diff options
author | Srinivasarao P <spathi@codeaurora.org> | 2019-02-22 12:12:15 +0530 |
---|---|---|
committer | Srinivasarao P <spathi@codeaurora.org> | 2019-02-22 12:13:06 +0530 |
commit | 119c43587e314ff2ed171b2b5acf70ebd5fbd156 (patch) | |
tree | 7b1012030cee1fd0bd8a31b88f55463320747876 /kernel | |
parent | a59cdc9c30cdb2c743af13aad2ea1917900787f6 (diff) | |
parent | 08d58678a972c6d3c274dca3b8c4eaa9fdf73e03 (diff) |
Merge android-4.4.175 (08d5867) into msm-4.4
* refs/heads/tmp-08d5867
Linux 4.4.175
uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define
pinctrl: msm: fix gpio-hog related boot issues
usb: dwc2: Remove unnecessary kfree
kaweth: use skb_cow_head() to deal with cloned skbs
ch9200: use skb_cow_head() to deal with cloned skbs
smsc95xx: Use skb_cow_head to deal with cloned skbs
dm thin: fix bug where bio that overwrites thin block ignores FUA
x86/a.out: Clear the dump structure initially
signal: Restore the stop PTRACE_EVENT_EXIT
x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls
tracing/uprobes: Fix output for multiple string arguments
alpha: Fix Eiger NR_IRQS to 128
alpha: fix page fault handling for r16-r18 targets
Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780
Input: bma150 - register input device after setting private data
ALSA: usb-audio: Fix implicit fb endpoint setup by quirk
ALSA: hda - Add quirk for HP EliteBook 840 G5
perf/core: Fix impossible ring-buffer sizes warning
Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK
Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G"
Documentation/network: reword kernel version reference
cifs: Limit memory used by lock request calls to a page
gpio: pl061: handle failed allocations
ARM: dts: kirkwood: Fix polarity of GPIO fan lines
ARM: dts: da850-evm: Correct the sound card name
uapi/if_ether.h: prevent redefinition of struct ethhdr
Revert "exec: load_script: don't blindly truncate shebang string"
batman-adv: Force mac header to start of data on xmit
batman-adv: Avoid WARN on net_device without parent in netns
xfrm: refine validation of template and selector families
libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()
Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)"
NFC: nxp-nci: Include unaligned.h instead of access_ok.h
HID: debug: fix the ring buffer implementation
drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user
drm/vmwgfx: Fix setting of dma masks
drm/modes: Prevent division by zero htotal
mac80211: ensure that mgmt tx skbs have tailroom for encryption
ARM: iop32x/n2100: fix PCI IRQ mapping
MIPS: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds
MIPS: OCTEON: don't set octeon_dma_bar_type if PCI is disabled
mips: cm: reprime error cause
debugfs: fix debugfs_rename parameter checking
misc: vexpress: Off by one in vexpress_syscfg_exec()
signal: Better detection of synchronous signals
signal: Always notice exiting tasks
mtd: rawnand: gpmi: fix MX28 bus master lockup problem
perf tests evsel-tp-sched: Fix bitwise operator
perf/core: Don't WARN() for impossible ring-buffer sizes
x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out()
perf/x86/intel/uncore: Add Node ID mask
KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
usb: gadget: udc: net2272: Fix bitwise and boolean operations
usb: phy: am335x: fix race condition in _probe
dmaengine: imx-dma: fix wrong callback invoke
fuse: handle zero sized retrieve correctly
fuse: decrement NR_WRITEBACK_TEMP on the right page
fuse: call pipe_buf_release() under pipe lock
ALSA: hda - Serialize codec registrations
ALSA: compress: Fix stop handling on compressed capture streams
net: dsa: slave: Don't propagate flag changes on down slave interfaces
net: systemport: Fix WoL with password after deep sleep
skge: potential memory corruption in skge_get_regs()
net: dp83640: expire old TX-skb
enic: fix checksum validation for IPv6
dccp: fool proof ccid_hc_[rt]x_parse_options()
string: drop __must_check from strscpy() and restore strscpy() usages in cgroup
tipc: use destination length for copy string
test_hexdump: use memcpy instead of strncpy
thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set
exec: load_script: don't blindly truncate shebang string
fs/epoll: drop ovflist branch prediction
kernel/hung_task.c: break RCU locks based on jiffies
HID: lenovo: Add checks to fix of_led_classdev_register
block/swim3: Fix -EBUSY error when re-opening device after unmount
gdrom: fix a memory leak bug
isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw()
ocfs2: don't clear bh uptodate for block read
scripts/decode_stacktrace: only strip base path when a prefix of the path
niu: fix missing checks of niu_pci_eeprom_read
um: Avoid marking pages with "changed protection"
cifs: check ntwrk_buf_start for NULL before dereferencing it
crypto: ux500 - Use proper enum in hash_set_dma_transfer
crypto: ux500 - Use proper enum in cryp_set_dma_transfer
seq_buf: Make seq_buf_puts() null-terminate the buffer
hwmon: (lm80) fix a missing check of bus read in lm80 probe
hwmon: (lm80) fix a missing check of the status of SMBus read
NFS: nfs_compare_mount_options always compare auth flavors.
KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
fbdev: fbcon: Fix unregister crash when more than one framebuffer
igb: Fix an issue that PME is not enabled during runtime suspend
fbdev: fbmem: behave better with small rotated displays and many CPUs
video: clps711x-fb: release disp device node in probe()
drbd: Avoid Clang warning about pointless switch statment
drbd: skip spurious timeout (ping-timeo) when failing promote
drbd: disconnect, if the wrong UUIDs are attached on a connected peer
drbd: narrow rcu_read_lock in drbd_sync_handshake
cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
Bluetooth: Fix unnecessary error message for HCI request completion
xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
mac80211: fix radiotap vendor presence bitmap handling
powerpc/uaccess: fix warning/error with access_ok()
arm64: KVM: Skip MMIO insn after emulation
tty: serial: samsung: Properly set flags in autoCTS mode
memstick: Prevent memstick host from getting runtime suspended during card detection
ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M
ARM: pxa: avoid section mismatch warning
udf: Fix BUG on corrupted inode
i2c-axxia: check for error conditions first
cpuidle: big.LITTLE: fix refcount leak
clk: imx6sl: ensure MMDC CH0 handshake is bypassed
sata_rcar: fix deferred probing
iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
mips: bpf: fix encoding bug for mm_srlv32_op
ARM: dts: Fix OMAP4430 SDP Ethernet startup
timekeeping: Use proper seqcount initializer
usb: hub: delay hub autosuspend if USB3 port is still link training
smack: fix access permissions for keyring
media: DaVinci-VPBE: fix error handling in vpbe_initialize()
x86/fpu: Add might_fault() to user_insn()
ARM: dts: mmp2: fix TWSI2
arm64: ftrace: don't adjust the LR value
nfsd4: fix crash on writing v4_end_grace before nfsd startup
sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN
f2fs: fix wrong return value of f2fs_acl_create
f2fs: move dir data flush to write checkpoint process
soc/tegra: Don't leak device tree node reference
perf tools: Add Hygon Dhyana support
modpost: validate symbol names also in find_elf_symbol
ARM: OMAP2+: hwmod: Fix some section annotations
staging: iio: ad7780: update voltage on read
staging:iio:ad2s90: Make probe handle spi_setup failure
ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
serial: fsl_lpuart: clear parity enable bit when disable parity
powerpc/pseries: add of_node_put() in dlpar_detach_node()
x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
dlm: Don't swamp the CPU with callbacks queued during recovery
ARM: 8808/1: kexec:offline panic_smp_self_stop CPU
scsi: lpfc: Correct LCB RJT handling
ASoC: Intel: mrfld: fix uninitialized variable access
staging: iio: adc: ad7280a: handle error from __ad7280_read32()
drm/bufs: Fix Spectre v1 vulnerability
BACKPORT: userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
ANDROID: cuttlefish_defconfig: Enable DEBUG_SET_MODULE_RONX
ANDROID: Move from clang r346389b to r349610.
UPSTREAM: virt_wifi: fix error return code in virt_wifi_newlink()
ion: Disable ION_HEAP_TYPE_SYSTEM_CONTIG
Change-Id: I8456a2f1d229a2d454295d660f749a2b436c6440
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/events/ring_buffer.c | 3 | ||||
-rw-r--r-- | kernel/hung_task.c | 8 | ||||
-rw-r--r-- | kernel/signal.c | 61 | ||||
-rw-r--r-- | kernel/time/timekeeping.c | 4 | ||||
-rw-r--r-- | kernel/trace/trace_uprobe.c | 9 |
5 files changed, 78 insertions, 7 deletions
diff --git a/kernel/events/ring_buffer.c b/kernel/events/ring_buffer.c index f4b9a369c8c3..424f5a5fa5a2 100644 --- a/kernel/events/ring_buffer.c +++ b/kernel/events/ring_buffer.c @@ -639,6 +639,9 @@ struct ring_buffer *rb_alloc(int nr_pages, long watermark, int cpu, int flags) size = sizeof(struct ring_buffer); size += nr_pages * sizeof(void *); + if (order_base_2(size) >= PAGE_SHIFT+MAX_ORDER) + goto fail; + rb = kzalloc(size, GFP_KERNEL); if (!rb) goto fail; diff --git a/kernel/hung_task.c b/kernel/hung_task.c index e0f90c2b57aa..cc05b97ba569 100644 --- a/kernel/hung_task.c +++ b/kernel/hung_task.c @@ -30,7 +30,7 @@ int __read_mostly sysctl_hung_task_check_count = PID_MAX_LIMIT; * is disabled during the critical section. It