parent
ad494c2131
commit
7ebc9f9504
|
@ -1,4 +1,4 @@
|
|||
linux (4.19.34-1) UNRELEASED; urgency=medium
|
||||
linux (4.19.37-1) UNRELEASED; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.29
|
||||
|
@ -478,7 +478,6 @@ linux (4.19.34-1) UNRELEASED; urgency=medium
|
|||
- loop: access lo_backing_file only when the loop device is Lo_bound
|
||||
- [x86] unwind: Handle NULL pointer calls better in frame unwinder
|
||||
- [x86] unwind: Add hardcoded ORC entry for NULL
|
||||
- locking/lockdep: Add debug_locks check in __lock_downgrade()
|
||||
- ALSA: hda - Record the current power state before suspend/resume calls
|
||||
- ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
|
||||
- power: supply: charger-manager: Fix incorrect return value
|
||||
|
@ -777,7 +776,6 @@ linux (4.19.34-1) UNRELEASED; urgency=medium
|
|||
- [armhf,arm64] wlcore: Fix memory leak in case wl12xx_fetch_firmware
|
||||
failure
|
||||
- drm/fb-helper: fix leaks in error path of drm_fb_helper_fbdev_setup
|
||||
- [arm64] clk: meson: clean-up clock registration
|
||||
- [arm64] clk: rockchip: fix frac settings of GPLL clock for rk3328
|
||||
- [armhf,arm64] dmaengine: tegra: avoid overflow of byte tracking
|
||||
- [x86] Input: soc_button_array - fix mapping of the 5th GPIO in a PNP0C40
|
||||
|
@ -786,6 +784,289 @@ linux (4.19.34-1) UNRELEASED; urgency=medium
|
|||
- ACPI / video: Extend chassis-type detection with a "Lunch Box" check
|
||||
- bcache: fix potential div-zero error of writeback_rate_p_term_inverse
|
||||
- [x86] kprobes: Blacklist non-attachable interrupt functions
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.35
|
||||
- [x86] kvm: nVMX: NMI-window and interrupt-window exiting should wake L2
|
||||
from HLT
|
||||
- [powerpc*] tm: Limit TM code inside PPC_TRANSACTIONAL_MEM
|
||||
- [x86] hv_netvsc: Fix unwanted wakeup after tx_disable
|
||||
- ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
|
||||
- ipv6: Fix dangling pointer when ipv6 fragment
|
||||
- ipv6: sit: reset ip header pointer in ipip6_rcv
|
||||
- net: ethtool: not call vzalloc for zero sized memory request
|
||||
- net-gro: Fix GRO flush when receiving a GSO packet.
|
||||
- net/mlx5: Decrease default mr cache size
|
||||
- netns: provide pure entropy for net_hash_mix()
|
||||
- net: rds: force to destroy connection if t_sock is NULL in
|
||||
rds_tcp_kill_sock().
|
||||
- net/sched: act_sample: fix divide by zero in the traffic path
|
||||
- net/sched: fix ->get helper of the matchall cls
|
||||
- openvswitch: fix flow actions reallocation
|
||||
- qmi_wwan: add Olicard 600
|
||||
- r8169: disable ASPM again
|
||||
- sctp: initialize _pad of sockaddr_in before copying to user memory
|
||||
- tcp: Ensure DCTCP reacts to losses
|
||||
- tcp: fix a potential NULL pointer dereference in tcp_sk_exit
|
||||
- vrf: check accept_source_route on the original netdevice
|
||||
- net/mlx5e: Fix error handling when refreshing TIRs
|
||||
- net/mlx5e: Add a lock on tir list
|
||||
- nfp: validate the return code from dev_queue_xmit()
|
||||
- nfp: disable netpoll on representors
|
||||
- bnxt_en: Improve RX consumer index validity check.
|
||||
- bnxt_en: Reset device on RX buffer errors.
|
||||
- net: ip_gre: fix possible use-after-free in erspan_rcv
|
||||
- net: ip6_gre: fix possible use-after-free in ip6erspan_rcv
|
||||
- net: core: netif_receive_skb_list: unlist skb before passing to pt->func
|
||||
- r8169: disable default rx interrupt coalescing on RTL8168
|
||||
- net: mlx5: Add a missing check on idr_find, free buf
|
||||
- net/mlx5e: Update xoff formula
|
||||
- net/mlx5e: Update xon formula
|
||||
- kbuild: deb-pkg: fix bindeb-pkg breakage when O= is used
|
||||
- netfilter: nfnetlink_cttimeout: pass default timeout policy to
|
||||
obj_to_nlattr
|
||||
- netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too
|
||||
- [arm64] kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region
|
||||
- [x86] tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486)
|
||||
- tty: ldisc: add sysctl to prevent autoloading of ldiscs
|
||||
- ACPICA: Clear status of GPEs before enabling them
|
||||
- ACPICA: Namespace: remove address node from global list after method
|
||||
termination
|
||||
- ALSA: seq: Fix OOB-reads from strlcpy
|
||||
- [x86] ALSA: hda/realtek: Enable headset MIC of Acer TravelMate B114-21
|
||||
with ALC233
|
||||
- [x86] ALSA: hda/realtek - Add quirk for Tuxedo XC 1509
|
||||
- [x86] ALSA: hda - Add two more machines to the power_save_blacklist
|
||||
- mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd()
|
||||
- [arm64] dts: rockchip: fix rk3328 sdmmc0 write errors
|
||||
- [hppa] Detect QEMU earlier in boot process
|
||||
- [hppa] regs_return_value() should return gpr28
|
||||
- [hppa] also set iaoq_b in instruction_pointer_set()
|
||||
- alarmtimer: Return correct remaining time
|
||||
- drm/udl: add a release method and delay modeset teardown
|
||||
- [x86] kvm: svm: fix potential get_num_contig_pages overflow
|
||||
- include/linux/bitrev.h: fix constant bitrev
|
||||
- mm: writeback: use exact memcg dirty counts
|
||||
- [x86] ASoC: intel: Fix crash at suspend/resume after failed codec
|
||||
registration
|
||||
- Btrfs: do not allow trimming when a fs is mounted with the nologreplay
