80b5ad02679f53cac7629dacb0cf3849bbcdd19f
69236 次程式碼提交
| 作者 | SHA1 | 備註 | 日期 | |
|---|---|---|---|---|
Ivaylo Georgiev
|
0c808a6c34 |
Merge android12-5.10.16 (a6310f1) into msm-5.10
* refs/heads/tmp-a6310f1:
Linux 5.10.16
squashfs: add more sanity checks in xattr id lookup
squashfs: add more sanity checks in inode lookup
squashfs: add more sanity checks in id lookup
squashfs: avoid out of bounds writes in decompressors
Revert "mm: memcontrol: avoid workload stalls when lowering memory.high"
nilfs2: make splice write available again
drm/i915: Skip vswing programming for TBT
drm/i915: Fix ICL MG PHY vswing handling
bpf: Fix verifier jsgt branch analysis on max bound
bpf: Fix 32 bit src register truncation on div/mod
bpf: Fix verifier jmp32 pruning decision logic
regulator: Fix lockdep warning resolving supplies
blk-cgroup: Use cond_resched() when destroy blkgs
i2c: mediatek: Move suspend and resume handling to NOIRQ phase
SUNRPC: Handle 0 length opaque XDR object data properly
SUNRPC: Move simple_get_bytes and simple_get_netobj into private header
iwlwifi: queue: bail out on invalid freeing
iwlwifi: mvm: guard against device removal in reprobe
iwlwifi: pcie: add rules to match Qu with Hr2
iwlwifi: mvm: invalidate IDs of internal stations at mvm start
iwlwifi: pcie: fix context info memory leak
iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap
iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time()
iwlwifi: mvm: skip power command when unbinding vif during CSA
ASoC: Intel: sof_sdw: set proper flags for Dell TGL-H SKU 0A5E
ASoC: ak4458: correct reset polarity
ALSA: hda: intel-dsp-config: add PCI id for TGL-H
pNFS/NFSv4: Improve rejection of out-of-order layouts
pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process()
chtls: Fix potential resource leak
ASoC: Intel: Skylake: Zero snd_ctl_elem_value
mac80211: 160MHz with extended NSS BW in CSA
drm/nouveau/nvif: fix method count when pushing an array
ASoC: wm_adsp: Fix control name parsing for multi-fw
regulator: core: avoid regulator_resolve_supply() race condition
af_key: relax availability checks for skb size calculation
powerpc/64/signal: Fix regression in __kernel_sigtramp_rt64() semantics
gpiolib: cdev: clear debounce period if line set to output
io_uring: drop mm/files between task_work_submit
io_uring: reinforce cancel on flush during exit
io_uring: fix sqo ownership false positive warning
io_uring: fix list corruption for splice file_get
io_uring: fix flush cqring overflow list while TASK_INTERRUPTIBLE
io_uring: fix cancellation taking mutex while TASK_UNINTERRUPTIBLE
io_uring: replace inflight_wait with tctx->wait
io_uring: fix __io_uring_files_cancel() with TASK_UNINTERRUPTIBLE
io_uring: if we see flush on exit, cancel related tasks
io_uring: account io_uring internal files as REQ_F_INFLIGHT
io_uring: fix files cancellation
io_uring: always batch cancel in *cancel_files()
io_uring: pass files into kill timeouts/poll
io_uring: don't iterate io_uring_cancel_files()
io_uring: add a {task,files} pair matching helper
io_uring: simplify io_task_match()
UPSTREAM: Documentation: connector: Update the description of sink-vdos
ANDROID: GKI: enable CONFIG_FAIR_GROUP_SCHED
Revert "ANDROID: gki_defconfig: enable CONFIG_KASAN_HW_TAGS"
ANDROID: GKI: bring WPAN into GKI
FROMGIT: arm64: cpufeatures: Allow disabling of Pointer Auth from the command-line
FROMGIT: arm64: Defer enabling pointer authentication on boot core
FROMGIT: arm64: cpufeatures: Allow disabling of BTI from the command-line
FROMGIT: arm64: Move "nokaslr" over to the early cpufeature infrastructure
FROMGIT: KVM: arm64: Document HVC_VHE_RESTART stub hypercall
FROMGIT: arm64: Make kvm-arm.mode={nvhe, protected} an alias of id_aa64mmfr1.vh=0
FROMGIT: arm64: Add an aliasing facility for the idreg override
FROMGIT: arm64: Honor VHE being disabled from the command-line
FROMGIT: arm64: Allow ID_AA64MMFR1_EL1.VH to be overridden from the command line
FROMGIT: arm64: cpufeature: Add an early command-line cpufeature override facility
FROMGIT: arm64: Extract early FDT mapping from kaslr_early_init()
FROMGIT: arm64: cpufeature: Use IDreg override in __read_sysreg_by_encoding()
FROMGIT: arm64: cpufeature: Add global feature override facility
FROMGIT: arm64: Move SCTLR_EL1 initialisation to EL-agnostic code
FROMGIT: arm64: Simplify init_el2_state to be non-VHE only
FROMGIT: arm64: Move VHE-specific SPE setup to mutate_to_vhe()
FROMGIT: arm64: Drop early setting of MDSCR_EL2.TPMS
FROMGIT: arm64: Initialise as nVHE before switching to VHE
FROMGIT: arm64: Provide an 'upgrade to VHE' stub hypercall
FROMGIT: arm64: Turn the MMU-on sequence into a macro
FROMGIT: arm64: Fix outdated TCR setup comment
FROMGIT: arm64: Fix labels in el2_setup macros
UPSTREAM: arm64: Extend the kernel command line from the bootloader
Revert "ANDROID: arm64: copy CONFIG_CMDLINE_EXTEND from ARM"
UPSTREAM: arm64: kaslr: Refactor early init command line parsing
ANDROID: GKI: amlogic: add DTB overlays
ANDROID: GKI: add support for Amlogic SoCs, everything as modules
ANDROID: GKI: Kconfig.gki: add hidden PHY configs
ANDROID: GKI: enable networking; add hidden network configs
ANDROID: GKI: Enable CONFIG_CMA_DEBUGFS
ANDROID: dmabuf: Add mmap_count to struct dmabuf
FROMLIST: arm64: meson: remove MESON_IRQ_GPIO selection
FROMLIST: irqchip: irq-meson-gpio: make it possible to build as a module
UPSTREAM: tty: serial: meson: enable console as module
UPSTREAM: arm64: Kconfig: meson: drop pinctrl
UPSTREAM: firmware: meson-sm: enable build as module
UPSTREAM: soc: meson: enable building drivers as modules
UPSTREAM: soc: amlogic: socinfo: build for specific arch
UPSTREAM: arm64: meson: ship only the necessary clock controllers
UPSTREAM: clk: meson: enable building as modules
UPSTREAM: clk: avoid devm_clk_release name clash
UPSTREAM: clk: meson: g12: use devm variant to register notifiers
UPSTREAM: clk: add devm variant of clk_notifier_register
UPSTREAM: clk: meson: g12: drop use of __clk_lookup()
UPSTREAM: clk: add api to get clk consumer from clk_hw
UPSTREAM: reset: meson: make it possible to build as a module
UPSTREAM: pinctrl/meson: enable building as modules
BACKPORT: FROMGIT: mm: filemap: Fix microblaze build failure with 'mmu_defconfig'
BACKPORT: FROMGIT: mm/nommu: Fix return type of filemap_map_pages()
BACKPORT: FROMGIT: Mark anonymous struct field of 'struct vm_fault' as 'const'
BACKPORT: FROMGIT: mm: Use static initialisers for immutable fields of 'struct vm_fault'
BACKPORT: FROMGIT: mm: Avoid modifying vmf.address in __collapse_huge_page_swapin()
BACKPORT: FROMGIT: mm: Pass 'address' to map to do_set_pte() and drop FAULT_FLAG_PREFAULT
BACKPORT: FROMGIT: mm: Move immutable fields of 'struct vm_fault' into anonymous struct
BACKPORT: FROMGIT: arm64: mm: Implement arch_wants_old_prefaulted_pte()
BACKPORT: FROMGIT: mm: Allow architectures to request 'old' entries when prefaulting
BACKPORT: FROMGIT: mm: Cleanup faultaround and finish_fault() codepaths
UPSTREAM: regulator: Fix lockdep warning resolving supplies
UPSTREAM: regulator: core: avoid regulator_resolve_supply() race condition
ANDROID: Add EXPORT_SYMBOL_GPL for dma_heap_get_name
FROMLIST: dma-buf: heaps: Fix the name used when exporting dmabufs to be the actual heap name
BACKPORT: FROMLIST: dma-buf: dma-heap: Provide accessor to get heap name
FROMLIST: BACKPORT: procfs/dmabuf: Add inode number to /proc/*/fdinfo
FROMLIST: procfs: Allow reading fdinfo with PTRACE_MODE_READ
FROMGIT: sched/deadline: Reduce rq lock contention in dl_add_task_root_domain()
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/connector/usb-connector.yaml
Change-Id: Ife47d25dbe24585c11ba139ab884115edeeda4c9
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>
|
||
|
Ivaylo Georgiev
|
0fc19ea22d |
Merge android12-5.10.15 (1092f69) into msm-5.10
* refs/heads/tmp-1092f69: Linux 5.10.15 net: sched: replaced invalid qdisc tree flush helper in qdisc_replace net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add udp: ipv4: manipulate network header of NATed UDP GRO fraglist net: ip_tunnel: fix mtu calculation neighbour: Prevent a dead entry from updating gc_list igc: Report speed and duplex as unknown when device is runtime suspended md: Set prev_flush_start and flush_bio in an atomic way Input: ili210x - implement pressure reporting for ILI251x Input: xpad - sync supported devices with fork on GitHub Input: goodix - add support for Goodix GT9286 chip x86/apic: Add extra serialization for non-serializing MSRs x86/debug: Prevent data breakpoints on cpu_dr7 x86/debug: Prevent data breakpoints on __per_cpu_offset x86/debug: Fix DR6 handling x86/build: Disable CET instrumentation in the kernel mm/filemap: add missing mem_cgroup_uncharge() to __add_to_page_cache_locked() mm: thp: fix MADV_REMOVE deadlock on shmem THP mm/vmalloc: separate put pages and flush VM flags mm, compaction: move high_pfn to the for loop scope mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active mm: hugetlb: fix a race between isolating and freeing page mm: hugetlb: fix a race between freeing and dissolving the page mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page ARM: 9043/1: tegra: Fix misplaced tegra_uart_config in decompressor ARM: footbridge: fix dc21285 PCI configuration accessors ARM: dts; gta04: SPI panel chip select is active low DTS: ARM: gta04: remove legacy spi-cs-high to make display work again KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset KVM: x86: Update emulator context mode if SYSENTER xfers to 64-bit mode KVM: x86: fix CPUID entries returned by KVM_GET_CPUID2 ioctl KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off KVM: x86/mmu: Fix TDP MMU zap collapsible SPTEs KVM: SVM: Treat SVM as unsupported when running as an SEV guest nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs io_uring: don't modify identity's files uncess identity is cowed drm/amd/display: Revert "Fix EDID parsing after resume from suspend" drm/i915: Power up combo PHY lanes for for HDMI as well drm/i915: Extract intel_ddi_power_up_lanes() drm/i915/display: Prevent double YUV range correction on HDR planes drm/i915/gt: Close race between enable_breadcrumbs and cancel_breadcrumbs drm/i915/gem: Drop lru bumping on display unpinning drm/i915: Fix the MST PBN divider calculation drm/dp/mst: Export drm_dp_get_vc_payload_bw() Fix unsynchronized access to sev members through svm_register_enc_region mmc: core: Limit retries when analyse of SDIO tuples fails mmc: sdhci-pltfm: Fix linking err for sdhci-brcmstb smb3: fix crediting for compounding when only one request in flight smb3: Fix out-of-bounds bug in SMB2_negotiate() iommu: Check dev->iommu in dev_iommu_priv_get() before dereferencing it cifs: report error instead of invalid when revalidating a dentry fails RISC-V: Define MAXPHYSMEM_1GB only for RV32 xhci: fix bounce buffer usage for non-sg list case scripts: use pkg-config to locate libcrypto genirq/msi: Activate Multi-MSI early when MSI_FLAG_ACTIVATE_EARLY is set genirq: Prevent [devm_]irq_alloc_desc from returning irq 0 libnvdimm/dimm: Avoid race between probe and available_slots_show() libnvdimm/namespace: Fix visibility of namespace resource attribute tracepoint: Fix race between tracing and removing tracepoint tracing: Use pause-on-trace with the latency tracers kretprobe: Avoid re-registration of the same kretprobe earlier tracing/kprobe: Fix to support kretprobe events on unloaded modules fgraph: Initialize tracing_graph_pause at task creation gpiolib: free device name on error path to fix kmemleak mac80211: fix station rate table updates on assoc ovl: implement volatile-specific fsync error behaviour ovl: avoid deadlock on directory ioctl ovl: fix dentry leak in ovl_get_redirect thunderbolt: Fix possible NULL pointer dereference in tb_acpi_add_link() kbuild: fix duplicated flags in DEBUG_CFLAGS memblock: do not start bottom-up allocations with kernel_end vdpa/mlx5: Restore the hardware used index after change map nvmet-tcp: fix out-of-bounds access when receiving multiple h2cdata PDUs ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode net: ipa: pass correct dma_handle to dma_free_coherent() r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set net: mvpp2: TCAM entry enable should be written after SRAM data net: lapb: Copy the skb before sending a packet net/mlx5e: Release skb in case of failure in tc update skb net/mlx5e: Update max_opened_tc also when channels are closed net/mlx5: Fix leak upon failure of rule creation net/mlx5: Fix function calculation for page trees ibmvnic: device remove has higher precedence over reset i40e: Revert "i40e: don't report link up for a VF who hasn't enabled queues" igc: check return value of ret_val in igc_config_fc_after_link_up igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr SUNRPC: Fix NFS READs that start at non-page-aligned offsets arm64: dts: ls1046a: fix dcfg address range rxrpc: Fix deadlock around release of dst cached on udp tunnel r8169: work around RTL8125 UDP hw bug arm64: dts: meson: switch TFLASH_VDD_EN pin to open drain on Odroid-C4 bpf, preload: Fix build when $(O) points to a relative path um: virtio: free vu_dev only with the contained struct device bpf, inode_storage: Put file handler if no storage was found bpf, cgroup: Fix problematic bounds check bpf, cgroup: Fix optlen WARN_ON_ONCE toctou vdpa/mlx5: Fix memory key MTT population ARM: dts: stm32: Fix GPIO hog flags on DHCOM DRC02 ARM: dts: stm32: Disable optional TSC2004 on DRC02 board ARM: dts: stm32: Disable WP on DHCOM uSD slot ARM: dts: stm32: Connect card-detect signal on DHCOM ARM: dts: stm32: Fix polarity of the DH DRC02 uSD card detect arm64: dts: rockchip: Use only supported PCIe link speed on Pinebook Pro arm64: dts: rockchip: fix vopl iommu irq on px30 arm64: dts: amlogic: meson-g12: Set FL-adj property value Input: i8042 - unbreak Pegatron C15B arm64: dts: qcom: c630: keep both touchpad devices enabled ARM: OMAP1: OSK: fix ohci-omap breakage usb: xhci-mtk: break loop when find the endpoint to drop usb: xhci-mtk: skip dropping bandwidth of unchecked endpoints usb: xhci-mtk: fix unreleased bandwidth data usb: dwc3: fix clock issue during resume in OTG mode usb: dwc2: Fix endpoint direction check in ep_from_windex usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop() USB: usblp: don't call usb_set_interface if there's a single alt usb: gadget: aspeed: add missing of_node_put USB: gadget: legacy: fix an error code in eth_bind() usb: host: xhci: mvebu: make USB 3.0 PHY optional for Armada 3720 USB: serial: option: Adding support for Cinterion MV31 USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 USB: serial: cp210x: add pid/vid for WSDA-200-USB ANDROID: db845c: Use FRAGMENT_CONFIG ANDROID: gki_defconfig: enable CONFIG_KASAN_HW_TAGS ANDROID: x86/mm: fix vm_area_struct leak in speculative pagefault handling ANDROID: iommu: Add vendor hook ANDROID: abi_gki_aarch64_db845c: KMI update for dmabuf heaps deferred-free/pagepool functionality ANDROID: dma-buf: system_heap: Add deferred freeing to the system heap ANDROID: dma-buf: system_heap: Add pagepool support to system heap ANDROID: dma-buf: heaps: Add a shrinker controlled page pool ANDROID: dma-buf: heaps: Add deferred-free-helper library code ANDROID: sched: Fix wake_q length tracking ANDROID: GKI: update .xml file ANDROID: net: introduce ip_local_unbindable_ports sysctl UPSTREAM: dt-bindings: connector: Add SVDM VDO properties UPSTREAM: dt-bindings: connector: Add property to set initial current cap for FRS UPSTREAM: usb: typec: tcpm: Get Sink VDO from fwnode UPSTREAM: usb: typec: displayport: Fill the negotiated SVDM Version in the header UPSTREAM: usb: typec: ucsi: Determine common SVDM Version UPSTREAM: usb: typec: tcpm: Determine common SVDM Version UPSTREAM: usb: pd: Make SVDM Version configurable in VDM header UPSTREAM: usb: typec: Manage SVDM version UPSTREAM: usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt UPSTREAM: usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 Revert "ANDROID: configs: GKI: disable ARMv8.3 PAC" Conflicts: Documentation/devicetree/bindings Documentation/devicetree/bindings/connector/usb-connector.yaml Change-Id: I0191f30199dd8929c37159b0c6977f51fc4e9bcb Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
