Try to mitigate potential future driver core api changes by adding a
padding to struct scsi_cmnd, struct scsi_device, and struct
scsi_host_template.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie6a2b91970e8f9063bf00e96a0dff661f77b8e8d
Try to mitigate potential future driver core api changes by adding a
padding to struct work_struct and struct delayed_work
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5492a13e2430c1a5775aec52518144b7aa4f3268
Try to mitigate potential future driver core api changes by adding a
padding to a bunch of filesystem structures.
Based on a change made to the RHEL/CENTOS 8 kernel.
Bug: 151154716
Change-Id: Ida6d98d30f292c980ab07e0250fec5268c4c87ed
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
To try to mitigate potential future USB api changes, add some padding to
the following structures:
struct usb_interface
struct usb_host_bos
struct usb_bus
struct usb_device
struct usb_driver
struct urb
struct usb_hcd
struct hc_driver
struct usb_tt
struct usbnet
struct driver_info (for usbnet driver)
Based on a patch from Oliver Neukum <oneukum@suse.de> from the SLES
kernel.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie9e246d9333ac70fc9cc2b0bf7cb466a8ffdb6de
Try to mitigate potential future driver core api changes by adding a
padding to stuct vm_area_struct and struct zone.
Based on a patch from Michal Marek <mmarek@suse.cz> from the SLES kernel
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I81702aa833f419928e0e32e9609722b98592c171
Try to mitigate potential future driver core api changes by adding a
padding to struct vfsmount.
Based on a patch from Michal Marek <mmarek@suse.cz> from the SLES kernel
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9ce1b63f05c90af168eeea1312ac88d3cc5cfdf3
Try to mitigate potential future driver core api changes by adding a
pointer to struct signal_struct, struct sched_entity, struct
sched_rt_entity, and struct task_struct.
Based on a patch from Michal Marek <mmarek@suse.cz> from the SLES kernel
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1449735b836399e9b356608727092334daf5c36b
Try to mitigate potential future driver core api changes by adding a
padding to struct sock.
Based on a patch from Michal Marek <mmarek@suse.cz> from the SLES kernel
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I61c3d6cf12c087345db71fc6d93ee6bd58969003
Try to mitigate potential future driver core api changes by adding a
padding to struct module.
Based on a patch from Michal Marek <mmarek@suse.cz> from the SLES kernel
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2a764e9eac88f20e50d192112235da6d2f0f83bc
Try to mitigate potential future driver core api changes by padding to
struct bus_type, struct device_driver, struct class, and struct device.
Based on a patch from Michal Marek <mmarek@suse.cz> from the SLES kernel
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I6892cde6481ba775789f0c02239dcfde3a26b56e
Try to mitigate potential future driver core api changes by adding a
padding to stuct phy_device and struct phy_driver
Inspired by the upstream changes in 5.4.26 and 4.19.111
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8dbc5f76e9eddfc5741f944168222aedacd0a8bb
This header file is to be used for various macros to help make keeping
the kernel ABI "stable" during an "ABI Freeze" period.
They are to be used both before the freeze (to anticipate places where
there will be changes), and after the freeze (to keep the abi stable for
structures where there were changes due to LTS or other changes to the
kernel tree.)
Strongly based on rh_kabi.h from Red Hat's RHEL kernel tree.
This adds support for "real" padding and the ability to replace fields
with other fields.
But, note that ABI changes will still be caught by libabigail at this
point in time, work on that is still ongoing. When that is completed,
all that will be needed is to modify the _ANDROID_KABI_RESERVE() macro
in this file. No other file changes should be needed.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I77038cc251c819c3ed22a9cb8843b185416b6727
uclamp_fork() resets the uclamp values to their default when the
reset-on-fork flag is set. It also checks whether the task has a RT
policy, and sets its uclamp.min to 1024 accordingly. However, during
reset-on-fork, the task's policy is lowered to SCHED_NORMAL right after,
hence leading to an erroneous uclamp.min setting for the new task if it
was forked from RT.
