kernel-fxtec-pro1x/mm/memfd.c
Greg Kroah-Hartman 44b82a3d1b This is the 4.19.85 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3VfEoACgkQONu9yGCS
 aT7vHRAAv3fZQ5+Rn0zn0cgYsgG5OGbtHL01aJB99g2Dgf/VmB3OrB2rx+ZF7WVw
 Uakab5XZp6rLSxG4LNQy7jjIuxADdDab5xWTlhqpEHVydsFC9IOktT91DW2luf8Y
 Xyr8q7sQIS7eV67NkUnUSqri1IdsRNB5qeWmhC0l6+PSuQrk+WF0y5B4TtrjF5Er
 GjYTq9RTJh7/luFKUSmxN8+TIwo4uY15b3oqX75LMPObzbH+c5iqp5QiHJh/BQ7/
 awf7kxlMay0V/hPRmGomHxX70TgHTF2er0b+HyJwf1OX0zgKycsztWZT+p7qN+DT
 yjPWwYJ3kGs/7GwZL7HNhk8p/3aDf9HFHFvbVSty63wgZ8dfo4EuXZ9YfWa+lfI8
 Kn4wKeynUvrvNLH9iYug/XuEPjXysQeSlBaL4pZTPTWtipu1MP0OpR05l8UzO2cO
 lqWgf0Y7wsunZBeyCLkWd9TCO7gd1s7csdkJAy37rG7mCjN3p83NeMznLlj+H4I8
 MHlcAWdlxlWWitKohi0kr/VYiHmhBVsOZu4rQmuCBWuo++HrWwn7XaGBzYsP8Eku
 7ZNaS5oJFAjBzKnQxp8i3mgE8ifODuokgPISImyyRWidedfoHcv6Kr+pdEoQ+gjk
 nL5xwqKAMsh/vMyxVmetzytULHtvBqJelquzQcfnanyEvBoS46Q=
 =EUxi
 -----END PGP SIGNATURE-----

Merge 4.19.85 into android-4.19

Changes in 4.19.85
	KVM: x86: introduce is_pae_paging
	MIPS: BCM63XX: fix switch core reset on BCM6368
	scsi: core: Handle drivers which set sg_tablesize to zero
	ax88172a: fix information leak on short answers
	ipmr: Fix skb headroom in ipmr_get_route().
	net: gemini: add missed free_netdev
	net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules
	slip: Fix memory leak in slip_open error path
	ALSA: usb-audio: Fix missing error check at mixer resolution test
	ALSA: usb-audio: not submit urb for stopped endpoint
	ALSA: usb-audio: Fix incorrect NULL check in create_yamaha_midi_quirk()
	ALSA: usb-audio: Fix incorrect size check for processing/extension units
	Btrfs: fix log context list corruption after rename exchange operation
	Input: ff-memless - kill timer in destroy()
	Input: synaptics-rmi4 - fix video buffer size
	Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver
	Input: synaptics-rmi4 - do not consume more data than we have (F11, F12)
	Input: synaptics-rmi4 - clear IRQ enables for F54
	Input: synaptics-rmi4 - destroy F54 poller workqueue when removing
	IB/hfi1: Ensure full Gen3 speed in a Gen4 system
	IB/hfi1: Use a common pad buffer for 9B and 16B packets
	i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present
	ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable
	ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either
	net: ethernet: dwmac-sun8i: Use the correct function in exit path
	iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros
	mm: mempolicy: fix the wrong return value and potential pages leak of mbind
	mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm()
	mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup()
	mmc: sdhci-of-at91: fix quirk2 overwrite
	iio: adc: max9611: explicitly cast gain_selectors
	tee: optee: take DT status property into account
	ath10k: fix kernel panic by moving pci flush after napi_disable
	iio: dac: mcp4922: fix error handling in mcp4922_write_raw
	clk: sunxi-ng: h6: fix PWM gate/reset offset
	soundwire: Initialize completion for defer messages
	soundwire: intel: Fix uninitialized adev deref
	arm64: dts: allwinner: a64: Orange Pi Win: Fix SD card node
	arm64: dts: allwinner: a64: Olinuxino: fix DRAM voltage
	arm64: dts: allwinner: a64: NanoPi-A64: Fix DCDC1 voltage
	ALSA: pcm: signedness bug in snd_pcm_plug_alloc()
	soc/tegra: pmc: Fix pad voltage configuration for Tegra186
	arm64: dts: tegra210-p2180: Correct sdmmc4 vqmmc-supply
	y2038: make do_gettimeofday() and get_seconds() inline
	ARM: dts: rcar: Correct SATA device sizes to 2 MiB
	ARM: dts: at91/trivial: Fix USART1 definition for at91sam9g45
	rtc: sysfs: fix NULL check in rtc_add_groups()
	rtc: rv8803: fix the rv8803 id in the OF table
	remoteproc/davinci: Use %zx for formating size_t
	extcon: cht-wc: Return from default case to avoid warnings
	cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set
	ALSA: seq: Do error checks at creating system ports
	ath10k: skip resetting rx filter for WCN3990
	ath9k: fix tx99 with monitor mode interface
	wil6210: drop Rx multicast packets that are looped-back to STA
	wil6210: set edma variables only for Talyn-MB devices
