-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3K+EEACgkQONu9yGCS
aT5ReA/+IrdgTosfTtLizJhq+rR7UClBC4D7rOEBv6BVpKMNRdldcaVsFy6/MO6I
eq3keoicBpGxY8j6mp559GT7ACvXC3L6SALlwvfmGX6BHGVmwTE1Q6UmYbMfCoVY
kkZ6YUGc9T20hfvi1aG/bXerv90phIj3mSOttpLQsiNmlqkP4o2ayA9c/ohhINZ9
N3tEqh81vuZ9DQKdR6hY3iiqq8j3x5if5PppfdtQJMq8U7EUePHeiOrl6+j/PWXV
UHF+BGXVJBXF7Qn3NGzLAZsI5HI+PT9ec9R5/6kFwbKnD88CR80AJpwzmPXmLjTu
584oSQHzSQzSl5+r53SrK3EgOUdsduicGHJfO9RU1ttMAkkz+t+7LSSMDMX0qMFX
OGJdaiQc5arKNEcgckpnNDScRAlxK7IwUWfgcyFsjgMhLKxEfAuz8+JGJEp3QF6T
bNXupekzCnhE70j1/1MObLrTshW+BwIfYgSWwjH01Fq5h6/7IcuGWtfpuanhFj0k
sa4J02kdCvUPNAAlXAt07E/QS/4pLEV/Lh4K86MGR2ltYQjPEyYoY9LwIJAFEyQE
/DYUTS9GvlOitpbdUT48v/msZpOHWvhza8He/ZChN17RqFrIY9ykkPkA22moCqWB
w7d4HTP3dkYlt00e2DAclbCMsek9rNn+oTnY1jxGKa3pXxZAKyo=
=T5EF
-----END PGP SIGNATURE-----
Merge 4.19.84 into android-4.19
Changes in 4.19.84
bonding: fix state transition issue in link monitoring
CDC-NCM: handle incomplete transfer of MTU
ipv4: Fix table id reference in fib_sync_down_addr
net: ethernet: octeon_mgmt: Account for second possible VLAN header
net: fix data-race in neigh_event_send()
net: qualcomm: rmnet: Fix potential UAF when unregistering
net: usb: qmi_wwan: add support for DW5821e with eSIM support
NFC: fdp: fix incorrect free object
nfc: netlink: fix double device reference drop
NFC: st21nfca: fix double free
qede: fix NULL pointer deref in __qede_remove()
net: mscc: ocelot: don't handle netdev events for other netdevs
net: mscc: ocelot: fix NULL pointer on LAG slave removal
ipv6: fixes rt6_probe() and fib6_nh->last_probe init
net: hns: Fix the stray netpoll locks causing deadlock in NAPI path
ALSA: timer: Fix incorrectly assigned timer instance
ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series
ALSA: hda/ca0132 - Fix possible workqueue stall
mm: memcontrol: fix network errors from failing __GFP_ATOMIC charges
mm, meminit: recalculate pcpu batch and high limits after init completes
mm: thp: handle page cache THP correctly in PageTransCompoundMap
mm, vmstat: hide /proc/pagetypeinfo from normal users
dump_stack: avoid the livelock of the dump_lock
tools: gpio: Use !building_out_of_srctree to determine srctree
perf tools: Fix time sorting
drm/radeon: fix si_enable_smc_cac() failed issue
HID: wacom: generic: Treat serial number and related fields as unsigned
soundwire: depend on ACPI
soundwire: bus: set initial value to port_status
arm64: Do not mask out PTE_RDONLY in pte_same()
ceph: fix use-after-free in __ceph_remove_cap()
ceph: add missing check in d_revalidate snapdir handling
iio: adc: stm32-adc: fix stopping dma
iio: imu: adis16480: make sure provided frequency is positive
iio: srf04: fix wrong limitation in distance measuring
ARM: sunxi: Fix CPU powerdown on A83T
netfilter: nf_tables: Align nft_expr private data to 64-bit
netfilter: ipset: Fix an error code in ip_set_sockfn_get()
intel_th: pci: Add Comet Lake PCH support
intel_th: pci: Add Jasper Lake PCH support
x86/apic/32: Avoid bogus LDR warnings
SMB3: Fix persistent handles reconnect
can: usb_8dev: fix use-after-free on disconnect
can: flexcan: disable completely the ECC mechanism
can: c_can: c_can_poll(): only read status register after status IRQ
can: peak_usb: fix a potential out-of-sync while decoding packets
can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak
can: gs_usb: gs_can_open(): prevent memory leak
can: dev: add missing of_node_put() after calling of_get_child_by_name()
can: mcba_usb: fix use-after-free on disconnect
can: peak_usb: fix slab info leak
configfs: stash the data we need into configfs_buffer at open time
configfs_register_group() shouldn't be (and isn't) called in rmdirable parts
configfs: new object reprsenting tree fragments
configfs: provide exclusion between IO and removals
configfs: fix a deadlock in configfs_symlink()
ALSA: usb-audio: More validations of descriptor units
ALSA: usb-audio: Simplify parse_audio_unit()
ALSA: usb-audio: Unify the release of usb_mixer_elem_info objects
ALSA: usb-audio: Remove superfluous bLength checks
ALSA: usb-audio: Clean up check_input_term()
ALSA: usb-audio: Fix possible NULL dereference at create_yamaha_midi_quirk()
ALSA: usb-audio: remove some dead code
ALSA: usb-audio: Fix copy&paste error in the validator
sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices
sched/fair: Fix -Wunused-but-set-variable warnings
usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path
usbip: Implement SG support to vhci-hcd and stub driver
PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30
HID: google: add magnemite/masterball USB ids
dmaengine: xilinx_dma: Fix control reg update in vdma_channel_set_config
dmaengine: sprd: Fix the possible memory leak issue
HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring()
RDMA/mlx5: Clear old rate limit when closing QP
iw_cxgb4: fix ECN check on the passive accept
RDMA/qedr: Fix reported firmware version
net/mlx5e: TX, Fix consumer index of error cqe dump
net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq
scsi: qla2xxx: fixup incorrect usage of host_byte
RDMA/uverbs: Prevent potential underflow
net: openvswitch: free vport unless register_netdevice() succeeds
scsi: lpfc: Honor module parameter lpfc_use_adisc
scsi: qla2xxx: Initialized mailbox to prevent driver load failure
netfilter: nf_flow_table: set timeout before insertion into hashes
ipvs: don't ignore errors in case refcounting ip_vs module fails
ipvs: move old_secure_tcp into struct netns_ipvs
bonding: fix unexpected IFF_BONDING bit unset
macsec: fix refcnt leak in module exit routine
usb: fsl: Check memory resource before releasing it
usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode.
usb: gadget: composite: Fix possible double free memory bug
usb: dwc3: pci: prevent memory leak in dwc3_pci_probe
usb: gadget: configfs: fix concurrent issue between composite APIs
usb: dwc3: remove the call trace of USBx_GFLADJ
perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity
perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h)
perf/x86/uncore: Fix event group support
USB: Skip endpoints with 0 maxpacket length
USB: ldusb: use unsigned size format specifiers
usbip: tools: Fix read_usb_vudc_device() error path handling
RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case
RDMA/hns: Prevent memory leaks of eq->buf_list
scsi: qla2xxx: stop timer in shutdown path
nvme-multipath: fix possible io hang after ctrl reconnect
fjes: Handle workqueue allocation failure
net: hisilicon: Fix "Trying to free already-free IRQ"
net: mscc: ocelot: fix vlan_filtering when enslaving to bridge before link is up
net: mscc: ocelot: refuse to overwrite the port's native vlan
iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41
drm/amdgpu: If amdgpu_ib_schedule fails return back the error.
drm/amd/display: Passive DP->HDMI dongle detection fix
hv_netvsc: Fix error handling in netvsc_attach()
usb: dwc3: gadget: fix race when disabling ep with cancelled xfers
NFSv4: Don't allow a cached open with a revoked delegation
net: ethernet: arc: add the missed clk_disable_unprepare
igb: Fix constant media auto sense switching when no cable is connected
e1000: fix memory leaks
pinctrl: intel: Avoid potential glitches if pin is in GPIO mode
ocfs2: protect extent tree in ocfs2_prepare_inode_for_write()
pinctrl: cherryview: Fix irq_valid_mask calculation
blkcg: make blkcg_print_stat() print stats only for online blkgs
iio: imu: mpu6050: Add support for the ICM 20602 IMU
iio: imu: inv_mpu6050: fix no data on MPU6050
mm/filemap.c: don't initiate writeback if mapping has no dirty pages
cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead
usbip: Fix free of unallocated memory in vhci tx
netfilter: ipset: Copy the right MAC address in hash:ip,mac IPv6 sets
net: prevent load/store tearing on sk->sk_stamp
iio: imu: mpu6050: Fix FIFO layout for ICM20602
vsock/virtio: fix sock refcnt holding during the shutdown
drm/i915: Rename gen7 cmdparser tables
drm/i915: Disable Secure Batches for gen6+
drm/i915: Remove Master tables from cmdparser
drm/i915: Add support for mandatory cmdparsing
drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
drm/i915: Allow parsing of unsized batches
drm/i915: Add gen9 BCS cmdparsing
drm/i915/cmdparser: Use explicit goto for error paths
drm/i915/cmdparser: Add support for backward jumps
drm/i915/cmdparser: Ignore Length operands during command matching
drm/i915: Lower RM timeout to avoid DSI hard hangs
drm/i915/gen8+: Add RC6 CTX corruption WA
drm/i915/cmdparser: Fix jump whitelist clearing
KVM: x86: use Intel speculation bugs and features as derived in generic x86 code
x86/msr: Add the IA32_TSX_CTRL MSR
x86/cpu: Add a helper function x86_read_arch_cap_msr()
x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
x86/speculation/taa: Add mitigation for TSX Async Abort
x86/speculation/taa: Add sysfs reporting for TSX Async Abort
kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
x86/tsx: Add "auto" option to the tsx= cmdline parameter
x86/speculation/taa: Add documentation for TSX Async Abort
x86/tsx: Add config options to set tsx=on|off|auto
x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs
x86/bugs: Add ITLB_MULTIHIT bug infrastructure
x86/cpu: Add Tremont to the cpu vulnerability whitelist
cpu/speculation: Uninline and export CPU mitigations helpers
Documentation: Add ITLB_MULTIHIT documentation
kvm: x86, powerpc: do not allow clearing largepages debugfs entry
kvm: Convert kvm_lock to a mutex
kvm: mmu: Do not release the page inside mmu_set_spte()
KVM: x86: make FNAME(fetch) and __direct_map more similar
KVM: x86: remove now unneeded hugepage gfn adjustment
KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active
kvm: mmu: ITLB_MULTIHIT mitigation
kvm: Add helper function for creating VM worker threads
kvm: x86: mmu: Recovery of shattered NX large pages
Linux 4.19.84
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7a820f00c4b868ed677bb49613f835b7e67a3a06
[ Upstream commit b0814361a25cba73a224548843ed92d8ea78715a ]
blkcg_print_stat() iterates blkgs under RCU and doesn't test whether
the blkg is online. This can call into pd_stat_fn() on a pd which is
still being initialized leading to an oops.
The heaviest operation - recursively summing up rwstat counters - is
already done while holding the queue_lock. Expand queue_lock to cover
the other operations and skip the blkg if it isn't online yet. The
online state is protected by both blkcg and queue locks, so this
guarantees that only online blkgs are processed.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Roman Gushchin <guro@fb.com>
Cc: Josef Bacik <jbacik@fb.com>
Fixes: 903d23f0a3 ("blk-cgroup: allow controllers to output their own stats")
Cc: stable@vger.kernel.org # v4.19+
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl239joACgkQONu9yGCS
aT4C8g//docfwEU2Ezqy7G2049bm0ulF99clghNoT47idndkBGgrZp1fJ9X8H7dO
dxR12NoKQcYtlxdLvY1XTrHYXnxhMgECjltLeI0sd2sA90hteWx9lXS9DDcWcwWr
zE4vtteCEE6b7DlMtMV3IeSqtkLIAewdlYYepmsX2xNVnRJXwCbEbvQ0TVHan0P/
1QtuiiiO97q8NkPAOAJCqfs6l+LFfWMuKN1cESBQ7fVUg0PppP+dfqrBhyJ/C98S
kA+iFkFKkRdYr7052sJtm0mSvOrBmCU9KGixHzQ9gmN7LlfxgfnQqH5i1qCL/mC2
+/9jozmZ2vhyH75VV2CT3hsVgyseptURudrmOcQC/iiCF8nDypcqrcYBYYNMNg8z
u4b4bvxxXv+XzJQkgIWjiKPa1+BQh3JBubbNHxVhJecxyd6dwHH498z/9t3e1XRn
9pdW7YdVDWNI5HgxVJRTmaN157N0mQSg9ghEDQ10G/KOhY7+pbCGCEIOursSvou3
ov01uMeip2TE+OcjcEMyspcKJZkxaEvfS0iAvCYsXebPjyVwtVrT9Nph8MTJ1zPw
W3YN5wt/kT3pJII2owR5SG3ti+LindvaK+jAEKsLcA9CZ3DeS2tSjwr5KQR0w8Px
5wtfVo5yFG7YRQCXKq3mhuZEeXHXOXASNEuxD4fmgXqSYwj2SZU=
=bugE
-----END PGP SIGNATURE-----
Merge 4.19.81 into android-4.19
Changes in 4.19.81
nvme-pci: Fix a race in controller removal
scsi: ufs: skip shutdown if hba is not powered
scsi: megaraid: disable device when probe failed after enabled device
scsi: qla2xxx: Fix unbound sleep in fcport delete path.
ARM: OMAP2+: Fix missing reset done flag for am3 and am43
ARM: OMAP2+: Fix warnings with broken omap2_set_init_voltage()
ieee802154: ca8210: prevent memory leak
ARM: dts: am4372: Set memory bandwidth limit for DISPC
net: dsa: qca8k: Use up to 7 ports for all operations
MIPS: dts: ar9331: fix interrupt-controller size
xen/efi: Set nonblocking callbacks
nl80211: fix null pointer dereference
mac80211: fix txq null pointer dereference
netfilter: nft_connlimit: disable bh on garbage collection
net: dsa: rtl8366rb: add missing of_node_put after calling of_get_child_by_name
mips: Loongson: Fix the link time qualifier of 'serial_exit()'
net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
lib: textsearch: fix escapes in example code
r8152: Set macpassthru in reset_resume callback
namespace: fix namespace.pl script to support relative paths
libata/ahci: Fix PCS quirk application
md/raid0: fix warning message for parameter default_layout
Revert "drm/radeon: Fix EEH during kexec"
ocfs2: fix panic due to ocfs2_wq is null
ipv4: fix race condition between route lookup and invalidation
ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
net: avoid potential infinite loop in tc_ctl_action()
net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
net: bcmgenet: Set phydev->dev_flags only for internal PHYs
net: i82596: fix dma_alloc_attr for sni_82596
net/ibmvnic: Fix EOI when running in XIVE mode.
net: ipv6: fix listify ip6_rcv_finish in case of forwarding
net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow
sctp: change sctp_prot .no_autobind with true
memfd: Fix locking when tagging pins
USB: legousbtower: fix memleak on disconnect
ALSA: hda/realtek - Add support for ALC711
ALSA: hda/realtek - Enable headset mic on Asus MJ401TA
ALSA: usb-audio: Disable quirks for BOSS Katana amplifiers
ALSA: hda - Force runtime PM on Nvidia HDMI codecs
usb: udc: lpc32xx: fix bad bit shift operation
USB: serial: ti_usb_3410_5052: fix port-close races
USB: ldusb: fix memleak on disconnect
USB: usblp: fix use-after-free on disconnect
USB: ldusb: fix read info leaks
MIPS: tlbex: Fix build_restore_pagemask KScratch restore
staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS
scsi: zfcp: fix reaction on bit error threshold notification
scsi: sd: Ignore a failure to sync cache due to lack of authorization
scsi: core: save/restore command resid for error handling
scsi: core: try to get module before removing device
scsi: ch: Make it possible to open a ch device multiple times again
Input: da9063 - fix capability and drop KEY_SLEEP
Input: synaptics-rmi4 - avoid processing unknown IRQs
ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
ACPI: CPPC: Set pcc_data[pcc_ss_id] to NULL in acpi_cppc_processor_exit()
cfg80211: wext: avoid copying malformed SSIDs
mac80211: Reject malformed SSID elements
drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
drm/ttm: Restore ttm prefaulting
drm/amdgpu: Bail earlier when amdgpu.cik_/si_support is not set to 1
drivers/base/memory.c: don't access uninitialized memmaps in soft_offline_page_store()
fs/proc/page.c: don't access uninitialized memmaps in fs/proc/page.c
mmc: cqhci: Commit descriptors before setting the doorbell
mm/memory-failure.c: don't access uninitialized memmaps in memory_failure()
mm/slub: fix a deadlock in show_slab_objects()
mm/page_owner: don't access uninitialized memmaps when reading /proc/pagetypeinfo
hugetlbfs: don't access uninitialized memmaps in pfn_range_valid_gigantic()
mm/memory-failure: poison read receives SIGKILL instead of SIGBUS if mmaped more than once
xtensa: drop EXPORT_SYMBOL for outs*/ins*
parisc: Fix vmap memory leak in ioremap()/iounmap()
EDAC/ghes: Fix Use after free in ghes_edac remove path
arm64: Enable workaround for Cavium TX2 erratum 219 when running SMT
CIFS: avoid using MID 0xFFFF
CIFS: Fix use after free of file info structures
perf/aux: Fix AUX output stopping
tracing: Fix race in perf_trace_buf initialization
dm cache: fix bugs when a GFP_NOWAIT allocation fails
x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area
x86/apic/x2apic: Fix a NULL pointer deref when handling a dying cpu
pinctrl: cherryview: restore Strago DMI workaround for all versions
pinctrl: armada-37xx: fix control of pins 32 and up
pinctrl: armada-37xx: swap polarity on LED group
btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
Btrfs: add missing extents release on file extent cluster relocation error
Btrfs: check for the full sync flag while holding the inode lock during fsync
btrfs: tracepoints: Fix bad entry members of qgroup events
memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
xen/netback: fix error path of xenvif_connect_data()
PCI: PM: Fix pci_power_up()
blk-rq-qos: fix first node deletion of rq_qos_del()
RDMA/cxgb4: Do not dma memory off of the stack
Linux 4.19.81
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I96ed6b6f11919bc6dd4b560b160b8e7059ec574e
commit 307f4065b9d7c1e887e8bdfb2487e4638559fea1 upstream.
rq_qos_del() incorrectly assigns the node being deleted to the head if
it was the first on the list in the !prev path. Fix it by iterating
with ** instead.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Josef Bacik <josef@toxicpanda.com>
Fixes: a79050434b ("blk-rq-qos: refactor out common elements of blk-wbt")
Cc: stable@vger.kernel.org # v4.19+
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2o0vkACgkQONu9yGCS
aT50rQ//So/ShGy5+D6cmsPVbd8p/9X0fM5D6VjgJ2pj+HbalxW7JhJ0tyVdfkO1
AS6p/24bmUMWI3pxJBbJjfggbyleV2UFqlHIei+SjfHd0sghZ+E/XY7mLdcKvx0a
dGdXuxF+enb18pNiUKUrJUgqksgfO40yMXyZhjGf5A+/JmYsNaJhkyCWgPfGIB5i
YuowOWC4Rkds/CQxyRSRJl+YSQWh8j7Ke0tdjhMQxnmyzFD0wcE5vUtq2vIP7yxO
ypPrz9zWTase3y1yCcPsXd0m4Ji1VpF99hlgAr0HLFNcZn2kNYFpyblfOrI/zfoK
RqUJgVVlZaWvhMOrueQO+XbebXdCWTJHiNTUDxIFakEAPNz+XkTQQf6LvzOjcFxB
oLHnp1qBCn72y6o6Q3XmauFcmYBokyfBvXDAJsXYr+X5B4akn/fpyzzBCInX0h+r
og5zpLbXDLszG3j76TPSpcjd+t4xqMy+MG+jkH/mLtMAFyaVi2sfMzsZJAQCACr2
wNHRFQQGjDmQjovkwSRYENQBUuITSj+VrBUD0M7lnfA/Fni3BAJaxY5I6WeEvbeW
ejzPVFZB8dfEy7hAKKiVEuI8/akcp8MUXfLJOfTxytLIpYllOBoVC4LtjgO5FYu3
grSbRuowjrlUCtnCU9H18avLE1ScFFEGTmPOqI6xDqKiZf59QsQ=
=sKVA
-----END PGP SIGNATURE-----
Merge 4.19.80 into android-4.19
Changes in 4.19.80
panic: ensure preemption is disabled during panic()
f2fs: use EINVAL for superblock with invalid magic
USB: rio500: Remove Rio 500 kernel driver
USB: yurex: Don't retry on unexpected errors
USB: yurex: fix NULL-derefs on disconnect
USB: usb-skeleton: fix runtime PM after driver unbind
USB: usb-skeleton: fix NULL-deref on disconnect
xhci: Fix false warning message about wrong bounce buffer write length
xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
xhci: Check all endpoints for LPM timeout
xhci: Fix USB 3.1 capability detection on early xHCI 1.1 spec based hosts
usb: xhci: wait for CNR controller not ready bit in xhci resume
xhci: Prevent deadlock when xhci adapter breaks during init
xhci: Increase STS_SAVE timeout in xhci_suspend()
USB: adutux: fix use-after-free on disconnect
USB: adutux: fix NULL-derefs on disconnect
USB: adutux: fix use-after-free on release
USB: iowarrior: fix use-after-free on disconnect
USB: iowarrior: fix use-after-free on release
USB: iowarrior: fix use-after-free after driver unbind
USB: usblp: fix runtime PM after driver unbind
USB: chaoskey: fix use-after-free on release
USB: ldusb: fix NULL-derefs on driver unbind
serial: uartlite: fix exit path null pointer
USB: serial: keyspan: fix NULL-derefs on open() and write()
USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
USB: serial: option: add Telit FN980 compositions
USB: serial: option: add support for Cinterion CLS8 devices
USB: serial: fix runtime PM after driver unbind
USB: usblcd: fix I/O after disconnect
USB: microtek: fix info-leak at probe
USB: dummy-hcd: fix power budget for SuperSpeed mode
usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
USB: legousbtower: fix slab info leak at probe
USB: legousbtower: fix deadlock on disconnect
USB: legousbtower: fix potential NULL-deref on disconnect
USB: legousbtower: fix open after failed reset request
USB: legousbtower: fix use-after-free on release
mei: me: add comet point (lake) LP device ids
mei: avoid FW version request on Ibex Peak and earlier
gpio: eic: sprd: Fix the incorrect EIC offset when toggling
Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
staging: vt6655: Fix memory leak in vt6655_probe
iio: adc: hx711: fix bug in sampling of data
iio: adc: ad799x: fix probe error handling
iio: adc: axp288: Override TS pin bias current for some models
iio: light: opt3001: fix mutex unlock race
efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified
perf llvm: Don't access out-of-scope array
perf inject jit: Fix JIT_CODE_MOVE filename
blk-wbt: fix performance regression in wbt scale_up/scale_down
CIFS: Gracefully handle QueryInfo errors during open
CIFS: Force revalidate inode when dentry is stale
CIFS: Force reval dentry if LOOKUP_REVAL flag is set
kernel/sysctl.c: do not override max_threads provided by userspace
mm/vmpressure.c: fix a signedness bug in vmpressure_register_event()
firmware: google: increment VPD key_len properly
gpiolib: don't clear FLAG_IS_OUT when emulating open-drain/open-source
iio: adc: stm32-adc: move registers definitions
iio: adc: stm32-adc: fix a race when using several adcs with dma and irq
cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic
btrfs: fix incorrect updating of log root tree
btrfs: fix uninitialized ret in ref-verify
NFS: Fix O_DIRECT accounting of number of bytes read/written
MIPS: Disable Loongson MMI instructions for kernel build
MIPS: elf_hwcap: Export userspace ASEs
ACPICA: ACPI 6.3: PPTT add additional fields in Processor Structure Flags
ACPI/PPTT: Add support for ACPI 6.3 thread flag
arm64: topology: Use PPTT to determine if PE is a thread
Fix the locking in dcache_readdir() and friends
media: stkwebcam: fix runtime PM after driver unbind
arm64/sve: Fix wrong free for task->thread.sve_state
tracing/hwlat: Report total time spent in all NMIs during the sample
tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency
ftrace: Get a reference counter for the trace_array on filter files
tracing: Get trace_array reference for available_tracers files
hwmon: Fix HWMON_P_MIN_ALARM mask
x86/asm: Fix MWAITX C-state hint value
PCI: vmd: Fix config addressing when using bus offsets
perf/hw_breakpoint: Fix arch_hw_breakpoint use-before-initialization
Linux 4.19.80
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8ef1835585f79b752712a835852a4bc960ae3b97
commit b84477d3ebb96294f87dc3161e53fa8fe22d9bfd upstream.
scale_up wakes up waiters after scaling up. But after scaling max, it
should not wake up more waiters as waiters will not have anything to
do. This patch fixes this by making scale_up (and also scale_down)
return when threshold is reached.