|
Ivaylo Georgiev
|
2a3dbbd786 |
Merge android12-5.10.14 (d0d8327) into msm-5.10
* refs/heads/tmp-d0d8327:
ANDROID: mm/memory_hotplug: fix check for proper subsection removal
Revert "FROMLIST: dt-bindings: reserved-memory: Make DMA-BUF CMA heap DT-configurable"
Revert "FROMLIST: dma-buf: heaps: add chunk heap to dmabuf heaps"
ANDROID: gki_defconfig: Enable NL80211_TESTMODE
UPSTREAM: dt-binding: usb: Include USB SSP rates in GenXxY
UPSTREAM: dt-bindings: usb: Add generic "usb-phy" property
UPSTREAM: dt-bindings: usb: Add "ulpi/serial/hsic" PHY types
UPSTREAM: dt-bindings: usb: Convert generic USB properties to DT schemas
UPSTREAM: dt-bindings: usb: usb-hcd: Detach generic USB controller properties
UPSTREAM: usb: dwc3: gadget: Set speed only up to the max supported
UPSTREAM: usb: dwc3: gadget: Track connected SSP rate and lane count
UPSTREAM: usb: dwc3: gadget: Implement setting of SSP rate
UPSTREAM: usb: dwc3: core: Check maximum_speed SSP genXxY
UPSTREAM: usb: common: Parse for USB SSP genXxY
FROMGIT: kasan: untag addresses for KFENCE
BACKPORT: kasan: remove redundant config option
FROMGIT: kasan: don't run tests when KASAN is not enabled
FROMGIT: kasan: add a test for kmem_cache_alloc/free_bulk
FROMGIT: kasan: add proper page allocator tests
FROMGIT: kasan: fix bug detection via ksize for HW_TAGS mode
FROMGIT: kasan: move _RET_IP_ to inline wrappers
FROMGIT: kasan: fix memory corruption in kasan_bitops_tags test
FROMGIT: kasan: adapt kmalloc_uaf2 test to HW_TAGS mode
FROMGIT: kasan: add compiler barriers to KUNIT_EXPECT_KASAN_FAIL
FROMGIT: kasan: rename CONFIG_TEST_KASAN_MODULE
FROMGIT: kasan, arm64: allow using KUnit tests with HW_TAGS mode
FROMGIT: kasan: add match-all tag tests
FROMGIT: kasan: add macros to simplify checking test constraints
FROMGIT: kasan: clean up comments in tests
FROMGIT: kasan: clarify HW_TAGS impact on TBI
FROMGIT: kasan: prefix global functions with kasan_
Linux 5.10.14
workqueue: Restrict affinity change to rescuer
kthread: Extract KTHREAD_IS_PER_CPU
x86/cpu: Add another Alder Lake CPU to the Intel family
objtool: Don't fail the kernel build on fatal errors
habanalabs: disable FW events on device removal
habanalabs: fix backward compatibility of idle check
habanalabs: zero pci counters packet before submit to FW
drm/amd/display: Fixed corruptions on HPDRX link loss restore
drm/amd/display: Use hardware sequencer functions for PG control
drm/amd/display: Change function decide_dp_link_settings to avoid infinite looping
drm/amd/display: Allow PSTATE chnage when no displays are enabled
drm/amd/display: Update dram_clock_change_latency for DCN2.1
selftests/powerpc: Only test lwm/stmw on big endian
platform/x86: thinkpad_acpi: Add P53/73 firmware to fan_quirk_table for dual fan control
nvmet: set right status on error in id-ns handler
nvme-pci: allow use of cmb on v1.4 controllers
nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout
nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout
nvme: check the PRINFO bit before deciding the host buffer length
udf: fix the problem that the disc content is not displayed
i2c: tegra: Create i2c_writesl_vi() to use with VI I2C for filling TX FIFO
ALSA: hda: Add Cometlake-R PCI ID
scsi: ibmvfc: Set default timeout to avoid crash during migration
mac80211: fix encryption key selection for 802.3 xmit
mac80211: fix fast-rx encryption check
mac80211: fix incorrect strlen of .write in debugfs
objtool: Don't add empty symbols to the rbtree
ALSA: hda: Add AlderLake-P PCI ID and HDMI codec vid
ASoC: SOF: Intel: hda: Resume codec to do jack detection
scsi: fnic: Fix memleak in vnic_dev_init_devcmd2
scsi: libfc: Avoid invoking response handler twice if ep is already completed
scsi: scsi_transport_srp: Don't block target in failfast state
x86: __always_inline __{rd,wr}msr()
locking/lockdep: Avoid noinstr warning for DEBUG_LOCKDEP
habanalabs: fix dma_addr passed to dma_mmap_coherent
platform/x86: intel-vbtn: Support for tablet mode on Dell Inspiron 7352
platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix touchscreen on Estar Beauty HD tablet
tools/power/x86/intel-speed-select: Set higher of cpuinfo_max_freq or base_frequency
tools/power/x86/intel-speed-select: Set scaling_max_freq to base_frequency
phy: cpcap-usb: Fix warning for missing regulator_disable
iommu/vt-d: Do not use flush-queue when caching-mode is on
ARM: 9025/1: Kconfig: CPU_BIG_ENDIAN depends on !LD_IS_LLD
Revert "x86/setup: don't remove E820_TYPE_RAM for pfn 0"
arm64: Do not pass tagged addresses to __is_lm_address()
arm64: Fix kernel address detection of __is_lm_address()
arm64: dts: meson: Describe G12b GPU as coherent
drm/panfrost: Support cache-coherent integrations
iommu/io-pgtable-arm: Support coherency for Mali LPAE
ibmvnic: Ensure that CRQ entry read are correctly ordered
net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP
net: dsa: bcm_sf2: put device node before return
mlxsw: spectrum_span: Do not overwrite policer configuration
stmmac: intel: Configure EHL PSE0 GbE and PSE1 GbE to 32 bits DMA addressing
net: octeontx2: Make sure the buffer is 128 byte aligned
net: fec: put child node on error path
net: stmmac: dwmac-intel-plat: remove config data on error
net: dsa: microchip: Adjust reset release timing to match reference reset circuit
ANDROID: usb: gadget: configfs: Move CONFIGFS_UEVENT #endif
ANDROID: GKI: Enable KFENCE
FROMGIT: KVM: arm64: Move __hyp_set_vectors out of .hyp.text
FROMGIT: KVM: arm64: Stub EXPORT_SYMBOL for nVHE EL2 code
FROMGIT: asm-generic: export: Stub EXPORT_SYMBOL with __DISABLE_EXPORTS
FROMGIT: KVM: arm64: Correct spelling of DBGDIDR register
FROMGIT: KVM: arm64: Use symbolic names for the PMU versions
FROMGIT: KVM: arm64: Upgrade PMU support to ARMv8.4
FROMGIT: KVM: arm64: Limit the debug architecture to ARMv8.0
FROMGIT: KVM: arm64: Refactor filtering of ID registers
FROMGIT: KVM: arm64: Add handling of AArch32 PCMEID{2,3} PMUv3 registers
FROMGIT: KVM: arm64: Fix AArch32 PMUv3 capping
FROMGIT: KVM: arm64: Fix missing RES1 in emulation of DBGBIDR
FROMGIT: KVM: arm64: Make gen-hyprel endianness agnostic
FROMGIT: KVM: arm64: Implement the TRNG hypervisor call
FROMGIT: KVM: arm64: Mark the page dirty only if the fault is handled successfully
FROMGIT: KVM: arm64: Filter out the case of only changing permissions from stage-2 map path
FROMGIT: KVM: arm64: Adjust partial code of hyp stage-1 map and guest stage-2 map
FROMGIT: KVM: arm64: Simplify __kvm_hyp_init HVC detection
FROMGIT: KVM: arm64: Remove hyp_symbol_addr
FROMGIT: KVM: arm64: Remove patching of fn pointers in hyp
FROMGIT: KVM: arm64: Fix constant-pool users in hyp
FROMGIT: KVM: arm64: Apply hyp relocations at runtime
FROMGIT: KVM: arm64: Generate hyp relocation data
FROMGIT: KVM: arm64: Add symbol at the beginning of each hyp section
FROMGIT: KVM: arm64: Set up .hyp.rodata ELF section
FROMGIT: KVM: arm64: Rename .idmap.text in hyp linker script
FROMGIT: firmware: smccc: Add SMCCC TRNG function call IDs
BACKPORT: arm64: Work around broken GCC 4.9 handling of "S" constraint
FROMGIT: kasan: use error_report_end tracepoint
FROMGIT: kfence: use error_report_end tracepoint
FROMGIT: tracing: add error_report_end trace point
FROMGIT: kfence: show access type in report
FROMGIT: kfence: fix typo in test
FROMGIT: kfence: add test suite
FROMGIT: kfence: add missing copyright header to documentation
FROMGIT: kfence, Documentation: add KFENCE documentation
FROMGIT: kfence, kasan: make KFENCE compatible with KASAN
FROMGIT: mm, kfence: insert KFENCE hooks for SLUB
BACKPORT: mm, kfence: insert KFENCE hooks for SLAB
FROMGIT: mm/slab: rerform init_on_free earlier
FROMGIT: kfence: use pt_regs to generate stack trace on faults
FROMGIT: kfence, arm64: add missing copyright and description header
FROMGIT: arm64, kfence: enable KFENCE for ARM64
FROMGIT: kfence, x86: add missing copyright and description header
FROMGIT: x86, kfence: enable KFENCE for x86
FROMGIT: kfence: add missing copyright and description headers
FROMGIT: kfence: add option to use KFENCE without static keys
FROMGIT: kfence: fix potential deadlock due to wake_up()
FROMGIT: kfence: avoid stalling work queue task without allocations
FROMGIT: kfence: Fix parameter description for kfence_object_start()
BACKPORT: mm: add Kernel Electric-Fence infrastructure
FROMLIST: fuse: Fix crediantials leak in passthrough read_iter
UPSTREAM: userfaultfd: add user-mode only option to unprivileged_userfaultfd sysctl knob
UPSTREAM: userfaultfd: add UFFD_USER_MODE_ONLY
UPSTREAM: userfaultfd: use secure anon inodes for userfaultfd
BACKPORT: selinux: teach SELinux about anonymous inodes
UPSTREAM: fs: add LSM-supporting anon-inode interface
UPSTREAM: security: add inode_init_security_anon() LSM hook
UPSTREAM: cfg80211: Add support to calculate and report 4096-QAM HE rates
UPSTREAM: cfg80211: Add support to configure SAE PWE value to drivers
UPSTREAM: usb: dwc3: fix clock issue during resume in OTG mode
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/usb/usb-hcd.yaml
drivers/dma-buf/heaps/Kconfig
drivers/dma-buf/heaps/Makefile
Change-Id: I3726725889da6ae622c1e319388831e7f99d14c5
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>
|
||
|
Ivaylo Georgiev
|
75dc4d9433 |
Merge android12-5.10.13 (cf5b248) into msm-5.10
* refs/heads/tmp-cf5b248: BACKPORT: FROMLIST: arm64: Remove logic to kill 32-bit tasks on 64-bit-only cores FROMLIST: arm64: Hook up cmdline parameter to allow mismatched 32-bit EL0 FROMLIST: arm64: Prevent offlining first CPU with 32-bit EL0 on mismatched system FROMLIST: arm64: exec: Adjust affinity for compat tasks with mismatched 32-bit EL0 FROMLIST: arm64: Implement task_cpu_possible_mask() FROMLIST: sched: Introduce force_compatible_cpus_allowed_ptr() to limit CPU affinity FROMLIST: sched: Reject CPU affinity changes based on task_cpu_possible_mask() BACKPORT: FROMLIST: cpuset: Honour task_cpu_possible_mask() in guarantee_online_cpus() FROMLIST: cpuset: Don't use the cpu_possible_mask as a last resort for cgroup v1 FROMLIST: sched: Introduce task_cpu_possible_mask() to limit fallback rq selection FROMLIST: arm64: Advertise CPUs capable of running 32-bit applications in sysfs BACKPORT: FROMLIST: arm64: Kill 32-bit applications scheduled on 64-bit-only CPUs FROMLIST: KVM: arm64: Kill 32-bit vCPUs on systems with mismatched EL0 support BACKPORT: FROMLIST: arm64: Allow mismatched 32-bit EL0 support FROMLIST: arm64: cpuinfo: Split AArch32 registers out into a separate struct Revert "ANDROID: arm64: Add support for asymmetric AArch32 EL0 configurations" Revert "ANDROID: arm64: Handle AArch32 tasks running on non AArch32 cpu" Revert "ANDROID: arm64: Disallow offlining the last aarch32 cpu" Revert "ANDROID: arm64: kvm: Hide asym aarch32 systems from KVM" Revert "ANDROID: arm64: Enable KVM for Asym AArch32" ANDROID: gki_defconfig: Remove CONFIG_ASYMMETRIC_AARCH32=y UPSTREAM: usb: pd: Reland VDO definitions of PD2.0 ANDROID: sched: Add PELT cmdline arg ANDROID: psci: use __pa_function for cpu_resume ANDROID: arm64: kernel: use __pa_function for secondary_entry ANDROID: arm64: add vendor hooks for kernel fault cases ANDROID: sched: add vendor hooks for bad scheduling ANDROID: power: add vendor hooks for try_to_freeze fail ANDROID: softlockup: add vendor hook for a softlockup task ANDROID: Fix sparse warning in __handle_speculative_fault caused by SPF ANDROID: mm, oom: Fix select_bad_process customization ANDROID: mm: sync rss in speculative page fault path ANDROID: GKI: Update ABI XML report ANDROID: dma-buf: heaps: Add a sysfs file to report total pool size. ANDROID: GKI: enable CONFIG_USB_DUMMY_HCD ANDROID: GKI: Update ABI XML report ANDROID: GKI: defconfig: Enable DMA-BUF sysfs stats ANDROID: zram: allow zram to allocate CMA pages Linux 5.10.13 vsock: fix the race conditions in multi-transport support tcp: fix TLP timer not set when CA_STATE changes from DISORDER to OPEN tcp: make TCP_USER_TIMEOUT accurate for zero window probes team: protect features update by RCU to avoid deadlock scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit ASoC: topology: Fix memory corruption in soc_tplg_denum_create_values() ASoC: topology: Properly unregister DAI on removal ASoC: mediatek: mt8183-mt6358: ignore TDM DAI link by default ASoC: mediatek: mt8183-da7219: ignore TDM DAI link by default NFC: fix possible resource leak NFC: fix resource leak when target index is invalid rxrpc: Fix memory leak in rxrpc_lookup_local selftests: forwarding: Specify interface when invoking mausezahn nvme-multipath: Early exit if no path is available iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() iommu/amd: Use IVHD EFR for early initialization of IOMMU features of/device: Update dma_range_map only when dev has valid dma-ranges ACPI/IORT: Do not blindly trust DMA masks from firmware can: dev: prevent potential information leak in can_fill_info() net/mlx5: CT: Fix incorrect removal of tuple_nat_node from nat rhashtable net/mlx5e: Revert parameters on errors when changing MTU and LRO state without reset net/mlx5e: Revert parameters on errors when changing trust state without reset net/mlx5e: Correctly handle changing the number of queues when the interface is down net/mlx5e: Fix CT rule + encap slow path offload and deletion net/mlx5e: Disable hw-tc-offload when MLX5_CLS_ACT config is disabled net/mlx5: Maintain separate page trees for ECPF and PF functions net/mlx5e: Reduce tc unsupported key print level net/mlx5e: free page before return net/mlx5e: E-switch, Fix rate calculation for overflow net/mlx5: Fix memory leak on flow table creation error flow igc: fix link speed advertising i40e: acquire VSI pointer only after VF is initialized ice: Fix MSI-X vector fallback logic ice: Don't allow more channels than LAN MSI-X available ice: update dev_addr in ice_set_mac_address even if HW filter exists ice: Implement flow for IPv6 next header (extension header) ice: fix FDir IPv6 flexbyte mac80211: pause TX while changing interface type iwlwifi: pcie: reschedule in long-running memory reads iwlwifi: pcie: use jiffies for memory read spin time limit iwlwifi: pcie: set LTR on more devices iwlwifi: pnvm: don't try to load after failures iwlwifi: pnvm: don't skip everything when not reloading iwlwifi: pcie: avoid potential PNVM leaks ASoC: qcom: lpass: Fix out-of-bounds DAI ID lookup ASoC: SOF: Intel: soundwire: fix select/depend unmet dependencies pNFS/NFSv4: Update the layout barrier when we schedule a layoutreturn pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() powerpc/64s: prevent recursive replay_soft_interrupts causing superfluous interrupt ASoC: Intel: Skylake: skl-topology: Fix OOPs ib skl_tplg_complete spi: altera: Fix memory leak on error path ASoC: qcom: lpass-ipq806x: fix bitwidth regmap field ASoC: qcom: Fix broken support to MI2S TERTIARY and QUATERNARY ASoC: qcom: Fix incorrect volatile registers ASoC: dt-bindings: lpass: Fix and common up lpass dai ids RDMA/cxgb4: Fix the reported max_recv_sge value firmware: imx: select SOC_BUS to fix firmware build arm64: dts: imx8mp: Correct the gpio ranges of gpio3 ARM: dts: imx6qdl-sr-som: fix some cubox-i platforms ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status ARM: imx: fix imx8m dependencies arm64: dts: ls1028a: fix the offset of the reset register xfrm: Fix wraparound in xfrm_policy_addr_delta() selftests: xfrm: fix test