- Linux-stable-mirror - lists.linaro.org

[patch 06/27] ipc/shm: fix use-after-free of shm file via remap_file_pages()

by akpm＠linux-foundation.org

From: Eric Biggers <ebiggers(a)google.com> Subject: ipc/shm: fix use-after-free of shm file via remap_file_pages() syzbot reported a use-after-free of shm_file_data(file)->file->f_op in shm_get_unmapped_area(), called via sys_remap_file_pages(). Unfortunately it couldn't generate a reproducer, but I found a bug which I think caused it. When remap_file_pages() is passed a full System V shared memory segment, the memory is first unmapped, then a new map is created using the ->vm_file. Between these steps, the shm ID can be removed and reused for a new shm segment. But, shm_mmap() only checks whether the ID is currently valid before calling the underlying file's ->mmap(); it doesn't check whether it was reused. Thus it can use the wrong underlying file, one that was already freed. Fix this by making the "outer" shm file (the one that gets put in ->vm_file) hold a reference to the real shm file, and by making __shm_open() require that the file associated with the shm ID matches the one associated with the "outer" file. Taking the reference to the real shm file is needed to fully solve the problem, since otherwise sfd->file could point to a freed file, which then could be reallocated for the reused shm ID, causing the wrong shm segment to be mapped (and without the required permission checks). Commit 1ac0b6dec656 ("ipc/shm: handle removed segments gracefully in shm_mmap()") almost fixed this bug, but it didn't go far enough because it didn't consider the case where the shm ID is reused. The following program usually reproduces this bug: #include <stdlib.h> #include <sys/shm.h> #include <sys/syscall.h> #include <unistd.h> int main() { int is_parent = (fork() != 0); srand(getpid()); for (;;) { int id = shmget(0xF00F, 4096, IPC_CREAT|0700); if (is_parent) { void *addr = shmat(id, NULL, 0); usleep(rand() % 50); while (!syscall(__NR_remap_file_pages, addr, 4096, 0, 0, 0)); } else { usleep(rand() % 50); shmctl(id, IPC_RMID, NULL); } } } It causes the following NULL pointer dereference due to a 'struct file' being used while it's being freed. (I couldn't actually get a KASAN use-after-free splat like in the syzbot report. But I think it's possible with this bug; it would just take a more extraordinary race...) BUG: unable to handle kernel NULL pointer dereference at 0000000000000058 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 9 PID: 258 Comm: syz_ipc Not tainted 4.16.0-05140-gf8cf2f16a7c95 #189 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014 RIP: 0010:d_inode include/linux/dcache.h:519 [inline] RIP: 0010:touch_atime+0x25/0xd0 fs/inode.c:1724 [...] Call Trace: file_accessed include/linux/fs.h:2063 [inline] shmem_mmap+0x25/0x40 mm/shmem.c:2149 call_mmap include/linux/fs.h:1789 [inline] shm_mmap+0x34/0x80 ipc/shm.c:465 call_mmap include/linux/fs.h:1789 [inline] mmap_region+0x309/0x5b0 mm/mmap.c:1712 do_mmap+0x294/0x4a0 mm/mmap.c:1483 do_mmap_pgoff include/linux/mm.h:2235 [inline] SYSC_remap_file_pages mm/mmap.c:2853 [inline] SyS_remap_file_pages+0x232/0x310 mm/mmap.c:2769 do_syscall_64+0x64/0x1a0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ebiggers(a)google.com: add comment] Link: http://lkml.kernel.org/r/20180410192850.235835-1-ebiggers3@gmail.com Link: http://lkml.kernel.org/r/20180409043039.28915-1-ebiggers3@gmail.com Reported-by: syzbot+d11f321e7f1923157eac80aa990b446596f46439(a)syzkaller.appspotmail.com Fixes: c8d78c1823f4 ("mm: replace remap_file_pages() syscall with emulation") Signed-off-by: Eric Biggers <ebiggers(a)google.com> Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Acked-by: Davidlohr Bueso <dbueso(a)suse.de> Cc: Manfred Spraul <manfred(a)colorfullife.com> Cc: "Eric W . Biederman" <ebiederm(a)xmission.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- ipc/shm.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff -puN ipc/shm.c~ipc-shm-fix-use-after-free-of-shm-file-via-remap_file_pages ipc/shm.c --- a/ipc/shm.c~ipc-shm-fix-use-after-free-of-shm-file-via-remap_file_pages +++ a/ipc/shm.c @@ -225,6 +225,12 @@ static int __shm_open(struct vm_area_str if (IS_ERR(shp)) return PTR_ERR(shp); + if (shp->shm_file != sfd->file) { + /* ID was reused */ + shm_unlock(shp); + return -EINVAL; + } + shp->shm_atim = ktime_get_real_seconds(); ipc_update_pid(&shp->shm_lprid, task_tgid(current)); shp->shm_nattch++; @@ -455,8 +461,9 @@ static int shm_mmap(struct file *file, s int ret; /* - * In case of remap_file_pages() emulation, the file can represent - * removed IPC ID: propogate shm_lock() error to caller. + * In case of remap_file_pages() emulation, the file can represent an + * IPC ID that was removed, and possibly even reused by another shm + * segment already. Propagate this case as an error to caller. */ ret = __shm_open(vma); if (ret) @@ -480,6 +487,7 @@ static int shm_release(struct inode *ino struct shm_file_data *sfd = shm_file_data(file); put_ipc_ns(sfd->ns); + fput(sfd->file); shm_file_data(file) = NULL; kfree(sfd); return 0; @@ -1445,7 +1453,16 @@ long do_shmat(int shmid, char __user *sh file->f_mapping = shp->shm_file->f_mapping; sfd->id = shp->shm_perm.id; sfd->ns = get_ipc_ns(ns); - sfd->file = shp->shm_file; + /* + * We need to take a reference to the real shm file to prevent the + * pointer from becoming stale in cases where the lifetime of the outer + * file extends beyond that of the shm segment. It's not usually + * possible, but it can happen during remap_file_pages() emulation as + * that unmaps the memory, then does ->mmap() via file reference only. + * We'll deny the ->mmap() if the shm segment was since removed, but to + * detect shm ID reuse we need to compare the file pointers. + */ + sfd->file = get_file(shp->shm_file); sfd->vm_ops = NULL; err = security_mmap_file(file, prot, flags); _

7 years, 2 months

1
0
0 0

[patch 03/27] get_user_pages_fast(): return -EFAULT on access_ok failure

by akpm＠linux-foundation.org

From: "Michael S. Tsirkin" <mst(a)redhat.com> Subject: get_user_pages_fast(): return -EFAULT on access_ok failure get_user_pages_fast is supposed to be a faster drop-in equivalent of get_user_pages. As such, callers expect it to return a negative return code when passed an invalid address, and never expect it to return 0 when passed a positive number of pages, since its documentation says: * Returns number of pages pinned. This may be fewer than the number * requested. If nr_pages is 0 or negative, returns 0. If no pages * were pinned, returns -errno. When get_user_pages_fast fall back on get_user_pages this is exactly what happens. Unfortunately the implementation is inconsistent: it returns 0 if passed a kernel address, confusing callers: for example, the following is pretty common but does not appear to do the right thing with a kernel address: ret = get_user_pages_fast(addr, 1, writeable, &page); if (ret < 0) return ret; Change get_user_pages_fast to return -EFAULT when supplied a kernel address to make it match expectations. All callers have been audited for consistency with the documented semantics. Link: http://lkml.kernel.org/r/1522962072-182137-4-git-send-email-mst@redhat.com Fixes: 5b65c4677a57 ("mm, x86/mm: Fix performance regression in get_user_pages_fast()") Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> Reported-by: syzbot+6304bf97ef436580fede(a)syzkaller.appspotmail.com Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Huang Ying <ying.huang(a)intel.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Thorsten Leemhuis <regressions(a)leemhuis.info> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff -puN mm/gup.c~gup-return-efault-on-access_ok-failure mm/gup.c --- a/mm/gup.c~gup-return-efault-on-access_ok-failure +++ a/mm/gup.c @@ -1806,9 +1806,12 @@ int get_user_pages_fast(unsigned long st len = (unsigned long) nr_pages << PAGE_SHIFT; end = start + len; + if (nr_pages <= 0) + return 0; + if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ, (void __user *)start, len))) - return 0; + return -EFAULT; if (gup_fast_permitted(start, nr_pages, write)) { local_irq_disable(); _

