[linux] 01/01: Update to 4.14.7
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Wed Dec 20 18:41:54 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch sid
in repository linux.
commit 9e0441b20ace6233fd674adf97cf22bbfba3d1a3
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Wed Dec 20 18:40:37 2017 +0000
Update to 4.14.7
Drop patches applied upstream, and fix a few conflicts.
---
debian/changelog | 503 +++++++++++++++++-
...apparmor-fix-oops-in-audit_signal_cb-hook.patch | 109 ----
...d-don-t-use-after-free-the-frontend-struc.patch | 183 -------
...xx-cards-fix-null-deref-on-missing-associ.patch | 36 --
...ore-always-call-invoke_release-in-fe_free.patch | 47 --
...ot-make-page-table-dirty-unconditionally-.patch | 109 ----
debian/patches/debian/kernelvariables.patch | 11 +-
.../features/all/aufs4/aufs4-standalone.patch | 116 ++---
.../all/rt/mm-memcontrol-do_not_disable_irq.patch | 3 +-
...Simplify-the-IPI-based-RT-balancing-logic.patch | 565 ---------------------
debian/patches/series | 5 -
debian/patches/series-rt | 1 -
12 files changed, 550 insertions(+), 1138 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index ca9a8af..ee353df 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,505 @@
-linux (4.14.2-2) UNRELEASED; urgency=medium
+linux (4.14.7-1) UNRELEASED; urgency=medium
+
+ * New upstream stable update:
+ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3
+ - [s390x] fix transactional execution control register handling
+ - [s390x] noexec: execute kexec datamover without DAT
+ - [s390x] runtime instrumention: fix possible memory corruption
+ - [s390x] guarded storage: fix possible memory corruption
+ - [s390x] disassembler: add missing end marker for e7 table
+ - [s390x] disassembler: increase show_code buffer size
+ - ACPI / PM: Fix acpi_pm_notifier_lock vs flush_workqueue() deadlock
+ - ACPI / EC: Fix regression related to triggering source of EC event
+ handling
+ - cpufreq: schedutil: Reset cached_raw_freq when not in sync with next_freq
+ - serdev: fix registration of second slave
+ - sched: Make resched_cpu() unconditional
+ - lib/mpi: call cond_resched() from mpi_powm() loop
+ - [x86] boot: Fix boot failure when SMP MP-table is based at 0
+ - [x86] decoder: Add new TEST instruction pattern
+ - [amd64] entry: Fix entry_SYSCALL_64_after_hwframe() IRQ tracing
+ - [x86] perf: intel: Hide TSX events when RTM is not supported
+ - [arm64] Implement arch-specific pte_access_permitted()
+ - [armhf/armmp-lpae] 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
+ - [armhf/armmp-lpae] 8721/1: mm: dump: check hardware RO bit for LPAE
+ - uapi: fix linux/tls.h userspace compilation error
+ - uapi: fix linux/rxrpc.h userspace compilation errors
+ - [mips*/4kc-malta] cmpxchg64() and HAVE_VIRT_CPU_ACCOUNTING_GEN don't work
+ for 32-bit SMP
+ - [armhf,arm64] net: mvneta: fix handling of the Tx descriptor counter
+ - nbd: wait uninterruptible for the dead timeout
+ - nbd: don't start req until after the dead connection logic
+ - PM / OPP: Add missing of_node_put(np)
+ - PCI/ASPM: Account for downstream device's Port Common_Mode_Restore_Time
+ - PCI/ASPM: Use correct capability pointer to program LTR_L1.2_THRESHOLD
+ - [x86] PCI: hv: Use effective affinity mask
+ - [arm64] PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF
+ - [arm64] PCI: Apply Cavium ThunderX ACS quirk to more Root Ports
+ - dm integrity: allow unaligned bv_offset
+ - dm cache: fix race condition in the writeback mode overwrite_bio
+ optimisation
+ - dm crypt: allow unaligned bv_offset
+ - dm zoned: ignore last smaller runt zone
+ - dm mpath: remove annoying message of 'blk_get_request() returned -11'
+ - dm bufio: fix integer overflow when limiting maximum cache size
+ - ovl: Put upperdentry if ovl_check_origin() fails
+ - dm: allocate struct mapped_device with kvzalloc
+ - sched/rt: Simplify the IPI based RT balancing logic
+ - dm: fix race between dm_get_from_kobject() and __dm_destroy()
+ - dm: discard support requires all targets in a table support discards
+ - [mips*] Fix odd fp register warnings with MIPS64r2
+ - [mips*/4kc-malta] Fix MIPS64 FP save/restore on 32-bit kernels
+ - [mips*] dts: remove bogus bcm96358nb4ser.dtb from dtb-y entry
+ - [mips*] Fix an n32 core file generation regset support regression
+ - [mips*] math-emu: Fix final emulation phase for certain instructions
+ - rt2x00usb: mark device removed when get ENOENT usb error
+ - mm/z3fold.c: use kref to prevent page free/compact race
+ - autofs: don't fail mount for transient error
+ - nilfs2: fix race condition that causes file system corruption
+ - fscrypt: lock mutex before checking for bounce page pool
+ - eCryptfs: use after free in ecryptfs_release_messaging()
+ - libceph: don't WARN() if user tries to add invalid key
+ - bcache: check ca->alloc_thread initialized before wake up it
+ - fs: guard_bio_eod() needs to consider partitions
+ - fanotify: fix fsnotify_prepare_user_wait() failure
+ - isofs: fix timestamps beyond 2027
+ - btrfs: change how we decide to commit transactions during flushing
+ - f2fs: expose some sectors to user in inline data or dentry case
+ - NFS: Fix typo in nomigration mount option
+ - NFS: Revert "NFS: Move the flock open mode check into nfs_flock()"
+ - nfs: Fix ugly referral attributes
+ - NFS: Avoid RCU usage in tracepoints
+ - NFS: revalidate "." etc correctly on "open".
+ - nfsd: deal with revoked delegations appropriately
+ - rtlwifi: rtl8192ee: Fix memory leak when loading firmware
+ - rtlwifi: fix uninitialized rtlhal->last_suspend_sec time
+ - iwlwifi: fix firmware names for 9000 and A000 series hw
+ - md: fix deadlock error in recent patch.
+ - md: don't check MD_SB_CHANGE_CLEAN in md_allow_write
+ - Bluetooth: btqcomsmd: Add support for BD address setup
+ - md/bitmap: revert a patch
+ - fsnotify: clean up fsnotify_prepare/finish_user_wait()
+ - fsnotify: pin both inode and vfsmount mark
+ - fsnotify: fix pinning group in fsnotify_prepare_user_wait()
+ - ata: fixes kernel crash while tracing ata_eh_link_autopsy event
+ - ext4: fix interaction between i_size, fallocate, and delalloc after a
+ crash
+ - ext4: prevent data corruption with inline data + DAX
+ - ext4: prevent data corruption with journaling + DAX
+ - ALSA: pcm: update tstamp only if audio_tstamp changed
+ - ALSA: usb-audio: Add sanity checks to FE parser
+ - ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
+ - ALSA: usb-audio: Add sanity checks in v2 clock parsers
+ - ALSA: timer: Remove kernel warning at compat ioctl error paths
+ - ALSA: hda/realtek - Fix ALC275 no sound issue
+ - ALSA: hda: Fix too short HDMI/DP chmap reporting
+ - ALSA: hda - Fix yet remaining issue with vmaster 0dB initialization
+ - ALSA: hda/realtek - Fix ALC700 family no sound issue
+ - [x86] mfd: lpc_ich: Avoton/Rangeley uses SPI_BYT method
+ - fix a page leak in vhost_scsi_iov_to_sgl() error recovery
+ - 9p: Fix missing commas in mount options
+ - fs/9p: Compare qid.path in v9fs_test_inode
+ - net/9p: Switch to wait_event_killable()
+ - scsi: qla2xxx: Suppress a kernel complaint in qla_init_base_qpair()
+ - scsi: sd_zbc: Fix sd_zbc_read_zoned_characteristics()
+ - scsi: lpfc: fix pci hot plug crash in timer management routines
+ - scsi: lpfc: fix pci hot plug crash in list_add call
+ - scsi: lpfc: Fix crash receiving ELS while detaching driver
+ - scsi: lpfc: Fix FCP hba_wqidx assignment
+ - scsi: lpfc: Fix oops if nvmet_fc_register_targetport fails
+ - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
+ - iscsi-target: Fix non-immediate TMR reference leak
+ - target: fix null pointer regression in core_tmr_drain_tmr_list
+ - target: fix buffer offset in core_scsi3_pri_read_full_status
+ - target: Fix QUEUE_FULL + SCSI task attribute handling
+ - target: Fix caw_sem leak in transport_generic_request_failure
+ - target: Fix quiese during transport_write_pending_qf endless loop
+ - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
+ - mtd: Avoid probe failures when mtd->dbg.dfs_dir is invalid
+ - mtd: nand: atmel: Actually use the PM ops
+ - mtd: nand: omap2: Fix subpage write
+ - mtd: nand: Fix writing mtdoops to nand flash.
+ - mtd: nand: mtk: fix infinite ECC decode IRQ issue
+ - p54: don't unregister leds when they are not initialized
+ - block: Fix a race between blk_cleanup_queue() and timeout handling
+ - raid1: prevent freeze_array/wait_all_barriers deadlock
+ - genirq: Track whether the trigger type has been set
+ - [armhf,arm64] irqchip/gic-v3: Fix ppi-partitions lookup
+ - lockd: double unregister of inetaddr notifiers
+ - [powerpc*] KVM: Book3S HV: Don't call real-mode XICS hypercall handlers
+ if not enabled
+ - [x86] KVM: nVMX: set IDTR and GDTR limits when loading L1 host state
+ - [x86] KVM: SVM: obey guest PAT
+ - [x86] kvm: vmx: Reinstate support for CPUs without virtual NMI
+ (Closes: #884482)
+ - dax: fix PMD faults on zero-length files
+ - dax: fix general protection fault in dax_alloc_inode
+ - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status
+ - [armhf] clk: ti: dra7-atl-clock: fix child-node lookups
+ - libnvdimm, dimm: clear 'locked' status on successful DIMM enable
+ - libnvdimm, pfn: make 'resource' attribute only readable by root
+ - libnvdimm, namespace: fix label initialization to use valid seq numbers
+ - libnvdimm, region : make 'resource' attribute only readable by root
+ - libnvdimm, namespace: make 'resource' attribute only readable by root
+ - svcrdma: Preserve CB send buffer across retransmits
+ - IB/srpt: Do not accept invalid initiator port names
+ - IB/cm: Fix memory corruption in handling CM request
+ - IB/hfi1: Fix incorrect available receive user context count
+ - IB/srp: Avoid that a cable pull can trigger a kernel crash
+ - IB/core: Avoid crash on pkey enforcement failed in received MADs
+ - IB/core: Only maintain real QPs in the security lists
+ - NFC: fix device-allocation error return
+ - spi-nor: intel-spi: Fix broken software sequencing codes
+ - fm10k,i40e,i40evf,igb,igbvf,ixgbe,ixgbevf: Use smp_rmb rather than
+ read_barrier_depends
+ - [hppa] Fix validity check of pointer size argument in new CAS
+ implementation
+ - [powerpc*] Fix boot on BOOK3S_32 with CONFIG_STRICT_KERNEL_RWX
+ - [powerpc*] mm/radix: Fix crashes on Power9 DD1 with radix MMU and
+ STRICT_RWX
+ - [powerpc*] perf/imc: Use cpu_to_node() not topology_physical_package_id()
+ - [powerpc*] signal: Properly handle return value from uprobe_deny_signal()
+ - [powerpc*] 64s: Fix masking of SRR1 bits on instruction fault
+ - [powerpc*] 64s/radix: Fix 128TB-512TB virtual address boundary case
+ allocation
+ - [powerpc*] 64s/hash: Fix 512T hint detection to use >= 128T
+ - [powerpc*] 64s/hash: Fix 128TB-512TB virtual address boundary case
+ allocation
+ - [powerpc*] 64s/hash: Fix fork() with 512TB process address space
+ - [powerpc*] 64s/hash: Allow MAP_FIXED allocations to cross 128TB boundary
+ - media: Don't do DMA on stack for firmware upload in the AS102 driver
+ - media: rc: check for integer overflow
+ - media: rc: nec decoder should not send both repeat and keycode
+ - media: v4l2-ctrl: Fix flags field on Control events
+ - [arm64] media: venus: fix wrong size on dma_free
+ - [arm64] media: venus: venc: fix bytesused v4l2_plane field
+ - [arm64] media: venus: reimplement decoder stop command
+ - [arm64] dts: meson-gxl: Add alternate ARM Trusted Firmware reserved
+ memory zone
+ - iwlwifi: fix wrong struct for a000 device
+ - iwlwifi: fix PCI IDs and configuration mapping for 9000 series
+ - iwlwifi: mvm: support version 7 of the SCAN_REQ_UMAC FW command
+ - e1000e: Fix error path in link detection
+ - e1000e: Fix return value test
+ - e1000e: Separate signaling for link check/link up
+ - e1000e: Avoid receiver overrun interrupt bursts
+ - e1000e: fix buffer overrun while the I219 is processing DMA transactions
+ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4
+ - [x86]: platform: hp-wmi: Fix tablet mode detection for convertibles
+ - mm, memory_hotplug: do not back off draining pcp free pages from kworker
+ context
+ - mm, oom_reaper: gather each vma to prevent leaking TLB entry
