From: Michal Hocko <mhocko(a)suse.com>
David Rientjes has reported the following memory corruption while the
oom reaper tries to unmap the victims address space
BUG: Bad page map in process oom_reaper pte:6353826300000000 pmd:00000000
addr:00007f50cab1d000 vm_flags:08100073 anon_vma:ffff9eea335603f0 mapping: (null) index:7f50cab1d
file: (null) fault: (null) mmap: (null) readpage: (null)
CPU: 2 PID: 1001 Comm: oom_reaper
Call Trace:
[<ffffffffa4bd967d>] dump_stack+0x4d/0x70
[<ffffffffa4a03558>] unmap_page_range+0x1068/0x1130
[<ffffffffa4a2e07f>] __oom_reap_task_mm+0xd5/0x16b
[<ffffffffa4a2e226>] oom_reaper+0xff/0x14c
[<ffffffffa48d6ad1>] kthread+0xc1/0xe0
Tetsuo Handa has noticed that the synchronization inside exit_mmap is
insufficient. We only synchronize with the oom reaper if tsk_is_oom_victim
which is not true if the final __mmput is called from a different context
than the oom victim exit path. This can trivially happen from context of
any task which has grabbed mm reference (e.g. to read /proc/<pid>/ file
which requires mm etc.). The race would look like this
oom_reaper oom_victim task
mmget_not_zero
do_exit
mmput
__oom_reap_task_mm mmput
__mmput
exit_mmap
remove_vma
unmap_page_range
Fix this issue by providing a new mm_is_oom_victim() helper which operates
on the mm struct rather than a task. Any context which operates on a remote
mm struct should use this helper in place of tsk_is_oom_victim. The flag is
set in mark_oom_victim and never cleared so it is stable in the exit_mmap
path.
Changes since v1
- set MMF_OOM_SKIP in exit_mmap only for the oom mm as suggested by
Tetsuo because there is no reason to set the flag unless we are
synchronizing with the oom reaper.
- do not modify values of other MMF_ flags and add MMF_OOM_VICTIM
as the last one as requested by David Rientjes because they have
"automated tools that look at specific bits in mm->flags and it would
be nice to not have them be inconsistent between kernel versions.
Not absolutely required, but nice to avoid"
Reported-by: David Rientjes <rientjes(a)google.com>
Debugged-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp>
Fixes: 212925802454 ("mm: oom: let oom_reap_task and exit_mmap run concurrently")
Cc: stable # 4.14
Acked-by: David Rientjes <rientjes(a)google.com>
Signed-off-by: Michal Hocko <mhocko(a)suse.com>
---
Hi,
this patch fixes issue reported by David [1][2].
[1] http://lkml.kernel.org/r/alpine.DEB.2.10.1712051824050.91099@chino.kir.corp…
[2] http://lkml.kernel.org/r/alpine.DEB.2.10.1712071315570.135101@chino.kir.cor…
include/linux/oom.h | 9 +++++++++
include/linux/sched/coredump.h | 1 +
mm/mmap.c | 10 +++++-----
mm/oom_kill.c | 4 +++-
4 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/include/linux/oom.h b/include/linux/oom.h
index 27cd36b762b5..c4139e79771d 100644
--- a/include/linux/oom.h
+++ b/include/linux/oom.h
@@ -77,6 +77,15 @@ static inline bool tsk_is_oom_victim(struct task_struct * tsk)
return tsk->signal->oom_mm;
}
+/*
+ * Use this helper if tsk->mm != mm and the victim mm needs a special
+ * handling. This is guaranteed to stay true after once set.
+ */
+static inline bool mm_is_oom_victim(struct mm_struct *mm)
+{
+ return test_bit(MMF_OOM_VICTIM, &mm->flags);
+}
+
/*
* Checks whether a page fault on the given mm is still reliable.
