1. 12 May, 2020 3 commits
    • Eric Biggers's avatar
      f2fs: don't leak filename in f2fs_try_convert_inline_dir() · ff5f85c8
      Eric Biggers authored
      We need to call fscrypt_free_filename() to free the memory allocated by
      fscrypt_setup_filename().
      
      Fixes: b06af2af ("f2fs: convert inline_dir early before starting rename")
      Cc: <stable@vger.kernel.org> # v5.6+
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      ff5f85c8
    • Chao Yu's avatar
      f2fs: compress: support lzo-rle compress algorithm · 6d92b201
      Chao Yu authored
      LZO-RLE extension (run length encoding) was introduced to improve
      performance of LZO algorithm in scenario of data contains many zeros,
      zram has changed to use this extended algorithm by default, this
      patch adds to support this algorithm extension, to enable this
      extension, it needs to enable F2FS_FS_LZO and F2FS_FS_LZORLE config,
      and specifies "compress_algorithm=lzo-rle" mountoption.
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      6d92b201
    • Chao Yu's avatar
      f2fs: introduce mempool for {,de}compress intermediate page allocation · 5e6bbde9
      Chao Yu authored
      If compression feature is on, in scenario of no enough free memory,
      page refault ratio is higher than before, the root cause is:
      - {,de}compression flow needs to allocate intermediate pages to store
      compressed data in cluster, so during their allocation, vm may reclaim
      mmaped pages.
      - if above reclaimed pages belong to compressed cluster, during its
      refault, it may cause more intermediate pages allocation, result in
      reclaiming more mmaped pages.
      
      So this patch introduces a mempool for intermediate page allocation,
      in order to avoid high refault ratio, by default, number of
      preallocated page in pool is 512, user can change the number by
      assigning 'num_compress_pages' parameter during module initialization.
      
      Ma Feng found warnings in the original patch and fixed like below.
      
      Fix the following sparse warning:
      fs/f2fs/compress.c:501:5: warning: symbol 'num_compress_pages' was not declared.
       Should it be static?
      fs/f2fs/compress.c:530:6: warning: symbol 'f2fs_compress_free_page' was not
      declared. Should it be static?
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarMa Feng <mafeng.ma@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      5e6bbde9
  2. 08 May, 2020 6 commits
  3. 24 Apr, 2020 1 commit
  4. 17 Apr, 2020 6 commits
  5. 16 Apr, 2020 1 commit
  6. 07 Apr, 2020 23 commits
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · 63bef48f
      Linus Torvalds authored
      Merge more updates from Andrew Morton:
      
       - a lot more of MM, quite a bit more yet to come: (memcg, pagemap,
         vmalloc, pagealloc, migration, thp, ksm, madvise, virtio,
         userfaultfd, memory-hotplug, shmem, rmap, zswap, zsmalloc, cleanups)
      
       - various other subsystems (procfs, misc, MAINTAINERS, bitops, lib,
         checkpatch, epoll, binfmt, kallsyms, reiserfs, kmod, gcov, kconfig,
         ubsan, fault-injection, ipc)
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (158 commits)
        ipc/shm.c: make compat_ksys_shmctl() static
        ipc/mqueue.c: fix a brace coding style issue
        lib/Kconfig.debug: fix a typo "capabilitiy" -> "capability"
        ubsan: include bug type in report header
        kasan: unset panic_on_warn before calling panic()
        ubsan: check panic_on_warn
        drivers/misc/lkdtm/bugs.c: add arithmetic overflow and array bounds checks
        ubsan: split "bounds" checker from other options
        ubsan: add trap instrumentation option
        init/Kconfig: clean up ANON_INODES and old IO schedulers options
        kernel/gcov/fs.c: replace zero-length array with flexible-array member
        gcov: gcc_3_4: replace zero-length array with flexible-array member
        gcov: gcc_4_7: replace zero-length array with flexible-array member
        kernel/kmod.c: fix a typo "assuems" -> "assumes"
        reiserfs: clean up several indentation issues
        kallsyms: unexport kallsyms_lookup_name() and kallsyms_on_each_symbol()
        samples/hw_breakpoint: drop use of kallsyms_lookup_name()
        samples/hw_breakpoint: drop HW_BREAKPOINT_R when reporting writes
        fs/binfmt_elf.c: don't free interpreter's ELF pheaders on common path
        fs/binfmt_elf.c: allocate less for static executable
        ...
      63bef48f
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-5.7-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 04de788e
      Linus Torvalds authored
      Pull NFS client updates from Trond Myklebust:
       "Highlights include:
      
