This reverts commit bc751d322e as the
kabi can be updated at this point in time.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic38de1d64f2f581383836fe5036b9202a472554a
android_rvh_check_preempt_wakeup hook is in place to allow vendor
modules to force the running task preemption by the waking task.
Update the tracepoint to accept another input to not preempting
the current running task. The hook is moved further down so that
it can be updated to pass the sched_entity structure corresponding
to waking and running tasks in the next patch.
Bug: 184575210
Change-Id: Id4f45ba2819802636b6b86ed34c124771d0d69eb
Signed-off-by: Pavankumar Kondeti <quic_pkondeti@quicinc.com>
Add a restricted vendor hook to notify that a cpu controller
cgroup is online.
Bug: 184920911
Change-Id: I7d37f38c24ce146eabb4716a959aee703d71926e
Signed-off-by: Pavankumar Kondeti <quic_pkondeti@quicinc.com>
This reverts commit e21d2b9235
It breaks the abi but we can bring it back later on when the KABI update
happens in a few days.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7a5861c037be3e35973893d8c91eda9133bf8595
Changes in 5.10.28
arm64: mm: correct the inside linear map range during hotplug check
bpf: Fix fexit trampoline.
virtiofs: Fail dax mount if device does not support it
ext4: shrink race window in ext4_should_retry_alloc()
ext4: fix bh ref count on error paths
fs: nfsd: fix kconfig dependency warning for NFSD_V4
rpc: fix NULL dereference on kmalloc failure
iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate
ASoC: rt1015: fix i2c communication error
ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10
ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10
ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe
ASoC: es8316: Simplify adc_pga_gain_tlv table
ASoC: soc-core: Prevent warning if no DMI table is present
ASoC: cs42l42: Fix Bitclock polarity inversion
ASoC: cs42l42: Fix channel width support
ASoC: cs42l42: Fix mixer volume control
ASoC: cs42l42: Always wait at least 3ms after reset
NFSD: fix error handling in NFSv4.0 callbacks
kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for freezing
vhost: Fix vhost_vq_reset()
io_uring: fix ->flags races by linked timeouts
scsi: st: Fix a use after free in st_open()
scsi: qla2xxx: Fix broken #endif placement
staging: comedi: cb_pcidas: fix request_irq() warn
staging: comedi: cb_pcidas64: fix request_irq() warn
ASoC: rt5659: Update MCLK rate in set_sysclk()
ASoC: rt711: add snd_soc_component remove callback
thermal/core: Add NULL pointer check before using cooling device stats
locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling
locking/ww_mutex: Fix acquire/release imbalance in ww_acquire_init()/ww_acquire_fini()
nvmet-tcp: fix kmap leak when data digest in use
io_uring: imply MSG_NOSIGNAL for send[msg]()/recv[msg]() calls
static_call: Align static_call_is_init() patching condition
ext4: do not iput inode under running transaction in ext4_rename()
io_uring: call req_set_fail_links() on short send[msg]()/recv[msg]() with MSG_WAITALL
net: mvpp2: fix interrupt mask/unmask skip condition
flow_dissector: fix TTL and TOS dissection on IPv4 fragments
can: dev: move driver related infrastructure into separate subdir
net: introduce CAN specific pointer in the struct net_device
can: tcan4x5x: fix max register value
brcmfmac: clear EAP/association status bits on linkdown events
ath11k: add ieee80211_unregister_hw to avoid kernel crash caused by NULL pointer
rtw88: coex: 8821c: correct antenna switch function
netdevsim: dev: Initialize FIB module after debugfs
iwlwifi: pcie: don't disable interrupts for reg_lock
ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr()
net: ethernet: aquantia: Handle error cleanup of start on open
appletalk: Fix skb allocation size in loopback case
net: ipa: remove two unused register definitions
net: ipa: fix register write command validation
net: wan/lmc: unregister device when no matching device is found
net: 9p: advance iov on empty read
bpf: Remove MTU check in __bpf_skb_max_len
ACPI: tables: x86: Reserve memory occupied by ACPI tables
ACPI: processor: Fix CPU0 wakeup in acpi_idle_play_dead()
ALSA: usb-audio: Apply sample rate quirk to Logitech Connect
ALSA: hda: Re-add dropped snd_poewr_change_state() calls
ALSA: hda: Add missing sanity checks in PM prepare/complete callbacks
ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO
ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook
ALSA: hda/realtek: fix mute/micmute LEDs for HP 640 G8
xtensa: fix uaccess-related livelock in do_page_fault
xtensa: move coprocessor_flush to the .text section
KVM: SVM: load control fields from VMCB12 before checking them
KVM: SVM: ensure that EFER.SVME is set when running nested guest or on nested vmexit
PM: runtime: Fix race getting/putting suppliers at probe
PM: runtime: Fix ordering in pm_runtime_get_suppliers()
tracing: Fix stack trace event size
s390/vdso: copy tod_steering_delta value to vdso_data page
s390/vdso: fix tod_steering_delta type
mm: fix race by making init_zero_pfn() early_initcall
drm/amdkfd: dqm fence memory corruption
drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings()
drm/amdgpu: check alignment on CPU page for bo map
reiserfs: update reiserfs_xattrs_initialized() condition
drm/imx: fix memory leak when fails to init
drm/tegra: dc: Restore coupling of display controllers
drm/tegra: sor: Grab runtime PM reference across reset
vfio/nvlink: Add missing SPAPR_TCE_IOMMU depends
pinctrl: rockchip: fix restore error in resume
extcon: Add stubs for extcon_register_notifier_all() functions
extcon: Fix error handling in extcon_dev_register
firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield
video: hyperv_fb: Fix a double free in hvfb_probe
firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control()
USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem
usb: musb: Fix suspend with devices connected for a64
usb: xhci-mtk: fix broken streams issue on 0.96 xHCI
cdc-acm: fix BREAK rx code path adding necessary calls
USB: cdc-acm: untangle a circular dependency between callback and softint
USB: cdc-acm: downgrade message to debug
USB: cdc-acm: fix double free on probe failure
USB: cdc-acm: fix use-after-free after probe failure
usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference
usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board.
usb: dwc2: Prevent core suspend when port connection flag is 0
usb: dwc3: qcom: skip interconnect init for ACPI probe
usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable
soc: qcom-geni-se: Cleanup the code to remove proxy votes
staging: rtl8192e: Fix incorrect source in memcpy()
staging: rtl8192e: Change state information from u16 to u8
driver core: clear deferred probe reason on probe retry
drivers: video: fbcon: fix NULL dereference in fbcon_cursor()
riscv: evaluate put_user() arg before enabling user access
Revert "kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for freezing"
bpf: Use NOP_ATOMIC5 instead of emit_nops(&prog, 5) for BPF_TRAMP_F_CALL_ORIG
Linux 5.10.28
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ifdbbeda8de3ee22a7aa3f5d3b10becf0aba1a124
Add vendor hook to get signal for vendor-specific tuning.
Bug: 184898838
Signed-off-by: Zhuguangqing <zhuguangqing@xiaomi.com>
Change-Id: I83a28b0a6eb413976f4c57f2314d008ad792fa0d
LLVM changed the expected function signature for
llvm_gcda_emit_function() in the clang-11 release. Users of clang-11 or
newer may have noticed their kernels producing invalid coverage
information:
$ llvm-cov gcov -a -c -u -f -b <input>.gcda -- gcno=<input>.gcno
1 <func>: checksum mismatch, \
(<lineno chksum A>, <cfg chksum B>) != (<lineno chksum A>, <cfg chksum C>)
2 Invalid .gcda File!
...
Fix up the function signatures so calling this function interprets its
parameters correctly and computes the correct cfg checksum. In
particular, in clang-11, the additional checksum is no longer optional.
Link: https://reviews.llvm.org/rG25544ce2df0daa4304c07e64b9c8b0f7df60c11d
Cc: stable@vger.kernel.org #5.4+
Reported-by: Prasad Sodagudi <psodagud@quicinc.com>
Tested-by: Prasad Sodagudi <psodagud@quicinc.com>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
(am from https://lore.kernel.org/lkml/20210407185456.41943-2-ndesaulniers@google.com/)
Bug: 182501993
Change-Id: Icd98cf11a6fca0fc55b1399e5b244dc1c81c71e8
commit d3dc04cd81 upstream.
This reverts commit 15b2219fac.
Before IO threads accepted signals, the freezer using take signals to wake
up an IO thread would cause them to loop without any way to clear the
pending signal. That is no longer the case, so stop special casing
PF_IO_WORKER in the freezer.
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 9deb193af6 upstream.
Commit cbc3b92ce0 fixed an issue to modify the macros of the stack trace
event so that user space could parse it properly. Originally the stack
trace format to user space showed that the called stack was a dynamic
array. But it is not actually a dynamic array, in the way that other
dynamic event arrays worked, and this broke user space parsing for it. The
update was to make the array look to have 8 entries in it. Helper
functions were added to make it parse it correctly, as the stack was
dynamic, but was determined by the size of the event stored.