|
||||
option
|
||||
- btrfs: prop: fix zstd compression parameter validation
|
||||
- btrfs: prop: fix vanished compression property after failed set
|
||||
- [riscv64] Fix syscall_get_arguments() and syscall_set_arguments()
|
||||
- block: do not leak memory in bio_copy_user_iov()
|
||||
- block: fix the return errno for direct IO
|
||||
- genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
|
||||
- genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n
|
||||
- virtio: Honour 'may_reduce_num' in vring_create_virtqueue
|
||||
- [armhf] dts: rockchip: fix rk3288 cpu opp node reference
|
||||
- [armhf] dts: am335x-evmsk: Correct the regulators for the audio codec
|
||||
- [armhf] dts: am335x-evm: Correct the regulators for the audio codec
|
||||
- [arm64] futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
|
||||
- [arm64] dts: rockchip: fix rk3328 rgmii high tx error rate
|
||||
- [arm64] backtrace: Don't bother trying to unwind the userspace stack
|
||||
- xen: Prevent buffer overflow in privcmd ioctl
|
||||
- sched/fair: Do not re-read ->h_load_next during hierarchical load
|
||||
calculation
|
||||
- [x86] asm: Use stricter assembly constraints in bitops
|
||||
- [x86] perf/amd: Resolve race condition when disabling PMC
|
||||
- [x86] perf/amd: Resolve NMI latency issues for active PMCs
|
||||
- [x86] perf/amd: Remove need to check "running" bit in NMI handler
|
||||
- PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
|
||||
- PCI: pciehp: Ignore Link State Changes after powering off a slot
|
||||
- dm integrity: change memcmp to strncmp in dm_integrity_ctr
|
||||
- dm: revert 8f50e358153d ("dm: limit the max bio size as BIO_MAX_PAGES *
|
||||
PAGE_SIZE")
|
||||
- dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors
|
||||
- dm integrity: fix deadlock with overlapping I/O
|
||||
- [arm64] dts: rockchip: fix vcc_host1_5v pin assign on rk3328-rock64
|
||||
- [arm64] dts: rockchip: Fix vcc_host1_5v GPIO polarity on rk3328-rock64
|
||||
- ACPICA: AML interpreter: add region addresses in global list during
|
||||
initialization
|
||||
- [x86] KVM: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
|
||||
- [x86] KVM: nVMX: fix x2APIC VTPR read intercept
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.36
|
||||
- inotify: Fix fsnotify_mark refcount leak in
|
||||
inotify_update_existing_watch() (CVE-2019-9857)
|
||||
- perf/core: Restore mmap record type correctly
|
||||
- ext4: avoid panic during forced reboot
|
||||
- ext4: add missing brelse() in add_new_gdb_meta_bg()
|
||||
- ext4: report real fs size after failed resize
|
||||
- ALSA: echoaudio: add a check for ioremap_nocache
|
||||
- [i386,alpha] ALSA: sb8: add a check for request_region
|
||||
- drm/udl: use drm_gem_object_put_unlocked.
|
||||
- IB/mlx4: Fix race condition between catas error reset and aliasguid flows
|
||||
- i40iw: Avoid panic when handling the inetdev event
|
||||
- [i386,alpha] ALSA: opl3: fix mismatch between snd_opl3_drum_switch
|
||||
definition and declaration
|
||||
- [x86] thermal/intel_powerclamp: fix __percpu declaration of worker_data
|
||||
- [arm*] thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs
|
||||
- [x86] thermal/int340x_thermal: Add additional UUIDs
|
||||
- [x86] thermal/int340x_thermal: fix mode setting
|
||||
- [x86] thermal/intel_powerclamp: fix truncated kthread name
|
||||
- scsi: iscsi: flush running unbind operations when removing a session
|
||||
- sched/cpufreq: Fix 32-bit math overflow
|
||||
- sched/core: Fix buffer overflow in cgroup2 property cpu.max
|
||||
- [x86] mm: Don't leak kernel addresses
|
||||
- [x86] tools/power turbostat: return the exit status of a command
|
||||
- perf list: Don't forget to drop the reference to the allocated thread_map
|
||||
- perf config: Fix an error in the config template documentation
|
||||
- perf config: Fix a memory leak in collect_config()
|
||||
- perf build-id: Fix memory leak in print_sdt_events()
|
||||
- perf top: Fix error handling in cmd_top()
|
||||
- perf hist: Add missing map__put() in error case
|
||||
- perf evsel: Free evsel->counts in perf_evsel__exit()
|
||||
- ACPI / utils: Drop reference in test for device presence
|
||||
- PM / Domains: Avoid a potential deadlock
|
||||
- [armhf] drm/exynos/mixer: fix MIXER shadow registry synchronisation code
|
||||
- [arm64] irqchip/mbigen: Don't clear eventid when freeing an MSI
|
||||
- [x86] hpet: Prevent potential NULL pointer dereference
|
||||
- [x86] hyperv: Prevent potential NULL pointer dereference
|
||||
- [i386] cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
|
||||
- drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure
|
||||
- [x86] iommu/vt-d: Check capability before disabling protected memory
|
||||
- [x86] hw_breakpoints: Make default case in hw_breakpoint_arch_parse()
|
||||
return an error
|
||||
- fix incorrect error code mapping for OBJECTID_NOT_FOUND
|
||||
- [x86] gart: Exclude GART aperture from kcore
|
||||
- ext4: prohibit fstrim in norecovery mode
|
||||
- drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up
|
||||
- rsi: improve kernel thread handling to fix kernel panic
|
||||
- f2fs: fix to avoid NULL pointer dereference on se->discard_map