* This is no longer true if the oom reaper started to reap the
diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h
index 9c8847395b5e..ec912d01126f 100644
--- a/include/linux/sched/coredump.h
+++ b/include/linux/sched/coredump.h
@@ -70,6 +70,7 @@ static inline int get_dumpable(struct mm_struct *mm)
#define MMF_UNSTABLE 22 /* mm is unstable for copy_from_user */
#define MMF_HUGE_ZERO_PAGE 23 /* mm has ever used the global huge zero page */
#define MMF_DISABLE_THP 24 /* disable THP for all VMAs */
+#define MMF_OOM_VICTIM 25 /* mm is the oom victim */
#define MMF_DISABLE_THP_MASK (1 << MMF_DISABLE_THP)
#define MMF_INIT_MASK (MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK |\
diff --git a/mm/mmap.c b/mm/mmap.c
index 476e810cf100..0de87a376aaa 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -3004,20 +3004,20 @@ void exit_mmap(struct mm_struct *mm)
/* Use -1 here to ensure all VMAs in the mm are unmapped */
unmap_vmas(&tlb, vma, 0, -1);
- set_bit(MMF_OOM_SKIP, &mm->flags);
- if (unlikely(tsk_is_oom_victim(current))) {
+ if (unlikely(mm_is_oom_victim(mm))) {
/*
* Wait for oom_reap_task() to stop working on this
* mm. Because MMF_OOM_SKIP is already set before
* calling down_read(), oom_reap_task() will not run
* on this "mm" post up_write().
*
- * tsk_is_oom_victim() cannot be set from under us
- * either because current->mm is already set to NULL
+ * mm_is_oom_victim() cannot be set from under us
+ * either because victim->mm is already set to NULL
* under task_lock before calling mmput and oom_mm is
- * set not NULL by the OOM killer only if current->mm
+ * set not NULL by the OOM killer only if victim->mm
* is found not NULL while holding the task_lock.
*/
+ set_bit(MMF_OOM_SKIP, &mm->flags);
down_write(&mm->mmap_sem);
up_write(&mm->mmap_sem);
}
diff --git a/mm/oom_kill.c b/mm/oom_kill.c
index 3b0d0fed8480..e4d290b6804b 100644
--- a/mm/oom_kill.c
+++ b/mm/oom_kill.c
@@ -666,8 +666,10 @@ static void mark_oom_victim(struct task_struct *tsk)
return;
/* oom_mm is bound to the signal struct life time. */
- if (!cmpxchg(&tsk->signal->oom_mm, NULL, mm))
+ if (!cmpxchg(&tsk->signal->oom_mm, NULL, mm)) {
mmgrab(tsk->signal->oom_mm);
+ set_bit(MMF_OOM_VICTIM, &mm->flags);
+ }
/*
* Make sure that the task is woken up from uninterruptible sleep
--
2.15.0
This is a note to let you know that I've just added the patch titled
usb: dwc2: Improve gadget state disconnection handling
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
usb-dwc2-improve-gadget-state-disconnection-handling.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From d2471d4a24dfbff5e463d382e2c6fec7d7e25a09 Mon Sep 17 00:00:00 2001
From: John Stultz <john.stultz(a)linaro.org>
Date: Mon, 23 Oct 2017 14:32:48 -0700
Subject: usb: dwc2: Improve gadget state disconnection handling
From: John Stultz <john.stultz(a)linaro.org>
commit d2471d4a24dfbff5e463d382e2c6fec7d7e25a09 upstream.
In the earlier commit dad3f793f20f ("usb: dwc2: Make sure we
disconnect the gadget state"), I was trying to fix up the
fact that we somehow weren't disconnecting the gadget state,
so that when the OTG port was plugged in the second time we
would get warnings about the state tracking being wrong.
(This seems to be due to a quirk of the HiKey board where
we do not ever get any otg interrupts, particularly the session
end detected signal. Instead we only see status change
interrupt.)
The fix there was somewhat simple, as it just made sure to
call dwc2_hsotg_disconnect() before we connected things up
in OTG mode, ensuring the state handling didn't throw errors.
But in looking at a different issue I was seeing with UDC
state handling, I realized that it would be much better
to call dwc2_hsotg_disconnect when we get the state change
signal moving to host mode.