Although this fixed user space on how it read the event, it changed the
internal structure used for the stack trace event. It changed the array
size from [0] to [8] (added 8 entries). This increased the size of the
stack trace event by 8 words. The size reserved on the ring buffer was the
size of the stack trace event plus the number of stack entries found in
the stack trace. That commit caused the amount to be 8 more than what was
needed because it did not expect the caller field to have any size. This
produced 8 entries of garbage (and reading random data) from the stack
trace event:
<idle>-0 [002] d... 1976396.837549: <stack trace>
=> trace_event_raw_event_sched_switch
=> __traceiter_sched_switch
=> __schedule
=> schedule_idle
=> do_idle
=> cpu_startup_entry
=> secondary_startup_64_no_verify
=> 0xc8c5e150ffff93de
=> 0xffff93de
=> 0
=> 0
=> 0xc8c5e17800000000
=> 0x1f30affff93de
=> 0x00000004
=> 0x200000000
Instead, subtract the size of the caller field from the size of the event
to make sure that only the amount needed to store the stack trace is
reserved.
Link: https://lore.kernel.org/lkml/your-ad-here.call-01617191565-ext-9692@work.hours/
Cc: stable@vger.kernel.org
Fixes: cbc3b92ce0 ("tracing: Set kernel_stack's caller size properly")
Reported-by: Vasily Gorbik <gor@linux.ibm.com>
Tested-by: Vasily Gorbik <gor@linux.ibm.com>
Acked-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 698bacefe9 ]
The intent is to avoid writing init code after init (because the text
might have been freed). The code is needlessly different between
jump_label and static_call and not obviously correct.
The existing code relies on the fact that the module loader clears the
init layout, such that within_module_init() always fails, while
jump_label relies on the module state which is more obvious and
matches the kernel logic.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Sumit Garg <sumit.garg@linaro.org>
Link: https://lkml.kernel.org/r/20210318113610.636651340@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 5de2055d31 ]
The use_ww_ctx flag is passed to mutex_optimistic_spin(), but the
function doesn't use it. The frequent use of the (use_ww_ctx && ww_ctx)
combination is repetitive.
In fact, ww_ctx should not be used at all if !use_ww_ctx. Simplify
ww_mutex code by dropping use_ww_ctx from mutex_optimistic_spin() an
clear ww_ctx if !use_ww_ctx. In this way, we can replace (use_ww_ctx &&
ww_ctx) by just (ww_ctx).
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Davidlohr Bueso <dbueso@suse.de>
Link: https://lore.kernel.org/r/20210316153119.13802-2-longman@redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 15b2219fac ]
Don't send fake signals to PF_IO_WORKER threads, they don't accept
signals. Just treat them like kthreads in this regard, all they need
is a wakeup as no forced kernel/user transition is needed.
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit e21aa34178 ]
The fexit/fmod_ret programs can be attached to kernel functions that can sleep.
The synchronize_rcu_tasks() will not wait for such tasks to complete.
In such case the trampoline image will be freed and when the task
wakes up the return IP will point to freed memory causing the crash.
Solve this by adding percpu_ref_get/put for the duration of trampoline
and separate trampoline vs its image life times.
The "half page" optimization has to be removed, since
first_half->second_half->first_half transition cannot be guaranteed to
complete in deterministic time. Every trampoline update becomes a new image.
The image with fmod_ret or fexit progs will be freed via percpu_ref_kill and
call_rcu_tasks. Together they will wait for the original function and
trampoline asm to complete. The trampoline is patched from nop to jmp to skip
fexit progs. They are freed independently from the trampoline. The image with
fentry progs only will be freed via call_rcu_tasks_trace+call_rcu_tasks which
will wait for both sleepable and non-sleepable progs to complete.
Fixes: fec56f5890 ("bpf: Introduce BPF trampoline")
Reported-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Paul E. McKenney <paulmck@kernel.org> # for RCU
Link: https://lore.kernel.org/bpf/20210316210007.38949-1-alexei.starovoitov@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
android_rvh_replace_next_task_fair() hooks allows vendor modules to
replace the next task selected by the CFS. There are two cases in
how this hook is called.
1. When the previous task is also a CFS task. In this case, the
task_struct (p) and sched_entity (se) arguments passed to this
hook are valid and point to the task selected by the CFS.
2. When the previous task is not a CFS task. In this case, the
arguments passed to this hook are not initialized.
Initialize these arguments to NULL which allows vendor modules
when not to peek into the selected task by CFS.
Bug: 184695001
Change-Id: Ib51dacb607663a2a6434e49198f59b36fb8c9312
Signed-off-by: Pavankumar Kondeti <quic_pkondeti@quicinc.com>
This patch creates a config that can be used to disable the automount of
tracefs in the debugfs filesystem. Since the automount happens everytime
the path /sys/kernel/debug/tracing is accessed, unmounting from
userspace is ineffective against it.
The config is intended to prevent new tracefs clients from depending on
the automounted tracefs instance mounted at /sys/kernel/debug/tracing
instead of the one at /sys/kernel/tracing. Since Android R launching
devices and newer cannot mount debugfs in production builds, the
config is intended to minimize the difference between user and
userdebug builds w.r.t to tracefs and prevent regresssions.
Bug: 184381659
Signed-off-by: Hridya Valsaraju <hridya@google.com>
Change-Id: Ifda6df88081c8ecf23fcaf97790abc97525bca54
Changes in 5.10.27
mm/memcg: rename mem_cgroup_split_huge_fixup to split_page_memcg and add nr_pages argument
mm/memcg: set memcg when splitting page
mt76: fix tx skb error handling in mt76_dma_tx_queue_skb
net: stmmac: fix dma physical address of descriptor when display ring
net: fec: ptp: avoid register access when ipg clock is disabled
powerpc/4xx: Fix build errors from mfdcr()
atm: eni: dont release is never initialized
atm: lanai: dont run lanai_dev_close if not open
Revert "r8152: adjust the settings about MAC clock speed down for RTL8153"
ALSA: hda: ignore invalid NHLT table
ixgbe: Fix memleak in ixgbe_configure_clsu32
scsi: ufs: ufs-qcom: Disable interrupt in reset path
blk-cgroup: Fix the recursive blkg rwstat
net: tehuti: fix error return code in bdx_probe()
net: intel: iavf: fix error return code of iavf_init_get_resources()
sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count
gianfar: fix jumbo packets+napi+rx overrun crash
cifs: ask for more credit on async read/write code paths
gfs2: fix use-after-free in trans_drain
cpufreq: blacklist Arm Vexpress platforms in cpufreq-dt-platdev
gpiolib: acpi: Add missing IRQF_ONESHOT
nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default
NFS: Correct size calculation for create reply length
net: hisilicon: hns: fix error return code of hns_nic_clear_all_rx_fetch()
net: wan: fix error return code of uhdlc_init()
net: davicom: Use platform_get_irq_optional()
net: enetc: set MAC RX FIFO to recommended value
atm: uPD98402: fix incorrect allocation
atm: idt77252: fix null-ptr-dereference
cifs: change noisy error message to FYI
irqchip/ingenic: Add support for the JZ4760
kbuild: add image_name to no-sync-config-targets
kbuild: dummy-tools: fix inverted tests for gcc
umem: fix error return code in mm_pci_probe()
sparc64: Fix opcode filtering in handling of no fault loads
habanalabs: Call put_pid() when releasing control device
staging: rtl8192e: fix kconfig dependency on CRYPTO
u64_stats,lockdep: Fix u64_stats_init() vs lockdep
kselftest: arm64: Fix exit code of sve-ptrace
regulator: qcom-rpmh: Correct the pmic5_hfsmps515 buck
block: Fix REQ_OP_ZONE_RESET_ALL handling
drm/amd/display: Revert dram_clock_change_latency for DCN2.1
drm/amdgpu: fb BO should be ttm_bo_type_device
drm/radeon: fix AGP dependency
nvme: simplify error logic in nvme_validate_ns()
nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request()
nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange()
nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted
nvme-core: check ctrl css before setting up zns
nvme-rdma: Fix a use after free in nvmet_rdma_write_data_done
nvme-pci: add the DISABLE_WRITE_ZEROES quirk for a Samsung PM1725a
nfs: we don't support removing system.nfs4_acl
block: Suppress uevent for hidden device when removed
mm/fork: clear PASID for new mm
ia64: fix ia64_syscall_get_set_arguments() for break-based syscalls
ia64: fix ptrace(PTRACE_SYSCALL_INFO_EXIT) sign
static_call: Pull some static_call declarations to the type headers
static_call: Allow module use without exposing static_call_key
static_call: Fix the module key fixup
static_call: Fix static_call_set_init()
KVM: x86: Protect userspace MSR filter with SRCU, and set atomically-ish
btrfs: fix sleep while in non-sleep context during qgroup removal
selinux: don't log MAC_POLICY_LOAD record on failed policy load
selinux: fix variable scope issue in live sidtab conversion
