user/sven/linux.git, branch v4.1.51 Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.1.51 2018-03-27T20:15:21Z Linux 4.1.51 2018-03-27T20:15:21Z Sasha Levin alexander.levin@microsoft.com 2018-03-27T20:15:21Z urn:sha1:2d61e08a1024d0cf15c26889285004e46c9f0b14 Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Revert "x86/retpoline/checksum32: Convert assembler indirect jumps" 2018-03-27T01:34:18Z Sasha Levin alexander.levin@microsoft.com 2018-03-27T01:34:18Z urn:sha1:9f63c2489c715b2e986517cc3c6fb9e5fcd6218e This reverts commit 539142804971ee10ff0370d19d6e1ee5bc45babc. Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Revert "x86/retpoline/crypto: Convert crypto assembler indirect jumps" 2018-03-21T03:49:55Z Sasha Levin alexander.levin@microsoft.com 2018-03-20T20:44:18Z urn:sha1:2ae2efda4b14ad93415c2b9884cbac1ac9d0d794 This reverts commit 0153127f56d685b355e5adb5747f1d4463761756. Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Revert "x86/retpoline/hyperv: Convert assembler indirect jumps" 2018-03-21T03:49:54Z Sasha Levin alexander.levin@microsoft.com 2018-03-20T20:44:17Z urn:sha1:509efc5dfd989cf959858c6199f61c269bc76059 This reverts commit db8171fb71e4af877f400406d8f114c4021d2ef2. Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Revert "x86/retpoline/xen: Convert Xen hypercall indirect jumps" 2018-03-21T03:49:54Z Sasha Levin alexander.levin@microsoft.com 2018-03-20T20:44:15Z urn:sha1:996f7651f682994ea21bda0da07bf19590fa789d This reverts commit 4cc996c64b97219945b28b9faa056c009d09c04d. Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Revert "kprobes/x86: Disable optimizing on the function jumps to indirect thunk" 2018-03-21T03:49:54Z Sasha Levin alexander.levin@microsoft.com 2018-03-20T20:44:13Z urn:sha1:e0e719352ac4c9c94c78cad538ad153afc28e5a8 This reverts commit 3e50641bf84d702a7f82018b07f58cbbdcd3cea5. Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> arm64: KVM: Correctly handle zero register during MMIO 2018-03-21T03:49:54Z Pavel Fedin p.fedin@samsung.com 2015-12-04T12:03:11Z urn:sha1:1796c74bb794456f3de92fff8ea0114b87d3a1d6 [ Upstream commit bc45a516fa90b43b1898758d8b53b74c24b954e4 ] On ARM64 register index of 31 corresponds to both zero register and SP. However, all memory access instructions, use ZR as transfer register. SP is used only as a base register in indirect memory addressing, or by register-register arithmetics, which cannot be trapped here. Correct emulation is achieved by introducing new register accessor functions, which can do special handling for reg_num == 31. These new accessors intentionally do not rely on old vcpu_reg() on ARM64, because it is to be removed. Since the affected code is shared by both ARM flavours, implementations of these accessors are also added to ARM32 code. This patch fixes setting MMIO register to a random value (actually SP) instead of zero by something like: *((volatile int *)reg) = 0; compilers tend to generate "str wzr, [xx]" here [Marc: Fixed 32bit splat] Signed-off-by: Pavel Fedin <p.fedin@samsung.com> Reviewed-by: Marc Zyngier <marc.zyngier@arm.com> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> blkcg: fix double free of new_blkg in blkcg_init_queue 2018-03-21T03:49:54Z Hou Tao houtao1@huawei.com 2017-02-03T09:19:07Z urn:sha1:2191fc0f29b2d4e8e3e4aa5bf75df771aa7b1f88 [ Upstream commit 9b54d816e00425c3a517514e0d677bb3cec49258 ] If blkg_create