Thus, this patch removes the earlier disconnect call I added
and moves it (and the needed locking) to the host mode
transition.
Cc: Wei Xu <xuwei5(a)hisilicon.com>
Cc: Guodong Xu <guodong.xu(a)linaro.org>
Cc: Amit Pundir <amit.pundir(a)linaro.org>
Cc: YongQin Liu <yongqin.liu(a)linaro.org>
Cc: John Youn <johnyoun(a)synopsys.com>
Cc: Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com>
Cc: Douglas Anderson <dianders(a)chromium.org>
Cc: Chen Yu <chenyu56(a)huawei.com>
Cc: Felipe Balbi <felipe.balbi(a)linux.intel.com>
Cc: linux-usb(a)vger.kernel.org
Acked-by: Minas Harutyunyan <hminas(a)synopsys.com>
Tested-by: Minas Harutyunyan <hminas(a)synopsys.com>
Signed-off-by: John Stultz <john.stultz(a)linaro.org>
Signed-off-by: Felipe Balbi <felipe.balbi(a)linux.intel.com>
Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/usb/dwc2/hcd.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/usb/dwc2/hcd.c
+++ b/drivers/usb/dwc2/hcd.c
@@ -3277,7 +3277,6 @@ static void dwc2_conn_id_status_change(s
dwc2_core_init(hsotg, false);
dwc2_enable_global_interrupts(hsotg);
spin_lock_irqsave(&hsotg->lock, flags);
- dwc2_hsotg_disconnect(hsotg);
dwc2_hsotg_core_init_disconnected(hsotg, false);
spin_unlock_irqrestore(&hsotg->lock, flags);
dwc2_hsotg_core_connect(hsotg);
@@ -3296,8 +3295,12 @@ host:
if (count > 250)
dev_err(hsotg->dev,
"Connection id status change timed out\n");
- hsotg->op_state = OTG_STATE_A_HOST;
+ spin_lock_irqsave(&hsotg->lock, flags);
+ dwc2_hsotg_disconnect(hsotg);
+ spin_unlock_irqrestore(&hsotg->lock, flags);
+
+ hsotg->op_state = OTG_STATE_A_HOST;
/* Initialize the Core for Host mode */
dwc2_core_init(hsotg, false);
dwc2_enable_global_interrupts(hsotg);
Patches currently in stable-queue which might be from john.stultz(a)linaro.org are
queue-4.14/usb-dwc2-improve-gadget-state-disconnection-handling.patch
This is a note to let you know that I've just added the patch titled
xen-netfront: avoid crashing on resume after a failure in talk_to_netback()
to the 4.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch
and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From d86b5672b1adb98b4cdd6fbf0224bbfb03db6e2e Mon Sep 17 00:00:00 2001
From: Vitaly Kuznetsov <vkuznets(a)redhat.com>
Date: Thu, 11 May 2017 13:58:06 +0200
Subject: xen-netfront: avoid crashing on resume after a failure in talk_to_netback()
From: Vitaly Kuznetsov <vkuznets(a)redhat.com>
commit d86b5672b1adb98b4cdd6fbf0224bbfb03db6e2e upstream.
Unavoidable crashes in netfront_resume() and netback_changed() after a
previous fail in talk_to_netback() (e.g. when we fail to read MAC from
xenstore) were discovered. The failure path in talk_to_netback() does
unregister/free for netdev but we don't reset drvdata and we try accessing
it after resume.
Fix the bug by removing the whole xen device completely with
device_unregister(), this guarantees we won't have any calls into netfront
after a failure.
Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/net/xen-netfront.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -1958,8 +1958,7 @@ abort_transaction_no_dev_fatal:
xennet_disconnect_backend(info);
xennet_destroy_queues(info);
out:
- unregister_netdev(info->netdev);
- xennet_free_netdev(info->netdev);
+ device_unregister(&dev->dev);
return err;
}
Patches currently in stable-queue which might be from vkuznets(a)redhat.com are
queue-4.9/xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch
This is a note to let you know that I've just added the patch titled
xen-netfront: avoid crashing on resume after a failure in talk_to_netback()
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From d86b5672b1adb98b4cdd6fbf0224bbfb03db6e2e Mon Sep 17 00:00:00 2001
From: Vitaly Kuznetsov <vkuznets(a)redhat.com>
Date: Thu, 11 May 2017 13:58:06 +0200
Subject: xen-netfront: avoid crashing on resume after a failure in talk_to_netback()
From: Vitaly Kuznetsov <vkuznets(a)redhat.com>
commit d86b5672b1adb98b4cdd6fbf0224bbfb03db6e2e upstream.
Unavoidable crashes in netfront_resume() and netback_changed() after a
previous fail in talk_to_netback() (e.g. when we fail to read MAC from
xenstore) were discovered. The failure path in talk_to_netback() does
unregister/free for netdev but we don't reset drvdata and we try accessing
it after resume.
Fix the bug by removing the whole xen device completely with
device_unregister(), this guarantees we won't have any calls into netfront
after a failure.
Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
Cc: Ben Hutchings <ben.hutchings(a)codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/net/xen-netfront.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/net/xen-netfront.c
+++ b/drivers/net/xen-netfront.c
@@ -1944,8 +1944,7 @@ abort_transaction_no_dev_fatal:
xennet_disconnect_backend(info);
xennet_destroy_queues(info);
out:
- unregister_netdev(info->netdev);
- xennet_free_netdev(info->netdev);
+ device_unregister(&dev->dev);
return err;
}
Patches currently in stable-queue which might be from vkuznets(a)redhat.com are
queue-4.4/xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch
On Fri, Dec 08, 2017 at 12:00:47PM -0800, Kevin Hilman wrote:
> kernelci.org bot <bot(a)kernelci.org> writes:
>
> > stable-rc/linux-4.4.y boot: 122 boots: 2 failed, 106 passed with 12 offline, 2 conflicts (v4.4.104-50-gffc1d3fcd46a)
> >
> > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.4.y/kernel/v4.4.…
> > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.4.y/kernel/v4.4.104-50-…
> >
> > Tree: stable-rc
> > Branch: linux-4.4.y
> > Git Describe: v4.4.104-50-gffc1d3fcd46a
> > Git Commit: ffc1d3fcd46a59815958ce25e4e70da1a8a5799d
> > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
> > Tested: 62 unique boards, 20 SoC families, 18 builds out of 182
> >
> > Boot Regressions Detected:
> >
> > arm:
> >
> > exynos_defconfig:
> > exynos5422-odroidxu3:
> > lab-collabora: failing since 31 days (last pass: v4.4.95-21-g32458fcb7bd6 - first fail: v4.4.96-41-g336421367b9c)
> > exynos5422-odroidxu3_rootfs:nfs:
> > lab-collabora: failing since 23 days (last pass: v4.4.95-21-g32458fcb7bd6 - first fail: v4.4.97-57-g528c687b455d)
>
> TL;DR; All is well.
>
> These two are passing in another lab, so this is a board/lab setup issue
> under. Guillaume (Cc'd) is investigating.
I figured with a lab that was failing for that long, I didn't need to
worry about it.
thanks,
greg k-h
> Kevin
This is the start of the stable review cycle for the 4.4.103 release.
