0e020c19bbbc7bf0520dde9a4802ebb03f8a03ef
4160 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Christian Brauner
|
0e020c19bb |
BACKPORT: clone: add CLONE_PIDFD
This patchset makes it possible to retrieve pid file descriptors at process creation time by introducing the new flag CLONE_PIDFD to the clone() system call. Linus originally suggested to implement this as a new flag to clone() instead of making it a separate system call. As spotted by Linus, there is exactly one bit for clone() left. CLONE_PIDFD creates file descriptors based on the anonymous inode implementation in the kernel that will also be used to implement the new mount api. They serve as a simple opaque handle on pids. Logically, this makes it possible to interpret a pidfd differently, narrowing or widening the scope of various operations (e.g. signal sending). Thus, a pidfd cannot just refer to a tgid, but also a tid, or in theory - given appropriate flag arguments in relevant syscalls - a process group or session. A pidfd does not represent a privilege. This does not imply it cannot ever be that way but for now this is not the case. A pidfd comes with additional information in fdinfo if the kernel supports procfs. The fdinfo file contains the pid of the process in the callers pid namespace in the same format as the procfs status file, i.e. "Pid:\t%d". As suggested by Oleg, with CLONE_PIDFD the pidfd is returned in the parent_tidptr argument of clone. This has the advantage that we can give back the associated pid and the pidfd at the same time. To remove worries about missing metadata access this patchset comes with a sample program that illustrates how a combination of CLONE_PIDFD, and pidfd_send_signal() can be used to gain race-free access to process metadata through /proc/<pid>. The sample program can easily be translated into a helper that would be suitable for inclusion in libc so that users don't have to worry about writing it themselves. Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Christian Brauner <christian@brauner.io> Co-developed-by: Jann Horn <jannh@google.com> Signed-off-by: Jann Horn <jannh@google.com> Reviewed-by: Oleg Nesterov <oleg@redhat.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Kees Cook <keescook@chromium.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: David Howells <dhowells@redhat.com> Cc: "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com> Cc: Andy Lutomirsky <luto@kernel.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Aleksa Sarai <cyphar@cyphar.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Al Viro <viro@zeniv.linux.org.uk> (cherry picked from commit b3e5838252665ee4cfa76b82bdf1198dca81e5be) Conflicts: kernel/fork.c (1. Replaced proc_pid_ns() with its direct implementation.) Bug: 135608568 Test: test program using syscall(__NR_sys_pidfd_open,..) and poll() Change-Id: I3c804a92faea686e5bf7f99df893fe3a5d87ddf7 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
|
Christian Brauner
|
cf9f829523 |
BACKPORT: signal: add pidfd_send_signal() syscall
The kill() syscall operates on process identifiers (pid). After a process
has exited its pid can be reused by another process. If a caller sends a
signal to a reused pid it will end up signaling the wrong process. This
issue has often surfaced and there has been a push to address this problem [1].
This patch uses file descriptors (fd) from proc/<pid> as stable handles on
struct pid. Even if a pid is recycled the handle will not change. The fd
can be used to send signals to the process it refers to.
Thus, the new syscall pidfd_send_signal() is introduced to solve this
problem. Instead of pids it operates on process fds (pidfd).
/* prototype and argument /*
long pidfd_send_signal(int pidfd, int sig, siginfo_t *info, unsigned int flags);
/* syscall number 424 */
The syscall number was chosen to be 424 to align with Arnd's rework in his
y2038 to minimize merge conflicts (cf. [25]).
In addition to the pidfd and signal argument it takes an additional
siginfo_t and flags argument. If the siginfo_t argument is NULL then
pidfd_send_signal() is equivalent to kill(<positive-pid>, <signal>). If it
is not NULL pidfd_send_signal() is equivalent to rt_sigqueueinfo().
The flags argument is added to allow for future extensions of this syscall.
It currently needs to be passed as 0. Failing to do so will cause EINVAL.
/* pidfd_send_signal() replaces multiple pid-based syscalls */
The pidfd_send_signal() syscall currently takes on the job of
rt_sigqueueinfo(2) and parts of the functionality of kill(2), Namely, when a
positive pid is passed to kill(2). It will however be possible to also
replace tgkill(2) and rt_tgsigqueueinfo(2) if this syscall is extended.
/* sending signals to threads (tid) and process groups (pgid) */
Specifically, the pidfd_send_signal() syscall does currently not operate on
process groups or threads. This is left for future extensions.
In order to extend the syscall to allow sending signal to threads and
process groups appropriately named flags (e.g. PIDFD_TYPE_PGID, and
PIDFD_TYPE_TID) should be added. This implies that the flags argument will
determine what is signaled and not the file descriptor itself. Put in other
words, grouping in this api is a property of the flags argument not a
property of the file descriptor (cf. [13]). Clarification for this has been
requested by Eric (cf. [19]).
When appropriate extensions through the flags argument are added then
pidfd_send_signal() can additionally replace the part of kill(2) which
operates on process groups as well as the tgkill(2) and
rt_tgsigqueueinfo(2) syscalls.
How such an extension could be implemented has been very roughly sketched
in [14], [15], and [16]. However, this should not be taken as a commitment
to a particular implementation. There might be better ways to do it.
Right now this is intentionally left out to keep this patchset as simple as
possible (cf. [4]).
/* naming */
The syscall had various names throughout iterations of this patchset:
- procfd_signal()
- procfd_send_signal()
- taskfd_send_signal()
In the last round of reviews it was pointed out that given that if the
flags argument decides the scope of the signal instead of different types
of fds it might make sense to either settle for "procfd_" or "pidfd_" as
prefix. The community was willing to accept either (cf. [17] and [18]).
Given that one developer expressed strong preference for the "pidfd_"
prefix (cf. [13]) and with other developers less opinionated about the name
we should settle for "pidfd_" to avoid further bikeshedding.
The "_send_signal" suffix was chosen to reflect the fact that the syscall
takes on the job of multiple syscalls. It is therefore intentional that the
name is not reminiscent of neither kill(2) nor rt_sigqueueinfo(2). Not the
fomer because it might imply that pidfd_send_signal() is a replacement for
kill(2), and not the latter because it is a hassle to remember the correct
spelling - especially for non-native speakers - and because it is not
descriptive enough of what the syscall actually does. The name
"pidfd_send_signal" makes it very clear that its job is to send signals.
/* zombies */
Zombies can be signaled just as any other process. No special error will be
reported since a zombie state is an unreliable state (cf. [3]). However,
this can be added as an extension through the @flags argument if the need
ever arises.
/* cross-namespace signals */
The patch currently enforces that the signaler and signalee either are in
the same pid namespace or that the signaler's pid namespace is an ancestor
of the signalee's pid namespace. This is done for the sake of simplicity
and because it is unclear to what values certain members of struct
siginfo_t would need to be set to (cf. [5], [6]).
/* compat syscalls */
It became clear that we would like to avoid adding compat syscalls
(cf. [7]). The compat syscall handling is now done in kernel/signal.c
itself by adding __copy_siginfo_from_user_generic() which lets us avoid
compat syscalls (cf. [8]). It should be noted that the addition of
__copy_siginfo_from_user_any() is caused by a bug in the original
implementation of rt_sigqueueinfo(2) (cf. 12).
With upcoming rework for syscall handling things might improve
significantly (cf. [11]) and __copy_siginfo_from_user_any() will not gain
any additional callers.
/* testing */
This patch was tested on x64 and x86.
/* userspace usage */
An asciinema recording for the basic functionality can be found under [9].
With this patch a process can be killed via:
#define _GNU_SOURCE
#include <errno.h>
#include <fcntl.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>
static inline int do_pidfd_send_signal(int pidfd, int sig, siginfo_t *info,
unsigned int flags)
{
#ifdef __NR_pidfd_send_signal
return syscall(__NR_pidfd_send_signal, pidfd, sig, info, flags);
#else
return -ENOSYS;
#endif
}
int main(int argc, char *argv[])
{
int fd, ret, saved_errno, sig;
if (argc < 3)
exit(EXIT_FAILURE);
fd = open(argv[1], O_DIRECTORY | O_CLOEXEC);
if (fd < 0) {
printf("%s - Failed to open \"%s\"\n", strerror(errno), argv[1]);
exit(EXIT_FAILURE);
}
sig = atoi(argv[2]);
printf("Sending signal %d to process %s\n", sig, argv[1]);
ret = do_pidfd_send_signal(fd, sig, NULL, 0);
saved_errno = errno;
close(fd);
errno = saved_errno;
if (ret < 0) {
printf("%s - Failed to send signal %d to process %s\n",
strerror(errno), sig, argv[1]);
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}
/* Q&A
* Given that it seems the same questions get asked again by people who are
* late to the party it makes sense to add a Q&A section to the commit
* message so it's hopefully easier to avoid duplicate threads.
*
* For the sake of progress please consider these arguments settled unless
* there is a new point that desperately needs to be addressed. Please make
* sure to check the links to the threads in this commit message whether
* this has not already been covered.
*/
Q-01: (Florian Weimer [20], Andrew Morton [21])
What happens when the target process has exited?
A-01: Sending the signal will fail with ESRCH (cf. [22]).
Q-02: (Andrew Morton [21])
Is the task_struct pinned by the fd?
A-02: No. A reference to struct pid is kept. struct pid - as far as I
understand - was created exactly for the reason to not require to
pin struct task_struct (cf. [22]).
Q-03: (Andrew Morton [21])
Does the entire procfs directory remain visible? Just one entry
within it?
A-03: The same thing that happens right now when you hold a file descriptor
to /proc/<pid> open (cf. [22]).
Q-04: (Andrew Morton [21])
Does the pid remain reserved?
A-04: No. This patchset guarantees a stable handle not that pids are not
recycled (cf. [22]).
Q-05: (Andrew Morton [21])
Do attempts to signal that fd return errors?
A-05: See {Q,A}-01.
Q-06: (Andrew Morton [22])
Is there a cleaner way of obtaining the fd? Another syscall perhaps.
A-06: Userspace can already trivially retrieve file descriptors from procfs
so this is something that we will need to support anyway. Hence,
there's no immediate need to add another syscalls just to make
pidfd_send_signal() not dependent on the presence of procfs. However,
adding a syscalls to get such file descriptors is planned for a
future patchset (cf. [22]).
Q-07: (Andrew Morton [21] and others)
This fd-for-a-process sounds like a handy thing and people may well
think up other uses for it in the future, probably unrelated to
signals. Are the code and the interface designed to permit such
future applications?
A-07: Yes (cf. [22]).
Q-08: (Andrew Morton [21] and others)
Now I think about it, why a new syscall? This thing is looking
rather like an ioctl?
A-08: This has been extensively discussed. It was agreed that a syscall is
preferred for a variety or reasons. Here are just a few taken from
prior threads. Syscalls are safer than ioctl()s especially when
signaling to fds. Processes are a core kernel concept so a syscall
seems more appropriate. The layout of the syscall with its four
arguments would require the addition of a custom struct for the
ioctl() thereby causing at least the same amount or even more
complexity for userspace than a simple syscall. The new syscall will
replace multiple other pid-based syscalls (see description above).
The file-descriptors-for-processes concept introduced with this
syscall will be extended with other syscalls in the future. See also
[22], [23] and various other threads already linked in here.
Q-09: (Florian Weimer [24])
What happens if you use the new interface with an O_PATH descriptor?
A-09:
pidfds opened as O_PATH fds cannot be used to send signals to a
process (cf. [2]). Signaling processes through pidfds is the
equivalent of writing to a file. Thus, this is not an operation that
operates "purely at the file descriptor level" as required by the
open(2) manpage. See also [4].