fails, new_blkg passed as an argument will be freed by blkg_create, so there is no need to free it again. Signed-off-by: Hou Tao <houtao1@huawei.com> Signed-off-by: Jens Axboe <axboe@fb.com> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> serial: 8250_pci: Add Brainboxes UC-260 4 port serial device 2018-03-21T03:49:54Z Nikola Ciprich nikola.ciprich@linuxbox.cz 2018-02-13T14:04:46Z urn:sha1:dfa3da735104f8e7f2e13c4be1c6650dcf3f1046 [ Upstream commit 9f2068f35729948bde84d87a40d135015911345d ] Add PCI ids for two variants of Brainboxes UC-260 quad port PCI serial cards. Suggested-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Nikola Ciprich <nikola.ciprich@linuxbox.cz> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() 2018-03-21T03:49:54Z Xinyong xinyong.fang@linux.alibaba.com 2018-03-02T11:20:07Z urn:sha1:f642176da2177e68e1cfdb89d5cb62d255eb53b4 [ Upstream commit 1a087f032111a88e826877449dfb93ceb22b78b9 ] When I debug a kernel crash issue in funcitonfs, found ffs_data.ref overflowed, While functionfs is unmounting, ffs_data is put twice. Commit 43938613c6fd ("drivers, usb: convert ffs_data.ref from atomic_t to refcount_t") can avoid refcount overflow, but that is risk some situations. So no need put ffs data in ffs_fs_kill_sb, already put in ffs_data_closed. The issue can be reproduced in Mediatek mt6763 SoC, ffs for ADB device. KASAN enabled configuration reports use-after-free errro. BUG: KASAN: use-after-free in refcount_dec_and_test+0x14/0xe0 at addr ffffffc0579386a0 Read of size 4 by task umount/4650 ==================================================== BUG kmalloc-512 (Tainted: P W O ): kasan: bad access detected ----------------------------------------------------------------------------- INFO: Allocated in ffs_fs_mount+0x194/0x844 age=22856 cpu=2 pid=566 alloc_debug_processing+0x1ac/0x1e8 ___slab_alloc.constprop.63+0x640/0x648 __slab_alloc.isra.57.constprop.62+0x24/0x34 kmem_cache_alloc_trace+0x1a8/0x2bc ffs_fs_mount+0x194/0x844 mount_fs+0x6c/0x1d0 vfs_kern_mount+0x50/0x1b4 do_mount+0x258/0x1034 INFO: Freed in ffs_data_put+0x25c/0x320 age=0 cpu=3 pid=4650 free_debug_processing+0x22c/0x434 __slab_free+0x2d8/0x3a0 kfree+0x254/0x264 ffs_data_put+0x25c/0x320 ffs_data_closed+0x124/0x15c ffs_fs_kill_sb+0xb8/0x110 deactivate_locked_super+0x6c/0x98 deactivate_super+0xb0/0xbc INFO: Object 0xffffffc057938600 @offset=1536 fp=0x (null) ...... Call trace: [<ffffff900808cf5c>] dump_backtrace+0x0/0x250 [<ffffff900808d3a0>] show_stack+0x14/0x1c [<ffffff90084a8c04>] dump_stack+0xa0/0xc8 [<ffffff900826c2b4>] print_trailer+0x158/0x260 [<ffffff900826d9d8>] object_err+0x3c/0x40 [<ffffff90082745f0>] kasan_report_error+0x2a8/0x754 [<ffffff9008274f84>] kasan_report+0x5c/0x60 [<ffffff9008273208>] __asan_load4+0x70/0x88 [<ffffff90084cd81c>] refcount_dec_and_test+0x14/0xe0 [<ffffff9008d98f9c>] ffs_data_put+0x80/0x320 [<ffffff9008d9d904>] ffs_fs_kill_sb+0xc8/0x110 [<ffffff90082852a0>] deactivate_locked_super+0x6c/0x98 [<ffffff900828537c>] deactivate_super+0xb0/0xbc [<ffffff90082af0c0>] cleanup_mnt+0x64/0xec [<ffffff90082af1b0>] __cleanup_mnt+0x10/0x18 [<ffffff90080d9e68>] task_work_run+0xcc/0x124 [<ffffff900808c8c0>] do_notify_resume+0x60/0x70 [<ffffff90080866e4>] work_pending+0x10/0x14 Cc: stable@vger.kernel.org Signed-off-by: Xinyong <xinyong.fang@linux.alibaba.com> Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>