| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.242
SUNRPC: ECONNREFUSED should cause a rebind.
scripts/setlocalversion: make git describe output more reliable
powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler
efivarfs: Replace invalid slashes with exclamation marks in dentries.
ravb: Fix bit fields checking in ravb_hwtstamp_get()
tipc: fix memory leak caused by tipc_buf_append()
mtd: lpddr: Fix bad logic in print_drs_error
ata: sata_rcar: Fix DMA boundary mask
fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
f2fs crypto: avoid unneeded memory allocation in ->readdir
powerpc/powernv/smp: Fix spurious DBG() warning
sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
f2fs: fix to check segment boundary during SIT page readahead
um: change sigio_spinlock to a mutex
xfs: fix realtime bitmap/summary file truncation when growing rt volume
video: fbdev: pvr2fb: initialize variables
ath10k: fix VHT NSS calculation when STBC is enabled
mmc: via-sdmmc: Fix data race bug
printk: reduce LOG_BUF_SHIFT range for H8300
kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
USB: adutux: fix debugging
drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
power: supply: test_power: add missing newlines when printing parameters by sysfs
md/bitmap: md_bitmap_get_counter returns wrong blocks
clk: ti: clockdomain: fix static checker warning
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
drivers: watchdog: rdc321x_wdt: Fix race condition bugs
ext4: Detect already used quota file early
gfs2: add validation checks for size of superblock
memory: emif: Remove bogus debugfs error handling
ARM: dts: s5pv210: move PMU node out of clock controller
ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node
md/raid5: fix oops during stripe resizing
leds: bcm6328, bcm6358: use devres LED registering function
NFS: fix nfs_path in case of a rename retry
ACPI / extlog: Check for RDMSR failure
ACPI: video: use ACPI backlight for HP 635 Notebook
acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
w1: mxc_w1: Fix timeout resolution problem leading to bus error
scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
btrfs: reschedule if necessary when logging directory items
vt: keyboard, simplify vt_kdgkbsent
vt: keyboard, extend func_buf_lock to readers
dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status
iio:gyro:itg3200: Fix timestamp alignment and prevent data leak.
powerpc/powernv/elog: Fix race while processing OPAL error log event.
ubifs: dent: Fix some potential memory leaks while iterating entries
ubi: check kthread_should_stop() after the setting of task state
ia64: fix build error with !COREDUMP
ceph: promote to unsigned long long before shifting
libceph: clear con->out_msg on Policy::stateful_server faults
9P: Cast to loff_t before multiplying
ring-buffer: Return 0 on success from ring_buffer_resize()
vringh: fix __vringh_iov() when riov and wiov are different
tty: make FONTX ioctl use the tty pointer they were actually passed
arm64: berlin: Select DW_APB_TIMER_OF
cachefiles: Handle readpage error correctly
hil/parisc: Disable HIL driver when it gets stuck
ARM: samsung: fix PM debug build with DEBUG_LL but !MMU
ARM: s3c24xx: fix missing system reset
device property: Keep secondary firmware node secondary by type
device property: Don't clear secondary pointer for shared primary firmware node
staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice
xen/events: don't use chip_data for legacy IRQs
tipc: fix use-after-free in tipc_bcast_get_mode
gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
gianfar: Account for Tx PTP timestamp in the skb headroom
Fonts: Replace discarded const qualifier
ALSA: usb-audio: Add implicit feedback quirk for Qu-16
ftrace: Fix recursion check for NMI test
ftrace: Handle tracing when switching between context
ARM: dts: sun4i-a10: fix cpu_alert temperature
x86/kexec: Use up-to-dated screen_info copy to fill boot params
of: Fix reserved-memory overlap detection
scsi: core: Don't start concurrent async scan on same host
vsock: use ns_capable_noaudit() on socket create
vt: Disable KD_FONT_OP_COPY
fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
serial: 8250_mtk: Fix uart_get_baud_rate warning
serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init
USB: serial: cyberjack: fix write-URB completion race
USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
USB: serial: option: add Telit FN980 composition 0x1055
USB: Add NO_LPM quirk for Kingston flash drive
ARC: stack unwinding: avoid indefinite looping
Revert "ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE"
Linux 4.4.242
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9c6408c403a91272e8255725dc8de294e522dc90
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit afc18069a2cb7ead5f86623a5f3d4ad6e21f940d ]
kexec_file_load() currently reuses the old boot_params.screen_info,
but if drivers have change the hardware state, boot_param.screen_info
could contain invalid info.
For example, the video type might be no longer VGA, or the frame buffer
address might be changed. If the kexec kernel keeps using the old screen_info,
kexec'ed kernel may attempt to write to an invalid framebuffer
memory region.
There are two screen_info instances globally available, boot_params.screen_info
and screen_info. Later one is a copy, and is updated by drivers.
So let kexec_file_load use the updated copy.
[ mingo: Tidied up the changelog. ]
Signed-off-by: Kairui Song <kasong@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20201014092429.1415040-2-kasong@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/kernel/common into lineage-17.1-caf-msm8998
This brings LA.UM.8.4.r1-05900-8x98.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
59f04f292e871 ANDROID: fix a bug in quota2
Conflicts:
Makefile
fs/ext4/inode.c
fs/f2fs/dir.c
Change-Id: Ic71b44a02908cf633d96114f0ff745cf1e1186de
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.233
xfs: don't call xfs_da_shrink_inode with NULL bp
net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()
media: rc: prevent memory leak in cx23888_ir_probe
ath9k_htc: release allocated buffer if timed out
ath9k: release allocated buffer if timed out
nfs: Move call to security_inode_listsecurity into nfs_listxattr
PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
drm: hold gem reference until object is no longer accessed
f2fs: check memory boundary by insane namelen
f2fs: check if file namelen exceeds max value
ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
rds: Prevent kernel-infoleak in rds_notify_queue_get()
net/x25: Fix x25_neigh refcnt leak when x25 disconnect
net/x25: Fix null-ptr-deref in x25_disconnect
sh: Fix validation of system call number
net: lan78xx: add missing endpoint sanity check
net: lan78xx: fix transfer-buffer memory leak
mlxsw: core: Increase scope of RCU read-side critical section
mac80211: mesh: Free ie data when leaving mesh
nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
net: ethernet: ravb: exit if re-initialization fails in tx timeout
Revert "i2c: cadence: Fix the hold bit setting"
xen-netfront: fix potential deadlock in xennet_remove()
x86/i8259: Use printk_deferred() to prevent deadlock
random32: update the net random state on interrupt and activity
ARM: percpu.h: fix build error
random: fix circular include dependency on arm64 after addition of percpu.h
random32: remove net_rand_state from the latent entropy gcc plugin
random32: move the pseudo-random 32-bit definitions to prandom.h
ext4: fix direct I/O read error
USB: serial: qcserial: add EM7305 QDL product ID
ALSA: seq: oss: Serialize ioctls
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
vgacon: Fix for missing check in scrollback handling
mtd: properly check all write ioctls for permissions
net/9p: validate fds in p9_fd_open
drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason
cfg80211: check vendor command doit pointer before use
igb: reinit_locked() should be called with rtnl_lock
atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
tools lib traceevent: Fix memory leak in process_dynamic_array_len
binder: Prevent context manager from incrementing ref 0
ipv4: Silence suspicious RCU usage warning
ipv6: fix memory leaks on IPV6_ADDRFORM path
Revert "vxlan: fix tos value before xmit"
net: lan78xx: replace bogus endpoint lookup
usb: hso: check for return value in hso_serial_common_create()
vxlan: Ensure FDB dump is performed under RCU
Smack: fix use-after-free in smk_write_relabel_self()
tracepoint: Mark __tracepoint_string's __used
udp: drop corrupt packets earlier to avoid data corruption
gpio: fix oops resulting from calling of_get_named_gpio(NULL, ...)
EDAC: Fix reference count leaks
m68k: mac: Don't send IOP message until channel is idle
m68k: mac: Fix IOP status/control register writes
ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh()
drm/tilcdc: fix leak & null ref in panel_connector_get_modes
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
video: fbdev: neofb: fix memory leak in neo_scan_monitor()
drm/nouveau: fix multiple instances of reference count leaks
drm/debugfs: fix plain echo to connector "force" attribute
mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
brcmfmac: To fix Bss Info flag definition Bug
iwlegacy: Check the return value of pcie_capability_read_*()
usb: gadget: net2280: fix memory leak on probe error handling paths
bdc: Fix bug causing crash after multiple disconnects
dyndbg: fix a BUG_ON in ddebug_describe_flags
bcache: fix super block seq numbers comparision in register_cache_set()
ACPICA: Do not increment operation_region reference counts for field units
agp/intel: Fix a memory leak on module initialisation failure
video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
console: newport_con: fix an issue about leak related system resources
iio: improve IIO_CONCENTRATION channel type description
leds: lm355x: avoid enum conversion warning
media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities()
scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
cxl: Fix kobject memleak
drm/radeon: fix array out-of-bounds read and write issues
scsi: powertec: Fix different dev_id between request_irq() and free_irq()
scsi: eesox: Fix different dev_id between request_irq() and free_irq()
media: firewire: Using uninitialized values in node_probe()
media: exynos4-is: Add missed check for pinctrl_lookup_state()
drm: panel: simple: Fix bpc for LG LB070WV8 panel
mwifiex: Prevent memory corruption handling keys
powerpc/vdso: Fix vdso cpu truncation
PCI/ASPM: Add missing newline in sysfs 'policy'
usb: dwc2: Fix error path in gadget registration
scsi: mesh: Fix panic after host or bus reset
Smack: fix another vsscanf out of bounds
Smack: prevent underflow in smk_set_cipso()
power: supply: check if calc_soc succeeded in pm860x_init_battery
s390/qeth: don't process empty bridge port events
wl1251: fix always return 0 error
net: spider_net: Fix the size used in a 'dma_free_coherent()' call
dlm: Fix kobject memleak
pinctrl-single: fix pcs_parse_pinconf() return value
drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
net/nfc/rawsock.c: add CAP_NET_RAW check.
net: Set fput_needed iff FDPUT_FPUT is set
ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
ALSA: usb-audio: add quirk for Pioneer DDJ-RB
crypto: qat - fix double free in qat_uclo_create_batch_init_list
fs/minix: check return value of sb_getblk()
fs/minix: don't allow getting deleted inodes
fs/minix: reject too-large maximum file size
ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
9p: Fix memory leak in v9fs_mount
parisc: mask out enable and reserved bits from sba imask
ARM: 8992/1: Fix unwind_frame for clang-built kernels
xen/balloon: fix accounting in alloc_xenballooned_pages error path
xen/balloon: make the balloon wait interruptible
PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
btrfs: only search for left_info if there is no right_info in try_merge_free_space
btrfs: fix memory leaks after failure to lookup checksums during inode logging
powerpc: Fix circular dependency between percpu.h and mmu.h
net: ethernet: stmmac: Disable hardware multicast filter
net: stmmac: dwmac1000: provide multicast filter fallback
md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
bcache: allocate meta data pages as compound pages
mac80211: fix misplaced while instead of if
MIPS: CPU#0 is not hotpluggable
ext2: fix missing percpu_counter_inc
ocfs2: change slot number type s16 to u16
kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
pseries: Fix 64 bit logical memory block panic
USB: serial: ftdi_sio: make process-packet buffer unsigned
USB: serial: ftdi_sio: clean up receive processing
iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
iommu/vt-d: Enforce PASID devTLB field mask
i2c: rcar: slave: only send STOP event when we have been addressed
clk: clk-atlas6: fix return value check in atlas6_clk_init()
Input: sentelic - fix error return when fsp_reg_write fails
drm/vmwgfx: Fix two list_for_each loop exit tests
nfs: Fix getxattr kernel panic and memory overflow
fs/ufs: avoid potential u32 multiplication overflow
mfd: dln2: Run event handler loop under spinlock
ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
sh: landisk: Add missing initialization of sh_io_port_base
ipv6: check skb->protocol before lookup for nexthop
Linux 4.4.233
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Iec7dcf69361bcc247996f3de2e20ba64ed0ce3a8
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit bdd65589593edd79b6a12ce86b3b7a7c6dae5208 upstream.
0day reported a possible circular locking dependency:
Chain exists of:
&irq_desc_lock_class --> console_owner --> &port_lock_key
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&port_lock_key);
lock(console_owner);
lock(&port_lock_key);
lock(&irq_desc_lock_class);
The reason for this is a printk() in the i8259 interrupt chip driver
which is invoked with the irq descriptor lock held, which reverses the
lock operations vs. printk() from arbitrary contexts.
Switch the printk() to printk_deferred() to avoid that.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/87365abt2v.fsf@nanos.tec.linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.232
pinctrl: amd: fix npins for uart0 in kerncz_groups
mac80211: allow rx of mesh eapol frames with default rx key
scsi: scsi_transport_spi: Fix function pointer check
xtensa: fix __sync_fetch_and_{and,or}_4 declarations
xtensa: update *pos in cpuinfo_op.next
drivers/net/wan/lapbether: Fixed the value of hard_header_len
net: sky2: initialize return of gm_phy_read
drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion")
perf/core: Fix locking for children siblings group read
uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression
ALSA: info: Drop WARN_ON() from buffer NULL sanity check
ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
btrfs: fix double free on ulist after backref resolution failure
x86/fpu: Disable bottom halves while loading FPU registers
btrfs: fix mount failure caused by race with umount
hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path
ax88172a: fix ax88172a_unbind() failures
net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration
net: smc91x: Fix possible memory leak in smc_drv_probe()
scripts/decode_stacktrace: strip basepath from all paths
regmap: dev_get_regmap_match(): fix string comparison
usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
x86: math-emu: Fix up 'cmp' insn for clang ias
Revert "cifs: Fix the target file was deleted when rename failed."
staging: wlan-ng: properly check endpoint types
staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
serial: 8250: fix null-ptr-deref in serial8250_start_tx()
serial: 8250_mtk: Fix high-speed baud rates clamping
mm/memcg: fix refcount error while moving and swapping
parisc: Add atomic64_set_release() define to avoid CPU soft lockups
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
ath9k: Fix regression with Atheros 9271
AX.25: Fix out-of-bounds read in ax25_connect()
AX.25: Prevent out-of-bounds read in ax25_sendmsg()
net-sysfs: add a newline when printing 'tx_timeout' by sysfs
net: udp: Fix wrong clean up for IS_UDPLITE macro
AX.25: Prevent integer overflows in connect and sendmsg
tcp: allow at most one TLP probe per flight
rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
ip6_gre: fix null-ptr-deref in ip6gre_init_net()
drivers/net/wan/x25_asy: Fix to make it work
Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation
regmap: debugfs: check count when read regmap file
xfs: set format back to extents if xfs_bmap_extents_to_btree
tools/lib/subcmd/pager.c: do not alias select() params
perf: Make perf able to build with latest libbfd
perf tools: Fix snprint warnings for gcc 8
perf annotate: Use asprintf when formatting objdump command line
perf probe: Fix to check blacklist address correctly
Linux 4.4.232
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id3f07fa9b926d859582a8f3aa50c7e4c0c847a77
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 68239654acafe6aad5a3c1dc7237e60accfebc03 ]
The sequence
fpu->initialized = 1; /* step A */
preempt_disable(); /* step B */
fpu__restore(fpu);
preempt_enable();
in __fpu__restore_sig() is racy in regard to a context switch.