	wil6210: prevent usage of tx ring 0 for eDMA
	wil6210: fix invalid memory access for rx_buff_mgmt debugfs
	ath10k: limit available channels via DT ieee80211-freq-limit
	ice: Update request resource command to latest specification
	ice: Prevent control queue operations during reset
	gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated
	ice: Fix and update driver version string
	ASoC: dapm: Don't fail creating new DAPM control on NULL pinctrl
	ASoC: dpcm: Properly initialise hw->rate_max
	ASoC: meson: axg-fifo: report interrupt request failure
	ASoC: AMD: Change MCLK to 48Mhz
	pinctrl: ingenic: Probe driver at subsys_initcall
	MIPS: BCM47XX: Enable USB power on Netgear WNDR3400v3
	ARM: dts: exynos: Use i2c-gpio for HDMI-DDC on Arndale
	ARM: dts: exynos: Fix HDMI-HPD line handling on Arndale
	ARM: dts: exynos: Fix sound in Snow-rev5 Chromebook
	liquidio: fix race condition in instruction completion processing
	arm64: dts: stratix10: i2c clock running out of spec
	ARM: dts: exynos: Fix regulators configuration on Peach Pi/Pit Chromebooks
	i40evf: Validate the number of queues a PF sends
	i40e: use correct length for strncpy
	i40evf: set IFF_UNICAST_FLT flag for the VF
	i40e: Check and correct speed values for link on open
	i40evf: Don't enable vlan stripping when rx offload is turned on
	i40e: hold the rtnl lock on clearing interrupt scheme
	i40evf: cancel workqueue sync for adminq when a VF is removed
	i40e: Prevent deleting MAC address from VF when set by PF
	IB/rxe: avoid back-to-back retries
	IB/rxe: fixes for rdma read retry
	iwlwifi: drop packets with bad status in CD
	iwlwifi: don't WARN on trying to dump dead firmware
	iwlwifi: mvm: avoid sending too many BARs
	media: vicodec: fix out-of-range values when decoding
	media: i2c: Fix pm_runtime_get_if_in_use() usage in sensor drivers
	media: ov772x: Disable clk on error path
	ARM: dts: pxa: fix the rtc controller
	ARM: dts: pxa: fix power i2c base address
	rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument
	mwifiex: do no submit URB in suspended state
	mwifex: free rx_cmd skb in suspended state
	brcmfmac: fix wrong strnchr usage
	mt76: Fix comparisons with invalid hardware key index
	soc: imx: gpc: fix PDN delay
	ASoC: rsnd: ssi: Fix issue in dma data address assignment
	net: hns3: Fix for multicast failure
	net: hns3: Fix error of checking used vlan id
	net: hns3: Fix for loopback selftest failed problem
	net: hns3: Change the dst mac addr of loopback packet
	net/mlx5: Fix atomic_mode enum values
	net: phy: mscc: read 'vsc8531,vddmac' as an u32
	net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32
	ARM: dts: meson8: fix the clock controller register size
	ARM: dts: meson8b: fix the clock controller register size
	mtd: rawnand: marvell: use regmap_update_bits() for syscon access
	mtd: rawnand: fsl_ifc: check result of SRAM initialization
	mtd: rawnand: fsl_ifc: fixup SRAM init for newer ctrl versions
	mtd: rawnand: qcom: don't include dma-direct.h
	IB/mlx5: Change TX affinity assignment in RoCE LAG mode
	qxl: fix null-pointer crash during suspend
	mac80211: fix saving a few HE values
	cfg80211: validate wmm rule when setting
	f2fs: avoid wrong decrypted data from disk
	net: lan78xx: Bail out if lan78xx_get_endpoints fails
	rtnetlink: move type calculation out of loop
	ASoC: sgtl5000: avoid division by zero if lo_vag is zero
	ath10k: avoid possible memory access violation
	ARM: dts: exynos: Disable pull control for S5M8767 PMIC
	ath10k: wmi: disable softirq's while calling ieee80211_rx
	i2c: mediatek: Use DMA safe buffers for i2c transactions
	IB/mlx5: Don't hold spin lock while checking device state
	IB/ipoib: Ensure that MTU isn't less than minimum permitted
	RDMA/core: Rate limit MAD error messages
	RDMA/core: Follow correct unregister order between sysfs and cgroup
	mips: txx9: fix iounmap related issue
	udf: Fix crash during mount
	ASoC: dapm: Avoid uninitialised variable warning
	ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation
	ata: Disable AHCI ALPM feature for Ampere Computing eMAG SATA
