1. 21 May, 2020 3 commits
    • Navid Emamdoost's avatar
      apparmor: Fix use-after-free in aa_audit_rule_init · c54d481d
      Navid Emamdoost authored
      In the implementation of aa_audit_rule_init(), when aa_label_parse()
      fails the allocated memory for rule is released using
      aa_audit_rule_free(). But after this release, the return statement
      tries to access the label field of the rule which results in
      use-after-free. Before releasing the rule, copy errNo and return it
      after release.
      
      Fixes: 52e8c380 ("apparmor: Fix memory leak of rule on error exit path")
      Signed-off-by: default avatarNavid Emamdoost <navid.emamdoost@gmail.com>
      Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      c54d481d
    • Xiyu Yang's avatar
      apparmor: Fix aa_label refcnt leak in policy_update · c6b39f07
      Xiyu Yang authored
      policy_update() invokes begin_current_label_crit_section(), which
      returns a reference of the updated aa_label object to "label" with
      increased refcount.
      
      When policy_update() returns, "label" becomes invalid, so the refcount
      should be decreased to keep refcount balanced.
      
      The reference counting issue happens in one exception handling path of
      policy_update(). When aa_may_manage_policy() returns not NULL, the
      refcnt increased by begin_current_label_crit_section() is not decreased,
      causing a refcnt leak.
      
      Fix this issue by jumping to "end_section" label when
      aa_may_manage_policy() returns not NULL.
      
      Fixes: 5ac8c355 ("apparmor: allow introspecting the loaded policy pre internal transform")
      Signed-off-by: default avatarXiyu Yang <xiyuyang19@fudan.edu.cn>
      Signed-off-by: default avatarXin Tan <tanxin.ctf@gmail.com>
      Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      c6b39f07
    • Xiyu Yang's avatar
      apparmor: fix potential label refcnt leak in aa_change_profile · a0b845ff
      Xiyu Yang authored
      aa_change_profile() invokes aa_get_current_label(), which returns
      a reference of the current task's label.
      
      According to the comment of aa_get_current_label(), the returned
      reference must be put with aa_put_label().
      However, when the original object pointed by "label" becomes
      unreachable because aa_change_profile() returns or a new object
      is assigned to "label", reference count increased by
      aa_get_current_label() is not decreased, causing a refcnt leak.
      
      Fix this by calling aa_put_label() before aa_change_profile() return
      and dropping unnecessary aa_get_current_label().
      
      Fixes: 9fcf78cc ("apparmor: update domain transitions that are subsets of confinement at nnp")
      Signed-off-by: default avatarXiyu Yang <xiyuyang19@fudan.edu.cn>
      Signed-off-by: default avatarXin Tan <tanxin.ctf@gmail.com>
      Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      a0b845ff
  2. 20 May, 2020 6 commits
  3. 19 May, 2020 9 commits
  4. 18 May, 2020 8 commits
    • Ricardo Ribalda Delgado's avatar
      mtd: Fix mtd not registered due to nvmem name collision · 7b01b723
      Ricardo Ribalda Delgado authored
      When the nvmem framework is enabled, a nvmem device is created per mtd
      device/partition.
      
      It is not uncommon that a device can have multiple mtd devices with
      partitions that have the same name. Eg, when there DT overlay is allowed
      and the same device with mtd is attached twice.
      
      Under that circumstances, the mtd fails to register due to a name
      duplication on the nvmem framework.
      
      With this patch we use the mtdX name instead of the partition name,
      which is unique.
      
