1. 24 Sep, 2017 10 commits
    • Ingo Molnar's avatar
      x86/fpu: Simplify __copy_xstate_to_kernel() return values · 8c0817f4
      Ingo Molnar authored
      __copy_xstate_to_kernel() can only return 0 (because kernel copies cannot fail),
      simplify the code throughout.
      
      No change in functionality.
      
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Eric Biggers <ebiggers3@gmail.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
      Link: http://lkml.kernel.org/r/20170923130016.21448-11-mingo@kernel.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      8c0817f4
    • Ingo Molnar's avatar
      x86/fpu: Change 'size_total' parameter to unsigned and standardize the size... · 6ff15f8d
      Ingo Molnar authored
      x86/fpu: Change 'size_total' parameter to unsigned and standardize the size checks in copy_xstate_to_*()
      
      'size_total' is derived from an unsigned input parameter - and then converted
      to 'int' and checked for negative ranges:
      
      	if (size_total < 0 || offset < size_total) {
      
      This conversion and the checks are unnecessary obfuscation, reject overly
      large requested copy sizes outright and simplify the underlying code.
      Reported-by: default avatarRik van Riel <riel@redhat.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Eric Biggers <ebiggers3@gmail.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
      Link: http://lkml.kernel.org/r/20170923130016.21448-10-mingo@kernel.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      6ff15f8d
    • Ingo Molnar's avatar
      x86/fpu: Clarify parameter names in the copy_xstate_to_*() methods · 56583c9a
      Ingo Molnar authored
      Right now there's a confusing mixture of 'offset' and 'size' parameters:
      
       - __copy_xstate_to_*() input parameter 'end_pos' not not really an offset,
         but the full size of the copy to be performed.
      
       - input parameter 'count' to copy_xstate_to_*() shadows that of
         __copy_xstate_to_*()'s 'count' parameter name - but the roles
         are different: the first one is the total number of bytes to
         be copied, while the second one is a partial copy size.
      
      To unconfuse all this, use a consistent set of parameter names:
      
       - 'size' is the partial copy size within a single xstate component
       - 'size_total' is the total copy requested
       - 'offset_start' is the requested starting offset.
       - 'offset' is the offset within an xstate component.
      
      No change in functionality.
      
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Eric Biggers <ebiggers3@gmail.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
      Link: http://lkml.kernel.org/r/20170923130016.21448-9-mingo@kernel.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      56583c9a
    • Ingo Molnar's avatar
      x86/fpu: Remove the 'start_pos' parameter from the __copy_xstate_to_*() functions · 8a5b7318
      Ingo Molnar authored
      'start_pos' is always 0, so remove it and remove the pointless check of 'pos < 0'
      which can not ever be true as 'pos' is unsigned ...
      
      No change in functionality.
      
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Eric Biggers <ebiggers3@gmail.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
      Link: http://lkml.kernel.org/r/20170923130016.21448-8-mingo@kernel.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      8a5b7318
    • Ingo Molnar's avatar
      x86/fpu: Clean up the parameter definitions of copy_xstate_to_*() · becb2bb7
      Ingo Molnar authored
      Remove pointless 'const' of non-pointer input parameter.
      
      Remove unnecessary parenthesis that shows uncertainty about arithmetic operator precedence.
      
      Clarify copy_xstate_to_user() description.
      
      No change in functionality.
      
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Eric Biggers <ebiggers3@gmail.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
      Link: http://lkml.kernel.org/r/20170923130016.21448-7-mingo@kernel.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      becb2bb7
    • Ingo Molnar's avatar
      x86/fpu: Clean up parameter order in the copy_xstate_to_*() APIs · d7eda6c9
      Ingo Molnar authored
      Parameter ordering is weird:
      
        int copy_xstate_to_kernel(unsigned int pos, unsigned int count, void *kbuf, struct xregs_state *xsave);
        int copy_xstate_to_user(unsigned int pos, unsigned int count, void __user *ubuf, struct xregs_state *xsave);
      
      'pos' and 'count', which are attributes of the destination buffer, are listed before the destination
      buffer itself ...
      
      List them after the primary arguments instead.
      
      This makes the code more similar to regular memcpy() variant APIs.
      
      No change in functionality.
      