Fix this by removing the unnecessary check on rt_task() in
uclamp_fork() as this doesn't make sense if the reset-on-fork flag is
set.
[ qperret: BACKPORT because of a conflict with the Android-specific
SUGOV_RT_MAX_FREQ sched_feat, which is equally unnecessary in this
path ]
Bug: 120440300
Fixes: 1a00d99997 ("sched/uclamp: Set default clamps for RT tasks")
Reported-by: Chitti Babu Theegala <ctheegal@codeaurora.org>
Signed-off-by: Quentin Perret <qperret@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Patrick Bellasi <patrick.bellasi@matbug.net>
Reviewed-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Link: https://lkml.kernel.org/r/20200416085956.217587-1-qperret@google.com
(cherry picked from commit eaf5a92ebd)
Signed-off-by: Quentin Perret <qperret@google.com>
Change-Id: I9a19ac5474d0508b8437e4a1d859573b4106ed08
Adds support for the below #defines to fix some warnings:
V4L2_PIX_FMT_SDE_Y_CBCR_H2V2_P010_VENUS
V4L2_PIX_FMT_NV12_512
V4L2_PIX_FMT_NV12_UBWC
V4L2_PIX_FMT_NV12_TP10_UBWC
Bug: 155434217
[elavila snapshot of required #defines from e8507af28b12f]
Signed-off-by: J. Avila <elavila@google.com>
Change-Id: Icba92ff8dfad59a9d84d2fa676dffbca1f56053d
Existing PSCI implementation supports platform coordinated means of low
power modes where cluster low power modes are aggregated at the platform
level. Adding support for OS initiated scheme, where the OS is
responsible for selecting cluster low power modes based on last man
determination. With OS initiated scheme, the OS can make better cluster
decisions based on wakeup times of CPUs within a cluster.
To this effect, in OS initiated schemes, the composite state ID is computed
by the idle driver before calling into the cpu_suspend API. The PSCI driver
is modified to use the composite ID to distinguish between retention and
non-retention states.
Change-Id: Iee5533676a28a8f6beb7942dcb908f2fa3518d78
Signed-off-by: Mahesh Sivasubramanian <msivasub@codeaurora.org>
Signed-off-by: Murali Nalajala <mnalajal@codeaurora.org>
(cherry picked from commit ea2c39aefb5418869d81f96304b5cfddc76c4c11)
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 154642337
Partial cherry picked from commit 30f30b8006147cf6222d1872595da281236e74c1
("net: add a per-cpu counter for the number of frames coalesced in GRO")
Add an unused ABI alignment member to struct softnet_data.
Change-Id: I05965c0cb150947935d5977884cc4d583b37131e
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
(cherry picked from commit 30f30b8006147cf6222d1872595da281236e74c1)
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 154523213
With support for new AKM suites (example FILS-SHA256), the KEK length
can now be more than NL80211_KEK_LEN and the KCK length can be zero.
Add changes in cfg80211 to specify the length of KEK, and make KCK
optional. Make NL80211_REKEY_DATA_KEK as NLA_BINARY to enforce a maximum
length check.
Also add macro CFG80211_REKEY_DATA_KEK_LEN to indicate support for
including KEK length in rekey data.
CRs-Fixed: 2087759
Change-Id: Ica8dbb8614e0a9c3905e125b4a5254e43821984e
Signed-off-by: Vidyullatha Kanchanapally <vidyullatha@codeaurora.org>
Signed-off-by: Ankita Bajaj <bankita@codeaurora.org>
Signed-off-by: Hardik Kantilal Patel <hkpatel@codeaurora.org>
(cherry picked from commit 1daf1a378a61ab77a9497e81b1c0de2bbeca70c1)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
The loop driver assumes that if the passed in fd is opened with
O_DIRECT, the caller wants to use direct I/O on the loop device.
However, if the underlying block device has a different block size than
the loop block queue, direct I/O can't be enabled. Instead of requiring
userspace to manually change the blocksize and re-enable direct I/O,
just change the queue block sizes to match, as well as the io_min size.
Bug: 148607611
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martijn Coenen <maco@android.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
(cherry picked from commit 85560117d0)
Change-Id: I4d55bf99b2cb4cc6bb218a8905f18d3b2c12d5bb
As was, chmod would change the cached inode's mode, which would
persist until the inode was uncached.
Fix to change mode of backing file, but make sure mount files
are read only, backing files are always writeable.
Test: App no longer fails with incfs errors
Bug: 154972299
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: I40517331f24329484387c6b880f1517f887b29f6
(cherry picked from commit fe4fae35fe)
If NTP is running, it is useful to keep the RTC updated with the
accurate time.
Bug: 154891696
Signed-off-by: Steve Muckle <smuckle@google.com>
Change-Id: Iee7c2126c57c4f00125ae4d552d7e0ebaf572ca3
Add vendor padding to the __IPV4_DEVCONFIG_* enum in order to provide
room for a vendor feature without breaking MODVERSIONS. Do not port 5.4.
Signed-off-by: Will McVicker <willmcvicker@google.com>
Bug: 154377500
Change-Id: I733b20dded7cab3cb5818215fdd6b771062e20d8
This reverts commit 5071be2967. We would
rather fill in vendor padding vs specify a max value.
Signed-off-by: Will McVicker <willmcvicker@google.com>
Bug: 154377500
Change-Id: If0376b2b46d0f811c8d02eb05096bf00c204d54f
In commit 310dd4fe83 ("ANDROID: driver: gpu: drm: add notifier for
panel related events") a number of new symbols were exported, but they
should have been set as a _GPL symbol.
Fix this up by properly changing the export types.
Bug: 139653858
Cc: Shashank Babu Chinta Venkata <sbchin@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I54dbc1f4d41739ab19040563966a6505897734fb
In commit 4233dfd7c0 ("ANDROID: SoC: core: Introduce macro
SOC_SINGLE_MULTI_EXT") a new symbol was exported, but it should have
been set as a _GPL symbol.
Fix this up by properly changing the export type.
Bug: 144610828
Cc: Banajit Goswami <bgoswami@codeaurora.org>
Cc: Sudheer Papothi <spapothi@codeaurora.org>
Cc: Meng Wang <mwang@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I373a8d347a07e3ea44af4e8c683a71c7821b6cc5
In commit 4f6a1f4aff2b ("ANDROID: ufshcd-crypto: export cap find API") a
new symbol was exported, but it should have been set as a _GPL symbol.
Fix this up by properly changing the export type.
Bug: 147209885
Cc: Barani Muthukumaran <bmuthuku@codeaurora.org>
Cc: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic0612118ce2ad837fd6ec95ea002a004c5ba4470
The mailbox sends a request to the controller and the tx_done callback
received for that request clears the active_req pointer. The callback
sends the next request in the queue, if there is one. When a controller
is busy and cannot accept any more requests until the interrupt is
cleared, it would return -EAGAIN. The mailbox controller must unlock its
spinlock and retry again.
Signed-off-by: Lina Iyer <ilina@codeaurora.org>
Change-Id: Id58c7365be8c6bfc7f90fe9445c88c1246d2d7f8
(cherry picked from commit e5c2b83b3daae99cfd3ef55b2c132e8bf4c22b27)
Bug: 155339628
Signed-off-by: Will McVicker <willmcvicker@google.com>
Signed-off-by: Saravana Kannan <saravanak@google.com>
These thermal configs are used by vendors. So, enabled them.