return value override issue in xfrm_policy.sh xfrm: fix disable_xfrm sysctl when used on xfrm interfaces xfrm: Fix oops in xfrm_replay_advance_bmp Revert "block: simplify set_init_blocksize" to regain lost performance Revert "RDMA/mlx5: Fix devlink deadlock on net namespace deletion" netfilter: nft_dynset: add timeout extension to template ARM: zImage: atags_to_fdt: Fix node names on added root nodes ARM: imx: build suspend-imx6.S with arm instruction set clk: qcom: gcc-sm250: Use floor ops for sdcc clks clk: mmp2: fix build without CONFIG_PM clk: imx: fix Kconfig warning for i.MX SCU clk blk-mq: test QUEUE_FLAG_HCTX_ACTIVE for sbitmap_shared in hctx_may_queue xen-blkfront: allow discard-* nodes to be optional tee: optee: replace might_sleep with cond_resched KVM: Documentation: Fix spec for KVM_CAP_ENABLE_CAP_VM uapi: fix big endian definition of ipv6_rpl_sr_hdr drm/i915/selftest: Fix potential memory leak drm/i915: Check for all subplatform bits drm/nouveau/dispnv50: Restore pushing of all data. drm/vc4: Correct POS1_SCL for hvs5 drm/vc4: Correct lbm size and calculation drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices ARM: dts: imx6qdl-kontron-samx6i: fix pwms for lcd-backlight net/mlx5e: Fix IPSEC stats drm/i915/pmu: Don't grab wakeref when enabling events drm/i915/gt: Clear CACHE_MODE prior to clearing residuals iwlwifi: Fix IWL_SUBDEVICE_NO_160 macro to use the correct bit. mt7601u: fix rx buffer refcounting mt76: mt7663s: fix rx buffer refcounting mt7601u: fix kernel crash unplugging the device arm64: dts: broadcom: Fix USB DMA address translation for Stingray leds: trigger: fix potential deadlock with libata xen: Fix XenStore initialisation for XS_LOCAL io_uring: fix wqe->lock/completion_lock deadlock KVM: Forbid the use of tagged userspace addresses for memslots KVM: x86: get smi pending status correctly KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration KVM: x86: allow KVM_REQ_GET_NESTED_STATE_PAGES outside guest mode for VMX KVM: nSVM: cancel KVM_REQ_GET_NESTED_STATE_PAGES on nested vmexit KVM: arm64: Filter out v8.1+ events on v8.0 HW KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] btrfs: fix possible free space tree corruption with online conversion btrfs: fix lockdep warning due to seqcount_mutex on 32bit arch drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs crypto: marvel/cesa - Fix tdma descriptor on 64-bit efi/apple-properties: Reinstate support for boolean properties x86/entry: Emit a symbol for register restoring thunk PM: hibernate: flush swap writer after marking s390/vfio-ap: No need to disable IRQ after queue reset s390: uv: Fix sysfs max number of VCPUs reporting net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family bcache: only check feature sets when sb->version >= BCACHE_SB_VERSION_CDEV_WITH_FEATURES drivers/nouveau/kms/nv50-: Reject format modifiers for cursor planes drm/i915/gt: Always try to reserve GGTT address 0x0 drm/i915: Always flush the active worker before returning from the wait drm/nouveau/kms/gk104-gp1xx: Fix > 64x64 cursors Revert "drm/amdgpu/swsmu: drop set_fan_speed_percent (v2)" ASoC: AMD Renoir - refine DMI entries for some Lenovo products x86/xen: avoid warning in Xen pv guest with CONFIG_AMD_MEM_ENCRYPT enabled wext: fix NULL-ptr-dereference with cfg80211's lack of commit() ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming ARM: dts: ux500: Reserve memory carveouts ARM: dts: tbs2910: rename MMC node aliases media: rc: ensure that uevent can be read directly after rc device register media: rc: ite-cir: fix min_timeout calculation media: rc: fix timeout handling after switch to microsecond durations media: hantro: Fix reset_raw_fmt initialization media: cedrus: Fix H264 decoding media: cec: add stm32 driver parisc: Enable -mlong-calls gcc option by default when !CONFIG_MODULES ALSA: hda/via: Apply the workaround generically for Clevo machines ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256 kernel: kexec: remove the lock operation of system_transition_mutex ACPI: thermal: Do not call acpi_thermal_check() directly ACPI: sysfs: Prefer "compatible" modalias tty: avoid using vfs_iocb_iter_write() for redirected console writes nbd: freeze the queue while we're adding connections iwlwifi: provide gso_type to GSO packets ANDROID: Add filp_open_block() for zram UPSTREAM: usb: pd: Update VDO definitions UPSTREAM: xhci: fix bounce buffer usage for non-sg list case UPSTREAM: usb: host: xhci: mvebu: make USB 3.0 PHY optional for Armada 3720 UPSTREAM: usb: xhci-mtk: break loop when find the endpoint to drop UPSTREAM: usb: typec: Return void in typec_partner_set_pd_revision ANDROID: GKI: Update ABI with virtual_device symbols ANDROID: make per-cgroup PSI tracking configurable BACKPORT: FROMLIST: dmabuf: Add the capability to expose DMA-BUF stats in sysfs UPSTREAM: usb: typec: tcpci_maxim: Enable data path when partner is USB Comm capable UPSTREAM: usb: typec: tcpci: Add Callback to Usb Communication capable partner UPSTREAM: usb: typec: tcpm: Add Callback to Usb Communication capable partner UPSTREAM: usb: typec: tcpm: Set in_ams flag when Source caps have been received UPSTREAM: usb: typec: tcpm: Handle vbus shutoff when in source mode ANDROID: GKI: Update virtual_device symbol list ANDROID: timer: Add vendor hook for timer calc index ANDROID: Make vsock virtio packet buff size configurable ANDROID: ipi: Add function to return nr_ipi and ipi_desc UPSTREAM: usb: typec: Add typec_partner_set_pd_revision UPSTREAM: usb: typec: Provide PD Specification Revision for cable and partner UPSTREAM: usb: typec: Standardize PD Revision format with Type-C Revision UPSTREAM: usb: xhci-mtk: skip dropping bandwidth of unchecked endpoints UPSTREAM: modpost: turn static exports into error Revert "FROMLIST: modpost: Make static exports fatal" UPSTREAM: modpost: turn section mismatches to error from fatal() UPSTREAM: modpost: change license incompatibility to error() from fatal() UPSTREAM: modpost: turn missing MODULE_LICENSE() into error UPSTREAM: modpost: refactor error handling and clarify error/fatal difference UPSTREAM: modpost: rename merror() to error() Revert "ANDROID: GKI: bring WPAN into GKI" ANDROID: GKI: update .xml file ANDROID: GKI: bring WPAN into GKI ANDROID: db845c_gki.fragment: Drop CONFIG_USB_XHCI_HCD Revert "ANDROID: Update db845c KMI symbol list for DWC3 changes" Revert "Revert "ANDROID: GKI: Enable CONFIG_USB_XHCI_HCD"" Revert "Revert "ANDROID: db845c_gki.fragment: Drop CONFIG_USB_DWC3 from config frament"" Revert "Revert "ANDROID: GKI: enable CONFIG_USB_DWC3 to be build in"" Conflicts: arch/arm64/Kconfig init/Kconfig Change-Id: I931bd41521892079722e6b8211d4864a685d3cb8 Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
a6310f1034 |
Merge 5.10.16 into android12-5.10
Changes in 5.10.16
io_uring: simplify io_task_match()
io_uring: add a {task,files} pair matching helper
io_uring: don't iterate io_uring_cancel_files()
io_uring: pass files into kill timeouts/poll
io_uring: always batch cancel in *cancel_files()
io_uring: fix files cancellation
io_uring: account io_uring internal files as REQ_F_INFLIGHT
io_uring: if we see flush on exit, cancel related tasks
io_uring: fix __io_uring_files_cancel() with TASK_UNINTERRUPTIBLE
io_uring: replace inflight_wait with tctx->wait
io_uring: fix cancellation taking mutex while TASK_UNINTERRUPTIBLE
io_uring: fix flush cqring overflow list while TASK_INTERRUPTIBLE
io_uring: fix list corruption for splice file_get
io_uring: fix sqo ownership false positive warning
io_uring: reinforce cancel on flush during exit
io_uring: drop mm/files between task_work_submit
gpiolib: cdev: clear debounce period if line set to output
powerpc/64/signal: Fix regression in __kernel_sigtramp_rt64() semantics
af_key: relax availability checks for skb size calculation
regulator: core: avoid regulator_resolve_supply() race condition
ASoC: wm_adsp: Fix control name parsing for multi-fw
drm/nouveau/nvif: fix method count when pushing an array
mac80211: 160MHz with extended NSS BW in CSA
ASoC: Intel: Skylake: Zero snd_ctl_elem_value
chtls: Fix potential resource leak
pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process()
pNFS/NFSv4: Improve rejection of out-of-order layouts
ALSA: hda: intel-dsp-config: add PCI id for TGL-H
ASoC: ak4458: correct reset polarity
ASoC: Intel: sof_sdw: set proper flags for Dell TGL-H SKU 0A5E
iwlwifi: mvm: skip power command when unbinding vif during CSA
iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time()
iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap
iwlwifi: pcie: fix context info memory leak
iwlwifi: mvm: invalidate IDs of internal stations at mvm start
iwlwifi: pcie: add rules to match Qu with Hr2
iwlwifi: mvm: guard against device removal in reprobe
iwlwifi: queue: bail out on invalid freeing
SUNRPC: Move simple_get_bytes and simple_get_netobj into private header
SUNRPC: Handle 0 length opaque XDR object data properly
i2c: mediatek: Move suspend and resume handling to NOIRQ phase
blk-cgroup: Use cond_resched() when destroy blkgs
regulator: Fix lockdep warning resolving supplies
bpf: Fix verifier jmp32 pruning decision logic
bpf: Fix 32 bit src register truncation on div/mod
bpf: Fix verifier jsgt branch analysis on max bound
drm/i915: Fix ICL MG PHY vswing handling
drm/i915: Skip vswing programming for TBT
nilfs2: make splice write available again
Revert "mm: memcontrol: avoid workload stalls when lowering memory.high"
squashfs: avoid out of bounds writes in decompressors
squashfs: add more sanity checks in id lookup
squashfs: add more sanity checks in inode lookup
squashfs: add more sanity checks in xattr id lookup
Linux 5.10.16
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie3d667eb0c90288b118c756a33c70c8ceb097405
|
||
|
Phillip Lougher
|
bddcce15cd |
squashfs: add more sanity checks in xattr id lookup
commit 506220d2ba21791314af569211ffd8870b8208fa upstream. Sysbot has reported a warning where a kmalloc() attempt exceeds the maximum limit. This has been identified as corruption of the xattr_ids count when reading the xattr id lookup table. This patch adds a number of additional sanity checks to detect this corruption and others. 1. It checks for a corrupted xattr index read from the inode. This could be because the metadata block is uncompressed, or because the "compression" bit has been corrupted (turning a compressed block into an uncompressed block). This would cause an out of bounds read. 2. It checks against corruption of the xattr_ids count. This can either lead to the above kmalloc failure, or a smaller than expected table to be read. 3. It checks the contents of the index table for corruption. [phillip@squashfs.org.uk: fix checkpatch issue] Link: https://lkml.kernel.org/r/270245655.754655.1612770082682@webmail.123-reg.co.uk Link: https://lkml.kernel.org/r/20210204130249.4495-5-phillip@squashfs.org.uk Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> Reported-by: syzbot+2ccea6339d368360800d@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Phillip Lougher
|
5e22b39b37 |
squashfs: add more sanity checks in inode lookup
commit eabac19e40c095543def79cb6ffeb3a8588aaff4 upstream. Sysbot has reported an "slab-out-of-bounds read" error which has been identified as being caused by a corrupted "ino_num" value read from the inode. This could be because the metadata block is uncompressed, or because the "compression" bit has been corrupted (turning a compressed block into an uncompressed block). This patch adds additional sanity checks to detect this, and the following corruption. 1. It checks against corruption of the inodes count. This can either lead to a larger table to be read, or a smaller than expected table to be read. In the case of a too large inodes count, this would often have been trapped by the existing sanity checks, but this patch introduces a more exact check, which can identify too small values. 2. It checks the contents of the index table for corruption. [phillip@squashfs.org.uk: fix checkpatch issue] Link: https://lkml.kernel.org/r/527909353.754618.1612769948607@webmail.123-reg.co.uk Link: https://lkml.kernel.org/r/20210204130249.4495-4-phillip@squashfs.org.uk Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> Reported-by: syzbot+04419e3ff19d2970ea28@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Phillip Lougher
|
6634147f51 |
squashfs: add more sanity checks in id lookup
commit f37aa4c7366e23f91b81d00bafd6a7ab54e4a381 upstream. Sysbot has reported a number of "slab-out-of-bounds reads" and "use-after-free read" errors which has been identified as being caused by a corrupted index value read from the inode. This could be because the metadata block is uncompressed, or because the "compression" bit has been corrupted (turning a compressed block into an uncompressed block). This patch adds additional sanity checks to detect this, and the following corruption. 1. It checks against corruption of the ids count. This can either lead to a larger table to be read, or a smaller than expected table to be read. In the case of a too large ids count, this would often have been trapped by the existing sanity checks, but this patch introduces a more exact check, which can identify too small values. 2. It checks the contents of the index table for corruption. Link: https://lkml.kernel.org/r/20210204130249.4495-3-phillip@squashfs.org.uk Signed-off-by: Phillip Lougher <phillip@squashfs.org.uk> Reported-by: syzbot+b06d57ba83f604522af2@syzkaller.appspotmail.com Reported-by: syzbot+c021ba012da41ee9807c@syzkaller.appspotmail.com Reported-by: syzbot+5024636e8b5fd19f0f19@syzkaller.appspotmail.com Reported-by: syzbot+bcbc661df46657d0fa4f@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Phillip Lougher
|
ff3a75bda7 |
squashfs: avoid out of bounds writes in decompressors
commit e812cbbbbbb15adbbbee176baa1e8bda53059bf0 upstream.
Patch series "Squashfs: fix BIO migration regression and add sanity checks".
Patch [1/4] fixes a regression introduced by the "migrate from
ll_rw_block usage to BIO" patch, which has produced a number of
Sysbot/Syzkaller reports.
Patches [2/4], [3/4], and [4/4] fix a number of filesystem corruption
issues which have produced Sysbot reports in the id, inode and xattr
lookup code.
Each patch has been tested against the Sysbot reproducers using the
given kernel configuration. They have the appropriate "Reported-by:"
lines added.
Additionally, all of the reproducer filesystems are indirectly fixed by
patch [4/4] due to the fact they all have xattr corruption which is now
detected there.
Additional testing with other configurations and architectures (32bit,
big endian), and normal filesystems has also been done to trap any
inadvertent regressions caused by the additional sanity checks.
This patch (of 4):
This is a regression introduced by the patch "migrate from ll_rw_block
usage to BIO".
Sysbot/Syskaller has reported a number of "out of bounds writes" and
"unable to handle kernel paging request in squashfs_decompress" errors
which have been identified as a regression introduced by the above
patch.
Specifically, the patch removed the following sanity check
if (length < 0 || length > output->length ||
(index + length) > msblk->bytes_used)
This check did two things:
1. It ensured any reads were not beyond the end of the filesystem
2. It ensured that the "length" field read from the filesystem
was within the expected maximum length. Without this any
corrupted values can over-run allocated buffers.
Link: https://lkml.kernel.org/r/20210204130249.4495-1-phillip@squashfs.org.uk
Link: https://lkml.kernel.org/r/20210204130249.4495-2-phillip@squashfs.org.uk
Fixes:
|
||
|
Joachim Henke
|
237ee28818 |
nilfs2: make splice write available again
commit a35d8f016e0b68634035217d06d1c53863456b50 upstream.