This bug causes increased fdatasync latency when fdatasync and dd
conv=sync are performed in parallel on 4.19 compared to 4.14. This
bug was introduced during refactoring of blk-wbt code.
Fixes: a79050434b ("blk-rq-qos: refactor out common elements of blk-wbt")
Cc: stable@vger.kernel.org
Cc: Josef Bacik <jbacik@fb.com>
Signed-off-by: Harshad Shirwadkar <harshadshirwadkar@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
psi tracks the time tasks wait for refaulting pages to become
uptodate, but it does not track the time spent submitting the IO. The
submission part can be significant if backing storage is contended or
when cgroup throttling (io.latency) is in effect - a lot of time is
spent in submit_bio(). In that case, we underreport memory pressure.
Annotate submit_bio() to account submission time as memory stall when
the bio is reading userspace workingset pages.
Tested-by: Suren Baghdasaryan <surenb@google.com>
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
(cherry picked from commit b8e24a9300b0836a9d39f6b20746766b3b81f1bd)
Conflicts:
include/linux/blk_types.h
(1. Manually resolved BIO_WORKINGSET being definition instead of enum.)
Bug: 141131229
Test: boot and run act test suite
Change-Id: I99cef039844e219f1dc8196feead54b6f5fb26bb
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2bbnkACgkQONu9yGCS
aT6bng/+Jvj4gXLq2w+KmeN1SRbNu2ee+GjQsgQR6JZ3/dY5+rzPhuL37Op0fQd6
UwnLhY4TL3PUiRCE8pNaVYI8nDfpxRkohYP+SMtGyoQKmoiy3W/SWe3CgEwniLwg
k9TsuqxUsIUeEdSr6Bjbry0IU4VoZ3MP0cmMc1SrFUqJzFoGoUMHsHmQJvDPiy1f
l7oZUgYrXArcnPhCda6peD9AJUfuIRKAM4BW47WN6Z9moqAAAa60eXN/u/hHp+Qc
w55AZTSxel7CMbLDMnZ6/xWDgY/FHTLjkmhdIl9H6Qi8SbrJwq23zXnBO5xVameQ
4MaLIgrp7M5sohAVFdqAVZYyZrkX91ssVujYwc+I6O1TYdja1Usj2TzdyL/MPqzY
FLM9s3P0C3xKLdlg5gq9BxxnohIIhNmBy069NGsmfFd9jP2o6vFUEjiVxSY7Hp3r
GpZP1ETAfMNHCG3jN3o5EkwyLoQHegFWfLpCIEF++k9gjo2CP00+Lf16RVrSsG47
ILobFW5Wy4RXFyd7M8PrjSyuAtuzkUTzxg6P+6zuEtPwwvZPtadd97dGbA90pKvv
eB1UPHu8/emMhW/8fwDBbpeQbIh0pHtX2yQq/LTItEHGr+YjRTIyH3Z/fST5itre
ZDofsls4A+70TQ5/XOgjlDjco93iUs8KULDzQqvTFIuUIlvk3hQ=
=7fm2
-----END PGP SIGNATURE-----
Merge 4.19.78 into android-4.19
Changes in 4.19.78
tpm: use tpm_try_get_ops() in tpm-sysfs.c.
tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations
drm/bridge: tc358767: Increase AUX transfer length limit
drm/panel: simple: fix AUO g185han01 horizontal blanking
video: ssd1307fb: Start page range at page_offset
drm/stm: attach gem fence to atomic state
drm/panel: check failure cases in the probe func
drm/rockchip: Check for fast link training before enabling psr
drm/radeon: Fix EEH during kexec
gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property()
PCI: rpaphp: Avoid a sometimes-uninitialized warning
ipmi_si: Only schedule continuously in the thread in maintenance mode
clk: qoriq: Fix -Wunused-const-variable
clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks
drm/amd/display: fix issue where 252-255 values are clipped
drm/amd/display: reprogram VM config when system resume
powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window
clk: actions: Don't reference clk_init_data after registration
clk: sirf: Don't reference clk_init_data after registration
clk: sprd: Don't reference clk_init_data after registration
clk: zx296718: Don't reference clk_init_data after registration
powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL
powerpc/rtas: use device model APIs and serialization during LPM
powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function
powerpc/pseries/mobility: use cond_resched when updating device tree
pinctrl: tegra: Fix write barrier placement in pmx_writel
powerpc/eeh: Clear stale EEH_DEV_NO_HANDLER flag
vfio_pci: Restore original state on release
drm/nouveau/volt: Fix for some cards having 0 maximum voltage
pinctrl: amd: disable spurious-firing GPIO IRQs
clk: renesas: mstp: Set GENPD_FLAG_ALWAYS_ON for clock domain
clk: renesas: cpg-mssr: Set GENPD_FLAG_ALWAYS_ON for clock domain
drm/amd/display: support spdif
drm/amdgpu/si: fix ASIC tests
powerpc/64s/exception: machine check use correct cfar for late handler
pstore: fs superblock limits
clk: qcom: gcc-sdm845: Use floor ops for sdcc clks
powerpc/pseries: correctly track irq state in default idle
pinctrl: meson-gxbb: Fix wrong pinning definition for uart_c
arm64: fix unreachable code issue with cmpxchg
clk: at91: select parent if main oscillator or bypass is enabled
powerpc: dump kernel log before carrying out fadump or kdump
mbox: qcom: add APCS child device for QCS404
clk: sprd: add missing kfree
scsi: core: Reduce memory required for SCSI logging
dma-buf/sw_sync: Synchronize signal vs syncpt free
ext4: fix potential use after free after remounting with noblock_validity
MIPS: Ingenic: Disable broken BTB lookup optimization.
MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean
i2c-cht-wc: Fix lockdep warning
mfd: intel-lpss: Remove D3cold delay
PCI: tegra: Fix OF node reference leak
HID: wacom: Fix several minor compiler warnings
livepatch: Nullify obj->mod in klp_module_coming()'s error path
ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes
soundwire: intel: fix channel number reported by hardware
ARM: 8875/1: Kconfig: default to AEABI w/ Clang
rtc: snvs: fix possible race condition
rtc: pcf85363/pcf85263: fix regmap error in set_time
HID: apple: Fix stuck function keys when using FN
PCI: rockchip: Propagate errors for optional regulators
PCI: histb: Propagate errors for optional regulators
PCI: imx6: Propagate errors for optional regulators
PCI: exynos: Propagate errors for optional PHYs
security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()
ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned address
fat: work around race with userspace's read via blockdev while mounting
pktcdvd: remove warning on attempting to register non-passthrough dev
hypfs: Fix error number left in struct pointer member
crypto: hisilicon - Fix double free in sec_free_hw_sgl()
kbuild: clean compressed initramfs image
ocfs2: wait for recovering done after direct unlock request
kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
arm64: consider stack randomization for mmap base only when necessary
mips: properly account for stack randomization and stack guard gap
arm: properly account for stack randomization and stack guard gap
arm: use STACK_TOP when computing mmap base address
block: mq-deadline: Fix queue restart handling
bpf: fix use after free in prog symbol exposure
cxgb4:Fix out-of-bounds MSI-X info array access
erspan: remove the incorrect mtu limit for erspan
hso: fix NULL-deref on tty open
ipv6: drop incoming packets having a v4mapped source address
ipv6: Handle missing host route in __ipv6_ifa_notify
net: ipv4: avoid mixed n_redirects and rate_tokens usage
net: qlogic: Fix memory leak in ql_alloc_large_buffers
net: Unpublish sk from sk_reuseport_cb before call_rcu
nfc: fix memory leak in llcp_sock_bind()
qmi_wwan: add support for Cinterion CLS8 devices
rxrpc: Fix rxrpc_recvmsg tracepoint
sch_dsmark: fix potential NULL deref in dsmark_init()
udp: fix gso_segs calculations
vsock: Fix a lockdep warning in __vsock_release()
net: dsa: rtl8366: Check VLAN ID and not ports
udp: only do GSO if # of segs > 1
net/rds: Fix error handling in rds_ib_add_one()
xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
tipc: fix unlimited bundling of small messages
sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
soundwire: Kconfig: fix help format
soundwire: fix regmap dependencies and align with other serial links
Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
smack: use GFP_NOFS while holding inode_smack::smk_lock
NFC: fix attrs checks in netlink interface
kexec: bail out upon SIGKILL when allocating memory.
9p/cache.c: Fix memory leak in v9fs_cache_session_get_cookie
Linux 4.19.78
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I02db9c4a0cc1f784e6ac1523599fcbed747a6375
[ Upstream commit cb8acabbe33b110157955a7425ee876fb81e6bbc ]
Commit 7211aef86f79 ("block: mq-deadline: Fix write completion
handling") added a call to blk_mq_sched_mark_restart_hctx() in
dd_dispatch_request() to make sure that write request dispatching does
not stall when all target zones are locked. This fix left a subtle race
when a write completion happens during a dispatch execution on another
CPU:
CPU 0: Dispatch CPU1: write completion
dd_dispatch_request()
lock(&dd->lock);
...
lock(&dd->zone_lock); dd_finish_request()
rq = find request lock(&dd->zone_lock);
unlock(&dd->zone_lock);
zone write unlock
unlock(&dd->zone_lock);
...
__blk_mq_free_request
check restart flag (not set)
-> queue not run
...
if (!rq && have writes)
blk_mq_sched_mark_restart_hctx()
unlock(&dd->lock)
Since the dispatch context finishes after the write request completion
handling, marking the queue as needing a restart is not seen from
__blk_mq_free_request() and blk_mq_sched_restart() not executed leading
to the dispatch stall under 100% write workloads.
Fix this by moving the call to blk_mq_sched_mark_restart_hctx() from
dd_dispatch_request() into dd_finish_request() under the zone lock to
ensure full mutual exclusion between write request dispatch selection
and zone unlock on write request completion.
Fixes: 7211aef86f79 ("block: mq-deadline: Fix write completion handling")
Cc: stable@vger.kernel.org
Reported-by: Hans Holmberg <Hans.Holmberg@wdc.com>
Reviewed-by: Hans Holmberg <hans.holmberg@wdc.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Damien Le Moal <damien.lemoal@wdc.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2YehoACgkQONu9yGCS
aT536hAA0w6XF1ogPi23xS5BQ386c3BjWaOJddu0PFkR9utguuZaDG5AKjnkHtm2
foxKeCGyChCc1h6qFD2wLavsQMephzLWXkMw1/uXfwAPXGWY1hquD46zrFO0IYOc
dsmKh5V8ZT70lmPTBHCDVowp1xUczNFhuNRHz1KzVQ3lsKMAhsRiy6vpsXWzIeOM
VCrayI4jxTVZvoA9Odm9fTXpau0Qb9k4pqGGU84dz/xWfGzrz/AOmp+kWuZRGepS
fQi+46HK3idmGGNBVGkJYkDdpkefdrYdjlVHkkoAZHlaB+QaOrre0trNArK+knRu
jJIl8R/M50yYbkn97vVIpwoh19rV0BI7KUFKO4C4NCByOOV+9vjJ5g1FuZ7c3pmj
XKZiBmFBJVqbI1uwgqEn+/Tv6DyEz4gUzo5GHOe2i/Bh2nSguHZzO+Yhat1U+J+Y
3QVfrIS10jICWBAqm147FepGtNxbCPP3plyqbJdrMwgM6GOMd83v+rY/5okB2YK4
SHhzuevQoxujjeoOgHKjIqTiCIaJMt5ZvlCFqODg8NgpjTNDAbCA/UUQWs7MlrqX
6uwH2QLwk3h+bEXUfGzsbsk5isTDpHr1ch6SI9T675JHRZCE461RoR82XpjLOyHD
90tBJk9pfKlLqSEyiaWPPpXErhoS5WCVKM5yuT/rSS/i2Ve4VH4=
=Q+c9
-----END PGP SIGNATURE-----
Merge 4.19.77 into android-4.19
Changes in 4.19.77
arcnet: provide a buffer big enough to actually receive packets
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
macsec: drop skb sk before calling gro_cells_receive
net/phy: fix DP83865 10 Mbps HDX loopback disable function
net: qrtr: Stop rx_worker before freeing node
net/sched: act_sample: don't push mac header on ip6gre ingress
net_sched: add max len check for TCA_KIND
nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
ppp: Fix memory leak in ppp_write
sch_netem: fix a divide by zero in tabledist()
skge: fix checksum byte order
usbnet: ignore endpoints with invalid wMaxPacketSize
usbnet: sanity checking of packet sizes and device mtu
net: sched: fix possible crash in tcf_action_destroy()
tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state
net/mlx5: Add device ID of upcoming BlueField-2
mISDN: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
nfc: enforce CAP_NET_RAW for raw sockets
nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs
ALSA: hda: Flush interrupts on disabling
regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
ASoC: tlv320aic31xx: suppress error message for EPROBE_DEFER
ASoC: sgtl5000: Fix of unmute outputs on probe
ASoC: sgtl5000: Fix charge pump source assignment
firmware: qcom_scm: Use proper types for dma mappings
dmaengine: bcm2835: Print error in case setting DMA mask fails
leds: leds-lp5562 allow firmware files up to the maximum length
media: dib0700: fix link error for dibx000_i2c_set_speed
media: mtk-cir: lower de-glitch counter for rc-mm protocol
media: exynos4-is: fix leaked of_node references
media: hdpvr: Add device num check and handling
media: i2c: ov5640: Check for devm_gpiod_get_optional() error
time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint
sched/fair: Fix imbalance due to CPU affinity
sched/core: Fix CPU controller for !RT_GROUP_SCHED
x86/apic: Make apic_pending_intr_clear() more robust
sched/deadline: Fix bandwidth accounting at all levels after offline migration
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
x86/apic: Soft disable APIC before initializing it
ALSA: hda - Show the fatal CORB/RIRB error more clearly
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
EDAC/mc: Fix grain_bits calculation
media: iguanair: add sanity checks
base: soc: Export soc_device_register/unregister APIs
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
ia64:unwind: fix double free for mod->arch.init_unw_table
EDAC/altera: Use the proper type for the IRQ status bits
ASoC: rsnd: don't call clk_get_rate() under atomic context
arm64/prefetch: fix a -Wtype-limits warning
md/raid1: end bio when the device faulty
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
md: don't set In_sync if array is frozen
media: media/platform: fsl-viu.c: fix build for MICROBLAZE
ACPI / processor: don't print errors for processorIDs == 0xff
loop: Add LOOP_SET_DIRECT_IO to compat ioctl
EDAC, pnd2: Fix ioremap() size in dnv_rd_reg()
efi: cper: print AER info of PCIe fatal error
firmware: arm_scmi: Check if platform has released shmem before using
sched/fair: Use rq_lock/unlock in online_fair_sched_group
idle: Prevent late-arriving interrupts from disrupting offline
media: gspca: zero usb_buf on error
perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig
perf test vfs_getname: Disable ~/.perfconfig to get default output
media: mtk-mdp: fix reference count on old device tree
media: fdp1: Reduce FCP not found message level to debug
media: em28xx: modules workqueue not inited for 2nd device
media: rc: imon: Allow iMON RC protocol for ffdc 7e device
dmaengine: iop-adma: use correct printk format strings
perf record: Support aarch64 random socket_id assignment
media: vsp1: fix memory leak of dl on error return path
media: i2c: ov5645: Fix power sequence
media: omap3isp: Don't set streaming state on random subdevs
media: imx: mipi csi-2: Don't fail if initial state times-out
net: lpc-enet: fix printk format strings
m68k: Prevent some compiler warnings in Coldfire builds
ARM: dts: imx7d: cl-som-imx7: make ethernet work again
ARM: dts: imx7-colibri: disable HS400
media: radio/si470x: kill urb on error
media: hdpvr: add terminating 0 at end of string
ASoC: uniphier: Fix double reset assersion when transitioning to suspend state
tools headers: Fixup bitsperlong per arch includes
ASoC: sun4i-i2s: Don't use the oversample to calculate BCLK
led: triggers: Fix a memory leak bug
nbd: add missing config put
media: mceusb: fix (eliminate) TX IR signal length limit
media: dvb-frontends: use ida for pll number
posix-cpu-timers: Sanitize bogus WARNONS
media: dvb-core: fix a memory leak bug
libperf: Fix alignment trap with xyarray contents in 'perf stat'
EDAC/amd64: Recognize DRAM device type ECC capability
EDAC/amd64: Decode syndrome before translating address
PM / devfreq: passive: Use non-devm notifiers
PM / devfreq: exynos-bus: Correct clock enable sequence
media: cec-notifier: clear cec_adap in cec_notifier_unregister
media: saa7146: add cleanup in hexium_attach()
media: cpia2_usb: fix memory leaks
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
perf trace beauty ioctl: Fix off-by-one error in cmd->string table
media: ov9650: add a sanity check
ASoC: es8316: fix headphone mixer volume table
ACPI / CPPC: do not require the _PSD method
sched/cpufreq: Align trace event behavior of fast switching
x86/apic/vector: Warn when vector space exhaustion breaks affinity
arm64: kpti: ensure patched kernel text is fetched from PoU
x86/mm/pti: Do not invoke PTI functions when PTI is disabled
ASoC: fsl_ssi: Fix clock control issue in master mode
x86/mm/pti: Handle unaligned address gracefully in pti_clone_pagetable()
nvmet: fix data units read and written counters in SMART log
nvme-multipath: fix ana log nsid lookup when nsid is not found
ALSA: firewire-motu: add support for MOTU 4pre
iommu/amd: Silence warnings under memory pressure
libata/ahci: Drop PCS quirk for Denverton and beyond
iommu/iova: Avoid false sharing on fq_timer_on
libtraceevent: Change users plugin directory
ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
ACPI: custom_method: fix memory leaks
ACPI / PCI: fix acpi_pci_irq_enable() memory leak
closures: fix a race on wakeup from closure_sync
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
md/raid1: fail run raid1 array when active disk less than one
dmaengine: ti: edma: Do not reset reserved paRAM slots
kprobes: Prohibit probing on BUG() and WARN() address
s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
x86/cpu: Add Tiger Lake to Intel family
platform/x86: intel_pmc_core: Do not ioremap RAM
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
raid5: don't set STRIPE_HANDLE to stripe which is in batch list
mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD
mmc: sdhci: Fix incorrect switch to HS mode
mmc: core: Add helper function to indicate if SDIO IRQs is enabled
mmc: dw_mmc: Re-store SDIO IRQs mask at system resume
raid5: don't increment read_errors on EILSEQ return
libertas: Add missing sentinel at end of if_usb.c fw_table
e1000e: add workaround for possible stalled packet
ALSA: hda - Drop unsol event handler for Intel HDMI codecs
drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
media: omap3isp: Set device on omap3isp subdevs
PM / devfreq: passive: fix compiler warning
iwlwifi: fw: don't send GEO_TX_POWER_LIMIT command to FW version 36
ALSA: firewire-tascam: handle error code when getting current source of clock
ALSA: firewire-tascam: check intermediate state of clock status and retry
scsi: scsi_dh_rdac: zero cdb in send_mode_select()
scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag
printk: Do not lose last line in kmsg buffer dump
IB/mlx5: Free mpi in mp_slave mode
IB/hfi1: Define variables as unsigned long to fix KASAN warning
randstruct: Check member structs in is_pure_ops_struct()
Revert "ceph: use ceph_evict_inode to cleanup inode's resource"
ceph: use ceph_evict_inode to cleanup inode's resource
ALSA: hda/realtek - PCI quirk for Medion E4254
blk-mq: add callback of .cleanup_rq
scsi: implement .cleanup_rq callback
powerpc/imc: Dont create debugfs files for cpu-less nodes
fuse: fix missing unlock_page in fuse_writepage()
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
KVM: x86: always stop emulation on page fault
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: Manually calculate reserved bits when loading PDPTRS
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
media: don't drop front-end reference count for ->detach
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
ASoC: Intel: NHLT: Fix debug print format
ASoC: Intel: Skylake: Use correct function to access iomem space
ASoC: Intel: Fix use of potentially uninitialized variable
ARM: samsung: Fix system restart on S3C6410
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
Revert "arm64: Remove unnecessary ISBs from set_{pte,pmd,pud}"
arm64: tlb: Ensure we execute an ISB following walk cache invalidation
arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
regulator: Defer init completion for a while after late_initcall
efifb: BGRT: Improve efifb_bgrt_sanity_check
gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps
memcg, oom: don't require __GFP_FS when invoking memcg OOM killer
memcg, kmem: do not fail __GFP_NOFAIL charges
i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask
block: fix null pointer dereference in blk_mq_rq_timed_out()
smb3: allow disabling requesting leases
ovl: Fix dereferencing possible ERR_PTR()
ovl: filter of trusted xattr results in audit
btrfs: fix allocation of free space cache v1 bitmap pages
Btrfs: fix use-after-free when using the tree modification log
btrfs: Relinquish CPUs in btrfs_compare_trees
btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space
btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls
Btrfs: fix race setting up and completing qgroup rescan workers
md/raid6: Set R5_ReadError when there is read failure on parity disk
md: don't report active array_state until after revalidate_disk() completes.
md: only call set_in_sync() when it is expected to succeed.
cfg80211: Purge frame registrations on iftype change
/dev/mem: Bail out upon SIGKILL.
ext4: fix warning inside ext4_convert_unwritten_extents_endio
ext4: fix punch hole for inline_data file systems
quota: fix wrong condition in is_quota_modification()
hwrng: core - don't wait on add_early_randomness()
i2c: riic: Clear NACK in tend isr
CIFS: fix max ea value size
CIFS: Fix oplock handling for SMB 2.1+ protocols
md/raid0: avoid RAID0 data corruption due to layout confusion.
fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock
mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone
drm/amd/display: Restore backlight brightness after system resume
Linux 4.19.77
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2c74f09f497a4b45b244a7dd263c5116533dfccb
commit 8d6996630c03d7ceeabe2611378fea5ca1c3f1b3 upstream.