Bug: 154966878
Change-Id: I4347c18ae80890e0948c35596a9f35aa8971b567
Signed-off-by: Saravana Kannan <saravanak@google.com>
Signed-off-by: Will McVicker <willmcvicker@google.com>
Make it possible to change trip point for the cooling device instance
in the thermal zone. It would be helpful in case when cooling devices can
by bind to thermal zones using sysfs interface.
A proper trip point can be chosen for a cooling device by:
echo 2 > /sys/class/thermal/thermal_zoneX/cdev_Z_trip_point
It is also possible to unpin cooling device from trip point:
echo -1 > /sys/class/thermal/thermal_zoneX/cdev_Z_trip_point
Change-Id: I69e7a592b7d76cabafb422311b6dea74c19924ea
Signed-off-by: Lukasz Luba <lukasz.luba@arm.com>
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Link: https://lore.kernel.org/r/20191216140622.25467-3-lukasz.luba@arm.com
Bug: 132152924
Signed-off-by: TeYuan Wang <kamewang@google.com>
Bug: 155322354
(cherry picked from commit dba49f7921d207625ed979d9d0da3302195a0170)
Signed-off-by: Saravana Kannan <saravanak@google.com>
Signed-off-by: Will McVicker <willmcvicker@google.com>
CPU cooling device will use IDR to get integer numbers for defining
the CPU cooling device ID. With having one cooling device per policy,
it will be tough to correlate a cooling device ID to the policy it is
mitigating.
Use the CPU ID from the policy as cooling device ID, which will allow
easy mapping of cooling device to CPU.
Change-Id: I249112ac467b84aea4f08466d91d6be520fbbc14
Signed-off-by: Ram Chandrasekar <rkumbako@codeaurora.org>
Bug: 155322354
(cherry picked from commit 3342cd6aa710fe83f59eaf3e825640db6eb46193)
Signed-off-by: Saravana Kannan <saravanak@google.com>
Signed-off-by: Will McVicker <willmcvicker@google.com>
Some vendors have devfreq devices that allow min freq to be 0. So, allow
that.
Bug: 152343889
Signed-off-by: Saravana Kannan <saravanak@google.com>
Change-Id: I03adc475338c5b0376992ab40543f481b75de895
Signed-off-by: Will McVicker <willmcvicker@google.com>
This needs to be enabled for regulator driver modules to work. So,
enable it.
Bug: 155357256
Signed-off-by: Saravana Kannan <saravanak@google.com>
Change-Id: I1ba50d89973667783e61732319a4e155dcc42b41
Signed-off-by: Will McVicker <willmcvicker@google.com>
Leaf changes summary: 3 artifacts changed (1 filtered out)
Changed leaf types summary: 3 (1 filtered out) leaf types changed
Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 0 Added function
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable
'enum nl80211_attrs at nl80211.h:2346:1' changed:
type size hasn't changed
3 enumerator insertions:
'nl80211_attrs::NL80211_ATTR_VLAN_ID' value '282'
'nl80211_attrs::NL80211_ATTR_HE_BSS_COLOR' value '283'
'nl80211_attrs::NL80211_ATTR_IFTYPE_AKM_SUITES' value '284'
'struct cfg80211_ops at cfg80211.h:3274:1' changed:
type size changed from 6720 to 6784 (in bits)
1 data member insertion:
'void ()* cfg80211_ops::set_default_beacon_key', at offset 704 (in bits) at cfg80211.h:3308:1
'struct wiphy at cfg80211.h:4125:1' changed:
type size hasn't changed
2 data member insertions:
'const wiphy_iftype_akm_suites* wiphy::iftype_akm_suites', at offset 960 (in bits) at cfg80211.h:4194:1
'unsigned int wiphy::num_iftype_akm_suites', at offset 1024 (in bits) at cfg80211.h:4195:1
there are data member changes:
type 'u8[5]' of 'wiphy::ext_features' changed:
type name changed from 'u8[5]' to 'u8[6]'
array type size changed from 40 to 48
array type subrange 1 changed length from 5 to 6
Test: build
Bug: 150901210
Signed-off-by: Hridya Valsaraju <hridya@google.com>
Change-Id: If8597a86a5fa0cea8602c6d19b2c693e9f45700b
In commit 39bb6b4242 ("ANDROID: virt_wifi: Add data ops for scan data
simulation") some new symbols were exported, but they should have been
set as _GPL symbols.