For 32bit frames, __fpu__restore_sig() prepares the FPU state within
fpu->state. To ensure that a context switch (switch_fpu_prepare() in
particular) does not modify fpu->state it uses fpu__drop() which sets
fpu->initialized to 0.
After fpu->initialized is cleared, the CPU's FPU state is not saved
to fpu->state during a context switch. The new state is loaded via
fpu__restore(). It gets loaded into fpu->state from userland and
ensured it is sane. fpu->initialized is then set to 1 in order to avoid
fpu__initialize() doing anything (overwrite the new state) which is part
of fpu__restore().
A context switch between step A and B above would save CPU's current FPU
registers to fpu->state and overwrite the newly prepared state. This
looks like a tiny race window but the Kernel Test Robot reported this
back in 2016 while we had lazy FPU support. Borislav Petkov made the
link between that report and another patch that has been posted. Since
the removal of the lazy FPU support, this race goes unnoticed because
the warning has been removed.
Disable bottom halves around the restore sequence to avoid the race. BH
need to be disabled because BH is allowed to run (even with preemption
disabled) and might invoke kernel_fpu_begin() by doing IPsec.
[ bp: massage commit message a bit. ]
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: kvm ML <kvm@vger.kernel.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Rik van Riel <riel@surriel.com>
Cc: stable@vger.kernel.org
Cc: x86-ml <x86@kernel.org>
Link: http://lkml.kernel.org/r/20181120102635.ddv3fvavxajjlfqk@linutronix.de
Link: https://lkml.kernel.org/r/20160226074940.GA28911@pd.tnic
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/kernel/common into lineage-17.1-caf-msm8998
This brings LA.UM.8.4.r1-05700-8x98.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
8476df741c780 BACKPORT: xtables: extend matches and targets with .usersize
Conflicts:
drivers/usb/gadget/function/f_uac1.c
net/netlink/genetlink.c
sound/core/compress_offload.c
Change-Id: Id7b2fdf3942f1986edec869dcd965df632cc1c5f
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.229
s390: fix syscall_get_error for compat processes
clk: sunxi: Fix incorrect usage of round_down()
i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
clk: qcom: msm8916: Fix the address location of pll->config_reg
ALSA: isa/wavefront: prevent out of bounds write in ioctl
scsi: qla2xxx: Fix issue with adapter's stopping state
i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
usblp: poison URBs upon disconnect
ps3disk: use the default segment boundary
vfio/pci: fix memory leaks in alloc_perm_bits()
mfd: wm8994: Fix driver operation if loaded as modules
scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
nfsd: Fix svc_xprt refcnt leak when setup callback client failed
powerpc/crashkernel: Take "mem=" option into account
yam: fix possible memory leak in yam_init_driver
mksysmap: Fix the mismatch of '.L' symbols in System.map
scsi: sr: Fix sr_probe() missing deallocate of device minor
scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM
ALSA: usb-audio: Improve frames size computation
s390/qdio: put thinint indicator after early error
tty: hvc: Fix data abort due to race in hvc_open
staging: sm750fb: add missing case while setting FB_VISUAL
i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output
serial: amba-pl011: Make sure we initialize the port.lock spinlock
drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish
PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges
power: supply: smb347-charger: IRQSTAT_D is volatile
scsi: mpt3sas: Fix double free warnings
dlm: remove BUG() before panic()
clk: ti: composite: fix memory leak
tty: n_gsm: Fix SOF skipping
tty: n_gsm: Fix waking up upper tty layer when room available
powerpc/pseries/ras: Fix FWNMI_VALID off by one
powerpc/ps3: Fix kexec shutdown hang
vfio-pci: Mask cap zero
usb/ohci-platform: Fix a warning when hibernating
USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
tty: n_gsm: Fix bogus i++ in gsm_data_kick
clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1
watchdog: da9062: No need to ping manually before setting timeout
usb: dwc2: gadget: move gadget resume after the core is in L0 state
USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke
usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check
usb: gadget: fix potential double-free in m66592_probe.
net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
openrisc: Fix issue with argument clobbering for clone/fork
gfs2: Allow lock_nolock mount to specify jid=X
scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
lib/zlib: remove outdated and incorrect pre-increment optimization
include/linux/bitops.h: avoid clang shift-count-overflow warnings
elfnote: mark all .note sections SHF_ALLOC
selftests/net: in timestamping, strncpy needs to preserve null byte
scsi: acornscsi: Fix an error handling path in acornscsi_probe()
usb/xhci-plat: Set PM runtime as active on resume
usb/ehci-platform: Set PM runtime as active on resume
perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events()
bcache: fix potential deadlock problem in btree_gc_coalesce
block: Fix use-after-free in blkdev_get()
libata: Use per port sync for detach
drm: encoder_slave: fix refcouting error for modules
drm/dp_mst: Reformat drm_dp_check_act_status() a bit
drm/qxl: Use correct notify port address when creating cursor ring
selinux: fix double free
ext4: fix partial cluster initialization when splitting extent
drm/dp_mst: Increase ACT retry timeout to 3s
sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
block: nr_sects_write(): Disable preemption on seqcount write
crypto: algboss - don't wait during notifier callback
kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
powerpc/kprobes: Fixes for kprobe_lookup_name() on BE
x86/kprobes: Avoid kretprobe recursion bug
kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
e1000e: Do not wake up the system via WOL if device wakeup is disabled
sched/rt, net: Use CONFIG_PREEMPTION.patch
net: core: device_rename: Use rwsem instead of a seqcount
net: Revert "pkt_sched: fq: use proper locking in fq_dump_stats()"
scsi: scsi_devinfo: handle non-terminated strings
l2tp: Allow duplicate session creation with UDP
net: sched: export __netdev_watchdog_up()
fix a braino in "sparc32: fix register window handling in genregs32_[gs]et()"
net: fix memleak in register_netdevice()
net: usb: ax88179_178a: fix packet alignment padding
tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
ip_tunnel: fix use-after-free in ip_tunnel_lookup()
tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT
ip6_gre: fix use-after-free in ip6gre_tunnel_lookup()
tcp: grow window for OOO packets only for SACK flows
sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket
net: Fix the arp error in some cases
net: Do not clear the sock TX queue in sk_set_socket()
net: core: reduce recursion limit value
mld: fix memory leak in ipv6_mc_destroy_dev()
USB: ohci-sm501: Add missed iounmap() in remove
usb: dwc2: Postponed gadget registration to the udc class driver
usb: add USB_QUIRK_DELAY_INIT for Logitech C922
PCI: Disable MSI for HiSilicon Hip06/Hip07 Root Ports
USB: ehci: reopen solution for Synopsys HC bug
usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
ALSA: usb-audio: add quirk for Denon DCD-1500RE
xhci: Fix incorrect EP_STATE_MASK
xhci: Fix enumeration issue when setting max packet size for FS devices.
cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip
ALSA: usb-audio: uac1: Invalidate ctl on interrupt
ALSA: usb-audio: allow clock source validity interrupts
ALSA: usb-audio: Clean up mixer element list traverse
ALSA: usb-audio: Fix OOB access of mixer element list
xhci: Poll for U0 after disabling USB2 LPM
cifs/smb3: Fix data inconsistent when punch hole
cifs/smb3: Fix data inconsistent when zero file range
efi/esrt: Fix reference count leak in esre_create_sysfs_entry.
RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram()
usb: gadget: udc: Potential Oops in error handling code
netfilter: ipset: fix unaligned atomic access
sched/core: Fix PI boosting between RT and DEADLINE tasks
net: alx: fix race condition in alx_remove
kbuild: improve cc-option to clean up all temporary files
blktrace: break out of blktrace setup on concurrent calls
ACPI: sysfs: Fix pm_profile_attr type
KVM: X86: Fix MSR range of APIC registers in X2APIC mode
mm/slab: use memzero_explicit() in kzfree()
ocfs2: load global_inode_alloc
ocfs2: fix value of OCFS2_INVALID_SLOT
ocfs2: fix panic on nfs server over ocfs2
arm64: perf: Report the PC value in REGS_ABI_32 mode
tracing: Fix event trigger to accept redundant spaces
drm/radeon: fix fb_div check in ni_init_smc_spll_table()
sunrpc: fixed rollback in rpc_gssd_dummy_populate()
SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()
pNFS/flexfiles: Fix list corruption if the mirror count changes
NFSv4 fix CLOSE not waiting for direct IO compeletion
PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode
ALSA: usb-audio: Fix invalid NULL check in snd_emuusb_set_samplerate()
Linux 4.4.229
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic510bbcf5c6e701c747c612876e3ce141757a34a
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 9b38cc704e844e41d9cf74e647bff1d249512cb3 ]
Ziqian reported lockup when adding retprobe on _raw_spin_lock_irqsave.
My test was also able to trigger lockdep output:
============================================
WARNING: possible recursive locking detected
5.6.0-rc6+ #6 Not tainted
--------------------------------------------
sched-messaging/2767 is trying to acquire lock:
ffffffff9a492798 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_hash_lock+0x52/0xa0
but task is already holding lock:
ffffffff9a491a18 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_trampoline+0x0/0x50
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&(kretprobe_table_locks[i].lock));
lock(&(kretprobe_table_locks[i].lock));
*** DEADLOCK ***
May be due to missing lock nesting notation
1 lock held by sched-messaging/2767:
#0: ffffffff9a491a18 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_trampoline+0x0/0x50
stack backtrace:
CPU: 3 PID: 2767 Comm: sched-messaging Not tainted 5.6.0-rc6+ #6
Call Trace:
dump_stack+0x96/0xe0
__lock_acquire.cold.57+0x173/0x2b7
? native_queued_spin_lock_slowpath+0x42b/0x9e0
? lockdep_hardirqs_on+0x590/0x590
? __lock_acquire+0xf63/0x4030
lock_acquire+0x15a/0x3d0
? kretprobe_hash_lock+0x52/0xa0
_raw_spin_lock_irqsave+0x36/0x70
? kretprobe_hash_lock+0x52/0xa0
kretprobe_hash_lock+0x52/0xa0
trampoline_handler+0xf8/0x940
? kprobe_fault_handler+0x380/0x380
? find_held_lock+0x3a/0x1c0
kretprobe_trampoline+0x25/0x50
? lock_acquired+0x392/0xbc0
? _raw_spin_lock_irqsave+0x50/0x70
? __get_valid_kprobe+0x1f0/0x1f0
? _raw_spin_unlock_irqrestore+0x3b/0x40
? finish_task_switch+0x4b9/0x6d0
? __switch_to_asm+0x34/0x70
? __switch_to_asm+0x40/0x70
The code within the kretprobe handler checks for probe reentrancy,
so we won't trigger any _raw_spin_lock_irqsave probe in there.
The problem is in outside kprobe_flush_task, where we call:
kprobe_flush_task
kretprobe_table_lock
raw_spin_lock_irqsave
_raw_spin_lock_irqsave
where _raw_spin_lock_irqsave triggers the kretprobe and installs
kretprobe_trampoline handler on _raw_spin_lock_irqsave return.
The kretprobe_trampoline handler is then executed with already
locked kretprobe_table_locks, and first thing it does is to
lock kretprobe_table_locks ;-) the whole lockup path like:
kprobe_flush_task
kretprobe_table_lock
raw_spin_lock_irqsave
_raw_spin_lock_irqsave ---> probe triggered, kretprobe_trampoline installed
---> kretprobe_table_locks locked
kretprobe_trampoline
trampoline_handler
kretprobe_hash_lock(current, &head, &flags); <--- deadlock
Adding kprobe_busy_begin/end helpers that mark code with fake
probe installed to prevent triggering of another kprobe within
this code.
Using these helpers in kprobe_flush_task, so the probe recursion
protection check is hit and the probe is never set to prevent
above lockup.
Link: http://lkml.kernel.org/r/158927059835.27680.7011202830041561604.stgit@devnote2
Fixes: ef53d9c5e4da ("kprobes: improve kretprobe scalability with hashed locking")
Cc: Ingo Molnar <mingo@kernel.org>
Cc: "Gustavo A . R . Silva" <gustavoars@kernel.org>
Cc: Anders Roxell <anders.roxell@linaro.org>
Cc: "Naveen N . Rao" <naveen.n.rao@linux.ibm.com>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
Cc: David Miller <davem@davemloft.net>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: stable@vger.kernel.org
Reported-by: "Ziqian SUN (Zamir)" <zsun@redhat.com>
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit b191fa96ea6dc00d331dcc28c1f7db5e075693a0 ]
Avoid kretprobe recursion loop bg by setting a dummy
kprobes to current_kprobe per-CPU variable.
This bug has been introduced with the asm-coded trampoline
code, since previously it used another kprobe for hooking
the function return placeholder (which only has a nop) and
trampoline handler was called from that kprobe.
This revives the old lost kprobe again.
With this fix, we don't see deadlock anymore.
And you can see that all inner-called kretprobe are skipped.
event_1 235 0
event_2 19375 19612
The 1st column is recorded count and the 2nd is missed count.
Above shows (event_1 rec) + (event_2 rec) ~= (event_2 missed)
(some difference are here because the counter is racy)
Reported-by: Andrea Righi <righi.andrea@gmail.com>
Tested-by: Andrea Righi <righi.andrea@gmail.com>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Fixes: c9becf58d935 ("[PATCH] kretprobe: kretprobe-booster")
Link: http://lkml.kernel.org/r/155094064889.6137.972160690963039.stgit@devbox
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.228
ipv6: fix IPV6_ADDRFORM operation logic
vxlan: Avoid infinite loop when suppressing NS messages with invalid options
scsi: return correct blkprep status code in case scsi_init_io() fails.
net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as well.
pwm: fsl-ftm: Use flat regmap cache
igb: improve handling of disconnected adapters
ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
sched/fair: Don't NUMA balance for kthreads
ath9k_htc: Silence undersized packet warnings
x86_64: Fix jiffies ODR violation
x86/speculation: Prevent rogue cross-process SSBD shutdown
x86/reboot/quirks: Add MacBook6,1 reboot quirk
efi/efivars: Add missing kobject_put() in sysfs entry creation error path
ALSA: es1688: Add the missed snd_card_free()
ALSA: usb-audio: Fix inconsistent card PM state after resume
ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
ACPI: PM: Avoid using power resources if there are none for D0
cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
spi: bcm2835aux: Fix controller unregister order
ALSA: pcm: disallow linking stream to itself
x86/speculation: Change misspelled STIPB to STIBP
x86/speculation: Add support for STIBP always-on preferred mode
x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
spi: dw: fix possible race condition
spi: dw: Fix controller unregister order
spi: No need to assign dummy value in spi_unregister_controller()
spi: Fix controller unregister order
spi: pxa2xx: Fix controller unregister order
spi: bcm2835: Fix controller unregister order
ovl: initialize error in ovl_copy_xattr
proc: Use new_inode not new_inode_pseudo
video: fbdev: w100fb: Fix a potential double free.
