This is the start of the stable review cycle for the 4.9.138 release.
There are 83 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed Nov 21 16:25:13 UTC 2018.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.138-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.9.138-rc1
Mark Rutland <mark.rutland(a)arm.com>
KVM: arm64: Fix caching of host MDCR_EL2 value
Chris Wilson <chris(a)chris-wilson.co.uk>
drm/i915/execlists: Force write serialisation into context image vs execution
Clint Taylor <clinton.a.taylor(a)intel.com>
drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values
Stanislav Lisovskiy <stanislav.lisovskiy(a)intel.com>
drm/dp_mst: Check if primary mstb is null
Marc Zyngier <marc.zyngier(a)arm.com>
drm/rockchip: Allow driver to be shutdown on reboot/kexec
Mike Kravetz <mike.kravetz(a)oracle.com>
mm: migration: fix migration of huge PMD shared pages
Mike Kravetz <mike.kravetz(a)oracle.com>
hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444!
Arnd Bergmann <arnd(a)arndb.de>
lib/ubsan.c: don't mark __ubsan_handle_builtin_unreachable as noreturn
Guenter Roeck <linux(a)roeck-us.net>
configfs: replace strncpy with memcpy
Miklos Szeredi <mszeredi(a)redhat.com>
fuse: fix leaked notify reply
Lukas Czerner <lczerner(a)redhat.com>
fuse: fix use-after-free in fuse_direct_IO()
Maciej W. Rozycki <macro(a)linux-mips.org>
rtc: hctosys: Add missing range error reporting
Scott Mayhew <smayhew(a)redhat.com>
nfsd: COPY and CLONE operations require the saved filehandle to be set
Frank Sorenson <sorenson(a)redhat.com>
sunrpc: correct the computation for page_ptr when truncating
Eric W. Biederman <ebiederm(a)xmission.com>
mount: Prevent MNT_DETACH from disconnecting locked mounts
Eric W. Biederman <ebiederm(a)xmission.com>
mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
Eric W. Biederman <ebiederm(a)xmission.com>
mount: Retest MNT_LOCKED in do_umount
Vasily Averin <vvs(a)virtuozzo.com>
ext4: fix buffer leak in __ext4_read_dirblock() on error path
Vasily Averin <vvs(a)virtuozzo.com>
ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
Vasily Averin <vvs(a)virtuozzo.com>
ext4: release bs.bh before re-using in ext4_xattr_block_find()
Vasily Averin <vvs(a)virtuozzo.com>
ext4: fix possible leak of s_journal_flag_rwsem in error path
Theodore Ts'o <tytso(a)mit.edu>
ext4: fix possible leak of sbi->s_group_desc_leak in error path
Theodore Ts'o <tytso(a)mit.edu>
ext4: avoid possible double brelse() in add_new_gdb() on error path
Vasily Averin <vvs(a)virtuozzo.com>
ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing
Vasily Averin <vvs(a)virtuozzo.com>
ext4: avoid buffer leak in ext4_orphan_add() after prior errors
Vasily Averin <vvs(a)virtuozzo.com>
ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
Vasily Averin <vvs(a)virtuozzo.com>
ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
Vasily Averin <vvs(a)virtuozzo.com>
ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
Vasily Averin <vvs(a)virtuozzo.com>
ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
Vasily Averin <vvs(a)virtuozzo.com>
ext4: add missing brelse() update_backups()'s error path
Michael Kelley <mikelley(a)microsoft.com>
clockevents/drivers/i8253: Add support for PIT shutdown quirk
Filipe Manana <fdmanana(a)suse.com>
Btrfs: fix data corruption due to cloning of eof block
