1. 28 Dec, 2018 23 commits
    • Andrey Konovalov's avatar
      kasan, arm64: enable top byte ignore for the kernel · 21696c16
      Andrey Konovalov authored
      Tag-based KASAN uses the Top Byte Ignore feature of arm64 CPUs to store a
      pointer tag in the top byte of each pointer.  This commit enables the
      TCR_TBI1 bit, which enables Top Byte Ignore for the kernel, when tag-based
      KASAN is used.
      
      Link: http://lkml.kernel.org/r/f51eca084c8cdb2f3a55195fe342dc8953b7aead.1544099024.git.andreyknvl@google.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Reviewed-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Reviewed-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Acked-by: default avatarWill Deacon <will.deacon@arm.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      21696c16
    • Andrey Konovalov's avatar
      kasan, arm64: fix up fault handling logic · 356607f2
      Andrey Konovalov authored
      Right now arm64 fault handling code removes pointer tags from addresses
      covered by TTBR0 in faults taken from both EL0 and EL1, but doesn't do
      that for pointers covered by TTBR1.
      
      This patch adds two helper functions is_ttbr0_addr() and is_ttbr1_addr(),
      where the latter one accounts for the fact that TTBR1 pointers might be
      tagged when tag-based KASAN is in use, and uses these helper functions to
      perform pointer checks in arch/arm64/mm/fault.c.
      
      Link: http://lkml.kernel.org/r/3f349b0e9e48b5df3298a6b4ae0634332274494a.1544099024.git.andreyknvl@google.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Suggested-by: default avatarMark Rutland <mark.rutland@arm.com>
      Acked-by: default avatarWill Deacon <will.deacon@arm.com>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      356607f2
    • Andrey Konovalov's avatar
      kasan: preassign tags to objects with ctors or SLAB_TYPESAFE_BY_RCU · 4d176711
      Andrey Konovalov authored
      An object constructor can initialize pointers within this objects based on
      the address of the object.  Since the object address might be tagged, we
      need to assign a tag before calling constructor.
      
      The implemented approach is to assign tags to objects with constructors
      when a slab is allocated and call constructors once as usual.  The
      downside is that such object would always have the same tag when it is
      reallocated, so we won't catch use-after-frees on it.
      
      Also pressign tags for objects from SLAB_TYPESAFE_BY_RCU caches, since
      they can be validy accessed after having been freed.
      
      Link: http://lkml.kernel.org/r/f158a8a74a031d66f0a9398a5b0ed453c37ba09a.1544099024.git.andreyknvl@google.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Reviewed-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Reviewed-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4d176711
    • Andrey Konovalov's avatar
      kasan, arm64: untag address in _virt_addr_is_linear · e71fe3f9
      Andrey Konovalov authored
      virt_addr_is_linear (which is used by virt_addr_valid) assumes that the
      top byte of the address is 0xff, which isn't always the case with
      tag-based KASAN.
      
      This patch resets the tag in this macro.
      
      Link: http://lkml.kernel.org/r/df73a37dd5ed37f4deaf77bc718e9f2e590e69b1.1544099024.git.andreyknvl@google.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Reviewed-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Reviewed-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Acked-by: default avatarWill Deacon <will.deacon@arm.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      e71fe3f9
    • Andrey Konovalov's avatar
      kasan: add tag related helper functions · 3c9e3aa1
      Andrey Konovalov authored
      This commit adds a few helper functions, that are meant to be used to work
      with tags embedded in the top byte of kernel pointers: to set, to get or
      to reset the top byte.
      
      Link: http://lkml.kernel.org/r/f6c6437bb8e143bc44f42c3c259c62e734be7935.1544099024.git.andreyknvl@google.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3c9e3aa1
    • Andrey Konovalov's avatar
      arm64: move untagged_addr macro from uaccess.h to memory.h · 9c23f847
      Andrey Konovalov authored
      Move the untagged_addr() macro from arch/arm64/include/asm/uaccess.h
      to arch/arm64/include/asm/memory.h to be later reused by KASAN.
      
      Also make the untagged_addr() macro accept all kinds of address types
      (void *, unsigned long, etc.). This allows not to specify type casts in
      each place where the macro is used. This is done by using __typeof__.
      
      Link: http://lkml.kernel.org/r/2e9ef8d2ed594106eca514b268365b5419113f6a.1544099024.git.andreyknvl@google.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Acked-by: default avatarMark Rutland <mark.rutland@arm.com>
      Acked-by: default avatarWill Deacon <will.deacon@arm.com>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9c23f847
    • Andrey Konovalov's avatar
      kasan: initialize shadow to 0xff for tag-based mode · 080eb83f
      Andrey Konovalov authored
      A tag-based KASAN shadow memory cell contains a memory tag, that
      corresponds to the tag in the top byte of the pointer, that points to that
      memory.  The native top byte value of kernel pointers is 0xff, so with
      tag-based KASAN we need to initialize shadow memory to 0xff.
      
      [cai@lca.pw: arm64: skip kmemleak for KASAN again\
        Link: http://lkml.kernel.org/r/20181226020550.63712-1-cai@lca.pw
      Link: http://lkml.kernel.org/r/5cc1b789aad7c99cf4f3ec5b328b147ad53edb40.1544099024.git.andreyknvl@google.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Reviewed-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Reviewed-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      080eb83f
    • Andrey Konovalov's avatar
      kasan: rename kasan_zero_page to kasan_early_shadow_page · 9577dd74
      Andrey Konovalov authored
      With tag based KASAN mode the early shadow value is 0xff and not 0x00, so
      this patch renames kasan_zero_(page|pte|pmd|pud|p4d) to
      kasan_early_shadow_(page|pte|pmd|pud|p4d) to avoid confusion.
      
      Link: http://lkml.kernel.org/r/3fed313280ebf4f88645f5b89ccbc066d320e177.1544099024.git.andreyknvl@google.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Suggested-by: default avatarMark Rutland <mark.rutland@arm.com>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9577dd74
    • Andrey Konovalov's avatar
      kasan, arm64: adjust shadow size for tag-based mode · b2f557ea
      Andrey Konovalov authored
      Tag-based KASAN uses 1 shadow byte for 16 bytes of kernel memory, so it
      requires 1/16th of the kernel virtual address space for the shadow memory.
      
      This commit sets KASAN_SHADOW_SCALE_SHIFT to 4 when the tag-based KASAN
      mode is enabled.
      
      Link: http://lkml.kernel.org/r/308b6bd49f756bb5e533be93c6f085ba99b30339.1544099024.git.andreyknvl@google.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Reviewed-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Reviewed-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Acked-by: default avatarWill Deacon <will.deacon@arm.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b2f557ea
    • Andrey Konovalov's avatar
      kasan: add CONFIG_KASAN_GENERIC and CONFIG_KASAN_SW_TAGS · 2bd926b4
      Andrey Konovalov authored
      This commit splits the current CONFIG_KASAN config option into two:
      1. CONFIG_KASAN_GENERIC, that enables the generic KASAN mode (the one
         that exists now);
      2. CONFIG_KASAN_SW_TAGS, that enables the software tag-based KASAN mode.
      
