PD#153240: add disp pts in vf for some unstable pts
Change-Id: I1d4cfd04c94feafac109bd69be3bd422aca3d8bf
Signed-off-by: shihong.zheng <shihong.zheng@amlogic.com>
PD#152538: tcp/dccp: drop SYN packets if accept queue is full
tcp/dccp: drop SYN packets if accept queue is full
Per listen(fd, backlog) rules, there is really no point accepting a SYN,
sending a SYNACK, and dropping the following ACK packet if accept queue
is full, because application is not draining accept queue fast enough.
This behavior is fooling TCP clients that believe they established a
flow, while there is nothing at server side. They might then send about
10 MSS (if using IW10) that will be dropped anyway while server is under
stress.
Change-Id: I674728eac69b418255522afc8d345995b8891a7e
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ao Xu <ao.xu@amlogic.com>
PD#151104: mm: add pagetrace function
1. implement pagetrace as a driver; you can get information
of how many pages allocated by each function by read:
cat /proc/pagetrace
2. fix wrong statistics of free memory of each migrate type.
Change-Id: Ib2dff4bb5b3dd288ee188007352fc7b353eda100
Signed-off-by: tao zeng <tao.zeng@amlogic.com>
PD#152453: add ioctl for OMX to get current video layer1 on/off state
for DRM TVP resource release.
Change-Id: I8a45869f63259500cbe8be7bc146793e6d7eb266
Signed-off-by: Rongrong Zhou <rongrong.zhou@amlogic.com>
PD#152591: USB: get RESET_REGISTER address from dts.
Before we get this address by offset of cbus.
From txlx,this address is not the same because memory map modifty.
Now usb module get this address from dts.
Change-Id: I2ed7d3a19f52c80edab33dec2569ed3ccd375438
Signed-off-by: Qi Duan <qi.duan@amlogic.com>
PD#150482: unifykey: check secure storage valid before SMC call ATF.
same as PD#150483.
ATF use CONFIG to enable/disable secure storage.
If ATF disable secure storage, secure storage code will be
compiled out. Kernel should check if secure stroage exists before
SMC call ATF.
Change-Id: Ifd5e3c42a181bb814dcedad13bebb4596ae95e27
Signed-off-by: Yan Wang <yan.wang@amlogic.com>
Changes in 4.9.54
drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define
drm: bridge: add DT bindings for TI ths8135
GFS2: Fix reference to ERR_PTR in gfs2_glock_iter_next
drm/i915: Fix the overlay frontbuffer tracking
ARM: dts: exynos: Add CPU OPPs for Exynos4412 Prime
clk: sunxi-ng: fix PLL_CPUX adjusting on H3
RDS: RDMA: Fix the composite message user notification
ARM: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes
MIPS: Ensure bss section ends on a long-aligned address
MIPS: ralink: Fix a typo in the pinmux setup.
MIPS: ralink: Fix incorrect assignment on ralink_soc
power: supply: axp288_fuel_gauge: Fix fuel_gauge_reg_readb return on error
scsi: be2iscsi: Add checks to validate CID alloc/free
ARM: dts: am335x-chilisom: Wakeup from RTC-only state by power on event
igb: re-assign hw address pointer on reset after PCI error
extcon: axp288: Use vbus-valid instead of -present to determine cable presence
reset: ti_syscon: fix a ti_syscon_reset_status issue
sh_eth: use correct name for ECMR_MPDE bit
clk/axs10x: Clear init field in driver probe
usb: make the MTK XHCI driver compile for older MIPS SoCs
hwmon: (gl520sm) Fix overflows and crash seen when writing into limit attributes
iio: adc: imx25-gcq: Fix module autoload
iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications
iio: adc: hx711: Add DT binding for avia,hx711
IB/rxe: Add a runtime check in alloc_index()
IB/rxe: Fix a MR reference leak in check_rkey()
ARM: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM
drm/i915/psr: disable psr2 for resolution greater than 32X20
serial: 8250: moxa: Store num_ports in brd
tty: goldfish: Fix a parameter of a call to free_irq
serial: 8250_port: Remove dangerous pr_debug()
IB/ipoib: Fix deadlock over vlan_mutex
IB/ipoib: rtnl_unlock can not come after free_netdev
IB/ipoib: Replace list_del of the neigh->list with list_del_init
arm: dts: mt2701: Add subsystem clock controller device nodes
drm/amdkfd: fix improper return value on error
USB: serial: mos7720: fix control-message error handling
USB: serial: mos7840: fix control-message error handling
sfc: get PIO buffer size from the NIC
partitions/efi: Fix integer overflow in GPT size calculation
ASoC: dapm: handle probe deferrals
audit: log 32-bit socketcalls
ath10k: prevent sta pointer rcu violation
spi: pxa2xx: Add support for Intel Gemini Lake
iommu/arm-smmu: Set privileged attribute to 'default' instead of 'unprivileged'
usb: chipidea: vbus event may exist before starting gadget
rtl8xxxu: Add additional USB IDs for rtl8192eu devices
ASoC: dapm: fix some pointer error handling
drm: mali-dp: Fix destination size handling when rotating
drm: mali-dp: Fix transposed horizontal/vertical flip
HID: wacom: release the resources before leaving despite devm
MIPS: Lantiq: Fix another request_mem_region() return code check
mips: ath79: clock:- Unmap region obtained by of_iomap
lkdtm: Fix Oops when unloading the module
net: core: Prevent from dereferencing null pointer when releasing SKB
net/packet: check length in getsockopt() called with PACKET_HDRLEN
team: fix memory leaks
usb: plusb: Add support for PL-27A1
udp: disable inner UDP checksum offloads in IPsec case
net: dsa: b53: Include IMP/CPU port in dumb forwarding mode
qed: Fix possible system hang in the dcbnl-getdcbx() path.