Fix this up by properly.
Bug: 139421123
Cc: lesl <lesl@google.com>
Cc: Alistair Delva <adelva@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ied186f08c695f5d1f50d88446f1e71fef303e7f8
In commit 044366659c ("ANDROID: vfs: Add setattr2 for filesystems with
per mount permissions") a new symbol was exported, but it should have
been set as a _GPL symbol.
Fix this up by properly.
Bug: 35848445
Cc: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I87585ad059367aa51b784ec415a1bf7f809de769
In commit 4fd07efd90 ("ANDROID: vfs: Add permission2 for filesystems
with per mount permissions") some new symbols were exported, but they
should have been set as _GPL symbols.
Fix this up by properly.
Bug: 35848445
Cc: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4fb4b81f3b0a9d0b4c3aa69fffbc723762a629aa
In commit d16d9c0046eb ("FROMLIST: fscrypt: Have filesystems handle their d_ops")
a new symbol was exported, but it should have been set as a _GPL symbol.
Fix this up by properly.
Bug: 138322712
Cc: Daniel Rosenberg <drosen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I51e23761d3c898a0bf612048c8febd98a0817ae3
In commit d71a92631c51 ("ANDROID: add support for Clang's Control Flow
Integrity (CFI)") some new symbols were exported, but they should have
been set as _GPL symbols.
Fix this up by properly.
Bug: 145210207
Cc: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I6ecbb0f3b33f7c02c9b75bb7d80c35ce80e553f3
In commit ff5bf35998cc ("ANDROID: bpf: validate bpf_func when BPF_JIT is
enabled with CFI") a new symbol was exported, but it should have been
set as a _GPL symbol.
Fix this up by properly.
Bug: 145210207
Cc: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7239bb8e0ef329cd7eac6afcd06c341b17ea680b
Changes in 4.19.119
ext4: fix extent_status fragmentation for plain files
drm/msm: Use the correct dma_sync calls harder
bpftool: Fix printing incorrect pointer in btf_dump_ptr
crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static
vti4: removed duplicate log message.
arm64: Add part number for Neoverse N1
arm64: errata: Hide CTR_EL0.DIC on systems affected by Neoverse-N1 #1542419
arm64: Fake the IminLine size on systems affected by Neoverse-N1 #1542419
arm64: compat: Workaround Neoverse-N1 #1542419 for compat user-space
arm64: Silence clang warning on mismatched value/register sizes
watchdog: reset last_hw_keepalive time at start
scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login
scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG
ceph: return ceph_mdsc_do_request() errors from __get_parent()
ceph: don't skip updating wanted caps when cap is stale
pwm: rcar: Fix late Runtime PM enablement
scsi: iscsi: Report unbind session event when the target has been removed
ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map()
nvme: fix deadlock caused by ANA update wrong locking
kernel/gcov/fs.c: gcov_seq_next() should increase position index
selftests: kmod: fix handling test numbers above 9
ipc/util.c: sysvipc_find_ipc() should increase position index
kconfig: qconf: Fix a few alignment issues
s390/cio: avoid duplicated 'ADD' uevents
loop: Better discard support for block devices
Revert "powerpc/64: irq_work avoid interrupt when called with hardware irqs enabled"
pwm: renesas-tpu: Fix late Runtime PM enablement
pwm: bcm2835: Dynamically allocate base
perf/core: Disable page faults when getting phys address
ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN MPWIN895CL tablet
xhci: Ensure link state is U3 after setting USB_SS_PORT_LS_U3
drm/amd/display: Not doing optimize bandwidth if flip pending.