|
||||
- 9p: do not trust pdu content for stat item size
|
||||
- 9p locks: add mount option for lock retry interval
|
||||
- ASoC: Fix UBSAN warning at snd_soc_get/put_volsw_sx()
|
||||
- f2fs: fix to do sanity check with current segment number
|
||||
- netfilter: xt_cgroup: shrink size of v2 path
|
||||
- [arm64] serial: uartps: console_setup() can't be placed to init section
|
||||
- [powerpc*] pseries: Remove prrn_work workqueue
|
||||
- media: au0828: cannot kfree dev before usb disconnect
|
||||
- Bluetooth: Fix debugfs NULL pointer dereference
|
||||
- HID: i2c-hid: override HID descriptors for certain devices
|
||||
- pinctrl: core: make sure strcmp() doesn't get a null parameter
|
||||
- usbip: fix vhci_hcd controller counting
|
||||
- [x86] ACPI / SBS: Fix GPE storm on recent MacBookPro's
|
||||
- HID: usbhid: Add quirk for Redragon/Dragonrise Seymur 2
|
||||
- [x86] KVM: nVMX: restore host state in nested_vmx_vmexit for VMFail
|
||||
- netfilter: nf_flow_table: remove flowtable hook flush routine in netns
|
||||
exit routine
|
||||
- f2fs: cleanup dirty pages if recover failed
|
||||
- [armhf,arm64] net: stmmac: Set OWN bit for jumbo frames
|
||||
- cifs: fallback to older infolevels on findfirst queryinfo retry
|
||||
- kernel: hung_task.c: disable on suspend
|
||||
- drm/ttm: Fix bo_global and mem_global kfree error
|
||||
- [x86] ALSA: hda: fix front speakers on Huawei MBXP
|
||||
- ACPI: EC / PM: Disable non-wakeup GPEs for suspend-to-idle
|
||||
- net/rds: fix warn in rds_message_alloc_sgs
|
||||
- xfrm: destroy xfrm_state synchronously on net exit path
|
||||
- net: ip6_gre: fix possible NULL pointer dereference in
|
||||
ip6erspan_set_version
|
||||
- [x86] iommu/dmar: Fix buffer overflow during PCI bus notification
|
||||
- scsi: core: Avoid that system resume triggers a kernel warning
|
||||
- [armhf,arm64] soc/tegra: pmc: Drop locking from
|
||||
tegra_powergate_is_powered()
|
||||
- Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk"
|
||||
- [arm64] coresight: cpu-debug: Support for CA73 CPUs
|
||||
- [x86] PCI: Blacklist power management of Gigabyte X299 DESIGNARE EX PCIe
|
||||
ports
|
||||
- drm/nouveau/volt/gf117: fix speedo readout register
|
||||
- [armel,armhf] 8839/1: kprobe: make patch_lock a raw_spinlock_t
|
||||
- [x86] drm/amdkfd: use init_mqd function to allocate object for hid_mqd
|
||||
(CI)
|
||||
- appletalk: Fix use-after-free in atalk_proc_exit
|
||||
- lib/div64.c: off by one in shift
|
||||
- rxrpc: Fix client call connect/disconnect race
|
||||
- f2fs: fix to dirty inode for i_mode recovery
|
||||
- include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
|
||||
- bpf: fix use after free in bpf_evict_inode
|
||||
- IB/hfi1: Failed to drain send queue when QP is put into error state
|
||||
- mm: hide incomplete nr_indirectly_reclaimable in /proc/zoneinfo
|
||||
- mm: hide incomplete nr_indirectly_reclaimable in sysfs
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37
|
||||
- bonding: fix event handling for stacked bonds
|
||||
- failover: allow name change on IFF_UP slave interfaces
|
||||
- net: atm: Fix potential Spectre v1 vulnerabilities (CVE-2017-5715)
|
||||
- net: bridge: fix per-port af_packet sockets
|
||||
- net: bridge: multicast: use rcu to access port list from
|
||||
br_multicast_start_querier
|
||||
- net: Fix missing meta data in skb with vlan packet
|
||||
- net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
|
||||
- tcp: tcp_grow_window() needs to respect tcp_space()
|
||||
- team: set slave to promisc if team is already in promisc mode
|
||||
- tipc: missing entries in name table of publications
|
||||
- vhost: reject zero size iova range
|
||||
- ipv4: recompile ip options in ipv4_link_failure
|
||||
- ipv4: ensure rcu_read_lock() in ipv4_link_failure()
|
||||
- [arm64] net: thunderx: raise XDP MTU to 1508
|
||||
- [arm64] net: thunderx: don't allow jumbo frames with XDP
|
||||
- net/mlx5: FPGA, tls, hold rcu read lock a bit longer
|
||||
- net/mlx5: FPGA, tls, idr remove on flow delete
|
||||
- route: Avoid crash from dereferencing NULL rt->from
|
||||
- sch_cake: Use tc_skb_protocol() helper for getting packet protocol
|
||||
- sch_cake: Make sure we can write the IP header before changing DSCP bits
|
||||
- nfp: flower: replace CFI with vlan present
|
||||
- nfp: flower: remove vlan CFI bit from push vlan action
|
||||
- sch_cake: Simplify logic in cake_select_tin()
|
||||
- net: IP defrag: encapsulate rbtree defrag code into callable functions
|
||||
- net: IP6 defrag: use rbtrees for IPv6 defrag
|
||||
- net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c
|
||||
- CIFS: keep FileInfo handle live during oplock break
|
||||
- cifs: Fix use-after-free in SMB2_write
|
||||
- cifs: Fix use-after-free in SMB2_read
|
||||
- cifs: fix handle leak in smb2_query_symlink()
|
||||
- [x86] KVM: Don't clear EFER during SMM transitions for 32-bit vCPU
|
||||
- [x86] KVM: svm: make sure NMI is injected after nmi_singlestep
|
||||
- [x86] iio/gyro/bmg160: Use millidegrees for temperature scale
|
||||
- iio: Fix scan mask selection
|
||||
- iio: core: fix a possible circular locking dependency
|
||||
- [x86] iio: accel: kxcjk-1013: restore the range after resume.