We got a null pointer deference BUG_ON in blk_mq_rq_timed_out()
as following:
[ 108.825472] BUG: kernel NULL pointer dereference, address: 0000000000000040
[ 108.827059] PGD 0 P4D 0
[ 108.827313] Oops: 0000 [#1] SMP PTI
[ 108.827657] CPU: 6 PID: 198 Comm: kworker/6:1H Not tainted 5.3.0-rc8+ #431
[ 108.829503] Workqueue: kblockd blk_mq_timeout_work
[ 108.829913] RIP: 0010:blk_mq_check_expired+0x258/0x330
[ 108.838191] Call Trace:
[ 108.838406] bt_iter+0x74/0x80
[ 108.838665] blk_mq_queue_tag_busy_iter+0x204/0x450
[ 108.839074] ? __switch_to_asm+0x34/0x70
[ 108.839405] ? blk_mq_stop_hw_queue+0x40/0x40
[ 108.839823] ? blk_mq_stop_hw_queue+0x40/0x40
[ 108.840273] ? syscall_return_via_sysret+0xf/0x7f
[ 108.840732] blk_mq_timeout_work+0x74/0x200
[ 108.841151] process_one_work+0x297/0x680
[ 108.841550] worker_thread+0x29c/0x6f0
[ 108.841926] ? rescuer_thread+0x580/0x580
[ 108.842344] kthread+0x16a/0x1a0
[ 108.842666] ? kthread_flush_work+0x170/0x170
[ 108.843100] ret_from_fork+0x35/0x40
The bug is caused by the race between timeout handle and completion for
flush request.
When timeout handle function blk_mq_rq_timed_out() try to read
'req->q->mq_ops', the 'req' have completed and reinitiated by next
flush request, which would call blk_rq_init() to clear 'req' as 0.
After commit 12f5b93145 ("blk-mq: Remove generation seqeunce"),
normal requests lifetime are protected by refcount. Until 'rq->ref'
drop to zero, the request can really be free. Thus, these requests
cannot been reused before timeout handle finish.
However, flush request has defined .end_io and rq->end_io() is still
called even if 'rq->ref' doesn't drop to zero. After that, the 'flush_rq'
can be reused by the next flush request handle, resulting in null
pointer deference BUG ON.
We fix this problem by covering flush request with 'rq->ref'.
If the refcount is not zero, flush_end_io() return and wait the
last holder recall it. To record the request status, we add a new
entry 'rq_status', which will be used in flush_end_io().
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Keith Busch <keith.busch@intel.com>
Cc: Bart Van Assche <bvanassche@acm.org>
Cc: stable@vger.kernel.org # v4.18+
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Bob Liu <bob.liu@oracle.com>
Signed-off-by: Yufen Yu <yuyufen@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-------
v2:
- move rq_status from struct request to struct blk_flush_queue
v3:
- remove unnecessary '{}' pair.
v4:
- let spinlock to protect 'fq->rq_status'
v5:
- move rq_status after flush_running_idx member of struct blk_flush_queue
Signed-off-by: Jens Axboe <axboe@kernel.dk>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2S8YUACgkQONu9yGCS
aT73mA/+OFA6raC1+AwctfsJTqwGjcQ45VFNdTl2odA+/o9MQwfKFkphJaYppxoz
vm542K1/JBko4gZ5Kb9rz5kqbFvrMdlDfRBHNlhzakhaU0u3fLkKt2LeoTtSIPEA
kkog51CZScZGTAxUW72t069k1szdP6sj0NzLHNGtaqOLIKdYaTegm5RuiQTk6L/5
VIMc2ASMAnzPWCO4NPjmrDN7wHPkMQusyG+ja+C2VDlJTZl288eP+eWTWixZXsnh
nepyuUTUa5pbutpKmeUbNsTek+UYKfk/rcTzaSj7OY2t34jbWBP5ezq/WVlLW88G
kb3HliXydUljvrAOhAZTKmunGFb12g2TER/h7MUDvs9P6YC38KoCCqk5lMlix+et
oS9mYLPwbPhOLB42whc0PH3dPLuOFCQLxSKeTBNVRumm4ddpwVHGCJWpCkAhR07S
h/uLK8aMbrgPifWL3eohe+XsgTdpTXXFApcV8C2wdK9E/dw4BSrbYRG1oJtMSGjC
KLYYA5CnXWD6oBX/at+aJAx2DZKDESexB8i0jx8ot1Wc0Ac4TFPtET88WGmNyCnm
ssW37j5Z07SFCEUEW+yujMtiYNbqlVy1nRCRjXcoMqWA2kOQZdo7hr+ihcd2aGgD
GxzNw8yZaH/CwaKU9kziQsWE0GFEz/supWGu5BgBTO0PZDyUmwg=
=eUlg
-----END PGP SIGNATURE-----
Merge 4.19.76 into android-4.19
Changes in 4.19.76
Revert "Bluetooth: validate BLE connection interval updates"
net/ibmvnic: free reset work of removed device from queue
RDMA/restrack: Protect from reentry to resource return path
powerpc/xive: Fix bogus error code returned by OPAL
drm/amd/display: readd -msse2 to prevent Clang from emitting libcalls to undefined SW FP routines
IB/core: Add an unbound WQ type to the new CQ API
HID: prodikeys: Fix general protection fault during probe
HID: sony: Fix memory corruption issue on cleanup.
HID: logitech: Fix general protection fault caused by Logitech driver
HID: hidraw: Fix invalid read in hidraw_ioctl
HID: Add quirk for HP X500 PIXART OEM mouse
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
crypto: talitos - fix missing break in switch statement
CIFS: fix deadlock in cached root handling
net/mlx5e: Set ECN for received packets using CQE indication
net/mlx5e: don't set CHECKSUM_COMPLETE on SCTP packets
mlx5: fix get_ip_proto()
net/mlx5e: Allow reporting of checksum unnecessary
net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded
net/mlx5e: Rx, Fixup skb checksum for packets with tail padding
net/mlx5e: Rx, Check ip headers sanity
iwlwifi: mvm: send BCAST management frames to the right station
iwlwifi: mvm: always init rs_fw with 20MHz bandwidth rates
media: tvp5150: fix switch exit in set control handler
ASoC: Intel: cht_bsw_max98090_ti: Enable codec clock once and keep it enabled
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
ALSA: usb-audio: Add Hiby device family to quirks for native DSD support
ALSA: usb-audio: Add DSD support for EVGA NU Audio
ALSA: dice: fix wrong packet parameter for Alesis iO26
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
ALSA: hda - Apply AMD controller workaround for Raven platform
objtool: Clobber user CFLAGS variable
pinctrl: sprd: Use define directive for sprd_pinconf_params values
power: supply: sysfs: ratelimit property read error message
locking/lockdep: Add debug_locks check in __lock_downgrade()
scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion
scsi: qla2xxx: Remove all rports if fabric scan retry fails
scsi: qla2xxx: Return switch command on a timeout
Revert "drm/amd/powerplay: Enable/Disable NBPSTATE on On/OFF of UVD"
bpf: libbpf: retry loading program on EAGAIN
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
f2fs: check all the data segments against all node ones
PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
bcache: remove redundant LIST_HEAD(journal) from run_cache_set()
initramfs: don't free a non-existent initrd
blk-mq: change gfp flags to GFP_NOIO in blk_mq_realloc_hw_ctxs
blk-mq: move cancel of requeue_work to the front of blk_exit_queue
Revert "f2fs: avoid out-of-range memory access"
dm zoned: fix invalid memory access
net/ibmvnic: Fix missing { in __ibmvnic_reset
f2fs: fix to do sanity check on segment bitmap of LFS curseg
drm: Flush output polling on shutdown
net: don't warn in inet diag when IPV6 is disabled
Bluetooth: btrtl: HCI reset on close for Realtek BT chip
ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35
drm/nouveau/disp/nv50-: fix center/aspect-corrected scaling
xfs: don't crash on null attr fork xfs_bmapi_read
netfilter: nft_socket: fix erroneous socket assignment
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
net_sched: check cops->tcf_block in tc_bind_tclass()
net/rds: An rds_sock is added too early to the hash table
net/rds: Check laddr_check before calling it
f2fs: use generic EFSBADCRC/EFSCORRUPTED
Linux 4.19.76
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Iee7c7dfb1bfcf16ad7eaffd9974d056622479030
[ Upstream commit e26cc08265dda37d2acc8394604f220ef412299d ]
blk_exit_queue will free elevator_data, while blk_mq_requeue_work
will access it. Move cancel of requeue_work to the front of
blk_exit_queue to avoid use-after-free.
blk_exit_queue blk_mq_requeue_work
__elevator_exit blk_mq_run_hw_queues
blk_mq_exit_sched blk_mq_run_hw_queue
dd_exit_queue blk_mq_hctx_has_pending
kfree(elevator_data) blk_mq_sched_has_work
dd_has_work
Fixes: fbc2a15e3433 ("blk-mq: move cancel of requeue_work into blk_mq_release")
Cc: stable@vger.kernel.org
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: zhengbin <zhengbin13@huawei.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 5b202853ffbc54b29f23c4b1b5f3948efab489a2 ]
blk_mq_realloc_hw_ctxs could be invoked during update hw queues.
At the momemt, IO is blocked. Change the gfp flags from GFP_KERNEL
to GFP_NOIO to avoid forever hang during memory allocation in
blk_mq_realloc_hw_ctxs.
Signed-off-by: Jianchao Wang <jianchao.w.wang@oracle.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1/KiEACgkQONu9yGCS
aT49JBAAy7b3wv1WXAtg9wsyS1JL4HbMXt3YjtokIX+UpkznoqII4B85QftPBbiD
9zDuTWPjhrqKv1GsMkFRCqBVp5wGVik1MIbjVuKdstFN5W8KQybpbYnSW4T52+wS
cs6oOPkLydAfWzKeq+ekEeU8yr5dua+Ui3huundZ49wseJWQP3fh9T+ToUx8V/cr
tsLiRRgI0djj7KQWVuM1j8YGKT/6qk/UL0HMVZyoIdLmsxpLap+LWe0+CRXn8rvs
eJJlVQTVtYf/ySoHkpnwR12VsjRYjx6pNkm/GrebMCkM7wF/4RMqxk7j9EU0PENH
VUdRrUd+j/YPp6QzjSFMK0+0eb7Gm3X0FEN0IGZshu1r/CDnoj/7hqnBmOlYIbhv
pdteYaLqWq7JjAHu7vF+S4aNQRGpAZb05LsbTJ39Eu3FbdVTLXsAuUveZ7Y4/y0X
ri2M3d/sF/cjc3C+V7Y7h422SM36jSAK6496VAoRyqqjX/3JyROhgfU9NAMzVr83
4uI904z9lH4TZGOd5YQgX2VuOtBcGwa7+g6fy97u1tp8UxSWFZRGDDLRysF/dIJO
Wi51UK0Q7EWnqBTe0TFF6TjE5tC7R3ZgzqEQ1MU4eLI5mqokg82DAK4Ub2Wk5Qch
CGs5/d16OOrLtG2RoaOGz9UdQR7IHUXLSqkKbaEdstc16MXNXns=
=cmGh
-----END PGP SIGNATURE-----
Merge 4.19.73 into android-4.19
Changes in 4.19.73
ALSA: hda - Fix potential endless loop at applying quirks
ALSA: hda/realtek - Fix overridden device-specific initialization
ALSA: hda/realtek - Add quirk for HP Pavilion 15
ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL
ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre
sched/fair: Don't assign runtime for throttled cfs_rq
drm/vmwgfx: Fix double free in vmw_recv_msg()
vhost/test: fix build for vhost test
vhost/test: fix build for vhost test - again
powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction
batman-adv: fix uninit-value in batadv_netlink_get_ifindex()
batman-adv: Only read OGM tvlv_len after buffer len check
hv_sock: Fix hang when a connection is closed
Blk-iolatency: warn on negative inflight IO counter
blk-iolatency: fix STS_AGAIN handling
{nl,mac}80211: fix interface combinations on crypto controlled devices
timekeeping: Use proper ktime_add when adding nsecs in coarse offset
selftests: fib_rule_tests: use pre-defined DEV_ADDR
x86/ftrace: Fix warning and considate ftrace_jmp_replace() and ftrace_call_replace()
powerpc/64: mark start_here_multiplatform as __ref
media: stm32-dcmi: fix irq = 0 case
arm64: dts: rockchip: enable usb-host regulators at boot on rk3328-rock64
scripts/decode_stacktrace: match basepath using shell prefix operator, not regex
riscv: remove unused variable in ftrace
nvme-fc: use separate work queue to avoid warning
clk: s2mps11: Add used attribute to s2mps11_dt_match
remoteproc: qcom: q6v5: shore up resource probe handling
modules: always page-align module section allocations
kernel/module: Fix mem leak in module_add_modinfo_attrs
drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse"
media: cec/v4l2: move V4L2 specific CEC functions to V4L2
media: cec: remove cec-edid.c
scsi: qla2xxx: Move log messages before issuing command to firmware
keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h
Drivers: hv: kvp: Fix two "this statement may fall through" warnings
x86, hibernate: Fix nosave_regions setup for hibernation
remoteproc: qcom: q6v5-mss: add SCM probe dependency
drm/amdgpu/gfx9: Update gfx9 golden settings.
drm/amdgpu: Update gc_9_0 golden settings.
KVM: x86: hyperv: enforce vp_index < KVM_MAX_VCPUS
KVM: x86: hyperv: consistently use 'hv_vcpu' for 'struct kvm_vcpu_hv' variables
KVM: x86: hyperv: keep track of mismatched VP indexes
KVM: hyperv: define VP assist page helpers
x86/kvm/lapic: preserve gfn_to_hva_cache len on cache reinit
drm/i915: Fix intel_dp_mst_best_encoder()
drm/i915: Rename PLANE_CTL_DECOMPRESSION_ENABLE
drm/i915/gen9+: Fix initial readout for Y tiled framebuffers
drm/atomic_helper: Disallow new modesets on unregistered connectors
Drivers: hv: kvp: Fix the indentation of some "break" statements
Drivers: hv: kvp: Fix the recent regression caused by incorrect clean-up
powerplay: Respect units on max dcfclk watermark
drm/amd/pp: Fix truncated clock value when set watermark
drm/amd/dm: Understand why attaching path/tile properties are needed
ARM: davinci: da8xx: define gpio interrupts as separate resources
ARM: davinci: dm365: define gpio interrupts as separate resources
ARM: davinci: dm646x: define gpio interrupts as separate resources
ARM: davinci: dm355: define gpio interrupts as separate resources
ARM: davinci: dm644x: define gpio interrupts as separate resources
s390/zcrypt: reinit ap queue state machine during device probe
media: vim2m: use workqueue
media: vim2m: use cancel_delayed_work_sync instead of flush_schedule_work
drm/i915: Restore sane defaults for KMS on GEM error load
drm/i915: Cleanup gt powerstate from gem
KVM: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch
Btrfs: clean up scrub is_dev_replace parameter
Btrfs: fix deadlock with memory reclaim during scrub
btrfs: Remove extent_io_ops::fill_delalloc
btrfs: Fix error handling in btrfs_cleanup_ordered_extents
scsi: megaraid_sas: Fix combined reply queue mode detection
scsi: megaraid_sas: Add check for reset adapter bit
scsi: megaraid_sas: Use 63-bit DMA addressing
powerpc/pkeys: Fix handling of pkey state across fork()
btrfs: volumes: Make sure no dev extent is beyond device boundary
btrfs: Use real device structure to verify dev extent
media: vim2m: only cancel work if it is for right context
ARC: show_regs: lockdep: re-enable preemption
ARC: mm: do_page_fault fixes#1: relinquish mmap_sem if signal arrives while handle_mm_fault
IB/uverbs: Fix OOPs upon device disassociation
crypto: ccree - fix resume race condition on init
crypto: ccree - add missing inline qualifier
drm/vblank: Allow dynamic per-crtc max_vblank_count
drm/i915/ilk: Fix warning when reading emon_status with no output
mfd: Kconfig: Fix I2C_DESIGNWARE_PLATFORM dependencies
tpm: Fix some name collisions with drivers/char/tpm.h
bcache: replace hard coded number with BUCKET_GC_GEN_MAX
bcache: treat stale && dirty keys as bad keys
KVM: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run
iio: adc: exynos-adc: Add S5PV210 variant
dt-bindings: iio: adc: exynos-adc: Add S5PV210 variant
iio: adc: exynos-adc: Use proper number of channels for Exynos4x12
mt76: fix corrupted software generated tx CCMP PN
drm/nouveau: Don't WARN_ON VCPI allocation failures
iwlwifi: fix devices with PCI Device ID 0x34F0 and 11ac RF modules
iwlwifi: add new card for 9260 series
x86/kvmclock: set offset for kvm unstable clock
spi: spi-gpio: fix SPI_CS_HIGH capability
powerpc/kvm: Save and restore host AMR/IAMR/UAMOR
mmc: renesas_sdhi: Fix card initialization failure in high speed mode
btrfs: scrub: pass fs_info to scrub_setup_ctx
btrfs: scrub: move scrub_setup_ctx allocation out of device_list_mutex
btrfs: scrub: fix circular locking dependency warning
btrfs: init csum_list before possible free
PCI: qcom: Fix error handling in runtime PM support
PCI: qcom: Don't deassert reset GPIO during probe
drm: add __user attribute to ptr_to_compat()
CIFS: Fix error paths in writeback code
CIFS: Fix leaking locked VFS cache pages in writeback retry
drm/i915: Handle vm_mmap error during I915_GEM_MMAP ioctl with WC set
drm/i915: Sanity check mmap length against object size
usb: typec: tcpm: Try PD-2.0 if sink does not respond to 3.0 source-caps
arm64: dts: stratix10: add the sysmgr-syscon property from the gmac's
IB/mlx5: Reset access mask when looping inside page fault handler
kvm: mmu: Fix overflow on kvm mmu page limit calculation
x86/kvm: move kvm_load/put_guest_xcr0 into atomic context
KVM: x86: Always use 32-bit SMRAM save state for 32-bit kernels
cifs: Fix lease buffer length error
media: i2c: tda1997x: select V4L2_FWNODE
ext4: protect journal inode's blocks using block_validity
ARM: dts: qcom: ipq4019: fix PCI range
ARM: dts: qcom: ipq4019: Fix MSI IRQ type
ARM: dts: qcom: ipq4019: enlarge PCIe BAR range
dt-bindings: mmc: Add supports-cqe property
dt-bindings: mmc: Add disable-cqe-dcmd property.
PCI: Add macro for Switchtec quirk declarations
PCI: Reset Lenovo ThinkPad P50 nvgpu at boot if necessary
dm mpath: fix missing call of path selector type->end_io
blk-mq: free hw queue's resource in hctx's release handler
mmc: sdhci-pci: Add support for Intel CML
PCI: dwc: Use devm_pci_alloc_host_bridge() to simplify code
cifs: smbd: take an array of reqeusts when sending upper layer data
dm crypt: move detailed message into debug level
signal/arc: Use force_sig_fault where appropriate
ARC: mm: fix uninitialised signal code in do_page_fault
ARC: mm: SIGSEGV userspace trying to access kernel virtual memory
drm/amdkfd: Add missing Polaris10 ID
kvm: Check irqchip mode before assign irqfd
drm/amdgpu: fix ring test failure issue during s3 in vce 3.0 (V2)
drm/amdgpu/{uvd,vcn}: fetch ring's read_ptr after alloc
Btrfs: fix race between block group removal and block group allocation
cifs: add spinlock for the openFileList to cifsInodeInfo
clk: tegra: Fix maximum audio sync clock for Tegra124/210
clk: tegra210: Fix default rates for HDA clocks
IB/hfi1: Avoid hardlockup with flushlist_lock
apparmor: reset pos on failure to unpack for various functions
scsi: target/core: Use the SECTOR_SHIFT constant
scsi: target/iblock: Fix overrun in WRITE SAME emulation
staging: wilc1000: fix error path cleanup in wilc_wlan_initialize()
scsi: zfcp: fix request object use-after-free in send path causing wrong traces
cifs: Properly handle auto disabling of serverino option
ALSA: hda - Don't resume forcibly i915 HDMI/DP codec
ceph: use ceph_evict_inode to cleanup inode's resource
KVM: x86: optimize check for valid PAT value
KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value
KVM: VMX: Fix handling of #MC that occurs during VM-Entry
KVM: VMX: check CPUID before allowing read/write of IA32_XSS
KVM: PPC: Use ccr field in pt_regs struct embedded in vcpu struct
KVM: PPC: Book3S HV: Fix CR0 setting in TM emulation
ARM: dts: gemini: Set DIR-685 SPI CS as active low
RDMA/srp: Document srp_parse_in() arguments
RDMA/srp: Accept again source addresses that do not have a port number
btrfs: correctly validate compression type
resource: Include resource end in walk_*() interfaces
resource: Fix find_next_iomem_res() iteration issue
resource: fix locking in find_next_iomem_res()
pstore: Fix double-free in pstore_mkfile() failure path
dm thin metadata: check if in fail_io mode when setting needs_check
drm/panel: Add support for Armadeus ST0700 Adapt
ALSA: hda - Fix intermittent CORB/RIRB stall on Intel chips
powerpc/mm: Limit rma_size to 1TB when running without HV mode
iommu/iova: Remove stale cached32_node
gpio: don't WARN() on NULL descs if gpiolib is disabled
i2c: at91: disable TXRDY interrupt after sending data
i2c: at91: fix clk_offset for sama5d2
mm/migrate.c: initialize pud_entry in migrate_vma()
iio: adc: gyroadc: fix uninitialized return code
NFSv4: Fix delegation state recovery
bcache: only clear BTREE_NODE_dirty bit when it is set
bcache: add comments for mutex_lock(&b->write_lock)
bcache: fix race in btree_flush_write()
drm/i915: Make sure cdclk is high enough for DP audio on VLV/CHV
virtio/s390: fix race on airq_areas[]
drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors
ext4: don't perform block validity checks on the journal inode
ext4: fix block validity checks for journal inodes using indirect blocks
ext4: unsigned int compared against zero
PCI: Reset both NVIDIA GPU and HDA in ThinkPad P50 workaround
powerpc/tm: Remove msr_tm_active()
powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts
vhost: make sure log_num < in_num
Linux 4.19.73
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7bc57825aeb36759bb8e8726888da9af06392c09
[ Upstream commit c7e2d94b3d1634988a95ac4d77a72dc7487ece06 ]
Once blk_cleanup_queue() returns, tags shouldn't be used any more,
because blk_mq_free_tag_set() may be called. Commit 45a9c9d909
("blk-mq: Fix a use-after-free") fixes this issue exactly.
However, that commit introduces another issue. Before 45a9c9d909,
we are allowed to run queue during cleaning up queue if the queue's
kobj refcount is held. After that commit, queue can't be run during
queue cleaning up, otherwise oops can be triggered easily because
some fields of hctx are freed by blk_mq_free_queue() in blk_cleanup_queue().
We have invented ways for addressing this kind of issue before, such as:
8dc765d438f1 ("SCSI: fix queue cleanup race before queue initialization is done")
c2856ae2f3 ("blk-mq: quiesce queue before freeing queue")
But still can't cover all cases, recently James reports another such
kind of issue:
https://marc.info/?l=linux-scsi&m=155389088124782&w=2
This issue can be quite hard to address by previous way, given
scsi_run_queue() may run requeues for other LUNs.
Fixes the above issue by freeing hctx's resources in its release handler, and this
way is safe becasue tags isn't needed for freeing such hctx resource.
This approach follows typical design pattern wrt. kobject's release handler.
Cc: Dongli Zhang <dongli.zhang@oracle.com>
Cc: James Smart <james.smart@broadcom.com>
Cc: Bart Van Assche <bart.vanassche@wdc.com>
Cc: linux-scsi@vger.kernel.org,
Cc: Martin K . Petersen <martin.petersen@oracle.com>,
Cc: Christoph Hellwig <hch@lst.de>,
Cc: James E . J . Bottomley <jejb@linux.vnet.ibm.com>,
Reported-by: James Smart <james.smart@broadcom.com>
Fixes: 45a9c9d909 ("blk-mq: Fix a use-after-free")
Cc: stable@vger.kernel.org
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Tested-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit c9b3007feca018d3f7061f5d5a14cb00766ffe9b ]
The iolatency controller is based on rq_qos. It increments on
rq_qos_throttle() and decrements on either rq_qos_cleanup() or
rq_qos_done_bio(). a3fb01ba5af0 fixes the double accounting issue where
blk_mq_make_request() may call both rq_qos_cleanup() and
rq_qos_done_bio() on REQ_NO_WAIT. So checking STS_AGAIN prevents the
double decrement.