      [    8.948991] sysfs: cannot create duplicate filename '/bus/nvmem/devices/Production Data'
      [    8.948992] CPU: 7 PID: 246 Comm: systemd-udevd Not tainted 5.5.0-qtec-standard #13
      [    8.948993] Hardware name: AMD Dibbler/Dibbler, BIOS 05.22.04.0019 10/26/2019
      [    8.948994] Call Trace:
      [    8.948996]  dump_stack+0x50/0x70
      [    8.948998]  sysfs_warn_dup.cold+0x17/0x2d
      [    8.949000]  sysfs_do_create_link_sd.isra.0+0xc2/0xd0
      [    8.949002]  bus_add_device+0x74/0x140
      [    8.949004]  device_add+0x34b/0x850
      [    8.949006]  nvmem_register.part.0+0x1bf/0x640
      ...
      [    8.948926] mtd mtd8: Failed to register NVMEM device
      
      Fixes: c4dfa25a ("mtd: add support for reading MTD devices via the nvmem API")
      Signed-off-by: default avatarRicardo Ribalda Delgado <ribalda@kernel.org>
      Acked-by: default avatarMiquel Raynal <miquel.raynal@bootlin.com>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      7b01b723
    • Miquel Raynal's avatar
      mtd: spinand: Propagate ECC information to the MTD structure · 3507273d
      Miquel Raynal authored
      This is done by default in the raw NAND core (nand_base.c) but was
      missing in the SPI-NAND core. Without these two lines the ecc_strength
      and ecc_step_size values are not exported to the user through sysfs.
      
      Fixes: 7529df46 ("mtd: nand: Add core infrastructure to support SPI NANDs")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMiquel Raynal <miquel.raynal@bootlin.com>
      Reviewed-by: default avatarBoris Brezillon <boris.brezillon@collabora.com>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      3507273d
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity · 642b151f
      Linus Torvalds authored
      Pull integrity fixes from Mimi Zohar:
       "A couple of miscellaneous bug fixes for the integrity subsystem:
      
        IMA:
      
         - Properly modify the open flags in order to calculate the file hash.
      
         - On systems requiring the IMA policy to be signed, the policy is
           loaded differently. Don't differentiate between "enforce" and
           either "log" or "fix" modes how the policy is loaded.
      
        EVM:
      
         - Two patches to fix an EVM race condition, normally the result of
           attempting to load an unsupported hash algorithm.
      
         - Use the lockless RCU version for walking an append only list"
      
      * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
        evm: Fix a small race in init_desc()
        evm: Fix RCU list related warnings
        ima: Fix return value of ima_write_policy()
        evm: Check also if *tfm is an error pointer in init_desc()
        ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
      642b151f
    • Linus Torvalds's avatar
      Merge tag 'for-5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat · 45088963
      Linus Torvalds authored
      Pull exfat fixes from Namjae Jeon:
      
       - Fix potential memory leak in exfat_find
      
       - Set exfat's splice_write to iter_file_splice_write to fix a splice
         failure on direct-opened files
      
      * tag 'for-5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat:
        exfat: fix possible memory leak in exfat_find()
        exfat: use iter_file_splice_write
      45088963
    • David Howells's avatar
      afs: Don't unlock fetched data pages until the op completes successfully · 9d1be4f4
      David Howells authored
      Don't call req->page_done() on each page as we finish filling it with
      the data coming from the network.  Whilst this might speed up the
      application a bit, it's a problem if there's a network failure and the
      operation has to be reissued.
      
      If this happens, an oops occurs because afs_readpages_page_done() clears
      the pointer to each page it unlocks and when a retry happens, the
      pointers to the pages it wants to fill are now NULL (and the pages have
      been unlocked anyway).
      
      Instead, wait till the operation completes successfully and only then
      release all the pages after clearing any terminal gap (the server can
      give us less data than we requested as we're allowed to ask for more
      than is available).
      
      KASAN produces a bug like the following, and even without KASAN, it can
      oops and panic.
      
