44b82a3d1b
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3VfEoACgkQONu9yGCS aT7vHRAAv3fZQ5+Rn0zn0cgYsgG5OGbtHL01aJB99g2Dgf/VmB3OrB2rx+ZF7WVw Uakab5XZp6rLSxG4LNQy7jjIuxADdDab5xWTlhqpEHVydsFC9IOktT91DW2luf8Y Xyr8q7sQIS7eV67NkUnUSqri1IdsRNB5qeWmhC0l6+PSuQrk+WF0y5B4TtrjF5Er GjYTq9RTJh7/luFKUSmxN8+TIwo4uY15b3oqX75LMPObzbH+c5iqp5QiHJh/BQ7/ awf7kxlMay0V/hPRmGomHxX70TgHTF2er0b+HyJwf1OX0zgKycsztWZT+p7qN+DT yjPWwYJ3kGs/7GwZL7HNhk8p/3aDf9HFHFvbVSty63wgZ8dfo4EuXZ9YfWa+lfI8 Kn4wKeynUvrvNLH9iYug/XuEPjXysQeSlBaL4pZTPTWtipu1MP0OpR05l8UzO2cO lqWgf0Y7wsunZBeyCLkWd9TCO7gd1s7csdkJAy37rG7mCjN3p83NeMznLlj+H4I8 MHlcAWdlxlWWitKohi0kr/VYiHmhBVsOZu4rQmuCBWuo++HrWwn7XaGBzYsP8Eku 7ZNaS5oJFAjBzKnQxp8i3mgE8ifODuokgPISImyyRWidedfoHcv6Kr+pdEoQ+gjk nL5xwqKAMsh/vMyxVmetzytULHtvBqJelquzQcfnanyEvBoS46Q= =EUxi -----END PGP SIGNATURE----- Merge 4.19.85 into android-4.19 Changes in 4.19.85 KVM: x86: introduce is_pae_paging MIPS: BCM63XX: fix switch core reset on BCM6368 scsi: core: Handle drivers which set sg_tablesize to zero ax88172a: fix information leak on short answers ipmr: Fix skb headroom in ipmr_get_route(). net: gemini: add missed free_netdev net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules slip: Fix memory leak in slip_open error path ALSA: usb-audio: Fix missing error check at mixer resolution test ALSA: usb-audio: not submit urb for stopped endpoint ALSA: usb-audio: Fix incorrect NULL check in create_yamaha_midi_quirk() ALSA: usb-audio: Fix incorrect size check for processing/extension units Btrfs: fix log context list corruption after rename exchange operation Input: ff-memless - kill timer in destroy() Input: synaptics-rmi4 - fix video buffer size Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) Input: synaptics-rmi4 - clear IRQ enables for F54 Input: synaptics-rmi4 - destroy F54 poller workqueue when removing IB/hfi1: Ensure full Gen3 speed in a Gen4 system IB/hfi1: Use a common pad buffer for 9B and 16B packets i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either net: ethernet: dwmac-sun8i: Use the correct function in exit path iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros mm: mempolicy: fix the wrong return value and potential pages leak of mbind mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() mmc: sdhci-of-at91: fix quirk2 overwrite iio: adc: max9611: explicitly cast gain_selectors tee: optee: take DT status property into account ath10k: fix kernel panic by moving pci flush after napi_disable iio: dac: mcp4922: fix error handling in mcp4922_write_raw clk: sunxi-ng: h6: fix PWM gate/reset offset soundwire: Initialize completion for defer messages soundwire: intel: Fix uninitialized adev deref arm64: dts: allwinner: a64: Orange Pi Win: Fix SD card node arm64: dts: allwinner: a64: Olinuxino: fix DRAM voltage arm64: dts: allwinner: a64: NanoPi-A64: Fix DCDC1 voltage ALSA: pcm: signedness bug in snd_pcm_plug_alloc() soc/tegra: pmc: Fix pad voltage configuration for Tegra186 arm64: dts: tegra210-p2180: Correct sdmmc4 vqmmc-supply y2038: make do_gettimeofday() and get_seconds() inline ARM: dts: rcar: Correct SATA device sizes to 2 MiB ARM: dts: at91/trivial: Fix USART1 definition for at91sam9g45 rtc: sysfs: fix NULL check in rtc_add_groups() rtc: rv8803: fix the rv8803 id in the OF table remoteproc/davinci: Use %zx for formating size_t extcon: cht-wc: Return from default case to avoid warnings cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set ALSA: seq: Do error checks at creating system ports ath10k: skip resetting rx filter for WCN3990 ath9k: fix tx99 with monitor mode interface wil6210: drop Rx multicast packets that are looped-back to STA wil6210: set edma variables only for Talyn-MB devices wil6210: prevent usage of tx ring 0 for eDMA wil6210: fix invalid memory access for rx_buff_mgmt debugfs ath10k: limit available channels via DT ieee80211-freq-limit ice: Update request resource command to latest specification ice: Prevent control queue operations during reset gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated ice: Fix and update driver version string ASoC: dapm: Don't fail creating new DAPM control on NULL pinctrl ASoC: dpcm: Properly initialise hw->rate_max ASoC: meson: axg-fifo: report interrupt request failure ASoC: AMD: Change MCLK to 48Mhz pinctrl: ingenic: Probe driver at subsys_initcall MIPS: BCM47XX: Enable USB power on Netgear WNDR3400v3 ARM: dts: exynos: Use i2c-gpio for HDMI-DDC on Arndale ARM: dts: exynos: Fix HDMI-HPD line handling on Arndale ARM: dts: exynos: Fix sound in Snow-rev5 Chromebook liquidio: fix race condition in instruction completion processing arm64: dts: stratix10: i2c clock running out of spec ARM: dts: exynos: Fix regulators configuration on Peach Pi/Pit Chromebooks i40evf: Validate the number of queues a PF sends i40e: use correct length for strncpy i40evf: set IFF_UNICAST_FLT flag for the VF i40e: Check and correct speed values for link on open i40evf: Don't enable vlan stripping when rx offload is turned on i40e: hold the rtnl lock on clearing interrupt scheme i40evf: cancel workqueue sync for adminq when a VF is removed i40e: Prevent deleting MAC address from VF when set by PF IB/rxe: avoid back-to-back retries IB/rxe: fixes for rdma read retry iwlwifi: drop packets with bad status in CD iwlwifi: don't WARN on trying to dump dead firmware iwlwifi: mvm: avoid sending too many BARs media: vicodec: fix out-of-range values when decoding media: i2c: Fix pm_runtime_get_if_in_use() usage in sensor drivers media: ov772x: Disable clk on error path ARM: dts: pxa: fix the rtc controller ARM: dts: pxa: fix power i2c base address rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument mwifiex: do no submit URB in suspended state mwifex: free rx_cmd skb in suspended state brcmfmac: fix wrong strnchr usage mt76: Fix comparisons with invalid hardware key index soc: imx: gpc: fix PDN delay ASoC: rsnd: ssi: Fix issue in dma data address assignment net: hns3: Fix for multicast failure net: hns3: Fix error of checking used vlan id net: hns3: Fix for loopback selftest failed problem net: hns3: Change the dst mac addr of loopback packet net/mlx5: Fix atomic_mode enum values net: phy: mscc: read 'vsc8531,vddmac' as an u32 net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 ARM: dts: meson8: fix the clock controller register size ARM: dts: meson8b: fix the clock controller register size mtd: rawnand: marvell: use regmap_update_bits() for syscon access mtd: rawnand: fsl_ifc: check result of SRAM initialization mtd: rawnand: fsl_ifc: fixup SRAM init for newer ctrl versions mtd: rawnand: qcom: don't include dma-direct.h IB/mlx5: Change TX affinity assignment in RoCE LAG mode qxl: fix null-pointer crash during suspend mac80211: fix saving a few HE values cfg80211: validate wmm rule when setting f2fs: avoid wrong decrypted data from disk net: lan78xx: Bail out if lan78xx_get_endpoints fails rtnetlink: move type calculation out of loop ASoC: sgtl5000: avoid division by zero if lo_vag is zero ath10k: avoid possible memory access violation ARM: dts: exynos: Disable pull control for S5M8767 PMIC ath10k: wmi: disable softirq's while calling ieee80211_rx i2c: mediatek: Use DMA safe buffers for i2c transactions IB/mlx5: Don't hold spin lock while checking device state IB/ipoib: Ensure that MTU isn't less than minimum permitted RDMA/core: Rate limit MAD error messages RDMA/core: Follow correct unregister order between sysfs and cgroup mips: txx9: fix iounmap related issue udf: Fix crash during mount ASoC: dapm: Avoid uninitialised variable warning ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation ata: Disable AHCI ALPM feature for Ampere Computing eMAG SATA of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC ARM: dts: omap3-gta04: give spi_lcd node a label so that we can overwrite in other DTS files ARM: dts: omap3-gta04: fixes for tvout / venc ARM: dts: omap3-gta04: tvout: enable as display1 alias ARM: dts: omap3-gta04: fix touchscreen tsc2007 ARM: dts: omap3-gta04: make NAND partitions compatible with recent U-Boot ARM: dts: omap3-gta04: keep vpll2 always on f2fs: submit bio after shutdown failover: Fix error return code in net_failover_create sched/debug: Explicitly cast sched_feat() to bool sched/debug: Use symbolic names for task state constants firmware: arm_scmi: use strlcpy to ensure NULL-terminated strings arm64: dts: rockchip: Fix VCC5V0_HOST_EN on rk3399-sapphire ARM: dts: exynos: Disable pull control for PMIC IRQ line on Artik5 board usb: mtu3: disable vbus rise/fall interrupts of ltssm dmaengine: dma-jz4780: Don't depend on MACH_JZ4780 dmaengine: dma-jz4780: Further residue status fix EDAC, sb_edac: Return early on ADDRV bit and address type test rtc: mt6397: fix possible race condition rtc: pl030: fix possible race condition ath9k: add back support for using active monitor interfaces for tx99 dmaengine: at_xdmac: remove a stray bottom half unlock RDMA/hns: Fix an error code in hns_roce_v2_init_eq_table() IB/hfi1: Missing return value in error path for user sdma signal: Always ignore SIGKILL and SIGSTOP sent to the global init signal: Properly deliver SIGILL from uprobes signal: Properly deliver SIGSEGV from x86 uprobes f2fs: fix memory leak of write_io in fill_super() f2fs: fix memory leak of percpu counter in fill_super() f2fs: fix setattr project check upon fssetxattr ioctl scsi: qla2xxx: Use correct qpair for ABTS/CMD scsi: qla2xxx: Fix iIDMA error scsi: qla2xxx: Defer chip reset until target mode is enabled scsi: qla2xxx: Terminate Plogi/PRLI if WWN is 0 scsi: qla2xxx: Fix deadlock between ATIO and HW lock scsi: qla2xxx: Increase abort timeout value scsi: qla2xxx: Check for Register disconnect scsi: qla2xxx: Fix port speed display on chip reset scsi: qla2xxx: Fix dropped srb resource. scsi: qla2xxx: Fix duplicate switch's Nport ID entries scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 scsi: lpfc: Fix errors in log messages. scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() ARM: imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff" is set scsi: pm80xx: Corrected dma_unmap_sg() parameter scsi: pm80xx: Fixed system hang issue during kexec boot kprobes: Don't call BUG_ON() if there is a kprobe in use on free list net: aquantia: fix hw_atl_utils_fw_upload_dwords Drivers: hv: vmbus: Fix synic per-cpu context initialization nvmem: core: return error code instead of NULL from nvmem_device_get media: dt-bindings: adv748x: Fix decimal unit addresses ALSA: hda: Fix implicit definition of pci_iomap() on SH media: fix: media: pci: meye: validate offset to avoid arbitrary access media: dvb: fix compat ioctl translation net: bcmgenet: Fix speed selection for reverse MII arm64: dts: meson: libretech: update board model arm64: dts: meson-axg: use the proper compatible for ethmac ALSA: intel8x0m: Register irq handler after register initializations arm64: dts: renesas: salvator-common: adv748x: Override secondary addresses arm64: dts: renesas: r8a77965: Attach the SYS-DMAC to the IPMMU arm64: dts: renesas: r8a77965: Fix HS-USB compatible arm64: dts: renesas: r8a77965: Fix clock/reset for usb2_phy1 pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() llc: avoid blocking in llc_sap_close() ARM: dts: qcom: ipq4019: fix cpu0's qcom,saw2 reg value soc: qcom: geni: Don't ignore clk_round_rate() errors in geni_se_clk_tbl_get() soc: qcom: geni: geni_se_clk_freq_match() should always accept multiples soc: qcom: wcnss_ctrl: Avoid string overflow soc: qcom: apr: Avoid string overflow drivers: qcom: rpmh-rsc: clear wait_for_compl after use arm64: dts: broadcom: Fix I2C and SPI bus warnings ARM: dts: bcm: Fix SPI bus warnings ARM: dts: aspeed: Fix I2C bus warnings powerpc/vdso: Correct call frame information ARM: dts: socfpga: Fix I2C bus unit-address error ARM: dts: sunxi: Fix I2C bus warnings pinctrl: at91: don't use the same irqchip with multiple gpiochips ARM: dts: sun9i: Fix I2C bus warnings android: binder: no outgoing transaction when thread todo has transaction cxgb4: Fix endianness issue in t4_fwcache() arm64: fix for bad_mode() handler to always result in panic block, bfq: inject other-queue I/O into seeky idle queues on NCQ flash blok, bfq: do not plug I/O if all queues are weight-raised arm64: dts: meson: Fix erroneous SPI bus warnings power: supply: ab8500_fg: silence uninitialized variable warnings power: reset: at91-poweroff: do not procede if at91_shdwc is allocated power: supply: max8998-charger: Fix platform data retrieval component: fix loop condition to call unbind() if bind() fails kernfs: Fix range checks in kernfs_get_target_path ip_gre: fix parsing gre header in ipgre_err scsi: ufshcd: Fix NULL pointer dereference for in ufshcd_init ARM: dts: rockchip: Fix erroneous SPI bus dtc warnings on rk3036 arm64: dts: rockchip: Fix I2C bus unit-address error on rk3399-puma-haikou ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask netfilter: nf_tables: avoid BUG_ON usage ath9k: Fix a locking bug in ath9k_add_interface() s390/qeth: uninstall IRQ handler on device removal s390/qeth: invoke softirqs after napi_schedule() media: vsp1: Fix vsp1_regs.h license header media: vsp1: Fix YCbCr planar formats pitch calculation media: ov2680: don't register the v4l2 subdevice before checking chip ID PCI/ACPI: Correct error message for ASPM disabling net: socionext: Fix two sleep-in-atomic-context bugs in ave_rxfifo_reset() PCI: mediatek: Fix unchecked return value ARM: dts: xilinx: Fix I2C and SPI bus warnings serial: uartps: Fix suspend functionality serial: samsung: Enable baud clock for UART reset procedure in resume serial: mxs-auart: Fix potential infinite loop tty: serial: qcom_geni_serial: Fix serial when not used as console arm64: dts: ti: k3-am65: Change #address-cells and #size-cells of interconnect to 2 samples/bpf: fix a compilation failure spi/bcm63xx-hsspi: keep pll clk enabled spi: mediatek: Don't modify spi_transfer when transfer. ASoC: rt5682: Fix the boost volume at the begining of playback ipmi_si_pci: fix NULL device in ipmi_si error message ipmi_si: fix potential integer overflow on large shift ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address ipmi: fix return value of ipmi_set_my_LUN net: hns3: fix return type of ndo_start_xmit function net: cavium: fix return type of ndo_start_xmit function net: ibm: fix return type of ndo_start_xmit function powerpc/iommu: Avoid derefence before pointer check selftests/powerpc: Do not fail with reschedule powerpc/64s/hash: Fix stab_rr off by one initialization powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request powerpc/pseries: Disable CPU hotplug across migrations powerpc: Fix duplicate const clang warning in user access code RDMA/i40iw: Fix incorrect iterator type ARM: dts: atmel: Fix I2C and SPI bus warnings OPP: Protect dev_list with opp_table lock of/unittest: Fix I2C bus unit-address error libfdt: Ensure INT_MAX is defined in libfdt_env.h power: supply: twl4030_charger: fix charging current out-of-bounds power: supply: twl4030_charger: disable eoc interrupt on linear charge net: mvpp2: fix the number of queues per cpu for PPv2.2 net: marvell: fix return type of ndo_start_xmit function net: toshiba: fix return type of ndo_start_xmit function net: xilinx: fix return type of ndo_start_xmit function net: broadcom: fix return type of ndo_start_xmit function net: amd: fix return type of ndo_start_xmit function net: sun: fix return type of ndo_start_xmit function net: hns3: Fix for setting speed for phy failed problem net: hns3: Fix cmdq registers initialization issue for vf net: hns3: Clear client pointer when initialize client failed or unintialize finished net: hns3: Fix client initialize state issue when roce client initialize failed net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() nfp: provide a better warning when ring allocation fails usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started usb: chipidea: Fix otg event handler usb: usbtmc: Fix ioctl USBTMC_IOCTL_ABORT_BULK_OUT s390/zcrypt: enable AP bus scan without a valid default domain s390/vdso: avoid 64-bit vdso mapping for compat tasks s390/vdso: correct CFI annotations of vDSO functions brcmfmac: increase buffer for obtaining firmware capabilities brcmsmac: Use kvmalloc() for ucode allocations mlxsw: spectrum: Init shaper for TCs 8..15 PCI: portdrv: Initialize service drivers directly ARM: dts: am335x-evm: fix number of cpsw ARM: dts: ti: Fix SPI and I2C bus warnings f2fs: avoid infinite loop in f2fs_alloc_nid f2fs: fix to recover inode's uid/gid during POR ARM: dts: ux500: Correct SCU unit address ARM: dts: ux500: Fix LCDA clock line muxing ARM: dts: ste: Fix SPI controller node names spi: pic32: Use proper enum in dmaengine_prep_slave_rg crypto: chacha20 - Fix chacha20_block() keystream alignment (again) cpufeature: avoid warning when compiling with clang crypto: arm/crc32 - avoid warning when compiling with Clang ARM: dts: marvell: Fix SPI and I2C bus warnings x86/mce-inject: Reset injection struct after injection ARM: dts: stm32: enable display on stm32mp157c-ev1 board ARM: dts: clearfog: fix sdhci supply property name ARM: dts: stm32: Fix SPI controller node names bnx2x: Ignore bandwidth attention in single function mode PCI/AER: Take reference on error devices PCI/AER: Don't read upstream ports below fatal errors PCI/ERR: Use slot reset if available samples/bpf: fix compilation failure net: phy: mdio-bcm-unimac: Allow configuring MDIO clock divider net: micrel: fix return type of ndo_start_xmit function net: freescale: fix return type of ndo_start_xmit function x86/CPU: Use correct macros for Cyrix calls x86/CPU: Change query logic so CPUID is enabled before testing EDAC: Correct DIMM capacity unit symbol MIPS: kexec: Relax memory restriction arm64: dts: rockchip: Fix microSD in rk3399 sapphire board mlxsw: Make MLXSW_SP1_FWREV_MINOR a hard requirement media: imx: work around false-positive warning, again media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() media: au0828: Fix incorrect error messages media: davinci: Fix implicit enum conversion warning ARM: dts: rockchip: explicitly set vcc_sd0 pin to gpio on rk3188-radxarock usb: gadget: uvc: configfs: Drop leaked references to config items usb: gadget: uvc: configfs: Prevent format changes after linking header usb: gadget: uvc: configfs: Sort frame intervals upon writing ARM: dts: exynos: Correct audio subsystem parent clock on Peach Chromebooks i2c: aspeed: fix invalid clock parameters for very large divisors gpiolib: Fix gpio_direction_* for single direction GPIOs ARM: at91: pm: call put_device instead of of_node_put in at91_pm_config_ws phy: brcm-sata: allow PHY_BRCM_SATA driver to be built for DSL SoCs phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs phy: phy-twl4030-usb: fix denied runtime access ARM: dts: imx6ull: update vdd_soc voltage for 900MHz operating point usb: gadget: uvc: Factor out video USB request queueing usb: gadget: uvc: Only halt video streaming endpoint in bulk mode coresight: Use ERR_CAST instead of ERR_PTR coresight: Fix handling of sinks coresight: perf: Fix per cpu path management coresight: perf: Disable trace path upon source error coresight: tmc-etr: Handle driver mode specific ETR buffers coresight: etm4x: Configure EL2 exception level when kernel is running in HYP coresight: tmc: Fix byte-address alignment for RRP coresight: dynamic-replicator: Handle multiple connections slimbus: ngd: register ngd driver only once. slimbus: ngd: return proper error code instead of zero silmbus: ngd: register controller after power up. misc: kgdbts: Fix restrict error misc: genwqe: should return proper error value. vmbus: keep pointer to ring buffer page vfio/pci: Fix potential memory leak in vfio_msi_cap_len vfio/pci: Mask buggy SR-IOV VF INTx support iw_cxgb4: Use proper enumerated type in c4iw_bar2_addrs scsi: libsas: always unregister the old device if going to discover new f2fs: fix remount problem of option io_bits phy: lantiq: Fix compile warning arm64: dts: fsl: Fix I2C and SPI bus warnings ARM: dts: imx51-zii-rdu1: Fix the rtc compatible string arm64: tegra: I2C on Tegra194 is not compatible with Tegra114 ARM: dts: tegra30: fix xcvr-setup-use-fuses ARM: dts: tegra20: restore address order ARM: tegra: apalis_t30: fix mmc1 cmd pull-up ARM: tegra: apalis_t30: fix mcp2515 can controller interrupt polarity ARM: tegra: colibri_t30: fix mcp2515 can controller interrupt polarity ARM: dts: paz00: fix wakeup gpio keycode net: smsc: fix return type of ndo_start_xmit function net: faraday: fix return type of ndo_start_xmit function PCI/ERR: Run error recovery callbacks for all affected devices f2fs: update i_size after DIO completion f2fs: fix to recover inode's project id during POR f2fs: mark inode dirty explicitly in recover_inode() RDMA: Fix dependencies for rdma_user_mmap_io EDAC: Raise the maximum number of memory controllers ARM: dts: realview: Fix SPI controller node names firmware: dell_rbu: Make payload memory uncachable Bluetooth: hci_serdev: clear HCI_UART_PROTO_READY to avoid closing proto races Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS Bluetooth: btrsi: fix bt tx timeout issue x86/hyperv: Suppress "PCI: Fatal: No config space access function found" crypto: s5p-sss: Fix race in error handling crypto: s5p-sss: Fix Fix argument list alignment crypto: fix a memory leak in rsa-kcs1pad's encryption mode iwlwifi: dbg: don't crash if the firmware crashes in the middle of a debug dump iwlwifi: fix non_shared_ant for 22000 devices iwlwifi: pcie: read correct prph address for newer devices iwlwifi: api: annotate compressed BA notif array sizes iwlwifi: pcie: gen2: build A-MSDU only for GSO iwlwifi: pcie: fit reclaim msg to MAX_MSG_LEN iwlwifi: mvm: use correct FIFO length iwlwifi: mvm: Allow TKIP for AP mode scsi: NCR5380: Clear all unissued commands on host reset scsi: NCR5380: Have NCR5380_select() return a bool scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data scsi: NCR5380: Check for invalid reselection target scsi: NCR5380: Don't clear busy flag when abort fails scsi: NCR5380: Don't call dsprintk() following reselection interrupt scsi: NCR5380: Handle BUS FREE during reselection scsi: NCR5380: Check for bus reset arm64: dts: amd: Fix SPI bus warnings arm64: dts: lg: Fix SPI controller node names ARM: dts: lpc32xx: Fix SPI controller node names rtc: isl1208: avoid possible sysfs race rtc: tx4939: fixup nvmem name and register size rtc: armada38x: fix possible race condition netfilter: masquerade: don't flush all conntracks if only one address deleted on device usb: xhci-mtk: fix ISOC error when interval is zero usb: usbtmc: uninitialized symbol 'actual' in usbtmc_ioctl_clear fuse: use READ_ONCE on congestion_threshold and max_background IB/iser: Fix possible NULL deref at iser_inv_desc() media: ov2680: fix null dereference at power on s390/vdso: correct vdso mapping for compat tasks net: phy: mdio-bcm-unimac: mark PM functions as __maybe_unused memfd: Use radix_tree_deref_slot_protected to avoid the warning. slcan: Fix memory leak in error path Linux 4.19.85 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I0857e66ee2cdd412cd736548a1395bf764a8ab0a
348 lines
8.5 KiB
C
348 lines
8.5 KiB
C
/*
|
|
* memfd_create system call and file sealing support
|
|
*
|
|
* Code was originally included in shmem.c, and broken out to facilitate
|
|
* use by hugetlbfs as well as tmpfs.