	of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC
	ARM: dts: omap3-gta04: give spi_lcd node a label so that we can overwrite in other DTS files
	ARM: dts: omap3-gta04: fixes for tvout / venc
	ARM: dts: omap3-gta04: tvout: enable as display1 alias
	ARM: dts: omap3-gta04: fix touchscreen tsc2007
	ARM: dts: omap3-gta04: make NAND partitions compatible with recent U-Boot
	ARM: dts: omap3-gta04: keep vpll2 always on
	f2fs: submit bio after shutdown
	failover: Fix error return code in net_failover_create
	sched/debug: Explicitly cast sched_feat() to bool
	sched/debug: Use symbolic names for task state constants
	firmware: arm_scmi: use strlcpy to ensure NULL-terminated strings
	arm64: dts: rockchip: Fix VCC5V0_HOST_EN on rk3399-sapphire
	ARM: dts: exynos: Disable pull control for PMIC IRQ line on Artik5 board
	usb: mtu3: disable vbus rise/fall interrupts of ltssm
	dmaengine: dma-jz4780: Don't depend on MACH_JZ4780
	dmaengine: dma-jz4780: Further residue status fix
	EDAC, sb_edac: Return early on ADDRV bit and address type test
	rtc: mt6397: fix possible race condition
	rtc: pl030: fix possible race condition
	ath9k: add back support for using active monitor interfaces for tx99
	dmaengine: at_xdmac: remove a stray bottom half unlock
	RDMA/hns: Fix an error code in hns_roce_v2_init_eq_table()
	IB/hfi1: Missing return value in error path for user sdma
	signal: Always ignore SIGKILL and SIGSTOP sent to the global init
	signal: Properly deliver SIGILL from uprobes
	signal: Properly deliver SIGSEGV from x86 uprobes
	f2fs: fix memory leak of write_io in fill_super()
	f2fs: fix memory leak of percpu counter in fill_super()
	f2fs: fix setattr project check upon fssetxattr ioctl
	scsi: qla2xxx: Use correct qpair for ABTS/CMD
	scsi: qla2xxx: Fix iIDMA error
	scsi: qla2xxx: Defer chip reset until target mode is enabled
	scsi: qla2xxx: Terminate Plogi/PRLI if WWN is 0
	scsi: qla2xxx: Fix deadlock between ATIO and HW lock
	scsi: qla2xxx: Increase abort timeout value
	scsi: qla2xxx: Check for Register disconnect
	scsi: qla2xxx: Fix port speed display on chip reset
	scsi: qla2xxx: Fix dropped srb resource.
	scsi: qla2xxx: Fix duplicate switch's Nport ID entries
	scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN
	scsi: lpfc: Correct invalid EQ doorbell write on if_type=6
	scsi: lpfc: Fix errors in log messages.
	scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir()
	ARM: imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff" is set
	scsi: pm80xx: Corrected dma_unmap_sg() parameter
	scsi: pm80xx: Fixed system hang issue during kexec boot
	kprobes: Don't call BUG_ON() if there is a kprobe in use on free list
	net: aquantia: fix hw_atl_utils_fw_upload_dwords
	Drivers: hv: vmbus: Fix synic per-cpu context initialization
	nvmem: core: return error code instead of NULL from nvmem_device_get
	media: dt-bindings: adv748x: Fix decimal unit addresses
	ALSA: hda: Fix implicit definition of pci_iomap() on SH
	media: fix: media: pci: meye: validate offset to avoid arbitrary access
	media: dvb: fix compat ioctl translation
	net: bcmgenet: Fix speed selection for reverse MII
	arm64: dts: meson: libretech: update board model
	arm64: dts: meson-axg: use the proper compatible for ethmac
	ALSA: intel8x0m: Register irq handler after register initializations
	arm64: dts: renesas: salvator-common: adv748x: Override secondary addresses
	arm64: dts: renesas: r8a77965: Attach the SYS-DMAC to the IPMMU
	arm64: dts: renesas: r8a77965: Fix HS-USB compatible
	arm64: dts: renesas: r8a77965: Fix clock/reset for usb2_phy1
	pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map()
	llc: avoid blocking in llc_sap_close()
	ARM: dts: qcom: ipq4019: fix cpu0's qcom,saw2 reg value
	soc: qcom: geni: Don't ignore clk_round_rate() errors in geni_se_clk_tbl_get()
	soc: qcom: geni: geni_se_clk_freq_match() should always accept multiples
	soc: qcom: wcnss_ctrl: Avoid string overflow
	soc: qcom: apr: Avoid string overflow
	drivers: qcom: rpmh-rsc: clear wait_for_compl after use
	arm64: dts: broadcom: Fix I2C and SPI bus warnings
	ARM: dts: bcm: Fix SPI bus warnings