KVM: nSVM: leave ASID aside in copy_vmcb_control_area
KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
Smack: slab-out-of-bounds in vsscanf
mm/slub: fix a memory leak in sysfs_slab_add()
fat: don't allow to mount if the FAT length == 0
can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
spi: dw: Zero DMA Tx and Rx configurations on stack
Bluetooth: Add SCO fallback for invalid LMP parameters error
kgdb: Prevent infinite recursive entries to the debugger
spi: dw: Enable interrupts in accordance with DMA xfer mode
clocksource: dw_apb_timer_of: Fix missing clockevent timers
btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss()
staging: android: ion: use vmap instead of vm_map_ram
e1000: Distribute switch variables for initialization
media: dvb: return -EREMOTEIO on i2c transfer failure.
MIPS: Make sparse_init() using top-down allocation
netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
lib/mpi: Fix 64-bit MIPS build with Clang
net: lpc-enet: fix error return code in lpc_mii_init()
net: allwinner: Fix use correct return type for ndo_start_xmit()
powerpc/spufs: fix copy_to_user while atomic
mips: cm: Fix an invalid error code of INTVN_*_ERR
kgdb: Fix spurious true from in_dbg_master()
md: don't flush workqueue unconditionally in md_open
mwifiex: Fix memory corruption in dump_station
mips: Add udelay lpj numbers adjustment
x86/mm: Stop printing BRK addresses
m68k: mac: Don't call via_flush_cache() on Mac IIfx
macvlan: Skip loopback packets in RX handler
PCI: Don't disable decoding when mmio_always_on is set
MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
ixgbe: fix signed-integer-overflow warning
spi: dw: Return any value retrieved from the dma_transfer callback
cpuidle: Fix three reference count leaks
ima: Fix ima digest hash table key calculation
ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
Btrfs: fix unreplayable log after snapshot delete + parent dir fsync
btrfs: send: emit file capabilities after chown
btrfs: fix error handling when submitting direct I/O bio
ima: Directly assign the ima_default_policy pointer to ima_rules
PCI: Program MPS for RCiEP devices
e1000e: Relax condition to trigger reset for ME workaround
carl9170: remove P2P_GO support
media: go7007: fix a miss of snd_card_free
b43legacy: Fix case where channel status is corrupted
b43: Fix connection problem with WPA3
b43_legacy: Fix connection problem with WPA3
igb: Report speed and duplex as unknown when device is runtime suspended
power: vexpress: add suppress_bind_attrs to true
pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
sparc32: fix register window handling in genregs32_[gs]et()
kernel/cpu_pm: Fix uninitted local in cpu_pm
ARM: tegra: Correct PL310 Auxiliary Control Register initialization
drivers/macintosh: Fix memleak in windfarm_pm112 driver
kbuild: force to build vmlinux if CONFIG_MODVERSION=y
sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations.
sunrpc: clean up properly in gss_mech_unregister()
w1: omap-hdq: cleanup to add missing newline for some dev_dbg
perf probe: Do not show the skipped events
perf symbols: Fix debuginfo search for Ubuntu
Linux 4.4.228
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ice915aaa684101ec7e774ccf43bfb533f84b4740
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf ]
Currently, it is possible to enable indirect branch speculation even after
it was force-disabled using the PR_SPEC_FORCE_DISABLE option. Moreover, the
PR_GET_SPECULATION_CTRL command gives afterwards an incorrect result
(force-disabled when it is in fact enabled). This also is inconsistent
vs. STIBP and the documention which cleary states that
PR_SPEC_FORCE_DISABLE cannot be undone.
Fix this by actually enforcing force-disabled indirect branch
speculation. PR_SPEC_ENABLE called after PR_SPEC_FORCE_DISABLE now fails
with -EPERM as described in the documentation.
Fixes: 9137bb27e60e ("x86/speculation: Add prctl() control for indirect branch speculation")
Signed-off-by: Anthony Steinhauser <asteinhauser@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 21998a351512eba4ed5969006f0c55882d995ada ]
When STIBP is unavailable or enhanced IBRS is available, Linux
force-disables the IBPB mitigation of Spectre-BTB even when simultaneous
multithreading is disabled. While attempts to enable IBPB using
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, ...) fail with
EPERM, the seccomp syscall (or its prctl(PR_SET_SECCOMP, ...) equivalent)
which are used e.g. by Chromium or OpenSSH succeed with no errors but the
application remains silently vulnerable to cross-process Spectre v2 attacks
(classical BTB poisoning). At the same time the SYSFS reporting
(/sys/devices/system/cpu/vulnerabilities/spectre_v2) displays that IBPB is
conditionally enabled when in fact it is unconditionally disabled.
STIBP is useful only when SMT is enabled. When SMT is disabled and STIBP is
unavailable, it makes no sense to force-disable also IBPB, because IBPB
protects against cross-process Spectre-BTB attacks regardless of the SMT
state. At the same time since missing STIBP was only observed on AMD CPUs,
AMD does not recommend using STIBP, but recommends using IBPB, so disabling
IBPB because of missing STIBP goes directly against AMD's advice:
https://developer.amd.com/wp-content/resources/Architecture_Guidelines_Update_Indirect_Branch_Control.pdf
Similarly, enhanced IBRS is designed to protect cross-core BTB poisoning
and BTB-poisoning attacks from user space against kernel (and
BTB-poisoning attacks from guest against hypervisor), it is not designed
to prevent cross-process (or cross-VM) BTB poisoning between processes (or
VMs) running on the same core. Therefore, even with enhanced IBRS it is
necessary to flush the BTB during context-switches, so there is no reason
to force disable IBPB when enhanced IBRS is available.
Enable the prctl control of IBPB even when STIBP is unavailable or enhanced
IBRS is available.
Fixes: 7cc765a67d8e ("x86/speculation: Enable prctl mode for spectre_v2_user")
Signed-off-by: Anthony Steinhauser <asteinhauser@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 20c3a2c33e9fdc82e9e8e8d2a6445b3256d20191 ]
Different AMD processors may have different implementations of STIBP.
When STIBP is conditionally enabled, some implementations would benefit
from having STIBP always on instead of toggling the STIBP bit through MSR
writes. This preference is advertised through a CPUID feature bit.
When conditional STIBP support is requested at boot and the CPU advertises
STIBP always-on mode as preferred, switch to STIBP "on" support. To show
that this transition has occurred, create a new spectre_v2_user_mitigation
value and a new spectre_v2_user_strings message. The new mitigation value
is used in spectre_v2_user_select_mitigation() to print the new mitigation
message as well as to return a new string from stibp_state().
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Link: https://lkml.kernel.org/r/20181213230352.6937.74943.stgit@tlendack-t1.amdoffice.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit aa77bfb354c495fc4361199e63fc5765b9e1e783 ]
STIBP stands for Single Thread Indirect Branch Predictors. The acronym,
however, can be easily mis-spelled as STIPB. It is perhaps due to the
presence of another related term - IBPB (Indirect Branch Predictor
Barrier).
Fix the mis-spelling in the code.
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: KarimAllah Ahmed <karahmed@amazon.de>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/1544039368-9009-1-git-send-email-longman@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit 140fd4ac78d385e6c8e6a5757585f6c707085f87 upstream.
On MacBook6,1 reboot would hang unless parameter reboot=pci is added.
Make it automatic.
Signed-off-by: Hill Ma <maahiuzeon@gmail.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20200425200641.GA1554@cslab.localdomain
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit dbbe2ad02e9df26e372f38cc3e70dab9222c832e upstream.
On context switch the change of TIF_SSBD and TIF_SPEC_IB are evaluated
to adjust the mitigations accordingly. This is optimized to avoid the
expensive MSR write if not needed.
This optimization is buggy and allows an attacker to shutdown the SSBD
protection of a victim process.
The update logic reads the cached base value for the speculation control
MSR which has neither the SSBD nor the STIBP bit set. It then OR's the
SSBD bit only when TIF_SSBD is different and requests the MSR update.
That means if TIF_SSBD of the previous and next task are the same, then
the base value is not updated, even if TIF_SSBD is set. The MSR write is
not requested.
Subsequently if the TIF_STIBP bit differs then the STIBP bit is updated
in the base value and the MSR is written with a wrong SSBD value.
This was introduced when the per task/process conditional STIPB
switching was added on top of the existing SSBD switching.
It is exploitable if the attacker creates a process which enforces SSBD
and has the contrary value of STIBP than the victim process (i.e. if the
victim process enforces STIBP, the attacker process must not enforce it;
if the victim process does not enforce STIBP, the attacker process must
enforce it) and schedule it on the same core as the victim process. If
the victim runs after the attacker the victim becomes vulnerable to
Spectre V4.
To fix this, update the MSR value independent of the TIF_SSBD difference
and dependent on the SSBD mitigation method available. This ensures that
a subsequent STIPB initiated MSR write has the correct state of SSBD.
[ tglx: Handle X86_FEATURE_VIRT_SSBD & X86_FEATURE_VIRT_SSBD correctly
and massaged changelog ]
Fixes: 5bfbe3ad5840 ("x86/speculation: Prepare for per task indirect branch speculation control")
Signed-off-by: Anthony Steinhauser <asteinhauser@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit d8ad6d39c35d2b44b3d48b787df7f3359381dcbf upstream.
'jiffies' and 'jiffies_64' are meant to alias (two different symbols that
share the same address). Most architectures make the symbols alias to the
same address via a linker script assignment in their
arch/<arch>/kernel/vmlinux.lds.S:
jiffies = jiffies_64;
which is effectively a definition of jiffies.
jiffies and jiffies_64 are both forward declared for all architectures in
include/linux/jiffies.h. jiffies_64 is defined in kernel/time/timer.c.
x86_64 was peculiar in that it wasn't doing the above linker script
assignment, but rather was:
1. defining jiffies in arch/x86/kernel/time.c instead via the linker script.
2. overriding the symbol jiffies_64 from kernel/time/timer.c in
arch/x86/kernel/vmlinux.lds.s via 'jiffies_64 = jiffies;'.
As Fangrui notes:
In LLD, symbol assignments in linker scripts override definitions in
object files. GNU ld appears to have the same behavior. It would
probably make sense for LLD to error "duplicate symbol" but GNU ld
is unlikely to adopt for compatibility reasons.
This results in an ODR violation (UB), which seems to have survived
thus far. Where it becomes harmful is when;
1. -fno-semantic-interposition is used:
As Fangrui notes:
Clang after LLVM commit 5b22bcc2b70d
("[X86][ELF] Prefer to lower MC_GlobalAddress operands to .Lfoo$local")
defaults to -fno-semantic-interposition similar semantics which help
-fpic/-fPIC code avoid GOT/PLT when the referenced symbol is defined
within the same translation unit. Unlike GCC
-fno-semantic-interposition, Clang emits such relocations referencing
local symbols for non-pic code as well.
This causes references to jiffies to refer to '.Ljiffies$local' when
jiffies is defined in the same translation unit. Likewise, references to
jiffies_64 become references to '.Ljiffies_64$local' in translation units
that define jiffies_64. Because these differ from the names used in the
linker script, they will not be rewritten to alias one another.
2. Full LTO
Full LTO effectively treats all source files as one translation
unit, causing these local references to be produced everywhere. When
the linker processes the linker script, there are no longer any
references to jiffies_64' anywhere to replace with 'jiffies'. And
thus '.Ljiffies$local' and '.Ljiffies_64$local' no longer alias
at all.
In the process of porting patches enabling Full LTO from arm64 to x86_64,
spooky bugs have been observed where the kernel appeared to boot, but init
doesn't get scheduled.
Avoid the ODR violation by matching other architectures and define jiffies
only by linker script. For -fno-semantic-interposition + Full LTO, there
is no longer a global definition of jiffies for the compiler to produce a
local symbol which the linker script won't ensure aliases to jiffies_64.
Fixes: 40747ffa5aa8 ("asmlinkage: Make jiffies visible")
Reported-by: Nathan Chancellor <natechancellor@gmail.com>
Reported-by: Alistair Delva <adelva@google.com>
Debugged-by: Nick Desaulniers <ndesaulniers@google.com>
Debugged-by: Sami Tolvanen <samitolvanen@google.com>
Suggested-by: Fangrui Song <maskray@google.com>
Signed-off-by: Bob Haarman <inglorion@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Sedat Dilek <sedat.dilek@gmail.com> # build+boot on
Reviewed-by: Andi Kleen <ak@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: stable@vger.kernel.org
Link: https://github.com/ClangBuiltLinux/linux/issues/852
Link: https://lkml.kernel.org/r/20200602193100.229287-1-inglorion@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.227
scsi: scsi_devinfo: fixup string compare
usb: gadget: f_uac2: fix error handling in afunc_bind (again)
platform/x86: acer-wmi: setup accelerometer when ACPI device was found
esp6: fix memleak on error path in esp6_input
IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()'
ALSA: hda - No loopback on ALC299 codec
spi: dw: use "smp_mb()" to avoid sending spi data error
s390/ftrace: save traced function caller
ARC: Fix ICCM & DCCM runtime size checks
x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables
net: bmac: Fix read of MAC address from ROM
net/ethernet/freescale: rework quiesce/activate for ucc_geth
net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x
pppoe: only process PADT targeted at local interfaces
mmc: fix compilation of user API
slcan: Fix double-free on slcan_open() error path
slip: not call free_netdev before rtnl_unlock in slip_open
scsi: ufs: Release clock if DMA map fails
devinet: fix memleak in inetdev_init()
NFC: st21nfca: add missed kfree_skb() in an error path
vsock: fix timeout in vsock_accept()
l2tp: add sk_family checks to l2tp_validate_socket
l2tp: do not use inet_hash()/inet_unhash()
USB: serial: qcserial: add DW5816e QDL support
USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
USB: serial: option: add Telit LE910C1-EUX compositions
vt: keyboard: avoid signed integer overflow in k_ascii
staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
x86/cpu: Add a steppings field to struct x86_cpu_id
x86/cpu: Add 'table' argument to cpu_matches()
x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation
x86/speculation: Add SRBDS vulnerability and mitigation documentation
x86/speculation: Add Ivy Bridge to affected list
iio: vcnl4000: Fix i2c swapped word reading.
uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned
Linux 4.4.227
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib2e396e7c9444adb4cad958e3423afe3c4d5963d
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit 7e5b3c267d256822407a22fdce6afdf9cd13f9fb upstream
SRBDS is an MDS-like speculative side channel that can leak bits from the
random number generator (RNG) across cores and threads. New microcode
serializes the processor access during the execution of RDRAND and
RDSEED. This ensures that the shared buffer is overwritten before it is
released for reuse.
While it is present on all affected CPU models, the microcode mitigation
is not needed on models that enumerate ARCH_CAPABILITIES[MDS_NO] in the
cases where TSX is not supported or has been disabled with TSX_CTRL.