|
||||
- [x86] staging: comedi: vmk80xx: Fix use of uninitialized semaphore
|
||||
- [x86] staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
|
||||
- [x86] staging: comedi: ni_usb6501: Fix use of uninitialized mutex
|
||||
- [x86] staging: comedi: ni_usb6501: Fix possible double-free of
|
||||
->usb_rx_buf
|
||||
- [x86] ALSA: hda/realtek - add two more pin configuration sets to quirk
|
||||
table
|
||||
- ALSA: core: Fix card races between register and disconnect
|
||||
- [x86] Input: elan_i2c - add hardware ID for multiple Lenovo laptops
|
||||
- vt: fix cursor when clearing the screen
|
||||
- scsi: core: set result when the command cannot be dispatched
|
||||
- Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO"
|
||||
- [x86] Revert "svm: Fix AVIC incomplete IPI emulation"
|
||||
- coredump: fix race condition between mmget_not_zero()/get_task_mm() and
|
||||
core dumping (CVE-2019-3892)
|
||||
- ipmi: fix sleep-in-atomic in free_user at cleanup SRCU
|
||||
user->release_barrier
|
||||
- [x86] crypto: poly1305 - fix overflow during partial reduction
|
||||
- drm/ttm: fix out-of-bounds read in ttm_put_pages() v2
|
||||
- [arm64] futex: Restore oldval initialization to work around buggy
|
||||
compilers
|
||||
- [x86] kprobes: Verify stack frame on kretprobe
|
||||
- kprobes: Mark ftrace mcount handler functions nokprobe
|
||||
- kprobes: Fix error check when reusing optimized probes
|
||||
- rt2x00: do not increment sequence number while re-transmitting
|
||||
- mac80211: do not call driver wake_tx_queue op during reconfig
|
||||
- drm/amdgpu/gmc9: fix VM_L2_CNTL3 programming
|
||||
- [x86] perf/amd: Add event map for AMD Family 17h
|
||||
- [x86] cpu/bugs: Use __initconst for 'const' init data
|
||||
- [x86] perf: Fix incorrect PEBS_REGS
|
||||
- [x86] speculation: Prevent deadlock on ssb_state::lock
|
||||
- timers/sched_clock: Prevent generic sched_clock wrap caused by
|
||||
tick_freeze()
|
||||
- nfit/ars: Remove ars_start_flags
|
||||
- nfit/ars: Introduce scrub_flags
|
||||
- nfit/ars: Allow root to busy-poll the ARS state machine
|
||||
- nfit/ars: Avoid stale ARS results
|
||||
- mmc: sdhci: Fix data command CRC error handling
|
||||
- mmc: sdhci: Handle auto-command errors
|
||||
- modpost: file2alias: go back to simple devtable lookup
|
||||
- modpost: file2alias: check prototype of handler
|
||||
- [x86] tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
|
||||
- tpm: Fix the type of the return value in calc_tpm2_event_size()
|
||||
- sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
|
||||
- device_cgroup: fix RCU imbalance in error case
|
||||
- ALSA: info: Fix racy addition/deletion of nodes
|
||||
- [armhf] ASoC: rockchip: add missing INTERLEAVED PCM attribute
|
||||
- i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array
|
||||
- kernel/sysctl.c: fix out-of-bounds access when setting file-max
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* debian/bin/abiupdate.py: Automatically select the correct archive to fetch
|
||||
|
@ -827,12 +1108,7 @@ linux (4.19.34-1) UNRELEASED; urgency=medium
|
|||
[ Salvatore Bonaccorso ]
|
||||
* xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
|
||||
(CVE-2015-8553)
|
||||
* ACPICA: Namespace: remove address node from global list after method
|
||||
termination
|
||||
* inotify: Fix fsnotify_mark refcount leak in
|
||||
inotify_update_existing_watch() (CVE-2019-9857)
|
||||
* [x86] Disable R3964 due to lack of security support
|
||||
* tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486)
|
||||
|
||||
[ Aurelien Jarno ]
|
||||
* [mips] Fix indirect syscall tracing & seccomp filtering for big endian
|
||||
|
|
|
@ -25,15 +25,15 @@ Tested-by: Mike Galbraith <efault@gmx.de>
|
|||
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
|
||||
Link: https://lkml.kernel.org/r/20190107125231.GE14122@hirez.programming.kicks-ass.net
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
[bwh: Adjusted to apply on top of commit c3edd427d538
|
||||
"sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup"]
|
||||
---
|
||||
kernel/sched/fair.c | 30 ++++++++++++++++--------------
|
||||
1 file changed, 16 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
|
||||
index f7c375d1e601..6afda059e882 100644
|
||||
--- a/kernel/sched/fair.c
|
||||
+++ b/kernel/sched/fair.c
|
||||
@@ -4553,7 +4553,7 @@ static u64 distribute_cfs_runtime(struct cfs_bandwidth *cfs_b,
|
||||
@@ -4553,7 +4553,7 @@ static u64 distribute_cfs_runtime(struct
|
||||
struct rq *rq = rq_of(cfs_rq);
|
||||
struct rq_flags rf;
|
||||
|
||||
|
@ -42,7 +42,7 @@ index f7c375d1e601..6afda059e882 100644
|
|||
if (!cfs_rq_throttled(cfs_rq))
|
||||
goto next;
|
||||
|
||||
@@ -4570,7 +4570,7 @@ static u64 distribute_cfs_runtime(struct cfs_bandwidth *cfs_b,
|
||||
@@ -4570,7 +4570,7 @@ static u64 distribute_cfs_runtime(struct
|
||||
unthrottle_cfs_rq(cfs_rq);
|
||||
|
||||
next:
|
||||
|
@ -51,7 +51,7 @@ index f7c375d1e601..6afda059e882 100644
|
|||
|
||||
if (!remaining)
|
||||
break;
|
||||
@@ -4586,7 +4586,7 @@ static u64 distribute_cfs_runtime(struct cfs_bandwidth *cfs_b,
|
||||
@@ -4586,7 +4586,7 @@ next:
|
||||
* period the timer is deactivated until scheduling resumes; cfs_b->idle is
|
||||
* used to track this state.