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Eric Biggers <ebiggers3@gmail.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
      Link: http://lkml.kernel.org/r/20170923130016.21448-6-mingo@kernel.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      d7eda6c9
    • Ingo Molnar's avatar
      x86/fpu: Remove 'kbuf' parameter from the copy_xstate_to_user() APIs · a69c158f
      Ingo Molnar authored
      The 'kbuf' parameter is unused in the _user() side of the API, remove it.
      
      This simplifies the code and makes it easier to think about.
      
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Eric Biggers <ebiggers3@gmail.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
      Link: http://lkml.kernel.org/r/20170923130016.21448-5-mingo@kernel.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      a69c158f
    • Ingo Molnar's avatar
      x86/fpu: Remove 'ubuf' parameter from the copy_xstate_to_kernel() APIs · 4d981cf2
      Ingo Molnar authored
      The 'ubuf' parameter is unused in the _kernel() side of the API, remove it.
      
      This simplifies the code and makes it easier to think about.
      
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Eric Biggers <ebiggers3@gmail.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
      Link: http://lkml.kernel.org/r/20170923130016.21448-4-mingo@kernel.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      4d981cf2
    • Ingo Molnar's avatar
      x86/fpu: Split copy_xstate_to_user() into copy_xstate_to_kernel() & copy_xstate_to_user() · f0d4f30a
      Ingo Molnar authored
      copy_xstate_to_user() is a weird API - in part due to a bad API inherited
      from the regset APIs.
      
      But don't propagate that bad API choice into the FPU code - so as a first
      step split the API into kernel and user buffer handling routines.
      
      (Also split the xstate_copyout() internal helper.)
      
      The split API is a dumb duplication that should be obviously correct, the
      real splitting will be done in the next patch.
      
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Eric Biggers <ebiggers3@gmail.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
      Link: http://lkml.kernel.org/r/20170923130016.21448-3-mingo@kernel.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      f0d4f30a
    • Ingo Molnar's avatar
      x86/fpu: Rename copyin_to_xsaves()/copyout_from_xsaves() to... · 656f0831
      Ingo Molnar authored
      x86/fpu: Rename copyin_to_xsaves()/copyout_from_xsaves() to copy_user_to_xstate()/copy_xstate_to_user()
      
      The 'copyin/copyout' nomenclature needlessly departs from what the modern FPU code
      uses, which is:
      
       copy_fpregs_to_fpstate()
       copy_fpstate_to_sigframe()
       copy_fregs_to_user()
       copy_fxregs_to_kernel()
       copy_fxregs_to_user()
       copy_kernel_to_fpregs()
       copy_kernel_to_fregs()
       copy_kernel_to_fxregs()
       copy_kernel_to_xregs()
       copy_user_to_fregs()
       copy_user_to_fxregs()
       copy_user_to_xregs()
       copy_xregs_to_kernel()
       copy_xregs_to_user()
      
      I.e. according to this pattern, the following rename should be done:
      
        copyin_to_xsaves()    -> copy_user_to_xstate()
        copyout_from_xsaves() -> copy_xstate_to_user()
      
      or, if we want to be pedantic, denote that that the user-space format is ptrace:
      
        copyin_to_xsaves()    -> copy_user_ptrace_to_xstate()
        copyout_from_xsaves() -> copy_xstate_to_user_ptrace()
      
      But I'd suggest the shorter, non-pedantic name.
      
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Eric Biggers <ebiggers3@gmail.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Yu-cheng Yu <yu-cheng.yu@intel.com>
      Link: http://lkml.kernel.org/r/20170923130016.21448-2-mingo@kernel.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      656f0831
  2. 23 Sep, 2017 7 commits
    • Linus Torvalds's avatar
      Merge tag 'acpi-4.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · c65da8e2
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "These fix the initialization of resources in the ACPI WDAT watchdog
        driver, a recent regression in the ACPI device properties handling, a
        recent change in behavior causing the ACPI_HANDLE() macro to only work
        for GPL code and create a MAINTAINERS entry for ACPI PMIC drivers in
        order to specify the official reviewers for that code.
      
        Specifics:
      
         - Fix the initialization of resources in the ACPI WDAT watchdog
           driver that uses unititialized memory which causes compiler
           warnings to be triggered (Arnd Bergmann).
      
         - Fix a recent regression in the ACPI device properties handling that
           causes some device properties data to be skipped during enumeration
           (Sakari Ailus).
      