The above works upstream as the only way we can get STS_AGAIN is from
blk_mq_get_request() failing. The STS_AGAIN handling isn't a real
problem as bio_endio() skipping only happens on reserved tag allocation
failures which can only be caused by driver bugs and already triggers
WARN.
However, the fix creates a not so great dependency on how STS_AGAIN can
be propagated. Internally, we (Facebook) carry a patch that kills read
ahead if a cgroup is io congested or a fatal signal is pending. This
combined with chained bios progagate their bi_status to the parent is
not already set can can cause the parent bio to not clean up properly
even though it was successful. This consequently leaks the inflight
counter and can hang all IOs under that blkg.
To nip the adverse interaction early, this removes the rq_qos_cleanup()
callback in iolatency in favor of cleaning up always on the
rq_qos_done_bio() path.
Fixes: a3fb01ba5af0 ("blk-iolatency: only account submitted bios")
Debugged-by: Tejun Heo <tj@kernel.org>
Debugged-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Dennis Zhou <dennis@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 391f552af213985d3d324c60004475759a7030c5 ]
This is to catch any unexpected negative value of inflight IO counter.
Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1ncKwACgkQONu9yGCS
aT6FPg//RiiJo8O+CUzkP4MFohy8JUuGC1MnnSfSFJn9bzAljWhYtSoJlZ9PbfHq
qx9oWuQNNVZRn9nWuRbTRfRlz6ztc7whsjhAth4eNCtXvu+xAvFLvFhlbVt6xiZ0
Wg3jXDtIY3Y8km01uJdzVk/juUqvTU8nioM4s1OWTFRfOfakLMK9CkxOKfZMFnxP
mVILTcOxZAf0Js2tRMRPvm8c6OhegkXZjWUhGMlvmFKk/pqUouVXH8pKbBoTj8zR
VoHB6pWs3YG3S15WgkNfKiR9WpeXywC7XN9ilziczaQ8HbsH6Y+5wM9Ncx+3FVxd
mzygLCtlckYWjiabS/w3tQHrH+LV8MaPYuW/2tlL9sBljlDW5RBW+g7vaBQjIpCK
gco/z0qmeEIYt8ktLL08i9FQBPp00Fra9x3jZKLz8Tp+W//EBm4ENMm2cxHtRKtd
3fG70ngJmycksCK/e8N466/1f/aAOxfBZkog3R/4yqNvOX8rkQGRJlhv0AzIdsy8
RlTDotDwwQFbMWROVs/Jea+9Wwp71jlPOXyMqX2EqUR/WfDWuIZEyzSdbqKPNgHL
Q9OoUB7kIKGusqQC6ABYKtDn7T046o6ePEB8r2aIvPmw5AiWMefSubHNV6mP3KJb
0NbQlUelMTvxuwm5NLMY2EWbWi+jvg4OgJvajwcDretTPeBGMZI=
=945Y
-----END PGP SIGNATURE-----
Merge 4.19.69 into android-4.19
Changes in 4.19.69
HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
MIPS: kernel: only use i8253 clocksource with periodic clockevent
mips: fix cacheinfo
netfilter: ebtables: fix a memory leak bug in compat
ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
selftests/bpf: fix sendmsg6_prog on s390
bonding: Force slave speed check after link state recovery for 802.3ad
net: mvpp2: Don't check for 3 consecutive Idle frames for 10G links
selftests: forwarding: gre_multipath: Enable IPv4 forwarding
selftests: forwarding: gre_multipath: Fix flower filters
can: dev: call netif_carrier_off() in register_candev()
can: mcp251x: add error check when wq alloc failed
can: gw: Fix error path of cgw_module_init
ASoC: Fail card instantiation if DAI format setup fails
st21nfca_connectivity_event_received: null check the allocation
st_nci_hci_connectivity_event_received: null check the allocation
ASoC: rockchip: Fix mono capture
ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
net: usb: qmi_wwan: Add the BroadMobi BM818 card
qed: RDMA - Fix the hw_ver returned in device attributes
isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain()
mac80211_hwsim: Fix possible null-pointer dereferences in hwsim_dump_radio_nl()
netfilter: ipset: Actually allow destination MAC address for hash:ip,mac sets too
netfilter: ipset: Copy the right MAC address in bitmap:ip,mac and hash:ip,mac sets
netfilter: ipset: Fix rename concurrency with listing
rxrpc: Fix potential deadlock
rxrpc: Fix the lack of notification when sendmsg() fails on a DATA packet
isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
net: phy: phy_led_triggers: Fix a possible null-pointer dereference in phy_led_trigger_change_speed()
perf bench numa: Fix cpu0 binding
can: sja1000: force the string buffer NULL-terminated
can: peak_usb: force the string buffer NULL-terminated
net/ethernet/qlogic/qed: force the string buffer NULL-terminated
NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts
HID: quirks: Set the INCREMENT_USAGE_ON_DUPLICATE quirk on Saitek X52
HID: input: fix a4tech horizontal wheel custom usage
drm/rockchip: Suspend DP late
SMB3: Fix potential memory leak when processing compound chain
SMB3: Kernel oops mounting a encryptData share with CONFIG_DEBUG_VIRTUAL
s390: put _stext and _etext into .text section
net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
net: stmmac: Fix issues when number of Queues >= 4
net: stmmac: tc: Do not return a fragment entry
net: hisilicon: make hip04_tx_reclaim non-reentrant
net: hisilicon: fix hip04-xmit never return TX_BUSY
net: hisilicon: Fix dma_map_single failed on arm64
libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
libata: add SG safety checks in SFF pio transfers
x86/lib/cpu: Address missing prototypes warning
drm/vmwgfx: fix memory leak when too many retries have occurred
block, bfq: handle NULL return value by bfq_init_rq()
perf ftrace: Fix failure to set cpumask when only one cpu is present
perf cpumap: Fix writing to illegal memory in handling cpumap mask
perf pmu-events: Fix missing "cpu_clk_unhalted.core" event
KVM: arm64: Don't write junk to sysregs on reset
KVM: arm: Don't write junk to CP15 registers on reset
selftests: kvm: Adding config fragments
HID: wacom: correct misreported EKR ring values
HID: wacom: Correct distance scale for 2nd-gen Intuos devices
Revert "dm bufio: fix deadlock with loop device"
clk: socfpga: stratix10: fix rate caclulationg for cnt_clks
ceph: clear page dirty before invalidate page
ceph: don't try fill file_lock on unsuccessful GETFILELOCK reply
libceph: fix PG split vs OSD (re)connect race
drm/nouveau: Don't retry infinitely when receiving no data on i2c over AUX
gpiolib: never report open-drain/source lines as 'input' to user-space
Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE
userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
x86/apic: Handle missing global clockevent gracefully
x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
x86/boot: Save fields explicitly, zero out everything else
x86/boot: Fix boot regression caused by bootparam sanitizing
dm kcopyd: always complete failed jobs
dm btree: fix order of block initialization in btree_split_beneath
dm integrity: fix a crash due to BUG_ON in __journal_read_write()
dm raid: add missing cleanup in raid_ctr()
dm space map metadata: fix missing store of apply_bops() return value
dm table: fix invalid memory accesses with too high sector number
dm zoned: improve error handling in reclaim
dm zoned: improve error handling in i/o map code
dm zoned: properly handle backing device failure
genirq: Properly pair kobject_del() with kobject_add()
mm, page_owner: handle THP splits correctly
mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely
mm/zsmalloc.c: fix race condition in zs_destroy_pool
xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
xfs: don't trip over uninitialized buffer on extent read of corrupted inode
xfs: Move fs/xfs/xfs_attr.h to fs/xfs/libxfs/xfs_attr.h
xfs: Add helper function xfs_attr_try_sf_addname
xfs: Add attibute set and helper functions
xfs: Add attibute remove and helper functions
xfs: always rejoin held resources during defer roll
dm zoned: fix potential NULL dereference in dmz_do_reclaim()
powerpc: Allow flush_(inval_)dcache_range to work across ranges >4GB
rxrpc: Fix local endpoint refcounting
rxrpc: Fix read-after-free in rxrpc_queue_local()
rxrpc: Fix local endpoint replacement
rxrpc: Fix local refcounting
Linux 4.19.69
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9824a29e0434a6a80e2f32fdb88c0ac1fe8e5af5
[ Upstream commit fd03177c33b287c6541f4048f1d67b7b45a1abc9 ]
As reported in [1], the call bfq_init_rq(rq) may return NULL in case
of OOM (in particular, if rq->elv.icq is NULL because memory
allocation failed in failed in ioc_create_icq()).
This commit handles this circumstance.
[1] https://lkml.org/lkml/2019/7/22/824
Cc: Hsin-Yi Wang <hsinyi@google.com>
Cc: Nicolas Boichat <drinkcat@chromium.org>
Cc: Doug Anderson <dianders@chromium.org>
Reported-by: Guenter Roeck <linux@roeck-us.net>
Reported-by: Hsin-Yi Wang <hsinyi@google.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1GibIACgkQONu9yGCS
aT7z2hAAmv8AsH9IG43m7t6zLroJVswr/9594xk7yPBQgcY3/PW2aTFBCFbsdOL4
yXcj2PSwRiq9K6qAJULrvOvncR9fIILHqzWzyXnoaZ30lR/FxaaFmuHZX/5Ix1tB
e5EEE/EA49UAEjEDaMLq8g2IvibsReDxmSpnXyBJWoyRAdFIElVnMJ2+zvP/wRhF
NKzQj/bj/qecCbis2lUCaVWJFZ6+P/52UbD8lvIwqR3nk2TKsGDcLU6eY3yg4KrB
rEHl5T8KIPrkX3KNIEB8EcFREene+rdpZLLVe4fYwf+gOqfiFXSzZZvweauMkplq
ehlVHkykvQvlsVM2tjBD379z3C4aasZDuMVNMCbAy2FlruLeBQ7gEn77mCJB9VH5
/n/mlc2yizdoowtARCLWOUMfASpdSbqu2SQ7A/3kwG7l6GrpzKSIU2nQgm+41sUZ
QJVtZ3IYsPoYjnU4B3JZzgJnf3M9jcRz/3JegviqhSEbF1gaScJX0cqN8C1idN/v
ZAGCJK9S20/EEEsp5jn+bq2grUehvmD4TVDfot4P+5yRYyBIhMFpbM2RpjydOpwy
+x8D1Q34LYPFgZfQ0vF62vcSBhMBiJ/7j41rUeo44K+Lg00F3yCOyL6FxK6S8h6j
wsD0xLbllMrhV5KRYFizb3QbCHoHYiROIJk76uLvB+Tqq2Jg9VQ=
=qIi2
-----END PGP SIGNATURE-----
Merge 4.19.64 into android-4.19
Changes in 4.19.64
hv_sock: Add support for delayed close
vsock: correct removal of socket from the list
NFS: Fix dentry revalidation on NFSv4 lookup
NFS: Refactor nfs_lookup_revalidate()
NFSv4: Fix lookup revalidate of regular files
usb: dwc2: Disable all EP's on disconnect
usb: dwc2: Fix disable all EP's on disconnect
arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ
binder: fix possible UAF when freeing buffer
ISDN: hfcsusb: checking idx of ep configuration
media: au0828: fix null dereference in error path
ath10k: Change the warning message string
media: cpia2_usb: first wake up, then free in disconnect
media: pvrusb2: use a different format for warnings
NFS: Cleanup if nfs_match_client is interrupted
media: radio-raremono: change devm_k*alloc to k*alloc
iommu/vt-d: Don't queue_iova() if there is no flush queue
iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA
Bluetooth: hci_uart: check for missing tty operations
vhost: introduce vhost_exceeds_weight()
vhost_net: fix possible infinite loop
vhost: vsock: add weight support
vhost: scsi: add weight support
sched/fair: Don't free p->numa_faults with concurrent readers
sched/fair: Use RCU accessors consistently for ->numa_group
/proc/<pid>/cmdline: remove all the special cases
/proc/<pid>/cmdline: add back the setproctitle() special case
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
Fix allyesconfig output.
ceph: hold i_ceph_lock when removing caps for freeing inode
block, scsi: Change the preempt-only flag into a counter
scsi: core: Avoid that a kernel warning appears during system resume
ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL
Linux 4.19.64
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I3e9055b677bd8ad9d5070307fae0bc765d444e9d
commit cd84a62e0078dce09f4ed349bec84f86c9d54b30 upstream.
The RQF_PREEMPT flag is used for three purposes:
- In the SCSI core, for making sure that power management requests
are executed even if a device is in the "quiesced" state.
- For domain validation by SCSI drivers that use the parallel port.
- In the IDE driver, for IDE preempt requests.
Rename "preempt-only" into "pm-only" because the primary purpose of
this mode is power management. Since the power management core may
but does not have to resume a runtime suspended device before
performing system-wide suspend and since a later patch will set
"pm-only" mode as long as a block device is runtime suspended, make
it possible to set "pm-only" mode from more than one context. Since
with this change scsi_device_quiesce() is no longer idempotent, make
that function return early if it is called for a quiesced queue.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Cc: Jianchao Wang <jianchao.w.wang@oracle.com>
Cc: Johannes Thumshirn <jthumshirn@suse.de>
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1BJrAACgkQONu9yGCS
aT6MpRAAt2nuozm5Z/MshFAuGFzddAwPoYtkIPSy8BiPHYjf7x0+D5Ew4dz5OihS
ElfbA94hMOpvhhXlzBU3ZFJsWZIK78gzV6+LiHyb5R97Jdzj/zT4h40y0kxKw+pS
gghnZ6zx+pGSIXm/EsODW2gg98yTrmhBFpUhXpAGoC/71c1vxVlj3jHcuhd778YK
NRlj2tFWJGIBpmXrApo1Eg7qQRj4tzbOjthfgANWPq+EP68PgiOaxMDMMp7IUwju
KrXEFcXlk5aHvfaJ06FSBRBnn45XMyGXPYV/76HsaqkBNmg1r7o02dZKy/0S84Fn
YXoEFxHt6NFOJ52LiO95z7cQ0xeTSYygNCtYXJ70uyDMnrCPXCrKp7DRyka+vDPs
RCrcpB1QjcCb3xTL//SPkNWM3oZEW9CawpRFh9bmqbw/h7ZjaUEuwNIJnunISulu
2fvOjUmFWfUVIARiwKFVuIkXzgf3cSLYZTtiDFC5/yBpkGVNnXqyO7YtWZwnrMHq
L3DC3pOKuYXMa03KWGEzZoCZEXjtoRhRwCSgV7wbK5o90sZeRj/HC1zXEyDPPD/R
7A1rePTuwlAH3gHCJGhYkmYqULx62ZdvV6IC2N7xNxeTL1Y7OVNBT7ZUqexxY6WC
OG1vVxUKNJIvBLYmc6cmQATgR6XH5/B9H2p1YRBLuAQuqHk+jqo=
=ZQf3
-----END PGP SIGNATURE-----
Merge 4.19.63 into android-4.19
Changes in 4.19.63
hvsock: fix epollout hang from race condition
drm/panel: simple: Fix panel_simple_dsi_probe
iio: adc: stm32-dfsdm: manage the get_irq error case
iio: adc: stm32-dfsdm: missing error case during probe
staging: vt6656: use meaningful error code during buffer allocation
usb: core: hub: Disable hub-initiated U1/U2
tty: max310x: Fix invalid baudrate divisors calculator
pinctrl: rockchip: fix leaked of_node references
tty: serial: cpm_uart - fix init when SMC is relocated
drm/amd/display: Fill prescale_params->scale for RGB565
drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE
drm/amd/display: Disable ABM before destroy ABM struct
drm/amdkfd: Fix a potential memory leak
drm/amdkfd: Fix sdma queue map issue
drm/edid: Fix a missing-check bug in drm_load_edid_firmware()
PCI: Return error if cannot probe VF
drm/bridge: tc358767: read display_props in get_modes()
drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz
gpu: host1x: Increase maximum DMA segment size
drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry
drm/crc-debugfs: Also sprinkle irqrestore over early exits
memstick: Fix error cleanup path of memstick_init
tty/serial: digicolor: Fix digicolor-usart already registered warning
tty: serial: msm_serial: avoid system lockup condition
serial: 8250: Fix TX interrupt handling condition
drm/amd/display: Always allocate initial connector state state
drm/virtio: Add memory barriers for capset cache.
phy: renesas: rcar-gen2: Fix memory leak at error paths
drm/amd/display: fix compilation error
powerpc/pseries/mobility: prevent cpu hotplug during DT update
drm/rockchip: Properly adjust to a true clock in adjusted_mode
serial: imx: fix locking in set_termios()
tty: serial_core: Set port active bit in uart_port_activate
usb: gadget: Zero ffs_io_data
mmc: sdhci: sdhci-pci-o2micro: Check if controller supports 8-bit width
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
drm/msm: Depopulate platform on probe failure
serial: mctrl_gpio: Check if GPIO property exisits before requesting it
PCI: sysfs: Ignore lockdep for remove attribute
i2c: stm32f7: fix the get_irq error cases
kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS
genksyms: Teach parser about 128-bit built-in types
PCI: xilinx-nwl: Fix Multi MSI data programming
iio: iio-utils: Fix possible incorrect mask calculation
powerpc/cacheflush: fix variable set but not used
powerpc/xmon: Fix disabling tracing while in xmon
recordmcount: Fix spurious mcount entries on powerpc
mfd: madera: Add missing of table registration
mfd: core: Set fwnode for created devices
mfd: arizona: Fix undefined behavior
mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk
mm/swap: fix release_pages() when releasing devmap pages
um: Silence lockdep complaint about mmap_sem
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
RDMA/i40iw: Set queue pair state when being queried
serial: sh-sci: Terminate TX DMA during buffer flushing
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
IB/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE
powerpc/mm: Handle page table allocation failures
IB/ipoib: Add child to parent list only if device initialized
arm64: assembler: Switch ESB-instruction with a vanilla nop if !ARM64_HAS_RAS
PCI: mobiveil: Fix PCI base address in MEM/IO outbound windows
PCI: mobiveil: Fix the Class Code field
kallsyms: exclude kasan local symbols on s390
PCI: mobiveil: Initialize Primary/Secondary/Subordinate bus numbers
PCI: mobiveil: Use the 1st inbound window for MEM inbound transactions
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
perf stat: Fix use-after-freed pointer detected by the smatch tool
perf top: Fix potential NULL pointer dereference detected by the smatch tool
perf session: Fix potential NULL pointer dereference found by the smatch tool
perf annotate: Fix dereferencing freed memory found by the smatch tool
perf hists browser: Fix potential NULL pointer dereference found by the smatch tool
RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM
PCI: dwc: pci-dra7xx: Fix compilation when !CONFIG_GPIOLIB
powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h
block: init flush rq ref count to 1
f2fs: avoid out-of-range memory access
mailbox: handle failed named mailbox channel request
dlm: check if workqueues are NULL before flushing/destroying
powerpc/eeh: Handle hugepages in ioremap space
block/bio-integrity: fix a memory leak bug
sh: prevent warnings when using iounmap
mm/kmemleak.c: fix check for softirq context
9p: pass the correct prototype to read_cache_page
mm/gup.c: mark undo_dev_pagemap as __maybe_unused
mm/gup.c: remove some BUG_ONs from get_gate_page()
memcg, fsnotify: no oom-kill for remote memcg charging
mm/mmu_notifier: use hlist_add_head_rcu()
proc: use down_read_killable mmap_sem for /proc/pid/smaps_rollup
proc: use down_read_killable mmap_sem for /proc/pid/pagemap
proc: use down_read_killable mmap_sem for /proc/pid/clear_refs
proc: use down_read_killable mmap_sem for /proc/pid/map_files
cxgb4: reduce kernel stack usage in cudbg_collect_mem_region()
proc: use down_read_killable mmap_sem for /proc/pid/maps
locking/lockdep: Fix lock used or unused stats error
mm: use down_read_killable for locking mmap_sem in access_remote_vm
locking/lockdep: Hide unused 'class' variable
usb: wusbcore: fix unbalanced get/put cluster_id
usb: pci-quirks: Correct AMD PLL quirk detection
btrfs: inode: Don't compress if NODATASUM or NODATACOW set
x86/sysfb_efi: Add quirks for some devices with swapped width and height
x86/speculation/mds: Apply more accurate check on hypervisor platform
binder: prevent transactions to context manager from its own process.
fpga-manager: altera-ps-spi: Fix build error
mei: me: add mule creek canyon (EHL) device ids
hpet: Fix division by zero in hpet_time_div()
ALSA: ac97: Fix double free of ac97_codec_device
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
ALSA: hda - Add a conexant codec entry to let mute led work
powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask()
powerpc/tm: Fix oops on sigreturn on systems without TM
libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl()
access: avoid the RCU grace period for the temporary subjective credentials
Linux 4.19.63
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic31529aa6fd283d16d6bfb182187a9402a4db44f
[ Upstream commit e7bf90e5afe3aa1d1282c1635a49e17a32c4ecec ]
In bio_integrity_prep(), a kernel buffer is allocated through kmalloc() to
hold integrity metadata. Later on, the buffer will be attached to the bio
structure through bio_integrity_add_page(), which returns the number of
bytes of integrity metadata attached. Due to unexpected situations,
bio_integrity_add_page() may return 0. As a result, bio_integrity_prep()
needs to be terminated with 'false' returned to indicate this error.
However, the allocated kernel buffer is not freed on this execution path,
leading to a memory leak.
To fix this issue, free the allocated buffer before returning from
bio_integrity_prep().
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit b554db147feea39617b533ab6bca247c91c6198a ]
We discovered a problem in newer kernels where a disconnect of a NBD
device while the flush request was pending would result in a hang. This
is because the blk mq timeout handler does
if (!refcount_inc_not_zero(&rq->ref))
return true;
to determine if it's ok to run the timeout handler for the request.
Flush_rq's don't have a ref count set, so we'd skip running the timeout
handler for this request and it would just sit there in limbo forever.
Fix this by always setting the refcount of any request going through
blk_init_rq() to 1. I tested this with a nbd-server that dropped flush
requests to verify that it hung, and then tested with this patch to
verify I got the timeout as expected and the error handling kicked in.