7 years, 2 months

1
0
0 0

[patch 02/27] mm/gup_benchmark: handle gup failures

by akpm＠linux-foundation.org

From: "Michael S. Tsirkin" <mst(a)redhat.com> Subject: mm/gup_benchmark: handle gup failures Patch series "mm/get_user_pages_fast fixes, cleanups", v2. Turns out get_user_pages_fast and __get_user_pages_fast return different values on error when given a single page: __get_user_pages_fast returns 0. get_user_pages_fast returns either 0 or an error. Callers of get_user_pages_fast expect an error so fix it up to return an error consistently. Stress the difference between get_user_pages_fast and __get_user_pages_fast to make sure callers aren't confused. This patch (of 3): __gup_benchmark_ioctl does not handle the case where get_user_pages_fast fails: - a negative return code will cause a buffer overrun - returning with partial success will cause use of uninitialized memory. [akpm(a)linux-foundation.org: simplification] Link: http://lkml.kernel.org/r/1522962072-182137-3-git-send-email-mst@redhat.com Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Huang Ying <ying.huang(a)intel.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Thorsten Leemhuis <regressions(a)leemhuis.info> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup_benchmark.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff -puN mm/gup_benchmark.c~mm-gup_benchmark-handle-gup-failures mm/gup_benchmark.c --- a/mm/gup_benchmark.c~mm-gup_benchmark-handle-gup-failures +++ a/mm/gup_benchmark.c @@ -23,7 +23,7 @@ static int __gup_benchmark_ioctl(unsigne struct page **pages; nr_pages = gup->size / PAGE_SIZE; - pages = kvmalloc(sizeof(void *) * nr_pages, GFP_KERNEL); + pages = kvzalloc(sizeof(void *) * nr_pages, GFP_KERNEL); if (!pages) return -ENOMEM; @@ -41,6 +41,8 @@ static int __gup_benchmark_ioctl(unsigne } nr = get_user_pages_fast(addr, nr, gup->flags & 1, pages + i); + if (nr <= 0) + break; i += nr; } end_time = ktime_get(); _

7 years, 2 months

1
0
0 0

[patch 01/27] resource: fix integer overflow at reallocation

by akpm＠linux-foundation.org

From: Takashi Iwai <tiwai(a)suse.de> Subject: resource: fix integer overflow at reallocation We've got a bug report indicating a kernel panic at booting on an x86-32 system, and it turned out to be the invalid PCI resource assigned after reallocation. __find_resource() first aligns the resource start address and resets the end address with start+size-1 accordingly, then checks whether it's contained. Here the end address may overflow the integer, although resource_contains() still returns true because the function validates only start and end address. So this ends up with returning an invalid resource (start > end). There was already an attempt to cover such a problem in the commit 47ea91b4052d ("Resource: fix wrong resource window calculation"), but this case is an overseen one. This patch adds the validity check of the newly calculated resource for avoiding the integer overflow problem. Bugzilla: http://bugzilla.opensuse.org/show_bug.cgi?id=1086739 Link: http://lkml.kernel.org/r/s5hpo37d5l8.wl-tiwai@suse.de Fixes: 23c570a67448 ("resource: ability to resize an allocated resource") Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Reported-by: Michael Henders <hendersm(a)shaw.ca> Tested-by: Michael Henders <hendersm(a)shaw.ca> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Ram Pai <linuxram(a)us.ibm.com> Cc: Bjorn Helgaas <bhelgaas(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/resource.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -puN kernel/resource.c~resource-fix-integer-overflow-at-reallocation-v1 kernel/resource.c --- a/kernel/resource.c~resource-fix-integer-overflow-at-reallocation-v1 +++ a/kernel/resource.c @@ -651,7 +651,8 @@ static int __find_resource(struct resour alloc.start = constraint->alignf(constraint->alignf_data, &avail, size, constraint->align); alloc.end = alloc.start + size - 1; - if (resource_contains(&avail, &alloc)) { + if (alloc.start <= alloc.end && + resource_contains(&avail, &alloc)) { new->start = alloc.start; new->end = alloc.end; return 0; _

7 years, 2 months

1
0
0 0

[folded-merged] mm-gup_benchmark-handle-gup-failures-fix.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm-gup_benchmark-handle-gup-failures-fix has been removed from the -mm tree. Its filename was mm-gup_benchmark-handle-gup-failures-fix.patch This patch was dropped because it was folded into mm-gup_benchmark-handle-gup-failures.patch ------------------------------------------------------ From: Andrew Morton <akpm(a)linux-foundation.org> Subject: mm-gup_benchmark-handle-gup-failures-fix Cc: Huang Ying <ying.huang(a)intel.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: "Michael S. Tsirkin" <mst(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: <stable(a)vger.kernel.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Thorsten Leemhuis <regressions(a)leemhuis.info> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup_benchmark.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff -puN mm/gup_benchmark.c~mm-gup_benchmark-handle-gup-failures-fix mm/gup_benchmark.c --- a/mm/gup_benchmark.c~mm-gup_benchmark-handle-gup-failures-fix +++ a/mm/gup_benchmark.c @@ -41,8 +41,9 @@ static int __gup_benchmark_ioctl(unsigne } nr = get_user_pages_fast(addr, nr, gup->flags & 1, pages + i); - if (nr > 0) - i += nr; + if (nr <= 0) + break; + i += nr; } end_time = ktime_get(); _ Patches currently in -mm which might be from akpm(a)linux-foundation.org are i-need-old-gcc.patch mm-gup_benchmark-handle-gup-failures.patch mm-pagemap-fix-swap-offset-value-for-pmd-migration-entry-fix.patch writeback-safer-lock-nesting-fix.patch arm-arch-arm-include-asm-pageh-needs-personalityh.patch ocfs2-without-quota-support-try-to-avoid-calling-quota-recovery-checkpatch-fixes.patch mm.patch list_lru-prefetch-neighboring-list-entries-before-acquiring-lock-fix.patch mm-oom-cgroup-aware-oom-killer-fix.patch mm-oom-docs-describe-the-cgroup-aware-oom-killer-fix-2-fix.patch linux-next-rejects.patch fs-fsnotify-account-fsnotify-metadata-to-kmemcg-fix.patch kernel-forkc-export-kernel_thread-to-modules.patch slab-leaks3-default-y.patch

