1. 18 Jun, 2020 4 commits
    • Linus Torvalds's avatar
      Merge branch 'hch' (maccess patches from Christoph Hellwig) · 5e857ce6
      Linus Torvalds authored
      Merge non-faulting memory access cleanups from Christoph Hellwig:
       "Andrew and I decided to drop the patches implementing your suggested
        rename of the probe_kernel_* and probe_user_* helpers from -mm as
        there were way to many conflicts.
      
        After -rc1 might be a good time for this as all the conflicts are
        resolved now"
      
      This also adds a type safety checking patch on top of the renaming
      series to make the subtle behavioral difference between 'get_user()' and
      'get_kernel_nofault()' less potentially dangerous and surprising.
      
      * emailed patches from Christoph Hellwig <hch@lst.de>:
        maccess: make get_kernel_nofault() check for minimal type compatibility
        maccess: rename probe_kernel_address to get_kernel_nofault
        maccess: rename probe_user_{read,write} to copy_{from,to}_user_nofault
        maccess: rename probe_kernel_{read,write} to copy_{from,to}_kernel_nofault
      5e857ce6
    • Linus Torvalds's avatar
      maccess: make get_kernel_nofault() check for minimal type compatibility · 0c389d89
      Linus Torvalds authored
      Now that we've renamed probe_kernel_address() to get_kernel_nofault()
      and made it look and behave more in line with get_user(), some of the
      subtle type behavior differences end up being more obvious and possibly
      dangerous.
      
      When you do
      
              get_user(val, user_ptr);
      
      the type of the access comes from the "user_ptr" part, and the above
      basically acts as
      
              val = *user_ptr;
      
      by design (except, of course, for the fact that the actual dereference
      is done with a user access).
      
      Note how in the above case, the type of the end result comes from the
      pointer argument, and then the value is cast to the type of 'val' as
      part of the assignment.
      
      So the type of the pointer is ultimately the more important type both
      for the access itself.
      
      But 'get_kernel_nofault()' may now _look_ similar, but it behaves very
      differently.  When you do
      
              get_kernel_nofault(val, kernel_ptr);
      
      it behaves like
      
              val = *(typeof(val) *)kernel_ptr;
      
      except, of course, for the fact that the actual dereference is done with
      exception handling so that a faulting access is suppressed and returned
      as the error code.
      
      But note how different the casting behavior of the two superficially
      similar accesses are: one does the actual access in the size of the type
      the pointer points to, while the other does the access in the size of
      the target, and ignores the pointer type entirely.
      
      Actually changing get_kernel_nofault() to act like get_user() is almost
      certainly the right thing to do eventually, but in the meantime this
      patch adds logit to at least verify that the pointer type is compatible
      with the type of the result.
      
      In many cases, this involves just casting the pointer to 'void *' to
      make it obvious that the type of the pointer is not the important part.
      It's not how 'get_user()' acts, but at least the behavioral difference
      is now obvious and explicit.
      
      Cc: Christoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0c389d89
    • Christoph Hellwig's avatar
      maccess: rename probe_kernel_address to get_kernel_nofault · 25f12ae4
      Christoph Hellwig authored
      Better describe what this helper does, and match the naming of
      copy_from_kernel_nofault.
      
      Also switch the argument order around, so that it acts and looks
      like get_user().
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      25f12ae4
    • Luc Van Oostenryck's avatar
      sparse: use identifiers to define address spaces · 670d0a4b
      Luc Van Oostenryck authored
      Currently, address spaces in warnings are displayed as '<asn:X>' with
      'X' being the address space's arbitrary number.
      
      But since sparse v0.6.0-rc1 (late December 2018), sparse allows you to
      define the address spaces using an identifier instead of a number.  This
      identifier is then directly used in the warnings.
      
      So, use the identifiers '__user', '__iomem', '__percpu' & '__rcu' for
      the corresponding address spaces.  The default address space, __kernel,
      being not displayed in warnings, stays defined as '0'.
      
      With this change, warnings that used to be displayed as:
      
      	cast removes address space '<asn:1>' of expression
      	... void [noderef] <asn:2> *
      
      will now be displayed as:
      
      	cast removes address space '__user' of expression
      	... void [noderef] __iomem *
      
      This also moves the __kernel annotation to be the first one, since it is
      quite different from the others because it's the default one, and so:
      
       - it's never displayed
      
       - it's normally not needed, nor in type annotations, nor in cast
         between address spaces. The only time it's needed is when it's
         combined with a typeof to express "the same type as this one but
         without the address space"
      
       - it can't be defined with a name, '0' must be used.
      