Thanks,
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl06qFcACgkQONu9yGCS
aT6O9A/+JZqoVYnItpOnT8Hu//0mYEKvREWqsoTJNpZJhLWtGjPTT9ospHNpVgfC
GUkFqngWzXHpzCgTYHUV3Mm+SIiVXCM3nkCU1+2YOsPzrKo/lJSfFt3wOYGpKO5V
qratAQLra5TqR0teR00aQblqKqfmrux05uL9dNcVIwve813m00jFALcpjrXnanpP
tx5cqCo3uHOou5XLraHx/CMPnfJI/mLegBUTM4DxAmN2vG4gQck2gnrU7s1eg4cy
1Fqh0Oo2Ycj5p9yoGss02JqR3wGZHOEmF55j2JcTZAPvW6/c55iPd52Trn8kPOHB
Awq/VwJmP4p10a4TWoZpv7VqpL3PzO8/AW7QWOER8QnDzfOTHGae7YT8LVp5Xqj5
1NqowuP/Tm0yaZSaDLqkdvhVqTi0oGL8OCYLErpeR9PQ3P+p3paaswopsPqnXURj
Q4Pahe1vm9WG2NpKh2bHVmmVkQmvwuxxxnaa31HI/IyLd5bYFV1/LbEa/XrSK36W
VJtO+0AjERO9uTVP/YDloDkQ4R3+3W+m520jYsgf1OwY7v/Kc6iLb7cDwci/ZWMy
YSMm8hrO0nzuT0SI25TKLDvxjGbANKvxytzOQMOTb8NsIWwaoEKWh+4r9XkdUXNa
+dx72I5J2Be+3hk+eaDNzCdEae5pgVTxBpwJbzI4RfnK1Doa4uE=
=hJdd
-----END PGP SIGNATURE-----
Merge 4.19.61 into android-4.19
Changes in 4.19.61
MIPS: ath79: fix ar933x uart parity mode
MIPS: fix build on non-linux hosts
arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
scsi: iscsi: set auth_protocol back to NULL if CHAP_A value is not supported
dmaengine: imx-sdma: fix use-after-free on probe error path
wil6210: fix potential out-of-bounds read
ath10k: Do not send probe response template for mesh
ath9k: Check for errors when reading SREV register
ath6kl: add some bounds checking
ath10k: add peer id check in ath10k_peer_find_by_id
wil6210: fix spurious interrupts in 3-msi
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
regmap: debugfs: Fix memory leak in regmap_debugfs_init
batman-adv: fix for leaked TVLV handler.
media: dvb: usb: fix use after free in dvb_usb_device_exit
media: spi: IR LED: add missing of table registration
crypto: talitos - fix skcipher failure due to wrong output IV
media: ov7740: avoid invalid framesize setting
media: marvell-ccic: fix DMA s/g desc number calculation
media: vpss: fix a potential NULL pointer dereference
media: media_device_enum_links32: clean a reserved field
net: stmmac: dwmac1000: Clear unused address entries
net: stmmac: dwmac4/5: Clear unused address entries
qed: Set the doorbell address correctly
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
af_key: fix leaks in key_pol_get_resp and dump_sp.
xfrm: Fix xfrm sel prefix length validation
fscrypt: clean up some BUG_ON()s in block encryption/decryption
perf annotate TUI browser: Do not use member from variable within its own initialization
media: mc-device.c: don't memset __user pointer contents
media: saa7164: fix remove_proc_entry warning
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
net: phy: Check against net_device being NULL
crypto: talitos - properly handle split ICV.
crypto: talitos - Align SEC1 accesses to 32 bits boundaries.
tua6100: Avoid build warnings.
batman-adv: Fix duplicated OGMs on NETDEV_UP
locking/lockdep: Fix merging of hlocks with non-zero references
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
net: hns3: set ops to null when unregister ad_dev
cpupower : frequency-set -r option misses the last cpu in related cpu list
arm64: mm: make CONFIG_ZONE_DMA32 configurable
perf jvmti: Address gcc string overflow warning for strncpy()
net: stmmac: dwmac4: fix flow control issue
net: stmmac: modify default value of tx-frames
crypto: inside-secure - do not rely on the hardware last bit for result descriptors
net: fec: Do not use netdev messages too early
net: axienet: Fix race condition causing TX hang
s390/qdio: handle PENDING state for QEBSM devices
RAS/CEC: Fix pfn insertion
net: sfp: add mutex to prevent concurrent state checks
ipset: Fix memory accounting for hash types on resize
perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
perf test 6: Fix missing kvm module load for s390
perf report: Fix OOM error in TUI mode on s390
irqchip/meson-gpio: Add support for Meson-G12A SoC
media: uvcvideo: Fix access to uninitialized fields on probe error
media: fdp1: Support M3N and E3 platforms
iommu: Fix a leak in iommu_insert_resv_region
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
gpio: omap: ensure irq is enabled before wakeup
regmap: fix bulk writes on paged registers
bpf: silence warning messages in core
media: s5p-mfc: fix reading min scratch buffer size on MFC v6/v7
selinux: fix empty write to keycreate file
x86/cpu: Add Ice Lake NNPI to Intel family
ASoC: meson: axg-tdm: fix sample clock inversion
rcu: Force inlining of rcu_read_lock()
x86/cpufeatures: Add FDP_EXCPTN_ONLY and ZERO_FCS_FDS
qed: iWARP - Fix tc for MPA ll2 connection
net: hns3: fix for skb leak when doing selftest
block: null_blk: fix race condition for null_del_dev
blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration
xfrm: fix sa selector validation
sched/core: Add __sched tag for io_schedule()
sched/fair: Fix "runnable_avg_yN_inv" not used warnings
perf/x86/intel/uncore: Handle invalid event coding for free-running counter
x86/atomic: Fix smp_mb__{before,after}_atomic()
perf evsel: Make perf_evsel__name() accept a NULL argument
vhost_net: disable zerocopy by default
ipoib: correcly show a VF hardware address
x86/cacheinfo: Fix a -Wtype-limits warning
blk-iolatency: only account submitted bios
ACPICA: Clear status of GPEs on first direct enable
EDAC/sysfs: Fix memory leak when creating a csrow object
nvme: fix possible io failures when removing multipathed ns
nvme-pci: properly report state change failure in nvme_reset_work
nvme-pci: set the errno on ctrl state change error
lightnvm: pblk: fix freeing of merged pages
arm64: Do not enable IRQs for ct_user_exit
ipsec: select crypto ciphers for xfrm_algo
ipvs: defer hook registration to avoid leaks
media: s5p-mfc: Make additional clocks optional
media: i2c: fix warning same module names
ntp: Limit TAI-UTC offset
timer_list: Guard procfs specific code
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
media: coda: fix mpeg2 sequence number handling
media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP
media: coda: increment sequence offset for the last returned frame
media: vimc: cap: check v4l2_fill_pixfmt return value
media: hdpvr: fix locking and a missing msleep
net: stmmac: sun8i: force select external PHY when no internal one
rtlwifi: rtl8192cu: fix error handle when usb probe failed
mt7601u: do not schedule rx_tasklet when the device has been disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: fix possible memory leak when the device is disconnected
ipvs: fix tinfo memory leak in start_sync_thread
ath10k: add missing error handling
ath10k: fix PCIE device wake up failed
perf tools: Increase MAX_NR_CPUS and MAX_CACHES
ASoC: Intel: hdac_hdmi: Set ops to NULL on remove
libata: don't request sense data on !ZAC ATA devices
clocksource/drivers/exynos_mct: Increase priority over ARM arch timer
xsk: Properly terminate assignment in xskq_produce_flush_desc
rslib: Fix decoding of shortened codes
rslib: Fix handling of of caller provided syndrome
ixgbe: Check DDM existence in transceiver before access
crypto: serpent - mark __serpent_setkey_sbox noinline
crypto: asymmetric_keys - select CRYPTO_HASH where needed
wil6210: drop old event after wmi_call timeout
EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
bcache: check CACHE_SET_IO_DISABLE in allocator code
bcache: check CACHE_SET_IO_DISABLE bit in bch_journal()
bcache: acquire bch_register_lock later in cached_dev_free()
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
bcache: fix potential deadlock in cached_def_free()
net: hns3: fix a -Wformat-nonliteral compile warning
net: hns3: add some error checking in hclge_tm module
ath10k: destroy sdio workqueue while remove sdio module
net: mvpp2: prs: Don't override the sign bit in SRAM parser shift
igb: clear out skb->tstamp after reading the txtime
iwlwifi: mvm: Drop large non sta frames
bpf: fix uapi bpf_prog_info fields alignment
perf stat: Make metric event lookup more robust
perf stat: Fix group lookup for metric group
bnx2x: Prevent ptp_task to be rescheduled indefinitely
net: usb: asix: init MAC address buffers
rxrpc: Fix oops in tracepoint
bpf, libbpf, smatch: Fix potential NULL pointer dereference
selftests: bpf: fix inlines in test_lwt_seg6local
bonding: validate ip header before check IPPROTO_IGMP
gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
tools: bpftool: Fix json dump crash on powerpc
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
Bluetooth: Add new 13d3:3491 QCA_ROME device
Bluetooth: Add new 13d3:3501 QCA_ROME device
Bluetooth: 6lowpan: search for destination address in all peers
perf tests: Fix record+probe_libc_inet_pton.sh for powerpc64
Bluetooth: Check state in l2cap_disconnect_rsp
gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable()
Bluetooth: validate BLE connection interval updates
gtp: fix suspicious RCU usage
gtp: fix Illegal context switch in RCU read-side critical section.
gtp: fix use-after-free in gtp_encap_destroy()
gtp: fix use-after-free in gtp_newlink()
net: mvmdio: defer probe of orion-mdio if a clock is not ready
iavf: fix dereference of null rx_buffer pointer
floppy: fix div-by-zero in setup_format_params
floppy: fix out-of-bounds read in next_valid_format
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in copy_buffer
xen: let alloc_xenballooned_pages() fail if not enough memory free
scsi: NCR5380: Reduce goto statements in NCR5380_select()
scsi: NCR5380: Always re-enable reselection interrupt
Revert "scsi: ncr5380: Increase register polling limit"
scsi: core: Fix race on creating sense cache
scsi: megaraid_sas: Fix calculation of target ID
scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
scsi: mac_scsi: Fix pseudo DMA implementation, take 2
crypto: ghash - fix unaligned memory access in ghash_setkey()
crypto: ccp - Validate the the error value used to index error messages
crypto: arm64/sha1-ce - correct digest for empty data in finup
crypto: arm64/sha2-ce - correct digest for empty data in finup
crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
crypto: crypto4xx - fix AES CTR blocksize value
crypto: crypto4xx - fix blocksize for cfb and ofb
crypto: crypto4xx - block ciphers should only accept complete blocks
crypto: ccp - memset structure fields to zero before reuse
crypto: ccp/gcm - use const time tag comparison.
crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()"
bcache: Revert "bcache: fix high CPU occupancy during journal"
bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free"
bcache: ignore read-ahead request failure on backing device
bcache: fix mistaken sysfs entry for io_error counter
bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread
Input: gtco - bounds check collection indent level
Input: alps - don't handle ALPS cs19 trackpoint-only device
Input: synaptics - whitelist Lenovo T580 SMBus intertouch
Input: alps - fix a mismatch between a condition check and its comment
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
arm64: tegra: Update Jetson TX1 GPU regulator timings
iwlwifi: pcie: don't service an interrupt that was masked
iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X
iwlwifi: don't WARN when calling iwl_get_shared_mem_conf with RF-Kill
iwlwifi: fix RF-Kill interrupt while FW load for gen2 devices
NFSv4: Handle the special Linux file open access mode
pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error
pNFS: Fix a typo in pnfs_update_layout
pnfs: Fix a problem where we gratuitously start doing I/O through the MDS
lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
ASoC: dapm: Adapt for debugfs API change
raid5-cache: Need to do start() part job after adding journal device
ALSA: seq: Break too long mutex context in the write loop
ALSA: hda/realtek - Fixed Headphone Mic can't record on Dell platform
ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine
media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
media: coda: Remove unbalanced and unneeded mutex unlock
media: videobuf2-core: Prevent size alignment wrapping buffer size to 0
media: videobuf2-dma-sg: Prevent size from overflowing
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
arm64: tegra: Fix AGIC register range
fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.
kconfig: fix missing choice values in auto.conf
drm/nouveau/i2c: Enable i2c pads & busses during preinit
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
dm zoned: fix zone state management race
xen/events: fix binding user event channels to cpus
9p/xen: Add cleanup path in p9_trans_xen_init
9p/virtio: Add cleanup path in p9_virtio_init
x86/boot: Fix memory leak in default_get_smp_config()
perf/x86/intel: Fix spurious NMI on fixed counter
perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs
perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs
drm/edid: parse CEA blocks embedded in DisplayID
intel_th: pci: Add Ice Lake NNPI support
PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
PCI: Do not poll for PME if the device is in D3cold
PCI: qcom: Ensure that PERST is asserted for at least 100 ms
Btrfs: fix data loss after inode eviction, renaming it, and fsync it
Btrfs: fix fsync not persisting dentry deletions due to inode evictions
Btrfs: add missing inode version, ctime and mtime updates when punching hole
IB/mlx5: Report correctly tag matching rendezvous capability
HID: wacom: generic: only switch the mode on devices with LEDs
HID: wacom: generic: Correct pad syncing
HID: wacom: correct touch resolution x/y typo
libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
coda: pass the host file in vma->vm_file on mmap
include/asm-generic/bug.h: fix "cut here" for WARN_ON for __WARN_TAINT architectures
xfs: fix pagecache truncation prior to reflink
xfs: flush removing page cache in xfs_reflink_remap_prep
xfs: don't overflow xattr listent buffer
xfs: rename m_inotbt_nores to m_finobt_nores
xfs: don't ever put nlink > 0 inodes on the unlinked list
xfs: reserve blocks for ifree transaction during log recovery
xfs: fix reporting supported extra file attributes for statx()
xfs: serialize unaligned dio writes against all other dio writes
xfs: abort unaligned nowait directio early
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
crypto: caam - limit output IV to CBC to work around CTR mode DMA issue
parisc: Ensure userspace privilege for ptraced processes in regset functions
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
powerpc/watchpoint: Restore NV GPRs while returning from exception
powerpc/powernv/npu: Fix reference leak
powerpc/pseries: Fix oops in hotplug memory notifier
mmc: sdhci-msm: fix mutex while in spinlock
eCryptfs: fix a couple type promotion bugs
mtd: rawnand: mtk: Correct low level time calculation of r/w cycle
mtd: spinand: read returns badly if the last page has bitflips
intel_th: msu: Fix single mode with disabled IOMMU
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
usb: Handle USB3 remote wakeup for LPM enabled devices correctly
blk-throttle: fix zero wait time for iops throttled group
blk-iolatency: clear use_delay when io.latency is set to zero
blkcg: update blkcg_print_stat() to handle larger outputs
net: mvmdio: allow up to four clocks to be specified for orion-mdio
dt-bindings: allow up to four clocks for orion-mdio
dm bufio: fix deadlock with loop device
Linux 4.19.61
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2f565111b1c16f369fa86e0481527fcc6357fe1b
commit f539da82f2158916e154d206054e0efd5df7ab61 upstream.
Depending on the number of devices, blkcg stats can go over the
default seqfile buf size. seqfile normally retries with a larger
buffer but since the ->pd_stat() addition, blkcg_print_stat() doesn't
tell seqfile that overflow has happened and the output gets printed
truncated. Fix it by calling seq_commit() w/ -1 on possible
overflows.
Signed-off-by: Tejun Heo <tj@kernel.org>
Fixes: 903d23f0a3 ("blk-cgroup: allow controllers to output their own stats")
Cc: stable@vger.kernel.org # v4.19+
Cc: Josef Bacik <jbacik@fb.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5de0073fcd50cc1f150895a7bb04d3cf8067b1d7 upstream.
If use_delay was non-zero when the latency target of a cgroup was set
to zero, it will stay stuck until io.latency is enabled on the cgroup
again. This keeps readahead disabled for the cgroup impacting
performance negatively.
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Josef Bacik <jbacik@fb.com>
Fixes: d706751215 ("block: introduce blk-iolatency io controller")
Cc: stable@vger.kernel.org # v4.19+
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3a10f999ffd464d01c5a05592a15470a3c4bbc36 upstream.
After commit 991f61fe7e ("Blk-throttle: reduce tail io latency when
iops limit is enforced") wait time could be zero even if group is
throttled and cannot issue requests right now. As a result
throtl_select_dispatch() turns into busy-loop under irq-safe queue
spinlock.
Fix is simple: always round up target time to the next throttle slice.
Fixes: 991f61fe7e ("Blk-throttle: reduce tail io latency when iops limit is enforced")
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Cc: stable@vger.kernel.org # v4.19+
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit a3fb01ba5af066521f3f3421839e501bb2c71805 ]
As is, iolatency recognizes done_bio and cleanup as ending paths. If a
request is marked REQ_NOWAIT and fails to get a request, the bio is
cleaned up via rq_qos_cleanup() and ended in bio_wouldblock_error().
This results in underflowing the inflight counter. Fix this by only
accounting bios that were actually submitted.
Signed-off-by: Dennis Zhou <dennis@kernel.org>
Cc: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl0qx4sACgkQONu9yGCS
aT7Wzw/+Ixgza5VeJICnFgLZ80bYEQP5fDDcTD8psGi8fg/yKpUcHM0tv2Fi/ScQ
dKNKN1zrWtn8e5bC8HE7V5rVFH3iT9gJXL4tebmFg9IOaBoce9wSaDMaptnv4OEw
Ikb8apdrO2cHRWFhyIj9f35d3WE2OWUA4QYhrL17rptyP+k0eBBdyo572qfnheuf
4Yp4X6u8pnSR3fl4sgxzcfNLPXfrF8BMAKEx8/I1YyhUORpeJ/QxZkyFKNLMbUHm
OWIHcw0O4Sfqtx9zWzwmpLk/aF8b98rCieJUDxYakVYD/iLsrdkkCx3IHlvMWdZF
UtNVQbA26KIIFpXYe5gD1My+56grJaSCxAsO6M+c4PRCZ2BP+e6t+k3eASueadqs
Ihq2qZyq1cMBQCeT1Sc3zQZgzwTE7lgzqQLVHiMmMukWv1Sx2xyio3GvN0i51gqz
PCIxslzNhQnpmswCnDXgwaSp7W3YlT6+/zpQnzK1spZsfp8Ab/PkB41WyiPCWBtJ
/Zx+lkdUd8HU8ZoKBoNMPWErX//MKa3NhKvakliPklVkSUfF12+4aB+Iil9H8vag
ie4qmJrGvwg0t5PvRqRqy35fij/kcnJnFJJLlywkzRdTXlFUqqV+09N6hhS0BRgf
YJibc8VptLWXgYRQoQD1J/xF87bcmB7HBnC4jBpdDzCkbTEHoI8=
=zCPG
-----END PGP SIGNATURE-----
Merge 4.19.59 into android-4.19
Changes in 4.19.59
crypto: talitos - rename alternative AEAD algos.
soc: brcmstb: Fix error path for unsupported CPUs
soc: bcm: brcmstb: biuctrl: Register writes require a barrier
Input: elantech - enable middle button support on 2 ThinkPads
samples, bpf: fix to change the buffer size for read()
samples, bpf: suppress compiler warning
mac80211: fix rate reporting inside cfg80211_calculate_bitrate_he()
bpf: sockmap, fix use after free from sleep in psock backlog workqueue
soundwire: stream: fix out of boundary access on port properties
staging:iio:ad7150: fix threshold mode config bit
mac80211: mesh: fix RCU warning
mac80211: free peer keys before vif down in mesh
mwifiex: Fix possible buffer overflows at parsing bss descriptor
iwlwifi: Fix double-free problems in iwl_req_fw_callback()
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
soundwire: intel: set dai min and max channels correctly
dt-bindings: can: mcp251x: add mcp25625 support
can: mcp251x: add support for mcp25625
can: m_can: implement errata "Needless activation of MRAF irq"
can: af_can: Fix error path of can_init()
net: phy: rename Asix Electronics PHY driver
ibmvnic: Do not close unopened driver during reset
ibmvnic: Refresh device multicast list after reset
ibmvnic: Fix unchecked return codes of memory allocations
ARM: dts: am335x phytec boards: Fix cd-gpios active level
s390/boot: disable address-of-packed-member warning
drm/vmwgfx: Honor the sg list segment size limitation
drm/vmwgfx: fix a warning due to missing dma_parms
riscv: Fix udelay in RV32.
Input: imx_keypad - make sure keyboard can always wake up system
KVM: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy
mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed
ARM: davinci: da850-evm: call regulator_has_full_constraints()
ARM: davinci: da8xx: specify dma_coherent_mask for lcdc
mac80211: only warn once on chanctx_conf being NULL
mac80211: do not start any work during reconfigure flow
bpf, devmap: Fix premature entry free on destroying map
bpf, devmap: Add missing bulk queue free
bpf, devmap: Add missing RCU read lock on flush
bpf, x64: fix stack layout of JITed bpf code
qmi_wwan: add support for QMAP padding in the RX path
qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode
qmi_wwan: extend permitted QMAP mux_id value range
mmc: core: complete HS400 before checking status
md: fix for divide error in status_resync
bnx2x: Check if transceiver implements DDM before access
drm: return -EFAULT if copy_to_user() fails
ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL
net: lio_core: fix potential sign-extension overflow on large shift
scsi: qedi: Check targetname while finding boot target information
quota: fix a problem about transfer quota
net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge()
NFS4: Only set creation opendata if O_CREAT
net :sunrpc :clnt :Fix xps refcount imbalance on the error path
fscrypt: don't set policy for a dead directory
udf: Fix incorrect final NOT_ALLOCATED (hole) extent length
media: stv0297: fix frequency range limit
ALSA: usb-audio: Fix parse of UAC2 Extension Units
ALSA: hda/realtek - Headphone Mic can't record after S3
block, bfq: NULL out the bic when it's no longer valid
perf pmu: Fix uncore PMU alias list for ARM64
x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()
x86/tls: Fix possible spectre-v1 in do_get_thread_area()
Documentation: Add section about CPU vulnerabilities for Spectre
Documentation/admin: Remove the vsyscall=native documentation
mwifiex: Abort at too short BSS descriptor element
mwifiex: Don't abort on small, spec-compliant vendor IEs
USB: serial: ftdi_sio: add ID for isodebug v1
USB: serial: option: add support for GosunCn ME3630 RNDIS mode
Revert "serial: 8250: Don't service RX FIFO if interrupts are disabled"
p54usb: Fix race between disconnect and firmware loading
usb: gadget: ether: Fix race between gether_disconnect and rx_submit
usb: dwc2: use a longer AHB idle timeout in dwc2_core_reset()
usb: renesas_usbhs: add a workaround for a race condition of workqueue
drivers/usb/typec/tps6598x.c: fix portinfo width
drivers/usb/typec/tps6598x.c: fix 4CC cmd write
staging: comedi: dt282x: fix a null pointer deref on interrupt
staging: comedi: amplc_pci230: fix null pointer deref on interrupt
HID: Add another Primax PIXART OEM mouse quirk
lkdtm: support llvm-objcopy
binder: fix memory leak in error path
carl9170: fix misuse of device driver API
VMCI: Fix integer overflow in VMCI handle arrays
MIPS: Remove superfluous check for __linux__
staging: fsl-dpaa2/ethsw: fix memory leak of switchdev_work
staging: bcm2835-camera: Replace spinlock protecting context_map with mutex
staging: bcm2835-camera: Ensure all buffers are returned on disable
staging: bcm2835-camera: Remove check of the number of buffers supplied
staging: bcm2835-camera: Handle empty EOS buffers whilst streaming
staging: rtl8712: reduce stack usage, again
Linux 4.19.59
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I650890ad9d984de0fc729677bd29506cd21338be
commit dbc3117d4ca9e17819ac73501e914b8422686750 upstream.
In reboot tests on several devices we were seeing a "use after free"
when slub_debug or KASAN was enabled. The kernel complained about:
Unable to handle kernel paging request at virtual address 6b6b6c2b
...which is a classic sign of use after free under slub_debug. The
stack crawl in kgdb looked like:
0 test_bit (addr=<optimized out>, nr=<optimized out>)
1 bfq_bfqq_busy (bfqq=<optimized out>)
2 bfq_select_queue (bfqd=<optimized out>)
3 __bfq_dispatch_request (hctx=<optimized out>)
4 bfq_dispatch_request (hctx=<optimized out>)
5 0xc056ef00 in blk_mq_do_dispatch_sched (hctx=0xed249440)
6 0xc056f728 in blk_mq_sched_dispatch_requests (hctx=0xed249440)
7 0xc0568d24 in __blk_mq_run_hw_queue (hctx=0xed249440)
8 0xc0568d94 in blk_mq_run_work_fn (work=<optimized out>)
9 0xc024c5c4 in process_one_work (worker=0xec6d4640, work=0xed249480)
10 0xc024cff4 in worker_thread (__worker=0xec6d4640)
Digging in kgdb, it could be found that, though bfqq looked fine,
bfqq->bic had been freed.
Through further digging, I postulated that perhaps it is illegal to
access a "bic" (AKA an "icq") after bfq_exit_icq() had been called
because the "bic" can be freed at some point in time after this call
is made. I confirmed that there certainly were cases where the exact
crashing code path would access the "bic" after bfq_exit_icq() had
been called. Sspecifically I set the "bfqq->bic" to (void *)0x7 and
saw that the bic was 0x7 at the time of the crash.
