1. 25 Oct, 2017 2 commits
  2. 13 Oct, 2017 1 commit
    • Anju T Sudhakar's avatar
      powerpc/perf: Fix IMC initialization crash · 0d8ba162
      Anju T Sudhakar authored
      Panic observed with latest firmware, and upstream kernel:
      
       NIP init_imc_pmu+0x8c/0xcf0
       LR  init_imc_pmu+0x2f8/0xcf0
       Call Trace:
         init_imc_pmu+0x2c8/0xcf0 (unreliable)
         opal_imc_counters_probe+0x300/0x400
         platform_drv_probe+0x64/0x110
         driver_probe_device+0x3d8/0x580
         __driver_attach+0x14c/0x1a0
         bus_for_each_dev+0x8c/0xf0
         driver_attach+0x34/0x50
         bus_add_driver+0x298/0x350
         driver_register+0x9c/0x180
         __platform_driver_register+0x5c/0x70
         opal_imc_driver_init+0x2c/0x40
         do_one_initcall+0x64/0x1d0
         kernel_init_freeable+0x280/0x374
         kernel_init+0x24/0x160
         ret_from_kernel_thread+0x5c/0x74
      
      While registering nest imc at init, cpu-hotplug callback
      nest_pmu_cpumask_init() makes an OPAL call to stop the engine. And if
      the OPAL call fails, imc_common_cpuhp_mem_free() is invoked to cleanup
      memory and cpuhotplug setup.
      
      But when cleaning up the attribute group, we are dereferencing the
      attribute element array without checking whether the backing element
      is not NULL. This causes the kernel panic.
      
      Add a check for the backing element prior to dereferencing the
      attribute element, to handle the failing case gracefully.
      Signed-off-by: default avatarAnju T Sudhakar <anju@linux.vnet.ibm.com>
      Reported-by: default avatarPridhiviraj Paidipeddi <ppaidipe@linux.vnet.ibm.com>
      [mpe: Trim change log]
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      0d8ba162
  3. 12 Oct, 2017 2 commits
    • Anju T Sudhakar's avatar
      powerpc/perf: Add ___GFP_NOWARN flag to alloc_pages_node() · cd4f2b30
      Anju T Sudhakar authored
      Stack trace output during a stress test:
       [    4.310049] Freeing initrd memory: 22592K
      [    4.310646] rtas_flash: no firmware flash support
      [    4.313341] cpuhp/64: page allocation failure: order:0, mode:0x14480c0(GFP_KERNEL|__GFP_ZERO|__GFP_THISNODE), nodemask=(null)
      [    4.313465] cpuhp/64 cpuset=/ mems_allowed=0
      [    4.313521] CPU: 64 PID: 392 Comm: cpuhp/64 Not tainted 4.11.0-39.el7a.ppc64le #1
      [    4.313588] Call Trace:
      [    4.313622] [c000000f1fb1b8e0] [c000000000c09388] dump_stack+0xb0/0xf0 (unreliable)
      [    4.313694] [c000000f1fb1b920] [c00000000030ef6c] warn_alloc+0x12c/0x1c0
      [    4.313753] [c000000f1fb1b9c0] [c00000000030ff68] __alloc_pages_nodemask+0xea8/0x1000
      [    4.313823] [c000000f1fb1bbb0] [c000000000113a8c] core_imc_mem_init+0xbc/0x1c0
      [    4.313892] [c000000f1fb1bc00] [c000000000113cdc] ppc_core_imc_cpu_online+0x14c/0x170
      [    4.313962] [c000000f1fb1bc90] [c000000000125758] cpuhp_invoke_callback+0x198/0x5d0
      [    4.314031] [c000000f1fb1bd00] [c00000000012782c] cpuhp_thread_fun+0x8c/0x3d0
      [    4.314101] [c000000f1fb1bd60] [c0000000001678d0] smpboot_thread_fn+0x290/0x2a0
      [    4.314169] [c000000f1fb1bdc0] [c00000000015ee78] kthread+0x168/0x1b0
      [    4.314229] [c000000f1fb1be30] [c00000000000b368] ret_from_kernel_thread+0x5c/0x74
      [    4.314313] Mem-Info:
      [    4.314356] active_anon:0 inactive_anon:0 isolated_anon:0
      