          BUG: KASAN: wild-memory-access in _copy_to_iter+0x323/0x5f4
          Write of size 1404 at addr 0005088000000000 by task md5sum/5235
      
          CPU: 0 PID: 5235 Comm: md5sum Not tainted 5.7.0-rc3-fscache+ #250
          Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
          Call Trace:
           memcpy+0x39/0x58
           _copy_to_iter+0x323/0x5f4
           __skb_datagram_iter+0x89/0x2a6
           skb_copy_datagram_iter+0x129/0x135
           rxrpc_recvmsg_data.isra.0+0x615/0xd42
           rxrpc_kernel_recv_data+0x1e9/0x3ae
           afs_extract_data+0x139/0x33a
           yfs_deliver_fs_fetch_data64+0x47a/0x91b
           afs_deliver_to_call+0x304/0x709
           afs_wait_for_call_to_complete+0x1cc/0x4ad
           yfs_fs_fetch_data+0x279/0x288
           afs_fetch_data+0x1e1/0x38d
           afs_readpages+0x593/0x72e
           read_pages+0xf5/0x21e
           __do_page_cache_readahead+0x128/0x23f
           ondemand_readahead+0x36e/0x37f
           generic_file_buffered_read+0x234/0x680
           new_sync_read+0x109/0x17e
           vfs_read+0xe6/0x138
           ksys_read+0xd8/0x14d
           do_syscall_64+0x6e/0x8a
           entry_SYSCALL_64_after_hwframe+0x49/0xb3
      
      Fixes: 196ee9cd ("afs: Make afs_fs_fetch_data() take a list of pages")
      Fixes: 30062bd1 ("afs: Implement YFS support in the fs client")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-by: default avatarMatthew Wilcox (Oracle) <willy@infradead.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9d1be4f4
    • Rafael J. Wysocki's avatar
      ACPI: EC: PM: Avoid flushing EC work when EC GPE is inactive · 607b9df6
      Rafael J. Wysocki authored
      Flushing the EC work while suspended to idle when the EC GPE status
      is not set causes some EC wakeup events (notably power button and
      lid ones) to be missed after a series of spurious wakeups on the Dell
      XPS13 9360 in my office.
      
      If that happens, the machine cannot be woken up from suspend-to-idle
      by the power button or lid status change and it needs to be woken up
      in some other way (eg. by a key press).
      
      Flushing the EC work only after successful dispatching the EC GPE,
      which means that its status has been set, avoids the issue, so change
      the code in question accordingly.
      
      Fixes: 7b301750 ("ACPI: EC: PM: Avoid premature returns from acpi_s2idle_wake()")
      Cc: 5.4+ <stable@vger.kernel.org> # 5.4+
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      Tested-by: default avatarChris Chiu <chiu@endlessm.com>
      607b9df6
    • Wei Yongjun's avatar
      exfat: fix possible memory leak in exfat_find() · 94182167
      Wei Yongjun authored
      'es' is malloced from exfat_get_dentry_set() in exfat_find() and should
      be freed before leaving from the error handling cases, otherwise it will
      cause memory leak.
      
      Fixes: 5f2aa075 ("exfat: add inode operations")
      Signed-off-by: default avatarWei Yongjun <weiyongjun1@huawei.com>
      Signed-off-by: default avatarNamjae Jeon <namjae.jeon@samsung.com>
      94182167
    • Eric Sandeen's avatar
      exfat: use iter_file_splice_write · 03577948
      Eric Sandeen authored
      Doing copy_file_range() on exfat with a file opened for direct IO leads
      to an -EFAULT:
      
      # xfs_io -f -d -c "truncate 32768" \
             -c "copy_range -d 16384 -l 16384 -f 0" /mnt/test/junk
      copy_range: Bad address
      
      and the reason seems to be that we go through:
      
      default_file_splice_write
       splice_from_pipe
        __splice_from_pipe
         write_pipe_buf
          __kernel_write
           new_sync_write
            generic_file_write_iter
             generic_file_direct_write
              exfat_direct_IO
               do_blockdev_direct_IO
                iov_iter_get_pages
      
      and land in iterate_all_kinds(), which does "return -EFAULT" for our kvec
      iter.
      