7 years, 2 months

1
0
0 0

[PATCH] drm/nouveau: Add missing fb SLCG registers for kepler2

by Lyude Paul

Somehow I didn't manage to notice this the last time I looked at my mmiotraces, these seem to be all valid registers. Forwarding this to stable, as there's a small chance that not having these could cause clockgating to be unstable. Signed-off-by: Lyude Paul <lyude(a)redhat.com> Fixes: a0f79082bd174 ("drm/nouveau: Add support for SLCG for Kepler2") Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/nouveau/nvkm/subdev/fb/gk110.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/fb/gk110.c b/drivers/gpu/drm/nouveau/nvkm/subdev/fb/gk110.c index 0695e5dd360e..0d9ad9fa7774 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/fb/gk110.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/fb/gk110.c @@ -32,6 +32,18 @@ * PGRAPH registers for clockgating ******************************************************************************* */ +static const struct nvkm_therm_clkgate_init +gk110_fb_clkgate_slcg_init_bcast_0[] = { + { 0x10f280, 1, 0x00000000 }, + {} +}; + +static const struct nvkm_therm_clkgate_init +gk110_fb_clkgate_slcg_init_pxbar_0[] = { + { 0x13cafc, 1, 0x0000007e }, + { 0x13cbe4, 1, 0x1ffffffe }, + {} +}; static const struct nvkm_therm_clkgate_init gk110_fb_clkgate_blcg_init_unk_0[] = { @@ -45,6 +57,8 @@ gk110_fb_clkgate_blcg_init_unk_0[] = { static const struct nvkm_therm_clkgate_pack gk110_fb_clkgate_pack[] = { + { gk110_fb_clkgate_slcg_init_bcast_0 }, + { gk110_fb_clkgate_slcg_init_pxbar_0 }, { gk110_fb_clkgate_blcg_init_unk_0 }, { gk104_fb_clkgate_blcg_init_vm_0 }, { gk104_fb_clkgate_blcg_init_main_0 }, -- 2.14.3

7 years, 2 months

1
0
0 0

+ autofs-mount-point-create-should-honour-passed-in-mode.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: autofs: mount point create should honour passed in mode has been added to the -mm tree. Its filename is autofs-mount-point-create-should-honour-passed-in-mode.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/autofs-mount-point-create-should-h… and later at http://ozlabs.org/~akpm/mmotm/broken-out/autofs-mount-point-create-should-h… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Ian Kent <raven(a)themaw.net> Subject: autofs: mount point create should honour passed in mode The autofs file system mkdir inode operation blindly sets the created directory mode to S_IFDIR | 0555, ingoring the passed in mode, which can cause selinux dac_override denials. But the function also checks if the caller is the daemon (as no-one else should be able to do anything here) so there's no point in not honouring the passed in mode, allowing the daemon to set appropriate mode when required. Link: http://lkml.kernel.org/r/152361593601.8051.14014139124905996173.stgit@pluto… Signed-off-by: Ian Kent <raven(a)themaw.net> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/autofs4/root.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN fs/autofs4/root.c~autofs-mount-point-create-should-honour-passed-in-mode fs/autofs4/root.c --- a/fs/autofs4/root.c~autofs-mount-point-create-should-honour-passed-in-mode +++ a/fs/autofs4/root.c @@ -749,7 +749,7 @@ static int autofs4_dir_mkdir(struct inod autofs4_del_active(dentry); - inode = autofs4_get_inode(dir->i_sb, S_IFDIR | 0555); + inode = autofs4_get_inode(dir->i_sb, S_IFDIR | mode); if (!inode) return -ENOMEM; d_add(dentry, inode); _ Patches currently in -mm which might be from raven(a)themaw.net are autofs-mount-point-create-should-honour-passed-in-mode.patch

7 years, 2 months

1
0
0 0

v3.18.105 build: 10 failures 1 warnings (v3.18.105)

by Build bot for Mark Brown

Tree/Branch: v3.18.105 Git describe: v3.18.105 Commit: 78db2bbfa0 Linux 3.18.105 Build Time: 0 min 14 sec Passed: 0 / 10 ( 0.00 %) Failed: 10 / 10 (100.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 Failed defconfigs: x86_64-allnoconfig arm-allnoconfig arm64-defconfig Errors: ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : x86_64-allnoconfig 1 warnings 0 mismatches : arm-allnoconfig 1 warnings 0 mismatches : arm64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 1 3 include/config/auto.conf:4559:warning: override: TICK_CPU_ACCOUNTING changes choice state =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allnoconfig : FAIL, 0 errors, 1 warnings, 0 section mismatches Warnings: include/config/auto.conf:4559:warning: override: TICK_CPU_ACCOUNTING changes choice state ------------------------------------------------------------------------------- arm-allnoconfig : FAIL, 0 errors, 1 warnings, 0 section mismatches Warnings: include/config/auto.conf:4559:warning: override: TICK_CPU_ACCOUNTING changes choice state ------------------------------------------------------------------------------- arm64-defconfig : FAIL, 0 errors, 1 warnings, 0 section mismatches Warnings: include/config/auto.conf:4559:warning: override: TICK_CPU_ACCOUNTING changes choice state ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig x86_64-allmodconfig