      core_imc_mem_init() at system boot use alloc_pages_node() to get memory
      and alloc_pages_node() throws this stack dump when tried to allocate
      memory from a node which has no memory behind it. Add a ___GFP_NOWARN
      flag in allocation request as a fix.
      Signed-off-by: default avatarAnju T Sudhakar <anju@linux.vnet.ibm.com>
      Reported-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Reported-by: default avatarVenkat R.B <venkatb3@in.ibm.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      cd4f2b30
    • Anju T Sudhakar's avatar
      powerpc/perf: Fix for core/nest imc call trace on cpuhotplug · 0d923820
      Anju T Sudhakar authored
      Nest/core pmu units are enabled only when it is used. A reference count is
      maintained for the events which uses the nest/core pmu units. Currently in
      *_imc_counters_release function a WARN() is used for notification of any
      underflow of ref count.
      
      The case where event ref count hit a negative value is, when perf session is
      started, followed by offlining of all cpus in a given core.
      i.e. in cpuhotplug offline path ppc_core_imc_cpu_offline() function set the
      ref->count to zero, if the current cpu which is about to offline is the last
      cpu in a given core and make an OPAL call to disable the engine in that core.
      And on perf session termination, perf->destroy (core_imc_counters_release) will
      first decrement the ref->count for this core and based on the ref->count value
      an opal call is made to disable the core-imc engine.
      Now, since cpuhotplug path already clears the ref->count for core and disabled
      the engine, perf->destroy() decrementing again at event termination make it
      negative which in turn fires the WARN_ON. The same happens for nest units.
      
      Add a check to see if the reference count is alreday zero, before decrementing
      the count, so that the ref count will not hit a negative value.
      Signed-off-by: default avatarAnju T Sudhakar <anju@linux.vnet.ibm.com>
      Reviewed-by: default avatarSantosh Sivaraj <santosh@fossix.org>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      0d923820
  4. 10 Oct, 2017 3 commits
    • Thiago Jung Bauermann's avatar
      powerpc: Don't call lockdep_assert_cpus_held() from arch_update_cpu_topology() · 6b2c08f9
      Thiago Jung Bauermann authored
      It turns out that not all paths calling arch_update_cpu_topology() hold
      cpu_hotplug_lock, but that's OK because those paths can't race with
      any concurrent hotplug events.
      
      Warnings were reported with the following trace:
      
        lockdep_assert_cpus_held
        arch_update_cpu_topology
        sched_init_domains
        sched_init_smp
        kernel_init_freeable
        kernel_init
        ret_from_kernel_thread
      
      Which is safe because it's called early in boot when hotplug is not
      live yet.
      
      And also this trace:
      
        lockdep_assert_cpus_held
        arch_update_cpu_topology
        partition_sched_domains
        cpuset_update_active_cpus
        sched_cpu_deactivate
        cpuhp_invoke_callback
        cpuhp_down_callbacks
        cpuhp_thread_fun
        smpboot_thread_fn
        kthread
        ret_from_kernel_thread
      
      Which is safe because it's called as part of CPU hotplug, so although
      we don't hold the CPU hotplug lock, there is another thread driving
      the CPU hotplug operation which does hold the lock, and there is no
      race.
      
      Thanks to tglx for deciphering it for us.
      
      Fixes: 3e401f7a ("powerpc: Only obtain cpu_hotplug_lock if called by rtasd")
      Signed-off-by: default avatarThiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      6b2c08f9
    • Sandipan Das's avatar
      powerpc/lib/sstep: Fix count leading zeros instructions · b0490a04
      Sandipan Das authored
      According to the GCC documentation, the behaviour of __builtin_clz()
      and __builtin_clzl() is undefined if the value of the input argument
      is zero. Without handling this special case, these builtins have been
      used for emulating the following instructions:
        * Count Leading Zeros Word (cntlzw[.])
        * Count Leading Zeros Doubleword (cntlzd[.])
      