|
|
*
|
|
* This file is released under the GPL.
|
|
*/
|
|
|
|
#include <linux/fs.h>
|
|
#include <linux/vfs.h>
|
|
#include <linux/pagemap.h>
|
|
#include <linux/file.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/sched/signal.h>
|
|
#include <linux/khugepaged.h>
|
|
#include <linux/syscalls.h>
|
|
#include <linux/hugetlb.h>
|
|
#include <linux/shmem_fs.h>
|
|
#include <linux/memfd.h>
|
|
#include <uapi/linux/memfd.h>
|
|
|
|
/*
|
|
* We need a tag: a new tag would expand every radix_tree_node by 8 bytes,
|
|
* so reuse a tag which we firmly believe is never set or cleared on tmpfs
|
|
* or hugetlbfs because they are memory only filesystems.
|
|
*/
|
|
#define MEMFD_TAG_PINNED PAGECACHE_TAG_TOWRITE
|
|
#define LAST_SCAN 4 /* about 150ms max */
|
|
|
|
static void memfd_tag_pins(struct address_space *mapping)
|
|
{
|
|
struct radix_tree_iter iter;
|
|
void __rcu **slot;
|
|
pgoff_t start;
|
|
struct page *page;
|
|
unsigned int tagged = 0;
|
|
|
|
lru_add_drain();
|
|
start = 0;
|
|
|
|
xa_lock_irq(&mapping->i_pages);
|
|
radix_tree_for_each_slot(slot, &mapping->i_pages, &iter, start) {
|
|
page = radix_tree_deref_slot_protected(slot, &mapping->i_pages.xa_lock);
|
|
if (!page || radix_tree_exception(page)) {
|
|
if (radix_tree_deref_retry(page)) {
|
|
slot = radix_tree_iter_retry(&iter);
|
|
continue;
|
|
}
|
|
} else if (page_count(page) - page_mapcount(page) > 1) {
|
|
radix_tree_tag_set(&mapping->i_pages, iter.index,
|
|
MEMFD_TAG_PINNED);
|
|
}
|
|
|
|
if (++tagged % 1024)
|
|
continue;
|
|
|
|
slot = radix_tree_iter_resume(slot, &iter);
|
|
xa_unlock_irq(&mapping->i_pages);
|
|
cond_resched();
|
|
xa_lock_irq(&mapping->i_pages);
|
|
}
|
|
xa_unlock_irq(&mapping->i_pages);
|
|
}
|
|
|
|
/*
|
|
* Setting SEAL_WRITE requires us to verify there's no pending writer. However,
|
|
* via get_user_pages(), drivers might have some pending I/O without any active
|
|
* user-space mappings (eg., direct-IO, AIO). Therefore, we look at all pages
|
|
* and see whether it has an elevated ref-count. If so, we tag them and wait for
|
|
* them to be dropped.
|
|
* The caller must guarantee that no new user will acquire writable references
|
|
* to those pages to avoid races.
