- 14 May, 2019 5 commits
-
-
Joseph Qi authored
I have been contributing and reviewing to the ocfs2 filesystem for recent years and I'm willing to continue doing so. Volunteer as a co-maintainer for ocfs2 filesystem. Link: http://lkml.kernel.org/r/f56d75b3-2be5-25c2-51f2-c3f5423d4f14@gmail.comSigned-off-by: Joseph Qi <joseph.qi@linux.alibaba.com> Acked-by: Andrew Morton <akpm@linux-foundation.org> Reviewed-by: Mark Fasheh <mfasheh@suse.com> Cc: piaojun <piaojun@huawei.com> Cc: "Gang He" <ghe@suse.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Joseph Qi <jiangqi903@gmail.com> Cc: Changwei Ge <gechangwei@live.cn> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Sabyasachi Gupta authored
Remove linux/irq.h which is included more than once. Link: http://lkml.kernel.org/r/5c8682ef.1c69fb81.5a1ea.2e7f@mx.google.comSigned-off-by: Sabyasachi Gupta <sabyasachi.linux@gmail.com> Acked-by: Souptick Joarder <jrdr.linux@gmail.com> Cc: Yoshinori Sato <ysato@users.sourceforge.jp> Cc: Rich Felker <dalias@libc.org> Cc: Mukesh Ojha <mojha@codeaurora.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Cyrill Gorcunov authored
While validating new map we require the @start_data to be strictly less than @end_data, which is fine for regular applications (this is why this nit didn't trigger for that long). These members are set from executable loaders such as elf handers, still it is pretty valid to have a loadable data section with zero size in file, in such case the start_data is equal to end_data once kernel loader finishes. As a result when we're trying to restore such programs the procedure fails and the kernel returns -EINVAL. From the image dump of a program: | "mm_start_code": "0x400000", | "mm_end_code": "0x8f5fb4", | "mm_start_data": "0xf1bfb0", | "mm_end_data": "0xf1bfb0", Thus we need to change validate_prctl_map from strictly less to less or equal operator use. Link: http://lkml.kernel.org/r/20190408143554.GY1421@uranus.lan Fixes: f606b77f ("prctl: PR_SET_MM -- introduce PR_SET_MM_MAP operation") Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> Cc: Andrey Vagin <avagin@gmail.com> Cc: Dmitry Safonov <0x7f454c46@gmail.com> Cc: Pavel Emelyanov <xemul@virtuozzo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Kai Shen authored
spinlock recursion happened when do LTP test: #!/bin/bash ./runltp -p -f hugetlb & ./runltp -p -f hugetlb & ./runltp -p -f hugetlb & ./runltp -p -f hugetlb & ./runltp -p -f hugetlb & The dtor returned by get_compound_page_dtor in __put_compound_page may be the function of free_huge_page which will lock the hugetlb_lock, so don't put_page in lock of hugetlb_lock. BUG: spinlock recursion on CPU#0, hugemmap05/1079 lock: hugetlb_lock+0x0/0x18, .magic: dead4ead, .owner: hugemmap05/1079, .owner_cpu: 0 Call trace: dump_backtrace+0x0/0x198 show_stack+0x24/0x30 dump_stack+0xa4/0xcc spin_dump+0x84/0xa8 do_raw_spin_lock+0xd0/0x108 _raw_spin_lock+0x20/0x30 free_huge_page+0x9c/0x260 __put_compound_page+0x44/0x50 __put_page+0x2c/0x60 alloc_surplus_huge_page.constprop.19+0xf0/0x140 hugetlb_acct_memory+0x104/0x378 hugetlb_reserve_pages+0xe0/0x250 hugetlbfs_file_mmap+0xc0/0x140 mmap_region+0x3e8/0x5b0 do_mmap+0x280/0x460 vm_mmap_pgoff+0xf4/0x128 ksys_mmap_pgoff+0xb4/0x258 __arm64_sys_mmap+0x34/0x48 el0_svc_common+0x78/0x130 el0_svc_handler+0x38/0x78 el0_svc+0x8/0xc Link: http://lkml.kernel.org/r/b8ade452-2d6b-0372-32c2-703644032b47@huawei.com Fixes: 9980d744 ("mm, hugetlb: get rid of surplus page accounting tricks") Signed-off-by: Kai Shen <shenkai8@huawei.com> Signed-off-by: Feilong Lin <linfeilong@huawei.com> Reported-by: Wang Wang <wangwang2@huawei.com> Reviewed-by: Oscar Salvador <osalvador@suse.de> Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: Michal Hocko <mhocko@suse.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Dan Williams authored
Starting with c6f3c5ee ("mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd()") vmf_insert_pfn_pmd() internally calls pmdp_set_access_flags(). That helper enforces a pmd aligned @address argument via VM_BUG_ON() assertion. Update the implementation to take a 'struct vm_fault' argument directly and apply the address alignment fixup internally to fix crash signatures like: kernel BUG at arch/x86/mm/pgtable.c:515! invalid opcode: 0000 [#1] SMP NOPTI CPU: 51 PID: 43713 Comm: java Tainted: G OE 4.19.35 #1 [..] RIP: 0010:pmdp_set_access_flags+0x48/0x50 [..] Call Trace: vmf_insert_pfn_pmd+0x198/0x350 dax_iomap_fault+0xe82/0x1190 ext4_dax_huge_fault+0x103/0x1f0 ? __switch_to_asm+0x40/0x70 __handle_mm_fault+0x3f6/0x1370 ? __switch_to_asm+0x34/0x70 ? __switch_to_asm+0x40/0x70 handle_mm_fault+0xda/0x200 __do_page_fault+0x249/0x4f0 do_page_fault+0x32/0x110 ? page_fault+0x8/0x30 page_fault+0x1e/0x30 Link: http://lkml.kernel.org/r/155741946350.372037.11148198430068238140.stgit@dwillia2-desk3.amr.corp.intel.com Fixes: c6f3c5ee ("mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd()") Signed-off-by: Dan Williams <dan.j.williams@intel.com> Reported-by: Piotr Balcer <piotr.balcer@intel.com> Tested-by: Yan Ma <yan.ma@intel.com> Tested-by: Pankaj Gupta <pagupta@redhat.com> Reviewed-by: Matthew Wilcox <willy@infradead.org> Reviewed-by: Jan Kara <jack@suse.cz> Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com> Cc: Chandan Rajendra <chandan@linux.ibm.com> Cc: Souptick Joarder <jrdr.linux@gmail.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
- 13 May, 2019 2 commits
-
-
ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/joro/iommuLinus Torvalds authored
Pull IOMMU updates from Joerg Roedel: - ATS support for ARM-SMMU-v3. - AUX domain support in the IOMMU-API and the Intel VT-d driver. This adds support for multiple DMA address spaces per (PCI-)device. The use-case is to multiplex devices between host and KVM guests in a more flexible way than supported by SR-IOV. - the rest are smaller cleanups and fixes, two of which needed to be reverted after testing in linux-next. * tag 'iommu-updates-v5.2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/joro/iommu: (45 commits) Revert "iommu/amd: Flush not present cache in iommu_map_page" Revert "iommu/amd: Remove the leftover of bypass support" iommu/vt-d: Fix leak in intel_pasid_alloc_table on error path iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU iommu/vt-d: Set intel_iommu_gfx_mapped correctly iommu/amd: Flush not present cache in iommu_map_page iommu/vt-d: Cleanup: no spaces at the start of a line iommu/vt-d: Don't request page request irq under dmar_global_lock iommu/vt-d: Use struct_size() helper iommu/mediatek: Fix leaked of_node references iommu/amd: Remove amd_iommu_pd_list iommu/arm-smmu: Log CBFRSYNRA register on context fault iommu/arm-smmu-v3: Don't disable SMMU in kdump kernel iommu/arm-smmu-v3: Disable tagged pointers iommu/arm-smmu-v3: Add support for PCI ATS iommu/arm-smmu-v3: Link domains and devices iommu/arm-smmu-v3: Add a master->domain pointer iommu/arm-smmu-v3: Store SteamIDs in master iommu/arm-smmu-v3: Rename arm_smmu_master_data to arm_smmu_master ACPI/IORT: Check ATS capability in root complex nodes ...