      This fixes the emulated behaviour of these instructions by adding an
      additional check for this special case.
      
      Fixes: 3cdfcbfd ("powerpc: Change analyse_instr so it doesn't modify *regs")
      Signed-off-by: default avatarSandipan Das <sandipan@linux.vnet.ibm.com>
      Reviewed-by: default avatarNaveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      b0490a04
    • Kamalesh Babulal's avatar
      powerpc/livepatch: Fix livepatch stack access · e36a82ee
      Kamalesh Babulal authored
      While running stress test with livepatch module loaded, kernel bug was
      triggered.
      
        cpu 0x5: Vector: 400 (Instruction Access) at [c0000000eb9d3b60]
        5:mon> t
        [c0000000eb9d3de0] c0000000eb9d3e30 (unreliable)
        [c0000000eb9d3e30] c000000000008ab4 hardware_interrupt_common+0x114/0x120
         --- Exception: 501 (Hardware Interrupt) at c000000000053040 livepatch_handler+0x4c/0x74
        [c0000000eb9d4120] 0000000057ac6e9d (unreliable)
        [d0000000089d9f78] 2e0965747962382e
        SP (965747962342e09) is in userspace
      
      When an interrupt occurs during the livepatch_handler execution, it's
      possible for the livepatch_stack and/or thread_info to be corrupted.
      eg:
      
        Task A                        Interrupt Handler
        =========                     =================
        livepatch_handler:
        mr r0, r1
        ld r1, TI_livepatch_sp(r12)
                                      hardware_interrupt_common:
                                        do_IRQ+0x8:
                                          mflr    r0          <- saved stack pointer is overwritten
                                          bl      _mcount
                                          ...
                                          std     r27,-40(r1) <- overwrite of thread_info()
      
        lis r2, STACK_END_MAGIC@h
        ori r2, r2, STACK_END_MAGIC@l
        ld  r12, -8(r1)
      
      Fix the corruption by using r11 register for livepatch stack
      manipulation, instead of shuffling task stack and livepatch stack into
      r1 register. Using r11 register also avoids disabling/enabling irq's
      while setting up the livepatch stack.
      Signed-off-by: default avatarKamalesh Babulal <kamalesh@linux.vnet.ibm.com>
      Reviewed-by: default avatarNaveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
      Reviewed-by: default avatarBalbir Singh <bsingharora@gmail.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      e36a82ee
  5. 06 Oct, 2017 1 commit
  6. 04 Oct, 2017 3 commits
    • Guenter Roeck's avatar
      powerpc/mm: Call flush_tlb_kernel_range with interrupts enabled · 7c6a4f3b
      Guenter Roeck authored
      flush_tlb_kernel_range() may call smp_call_function_many() which expects
      interrupts to be enabled. This results in a traceback.
      
      WARNING: CPU: 0 PID: 1 at kernel/smp.c:416 smp_call_function_many+0xcc/0x2fc
      CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.14.0-rc1-00009-g0666f560 #1
      task: cf830000 task.stack: cf82e000
      NIP:  c00a93c8 LR: c00a9634 CTR: 00000001
      REGS: cf82fde0 TRAP: 0700   Not tainted  (4.14.0-rc1-00009-g0666f560)
      MSR:  00021000 <CE,ME>  CR: 24000082  XER: 00000000
      