/* References */
[1]: https://lore.kernel.org/lkml/20181029221037.87724-1-dancol@google.com/
[2]: https://lore.kernel.org/lkml/874lbtjvtd.fsf@oldenburg2.str.redhat.com/
[3]: https://lore.kernel.org/lkml/20181204132604.aspfupwjgjx6fhva@brauner.io/
[4]: https://lore.kernel.org/lkml/20181203180224.fkvw4kajtbvru2ku@brauner.io/
[5]: https://lore.kernel.org/lkml/20181121213946.GA10795@mail.hallyn.com/
[6]: https://lore.kernel.org/lkml/20181120103111.etlqp7zop34v6nv4@brauner.io/
[7]: https://lore.kernel.org/lkml/36323361-90BD-41AF-AB5B-EE0D7BA02C21@amacapital.net/
[8]: https://lore.kernel.org/lkml/87tvjxp8pc.fsf@xmission.com/
[9]: https://asciinema.org/a/IQjuCHew6bnq1cr78yuMv16cy
[11]: https://lore.kernel.org/lkml/F53D6D38-3521-4C20-9034-5AF447DF62FF@amacapital.net/
[12]: https://lore.kernel.org/lkml/87zhtjn8ck.fsf@xmission.com/
[13]: https://lore.kernel.org/lkml/871s6u9z6u.fsf@xmission.com/
[14]: https://lore.kernel.org/lkml/20181206231742.xxi4ghn24z4h2qki@brauner.io/
[15]: https://lore.kernel.org/lkml/20181207003124.GA11160@mail.hallyn.com/
[16]: https://lore.kernel.org/lkml/20181207015423.4miorx43l3qhppfz@brauner.io/
[17]: https://lore.kernel.org/lkml/CAGXu5jL8PciZAXvOvCeCU3wKUEB_dU-O3q0tDw4uB_ojMvDEew@mail.gmail.com/
[18]: https://lore.kernel.org/lkml/20181206222746.GB9224@mail.hallyn.com/
[19]: https://lore.kernel.org/lkml/20181208054059.19813-1-christian@brauner.io/
[20]: https://lore.kernel.org/lkml/8736rebl9s.fsf@oldenburg.str.redhat.com/
[21]: https://lore.kernel.org/lkml/20181228152012.dbf0508c2508138efc5f2bbe@linux-foundation.org/
[22]: https://lore.kernel.org/lkml/20181228233725.722tdfgijxcssg76@brauner.io/
[23]: https://lwn.net/Articles/773459/
[24]: https://lore.kernel.org/lkml/8736rebl9s.fsf@oldenburg.str.redhat.com/
[25]: https://lore.kernel.org/lkml/CAK8P3a0ej9NcJM8wXNPbcGUyOUZYX+VLoDFdbenW3s3114oQZw@mail.gmail.com/
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jann Horn <jannh@google.com>
Cc: Andy Lutomirsky <luto@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Christian Brauner <christian@brauner.io>
Reviewed-by: Tycho Andersen <tycho@tycho.ws>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: David Howells <dhowells@redhat.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Serge Hallyn <serge@hallyn.com>
Acked-by: Aleksa Sarai <cyphar@cyphar.com>
(cherry picked from commit 3eb39f47934f9d5a3027fe00d906a45fe3a15fad)
Conflicts:
arch/x86/entry/syscalls/syscall_32.tbl - trivial manual merge
arch/x86/entry/syscalls/syscall_64.tbl - trivial manual merge
include/linux/proc_fs.h - trivial manual merge
include/linux/syscalls.h - trivial manual merge
include/uapi/asm-generic/unistd.h - trivial manual merge
kernel/signal.c - struct kernel_siginfo does not exist in 4.9
kernel/sys_ni.c - cond_syscall is used instead of COND_SYSCALL
arch/x86/entry/syscalls/syscall_32.tbl
arch/x86/entry/syscalls/syscall_64.tbl
(1. manual merges because of 4.9 differences
2. change prepare_kill_siginfo() to use struct siginfo instead of
kernel_siginfo
3. exclude kill() changes to avoid struct kernel_siginfo usage
4. exclude copy_siginfo_from_user_any() to avoid struct kernel_siginfo usage
5. use copy_from_user() instead of copy_siginfo_from_user() in copy_siginfo_from_user_any()
6. replaced COND_SYSCALL with cond_syscall
7. Removed __ia32_sys_pidfd_send_signal in arch/x86/entry/syscalls/syscall_32.tbl.
8. Replaced __x64_sys_pidfd_send_signal with sys_pidfd_send_signal in arch/x86/entry/syscalls/syscall_64.tbl.)
Bug: 135608568
Test: test program using syscall(__NR_pidfd_send_signal,..) to send SIGKILL
Change-Id: I00f1c618b2e9dbafae4d4113ad4d8a1a44b6957c
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
|
||
|
Greg Kroah-Hartman
|
4ebd29edaf |
Merge 4.9.188 into android-4.9-q
Changes in 4.9.188 ARM: riscpc: fix DMA ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200 ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend ftrace: Enable trampoline when rec count returns back to one kernel/module.c: Only return -EEXIST for modules that have finished loading MIPS: lantiq: Fix bitfield masking dmaengine: rcar-dmac: Reject zero-length slave DMA requests fs/adfs: super: fix use-after-free bug btrfs: fix minimum number of chunk errors for DUP ceph: fix improper use of smp_mb__before_atomic() ceph: return -ERANGE if virtual xattr value didn't fit in buffer scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized ACPI: fix false-positive -Wuninitialized warning be2net: Signal that the device cannot transmit during reconfiguration x86/apic: Silence -Wtype-limits compiler warnings x86: math-emu: Hide clang warnings for 16-bit overflow mm/cma.c: fail if fixed declaration can't be honored coda: add error handling for fget coda: fix build using bare-metal toolchain uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings ipc/mqueue.c: only perform resource calculation if user valid x86/kvm: Don't call kvm_spurious_fault() from .fixup x86, boot: Remove multiple copy of static function sanitize_boot_params() kbuild: initialize CLANG_FLAGS correctly in the top Makefile Btrfs: fix incremental send failure after deduplication mmc: dw_mmc: Fix occasional hang after tuning on eMMC gpiolib: fix incorrect IRQ requesting of an active-low lineevent selinux: fix memory leak in policydb_init() s390/dasd: fix endless loop after read unit address configuration drivers/perf: arm_pmu: Fix failure path in PM notifier xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping infiniband: fix race condition between infiniband mlx4, mlx5 driver and core dumping coredump: fix race condition between collapse_huge_page() and core dumping eeprom: at24: make spd world-readable again Backport minimal compiler_attributes.h to support GCC 9 include/linux/module.h: copy __init/__exit attrs to init/cleanup_module objtool: Support GCC 9 cold subfunction naming scheme x86, mm, gup: prevent get_page() race with munmap in paravirt guest Linux 4.9.188 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Mikko Rapeli
|
317fc4dd52 |
uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers
[ Upstream commit f90fb3c7e2c13ae829db2274b88b845a75038b8a ] Only users of upc_req in kernel side fs/coda/psdev.c and fs/coda/upcall.c already include linux/coda_psdev.h. Suggested by Jan Harkes <jaharkes@cs.cmu.edu> in https://lore.kernel.org/lkml/20150531111913.GA23377@cs.cmu.edu/ Fixes these include/uapi/linux/coda_psdev.h compilation errors in userspace: linux/coda_psdev.h:12:19: error: field `uc_chain' has incomplete type struct list_head uc_chain; ^ linux/coda_psdev.h:13:2: error: unknown type name `caddr_t' caddr_t uc_data; ^ linux/coda_psdev.h:14:2: error: unknown type name `u_short' u_short uc_flags; ^ linux/coda_psdev.h:15:2: error: unknown type name `u_short' u_short uc_inSize; /* Size is at most 5000 bytes */ ^ linux/coda_psdev.h:16:2: error: unknown type name `u_short' u_short uc_outSize; ^ linux/coda_psdev.h:17:2: error: unknown type name `u_short' u_short uc_opcode; /* copied from data to save lookup */ ^ linux/coda_psdev.h:19:2: error: unknown type name `wait_queue_head_t' wait_queue_head_t uc_sleep; /* process' wait queue */ ^ Link: http://lkml.kernel.org/r/9f99f5ce6a0563d5266e6cf7aa9585aac2cae971.1558117389.git.jaharkes@cs.cmu.edu Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi> Signed-off-by: Jan Harkes <jaharkes@cs.cmu.edu> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Colin Ian King <colin.king@canonical.com> Cc: Dan Carpenter <dan.carpenter@oracle.com> Cc: David Howells <dhowells@redhat.com> Cc: Fabian Frederick <fabf@skynet.be> Cc: Sam Protsenko <semen.protsenko@linaro.org> Cc: Yann Droneaud <ydroneaud@opteya.com> Cc: Zhouyang Jia <jiazhouyang09@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
83cf3cfdb2 |
Merge 4.9.186 into android-4.9-q
Changes in 4.9.186 crypto: talitos - rename alternative AEAD algos. Input: elantech - enable middle button support on 2 ThinkPads samples, bpf: fix to change the buffer size for read() staging:iio:ad7150: fix threshold mode config bit mac80211: mesh: fix RCU warning mac80211: free peer keys before vif down in mesh mwifiex: Fix possible buffer overflows at parsing bss descriptor netfilter: ipv6: nf_defrag: fix leakage of unqueued fragments netfilter: ipv6: nf_defrag: accept duplicate fragments again dt-bindings: can: mcp251x: add mcp25625 support can: mcp251x: add support for mcp25625 Input: imx_keypad - make sure keyboard can always wake up system KVM: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed ARM: davinci: da850-evm: call regulator_has_full_constraints() ARM: davinci: da8xx: specify dma_coherent_mask for lcdc mac80211: only warn once on chanctx_conf being NULL md: fix for divide error in status_resync bnx2x: Check if transceiver implements DDM before access ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL net :sunrpc :clnt :Fix xps refcount imbalance on the error path udf: Fix incorrect final NOT_ALLOCATED (hole) extent length x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg() x86/tls: Fix possible spectre-v1 in do_get_thread_area() mwifiex: Abort at too short BSS descriptor element mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() fscrypt: don't set policy for a dead directory mwifiex: Don't abort on small, spec-compliant vendor IEs USB: serial: ftdi_sio: add ID for isodebug v1 USB: serial: option: add support for GosunCn ME3630 RNDIS mode Revert "serial: 8250: Don't service RX FIFO if interrupts are disabled" p54usb: Fix race between disconnect and firmware loading usb: gadget: ether: Fix race between gether_disconnect and rx_submit usb: renesas_usbhs: add a workaround for a race condition of workqueue staging: comedi: dt282x: fix a null pointer deref on interrupt staging: comedi: amplc_pci230: fix null pointer deref on interrupt carl9170: fix misuse of device driver API VMCI: Fix integer overflow in VMCI handle arrays MIPS: Remove superfluous check for __linux__ Revert "e1000e: fix cyclic resets at link up with active tx" e1000e: start network tx queue only when link is up nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header arm64: crypto: remove accidentally backported files perf/core: Fix perf_sample_regs_user() mm check ARM: omap2: remove incorrect __init annotation be2net: fix link failure after ethtool offline test ppp: mppe: Add softdep to arc4 sis900: fix TX completion ARM: dts: imx6ul: fix PWM[1-4] interrupts dm verity: use message limit for data block corruption message ARC: hide unused function unw_hdr_alloc s390: fix stfle zero padding s390/qdio: (re-)initialize tiqdio list entries s390/qdio: don't touch the dsci in tiqdio_add_input_queues() Linux 4.9.186 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Masahiro Yamada
|
4bc0144889 |
nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header
commit c32cc30c0544f13982ee0185d55f4910319b1a79 upstream.
cpu_to_le32/le32_to_cpu is defined in include/linux/byteorder/generic.h,
which is not exported to user-space.
UAPI headers must use the ones prefixed with double-underscore.
Detected by compile-testing exported headers:
include/linux/nilfs2_ondisk.h: In function `nilfs_checkpoint_set_snapshot':
include/linux/nilfs2_ondisk.h:536:17: error: implicit declaration of function `cpu_to_le32' [-Werror=implicit-function-declaration]
cp->cp_flags = cpu_to_le32(le32_to_cpu(cp->cp_flags) | \
^
include/linux/nilfs2_ondisk.h:552:1: note: in expansion of macro `NILFS_CHECKPOINT_FNS'
NILFS_CHECKPOINT_FNS(SNAPSHOT, snapshot)
^~~~~~~~~~~~~~~~~~~~
include/linux/nilfs2_ondisk.h:536:29: error: implicit declaration of function `le32_to_cpu' [-Werror=implicit-function-declaration]
cp->cp_flags = cpu_to_le32(le32_to_cpu(cp->cp_flags) | \
^
include/linux/nilfs2_ondisk.h:552:1: note: in expansion of macro `NILFS_CHECKPOINT_FNS'
NILFS_CHECKPOINT_FNS(SNAPSHOT, snapshot)
^~~~~~~~~~~~~~~~~~~~
include/linux/nilfs2_ondisk.h: In function `nilfs_segment_usage_set_clean':
include/linux/nilfs2_ondisk.h:622:19: error: implicit declaration of function `cpu_to_le64' [-Werror=implicit-function-declaration]
su->su_lastmod = cpu_to_le64(0);
^~~~~~~~~~~
Link: http://lkml.kernel.org/r/20190605053006.14332-1-yamada.masahiro@socionext.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
8b83e43efb |
Merge 4.9.182 into android-4.9-q
Changes in 4.9.182 tcp: reduce tcp_fastretrans_alert() verbosity tcp: limit payload size of sacked skbs tcp: tcp_fragment() should apply sane memory limits tcp: add tcp_min_snd_mss sysctl tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() Linux 4.9.182 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Dumazet
|
e358f4af19 |
tcp: tcp_fragment() should apply sane memory limits
commit f070ef2ac66716357066b683fb0baf55f8191a2e upstream. Jonathan Looney reported that a malicious peer can force a sender to fragment its retransmit queue into tiny skbs, inflating memory usage and/or overflow 32bit counters. TCP allows an application to queue up to sk_sndbuf bytes, so we need to give some allowance for non malicious splitting of retransmit queue. A new SNMP counter is added to monitor how many times TCP did not allow to split an skb if the allowance was exceeded. Note that this counter might increase in the case applications use SO_SNDBUF socket option to lower sk_sndbuf. CVE-2019-11478 : tcp_fragment, prevent fragmenting a packet when the socket is already using more than half the allowed space Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Jonathan Looney <jtl@netflix.com> Acked-by: Neal Cardwell <ncardwell@google.com> Acked-by: Yuchung Cheng <ycheng@google.com> Reviewed-by: Tyler Hicks <tyhicks@canonical.com> Cc: Bruce Curtis <brucec@netflix.com> Cc: Jonathan Lemon <jonathan.lemon@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
77161ce013 |
Merge 4.9.181 into android-4.9-q
Changes in 4.9.181
ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
llc: fix skb leak in llc_build_and_send_ui_pkt()
net: fec: fix the clk mismatch in failed_reset path
net-gro: fix use-after-free read in napi_gro_frags()
net: stmmac: fix reset gpio free missing
usbnet: fix kernel crash after disconnect
tipc: Avoid copying bytes beyond the supplied data
bnxt_en: Fix aggregation buffer leak under OOM condition.