	ARM: dts: aspeed: Fix I2C bus warnings
	powerpc/vdso: Correct call frame information
	ARM: dts: socfpga: Fix I2C bus unit-address error
	ARM: dts: sunxi: Fix I2C bus warnings
	pinctrl: at91: don't use the same irqchip with multiple gpiochips
	ARM: dts: sun9i: Fix I2C bus warnings
	android: binder: no outgoing transaction when thread todo has transaction
	cxgb4: Fix endianness issue in t4_fwcache()
	arm64: fix for bad_mode() handler to always result in panic
	block, bfq: inject other-queue I/O into seeky idle queues on NCQ flash
	blok, bfq: do not plug I/O if all queues are weight-raised
	arm64: dts: meson: Fix erroneous SPI bus warnings
	power: supply: ab8500_fg: silence uninitialized variable warnings
	power: reset: at91-poweroff: do not procede if at91_shdwc is allocated
	power: supply: max8998-charger: Fix platform data retrieval
	component: fix loop condition to call unbind() if bind() fails
	kernfs: Fix range checks in kernfs_get_target_path
	ip_gre: fix parsing gre header in ipgre_err
	scsi: ufshcd: Fix NULL pointer dereference for in ufshcd_init
	ARM: dts: rockchip: Fix erroneous SPI bus dtc warnings on rk3036
	arm64: dts: rockchip: Fix I2C bus unit-address error on rk3399-puma-haikou
	ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask
	netfilter: nf_tables: avoid BUG_ON usage
	ath9k: Fix a locking bug in ath9k_add_interface()
	s390/qeth: uninstall IRQ handler on device removal
	s390/qeth: invoke softirqs after napi_schedule()
	media: vsp1: Fix vsp1_regs.h license header
	media: vsp1: Fix YCbCr planar formats pitch calculation
	media: ov2680: don't register the v4l2 subdevice before checking chip ID
	PCI/ACPI: Correct error message for ASPM disabling
	net: socionext: Fix two sleep-in-atomic-context bugs in ave_rxfifo_reset()
	PCI: mediatek: Fix unchecked return value
	ARM: dts: xilinx: Fix I2C and SPI bus warnings
	serial: uartps: Fix suspend functionality
	serial: samsung: Enable baud clock for UART reset procedure in resume
	serial: mxs-auart: Fix potential infinite loop
	tty: serial: qcom_geni_serial: Fix serial when not used as console
	arm64: dts: ti: k3-am65: Change #address-cells and #size-cells of interconnect to 2
	samples/bpf: fix a compilation failure
	spi/bcm63xx-hsspi: keep pll clk enabled
	spi: mediatek: Don't modify spi_transfer when transfer.
	ASoC: rt5682: Fix the boost volume at the begining of playback
	ipmi_si_pci: fix NULL device in ipmi_si error message
	ipmi_si: fix potential integer overflow on large shift
	ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address
	ipmi: fix return value of ipmi_set_my_LUN
	net: hns3: fix return type of ndo_start_xmit function
	net: cavium: fix return type of ndo_start_xmit function
	net: ibm: fix return type of ndo_start_xmit function
	powerpc/iommu: Avoid derefence before pointer check
	selftests/powerpc: Do not fail with reschedule
	powerpc/64s/hash: Fix stab_rr off by one initialization
	powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request
	powerpc/pseries: Disable CPU hotplug across migrations
	powerpc: Fix duplicate const clang warning in user access code
	RDMA/i40iw: Fix incorrect iterator type
	ARM: dts: atmel: Fix I2C and SPI bus warnings
	OPP: Protect dev_list with opp_table lock
	of/unittest: Fix I2C bus unit-address error
	libfdt: Ensure INT_MAX is defined in libfdt_env.h
	power: supply: twl4030_charger: fix charging current out-of-bounds
	power: supply: twl4030_charger: disable eoc interrupt on linear charge
	net: mvpp2: fix the number of queues per cpu for PPv2.2
	net: marvell: fix return type of ndo_start_xmit function
	net: toshiba: fix return type of ndo_start_xmit function
	net: xilinx: fix return type of ndo_start_xmit function
	net: broadcom: fix return type of ndo_start_xmit function
	net: amd: fix return type of ndo_start_xmit function
	net: sun: fix return type of ndo_start_xmit function
	net: hns3: Fix for setting speed for phy failed problem
	net: hns3: Fix cmdq registers initialization issue for vf
	net: hns3: Clear client pointer when initialize client failed or unintialize finished