      So, it seemed strange to me to have it in the middle of the other
      ones.
      Signed-off-by: default avatarLuc Van Oostenryck <luc.vanoostenryck@gmail.com>
      Acked-by: default avatarMiguel Ojeda <miguel.ojeda.sandonis@gmail.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      670d0a4b
  2. 17 Jun, 2020 8 commits
    • Linus Torvalds's avatar
      Merge tag 'dma-mapping-5.8-3' of git://git.infradead.org/users/hch/dma-mapping · 1b504402
      Linus Torvalds authored
      Pull dma-mapping fixes from Christoph Hellwig:
       "Fixes for the SEV atomic pool (Geert Uytterhoeven and David Rientjes)"
      
      * tag 'dma-mapping-5.8-3' of git://git.infradead.org/users/hch/dma-mapping:
        dma-pool: decouple DMA_REMAP from DMA_COHERENT_POOL
        dma-pool: fix too large DMA pools on medium memory size systems
      1b504402
    • Christoph Hellwig's avatar
      maccess: rename probe_user_{read,write} to copy_{from,to}_user_nofault · c0ee37e8
      Christoph Hellwig authored
      Better describe what these functions do.
      Suggested-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      c0ee37e8
    • Christoph Hellwig's avatar
      fe557319
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 69119673
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Don't get per-cpu pointer with preemption enabled in nft_set_pipapo,
          fix from Stefano Brivio.
      
       2) Fix memory leak in ctnetlink, from Pablo Neira Ayuso.
      
       3) Multiple definitions of MPTCP_PM_MAX_ADDR, from Geliang Tang.
      
       4) Accidently disabling NAPI in non-error paths of macb_open(), from
          Charles Keepax.
      
       5) Fix races between alx_stop and alx_remove, from Zekun Shen.
      
       6) We forget to re-enable SRIOV during resume in bnxt_en driver, from
          Michael Chan.
      
       7) Fix memory leak in ipv6_mc_destroy_dev(), from Wang Hai.
      
       8) rxtx stats use wrong index in mvpp2 driver, from Sven Auhagen.
      
       9) Fix memory leak in mptcp_subflow_create_socket error path, from Wei
          Yongjun.
      
      10) We should not adjust the TCP window advertised when sending dup acks
          in non-SACK mode, because it won't be counted as a dup by the sender
          if the window size changes. From Eric Dumazet.
      
      11) Destroy the right number of queues during remove in mvpp2 driver,
          from Sven Auhagen.
      
      12) Various WOL and PM fixes to e1000 driver, from Chen Yu, Vaibhav
          Gupta, and Arnd Bergmann.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (35 commits)
        e1000e: fix unused-function warning
        e1000: use generic power management
        e1000e: Do not wake up the system via WOL if device wakeup is disabled
        lan743x: add MODULE_DEVICE_TABLE for module loading alias
        mlxsw: spectrum: Adjust headroom buffers for 8x ports
        bareudp: Fixed configuration to avoid having garbage values
        mvpp2: remove module bugfix
        tcp: grow window for OOO packets only for SACK flows
        mptcp: fix memory leak in mptcp_subflow_create_socket()
        netfilter: flowtable: Make nf_flow_table_offload_add/del_cb inline
        net/sched: act_ct: Make tcf_ct_flow_table_restore_skb inline
        net: dsa: sja1105: fix PTP timestamping with large tc-taprio cycles
        mvpp2: ethtool rxtx stats fix
        MAINTAINERS: switch to my private email for Renesas Ethernet drivers
        rocker: fix incorrect error handling in dma_rings_init
        test_objagg: Fix potential memory leak in error handling
        net: ethernet: mtk-star-emac: simplify interrupt handling
        mld: fix memory leak in ipv6_mc_destroy_dev()
        bnxt_en: Return from timer if interface is not in open state.
        bnxt_en: Fix AER reset logic on 57500 chips.
        ...
      69119673
    • Linus Torvalds's avatar
      Merge tag 'afs-fixes-20200616' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs · 26c20ffc
      Linus Torvalds authored
      Pull AFS fixes from David Howells:
       "I've managed to get xfstests kind of working with afs. Here are a set
        of patches that fix most of the bugs found.
      