|
|
*/
|
|
static int memfd_wait_for_pins(struct address_space *mapping)
|
|
{
|
|
struct radix_tree_iter iter;
|
|
void __rcu **slot;
|
|
pgoff_t start;
|
|
struct page *page;
|
|
int error, scan;
|
|
|
|
memfd_tag_pins(mapping);
|
|
|
|
error = 0;
|
|
for (scan = 0; scan <= LAST_SCAN; scan++) {
|
|
if (!radix_tree_tagged(&mapping->i_pages, MEMFD_TAG_PINNED))
|
|
break;
|
|
|
|
if (!scan)
|
|
lru_add_drain_all();
|
|
else if (schedule_timeout_killable((HZ << scan) / 200))
|
|
scan = LAST_SCAN;
|
|
|
|
start = 0;
|
|
rcu_read_lock();
|
|
radix_tree_for_each_tagged(slot, &mapping->i_pages, &iter,
|
|
start, MEMFD_TAG_PINNED) {
|
|
|
|
page = radix_tree_deref_slot(slot);
|
|
if (radix_tree_exception(page)) {
|
|
if (radix_tree_deref_retry(page)) {
|
|
slot = radix_tree_iter_retry(&iter);
|
|
continue;
|
|
}
|
|
|
|
page = NULL;
|
|
}
|
|
|
|
if (page &&
|
|
page_count(page) - page_mapcount(page) != 1) {
|
|
if (scan < LAST_SCAN)
|
|
goto continue_resched;
|
|
|
|
/*
|
|
* On the last scan, we clean up all those tags
|
|
* we inserted; but make a note that we still
|
|
* found pages pinned.
|
|
*/
|
|
error = -EBUSY;
|
|
}
|
|
|
|
xa_lock_irq(&mapping->i_pages);
|
|
radix_tree_tag_clear(&mapping->i_pages,
|
|
iter.index, MEMFD_TAG_PINNED);
|
|
xa_unlock_irq(&mapping->i_pages);
|
|
continue_resched:
|
|
if (need_resched()) {
|
|
slot = radix_tree_iter_resume(slot, &iter);
|
|
cond_resched_rcu();
|
|
}
|
|
}
|
|
rcu_read_unlock();
|
|
}
|
|
|
|
return error;
|
|
}
|
|
|
|
static unsigned int *memfd_file_seals_ptr(struct file *file)
|
|
{
|
|
if (shmem_file(file))
|
|
return &SHMEM_I(file_inode(file))->seals;
|
|
|
|
#ifdef CONFIG_HUGETLBFS
|
|
if (is_file_hugepages(file))
|
|
return &HUGETLBFS_I(file_inode(file))->seals;
|
|
#endif
|
|
|
|
return NULL;
|
|
}
|
|
|
|
#define F_ALL_SEALS (F_SEAL_SEAL | \
|
|
F_SEAL_SHRINK | \
|
|
F_SEAL_GROW | \
|
|
F_SEAL_WRITE | \
|
|
F_SEAL_FUTURE_WRITE)
|
|
|
|
static int memfd_add_seals(struct file *file, unsigned int seals)
|
|
{
|
|
struct inode *inode = file_inode(file);
|
|
unsigned int *file_seals;
|
|
int error;
|
|
|
|
/*
|
|
* SEALING
|
|
* Sealing allows multiple parties to share a tmpfs or hugetlbfs file
|
|
* but restrict access to a specific subset of file operations. Seals
|
|
* can only be added, but never removed. This way, mutually untrusted
|
|
* parties can share common memory regions with a well-defined policy.
|
|
* A malicious peer can thus never perform unwanted operations on a
|
|
* shared object.
|
|
*
|
|
* Seals are only supported on special tmpfs or hugetlbfs files and
|
|
* always affect the whole underlying inode. Once a seal is set, it
|
|
* may prevent some kinds of access to the file. Currently, the
|
|
* following seals are defined:
|
|
* SEAL_SEAL: Prevent further seals from being set on this file
|
|
* SEAL_SHRINK: Prevent the file from shrinking
|
|
* SEAL_GROW: Prevent the file from growing
|
|
* SEAL_WRITE: Prevent write access to the file
|
|
*
|
|
* As we don't require any trust relationship between two parties, we
|
|
* must prevent seals from being removed. Therefore, sealing a file
|
|
* only adds a given set of seals to the file, it never touches
|
|
* existing seals. Furthermore, the "setting seals"-operation can be
|
|
* sealed itself, which basically prevents any further seal from being
|
|
* added.
|
|
*
|
|
* Semantics of sealing are only defined on volatile files. Only
|
|
* anonymous tmpfs and hugetlbfs files support sealing. More
|
|
* importantly, seals are never written to disk. Therefore, there's
|
|
* no plan to support it on other file types.
