1. 21 Oct, 2021 12 commits
    • Mark Rutland's avatar
      arm64: extable: add load_unaligned_zeropad() handler · 753b3236
      Mark Rutland authored
      For inline assembly, we place exception fixups out-of-line in the
      `.fixup` section such that these are out of the way of the fast path.
      This has a few drawbacks:
      
      * Since the fixup code is anonymous, backtraces will symbolize fixups as
        offsets from the nearest prior symbol, currently
        `__entry_tramp_text_end`. This is confusing, and painful to debug
        without access to the relevant vmlinux.
      
      * Since the exception handler adjusts the PC to execute the fixup, and
        the fixup uses a direct branch back into the function it fixes,
        backtraces of fixups miss the original function. This is confusing,
        and violates requirements for RELIABLE_STACKTRACE (and therefore
        LIVEPATCH).
      
      * Inline assembly and associated fixups are generated from templates,
        and we have many copies of logically identical fixups which only
        differ in which specific registers are written to and which address is
        branched to at the end of the fixup. This is potentially wasteful of
        I-cache resources, and makes it hard to add additional logic to fixups
        without significant bloat.
      
      * In the case of load_unaligned_zeropad(), the logic in the fixup
        requires a temporary register that we must allocate even in the
        fast-path where it will not be used.
      
      This patch address all four concerns for load_unaligned_zeropad() fixups
      by adding a dedicated exception handler which performs the fixup logic
      in exception context and subsequent returns back after the faulting
      instruction. For the moment, the fixup logic is identical to the old
      assembly fixup logic, but in future we could enhance this by taking the
      ESR and FAR into account to constrain the faults we try to fix up, or to
      specialize fixups for MTE tag check faults.
      
      Other than backtracing, there should be no functional change as a result
      of this patch.
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: James Morse <james.morse@arm.com>
      Cc: Robin Murphy <robin.murphy@arm.com>
      Cc: Will Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20211019160219.5202-13-mark.rutland@arm.comSigned-off-by: default avatarWill Deacon <will@kernel.org>
      753b3236
    • Mark Rutland's avatar
      arm64: extable: add a dedicated uaccess handler · 2e77a62c
      Mark Rutland authored
      For inline assembly, we place exception fixups out-of-line in the
      `.fixup` section such that these are out of the way of the fast path.
      This has a few drawbacks:
      
      * Since the fixup code is anonymous, backtraces will symbolize fixups as
        offsets from the nearest prior symbol, currently
        `__entry_tramp_text_end`. This is confusing, and painful to debug
        without access to the relevant vmlinux.
      
      * Since the exception handler adjusts the PC to execute the fixup, and
        the fixup uses a direct branch back into the function it fixes,
        backtraces of fixups miss the original function. This is confusing,
        and violates requirements for RELIABLE_STACKTRACE (and therefore
        LIVEPATCH).
      
      * Inline assembly and associated fixups are generated from templates,
        and we have many copies of logically identical fixups which only
        differ in which specific registers are written to and which address is
        branched to at the end of the fixup. This is potentially wasteful of
        I-cache resources, and makes it hard to add additional logic to fixups
        without significant bloat.
      
      This patch address all three concerns for inline uaccess fixups by
      adding a dedicated exception handler which updates registers in
      exception context and subsequent returns back into the function which
      faulted, removing the need for fixups specialized to each faulting
      instruction.
      
      Other than backtracing, there should be no functional change as a result
      of this patch.
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: James Morse <james.morse@arm.com>
      Cc: Robin Murphy <robin.murphy@arm.com>
      Cc: Will Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20211019160219.5202-12-mark.rutland@arm.comSigned-off-by: default avatarWill Deacon <will@kernel.org>
      2e77a62c
    • Mark Rutland's avatar
      arm64: extable: add `type` and `data` fields · d6e2cc56
      Mark Rutland authored
      Subsequent patches will add specialized handlers for fixups, in addition
      to the simple PC fixup and BPF handlers we have today. In preparation,
      this patch adds a new `type` field to struct exception_table_entry, and
      uses this to distinguish the fixup and BPF cases. A `data` field is also
      added so that subsequent patches can associate data specific to each
      exception site (e.g. register numbers).
      
      Handlers are named ex_handler_*() for consistency, following the exmaple
      of x86. At the same time, get_ex_fixup() is split out into a helper so
      that it can be used by other ex_handler_*() functions ins subsequent
      patches.
      
      This patch will increase the size of the exception tables, which will be
      remedied by subsequent patches removing redundant fixup code. There
      should be no functional change as a result of this patch.
      
      Since each entry is now 12 bytes in size, we must reduce the alignment
      of each entry from `.align 3` (i.e. 8 bytes) to `.align 2` (i.e. 4
      bytes), which is the natrual alignment of the `insn` and `fixup` fields.
      The current 8-byte alignment is a holdover from when the `insn` and
      `fixup` fields was 8 bytes, and while not harmful has not been necessary
      since commit:
      
        6c94f27a ("arm64: switch to relative exception tables")
      
      Similarly, RO_EXCEPTION_TABLE_ALIGN is dropped to 4 bytes.
      
      Concurrently with this patch, x86's exception table entry format is
      being updated (similarly to a 12-byte format, with 32-bytes of absolute
      data). Once both have been merged it should be possible to unify the
      sorttable logic for the two.
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Cc: Alexei Starovoitov <ast@kernel.org>
      Cc: Andrii Nakryiko <andrii@kernel.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Cc: James Morse <james.morse@arm.com>
      Cc: Jean-Philippe Brucker <jean-philippe@linaro.org>
      Cc: Robin Murphy <robin.murphy@arm.com>
      Cc: Will Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20211019160219.5202-11-mark.rutland@arm.comSigned-off-by: default avatarWill Deacon <will@kernel.org>
      d6e2cc56
    • Mark Rutland's avatar
      arm64: extable: use `ex` for `exception_table_entry` · 5d0e7905
      Mark Rutland authored
      Subsequent patches will extend `struct exception_table_entry` with more
      fields, and the distinction between the entry and its `fixup` field will
      become more important.
      
      For clarity, let's consistently use `ex` to refer to refer to an entire
      entry. In subsequent patches we'll use `fixup` to refer to the fixup
      field specifically. This matches the naming convention used today in
      arch/arm64/net/bpf_jit_comp.c.
      
      There should be no functional change as a result of this patch.
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Acked-by: default avatarRobin Murphy <robin.murphy@arm.com>
      Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: James Morse <james.morse@arm.com>
      Cc: Will Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20211019160219.5202-10-mark.rutland@arm.comSigned-off-by: default avatarWill Deacon <will@kernel.org>
      5d0e7905
    • Mark Rutland's avatar
      arm64: extable: make fixup_exception() return bool · e8c328d7
      Mark Rutland authored
      The return values of fixup_exception() and arm64_bpf_fixup_exception()
      represent a boolean condition rather than an error code, so for clarity
      it would be better to return `bool` rather than `int`.
      
      This patch adjusts the code accordingly. While we're modifying the
      prototype, we also remove the unnecessary `extern` keyword, so that this
      won't look out of place when we make subsequent additions to the header.
      
      There should be no functional change as a result of this patch.
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Cc: Alexei Starovoitov <ast@kernel.org>
      Cc: Andrii Nakryiko <andrii@kernel.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Cc: James Morse <james.morse@arm.com>
      Cc: Jean-Philippe Brucker <jean-philippe@linaro.org>
      Cc: Robin Murphy <robin.murphy@arm.com>
      Cc: Will Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20211019160219.5202-9-mark.rutland@arm.comSigned-off-by: default avatarWill Deacon <will@kernel.org>
      e8c328d7
    • Mark Rutland's avatar
      arm64: extable: consolidate definitions · 819771cc
      Mark Rutland authored
      In subsequent patches we'll alter the structure and usage of struct
      exception_table_entry. For inline assembly, we create these using the
      `_ASM_EXTABLE()` CPP macro defined in <asm/uaccess.h>, and for plain
      assembly code we use the `_asm_extable()` GAS macro defined in
      <asm/assembler.h>, which are largely identical save for different
      escaping and stringification requirements.
      
      This patch moves the common definitions to a new <asm/asm-extable.h>
      header, so that it's easier to keep the two in-sync, and to remove the
      implication that these are only used for uaccess helpers (as e.g.
      load_unaligned_zeropad() is only used on kernel memory, and depends upon
      `_ASM_EXTABLE()`.
      
      At the same time, a few minor modifications are made for clarity and in
      preparation for subsequent patches:
      
      * The structure creation is factored out into an `__ASM_EXTABLE_RAW()`
        macro. This will make it easier to support different fixup variants in
        subsequent patches without needing to update all users of
        `_ASM_EXTABLE()`, and makes it easier to see tha the CPP and GAS
        variants of the macros are structurally identical.
      
        For the CPP macro, the stringification of fields is left to the
        wrapper macro, `_ASM_EXTABLE()`, as in subsequent patches it will be
        necessary to stringify fields in wrapper macros to safely concatenate
        strings which cannot be token-pasted together in CPP.
      
      * The fields of the structure are created separately on their own lines.
        This will make it easier to add/remove/modify individual fields
        clearly.
      
      * Additional parentheses are added around the use of macro arguments in
        field definitions to avoid any potential problems with evaluation due
        to operator precedence, and to make errors upon misuse clearer.
      
      * USER() is moved into <asm/asm-uaccess.h>, as it is not required by all
        assembly code, and is already refered to by comments in that file.
      
      There should be no functional change as a result of this patch.
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: James Morse <james.morse@arm.com>
      Cc: Robin Murphy <robin.murphy@arm.com>
      Cc: Will Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20211019160219.5202-8-mark.rutland@arm.comSigned-off-by: default avatarWill Deacon <will@kernel.org>
      819771cc
    • Mark Rutland's avatar
      arm64: gpr-num: support W registers · 286fba6c
      Mark Rutland authored
      In subsequent patches we'll want to map W registers to their register
      numbers. Update gpr-num.h so that we can do this.
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: James Morse <james.morse@arm.com>
      Cc: Robin Murphy <robin.murphy@arm.com>
      Cc: Will Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20211019160219.5202-7-mark.rutland@arm.comSigned-off-by: default avatarWill Deacon <will@kernel.org>
      286fba6c
    • Mark Rutland's avatar
      arm64: factor out GPR numbering helpers · 8ed1b498
      Mark Rutland authored
      In <asm/sysreg.h> we have macros to convert the names of general purpose
      registers (GPRs) into integer constants, which we use to manually build
      the encoding for `MRS` and `MSR` instructions where we can't rely on the
      assembler to do so for us.
      
      In subsequent patches we'll need to map the same GPR names to integer
      constants so that we can use this to build metadata for exception
      fixups.
      
      So that the we can use the mappings elsewhere, factor out the
      definitions into a new <asm/gpr-num.h> header, renaming the definitions
      to align with this "GPR num" naming for clarity.
      
      There should be no functional change as a result of this patch.
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: James Morse <james.morse@arm.com>
      Cc: Robin Murphy <robin.murphy@arm.com>
      Cc: Will Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20211019160219.5202-6-mark.rutland@arm.comSigned-off-by: default avatarWill Deacon <will@kernel.org>
      8ed1b498
    • Mark Rutland's avatar
      arm64: kvm: use kvm_exception_table_entry · ae2b2f33
      Mark Rutland authored
      In subsequent patches we'll alter `struct exception_table_entry`, adding
      fields that are not needed for KVM exception fixups.
      
      In preparation for this, migrate KVM to its own `struct
      kvm_exception_table_entry`, which is identical to the current format of
      `struct exception_table_entry`. Comments are updated accordingly.
      
      There should be no functional change as a result of this patch.
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Cc: Alexandru Elisei <alexandru.elisei@arm.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: James Morse <james.morse@arm.com>
      Cc: Marc Zyngier <maz@kernel.org>
      Cc: Robin Murphy <robin.murphy@arm.com>
      Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
      Cc: Will Deacon <will@kernel.org>
      Acked-by: default avatarMarc Zyngier <maz@kernel.org>
      Link: https://lore.kernel.org/r/20211019160219.5202-5-mark.rutland@arm.comSigned-off-by: default avatarWill Deacon <will@kernel.org>
      ae2b2f33
    • Mark Rutland's avatar
      arm64: lib: __arch_copy_to_user(): fold fixups into body · 139f9ab7
      Mark Rutland authored
      Like other functions, __arch_copy_to_user() places its exception fixups
      in the `.fixup` section without any clear association with
      __arch_copy_to_user() itself. If we backtrace the fixup code, it will be
      symbolized as an offset from the nearest prior symbol, which happens to
      be `__entry_tramp_text_end`. Further, since the PC adjustment for the
      fixup is akin to a direct branch rather than a function call,
      __arch_copy_to_user() itself will be missing from the backtrace.
      
      This is confusing and hinders debugging. In general this pattern will
      also be problematic for CONFIG_LIVEPATCH, since fixups often return to
      their associated function, but this isn't accurately captured in the
      stacktrace.
      
      To solve these issues for assembly functions, we must move fixups into
      the body of the functions themselves, after the usual fast-path returns.
      This patch does so for __arch_copy_to_user().
      
      Inline assembly will be dealt with in subsequent patches.
      
      Other than the improved backtracing, there should be no functional
      change as a result of this patch.
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Acked-by: default avatarRobin Murphy <robin.murphy@arm.com>
      Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: James Morse <james.morse@arm.com>
      Cc: Mark Brown <broonie@kernel.org>
      Cc: Will Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20211019160219.5202-4-mark.rutland@arm.comSigned-off-by: default avatarWill Deacon <will@kernel.org>
      139f9ab7
    • Mark Rutland's avatar
      arm64: lib: __arch_copy_from_user(): fold fixups into body · 4012e0e2
      Mark Rutland authored
      Like other functions, __arch_copy_from_user() places its exception
      fixups in the `.fixup` section without any clear association with
      __arch_copy_from_user() itself. If we backtrace the fixup code, it will
      be symbolized as an offset from the nearest prior symbol, which happens
      to be `__entry_tramp_text_end`. Further, since the PC adjustment for the
      fixup is akin to a direct branch rather than a function call,
      __arch_copy_from_user() itself will be missing from the backtrace.
      
      This is confusing and hinders debugging. In general this pattern will
      also be problematic for CONFIG_LIVEPATCH, since fixups often return to
      their associated function, but this isn't accurately captured in the
      stacktrace.
      
      To solve these issues for assembly functions, we must move fixups into
      the body of the functions themselves, after the usual fast-path returns.
      This patch does so for __arch_copy_from_user().
      
      Inline assembly will be dealt with in subsequent patches.
      
      Other than the improved backtracing, there should be no functional
      change as a result of this patch.
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Acked-by: default avatarRobin Murphy <robin.murphy@arm.com>
      Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: James Morse <james.morse@arm.com>
      Cc: Mark Brown <broonie@kernel.org>
      Cc: Will Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20211019160219.5202-3-mark.rutland@arm.comSigned-off-by: default avatarWill Deacon <will@kernel.org>
      4012e0e2
    • Mark Rutland's avatar
      arm64: lib: __arch_clear_user(): fold fixups into body · 35d67794
      Mark Rutland authored
      Like other functions, __arch_clear_user() places its exception fixups in
      the `.fixup` section without any clear association with
      __arch_clear_user() itself. If we backtrace the fixup code, it will be
      symbolized as an offset from the nearest prior symbol, which happens to
      be `__entry_tramp_text_end`. Further, since the PC adjustment for the
      fixup is akin to a direct branch rather than a function call,
      __arch_clear_user() itself will be missing from the backtrace.
      
      This is confusing and hinders debugging. In general this pattern will
      also be problematic for CONFIG_LIVEPATCH, since fixups often return to
      their associated function, but this isn't accurately captured in the
      stacktrace.
      
      To solve these issues for assembly functions, we must move fixups into
      the body of the functions themselves, after the usual fast-path returns.
      This patch does so for __arch_clear_user().
      
      Inline assembly will be dealt with in subsequent patches.
      
      Other than the improved backtracing, there should be no functional
      change as a result of this patch.
      Signed-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Acked-by: default avatarRobin Murphy <robin.murphy@arm.com>
      Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: James Morse <james.morse@arm.com>
      Cc: Mark Brown <broonie@kernel.org>
      Cc: Will Deacon <will@kernel.org>
      Link: https://lore.kernel.org/r/20211019160219.5202-2-mark.rutland@arm.comSigned-off-by: default avatarWill Deacon <will@kernel.org>
      35d67794
  2. 26 Sep, 2021 7 commits
    • Linus Torvalds's avatar
      Linux 5.15-rc3 · 5816b3e6
      Linus Torvalds authored
      5816b3e6
    • Linus Torvalds's avatar
      Merge tag '5.15-rc2-ksmbd-fixes' of git://git.samba.org/ksmbd · 5e5d7597
      Linus Torvalds authored
      Pull ksmbd fixes from Steve French:
       "Five fixes for the ksmbd kernel server, including three security
        fixes:
      
         - remove follow symlinks support
      
         - use LOOKUP_BENEATH to prevent out of share access
      
         - SMB3 compounding security fix
      
         - fix for returning the default streams correctly, fixing a bug when
           writing ppt or doc files from some clients
      
         - logging more clearly that ksmbd is experimental (at module load
           time)"
      
      * tag '5.15-rc2-ksmbd-fixes' of git://git.samba.org/ksmbd:
        ksmbd: use LOOKUP_BENEATH to prevent the out of share access
        ksmbd: remove follow symlinks support
        ksmbd: check protocol id in ksmbd_verify_smb_message()
        ksmbd: add default data stream name in FILE_STREAM_INFORMATION
        ksmbd: log that server is experimental at module load
      5e5d7597
    • Linus Torvalds's avatar
      Merge tag 'edac_urgent_for_v5.15_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras · 996148ee
      Linus Torvalds authored
      Pull EDAC fixes from Borislav Petkov:
       "Fix two EDAC drivers using the wrong value type for the DIMM mode"
      
      * tag 'edac_urgent_for_v5.15_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras:
        EDAC/dmc520: Assign the proper type to dimm->edac_mode
        EDAC/synopsys: Fix wrong value type assignment for edac_mode
      996148ee
    • Linus Torvalds's avatar
      Merge tag 'thermal-v5.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux · 299d6e47
      Linus Torvalds authored
      Pull thermal fixes from Daniel Lezcano:
      
       - Fix thermal shutdown after a suspend/resume due to a wrong TCC value
         restored on Intel platform (Antoine Tenart)
      
       - Fix potential buffer overflow when building the list of policies. The
         buffer size is not updated after writing to it (Dan Carpenter)
      
       - Fix wrong check against IS_ERR instead of NULL (Ansuel Smith)
      
      * tag 'thermal-v5.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/thermal/linux:
        thermal/drivers/tsens: Fix wrong check for tzd in irq handlers
        thermal/core: Potential buffer overflow in thermal_build_list_of_policies()
        thermal/drivers/int340x: Do not set a wrong tcc offset on resume
      299d6e47
    • Linus Torvalds's avatar
      Merge tag 'x86-urgent-2021-09-26' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 5bb7b210
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
       "A set of fixes for X86:
      
         - Prevent sending the wrong signal when protection keys are enabled
           and the kernel handles a fault in the vsyscall emulation.
      
         - Invoke early_reserve_memory() before invoking e820_memory_setup()
           which is required to make the Xen dom0 e820 hooks work correctly.
      
         - Use the correct data type for the SETZ operand in the EMQCMDS
           instruction wrapper.
      
         - Prevent undefined behaviour to the potential unaligned accesss in
           the instruction decoder library"
      
      * tag 'x86-urgent-2021-09-26' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/insn, tools/x86: Fix undefined behavior due to potential unaligned accesses
        x86/asm: Fix SETZ size enqcmds() build failure
        x86/setup: Call early_reserve_memory() earlier
        x86/fault: Fix wrong signal when vsyscall fails with pkey
      5bb7b210
    • Linus Torvalds's avatar
      Merge tag 'timers-urgent-2021-09-26' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 3a398acc
      Linus Torvalds authored
      Pull timer fix from Thomas Gleixner:
       "A single fix for the recently introduced regression in posix CPU
        timers which failed to stop the timer when requested. That caused
        unexpected signals to be sent to the process/thread causing
        malfunction"
      
      * tag 'timers-urgent-2021-09-26' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        posix-cpu-timers: Prevent spuriously armed 0-value itimer
      3a398acc
    • Linus Torvalds's avatar
      Merge tag 'irq-urgent-2021-09-26' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · dc0f97c2
      Linus Torvalds authored
      Pull irq fixes from Thomas Gleixner:
       "A set of fixes for interrupt chip drivers:
      
         - Work around a bad GIC integration on a Renesas platform which can't
           handle byte-sized MMIO access
      
         - Plug a potential memory leak in the GICv4 driver
      
         - Fix a regression in the Armada 370-XP IPI code which was caused by
           issuing EOI instack of ACK.
      
         - A couple of small fixes here and there"
      
      * tag 'irq-urgent-2021-09-26' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/gic: Work around broken Renesas integration
        irqchip/renesas-rza1: Use semicolons instead of commas
        irqchip/gic-v3-its: Fix potential VPE leak on error
        irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build
        irqchip/mbigen: Repair non-kernel-doc notation
        irqdomain: Change the type of 'size' in __irq_domain_add() to be consistent
        irqchip/armada-370-xp: Fix ack/eoi breakage
        Documentation: Fix irq-domain.rst build warning
      dc0f97c2
  3. 25 Sep, 2021 13 commits
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · a3b397b4
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "16 patches.
      
        Subsystems affected by this patch series: xtensa, sh, ocfs2, scripts,
        lib, and mm (memory-failure, kasan, damon, shmem, tools, pagecache,
        debug, and pagemap)"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        mm: fix uninitialized use in overcommit_policy_handler
        mm/memory_failure: fix the missing pte_unmap() call
        kasan: always respect CONFIG_KASAN_STACK
        sh: pgtable-3level: fix cast to pointer from integer of different size
        mm/debug: sync up latest migrate_reason to migrate_reason_names
        mm/debug: sync up MR_CONTIG_RANGE and MR_LONGTERM_PIN
        mm: fs: invalidate bh_lrus for only cold path
        lib/zlib_inflate/inffast: check config in C to avoid unused function warning
        tools/vm/page-types: remove dependency on opt_file for idle page tracking
        scripts/sorttable: riscv: fix undeclared identifier 'EM_RISCV' error
        ocfs2: drop acl cache for directories too
        mm/shmem.c: fix judgment error in shmem_is_huge()
        xtensa: increase size of gcc stack frame check
        mm/damon: don't use strnlen() with known-bogus source length
        kasan: fix Kconfig check of CC_HAS_WORKING_NOSANITIZE_ADDRESS
        mm, hwpoison: add is_free_buddy_page() in HWPoisonHandlable()
      a3b397b4
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · bb19237b
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Thirty-three fixes, I'm afraid.
      
        Essentially the build up from the last couple of weeks while I've been
        dealling with Linux Plumbers conference infrastructure issues. It's
        mostly the usual assortment of spelling fixes and minor corrections.
      
        The only core relevant changes are to the sd driver to reduce the spin
        up message spew and fix a small memory leak on the freeing path"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (33 commits)
        scsi: ses: Retry failed Send/Receive Diagnostic commands
        scsi: target: Fix spelling mistake "CONFLIFT" -> "CONFLICT"
        scsi: lpfc: Fix gcc -Wstringop-overread warning, again
        scsi: lpfc: Use correct scnprintf() limit
        scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn()
        scsi: core: Remove 'current_tag'
        scsi: acornscsi: Remove tagged queuing vestiges
        scsi: fas216: Kill scmd->tag
        scsi: qla2xxx: Restore initiator in dual mode
        scsi: ufs: core: Unbreak the reset handler
        scsi: sd_zbc: Support disks with more than 2**32 logical blocks
        scsi: ufs: core: Revert "scsi: ufs: Synchronize SCSI and UFS error handling"
        scsi: bsg: Fix device unregistration
        scsi: sd: Make sd_spinup_disk() less noisy
        scsi: ufs: ufs-pci: Fix Intel LKF link stability
        scsi: mpt3sas: Clean up some inconsistent indenting
        scsi: megaraid: Clean up some inconsistent indenting
        scsi: sr: Fix spelling mistake "does'nt" -> "doesn't"
        scsi: Remove SCSI CDROM MAINTAINERS entry
        scsi: megaraid: Fix Coccinelle warning
        ...
      bb19237b
    • Linus Torvalds's avatar
      Merge tag 'io_uring-5.15-2021-09-25' of git://git.kernel.dk/linux-block · f6f360ae
      Linus Torvalds authored
      Pull io_uring fixes from Jens Axboe:
       "This one looks a bit bigger than it is, but that's mainly because 2/3
        of it is enabling IORING_OP_CLOSE to close direct file descriptors.
      
        We've had a few folks using them and finding it confusing that the way
        to close them is through using -1 for file update, this just brings
        API symmetry for direct descriptors. Hence I think we should just do
        this now and have a better API for 5.15 release. There's some room for
        de-duplicating the close code, but we're leaving that for the next
        merge window.
      
        Outside of that, just small fixes:
      
         - Poll race fixes (Hao)
      
         - io-wq core dump exit fix (me)
      
         - Reschedule around potentially intensive tctx and buffer iterators
           on teardown (me)
      
         - Fix for always ending up punting files update to io-wq (me)
      
         - Put the provided buffer meta data under memcg accounting (me)
      
         - Tweak for io_write(), removing dead code that was added with the
           iterator changes in this release (Pavel)"
      
      * tag 'io_uring-5.15-2021-09-25' of git://git.kernel.dk/linux-block:
        io_uring: make OP_CLOSE consistent with direct open
        io_uring: kill extra checks in io_write()
        io_uring: don't punt files update to io-wq unconditionally
        io_uring: put provided buffer meta data under memcg accounting
        io_uring: allow conditional reschedule for intensive iterators
        io_uring: fix potential req refcount underflow
        io_uring: fix missing set of EPOLLONESHOT for CQ ring overflow
        io_uring: fix race between poll completion and cancel_hash insertion
        io-wq: ensure we exit if thread group is exiting
      f6f360ae
    • Linus Torvalds's avatar
      Merge tag 'block-5.15-2021-09-25' of git://git.kernel.dk/linux-block · 2d70de4e
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - NVMe pull request via Christoph:
            - keep ctrl->namespaces ordered (Christoph Hellwig)
            - fix incorrect h2cdata pdu offset accounting in nvme-tcp (Sagi
              Grimberg)
            - handled updated hw_queues in nvme-fc more carefully (Daniel
              Wagner, James Smart)
      
       - md lock order fix (Christoph)
      
       - fallocate locking fix (Ming)
      
       - blktrace UAF fix (Zhihao)
      
       - rq-qos bio tracking fix (Ming)
      
      * tag 'block-5.15-2021-09-25' of git://git.kernel.dk/linux-block:
        block: hold ->invalidate_lock in blkdev_fallocate
        blktrace: Fix uaf in blk_trace access after removing by sysfs
        block: don't call rq_qos_ops->done_bio if the bio isn't tracked
        md: fix a lock order reversal in md_alloc
        nvme: keep ctrl->namespaces ordered
        nvme-tcp: fix incorrect h2cdata pdu offset accounting
        nvme-fc: remove freeze/unfreeze around update_nr_hw_queues
        nvme-fc: avoid race between time out and tear down
        nvme-fc: update hardware queues before using them
      2d70de4e
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.15b-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 57398443
      Linus Torvalds authored
      Pull xen fixes from Juergen Gross:
       "Some minor cleanups and fixes of some theoretical bugs, as well as a
        fix of a bug introduced in 5.15-rc1"
      
      * tag 'for-linus-5.15b-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen/x86: fix PV trap handling on secondary processors
        xen/balloon: fix balloon kthread freezing
        swiotlb-xen: this is PV-only on x86
        xen/pci-swiotlb: reduce visibility of symbols
        PCI: only build xen-pcifront in PV-enabled environments
        swiotlb-xen: ensure to issue well-formed XENMEM_exchange requests
        Xen/gntdev: don't ignore kernel unmapping error
        xen/x86: drop redundant zeroing from cpu_initialize_context()
      57398443
    • Linus Torvalds's avatar
      Merge tag 'linux-kselftest-fixes-5.15-rc3' of... · 90316e6e
      Linus Torvalds authored
      Merge tag 'linux-kselftest-fixes-5.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
      
      Pull Kselftest fixes from Shuah Khan:
      
       - fix to Kselftest common framework header install to run before other
         targets for it work correctly in parallel build case.
      
       - fixes to kvm test to not ignore fscanf() returns which could result
         in inconsistent test behavior and failures.
      
      * tag 'linux-kselftest-fixes-5.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
        selftests: kvm: fix get_run_delay() ignoring fscanf() return warn
        selftests: kvm: move get_run_delay() into lib/test_util
        selftests:kvm: fix get_trans_hugepagesz() ignoring fscanf() return warn
        selftests:kvm: fix get_warnings_count() ignoring fscanf() return warn
        selftests: be sure to make khdr before other targets
      90316e6e
    • Linus Torvalds's avatar
      Merge tag 'erofs-for-5.15-rc3-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs · a5e0acea
      Linus Torvalds authored
      Pull erofs fixes from Gao Xiang:
       "Two bugfixes to fix the 4KiB blockmap chunk format availability and a
        dangling pointer usage. There is also a trivial cleanup to clarify
        compacted_2b if compacted_4b_initial > totalidx.
      
        Summary:
      
         - fix the dangling pointer use in erofs_lookup tracepoint
      
         - fix unsupported chunk format check
      
         - zero out compacted_2b if compacted_4b_initial > totalidx"
      
      * tag 'erofs-for-5.15-rc3-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs:
        erofs: clear compacted_2b if compacted_4b_initial > totalidx
        erofs: fix misbehavior of unsupported chunk format check
        erofs: fix up erofs_lookup tracepoint
      a5e0acea
    • Linus Torvalds's avatar
      Merge tag '5.15-rc2-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · b8f42965
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Six small cifs/smb3 fixes, two for stable:
      
         - important fix for deferred close (found by a git functional test)
           related to attribute caching on close.
      
         - four (two cosmetic, two more serious) small fixes for problems
           pointed out by smatch via Dan Carpenter
      
         - fix for comment formatting problems pointed out by W=1"
      
      * tag '5.15-rc2-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: fix incorrect check for null pointer in header_assemble
        smb3: correct server pointer dereferencing check to be more consistent
        smb3: correct smb3 ACL security descriptor
        cifs: Clear modified attribute bit from inode flags
        cifs: Deal with some warnings from W=1
        cifs: fix a sign extension bug
      b8f42965
    • Linus Torvalds's avatar
      Merge tag 'char-misc-5.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 85736168
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are some small char and misc driver fixes for 5.15-rc3.
      
        Nothing huge in here, just fixes for a number of small issues that
        have been reported. These include:
      
