September 2018 - Linux-stable-mirror

by Ben Hutchings

I'm announcing the release of the 3.16.58 kernel. All users of the 3.16 kernel series should upgrade. The updated 3.16.y git tree can be found at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-3.16.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git The diff from 3.16.57 is attached to this message. Ben. ------------ Makefile | 2 +- arch/Kconfig | 1 + arch/x86/include/asm/intel-family.h | 1 + arch/x86/include/asm/kvm_emulate.h | 6 +- arch/x86/include/uapi/asm/msr-index.h | 1 + arch/x86/kernel/cpu/amd.c | 13 +++ arch/x86/kernel/cpu/bugs.c | 59 ++++---------- arch/x86/kernel/cpu/common.c | 17 ++-- arch/x86/kernel/entry_64.S | 13 +-- arch/x86/kernel/i387.c | 24 ++++++ arch/x86/kernel/paravirt.c | 14 +++- arch/x86/kernel/process.c | 62 +++++++++------ arch/x86/kernel/xsave.c | 24 +----- arch/x86/kvm/emulate.c | 76 ++++++++++-------- arch/x86/kvm/vmx.c | 20 +++-- arch/x86/kvm/x86.c | 91 ++++++++++++++------- arch/x86/kvm/x86.h | 4 +- arch/x86/syscalls/syscall_32.tbl | 1 + arch/x86/syscalls/syscall_64.tbl | 1 + drivers/cdrom/cdrom.c | 2 +- drivers/infiniband/core/ucma.c | 6 +- drivers/scsi/libsas/sas_scsi_host.c | 33 +++----- drivers/scsi/sg.c | 2 +- drivers/scsi/sr_ioctl.c | 21 ++--- drivers/staging/usbip/stub.h | 2 + drivers/staging/usbip/stub_dev.c | 69 +++++++++------- drivers/staging/usbip/stub_main.c | 100 +++++++++++++++++++++-- drivers/usb/misc/yurex.c | 23 ++---- drivers/usb/storage/uas.c | 8 +- drivers/video/fbdev/uvesafb.c | 3 +- fs/btrfs/relocation.c | 23 +++--- fs/ext4/balloc.c | 21 +++-- fs/ext4/ext4.h | 8 -- fs/ext4/ext4_extents.h | 1 + fs/ext4/extents.c | 6 ++ fs/ext4/ialloc.c | 19 ++++- fs/ext4/inline.c | 39 +-------- fs/ext4/inode.c | 3 +- fs/ext4/mballoc.c | 6 +- fs/ext4/super.c | 41 +++++++++- fs/ext4/xattr.c | 49 ++++++------ fs/hfsplus/dir.c | 4 +- fs/inode.c | 6 ++ fs/jbd2/transaction.c | 2 +- fs/jfs/xattr.c | 10 ++- fs/xfs/xfs_attr_leaf.c | 5 +- fs/xfs/xfs_bmap.c | 2 + fs/xfs/xfs_icache.c | 58 ++++++++++++-- include/linux/mm_types.h | 2 +- include/linux/sched.h | 2 +- include/linux/syscalls.h | 2 + include/linux/vmacache.h | 5 -- include/uapi/asm-generic/unistd.h | 4 +- include/uapi/linux/seccomp.h | 4 + kernel/futex.c | 99 +++++++++++++++++++++-- kernel/seccomp.c | 146 ++++++++++++++++++++++++++++------ kernel/sys_ni.c | 3 + mm/vmacache.c | 36 --------- net/bluetooth/hidp/core.c | 4 +- net/core/sock.c | 2 + net/ipv4/ip_vti.c | 1 + sound/core/rawmidi.c | 20 +++-- 62 files changed, 846 insertions(+), 486 deletions(-) Alexander Potapenko (1): scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() Alexey Khoroshilov (1): usbip: fix error handling in stub_probe() Andy Lutomirski (1): x86/entry/64: Remove %ebx handling from error_entry/exit Ben Hutchings (3): x86/fpu: Default eagerfpu if FPU and FXSR are enabled Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU" Linux 3.16.58 Borislav Petkov (1): x86/cpu/AMD: Fix erratum 1076 (CPB bit) Christoph Paasch (1): net: Set sk_prot_creator when cloning sockets to the right proto Cong Wang (1): infiniband: fix a possible use-after-free bug Dave Chinner (2): xfs: catch inode allocation state mismatch corruption xfs: validate cached inodes are free when allocated Eric Sandeen (2): xfs: set format back to extents if xfs_bmap_extents_to_btree xfs: don't call xfs_da_shrink_inode with NULL bp Ernesto A. Fernández (1): hfsplus: fix NULL dereference in hfsplus_lookup() Ingo Molnar (2): x86/fpu: Fix the 'nofxsr' boot parameter to also clear X86_FEATURE_FXSR_OPT x86/speculation: Clean up various Spectre related details Jann Horn (1): USB: yurex: fix out-of-bounds uaccess in read handler Jason Yan (1): scsi: libsas: defer ata device eh commands to libata Jens Axboe (1): sr: pass down correctly sized SCSI sense buffer Jiri Kosina (1): x86/speculation: Protect against userspace-userspace spectreRSB Kees Cook (5): video: uvesafb: Fix integer overflow in allocation seccomp: create internal mode-setting function seccomp: extract check/assign mode helpers seccomp: split mode setting routines seccomp: add "seccomp" syscall Kyle Huey (2): x86/process: Optimize TIF checks in __switch_to_xtra() x86/process: Correct and optimize TIF_BLOCKSTEP switch Linus Torvalds (2): Fix up non-directory creation in SGID directories mm: get rid of vmacache_flush_all() entirely Mark Salyzyn (1): Bluetooth: hidp: buffer overflow in hidp_process_report Mel Gorman (2): futex: Remove requirement for lock_page() in get_futex_key() futex: Remove unnecessary warning from get_futex_key Nadav Amit (1): KVM: x86: Emulator ignores LDTR/TR extended base on LLDT/LTR Paolo Bonzini (4): KVM: x86: introduce linear_{read,write}_system KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access KVM: x86: introduce num_emulated_msrs Peter Zijlstra (1): x86/paravirt: Fix spectre-v2 mitigations for paravirt guests Piotr Luc (1): x86/cpu/intel: Add Knights Mill to Intel family Qu Wenruo (1): btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized Sanjeev Sharma (1): uas: replace WARN_ON_ONCE() with lockdep_assert_held() Scott Bauer (1): cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status Shankara Pailoor (1): jfs: Fix inconsistency between memory allocation and ea_buf->max_size Shuah Khan (2): usbip: usbip_host: fix to hold parent lock for device_attach() calls usbip: usbip_host: refine probe and disconnect debug msgs to be useful Shuah Khan (Samsung OSG) (4): usbip: usbip_host: delete device from busid_table after rebind usbip: usbip_host: run rebind from exit when module is removed usbip: usbip_host: fix NULL-ptr deref and use-after-free errors usbip: usbip_host: fix bad unlock balance during stub_probe() Takashi Iwai (1): ALSA: rawmidi: Change resized buffers atomically Theodore Ts'o (14): ext4: only look at the bg_flags field if it is valid ext4: fix check to prevent initializing reserved inodes ext4: verify the depth of extent tree in ext4_find_extent() ext4: always check block group bounds in ext4_init_block_bitmap() ext4: don't allow r/w mounts if metadata blocks overlap the superblock ext4: make sure bitmaps and the inode table don't overlap with bg descriptors ext4: fix false negatives *and* false positives in ext4_check_descriptors() ext4: add corruption check in ext4_xattr_set_entry() ext4: always verify the magic number in xattr blocks ext4: never move the system.data xattr out of the inode body ext4: clear i_data in ext4_inode_info when removing inline data ext4: add more inode number paranoia checks jbd2: don't mark block as modified if the handle is out of credits ext4: avoid running out of journal credits when appending to an inline file

