1. 20 Oct, 2017 7 commits
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-for-v4.14-rc6' of git://people.freedesktop.org/~airlied/linux · d92116a0
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Standard fixes pull for rc6: one regression fix for amdgpu, a bunch of
        nouveau fixes that I'd missed a pull req for from Ben last week, some
        exynos regression fixes, and a few fixes for i915"
      
      * tag 'drm-fixes-for-v4.14-rc6' of git://people.freedesktop.org/~airlied/linux:
        drm/nouveau/fbcon: fix oops without fbdev emulation
        Revert "drm/amdgpu: discard commands of killed processes"
        drm/i915: Use a mask when applying WaProgramL3SqcReg1Default
        drm/i915: Report -EFAULT before pwrite fast path into shmemfs
        drm/i915/cnl: Fix PLL initialization for HDMI.
        drm/i915/cnl: Fix PLL mapping.
        drm/i915: Use bdw_ddi_translations_fdi for Broadwell
        drm/i915: Fix eviction when the GGTT is idle but full
        drm/i915/gvt: Fix GPU hang after reusing vGPU instance across different guest OS
        drm/exynos: Clear drvdata after component unbind
        drm/exynos: Fix potential NULL pointer dereference in suspend/resume paths
        drm/nouveau/kms/nv50: fix oops during DP IRQ handling on non-MST boards
        drm/nouveau/bsp/g92: disable by default
        drm/nouveau/mmu: flush tlbs before deleting page tables
      d92116a0
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · eb62722a
      Linus Torvalds authored
      Pull i2c fixes from Wolfram Sang:
       "A couple of bugfixes for I2C drivers.
      
        Because the changes for the piix4 driver are larger than usual, the
        patches have been in linux-next for more than a week with no reports
        coming in. The rest is usual stuff"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: omap: Fix error handling for clk_get()
        i2c: piix4: Disable completely the IMC during SMBUS_BLOCK_DATA
        i2c: piix4: Fix SMBus port selection for AMD Family 17h chips
        i2c: imx: fix misleading bus recovery debug message
        i2c: imx: use IRQF_SHARED mode to request IRQ
        i2c: ismt: Separate I2C block read from SMBus block read
      eb62722a
    • Linus Torvalds's avatar
      Merge branch 'fixes-v4.14-rc5' of... · 03b652e5
      Linus Torvalds authored
      Merge branch 'fixes-v4.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
      
      Pull key handling fixes from James Morris:
       "This includes a fix for the capabilities code from Colin King, and a
        set of further fixes for the keys subsystem. From David:
      
         - Fix a bunch of places where kernel drivers may access revoked
           user-type keys and don't do it correctly.
      
         - Fix some ecryptfs bits.
      
         - Fix big_key to require CONFIG_CRYPTO.
      
         - Fix a couple of bugs in the asymmetric key type.
      
         - Fix a race between updating and finding negative keys.
      
         - Prevent add_key() from updating uninstantiated keys.
      
         - Make loading of key flags and expiry time atomic when not holding
           locks"
      
      * 'fixes-v4.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        commoncap: move assignment of fs_ns to avoid null pointer dereference
        pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.
        KEYS: load key flags and expiry time atomically in proc_keys_show()
        KEYS: Load key expiry time atomically in keyring_search_iterator()
        KEYS: load key flags and expiry time atomically in key_validate()
        KEYS: don't let add_key() update an uninstantiated key
        KEYS: Fix race between updating and finding a negative key
        KEYS: checking the input id parameters before finding asymmetric key
        KEYS: Fix the wrong index when checking the existence of second id
        security/keys: BIG_KEY requires CONFIG_CRYPTO
        ecryptfs: fix dereference of NULL user_key_payload
        fscrypt: fix dereference of NULL user_key_payload
        lib/digsig: fix dereference of NULL user_key_payload
        FS-Cache: fix dereference of NULL user_key_payload
        KEYS: encrypted: fix dereference of NULL user_key_payload
      03b652e5
    • Linus Torvalds's avatar
      Merge tag 'pm-4.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · ce43f4fd
      Linus Torvalds authored
      Pull power management fix from Rafael Wysocki:
       "This reverts a problematic commit modifying the turbostat utility that
        went in during the 4.13 cycle (Len Brown)"
      
      * tag 'pm-4.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        Revert "tools/power turbostat: stop migrating, unless '-m'"
      ce43f4fd
    • Paul E. McKenney's avatar
      doc: Fix various RCU docbook comment-header problems · 27fdb35f
      Paul E. McKenney authored
      Because many of RCU's files have not been included into docbook, a
      number of errors have accumulated.  This commit fixes them.
      Signed-off-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      27fdb35f
    • Paul E. McKenney's avatar
      doc: Fix RCU's docbook options · 533966c8
      Paul E. McKenney authored
      Commit 764f8079 ("doc: Add RCU files to docbook-generation files")
      added :external: options for RCU source files in the file
      Documentation/core-api/kernel-api.rst.  However, this now means nothing,
      so this commit removes them.
      Reported-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Reported-by: default avatarAkira Yokosawa <akiyks@gmail.com>
      Signed-off-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      533966c8
    • Mathieu Desnoyers's avatar
      membarrier: Provide register expedited private command · a961e409
      Mathieu Desnoyers authored
      This introduces a "register private expedited" membarrier command which
      allows eventual removal of important memory barrier constraints on the
      scheduler fast-paths. It changes how the "private expedited" membarrier
      command (new to 4.14) is used from user-space.
      
      This new command allows processes to register their intent to use the
      private expedited command.  This affects how the expedited private
      command introduced in 4.14-rc is meant to be used, and should be merged
      before 4.14 final.
      
      Processes are now required to register before using
      MEMBARRIER_CMD_PRIVATE_EXPEDITED, otherwise that command returns EPERM.
      
      This fixes a problem that arose when designing requested extensions to
      sys_membarrier() to allow JITs to efficiently flush old code from
      instruction caches.  Several potential algorithms are much less painful
      if the user register intent to use this functionality early on, for
      example, before the process spawns the second thread.  Registering at
      this time removes the need to interrupt each and every thread in that
      process at the first expedited sys_membarrier() system call.
      Signed-off-by: default avatarMathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Acked-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a961e409
  2. 19 Oct, 2017 9 commits
  3. 18 Oct, 2017 24 commits
    • Dave Airlie's avatar
      Merge branch 'linux-4.14' of git://github.com/skeggsb/linux into drm-fixes · a3a3d479
      Dave Airlie authored
      some nouveau fixes.
      
      * 'linux-4.14' of git://github.com/skeggsb/linux:
        drm/nouveau/fbcon: fix oops without fbdev emulation
        drm/nouveau/kms/nv50: fix oops during DP IRQ handling on non-MST boards
        drm/nouveau/bsp/g92: disable by default
        drm/nouveau/mmu: flush tlbs before deleting page tables
      a3a3d479
    • Pavel Roskin's avatar
      drm/nouveau/fbcon: fix oops without fbdev emulation · 48137663
      Pavel Roskin authored
      This is similar to an earlier commit 52dfcc5c ("drm/nouveau: fix for
      disabled fbdev emulation"), but protects all occurrences of helper.fbdev
      in the source.
      
      I see oops in nouveau_fbcon_accel_save_disable() called from
      nouveau_fbcon_set_suspend_work() on Linux 3.13 when
      CONFIG_DRM_FBDEV_EMULATION option is disabled.
      Signed-off-by: default avatarPavel Roskin <plroskin@gmail.com>
      Reviewed-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      Signed-off-by: default avatarBen Skeggs <bskeggs@redhat.com>
      48137663
    • Linus Torvalds's avatar
      Merge tag 'xfs-4.14-fixes-6' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · 73d3393a
      Linus Torvalds authored
      Pull xfs fixes from Darrick Wong:
      
       - fix some more CONFIG_XFS_RT related build problems
      
       - fix data loss when writeback at eof races eofblocks gc and loses
      
       - invalidate page cache after fs finishes a dio write
      
       - remove dirty page state when invalidating pages so releasepage does
         the right thing when handed a dirty page
      
      * tag 'xfs-4.14-fixes-6' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: move two more RT specific functions into CONFIG_XFS_RT
        xfs: trim writepage mapping to within eof
        fs: invalidate page cache after end_io() in dio completion
        xfs: cancel dirty pages on invalidation
      73d3393a
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · 020b3023
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "Three small fixes:
      
         - A fix for skd, it was using kfree() to free a structure allocate
           with kmem_cache_alloc().
      
         - Stable fix for nbd, fixing a regression using the normal ioctl
           based tools.
      
         - Fix for a previous fix in this series, that fixed up
           inconsistencies between buffered and direct IO"
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        fs: Avoid invalidation in interrupt context in dio_complete()
        nbd: don't set the device size until we're connected
        skd: Use kmem_cache_free
      020b3023
    • Alex Deucher's avatar
      Revert "drm/amdgpu: discard commands of killed processes" · c9450127
      Alex Deucher authored
      This causes instability in piglit.  It's fixed in drm-next with:
      515c6faf
      1650c14b
      214a91e6
      29d25355
      79867462
      
      This reverts commit 6af0883e.
      Signed-off-by: default avatarAlex Deucher <alexander.deucher@amd.com>
      c9450127
    • Oscar Mateo's avatar
      drm/i915: Use a mask when applying WaProgramL3SqcReg1Default · dd00ed9e
      Oscar Mateo authored
      Otherwise we are blasting other bits in GEN8_L3SQCREG1 that might be important
      (although we probably aren't at the moment because 0 seems to be the default
      for all the other bits).
      
      v2: Extra parentheses (Michel)
      
      Fixes: 050fc465 ("drm/i915:bxt: implement WaProgramL3SqcReg1DefaultForPerf")
      Fixes: 450174fe ("drm/i915/chv: Tune L3 SQC credits based on actual latencies")
      Signed-off-by: default avatarOscar Mateo <oscar.mateo@intel.com>
      Cc: Chris Wilson <chris@chris-wilson.co.uk>
      Cc: Mika Kuoppala <mika.kuoppala@linux.intel.com>
      Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
      Cc: Imre Deak <imre.deak@intel.com>
      Reviewed-by: default avatarMichel Thierry <michel.thierry@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/1508271945-14961-1-git-send-email-oscar.mateo@intel.comSigned-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
      (cherry picked from commit 930a784d)
      Signed-off-by: default avatarRodrigo Vivi <rodrigo.vivi@intel.com>
      dd00ed9e
    • Chris Wilson's avatar
      drm/i915: Report -EFAULT before pwrite fast path into shmemfs · ca8d7822
      Chris Wilson authored
      When pwriting into shmemfs, the fast path pagecache_write does not
      notice when it is writing to beyond the end of the truncated shmemfs
      inode. Report -EFAULT directly when we try to use pwrite into the
      !I915_MADV_WILLNEED object.
      
      Fixes: 7c55e2c5 ("drm/i915: Use pagecache write to prepopulate shmemfs from pwrite-ioctl")
      Testcase: igt/gem_madvise/dontneed-before-pwrite
      Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
      Cc: Matthew Auld <matthew.william.auld@gmail.com>
      Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
      Cc: Mika Kuoppala <mika.kuoppala@linux.intel.com>
      Reviewed-by: default avatarJoonas Lahtinen <joonas.lahtinen@linux.intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20171016202732.25459-1-chris@chris-wilson.co.uk
      (cherry picked from commit a6d65e45)
      Signed-off-by: default avatarRodrigo Vivi <rodrigo.vivi@intel.com>
      ca8d7822
    • Linus Torvalds's avatar
      Merge tag 'enforcement-4.14-rc6' of... · 3e0cc09a
      Linus Torvalds authored
      Merge tag 'enforcement-4.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
      
      Pull enforcement policy update from Greg KH:
       "Documentation: Add a file explaining the requested Linux kernel
        license enforcement policy
      
        Here's a new file to the kernel's Documentation directory. It adds a
        short document describing the views of how the Linux kernel community
        feels about enforcing the license of the kernel.
      
        The patch has been reviewed by a large number of kernel developers
        already, as seen by their acks on the patch, and their agreement of
        the statement with their names on it. The location of the file was
        also agreed upon by the Documentation maintainer, so all should be
        good there.
      
        For some background information about this statement, see this article
        written by some of the kernel developers involved in drafting it:
      
      	http://kroah.com/log/blog/2017/10/16/linux-kernel-community-enforcement-statement/
      
        and this article that answers a number of questions that came up in
        the discussion of this statement with the kernel developer community:
      
      	http://kroah.com/log/blog/2017/10/16/linux-kernel-community-enforcement-statement-faq/
      
        If anyone has any further questions about it, please let me, and the
        TAB members, know and we will be glad to help answer them"
      
      * tag 'enforcement-4.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        Documentation: Add a file explaining the Linux kernel license enforcement policy
      3e0cc09a
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 96b0e525
      Linus Torvalds authored
      Pull s390 fixes from Martin Schwidefsky:
       "Two bug fixes:
      
         - A fix for cputime accounting vs CPU hotplug
      
         - Add two options to zfcpdump_defconfig to make SCSI dump work again"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390: fix zfcpdump-config
        s390/cputime: fix guest/irq/softirq times after CPU hotplug
      96b0e525
    • Linus Torvalds's avatar
      Merge tag 'trace-v4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 503f7e29
      Linus Torvalds authored
      Pull tracing fix from Steven Rostedt:
       "Testing a new trace event format, I triggered a bug by doing:
      
          # modprobe trace-events-sample
          # echo 1 > /sys/kernel/debug/tracing/events/sample-trace/enable
          # rmmod trace-events-sample
      
        This would cause an oops. The issue is that I added another trace
        event sample that reused a reg function of another trace event to
        create a thread to call the tracepoints. The problem was that the reg
        function couldn't handle nested calls (reg; reg; unreg; unreg;) and
        created two threads (instead of one) and only removed one on exit.
      
        This isn't a critical bug as the bug is only in sample code. But
        sample code should be free of known bugs to prevent others from
        copying it. This is why this is also marked for stable"
      
      * tag 'trace-v4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracing/samples: Fix creation and deletion of simple_thread_fn creation
      503f7e29
    • Takashi Iwai's avatar
      ALSA: hda - Fix incorrect TLV callback check introduced during set_fs() removal · a91d6612
      Takashi Iwai authored
      The commit 99b5c5bb ("ALSA: hda - Remove the use of set_fs()")
      converted the get_kctl_0dB_offset() call for killing set_fs() usage in
      HD-audio codec code.  The conversion assumed that the TLV callback
      used in HD-audio code is only snd_hda_mixer_amp() and applies the TLV
      calculation locally.
      
      Although this assumption is correct, and all slave kctls are actually
      with that callback, the current code is still utterly buggy; it
      doesn't hit this condition and falls back to the next check.  It's
      because the function gets called after adding slave kctls to vmaster.
      By assigning a slave kctl, the slave kctl object is faked inside
      vmaster code, and the whole kctl ops are overridden.  Thus the
      callback op points to a different value from what we've assumed.
      
      More badly, as reported by the KERNEXEC and UDEREF features of PaX,
      the code flow turns into the unexpected pitfall.  The next fallback
      check is SNDRV_CTL_ELEM_ACCESS_TLV_READ access bit, and this always
      hits for each kctl with TLV.  Then it evaluates the callback function
      pointer wrongly as if it were a TLV array.  Although currently its
      side-effect is fairly limited, this incorrect reference may lead to an
      unpleasant result.
      
      For addressing the regression, this patch introduces a new helper to
      vmaster code, snd_ctl_apply_vmaster_slaves().  This works similarly
      like the existing map_slaves() in hda_codec.c: it loops over the slave
      list of the given master, and applies the given function to each
      slave.  Then the initializer function receives the right kctl object
      and we can compare the correct pointer instead of the faked one.
      
      Also, for catching the similar breakage in future, give an error
      message when the unexpected TLV callback is found and bail out
      immediately.
      
      Fixes: 99b5c5bb ("ALSA: hda - Remove the use of set_fs()")
      Reported-by: default avatarPaX Team <pageexec@freemail.hu>
      Cc: <stable@vger.kernel.org> # v4.13
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      a91d6612
    • Takashi Iwai's avatar
      ALSA: hda: Remove superfluous '-' added by printk conversion · 6bf88a34
      Takashi Iwai authored
      While converting the error messages to the standard macros in the
      commit 4e76a883 ("ALSA: hda - Replace with standard printk"), a
      superfluous '-' slipped in the code mistakenly.  Its influence is
      almost negligible, merely shows a dB value as negative integer instead
      of positive integer (or vice versa) in the rare error message.
      So let's kill this embarrassing byte to show more correct value.
      
      Fixes: 4e76a883 ("ALSA: hda - Replace with standard printk")
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      6bf88a34
    • Takashi Iwai's avatar
      ALSA: hda: Abort capability probe at invalid register read · 098a0a62
      Takashi Iwai authored
      The loop in snd_hdac_bus_parse_capabilities() may go to nirvana when
      it hits an invalid register value read:
      
       BUG: unable to handle kernel paging request at ffffad5dc41f3fff
       IP: pci_azx_readl+0x5/0x10 [snd_hda_intel]
       Call Trace:
        snd_hdac_bus_parse_capabilities+0x3c/0x1f0 [snd_hda_core]
        azx_probe_continue+0x7d5/0x940 [snd_hda_intel]
        .....
      
      This happened on a new Intel machine, and we need to check the value
      and abort the loop accordingly.
      
      [Note: the fixes tag below indicates only the commit where this patch
       can be applied; the original problem was introduced even before that
       commit]
      
      Fixes: 6720b384 ("ALSA: hda - move bus_parse_capabilities to core")
      Cc: <stable@vger.kernel.org>
      Acked-by: default avatarVinod Koul <vinod.koul@intel.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      098a0a62
    • Eric Sesterhenn's avatar
      pkcs7: Prevent NULL pointer dereference, since sinfo is not always set. · 68a1fdbb
      Eric Sesterhenn authored
      The ASN.1 parser does not necessarily set the sinfo field,
      this patch prevents a NULL pointer dereference on broken
      input.
      
      Fixes: 99db4435 ("PKCS#7: Appropriately restrict authenticated attributes and content type")
      Signed-off-by: default avatarEric Sesterhenn <eric.sesterhenn@x41-dsec.de>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: stable@vger.kernel.org # 4.3+
      68a1fdbb
    • Eric Biggers's avatar
      KEYS: load key flags and expiry time atomically in proc_keys_show() · ab5c69f0
      Eric Biggers authored
      In proc_keys_show(), the key semaphore is not held, so the key ->flags
      and ->expiry can be changed concurrently.  We therefore should read them
      atomically just once.
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      ab5c69f0
    • Eric Biggers's avatar
      KEYS: Load key expiry time atomically in keyring_search_iterator() · 9d6c8711
      Eric Biggers authored
      Similar to the case for key_validate(), we should load the key ->expiry
      once atomically in keyring_search_iterator(), since it can be changed
      concurrently with the flags whenever the key semaphore isn't held.
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      9d6c8711
    • Eric Biggers's avatar
      KEYS: load key flags and expiry time atomically in key_validate() · 1823d475
      Eric Biggers authored
      In key_validate(), load the flags and expiry time once atomically, since
      these can change concurrently if key_validate() is called without the
      key semaphore held.  And we don't want to get inconsistent results if a
      variable is referenced multiple times.  For example, key->expiry was
      referenced in both 'if (key->expiry)' and in 'if (now.tv_sec >=
      key->expiry)', making it theoretically possible to see a spurious
      EKEYEXPIRED while the expiration time was being removed, i.e. set to 0.
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      1823d475
    • David Howells's avatar
      KEYS: don't let add_key() update an uninstantiated key · 60ff5b2f
      David Howells authored
      Currently, when passed a key that already exists, add_key() will call the
      key's ->update() method if such exists.  But this is heavily broken in the
      case where the key is uninstantiated because it doesn't call
      __key_instantiate_and_link().  Consequently, it doesn't do most of the
      things that are supposed to happen when the key is instantiated, such as
      setting the instantiation state, clearing KEY_FLAG_USER_CONSTRUCT and
      awakening tasks waiting on it, and incrementing key->user->nikeys.
      
      It also never takes key_construction_mutex, which means that
      ->instantiate() can run concurrently with ->update() on the same key.  In
      the case of the "user" and "logon" key types this causes a memory leak, at
      best.  Maybe even worse, the ->update() methods of the "encrypted" and
      "trusted" key types actually just dereference a NULL pointer when passed an
      uninstantiated key.
      
      Change key_create_or_update() to wait interruptibly for the key to finish
      construction before continuing.
      
      This patch only affects *uninstantiated* keys.  For now we still allow a
      negatively instantiated key to be updated (thereby positively
      instantiating it), although that's broken too (the next patch fixes it)
      and I'm not sure that anyone actually uses that functionality either.
      
      Here is a simple reproducer for the bug using the "encrypted" key type
      (requires CONFIG_ENCRYPTED_KEYS=y), though as noted above the bug
      pertained to more than just the "encrypted" key type:
      
          #include <stdlib.h>
          #include <unistd.h>
          #include <keyutils.h>
      
          int main(void)
          {
              int ringid = keyctl_join_session_keyring(NULL);
      
              if (fork()) {
                  for (;;) {
                      const char payload[] = "update user:foo 32";
      
                      usleep(rand() % 10000);
                      add_key("encrypted", "desc", payload, sizeof(payload), ringid);
                      keyctl_clear(ringid);
                  }
              } else {
                  for (;;)
                      request_key("encrypted", "desc", "callout_info", ringid);
              }
          }
      
      It causes:
      
          BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
          IP: encrypted_update+0xb0/0x170
          PGD 7a178067 P4D 7a178067 PUD 77269067 PMD 0
          PREEMPT SMP
          CPU: 0 PID: 340 Comm: reproduce Tainted: G      D         4.14.0-rc1-00025-g428490e3 #796
          Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
          task: ffff8a467a39a340 task.stack: ffffb15c40770000
          RIP: 0010:encrypted_update+0xb0/0x170
          RSP: 0018:ffffb15c40773de8 EFLAGS: 00010246
          RAX: 0000000000000000 RBX: ffff8a467a275b00 RCX: 0000000000000000
          RDX: 0000000000000005 RSI: ffff8a467a275b14 RDI: ffffffffb742f303
          RBP: ffffb15c40773e20 R08: 0000000000000000 R09: ffff8a467a275b17
          R10: 0000000000000020 R11: 0000000000000000 R12: 0000000000000000
          R13: 0000000000000000 R14: ffff8a4677057180 R15: ffff8a467a275b0f
          FS:  00007f5d7fb08700(0000) GS:ffff8a467f200000(0000) knlGS:0000000000000000
          CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
          CR2: 0000000000000018 CR3: 0000000077262005 CR4: 00000000001606f0
          Call Trace:
           key_create_or_update+0x2bc/0x460
           SyS_add_key+0x10c/0x1d0
           entry_SYSCALL_64_fastpath+0x1f/0xbe
          RIP: 0033:0x7f5d7f211259
          RSP: 002b:00007ffed03904c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
          RAX: ffffffffffffffda RBX: 000000003b2a7955 RCX: 00007f5d7f211259
          RDX: 00000000004009e4 RSI: 00000000004009ff RDI: 0000000000400a04
          RBP: 0000000068db8bad R08: 000000003b2a7955 R09: 0000000000000004
          R10: 000000000000001a R11: 0000000000000246 R12: 0000000000400868
          R13: 00007ffed03905d0 R14: 0000000000000000 R15: 0000000000000000
          Code: 77 28 e8 64 34 1f 00 45 31 c0 31 c9 48 8d 55 c8 48 89 df 48 8d 75 d0 e8 ff f9 ff ff 85 c0 41 89 c4 0f 88 84 00 00 00 4c 8b 7d c8 <49> 8b 75 18 4c 89 ff e8 24 f8 ff ff 85 c0 41 89 c4 78 6d 49 8b
          RIP: encrypted_update+0xb0/0x170 RSP: ffffb15c40773de8
          CR2: 0000000000000018
      
      Cc: <stable@vger.kernel.org> # v2.6.12+
      Reported-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: Eric Biggers <ebiggers@google.com>
      60ff5b2f
    • David Howells's avatar
      KEYS: Fix race between updating and finding a negative key · 363b02da
      David Howells authored
      Consolidate KEY_FLAG_INSTANTIATED, KEY_FLAG_NEGATIVE and the rejection
      error into one field such that:
      
       (1) The instantiation state can be modified/read atomically.
      
       (2) The error can be accessed atomically with the state.
      
       (3) The error isn't stored unioned with the payload pointers.
      
      This deals with the problem that the state is spread over three different
      objects (two bits and a separate variable) and reading or updating them
      atomically isn't practical, given that not only can uninstantiated keys
      change into instantiated or rejected keys, but rejected keys can also turn
      into instantiated keys - and someone accessing the key might not be using
      any locking.
      
      The main side effect of this problem is that what was held in the payload
      may change, depending on the state.  For instance, you might observe the
      key to be in the rejected state.  You then read the cached error, but if
      the key semaphore wasn't locked, the key might've become instantiated
      between the two reads - and you might now have something in hand that isn't
      actually an error code.
      
      The state is now KEY_IS_UNINSTANTIATED, KEY_IS_POSITIVE or a negative error
      code if the key is negatively instantiated.  The key_is_instantiated()
      function is replaced with key_is_positive() to avoid confusion as negative
      keys are also 'instantiated'.
      
      Additionally, barriering is included:
      
       (1) Order payload-set before state-set during instantiation.
      
       (2) Order state-read before payload-read when using the key.
      
      Further separate barriering is necessary if RCU is being used to access the
      payload content after reading the payload pointers.
      
      Fixes: 146aa8b1 ("KEYS: Merge the type-specific data with the payload data")
      Cc: stable@vger.kernel.org # v4.4+
      Reported-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-by: default avatarEric Biggers <ebiggers@google.com>
      363b02da
    • Chun-Yi Lee's avatar
      KEYS: checking the input id parameters before finding asymmetric key · b3811d36
      Chun-Yi Lee authored
      For finding asymmetric key, the input id_0 and id_1 parameters can
      not be NULL at the same time. This patch adds the BUG_ON checking
      for id_0 and id_1.
      
      Cc: David Howells <dhowells@redhat.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: default avatarChun-Yi Lee <jlee@suse.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      b3811d36
    • Chun-Yi Lee's avatar
      KEYS: Fix the wrong index when checking the existence of second id · 6a6d2a77
      Chun-Yi Lee authored
      Fix the wrong index number when checking the existence of second
      id in function of finding asymmetric key. The id_1 is the second
      id that the index in array must be 1 but not 0.
      
      Fixes: 9eb02989 (KEYS: Generalise x509_request_asymmetric_key())
      Cc: David Howells <dhowells@redhat.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: default avatarChun-Yi Lee <jlee@suse.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      6a6d2a77
    • Arnd Bergmann's avatar
      security/keys: BIG_KEY requires CONFIG_CRYPTO · 3cd18d19
      Arnd Bergmann authored
      The recent rework introduced a possible randconfig build failure
      when CONFIG_CRYPTO configured to only allow modules:
      
      security/keys/big_key.o: In function `big_key_crypt':
      big_key.c:(.text+0x29f): undefined reference to `crypto_aead_setkey'
      security/keys/big_key.o: In function `big_key_init':
      big_key.c:(.init.text+0x1a): undefined reference to `crypto_alloc_aead'
      big_key.c:(.init.text+0x45): undefined reference to `crypto_aead_setauthsize'
      big_key.c:(.init.text+0x77): undefined reference to `crypto_destroy_tfm'
      crypto/gcm.o: In function `gcm_hash_crypt_remain_continue':
      gcm.c:(.text+0x167): undefined reference to `crypto_ahash_finup'
      crypto/gcm.o: In function `crypto_gcm_exit_tfm':
      gcm.c:(.text+0x847): undefined reference to `crypto_destroy_tfm'
      
      When we 'select CRYPTO' like the other users, we always get a
      configuration that builds.
      
      Fixes: 428490e3 ("security/keys: rewrite all of big_key crypto")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      3cd18d19
    • Ben Hutchings's avatar
      ALSA: seq: Enable 'use' locking in all configurations · 8009d506
      Ben Hutchings authored
      The 'use' locking macros are no-ops if neither SMP or SND_DEBUG is
      enabled.  This might once have been OK in non-preemptible
      configurations, but even in that case snd_seq_read() may sleep while
      relying on a 'use' lock.  So always use the proper implementations.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarBen Hutchings <ben.hutchings@codethink.co.uk>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      8009d506
    • Len Brown's avatar
      Revert "tools/power turbostat: stop migrating, unless '-m'" · c97cc7db
      Len Brown authored
      This reverts commit c91fc851.
      
      That change caused a C6 and PC6 residency regression on large idle systems.
      
      Users also complained about new output indicating jitter:
      
      turbostat: cpu6 jitter 3794 9142
      Signed-off-by: default avatarLen Brown <len.brown@intel.com>
      Cc: 4.13+ <stable@vger.kernel.org> # v4.13+
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      c97cc7db