The mitigation is activated by default on affected processors and it
increases latency for RDRAND and RDSEED instructions. Among other
effects this will reduce throughput from /dev/urandom.
* Enable administrator to configure the mitigation off when desired using
either mitigations=off or srbds=off.
* Export vulnerability status via sysfs
* Rename file-scoped macros to apply for non-whitelist table initializations.
[ bp: Massage,
- s/VULNBL_INTEL_STEPPING/VULNBL_INTEL_STEPPINGS/g,
- do not read arch cap MSR a second time in tsx_fused_off() - just pass it in,
- flip check in cpu_set_bug_bits() to save an indentation level,
- reflow comments.
jpoimboe: s/Mitigated/Mitigation/ in user-visible strings
tglx: Dropped the fused off magic for now
]
Signed-off-by: Mark Gross <mgross@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Reviewed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit 93920f61c2ad7edb01e63323832585796af75fc9 upstream
To make cpu_matches() reusable for other matching tables, have it take a
pointer to a x86_cpu_id table as an argument.
[ bp: Flip arguments order. ]
Signed-off-by: Mark Gross <mgross@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit e9d7144597b10ff13ff2264c059f7d4a7fbc89ac upstream
Intel uses the same family/model for several CPUs. Sometimes the
stepping must be checked to tell them apart.
On x86 there can be at most 16 steppings. Add a steppings bitmask to
x86_cpu_id and a X86_MATCH_VENDOR_FAMILY_MODEL_STEPPING_FEATURE macro
and support for matching against family/model/stepping.
[ bp: Massage.
tglx: Lightweight variant for backporting ]
Signed-off-by: Mark Gross <mgross@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit b399151cb48db30ad1e0e93dd40d68c6d007b637 upstream.
x86_mask is a confusing name which is hard to associate with the
processor's stepping.
Additionally, correct an indent issue in lib/cpu.c.
[ Backport by Mark Gross to simplify the SRBDS backport ]
Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
[ Updated it to more recent kernels. ]
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: bp@alien8.de
Cc: tony.luck@intel.com
Link: http://lkml.kernel.org/r/1514771530-70829-1-git-send-email-qianyue.zj@alibaba-inc.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/kernel/common into lineage-17.1-caf-msm8998
This brings LA.UM.8.4.r1-05500-8x98.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
60fca75727065 Merge 4.4.226 into android-4.4-p
Conflicts:
drivers/base/firmware_class.c
drivers/gpu/drm/msm/msm_gem.c
drivers/mmc/host/sdhci.c
drivers/net/wireless/ath/ath10k/core.c
kernel/trace/blktrace.c
net/socket.c
sound/core/rawmidi.c
sound/usb/mixer.c
Change-Id: Ic8599e865656da72a9405c45f27091ec1ddc168c
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.224
USB: serial: qcserial: Add DW5816e support
Revert "net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS"
dp83640: reverse arguments to list_add_tail
net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
sch_sfq: validate silly quantum values
sch_choke: avoid potential panic in choke_reset()
Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"
enic: do not overwrite error code
ipv6: fix cleanup ordering for ip6_mr failure
binfmt_elf: move brk out of mmap when doing direct loader exec
x86/apm: Don't access __preempt_count with zeroed fs
Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0"
USB: uas: add quirk for LaCie 2Big Quadra
USB: serial: garmin_gps: add sanity checking for data length
batman-adv: fix batadv_nc_random_weight_tq
scripts/decodecode: fix trapping instruction formatting
phy: micrel: Ensure interrupts are reenabled on resume
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
ext4: add cond_resched() to ext4_protect_reserved_inode
net: ipv6: add net argument to ip6_dst_lookup_flow
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
blktrace: Fix potential deadlock between delete & sysfs ops
blktrace: fix unlocked access to init/start-stop/teardown
blktrace: fix trace mutex deadlock
blktrace: Protect q->blk_trace with RCU
blktrace: fix dereference after null check
ptp: do not explicitly set drvdata in ptp_clock_register()
ptp: use is_visible method to hide unused attributes
ptp: create "pins" together with the rest of attributes
chardev: add helper function to register char devs with a struct device
ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
ptp: fix the race between the release of ptp_clock and cdev
ptp: free ptp device pin descriptors properly
net: handle no dst on skb in icmp6_send
net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()'
net: moxa: Fix a potential double 'free_irq()'
drop_monitor: work around gcc-10 stringop-overflow warning
scsi: sg: add sg_remove_request in sg_write
spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
cifs: Check for timeout on Negotiate stage
cifs: Fix a race condition with cifs_echo_request
dmaengine: pch_dma.c: Avoid data race between probe and irq handler
dmaengine: mmp_tdma: Reset channel error on release
drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
net: openvswitch: fix csum updates for MPLS actions
gre: do not keep the GRE header around in collect medata mode
mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
scsi: qla2xxx: Avoid double completion of abort command
i40e: avoid NVM acquire deadlock during NVM update
net/mlx5: Fix driver load error flow when firmware is stuck
netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
IB/mlx4: Test return value of calls to ib_get_cached_pkey
pnp: Use list_for_each_entry() instead of open coding
gcc-10 warnings: fix low-hanging fruit
kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
Stop the ad-hoc games with -Wno-maybe-initialized
gcc-10: disable 'zero-length-bounds' warning for now
gcc-10: disable 'array-bounds' warning for now
gcc-10: disable 'stringop-overflow' warning for now
gcc-10: disable 'restrict' warning for now
block: defer timeouts to a workqueue
blk-mq: Allow timeouts to run while queue is freezing
blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
blk-mq: Allow blocking queue tag iter callbacks
x86/paravirt: Remove the unused irq_enable_sysexit pv op
gcc-10: avoid shadowing standard library 'free()' in crypto
net: fix a potential recursive NETDEV_FEAT_CHANGE
net: ipv4: really enforce backoff for redirects
netlabel: cope with NULL catmap
ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
ALSA: rawmidi: Initialize allocated buffers
USB: gadget: fix illegal array access in binding with UDC
ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
x86: Fix early boot crash on gcc-10, third try
exec: Move would_dump into flush_old_exec
usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()'
usb: gadget: audio: Fix a missing error return value in audio_bind()
usb: gadget: legacy: fix error return code in gncm_bind()
usb: gadget: legacy: fix error return code in cdc_bind()
Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
ARM: dts: r8a7740: Add missing extal2 to CPG node
KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
Makefile: disallow data races on gcc-10 as well
scsi: iscsi: Fix a potential deadlock in the timeout handler
Linux 4.4.224
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I384313d39dead8b0babb144803269033f4aacc53
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit a9a3ed1eff3601b63aea4fb462d8b3b92c7c1e7e upstream.
... or the odyssey of trying to disable the stack protector for the
function which generates the stack canary value.
The whole story started with Sergei reporting a boot crash with a kernel
built with gcc-10:
Kernel panic — not syncing: stack-protector: Kernel stack is corrupted in: start_secondary
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.6.0-rc5—00235—gfffb08b37df9 #139
Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./H77M—D3H, BIOS F12 11/14/2013
Call Trace:
dump_stack
panic
? start_secondary
__stack_chk_fail
start_secondary
secondary_startup_64
-—-[ end Kernel panic — not syncing: stack—protector: Kernel stack is corrupted in: start_secondary
This happens because gcc-10 tail-call optimizes the last function call
in start_secondary() - cpu_startup_entry() - and thus emits a stack
canary check which fails because the canary value changes after the
boot_init_stack_canary() call.
To fix that, the initial attempt was to mark the one function which
generates the stack canary with:
__attribute__((optimize("-fno-stack-protector"))) ... start_secondary(void *unused)
however, using the optimize attribute doesn't work cumulatively
as the attribute does not add to but rather replaces previously
supplied optimization options - roughly all -fxxx options.
The key one among them being -fno-omit-frame-pointer and thus leading to
not present frame pointer - frame pointer which the kernel needs.
The next attempt to prevent compilers from tail-call optimizing
the last function call cpu_startup_entry(), shy of carving out
start_secondary() into a separate compilation unit and building it with
-fno-stack-protector, was to add an empty asm("").
This current solution was short and sweet, and reportedly, is supported
by both compilers but we didn't get very far this time: future (LTO?)
optimization passes could potentially eliminate this, which leads us
to the third attempt: having an actual memory barrier there which the
compiler cannot ignore or move around etc.
That should hold for a long time, but hey we said that about the other
two solutions too so...
Reported-by: Sergei Trofimovich <slyfox@gentoo.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Tested-by: Kalle Valo <kvalo@codeaurora.org>
Cc: <stable@vger.kernel.org>
Link: https://lkml.kernel.org/r/20200314164451.346497-1-slyfox@gentoo.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit 88c15ec90ff16880efab92b519436ee17b198477 upstream.
As result of commit "x86/xen: Avoid fast syscall path for Xen PV
guests", the irq_enable_sysexit pv op is not called by Xen PV guests
anymore and since they were the only ones who used it we can
safely remove it.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Borislav Petkov <bp@suse.de>
Acked-by: Andy Lutomirski <luto@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: david.vrabel@citrix.com
Cc: konrad.wilk@oracle.com
Cc: virtualization@lists.linux-foundation.org
Cc: xen-devel@lists.xenproject.org
Link: http://lkml.kernel.org/r/1447970147-1733-3-git-send-email-boris.ostrovsky@oracle.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit 6f6060a5c9cc76fdbc22748264e6aa3779ec2427 upstream.
APM_DO_POP_SEGS does not restore fs/gs which were zeroed by
APM_DO_ZERO_SEGS. Trying to access __preempt_count with
zeroed fs doesn't really work.
Move the ibrs call outside the APM_DO_SAVE_SEGS/APM_DO_RESTORE_SEGS
invocations so that fs is actually restored before calling
preempt_enable().
Fixes the following sort of oopses:
[ 0.313581] general protection fault: 0000 [#1] PREEMPT SMP
[ 0.313803] Modules linked in:
[ 0.314040] CPU: 0 PID: 268 Comm: kapmd Not tainted 4.16.0-rc1-triton-bisect-00090-gdd84441a7971 #19
[ 0.316161] EIP: __apm_bios_call_simple+0xc8/0x170
[ 0.316161] EFLAGS: 00210016 CPU: 0
[ 0.316161] EAX: 00000102 EBX: 00000000 ECX: 00000102 EDX: 00000000
[ 0.316161] ESI: 0000530e EDI: dea95f64 EBP: dea95f18 ESP: dea95ef0
[ 0.316161] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
[ 0.316161] CR0: 80050033 CR2: 00000000 CR3: 015d3000 CR4: 000006d0
[ 0.316161] Call Trace:
[ 0.316161] ? cpumask_weight.constprop.15+0x20/0x20
[ 0.316161] on_cpu0+0x44/0x70
[ 0.316161] apm+0x54e/0x720
[ 0.316161] ? __switch_to_asm+0x26/0x40
[ 0.316161] ? __schedule+0x17d/0x590
[ 0.316161] kthread+0xc0/0xf0
[ 0.316161] ? proc_apm_show+0x150/0x150
[ 0.316161] ? kthread_create_worker_on_cpu+0x20/0x20
[ 0.316161] ret_from_fork+0x2e/0x38
[ 0.316161] Code: da 8e c2 8e e2 8e ea 57 55 2e ff 1d e0 bb 5d b1 0f 92 c3 5d 5f 07 1f 89 47 0c 90 8d b4 26 00 00 00 00 90 8d b4 26 00 00 00 00 90 <64> ff 0d 84 16 5c b1 74 7f 8b 45 dc 8e e0 8b 45 d8 8e e8 8b 45
[ 0.316161] EIP: __apm_bios_call_simple+0xc8/0x170 SS:ESP: 0068:dea95ef0
[ 0.316161] ---[ end trace 656253db2deaa12c ]---
Fixes: dd84441a7971 ("x86/speculation: Use IBRS if available before calling into firmware")
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: x86@kernel.org
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Link: https://lkml.kernel.org/r/20180709133534.5963-1-ville.syrjala@linux.intel.com
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.223
mwifiex: fix PCIe register information for 8997 chipset
drm/qxl: qxl_release use after free
drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
staging: rtl8192u: Fix crash due to pointers being "confusing"
usb: gadget: f_acm: Fix configfs attr name
usb: gadged: pch_udc: get rid of redundant assignments
usb: gadget: pch_udc: reorder spin_[un]lock to avoid deadlock
usb: gadget: udc: core: don't starve DMA resources
MIPS: Fix macro typo
MIPS: ptrace: Drop cp0_tcstatus from regoffset_table[]
MIPS: BMIPS: Fix PRID_IMP_BMIPS5000 masking for BMIPS5200
MIPS: smp-cps: Stop printing EJTAG exceptions to UART
MIPS: scall: Handle seccomp filters which redirect syscalls
MIPS: BMIPS: BMIPS5000 has I cache filing from D cache
MIPS: BMIPS: Clear MIPS_CACHE_ALIASES earlier
MIPS: BMIPS: local_r4k___flush_cache_all needs to blast S-cache
MIPS: BMIPS: Pretty print BMIPS5200 processor name
MIPS: Fix HTW config on XPA kernel without LPA enabled
MIPS: BMIPS: Adjust mips-hpt-frequency for BCM7435
MIPS: math-emu: Fix BC1{EQ,NE}Z emulation
MIPS: Fix BC1{EQ,NE}Z return offset calculation
MIPS: perf: Fix I6400 event numbers
MIPS: KVM: Fix translation of MFC0 ErrCtl
MIPS: SMP: Update cpu_foreign_map on CPU disable
MIPS: c-r4k: Fix protected_writeback_scache_line for EVA
MIPS: Octeon: Off by one in octeon_irq_gpio_map()
bpf, mips: fix off-by-one in ctx offset allocation
MIPS: RM7000: Double locking bug in rm7k_tc_disable()
MIPS: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
mips/panic: replace smp_send_stop() with kdump friendly version in panic path
ARM: dts: armadillo800eva Correct extal1 frequency to 24 MHz
ARM: imx: select SRC for i.MX7
ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wxl/wsxl
ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wvl/vl
ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wxl/wsxl
ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wvl/vl
ARM: dts: orion5x: gpio pin fixes for linkstation lswtgl
ARM: dts: orion5x: fix the missing mtd flash on linkstation lswtgl
ARM: dts: kirkwood: use unique machine name for ds112
ARM: dts: kirkwood: add kirkwood-ds112.dtb to Makefile
ARM: OMAP2+: hwmod: fix _idle() hwmod state sanity check sequence
perf/x86: Fix filter_events() bug with event mappings
x86/LDT: Print the real LDT base address
x86/apic/uv: Silence a shift wrapping warning
ALSA: fm801: explicitly free IRQ line
ALSA: fm801: propagate TUNER_ONLY bit when autodetected
ALSA: fm801: detect FM-only card earlier
netfilter: nfnetlink: use original skbuff when acking batches
xfrm: fix crash in XFRM_MSG_GETSA netlink handler
mwifiex: fix IBSS data path issue.