mmc: sdio: fix alignment issue in struct sdio_func
bridge: netlink: register netdevice before executing changelink
Btrfs: fix segmentation fault when doing dio read
Btrfs: fix potential use-after-free for cloned bio
sata_via: Enable hotplug only on VT6421
hugetlbfs: initialize shared policy as part of inode allocation
kasan: do not sanitize kexec purgatory
drivers/rapidio/devices/tsi721.c: make module parameter variable name unique
netfilter: invoke synchronize_rcu after set the _hook_ to NULL
MIPS: IRQ Stack: Unwind IRQ stack onto task stack
iommu/exynos: Block SYSMMU while invalidating FLPD cache
exynos-gsc: Do not swap cb/cr for semi planar formats
MIPS: smp-cps: Fix retrieval of VPE mask on big endian CPUs
nvme-rdma: handle cpu unplug when re-establishing the controller
netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max
parisc: perf: Fix potential NULL pointer dereference
nfs: make nfs4_cb_sv_ops static
ibmvnic: Free tx/rx scrq pointer array when releasing sub-crqs
cpufreq: intel_pstate: Update pid_params.sample_rate_ns in pid_param_set()
x86/acpi: Restore the order of CPU IDs
iommu/io-pgtable-arm: Check for leaf entry before dereferencing it
mm/cgroup: avoid panic when init with low memory
rds: ib: add error handle
md/raid10: submit bio directly to replacement disk
netfilter: nf_tables: set pktinfo->thoff at AH header if found
i2c: meson: fix wrong variable usage in meson_i2c_put_data
xfs: remove kmem_zalloc_greedy
ASoC: wm_adsp: Return an error on write to a disabled volatile control
libata: transport: Remove circular dependency at free time
ARM: dts: BCM5301X: Fix memory start address
tools/power turbostat: bugfix: GFXMHz column not changing
IB/qib: fix false-postive maybe-uninitialized warning
ARM: remove duplicate 'const' annotations'
ASoC: rt5514: fix gcc-7 warning
ASoC: rt5659: drop double const
ASoC: rt5660: remove double const
ALSA: au88x0: avoid theoretical uninitialized access
ttpci: address stringop overflow warning
s390/mm: make pmdp_invalidate() do invalidation only
Linux 4.9.54
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 568af6de05 ]
Phil Sutter reports that IPv6 AH header matching is broken. From
userspace, nft generates bytecode that expects to find the AH header at
NFT_PAYLOAD_TRANSPORT_HEADER both for IPv4 and IPv6. However,
pktinfo->thoff is set to the inner header after the AH header in IPv6,
while in IPv4 pktinfo->thoff points to the AH header indeed. This
behaviour is inconsistent. This patch fixes this problem by updating
ipv6_find_hdr() to get the IP6_FH_F_AUTH flag so this function stops at
the AH header, so both IPv4 and IPv6 pktinfo->thoff point to the AH
header.
This is also inconsistent when trying to match encapsulated headers:
1) A packet that looks like IPv4 + AH + TCP dport 22 will *not* match.
2) A packet that looks like IPv6 + AH + TCP dport 22 will match.
Reported-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 5ef1ecf060 ]
Certain 64-bit systems (e.g. Amlogic Meson GX) require buffers to be
used for DMA to be 8-byte-aligned. struct sdio_func has an embedded
small DMA buffer not meeting this requirement.
When testing switching to descriptor chain mode in meson-gx driver
SDIO is broken therefore. Fix this by allocating the small DMA buffer
separately as kmalloc ensures that the returned memory area is
properly aligned for every basic data type.