      GPR00: c00a9634 cf82fe90 cf830000 c050ad3c c0015a54 00000000 00000001 00000001
      GPR08: 00000001 00000000 00000000 cf82e000 24000084 00000000 c0003150 00000000
      GPR16: 00000000 00000000 00000000 00000000 00000000 00000001 00000000 c0510000
      GPR24: 00000000 c0015a54 00000000 c050ad3c c051823c c050ad3c 00000025 00000000
      NIP [c00a93c8] smp_call_function_many+0xcc/0x2fc
      LR [c00a9634] smp_call_function+0x3c/0x50
      Call Trace:
      [cf82fe90] [00000010] 0x10 (unreliable)
      [cf82fed0] [c00a9634] smp_call_function+0x3c/0x50
      [cf82fee0] [c0015d2c] flush_tlb_kernel_range+0x20/0x38
      [cf82fef0] [c001524c] mark_initmem_nx+0x154/0x16c
      [cf82ff20] [c001484c] free_initmem+0x20/0x4c
      [cf82ff30] [c000316c] kernel_init+0x1c/0x108
      [cf82ff40] [c000f3a8] ret_from_kernel_thread+0x5c/0x64
      Instruction dump:
      7c0803a6 7d808120 38210040 4e800020 3d20c052 812981a0 2f890000 40beffac
      3d20c051 8929ac64 2f890000 40beff9c <0fe00000> 4bffff94 7fc3f378 7f64db78
      
      Fixes: 3184cc4b ("powerpc/mm: Fix kernel RAM protection after freeing ...")
      Fixes: e611939f ("powerpc/mm: Ensure change_page_attr() doesn't ...")
      Cc: Christophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Reviewed-by: default avatarChristophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      7c6a4f3b
    • Cédric Le Goater's avatar
      powerpc/xive: Clear XIVE internal structures when a CPU is removed · cc569398
      Cédric Le Goater authored
      Commit eac1e731 ("powerpc/xive: guest exploitation of the XIVE
      interrupt controller") introduced support for the XIVE exploitation
      mode of the P9 interrupt controller on the pseries platform.
      
      At that time, support for CPU removal was not complete on PowerVM and
      CPU hot unplug remained untested. It appears that some cleanups of the
      XIVE internal structures are required before releasing the CPU,
      without which the kernel crashes in a RTAS call doing the CPU
      isolation.
      
      These changes fix the crash by deconfiguring the IPI interrupt source
      and clearing the event queues of the CPU when it is removed.
      
      Fixes: eac1e731 ("powerpc/xive: guest exploitation of the XIVE interrupt controller")
      Signed-off-by: default avatarCédric Le Goater <clg@kaod.org>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      cc569398
    • Cédric Le Goater's avatar
      powerpc/xive: Fix IPI reset · 74f12821
      Cédric Le Goater authored
      When resetting an IPI, hw_ipi should also be set to zero.
      
      Fixes: eac1e731 ("powerpc/xive: guest exploitation of the XIVE interrupt controller")
      Signed-off-by: default avatarCédric Le Goater <clg@kaod.org>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      74f12821
  7. 03 Oct, 2017 2 commits
    • Christian Lamparter's avatar
      powerpc/4xx: Fix compile error with 64K pages on 40x, 44x · 070e0049
      Christian Lamparter authored
      The mmu context on the 40x, 44x does not define pte_frag entry. This
      causes gcc abort the compilation due to:
      
        setup-common.c: In function ‘setup_arch’:
        setup-common.c:908: error: ‘mm_context_t’ has no ‘pte_frag’
      
      This patch fixes the issue by removing the pte_frag initialization in
      setup-common.c.
      
      This is possible, because the compiler will do the initialization,
      since the mm_context is a sub struct of init_mm. init_mm is declared
      in mm_types.h as external linkage.
      
      According to C99 6.2.4.3:
        An object whose identifier is declared with external linkage
        [...] has static storage duration.
      
      C99 defines in 6.7.8.10 that:
        If an object that has static storage duration is not
        initialized explicitly, then:
        - if it has pointer type, it is initialized to a null pointer
      
      Fixes: b1923caa ("powerpc: Merge 32-bit and 64-bit setup_arch()")
      Signed-off-by: default avatarChristian Lamparter <chunkeey@gmail.com>
      Reviewed-by: default avatarChristophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      070e0049
    • Jeremy Kerr's avatar
      powerpc: Fix action argument for cpufeatures-based TLB flush · 3b7af5c0
      Jeremy Kerr authored
      Commit 41d0c2ec ("powerpc/powernv: Fix local TLB flush for boot
      and MCE on POWER9") introduced calls to __flush_tlb_power[89] from the
      cpufeatures code, specifying the number of sets to flush.
      
      However, these functions take an action argument, not a number of
      sets. This means we hit the BUG() in __flush_tlb_{206,300} when using
      cpufeatures-style configuration.
      
      This change passes TLB_INVAL_SCOPE_GLOBAL instead.
      
      Fixes: 41d0c2ec ("powerpc/powernv: Fix local TLB flush for boot and MCE on POWER9")
      Cc: stable@vger.kernel.org # v4.13+
      Signed-off-by: default avatarJeremy Kerr <jk@ozlabs.org>
      Reviewed-by: default avatarNicholas Piggin <npiggin@gmail.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      3b7af5c0
  8. 29 Sep, 2017 2 commits
  9. 26 Sep, 2017 1 commit
    • Michael Neuling's avatar
      powerpc: Handle MCE on POWER9 with only DSISR bit 30 set · d8bd9f3f
      Michael Neuling authored
      On POWER9 DD2.1 and below, it's possible for a paste instruction to
      cause a Machine Check Exception (MCE) where only DSISR bit 30 (IBM 33)
      is set. This will result in the MCE handler seeing an unknown event,
      which triggers linux to crash.
      
      We change this by detecting unknown events caused by load/stores in
      the MCE handler and marking them as handled so that we no longer
      crash.
      
      An MCE that occurs like this is spurious, so we don't need to do
      anything in terms of servicing it. If there is something that needs to
      be serviced, the CPU will raise the MCE again with the correct DSISR
      so that it can be serviced properly.
      Signed-off-by: default avatarMichael Neuling <mikey@neuling.org>
      Reviewed-by: Nicholas Piggin <npiggin@gmail.com
      Acked-by: default avatarBalbir Singh <bsingharora@gmail.com>
      [mpe: Expand comment with details from change log, use normal bit #s]
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      d8bd9f3f
  10. 24 Sep, 2017 14 commits
  11. 23 Sep, 2017 9 commits
    • Linus Torvalds's avatar
      Merge branch 'parisc-4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · cd4175b1
      Linus Torvalds authored
      Pull parisc fixes from Helge Deller:
      
       - Unbreak parisc bootloader by avoiding a gcc-7 optimization to convert
         multiple byte-accesses into one word-access.
      
       - Add missing HWPOISON page fault handler code. I completely missed
         that when I added HWPOISON support during this merge window and it
         only showed up now with the madvise07 LTP test case.
      
       - Fix backtrace unwinding to stop when stack start has been reached.
      
       - Issue warning if initrd has been loaded into memory regions with
         broken RAM modules.
      
       - Fix HPMC handler (parisc hardware fault handler) to comply with
         architecture specification.
      
       - Avoid compiler warnings about too large frame sizes.
      
       - Minor init-section fixes.
      
      * 'parisc-4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Unbreak bootloader due to gcc-7 optimizations
        parisc: Reintroduce option to gzip-compress the kernel
        parisc: Add HWPOISON page fault handler code
        parisc: Move init_per_cpu() into init section
        parisc: Check if initrd was loaded into broken RAM
        parisc: Add PDCE_CHECK instruction to HPMC handler
        parisc: Add wrapper for pdc_instr() firmware function
        parisc: Move start_parisc() into init section
        parisc: Stop unwinding at start of stack
        parisc: Fix too large frame size warnings
      cd4175b1
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma · ded85032
      Linus Torvalds authored
      Pull rdma fixes from Doug Ledford:
      
       - Smattering of miscellanous fixes
      
       - A five patch series for i40iw that had a patch (5/5) that was larger
         than I would like, but I took it because it's needed for large scale
         users
      