There are 96 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu Nov 30 10:04:41 UTC 2017.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.103-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 4.4.103-rc1
Juergen Gross <jgross(a)suse.com>
xen: xenbus driver must not accept invalid transaction ids
Heiko Carstens <heiko.carstens(a)de.ibm.com>
s390/kbuild: enable modversions for symbols exported from asm
Richard Fitzgerald <rf(a)opensource.wolfsonmicro.com>
ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data
Pan Bian <bianpan2016(a)163.com>
btrfs: return the actual error value from from btrfs_uuid_tree_iterate
Colin Ian King <colin.king(a)canonical.com>
ASoC: rsnd: don't double free kctrl
Florian Westphal <fw(a)strlen.de>
netfilter: nf_tables: fix oob access
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nft_queue: use raw_smp_processor_id()
Geert Uytterhoeven <geert(a)linux-m68k.org>
spi: SPI_FSL_DSPI should depend on HAS_DMA
Pan Bian <bianpan2016(a)163.com>
staging: iio: cdc: fix improper return value
Pan Bian <bianpan2016(a)163.com>
iio: light: fix improper return value
Masashi Honma <masashi.honma(a)gmail.com>
mac80211: Suppress NEW_PEER_CANDIDATE event if no room
Masashi Honma <masashi.honma(a)gmail.com>
mac80211: Remove invalid flag operations in mesh TSF synchronization
Chris Wilson <chris(a)chris-wilson.co.uk>
drm: Apply range restriction after color adjustment when allocation
Gabriele Mazzotta <gabriele.mzt(a)gmail.com>
ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE
Bartosz Markowski <bartosz.markowski(a)tieto.com>
ath10k: set CTS protection VDEV param only if VDEV is up
Christian Lamparter <chunkeey(a)googlemail.com>
ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats()
Ryan Hsu <ryanhsu(a)qca.qualcomm.com>
ath10k: ignore configuring the incorrect board_id
Ryan Hsu <ryanhsu(a)qca.qualcomm.com>
ath10k: fix incorrect txpower set by P2P_DEVICE interface
Daniel Vetter <daniel.vetter(a)ffwll.ch>
drm/armada: Fix compile fail
Thomas Preisner <thomas.preisner+linux(a)fau.de>
net: 3com: typhoon: typhoon_init_one: fix incorrect return values
Thomas Preisner <thomas.preisner+linux(a)fau.de>
net: 3com: typhoon: typhoon_init_one: make return values more specific
David Ahern <dsa(a)cumulusnetworks.com>
net: Allow IP_MULTICAST_IF to set index to L3 slave
Shawn Guo <shawn.guo(a)linaro.org>
dmaengine: zx: set DMA_CYCLIC cap_mask bit
Bjorn Helgaas <bhelgaas(a)google.com>
PCI: Apply _HPX settings only to relevant devices
Santosh Shilimkar <santosh.shilimkar(a)oracle.com>
RDS: RDMA: return appropriate error on rdma map failures
Benjamin Poirier <bpoirier(a)suse.com>
e1000e: Separate signaling for link check/link up
Benjamin Poirier <bpoirier(a)suse.com>
e1000e: Fix return value test
Benjamin Poirier <bpoirier(a)suse.com>
e1000e: Fix error path in link detection
Tobias Jordan <Tobias.Jordan(a)elektrobit.com>
PM / OPP: Add missing of_node_put(np)
Tuomas Tynkkynen <tuomas(a)tuxera.com>
net/9p: Switch to wait_event_killable()
Eric Biggers <ebiggers(a)google.com>
fscrypt: lock mutex before checking for bounce page pool
Steven Rostedt (Red Hat) <rostedt(a)goodmis.org>
sched/rt: Simplify the IPI based RT balancing logic