        There are a number of primary issues:
      
         - Incorrect handling of mtime and non-handling of ctime. It might be
           argued, that the latter isn't a bug since the AFS protocol doesn't
           support ctime, but I should probably still update it locally.
      
         - Shared-write mmap, truncate and writeback bugs. This includes not
           changing i_size under the callback lock, overwriting local i_size
           with the reply from the server after a partial writeback, not
           limiting the writeback from an mmapped page to EOF.
      
         - Checks for an abort code indicating that the primary vnode in an
           operation was deleted by a third-party are done in the wrong place.
      
         - Silly rename bugs. This includes an incomplete conversion to the
           new operation handling, duplicate nlink handling, nlink changing
           not being done inside the callback lock and insufficient handling
           of third-party conflicting directory changes.
      
        And some secondary ones:
      
         - The UAEOVERFLOW abort code should map to EOVERFLOW not EREMOTEIO.
      
         - Remove a couple of unused or incompletely used bits.
      
         - Remove a couple of redundant success checks.
      
        These seem to fix all the data-corruption bugs found by
      
      	./check -afs -g quick
      
        along with the obvious silly rename bugs and time bugs.
      
        There are still some test failures, but they seem to fall into two
        classes: firstly, the authentication/security model is different to
        the standard UNIX model and permission is arbitrated by the server and
        cached locally; and secondly, there are a number of features that AFS
        does not support (such as mknod). But in these cases, the tests
        themselves need to be adapted or skipped.
      
        Using the in-kernel afs client with xfstests also found a bug in the
        AuriStor AFS server that has been fixed for a future release"
      
      * tag 'afs-fixes-20200616' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
        afs: Fix silly rename
        afs: afs_vnode_commit_status() doesn't need to check the RPC error
        afs: Fix use of afs_check_for_remote_deletion()
        afs: Remove afs_operation::abort_code
        afs: Fix yfs_fs_fetch_status() to honour vnode selector
        afs: Remove yfs_fs_fetch_file_status() as it's not used
        afs: Fix the mapping of the UAEOVERFLOW abort code
        afs: Fix truncation issues and mmap writeback size
        afs: Concoct ctimes
        afs: Fix EOF corruption
        afs: afs_write_end() should change i_size under the right lock
        afs: Fix non-setting of mtime when writing into mmap
      26c20ffc
    • Randy Dunlap's avatar
      Documentation: remove SH-5 index entries · f17957f7
      Randy Dunlap authored
      Remove SH-5 documentation index entries following the removal
      of SH-5 source code.
      
      Error: Cannot open file ../arch/sh/mm/tlb-sh5.c
      Error: Cannot open file ../arch/sh/mm/tlb-sh5.c
      Error: Cannot open file ../arch/sh/include/asm/tlb_64.h
      Error: Cannot open file ../arch/sh/include/asm/tlb_64.h
      
      Fixes: 3b69e8b4 ("Merge tag 'sh-for-5.8' of git://git.libc.org/linux-sh")
      Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Reviewed-by: default avatarGeert Uytterhoeven <geert+renesas@glider.be>
      Cc: Rich Felker <dalias@libc.org>
      Cc: Christoph Hellwig <hch@infradead.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: ysato@users.sourceforge.jp
      Cc: linux-sh@vger.kernel.org
      Cc: Geert Uytterhoeven <geert@linux-m68k.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f17957f7
    • Linus Torvalds's avatar
      Merge tag 'flex-array-conversions-5.8-rc2' of... · ffbc9376
      Linus Torvalds authored
      Merge tag 'flex-array-conversions-5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux
      
      Pull flexible-array member conversions from Gustavo A. R. Silva:
       "Replace zero-length arrays with flexible-array members.
      
        Notice that all of these patches have been baking in linux-next for
        two development cycles now.
      
        There is a regular need in the kernel to provide a way to declare
        having a dynamically sized set of trailing elements in a structure.
        Kernel code should always use “flexible array members”[1] for these
        cases. The older style of one-element or zero-length arrays should no
        longer be used[2].
      
        C99 introduced “flexible array members”, which lacks a numeric size
        for the array declaration entirely:
      
              struct something {
                      size_t count;
                      struct foo items[];
              };
      
        This is the way the kernel expects dynamically sized trailing elements
        to be declared. It allows the compiler to generate errors when the
        flexible array does not occur last in the structure, which helps to
        prevent some kind of undefined behavior[3] bugs from being
        inadvertently introduced to the codebase.
      