To understand a bit more about why this crash was fairly uncommon (I
saw it only once in a few hundred reboots), you can see that much of
the time bfq_exit_icq_fbqq() fully frees the bfqq and thus it can't
access the ->bic anymore. The only case it doesn't is if
bfq_put_queue() sees a reference still held.
However, even in the case when bfqq isn't freed, the crash is still
rare. Why? I tracked what happened to the "bic" after the exit
routine. It doesn't get freed right away. Rather,
put_io_context_active() eventually called put_io_context() which
queued up freeing on a workqueue. The freeing then actually happened
later than that through call_rcu(). Despite all these delays, some
extra debugging showed that all the hoops could be jumped through in
time and the memory could be freed causing the original crash. Phew!
To make a long story short, assuming it truly is illegal to access an
icq after the "exit_icq" callback is finished, this patch is needed.
Cc: stable@vger.kernel.org
Reviewed-by: Paolo Valente <paolo.valente@unimore.it>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl0lmYwACgkQONu9yGCS
aT4h5w//ZG0BYEwxoa4Qc8rwvncnk78miK/VRH5JVTiToDqTuttHZQoMp+NLD2fQ
V679f/2+VqEPn8o6yJsrbM8uea0iIratI8U6L2OEt6TKPbar3CPcRUPJeqlPWkej
tf3qjAtvNNjLcl7xCYt9JNvpF4RwA8rLWWP5hZyYMi7xcMiB0FOriTlVJYHJ0PLK
Iqg+edkBxKwx7mvFlZnJkT0ln5hCqT4QBq2XrOYGUfy2Ans5Ytg5dhhp41QDD6iu
oE4mS+fybCzNOR3BWl7pfpeJRg8TKq4XNzYsQr9ftt2e3OZxOi3Jg+RLsgzjJB9P
1aTsuSzSeMXVGrAwRpBAot7TC+8F88sci0gibh4pg5N0ujGdvRW4gyzYHtdKhsTc
wmjYMKbAxJWwz0vkRp1aSnUMSRur4Wo3qCWaOWpjkP4xhSBTTER5e5cqeuVSWde5
FaD8s0yjnQsUaH3oxZ7zDL//MR0N+C4Izs9c2A8HkdksWTdTvI7YX8c766iIZgrm
JFV0FIZYIHAyuXT04W9n3VSvV4tLS+ouwYZpgG09oK0lBA8NT6RyZWzijY3VE0ed
Kl+t6iu02qZgZrvnq4pHUVnLQtw7KfyL3mzeljVxEeaTbGODPOJfypY1OMfhWYw+
dIlmsmfa2aANf5wttl8CjLkAIIG3JmuWO2exMQidvXlGCE+rKVM=
=u7q2
-----END PGP SIGNATURE-----
Merge 4.19.58 into android-4.19
Changes in 4.19.58
Bluetooth: Fix faulty expression for minimum encryption key size check
block: Fix a NULL pointer dereference in generic_make_request()
md/raid0: Do not bypass blocking queue entered for raid0 bios
netfilter: nf_flow_table: ignore DF bit setting
netfilter: nft_flow_offload: set liberal tracking mode for tcp
netfilter: nft_flow_offload: don't offload when sequence numbers need adjustment
netfilter: nft_flow_offload: IPCB is only valid for ipv4 family
ASoC : cs4265 : readable register too low
ASoC: ak4458: add return value for ak4458_probe
ASoC: soc-pcm: BE dai needs prepare when pause release after resume
ASoC: ak4458: rstn_control - return a non-zero on error only
spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
drm/mediatek: fix unbind functions
drm/mediatek: unbind components in mtk_drm_unbind()
drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver
drm/mediatek: clear num_pipes when unbind driver
drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable()
ASoC: max98090: remove 24-bit format support if RJ is 0
ASoC: sun4i-i2s: Fix sun8i tx channel offset mask
ASoC: sun4i-i2s: Add offset to RX channel select
x86/CPU: Add more Icelake model numbers
usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
ALSA: hdac: fix memory release for SST and SOF drivers
SoC: rt274: Fix internal jack assignment in set_jack callback
scsi: hpsa: correct ioaccel2 chaining
drm: panel-orientation-quirks: Add quirk for GPD pocket2
drm: panel-orientation-quirks: Add quirk for GPD MicroPC
platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi
platform/x86: intel-vbtn: Report switch events when event wakes device
platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration
platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow
i2c: pca-platform: Fix GPIO lookup code
cpuset: restore sanity to cpuset_cpus_allowed_fallback()
scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE
mm/mlock.c: change count_mm_mlocked_page_nr return type
tracing: avoid build warning with HAVE_NOP_MCOUNT
module: Fix livepatch/ftrace module text permissions race
ftrace: Fix NULL pointer dereference in free_ftrace_func_mapper()
drm/i915/dmc: protect against reading random memory
ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
crypto: user - prevent operating on larval algorithms
crypto: cryptd - Fix skcipher instance memory leak
ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
ALSA: line6: Fix write on zero-sized buffer
ALSA: usb-audio: fix sign unintended sign extension on left shifts
ALSA: hda/realtek: Add quirks for several Clevo notebook barebones
ALSA: hda/realtek - Change front mic location for Lenovo M710q
lib/mpi: Fix karactx leak in mpi_powm
fs/userfaultfd.c: disable irqs for fault_pending and event locks
tracing/snapshot: Resize spare buffer if size changed
ARM: dts: armada-xp-98dx3236: Switch to armada-38x-uart serial node
arm64: kaslr: keep modules inside module region when KASAN is enabled
drm/amd/powerplay: use hardware fan control if no powerplay fan table
drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE
drm/etnaviv: add missing failure path to destroy suballoc
drm/imx: notify drm core before sending event during crtc disable
drm/imx: only send event on crtc disable if kept disabled
ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code()
mm/vmscan.c: prevent useless kswapd loops
btrfs: Ensure replaced device doesn't have pending chunk allocation
tty: rocket: fix incorrect forward declaration of 'rp_init()'
mlxsw: spectrum: Handle VLAN device unlinking
net/smc: move unhash before release of clcsock
media: s5p-mfc: fix incorrect bus assignment in virtual child device
drm/fb-helper: generic: Don't take module ref for fbcon
f2fs: don't access node/meta inode mapping after iput
mac80211: mesh: fix missing unlock on error in table_path_del()
scsi: tcmu: fix use after free
selftests: fib_rule_tests: Fix icmp proto with ipv6
x86/boot/compressed/64: Do not corrupt EDX on EFER.LME=1 setting
net: hns: Fixes the missing put_device in positive leg for roce reset
ALSA: hda: Initialize power_state field properly
rds: Fix warning.
ip6: fix skb leak in ip6frag_expire_frag_queue()
netfilter: ipv6: nf_defrag: fix leakage of unqueued fragments
sc16is7xx: move label 'err_spi' to correct section
net: hns: fix unsigned comparison to less than zero
bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K
netfilter: ipv6: nf_defrag: accept duplicate fragments again
KVM: x86: degrade WARN to pr_warn_ratelimited
KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC
nfsd: Fix overflow causing non-working mounts on 1 TB machines
svcrdma: Ignore source port when computing DRC hash
MIPS: Fix bounds check virt_addr_valid
MIPS: Add missing EHB in mtc0 -> mfc0 sequence.
MIPS: have "plain" make calls build dtbs for selected platforms
dmaengine: qcom: bam_dma: Fix completed descriptors count
dmaengine: imx-sdma: remove BD_INTR for channel0
Linux 4.19.58
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----------------------------------------------------------------
This patch is not on mainline and is meant to 4.19 stable *only*.
After the patch description there's a reasoning about that.
-----------------------------------------------------------------
Commit 37f9579f4c ("blk-mq: Avoid that submitting a bio concurrently
with device removal triggers a crash") introduced a NULL pointer
dereference in generic_make_request(). The patch sets q to NULL and
enter_succeeded to false; right after, there's an 'if (enter_succeeded)'
which is not taken, and then the 'else' will dereference q in
blk_queue_dying(q).
This patch just moves the 'q = NULL' to a point in which it won't trigger
the oops, although the semantics of this NULLification remains untouched.
A simple test case/reproducer is as follows:
a) Build kernel v4.19.56-stable with CONFIG_BLK_CGROUP=n.
b) Create a raid0 md array with 2 NVMe devices as members, and mount
it with an ext4 filesystem.
c) Run the following oneliner (supposing the raid0 is mounted in /mnt):
(dd of=/mnt/tmp if=/dev/zero bs=1M count=999 &); sleep 0.3;
echo 1 > /sys/block/nvme1n1/device/device/remove
(whereas nvme1n1 is the 2nd array member)
This will trigger the following oops:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000078
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
RIP: 0010:generic_make_request+0x32b/0x400
Call Trace:
submit_bio+0x73/0x140
ext4_io_submit+0x4d/0x60
ext4_writepages+0x626/0xe90
do_writepages+0x4b/0xe0
[...]
This patch has no functional changes and preserves the md/raid0 behavior
when a member is removed before kernel v4.17.
----------------------------
Why this is not on mainline?
----------------------------
The patch was originally submitted upstream in linux-raid and
linux-block mailing-lists - it was initially accepted by Song Liu,
but Christoph Hellwig[0] observed that there was a clean-up series
ready to be accepted from Ming Lei[1] that fixed the same issue.
The accepted patches from Ming's series in upstream are: commit
47cdee29ef9d ("block: move blk_exit_queue into __blk_release_queue") and
commit fe2008640ae3 ("block: don't protect generic_make_request_checks
with blk_queue_enter"). Those patches basically do a clean-up in the
block layer involving:
1) Putting back blk_exit_queue() logic into __blk_release_queue(); that
path was changed in the past and the logic from blk_exit_queue() was
added to blk_cleanup_queue().
2) Removing the guard/protection in generic_make_request_checks() with
blk_queue_enter().
The problem with Ming's series for -stable is that it relies in the
legacy request IO path removal. So it's "backport-able" to v5.0+,
but doing that for early versions (like 4.19) would incur in complex
code changes. Hence, it was suggested by Christoph and Song Liu that
this patch was submitted to stable only; otherwise merging it upstream
would add code to fix a path removed in a subsequent commit.
[0] lore.kernel.org/linux-block/20190521172258.GA32702@infradead.org
[1] lore.kernel.org/linux-block/20190515030310.20393-1-ming.lei@redhat.com
Cc: Christoph Hellwig <hch@lst.de>
Cc: Jens Axboe <axboe@kernel.dk>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Tested-by: Eric Ren <renzhengeek@gmail.com>
Fixes: 37f9579f4c ("blk-mq: Avoid that submitting a bio concurrently with device removal triggers a crash")
Signed-off-by: Guilherme G. Piccoli <gpiccoli@canonical.com>
Acked-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIyBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl0EwEMACgkQONu9yGCS
aT4UpA/3UqmMAaHH4g20cic8YDoBkYXoQUyj/kbf1w6bXqCuLTHOFS/qXa6QtPK3
WfwNWChIob+EbfAMjreQZjT6pwBbxyCNUvsvpB0k8YhJ3v/sIZL/Wc+1ZDu+jBC9
xfqwT9+JGzgu8P4PUTr1BsGMhgiH9qoJAeq7RCuDcicMIJ4/aJVr4Cvrs+18PVUe
95T5vSn6G62QyOrUExmuuztvNM2P/kos6yJTkN80l3uPLMUjsnWCsMKu+9utd5ea
ew332Z/BQs+ff4oljH1uRwsM/Z7+AKXlXatXD0sHQ8CTEqh44SgUSU96vB/h9W8I
6a0t4M2atsdaGjMHmiiPA+gIgd1rW0lsHk6ob6qgfzuRBFGN9BTUfZgQwhOW7uXt
e4o5RrWELkbk/TlJzrG1dFjhfyeb7q3LHOOg8kOVU0KdPD44ekJW9qoI8tlMPI+5
mafCCS/oS6TaW20ZKmjjkIbfTndzdO3dy5EWLy3elCEyLF2gDZ6WCAL+SMngdApC
/dbuBigF/+RBaEU1e56DkcYUYXjt6UO84O3dYAx69s6EhHS5CP4yCySuYpdxyg/G
MWdFDhtbnFyMXqoK1ROS0hNnxpydkh+R1Ns0TeSYibJI2J2enMGIa0thu4aVLD3v
+GLqHV2PsPTRQmF5ChnvNV7O53i4j4WBQQjL+80PQulJwRFb/A==
=bIqz
-----END PGP SIGNATURE-----
Merge 4.19.51 into android-4.19
Changes in 4.19.51
rapidio: fix a NULL pointer dereference when create_workqueue() fails
fs/fat/file.c: issue flush after the writeback of FAT
sysctl: return -EINVAL if val violates minmax
ipc: prevent lockup on alloc_msg and free_msg
drm/pl111: Initialize clock spinlock early
ARM: prevent tracing IPI_CPU_BACKTRACE
mm/hmm: select mmu notifier when selecting HMM
hugetlbfs: on restore reserve error path retain subpool reservation
mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE
mm/cma.c: fix crash on CMA allocation if bitmap allocation fails
initramfs: free initrd memory if opening /initrd.image fails
mm/cma.c: fix the bitmap status to show failed allocation reason
mm: page_mkclean vs MADV_DONTNEED race
mm/cma_debug.c: fix the break condition in cma_maxchunk_get()
mm/slab.c: fix an infinite loop in leaks_show()
kernel/sys.c: prctl: fix false positive in validate_prctl_map()
thermal: rcar_gen3_thermal: disable interrupt in .remove
drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER
mfd: tps65912-spi: Add missing of table registration
mfd: intel-lpss: Set the device in reset state when init
drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration
mfd: twl6040: Fix device init errors for ACCCTL register
perf/x86/intel: Allow PEBS multi-entry in watermark mode
drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change
drm/bridge: adv7511: Fix low refresh rate selection
objtool: Don't use ignore flag for fake jumps
drm/nouveau/kms/gv100-: fix spurious window immediate interlocks
bpf: fix undefined behavior in narrow load handling
EDAC/mpc85xx: Prevent building as a module
pwm: meson: Use the spin-lock only to protect register modifications
mailbox: stm32-ipcc: check invalid irq
ntp: Allow TAI-UTC offset to be set to zero
f2fs: fix to avoid panic in do_recover_data()
f2fs: fix to avoid panic in f2fs_inplace_write_data()
f2fs: fix to avoid panic in f2fs_remove_inode_page()
f2fs: fix to do sanity check on free nid
f2fs: fix to clear dirty inode in error path of f2fs_iget()
f2fs: fix to avoid panic in dec_valid_block_count()
f2fs: fix to use inline space only if inline_xattr is enable
f2fs: fix to do sanity check on valid block count of segment
f2fs: fix to do checksum even if inode page is uptodate
percpu: remove spurious lock dependency between percpu and sched
configfs: fix possible use-after-free in configfs_register_group
uml: fix a boot splat wrt use of cpu_all_mask
PCI: dwc: Free MSI in dw_pcie_host_init() error path
PCI: dwc: Free MSI IRQ page in dw_pcie_free_msi()
ovl: do not generate duplicate fsnotify events for "fake" path
mmc: mmci: Prevent polling for busy detection in IRQ context
netfilter: nf_flow_table: fix missing error check for rhashtable_insert_fast
netfilter: nf_conntrack_h323: restore boundary check correctness
mips: Make sure dt memory regions are valid
netfilter: nf_tables: fix base chain stat rcu_dereference usage
watchdog: imx2_wdt: Fix set_timeout for big timeout values
watchdog: fix compile time error of pretimeout governors
blk-mq: move cancel of requeue_work into blk_mq_release
iommu/vt-d: Set intel_iommu_gfx_mapped correctly
misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test
PCI: designware-ep: Use aligned ATU window for raising MSI interrupts
nvme-pci: unquiesce admin queue on shutdown
nvme-pci: shutdown on timeout during deletion
netfilter: nf_flow_table: check ttl value in flow offload data path
netfilter: nf_flow_table: fix netdev refcnt leak
ALSA: hda - Register irq handler after the chip initialization
nvmem: core: fix read buffer in place
nvmem: sunxi_sid: Support SID on A83T and H5
fuse: retrieve: cap requested size to negotiated max_write
nfsd: allow fh_want_write to be called twice
nfsd: avoid uninitialized variable warning
vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING"
iommu/arm-smmu-v3: Don't disable SMMU in kdump kernel
switchtec: Fix unintended mask of MRPC event
net: thunderbolt: Unregister ThunderboltIP protocol handler when suspending
x86/PCI: Fix PCI IRQ routing table memory leak
i40e: Queues are reserved despite "Invalid argument" error
platform/chrome: cros_ec_proto: check for NULL transfer function
PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64
soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288
soc: rockchip: Set the proper PWM for rk3288
ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA
ARM: dts: imx50: Specify IMX5_CLK_IPG as "ahb" clock to SDMA
ARM: dts: imx53: Specify IMX5_CLK_IPG as "ahb" clock to SDMA
ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA
ARM: dts: imx6sll: Specify IMX6SLL_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA
PCI: rpadlpar: Fix leaked device_node references in add/remove paths
drm/amd/display: Use plane->color_space for dpp if specified
ARM: OMAP2+: pm33xx-core: Do not Turn OFF CEFUSE as PPA may be using it
platform/x86: intel_pmc_ipc: adding error handling
power: supply: max14656: fix potential use-before-alloc
net: hns3: return 0 and print warning when hit duplicate MAC
PCI: rcar: Fix a potential NULL pointer dereference
PCI: rcar: Fix 64bit MSI message address handling
scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags
video: hgafb: fix potential NULL pointer dereference
video: imsttfb: fix potential NULL pointer dereferences
block, bfq: increase idling for weight-raised queues
PCI: xilinx: Check for __get_free_pages() failure
gpio: gpio-omap: add check for off wake capable gpios
ice: Add missing case in print_link_msg for printing flow control
dmaengine: idma64: Use actual device for DMA transfers
pwm: tiehrpwm: Update shadow register for disabling PWMs
ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa
pwm: Fix deadlock warning when removing PWM device
ARM: exynos: Fix undefined instruction during Exynos5422 resume
usb: typec: fusb302: Check vconn is off when we start toggling
soc: renesas: Identify R-Car M3-W ES1.3
gpio: vf610: Do not share irq_chip
percpu: do not search past bitmap when allocating an area
Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections"
Revert "drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)"
ovl: check the capability before cred overridden
ovl: support stacked SEEK_HOLE/SEEK_DATA
drm/vc4: fix fb references in async update
ALSA: seq: Cover unsubscribe_port() in list_mutex
Linux 4.19.51
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 778c02a236a8728bb992de10ed1f12c0be5b7b0e ]
If a sync bfq_queue has a higher weight than some other queue, and
remains temporarily empty while in service, then, to preserve the
bandwidth share of the queue, it is necessary to plug I/O dispatching
until a new request arrives for the queue. In addition, a timeout
needs to be set, to avoid waiting for ever if the process associated
with the queue has actually finished its I/O.
Even with the above timeout, the device is however not fed with new
I/O for a while, if the process has finished its I/O. If this happens
often, then throughput drops and latencies grow. For this reason, the
timeout is kept rather low: 8 ms is the current default.
Unfortunately, such a low value may cause, on the opposite end, a
violation of bandwidth guarantees for a process that happens to issue
new I/O too late. The higher the system load, the higher the
probability that this happens to some process. This is a problem in
scenarios where service guarantees matter more than throughput. One
important case are weight-raised queues, which need to be granted a
very high fraction of the bandwidth.
To address this issue, this commit lower-bounds the plugging timeout
for weight-raised queues to 20 ms. This simple change provides
relevant benefits. For example, on a PLEXTOR PX-256M5S, with which
gnome-terminal starts in 0.6 seconds if there is no other I/O in
progress, the same applications starts in
- 0.8 seconds, instead of 1.2 seconds, if ten files are being read
sequentially in parallel
- 1 second, instead of 2 seconds, if, in parallel, five files are
being read sequentially, and five more files are being written
sequentially
Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com>
Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit fbc2a15e3433058582e5635aabe48a3011a644a8 ]
With holding queue's kobject refcount, it is safe for driver
to schedule requeue. However, blk_mq_kick_requeue_list() may
be called after blk_sync_queue() is done because of concurrent
requeue activities, then requeue work may not be completed when
freeing queue, and kernel oops is triggered.
So moving the cancel of requeue_work into blk_mq_release() for
avoiding race between requeue and freeing queue.