tracing/selftests: Turn off timeout setting
virtio-blk: improve virtqueue error to BLK_STS
scsi: smartpqi: fix call trace in device discovery
PCI/ASPM: Allow re-enabling Clock PM
net: ipv6: add net argument to ip6_dst_lookup_flow
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
blktrace: Protect q->blk_trace with RCU
blktrace: fix dereference after null check
f2fs: fix to avoid memory leakage in f2fs_listxattr
KVM: VMX: Zero out *all* general purpose registers after VM-Exit
KVM: nVMX: Always sync GUEST_BNDCFGS when it comes from vmcs01
KVM: Introduce a new guest mapping API
kvm: fix compilation on aarch64
kvm: fix compilation on s390
kvm: fix compile on s390 part 2
KVM: Properly check if "page" is valid in kvm_vcpu_unmap
x86/kvm: Introduce kvm_(un)map_gfn()
x86/kvm: Cache gfn to pfn translation
x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed
x86/KVM: Clean up host's steal time structure
cxgb4: fix adapter crash due to wrong MC size
cxgb4: fix large delays in PTP synchronization
ipv6: fix restrict IPV6_ADDRFORM operation
macsec: avoid to set wrong mtu
macvlan: fix null dereference in macvlan_device_event()
net: bcmgenet: correct per TX/RX ring statistics
net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array
net/x25: Fix x25_neigh refcnt leak when receiving frame
sched: etf: do not assume all sockets are full blown
tcp: cache line align MAX_TCP_HEADER
team: fix hang in team_mode_get()
vrf: Fix IPv6 with qdisc and xfrm
net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled
net: dsa: b53: Fix ARL register definitions
net: dsa: b53: Rework ARL bin logic
net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL
xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
vrf: Check skb for XFRM_TRANSFORMED flag
mlxsw: Fix some IS_ERR() vs NULL bugs
KEYS: Avoid false positive ENOMEM error on key read
ALSA: hda: Remove ASUS ROG Zenith from the blacklist
ALSA: usb-audio: Add static mapping table for ALC1220-VB-based mobos
ALSA: usb-audio: Add connector notifier delegation
iio: core: remove extra semi-colon from devm_iio_device_register() macro
iio: st_sensors: rely on odr mask to know if odr can be set
iio: adc: stm32-adc: fix sleep in atomic context
iio: xilinx-xadc: Fix ADC-B powerdown
iio: xilinx-xadc: Fix clearing interrupt when enabling trigger
iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode
iio: xilinx-xadc: Make sure not exceed maximum samplerate
fs/namespace.c: fix mountpoint reference counter race
USB: sisusbvga: Change port variable from signed to unsigned
USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE
USB: early: Handle AMD's spec-compliant identifiers, too
USB: core: Fix free-while-in-use bug in the USB S-Glibrary
USB: hub: Fix handling of connect changes during sleep
vmalloc: fix remap_vmalloc_range() bounds checks
mm/hugetlb: fix a addressing exception caused by huge_pte_offset
mm/ksm: fix NULL pointer dereference when KSM zero page is enabled
tools/vm: fix cross-compile build
ALSA: usx2y: Fix potential NULL dereference
ALSA: hda/realtek - Fix unexpected init_amp override
ALSA: hda/realtek - Add new codec supported for ALC245
ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices
tpm/tpm_tis: Free IRQ if probing fails
tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send()
KVM: s390: Return last valid slot if approx index is out-of-bounds
KVM: Check validity of resolved slot when searching memslots
KVM: VMX: Enable machine check support for 32bit targets
tty: hvc: fix buffer overflow during hvc_alloc().
