1. 05 Feb, 2016 1 commit
    • Dmitry Vyukov's avatar
      x86: Fix KASAN false positives in thread_saved_pc() · 75edb54a
      Dmitry Vyukov authored
      thread_saved_pc() reads stack of a potentially running task.
      This can cause false KASAN stack-out-of-bounds reports,
      because the running task concurrently poisons and unpoisons
      own stack.
      
      The same happens in get_wchan(), and get get_wchan() was fixed
      by using READ_ONCE_NOCHECK(). Do the same here.
      
      Example KASAN report triggered by sysrq-t:
      
        BUG: KASAN: out-of-bounds in sched_show_task+0x306/0x3b0 at addr ffff880043c97c18
        Read of size 8 by task syz-executor/23839
        [...]
        page dumped because: kasan: bad access detected
        [...]
        Call Trace:
         [<ffffffff8175ea0e>] __asan_report_load8_noabort+0x3e/0x40
         [<ffffffff813e7a26>] sched_show_task+0x306/0x3b0
         [<ffffffff813e7bf4>] show_state_filter+0x124/0x1a0
         [<ffffffff82d2ca00>] fn_show_state+0x10/0x20
         [<ffffffff82d2cf98>] k_spec+0xa8/0xe0
         [<ffffffff82d3354f>] kbd_event+0xb9f/0x4000
         [<ffffffff843ca8a7>] input_to_handler+0x3a7/0x4b0
         [<ffffffff843d1954>] input_pass_values.part.5+0x554/0x6b0
         [<ffffffff843d29bc>] input_handle_event+0x2ac/0x1070
         [<ffffffff843d3a47>] input_inject_event+0x237/0x280
         [<ffffffff843e8c28>] evdev_write+0x478/0x680
         [<ffffffff817ac653>] __vfs_write+0x113/0x480
         [<ffffffff817ae0e7>] vfs_write+0x167/0x4a0
         [<ffffffff817b13d1>] SyS_write+0x111/0x220
      Signed-off-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Acked-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: glider@google.com
      Cc: kasan-dev@googlegroups.com
      Cc: kcc@google.com
      Cc: linux-kernel@vger.kernel.org
      Cc: ryabinin.a.a@gmail.com
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      75edb54a
  2. 03 Feb, 2016 24 commits
  3. 01 Feb, 2016 10 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 34229b27
      Linus Torvalds authored
      Pull networking fixes from David Miller:
       "This looks like a lot but it's a mixture of regression fixes as well
        as fixes for longer standing issues.
      
         1) Fix on-channel cancellation in mac80211, from Johannes Berg.
      
         2) Handle CHECKSUM_COMPLETE properly in xt_TCPMSS netfilter xtables
            module, from Eric Dumazet.
      
         3) Avoid infinite loop in UDP SO_REUSEPORT logic, also from Eric
            Dumazet.
      
         4) Avoid a NULL deref if we try to set SO_REUSEPORT after a socket is
            bound, from Craig Gallek.
      
         5) GRO key comparisons don't take lightweight tunnels into account,
            from Jesse Gross.
      
         6) Fix struct pid leak via SCM credentials in AF_UNIX, from Eric
            Dumazet.
      
         7) We need to set the rtnl_link_ops of ipv6 SIT tunnels before we
            register them, otherwise the NEWLINK netlink message is missing
            the proper attributes.  From Thadeu Lima de Souza Cascardo.
      
         8) Several Spectrum chip bug fixes for mlxsw switch driver, from Ido
            Schimmel
      
         9) Handle fragments properly in ipv4 easly socket demux, from Eric
            Dumazet.
      