-
git://www.linux-watchdog.org/linux-watchdogLinus Torvalds authored
Pull watchdog updates from Wim Van Sebroeck: - a new watchdog driver for the ROHM BD70528 watchdog block - a new watchdog driver for the i.MX system controller watchdog - conversions to use device managed functions and other improvements - refactor watchdog_init_timeout - make watchdog core configurable as module - pretimeout governors improvements - a lot of other fixes * tag 'linux-watchdog-5.2-rc1' of git://www.linux-watchdog.org/linux-watchdog: (114 commits) watchdog: Enforce that at least one pretimeout governor is enabled watchdog: stm32: add dynamic prescaler support watchdog: Improve Kconfig entry ordering and dependencies watchdog: npcm: Enable modular builds watchdog: Make watchdog core configurable as module watchdog: Move pretimeout governor configuration up watchdog: Use depends instead of select for pretimeout governors watchdog: rtd119x: drop unused module.h include watchdog: intel_scu: make it explicitly non-modular watchdog: coh901327: make it explicitly non-modular watchdog: ziirave_wdt: drop warning after calling watchdog_init_timeout watchdog: xen_wdt: drop warning after calling watchdog_init_timeout watchdog: stm32_iwdg: drop warning after calling watchdog_init_timeout watchdog: st_lpc_wdt: drop warning after calling watchdog_init_timeout watchdog: sp5100_tco: drop warning after calling watchdog_init_timeout watchdog: renesas_wdt: drop warning after calling watchdog_init_timeout watchdog: nic7018_wdt: drop warning after calling watchdog_init_timeout watchdog: ni903x_wdt: drop warning after calling watchdog_init_timeout watchdog: imx_sc_wdt: drop warning after calling watchdog_init_timeout watchdog: i6300esb: drop warning after calling watchdog_init_timeout ...
-
- 12 May, 2019 4 commits
-
-
ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/rw/ubifsLinus Torvalds authored
Pull UBI/UBIFS updates from Richard Weinberger: - fscrypt framework usage updates - One huge fix for xattr unlink - Cleanup of fscrypt ifdefs - Fix for our new UBIFS auth feature * tag 'upstream-5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/rw/ubifs: ubi: wl: Fix uninitialized variable ubifs: Drop unnecessary setting of zbr->znode ubifs: Remove ifdefs around CONFIG_UBIFS_ATIME_SUPPORT ubifs: Remove #ifdef around CONFIG_FS_ENCRYPTION ubifs: Limit number of xattrs per inode ubifs: orphan: Handle xattrs like files ubifs: journal: Handle xattrs like files ubifs: find.c: replace swap function with built-in one ubifs: Do not skip hash checking in data nodes ubifs: work around high stack usage with clang ubifs: remove unused function __ubifs_shash_final ubifs: remove unnecessary #ifdef around fscrypt_ioctl_get_policy() ubifs: remove unnecessary calls to set up directory key
-
ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/mtd/linuxLinus Torvalds authored
Pull MTD updates from Richard Weinberger: "MTD core changes: - New AFS partition parser - Update MAINTAINERS entry - Use of fall-throughs markers NAND core changes: - Support having the bad block markers in either the first, second or last page of a block. The combination of all three location is now possible. - Constification of NAND_OP_PARSER(_PATTERN) elements. - Generic NAND DT bindings changed to yaml format (can be used to check the proposed bindings. First platform to be fully supported: sunxi. - Stopped using several legacy hooks. - Preparation to use the generic NAND layer with the addition of several helpers and the removal of the struct nand_chip from generic functions. - Kconfig cleanup to prepare the introduction of external ECC engines support. - Fallthrough comments. - Introduction of the SPI-mem dirmap API for SPI-NAND devices. Raw NAND controller drivers changes: - nandsim: - Switch to ->exec-op(). - meson: - Misc cleanups and fixes. - New OOB layout. - Sunxi: - A23/A33 NAND DMA support. - Ingenic: - Full reorganization and cleanup. - Clear separation between NAND controller and ECC engine. - Support JZ4740 an JZ4725B. - Denali: - Clear controller/chip separation. - ->exec_op() migration. - Various cleanups. - fsl_elbc: - Enable software ECC support. - Atmel: - Sam9x60 support. - GPMI: - Introduce the GPMI_IS_MXS() macro. - Various trivial/spelling/coding style fixes. SPI NOR core changes: - Print all JEDEC ID bytes on error - Fix comment of spi_nor_find_best_erase_type() - Add region locking flags for s25fl512s SPI NOR controller drivers changes: - intel-spi: - Avoid crossing 4K address boundary on read/write - Add support for Intel Comet Lake SPI serial flash" * tag 'mtd/for-5.2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/mtd/linux: (120 commits) mtd: part: fix incorrect format specifier for an unsigned long long mtd: lpddr_cmds: Mark expected switch fall-through mtd: phram: Mark expected switch fall-throughs mtd: cfi_cmdset_0002: Mark expected switch fall-throughs mtd: cfi_util: mark expected switch fall-throughs MAINTAINERS: MTD Git repository is hosted on kernel.org MAINTAINERS: Update jffs2 entry mtd: afs: add v2 partition parsing mtd: afs: factor the IIS read into partition parser mtd: afs: factor footer parsing into the v1 part parsing mtd: factor out v1 partition parsing mtd: afs: simplify partition detection mtd: afs: simplify partition parsing mtd: partitions: Add OF support to AFS partitions mtd: partitions: Add AFS partitions DT bindings mtd: afs: Move AFS partition parser to parsers subdir mtd: maps: Make uclinux_ram_map static mtd: maps: Allow MTD_PHYSMAP with MTD_RAM MAINTAINERS: Add myself as MTD maintainer MAINTAINERS: Remove my name from the MTD and NAND entries ...