+ - [armhf,arm64] mm/cma: fix alloc_contig_range ret code/potential leak
+ - mm: fix device-dax pud write-faults triggered by get_user_pages()
+ - mm, hugetlbfs: introduce ->split() to vm_operations_struct
+ - device-dax: implement ->split() to catch invalid munmap attempts
+ - mm: introduce get_user_pages_longterm
+ - mm: fail get_vaddr_frames() for filesystem-dax mappings
+ - v4l2: disable filesystem-dax mapping support
+ - IB/core: disable memory registration of filesystem-dax vmas
+ - exec: avoid RLIMIT_STACK races with prlimit()
+ - mm/madvise.c: fix madvise() infinite loop under special circumstances
+ - mm: migrate: fix an incorrect call of prep_transhuge_page()
+ - mm, memcg: fix mem_cgroup_swapout() for THPs
+ - fs/fat/inode.c: fix sb_rdonly() change
+ - autofs: revert "autofs: take more care to not update last_used on path
+ walk"
+ - autofs: revert "autofs: fix AT_NO_AUTOMOUNT not being honored"
+ - mm/hugetlb: fix NULL-pointer dereference on 5-level paging machine
+ - btrfs: clear space cache inode generation always
+ - nfsd: Fix stateid races between OPEN and CLOSE
+ - nfsd: Fix another OPEN stateid race
+ - nfsd: fix panic in posix_unblock_lock called from nfs4_laundromat
+ - crypto: algif_aead - skip SGL entries with NULL page
+ - crypto: af_alg - remove locking in async callback
+ - crypto: skcipher - Fix skcipher_walk_aead_common
+ - lockd: lost rollback of set_grace_period() in lockd_down_net()
+ - [s390x] revert ELF_ET_DYN_BASE base changes
+ - [armhf] drm: omapdrm: Fix DPI on platforms using the DSI VDDS
+ - [armhf] omapdrm: hdmi4: Correct the SoC revision matching
+ - [arm64] module-plts: factor out PLT generation code for ftrace
+ - [arm64] ftrace: emit ftrace-mod.o contents through code
+ - [powerpc*] powernv: Fix kexec crashes caused by tlbie tracing
+ - [powerpc*] kexec: Fix kexec/kdump in P9 guest kernels
+ - [x86] KVM: pvclock: Handle first-time write to pvclock-page contains
+ random junk
+ - [x86] KVM: Exit to user-mode on #UD intercept when emulator requires
+ - [x86] KVM: inject exceptions produced by x86_decode_insn
+ - [x86] KVM: lapic: Split out x2apic ldr calculation
+ - [x86] KVM: lapic: Fixup LDR on load in x2apic
+ - mmc: sdhci: Avoid swiotlb buffer being full
+ - mmc: block: Fix missing blk_put_request()
+ - mmc: block: Check return value of blk_get_request()
+ - mmc: core: Do not leave the block driver in a suspended state
+ - mmc: block: Ensure that debugfs files are removed
+ - mmc: core: prepend 0x to pre_eol_info entry in sysfs
+ - mmc: core: prepend 0x to OCR entry in sysfs
+ - ACPI / EC: Fix regression related to PM ops support in ECDT device
+ - eeprom: at24: fix reading from 24MAC402/24MAC602
+ - eeprom: at24: correctly set the size for at24mac402
+ - eeprom: at24: check at24_read/write arguments
+ - [alpha,x86] i2c: i801: Fix Failed to allocate irq -2147483648 error
+ - bcache: Fix building error on MIPS
+ - bcache: only permit to recovery read error when cache device is clean
+ - bcache: recover data from backing when data is clean
+ - hwmon: (jc42) optionally try to disable the SMBUS timeout
+ - nvme-pci: add quirk for delay before CHK RDY for WDC SN200
+ - Revert "drm/radeon: dont switch vt on suspend"
+ - drm/amdgpu: potential uninitialized variable in amdgpu_vce_ring_parse_cs()
+ - drm/amdgpu: Potential uninitialized variable in
+ amdgpu_vm_update_directories()
+ - drm/amdgpu: correct reference clock value on vega10
+ - drm/amdgpu: fix error handling in amdgpu_bo_do_create
+ - drm/amdgpu: Properly allocate VM invalidate eng v2
+ - drm/amdgpu: Remove check which is not valid for certain VBIOS
+ - drm/ttm: fix ttm_bo_cleanup_refs_or_queue once more
+ - dma-buf: make reservation_object_copy_fences rcu save
+ - drm/amdgpu: reserve root PD while releasing it
+ - drm/ttm: Always and only destroy bo->ttm_resv in ttm_bo_release_list
+ - drm/vblank: Fix flip event vblank count
+ - drm/vblank: Tune drm_crtc_accurate_vblank_count() WARN down to a debug
+ - drm/tilcdc: Precalculate total frametime in tilcdc_crtc_set_mode()
+ - drm/radeon: fix atombios on big endian
+ - drm/panel: simple: Add missing panel_simple_unprepare() calls
+ - [arm64] drm/hisilicon: Ensure LDI regs are properly configured.
+ - drm/ttm: once more fix ttm_buffer_object_transfer
+ - drm/amd/pp: fix typecast error in powerplay.
+ - drm/fb_helper: Disable all crtc's when initial setup fails.
+ - drm/edid: Don't send non-zero YQ in AVI infoframe for HDMI 1.x sinks
+ - drm/amdgpu: move UVD/VCE and VCN structure out from union
+ - drm/amdgpu: Set adev->vcn.irq.num_types for VCN
+ - IB/core: Do not warn on lid conversions for OPA
+ - IB/hfi1: Do not warn on lid conversions for OPA
+ - e1000e: fix the use of magic numbers for buffer overrun issue
+ - md: forbid a RAID5 from having both a bitmap and a journal.
+ - [x86] drm/i915: Fix false-positive assert_rpm_wakelock_held in
+ i915_pmic_bus_access_notifier v2
+ - [x86] drm/i915: Re-register PMIC bus access notifier on runtime resume
+ - [x86] drm/i915/fbdev: Serialise early hotplug events with async fbdev
+ config
+ - [x86] drm/i915/gvt: Correct ADDR_4K/2M/1G_MASK definition
+ - [x86] drm/i915: Don't try indexed reads to alternate slave addresses
+ - [x86] drm/i915: Prevent zero length "index" write
+ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.5
+ - drm/amdgpu: Use unsigned ring indices in amdgpu_queue_mgr_map
+ - [s390x] runtime instrumentation: simplify task exit handling
+ - usbip: fix usbip attach to find a port that matches the requested speed
+ - usbip: Fix USB device hang due to wrong enabling of scatter-gather
+ - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
+ - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
+ - serial: 8250_early: Only set divisor if valid clk & baud
+ - [mips*] Add custom serial.h with BASE_BAUD override for generic kernel
+ - ima: fix hash algorithm initialization
+ - [s390x] vfio-ccw: Do not attempt to free no-op, test and tic cda.
+ - PM / Domains: Fix genpd to deal with drivers returning 1 from ->prepare()
+ - [s390x] pci: do not require AIS facility
+ - serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
+ - staging: rtl8188eu: avoid a null dereference on pmlmepriv
+ - [arm64] mmc: sdhci-msm: fix issue with power irq
+ - hwmon: (pmbus/core) Prevent unintentional setting of page to 0xFF
+ - perf/core: Fix __perf_read_group_add() locking
+ - [armhf] PCI: dra7xx: Create functional dependency between PCIe and PHY
+ - [x86] intel_rdt: Initialize bitmask of shareable resource if CDP enabled
+ - [x86] intel_rdt: Fix potential deadlock during resctrl mount
+ - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
+ - kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y
+ - [x86] entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
+ - [armhf,arm64] clocksource/drivers/arm_arch_timer: Validate CNTFRQ after
+ enabling frame
+ - [x86] EDAC, sb_edac: Fix missing break in switch
+ - [arm64] cpuidle: Correct driver unregistration if init fails
+ - usb: xhci: Return error when host is dead in xhci_disable_slot()
+ - [armel,armhf] sysrq : fix Show Regs call trace on ARM
+ - [sh4] serial: sh-sci: suppress warning for ports without dma channels
+ - [armhf] serial: imx: Update cached mctrl value when changing RTS
+ - [x86] kprobes: Disable preemption in ftrace-based jprobes
+ - [x86] locking/refcounts, asm: Use unique .text section for refcount
+ exceptions
+ - [s390x] ptrace: fix guarded storage regset handling
+ - perf tools: Fix leaking rec_argv in error cases
+ - mm, x86/mm: Fix performance regression in get_user_pages_fast()
+ - iio: adc: ti-ads1015: add 10% to conversion wait time
+ - iio: multiplexer: add NULL check on devm_kzalloc() and devm_kmemdup()
+ return values
+ - [x86] locking/refcounts, asm: Enable CONFIG_ARCH_HAS_REFCOUNT
+ - [powerpc*] jprobes: Disable preemption when triggered through ftrace
+ - [powerpc*] kprobes: Disable preemption before invoking probe handler for
+ optprobes
+ - usb: hub: Cycle HUB power when initialization fails
+ - [armhf,arm64] USB: ulpi: fix bus-node lookup
+ - xhci: Don't show incorrect WARN message about events for empty rings
+ - usb: xhci: fix panic in xhci_free_virt_devices_depth_first
+ - USB: core: Add type-specific length check of BOS descriptors
+ - USB: usbfs: Filter flags passed in from user space
+ - usb: host: fix incorrect updating of offset
+ - locking/refcounts: Do not force refcount_t usage as GPL-only export
+ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6
+ - usb: gadget: core: Fix ->udc_set_speed() speed handling
+ - serdev: ttyport: add missing receive_buf sanity checks
+ - serdev: ttyport: fix NULL-deref on hangup
+ - serdev: ttyport: fix tty locking in close
+ - usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT
+ - can: peak/pci: fix potential bug when probe() fails
+ - can: kvaser_usb: free buf in error paths
+ - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()
+ - can: kvaser_usb: ratelimit errors if incomplete messages are received
+ - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
+ - can: ems_usb: cancel urb on -EPIPE and -EPROTO
+ - can: esd_usb2: cancel urb on -EPIPE and -EPROTO
+ - can: usb_8dev: cancel urb on -EPIPE and -EPROTO
+ - can: peak/pcie_fd: fix potential bug in restarting tx queue
+ - virtio: release virtio index when fail to device_register
+ - [arm64] pinctrl: armada-37xx: Fix direction_output() callback behavior
+ - [x86] Drivers: hv: vmbus: Fix a rescind issue
+ - [x86] hv: kvp: Avoid reading past allocated blocks from KVP file
+ - firmware: vpd: Destroy vpd sections in remove function
+ - firmware: vpd: Tie firmware kobject to device lifetime
+ - firmware: vpd: Fix platform driver and device registration/unregistration
+ - scsi: dma-mapping: always provide dma_get_cache_alignment
+ - scsi: use dma_get_cache_alignment() as minimum DMA alignment
+ - scsi: libsas: align sata_device's rps_resp on a cacheline
+ - efi: Move some sysfs files to be read-only by root
+ - efi/esrt: Use memunmap() instead of kfree() to free the remapping
+ - ASN.1: fix out-of-bounds read when parsing indefinite length item
+ - ASN.1: check for error from ASN1_OP_END__ACT actions
+ - KEYS: add missing permission check for request_key() destination
+ - KEYS: reject NULL restriction string when type is specified
+ - X.509: reject invalid BIT STRING for subjectPublicKey
+ - X.509: fix comparisons of ->pkey_algo
+ - [x86] idt: Load idt early in start_secondary
+ - [x86] PCI: Make broadcom_postcore_init() check acpi_disabled
+ - [x86] KVM: fix APIC page invalidation
+ - btrfs: fix missing error return in btrfs_drop_snapshot
+ - btrfs: handle errors while updating refcounts in update_ref_for_cow
+ - ALSA: pcm: prevent UAF in snd_pcm_info
+ - ALSA: seq: Remove spurious WARN_ON() at timer check
+ - ALSA: usb-audio: Fix out-of-bound error
+ - ALSA: usb-audio: Add check return value for usb_string()
+ - [x86] iommu/vt-d: Fix scatterlist offset handling
+ - smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place
+ - [s390x] always save and restore all registers on context switch
+ - [s390x] mm: fix off-by-one bug in 5-level page table handling
+ - [s390x] fix compat system call table
+ - [s390x] KVM: Fix skey emulation permission check
+ - [powerpc*] Revert "powerpc: Do not call ppc_md.panic in fadump panic
+ notifier"
+ - [powerpc*] 64s: Initialize ISAv3 MMU registers before setting partition
+ table
+ - iwlwifi: mvm: mark MIC stripped MPDUs
+ - iwlwifi: mvm: don't use transmit queue hang detection when it is not
+ possible
+ - iwlwifi: mvm: flush queue before deleting ROC
+ - iwlwifi: mvm: fix packet injection
+ - iwlwifi: mvm: enable RX offloading with TKIP and WEP
+ - brcmfmac: change driver unbind order of the sdio function devices
+ - md/r5cache: move mddev_lock() out of r5c_journal_mode_set()
+ - [armhf] drm/bridge: analogix dp: Fix runtime PM state in get_modes()
+ callback
+ - [armhf] drm/exynos: gem: Drop NONCONTIG flag for buffers allocated
+ without IOMMU
+ - [x86] drm/i915: Fix vblank timestamp/frame counter jumps on gen2