      Setting exfat's splice_write to iter_file_splice_write fixes this and lets
      fsx (which originally detected the problem) run to success from
      the xfstests harness.
      Signed-off-by: default avatarEric Sandeen <sandeen@sandeen.net>
      Signed-off-by: default avatarNamjae Jeon <namjae.jeon@samsung.com>
      03577948
  5. 17 May, 2020 11 commits
    • Linus Torvalds's avatar
      Linux 5.7-rc6 · b9bbe6ed
      Linus Torvalds authored
      b9bbe6ed
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.7-2' of git://github.com/cminyard/linux-ipmi · 8feea623
      Linus Torvalds authored
      Pull IPMI update from Corey Minyard:
       "Convert i2c_new_device() to i2c_new_client_device()
      
        Wolfram Sang has asked to have this included in 5.7 so the deprecated
        API can be removed next release. There should be no functional
        difference.
      
        I think that entire this section of code can be removed; it is
        leftover from other things that have since changed, but this is the
        safer thing to do for now. The full removal can happen next release"
      
      * tag 'for-linus-5.7-2' of git://github.com/cminyard/linux-ipmi:
        char: ipmi: convert to use i2c_new_client_device()
      8feea623
    • Richard Weinberger's avatar
      ubi: Fix seq_file usage in detailed_erase_block_info debugfs file · 0e7572cf
      Richard Weinberger authored
      3bfa7e14 ("fs/seq_file.c: seq_read(): add info message about buggy .next functions")
      showed that we don't use seq_file correctly.
      So make sure that our ->next function always updates the position.
      
      Fixes: 7bccd12d ("ubi: Add debugfs file for tracking PEB state")
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      0e7572cf
    • Eric Biggers's avatar
      ubifs: fix wrong use of crypto_shash_descsize() · 3c3c32f8
      Eric Biggers authored
      crypto_shash_descsize() returns the size of the shash_desc context
      needed to compute the hash, not the size of the hash itself.
      
      crypto_shash_digestsize() would be correct, or alternatively using
      c->hash_len and c->hmac_desc_len which already store the correct values.
      But actually it's simpler to just use stack arrays, so do that instead.
      
      Fixes: 49525e5e ("ubifs: Add helper functions for authentication support")
      Fixes: da8ef65f ("ubifs: Authenticate replayed journal")
      Cc: <stable@vger.kernel.org> # v4.20+
      Cc: Sascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Acked-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      3c3c32f8
    • Linus Torvalds's avatar
      Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux · 9b1f2cbd
      Linus Torvalds authored
      Pull clk fixes from Stephen Boyd:
       "Some more clk driver fixes and one core framework fix:
      
         - A handful of TI driver fixes for bad of_node_put() and incorrect
           parent names
      
         - Rockchip rk3228 aclk_gpu* creation was interfering with lima GPU
           work so we use a composite clk now
      
         - Resuming from suspend on Tegra Jetson TK1 was broken because an
           audio PLL calculated an incorrect rate
      
         - A fix for devicetree probing on IM-PD1 by actually specifying a clk
           name which is required to pass clk registration
      
         - Avoid list corruption if registration fails for a critical clk"
      
      * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
        clk: ti: clkctrl: convert subclocks to use proper names also
        clk: ti: am33xx: fix RTC clock parent
        clk: ti: clkctrl: Fix Bad of_node_put within clkctrl_get_name
        clk: tegra: Fix initial rate for pll_a on Tegra124
        clk: impd1: Look up clock-output-names
        clk: Unlink clock if failed to prepare or enable
        clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks
      9b1f2cbd
    • Linus Torvalds's avatar
      Merge tag 'usb-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · fb27bc03
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are a number of USB fixes for 5.7-rc6
      
        The "largest" in here is a bunch of raw-gadget fixes and api changes
        as the driver just showed up in -rc1 and work has been done to fix up
        some uapi issues found with the original submission, before it shows
        up in a -final release.
      
        Other than that, a bunch of other small USB gadget fixes, xhci fixes,
        some quirks, andother tiny fixes for reported issues.
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'usb-5.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (26 commits)
        USB: gadget: fix illegal array access in binding with UDC
        usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B
        USB: usbfs: fix mmap dma mismatch
        usb: host: xhci-plat: keep runtime active when removing host
        usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list
        usb: cdns3: gadget: make a bunch of functions static
        usb: mtu3: constify struct debugfs_reg32
        usb: gadget: udc: atmel: Make some symbols static
        usb: raw-gadget: fix null-ptr-deref when reenabling endpoints
        usb: raw-gadget: documentation updates
        usb: raw-gadget: support stalling/halting/wedging endpoints
        usb: raw-gadget: fix gadget endpoint selection
        usb: raw-gadget: improve uapi headers comments
        usb: typec: mux: intel: Fix DP_HPD_LVL bit field
        usb: raw-gadget: fix return value of ep read ioctls
        usb: dwc3: select USB_ROLE_SWITCH
        usb: gadget: legacy: fix error return code in gncm_bind()
        usb: gadget: legacy: fix error return code in cdc_bind()
        usb: gadget: legacy: fix redundant initialization warnings
        usb: gadget: tegra-xudc: Fix idle suspend/resume
        ...
      fb27bc03
    • Linus Torvalds's avatar
      Merge branch 'exec-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace · b48397cb
      Linus Torvalds authored
      Pull execve fix from Eric Biederman:
       "While working on my exec cleanups I found a bug in exec that I
        introduced by accident a couple of years ago. I apparently missed the
        fact that bprm->file can change.
      
        Now I have a very personal motive to clean up exec and make it more
        approachable.
      
        The change is just moving woud_dump to where it acts on the final
        bprm->file not the initial bprm->file. I have been careful and tested
        and verify this fix works"
      
      * 'exec-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
        exec: Move would_dump into flush_old_exec
      b48397cb
    • Linus Torvalds's avatar
      Merge tag 'objtool-urgent-2020-05-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · ef0d5b91
      Linus Torvalds authored
      Pull x86 stack unwinding fix from Thomas Gleixner:
       "A single bugfix for the ORC unwinder to ensure that the error flag
        which tells the unwinding code whether a stack trace can be trusted or
        not is always set correctly.
      
        This was messed up by a couple of changes in the recent past"
      
      * tag 'objtool-urgent-2020-05-17' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/unwind/orc: Fix error handling in __unwind_start()
      ef0d5b91
    • Linus Torvalds's avatar
      Merge tag 'x86_urgent_for_v5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 43567139
      Linus Torvalds authored
      Pull x86 fix from Borislav Petkov:
       "A single fix for early boot crashes of kernels built with gcc10 and
        stack protector enabled"
      
      * tag 'x86_urgent_for_v5.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86: Fix early boot crash on gcc-10, third try
      43567139
    • Eric W. Biederman's avatar
      exec: Move would_dump into flush_old_exec · f87d1c95
      Eric W. Biederman authored
      I goofed when I added mm->user_ns support to would_dump.  I missed the
      fact that in the case of binfmt_loader, binfmt_em86, binfmt_misc, and
      binfmt_script bprm->file is reassigned.  Which made the move of
      would_dump from setup_new_exec to __do_execve_file before exec_binprm
      incorrect as it can result in would_dump running on the script instead
      of the interpreter of the script.
      
      The net result is that the code stopped making unreadable interpreters
      undumpable.  Which allows them to be ptraced and written to disk
      without special permissions.  Oops.
      
      The move was necessary because the call in set_new_exec was after
      bprm->mm was no longer valid.
      
      To correct this mistake move the misplaced would_dump from
      __do_execve_file into flos_old_exec, before exec_mmap is called.
      
      I tested and confirmed that without this fix I can attach with gdb to
      a script with an unreadable interpreter, and with this fix I can not.
      
      Cc: stable@vger.kernel.org
      Fixes: f84df2a6 ("exec: Ensure mm->user_ns contains the execed files")
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      f87d1c95
    • Linus Torvalds's avatar
      Merge tag '5.7-rc5-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · 5a9ffb95
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Three small cifs/smb3 fixes, one for stable"
      
      * tag '5.7-rc5-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: fix leaked reference on requeued write
        cifs: Fix null pointer check in cifs_read
        CIFS: Spelling s/EACCESS/EACCES/
      5a9ffb95
  6. 16 May, 2020 3 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 5d438e07
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "A new testcase for guest debugging (gdbstub) that exposed a bunch of
        bugs, mostly for AMD processors. And a few other x86 fixes"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
        KVM: x86: Fix pkru save/restore when guest CR4.PKE=0, move it to x86.c
        KVM: SVM: Disable AVIC before setting V_IRQ
        KVM: Introduce kvm_make_all_cpus_request_except()
        KVM: VMX: pass correct DR6 for GD userspace exit
        KVM: x86, SVM: isolate vcpu->arch.dr6 from vmcb->save.dr6
        KVM: SVM: keep DR6 synchronized with vcpu->arch.dr6
        KVM: nSVM: trap #DB and #BP to userspace if guest debugging is on
        KVM: selftests: Add KVM_SET_GUEST_DEBUG test
        KVM: X86: Fix single-step with KVM_SET_GUEST_DEBUG
        KVM: X86: Set RTM for DB_VECTOR too for KVM_EXIT_DEBUG
        KVM: x86: fix DR6 delivery for various cases of #DB injection
        KVM: X86: Declare KVM_CAP_SET_GUEST_DEBUG properly
      5d438e07
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.7-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · befc42e5
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
      
       - A fix for unrecoverable SLB faults in the interrupt exit path,
         introduced by the recent rewrite of interrupt exit in C.
      
       - Four fixes for our KUAP (Kernel Userspace Access Prevention) support
         on 64-bit. These are all fairly minor with the exception of the
         change to evaluate the get/put_user() arguments before we enable user
         access, which reduces the amount of code we run with user access
         enabled.
      
       - A fix for our secure boot IMA rules, if enforcement of module
         signatures is enabled at runtime rather than build time.
      
       - A fix to our 32-bit VDSO clock_getres() which wasn't falling back to
         the syscall for unknown clocks.
      
       - A build fix for CONFIG_PPC_KUAP_DEBUG on 32-bit BookS, and another
         for 40x.
      
      Thanks to: Christophe Leroy, Hugh Dickins, Nicholas Piggin, Aurelien
      Jarno, Mimi Zohar, Nayna Jain.
      
      * tag 'powerpc-5.7-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/40x: Make more space for system call exception
        powerpc/vdso32: Fallback on getres syscall when clock is unknown
        powerpc/32s: Fix build failure with CONFIG_PPC_KUAP_DEBUG
        powerpc/ima: Fix secure boot rules in ima arch policy
        powerpc/64s/kuap: Restore AMR in fast_interrupt_return
        powerpc/64s/kuap: Restore AMR in system reset exception
        powerpc/64/kuap: Move kuap checks out of MSR[RI]=0 regions of exit code
        powerpc/64s: Fix unrecoverable SLB crashes due to preemption check
        powerpc/uaccess: Evaluate macro arguments once, before user access is allowed
      befc42e5
    • Linus Torvalds's avatar
      Merge tag 'csky-for-linus-5.7-rc6' of git://github.com/c-sky/csky-linux · 26b089a7
      Linus Torvalds authored
      Pull csky updates from Guo Ren:
      
       - fix for copy_from/to_user (a hard-to-find bug, thx Viro)
      
       - fix for calltrace panic without FRAME_POINT
      
       - two fixes for perf
      
       - two build fixes
      
       - four fixes for non-fatal bugs (msa, rm dis_irq, cleanup psr,
         gdbmacros.txt)
      
      * tag 'csky-for-linus-5.7-rc6' of git://github.com/c-sky/csky-linux:
        csky: Fixup raw_copy_from_user()
        csky: Fixup gdbmacros.txt with name sp in thread_struct
        csky: Fixup remove unnecessary save/restore PSR code
        csky: Fixup remove duplicate irq_disable
        csky: Fixup calltrace panic
        csky: Fixup perf callchain unwind
        csky: Fixup msa highest 3 bits mask
        csky: Fixup perf probe -x hungup
        csky: Fixup compile error for abiv1 entry.S
        csky/ftrace: Fixup error when disable CONFIG_DYNAMIC_FTRACE
      26b089a7