      The name CONFIG_KASAN_SW_TAGS is chosen as in the future we will have
      another hardware tag-based KASAN mode, that will rely on hardware memory
      tagging support in arm64.
      
      With CONFIG_KASAN_SW_TAGS enabled, compiler options are changed to
      instrument kernel files with -fsantize=kernel-hwaddress (except the ones
      for which KASAN_SANITIZE := n is set).
      
      Both CONFIG_KASAN_GENERIC and CONFIG_KASAN_SW_TAGS support both
      CONFIG_KASAN_INLINE and CONFIG_KASAN_OUTLINE instrumentation modes.
      
      This commit also adds empty placeholder (for now) implementation of
      tag-based KASAN specific hooks inserted by the compiler and adjusts
      common hooks implementation.
      
      While this commit adds the CONFIG_KASAN_SW_TAGS config option, this option
      is not selectable, as it depends on HAVE_ARCH_KASAN_SW_TAGS, which we will
      enable once all the infrastracture code has been added.
      
      Link: http://lkml.kernel.org/r/b2550106eb8a68b10fefbabce820910b115aa853.1544099024.git.andreyknvl@google.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Reviewed-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Reviewed-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      2bd926b4
    • Andrey Konovalov's avatar
      kasan: rename source files to reflect the new naming scheme · b938fcf4
      Andrey Konovalov authored
      We now have two KASAN modes: generic KASAN and tag-based KASAN.  Rename
      kasan.c to generic.c to reflect that.  Also rename kasan_init.c to init.c
      as it contains initialization code for both KASAN modes.
      
      Link: http://lkml.kernel.org/r/88c6fd2a883e459e6242030497230e5fb0d44d44.1544099024.git.andreyknvl@google.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Reviewed-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Reviewed-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b938fcf4
    • Andrey Konovalov's avatar
      kasan: move common generic and tag-based code to common.c · bffa986c
      Andrey Konovalov authored
      Tag-based KASAN reuses a significant part of the generic KASAN code, so
      move the common parts to common.c without any functional changes.
      
      Link: http://lkml.kernel.org/r/114064d002356e03bb8cc91f7835e20dc61b51d9.1544099024.git.andreyknvl@google.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Reviewed-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Reviewed-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      bffa986c
    • Andrey Konovalov's avatar
      kasan, slub: handle pointer tags in early_kmem_cache_node_alloc · 12b22386
      Andrey Konovalov authored
      The previous patch updated KASAN hooks signatures and their usage in SLAB
      and SLUB code, except for the early_kmem_cache_node_alloc function.  This
      patch handles that function separately, as it requires to reorder some of
      the initialization code to correctly propagate a tagged pointer in case a
      tag is assigned by kasan_kmalloc.
      
      Link: http://lkml.kernel.org/r/fc8d0fdcf733a7a52e8d0daaa650f4736a57de8c.1544099024.git.andreyknvl@google.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      12b22386
    • Andrey Konovalov's avatar
      kasan, mm: change hooks signatures · 0116523c
      Andrey Konovalov authored
      Patch series "kasan: add software tag-based mode for arm64", v13.
      
      This patchset adds a new software tag-based mode to KASAN [1].  (Initially
      this mode was called KHWASAN, but it got renamed, see the naming rationale
      at the end of this section).
      
      The plan is to implement HWASan [2] for the kernel with the incentive,
      that it's going to have comparable to KASAN performance, but in the same
      time consume much less memory, trading that off for somewhat imprecise bug
      detection and being supported only for arm64.
      
      The underlying ideas of the approach used by software tag-based KASAN are:
      
      1. By using the Top Byte Ignore (TBI) arm64 CPU feature, we can store
         pointer tags in the top byte of each kernel pointer.
      
      2. Using shadow memory, we can store memory tags for each chunk of kernel
         memory.
      
      3. On each memory allocation, we can generate a random tag, embed it into
         the returned pointer and set the memory tags that correspond to this
         chunk of memory to the same value.
      
      4. By using compiler instrumentation, before each memory access we can add
         a check that the pointer tag matches the tag of the memory that is being
         accessed.
      
      5. On a tag mismatch we report an error.
      
      With this patchset the existing KASAN mode gets renamed to generic KASAN,
      with the word "generic" meaning that the implementation can be supported
      by any architecture as it is purely software.
      
      The new mode this patchset adds is called software tag-based KASAN.  The
      word "tag-based" refers to the fact that this mode uses tags embedded into
      the top byte of kernel pointers and the TBI arm64 CPU feature that allows
      to dereference such pointers.  The word "software" here means that shadow
      memory manipulation and tag checking on pointer dereference is done in
      software.  As it is the only tag-based implementation right now, "software
      tag-based" KASAN is sometimes referred to as simply "tag-based" in this
      patchset.
      
      A potential expansion of this mode is a hardware tag-based mode, which
      would use hardware memory tagging support (announced by Arm [3]) instead
      of compiler instrumentation and manual shadow memory manipulation.
      
      Same as generic KASAN, software tag-based KASAN is strictly a debugging
      feature.
      
      [1] https://www.kernel.org/doc/html/latest/dev-tools/kasan.html
      
      [2] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
      
      [3] https://community.arm.com/processors/b/blog/posts/arm-a-profile-architecture-2018-developments-armv85a
      
      ====== Rationale
      
      On mobile devices generic KASAN's memory usage is significant problem.
      One of the main reasons to have tag-based KASAN is to be able to perform a
      similar set of checks as the generic one does, but with lower memory
      requirements.
      
      Comment from Vishwath Mohan <vishwath@google.com>:
      
      I don't have data on-hand, but anecdotally both ASAN and KASAN have proven
      problematic to enable for environments that don't tolerate the increased
      memory pressure well.  This includes
      
      (a) Low-memory form factors - Wear, TV, Things, lower-tier phones like Go,
      (c) Connected components like Pixel's visual core [1].
      
      These are both places I'd love to have a low(er) memory footprint option at
      my disposal.
      
      Comment from Evgenii Stepanov <eugenis@google.com>:
      
      Looking at a live Android device under load, slab (according to
      /proc/meminfo) + kernel stack take 8-10% available RAM (~350MB).  KASAN's
      overhead of 2x - 3x on top of it is not insignificant.
      
      Not having this overhead enables near-production use - ex.  running
      KASAN/KHWASAN kernel on a personal, daily-use device to catch bugs that do
      not reproduce in test configuration.  These are the ones that often cost
      the most engineering time to track down.
      
      CPU overhead is bad, but generally tolerable.  RAM is critical, in our
      experience.  Once it gets low enough, OOM-killer makes your life
      miserable.
      
      [1] https://www.blog.google/products/pixel/pixel-visual-core-image-processing-and-machine-learning-pixel-2/
      
      ====== Technical details
      
      Software tag-based KASAN mode is implemented in a very similar way to the
      generic one. This patchset essentially does the following:
      
      1. TCR_TBI1 is set to enable Top Byte Ignore.
      
      2. Shadow memory is used (with a different scale, 1:16, so each shadow
         byte corresponds to 16 bytes of kernel memory) to store memory tags.
      