+ - media: dvb: i2c transfers over usb cannot be done from stack
+ - media: rc: sir_ir: detect presence of port
+ - media: rc: partial revert of "media: rc: per-protocol repeat period"
+ - [arm64] KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one
+ - [armhf] KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
+ - [x86] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
+ (CVE-2017-1000407)
+ - [armhf,arm64] KVM: Fix broken GICH_ELRSR big endian conversion
+ - [armhf,arm64] KVM: vgic-irqfd: Fix MSI entry allocation
+ - [armhf,arm64] KVM: vgic: Preserve the revious read from the pending table
+ - [armhf,arm64] KVM: vgic-its: Check result of allocation before use
+ - [arm64] fpsimd: Prevent registers leaking from dead tasks
+ - [arm64] SW PAN: Point saved ttbr0 at the zero page when switching to
+ init_mm
+ - [arm64] SW PAN: Update saved ttbr0 value on enter_lazy_tlb
+ - [armhf] Revert "ARM: dts: imx53: add srtc node"
+ - [armhf] bus: arm-cci: Fix use of smp_processor_id() in preemptible context
+ - IB/core: Only enforce security for InfiniBand
+ - [armel,armhf] BUG if jumping to usermode address in kernel mode
+ - [armel,armhf] avoid faulting on qemu
+ - [arm64] irqchip/qcom: Fix u32 comparison with value less than zero
+ - [powerpc*] perf: Fix pmu_count to count only nest imc pmus
+ - apparmor: fix leak of null profile name if profile allocation fails
+ - mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
+ - gre6: use log_ecn_error module parameter in ip6_tnl_rcv()
+ - route: also update fnhe_genid when updating a route cache
+ - route: update fnhe_expires for redirect when the fnhe exists
+ - rsi: fix memory leak on buf and usb_reg_buf
+ - pipe: match pipe_max_size data type with procfs
+ - lib/genalloc.c: make the avail variable an atomic_long_t
+ - NFS: Fix a typo in nfs_rename()
+ - sunrpc: Fix rpc_task_begin trace point
+ - nfp: inherit the max_mtu from the PF netdev
+ - nfp: fix flower offload metadata flag usage
+ - xfs: fix forgotten rcu read unlock when skipping inode reclaim
+ - block: wake up all tasks blocked in get_request()
+ - [sparc64] mm: set fields in deferred pages
+ - zsmalloc: calling zs_map_object() from irq is a bug
+ - slub: fix sysfs duplicate filename creation when slub_debug=O
+ - sctp: do not free asoc when it is already dead in sctp_sendmsg
+ - sctp: use the right sk after waking up from wait_buf sleep
+ - fcntl: don't leak fd reference when fixup_compat_flock fails
+ - geneve: fix fill_info when link down
+ - bpf: fix lockdep splat
+ - [arm64] clk: qcom: common: fix legacy board-clock registration
+ - [arm64] clk: hi3660: fix incorrect uart3 clock freqency
+ - atm: horizon: Fix irq release error
+ - xfrm: Copy policy family in clone_policy
+ - f2fs: fix to clear FI_NO_PREALLOC
+ - bnxt_re: changing the ip address shouldn't affect new connections
+ - IB/mlx4: Increase maximal message size under UD QP
+ - IB/mlx5: Assign send CQ and recv CQ of UMR QP
+ - afs: Fix total-length calculation for multiple-page send
+ - afs: Connect up the CB.ProbeUuid
+ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7
+ - net: realtek: r8169: implement set_link_ksettings()
+ - [s390x] qeth: fix early exit from error path
+ - tipc: fix memory leak in tipc_accept_from_sock()
+ - vhost: fix skb leak in handle_rx()
+ - rds: Fix NULL pointer dereference in __rds_rdma_map
+ - sit: update frag_off info
+ - tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb()
+ - packet: fix crash in fanout_demux_rollover()
+ - net/packet: fix a race in packet_bind() and packet_notifier()
+ - tcp: remove buggy call to tcp_v6_restore_cb()
+ - usbnet: fix alignment for frames with no ethernet header
+ - net: remove hlist_nulls_add_tail_rcu()
+ - stmmac: reset last TSO segment size after device open
+ - tcp/dccp: block bh before arming time_wait timer
+ - [s390x] qeth: build max size GSO skbs on L2 devices
+ - [s390x] qeth: fix thinko in IPv4 multicast address tracking
+ - [s390x] qeth: fix GSO throughput regression
+ - tcp: use IPCB instead of TCP_SKB_CB in inet_exact_dif_match()
+ - tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv()
+ - tcp: use current time in tcp_rcv_space_adjust()
+ - net: sched: cbq: create block for q->link.block
+ - tap: free skb if flags error
+ - tcp: when scheduling TLP, time of RTO should account for current ACK
+ - tun: free skb in early errors
+ - net: ipv6: Fixup device for anycast routes during copy
+ - tun: fix rcu_read_lock imbalance in tun_build_skb
+ - net: accept UFO datagrams from tuntap and packet
+ - net: openvswitch: datapath: fix data type in queue_gso_packets
+ - cls_bpf: don't decrement net's refcount when offload fails
+ - sctp: use right member as the param of list_for_each_entry
+ - ipmi: Stop timers before cleaning up the module
+ - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping
+ - fcntl: don't cap l_start and l_end values for F_GETLK64 in compat syscall
+ - fix kcm_clone()
+ - [armhf,arm64] KVM: vgic-its: Preserve the revious read from the pending
+ table
+ - kbuild: do not call cc-option before KBUILD_CFLAGS initialization
+ - [powerpc*] powernv/idle: Round up latency and residency values
+ - ipvlan: fix ipv6 outbound device
+ - blk-mq: Avoid that request queue removal can trigger list corruption
+ - nvmet-rdma: update queue list during ib_device removal
+ - audit: Allow auditd to set pid to 0 to end auditing
+ - audit: ensure that 'audit=1' actually enables audit for PID 1
+ - dm raid: fix panic when attempting to force a raid to sync
+ - md: free unused memory after bitmap resize
+ - RDMA/cxgb4: Annotate r2 and stag as __be32
+ - [x86] intel_rdt: Fix potential deadlock during resctrl unmount
[ Salvatore Bonaccorso ]
* Add ABI reference for 4.14.0-1
diff --git a/debian/patches/bugfix/all/apparmor-fix-oops-in-audit_signal_cb-hook.patch b/debian/patches/bugfix/all/apparmor-fix-oops-in-audit_signal_cb-hook.patch
deleted file mode 100644
index 1b116b7..0000000
--- a/debian/patches/bugfix/all/apparmor-fix-oops-in-audit_signal_cb-hook.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From: John Johansen <john.johansen at canonical.com>
-Date: Wed, 22 Nov 2017 07:33:38 -0800
-Subject: apparmor: fix oops in audit_signal_cb hook
-Origin: https://lkml.org/lkml/2017/11/22/411
-
-The apparmor_audit_data struct ordering got messed up during a merge
-conflict, resulting in the signal integer and peer pointer being in
-a union instead of a struct together.
-
-For most of the 4.13 and 4.14 life cycle, this was hidden by commit
-651e28c5537abb39076d3949fb7618536f1d242e which fixed the
-apparmor_audit_data struct when its data was added. When that commit
-was reverted in -rc7 the signal audit bug was exposed, and
-unfortunately it never showed up in any of the testing until after
-4.14 was released, and Shaun Khan, Zephaniah E. Loss-Cutler-Hull filed
-nearly simultaneous bug reports (with different oopes, the smaller of
-which is included below).
-
-Full credit goes to Tetsuo Handa for jumping on this as well and
-noticing the audit data struct problem and reporting it.
-
-Alright, trying again, this time with my mail settings to actually send
-as plain text, and with some more detail.
-
-I am running Ubuntu 16.04, with a mainline 4.14 kernel.
-
-[ 76.178568] BUG: unable to handle kernel paging request at ffffffff0eee3bc0
-[ 76.178579] IP: audit_signal_cb+0x6c/0xe0
-[ 76.178581] PGD 1a640a067 P4D 1a640a067 PUD 0
-[ 76.178586] Oops: 0000 [#1] PREEMPT SMP
-[ 76.178589] Modules linked in: fuse rfcomm bnep usblp uvcvideo btusb btrtl btbcm btintel bluetooth ecdh_generic ip6table_filter ip6_tables xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iptable_filter ip_tables x_tables intel_rapl joydev wmi_bmof serio_raw iwldvm iwlwifi shpchp kvm_intel kvm irqbypass autofs4 algif_skcipher nls_iso8859_1 nls_cp437 crc32_pclmul ghash_clmulni_intel
-[ 76.178620] CPU: 0 PID: 10675 Comm: pidgin Not tainted 4.14.0-f1-dirty #135
-[ 76.178623] Hardware name: Hewlett-Packard HP EliteBook Folio 9470m/18DF, BIOS 68IBD Ver. F.62 10/22/2015
-[ 76.178625] task: ffff9c7a94c31dc0 task.stack: ffffa09b02a4c000
-[ 76.178628] RIP: 0010:audit_signal_cb+0x6c/0xe0
-[ 76.178631] RSP: 0018:ffffa09b02a4fc08 EFLAGS: 00010292
-[ 76.178634] RAX: ffffa09b02a4fd60 RBX: ffff9c7aee0741f8 RCX: 0000000000000000
-[ 76.178636] RDX: ffffffffee012290 RSI: 0000000000000006 RDI: ffff9c7a9493d800
-[ 76.178638] RBP: ffffa09b02a4fd40 R08: 000000000000004d R09: ffffa09b02a4fc46
-[ 76.178641] R10: ffffa09b02a4fcb8 R11: ffff9c7ab44f5072 R12: ffffa09b02a4fd40
-[ 76.178643] R13: ffffffff9e447be0 R14: ffff9c7a94c31dc0 R15: 0000000000000001
-[ 76.178646] FS: 00007f8b11ba2a80(0000) GS:ffff9c7afea00000(0000) knlGS:0000000000000000
-[ 76.178648] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-[ 76.178650] CR2: ffffffff0eee3bc0 CR3: 00000003d5209002 CR4: 00000000001606f0
-[ 76.178652] Call Trace:
-[ 76.178660] common_lsm_audit+0x1da/0x780
-[ 76.178665] ? d_absolute_path+0x60/0x90
-[ 76.178669] ? aa_check_perms+0xcd/0xe0
-[ 76.178672] aa_check_perms+0xcd/0xe0
-[ 76.178675] profile_signal_perm.part.0+0x90/0xa0
-[ 76.178679] aa_may_signal+0x16e/0x1b0
-[ 76.178686] apparmor_task_kill+0x51/0x120
-[ 76.178690] security_task_kill+0x44/0x60
-[ 76.178695] group_send_sig_info+0x25/0x60
-[ 76.178699] kill_pid_info+0x36/0x60
-[ 76.178703] SYSC_kill+0xdb/0x180
-[ 76.178707] ? preempt_count_sub+0x92/0xd0
-[ 76.178712] ? _raw_write_unlock_irq+0x13/0x30
-[ 76.178716] ? task_work_run+0x6a/0x90
-[ 76.178720] ? exit_to_usermode_loop+0x80/0xa0
-[ 76.178723] entry_SYSCALL_64_fastpath+0x13/0x94
-[ 76.178727] RIP: 0033:0x7f8b0e58b767
-[ 76.178729] RSP: 002b:00007fff19efd4d8 EFLAGS: 00000206 ORIG_RAX: 000000000000003e
-[ 76.178732] RAX: ffffffffffffffda RBX: 0000557f3e3c2050 RCX: 00007f8b0e58b767
-[ 76.178735] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000263b
-[ 76.178737] RBP: 0000000000000000 R08: 0000557f3e3c2270 R09: 0000000000000001
-[ 76.178739] R10: 000000000000022d R11: 0000000000000206 R12: 0000000000000000
-[ 76.178741] R13: 0000000000000001 R14: 0000557f3e3c13c0 R15: 0000000000000000
-[ 76.178745] Code: 48 8b 55 18 48 89 df 41 b8 20 00 08 01 5b 5d 48 8b 42 10 48 8b 52 30 48 63 48 4c 48 8b 44 c8 48 31 c9 48 8b 70 38 e9 f4 fd 00 00 <48> 8b 14 d5 40 27 e5 9e 48 c7 c6 7d 07 19 9f 48 89 df e8 fd 35
-[ 76.178794] RIP: audit_signal_cb+0x6c/0xe0 RSP: ffffa09b02a4fc08
-[ 76.178796] CR2: ffffffff0eee3bc0
-[ 76.178799] ---[ end trace 514af9529297f1a3 ]---
-
-Fixes: cd1dbf76b23d ("apparmor: add the ability to mediate signals")
-Reported-by: Zephaniah E. Loss-Cutler-Hull <warp-spam_kernel at aehallh.com>
-Reported-by: Shuah Khan <shuahkh at osg.samsung.com>
-Reported-by: Tetsuo Handa <penguin-kernel at i-love.sakura.ne.jp>
-Signed-off-by: John Johansen <john.johansen at canonical.com>
----
- security/apparmor/include/audit.h | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
---- a/security/apparmor/include/audit.h
-+++ b/security/apparmor/include/audit.h
-@@ -121,17 +121,19 @@ struct apparmor_audit_data {
- /* these entries require a custom callback fn */
- struct {
- struct aa_label *peer;
-- struct {
-- const char *target;
-- kuid_t ouid;
-- } fs;
-+ union {
-+ struct {
-+ const char *target;
-+ kuid_t ouid;
-+ } fs;
-+ int signal;
-+ };
- };
- struct {
- struct aa_profile *profile;
- const char *ns;
- long pos;
- } iface;
-- int signal;
- struct {
- int rlim;
- unsigned long max;
diff --git a/debian/patches/bugfix/all/dvb_frontend-don-t-use-after-free-the-frontend-struc.patch b/debian/patches/bugfix/all/dvb_frontend-don-t-use-after-free-the-frontend-struc.patch
deleted file mode 100644
index 1db3a03..0000000
--- a/debian/patches/bugfix/all/dvb_frontend-don-t-use-after-free-the-frontend-struc.patch
+++ /dev/null
@@ -1,183 +0,0 @@
-From: Mauro Carvalho Chehab <mchehab at s-opensource.com>
-Date: Tue, 7 Nov 2017 08:39:39 -0500
-Subject: dvb_frontend: don't use-after-free the frontend struct
-Origin: https://git.kernel.org/linus/b1cb7372fa822af6c06c8045963571d13ad6348b
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-16648
-
-dvb_frontend_invoke_release() may free the frontend struct.