        10) Don't ignore the ifindex key specifier on ipv6 output route
            lookups, from Paolo Abeni"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (128 commits)
        tcp: avoid cwnd undo after receiving ECN
        irda: fix a potential use-after-free in ircomm_param_request
        net: tg3: avoid uninitialized variable warning
        net: nb8800: avoid uninitialized variable warning
        net: vxge: avoid unused function warnings
        net: bgmac: clarify CONFIG_BCMA dependency
        net: hp100: remove unnecessary #ifdefs
        net: davinci_cpdma: use dma_addr_t for DMA address
        ipv6/udp: use sticky pktinfo egress ifindex on connect()
        ipv6: enforce flowi6_oif usage in ip6_dst_lookup_tail()
        netlink: not trim skb for mmaped socket when dump
        vxlan: fix a out of bounds access in __vxlan_find_mac
        net: dsa: mv88e6xxx: fix port VLAN maps
        fib_trie: Fix shift by 32 in fib_table_lookup
        net: moxart: use correct accessors for DMA memory
        ipv4: ipconfig: avoid unused ic_proto_used symbol
        bnxt_en: Fix crash in bnxt_free_tx_skbs() during tx timeout.
        bnxt_en: Exclude rx_drop_pkts hw counter from the stack's rx_dropped counter.
        bnxt_en: Ring free response from close path should use completion ring
        net_sched: drr: check for NULL pointer in drr_dequeue
        ...
      34229b27
    • Linus Torvalds's avatar
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 2c923414
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
       "This fixes the following issues:
      
        API:
         - algif_hash needs to wait for init operations to complete.
         - The has_key setting for shash was always true.
      
        Algorithms:
         - Add missing selections of CRYPTO_HASH.
         - Fix pkcs7 authentication.
      
        Drivers:
         - Fix stack alignment bug in chacha20-ssse3.
         - Fix performance regression in caam due to incorrect setting.
         - Fix potential compile-only build failure of stm32"
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: atmel-aes - remove calls of clk_prepare() from atomic contexts
        crypto: algif_hash - wait for crypto_ahash_init() to complete
        crypto: shash - Fix has_key setting
        hwrng: stm32 - Fix dependencies for !HAS_IOMEM archs
        crypto: ghash,poly1305 - select CRYPTO_HASH where needed
        crypto: chacha20-ssse3 - Align stack pointer to 64 bytes
        PKCS#7: Don't require SpcSpOpusInfo in Authenticode pkcs7 signatures
        crypto: caam - make write transactions bufferable on PPC platforms
      2c923414
    • Linus Torvalds's avatar
      Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · 29a8ea4f
      Linus Torvalds authored
      Pull libnvdimm fixes from Dan Williams:
       "1/ Fixes to the libnvdimm 'pfn' device that establishes a reserved
           area for storing a struct page array.
      
        2/ Fixes for dax operations on a raw block device to prevent pagecache
           collisions with dax mappings.
      
        3/ A fix for pfn_t usage in vm_insert_mixed that lead to a null
           pointer de-reference.
      
        These have received build success notification from the kbuild robot
        across 153 configs and pass the latest ndctl tests"
      
      * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        phys_to_pfn_t: use phys_addr_t
        mm: fix pfn_t to page conversion in vm_insert_mixed
        block: use DAX for partition table reads
        block: revert runtime dax control of the raw block device
        fs, block: force direct-I/O for dax-enabled block devices
        devm_memremap_pages: fix vmem_altmap lifetime + alignment handling
        libnvdimm, pfn: fix restoring memmap location
        libnvdimm: fix mode determination for e820 devices
      29a8ea4f
    • Linus Torvalds's avatar
      Linux 4.5-rc2 · 36f90b0a
      Linus Torvalds authored
      36f90b0a
    • Linus Torvalds's avatar
      Merge tag 'usb-4.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · d784ef58
      Linus Torvalds authored
      Pull USB driver fixes from Greg KH:
       "Here are some small USB fixes and new device ids for 4.5-rc2.  Nothing
        major here, full details are in the shortlog, and all of these have
        been in linux-next successfully"
      
      * tag 'usb-4.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        USB: option: fix Cinterion AHxx enumeration
        USB: mxu11x0: fix memory leak on usb_serial private data
        USB: serial: ftdi_sio: add support for Yaesu SCU-18 cable
        USB: serial: option: Adding support for Telit LE922
        USB: serial: visor: fix crash on detecting device without write_urbs
        USB: visor: fix null-deref at probe
        USB: cp210x: add ID for IAI USB to RS485 adaptor
        usb: hub: do not clear BOS field during reset device
        cdc-acm:exclude Samsung phone 04e8:685d
        usb: cdc-acm: send zero packet for intel 7260 modem
        usb: cdc-acm: handle unlinked urb in acm read callback
      d784ef58
    • Linus Torvalds's avatar
      Merge tag 'tty-4.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 54e3f3e3
      Linus Torvalds authored
      Pull tty/serial fixes from Greg KH:
       "Here are some small tty/serial driver fixes for 4.5-rc2.
      
