1. 24 Oct, 2014 1 commit
    • Nadav Amit's avatar
      KVM: x86: Check non-canonical addresses upon WRMSR · 854e8bb1
      Nadav Amit authored
      Upon WRMSR, the CPU should inject #GP if a non-canonical value (address) is
      written to certain MSRs. The behavior is "almost" identical for AMD and Intel
      (ignoring MSRs that are not implemented in either architecture since they would
      anyhow #GP). However, IA32_SYSENTER_ESP and IA32_SYSENTER_EIP cause #GP if
      non-canonical address is written on Intel but not on AMD (which ignores the top
      32-bits).
      
      Accordingly, this patch injects a #GP on the MSRs which behave identically on
      Intel and AMD.  To eliminate the differences between the architecutres, the
      value which is written to IA32_SYSENTER_ESP and IA32_SYSENTER_EIP is turned to
      canonical value before writing instead of injecting a #GP.
      
      Some references from Intel and AMD manuals:
      
      According to Intel SDM description of WRMSR instruction #GP is expected on
      WRMSR "If the source register contains a non-canonical address and ECX
      specifies one of the following MSRs: IA32_DS_AREA, IA32_FS_BASE, IA32_GS_BASE,
      IA32_KERNEL_GS_BASE, IA32_LSTAR, IA32_SYSENTER_EIP, IA32_SYSENTER_ESP."
      
      According to AMD manual instruction manual:
      LSTAR/CSTAR (SYSCALL): "The WRMSR instruction loads the target RIP into the
      LSTAR and CSTAR registers.  If an RIP written by WRMSR is not in canonical
      form, a general-protection exception (#GP) occurs."
      IA32_GS_BASE and IA32_FS_BASE (WRFSBASE/WRGSBASE): "The address written to the
      base field must be in canonical form or a #GP fault will occur."
      IA32_KERNEL_GS_BASE (SWAPGS): "The address stored in the KernelGSbase MSR must
      be in canonical form."
      
      This patch fixes CVE-2014-3610.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarNadav Amit <namit@cs.technion.ac.il>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      854e8bb1
  2. 21 Oct, 2014 9 commits
    • Linus Torvalds's avatar
      Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending · c3351dfa
      Linus Torvalds authored
      Pull SCSI target updates from Nicholas Bellinger:
       "Here are the target updates for v3.18-rc2 code.  These where
        originally destined for -rc1, but due to the combination of travel
        last week for KVM Forum and my mistake of taking the three week merge
        window literally, the pull request slipped..  Apologies for that.
      
        Things where reasonably quiet this round.  The highlights include:
      
         - New userspace backend driver (target_core_user.ko) by Shaohua Li
           and Andy Grover
         - A number of cleanups in target, iscsi-taret and qla_target code
           from Joern Engel
         - Fix an OOPs related to queue full handling with CHECK_CONDITION
           status from Quinn Tran
         - Fix to disable TX completion interrupt coalescing in iser-target,
           that was causing problems on some hardware
         - Fix for PR APTPL metadata handling with demo-mode ACLs
      
        I'm most excited about the new backend driver that uses UIO + shared
        memory ring to dispatch I/O and control commands into user-space.
        This was probably the most requested feature by users over the last
        couple of years, and opens up a new area of development + porting of
        existing user-space storage applications to LIO.  Thanks to Shaohua +
        Andy for making this happen.
      
        Also another honorable mention, a new Xen PV SCSI driver was merged
        via the xen/tip.git tree recently, which puts us now at 10 target
        drivers in upstream! Thanks to David Vrabel + Juergen Gross for their
        work to get this code merged"
      
      * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: (40 commits)
        target/file: fix inclusive vfs_fsync_range() end
        iser-target: Disable TX completion interrupt coalescing
        target: Add force_pr_aptpl device attribute
        target: Fix APTPL metadata handling for dynamic MappedLUNs
        qla_target: don't delete changed nacls
        target/user: Recalculate pad size inside is_ring_space_avail()
        tcm_loop: Fixup tag handling
        iser-target: Fix smatch warning
        target/user: Fix up smatch warnings in tcmu_netlink_event
        target: Add a user-passthrough backstore
        target: Add documentation on the target userspace pass-through driver
        uio: Export definition of struct uio_device
        target: Remove unneeded check in sbc_parse_cdb
        target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE
        qla_target: rearrange struct qla_tgt_prm
        qla_target: improve qlt_unmap_sg()
        qla_target: make some global functions static
        qla_target: remove unused parameter
        target: simplify core_tmr_abort_task
        target: encapsulate smp_mb__after_atomic()
        ...
      c3351dfa
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.open-osd.org/linux-open-osd · 848a5528
      Linus Torvalds authored
      Pull email address change from Boaz Harrosh.
      