       - An 8 patch series for bnxt_re that landed right as I was leaving on
         PTO and so had to wait until now...they are all appropriate fixes for
         -rc IMO
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (22 commits)
        bnxt_re: Don't issue cmd to delete GID for QP1 GID entry before the QP is destroyed
        bnxt_re: Fix memory leak in FRMR path
        bnxt_re: Remove RTNL lock dependency in bnxt_re_query_port
        bnxt_re: Fix race between the netdev register and unregister events
        bnxt_re: Free up devices in module_exit path
        bnxt_re: Fix compare and swap atomic operands
        bnxt_re: Stop issuing further cmds to FW once a cmd times out
        bnxt_re: Fix update of qplib_qp.mtu when modified
        i40iw: Add support for port reuse on active side connections
        i40iw: Add missing VLAN priority
        i40iw: Call i40iw_cm_disconn on modify QP to disconnect
        i40iw: Prevent multiple netdev event notifier registrations
        i40iw: Fail open if there are no available MSI-X vectors
        RDMA/vmw_pvrdma: Fix reporting correct opcodes for completion
        IB/bnxt_re: Fix frame stack compilation warning
        IB/mlx5: fix debugfs cleanup
        IB/ocrdma: fix incorrect fall-through on switch statement
        IB/ipoib: Suppress the retry related completion errors
        iw_cxgb4: remove the stid on listen create failure
        iw_cxgb4: drop listen destroy replies if no ep found
        ...
      ded85032
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 71aa60f6
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix NAPI poll list corruption in enic driver, from Christian
          Lamparter.
      
       2) Fix route use after free, from Eric Dumazet.
      
       3) Fix regression in reuseaddr handling, from Josef Bacik.
      
       4) Assert the size of control messages in compat handling since we copy
          it in from userspace twice. From Meng Xu.
      
       5) SMC layer bug fixes (missing RCU locking, bad refcounting, etc.)
          from Ursula Braun.
      
       6) Fix races in AF_PACKET fanout handling, from Willem de Bruijn.
      
       7) Don't use ARRAY_SIZE on spinlock array which might have zero
          entries, from Geert Uytterhoeven.
      
       8) Fix miscomputation of checksum in ipv6 udp code, from Subash Abhinov
          Kasiviswanathan.
      
       9) Push the ipv6 header properly in ipv6 GRE tunnel driver, from Xin
          Long.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (75 commits)
        inet: fix improper empty comparison
        net: use inet6_rcv_saddr to compare sockets
        net: set tb->fast_sk_family
        net: orphan frags on stand-alone ptype in dev_queue_xmit_nit
        MAINTAINERS: update git tree locations for ieee802154 subsystem
        net: prevent dst uses after free
        net: phy: Fix truncation of large IRQ numbers in phy_attached_print()
        net/smc: no close wait in case of process shut down
        net/smc: introduce a delay
        net/smc: terminate link group if out-of-sync is received
        net/smc: longer delay for client link group removal
        net/smc: adapt send request completion notification
        net/smc: adjust net_device refcount
        net/smc: take RCU read lock for routing cache lookup
        net/smc: add receive timeout check
        net/smc: add missing dev_put
        net: stmmac: Cocci spatch "of_table"
        lan78xx: Use default values loaded from EEPROM/OTP after reset
        lan78xx: Allow EEPROM write for less than MAX_EEPROM_SIZE
        lan78xx: Fix for eeprom read/write when device auto suspend
        ...
      71aa60f6
    • Linus Torvalds's avatar
      Merge tag 'apparmor-pr-2017-09-22' of... · 79444df4
      Linus Torvalds authored
      Merge tag 'apparmor-pr-2017-09-22' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
      
      Pull apparmor updates from John Johansen:
       "This is the apparmor pull request, similar to SELinux and seccomp.
      
        It's the same series that I was sent to James' security tree + one
        regression fix that was found after the series was sent to James and
        would have been sent for v4.14-rc2.
      