Ricardo Ribalda Delgado <ricardo.ribalda(a)gmail.com>
media: v4l2-ctrl: Fix flags field on Control events
Johan Hovold <johan(a)kernel.org>
cx231xx-cards: fix NULL-deref on missing association descriptor
Sean Young <sean(a)mess.org>
media: rc: check for integer overflow
Michele Baldessari <michele(a)acksyn.org>
media: Don't do DMA on stack for firmware upload in the AS102 driver
Naveen N. Rao <naveen.n.rao(a)linux.vnet.ibm.com>
powerpc/signal: Properly handle return value from uprobe_deny_signal()
John David Anglin <dave.anglin(a)bell.net>
parisc: Fix validity check of pointer size argument in new CAS implementation
Brian King <brking(a)linux.vnet.ibm.com>
ixgbe: Fix skb list corruption on Power systems
Brian King <brking(a)linux.vnet.ibm.com>
fm10k: Use smp_rmb rather than read_barrier_depends
Brian King <brking(a)linux.vnet.ibm.com>
i40evf: Use smp_rmb rather than read_barrier_depends
Brian King <brking(a)linux.vnet.ibm.com>
ixgbevf: Use smp_rmb rather than read_barrier_depends
Brian King <brking(a)linux.vnet.ibm.com>
igbvf: Use smp_rmb rather than read_barrier_depends
Brian King <brking(a)linux.vnet.ibm.com>
igb: Use smp_rmb rather than read_barrier_depends
Brian King <brking(a)linux.vnet.ibm.com>
i40e: Use smp_rmb rather than read_barrier_depends
Johan Hovold <johan(a)kernel.org>
NFC: fix device-allocation error return
Bart Van Assche <bart.vanassche(a)wdc.com>
IB/srp: Avoid that a cable pull can trigger a kernel crash
Bart Van Assche <bart.vanassche(a)wdc.com>
IB/srpt: Do not accept invalid initiator port names
Dan Williams <dan.j.williams(a)intel.com>
libnvdimm, namespace: make 'resource' attribute only readable by root
Dan Williams <dan.j.williams(a)intel.com>
libnvdimm, namespace: fix label initialization to use valid seq numbers
Johan Hovold <johan(a)kernel.org>
clk: ti: dra7-atl-clock: fix child-node lookups
Peter Ujfalusi <peter.ujfalusi(a)ti.com>
clk: ti: dra7-atl-clock: Fix of_node reference counting
Trond Myklebust <trond.myklebust(a)primarydata.com>
SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status
Paolo Bonzini <pbonzini(a)redhat.com>
KVM: SVM: obey guest PAT
Ladi Prosek <lprosek(a)redhat.com>
KVM: nVMX: set IDTR and GDTR limits when loading L1 host state
Nicholas Bellinger <nab(a)linux-iscsi.org>
target: Fix QUEUE_FULL + SCSI task attribute handling
Nicholas Bellinger <nab(a)linux-iscsi.org>
iscsi-target: Fix non-immediate TMR reference leak
Tuomas Tynkkynen <tuomas(a)tuxera.com>
fs/9p: Compare qid.path in v9fs_test_inode
Al Viro <viro(a)zeniv.linux.org.uk>
fix a page leak in vhost_scsi_iov_to_sgl() error recovery
Kailang Yang <kailang(a)realtek.com>
ALSA: hda/realtek - Fix ALC700 family no sound issue
Takashi Iwai <tiwai(a)suse.de>
ALSA: timer: Remove kernel warning at compat ioctl error paths
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Add sanity checks in v2 clock parsers
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Add sanity checks to FE parser
Henrik Eriksson <henrik.eriksson(a)axis.com>
ALSA: pcm: update tstamp only if audio_tstamp changed
Theodore Ts'o <tytso(a)mit.edu>
ext4: fix interaction between i_size, fallocate, and delalloc after a crash