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Tested-by: Helmut Klein <hgkr.klein@gmail.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Preempt and irq trace events can be used for tracing the start and
end of an atomic section which can be used by a trace viewer like
systrace to graphically view the start and end of an atomic section and
correlate them with latencies and scheduling issues.
This also serves as a prelude to using synthetic events or probes to
rewrite the preempt and irqsoff tracers, along with numerous benefits of
using trace events features for these events.
Change-Id: I4f992714c0161a415b17a03aa14cce823d8ca3bb
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Peter Zilstra <peterz@infradead.org>
Cc: kernel-team@android.com
Link: https://patchwork.kernel.org/patch/9988157/
Signed-off-by: Joel Fernandes <joelaf@google.com>
Changes in 4.9.53
cifs: release cifs root_cred after exit_cifs
cifs: release auth_key.response for reconnect.
fs/proc: Report eip/esp in /prod/PID/stat for coredumping
mac80211: fix VLAN handling with TXQs
mac80211_hwsim: Use proper TX power
mac80211: flush hw_roc_start work before cancelling the ROC
genirq: Make sparse_irq_lock protect what it should protect
KVM: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce()
KVM: PPC: Book3S HV: Protect updates to spapr_tce_tables list
tracing: Fix trace_pipe behavior for instance traces
tracing: Erase irqsoff trace with empty write
md/raid5: fix a race condition in stripe batch
md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list
scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
drm/radeon: disable hard reset in hibernate for APUs
crypto: drbg - fix freeing of resources
crypto: talitos - Don't provide setkey for non hmac hashing algs.
crypto: talitos - fix sha224
crypto: talitos - fix hashing
security/keys: properly zero out sensitive key material in big_key
security/keys: rewrite all of big_key crypto
KEYS: fix writing past end of user-supplied buffer in keyring_read()
KEYS: prevent creating a different user's keyrings
KEYS: prevent KEYCTL_READ on negative key
powerpc/pseries: Fix parent_dn reference leak in add_dt_node()
powerpc/tm: Flush TM only if CPU has TM feature
powerpc/ftrace: Pass the correct stack pointer for DYNAMIC_FTRACE_WITH_REGS
s390/mm: fix write access check in gup_huge_pmd()
PM: core: Fix device_pm_check_callbacks()
Fix SMB3.1.1 guest authentication to Samba
SMB3: Warn user if trying to sign connection that authenticated as guest
SMB: Validate negotiate (to protect against downgrade) even if signing off
SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags
vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets
nl80211: check for the required netlink attributes presence
bsg-lib: don't free job in bsg_prepare_job
iw_cxgb4: remove the stid on listen create failure
iw_cxgb4: put ep reference in pass_accept_req()
selftests/seccomp: Support glibc 2.26 siginfo_t.h
seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()
arm64: Make sure SPsel is always set
arm64: fault: Route pte translation faults via do_translation_fault
KVM: VMX: extract __pi_post_block
KVM: VMX: avoid double list add with VT-d posted interrupts
KVM: VMX: simplify and fix vmx_vcpu_pi_load
kvm/x86: Handle async PF in RCU read-side critical sections
KVM: VMX: Do not BUG() on out-of-bounds guest IRQ
kvm: nVMX: Don't allow L2 to access the hardware CR8
xfs: validate bdev support for DAX inode flag
etnaviv: fix gem object list corruption
PCI: Fix race condition with driver_override
btrfs: fix NULL pointer dereference from free_reloc_roots()
btrfs: propagate error to btrfs_cmp_data_prepare caller
btrfs: prevent to set invalid default subvolid
x86/mm: Fix fault error path using unsafe vma pointer
x86/fpu: Don't let userspace set bogus xcomp_bv
gfs2: Fix debugfs glocks dump
timer/sysclt: Restrict timer migration sysctl values to 0 and 1
KVM: VMX: do not change SN bit in vmx_update_pi_irte()
KVM: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt
cxl: Fix driver use count
KVM: VMX: use cmpxchg64
video: fbdev: aty: do not leak uninitialized padding in clk to userspace
swiotlb-xen: implement xen_swiotlb_dma_mmap callback
Linux 4.9.53
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 237bbd29f7 upstream.
It was possible for an unprivileged user to create the user and user
session keyrings for another user. For example:
sudo -u '#3000' sh -c 'keyctl add keyring _uid.4000 "" @u
keyctl add keyring _uid_ses.4000 "" @u
sleep 15' &
sleep 1
sudo -u '#4000' keyctl describe @u
sudo -u '#4000' keyctl describe @us
This is problematic because these "fake" keyrings won't have the right
permissions. In particular, the user who created them first will own
them and will have full access to them via the possessor permissions,
which can be used to compromise the security of a user's keys:
-4: alswrv-----v------------ 3000 0 keyring: _uid.4000
-5: alswrv-----v------------ 3000 0 keyring: _uid_ses.4000
Fix it by marking user and user session keyrings with a flag
KEY_FLAG_UID_KEYRING. Then, when searching for a user or user session
keyring by name, skip all keyrings that don't have the flag set.