Robbie Ko <robbieko(a)synology.com>
Btrfs: fix cur_offset in the error case for nocow
H. Peter Anvin (Intel) <hpa(a)zytor.com>
arch/alpha, termios: implement BOTHER, IBSHIFT and termios2
H. Peter Anvin <hpa(a)zytor.com>
termios, tty/tty_baudrate.c: fix buffer overrun
John Garry <john.garry(a)huawei.com>
of, numa: Validate some distance map rules
Arnd Bergmann <arnd(a)arndb.de>
mtd: docg3: don't set conflicting BCH_CONST_PARAMS option
Vasily Khoruzhick <vasilykh(a)arista.com>
netfilter: conntrack: fix calculation of next bucket number in early_drop
Andrea Arcangeli <aarcange(a)redhat.com>
mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings
Changwei Ge <ge.changwei(a)h3c.com>
ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry
Greg Edwards <gedwards(a)ddn.com>
vhost/scsi: truncate T10 PI iov_iter to prot_bytes
Gustavo A. R. Silva <gustavo(a)embeddedor.com>
reset: hisilicon: fix potential NULL pointer dereference
Mikulas Patocka <mpatocka(a)redhat.com>
mach64: fix image corruption due to reading accelerator registers
Mikulas Patocka <mpatocka(a)redhat.com>
mach64: fix display corruption on big endian machines
Yan, Zheng <zyan(a)redhat.com>
Revert "ceph: fix dentry leak in splice_dentry()"
Ilya Dryomov <idryomov(a)gmail.com>
libceph: bump CEPH_MSG_MAX_DATA_LEN
Enric Balletbo i Serra <enric.balletbo(a)collabora.com>
clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call
Ronald Wahl <rwahl(a)gmx.de>
clk: at91: Fix division by zero in PLL recalc_rate()
Krzysztof Kozlowski <krzk(a)kernel.org>
clk: s2mps11: Fix matching when built as module and DT node contains compatible
Max Filippov <jcmvbkbc(a)gmail.com>
xtensa: fix boot parameters address translation
Max Filippov <jcmvbkbc(a)gmail.com>
xtensa: make sure bFLT stack is 16 byte aligned
Max Filippov <jcmvbkbc(a)gmail.com>
xtensa: add NOTES section to the linker script
Huacai Chen <chenhc(a)lemote.com>
MIPS: Loongson-3: Fix BRIDGE irq delivery problem
Huacai Chen <chenhc(a)lemote.com>
MIPS: Loongson-3: Fix CPU UART irq delivery problem
Helge Deller <deller(a)gmx.de>
parisc: Fix exported address of os_hpmc handler
Helge Deller <deller(a)gmx.de>
parisc: Fix HPMC handler by increasing size to multiple of 16 bytes
Helge Deller <deller(a)gmx.de>
parisc: Align os_hpmc_size on word boundary
Kees Cook <keescook(a)chromium.org>
bna: ethtool: Avoid reading past end of buffer
Vincenzo Maffione <v.maffione(a)gmail.com>
e1000: fix race condition between e1000_down() and e1000_watchdog
Colin Ian King <colin.king(a)canonical.com>
e1000: avoid null pointer dereference on invalid stat type
Michal Hocko <mhocko(a)suse.com>
mm: do not bug_on on incorrect length in __mm_populate()
Miklos Szeredi <mszeredi(a)redhat.com>
fuse: set FR_SENT while locked
Miklos Szeredi <mszeredi(a)redhat.com>
fuse: fix blocked_waitq wakeup
Kirill Tkhai <ktkhai(a)virtuozzo.com>
fuse: Fix use-after-free in fuse_dev_do_write()
Kirill Tkhai <ktkhai(a)virtuozzo.com>
fuse: Fix use-after-free in fuse_dev_do_read()
Quinn Tran <quinn.tran(a)cavium.com>
scsi: qla2xxx: shutdown chip if reset fail
Himanshu Madhani <himanshu.madhani(a)cavium.com>
scsi: qla2xxx: Fix incorrect port speed being set for FC adapters
Young_X <YangX92(a)hotmail.com>
cdrom: fix improper type cast, which can leat to information leak.