Rameshwar Prasad Sahu <rsahu(a)apm.com>
ata: fixes kernel crash while tracing ata_eh_link_autopsy event
Arnd Bergmann <arnd(a)arndb.de>
rtlwifi: fix uninitialized rtlhal->last_suspend_sec time
Larry Finger <Larry.Finger(a)lwfinger.net>
rtlwifi: rtl8192ee: Fix memory leak when loading firmware
Andrew Elble <aweits(a)rit.edu>
nfsd: deal with revoked delegations appropriately
Chuck Lever <chuck.lever(a)oracle.com>
nfs: Fix ugly referral attributes
Joshua Watt <jpewhacker(a)gmail.com>
NFS: Fix typo in nomigration mount option
Arnd Bergmann <arnd(a)arndb.de>
isofs: fix timestamps beyond 2027
Coly Li <colyli(a)suse.de>
bcache: check ca->alloc_thread initialized before wake up it
Dan Carpenter <dan.carpenter(a)oracle.com>
eCryptfs: use after free in ecryptfs_release_messaging()
Andreas Rohner <andreas.rohner(a)gmx.net>
nilfs2: fix race condition that causes file system corruption
NeilBrown <neilb(a)suse.com>
autofs: don't fail mount for transient error
Mirko Parthey <mirko.parthey(a)web.de>
MIPS: BCM47XX: Fix LED inversion for WRT54GSv1
Maciej W. Rozycki <macro(a)mips.com>
MIPS: Fix an n32 core file generation regset support regression
Hou Tao <houtao1(a)huawei.com>
dm: fix race between dm_get_from_kobject() and __dm_destroy()
Eric Biggers <ebiggers(a)google.com>
dm bufio: fix integer overflow when limiting maximum cache size
Vijendar Mukunda <Vijendar.Mukunda(a)amd.com>
ALSA: hda: Add Raven PCI ID
Mathias Kresin <dev(a)kresin.me>
MIPS: ralink: Fix typo in mt7628 pinmux function
Mathias Kresin <dev(a)kresin.me>
MIPS: ralink: Fix MT7628 pinmux
Philip Derrin <philip(a)cog.systems>
ARM: 8721/1: mm: dump: check hardware RO bit for LPAE
Philip Derrin <philip(a)cog.systems>
ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
Masami Hiramatsu <mhiramat(a)kernel.org>
x86/decoder: Add new TEST instruction pattern
Eric Biggers <ebiggers(a)google.com>
lib/mpi: call cond_resched() from mpi_powm() loop
Paul E. McKenney <paulmck(a)linux.vnet.ibm.com>
sched: Make resched_cpu() unconditional
WANG Cong <xiyou.wangcong(a)gmail.com>
vsock: use new wait API for vsock_stream_sendmsg()
Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com>
AF_VSOCK: Shrink the area influenced by prepare_to_wait
WANG Cong <xiyou.wangcong(a)gmail.com>
ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER
Vasily Gorbik <gor(a)linux.vnet.ibm.com>
s390/disassembler: increase show_code buffer size
Heiko Carstens <heiko.carstens(a)de.ibm.com>
s390/disassembler: add missing end marker for e7 table
Heiko Carstens <heiko.carstens(a)de.ibm.com>
s390/runtime instrumention: fix possible memory corruption
Heiko Carstens <heiko.carstens(a)de.ibm.com>
s390: fix transactional execution control register handling
-------------
Diffstat:
Makefile | 4 +-
arch/arm/mm/dump.c | 4 +-
arch/arm/mm/init.c | 4 +-
arch/mips/bcm47xx/leds.c | 2 +-
arch/mips/kernel/ptrace.c | 17 ++
arch/mips/ralink/mt7620.c | 4 +-
arch/parisc/kernel/syscall.S | 6 +-
arch/powerpc/kernel/signal.c | 2 +-
arch/s390/include/asm/asm-prototypes.h | 8 +
arch/s390/include/asm/switch_to.h | 2 +-
arch/s390/kernel/dis.c | 5 +-
arch/s390/kernel/early.c | 4 +-
arch/s390/kernel/process.c | 1 +