-
ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/rw/umlLinus Torvalds authored
Pull UML updates from Richard Weinberger: - Kconfig cleanups - Fix cpu_all_mask() usage - Various bug fixes * tag 'for-linus-5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/rw/uml: um: irq: don't set the chip for all irqs um: define set_pte_at() as a static inline function, not a macro um: remove uses of variable length arrays um: remove unused variable uml: fix a boot splat wrt use of cpu_all_mask um: Do not unlock mutex that is not hold. hostfs: fix mismatch between link_file definition and declaration arch: um: drivers: Kconfig: pedantic formatting arch: um: Kconfig: pedantic indention cleanups um: Revert to using stack for pt_regs in signal handling
-
Linus Torvalds authored
Merge tag 'tag-chrome-platform-for-v5.2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux Pull chrome platform updates from Benson Leung: "CrOS EC: - Add EC host command support using rpmsg - Add new CrOS USB PD logging driver - Transfer spi messages at high priority - Add support to trace CrOS EC commands - Minor fixes and cleanups in protocol and debugfs Wilco EC: - Standardize Wilco EC mailbox interface - Add h1_gpio status to debugfs" * tag 'tag-chrome-platform-for-v5.2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux: platform/chrome: cros_ec_proto: Add trace event to trace EC commands platform/chrome: cros_ec_debugfs: Use cros_ec_cmd_xfer_status helper platform/chrome: cros_ec: Add EC host command support using rpmsg platform/chrome: wilco_ec: Add h1_gpio status to debugfs platform/chrome: wilco_ec: Standardize mailbox interface platform/chrome: cros_ec_proto: check for NULL transfer function platform/chrome: Add CrOS USB PD logging driver platform/chrome: cros_ec_spi: Transfer messages at high priority platform/chrome: cros_ec_debugfs: no need to check return value of debugfs_create functions platform/chrome: cros_ec_debugfs: Remove dev_warn when console log is not supported
-
- 11 May, 2019 4 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpioLinus Torvalds authored
Pull gpio updates from Linus Walleij: "This is the bulk of the GPIO changes for the v5.2 kernel cycle. A bit later than usual because I was ironing out my own mistakes. I'm holding some stuff back for the next kernel as a result, and this should be a healthy and well tested batch. Core changes: - The gpiolib MMIO driver has been enhanced to handle two direction registers, i.e. one register to set lines as input and one register to set lines as output. It turns out some silicon engineer thinks the ability to configure a line as input and output at the same time makes sense, this can be debated but includes a lot of analog electronics reasoning, and the registers are there and need to be handled consistently. Unsurprisingly, we enforce the lines to be either inputs or outputs in such schemes. - Send in the proper argument value to .set_config() dispatched to the pin control subsystem. Nobody used it before, now someone does, so fix it to work as expected. - The ACPI gpiolib portions can now handle pin bias setting (pull up or pull down). This has been in the ACPI spec for years and we finally have it properly integrated with Linux GPIOs. It was based on an observation from Andy Schevchenko that Thomas Petazzoni's changes to the core for biasing the PCA950x GPIO expander actually happen to fit hand-in-glove with what the ACPI core needed. Such nice synergies happen sometimes. New drivers: - A new driver for the Mellanox BlueField GPIO controller. This is using 64bit MMIO registers and can configure lines as inputs and outputs at the same time and after improving the MMIO library we handle it just fine. Interesting. - A new IXP4xx proper gpiochip driver with hierarchical interrupts should be coming in from the ARM SoC tree as well. Driver enhancements: - The PCA053x driver handles the CAT9554 GPIO expander. - The PCA053x driver handles the NXP PCAL6416 GPIO expander. - Wake-up support on PCA053x GPIO lines. - OMAP now does a nice asynchronous IRQ handling on wake-ups by letting everything wake up on edges, and this makes runtime PM work as expected too. Misc: - Several cleanups such as devres fixes. - Get rid of some languager comstructs that cause problems when compiling with LLVMs clang. - Documentation review and update" * tag 'gpio-v5.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: (85 commits) gpio: Update documentation docs: gpio: convert docs to ReST and rename to *.rst gpio: sch: Remove write-only core_base gpio: pxa: Make two symbols static gpiolib: acpi: Respect pin bias setting gpiolib: acpi: Add acpi_gpio_update_gpiod_lookup_flags() helper gpiolib: acpi: Set pin value, based on bias, more accurately gpiolib: acpi: Change type of dflags gpiolib: Introduce GPIO_LOOKUP_FLAGS_DEFAULT gpiolib: Make use of enum gpio_lookup_flags consistent gpiolib: Indent entry values of enum gpio_lookup_flags gpio: pca953x: add support for pca6416 dt-bindings: gpio: pca953x: document the nxp,pca6416 gpio: pca953x: add pcal6416 to the of_device_id table gpio: gpio-omap: Remove conditional pm_runtime handling for GPIO interrupts gpio: gpio-omap: configure edge detection for level IRQs for idle wakeup tracing: stop making gpio tracing configurable gpio: pca953x: Configure wake-up path when wake-up is enabled gpio: of: Optimize quirk checks gpio: mmio: Drop bgpio_dir_inverted ...
-
git://github.com/awilliam/linux-vfioLinus Torvalds authored
Pull VFIO updates from Alex Williamson: - Improve dev_printk() usage (Bjorn Helgaas) - Fix issue with blocking in !TASK_RUNNING state while waiting for userspace to release devices (Farhan Ali) - Fix error path cleanup in nvlink setup (Greg Kurz) - mdev-core cleanups and fixes in preparation for more use cases (Parav Pandit) - Cornelia has volunteered as an official vfio reviewer (Cornelia Huck) * tag 'vfio-v5.2-rc1' of git://github.com/awilliam/linux-vfio: vfio: Add Cornelia Huck as reviewer vfio/mdev: Avoid inline get and put parent helpers vfio/mdev: Fix aborting mdev child device removal if one fails vfio/mdev: Follow correct remove sequence vfio/mdev: Avoid masking error code to EBUSY vfio/mdev: Drop redundant extern for exported symbols vfio/mdev: Removed unused kref vfio/mdev: Avoid release parent reference during error path vfio-pci/nvlink2: Fix potential VMA leak vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING" vfio: Use dev_printk() when possible
-
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-securityLinus Torvalds authored
Pull tomoyo updates from James Morris: "Fixes to enable fuzz testing, and a fix for calculating whether a filesystem is user-modifiable" * 'next-tomoyo2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: tomoyo: Don't emit WARNING: string while fuzzing testing. tomoyo: Change pathname calculation for read-only filesystems. tomoyo: Check address length before reading address family tomoyo: Add a kernel config option for fuzzing testing.
-
git://github.com/jcmvbkbc/linux-xtensaLinus Torvalds authored
Pull xtensa updates from Max Filippov: - implement atomic operations using exclusive access Xtensa option operations - add support for Xtensa cores with memory protection unit (MPU) - clean up xtensa-specific kernel-only headers - fix error path in simdisk_setup * tag 'xtensa-20190510' of git://github.com/jcmvbkbc/linux-xtensa: xtensa: implement initialize_cacheattr for MPU cores xtensa: add exclusive atomics support xtensa: clean up inline assembly in futex.h xtensa: replace variant/core.h with asm/core.h xtensa: drop ifdef __KERNEL__ from kernel-only headers xtensa: set proper error code for simdisk_setup() xtensa: fix incorrect fd close in error case of simdisk_setup()
-
- 10 May, 2019 17 commits
-
-
Tetsuo Handa authored
Commit cff0e6c3ec3e6230 ("tomoyo: Add a kernel config option for fuzzing testing.") enabled the learning mode, but syzkaller is detecting any "WARNING:" string as a crash. Thus, disable TOMOYO's quota warning if built for fuzzing testing. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Cc: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: James Morris <jamorris@linux.microsoft.com>
-
Tetsuo Handa authored
Commit 5625f2e3 ("TOMOYO: Change pathname for non-rename()able filesystems.") intended to be applied to filesystems where the content is not controllable from the userspace (e.g. proc, sysfs, securityfs), based on an assumption that such filesystems do not support rename() operation. But it turned out that read-only filesystems also do not support rename() operation despite the content is controllable from the userspace, and that commit is annoying TOMOYO users who want to use e.g. squashfs as the root filesystem due to use of local name which does not start with '/'. Therefore, based on an assumption that filesystems which require the device argument upon mount() request is an indication that the content is controllable from the userspace, do not use local name if a filesystem does not support rename() operation but requires the device argument upon mount() request. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jamorris@linux.microsoft.com>
-
Tetsuo Handa authored
KMSAN will complain if valid address length passed to bind()/connect()/ sendmsg() is shorter than sizeof("struct sockaddr"->sa_family) bytes. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jamorris@linux.microsoft.com>
-
Tetsuo Handa authored
syzbot is reporting kernel panic triggered by memory allocation fault injection before loading TOMOYO's policy [1]. To make the fuzzing tests useful, we need to assign a profile other than "disabled" (no-op) mode. Therefore, let's allow syzbot to load TOMOYO's built-in policy for "learning" mode using a kernel config option. This option must not be enabled for kernels built for production system, for this option also disables domain/program checks when modifying policy configuration via /sys/kernel/security/tomoyo/ interface. [1] https://syzkaller.appspot.com/bug?extid=29569ed06425fcf67a95Reported-by: syzbot <syzbot+e1b8084e532b6ee7afab@syzkaller.appspotmail.com> Reported-by: syzbot <syzbot+29569ed06425fcf67a95@syzkaller.appspotmail.com> Reported-by: syzbot <syzbot+2ee3f8974c2e7dc69feb@syzkaller.appspotmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jamorris@linux.microsoft.com>
-
git://git.lwn.net/linuxLinus Torvalds authored
Pull more documentation updates from Jonathan Corbet: "Some late arriving documentation changes. In particular, this contains the conversion of the x86 docs to RST, which has been in the works for some time but needed a couple of final tweaks" * tag 'docs-5.2a' of git://git.lwn.net/linux: (29 commits) Documentation: x86: convert x86_64/machinecheck to reST Documentation: x86: convert x86_64/cpu-hotplug-spec to reST Documentation: x86: convert x86_64/fake-numa-for-cpusets to reST Documentation: x86: convert x86_64/5level-paging.txt to reST Documentation: x86: convert x86_64/mm.txt to reST Documentation: x86: convert x86_64/uefi.txt to reST Documentation: x86: convert x86_64/boot-options.txt to reST Documentation: x86: convert i386/IO-APIC.txt to reST Documentation: x86: convert usb-legacy-support.txt to reST Documentation: x86: convert orc-unwinder.txt to reST Documentation: x86: convert resctrl_ui.txt to reST Documentation: x86: convert microcode.txt to reST Documentation: x86: convert pti.txt to reST Documentation: x86: convert amd-memory-encryption.txt to reST Documentation: x86: convert intel_mpx.txt to reST Documentation: x86: convert protection-keys.txt to reST Documentation: x86: convert pat.txt to reST Documentation: x86: convert mtrr.txt to reST Documentation: x86: convert tlb.txt to reST Documentation: x86: convert zero-page.txt to reST ...
-
Linus Torvalds authored
Merge tag 'printk-for-5.2-fixes' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/pmladek/printk Pull printk fixup from Petr Mladek: "Replace the problematic probe_kernel_read() with original simple pointer checks in vsprintf()" * tag 'printk-for-5.2-fixes' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/pmladek/printk: vsprintf: Do not break early boot with probing addresses
-
Linus Torvalds authored
Pull pidfd fixes from Christian Brauner: "This fixes two bugs: - The first one reported by Linus whereby the pidfd-metadata binary was not placed in a .gitignore file. - The second one is rather urgent and fixes a locking issue found by syzkaller. What happened is that during process creation we need to check whether the cgroup we are in allows us to fork. To perform this check the cgroup needs to guard itself against threadgroup changes and takes a lock. Prior to CLONE_PIDFD the cleanup target "bad_fork_free_pid" would also need to release said lock. That's not true anymore since CLONE_PIDFD so this is fixed here. Syzkaller has tested the patch and was not able to reproduce the issue" * tag 'pidfd-fixes-v5.2-rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/brauner/linux: fork: do not release lock that wasn't taken samples: add .gitignore for pidfd-metadata
-
git://git.infradead.org/linux-platform-drivers-x86Linus Torvalds authored
Pull x86 platform driver updates from Andy Shevchenko: "Gathered pile of patches for Platform Drivers x86. No surprises and no merge conflicts. Business as usual. Summary: - New driver of power button for Basin Cove PMIC. - ASUS WMI driver has got a Fn lock mode switch support. - Resolve a never end story with non working Wi-Fi on newer Lenovo Ideapad computers. Now the black list is replaced with white list. - New facility to debug S0ix failures on Intel Atom platforms. The Intel PMC and accompanying drivers are cleaned up. - Mellanox got a new TmFifo driver. Besides tachometer sensor and watchdog are enabled on Mellanox platforms. - The information of embedded controller is now recognized on new Thinkpads. Bluetooth driver on Thinkpads is blacklisted for some models. - Touchscreen DMI driver extended to support 'jumper ezpad 6 pro b' and Myria MY8307 2-in-1. - Additionally few small fixes here and there for WMI and ACPI laptop drivers. - The following is an automated git shortlog grouped by driver: - alienware-wmi: - printing the wrong error code - fix kfree on potentially uninitialized pointer - asus-wmi: - Add fn-lock mode switch support - dell-laptop: - fix rfkill functionality - dell-rbtn: - Add missing #include - ideapad-laptop: - Remove no_hw_rfkill_list - intel_pmc_core: - Allow to dump debug registers on S0ix failure - Convert to a platform_driver - Mark local function static - intel_pmc_ipc: - Don't map non-used optional resources - Apply same width for offset definitions - Use BIT() macro - adding error handling - intel_punit_ipc: - Revert "Fix resource ioremap warning" - mlx-platform: - Add mlx-wdt platform driver activation - Add support for tachometer speed register - Add TmFifo driver for Mellanox BlueField Soc - sony-laptop: - Fix unintentional fall-through - thinkpad_acpi: - cleanup for Thinkpad ACPI led - Mark expected switch fall-throughs - fix spelling mistake "capabilites" -> "capabilities" - Read EC information on newer models - Disable Bluetooth for some machines - touchscreen_dmi: - Add info for 'jumper ezpad 6 pro b' touchscreen - Add info for Myria MY8307 2-in-1" * tag 'platform-drivers-x86-v5.2-1' of git://git.infradead.org/linux-platform-drivers-x86: (26 commits) platform/x86: Add support for Basin Cove power button platform/x86: asus-wmi: Add fn-lock mode switch support platform/x86: ideapad-laptop: Remove no_hw_rfkill_list platform/x86: touchscreen_dmi: Add info for 'jumper ezpad 6 pro b' touchscreen platform/x86: thinkpad_acpi: cleanup for Thinkpad ACPI led platform/x86: thinkpad_acpi: Mark expected switch fall-throughs platform/x86: sony-laptop: Fix unintentional fall-through platform/x86: alienware-wmi: printing the wrong error code platform/x86: intel_pmc_core: Allow to dump debug registers on S0ix failure platform/x86: intel_pmc_core: Convert to a platform_driver platform/x86: mlx-platform: Add mlx-wdt platform driver activation platform/x86: mlx-platform: Add support for tachometer speed register platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc platform/x86: thinkpad_acpi: fix spelling mistake "capabilites" -> "capabilities" platform/x86: intel_punit_ipc: Revert "Fix resource ioremap warning" platform/x86: intel_pmc_ipc: Don't map non-used optional resources platform/x86: intel_pmc_ipc: Apply same width for offset definitions platform/x86: intel_pmc_ipc: Use BIT() macro platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer platform/x86: dell-laptop: fix rfkill functionality ...
-
git://github.com/bzolnier/linuxLinus Torvalds authored
Pull fbdev updates from Bartlomiej Zolnierkiewicz: "Four small fixes for fb core, updates for udlfb, sm712fb, macfb and atafb drivers. Redundant code removals from amba-clcd and atmel_lcdfb drivers. Minor fixes/cleanups for other fb drivers Detailed summary: - fix regression in fbcon logo handling on 'quiet' boots (Andreas Schwab) - fix divide-by-zero error in fb_var_to_videomode() (Shile Zhang) - fix 'WARNING in __alloc_pages_nodemask' bug (Jiufei Xue) - list all PCI memory BARs as conflicting apertures (Gerd Hoffmann) - update udlfb driver: fix sleeping inside spinlock, add mutex around rendering calls and remove redundant code (Mikulas Patocka) - update sm712fb driver: fix SM720 support related issues (Yifeng Li) - update macfb driver: fix DAFB colour table pointer initialization and remove redundant code (Finn Thain) - update atafb driver: fix kexec support, use dev_*() calls instead of printk() and remove obsolete module support (Geert Uytterhoeven) - add support to mxsfb driver for skipping display initialization for flicker-free display takeover from bootloader (Melchior Franz) - remove Versatile and Nomadik board families support from amba-clcd driver as they are handled by DRM driver nowadays (Linus Walleij) - remove no longer needed AVR and platform_data support from atmel_lcdfb driver (Alexandre Belloni) - misc fixes (Colin Ian King, Julia Lawall, Gustavo A. R. Silva, Aditya Pakki, Kangjie Lu, YueHaibing) - misc cleanups (Enrico Weigelt, Kefeng Wang)" * tag 'fbdev-v5.2' of git://github.com/bzolnier/linux: (38 commits) video: fbdev: Use dev_get_drvdata() fbcon: Don't reset logo_shown when logo is currently shown video: fbdev: atmel_lcdfb: remove set but not used variable 'pdata' video: fbdev: mxsfb: remove set but not used variable 'line_count' video: fbdev: pvr2fb: remove set but not used variable 'size' fbdev: fix WARNING in __alloc_pages_nodemask bug video: amba-clcd: Decomission Versatile and Nomadik fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough fbdev: fix divide error in fb_var_to_videomode fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display fbdev: sm712fb: fix support for 1024x768-16 mode fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75 fbdev: sm712fb: fix brightness control on reboot, don't set SR30 fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F video: imsttfb: fix potential NULL pointer dereferences video: hgafb: fix potential NULL pointer dereference fbdev: list all pci memory bars as conflicting apertures ...
-
Linus Torvalds authored
Merge tag 'pwm/for-5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm Pull pwm updates from Thierry Reding: "Nothing out of the ordinary this cycle. The bulk of this is a collection of fixes for existing drivers and some cleanups. There's one new driver for i.MX SoCs and addition of support for some new variants to existing drivers" * tag 'pwm/for-5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm: pwm: meson: Add clock source configuration for Meson G12A dt-bindings: pwm: Update bindings for the Meson G12A Family pwm: samsung: Don't uses devm_*() functions in ->request() pwm: Clear chip_data in pwm_put() pwm: Add i.MX TPM PWM driver support dt-bindings: pwm: Add i.MX TPM PWM binding pwm: imx27: Use devm_platform_ioremap_resource() to simplify code pwm: meson: Use the spin-lock only to protect register modifications pwm: meson: Don't disable PWM when setting duty repeatedly pwm: meson: Consider 128 a valid pre-divider pwm: sysfs: fix typo "its" -> "it's" pwm: tiehrpwm: Enable compilation for ARCH_K3 dt-bindings: pwm: tiehrpwm: Add TI AM654 SoC specific compatible pwm: tiehrpwm: Update shadow register for disabling PWMs pwm: img: Turn final 'else if' into 'else' in img_pwm_config pwm: Fix deadlock warning when removing PWM device
-
git://git.linaro.org/landing-teams/working/fujitsu/integrationLinus Torvalds authored
Pull mailbox updates from Jassi Brar: - New driver: Armada 37xx mailbox controller - Misc: Use devm_ api for imx and platform_get_irq for stm32 * tag 'mailbox-v5.2' of git://git.linaro.org/landing-teams/working/fujitsu/integration: mailbox: Add support for Armada 37xx rWTM mailbox dt-bindings: mailbox: Document armada-3700-rwtm-mailbox binding mailbox: stm32-ipcc: check invalid irq mailbox: imx: use devm_platform_ioremap_resource() to simplify code
-
Petr Mladek authored
The commit 3e5903eb ("vsprintf: Prevent crash when dereferencing invalid pointers") broke boot on several architectures. The common pattern is that probe_kernel_read() is not working during early boot because userspace access framework is not ready. It is a generic problem. We have to avoid any complex external functions in vsprintf() code, especially in the common path. They might break printk() easily and are hard to debug. Replace probe_kernel_read() with some simple checks for obvious problems. Details: 1. Report on Power: Kernel crashes very early during boot with with CONFIG_PPC_KUAP and CONFIG_JUMP_LABEL_FEATURE_CHECK_DEBUG The problem is the combination of some new code called via printk(), check_pointer() which calls probe_kernel_read(). That then calls allow_user_access() (PPC_KUAP) and that uses mmu_has_feature() too early (before we've patched features). With the JUMP_LABEL debug enabled that causes us to call printk() & dump_stack() and we end up recursing and overflowing the stack. Because it happens so early you don't get any output, just an apparently dead system. The stack trace (which you don't see) is something like: ... dump_stack+0xdc probe_kernel_read+0x1a4 check_pointer+0x58 string+0x3c vsnprintf+0x1bc vscnprintf+0x20 printk_safe_log_store+0x7c printk+0x40 dump_stack_print_info+0xbc dump_stack+0x8 probe_kernel_read+0x1a4 probe_kernel_read+0x19c check_pointer+0x58 string+0x3c vsnprintf+0x1bc vscnprintf+0x20 vprintk_store+0x6c vprintk_emit+0xec vprintk_func+0xd4 printk+0x40 cpufeatures_process_feature+0xc8 scan_cpufeatures_subnodes+0x380 of_scan_flat_dt_subnodes+0xb4 dt_cpu_ftrs_scan_callback+0x158 of_scan_flat_dt+0xf0 dt_cpu_ftrs_scan+0x3c early_init_devtree+0x360 early_setup+0x9c 2. Report on s390: vsnprintf invocations, are broken on s390. For example, the early boot output now looks like this where the first (efault) should be the linux_banner: [ 0.099985] (efault) [ 0.099985] setup: Linux is running as a z/VM guest operating system in 64-bit mode [ 0.100066] setup: The maximum memory size is 8192MB [ 0.100070] cma: Reserved 4 MiB at (efault) [ 0.100100] numa: NUMA mode: (efault) The reason for this, is that the code assumes that probe_kernel_address() works very early. This however is not true on at least s390. Uaccess on KERNEL_DS works only after page tables have been setup on s390, which happens with setup_arch()->paging_init(). Any probe_kernel_address() invocation before that will return -EFAULT. Fixes: 3e5903eb ("vsprintf: Prevent crash when dereferencing invalid pointers") Link: http://lkml.kernel.org/r/20190510084213.22149-1-pmladek@suse.com Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: "Tobin C . Harding" <me@tobin.cc> Cc: Michal Hocko <mhocko@suse.cz> Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: linux-kernel@vger.kernel.org Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: linuxppc-dev@lists.ozlabs.org Cc: Russell Currey <ruscur@russell.cc> Cc: Christophe Leroy <christophe.leroy@c-s.fr> Cc: Stephen Rothwell <sfr@ozlabs.org> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: linux-arch@vger.kernel.org Cc: linux-s390@vger.kernel.org Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Petr Mladek <pmladek@suse.com> Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Signed-off-by: Petr Mladek <pmladek@suse.com>
-
ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/powerpc/linuxLinus Torvalds authored
Pull powerpc updates from Michael Ellerman: "Slightly delayed due to the issue with printk() calling probe_kernel_read() interacting with our new user access prevention stuff, but all fixed now. The only out-of-area changes are the addition of a cpuhp_state, small additions to Documentation and MAINTAINERS updates. Highlights: - Support for Kernel Userspace Access/Execution Prevention (like SMAP/SMEP/PAN/PXN) on some 64-bit and 32-bit CPUs. This prevents the kernel from accidentally accessing userspace outside copy_to/from_user(), or ever executing userspace. - KASAN support on 32-bit. - Rework of where we map the kernel, vmalloc, etc. on 64-bit hash to use the same address ranges we use with the Radix MMU. - A rewrite into C of large parts of our idle handling code for 64-bit Book3S (ie. power8 & power9). - A fast path entry for syscalls on 32-bit CPUs, for a 12-17% speedup in the null_syscall benchmark. - On 64-bit bare metal we have support for recovering from errors with the time base (our clocksource), however if that fails currently we hang in __delay() and never crash. We now have support for detecting that case and short circuiting __delay() so we at least panic() and reboot. - Add support for optionally enabling the DAWR on Power9, which had to be disabled by default due to a hardware erratum. This has the effect of enabling hardware breakpoints for GDB, the downside is a badly behaved program could crash the machine by pointing the DAWR at cache inhibited memory. This is opt-in obviously. - xmon, our crash handler, gets support for a read only mode where operations that could change memory or otherwise disturb the system are disabled. Plus many clean-ups, reworks and minor fixes etc. Thanks to: Christophe Leroy, Akshay Adiga, Alastair D'Silva, Alexey Kardashevskiy, Andrew Donnellan, Aneesh Kumar K.V, Anju T Sudhakar, Anton Blanchard, Ben Hutchings, Bo YU, Breno Leitao, Cédric Le Goater, Christopher M. Riedl, Christoph Hellwig, Colin Ian King, David Gibson, Ganesh Goudar, Gautham R. Shenoy, George Spelvin, Greg Kroah-Hartman, Greg Kurz, Horia Geantă, Jagadeesh Pagadala, Joel Stanley, Joe Perches, Julia Lawall, Laurentiu Tudor, Laurent Vivier, Lukas Bulwahn, Madhavan Srinivasan, Mahesh Salgaonkar, Mathieu Malaterre, Michael Neuling, Mukesh Ojha, Nathan Fontenot, Nathan Lynch, Nicholas Piggin, Nick Desaulniers, Oliver O'Halloran, Peng Hao, Qian Cai, Ravi Bangoria, Rick Lindsley, Russell Currey, Sachin Sant, Stewart Smith, Sukadev Bhattiprolu, Thomas Huth, Tobin C. Harding, Tyrel Datwyler, Valentin Schneider, Wei Yongjun, Wen Yang, YueHaibing" * tag 'powerpc-5.2-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (205 commits) powerpc/64s: Use early_mmu_has_feature() in set_kuap() powerpc/book3s/64: check for NULL pointer in pgd_alloc() powerpc/mm: Fix hugetlb page initialization ocxl: Fix return value check in afu_ioctl() powerpc/mm: fix section mismatch for setup_kup() powerpc/mm: fix redundant inclusion of pgtable-frag.o in Makefile powerpc/mm: Fix makefile for KASAN powerpc/kasan: add missing/lost Makefile selftests/powerpc: Add a signal fuzzer selftest powerpc/booke64: set RI in default MSR ocxl: Provide global MMIO accessors for external drivers ocxl: move event_fd handling to frontend ocxl: afu_irq only deals with IRQ IDs, not offsets ocxl: Allow external drivers to use OpenCAPI contexts ocxl: Create a clear delineation between ocxl backend & frontend ocxl: Don't pass pci_dev around ocxl: Split pci.c ocxl: Remove some unused exported symbols ocxl: Remove superfluous 'extern' from headers ocxl: read_pasid never returns an error, so make it void ...
-
Christian Brauner authored
Avoid calling cgroup_threadgroup_change_end() without having called cgroup_threadgroup_change_begin() first. During process creation we need to check whether the cgroup we are in allows us to fork. To perform this check the cgroup needs to guard itself against threadgroup changes and takes a lock. Prior to CLONE_PIDFD the cleanup target "bad_fork_free_pid" would also need to call cgroup_threadgroup_change_end() because said lock had already been taken. However, this is not the case anymore with the addition of CLONE_PIDFD. We are now allocating a pidfd before we check whether the cgroup we're in can fork and thus prior to taking the lock. So when copy_process() fails at the right step it would release a lock we haven't taken. This bug is not even very subtle to be honest. It's just not very clear from the naming of cgroup_threadgroup_change_{begin,end}() that a lock is taken. Here's the relevant splat: entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7fec849 Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 002b:00000000ffed5a8c EFLAGS: 00000246 ORIG_RAX: 0000000000000078 RAX: ffffffffffffffda RBX: 0000000000003ffc RCX: 0000000000000000 RDX: 00000000200005c0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000012 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 ------------[ cut here ]------------ DEBUG_LOCKS_WARN_ON(depth <= 0) WARNING: CPU: 1 PID: 7744 at kernel/locking/lockdep.c:4052 __lock_release kernel/locking/lockdep.c:4052 [inline] WARNING: CPU: 1 PID: 7744 at kernel/locking/lockdep.c:4052 lock_release+0x667/0xa00 kernel/locking/lockdep.c:4321 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 7744 Comm: syz-executor007 Not tainted 5.1.0+ #4 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 panic+0x2cb/0x65c kernel/panic.c:214 __warn.cold+0x20/0x45 kernel/panic.c:566 report_bug+0x263/0x2b0 lib/bug.c:186 fixup_bug arch/x86/kernel/traps.c:179 [inline] fixup_bug arch/x86/kernel/traps.c:174 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:291 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:972 RIP: 0010:__lock_release kernel/locking/lockdep.c:4052 [inline] RIP: 0010:lock_release+0x667/0xa00 kernel/locking/lockdep.c:4321 Code: 0f 85 a0 03 00 00 8b 35 77 66 08 08 85 f6 75 23 48 c7 c6 a0 55 6b 87 48 c7 c7 40 25 6b 87 4c 89 85 70 ff ff ff e8 b7 a9 eb ff <0f> 0b 4c 8b 85 70 ff ff ff 4c 89 ea 4c 89 e6 4c 89 c7 e8 52 63 ff RSP: 0018:ffff888094117b48 EFLAGS: 00010086 RAX: 0000000000000000 RBX: 1ffff11012822f6f RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff815af236 RDI: ffffed1012822f5b RBP: ffff888094117c00 R08: ffff888092bfc400 R09: fffffbfff113301d R10: fffffbfff113301c R11: ffffffff889980e3 R12: ffffffff8a451df8 R13: ffffffff8142e71f R14: ffffffff8a44cc80 R15: ffff888094117bd8 percpu_up_read.constprop.0+0xcb/0x110 include/linux/percpu-rwsem.h:92 cgroup_threadgroup_change_end include/linux/cgroup-defs.h:712 [inline] copy_process.part.0+0x47ff/0x6710 kernel/fork.c:2222 copy_process kernel/fork.c:1772 [inline] _do_fork+0x25d/0xfd0 kernel/fork.c:2338 __do_compat_sys_x86_clone arch/x86/ia32/sys_ia32.c:240 [inline] __se_compat_sys_x86_clone arch/x86/ia32/sys_ia32.c:236 [inline] __ia32_compat_sys_x86_clone+0xbc/0x140 arch/x86/ia32/sys_ia32.c:236 do_syscall_32_irqs_on arch/x86/entry/common.c:334 [inline] do_fast_syscall_32+0x281/0xd54 arch/x86/entry/common.c:405 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7fec849 Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 002b:00000000ffed5a8c EFLAGS: 00000246 ORIG_RAX: 0000000000000078 RAX: ffffffffffffffda RBX: 0000000000003ffc RCX: 0000000000000000 RDX: 00000000200005c0 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000012 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Kernel Offset: disabled Rebooting in 86400 seconds.. Reported-and-tested-by: syzbot+3286e58549edc479faae@syzkaller.appspotmail.com Fixes: b3e58382 ("clone: add CLONE_PIDFD") Signed-off-by: Christian Brauner <christian@brauner.io>
-
Christian Brauner authored
Ignore the pidfd-metadata binary so it doesn't show up in unwanted scenarios. Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Christian Brauner <christian@brauner.io>
-
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds authored
Pull vfs mount fix from Al Viro: "Fix for umount -l/mount --move race caught by syzbot yesterday..." * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: do_move_mount(): fix an unsafe use of is_anon_ns()
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: "Several bug fixes, many are quick merge-window regression cures: - When NLM_F_EXCL is not set, allow same fib rule insertion. From Hangbin Liu. - Several cures in sja1105 DSA driver (while loop exit condition fix, return of negative u8, etc.) from Vladimir Oltean. - Handle tx/rx delays in realtek PHY driver properly, from Serge Semin. - Double free in cls_matchall, from Pieter Jansen van Vuuren. - Disable SIOCSHWTSTAMP in macvlan/vlan containers, from Hangbin Liu. - Endainness fixes in aqc111, from Oliver Neukum. - Handle errors in packet_init properly, from Haibing Yue. - Various W=1 warning fixes in kTLS, from Jakub Kicinski" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (34 commits) nfp: add missing kdoc net/tls: handle errors from padding_length() net/tls: remove set but not used variables docs/btf: fix the missing section marks nfp: bpf: fix static check error through tightening shift amount adjustment selftests: bpf: initialize bpf_object pointers where needed packet: Fix error path in packet_init net/tcp: use deferred jump label for TCP acked data hook net: aquantia: fix undefined devm_hwmon_device_register_with_info reference aqc111: fix double endianness swap on BE aqc111: fix writing to the phy on BE aqc111: fix endianness issue in aqc111_change_mtu vlan: disable SIOCSHWTSTAMP in container macvlan: disable SIOCSHWTSTAMP in container tipc: fix hanging clients using poll with EPOLLOUT flag tuntap: synchronize through tfiles array instead of tun->numqueues tuntap: fix dividing by zero in ebpf queue selection dwmac4_prog_mtl_tx_algorithms() missing write operation ptp_qoriq: fix NULL access if ptp dt node missing net/sched: avoid double free on matchall reoffload ...
-
- 09 May, 2019 8 commits
-
-
Jakub Kicinski authored
Add missing kdoc for app member. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Jakub Kicinski says: ==================== net/tls: fix W=1 build warnings This small series cleans up two outstanding W=1 build warnings in tls code. Both are set but not used variables. The first case looks fairly straightforward. In the second I think it's better to propagate the error code, even if not doing some does not lead to a crash with current code. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
At the time padding_length() is called the record header is still part of the message. If malicious TLS 1.3 peer sends an all-zero record padding_length() will stop at the record header, and return full length of the data including the tail_size. Subsequent subtraction of prot->overhead_size from rxm->full_len will cause rxm->full_len to turn negative. skb accessors, however, will always catch resulting out-of-bounds operation, so in practice this fix comes down to returning the correct error code. It also fixes a set but not used warning. This code was added by commit 130b392c ("net: tls: Add tls 1.3 support"). CC: Dave Watson <davejwatson@fb.com> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jakub Kicinski authored
Commit 4504ab0e ("net/tls: Inform user space about send buffer availability") made us report write_space regardless whether partial record push was successful or not. Remove the now unused return value to clean up the following W=1 warning: net/tls/tls_device.c: In function ‘tls_device_write_space’: net/tls/tls_device.c:546:6: warning: variable ‘rc’ set but not used [-Wunused-but-set-variable] int rc = 0; ^~ CC: Vakul Garg <vakul.garg@nxp.com> CC: Boris Pismenny <borisp@mellanox.com> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpfDavid S. Miller authored
Alexei Starovoitov says: ==================== pull-request: bpf 2019-05-09 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) three small fixes from Gary, Jiong and Lorenz. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Gary Lin authored
The section titles of 3.4 and 3.5 are not marked correctly. Signed-off-by: Gary Lin <glin@suse.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
-
Jiong Wang authored
NFP shift instruction has something special. If shift direction is left then shift amount of 1 to 31 is specified as 32 minus the amount to shift. But no need to do this for indirect shift which has shift amount be 0. Even after we do this subtraction, shift amount 0 will be turned into 32 which will eventually be encoded the same as 0 because only low 5 bits are encoded, but shift amount be 32 will fail the FIELD_PREP check done later on shift mask (0x1f), due to 32 is out of mask range. Such error has been observed when compiling nfp/bpf/jit.c using gcc 8.3 + O3. This issue has started when indirect shift support added after which the incoming shift amount to __emit_shf could be 0, therefore it is at that time shift amount adjustment inside __emit_shf should have been tightened. Fixes: 991f5b36 ("nfp: bpf: support logic indirect shifts (BPF_[L|R]SH | BPF_X)") Reported-by: Oleksandr Natalenko <oleksandr@natalenko.name> Reported-by: Pablo Cascón <pablo.cascon@netronome.com Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Jiong Wang <jiong.wang@netronome.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
-
Lorenz Bauer authored
There are a few tests which call bpf_object__close on uninitialized bpf_object*, which may segfault. Explicitly zero-initialise these pointers to avoid this. Signed-off-by: Lorenz Bauer <lmb@cloudflare.com> Acked-by: Martin KaFai Lau <kafai@fb.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
-