-So, the free logic can't update it anymore after calling it.
-
-That's OK, as __dvb_frontend_free() is called only when the
-krefs are zeroed, so nobody is using it anymore.
-
-That should fix the following KASAN error:
-
-The KASAN report looks like this (running on kernel 3e0cc09a3a2c40ec1ffb6b4e12da86e98feccb11 (4.14-rc5+)):
-==================================================================
-BUG: KASAN: use-after-free in __dvb_frontend_free+0x113/0x120
-Write of size 8 at addr ffff880067d45a00 by task kworker/0:1/24
-
-CPU: 0 PID: 24 Comm: kworker/0:1 Not tainted 4.14.0-rc5-43687-g06ab8a23e0e6 #545
-Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
-Workqueue: usb_hub_wq hub_event
-Call Trace:
- __dump_stack lib/dump_stack.c:16
- dump_stack+0x292/0x395 lib/dump_stack.c:52
- print_address_description+0x78/0x280 mm/kasan/report.c:252
- kasan_report_error mm/kasan/report.c:351
- kasan_report+0x23d/0x350 mm/kasan/report.c:409
- __asan_report_store8_noabort+0x1c/0x20 mm/kasan/report.c:435
- __dvb_frontend_free+0x113/0x120 drivers/media/dvb-core/dvb_frontend.c:156
- dvb_frontend_put+0x59/0x70 drivers/media/dvb-core/dvb_frontend.c:176
- dvb_frontend_detach+0x120/0x150 drivers/media/dvb-core/dvb_frontend.c:2803
- dvb_usb_adapter_frontend_exit+0xd6/0x160 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:340
- dvb_usb_adapter_exit drivers/media/usb/dvb-usb/dvb-usb-init.c:116
- dvb_usb_exit+0x9b/0x200 drivers/media/usb/dvb-usb/dvb-usb-init.c:132
- dvb_usb_device_exit+0xa5/0xf0 drivers/media/usb/dvb-usb/dvb-usb-init.c:295
- usb_unbind_interface+0x21c/0xa90 drivers/usb/core/driver.c:423
- __device_release_driver drivers/base/dd.c:861
- device_release_driver_internal+0x4f1/0x5c0 drivers/base/dd.c:893
- device_release_driver+0x1e/0x30 drivers/base/dd.c:918
- bus_remove_device+0x2f4/0x4b0 drivers/base/bus.c:565
- device_del+0x5c4/0xab0 drivers/base/core.c:1985
- usb_disable_device+0x1e9/0x680 drivers/usb/core/message.c:1170
- usb_disconnect+0x260/0x7a0 drivers/usb/core/hub.c:2124
- hub_port_connect drivers/usb/core/hub.c:4754
- hub_port_connect_change drivers/usb/core/hub.c:5009
- port_event drivers/usb/core/hub.c:5115
- hub_event+0x1318/0x3740 drivers/usb/core/hub.c:5195
- process_one_work+0xc73/0x1d90 kernel/workqueue.c:2119
- worker_thread+0x221/0x1850 kernel/workqueue.c:2253
- kthread+0x363/0x440 kernel/kthread.c:231
- ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
-
-Allocated by task 24:
- save_stack_trace+0x1b/0x20 arch/x86/kernel/stacktrace.c:59
- save_stack+0x43/0xd0 mm/kasan/kasan.c:447
- set_track mm/kasan/kasan.c:459
- kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:551
- kmem_cache_alloc_trace+0x11e/0x2d0 mm/slub.c:2772
- kmalloc ./include/linux/slab.h:493
- kzalloc ./include/linux/slab.h:666
- dtt200u_fe_attach+0x4c/0x110 drivers/media/usb/dvb-usb/dtt200u-fe.c:212
- dtt200u_frontend_attach+0x35/0x80 drivers/media/usb/dvb-usb/dtt200u.c:136
- dvb_usb_adapter_frontend_init+0x32b/0x660 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:286
- dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:86
- dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:162
- dvb_usb_device_init+0xf73/0x17f0 drivers/media/usb/dvb-usb/dvb-usb-init.c:277
- dtt200u_usb_probe+0xa1/0xe0 drivers/media/usb/dvb-usb/dtt200u.c:155
- usb_probe_interface+0x35d/0x8e0 drivers/usb/core/driver.c:361
- really_probe drivers/base/dd.c:413
- driver_probe_device+0x610/0xa00 drivers/base/dd.c:557
- __device_attach_driver+0x230/0x290 drivers/base/dd.c:653
- bus_for_each_drv+0x161/0x210 drivers/base/bus.c:463
- __device_attach+0x26b/0x3c0 drivers/base/dd.c:710
- device_initial_probe+0x1f/0x30 drivers/base/dd.c:757
- bus_probe_device+0x1eb/0x290 drivers/base/bus.c:523
- device_add+0xd0b/0x1660 drivers/base/core.c:1835
- usb_set_configuration+0x104e/0x1870 drivers/usb/core/message.c:1932
- generic_probe+0x73/0xe0 drivers/usb/core/generic.c:174
- usb_probe_device+0xaf/0xe0 drivers/usb/core/driver.c:266
- really_probe drivers/base/dd.c:413
- driver_probe_device+0x610/0xa00 drivers/base/dd.c:557
- __device_attach_driver+0x230/0x290 drivers/base/dd.c:653
- bus_for_each_drv+0x161/0x210 drivers/base/bus.c:463
- __device_attach+0x26b/0x3c0 drivers/base/dd.c:710
- device_initial_probe+0x1f/0x30 drivers/base/dd.c:757
- bus_probe_device+0x1eb/0x290 drivers/base/bus.c:523
- device_add+0xd0b/0x1660 drivers/base/core.c:1835
- usb_new_device+0x7b8/0x1020 drivers/usb/core/hub.c:2457
- hub_port_connect drivers/usb/core/hub.c:4903
- hub_port_connect_change drivers/usb/core/hub.c:5009
- port_event drivers/usb/core/hub.c:5115
- hub_event+0x194d/0x3740 drivers/usb/core/hub.c:5195
- process_one_work+0xc73/0x1d90 kernel/workqueue.c:2119
- worker_thread+0x221/0x1850 kernel/workqueue.c:2253
- kthread+0x363/0x440 kernel/kthread.c:231
- ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
-
-Freed by task 24:
- save_stack_trace+0x1b/0x20 arch/x86/kernel/stacktrace.c:59
- save_stack+0x43/0xd0 mm/kasan/kasan.c:447
- set_track mm/kasan/kasan.c:459
- kasan_slab_free+0x72/0xc0 mm/kasan/kasan.c:524
- slab_free_hook mm/slub.c:1390
- slab_free_freelist_hook mm/slub.c:1412
- slab_free mm/slub.c:2988
- kfree+0xf6/0x2f0 mm/slub.c:3919
- dtt200u_fe_release+0x3c/0x50 drivers/media/usb/dvb-usb/dtt200u-fe.c:202
- dvb_frontend_invoke_release.part.13+0x1c/0x30 drivers/media/dvb-core/dvb_frontend.c:2790
- dvb_frontend_invoke_release drivers/media/dvb-core/dvb_frontend.c:2789
- __dvb_frontend_free+0xad/0x120 drivers/media/dvb-core/dvb_frontend.c:153
- dvb_frontend_put+0x59/0x70 drivers/media/dvb-core/dvb_frontend.c:176
- dvb_frontend_detach+0x120/0x150 drivers/media/dvb-core/dvb_frontend.c:2803
- dvb_usb_adapter_frontend_exit+0xd6/0x160 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:340
- dvb_usb_adapter_exit drivers/media/usb/dvb-usb/dvb-usb-init.c:116
- dvb_usb_exit+0x9b/0x200 drivers/media/usb/dvb-usb/dvb-usb-init.c:132
- dvb_usb_device_exit+0xa5/0xf0 drivers/media/usb/dvb-usb/dvb-usb-init.c:295
- usb_unbind_interface+0x21c/0xa90 drivers/usb/core/driver.c:423
- __device_release_driver drivers/base/dd.c:861
- device_release_driver_internal+0x4f1/0x5c0 drivers/base/dd.c:893
- device_release_driver+0x1e/0x30 drivers/base/dd.c:918
- bus_remove_device+0x2f4/0x4b0 drivers/base/bus.c:565
- device_del+0x5c4/0xab0 drivers/base/core.c:1985
- usb_disable_device+0x1e9/0x680 drivers/usb/core/message.c:1170
- usb_disconnect+0x260/0x7a0 drivers/usb/core/hub.c:2124
- hub_port_connect drivers/usb/core/hub.c:4754
- hub_port_connect_change drivers/usb/core/hub.c:5009
- port_event drivers/usb/core/hub.c:5115
- hub_event+0x1318/0x3740 drivers/usb/core/hub.c:5195
- process_one_work+0xc73/0x1d90 kernel/workqueue.c:2119
- worker_thread+0x221/0x1850 kernel/workqueue.c:2253
- kthread+0x363/0x440 kernel/kthread.c:231
- ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431
-
-The buggy address belongs to the object at ffff880067d45500
- which belongs to the cache kmalloc-2048 of size 2048
-The buggy address is located 1280 bytes inside of
- 2048-byte region [ffff880067d45500, ffff880067d45d00)
-The buggy address belongs to the page:
-page:ffffea00019f5000 count:1 mapcount:0 mapping: (null)
-index:0x0 compound_mapcount: 0
-flags: 0x100000000008100(slab|head)
-raw: 0100000000008100 0000000000000000 0000000000000000 00000001000f000f
-raw: dead000000000100 dead000000000200 ffff88006c002d80 0000000000000000
-page dumped because: kasan: bad access detected
-
-Memory state around the buggy address:
- ffff880067d45900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
- ffff880067d45980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
- ffff880067d45a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
- ^
- ffff880067d45a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
- ffff880067d45b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
-==================================================================
-
-Fixes: ead666000a5f ("media: dvb_frontend: only use kref after initialized")
-
-Reported-by: Andrey Konovalov <andreyknvl at google.com>
-Suggested-by: Matthias Schwarzott <zzam at gentoo.org>
-Tested-by: Andrey Konovalov <andreyknvl at google.com>
-Signed-off-by: Mauro Carvalho Chehab <mchehab at s-opensource.com>
----
- drivers/media/dvb-core/dvb_frontend.c | 7 ++-----
- 1 file changed, 2 insertions(+), 5 deletions(-)
-
-diff --git a/drivers/media/dvb-core/dvb_frontend.c b/drivers/media/dvb-core/dvb_frontend.c
-index d485d5f6cc88..3ad83359098b 100644
---- a/drivers/media/dvb-core/dvb_frontend.c
-+++ b/drivers/media/dvb-core/dvb_frontend.c
-@@ -150,11 +150,8 @@ static void __dvb_frontend_free(struct dvb_frontend *fe)
-
- dvb_frontend_invoke_release(fe, fe->ops.release);
-
-- if (!fepriv)
-- return;
--
-- kfree(fepriv);
-- fe->frontend_priv = NULL;
-+ if (fepriv)
-+ kfree(fepriv);
- }
-
- static void dvb_frontend_free(struct kref *ref)
diff --git a/debian/patches/bugfix/all/media-cx231xx-cards-fix-null-deref-on-missing-associ.patch b/debian/patches/bugfix/all/media-cx231xx-cards-fix-null-deref-on-missing-associ.patch
deleted file mode 100644
index b6ad1e0..0000000
--- a/debian/patches/bugfix/all/media-cx231xx-cards-fix-null-deref-on-missing-associ.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From: Johan Hovold <johan at kernel.org>
-Date: Thu, 21 Sep 2017 05:40:18 -0300
-Subject: [media] cx231xx-cards: fix NULL-deref on missing association
- descriptor
-Origin: https://git.kernel.org/linus/6c3b047fa2d2286d5e438bcb470c7b1a49f415f6
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-16536
-
-Make sure to check that we actually have an Interface Association
-Descriptor before dereferencing it during probe to avoid dereferencing a
-NULL-pointer.
-
-Fixes: e0d3bafd0258 ("V4L/DVB (10954): Add cx231xx USB driver")
-
-Cc: stable <stable at vger.kernel.org> # 2.6.30
-Reported-by: Andrey Konovalov <andreyknvl at google.com>
-Signed-off-by: Johan Hovold <johan at kernel.org>
-Tested-by: Andrey Konovalov <andreyknvl at google.com>
-Signed-off-by: Hans Verkuil <hans.verkuil at cisco.com>
-Signed-off-by: Mauro Carvalho Chehab <mchehab at osg.samsung.com>
----
- drivers/media/usb/cx231xx/cx231xx-cards.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/drivers/media/usb/cx231xx/cx231xx-cards.c b/drivers/media/usb/cx231xx/cx231xx-cards.c
-index e0daa9b6c2a0..9b742d569fb5 100644
---- a/drivers/media/usb/cx231xx/cx231xx-cards.c
-+++ b/drivers/media/usb/cx231xx/cx231xx-cards.c
-@@ -1684,7 +1684,7 @@ static int cx231xx_usb_probe(struct usb_interface *interface,
- nr = dev->devno;
-
- assoc_desc = udev->actconfig->intf_assoc[0];
-- if (assoc_desc->bFirstInterface != ifnum) {
-+ if (!assoc_desc || assoc_desc->bFirstInterface != ifnum) {
- dev_err(d, "Not found matching IAD interface\n");
- retval = -ENODEV;
- goto err_if;
diff --git a/debian/patches/bugfix/all/media-dvb-core-always-call-invoke_release-in-fe_free.patch b/debian/patches/bugfix/all/media-dvb-core-always-call-invoke_release-in-fe_free.patch
deleted file mode 100644
index bcf2cca..0000000
--- a/debian/patches/bugfix/all/media-dvb-core-always-call-invoke_release-in-fe_free.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From: Daniel Scheller <d.scheller at gmx.net>
-Date: Sun, 29 Oct 2017 11:43:22 -0400
-Subject: media: dvb-core: always call invoke_release() in fe_free()
-Origin: https://git.kernel.org/linus/62229de19ff2b7f3e0ebf4d48ad99061127d0281
-
-Follow-up to: ead666000a5f ("media: dvb_frontend: only use kref after initialized")
-
-The aforementioned commit fixed refcount OOPSes when demod driver attaching
-succeeded but tuner driver didn't. However, the use count of the attached
-demod drivers don't go back to zero and thus couldn't be cleanly unloaded.