Dominique Martinet <dominique.martinet(a)cea.fr>
9p: clear dangling pointers in p9stat_free
Dominique Martinet <dominique.martinet(a)cea.fr>
9p locks: fix glock.client_id leak in do_lock
Breno Leitao <leitao(a)debian.org>
powerpc/selftests: Wait all threads to join
Marco Felsch <m.felsch(a)pengutronix.de>
media: tvp5150: fix width alignment during set_selection()
Phil Elwell <phil(a)raspberrypi.org>
sc16is7xx: Fix for multi-channel stall
Huacai Chen <chenhc(a)lemote.com>
MIPS/PCI: Call pcie_bus_configure_settings() to set MPS/MRRS
Joel Stanley <joel(a)jms.id.au>
powerpc/boot: Ensure _zimage_start is a weak symbol
Dengcheng Zhu <dzhu(a)wavecomp.com>
MIPS: kexec: Mark CPU offline before disabling local IRQ
Nicholas Mc Guire <hofrat(a)osadl.org>
media: pci: cx23885: handle adding to list failure
Tomi Valkeinen <tomi.valkeinen(a)ti.com>
drm/omap: fix memory barrier bug in DMM driver
Daniel Axtens <dja(a)axtens.net>
powerpc/nohash: fix undefined behaviour when testing page size support
Fabio Estevam <fabio.estevam(a)nxp.com>
ARM: imx_v6_v7_defconfig: Select CONFIG_TMPFS_POSIX_ACL
Miles Chen <miles.chen(a)mediatek.com>
tty: check name length in tty_find_polling_driver()
Sam Bobroff <sbobroff(a)linux.ibm.com>
powerpc/eeh: Fix possible null deref in eeh_dump_dev_log()
-------------
Diffstat:
Makefile | 4 +-
arch/alpha/include/asm/termios.h | 8 +++-
arch/alpha/include/uapi/asm/ioctls.h | 5 ++
arch/alpha/include/uapi/asm/termbits.h | 17 +++++++
arch/arm/configs/imx_v6_v7_defconfig | 1 +
arch/arm/kvm/arm.c | 4 +-
arch/mips/include/asm/mach-loongson64/irq.h | 2 +-
arch/mips/kernel/crash.c | 3 ++
arch/mips/kernel/machine_kexec.c | 3 ++
arch/mips/loongson64/loongson-3/irq.c | 56 +++-------------------
arch/mips/pci/pci-legacy.c | 4 ++
arch/parisc/kernel/hpmc.S | 10 ++--
arch/powerpc/boot/crt0.S | 4 +-
arch/powerpc/kernel/eeh.c | 5 ++
arch/powerpc/mm/tlb_nohash.c | 3 ++
arch/xtensa/boot/Makefile | 2 +-
arch/xtensa/include/asm/processor.h | 6 ++-
arch/xtensa/kernel/head.S | 7 ++-
arch/xtensa/kernel/vmlinux.lds.S | 1 +
drivers/cdrom/cdrom.c | 2 +-
drivers/clk/at91/clk-pll.c | 3 ++
drivers/clk/clk-s2mps11.c | 30 ++++++++++++
drivers/clk/hisilicon/reset.c | 5 +-
drivers/clk/rockchip/clk-ddr.c | 4 --
drivers/clocksource/i8253.c | 14 +++++-
drivers/gpu/drm/drm_dp_mst_topology.c | 3 ++
drivers/gpu/drm/i915/intel_audio.c | 17 +++++++
drivers/gpu/drm/i915/intel_lrc.c | 14 +++++-
drivers/gpu/drm/omapdrm/omap_dmm_tiler.c | 11 +++++
drivers/gpu/drm/rockchip/rockchip_drm_drv.c | 6 +++
drivers/media/i2c/tvp5150.c | 14 ++++--
drivers/media/pci/cx23885/altera-ci.c | 10 ++++
drivers/mtd/devices/Kconfig | 2 +-
drivers/net/ethernet/brocade/bna/bnad_ethtool.c | 4 +-
drivers/net/ethernet/intel/e1000/e1000_ethtool.c | 9 ++--
drivers/net/ethernet/intel/e1000/e1000_main.c | 11 ++++-
drivers/of/of_numa.c | 9 +++-
drivers/rtc/hctosys.c | 4 +-
drivers/scsi/qla2xxx/qla_init.c | 2 +-
drivers/scsi/qla2xxx/qla_mbx.c | 5 +-
drivers/tty/serial/sc16is7xx.c | 19 +++++---
drivers/tty/tty_io.c | 2 +-
drivers/tty/tty_ioctl.c | 4 +-
drivers/vhost/scsi.c | 4 +-
drivers/video/fbdev/aty/mach64_accel.c | 28 +++++------