      3. All slab objects are aligned to shadow scale, which is 16 bytes.
      
      4. All pointers returned from the slab allocator are tagged with a random
         tag and the corresponding shadow memory is poisoned with the same value.
      
      5. Compiler instrumentation is used to insert tag checks. Either by
         calling callbacks or by inlining them (CONFIG_KASAN_OUTLINE and
         CONFIG_KASAN_INLINE flags are reused).
      
      6. When a tag mismatch is detected in callback instrumentation mode
         KASAN simply prints a bug report. In case of inline instrumentation,
         clang inserts a brk instruction, and KASAN has it's own brk handler,
         which reports the bug.
      
      7. The memory in between slab objects is marked with a reserved tag, and
         acts as a redzone.
      
      8. When a slab object is freed it's marked with a reserved tag.
      
      Bug detection is imprecise for two reasons:
      
      1. We won't catch some small out-of-bounds accesses, that fall into the
         same shadow cell, as the last byte of a slab object.
      
      2. We only have 1 byte to store tags, which means we have a 1/256
         probability of a tag match for an incorrect access (actually even
         slightly less due to reserved tag values).
      
      Despite that there's a particular type of bugs that tag-based KASAN can
      detect compared to generic KASAN: use-after-free after the object has been
      allocated by someone else.
      
      ====== Testing
      
      Some kernel developers voiced a concern that changing the top byte of
      kernel pointers may lead to subtle bugs that are difficult to discover.
      To address this concern deliberate testing has been performed.
      
      It doesn't seem feasible to do some kind of static checking to find
      potential issues with pointer tagging, so a dynamic approach was taken.
      All pointer comparisons/subtractions have been instrumented in an LLVM
      compiler pass and a kernel module that would print a bug report whenever
      two pointers with different tags are being compared/subtracted (ignoring
      comparisons with NULL pointers and with pointers obtained by casting an
      error code to a pointer type) has been used.  Then the kernel has been
      booted in QEMU and on an Odroid C2 board and syzkaller has been run.
      
      This yielded the following results.
      
      The two places that look interesting are:
      
      is_vmalloc_addr in include/linux/mm.h
      is_kernel_rodata in mm/util.c
      
      Here we compare a pointer with some fixed untagged values to make sure
      that the pointer lies in a particular part of the kernel address space.
      Since tag-based KASAN doesn't add tags to pointers that belong to rodata
      or vmalloc regions, this should work as is.  To make sure debug checks to
      those two functions that check that the result doesn't change whether we
      operate on pointers with or without untagging has been added.
      
      A few other cases that don't look that interesting:
      
      Comparing pointers to achieve unique sorting order of pointee objects
      (e.g. sorting locks addresses before performing a double lock):
      
      tty_ldisc_lock_pair_timeout in drivers/tty/tty_ldisc.c
      pipe_double_lock in fs/pipe.c
      unix_state_double_lock in net/unix/af_unix.c
      lock_two_nondirectories in fs/inode.c
      mutex_lock_double in kernel/events/core.c
      
      ep_cmp_ffd in fs/eventpoll.c
      fsnotify_compare_groups fs/notify/mark.c
      
      Nothing needs to be done here, since the tags embedded into pointers
      don't change, so the sorting order would still be unique.
      
      Checks that a pointer belongs to some particular allocation:
      
      is_sibling_entry in lib/radix-tree.c
      object_is_on_stack in include/linux/sched/task_stack.h
      
      Nothing needs to be done here either, since two pointers can only belong
      to the same allocation if they have the same tag.
      
      Overall, since the kernel boots and works, there are no critical bugs.
      As for the rest, the traditional kernel testing way (use until fails) is
      the only one that looks feasible.
      
      Another point here is that tag-based KASAN is available under a separate
      config option that needs to be deliberately enabled. Even though it might
      be used in a "near-production" environment to find bugs that are not found
      during fuzzing or running tests, it is still a debug tool.
      
      ====== Benchmarks
      
      The following numbers were collected on Odroid C2 board. Both generic and
      tag-based KASAN were used in inline instrumentation mode.
      
      Boot time [1]:
      * ~1.7 sec for clean kernel
      * ~5.0 sec for generic KASAN
      * ~5.0 sec for tag-based KASAN
      
      Network performance [2]:
      * 8.33 Gbits/sec for clean kernel
      * 3.17 Gbits/sec for generic KASAN
      * 2.85 Gbits/sec for tag-based KASAN
      
      Slab memory usage after boot [3]:
      * ~40 kb for clean kernel
      * ~105 kb (~260% overhead) for generic KASAN
      * ~47 kb (~20% overhead) for tag-based KASAN
      
      KASAN memory overhead consists of three main parts:
      1. Increased slab memory usage due to redzones.
      2. Shadow memory (the whole reserved once during boot).
      3. Quaratine (grows gradually until some preset limit; the more the limit,
         the more the chance to detect a use-after-free).
      
      Comparing tag-based vs generic KASAN for each of these points:
      1. 20% vs 260% overhead.
      2. 1/16th vs 1/8th of physical memory.
      3. Tag-based KASAN doesn't require quarantine.
      
      [1] Time before the ext4 driver is initialized.
      [2] Measured as `iperf -s & iperf -c 127.0.0.1 -t 30`.
      [3] Measured as `cat /proc/meminfo | grep Slab`.
      
      ====== Some notes
      
      A few notes:
      
      1. The patchset can be found here:
         https://github.com/xairy/kasan-prototype/tree/khwasan
      
      2. Building requires a recent Clang version (7.0.0 or later).
      
      3. Stack instrumentation is not supported yet and will be added later.
      
      This patch (of 25):
      
      Tag-based KASAN changes the value of the top byte of pointers returned
      from the kernel allocation functions (such as kmalloc).  This patch
      updates KASAN hooks signatures and their usage in SLAB and SLUB code to
      reflect that.
      
      Link: http://lkml.kernel.org/r/aec2b5e3973781ff8a6bb6760f8543643202c451.1544099024.git.andreyknvl@google.comSigned-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Reviewed-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Reviewed-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0116523c
    • Linus Torvalds's avatar
      Merge tag 'locks-v4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux · 00c569b5
      Linus Torvalds authored
      Pull file locking updates from Jeff Layton:
       "The main change in this set is Neil Brown's work to reduce the
        thundering herd problem when a heavily-contended file lock is
        released.
      