      * 'for-linus' of git://git.open-osd.org/linux-open-osd:
        Boaz Harrosh - fix email in Documentation
        Boaz Harrosh - Fix broken email address
        MAINTAINERS: Change Boaz Harrosh's email
      848a5528
    • Linus Torvalds's avatar
      Merge branch 'mailbox-for-linus' of git://git.linaro.org/landing-teams/working/fujitsu/integration · 43d451f1
      Linus Torvalds authored
      Pull mailbox framework from Jassi Brar:
       "A framework for Mailbox controllers and clients have been cooking for
        more than a year now.
      
        Everybody in the CC list had been copied on patchset revisions and
        most of them have made sounds of approval, though just one concrete
        Reviewed-by.  The patchset has also been in linux-next for a couple of
        weeks now and no conflict has been reported.  The framework has the
        backing of at least 5 platforms, though I can't say if/when they
        upstream their drivers (some businesses have 'changed')"
      
      (Further acked-by by Arnd Bergmann and Suman Anna in the pull request
      thread)
      
      * 'mailbox-for-linus' of git://git.linaro.org/landing-teams/working/fujitsu/integration:
        dt: mailbox: add generic bindings
        doc: add documentation for mailbox framework
        mailbox: Introduce framework for mailbox
        mailbox: rename pl320-ipc specific mailbox.h
      43d451f1
    • Linus Torvalds's avatar
      Merge git://www.linux-watchdog.org/linux-watchdog · 21d2271f
      Linus Torvalds authored
      Pull watchdog updates from Wim Van Sebroeck:
       - new Cadence WDT driver
       - new Ricoh RN5T618 watchdog
       - new DA9063 PMIC watchdog driver
       - new Meson WDT driver
       - add restart handling code
       - fixes and improvements
      
      * git://www.linux-watchdog.org/linux-watchdog: (25 commits)
        watchdog: meson: remove magic value for reboot
        watchdog: Let XILINX_WATCHDOG and TEGRA_WATCHDOG depend on HAS_IOMEM
        watchdog: sunxi: Add A31 watchdog support
        watchdog: sunxi: support parameterized compatible strings
        watchdog: imx2_wdt: add restart handler support
        watchdog: qcom: register a restart notifier
        watchdog: s3c2410: add restart handler
        watchdog: dw_wdt: add restart handler support
        ARM: defconfig: update multi_v7_defconfig
        ARM: meson: add watchdog driver
        ARM: docs: add documentation binding for meson watchdog
        stmp3xxx_rtc_wdt: Add suspend/resume PM support
        watchdog: Add DA9063 PMIC watchdog driver.
        watchdog: add driver for Ricoh RN5T618 watchdog
        watchdog: s3c2410_wdt: Add support for Watchdog device on Exynos7
        watchdog: qcom: document device tree bindings
        watchdog: qcom: add support for KPSS WDT
        watchdog: dw_wdt: initialise TOP_INIT in dw_wdt_set_top()
        devicetree: Add Cadence WDT devicetree bindings documentation
        watchdog: Add Cadence WDT driver
        ...
      21d2271f
    • Linus Torvalds's avatar
      Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds · 045aaeda
      Linus Torvalds authored
      Pull LED update from Bryan Wu:
       "Basically we have some bug fixing and clean up and one big thing is we
        start to merge patch to add support LED Flash class"
      
      * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds:
        leds: gpio: cleanup the leds-gpio driver
        led: gpio: Fix possible ZERO_SIZE_PTR pointer dereferencing error.
        led: gpio: Sort include headers alphabetically
        leds: Improve and export led_update_brightness
        leds: trigger: gpio: fix warning in gpio trigger for gpios whose accessor function may sleep
        leds: lp3944: fix sparse warning
        leds: avoid using DEVICE_ATTR macro for max_brightness attribute
        leds: make brightness type consistent across whole subsystem
        leds: Reorder include directives
      045aaeda
    • Linus Torvalds's avatar
      Merge tag 'pwm/for-3.18-rc1' of... · 5b9c8972
      Linus Torvalds authored
      Merge tag 'pwm/for-3.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm
      
      Pull pwm changes from Thierry Reding:
       "There are no new drivers here, only a couple of fixes all over the
        place"
      
      * tag 'pwm/for-3.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm:
        pwm: Let PWM_CLPS711X depend on HAS_IOMEM
        pwm: atmel: Fix calculation of prescale value
        pwm: Fix uninitialized warnings in pwm_get()
        pwm: rockchip: Allow polarity invert on rk3288
        pwm: imx: Avoid sample FIFO overflow for i.MX PWM version2
        pwm: imx: Cleanup indentation for register definitions
        pwm: imx: Fix the macro MX3_PWMCR_PRESCALER(x) definition
        pwm: Fix possible ZERO_SIZE_PTR pointer dereferencing error.
        pwm: lpss: make it buildable only on X86
        pwm: lpss: use c99 initializers in structures
        pwm: lpss: Fix build failure on PowerPC
        pwm: lpss: pci: Move to use pcim_enable_device()
        pwm: lpss: Properly split driver to parts
        pwm: lpss: Add ACPI and PCI IDs for Intel Braswell
        pwm: fsl-ftm: Select REGMAP_MMIO
        pwm: fsl-ftm: Document 'big-endian' property
        pwm: fsl-ftm: Convert to direct regmap API usage
        pwm: fsl-ftm: Clean up the code
      5b9c8972
    • Linus Torvalds's avatar
      Merge tag 'arc-3.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc · 3d430bdb
      Linus Torvalds authored
      Pull ARC updates from Vineet Gupta:
       "Sorry for the late pull request.  Current stuff was ready for a while
        but I was hoping to squeeze in support for almost ready ARC SDP
        platform (and avoid a 2nd pull request), however it seems there are
        still some loose ends which warrant more time.
      
         - Platform code reduction/moving-up (TB10X no longer needs any
           callbacks)
         - updated boot printing
         - kgdb update for arc gdb 7.5
         - bug fixes (some marked for stable)
         - more code refactoring/consolidation"
      
      * tag 'arc-3.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
        ARC: boot: cpu feature print enhancements
        ARC: boot: consolidate cross-checking of h/w and s/w
        ARC: unbork FPU save/restore
        ARC: remove extraneous __KERNEL__ guards
        ARC: Update order of registers in KGDB to match GDB 7.5
        ARC: Remove unneeded Kconfig entry NO_DMA
        ARC: BUG() dumps stack after @msg (@msg now same as in generic BUG))
        ARC: refactoring: reduce the scope of some local vars
        ARC: remove gcc mpy heuristics
        ARC: RIP @running_on_hw
        ARC: Update comments about uncached address space
        ARC: rename kconfig option for unaligned emulation
        ARC: [nsimosci] Allow "headless" models to boot
        ARC: [arcfpga] Get rid of ARC_BOARD_ANGEL4 and ARC_BOARD_ML509
        ARC: [arcfpga] Remove more dead code
        ARC: [plat*] move code out of .init_machine into common
        ARC: [arcfpga] consolidate machine description, DT
        ARC: Allow SMP kernel to build/boot on UP-only infrastructure
      3d430bdb
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux · dc303408
      Linus Torvalds authored
      Pull more powerpc updates from Michael Ellerman:
       "Here's some more updates for powerpc for 3.18.
      