fs/9p/vfs_file.c | 16 ++++++-
fs/btrfs/inode.c | 5 +-
fs/btrfs/ioctl.c | 12 ++++-
fs/ceph/inode.c | 8 +++-
fs/configfs/symlink.c | 2 +-
fs/ext4/namei.c | 5 +-
fs/ext4/resize.c | 28 ++++++-----
fs/ext4/super.c | 17 +++----
fs/ext4/xattr.c | 4 ++
fs/fuse/dev.c | 29 +++++++++---
fs/fuse/file.c | 4 +-
fs/namespace.c | 22 +++++++--
fs/nfsd/nfs4proc.c | 3 ++
fs/ocfs2/dir.c | 3 +-
include/linux/ceph/libceph.h | 8 +++-
include/linux/hugetlb.h | 14 ++++++
include/linux/i8253.h | 1 +
include/linux/mm.h | 6 +++
lib/ubsan.c | 3 +-
mm/gup.c | 2 -
mm/hugetlb.c | 60 +++++++++++++++++++++---
mm/mempolicy.c | 32 ++++++++++++-
mm/mmap.c | 19 ++++----
mm/rmap.c | 56 ++++++++++++++++++++++
net/9p/protocol.c | 5 ++
net/netfilter/nf_conntrack_core.c | 13 +++--
net/sunrpc/xdr.c | 5 +-
tools/testing/selftests/powerpc/tm/tm-tmspr.c | 27 +++++++----
73 files changed, 580 insertions(+), 210 deletions(-)
On Tue, Nov 20, 2018 at 01:25:30PM +0000, Sasha Levin wrote:
> Hi,
>
> [This is an automated email]
>
> This commit has been processed because it contains a -stable tag.
> The stable tag indicates that it's relevant for the following trees: all
>
> The bot has tested the following trees: v4.19.2, v4.18.19, v4.14.81, v4.9.137, v4.4.163, v3.18.125.
>
> v4.19.2: Build OK!
> v4.18.19: Build OK!
> v4.14.81: Build OK!
> v4.9.137: Failed to apply! Possible dependencies:
> Unable to calculate
AFAIR, Victoria asked about this fix a while ago. CCed.
Victoria, do you still need this patch in your 4.9? If so, you might
wanna give it a try:
https://git.kernel.org/tip/68239654acafe6aad5a3c1dc7237e60accfebc03
Let us know if you need help backporting - it should be easy though.
HTH.
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
This is an automatic generated email to let you know that the following patch were queued:
Subject: media: vicodec: fix memchr() kernel oops
Author: Hans Verkuil <hverkuil(a)xs4all.nl>
Date: Sat Nov 17 06:25:08 2018 -0500
The size passed to memchr is too large as it assumes the search
starts at the start of the buffer, but it can start at an offset.
Cc: <stable(a)vger.kernel.org> # for v4.19 and up
Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung(a)kernel.org>
drivers/media/platform/vicodec/vicodec-core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
---
diff --git a/drivers/media/platform/vicodec/vicodec-core.c b/drivers/media/platform/vicodec/vicodec-core.c
index b292cff26c86..013cdebecbc4 100644
--- a/drivers/media/platform/vicodec/vicodec-core.c
+++ b/drivers/media/platform/vicodec/vicodec-core.c
@@ -304,7 +304,8 @@ restart:
for (; p < p_out + sz; p++) {
u32 copy;
- p = memchr(p, magic[ctx->comp_magic_cnt], sz);
+ p = memchr(p, magic[ctx->comp_magic_cnt],
+ p_out + sz - p);
if (!p) {
ctx->comp_magic_cnt = 0;
break;
To change the active state of an MMIO, halt is requested for all vcpus of
the affected guest before modifying the IRQ state. This is done by calling
cond_resched_lock() in vgic_mmio_change_active(). However interrupts are
disabled at this point and running a vcpu cannot get rescheduled.
Solve this by waiting for all vcpus to be halted after emmiting the halt
request.