        Previously we'd always wake up all waiters when this occurred. With
        this set, we'll now we only wake up waiters that were blocked on the
        range being released"
      
      * tag 'locks-v4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux:
        locks: Use inode_is_open_for_write
        fs/locks: remove unnecessary white space.
        fs/locks: merge posix_unblock_lock() and locks_delete_block()
        fs/locks: create a tree of dependent requests.
        fs/locks: change all *_conflict() functions to return bool.
        fs/locks: always delete_block after waiting.
        fs/locks: allow a lock request to block other requests.
        fs/locks: use properly initialized file_lock when unlocking.
        ocfs2: properly initial file_lock used for unlock.
        gfs2: properly initial file_lock used for unlock.
        NFS: use locks_copy_lock() to copy locks.
        fs/locks: split out __locks_wake_up_blocks().
        fs/locks: rename some lists and pointers.
      00c569b5
    • Linus Torvalds's avatar
      Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · f6b1495f
      Linus Torvalds authored
      Pull ext4 updates from Ted Ts'o:
       "All cleanups and bug fixes; most notably, fix some problems discovered
        in ext4's NFS support, and fix an ioctl (EXT4_IOC_GROUP_ADD) used by
        old versions of e2fsprogs which we accidentally broke a while back.
      
        Also fixed some error paths in ext4's quota and inline data support.
      
        Finally, improve tail latency in jbd2's commit code"
      
      * tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: check for shutdown and r/o file system in ext4_write_inode()
        ext4: force inode writes when nfsd calls commit_metadata()
        ext4: avoid declaring fs inconsistent due to invalid file handles
        ext4: include terminating u32 in size of xattr entries when expanding inodes
        ext4: compare old and new mode before setting update_mode flag
        ext4: fix EXT4_IOC_GROUP_ADD ioctl
        ext4: hard fail dax mount on unsupported devices
        jbd2: update locking documentation for transaction_t
        ext4: remove redundant condition check
        jbd2: clean up indentation issue, replace spaces with tab
        ext4: clean up indentation issues, remove extraneous tabs
        ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
        ext4: fix possible use after free in ext4_quota_enable
        jbd2: avoid long hold times of j_state_lock while committing a transaction
        ext4: add ext4_sb_bread() to disambiguate ENOMEM cases
      f6b1495f
    • Linus Torvalds's avatar
      Merge tag 'iomap-4.21-merge-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · bc77789a
      Linus Torvalds authored
      Pull iomap update from Darrick Wong:
       "Fix a memory overflow bug for blocksize < pagesize"
      
      * tag 'iomap-4.21-merge-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        iomap: don't search past page end in iomap_is_partially_uptodate
      bc77789a
    • Linus Torvalds's avatar
      Merge tag 'xfs-4.21-merge-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · 47a43f2f
      Linus Torvalds authored
      Pull XFS updates from Darrick Wong:
      
       - Fix CoW remapping of extremely fragmented file areas
      
       - Fix a zero-length symlink verifier error
      
       - Constify some of the rmap owner structures for per-AG metadata
      
       - Precalculate inode geometry for later use
      
       - Fix scrub counting problems
      
       - Don't crash when rtsummary inode is null
      
       - Fix x32 ioctl operation
      
       - Fix enum->string mappings for ftrace output
      
       - Cache realtime summary information in memory
      
      * tag 'xfs-4.21-merge-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: (24 commits)
        xfs: reallocate realtime summary cache on growfs
        xfs: stringify scrub types in ftrace output
        xfs: stringify btree cursor types in ftrace output
        xfs: move XFS_INODE_FORMAT_STR mappings to libxfs
        xfs: move XFS_AG_BTREE_CMP_FORMAT_STR mappings to libxfs
        xfs: fix symbolic enum printing in ftrace output
        xfs: fix function pointer type in ftrace format
        xfs: Fix x32 ioctls when cmd numbers differ from ia32.
        xfs: Fix bulkstat compat ioctls on x32 userspace.
        xfs: Align compat attrlist_by_handle with native implementation.
        xfs: require both realtime inodes to mount
        xfs: cache minimum realtime summary level
        xfs: count inode blocks correctly in inobt scrub
        xfs: precalculate cluster alignment in inodes and blocks
        xfs: precalculate inodes and blocks per inode cluster
        xfs: add a block to inode count converter
        xfs: remove xfs_rmap_ag_owner and friends
        xfs: const-ify xfs_owner_info arguments
        xfs: streamline defer op type handling
        xfs: idiotproof defer op type configuration
        ...
      47a43f2f
    • Linus Torvalds's avatar
      Merge tag 'fs_for_4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs · e01799ac
      Linus Torvalds authored
      Pull ext2, udf, and quota update from Jan Kara:
       "Some ext2 cleanups, a fix for UDF crash on corrupted media, and one
        quota locking fix"
      
      * tag 'fs_for_4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
        quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls.
        udf: Fix BUG on corrupted inode
        ext2: change reusable parameter to true when calling mb_cache_entry_create()
        ext2: remove redundant condition check
        ext2: avoid unnecessary operation in ext2_error()
      e01799ac
    • Linus Torvalds's avatar
      Merge tag 'fsnotify_for_v4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs · 4b0a383a
      Linus Torvalds authored
      Pull fsnotify updates from Jan Kara:
       "Support for new FAN_OPEN_EXEC event and couple of cleanups around
        fsnotify"
      
      * tag 'fsnotify_for_v4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
        fanotify: Use inode_is_open_for_write
        fanotify: Make sure to check event_len when copying
        fsnotify/fdinfo: include fdinfo.h for inotify_show_fdinfo()
        fanotify: introduce new event mask FAN_OPEN_EXEC_PERM
        fsnotify: refactor fsnotify_parent()/fsnotify() paired calls when event is on path
        fanotify: introduce new event mask FAN_OPEN_EXEC
        fanotify: return only user requested event types in event mask
      4b0a383a
    • Linus Torvalds's avatar
      Merge tag 'dlm-4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm · 4de3aea3
      Linus Torvalds authored
      Pull dlm updates from David Teigland:
       "This set is entirely trivial fixes, mainly around correct cleanup on
        error paths and improved error checks. One patch adds scheduling in a
        potentially long recovery loop"
      
      * tag 'dlm-4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm:
        dlm: fix invalid cluster name warning
        dlm: NULL check before some freeing functions is not needed
        dlm: NULL check before kmem_cache_destroy is not needed
        dlm: fix missing idr_destroy for recover_idr
        dlm: memory leaks on error path in dlm_user_request()
        dlm: lost put_lkb on error path in receive_convert() and receive_unlock()
        dlm: possible memory leak on error path in create_lkb()
        dlm: fixed memory leaks after failed ls_remove_names allocation
        dlm: fix possible call to kfree() for non-initialized pointer
        dlm: Don't swamp the CPU with callbacks queued during recovery
        dlm: don't leak kernel pointer to userspace
        dlm: don't allow zero length names
        dlm: fix invalid free
      4de3aea3
    • Linus Torvalds's avatar
      Merge tag 'for-4.21-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 32ee34ed
      Linus Torvalds authored
      Pull btrfs updates from David Sterba:
       "New features:
      
         - swapfile support - after a long time it's here, with some
           limitations where COW design does not work well with the swap
           implementation (nodatacow file, no compression, cannot be
           snapshotted, not possible on multiple devices, ...), as this is the
           most restricted but working setup, we'll try to improve that in the
           future
      
         - metadata uuid - an optional incompat feature to assign a new
           filesystem UUID without overwriting all metadata blocks, stored
           only in superblock
      
         - more balance messages are printed to system log, initial is in the
           format of the command line that would be used to start it
      
