1. 20 Dec, 2013 2 commits
    • Kees Cook's avatar
      stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG · 8779657d
      Kees Cook authored
      This changes the stack protector config option into a choice of
      "None", "Regular", and "Strong":
      
         CONFIG_CC_STACKPROTECTOR_NONE
         CONFIG_CC_STACKPROTECTOR_REGULAR
         CONFIG_CC_STACKPROTECTOR_STRONG
      
      "Regular" means the old CONFIG_CC_STACKPROTECTOR=y option.
      
      "Strong" is a new mode introduced by this patch. With "Strong" the
      kernel is built with -fstack-protector-strong (available in
      gcc 4.9 and later). This option increases the coverage of the stack
      protector without the heavy performance hit of -fstack-protector-all.
      
      For reference, the stack protector options available in gcc are:
      
      -fstack-protector-all:
        Adds the stack-canary saving prefix and stack-canary checking
        suffix to _all_ function entry and exit. Results in substantial
        use of stack space for saving the canary for deep stack users
        (e.g. historically xfs), and measurable (though shockingly still
        low) performance hit due to all the saving/checking. Really not
        suitable for sane systems, and was entirely removed as an option
        from the kernel many years ago.
      
      -fstack-protector:
        Adds the canary save/check to functions that define an 8
        (--param=ssp-buffer-size=N, N=8 by default) or more byte local
        char array. Traditionally, stack overflows happened with
        string-based manipulations, so this was a way to find those
        functions. Very few total functions actually get the canary; no
        measurable performance or size overhead.
      
      -fstack-protector-strong
        Adds the canary for a wider set of functions, since it's not
        just those with strings that have ultimately been vulnerable to
        stack-busting. With this superset, more functions end up with a
        canary, but it still remains small compared to all functions
        with only a small change in performance. Based on the original
        design document, a function gets the canary when it contains any
        of:
      
          - local variable's address used as part of the right hand side
            of an assignment or function argument
          - local variable is an array (or union containing an array),
            regardless of array type or length
          - uses register local variables
      
        https://docs.google.com/a/google.com/document/d/1xXBH6rRZue4f296vGt9YQcuLVQHeE516stHwt8M9xyU
      
      Find below a comparison of "size" and "objdump" output when built with
      gcc-4.9 in three configurations:
      
        - defconfig
      	11430641 kernel text size
      	36110 function bodies
      
        - defconfig + CONFIG_CC_STACKPROTECTOR_REGULAR
      	11468490 kernel text size (+0.33%)
      	1015 of 36110 functions are stack-protected (2.81%)
      
        - defconfig + CONFIG_CC_STACKPROTECTOR_STRONG via this patch
      	11692790 kernel text size (+2.24%)
      	7401 of 36110 functions are stack-protected (20.5%)
      
      With -strong, ARM's compressed boot code now triggers stack
      protection, so a static guard was added. Since this is only used
      during decompression and was never used before, the exposure
      here is very small. Once it switches to the full kernel, the
      stack guard is back to normal.
      
      Chrome OS has been using -fstack-protector-strong for its kernel
      builds for the last 8 months with no problems.
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Cc: Arjan van de Ven <arjan@linux.intel.com>
      Cc: Michal Marek <mmarek@suse.cz>
      Cc: Russell King <linux@arm.linux.org.uk>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Paul Mundt <lethal@linux-sh.org>
      Cc: James Hogan <james.hogan@imgtec.com>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Cc: Shawn Guo <shawn.guo@linaro.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: linux-arm-kernel@lists.infradead.org
      Cc: linux-mips@linux-mips.org
      Cc: linux-arch@vger.kernel.org
      Link: http://lkml.kernel.org/r/1387481759-14535-3-git-send-email-keescook@chromium.org
      [ Improved the changelog and descriptions some more. ]
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      8779657d
    • Kees Cook's avatar
      stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architectures · 19952a92
      Kees Cook authored
      Instead of duplicating the CC_STACKPROTECTOR Kconfig and
      Makefile logic in each architecture, switch to using
      HAVE_CC_STACKPROTECTOR and keep everything in one place. This
      retains the x86-specific bug verification scripts.
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Cc: Arjan van de Ven <arjan@linux.intel.com>
      Cc: Michal Marek <mmarek@suse.cz>
      Cc: Russell King <linux@arm.linux.org.uk>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Paul Mundt <lethal@linux-sh.org>
      Cc: James Hogan <james.hogan@imgtec.com>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Cc: Shawn Guo <shawn.guo@linaro.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-arm-kernel@lists.infradead.org
      Cc: linux-mips@linux-mips.org
      Cc: linux-arch@vger.kernel.org
      Link: http://lkml.kernel.org/r/1387481759-14535-2-git-send-email-keescook@chromium.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      19952a92
  2. 17 Dec, 2013 8 commits
  3. 16 Dec, 2013 1 commit
  4. 15 Dec, 2013 10 commits
    • Linus Torvalds's avatar
      Linux 3.13-rc4 · 319e2e3f
      Linus Torvalds authored
      319e2e3f
    • Matias Bjorling's avatar
      null_blk: mem garbage on NUMA systems during init · 57053d8c
      Matias Bjorling authored
      For NUMA systems, initializing the blk-mq layer and using per node hctx.
      We initialize submit queues to 1, while blk-mq nr_hw_queues is
      initialized to the number of NUMA nodes.
      