-Improve on this by calling dvb_frontend_invoke_release() in
-__dvb_frontend_free() regardless of fepriv being NULL, instead of returning
-when fepriv is NULL. This is safe to do since _invoke_release() will check
-for passed pointers being valid before calling the .release() function.
-
-[mchehab at s-opensource.com: changed the logic a little bit to reduce
- conflicts with another bug fix patch under review]
-Fixes: ead666000a5f ("media: dvb_frontend: only use kref after initialized")
-Signed-off-by: Daniel Scheller <d.scheller at gmx.net>
-Signed-off-by: Mauro Carvalho Chehab <mchehab at s-opensource.com>
----
- drivers/media/dvb-core/dvb_frontend.c | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/drivers/media/dvb-core/dvb_frontend.c b/drivers/media/dvb-core/dvb_frontend.c
-index daaf969719e4..d485d5f6cc88 100644
---- a/drivers/media/dvb-core/dvb_frontend.c
-+++ b/drivers/media/dvb-core/dvb_frontend.c
-@@ -145,13 +145,14 @@ static void __dvb_frontend_free(struct dvb_frontend *fe)
- {
- struct dvb_frontend_private *fepriv = fe->frontend_priv;
-
-- if (!fepriv)
-- return;
--
-- dvb_free_device(fepriv->dvbdev);
-+ if (fepriv)
-+ dvb_free_device(fepriv->dvbdev);
-
- dvb_frontend_invoke_release(fe, fe->ops.release);
-
-+ if (!fepriv)
-+ return;
-+
- kfree(fepriv);
- fe->frontend_priv = NULL;
- }
diff --git a/debian/patches/bugfix/all/mm-thp-Do-not-make-page-table-dirty-unconditionally-.patch b/debian/patches/bugfix/all/mm-thp-Do-not-make-page-table-dirty-unconditionally-.patch
deleted file mode 100644
index 6647fde..0000000
--- a/debian/patches/bugfix/all/mm-thp-Do-not-make-page-table-dirty-unconditionally-.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From: "Kirill A. Shutemov" <kirill.shutemov at linux.intel.com>
-Date: Mon, 27 Nov 2017 06:21:25 +0300
-Subject: mm, thp: Do not make page table dirty unconditionally in
- touch_p[mu]d()
-Origin: https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-1000405
-
-Currently, we unconditionally make page table dirty in touch_pmd().
-It may result in false-positive can_follow_write_pmd().
-
-We may avoid the situation, if we would only make the page table entry
-dirty if caller asks for write access -- FOLL_WRITE.
-
-The patch also changes touch_pud() in the same way.
-
-Signed-off-by: Kirill A. Shutemov <kirill.shutemov at linux.intel.com>
-Cc: Michal Hocko <mhocko at suse.com>
-Cc: Hugh Dickins <hughd at google.com>
-Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
----
- mm/huge_memory.c | 36 +++++++++++++-----------------------
- 1 file changed, 13 insertions(+), 23 deletions(-)
-
-diff --git a/mm/huge_memory.c b/mm/huge_memory.c
-index 86fe697e8bfb..0e7ded98d114 100644
---- a/mm/huge_memory.c
-+++ b/mm/huge_memory.c
-@@ -842,20 +842,15 @@ EXPORT_SYMBOL_GPL(vmf_insert_pfn_pud);
- #endif /* CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD */
-
- static void touch_pmd(struct vm_area_struct *vma, unsigned long addr,
-- pmd_t *pmd)
-+ pmd_t *pmd, int flags)
- {
- pmd_t _pmd;
-
-- /*
-- * We should set the dirty bit only for FOLL_WRITE but for now
-- * the dirty bit in the pmd is meaningless. And if the dirty
-- * bit will become meaningful and we'll only set it with
-- * FOLL_WRITE, an atomic set_bit will be required on the pmd to
-- * set the young bit, instead of the current set_pmd_at.
-- */
-- _pmd = pmd_mkyoung(pmd_mkdirty(*pmd));
-+ _pmd = pmd_mkyoung(*pmd);
-+ if (flags & FOLL_WRITE)
-+ _pmd = pmd_mkdirty(_pmd);
- if (pmdp_set_access_flags(vma, addr & HPAGE_PMD_MASK,
-- pmd, _pmd, 1))
-+ pmd, _pmd, flags & FOLL_WRITE))
- update_mmu_cache_pmd(vma, addr, pmd);
- }
-
-@@ -884,7 +879,7 @@ struct page *follow_devmap_pmd(struct vm_area_struct *vma, unsigned long addr,
- return NULL;
-
- if (flags & FOLL_TOUCH)
-- touch_pmd(vma, addr, pmd);
-+ touch_pmd(vma, addr, pmd, flags);
-
- /*
- * device mapped pages can only be returned if the
-@@ -995,20 +990,15 @@ int copy_huge_pmd(struct mm_struct *dst_mm, struct mm_struct *src_mm,
-
- #ifdef CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD
- static void touch_pud(struct vm_area_struct *vma, unsigned long addr,
-- pud_t *pud)
-+ pud_t *pud, int flags)
- {
- pud_t _pud;
-
-- /*
-- * We should set the dirty bit only for FOLL_WRITE but for now
-- * the dirty bit in the pud is meaningless. And if the dirty
-- * bit will become meaningful and we'll only set it with
-- * FOLL_WRITE, an atomic set_bit will be required on the pud to
-- * set the young bit, instead of the current set_pud_at.
-- */
-- _pud = pud_mkyoung(pud_mkdirty(*pud));
-+ _pud = pud_mkyoung(*pud);
-+ if (flags & FOLL_WRITE)
-+ _pud = pud_mkdirty(_pud);
- if (pudp_set_access_flags(vma, addr & HPAGE_PUD_MASK,
-- pud, _pud, 1))
-+ pud, _pud, flags & FOLL_WRITE))
- update_mmu_cache_pud(vma, addr, pud);
- }
-
-@@ -1031,7 +1021,7 @@ struct page *follow_devmap_pud(struct vm_area_struct *vma, unsigned long addr,
- return NULL;
-
- if (flags & FOLL_TOUCH)
-- touch_pud(vma, addr, pud);
-+ touch_pud(vma, addr, pud, flags);
-
- /*
- * device mapped pages can only be returned if the
-@@ -1424,7 +1414,7 @@ struct page *follow_trans_huge_pmd(struct vm_area_struct *vma,
- page = pmd_page(*pmd);
- VM_BUG_ON_PAGE(!PageHead(page) && !is_zone_device_page(page), page);
- if (flags & FOLL_TOUCH)
-- touch_pmd(vma, addr, pmd);
-+ touch_pmd(vma, addr, pmd, flags);
- if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) {
- /*
- * We don't mlock() pte-mapped THPs. This way we can avoid
---
-2.15.0
-
diff --git a/debian/patches/debian/kernelvariables.patch b/debian/patches/debian/kernelvariables.patch
index d2bdec0..a890a8c 100644
--- a/debian/patches/debian/kernelvariables.patch
+++ b/debian/patches/debian/kernelvariables.patch
@@ -14,7 +14,7 @@ use of $(ARCH) needs to be moved after this.
--- a/Makefile
+++ b/Makefile
-@@ -255,42 +255,6 @@ SUBARCH := $(shell uname -m | sed -e s/i
+@@ -251,42 +251,6 @@ SUBARCH := $(shell uname -m | sed -e s/i
ARCH ?= $(SUBARCH)
CROSS_COMPILE ?= $(CONFIG_CROSS_COMPILE:"%"=%)
@@ -57,9 +57,9 @@ use of $(ARCH) needs to be moved after this.
KCONFIG_CONFIG ?= .config
export KCONFIG_CONFIG
-@@ -373,6 +337,44 @@ LDFLAGS_vmlinux =
- CFLAGS_GCOV := -fprofile-arcs -ftest-coverage -fno-tree-loop-im $(call cc-disable-warning,maybe-uninitialized,)
- CFLAGS_KCOV := $(call cc-option,-fsanitize-coverage=trace-pc,)
+@@ -374,6 +338,45 @@ CFLAGS_KERNEL =
+ AFLAGS_KERNEL =
+ LDFLAGS_vmlinux =
+-include $(obj)/.kernelvariables
+
@@ -99,6 +99,7 @@ use of $(ARCH) needs to be moved after this.
+ifeq ($(ARCH),m68knommu)
+ hdr-arch := m68k
+endif
-
++
# Use USERINCLUDE when you must reference the UAPI directories only.
USERINCLUDE := \
+ -I$(srctree)/arch/$(hdr-arch)/include/uapi \
diff --git a/debian/patches/features/all/aufs4/aufs4-standalone.patch b/debian/patches/features/all/aufs4/aufs4-standalone.patch
index 78efd82..085dc2f 100644
--- a/debian/patches/features/all/aufs4/aufs4-standalone.patch
+++ b/debian/patches/features/all/aufs4/aufs4-standalone.patch
@@ -8,11 +8,9 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch
aufs4.14 standalone patch
-diff --git a/fs/dcache.c b/fs/dcache.c
-index e3719a5..3203470 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
-@@ -1305,6 +1305,7 @@ void d_walk(struct dentry *parent, void *data,
+@@ -1305,6 +1305,7 @@ rename_retry:
seq = 1;
goto again;
}
@@ -20,7 +18,7 @@ index e3719a5..3203470 100644
struct check_mount {
struct vfsmount *mnt;
-@@ -2894,6 +2895,7 @@ void d_exchange(struct dentry *dentry1, struct dentry *dentry2)
+@@ -2894,6 +2895,7 @@ void d_exchange(struct dentry *dentry1,
write_sequnlock(&rename_lock);
}
@@ -28,11 +26,9 @@ index e3719a5..3203470 100644
/**
* d_ancestor - search for an ancestor
-diff --git a/fs/exec.c b/fs/exec.c
-index 3e14ba2..6818b01 100644
--- a/fs/exec.c
+++ b/fs/exec.c
-@@ -109,6 +109,7 @@ bool path_noexec(const struct path *path)
+@@ -109,6 +109,7 @@ bool path_noexec(const struct path *path
return (path->mnt->mnt_flags & MNT_NOEXEC) ||
(path->mnt->mnt_sb->s_iflags & SB_I_NOEXEC);
}
@@ -40,11 +36,9 @@ index 3e14ba2..6818b01 100644
#ifdef CONFIG_USELIB
/*
-diff --git a/fs/fcntl.c b/fs/fcntl.c
-index cffefab..725d190 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
-@@ -85,6 +85,7 @@ int setfl(int fd, struct file * filp, unsigned long arg)
+@@ -85,6 +85,7 @@ int setfl(int fd, struct file * filp, un
out:
return error;
}
@@ -52,11 +46,9 @@ index cffefab..725d190 100644
static void f_modown(struct file *filp, struct pid *pid, enum pid_type type,
int force)
-diff --git a/fs/file_table.c b/fs/file_table.c
-index 61517f5..c6bab39c 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
-@@ -148,6 +148,7 @@ struct file *get_empty_filp(void)
+@@ -148,6 +148,7 @@ over:
}
return ERR_PTR(-ENFILE);
}
@@ -88,11 +80,9 @@ index 61517f5..c6bab39c 100644
void __init files_init(void)
{
-diff --git a/fs/inode.c b/fs/inode.c
-index f7800d6..f31a6c7 100644
--- a/fs/inode.c
+++ b/fs/inode.c
-@@ -1664,6 +1664,7 @@ int update_time(struct inode *inode, struct timespec *time, int flags)
+@@ -1664,6 +1664,7 @@ int update_time(struct inode *inode, str
return update_time(inode, time, flags);
}
@@ -100,11 +90,9 @@ index f7800d6..f31a6c7 100644
/**
* touch_atime - update the access time
-diff --git a/fs/namespace.c b/fs/namespace.c
-index e5a4a7f..6d0c376 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
-@@ -517,6 +517,7 @@ void __mnt_drop_write(struct vfsmount *mnt)
+@@ -517,6 +517,7 @@ void __mnt_drop_write(struct vfsmount *m
mnt_dec_writers(real_mount(mnt));
preempt_enable();
}
@@ -112,7 +100,7 @@ index e5a4a7f..6d0c376 100644
/**
* mnt_drop_write - give up write access to a mount
-@@ -851,6 +852,7 @@ int is_current_mnt_ns(struct vfsmount *mnt)
+@@ -851,6 +852,7 @@ int is_current_mnt_ns(struct vfsmount *m
{
return check_mnt(real_mount(mnt));
}
@@ -120,7 +108,7 @@ index e5a4a7f..6d0c376 100644
/*
* vfsmount lock must be held for write
-@@ -1887,6 +1889,7 @@ int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg,
+@@ -1887,6 +1889,7 @@ int iterate_mounts(int (*f)(struct vfsmo
}
return 0;
}
@@ -128,8 +116,6 @@ index e5a4a7f..6d0c376 100644
static void cleanup_group_ids(struct mount *mnt, struct mount *end)
{
-diff --git a/fs/notify/group.c b/fs/notify/group.c
-index 3235753..14a2d48 100644
--- a/fs/notify/group.c
+++ b/fs/notify/group.c
@@ -22,6 +22,7 @@
@@ -140,7 +126,7 @@ index 3235753..14a2d48 100644
#include <linux/fsnotify_backend.h>
#include "fsnotify.h"
-@@ -109,6 +110,7 @@ void fsnotify_get_group(struct fsnotify_group *group)
+@@ -109,6 +110,7 @@ void fsnotify_get_group(struct fsnotify_
{
atomic_inc(&group->refcnt);
}
@@ -148,7 +134,7 @@ index 3235753..14a2d48 100644
/*
* Drop a reference to a group. Free it if it's through.