        Fixes:
      
         - tag pages of a snapshot to better separate pages that are involved
           in the snapshot (and need to get synced) from newly dirtied pages
           that could slow down or even livelock the snapshot operation
      
         - improved check of filesystem id associated with a device during
           scan to detect duplicate devices that could be mixed up during
           mount
      
         - fix device replace state transitions, eg. when it ends up
           interrupted and reboot tries to restart balance too, or when
           start/cancel ioctls race
      
         - fix a crash due to a race when quotas are enabled during snapshot
           creation
      
         - GFP_NOFS/memalloc_nofs_* fixes due to GFP_KERNEL allocations in
           transaction context
      
         - fix fsync of files with multiple hard links in new directories
      
         - fix race of send with transaction commits that create snapshots
      
        Core changes:
      
         - cleanups:
            * further removals of now-dead fsync code
            * core function for finding free extent has been split and
              provides a base for further cleanups to make the logic more
              understandable
            * removed lot of indirect callbacks for data and metadata inodes
            * simplified refcounting and locking for cloned extent buffers
            * removed redundant function arguments
            * defines converted to enums where appropriate
      
         - separate reserve for delayed refs from global reserve, update logic
           to do less trickery and ad-hoc heuristics, move out some related
           expensive operations from transaction commit or file truncate
      
         - dev-replace switched from custom locking scheme to semaphore
      
         - remove first phase of balance that tried to make some space for the
           relocation by calling shrink and grow, this did not work as
           expected and only introduced more error states due to potential
           resize failures, slightly improves the runtime as the chunks on all
           devices are not needlessly enumerated
      
         - clone and deduplication now use generic helper that adds a few more
           checks that were missing from the original btrfs implementation of
           the ioctls"
      
      * tag 'for-4.21-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: (125 commits)
        btrfs: Fix typos in comments and strings
        btrfs: improve error handling of btrfs_add_link
        Btrfs: use generic_remap_file_range_prep() for cloning and deduplication
        btrfs: Refactor main loop in extent_readpages
        btrfs: Remove 1st shrink/grow phase from balance
        Btrfs: send, fix race with transaction commits that create snapshots
        Btrfs: use nofs context when initializing security xattrs to avoid deadlock
        btrfs: run delayed items before dropping the snapshot
        btrfs: catch cow on deleting snapshots
        btrfs: extent-tree: cleanup one-shot usage of @blocksize in do_walk_down
        Btrfs: scrub, move setup of nofs contexts higher in the stack
        btrfs: scrub: move scrub_setup_ctx allocation out of device_list_mutex
        btrfs: scrub: pass fs_info to scrub_setup_ctx
        btrfs: fix truncate throttling
        btrfs: don't run delayed refs in the end transaction logic
        btrfs: rework btrfs_check_space_for_delayed_refs
        btrfs: add new flushing states for the delayed refs rsv
        btrfs: update may_commit_transaction to use the delayed refs rsv
        btrfs: introduce delayed_refs_rsv
        btrfs: only track ref_heads in delayed_ref_updates
        ...
      32ee34ed
    • Linus Torvalds's avatar
      Merge tag 'gfs2-4.21.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 · 7bbbf2c2
      Linus Torvalds authored
      Pull gfs2 updates from Bob Peterson:
      
       - Enhancements and performance improvements to journal replay (Abhi
         Das)
      
       - Cleanup of gfs2_is_ordered and gfs2_is_writeback (Andreas
         Gruenbacher)
      
       - Fix a potential double-free in inode creation (Andreas Gruenbacher)
      
       - Fix the bitmap search loop that was searching too far (Andreas
         Gruenbacher)
      
       - Various cleanups (Andreas Gruenbacher, Bob Peterson)
      
       - Implement Steve Whitehouse's patch to dump nrpages for inodes (Bob
         Peterson)
      
       - Fix a withdraw bug where stuffed journaled data files didn't allocate
         enough journal space to be grown (Bob Peterson)
      
      * tag 'gfs2-4.21.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
        gfs2: take jdata unstuff into account in do_grow
        gfs2: Dump nrpages for inodes and their glocks
        gfs2: Fix loop in gfs2_rbm_find
        gfs2: Get rid of potential double-freeing in gfs2_create_inode
        gfs2: Remove vestigial bd_ops
        gfs2: read journal in large chunks to locate the head
        gfs2: add a helper function to get_log_header that can be used elsewhere
        gfs2: changes to gfs2_log_XXX_bio
        gfs2: add more timing info to journal recovery process
        gfs2: Fix the gfs2_invalidatepage description
        gfs2: Clean up gfs2_is_{ordered,writeback}
      7bbbf2c2
  2. 27 Dec, 2018 17 commits
    • Linus Torvalds's avatar
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · b71acb0e
      Linus Torvalds authored
      Pull crypto updates from Herbert Xu:
       "API:
         - Add 1472-byte test to tcrypt for IPsec
         - Reintroduced crypto stats interface with numerous changes
         - Support incremental algorithm dumps
      
        Algorithms:
         - Add xchacha12/20
         - Add nhpoly1305
         - Add adiantum
         - Add streebog hash
         - Mark cts(cbc(aes)) as FIPS allowed
      
        Drivers:
         - Improve performance of arm64/chacha20
         - Improve performance of x86/chacha20
         - Add NEON-accelerated nhpoly1305
         - Add SSE2 accelerated nhpoly1305
         - Add AVX2 accelerated nhpoly1305
         - Add support for 192/256-bit keys in gcmaes AVX
         - Add SG support in gcmaes AVX
         - ESN for inline IPsec tx in chcr
         - Add support for CryptoCell 703 in ccree
         - Add support for CryptoCell 713 in ccree
         - Add SM4 support in ccree
         - Add SM3 support in ccree
         - Add support for chacha20 in caam/qi2
         - Add support for chacha20 + poly1305 in caam/jr
         - Add support for chacha20 + poly1305 in caam/qi2
         - Add AEAD cipher support in cavium/nitrox"
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (130 commits)
        crypto: skcipher - remove remnants of internal IV generators
        crypto: cavium/nitrox - Fix build with !CONFIG_DEBUG_FS
        crypto: salsa20-generic - don't unnecessarily use atomic walk
        crypto: skcipher - add might_sleep() to skcipher_walk_virt()
        crypto: x86/chacha - avoid sleeping under kernel_fpu_begin()
        crypto: cavium/nitrox - Added AEAD cipher support
        crypto: mxc-scc - fix build warnings on ARM64
        crypto: api - document missing stats member
        crypto: user - remove unused dump functions
        crypto: chelsio - Fix wrong error counter increments
        crypto: chelsio - Reset counters on cxgb4 Detach
        crypto: chelsio - Handle PCI shutdown event
        crypto: chelsio - cleanup:send addr as value in function argument
        crypto: chelsio - Use same value for both channel in single WR
        crypto: chelsio - Swap location of AAD and IV sent in WR
        crypto: chelsio - remove set but not used variable 'kctx_len'
        crypto: ux500 - Use proper enum in hash_set_dma_transfer
        crypto: ux500 - Use proper enum in cryp_set_dma_transfer
        crypto: aesni - Add scatter/gather avx stubs, and use them in C
        crypto: aesni - Introduce partial block macro
        ..
      b71acb0e
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next · e0c38a4d
      Linus Torvalds authored
      Pull networking updates from David Miller:
      
       1) New ipset extensions for matching on destination MAC addresses, from
          Stefano Brivio.
      