        Features:
        - in preparation for secid mapping add support for absolute root view
          based labels
        - add base infastructure for socket mediation
        - add mount mediation
        - add signal mediation
      
        minor cleanups and changes:
        - be defensive, ensure unconfined profiles have dfas initialized
        - add more debug asserts to apparmorfs
        - enable policy unpacking to audit different reasons for failure
        - cleanup conditional check for label in label_print
        - Redundant condition: prev_ns. in [label.c:1498]
      
        Bug Fixes:
        - fix regression in apparmorfs DAC access permissions
        - fix build failure on sparc caused by undeclared signals
        - fix sparse report of incorrect type assignment when freeing label proxies
        - fix race condition in null profile creation
        - Fix an error code in aafs_create()
        - Fix logical error in verify_header()
        - Fix shadowed local variable in unpack_trans_table()"
      
      * tag 'apparmor-pr-2017-09-22' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
        apparmor: fix apparmorfs DAC access permissions
        apparmor: fix build failure on sparc caused by undeclared signals
        apparmor: fix incorrect type assignment when freeing proxies
        apparmor: ensure unconfined profiles have dfas initialized
        apparmor: fix race condition in null profile creation
        apparmor: move new_null_profile to after profile lookup fns()
        apparmor: add base infastructure for socket mediation
        apparmor: add more debug asserts to apparmorfs
        apparmor: make policy_unpack able to audit different info messages
        apparmor: add support for absolute root view based labels
        apparmor: cleanup conditional check for label in label_print
        apparmor: add mount mediation
        apparmor: add the ability to mediate signals
        apparmor: Redundant condition: prev_ns. in [label.c:1498]
        apparmor: Fix an error code in aafs_create()
        apparmor: Fix logical error in verify_header()
        apparmor: Fix shadowed local variable in unpack_trans_table()
      79444df4
    • Josh Poimboeuf's avatar
      x86/asm: Fix inline asm call constraints for Clang · f5caf621
      Josh Poimboeuf authored
      For inline asm statements which have a CALL instruction, we list the
      stack pointer as a constraint to convince GCC to ensure the frame
      pointer is set up first:
      
        static inline void foo()
        {
      	register void *__sp asm(_ASM_SP);
      	asm("call bar" : "+r" (__sp))
        }
      
      Unfortunately, that pattern causes Clang to corrupt the stack pointer.
      
      The fix is easy: convert the stack pointer register variable to a global
      variable.
      
      It should be noted that the end result is different based on the GCC
      version.  With GCC 6.4, this patch has exactly the same result as
      before:
      
      	defconfig	defconfig-nofp	distro		distro-nofp
       before	9820389		9491555		8816046		8516940
       after	9820389		9491555		8816046		8516940
      
      With GCC 7.2, however, GCC's behavior has changed.  It now changes its
      behavior based on the conversion of the register variable to a global.
      That somehow convinces it to *always* set up the frame pointer before
      inserting *any* inline asm.  (Therefore, listing the variable as an
      output constraint is a no-op and is no longer necessary.)  It's a bit
      overkill, but the performance impact should be negligible.  And in fact,
      there's a nice improvement with frame pointers disabled:
      
      	defconfig	defconfig-nofp	distro		distro-nofp
       before	9796316		9468236		9076191		8790305
       after	9796957		9464267		9076381		8785949
      
      So in summary, while listing the stack pointer as an output constraint
      is no longer necessary for newer versions of GCC, it's still needed for
      older versions.
      Suggested-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Reported-by: default avatarMatthias Kaehlcke <mka@chromium.org>
      Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Dmitriy Vyukov <dvyukov@google.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Link: http://lkml.kernel.org/r/3db862e970c432ae823cf515c52b54fec8270e0e.1505942196.git.jpoimboe@redhat.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      f5caf621
    • Josh Poimboeuf's avatar
      objtool: Handle another GCC stack pointer adjustment bug · 0d0970ee
      Josh Poimboeuf authored
      The kbuild bot reported the following warning with GCC 4.4 and a
      randconfig:
      
        net/socket.o: warning: objtool: compat_sock_ioctl()+0x1083: stack state mismatch: cfa1=7+160 cfa2=-1+0
      
      This is caused by another GCC non-optimization, where it backs up and
      restores the stack pointer for no apparent reason:
      
