname before reconnecting
drivers: core: Remove glue dirs from sysfs earlier
mm: migrate: don't rely on __PageMovable() of newpage after unlocking it
fs: don't scan the inode cache before SB_BORN is set
Linux 4.4.173
Change-Id: Id606123657ad357fd2cd5f665a725f78b7c3e819
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxbKr0ACgkQONu9yGCS
aT5TfBAAhlyPx+CrOsKhOi9zCb2ZkLrAwMQ8E1LpiHOnCDgzt75zGempUqwVAKq5
JmRay3Tt/YDK5+cDuT/3/ahHXcS3xvyJ/8kSanyPfB0KMkNL1nv1fU0oAb4+OLm6
C63YmUpFQPGyD8R3BLmeIcBIUvEF0l+eZB3lrBjVz+tUKhuiIiBW6NtaHTyOhA9C
KUXHN53CuZG4p7xdaevH5yt43sJGkb9FNDblaCLS9AVC1LiVOBGz/LSXiAiJfyU1
u6zl9U9ZL33oU+cRbz2pulfsd+8CZpZEONPDjzDN11ahA+W8HQ81JabO1bZKkY9h
geshJxrPM06/WS/NxEEPV1/MKPIuSDBxCdOMuGPzXTkpE1YB2EZRU6ONc1I11cYV
hESoSjSMSbVRHfPANjgTz9DauvT7+CBkjZNAgfjT4gKDeIcQhvQXPOcfNnuCfFww
eIdFdvxcBA2mCLz5lmkkH5tlN9fY7Bw7Y5eKknIoMSKGfckCUq5idEVDpTMKjFbP
fcPk5u2MFDmI+EuVQ4FO5bY4cDqRXRpyDYFVl3OKTj5pyU5gfN30WGpNZ4U9sLFb
kXXvoAwjiOmP/7H1fWB28C1Pnz1GaKImFhNmWKaOAfVWUEFto6otVqYRV1najAIv
j1Hq44h47iqhDgAYgL2QtYiaGiyUJfd4lvGYzjM5OwJOEQyeErA=
=bEr6
-----END PGP SIGNATURE-----
Merge 4.4.173 into android-4.4
Changes in 4.4.173
net: Fix usage of pskb_trim_rcsum
openvswitch: Avoid OOB read when parsing flow nlattrs
net: ipv4: Fix memory leak in network namespace dismantle
net_sched: refetch skb protocol for each filter
net: bridge: Fix ethernet header pointer before check skb forwardable
USB: serial: simple: add Motorola Tetra TPG2200 device id
USB: serial: pl2303: add new PID to support PL2303TB
ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages
ARC: perf: map generic branches to correct hardware condition
s390/early: improve machine detection
s390/smp: fix CPU hotplug deadlock with CPU rescan
char/mwave: fix potential Spectre v1 vulnerability
staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1
tty: Handle problem if line discipline does not have receive_buf
tty/n_hdlc: fix __might_sleep warning
CIFS: Fix possible hang during async MTU reads and writes
Input: xpad - add support for SteelSeries Stratus Duo
KVM: x86: Fix single-step debugging
x86/kaslr: Fix incorrect i8254 outb() parameters
can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it
can: bcm: check timer values before ktime conversion
vt: invoke notifier on screen size change
perf unwind: Unwind with libdw doesn't take symfs into account
perf unwind: Take pgoff into account when reporting elf to libdwfl
irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size
arm64: mm: remove page_mapping check in __sync_icache_dcache
f2fs: read page index before freeing
Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()"
Revert "loop: Get rid of loop_index_mutex"
Revert "loop: Fold __loop_release into loop_release"
s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU
fs: add the fsnotify call to vfs_iter_write
ipv6: Consider sk_bound_dev_if when binding a socket to an address
l2tp: copy 4 more bytes to linear part if necessary
net/mlx4_core: Add masking for a few queries on HCA caps
netrom: switch to sock timer API
net/rose: fix NULL ax25_cb kernel panic
ucc_geth: Reset BQL queue when stopping device
l2tp: remove l2specific_len dependency in l2tp_core
l2tp: fix reading optional fields of L2TPv3
CIFS: Do not count -ENODATA as failure for query directory
fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb()
ARM: cns3xxx: Fix writing to wrong PCI config registers after alignment
arm64: hyp-stub: Forbid kprobing of the hyp-stub
gfs2: Revert "Fix loop in gfs2_rbm_find"
platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK
platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes
mmc: sdhci-iproc: handle mmc_of_parse() errors during probe
kernel/exit.c: release ptraced tasks before zap_pid_ns_processes
mm, oom: fix use-after-free in oom_kill_process
cifs: Always resolve hostname before reconnecting
drivers: core: Remove glue dirs from sysfs earlier
mm: migrate: don't rely on __PageMovable() of newpage after unlocking it
fs: don't scan the inode cache before SB_BORN is set
Linux 4.4.173
Change-Id: Ifc01c8b56016e9145bb67258f91dfc6b6983354c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit e0a352fabce61f730341d119fbedf71ffdb8663f upstream.
We had a race in the old balloon compaction code before b1123ea6d3b3
("mm: balloon: use general non-lru movable page feature") refactored it
that became visible after backporting 195a8c43e93d ("virtio-balloon:
deflate via a page list") without the refactoring.
The bug existed from commit d6d86c0a7f ("mm/balloon_compaction:
redesign ballooned pages management") till b1123ea6d3b3 ("mm: balloon:
use general non-lru movable page feature"). d6d86c0a7f
("mm/balloon_compaction: redesign ballooned pages management") was
backported to 3.12, so the broken kernels are stable kernels [3.12 -
4.7].
There was a subtle race between dropping the page lock of the newpage in
__unmap_and_move() and checking for __is_movable_balloon_page(newpage).
Just after dropping this page lock, virtio-balloon could go ahead and
deflate the newpage, effectively dequeueing it and clearing PageBalloon,
in turn making __is_movable_balloon_page(newpage) fail.
This resulted in dropping the reference of the newpage via
putback_lru_page(newpage) instead of put_page(newpage), leading to
page->lru getting modified and a !LRU page ending up in the LRU lists.
With 195a8c43e93d ("virtio-balloon: deflate via a page list")
backported, one would suddenly get corrupted lists in
release_pages_balloon():
- WARNING: CPU: 13 PID: 6586 at lib/list_debug.c:59 __list_del_entry+0xa1/0xd0
- list_del corruption. prev->next should be ffffe253961090a0, but was dead000000000100
Nowadays this race is no longer possible, but it is hidden behind very
ugly handling of __ClearPageMovable() and __PageMovable().
__ClearPageMovable() will not make __PageMovable() fail, only
PageMovable(). So the new check (__PageMovable(newpage)) will still
hold even after newpage was dequeued by virtio-balloon.
If anybody would ever change that special handling, the BUG would be
introduced again. So instead, make it explicit and use the information
of the original isolated page before migration.
This patch can be backported fairly easy to stable kernels (in contrast
to the refactoring).
Link: http://lkml.kernel.org/r/20190129233217.10747-1-david@redhat.com
Fixes: d6d86c0a7f ("mm/balloon_compaction: redesign ballooned pages management")
Signed-off-by: David Hildenbrand <david@redhat.com>
Reported-by: Vratislav Bendel <vbendel@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Rafael Aquini <aquini@redhat.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Vratislav Bendel <vbendel@redhat.com>
Cc: Rafael Aquini <aquini@redhat.com>
Cc: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: <stable@vger.kernel.org> [3.12 - 4.7]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit cefc7ef3c87d02fc9307835868ff721ea12cc597 upstream.
Syzbot instance running on upstream kernel found a use-after-free bug in
oom_kill_process. On further inspection it seems like the process
selected to be oom-killed has exited even before reaching
read_lock(&tasklist_lock) in oom_kill_process(). More specifically the
tsk->usage is 1 which is due to get_task_struct() in oom_evaluate_task()
and the put_task_struct within for_each_thread() frees the tsk and
for_each_thread() tries to access the tsk. The easiest fix is to do
get/put across the for_each_thread() on the selected task.
Now the next question is should we continue with the oom-kill as the
previously selected task has exited? However before adding more
complexity and heuristics, let's answer why we even look at the children
of oom-kill selected task? The select_bad_process() has already selected
the worst process in the system/memcg. Due to race, the selected
process might not be the worst at the kill time but does that matter?
The userspace can use the oom_score_adj interface to prefer children to
be killed before the parent. I looked at the history but it seems like
this is there before git history.
Link: http://lkml.kernel.org/r/20190121215850.221745-1-shakeelb@google.com
Reported-by: syzbot+7fbbfa368521945f0e3d@syzkaller.appspotmail.com
Fixes: 6b0c81b3be ("mm, oom: reduce dependency on tasklist_lock")
Signed-off-by: Shakeel Butt <shakeelb@google.com>
Reviewed-by: Roman Gushchin <guro@fb.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-b3e9e81
Linux 4.4.172
ipmi:ssif: Fix handling of multi-part return messages
net: speed up skb_rbtree_purge()
mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
mm/page-writeback.c: don't break integrity writeback on ->writepage() error
ocfs2: fix panic due to unrecovered local alloc
scsi: megaraid: fix out-of-bound array accesses
sysfs: Disable lockdep for driver bind/unbind files
ALSA: bebob: fix model-id of unit for Apogee Ensemble
dm snapshot: Fix excessive memory usage and workqueue stalls
dm kcopyd: Fix bug causing workqueue stalls
perf parse-events: Fix unchecked usage of strncpy()
perf svghelper: Fix unchecked usage of strncpy()
perf intel-pt: Fix error with config term "pt=0"
mmc: atmel-mci: do not assume idle after atmci_request_end
kconfig: fix memory leak when EOF is encountered in quotation
kconfig: fix file name and line number of warn_ignored_character()
clk: imx6q: reset exclusive gates on init
scsi: target: use consistent left-aligned ASCII INQUIRY data
net: call sk_dst_reset when set SO_DONTROUTE
media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
powerpc/pseries/cpuidle: Fix preempt warning
pstore/ram: Do not treat empty buffers as valid
jffs2: Fix use of uninitialized delayed_work, lockdep breakage
arm64: perf: set suppress_bind_attrs flag to true
MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
writeback: don't decrement wb->refcnt if !wb->bdi
e1000e: allow non-monotonic SYSTIM readings
platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey
xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE
ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
r8169: Add support for new Realtek Ethernet
media: vb2: be sure to unlock mutex on errors
drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
loop: Get rid of loop_index_mutex
loop: Fold __loop_release into loop_release
block/loop: Use global lock for ioctl() operation.