       2) Add ipv4 ttl and tos, plus ipv6 flow label and hop limit offloads to
          nfp driver. From Stefano Brivio.
      
       3) Implement GRO for plain UDP sockets, from Paolo Abeni.
      
       4) Lots of work from Michał Mirosław to eliminate the VLAN_TAG_PRESENT
          bit so that we could support the entire vlan_tci value.
      
       5) Rework the IPSEC policy lookups to better optimize more usecases,
          from Florian Westphal.
      
       6) Infrastructure changes eliminating direct manipulation of SKB lists
          wherever possible, and to always use the appropriate SKB list
          helpers. This work is still ongoing...
      
       7) Lots of PHY driver and state machine improvements and
          simplifications, from Heiner Kallweit.
      
       8) Various TSO deferral refinements, from Eric Dumazet.
      
       9) Add ntuple filter support to aquantia driver, from Dmitry Bogdanov.
      
      10) Batch dropping of XDP packets in tuntap, from Jason Wang.
      
      11) Lots of cleanups and improvements to the r8169 driver from Heiner
          Kallweit, including support for ->xmit_more. This driver has been
          getting some much needed love since he started working on it.
      
      12) Lots of new forwarding selftests from Petr Machata.
      
      13) Enable VXLAN learning in mlxsw driver, from Ido Schimmel.
      
      14) Packed ring support for virtio, from Tiwei Bie.
      
      15) Add new Aquantia AQtion USB driver, from Dmitry Bezrukov.
      
      16) Add XDP support to dpaa2-eth driver, from Ioana Ciocoi Radulescu.
      
      17) Implement coalescing on TCP backlog queue, from Eric Dumazet.
      
      18) Implement carrier change in tun driver, from Nicolas Dichtel.
      
      19) Support msg_zerocopy in UDP, from Willem de Bruijn.
      
      20) Significantly improve garbage collection of neighbor objects when
          the table has many PERMANENT entries, from David Ahern.
      
      21) Remove egdev usage from nfp and mlx5, and remove the facility
          completely from the tree as it no longer has any users. From Oz
          Shlomo and others.
      
      22) Add a NETDEV_PRE_CHANGEADDR so that drivers can veto the change and
          therefore abort the operation before the commit phase (which is the
          NETDEV_CHANGEADDR event). From Petr Machata.
      
      23) Add indirect call wrappers to avoid retpoline overhead, and use them
          in the GRO code paths. From Paolo Abeni.
      
      24) Add support for netlink FDB get operations, from Roopa Prabhu.
      
      25) Support bloom filter in mlxsw driver, from Nir Dotan.
      
      26) Add SKB extension infrastructure. This consolidates the handling of
          the auxiliary SKB data used by IPSEC and bridge netfilter, and is
          designed to support the needs to MPTCP which could be integrated in
          the future.
      
      27) Lots of XDP TX optimizations in mlx5 from Tariq Toukan.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1845 commits)
        net: dccp: fix kernel crash on module load
        drivers/net: appletalk/cops: remove redundant if statement and mask
        bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw
        net/net_namespace: Check the return value of register_pernet_subsys()
        net/netlink_compat: Fix a missing check of nla_parse_nested
        ieee802154: lowpan_header_create check must check daddr
        net/mlx4_core: drop useless LIST_HEAD
        mlxsw: spectrum: drop useless LIST_HEAD
        net/mlx5e: drop useless LIST_HEAD
        iptunnel: Set tun_flags in the iptunnel_metadata_reply from src
        net/mlx5e: fix semicolon.cocci warnings
        staging: octeon: fix build failure with XFRM enabled
        net: Revert recent Spectre-v1 patches.
        can: af_can: Fix Spectre v1 vulnerability
        packet: validate address length if non-zero
        nfc: af_nfc: Fix Spectre v1 vulnerability
        phonet: af_phonet: Fix Spectre v1 vulnerability
        net: core: Fix Spectre v1 vulnerability
        net: minor cleanup in skb_ext_add()
        net: drop the unused helper skb_ext_get()
        ...
      e0c38a4d
    • Linus Torvalds's avatar
      Merge tag 'modules-for-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux · 7f9f852c
      Linus Torvalds authored
      Pull modules updates from Jessica Yu:
      
       - Some modules-related kallsyms cleanups and a kallsyms fix for ARM.
      
       - Include keys from the secondary keyring in module signature
         verification.
      
      * tag 'modules-for-v4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux:
        ARM: module: Fix function kallsyms on Thumb-2
        module: Overwrite st_size instead of st_info
        module: make it clearer when we're handling kallsyms symbols vs exported symbols
        modsign: use all trusted keys to verify module signature
      7f9f852c
    • Linus Torvalds's avatar
      Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · 3f03bf93
      Linus Torvalds authored
      Pull general security subsystem updates from James Morris:
       "The main changes here are Paul Gortmaker's removal of unneccesary
        module.h infrastructure"
      
      * 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        security: integrity: partial revert of make ima_main explicitly non-modular
        security: fs: make inode explicitly non-modular
        security: audit and remove any unnecessary uses of module.h
        security: integrity: make evm_main explicitly non-modular
        keys: remove needless modular infrastructure from ecryptfs_format
        security: integrity: make ima_main explicitly non-modular
        tomoyo: fix small typo
      3f03bf93
    • Linus Torvalds's avatar
      Merge tag 'selinux-pr-20181224' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux · fb2a624d
      Linus Torvalds authored
      Pull selinux patches from Paul Moore:
       "I already used my best holiday pull request lines in the audit pull
        request, so this one is going to be a bit more boring, sorry about
        that. To make up for this, we do have a birthday of sorts to
        celebrate: SELinux turns 18 years old this December. Perhaps not the
        most exciting thing in the world for most people, but I think it's
        safe to say that anyone reading this email doesn't exactly fall into
        the "most people" category.
      
        Back to business and the pull request itself:
      
        Ondrej has five patches in this pull request and I lump them into
        three categories: one patch to always allow submounts (using similar
        logic to elsewhere in the kernel), one to fix some issues with the
        SELinux policydb, and the others to cleanup and improve the SELinux
        sidtab.
      
        The other patches from Alexey and Petr and trivial fixes that are
        adequately described in their respective subject lines.
      
        With this last pull request of the year, I want to thank everyone who
        has contributed patches, testing, and reviews to the SELinux project
        this year, and the past 18 years. Like any good open source effort,
        SELinux is only as good as the community which supports it, and I'm
        very happy that we have the community we do - thank you all!"
      