	net: hns3: Fix client initialize state issue when roce client initialize failed
	net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg()
	nfp: provide a better warning when ring allocation fails
	usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started
	usb: chipidea: Fix otg event handler
	usb: usbtmc: Fix ioctl USBTMC_IOCTL_ABORT_BULK_OUT
	s390/zcrypt: enable AP bus scan without a valid default domain
	s390/vdso: avoid 64-bit vdso mapping for compat tasks
	s390/vdso: correct CFI annotations of vDSO functions
	brcmfmac: increase buffer for obtaining firmware capabilities
	brcmsmac: Use kvmalloc() for ucode allocations
	mlxsw: spectrum: Init shaper for TCs 8..15
	PCI: portdrv: Initialize service drivers directly
	ARM: dts: am335x-evm: fix number of cpsw
	ARM: dts: ti: Fix SPI and I2C bus warnings
	f2fs: avoid infinite loop in f2fs_alloc_nid
	f2fs: fix to recover inode's uid/gid during POR
	ARM: dts: ux500: Correct SCU unit address
	ARM: dts: ux500: Fix LCDA clock line muxing
	ARM: dts: ste: Fix SPI controller node names
	spi: pic32: Use proper enum in dmaengine_prep_slave_rg
	crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
	cpufeature: avoid warning when compiling with clang
	crypto: arm/crc32 - avoid warning when compiling with Clang
	ARM: dts: marvell: Fix SPI and I2C bus warnings
	x86/mce-inject: Reset injection struct after injection
	ARM: dts: stm32: enable display on stm32mp157c-ev1 board
	ARM: dts: clearfog: fix sdhci supply property name
	ARM: dts: stm32: Fix SPI controller node names
	bnx2x: Ignore bandwidth attention in single function mode
	PCI/AER: Take reference on error devices
	PCI/AER: Don't read upstream ports below fatal errors
	PCI/ERR: Use slot reset if available
	samples/bpf: fix compilation failure
	net: phy: mdio-bcm-unimac: Allow configuring MDIO clock divider
	net: micrel: fix return type of ndo_start_xmit function
	net: freescale: fix return type of ndo_start_xmit function
	x86/CPU: Use correct macros for Cyrix calls
	x86/CPU: Change query logic so CPUID is enabled before testing
	EDAC: Correct DIMM capacity unit symbol
	MIPS: kexec: Relax memory restriction
	arm64: dts: rockchip: Fix microSD in rk3399 sapphire board
	mlxsw: Make MLXSW_SP1_FWREV_MINOR a hard requirement
	media: imx: work around false-positive warning, again
	media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init()
	media: au0828: Fix incorrect error messages
	media: davinci: Fix implicit enum conversion warning
	ARM: dts: rockchip: explicitly set vcc_sd0 pin to gpio on rk3188-radxarock
	usb: gadget: uvc: configfs: Drop leaked references to config items
	usb: gadget: uvc: configfs: Prevent format changes after linking header
	usb: gadget: uvc: configfs: Sort frame intervals upon writing
	ARM: dts: exynos: Correct audio subsystem parent clock on Peach Chromebooks
	i2c: aspeed: fix invalid clock parameters for very large divisors
	gpiolib: Fix gpio_direction_* for single direction GPIOs
	ARM: at91: pm: call put_device instead of of_node_put in at91_pm_config_ws
	phy: brcm-sata: allow PHY_BRCM_SATA driver to be built for DSL SoCs
	phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs
	phy: phy-twl4030-usb: fix denied runtime access
	ARM: dts: imx6ull: update vdd_soc voltage for 900MHz operating point
	usb: gadget: uvc: Factor out video USB request queueing
	usb: gadget: uvc: Only halt video streaming endpoint in bulk mode
	coresight: Use ERR_CAST instead of ERR_PTR
	coresight: Fix handling of sinks
	coresight: perf: Fix per cpu path management
	coresight: perf: Disable trace path upon source error
	coresight: tmc-etr: Handle driver mode specific ETR buffers
	coresight: etm4x: Configure EL2 exception level when kernel is running in HYP
	coresight: tmc: Fix byte-address alignment for RRP
	coresight: dynamic-replicator: Handle multiple connections
	slimbus: ngd: register ngd driver only once.
	slimbus: ngd: return proper error code instead of zero
	silmbus: ngd: register controller after power up.
	misc: kgdbts: Fix restrict error
	misc: genwqe: should return proper error value.