Since 5.10, splice() or sendfile() to NILFS2 return EINVAL. This was
caused by commit
|
||
|
Trond Myklebust
|
ff557bf971 |
pNFS/NFSv4: Improve rejection of out-of-order layouts
[ Upstream commit d29b468da4f940bd2bff2628ba8d2d652671d244 ] If a layoutget ends up being reordered w.r.t. a layoutreturn, e.g. due to a layoutget-on-open not knowing a priori which file to lock, then we must assume the layout is no longer being considered valid state by the server. Incrementally improve our ability to reject such states by using the cached old stateid in conjunction with the plh_barrier to try to identify them. Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Trond Myklebust
|
386b142945 |
pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process()
[ Upstream commit 08bd8dbe88825760e953759d7ec212903a026c75 ] If the server returns a new stateid that does not match the one in our cache, then try to return the one we hold instead of just invalidating it on the client side. This ensures that both client and server will agree that the stateid is invalid. Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Pavel Begunkov
|
5592eae784 |
io_uring: drop mm/files between task_work_submit
[ Upstream commit aec18a57edad562d620f7d19016de1fc0cc2208c ] Since SQPOLL task can be shared and so task_work entries can be a mix of them, we need to drop mm and files before trying to issue next request. Cc: stable@vger.kernel.org # 5.10+ Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Pavel Begunkov
|
88dbd085a5 |
io_uring: reinforce cancel on flush during exit
[ Upstream commit 3a7efd1ad269ccaf9c1423364d97c9661ba6dafa ]
What 84965ff8a84f0 ("io_uring: if we see flush on exit, cancel related tasks")
really wants is to cancel all relevant REQ_F_INFLIGHT requests reliably.
That can be achieved by io_uring_cancel_files(), but we'll miss it
calling io_uring_cancel_task_requests(files=NULL) from io_uring_flush(),
because it will go through __io_uring_cancel_task_requests().
Just always call io_uring_cancel_files() during cancel, it's good enough
for now.
Cc: stable@vger.kernel.org # 5.9+
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Pavel Begunkov
|
aa435155d3 |
io_uring: fix sqo ownership false positive warning
[ Upstream commit 70b2c60d3797bffe182dddb9bb55975b9be5889a ]
WARNING: CPU: 0 PID: 21359 at fs/io_uring.c:9042
io_uring_cancel_task_requests+0xe55/0x10c0 fs/io_uring.c:9042
Call Trace:
io_uring_flush+0x47b/0x6e0 fs/io_uring.c:9227
filp_close+0xb4/0x170 fs/open.c:1295
close_files fs/file.c:403 [inline]
put_files_struct fs/file.c:418 [inline]
put_files_struct+0x1cc/0x350 fs/file.c:415
exit_files+0x7e/0xa0 fs/file.c:435
do_exit+0xc22/0x2ae0 kernel/exit.c:820
do_group_exit+0x125/0x310 kernel/exit.c:922
get_signal+0x427/0x20f0 kernel/signal.c:2773
arch_do_signal_or_restart+0x2a8/0x1eb0 arch/x86/kernel/signal.c:811
handle_signal_work kernel/entry/common.c:147 [inline]
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
exit_to_user_mode_prepare+0x148/0x250 kernel/entry/common.c:201
__syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:302
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Now io_uring_cancel_task_requests() can be called not through file
notes but directly, remove a WARN_ONCE() there that give us false
positives. That check is not very important and we catch it in other
places.
Fixes: 84965ff8a84f0 ("io_uring: if we see flush on exit, cancel related tasks")
Cc: stable@vger.kernel.org # 5.9+
Reported-by: syzbot+3e3d9bd0c6ce9efbc3ef@syzkaller.appspotmail.com
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Pavel Begunkov
|
8c7febfc91 |
io_uring: fix list corruption for splice file_get
[ Upstream commit f609cbb8911e40e15f9055e8f945f926ac906924 ]
kernel BUG at lib/list_debug.c:29!
Call Trace:
__list_add include/linux/list.h:67 [inline]
list_add include/linux/list.h:86 [inline]
io_file_get+0x8cc/0xdb0 fs/io_uring.c:6466
__io_splice_prep+0x1bc/0x530 fs/io_uring.c:3866
io_splice_prep fs/io_uring.c:3920 [inline]
io_req_prep+0x3546/0x4e80 fs/io_uring.c:6081
io_queue_sqe+0x609/0x10d0 fs/io_uring.c:6628
io_submit_sqe fs/io_uring.c:6705 [inline]
io_submit_sqes+0x1495/0x2720 fs/io_uring.c:6953
__do_sys_io_uring_enter+0x107d/0x1f30 fs/io_uring.c:9353
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
io_file_get() may be called from splice, and so REQ_F_INFLIGHT may
already be set.
Fixes: 02a13674fa0e8 ("io_uring: account io_uring internal files as REQ_F_INFLIGHT")
Cc: stable@vger.kernel.org # 5.9+
Reported-by: syzbot+6879187cf57845801267@syzkaller.appspotmail.com
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Hao Xu
|
7250f333ce |
io_uring: fix flush cqring overflow list while TASK_INTERRUPTIBLE
[ Upstream commit 6195ba09822c87cad09189bbf550d0fbe714687a ] Abaci reported the follow warning: [ 27.073425] do not call blocking ops when !TASK_RUNNING; state=1 set at [] prepare_to_wait_exclusive+0x3a/0xc0 [ 27.075805] WARNING: CPU: 0 PID: 951 at kernel/sched/core.c:7853 __might_sleep+0x80/0xa0 [ 27.077604] Modules linked in: [ 27.078379] CPU: 0 PID: 951 Comm: a.out Not tainted 5.11.0-rc3+ #1 [ 27.079637] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [ 27.080852] RIP: 0010:__might_sleep+0x80/0xa0 [ 27.081835] Code: 65 48 8b 04 25 80 71 01 00 48 8b 90 c0 15 00 00 48 8b 70 18 48 c7 c7 08 39 95 82 c6 05 f9 5f de 08 01 48 89 d1 e8 00 c6 fa ff 0b eb bf 41 0f b6 f5 48 c7 c7 40 23 c9 82 e8 f3 48 ec 00 eb a7 [ 27.084521] RSP: 0018:ffffc90000fe3ce8 EFLAGS: 00010286 [ 27.085350] RAX: 0000000000000000 RBX: ffffffff82956083 RCX: 0000000000000000 [ 27.086348] RDX: ffff8881057a0000 RSI: ffffffff8118cc9e RDI: ffff88813bc28570 [ 27.087598] RBP: 00000000000003a7 R08: 0000000000000001 R09: 0000000000000001 [ 27.088819] R10: ffffc90000fe3e00 R11: 00000000fffef9f0 R12: 0000000000000000 [ 27.089819] R13: 0000000000000000 R14: ffff88810576eb80 R15: ffff88810576e800 [ 27.091058] FS: 00007f7b144cf740(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 [ 27.092775] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.093796] CR2: 00000000022da7b8 CR3: 000000010b928002 CR4: 00000000003706f0 [ 27.094778] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.095780] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.097011] Call Trace: [ 27.097685] __mutex_lock+0x5d/0xa30 [ 27.098565] ? prepare_to_wait_exclusive+0x71/0xc0 [ 27.099412] ? io_cqring_overflow_flush.part.101+0x6d/0x70 [ 27.100441] ? lockdep_hardirqs_on_prepare+0xe9/0x1c0 [ 27.101537] ? _raw_spin_unlock_irqrestore+0x2d/0x40 [ 27.102656] ? trace_hardirqs_on+0x46/0x110 [ 27.103459] ? io_cqring_overflow_flush.part.101+0x6d/0x70 [ 27.104317] io_cqring_overflow_flush.part.101+0x6d/0x70 [ 27.105113] io_cqring_wait+0x36e/0x4d0 [ 27.105770] ? find_held_lock+0x28/0xb0 [ 27.106370] ? io_uring_remove_task_files+0xa0/0xa0 [ 27.107076] __x64_sys_io_uring_enter+0x4fb/0x640 [ 27.107801] ? rcu_read_lock_sched_held+0x59/0xa0 [ 27.108562] ? lockdep_hardirqs_on_prepare+0xe9/0x1c0 [ 27.109684] ? syscall_enter_from_user_mode+0x26/0x70 [ 27.110731] do_syscall_64+0x2d/0x40 [ 27.111296] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 27.112056] RIP: 0033:0x7f7b13dc8239 [ 27.112663] Code: 01 00 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 3d 01 f0 ff ff 73 01 c3 48 8b 0d 27 ec 2c 00 f7 d8 64 89 01 48 [ 27.115113] RSP: 002b:00007ffd6d7f5c88 EFLAGS: 00000286 ORIG_RAX: 00000000000001aa [ 27.116562] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7b13dc8239 [ 27.117961] RDX: 000000000000478e RSI: 0000000000000000 RDI: 0000000000000003 [ 27.118925] RBP: 00007ffd6d7f5cb0 R08: 0000000020000040 R09: 0000000000000008 [ 27.119773] R10: 0000000000000001 R11: 0000000000000286 R12: 0000000000400480 [ 27.120614] R13: 00007ffd6d7f5d90 R14: 0000000000000000 R15: 0000000000000000 [ 27.121490] irq event stamp: 5635 [ 27.121946] hardirqs last enabled at (5643): [] console_unlock+0x5c4/0x740 [ 27.123476] hardirqs last disabled at (5652): [] console_unlock+0x4e7/0x740 [ 27.125192] softirqs last enabled at (5272): [] __do_softirq+0x3c5/0x5aa [ 27.126430] softirqs last disabled at (5267): [] asm_call_irq_on_stack+0xf/0x20 [ 27.127634] ---[ end trace 289d7e28fa60f928 ]--- This is caused by calling io_cqring_overflow_flush() which may sleep after calling prepare_to_wait_exclusive() which set task state to TASK_INTERRUPTIBLE Reported-by: Abaci <abaci@linux.alibaba.com> Fixes: 6c503150ae33 ("io_uring: patch up IOPOLL overflow_flush sync") Reviewed-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Hao Xu <haoxu@linux.alibaba.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Pavel Begunkov
|
d300d03a93 |
io_uring: fix cancellation taking mutex while TASK_UNINTERRUPTIBLE
[ Upstream commit ca70f00bed6cb255b7a9b91aa18a2717c9217f70 ] do not call blocking ops when !TASK_RUNNING; state=2 set at [<00000000ced9dbfc>] prepare_to_wait+0x1f4/0x3b0 kernel/sched/wait.c:262 WARNING: CPU: 1 PID: 19888 at kernel/sched/core.c:7853 __might_sleep+0xed/0x100 kernel/sched/core.c:7848 RIP: 0010:__might_sleep+0xed/0x100 kernel/sched/core.c:7848 Call Trace: __mutex_lock_common+0xc4/0x2ef0 kernel/locking/mutex.c:935 __mutex_lock kernel/locking/mutex.c:1103 [inline] mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:1118 io_wq_submit_work+0x39a/0x720 fs/io_uring.c:6411 io_run_cancel fs/io-wq.c:856 [inline] io_wqe_cancel_pending_work fs/io-wq.c:990 [inline] io_wq_cancel_cb+0x614/0xcb0 fs/io-wq.c:1027 io_uring_cancel_files fs/io_uring.c:8874 [inline] io_uring_cancel_task_requests fs/io_uring.c:8952 [inline] __io_uring_files_cancel+0x115d/0x19e0 fs/io_uring.c:9038 io_uring_files_cancel include/linux/io_uring.h:51 [inline] do_exit+0x2e6/0x2490 kernel/exit.c:780 do_group_exit+0x168/0x2d0 kernel/exit.c:922 get_signal+0x16b5/0x2030 kernel/signal.c:2770 arch_do_signal_or_restart+0x8e/0x6a0 arch/x86/kernel/signal.c:811 handle_signal_work kernel/entry/common.c:147 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0xac/0x1e0 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x48/0x190 kernel/entry/common.c:302 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Rewrite io_uring_cancel_files() to mimic __io_uring_task_cancel()'s counting scheme, so it does all the heavy work before setting TASK_UNINTERRUPTIBLE. Cc: stable@vger.kernel.org # 5.9+ Reported-by: syzbot+f655445043a26a7cfab8@syzkaller.appspotmail.com Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> [axboe: fix inverted task check] Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Pavel Begunkov
|
52382df81d |
io_uring: replace inflight_wait with tctx->wait
[ Upstream commit c98de08c990e190fc7cc3aaf8079b4a0674c6425 ]
As tasks now cancel only theirs requests, and inflight_wait is awaited
only in io_uring_cancel_files(), which should be called with ->in_idle
set, instead of keeping a separate inflight_wait use tctx->wait.
That will add some spurious wakeups but actually is safer from point of
not hanging the task.
e.g.
task1 | IRQ
| *start* io_complete_rw_common(link)
| link: req1 -> req2 -> req3(with files)
*cancel_files() |
io_wq_cancel(), etc. |
| put_req(link), adds to io-wq req2
schedule() |
So, task1 will never try to cancel req2 or req3. If req2 is
long-standing (e.g. read(empty_pipe)), this may hang.
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Pavel Begunkov
|
b462a7beab |
io_uring: fix __io_uring_files_cancel() with TASK_UNINTERRUPTIBLE
[ Upstream commit a1bb3cd58913338e1b627ea6b8c03c2ae82d293f ] If the tctx inflight number haven't changed because of cancellation, __io_uring_task_cancel() will continue leaving the task in TASK_UNINTERRUPTIBLE state, that's not expected by __io_uring_files_cancel(). Ensure we always call finish_wait() before retrying. Cc: stable@vger.kernel.org # 5.9+ Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jens Axboe
|
f0ff1a95bf |
io_uring: if we see flush on exit, cancel related tasks
[ Upstream commit 84965ff8a84f0368b154c9b367b62e59c1193f30 ] Ensure we match tasks that belong to a dead or dying task as well, as we need to reap those in addition to those belonging to the exiting task. Cc: stable@vger.kernel.org # 5.9+ Reported-by: Josef Grieb <josef.grieb@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jens Axboe
|
d16692a34e |
io_uring: account io_uring internal files as REQ_F_INFLIGHT
[ Upstream commit 02a13674fa0e8dd326de8b9f4514b41b03d99003 ] We need to actively cancel anything that introduces a potential circular loop, where io_uring holds a reference to itself. If the file in question is an io_uring file, then add the request to the inflight list. Cc: stable@vger.kernel.org # 5.9+ Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Pavel Begunkov
|
1e7eb063a0 |
io_uring: fix files cancellation
[ Upstream commit bee749b187ac57d1faf00b2ab356ff322230fce8 ]
io_uring_cancel_files()'s task check condition mistakenly got flipped.
1. There can't be a request in the inflight list without
IO_WQ_WORK_FILES, kill this check to keep the whole condition simpler.
2. Also, don't call the function for files==NULL to not do such a check,
all that staff is already handled well by its counter part,
__io_uring_cancel_task_requests().
With that just flip the task check.
Also, it iowq-cancels all request of current task there, don't forget to
set right ->files into struct io_task_cancel.
Fixes: c1973b38bf639 ("io_uring: cancel only requests of current task")
Reported-by: syzbot+c0d52d0b3c0c3ffb9525@syzkaller.appspotmail.com
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Pavel Begunkov
|
dbdcde4422 |
io_uring: always batch cancel in *cancel_files()
[ Upstream commit f6edbabb8359798c541b0776616c5eab3a840d3d ] Instead of iterating over each request and cancelling it individually in io_uring_cancel_files(), try to cancel all matching requests and use ->inflight_list only to check if there anything left. In many cases it should be faster, and we can reuse a lot of code from task cancellation. Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Pavel Begunkov
|
f8fbdbb607 |
io_uring: pass files into kill timeouts/poll
[ Upstream commit 6b81928d4ca8668513251f9c04cdcb9d38ef51c7 ] Make io_poll_remove_all() and io_kill_timeouts() to match against files as well. A preparation patch, effectively not used by now. Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Pavel Begunkov
|
49250f33bb |
io_uring: don't iterate io_uring_cancel_files()
[ Upstream commit b52fda00dd9df8b4a6de5784df94f9617f6133a1 ] io_uring_cancel_files() guarantees to cancel all matching requests, that's not necessary to do that in a loop. Move it up in the callchain into io_uring_cancel_task_requests(). Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Pavel Begunkov
|
f6d93f8555 |
io_uring: add a {task,files} pair matching helper
[ Upstream commit 08d23634643c239ddae706758f54d3a8e0c24962 ] Add io_match_task() that matches both task and files. Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Pavel Begunkov
|
fe9334186a |
io_uring: simplify io_task_match()
[ Upstream commit 06de5f5973c641c7ae033f133ecfaaf64fe633a6 ] If IORING_SETUP_SQPOLL is set all requests belong to the corresponding SQPOLL task, so skip task checking in that case and always match. Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Kirill A. Shutemov
|
0aa300a252 |
BACKPORT: FROMGIT: mm: Cleanup faultaround and finish_fault() codepaths
alloc_set_pte() has two users with different requirements: in the faultaround code, it called from an atomic context and PTE page table has to be preallocated. finish_fault() can sleep and allocate page table as needed. PTL locking rules are also strange, hard to follow and overkill for finish_fault(). Let's untangle the mess. alloc_set_pte() has gone now. All locking is explicit. The price is some code duplication to handle huge pages in faultaround path, but it should be fine, having overall improvement in readability. Link: https://lore.kernel.org/r/20201229132819.najtavneutnf7ajp@box Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> [will: s/from from/from/ in comment; spotted by willy] Signed-off-by: Will Deacon <will@kernel.org> Change-Id: I2746b62adfe63e4f1b62e806df06b1b7a17574ad Bug: 171278850 (cherry picked from commit f9ce0be71d1fbb038ada15ced83474b0e63f264d https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/log/?h=for-next/faultaround) [vinmenon: changes for speculative page fault] Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> |
||
|
Ivaylo Georgiev
|
72ff3c4e94 |
Merge android12-5.10.12 (39564d7) into msm-5.10
* refs/heads/tmp-39564d7:
Linux 5.10.12
printk: fix string termination for record_print_text()
printk: fix buffer overflow potential for print_text()
tools: Factor HOSTCC, HOSTLD, HOSTAR definitions
mm: fix a race on nr_swap_pages
mm/page_alloc: add a missing mm_page_alloc_zone_locked() tracepoint
objtool: Don't fail on missing symbol table
io_uring: fix sleeping under spin in __io_clean_op
io_uring: dont kill fasync under completion_lock
io_uring: fix skipping disabling sqo on exec
io_uring: fix uring_flush in exit_files() warning
io_uring: fix false positive sqo warning on flush
io_uring: do sqo disable on install_fd error
io_uring: fix null-deref in io_disable_sqo_submit
io_uring: stop SQPOLL submit on creator's death
io_uring: add warn_once for io_uring_flush()
io_uring: inline io_uring_attempt_task_drop()
kernel/io_uring: cancel io_uring before task works
iwlwifi: dbg: Don't touch the tlv data
RDMA/vmw_pvrdma: Fix network_hdr_type reported in WC
media: v4l2-subdev.h: BIT() is not available in userspace
media: Revert "media: videobuf2: Fix length check for single plane dmabuf queueing"
HID: multitouch: Apply MT_QUIRK_CONFIDENCE quirk for multi-input devices
HID: wacom: Correct NULL dereference on AES pen proximity
futex: Handle faults correctly for PI futexes
futex: Simplify fixup_pi_state_owner()
futex: Use pi_state_update_owner() in put_pi_state()
rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
futex: Provide and use pi_state_update_owner()
futex: Replace pointless printk in fixup_owner()
futex: Ensure the correct return value from futex_lock_pi()
Revert "mm/slub: fix a memory leak in sysfs_slab_add()"
gpio: mvebu: fix pwm .get_state period calculation
FROMLIST: fuse: Allocate unlikely used ioctl number for passthrough V1
UPSTREAM: xhci: handle halting transfer event properly after endpoint stop and halt raced.