        They are a bit late I know, though must are actually bug fixes.  In my
        defence I nearly cut the top of my finger off last weekend in a
        gruesome bike maintenance accident, so I spent a good part of the week
        waiting around for doctors.  True story, I can send photos if you like :)
      
        Probably the most interesting fix is the sys_call_table one, which
        enables syscall tracing for powerpc.  There's a fix for HMI handling
        for old firmware, more endian fixes for firmware interfaces, more EEH
        fixes, Anton fixed our routine that gets the current stack pointer,
        and a few other misc bits"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux: (22 commits)
        powerpc: Only do dynamic DMA zone limits on platforms that need it
        powerpc: sync pseries_le_defconfig with pseries_defconfig
        powerpc: Add printk levels to setup_system output
        powerpc/vphn: NUMA node code expects big-endian
        powerpc/msi: Use WARN_ON() in msi bitmap selftests
        powerpc/msi: Fix the msi bitmap alignment tests
        powerpc/eeh: Block CFG upon frozen Shiner adapter
        powerpc/eeh: Don't collect logs on PE with blocked config space
        powerpc/eeh: Block PCI config access upon frozen PE
        powerpc/pseries: Drop config requests in EEH accessors
        powerpc/powernv: Drop config requests in EEH accessors
        powerpc/eeh: Rename flag EEH_PE_RESET to EEH_PE_CFG_BLOCKED
        powerpc/eeh: Fix condition for isolated state
        powerpc/pseries: Make CPU hotplug path endian safe
        powerpc/pseries: Use dump_stack instead of show_stack
        powerpc: Rename __get_SP() to current_stack_pointer()
        powerpc: Reimplement __get_SP() as a function not a define
        powerpc/numa: Add ability to disable and debug topology updates
        powerpc/numa: check error return from proc_create
        powerpc/powernv: Fallback to old HMI handling behavior for old firmware
        ...
      dc303408
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · c4301c32
      Linus Torvalds authored
      Pull s390 updates from Martin Schwidefsky:
       "One patch to enable the BPF system call and three more bug fixes"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390/uprobes: fix kprobes dependency
        s390: wire up bpf syscall
        s390/mm: fixing calls of pte_unmap_unlock
        s390/hmcdrv: Restrict s390 HMC driver to S390 arch
      c4301c32
  3. 20 Oct, 2014 29 commits
  4. 19 Oct, 2014 1 commit
    • Linus Torvalds's avatar
      Merge git://git.infradead.org/users/eparis/audit · ab074ade
      Linus Torvalds authored
      Pull audit updates from Eric Paris:
       "So this change across a whole bunch of arches really solves one basic
        problem.  We want to audit when seccomp is killing a process.  seccomp
        hooks in before the audit syscall entry code.  audit_syscall_entry
        took as an argument the arch of the given syscall.  Since the arch is
        part of what makes a syscall number meaningful it's an important part
        of the record, but it isn't available when seccomp shoots the
        syscall...
      
        For most arch's we have a better way to get the arch (syscall_get_arch)
        So the solution was two fold: Implement syscall_get_arch() everywhere
        there is audit which didn't have it.  Use syscall_get_arch() in the
        seccomp audit code.  Having syscall_get_arch() everywhere meant it was
        a useless flag on the stack and we could get rid of it for the typical
        syscall entry.
      
        The other changes inside the audit system aren't grand, fixed some
        records that had invalid spaces.  Better locking around the task comm
        field.  Removing some dead functions and structs.  Make some things
        static.  Really minor stuff"
      
      * git://git.infradead.org/users/eparis/audit: (31 commits)
        audit: rename audit_log_remove_rule to disambiguate for trees
        audit: cull redundancy in audit_rule_change
        audit: WARN if audit_rule_change called illegally
        audit: put rule existence check in canonical order
        next: openrisc: Fix build
        audit: get comm using lock to avoid race in string printing
        audit: remove open_arg() function that is never used
        audit: correct AUDIT_GET_FEATURE return message type
        audit: set nlmsg_len for multicast messages.
        audit: use union for audit_field values since they are mutually exclusive
        audit: invalid op= values for rules
        audit: use atomic_t to simplify audit_serial()
        kernel/audit.c: use ARRAY_SIZE instead of sizeof/sizeof[0]
        audit: reduce scope of audit_log_fcaps
        audit: reduce scope of audit_net_id
        audit: arm64: Remove the audit arch argument to audit_syscall_entry
        arm64: audit: Add audit hook in syscall_trace_enter/exit()
        audit: x86: drop arch from __audit_syscall_entry() interface
        sparc: implement is_32bit_task
        sparc: properly conditionalize use of TIF_32BIT
        ...
      ab074ade