7 years, 2 months

1
0
0 0

Linux 4.9.94

by Greg KH

I'm announcing the release of the 4.9.94 kernel. All users of the 4.9 kernel series must upgrade. The updated 4.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/clock/amlogic,meson8b-clkc.txt | 11 - Documentation/devicetree/bindings/display/sunxi/sun4i-drm.txt | 11 - Makefile | 2 arch/arm/boot/dts/imx53-qsrb.dts | 2 arch/arm/boot/dts/imx6qdl-wandboard.dtsi | 1 arch/arm/boot/dts/ls1021a.dtsi | 2 arch/arm/boot/dts/qcom-ipq4019.dtsi | 4 arch/arm/boot/dts/r8a7740-armadillo800eva.dts | 2 arch/arm/boot/dts/rk322x.dtsi | 6 arch/arm/include/asm/xen/events.h | 2 arch/arm/kvm/hyp/switch.c | 2 arch/arm/mach-davinci/devices-da8xx.c | 10 + arch/arm/mach-imx/cpu.c | 3 arch/arm/mach-imx/mxc.h | 6 arch/arm64/include/asm/futex.h | 8 arch/arm64/kernel/pci.c | 4 arch/arm64/kernel/perf_event.c | 23 +- arch/arm64/kvm/hyp/switch.c | 1 arch/arm64/mm/mmap.c | 19 + arch/mips/include/asm/kprobes.h | 3 arch/mips/include/asm/pgtable-32.h | 7 arch/mips/mm/pgtable-32.c | 6 arch/powerpc/include/asm/module.h | 4 arch/powerpc/include/asm/page.h | 12 + arch/powerpc/kernel/time.c | 14 + arch/powerpc/kvm/book3s_pr_papr.c | 34 ++- arch/powerpc/platforms/cell/spufs/coredump.c | 2 arch/powerpc/sysdev/mpc8xx_pic.c | 2 arch/s390/kernel/vmlinux.lds.S | 8 arch/sparc/kernel/ldc.c | 7 arch/x86/boot/compressed/error.h | 4 arch/x86/include/asm/asm.h | 1 arch/x86/kernel/tsc.c | 2 arch/x86/kvm/lapic.c | 2 arch/x86/kvm/svm.c | 24 +- arch/x86/kvm/vmx.c | 10 - arch/x86/lib/csum-copy_64.S | 12 - arch/x86/lib/kaslr.c | 3 arch/x86/platform/efi/efi.c | 6 block/bio-integrity.c | 3 block/blk-mq.c | 11 - block/partition-generic.c | 4 crypto/asymmetric_keys/x509_cert_parser.c | 1 crypto/async_tx/async_pq.c | 5 drivers/acpi/acpi_video.c | 14 + drivers/acpi/acpica/evxfevnt.c | 18 + drivers/acpi/acpica/psobject.c | 14 + drivers/acpi/ec.c | 2 drivers/acpi/ec_sys.c | 2 drivers/acpi/internal.h | 2 drivers/ata/libahci_platform.c | 5 drivers/block/loop.c | 3 drivers/bus/brcmstb_gisb.c | 42 ++-- drivers/char/ipmi/ipmi_ssif.c | 2 drivers/char/random.c | 10 - drivers/clk/at91/clk-generated.c | 4 drivers/clk/clk-conf.c | 2 drivers/clk/clk-scpi.c | 6 drivers/clk/meson/Kconfig | 6 drivers/clk/meson/meson8b.c | 5 drivers/clk/renesas/clk-rcar-gen2.c | 23 +- drivers/cpuidle/dt_idle_states.c | 4 drivers/crypto/omap-sham.c | 31 ++- drivers/devfreq/devfreq.c | 3 drivers/dma/imx-sdma.c | 23 +- drivers/edac/mv64x60_edac.c | 2 drivers/gpio/gpio-crystalcove.c | 54 +++-- drivers/gpio/gpiolib.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 3 drivers/gpu/drm/msm/msm_gem.c | 6 drivers/gpu/drm/omapdrm/omap_gem.c | 4 drivers/gpu/drm/sun4i/sun4i_drv.c | 12 + drivers/gpu/drm/vc4/vc4_gem.c | 13 - drivers/hid/i2c-hid/i2c-hid.c | 13 + drivers/hwmon/ina2xx.c | 87 +++++--- drivers/hwtracing/coresight/coresight-tmc.c | 7 drivers/hwtracing/coresight/coresight.c | 15 + drivers/i2c/muxes/i2c-mux-reg.c | 17 + drivers/iio/adc/hi8435.c | 27 ++ drivers/iio/light/rpr0521.c | 17 + drivers/iio/magnetometer/st_magn_spi.c | 2 drivers/iio/pressure/zpa2326.c | 18 + drivers/infiniband/hw/cxgb4/cm.c | 6 drivers/infiniband/hw/hfi1/sysfs.c | 3 drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 6 drivers/infiniband/hw/i40iw/i40iw_d.h | 1 drivers/infiniband/hw/i40iw/i40iw_puda.c | 2 drivers/infiniband/sw/rdmavt/cq.c | 10 - drivers/infiniband/ulp/srpt/ib_srpt.c | 9 drivers/input/mouse/elan_i2c_core.c | 7 drivers/input/mouse/elan_i2c_i2c.c | 9 drivers/input/mouse/elantech.c | 11 + drivers/input/touchscreen/goodix.c | 8 drivers/irqchip/irq-gic-v3.c | 11 + drivers/irqchip/irq-mbigen.c | 5 drivers/isdn/mISDN/stack.c | 2 drivers/leds/leds-pca955x.c | 2 drivers/md/bcache/alloc.c | 19 + drivers/md/bcache/super.c | 6 drivers/md/md-cluster.c | 4 drivers/md/raid5.c | 17 - drivers/media/i2c/cx25840/cx25840-core.c | 36 ++- drivers/media/platform/pxa_camera.c | 14 + drivers/media/rc/mceusb.c | 9 drivers/media/v4l2-core/videobuf2-core.c | 4 drivers/misc/cxl/flash.c | 8 drivers/misc/vmw_vmci/vmci_queue_pair.c | 10 - drivers/mmc/host/sdhci-pci-core.c | 2 drivers/mmc/host/sdhci.c | 7 drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 10 - drivers/mtd/nand/nand_base.c | 5 drivers/mtd/tests/oobtest.c | 21 ++ drivers/mtd/ubi/fastmap.c | 33 ++- drivers/net/bonding/bond_main.c | 84 ++++---- drivers/net/ethernet/amazon/ena/ena_com.c | 35 ++- drivers/net/ethernet/amazon/ena/ena_netdev.c | 17 + drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 19 + drivers/net/ethernet/brocade/bna/bfa_ioc.c | 2 drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 11 + drivers/net/ethernet/chelsio/cxgb4/t4_hw.c | 32 ++- drivers/net/ethernet/chelsio/cxgb4vf/sge.c | 23 +- drivers/net/ethernet/freescale/fec_main.c | 4 drivers/net/ethernet/freescale/fsl_pq_mdio.c | 9 drivers/net/ethernet/ibm/emac/core.c | 26 ++ drivers/net/ethernet/intel/e1000e/netdev.c | 17 + drivers/net/ethernet/intel/i40evf/i40evf_virtchnl.c | 1 drivers/net/ethernet/intel/igb/igb_ptp.c | 12 + drivers/net/ethernet/marvell/sky2.c | 2 drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c | 77 ++++--- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 33 +-- drivers/net/ethernet/mellanox/mlx4/en_main.c | 4 drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 7 drivers/net/ethernet/mellanox/mlx4/mcg.c | 15 + drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 1 drivers/net/ethernet/mellanox/mlx4/qp.c | 19 + drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 17 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 10 - drivers/net/ethernet/mellanox/mlx5/core/main.c | 14 - drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c | 6 drivers/net/ethernet/qlogic/netxen/netxen_nic_ctx.c | 2 drivers/net/ethernet/qlogic/qed/qed_dev.c | 5 drivers/net/ethernet/qlogic/qed/qed_main.c | 6 drivers/net/ethernet/qlogic/qed/qed_mcp.h | 1 drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.c | 2 drivers/net/ethernet/qlogic/qlge/qlge_dbg.c | 4 drivers/net/ethernet/qualcomm/qca_spi.c | 10 - drivers/net/ethernet/realtek/r8169.c | 4 drivers/net/ethernet/renesas/sh_eth.