Fixes: 69664cf16a ("keys: don't generate user and user session keyrings unless they're accessed")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5316821590 upstream.
With TXQs, the AP_VLAN interfaces are resolved to their owner AP
interface when enqueuing the frame, which makes sense since the
frame really goes out on that as far as the driver is concerned.
However, this introduces a problem: frames to be encrypted with
a VLAN-specific GTK will now be encrypted with the AP GTK, since
the information about which virtual interface to use to select
the key is taken from the TXQ.
Fix this by preserving info->control.vif and using that in the
dequeue function. This now requires doing the driver-mapping
in the dequeue as well.
Since there's no way to filter the frames that are sitting on a
TXQ, drop all frames, which may affect other interfaces, when an
AP_VLAN is removed.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 4.9.52
SUNRPC: Refactor svc_set_num_threads()
NFSv4: Fix callback server shutdown
mm: prevent double decrease of nr_reserved_highatomic
orangefs: Don't clear SGID when inheriting ACLs
IB/{qib, hfi1}: Avoid flow control testing for RDMA write operation
drm/sun4i: Implement drm_driver lastclose to restore fbdev console
IB/addr: Fix setting source address in addr6_resolve()
tty: improve tty_insert_flip_char() fast path
tty: improve tty_insert_flip_char() slow path
tty: fix __tty_insert_flip_char regression
pinctrl/amd: save pin registers over suspend/resume
Input: i8042 - add Gigabyte P57 to the keyboard reset table
MIPS: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation
MIPS: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero
MIPS: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative
MIPS: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with opposite signs
MIPS: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs
MIPS: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs
MIPS: math-emu: Handle zero accumulator case in MADDF and MSUBF separately
MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Fix NaN propagation
MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Fix some cases of infinite inputs
MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Fix some cases of zero inputs
MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Clean up "maddf_flags" enumeration
MIPS: math-emu: <MADDF|MSUBF>.S: Fix accuracy (32-bit case)
MIPS: math-emu: <MADDF|MSUBF>.D: Fix accuracy (64-bit case)
crypto: ccp - Fix XTS-AES-128 support on v5 CCPs
crypto: AF_ALG - remove SGL terminator indicator when chaining
ext4: fix incorrect quotaoff if the quota feature is enabled
ext4: fix quota inconsistency during orphan cleanup for read-only mounts
powerpc: Fix DAR reporting when alignment handler faults
block: Relax a check in blk_start_queue()
md/bitmap: disable bitmap_resize for file-backed bitmaps.
skd: Avoid that module unloading triggers a use-after-free
skd: Submit requests to firmware before triggering the doorbell
scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path
scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records
scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA
scsi: zfcp: fix missing trace records for early returns in TMF eh handlers
scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response
scsi: zfcp: trace high part of "new" 64 bit SCSI LUN
scsi: megaraid_sas: set minimum value of resetwaittime to be 1 secs
scsi: megaraid_sas: Check valid aen class range to avoid kernel panic
scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead
scsi: storvsc: fix memory leak on ring buffer busy
scsi: sg: remove 'save_scat_len'
scsi: sg: use standard lists for sg_requests
scsi: sg: off by one in sg_ioctl()
scsi: sg: factor out sg_fill_request_table()
scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
scsi: qla2xxx: Correction to vha->vref_count timeout
scsi: qla2xxx: Fix an integer overflow in sysfs code
ftrace: Fix selftest goto location on error
ftrace: Fix memleak when unregistering dynamic ops when tracing disabled
tracing: Add barrier to trace_printk() buffer nesting modification
tracing: Apply trace_clock changes to instance max buffer
ARC: Re-enable MMU upon Machine Check exception
PCI: shpchp: Enable bridge bus mastering if MSI is enabled
PCI: pciehp: Report power fault only once until we clear it
net/netfilter/nf_conntrack_core: Fix net_conntrack_lock()
s390/mm: fix local TLB flushing vs. detach of an mm address space
s390/mm: fix race on mm->context.flush_mm
media: v4l2-compat-ioctl32: Fix timespec conversion
media: uvcvideo: Prevent heap overflow when accessing mapped controls
PM / devfreq: Fix memory leak when fail to register device
bcache: initialize dirty stripes in flash_dev_run()
bcache: Fix leak of bdev reference
bcache: do not subtract sectors_to_gc for bypassed IO
bcache: correct cache_dirty_target in __update_writeback_rate()
bcache: Correct return value for sysfs attach errors
bcache: fix for gc and write-back race
bcache: fix bch_hprint crash and improve output
Linux 4.9.52
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit e652399edb upstream.