also controls the size of * the RCU grace period. So it needs to be upper-bound. */ -#define HUNG_TASK_BATCHING 1024 +#define HUNG_TASK_LOCK_BREAK (HZ / 10) /* * Zero means infinite timeout - no checking done: @@ -158,7 +158,7 @@ static bool rcu_lock_break(struct task_struct *g, struct task_struct *t) static void check_hung_uninterruptible_tasks(unsigned long timeout) { int max_count = sysctl_hung_task_check_count; - int batch_count = HUNG_TASK_BATCHING; + unsigned long last_break = jiffies; struct task_struct *g, *t; /* @@ -172,10 +172,10 @@ static void check_hung_uninterruptible_tasks(unsigned long timeout) for_each_process_thread(g, t) { if (!max_count--) goto unlock; - if (!--batch_count) { - batch_count = HUNG_TASK_BATCHING; + if (time_after(jiffies, last_break + HUNG_TASK_LOCK_BREAK)) { if (!rcu_lock_break(g, t)) goto unlock; + last_break = jiffies; } /* use "==" to skip the TASK_KILLABLE tasks waiting on NFS */ if (t->state == TASK_UNINTERRUPTIBLE) diff --git a/kernel/signal.c b/kernel/signal.c index 5b1313309356..96e8c3cbfa38 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -696,6 +696,48 @@ static inline bool si_fromuser(const struct siginfo *info) (!is_si_special(info) && SI_FROMUSER(info)); } +static int dequeue_synchronous_signal(siginfo_t *info) +{ + struct task_struct *tsk = current; + struct sigpending *pending = &tsk->pending; + struct sigqueue *q, *sync = NULL; + + /* + * Might a synchronous signal be in the queue? + */ + if (!((pending->signal.sig[0] & ~tsk->blocked.sig[0]) & SYNCHRONOUS_MASK)) + return 0; + + /* + * Return the first synchronous signal in the queue. + */ + list_for_each_entry(q, &pending->list, list) { + /* Synchronous signals have a postive si_code */ + if ((q->info.si_code > SI_USER) && + (sigmask(q->info.si_signo) & SYNCHRONOUS_MASK)) { + sync = q; + goto next; + } + } + return 0; +next: + /* + * Check if there is another siginfo for the same signal. + */ + list_for_each_entry_continue(q, &pending->list, list) { + if (q->info.si_signo == sync->info.si_signo) + goto still_pending; + } + + sigdelset(&pending->signal, sync->info.si_signo); + recalc_sigpending(); +still_pending: + list_del_init(&sync->list); + copy_siginfo(info, &sync->info); + __sigqueue_free(sync); + return info->si_signo; +} + /* * called with RCU read lock from check_kill_permission() */ @@ -2198,6 +2240,14 @@ relock: goto relock; } + /* Has this task already been marked for death? */ + if (signal_group_exit(signal)) { + ksig->info.si_signo = signr = SIGKILL; + sigdelset(¤t->pending.signal, SIGKILL); + recalc_sigpending(); + goto fatal; + } + for (;;) { struct k_sigaction *ka; @@ -2211,7 +2261,15 @@ relock: goto relock; } - signr = dequeue_signal(current, ¤t->blocked, &ksig->info); + /* + * Signals generated by the execution of an instruction + * need to be delivered before any other pending signals + * so that the instruction pointer in the signal stack + * frame points to the faulting instruction. + */ + signr = dequeue_synchronous_signal(&ksig->info); + if (!signr) + signr = dequeue_signal(current, ¤t->blocked, &ksig->info); if (!signr) break; /* will return 0 */ @@ -2293,6 +2351,7 @@ relock: continue; } + fatal: spin_unlock_irq(&sighand->siglock); /* diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c index 0651c7f47932..790988e66289 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -39,7 +39,9 @@ static struct { seqcount_t seq; struct timekeeper timekeeper; -} tk_core ____cacheline_aligned; +} tk_core ____cacheline_aligned = { + .seq = SEQCNT_ZERO(tk_core.seq), +}; static DEFINE_RAW_SPINLOCK(timekeeper_lock); static struct timekeeper shadow_timekeeper; diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index 31a436f9f13b..0839129fbbd8 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -150,7 +150,14 @@ static void FETCH_FUNC_NAME(memory, string)(struct pt_regs *regs, ret = strncpy_from_user(dst, src, maxlen); if (ret == maxlen) - dst[--ret] = '\0'; + dst[ret - 1] = '\0'; + else if (ret >= 0) + /* + * Include the terminating null byte. In this case it + * was copied by strncpy_from_user but not accounted + * for in ret. + */ + ret++; if (ret < 0) { /* Failed to fetch string */ ((u8 *)get_rloc_data(dest))[0] = '\0'; |