        It also allows the compiler to correctly analyze array sizes (via
        sizeof(), CONFIG_FORTIFY_SOURCE, and CONFIG_UBSAN_BOUNDS). For
        instance, there is no mechanism that warns us that the following
        application of the sizeof() operator to a zero-length array always
        results in zero:
      
              struct something {
                      size_t count;
                      struct foo items[0];
              };
      
              struct something *instance;
      
              instance = kmalloc(struct_size(instance, items, count), GFP_KERNEL);
              instance->count = count;
      
              size = sizeof(instance->items) * instance->count;
              memcpy(instance->items, source, size);
      
        At the last line of code above, size turns out to be zero, when one
        might have thought it represents the total size in bytes of the
        dynamic memory recently allocated for the trailing array items. Here
        are a couple examples of this issue[4][5].
      
        Instead, flexible array members have incomplete type, and so the
        sizeof() operator may not be applied[6], so any misuse of such
        operators will be immediately noticed at build time.
      
        The cleanest and least error-prone way to implement this is through
        the use of a flexible array member:
      
              struct something {
                      size_t count;
                      struct foo items[];
              };
      
              struct something *instance;
      
              instance = kmalloc(struct_size(instance, items, count), GFP_KERNEL);
              instance->count = count;
      
              size = sizeof(instance->items[0]) * instance->count;
              memcpy(instance->items, source, size);
      
        instead"
      
      [1] https://en.wikipedia.org/wiki/Flexible_array_member
      [2] https://github.com/KSPP/linux/issues/21
      [3] commit 76497732 ("cxgb3/l2t: Fix undefined behaviour")
      [4] commit f2cd32a4 ("rndis_wlan: Remove logically dead code")
      [5] commit ab91c2a8 ("tpm: eventlog: Replace zero-length array with flexible-array member")
      [6] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
      
      * tag 'flex-array-conversions-5.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux: (41 commits)
        w1: Replace zero-length array with flexible-array
        tracing/probe: Replace zero-length array with flexible-array
        soc: ti: Replace zero-length array with flexible-array
        tifm: Replace zero-length array with flexible-array
        dmaengine: tegra-apb: Replace zero-length array with flexible-array
        stm class: Replace zero-length array with flexible-array
        Squashfs: Replace zero-length array with flexible-array
        ASoC: SOF: Replace zero-length array with flexible-array
        ima: Replace zero-length array with flexible-array
        sctp: Replace zero-length array with flexible-array
        phy: samsung: Replace zero-length array with flexible-array
        RxRPC: Replace zero-length array with flexible-array
        rapidio: Replace zero-length array with flexible-array
        media: pwc: Replace zero-length array with flexible-array
        firmware: pcdp: Replace zero-length array with flexible-array
        oprofile: Replace zero-length array with flexible-array
        block: Replace zero-length array with flexible-array
        tools/testing/nvdimm: Replace zero-length array with flexible-array
        libata: Replace zero-length array with flexible-array
        kprobes: Replace zero-length array with flexible-array
        ...
      ffbc9376
    • Arvind Sankar's avatar
      x86/purgatory: Add -fno-stack-protector · ff58155c
      Arvind Sankar authored
      The purgatory Makefile removes -fstack-protector options if they were
      configured in, but does not currently add -fno-stack-protector.
      
      If gcc was configured with the --enable-default-ssp configure option,
      this results in the stack protector still being enabled for the
      purgatory (absent distro-specific specs files that might disable it
      again for freestanding compilations), if the main kernel is being
      compiled with stack protection enabled (if it's disabled for the main
      kernel, the top-level Makefile will add -fno-stack-protector).
      
      This will break the build since commit
        e4160b2e ("x86/purgatory: Fail the build if purgatory.ro has missing symbols")
      and prior to that would have caused runtime failure when trying to use
      kexec.
      
      Explicitly add -fno-stack-protector to avoid this, as done in other
      Makefiles that need to disable the stack protector.
      Reported-by: default avatarGabriel C <nix.or.die@googlemail.com>
      Signed-off-by: default avatarArvind Sankar <nivedita@alum.mit.edu>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ff58155c
  3. 16 Jun, 2020 28 commits