Version 5 CCPs have some new requirements for XTS-AES: the type field
must be specified, and the key requires 512 bits, with each part
occupying 256 bits and padded with zeroes.
Signed-off-by: Gary R Hook <ghook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 979990c628 upstream.
kernelci.org reports a crazy stack usage for the VT code when CONFIG_KASAN
is enabled:
drivers/tty/vt/keyboard.c: In function 'kbd_keycode':
drivers/tty/vt/keyboard.c:1452:1: error: the frame size of 2240 bytes is larger than 2048 bytes [-Werror=frame-larger-than=]
The problem is that tty_insert_flip_char() gets inlined many times into
kbd_keycode(), and also into other functions, and each copy requires 128
bytes for stack redzone to check for a possible out-of-bounds access on
the 'ch' and 'flags' arguments that are passed into
tty_insert_flip_string_flags as a variable-length string.
This introduces a new __tty_insert_flip_char() function for the slow
path, which receives the two arguments by value. This completely avoids
the problem and the stack usage goes back down to around 100 bytes.
Without KASAN, this is also slightly better, as we don't have to
spill the arguments to the stack but can simply pass 'ch' and 'flag'
in registers, saving a few bytes in .text for each call site.
This should be backported to linux-4.0 or later, which first introduced
the stack sanitizer in the kernel.
Fixes: c420f167db ("kasan: enable stack instrumentation")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
PD#148982: add freeze op to distinguish freeze mode vs mem mode
Signed-off-by: Qiufang Dai <qiufang.dai@amlogic.com>
Change-Id: I3bec4d687a933603a29aeb7a44422aa81e47cea7
Changes in 4.9.51
ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()
ipv6: add rcu grace period before freeing fib6_node
ipv6: fix sparse warning on rt6i_node
macsec: add genl family module alias
udp: on peeking bad csum, drop packets even if not at head
fsl/man: Inherit parent device and of_node
sctp: Avoid out-of-bounds reads from address storage
qlge: avoid memcpy buffer overflow
netvsc: fix deadlock betwen link status and removal
cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox()
packet: Don't write vnet header beyond end of buffer
kcm: do not attach PF_KCM sockets to avoid deadlock
Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()"
tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0
mlxsw: spectrum: Forbid linking to devices that have uppers
bridge: switchdev: Clear forward mark when transmitting packet
Revert "net: use lib/percpu_counter API for fragmentation mem accounting"
Revert "net: fix percpu memory leaks"
gianfar: Fix Tx flow control deactivation
vhost_net: correctly check tx avail during rx busy polling
ip6_gre: update mtu properly in ip6gre_err
ipv6: fix memory leak with multiple tables during netns destruction
ipv6: fix typo in fib6_net_exit()
sctp: fix missing wake ups in some situations
ip_tunnel: fix setting ttl and tos value in collect_md mode
f2fs: let fill_super handle roll-forward errors
f2fs: check hot_data for roll-forward recovery
x86/fsgsbase/64: Fully initialize FS and GS state in start_thread_common
x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps
x86/switch_to/64: Rewrite FS/GS switching yet again to fix AMD CPUs
xfs: Move handling of missing page into one place in xfs_find_get_desired_pgoff()
xfs: fix spurious spin_is_locked() assert failures on non-smp kernels
xfs: push buffer of flush locked dquot to avoid quotacheck deadlock
xfs: try to avoid blowing out the transaction reservation when bunmaping a shared extent
xfs: release bli from transaction properly on fs shutdown
xfs: remove bli from AIL before release on transaction abort
xfs: don't allow bmap on rt files
xfs: free uncommitted transactions during log recovery
xfs: free cowblocks and retry on buffered write ENOSPC
xfs: don't crash on unexpected holes in dir/attr btrees
xfs: check _btree_check_block value
xfs: set firstfsb to NULLFSBLOCK before feeding it to _bmapi_write
xfs: check _alloc_read_agf buffer pointer before using
xfs: fix quotacheck dquot id overflow infinite loop
xfs: fix multi-AG deadlock in xfs_bunmapi
xfs: Fix per-inode DAX flag inheritance
xfs: fix inobt inode allocation search optimization
xfs: clear MS_ACTIVE after finishing log recovery
xfs: don't leak quotacheck dquots when cow recovery
iomap: fix integer truncation issues in the zeroing and dirtying helpers
xfs: write unmount record for ro mounts
xfs: toggle readonly state around xfs_log_mount_finish
xfs: remove xfs_trans_ail_delete_bulk
xfs: Add infrastructure needed for error propagation during buffer IO failure