        Stable fixes:
         - Fix a page leak in nfs_destroy_unlinked_subrequests()
      
         - Fix use-after-free issues in nfs_pageio_add_request()
      
         - Fix new mount code constant_table array definitions
      
         - finish_automount() requires us to hold 2 refs to the mount record
      
        Features:
         - Improve the accuracy of telldir/seekdir by using 64-bit cookies
           when possible.
      
         - Allow one RDMA active connection and several zombie connections to
           prevent blocking if the remote server is unresponsive.
      
         - Limit the size of the NFS access cache by default
      
         - Reduce the number of references to credentials that are taken by
           NFS
      
         - pNFS files and flexfiles drivers now support per-layout segment
           COMMIT lists.
      
         - Enable partial-file layout segments in the pNFS/flexfiles driver.
      
         - Add support for CB_RECALL_ANY to the pNFS flexfiles layout type
      
         - pNFS/flexfiles Report NFS4ERR_DELAY and NFS4ERR_GRACE errors from
           the DS using the layouterror mechanism.
      
        Bugfixes and cleanups:
         - SUNRPC: Fix krb5p regressions
      
         - Don't specify NFS version in "UDP not supported" error
      
         - nfsroot: set tcp as the default transport protocol
      
         - pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid()
      
         - alloc_nfs_open_context() must use the file cred when available
      
         - Fix locking when dereferencing the delegation cred
      
         - Fix memory leaks in O_DIRECT when nfs_get_lock_context() fails
      
         - Various clean ups of the NFS O_DIRECT commit code
      
         - Clean up RDMA connect/disconnect
      
         - Replace zero-length arrays with C99-style flexible arrays"
      
      * tag 'nfs-for-5.7-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: (86 commits)
        NFS: Clean up process of marking inode stale.
        SUNRPC: Don't start a timer on an already queued rpc task
        NFS/pnfs: Reference the layout cred in pnfs_prepare_layoutreturn()
        NFS/pnfs: Fix dereference of layout cred in pnfs_layoutcommit_inode()
        NFS: Beware when dereferencing the delegation cred
        NFS: Add a module parameter to set nfs_mountpoint_expiry_timeout
        NFS: finish_automount() requires us to hold 2 refs to the mount record
        NFS: Fix a few constant_table array definitions
        NFS: Try to join page groups before an O_DIRECT retransmission
        NFS: Refactor nfs_lock_and_join_requests()
        NFS: Reverse the submission order of requests in __nfs_pageio_add_request()
        NFS: Clean up nfs_lock_and_join_requests()
        NFS: Remove the redundant function nfs_pgio_has_mirroring()
        NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
        NFS: Fix a request reference leak in nfs_direct_write_clear_reqs()
        NFS: Fix use-after-free issues in nfs_pageio_add_request()
        NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests()
        NFS: Fix a page leak in nfs_destroy_unlinked_subrequests()
        NFS: Remove unused FLUSH_SYNC support in nfs_initiate_pgio()
        pNFS/flexfiles: Specify the layout segment range in LAYOUTGET
        ...
      04de788e
    • Linus Torvalds's avatar
      Merge tag 'f2fs-for-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs · f40f31ca
      Linus Torvalds authored
      Pull f2fs updates from Jaegeuk Kim:
       "In this round, we've mainly focused on fixing bugs and addressing
        issues in recently introduced compression support.
      