|
||||
*/
|
||||
|
@ -60,7 +60,7 @@ index f7c375d1e601..6afda059e882 100644
|
|||
{
|
||||
u64 runtime, runtime_expires;
|
||||
int throttled;
|
||||
@@ -4628,11 +4628,11 @@ static int do_sched_cfs_period_timer(struct cfs_bandwidth *cfs_b, int overrun)
|
||||
@@ -4628,11 +4628,11 @@ static int do_sched_cfs_period_timer(str
|
||||
while (throttled && cfs_b->runtime > 0 && !cfs_b->distribute_running) {
|
||||
runtime = cfs_b->runtime;
|
||||
cfs_b->distribute_running = 1;
|
||||
|
@ -74,7 +74,7 @@ index f7c375d1e601..6afda059e882 100644
|
|||
|
||||
cfs_b->distribute_running = 0;
|
||||
throttled = !list_empty(&cfs_b->throttled_cfs_rq);
|
||||
@@ -4741,17 +4741,18 @@ static __always_inline void return_cfs_rq_runtime(struct cfs_rq *cfs_rq)
|
||||
@@ -4741,17 +4741,18 @@ static __always_inline void return_cfs_r
|
||||
static void do_sched_cfs_slack_timer(struct cfs_bandwidth *cfs_b)
|
||||
{
|
||||
u64 runtime = 0, slice = sched_cfs_bandwidth_slice();
|
||||
|
@ -96,7 +96,7 @@ index f7c375d1e601..6afda059e882 100644
|
|||
return;
|
||||
}
|
||||
|
||||
@@ -4762,18 +4763,18 @@ static void do_sched_cfs_slack_timer(struct cfs_bandwidth *cfs_b)
|
||||
@@ -4762,18 +4763,18 @@ static void do_sched_cfs_slack_timer(str
|
||||
if (runtime)
|
||||
cfs_b->distribute_running = 1;
|
||||
|
||||
|
@ -118,20 +118,23 @@ index f7c375d1e601..6afda059e882 100644
|
|||
}
|
||||
|
||||
/*
|
||||
@@ -4851,20 +4852,21 @@ static enum hrtimer_restart sched_cfs_period_timer(struct hrtimer *timer)
|
||||
@@ -4853,11 +4854,12 @@ static enum hrtimer_restart sched_cfs_pe
|
||||
{
|
||||
struct cfs_bandwidth *cfs_b =
|
||||
container_of(timer, struct cfs_bandwidth, period_timer);
|
||||
+ unsigned long flags;
|
||||
int overrun;
|
||||
int idle = 0;
|
||||
int count = 0;
|
||||
|
||||
- raw_spin_lock(&cfs_b->lock);
|
||||
+ raw_spin_lock_irqsave(&cfs_b->lock, flags);
|
||||
for (;;) {
|
||||
overrun = hrtimer_forward_now(timer, cfs_b->period);
|
||||
if (!overrun)
|
||||
break;
|
||||
@@ -4885,11 +4887,11 @@ static enum hrtimer_restart sched_cfs_pe
|
||||
count = 0;
|
||||
}
|
||||
|
||||
- idle = do_sched_cfs_period_timer(cfs_b, overrun);
|
||||
+ idle = do_sched_cfs_period_timer(cfs_b, overrun, flags);
|
||||
|
@ -143,6 +146,3 @@ index f7c375d1e601..6afda059e882 100644
|
|||
|
||||
return idle ? HRTIMER_NORESTART : HRTIMER_RESTART;
|
||||
}
|
||||
--
|
||||
2.20.1
|
||||
|
||||
|
|
|
@ -1,76 +0,0 @@
|
|||
From c04aa401b3b76817b02a653adeeb221b31c0769b Mon Sep 17 00:00:00 2001
|
||||
From: Yang Shi <yang.shi@linaro.org>
|
||||
Date: Thu, 10 Nov 2016 16:17:55 -0800
|
||||
Subject: [PATCH 014/266] arm: kprobe: replace patch_lock to raw lock
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patches-4.19.31-rt18.tar.xz
|
||||
|
||||
When running kprobe on -rt kernel, the below bug is caught:
|
||||
|
||||
BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:931
|
||||
in_atomic(): 1, irqs_disabled(): 128, pid: 14, name: migration/0
|
||||
INFO: lockdep is turned off.
|
||||
irq event stamp: 238
|
||||
hardirqs last enabled at (237): [<80b5aecc>] _raw_spin_unlock_irqrestore+0x88/0x90
|
||||
hardirqs last disabled at (238): [<80b56d88>] __schedule+0xec/0x94c
|
||||
softirqs last enabled at (0): [<80225584>] copy_process.part.5+0x30c/0x1994
|
||||
softirqs last disabled at (0): [< (null)>] (null)
|
||||
Preemption disabled at:[<802f2b98>] cpu_stopper_thread+0xc0/0x140
|
||||
|
||||
CPU: 0 PID: 14 Comm: migration/0 Tainted: G O 4.8.3-rt2 #1
|
||||
Hardware name: Freescale LS1021A
|
||||
[<80212e7c>] (unwind_backtrace) from [<8020cd2c>] (show_stack+0x20/0x24)
|
||||
[<8020cd2c>] (show_stack) from [<80689e14>] (dump_stack+0xa0/0xcc)
|
||||
[<80689e14>] (dump_stack) from [<8025a43c>] (___might_sleep+0x1b8/0x2a4)
|
||||
[<8025a43c>] (___might_sleep) from [<80b5b324>] (rt_spin_lock+0x34/0x74)
|
||||
[<80b5b324>] (rt_spin_lock) from [<80b5c31c>] (__patch_text_real+0x70/0xe8)
|
||||
[<80b5c31c>] (__patch_text_real) from [<80b5c3ac>] (patch_text_stop_machine+0x18/0x20)
|
||||
[<80b5c3ac>] (patch_text_stop_machine) from [<802f2920>] (multi_cpu_stop+0xfc/0x134)
|
||||
[<802f2920>] (multi_cpu_stop) from [<802f2ba0>] (cpu_stopper_thread+0xc8/0x140)
|
||||
[<802f2ba0>] (cpu_stopper_thread) from [<802563a4>] (smpboot_thread_fn+0x1a4/0x354)
|
||||
[<802563a4>] (smpboot_thread_fn) from [<80251d38>] (kthread+0x104/0x11c)
|
||||
[<80251d38>] (kthread) from [<80207f70>] (ret_from_fork+0x14/0x24)
|
||||
|
||||
Since patch_text_stop_machine() is called in stop_machine() which disables IRQ,
|
||||
sleepable lock should be not used in this atomic context, so replace patch_lock
|
||||
to raw lock.
|
||||
|
||||
Signed-off-by: Yang Shi <yang.shi@linaro.org>
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
---
|
||||
arch/arm/kernel/patch.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/arch/arm/kernel/patch.c b/arch/arm/kernel/patch.c
|
||||
index a50dc00d79a2..d0a05a3bdb96 100644
|
||||
--- a/arch/arm/kernel/patch.c
|
||||
+++ b/arch/arm/kernel/patch.c
|
||||
@@ -16,7 +16,7 @@ struct patch {
|
||||
unsigned int insn;
|
||||
};
|
||||
|
||||
-static DEFINE_SPINLOCK(patch_lock);
|
||||
+static DEFINE_RAW_SPINLOCK(patch_lock);
|
||||
|
||||
static void __kprobes *patch_map(void *addr, int fixmap, unsigned long *flags)
|
||||
__acquires(&patch_lock)
|
||||
@@ -33,7 +33,7 @@ static void __kprobes *patch_map(void *addr, int fixmap, unsigned long *flags)
|
||||
return addr;
|
||||
|
||||
if (flags)
|
||||
- spin_lock_irqsave(&patch_lock, *flags);
|
||||
+ raw_spin_lock_irqsave(&patch_lock, *flags);
|
||||
else
|
||||
__acquire(&patch_lock);
|
||||
|
||||
@@ -48,7 +48,7 @@ static void __kprobes patch_unmap(int fixmap, unsigned long *flags)
|
||||
clear_fixmap(fixmap);
|
||||
|
||||
if (flags)
|
||||
- spin_unlock_irqrestore(&patch_lock, *flags);
|
||||
+ raw_spin_unlock_irqrestore(&patch_lock, *flags);
|
||||
else
|
||||
__release(&patch_lock);
|
||||
}
|
||||
--
|
||||
2.20.1
|
||||
|
|
@ -8,6 +8,8 @@ Takes sleeping locks and calls into the memory allocator, so nothing
|
|||
we want to do in task switch and oder atomic contexts.
