1. 16 Dec, 2021 3 commits
    • Juergen Gross's avatar
      xen/console: harden hvc_xen against event channel storms · fe415186
      Juergen Gross authored
      The Xen console driver is still vulnerable for an attack via excessive
      number of events sent by the backend. Fix that by using a lateeoi event
      channel.
      
      For the normal domU initial console this requires the introduction of
      bind_evtchn_to_irq_lateeoi() as there is no xenbus device available
      at the time the event channel is bound to the irq.
      
      As the decision whether an interrupt was spurious or not requires to
      test for bytes having been read from the backend, move sending the
      event into the if statement, as sending an event without having found
      any bytes to be read is making no sense at all.
      
      This is part of XSA-391
      Signed-off-by: default avatarJuergen Gross <jgross@suse.com>
      Reviewed-by: default avatarJan Beulich <jbeulich@suse.com>
      ---
      V2:
      - slightly adapt spurious irq detection (Jan Beulich)
      V3:
      - fix spurious irq detection (Jan Beulich)
      fe415186
    • Juergen Gross's avatar
      xen/netfront: harden netfront against event channel storms · b27d4795
      Juergen Gross authored
      The Xen netfront driver is still vulnerable for an attack via excessive
      number of events sent by the backend. Fix that by using lateeoi event
      channels.
      
      For being able to detect the case of no rx responses being added while
      the carrier is down a new lock is needed in order to update and test
      rsp_cons and the number of seen unconsumed responses atomically.
      
      This is part of XSA-391
      Signed-off-by: default avatarJuergen Gross <jgross@suse.com>
      Reviewed-by: default avatarJan Beulich <jbeulich@suse.com>
      ---
      V2:
      - don't eoi irq in case of interface set broken (Jan Beulich)
      - handle carrier off + no new responses added (Jan Beulich)
      V3:
      - add rx_ prefix to rsp_unconsumed (Jan Beulich)
      - correct xennet_set_rx_rsp_cons() spelling (Jan Beulich)
      b27d4795
    • Juergen Gross's avatar
      xen/blkfront: harden blkfront against event channel storms · 0fd08a34
      Juergen Gross authored
      The Xen blkfront driver is still vulnerable for an attack via excessive
      number of events sent by the backend. Fix that by using lateeoi event
      channels.
      
      This is part of XSA-391
      Signed-off-by: default avatarJuergen Gross <jgross@suse.com>
      Reviewed-by: default avatarJan Beulich <jbeulich@suse.com>
      0fd08a34
  2. 15 Dec, 2021 3 commits
    • Linus Torvalds's avatar
      Merge tag 'ceph-for-5.16-rc6' of git://github.com/ceph/ceph-client · 2b14864a
      Linus Torvalds authored
      Pull ceph fixes from Ilya Dryomov:
       "An SGID directory handling fix (marked for stable), a metrics
        accounting fix and two fixups to appease static checkers"
      
      * tag 'ceph-for-5.16-rc6' of git://github.com/ceph/ceph-client:
        ceph: fix up non-directory creation in SGID directories
        ceph: initialize pathlen variable in reconnect_caps_cb
        ceph: initialize i_size variable in ceph_sync_read
        ceph: fix duplicate increment of opened_inodes metric
      2b14864a
    • Linus Torvalds's avatar
      Merge tag 's390-5.16-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · d9c1e640
      Linus Torvalds authored
      Pull s390 fixes from Heiko Carstens:
      
       - Add missing handling of R_390_PLT32DBL relocation type in
         arch_kexec_apply_relocations_add(). Clang and the upcoming gcc 11.3
         generate such relocation entries, which our relocation code silently
         ignores, and which finally will result in an endless loop within the
         purgatory code in case of kexec.
      
       - Add proper handling of errors and print error messages when applying
         relocations
      
       - Fix duplicate tracking of irq nesting level in entry code
      
       - Let recordmcount.pl also look for jgnop mnemonic. Starting with
         binutils 2.37 objdump emits a jgnop mnemonic instead of brcl, which
         breaks mcount location detection. This is only a problem if used with
         compilers older than gcc 9, since with gcc 9 and newer compilers
         recordmcount.pl is not used anymore.
      
       - Remove preempt_disable()/preempt_enable() pair in
         kprobe_ftrace_handler() which was done for all architectures except
         for s390.
      
       - Update defconfig
      
      * tag 's390-5.16-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        recordmcount.pl: look for jgnop instruction as well as bcrl on s390
        s390/entry: fix duplicate tracking of irq nesting level
        s390: enable switchdev support in defconfig
        s390/kexec: handle R_390_PLT32DBL rela in arch_kexec_apply_relocations_add()
        s390/ftrace: remove preempt_disable()/preempt_enable() pair
        s390/kexec_file: fix error handling when applying relocations
        s390/kexec_file: print some more error messages
      d9c1e640
    • Linus Torvalds's avatar
      Merge tag 'hyperv-fixes-signed-20211214' of... · 213d9d4c
      Linus Torvalds authored
      Merge tag 'hyperv-fixes-signed-20211214' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux
      
      Pull hyperv fix from Wei Liu:
       "Build fix from Randy Dunlap"
      
      * tag 'hyperv-fixes-signed-20211214' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux:
        hv: utils: add PTP_1588_CLOCK to Kconfig to fix build
      213d9d4c
  3. 13 Dec, 2021 3 commits
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · 5472f14a
      Linus Torvalds authored
      Pull virtio fixes from Michael Tsirkin:
       "Misc virtio and vdpa bugfixes"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        vdpa: Consider device id larger than 31
        virtio/vsock: fix the transport to work with VMADDR_CID_ANY
        virtio_ring: Fix querying of maximum DMA mapping size for virtio device
        virtio: always enter drivers/virtio/
        vduse: check that offset is within bounds in get_config()
        vdpa: check that offsets are within bounds
        vduse: fix memory corruption in vduse_dev_ioctl()
      5472f14a
    • Sergio Paracuellos's avatar
      PCI: mt7621: Convert driver into 'bool' · aa50faff
      Sergio Paracuellos authored
      The driver is not ready yet to be compiled as a module since it depends
      on some symbols not exported on MIPS.  We have the following current
      problems:
      
        Building mips:allmodconfig ... failed
        --------------
        Error log:
        ERROR: modpost: missing MODULE_LICENSE() in drivers/pci/controller/pcie-mt7621.o
        ERROR: modpost: "mips_cm_unlock_other" [drivers/pci/controller/pcie-mt7621.ko] undefined!
        ERROR: modpost: "mips_cpc_base" [drivers/pci/controller/pcie-mt7621.ko] undefined!
        ERROR: modpost: "mips_cm_lock_other" [drivers/pci/controller/pcie-mt7621.ko] undefined!
        ERROR: modpost: "mips_cm_is64" [drivers/pci/controller/pcie-mt7621.ko] undefined!
        ERROR: modpost: "mips_gcr_base" [drivers/pci/controller/pcie-mt7621.ko] undefined!
      
      Temporarily move from 'tristate' to 'bool' until a better solution is
      ready.
      
      Also RALINK is redundant because SOC_MT7621 already depends on it.
      Hence, simplify condition.
      
      Fixes: 2bdd5238 ("PCI: mt7621: Add MediaTek MT7621 PCIe host controller driver").
      Signed-off-by: default avatarSergio Paracuellos <sergio.paracuellos@gmail.com>
      Reviewed-and-Tested-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      aa50faff
    • Linus Torvalds's avatar
      fget: clarify and improve __fget_files() implementation · e386dfc5
      Linus Torvalds authored
      Commit 054aa8d4 ("fget: check that the fd still exists after getting
      a ref to it") fixed a race with getting a reference to a file just as it
      was being closed.  It was a fairly minimal patch, and I didn't think
      re-checking the file pointer lookup would be a measurable overhead,
      since it was all right there and cached.
      
      But I was wrong, as pointed out by the kernel test robot.
      
      The 'poll2' case of the will-it-scale.per_thread_ops benchmark regressed
      quite noticeably.  Admittedly it seems to be a very artificial test:
      doing "poll()" system calls on regular files in a very tight loop in
      multiple threads.
      
      That means that basically all the time is spent just looking up file
      descriptors without ever doing anything useful with them (not that doing
      'poll()' on a regular file is useful to begin with).  And as a result it
      shows the extra "re-check fd" cost as a sore thumb.
      
      Happily, the regression is fixable by just writing the code to loook up
      the fd to be better and clearer.  There's still a cost to verify the
      file pointer, but now it's basically in the noise even for that
      benchmark that does nothing else - and the code is more understandable
      and has better comments too.
      
      [ Side note: this patch is also a classic case of one that looks very
        messy with the default greedy Myers diff - it's much more legible with
        either the patience of histogram diff algorithm ]
      
      Link: https://lore.kernel.org/lkml/20211210053743.GA36420@xsang-OptiPlex-9020/
      Link: https://lore.kernel.org/lkml/20211213083154.GA20853@linux.intel.com/Reported-by: default avatarkernel test robot <oliver.sang@intel.com>
      Tested-by: default avatarCarel Si <beibei.si@intel.com>
      Cc: Jann Horn <jannh@google.com>
      Cc: Miklos Szeredi <mszeredi@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      e386dfc5
  4. 12 Dec, 2021 16 commits
  5. 11 Dec, 2021 15 commits