netsec: restore phy power state after controller reset
platform/x86: intel-vbtn: Stop reporting SW_DOCK events
psample: Fix user API breakage
z3fold: prevent reclaim/free race for headless pages
squashfs: fix inode lookup sanity checks
squashfs: fix xattr id and id lookup sanity checks
hugetlb_cgroup: fix imbalanced css_get and css_put pair for shared mappings
kasan: fix per-page tags for non-page_alloc pages
gcov: fix clang-11+ support
ACPI: video: Add missing callback back for Sony VPCEH3U1E
ACPICA: Always create namespace nodes using acpi_ns_create_node()
arm64: stacktrace: don't trace arch_stack_walk()
arm64: dts: ls1046a: mark crypto engine dma coherent
arm64: dts: ls1012a: mark crypto engine dma coherent
arm64: dts: ls1043a: mark crypto engine dma coherent
ARM: dts: at91: sam9x60: fix mux-mask for PA7 so it can be set to A, B and C
ARM: dts: at91: sam9x60: fix mux-mask to match product's datasheet
ARM: dts: at91-sama5d27_som1: fix phy address to 7
integrity: double check iint_cache was initialized
drm/etnaviv: Use FOLL_FORCE for userptr
drm/amd/pm: workaround for audio noise issue
drm/amdgpu/display: restore AUX_DPHY_TX_CONTROL for DCN2.x
drm/amdgpu: Add additional Sienna Cichlid PCI ID
drm/i915: Fix the GT fence revocation runtime PM logic
dm verity: fix DM_VERITY_OPTS_MAX value
dm ioctl: fix out of bounds array access when no devices
bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD
ARM: OMAP2+: Fix smartreflex init regression after dropping legacy data
soc: ti: omap-prm: Fix occasional abort on reset deassert for dra7 iva
veth: Store queue_mapping independently of XDP prog presence
bpf: Change inode_storage's lookup_elem return value from NULL to -EBADF
libbpf: Fix INSTALL flag order
net/mlx5e: RX, Mind the MPWQE gaps when calculating offsets
net/mlx5e: When changing XDP program without reset, take refs for XSK RQs
net/mlx5e: Don't match on Geneve options in case option masks are all zero
ipv6: fix suspecious RCU usage warning
drop_monitor: Perform cleanup upon probe registration failure
macvlan: macvlan_count_rx() needs to be aware of preemption
net: sched: validate stab values
net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
igc: reinit_locked() should be called with rtnl_lock
igc: Fix Pause Frame Advertising
igc: Fix Supported Pause Frame Link Setting
igc: Fix igc_ptp_rx_pktstamp()
e1000e: add rtnl_lock() to e1000_reset_task
e1000e: Fix error handling in e1000_set_d0_lplu_state_82571
net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template
net: phy: broadcom: Add power down exit reset state delay
ftgmac100: Restart MAC HW once
clk: qcom: gcc-sc7180: Use floor ops for the correct sdcc1 clk
net: ipa: terminate message handler arrays
net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
flow_dissector: fix byteorder of dissected ICMP ID
selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed
netfilter: ctnetlink: fix dump of the expect mask attribute
net: hdlc_x25: Prevent racing between "x25_close" and "x25_xmit"/"x25_rx"
net: phylink: Fix phylink_err() function name error in phylink_major_config
tipc: better validate user input in tipc_nl_retrieve_key()
tcp: relookup sock for RST+ACK packets handled by obsolete req sock
can: isotp: isotp_setsockopt(): only allow to set low level TX flags for CAN-FD
can: isotp: TX-path: ensure that CAN frame flags are initialized
can: peak_usb: add forgotten supported devices
can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate
can: kvaser_pciefd: Always disable bus load reporting
can: c_can_pci: c_can_pci_remove(): fix use-after-free
can: c_can: move runtime PM enable/disable to c_can_platform
can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning
can: m_can: m_can_rx_peripheral(): fix RX being blocked by errors
mac80211: fix rate mask reset
mac80211: Allow HE operation to be longer than expected.
selftests/net: fix warnings on reuseaddr_ports_exhausted
nfp: flower: fix unsupported pre_tunnel flows
nfp: flower: add ipv6 bit to pre_tunnel control message
nfp: flower: fix pre_tun mask id allocation
ftrace: Fix modify_ftrace_direct.
drm/msm/dsi: fix check-before-set in the 7nm dsi_pll code
ionic: linearize tso skb with too many frags
net/sched: cls_flower: fix only mask bit check in the validate_ct_state
netfilter: nftables: report EOPNOTSUPP on unsupported flowtable flags
netfilter: nftables: allow to update flowtable flags
netfilter: flowtable: Make sure GC works periodically in idle system
libbpf: Fix error path in bpf_object__elf_init()
libbpf: Use SOCK_CLOEXEC when opening the netlink socket
ARM: dts: imx6ull: fix ubi filesystem mount failed
ipv6: weaken the v4mapped source check
octeontx2-af: Formatting debugfs entry rsrc_alloc.
octeontx2-af: Modify default KEX profile to extract TX packet fields
octeontx2-af: Remove TOS field from MKEX TX
octeontx2-af: Fix irq free in rvu teardown
octeontx2-pf: Clear RSS enable flag on interace down
octeontx2-af: fix infinite loop in unmapping NPC counter
net: check all name nodes in __dev_alloc_name
net: cdc-phonet: fix data-interface release on probe failure
igb: check timestamp validity
r8152: limit the RX buffer size of RTL8153A for USB 2.0
net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes
selinux: vsock: Set SID for socket returned by accept()
selftests: forwarding: vxlan_bridge_1d: Fix vxlan ecn decapsulate value
libbpf: Fix BTF dump of pointer-to-array-of-struct
bpf: Fix umd memory leak in copy_process()
can: isotp: tx-path: zero initialize outgoing CAN frames
drm/msm: fix shutdown hook in case GPU components failed to bind
drm/msm: Fix suspend/resume on i.MX5
arm64: kdump: update ppos when reading elfcorehdr
PM: runtime: Defer suspending suppliers
net/mlx5: Add back multicast stats for uplink representor
net/mlx5e: Allow to match on MPLS parameters only for MPLS over UDP
net/mlx5e: Offload tuple rewrite for non-CT flows
net/mlx5e: Fix error path for ethtool set-priv-flag
PM: EM: postpone creating the debugfs dir till fs_initcall
net: bridge: don't notify switchdev for local FDB addresses
octeontx2-af: Fix memory leak of object buf
xen/x86: make XEN_BALLOON_MEMORY_HOTPLUG_LIMIT depend on MEMORY_HOTPLUG
RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server
bpf: Don't do bpf_cgroup_storage_set() for kuprobe/tp programs
net: Consolidate common blackhole dst ops
net, bpf: Fix ip6ip6 crash with collect_md populated skbs
igb: avoid premature Rx buffer reuse
net: axienet: Properly handle PCS/PMA PHY for 1000BaseX mode
net: axienet: Fix probe error cleanup
net: phy: introduce phydev->port
net: phy: broadcom: Avoid forward for bcm54xx_config_clock_delay()
net: phy: broadcom: Set proper 1000BaseX/SGMII interface mode for BCM54616S
net: phy: broadcom: Fix RGMII delays for BCM50160 and BCM50610M
Revert "netfilter: x_tables: Switch synchronization to RCU"
netfilter: x_tables: Use correct memory barriers.
dm table: Fix zoned model check and zone sectors check
mm/mmu_notifiers: ensure range_end() is paired with range_start()
Revert "netfilter: x_tables: Update remaining dereference to RCU"
ACPI: scan: Rearrange memory allocation in acpi_device_add()
ACPI: scan: Use unique number for instance_no
perf auxtrace: Fix auxtrace queue conflict
perf synthetic events: Avoid write of uninitialized memory when generating PERF_RECORD_MMAP* records
io_uring: fix provide_buffers sign extension
block: recalculate segment count for multi-segment discards correctly
scsi: Revert "qla2xxx: Make sure that aborted commands are freed"
scsi: qedi: Fix error return code of qedi_alloc_global_queues()
scsi: mpt3sas: Fix error return code of mpt3sas_base_attach()
smb3: fix cached file size problems in duplicate extents (reflink)
cifs: Adjust key sizes and key generation routines for AES256 encryption
locking/mutex: Fix non debug version of mutex_lock_io_nested()
x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc()
mm/memcg: fix 5.10 backport of splitting page memcg
fs/cachefiles: Remove wait_bit_key layout dependency
ch_ktls: fix enum-conversion warning
can: dev: Move device back to init netns on owning netns delete
r8169: fix DMA being used after buffer free if WoL is enabled
net: dsa: b53: VLAN filtering is global to all users
mac80211: fix double free in ibss_leave
ext4: add reclaim checks to xattr code
fs/ext4: fix integer overflow in s_log_groups_per_flex
Revert "xen: fix p2m size in dom0 for disabled memory hotplug case"
Revert "net: bonding: fix error return code of bond_neigh_init()"
nvme: fix the nsid value to print in nvme_validate_or_alloc_ns
can: peak_usb: Revert "can: peak_usb: add forgotten supported devices"
xen-blkback: don't leak persistent grants from xen_blkbk_map()
Linux 5.10.27
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7eafe976fd6bf33db6db4adb8ebf2ff087294a23
A vendor hook is added in post_init_entity_util_avg before
a new cfs task's util is attached to cfs_rq's util so that
vendors can gather and modify se's information to modify
scheduling behavior and DVFS as they want.
trace_android_rvh_new_task_stats is not a proper hook because
it is called after the task's util is attached to cfs_rq's util,
which means updating cfs_rq's sched_avg and DVFS request are done.