tty: rocket, avoid OOB access
usb-storage: Add unusual_devs entry for JMicron JMS566
audit: check the length of userspace generated audit records
ASoC: dapm: fixup dapm kcontrol widget
iwlwifi: pcie: actually release queue memory in TVQM
iwlwifi: mvm: beacon statistics shouldn't go backwards
ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y
powerpc/setup_64: Set cache-line-size based on cache-block-size
staging: comedi: dt2815: fix writing hi byte of analog output
staging: comedi: Fix comedi_device refcnt leak in comedi_open
vt: don't hardcode the mem allocation upper bound
vt: don't use kmalloc() for the unicode screen buffer
staging: vt6656: Don't set RCR_MULTICAST or RCR_BROADCAST by default.
staging: vt6656: Fix calling conditions of vnt_set_bss_mode
staging: vt6656: Fix drivers TBTT timing counter.
staging: vt6656: Fix pairwise key entry save.
staging: vt6656: Power save stop wake_up_count wrap around.
cdc-acm: close race betrween suspend() and acm_softint
cdc-acm: introduce a cool down
UAS: no use logging any details in case of ENODEV
UAS: fix deadlock in error handling and PM flushing work
usb: dwc3: gadget: Fix request completion check
usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset()
xhci: prevent bus suspend if a roothub port detected a over-current condition
serial: sh-sci: Make sure status register SCxSR is read in correct sequence
xfs: Fix deadlock between AGI and AGF with RENAME_WHITEOUT
s390/mm: fix page table upgrade vs 2ndary address mode accesses
Linux 4.19.119
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4b16db8472367d135a4ff68d2863c634bf093ef5
commit 316ec15481 upstream.
A page table upgrade in a kernel section that uses secondary address
mode will mess up the kernel instructions as follows:
Consider the following scenario: two threads are sharing memory.
On CPU1 thread 1 does e.g. strnlen_user(). That gets to
old_fs = enable_sacf_uaccess();
len = strnlen_user_srst(src, size);
and
" la %2,0(%1)\n"
" la %3,0(%0,%1)\n"
" slgr %0,%0\n"
" sacf 256\n"
"0: srst %3,%2\n"
in strnlen_user_srst(). At that point we are in secondary space mode,
control register 1 points to kernel page table and instruction fetching
happens via c1, rather than usual c13. Interrupts are not disabled, for
obvious reasons.
On CPU2 thread 2 does MAP_FIXED mmap(), forcing the upgrade of page table
from 3-level to e.g. 4-level one. We'd allocated new top-level table,
set it up and now we hit this:
notify = 1;
spin_unlock_bh(&mm->page_table_lock);
}
if (notify)
on_each_cpu(__crst_table_upgrade, mm, 0);
OK, we need to actually change over to use of new page table and we
need that to happen in all threads that are currently running. Which
happens to include the thread 1. IPI is delivered and we have
static void __crst_table_upgrade(void *arg)
{
struct mm_struct *mm = arg;
if (current->active_mm == mm)
set_user_asce(mm);
__tlb_flush_local();
}
run on CPU1. That does
static inline void set_user_asce(struct mm_struct *mm)
{
S390_lowcore.user_asce = mm->context.asce;
OK, user page table address updated...
__ctl_load(S390_lowcore.user_asce, 1, 1);
... and control register 1 set to it.
clear_cpu_flag(CIF_ASCE_PRIMARY);
}
IPI is run in home space mode, so it's fine - insns are fetched
using c13, which always points to kernel page table. But as soon
as we return from the interrupt, previous PSW is restored, putting
CPU1 back into secondary space mode, at which point we no longer
get the kernel instructions from the kernel mapping.
The fix is to only fixup the control registers that are currently in use
for user processes during the page table update. We must also disable
interrupts in enable_sacf_uaccess to synchronize the cr and
thread.mm_segment updates against the on_each-cpu.
Fixes: 0aaba41b58 ("s390: remove all code using the access register mode")
Cc: stable@vger.kernel.org # 4.15+
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
References: CVE-2020-11884
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit bc56ad8c74 upstream.