        They resolve a number of reported problems (the ioctl one specifically
        has been pointed out by numerous people) and one patch adds some new
        device ids for the 8250_pci driver.  All have been in linux-next
        successfully"
      
      * tag 'tty-4.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        serial: 8250_pci: Add Intel Broadwell ports
        staging/speakup: Use tty_ldisc_ref() for paste kworker
        n_tty: Fix unsafe reference to "other" ldisc
        tty: Fix unsafe ldisc reference via ioctl(TIOCGETD)
        tty: Retry failed reopen if tty teardown in-progress
        tty: Wait interruptibly for tty lock on reopen
      54e3f3e3
    • Linus Torvalds's avatar
      Merge tag 'staging-4.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 8c4e378e
      Linus Torvalds authored
      Pull staging fixes from Greg KH:
       "Here are some small staging driver fixes for 4.5-rc2.
      
        One of them predated 4.4-final, but I missed that merge window due to
        the holliday.  The others fix reported issues that have come up
        recently.  The tty change is needed for the speakup driver fix and has
        the ack of the tty driver maintainer as well, i.e.  myself :)
      
        All have been in linux-next with no reported issues"
      
      * tag 'staging-4.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        Staging: speakup: fix read scrolled-back VT
        Staging: speakup: Fix getting port information
        Revert "Staging: panel: usleep_range is preferred over udelay"
        iio: adis_buffer: Fix out-of-bounds memory access
      8c4e378e
    • Linus Torvalds's avatar
      Merge tag 'driver-core-4.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core · f3ca903f
      Linus Torvalds authored
      Pull driver core fix from Greg KH:
       "Here's a single driver core fix that resolves an issue a lot of users
        have been hitting for a while now.  It's been tested a lot and has
        been in linux-next successfully for a while"
      
      * tag 'driver-core-4.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        base/platform: Fix platform drivers with no probe callback
      f3ca903f
    • Linus Torvalds's avatar
      Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · 510ae0c9
      Linus Torvalds authored
      Pull MIPS fix from Ralf Baechle:
       "Just a single revert for a patch which I had upstreamed out of
        sequence"
      
      * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
        Revert "MIPS: bcm63xx: nvram: Remove unused bcm63xx_nvram_get_psi_size() function"
      510ae0c9
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d517be5f
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
       "A bit on the largish side due to a series of fixes for a regression in
        the x86 vector management which was introduced in 4.3.  This work was
        started in December already, but it took some time to fix all corner
        cases and a couple of older bugs in that area which were detected
        while at it
      
        Aside of that a few platform updates for intel-mid, quark and UV and
        two fixes for in the mm code:
         - Use proper types for pgprot values to avoid truncation
         - Prevent a size truncation in the pageattr code when setting page
           attributes for large mappings"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (21 commits)
        x86/mm/pat: Avoid truncation when converting cpa->numpages to address
        x86/mm: Fix types used in pgprot cacheability flags translations
        x86/platform/quark: Print boundaries correctly
        x86/platform/UV: Remove EFI memmap quirk for UV2+
        x86/platform/intel-mid: Join string and fix SoC name
        x86/platform/intel-mid: Enable 64-bit build
        x86/irq: Plug vector cleanup race
        x86/irq: Call irq_force_move_complete with irq descriptor
        x86/irq: Remove outgoing CPU from vector cleanup mask
        x86/irq: Remove the cpumask allocation from send_cleanup_vector()
        x86/irq: Clear move_in_progress before sending cleanup IPI
        x86/irq: Remove offline cpus from vector cleanup
        x86/irq: Get rid of code duplication
        x86/irq: Copy vectormask instead of an AND operation
        x86/irq: Check vector allocation early
        x86/irq: Reorganize the search in assign_irq_vector
        x86/irq: Reorganize the return path in assign_irq_vector
        x86/irq: Do not use apic_chip_data.old_domain as temporary buffer
        x86/irq: Validate that irq descriptor is still active
        x86/irq: Fix a race in x86_vector_free_irqs()
        ...
      d517be5f
  4. 31 Jan, 2016 5 commits
    • Linus Torvalds's avatar
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · dc799d01
      Linus Torvalds authored
      Pull timer fixes from Thomas Gleixner:
       "The timer departement delivers:
      