        Enhancement:
         - add zstd support, and set LZ4 by default
         - add ioctl() to show # of compressed blocks
         - show mount time in debugfs
         - replace rwsem with spinlock
         - avoid lock contention in DIO reads
      
        Some major bug fixes wrt compression:
         - compressed block count
         - memory access and leak
         - remove obsolete fields
         - flag controls
      
        Other bug fixes and clean ups:
         - fix overflow when handling .flags in inode_info
         - fix SPO issue during resize FS flow
         - fix compression with fsverity enabled
         - potential deadlock when writing compressed pages
         - show missing mount options"
      
      * tag 'f2fs-for-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: (66 commits)
        f2fs: keep inline_data when compression conversion
        f2fs: fix to disable compression on directory
        f2fs: add missing CONFIG_F2FS_FS_COMPRESSION
        f2fs: switch discard_policy.timeout to bool type
        f2fs: fix to verify tpage before releasing in f2fs_free_dic()
        f2fs: show compression in statx
        f2fs: clean up dic->tpages assignment
        f2fs: compress: support zstd compress algorithm
        f2fs: compress: add .{init,destroy}_decompress_ctx callback
        f2fs: compress: fix to call missing destroy_compress_ctx()
        f2fs: change default compression algorithm
        f2fs: clean up {cic,dic}.ref handling
        f2fs: fix to use f2fs_readpage_limit() in f2fs_read_multi_pages()
        f2fs: xattr.h: Make stub helpers inline
        f2fs: fix to avoid double unlock
        f2fs: fix potential .flags overflow on 32bit architecture
        f2fs: fix NULL pointer dereference in f2fs_verity_work()
        f2fs: fix to clear PG_error if fsverity failed
        f2fs: don't call fscrypt_get_encryption_info() explicitly in f2fs_tmpfile()
        f2fs: don't trigger data flush in foreground operation
        ...
      f40f31ca
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs · 763dede1
      Linus Torvalds authored
      Pull UBI and UBIFS updates from Richard Weinberger:
      
       - Fix for memory leaks around UBIFS orphan handling
      
       - Fix for memory leaks around UBI fastmap
      
       - Remove zero-length array from ubi-media.h
      
       - Fix for TNC lookup in UBIFS orphan code
      
      * tag 'for-linus-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs:
        ubi: ubi-media.h: Replace zero-length array with flexible-array member
        ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
        ubi: fastmap: Only produce the initial anchor PEB when fastmap is used
        ubi: fastmap: Free unused fastmap anchor peb during detach
        ubifs: ubifs_add_orphan: Fix a memory leak bug
        ubifs: ubifs_jnl_write_inode: Fix a memory leak bug
        ubifs: Fix ubifs_tnc_lookup() usage in do_kill_orphans()
      763dede1
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml · 762a9f2f
      Linus Torvalds authored
      Pull UML updates from Richard Weinberger:
      
       - New mode for time travel, external via virtio
      
       - Fixes for ubd to make sure no requests can get lost
      
       - Fixes for vector networking
      
       - Allow CONFIG_STATIC_LINK only when possible
      
       - Minor cleanups and fixes
      
      * tag 'for-linus-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
        um: Remove some unnecessary NULL checks in vector_user.c
        um: vector: Avoid NULL ptr deference if transport is unset
        um: Make CONFIG_STATIC_LINK actually static
        um: Implement cpu_relax() as ndelay(1) for time-travel
        um: Implement ndelay/udelay in time-travel mode
        um: Implement time-travel=ext
        um: virtio: Implement VHOST_USER_PROTOCOL_F_INBAND_NOTIFICATIONS
        um: time-travel: Rewrite as an event scheduler
        um: Move timer-internal.h to non-shared
        hostfs: Use kasprintf() instead of fixed buffer formatting
        um: falloc.h needs to be directly included for older libc
        um: ubd: Retry buffer read on any kind of error
        um: ubd: Prevent buffer overrun on command completion
        um: Fix overlapping ELF segments when statically linked
        um: Delete never executed timer
        um: Don't overwrite ethtool driver version
        um: Fix len of file in create_pid_file
        um: Don't use console_drivers directly
        um: Cleanup CONFIG_IOSCHED_CFQ
      762a9f2f
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://github.com/openrisc/linux · d5d24766
      Linus Torvalds authored
      Pull OpenRISC updates from Stafford Horne:
       "A few cleanups all over the place, things of note:
      