UPSTREAM: xhci: Check for pending reset endpoint command before queueing a new one.
UPSTREAM: xhci: remove obsolete dequeue pointer moving code
UPSTREAM: xhci: introduce a new move_dequeue_past_td() function to replace old code.
UPSTREAM: xhci: handle stop endpoint command completion with endpoint in running state.
UPSTREAM: xhci: Fix halted endpoint at stop endpoint command completion
UPSTREAM: xhci: split handling halted endpoints into two steps
UPSTREAM: xhci: move and rename xhci_cleanup_halted_endpoint()
UPSTREAM: xhci: turn cancelled td cleanup to its own function
UPSTREAM: xhci: store TD status in the td struct instead of passing it along
UPSTREAM: xhci: use xhci_td_cleanup() helper when giving back cancelled URBs
UPSTREAM: xhci: move xhci_td_cleanup so it can be called by more functions
UPSTREAM: xhci: Add xhci_reset_halted_ep() helper function
ANDROID: x86: GKI: Enable CFI
UPSTREAM: kasan: fix incorrect arguments passing in kasan_add_zero_shadow
UPSTREAM: kasan: fix unaligned address is unhandled in kasan_remove_zero_shadow
UPSTREAM: kasan, mm: fix resetting page_alloc tags for HW_TAGS
UPSTREAM: kasan, mm: fix conflicts with init_on_alloc/free
UPSTREAM: kasan: fix HW_TAGS boot parameters
UPSTREAM: kasan, arm64: fix pointer tags in KASAN reports
UPSTREAM: arm64: mte: remove an ISB on kernel exit
UPSTREAM: mm/mremap.c: fix extent calculation
UPSTREAM: x86: mremap speedup - Enable HAVE_MOVE_PUD
UPSTREAM: arm64: mremap speedup - enable HAVE_MOVE_PUD
UPSTREAM: mm: speedup mremap on 1GB or larger regions
ANDROID: x86: GKI: Enable LTO
UPSTREAM: xhci: flush endpoint start to reduce race risk with stop endpoint command.
UPSTREAM: xhci: Check link TRBs when updating ring enqueue and dequeue pointers.
UPSTREAM: xhci: avoid DMA double fetch when reading event trb type.
UPSTREAM: xhci: remove extra loop in interrupt context
UPSTREAM: xhci: check slot_id is valid before gathering slot info
UPSTREAM: xhci: prevent a theoretical endless loop while preparing rings.
UPSTREAM: xhci: remove xhci_stream_id_to_ring() helper
UPSTREAM: xhci: add xhci_virt_ep_to_ring() helper
UPSTREAM: xhci: check virt_dev is valid before dereferencing it
UPSTREAM: xhci: add xhci_get_virt_ep() helper
UPSTREAM: xhci: remove unused event parameter from completion handlers
UPSTREAM: xhci: adjust parameters passed to cleanup_halted_endpoint()
UPSTREAM: xhci: get isochronous ring directly from endpoint structure
UPSTREAM: xhci: Avoid parsing transfer events several times
ANDROID: sched/core: prevent timers on paused cpus
UPSTREAM: arm64: lto: Strengthen READ_ONCE() to acquire when CONFIG_LTO=y
UPSTREAM: arm64: alternatives: Remove READ_ONCE() usage during patch operation
BACKPORT: arm64: cpufeatures: Add capability for LDAPR instruction
UPSTREAM: arm64: alternatives: Split up alternative.h
UPSTREAM: arm64: uaccess: move uao_* alternatives to asm-uaccess.h
ANDROID: x86: Add objtool to MAKE_GOALS
FROMLIST: kbuild: improve libelf detection
BACKPORT: tools: Factor HOSTCC, HOSTLD, HOSTAR definitions
ANDROID: virtio: disable virtio_dma_buf callback checks with CFI
FROMLIST: scsi: ufs: Fix deadlock while suspending ufs host
FROMLIST: block: bsg: resume platform device before accessing
FROMGIT: f2fs: flush data when enabling checkpoint back
FROMGIT: KVM: arm64: Don't clobber x4 in __do_hyp_init
FROMGIT: KVM: Forbid the use of tagged userspace addresses for memslots
FROMGIT: KVM: arm64: Filter out v8.1+ events on v8.0 HW
FROMGIT: KVM: arm64: Compute TPIDR_EL2 ignoring MTE tag
FROMGIT: KVM: arm64: Use the reg_to_encoding() macro instead of sys_reg()
FROMGIT: KVM: arm64: Allow PSCI SYSTEM_OFF/RESET to return
FROMGIT: KVM: arm64: Simplify handling of absent PMU system registers
FROMGIT: KVM: arm64: Hide PMU registers from userspace when not available
UPSTREAM: KVM: arm64: Replace KVM_ARM_PMU with HW_PERF_EVENTS
UPSTREAM: KVM: arm64: Remove spurious semicolon in reg_to_encoding()
UPSTREAM: KVM: arm64: Fix hyp_cpu_pm_{init,exit} __init annotation
UPSTREAM: KVM: arm64: Consolidate dist->ready setting into kvm_vgic_map_resources()
UPSTREAM: KVM: arm64: Remove redundant call to kvm_pmu_vcpu_reset()
UPSTREAM: KVM: arm64: Update comment in kvm_vgic_map_resources()
UPSTREAM: KVM: arm64: Move double-checked lock to kvm_vgic_map_resources()
UPSTREAM: KVM: arm64: arch_timer: Remove VGIC initialization check
UPSTREAM: KVM: Documentation: Add arm64 KVM_RUN error codes
UPSTREAM: KVM: arm64: Declutter host PSCI 0.1 handling
UPSTREAM: KVM: arm64: Move skip_host_instruction to adjust_pc.h
UPSTREAM: KVM: arm64: Remove unused includes in psci-relay.c
UPSTREAM: KVM: arm64: Minor cleanup of hyp variables used in host
UPSTREAM: KVM: arm64: Skip computing hyp VA layout for VHE
UPSTREAM: KVM: arm64: Use lm_alias in nVHE-only VA conversion
UPSTREAM: KVM: arm64: Prevent use of invalid PSCI v0.1 function IDs
UPSTREAM: KVM: arm64: Fix nVHE boot on VHE systems
UPSTREAM: KVM: arm64: Fix EL2 mode availability checks
UPSTREAM: KVM: arm64: Trap host SMCs in protected mode
UPSTREAM: KVM: arm64: Keep nVHE EL2 vector installed
UPSTREAM: KVM: arm64: Intercept host's SYSTEM_SUSPEND PSCI SMCs
UPSTREAM: KVM: arm64: Intercept host's CPU_SUSPEND PSCI SMCs
UPSTREAM: KVM: arm64: Intercept host's CPU_ON SMCs
UPSTREAM: KVM: arm64: Add function to enter host from KVM nVHE hyp code
UPSTREAM: KVM: arm64: Extract __do_hyp_init into a helper function
UPSTREAM: KVM: arm64: Forward safe PSCI SMCs coming from host
UPSTREAM: KVM: arm64: Add offset for hyp VA <-> PA conversion
UPSTREAM: KVM: arm64: Bootstrap PSCI SMC handler in nVHE EL2
UPSTREAM: KVM: arm64: Add SMC handler in nVHE EL2
UPSTREAM: KVM: arm64: Create nVHE copy of cpu_logical_map
UPSTREAM: KVM: arm64: Support per_cpu_ptr in nVHE hyp code
UPSTREAM: KVM: arm64: Add .hyp.data..ro_after_init ELF section
UPSTREAM: KVM: arm64: Init MAIR/TCR_EL2 from params struct
UPSTREAM: KVM: arm64: Move hyp-init params to a per-CPU struct
UPSTREAM: KVM: arm64: Remove vector_ptr param of hyp-init
UPSTREAM: arm64: Extract parts of el2_setup into a macro
UPSTREAM: arm64: Make cpu_logical_map() take unsigned int
UPSTREAM: psci: Add accessor for psci_0_1_function_ids
UPSTREAM: psci: Replace psci_function_id array with a struct
UPSTREAM: psci: Split functions to v0.1 and v0.2+ variants
UPSTREAM: psci: Support psci_ops.get_version for v0.1
UPSTREAM: KVM: arm64: Add ARM64_KVM_PROTECTED_MODE CPU capability
UPSTREAM: KVM: arm64: Add kvm-arm.mode early kernel parameter
UPSTREAM: KVM: arm64: Use kvm_write_guest_lock when init stolen time
UPSTREAM: KVM: arm64: Some fixes of PV-time interface document
UPSTREAM: arm64: head.S: always initialize PSTATE
UPSTREAM: arm64: head.S: cleanup SCTLR_ELx initialization
UPSTREAM: arm64: head.S: rename el2_setup -> init_kernel_el
UPSTREAM: arm64: add C wrappers for SET_PSTATE_*()
UPSTREAM: arm64: ensure ERET from kthread is illegal
BACKPORT: KVM: arm64: Advertise ID_AA64PFR0_EL1.CSV3=1 if the CPUs are Meltdown-safe
UPSTREAM: KVM: arm64: Delay the polling of the GICR_VPENDBASER.Dirty bit
UPSTREAM: arm64: Make the Meltdown mitigation state available
UPSTREAM: KVM: arm64: selftests: Filter out DEMUX registers
UPSTREAM: KVM: arm64: CSSELR_EL1 max is 13
UPSTREAM: KVM: arm64: Remove unused __extended_idmap_trampoline() prototype
UPSTREAM: KVM: arm64: Remove kvm_arch_vm_ioctl_check_extension()
UPSTREAM: KVM: arm64: Move 'struct kvm_arch_memory_slot' out of uapi/
UPSTREAM: KVM: arm64: Get rid of the PMU ready state
UPSTREAM: KVM: arm64: Gate kvm_pmu_update_state() on the PMU feature
UPSTREAM: KVM: arm64: Remove dead PMU sysreg decoding code
UPSTREAM: KVM: arm64: Remove PMU RAZ/WI handling
UPSTREAM: KVM: arm64: Inject UNDEF on PMU access when no PMU configured
UPSTREAM: KVM: arm64: Refuse illegal KVM_ARM_VCPU_PMU_V3 at reset time
UPSTREAM: KVM: arm64: Set ID_AA64DFR0_EL1.PMUVer to 0 when no PMU support
UPSTREAM: KVM: arm64: Refuse to run VCPU if PMU is not initialized
UPSTREAM: KVM: arm64: Add kvm_vcpu_has_pmu() helper
UPSTREAM: KVM: arm64: Avoid repetitive stack access on host EL1 to EL2 exception
UPSTREAM: KVM: arm64: Simplify __kvm_enable_ssbs()
UPSTREAM: KVM: arm64: Patch kimage_voffset instead of loading the EL1 value
UPSTREAM: KVM: arm64: Remove redundant hyp vectors entry
UPSTREAM: arm64: spectre: Consolidate spectre-v3a detection
UPSTREAM: arm64: spectre: Rename ARM64_HARDEN_EL2_VECTORS to ARM64_SPECTRE_V3A
BACKPORT: KVM: arm64: Allocate hyp vectors statically
UPSTREAM: KVM: arm64: Re-jig logic when patching hardened hyp vectors
UPSTREAM: KVM: arm64: Move BP hardening helpers into spectre.h
UPSTREAM: KVM: arm64: Make BP hardening globals static instead
UPSTREAM: KVM: arm64: Move kvm_get_hyp_vector() out of header file
UPSTREAM: KVM: arm64: Tidy up kvm_map_vector()
UPSTREAM: KVM: arm64: Remove redundant Spectre-v2 code from kvm_map_vector()
UPSTREAM: KVM: arm64: Drop kvm_coproc.h
UPSTREAM: KVM: arm64: Drop legacy copro shadow register
UPSTREAM: KVM: arm64: Drop is_aarch32 trap attribute
UPSTREAM: KVM: arm64: Drop is_32bit trap attribute
UPSTREAM: KVM: arm64: Map AArch32 cp14 register to AArch64 sysregs
UPSTREAM: KVM: arm64: Map AArch32 cp15 register to AArch64 sysregs
UPSTREAM: KVM: arm64: Add AArch32 mapping annotation
UPSTREAM: KVM: arm64: Move AArch32 exceptions over to AArch64 sysregs
UPSTREAM: KVM: arm64: Get rid of the AArch32 register mapping code
UPSTREAM: KVM: arm64: Consolidate exception injection
UPSTREAM: KVM: arm64: Remove SPSR manipulation primitives
UPSTREAM: KVM: arm64: Inject AArch32 exceptions from HYP
UPSTREAM: KVM: arm64: Inject AArch64 exceptions from HYP
UPSTREAM: KVM: arm64: Add basic hooks for injecting exceptions from EL2
UPSTREAM: KVM: arm64: Move VHE direct sysreg accessors into kvm_host.h
UPSTREAM: KVM: arm64: Move PC rollback on SError to HYP
UPSTREAM: KVM: arm64: Make kvm_skip_instr() and co private to HYP
UPSTREAM: KVM: arm64: Move kvm_vcpu_trap_il_is32bit into kvm_skip_instr32()
UPSTREAM: KVM: arm64: Don't adjust PC on SError during SMC trap
UPSTREAM: KVM: arm64: Turn host HVC handling into a dispatch table
UPSTREAM: KVM: arm64: Add kimg_hyp_va() helper
FROMLIST: fs/buffer.c: Revoke LRU when trying to drop buffers
ANDROID: sched: Add restrict vendor hooks for balance_rt()
ANDROID: GKI: select DMADEVICES if GKI_HIDDEN_SND_SOC_CONFIGS is set
ANDROID: use ANDROID_OEM_DATA for OEM data
ANDROID: defconfig: Enable debug_symbol driver
ANDROID: android: Create debug_symbols driver
Change-Id: I7a567fe31d6b789d215f4e6c2ff8401fd0dcb8ac
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>
|
||
|
Kalesh Singh
|
fca78df78e |
FROMLIST: BACKPORT: procfs/dmabuf: Add inode number to /proc/*/fdinfo
And 'inode_no' field to /proc/<pid>/fdinfo/<FD> and /proc/<pid>/task/<tid>/fdinfo/<FD>. The inode numbers can be used to uniquely identify DMA buffers in user space and avoids a dependency on /proc/<pid>/fd/* when accounting per-process DMA buffer sizes. Signed-off-by: Kalesh Singh <kaleshsingh@google.com> Acked-by: Randy Dunlap <rdunlap@infradead.org> [Kalesh Singh - Resolve conflict in fd/proc/fd.c] Bug: 159126739 Bug: 167141117 Link: https://lore.kernel.org/lkml/20210208155315.1367371-2-kaleshsingh@google.com/ Change-Id: Ic9c551998832129051ada07374ed02da3248dc9c |
||
|
Kalesh Singh
|
fb54b8b3f0 |
FROMLIST: procfs: Allow reading fdinfo with PTRACE_MODE_READ
Android captures per-process system memory state when certain low memory events (e.g a foreground app kill) occur, to identify potential memory hoggers. In order to measure how much memory a process actually consumes, it is necessary to include the DMA buffer sizes for that process in the memory accounting. Since the handle to DMA buffers are raw FDs, it is important to be able to identify which processes have FD references to a DMA buffer. Currently, DMA buffer FDs can be accounted using /proc/<pid>/fd/* and /proc/<pid>/fdinfo -- both are only readable by the process owner, as follows: 1. Do a readlink on each FD. 2. If the target path begins with "/dmabuf", then the FD is a dmabuf FD. 3. stat the file to get the dmabuf inode number. 4. Read/ proc/<pid>/fdinfo/<fd>, to get the DMA buffer size. Accessing other processes' fdinfo requires root privileges. This limits the use of the interface to debugging environments and is not suitable for production builds. Granting root privileges even to a system process increases the attack surface and is highly undesirable. Since fdinfo doesn't permit reading process memory and manipulating process state, allow accessing fdinfo under PTRACE_MODE_READ_FSCRED. Suggested-by: Jann Horn <jannh@google.com> Signed-off-by: Kalesh Singh <kaleshsingh@google.com> Bug: 159126739 Bug: 167141117 Link: https://lore.kernel.org/lkml/20210208155315.1367371-1-kaleshsingh@google.com/ Change-Id: I41407760c7170621420739a044dbc27bdccac339 |
||
|
Greg Kroah-Hartman
|
1092f698e5 |
Merge 5.10.15 into android12-5.10