tipc: fix uninit-value in tipc_nl_compat_doit
tipc: fix uninit-value in tipc_nl_compat_name_table_dump
tipc: fix uninit-value in tipc_nl_compat_link_set
tipc: fix uninit-value in tipc_nl_compat_bearer_enable
tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
sctp: allocate sctp_sockaddr_entry with kzalloc
selinux: fix GPF on invalid policy
sunrpc: handle ENOMEM in rpcb_getport_async
media: vb2: vb2_mmap: move lock up
LSM: Check for NULL cred-security on free
media: vivid: set min width/height to a value > 0
media: vivid: fix error handling of kthread_run
omap2fb: Fix stack memory disclosure
Disable MSI also when pcie-octeon.pcie_disable on
mfd: tps6586x: Handle interrupts on suspend
mips: fix n32 compat_ipc_parse_version
scsi: sd: Fix cache_type_store()
Yama: Check for pid death before checking ancestry
btrfs: wait on ordered extents on abort cleanup
crypto: authenc - fix parsing key with misaligned rta_len
crypto: authencesn - Avoid twice completion call in decrypt path
ip: on queued skb use skb_header_pointer instead of pskb_may_pull
packet: Do not leak dev refcounts on error exit
net: bridge: fix a bug on using a neighbour cache entry without checking its state
ipv6: fix kernel-infoleak in ipv6_local_error()
arm64: Don't trap host pointer auth use to EL2
arm64/kvm: consistently handle host HCR_EL2 flags
proc: Remove empty line in /proc/self/status
media: em28xx: Fix misplaced reset of dev->v4l::field_count
f2fs: fix validation of the block count in sanity_check_raw_super
f2fs: fix missing up_read
f2fs: fix invalid memory access
f2fs: fix to do sanity check with cp_pack_start_sum
f2fs: fix to do sanity check with block address in main area v2
f2fs: fix to do sanity check with block address in main area
f2fs: fix to do sanity check with reserved blkaddr of inline inode
f2fs: fix to do sanity check with node footer and iblocks
f2fs: Add sanity_check_inode() function
f2fs: fix to do sanity check with user_block_count
f2fs: fix to do sanity check with secs_per_zone
f2fs: introduce and spread verify_blkaddr
f2fs: clean up with is_valid_blkaddr()
f2fs: enhance sanity_check_raw_super() to avoid potential overflow
f2fs: sanity check on sit entry
f2fs: check blkaddr more accuratly before issue a bio
f2fs: return error during fill_super
f2fs: fix race condition in between free nid allocator/initializer
f2fs: free meta pages if sanity check for ckpt is failed
f2fs: detect wrong layout
f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack
f2fs: put directory inodes before checkpoint in roll-forward recovery
f2fs: introduce get_checkpoint_version for cleanup
f2fs: use crc and cp version to determine roll-forward recovery
f2fs: avoid unneeded loop in build_sit_entries
f2fs: not allow to write illegal blkaddr
f2fs: fix to avoid reading out encrypted data in page cache
f2fs: fix inode cache leak
f2fs: factor out fsync inode entry operations
f2fs: remove an obsolete variable
f2fs: give -EINVAL for norecovery and rw mount
f2fs: fix to convert inline directory correctly
f2fs: move sanity checking of cp into get_valid_checkpoint
f2fs: cover more area with nat_tree_lock
f2fs: clean up argument of recover_data
can: gw: ensure DLC boundaries after CAN frame modification
tty/ldsem: Wake up readers after timed out down_write()
UPSTREAM: dm: do not allow readahead to limit IO size
UPSTREAM: readahead: stricter check for bdi io_pages
UPSTREAM: mm: don't cap request size based on read-ahead setting
ANDROID: Fix cuttlefish redundant vsock connection.
UPSTREAM: loop: drop caches if offset or block_size are changed
Conflicts:
arch/arm64/kvm/hyp.S
Fixed compilation issue due to variable 'backing_dev_info',
which got changed to pointer in downstream.
Change-Id: I8baa569fe9fc13ed5a7e863e5ad1fb8cf1cd469e
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
* refs/heads/tmp-b355d4f
Linux 4.4.171
sunrpc: use-after-free in svc_process_common()
ext4: fix a potential fiemap/page fault deadlock w/ inline_data
crypto: cts - fix crash on short inputs
i2c: dev: prevent adapter retries and timeout being set as minus value
ACPI: power: Skip duplicate power resource references in _PRx
PCI: altera: Move retrain from fixup to altera_pcie_host_init()
PCI: altera: Rework config accessors for use without a struct pci_bus
PCI: altera: Poll for link training status after retraining the link
PCI: altera: Poll for link up status after retraining the link
PCI: altera: Check link status before retrain link
PCI: altera: Reorder read/write functions
PCI: altera: Fix altera_pcie_link_is_up()
slab: alien caches must not be initialized if the allocation of the alien cache failed
USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
USB: storage: add quirk for SMI SM3350
USB: storage: don't insert sane sense for SPC3+ when bad sense specified
usb: cdc-acm: send ZLP for Telit 3G Intel based modems
cifs: Fix potential OOB access of lock element array
CIFS: Do not hide EINTR after sending network packets
btrfs: tree-checker: Fix misleading group system information
btrfs: tree-checker: Check level for leaves and nodes
btrfs: Verify that every chunk has corresponding block group at mount time
btrfs: Check that each block group has corresponding chunk at mount time
btrfs: validate type when reading a chunk
btrfs: tree-checker: Detect invalid and empty essential trees
btrfs: tree-checker: Verify block_group_item
btrfs: tree-check: reduce stack consumption in check_dir_item
btrfs: tree-checker: use %zu format string for size_t
btrfs: tree-checker: Add checker for dir item
btrfs: tree-checker: Fix false panic for sanity test
btrfs: tree-checker: Enhance btrfs_check_node output
btrfs: Move leaf and node validation checker to tree-checker.c
btrfs: Add checker for EXTENT_CSUM
btrfs: Add sanity check for EXTENT_DATA when reading out leaf
btrfs: Check if item pointer overlaps with the item itself
btrfs: Refactor check_leaf function for later expansion
btrfs: struct-funcs, constify readers
Btrfs: fix emptiness check for dirtied extent buffers at check_leaf()
Btrfs: memset to avoid stale content in btree leaf
Btrfs: kill BUG_ON in run_delayed_tree_ref
Btrfs: improve check_node to avoid reading corrupted nodes
Btrfs: memset to avoid stale content in btree node block
Btrfs: fix BUG_ON in btrfs_mark_buffer_dirty
Btrfs: check btree node's nritems
Btrfs: detect corruption when non-root leaf has zero item
Btrfs: fix em leak in find_first_block_group
Btrfs: check inconsistence between chunk and block group
Btrfs: add validadtion checks for chunk loading
btrfs: Enhance chunk validation check
btrfs: cleanup, stop casting for extent_map->lookup everywhere
ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
UPSTREAM: virtio: new feature to detect IOMMU device quirk
UPSTREAM: vring: Use the DMA API on Xen
UPSTREAM: virtio_ring: Support DMA APIs
UPSTREAM: vring: Introduce vring_use_dma_api()
ANDROID: cuttlefish_defconfig: Enable vsock options
UPSTREAM: vhost/vsock: fix reset orphans race with close timeout
UPSTREAM: vhost/vsock: fix use-after-free in network stack callers
UPSTREAM: vhost: correctly check the iova range when waking virtqueue
UPSTREAM: vhost: synchronize IOTLB message with dev cleanup
UPSTREAM: vhost: fix info leak due to uninitialized memory
UPSTREAM: vhost: fix vhost_vq_access_ok() log check
UPSTREAM: vhost: validate log when IOTLB is enabled
UPSTREAM: vhost_net: add missing lock nesting notation
UPSTREAM: vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
UPSTREAM: vhost/vsock: fix uninitialized vhost_vsock->guest_cid
UPSTREAM: vhost_net: correctly check tx avail during rx busy polling
UPSTREAM: vsock: use new wait API for vsock_stream_sendmsg()
UPSTREAM: vsock: cancel packets when failing to connect
UPSTREAM: vhost-vsock: add pkt cancel capability
UPSTREAM: vsock: track pkt owner vsock
UPSTREAM: vhost: fix initialization for vq->is_le
UPSTREAM: vhost/vsock: handle vhost_vq_init_access() error
UPSTREAM: vsock: lookup and setup guest_cid inside vhost_vsock_lock
UPSTREAM: vhost-vsock: fix orphan connection reset
UPSTREAM: vsock/virtio: fix src/dst cid format
UPSTREAM: VSOCK: Don't dec ack backlog twice for rejected connections
UPSTREAM: vhost/vsock: drop space available check for TX vq
UPSTREAM: virtio-vsock: fix include guard typo
UPSTREAM: vhost/vsock: fix vhost virtio_vsock_pkt use-after-free
UPSTREAM: VSOCK: Use kvfree()
BACKPORT: vhost: split out vringh Kconfig
UPSTREAM: vhost: drop vringh dependency
UPSTREAM: vhost: drop vringh dependency
UPSTREAM: vhost: detect 32 bit integer wrap around
UPSTREAM: VSOCK: Add Makefile and Kconfig
UPSTREAM: VSOCK: Introduce vhost_vsock.ko
UPSTREAM: VSOCK: Introduce virtio_transport.ko
BACKPORT: VSOCK: Introduce virtio_vsock_common.ko
UPSTREAM: VSOCK: defer sock removal to transports
UPSTREAM: VSOCK: transport-specific vsock_transport functions
UPSTREAM: vsock: make listener child lock ordering explicit
UPSTREAM: vhost: new device IOTLB API
BACKPORT: vhost: convert pre sorted vhost memory array to interval tree
UPSTREAM: vhost: introduce vhost memory accessors
UPSTREAM: vhost_net: stop polling socket during rx processing
UPSTREAM: VSOCK: constify vsock_transport structure
UPSTREAM: vhost: lockless enqueuing
UPSTREAM: vhost: simplify work flushing
UPSTREAM: VSOCK: Only check error on skb_recv_datagram when skb is NULL
BACKPORT: AF_VSOCK: Shrink the area influenced by prepare_to_wait
UPSTREAM: vhost_net: basic polling support
UPSTREAM: vhost: introduce vhost_vq_avail_empty()
UPSTREAM: vhost: introduce vhost_has_work()
UPSTREAM: vhost: rename vhost_init_used()
UPSTREAM: vhost: rename cross-endian helpers
UPSTREAM: vhost: fix error path in vhost_init_used()
UPSTREAM: virtio: make find_vqs() checkpatch.pl-friendly
UPSTREAM: net: move napi_hash[] into read mostly section
ANDROID: cuttlefish_defconfig: remove DM_VERITY_HASH_PREFETCH_MIN_SIZE
Revert "ANDROID: dm verity: add minimum prefetch size"
ANDROID: f2fs: Complement "android_fs" tracepoint of read path
Removed config DM_VERITY_HASH_PREFETCH_MIN_SIZE in defconfig files
as this feature got reverted.