ipv4/igmp: fix another memory leak in igmpv3_del_delrec()
ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST
net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT
net: mvneta: Fix err code path of probe
net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
crypto: vmx - ghash: do nosimd fallback manually
xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
tipc: fix modprobe tipc failed after switch order of device registration
sparc64: Fix regression in non-hypervisor TLB flush xcall
include/linux/bitops.h: sanitize rotate primitives
xhci: update bounce buffer with correct sg num
xhci: Use %zu for printing size_t type
xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
usb: xhci: avoid null pointer deref when bos field is NULL
usbip: usbip_host: fix BUG: sleeping function called from invalid context
usbip: usbip_host: fix stub_dev lock context imbalance regression
USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
USB: sisusbvga: fix oops in error path of sisusb_probe
USB: Add LPM quirk for Surface Dock GigE adapter
USB: rio500: refuse more than one device at a time
USB: rio500: fix memory leak in close after disconnect
media: usb: siano: Fix general protection fault in smsusb
media: usb: siano: Fix false-positive "uninitialized variable" warning
media: smsusb: better handle optional alignment
scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
Btrfs: fix race updating log root item during fsync
powerpc/perf: Fix MMCRA corruption by bhrb_filter
ALSA: hda/realtek - Set default power save node to 0
drm/nouveau/i2c: Disable i2c bus access after ->fini()
tty: serial: msm_serial: Fix XON/XOFF
tty: max310x: Fix external crystal register setup
memcg: make it work on sparse non-0-node systems
kernel/signal.c: trace_signal_deliver when signal_group_exit
docs: Fix conf.py for Sphinx 2.0
staging: vc04_services: prevent integer overflow in create_pagelist()
CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM
gcc-plugins: Fix build failures under Darwin host
drm/vmwgfx: Don't send drm sysfs hotplug events on initial master set
brcmfmac: add length checks in scheduled scan result handler
brcmfmac: assure SSID length from firmware is limited
brcmfmac: add subtype check for event handling in data path
binder: Replace "%p" with "%pK" for stable
binder: replace "%p" with "%pK"
fs: prevent page refcount overflow in pipe_buf_get
mm, gup: remove broken VM_BUG_ON_PAGE compound check for hugepages
mm, gup: ensure real head page is ref-counted when using hugepages
mm: prevent get_user_pages() from overflowing page refcount
mm: make page ref count overflow check tighter and more explicit
Revert "x86/build: Move _etext to actual end of .text"
efi/libstub: Unify command line param parsing
media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
ethtool: fix potential userspace buffer overflow
neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
net: rds: fix memory leak in rds_ib_flush_mr_pool
pktgen: do not sleep with the thread lock held.
ipv6: fix EFAULT on sendto with icmpv6 and hdrincl
ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
Revert "fib_rules: fix error in backport of e9919a24d302 ("fib_rules: return 0...")"
Revert "fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied"
rcu: locking and unlocking need to always be at least barriers
parisc: Use implicit space register selection for loading the coherence index of I/O pdirs
fuse: fallocate: fix return with locked inode
x86/power: Fix 'nosmt' vs hibernation triple fault during resume
MIPS: pistachio: Build uImage.gz by default
Revert "MIPS: perf: ath79: Fix perfcount IRQ assignment"
genwqe: Prevent an integer overflow in the ioctl
drm/gma500/cdv: Check vbt config bits when detecting lvds panels
drm/radeon: prefer lower reference dividers
drm/i915: Fix I915_EXEC_RING_MASK
TTY: serial_core, add ->install
fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
fuse: Add FOPEN_STREAM to use stream_open()
ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
ethtool: check the return value of get_regs_len
Linux 4.9.181
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Kirill Smelkov
|
cfd8d2e795 |
fuse: Add FOPEN_STREAM to use stream_open()
commit bbd84f33652f852ce5992d65db4d020aba21f882 upstream.
Starting from commit
|
||
|
Chris Wilson
|
8ad6a539db |
drm/i915: Fix I915_EXEC_RING_MASK
commit d90c06d57027203f73021bb7ddb30b800d65c636 upstream. This was supposed to be a mask of all known rings, but it is being used by execbuffer to filter out invalid rings, and so is instead mapping high unused values onto valid rings. Instead of a mask of all known rings, we need it to be the mask of all possible rings. Fixes: |
||
|
Chris Packham
|
f02d577c6f |
tipc: Avoid copying bytes beyond the supplied data
TLV_SET is called with a data pointer and a len parameter that tells us
how many bytes are pointed to by data. When invoking memcpy() we need
to careful to only copy len bytes.
Previously we would copy TLV_LENGTH(len) bytes which would copy an extra
4 bytes past the end of the data pointer which newer GCC versions
complain about.
In file included from test.c:17:
In function 'TLV_SET',
inlined from 'test' at test.c:186:5:
/usr/include/linux/tipc_config.h:317:3:
warning: 'memcpy' forming offset [33, 36] is out of the bounds [0, 32]
of object 'bearer_name' with type 'char[32]' [-Warray-bounds]
memcpy(TLV_DATA(tlv_ptr), data, tlv_len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test.c: In function 'test':
test.c::161:10: note:
'bearer_name' declared here
char bearer_name[TIPC_MAX_BEARER_NAME];
^~~~~~~~~~~
We still want to ensure any padding bytes at the end are initialised, do
this with a explicit memset() rather than copy bytes past the end of
data. Apply the same logic to TCM_SET.
Signed-off-by: Chris Packham <chris.packham@alliedtelesis.co.nz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
ef4a576d4b |
Merge 4.9.176 into android-4.9-q
Changes in 4.9.176 x86/MCE: Save microcode revision in machine check records x86/cpufeatures: Hide AMD-specific speculation flags x86/bugs: Add AMD's variant of SSB_NO x86/bugs: Add AMD's SPEC_CTRL MSR usage x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR x86/microcode/intel: Add a helper which gives the microcode revision x86/microcode/intel: Check microcode revision before updating sibling threads x86/microcode: Make sure boot_cpu_data.microcode is up-to-date x86/microcode: Update the new microcode revision unconditionally x86/mm: Use WRITE_ONCE() when setting PTEs bitops: avoid integer overflow in GENMASK(_ULL) x86/speculation: Simplify the CPU bug detection logic locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation x86/cpu: Sanitize FAM6_ATOM naming Documentation/l1tf: Fix small spelling typo x86/speculation: Apply IBPB more strictly to avoid cross-process data leak x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation x86/speculation: Propagate information about RSB filling mitigation to sysfs x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off x86/speculation: Update the TIF_SSBD comment x86/speculation: Clean up spectre_v2_parse_cmdline() x86/speculation: Remove unnecessary ret variable in cpu_show_common() x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() x86/speculation: Disable STIBP when enhanced IBRS is in use x86/speculation: Rename SSBD update functions x86/speculation: Reorganize speculation control MSRs update x86/Kconfig: Select SCHED_SMT if SMP enabled sched: Add sched_smt_active() x86/speculation: Rework SMT state change x86/l1tf: Show actual SMT state x86/speculation: Reorder the spec_v2 code x86/speculation: Mark string arrays const correctly x86/speculataion: Mark command line parser data __initdata x86/speculation: Unify conditional spectre v2 print functions x86/speculation: Add command line control for indirect branch speculation x86/speculation: Prepare for per task indirect branch speculation control x86/process: Consolidate and simplify switch_to_xtra() code x86/speculation: Avoid __switch_to_xtra() calls x86/speculation: Prepare for conditional IBPB in switch_mm() x86/speculation: Split out TIF update x86/speculation: Prepare arch_smt_update() for PRCTL mode x86/speculation: Prevent stale SPEC_CTRL msr content x86/speculation: Add prctl() control for indirect branch speculation x86/speculation: Enable prctl mode for spectre_v2_user x86/speculation: Add seccomp Spectre v2 user space protection mode x86/speculation: Provide IBPB always command line options kvm: x86: Report STIBP on GET_SUPPORTED_CPUID x86/msr-index: Cleanup bit defines x86/speculation: Consolidate CPU whitelists x86/speculation/mds: Add basic bug infrastructure for MDS x86/speculation/mds: Add BUG_MSBDS_ONLY x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests x86/speculation/mds: Add mds_clear_cpu_buffers() x86/speculation/mds: Clear CPU buffers on exit to user x86/kvm/vmx: Add MDS protection when L1D Flush is not active x86/speculation/mds: Conditionally clear CPU buffers on idle entry x86/speculation/mds: Add mitigation control for MDS x86/speculation/mds: Add sysfs reporting for MDS x86/speculation/mds: Add mitigation mode VMWERV Documentation: Move L1TF to separate directory Documentation: Add MDS vulnerability documentation x86/speculation/mds: Add mds=full,nosmt cmdline option x86/speculation: Move arch_smt_update() call to after mitigation decisions x86/speculation/mds: Add SMT warning message x86/speculation/mds: Fix comment x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off cpu/speculation: Add 'mitigations=' cmdline option x86/speculation: Support 'mitigations=' cmdline option x86/speculation/mds: Add 'mitigations=' support for MDS x86/mds: Add MDSUM variant to the MDS documentation Documentation: Correct the possible MDS sysfs values x86/speculation/mds: Fix documentation typo x86: stop exporting msr-index.h to userland x86/cpu/bugs: Use __initconst for 'const' init data Linux 4.9.176 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Thomas Gleixner
|
2d99bc055e |
x86/speculation: Add prctl() control for indirect branch speculation
commit 9137bb27e60e554dab694eafa4cca241fa3a694f upstream. Add the PR_SPEC_INDIRECT_BRANCH option for the PR_GET_SPECULATION_CTRL and PR_SET_SPECULATION_CTRL prctls to allow fine grained per task control of indirect branch speculation via STIBP and IBPB. Invocations: Check indirect branch speculation status with - prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, 0, 0, 0); Enable indirect branch speculation with - prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0); Disable indirect branch speculation with - prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0); Force disable indirect branch speculation with - prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0); See Documentation/userspace-api/spec_ctrl.rst. Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Ingo Molnar <mingo@kernel.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Jiri Kosina <jkosina@suse.cz> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: David Woodhouse <dwmw@amazon.co.uk> Cc: Andi Kleen <ak@linux.intel.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Casey Schaufler <casey.schaufler@intel.com> Cc: Asit Mallick <asit.k.mallick@intel.com> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Jon Masters <jcm@redhat.com> Cc: Waiman Long <longman9394@gmail.com> Cc: Greg KH <gregkh@linuxfoundation.org> Cc: Dave Stewart <david.c.stewart@intel.com> Cc: Kees Cook <keescook@chromium.org> Link: https://lkml.kernel.org/r/20181125185005.866780996@linutronix.de [bwh: Backported to 4.9: - Renumber the PFA flags - Drop changes in tools/include/uapi/linux/prctl.h - Adjust filename] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Mark Salyzyn
|
a8f5dd2206 |
Revert "ANDROID: input: misc: keychord: move header to uapi"
This reverts commit
|
||
|
Johannes Weiner
|
d6687a2955 |
BACKPORT: delayacct: track delays from thrashing cache pages
Delay accounting already measures the time a task spends in direct reclaim
and waiting for swapin, but in low memory situations tasks spend can spend
a significant amount of their time waiting on thrashing page cache. This
isn't tracked right now.
To know the full impact of memory contention on an individual task,
measure the delay when waiting for a recently evicted active cache page to
read back into memory.