6 years, 2 months

1
0
0 0

[PATCH 4.9 00/44] 4.9.130-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.9.130 release. There are 44 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Sep 29 09:00:54 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.130-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.9.130-rc1 Steve Wise <swise(a)opengridcomputing.com> iw_cxgb4: only allow 1 flush on user qps Nadav Amit <namit(a)vmware.com> vmw_balloon: include asm/io.h Zachary Zhang <zhangzg(a)marvell.com> PCI: aardvark: Size bridges before resources allocation Roderick Colenbrander <roderick.colenbrander(a)sony.com> HID: sony: Support DS4 dongle Roderick Colenbrander <roderick.colenbrander(a)sony.com> HID: sony: Update device ids Steve Muckle <smuckle(a)google.com> sched/fair: Fix vruntime_normalized() for remote non-migration wakeup Eric Biggers <ebiggers(a)google.com> ext4: show test_dummy_encryption mount option in /proc/mounts Li Dongyang <dongyangli(a)ddn.com> ext4: don't mark mmp buffer head dirty Theodore Ts'o <tytso(a)mit.edu> ext4: fix online resizing for bigalloc file systems with a 1k block size Theodore Ts'o <tytso(a)mit.edu> ext4: fix online resize's handling of a too-small final block group Theodore Ts'o <tytso(a)mit.edu> ext4: recalucate superblock checksum after updating free blocks/inodes Theodore Ts'o <tytso(a)mit.edu> ext4: avoid divide by zero fault when deleting corrupted inline directories Theodore Ts'o <tytso(a)mit.edu> ext4: check to make sure the rename(2)'s destination is not freed Gustavo A. R. Silva <gustavo(a)embeddedor.com> tty: vt_ioctl: fix potential Spectre v1 Boris Brezillon <boris.brezillon(a)bootlin.com> drm/vc4: Fix the "no scaling" case on multi-planar YUV formats Lyude Paul <lyude(a)redhat.com> drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early Lyude Paul <lyude(a)redhat.com> drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() Lyude Paul <lyude(a)redhat.com> drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement Junxiao Bi <junxiao.bi(a)oracle.com> ocfs2: fix ocfs2 read block panic Vincent Pelletier <plr.vincent(a)gmail.com> scsi: target: iscsi: Use hex2bin instead of a re-implementation Vasily Khoruzhick <vasilykh(a)arista.com> neighbour: confirm neigh entries when ARP packet is received Paolo Abeni <pabeni(a)redhat.com> udp4: fix IP_CMSG_CHECKSUM for connected sockets Colin Ian King <colin.king(a)canonical.com> net: hp100: fix always-true check for link up state Willy Tarreau <w(a)1wt.eu> net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT Eric Dumazet <edumazet(a)google.com> ipv6: fix possible use-after-free in ip6_xmit() Toke Høiland-Jørgensen <toke(a)toke.dk> gso_segment: Reset skb->mac_len after modifying network header Joel Fernandes (Google) <joel(a)joelfernandes.org> mm: shmem.c: Correctly annotate new inodes for lockdep Vaibhav Nagarnaik <vnagarnaik(a)google.com> ring-buffer: Allow for rescheduling when removing pages Mika Westerberg <mika.westerberg(a)linux.intel.com> Revert "PCI: Add ACS quirk for Intel 300 series" Boris Ostrovsky <boris.ostrovsky(a)oracle.com> xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code Juergen Gross <jgross(a)suse.com> xen/netfront: don't bug in case of too many frags Mario Limonciello <mario.limonciello(a)dell.com> platform/x86: alienware-wmi: Correct a memory leak Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: oxfw: fix memory leak of private data Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: oxfw: fix memory leak of discovered stream formats at error path Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: oxfw: fix memory leak for model-dependent data at error path Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: fireworks: fix memory leak of response buffer at error path Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-tascam: fix memory leak of private data Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: firewire-digi00x: fix memory leak of private data Willy Tarreau <w(a)1wt.eu> ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping Takashi Sakamoto <o-takashi(a)sakamocchi.jp> ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path Sébastien Szymanski <sebastien.szymanski(a)armadeus.com> ASoC: cs4265: fix MMTLR Data switch control Suren Baghdasaryan <surenb(a)google.com> NFC: Fix the number of pipes Suren Baghdasaryan <surenb(a)google.com> NFC: Fix possible memory corruption when handling SHDLC I-Frame commands ------------- Diffstat: Makefile | 4 +-- arch/x86/xen/pmu.c | 2 +- drivers/gpu/drm/nouveau/nouveau_connector.c | 20 ++++++------ drivers/gpu/drm/nouveau/nouveau_display.c | 33 ++++++++++++++----- drivers/gpu/drm/vc4/vc4_plane.c | 25 +++++++-------- drivers/hid/hid-core.c | 3 ++ drivers/hid/hid-ids.h | 2 ++ drivers/hid/hid-sony.c | 6 ++++ drivers/infiniband/hw/cxgb4/qp.c | 6 ++++ drivers/misc/vmw_balloon.c | 1 + drivers/net/appletalk/ipddp.c | 8 +++-- drivers/net/ethernet/hp/hp100.c | 2 +- drivers/net/xen-netfront.c | 8 ++++- drivers/pci/host/pci-aardvark.c | 1 + drivers/pci/quirks.c | 6 ---- drivers/platform/x86/alienware-wmi.c | 1 + drivers/target/iscsi/iscsi_target_auth.c | 30 +++++++++--------- drivers/tty/vt/vt_ioctl.c | 4 +++ fs/ext4/dir.c | 20 ++++++------ fs/ext4/inline.c | 4 ++- fs/ext4/mmp.c | 1 - fs/ext4/namei.c | 6 ++++ fs/ext4/resize.c | 23 +++++++++++++- fs/ext4/super.c | 4 +++ fs/ocfs2/buffer_head_io.c | 1 + include/net/nfc/hci.h | 2 +- kernel/sched/fair.c | 3 +- kernel/trace/ring_buffer.c | 2 ++ mm/shmem.c | 2 ++ net/core/neighbour.c | 13 +++++--- net/ipv4/af_inet.c | 1 + net/ipv4/udp.c | 49 +++++++++++++++-------------- net/ipv6/ip6_offload.c | 1 + net/ipv6/ip6_output.c | 6 ++-- net/nfc/hci/core.c | 10 ++++++ sound/firewire/bebob/bebob.c | 2 ++ sound/firewire/bebob/bebob_maudio.c | 28 ++++++++--------- sound/firewire/digi00x/digi00x.c | 1 + sound/firewire/fireworks/fireworks.c | 2 ++ sound/firewire/oxfw/oxfw.c | 10 ++++++ sound/firewire/tascam/tascam.c | 1 + sound/pci/emu10k1/emufx.c | 2 +- sound/soc/codecs/cs4265.c | 4 +-- 43 files changed, 236 insertions(+), 124 deletions(-)