Change-Id: I9117e3080eaf0e0c99888468037855fc7713ff88
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxMHY8ACgkQONu9yGCS
aT5fqQ/9HVnzHF3hIBQ5Rl0cH4I0pxTCKJMk4BF5JiyWgowEW2gK5qL7a7Lyrovq
L5h5Vagu6YSFzq3pMtwO2qLJntP2gvOxIBjgPLhyrJDOcfOYyPwPfDojZ7FIkR5d
U8qpWKjb6q060hDRgCUFF0fCGNyyGV3/2/7tsaiAev7qcpvDwCL26HA8A7rZvFS4
FySlOAIo3HDwzL/jNCydbdOgT6Tmwggy5Ggccf9GFM2zOxctwbxn5UhUAGOa8DD9
S+V8+vMYnpl1CdsR4f5W+LzIZ+NF3Xb/JlzyCraP2sysi+28LUUqA+3X5GMnZfVp
DBDVqvzSfjxioWu+W1AQ/3ww44mds+fRuNkxMc9O7eTGfYB3dvGZsmPeWAscp86G
xiEIRI5gbTsv8RFJojg9gIzeGghx23LvBXOvVT4/j7vo6yeeDKJfVPz0nc4GgTpU
Z8YcrRLFCpc90FLDZER8FLOXSi0u1d9SKN0UwVSkKgGqWQFxHroKKoyaev2KZo8c
nKTa5/dCJU8H5a6p/4frxmkMYPEatEHFlsjjGbM2xzv+FORm16Uo9kR/FXP4w/i3
Y6nuICM0/KSarSHVpWCmxwE3SWwa0ek9bMxTyYRWWluSjWmd0AtYhIAceGFsbYqv
4SYCPjHXq2gojvzXeTCML1okpJOGRZlnyzaQqhpvoo7OkV4ZIHE=
=2AX1
-----END PGP SIGNATURE-----
Merge 4.4.172 into android-4.4-p
Changes in 4.4.172
tty/ldsem: Wake up readers after timed out down_write()
can: gw: ensure DLC boundaries after CAN frame modification
f2fs: clean up argument of recover_data
f2fs: cover more area with nat_tree_lock
f2fs: move sanity checking of cp into get_valid_checkpoint
f2fs: fix to convert inline directory correctly
f2fs: give -EINVAL for norecovery and rw mount
f2fs: remove an obsolete variable
f2fs: factor out fsync inode entry operations
f2fs: fix inode cache leak
f2fs: fix to avoid reading out encrypted data in page cache
f2fs: not allow to write illegal blkaddr
f2fs: avoid unneeded loop in build_sit_entries
f2fs: use crc and cp version to determine roll-forward recovery
f2fs: introduce get_checkpoint_version for cleanup
f2fs: put directory inodes before checkpoint in roll-forward recovery
f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack
f2fs: detect wrong layout
f2fs: free meta pages if sanity check for ckpt is failed
f2fs: fix race condition in between free nid allocator/initializer
f2fs: return error during fill_super
f2fs: check blkaddr more accuratly before issue a bio
f2fs: sanity check on sit entry
f2fs: enhance sanity_check_raw_super() to avoid potential overflow
f2fs: clean up with is_valid_blkaddr()
f2fs: introduce and spread verify_blkaddr
f2fs: fix to do sanity check with secs_per_zone
f2fs: fix to do sanity check with user_block_count
f2fs: Add sanity_check_inode() function
f2fs: fix to do sanity check with node footer and iblocks
f2fs: fix to do sanity check with reserved blkaddr of inline inode
f2fs: fix to do sanity check with block address in main area
f2fs: fix to do sanity check with block address in main area v2
f2fs: fix to do sanity check with cp_pack_start_sum
f2fs: fix invalid memory access
f2fs: fix missing up_read
f2fs: fix validation of the block count in sanity_check_raw_super
media: em28xx: Fix misplaced reset of dev->v4l::field_count
proc: Remove empty line in /proc/self/status
arm64/kvm: consistently handle host HCR_EL2 flags
arm64: Don't trap host pointer auth use to EL2
ipv6: fix kernel-infoleak in ipv6_local_error()
net: bridge: fix a bug on using a neighbour cache entry without checking its state
packet: Do not leak dev refcounts on error exit
ip: on queued skb use skb_header_pointer instead of pskb_may_pull
crypto: authencesn - Avoid twice completion call in decrypt path
crypto: authenc - fix parsing key with misaligned rta_len
btrfs: wait on ordered extents on abort cleanup
Yama: Check for pid death before checking ancestry
scsi: sd: Fix cache_type_store()
mips: fix n32 compat_ipc_parse_version
mfd: tps6586x: Handle interrupts on suspend
Disable MSI also when pcie-octeon.pcie_disable on
omap2fb: Fix stack memory disclosure
media: vivid: fix error handling of kthread_run
media: vivid: set min width/height to a value > 0
LSM: Check for NULL cred-security on free
media: vb2: vb2_mmap: move lock up
sunrpc: handle ENOMEM in rpcb_getport_async
selinux: fix GPF on invalid policy
sctp: allocate sctp_sockaddr_entry with kzalloc
tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
tipc: fix uninit-value in tipc_nl_compat_bearer_enable
tipc: fix uninit-value in tipc_nl_compat_link_set
tipc: fix uninit-value in tipc_nl_compat_name_table_dump
tipc: fix uninit-value in tipc_nl_compat_doit
block/loop: Use global lock for ioctl() operation.
loop: Fold __loop_release into loop_release
loop: Get rid of loop_index_mutex
loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
media: vb2: be sure to unlock mutex on errors
r8169: Add support for new Realtek Ethernet
ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE
platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey
e1000e: allow non-monotonic SYSTIM readings
writeback: don't decrement wb->refcnt if !wb->bdi
MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
arm64: perf: set suppress_bind_attrs flag to true
jffs2: Fix use of uninitialized delayed_work, lockdep breakage
pstore/ram: Do not treat empty buffers as valid
powerpc/pseries/cpuidle: Fix preempt warning
media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
net: call sk_dst_reset when set SO_DONTROUTE
scsi: target: use consistent left-aligned ASCII INQUIRY data
clk: imx6q: reset exclusive gates on init
kconfig: fix file name and line number of warn_ignored_character()
kconfig: fix memory leak when EOF is encountered in quotation
mmc: atmel-mci: do not assume idle after atmci_request_end
perf intel-pt: Fix error with config term "pt=0"
perf svghelper: Fix unchecked usage of strncpy()
perf parse-events: Fix unchecked usage of strncpy()
dm kcopyd: Fix bug causing workqueue stalls
dm snapshot: Fix excessive memory usage and workqueue stalls
ALSA: bebob: fix model-id of unit for Apogee Ensemble
sysfs: Disable lockdep for driver bind/unbind files
scsi: megaraid: fix out-of-bound array accesses
ocfs2: fix panic due to unrecovered local alloc
mm/page-writeback.c: don't break integrity writeback on ->writepage() error
mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
net: speed up skb_rbtree_purge()
ipmi:ssif: Fix handling of multi-part return messages
Linux 4.4.172
Change-Id: Icbea295f7501881279bdb3a111abfc96c6aa67fc
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxMHY8ACgkQONu9yGCS
aT5fqQ/9HVnzHF3hIBQ5Rl0cH4I0pxTCKJMk4BF5JiyWgowEW2gK5qL7a7Lyrovq
L5h5Vagu6YSFzq3pMtwO2qLJntP2gvOxIBjgPLhyrJDOcfOYyPwPfDojZ7FIkR5d
U8qpWKjb6q060hDRgCUFF0fCGNyyGV3/2/7tsaiAev7qcpvDwCL26HA8A7rZvFS4
FySlOAIo3HDwzL/jNCydbdOgT6Tmwggy5Ggccf9GFM2zOxctwbxn5UhUAGOa8DD9
S+V8+vMYnpl1CdsR4f5W+LzIZ+NF3Xb/JlzyCraP2sysi+28LUUqA+3X5GMnZfVp
DBDVqvzSfjxioWu+W1AQ/3ww44mds+fRuNkxMc9O7eTGfYB3dvGZsmPeWAscp86G
xiEIRI5gbTsv8RFJojg9gIzeGghx23LvBXOvVT4/j7vo6yeeDKJfVPz0nc4GgTpU
Z8YcrRLFCpc90FLDZER8FLOXSi0u1d9SKN0UwVSkKgGqWQFxHroKKoyaev2KZo8c
nKTa5/dCJU8H5a6p/4frxmkMYPEatEHFlsjjGbM2xzv+FORm16Uo9kR/FXP4w/i3
Y6nuICM0/KSarSHVpWCmxwE3SWwa0ek9bMxTyYRWWluSjWmd0AtYhIAceGFsbYqv
4SYCPjHXq2gojvzXeTCML1okpJOGRZlnyzaQqhpvoo7OkV4ZIHE=
=2AX1
-----END PGP SIGNATURE-----
Merge 4.4.172 into android-4.4
Changes in 4.4.172
tty/ldsem: Wake up readers after timed out down_write()
can: gw: ensure DLC boundaries after CAN frame modification
f2fs: clean up argument of recover_data
f2fs: cover more area with nat_tree_lock
f2fs: move sanity checking of cp into get_valid_checkpoint
f2fs: fix to convert inline directory correctly
f2fs: give -EINVAL for norecovery and rw mount
f2fs: remove an obsolete variable
f2fs: factor out fsync inode entry operations
f2fs: fix inode cache leak
f2fs: fix to avoid reading out encrypted data in page cache
f2fs: not allow to write illegal blkaddr
f2fs: avoid unneeded loop in build_sit_entries
f2fs: use crc and cp version to determine roll-forward recovery
f2fs: introduce get_checkpoint_version for cleanup
f2fs: put directory inodes before checkpoint in roll-forward recovery
f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack
f2fs: detect wrong layout
f2fs: free meta pages if sanity check for ckpt is failed
f2fs: fix race condition in between free nid allocator/initializer
f2fs: return error during fill_super