	vmbus: keep pointer to ring buffer page
	vfio/pci: Fix potential memory leak in vfio_msi_cap_len
	vfio/pci: Mask buggy SR-IOV VF INTx support
	iw_cxgb4: Use proper enumerated type in c4iw_bar2_addrs
	scsi: libsas: always unregister the old device if going to discover new
	f2fs: fix remount problem of option io_bits
	phy: lantiq: Fix compile warning
	arm64: dts: fsl: Fix I2C and SPI bus warnings
	ARM: dts: imx51-zii-rdu1: Fix the rtc compatible string
	arm64: tegra: I2C on Tegra194 is not compatible with Tegra114
	ARM: dts: tegra30: fix xcvr-setup-use-fuses
	ARM: dts: tegra20: restore address order
	ARM: tegra: apalis_t30: fix mmc1 cmd pull-up
	ARM: tegra: apalis_t30: fix mcp2515 can controller interrupt polarity
	ARM: tegra: colibri_t30: fix mcp2515 can controller interrupt polarity
	ARM: dts: paz00: fix wakeup gpio keycode
	net: smsc: fix return type of ndo_start_xmit function
	net: faraday: fix return type of ndo_start_xmit function
	PCI/ERR: Run error recovery callbacks for all affected devices
	f2fs: update i_size after DIO completion
	f2fs: fix to recover inode's project id during POR
	f2fs: mark inode dirty explicitly in recover_inode()
	RDMA: Fix dependencies for rdma_user_mmap_io
	EDAC: Raise the maximum number of memory controllers
	ARM: dts: realview: Fix SPI controller node names
	firmware: dell_rbu: Make payload memory uncachable
	Bluetooth: hci_serdev: clear HCI_UART_PROTO_READY to avoid closing proto races
	Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS
	Bluetooth: btrsi: fix bt tx timeout issue
	x86/hyperv: Suppress "PCI: Fatal: No config space access function found"
	crypto: s5p-sss: Fix race in error handling
	crypto: s5p-sss: Fix Fix argument list alignment
	crypto: fix a memory leak in rsa-kcs1pad's encryption mode
	iwlwifi: dbg: don't crash if the firmware crashes in the middle of a debug dump
	iwlwifi: fix non_shared_ant for 22000 devices
	iwlwifi: pcie: read correct prph address for newer devices
	iwlwifi: api: annotate compressed BA notif array sizes
	iwlwifi: pcie: gen2: build A-MSDU only for GSO
	iwlwifi: pcie: fit reclaim msg to MAX_MSG_LEN
	iwlwifi: mvm: use correct FIFO length
	iwlwifi: mvm: Allow TKIP for AP mode
	scsi: NCR5380: Clear all unissued commands on host reset
	scsi: NCR5380: Have NCR5380_select() return a bool
	scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE
	scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data
	scsi: NCR5380: Check for invalid reselection target
	scsi: NCR5380: Don't clear busy flag when abort fails
	scsi: NCR5380: Don't call dsprintk() following reselection interrupt
	scsi: NCR5380: Handle BUS FREE during reselection
	scsi: NCR5380: Check for bus reset
	arm64: dts: amd: Fix SPI bus warnings
	arm64: dts: lg: Fix SPI controller node names
	ARM: dts: lpc32xx: Fix SPI controller node names
	rtc: isl1208: avoid possible sysfs race
	rtc: tx4939: fixup nvmem name and register size
	rtc: armada38x: fix possible race condition
	netfilter: masquerade: don't flush all conntracks if only one address deleted on device
	usb: xhci-mtk: fix ISOC error when interval is zero
	usb: usbtmc: uninitialized symbol 'actual' in usbtmc_ioctl_clear
	fuse: use READ_ONCE on congestion_threshold and max_background
	IB/iser: Fix possible NULL deref at iser_inv_desc()
	media: ov2680: fix null dereference at power on
	s390/vdso: correct vdso mapping for compat tasks
	net: phy: mdio-bcm-unimac: mark PM functions as __maybe_unused
	memfd: Use radix_tree_deref_slot_protected to avoid the warning.
	slcan: Fix memory leak in error path
	Linux 4.19.85

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0857e66ee2cdd412cd736548a1395bf764a8ab0a
2019-11-20 20:43:17 +01:00

348 lines
8.5 KiB
C

/*
* memfd_create system call and file sealing support
*
* Code was originally included in shmem.c, and broken out to facilitate
* use by hugetlbfs as well as tmpfs.
*
* This file is released under the GPL.
*/
#include <linux/fs.h>
#include <linux/vfs.h>
#include <linux/pagemap.h>
#include <linux/file.h>
#include <linux/mm.h>
#include <linux/sched/signal.h>
#include <linux/khugepaged.h>
#include <linux/syscalls.h>
#include <linux/hugetlb.h>
#include <linux/shmem_fs.h>
#include <linux/memfd.h>
#include <uapi/linux/memfd.h>
/*
* We need a tag: a new tag would expand every radix_tree_node by 8 bytes,
* so reuse a tag which we firmly believe is never set or cleared on tmpfs
* or hugetlbfs because they are memory only filesystems.
*/
#define MEMFD_TAG_PINNED PAGECACHE_TAG_TOWRITE
#define LAST_SCAN 4 /* about 150ms max */
static void memfd_tag_pins(struct address_space *mapping)
{
struct radix_tree_iter iter;
void __rcu **slot;
pgoff_t start;
struct page *page;
unsigned int tagged = 0;
lru_add_drain();
start = 0;
xa_lock_irq(&mapping->i_pages);
radix_tree_for_each_slot(slot, &mapping->i_pages, &iter, start) {
page = radix_tree_deref_slot_protected(slot, &mapping->i_pages.xa_lock);
if (!page || radix_tree_exception(page)) {
if (radix_tree_deref_retry(page)) {
slot = radix_tree_iter_retry(&iter);
continue;
}
} else if (page_count(page) - page_mapcount(page) > 1) {
radix_tree_tag_set(&mapping->i_pages, iter.index,
MEMFD_TAG_PINNED);
}
if (++tagged % 1024)
continue;
slot = radix_tree_iter_resume(slot, &iter);
xa_unlock_irq(&mapping->i_pages);
cond_resched();
xa_lock_irq(&mapping->i_pages);
}
xa_unlock_irq(&mapping->i_pages);
}
/*
* Setting SEAL_WRITE requires us to verify there's no pending writer. However,
* via get_user_pages(), drivers might have some pending I/O without any active
* user-space mappings (eg., direct-IO, AIO). Therefore, we look at all pages
* and see whether it has an elevated ref-count. If so, we tag them and wait for
* them to be dropped.
* The caller must guarantee that no new user will acquire writable references
* to those pages to avoid races.
*/
static int memfd_wait_for_pins(struct address_space *mapping)
{
struct radix_tree_iter iter;
void __rcu **slot;
pgoff_t start;
struct page *page;
int error, scan;
memfd_tag_pins(mapping);
error = 0;
for (scan = 0; scan <= LAST_SCAN; scan++) {
if (!radix_tree_tagged(&mapping->i_pages, MEMFD_TAG_PINNED))
break;
if (!scan)
lru_add_drain_all();
else if (schedule_timeout_killable((HZ << scan) / 200))
scan = LAST_SCAN;
start = 0;
rcu_read_lock();
radix_tree_for_each_tagged(slot, &mapping->i_pages, &iter,
start, MEMFD_TAG_PINNED) {
page = radix_tree_deref_slot(slot);
if (radix_tree_exception(page)) {
if (radix_tree_deref_retry(page)) {
slot = radix_tree_iter_retry(&iter);
continue;
}
page = NULL;
}
if (page &&
page_count(page) - page_mapcount(page) != 1) {
if (scan < LAST_SCAN)
goto continue_resched;
/*
* On the last scan, we clean up all those tags
* we inserted; but make a note that we still
* found pages pinned.
*/
error = -EBUSY;
}
xa_lock_irq(&mapping->i_pages);
radix_tree_tag_clear(&mapping->i_pages,
iter.index, MEMFD_TAG_PINNED);
xa_unlock_irq(&mapping->i_pages);
continue_resched:
if (need_resched()) {
slot = radix_tree_iter_resume(slot, &iter);
cond_resched_rcu();
}
}
rcu_read_unlock();
}
return error;
}
static unsigned int *memfd_file_seals_ptr(struct file *file)
{
if (shmem_file(file))
return &SHMEM_I(file_inode(file))->seals;
#ifdef CONFIG_HUGETLBFS
if (is_file_hugepages(file))
return &HUGETLBFS_I(file_inode(file))->seals;
#endif
return NULL;
}
#define F_ALL_SEALS (F_SEAL_SEAL | \
F_SEAL_SHRINK | \
F_SEAL_GROW | \
F_SEAL_WRITE | \
F_SEAL_FUTURE_WRITE)
static int memfd_add_seals(struct file *file, unsigned int seals)
{
struct inode *inode = file_inode(file);
unsigned int *file_seals;
int error;
/*
* SEALING
* Sealing allows multiple parties to share a tmpfs or hugetlbfs file
* but restrict access to a specific subset of file operations. Seals
* can only be added, but never removed. This way, mutually untrusted
* parties can share common memory regions with a well-defined policy.
* A malicious peer can thus never perform unwanted operations on a
* shared object.