|
|
*/
|
|
|
|
if (!(file->f_mode & FMODE_WRITE))
|
|
return -EPERM;
|
|
if (seals & ~(unsigned int)F_ALL_SEALS)
|
|
return -EINVAL;
|
|
|
|
inode_lock(inode);
|
|
|
|
file_seals = memfd_file_seals_ptr(file);
|
|
if (!file_seals) {
|
|
error = -EINVAL;
|
|
goto unlock;
|
|
}
|
|
|
|
if (*file_seals & F_SEAL_SEAL) {
|
|
error = -EPERM;
|
|
goto unlock;
|
|
}
|
|
|
|
if ((seals & F_SEAL_WRITE) && !(*file_seals & F_SEAL_WRITE)) {
|
|
error = mapping_deny_writable(file->f_mapping);
|
|
if (error)
|
|
goto unlock;
|
|
|
|
error = memfd_wait_for_pins(file->f_mapping);
|
|
if (error) {
|
|
mapping_allow_writable(file->f_mapping);
|
|
goto unlock;
|
|
}
|
|
}
|
|
|
|
*file_seals |= seals;
|
|
error = 0;
|
|
|
|
unlock:
|
|
inode_unlock(inode);
|
|
return error;
|
|
}
|
|
|
|
static int memfd_get_seals(struct file *file)
|
|
{
|
|
unsigned int *seals = memfd_file_seals_ptr(file);
|
|
|
|
return seals ? *seals : -EINVAL;
|
|
}
|
|
|
|
long memfd_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
|
|
{
|
|
long error;
|
|
|
|
switch (cmd) {
|
|
case F_ADD_SEALS:
|
|
/* disallow upper 32bit */
|
|
if (arg > UINT_MAX)
|
|
return -EINVAL;
|
|
|
|
error = memfd_add_seals(file, arg);
|
|
break;
|
|
case F_GET_SEALS:
|
|
error = memfd_get_seals(file);
|
|
break;
|
|
default:
|
|
error = -EINVAL;
|
|
break;
|
|
}
|
|
|
|
return error;
|
|
}
|
|
|
|
#define MFD_NAME_PREFIX "memfd:"
|
|
#define MFD_NAME_PREFIX_LEN (sizeof(MFD_NAME_PREFIX) - 1)
|
|
#define MFD_NAME_MAX_LEN (NAME_MAX - MFD_NAME_PREFIX_LEN)
|
|
|
|
#define MFD_ALL_FLAGS (MFD_CLOEXEC | MFD_ALLOW_SEALING | MFD_HUGETLB)
|
|
|
|
SYSCALL_DEFINE2(memfd_create,
|
|
const char __user *, uname,
|
|
unsigned int, flags)
|
|
{
|
|
unsigned int *file_seals;
|
|
struct file *file;
|
|
int fd, error;
|
|
char *name;
|
|
long len;
|
|
|
|
if (!(flags & MFD_HUGETLB)) {
|
|
if (flags & ~(unsigned int)MFD_ALL_FLAGS)
|
|
return -EINVAL;
|
|
} else {
|
|
/* Allow huge page size encoding in flags. */
|
|
if (flags & ~(unsigned int)(MFD_ALL_FLAGS |
|
|
(MFD_HUGE_MASK << MFD_HUGE_SHIFT)))
|
|
return -EINVAL;
|
|
}
|
|
|
|
/* length includes terminating zero */
|
|
len = strnlen_user(uname, MFD_NAME_MAX_LEN + 1);
|
|
if (len <= 0)
|
|
return -EFAULT;
|
|
if (len > MFD_NAME_MAX_LEN + 1)
|
|
return -EINVAL;
|
|
|
|
name = kmalloc(len + MFD_NAME_PREFIX_LEN, GFP_KERNEL);
|
|
if (!name)
|
|
return -ENOMEM;
|
|
|
|
strcpy(name, MFD_NAME_PREFIX);
|
|
if (copy_from_user(&name[MFD_NAME_PREFIX_LEN], uname, len)) {
|
|
error = -EFAULT;
|
|
goto err_name;
|
|
}
|
|
|
|
/* terminating-zero may have changed after strnlen_user() returned */
|
|
if (name[len + MFD_NAME_PREFIX_LEN - 1]) {
|
|
error = -EFAULT;
|
|
goto err_name;
|
|
}
|
|
|
|
fd = get_unused_fd_flags((flags & MFD_CLOEXEC) ? O_CLOEXEC : 0);
|
|
if (fd < 0) {
|
|
error = fd;
|
|
goto err_name;
|
|
}
|
|
|
|
if (flags & MFD_HUGETLB) {
|
|
struct user_struct *user = NULL;
|
|
|
|
file = hugetlb_file_setup(name, 0, VM_NORESERVE, &user,
|
|
HUGETLB_ANONHUGE_INODE,
|
|
(flags >> MFD_HUGE_SHIFT) &
|
|
MFD_HUGE_MASK);
|
|
} else
|
|
file = shmem_file_setup(name, 0, VM_NORESERVE);
|
|
if (IS_ERR(file)) {
|
|
error = PTR_ERR(file);
|
|
goto err_fd;
|
|
}
|
|
file->f_mode |= FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE;
|
|
file->f_flags |= O_LARGEFILE;
|
|
|
|
if (flags & MFD_ALLOW_SEALING) {
|
|
file_seals = memfd_file_seals_ptr(file);
|
|
*file_seals &= ~F_SEAL_SEAL;
|
|
}
|
|
|
|
fd_install(fd, file);
|
|
kfree(name);
|
|
return fd;
|
|
|
|
err_fd:
|
|
put_unused_fd(fd);
|
|
err_name:
|
|
kfree(name);
|
|
return error;
|
|
}
|