Also update tools/accounting/getdelays.c:
[hannes@computer accounting]$ sudo ./getdelays -d -p 1
print delayacct stats ON
PID 1
CPU count real total virtual total delay total delay average
50318 745000000 847346785 400533713 0.008ms
IO count delay total delay average
435 122601218 0ms
SWAP count delay total delay average
0 0 0ms
RECLAIM count delay total delay average
0 0 0ms
THRASHING count delay total delay average
19 12621439 0ms
Link: http://lkml.kernel.org/r/20180828172258.3185-4-hannes@cmpxchg.org
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Daniel Drake <drake@endlessm.com>
Tested-by: Suren Baghdasaryan <surenb@google.com>
Cc: Christopher Lameter <cl@linux.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Johannes Weiner <jweiner@fb.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Enderborg <peter.enderborg@sony.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Vinayak Menon <vinmenon@codeaurora.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit b1d29ba82cf2bc784f4c963ddd6a2cf29e229b33)
Conflicts:
kernel/delayacct.c
(manual merge to remote extra parameter in delayacct_end)
Bug: 111308141
Test: modified lmkd to use PSI and tested using lmkd_unit_test
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ie0237b0fc85efd2ecf0eda209036ca950c612dc6
|
||
|
Todd Kjos
|
63e0afa90b |
FROMGIT: binder: create node flag to request sender's security context
To allow servers to verify client identity, allow a node flag to be set that causes the sender's security context to be delivered with the transaction. The BR_TRANSACTION command is extended in BR_TRANSACTION_SEC_CTX to contain a pointer to the security context string. Signed-off-by: Todd Kjos <tkjos@google.com> Reviewed-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit ec74136ded792deed80780a2f8baf3521eeb72f9 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master) Change-Id: I44496546e2d0dc0022f818a45cd52feb1c1a92cb Signed-off-by: Todd Kjos <tkjos@google.com> |
||
|
Greg Kroah-Hartman
|
7c85ed0855 |
Merge 4.9.159 into android-4.9
Changes in 4.9.159 dt-bindings: eeprom: at24: add "atmel,24c2048" compatible string eeprom: at24: add support for 24c2048 uapi/if_ether.h: prevent redefinition of struct ethhdr ARM: 8789/1: signal: copy registers using __copy_to_user() ARM: 8791/1: vfp: use __copy_to_user() when saving VFP state ARM: 8792/1: oabi-compat: copy oabi events using __copy_to_user() ARM: 8793/1: signal: replace __put_user_error with __put_user ARM: 8794/1: uaccess: Prevent speculative use of the current addr_limit ARM: 8795/1: spectre-v1.1: use put_user() for __put_user() ARM: 8796/1: spectre-v1,v1.1: provide helpers for address sanitization ARM: 8797/1: spectre-v1.1: harden __copy_to_user ARM: 8810/1: vfp: Fix wrong assignement to ufp_exc ARM: make lookup_processor_type() non-__init ARM: split out processor lookup ARM: clean up per-processor check_bugs method call ARM: add PROC_VTABLE and PROC_TABLE macros ARM: spectre-v2: per-CPU vtables to work around big.Little systems ARM: ensure that processor vtables is not lost after boot ARM: fix the cockup in the previous patch net: create skb_gso_validate_mac_len() bnx2x: disable GSO where gso_size is too big for hardware ACPI: NUMA: Use correct type for printing addresses on i386-PAE cpufreq: check if policy is inactive early in __cpufreq_get() drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE drm/bridge: tc358767: fix single lane configuration drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value drm/bridge: tc358767: reject modes which require too much BW drm/bridge: tc358767: fix output H/V syncs ARM: dts: da850-evm: Correct the sound card name ARM: dts: da850-lcdk: Correct the sound card name ARM: dts: kirkwood: Fix polarity of GPIO fan lines gpio: pl061: handle failed allocations cifs: Limit memory used by lock request calls to a page perf report: Include partial stacks unwound with libdw Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK perf/core: Fix impossible ring-buffer sizes warning perf/x86: Add check_period PMU callback ALSA: hda - Add quirk for HP EliteBook 840 G5 ALSA: usb-audio: Fix implicit fb endpoint setup by quirk kvm: vmx: Fix entry number check for add_atomic_switch_msr() Input: bma150 - register input device after setting private data Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 alpha: fix page fault handling for r16-r18 targets alpha: Fix Eiger NR_IRQS to 128 tracing/uprobes: Fix output for multiple string arguments x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls signal: Restore the stop PTRACE_EVENT_EXIT x86/a.out: Clear the dump structure initially dm thin: fix bug where bio that overwrites thin block ignores FUA drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set smsc95xx: Use skb_cow_head to deal with cloned skbs ch9200: use skb_cow_head() to deal with cloned skbs kaweth: use skb_cow_head() to deal with cloned skbs usb: dwc2: Remove unnecessary kfree netfilter: nf_tables: fix mismatch in big-endian system pinctrl: msm: fix gpio-hog related boot issues mm: stop leaking PageTables uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define Revert "scsi: aic94xx: fix module loading" Linux 4.9.159 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Hauke Mehrtens
|
162a93c20d |
uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define
commit da360299b6734135a5f66d7db458dcc7801c826a upstream.
This fixes a compile problem of some user space applications by not
including linux/libc-compat.h in uapi/if_ether.h.
linux/libc-compat.h checks which "features" the header files, included
from the libc, provide to make the Linux kernel uapi header files only
provide no conflicting structures and enums. If a user application mixes
kernel headers and libc headers it could happen that linux/libc-compat.h
gets included too early where not all other libc headers are included
yet. Then the linux/libc-compat.h would not prevent all the
redefinitions and we run into compile problems.
This patch removes the include of linux/libc-compat.h from
uapi/if_ether.h to fix the recently introduced case, but not all as this
is more or less impossible.
It is no problem to do the check directly in the if_ether.h file and not
in libc-compat.h as this does not need any fancy glibc header detection
as glibc never provided struct ethhdr and should define
__UAPI_DEF_ETHHDR by them self when they will provide this.
The following test program did not compile correctly any more:
#include <linux/if_ether.h>
#include <netinet/in.h>
#include <linux/in.h>
int main(void)
{
return 0;
}
Fixes: 6926e041a892 ("uapi/if_ether.h: prevent redefinition of struct ethhdr")
Reported-by: Guillaume Nault <g.nault@alphalink.fr>
Cc: <stable@vger.kernel.org> # 4.15
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Hauke Mehrtens
|
0432fed9f4 |
uapi/if_ether.h: prevent redefinition of struct ethhdr
commit 6926e041a8920c8ec27e4e155efa760aa01551fd upstream. Musl provides its own ethhdr struct definition. Add a guard to prevent its definition of the appropriate musl header has already been included. glibc does not implement this header, but when glibc will implement this they can just define __UAPI_DEF_ETHHDR 0 to make it work with the kernel. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
c7b283dd04 |
Merge 4.9.150 into android-4.9
Changes in 4.9.150 pinctrl: meson: fix pull enable register calculation powerpc: Fix COFF zImage booting on old powermacs ARM: imx: update the cpu power up timing setting on i.mx6sx ARM: dts: imx7d-nitrogen7: Fix the description of the Wifi clock Input: restore EV_ABS ABS_RESERVED checkstack.pl: fix for aarch64 xfrm: Fix bucket count reported to userspace netfilter: seqadj: re-load tcp header pointer after possible head reallocation scsi: bnx2fc: Fix NULL dereference in error handling Input: omap-keypad - fix idle configuration to not block SoC idle states netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel bnx2x: Clear fip MAC when fcoe offload support is disabled bnx2x: Remove configured vlans as part of unload sequence. bnx2x: Send update-svid ramrod with retry/poll flags enabled scsi: target: iscsi: cxgbit: fix csk leak scsi: target: iscsi: cxgbit: add missing spin_lock_init() drivers: net: xgene: Remove unnecessary forward declarations w90p910_ether: remove incorrect __init annotation net: hns: Incorrect offset address used for some registers. net: hns: All ports can not work when insmod hns ko after rmmod. net: hns: Some registers use wrong address according to the datasheet. net: hns: Fixed bug that netdev was opened twice net: hns: Clean rx fbd when ae stopped. net: hns: Free irq when exit from abnormal branch net: hns: Avoid net reset caused by pause frames storm net: hns: Fix ntuple-filters status error. net: hns: Add mac pcs config when enable|disable mac SUNRPC: Fix a race with XPRT_CONNECTING lan78xx: Resolve issue with changing MAC address vxge: ensure data0 is initialized in when fetching firmware version information net: netxen: fix a missing check and an uninitialized use serial/sunsu: fix refcount leak scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown libceph: fix CEPH_FEATURE_CEPHX_V2 check in calc_signature() fork: record start_time late hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL mm, devm_memremap_pages: kill mapping "System RAM" support sunrpc: fix cache_head leak due to queued request sunrpc: use SVC_NET() in svcauth_gss_* functions MIPS: math-emu: Write-protect delay slot emulation pages crypto: x86/chacha20 - avoid sleeping with preemption disabled vhost/vsock: fix uninitialized vhost_vsock->guest_cid IB/hfi1: Incorrect sizing of sge for PIO will OOPs ALSA: cs46xx: Potential NULL dereference in probe ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks dlm: fixed memory leaks after failed ls_remove_names allocation dlm: possible memory leak on error path in create_lkb() dlm: lost put_lkb on error path in receive_convert() and receive_unlock() dlm: memory leaks on error path in dlm_user_request() gfs2: Get rid of potential double-freeing in gfs2_create_inode gfs2: Fix loop in gfs2_rbm_find b43: Fix error in cordic routine powerpc/tm: Set MSR[TS] just prior to recheckpoint 9p/net: put a lower bound on msize rxe: fix error completion wr_id and qp_num iommu/vt-d: Handle domain agaw being less than iommu agaw ceph: don't update importing cap's mseq when handing cap export genwqe: Fix size check intel_th: msu: Fix an off-by-one in attribute store power: supply: olpc_battery: correct the temperature units drm/vc4: Set ->is_yuv to false when num_planes == 1 bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw Linux 4.9.150 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Peter Hutterer
|
e340402793 |
Input: restore EV_ABS ABS_RESERVED
[ Upstream commit c201e3808e0e4be9b98d192802085a9f491bd80c ] ABS_RESERVED was added in d9ca1c990a7 and accidentally removed as part of ffe0e7cf290f5c9 when the high-resolution scrolling code was removed. Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Martin Kepplinger <martin.kepplinger@ginzinger.com> Acked-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Acked-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Eric Biggers
|
e33fa31e30 |
BACKPORT, FROMGIT: fscrypt: add Adiantum support
Add support for the Adiantum encryption mode to fscrypt. Adiantum is a tweakable, length-preserving encryption mode with security provably reducible to that of XChaCha12 and AES-256, subject to a security bound. It's also a true wide-block mode, unlike XTS. See the paper "Adiantum: length-preserving encryption for entry-level processors" (https://eprint.iacr.org/2018/720.pdf) for more details. Also see commit 059c2a4d8e16 ("crypto: adiantum - add Adiantum support"). On sufficiently long messages, Adiantum's bottlenecks are XChaCha12 and the NH hash function. These algorithms are fast even on processors without dedicated crypto instructions. Adiantum makes it feasible to enable storage encryption on low-end mobile devices that lack AES instructions; currently such devices are unencrypted. On ARM Cortex-A7, on 4096-byte messages Adiantum encryption is about 4 times faster than AES-256-XTS encryption; decryption is about 5 times faster. In fscrypt, Adiantum is suitable for encrypting both file contents and names. With filenames, it fixes a known weakness: when two filenames in a directory share a common prefix of >= 16 bytes, with CTS-CBC their encrypted filenames share a common prefix too, leaking information. Adiantum does not have this problem. Since Adiantum also accepts long tweaks (IVs), it's also safe to use the master key directly for Adiantum encryption rather than deriving per-file keys, provided that the per-file nonce is included in the IVs and the master key isn't used for any other encryption mode. This configuration saves memory and improves performance. A new fscrypt policy flag is added to allow users to opt-in to this configuration. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> (cherry picked from commit 889645b87e96cecbdf7d76ab86447d1f1c6b41d3 https://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt.git master) Conflicts: Documentation/filesystems/fscrypt.rst include/uapi/linux/fs.h (replaced refcount_t with atomic_t) Bug: 112008522 Test: For regression testing, built the kernel for x86_64 KVM and ran the encryption xfstests using kvm-xfstests: kvm-xfstests -c ext4,f2fs -g encrypt Tests for the Adiantum mode and "direct key" specifically aren't yet included in xfstests, but I also tried it manually with the following (run in the kvm-xfstests test appliance): cd / umount /vdc &> /dev/null mkfs.f2fs -O encrypt -f /dev/vdc mount /vdc cd /vdc rm -rf edir mkdir edir . ~/xfstests/common/encrypt KEYCTL_PROG=keyctl FSTYP=fscrypt _new_session_keyring k=$(_generate_encryption_key) xfs_io -c "set_encpolicy -c 9 -n 9 -f 0x4 $k" edir/ cp -a /usr edir/ diff -r /usr edir/usr/ dmesg should show that Adiantum is being used: fscrypt: Adiantum using implementation "adiantum(xchacha12-generic,aes-aesni,nhpoly1305-generic)" Change-Id: I29ffaa7ef9cbd23d2f6ed428814c607227241ce9 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Greg Kroah-Hartman
|
860c8b8931 |
Merge 4.9.144 into android-4.9