mwifiex: add missing check for PCIe8997 chipset
iwlwifi: set max firmware version of 7265 to 17
Bluetooth: btmrvl: fix hung task warning dump
dccp: limit sk_filter trim to payload
net/mlx4_core: Do not BUG_ON during reset when PCI is offline
mlxsw: pci: Correctly determine if descriptor queue is full
PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive()
net/mlx4_core: Implement pci_resume callback
alpha/PCI: Call iomem_is_exclusive() for IORESOURCE_MEM, but not IORESOURCE_IO
vfio/pci: Allow VPD short read
brcmfmac: add eth_type_trans back for PCIe full dongle
mlxsw: Treat local port 64 as valid
IB/mlx4: Initialize hop_limit when creating address handle
ovs/gre,geneve: fix error path when creating an iface
GRE: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU
powerpc/pci/of: Parse unassigned resources
firmware: actually return NULL on failed request_firmware_nowait()
c8sectpfe: Rework firmware loading mechanism
net/mlx5: Avoid passing dma address 0 to firmware
IB/mlx5: Fix RC transport send queue overhead computation
net/mlx5: Make command timeout way shorter
IB/mlx5: Fix FW version diaplay in sysfs
net/mlx5e: Fix MLX5E_100BASE_T define
net/mlx5: Fix the size of modify QP mailbox
net/mlx5: Fix masking of reserved bits in XRCD number
net/mlx5e: Fix blue flame quota logic
net/mlx5: use mlx5_buf_alloc_node instead of mlx5_buf_alloc in mlx5_wq_ll_create
net/mlx5: Avoid calling sleeping function by the health poll thread
net/mlx5: Fix wait_vital for VFs and remove fixed sleep
net/mlx5: Fix potential deadlock in command mode change
net/mlx5: Add timeout handle to commands with callback
net/mlx5: Fix pci error recovery flow
net/mlx5e: Copy all L2 headers into inline segment
net_sched: keep backlog updated with qlen
sch_drr: update backlog as well
sch_hfsc: always keep backlog updated
sch_prio: update backlog as well
sch_qfq: keep backlog updated with qlen
sch_sfb: keep backlog updated with qlen
sch_tbf: update backlog as well
btrfs: cleaner_kthread() doesn't need explicit freeze
irda: Free skb on irda_accept error path.
phy: fix device reference leaks
bonding: prevent out of bound accesses
mtd: nand: fix ONFI parameter page layout
ath10k: free cached fw bin contents when get board id fails
xprtrdma: checking for NULL instead of IS_ERR()
xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock)
xprtrdma: xprt_rdma_free() must not release backchannel reqs
xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len
RDMA/cxgb3: device driver frees DMA memory with different size
mlxsw: spectrum: Don't forward packets when STP state is DISABLED
mlxsw: spectrum: Disable learning according to STP state
mlxsw: spectrum: Don't count internal TX header bytes to stats
mlxsw: spectrum: Indicate support for autonegotiation
mlxsw: spectrum: Fix misuse of hard_header_len
net: tcp_memcontrol: properly detect ancestor socket pressure
tcp: do not set rtt_min to 1
RDS:TCP: Synchronize rds_tcp_accept_one with rds_send_xmit when resetting t_sock
net: ipv6: tcp reset, icmp need to consider L3 domain
batman-adv: Fix lockdep annotation of batadv_tlv_container_remove
batman-adv: replace WARN with rate limited output on non-existing VLAN
tty: serial: msm: Support more bauds
serial: samsung: Fix possible out of bounds access on non-DT platform
Drivers: hv: utils: use memdup_user in hvt_op_write
isa: Call isa_bus_init before dependent ISA bus drivers register
Btrfs: clean up an error code in btrfs_init_space_info()
Input: gpio-keys - fix check for disabling unsupported keys
Input: edt-ft5x06 - fix setting gain, offset, and threshold via device tree
net/xfrm_input: fix possible NULL deref of tunnel.ip6->parms.i_key
xfrm_user: propagate sec ctx allocation errors
xfrm: Fix memory leak of aead algorithm name
mac80211: fix mgmt-tx abort cookie and leak
mac80211: TDLS: always downgrade invalid chandefs
mac80211: TDLS: change BW calculation for WIDER_BW peers
mac80211: Fix BW upgrade for TDLS peers
NFS: Fix an LOCK/OPEN race when unlinking an open file
net: get rid of an signed integer overflow in ip_idents_reserve()
mtd: nand: denali: add missing nand_release() call in denali_remove()
ASoC: Intel: pass correct parameter in sst_alloc_stream_mrfld()
ASoC: tegra_alc5632: check return value
ASoC: fsl_ssi: mark SACNT register volatile
Revert "ACPI / LPSS: allow to use specific PM domain during ->probe()"
mmc: sdhci: restore behavior when setting VDD via external regulator
mmc: sd: limit SD card power limit according to cards capabilities
mmc: debugfs: correct wrong voltage value
mmc: block: return error on failed mmc_blk_get()
clk: rockchip: Revert "clk: rockchip: reset init state before mmc card initialization"
mmc: dw_mmc: rockchip: Set the drive phase properly
mmc: moxart: fix wait_for_completion_interruptible_timeout return variable type
mmc: sdhci: Fix regression setting power on Trats2 board
perf tools: Fix perf regs mask generation
powerpc/tm: Fix stack pointer corruption in __tm_recheckpoint()
powerpc/book3s: Fix MCE console messages for unrecoverable MCE.
sctp: fix the transports round robin issue when init is retransmitted
sunrpc: Update RPCBIND_MAXNETIDLEN
NFC: nci: memory leak in nci_core_conn_create()
net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS
net: phy: Fix phy_mac_interrupt()
net: phy: bcm7xxx: Fix shadow mode 2 disabling
of_mdio: fix node leak in of_phy_register_fixed_link error path
phy: micrel: Fix finding PHY properties in MAC node for KSZ9031.
net: dsa: slave: fix of-node leak and phy priority
drivers: net: cpsw: don't ignore phy-mode if phy-handle is used
iommu/dma: Respect IOMMU aperture when allocating
mdio-sun4i: oops in error handling in probe
iio:ad7797: Use correct attribute_group
selftests/ipc: Fix test failure seen after initial test run
wimax/i2400m: Fix potential urb refcnt leak
cifs: protect updating server->dstaddr with a spinlock
scripts/config: allow colons in option strings for sed
lib/mpi: Fix building for powerpc with clang
net: bcmgenet: suppress warnings on failed Rx SKB allocations
net: systemport: suppress warnings on failed Rx SKB allocations
rc: allow rc modules to be loaded if rc-main is not a module
lirc_imon: do not leave imon_probe() with mutex held
am437x-vpfe: fix an uninitialized variable bug
cx23885: uninitialized variable in cx23885_av_work_handler()
ath9k_htc: check for underflow in ath9k_htc_rx_msg()
VFIO: platform: reset: fix a warning message condition
net: moxa: fix an error code
mfd: lp8788-irq: Uninitialized variable in irq handler
ethernet: micrel: fix some error codes
power: ipaq-micro-battery: freeing the wrong variable
i40e: fix an uninitialized variable bug
qede: uninitialized variable in qede_start_xmit()
qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template()
qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()
target: Fix a memory leak in target_dev_lba_map_store()
memory/tegra: Add number of TLB lines for Tegra124
pinctrl: bcm2835: Fix memory leak in error path
be2net: Don't leak iomapped memory on removal.
ipv4: Fix memory leak in exception case for splitting tries
flow_dissector: Check for IP fragmentation even if not using IPv4 address
ipv4: fix checksum annotation in udp4_csum_init
ipv4: do not abuse GFP_ATOMIC in inet_netconf_notify_devconf()
ipv4: accept u8 in IP_TOS ancillary data
net: vrf: Fix dev refcnt leak due to IPv6 prefix route
ipv6: fix checksum annotation in udp6_csum_init
ipv6: do not abuse GFP_ATOMIC in inet6_netconf_notify_devconf()
ipv6: add missing netconf notif when 'all' is updated
net: ipv6: Fix processing of RAs in presence of VRF
netfilter: nf_tables: fix a wrong check to skip the inactive rules
netfilter: nft_dynset: fix panic if NFT_SET_HASH is not enabled
netfilter: nf_tables: destroy the set if fail to add transaction
netfilter: nft_dup: do not use sreg_dev if the user doesn't specify it
udp: restore UDPlite many-cast delivery
clk: st: avoid uninitialized variable use
clk: gpio: handle error codes for of_clk_get_parent_count()
clk: ti: omap3+: dpll: use non-locking version of clk_get_rate
clk: multiplier: Prevent the multiplier from under / over flowing
clk: imx: clk-pllv3: fix incorrect handle of enet powerdown bit
clk: xgene: Don't call __pa on ioremaped address
cls_bpf: reset class and reuse major in da
arm64: bpf: jit JMP_JSET_{X,K}
bpf, trace: check event type in bpf_perf_event_read
bpf: fix map not being uncharged during map creation failure
net/mlx4_core: Fix potential corruption in counters database
net/mlx4_core: Fix access to uninitialized index
net/mlx4_en: Fix the return value of a failure in VLAN VID add/kill
net/mlx4_core: Check device state before unregistering it
net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec
net/mlx4_en: Process all completions in RX rings after port goes up
net/mlx4_core: Do not access comm channel if it has not yet been initialized
net/mlx4_en: Fix potential deadlock in port statistics flow
net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to device managed flow steering
net/mlx4_core: Fix QUERY FUNC CAP flags
mlxsw: switchx2: Fix misuse of hard_header_len
mlxsw: switchx2: Fix ethernet port initialization
sched/fair: Fix calc_cfs_shares() fixed point arithmetics width confusion
net_sched: flower: Avoid dissection of unmasked keys
pkt_sched: fq: use proper locking in fq_dump_stats()
sched/preempt: Fix preempt_count manipulations
power: bq27xxx: fix reading for bq27000 and bq27010
power: bq27xxx: fix register numbers of bq27500
power: test_power: correctly handle empty writes
power: bq27xxx_battery: Fix bq27541 AveragePower register address
power_supply: tps65217-charger: Fix NULL deref during property export
net: vrf: Fix dst reference counting
net: Don't delete routes in different VRFs
vti6: fix input path
ipv4: Fix table id reference in fib_sync_down_addr
mlx4: do not call napi_schedule() without care
xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
ALSA: fm801: Initialize chip after IRQ handler is registered
bonding: fix length of actor system
MIPS: perf: Remove incorrect odd/even counter handling for I6400
Revert "cpufreq: Drop rwsem lock around CPUFREQ_GOV_POLICY_EXIT"
net: dsa: mv88e6xxx: unlock DSA and CPU ports
gfs2: fix flock panic issue
blk-mq: fix undefined behaviour in order_to_size()
dm: fix second blk_delay_queue() parameter to be in msec units not jiffies
dmaengine: edma: Add probe callback to edma_tptc_driver
openvswitch: update checksum in {push,pop}_mpls
cxgb4/cxgb4vf: Fixes regression in perf when tx vlan offload is disabled
net: bcmgenet: fix skb_len in bcmgenet_xmit_single()
net: bcmgenet: device stats are unsigned long
ovs/gre: fix rtnl notifications on iface deletion
gre: do not assign header_ops in collect metadata mode
gre: build header correctly for collect metadata tunnels
gre: reject GUE and FOU in collect metadata mode
sfc: fix potential stack corruption from running past stat bitmask
sfc: clear napi_hash state when copying channels
net: bcmsysport: Device stats are unsigned long
cxgbi: fix uninitialized flowi6
net: macb: add missing free_netdev() on error in macb_probe()
macvtap: segmented packet is consumed
tipc: fix the error handling in tipc_udp_enable()
net: icmp6_send should use dst dev to determine L3 domain
et131x: Fix logical vs bitwise check in et131x_tx_timeout()
net: ethernet: stmmac: dwmac-sti: fix probe error path
rtnl: reset calcit fptr in rtnl_unregister()
net: ethernet: stmmac: dwmac-rk: fix probe error path
fq_codel: return non zero qlen in class dumps
net: ethernet: stmmac: dwmac-generic: fix probe error path
ovs/geneve: fix rtnl notifications on iface deletion
bnxt: add a missing rcu synchronization
qdisc: fix a module refcount leak in qdisc_create_dflt()
net: axienet: Fix return value check in axienet_probe()
bnxt_en: Remove locking around txr->dev_state
net: ethernet: davinci_emac: Fix devioctl while in fixed link
net: ethernet: mvneta: Remove IFF_UNICAST_FLT which is not implemented
net: ethernet: ti: cpsw: fix device and of_node leaks
net: ethernet: ti: cpsw: fix secondary-emac probe error path
net: hns: fix device reference leaks
net: bridge: don't increment tx_dropped in br_do_proxy_arp
net: dsa: mv88e6xxx: enable SA learning on DSA ports
net: ehea: avoid null pointer dereference
l2tp: fix use-after-free during module unload
hwrng: exynos - Disable runtime PM on driver unbind
net: icmp_route_lookup should use rt dev to determine L3 domain
net: mvneta: fix trivial cut-off issue in mvneta_ethtool_update_stats
net: macb: replace macb_writel() call by queue_writel() to update queue ISR
ravb: Add missing free_irq() call to ravb_close()
mvpp2: use correct size for memset
net: vxlan: lwt: Fix vxlan local traffic.
net: ethoc: Fix early error paths
ovs/vxlan: fix rtnl notifications on iface deletion
net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets.
regulator: core: Rely on regulator_dev_release to free constraints
net: dsa: mv88e6xxx: fix port VLAN maps
at803x: fix reset handling
cxl: Fix DAR check & use REGION_ID instead of opencoding
net: ethernet: davinci_emac: Fix platform_data overwrite
ata: sata_dwc_460ex: remove incorrect locking
pinctrl: tegra: Correctly check the supported configuration
brcmfmac: add fallback for devices that do not report per-chain values
brcmfmac: restore stopping netdev queue when bus clogs up
bridge: Fix problems around fdb entries pointing to the bridge device
bna: add missing per queue ethtool stat
net: skbuff: Remove errornous length validation in skb_vlan_pop()
net: ep93xx_eth: Do not crash unloading module
macvlan: Fix potential use-after free for broadcasts
sctp: Fix SHUTDOWN CTSN Ack in the peer restart case
ALSA: hda: Match both PCI ID and SSID for driver blacklist
mac80211: add ieee80211_is_any_nullfunc()
Linux 4.4.223
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie7caca39501fe5e82b947964cc474ed1c786d756
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit c4597fd756836a5fb7900f2091797ab564390ad0 upstream.
'm_io' is stored in 6 bits so it's a number in the 0-63 range. Static
analysis tools complain that 1 << 63 will wrap so I have changed it to
1ULL << m_io.