|
||||
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
[bwh: Adjusted to apply on top of commit 6ff17bc5936e "coredump: fix race
|
||||
condition between mmget_not_zero()/get_task_mm() and core dumping"]
|
||||
---
|
||||
include/linux/mm_types.h | 4 ++++
|
||||
include/linux/sched/mm.h | 11 +++++++++++
|
||||
|
@ -15,8 +17,6 @@ Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|||
kernel/sched/core.c | 18 ++++++++++++++++--
|
||||
4 files changed, 44 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
|
||||
index 5ed8f6292a53..f430cf0a377e 100644
|
||||
--- a/include/linux/mm_types.h
|
||||
+++ b/include/linux/mm_types.h
|
||||
@@ -12,6 +12,7 @@
|
||||
|
@ -27,7 +27,7 @@ index 5ed8f6292a53..f430cf0a377e 100644
|
|||
#include <linux/page-flags-layout.h>
|
||||
#include <linux/workqueue.h>
|
||||
|
||||
@@ -482,6 +483,9 @@ struct mm_struct {
|
||||
@@ -484,6 +485,9 @@ struct mm_struct {
|
||||
bool tlb_flush_batched;
|
||||
#endif
|
||||
struct uprobes_state uprobes_state;
|
||||
|
@ -37,11 +37,9 @@ index 5ed8f6292a53..f430cf0a377e 100644
|
|||
#ifdef CONFIG_HUGETLB_PAGE
|
||||
atomic_long_t hugetlb_usage;
|
||||
#endif
|
||||
diff --git a/include/linux/sched/mm.h b/include/linux/sched/mm.h
|
||||
index aebb370a0006..d3db98d1fc49 100644
|
||||
--- a/include/linux/sched/mm.h
|
||||
+++ b/include/linux/sched/mm.h
|
||||
@@ -49,6 +49,17 @@ static inline void mmdrop(struct mm_struct *mm)
|
||||
@@ -49,6 +49,17 @@ static inline void mmdrop(struct mm_stru
|
||||
__mmdrop(mm);
|
||||
}
|
||||
|
||||
|
@ -56,14 +54,12 @@ index aebb370a0006..d3db98d1fc49 100644
|
|||
+# define mmdrop_delayed(mm) mmdrop(mm)
|
||||
+#endif
|
||||
+
|
||||
/**
|
||||
* mmget() - Pin the address space associated with a &struct mm_struct.
|
||||
* @mm: The address space to pin.
|
||||
diff --git a/kernel/fork.c b/kernel/fork.c
|
||||
index b7e0aac93ee5..857ce1a7269f 100644
|
||||
/*
|
||||
* This has to be called after a get_task_mm()/mmget_not_zero()
|
||||
* followed by taking the mmap_sem for writing before modifying the
|
||||
--- a/kernel/fork.c
|
||||
+++ b/kernel/fork.c
|
||||
@@ -637,6 +637,19 @@ void __mmdrop(struct mm_struct *mm)
|
||||
@@ -642,6 +642,19 @@ void __mmdrop(struct mm_struct *mm)
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(__mmdrop);
|
||||
|
||||
|
@ -83,11 +79,9 @@ index b7e0aac93ee5..857ce1a7269f 100644
|
|||
static void mmdrop_async_fn(struct work_struct *work)
|
||||
{
|
||||
struct mm_struct *mm;
|
||||
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
|
||||
index b9c91231d19d..1c791181915d 100644
|
||||
--- a/kernel/sched/core.c
|
||||
+++ b/kernel/sched/core.c
|
||||
@@ -2728,9 +2728,13 @@ static struct rq *finish_task_switch(struct task_struct *prev)
|
||||
@@ -2729,9 +2729,13 @@ static struct rq *finish_task_switch(str
|
||||
* provided by mmdrop(),
|
||||
* - a sync_core for SYNC_CORE.
|
||||
*/
|
||||
|
@ -102,7 +96,7 @@ index b9c91231d19d..1c791181915d 100644
|
|||
}
|
||||
if (unlikely(prev_state == TASK_DEAD)) {
|
||||
if (prev->sched_class->task_dead)
|
||||
@@ -5558,6 +5562,8 @@ void sched_setnuma(struct task_struct *p, int nid)
|
||||
@@ -5560,6 +5564,8 @@ void sched_setnuma(struct task_struct *p
|
||||
#endif /* CONFIG_NUMA_BALANCING */
|
||||
|
||||
#ifdef CONFIG_HOTPLUG_CPU
|
||||
|
@ -111,7 +105,7 @@ index b9c91231d19d..1c791181915d 100644
|
|||
/*
|
||||
* Ensure that the idle task is using init_mm right before its CPU goes
|
||||
* offline.