          2f91:       48 89 e0                mov    %rsp,%rax
          2f94:       4c 89 e7                mov    %r12,%rdi
          2f97:       4c 89 f6                mov    %r14,%rsi
          2f9a:       ba 20 00 00 00          mov    $0x20,%edx
          2f9f:       48 89 c4                mov    %rax,%rsp
      
      This issue would have been happily ignored before the following commit:
      
        dd88a0a0 ("objtool: Handle GCC stack pointer adjustment bug")
      
      But now that objtool is paying attention to such stack pointer writes
      to/from a register, it needs to understand them properly.  In this case
      that means recognizing that the "mov %rsp, %rax" instruction is
      potentially a backup of the stack pointer.
      Reported-by: default avatarkbuild test robot <fengguang.wu@intel.com>
      Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Dmitriy Vyukov <dvyukov@google.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Matthias Kaehlcke <mka@chromium.org>
      Cc: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Fixes: dd88a0a0 ("objtool: Handle GCC stack pointer adjustment bug")
      Link: http://lkml.kernel.org/r/8c7aa8e9a36fbbb6655d9d8e7cea58958c912da8.1505942196.git.jpoimboe@redhat.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      0d0970ee
    • Linus Torvalds's avatar
      Merge tag 'acpi-4.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · c65da8e2
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "These fix the initialization of resources in the ACPI WDAT watchdog
        driver, a recent regression in the ACPI device properties handling, a
        recent change in behavior causing the ACPI_HANDLE() macro to only work
        for GPL code and create a MAINTAINERS entry for ACPI PMIC drivers in
        order to specify the official reviewers for that code.
      
        Specifics:
      
         - Fix the initialization of resources in the ACPI WDAT watchdog
           driver that uses unititialized memory which causes compiler
           warnings to be triggered (Arnd Bergmann).
      
         - Fix a recent regression in the ACPI device properties handling that
           causes some device properties data to be skipped during enumeration
           (Sakari Ailus).
      
         - Fix a recent change in behavior that caused the ACPI_HANDLE() macro
           to stop working for non-GPL code which is a problem for the NVidia
           binary graphics driver, for example (John Hubbard).
      
         - Add a MAINTAINERS entry for the ACPI PMIC drivers to specify the
           official reviewers for that code (Rafael Wysocki)"
      
      * tag 'acpi-4.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI: properties: Return _DSD hierarchical extension (data) sub-nodes correctly
        ACPI / bus: Make ACPI_HANDLE() work for non-GPL code again
        ACPI / watchdog: properly initialize resources
        ACPI / PMIC: Add code reviewers to MAINTAINERS
      c65da8e2
    • David S. Miller's avatar
      Merge branch 'net-fix-reuseaddr-regression' · 4e683f49
      David S. Miller authored
      Josef Bacik says:
      
      ====================
      net: fix reuseaddr regression
      
      I introduced a regression when reworking the fastreuse port stuff that allows
      bind conflicts to occur once a reuseaddr successfully opens on an existing tb.
      The root cause is I reversed an if statement which caused us to set the tb as if
      there were no owners on the socket if there were, which obviously is not
      correct.
      
      Dave could you please queue these changes up for -stable, I've run them through
      the net tests and added another test to check for this problem specifically.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4e683f49
    • Josef Bacik's avatar
      inet: fix improper empty comparison · fbed24bc
      Josef Bacik authored
      When doing my reuseport rework I screwed up and changed a
      
      if (hlist_empty(&tb->owners))
      
      to
      
      if (!hlist_empty(&tb->owners))
      
      This is obviously bad as all of the reuseport/reuse logic was reversed,
      which caused weird problems like allowing an ipv4 bind conflict if we
      opened an ipv4 only socket on a port followed by an ipv6 only socket on
      the same port.
      
      Fixes: b9470c27 ("inet: kill smallest_size and smallest_port")
      Reported-by: default avatarCole Robinson <crobinso@redhat.com>
      Signed-off-by: default avatarJosef Bacik <jbacik@fb.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fbed24bc