      This makes the null_init_hctx function overwrite memory outside of what
      it allocated.  In my case it lead to writing garbage into struct
      request_queue's mq_map.
      Signed-off-by: default avatarMatias Bjorling <m@bjorling.me>
      Cc: Jens Axboe <axboe@kernel.dk>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      57053d8c
    • Sergey Senozhatsky's avatar
      radeon_pm: fix oops in hwmon_attributes_visible() and radeon_hwmon_show_temp_thresh() · e4158f1b
      Sergey Senozhatsky authored
      Since commit ec39f64b ("drm/radeon/dpm: Convert to use
      devm_hwmon_register_with_groups") radeon_hwmon_init() is using
      hwmon_device_register_with_groups(), which sets `rdev' as a device
      private driver_data, while hwmon_attributes_visible() and
      radeon_hwmon_show_temp_thresh() are still waiting for `drm_device'.
      
      Fix them by using dev_get_drvdata(), in order to avoid this oops:
      
        BUG: unable to handle kernel paging request at 0000000000001e28
        IP: [<ffffffffa02ae8b4>] hwmon_attributes_visible+0x18/0x3d [radeon]
        PGD 15057e067 PUD 151a8e067 PMD 0
        Oops: 0000 [#1] PREEMPT SMP
        Call Trace:
          internal_create_group+0x114/0x1d9
          sysfs_create_group+0xe/0x10
          sysfs_create_groups+0x22/0x5f
          device_add+0x34f/0x501
          device_register+0x15/0x18
          hwmon_device_register_with_groups+0xb5/0xed
          radeon_hwmon_init+0x56/0x7c [radeon]
          radeon_pm_init+0x134/0x7e5 [radeon]
          radeon_modeset_init+0x75f/0x8ed [radeon]
          radeon_driver_load_kms+0xc6/0x187 [radeon]
          drm_dev_register+0xf9/0x1b4 [drm]
          drm_get_pci_dev+0x98/0x129 [drm]
          radeon_pci_probe+0xa3/0xac [radeon]
          pci_device_probe+0x6e/0xcf
          driver_probe_device+0x98/0x1c4
          __driver_attach+0x5c/0x7e
          bus_for_each_dev+0x7b/0x85
          driver_attach+0x19/0x1b
          bus_add_driver+0x104/0x1ce
          driver_register+0x89/0xc5
          __pci_register_driver+0x58/0x5b
          drm_pci_init+0x86/0xea [drm]
          radeon_init+0x97/0x1000 [radeon]
          do_one_initcall+0x7f/0x117
          load_module+0x1583/0x1bb4
          SyS_init_module+0xa0/0xaf
      Signed-off-by: default avatarSergey Senozhatsky <sergey.senozhatsky@gmail.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Alexander Deucher <Alexander.Deucher@amd.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      e4158f1b
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 4a251dd2
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Revert CHECKSUM_COMPLETE optimization in pskb_trim_rcsum(), I can't
          figure out why it breaks things.
      
       2) Fix comparison in netfilter ipset's hash_netnet4_data_equal(), it
          was basically doing "x == x", from Dave Jones.
      
       3) Freescale FEC driver was DMA mapping the wrong number of bytes, from
          Sebastian Siewior.
      
       4) Blackhole and prohibit routes in ipv6 were not doing the right thing
          because their ->input and ->output methods were not being assigned
          correctly.  Now they behave properly like their ipv4 counterparts.
          From Kamala R.
      
       5) Several drivers advertise the NETIF_F_FRAGLIST capability, but
          really do not support this feature and will send garbage packets if
          fed fraglist SKBs.  From Eric Dumazet.
      
       6) Fix long standing user triggerable BUG_ON over loopback in RDS
          protocol stack, from Venkat Venkatsubra.
      
       7) Several not so common code paths can potentially try to invoke
          packet scheduler actions that might be NULL without checking.  Shore
          things up by either 1) defining a method as mandatory and erroring
          on registration if that method is NULL 2) defininig a method as
          optional and the registration function hooks up a default
          implementation when NULL is seen.  From Jamal Hadi Salim.
      
       8) Fix fragment detection in xen-natback driver, from Paul Durrant.
      
       9) Kill dangling enter_memory_pressure method in cg_proto ops, from
          Eric W Biederman.
      
      10) SKBs that traverse namespaces should have their local_df cleared,
          from Hannes Frederic Sowa.
      
      11) IOCB file position is not being updated by macvtap_aio_read() and
          tun_chr_aio_read().  From Zhi Yong Wu.
      
      12) Don't free virtio_net netdev before releasing all of the NAPI
          instances.  From Andrey Vagin.
      
      13) Procfs entry leak in xt_hashlimit, from Sergey Popovich.
      
      14) IPv6 routes that are no cached routes should not count against the
          garbage collection limits.  We had this almost right, but were
          missing handling addrconf generated routes properly.  From Hannes
          Frederic Sowa.
      
      15) fib{4,6}_rule_suppress() have to consider potentially seeing NULL
          route info when they are called, from Stefan Tomanek.
      
      16) TUN and MACVTAP have had truncated packet signalling for some time,
          fix from Jason Wang.
      
      17) Fix use after frrr in __udp4_lib_rcv(), from Eric Dumazet.
      
      18) xen-netback does not interpret the NAPI budget properly for TX work,
          fix from Paul Durrant.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (132 commits)
        igb: Fix for issue where values could be too high for udelay function.
        i40e: fix null dereference
        xen-netback: fix gso_prefix check
        net: make neigh_priv_len in struct net_device 16bit instead of 8bit
        drivers: net: cpsw: fix for cpsw crash when build as modules
        xen-netback: napi: don't prematurely request a tx event
        xen-netback: napi: fix abuse of budget
        sch_tbf: use do_div() for 64-bit divide
        udp: ipv4: must add synchronization in udp_sk_rx_dst_set()
        net:fec: remove duplicate lines in comment about errata ERR006358
        Revert "8390 : Replace ei_debug with msg_enable/NETIF_MSG_* feature"
        8390 : Replace ei_debug with msg_enable/NETIF_MSG_* feature
        xen-netback: make sure skb linear area covers checksum field
        net: smc91x: Fix device tree based configuration so it's usable
        udp: ipv4: fix potential use after free in udp_v4_early_demux()
        macvtap: signal truncated packets
        tun: unbreak truncated packet signalling
        net: sched: htb: fix the calculation of quantum
        net: sched: tbf: fix the calculation of max_size
        micrel: add support for KSZ8041RNLI
        ...
      4a251dd2
    • Linus Torvalds's avatar
      Merge branch 'x86/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 908bfda7
      Linus Torvalds authored
      Pull x86 fixes from Peter Anvin:
       "This is a pretty small batch:
      
        The biggest single change is to stop using EFI time services on 32-bit
        platforms.  This matches our current behavior on 64-bit platforms as
        we already had ruled them out there as being too unreliable.  Turns
        out that affects 32-bit platforms, too.
      
        One NULL pointer fix for SGI UV.
      