|
||||
@@ -5573,7 +5579,11 @@ void idle_task_exit(void)
|
||||
@@ -5575,7 +5581,11 @@ void idle_task_exit(void)
|
||||
current->active_mm = &init_mm;
|
||||
finish_arch_post_lock_switch();
|
||||
}
|
||||
|
@ -124,7 +118,7 @@ index b9c91231d19d..1c791181915d 100644
|
|||
}
|
||||
|
||||
/*
|
||||
@@ -5885,6 +5895,10 @@ int sched_cpu_dying(unsigned int cpu)
|
||||
@@ -5887,6 +5897,10 @@ int sched_cpu_dying(unsigned int cpu)
|
||||
update_max_interval();
|
||||
nohz_balance_exit_idle(rq);
|
||||
hrtick_clear(rq);
|
||||
|
@ -135,6 +129,3 @@ index b9c91231d19d..1c791181915d 100644
|
|||
return 0;
|
||||
}
|
||||
#endif
|
||||
--
|
||||
2.20.1
|
||||
|
||||
|
|
|
@ -21,11 +21,9 @@ Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|||
net/core/dev.c | 34 ++++++++++++++++++++--------------
|
||||
1 file changed, 20 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/net/core/dev.c b/net/core/dev.c
|
||||
index 7d3f923a0436..5e42a8640e98 100644
|
||||
--- a/net/core/dev.c
|
||||
+++ b/net/core/dev.c
|
||||
@@ -195,6 +195,7 @@ static unsigned int napi_gen_id = NR_CPUS;
|
||||
@@ -195,6 +195,7 @@ static unsigned int napi_gen_id = NR_CPU
|
||||
static DEFINE_READ_MOSTLY_HASHTABLE(napi_hash, 8);
|
||||
|
||||
static seqcount_t devnet_rename_seq;
|
||||
|
@ -33,7 +31,7 @@ index 7d3f923a0436..5e42a8640e98 100644
|
|||
|
||||
static inline void dev_base_seq_inc(struct net *net)
|
||||
{
|
||||
@@ -920,7 +921,8 @@ int netdev_get_name(struct net *net, char *name, int ifindex)
|
||||
@@ -920,7 +921,8 @@ retry:
|
||||
strcpy(name, dev->name);
|
||||
rcu_read_unlock();
|
||||
if (read_seqcount_retry(&devnet_rename_seq, seq)) {
|
||||
|
@ -43,8 +41,8 @@ index 7d3f923a0436..5e42a8640e98 100644
|
|||
goto retry;
|
||||
}
|
||||
|
||||
@@ -1183,20 +1185,17 @@ int dev_change_name(struct net_device *dev, const char *newname)
|
||||
if (dev->flags & IFF_UP)
|
||||
@@ -1197,20 +1199,17 @@ int dev_change_name(struct net_device *d
|
||||
likely(!(dev->priv_flags & IFF_LIVE_RENAME_OK)))
|
||||
return -EBUSY;
|
||||
|
||||
- write_seqcount_begin(&devnet_rename_seq);
|
||||
|
@ -70,7 +68,7 @@ index 7d3f923a0436..5e42a8640e98 100644
|
|||
|
||||
if (oldname[0] && !strchr(oldname, '%'))
|
||||
netdev_info(dev, "renamed from %s\n", oldname);
|
||||
@@ -1209,11 +1208,12 @@ int dev_change_name(struct net_device *dev, const char *newname)
|
||||
@@ -1223,11 +1222,12 @@ rollback:
|
||||
if (ret) {
|
||||
memcpy(dev->name, oldname, IFNAMSIZ);
|
||||
dev->name_assign_type = old_assign_type;
|
||||
|
@ -86,7 +84,7 @@ index 7d3f923a0436..5e42a8640e98 100644
|
|||
|
||||
netdev_adjacent_rename_links(dev, oldname);
|
||||
|
||||
@@ -1234,7 +1234,8 @@ int dev_change_name(struct net_device *dev, const char *newname)
|
||||
@@ -1248,7 +1248,8 @@ rollback:
|
||||
/* err >= 0 after dev_alloc_name() or stores the first errno */
|
||||
if (err >= 0) {
|
||||
err = ret;
|
||||
|
@ -96,7 +94,7 @@ index 7d3f923a0436..5e42a8640e98 100644
|
|||
memcpy(dev->name, oldname, IFNAMSIZ);
|
||||
memcpy(oldname, newname, IFNAMSIZ);
|
||||
dev->name_assign_type = old_assign_type;
|
||||
@@ -1247,6 +1248,11 @@ int dev_change_name(struct net_device *dev, const char *newname)
|
||||
@@ -1261,6 +1262,11 @@ rollback:
|
||||
}
|
||||
|
||||
return err;
|
||||
|
@ -108,6 +106,3 @@ index 7d3f923a0436..5e42a8640e98 100644
|
|||
}
|
||||
|
||||
/**
|
||||
--
|
||||
2.20.1
|
||||
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
0011-sched-fair-Robustify-CFS-bandwidth-timer-locking.patch
|
||||
0012-arm-Convert-arm-boot_lock-to-raw.patch
|
||||
0013-x86-ioapic-Don-t-let-setaffinity-unmask-threaded-EOI.patch
|
||||
0014-arm-kprobe-replace-patch_lock-to-raw-lock.patch
|
||||
0016-cgroup-use-irqsave-in-cgroup_rstat_flush_locked.patch
|
||||
0017-fscache-initialize-cookie-hash-table-raw-spinlocks.patch
|
||||
0018-Drivers-hv-vmbus-include-header-for-get_irq_regs.patch
|
||||
|
|
|
@ -1,63 +0,0 @@
|
|||
From: Erik Schmauss <erik.schmauss@intel.com>
|
||||
Date: Mon, 8 Apr 2019 13:42:26 -0700
|
||||
Subject: ACPICA: Namespace: remove address node from global list after method
|
||||
termination
|
||||
Origin: https://git.kernel.org/linus/c5781ffbbd4f742a58263458145fe7f0ac01d9e0
|
||||
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=202475
|
||||
|
||||
ACPICA commit b233720031a480abd438f2e9c643080929d144c3
|
||||
|
||||
ASL operation_regions declare a range of addresses that it uses. In a
|
||||
perfect world, the range of addresses should be used exclusively by
|
||||
the AML interpreter. The OS can use this information to decide which
|
||||
drivers to load so that the AML interpreter and device drivers use
|
||||
different regions of memory.
|
||||
|
||||
During table load, the address information is added to a global
|
||||
address range list. Each node in this list contains an address range
|
||||
as well as a namespace node of the operation_region. This list is
|
||||
deleted at ACPI shutdown.
|
||||
|
||||
Unfortunately, ASL operation_regions can be declared inside of control
|
||||
methods. Although this is not recommended, modern firmware contains
|
||||
such code. New module level code changes unintentionally removed the
|
||||
functionality of adding and removing nodes to the global address
|
||||
range list.
|
||||
|
||||
A few months ago, support for adding addresses has been re-
|
||||
implemented. However, the removal of the address range list was
|
||||
missed and resulted in some systems to crash due to the address list
|
||||
containing bogus namespace nodes from operation_regions declared in
|
||||
control methods. In order to fix the crash, this change removes
|
||||
dynamic operation_regions after control method termination.