         - Fix a recent change in behavior that caused the ACPI_HANDLE() macro
           to stop working for non-GPL code which is a problem for the NVidia
           binary graphics driver, for example (John Hubbard).
      
         - Add a MAINTAINERS entry for the ACPI PMIC drivers to specify the
           official reviewers for that code (Rafael Wysocki)"
      
      * tag 'acpi-4.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI: properties: Return _DSD hierarchical extension (data) sub-nodes correctly
        ACPI / bus: Make ACPI_HANDLE() work for non-GPL code again
        ACPI / watchdog: properly initialize resources
        ACPI / PMIC: Add code reviewers to MAINTAINERS
      c65da8e2
    • Linus Torvalds's avatar
      Merge tag 'pm-4.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 6876eb37
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "These fix a cpufreq regression introduced by recent changes related to
        the generic DT driver, an initialization time memory leak in cpuidle
        on ARM, a PM core bug that may cause system suspend/resume to fail on
        some systems, a request type validation issue in the PM QoS framework
        and two documentation-related issues.
      
        Specifics:
      
         - Fix a regression in cpufreq on systems using DT as the source of
           CPU configuration information where two different code paths
           attempt to create the cpufreq-dt device object (there can be only
           one) and fix up the "compatible" matching for some TI platforms on
           top of that (Viresh Kumar, Dave Gerlach).
      
         - Fix an initialization time memory leak in cpuidle on ARM which
           occurs if the cpuidle driver initialization fails (Stefan Wahren).
      
         - Fix a PM core function that checks whether or not there are any
           system suspend/resume callbacks for a device, but forgets to check
           legacy callbacks which then may be skipped incorrectly and the
           system may crash and/or the device may become unusable after a
           suspend-resume cycle (Rafael Wysocki).
      
         - Fix request type validation for latency tolerance PM QoS requests
           which may lead to unexpected behavior (Jan Schönherr).
      
         - Fix a broken link to PM documentation from a header file and a typo
           in a PM document (Geert Uytterhoeven, Rafael Wysocki)"
      
      * tag 'pm-4.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        cpufreq: ti-cpufreq: Support additional am43xx platforms
        ARM: cpuidle: Avoid memleak if init fail
        cpufreq: dt-platdev: Add some missing platforms to the blacklist
        PM: core: Fix device_pm_check_callbacks()
        PM: docs: Drop an excess character from devices.rst
        PM / QoS: Use the correct variable to check the QoS request type
        driver core: Fix link to device power management documentation
      6876eb37
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · d32e5f44
      Linus Torvalds authored
      Pull input fixes from Dmitry Torokhov:
      
       - fixes for two long standing issues (lock up and a crash) in force
         feedback handling in uinput driver
      
       - tweak to firmware update timing in Elan I2C touchpad driver.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: elan_i2c - extend Flash-Write delay
        Input: uinput - avoid crash when sending FF request to device going away
        Input: uinput - avoid FF flush when destroying device
      d32e5f44
    • Linus Torvalds's avatar
      Merge tag 'seccomp-v4.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · c0a3a64e
      Linus Torvalds authored
      Pull seccomp updates from Kees Cook:
       "Major additions:
      
         - sysctl and seccomp operation to discover available actions
           (tyhicks)
      
         - new per-filter configurable logging infrastructure and sysctl
           (tyhicks)
      
         - SECCOMP_RET_LOG to log allowed syscalls (tyhicks)
      
         - SECCOMP_RET_KILL_PROCESS as the new strictest possible action
      
         - self-tests for new behaviors"
      
      [ This is the seccomp part of the security pull request during the merge
        window that was nixed due to unrelated problems   - Linus ]
      
      * tag 'seccomp-v4.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        samples: Unrename SECCOMP_RET_KILL
        selftests/seccomp: Test thread vs process killing
        seccomp: Implement SECCOMP_RET_KILL_PROCESS action
        seccomp: Introduce SECCOMP_RET_KILL_PROCESS
        seccomp: Rename SECCOMP_RET_KILL to SECCOMP_RET_KILL_THREAD
        seccomp: Action to log before allowing
        seccomp: Filter flag to log all actions except SECCOMP_RET_ALLOW
        seccomp: Selftest for detection of filter flag support
        seccomp: Sysctl to configure actions that are allowed to be logged
        seccomp: Operation for checking if an action is available
        seccomp: Sysctl to display available actions
        seccomp: Provide matching filter for introspection
        selftests/seccomp: Refactor RET_ERRNO tests
        selftests/seccomp: Add simple seccomp overhead benchmark
        selftests/seccomp: Add tests for basic ptrace actions
      c0a3a64e
    • Linus Torvalds's avatar
      Merge tag '4.14-smb3-fixes-from-recent-test-events-for-stable' of... · 69c902f5
      Linus Torvalds authored
      Merge tag '4.14-smb3-fixes-from-recent-test-events-for-stable' of git://git.samba.org/sfrench/cifs-2.6
      