Changes in 5.10.15 USB: serial: cp210x: add pid/vid for WSDA-200-USB USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 USB: serial: option: Adding support for Cinterion MV31 usb: host: xhci: mvebu: make USB 3.0 PHY optional for Armada 3720 USB: gadget: legacy: fix an error code in eth_bind() usb: gadget: aspeed: add missing of_node_put USB: usblp: don't call usb_set_interface if there's a single alt usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop() usb: dwc2: Fix endpoint direction check in ep_from_windex usb: dwc3: fix clock issue during resume in OTG mode usb: xhci-mtk: fix unreleased bandwidth data usb: xhci-mtk: skip dropping bandwidth of unchecked endpoints usb: xhci-mtk: break loop when find the endpoint to drop ARM: OMAP1: OSK: fix ohci-omap breakage arm64: dts: qcom: c630: keep both touchpad devices enabled Input: i8042 - unbreak Pegatron C15B arm64: dts: amlogic: meson-g12: Set FL-adj property value arm64: dts: rockchip: fix vopl iommu irq on px30 arm64: dts: rockchip: Use only supported PCIe link speed on Pinebook Pro ARM: dts: stm32: Fix polarity of the DH DRC02 uSD card detect ARM: dts: stm32: Connect card-detect signal on DHCOM ARM: dts: stm32: Disable WP on DHCOM uSD slot ARM: dts: stm32: Disable optional TSC2004 on DRC02 board ARM: dts: stm32: Fix GPIO hog flags on DHCOM DRC02 vdpa/mlx5: Fix memory key MTT population bpf, cgroup: Fix optlen WARN_ON_ONCE toctou bpf, cgroup: Fix problematic bounds check bpf, inode_storage: Put file handler if no storage was found um: virtio: free vu_dev only with the contained struct device bpf, preload: Fix build when $(O) points to a relative path arm64: dts: meson: switch TFLASH_VDD_EN pin to open drain on Odroid-C4 r8169: work around RTL8125 UDP hw bug rxrpc: Fix deadlock around release of dst cached on udp tunnel arm64: dts: ls1046a: fix dcfg address range SUNRPC: Fix NFS READs that start at non-page-aligned offsets igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr igc: check return value of ret_val in igc_config_fc_after_link_up i40e: Revert "i40e: don't report link up for a VF who hasn't enabled queues" ibmvnic: device remove has higher precedence over reset net/mlx5: Fix function calculation for page trees net/mlx5: Fix leak upon failure of rule creation net/mlx5e: Update max_opened_tc also when channels are closed net/mlx5e: Release skb in case of failure in tc update skb net: lapb: Copy the skb before sending a packet net: mvpp2: TCAM entry enable should be written after SRAM data r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set net: ipa: pass correct dma_handle to dma_free_coherent() ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode nvmet-tcp: fix out-of-bounds access when receiving multiple h2cdata PDUs vdpa/mlx5: Restore the hardware used index after change map memblock: do not start bottom-up allocations with kernel_end kbuild: fix duplicated flags in DEBUG_CFLAGS thunderbolt: Fix possible NULL pointer dereference in tb_acpi_add_link() ovl: fix dentry leak in ovl_get_redirect ovl: avoid deadlock on directory ioctl ovl: implement volatile-specific fsync error behaviour mac80211: fix station rate table updates on assoc gpiolib: free device name on error path to fix kmemleak fgraph: Initialize tracing_graph_pause at task creation tracing/kprobe: Fix to support kretprobe events on unloaded modules kretprobe: Avoid re-registration of the same kretprobe earlier tracing: Use pause-on-trace with the latency tracers tracepoint: Fix race between tracing and removing tracepoint libnvdimm/namespace: Fix visibility of namespace resource attribute libnvdimm/dimm: Avoid race between probe and available_slots_show() genirq: Prevent [devm_]irq_alloc_desc from returning irq 0 genirq/msi: Activate Multi-MSI early when MSI_FLAG_ACTIVATE_EARLY is set scripts: use pkg-config to locate libcrypto xhci: fix bounce buffer usage for non-sg list case RISC-V: Define MAXPHYSMEM_1GB only for RV32 cifs: report error instead of invalid when revalidating a dentry fails iommu: Check dev->iommu in dev_iommu_priv_get() before dereferencing it smb3: Fix out-of-bounds bug in SMB2_negotiate() smb3: fix crediting for compounding when only one request in flight mmc: sdhci-pltfm: Fix linking err for sdhci-brcmstb mmc: core: Limit retries when analyse of SDIO tuples fails Fix unsynchronized access to sev members through svm_register_enc_region drm/dp/mst: Export drm_dp_get_vc_payload_bw() drm/i915: Fix the MST PBN divider calculation drm/i915/gem: Drop lru bumping on display unpinning drm/i915/gt: Close race between enable_breadcrumbs and cancel_breadcrumbs drm/i915/display: Prevent double YUV range correction on HDR planes drm/i915: Extract intel_ddi_power_up_lanes() drm/i915: Power up combo PHY lanes for for HDMI as well drm/amd/display: Revert "Fix EDID parsing after resume from suspend" io_uring: don't modify identity's files uncess identity is cowed nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs KVM: SVM: Treat SVM as unsupported when running as an SEV guest KVM: x86/mmu: Fix TDP MMU zap collapsible SPTEs KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off KVM: x86: fix CPUID entries returned by KVM_GET_CPUID2 ioctl KVM: x86: Update emulator context mode if SYSENTER xfers to 64-bit mode KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset DTS: ARM: gta04: remove legacy spi-cs-high to make display work again ARM: dts; gta04: SPI panel chip select is active low ARM: footbridge: fix dc21285 PCI configuration accessors ARM: 9043/1: tegra: Fix misplaced tegra_uart_config in decompressor mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page mm: hugetlb: fix a race between freeing and dissolving the page mm: hugetlb: fix a race between isolating and freeing page mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active mm, compaction: move high_pfn to the for loop scope mm/vmalloc: separate put pages and flush VM flags mm: thp: fix MADV_REMOVE deadlock on shmem THP mm/filemap: add missing mem_cgroup_uncharge() to __add_to_page_cache_locked() x86/build: Disable CET instrumentation in the kernel x86/debug: Fix DR6 handling x86/debug: Prevent data breakpoints on __per_cpu_offset x86/debug: Prevent data breakpoints on cpu_dr7 x86/apic: Add extra serialization for non-serializing MSRs Input: goodix - add support for Goodix GT9286 chip Input: xpad - sync supported devices with fork on GitHub Input: ili210x - implement pressure reporting for ILI251x md: Set prev_flush_start and flush_bio in an atomic way igc: Report speed and duplex as unknown when device is runtime suspended neighbour: Prevent a dead entry from updating gc_list net: ip_tunnel: fix mtu calculation udp: ipv4: manipulate network header of NATed UDP GRO fraglist net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add net: sched: replaced invalid qdisc tree flush helper in qdisc_replace Linux 5.10.15 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I15750357b4c30739515fdc0bbbd0e04b7c986171 |
||
|
Muchun Song
|
afe6c31b84 |
mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page
commit 585fc0d2871c9318c949fbf45b1f081edd489e96 upstream.
If a new hugetlb page is allocated during fallocate it will not be
marked as active (set_page_huge_active) which will result in a later
isolate_huge_page failure when the page migration code would like to
move that page. Such a failure would be unexpected and wrong.
Only export set_page_huge_active, just leave clear_page_huge_active as
static. Because there are no external users.
Link: https://lkml.kernel.org/r/20210115124942.46403-3-songmuchun@bytedance.com
Fixes:
|
||
|
Xiaoguang Wang
|
4f25d448d9 |
io_uring: don't modify identity's files uncess identity is cowed
commit d7e10d47691d1702db1cd1edcc689d3031eefc67 upstream. Abaci Robot reported following panic: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 800000010ef3f067 P4D 800000010ef3f067 PUD 10d9df067 PMD 0 Oops: 0002 [#1] SMP PTI CPU: 0 PID: 1869 Comm: io_wqe_worker-0 Not tainted 5.11.0-rc3+ #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:put_files_struct+0x1b/0x120 Code: 24 18 c7 00 f4 ff ff ff e9 4d fd ff ff 66 90 0f 1f 44 00 00 41 57 41 56 49 89 fe 41 55 41 54 55 53 48 83 ec 08 e8 b5 6b db ff 41 ff 0e 74 13 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f e9 9c RSP: 0000:ffffc90002147d48 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff88810d9a5300 RCX: 0000000000000000 RDX: ffff88810d87c280 RSI: ffffffff8144ba6b RDI: 0000000000000000 RBP: 0000000000000080 R08: 0000000000000001 R09: ffffffff81431500 R10: ffff8881001be000 R11: 0000000000000000 R12: ffff88810ac2f800 R13: ffff88810af38a00 R14: 0000000000000000 R15: ffff8881057130c0 FS: 0000000000000000(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000010dbaa002 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __io_clean_op+0x10c/0x2a0 io_dismantle_req+0x3c7/0x600 __io_free_req+0x34/0x280 io_put_req+0x63/0xb0 io_worker_handle_work+0x60e/0x830 ? io_wqe_worker+0x135/0x520 io_wqe_worker+0x158/0x520 ? __kthread_parkme+0x96/0xc0 ? io_worker_handle_work+0x830/0x830 kthread+0x134/0x180 ? kthread_create_worker_on_cpu+0x90/0x90 ret_from_fork+0x1f/0x30 Modules linked in: CR2: 0000000000000000 ---[ end trace c358ca86af95b1e7 ]--- I guess case below can trigger above panic: there're two threads which operates different io_uring ctxs and share same sqthread identity, and later one thread exits, io_uring_cancel_task_requests() will clear task->io_uring->identity->files to be NULL in sqpoll mode, then another ctx that uses same identity will panic. Indeed we don't need to clear task->io_uring->identity->files here, io_grab_identity() should handle identity->files changes well, if task->io_uring->identity->files is not equal to current->files, io_cow_identity() should handle this changes well. Cc: stable@vger.kernel.org # 5.5+ Reported-by: Abaci Robot <abaci@linux.alibaba.com> Signed-off-by: Xiaoguang Wang <xiaoguang.wang@linux.alibaba.com> Reviewed-by: Pavel Begunkov <asml.silence@gmail.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Pavel Shilovsky
|
2502610927 |
smb3: fix crediting for compounding when only one request in flight
commit 91792bb8089b63b7b780251eb83939348ac58a64 upstream. Currently we try to guess if a compound request is going to succeed waiting for credits or not based on the number of requests in flight. This approach doesn't work correctly all the time because there may be only one request in flight which is going to bring multiple credits satisfying the compound request. Change the behavior to fail a request only if there are no requests in flight at all and proceed waiting for credits otherwise. Cc: <stable@vger.kernel.org> # 5.1+ Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com> Reviewed-by: Tom Talpey <tom@talpey.com> Reviewed-by: Shyam Prasad N <nspmangalore@gmail.com> Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Gustavo A. R. Silva
|
b793e9fca6 |
smb3: Fix out-of-bounds bug in SMB2_negotiate()
commit 8d8d1dbefc423d42d626cf5b81aac214870ebaab upstream.
While addressing some warnings generated by -Warray-bounds, I found this
bug that was introduced back in 2017:
CC [M] fs/cifs/smb2pdu.o
fs/cifs/smb2pdu.c: In function ‘SMB2_negotiate’:
fs/cifs/smb2pdu.c:822:16: warning: array subscript 1 is above array bounds
of ‘__le16[1]’ {aka ‘short unsigned int[1]’} [-Warray-bounds]
822 | req->Dialects[1] = cpu_to_le16(SMB30_PROT_ID);
| ~~~~~~~~~~~~~^~~
fs/cifs/smb2pdu.c:823:16: warning: array subscript 2 is above array bounds
of ‘__le16[1]’ {aka ‘short unsigned int[1]’} [-Warray-bounds]
823 | req->Dialects[2] = cpu_to_le16(SMB302_PROT_ID);
| ~~~~~~~~~~~~~^~~
fs/cifs/smb2pdu.c:824:16: warning: array subscript 3 is above array bounds
of ‘__le16[1]’ {aka ‘short unsigned int[1]’} [-Warray-bounds]
824 | req->Dialects[3] = cpu_to_le16(SMB311_PROT_ID);
| ~~~~~~~~~~~~~^~~
fs/cifs/smb2pdu.c:816:16: warning: array subscript 1 is above array bounds
of ‘__le16[1]’ {aka ‘short unsigned int[1]’} [-Warray-bounds]
816 | req->Dialects[1] = cpu_to_le16(SMB302_PROT_ID);
| ~~~~~~~~~~~~~^~~
At the time, the size of array _Dialects_ was changed from 1 to 3 in struct
validate_negotiate_info_req, and then in 2019 it was changed from 3 to 4,
but those changes were never made in struct smb2_negotiate_req, which has
led to a 3 and a half years old out-of-bounds bug in function
SMB2_negotiate() (fs/cifs/smb2pdu.c).
Fix this by increasing the size of array _Dialects_ in struct
smb2_negotiate_req to 4.
Fixes:
|
||
|
Aurelien Aptel
|
7a3361e5ec |
cifs: report error instead of invalid when revalidating a dentry fails
commit 21b200d091826a83aafc95d847139b2b0582f6d1 upstream. Assuming - //HOST/a is mounted on /mnt - //HOST/b is mounted on /mnt/b On a slow connection, running 'df' and killing it while it's processing /mnt/b can make cifs_get_inode_info() returns -ERESTARTSYS. This triggers the following chain of events: => the dentry revalidation fail => dentry is put and released => superblock associated with the dentry is put => /mnt/b is unmounted This patch makes cifs_d_revalidate() return the error instead of 0 (invalid) when cifs_revalidate_dentry() fails, except for ENOENT (file deleted) and ESTALE (file recreated). Signed-off-by: Aurelien Aptel <aaptel@suse.com> Suggested-by: Shyam Prasad N <nspmangalore@gmail.com> Reviewed-by: Shyam Prasad N <nspmangalore@gmail.com> CC: stable@vger.kernel.org Signed-off-by: Steve French <stfrench@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Sargun Dhillon
|
8ccf963c62 |
ovl: implement volatile-specific fsync error behaviour
commit 335d3fc57941e5c6164c69d439aec1cb7a800876 upstream.
Overlayfs's volatile option allows the user to bypass all forced sync calls
to the upperdir filesystem. This comes at the cost of safety. We can never
ensure that the user's data is intact, but we can make a best effort to
expose whether or not the data is likely to be in a bad state.
The best way to handle this in the time being is that if an overlayfs's
upperdir experiences an error after a volatile mount occurs, that error
will be returned on fsync, fdatasync, sync, and syncfs. This is
contradictory to the traditional behaviour of VFS which fails the call
once, and only raises an error if a subsequent fsync error has occurred,
and been raised by the filesystem.
One awkward aspect of the patch is that we have to manually set the
superblock's errseq_t after the sync_fs callback as opposed to just
returning an error from syncfs. This is because the call chain looks
something like this:
sys_syncfs ->
sync_filesystem ->
__sync_filesystem ->
/* The return value is ignored here
sb->s_op->sync_fs(sb)
_sync_blockdev
/* Where the VFS fetches the error to raise to userspace */
errseq_check_and_advance
Because of this we call errseq_set every time the sync_fs callback occurs.
Due to the nature of this seen / unseen dichotomy, if the upperdir is an
inconsistent state at the initial mount time, overlayfs will refuse to
mount, as overlayfs cannot get a snapshot of the upperdir's errseq that
will increment on error until the user calls syncfs.
Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Suggested-by: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Fixes:
|
||
|
Miklos Szeredi
|
a66f82a1de |
ovl: avoid deadlock on directory ioctl
commit b854cc659dcb80f172cb35dbedc15d39d49c383f upstream.
The function ovl_dir_real_file() currently uses the inode lock to serialize
writes to the od->upperfile field.