         - Enable the clone3 syscall
      
         - Remove CONFIG_CROSS_COMPILE from Krzysztof Kozlowski
      
         - Update to use mmgrab from Julia Lawall"
      
      * tag 'for-linus' of git://github.com/openrisc/linux:
        openrisc: Remove obsolete show_trace_task function
        openrisc: Cleanup copy_thread_tls docs and comments
        openrisc: Enable the clone3 syscall
        openrisc: Convert copy_thread to copy_thread_tls
        openrisc: use mmgrab
        openrisc: configs: Cleanup CONFIG_CROSS_COMPILE
      d5d24766
    • Linus Torvalds's avatar
      Merge branch 'parisc-5.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · f9db97d7
      Linus Torvalds authored
      Pull parisc updates from Helge Deller:
       "Some cleanups in arch_rw locking functions, improved interrupt
        handling in arch spinlocks, coversions to request_irq() and syscall
        table generation cleanups"
      
      * 'parisc-5.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: remove nargs from __SYSCALL
        parisc: Refactor alternative code to accept multiple conditions
        parisc: Rework arch_rw locking functions
        parisc: Improve interrupt handling in arch_spin_lock_flags()
        parisc: Replace setup_irq() by request_irq()
      f9db97d7
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · 12782fbe
      Linus Torvalds authored
      Pull sparc update from David Miller:
       "A per-device DMA ops conversion for sparc32 by Chrstioph Hellwig"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        sparc32: use per-device dma_ops
      12782fbe
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide · 498ff42d
      Linus Torvalds authored
      Pull IDE update from David Miller:
       "As usual, very quiet in this subsystem.
      
        Just a list_for_each_entry_safe() conversion"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide:
        drivers/ide: Fix build regression.
        drivers/ide: convert to list_for_each_entry_safe()
      498ff42d
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 479a72c0
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Slave bond and team devices should not be assigned ipv6 link local
          addresses, from Jarod Wilson.
      
       2) Fix clock sink config on some at803x PHY devices, from Oleksij
          Rempel.
      
       3) Uninitialized stack space transmitted in slcan frames, fix from
          Richard Palethorpe.
      
       4) Guard HW VLAN ops properly in stmmac driver, from Jose Abreu.
      
       5) "=" --> "|=" fix in aquantia driver, from Colin Ian King.
      
       6) Fix TCP fallback in mptcp, from Florian Westphal. (accessing a plain
          tcp_sk as if it were an mptcp socket).
      
       7) Fix cavium driver in some configurations wrt. PTP, from Yue Haibing.
      
       8) Make ipv6 and ipv4 consistent in the lower bound allowed for
          neighbour entry retrans_time, from Hangbin Liu.
      
       9) Don't use private workqueue in pegasus usb driver, from Petko
          Manolov.
      
      10) Fix integer overflow in mlxsw, from Colin Ian King.
      
      11) Missing refcnt init in cls_tcindex, from Cong Wang.
      
      12) One too many loop iterations when processing cmpri entries in ipv6
          rpl code, from Alexander Aring.
      
      13) Disable SG and TSO by default in r8169, from Heiner Kallweit.
      