-@@ -118,6 +120,7 @@ void fsnotify_put_group(struct fsnotify_group *group)
+@@ -118,6 +120,7 @@ void fsnotify_put_group(struct fsnotify_
if (atomic_dec_and_test(&group->refcnt))
fsnotify_final_destroy_group(group);
}
@@ -156,7 +142,7 @@ index 3235753..14a2d48 100644
/*
* Create a new fsnotify_group and hold a reference for the group returned.
-@@ -147,6 +150,7 @@ struct fsnotify_group *fsnotify_alloc_group(const struct fsnotify_ops *ops)
+@@ -147,6 +150,7 @@ struct fsnotify_group *fsnotify_alloc_gr
return group;
}
@@ -164,19 +150,17 @@ index 3235753..14a2d48 100644
int fsnotify_fasync(int fd, struct file *file, int on)
{
-diff --git a/fs/notify/mark.c b/fs/notify/mark.c
-index 9991f88..117042c 100644
--- a/fs/notify/mark.c
+++ b/fs/notify/mark.c
-@@ -118,6 +118,7 @@ static bool fsnotify_get_mark_safe(struct fsnotify_mark *mark)
- {
- return atomic_inc_not_zero(&mark->refcnt);
+@@ -245,6 +245,7 @@ void fsnotify_put_mark(struct fsnotify_m
+ queue_delayed_work(system_unbound_wq, &reaper_work,
+ FSNOTIFY_REAPER_DELAY);
}
+EXPORT_SYMBOL_GPL(fsnotify_put_mark);
- static void __fsnotify_recalc_mask(struct fsnotify_mark_connector *conn)
- {
-@@ -395,6 +396,7 @@ void fsnotify_destroy_mark(struct fsnotify_mark *mark,
+ /*
+ * Get mark reference when we found the mark via lockless traversal of object
+@@ -392,6 +393,7 @@ void fsnotify_destroy_mark(struct fsnoti
mutex_unlock(&group->mark_mutex);
fsnotify_free_mark(mark);
}
@@ -184,7 +168,7 @@ index 9991f88..117042c 100644
/*
* Sorting function for lists of fsnotify marks.
-@@ -607,6 +609,7 @@ int fsnotify_add_mark_locked(struct fsnotify_mark *mark, struct inode *inode,
+@@ -604,6 +606,7 @@ err:
fsnotify_put_mark(mark);
return ret;
}
@@ -192,7 +176,7 @@ index 9991f88..117042c 100644
int fsnotify_add_mark(struct fsnotify_mark *mark, struct inode *inode,
struct vfsmount *mnt, int allow_dups)
-@@ -742,6 +745,7 @@ void fsnotify_init_mark(struct fsnotify_mark *mark,
+@@ -739,6 +742,7 @@ void fsnotify_init_mark(struct fsnotify_
fsnotify_get_group(group);
mark->group = group;
}
@@ -200,11 +184,9 @@ index 9991f88..117042c 100644
/*
* Destroy all marks in destroy_list, waits for SRCU period to finish before
-diff --git a/fs/open.c b/fs/open.c
-index 7ea1184..6e2e241 100644
--- a/fs/open.c
+++ b/fs/open.c
-@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
+@@ -64,6 +64,7 @@ int do_truncate(struct dentry *dentry, l
inode_unlock(dentry->d_inode);
return ret;
}
@@ -220,11 +202,9 @@ index 7ea1184..6e2e241 100644
static int do_dentry_open(struct file *f,
struct inode *inode,
-diff --git a/fs/read_write.c b/fs/read_write.c
-index 2388284..b2a68e5 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
-@@ -454,6 +454,7 @@ ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos)
+@@ -454,6 +454,7 @@ ssize_t vfs_read(struct file *file, char
return ret;
}
@@ -240,7 +220,7 @@ index 2388284..b2a68e5 100644
vfs_writef_t vfs_writef(struct file *file)
{
-@@ -505,6 +507,7 @@ vfs_writef_t vfs_writef(struct file *file)
+@@ -505,6 +507,7 @@ vfs_writef_t vfs_writef(struct file *fil
return new_sync_write;
return ERR_PTR(-ENOSYS);
}
@@ -248,7 +228,7 @@ index 2388284..b2a68e5 100644
ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos)
{
-@@ -574,6 +577,7 @@ ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_
+@@ -574,6 +577,7 @@ ssize_t vfs_write(struct file *file, con
return ret;
}
@@ -256,11 +236,9 @@ index 2388284..b2a68e5 100644
static inline loff_t file_pos_read(struct file *file)
{
-diff --git a/fs/splice.c b/fs/splice.c
-index eb888c6..7ab89d2 100644
--- a/fs/splice.c
+++ b/fs/splice.c
-@@ -850,6 +850,7 @@ long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
+@@ -850,6 +850,7 @@ long do_splice_from(struct pipe_inode_in
return splice_write(pipe, out, ppos, len, flags);
}
@@ -268,7 +246,7 @@ index eb888c6..7ab89d2 100644
/*
* Attempt to initiate a splice from a file to a pipe.
-@@ -879,6 +880,7 @@ long do_splice_to(struct file *in, loff_t *ppos,
+@@ -879,6 +880,7 @@ long do_splice_to(struct file *in, loff_
return splice_read(in, ppos, pipe, len, flags);
}
@@ -276,11 +254,9 @@ index eb888c6..7ab89d2 100644
/**
* splice_direct_to_actor - splices data directly between two non-pipes
-diff --git a/fs/sync.c b/fs/sync.c
-index fe15900..e3386ea 100644
--- a/fs/sync.c
+++ b/fs/sync.c
-@@ -39,6 +39,7 @@ int __sync_filesystem(struct super_block *sb, int wait)
+@@ -39,6 +39,7 @@ int __sync_filesystem(struct super_block
sb->s_op->sync_fs(sb, wait);
return __sync_blockdev(sb->s_bdev, wait);
}
@@ -288,11 +264,9 @@ index fe15900..e3386ea 100644
/*
* Write out and wait upon all dirty data associated with this
-diff --git a/fs/xattr.c b/fs/xattr.c
-index 61cd28b..35570cd 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
-@@ -297,6 +297,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value,
+@@ -297,6 +297,7 @@ vfs_getxattr_alloc(struct dentry *dentry
*xattr_value = value;
return error;
}
@@ -300,11 +274,9 @@ index 61cd28b..35570cd 100644
ssize_t
__vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
-diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
-index bc97a97..895a1ba 100644
--- a/kernel/locking/lockdep.c
+++ b/kernel/locking/lockdep.c
-@@ -155,6 +155,7 @@ inline struct lock_class *lockdep_hlock_class(struct held_lock *hlock)
+@@ -155,6 +155,7 @@ inline struct lock_class *lockdep_hlock_
}
return lock_classes + hlock->class_idx - 1;
}
@@ -312,8 +284,6 @@ index bc97a97..895a1ba 100644
#define hlock_class(hlock) lockdep_hlock_class(hlock)
#ifdef CONFIG_LOCK_STAT
-diff --git a/kernel/task_work.c b/kernel/task_work.c
-index 5718b3e..e6c64d9 100644
--- a/kernel/task_work.c
+++ b/kernel/task_work.c
@@ -116,3 +116,4 @@ void task_work_run(void)
@@ -321,8 +291,6 @@ index 5718b3e..e6c64d9 100644
}
}
+EXPORT_SYMBOL_GPL(task_work_run);
-diff --git a/security/commoncap.c b/security/commoncap.c
-index fc46f5b..90543ef 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1270,12 +1270,14 @@ int cap_mmap_addr(unsigned long addr)
@@ -340,8 +308,6 @@ index fc46f5b..90543ef 100644
#ifdef CONFIG_SECURITY
-diff --git a/security/device_cgroup.c b/security/device_cgroup.c
-index 5ef7e52..e2e959d 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -8,6 +8,7 @@
@@ -352,7 +318,7 @@ index 5ef7e52..e2e959d 100644
#include <linux/list.h>
#include <linux/uaccess.h>
#include <linux/seq_file.h>
-@@ -850,6 +851,7 @@ int __devcgroup_inode_permission(struct inode *inode, int mask)
+@@ -850,6 +851,7 @@ int __devcgroup_inode_permission(struct
return __devcgroup_check_permission(type, imajor(inode), iminor(inode),
access);
}
@@ -360,11 +326,9 @@ index 5ef7e52..e2e959d 100644
int devcgroup_inode_mknod(int mode, dev_t dev)
{
-diff --git a/security/security.c b/security/security.c
-index 4bf0f57..b30d1e1 100644
--- a/security/security.c
+++ b/security/security.c
-@@ -530,6 +530,7 @@ int security_path_rmdir(const struct path *dir, struct dentry *dentry)
+@@ -530,6 +530,7 @@ int security_path_rmdir(const struct pat
return 0;
return call_int_hook(path_rmdir, 0, dir, dentry);
}
@@ -372,7 +336,7 @@ index 4bf0f57..b30d1e1 100644
int security_path_unlink(const struct path *dir, struct dentry *dentry)
{
-@@ -546,6 +547,7 @@ int security_path_symlink(const struct path *dir, struct dentry *dentry,
+@@ -546,6 +547,7 @@ int security_path_symlink(const struct p
return 0;
return call_int_hook(path_symlink, 0, dir, dentry, old_name);
}
@@ -380,7 +344,7 @@ index 4bf0f57..b30d1e1 100644
int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
struct dentry *new_dentry)
-@@ -554,6 +556,7 @@ int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
+@@ -554,6 +556,7 @@ int security_path_link(struct dentry *ol
return 0;
return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
}
@@ -388,7 +352,7 @@ index 4bf0f57..b30d1e1 100644
int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
const struct path *new_dir, struct dentry *new_dentry,
-@@ -581,6 +584,7 @@ int security_path_truncate(const struct path *path)
+@@ -581,6 +584,7 @@ int security_path_truncate(const struct
return 0;
return call_int_hook(path_truncate, 0, path);
}
@@ -396,7 +360,7 @@ index 4bf0f57..b30d1e1 100644
int security_path_chmod(const struct path *path, umode_t mode)
{
-@@ -588,6 +592,7 @@ int security_path_chmod(const struct path *path, umode_t mode)
+@@ -588,6 +592,7 @@ int security_path_chmod(const struct pat
return 0;
return call_int_hook(path_chmod, 0, path, mode);
}
@@ -404,7 +368,7 @@ index 4bf0f57..b30d1e1 100644
int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
-@@ -595,6 +600,7 @@ int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
+@@ -595,6 +600,7 @@ int security_path_chown(const struct pat
return 0;
return call_int_hook(path_chown, 0, path, uid, gid);
}
@@ -412,7 +376,7 @@ index 4bf0f57..b30d1e1 100644
int security_path_chroot(const struct path *path)
{
-@@ -680,6 +686,7 @@ int security_inode_readlink(struct dentry *dentry)
+@@ -680,6 +686,7 @@ int security_inode_readlink(struct dentr
return 0;
return call_int_hook(inode_readlink, 0, dentry);
}
@@ -420,7 +384,7 @@ index 4bf0f57..b30d1e1 100644
int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
bool rcu)
-@@ -695,6 +702,7 @@ int security_inode_permission(struct inode *inode, int mask)
+@@ -695,6 +702,7 @@ int security_inode_permission(struct ino
return 0;
return call_int_hook(inode_permission, 0, inode, mask);
}
@@ -428,7 +392,7 @@ index 4bf0f57..b30d1e1 100644
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
{
-@@ -866,6 +874,7 @@ int security_file_permission(struct file *file, int mask)
+@@ -866,6 +874,7 @@ int security_file_permission(struct file
return fsnotify_perm(file, mask);
}
@@ -436,7 +400,7 @@ index 4bf0f57..b30d1e1 100644
int security_file_alloc(struct file *file)
{
-@@ -925,6 +934,7 @@ int security_mmap_file(struct file *file, unsigned long prot,
+@@ -925,6 +934,7 @@ int security_mmap_file(struct file *file
return ret;
return ima_file_mmap(file, prot);
}
diff --git a/debian/patches/features/all/rt/mm-memcontrol-do_not_disable_irq.patch b/debian/patches/features/all/rt/mm-memcontrol-do_not_disable_irq.patch
index f791a3b..794b0d7 100644
--- a/debian/patches/features/all/rt/mm-memcontrol-do_not_disable_irq.patch
+++ b/debian/patches/features/all/rt/mm-memcontrol-do_not_disable_irq.patch
@@ -7,6 +7,7 @@ There are a few local_irq_disable() which then take sleeping locks. This
patch converts them local locks.