However, this function will get called by ovl_ioctl_set_flags(), which
utilizes the inode lock too. In this case ovl_dir_real_file() will try to
claim a lock that is owned by a function in its call stack, which won't get
released before ovl_dir_real_file() returns.
Fix by replacing the open coded compare and exchange by an explicit atomic
op.
Fixes:
|
||
|
Liangyan
|
fb8caef7c0 |
ovl: fix dentry leak in ovl_get_redirect
commit e04527fefba6e4e66492f122cf8cc6314f3cf3bf upstream.
We need to lock d_parent->d_lock before dget_dlock, or this may
have d_lockref updated parallelly like calltrace below which will
cause dentry->d_lockref leak and risk a crash.
CPU 0 CPU 1
ovl_set_redirect lookup_fast
ovl_get_redirect __d_lookup
dget_dlock
//no lock protection here spin_lock(&dentry->d_lock)
dentry->d_lockref.count++ dentry->d_lockref.count++
[ 49.799059] PGD 800000061fed7067 P4D 800000061fed7067 PUD 61fec5067 PMD 0
[ 49.799689] Oops: 0002 [#1] SMP PTI
[ 49.800019] CPU: 2 PID: 2332 Comm: node Not tainted 4.19.24-7.20.al7.x86_64 #1
[ 49.800678] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 8a46cfe 04/01/2014
[ 49.801380] RIP: 0010:_raw_spin_lock+0xc/0x20
[ 49.803470] RSP: 0018:ffffac6fc5417e98 EFLAGS: 00010246
[ 49.803949] RAX: 0000000000000000 RBX: ffff93b8da3446c0 RCX: 0000000a00000000
[ 49.804600] RDX: 0000000000000001 RSI: 000000000000000a RDI: 0000000000000088
[ 49.805252] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff993cf040
[ 49.805898] R10: ffff93b92292e580 R11: ffffd27f188a4b80 R12: 0000000000000000
[ 49.806548] R13: 00000000ffffff9c R14: 00000000fffffffe R15: ffff93b8da3446c0
[ 49.807200] FS: 00007ffbedffb700(0000) GS:ffff93b927880000(0000) knlGS:0000000000000000
[ 49.807935] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 49.808461] CR2: 0000000000000088 CR3: 00000005e3f74006 CR4: 00000000003606a0
[ 49.809113] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 49.809758] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 49.810410] Call Trace:
[ 49.810653] d_delete+0x2c/0xb0
[ 49.810951] vfs_rmdir+0xfd/0x120
[ 49.811264] do_rmdir+0x14f/0x1a0
[ 49.811573] do_syscall_64+0x5b/0x190
[ 49.811917] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 49.812385] RIP: 0033:0x7ffbf505ffd7
[ 49.814404] RSP: 002b:00007ffbedffada8 EFLAGS: 00000297 ORIG_RAX: 0000000000000054
[ 49.815098] RAX: ffffffffffffffda RBX: 00007ffbedffb640 RCX: 00007ffbf505ffd7
[ 49.815744] RDX: 0000000004449700 RSI: 0000000000000000 RDI: 0000000006c8cd50
[ 49.816394] RBP: 00007ffbedffaea0 R08: 0000000000000000 R09: 0000000000017d0b
[ 49.817038] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000012
[ 49.817687] R13: 00000000072823d8 R14: 00007ffbedffb700 R15: 00000000072823d8
[ 49.818338] Modules linked in: pvpanic cirrusfb button qemu_fw_cfg atkbd libps2 i8042
[ 49.819052] CR2: 0000000000000088
[ 49.819368] ---[ end trace 4e652b8aa299aa2d ]---
[ 49.819796] RIP: 0010:_raw_spin_lock+0xc/0x20
[ 49.821880] RSP: 0018:ffffac6fc5417e98 EFLAGS: 00010246
[ 49.822363] RAX: 0000000000000000 RBX: ffff93b8da3446c0 RCX: 0000000a00000000
[ 49.823008] RDX: 0000000000000001 RSI: 000000000000000a RDI: 0000000000000088
[ 49.823658] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff993cf040
[ 49.825404] R10: ffff93b92292e580 R11: ffffd27f188a4b80 R12: 0000000000000000
[ 49.827147] R13: 00000000ffffff9c R14: 00000000fffffffe R15: ffff93b8da3446c0
[ 49.828890] FS: 00007ffbedffb700(0000) GS:ffff93b927880000(0000) knlGS:0000000000000000
[ 49.830725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 49.832359] CR2: 0000000000000088 CR3: 00000005e3f74006 CR4: 00000000003606a0
[ 49.834085] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 49.835792] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Cc: <stable@vger.kernel.org>
Fixes:
|
||
|
David Howells
|
e5ed4e08d8 |
rxrpc: Fix deadlock around release of dst cached on udp tunnel
[ Upstream commit 5399d52233c47905bbf97dcbaa2d7a9cc31670ba ]
AF_RXRPC sockets use UDP ports in encap mode. This causes socket and dst
from an incoming packet to get stolen and attached to the UDP socket from
whence it is leaked when that socket is closed.
When a network namespace is removed, the wait for dst records to be cleaned
up happens before the cleanup of the rxrpc and UDP socket, meaning that the
wait never finishes.
Fix this by moving the rxrpc (and, by dependence, the afs) private
per-network namespace registrations to the device group rather than subsys
group. This allows cached rxrpc local endpoints to be cleared and their
UDP sockets closed before we try waiting for the dst records.
The symptom is that lines looking like the following:
unregister_netdevice: waiting for lo to become free
get emitted at regular intervals after running something like the
referenced syzbot test.
Thanks to Vadim for tracking this down and work out the fix.
Reported-by: syzbot+df400f2f24a1677cd7e0@syzkaller.appspotmail.com
Reported-by: Vadim Fedorenko <vfedorenko@novek.ru>
Fixes:
|
||
|
Ivaylo Georgiev
|
b69639c402 |
Merge android12-5.10.11 (ba15277) into msm-5.10
* refs/heads/tmp-ba15277:
Linux 5.10.11
Revert "mm: fix initialization of struct page for holes in memory layout"
mm: fix initialization of struct page for holes in memory layout
Commit 9bb48c82aced ("tty: implement write_iter") converted the tty layer to use write_iter. Fix the redirected_tty_write declaration also in n_tty and change the comparisons to use write_iter instead of write. also in n_tty and change the comparisons to use write_iter instead of write.
fs/pipe: allow sendfile() to pipe again
interconnect: imx8mq: Use icc_sync_state
kernfs: wire up ->splice_read and ->splice_write
kernfs: implement ->write_iter
kernfs: implement ->read_iter
bpf: Local storage helpers should check nullness of owner ptr passed
drm/i915/hdcp: Get conn while content_type changed
ASoC: SOF: Intel: hda: Avoid checking jack on system suspend
tcp: Fix potential use-after-free due to double kfree()
x86/sev-es: Handle string port IO to kernel memory properly
net: systemport: free dev before on error path
tty: fix up hung_up_tty_write() conversion
tty: implement write_iter
x86/sev: Fix nonistr violation
pinctrl: qcom: Don't clear pending interrupts when enabling
pinctrl: qcom: Properly clear "intr_ack_high" interrupts when unmasking
pinctrl: qcom: No need to read-modify-write the interrupt status
pinctrl: qcom: Allow SoCs to specify a GPIO function that's not 0
net: core: devlink: use right genl user_ptr when handling port param get/set
net: mscc: ocelot: Fix multicast to the CPU port
tcp: fix TCP_USER_TIMEOUT with zero window
tcp: do not mess with cloned skbs in tcp_add_backlog()
net: dsa: b53: fix an off by one in checking "vlan->vid"
net: Disable NETIF_F_HW_TLS_RX when RXCSUM is disabled
net: mscc: ocelot: allow offloading of bridge on top of LAG
ipv6: set multicast flag on the multicast route
net_sched: reject silly cell_log in qdisc_get_rtab()
net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
ipv6: create multicast route with RTPROT_KERNEL
udp: mask TOS bits in udp_v4_early_demux()
net_sched: gen_estimator: support large ewma log
tcp: fix TCP socket rehash stats mis-accounting
kasan: fix incorrect arguments passing in kasan_add_zero_shadow
kasan: fix unaligned address is unhandled in kasan_remove_zero_shadow
skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too
lightnvm: fix memory leak when submit fails
cachefiles: Drop superfluous readpages aops NULL check
nvme-pci: fix error unwind in nvme_map_data
nvme-pci: refactor nvme_unmap_data
sh_eth: Fix power down vs. is_opened flag ordering
selftests/powerpc: Fix exit status of pkey tests
net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext
octeontx2-af: Fix missing check bugs in rvu_cgx.c
ASoC: SOF: Intel: fix page fault at probe if i915 init fails
locking/lockdep: Cure noinstr fail
sh: Remove unused HAVE_COPY_THREAD_TLS macro
sh: dma: fix kconfig dependency for G2_DMA
drm/i915/hdcp: Update CP property in update_pipe
tools: gpio: fix %llu warning in gpio-watch.c
tools: gpio: fix %llu warning in gpio-event-mon.c
netfilter: rpfilter: mask ecn bits before fib lookup
cls_flower: call nla_ok() before nla_next()
x86/cpu/amd: Set __max_die_per_package on AMD
x86/entry: Fix noinstr fail
drm/i915: Only enable DFP 4:4:4->4:2:0 conversion when outputting YCbCr 4:4:4
drm/i915: s/intel_dp_sink_dpms/intel_dp_set_power/
driver core: Extend device_is_dependent()
driver core: Fix device link device name collision
drivers core: Free dma_range_map when driver probe failed
xhci: tegra: Delay for disabling LFPS detector
xhci: make sure TRB is fully written before giving it to the controller
usb: cdns3: imx: fix can't create core device the second time issue
usb: cdns3: imx: fix writing read-only memory issue
usb: bdc: Make bdc pci driver depend on BROKEN
usb: udc: core: Use lock when write to soft_connect
USB: gadget: dummy-hcd: Fix errors in port-reset handling
usb: gadget: aspeed: fix stop dma register setting.
USB: ehci: fix an interrupt calltrace error
ehci: fix EHCI host controller initialization sequence
serial: mvebu-uart: fix tx lost characters at power off
stm class: Fix module init return on allocation failure
intel_th: pci: Add Alder Lake-P support
io_uring: fix short read retries for non-reg files
io_uring: fix SQPOLL IORING_OP_CLOSE cancelation state
io_uring: iopoll requests should also wake task ->in_idle state
mm: fix numa stats for thp migration
mm: memcg: fix memcg file_dirty numa stat
mm: memcg/slab: optimize objcg stock draining
proc_sysctl: fix oops caused by incorrect command parameters
x86/setup: don't remove E820_TYPE_RAM for pfn 0
x86/mmx: Use KFPU_387 for MMX string operations
x86/topology: Make __max_die_per_package available unconditionally
x86/fpu: Add kernel_fpu_begin_mask() to selectively initialize state
irqchip/mips-cpu: Set IPI domain parent chip
cifs: do not fail __smb_send_rqst if non-fatal signals are pending
powerpc/64s: fix scv entry fallback flush vs interrupt
counter:ti-eqep: remove floor
iio: adc: ti_am335x_adc: remove omitted iio_kfifo_free()
drivers: iio: temperature: Add delay after the addressed reset command in mlx90632.c
iio: ad5504: Fix setting power-down state
iio: common: st_sensors: fix possible infinite loop in st_sensors_irq_thread
i2c: sprd: depend on COMMON_CLK to fix compile tests
perf evlist: Fix id index for heterogeneous systems
can: peak_usb: fix use after free bugs
can: vxcan: vxcan_xmit: fix use after free bug
can: dev: can_restart: fix use after free bug
selftests: net: fib_tests: remove duplicate log test
xsk: Clear pool even for inactive queues
ALSA: hda: Balance runtime/system PM if direct-complete is disabled
gpio: sifive: select IRQ_DOMAIN_HIERARCHY rather than depend on it
platform/x86: hp-wmi: Don't log a warning on HPWMI_RET_UNKNOWN_COMMAND errors
platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC 11 from allow-list
drm/vc4: Unify PCM card's driver_name
i2c: octeon: check correct size of maximum RECV_LEN packet
iov_iter: fix the uaccess area in copy_compat_iovec_from_user
printk: fix kmsg_dump_get_buffer length calulations
printk: ringbuffer: fix line counting
RDMA/cma: Fix error flow in default_roce_mode_store
RDMA/umem: Avoid undefined behavior of rounddown_pow_of_two()
drm/amdkfd: Fix out-of-bounds read in kdf_create_vcrat_image_cpu()
bpf: Reject too big ctx_size_in for raw_tp test run
arm64: entry: remove redundant IRQ flag tracing
powerpc: Fix alignment bug within the init sections
powerpc: Use the common INIT_DATA_SECTION macro in vmlinux.lds.S
bpf: Prevent double bpf_prog_put call from bpf_tracing_prog_attach
crypto: omap-sham - Fix link error without crypto-engine
scsi: ufs: Fix tm request when non-fatal error happens
scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM
scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression
btrfs: print the actual offset in btrfs_root_name
RDMA/ucma: Do not miss ctx destruction steps in some cases
pinctrl: mediatek: Fix fallback call path
pinctrl: aspeed: g6: Fix PWMG0 pinctrl setting
gpiolib: cdev: fix frame size warning in gpio_ioctl()
nfsd: Don't set eof on a truncated READ_PLUS
nfsd: Fixes for nfsd4_encode_read_plus_data()
x86/xen: fix 'nopvspin' build error
RISC-V: Fix maximum allowed phsyical memory for RV32
RISC-V: Set current memblock limit
libperf tests: Fail when failing to get a tracepoint id
libperf tests: If a test fails return non-zero
io_uring: flush timeouts that should already have expired
drm/nouveau/kms/nv50-: fix case where notifier buffer is at offset 0
drm/nouveau/mmu: fix vram heap sizing
drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
drm/nouveau/privring: ack interrupts the same way as RM
drm/nouveau/bios: fix issue shadowing expansion ROMs
drm/amd/display: Fix to be able to stop crc calculation
HID: logitech-hidpp: Add product ID for MX Ergo in Bluetooth mode
drm/amd/display: disable dcn10 pipe split by default
drm/amdgpu/psp: fix psp gfx ctrl cmds
riscv: defconfig: enable gpio support for HiFive Unleashed
dts: phy: add GPIO number and active state used for phy reset
dts: phy: fix missing mdio device and probe failure of vsc8541-01 device
x86/xen: Fix xen_hvm_smp_init() when vector callback not available
x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery
xen: Fix event channel callback via INTX/GSI
arm64: make atomic helpers __always_inline
riscv: cacheinfo: Fix using smp_processor_id() in preemptible
ALSA: hda/tegra: fix tegra-hda on tegra30 soc
clk: tegra30: Add hda clock default rates to clock driver
HID: Ignore battery for Elan touchscreen on ASUS UX550
HID: logitech-dj: add the G602 receiver
riscv: Enable interrupts during syscalls with M-Mode
riscv: Fix sifive serial driver
riscv: Fix kernel time_init()
scsi: sd: Suppress spurious errors when WRITE SAME is being disabled
scsi: scsi_debug: Fix memleak in scsi_debug_init()
scsi: qedi: Correct max length of CHAP secret
scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
scsi: ufs: Relax the condition of UFSHCI_QUIRK_SKIP_MANUAL_WB_FLUSH_CTRL
x86/hyperv: Fix kexec panic/hang issues
dm integrity: select CRYPTO_SKCIPHER
HID: sony: select CONFIG_CRC32
HID: multitouch: Enable multi-input for Synaptics pointstick/touchpad device
SUNRPC: Handle TCP socket sends with kernel_sendpage() again
ASoC: rt711: mutex between calibration and power state changes
ASoC: Intel: haswell: Add missing pm_ops
drm/i915: Check for rq->hwsp validity after acquiring RCU lock
drm/i915/gt: Prevent use of engine->wa_ctx after error
drm/amd/display: DCN2X Find Secondary Pipe properly in MPO + ODM Case
drm/amdgpu: remove gpu info firmware of green sardine
drm/syncobj: Fix use-after-free
drm/atomic: put state on error path
dm integrity: conditionally disable "recalculate" feature
dm integrity: fix a crash if "recalculate" used without "internal_hash"
dm: avoid filesystem lookup in dm_get_dev_t()
mmc: sdhci-brcmstb: Fix mmc timeout errors on S5 suspend
mmc: sdhci-xenon: fix 1.8v regulator stabilization
mmc: sdhci-of-dwcmshc: fix rpmb access
mmc: core: don't initialize block size from ext_csd if not present
pinctrl: ingenic: Fix JZ4760 support
fs: fix lazytime expiration handling in __writeback_single_inode()
btrfs: send: fix invalid clone operations when cloning from the same file and root
btrfs: don't clear ret in btrfs_start_dirty_block_groups
btrfs: fix lockdep splat in btrfs_recover_relocation
btrfs: do not double free backref nodes on error
btrfs: don't get an EINTR during drop_snapshot for reloc
ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
dm crypt: fix copy and paste bug in crypt_alloc_req_aead
crypto: xor - Fix divide error in do_xor_speed()
ALSA: hda/via: Add minimum mute flag
ALSA: hda/realtek - Limit int mic boost on Acer Aspire E5-575T
ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
platform/x86: ideapad-laptop: Disable touchpad_switch for ELAN0634
platform/x86: i2c-multi-instantiate: Don't create platform device for INT3515 ACPI nodes
i2c: bpmp-tegra: Ignore unknown I2C_M flags
i2c: tegra: Wait for config load atomically while in ISR
mtd: rawnand: nandsim: Fix the logic when selecting Hamming soft ECC engine
mtd: rawnand: gpmi: fix dst bit offset when extracting raw payload