        Two minor build fixes, one of which only affects icc and the other
        which affects icc and future versions or nonstandard default settings
        of gcc"
      
      * 'x86/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86, efi: Don't use (U)EFI time services on 32 bit
        x86, build, icc: Remove uninitialized_var() from compiler-intel.h
        x86/UV: Fix NULL pointer dereference in uv_flush_tlb_others() if the 'nobau' boot option is used
        x86, build: Pass in additional -mno-mmx, -mno-sse options
      908bfda7
    • Linus Torvalds's avatar
      Merge tag 'pci-v3.13-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · 9199c4ca
      Linus Torvalds authored
      Pull PCI updates from Bjorn Helgaas:
       "PCI device hotplug
          - Move device_del() from pci_stop_dev() to pci_destroy_dev() (Rafael
            Wysocki)
      
        Host bridge drivers
          - Update maintainers for DesignWare, i.MX6, Armada, R-Car (Bjorn
            Helgaas)
          - mvebu: Return 'unsupported' for Interrupt Line and Interrupt Pin
            (Jason Gunthorpe)
      
        Miscellaneous
          - Avoid unnecessary CPU switch when calling .probe() (Alexander
            Duyck)
          - Revert "workqueue: allow work_on_cpu() to be called recursively"
            (Bjorn Helgaas)
          - Disable Bus Master only on kexec reboot (Khalid Aziz)
          - Omit PCI ID macro strings to shorten quirk names for LTO (Michal
            Marek)"
      
      * tag 'pci-v3.13-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        MAINTAINERS: Add DesignWare, i.MX6, Armada, R-Car PCI host maintainers
        PCI: Disable Bus Master only on kexec reboot
        PCI: mvebu: Return 'unsupported' for Interrupt Line and Interrupt Pin
        PCI: Omit PCI ID macro strings to shorten quirk names
        PCI: Move device_del() from pci_stop_dev() to pci_destroy_dev()
        Revert "workqueue: allow work_on_cpu() to be called recursively"
        PCI: Avoid unnecessary CPU switch when calling driver .probe() method
      9199c4ca
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · b5745c59
      Linus Torvalds authored
      Pull SELinux fixes from James Morris.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()
        selinux: look for IPsec labels on both inbound and outbound packets
        selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()
        selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()
        selinux: fix possible memory leak
      b5745c59
    • Linus Torvalds's avatar
      Revert "selinux: consider filesystem subtype in policies" · 29b1deb2
      Linus Torvalds authored
      This reverts commit 102aefdd.
      
      Tom London reports that it causes sync() to hang on Fedora rawhide:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=1033965
      
      and Josh Boyer bisected it down to this commit.  Reverting the commit in
      the rawhide kernel fixes the problem.
      
      Eric Paris root-caused it to incorrect subtype matching in that commit
      breaking fuse, and has a tentative patch, but by now we're better off
      retrying this in 3.14 rather than playing with it any more.
      Reported-by: default avatarTom London <selinux@gmail.com>
      Bisected-by: default avatarJosh Boyer <jwboyer@fedoraproject.org>
      Acked-by: default avatarEric Paris <eparis@redhat.com>
      Cc: James Morris <jmorris@namei.org>
      Cc: Anand Avati <avati@redhat.com>
      Cc: Paul Moore <paul@paul-moore.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      29b1deb2
    • Carolyn Wyborny's avatar
      igb: Fix for issue where values could be too high for udelay function. · df29df92
      Carolyn Wyborny authored
      This patch changes the igb_phy_has_link function to check the value of the
      parameter before deciding to use udelay or mdelay in order to be sure that
      the value is not too high for udelay function.
      
      CC: stable kernel <stable@vger.kernel.org> # 3.9+
      Signed-off-by: default avatarSunil K Pandey <sunil.k.pandey@intel.com>
      Signed-off-by: default avatarKevin B Smith <kevin.b.smith@intel.com>
      Signed-off-by: default avatarCarolyn Wyborny <carolyn.wyborny@intel.com>
      Tested-by: default avatarAaron Brown <aaron.f.brown@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      df29df92
    • Jesse Brandeburg's avatar
      i40e: fix null dereference · 3c325ced
      Jesse Brandeburg authored
      If the vsi->tx_rings structure is NULL we don't want to panic.
      
      Change-Id: Ic694f043701738c434e8ebe0caf0673f4410dc10
      Signed-off-by: default avatarJesse Brandeburg <jesse.brandeburg@intel.com>
      Tested-by: default avatarKavindya Deegala <kavindya.s.deegala@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3c325ced
  5. 14 Dec, 2013 3 commits
  6. 13 Dec, 2013 16 commits