When performing rename operation with RENAME_WHITEOUT flag, we will
hold AGF lock to allocate or free extents in manipulating the dirents
firstly, and then doing the xfs_iunlink_remove() call last to hold
AGI lock to modify the tmpfile info, so we the lock order AGI->AGF.
The big problem here is that we have an ordering constraint on AGF
and AGI locking - inode allocation locks the AGI, then can allocate
a new extent for new inodes, locking the AGF after the AGI. Hence
the ordering that is imposed by other parts of the code is AGI before
AGF. So we get an ABBA deadlock between the AGI and AGF here.
Process A:
Call trace:
? __schedule+0x2bd/0x620
schedule+0x33/0x90
schedule_timeout+0x17d/0x290
__down_common+0xef/0x125
? xfs_buf_find+0x215/0x6c0 [xfs]
down+0x3b/0x50
xfs_buf_lock+0x34/0xf0 [xfs]
xfs_buf_find+0x215/0x6c0 [xfs]
xfs_buf_get_map+0x37/0x230 [xfs]
xfs_buf_read_map+0x29/0x190 [xfs]
xfs_trans_read_buf_map+0x13d/0x520 [xfs]
xfs_read_agf+0xa6/0x180 [xfs]
? schedule_timeout+0x17d/0x290
xfs_alloc_read_agf+0x52/0x1f0 [xfs]
xfs_alloc_fix_freelist+0x432/0x590 [xfs]
? down+0x3b/0x50
? xfs_buf_lock+0x34/0xf0 [xfs]
? xfs_buf_find+0x215/0x6c0 [xfs]
xfs_alloc_vextent+0x301/0x6c0 [xfs]
xfs_ialloc_ag_alloc+0x182/0x700 [xfs]
? _xfs_trans_bjoin+0x72/0xf0 [xfs]
xfs_dialloc+0x116/0x290 [xfs]
xfs_ialloc+0x6d/0x5e0 [xfs]
? xfs_log_reserve+0x165/0x280 [xfs]
xfs_dir_ialloc+0x8c/0x240 [xfs]
xfs_create+0x35a/0x610 [xfs]
xfs_generic_create+0x1f1/0x2f0 [xfs]
...
Process B:
Call trace:
? __schedule+0x2bd/0x620
? xfs_bmapi_allocate+0x245/0x380 [xfs]
schedule+0x33/0x90
schedule_timeout+0x17d/0x290
? xfs_buf_find+0x1fd/0x6c0 [xfs]
__down_common+0xef/0x125
? xfs_buf_get_map+0x37/0x230 [xfs]
? xfs_buf_find+0x215/0x6c0 [xfs]
down+0x3b/0x50
xfs_buf_lock+0x34/0xf0 [xfs]
xfs_buf_find+0x215/0x6c0 [xfs]
xfs_buf_get_map+0x37/0x230 [xfs]
xfs_buf_read_map+0x29/0x190 [xfs]
xfs_trans_read_buf_map+0x13d/0x520 [xfs]
xfs_read_agi+0xa8/0x160 [xfs]
xfs_iunlink_remove+0x6f/0x2a0 [xfs]
? current_time+0x46/0x80
? xfs_trans_ichgtime+0x39/0xb0 [xfs]
xfs_rename+0x57a/0xae0 [xfs]
xfs_vn_rename+0xe4/0x150 [xfs]
...
In this patch we move the xfs_iunlink_remove() call to
before acquiring the AGF lock to preserve correct AGI/AGF locking
order.
[Minor massage required due to upstream change making xfs_bumplink() a
void function where as in the 4.19.y tree the return value is checked,
even though it is always zero. Only change was to the last code block
removed by the patch. Functionally equivalent to upstream.]
Signed-off-by: kaixuxia <kaixuxia@tencent.com>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Suraj Jitindar Singh <surajjs@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