arch/s390/kernel/runtime_instr.c | 4 +-
arch/x86/kvm/svm.c | 7 +
arch/x86/kvm/vmx.c | 2 +
arch/x86/lib/x86-opcode-map.txt | 2 +-
drivers/ata/libata-eh.c | 2 +-
drivers/base/power/opp/core.c | 1 +
drivers/clk/ti/clk-dra7-atl.c | 3 +-
drivers/dma/zx296702_dma.c | 1 +
drivers/gpu/drm/armada/Makefile | 2 +
drivers/gpu/drm/drm_mm.c | 16 +-
drivers/iio/light/cm3232.c | 2 +-
drivers/infiniband/ulp/srp/ib_srp.c | 25 ++-
drivers/infiniband/ulp/srpt/ib_srpt.c | 9 +-
drivers/md/bcache/alloc.c | 3 +-
drivers/md/dm-bufio.c | 15 +-
drivers/md/dm.c | 12 +-
drivers/media/rc/ir-lirc-codec.c | 9 +-
drivers/media/usb/as102/as102_fw.c | 28 ++-
drivers/media/usb/cx231xx/cx231xx-cards.c | 2 +-
drivers/media/v4l2-core/v4l2-ctrls.c | 16 +-
drivers/net/ethernet/3com/typhoon.c | 25 ++-
drivers/net/ethernet/intel/e1000e/mac.c | 11 +-
drivers/net/ethernet/intel/e1000e/netdev.c | 4 +-
drivers/net/ethernet/intel/e1000e/phy.c | 7 +-
drivers/net/ethernet/intel/fm10k/fm10k_main.c | 2 +-
drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +-
drivers/net/ethernet/intel/i40e/i40e_txrx.c | 2 +-
drivers/net/ethernet/intel/i40evf/i40e_txrx.c | 2 +-
drivers/net/ethernet/intel/igb/igb_main.c | 2 +-
drivers/net/ethernet/intel/igbvf/netdev.c | 2 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +-
drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 2 +-
drivers/net/wireless/ath/ath10k/core.c | 5 +-
drivers/net/wireless/ath/ath10k/mac.c | 58 ++++-
drivers/net/wireless/ath/ath10k/wmi-tlv.c | 12 +-
.../net/wireless/realtek/rtlwifi/rtl8192ee/fw.c | 6 +-
.../net/wireless/realtek/rtlwifi/rtl8821ae/hw.c | 1 +
drivers/nvdimm/label.c | 2 +-
drivers/nvdimm/namespace_devs.c | 2 +-
drivers/pci/probe.c | 15 +-
drivers/spi/Kconfig | 1 +
drivers/staging/iio/cdc/ad7150.c | 2 +-
drivers/target/iscsi/iscsi_target.c | 8 +-
drivers/target/target_core_transport.c | 4 +
drivers/vhost/scsi.c | 5 +-
drivers/xen/xenbus/xenbus_dev_frontend.c | 2 +-
fs/9p/vfs_inode.c | 3 +
fs/9p/vfs_inode_dotl.c | 3 +
fs/autofs4/waitq.c | 15 +-
fs/btrfs/uuid-tree.c | 4 +-
fs/ecryptfs/messaging.c | 7 +-
fs/ext4/crypto_key.c | 8 +-
fs/ext4/extents.c | 6 +-
fs/isofs/isofs.h | 2 +-
fs/isofs/rock.h | 2 +-
fs/isofs/util.c | 2 +-
fs/nfs/nfs4proc.c | 18 +-
fs/nfs/super.c | 2 +-
fs/nfsd/nfs4state.c | 25 ++-
fs/nilfs2/segment.c | 6 +-
include/trace/events/sunrpc.h | 17 +-
kernel/sched/core.c | 9 +-
kernel/sched/rt.c | 235 ++++++++++-----------
kernel/sched/sched.h | 24 ++-
lib/mpi/mpi-pow.c | 2 +
net/9p/client.c | 3 +-
net/9p/trans_virtio.c | 13 +-
net/ipv4/ip_sockglue.c | 7 +-
net/ipv6/ipv6_sockglue.c | 16 +-
net/ipv6/route.c | 6 +-
net/mac80211/ieee80211_i.h | 1 -
net/mac80211/mesh.c | 3 -
net/mac80211/mesh_plink.c | 14 +-
net/mac80211/mesh_sync.c | 11 -
net/netfilter/nf_tables_api.c | 2 +-
net/netfilter/nft_queue.c | 2 +-
net/nfc/core.c | 2 +-
net/rds/send.c | 11 +-
net/vmw_vsock/af_vsock.c | 167 ++++++++-------
sound/core/pcm_lib.c | 6 +-
sound/core/timer_compat.c | 12 +-
sound/pci/hda/hda_intel.c | 3 +
sound/pci/hda/patch_realtek.c | 4 +-
sound/soc/codecs/wm_adsp.c | 25 ++-
sound/soc/sh/rcar/core.c | 4 +-
sound/usb/clock.c | 9 +-
sound/usb/mixer.c | 15 +-
100 files changed, 699 insertions(+), 437 deletions(-)