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 15 + drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.h | 3 drivers/net/ethernet/ti/cpsw.c | 16 + drivers/net/geneve.c | 36 ++- drivers/net/hamradio/hdlcdrv.c | 2 drivers/net/macsec.c | 13 + drivers/net/phy/mdio-mux.c | 11 - drivers/net/phy/micrel.c | 42 ++-- drivers/net/phy/phy.c | 6 drivers/net/ppp/pptp.c | 1 drivers/net/team/team.c | 12 - drivers/net/usb/cdc_ncm.c | 11 - drivers/net/virtio_net.c | 16 + drivers/net/vmxnet3/vmxnet3_drv.c | 5 drivers/net/vrf.c | 8 drivers/net/vxlan.c | 2 drivers/net/wan/fsl_ucc_hdlc.c | 18 - drivers/net/wireless/ath/ath10k/bmi.h | 2 drivers/net/wireless/ath/ath10k/core.c | 16 + drivers/net/wireless/ath/ath5k/debug.c | 5 drivers/net/wireless/intel/iwlwifi/iwl-7000.c | 4 drivers/net/wireless/intel/iwlwifi/iwl-8000.c | 4 drivers/net/wireless/intel/iwlwifi/iwl-prph.h | 1 drivers/net/wireless/intel/iwlwifi/mvm/fw-dbg.c | 12 - drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 6 drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 32 ++- drivers/net/wireless/intel/iwlwifi/mvm/tt.c | 8 drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 6 drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 22 +- drivers/net/wireless/ray_cs.c | 7 drivers/net/wireless/ti/wl1251/main.c | 3 drivers/nvme/host/core.c | 4 drivers/nvme/host/pci.c | 13 - drivers/pinctrl/intel/pinctrl-baytrail.c | 6 drivers/pinctrl/meson/pinctrl-meson-gxbb.c | 1 drivers/powercap/powercap_sys.c | 1 drivers/rtc/interface.c | 9 drivers/rtc/rtc-m41t80.c | 12 + drivers/rtc/rtc-opal.c | 10 + drivers/rtc/rtc-snvs.c | 2 drivers/s390/block/dasd.c | 8 drivers/scsi/bnx2fc/bnx2fc.h | 1 drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 10 - drivers/scsi/csiostor/csio_hw.c | 5 drivers/scsi/libiscsi.c | 24 ++ drivers/scsi/libsas/sas_expander.c | 4 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 28 +- drivers/staging/wlan-ng/prism2mgmt.c | 2 drivers/thermal/power_allocator.c | 2 drivers/tty/n_gsm.c | 17 + drivers/tty/serial/8250/8250_omap.c | 4 drivers/tty/serial/sccnxp.c | 15 + drivers/tty/serial/sh-sci.c | 16 + drivers/uio/uio.c | 8 drivers/usb/chipidea/core.c | 29 ++ drivers/usb/dwc3/dwc3-keystone.c | 4 drivers/usb/host/xhci-plat.c | 1 drivers/usb/storage/ene_ub6250.c | 11 - drivers/vhost/net.c | 4 drivers/vhost/vhost.c | 17 - drivers/video/backlight/backlight.c | 15 + drivers/video/backlight/corgi_lcd.c | 2 drivers/video/backlight/tdo24m.c | 2 drivers/video/backlight/tosa_lcd.c | 2 drivers/video/fbdev/vfb.c | 17 + drivers/watchdog/Kconfig | 7 drivers/watchdog/f71808e_wdt.c | 27 ++ fs/btrfs/extent_io.c | 2 fs/cifs/file.c | 2 fs/cifs/smb2pdu.c | 14 - fs/dcache.c | 23 +- fs/ext4/file.c | 2 fs/ext4/mballoc.c | 23 +- fs/lockd/svc.c | 6 fs/nfs/flexfilelayout/flexfilelayout.c | 1 fs/nfs/nfs4proc.c | 13 + fs/nfs/nfs4state.c | 10 - fs/overlayfs/dir.c | 3 fs/overlayfs/inode.c | 12 + include/acpi/platform/acgcc.h | 10 + include/acpi/platform/acintel.h | 2 include/linux/mlx4/qp.h | 1 include/linux/mlx5/device.h | 10 - include/linux/pci.h | 6 include/linux/sched.h | 1 include/linux/skbuff.h | 8 include/net/cfg80211.h | 2 include/net/x25.h | 4 include/soc/fsl/qe/qe.h | 4 kernel/cpu.c | 13 + kernel/events/callchain.c | 6 kernel/events/core.c | 19 + kernel/pid.c | 4 kernel/sched/core.c | 2 kernel/sched/deadline.c | 98 ++++++++-- kernel/sched/fair.c | 3 mm/vmstat.c | 2 net/8021q/vlan_dev.c | 6 net/bluetooth/hci_core.c | 17 + net/ceph/osdmap.c | 1 net/core/dev.c | 4 net/core/neighbour.c | 14 + net/core/net_namespace.c | 19 + net/core/skbuff.c | 75 ++++--- net/core/sysctl_net_core.c | 2 net/hsr/hsr_forward.c | 3 net/hsr/hsr_framereg.c | 9 net/hsr/hsr_framereg.h | 2 net/ieee802154/socket.c | 8 net/ipv4/ah4.c | 8 net/ipv4/arp.c | 18 + net/ipv4/esp4.c | 13 - net/ipv4/fib_semantics.c | 20 +- net/ipv4/ip_tunnel.c | 11 - net/ipv4/ipmr.c | 18 + net/ipv4/tcp_input.c | 24 +- net/ipv6/addrconf.c | 5 net/ipv6/ah6.c | 8 net/ipv6/esp6.c | 12 - net/ipv6/ip6_gre.c | 8 net/ipv6/ip6_output.c | 20 +- net/ipv6/ip6_tunnel.c | 14 + net/ipv6/ip6_vti.c | 7 net/ipv6/route.c | 3 net/ipv6/sit.c | 9 net/key/af_key.c | 2 net/l2tp/l2tp_netlink.c | 2 net/llc/af_llc.c | 3 net/mac80211/cfg.c | 28 ++ net/mac80211/driver-ops.h | 3 net/mac80211/mlme.c | 4 net/netfilter/nf_conntrack_core.c | 39 ++- net/netfilter/nf_conntrack_netlink.c | 7 net/netlink/af_netlink.c | 3 net/rds/bind.c | 1 net/rxrpc/rxkad.c | 19 + net/sched/act_api.c | 4 net/sched/act_bpf.c | 12 - net/sched/act_skbmod.c | 3 net/sched/act_tunnel_key.c | 9 net/sctp/ipv6.c | 4 net/sctp/socket.c | 17 + net/strparser/strparser.c | 4 net/sunrpc/xprtsock.c | 7 net/x25/af_x25.c | 24 +- net/x25/sysctl_net_x25.c | 5 net/xfrm/xfrm_state.c | 2 scripts/tags.sh | 1 security/selinux/hooks.c | 10 - sound/soc/generic/simple-card.c | 2 sound/soc/intel/atom/sst/sst_stream.c | 2 sound/soc/intel/boards/cht_bsw_rt5645.c | 7 sound/soc/intel/skylake/skl-messages.c | 4 sound/soc/intel/skylake/skl-pcm.c | 4 sound/soc/sh/rcar/ssi.c | 11 - tools/perf/builtin-trace.c | 4 tools/perf/tests/code-reading.c | 20 +- tools/perf/util/dso.c | 16 + tools/perf/util/header.c | 12 + tools/perf/util/probe-event.c | 8 tools/perf/util/unwind-libdw.c | 14 + tools/perf/util/unwind-libunwind-local.c | 11 + tools/perf/util/util.c | 2 tools/testing/selftests/powerpc/tm/tm-resched-dscr.c | 2 tools/testing/selftests/seccomp/seccomp_bpf.c | 2 313 files changed, 2423 insertions(+), 917 deletions(-) A Sun (1): mceusb: sporadic RX truncation corruption fix Alan Stern (2): USB: ene_usb6250: fix first command execution USB: ene_usb6250: fix SCSI residue overwriting Alexander Potapenko (1): netlink: make sure nladdr has correct size in netlink_connect() Alexandre Belloni (2): clk: at91: fix clk-generated parenting clk: at91: fix clk-generated compilation Amir Goldstein (1): ovl: persistent inode numbers for upper hardlinks Andrea della Porta (1): staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384x_drvr_setconfig16, also fixes relative sparse warning Andy Shevchenko (1): sdhci: Advertise 2.0v supply on SDIO host controller Anilkumar Kolli (1): ath10k: add BMI parameters to fix calibration from DT/pre-cal Antony Antony (1): xfrm: fix state migration copy replay sequence numbers Anup Patel (1): async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome() Ard Biesheuvel (1): arm64: kernel: restrict /dev/mem read() calls to linear region Arjun Vynipadath (3): cxgb4: FW upgrade fixes cxgb4: Fix netdev_features flag cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages Arnd Bergmann (2): net/mlx5: avoid build warning for uniprocessor xen: avoid type warning in xchg_xen_ulong Arvind Yadav (1): dmaengine: imx-sdma: Handle return value of clk_prepare_enable Bart Van Assche (2): IB/srpt: Fix abort handling IB/srpt: Avoid that aborting a command triggers a kernel warning Bob Moore (1): ACPICA: Disassembler: Abort on an invalid/unknown AML opcode Boris Brezillon (1): mtd: nand: gpmi: Fix gpmi_nand_init() error path Bryan O'Donoghue (1): clk: Fix __set_clk_rates error print-string Chaitra P B (1): scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag. Chris Wilson (1): e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails Christian Lamparter (2): ARM: dts: qcom: ipq4019: fix i2c_0 node net: emac: fix reset timeout with AR8035 phy Christoph Hellwig (1): PCI/msi: fix the pci_alloc_irq_vectors_affinity stub Christophe JAILLET (4): SMB2: Fix share type handling ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()' drm/vc4: Fix resource leak in 'vc4_get_hang_state_ioctl()' in error handling path EDAC, mv64x60: Fix an error handling path Christophe Jaillet (1): cpuidle: dt: Add missing 'of_node_put()' Christophe Leroy (1): powerpc/8xx: fix mpc8xx_get_irq() return on no irq Colin Ian King (4): netxen_nic: set rcode to the return status from the call to netxen_issue_cmd btrfs: fix incorrect error return ret being passed to mapping_set_error ath5k: fix memory leak on buf on failed eeprom read wl1251: check return from call to wl1251_acx_arp_ip_filter Craig Dillabaugh (1): net sched actions: fix dumping which requires several messages to user space Dan Carpenter (10): ipmi_ssif: unlock on allocation failure drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests PowerCap: Fix an error code in powercap_register_zone() perf/core: Fix error handling in perf_event_alloc() block: fix an error code in add_partition() libceph: NULL deref on crush_decode() error path pNFS/flexfiles: missing error code in ff_layout_alloc_lseg() drm/amdkfd: NULL dereference involving create_process() cxl: Unlock on error in probe X.509: Fix error code in x509_cert_parse() Daniel Bristot de Oliveira (1): sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks Dave Watson (1): strparser: Fix sign of err codes David Ahern (2): net/ipv6: Fix route leaking between VRFs vrf: Fix use after free and double free in vrf_finish_output Davide Caratti (3): net/sched: fix NULL dereference in the error path of tcf_bpf_init() net/sched: fix NULL dereference in the error path of tunnel_key_init() net/sched: fix NULL dereference on the error path of tcf_skbmod_init() Dmitry Monakhov (1): bio-integrity: Do not allocate integrity context for bio w/o data Dmitry Torokhov (1): Input: elan_i2c - check if device is there before really probing Doug Berger (2): bus: brcmstb_gisb: Use register offsets with writes too bus: brcmstb_gisb: correct support for 64-bit address output Emmanuel Grumbach (1): iwlwifi: mvm: fix firmware debug restart recording Eran Ben Elisha (1): net/mlx4_en: Fix mixed PFC and Global pause user control requests Eric Dumazet (11): tcp: better validation of received ack sequences net: fix possible out-of-bound read in skb_network_protocol() pptp: remove a buggy dst release in pptp_connect() sctp: do not leak kernel memory to user space sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 net: fool proof dev_valid_name() ip_tunnel: better validate user provided tunnel names ipv6: sit: better validate user provided tunnel names ip6_gre: better validate user provided tunnel names ip6_tunnel: better validate user provided tunnel names vti6: better validate user provided tunnel names Eryu Guan (1): ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() Fabio Estevam (3): ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin ARM: dts: imx6qdl-wandboard: Fix audio channel swap net: fec: Add a fec_enet_clear_ethtool_stats() stub for CONFIG_M5272 Firo Yang (1): hdlcdrv: Fix divide by zero in hdlcdrv_ioctl Florian Westphal (1): netfilter: conntrack: don't call iter for non-confirmed conntracks Ganapatrao Kulkarni (1): arm64: perf: Ignore exclude_hv when kernel is running in HYP Ganesh Goudar (1): cxgb4: fix incorrect cim_la output for T6 Gary Bisson (1): rtc: m41t80: fix SQW dividers override when setting a date Geert Uytterhoeven (5): clk: renesas: rcar-gen2: Fix PLL0 on R-Car V2H and E2 serial: sh-sci: Fix race condition causing garbage during shutdown sh_eth: Use platform device for printing before register_netdev() ACPI: EC: Fix debugfs_create_*() usage ARM: dts: armadillo800eva: Split LCD mux and gpio Girish Moodalbail (1): geneve: add missing rx stats accounting Greg Hackmann (1): Revert "xhci: plat: Register shutdown for xhci_plat" Greg Kroah-Hartman (1): Linux 4.9.94 Grygorii Strashko (1): net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control Guoqing Jiang (1): md-cluster: fix potential lock issue in add_new_disk Gustavo A. R. Silva (2): PM / devfreq: Fix potential NULL pointer dereference in governor_store net: freescale: fix potential null pointer dereference Haim Dreyfuss (1): iwlwifi: mvm: Fix command queue number on d0i3 flow Haishuang Yan (1): sit: reload iphdr in ipip6_rcv Hangbin Liu (2): l2tp: fix missing print session offset info vlan: also check phy_driver ts_info for vlan's real device Hans de Goede (6): gpio: crystalcove: Do not write regular gpio registers for virtual GPIOs ACPI / video: Default lcd_only to true on Win8-ready and newer machines ASoC: Intel: cht_bsw_rt5645: Analog Mic support pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts HID: i2c: Call acpi_device_fix_up_power for ACPI-enumerated devices Input: goodix - disable IRQs while suspended Heiko Carstens (1): s390: move _text symbol to address higher than zero Heiner Kallweit (2): pinctrl: meson-gxbb: remove non-existing pin GPIOX_22 r8169: fix setting driver_data after register_netdev Holger Brunck (4): net/wan/fsl_ucc_hdlc: fix unitialized variable warnings net/wan/fsl_ucc_hdlc: fix incorrect memory allocation fsl/qe: add bit description for SYNL register for GUMR net/wan/fsl_ucc_hdlc: fix muram allocation error Ido Schimmel (1): mlxsw: spectrum: Avoid possible NULL pointer dereference Ido Shamay (1): net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport Ihar Hrachyshka (2): neighbour: update neigh timestamps iff update is effective arp: honour gratuitous ARP _replies_ Ivan Mikhaylov (1): powerpc/[booke|4xx]: Don't clobber TCR[WP] when setting TCR[DIE] J. Bruce Fields (1): lockd: fix lockd shutdown race Jacob Keller (2): e1000e: fix race condition around skb_tstamp_tx() igb: fix race condition with PTP_TX_IN_PROGRESS bits Jag Raman (1): sparc64: ldc abort during vds iso boot James Morse (2): KVM: arm: Restore banked registers and physical timer access on hyp_panic() KVM: arm64: Restore host physical timer access on hyp_panic() James Wang (1): Fix loop device flush before configure v3 Jan H. Schönherr (1): KVM: nVMX: Fix handling of lmsw instruction Jason A. Donenfeld (5): skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow macsec: check return value of skb_to_sgvec always ipsec: check return value of skb_to_sgvec always rxrpc: check return value of skb_to_sgvec always virtio_net: check return value of skb_to_sgvec always Jason Wang (3): vhost: correctly remove wait queue during poll failure vhost: validate log when IOTLB is enabled vhost_net: add missing lock nesting notation Jason Yan (2): scsi: libsas: fix memory leak in sas_smp_get_phy_events() scsi: libsas: fix error when getting phy events Jeff Barnhill (1): net/ipv6: Increment OUTxxx counters after netfilter hook Jesper Dangaard Brouer (1): mlx5: fix bug reading rss_hash_type from CQE Jesse Brandeburg (1): i40evf: fix merge error in older patch Jia-Ju Bai (2): qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and qlcnic_82xx_hw_read_wx_2M mISDN: Fix a sleep-in-atomic bug Jim Baxter (1): net: cdc_ncm: Fix TX zero padding Jim Mattson (1): KVM: nVMX: Update vmcs12->guest_linear_address on nested VM-exit Jiri Olsa (2): perf trace: Add mmap alias for s390 perf tools: Fix copyfile_offset update of output offset Jisheng Zhang (1): usb: chipidea: properly handle host or gadget initialization failure Johannes Berg (2): cfg80211: make RATE_INFO_BW_20 the default iwlwifi: tt: move ucode_loaded check under mutex Jon Mason (1): mdio: mux: Correct mdio_mux_init error path issues Jordan Crouse (1): drm/msm: Take the mutex before calling msm_gem_new_impl Josh Poimboeuf (1): x86/asm: Don't use RBP as a temporary register in csum_partial_copy_generic() Julia Cartwright (1): md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock Julia Lawall (1): mdio: mux: fix device_node_continue.cocci warnings KT Liao (2): Input: elantech - force relative mode on a certain module Input: elan_i2c - clear INT before resetting controller Kai-Heng Feng (1): sky2: Increase D3 delay to sky2 stops working after suspend Karicheri, Muralidharan (1): hsr: fix incorrect warning Kees Cook (4): x86/boot: Declare error() as noreturn bna: Avoid reading past end of buffer qlge: Avoid reading past end of buffer ray_cs: Avoid reading past end of buffer Kirill Tkhai (1): pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid() Konstantin Khlebnikov (1): ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors Kuninori Morimoto (1): ASoC: rsnd: SSI PIO adjust to 24bit mode Leonard Crestez (2): net: phy: micrel: Restore led_mode and clk_sel on resume ARM: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull Liam McBirnie (1): ip6_tunnel: fix traffic class routing for tunnels Lin Zhang (1): net: ieee802154: fix net_device reference release too early Linus Walleij (1): gpio: label descriptors using the device name Liping Zhang (1): netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize Lorenzo Bianconi (1): iio: magnetometer: st_magn_spi: fix spi_device_id table Luca Coelho (3): mac80211: bail out from prep_connection() if a reconfig is ongoing iwlwifi: pcie: only use d0i3 in suspend/resume if system_pm is set to d0i3 iwlwifi: fix min API version for 7265D, 3168, 8000 and 8265 Lv Zheng (2): ACPICA: OSL: Add support to exclude stdarg.h ACPICA: Events: Add runtime stub support for event APIs MaJun (1): irqchip/mbigen: Fix the clear register offset calculation Maciej Purski (1): hwmon: (ina2xx) Make calibration register value fixed Maciej S. Szmigiero (1): watchdog: f71808e_wdt: Add F71868 support Mahesh Bandewar (1): ipv6: avoid dad-failures for addresses with NODAD Marcel Holtmann (1): Bluetooth: Send HCI Set Event Mask Page 2 command only when needed Marcin Nowakowski (3): MIPS: mm: fixed mappings: correct initialisation MIPS: mm: adjust PKMAP location MIPS: kprobes: flush_insn_slot should flush only if probe initialised Mario Molitor (1): stmmac: fix ptp header for GMAC3 hw timestamp Martin Blumenstingl (1): clk: meson: meson8b: add compatibles for Meson8 and Meson8m2 Masahiro Yamada (1): mtd: nand: check ecc->total sanity in nand_scan_tail Masami Hiramatsu (1): perf probe: Add warning message if there is unexpected event name Matthias Kaehlcke (1): x86/mm/kaslr: Use the _ASM_MUL macro for multiplication to work around Clang incompatibility Maurizio Lombardi (1): scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats() Mauro Carvalho Chehab (1): media: videobuf2-core: don't go out of the buffer range Maxime Ripard (2): drm/sun4i: Ignore the generic connectors for components dt-bindings: display: sun4i: Add allwinner,tcon-channel property Michael Ellerman (4): powerpc/modules: If mprofile-kernel is enabled add it to vermagic powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash selftests/powerpc: Fix TM resched DSCR test with some compilers powerpc/spufs: Fix coredump of SPU contexts Michael Schmitz (1): fix race in drivers/char/random.c:get_reg() Mickaël Salaün (1): selftests: kselftest_harness: Fix compile warning Miguel Fadon Perlines (1): arp: fix arp_filter on l3slave devices Mike Marciniszyn (1): IB/rdmavt: Allocate CQ memory on the correct node Mikko Koivunen (1): iio: light: rpr0521 poweroff for probe fails Miklos Szeredi (1): ovl: filter trusted xattr for non-admin Milian Wolff (2): perf report: Fix off-by-one for non-activation frames perf report: Ensure the perf DSO mapping matches what libdw sees Ming Lei (3): blk-mq: fix race between updating nr_hw_queues and switching io sched nvme: fix hang in remove path blk-mq: fix kernel oops in blk_mq_tag_idle() Mintz, Yuval (1): bnx2x: Allow vfs to disable txvlan offload Miquel Raynal (1): mtd: mtd_oobtest: Handle bitflips during reads Moni Shoua (1): net/mlx4_en: Change default QoS settings Moshe Shemesh (1): net/mlx4_core: Fix memory leak while delete slave's resources Namhyung Kim (3): perf header: Set proper module name when build-id event found perf tools: Decompress kernel module when reading DSO data perf tests: Decompress kernel module before objdump Nathan Chancellor (1): virtio_net: check return value of skb_to_sgvec in one more location Neil Horman (1): vmxnet3: ensure that adapter is in proper state during force_close NeilBrown (2): VFS: close race between getcwd() and d_move() SUNRPC: ensure correct error is reported by xs_tcp_setup_socket() Netanel Belgazal (5): net: ena: fix rare uncompleted admin command false alarm net: ena: fix race condition between submit and completion admin command net: ena: add missing return when ena_com_get_io_handlers() fails net: ena: add missing unmap bars on device removal net: ena: disable admin msix while working in polling mode Nicholas Mc Guire (1): iio: pressure: zpa2326: report interrupted case as failure Nikita Yushchenko (2): iio: hi8435: avoid garbage event at first enable iio: hi8435: cleanup reset gpio Nithin Sujir (1): bonding: Don't update slave->link until ready to commit Pan Bian (3): rtc: snvs: fix an incorrect check of return value usb: dwc3: keystone: check return value cx25840: fix unchecked return values Paolo Abeni (1): ipv6: the entire IPv6 header chain must fit the first fragment Pardha Saradhi K (1): ASoC: Intel: Skylake: Disable clock gating during firmware and library download Paul Mackerras (1): KVM: PPC: Book3S PR: Check copy_to/from_user return values Peter