xfs: Properly retry failed inode items in case of error during buffer writeback
xfs: fix recovery failure when log record header wraps log end
xfs: always verify the log tail during recovery
xfs: fix log recovery corruption error due to tail overwrite
xfs: handle -EFSCORRUPTED during head/tail verification
xfs: add log recovery tracepoint for head/tail
xfs: stop searching for free slots in an inode chunk when there are none
xfs: evict all inodes involved with log redo item
xfs: check for race with xfs_reclaim_inode() in xfs_ifree_cluster()
xfs: open-code xfs_buf_item_dirty()
xfs: remove unnecessary dirty bli format check for ordered bufs
xfs: ordered buffer log items are never formatted
xfs: refactor buffer logging into buffer dirtying helper
xfs: don't log dirty ranges for ordered buffers
xfs: skip bmbt block ino validation during owner change
xfs: move bmbt owner change to last step of extent swap
xfs: disallow marking previously dirty buffers as ordered
xfs: relog dirty buffers during swapext bmbt owner change
xfs: disable per-inode DAX flag
xfs: fix incorrect log_flushed on fsync
xfs: don't set v3 xflags for v2 inodes
xfs: open code end_buffer_async_write in xfs_finish_page_writeback
xfs: use kmem_free to free return value of kmem_zalloc
md/raid5: release/flush io in raid5_do_work()
xfs: fix compiler warnings
ipv6: Fix may be used uninitialized warning in rt6_check
Linux 4.9.51
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 799ea9e9c5 upstream.
When we introduced the bmap redo log items, we set MS_ACTIVE on the
mountpoint and XFS_IRECOVERY on the inode to prevent unlinked inodes
from being truncated prematurely during log recovery. This also had the
effect of putting linked inodes on the lru instead of evicting them.
Unfortunately, we neglected to find all those unreferenced lru inodes
and evict them after finishing log recovery, which means that we leak
them if anything goes wrong in the rest of xfs_mountfs, because the lru
is only cleaned out on unmount.
Therefore, evict unreferenced inodes in the lru list immediately
after clearing MS_ACTIVE.
Fixes: 17c12bcd30 ("xfs: when replaying bmap operations, don't let unlinked inodes get reaped")
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Cc: viro@ZenIV.linux.org.uk
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 5a63643e58 ]
This reverts commit 1d6119baf0.
After reverting commit 6d7b857d54 ("net: use lib/percpu_counter API
for fragmentation mem accounting") then here is no need for this
fix-up patch. As percpu_counter is no longer used, it cannot
memory leak it any-longer.
Fixes: 6d7b857d54 ("net: use lib/percpu_counter API for fragmentation mem accounting")
Fixes: 1d6119baf0 ("net: fix percpu memory leaks")
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit fb452a1aa3 ]
This reverts commit 6d7b857d54.
There is a bug in fragmentation codes use of the percpu_counter API,
that can cause issues on systems with many CPUs.
The frag_mem_limit() just reads the global counter (fbc->count),
without considering other CPUs can have upto batch size (130K) that
haven't been subtracted yet. Due to the 3MBytes lower thresh limit,
this become dangerous at >=24 CPUs (3*1024*1024/130000=24).
The correct API usage would be to use __percpu_counter_compare() which
does the right thing, and takes into account the number of (online)
CPUs and batch size, to account for this and call __percpu_counter_sum()
when needed.
We choose to revert the use of the lib/percpu_counter API for frag
memory accounting for several reasons:
1) On systems with CPUs > 24, the heavier fully locked
__percpu_counter_sum() is always invoked, which will be more
expensive than the atomic_t that is reverted to.
Given systems with more than 24 CPUs are becoming common this doesn't
seem like a good option. To mitigate this, the batch size could be
decreased and thresh be increased.
2) The add_frag_mem_limit+sub_frag_mem_limit pairs happen on the RX
CPU, before SKBs are pushed into sockets on remote CPUs. Given
NICs can only hash on L2 part of the IP-header, the NIC-RXq's will
likely be limited. Thus, a fair chance that atomic add+dec happen
on the same CPU.
Revert note that commit 1d6119baf0 ("net: fix percpu memory leaks")
removed init_frag_mem_limit() and instead use inet_frags_init_net().
After this revert, inet_frags_uninit_net() becomes empty.
Fixes: 6d7b857d54 ("net: use lib/percpu_counter API for fragmentation mem accounting")
Fixes: 1d6119baf0 ("net: fix percpu memory leaks")
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 25cc72a338 ]
The mlxsw driver relies on NETDEV_CHANGEUPPER events to configure the
device in case a port is enslaved to a master netdev such as bridge or
bond.
Since the driver ignores events unrelated to its ports and their
uppers, it's possible to engineer situations in which the device's data
path differs from the kernel's.
One example to such a situation is when a port is enslaved to a bond
that is already enslaved to a bridge. When the bond was enslaved the
driver ignored the event - as the bond wasn't one of its uppers - and
therefore a bridge port instance isn't created in the device.
Until such configurations are supported forbid them by checking that the
upper device doesn't have uppers of its own.
Fixes: 0d65fc1304 ("mlxsw: spectrum: Implement LAG port join/leave")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reported-by: Nogah Frankel <nogahf@mellanox.com>
Tested-by: Nogah Frankel <nogahf@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 4e587ea71b ]
Commit c5cff8561d adds rcu grace period before freeing fib6_node. This
generates a new sparse warning on rt->rt6i_node related code:
net/ipv6/route.c:1394:30: error: incompatible types in comparison
expression (different address spaces)
./include/net/ip6_fib.h:187:14: error: incompatible types in comparison
expression (different address spaces)
This commit adds "__rcu" tag for rt6i_node and makes sure corresponding
rcu API is used for it.
After this fix, sparse no longer generates the above warning.
Fixes: c5cff8561d ("ipv6: add rcu grace period before freeing fib6_node")
Signed-off-by: Wei Wang <weiwan@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit c5cff8561d ]
We currently keep rt->rt6i_node pointing to the fib6_node for the route.
And some functions make use of this pointer to dereference the fib6_node
from rt structure, e.g. rt6_check(). However, as there is neither
refcount nor rcu taken when dereferencing rt->rt6i_node, it could
potentially cause crashes as rt->rt6i_node could be set to NULL by other
CPUs when doing a route deletion.
This patch introduces an rcu grace period before freeing fib6_node and
makes sure the functions that dereference it takes rcu_read_lock().
Note: there is no "Fixes" tag because this bug was there in a very
early stage.
Signed-off-by: Wei Wang <weiwan@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
PD#150981: synchronous lcd driver linux3.14 to linux4.9
1.add bl_level bootargs parameter
2.repair unifykey bl_level error
3.update the mechanism of 50/60hz switch
4.add pwm & enable sequence reverse support
5.add vbyone special control adjust support
Change-Id: I63136af6b96d793691eed23c064e7515e1d50aff
Signed-off-by: Weiming Liu <weiming.liu@amlogic.com>
PD#150739: merged code from c502feca7 on the amlogic-3.14-dev
1.codec_mm: fixed tvp first wait long time bug
2.pcrmaster: fix some avsync issue in pcrmaster mode
3.vfm: fix vf provider crash issue
Change-Id: I64202a38a3ed0c50ba665fb477caea26c67ddcb0
Signed-off-by: Nanxin Qin <nanxin.qin@amlogic.com>
Changes in 4.9.49
usb: quirks: add delay init quirk for Corsair Strafe RGB keyboard
USB: serial: option: add support for D-Link DWM-157 C1
usb: Add device quirk for Logitech HD Pro Webcam C920-C
usb:xhci:Fix regression when ATI chipsets detected
USB: musb: fix external abort on suspend
USB: core: Avoid race of async_completed() w/ usbdev_release()
staging/rts5208: fix incorrect shift to extract upper nybble
iio: adc: ti-ads1015: fix incorrect data rate setting update
iio: adc: ti-ads1015: fix scale information for ADS1115
iio: adc: ti-ads1015: enable conversion when CONFIG_PM is not set
iio: adc: ti-ads1015: avoid getting stale result after runtime resume
iio: adc: ti-ads1015: don't return invalid value from buffer setup callbacks
iio: adc: ti-ads1015: add adequate wait time to get correct conversion
driver core: bus: Fix a potential double free
intel_th: pci: Add Cannon Lake PCH-H support
intel_th: pci: Add Cannon Lake PCH-LP support
ath10k: fix memory leak in rx ring buffer allocation
Input: trackpoint - assume 3 buttons when buttons detection fails
rtlwifi: rtl_pci_probe: Fix fail path of _rtl_pci_find_adapter
Bluetooth: Add support of 13d3:3494 RTL8723BE device
iwlwifi: pci: add new PCI ID for 7265D
dlm: avoid double-free on error path in dlm_device_{register,unregister}
mwifiex: correct channel stat buffer overflows
MCB: add support for SC31 to mcb-lpc
s390/mm: avoid empty zero pages for KVM guests to avoid postcopy hangs
drm/nouveau/pci/msi: disable MSI on big-endian platforms by default
workqueue: Fix flag collision
cs5536: add support for IDE controller variant
scsi: sg: protect against races between mmap() and SG_SET_RESERVED_SIZE
scsi: sg: recheck MMAP_IO request length with lock held
drm/bridge: adv7511: Use work_struct to defer hotplug handing to out of irq context
drm/bridge: adv7511: Switch to using drm_kms_helper_hotplug_event()
Linux 4.9.49
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 591b6bb605 upstream.