Changes in 4.9.144 Kbuild: suppress packed-not-aligned warning for default setting only disable stringop truncation warnings for now test_hexdump: use memcpy instead of strncpy kobject: Replace strncpy with memcpy unifdef: use memcpy instead of strncpy kernfs: Replace strncpy with memcpy ip_tunnel: Fix name string concatenate in __ip_tunnel_create() drm: gma500: fix logic error scsi: bfa: convert to strlcpy/strlcat staging: rts5208: fix gcc-8 logic error warning kdb: use memmove instead of overlapping memcpy x86/power/64: Use char arrays for asm function names iser: set sector for ambiguous mr status errors uprobes: Fix handle_swbp() vs. unregister() + register() race once more MIPS: ralink: Fix mt7620 nd_sd pinmux mips: fix mips_get_syscall_arg o32 check IB/mlx5: Avoid load failure due to unknown link width drm/ast: Fix incorrect free on ioregs drm: set is_master to 0 upon drm_new_set_master() failure scsi: scsi_devinfo: cleanly zero-pad devinfo strings ALSA: trident: Suppress gcc string warning scsi: csiostor: Avoid content leaks and casts kgdboc: Fix restrict error kgdboc: Fix warning with module build binder: fix proc->files use-after-free svm: Add mutex_lock to protect apic_access_page_done on AMD systems drm/mediatek: fix OF sibling-node lookup Input: xpad - quirk all PDP Xbox One gamepads Input: matrix_keypad - check for errors from of_get_named_gpio() Input: elan_i2c - add ELAN0620 to the ACPI table Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR Input: elan_i2c - add support for ELAN0621 touchpad btrfs: Always try all copies when reading extent buffers Btrfs: fix use-after-free when dumping free space ARC: change defconfig defaults to ARCv2 arc: [devboards] Add support of NFSv3 ACL udf: Allow mounting volumes with incorrect identification strings reset: make optional functions really optional reset: core: fix reset_control_put reset: fix optional reset_control_get stubs to return NULL reset: add exported __reset_control_get, return NULL if optional reset: make device_reset_optional() really optional reset: remove remaining WARN_ON() in <linux/reset.h> mm: cleancache: fix corruption on missed inode invalidation usb: gadget: dummy: fix nonsensical comparisons net: qed: use correct strncpy() size tipc: use destination length for copy string libceph: drop len argument of *verify_authorizer_reply() libceph: no need to drop con->mutex for ->get_authorizer() libceph: store ceph_auth_handshake pointer in ceph_connection libceph: factor out __prepare_write_connect() libceph: factor out __ceph_x_decrypt() libceph: factor out encrypt_authorizer() libceph: add authorizer challenge libceph: implement CEPHX_V2 calculation mode libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() libceph: check authorizer reply/challenge length before reading bpf/verifier: Add spi variable to check_stack_write() bpf/verifier: Pass instruction index to check_mem_access() and check_xadd() bpf: Prevent memory disambiguation attack wil6210: missing length check in wmi_set_ie mm/hugetlb.c: don't call region_abort if region_chg fails hugetlbfs: fix offset overflow in hugetlbfs mmap hugetlbfs: check for pgoff value overflow btrfs: validate type when reading a chunk btrfs: Verify that every chunk has corresponding block group at mount time btrfs: Refactor check_leaf function for later expansion btrfs: Check if item pointer overlaps with the item itself btrfs: Add sanity check for EXTENT_DATA when reading out leaf btrfs: Add checker for EXTENT_CSUM btrfs: Move leaf and node validation checker to tree-checker.c btrfs: struct-funcs, constify readers btrfs: tree-checker: Enhance btrfs_check_node output btrfs: tree-checker: Fix false panic for sanity test btrfs: tree-checker: Add checker for dir item btrfs: tree-checker: use %zu format string for size_t btrfs: tree-check: reduce stack consumption in check_dir_item btrfs: tree-checker: Verify block_group_item btrfs: tree-checker: Detect invalid and empty essential trees btrfs: Check that each block group has corresponding chunk at mount time btrfs: tree-checker: Check level for leaves and nodes btrfs: tree-checker: Fix misleading group system information f2fs: fix a panic caused by NULL flush_cmd_control f2fs: fix race condition in between free nid allocator/initializer f2fs: detect wrong layout f2fs: return error during fill_super f2fs: check blkaddr more accuratly before issue a bio f2fs: sanity check on sit entry f2fs: enhance sanity_check_raw_super() to avoid potential overflow f2fs: clean up with is_valid_blkaddr() f2fs: introduce and spread verify_blkaddr f2fs: fix to do sanity check with secs_per_zone f2fs: fix to do sanity check with user_block_count f2fs: Add sanity_check_inode() function f2fs: fix to do sanity check with node footer and iblocks f2fs: fix to do sanity check with block address in main area f2fs: fix missing up_read f2fs: fix to do sanity check with block address in main area v2 f2fs: free meta pages if sanity check for ckpt is failed f2fs: fix to do sanity check with cp_pack_start_sum xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE hugetlbfs: fix bug in pgoff overflow checking Linux 4.9.144 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Qu Wenruo
|
c5b2907131 |
btrfs: Add sanity check for EXTENT_DATA when reading out leaf
commit 40c3c40947324d9f40bf47830c92c59a9bbadf4a upstream. Add extra checks for item with EXTENT_DATA type. This checks the following thing: 0) Key offset All key offsets must be aligned to sectorsize. Inline extent must have 0 for key offset. 1) Item size Uncompressed inline file extent size must match item size. (Compressed inline file extent has no information about its on-disk size.) Regular/preallocated file extent size must be a fixed value. 2) Every member of regular file extent item Including alignment for bytenr and offset, possible value for compression/encryption/type. 3) Type/compression/encode must be one of the valid values. This should be the most comprehensive and strict check in the context of btrfs_item for EXTENT_DATA. Signed-off-by: Qu Wenruo <quwenruo.btrfs@gmx.com> Reviewed-by: Nikolay Borisov <nborisov@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> [ switch to BTRFS_FILE_EXTENT_TYPES, similar to what BTRFS_COMPRESS_TYPES does ] Signed-off-by: David Sterba <dsterba@suse.com> [bwh: Backported to 4.9: Use root->sectorsize instead of root->fs_info->sectorsize] Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Steffen Klassert
|
f5bb9e918c |
BACKPORT: xfrm: Add virtual xfrm interfaces
This patch adds support for virtual xfrm interfaces. Packets that are routed through such an interface are guaranteed to be IPsec transformed or dropped. It is a generic virtual interface that ensures IPsec transformation, no need to know what happens behind the interface. This means that we can tunnel IPv4 and IPv6 through the same interface and support all xfrm modes (tunnel, transport and beet) on it. Co-developed-by: Lorenzo Colitti <lorenzo@google.com> Co-developed-by: Benedict Wong <benedictwong@google.com> Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: Benedict Wong <benedictwong@google.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Shannon Nelson <shannon.nelson@oracle.com> Tested-by: Benedict Wong <benedictwong@google.com> Tested-by: Antony Antony <antony@phenome.org> Reviewed-by: Eyal Birger <eyal.birger@gmail.com> Conflicts: XFRM device offload not backported, as with per-cpu caching. Reverted related code. (cherry picked from commit f203b76d78092faf248db3f851840fbecf80b40e) Signed-off-by: Benedict Wong <benedictwong@google.com> Bug: 115914689 Change-Id: Ide3110870740b0f0fe6e5a4409059756ade3c3fb |
||
|
Steffen Klassert
|
a80f560ded |
BACKPORT: xfrm: Add a new lookup key to match xfrm interfaces.
This patch adds the xfrm interface id as a lookup key for xfrm states and policies. With this we can assign states and policies to virtual xfrm interfaces. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Shannon Nelson <shannon.nelson@oracle.com> Acked-by: Benedict Wong <benedictwong@google.com> Tested-by: Benedict Wong <benedictwong@google.com> Tested-by: Antony Antony <antony@phenome.org> Reviewed-by: Eyal Birger <eyal.birger@gmail.com> Conflicts: XFRM device offload not backported previously; reverted codepaths that required device offload (cherry picked from commit 7e6526404adedf079279aa7aa11722deaca8fe2e) Signed-off-by: Benedict Wong <benedictwong@google.com> Bug: 115914689 Change-Id: I45b6e316687599777a459ad1baea516afa8f473d |
||
|
Steffen Klassert
|
78f10c5504 |
BACKPORT: xfrm: Extend the output_mark to support input direction and masking.
We already support setting an output mark at the xfrm_state, unfortunately this does not support the input direction and masking the marks that will be applied to the skb. This change adds support applying a masked value in both directions. The existing XFRMA_OUTPUT_MARK number is reused for this purpose and as it is now bi-directional, it is renamed to XFRMA_SET_MARK. An additional XFRMA_SET_MARK_MASK attribute is added for setting the mask. If the attribute mask not provided, it is set to 0xffffffff, keeping the XFRMA_OUTPUT_MARK existing 'full mask' semantics. Co-developed-by: Tobias Brunner <tobias@strongswan.org> Co-developed-by: Eyal Birger <eyal.birger@gmail.com> Co-developed-by: Lorenzo Colitti <lorenzo@google.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Tobias Brunner <tobias@strongswan.org> Signed-off-by: Eyal Birger <eyal.birger@gmail.com> Signed-off-by: Lorenzo Colitti <lorenzo@google.com> Conflicts: XFRM OFFLOAD not previously backported; removed incompatible device offload copying in xfrm_user.c, xfrm_device.c (cherry picked from commit 9b42c1f179a614e11893ae4619f0304a38f481ae) Signed-off-by: Benedict Wong <benedictwong@google.com> Bug: 115914689 Change-Id: I9f554d1697a72ef5668e5251d560cc1ba4d0ab07 |
||
|
Roderick Colenbrander
|
6f561e9664 |
UPSTREAM: HID: sony: Report DS4 motion sensors through a separate device
The DS4 motion sensors are currently mapped by the hid-core driver to non-existing axes in between ABS_MISC and ABS_MT_SLOT, because the device already exhausted ABS_X-ABS_RZ. For a part the mapping by hid-core is accomplished by a fixup in hid-sony as the motion axes actually use vendor specific usage pages. This patch makes the DS4 use a separate input device for the motion sensors and reports acceleration data through ABS_X-ABS_Z and gyroscope data through ABS_RX-ABS_RZ. In addition it extends the event spec to allow gyroscope data through ABS_RX-ABS_RZ when INPUT_PROP_ACCELEROMETER is set. This change was suggested by Peter Hutterer during a discussion on linux-input. [jkosina@suse.cz: rebase onto slightly newer codebase] Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> (cherry picked from commit 227c011b2e046dd4d36d9e00e3d9c88097b2a4c3) Bug: 111431828 Signed-off-by: Kim Low <kim-huei.low@sony.com> Change-Id: Icc3c5d4338d5e00b8fa6c4192468dd1f56654ee1 |
||
|
Greg Kroah-Hartman
|
a427932c0b |
Merge 4.9.134 into android-4.9
Changes in 4.9.134 ASoC: wm8804: Add ACPI support ASoC: sigmadsp: safeload should not have lower byte limit selftests/efivarfs: add required kernel configs selftests: memory-hotplug: add required configs mfd: omap-usb-host: Fix dts probe of children scsi: iscsi: target: Don't use stack buffer for scatterlist scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() sound: enable interrupt after dma buffer initialization stmmac: fix valid numbers of unicast filter entries net: macb: disable scatter-gather for macb on sama5d3 ARM: dts: at91: add new compatibility string for macb on sama5d3 x86/kvm/lapic: always disable MMIO interface in x2APIC mode drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 ext4: Fix error code in ext4_xattr_set_entry() mm/vmstat.c: fix outdated vmstat_text mach64: detect the dot clock divider correctly on sparc perf script python: Fix export-to-postgresql.py occasional failure i2c: i2c-scmi: fix for i2c_smbus_write_block_data xhci: Don't print a warning when setting link state for disabled ports bnxt_en: Fix TX timeout during netpoll. bonding: avoid possible dead-lock ip6_tunnel: be careful when accessing the inner header ip_tunnel: be careful when accessing the inner header ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() ipv6: take rcu lock in rawv6_send_hdrinc() net: dsa: bcm_sf2: Call setup during switch resume net: hns: fix for unmapping problem when SMMU is on net: ipv4: update fnhe_pmtu when first hop's MTU changes net/ipv6: Display all addresses in output of /proc/net/if_inet6 netlabel: check for IPV4MASK in addrinfo_get net/usb: cancel pending work when unbinding smsc75xx qlcnic: fix Tx descriptor corruption on 82xx devices qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface team: Forbid enslaving team device to itself net: dsa: bcm_sf2: Fix unbind ordering net: mvpp2: Extract the correct ethtype from the skb for tx csum offload net: systemport: Fix wake-up interrupt race during resume rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 tcp/dccp: fix lockdep issue when SYN is backlogged inet: make sure to grab rcu_read_lock before using ireq->ireq_opt inet: frags: change inet_frags_init_net() return value inet: frags: add a pointer to struct netns_frags inet: frags: refactor ipfrag_init() inet: frags: refactor ipv6_frag_init() inet: frags: refactor lowpan_net_frag_init() ipv6: export ip6 fragments sysctl to unprivileged users rhashtable: add schedule points inet: frags: use rhashtables for reassembly units inet: frags: remove some helpers inet: frags: get rif of inet_frag_evicting() inet: frags: remove inet_frag_maybe_warn_overflow() inet: frags: break the 2GB limit for frags storage inet: frags: do not clone skb in ip_expire() ipv6: frags: rewrite ip6_expire_frag_queue() rhashtable: reorganize struct rhashtable layout inet: frags: reorganize struct netns_frags inet: frags: get rid of ipfrag_skb_cb/FRAG_CB inet: frags: fix ip6frag_low_thresh boundary ip: discard IPv4 datagrams with overlapping segments. net: speed up skb_rbtree_purge() net: modify skb_rbtree_purge to return the truesize of all purged skbs. ipv6: defrag: drop non-last frags smaller than min mtu net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends net: add rb_to_skb() and other rb tree helpers ip: use rb trees for IP frag queue. ip: add helpers to process in-order fragments faster. ip: process in-order fragments efficiently ip: frags: fix crash in ip_do_fragment() ipv4: frags: precedence bug in ip_expire() Linux 4.9.134 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Peter Oskolkov
|
82f36cbc74 |
ip: discard IPv4 datagrams with overlapping segments.