6 years, 2 months

5
48
0 0

[PATCH] mtd: rawnand: marvell: check for RDY bits after enabling the IRQ

by Daniel Mack

At least on PXA3xx platforms, enabling RDY interrupts in the NDCR register will only cause the IRQ to latch when the RDY lanes are changing, and not in case they are already asserted. This means that if the controller finished the command in flight before marvell_nfc_wait_op() is called, that function will wait for a change in the bit that can't ever happen as it is already set. To mitigate this race, check for the RDY bits after the IRQ was enabled, and only sleep on the condition if the controller isn't ready yet. This fixes a bug that was observed with a NAND chip that holds a UBIFS parition on which file system stress tests were executed. When marvell_nfc_wait_op() reports an error, UBI/UBIFS will eventually mount the filesystem read-only, reporting lots of warnings along the way. Fixes: 02f26ecf8c77 mtd: nand: add reworked Marvell NAND controller driver Cc: stable(a)vger.kernel.org Signed-off-by: Daniel Mack <daniel(a)zonque.org> --- drivers/mtd/nand/raw/marvell_nand.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c index 666f34b58dec..e96ec7b9a152 100644 --- a/drivers/mtd/nand/raw/marvell_nand.c +++ b/drivers/mtd/nand/raw/marvell_nand.c @@ -613,7 +613,8 @@ static int marvell_nfc_wait_cmdd(struct nand_chip *chip) static int marvell_nfc_wait_op(struct nand_chip *chip, unsigned int timeout_ms) { struct marvell_nfc *nfc = to_marvell_nfc(chip->controller); - int ret; + int ret = -EALREADY; + u32 st; /* Timeout is expressed in ms */ if (!timeout_ms) @@ -622,8 +623,15 @@ static int marvell_nfc_wait_op(struct nand_chip *chip, unsigned int timeout_ms) init_completion(&nfc->complete); marvell_nfc_enable_int(nfc, NDCR_RDYM); - ret = wait_for_completion_timeout(&nfc->complete, - msecs_to_jiffies(timeout_ms)); + + /* + * Check if the NDSR_RDY bits have already been set before the + * interrupt was enabled. + */ + st = readl_relaxed(nfc->regs + NDSR); + if (!(st & (NDSR_RDY(0) | NDSR_RDY(1)))) + ret = wait_for_completion_timeout(&nfc->complete, + msecs_to_jiffies(timeout_ms)); marvell_nfc_disable_int(nfc, NDCR_RDYM); marvell_nfc_clear_int(nfc, NDSR_RDY(0) | NDSR_RDY(1)); if (!ret) { -- 2.17.1

6 years, 2 months

3
7
0 0

Re: [PATCH 4.14 31/64] spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers

by Sudip Mukherjee

Hi Greg, On Thu, Sep 27, 2018 at 10:03 AM, Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> wrote: > 4.14-stable review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Kirill Kapranov <kirill.kapranov(a)compulab.co.il> > > commit 1a4327fbf4554d5b78d75b19a13d40d6de220159 upstream. > > On systems where some controllers get a dynamic ID assigned and some have > a fixed number (e.g. from ACPI tables), the current implementation might > run into an IDR collision: in case of a fixed bus number is gotten by a > driver (but not marked busy in IDR tree) and a driver with dynamic bus > number gets the same ID and predictably fails. > > Fix this by means of checking-in fixed IDsin IDR as far as dynamic ones > at the moment of the controller registration. > > Fixes: 9b61e302210e (spi: Pick spi bus number from Linux idr or spi alias) > Signed-off-by: Kirill Kapranov <kirill.kapranov(a)compulab.co.il> > Signed-off-by: Mark Brown <broonie(a)kernel.org> > Cc: stable(a)vger.kernel.org > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> There is another later patch which fixes this patch. 04b2d03a7565 ("spi: Fix double IDR allocation with DT aliases") , can you please add it to the release also.. -- Regards Sudip

6 years, 2 months

4
3
0 0

[PATCH AUTOSEL 4.9 01/57] crypto: skcipher - Fix -Wstringop-truncation warnings

by Sasha Levin

From: Stafford Horne <shorne(a)gmail.com> [ Upstream commit cefd769fd0192c84d638f66da202459ed8ad63ba ] As of GCC 9.0.0 the build is reporting warnings like: crypto/ablkcipher.c: In function ‘crypto_ablkcipher_report’: crypto/ablkcipher.c:374:2: warning: ‘strncpy’ specified bound 64 equals destination size [-Wstringop-truncation] strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>", ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sizeof(rblkcipher.geniv)); ~~~~~~~~~~~~~~~~~~~~~~~~~ This means the strnycpy might create a non null terminated string. Fix this by explicitly performing '\0' termination. Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Max Filippov <jcmvbkbc(a)gmail.com> Cc: Eric Biggers <ebiggers3(a)gmail.com> Cc: Nick Desaulniers <nick.desaulniers(a)gmail.com> Signed-off-by: Stafford Horne <shorne(a)gmail.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- crypto/ablkcipher.c | 2 ++ crypto/blkcipher.c | 1 + 2 files changed, 3 insertions(+) diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c index 860c9e5dfd7a..3bc0e76eaaef 100644 --- a/crypto/ablkcipher.c +++ b/crypto/ablkcipher.c @@ -367,6 +367,7 @@ static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) strncpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type)); strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>", sizeof(rblkcipher.geniv)); + rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; @@ -441,6 +442,7 @@ static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg) strncpy(rblkcipher.type, "givcipher", sizeof(rblkcipher.type)); strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<built-in>", sizeof(rblkcipher.geniv)); + rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c index 27f98666763a..59a0936ed8bc 100644 --- a/crypto/blkcipher.c +++ b/crypto/blkcipher.c @@ -510,6 +510,7 @@ static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) strncpy(rblkcipher.type, "blkcipher", sizeof(rblkcipher.type)); strncpy(rblkcipher.geniv, alg->cra_blkcipher.geniv ?: "<default>", sizeof(rblkcipher.geniv)); + rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize; -- 2.17.1

6 years, 2 months

2
58
0 0

[PATCH AUTOSEL 4.14 01/87] crypto: skcipher - Fix -Wstringop-truncation warnings

by Sasha Levin

From: Stafford Horne <shorne(a)gmail.com> [ Upstream commit cefd769fd0192c84d638f66da202459ed8ad63ba ] As of GCC 9.0.0 the build is reporting warnings like: crypto/ablkcipher.c: In function ‘crypto_ablkcipher_report’: crypto/ablkcipher.c:374:2: warning: ‘strncpy’ specified bound 64 equals destination size [-Wstringop-truncation] strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>", ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sizeof(rblkcipher.geniv)); ~~~~~~~~~~~~~~~~~~~~~~~~~ This means the strnycpy might create a non null terminated string. Fix this by explicitly performing '\0' termination. Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Max Filippov <jcmvbkbc(a)gmail.com> Cc: Eric Biggers <ebiggers3(a)gmail.com> Cc: Nick Desaulniers <nick.desaulniers(a)gmail.com> Signed-off-by: Stafford Horne <shorne(a)gmail.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> --- crypto/ablkcipher.c | 2 ++ crypto/blkcipher.c | 1 + 2 files changed, 3 insertions(+) diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c index 4ee7c041bb82..8882e90e868e 100644 --- a/crypto/ablkcipher.c +++ b/crypto/ablkcipher.c @@ -368,6 +368,7 @@ static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) strncpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type)); strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>", sizeof(rblkcipher.geniv)); + rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; @@ -442,6 +443,7 @@ static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg) strncpy(rblkcipher.type, "givcipher", sizeof(rblkcipher.type)); strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<built-in>", sizeof(rblkcipher.geniv)); + rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c index d84c6920ada9..830821f234d2 100644 --- a/crypto/blkcipher.c +++ b/crypto/blkcipher.c @@ -511,6 +511,7 @@ static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) strncpy(rblkcipher.type, "blkcipher", sizeof(rblkcipher.type)); strncpy(rblkcipher.geniv, alg->cra_blkcipher.geniv ?: "<default>", sizeof(rblkcipher.geniv)); + rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0'; rblkcipher.blocksize = alg->cra_blocksize; rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize; -- 2.17.1

6 years, 2 months

3
90
0 0

[PATCH v2] rseq/selftests: fix parametrized test with -fpie

by Mathieu Desnoyers

On x86-64, the parametrized selftest code for rseq crashes with a segmentation fault when compiled with -fpie. This happens when the param_test binary is loaded at an address beyond 32-bit on x86-64. The issue is caused by use of a 32-bit register to hold the address of the loop counter variable. Fix this by using a 64-bit register to calculate the address of the loop counter variables as an offset from rip. Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Acked-by: "Paul E . McKenney" <paulmck(a)linux.vnet.ibm.com> Cc: <stable(a)vger.kernel.org> # v4.18 Cc: Shuah Khan <shuah(a)kernel.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Joel Fernandes <joelaf(a)google.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Watson <davejwatson(a)fb.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Andi Kleen <andi(a)firstfloor.org> Cc: linux-kselftest(a)vger.kernel.org Cc: "H . Peter Anvin" <hpa(a)zytor.com> Cc: Chris Lameter <cl(a)linux.com> Cc: Russell King <linux(a)arm.linux.org.uk> Cc: Michael Kerrisk <mtk.manpages(a)gmail.com> Cc: "Paul E . McKenney" <paulmck(a)linux.vnet.ibm.com> Cc: Paul Turner <pjt(a)google.com> Cc: Boqun Feng <boqun.feng(a)gmail.com> Cc: Josh Triplett <josh(a)joshtriplett.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Ben Maurer <bmaurer(a)fb.com> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> --- Changes since v1: - Update email address for Shuah Khan based on updated MAINTAINERS email address, - Rebase on v4.19-rc5. --- tools/testing/selftests/rseq/param_test.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/tools/testing/selftests/rseq/param_test.c b/tools/testing/selftests/rseq/param_test.c index 642d4e12abea..eec2663261f2 100644 --- a/tools/testing/selftests/rseq/param_test.c +++ b/tools/testing/selftests/rseq/param_test.c @@ -56,15 +56,13 @@ unsigned int yield_mod_cnt, nr_abort; printf(fmt, ## __VA_ARGS__); \ } while (0) -#if defined(__x86_64__) || defined(__i386__) +#ifdef __i386__ #define INJECT_ASM_REG "eax" #define RSEQ_INJECT_CLOBBER \ , INJECT_ASM_REG -#ifdef __i386__ - #define RSEQ_INJECT_ASM(n) \ "mov asm_loop_cnt_" #n ", %%" INJECT_ASM_REG "\n\t" \ "test %%" INJECT_ASM_REG ",%%" INJECT_ASM_REG "\n\t" \ @@ -76,9 +74,16 @@ unsigned int yield_mod_cnt, nr_abort; #elif defined(__x86_64__) +#define INJECT_ASM_REG_P "rax" +#define INJECT_ASM_REG "eax" + +#define RSEQ_INJECT_CLOBBER \ + , INJECT_ASM_REG_P \ + , INJECT_ASM_REG + #define RSEQ_INJECT_ASM(n) \ - "lea asm_loop_cnt_" #n "(%%rip), %%" INJECT_ASM_REG "\n\t" \ - "mov (%%" INJECT_ASM_REG "), %%" INJECT_ASM_REG "\n\t" \ + "lea asm_loop_cnt_" #n "(%%rip), %%" INJECT_ASM_REG_P "\n\t" \ + "mov (%%" INJECT_ASM_REG_P "), %%" INJECT_ASM_REG "\n\t" \ "test %%" INJECT_ASM_REG ",%%" INJECT_ASM_REG "\n\t" \ "jz 333f\n\t" \ "222:\n\t" \ @@ -86,10 +91,6 @@ unsigned int yield_mod_cnt, nr_abort; "jnz 222b\n\t" \ "333:\n\t" -#else -#error "Unsupported architecture" -#endif - #elif defined(__s390__) #define RSEQ_INJECT_INPUT \ -- 2.17.1