Signed-off-by: Sebastian Andrzej Siewior <bigeasy at linutronix.de>
+[bwh: Adjust context after 4.14.4]
---
mm/memcontrol.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
@@ -110,7 +111,7 @@ Signed-off-by: Sebastian Andrzej Siewior <bigeasy at linutronix.de>
memcg_check_events(memcg, page);
if (!mem_cgroup_is_root(memcg))
- css_put(&memcg->css);
+ css_put_many(&memcg->css, nr_entries);
+ local_unlock_irqrestore(event_lock, flags);
}
diff --git a/debian/patches/features/all/rt/sched-rt-Simplify-the-IPI-based-RT-balancing-logic.patch b/debian/patches/features/all/rt/sched-rt-Simplify-the-IPI-based-RT-balancing-logic.patch
deleted file mode 100644
index 3179d8a..0000000
--- a/debian/patches/features/all/rt/sched-rt-Simplify-the-IPI-based-RT-balancing-logic.patch
+++ /dev/null
@@ -1,565 +0,0 @@
-From: "Steven Rostedt (Red Hat)" <rostedt at goodmis.org>
-Date: Fri, 6 Oct 2017 14:05:04 -0400
-Subject: [PATCH] sched/rt: Simplify the IPI based RT balancing logic
-Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.14/older/patches-4.14.1-rt3.tar.xz
-
-Upstream commit 4bdced5c9a2922521e325896a7bbbf0132c94e56
-
-When a CPU lowers its priority (schedules out a high priority task for a
-lower priority one), a check is made to see if any other CPU has overloaded
-RT tasks (more than one). It checks the rto_mask to determine this and if so
-it will request to pull one of those tasks to itself if the non running RT
-task is of higher priority than the new priority of the next task to run on
-the current CPU.
-
-When we deal with large number of CPUs, the original pull logic suffered
-from large lock contention on a single CPU run queue, which caused a huge
-latency across all CPUs. This was caused by only having one CPU having
-overloaded RT tasks and a bunch of other CPUs lowering their priority. To
-solve this issue, commit:
-
- b6366f048e0c ("sched/rt: Use IPI to trigger RT task push migration instead of pulling")
-
-changed the way to request a pull. Instead of grabbing the lock of the
-overloaded CPU's runqueue, it simply sent an IPI to that CPU to do the work.
-
-Although the IPI logic worked very well in removing the large latency build
-up, it still could suffer from a large number of IPIs being sent to a single
-CPU. On a 80 CPU box, I measured over 200us of processing IPIs. Worse yet,
-when I tested this on a 120 CPU box, with a stress test that had lots of
-RT tasks scheduling on all CPUs, it actually triggered the hard lockup
-detector! One CPU had so many IPIs sent to it, and due to the restart
-mechanism that is triggered when the source run queue has a priority status
-change, the CPU spent minutes! processing the IPIs.
-
-Thinking about this further, I realized there's no reason for each run queue
-to send its own IPI. As all CPUs with overloaded tasks must be scanned
-regardless if there's one or many CPUs lowering their priority, because
-there's no current way to find the CPU with the highest priority task that
-can schedule to one of these CPUs, there really only needs to be one IPI
-being sent around at a time.
-
-This greatly simplifies the code!
-
-The new approach is to have each root domain have its own irq work, as the
-rto_mask is per root domain. The root domain has the following fields
-attached to it:
-
- rto_push_work - the irq work to process each CPU set in rto_mask
- rto_lock - the lock to protect some of the other rto fields
- rto_loop_start - an atomic that keeps contention down on rto_lock
- the first CPU scheduling in a lower priority task
- is the one to kick off the process.
- rto_loop_next - an atomic that gets incremented for each CPU that
- schedules in a lower priority task.
- rto_loop - a variable protected by rto_lock that is used to
- compare against rto_loop_next
- rto_cpu - The cpu to send the next IPI to, also protected by
- the rto_lock.
-
-When a CPU schedules in a lower priority task and wants to make sure
-overloaded CPUs know about it. It increments the rto_loop_next. Then it
-atomically sets rto_loop_start with a cmpxchg. If the old value is not "0",
-then it is done, as another CPU is kicking off the IPI loop. If the old
-value is "0", then it will take the rto_lock to synchronize with a possible
-IPI being sent around to the overloaded CPUs.
-
-If rto_cpu is greater than or equal to nr_cpu_ids, then there's either no
-IPI being sent around, or one is about to finish. Then rto_cpu is set to the
-first CPU in rto_mask and an IPI is sent to that CPU. If there's no CPUs set
-in rto_mask, then there's nothing to be done.
-
-When the CPU receives the IPI, it will first try to push any RT tasks that is
-queued on the CPU but can't run because a higher priority RT task is
-currently running on that CPU.
-
-Then it takes the rto_lock and looks for the next CPU in the rto_mask. If it
-finds one, it simply sends an IPI to that CPU and the process continues.
-
-If there's no more CPUs in the rto_mask, then rto_loop is compared with
-rto_loop_next. If they match, everything is done and the process is over. If
-they do not match, then a CPU scheduled in a lower priority task as the IPI
-was being passed around, and the process needs to start again. The first CPU
-in rto_mask is sent the IPI.
-
-This change removes this duplication of work in the IPI logic, and greatly
-lowers the latency caused by the IPIs. This removed the lockup happening on
-the 120 CPU machine. It also simplifies the code tremendously. What else
-could anyone ask for?
-
-Thanks to Peter Zijlstra for simplifying the rto_loop_start atomic logic and
-supplying me with the rto_start_trylock() and rto_start_unlock() helper
-functions.
-
-Signed-off-by: Steven Rostedt (VMware) <rostedt at goodmis.org>
-Signed-off-by: Peter Zijlstra (Intel) <peterz at infradead.org>
-Cc: Clark Williams <williams at redhat.com>
-Cc: Daniel Bristot de Oliveira <bristot at redhat.com>
-Cc: John Kacur <jkacur at redhat.com>
-Cc: Linus Torvalds <torvalds at linux-foundation.org>
-Cc: Mike Galbraith <efault at gmx.de>
-Cc: Peter Zijlstra <peterz at infradead.org>
-Cc: Scott Wood <swood at redhat.com>
-Cc: Thomas Gleixner <tglx at linutronix.de>
-Link: http://lkml.kernel.org/r/20170424114732.1aac6dc4@gandalf.local.home
-Signed-off-by: Ingo Molnar <mingo at kernel.org>
-Signed-off-by: Sebastian Andrzej Siewior <bigeasy at linutronix.de>
----
- kernel/sched/rt.c | 316 +++++++++++++++++-------------------------------
- kernel/sched/sched.h | 24 ++-
- kernel/sched/topology.c | 6
- 3 files changed, 138 insertions(+), 208 deletions(-)
-
---- a/kernel/sched/rt.c
-+++ b/kernel/sched/rt.c
-@@ -74,10 +74,6 @@ static void start_rt_bandwidth(struct rt
- raw_spin_unlock(&rt_b->rt_runtime_lock);
- }
-
--#if defined(CONFIG_SMP) && defined(HAVE_RT_PUSH_IPI)
--static void push_irq_work_func(struct irq_work *work);
--#endif
--
- void init_rt_rq(struct rt_rq *rt_rq)
- {
- struct rt_prio_array *array;
-@@ -97,13 +93,6 @@ void init_rt_rq(struct rt_rq *rt_rq)
- rt_rq->rt_nr_migratory = 0;
- rt_rq->overloaded = 0;
- plist_head_init(&rt_rq->pushable_tasks);
--
--#ifdef HAVE_RT_PUSH_IPI
-- rt_rq->push_flags = 0;
-- rt_rq->push_cpu = nr_cpu_ids;
-- raw_spin_lock_init(&rt_rq->push_lock);
-- init_irq_work(&rt_rq->push_work, push_irq_work_func);
--#endif
- #endif /* CONFIG_SMP */
- /* We start is dequeued state, because no RT tasks are queued */
- rt_rq->rt_queued = 0;
-@@ -1876,241 +1865,166 @@ static void push_rt_tasks(struct rq *rq)
- }
-
- #ifdef HAVE_RT_PUSH_IPI
-+
- /*
-- * The search for the next cpu always starts at rq->cpu and ends
-- * when we reach rq->cpu again. It will never return rq->cpu.
-- * This returns the next cpu to check, or nr_cpu_ids if the loop
-- * is complete.
-+ * When a high priority task schedules out from a CPU and a lower priority
-+ * task is scheduled in, a check is made to see if there's any RT tasks
-+ * on other CPUs that are waiting to run because a higher priority RT task
-+ * is currently running on its CPU. In this case, the CPU with multiple RT
-+ * tasks queued on it (overloaded) needs to be notified that a CPU has opened
-+ * up that may be able to run one of its non-running queued RT tasks.
-+ *
-+ * All CPUs with overloaded RT tasks need to be notified as there is currently
-+ * no way to know which of these CPUs have the highest priority task waiting
-+ * to run. Instead of trying to take a spinlock on each of these CPUs,
-+ * which has shown to cause large latency when done on machines with many
-+ * CPUs, sending an IPI to the CPUs to have them push off the overloaded
-+ * RT tasks waiting to run.
-+ *
-+ * Just sending an IPI to each of the CPUs is also an issue, as on large
-+ * count CPU machines, this can cause an IPI storm on a CPU, especially
-+ * if its the only CPU with multiple RT tasks queued, and a large number
-+ * of CPUs scheduling a lower priority task at the same time.
-+ *
-+ * Each root domain has its own irq work function that can iterate over
-+ * all CPUs with RT overloaded tasks. Since all CPUs with overloaded RT
-+ * tassk must be checked if there's one or many CPUs that are lowering
-+ * their priority, there's a single irq work iterator that will try to
-+ * push off RT tasks that are waiting to run.
-+ *
-+ * When a CPU schedules a lower priority task, it will kick off the
-+ * irq work iterator that will jump to each CPU with overloaded RT tasks.
-+ * As it only takes the first CPU that schedules a lower priority task
-+ * to start the process, the rto_start variable is incremented and if
-+ * the atomic result is one, then that CPU will try to take the rto_lock.
-+ * This prevents high contention on the lock as the process handles all
-+ * CPUs scheduling lower priority tasks.
-+ *
-+ * All CPUs that are scheduling a lower priority task will increment the
-+ * rt_loop_next variable. This will make sure that the irq work iterator
-+ * checks all RT overloaded CPUs whenever a CPU schedules a new lower
-+ * priority task, even if the iterator is in the middle of a scan. Incrementing
-+ * the rt_loop_next will cause the iterator to perform another scan.
- *
-- * rq->rt.push_cpu holds the last cpu returned by this function,
-- * or if this is the first instance, it must hold rq->cpu.
- */
- static int rto_next_cpu(struct rq *rq)
- {
-- int prev_cpu = rq->rt.push_cpu;
-+ struct root_domain *rd = rq->rd;
-+ int next;
- int cpu;
-
-- cpu = cpumask_next(prev_cpu, rq->rd->rto_mask);
--
- /*
-- * If the previous cpu is less than the rq's CPU, then it already
-- * passed the end of the mask, and has started from the beginning.
-- * We end if the next CPU is greater or equal to rq's CPU.
-+ * When starting the IPI RT pushing, the rto_cpu is set to -1,
-+ * rt_next_cpu() will simply return the first CPU found in
-+ * the rto_mask.
-+ *
-+ * If rto_next_cpu() is called with rto_cpu is a valid cpu, it
-+ * will return the next CPU found in the rto_mask.
-+ *
-+ * If there are no more CPUs left in the rto_mask, then a check is made
-+ * against rto_loop and rto_loop_next. rto_loop is only updated with
-+ * the rto_lock held, but any CPU may increment the rto_loop_next
-+ * without any locking.
- */
-- if (prev_cpu < rq->cpu) {
-- if (cpu >= rq->cpu)
-- return nr_cpu_ids;
-+ for (;;) {
-
-- } else if (cpu >= nr_cpu_ids) {
-- /*
-- * We passed the end of the mask, start at the beginning.
-- * If the result is greater or equal to the rq's CPU, then
-- * the loop is finished.
-- */
-- cpu = cpumask_first(rq->rd->rto_mask);
-- if (cpu >= rq->cpu)
-- return nr_cpu_ids;
-- }
-- rq->rt.push_cpu = cpu;
-+ /* When rto_cpu is -1 this acts like cpumask_first() */
-+ cpu = cpumask_next(rd->rto_cpu, rd->rto_mask);
-
-- /* Return cpu to let the caller know if the loop is finished or not */
-- return cpu;
--}
-+ rd->rto_cpu = cpu;
-
--static int find_next_push_cpu(struct rq *rq)
--{
-- struct rq *next_rq;
-- int cpu;
-+ if (cpu < nr_cpu_ids)
-+ return cpu;
-
-- while (1) {
-- cpu = rto_next_cpu(rq);
-- if (cpu >= nr_cpu_ids)
-- break;
-- next_rq = cpu_rq(cpu);
-+ rd->rto_cpu = -1;
-+
-+ /*
-+ * ACQUIRE ensures we see the @rto_mask changes
-+ * made prior to the @next value observed.
-+ *
-+ * Matches WMB in rt_set_overload().
-+ */
-+ next = atomic_read_acquire(&rd->rto_loop_next);
-
-- /* Make sure the next rq can push to this rq */
-- if (next_rq->rt.highest_prio.next < rq->rt.highest_prio.curr)
-+ if (rd->rto_loop == next)
- break;
-+
-+ rd->rto_loop = next;
- }
-
-- return cpu;
-+ return -1;
- }
-
--#define RT_PUSH_IPI_EXECUTING 1
--#define RT_PUSH_IPI_RESTART 2
-+static inline bool rto_start_trylock(atomic_t *v)
-+{
-+ return !atomic_cmpxchg_acquire(v, 0, 1);
-+}
-
--/*
-- * When a high priority task schedules out from a CPU and a lower priority
-- * task is scheduled in, a check is made to see if there's any RT tasks
-- * on other CPUs that are waiting to run because a higher priority RT task
-- * is currently running on its CPU. In this case, the CPU with multiple RT
-- * tasks queued on it (overloaded) needs to be notified that a CPU has opened
-- * up that may be able to run one of its non-running queued RT tasks.