      14) NULL deref in macsec, from Davide Caratti.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (42 commits)
        macsec: fix NULL dereference in macsec_upd_offload()
        skbuff.h: Improve the checksum related comments
        net: dsa: bcm_sf2: Ensure correct sub-node is parsed
        qed: remove redundant assignment to variable 'rc'
        wimax: remove some redundant assignments to variable result
        mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE
        mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_PRIORITY
        r8169: change back SG and TSO to be disabled by default
        net: dsa: bcm_sf2: Do not register slave MDIO bus with OF
        ipv6: rpl: fix loop iteration
        tun: Don't put_page() for all negative return values from XDP program
        net: dsa: mt7530: fix null pointer dereferencing in port5 setup
        mptcp: add some missing pr_fmt defines
        net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers
        net_sched: fix a missing refcnt in tcindex_init()
        net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting
        mlxsw: spectrum_trap: fix unintention integer overflow on left shift
        pegasus: Remove pegasus' own workqueue
        neigh: support smaller retrans_time settting
        net: openvswitch: use hlist_for_each_entry_rcu instead of hlist_for_each_entry
        ...
      479a72c0
    • Linus Torvalds's avatar
      Merge branch 'pcmcia-next' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux · 07d6f6dc
      Linus Torvalds authored
      Pull pcmcia updates from Dominik Brodowski:
       "A few PCMCIA odd fixes: removing a few spaces and useless casts,
        replacing snprintf() with scnprintf(), and replacing zero-length
        arrays with a flexible-array member"
      
      * 'pcmcia-next' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/linux:
        pcmcia: remove some unused space characters
        pcmcia: soc_common.h: Replace zero-length array with flexible-array member
        pcmcia: cs_internal.h: Replace zero-length array with flexible-array member
        pcmcia: Use scnprintf() for avoiding potential buffer overflow
        pcmcia: omap: remove useless cast for driver.name
      07d6f6dc
    • Jason Yan's avatar
      ipc/shm.c: make compat_ksys_shmctl() static · 1cd377ba
      Jason Yan authored
      Fix the following sparse warning:
      
      ipc/shm.c:1335:6: warning: symbol 'compat_ksys_shmctl' was not declared.
      Should it be static?
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Signed-off-by: default avatarJason Yan <yanaijie@huawei.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Link: http://lkml.kernel.org/r/20200403063933.24785-1-yanaijie@huawei.comSigned-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1cd377ba
    • Somala Swaraj's avatar
    • Qiujun Huang's avatar
    • Kees Cook's avatar
      ubsan: include bug type in report header · ef065653
      Kees Cook authored
      When syzbot tries to figure out how to deduplicate bug reports, it prefers
      seeing a hint about a specific bug type (we can do better than just
      "UBSAN").  This lifts the handler reason into the UBSAN report line that
      includes the file path that tripped a check.  Unfortunately, UBSAN does
      not provide function names.
      Suggested-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Andrey Konovalov <andreyknvl@google.com>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Dan Carpenter <dan.carpenter@oracle.com>
      Cc: Elena Petrova <lenaptr@google.com>
      Cc: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
      Link: http://lkml.kernel.org/r/20200227193516.32566-7-keescook@chromium.org
      Link: https://lore.kernel.org/lkml/CACT4Y+bsLJ-wFx_TaXqax3JByUOWB3uk787LsyMVcfW6JzzGvg@mail.gmail.comSigned-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ef065653
    • Kees Cook's avatar
      kasan: unset panic_on_warn before calling panic() · 1d2252fa
      Kees Cook authored
      As done in the full WARN() handler, panic_on_warn needs to be cleared
      before calling panic() to avoid recursive panics.
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Acked-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Andrey Konovalov <andreyknvl@google.com>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Dan Carpenter <dan.carpenter@oracle.com>
      Cc: Elena Petrova <lenaptr@google.com>
      Cc: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
      Link: http://lkml.kernel.org/r/20200227193516.32566-6-keescook@chromium.orgSigned-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1d2252fa
    • Kees Cook's avatar
      ubsan: check panic_on_warn · 1d28c8d6
      Kees Cook authored
      Syzkaller expects kernel warnings to panic when the panic_on_warn sysctl
      is set.  More work is needed here to have UBSan reuse the WARN
      infrastructure, but for now, just check the flag manually.
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Andrey Konovalov <andreyknvl@google.com>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Dan Carpenter <dan.carpenter@oracle.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Elena Petrova <lenaptr@google.com>
      Cc: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
      Link: https://lore.kernel.org/lkml/CACT4Y+bsLJ-wFx_TaXqax3JByUOWB3uk787LsyMVcfW6JzzGvg@mail.gmail.com
      Link: http://lkml.kernel.org/r/20200227193516.32566-5-keescook@chromium.orgSigned-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1d28c8d6
    • Kees Cook's avatar
      drivers/misc/lkdtm/bugs.c: add arithmetic overflow and array bounds checks · ae2e1aad
      Kees Cook authored
      Adds LKDTM tests for arithmetic overflow (both signed and unsigned), as
      well as array bounds checking.
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Acked-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Andrey Konovalov <andreyknvl@google.com>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Dan Carpenter <dan.carpenter@oracle.com>
      Cc: Elena Petrova <lenaptr@google.com>
      Cc: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
      Link: http://lkml.kernel.org/r/20200227193516.32566-4-keescook@chromium.orgSigned-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ae2e1aad
    • Kees Cook's avatar
      ubsan: split "bounds" checker from other options · 277a1085
      Kees Cook authored
      In order to do kernel builds with the bounds checker individually
      available, introduce CONFIG_UBSAN_BOUNDS, with the remaining options under
      CONFIG_UBSAN_MISC.
      