Große (1): mac80211: Fix setting TX power on monitor interfaces Peter Rosin (1): i2c: mux: reg: put away the parent i2c adapter on probe failure Peter Zijlstra (2): x86/tsc: Provide 'tsc=unstable' boot parameter perf/core: Correct event creation with PERF_FORMAT_GROUP Petr Cvek (1): pxa_camera: fix module remove codepath for v4l2 clock Pieter \"PoroCYon\" Sluys (1): vfb: fix video mode and line_length being set when loaded Rabin Vincent (2): ubi: fastmap: Fix slab corruption CIFS: silence lockdep splat in cifs_relock_file() Rafael David Tinoco (1): scsi: libiscsi: Allow sd_shutdown on bad transport Raju Rangoju (1): RDMA/iw_cxgb4: Avoid touch after free error in ARP failure handlers Rakesh Pandit (1): nvme-pci: fix multiple ctrl removal scheduling Ram Amrani (1): qed: Correct doorbell configuration for !4Kb pages Rasmus Villemoes (1): ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node Reza Arbab (1): mm, vmstat: Remove spurious WARN() during zoneinfo print Robert Jarzmik (2): backlight: tdo24m: Fix the SPI CS between transfers tags: honor COMPILED_SOURCE with apart output directory Robin Murphy (1): coresight: tmc: Configure DMA mask appropriately Roman Kapl (1): net: move somaxconn init from sysctl code Roman Pen (1): KVM: SVM: do not zero out segment attributes if segment is unusable or not present Roopa Prabhu (1): vxlan: dont migrate permanent fdb entries during learn Russell King (1): net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support Sai Praneeth (1): x86/efi: Disable runtime services on kexec kernel if booted with efi=old_map Shahar Klein (1): net/mlx5e: Sync netdev vxlan ports at open Shanker Donthineni (1): irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry Shiraz Saleem (2): i40iw: Fix sequence number for the first partial FPDU i40iw: Correct Q1/XF object count equation Sowmini Varadhan (1): rds; Reset rs->rs_bound_addr in rds_add_bound() failure path Stanislaw Gruszka (1): rt2x00: do not pause queue unconditionally on error path Stefan Agner (1): ASoC: simple-card: fix mic jack initialization Stefan Haberland (1): s390/dasd: fix hanging safe offline Stefan Wahren (1): net: qca_spi: Fix alignment issues in rx path Steffen Klassert (1): af_key: Fix slab-out-of-bounds in pfkey_compile_policy. Stephen Smalley (1): selinux: do not check open permission on sockets Steven L. Roberts (1): RDMA/hfi1: fix array termination by appending NULL to attr array Sudeep Holla (1): clk: scpi: fix return type of __scpi_dvfs_round_rate Sudip Mukherjee (1): backlight: Report error on failure Sugar Zhang (1): ARM: dts: rockchip: fix rk322x i2s1 pinctrl error Suman Anna (2): uio: fix incorrect memory leak cleanup ARM: davinci: da8xx: Create DSP device only when assigned memory Suzuki K Poulose (1): coresight: Fix reference count for software sources Talat Batheesh (2): net/mlx4_en: Avoid adding steering rules with invalid ring net/mlx4: Fix the check in attaching steering rules Tang Junhui (2): bcache: stop writeback thread after detaching bcache: segregate flash only volume write streams Tariq Toukan (1): net/mlx5: Tolerate irq_set_affinity_hint() failures Tero Kristo (2): crypto: omap-sham - buffer handling fixes for hashing later crypto: omap-sham - fix closing of hash with separate finalize call Theodore Ts'o (1): random: use lockless method of accessing and updating f->reg_idx Thomas Bogendoerfer (1): Fix serial console on SNI RM400 machines Thomas Gleixner (1): cpuhotplug: Link lock stacks for hotplug callbacks Thomas Petazzoni (1): ata: libahci: properly propagate return value of platform_get_irq() Thomas Winter (1): ipmr: vrf: Find VIFs using the actual device Timmy Li (1): ARM64: PCI: Fix struct acpi_pci_root_ops allocation failure path Tin Huynh (1): leds: pca955x: Correct I2C Functionality Tomi Valkeinen (1): drm/omap: fix tiled buffer stride calculations Tony Lindgren (1): tty: n_gsm: Allow ADM response in addition to UA for control dlci Trond Myklebust (2): NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION NFSv4.1: Work around a Linux server bug... Vaibhav Jain (2): rtc: opal: Handle disabled TPO in opal_get_tpo_time() rtc: interface: Validate alarm-time before handling rollover Varun Prakash (1): scsi: csiostor: fix use after free in csio_hw_use_fwconfig() Vignesh R (1): serial: 8250: omap: Disable DMA for console UART Vlastimil Babka (1): sched/numa: Use down_read_trylock() for the mmap_sem Wanpeng Li (1): KVM: X86: Fix preempt the preemption timer cancel Wen Xiong (1): blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split op Will Deacon (2): perf/callchain: Force USER_DS when invoking perf_callchain_user() arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage Willem de Bruijn (1): skbuff: only inherit relevant tx_flags Xin Long (6): sctp: fix recursive locking warning in sctp_do_peeloff bonding: fix the err path for dev hwaddr sync in bond_enslave bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave bonding: process the err returned by dev_set_allmulti properly in bond_enslave route: check sysctl_fib_multipath_use_neigh earlier than hash team: move dev_mc_sync after master_upper_dev_link in team_port_add Yi Zeng (1): thermal: power_allocator: fix one race condition issue for thermal_instances list chenxiang (1): scsi: libsas: initialize sas_phy status according to response of DISCOVER linzhang (2): net: x25: fix one potential use-after-free issue net: llc: add lock_sock in llc_ui_bind to avoid a race condition sudarsana.kalluru(a)cavium.com (1): qed: Fix overriding of supported autoneg value.

7 years, 2 months

1
1
0 0

v4.9.94 build: 11 failures 0 warnings (v4.9.94)

by Build bot for Mark Brown

Tree/Branch: v4.9.94 Git describe: v4.9.94 Commit: cc0eb4dd50 Linux 4.9.94 Build Time: 0 min 25 sec Passed: 0 / 11 ( 0.00 %) Failed: 11 / 11 (100.00 %) Errors: 1 Warnings: 0 Section Mismatches: 0 Failed defconfigs: arm-allnoconfig arm64-defconfig Errors: arm-allnoconfig collect2: error: ld returned 1 exit status arm64-defconfig collect2: error: ld returned 1 exit status ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- Errors summary: 1 2 collect2: error: ld returned 1 exit status =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm-allnoconfig : FAIL, 1 errors, 0 warnings, 0 section mismatches Errors: collect2: error: ld returned 1 exit status ------------------------------------------------------------------------------- arm64-defconfig : FAIL, 1 errors, 0 warnings, 0 section mismatches Errors: collect2: error: ld returned 1 exit status ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-multi_v4t_defconfig x86_64-allnoconfig x86_64-allmodconfig

7 years, 2 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror