1. 23 May, 2017 10 commits
    • Daniel Jurgens's avatar
      IB/core: Enforce PKey security on QPs · d291f1a6
      Daniel Jurgens authored
      Add new LSM hooks to allocate and free security contexts and check for
      permission to access a PKey.
      
      Allocate and free a security context when creating and destroying a QP.
      This context is used for controlling access to PKeys.
      
      When a request is made to modify a QP that changes the port, PKey index,
      or alternate path, check that the QP has permission for the PKey in the
      PKey table index on the subnet prefix of the port. If the QP is shared
      make sure all handles to the QP also have access.
      
      Store which port and PKey index a QP is using. After the reset to init
      transition the user can modify the port, PKey index and alternate path
      independently. So port and PKey settings changes can be a merge of the
      previous settings and the new ones.
      
      In order to maintain access control if there are PKey table or subnet
      prefix change keep a list of all QPs are using each PKey index on
      each port. If a change occurs all QPs using that device and port must
      have access enforced for the new cache settings.
      
      These changes add a transaction to the QP modify process. Association
      with the old port and PKey index must be maintained if the modify fails,
      and must be removed if it succeeds. Association with the new port and
      PKey index must be established prior to the modify and removed if the
      modify fails.
      
      1. When a QP is modified to a particular Port, PKey index or alternate
         path insert that QP into the appropriate lists.
      
      2. Check permission to access the new settings.
      
      3. If step 2 grants access attempt to modify the QP.
      
      4a. If steps 2 and 3 succeed remove any prior associations.
      
      4b. If ether fails remove the new setting associations.
      
      If a PKey table or subnet prefix changes walk the list of QPs and
      check that they have permission. If not send the QP to the error state
      and raise a fatal error event. If it's a shared QP make sure all the
      QPs that share the real_qp have permission as well. If the QP that
      owns a security structure is denied access the security structure is
      marked as such and the QP is added to an error_list. Once the moving
      the QP to error is complete the security structure mark is cleared.
      
      Maintaining the lists correctly turns QP destroy into a transaction.
      The hardware driver for the device frees the ib_qp structure, so while
      the destroy is in progress the ib_qp pointer in the ib_qp_security
      struct is undefined. When the destroy process begins the ib_qp_security
      structure is marked as destroying. This prevents any action from being
      taken on the QP pointer. After the QP is destroyed successfully it
      could still listed on an error_list wait for it to be processed by that
      flow before cleaning up the structure.
      
      If the destroy fails the QPs port and PKey settings are reinserted into
      the appropriate lists, the destroying flag is cleared, and access control
      is enforced, in case there were any cache changes during the destroy
      flow.
      
      To keep the security changes isolated a new file is used to hold security
      related functionality.
      Signed-off-by: default avatarDaniel Jurgens <danielj@mellanox.com>
      Acked-by: default avatarDoug Ledford <dledford@redhat.com>
      [PM: merge fixup in ib_verbs.h and uverbs_cmd.c]
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      d291f1a6
    • Daniel Jurgens's avatar
      IB/core: IB cache enhancements to support Infiniband security · 883c71fe
      Daniel Jurgens authored
      Cache the subnet prefix and add a function to access it. Enforcing
      security requires frequent queries of the subnet prefix and the pkeys in
      the pkey table.
      Signed-off-by: default avatarDaniel Jurgens <danielj@mellanox.com>
      Reviewed-by: default avatarEli Cohen <eli@mellanox.com>
      Reviewed-by: default avatarLeon Romanovsky <leonro@mellanox.com>
      Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
      Acked-by: default avatarDoug Ledford <dledford@redhat.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      883c71fe
    • Matthias Kaehlcke's avatar
      selinux: Remove redundant check for unknown labeling behavior · 270e8573
      Matthias Kaehlcke authored
      The check is already performed in ocontext_read() when the policy is
      loaded. Removing the array also fixes the following warning when
      building with clang:
      
      security/selinux/hooks.c:338:20: error: variable 'labeling_behaviors'
          is not needed and will not be emitted
          [-Werror,-Wunneeded-internal-declaration]
      Signed-off-by: default avatarMatthias Kaehlcke <mka@chromium.org>
      Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      270e8573
    • Stephen Smalley's avatar
      selinux: log policy capability state when a policy is loaded · 4dc2fce3
      Stephen Smalley authored
      Log the state of SELinux policy capabilities when a policy is loaded.
      For each policy capability known to the kernel, log the policy capability
      name and the value set in the policy.  For policy capabilities that are
      set in the loaded policy but unknown to the kernel, log the policy
      capability index, since this is the only information presently available
      in the policy.
      
      Sample output with a policy created with a new capability defined
      that is not known to the kernel:
      SELinux:  policy capability network_peer_controls=1
      SELinux:  policy capability open_perms=1
      SELinux:  policy capability extended_socket_class=1
      SELinux:  policy capability always_check_network=0
      SELinux:  policy capability cgroup_seclabel=0
      SELinux:  unknown policy capability 5
      
      Resolves: https://github.com/SELinuxProject/selinux-kernel/issues/32Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      4dc2fce3
    • Stephen Smalley's avatar
      selinux: do not check open permission on sockets · ccb54478
      Stephen Smalley authored
      open permission is currently only defined for files in the kernel
      (COMMON_FILE_PERMS rather than COMMON_FILE_SOCK_PERMS). Construction of
      an artificial test case that tries to open a socket via /proc/pid/fd will
      generate a recvfrom avc denial because recvfrom and open happen to map to
      the same permission bit in socket vs file classes.
      
      open of a socket via /proc/pid/fd is not supported by the kernel regardless
      and will ultimately return ENXIO. But we hit the permission check first and
      can thus produce these odd/misleading denials.  Omit the open check when
      operating on a socket.
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      ccb54478
    • Stephen Smalley's avatar
      selinux: add a map permission check for mmap · 3ba4bf5f
      Stephen Smalley authored
      Add a map permission check on mmap so that we can distinguish memory mapped
      access (since it has different implications for revocation). When a file
      is opened and then read or written via syscalls like read(2)/write(2),
      we revalidate access on each read/write operation via
      selinux_file_permission() and therefore can revoke access if the
      process context, the file context, or the policy changes in such a
      manner that access is no longer allowed. When a file is opened and then
      memory mapped via mmap(2) and then subsequently read or written directly
      in memory, we presently have no way to revalidate or revoke access.
      The purpose of a separate map permission check on mmap(2) is to permit
      policy to prohibit memory mapping of specific files for which we need
      to ensure that every access is revalidated, particularly useful for
      scenarios where we expect the file to be relabeled at runtime in order
      to reflect state changes (e.g. cross-domain solution, assured pipeline
      without data copying).
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      3ba4bf5f
    • Stephen Smalley's avatar
      selinux: only invoke capabilities and selinux for CAP_MAC_ADMIN checks · db59000a
      Stephen Smalley authored
      SELinux uses CAP_MAC_ADMIN to control the ability to get or set a raw,
      uninterpreted security context unknown to the currently loaded security
      policy. When performing these checks, we only want to perform a base
      capabilities check and a SELinux permission check.  If any other
      modules that implement a capable hook are stacked with SELinux, we do
      not want to require them to also have to authorize CAP_MAC_ADMIN,
      since it may have different implications for their security model.
      Rework the CAP_MAC_ADMIN checks within SELinux to only invoke the
      capabilities module and the SELinux permission checking.
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      db59000a
    • Markus Elfring's avatar
      selinux: Return an error code only as a constant in sidtab_insert() · 46be14d2
      Markus Elfring authored
      * Return an error code without storing it in an intermediate variable.
      
      * Delete the local variable "rc" and the jump label "out" which became
        unnecessary with this refactoring.
      Signed-off-by: default avatarMarkus Elfring <elfring@users.sourceforge.net>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      46be14d2
    • Markus Elfring's avatar
      selinux: Return directly after a failed memory allocation in policydb_index() · 62934ffb
      Markus Elfring authored
      Replace five goto statements (and previous variable assignments) by
      direct returns after a memory allocation failure in this function.
      Signed-off-by: default avatarMarkus Elfring <elfring@users.sourceforge.net>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      62934ffb
    • Tetsuo Handa's avatar
      selinux: Use task_alloc hook rather than task_create hook · a79be238
      Tetsuo Handa authored
      This patch is a preparation for getting rid of task_create hook because
      task_alloc hook which can do what task_create hook can do was revived.
      
      Creating a new thread is unlikely prohibited by security policy, for
      fork()/execve()/exit() is fundamental of how processes are managed in
      Unix. If a program is known to create a new thread, it is likely that
      permission to create a new thread is given to that program. Therefore,
      a situation where security_task_create() returns an error is likely that
      the program was exploited and lost control. Even if SELinux failed to
      check permission to create a thread at security_task_create(), SELinux
      can later check it at security_task_alloc(). Since the new thread is not
      yet visible from the rest of the system, nobody can do bad things using
      the new thread. What we waste will be limited to some initialization
      steps such as dup_task_struct(), copy_creds() and audit_alloc() in
      copy_process(). We can tolerate these overhead for unlikely situation.
      
      Therefore, this patch changes SELinux to use task_alloc hook rather than
      task_create hook so that we can remove task_create hook.
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      a79be238
  2. 22 May, 2017 3 commits
    • James Morris's avatar
    • Linus Torvalds's avatar
      Linux 4.12-rc2 · 08332893
      Linus Torvalds authored
      08332893
    • Linus Torvalds's avatar
      x86: fix 32-bit case of __get_user_asm_u64() · 33c9e972
      Linus Torvalds authored
      The code to fetch a 64-bit value from user space was entirely buggered,
      and has been since the code was merged in early 2016 in commit
      b2f68038 ("x86/mm/32: Add support for 64-bit __get_user() on 32-bit
      kernels").
      
      Happily the buggered routine is almost certainly entirely unused, since
      the normal way to access user space memory is just with the non-inlined
      "get_user()", and the inlined version didn't even historically exist.
      
      The normal "get_user()" case is handled by external hand-written asm in
      arch/x86/lib/getuser.S that doesn't have either of these issues.
      
      There were two independent bugs in __get_user_asm_u64():
      
       - it still did the STAC/CLAC user space access marking, even though
         that is now done by the wrapper macros, see commit 11f1a4b9
         ("x86: reorganize SMAP handling in user space accesses").
      
         This didn't result in a semantic error, it just means that the
         inlined optimized version was hugely less efficient than the
         allegedly slower standard version, since the CLAC/STAC overhead is
         quite high on modern Intel CPU's.
      
       - the double register %eax/%edx was marked as an output, but the %eax
         part of it was touched early in the asm, and could thus clobber other
         inputs to the asm that gcc didn't expect it to touch.
      
         In particular, that meant that the generated code could look like
         this:
      
              mov    (%eax),%eax
              mov    0x4(%eax),%edx
      
         where the load of %edx obviously was _supposed_ to be from the 32-bit
         word that followed the source of %eax, but because %eax was
         overwritten by the first instruction, the source of %edx was
         basically random garbage.
      
      The fixes are trivial: remove the extraneous STAC/CLAC entries, and mark
      the 64-bit output as early-clobber to let gcc know that no inputs should
      alias with the output register.
      
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Benjamin LaHaise <bcrl@kvack.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: stable@kernel.org   # v4.8+
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      33c9e972
  3. 21 May, 2017 7 commits
    • Linus Torvalds's avatar
      Clean up x86 unsafe_get/put_user() type handling · 334a023e
      Linus Torvalds authored
      Al noticed that unsafe_put_user() had type problems, and fixed them in
      commit a7cc722f ("fix unsafe_put_user()"), which made me look more
      at those functions.
      
      It turns out that unsafe_get_user() had a type issue too: it limited the
      largest size of the type it could handle to "unsigned long".  Which is
      fine with the current users, but doesn't match our existing normal
      get_user() semantics, which can also handle "u64" even when that does
      not fit in a long.
      
      While at it, also clean up the type cast in unsafe_put_user().  We
      actually want to just make it an assignment to the expected type of the
      pointer, because we actually do want warnings from types that don't
      convert silently.  And it makes the code more readable by not having
      that one very long and complex line.
      
      [ This patch might become stable material if we ever end up back-porting
        any new users of the unsafe uaccess code, but as things stand now this
        doesn't matter for any current existing uses. ]
      
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      334a023e
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · f3926e4c
      Linus Torvalds authored
      Pull misc uaccess fixes from Al Viro:
       "Fix for unsafe_put_user() (no callers currently in mainline, but
        anyone starting to use it will step into that) + alpha osf_wait4()
        infoleak fix"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        osf_wait4(): fix infoleak
        fix unsafe_put_user()
      f3926e4c
    • Linus Torvalds's avatar
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 970c305a
      Linus Torvalds authored
      Pull scheduler fix from Thomas Gleixner:
       "A single scheduler fix:
      
        Prevent idle task from ever being preempted. That makes sure that
        synchronize_rcu_tasks() which is ignoring idle task does not pretend
        that no task is stuck in preempted state. If that happens and idle was
        preempted on a ftrace trampoline the machine crashes due to
        inconsistent state"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/core: Call __schedule() from do_idle() without enabling preemption
      970c305a
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e7a3d627
      Linus Torvalds authored
      Pull irq fixes from Thomas Gleixner:
       "A set of small fixes for the irq subsystem:
      
         - Cure a data ordering problem with chained interrupts
      
         - Three small fixlets for the mbigen irq chip"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        genirq: Fix chained interrupt data ordering
        irqchip/mbigen: Fix the clear register offset calculation
        irqchip/mbigen: Fix potential NULL dereferencing
        irqchip/mbigen: Fix memory mapping code
      e7a3d627
    • Al Viro's avatar
      osf_wait4(): fix infoleak · a8c39544
      Al Viro authored
      failing sys_wait4() won't fill struct rusage...
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      a8c39544
    • Al Viro's avatar
      fix unsafe_put_user() · a7cc722f
      Al Viro authored
      __put_user_size() relies upon its first argument having the same type as what
      the second one points to; the only other user makes sure of that and
      unsafe_put_user() should do the same.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      a7cc722f
    • Linus Torvalds's avatar
      Merge tag 'trace-v4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 56f410cf
      Linus Torvalds authored
      Pull tracing fixes from Steven Rostedt:
      
       - Fix a bug caused by not cleaning up the new instance unique triggers
         when deleting an instance. It also creates a selftest that triggers
         that bug.
      
       - Fix the delayed optimization happening after kprobes boot up self
         tests being removed by freeing of init memory.
      
       - Comment kprobes on why the delay optimization is not a problem for
         removal of modules, to keep other developers from searching that
         riddle.
      
       - Fix another case of rcu not watching in stack trace tracing.
      
      * tag 'trace-v4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracing: Make sure RCU is watching before calling a stack trace
        kprobes: Document how optimized kprobes are removed from module unload
        selftests/ftrace: Add test to remove instance with active event triggers
        selftests/ftrace: Fix bashisms
        ftrace: Remove #ifdef from code and add clear_ftrace_function_probes() stub
        ftrace/instances: Clear function triggers when removing instances
        ftrace: Simplify glob handling in unregister_ftrace_function_probe_func()
        tracing/kprobes: Enforce kprobes teardown after testing
        tracing: Move postpone selftests to core from early_initcall
      56f410cf
  4. 20 May, 2017 16 commits
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · 894e2164
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "A small collection of fixes that should go into this cycle.
      
         - a pull request from Christoph for NVMe, which ended up being
           manually applied to avoid pulling in newer bits in master. Mostly
           fibre channel fixes from James, but also a few fixes from Jon and
           Vijay
      
         - a pull request from Konrad, with just a single fix for xen-blkback
           from Gustavo.
      
         - a fuseblk bdi fix from Jan, fixing a regression in this series with
           the dynamic backing devices.
      
         - a blktrace fix from Shaohua, replacing sscanf() with kstrtoull().
      
         - a request leak fix for drbd from Lars, fixing a regression in the
           last series with the kref changes. This will go to stable as well"
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        nvmet: release the sq ref on rdma read errors
        nvmet-fc: remove target cpu scheduling flag
        nvme-fc: stop queues on error detection
        nvme-fc: require target or discovery role for fc-nvme targets
        nvme-fc: correct port role bits
        nvme: unmap CMB and remove sysfs file in reset path
        blktrace: fix integer parse
        fuseblk: Fix warning in super_setup_bdi_name()
        block: xen-blkback: add null check to avoid null pointer dereference
        drbd: fix request leak introduced by locking/atomic, kref: Kill kref_sub()
      894e2164
    • Vijay Immanuel's avatar
      nvmet: release the sq ref on rdma read errors · 549f01ae
      Vijay Immanuel authored
      On rdma read errors, release the sq ref that was taken
      when the req was initialized. This avoids a hang in
      nvmet_sq_destroy() when the queue is being freed.
      Signed-off-by: default avatarVijay Immanuel <vijayi@attalasystems.com>
      Reviewed-by: default avatarSagi Grimberg <sagi@grimberg.me>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      549f01ae
    • James Smart's avatar
      nvmet-fc: remove target cpu scheduling flag · 4b8ba5fa
      James Smart authored
      Remove NVMET_FCTGTFEAT_NEEDS_CMD_CPUSCHED. It's unnecessary.
      Signed-off-by: default avatarJames Smart <james.smart@broadcom.com>
      Reviewed-by: default avatarJohannes Thumshirn <jthumshirn@suse.de>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      4b8ba5fa
    • James Smart's avatar
      nvme-fc: stop queues on error detection · 2952a879
      James Smart authored
      Per the recommendation by Sagi on:
      http://lists.infradead.org/pipermail/linux-nvme/2017-April/009261.html
      
      Rather than waiting for reset work thread to stop queues and abort the ios,
      immediately stop the queues on error detection. Reset thread will restop
      the queues (as it's called on other paths), but it does not appear to have
      a side effect.
      Signed-off-by: default avatarJames Smart <james.smart@broadcom.com>
      Reviewed-by: default avatarJohannes Thumshirn <jthumshirn@suse.de>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      2952a879
    • James Smart's avatar
      nvme-fc: require target or discovery role for fc-nvme targets · 85e6a6ad
      James Smart authored
      In order to create an association, the remoteport must be
      serving either a target role or a discovery role.
      Signed-off-by: default avatarJames Smart <james.smart@broadcom.com>
      Reviewed-by: default avatarJohannes Thumshirn <jthumshirn@suse.de>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      85e6a6ad
    • James Smart's avatar
      nvme-fc: correct port role bits · 41231090
      James Smart authored
      FC Port roles is a bit mask, not individual values.
      Correct nvme definitions to unique bits.
      Signed-off-by: default avatarJames Smart <james.smart@broadcom.com>
      Reviewed-by: default avatarJohannes Thumshirn <jthumshirn@suse.de>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      41231090
    • Jon Derrick's avatar
      nvme: unmap CMB and remove sysfs file in reset path · f63572df
      Jon Derrick authored
      CMB doesn't get unmapped until removal while getting remapped on every
      reset. Add the unmapping and sysfs file removal to the reset path in
      nvme_pci_disable to match the mapping path in nvme_pci_enable.
      
      Fixes: 202021c1 ("nvme : Add sysfs entry for NVMe CMBs when appropriate")
      Signed-off-by: default avatarJon Derrick <jonathan.derrick@intel.com>
      Acked-by: default avatarKeith Busch <keith.busch@intel.com>
      Reviewed-By: default avatarStephen Bates <sbates@raithlin.com>
      Cc: <stable@vger.kernel.org> # 4.9+
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      f63572df
    • Linus Torvalds's avatar
      Merge tag 'staging-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · ef82f1ad
      Linus Torvalds authored
      Pull staging driver fixes from Greg KH:
       "Here are a number of staging driver fixes for 4.12-rc2
      
        Most of them are typec driver fixes found by reviewers and users of
        the code. There are also some removals of files no longer needed in
        the tree due to the ion driver rewrite in 4.12-rc1, as well as some
        wifi driver fixes. And to round it out, a MAINTAINERS file update.
      
        All have been in linux-next with no reported issues"
      
      * tag 'staging-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (22 commits)
        MAINTAINERS: greybus-dev list is members-only
        staging: fsl-dpaa2/eth: add ETHERNET dependency
        staging: typec: fusb302: refactor resume retry mechanism
        staging: typec: fusb302: reset i2c_busy state in error
        staging: rtl8723bs: remove re-positioned call to kfree in os_dep/ioctl_cfg80211.c
        staging: rtl8192e: GetTs Fix invalid TID 7 warning.
        staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of EPROM_CMD.
        staging: rtl8192e: fix 2 byte alignment of register BSSIDR.
        staging: rtl8192e: rtl92e_fill_tx_desc fix write to mapped out memory.
        staging: vc04_services: Fix bulk cache maintenance
        staging: ccree: remove extraneous spin_unlock_bh() in error handler
        staging: typec: Fix sparse warnings about incorrect types
        staging: typec: fusb302: do not free gpio from managed resource
        staging: typec: tcpm: Fix Port Power Role field in PS_RDY messages
        staging: typec: tcpm: Respond to Discover Identity commands
        staging: typec: tcpm: Set correct flags in PD request messages
        staging: typec: tcpm: Drop duplicate PD messages
        staging: typec: fusb302: Fix chip->vbus_present init value
        staging: typec: fusb302: Fix module autoload
        staging: typec: tcpci: declare private structure as static
        ...
      ef82f1ad
    • Linus Torvalds's avatar
      Merge tag 'usb-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 32026293
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are a number of small USB fixes for 4.12-rc2
      
        Most of them come from Johan, in his valiant quest to fix up all
        drivers that could be affected by "malicious" USB devices. There's
        also some fixes for more "obscure" drivers to handle some of the
        vmalloc stack fallout (which for USB drivers, was always the case, but
        very few people actually ran those systems...)
      
        Other than that, the normal set of xhci and gadget and musb driver
        fixes as well.
      
        All have been in linux-next with no reported issues"
      
      * tag 'usb-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (42 commits)
        usb: musb: tusb6010_omap: Do not reset the other direction's packet size
        usb: musb: Fix trying to suspend while active for OTG configurations
        usb: host: xhci-plat: propagate return value of platform_get_irq()
        xhci: Fix command ring stop regression in 4.11
        xhci: remove GFP_DMA flag from allocation
        USB: xhci: fix lock-inversion problem
        usb: host: xhci-ring: don't need to clear interrupt pending for MSI enabled hcd
        usb: host: xhci-mem: allocate zeroed Scratchpad Buffer
        xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton
        usb: xhci: trace URB before giving it back instead of after
        USB: serial: qcserial: add more Lenovo EM74xx device IDs
        USB: host: xhci: use max-port define
        USB: hub: fix SS max number of ports
        USB: hub: fix non-SS hub-descriptor handling
        USB: hub: fix SS hub-descriptor handling
        USB: usbip: fix nonconforming hub descriptor
        USB: gadget: dummy_hcd: fix hub-descriptor removable fields
        doc-rst: fixed kernel-doc directives in usb/typec.rst
        USB: core: of: document reference taken by companion helper
        USB: ehci-platform: fix companion-device leak
        ...
      32026293
    • Linus Torvalds's avatar
      Merge tag 'char-misc-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 331da109
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are five small bugfixes for reported issues with 4.12-rc1 and
        earlier kernels. Nothing huge here, just a lp, mem, vpd, and uio
        driver fix, along with a Kconfig fixup for one of the misc drivers.
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'char-misc-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        firmware: Google VPD: Fix memory allocation error handling
        drivers: char: mem: Check for address space wraparound with mmap()
        uio: fix incorrect memory leak cleanup
        misc: pci_endpoint_test: select CRC32
        char: lp: fix possible integer overflow in lp_setup()
      331da109
    • Linus Torvalds's avatar
      Merge git://www.linux-watchdog.org/linux-watchdog · ec53c027
      Linus Torvalds authored
      Pull watchdog fixes from Wim Van Sebroeck:
       - orion_wdt compile-test dependencies
       - sama5d4_wdt: WDDIS handling and a race confition
       - pcwd_usb: fix NULL-deref at probe
       - cadence_wdt: fix timeout setting
       - wdt_pci: fix build error if SOFTWARE_REBOOT is defined
       - iTCO_wdt: all versions count down twice
       - zx2967: remove redundant dev_err call in zx2967_wdt_probe()
       - bcm281xx: Fix use of uninitialized spinlock
      
      * git://www.linux-watchdog.org/linux-watchdog:
        watchdog: bcm281xx: Fix use of uninitialized spinlock.
        watchdog: zx2967: remove redundant dev_err call in zx2967_wdt_probe()
        iTCO_wdt: all versions count down twice
        watchdog: wdt_pci: fix build error if define SOFTWARE_REBOOT
        watchdog: cadence_wdt: fix timeout setting
        watchdog: pcwd_usb: fix NULL-deref at probe
        watchdog: sama5d4: fix race condition
        watchdog: sama5d4: fix WDDIS handling
        watchdog: orion: fix compile-test dependencies
      ec53c027
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-for-v4.12-rc2' of git://people.freedesktop.org/~airlied/linux · cf80a6fb
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Mostly nouveau and i915, fairly quiet as usual for rc2"
      
      * tag 'drm-fixes-for-v4.12-rc2' of git://people.freedesktop.org/~airlied/linux:
        drm/atmel-hlcdc: Fix output initialization
        gpu: host1x: select IOMMU_IOVA
        drm/nouveau/fifo/gk104-: Silence a locking warning
        drm/nouveau/secboot: plug memory leak in ls_ucode_img_load_gr() error path
        drm/nouveau: Fix drm poll_helper handling
        drm/i915: don't do allocate_va_range again on PIN_UPDATE
        drm/i915: Fix rawclk readout for g4x
        drm/i915: Fix runtime PM for LPE audio
        drm/i915/glk: Fix DSI "*ERROR* ULPS is still active" messages
        drm/i915/gvt: avoid unnecessary vgpu switch
        drm/i915/gvt: not to restore in-context mmio
        drm/etnaviv: don't put fence in case of submit failure
        drm/i915/gvt: fix typo: "supporte" -> "support"
        drm: hdlcd: Fix the calculation of the scanout start address
      cf80a6fb
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 6fe1de43
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "This is the first sweep of mostly minor fixes. There's one security
        one: the read past the end of a buffer in qedf, and a panic fix for
        lpfc SLI-3 adapters, but the rest are a set of include and build
        dependency tidy ups and assorted other small fixes and updates"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: pmcraid: remove redundant check to see if request_size is less than zero
        scsi: lpfc: ensure els_wq is being checked before destroying it
        scsi: cxlflash: Select IRQ_POLL
        scsi: qedf: Avoid reading past end of buffer
        scsi: qedf: Cleanup the type of io_log->op
        scsi: lpfc: double lock typo in lpfc_ns_rsp()
        scsi: qedf: properly update arguments position in function call
        scsi: scsi_lib: Add #include <scsi/scsi_transport.h>
        scsi: MAINTAINERS: update OSD entries
        scsi: Skip deleted devices in __scsi_device_lookup
        scsi: lpfc: Fix panic on BFS configuration
        scsi: libfc: do not flood console with messages 'libfc: queue full ...'
      6fe1de43
    • Linus Torvalds's avatar
      Merge branch 'libnvdimm-for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · 8c3fc164
      Linus Torvalds authored
      Pull libnvdimm fixes from Dan Williams:
       "A couple of compile fixes.
      
        With the removal of the ->direct_access() method from
        block_device_operations in favor of a new dax_device + dax_operations
        we broke two configurations.
      
        The CONFIG_BLOCK=n case is fixed by compiling out the block+dax
        helpers in the dax core. Configurations with FS_DAX=n EXT4=y / XFS=y
        and DAX=m fail due to the helpers the builtin filesystem needs being
        in a module, so we stub out the helpers in the FS_DAX=n case."
      
      * 'libnvdimm-for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        dax, xfs, ext4: compile out iomap-dax paths in the FS_DAX=n case
        dax: fix false CONFIG_BLOCK dependency
      8c3fc164
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 0bdc6fd2
      Linus Torvalds authored
      Pull i2c fix from Wolfram Sang:
       "A regression fix for I2C that would be great to have in rc2"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: designware: don't infer timings described by ACPI from clock rate
      0bdc6fd2
    • Linus Torvalds's avatar
      Merge tag 'iommu-fixes-v4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · d4c6cd15
      Linus Torvalds authored
      Pull IOMMU fixes from Joerg Roedel:
      
       - another compile-fix as a fallout of the recent header-file cleanup
      
       - add a missing IO/TLB flush to the Intel VT-d kdump code path
      
       - a fix for ARM64 dma code to only access initialized iova_domain
         members
      
      * tag 'iommu-fixes-v4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
        iommu/mediatek: Include linux/dma-mapping.h
        iommu/vt-d: Flush the IOTLB to get rid of the initial kdump mappings
        iommu/dma: Don't touch invalid iova_domain members
      d4c6cd15
  5. 19 May, 2017 4 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 4217fdde
      Linus Torvalds authored
      Pull KVM fixes from Radim Krčmář:
       "ARM:
         - a fix for a build failure introduced in -rc1 when tracepoints are
           enabled on 32-bit ARM.
      
         - disable use of stack pointer protection in the hyp code which can
           cause panics.
      
         - a handful of VGIC fixes.
      
         - a fix to the init of the redistributors on GICv3 systems that
           prevented boot with kvmtool on GICv3 systems introduced in -rc1.
      
         - a number of race conditions fixed in our MMU handling code.
      
         - a fix for the guest being able to program the debug extensions for
           the host on the 32-bit side.
      
        PPC:
         - fixes for build failures with PR KVM configurations.
      
         - a fix for a host crash that can occur on POWER9 with radix guests.
      
        x86:
         - fixes for nested PML and nested EPT.
      
         - a fix for crashes caused by reserved bits in SSE MXCSR that could
           have been set by userspace.
      
         - an optimization of halt polling that fixes high CPU overhead.
      
         - fixes for four reports from Dan Carpenter's static checker.
      
         - a protection around code that shouldn't have been preemptible.
      
         - a fix for port IO emulation"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (27 commits)
        KVM: x86: prevent uninitialized variable warning in check_svme()
        KVM: x86/vPMU: fix undefined shift in intel_pmu_refresh()
        KVM: x86: zero base3 of unusable segments
        KVM: X86: Fix read out-of-bounds vulnerability in kvm pio emulation
        KVM: x86: Fix potential preemption when get the current kvmclock timestamp
        KVM: Silence underflow warning in avic_get_physical_id_entry()
        KVM: arm/arm64: Hold slots_lock when unregistering kvm io bus devices
        KVM: arm/arm64: Fix bug when registering redist iodevs
        KVM: x86: lower default for halt_poll_ns
        kvm: arm/arm64: Fix use after free of stage2 page table
        kvm: arm/arm64: Force reading uncached stage2 PGD
        KVM: nVMX: fix EPT permissions as reported in exit qualification
        KVM: VMX: Don't enable EPT A/D feature if EPT feature is disabled
        KVM: x86: Fix load damaged SSEx MXCSR register
        kvm: nVMX: off by one in vmx_write_pml_buffer()
        KVM: arm: rename pm_fake handler to trap_raz_wi
        KVM: arm: plug potential guest hardware debug leakage
        kvm: arm/arm64: Fix race in resetting stage2 PGD
        KVM: arm/arm64: vgic-v3: Use PREbits to infer the number of ICH_APxRn_EL2 registers
        KVM: arm/arm64: vgic-v3: Do not use Active+Pending state for a HW interrupt
        ...
      4217fdde
    • Linus Torvalds's avatar
      Merge tag 'for-linus-4.12b-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 9e856e4b
      Linus Torvalds authored
      Pull xen fixes from Juergen Gross:
       "Some fixes for the new Xen 9pfs frontend and some minor cleanups"
      
      * tag 'for-linus-4.12b-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen: make xen_flush_tlb_all() static
        xen: cleanup pvh leftovers from pv-only sources
        xen/9pfs: p9_trans_xen_init and p9_trans_xen_exit can be static
        xen/9pfs: fix return value check in xen_9pfs_front_probe()
      9e856e4b
    • Linus Torvalds's avatar
      Merge tag 'devicetree-fixes-for-4.12' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · 1fbbed41
      Linus Torvalds authored
      Pull DeviceTree fixes from Rob Herring:
      
       - fix missing allocation failure handling in fdt code
      
       - fix dtc compile error on 32-bit hosts
      
       - revert bad sparse changes causing GCC7 warnings
      
      * tag 'devicetree-fixes-for-4.12' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
        of: fdt: add missing allocation-failure check
        dtc: check.c fix compile error
        Partially Revert "of: fix sparse warnings in fdt, irq, reserved mem, and resolver code"
      1fbbed41
    • Linus Torvalds's avatar
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · f538a82c
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "We had a small batch of fixes before -rc1, but here is a larger one.
        It contains a backmerge of 4.12-rc1 since some of the downstream
        branches we merge had that as base; at the same time we already had
        merged contents before -rc1 and rebase wasn't the right solution.
      
        A mix of random smaller fixes and a few things worth pointing out:
      
         - We've started telling people to avoid cross-tree shared branches if
           all they're doing is picking up one or two DT-used constants from a
           shared include file, and instead to use the numeric values on first
           submission. Follow-up moving over to symbolic names are sent in
           right after -rc1, i.e. here. It's only a few minor patches of this
           type.
      
         - Linus Walleij and others are resurrecting the 'Gemini' platform,
           and wanted a cut-down platform-specific defconfig for it. So I
           picked that up for them.
      
         - Rob Herring ran 'savedefconfig' on arm64, it's a bit churny but it
           helps people to prepare patches since it's a pain when defconfig
           and current savedefconfig contents differs too much.
      
         - Devicetree additions for some pinctrl drivers for Armada that were
           merged this window. I'd have preferred to see those earlier but
           it's not a huge deail.
      
        The biggest change worth pointing out though since it's touching other
        parts of the tree: We added prefixes to be used when cross-including
        DT contents between arm64 and arm, allowing someone to #include
        <arm/foo.dtsi> from arm64, and likewise. As part of that, we needed
        arm/foo.dtsi to work on arm as well. The way I suggested this to Heiko
        resulted in a recursive symlink.
      
        Instead, I've now moved it out of arch/*/boot/dts/include, into a
        shared location under scripts/dtc. While I was at it, I consolidated
        so all architectures now behave the same way in this manner.
      
        Rob Herring (DT maintainer) has acked it. I cc:d most other arch
        maintainers but nobody seems to care much; it doesn't really affect
        them since functionality is unchanged for them by default"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (29 commits)
        arm64: dts: rockchip: fix include reference
        firmware: ti_sci: fix strncat length check
        ARM: remove duplicate 'const' annotations'
        arm64: defconfig: enable options needed for QCom DB410c board
        arm64: defconfig: sync with savedefconfig
        ARM: configs: add a gemini defconfig
        devicetree: Move include prefixes from arch to separate directory
        ARM: dts: dra7: Reduce cpu thermal shutdown temperature
        memory: omap-gpmc: Fix debug output for access width
        ARM: dts: LogicPD Torpedo: Fix camera pin mux
        ARM: dts: omap4: enable CEC pin for Pandaboard A4 and ES
        ARM: dts: gta04: fix polarity of clocks for mcbsp4
        ARM: dts: dra7: Add power hold and power controller properties to palmas
        soc: imx: add PM dependency for IMX7_PM_DOMAINS
        ARM: dts: imx6sx-sdb: Remove OPP override
        ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin
        soc: bcm: brcmstb: Correctly match 7435 SoC
        tee: add ARM_SMCCC dependency
        ARM: omap2+: make omap4_get_cpu1_ns_pa_addr declaration usable
        ARM64: dts: mediatek: configure some fixed mmc parameters
        ...
      f538a82c