|
||||
|
||||
Link: https://github.com/acpica/acpica/commit/b2337200
|
||||
Link: https://bugzilla.kernel.org/show_bug.cgi?id=202475
|
||||
Fixes: 4abb951b73ff ("ACPICA: AML interpreter: add region addresses in global list during initialization")
|
||||
Reported-by: Michael J Gruber <mjg@fedoraproject.org>
|
||||
Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
|
||||
Signed-off-by: Bob Moore <robert.moore@intel.com>
|
||||
Cc: 4.20+ <stable@vger.kernel.org> # 4.20+
|
||||
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
|
||||
---
|
||||
drivers/acpi/acpica/nsobject.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/drivers/acpi/acpica/nsobject.c b/drivers/acpi/acpica/nsobject.c
|
||||
index 8638f43cfc3d..79d86da1c892 100644
|
||||
--- a/drivers/acpi/acpica/nsobject.c
|
||||
+++ b/drivers/acpi/acpica/nsobject.c
|
||||
@@ -186,6 +186,10 @@ void acpi_ns_detach_object(struct acpi_namespace_node *node)
|
||||
}
|
||||
}
|
||||
|
||||
+ if (obj_desc->common.type == ACPI_TYPE_REGION) {
|
||||
+ acpi_ut_remove_address_range(obj_desc->region.space_id, node);
|
||||
+ }
|
||||
+
|
||||
/* Clear the Node entry in all cases */
|
||||
|
||||
node->object = NULL;
|
||||
--
|
||||
2.11.0
|
||||
|
|
@ -1,46 +0,0 @@
|
|||
From: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
|
||||
Date: Sat, 2 Mar 2019 09:17:32 +0800
|
||||
Subject: inotify: Fix fsnotify_mark refcount leak in
|
||||
inotify_update_existing_watch()
|
||||
Origin: https://git.kernel.org/linus/62c9d2674b31d4c8a674bee86b7edc6da2803aea
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-9857
|
||||
|
||||
Commit 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for
|
||||
inotify_add_watch()") forgot to call fsnotify_put_mark() with
|
||||
IN_MASK_CREATE after fsnotify_find_mark()
|
||||
|
||||
Fixes: 4d97f7d53da7dc83 ("inotify: Add flag IN_MASK_CREATE for inotify_add_watch()")
|
||||
Signed-off-by: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
|
||||
Signed-off-by: Jan Kara <jack@suse.cz>
|
||||
---
|
||||
fs/notify/inotify/inotify_user.c | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
|
||||
index e2901fbb9f76..7b53598c8804 100644
|
||||
--- a/fs/notify/inotify/inotify_user.c
|
||||
+++ b/fs/notify/inotify/inotify_user.c
|
||||
@@ -519,8 +519,10 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
|
||||
fsn_mark = fsnotify_find_mark(&inode->i_fsnotify_marks, group);
|
||||
if (!fsn_mark)
|
||||
return -ENOENT;
|
||||
- else if (create)
|
||||
- return -EEXIST;
|
||||
+ else if (create) {
|
||||
+ ret = -EEXIST;
|
||||
+ goto out;
|
||||
+ }
|
||||
|
||||
i_mark = container_of(fsn_mark, struct inotify_inode_mark, fsn_mark);
|
||||
|
||||
@@ -548,6 +550,7 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
|
||||
/* return the wd */
|
||||
ret = i_mark->wd;
|
||||
|
||||
+out:
|
||||
/* match the get from fsnotify_find_mark() */
|
||||
fsnotify_put_mark(fsn_mark);
|
||||
|
||||
--
|
||||
2.11.0
|
||||
|
|
@ -1,46 +0,0 @@
|
|||
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||
Date: Fri, 5 Apr 2019 15:39:26 +0200
|
||||
Subject: tty: mark Siemens R3964 line discipline as BROKEN
|
||||
Origin: https://git.kernel.org/linus/c7084edc3f6d67750f50d4183134c4fb5712a5c8
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11486
|
||||
|
||||
The n_r3964 line discipline driver was written in a different time, when
|
||||
SMP machines were rare, and users were trusted to do the right thing.
|
||||
Since then, the world has moved on but not this code, it has stayed
|
||||
rooted in the past with its lovely hand-crafted list structures and
|
||||
loads of "interesting" race conditions all over the place.
|
||||
|
||||
After attempting to clean up most of the issues, I just gave up and am
|
||||
now marking the driver as BROKEN so that hopefully someone who has this
|
||||
hardware will show up out of the woodwork (I know you are out there!)
|
||||
and will help with debugging a raft of changes that I had laying around
|
||||
for the code, but was too afraid to commit as odds are they would break
|
||||
things.
|
||||
|
||||
Many thanks to Jann and Linus for pointing out the initial problems in
|
||||
this codebase, as well as many reviews of my attempts to fix the issues.
|
||||
It was a case of whack-a-mole, and as you can see, the mole won.
|
||||
|
||||
Reported-by: Jann Horn <jannh@google.com>
|
||||
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
---
|
||||
drivers/char/Kconfig | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
|
||||
index 72866a004f07..466ebd84ad17 100644
|
||||
--- a/drivers/char/Kconfig
|
||||
+++ b/drivers/char/Kconfig
|
||||
@@ -348,7 +348,7 @@ config XILINX_HWICAP
|
||||
|
||||
config R3964
|
||||
tristate "Siemens R3964 line discipline"
|
||||
- depends on TTY
|
||||
+ depends on TTY && BROKEN
|
||||
---help---
|
||||
This driver allows synchronous communication with devices using the
|
||||
Siemens R3964 packet protocol. Unless you are dealing with special
|
||||
--
|
||||
2.11.0
|
||||
|
|
@ -104,7 +104,6 @@ bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch
|
|||
debian/revert-objtool-fix-config_stack_validation-y-warning.patch
|
||||
bugfix/all/mt76-use-the-correct-hweight8-function.patch
|
||||
bugfix/all/revert-net-stmmac-send-tso-packets-always-from-queue.patch
|
||||
bugfix/all/ACPICA-Namespace-remove-address-node-from-global-lis.patch
|
||||
|
||||
# Miscellaneous features
|
||||
|
||||
|
@ -148,8 +147,6 @@ features/all/lockdown/lockdown-refer-to-debian-wiki-until-manual-page-exists.pat
|
|||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||
bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
|
||||
debian/ntfs-mark-it-as-broken.patch
|
||||
bugfix/all/inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch
|
||||
bugfix/all/tty-mark-Siemens-R3964-line-discipline-as-BROKEN.patch
|
||||
|
||||
# Fix exported symbol versions
|
||||
bugfix/all/module-disable-matching-missing-version-crc.patch
|
||||
|
|
Loading…
Reference in New Issue