Cc: Dongli Zhang <dongli.zhang@oracle.com>
Cc: James Smart <james.smart@broadcom.com>
Cc: Bart Van Assche <bart.vanassche@wdc.com>
Cc: linux-scsi@vger.kernel.org,
Cc: Martin K . Petersen <martin.petersen@oracle.com>,
Cc: Christoph Hellwig <hch@lst.de>,
Cc: James E . J . Bottomley <jejb@linux.vnet.ibm.com>,
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Tested-by: James Smart <james.smart@broadcom.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzxMDsACgkQONu9yGCS
aT6kjxAAvyKCDNGaQgBXGXe6xvBK7ad+mk+MU6WVycN+PIQzA8zVfR7RcGJgEP8t
65QrePyacMe5bmSgTnUKGz6DpwpWbCMamyftjoaPWIhxDFmQy7FB9ANOVoPDBw49
+jKT30ioBSI6LYQDU4xhxDO01HVEXmmLZquqYDfLoHOMLeXCivfTlM7PQPfxMZzn
fdeLtvfCnfMiftkXZjGqaWoUAnrlTmncQk9nXMcDgxrGy9pHJ6B1WWE5ygqr4Z5s
MaKfHotCSYD/eP8JsyIdJg+iMESv5Z0ZDCjbVslm81fCLeUD6atdnmpYxCphmT7Q
ifN23i4FJrXBX4xLpD9RYzavH3+hQzqb2pt02aBZRW0OLFK0qjYrkdayjwWGOIUI
zK9bgfHiiNKtoyvakQJ09uMhpO2thWeTMh8a6iBLTQ5Koi60adW1l5GrPuTTZYG7
V8xNB2cLsUktDsAr1I/kwrCMlE/oNFgy2La5zMzmELnFTUJRlMAoAGaa1DPcOFLt
QVdT8luJMu+1KTeMZPoK/7QQGszMDTAot4+Ys56KyPQ6zN/rGr2vm7kHYn41FyEp
KXpyeIm0/RKxUysz2Fyx+dL75e4ZhBof+amQ7Kotz6bF45o+ZwJ7THT6XKIOoln5
E7iI5RhQMZ2WuVIHLKa0QFBRn4RPpzie1lwOXWAAF6oqNgewXHw=
=fjPE
-----END PGP SIGNATURE-----
Merge 4.19.47 into android-4.19
Changes in 4.19.47
x86: Hide the int3_emulate_call/jmp functions from UML
ext4: do not delete unlinked inode from orphan list on failed truncate
ext4: wait for outstanding dio during truncate in nojournal mode
f2fs: Fix use of number of devices
KVM: x86: fix return value for reserved EFER
bio: fix improper use of smp_mb__before_atomic()
sbitmap: fix improper use of smp_mb__before_atomic()
Revert "scsi: sd: Keep disk read-only when re-reading partition"
crypto: vmx - CTR: always increment IV as quadword
mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem
mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem
kvm: svm/avic: fix off-by-one in checking host APIC ID
libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead
arm64/kernel: kaslr: reduce module randomization range to 2 GB
arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable
gfs2: Fix sign extension bug in gfs2_update_stats
btrfs: don't double unlock on error in btrfs_punch_hole
Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path
Btrfs: avoid fallback to transaction commit during fsync of files with holes
Btrfs: fix race between ranged fsync and writeback of adjacent ranges
btrfs: sysfs: Fix error path kobject memory leak
btrfs: sysfs: don't leak memory when failing add fsid
udlfb: fix some inconsistent NULL checking
fbdev: fix divide error in fb_var_to_videomode
NFSv4.2 fix unnecessary retry in nfs4_copy_file_range
NFSv4.1 fix incorrect return value in copy_file_range
bpf: add bpf_jit_limit knob to restrict unpriv allocations
brcmfmac: assure SSID length from firmware is limited
brcmfmac: add subtype check for event handling in data path
arm64: errata: Add workaround for Cortex-A76 erratum #1463225
btrfs: honor path->skip_locking in backref code
ovl: relax WARN_ON() for overlapping layers use case
fbdev: fix WARNING in __alloc_pages_nodemask bug
media: cpia2: Fix use-after-free in cpia2_exit
media: serial_ir: Fix use-after-free in serial_ir_init_module
media: vb2: add waiting_in_dqbuf flag
media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
bpf: devmap: fix use-after-free Read in __dev_map_entry_free
batman-adv: mcast: fix multicast tt/tvlv worker locking
at76c50x-usb: Don't register led_trigger if usb_register_driver failed
acct_on(): don't mess with freeze protection
Revert "btrfs: Honour FITRIM range constraints during free space trim"
gfs2: Fix lru_count going negative
cxgb4: Fix error path in cxgb4_init_module
NFS: make nfs_match_client killable
IB/hfi1: Fix WQ_MEM_RECLAIM warning
gfs2: Fix occasional glock use-after-free
mmc: core: Verify SD bus width
tools/bpf: fix perf build error with uClibc (seen on ARC)
selftests/bpf: set RLIMIT_MEMLOCK properly for test_libbpf_open.c
bpftool: exclude bash-completion/bpftool from .gitignore pattern
dmaengine: tegra210-dma: free dma controller in remove()
net: ena: gcc 8: fix compilation warning
hv_netvsc: fix race that may miss tx queue wakeup
Bluetooth: Ignore CC events not matching the last HCI command
pinctrl: zte: fix leaked of_node references
ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE
usb: dwc2: gadget: Increase descriptors count for ISOC's
usb: dwc3: move synchronize_irq() out of the spinlock protected block
ASoC: hdmi-codec: unlock the device on startup errors
powerpc/perf: Return accordingly on invalid chip-id in
powerpc/boot: Fix missing check of lseek() return value
powerpc/perf: Fix loop exit condition in nest_imc_event_init
ASoC: imx: fix fiq dependencies
spi: pxa2xx: fix SCR (divisor) calculation
brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler()
ACPI / property: fix handling of data_nodes in acpi_get_next_subnode()
drm/nouveau/bar/nv50: ensure BAR is mapped
media: stm32-dcmi: return appropriate error codes during probe
ARM: vdso: Remove dependency with the arch_timer driver internals
arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable
powerpc/watchdog: Use hrtimers for per-CPU heartbeat
sched/cpufreq: Fix kobject memleak
scsi: qla2xxx: Fix a qla24xx_enable_msix() error path
scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending()
scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session()
scsi: qla2xxx: Fix hardirq-unsafe locking
x86/modules: Avoid breaking W^X while loading modules
Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve
btrfs: fix panic during relocation after ENOSPC before writeback happens
btrfs: Don't panic when we can't find a root key
iwlwifi: pcie: don't crash on invalid RX interrupt
rtc: 88pm860x: prevent use-after-free on device remove
rtc: stm32: manage the get_irq probe defer case
scsi: qedi: Abort ep termination if offload not scheduled
s390/kexec_file: Fix detection of text segment in ELF loader
sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs
w1: fix the resume command API
s390: qeth: address type mismatch warning
dmaengine: pl330: _stop: clear interrupt status
mac80211/cfg80211: update bss channel on channel switch
libbpf: fix samples/bpf build failure due to undefined UINT32_MAX
slimbus: fix a potential NULL pointer dereference in of_qcom_slim_ngd_register
ASoC: fsl_sai: Update is_slave_mode with correct value
mwifiex: prevent an array overflow
rsi: Fix NULL pointer dereference in kmalloc
net: cw1200: fix a NULL pointer dereference
nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE
nvme-rdma: fix a NULL deref when an admin connect times out
crypto: sun4i-ss - Fix invalid calculation of hash end
bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set
bcache: return error immediately in bch_journal_replay()
bcache: fix failure in journal relplay
bcache: add failure check to run_cache_set() for journal replay
bcache: avoid clang -Wunintialized warning
RDMA/cma: Consider scope_id while binding to ipv6 ll address
vfio-ccw: Do not call flush_workqueue while holding the spinlock
vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev
x86/build: Move _etext to actual end of .text
smpboot: Place the __percpu annotation correctly
x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault()
mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions
Bluetooth: hci_qca: Give enough time to ROME controller to bootup.
HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
pinctrl: pistachio: fix leaked of_node references
pinctrl: samsung: fix leaked of_node references
clk: rockchip: undo several noc and special clocks as critical on rk3288
perf/arm-cci: Remove broken race mitigation
dmaengine: at_xdmac: remove BUG_ON macro in tasklet
media: coda: clear error return value before picture run
media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
media: au0828: stop video streaming only when last user stops
media: ov2659: make S_FMT succeed even if requested format doesn't match
audit: fix a memory leak bug
media: stm32-dcmi: fix crash when subdev do not expose any formats
media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
media: pvrusb2: Prevent a buffer overflow
iio: adc: stm32-dfsdm: fix unmet direct dependencies detected
block: fix use-after-free on gendisk
powerpc/numa: improve control of topology updates
powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX
random: fix CRNG initialization when random.trust_cpu=1
random: add a spinlock_t to struct batched_entropy
cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock
sched/core: Check quota and period overflow at usec to nsec conversion
sched/rt: Check integer overflow at usec to nsec conversion
sched/core: Handle overflow in cpu_shares_write_u64
staging: vc04_services: handle kzalloc failure
drm/msm: a5xx: fix possible object reference leak
irq_work: Do not raise an IPI when queueing work on the local CPU
thunderbolt: Take domain lock in switch sysfs attribute callbacks
s390/qeth: handle error from qeth_update_from_chp_desc()
USB: core: Don't unbind interfaces following device reset failure
x86/irq/64: Limit IST stack overflow check to #DB stack
drm: etnaviv: avoid DMA API warning when importing buffers
phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode
phy: mapphone-mdm6600: add gpiolib dependency
i40e: Able to add up to 16 MAC filters on an untrusted VF
i40e: don't allow changes to HW VLAN stripping on active port VLANs
ACPI/IORT: Reject platform device creation on NUMA node mapping failure
arm64: vdso: Fix clock_getres() for CLOCK_REALTIME
RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
perf/x86/msr: Add Icelake support
perf/x86/intel/rapl: Add Icelake support
perf/x86/intel/cstate: Add Icelake support
hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
scsi: libsas: Do discovery on empty PHY to update PHY info
mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
mmc_spi: add a status check for spi_sync_locked
mmc: sdhci-of-esdhc: add erratum eSDHC5 support
mmc: sdhci-of-esdhc: add erratum A-009204 support
mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
drm/amdgpu: fix old fence check in amdgpu_fence_emit
PM / core: Propagate dev->power.wakeup_path when no callbacks
clk: rockchip: Fix video codec clocks on rk3288
extcon: arizona: Disable mic detect if running when driver is removed
clk: rockchip: Make rkpwm a critical clock on rk3288
s390: zcrypt: initialize variables before_use
x86/microcode: Fix the ancient deprecated microcode loading method
s390/mm: silence compiler warning when compiling without CONFIG_PGSTE
s390: cio: fix cio_irb declaration
selftests: cgroup: fix cleanup path in test_memcg_subtree_control()
qmi_wwan: Add quirk for Quectel dynamic config
cpufreq: ppc_cbe: fix possible object reference leak
cpufreq/pasemi: fix possible object reference leak
cpufreq: pmac32: fix possible object reference leak
cpufreq: kirkwood: fix possible object reference leak
block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR
x86/build: Keep local relocations with ld.lld
drm/pl111: fix possible object reference leak
iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
iio: hmc5843: fix potential NULL pointer dereferences
iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data
iio: adc: ti-ads7950: Fix improper use of mlock
selftests/bpf: ksym_search won't check symbols exists
rtlwifi: fix a potential NULL pointer dereference
mwifiex: Fix mem leak in mwifiex_tm_cmd
brcmfmac: fix missing checks for kmemdup
b43: shut up clang -Wuninitialized variable warning
brcmfmac: convert dev_init_lock mutex to completion
brcmfmac: fix WARNING during USB disconnect in case of unempty psq
brcmfmac: fix race during disconnect when USB completion is in progress
brcmfmac: fix Oops when bringing up interface during USB disconnect
rtc: xgene: fix possible race condition
rtlwifi: fix potential NULL pointer dereference
scsi: ufs: Fix regulator load and icc-level configuration
scsi: ufs: Avoid configuring regulator with undefined voltage range
drm/panel: otm8009a: Add delay at the end of initialization
arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext
x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP
x86/uaccess, signal: Fix AC=1 bloat
x86/ia32: Fix ia32_restore_sigcontext() AC leak
x86/uaccess: Fix up the fixup
chardev: add additional check for minor range overlap
RDMA/hns: Fix bad endianess of port_pd variable
sh: sh7786: Add explicit I/O cast to sh7786_mm_sel()
HID: core: move Usage Page concatenation to Main item
ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
cxgb3/l2t: Fix undefined behaviour
HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent
spi: tegra114: reset controller on probe
kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice.
media: video-mux: fix null pointer dereferences
media: wl128x: prevent two potential buffer overflows
media: gspca: Kill URBs on USB device disconnect
efifb: Omit memory map check on legacy boot
thunderbolt: property: Fix a missing check of kzalloc
thunderbolt: Fix to check the return value of kmemdup
timekeeping: Force upper bound for setting CLOCK_REALTIME
scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check
virtio_console: initialize vtermno value for ports
tty: ipwireless: fix missing checks for ioremap
overflow: Fix -Wtype-limits compilation warnings
x86/mce: Fix machine_check_poll() tests for error types
rcutorture: Fix cleanup path for invalid torture_type strings
x86/mce: Handle varying MCA bank counts
rcuperf: Fix cleanup path for invalid perf_type strings
usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
scsi: qla4xxx: avoid freeing unallocated dma memory
scsi: lpfc: avoid uninitialized variable warning
selinux: avoid uninitialized variable warning
batman-adv: allow updating DAT entry timeouts on incoming ARP Replies
dmaengine: tegra210-adma: use devm_clk_*() helpers
hwrng: omap - Set default quality
thunderbolt: Fix to check return value of ida_simple_get
thunderbolt: Fix to check for kmemdup failure
drm/amd/display: fix releasing planes when exiting odm
thunderbolt: property: Fix a NULL pointer dereference
e1000e: Disable runtime PM on CNP+
tinydrm/mipi-dbi: Use dma-safe buffers for all SPI transfers
igb: Exclude device from suspend direct complete optimization
media: si2165: fix a missing check of return value
media: dvbsky: Avoid leaking dvb frontend
media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
media: staging: davinci_vpfe: disallow building with COMPILE_TEST
drm/amd/display: Fix Divide by 0 in memory calculations
drm/amd/display: Set stream->mode_changed when connectors change
scsi: ufs: fix a missing check of devm_reset_control_get
media: vimc: stream: fix thread state before sleep
media: gspca: do not resubmit URBs when streaming has stopped
media: go7007: avoid clang frame overflow warning with KASAN
media: vimc: zero the media_device on probe
scsi: lpfc: Fix FDMI manufacturer attribute value
scsi: lpfc: Fix fc4type information for FDMI
media: saa7146: avoid high stack usage with clang
scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
spi : spi-topcliff-pch: Fix to handle empty DMA buffers
drm/omap: dsi: Fix PM for display blank with paired dss_pll calls
spi: rspi: Fix sequencer reset during initialization
spi: imx: stop buffer overflow in RX FIFO flush
spi: Fix zero length xfer bug
ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
drm/v3d: Handle errors from IRQ setup.
drm/drv: Hold ref on parent device during drm_device lifetime
drm: Wake up next in drm_read() chain if we are forced to putback the event
drm/sun4i: dsi: Change the start delay calculation
vfio-ccw: Prevent quiesce function going into an infinite loop
drm/sun4i: dsi: Enforce boundaries on the start delay
NFS: Fix a double unlock from nfs_match,get_client
Linux 4.19.47
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 78bf47353b0041865564deeed257a54f047c2fdc ]
The implementation of IOC_OPAL_ENABLE_DISABLE_MBR handled the value
opal_mbr_data.enable_disable incorrectly: enable_disable is expected
to be one of OPAL_MBR_ENABLE(0) or OPAL_MBR_DISABLE(1). enable_disable
was passed directly to set_mbr_done and set_mbr_enable_disable where
is was interpreted as either OPAL_TRUE(1) or OPAL_FALSE(0). The end
result was that calling IOC_OPAL_ENABLE_DISABLE_MBR with OPAL_MBR_ENABLE
actually disabled the shadow MBR and vice versa.
This patch adds correct conversion from OPAL_MBR_DISABLE/ENABLE to
OPAL_FALSE/TRUE. The change affects existing programs using
IOC_OPAL_ENABLE_DISABLE_MBR but this is typically used only once when
setting up an Opal drive.
Acked-by: Jon Derrick <jonathan.derrick@intel.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Scott Bauer <sbauer@plzdonthack.me>
Signed-off-by: David Kozub <zub@linux.fjfi.cvut.cz>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2c88e3c7ec32d7a40cc7c9b4a487cf90e4671bdd ]
commit 2da78092dd "block: Fix dev_t minor allocation lifetime"
specifically moved blk_free_devt(dev->devt) call to part_release()
to avoid reallocating device number before the device is fully
shutdown.
However, it can cause use-after-free on gendisk in get_gendisk().
We use md device as example to show the race scenes:
Process1 Worker Process2
md_free
blkdev_open
del_gendisk
add delete_partition_work_fn() to wq
__blkdev_get
get_gendisk
put_disk
disk_release
kfree(disk)
find part from ext_devt_idr
get_disk_and_module(disk)
cause use after free
delete_partition_work_fn
put_device(part)
part_release
remove part from ext_devt_idr
Before <devt, hd_struct pointer> is removed from ext_devt_idr by
delete_partition_work_fn(), we can find the devt and then access
gendisk by hd_struct pointer. But, if we access the gendisk after
it have been freed, it can cause in use-after-freeon gendisk in
get_gendisk().
We fix this by adding a new helper blk_invalidate_devt() in
delete_partition() and del_gendisk(). It replaces hd_struct
pointer in idr with value 'NULL', and deletes the entry from
idr in part_release() as we do now.
Thanks to Jan Kara for providing the solution and more clear comments
for the code.
Fixes: 2da78092dd ("block: Fix dev_t minor allocation lifetime")
Cc: Al Viro <viro@zeniv.linux.org.uk>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Keith Busch <keith.busch@intel.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Suggested-by: Jan Kara <jack@suse.cz>
Signed-off-by: Yufen Yu <yuyufen@huawei.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzdoMwACgkQONu9yGCS
aT5H9RAAkvsM0ryV/0BLcS7bAc2qXHz3shwcqMRHeqLSHCI728Ew3vbrenquQ9ou
I1I2gXVjVr3fT5IrNeEKC/RJg5EvUBD25dm3Iei9cTf8kqnnFaEqQFe+jIvVOMfR
zr//hEG3lOO5tLtyK1pnZxrW1uKl7B+1O64bVMpHSola+5teV51r/PxqYM5lNKYm
A0YhhcrTZ4f1ZY1nctgb3g5XousPHJAMhe8ACv6zO7I+eWwn410nUeAJL7WK8SvL
UqW0xgLAkKsYrriaDCPC9VeOVMUetCHeT9KbYQ8W9p+kb5bMQua4d/YJtCxulnqH
TAQosuCVSVoq+jQIZS+El4+teCQW/aAkHFGo+08e9ti+trEliz2u2PxiloZoGlxl
M4iIPwjkp7YJ9WHoVdNjObPiv5vt+2pWDEPhB7p++nsk5/2ArbShqWVDREj09SRp
RpOJ7UGl+Nckk8IppfQgRUOlVyMW6a+Fw7GX7dxnyh9U1g48w5ebNTVeUvKxQVCJ
a99U9qqGRgmEsgicnOXs4tRMYuU0gn3j0Qjhd9G2xYijh8ElMLgTJyv+2JiUIavC
nXmSVW3G54dR7N94aDfWm/z85w/uFmTmT4BiqNuc4/gHVyyk12Q9RbsV4T617xls
wiCkGoLKlpi9cp6abxB9H+oav9PdZd9ztwZMSB35k1AIgh6oeo0=
=v14F
-----END PGP SIGNATURE-----
Merge 4.19.44 into android-4.19
Changes in 4.19.44
bfq: update internal depth state when queue depth changes
platform/x86: sony-laptop: Fix unintentional fall-through
platform/x86: thinkpad_acpi: Disable Bluetooth for some machines
platform/x86: dell-laptop: fix rfkill functionality
hwmon: (pwm-fan) Disable PWM if fetching cooling data fails
kernfs: fix barrier usage in __kernfs_new_node()
virt: vbox: Sanity-check parameter types for hgcm-calls coming from userspace
USB: serial: fix unthrottle races
iio: adc: xilinx: fix potential use-after-free on remove
iio: adc: xilinx: fix potential use-after-free on probe
iio: adc: xilinx: prevent touching unclocked h/w on remove
acpi/nfit: Always dump _DSM output payload
libnvdimm/namespace: Fix a potential NULL pointer dereference
HID: input: add mapping for Expose/Overview key
HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
HID: input: add mapping for "Toggle Display" key
libnvdimm/btt: Fix a kmemdup failure check
s390/dasd: Fix capacity calculation for large volumes
mac80211: fix unaligned access in mesh table hash function
mac80211: Increase MAX_MSG_LEN
cfg80211: Handle WMM rules in regulatory domain intersection
mac80211: fix memory accounting with A-MSDU aggregation
nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands
libnvdimm/pmem: fix a possible OOB access when read and write pmem
s390/3270: fix lockdep false positive on view->lock
drm/amd/display: extending AUX SW Timeout
clocksource/drivers/npcm: select TIMER_OF
clocksource/drivers/oxnas: Fix OX820 compatible
selftests: fib_tests: Fix 'Command line is not complete' errors
mISDN: Check address length before reading address family
vxge: fix return of a free'd memblock on a failed dma mapping
qede: fix write to free'd pointer error and double free of ptp
afs: Unlock pages for __pagevec_release()
drm/amd/display: If one stream full updates, full update all planes
s390/pkey: add one more argument space for debug feature entry
x86/build/lto: Fix truncated .bss with -fdata-sections
x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T
KVM: fix spectrev1 gadgets
KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing
tools lib traceevent: Fix missing equality check for strcmp
ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash
ocelot: Don't sleep in atomic context (irqs_disabled())
scsi: aic7xxx: fix EISA support
mm: fix inactive list balancing between NUMA nodes and cgroups
init: initialize jump labels before command line option parsing
selftests: netfilter: check icmp pkttoobig errors are set as related
ipvs: do not schedule icmp errors from tunnels
netfilter: ctnetlink: don't use conntrack/expect object addresses as id
netfilter: nf_tables: prevent shift wrap in nft_chain_parse_hook()
MIPS: perf: ath79: Fix perfcount IRQ assignment
s390: ctcm: fix ctcm_new_device error return code
drm/sun4i: Set device driver data at bind time for use in unbind
drm/sun4i: Fix component unbinding and component master deletion
selftests/net: correct the return value for run_netsocktests
netfilter: fix nf_l4proto_log_invalid to log invalid packets
gpu: ipu-v3: dp: fix CSC handling
drm/imx: don't skip DP channel disable for background plane
ARM: 8856/1: NOMMU: Fix CCR register faulty initialization when MPU is disabled
spi: Micrel eth switch: declare missing of table
spi: ST ST95HF NFC: declare missing of table
drm/sun4i: Unbind components before releasing DRM and memory
Input: synaptics-rmi4 - fix possible double free
RDMA/hns: Bugfix for mapping user db
mm/memory_hotplug.c: drop memory device reference after find_memory_block()
powerpc/smp: Fix NMI IPI timeout
powerpc/smp: Fix NMI IPI xmon timeout
net: dsa: mv88e6xxx: fix few issues in mv88e6390x_port_set_cmode
mm/memory.c: fix modifying of page protection by insert_pfn()
usb: typec: Fix unchecked return value
netfilter: nf_tables: use-after-free in dynamic operations
netfilter: nf_tables: add missing ->release_ops() in error path of newrule()
net: fec: manage ahb clock in runtime pm
mlxsw: spectrum_switchdev: Add MDB entries in prepare phase
mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue
mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue
mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue
net/tls: fix the IV leaks
net: strparser: partially revert "strparser: Call skb_unclone conditionally"
NFC: nci: Add some bounds checking in nci_hci_cmd_received()
nfc: nci: Potential off by one in ->pipes[] array
x86/kprobes: Avoid kretprobe recursion bug
cw1200: fix missing unlock on error in cw1200_hw_scan()
mwl8k: Fix rate_idx underflow
rtlwifi: rtl8723ae: Fix missing break in switch statement
Don't jump to compute_result state from check_result state
um: Don't hardcode path as it is architecture dependent
powerpc/64s: Include cpu header
bonding: fix arp_validate toggling in active-backup mode
bridge: Fix error path for kobject_init_and_add()
dpaa_eth: fix SG frame cleanup
fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied
ipv4: Fix raw socket lookup for local traffic
net: dsa: Fix error cleanup path in dsa_init_module
net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering
net: macb: Change interrupt and napi enable order in open
net: seeq: fix crash caused by not set dev.parent
net: ucc_geth - fix Oops when changing number of buffers in the ring
packet: Fix error path in packet_init
selinux: do not report error on connect(AF_UNSPEC)
vlan: disable SIOCSHWTSTAMP in container
vrf: sit mtu should not be updated when vrf netdev is the link
tuntap: fix dividing by zero in ebpf queue selection
tuntap: synchronize through tfiles array instead of tun->numqueues
isdn: bas_gigaset: use usb_fill_int_urb() properly
tipc: fix hanging clients using poll with EPOLLOUT flag
drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
powerpc/book3s/64: check for NULL pointer in pgd_alloc()
powerpc/powernv/idle: Restore IAMR after idle
powerpc/booke64: set RI in default MSR
PCI: hv: Fix a memory leak in hv_eject_device_work()
PCI: hv: Add hv_pci_remove_slots() when we unload the driver
PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary
Linux 4.19.44
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 77f1e0a52d26242b6c2dba019f6ebebfb9ff701e upstream
A previous commit moved the shallow depth and BFQ depth map calculations
to be done at init time, moving it outside of the hotter IO path. This
potentially causes hangs if the users changes the depth of the scheduler
map, by writing to the 'nr_requests' sysfs file for that device.
Add a blk-mq-sched hook that allows blk-mq to inform the scheduler if
the depth changes, so that the scheduler can update its internal state.
Signed-off-by: Eric Wheeler <bfq@linux.ewheeler.net>
Tested-by: Kai Krakow <kai@kaishome.de>
Reported-by: Paolo Valente <paolo.valente@linaro.org>
Fixes: f0635b8a41 ("bfq: calculate shallow depths at init time")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
If group_idle is made per io cgroup tunable, it gives more flexibility
in tuning the performance of each group. If no value is set, it will
just use the original default value.