      * tag 'selinux-pr-20181224' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
        selinux: overhaul sidtab to fix bug and improve performance
        selinux: use separate table for initial SID lookup
        selinux: make "selinux_policycap_names[]" const char *
        selinux: always allow mounting submounts
        selinux: refactor sidtab conversion
        Documentation: Update SELinux reference policy URL
        selinux: policydb - fix byte order and alignment issues
      fb2a624d
    • Linus Torvalds's avatar
      Merge tag 'audit-pr-20181224' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit · 047ce6d3
      Linus Torvalds authored
      Pull audit updates from Paul Moore:
       "In the finest of holiday of traditions, I have a number of gifts to
        share today. While most of them are re-gifts from others, unlike the
        typical re-gift, these are things you will want in and around your
        tree; I promise.
      
        This pull request is perhaps a bit larger than our typical PR, but
        most of it comes from Jan's rework of audit's fanotify code; a very
        welcome improvement. We ran this through our normal regression tests,
        as well as some newly created stress tests and everything looks good.
      
        Richard added a few patches, mostly cleaning up a few things and and
        shortening some of the audit records that we send to userspace; a
        change the userspace folks are quite happy about.
      
        Finally YueHaibing and I kick in a few patches to simplify things a
        bit and make the code less prone to errors.
      
        Lastly, I want to say thanks one more time to everyone who has
        contributed patches, testing, and code reviews for the audit subsystem
        over the past year. The project is what it is due to your help and
        contributions - thank you"
      
      * tag 'audit-pr-20181224' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: (22 commits)
        audit: remove duplicated include from audit.c
        audit: shorten PATH cap values when zero
        audit: use current whenever possible
        audit: minimize our use of audit_log_format()
        audit: remove WATCH and TREE config options
        audit: use session_info helper
        audit: localize audit_log_session_info prototype
        audit: Use 'mark' name for fsnotify_mark variables
        audit: Replace chunk attached to mark instead of replacing mark
        audit: Simplify locking around untag_chunk()
        audit: Drop all unused chunk nodes during deletion
        audit: Guarantee forward progress of chunk untagging
        audit: Allocate fsnotify mark independently of chunk
        audit: Provide helper for dropping mark's chunk reference
        audit: Remove pointless check in insert_hash()
        audit: Factor out chunk replacement code
        audit: Make hash table insertion safe against concurrent lookups
        audit: Embed key into chunk
        audit: Fix possible tagging failures
        audit: Fix possible spurious -ENOSPC error
        ...
      047ce6d3
    • Linus Torvalds's avatar
      Merge tag 'printk-for-4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk · a3b5c106
      Linus Torvalds authored
      Pull printk updates from Petr Mladek:
      
       - Keep spinlocks busted until the end of panic()
      
       - Fix races between calculating number of messages that would fit into
         user space buffers, filling the buffers, and switching printk.time
         parameter
      
       - Some code clean up
      
      * tag 'printk-for-4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
        printk: Remove print_prefix() calls with NULL buffer.
        printk: fix printk_time race.
        printk: Make printk_emit() local function.
        panic: avoid deadlocks in re-entrant console drivers
      a3b5c106
    • Linus Torvalds's avatar
      Merge tag 'gcc-plugins-v4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · c6f1b355
      Linus Torvalds authored
      Pull gcc-plugins update from Kees Cook:
       "Both arm and arm64 are gaining per-task stack canaries (to match x86),
        but arm is being done with a gcc plugin, hence it going through the
        gcc-plugins tree.
      
        New gcc-plugin:
      
         - Enable per-task stack protector for ARM (Ard Biesheuvel)"
      
      * tag 'gcc-plugins-v4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        ARM: smp: add support for per-task stack canaries
      c6f1b355
    • Linus Torvalds's avatar
      Merge tag 'pstore-v4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · c06e9ef6
      Linus Torvalds authored
      Pull pstore updates from Kees Cook:
       "Improvements and refactorings:
      
         - Improve compression handling
      
         - Refactor argument handling during initialization
      
         - Avoid needless locking for saner EFI backend handling
      
         - Add more kern-doc and improve debugging output"
      
      * tag 'pstore-v4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        pstore/ram: Avoid NULL deref in ftrace merging failure path
        pstore: Convert buf_lock to semaphore
        pstore: Fix bool initialization/comparison
        pstore/ram: Do not treat empty buffers as valid
        pstore/ram: Simplify ramoops_get_next_prz() arguments
        pstore: Map PSTORE_TYPE_* to strings
        pstore: Replace open-coded << with BIT()
        pstore: Improve and update some comments and status output
        pstore/ram: Add kern-doc for struct persistent_ram_zone
        pstore/ram: Report backend assignments with finer granularity
        pstore/ram: Standardize module name in ramoops
        pstore: Avoid duplicate call of persistent_ram_zap()
        pstore: Remove needless lock during console writes
        pstore: Do not use crash buffer for decompression
      c06e9ef6
    • Linus Torvalds's avatar
      Merge tag 'powerpc-4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 8d697332
      Linus Torvalds authored
      Pull powerpc updates from Michael Ellerman:
       "Notable changes:
      
         - Mitigations for Spectre v2 on some Freescale (NXP) CPUs.
      
         - A large series adding support for pass-through of Nvidia V100 GPUs
           to guests on Power9.
      
         - Another large series to enable hardware assistance for TLB table
           walk on MPC8xx CPUs.
      
         - Some preparatory changes to our DMA code, to make way for further
           cleanups from Christoph.
      
         - Several fixes for our Transactional Memory handling discovered by
           fuzzing the signal return path.
      
         - Support for generating our system call table(s) from a text file
           like other architectures.
      
         - A fix to our page fault handler so that instead of generating a
           WARN_ON_ONCE, user accesses of kernel addresses instead print a
           ratelimited and appropriately scary warning.
      
         - A cosmetic change to make our unhandled page fault messages more
           similar to other arches and also more compact and informative.
      
         - Freescale updates from Scott:
             "Highlights include elimination of legacy clock bindings use from
              dts files, an 83xx watchdog handler, fixes to old dts interrupt
              errors, and some minor cleanup."
      
        And many clean-ups, reworks and minor fixes etc.
      
        Thanks to: Alexandre Belloni, Alexey Kardashevskiy, Andrew Donnellan,
        Aneesh Kumar K.V, Arnd Bergmann, Benjamin Herrenschmidt, Breno Leitao,
        Christian Lamparter, Christophe Leroy, Christoph Hellwig, Daniel
        Axtens, Darren Stevens, David Gibson, Diana Craciun, Dmitry V. Levin,
        Firoz Khan, Geert Uytterhoeven, Greg Kurz, Gustavo Romero, Hari
        Bathini, Joel Stanley, Kees Cook, Madhavan Srinivasan, Mahesh
        Salgaonkar, Markus Elfring, Mathieu Malaterre, Michal Suchánek, Naveen
        N. Rao, Nick Desaulniers, Oliver O'Halloran, Paul Mackerras, Ram Pai,
        Ravi Bangoria, Rob Herring, Russell Currey, Sabyasachi Gupta, Sam
        Bobroff, Satheesh Rajendran, Scott Wood, Segher Boessenkool, Stephen
        Rothwell, Tang Yuantian, Thiago Jung Bauermann, Yangtao Li, Yuantian
        Tang, Yue Haibing"
      
