1. 08 Mar, 2018 2 commits
    • Ard Biesheuvel's avatar
      arm64/kernel: kaslr: reduce module randomization range to 4 GB · f2b9ba87
      Ard Biesheuvel authored
      We currently have to rely on the GCC large code model for KASLR for
      two distinct but related reasons:
      - if we enable full randomization, modules will be loaded very far away
        from the core kernel, where they are out of range for ADRP instructions,
      - even without full randomization, the fact that the 128 MB module region
        is now no longer fully reserved for kernel modules means that there is
        a very low likelihood that the normal bottom-up allocation of other
        vmalloc regions may collide, and use up the range for other things.
      
      Large model code is suboptimal, given that each symbol reference involves
      a literal load that goes through the D-cache, reducing cache utilization.
      But more importantly, literals are not instructions but part of .text
      nonetheless, and hence mapped with executable permissions.
      
      So let's get rid of our dependency on the large model for KASLR, by:
      - reducing the full randomization range to 4 GB, thereby ensuring that
        ADRP references between modules and the kernel are always in range,
      - reduce the spillover range to 4 GB as well, so that we fallback to a
        region that is still guaranteed to be in range
      - move the randomization window of the core kernel to the middle of the
        VMALLOC space
      
      Note that KASAN always uses the module region outside of the vmalloc space,
      so keep the kernel close to that if KASAN is enabled.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      f2b9ba87
    • Ard Biesheuvel's avatar
      arm64: module: don't BUG when exceeding preallocated PLT count · 5e8307b9
      Ard Biesheuvel authored
      When PLTs are emitted at relocation time, we really should not exceed
      the number that we counted when parsing the relocation tables, and so
      currently, we BUG() on this condition. However, even though this is a
      clear bug in this particular piece of code, we can easily recover by
      failing to load the module.
      
      So instead, return 0 from module_emit_plt_entry() if this condition
      occurs, which is not a valid kernel address, and can hence serve as
      a flag value that makes the relocation routine bail out.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      5e8307b9
  2. 06 Mar, 2018 15 commits
  3. 05 Mar, 2018 4 commits
  4. 26 Feb, 2018 6 commits
  5. 25 Feb, 2018 2 commits
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-4.16-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · c89be524
      Linus Torvalds authored
      Pull NFS client bugfixes from Trond Myklebust:
      
       - fix a broken cast in nfs4_callback_recallany()
      
       - fix an Oops during NFSv4 migration events
      
       - make struct nlmclnt_fl_close_lock_ops static
      
      * tag 'nfs-for-4.16-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        NFS: make struct nlmclnt_fl_close_lock_ops static
        nfs: system crashes after NFS4ERR_MOVED recovery
        NFSv4: Fix broken cast in nfs4_callback_recallany()
      c89be524
    • Linus Torvalds's avatar
      Merge tag 'powerpc-4.16-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 3664ce2d
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
      
       - Add handling for a missing instruction in our 32-bit BPF JIT so that
         it can be used for seccomp filtering.
      
       - Add a missing NULL pointer check before a function call in new EEH
         code.
      
       - Fix an error path in the new ocxl driver to correctly return EFAULT.
      
       - The support for the new ibm,drc-info device tree property turns out
         to need several fixes, so for now we just stop advertising to
         firmware that we support it until the bugs can be ironed out.
      
       - One fix for the new drmem code which was incorrectly modifying the
         device tree in place.
      
       - Finally two fixes for the RFI flush support, so that firmware can
         advertise to us that it should be disabled entirely so as not to
         affect performance.
      
      Thanks to: Bharata B Rao, Frederic Barrat, Juan J. Alvarez, Mark Lord,
      Michael Bringmann.
      
      * tag 'powerpc-4.16-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/powernv: Support firmware disable of RFI flush
        powerpc/pseries: Support firmware disable of RFI flush
        powerpc/mm/drmem: Fix unexpected flag value in ibm,dynamic-memory-v2
        powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
        powerpc/pseries: Revert support for ibm,drc-info devtree property
        powerpc/pseries: Fix duplicate firmware feature for DRC_INFO
        ocxl: Fix potential bad errno on irq allocation
        powerpc/eeh: Fix crashes in eeh_report_resume()
      3664ce2d
  6. 23 Feb, 2018 11 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 9cb9c07d
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix TTL offset calculation in mac80211 mesh code, from Peter Oh.
      
       2) Fix races with procfs in ipt_CLUSTERIP, from Cong Wang.
      
       3) Memory leak fix in lpm_trie BPF map code, from Yonghong Song.
      
       4) Need to use GFP_ATOMIC in BPF cpumap allocations, from Jason Wang.
      
       5) Fix potential deadlocks in netfilter getsockopt() code paths, from
          Paolo Abeni.
      
       6) Netfilter stackpointer size checks really are needed to validate
          user input, from Florian Westphal.
      
       7) Missing timer init in x_tables, from Paolo Abeni.
      
       8) Don't use WQ_MEM_RECLAIM in mac80211 hwsim, from Johannes Berg.
      
       9) When an ibmvnic device is brought down then back up again, it can be
          sent queue entries from a previous session, handle this properly
          instead of crashing. From Thomas Falcon.
      
      10) Fix TCP checksum on LRO buffers in mlx5e, from Gal Pressman.
      
      11) When we are dumping filters in cls_api, the output SKB is empty, and
          the filter we are dumping is too large for the space in the SKB, we
          should return -EMSGSIZE like other netlink dump operations do.
          Otherwise userland has no signal that is needs to increase the size
          of its read buffer. From Roman Kapl.
      
      12) Several XDP fixes for virtio_net, from Jesper Dangaard Brouer.
      
      13) Module refcount leak in netlink when a dump start fails, from Jason
          Donenfeld.
      
      14) Handle sub-optimal GSO sizes better in TCP BBR congestion control,
          from Eric Dumazet.
      
      15) Releasing bpf per-cpu arraymaps can take a long time, add a
          condtional scheduling point. From Eric Dumazet.
      
      16) Implement retpolines for tail calls in x64 and arm64 bpf JITs. From
          Daniel Borkmann.
      
      17) Fix page leak in gianfar driver, from Andy Spencer.
      
      18) Missed clearing of estimator scratch buffer, from Eric Dumazet.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (76 commits)
        net_sched: gen_estimator: fix broken estimators based on percpu stats
        gianfar: simplify FCS handling and fix memory leak
        ipv6 sit: work around bogus gcc-8 -Wrestrict warning
        macvlan: fix use-after-free in macvlan_common_newlink()
        bpf, arm64: fix out of bounds access in tail call
        bpf, x64: implement retpoline for tail call
        rxrpc: Fix send in rxrpc_send_data_packet()
        net: aquantia: Fix error handling in aq_pci_probe()
        bpf: fix rcu lockdep warning for lpm_trie map_free callback
        bpf: add schedule points in percpu arrays management
        regulatory: add NUL to request alpha2
        ibmvnic: Fix early release of login buffer
        net/smc9194: Remove bogus CONFIG_MAC reference
        net: ipv4: Set addr_type in hash_keys for forwarded case
        tcp_bbr: better deal with suboptimal GSO
        smsc75xx: fix smsc75xx_set_features()
        netlink: put module reference if dump start fails
        selftests/bpf/test_maps: exit child process without error in ENOMEM case
        selftests/bpf: update gitignore with test_libbpf_open
        selftests/bpf: tcpbpf_kern: use in6_* macros from glibc
        ..
      9cb9c07d
    • Linus Torvalds's avatar
      Merge branch 'fixes-v4.16-rc3' of... · 2eb02aa9
      Linus Torvalds authored
      Merge branch 'fixes-v4.16-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
      
      Pull security subsystem fixes from James Morris:
      
       - keys fixes via David Howells:
            "A collection of fixes for Linux keyrings, mostly thanks to Eric
             Biggers:
      
              - Fix some PKCS#7 verification issues.
      
              - Fix handling of unsupported crypto in X.509.
      
              - Fix too-large allocation in big_key"
      
       - Seccomp updates via Kees Cook:
            "These are fixes for the get_metadata interface that landed during
             -rc1. While the new selftest is strictly not a bug fix, I think
             it's in the same spirit of avoiding bugs"
      
       - an IMA build fix from Randy Dunlap
      
      * 'fixes-v4.16-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        integrity/security: fix digsig.c build error with header file
        KEYS: Use individual pages in big_key for crypto buffers
        X.509: fix NULL dereference when restricting key with unsupported_sig
        X.509: fix BUG_ON() when hash algorithm is unsupported
        PKCS#7: fix direct verification of SignerInfo signature
        PKCS#7: fix certificate blacklisting
        PKCS#7: fix certificate chain verification
        seccomp: add a selftest for get_metadata
        ptrace, seccomp: tweak get_metadata behavior slightly
        seccomp, ptrace: switch get_metadata types to arch independent
      2eb02aa9
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 65738c6b
      Linus Torvalds authored
      Pull arm64 fixes from Catalin Marinas:
       "arm64 and perf fixes:
      
         - build error when accessing MPIDR_HWID_BITMASK from .S
      
         - fix CTR_EL0 field definitions
      
         - remove/disable some kernel messages on user faults (unhandled
           signals, unimplemented syscalls)
      
         - fix kernel page fault in unwind_frame() with function graph tracing
      
         - fix perf sleeping while atomic errors when booting with ACPI"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: fix unwind_frame() for filtered out fn for function graph tracing
        arm64: Enforce BBM for huge IO/VMAP mappings
        arm64: perf: correct PMUVer probing
        arm_pmu: acpi: request IRQs up-front
        arm_pmu: note IRQs and PMUs per-cpu
        arm_pmu: explicitly enable/disable SPIs at hotplug
        arm_pmu: acpi: check for mismatched PPIs
        arm_pmu: add armpmu_alloc_atomic()
        arm_pmu: fold platform helpers into platform code
        arm_pmu: kill arm_pmu_platdata
        ARM: ux500: remove PMU IRQ bouncer
        arm64: __show_regs: Only resolve kernel symbols when running at EL1
        arm64: Remove unimplemented syscall log message
        arm64: Disable unhandled signal log messages by default
        arm64: cpufeature: Fix CTR_EL0 field definitions
        arm64: uaccess: Formalise types for access_ok()
        arm64: Fix compilation error while accessing MPIDR_HWID_BITMASK from .S files
      65738c6b
    • Linus Torvalds's avatar
      Merge tag 'mips_fixes_4.16_3' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips · 2bd06ce7
      Linus Torvalds authored
      Pull MIPS fix from James Hogan:
       "A single MIPS fix for mismatching struct compat_flock, resulting in
        bus errors starting Firefox on Debian 8 since 4.13"
      
      * tag 'mips_fixes_4.16_3' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips:
        MIPS: Drop spurious __unused in struct compat_flock
      2bd06ce7
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk · 13f514be
      Linus Torvalds authored
      Pull printk fixlet from Petr Mladek:
       "People expect to see the real pointer value for %px.
      
        Let's substitute '(null)' only for the other %p? format modifiers that
        need to deference the pointer"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
        vsprintf: avoid misleading "(null)" for %px
      13f514be
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 938e1426
      Linus Torvalds authored
      Pull i2c fixes from Wolfram Sang:
       "Two bugfixes, one v4.16 regression fix, and two documentation fixes"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: designware: Consider SCL GPIO optional
        i2c: busses: i2c-sirf: Fix spelling: "formular" -> "formula".
        i2c: bcm2835: Set up the rising/falling edge delays
        i2c: i801: Add missing documentation entries for Braswell and Kaby Lake
        i2c: designware: must wait for enable
      938e1426
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 170e07bf
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "These are mostly fixes for problems with merge window code.
      
        In addition we have one doc update (alua) and two dead code removals
        (aiclib and octogon) a spurious assignment removal (csiostor) and a
        performance improvement for storvsc involving better interrupt
        spreading and increasing the command per lun handling"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: qla4xxx: skip error recovery in case of register disconnect.
        scsi: aacraid: fix shutdown crash when init fails
        scsi: qedi: Cleanup local str variable
        scsi: qedi: Fix truncation of CHAP name and secret
        scsi: qla2xxx: Fix incorrect handle for abort IOCB
        scsi: qla2xxx: Fix double free bug after firmware timeout
        scsi: storvsc: Increase cmd_per_lun for higher speed devices
        scsi: qla2xxx: Fix a locking imbalance in qlt_24xx_handle_els()
        scsi: scsi_dh: Document alua_rtpg_queue() arguments
        scsi: Remove Makefile entry for oktagon files
        scsi: aic7xxx: remove aiclib.c
        scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion()
        scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
        scsi: sym53c8xx_2: iterator underflow in sym_getsync()
        scsi: bnx2fc: Fix check in SCSI completion handler for timed out request
        scsi: csiostor: remove redundant assignment to pointer 'ln'
        scsi: ufs: Enable quirk to ignore sending WRITE_SAME command
        scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info
        scsi: qla2xxx: Fix memory corruption during hba reset test
        scsi: mpt3sas: fix an out of bound write
      170e07bf
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-for-v4.16-rc3' of git://people.freedesktop.org/~airlied/linux · 8961ca44
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "A bunch of fixes for rc3:
      
        Exynos:
         - fixes for using monotonic timestamps
         - register definitions
         - removal of unused file
      
        ipu-v3L
         - minor changes
         - make some register arrays const+static
         - fix some leaks
      
        meson:
         - fix for vsync
      
        atomic:
         - fix for memory leak
      
        EDID parser:
         - add quirks for some more non-desktop devices
         - 6-bit panel fix.
      
        drm_mm:
         - fix a bug in the core drm mm hole handling
      
        cirrus:
         - fix lut loading regression
      
        Lastly there is a deadlock fix around runtime suspend for secondary
        GPUs.
      
        There was a deadlock between one thread trying to wait for a workqueue
        job to finish in the runtime suspend path, and the workqueue job it
        was waiting for in turn waiting for a runtime_get_sync to return.
      
        The fixes avoids it by not doing the runtime sync in the workqueue as
        then we always wait for all those tasks to complete before we runtime
        suspend"
      
      * tag 'drm-fixes-for-v4.16-rc3' of git://people.freedesktop.org/~airlied/linux: (25 commits)
        drm/tve200: fix kernel-doc documentation comment include
        drm/edid: quirk Sony PlayStation VR headset as non-desktop
        drm/edid: quirk Windows Mixed Reality headsets as non-desktop
        drm/edid: quirk Oculus Rift headsets as non-desktop
        drm/meson: fix vsync buffer update
        drm: Handle unexpected holes in color-eviction
        drm: exynos: Use proper macro definition for HDMI_I2S_PIN_SEL_1
        drm/exynos: remove exynos_drm_rotator.h
        drm/exynos: g2d: Delete an error message for a failed memory allocation in two functions
        drm/exynos: fix comparison to bitshift when dealing with a mask
        drm/exynos: g2d: use monotonic timestamps
        drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA
        gpu: ipu-csi: add 10/12-bit grayscale support to mbus_code_to_bus_cfg
        gpu: ipu-cpmem: add 16-bit grayscale support to ipu_cpmem_set_image
        gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle
        gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle
        drm/amdgpu: Fix deadlock on runtime suspend
        drm/radeon: Fix deadlock on runtime suspend
        drm/nouveau: Fix deadlock on runtime suspend
        drm: Allow determining if current task is output poll worker
        ...
      8961ca44
    • Eric Dumazet's avatar
      net_sched: gen_estimator: fix broken estimators based on percpu stats · a5f7add3
      Eric Dumazet authored
      pfifo_fast got percpu stats lately, uncovering a bug I introduced last
      year in linux-4.10.
      
      I missed the fact that we have to clear our temporary storage
      before calling __gnet_stats_copy_basic() in the case of percpu stats.
      
      Without this fix, rate estimators (tc qd replace dev xxx root est 1sec
      4sec pfifo_fast) are utterly broken.
      
      Fixes: 1c0d32fd ("net_sched: gen_estimator: complete rewrite of rate estimators")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a5f7add3
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · 22170094
      David S. Miller authored
      Alexei Starovoitov says:
      
      ====================
      pull-request: bpf 2018-02-22
      
      The following pull-request contains BPF updates for your *net* tree.
      
      The main changes are:
      
      1) two urgent fixes for bpf_tail_call logic for x64 and arm64 JITs, from Daniel.
      
      2) cond_resched points in percpu array alloc/free paths, from Eric.
      
      3) lockdep and other minor fixes, from Yonghong, Arnd, Anders, Li.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      22170094
    • Andy Spencer's avatar
      gianfar: simplify FCS handling and fix memory leak · d903ec77
      Andy Spencer authored
      Previously, buffer descriptors containing only the frame check sequence
      (FCS) were skipped and not added to the skb. However, the page reference
      count was still incremented, leading to a memory leak.
      
      Fixing this inside gfar_add_rx_frag() is difficult due to reserved
      memory handling and page reuse. Instead, move the FCS handling to
      gfar_process_frame() and trim off the FCS before passing the skb up the
      networking stack.
      Signed-off-by: default avatarAndy Spencer <aspencer@spacex.com>
      Signed-off-by: default avatarJim Gruen <jgruen@spacex.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d903ec77