Bug: 184219858
Signed-off-by: Choonghoon Park <choong.park@samsung.com>
Change-Id: I2deaa93297f8464895978496c9838cdffaa35b7f
Allow up to two attachments to restricted vendor hooks to enable OEM
and vendor coexistence.
Priorities are not exposed to callers on purpose. Life's too short to
re-order the callback array with concurrent readers.
Bug: 183720636
Signed-off-by: Quentin Perret <qperret@google.com>
Change-Id: I5c7aca7f69e581b4197388478d47e0da6d2893e6
[ Upstream commit fb9d62b27a ]
The debugfs directory '/sys/kernel/debug/energy_model' is needed before
the Energy Model registration can happen. With the recent change in
debugfs subsystem it's not allowed to create this directory at early
stage (core_initcall). Thus creating this directory would fail.
Postpone the creation of the EM debug dir to later stage: fs_initcall.
It should be safe since all clients: CPUFreq drivers, Devfreq drivers
will be initialized in later stages.
The custom debug log below prints the time of creation the EM debug dir
at fs_initcall and successful registration of EMs at later stages.
[ 1.505717] energy_model: creating rootdir
[ 3.698307] cpu cpu0: EM: created perf domain
[ 3.709022] cpu cpu1: EM: created perf domain
Fixes: 56348560d4 ("debugfs: do not attempt to create a new file before the filesystem is initalized")
Reported-by: Ionela Voinescu <ionela.voinescu@arm.com>
Signed-off-by: Lukasz Luba <lukasz.luba@arm.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 8a141dd7f7 ]
The following sequence of commands:
register_ftrace_direct(ip, addr1);
modify_ftrace_direct(ip, addr1, addr2);
unregister_ftrace_direct(ip, addr2);
will cause the kernel to warn:
[ 30.179191] WARNING: CPU: 2 PID: 1961 at kernel/trace/ftrace.c:5223 unregister_ftrace_direct+0x130/0x150
[ 30.180556] CPU: 2 PID: 1961 Comm: test_progs W O 5.12.0-rc2-00378-g86bc10a0a711-dirty #3246
[ 30.182453] RIP: 0010:unregister_ftrace_direct+0x130/0x150
When modify_ftrace_direct() changes the addr from old to new it should update
the addr stored in ftrace_direct_funcs. Otherwise the final
unregister_ftrace_direct() won't find the address and will cause the splat.
Fixes: 0567d68091 ("ftrace: Add modify_ftrace_direct()")
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Link: https://lore.kernel.org/bpf/20210316195815.34714-1-alexei.starovoitov@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 769c18b254 ]
bpf_fd_inode_storage_lookup_elem() returned NULL when getting a bad FD,
which caused -ENOENT in bpf_map_copy_value. -EBADF error is better than
-ENOENT for a bad FD behaviour.
The patch was partially contributed by CyberArk Software, Inc.
Fixes: 8ea636848a ("bpf: Implement bpf_local_storage for inodes")
Signed-off-by: Tal Lossos <tallossos@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Acked-by: KP Singh <kpsingh@kernel.org>
Link: https://lore.kernel.org/bpf/20210307120948.61414-1-tallossos@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 60bcf728ee upstream.
LLVM changed the expected function signatures for llvm_gcda_start_file()
and llvm_gcda_emit_function() in the clang-11 release. Users of
clang-11 or newer may have noticed their kernels failing to boot due to
a panic when enabling CONFIG_GCOV_KERNEL=y +CONFIG_GCOV_PROFILE_ALL=y.
Fix up the function signatures so calling these functions doesn't panic
the kernel.
Link: https://reviews.llvm.org/rGcdd683b516d147925212724b09ec6fb792a40041
Link: https://reviews.llvm.org/rG13a633b438b6500ecad9e4f936ebadf3411d0f44
Link: https://lkml.kernel.org/r/20210312224132.3413602-2-ndesaulniers@google.com
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Reported-by: Prasad Sodagudi <psodagud@quicinc.com>
Suggested-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Fangrui Song <maskray@google.com>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Cc: <stable@vger.kernel.org> [5.4+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 68b1eddd42 ]
It turns out that static_call_set_init() does not preserve the other
flags; IOW. it clears TAIL if it was set.
Fixes: 9183c3f9ed ("static_call: Add inline static call infrastructure")
Reported-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Sumit Garg <sumit.garg@linaro.org>
Link: https://lkml.kernel.org/r/20210318113610.519406371@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 50bf8080a9 ]
Provided the target address of a R_X86_64_PC32 relocation is aligned,
the low two bits should be invariant between the relative and absolute
value.
Turns out the address is not aligned and things go sideways, ensure we
transfer the bits in the absolute form when fixing up the key address.
Fixes: 73f44fe19d ("static_call: Allow module use without exposing static_call_key")
Reported-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Tested-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Link: https://lkml.kernel.org/r/20210225220351.GE4746@worktop.programming.kicks-ass.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 73f44fe19d ]
When exporting static_call_key; with EXPORT_STATIC_CALL*(), the module
can use static_call_update() to change the function called. This is
not desirable in general.
Not exporting static_call_key however also disallows usage of
static_call(), since objtool needs the key to construct the
static_call_site.
Solve this by allowing objtool to create the static_call_site using
the trampoline address when it builds a module and cannot find the
static_call_key symbol. The module loader will then try and map the
trampole back to a key before it constructs the normal sites list.
Doing this requires a trampoline -> key associsation, so add another
magic section that keeps those.
Originally-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lkml.kernel.org/r/20210127231837.ifddpn7rhwdaepiu@treble
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 82e69a121b ]
When a new mm is created, its PASID should be cleared, i.e. the PASID is
initialized to its init state 0 on both ARM and X86.
This patch was part of the series introducing mm->pasid, but got lost
along the way [1]. It still makes sense to have it, because each address
space has a different PASID. And the IOMMU code in
iommu_sva_alloc_pasid() expects the pasid field of a new mm struct to be
cleared.
[1] https://lore.kernel.org/linux-iommu/YDgh53AcQHT+T3L0@otcwcpicx3.sc.intel.com/
Link: https://lkml.kernel.org/r/20210302103837.2562625-1-jean-philippe@linaro.org
Signed-off-by: Fenghua Yu <fenghua.yu@intel.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Cc: Jacob Pan <jacob.jun.pan@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Updates the branch to the 5.10.26 upstream kernel version.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I84aa29bf4e4e809051eb346830c4c4b5acb78c8c
Changes in 5.10.26
ASoC: ak4458: Add MODULE_DEVICE_TABLE
ASoC: ak5558: Add MODULE_DEVICE_TABLE
spi: cadence: set cqspi to the driver_data field of struct device
ALSA: dice: fix null pointer dereference when node is disconnected
ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro
ALSA: hda: generic: Fix the micmute led init state
ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air
ALSA: hda/realtek: fix mute/micmute LEDs for HP 840 G8
ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8
ALSA: hda/realtek: fix mute/micmute LEDs for HP 850 G8
Revert "PM: runtime: Update device status before letting suppliers suspend"
s390/vtime: fix increased steal time accounting
s390/pci: refactor zpci_create_device()
s390/pci: remove superfluous zdev->zbus check
s390/pci: fix leak of PCI device structure
zonefs: Fix O_APPEND async write handling
zonefs: prevent use of seq files as swap file
zonefs: fix to update .i_wr_refcnt correctly in zonefs_open_zone()
btrfs: fix race when cloning extent buffer during rewind of an old root
btrfs: fix slab cache flags for free space tree bitmap
vhost-vdpa: fix use-after-free of v->config_ctx
vhost-vdpa: set v->config_ctx to NULL if eventfd_ctx_fdget() fails
drm/amd/display: Correct algorithm for reversed gamma
ASoC: fsl_ssi: Fix TDM slot setup for I2S mode
ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold
ASoC: SOF: Intel: unregister DMIC device on probe error
ASoC: SOF: intel: fix wrong poll bits in dsp power down
ASoC: qcom: sdm845: Fix array out of bounds access
ASoC: qcom: sdm845: Fix array out of range on rx slim channels
ASoC: codecs: wcd934x: add a sanity check in set channel map
ASoC: qcom: lpass-cpu: Fix lpass dai ids parse
ASoC: simple-card-utils: Do not handle device clock
afs: Fix accessing YFS xattrs on a non-YFS server
afs: Stop listxattr() from listing "afs.*" attributes
ALSA: usb-audio: Fix unintentional sign extension issue
nvme: fix Write Zeroes limitations
nvme-tcp: fix misuse of __smp_processor_id with preemption enabled
nvme-tcp: fix possible hang when failing to set io queues
nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU
nvmet: don't check iosqes,iocqes for discovery controllers
nfsd: Don't keep looking up unhashed files in the nfsd file cache
nfsd: don't abort copies early
NFSD: Repair misuse of sv_lock in 5.10.16-rt30.
NFSD: fix dest to src mount in inter-server COPY
svcrdma: disable timeouts on rdma backchannel
vfio: IOMMU_API should be selected
vhost_vdpa: fix the missing irq_bypass_unregister_producer() invocation
sunrpc: fix refcount leak for rpc auth modules
i915/perf: Start hrtimer only if sampling the OA buffer
pstore: Fix warning in pstore_kill_sb()
io_uring: ensure that SQPOLL thread is started for exit
net/qrtr: fix __netdev_alloc_skb call
kbuild: Fix <linux/version.h> for empty SUBLEVEL or PATCHLEVEL again
cifs: fix allocation size on newly created files
riscv: Correct SPARSEMEM configuration
scsi: lpfc: Fix some error codes in debugfs
scsi: myrs: Fix a double free in myrs_cleanup()
scsi: ufs: ufs-mediatek: Correct operator & -> &&
RISC-V: correct enum sbi_ext_rfence_fid
counter: stm32-timer-cnt: Report count function when SLAVE_MODE_DISABLED
gpiolib: Assign fwnode to parent's if no primary one provided
nvme-rdma: fix possible hang when failing to set io queues
ibmvnic: add some debugs
ibmvnic: serialize access to work queue on remove
tty: serial: stm32-usart: Remove set but unused 'cookie' variables
serial: stm32: fix DMA initialization error handling
bpf: Declare __bpf_free_used_maps() unconditionally
RDMA/rtrs: Remove unnecessary argument dir of rtrs_iu_free
RDMA/rtrs-srv: Jump to dereg_mr label if allocate iu fails
RDMA/rtrs: Introduce rtrs_post_send
RDMA/rtrs: Fix KASAN: stack-out-of-bounds bug
module: merge repetitive strings in module_sig_check()
module: avoid *goto*s in module_sig_check()
module: harden ELF info handling
scsi: pm80xx: Make mpi_build_cmd locking consistent
scsi: pm80xx: Make running_req atomic
scsi: pm80xx: Fix pm8001_mpi_get_nvmd_resp() race condition
scsi: pm8001: Neaten debug logging macros and uses
scsi: libsas: Remove notifier indirection
scsi: libsas: Introduce a _gfp() variant of event notifiers
scsi: mvsas: Pass gfp_t flags to libsas event notifiers
scsi: isci: Pass gfp_t flags in isci_port_link_down()
scsi: isci: Pass gfp_t flags in isci_port_link_up()
scsi: isci: Pass gfp_t flags in isci_port_bc_change_received()
RDMA/mlx5: Allow creating all QPs even when non RDMA profile is used
powerpc/sstep: Fix load-store and update emulation
powerpc/sstep: Fix darn emulation
i40e: Fix endianness conversions
net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8081
MIPS: compressed: fix build with enabled UBSAN
drm/amd/display: turn DPMS off on connector unplug
iwlwifi: Add a new card for MA family
io_uring: fix inconsistent lock state
media: cedrus: h264: Support profile controls
ibmvnic: remove excessive irqsave
s390/qeth: schedule TX NAPI on QAOB completion
drm/amd/pm: fulfill the Polaris implementation for get_clock_by_type_with_latency()
io_uring: don't attempt IO reissue from the ring exit path
io_uring: clear IOCB_WAITQ for non -EIOCBQUEUED return
net: bonding: fix error return code of bond_neigh_init()
regulator: pca9450: Add SD_VSEL GPIO for LDO5
regulator: pca9450: Enable system reset on WDOG_B assertion
regulator: pca9450: Clear PRESET_EN bit to fix BUCK1/2/3 voltage setting
gfs2: Add common helper for holding and releasing the freeze glock
gfs2: move freeze glock outside the make_fs_rw and _ro functions
gfs2: bypass signal_our_withdraw if no journal
powerpc: Force inlining of cpu_has_feature() to avoid build failure
usb-storage: Add quirk to defeat Kindle's automatic unload
usbip: Fix incorrect double assignment to udc->ud.tcp_rx
usb: gadget: configfs: Fix KASAN use-after-free
usb: typec: Remove vdo[3] part of tps6598x_rx_identity_reg struct
usb: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy-
usb: dwc3: gadget: Allow runtime suspend if UDC unbinded
usb: dwc3: gadget: Prevent EP queuing while stopping transfers
thunderbolt: Initialize HopID IDAs in tb_switch_alloc()
thunderbolt: Increase runtime PM reference count on DP tunnel discovery
iio:adc:stm32-adc: Add HAS_IOMEM dependency
iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel
iio: adis16400: Fix an error code in adis16400_initial_setup()
iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler
iio: adc: ab8500-gpadc: Fix off by 10 to 3
iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask
iio: adc: adi-axi-adc: add proper Kconfig dependencies
iio: hid-sensor-humidity: Fix alignment issue of timestamp channel
iio: hid-sensor-prox: Fix scale not correct issue
iio: hid-sensor-temperature: Fix issues of timestamp channel
counter: stm32-timer-cnt: fix ceiling write max value
counter: stm32-timer-cnt: fix ceiling miss-alignment with reload register
PCI: rpadlpar: Fix potential drc_name corruption in store functions
perf/x86/intel: Fix a crash caused by zero PEBS status
perf/x86/intel: Fix unchecked MSR access error caused by VLBR_EVENT
x86/ioapic: Ignore IRQ2 again
kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data()
x86: Move TS_COMPAT back to asm/thread_info.h
x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall()
efivars: respect EFI_UNSUPPORTED return from firmware
ext4: fix error handling in ext4_end_enable_verity()
ext4: find old entry again if failed to rename whiteout
ext4: stop inode update before return
ext4: do not try to set xattr into ea_inode if value is empty
ext4: fix potential error in ext4_do_update_inode
ext4: fix rename whiteout with fast commit
MAINTAINERS: move some real subsystems off of the staging mailing list
MAINTAINERS: move the staging subsystem to lists.linux.dev
static_call: Fix static_call_update() sanity check
efi: use 32-bit alignment for efi_guid_t literals
firmware/efi: Fix a use after bug in efi_mem_reserve_persistent
genirq: Disable interrupts for force threaded handlers
x86/apic/of: Fix CPU devicetree-node lookups
cifs: Fix preauth hash corruption
Linux 5.10.26
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I6f6bdd1dc46dc744c848e778f9edd0be558b46ac
commit 81e2073c17 upstream.
With interrupt force threading all device interrupt handlers are invoked
from kernel threads. Contrary to hard interrupt context the invocation only
disables bottom halfs, but not interrupts. This was an oversight back then
because any code like this will have an issue:
thread(irq_A)
irq_handler(A)
spin_lock(&foo->lock);
interrupt(irq_B)
irq_handler(B)
spin_lock(&foo->lock);
This has been triggered with networking (NAPI vs. hrtimers) and console
drivers where printk() happens from an interrupt which interrupted the
force threaded handler.
Now people noticed and started to change the spin_lock() in the handler to
spin_lock_irqsave() which affects performance or add IRQF_NOTHREAD to the
interrupt request which in turn breaks RT.
Fix the root cause and not the symptom and disable interrupts before
invoking the force threaded handler which preserves the regular semantics
and the usefulness of the interrupt force threading as a general debugging
tool.
For not RT this is not changing much, except that during the execution of
the threaded handler interrupts are delayed until the handler
returns. Vs. scheduling and softirq processing there is no difference.
For RT kernels there is no issue.
Fixes: 8d32a307e4 ("genirq: Provide forced interrupt threading")
Reported-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Johan Hovold <johan@kernel.org>
Acked-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Link: https://lore.kernel.org/r/20210317143859.513307808@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 38c9358737 upstream.
Sites that match init_section_contains() get marked as INIT. For
built-in code init_sections contains both __init and __exit text. OTOH
kernel_text_address() only explicitly includes __init text (and there
are no __exit text markers).
Match what jump_label already does and ignore the warning for INIT
sites. Also see the excellent changelog for commit: 8f35eaa5f2
("jump_label: Don't warn on __exit jump entries")
Fixes: 9183c3f9ed ("static_call: Add inline static call infrastructure")
Reported-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Sumit Garg <sumit.garg@linaro.org>
Link: https://lkml.kernel.org/r/20210318113610.739542434@infradead.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5abbe51a52 upstream.
Preparation for fixing get_nr_restart_syscall() on X86 for COMPAT.
Add a new helper which sets restart_block->fn and calls a dummy
arch_set_restart_data() helper.
Fixes: 609c19a385 ("x86/ptrace: Stop setting TS_COMPAT in ptrace code")
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210201174641.GA17871@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit ec2a29593c ]
5fdc7db644 ("module: setup load info before module_sig_check()")
moved the ELF setup, so that it was done before the signature
check. This made the module name available to signature error
messages.
However, the checks for ELF correctness in setup_load_info
are not sufficient to prevent bad memory references due to
corrupted offset fields, indices, etc.
So, there's a regression in behavior here: a corrupt and unsigned
(or badly signed) module, which might previously have been rejected
immediately, can now cause an oops/crash.
Harden ELF handling for module loading by doing the following:
- Move the signature check back up so that it comes before ELF
initialization. It's best to do the signature check to see
if we can trust the module, before using the ELF structures
inside it. This also makes checks against info->len
more accurate again, as this field will be reduced by the
length of the signature in mod_check_sig().
The module name is now once again not available for error
messages during the signature check, but that seems like
a fair tradeoff.
- Check if sections have offset / size fields that at least don't
exceed the length of the module.
- Check if sections have section name offsets that don't fall
outside the section name table.
- Add a few other sanity checks against invalid section indices,
etc.
This is not an exhaustive consistency check, but the idea is to
at least get through the signature and blacklist checks without
crashing because of corrupted ELF info, and to error out gracefully
for most issues that would have caused problems later on.
Fixes: 5fdc7db644 ("module: setup load info before module_sig_check()")
Signed-off-by: Frank van der Linden <fllinden@amazon.com>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 10ccd1abb8 ]
Let's move the common handling of the non-fatal errors after the *switch*
statement -- this avoids *goto*s inside that *switch*...
Suggested-by: Joe Perches <joe@perches.com>
Reviewed-by: Miroslav Benes <mbenes@suse.cz>
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 705e919518 ]
The 'reason' variable in module_sig_check() points to 3 strings across
the *switch* statement, all needlessly starting with the same text.
Let's put the starting text into the pr_notice() call -- it saves 21
bytes of the object code (x86 gcc 10.2.1).
Suggested-by: Joe Perches <joe@perches.com>
Reviewed-by: Miroslav Benes <mbenes@suse.cz>
Signed-off-by: Sergey Shtylyov <s.shtylyov@omprussia.ru>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Vendors want to get en/dequeueing information and update
some vendor-managed data to modifiy DVFS or scheduling behavior.
But in the current hooking positions, vendors get the information
after all behaviors they want to modify are done.
So need to move the hooks before en/dequeue callbacks
to achieve the "true" goals.
Bug: 183543978
Signed-off-by: Choonghoon Park <choong.park@samsung.com>
Change-Id: I12f8e77054d12a855df10ca9d13a52d417343666
Why record task_work_add() call stack? Syzbot reports many use-after-free
issues for task_work, see [1]. After seeing the free stack and the
current auxiliary stack, we think they are useless, we don't know where
the work was registered. This work may be the free call stack, so we miss
the root cause and don't solve the use-after-free.
Add the task_work_add() call stack into the KASAN auxiliary stack in order
to improve KASAN reports. It helps programmers solve use-after-free
issues.
[1]: https://groups.google.com/g/syzkaller-bugs/search?q=kasan%20use-after-free%20task_work_run
Link: https://lkml.kernel.org/r/20210316024410.19967-1-walter-zh.wu@mediatek.com
Signed-off-by: Walter Wu <walter-zh.wu@mediatek.com>
Suggested-by: Dmitry Vyukov <dvyukov@google.com>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Andrey Konovalov <andreyknvl@google.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Matthias Brugger <matthias.bgg@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
(cherry picked from commit 357e2e021b3a5c473b43a5a4d752139564bf27b8
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git akpm)
Bug: 182930667
Signed-off-by: Alexander Potapenko <glider@google.com>
Change-Id: I38b2e1856ba9605bcdf0fb4fd4a7031596c8fe4a
Page poisoning used to be incompatible with hibernation, as the state of
poisoned pages was lost after resume, thus enabling CONFIG_HIBERNATION
forces CONFIG_PAGE_POISONING_NO_SANITY. For the same reason, the
poisoning with zeroes variant CONFIG_PAGE_POISONING_ZERO used to disable
hibernation. The latter restriction was removed by commit 1ad1410f63
("PM / Hibernate: allow hibernation with PAGE_POISONING_ZERO") and
similarly for init_on_free by commit 18451f9f9e ("PM: hibernate: fix
crashes with init_on_free=1") by making sure free pages are cleared after
resume.
We can use the same mechanism to instead poison free pages with
PAGE_POISON after resume. This covers both zero and 0xAA patterns. Thus
we can remove the Kconfig restriction that disables page poison sanity
checking when hibernation is enabled.
Link: https://lkml.kernel.org/r/20201113104033.22907-4-vbabka@suse.cz
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> [hibernation]
Reviewed-by: David Hildenbrand <david@redhat.com>
Cc: Mike Rapoport <rppt@linux.ibm.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Laura Abbott <labbott@kernel.org>
Cc: Mateusz Nosek <mateusznosek0@gmail.com>
Cc: Michal Hocko <mhocko@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit 03b6c9a3e8https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git akpm)
Bug: 182930667
Signed-off-by: Alexander Potapenko <glider@google.com>
Change-Id: Ieea49ebb4d3eeddd18eb2040f13b8121978facca
Exporting the symbol freezer_cgrp_subsys, in that vendor module can
add can_attach & cancel_attach member function. It is vendor-specific
tuning.
Bug: 182496370
Signed-off-by: Zhuguangqing <zhuguangqing@xiaomi.com>
Change-Id: I153682b9d1015eed3f048b45ea6495ebb8f3c261
Try to mitigate potential future driver core api changes by adding
padding to a number of core internal scheduler structures.
Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0ef2f8dd5f3259dcf443c5045aa1e8505ed78a76
Add a hook in account_process_tick, which help us to get information
about the high load task and the cpu they running on.
Bug: 183260319
Change-Id: I54162ce3c65bd69e08d2d4747e4d4883efe4c442
Signed-off-by: Liujie Xie <xieliujie@oppo.com>
When android_rvh_select_task_rq_fair is enabled,
the woken-up new fair task's utilization is always updated in
a wakeup path (wake_up_new_task) although it doesn't have to be.
It is because sync_entity_load_avg() is always called in
select_task_rq_fair() with the hook enabled.
Let's see what happened:
The new task's sched_avg->last_update_time should be 0
unless it is updated in attach_entity_cfs_rq() in the wakeup path.
But because sync_entity_load_avg() is called,
sched_avg->last_update_time is updated with cfs_rq->avg.last_update_time
before attach_entity_cfs_rq() is called.
After updated, post_init_entity_util_avg() is called and the half of
spare capacity of rq which the task is assigned to is set to the task's
utilization.
Finally, update_load_avg() is called and check the task's
sched_avg->last_update_time, and update the task's utilization due to
non-zero last_update_time.
- wake_up_new_task()
- select_task_rq() <-- task's sched_avg->last_update_time is set
if android_rvh_select_task_rq_fair is enabled.
- post_init_entity_util_avg() <-- task gets the half of spare cap.
- attach_entity_cfs_rq()
- update_load_avg <-- update task's utiliztion because
task's sched_avg->last_update_time is not 0.
Make sure not to call sync_entity_load_avg() in select_task_rq_fair()
when SD_BALANCE_FORK is also set with the hook.
Bug: 183306209
Signed-off-by: Choonghoon Park <choong.park@samsung.com>
Change-Id: I1fd70bf3d8e5fe1548f2237afd2d3d81134a68ee
Sync up with the android12-5.10 branch for the following commit:
c4bd1c03ba ANDROID: qcom: Add is_dma_buf_file to ABI
268088c42e ANDROID: GKI: update .xml file
a7f3a36529 ANDROID: GKI: enable KFENCE by setting the sample interval to 500ms
9d1c78d623 ANDROID: abi_gki_aarch64_qcom: Add xhci symbols to list
5896d00f9c ANDROID: vmlinux.lds.h: Define SANITIZER_DISCARDS with CONFIG_CFI_CLANG
ffacd097fc ANDROID: usb: typec: tcpci: Add vendor hook to mask vbus present
1a93d556d7 ANDROID: usb: typce: tcpci: Add vendor hook for chip specific features
08879ea0d6 ANDROID: usb: typec: tcpci: Add vendor hooks for tcpci interface
892e618852 FROMGIT: f2fs: add sysfs nodes to get runtime compression stat
58f0e25d0d ANDROID: dma-buf: Fix error path on system heaps use of the page pool
958c19b19b ANDROID: usb: typec: tcpm: Fix event storm caused by error in backport
0b6fadd02e ANDROID: GKI: USB: XHCI: add Android ABI padding to lots of xhci structures
6f00446c76 FROMGIT: KVM: arm64: Fix host's ZCR_EL2 restore on nVHE
b0671cd753 FROMGIT: KVM: arm64: Force SCTLR_EL2.WXN when running nVHE
8f25c7432f FROMGIT: KVM: arm64: Turn SCTLR_ELx_FLAGS into INIT_SCTLR_EL2_MMU_ON
f47a4d91e5 FROMGIT: KVM: arm64: Use INIT_SCTLR_EL2_MMU_OFF to disable the MMU on KVM teardown
3ff7250562 FROMGIT: arm64: Use INIT_SCTLR_EL1_MMU_OFF to disable the MMU on CPU restart
a8a9fadaf8 FROMGIT: KVM: arm64: Enable SVE support for nVHE
b0e15c8c44 FROMGIT: KVM: arm64: Save/restore SVE state for nVHE
194fd166b5 BACKPORT: FROMGIT: KVM: arm64: Trap host SVE accesses when the FPSIMD state is dirty
507e10616c FROMGIT: KVM: arm64: Save guest's ZCR_EL1 before saving the FPSIMD state
4cb78b26ea FROMGIT: KVM: arm64: Map SVE context at EL2 when available
1105b4d1ce BACKPORT: FROMGIT: KVM: arm64: Rework SVE host-save/guest-restore
57171b3636 FROMGIT: arm64: sve: Provide a conditional update accessor for ZCR_ELx
ac5f5708bb FROMGIT: KVM: arm64: Introduce vcpu_sve_vq() helper
f9bab75599 FROMGIT: KVM: arm64: Let vcpu_sve_pffr() handle HYP VAs
c2469fa4b4 FROMGIT: KVM: arm64: Use {read,write}_sysreg_el1 to access ZCR_EL1
f5e060d65e FROMGIT: KVM: arm64: Provide KVM's own save/restore SVE primitives
af855ca1c9 ANDROID: GKI: USB: Gadget: add Android ABI padding to struct usb_gadget
24149445ad ANDROID: vendor_hooks: Add hooks for memory when debug
00185a421a ANDROID: vendor_hooks: Add hooks for ufs scheduler
b8981993c2 ANDROID: GKI: sound/usb/card.h: add Android ABI padding to struct snd_usb_endpoint
5a56f5119e ANDROID: GKI: user_namespace.h: add Android ABI padding to a structure
599e75fcfd ANDROID: GKI: timer.h: add Android ABI padding to a structure
303a28f485 ANDROID: GKI: quota.h: add Android ABI padding to some structures
a06d91262a ANDROID: GKI: mmu_notifier.h: add Android ABI padding to some structures
8faaa07702 ANDROID: GKI: mm.h: add Android ABI padding to a structure
f21777c57f ANDROID: GKI: kobject.h: add Android ABI padding to some structures
31f6b7a1ae ANDROID: GKI: kernfs.h: add Android ABI padding to some structures
1a517d8668 ANDROID: GKI: irqdomain.h: add Android ABI padding to a structure
c6adf0c7b9 ANDROID: GKI: ioport.h: add Android ABI padding to a structure
c469de24a1 ANDROID: GKI: iomap.h: add Android ABI padding to a structure
3cb5c28964 ANDROID: GKI: hrtimer.h: add Android ABI padding to a structure
eff6517b1e ANDROID: GKI: genhd.h: add Android ABI padding to some structures
9a92773dc8 ANDROID: GKI: ethtool.h: add Android ABI padding to a structure
774168de67 ANDROID: GKI: dma-mapping.h: add Android ABI padding to a structure
73ff58b01f ANDROID: GKI: networking: add Android ABI padding to a lot of networking structures
f0688df6b5 ANDROID: GKI: blk_types.h: add Android ABI padding to a structure
4a895f1f2b ANDROID: GKI: scsi.h: add Android ABI padding to a structure
48691266ca ANDROID: GKI: pci: add Android ABI padding to some structures
4c95a92b84 ANDROID: GKI: add Android ABI padding to struct nf_conn
e6f5502bc3 UPSTREAM: usb: typec: tcpm: Skip sink_cap query only when VDM sm is busy
36547f2f6d FROMGIT: usb: typec: tcpm: PD3.0 sinks can send Discover Identity even in device mode
3f7ada406d UPSTREAM: usb: gadget: configfs: Fix KASAN use-after-free
9bd96584f4 UPSTREAM: usb: typec: Remove vdo[3] part of tps6598x_rx_identity_reg struct
f2e7bdcdfa UPSTREAM: usb: dwc3: gadget: Prevent EP queuing while stopping transfers
462c92e8f2 FROMGIT: usb: typec: tcpci: Added few missing TCPCI register definitions
6f85b7e0f8 UPSTREAM: usb: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy-
8cf94785bb Revert "ANDROID: GKI: Enable bounds sanitizer"
0eecc2aa30 ANDROID: GKI: temporarily disable LTO/CFI
3520187422 ANDROID: Revert "f2fs: fix to tag FIEMAP_EXTENT_MERGED in f2fs_fiemap()"
16982b6a18 FROMLIST: KVM: arm64: Disable FWB in host stage-2
3a16a9e7be FROMLIST: KVM: arm64: Introduce KVM_PGTABLE_S2_NOFWB Stage-2 flag
bcdcab0253 FROMLIST: KVM: arm64: Protect the .hyp sections from the host
317d5a5030 FROMLIST: KVM: arm64: Disable PMU support in protected mode
6697310c08 FROMLIST: KVM: arm64: Page-align the .hyp sections
68bd98a28a FROMLIST: KVM: arm64: Wrap the host with a stage 2
5a128f0626 FROMLIST: KVM: arm64: Provide sanitized mmfr* registers at EL2
0af83133e3 FROMLIST: KVM: arm64: Add kvm_pgtable_stage2_find_range()
c3f49047ca FROMLIST: KVM: arm64: Refactor the *_map_set_prot_attr() helpers
9349978462 FROMLIST: KVM: arm64: Use page-table to track page ownership
845457f549 FROMLIST: KVM: arm64: Always zero invalid PTEs
1d349d64ba FROMLIST: KVM: arm64: Sort the hypervisor memblocks
1e798d4121 FROMLIST: KVM: arm64: Reserve memory for host stage 2
6fddc52e50 FROMLIST: KVM: arm64: Make memcache anonymous in pgtable allocator
a20c8e1c48 FROMLIST: KVM: arm64: Refactor __populate_fault_info()
21a1f89953 FROMLIST: KVM: arm64: Refactor __load_guest_stage2()
1a9bba9121 FROMLIST: KVM: arm64: Refactor kvm_arm_setup_stage2()
6d3f5c07aa FROMLIST: KVM: arm64: Set host stage 2 using kvm_nvhe_init_params
eef107d42a FROMLIST: KVM: arm64: Use kvm_arch in kvm_s2_mmu
1a76f891e1 FROMLIST: KVM: arm64: Use kvm_arch for stage 2 pgtable
d8eb170aa9 FROMLIST: KVM: arm64: Elevate hypervisor mappings creation at EL2
ae1ed8a984 FROMLIST: KVM: arm64: Prepare the creation of s1 mappings at EL2
364f0639db FROMLIST: arm64: asm: Provide set_sctlr_el2 macro
ca52b29511 FROMLIST: KVM: arm64: Factor out vector address calculation
a1180dd384 FROMLIST: KVM: arm64: Provide __flush_dcache_area at EL2
37b5552dfb FROMLIST: KVM: arm64: Enable access to sanitized CPU features at EL2
75fba96057 FROMLIST: KVM: arm64: Introduce a Hyp buddy page allocator
f6e834486a FROMLIST: KVM: arm64: Stub CONFIG_DEBUG_LIST at Hyp
01253f8e2c FROMLIST: KVM: arm64: Introduce an early Hyp page allocator
a3aad4cf4a FROMLIST: KVM: arm64: Allow using kvm_nvhe_sym() in hyp code
81181250ba FROMLIST: KVM: arm64: Make kvm_call_hyp() a function call at Hyp
542dace0bc FROMLIST: KVM: arm64: Introduce a BSS section for use at Hyp
4a4beb1005 FROMLIST: KVM: arm64: Factor memory allocation out of pgtable.c
620bb5f9c9 FROMLIST: KVM: arm64: Avoid free_page() in page-table allocator
c758e8e4b1 FROMLIST: KVM: arm64: Initialize kvm_nvhe_init_params early
ce5e848201 FROMLIST: arm64: kvm: Add standalone ticket spinlock implementation for use at hyp
9833905e2d FROMLIST: KVM: arm64: Link position-independent string routines into .hyp.text
0f63237470 FROMLIST: arm64: lib: Annotate {clear, copy}_page() as position-independent
edab6a7245 Revert "ANDROID: sched: cpufreq_schedutil: add sugov tracepoints"
187306ab1a ANDROID: Partial revert of 06881e01b5 ("ANDROID: sched: Add vendor hooks for override sugov behavior")
b542f4c389 Revert "ANDROID: sched: Add vendor hooks for skipping sugov update"
27d6dac0df Revert "ANDROID: sched: cpufreq_schedutil: move sugov traces to sched"
cc574f0d36 ANDROID: thermal: Add logic for filter on-die tz genl event.
6c6fac8f39 ANDROID: mmc: support hardware that takes key directly
e4636b47ef UPSTREAM: zram: fix broken page writeback
542d1937ba UPSTREAM: zram: fix return value on writeback_store
475aea007d ANDROID: sched: Add vendor hook for util_est_update
89ea2f1eca ANDROID: GKI: Enable DTPM framework
a3a580961b ANDROID: GKI: Add remoteproc framework symbols to symbol list
53e8099784 ANDROID: vendor_hooks: Add hooks for scheduler
7e2c33ac0e FROMGIT: configfs: fix a use-after-free in __configfs_open_file
7656aa0f48 ANDROID: lib/plist.c: Export plist-related APIs
4d63efb9ae ANDROID: module: Add vendor hook
2ff446fc4d ANDROID: bpf: Add vendor hook
dccee128b7 ANDROID: kernel: Add vendor hook in creds
0a3b407463 ANDROID: security: selinux: Add vendor hook in avc
a128ec2b2e UPSTREAM: KVM: arm64: Fix exclusive limit for IPA size
ac821b6257 UPSTREAM: KVM: arm64: Reject VM creation when the default IPA size is unsupported
d2eb8b0028 ANDROID: GKI: add android_kabi.h
45021f7679 UPSTREAM: MAINTAINERS: add entry for KFENCE
90d03f6fcf ANDROID: Clang LTO: Comment on symbol visibility workaround
169ddec367 FROMLIST: mm: fs: Invalidate BH LRU during page migration
3039d8580c BACKPORT: FROMLIST: mm: disable LRU pagevec during the migration temporarily
134ac2d4dc FROMLIST: mm: replace migrate_prep with lru_add_drain_all
a71a3e1ce6 UPSTREAM: mm: migrate: initialize err in do_migrate_pages
059eaf82c0 UPSTREAM: mm: migrate: clean up migrate_prep{_local}
be409db652 ANDROID: Clang LTO: Only set -fvisibility=hidden for x86
02efd18b77 UPSTREAM: usb: typec: tcpci: Refactor tcpc_presenting_cc1_rd macro
8d03e49505 ANDROID: mm: build alloc_contig_dump_pages in page_alloc.o
28f6641041 FROMLIST: mm: page_alloc: dump migrate-failed pages
cc1f93cb20 ANDROID: sched: Add vendor hook for uclamp_eff_get
5e1e3e9387 ANDROID: cpu/hotplug: failure to offline 2nd to last cpu
2c728929c1 ANDROID: qcom: Add devm_blk_ksm_init to ABI
9108e9ba66 ANDROID: arm64: add vendor hooks for unusal abort cases
5f1e1f42a5 UPSTREAM: powercap/drivers/dtpm: Fix size of object being allocated
fd2c659694 UPSTREAM: powercap/drivers/dtpm: Fix an IS_ERR() vs NULL check
2a1cd71862 UPSTREAM: powercap/drivers/dtpm: Fix some missing unlock bugs
7112d4320f UPSTREAM: powercap/drivers/dtpm: Fix a double shift bug
578572c48c UPSTREAM: powercap/drivers/dtpm: Fix __udivdi3 and __aeabi_uldivmod unresolved symbols
7f17016dc8 UPSTREAM: powercap/drivers/dtpm: Add CPU energy model based support
082e8dcea9 UPSTREAM: powercap/drivers/dtpm: Add API for dynamic thermal power management
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If05a0d9902893cd29e8bb5eb175bd4ce30250697
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmBVw+cACgkQONu9yGCS
aT4BtQ/+OeqUYFERtd0OdP2UezLl8gOFeRsI3K8aIoWh+kR/gluR93y12CNszbzY
i3R3BNf+zUpljqFG6LPwy0PHOpi6AnlbS6RzBzOliFGbagDQWlq2kg+xN9/UMgCS
vXZZPjWnUwj303S1qrDCfAl1VM+KYmDMxV3XOvrzYeKztR2TW29oBE617LpFx24H
itAxSIxjxf5zzBBmbXoNe692WJgYRssIvL0hLFHpMc5sjXJfRyZJ9YmQIed8RA0u
R1JSxlH3iDiqzbGkt8wK6Dy97cBl4qt5Djucdt14u0qa3DAqoGgm861p2P8yNTiv
E3akZWzsTlRd57xog52rI4z08Pi88rGsW31SWflwQnXiZNjasOR2mc2IL/ixRwIW
D6YZPmFEtlVk4EeprUe7yovK76om+fbuW5hEaGFr6oWxR9dsg8lbAVt2FJvNUemE
HJWVY/bgGPyNukuy/Sk0tRkE4CMG208pxtQTGEhDDdiFKHWidh6KDj1dZjUrigmd
1bUy2dV58rwa+HpIvyoBRM83Rd8Cy1ojH3kKCgrwxPxwhIKzrRVC2JaIu3k/BCBe
UfBE5DcmFxrYXHIeVk2ydDzEzdbROrtwjru2oGylckVPiIjb6OdtOgaCB/M3oF9N
M8Q8euPQsNRHn8oD/tDGIG0Fn9FLDjTxO+3d30ancYmENiWeNsk=
=qWNl
-----END PGP SIGNATURE-----
Merge 5.10.25 into android12-5.10-lts
Changes in 5.10.25
crypto: aesni - Use TEST %reg,%reg instead of CMP $0,%reg
crypto: x86/aes-ni-xts - use direct calls to and 4-way stride
bpf: Prohibit alu ops for pointer types not defining ptr_limit
bpf: Fix off-by-one for area size in creating mask to left
bpf: Simplify alu_limit masking for pointer arithmetic
bpf: Add sanity check for upper ptr_limit
bpf, selftests: Fix up some test_verifier cases for unprivileged
RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes
fuse: fix live lock in fuse_iget()
Revert "nfsd4: remove check_conflicting_opens warning"
Revert "nfsd4: a client's own opens needn't prevent delegations"
ALSA: usb-audio: Don't avoid stopping the stream at disconnection
net: dsa: b53: Support setting learning on port
Linux 5.10.25
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0a19cd5f8dda58a2fa8fdfbe7cbabd2c32cb57bd
commit 1b1597e64e upstream.
Given we know the max possible value of ptr_limit at the time of retrieving
the latter, add basic assertions, so that the verifier can bail out if
anything looks odd and reject the program. Nothing triggered this so far,
but it also does not hurt to have these.
Signed-off-by: Piotr Krysiuk <piotras@gmail.com>
Co-developed-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b5871dca25 upstream.
Instead of having the mov32 with aux->alu_limit - 1 immediate, move this
operation to retrieve_ptr_limit() instead to simplify the logic and to
allow for subsequent sanity boundary checks inside retrieve_ptr_limit().
This avoids in future that at the time of the verifier masking rewrite
we'd run into an underflow which would not sign extend due to the nature
of mov32 instruction.
Signed-off-by: Piotr Krysiuk <piotras@gmail.com>
Co-developed-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 10d2bb2e6b upstream.
retrieve_ptr_limit() computes the ptr_limit for registers with stack and
map_value type. ptr_limit is the size of the memory area that is still
valid / in-bounds from the point of the current position and direction
of the operation (add / sub). This size will later be used for masking
the operation such that attempting out-of-bounds access in the speculative
domain is redirected to remain within the bounds of the current map value.
When masking to the right the size is correct, however, when masking to
the left, the size is off-by-one which would lead to an incorrect mask
and thus incorrect arithmetic operation in the non-speculative domain.
Piotr found that if the resulting alu_limit value is zero, then the
BPF_MOV32_IMM() from the fixup_bpf_calls() rewrite will end up loading
0xffffffff into AX instead of sign-extending to the full 64 bit range,
and as a result, this allows abuse for executing speculatively out-of-
bounds loads against 4GB window of address space and thus extracting the
contents of kernel memory via side-channel.
Fixes: 979d63d50c ("bpf: prevent out of bounds speculation on pointer arithmetic")
Signed-off-by: Piotr Krysiuk <piotras@gmail.com>
Co-developed-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f232326f69 upstream.
The purpose of this patch is to streamline error propagation and in particular
to propagate retrieve_ptr_limit() errors for pointer types that are not defining
a ptr_limit such that register-based alu ops against these types can be rejected.
The main rationale is that a gap has been identified by Piotr in the existing
protection against speculatively out-of-bounds loads, for example, in case of
ctx pointers, unprivileged programs can still perform pointer arithmetic. This
can be abused to execute speculatively out-of-bounds loads without restrictions
and thus extract contents of kernel memory.
Fix this by rejecting unprivileged programs that attempt any pointer arithmetic
on unprotected pointer types. The two affected ones are pointer to ctx as well
as pointer to map. Field access to a modified ctx' pointer is rejected at a
later point in time in the verifier, and 7c69673262 ("bpf: Permit map_ptr
arithmetic with opcode add and offset 0") only relevant for root-only use cases.
Risk of unprivileged program breakage is considered very low.
Fixes: 7c69673262 ("bpf: Permit map_ptr arithmetic with opcode add and offset 0")
Fixes: b2157399cc ("bpf: prevent out-of-bounds speculation")
Signed-off-by: Piotr Krysiuk <piotras@gmail.com>
Co-developed-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