This behavior is required in IPv6, and there is little need to tolerate overlapping fragments in IPv4. This change simplifies the code and eliminates potential DDoS attack vectors. Tested: ran ip_defrag selftest (not yet available uptream). Suggested-by: David S. Miller <davem@davemloft.net> Signed-off-by: Peter Oskolkov <posk@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Florian Westphal <fw@strlen.de> Acked-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 7969e5c40dfd04799d4341f1b7cd266b6e47f227) Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Omar Sandoval
|
cc7cefae2a |
UPSTREAM: loop: add ioctl for changing logical block size
This is a different approach from the first attempt in f2c6df7dbf9a
("loop: support 4k physical blocksize"). Rather than extending
LOOP_{GET,SET}_STATUS, add a separate ioctl just for setting the block
size.
Change-Id: I8d847f9f33263de9840c5e236a9f0fb7caf1edb4
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
(cherry picked from commit 89e4fdecb51cf5535867026274bc97de9480ade5)
Signed-off-by: Martijn Coenen <maco@android.com>
|
||
|
Martijn Coenen
|
1c57ba4f54 |
FROMLIST: ANDROID: binder: Add BINDER_GET_NODE_INFO_FOR_REF ioctl.
This allows the context manager to retrieve information about nodes that it holds a reference to, such as the current number of references to those nodes. Such information can for example be used to determine whether the servicemanager is the only process holding a reference to a node. This information can then be passed on to the process holding the node, which can in turn decide whether it wants to shut down to reduce resource usage. Signed-off-by: Martijn Coenen <maco@android.com> |
||
|
Greg Kroah-Hartman
|
ba01a4255d |
Merge 4.9.128 into android-4.9
Changes in 4.9.128
i2c: xiic: Make the start and the byte count write atomic
i2c: i801: fix DNV's SMBCTRL register offset
KVM: s390: vsie: copy wrapping keys to right place
ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
cfq: Give a chance for arming slice idle timer in case of group_idle
kthread: Fix use-after-free if kthread fork fails
kthread: fix boot hang (regression) on MIPS/OpenRISC
staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page
staging/rts5208: Fix read overflow in memcpy
IB/rxe: do not copy extra stack memory to skb
block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg
nl80211: fix null-ptr dereference on invalid mesh configuration
locking/rwsem-xadd: Fix missed wakeup due to reordering of load
selinux: use GFP_NOWAIT in the AVC kmem_caches
locking/osq_lock: Fix osq_lock queue corruption
mm, vmscan: clear PGDAT_WRITEBACK when zone is balanced
mm: remove seemingly spurious reclaimability check from laptop_mode gating
ARC: [plat-axs*]: Enable SWAP
misc: mic: SCIF Fix scif_get_new_port() error handling
ethtool: Remove trailing semicolon for static inline
Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV
gpio: tegra: Move driver registration to subsys_init level
net: phy: Fix the register offsets in Broadcom iProc mdio mux driver
scsi: target: fix __transport_register_session locking
md/raid5: fix data corruption of replacements after originals dropped
timers: Clear timer_base::must_forward_clk with timer_base::lock held
misc: ti-st: Fix memory leak in the error path of probe()
uio: potential double frees if __uio_register_device() fails
tty: rocket: Fix possible buffer overwrite on register_PCI
f2fs: do not set free of current section
perf tools: Allow overriding MAX_NR_CPUS at compile time
NFSv4.0 fix client reference leak in callback
macintosh/via-pmu: Add missing mmio accessors
ath9k: report tx status on EOSP
ath9k_hw: fix channel maximum power level test
ath10k: prevent active scans on potential unusable channels
wlcore: Set rx_status boottime_ns field on rx
MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
ata: libahci: Correct setting of DEVSLP register
scsi: 3ware: fix return 0 on the error path of probe
ath10k: disable bundle mgmt tx completion event support
Bluetooth: hidp: Fix handling of strncpy for hid->name information
x86/mm: Remove in_nmi() warning from vmalloc_fault()
gpio: ml-ioh: Fix buffer underwrite on probe error path
net: mvneta: fix mtu change on port without link
f2fs: try grabbing node page lock aggressively in sync scenario
f2fs: fix to skip GC if type in SSA and SIT is inconsistent
tpm_tis_spi: Pass the SPI IRQ down to the driver
tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
f2fs: fix to do sanity check with reserved blkaddr of inline inode
MIPS: Octeon: add missing of_node_put()
MIPS: generic: fix missing of_node_put()
net: dcb: For wild-card lookups, use priority -1, not 0
Input: atmel_mxt_ts - only use first T9 instance
media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions
partitions/aix: append null character to print data from disk
partitions/aix: fix usage of uninitialized lv_info and lvname structures
media: helene: fix xtal frequency setting at power on
f2fs: Fix uninitialized return in f2fs_ioc_shutdown()
iommu/ipmmu-vmsa: Fix allocation in atomic context
mfd: ti_am335x_tscadc: Fix struct clk memory leak
f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
NFSv4.1: Fix a potential layoutget/layoutrecall deadlock
MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON
RDMA/cma: Do not ignore net namespace for unbound cm_id
xhci: Fix use-after-free in xhci_free_virt_device
netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user
mtd: ubi: wl: Fix error return code in ubi_wl_init()
autofs: fix autofs_sbi() does not check super block type
mm: get rid of vmacache_flush_all() entirely
Linux 4.9.128
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Florian Fainelli
|
45ad26e499 |
ethtool: Remove trailing semicolon for static inline
[ Upstream commit d89d41556141a527030a15233135ba622ba3350d ]
Android's header sanitization tool chokes on static inline functions having a
trailing semicolon, leading to an incorrectly parsed header file. While the
tool should obviously be fixed, also fix the header files for the two affected
functions: ethtool_get_flow_spec_ring() and ethtool_get_flow_spec_ring_vf().
Fixes:
|
||
|
Greg Kroah-Hartman
|
f85543ba3c |
Merge 4.9.120 into android-4.9
Changes in 4.9.120 ext4: fix check to prevent initializing reserved inodes tpm: fix race condition in tpm_common_write() parisc: Enable CONFIG_MLONGCALLS by default parisc: Define mb() and add memory barriers to assembler unlock sequences kasan: add no_sanitize attribute for clang builds Mark HI and TASKLET softirq synchronous xen/netfront: don't cache skb_shinfo() ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled init: rename and re-order boot_cpu_state_init() root dentries need RCU-delayed freeing make sure that __dentry_kill() always invalidates d_seq, unhashed or not fix mntput/mntput race fix __legitimize_mnt()/mntput() race proc/sysctl: prune stale dentries during unregistering proc/sysctl: Don't grab i_lock under sysctl_lock. proc: Fix proc_sys_prune_dcache to hold a sb reference IB/core: Make testing MR flags for writability a static inline function IB/mlx4: Mark user MR as writable if actual virtual memory is writable mtd: nand: qcom: Add a NULL check for devm_kasprintf() IB/ocrdma: fix out of bounds access to local buffer ARM: dts: imx6sx: fix irq for pcie bridge x86/paravirt: Fix spectre-v2 mitigations for paravirt guests x86/speculation: Protect against userspace-userspace spectreRSB kprobes/x86: Fix %p uses in error messages x86/irqflags: Provide a declaration for native_save_fl x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT mm: x86: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 x86/speculation/l1tf: Change order of offset/type in swap entry x86/speculation/l1tf: Protect swap entries against L1TF x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation x86/speculation/l1tf: Make sure the first page is always reserved x86/speculation/l1tf: Add sysfs reporting for l1tf x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings x86/speculation/l1tf: Limit swap file size to MAX_PA/2 x86/bugs: Move the l1tf function and define pr_fmt properly x86/smp: Provide topology_is_primary_thread() x86/topology: Provide topology_smt_supported() cpu/hotplug: Make bringup/teardown of smp threads symmetric cpu/hotplug: Split do_cpu_down() cpu/hotplug: Provide knobs to control SMT x86/cpu: Remove the pointless CPU printout x86/cpu/AMD: Remove the pointless detect_ht() call x86/cpu/common: Provide detect_ht_early() x86/cpu/topology: Provide detect_extended_topology_early() x86/cpu/intel: Evaluate smp_num_siblings early x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info x86/cpu/AMD: Evaluate smp_num_siblings early x86/apic: Ignore secondary threads if nosmt=force x86/speculation/l1tf: Extend 64bit swap file size limit x86/cpufeatures: Add detection of L1D cache flush support. x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings x86/speculation/l1tf: Protect PAE swap entries against L1TF x86/speculation/l1tf: Fix up pte->pfn conversion for PAE Revert "x86/apic: Ignore secondary threads if nosmt=force" cpu/hotplug: Boot HT siblings at least once x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present x86/KVM/VMX: Add module argument for L1TF mitigation x86/KVM/VMX: Add L1D flush algorithm x86/KVM/VMX: Add L1D MSR based flush x86/KVM/VMX: Add L1D flush logic kvm: nVMX: Update MSR load counts on a VMCS switch x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers x86/KVM/VMX: Add find_msr() helper function x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required cpu/hotplug: Online siblings when SMT control is turned on x86/litf: Introduce vmx status variable x86/kvm: Drop L1TF MSR list approach x86/l1tf: Handle EPT disabled state proper x86/kvm: Move l1tf setup function x86/kvm: Add static key for flush always x86/kvm: Serialize L1D flush parameter setter x86/kvm: Allow runtime control of L1D flush cpu/hotplug: Expose SMT control init function cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early x86/bugs, kvm: Introduce boot-time control of L1TF mitigations Documentation: Add section about CPU vulnerabilities x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content Documentation/l1tf: Fix typos cpu/hotplug: detect SMT disabled by BIOS x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() x86/irq: Demote irq_cpustat_t::__softirq_pending to u16 x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d x86: Don't include linux/irq.h from asm/hardirq.h x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() Documentation/l1tf: Remove Yonah processors from not vulnerable list KVM: x86: Add a framework for supporting MSR-based features KVM: SVM: Add MSR-based feature support for serializing LFENCE KVM: X86: Introduce kvm_get_msr_feature() KVM: X86: Allow userspace to define the microcode version KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR x86/speculation: Simplify sysfs report of VMX L1TF vulnerability x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry cpu/hotplug: Fix SMT supported evaluation x86/speculation/l1tf: Invert all not present mappings x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert x86/mm/pat: Make set_memory_np() L1TF safe x86/mm/kmmio: Make the tracer robust against L1TF tools headers: Synchronise x86 cpufeatures.h for L1TF additions x86/microcode: Do not upload microcode if CPUs are offline x86/microcode: Allow late microcode loading with SMT disabled x86/smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread cpu/hotplug: Non-SMP machines do not make use of booted_once x86/init: fix build with CONFIG_SWAP=n x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures x86/cpu/amd: Limit cpu_core_id fixup to families older than F17h x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present Linux 4.9.120 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Tom Lendacky
|
62d88fc0fb |
KVM: x86: Add a framework for supporting MSR-based features
commit 801e459a6f3a63af9d447e6249088c76ae16efc4 upstream Provide a new KVM capability that allows bits within MSRs to be recognized as features. Two new ioctls are added to the /dev/kvm ioctl routine to retrieve the list of these MSRs and then retrieve their values. A kvm_x86_ops callback is used to determine support for the listed MSR-based features. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> [Tweaked documentation. - Radim] Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
b7d377b464 |
Merge 4.9.108 into android-4.9
Changes in 4.9.108 tpm: do not suspend/resume if power stays on tpm: self test failure should not cause suspend to fail mmap: introduce sane default mmap limits mmap: relax file size limit for regular files btrfs: define SUPER_FLAG_METADUMP_V2 kconfig: Avoid format overflow warning from GCC 8.1 drm: set FMODE_UNSIGNED_OFFSET for drm files bnx2x: use the right constant dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect() enic: set DMA mask to 47 bit ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds ipv4: remove warning in ip_recv_error isdn: eicon: fix a missing-check bug kcm: Fix use-after-free caused by clonned sockets netdev-FAQ: clarify DaveM's position for stable backports net/packet: refine check for priv area size net: usb: cdc_mbim: add flag FLAG_SEND_ZLP packet: fix reserve calculation qed: Fix mask for physical address in ILT entry sctp: not allow transport timeout value less than HZ/5 for hb_timer team: use netdev_features_t instead of u32 vhost: synchronize IOTLB message with dev cleanup vrf: check the original netdevice for generating redirect net/mlx4: Fix irq-unsafe spinlock usage rtnetlink: validate attributes in do_setlink() net: phy: broadcom: Fix bcm_write_exp() net: metrics: add proper netlink validation KVM: VMX: Expose SSBD properly to guests, 4.9 supplement dm bufio: avoid false-positive Wmaybe-uninitialized warning objtool: Fix gcov check for older versions of GCC complete e390f9a port for v4.9.106 Linux 4.9.108 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Anand Jain
|
8d99eb4573 |
btrfs: define SUPER_FLAG_METADUMP_V2
commit e2731e55884f2138a252b0a3d7b24d57e49c3c59 upstream. btrfs-progs uses super flag bit BTRFS_SUPER_FLAG_METADUMP_V2 (1ULL << 34). So just define that in kernel so that we know its been used. Signed-off-by: Anand Jain <anand.jain@oracle.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
42a730adb6 |
Merge 4.9.107 into android-4.9
Changes in 4.9.107
arm64: lse: Add early clobbers to some input/output asm operands
powerpc/64s: Clear PCR on boot
USB: serial: cp210x: use tcflag_t to fix incompatible pointer type
Revert "pinctrl: msm: Use dynamic GPIO numbering"
xfs: detect agfl count corruption and reset agfl
Revert "ima: limit file hash setting by user to fix and log modes"
Input: elan_i2c_smbus - fix corrupted stack
tracing: Fix crash when freeing instances with event triggers
selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
cfg80211: further limit wiphy names to 64 bytes
dma-buf: remove redundant initialization of sg_table
rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c
ASoC: Intel: sst: remove redundant variable dma_dev_name
platform/chrome: cros_ec_lpc: remove redundant pointer request
x86/amd: revert commit
|
||
|
Eric Biggers
|
fa4724c51a |
cfg80211: further limit wiphy names to 64 bytes
commit 814596495dd2b9d4aab92d8f89cf19060d25d2ea upstream.
wiphy names were recently limited to 128 bytes by commit a7cfebcb7594
("cfg80211: limit wiphy names to 128 bytes"). As it turns out though,
this isn't sufficient because dev_vprintk_emit() needs the syslog header
string "SUBSYSTEM=ieee80211\0DEVICE=+ieee80211:$devname" to fit into 128
bytes. This triggered the "device/subsystem name too long" WARN when
the device name was >= 90 bytes. As before, this was reproduced by
syzbot by sending an HWSIM_CMD_NEW_RADIO command to the MAC80211_HWSIM
generic netlink family.