      * tag 'powerpc-4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (201 commits)
        Revert "powerpc/fsl_pci: simplify fsl_pci_dma_set_mask"
        powerpc/zImage: Also check for stdout-path
        powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y
        macintosh: Use of_node_name_{eq, prefix} for node name comparisons
        ide: Use of_node_name_eq for node name comparisons
        powerpc: Use of_node_name_eq for node name comparisons
        powerpc/pseries/pmem: Convert to %pOFn instead of device_node.name
        powerpc/mm: Remove very old comment in hash-4k.h
        powerpc/pseries: Fix node leak in update_lmb_associativity_index()
        powerpc/configs/85xx: Enable CONFIG_DEBUG_KERNEL
        powerpc/dts/fsl: Fix dtc-flagged interrupt errors
        clk: qoriq: add more compatibles strings
        powerpc/fsl: Use new clockgen binding
        powerpc/83xx: handle machine check caused by watchdog timer
        powerpc/fsl-rio: fix spelling mistake "reserverd" -> "reserved"
        powerpc/fsl_pci: simplify fsl_pci_dma_set_mask
        arch/powerpc/fsl_rmu: Use dma_zalloc_coherent
        vfio_pci: Add NVIDIA GV100GL [Tesla V100 SXM2] subdriver
        vfio_pci: Allow regions to add own capabilities
        vfio_pci: Allow mapping extra regions
        ...
      8d697332
    • Olof Johansson's avatar
      sched/fair: Fix warning on non-SMP build · 6d101ba6
      Olof Johansson authored
      Caused by making the variable static:
      
        kernel/sched/fair.c:119:21: warning: 'capacity_margin' defined but not used [-Wunused-variable]
      
      Seems easiest to just move it up under the existing ifdef CONFIG_SMP
      that's a few lines above.
      
      Fixes: ed8885a1 ('sched/fair: Make some variables static')
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6d101ba6
    • Linus Torvalds's avatar
      Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · fc2fd5f0
      Linus Torvalds authored
      Pull x86 platform update from Ingo Molnar:
       "An OLPC platform support simplification patch"
      
      * 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/platform/olpc: Do not call of_platform_bus_probe()
      fc2fd5f0
    • Linus Torvalds's avatar
      Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e57d9f63
      Linus Torvalds authored
      Pull x86 mm updates from Ingo Molnar:
       "The main changes in this cycle were:
      
         - Update and clean up x86 fault handling, by Andy Lutomirski.
      
         - Drop usage of __flush_tlb_all() in kernel_physical_mapping_init()
           and related fallout, by Dan Williams.
      
         - CPA cleanups and reorganization by Peter Zijlstra: simplify the
           flow and remove a few warts.
      
         - Other misc cleanups"
      
      * 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (29 commits)
        x86/mm/dump_pagetables: Use DEFINE_SHOW_ATTRIBUTE()
        x86/mm/cpa: Rename @addrinarray to @numpages
        x86/mm/cpa: Better use CLFLUSHOPT
        x86/mm/cpa: Fold cpa_flush_range() and cpa_flush_array() into a single cpa_flush() function
        x86/mm/cpa: Make cpa_data::numpages invariant
        x86/mm/cpa: Optimize cpa_flush_array() TLB invalidation
        x86/mm/cpa: Simplify the code after making cpa->vaddr invariant
        x86/mm/cpa: Make cpa_data::vaddr invariant
        x86/mm/cpa: Add __cpa_addr() helper
        x86/mm/cpa: Add ARRAY and PAGES_ARRAY selftests
        x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init()
        x86/mm: Validate kernel_physical_mapping_init() PTE population
        generic/pgtable: Introduce set_pte_safe()
        generic/pgtable: Introduce {p4d,pgd}_same()
        generic/pgtable: Make {pmd, pud}_same() unconditionally available
        x86/fault: Clean up the page fault oops decoder a bit
        x86/fault: Decode page fault OOPSes better
        x86/vsyscall/64: Use X86_PF constants in the simulated #PF error code
        x86/oops: Show the correct CS value in show_regs()
        x86/fault: Don't try to recover from an implicit supervisor access
        ...
      e57d9f63
    • Linus Torvalds's avatar
      Merge branch 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d6e867a6
      Linus Torvalds authored
      Pull x86 fpu updates from Ingo Molnar:
       "Misc preparatory changes for an upcoming FPU optimization that will
        delay the loading of FPU registers to return-to-userspace"
      
      * 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/fpu: Don't export __kernel_fpu_{begin,end}()
        x86/fpu: Update comment for __raw_xsave_addr()
        x86/fpu: Add might_fault() to user_insn()
        x86/pkeys: Make init_pkru_value static
        x86/thread_info: Remove _TIF_ALLWORK_MASK
        x86/process/32: Remove asm/math_emu.h include
        x86/fpu: Use unsigned long long shift in xfeature_uncompacted_offset()
      d6e867a6
    • Linus Torvalds's avatar
      Merge branch 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · db2ab474
      Linus Torvalds authored
      Pull x86 cpu updates from Ingo Molnar:
       "Misc changes:
      
         - Fix nr_cpus= boot option interaction bug with logical package
           management
      
         - Clean up UMIP detection messages
      
         - Add WBNOINVD instruction detection
      
         - Remove the unused get_scattered_cpuid_leaf() function"
      
      * 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/topology: Use total_cpus for max logical packages calculation
        x86/umip: Make the UMIP activated message generic
        x86/umip: Print UMIP line only once
        x86/cpufeatures: Add WBNOINVD feature definition
        x86/cpufeatures: Remove get_scattered_cpuid_leaf()
      db2ab474
    • Linus Torvalds's avatar
      Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 312a4661
      Linus Torvalds authored
      Pull x86 cleanups from Ingo Molnar:
       "Misc cleanups"
      
      * 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/kprobes: Remove trampoline_handler() prototype
        x86/kernel: Fix more -Wmissing-prototypes warnings
        x86: Fix various typos in comments
        x86/headers: Fix -Wmissing-prototypes warning
        x86/process: Avoid unnecessary NULL check in get_wchan()
        x86/traps: Complete prototype declarations
        x86/mce: Fix -Wmissing-prototypes warnings
        x86/gart: Rewrite early_gart_iommu_check() comment
      312a4661
    • Linus Torvalds's avatar
      Merge branch 'x86-build-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 6e54df00
      Linus Torvalds authored
      Pull x86 build updates from Ingo Molnar:
      
       - Resolve LLVM build bug by removing redundant GNU specific flag
      
       - Remove obsolete -funit-at-a-time and -fno-unit-at-a-time use from x86
         PowerPC and UM.
      
         The UML change was seen and acked by UML maintainer Richard
         Weinberger.
      
      * 'x86-build-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/um/vdso: Drop implicit common-page-size linker flag
        x86, powerpc: Remove -funit-at-a-time compiler option entirely
        x86/um: Remove -fno-unit-at-a-time workaround for pre-4.0 GCC
      6e54df00