*
* Seals are only supported on special tmpfs or hugetlbfs files and
* always affect the whole underlying inode. Once a seal is set, it
* may prevent some kinds of access to the file. Currently, the
* following seals are defined:
* SEAL_SEAL: Prevent further seals from being set on this file
* SEAL_SHRINK: Prevent the file from shrinking
* SEAL_GROW: Prevent the file from growing
* SEAL_WRITE: Prevent write access to the file
*
* As we don't require any trust relationship between two parties, we
* must prevent seals from being removed. Therefore, sealing a file
* only adds a given set of seals to the file, it never touches
* existing seals. Furthermore, the "setting seals"-operation can be
* sealed itself, which basically prevents any further seal from being
* added.
*
* Semantics of sealing are only defined on volatile files. Only
* anonymous tmpfs and hugetlbfs files support sealing. More
* importantly, seals are never written to disk. Therefore, there's
* no plan to support it on other file types.
*/
if (!(file->f_mode & FMODE_WRITE))
return -EPERM;
if (seals & ~(unsigned int)F_ALL_SEALS)
return -EINVAL;
inode_lock(inode);
file_seals = memfd_file_seals_ptr(file);
if (!file_seals) {
error = -EINVAL;
goto unlock;
}
if (*file_seals & F_SEAL_SEAL) {
error = -EPERM;
goto unlock;
}
if ((seals & F_SEAL_WRITE) && !(*file_seals & F_SEAL_WRITE)) {
error = mapping_deny_writable(file->f_mapping);
if (error)
goto unlock;
error = memfd_wait_for_pins(file->f_mapping);
if (error) {
mapping_allow_writable(file->f_mapping);
goto unlock;
}
}
*file_seals |= seals;
error = 0;
unlock:
inode_unlock(inode);
return error;
}
static int memfd_get_seals(struct file *file)
{
unsigned int *seals = memfd_file_seals_ptr(file);
return seals ? *seals : -EINVAL;
}
long memfd_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
{
long error;
switch (cmd) {
case F_ADD_SEALS:
/* disallow upper 32bit */
if (arg > UINT_MAX)
return -EINVAL;
error = memfd_add_seals(file, arg);
break;
case F_GET_SEALS:
error = memfd_get_seals(file);
break;
default:
error = -EINVAL;
break;
}
return error;
}
#define MFD_NAME_PREFIX "memfd:"
#define MFD_NAME_PREFIX_LEN (sizeof(MFD_NAME_PREFIX) - 1)
#define MFD_NAME_MAX_LEN (NAME_MAX - MFD_NAME_PREFIX_LEN)
#define MFD_ALL_FLAGS (MFD_CLOEXEC | MFD_ALLOW_SEALING | MFD_HUGETLB)
SYSCALL_DEFINE2(memfd_create,
const char __user *, uname,
unsigned int, flags)
{
unsigned int *file_seals;
struct file *file;
int fd, error;
char *name;
long len;
if (!(flags & MFD_HUGETLB)) {
if (flags & ~(unsigned int)MFD_ALL_FLAGS)
return -EINVAL;
} else {
/* Allow huge page size encoding in flags. */
if (flags & ~(unsigned int)(MFD_ALL_FLAGS |
(MFD_HUGE_MASK << MFD_HUGE_SHIFT)))
return -EINVAL;
}
/* length includes terminating zero */
len = strnlen_user(uname, MFD_NAME_MAX_LEN + 1);
if (len <= 0)
return -EFAULT;
if (len > MFD_NAME_MAX_LEN + 1)
return -EINVAL;
name = kmalloc(len + MFD_NAME_PREFIX_LEN, GFP_KERNEL);
if (!name)
return -ENOMEM;
strcpy(name, MFD_NAME_PREFIX);
if (copy_from_user(&name[MFD_NAME_PREFIX_LEN], uname, len)) {
error = -EFAULT;
goto err_name;
}
/* terminating-zero may have changed after strnlen_user() returned */
if (name[len + MFD_NAME_PREFIX_LEN - 1]) {
error = -EFAULT;
goto err_name;
}
fd = get_unused_fd_flags((flags & MFD_CLOEXEC) ? O_CLOEXEC : 0);
if (fd < 0) {
error = fd;
goto err_name;
}
if (flags & MFD_HUGETLB) {
struct user_struct *user = NULL;
file = hugetlb_file_setup(name, 0, VM_NORESERVE, &user,
HUGETLB_ANONHUGE_INODE,
(flags >> MFD_HUGE_SHIFT) &
MFD_HUGE_MASK);
} else
file = shmem_file_setup(name, 0, VM_NORESERVE);
if (IS_ERR(file)) {
error = PTR_ERR(file);
goto err_fd;
}
file->f_mode |= FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE;
file->f_flags |= O_LARGEFILE;
if (flags & MFD_ALLOW_SEALING) {
file_seals = memfd_file_seals_ptr(file);
*file_seals &= ~F_SEAL_SEAL;
}
fd_install(fd, file);
kfree(name);
return fd;
err_fd:
put_unused_fd(fd);
err_name:
kfree(name);
return error;
}