Fix it by further limiting wiphy names to 64 bytes.
Reported-by: syzbot+e64565577af34b3768dc@syzkaller.appspotmail.com
Fixes: a7cfebcb7594 ("cfg80211: limit wiphy names to 128 bytes")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
9797dcb8c7 |
Merge 4.9.104 into android-4.9
Changes in 4.9.104
MIPS: c-r4k: Fix data corruption related to cache coherence
MIPS: ptrace: Expose FIR register through FP regset
MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
affs_lookup(): close a race with affs_remove_link()
aio: fix io_destroy(2) vs. lookup_ioctx() race
ALSA: timer: Fix pause event notification
do d_instantiate/unlock_new_inode combinations safely
mmc: sdhci-iproc: remove hard coded mmc cap 1.8v
mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
libata: Blacklist some Sandisk SSDs for NCQ
libata: blacklist Micron 500IT SSD with MU01 firmware
xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros
IB/hfi1: Use after free race condition in send context error path
Revert "ipc/shm: Fix shmat mmap nil-page protection"
ipc/shm: fix shmat() nil address after round-down when remapping
kasan: fix memory hotplug during boot
kernel/sys.c: fix potential Spectre v1 issue
kernel/signal.c: avoid undefined behaviour in kill_something_info
KVM/VMX: Expose SSBD properly to guests
KVM: s390: vsie: fix < 8k check for the itdba
KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed
kvm: x86: IA32_ARCH_CAPABILITIES is always supported
firewire-ohci: work around oversized DMA reads on JMicron controllers
x86/tsc: Allow TSC calibration without PIT
NFSv4: always set NFS_LOCK_LOST when a lock is lost.
ALSA: hda - Use IS_REACHABLE() for dependency on input
kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460
tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
PCI: Add function 1 DMA alias quirk for Marvell 9128
Input: psmouse - fix Synaptics detection when protocol is disabled
i40iw: Zero-out consumer key on allocate stag for FMR
tools lib traceevent: Simplify pointer print logic and fix %pF
perf callchain: Fix attr.sample_max_stack setting
tools lib traceevent: Fix get_field_str() for dynamic strings
perf record: Fix failed memory allocation for get_cpuid_str
iommu/vt-d: Use domain instead of cache fetching
dm thin: fix documentation relative to low water mark threshold
net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
nfs: Do not convert nfs_idmap_cache_timeout to jiffies
watchdog: sp5100_tco: Fix watchdog disable bit
kconfig: Don't leak main menus during parsing
kconfig: Fix automatic menu creation mem leak
kconfig: Fix expr_free() E_NOT leak
mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
ipmi/powernv: Fix error return code in ipmi_powernv_probe()
Btrfs: set plug for fsync
btrfs: Fix out of bounds access in btrfs_search_slot
Btrfs: fix scrub to repair raid6 corruption
btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP
HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
fm10k: fix "failed to kill vid" message for VF
device property: Define type of PROPERTY_ENRTY_*() macros
jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
powerpc/numa: Ensure nodes initialized for hotplug
RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
ntb_transport: Fix bug with max_mw_size parameter
gianfar: prevent integer wrapping in the rx handler
tcp_nv: fix potential integer overflow in tcpnv_acked
kvm: Map PFN-type memory regions as writable (if possible)
ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
ocfs2: return error when we attempt to access a dirty bh in jbd2
mm/mempolicy: fix the check of nodemask from user
mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
asm-generic: provide generic_pmdp_establish()
sparc64: update pmdp_invalidate() to return old pmd value
mm: thp: use down_read_trylock() in khugepaged to avoid long block
mm: pin address_space before dereferencing it while isolating an LRU page
mm/fadvise: discard partial page if endbyte is also EOF
openvswitch: Remove padding from packet before L3+ conntrack processing
IB/ipoib: Fix for potential no-carrier state
drm/nouveau/pmu/fuc: don't use movw directly anymore
netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure
x86/power: Fix swsusp_arch_resume prototype
firmware: dmi_scan: Fix handling of empty DMI strings
ACPI: processor_perflib: Do not send _PPC change notification if not ready
ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs
bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
MIPS: generic: Fix machine compatible matching
MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
xen-netfront: Fix race between device setup and open
xen/grant-table: Use put_page instead of free_page
RDS: IB: Fix null pointer issue
arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
proc: fix /proc/*/map_files lookup
cifs: silence compiler warnings showing up with gcc-8.0.0
bcache: properly set task state in bch_writeback_thread()
bcache: fix for allocator and register thread race
bcache: fix for data collapse after re-attaching an attached device
bcache: return attach error when no cache set exist
tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
bpf: fix rlimit in reuseport net selftest
vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page
locking/qspinlock: Ensure node->count is updated before initialising node
irqchip/gic-v3: Ignore disabled ITS nodes
cpumask: Make for_each_cpu_wrap() available on UP as well
irqchip/gic-v3: Change pr_debug message to pr_devel
ARC: Fix malformed ARC_EMUL_UNALIGNED default
ptr_ring: prevent integer overflow when calculating size
libata: Fix compile warning with ATA_DEBUG enabled
selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m
selftests: memfd: add config fragment for fuse
ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
ARM: OMAP3: Fix prm wake interrupt for resume
ARM: OMAP1: clock: Fix debugfs_create_*() usage
ibmvnic: Free RX socket buffer in case of adapter error
iwlwifi: mvm: fix security bug in PN checking
iwlwifi: mvm: always init rs with 20mhz bandwidth rates
NFC: llcp: Limit size of SDP URI
rxrpc: Work around usercopy check
mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
mac80211: fix a possible leak of station stats
mac80211: fix calling sleeping function in atomic context
mac80211: Do not disconnect on invalid operating class
md raid10: fix NULL deference in handle_write_completed()
drm/exynos: g2d: use monotonic timestamps
drm/exynos: fix comparison to bitshift when dealing with a mask
locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
md: raid5: avoid string overflow warning
kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
s390/cio: fix ccw_device_start_timeout API
s390/cio: fix return code after missing interrupt
s390/cio: clear timer when terminating driver I/O
PKCS#7: fix direct verification of SignerInfo signature
ARM: OMAP: Fix dmtimer init for omap1
smsc75xx: fix smsc75xx_set_features()
regulatory: add NUL to request alpha2
integrity/security: fix digsig.c build error with header file
locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations
mac80211: drop frames with unexpected DS bits from fast-rx to slow path
arm64: fix unwind_frame() for filtered out fn for function graph tracing
macvlan: fix use-after-free in macvlan_common_newlink()
kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds
fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
fs: dcache: Use READ_ONCE when accessing i_dir_seq
md: fix a potential deadlock of raid5/raid10 reshape
md/raid1: fix NULL pointer dereference
batman-adv: fix packet checksum in receive path
batman-adv: invalidate checksum on fragment reassembly
netfilter: ebtables: convert BUG_ONs to WARN_ONs
batman-adv: Ignore invalid batadv_iv_gw during netlink send
batman-adv: Ignore invalid batadv_v_gw during netlink send
batman-adv: Fix netlink dumping of BLA claims
batman-adv: Fix netlink dumping of BLA backbones
nvme-pci: Fix nvme queue cleanup if IRQ setup fails
clocksource/drivers/fsl_ftm_timer: Fix error return checking
ceph: fix dentry leak when failing to init debugfs
ARM: orion5x: Revert commit
|
||
|
Toshiaki Makita
|
58df28952c |
net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
[ Upstream commit 4bbb3e0e8239f9079bf1fe20b3c0cb598714ae61 ]
When we have a bridge with vlan_filtering on and a vlan device on top of
it, packets would be corrupted in skb_vlan_untag() called from
br_dev_xmit().
The problem sits in skb_reorder_vlan_header() used in skb_vlan_untag(),
which makes use of skb->mac_len. In this function mac_len is meant for
handling rx path with vlan devices with reorder_header disabled, but in
tx path mac_len is typically 0 and cannot be used, which is the problem
in this case.
The current code even does not properly handle rx path (skb_vlan_untag()
called from __netif_receive_skb_core()) with reorder_header off actually.
In rx path single tag case, it works as follows:
- Before skb_reorder_vlan_header()
mac_header data
v v
+-------------------+-------------+------+----
| ETH | VLAN | ETH |
| ADDRS | TPID | TCI | TYPE |
+-------------------+-------------+------+----
<-------- mac_len --------->
<------------->
to be removed
- After skb_reorder_vlan_header()
mac_header data
v v
+-------------------+------+----
| ETH | ETH |
| ADDRS | TYPE |
+-------------------+------+----
<-------- mac_len --------->
This is ok, but in rx double tag case, it corrupts packets:
- Before skb_reorder_vlan_header()
mac_header data
v v
+-------------------+-------------+-------------+------+----
| ETH | VLAN | VLAN | ETH |
| ADDRS | TPID | TCI | TPID | TCI | TYPE |
+-------------------+-------------+-------------+------+----
<--------------- mac_len ---------------->
<------------->
should be removed
<--------------------------->
actually will be removed
- After skb_reorder_vlan_header()
mac_header data
v v
+-------------------+------+----
| ETH | ETH |
| ADDRS | TYPE |
+-------------------+------+----
<--------------- mac_len ---------------->
So, two of vlan tags are both removed while only inner one should be
removed and mac_header (and mac_len) is broken.
skb_vlan_untag() is meant for removing the vlan header at (skb->data - 2),
so use skb->data and skb->mac_header to calculate the right offset.
Reported-by: Brandon Carpenter <brandon.carpenter@cypherpath.com>
Fixes:
|
||
|
Dave Airlie
|
bc3d7001d8 |
virtio-gpu: fix ioctl and expose the fixed status to userspace.