f2fs: check blkaddr more accuratly before issue a bio
f2fs: sanity check on sit entry
f2fs: enhance sanity_check_raw_super() to avoid potential overflow
f2fs: clean up with is_valid_blkaddr()
f2fs: introduce and spread verify_blkaddr
f2fs: fix to do sanity check with secs_per_zone
f2fs: fix to do sanity check with user_block_count
f2fs: Add sanity_check_inode() function
f2fs: fix to do sanity check with node footer and iblocks
f2fs: fix to do sanity check with reserved blkaddr of inline inode
f2fs: fix to do sanity check with block address in main area
f2fs: fix to do sanity check with block address in main area v2
f2fs: fix to do sanity check with cp_pack_start_sum
f2fs: fix invalid memory access
f2fs: fix missing up_read
f2fs: fix validation of the block count in sanity_check_raw_super
media: em28xx: Fix misplaced reset of dev->v4l::field_count
proc: Remove empty line in /proc/self/status
arm64/kvm: consistently handle host HCR_EL2 flags
arm64: Don't trap host pointer auth use to EL2
ipv6: fix kernel-infoleak in ipv6_local_error()
net: bridge: fix a bug on using a neighbour cache entry without checking its state
packet: Do not leak dev refcounts on error exit
ip: on queued skb use skb_header_pointer instead of pskb_may_pull
crypto: authencesn - Avoid twice completion call in decrypt path
crypto: authenc - fix parsing key with misaligned rta_len
btrfs: wait on ordered extents on abort cleanup
Yama: Check for pid death before checking ancestry
scsi: sd: Fix cache_type_store()
mips: fix n32 compat_ipc_parse_version
mfd: tps6586x: Handle interrupts on suspend
Disable MSI also when pcie-octeon.pcie_disable on
omap2fb: Fix stack memory disclosure
media: vivid: fix error handling of kthread_run
media: vivid: set min width/height to a value > 0
LSM: Check for NULL cred-security on free
media: vb2: vb2_mmap: move lock up
sunrpc: handle ENOMEM in rpcb_getport_async
selinux: fix GPF on invalid policy
sctp: allocate sctp_sockaddr_entry with kzalloc
tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
tipc: fix uninit-value in tipc_nl_compat_bearer_enable
tipc: fix uninit-value in tipc_nl_compat_link_set
tipc: fix uninit-value in tipc_nl_compat_name_table_dump
tipc: fix uninit-value in tipc_nl_compat_doit
block/loop: Use global lock for ioctl() operation.
loop: Fold __loop_release into loop_release
loop: Get rid of loop_index_mutex
loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
media: vb2: be sure to unlock mutex on errors
r8169: Add support for new Realtek Ethernet
ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE
platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey
e1000e: allow non-monotonic SYSTIM readings
writeback: don't decrement wb->refcnt if !wb->bdi
MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
arm64: perf: set suppress_bind_attrs flag to true
jffs2: Fix use of uninitialized delayed_work, lockdep breakage
pstore/ram: Do not treat empty buffers as valid
powerpc/pseries/cpuidle: Fix preempt warning
media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
net: call sk_dst_reset when set SO_DONTROUTE
scsi: target: use consistent left-aligned ASCII INQUIRY data
clk: imx6q: reset exclusive gates on init
kconfig: fix file name and line number of warn_ignored_character()
kconfig: fix memory leak when EOF is encountered in quotation
mmc: atmel-mci: do not assume idle after atmci_request_end
perf intel-pt: Fix error with config term "pt=0"
perf svghelper: Fix unchecked usage of strncpy()
perf parse-events: Fix unchecked usage of strncpy()
dm kcopyd: Fix bug causing workqueue stalls
dm snapshot: Fix excessive memory usage and workqueue stalls
ALSA: bebob: fix model-id of unit for Apogee Ensemble
sysfs: Disable lockdep for driver bind/unbind files
scsi: megaraid: fix out-of-bound array accesses
ocfs2: fix panic due to unrecovered local alloc
mm/page-writeback.c: don't break integrity writeback on ->writepage() error
mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
net: speed up skb_rbtree_purge()
ipmi:ssif: Fix handling of multi-part return messages
Linux 4.4.172
Change-Id: I02fc31d06efaf5fa116c7db95e7a543757f592ff
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 3fa750dcf29e8606e3969d13d8e188cc1c0f511d ]
write_cache_pages() is used in both background and integrity writeback
scenarios by various filesystems. Background writeback is mostly
concerned with cleaning a certain number of dirty pages based on various
mm heuristics. It may not write the full set of dirty pages or wait for
I/O to complete. Integrity writeback is responsible for persisting a set
of dirty pages before the writeback job completes. For example, an
fsync() call must perform integrity writeback to ensure data is on disk
before the call returns.
write_cache_pages() unconditionally breaks out of its processing loop in
the event of a ->writepage() error. This is fine for background
writeback, which had no strict requirements and will eventually come
around again. This can cause problems for integrity writeback on
filesystems that might need to clean up state associated with failed page
writeouts. For example, XFS performs internal delayed allocation
accounting before returning a ->writepage() error, where applicable. If
the current writeback happens to be associated with an unmount and
write_cache_pages() completes the writeback prematurely due to error, the
filesystem is unmounted in an inconsistent state if dirty+delalloc pages
still exist.
To handle this problem, update write_cache_pages() to always process the
full set of pages for integrity writeback regardless of ->writepage()
errors. Save the first encountered error and return it to the caller once
complete. This facilitates XFS (or any other fs that expects integrity
writeback to process the entire set of dirty pages) to clean up its
internal state completely in the event of persistent mapping errors.
Background writeback continues to exit on the first error encountered.
[akpm@linux-foundation.org: fix typo in comment]
Link: http://lkml.kernel.org/r/20181116134304.32440-1-bfoster@redhat.com
Signed-off-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
* refs/heads/tmp-241f76b1
Linux 4.4.170
power: supply: olpc_battery: correct the temperature units
intel_th: msu: Fix an off-by-one in attribute store
genwqe: Fix size check
ceph: don't update importing cap's mseq when handing cap export
iommu/vt-d: Handle domain agaw being less than iommu agaw
9p/net: put a lower bound on msize
b43: Fix error in cordic routine
gfs2: Fix loop in gfs2_rbm_find
dlm: memory leaks on error path in dlm_user_request()
dlm: lost put_lkb on error path in receive_convert() and receive_unlock()
dlm: possible memory leak on error path in create_lkb()
dlm: fixed memory leaks after failed ls_remove_names allocation
ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
ALSA: cs46xx: Potential NULL dereference in probe
crypto: x86/chacha20 - avoid sleeping with preemption disabled
sunrpc: use SVC_NET() in svcauth_gss_* functions
sunrpc: fix cache_head leak due to queued request
mm, devm_memremap_pages: kill mapping "System RAM" support
mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL
hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
fork: record start_time late
scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown
Input: omap-keypad - fix idle configuration to not block SoC idle states
scsi: bnx2fc: Fix NULL dereference in error handling
xfrm: Fix bucket count reported to userspace
checkstack.pl: fix for aarch64
Input: restore EV_ABS ABS_RESERVED
ARM: imx: update the cpu power up timing setting on i.mx6sx
powerpc: Fix COFF zImage booting on old powermacs
spi: bcm2835: Unbreak the build of esoteric configs
x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested
CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
MIPS: Align kernel load address to 64KB
MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
media: vivid: free bitmap_cap when updating std/timings/etc.
cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
spi: bcm2835: Fix book-keeping of DMA termination
spi: bcm2835: Fix race on DMA termination
ext4: force inode writes when nfsd calls commit_metadata()
ext4: fix EXT4_IOC_GROUP_ADD ioctl
ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
ext4: fix possible use after free in ext4_quota_enable
perf pmu: Suppress potential format-truncation warning
KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()
USB: serial: option: add Fibocom NL678 series
USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
ALSA: hda/tegra: clear pending irq handlers
ALSA: hda: add mute LED support for HP EliteBook 840 G4
ALSA: emux: Fix potential Spectre v1 vulnerabilities
ALSA: pcm: Fix potential Spectre v1 vulnerability
ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
ALSA: rme9652: Fix potential Spectre v1 vulnerability
sock: Make sock->sk_stamp thread-safe
gro_cell: add napi_disable in gro_cells_destroy
xen/netfront: tolerate frags with no data
VSOCK: Send reset control packet when socket is partially bound
vhost: make sure used idx is seen before log in vhost_add_used_n()
sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
packet: validate address length if non-zero
packet: validate address length
netrom: fix locking in nr_find_socket()
isdn: fix kernel-infoleak in capi_unlocked_ioctl
ipv6: explicitly initialize udp6_addr in udp_sock_create6()
ieee802154: lowpan_header_create check must check daddr
ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
ax25: fix a use-after-free in ax25_fillin_cb()
ipv4: Fix potential Spectre v1 vulnerability
ip6mr: Fix potential Spectre v1 vulnerability
drm/ioctl: Fix Spectre v1 vulnerabilities
x86/mtrr: Don't copy uninitialized gentry fields back to userspace
Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
mmc: omap_hsmmc: fix DMA API warning
mmc: core: Reset HPI enabled state during re-init and in case of errors
USB: serial: option: add Telit LN940 series
USB: serial: option: add Fibocom NL668 series
USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
USB: serial: option: add HP lt4132
USB: serial: option: add GosunCn ZTE WeLink ME3630
xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
f2fs: don't access node/meta inode mapping after iput
f2fs: wait on atomic writes to count F2FS_CP_WB_DATA
f2fs: sanity check of xattr entry size
f2fs: fix use-after-free issue when accessing sbi->stat_info
f2fs: check PageWriteback flag for ordered case
f2fs: fix validation of the block count in sanity_check_raw_super
f2fs: fix missing unlock(sbi->gc_mutex)
f2fs: clean up structure extent_node
f2fs: fix block address for __check_sit_bitmap
f2fs: fix sbi->extent_list corruption issue
f2fs: clean up checkpoint flow
f2fs: flush stale issued discard candidates
f2fs: correct wrong spelling, issing_*
f2fs: use kvmalloc, if kmalloc is failed
f2fs: remove redundant comment of unused wio_mutex
f2fs: fix to reorder set_page_dirty and wait_on_page_writeback
f2fs: clear PG_writeback if IPU failed
f2fs: add an ioctl() to explicitly trigger fsck later
f2fs: avoid frequent costly fsck triggers
f2fs: fix m_may_create to make OPU DIO write correctly
f2fs: fix to update new block address correctly for OPU
f2fs: adjust trace print in f2fs_get_victim() to cover all paths
f2fs: fix to allow node segment for GC by ioctl path
f2fs: make "f2fs_fault_name[]" const char *
f2fs: read page index before freeing
f2fs: fix wrong return value of f2fs_acl_create
f2fs: avoid build warn of fall_through
f2fs: fix race between write_checkpoint and write_begin
f2fs: check memory boundary by insane namelen
f2fs: only flush the single temp bio cache which owns the target page
f2fs: fix out-place-update DIO write
f2fs: fix to be aware discard/preflush/dio command in is_idle()
f2fs: add to account direct IO
f2fs: move dir data flush to write checkpoint process
f2fs: change segment to section in f2fs_ioc_gc_range
f2fs: export migration_granularity sysfs entry
f2fs: support subsectional garbage collection
f2fs: introduce __is_large_section() for cleanup
f2fs: clean up f2fs_sb_has_##feature_name
f2fs: remove codes of unused wio_mutex
f2fs: fix count of seg_freed to make sec_freed correct
f2fs: fix to account preflush command for noflush_merge mode
f2fs: avoid GC causing encrypted file corrupted
ANDROID: cuttlefish_defconfig: Enable VIRTIO_INPUT
Conflicts:
mm/memory_hotplug.c
Change-Id: I8dc4545b59eff285a0fdb22cd06e8d5dffbe1330
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
ondemand_readahead() checks bdi->io_pages to cap the maximum pages
that need to be processed. This works until the readit section. If
we would do an async only readahead (async size = sync size) and
target is at beginning of window we expand the pages by another
get_next_ra_size() pages. Btrace for large reads shows that kernel
always issues a doubled size read at the beginning of processing.
Add an additional check for io_pages in the lower part of the func.
The fix helps devices that hard limit bio pages and rely on proper
handling of max_hw_read_sectors (e.g. older FusionIO cards). For
that reason it could qualify for stable.
Fixes: 9491ae4a ("mm: don't cap request size based on read-ahead setting")
Change-Id: If111344b54897555085c2a6c442d697069962f11
Cc: stable@vger.kernel.org
Signed-off-by: Markus Stockhausen <stockhausen@collogia.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
We ran into a funky issue, where someone doing 256K buffered reads saw
128K requests at the device level. Turns out it is read-ahead capping
the request size, since we use 128K as the default setting. This
doesn't make a lot of sense - if someone is issuing 256K reads, they
should see 256K reads, regardless of the read-ahead setting, if the
underlying device can support a 256K read in a single command.
This patch introduces a bdi hint, io_pages. This is the soft max IO
size for the lower level, I've hooked it up to the bdev settings here.
Read-ahead is modified to issue the maximum of the user request size,
and the read-ahead max size, but capped to the max request size on the
device side. The latter is done to avoid reading ahead too much, if the
application asks for a huge read. With this patch, the kernel behaves
like the application expects.
Change-Id: Ibe52ffac7a6e1ac86ed0c6a59a0f7a32d651ee5f
Link: http://lkml.kernel.org/r/1479498073-8657-1-git-send-email-axboe@fb.com
Signed-off-by: Jens Axboe <axboe@fb.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlw/nxwACgkQONu9yGCS
aT4Ewg//RalHHTMCeO3R89/J/6sp4TI1/xplx+Z9pWyGZZpEAlbJG8DGjJkDn9DZ
Lw9q5nwV7AQXZsoAqDGryMa4II2oS3B9tcUuZR1yu3qAQ2NsEvNrYTFq6IhbUegU
SHbvtw8i4gVw7boBRskw1Y4Nzss4cBHhZ+GWie2w5rTbOX/yvnb0D36061s02dzk
pho1MYcSImxdCvyY+WTKkeAnBFgmfKg94qRDL2JQ7FyDe3ZZ/2ANhcSAH7F2NCcL
9ej5NbSvnSF1J90aoej0oYrqapfZExydcys7Y2o+KuALzEOYLvsFDrauTFJE50sD
negZKySiePY+J+Cu0ibfekdeHggiB2FmQEKF1dFX6lgTvNZYeA3bUL0BN3BLiOWb
/h1sbW7mUi9pH4nH51tPUfs0zn8Skqbte9gM3jq4jKW0oFzobuPjmD/UGDA5XYms
06vNMUpSc2T5FvWUiR5hFb5KXS9HmmBKUnKmK6L/Wj0eyTqk+XBB3jd9eurNUgup
yvu/ivvMH0UD6xSNL8Ubj13rDlBAaU/p3AU3Y5J4hpVTMvX/1B6m7yh/j8jknJAb
XscqzGS8jZIxT5Z8cM1PnBYJN7dqFif+sgkqoElufgkPT5bVzA3wuPYasfykZlMF
mGsy51pBcy9krrK+SHnqq81RZlu5pupyeFVObKGP0L7HJrSvg6U=
=dyvz
-----END PGP SIGNATURE-----
Merge 4.4.171 into android-4.4-p
Changes in 4.4.171
ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
btrfs: cleanup, stop casting for extent_map->lookup everywhere
btrfs: Enhance chunk validation check
Btrfs: add validadtion checks for chunk loading
Btrfs: check inconsistence between chunk and block group
Btrfs: fix em leak in find_first_block_group
Btrfs: detect corruption when non-root leaf has zero item
Btrfs: check btree node's nritems
Btrfs: fix BUG_ON in btrfs_mark_buffer_dirty
Btrfs: memset to avoid stale content in btree node block
Btrfs: improve check_node to avoid reading corrupted nodes
Btrfs: kill BUG_ON in run_delayed_tree_ref
Btrfs: memset to avoid stale content in btree leaf
Btrfs: fix emptiness check for dirtied extent buffers at check_leaf()
btrfs: struct-funcs, constify readers
btrfs: Refactor check_leaf function for later expansion
btrfs: Check if item pointer overlaps with the item itself
btrfs: Add sanity check for EXTENT_DATA when reading out leaf
btrfs: Add checker for EXTENT_CSUM
btrfs: Move leaf and node validation checker to tree-checker.c
btrfs: tree-checker: Enhance btrfs_check_node output
btrfs: tree-checker: Fix false panic for sanity test
btrfs: tree-checker: Add checker for dir item
btrfs: tree-checker: use %zu format string for size_t
btrfs: tree-check: reduce stack consumption in check_dir_item
btrfs: tree-checker: Verify block_group_item
btrfs: tree-checker: Detect invalid and empty essential trees
btrfs: validate type when reading a chunk
btrfs: Check that each block group has corresponding chunk at mount time
btrfs: Verify that every chunk has corresponding block group at mount time
btrfs: tree-checker: Check level for leaves and nodes
btrfs: tree-checker: Fix misleading group system information
CIFS: Do not hide EINTR after sending network packets
cifs: Fix potential OOB access of lock element array
usb: cdc-acm: send ZLP for Telit 3G Intel based modems
USB: storage: don't insert sane sense for SPC3+ when bad sense specified
USB: storage: add quirk for SMI SM3350
USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
slab: alien caches must not be initialized if the allocation of the alien cache failed
PCI: altera: Fix altera_pcie_link_is_up()
PCI: altera: Reorder read/write functions
PCI: altera: Check link status before retrain link
PCI: altera: Poll for link up status after retraining the link
PCI: altera: Poll for link training status after retraining the link
PCI: altera: Rework config accessors for use without a struct pci_bus
PCI: altera: Move retrain from fixup to altera_pcie_host_init()
ACPI: power: Skip duplicate power resource references in _PRx
i2c: dev: prevent adapter retries and timeout being set as minus value
crypto: cts - fix crash on short inputs
ext4: fix a potential fiemap/page fault deadlock w/ inline_data
sunrpc: use-after-free in svc_process_common()
Linux 4.4.171
Change-Id: I7c22502f517531eab581d07aee5f8b554a597e47
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlw/nxwACgkQONu9yGCS
aT4Ewg//RalHHTMCeO3R89/J/6sp4TI1/xplx+Z9pWyGZZpEAlbJG8DGjJkDn9DZ
Lw9q5nwV7AQXZsoAqDGryMa4II2oS3B9tcUuZR1yu3qAQ2NsEvNrYTFq6IhbUegU
SHbvtw8i4gVw7boBRskw1Y4Nzss4cBHhZ+GWie2w5rTbOX/yvnb0D36061s02dzk
pho1MYcSImxdCvyY+WTKkeAnBFgmfKg94qRDL2JQ7FyDe3ZZ/2ANhcSAH7F2NCcL
9ej5NbSvnSF1J90aoej0oYrqapfZExydcys7Y2o+KuALzEOYLvsFDrauTFJE50sD
negZKySiePY+J+Cu0ibfekdeHggiB2FmQEKF1dFX6lgTvNZYeA3bUL0BN3BLiOWb
/h1sbW7mUi9pH4nH51tPUfs0zn8Skqbte9gM3jq4jKW0oFzobuPjmD/UGDA5XYms
06vNMUpSc2T5FvWUiR5hFb5KXS9HmmBKUnKmK6L/Wj0eyTqk+XBB3jd9eurNUgup
yvu/ivvMH0UD6xSNL8Ubj13rDlBAaU/p3AU3Y5J4hpVTMvX/1B6m7yh/j8jknJAb
XscqzGS8jZIxT5Z8cM1PnBYJN7dqFif+sgkqoElufgkPT5bVzA3wuPYasfykZlMF
mGsy51pBcy9krrK+SHnqq81RZlu5pupyeFVObKGP0L7HJrSvg6U=
=dyvz
-----END PGP SIGNATURE-----
Merge 4.4.171 into android-4.4
Changes in 4.4.171
ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
btrfs: cleanup, stop casting for extent_map->lookup everywhere
btrfs: Enhance chunk validation check
Btrfs: add validadtion checks for chunk loading
Btrfs: check inconsistence between chunk and block group
Btrfs: fix em leak in find_first_block_group
Btrfs: detect corruption when non-root leaf has zero item
Btrfs: check btree node's nritems
Btrfs: fix BUG_ON in btrfs_mark_buffer_dirty
Btrfs: memset to avoid stale content in btree node block
Btrfs: improve check_node to avoid reading corrupted nodes
Btrfs: kill BUG_ON in run_delayed_tree_ref
Btrfs: memset to avoid stale content in btree leaf
Btrfs: fix emptiness check for dirtied extent buffers at check_leaf()
btrfs: struct-funcs, constify readers
btrfs: Refactor check_leaf function for later expansion
btrfs: Check if item pointer overlaps with the item itself
btrfs: Add sanity check for EXTENT_DATA when reading out leaf
btrfs: Add checker for EXTENT_CSUM
btrfs: Move leaf and node validation checker to tree-checker.c
btrfs: tree-checker: Enhance btrfs_check_node output
btrfs: tree-checker: Fix false panic for sanity test
btrfs: tree-checker: Add checker for dir item
btrfs: tree-checker: use %zu format string for size_t
btrfs: tree-check: reduce stack consumption in check_dir_item
btrfs: tree-checker: Verify block_group_item
btrfs: tree-checker: Detect invalid and empty essential trees
btrfs: validate type when reading a chunk
btrfs: Check that each block group has corresponding chunk at mount time
btrfs: Verify that every chunk has corresponding block group at mount time
btrfs: tree-checker: Check level for leaves and nodes
btrfs: tree-checker: Fix misleading group system information
CIFS: Do not hide EINTR after sending network packets
cifs: Fix potential OOB access of lock element array
usb: cdc-acm: send ZLP for Telit 3G Intel based modems
USB: storage: don't insert sane sense for SPC3+ when bad sense specified
USB: storage: add quirk for SMI SM3350
USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
slab: alien caches must not be initialized if the allocation of the alien cache failed
PCI: altera: Fix altera_pcie_link_is_up()
PCI: altera: Reorder read/write functions
PCI: altera: Check link status before retrain link
PCI: altera: Poll for link up status after retraining the link
PCI: altera: Poll for link training status after retraining the link
PCI: altera: Rework config accessors for use without a struct pci_bus
PCI: altera: Move retrain from fixup to altera_pcie_host_init()
ACPI: power: Skip duplicate power resource references in _PRx
i2c: dev: prevent adapter retries and timeout being set as minus value
crypto: cts - fix crash on short inputs
ext4: fix a potential fiemap/page fault deadlock w/ inline_data
sunrpc: use-after-free in svc_process_common()
Linux 4.4.171
Change-Id: If59c94897d4f135b24d45772a7db116503695ba7
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 09c2e76ed734a1d36470d257a778aaba28e86531 upstream.
Callers of __alloc_alien() check for NULL. We must do the same check in
__alloc_alien_cache to avoid NULL pointer dereferences on allocation
failures.
Link: http://lkml.kernel.org/r/010001680f42f192-82b4e12e-1565-4ee0-ae1f-1e98974906aa-000000@email.amazonses.com
Fixes: 49dfc304ba ("slab: use the lock on alien_cache, instead of the lock on array_cache")
Fixes: c8522a3a58 ("Slab: introduce alloc_alien")
Signed-off-by: Christoph Lameter <cl@linux.com>
Reported-by: syzbot+d6ed4ec679652b4fd4e4@syzkaller.appspotmail.com
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlw6/14ACgkQONu9yGCS
aT7NGw//UntCx3g48kmf077FwEf+l85rCffBZDknDppUzHA6fsLbMLYOsrDytRo/
rfhPZzmvIB8B3JtCJW3QZQiPUBy/TBJP4o6CNALbyYVkr9DVV0H6dqwN3R9tK3zm
EHg1qaKheUgfBSe+wNGUdyQ2MiSeAGAW0AaAPGqsWthJVKU1MdL7xW85uAn5kfci
rgMW+kFKEkVEQjzlbSGK1IZQpp5mqyZqXYaYcBkqf2TRmwJAVzwUP2EASrKaWyN7
cdHSvJsy23fd21GhTd9982tqE8cLu95g3uV/NgdvSEoWynSLgK0hMHUL7ec8amO/
CLaY0eAq/aJYXiUnKOPy15Uzznp97YyghFxxg59uxhXqKBAGxFJrkPi+Ct3GNVck
uNtOpFNu2h46uRmFrRz7zyNt3gpQtJOXBnMSsJcI9BNYO1kuy3C5q6MwrhlzAltD
WdXGQRtXrY7gd8KU3YYIkEgyTxSu1QlSdVutdWOoQD9shaF9vcT3jwl1SyAQWO7o
YXSDeVrglAmSul0CelxJltE16yJGY6yAbzqP6gssH9zG9nszooSFG1L/UsJfOiMg
iOEh7K2kwMlkd3HrxbnzaKDJ2hmpz/ipoJA3DKvzo1Dose6604szp5qFkWVQFRRs
nbo7DZLvfQPe10UWObH/0FDyX5fi4GuxN+BEqVtNvNPHgSRmxPM=
=eSCs
-----END PGP SIGNATURE-----
Merge 4.4.170 into android-4.4-p
Changes in 4.4.170
USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
USB: serial: option: add GosunCn ZTE WeLink ME3630
USB: serial: option: add HP lt4132
USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
USB: serial: option: add Fibocom NL668 series
USB: serial: option: add Telit LN940 series
mmc: core: Reset HPI enabled state during re-init and in case of errors
mmc: omap_hsmmc: fix DMA API warning
gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
x86/mtrr: Don't copy uninitialized gentry fields back to userspace
drm/ioctl: Fix Spectre v1 vulnerabilities
ip6mr: Fix potential Spectre v1 vulnerability
ipv4: Fix potential Spectre v1 vulnerability
ax25: fix a use-after-free in ax25_fillin_cb()
ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
ieee802154: lowpan_header_create check must check daddr
ipv6: explicitly initialize udp6_addr in udp_sock_create6()
isdn: fix kernel-infoleak in capi_unlocked_ioctl
netrom: fix locking in nr_find_socket()
packet: validate address length
packet: validate address length if non-zero
sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
vhost: make sure used idx is seen before log in vhost_add_used_n()
VSOCK: Send reset control packet when socket is partially bound
xen/netfront: tolerate frags with no data
gro_cell: add napi_disable in gro_cells_destroy
sock: Make sock->sk_stamp thread-safe
ALSA: rme9652: Fix potential Spectre v1 vulnerability
ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
ALSA: pcm: Fix potential Spectre v1 vulnerability
ALSA: emux: Fix potential Spectre v1 vulnerabilities
ALSA: hda: add mute LED support for HP EliteBook 840 G4
ALSA: hda/tegra: clear pending irq handlers
USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
USB: serial: option: add Fibocom NL678 series
usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()
Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
perf pmu: Suppress potential format-truncation warning
ext4: fix possible use after free in ext4_quota_enable
ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
ext4: fix EXT4_IOC_GROUP_ADD ioctl
ext4: force inode writes when nfsd calls commit_metadata()
spi: bcm2835: Fix race on DMA termination
spi: bcm2835: Fix book-keeping of DMA termination
spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
media: vivid: free bitmap_cap when updating std/timings/etc.
MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
MIPS: Align kernel load address to 64KB
CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested
spi: bcm2835: Unbreak the build of esoteric configs
powerpc: Fix COFF zImage booting on old powermacs
ARM: imx: update the cpu power up timing setting on i.mx6sx
Input: restore EV_ABS ABS_RESERVED
checkstack.pl: fix for aarch64
xfrm: Fix bucket count reported to userspace
scsi: bnx2fc: Fix NULL dereference in error handling
Input: omap-keypad - fix idle configuration to not block SoC idle states
scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown
fork: record start_time late
hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL
mm, devm_memremap_pages: kill mapping "System RAM" support
sunrpc: fix cache_head leak due to queued request
sunrpc: use SVC_NET() in svcauth_gss_* functions
crypto: x86/chacha20 - avoid sleeping with preemption disabled
ALSA: cs46xx: Potential NULL dereference in probe
ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
dlm: fixed memory leaks after failed ls_remove_names allocation
dlm: possible memory leak on error path in create_lkb()
dlm: lost put_lkb on error path in receive_convert() and receive_unlock()
dlm: memory leaks on error path in dlm_user_request()
gfs2: Fix loop in gfs2_rbm_find
b43: Fix error in cordic routine
9p/net: put a lower bound on msize
iommu/vt-d: Handle domain agaw being less than iommu agaw
ceph: don't update importing cap's mseq when handing cap export
genwqe: Fix size check
intel_th: msu: Fix an off-by-one in attribute store
power: supply: olpc_battery: correct the temperature units
Linux 4.4.170
Change-Id: I33c9750483716a6c44b40fbea8e729f96af41f52
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlw6/14ACgkQONu9yGCS
aT7NGw//UntCx3g48kmf077FwEf+l85rCffBZDknDppUzHA6fsLbMLYOsrDytRo/
rfhPZzmvIB8B3JtCJW3QZQiPUBy/TBJP4o6CNALbyYVkr9DVV0H6dqwN3R9tK3zm
EHg1qaKheUgfBSe+wNGUdyQ2MiSeAGAW0AaAPGqsWthJVKU1MdL7xW85uAn5kfci
rgMW+kFKEkVEQjzlbSGK1IZQpp5mqyZqXYaYcBkqf2TRmwJAVzwUP2EASrKaWyN7
cdHSvJsy23fd21GhTd9982tqE8cLu95g3uV/NgdvSEoWynSLgK0hMHUL7ec8amO/
CLaY0eAq/aJYXiUnKOPy15Uzznp97YyghFxxg59uxhXqKBAGxFJrkPi+Ct3GNVck
uNtOpFNu2h46uRmFrRz7zyNt3gpQtJOXBnMSsJcI9BNYO1kuy3C5q6MwrhlzAltD
WdXGQRtXrY7gd8KU3YYIkEgyTxSu1QlSdVutdWOoQD9shaF9vcT3jwl1SyAQWO7o
YXSDeVrglAmSul0CelxJltE16yJGY6yAbzqP6gssH9zG9nszooSFG1L/UsJfOiMg
iOEh7K2kwMlkd3HrxbnzaKDJ2hmpz/ipoJA3DKvzo1Dose6604szp5qFkWVQFRRs
nbo7DZLvfQPe10UWObH/0FDyX5fi4GuxN+BEqVtNvNPHgSRmxPM=
=eSCs
-----END PGP SIGNATURE-----
Merge 4.4.170 into android-4.4
Changes in 4.4.170
USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
USB: serial: option: add GosunCn ZTE WeLink ME3630
USB: serial: option: add HP lt4132
USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
USB: serial: option: add Fibocom NL668 series
USB: serial: option: add Telit LN940 series
mmc: core: Reset HPI enabled state during re-init and in case of errors
mmc: omap_hsmmc: fix DMA API warning
gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
x86/mtrr: Don't copy uninitialized gentry fields back to userspace
drm/ioctl: Fix Spectre v1 vulnerabilities
ip6mr: Fix potential Spectre v1 vulnerability
ipv4: Fix potential Spectre v1 vulnerability
ax25: fix a use-after-free in ax25_fillin_cb()
ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
ieee802154: lowpan_header_create check must check daddr
ipv6: explicitly initialize udp6_addr in udp_sock_create6()
isdn: fix kernel-infoleak in capi_unlocked_ioctl
netrom: fix locking in nr_find_socket()
packet: validate address length
packet: validate address length if non-zero
sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
vhost: make sure used idx is seen before log in vhost_add_used_n()
VSOCK: Send reset control packet when socket is partially bound
xen/netfront: tolerate frags with no data
gro_cell: add napi_disable in gro_cells_destroy
sock: Make sock->sk_stamp thread-safe
ALSA: rme9652: Fix potential Spectre v1 vulnerability
ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
ALSA: pcm: Fix potential Spectre v1 vulnerability
ALSA: emux: Fix potential Spectre v1 vulnerabilities
ALSA: hda: add mute LED support for HP EliteBook 840 G4
ALSA: hda/tegra: clear pending irq handlers
USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
USB: serial: option: add Fibocom NL678 series
usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()
Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
perf pmu: Suppress potential format-truncation warning
ext4: fix possible use after free in ext4_quota_enable
ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
ext4: fix EXT4_IOC_GROUP_ADD ioctl
ext4: force inode writes when nfsd calls commit_metadata()
spi: bcm2835: Fix race on DMA termination
spi: bcm2835: Fix book-keeping of DMA termination
spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
media: vivid: free bitmap_cap when updating std/timings/etc.
MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
MIPS: Align kernel load address to 64KB
CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
x86/kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested
spi: bcm2835: Unbreak the build of esoteric configs
powerpc: Fix COFF zImage booting on old powermacs
ARM: imx: update the cpu power up timing setting on i.mx6sx
Input: restore EV_ABS ABS_RESERVED
checkstack.pl: fix for aarch64
xfrm: Fix bucket count reported to userspace
scsi: bnx2fc: Fix NULL dereference in error handling
Input: omap-keypad - fix idle configuration to not block SoC idle states
scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown
fork: record start_time late
hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL
mm, devm_memremap_pages: kill mapping "System RAM" support
sunrpc: fix cache_head leak due to queued request
sunrpc: use SVC_NET() in svcauth_gss_* functions
crypto: x86/chacha20 - avoid sleeping with preemption disabled
ALSA: cs46xx: Potential NULL dereference in probe
ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
dlm: fixed memory leaks after failed ls_remove_names allocation
dlm: possible memory leak on error path in create_lkb()
dlm: lost put_lkb on error path in receive_convert() and receive_unlock()
dlm: memory leaks on error path in dlm_user_request()
gfs2: Fix loop in gfs2_rbm_find
b43: Fix error in cordic routine
9p/net: put a lower bound on msize
iommu/vt-d: Handle domain agaw being less than iommu agaw
ceph: don't update importing cap's mseq when handing cap export
genwqe: Fix size check
intel_th: msu: Fix an off-by-one in attribute store
power: supply: olpc_battery: correct the temperature units
Linux 4.4.170
Change-Id: I1b2927583f8853bfeb3ad11d045c2cf5c5c926f3
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit b15c87263a69272423771118c653e9a1d0672caa upstream.
We have received a bug report that an injected MCE about faulty memory
prevents memory offline to succeed on 4.4 base kernel. The underlying
reason was that the HWPoison page has an elevated reference count and the
migration keeps failing. There are two problems with that. First of all
it is dubious to migrate the poisoned page because we know that accessing
that memory is possible to fail. Secondly it doesn't make any sense to
migrate a potentially broken content and preserve the memory corruption
over to a new location.
Oscar has found out that 4.4 and the current upstream kernels behave
slightly differently with his simply testcase
===
int main(void)
{
int ret;
int i;
int fd;
char *array = malloc(4096);
char *array_locked = malloc(4096);
fd = open("/tmp/data", O_RDONLY);
read(fd, array, 4095);
for (i = 0; i < 4096; i++)
array_locked[i] = 'd';
ret = mlock((void *)PAGE_ALIGN((unsigned long)array_locked), sizeof(array_locked));
if (ret)
perror("mlock");
sleep (20);
ret = madvise((void *)PAGE_ALIGN((unsigned long)array_locked), 4096, MADV_HWPOISON);
if (ret)
perror("madvise");
for (i = 0; i < 4096; i++)
array_locked[i] = 'd';
return 0;
}
===
+ offline this memory.
In 4.4 kernels he saw the hwpoisoned page to be returned back to the LRU
list
kernel: [<ffffffff81019ac9>] dump_trace+0x59/0x340
kernel: [<ffffffff81019e9a>] show_stack_log_lvl+0xea/0x170
kernel: [<ffffffff8101ac71>] show_stack+0x21/0x40
kernel: [<ffffffff8132bb90>] dump_stack+0x5c/0x7c
kernel: [<ffffffff810815a1>] warn_slowpath_common+0x81/0xb0
kernel: [<ffffffff811a275c>] __pagevec_lru_add_fn+0x14c/0x160
kernel: [<ffffffff811a2eed>] pagevec_lru_move_fn+0xad/0x100
kernel: [<ffffffff811a334c>] __lru_cache_add+0x6c/0xb0
kernel: [<ffffffff81195236>] add_to_page_cache_lru+0x46/0x70
kernel: [<ffffffffa02b4373>] extent_readpages+0xc3/0x1a0 [btrfs]
kernel: [<ffffffff811a16d7>] __do_page_cache_readahead+0x177/0x200
kernel: [<ffffffff811a18c8>] ondemand_readahead+0x168/0x2a0
kernel: [<ffffffff8119673f>] generic_file_read_iter+0x41f/0x660
kernel: [<ffffffff8120e50d>] __vfs_read+0xcd/0x140
kernel: [<ffffffff8120e9ea>] vfs_read+0x7a/0x120
kernel: [<ffffffff8121404b>] kernel_read+0x3b/0x50
kernel: [<ffffffff81215c80>] do_execveat_common.isra.29+0x490/0x6f0
kernel: [<ffffffff81215f08>] do_execve+0x28/0x30
kernel: [<ffffffff81095ddb>] call_usermodehelper_exec_async+0xfb/0x130
kernel: [<ffffffff8161c045>] ret_from_fork+0x55/0x80
And that latter confuses the hotremove path because an LRU page is
attempted to be migrated and that fails due to an elevated reference
count. It is quite possible that the reuse of the HWPoisoned page is some
kind of fixed race condition but I am not really sure about that.
With the upstream kernel the failure is slightly different. The page
doesn't seem to have LRU bit set but isolate_movable_page simply fails and
do_migrate_range simply puts all the isolated pages back to LRU and
therefore no progress is made and scan_movable_pages finds same set of
pages over and over again.
Fix both cases by explicitly checking HWPoisoned pages before we even try
to get reference on the page, try to unmap it if it is still mapped. As
explained by Naoya:
: Hwpoison code never unmapped those for no big reason because
: Ksm pages never dominate memory, so we simply didn't have strong
: motivation to save the pages.
Also put WARN_ON(PageLRU) in case there is a race and we can hit LRU
HWPoison pages which shouldn't happen but I couldn't convince myself about
that. Naoya has noted the following:
: Theoretically no such gurantee, because try_to_unmap() doesn't have a
: guarantee of success and then memory_failure() returns immediately
: when hwpoison_user_mappings fails.
: Or the following code (comes after hwpoison_user_mappings block) also impli=
: es
: that the target page can still have PageLRU flag.
:
: /*
: * Torn down by someone else?
: */
: if (PageLRU(p) && !PageSwapCache(p) && p->mapping =3D=3D NULL) {
: action_result(pfn, MF_MSG_TRUNCATED_LRU, MF_IGNORED);
: res =3D -EBUSY;
: goto out;
: }
:
: So I think it's OK to keep "if (WARN_ON(PageLRU(page)))" block in
: current version of your patch.