-- *
-- * On large CPU boxes, there's the case that several CPUs could schedule
-- * a lower priority task at the same time, in which case it will look for
-- * any overloaded CPUs that it could pull a task from. To do this, the runqueue
-- * lock must be taken from that overloaded CPU. Having 10s of CPUs all fighting
-- * for a single overloaded CPU's runqueue lock can produce a large latency.
-- * (This has actually been observed on large boxes running cyclictest).
-- * Instead of taking the runqueue lock of the overloaded CPU, each of the
-- * CPUs that scheduled a lower priority task simply sends an IPI to the
-- * overloaded CPU. An IPI is much cheaper than taking an runqueue lock with
-- * lots of contention. The overloaded CPU will look to push its non-running
-- * RT task off, and if it does, it can then ignore the other IPIs coming
-- * in, and just pass those IPIs off to any other overloaded CPU.
-- *
-- * When a CPU schedules a lower priority task, it only sends an IPI to
-- * the "next" CPU that has overloaded RT tasks. This prevents IPI storms,
-- * as having 10 CPUs scheduling lower priority tasks and 10 CPUs with
-- * RT overloaded tasks, would cause 100 IPIs to go out at once.
-- *
-- * The overloaded RT CPU, when receiving an IPI, will try to push off its
-- * overloaded RT tasks and then send an IPI to the next CPU that has
-- * overloaded RT tasks. This stops when all CPUs with overloaded RT tasks
-- * have completed. Just because a CPU may have pushed off its own overloaded
-- * RT task does not mean it should stop sending the IPI around to other
-- * overloaded CPUs. There may be another RT task waiting to run on one of
-- * those CPUs that are of higher priority than the one that was just
-- * pushed.
-- *
-- * An optimization that could possibly be made is to make a CPU array similar
-- * to the cpupri array mask of all running RT tasks, but for the overloaded
-- * case, then the IPI could be sent to only the CPU with the highest priority
-- * RT task waiting, and that CPU could send off further IPIs to the CPU with
-- * the next highest waiting task. Since the overloaded case is much less likely
-- * to happen, the complexity of this implementation may not be worth it.
-- * Instead, just send an IPI around to all overloaded CPUs.
-- *
-- * The rq->rt.push_flags holds the status of the IPI that is going around.
-- * A run queue can only send out a single IPI at a time. The possible flags
-- * for rq->rt.push_flags are:
-- *
-- * (None or zero): No IPI is going around for the current rq
-- * RT_PUSH_IPI_EXECUTING: An IPI for the rq is being passed around
-- * RT_PUSH_IPI_RESTART: The priority of the running task for the rq
-- * has changed, and the IPI should restart
-- * circulating the overloaded CPUs again.
-- *
-- * rq->rt.push_cpu contains the CPU that is being sent the IPI. It is updated
-- * before sending to the next CPU.
-- *
-- * Instead of having all CPUs that schedule a lower priority task send
-- * an IPI to the same "first" CPU in the RT overload mask, they send it
-- * to the next overloaded CPU after their own CPU. This helps distribute
-- * the work when there's more than one overloaded CPU and multiple CPUs
-- * scheduling in lower priority tasks.
-- *
-- * When a rq schedules a lower priority task than what was currently
-- * running, the next CPU with overloaded RT tasks is examined first.
-- * That is, if CPU 1 and 5 are overloaded, and CPU 3 schedules a lower
-- * priority task, it will send an IPI first to CPU 5, then CPU 5 will
-- * send to CPU 1 if it is still overloaded. CPU 1 will clear the
-- * rq->rt.push_flags if RT_PUSH_IPI_RESTART is not set.
-- *
-- * The first CPU to notice IPI_RESTART is set, will clear that flag and then
-- * send an IPI to the next overloaded CPU after the rq->cpu and not the next
-- * CPU after push_cpu. That is, if CPU 1, 4 and 5 are overloaded when CPU 3
-- * schedules a lower priority task, and the IPI_RESTART gets set while the
-- * handling is being done on CPU 5, it will clear the flag and send it back to
-- * CPU 4 instead of CPU 1.
-- *
-- * Note, the above logic can be disabled by turning off the sched_feature
-- * RT_PUSH_IPI. Then the rq lock of the overloaded CPU will simply be
-- * taken by the CPU requesting a pull and the waiting RT task will be pulled
-- * by that CPU. This may be fine for machines with few CPUs.
-- */
--static void tell_cpu_to_push(struct rq *rq)
-+static inline void rto_start_unlock(atomic_t *v)
- {
-- int cpu;
-+ atomic_set_release(v, 0);
-+}
-
-- if (rq->rt.push_flags & RT_PUSH_IPI_EXECUTING) {
-- raw_spin_lock(&rq->rt.push_lock);
-- /* Make sure it's still executing */
-- if (rq->rt.push_flags & RT_PUSH_IPI_EXECUTING) {
-- /*
-- * Tell the IPI to restart the loop as things have
-- * changed since it started.
-- */
-- rq->rt.push_flags |= RT_PUSH_IPI_RESTART;
-- raw_spin_unlock(&rq->rt.push_lock);
-- return;
-- }
-- raw_spin_unlock(&rq->rt.push_lock);
-- }
-+static void tell_cpu_to_push(struct rq *rq)
-+{
-+ int cpu = -1;
-
-- /* When here, there's no IPI going around */
-+ /* Keep the loop going if the IPI is currently active */
-+ atomic_inc(&rq->rd->rto_loop_next);
-
-- rq->rt.push_cpu = rq->cpu;
-- cpu = find_next_push_cpu(rq);
-- if (cpu >= nr_cpu_ids)
-+ /* Only one CPU can initiate a loop at a time */
-+ if (!rto_start_trylock(&rq->rd->rto_loop_start))
- return;
-
-- rq->rt.push_flags = RT_PUSH_IPI_EXECUTING;
-+ raw_spin_lock(&rq->rd->rto_lock);
-
-- irq_work_queue_on(&rq->rt.push_work, cpu);
-+ /*
-+ * The rto_cpu is updated under the lock, if it has a valid cpu
-+ * then the IPI is still running and will continue due to the
-+ * update to loop_next, and nothing needs to be done here.
-+ * Otherwise it is finishing up and an ipi needs to be sent.
-+ */
-+ if (rq->rd->rto_cpu < 0)
-+ cpu = rto_next_cpu(rq);
-+
-+ raw_spin_unlock(&rq->rd->rto_lock);
-+
-+ rto_start_unlock(&rq->rd->rto_loop_start);
-+
-+ if (cpu >= 0)
-+ irq_work_queue_on(&rq->rd->rto_push_work, cpu);
- }
-
- /* Called from hardirq context */
--static void try_to_push_tasks(void *arg)
-+void rto_push_irq_work_func(struct irq_work *work)
- {
-- struct rt_rq *rt_rq = arg;
-- struct rq *rq, *src_rq;
-- int this_cpu;
-+ struct rq *rq;
- int cpu;
-
-- this_cpu = rt_rq->push_cpu;
-+ rq = this_rq();
-
-- /* Paranoid check */
-- BUG_ON(this_cpu != smp_processor_id());
--
-- rq = cpu_rq(this_cpu);
-- src_rq = rq_of_rt_rq(rt_rq);
--
--again:
-+ /*
-+ * We do not need to grab the lock to check for has_pushable_tasks.
-+ * When it gets updated, a check is made if a push is possible.
-+ */
- if (has_pushable_tasks(rq)) {
- raw_spin_lock(&rq->lock);
-- push_rt_task(rq);
-+ push_rt_tasks(rq);
- raw_spin_unlock(&rq->lock);
- }
-
-- /* Pass the IPI to the next rt overloaded queue */
-- raw_spin_lock(&rt_rq->push_lock);
-- /*
-- * If the source queue changed since the IPI went out,
-- * we need to restart the search from that CPU again.
-- */
-- if (rt_rq->push_flags & RT_PUSH_IPI_RESTART) {
-- rt_rq->push_flags &= ~RT_PUSH_IPI_RESTART;
-- rt_rq->push_cpu = src_rq->cpu;
-- }
-+ raw_spin_lock(&rq->rd->rto_lock);
-
-- cpu = find_next_push_cpu(src_rq);
-+ /* Pass the IPI to the next rt overloaded queue */
-+ cpu = rto_next_cpu(rq);
-
-- if (cpu >= nr_cpu_ids)
-- rt_rq->push_flags &= ~RT_PUSH_IPI_EXECUTING;
-- raw_spin_unlock(&rt_rq->push_lock);
-+ raw_spin_unlock(&rq->rd->rto_lock);
-
-- if (cpu >= nr_cpu_ids)
-+ if (cpu < 0)
- return;
-
-- /*
-- * It is possible that a restart caused this CPU to be
-- * chosen again. Don't bother with an IPI, just see if we
-- * have more to push.
-- */
-- if (unlikely(cpu == rq->cpu))
-- goto again;
--
- /* Try the next RT overloaded CPU */
-- irq_work_queue_on(&rt_rq->push_work, cpu);
--}
--
--static void push_irq_work_func(struct irq_work *work)
--{
-- struct rt_rq *rt_rq = container_of(work, struct rt_rq, push_work);
--
-- try_to_push_tasks(rt_rq);
-+ irq_work_queue_on(&rq->rd->rto_push_work, cpu);
- }
- #endif /* HAVE_RT_PUSH_IPI */
-
---- a/kernel/sched/sched.h
-+++ b/kernel/sched/sched.h
-@@ -502,7 +502,7 @@ static inline int rt_bandwidth_enabled(v
- }
-
- /* RT IPI pull logic requires IRQ_WORK */
--#ifdef CONFIG_IRQ_WORK
-+#if defined(CONFIG_IRQ_WORK) && defined(CONFIG_SMP)
- # define HAVE_RT_PUSH_IPI
- #endif
-
-@@ -524,12 +524,6 @@ struct rt_rq {
- unsigned long rt_nr_total;
- int overloaded;
- struct plist_head pushable_tasks;
--#ifdef HAVE_RT_PUSH_IPI
-- int push_flags;
-- int push_cpu;
-- struct irq_work push_work;
-- raw_spinlock_t push_lock;
--#endif
- #endif /* CONFIG_SMP */
- int rt_queued;
-
-@@ -638,6 +632,19 @@ struct root_domain {
- struct dl_bw dl_bw;
- struct cpudl cpudl;
-
-+#ifdef HAVE_RT_PUSH_IPI
-+ /*
-+ * For IPI pull requests, loop across the rto_mask.
-+ */
-+ struct irq_work rto_push_work;
-+ raw_spinlock_t rto_lock;
-+ /* These are only updated and read within rto_lock */
-+ int rto_loop;
-+ int rto_cpu;
-+ /* These atomics are updated outside of a lock */
-+ atomic_t rto_loop_next;
-+ atomic_t rto_loop_start;
-+#endif
- /*
- * The "RT overload" flag: it gets set if a CPU has more than
- * one runnable RT task.
-@@ -655,6 +662,9 @@ extern void init_defrootdomain(void);
- extern int sched_init_domains(const struct cpumask *cpu_map);
- extern void rq_attach_root(struct rq *rq, struct root_domain *rd);
-
-+#ifdef HAVE_RT_PUSH_IPI
-+extern void rto_push_irq_work_func(struct irq_work *work);
-+#endif
- #endif /* CONFIG_SMP */
-
- /*
---- a/kernel/sched/topology.c
-+++ b/kernel/sched/topology.c
-@@ -269,6 +269,12 @@ static int init_rootdomain(struct root_d
- if (!zalloc_cpumask_var(&rd->rto_mask, GFP_KERNEL))
- goto free_dlo_mask;
-
-+#ifdef HAVE_RT_PUSH_IPI
-+ rd->rto_cpu = -1;
-+ raw_spin_lock_init(&rd->rto_lock);
-+ init_irq_work(&rd->rto_push_work, rto_push_irq_work_func);
-+#endif
-+
- init_dl_bw(&rd->dl_bw);
- if (cpudl_init(&rd->cpudl) != 0)
- goto free_rto_mask;
diff --git a/debian/patches/series b/debian/patches/series
index 944b2b3..ed8e850 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -80,7 +80,6 @@ bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch
bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch
bugfix/all/i40e-i40evf-organize-and-re-number-feature-flags.patch
bugfix/all/i40e-fix-flags-declaration.patch
-bugfix/all/apparmor-fix-oops-in-audit_signal_cb-hook.patch
bugfix/all/xen-time-do-not-decrease-steal-time-after-live-migra.patch
# Miscellaneous features
@@ -117,10 +116,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
# Security fixes
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
-bugfix/all/media-cx231xx-cards-fix-null-deref-on-missing-associ.patch
-bugfix/all/media-dvb-core-always-call-invoke_release-in-fe_free.patch
-bugfix/all/dvb_frontend-don-t-use-after-free-the-frontend-struc.patch
-bugfix/all/mm-thp-Do-not-make-page-table-dirty-unconditionally-.patch
# Fix exported symbol versions
bugfix/all/module-disable-matching-missing-version-crc.patch
diff --git a/debian/patches/series-rt b/debian/patches/series-rt
index 3f3883d..473aa73 100644
--- a/debian/patches/series-rt
+++ b/debian/patches/series-rt
@@ -6,7 +6,6 @@
# UPSTREAM changes queued
############################################################
features/all/rt/rcu-Suppress-lockdep-false-positive-boost_mtx-compla.patch
-features/all/rt/sched-rt-Simplify-the-IPI-based-RT-balancing-logic.patch
############################################################
# UPSTREAM FIXES, patches pending
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list