         - a regression fix for the NTP code along with a proper selftest
         - prevent a spurious timer interrupt in the NOHZ lowres code
         - a fix for user space interfaces returning the remaining time on
           architectures with CONFIG_TIME_LOW_RES=y
         - a few patches to fix COMPILE_TEST fallout"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        tick/nohz: Set the correct expiry when switching to nohz/lowres mode
        clocksource: Fix dependencies for archs w/o HAS_IOMEM
        clocksource: Select CLKSRC_MMIO where needed
        tick/sched: Hide unused oneshot timer code
        kselftests: timers: Add adjtimex SETOFFSET validity tests
        ntp: Fix ADJ_SETOFFSET being used w/ ADJ_NANO
        itimers: Handle relative timers with CONFIG_TIME_LOW_RES proper
        posix-timers: Handle relative timers with CONFIG_TIME_LOW_RES proper
        timerfd: Handle relative timers with CONFIG_TIME_LOW_RES proper
        hrtimer: Handle remaining time proper for TIME_LOW_RES
        clockevents/tcb_clksrc: Prevent disabling an already disabled clock
      dc799d01
    • Linus Torvalds's avatar
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 7ab85d4a
      Linus Torvalds authored
      Pull scheduler fixes from Thomas Gleixner:
       "Three small fixes in the scheduler/core:
      
         - use after free in the numa code
         - crash in the numa init code
         - a simple spelling fix"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        pid: Fix spelling in comments
        sched/numa: Fix use-after-free bug in the task_numa_compare
        sched: Fix crash in sched_init_numa()
      7ab85d4a
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 29d14f08
      Linus Torvalds authored
      Pull perf fixes from Thomas Gleixner:
       "This is much bigger than typical fixes, but Peter found a category of
        races that spurred more fixes and more debugging enhancements.  Work
        started before the merge window, but got finished only now.
      
        Aside of that this contains the usual small fixes to perf and tools.
        Nothing particular exciting"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (43 commits)
        perf: Remove/simplify lockdep annotation
        perf: Synchronously clean up child events
        perf: Untangle 'owner' confusion
        perf: Add flags argument to perf_remove_from_context()
        perf: Clean up sync_child_event()
        perf: Robustify event->owner usage and SMP ordering
        perf: Fix STATE_EXIT usage
        perf: Update locking order
        perf: Remove __free_event()
        perf/bpf: Convert perf_event_array to use struct file
        perf: Fix NULL deref
        perf/x86: De-obfuscate code
        perf/x86: Fix uninitialized value usage
        perf: Fix race in perf_event_exit_task_context()
        perf: Fix orphan hole
        perf stat: Do not clean event's private stats
        perf hists: Fix HISTC_MEM_DCACHELINE width setting
        perf annotate browser: Fix behaviour of Shift-Tab with nothing focussed
        perf tests: Remove wrong semicolon in while loop in CQM test
        perf: Synchronously free aux pages in case of allocation failure
        ...
      29d14f08
    • Linus Torvalds's avatar
      Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · bbfb239a
      Linus Torvalds authored
      Pull locking fix from Thomas Gleixner:
       "A single commit, which makes the rtmutex.wait_lock an irq safe lock.
      
        This prevents a potential deadlock which can be triggered by the rcu
        boosting code from rcu_read_unlock()"
      
      * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        rtmutex: Make wait_lock irq safe
      bbfb239a
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 30e4c9ad
      Linus Torvalds authored
      Pull IRQ fixes from Ingo Molnar:
       "Mostly irqchip driver fixes, but also an irq core crash fix and a
        build fix"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/mxs: Add missing set_handle_irq()
        irqchip/atmel-aic: Fix wrong bit operation for IRQ priority
        irqchip/gic-v3-its: Recompute the number of pages on page size change
        base: Export platform_msi_domain_[alloc,free]_irqs
        of: MSI: Simplify irqdomain lookup
        irqdomain: Allow domain lookup with DOMAIN_BUS_WIRED token
        irqchip: Fix dependencies for archs w/o HAS_IOMEM
        irqchip/s3c24xx: Mark init_eint as __maybe_unused
        genirq: Validate action before dereferencing it in handle_irq_event_percpu()
      30e4c9ad