This code is over three years old so presumably the bug doesn't happen
very frequently in real life or someone would have complained by now.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Alex Thorlton <athorlton@sgi.com>
Cc: Dimitri Sivanich <sivanich@sgi.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Travis <travis@sgi.com>
Cc: Nathan Zimmer <nzimmer@sgi.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: kernel-janitors@vger.kernel.org
Fixes: b15cc4a12bed ("x86, uv, uv3: Update x2apic Support for SGI UV3")
Link: http://lkml.kernel.org/r/20161123221908.GA23997@mwanda
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit 0d430e3fb3f7cdc13c0d22078b820f682821b45a upstream.
This was meant to print base address and entry count; make it do so
again.
Fixes: 37868fe113ff "x86/ldt: Make modify_ldt synchronous"
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andy Lutomirski <luto@kernel.org>
Link: http://lkml.kernel.org/r/56797D8402000078000C24F0@prv-mh.provo.novell.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit 61b87cae6361ea6af161c1ffa549898892707b19 upstream.
This patch fixes a bug in the filter_events() function.
The patch fixes the bug whereby if some mappings did not
exist, e.g., STALLED_CYCLES_FRONTEND, then any event after it
in the attrs array would disappear from the published list of
events in /sys/devices/cpu/events. This could be verified
easily on any system post SNB (which do not publish
STALLED_CYCLES_FRONTEND):
$ ./perf stat -e cycles,ref-cycles true
Performance counter stats for 'true':
1,217,348 cycles
<not supported> ref-cycles
The problem is that in filter_events() there is an assumption
that the argument (attrs) is organized in increasing continuous
event indexes related to the event_map(). But if we remove the
non-supported events by shifing the position in the array, then
the lookup x86_pmu.event_map() needs to compensate for it, otherwise
we are looking up the wrong index. This patch corrects this problem
by compensating for the deleted events and with that ref-cycles
reappears (here shown on Haswell):
$ perf stat -e ref-cycles,cycles true
Performance counter stats for 'true':
4,525,910 ref-cycles
1,064,920 cycles
0.002943888 seconds time elapsed
Signed-off-by: Stephane Eranian <eranian@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: jolsa@kernel.org
Cc: kan.liang@intel.com
Fixes: 8300daa26755 ("perf/x86: Filter out undefined events from sysfs events attribute")
Link: http://lkml.kernel.org/r/1449516805-6637-1-git-send-email-eranian@google.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/kernel/common into lineage-17.1-caf-msm8998
This brings LA.UM.8.4.r1-05400-8x98.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
96b09cba55905 UPSTREAM: net: socket: set sock->sk to NULL after calling proto_ops::release()
Conflicts:
drivers/scsi/ufs/ufshcd.c
drivers/usb/gadget/composite.c
drivers/usb/gadget/function/f_fs.c
Change-Id: I3e79c0d20e3eb3246a50c9a1e815cdf030a4232e
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.222
ext4: fix special inode number checks in __ext4_iget()
drm/qxl: qxl_release leak in qxl_hw_surface_alloc()
ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
PM: ACPI: Output correct message on target power state
RDMA/mlx4: Initialize ib_spec on the stack
vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
ALSA: opti9xx: shut up gcc-10 range warning
nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl
dmaengine: dmatest: Fix iteration non-stop logic
i2c: designware-pci: use IRQF_COND_SUSPEND flag
perf hists: Fix HISTC_MEM_DCACHELINE width setting
powerpc/perf: Remove PPMU_HAS_SSLOT flag for Power8
perf/x86: Fix uninitialized value usage
exynos4-is: fix a format string bug
ASoC: wm8960: Fix WM8960_SYSCLK_PLL mode
ASoC: imx-spdif: Fix crash on suspend
ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
selinux: properly handle multiple messages in selinux_netlink_send()
Linux 4.4.222
Change-Id: I510144039d424ae2e57ae23c188f2ed4d020ed11
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit e01d8718de4170373cd7fbf5cf6f9cb61cebb1e9 upstream.
When calling intel_alt_er() with .idx != EXTRA_REG_RSP_* we will not
initialize alt_idx and then use this uninitialized value to index an
array.
When that is not fatal, it can result in an infinite loop in its
caller __intel_shared_reg_get_constraints(), with IRQs disabled.
Alternative error modes are random memory corruption due to the
cpuc->shared_regs->regs[] array overrun, which manifest in either
get_constraints or put_constraints doing weird stuff.
Only took 6 hours of painful debugging to find this. Neither GCC nor
Smatch warnings flagged this bug.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Kan Liang <kan.liang@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Fixes: ae3f011fc251 ("perf/x86/intel: Fix SLM MSR_OFFCORE_RSP1 valid_mask")
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.220
bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
net: vxge: fix wrong __VA_ARGS__ usage
qlcnic: Fix bad kzalloc null test
i2c: st: fix missing struct parameter description
irqchip/versatile-fpga: Handle chained IRQs properly
selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault
libata: Remove extra scsi_host_put() in ata_scsi_add_hosts()
gfs2: Don't demote a glock until its revokes are written
x86/boot: Use unsigned comparison for addresses
locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps()
btrfs: remove a BUG_ON() from merge_reloc_roots()
btrfs: track reloc roots based on their commit root bytenr
misc: rtsx: set correct pcr_ops for rts522A
ASoC: fix regwmask
ASoC: dapm: connect virtual mux with default value
ASoC: dpcm: allow start or stop during pause for backend
ASoC: topology: use name_prefix for new kcontrol
usb: gadget: f_fs: Fix use after free issue as part of queue failure
usb: gadget: composite: Inform controller driver of self-powered
ALSA: usb-audio: Add mixer workaround for TRX40 and co
ALSA: hda: Add driver blacklist
ALSA: hda: Fix potential access overflow in beep helper
ALSA: ice1724: Fix invalid access for enumerated ctl items
ALSA: pcm: oss: Fix regression by buffer overflow fix
acpi/x86: ignore unspecified bit positions in the ACPI global lock field
thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n
KEYS: reaching the keys quotas correctly
irqchip/versatile-fpga: Apply clear-mask earlier
MIPS: OCTEON: irq: Fix potential NULL pointer dereference
ath9k: Handle txpower changes even when TPC is disabled
signal: Extend exec_id to 64bits
x86/entry/32: Add missing ASM_CLAC to general_protection entry
KVM: x86: Allocate new rmap and large page tracking when moving memslot
crypto: mxs-dcp - fix scatterlist linearization for hash
futex: futex_wake_op, do not fail on invalid op
xen-netfront: Rework the fix for Rx stall during OOM and network stress
ALSA: hda: Initialize power_state field properly
Btrfs: incremental send, fix invalid memory access
IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush
scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point
arm64: armv8_deprecated: Fix undef_hook mask for thumb setend
ext4: fix a data race at inode->i_blocks
ocfs2: no need try to truncate file beyond i_size
s390/diag: fix display of diagnose call statistics
Input: i8042 - add Acer Aspire 5738z to nomux list
kmod: make request_module() return an error when autoloading is disabled
hfsplus: fix crash and filesystem corruption when deleting files
libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set
powerpc/64/tm: Don't let userspace set regs->trap via sigreturn
Btrfs: fix crash during unmount due to race with delayed inode workers
drm/dp_mst: Fix clearing payload state on topology disable
ipmi: fix hung processes in __get_guid()
powerpc/fsl_booke: Avoid creating duplicate tlb1 entry
misc: echo: Remove unnecessary parentheses and simplify check for zero
mfd: dln2: Fix sanity checking for endpoints
net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
net: ipv6: do not consider routes via gateways for anycast address check
scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic
jbd2: improve comments about freeing data buffers whose page mapping is NULL
ext4: fix incorrect group count in ext4_fill_super error message
ext4: fix incorrect inodes per group in error message
ASoC: Intel: mrfld: fix incorrect check on p->sink
ASoC: Intel: mrfld: return error codes when an error occurs
ALSA: usb-audio: Don't override ignore_ctl_error value from the map
mac80211_hwsim: Use kstrndup() in place of kasprintf()
ext4: do not zeroout extents beyond i_disksize
dm flakey: check for null arg_name in parse_features()
kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD
x86/mitigations: Clear CPU buffers on the SYSCALL fast path
tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation
scsi: sg: add sg_remove_request in sg_common_write
ALSA: hda: Don't release card at firmware loading error
video: fbdev: sis: Remove unnecessary parentheses and commented code
drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
wil6210: increase firmware ready timeout
wil6210: fix temperature debugfs
scsi: ufs: ufs-qcom: remove broken hci version quirk
wil6210: rate limit wil_rx_refill error
rtc: pm8xxx: Fix issue in RTC write path
soc: qcom: smem: Use le32_to_cpu for comparison
of: fix missing kobject init for !SYSFS && OF_DYNAMIC config
of: unittest: kmemleak in of_unittest_platform_populate()
clk: at91: usb: continue if clk_hw_round_rate() return zero
clk: tegra: Fix Tegra PMC clock out parents
NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
ext4: do not commit super on read-only bdev
percpu_counter: fix a data race at vm_committed_as
compiler.h: fix error in BUILD_BUG_ON() reporting
NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
ext2: fix empty body warnings when -Wextra is used
iommu/amd: Fix the configuration of GCR3 table root pointer
fbdev: potential information leak in do_fb_ioctl()
tty: evh_bytechan: Fix out of bounds accesses
locktorture: Print ratio of acquisitions, not failures
mtd: lpddr: Fix a double free in probe()
mtd: phram: fix a double free issue in error path
x86/CPU: Add native CPUID variants returning a single datum
x86/microcode/intel: replace sync_core() with native_cpuid_reg(eax)
x86/vdso: Fix lsl operand order
Linux 4.4.220
Change-Id: Ic931642c95ad95eb2755c3c20f6802e04283e68b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The fast SYSCALL exit path returns with SYSRET to userspace after
verifying that there's no pending work. MDS mitigation mandates that CPU
buffers must be cleared on transition from kernel to userspace so do
that here too.
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit ecb9c790999fd6c5af0f44783bd0217f0b89ec2b upstream.
The value in "new" is constructed from "old" such that all bits defined
as reserved by the ACPI spec[1] are left untouched. But if those bits
do not happen to be all zero, "new < 3" will not evaluate to true.
The firmware of the laptop(s) Medion MD63490 / Akoya P15648 comes with
garbage inside the "FACS" ACPI table. The starting value is
old=0x4944454d, therefore new=0x4944454e, which is >= 3. Mask off
the reserved bits.
[1] https://uefi.org/sites/default/files/resources/ACPI_6_2.pdf
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206553
Cc: All applicable <stable@vger.kernel.org>
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/kernel/common into lineage-17.1-caf-msm8998
This brings LA.UM.8.4.r1-05300-8x98.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
f9991115f0793 Merge 4.4.219 into android-4.4-p
Conflicts:
drivers/clk/qcom/clk-rcg2.c
drivers/scsi/sd.c
drivers/usb/gadget/function/f_fs.c
drivers/usb/gadget/function/u_serial.c
Change-Id: Ifed3db0ddda828c1697e57e9f73c1b73354bebf7
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.217
NFS: Remove superfluous kmap in nfs_readdir_xdr_to_array
r8152: check disconnect status after long sleep
net: nfc: fix bounds checking bugs on "pipe"
bnxt_en: reinitialize IRQs when MTU is modified
fib: add missing attribute validation for tun_id
nl802154: add missing attribute validation
nl802154: add missing attribute validation for dev_type
team: add missing attribute validation for port ifindex
team: add missing attribute validation for array index
nfc: add missing attribute validation for SE API
nfc: add missing attribute validation for vendor subcommand
ipvlan: add cond_resched_rcu() while processing muticast backlog
ipvlan: do not add hardware address of master to its unicast filter list
ipvlan: egress mcast packets are not exceptional
ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
ipvlan: don't deref eth hdr before checking it's set
macvlan: add cond_resched() during multicast processing
net: fec: validate the new settings in fec_enet_set_coalesce()
slip: make slhc_compress() more robust against malicious packets
bonding/alb: make sure arp header is pulled before accessing it
net: fq: add missing attribute validation for orphan mask
iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint
drm/amd/display: remove duplicated assignment to grph_obj_type
gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
KVM: x86: clear stale x86_emulate_ctxt->intercept value
ARC: define __ALIGN_STR and __ALIGN symbols for ARC
efi: Fix a race and a buffer overflow while reading efivars via sysfs
iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
nl80211: add missing attribute validation for critical protocol indication
nl80211: add missing attribute validation for channel switch
netfilter: cthelper: add missing attribute validation for cthelper
iommu/vt-d: Fix the wrong printing in RHSA parsing
iommu/vt-d: Ignore devices with out-of-spec domain number
mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()
ipv6: restrict IPV6_ADDRFORM operation
efi: Add a sanity check to efivar_store_raw()
batman-adv: Fix invalid read while copying bat_iv.bcast_own
batman-adv: Only put gw_node list reference when removed
batman-adv: Only put orig_node_vlan list reference when removed
batman-adv: Avoid endless loop in bat-on-bat netdevice check
batman-adv: Fix unexpected free of bcast_own on add_if error
batman-adv: Fix integer overflow in batadv_iv_ogm_calc_tq
batman-adv: init neigh node last seen field
batman-adv: Deactivate TO_BE_ACTIVATED hardif on shutdown
batman-adv: Drop reference to netdevice on last reference
batman-adv: Fix reference counting of vlan object for tt_local_entry
batman-adv: Avoid duplicate neigh_node additions
batman-adv: fix skb deref after free
batman-adv: Fix use-after-free/double-free of tt_req_node
batman-adv: Fix ICMP RR ethernet access after skb_linearize
batman-adv: Clean up untagged vlan when destroying via rtnl-link
batman-adv: Avoid nullptr dereference in bla after vlan_insert_tag
batman-adv: Avoid nullptr dereference in dat after vlan_insert_tag
batman-adv: Fix orig_node_vlan leak on orig_node_release
batman-adv: lock crc access in bridge loop avoidance
batman-adv: Fix non-atomic bla_claim::backbone_gw access
batman-adv: Fix reference leak in batadv_find_router
batman-adv: Free last_bonding_candidate on release of orig_node
batman-adv: Fix speedy join in gateway client mode
batman-adv: Add missing refcnt for last_candidate
batman-adv: Fix double free during fragment merge error
batman-adv: Fix transmission of final, 16th fragment
batman-adv: Fix rx packet/bytes stats on local ARP reply
batman-adv: fix TT sync flag inconsistencies
batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq
batman-adv: Fix internal interface indices types
batman-adv: update data pointers after skb_cow()
batman-adv: Fix skbuff rcsum on packet reroute
batman-adv: Avoid race in TT TVLV allocator helper
batman-adv: Fix TT sync flags for intermediate TT responses
batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs
batman-adv: Fix debugfs path for renamed hardif
batman-adv: Fix debugfs path for renamed softif
batman-adv: Avoid storing non-TT-sync flags on singular entries too
batman-adv: Prevent duplicated gateway_node entry
batman-adv: Prevent duplicated nc_node entry
batman-adv: Prevent duplicated global TT entry
batman-adv: Prevent duplicated tvlv handler
batman-adv: Reduce claim hash refcnt only for removed entry
batman-adv: Reduce tt_local hash refcnt only for removed entry
batman-adv: Reduce tt_global hash refcnt only for removed entry
batman-adv: Only read OGM tvlv_len after buffer len check
batman-adv: Avoid free/alloc race when handling OGM buffer
batman-adv: Don't schedule OGM for disabled interface
perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag
net: ks8851-ml: Fix IRQ handling and locking
signal: avoid double atomic counter increments for user accounting
jbd2: fix data races at struct journal_head
ARM: 8957/1: VDSO: Match ARMv8 timer in cntvct_functional()
ARM: 8958/1: rename missed uaccess .fixup section
mm: slub: add missing TID bump in kmem_cache_alloc_bulk()
ipv4: ensure rcu_read_lock() in cipso_v4_error()
Linux 4.4.217
Change-Id: Ic8c9ec91c66a9a0bb0b6291ad0a5101d18889a67
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit f967140dfb7442e2db0868b03b961f9c59418a1b ]
Enable the sampling check in kernel/events/core.c::perf_event_open(),
which returns the more appropriate -EOPNOTSUPP.