Several legacy devices such as Geode-based Cisco ASA appliances
and DB800 development board do possess CS5536 IDE controller
with different PCI id than existing one. Using pata_generic is
not always feasible as at least DB800 requires MSR quirk from
pata_cs5536 to be used with vendor firmware.
Signed-off-by: Andrey Korolyov <andrey@xdel.ru>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit fbf1c41fc0 upstream.
Commit 0a94efb5ac ("workqueue: implicit ordered attribute should be
overridable") introduced a __WQ_ORDERED_EXPLICIT flag but gave it the
same value as __WQ_LEGACY. I don't believe these were intended to
mean the same thing, so renumber __WQ_ORDERED_EXPLICIT.
Fixes: 0a94efb5ac ("workqueue: implicit ordered attribute should be ...")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
PD#150194: modify suspend & resume fail.
1. fixed alloc blk_test memory on probe,
pre-allocated memory allows suspend/resume
without dynamic allocation.
2. do not flush cache while resume.
Change-Id: If4a310da82f053359f89599fd187ad51a24f16ba
Signed-off-by: Nan Li <nan.li@amlogic.com>
Changes in 4.9.48
irqchip: mips-gic: SYNC after enabling GIC region
i2c: ismt: Don't duplicate the receive length for block reads
i2c: ismt: Return EMSGSIZE for block reads with bogus length
crypto: algif_skcipher - only call put_page on referenced and used pages
mm, uprobes: fix multiple free of ->uprobes_state.xol_area
mm, madvise: ensure poisoned pages are removed from per-cpu lists
ceph: fix readpage from fscache
cpumask: fix spurious cpumask_of_node() on non-NUMA multi-node configs
cpuset: Fix incorrect memory_pressure control file mapping
alpha: uapi: Add support for __SANE_USERSPACE_TYPES__
CIFS: Fix maximum SMB2 header size
CIFS: remove endian related sparse warning
wl1251: add a missing spin_lock_init()
lib/mpi: kunmap after finishing accessing buffer
xfrm: policy: check policy direction value
drm/ttm: Fix accounting error when fail to get pages for pool
kvm: arm/arm64: Force reading uncached stage2 PGD
epoll: fix race between ep_poll_callback(POLLFREE) and ep_free()/ep_remove()
Linux 4.9.48
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit b339752d05 upstream.
When !NUMA, cpumask_of_node(@node) equals cpu_online_mask regardless of
@node. The assumption seems that if !NUMA, there shouldn't be more than
one node and thus reporting cpu_online_mask regardless of @node is
correct. However, that assumption was broken years ago to support
DISCONTIGMEM and whether a system has multiple nodes or not is
separately controlled by NEED_MULTIPLE_NODES.
This means that, on a system with !NUMA && NEED_MULTIPLE_NODES,
cpumask_of_node() will report cpu_online_mask for all possible nodes,
indicating that the CPUs are associated with multiple nodes which is an
impossible configuration.
This bug has been around forever but doesn't look like it has caused any
noticeable symptoms. However, it triggers a WARN recently added to
workqueue to verify NUMA affinity configuration.
Fix it by reporting empty cpumask on non-zero nodes if !NUMA.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-and-tested-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
PD#150194: mm: update cma policy and debug sysfs
1. For movable memory, using CMA first, this can help to avoid
low memory issue and driver can't allocate pages issue;
2. change /proc/slabinfo sysfs with total size print of each slab;
3. change /proc/pagetypeinfo with toatal pages of each migrate type;
4. add statistics for free pages of each migrate type, and show in
echo m > /proc/sysrq-trigger.
Change-Id: I2fdab73c2d1278cd025185362a1159e4f683166b
Signed-off-by: Tao Zeng <tao.zeng@amlogic.com>
PD#145456: Support RPMB shared secret provisioning [2/2]
[Problem]
RPMB requires a shared secret between host (AP) and device (eMMC flash)
in order to perform HMAC authentication.
[Solution]
This commit provides a special reboot mode, reboot rpmbp, to securely
provision the shared secret into eMMC flash device.
[Test]
Tested on GXL reference board P212. Passed.
Change-Id: I81dd482215d0f0232fe10efbc60b6af4ba2d9641
Signed-off-by: Peifu Jiang <peifu.jiang@amlogic.com>