         - habanalabs race conditions and other bugs fixed
      
         - binder driver fixes
      
         - fpga driver fixes
      
         - coresight build warning fix
      
         - nvmem driver fix
      
         - comedi memory leak fix
      
         - bcm-vk tty race fix
      
         - other tiny driver fixes
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'char-misc-5.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (21 commits)
        comedi: Fix memory leak in compat_insnlist()
        nvmem: NVMEM_NINTENDO_OTP should depend on WII
        misc: bcm-vk: fix tty registration race
        fpga: dfl: Avoid reads to AFU CSRs during enumeration
        fpga: machxo2-spi: Fix missing error code in machxo2_write_complete()
        fpga: machxo2-spi: Return an error on failure
        habanalabs: expose a single cs seq in staged submissions
        habanalabs: fix wait offset handling
        habanalabs: rate limit multi CS completion errors
        habanalabs/gaudi: fix LBW RR configuration
        habanalabs: Fix spelling mistake "FEADBACK" -> "FEEDBACK"
        habanalabs: fail collective wait when not supported
        habanalabs/gaudi: use direct MSI in single mode
        habanalabs: fix kernel OOPs related to staged cs
        habanalabs: fix potential race in interrupt wait ioctl
        mcb: fix error handling in mcb_alloc_bus()
        misc: genwqe: Fixes DMA mask setting
        coresight: syscfg: Fix compiler warning
        nvmem: core: Add stubs for nvmem_cell_read_variable_le_u32/64 if !CONFIG_NVMEM
        binder: make sure fd closes complete
        ...
      85736168
    • Linus Torvalds's avatar
      Merge tag 'staging-5.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 9cbef308
      Linus Torvalds authored
      Pull staging driver fixes from Greg KH:
       "Here are two small staging driver fixes for 5.15-rc3:
      
         - greybus tty use-after-free bugfix
      
         - r8188eu ioctl overlap build warning fix
      
        Note, the r8188eu ioctl has been entirely removed for 5.16-rc1, but
        it's good to get this fixed now for people using this in 5.15.
      
        Both of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'staging-5.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: r8188eu: fix -Wrestrict warnings
        staging: greybus: uart: fix tty use after free
      9cbef308
    • Linus Torvalds's avatar
      Merge tag 'tty-5.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · f9d4be25
      Linus Torvalds authored
      Pull tty/serial fixes from Greg KH:
       "Here are four small tty/serial driver fixes for 5.15-rc3. They
        include:
      
         - remove an export now that no one is using it anymore
      
         - mvebu-uart tx_empty callback fix
      
         - 8250_omap bugfix
      
         - synclink_gt build fix
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'tty-5.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        tty: unexport tty_ldisc_release
        tty: synclink_gt: rename a conflicting function name
        serial: mvebu-uart: fix driver's tx_empty callback
        serial: 8250: 8250_omap: Fix RX_LVL register offset
      f9d4be25
    • Linus Torvalds's avatar
      Merge tag 'usb-5.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 2c4e969c
      Linus Torvalds authored
      Pull USB driver fixes from Greg KH:
       "Here are some USB driver fixes and new device ids for 5.15-rc3.
      
        They include:
      
         - usb-storage quirk additions
      
         - usb-serial new device ids
      
         - usb-serial driver fixes
      
         - USB roothub registration bugfix to resolve a long-reported issue
      
         - usb gadget driver fixes for a large number of small things
      
         - dwc2 driver fixes
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'usb-5.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (28 commits)
        USB: serial: option: add device id for Foxconn T99W265
        USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
        USB: serial: cp210x: add part-number debug printk
        USB: serial: cp210x: fix dropped characters with CP2102
        MAINTAINERS: usb, update Peter Korsgaard's entries
        usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
        usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
        Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
        USB: serial: option: remove duplicate USB device ID
        USB: serial: mos7840: remove duplicated 0xac24 device ID
        arm64: dts: qcom: ipq8074: remove USB tx-fifo-resize property
        usb: gadget: f_uac2: Populate SS descriptors' wBytesPerInterval
        usb: gadget: f_uac2: Add missing companion descriptor for feedback EP
        usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
        usb: core: hcd: Modularize HCD stop configuration in usb_stop_hcd()
        xhci: Set HCD flag to defer primary roothub registration
        usb: core: hcd: Add support for deferring roothub registration
        usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave
        usb: dwc3: core: balance phy init and exit
        Revert "USB: bcma: Add a check for devm_gpiod_get"
        ...
      2c4e969c
    • Hyunchul Lee's avatar
      ksmbd: use LOOKUP_BENEATH to prevent the out of share access · 265fd199
      Hyunchul Lee authored
      instead of removing '..' in a given path, call
      kern_path with LOOKUP_BENEATH flag to prevent
      the out of share access.
      
      ran various test on this:
      smb2-cat-async smb://127.0.0.1/homes/../out_of_share
      smb2-cat-async smb://127.0.0.1/homes/foo/../../out_of_share
      smbclient //127.0.0.1/homes -c "mkdir ../foo2"
      smbclient //127.0.0.1/homes -c "rename bar ../bar"
      
      Cc: Ronnie Sahlberg <ronniesahlberg@gmail.com>
      Cc: Ralph Boehme <slow@samba.org>
      Tested-by: default avatarSteve French <smfrench@gmail.com>
      Tested-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
      Acked-by: default avatarNamjae Jeon <linkinjeon@kernel.org>
      Signed-off-by: default avatarHyunchul Lee <hyc.lee@gmail.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      265fd199
  4. 24 Sep, 2021 8 commits