1. 20 Jul, 2017 9 commits
  2. 19 Jul, 2017 6 commits
    • Alexander Potapenko's avatar
      llist: clang: introduce member_address_is_nonnull() · beaec533
      Alexander Potapenko authored
      Currently llist_for_each_entry() and llist_for_each_entry_safe() iterate
      until &pos->member != NULL.  But when building the kernel with Clang,
      the compiler assumes &pos->member cannot be NULL if the member's offset
      is greater than 0 (which would be equivalent to the object being
      non-contiguous in memory).  Therefore the loop condition is always true,
      and the loops become infinite.
      
      To work around this, introduce the member_address_is_nonnull() macro,
      which casts object pointer to uintptr_t, thus letting the member pointer
      to be NULL.
      Signed-off-by: default avatarAlexander Potapenko <glider@google.com>
      Tested-by: default avatarSodagudi Prasad <psodagud@codeaurora.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      beaec533
    • Linus Torvalds's avatar
      Merge tag 'gcc-plugins-v4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · e06fdaf4
      Linus Torvalds authored
      Pull structure randomization updates from Kees Cook:
       "Now that IPC and other changes have landed, enable manual markings for
        randstruct plugin, including the task_struct.
      
        This is the rest of what was staged in -next for the gcc-plugins, and
        comes in three patches, largest first:
      
         - mark "easy" structs with __randomize_layout
      
         - mark task_struct with an optional anonymous struct to isolate the
           __randomize_layout section
      
         - mark structs to opt _out_ of automated marking (which will come
           later)
      
        And, FWIW, this continues to pass allmodconfig (normal and patched to
        enable gcc-plugins) builds of x86_64, i386, arm64, arm, powerpc, and
        s390 for me"
      
      * tag 'gcc-plugins-v4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        randstruct: opt-out externally exposed function pointer structs
        task_struct: Allow randomized layout
        randstruct: Mark various structs for randomization
      e06fdaf4
    • Linus Torvalds's avatar
      Merge tag 'ceph-for-4.13-rc2' of git://github.com/ceph/ceph-client · a90c6ac2
      Linus Torvalds authored
      Pull ceph fixes from Ilya Dryomov:
       "A number of small fixes for -rc1 Luminous changes plus a readdir race
        fix, marked for stable"
      
      * tag 'ceph-for-4.13-rc2' of git://github.com/ceph/ceph-client:
        libceph: potential NULL dereference in ceph_msg_data_create()
        ceph: fix race in concurrent readdir
        libceph: don't call encode_request_finish() on MOSDBackoff messages
        libceph: use alloc_pg_mapping() in __decode_pg_upmap_items()
        libceph: set -EINVAL in one place in crush_decode()
        libceph: NULL deref on osdmap_apply_incremental() error path
        libceph: fix old style declaration warnings
      a90c6ac2
    • Shu Wang's avatar
      audit: fix memleak in auditd_send_unicast_skb. · b0659ae5
      Shu Wang authored
      Found this issue by kmemleak report, auditd_send_unicast_skb
      did not free skb if rcu_dereference(auditd_conn) returns null.
      
      unreferenced object 0xffff88082568ce00 (size 256):
      comm "auditd", pid 1119, jiffies 4294708499
      backtrace:
      [<ffffffff8176166a>] kmemleak_alloc+0x4a/0xa0
      [<ffffffff8121820c>] kmem_cache_alloc_node+0xcc/0x210
      [<ffffffff8161b99d>] __alloc_skb+0x5d/0x290
      [<ffffffff8113c614>] audit_make_reply+0x54/0xd0
      [<ffffffff8113dfa7>] audit_receive_msg+0x967/0xd70
      ----------------
      (gdb) list *audit_receive_msg+0x967
      0xffffffff8113dff7 is in audit_receive_msg (kernel/audit.c:1133).
      1132    skb = audit_make_reply(0, AUDIT_REPLACE, 0,
                                      0, &pvnr, sizeof(pvnr));
      ---------------
      [<ffffffff8113e402>] audit_receive+0x52/0xa0
      [<ffffffff8166c561>] netlink_unicast+0x181/0x240
      [<ffffffff8166c8e2>] netlink_sendmsg+0x2c2/0x3b0
      [<ffffffff816112e8>] sock_sendmsg+0x38/0x50
      [<ffffffff816117a2>] SYSC_sendto+0x102/0x190
      [<ffffffff81612f4e>] SyS_sendto+0xe/0x10
      [<ffffffff8176d337>] entry_SYSCALL_64_fastpath+0x1a/0xa5
      [<ffffffffffffffff>] 0xffffffffffffffff
      Signed-off-by: default avatarShu Wang <shuwang@redhat.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      b0659ae5
    • Sudeep Holla's avatar
      PM / Domains: defer dev_pm_domain_set() until genpd->attach_dev succeeds if present · 975e83cf
      Sudeep Holla authored
      If the genpd->attach_dev or genpd->power_on fails, genpd_dev_pm_attach
      may return -EPROBE_DEFER initially. However genpd_alloc_dev_data sets
      the PM domain for the device unconditionally.
      
      When subsequent attempts are made to call genpd_dev_pm_attach, it may
      return -EEXISTS checking dev->pm_domain without re-attempting to call
      attach_dev or power_on.
      
      platform_drv_probe then attempts to call drv->probe as the return value
      -EEXIST != -EPROBE_DEFER, which may end up in a situation where the
      device is accessed without it's power domain switched on.
      
      Fixes: f104e1e5 (PM / Domains: Re-order initialization of generic_pm_domain_data)
      Cc: 4.4+ <stable@vger.kernel.org> # v4.4+
      Signed-off-by: default avatarSudeep Holla <sudeep.holla@arm.com>
      Acked-by: default avatarUlf Hansson <ulf.hansson@linaro.org>
      Signed-off-by: default avatarRafael J. Wysocki <rafael.j.wysocki@intel.com>
      975e83cf
    • Dan Williams's avatar
      device-dax: fix sysfs duplicate warnings · bbb3be17
      Dan Williams authored
      Fix warnings of the form...
      
           WARNING: CPU: 10 PID: 4983 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x62/0x80
           sysfs: cannot create duplicate filename '/class/dax/dax12.0'
           Call Trace:
            dump_stack+0x63/0x86
            __warn+0xcb/0xf0
            warn_slowpath_fmt+0x5a/0x80
            ? kernfs_path_from_node+0x4f/0x60
            sysfs_warn_dup+0x62/0x80
            sysfs_do_create_link_sd.isra.2+0x97/0xb0
            sysfs_create_link+0x25/0x40
            device_add+0x266/0x630
            devm_create_dax_dev+0x2cf/0x340 [dax]
            dax_pmem_probe+0x1f5/0x26e [dax_pmem]
            nvdimm_bus_probe+0x71/0x120
      
      ...by reusing the namespace id for the device-dax instance name.
      
      Now that we have decided that there will never by more than one
      device-dax instance per libnvdimm-namespace parent device [1], we can
      directly reuse the namepace ids. There are some possible follow-on
      cleanups, but those are saved for a later patch to simplify the -stable
      backport.
      
      [1]: https://lists.01.org/pipermail/linux-nvdimm/2016-December/008266.html
      
      Fixes: 98a29c39 ("libnvdimm, namespace: allow creation of multiple pmem...")
      Cc: Jeff Moyer <jmoyer@redhat.com>
      Cc: <stable@vger.kernel.org>
      Reported-by: default avatarDariusz Dokupil <dariusz.dokupil@intel.com>
      Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
      bbb3be17
  3. 18 Jul, 2017 25 commits