Link: http://lkml.kernel.org/r/20181206120135.14079-1-mhocko@kernel.org
Signed-off-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: Oscar Salvador <osalvador@suse.com>
Debugged-by: Oscar Salvador <osalvador@suse.com>
Tested-by: Oscar Salvador <osalvador@suse.com>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-66a37fc
Linux 4.4.168
selftests: Move networking/timestamping from Documentation
rocker: fix rocker_tlv_put_* functions for KASAN
staging: speakup: Replace strncpy with memcpy
matroxfb: fix size of memcpy
media: dvb-frontends: fix i2c access helpers for KASAN
proc: do not access cmdline nor environ from file-backed areas
proc: don't use FOLL_FORCE for reading cmdline and environment
mm: replace access_remote_vm() write parameter with gup_flags
mm: replace __access_remote_vm() write parameter with gup_flags
mm: replace get_user_pages() write/force parameters with gup_flags
mm: replace get_vaddr_frames() write/force parameters with gup_flags
mm: replace get_user_pages_locked() write/force parameters with gup_flags
mm: replace get_user_pages_unlocked() write/force parameters with gup_flags
mm/nommu.c: Switch __get_user_pages_unlocked() to use __get_user_pages()
mm: remove write/force parameters from __get_user_pages_unlocked()
mm: remove write/force parameters from __get_user_pages_locked()
sr: pass down correctly sized SCSI sense buffer
swiotlb: clean up reporting
hugetlbfs: fix bug in pgoff overflow checking
hugetlbfs: check for pgoff value overflow
hugetlbfs: fix offset overflow in hugetlbfs mmap
mm/hugetlb.c: don't call region_abort if region_chg fails
posix-timers: Sanitize overrun handling
wil6210: missing length check in wmi_set_ie
bpf: Prevent memory disambiguation attack
bpf/verifier: Pass instruction index to check_mem_access() and check_xadd()
bpf/verifier: Add spi variable to check_stack_write()
bpf: support 8-byte metafield access
KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
KVM: SVM: Move spec control call after restore of GS
x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
x86/bugs, KVM: Support the combination of guest and host IBRS
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
x86: fix SMAP in 32-bit environments
x86: reorganize SMAP handling in user space accesses
KVM/x86: Remove indirect MSR op calls from SPEC_CTRL
KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
KVM/x86: Add IBPB support
KVM: VMX: make MSR bitmaps per-VCPU
KVM: VMX: introduce alloc_loaded_vmcs
KVM: nVMX: Eliminate vmcs02 pool
KVM: nVMX: mark vmcs12 pages dirty on L2 exit
KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC
ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command
pstore: Convert console write to use ->write_buf
ocfs2: fix potential use after free
debugobjects: avoid recursive calls with kmemleak
hfsplus: do not free node before using
hfs: do not free node before using
ocfs2: fix deadlock caused by ocfs2_defrag_extent()
fscache, cachefiles: remove redundant variable 'cache'
fscache: fix race between enablement and dropping of object
xen: xlate_mmu: add missing header to fix 'W=1' warning
drm/ast: fixed reading monitor EDID not stable issue
net: hisilicon: remove unexpected free_netdev
ixgbe: recognize 1000BaseLX SFP modules as 1Gbps
net: thunderx: fix NULL pointer dereference in nic_remove
KVM: x86: fix empty-body warnings
USB: omap_udc: fix USB gadget functionality on Palm Tungsten E
USB: omap_udc: fix omap_udc_start() on 15xx machines
USB: omap_udc: fix crashes on probe error and module removal
USB: omap_udc: use devm_request_irq()
bpf: fix check of allowed specifiers in bpf_trace_printk
exportfs: do not read dentry after free
ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE
ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE
Btrfs: send, fix infinite loop due to directory rename dependencies
hwmon: (w83795) temp4_type has writable permission
ASoC: dapm: Recalculate audio map forcely when card instantiated
hwmon: (ina2xx) Fix current value calculation
s390/cpum_cf: Reject request for sampling in event initialization
sysv: return 'err' instead of 0 in __sysv_write_inode
ARM: OMAP1: ams-delta: Fix possible use of uninitialized field
ARM: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup
neighbour: Avoid writing before skb->head in neigh_hh_output()
tun: forbid iface creation with rtnl ops
tcp: fix NULL ref in tail loss probe
rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices
net: Prevent invalid access to skb->prev in __qdisc_drop_all
net: phy: don't allow __set_phy_supported to add unsupported modes
net: 8139cp: fix a BUG triggered by changing mtu with network traffic
ipv6: Check available headroom in ip6_xmit() even without options
ANDROID: uid_sys_stats: Copy task_struct comm field to bigger buffer
Conflicts:
arch/x86/include/asm/uaccess_32.h
sound/core/pcm_native.c
Change-Id: I1d20594091279ae84c58669dd8ad5fa5e31989ab
[fixed compilation issue in kgsl.c]
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlwYDToACgkQONu9yGCS
aT79dhAAhjCCEjMpcWGXExuCryWYUKJGV6rI1Hk3o5+Jr6tu/dWnhCLQrrSLgyCR
qbhBPW/MLpedxnoeLD0Kzo5XDvziB7dNrVgaure923N/Urst4JTH+hMBX6HHUPWY
vGReKg0a6HNaKsitlTPQaZTNE0uJJ1oCO7mEWYkU571zWaiT8/MT/wo42Ruiab1/
zw4YVlb74fdZRuazAmTIdszC8MxCoqBJQuzl0UvbKcPtosPdZLywi4Rw0LQNgdcf
nO/FZE9GPYPw2G/yV3XMp3qs+vVtJpZQrwrF2xHHDfe7Hosk5bB9iEcl6iSbYvyw
Eir1nD8YTD438sAcLgV3EDRguhQbgBcd23YHFPuyfJrZErZnshfp63iLLYIdZ1Mn
OP47nilY1/FnvxIzJFn0aHlg+9Ix9RepmPWL31xqHb6a0HuYJRJY6ciLln9v+Mld
jG4TtuxlGdkQzbkiSnNVbMVcsWMwX4OHmwQLteZvlzdj5bro5ko+8SVaio5TWBRB
bA9Bw82mKw3BLvlhmgM0Rg0pwJpgXl88r6o5iq2zALVPCUOdFOedoHdCiPpwO1Hl
eFUY2PYx1YZk8qZXX6eh0LhoHM1Lqyd7qSjDbekKGf1oBVUlLe3umhSGivp3j2is
ei1usTw3uM3n6thSeIKPn565gyr/CwXbspo3Ym/YG+719a+XwNU=
=2xi1
-----END PGP SIGNATURE-----
Merge 4.4.168 into android-4.4-p
Changes in 4.4.168
ipv6: Check available headroom in ip6_xmit() even without options
net: 8139cp: fix a BUG triggered by changing mtu with network traffic
net: phy: don't allow __set_phy_supported to add unsupported modes
net: Prevent invalid access to skb->prev in __qdisc_drop_all
rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices
tcp: fix NULL ref in tail loss probe
tun: forbid iface creation with rtnl ops
neighbour: Avoid writing before skb->head in neigh_hh_output()
ARM: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup
ARM: OMAP1: ams-delta: Fix possible use of uninitialized field
sysv: return 'err' instead of 0 in __sysv_write_inode
s390/cpum_cf: Reject request for sampling in event initialization
hwmon: (ina2xx) Fix current value calculation
ASoC: dapm: Recalculate audio map forcely when card instantiated
hwmon: (w83795) temp4_type has writable permission
Btrfs: send, fix infinite loop due to directory rename dependencies
ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE
ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE
exportfs: do not read dentry after free
bpf: fix check of allowed specifiers in bpf_trace_printk
USB: omap_udc: use devm_request_irq()
USB: omap_udc: fix crashes on probe error and module removal
USB: omap_udc: fix omap_udc_start() on 15xx machines
USB: omap_udc: fix USB gadget functionality on Palm Tungsten E
KVM: x86: fix empty-body warnings
net: thunderx: fix NULL pointer dereference in nic_remove
ixgbe: recognize 1000BaseLX SFP modules as 1Gbps
net: hisilicon: remove unexpected free_netdev
drm/ast: fixed reading monitor EDID not stable issue
xen: xlate_mmu: add missing header to fix 'W=1' warning
fscache: fix race between enablement and dropping of object
fscache, cachefiles: remove redundant variable 'cache'
ocfs2: fix deadlock caused by ocfs2_defrag_extent()
hfs: do not free node before using
hfsplus: do not free node before using
debugobjects: avoid recursive calls with kmemleak
ocfs2: fix potential use after free
pstore: Convert console write to use ->write_buf
ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command
KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC
KVM: nVMX: mark vmcs12 pages dirty on L2 exit
KVM: nVMX: Eliminate vmcs02 pool
KVM: VMX: introduce alloc_loaded_vmcs
KVM: VMX: make MSR bitmaps per-VCPU
KVM/x86: Add IBPB support
KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
KVM/x86: Remove indirect MSR op calls from SPEC_CTRL
x86: reorganize SMAP handling in user space accesses
x86: fix SMAP in 32-bit environments
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/bugs, KVM: Support the combination of guest and host IBRS
x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
KVM: SVM: Move spec control call after restore of GS
x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
bpf: support 8-byte metafield access
bpf/verifier: Add spi variable to check_stack_write()
bpf/verifier: Pass instruction index to check_mem_access() and check_xadd()
bpf: Prevent memory disambiguation attack
wil6210: missing length check in wmi_set_ie
posix-timers: Sanitize overrun handling
mm/hugetlb.c: don't call region_abort if region_chg fails
hugetlbfs: fix offset overflow in hugetlbfs mmap
hugetlbfs: check for pgoff value overflow
hugetlbfs: fix bug in pgoff overflow checking
swiotlb: clean up reporting
sr: pass down correctly sized SCSI sense buffer
mm: remove write/force parameters from __get_user_pages_locked()
mm: remove write/force parameters from __get_user_pages_unlocked()
mm/nommu.c: Switch __get_user_pages_unlocked() to use __get_user_pages()
mm: replace get_user_pages_unlocked() write/force parameters with gup_flags
mm: replace get_user_pages_locked() write/force parameters with gup_flags
mm: replace get_vaddr_frames() write/force parameters with gup_flags
mm: replace get_user_pages() write/force parameters with gup_flags
mm: replace __access_remote_vm() write parameter with gup_flags
mm: replace access_remote_vm() write parameter with gup_flags
proc: don't use FOLL_FORCE for reading cmdline and environment
proc: do not access cmdline nor environ from file-backed areas
media: dvb-frontends: fix i2c access helpers for KASAN
matroxfb: fix size of memcpy
staging: speakup: Replace strncpy with memcpy
rocker: fix rocker_tlv_put_* functions for KASAN
selftests: Move networking/timestamping from Documentation
Linux 4.4.168
Change-Id: Icd04a723739ae5e38258a2f6b0aee875f306a0bc
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Tejun Heo
Jiri Kosina
Srinivasarao P
Greg Kroah-Hartman
Konstantin Khlebnikov
Qian Cai
Uladzislau Rezki (Sony)
Peng Fan
Yang Shi
Christoph Lameter
Roman Penyaev
Darrick J. Wong
Mikhail Zaslonko
Michal Hocko
Mike Kravetz
Jann Horn
Ralph Campbell
Joel Fernandes
David Hildenbrand
Shakeel Butt
Brian Foster
Markus Stockhausen
Jens Axboe