Bug: 117857342
Bug: 132282125
Test: values could be set to each group correctly
Signed-off-by: Rick Yiu <rickyiu@google.com>
Change-Id: I9aba172419f1819f459e8305b909630fa8305978
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzSZ3MACgkQONu9yGCS
aT7f2hAAww50MxygeVQXgB0zJ7oSlEBwJAUH1GRCj1ual70pDoK9W8iuacPI4gNu
+A0V4cD+lndMZ8E+F9/Vmzhmj/xHdxRfCkRmtnpa5IKUJqA/bLr1kdspYO6G354G
ZBGvizvmFaAikbqNSnoadQZ5AYoT/C4FxxD6t/meQtnwmrK+OhRlh1xCkTddAbQo
UEPDns9pxqrwHK7tS0GbPXLWgsr4y7BPq92ILdt/GFZGmEBJa0+tf66/DF+RMKjD
OCmAkiFr+hN8KScUHeZpJKdmI3s7dHEUnQnwkHyC1TwjEXwxhtA0QZgzl9j1F8JI
f27kbJrpmYuw2QADJyZmCnTiqBo7XglItxEZ2csJKyV7+jFFlzKT4S26iyrHwgXp
BTdSuTaVe2Ubp/EiULwoSsmxaIyW6fROotQK/x4oB0eDm+OSXq217nnbnF2MRpMb
eOqzRPCd5CvL8+7T9rc0kOJcDuK/9h95OjzZWBo9rDGz0glxlokw7cJ4fUyrJMPo
kcw7ZIRRHLtKGTD/ZKX3XrErAqz9I4RAEzBRAXT6W0is7PUi00vFNcOU4ThNSsSK
ihfuHsp9Jq/SKEUl6/CumU8e91LWv77/gqYxLLuygpuKLFLpMMc/PQOruxXT6ojx
QC/KIUtcMfTP+xy23Wg2UQ1BXhl+HcfShXzvcEXxHzjgHpglKvc=
=S4RT
-----END PGP SIGNATURE-----
Merge 4.19.41 into android-4.19
Changes in 4.19.41
iwlwifi: fix driver operation for 5350
mwifiex: Make resume actually do something useful again on SDIO cards
mac80211: don't attempt to rename ERR_PTR() debugfs dirs
i2c: synquacer: fix enumeration of slave devices
i2c: imx: correct the method of getting private data in notifier_call
i2c: Remove unnecessary call to irq_find_mapping
i2c: Clear client->irq in i2c_device_remove
i2c: Allow recovery of the initial IRQ by an I2C client device.
i2c: Prevent runtime suspend of adapter when Host Notify is required
ALSA: hda/realtek - Add new Dell platform for headset mode
ALSA: hda/realtek - Fixed Dell AIO speaker noise
ALSA: hda/realtek - Apply the fixup for ASUS Q325UAR
USB: yurex: Fix protection fault after device removal
USB: w1 ds2490: Fix bug caused by improper use of altsetting array
USB: dummy-hcd: Fix failure to give back unlinked URBs
usb: usbip: fix isoc packet num validation in get_pipe
USB: core: Fix unterminated string returned by usb_string()
USB: core: Fix bug caused by duplicate interface PM usage counter
nvme-loop: init nvmet_ctrl fatal_err_work when allocate
efi: Fix debugobjects warning on 'efi_rts_work'
arm64: dts: rockchip: fix rk3328-roc-cc gmac2io tx/rx_delay
HID: logitech: check the return value of create_singlethread_workqueue
HID: debug: fix race condition with between rdesc_show() and device removal
rtc: cros-ec: Fail suspend/resume if wake IRQ can't be configured
rtc: sh: Fix invalid alarm warning for non-enabled alarm
batman-adv: Reduce claim hash refcnt only for removed entry
batman-adv: Reduce tt_local hash refcnt only for removed entry
batman-adv: Reduce tt_global hash refcnt only for removed entry
batman-adv: fix warning in function batadv_v_elp_get_throughput
ARM: dts: rockchip: Fix gpu opp node names for rk3288
reset: meson-audio-arb: Fix missing .owner setting of reset_controller_dev
igb: Fix WARN_ONCE on runtime suspend
riscv: fix accessing 8-byte variable from RV32
HID: quirks: Fix keyboard + touchpad on Lenovo Miix 630
net: hns3: fix compile error
net/mlx5: E-Switch, Fix esw manager vport indication for more vport commands
bonding: show full hw address in sysfs for slave entries
net: stmmac: use correct DMA buffer size in the RX descriptor
net: stmmac: ratelimit RX error logs
net: stmmac: don't stop NAPI processing when dropping a packet
net: stmmac: don't overwrite discard_frame status
net: stmmac: fix dropping of multi-descriptor RX frames
net: stmmac: don't log oversized frames
jffs2: fix use-after-free on symlink traversal
debugfs: fix use-after-free on symlink traversal
mfd: twl-core: Disable IRQ while suspended
block: use blk_free_flush_queue() to free hctx->fq in blk_mq_init_hctx
rtc: da9063: set uie_unsupported when relevant
HID: input: add mapping for Assistant key
vfio/pci: use correct format characters
scsi: core: add new RDAC LENOVO/DE_Series device
scsi: storvsc: Fix calculation of sub-channel count
arm/mach-at91/pm : fix possible object reference leak
arm64: fix wrong check of on_sdei_stack in nmi context
net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw()
net: hns: Use NAPI_POLL_WEIGHT for hns driver
net: hns: Fix probabilistic memory overwrite when HNS driver initialized
net: hns: fix ICMP6 neighbor solicitation messages discard problem
net: hns: Fix WARNING when remove HNS driver with SMMU enabled
libcxgb: fix incorrect ppmax calculation
KVM: SVM: prevent DBG_DECRYPT and DBG_ENCRYPT overflow
kmemleak: powerpc: skip scanning holes in the .bss section
hugetlbfs: fix memory leak for resv_map
sh: fix multiple function definition build errors
xsysace: Fix error handling in ace_setup
fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
ARM: orion: don't use using 64-bit DMA masks
ARM: iop: don't use using 64-bit DMA masks
block: pass no-op callback to INIT_WORK().
perf/x86/amd: Update generic hardware cache events for Family 17h
Bluetooth: btusb: request wake pin with NOAUTOEN
Bluetooth: mediatek: fix up an error path to restore bdev->tx_state
clk: qcom: Add missing freq for usb30_master_clk on 8998
staging: iio: adt7316: allow adt751x to use internal vref for all dacs
staging: iio: adt7316: fix the dac read calculation
staging: iio: adt7316: fix the dac write calculation
scsi: RDMA/srpt: Fix a credit leak for aborted commands
ASoC: Intel: bytcr_rt5651: Revert "Fix DMIC map headsetmic mapping"
ASoC: wm_adsp: Correct handling of compressed streams that restart
ASoC: stm32: fix sai driver name initialisation
platform/x86: intel_pmc_core: Fix PCH IP name
platform/x86: intel_pmc_core: Handle CFL regmap properly
IB/core: Unregister notifier before freeing MAD security
IB/core: Fix potential memory leak while creating MAD agents
IB/core: Destroy QP if XRC QP fails
Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
Input: stmfts - acknowledge that setting brightness is a blocking call
gpio: mxc: add check to return defer probe if clock tree NOT ready
selinux: avoid silent denials in permissive mode under RCU walk
selinux: never allow relabeling on context mounts
mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode
powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search
x86/mce: Improve error message when kernel cannot recover, p2
clk: x86: Add system specific quirk to mark clocks as critical
x86/mm/KASLR: Fix the size of the direct mapping section
x86/mm: Fix a crash with kmemleak_scan()
x86/mm/tlb: Revert "x86/mm: Align TLB invalidation info"
i2c: i2c-stm32f7: Fix SDADEL minimum formula
media: v4l2: i2c: ov7670: Fix PLL bypass register values
ASoC: wm_adsp: Check for buffer in trigger stop
mm/kmemleak.c: fix unused-function warning
Linux 4.19.41
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 2e3c18d0ada16f145087b2687afcad1748c0827c ]
syzbot is hitting flush_work() warning caused by commit 4d43d395fed12463
("workqueue: Try to catch flush_work() without INIT_WORK().") [1].
Although that commit did not expect INIT_WORK(NULL) case, calling
flush_work() without setting a valid callback should be avoided anyway.
Fix this problem by setting a no-op callback instead of NULL.
[1] https://syzkaller.appspot.com/bug?id=e390366bc48bc82a7c668326e0663be3b91cbd29
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reported-and-tested-by: syzbot <syzbot+ba2a929dcf8e704c180e@syzkaller.appspotmail.com>
Cc: Tejun Heo <tj@kernel.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
[sl: rename blk_timeout_work]
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAly6xzUACgkQONu9yGCS
aT5sIA//b7nAk2zuhmbkonsBfzFq5uBJmqXcCrOgy3XHMs4fE+Q11kLd1wMAV7dx
U7FNHe4PIJ8Rczxgqr2VP3VmFbV6UuTK+UTclJKfbV3ouIAQiQBuutABBmbDUj2p
FInc/yAYyhVc9n7gX78czTiUxKnKi4+sisUYDCZPr3hr6jDPcLvm/WVWdyrcXJje
rYFNmE/2MBH1NofG+MOpq+ILhKHXlf2APN2/spl+I42a8bwodiSl9g+dhuWr7wgT
Ln2Ocf7BZ6BPCQKoveZdD1Gd56NNR/lJh4ulqpuhaZw4Yp+B/C7GmrBtdPzVSGka
IwPWoSc9/9VSUl+ooSZHms78VLbqq0rNNclskL2bN6m962u04Eu7sB2Tg/bwUs52
Wkcw0DY4J/oMJtj/CMHcQOUPsk6vwHxqnjsj+LYJ1ZjHO68tUshnENxXrbAoDc45
2fuY3TCA+XqFvqNt5HbkLPtFR78u8QmZ1lP/Pkri6xoG/GA6O0EAxhS0Z9hncGK7
8wJNuxLMd2UX94wlajQ+DF7yyCU4HOFEdeSEOwlHHBid/fckXsGzL2tKJUAbbUPP
ux3An8kJHni8nQrmUkyy1Nx29ROyAFxBLOQshWGpXgJrV3qRMYLyB2Icv0WYCGFk
zZCTupPgvb46u81VzqxrLH4RZdy4Ar4uB3BQGPKs596rlYmvnSo=
=CArs
-----END PGP SIGNATURE-----
Merge 4.19.36 into android-4.19
Changes in 4.19.36
ARC: u-boot args: check that magic number is correct
arc: hsdk_defconfig: Enable CONFIG_BLK_DEV_RAM
inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch()
perf/core: Restore mmap record type correctly
ext4: avoid panic during forced reboot
ext4: add missing brelse() in add_new_gdb_meta_bg()
ext4: report real fs size after failed resize
ALSA: echoaudio: add a check for ioremap_nocache
ALSA: sb8: add a check for request_region
auxdisplay: hd44780: Fix memory leak on ->remove()
drm/udl: use drm_gem_object_put_unlocked.
IB/mlx4: Fix race condition between catas error reset and aliasguid flows
i40iw: Avoid panic when handling the inetdev event
mmc: davinci: remove extraneous __init annotation
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
thermal/intel_powerclamp: fix __percpu declaration of worker_data
thermal: samsung: Fix incorrect check after code merge
thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs
thermal/int340x_thermal: Add additional UUIDs
thermal/int340x_thermal: fix mode setting
thermal/intel_powerclamp: fix truncated kthread name
scsi: iscsi: flush running unbind operations when removing a session
sched/cpufreq: Fix 32-bit math overflow
sched/core: Fix buffer overflow in cgroup2 property cpu.max
x86/mm: Don't leak kernel addresses
tools/power turbostat: return the exit status of a command
perf list: Don't forget to drop the reference to the allocated thread_map
perf config: Fix an error in the config template documentation
perf config: Fix a memory leak in collect_config()
perf build-id: Fix memory leak in print_sdt_events()
perf top: Fix error handling in cmd_top()
perf hist: Add missing map__put() in error case
perf evsel: Free evsel->counts in perf_evsel__exit()
perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test
perf tests: Fix memory leak by expr__find_other() in test__expr()
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
ACPI / utils: Drop reference in test for device presence
PM / Domains: Avoid a potential deadlock
blk-iolatency: #include "blk.h"
drm/exynos/mixer: fix MIXER shadow registry synchronisation code
irqchip/stm32: Don't clear rising/falling config registers at init
irqchip/mbigen: Don't clear eventid when freeing an MSI
x86/hpet: Prevent potential NULL pointer dereference
x86/hyperv: Prevent potential NULL pointer dereference
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure
iommu/vt-d: Check capability before disabling protected memory
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
fix incorrect error code mapping for OBJECTID_NOT_FOUND
x86/gart: Exclude GART aperture from kcore
ext4: prohibit fstrim in norecovery mode
drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up
gpio: pxa: handle corner case of unprobed device
rsi: improve kernel thread handling to fix kernel panic
f2fs: fix to avoid NULL pointer dereference on se->discard_map
9p: do not trust pdu content for stat item size
9p locks: add mount option for lock retry interval
ASoC: Fix UBSAN warning at snd_soc_get/put_volsw_sx()
f2fs: fix to do sanity check with current segment number
netfilter: xt_cgroup: shrink size of v2 path
serial: uartps: console_setup() can't be placed to init section
powerpc/pseries: Remove prrn_work workqueue
media: au0828: cannot kfree dev before usb disconnect
Bluetooth: Fix debugfs NULL pointer dereference
HID: i2c-hid: override HID descriptors for certain devices
pinctrl: core: make sure strcmp() doesn't get a null parameter
ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
usbip: fix vhci_hcd controller counting
ACPI / SBS: Fix GPE storm on recent MacBookPro's
HID: usbhid: Add quirk for Redragon/Dragonrise Seymur 2
KVM: nVMX: restore host state in nested_vmx_vmexit for VMFail
compiler.h: update definition of unreachable()
netfilter: nf_flow_table: remove flowtable hook flush routine in netns exit routine
f2fs: cleanup dirty pages if recover failed
net: stmmac: Set OWN bit for jumbo frames
cifs: fallback to older infolevels on findfirst queryinfo retry
kernel: hung_task.c: disable on suspend
platform/x86: Add Intel AtomISP2 dummy / power-management driver
drm/ttm: Fix bo_global and mem_global kfree error
ALSA: hda: fix front speakers on Huawei MBXP
ACPI: EC / PM: Disable non-wakeup GPEs for suspend-to-idle
net/rds: fix warn in rds_message_alloc_sgs
xfrm: destroy xfrm_state synchronously on net exit path
crypto: sha256/arm - fix crash bug in Thumb2 build
crypto: sha512/arm - fix crash bug in Thumb2 build
net: ip6_gre: fix possible NULL pointer dereference in ip6erspan_set_version
iommu/dmar: Fix buffer overflow during PCI bus notification
scsi: core: Avoid that system resume triggers a kernel warning
soc/tegra: pmc: Drop locking from tegra_powergate_is_powered()
lkdtm: Print real addresses
lkdtm: Add tests for NULL pointer dereference
drm/panel: panel-innolux: set display off in innolux_panel_unprepare
crypto: axis - fix for recursive locking from bottom half
Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk"
coresight: cpu-debug: Support for CA73 CPUs
PCI: Blacklist power management of Gigabyte X299 DESIGNARE EX PCIe ports
drm/nouveau/volt/gf117: fix speedo readout register
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
drm/amdkfd: use init_mqd function to allocate object for hid_mqd (CI)
appletalk: Fix use-after-free in atalk_proc_exit
lib/div64.c: off by one in shift
rxrpc: Fix client call connect/disconnect race
f2fs: fix to dirty inode for i_mode recovery
include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
bpf: fix use after free in bpf_evict_inode
IB/hfi1: Failed to drain send queue when QP is put into error state
mm: hide incomplete nr_indirectly_reclaimable in /proc/zoneinfo
mm: hide incomplete nr_indirectly_reclaimable in sysfs
appletalk: Fix compile regression
Linux 4.19.36
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 373e915cd8e84544609eced57a44fbc084f8d60f ]
This patch avoids that the following warning is reported when building
with W=1:
block/blk-iolatency.c:734:5: warning: no previous prototype for 'blk_iolatency_init' [-Wmissing-prototypes]
Cc: Josef Bacik <jbacik@fb.com>
Fixes: d706751215 ("block: introduce blk-iolatency io controller") # v4.19
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAly2yf8ACgkQONu9yGCS
aT5OkA/+Jf3UWnM8MdPoxVUROYg6WRSMThvuKkcspkvXxXqu7Z9a/+meqdIZ0NDr
j+RdhCfZf7RRNpTpYB9jMqXXuRFhVWniAVM3/me2LxFvwyKkNqURyIz9azh7T0VW
nDa2NDQ9C0IyLFLW4cyzZncrmWntgW5XKZfVot1TMNpryHB4FPsKP5rInDQpSNIu
bbJBWuZziUqdEnk3TWuqdQr4ZTXgnjYSBaTbOQBU3F6E88TRmFIatyYovLcJCQh5
jBmXV3U6mGPZe64I+JXj8dTp32WD74afMX1YSZmjdLL6KgbD9a4k47UzpXzEbKT8
uMG057zPiYcwOyMCFZOWsCYIH7Yr4oMIAzOEyYcDI1uCuKd4aESdpgiWfUWambR8
BJO5oGELzLArMVWusWK7xBfm+Et2ePOFWC7V9MRVVQJLdAWkEafYuLoPqrhhqxQX
Iu3ThoY3UmEoNqi1345gmxQBJfbOqdK7CwQGzKOtiPNs0nyMfg62B9Rcr9O+FE5A
+womRQF2Tik1cZhXxkJVSD4f+orL+xuOu59ufvMTBe4co9tPVFm9Qp6SeWoOVuwZ
l8SS7DD5wb7vzDUZOO4KmA7D6p3YQWdBvGeN6jKqjASIFS9t5Sb+fNiKznTo/WCT
1I68sLm7/rs95+WazKu66ewW8bh91VAo+Gmpfo5zEJjcfajnDxY=
=F1Te
-----END PGP SIGNATURE-----
Merge 4.19.35 into android-4.19
Changes in 4.19.35
kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT
drm/i915/gvt: do not let pin count of shadow mm go negative
powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM
hv_netvsc: Fix unwanted wakeup after tx_disable
ibmvnic: Fix completion structure initialization
ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
ipv6: Fix dangling pointer when ipv6 fragment
ipv6: sit: reset ip header pointer in ipip6_rcv
kcm: switch order of device registration to fix a crash
net: ethtool: not call vzalloc for zero sized memory request
net-gro: Fix GRO flush when receiving a GSO packet.
net/mlx5: Decrease default mr cache size
netns: provide pure entropy for net_hash_mix()
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
net/sched: act_sample: fix divide by zero in the traffic path
net/sched: fix ->get helper of the matchall cls
openvswitch: fix flow actions reallocation
qmi_wwan: add Olicard 600
r8169: disable ASPM again
sctp: initialize _pad of sockaddr_in before copying to user memory
tcp: Ensure DCTCP reacts to losses
tcp: fix a potential NULL pointer dereference in tcp_sk_exit
vrf: check accept_source_route on the original netdevice
net/mlx5e: Fix error handling when refreshing TIRs
net/mlx5e: Add a lock on tir list
nfp: validate the return code from dev_queue_xmit()
nfp: disable netpoll on representors
bnxt_en: Improve RX consumer index validity check.
bnxt_en: Reset device on RX buffer errors.
net: ip_gre: fix possible use-after-free in erspan_rcv
net: ip6_gre: fix possible use-after-free in ip6erspan_rcv
net: core: netif_receive_skb_list: unlist skb before passing to pt->func
r8169: disable default rx interrupt coalescing on RTL8168
net: mlx5: Add a missing check on idr_find, free buf
net/mlx5e: Update xoff formula
net/mlx5e: Update xon formula
kbuild: deb-pkg: fix bindeb-pkg breakage when O= is used
kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
x86/vdso: Drop implicit common-page-size linker flag
lib/string.c: implement a basic bcmp
Revert "clk: meson: clean-up clock registration"
netfilter: nfnetlink_cttimeout: pass default timeout policy to obj_to_nlattr
netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too
arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region
tty: mark Siemens R3964 line discipline as BROKEN
tty: ldisc: add sysctl to prevent autoloading of ldiscs
hwmon: (w83773g) Select REGMAP_I2C to fix build error
ACPICA: Clear status of GPEs before enabling them
ACPICA: Namespace: remove address node from global list after method termination
ALSA: seq: Fix OOB-reads from strlcpy
ALSA: hda/realtek: Enable headset MIC of Acer TravelMate B114-21 with ALC233
ALSA: hda/realtek - Add quirk for Tuxedo XC 1509
ALSA: hda - Add two more machines to the power_save_blacklist
mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd()
arm64: dts: rockchip: fix rk3328 sdmmc0 write errors
parisc: Detect QEMU earlier in boot process
parisc: regs_return_value() should return gpr28
parisc: also set iaoq_b in instruction_pointer_set()
alarmtimer: Return correct remaining time
drm/i915/gvt: do not deliver a workload if its creation fails
drm/udl: add a release method and delay modeset teardown
kvm: svm: fix potential get_num_contig_pages overflow
include/linux/bitrev.h: fix constant bitrev
mm: writeback: use exact memcg dirty counts
ASoC: intel: Fix crash at suspend/resume after failed codec registration
ASoC: fsl_esai: fix channel swap issue when stream starts
Btrfs: do not allow trimming when a fs is mounted with the nologreplay option
btrfs: prop: fix zstd compression parameter validation
btrfs: prop: fix vanished compression property after failed set
riscv: Fix syscall_get_arguments() and syscall_set_arguments()
block: do not leak memory in bio_copy_user_iov()
block: fix the return errno for direct IO
genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n
virtio: Honour 'may_reduce_num' in vring_create_virtqueue
ARM: dts: rockchip: fix rk3288 cpu opp node reference
ARM: dts: am335x-evmsk: Correct the regulators for the audio codec
ARM: dts: am335x-evm: Correct the regulators for the audio codec
ARM: dts: at91: Fix typo in ISC_D0 on PC9
arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
arm64: dts: rockchip: fix rk3328 rgmii high tx error rate
arm64: backtrace: Don't bother trying to unwind the userspace stack
xen: Prevent buffer overflow in privcmd ioctl
sched/fair: Do not re-read ->h_load_next during hierarchical load calculation
xtensa: fix return_address
x86/asm: Remove dead __GNUC__ conditionals
x86/asm: Use stricter assembly constraints in bitops
x86/perf/amd: Resolve race condition when disabling PMC
x86/perf/amd: Resolve NMI latency issues for active PMCs
x86/perf/amd: Remove need to check "running" bit in NMI handler
PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
PCI: pciehp: Ignore Link State Changes after powering off a slot
dm integrity: change memcmp to strncmp in dm_integrity_ctr
dm: revert 8f50e35815 ("dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE")
dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors
dm integrity: fix deadlock with overlapping I/O
arm64: dts: rockchip: fix vcc_host1_5v pin assign on rk3328-rock64
arm64: dts: rockchip: Fix vcc_host1_5v GPIO polarity on rk3328-rock64
ACPICA: AML interpreter: add region addresses in global list during initialization
KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
KVM: x86: nVMX: fix x2APIC VTPR read intercept
Linux 4.19.35
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit a3761c3c91209b58b6f33bf69dd8bb8ec0c9d925 upstream.
When bio_add_pc_page() fails in bio_copy_user_iov() we should free
the page we just allocated otherwise we are leaking it.
Cc: linux-block@vger.kernel.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: stable@vger.kernel.org
Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
Signed-off-by: Jérôme Glisse <jglisse@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Greg Kroah-Hartman
Tejun Heo
Harshad Shirwadkar
Johannes Weiner
Damien Le Moal
Yufen Yu
zhengbin
Jianchao Wang
Ming Lei
Dennis Zhou
Liu Bo
Paolo Valente
Bart Van Assche
Wenwen Wang
Josef Bacik
Konstantin Khlebnikov
Douglas Anderson
Guilherme G. Piccoli
David Kozub
Jens Axboe
Rick Yiu
Tetsuo Handa
Shenghui Wang
Jérôme Glisse