BEFORE:
$ sudo perf record -a -e instructions,l3_request_g1.caching_l3_cache_accesses true
Error:
The sys_perf_event_open() syscall returned with 22 (Invalid argument) for event (l3_request_g1.caching_l3_cache_accesses).
/bin/dmesg | grep -i perf may provide additional information.
With nothing relevant in dmesg.
AFTER:
$ sudo perf record -a -e instructions,l3_request_g1.caching_l3_cache_accesses true
Error:
l3_request_g1.caching_l3_cache_accesses: PMU Hardware doesn't support sampling/overflow-interrupts. Try 'perf stat'
Fixes: c43ca5091a37 ("perf/x86/amd: Add support for AMD NB and L2I "uncore" counters")
Signed-off-by: Kim Phillips <kim.phillips@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20200311191323.13124-1-kim.phillips@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/kernel/common into lineage-17.1-caf-msm8998
This brings LA.UM.8.4.r1-05200-8x98.0 up to date with
https://android.googlesource.com/kernel/common/ android-4.4-p at commit:
4db1ebdd40ec0 FROMLIST: HID: nintendo: add nintendo switch controller driver
Conflicts:
arch/arm64/boot/Makefile
arch/arm64/kernel/psci.c
arch/x86/configs/x86_64_cuttlefish_defconfig
drivers/md/dm.c
drivers/of/Kconfig
drivers/thermal/thermal_core.c
fs/proc/meminfo.c
kernel/locking/spinlock_debug.c
kernel/time/hrtimer.c
net/wireless/util.c
Change-Id: I5b5163497b7c6ab8487ffbb2d036e4cda01ed670
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.215
x86/vdso: Use RDPID in preference to LSL when available
KVM: x86: emulate RDPID
ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs
ecryptfs: fix a memory leak bug in parse_tag_1_packet()
ecryptfs: fix a memory leak bug in ecryptfs_init_messaging()
ALSA: usb-audio: Apply sample rate quirk for Audioengine D1
ubifs: Fix deadlock in concurrent bulk-read and writepage
ext4: fix checksum errors with indexed dirs
Btrfs: fix race between using extent maps and merging them
btrfs: log message when rw remount is attempted with unclean tree-log
padata: Remove broken queue flushing
s390/time: Fix clk type in get_tod_clock
hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions.
jbd2: move the clearing of b_modified flag to the journal_unmap_buffer()
jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer
btrfs: print message when tree-log replay starts
scsi: qla2xxx: fix a potential NULL pointer dereference
Revert "KVM: VMX: Add non-canonical check on writes to RTIT address MSRs"
drm/gma500: Fixup fbdev stolen size usage evaluation
brcmfmac: Fix use after free in brcmf_sdio_readframes()
gianfar: Fix TX timestamping with a stacked DSA driver
pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs
media: i2c: mt9v032: fix enum mbus codes and frame sizes
media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run()
efi/x86: Map the entire EFI vendor string before copying it
MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init()
uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()
usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe()
nfs: NFS_SWAP should depend on SWAP
jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal
tracing: Fix very unlikely race of registering two stat tracers
ext4, jbd2: ensure panic when aborting with zero errno
kconfig: fix broken dependency in randconfig-generated .config
clk: qcom: rcg2: Don't crash if our parent can't be found; return an error
drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table
regulator: rk808: Lower log level on optional GPIOs being not available
NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu().
reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status
b43legacy: Fix -Wcast-function-type
ipw2x00: Fix -Wcast-function-type
iwlegacy: Fix -Wcast-function-type
rtlwifi: rtl_pci: Fix -Wcast-function-type
orinoco: avoid assertion in case of NULL pointer
ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1
scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
ARM: dts: r8a7779: Add device node for ARM global timer
x86/vdso: Provide missing include file
pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs
ALSA: sh: Fix compile warning wrt const
tools lib api fs: Fix gcc9 stringop-truncation compilation error
usbip: Fix unsafe unaligned pointer usage
soc/tegra: fuse: Correct straps' address for older Tegra124 device trees
rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls
Input: edt-ft5x06 - work around first register access error
wan: ixp4xx_hss: fix compile-testing on 64-bit
ASoC: atmel: fix build error with CONFIG_SND_ATMEL_SOC_DMA=m
PCI: Don't disable bridge BARs when assigning bus resources
driver core: Print device when resources present in really_probe()
drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler
drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add
iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE
scsi: iscsi: Don't destroy session if there are outstanding connections
cmd64x: potential buffer overflow in cmd64x_program_timings()
ide: serverworks: potential overflow in svwks_set_pio_mode()
remoteproc: Initialize rproc_class before use
s390/ftrace: generate traced function stack frame
ALSA: hda - Add docking station support for Lenovo Thinkpad T420s
jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record
ARM: 8951/1: Fix Kexec compilation issue.
hostap: Adjust indentation in prism2_hostapd_add_sta
iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop
drm/nouveau/disp/nv50-: prevent oops when no channel method map provided
trigger_next should increase position index
radeon: insert 10ms sleep in dce5_crtc_load_lut
ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans()
lib/scatterlist.c: adjust indentation in __sg_alloc_table
reiserfs: prevent NULL pointer dereference in reiserfs_insert_item()
bcache: explicity type cast in bset_bkey_last()
irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building INVALL
microblaze: Prevent the overflow of the start
brd: check and limit max_part par
selinux: ensure we cleanup the internal AVC counters on error in avc_update()
enic: prevent waking up stopped tx queues over watchdog reset
floppy: check FDC index for errors before assigning it
staging: android: ashmem: Disallow ashmem memory from being remapped
staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi.
usb: uas: fix a plug & unplug racing
USB: Fix novation SourceControl XL after suspend
USB: hub: Don't record a connect-change event during reset-resume
staging: rtl8188eu: Fix potential security hole
staging: rtl8188eu: Fix potential overuse of kernel memory
x86/mce/amd: Fix kobject lifetime
tty: serial: imx: setup the correct sg entry for tx dma
Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()"
xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms
VT_RESIZEX: get rid of field-by-field copyin
vt: vt_ioctl: fix race in VT_RESIZEX
KVM: nVMX: Don't emulate instructions in guest mode
netfilter: xt_bpf: add overflow checks
ext4: fix a data race in EXT4_I(inode)->i_disksize
ext4: add cond_resched() to __ext4_find_entry()
KVM: nVMX: Refactor IO bitmap checks into helper function
KVM: nVMX: Check IO instruction VM-exit conditions
KVM: apic: avoid calculating pending eoi from an uninitialized val
Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents
scsi: Revert "RDMA/isert: Fix a recently introduced regression related to logout"
scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session"
ecryptfs: replace BUG_ON with error handling code
ALSA: rawmidi: Avoid bit fields for state flags
ALSA: seq: Avoid concurrent access to queue flags
ALSA: seq: Fix concurrent access to queue current tick/time
xen: Enable interrupts when calling _cond_resched()
Linux 4.4.215
Change-Id: I32c4136741a79ab940022d590d5ace780290acbb
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
commit 51dede9c05df2b78acd6dcf6a17d21f0877d2d7b upstream.
Accessing the MCA thresholding controls in sysfs concurrently with CPU
hotplug can lead to a couple of KASAN-reported issues:
BUG: KASAN: use-after-free in sysfs_file_ops+0x155/0x180
Read of size 8 at addr ffff888367578940 by task grep/4019
and
BUG: KASAN: use-after-free in show_error_count+0x15c/0x180
Read of size 2 at addr ffff888368a05514 by task grep/4454
for example. Both result from the fact that the threshold block
creation/teardown code frees the descriptor memory itself instead of
defining proper ->release function and leaving it to the driver core to
take care of that, after all sysfs accesses have completed.
Do that and get rid of the custom freeing code, fixing the above UAFs in
the process.
[ bp: write commit message. ]
Fixes: 95268664390b ("[PATCH] x86_64: mce_amd support for family 0x10 processors")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: <stable@vger.kernel.org>
Link: https://lkml.kernel.org/r/20200214082801.13836-1-bp@alien8.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.214
media: iguanair: fix endpoint sanity check
x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
sparc32: fix struct ipc64_perm type definition
ASoC: qcom: Fix of-node refcount unbalance to link->codec_of_node
cls_rsvp: fix rsvp_policy
net: hsr: fix possible NULL deref in hsr_handle_frame()
net_sched: fix an OOB access in cls_tcindex
tcp: clear tp->total_retrans in tcp_disconnect()
tcp: clear tp->segs_{in|out} in tcp_disconnect()
media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
mfd: dln2: More sanity checking for endpoints
brcmfmac: Fix memory leak in brcmf_usbdev_qinit
usb: gadget: legacy: set max_speed to super-speed
usb: gadget: f_ncm: Use atomic_t to track in-flight request
usb: gadget: f_ecm: Use atomic_t to track in-flight request
ALSA: dummy: Fix PCM format loop in proc output
lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more()
powerpc/pseries: Advance pfn if section is not present in lmb_is_removable()
mmc: spi: Toggle SPI polarity, do not hardcode it
PCI: keystone: Fix link training retries initiation
crypto: api - Check spawn->alg under lock in crypto_drop_spawn
scsi: qla2xxx: Fix mtcp dump collection failure
power: supply: ltc2941-battery-gauge: fix use-after-free
Revert "ovl: modify ovl_permission() to do checks on two inodes"
of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc
dm space map common: fix to ensure new block isn't already in use
crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
crypto: api - Fix race condition in crypto_spawn_alg
crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill
btrfs: set trans->drity in btrfs_commit_transaction
ARM: tegra: Enable PLLP bypass during Tegra124 LP1
mwifiex: fix unbalanced locking in mwifiex_process_country_ie()
sunrpc: expiry_time should be seconds not timeval
KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks
KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks
KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks
KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c
KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks
KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails
KVM: PPC: Book3S PR: Free shared page if mmu initialization fails
KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type
scsi: csiostor: Adjust indentation in csio_device_reset
scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free
ext2: Adjust indentation in ext2_fill_super
powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize
NFC: pn544: Adjust indentation in pn544_hci_check_presence
ppp: Adjust indentation into ppp_async_input
net: smc911x: Adjust indentation in smc911x_phy_configure
net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
mfd: da9062: Fix watchdog compatible string
mfd: rn5t618: Mark ADC control register volatile
net: systemport: Avoid RBUF stuck in Wake-on-LAN mode
bonding/alb: properly access headers in bond_alb_xmit()
NFS: Fix memory leaks and corruption in readdir
NFS: Fix bool initialization/comparison
NFS: Directory page cache pages need to be locked when read
Btrfs: fix assertion failure on fsync with NO_HOLES enabled
btrfs: remove trivial locking wrappers of tree mod log
Btrfs: fix race between adding and putting tree mod seq elements and nodes
drm: atmel-hlcdc: enable clock before configuring timing engine
KVM: x86: drop picdev_in_range()
KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks
KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks
KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
btrfs: flush write bio if we loop in extent_write_cache_pages
KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM
KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
KVM: nVMX: vmread should not set rflags to specify success in case of #PF
cifs: fail i/o on soft mounts if sessionsetup errors out
clocksource: Prevent double add_timer_on() for watchdog_timer
perf/core: Fix mlock accounting in perf_mmap()
ASoC: pcm: update FE/BE trigger order based on the command
scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails
rtc: hym8563: Return -EINVAL if the time is known to be invalid
ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node
ARM: dts: at91: sama5d3: fix maximum peripheral clock rates
ARM: dts: at91: sama5d3: define clock rate range for tcb1
powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW
pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B
mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held
libertas: make lbs_ibss_join_existing() return error code on rates overflow
dm: fix potential for q->make_request_fn NULL pointer
Linux 4.4.214
Change-Id: I4c59fc6feb5cc34402bc8bbaf29f3d1debfe6951
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 5efc6fa9044c3356d6046c6e1da6d02572dbed6b ]
/proc/cpuinfo currently reports Hardware Lock Elision (HLE) feature to
be present on boot cpu even if it was disabled during the bootup. This
is because cpuinfo_x86->x86_capability HLE bit is not updated after TSX
state is changed via the new MSR IA32_TSX_CTRL.
Update the cached HLE bit also since it is expected to change after an
update to CPUID_CLEAR bit in MSR IA32_TSX_CTRL.