Fixes commit 6c1b7521f4a07cc63bbe2dfe290efed47cdb780a ("KVM: arm/arm64:
Factor out functionality to get vgic mmio requester_vcpu")
Signed-off-by: Julien Thierry <julien.thierry(a)arm.com>
Suggested-by: Marc Zyngier <marc.zyngier(a)arm.com>
Cc: Christoffer Dall <christoffer.dall(a)arm.com>
Cc: Marc Zyngier <marc.zyngier(a)arm.com>
Cc: stable(a)vger.kernel.org
---
virt/kvm/arm/vgic/vgic-mmio.c | 33 +++++++++++----------------------
1 file changed, 11 insertions(+), 22 deletions(-)
diff --git a/virt/kvm/arm/vgic/vgic-mmio.c b/virt/kvm/arm/vgic/vgic-mmio.c
index f56ff1c..eefd877 100644
--- a/virt/kvm/arm/vgic/vgic-mmio.c
+++ b/virt/kvm/arm/vgic/vgic-mmio.c
@@ -313,27 +313,6 @@ static void vgic_mmio_change_active(struct kvm_vcpu *vcpu, struct vgic_irq *irq,
spin_lock_irqsave(&irq->irq_lock, flags);
- /*
- * If this virtual IRQ was written into a list register, we
- * have to make sure the CPU that runs the VCPU thread has
- * synced back the LR state to the struct vgic_irq.
- *
- * As long as the conditions below are true, we know the VCPU thread
- * may be on its way back from the guest (we kicked the VCPU thread in
- * vgic_change_active_prepare) and still has to sync back this IRQ,
- * so we release and re-acquire the spin_lock to let the other thread
- * sync back the IRQ.
- *
- * When accessing VGIC state from user space, requester_vcpu is
- * NULL, which is fine, because we guarantee that no VCPUs are running
- * when accessing VGIC state from user space so irq->vcpu->cpu is
- * always -1.
- */
- while (irq->vcpu && /* IRQ may have state in an LR somewhere */
- irq->vcpu != requester_vcpu && /* Current thread is not the VCPU thread */
- irq->vcpu->cpu != -1) /* VCPU thread is running */
- cond_resched_lock(&irq->irq_lock);
-
if (irq->hw) {
vgic_hw_irq_change_active(vcpu, irq, active, !requester_vcpu);
} else {
@@ -368,8 +347,18 @@ static void vgic_mmio_change_active(struct kvm_vcpu *vcpu, struct vgic_irq *irq,
*/
static void vgic_change_active_prepare(struct kvm_vcpu *vcpu, u32 intid)
{
- if (intid > VGIC_NR_PRIVATE_IRQS)
+ if (intid > VGIC_NR_PRIVATE_IRQS) {
+ struct kvm_vcpu *tmp;
+ int i;
+
kvm_arm_halt_guest(vcpu->kvm);
+
+ /* Wait for each vcpu to be halted */
+ kvm_for_each_vcpu(i, tmp, vcpu->kvm) {
+ while (tmp->cpu != -1)
+ cond_resched();
+ }
+ }
}
/* See vgic_change_active_prepare */
--
1.9.1
On Tue, Nov 20, 2018 at 08:18:57PM +0530, Harsh Shandilya wrote:
> On 20 November 2018 4:46:13 PM IST, Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> wrote:
> >On Tue, Nov 20, 2018 at 04:09:05PM +0530, Harsh Shandilya wrote:
> >> On 19 November 2018 9:58:42 PM IST, Greg Kroah-Hartman
> ><gregkh(a)linuxfoundation.org> wrote:
> >> >This is the start of the stable review cycle for the 3.18.126
> >release.
> >> >There are 90 patches in this series, all will be posted as a
> >response
> >> >to this one. If anyone has any issues with these being applied,
> >please
> >> >let me know.
> >> >
> >> >Responses should be made by Wed Nov 21 16:25:28 UTC 2018.
> >> >Anything received after that time might be too late.
> >> >
> >> >The whole patch series can be found in one patch at:
> >>
> >> https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.126-r…
> >> >or in the git tree and branch at:
> >>
> >> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
> >> >linux-3.18.y
> >> >and the diffstat can be found below.
> >> >
> >> >thanks,
> >> >
> >> >greg k-h
> >> Peachy as always on the OnePlus 3(T).
> >>
> >> P.S. Not tired of this old-ass tree yet? :P
> >
> >I am very tired of it, but it turns out lots of people still depend on
> >it, so I'll keep it around for a while longer :(
> >
> >thanks for testing,
> >
> >greg k-h
>
> That's just sad. Anybody using this outside Android?
Not that I know of. And really, they better not be, as it is NOT a
kernel one should use anywhere else at this point in time...
thanks,
greg k-h