scsi: target: tcmu: Fix use-after-free of se_cmd->priv
ANDROID: simplify vendor hook definitions
ANDROID: add macros to create OEM data fields
ANDROID: dma-buf: fix return type mismatch
ANDROID: cpu/hotplug: create vendor hook for cpu_up/cpu_down
FROMLIST: fuse: Introduce passthrough for mmap
ANDROID: Fix sparse warning in wp_page_copy caused by SPF patchset
FROMLIST: fuse: Use daemon creds in passthrough mode
FROMLIST: fuse: Handle asynchronous read and write in passthrough
FROMLIST: fuse: Introduce synchronous read and write for passthrough
FROMLIST: fuse: Passthrough initialization and release
FROMLIST: fuse: Definitions and ioctl for passthrough
FROMLIST: fuse: 32-bit user space ioctl compat for fuse device
FROMLIST: fs: Generic function to convert iocb to rw flags
Revert "FROMLIST: fuse: Definitions and ioctl() for passthrough"
Revert "FROMLIST: fuse: Passthrough initialization and release"
Revert "FROMLIST: fuse: Introduce synchronous read and write for passthrough"
Revert "FROMLIST: fuse: Handle asynchronous read and write in passthrough"
Revert "FROMLIST: fuse: Use daemon creds in passthrough mode"
Revert "FROMLIST: fuse: Fix colliding FUSE_PASSTHROUGH flag"
UPSTREAM: usb: xhci-mtk: fix unreleased bandwidth data
ANDROID: sched: export task_rq_lock
ANDROID: GKI: make VIDEOBUF2_DMA_CONTIG under GKI_HIDDEN_MEDIA_CONFIGS
ANDROID: clang: update to 12.0.1
FROMLIST: dma-buf: heaps: add chunk heap to dmabuf heaps
FROMLIST: dt-bindings: reserved-memory: Make DMA-BUF CMA heap DT-configurable
FROMLIST: mm: failfast mode with __GFP_NORETRY in alloc_contig_range
FROMLIST: mm: cma: introduce gfp flag in cma_alloc instead of no_warn
UPSTREAM: kernfs: wire up ->splice_read and ->splice_write
UPSTREAM: kernfs: implement ->write_iter
UPSTREAM: kernfs: implement ->read_iter
UPSTREAM: usb: typec: tcpm: Create legacy PDOs for PD2 connection
Conflicts:
Documentation/devicetree/bindings
drivers/dma-buf/heaps/Kconfig
drivers/dma-buf/heaps/Makefile
drivers/pinctrl/qcom/pinctrl-msm.h
Change-Id: I6412ddc7b1d215b7ea8bff5815277e13e8143888
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
d0d8327012 |
Merge 5.10.14 into android12-5.10
Changes in 5.10.14
net: dsa: microchip: Adjust reset release timing to match reference reset circuit
net: stmmac: dwmac-intel-plat: remove config data on error
net: fec: put child node on error path
net: octeontx2: Make sure the buffer is 128 byte aligned
stmmac: intel: Configure EHL PSE0 GbE and PSE1 GbE to 32 bits DMA addressing
mlxsw: spectrum_span: Do not overwrite policer configuration
net: dsa: bcm_sf2: put device node before return
net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP
ibmvnic: Ensure that CRQ entry read are correctly ordered
iommu/io-pgtable-arm: Support coherency for Mali LPAE
drm/panfrost: Support cache-coherent integrations
arm64: dts: meson: Describe G12b GPU as coherent
arm64: Fix kernel address detection of __is_lm_address()
arm64: Do not pass tagged addresses to __is_lm_address()
Revert "x86/setup: don't remove E820_TYPE_RAM for pfn 0"
ARM: 9025/1: Kconfig: CPU_BIG_ENDIAN depends on !LD_IS_LLD
iommu/vt-d: Do not use flush-queue when caching-mode is on
phy: cpcap-usb: Fix warning for missing regulator_disable
tools/power/x86/intel-speed-select: Set scaling_max_freq to base_frequency
tools/power/x86/intel-speed-select: Set higher of cpuinfo_max_freq or base_frequency
platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix touchscreen on Estar Beauty HD tablet
platform/x86: intel-vbtn: Support for tablet mode on Dell Inspiron 7352
habanalabs: fix dma_addr passed to dma_mmap_coherent
locking/lockdep: Avoid noinstr warning for DEBUG_LOCKDEP
x86: __always_inline __{rd,wr}msr()
scsi: scsi_transport_srp: Don't block target in failfast state
scsi: libfc: Avoid invoking response handler twice if ep is already completed
scsi: fnic: Fix memleak in vnic_dev_init_devcmd2
ASoC: SOF: Intel: hda: Resume codec to do jack detection
ALSA: hda: Add AlderLake-P PCI ID and HDMI codec vid
objtool: Don't add empty symbols to the rbtree
mac80211: fix incorrect strlen of .write in debugfs
mac80211: fix fast-rx encryption check
mac80211: fix encryption key selection for 802.3 xmit
scsi: ibmvfc: Set default timeout to avoid crash during migration
ALSA: hda: Add Cometlake-R PCI ID
i2c: tegra: Create i2c_writesl_vi() to use with VI I2C for filling TX FIFO
udf: fix the problem that the disc content is not displayed
nvme: check the PRINFO bit before deciding the host buffer length
nvme-rdma: avoid request double completion for concurrent nvme_rdma_timeout
nvme-tcp: avoid request double completion for concurrent nvme_tcp_timeout
nvme-pci: allow use of cmb on v1.4 controllers
nvmet: set right status on error in id-ns handler
platform/x86: thinkpad_acpi: Add P53/73 firmware to fan_quirk_table for dual fan control
selftests/powerpc: Only test lwm/stmw on big endian
drm/amd/display: Update dram_clock_change_latency for DCN2.1
drm/amd/display: Allow PSTATE chnage when no displays are enabled
drm/amd/display: Change function decide_dp_link_settings to avoid infinite looping
drm/amd/display: Use hardware sequencer functions for PG control
drm/amd/display: Fixed corruptions on HPDRX link loss restore
habanalabs: zero pci counters packet before submit to FW
habanalabs: fix backward compatibility of idle check
habanalabs: disable FW events on device removal
objtool: Don't fail the kernel build on fatal errors
x86/cpu: Add another Alder Lake CPU to the Intel family
kthread: Extract KTHREAD_IS_PER_CPU
workqueue: Restrict affinity change to rescuer
Linux 5.10.14
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I14bb472e4128e97ea84e91547b9223d1157b93c8
|
||
|
lianzhi chang
|
a9fd4ef6e5 |
udf: fix the problem that the disc content is not displayed
[ Upstream commit 5cdc4a6950a883594e9640b1decb3fcf6222a594 ] When the capacity of the disc is too large (assuming the 4.7G specification), the disc (UDF file system) will be burned multiple times in the windows (Multisession Usage). When the remaining capacity of the CD is less than 300M (estimated value, for reference only), open the CD in the Linux system, the content of the CD is displayed as blank (the kernel will say "No VRS found"). Windows can display the contents of the CD normally. Through analysis, in the "fs/udf/super.c": udf_check_vsd function, the actual value of VSD_MAX_SECTOR_OFFSET may be much larger than 0x800000. According to the current code logic, it is found that the type of sbi->s_session is "__s32", when the remaining capacity of the disc is less than 300M (take a set of test values: sector=3154903040, sbi->s_session=1540464, sb->s_blocksize_bits=11 ), the calculation result of "sbi->s_session << sb->s_blocksize_bits" will overflow. Therefore, it is necessary to convert the type of s_session to "loff_t" (when udf_check_vsd starts, assign a value to _sector, which is also converted in this way), so that the result will not overflow, and then the content of the disc can be displayed normally. Link: https://lore.kernel.org/r/20210114075741.30448-1-changlianzhi@uniontech.com Signed-off-by: lianzhi chang <changlianzhi@uniontech.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Alessio Balsini
|
8a0e4c2b94 |
FROMLIST: fuse: Fix crediantials leak in passthrough read_iter
If the system doesn't have enough memory when fuse_passthrough_read_iter
is requested in asynchronous IO, an error is directly returned without
restoring the caller's credentials.
Fix by always ensuring credentials are restored.
Fixes:
|
||
|
Lokesh Gidra
|
6a6bc06393 |
UPSTREAM: userfaultfd: add user-mode only option to unprivileged_userfaultfd sysctl knob
With this change, when the knob is set to 0, it allows unprivileged users to call userfaultfd, like when it is set to 1, but with the restriction that page faults from only user-mode can be handled. In this mode, an unprivileged user (without SYS_CAP_PTRACE capability) must pass UFFD_USER_MODE_ONLY to userfaultd or the API will fail with EPERM. This enables administrators to reduce the likelihood that an attacker with access to userfaultfd can delay faulting kernel code to widen timing windows for other exploits. The default value of this knob is changed to 0. This is required for correct functioning of pipe mutex. However, this will fail postcopy live migration, which will be unnoticeable to the VM guests. To avoid this, set 'vm.userfault = 1' in /sys/sysctl.conf. The main reason this change is desirable as in the short term is that the Android userland will behave as with the sysctl set to zero. So without this commit, any Linux binary using userfaultfd to manage its memory would behave differently if run within the Android userland. For more details, refer to Andrea's reply [1]. [1] https://lore.kernel.org/lkml/20200904033438.GI9411@redhat.com/ Link: https://lkml.kernel.org/r/20201120030411.2690816-3-lokeshgidra@google.com Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Reviewed-by: Andrea Arcangeli <aarcange@redhat.com> Cc: Kees Cook <keescook@chromium.org> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Peter Xu <peterx@redhat.com> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Stephen Smalley <stephen.smalley.work@gmail.com> Cc: Eric Biggers <ebiggers@kernel.org> Cc: Daniel Colascione <dancol@dancol.org> Cc: "Joel Fernandes (Google)" <joel@joelfernandes.org> Cc: Kalesh Singh <kaleshsingh@google.com> Cc: Suren Baghdasaryan <surenb@google.com> Cc: Jeff Vander Stoep <jeffv@google.com> Cc: <calin@google.com> Cc: Mike Rapoport <rppt@linux.vnet.ibm.com> Cc: Shaohua Li <shli@fb.com> Cc: Jerome Glisse <jglisse@redhat.com> Cc: Mauro Carvalho Chehab <mchehab+huawei@kernel.org> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Mel Gorman <mgorman@techsingularity.net> Cc: Nitin Gupta <nigupta@nvidia.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Iurii Zaikin <yzaikin@google.com> Cc: Luis Chamberlain <mcgrof@kernel.org> Cc: Daniel Colascione <dancol@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit d0d4730ac2e404a5b0da9a87ef38c73e51cb1664) Bug: 160737021 Bug: 169683130 Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Change-Id: I08b7080b49ca626c5ab41bb2621fa21fa9a928a2 |
||
|
Lokesh Gidra
|
b8af1f96cc |
UPSTREAM: userfaultfd: add UFFD_USER_MODE_ONLY
Patch series "Control over userfaultfd kernel-fault handling", v6. This patch series is split from [1]. The other series enables SELinux support for userfaultfd file descriptors so that its creation and movement can be controlled. It has been demonstrated on various occasions that suspending kernel code execution for an arbitrary amount of time at any access to userspace memory (copy_from_user()/copy_to_user()/...) can be exploited to change the intended behavior of the kernel. For instance, handling page faults in kernel-mode using userfaultfd has been exploited in [2, 3]. Likewise, FUSE, which is similar to userfaultfd in this respect, has been exploited in [4, 5] for similar outcome. This small patch series adds a new flag to userfaultfd(2) that allows callers to give up the ability to handle kernel-mode faults with the resulting UFFD file object. It then adds a 'user-mode only' option to the unprivileged_userfaultfd sysctl knob to require unprivileged callers to use this new flag. The purpose of this new interface is to decrease the chance of an unprivileged userfaultfd user taking advantage of userfaultfd to enhance security vulnerabilities by lengthening the race window in kernel code. [1] https://lore.kernel.org/lkml/20200211225547.235083-1-dancol@google.com/ [2] https://duasynt.com/blog/linux-kernel-heap-spray [3] https://duasynt.com/blog/cve-2016-6187-heap-off-by-one-exploit [4] https://googleprojectzero.blogspot.com/2016/06/exploiting-recursion-in-linux-kernel_20.html [5] https://bugs.chromium.org/p/project-zero/issues/detail?id=808 This patch (of 2): userfaultfd handles page faults from both user and kernel code. Add a new UFFD_USER_MODE_ONLY flag for userfaultfd(2) that makes the resulting userfaultfd object refuse to handle faults from kernel mode, treating these faults as if SIGBUS were always raised, causing the kernel code to fail with EFAULT. A future patch adds a knob allowing administrators to give some processes the ability to create userfaultfd file objects only if they pass UFFD_USER_MODE_ONLY, reducing the likelihood that these processes will exploit userfaultfd's ability to delay kernel page faults to open timing windows for future exploits. Link: https://lkml.kernel.org/r/20201120030411.2690816-1-lokeshgidra@google.com Link: https://lkml.kernel.org/r/20201120030411.2690816-2-lokeshgidra@google.com Signed-off-by: Daniel Colascione <dancol@google.com> Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Reviewed-by: Andrea Arcangeli <aarcange@redhat.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: <calin@google.com> Cc: Daniel Colascione <dancol@dancol.org> Cc: Eric Biggers <ebiggers@kernel.org> Cc: Iurii Zaikin <yzaikin@google.com> Cc: Jeff Vander Stoep <jeffv@google.com> Cc: Jerome Glisse <jglisse@redhat.com> Cc: "Joel Fernandes (Google)" <joel@joelfernandes.org> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Kalesh Singh <kaleshsingh@google.com> Cc: Kees Cook <keescook@chromium.org> Cc: Luis Chamberlain <mcgrof@kernel.org> Cc: Mauro Carvalho Chehab <mchehab+huawei@kernel.org> Cc: Mel Gorman <mgorman@techsingularity.net> Cc: Mike Rapoport <rppt@linux.vnet.ibm.com> Cc: Nitin Gupta <nigupta@nvidia.com> Cc: Peter Xu <peterx@redhat.com> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: Shaohua Li <shli@fb.com> Cc: Stephen Smalley <stephen.smalley.work@gmail.com> Cc: Suren Baghdasaryan <surenb@google.com> Cc: Vlastimil Babka <vbabka@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit 37cd0575b8510159992d279c530c05f872990b02) Bug: 160737021 Bug: 169683130 Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Change-Id: I19ff309b616c7a4a247e8c8427a87caffb1b2df9 |
||
|
Daniel Colascione
|
dbc935c62b |
UPSTREAM: userfaultfd: use secure anon inodes for userfaultfd
This change gives userfaultfd file descriptors a real security context, allowing policy to act on them. Signed-off-by: Daniel Colascione <dancol@google.com> [LG: Remove owner inode from userfaultfd_ctx] [LG: Use anon_inode_getfd_secure() in userfaultfd syscall] [LG: Use inode of file in userfaultfd_read() in resolve_userfault_fork()] Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (cherry picked from commit b537900f1598b67bcb8acac20da73c6e26ebbf99) Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Bug: 160737021 Bug: 169683130 Change-Id: Ib2973ca3650a8defe15eded13294a3fb25356b9d |
||
|
Daniel Colascione
|
d7848abe40 |
UPSTREAM: fs: add LSM-supporting anon-inode interface
This change adds a new function, anon_inode_getfd_secure, that creates anonymous-node file with individual non-S_PRIVATE inode to which security modules can apply policy. Existing callers continue using the original singleton-inode kind of anonymous-inode file. We can transition anonymous inode users to the new kind of anonymous inode in individual patches for the sake of bisection and review. The new function accepts an optional context_inode parameter that callers can use to provide additional contextual information to security modules. For example, in case of userfaultfd, the created inode is a 'logical child' of the context_inode (userfaultfd inode of the parent process) in the sense that it provides the security context required during creation of the child process' userfaultfd inode. Signed-off-by: Daniel Colascione <dancol@google.com> [LG: Delete obsolete comments to alloc_anon_inode()] [LG: Add context_inode description in comments to anon_inode_getfd_secure()] [LG: Remove definition of anon_inode_getfile_secure() as there are no callers] [LG: Make __anon_inode_getfile() static] [LG: Use correct error cast in __anon_inode_getfile()] [LG: Fix error handling in __anon_inode_getfile()] Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Paul Moore <paul@paul-moore.com> (cherry picked from commit e7e832ce6fa769f800cd7eaebdb0459ad31e0416) Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Bug: 160737021 Bug: 169683130 Change-Id: I3061c599f2951368914a2ca9f56ea60387d42a1d |