6 years, 2 months

2
1
0 0

Re: [PATCH 4.18 00/88] 4.18.11-stable review

by Greg Kroah-Hartman

On Thu, Sep 27, 2018 at 06:05:33PM +0200, Kevin Hilman wrote: > kernelci.org bot <bot(a)kernelci.org> writes: > > > stable-rc/linux-4.18.y boot: 179 boots: 16 failed, 144 passed with 17 offline, 2 untried/unknown (v4.18.10-89-gd5a4d8752d2e) > > > > Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.18.y/kernel/v4.1… > > Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.18.y/kernel/v4.18.10-89… > > > > Tree: stable-rc > > Branch: linux-4.18.y > > Git Describe: v4.18.10-89-gd5a4d8752d2e > > Git Commit: d5a4d8752d2e5b7f703fb43749db3c28bf7e104e > > Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git > > Tested: 64 unique boards, 25 SoC families, 20 builds out of 199 > > > > Boot Regressions Detected: > > > > arm: > > > > bcm2835_defconfig: > > bcm2837-rpi-3-b: > > lab-baylibre: new failure (last pass: v4.18.10) > > > > imx_v6_v7_defconfig: > > imx6dl-wandboard_dual: > > lab-baylibre-seattle: new failure (last pass: v4.18.10) > > imx6dl-wandboard_solo: > > lab-baylibre-seattle: new failure (last pass: v4.18.10) > > imx6q-wandboard: > > lab-baylibre-seattle: new failure (last pass: v4.18.10) > > > > multi_v7_defconfig: > > tegra124-jetson-tk1: > > lab-collabora: new failure (last pass: v4.18.10) > > lab-mhart: new failure (last pass: v4.18.10) > > tegra20-iris-512: > > lab-baylibre-seattle: new failure (last pass: v4.18.10) > > tegra30-beaver: > > lab-baylibre-seattle: new failure (last pass: v4.18.10) > > FYI... I bisected the tegra ones down to the drm atomic debugfs problem > that was already reported and reverted from stable. I have only reverted it right now, so you were fast! :) greg k-h

6 years, 2 months

1
0
0 0

[PATCH] rseq/selftests: fix parametrized test with -fpie

by Mathieu Desnoyers

On x86-64, the parametrized selftest code for rseq crashes with a segmentation fault when compiled with -fpie. This happens when the param_test binary is loaded at an address beyond 32-bit on x86-64. The issue is caused by use of a 32-bit register to hold the address of the loop counter variable. Fix this by using a 64-bit register to calculate the address of the loop counter variables as an offset from rip. Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: <stable(a)vger.kernel.org> # v4.18 Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Joel Fernandes <joelaf(a)google.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Dave Watson <davejwatson(a)fb.com> Cc: Will Deacon <will.deacon(a)arm.com> Cc: Shuah Khan <shuahkh(a)osg.samsung.com> Cc: Andi Kleen <andi(a)firstfloor.org> Cc: linux-kselftest(a)vger.kernel.org Cc: "H . Peter Anvin" <hpa(a)zytor.com> Cc: Chris Lameter <cl(a)linux.com> Cc: Russell King <linux(a)arm.linux.org.uk> Cc: Michael Kerrisk <mtk.manpages(a)gmail.com> Cc: "Paul E . McKenney" <paulmck(a)linux.vnet.ibm.com> Cc: Paul Turner <pjt(a)google.com> Cc: Boqun Feng <boqun.feng(a)gmail.com> Cc: Josh Triplett <josh(a)joshtriplett.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Ben Maurer <bmaurer(a)fb.com> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> --- tools/testing/selftests/rseq/param_test.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/tools/testing/selftests/rseq/param_test.c b/tools/testing/selftests/rseq/param_test.c index 615252331813..4bc071525bf7 100644 --- a/tools/testing/selftests/rseq/param_test.c +++ b/tools/testing/selftests/rseq/param_test.c @@ -56,15 +56,13 @@ unsigned int yield_mod_cnt, nr_abort; printf(fmt, ## __VA_ARGS__); \ } while (0) -#if defined(__x86_64__) || defined(__i386__) +#ifdef __i386__ #define INJECT_ASM_REG "eax" #define RSEQ_INJECT_CLOBBER \ , INJECT_ASM_REG -#ifdef __i386__ - #define RSEQ_INJECT_ASM(n) \ "mov asm_loop_cnt_" #n ", %%" INJECT_ASM_REG "\n\t" \ "test %%" INJECT_ASM_REG ",%%" INJECT_ASM_REG "\n\t" \ @@ -76,9 +74,16 @@ unsigned int yield_mod_cnt, nr_abort; #elif defined(__x86_64__) +#define INJECT_ASM_REG_P "rax" +#define INJECT_ASM_REG "eax" + +#define RSEQ_INJECT_CLOBBER \ + , INJECT_ASM_REG_P \ + , INJECT_ASM_REG + #define RSEQ_INJECT_ASM(n) \ - "lea asm_loop_cnt_" #n "(%%rip), %%" INJECT_ASM_REG "\n\t" \ - "mov (%%" INJECT_ASM_REG "), %%" INJECT_ASM_REG "\n\t" \ + "lea asm_loop_cnt_" #n "(%%rip), %%" INJECT_ASM_REG_P "\n\t" \ + "mov (%%" INJECT_ASM_REG_P "), %%" INJECT_ASM_REG "\n\t" \ "test %%" INJECT_ASM_REG ",%%" INJECT_ASM_REG "\n\t" \ "jz 333f\n\t" \ "222:\n\t" \ @@ -86,10 +91,6 @@ unsigned int yield_mod_cnt, nr_abort; "jnz 222b\n\t" \ "333:\n\t" -#else -#error "Unsupported architecture" -#endif - #elif defined(__ARMEL__) #define RSEQ_INJECT_INPUT \ -- 2.11.0

6 years, 2 months

5
7
0 0

[PATCH] MIPS: VDSO: Always map near top of user memory

by Paul Burton

When using the legacy mmap layout, for example triggered using ulimit -s unlimited, get_unmapped_area() fills memory from bottom to top starting from a fairly low address near TASK_UNMAPPED_BASE. This placement is suboptimal if the user application wishes to allocate large amounts of heap memory using the brk syscall. With the VDSO being located low in the user's virtual address space, the amount of space available for access using brk is limited much more than it was prior to the introduction of the VDSO. For example: # ulimit -s unlimited; cat /proc/self/maps 00400000-004ec000 r-xp 00000000 08:00 71436 /usr/bin/coreutils 004fc000-004fd000 rwxp 000ec000 08:00 71436 /usr/bin/coreutils 004fd000-0050f000 rwxp 00000000 00:00 0 00cc3000-00ce4000 rwxp 00000000 00:00 0 [heap] 2ab96000-2ab98000 r--p 00000000 00:00 0 [vvar] 2ab98000-2ab99000 r-xp 00000000 00:00 0 [vdso] 2ab99000-2ab9d000 rwxp 00000000 00:00 0 ... Resolve this by adjusting STACK_TOP to reserve space for the VDSO & providing an address hint to get_unmapped_area() causing it to use this space even when using the legacy mmap layout. We reserve enough space for the VDSO, plus 1MB or 8MB for 32 bit & 64 bit systems respectively within which we randomize the VDSO base address. Previously this randomization was taken care of by the mmap base address randomization performed by arch_mmap_rnd(). The 1MB & 8MB sizes are somewhat arbitrary but chosen such that we have some randomization without taking up too much of the user's virtual address space, which is often in short supply for 32 bit systems. With this the VDSO is always mapped at a high address, leaving lots of space for statically linked programs to make use of brk: # ulimit -s unlimited; cat /proc/self/maps 00400000-004ec000 r-xp 00000000 08:00 71436 /usr/bin/coreutils 004fc000-004fd000 rwxp 000ec000 08:00 71436 /usr/bin/coreutils 004fd000-0050f000 rwxp 00000000 00:00 0 00c28000-00c49000 rwxp 00000000 00:00 0 [heap] ... 7f67c000-7f69d000 rwxp 00000000 00:00 0 [stack] 7f7fc000-7f7fd000 rwxp 00000000 00:00 0 7fcf1000-7fcf3000 r--p 00000000 00:00 0 [vvar] 7fcf3000-7fcf4000 r-xp 00000000 00:00 0 [vdso] Signed-off-by: Paul Burton <paul.burton(a)mips.com> Reported-by: Huacai Chen <chenhc(a)lemote.com> Fixes: ebb5e78cc634 ("MIPS: Initial implementation of a VDSO") Cc: Huacai Chen <chenhc(a)lemote.com> Cc: linux-mips(a)linux-mips.org Cc: stable(a)vger.kernel.org # v4.4+ --- Huacai, could you test if this fixes your problem? It takes up less of the user's virtual address space (only 1MB for MIPS32), takes none at all when randomization is disabled, and doesn't make assumptions about the size of the VDSO. --- arch/mips/include/asm/processor.h | 10 +++++----- arch/mips/kernel/process.c | 25 +++++++++++++++++++++++++ arch/mips/kernel/vdso.c | 18 +++++++++++++++++- 3 files changed, 47 insertions(+), 6 deletions(-) diff --git a/arch/mips/include/asm/processor.h b/arch/mips/include/asm/processor.h index b2fa62922d88..15917ee42f9f 100644 --- a/arch/mips/include/asm/processor.h +++ b/arch/mips/include/asm/processor.h @@ -13,6 +13,7 @@ #include <linux/atomic.h> #include <linux/cpumask.h> +#include <linux/sizes.h> #include <linux/threads.h> #include <asm/cachectl.h> @@ -80,11 +81,10 @@ extern unsigned int vced_count, vcei_count; #endif -/* - * One page above the stack is used for branch delay slot "emulation". - * See dsemul.c for details. - */ -#define STACK_TOP ((TASK_SIZE & PAGE_MASK) - PAGE_SIZE) +#define VDSO_RANDOMIZE_SIZE (test_thread_flag(TIF_32BIT_ADDR) ? SZ_1M : SZ_8M) + +extern unsigned long mips_stack_top(void); +#define STACK_TOP mips_stack_top() /* * This decides where the kernel will search for a free chunk of vm diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c index 8fc69891e117..1b699a367c45 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c @@ -32,6 +32,7 @@ #include <linux/nmi.h> #include <linux/cpu.h> +#include <asm/abi.h> #include <asm/asm.h> #include <asm/bootinfo.h> #include <asm/cpu.h> @@ -39,6 +40,7 @@ #include <asm/dsp.h> #include <asm/fpu.h> #include <asm/irq.h> +#include <asm/mips-gic.h> #include <asm/msa.h> #include <asm/pgtable.h> #include <asm/mipsregs.h> @@ -645,6 +647,29 @@ unsigned long get_wchan(struct task_struct *task) return pc; } +unsigned long mips_stack_top(void) +{ + unsigned long top = TASK_SIZE & PAGE_MASK; + + /* One page for branch delay slot "emulation" */ + top -= PAGE_SIZE; + + /* Space for the VDSO, data page & GIC user page */ + top -= PAGE_ALIGN(current->thread.abi->vdso->size); + top -= PAGE_SIZE; + top -= mips_gic_present() ? PAGE_SIZE : 0; + + /* Space for cache colour alignment */ + if (cpu_has_dc_aliases) + top -= shm_align_mask + 1; + + /* Space to randomize the VDSO base */ + if (current->flags & PF_RANDOMIZE) + top -= VDSO_RANDOMIZE_SIZE; + + return top; +} + /* * Don't forget that the stack pointer must be aligned on a 8 bytes * boundary for 32-bits ABI and 16 bytes for 64-bits ABI. diff --git a/arch/mips/kernel/vdso.c b/arch/mips/kernel/vdso.c index 8f845f6e5f42..48a9c6b90e07 100644 --- a/arch/mips/kernel/vdso.c +++ b/arch/mips/kernel/vdso.c @@ -15,6 +15,7 @@ #include <linux/ioport.h> #include <linux/kernel.h> #include <linux/mm.h> +#include <linux/random.h> #include <linux/sched.h> #include <linux/slab.h> #include <linux/timekeeper_internal.h> @@ -97,6 +98,21 @@ void update_vsyscall_tz(void) } } +static unsigned long vdso_base(void) +{ + unsigned long base; + + /* Skip the delay slot emulation page */ + base = STACK_TOP + PAGE_SIZE; + + if (current->flags & PF_RANDOMIZE) { + base += get_random_int() & (VDSO_RANDOMIZE_SIZE - 1); + base = PAGE_ALIGN(base); + } + + return base; +} + int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) { struct mips_vdso_image *image = current->thread.abi->vdso; @@ -137,7 +153,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) if (cpu_has_dc_aliases) size += shm_align_mask + 1; - base = get_unmapped_area(NULL, 0, size, 0, 0); + base = get_unmapped_area(NULL, vdso_base(), size, 0, 0); if (IS_ERR_VALUE(base)) { ret = base; goto out; -- 2.18.0

6 years, 2 months

2
2
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror September 2018