      For example, using this, we can start to expand the coverage syzkaller is
      providing.  Right now, all of UBSan is disabled for syzbot builds because
      taken as a whole, it is too noisy.  This will let us focus on one feature
      at a time.
      
      For the bounds checker specifically, this provides a mechanism to
      eliminate an entire class of array overflows with close to zero
      performance overhead (I cannot measure a difference).  In my (mostly)
      defconfig, enabling bounds checking adds ~4200 checks to the kernel.
      Performance changes are in the noise, likely due to the branch predictors
      optimizing for the non-fail path.
      
      Some notes on the bounds checker:
      
      - it does not instrument {mem,str}*()-family functions, it only
        instruments direct indexed accesses (e.g. "foo[i]"). Dealing with
        the {mem,str}*()-family functions is a work-in-progress around
        CONFIG_FORTIFY_SOURCE[1].
      
      - it ignores flexible array members, including the very old single
        byte (e.g. "int foo[1];") declarations. (Note that GCC's
        implementation appears to ignore _all_ trailing arrays, but Clang only
        ignores empty, 0, and 1 byte arrays[2].)
      
      [1] https://github.com/KSPP/linux/issues/6
      [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92589Suggested-by: default avatarElena Petrova <lenaptr@google.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Reviewed-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Acked-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Andrey Konovalov <andreyknvl@google.com>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Dan Carpenter <dan.carpenter@oracle.com>
      Cc: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
      Link: http://lkml.kernel.org/r/20200227193516.32566-3-keescook@chromium.orgSigned-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      277a1085
    • Kees Cook's avatar
      ubsan: add trap instrumentation option · 0887a7eb
      Kees Cook authored
      Patch series "ubsan: Split out bounds checker", v5.
      
      This splits out the bounds checker so it can be individually used.  This
      is enabled in Android and hopefully for syzbot.  Includes LKDTM tests for
      behavioral corner-cases (beyond just the bounds checker), and adjusts
      ubsan and kasan slightly for correct panic handling.
      
      This patch (of 6):
      
      The Undefined Behavior Sanitizer can operate in two modes: warning
      reporting mode via lib/ubsan.c handler calls, or trap mode, which uses
      __builtin_trap() as the handler.  Using lib/ubsan.c means the kernel image
      is about 5% larger (due to all the debugging text and reporting structures
      to capture details about the warning conditions).  Using the trap mode,
      the image size changes are much smaller, though at the loss of the
      "warning only" mode.
      