Fixes: 95c5824f75f3 ("x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default")
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/2529b99546294c893dfa1c89e2b3e46da3369a59.1578685425.git.pawan.kumar.gupta@linux.intel.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.212
xfs: Sanity check flags of Q_XQUOTARM call
powerpc/archrandom: fix arch_get_random_seed_int()
mt7601u: fix bbp version check in mt7601u_wait_bbp_ready
drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset()
ALSA: hda: fix unused variable warning
ALSA: usb-audio: update quirk for B&W PX to remove microphone
staging: comedi: ni_mio_common: protect register write overflow
pcrypt: use format specifier in kobject_add
exportfs: fix 'passing zero to ERR_PTR()' warning
drm/dp_mst: Skip validating ports during destruction, just ref
pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group
pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group
pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group
pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group
pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group
pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field
pinctrl: sh-pfc: sh7734: Add missing IPSR11 field
pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field
pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value
Input: nomadik-ske-keypad - fix a loop timeout test
clk: highbank: fix refcount leak in hb_clk_init()
clk: qoriq: fix refcount leak in clockgen_init()
clk: socfpga: fix refcount leak
clk: samsung: exynos4: fix refcount leak in exynos4_get_xom()
clk: imx6q: fix refcount leak in imx6q_clocks_init()
clk: imx6sx: fix refcount leak in imx6sx_clocks_init()
clk: imx7d: fix refcount leak in imx7d_clocks_init()
clk: vf610: fix refcount leak in vf610_clocks_init()
clk: armada-370: fix refcount leak in a370_clk_init()
clk: kirkwood: fix refcount leak in kirkwood_clk_init()
clk: armada-xp: fix refcount leak in axp_clk_init()
IB/usnic: Fix out of bounds index check in query pkey
RDMA/ocrdma: Fix out of bounds index check in query pkey
media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL
crypto: tgr192 - fix unaligned memory access
ASoC: imx-sgtl5000: put of nodes if finding codec fails
rtc: cmos: ignore bogus century byte
tty: ipwireless: Fix potential NULL pointer dereference
rtc: ds1672: fix unintended sign extension
rtc: 88pm860x: fix unintended sign extension
rtc: 88pm80x: fix unintended sign extension
rtc: pm8xxx: fix unintended sign extension
fbdev: chipsfb: remove set but not used variable 'size'
pinctrl: sh-pfc: emev2: Add missing pinmux functions
pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group
pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups
block: don't use bio->bi_vcnt to figure out segment number
vfio_pci: Enable memory accesses before calling pci_map_rom
cdc-wdm: pass return value of recover_from_urb_loss
drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON
drm/nouveau/pmu: don't print reply values if exec is false
ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of()
fs/nfs: Fix nfs_parse_devname to not modify it's argument
clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable
ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used
regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA
nios2: ksyms: Add missing symbol exports
scsi: megaraid_sas: reduce module load time
xen, cpu_hotplug: Prevent an out of bounds access
net: sh_eth: fix a missing check of of_get_phy_mode
media: ivtv: update *pos correctly in ivtv_read_pos()
media: cx18: update *pos correctly in cx18_read_pos()
media: wl128x: Fix an error code in fm_download_firmware()
media: cx23885: check allocation return
jfs: fix bogus variable self-initialization
m68k: mac: Fix VIA timer counter accesses
ARM: OMAP2+: Fix potentially uninitialized return value for _setup_reset()
media: davinci-isif: avoid uninitialized variable use
spi: tegra114: clear packed bit for unpacked mode
spi: tegra114: fix for unpacked mode transfers
soc/fsl/qe: Fix an error code in qe_pin_request()
spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios
ehea: Fix a copy-paste err in ehea_init_port_res
scsi: qla2xxx: Unregister chrdev if module initialization fails
ARM: pxa: ssp: Fix "WARNING: invalid free of devm_ allocated data"
hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses
tipc: set sysctl_tipc_rmem and named_timeout right range
powerpc: vdso: Make vdso32 installation conditional in vdso_install
media: ov2659: fix unbalanced mutex_lock/unlock
6lowpan: Off by one handling ->nexthdr
dmaengine: axi-dmac: Don't check the number of frames for alignment
ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk()
packet: in recvmsg msg_name return at least sizeof sockaddr_ll
ASoC: fix valid stream condition
IB/mlx5: Add missing XRC options to QP optional params mask
iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
media: omap_vout: potential buffer overflow in vidioc_dqbuf()
media: davinci/vpbe: array underflow in vpbe_enum_outputs()
platform/x86: alienware-wmi: printing the wrong error code
netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule
ARM: riscpc: fix lack of keyboard interrupts after irq conversion
kdb: do a sanity check on the cpu in kdb_per_cpu()
backlight: lm3630a: Return 0 on success in update_status functions
thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power
spi: spi-fsl-spi: call spi_finalize_current_message() at the end
misc: sgi-xp: Properly initialize buf in xpc_get_rsvd_page_pa
iommu: Use right function to get group for device
signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig
inet: frags: call inet_frags_fini() after unregister_pernet_subsys()
media: vivid: fix incorrect assignment operation when setting video mode
powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
drm/msm/mdp5: Fix mdp5_cfg_init error return
net/af_iucv: always register net_device notifier
ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs
rtc: pcf8563: Clear event flags and disable interrupts before requesting irq
drm/msm/a3xx: remove TPL1 regs from snapshot
iommu/amd: Make iommu_disable safer
mfd: intel-lpss: Release IDA resources
devres: allow const resource arguments
net: pasemi: fix an use-after-free in pasemi_mac_phy_init()
scsi: libfc: fix null pointer dereference on a null lport
libertas_tf: Use correct channel range in lbtf_geo_init
usb: host: xhci-hub: fix extra endianness conversion
mic: avoid statically declaring a 'struct device'.
x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI
ALSA: aoa: onyx: always initialize register read value
cifs: fix rmmod regression in cifs.ko caused by force_sig changes
crypto: caam - free resources in case caam_rng registration failed
ext4: set error return correctly when ext4_htree_store_dirent fails
ASoC: es8328: Fix copy-paste error in es8328_right_line_controls
ASoC: cs4349: Use PM ops 'cs4349_runtime_pm'
ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls
signal: Allow cifs and drbd to receive their terminating signals
dmaengine: dw: platform: Switch to acpi_dma_controller_register()
mac80211: minstrel_ht: fix per-group max throughput rate initialization
mips: avoid explicit UB in assignment of mips_io_port_base
ahci: Do not export local variable ahci_em_messages
Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()"
power: supply: Init device wakeup after device_add()
x86, perf: Fix the dependency of the x86 insn decoder selftest
bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA
iio: dac: ad5380: fix incorrect assignment to val
ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init
net: sonic: return NETDEV_TX_OK if failed to map buffer
Btrfs: fix hang when loading existing inode cache off disk
hwmon: (shtc1) fix shtc1 and shtw1 id mask
net: sonic: replace dev_kfree_skb in sonic_send_packet
net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names'
iommu/amd: Wait for completion of IOTLB flush in attach_device
net: hisilicon: Fix signedness bug in hix5hd2_dev_probe()
net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()
mac80211: accept deauth frames in IBSS mode
llc: fix another potential sk_buff leak in llc_ui_sendmsg()
llc: fix sk_buff refcounting in llc_conn_state_process()
net: stmmac: fix length of PTP clock's name string
drm/msm/dsi: Implement reset correctly
dmaengine: imx-sdma: fix size check for sdma script_number
net: qca_spi: Move reset_count to struct qcaspi
media: ov6650: Fix incorrect use of JPEG colorspace
media: ov6650: Fix some format attributes not under control
media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support
MIPS: Loongson: Fix return value of loongson_hwmon_init
net: neigh: use long type to store jiffies delta
packet: fix data-race in fanout_flow_is_huge()
dmaengine: ti: edma: fix missed failure handling
drm/radeon: fix bad DMA from INTERRUPT_CNTL2
arm64: dts: juno: Fix UART frequency
m68k: Call timer_interrupt() with interrupts disabled
can, slip: Protect tty->disc_data in write_wakeup and close with RCU
firestream: fix memory leaks
net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM
net, ip_tunnel: fix namespaces move
net_sched: fix datalen for ematch
net: usb: lan78xx: Add .ndo_features_check
hwmon: (adt7475) Make volt2reg return same reg as reg2volt input
Input: keyspan-remote - fix control-message timeouts
ARM: 8950/1: ftrace/recordmcount: filter relocation types
mmc: sdhci: fix minimum clock rate for v3 controller
Input: sur40 - fix interface sanity checks
Input: gtco - fix endpoint sanity check
Input: aiptek - fix endpoint sanity check
hwmon: (nct7802) Fix voltage limits to wrong registers
scsi: RDMA/isert: Fix a recently introduced regression related to logout
tracing: xen: Ordered comparison of function pointers
do_last(): fetch directory ->i_mode and ->i_uid before it's too late
iio: buffer: align the size of scan bytes to size of the largest element
scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
md: Avoid namespace collision with bitmap API
bitmap: Add bitmap_alloc(), bitmap_zalloc() and bitmap_free()
netfilter: ipset: use bitmap infrastructure completely
net/x25: fix nonblocking connect
libertas: Fix two buffer overflows at parsing bss descriptor
Linux 4.4.212
Change-Id: Ic427b213b19cb47b394a4ddc4ed48c7278376c71
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
[ Upstream commit 2591bc4e8d70b4e1330d327fb7e3921f4e070a51 ]
apic->send_IPI_allbutself() takes a vector number as argument.
APIC_DM_NMI is clearly not a vector number. It's defined to 0x400 which is
outside the vector space.
Use NMI_VECTOR instead as that's what it is intended to be.
Fixes: 82da3ff89dc2 ("x86: kgdb support")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lkml.kernel.org/r/20190722105218.855189979@linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |\|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes in 4.4.208
btrfs: do not leak reloc root if we fail to read the fs root
btrfs: handle ENOENT in btrfs_uuid_tree_iterate
ALSA: hda/ca0132 - Keep power on during processing DSP response
ALSA: hda/ca0132 - Avoid endless loop
drm: mst: Fix query_payload ack reply struct
iio: light: bh1750: Resolve compiler warning and make code more readable
spi: Add call to spi_slave_abort() function when spidev driver is released
staging: rtl8188eu: fix possible null dereference
rtlwifi: prevent memory leak in rtl_usb_probe
IB/iser: bound protection_sg size by data_sg size
media: am437x-vpfe: Setting STD to current value is not an error
media: i2c: ov2659: fix s_stream return value
media: i2c: ov2659: Fix missing 720p register config
media: ov6650: Fix stored frame format not in sync with hardware
tools/power/cpupower: Fix initializer override in hsw_ext_cstates
usb: renesas_usbhs: add suspend event support in gadget mode
hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled
regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe()
media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init()
samples: pktgen: fix proc_cmd command result check logic
mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format
media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number
media: ti-vpe: vpe: Make sure YUYV is set as default format
extcon: sm5502: Reset registers during initialization
x86/mm: Use the correct function type for native_set_fixmap()
perf report: Add warning when libunwind not compiled in
iio: adc: max1027: Reset the device at probe time
Bluetooth: hci_core: fix init for HCI_USER_CHANNEL
drm/gma500: fix memory disclosures due to uninitialized bytes
x86/ioapic: Prevent inconsistent state when moving an interrupt
arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill()
libata: Ensure ata_port probe has completed before detach
pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B
bnx2x: Fix PF-VF communication over multi-cos queues.
spi: img-spfi: fix potential double release
rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt()
perf probe: Fix to find range-only function instance
perf probe: Fix to list probe event with correct line number
perf probe: Walk function lines in lexical blocks
perf probe: Fix to probe an inline function which has no entry pc
perf probe: Fix to show ranges of variables in functions without entry_pc
perf probe: Fix to show inlined function callsite without entry_pc
perf probe: Skip overlapped location on searching variables
perf probe: Return a better scope DIE if there is no best scope
perf probe: Fix to show calling lines of inlined functions
perf probe: Skip end-of-sequence and non statement lines
perf probe: Filter out instances except for inlined subroutine and subprogram
ath10k: fix get invalid tx rate for Mesh metric
media: pvrusb2: Fix oops on tear-down when radio support is not present
media: si470x-i2c: add missed operations in remove
EDAC/ghes: Fix grain calculation
spi: pxa2xx: Add missed security checks
ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile
parport: load lowlevel driver if ports not found
cpufreq: Register drivers only after CPU devices have been registered
x86/crash: Add a forward declaration of struct kimage
spi: tegra20-slink: add missed clk_unprepare
btrfs: don't prematurely free work in end_workqueue_fn()
iwlwifi: check kasprintf() return value
fbtft: Make sure string is NULL terminated
crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c
crypto: vmx - Avoid weird build failures
libtraceevent: Fix memory leakage in copy_filter_type
net: phy: initialise phydev speed and duplex sanely
Revert "mmc: sdhci: Fix incorrect switch to HS mode"
usb: xhci: Fix build warning seen with CONFIG_PM=n
btrfs: do not call synchronize_srcu() in inode_tree_del
btrfs: return error pointer from alloc_test_extent_buffer
btrfs: abort transaction after failed inode updates in create_subvol
Btrfs: fix removal logic of the tree mod log that leads to use-after-free issues
ALSA: pcm: Avoid possible info leaks from PCM stream buffers
af_packet: set defaule value for tmo
fjes: fix missed check in fjes_acpi_add
mod_devicetable: fix PHY module format
net: hisilicon: Fix a BUG trigered by wrong bytes_compl
net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive()
net: qlogic: Fix error paths in ql_alloc_large_buffers()
net: usb: lan78xx: Fix suspend/resume PHY register access error
sctp: fully initialize v4 addr in some functions
net: dst: Force 4-byte alignment of dst_metrics
usbip: Fix error path of vhci_recv_ret_submit()
USB: EHCI: Do not return -EPIPE when hub is disconnected
platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes
staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value
ext4: check for directory entries too close to block end
powerpc/irq: fix stack overflow verification
mmc: sdhci-of-esdhc: fix P2020 errata handling
perf probe: Fix to show function entry line as probe-able
scsi: mpt3sas: Fix clear pending bit in ioctl status
scsi: lpfc: Fix locking on mailbox command completion
Input: atmel_mxt_ts - disable IRQ across suspend
iommu/tegra-smmu: Fix page tables in > 4 GiB memory
scsi: target: compare full CHAP_A Algorithm strings
scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices
scsi: csiostor: Don't enable IRQs too early
powerpc/pseries: Mark accumulate_stolen_time() as notrace
dma-debug: add a schedule point in debug_dma_dump_mappings()
clocksource/drivers/asm9260: Add a check for of_clk_get
powerpc/security/book3s64: Report L1TF status in sysfs
jbd2: Fix statistics for the number of logged blocks
scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6)
scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow
clk: qcom: Allow constant ratio freq tables for rcg
irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary
irqchip: ingenic: Error out if IRQ domain creation failed
fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long
scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences
scsi: ufs: fix potential bug which ends in system hang
powerpc/pseries/cmm: Implement release() function for sysfs device
powerpc/security: Fix wrong message when RFI Flush is disable
clk: pxa: fix one of the pxa RTC clocks
bcache: at least try to shrink 1 node in bch_mca_scan()
HID: Improve Windows Precision Touchpad detection.
ext4: work around deleting a file with i_nlink == 0 safely
scsi: pm80xx: Fix for SATA device discovery
scsi: target: iscsi: Wait for all commands to finish before freeing a session
gpio: mpc8xxx: Don't overwrite default irq_set_type callback
scripts/kallsyms: fix definitely-lost memory leak
cdrom: respect device capabilities during opening action
perf regs: Make perf_reg_name() return "unknown" instead of NULL
libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h
s390/cpum_sf: Check for SDBT and SDB consistency
ocfs2: fix passing zero to 'PTR_ERR' warning
kernel: sysctl: make drop_caches write-only
ALSA: hda - Downgrade error message for single-cmd fallback
Make filldir[64]() verify the directory entry filename is valid
filldir[64]: remove WARN_ON_ONCE() for bad directory entries
net: davinci_cpdma: use dma_addr_t for DMA address
netfilter: ebtables: compat: reject all padding in matches/watchers
6pack,mkiss: fix possible deadlock
netfilter: bridge: make sure to pull arp header in br_nf_forward_arp()
net: icmp: fix data-race in cmp_global_allow()
hrtimer: Annotate lockless access to timer->state
mmc: sdhci: Update the tuning failed messages to pr_debug level
tcp: do not send empty skb from tcp_write_xmit()
Linux 4.4.208
Change-Id: I1c710061be5b595f822b45a87d852b85512d7783
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