      Pull cifs fixes from Steve French:
       "Various SMB3 fixes for stable and security improvements from the
        recently completed SMB3/Samba test events
      
      * tag '4.14-smb3-fixes-from-recent-test-events-for-stable' of git://git.samba.org/sfrench/cifs-2.6:
        SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags
        SMB3: handle new statx fields
        SMB: Validate negotiate (to protect against downgrade) even if signing off
        cifs: release auth_key.response for reconnect.
        cifs: release cifs root_cred after exit_cifs
        CIFS: make arrays static const, reduces object code size
        [SMB3] Update session and share information displayed for debugging SMB2/SMB3
        cifs: show 'soft' in the mount options for hard mounts
        SMB3: Warn user if trying to sign connection that authenticated as guest
        SMB3: Fix endian warning
        Fix SMB3.1.1 guest authentication to Samba
      69c902f5
    • Linus Torvalds's avatar
      Merge tag 'ceph-for-4.14-rc2' of git://github.com/ceph/ceph-client · b03fcfae
      Linus Torvalds authored
      Pull ceph fixes from Ilya Dryomov:
       "Two small but important fixes: RADOS semantic change in upcoming v12.2.1
        release and a rare NULL dereference in create_session_open_msg()"
      
      * tag 'ceph-for-4.14-rc2' of git://github.com/ceph/ceph-client:
        ceph: avoid panic in create_session_open_msg() if utsname() returns NULL
        libceph: don't allow bidirectional swap of pg-upmap-items
      b03fcfae
    • Steve French's avatar
      SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags · 1013e760
      Steve French authored
      Signed-off-by: default avatarSteve French <smfrench@gmail.com>
      CC: Stable <stable@vger.kernel.org>
      Reviewed-by: default avatarRonnie Sahlberg <lsahlber@redhat.com>
      Reviewed-by: default avatarPavel Shilovsky <pshilov@microsoft.com>
      1013e760
  3. 22 Sep, 2017 18 commits
  4. 21 Sep, 2017 5 commits
    • Dmitry Torokhov's avatar
      Input: uinput - avoid crash when sending FF request to device going away · 6b4877c7
      Dmitry Torokhov authored
      If FF request comes in while uinput device is going away,
      uinput_request_send() will fail with -ENODEV, and uinput_request_submit()
      will attempt to mark the slot as unused by calling uinput_request_done().
      Unfortunately in this case we haven't initialized request->done completion
      yet, and we get a crash:
      
      [   39.402036] BUG: spinlock bad magic on CPU#1, fftest/3108
      [   39.402046]  lock: 0xffff88006a93bb00, .magic: 00000000, .owner: /39, .owner_cpu: 1217155072
      [   39.402055] CPU: 1 PID: 3108 Comm: fftest Tainted: G        W 4.13.0+ #15
      [   39.402059] Hardware name: LENOVO 20HQS0EG02/20HQS0EG02, BIOS N1MET37W (1.22 ) 07/04/2017
      [   39.402064]  0000000000000086 f0fad82f3ceaa120 ffff88006a93b9a0 ffffffff9de941bb
      [   39.402077]  ffff88026df8ae00 ffff88006a93bb00 ffff88006a93b9c0 ffffffff9dca62b7
      [   39.402088]  ffff88006a93bb00 ffff88006a93baf8 ffff88006a93b9e0 ffffffff9dca62e7
      [   39.402099] Call Trace:
      [   39.402112]  [<ffffffff9de941bb>] dump_stack+0x4d/0x63
      [   39.402123]  [<ffffffff9dca62b7>] spin_dump+0x97/0x9c
      [   39.402130]  [<ffffffff9dca62e7>] spin_bug+0x2b/0x2d
      [   39.402138]  [<ffffffff9dca6373>] do_raw_spin_lock+0x28/0xfd
      [   39.402147]  [<ffffffff9e3055cd>] _raw_spin_lock_irqsave+0x19/0x1f
      [   39.402154]  [<ffffffff9dca05b7>] complete+0x1d/0x48
      [   39.402162]  [<ffffffffc04f30af>] 0xffffffffc04f30af
      [   39.402167]  [<ffffffffc04f468c>] 0xffffffffc04f468c
      [   39.402177]  [<ffffffff9dd59c16>] ? __slab_free+0x22f/0x359
      [   39.402184]  [<ffffffff9dcc13e9>] ? tk_clock_read+0xc/0xe
      [   39.402189]  [<ffffffffc04f471f>] 0xffffffffc04f471f
      [   39.402195]  [<ffffffff9dc9ffe5>] ? __wake_up+0x44/0x4b
      [   39.402200]  [<ffffffffc04f3240>] ? 0xffffffffc04f3240
      [   39.402207]  [<ffffffff9e0f57f3>] erase_effect+0xa1/0xd2
      [   39.402214]  [<ffffffff9e0f58c6>] input_ff_flush+0x43/0x5c
      [   39.402219]  [<ffffffffc04f32ad>] 0xffffffffc04f32ad
      [   39.402227]  [<ffffffff9e0f174f>] input_flush_device+0x3d/0x51
      [   39.402234]  [<ffffffff9e0f69ae>] evdev_flush+0x49/0x5c
      [   39.402243]  [<ffffffff9dd62d6e>] filp_close+0x3f/0x65
      [   39.402253]  [<ffffffff9dd7dcf7>] put_files_struct+0x66/0xc1
      [   39.402261]  [<ffffffff9dd7ddeb>] exit_files+0x47/0x4e
      [   39.402270]  [<ffffffff9dc6b329>] do_exit+0x483/0x969
      [   39.402278]  [<ffffffff9dc73211>] ? recalc_sigpending_tsk+0x3d/0x44
      [   39.402285]  [<ffffffff9dc6c7a2>] do_group_exit+0x42/0xb0
      [   39.402293]  [<ffffffff9dc767e1>] get_signal+0x58d/0x5bf
      [   39.402300]  [<ffffffff9dc03701>] do_signal+0x37/0x53e
      [   39.402307]  [<ffffffff9e0f8401>] ? evdev_ioctl_handler+0xac8/0xb04
      [   39.402314]  [<ffffffff9e0f8464>] ? evdev_ioctl+0x10/0x12
      [   39.402321]  [<ffffffff9dd74cfa>] ? do_vfs_ioctl+0x42e/0x501
      [   39.402328]  [<ffffffff9dc0170e>] prepare_exit_to_usermode+0x66/0x90
      [   39.402333]  [<ffffffff9dc0181b>] syscall_return_slowpath+0xe3/0xec
      [   39.402339]  [<ffffffff9e305b7b>] int_ret_from_sys_call+0x25/0x8f
      
      While we could solve this by simply initializing the completion earlier, we
      are better off rearranging the code a bit so we avoid calling complete() on
      requests that we did not send out. This patch consolidates marking request
      slots as free in one place (in uinput_request_submit(), the same place
      where we acquire them) and having everyone else simply signal completion
      of the requests.
      
      Fixes: 00ce756c ("Input: uinput - mark failed submission requests as free")
      Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      6b4877c7
    • Dmitry Torokhov's avatar
      Input: uinput - avoid FF flush when destroying device · e8b95728
      Dmitry Torokhov authored
      Normally, when input device supporting force feedback effects is being
      destroyed, we try to "flush" currently playing effects, so that the
      physical device does not continue vibrating (or executing other effects).
      Unfortunately this does not work well for uinput as flushing of the effects
      deadlocks with the destroy action:
      
      - if device is being destroyed because the file descriptor is being closed,
        then there is noone to even service FF requests;
      
      - if device is being destroyed because userspace sent UI_DEV_DESTROY,
        while theoretically it could be possible to service FF requests,
        userspace is unlikely to do so (they'd need to make sure FF handling
        happens on a separate thread) even if kernel solves the issue with FF
        ioctls deadlocking with UI_DEV_DESTROY ioctl on udev->mutex.
      
      To avoid lockups like the one below, let's install a custom input device
      flush handler, and avoid trying to flush force feedback effects when we
      destroying the device, and instead rely on uinput to shut off the device
      properly.
      
      NMI watchdog: Watchdog detected hard LOCKUP on cpu 3
      ...
       <<EOE>>  [<ffffffff817a0307>] _raw_spin_lock_irqsave+0x37/0x40
       [<ffffffff810e633d>] complete+0x1d/0x50
       [<ffffffffa00ba08c>] uinput_request_done+0x3c/0x40 [uinput]
       [<ffffffffa00ba587>] uinput_request_submit.part.7+0x47/0xb0 [uinput]
       [<ffffffffa00bb62b>] uinput_dev_erase_effect+0x5b/0x76 [uinput]
       [<ffffffff815d91ad>] erase_effect+0xad/0xf0
       [<ffffffff815d929d>] flush_effects+0x4d/0x90
       [<ffffffff815d4cc0>] input_flush_device+0x40/0x60
       [<ffffffff815daf1c>] evdev_cleanup+0xac/0xc0
       [<ffffffff815daf5b>] evdev_disconnect+0x2b/0x60
       [<ffffffff815d74ac>] __input_unregister_device+0xac/0x150
       [<ffffffff815d75f7>] input_unregister_device+0x47/0x70
       [<ffffffffa00bac45>] uinput_destroy_device+0xb5/0xc0 [uinput]
       [<ffffffffa00bb2de>] uinput_ioctl_handler.isra.9+0x65e/0x740 [uinput]
       [<ffffffff811231ab>] ? do_futex+0x12b/0xad0
       [<ffffffffa00bb3f8>] uinput_ioctl+0x18/0x20 [uinput]
       [<ffffffff81241248>] do_vfs_ioctl+0x298/0x480
       [<ffffffff81337553>] ? security_file_ioctl+0x43/0x60
       [<ffffffff812414a9>] SyS_ioctl+0x79/0x90
       [<ffffffff817a04ee>] entry_SYSCALL_64_fastpath+0x12/0x71
      Reported-by: default avatarRodrigo Rivas Costa <rodrigorivascosta@gmail.com>
      Reported-by: default avatarClément VUCHENER <clement.vuchener@gmail.com>
      Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=193741Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      e8b95728
    • Linus Torvalds's avatar
      Merge tag 'kbuild-fixes-v4.14' of... · 4a704d6d
      Linus Torvalds authored
      Merge tag 'kbuild-fixes-v4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
       "Here are some early Kbuild fixes.
      
        The in-kernel firmware was removed during the previous merge window.
        Since then, some bug reports of broken rpm building are flying in ML.
        We need to fix it now.
      
        Summary:
      
         - remove firmware install from rpm-pkg / deb-pkg
      
         - fix mismatch between release number and UTS_VERSION for rpm-pkg"
      
      * tag 'kbuild-fixes-v4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        kbuild: rpm-pkg: fix version number handling
        kbuild: deb-pkg: remove firmware package support
        kbuild: rpm-pkg: delete firmware_install to fix build error
      4a704d6d
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 449cd5d2
      Linus Torvalds authored
      Pull misc fixes from Al Viro:
       "A couple of regression fixes, one for this merge window, one for the
        previous cycle"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        ipc/shm: Fix order of parameters when calling copy_compat_shmid_to_user
        iov_iter: fix page_copy_sane for compound pages
      449cd5d2
    • Linus Torvalds's avatar
      Merge tag 'mtd/fixes-for-4.14-rc2' of git://git.infradead.org/linux-mtd · d9fde269
      Linus Torvalds authored
      Pull mtd fixes from Boris Brezillon:
       "SPI NOR:
         - Fix the SFDP parsing code (bugs reported by Geert Uytterhoeven)
      
        NAND:
         - Fix a resource leak in the lpc32xx_mlc driver
         - Fix a build warning in the core"
      
      * tag 'mtd/fixes-for-4.14-rc2' of git://git.infradead.org/linux-mtd:
        mtd: nand: remove unused blockmask variable
        mtd: nand: lpc32xx_mlc: Fix an error handling path in lpc32xx_nand_probe()
        mtd: spi-nor: fix DMA unsafe buffer issue in spi_nor_read_sfdp()
        mtd: spi-nor: Check consistency of the memory size extracted from the SFDP
      d9fde269