      In order to give greater flexibility to system builders that want minimal
      changes to image size and are prepared to deal with kernel code being
      aborted and potentially destabilizing the system, this introduces
      CONFIG_UBSAN_TRAP.  The resulting image sizes comparison:
      
         text    data     bss       dec       hex     filename
      19533663   6183037  18554956  44271656  2a38828 vmlinux.stock
      19991849   7618513  18874448  46484810  2c54d4a vmlinux.ubsan
      19712181   6284181  18366540  44362902  2a4ec96 vmlinux.ubsan-trap
      
      CONFIG_UBSAN=y:      image +4.8% (text +2.3%, data +18.9%)
      CONFIG_UBSAN_TRAP=y: image +0.2% (text +0.9%, data +1.6%)
      
      Additionally adjusts the CONFIG_UBSAN Kconfig help for clarity and removes
      the mention of non-existing boot param "ubsan_handle".
      Suggested-by: default avatarElena Petrova <lenaptr@google.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Acked-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Andrey Konovalov <andreyknvl@google.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Dan Carpenter <dan.carpenter@oracle.com>
      Cc: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Link: http://lkml.kernel.org/r/20200227193516.32566-2-keescook@chromium.orgSigned-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0887a7eb
    • Krzysztof Kozlowski's avatar
      init/Kconfig: clean up ANON_INODES and old IO schedulers options · 7baf2199
      Krzysztof Kozlowski authored
      CONFIG_ANON_INODES is gone since commit 5dd50aae ("Make anon_inodes
      unconditional").
      
      CONFIG_CFQ_GROUP_IOSCHED was replaced with CONFIG_BFQ_GROUP_IOSCHED in
      commit f382fb0b ("block: remove legacy IO schedulers").
      Signed-off-by: default avatarKrzysztof Kozlowski <krzk@kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Link: http://lkml.kernel.org/r/20200130192419.3026-1-krzk@kernel.orgSigned-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7baf2199
    • Gustavo A. R. Silva's avatar
      kernel/gcov/fs.c: replace zero-length array with flexible-array member · 6524d794
      Gustavo A. R. Silva authored
      The current codebase makes use of the zero-length array language extension
      to the C90 standard, but the preferred mechanism to declare
      variable-length types such as these ones is a flexible array member[1][2],
      introduced in C99:
      
      struct foo {
              int stuff;
              struct boo array[];
      };
      
      By making use of the mechanism above, we will get a compiler warning in
      case the flexible array does not occur last in the structure, which will
      help us prevent some kind of undefined behavior bugs from being
      inadvertently introduced[3] to the codebase from now on.
      
      Also, notice that, dynamic memory allocations won't be affected by this
      change:
      
      "Flexible array members have incomplete type, and so the sizeof operator
      may not be applied.  As a quirk of the original implementation of
      zero-length arrays, sizeof evaluates to zero."[1]
      
      This issue was found with the help of Coccinelle.
      
      [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
      [2] https://github.com/KSPP/linux/issues/21
      [3] commit 76497732 ("cxgb3/l2t: Fix undefined behaviour")
      Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Cc: Peter Oberparleiter <oberpar@linux.ibm.com>
      Link: http://lkml.kernel.org/r/20200302224851.GA26467@embeddedorSigned-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6524d794
    • Gustavo A. R. Silva's avatar
      gcov: gcc_3_4: replace zero-length array with flexible-array member · 7ff87182
      Gustavo A. R. Silva authored
      The current codebase makes use of the zero-length array language extension
      to the C90 standard, but the preferred mechanism to declare
      variable-length types such as these ones is a flexible array member[1][2],
      introduced in C99:
      
      struct foo {
              int stuff;
              struct boo array[];
      };
      
      By making use of the mechanism above, we will get a compiler warning in
      case the flexible array does not occur last in the structure, which will
      help us prevent some kind of undefined behavior bugs from being
      inadvertently introduced[3] to the codebase from now on.
      
      Also, notice that, dynamic memory allocations won't be affected by this
      change:
      
      "Flexible array members have incomplete type, and so the sizeof operator
      may not be applied.  As a quirk of the original implementation of
      zero-length arrays, sizeof evaluates to zero."[1]
      
      This issue was found with the help of Coccinelle.
      
      [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
      [2] https://github.com/KSPP/linux/issues/21
      [3] commit 76497732 ("cxgb3/l2t: Fix undefined behaviour")
      Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Cc: Peter Oberparleiter <oberpar@linux.ibm.com>
      Link: http://lkml.kernel.org/r/20200302224501.GA14175@embeddedorSigned-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7ff87182