[ Upstream commit 9a191b114906457c4b2494c474f58ae4142d4e67 ] This exposes to mesa that it can use the fixed ioctl for querying later cap sets, cap set 1 is forever frozen in time. Signed-off-by: Dave Airlie <airlied@redhat.com> Link: http://patchwork.freedesktop.org/patch/msgid/20180221015003.22884-1-airlied@gmail.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
0cecdf8315 |
BACKPORT, FROMLIST: fscrypt: add Speck128/256 support
fscrypt currently only supports AES encryption. However, many low-end mobile devices have older CPUs that don't have AES instructions, e.g. the ARMv8 Cryptography Extensions. Currently, user data on such devices is not encrypted at rest because AES is too slow, even when the NEON bit-sliced implementation of AES is used. Unfortunately, it is infeasible to encrypt these devices at all when AES is the only option. Therefore, this patch updates fscrypt to support the Speck block cipher, which was recently added to the crypto API. The C implementation of Speck is not especially fast, but Speck can be implemented very efficiently with general-purpose vector instructions, e.g. ARM NEON. For example, on an ARMv7 processor, we measured the NEON-accelerated Speck128/256-XTS at 69 MB/s for both encryption and decryption, while AES-256-XTS with the NEON bit-sliced implementation was only 22 MB/s encryption and 19 MB/s decryption. There are multiple variants of Speck. This patch only adds support for Speck128/256, which is the variant with a 128-bit block size and 256-bit key size -- the same as AES-256. This is believed to be the most secure variant of Speck, and it's only about 6% slower than Speck128/128. Speck64/128 would be at least 20% faster because it has 20% rounds, and it can be even faster on CPUs that can't efficiently do the 64-bit operations needed for Speck128. However, Speck64's 64-bit block size is not preferred security-wise. ARM NEON also supports the needed 64-bit operations even on 32-bit CPUs, resulting in Speck128 being fast enough for our targeted use cases so far. The chosen modes of operation are XTS for contents and CTS-CBC for filenames. These are the same modes of operation that fscrypt defaults to for AES. Note that as with the other fscrypt modes, Speck will not be used unless userspace chooses to use it. Nor are any of the existing modes (which are all AES-based) being removed, of course. We intentionally don't make CONFIG_FS_ENCRYPTION select CONFIG_CRYPTO_SPECK, so people will have to enable Speck support themselves if they need it. This is because we shouldn't bloat the FS_ENCRYPTION dependencies with every new cipher, especially ones that aren't recommended for most users. Moreover, CRYPTO_SPECK is just the generic implementation, which won't be fast enough for many users; in practice, they'll need to enable CRYPTO_SPECK_NEON to get acceptable performance. More details about our choice of Speck can be found in our patches that added Speck to the crypto API, and the follow-on discussion threads. We're planning a publication that explains the choice in more detail. But briefly, we can't use ChaCha20 as we previously proposed, since it would be insecure to use a stream cipher in this context, with potential IV reuse during writes on f2fs and/or on wear-leveling flash storage. We also evaluated many other lightweight and/or ARX-based block ciphers such as Chaskey-LTS, RC5, LEA, CHAM, Threefish, RC6, NOEKEON, SPARX, and XTEA. However, all had disadvantages vs. Speck, such as insufficient performance with NEON, much less published cryptanalysis, or an insufficient security level. Various design choices in Speck make it perform better with NEON than competing ciphers while still having a security margin similar to AES, and in the case of Speck128 also the same available security levels. Unfortunately, Speck does have some political baggage attached -- it's an NSA designed cipher, and was rejected from an ISO standard (though for context, as far as I know none of the above-mentioned alternatives are ISO standards either). Nevertheless, we believe it is a good solution to the problem from a technical perspective. Certain algorithms constructed from ChaCha or the ChaCha permutation, such as MEM (Masked Even-Mansour) or HPolyC, may also meet our performance requirements. However, these are new constructions that need more time to receive the cryptographic review and acceptance needed to be confident in their security. HPolyC hasn't been published yet, and we are concerned that MEM makes stronger assumptions about the underlying permutation than the ChaCha stream cipher does. In contrast, the XTS mode of operation is relatively well accepted, and Speck has over 70 cryptanalysis papers. Of course, these ChaCha-based algorithms can still be added later if they become ready. The best known attack on Speck128/256 is a differential cryptanalysis attack on 25 of 34 rounds with 2^253 time complexity and 2^125 chosen plaintexts, i.e. only marginally faster than brute force. There is no known attack on the full 34 rounds. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> (cherry-picked from commit 12d28f79558f2e987c5f3817f89e1ccc0f11a7b5 https://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt.git master) (dropped Documentation/filesystems/fscrypt.rst change) (fixed merge conflict in fs/crypto/keyinfo.c) Change-Id: I62c632044dfd06a2c5b74c2fb058f9c3b8af0add Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Greg Kroah-Hartman
|
70c65e471b |
Merge 4.9.103 into android-4.9
Changes in 4.9.103 net/mlx4_core: Fix error handling in mlx4_init_port_info. net: test tailroom before appending to linear skb packet: in packet_snd start writing at link layer allocation sock_diag: fix use-after-free read in __sk_free tcp: purge write queue in tcp_connect_init() vmxnet3: set the DMA mask before the first DMA map operation vmxnet3: use DMA memory barriers where required ext2: fix a block leak s390: add assembler macros for CPU alternatives s390: move expoline assembler macros to a header s390/crc32-vx: use expoline for indirect branches s390/lib: use expoline for indirect branches s390/ftrace: use expoline for indirect branches s390/kernel: use expoline for indirect branches s390: move spectre sysfs attribute code s390: extend expoline to BC instructions s390: use expoline thunks in the BPF JIT scsi: libsas: defer ata device eh commands to libata scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() scsi: zfcp: fix infinite iteration on ERP ready list cfg80211: limit wiphy names to 128 bytes hfsplus: stop workqueue when fill_super() failed x86/kexec: Avoid double free_page() upon do_kexec_load() failure usb: gadget: f_uac2: fix bFirstInterface in composite gadget usb: dwc3: Undo PHY init if soft reset fails usb: dwc3: omap: don't miss events during suspend/resume usb: gadget: core: Fix use-after-free of usb_request usb: gadget: fsl_udc_core: fix ep valid checks usb: dwc2: Fix dwc2_hsotg_core_init_disconnected() usb: cdc_acm: prevent race at write to acm while system resumes USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM net/usb/qmi_wwan.c: Add USB id for lt4120 modem net-usb: add qmi_wwan if on lte modem wistron neweb d18q1 Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB ALSA: usb-audio: Add native DSD support for Luxman DA-06 usb: dwc3: Add SoftReset PHY synchonization delay usb: dwc3: Update DWC_usb31 GTXFIFOSIZ reg fields xhci: zero usb device slot_id member when disabling and freeing a xhci slot usb: dwc2: Fix interval type issue usb: dwc2: host: Fix transaction errors in host mode usb: gadget: ffs: Let setup() return USB_GADGET_DELAYED_STATUS usb: gadget: ffs: Execute copy_to_user() with USER_DS set usb: gadget: udc: change comparison to bitshift when dealing with a mask usb: gadget: composite: fix incorrect handling of OS desc requests media: em28xx: USB bulk packet size fix Bluetooth: btusb: Add device ID for RTL8822BE staging: lustre: fix bug in osc_enter_cache_try staging: rtl8192u: return -ENOMEM on failed allocation of priv->oldaddr staging: lustre: lmv: correctly iput lmo_root crypto: sunxi-ss - Add MODULE_ALIAS to sun4i-ss scsi: fas216: fix sense buffer initialization scsi: ufs: Enable quirk to ignore sending WRITE_SAME command scsi: bnx2fc: Fix check in SCSI completion handler for timed out request scsi: sym53c8xx_2: iterator underflow in sym_getsync() scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() scsi: storvsc: Increase cmd_per_lun for higher speed devices scsi: aacraid: fix shutdown crash when init fails scsi: qla4xxx: skip error recovery in case of register disconnect. scsi: mpt3sas: Do not mark fw_event workqueue as WQ_MEM_RECLAIM scsi: sd: Keep disk read-only when re-reading partition scsi: aacraid: Insure command thread is not recursively stopped scsi: mvsas: fix wrong endianness of sgpio api scsi: lpfc: Fix issue_lip if link is disabled scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing scsi: lpfc: Fix frequency of Release WQE CQEs ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() ASoC: topology: create TLV data for dapm widgets ASoC: samsung: i2s: Ensure the RCLK rate is properly determined clk: rockchip: Fix wrong parent for SDMMC phase clock for rk3228 clk: Don't show the incorrect clock phase clk: tegra: Fix pll_u rate configuration media: cx23885: Set subdev host data to clk_freq pointer clk: rockchip: Prevent calculating mmc phase if clock rate is zero clk: samsung: s3c2410: Fix PLL rates clk: samsung: exynos7: Fix PLL rates clk: samsung: exynos5260: Fix PLL rates clk: samsung: exynos5433: Fix PLL rates clk: samsung: exynos5250: Fix PLL rates clk: samsung: exynos3250: Fix PLL rates media: dmxdev: fix error code for invalid ioctls media: cx23885: Override 888 ImpactVCBe crystal frequency media: s3c-camif: fix out-of-bounds array access media: vb2: Fix videobuf2 to map correct area media: vivid: fix incorrect capabilities for radio media: cx25821: prevent out-of-bounds read on array card serial: xuartps: Fix out-of-bounds access through DT alias serial: samsung: Fix out-of-bounds access through serial port index serial: mxs-auart: Fix out-of-bounds access through serial port index serial: imx: Fix out-of-bounds access through serial port index serial: fsl_lpuart: Fix out-of-bounds access through DT alias serial: arc_uart: Fix out-of-bounds access through DT alias serial: 8250: Don't service RX FIFO if interrupts are disabled rtc: snvs: Fix usage of snvs_rtc_enable rtc: hctosys: Ensure system time doesn't overflow time_t rtc: tx4939: avoid unintended sign extension on a 24 bit shift Linux 4.9.103 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Johannes Berg
|
7d73a8c07d |
cfg80211: limit wiphy names to 128 bytes
commit a7cfebcb7594a24609268f91299ab85ba064bf82 upstream. There's currently no limit on wiphy names, other than netlink message size and memory limitations, but that causes issues when, for example, the wiphy name is used in a uevent, e.g. in rfkill where we use the same name for the rfkill instance, and then the buffer there is "only" 2k for the environment variables. This was reported by syzkaller, which used a 4k name. Limit the name to something reasonable, I randomly picked 128. Reported-by: syzbot+230d9e642a85d3fec29c@syzkaller.appspotmail.com Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
9c3041c524 |
Merge 4.9.102 into android-4.9
Changes in 4.9.102
usbip: usbip_host: refine probe and disconnect debug msgs to be useful
usbip: usbip_host: delete device from busid_table after rebind
usbip: usbip_host: run rebind from exit when module is removed
usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
usbip: usbip_host: fix bad unlock balance during stub_probe()
ALSA: usb: mixer: volume quirk for CM102-A+/102S+
ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
ALSA: control: fix a redundant-copy issue
spi: pxa2xx: Allow 64-bit DMA
spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master
spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL
KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock
powerpc: Don't preempt_disable() in show_cpuinfo()
signals: avoid unnecessary taking of sighand->siglock
tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
netfilter: nf_tables: can't fail after linking rule into active rule list
i2c: designware: fix poll-after-enable regression
powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
mm: don't allow deferred pages with NEED_PER_CPU_KM
s390/qdio: fix access to uninitialized qdio_q fields
s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
s390/qdio: don't release memory in qdio_setup_irq()
s390: remove indirect branch from do_softirq_own_stack
x86/pkeys: Override pkey when moving away from PROT_EXEC
x86/pkeys: Do not special case protection key 0
efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
tick/broadcast: Use for_each_cpu() specially on UP kernels
ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
Btrfs: fix xattr loss after power failure
btrfs: fix crash when trying to resume balance without the resume flag
x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen
btrfs: fix reading stale metadata blocks after degraded raid1 mounts
x86/nospec: Simplify alternative_msr_write()
x86/bugs: Concentrate bug detection into a separate function
x86/bugs: Concentrate bug reporting into a separate function
x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
x86/bugs, KVM: Support the combination of guest and host IBRS
x86/bugs: Expose /sys/../spec_store_bypass
x86/cpufeatures: Add X86_FEATURE_RDS
x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation
x86/bugs/intel: Set proper CPU features and setup RDS
x86/bugs: Whitelist allowed SPEC_CTRL MSR values
x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
x86/speculation: Create spec-ctrl.h to avoid include hell
prctl: Add speculation control prctls
x86/process: Optimize TIF checks in __switch_to_xtra()
x86/process: Correct and optimize TIF_BLOCKSTEP switch
x86/process: Optimize TIF_NOTSC switch
x86/process: Allow runtime control of Speculative Store Bypass
x86/speculation: Add prctl for Speculative Store Bypass mitigation
nospec: Allow getting/setting on non-current task
proc: Provide details on speculation flaw mitigations
seccomp: Enable speculation flaw mitigations
x86/bugs: Make boot modes __ro_after_init
prctl: Add force disable speculation
seccomp: Use PR_SPEC_FORCE_DISABLE
seccomp: Add filter flag to opt-out of SSB mitigation
seccomp: Move speculation migitation control to arch code
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
x86/bugs: Rename _RDS to _SSBD
proc: Use underscores for SSBD in 'status'
Documentation/spec_ctrl: Do some minor cleanups
x86/bugs: Fix __ssb_select_mitigation() return type
x86/bugs: Make cpu_show_common() static
x86/bugs: Fix the parameters alignment and missing void
x86/cpu: Make alternative_msr_write work for 32-bit code
KVM: SVM: Move spec control call after restore of GS
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
x86/cpufeatures: Disentangle SSBD enumeration
x86/cpu/AMD: Fix erratum 1076 (CPB bit)
x86/cpufeatures: Add FEATURE_ZEN
x86/speculation: Handle HT correctly on AMD
x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
x86/speculation: Add virtualized speculative store bypass disable support
x86/speculation: Rework speculative_store_bypass_update()
x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
x86/bugs: Expose x86_spec_ctrl_base directly
x86/bugs: Remove x86_spec_ctrl_set()
x86/bugs: Rework spec_ctrl base and mask logic
x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
x86/bugs: Rename SSBD_NO to SSB_NO
Linux 4.9.102
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Kees Cook
|
ab677c2add |
seccomp: Add filter flag to opt-out of SSB mitigation
commit 00a02d0c502a06d15e07b857f8ff921e3e402675 upstream If a seccomp user is not interested in Speculative Store Bypass mitigation by default, it can set the new SECCOMP_FILTER_FLAG_SPEC_ALLOW flag when adding filters. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Thomas Gleixner
|
036608d62a |
prctl: Add force disable speculation
commit 356e4bfff2c5489e016fdb925adbf12a1e3950ee upstream For certain use cases it is desired to enforce mitigations so they cannot be undone afterwards. That's important for loader stubs which want to prevent a child from disabling the mitigation again. Will also be used for seccomp(). The extra state preserving of the prctl state for SSB is a preparatory step for EBPF dymanic speculation control. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |