1. 08 Oct, 2017 1 commit
  2. 07 Oct, 2017 3 commits
    • Alexei Starovoitov's avatar
      bpf: fix liveness marking · 8fe2d6cc
      Alexei Starovoitov authored
      while processing Rx = Ry instruction the verifier does
      regs[insn->dst_reg] = regs[insn->src_reg]
      which often clears write mark (when Ry doesn't have it)
      that was just set by check_reg_arg(Rx) prior to the assignment.
      That causes mark_reg_read() to keep marking Rx in this block as
      REG_LIVE_READ (since the logic incorrectly misses that it's
      screened by the write) and in many of its parents (until lucky
      write into the same Rx or beginning of the program).
      That causes is_state_visited() logic to miss many pruning opportunities.
      
      Furthermore mark_reg_read() logic propagates the read mark
      for BPF_REG_FP as well (though it's readonly) which causes
      harmless but unnecssary work during is_state_visited().
      Note that do_propagate_liveness() skips FP correctly,
      so do the same in mark_reg_read() as well.
      It saves 0.2 seconds for the test below
      
      program               before  after
      bpf_lb-DLB_L3.o       2604    2304
      bpf_lb-DLB_L4.o       11159   3723
      bpf_lb-DUNKNOWN.o     1116    1110
      bpf_lxc-DDROP_ALL.o   34566   28004
      bpf_lxc-DUNKNOWN.o    53267   39026
      bpf_netdev.o          17843   16943
      bpf_overlay.o         8672    7929
      time                  ~11 sec  ~4 sec
      
      Fixes: dc503a8a ("bpf/verifier: track liveness for pruning")
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Acked-by: default avatarEdward Cree <ecree@solarflare.com>
      Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8fe2d6cc
    • Axel Beckert's avatar
      doc: Fix typo "8023.ad" in bonding documentation · 00a534e5
      Axel Beckert authored
      Should be "802.3ad" like everywhere else in the document.
      Signed-off-by: default avatarAxel Beckert <abe@deuxchevaux.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      00a534e5
    • Matteo Croce's avatar
      ipv6: fix net.ipv6.conf.all.accept_dad behaviour for real · a2d3f3e3
      Matteo Croce authored
      Commit 35e015e1 ("ipv6: fix net.ipv6.conf.all interface DAD handlers")
      was intended to affect accept_dad flag handling in such a way that
      DAD operation and mode on a given interface would be selected
      according to the maximum value of conf/{all,interface}/accept_dad.
      
      However, addrconf_dad_begin() checks for particular cases in which we
      need to skip DAD, and this check was modified in the wrong way.
      
      Namely, it was modified so that, if the accept_dad flag is 0 for the
      given interface *or* for all interfaces, DAD would be skipped.
      
      We have instead to skip DAD if accept_dad is 0 for the given interface
      *and* for all interfaces.
      
      Fixes: 35e015e1 ("ipv6: fix net.ipv6.conf.all interface DAD handlers")
      Acked-by: default avatarStefano Brivio <sbrivio@redhat.com>
      Signed-off-by: default avatarMatteo Croce <mcroce@redhat.com>
      Reported-by: default avatarErik Kline <ek@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a2d3f3e3
  3. 06 Oct, 2017 2 commits
    • Guillaume Nault's avatar
      ppp: fix race in ppp device destruction · 6151b8b3
      Guillaume Nault authored
      ppp_release() tries to ensure that netdevices are unregistered before
      decrementing the unit refcount and running ppp_destroy_interface().
      
      This is all fine as long as the the device is unregistered by
      ppp_release(): the unregister_netdevice() call, followed by
      rtnl_unlock(), guarantee that the unregistration process completes
      before rtnl_unlock() returns.
      
      However, the device may be unregistered by other means (like
      ppp_nl_dellink()). If this happens right before ppp_release() calling
      rtnl_lock(), then ppp_release() has to wait for the concurrent
      unregistration code to release the lock.
      But rtnl_unlock() releases the lock before completing the device
      unregistration process. This allows ppp_release() to proceed and
      eventually call ppp_destroy_interface() before the unregistration
      process completes. Calling free_netdev() on this partially unregistered
      device will BUG():
      
       ------------[ cut here ]------------
       kernel BUG at net/core/dev.c:8141!
       invalid opcode: 0000 [#1] SMP
      
       CPU: 1 PID: 1557 Comm: pppd Not tainted 4.14.0-rc2+ #4
       Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1.fc26 04/01/2014
      
       Call Trace:
        ppp_destroy_interface+0xd8/0xe0 [ppp_generic]
        ppp_disconnect_channel+0xda/0x110 [ppp_generic]
        ppp_unregister_channel+0x5e/0x110 [ppp_generic]
        pppox_unbind_sock+0x23/0x30 [pppox]
        pppoe_connect+0x130/0x440 [pppoe]
        SYSC_connect+0x98/0x110
        ? do_fcntl+0x2c0/0x5d0
        SyS_connect+0xe/0x10
        entry_SYSCALL_64_fastpath+0x1a/0xa5
      
       RIP: free_netdev+0x107/0x110 RSP: ffffc28a40573d88
       ---[ end trace ed294ff0cc40eeff ]---
      
      We could set the ->needs_free_netdev flag on PPP devices and move the
      ppp_destroy_interface() logic in the ->priv_destructor() callback. But
      that'd be quite intrusive as we'd first need to unlink from the other
      channels and units that depend on the device (the ones that used the
      PPPIOCCONNECT and PPPIOCATTACH ioctls).
      
      Instead, we can just let the netdevice hold a reference on its
      ppp_file. This reference is dropped in ->priv_destructor(), at the very
      end of the unregistration process, so that neither ppp_release() nor
      ppp_disconnect_channel() can call ppp_destroy_interface() in the interim.
      Reported-by: default avatarBeniamino Galvani <bgalvani@redhat.com>
      Fixes: 8cb775bc ("ppp: fix device unregistration upon netns deletion")
      Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6151b8b3
    • Dan Carpenter's avatar
      selftests/net: rxtimestamp: Fix an off by one · 1561b326
      Dan Carpenter authored
      The > should be >= so that we don't write one element beyond the end of
      the array.
      
      Fixes: 16e78122 ("selftests/net: Add a test to validate behavior of rx timestamps")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1561b326
  4. 05 Oct, 2017 10 commits
    • Linus Torvalds's avatar
      Merge tag 'pm-4.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 7a92616c
      Linus Torvalds authored
      Pull power management fix from Rafael Wysocki:
       "This fixes a code ordering issue in the main suspend-to-idle loop that
        causes some "low power S0 idle" conditions to be incorrectly reported
        as unmet with suspend/resume debug messages enabled"
      
      * tag 'pm-4.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        PM / s2idle: Invoke the ->wake() platform callback earlier
      7a92616c
    • Rafael J. Wysocki's avatar
      Merge branch 'pm-sleep' · ca935f8e
      Rafael J. Wysocki authored
      * pm-sleep:
        PM / s2idle: Invoke the ->wake() platform callback earlier
      ca935f8e
    • Linus Torvalds's avatar
      Merge tag 'for-4.14/dm-fixes' of... · 076264ad
      Linus Torvalds authored
      Merge tag 'for-4.14/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fixes from Mike Snitzer:
      
       - a stable fix for the alignment of the event number reported at the
         end of the 'DM_LIST_DEVICES' ioctl.
      
       - a couple stable fixes for the DM crypt target.
      
       - a DM raid health status reporting fix.
      
      * tag 'for-4.14/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm raid: fix incorrect status output at the end of a "recover" process
        dm crypt: reject sector_size feature if device length is not aligned to it
        dm crypt: fix memory leak in crypt_ctr_cipher_old()
        dm ioctl: fix alignment of event number in the device list
      076264ad
    • Jonathan Brassow's avatar
      dm raid: fix incorrect status output at the end of a "recover" process · 41dcf197
      Jonathan Brassow authored
      There are three important fields that indicate the overall health and
      status of an array: dev_health, sync_ratio, and sync_action.  They tell
      us the condition of the devices in the array, and the degree to which
      the array is synchronized.
      
      This commit fixes a condition that is reported incorrectly.  When a member
      of the array is being rebuilt or a new device is added, the "recover"
      process is used to synchronize it with the rest of the array.  When the
      process is complete, but the sync thread hasn't yet been reaped, it is
      possible for the state of MD to be:
       mddev->recovery = [ MD_RECOVERY_RUNNING MD_RECOVERY_RECOVER MD_RECOVERY_DONE ]
       curr_resync_completed = <max dev size> (but not MaxSector)
       and all rdevs to be In_sync.
      This causes the 'array_in_sync' output parameter that is passed to
      rs_get_progress() to be computed incorrectly and reported as 'false' --
      or not in-sync.  This in turn causes the dev_health status characters to
      be reported as all 'a', rather than the proper 'A'.
      
      This can cause erroneous output for several seconds at a time when tools
      will want to be checking the condition due to events that are raised at
      the end of a sync process.  Fix this by properly calculating the
      'array_in_sync' return parameter in rs_get_progress().
      
      Also, remove an unnecessary intermediate 'recovery_cp' variable in
      rs_get_progress().
      Signed-off-by: default avatarJonathan Brassow <jbrassow@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      41dcf197
    • Linus Torvalds's avatar
      Merge tag 'sound-4.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 0f380715
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "A collection of small fixes, mostly with stable ones:
      
       - X32 ABI fix for PCM; likely not so many people suffer from it, but
         still better to fix
      
       - Two minor kernel warning fixes on USB audio devices spotted by
         syzkaller
      
       - Regression fix of echoaudio due to its inconsistent dimension
      
       - Fix for HBR support on Intel DP audio, on some recent chips
      
       - USB-audio quirk for yet another Plantronics devices
      
       - Fix for potential double-fetch in ASIHPI FIFO queue"
      
      * tag 'sound-4.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: usx2y: Suppress kernel warning at page allocation failures
        Revert "ALSA: echoaudio: purge contradictions between dimension matrix members and total number of members"
        ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
        ALSA: pcm: Fix structure definition for X32 ABI
        ALSA: usb-audio: Add sample rate quirk for Plantronics C310/C520-M
        ALSA: hda - program ICT bits to support HBR audio
        ALSA: asihpi: fix a potential double-fetch bug when copying puhm
        ALSA: compress: Remove unused variable
      0f380715
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid · 77ede3a0
      Linus Torvalds authored
      Pull HID subsystem fixes from Jiri Kosina:
      
       - buffer management size fix for i2c-hid driver, from Adrian Salido
      
       - tool ID regression fixes for Wacom driver from Jason Gerecke
      
       - a few small assorted fixes and a few device ID additions
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
        Revert "HID: multitouch: Support ALPS PTP stick with pid 0x120A"
        HID: hidraw: fix power sequence when closing device
        HID: wacom: Always increment hdev refcount within wacom_get_hdev_data
        HID: wacom: generic: Clear ABS_MISC when tool leaves proximity
        HID: wacom: generic: Send MSC_SERIAL and ABS_MISC when leaving prox
        HID: i2c-hid: allocate hid buffers for real worst case
        HID: rmi: Make sure the HID device is opened on resume
        HID: multitouch: Support ALPS PTP stick with pid 0x120A
        HID: multitouch: support buttons and trackpoint on Lenovo X1 Tab Gen2
        HID: wacom: Correct coordinate system of touchring and pen twist
        HID: wacom: Properly report negative values from Intuos Pro 2 Bluetooth
        HID: multitouch: Fix system-control buttons not working
        HID: add multi-input quirk for IDC6680 touchscreen
        HID: wacom: leds: Don't try to control the EKR's read-only LEDs
        HID: wacom: bits shifted too much for 9th and 10th buttons
      77ede3a0
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 9a431ef9
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Check iwlwifi 9000 reorder buffer out-of-space condition properly,
          from Sara Sharon.
      
       2) Fix RCU splat in qualcomm rmnet driver, from Subash Abhinov
          Kasiviswanathan.
      
       3) Fix session and tunnel release races in l2tp, from Guillaume Nault
          and Sabrina Dubroca.
      
       4) Fix endian bug in sctp_diag_dump(), from Dan Carpenter.
      
       5) Several mlx5 driver fixes from the Mellanox folks (max flow counters
          cap check, invalid memory access in IPoIB support, etc.)
      
       6) tun_get_user() should bail if skb->len is zero, from Alexander
          Potapenko.
      
       7) Fix RCU lookups in inetpeer, from Eric Dumazet.
      
       8) Fix locking in packet_do_bund().
      
       9) Handle cb->start() error properly in netlink dump code, from Jason
          A. Donenfeld.
      
      10) Handle multicast properly in UDP socket early demux code. From Paolo
          Abeni.
      
      11) Several erspan bug fixes in ip_gre, from Xin Long.
      
      12) Fix use-after-free in socket filter code, in order to handle the
          fact that listener lock is no longer taken during the three-way TCP
          handshake. From Eric Dumazet.
      
      13) Fix infoleak in RTM_GETSTATS, from Nikolay Aleksandrov.
      
      14) Fix tail call generation in x86-64 BPF JIT, from Alexei Starovoitov.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (77 commits)
        net: 8021q: skip packets if the vlan is down
        bpf: fix bpf_tail_call() x64 JIT
        net: stmmac: dwmac-rk: Add RK3128 GMAC support
        rndis_host: support Novatel Verizon USB730L
        net: rtnetlink: fix info leak in RTM_GETSTATS call
        socket, bpf: fix possible use after free
        mlxsw: spectrum_router: Track RIF of IPIP next hops
        mlxsw: spectrum_router: Move VRF refcounting
        net: hns3: Fix an error handling path in 'hclge_rss_init_hw()'
        net: mvpp2: Fix clock resource by adding an optional bus clock
        r8152: add Linksys USB3GIGV1 id
        l2tp: fix l2tp_eth module loading
        ip_gre: erspan device should keep dst
        ip_gre: set tunnel hlen properly in erspan_tunnel_init
        ip_gre: check packet length and mtu correctly in erspan_xmit
        ip_gre: get key from session_id correctly in erspan_rcv
        tipc: use only positive error codes in messages
        ppp: fix __percpu annotation
        udp: perform source validation for mcast early demux
        IPv4: early demux can return an error code
        ...
      9a431ef9
    • Vishakha Narvekar's avatar
      net: 8021q: skip packets if the vlan is down · e769fcec
      Vishakha Narvekar authored
      If the vlan is down, free the packet instead of proceeding with other
      processing, or counting it as received.  If vlan interfaces are used
      as slaves for bonding, with arp monitoring for connectivity, if the rx
      counter is seen to be incrementing, then the bond device will not
      observe that the interface is down.
      
      CC: David S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarVishakha Narvekar <Vishakha.Narvekar@dell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e769fcec
    • Linus Torvalds's avatar
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 42b76d0e
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "Our first batch of fixes this release cycle, unfortunately a bit
        noisier than usual. Two major groups stand out:
      
         - Some pinctril dts/dtsi changes for stm32 due to a new driver being
           merged during the merge window, and this aligns the DT contents
           between the old format and the new. This could arguably be moved to
           the next merge window but it also seemed relatively harmless to
           include now.
      
         - Amlogic/meson had driver changes merged that required devicetree
           changes to avoid functional/performance regressions. I've already
           asked them to be more careful about this going forward, and making
           sure drivers are compatible with older DTs when they make these
           kind of changes. The platform is actively being upstreamed so
           there's a few things in flight, we've seen this happen before and
           sometimes it's hard to catch in time.
      
        Besides that there is the usual mix of minor fixes"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (33 commits)
        ARM: dts: stm32: use right pinctrl compatible for stm32f469
        ARM: dts: stm32: Fix STMPE1600 binding on stm32429i-eval board
        ARM: defconfig: update Gemini defconfig
        ARM: defconfig: FRAMEBUFFER_CONSOLE can no longer be =m
        arm64: dts: rockchip: add the grf clk for dw-mipi-dsi on rk3399
        reset: Restrict RESET_HSDK to ARC_SOC_HSDK or COMPILE_TEST
        ARM: dts: da850-evm: add serial and ethernet aliases
        ARM: dts: am43xx-epos-evm: Remove extra CPSW EMAC entry
        ARM: dts: am33xx: Add spi alias to match SOC schematics
        ARM: OMAP2+: hsmmc: fix logic to call either omap_hsmmc_init or omap_hsmmc_late_init but not both
        ARM: dts: dra7: Set a default parent to mcasp3_ahclkx_mux
        ARM: OMAP2+: dra7xx: Set OPT_CLKS_IN_RESET flag for gpio1
        ARM: dts: nokia n900: drop unneeded/undocumented parts of the dts
        arm64: dts: rockchip: Correct MIPI DPHY PLL clock on rk3399
        arm64: dt marvell: Fix AP806 system controller size
        MAINTAINERS: add Macchiatobin maintainers entry
        ARC: reset: remove the misleading v1 suffix all over
        ARC: reset: add missing DT binding documentation for HSDKv1 reset driver
        ARC: reset: Only build on archs that have IOMEM
        ARM: at91: Replace uses of virt_to_phys with __pa_symbol
        ...
      42b76d0e
    • James Hogan's avatar
      Update James Hogan's email address · e0a86312
      James Hogan authored
      Update my imgtec.com and personal email address to my kernel.org one in
      a few places as MIPS will soon no longer be part of Imagination
      Technologies, and add mappings in .mailcap so get_maintainer.pl reports
      the right address.
      Signed-off-by: default avatarJames Hogan <jhogan@kernel.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      e0a86312
  5. 04 Oct, 2017 24 commits
    • Olof Johansson's avatar
      Merge tag 'stm32-dt-fixes-for-v4.14' of... · 08f8c880
      Olof Johansson authored
      Merge tag 'stm32-dt-fixes-for-v4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/atorgue/stm32 into fixes
      
      STM32 fixes for v4.14:
      ---------------------
      
      -Fix STMPE1600 bindings for stm32429i-eval board
      -Use right compatible for stm32f469 pinctrl. It implies to use
      pinctrl dedicated files for F4 SoCs.
      
      * tag 'stm32-dt-fixes-for-v4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/atorgue/stm32:
        ARM: dts: stm32: use right pinctrl compatible for stm32f469
        ARM: dts: stm32: Fix STMPE1600 binding on stm32429i-eval board
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      08f8c880
    • Olof Johansson's avatar
      Merge tag 'amlogic-dt64-3' of... · eab5c002
      Olof Johansson authored
      Merge tag 'amlogic-dt64-3' of git://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-amlogic into fixes
      
      Amlogic 64-bit DT updates for v4.14 (round 3)
      - updates for new MMC driver features/fixes
      - support high-speed modes
      
      * tag 'amlogic-dt64-3' of git://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-amlogic:
        ARM64: dts: meson-gxbb: nanopi-k2: enable sdr104 mode
        ARM64: dts: meson-gxbb: nanopi-k2: enable sdcard UHS modes
        ARM64: dts: meson-gxbb: p20x: enable sdcard UHS modes
        ARM64: dts: meson-gxl: libretech-cc: enable high speed modes
        ARM64: dts: meson-gxl: libretech-cc: add card regulator settle times
        ARM64: dts: meson-gxbb: nanopi-k2: add card regulator settle times
        ARM64: dts: meson: add mmc clk gate pins
        ARM64: dts: meson: remove cap-sd-highspeed from emmc nodes
        ARM64: dts: meson-gx: Use correct mmc clock source 0
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      eab5c002
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · b7e14164
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "A lot of stuff, sorry about that. A week on a beach, then a bunch of
        time catching up then more time letting it bake in -next. Shan't do
        that again!"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (51 commits)
        include/linux/fs.h: fix comment about struct address_space
        checkpatch: fix ignoring cover-letter logic
        m32r: fix build failure
        lib/ratelimit.c: use deferred printk() version
        kernel/params.c: improve STANDARD_PARAM_DEF readability
        kernel/params.c: fix an overflow in param_attr_show
        kernel/params.c: fix the maximum length in param_get_string
        mm/memory_hotplug: define find_{smallest|biggest}_section_pfn as unsigned long
        mm/memory_hotplug: change pfn_to_section_nr/section_nr_to_pfn macro to inline function
        kernel/kcmp.c: drop branch leftover typo
        memremap: add scheduling point to devm_memremap_pages
        mm, page_alloc: add scheduling point to memmap_init_zone
        mm, memory_hotplug: add scheduling point to __add_pages
        lib/idr.c: fix comment for idr_replace()
        mm: memcontrol: use vmalloc fallback for large kmem memcg arrays
        kernel/sysctl.c: remove duplicate UINT_MAX check on do_proc_douintvec_conv()
        include/linux/bitfield.h: remove 32bit from FIELD_GET comment block
        lib/lz4: make arrays static const, reduces object code size
        exec: binfmt_misc: kill the onstack iname[BINPRM_BUF_SIZE] array
        exec: binfmt_misc: fix race between load_misc_binary() and kill_node()
        ...
      b7e14164
    • Linus Torvalds's avatar
      Merge branch 'fixes-v4.14-rc4' of... · 6c795b30
      Linus Torvalds authored
      Merge branch 'fixes-v4.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
      
      Pull smack fix from James Morris:
       "It fixes a bug in xattr_getsecurity() where security_release_secctx()
        was being called instead of kfree(), which leads to a memory leak in
        the capabilities code. smack_inode_getsecurity is also fixed to behave
        correctly when called from there"
      
      * 'fixes-v4.14-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        lsm: fix smack_inode_removexattr and xattr_getsecurity memleak
      6c795b30
    • Linus Torvalds's avatar
      Merge tag 'trace-v4.14-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 013a8ee6
      Linus Torvalds authored
      Pull tracing fixlets from Steven Rostedt:
       "Two updates:
      
         - A memory fix with left over code from spliting out ftrace_ops and
           function graph tracer, where the function graph tracer could reset
           the trampoline pointer, leaving the old trampoline not to be freed
           (memory leak).
      
         - The update to Paul's patch that added the unnecessary READ_ONCE().
           This removes the unnecessary READ_ONCE() instead of having to
           rebase the branch to update the patch that added it"
      
      * tag 'trace-v4.14-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        rcu: Remove extraneous READ_ONCE()s from rcu_irq_{enter,exit}()
        ftrace: Fix kmemleak in unregister_ftrace_graph
      013a8ee6
    • Milan Broz's avatar
      dm crypt: reject sector_size feature if device length is not aligned to it · 783874b0
      Milan Broz authored
      If a crypt mapping uses optional sector_size feature, additional
      restrictions to mapped device segment size must be applied in
      constructor, otherwise the device activation will fail later.
      
      Fixes: 8f0009a2 ("dm crypt: optionally support larger encryption sector size")
      Cc: stable@vger.kernel.org # 4.12+
      Signed-off-by: default avatarMilan Broz <gmazyland@gmail.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      783874b0
    • Alexandre Torgue's avatar
      ARM: dts: stm32: use right pinctrl compatible for stm32f469 · 2aaae13a
      Alexandre Torgue authored
      Currently, same stm32f429-pinctrl driver is used for stm32f429 and
      stm32f469. As pin map is different between those 2 MCUs,
      a stm32f469-pinctrl driver has been recently added.
      This patch
       -allows to use stm32f469-pinctrl driver for stm32f469 boards
       -reworks stm32 devicetree files to fit with stm32f429 / stm32f469
      
      In the same time it fixes an issue when only MACH_STM32F469 flag is
      selected in menuconfig.
      
      Fixes: d28bcd53 ("ARM: stm32: Introduce MACH_STM32F469 flag")
      Reported-by: default avatarNicolas Pitre <nicolas.pitre@linaro.org>
      Signed-off-by: default avatarAlexandre Torgue <alexandre.torgue@st.com>
      2aaae13a
    • Alexandre Torgue's avatar
      ARM: dts: stm32: Fix STMPE1600 binding on stm32429i-eval board · 4edd8121
      Alexandre Torgue authored
      To declare gpio interrupt line for STMPE1600, 2 possibilities are offered:
      -use gpio binding (and then the gpiolib interface inside driver)
      -use interrupt binding as each gpio-controller are also interrupt controller
       on stm32f429.
      
      In STMPE 1600 node both (gpio and interrupt) bindings are defined.
      This patch fixes this issue and use only interrupt binding.
      
      Fixes: c04b2e72 ("ARM: dts: stm32: Enable STMPE1600 gpio expander of STM32F429-EVAL board")
      Signed-off-by: default avatarAlexandre Torgue <alexandre.torgue@st.com>
      4edd8121
    • Casey Schaufler's avatar
      lsm: fix smack_inode_removexattr and xattr_getsecurity memleak · 57e7ba04
      Casey Schaufler authored
      security_inode_getsecurity() provides the text string value
      of a security attribute. It does not provide a "secctx".
      The code in xattr_getsecurity() that calls security_inode_getsecurity()
      and then calls security_release_secctx() happened to work because
      SElinux and Smack treat the attribute and the secctx the same way.
      It fails for cap_inode_getsecurity(), because that module has no
      secctx that ever needs releasing. It turns out that Smack is the
      one that's doing things wrong by not allocating memory when instructed
      to do so by the "alloc" parameter.
      
      The fix is simple enough. Change the security_release_secctx() to
      kfree() because it isn't a secctx being returned by
      security_inode_getsecurity(). Change Smack to allocate the string when
      told to do so.
      
      Note: this also fixes memory leaks for LSMs which implement
      inode_getsecurity but not release_secctx, such as capabilities.
      Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      Reported-by: default avatarKonstantin Khlebnikov <khlebnikov@yandex-team.ru>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
      57e7ba04
    • Olof Johansson's avatar
      Merge tag 'omap-for-v4.14/fixes-rc3' of... · 7ea696af
      Olof Johansson authored
      Merge tag 'omap-for-v4.14/fixes-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes
      
      Fixes for omaps for v4.14-rc cycle
      
      Few minor fixes for omaps, mostly just boot time warning fixes:
      
      - Drop undocumented camera binding that got merged during the merge window by
        accident as I applied before Sakari's comments
      
      - Fix soft reset warning for dra7 kexec boot for gpio1 as the optional clocks
        need to be enabled for reset
      
      - Fix dra7 kexec boot clock rate for McASP as the rate is no longer the default
        rate after kexec
      
      - Fix omap3 pandora MMC warning during boot
      
      - Add am33xx SPI alias like we have on other SoCs
      
      - Remove node for non-existing CPSW EMAC Ethernet on am43xx-epos-evm
      
      * tag 'omap-for-v4.14/fixes-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
        ARM: dts: am43xx-epos-evm: Remove extra CPSW EMAC entry
        ARM: dts: am33xx: Add spi alias to match SOC schematics
        ARM: OMAP2+: hsmmc: fix logic to call either omap_hsmmc_init or omap_hsmmc_late_init but not both
        ARM: dts: dra7: Set a default parent to mcasp3_ahclkx_mux
        ARM: OMAP2+: dra7xx: Set OPT_CLKS_IN_RESET flag for gpio1
        ARM: dts: nokia n900: drop unneeded/undocumented parts of the dts
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      7ea696af
    • Olof Johansson's avatar
      Merge tag 'v4.14-rockchip-dts64fixes-1' of... · 081069ef
      Olof Johansson authored
      Merge tag 'v4.14-rockchip-dts64fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip into fixes
      
      Adding the operating points on rk3368 like they were did not end up well
      for the boards as all of them are missing their cpu supplies, the OPPs
      actually need to follow the <target min max> format as the regulator is
      shared between both clusters and the one rk3368 board I have, somehow also
      doesn't like the higher opps at all - all of which I only realized after
      I brought my rk3368 board online again, after its bootloader broke.
      So we revert that OPP addition for now.
      
      And also two fixes for the mipi dsi controller on rk3399, which was
      referencing a clock to high up in the clock-tree so that an intermediate
      gate could be disabled inadvertently and also needs a clock for its area
      in the general register files of the rk3399 soc.
      
      * tag 'v4.14-rockchip-dts64fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip:
        arm64: dts: rockchip: add the grf clk for dw-mipi-dsi on rk3399
        arm64: dts: rockchip: Correct MIPI DPHY PLL clock on rk3399
        Revert "arm64: dts: rockchip: Add basic cpu frequencies for RK3368"
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      081069ef
    • Olof Johansson's avatar
      Merge tag 'mvebu-fixes-4.14-1' of git://git.infradead.org/linux-mvebu into fixes · aab4b417
      Olof Johansson authored
      mvebu fixes for 4.14 (part 1)
      
      Update MAINTAINERS for the Macchiatobin board (Armada 8K based)
      Fix AP806 system controller size on Armada 7K/8K
      
      * tag 'mvebu-fixes-4.14-1' of git://git.infradead.org/linux-mvebu:
        arm64: dt marvell: Fix AP806 system controller size
        MAINTAINERS: add Macchiatobin maintainers entry
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      aab4b417
    • Olof Johansson's avatar
      Merge tag 'reset-fixes-for-4.14' of git://git.pengutronix.de/git/pza/linux into fixes · 180eb4f1
      Olof Johansson authored
      Reset controller fixes for v4.14
      
      - Remove misleading HSDK v1 suffix, as there is no v2 planned
      - Add missing DT binding documentation for HSDK reset driver
      - Fix HSDK reset driver dependencies
      
      * tag 'reset-fixes-for-4.14' of git://git.pengutronix.de/git/pza/linux:
        reset: Restrict RESET_HSDK to ARC_SOC_HSDK or COMPILE_TEST
        ARC: reset: remove the misleading v1 suffix all over
        ARC: reset: add missing DT binding documentation for HSDKv1 reset driver
        ARC: reset: Only build on archs that have IOMEM
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      180eb4f1
    • Olof Johansson's avatar
      Merge tag 'davinci-fixes-for-v4.14' of... · 5f3daa23
      Olof Johansson authored
      Merge tag 'davinci-fixes-for-v4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci into fixes
      
      A fix for random ethernet mac address problem
      on DA850 EVM.
      
      * tag 'davinci-fixes-for-v4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci:
        ARM: dts: da850-evm: add serial and ethernet aliases
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      5f3daa23
    • Olof Johansson's avatar
      Merge tag 'at91-fixes' of... · 24f5a731
      Olof Johansson authored
      Merge tag 'at91-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nferre/linux-at91 into fixes
      
      Fixes for 4.14:
      - three DT fixes for the newly introduced sama5d27_som1_ek board
      - one treewide modification that didn't touch this new PM code: we
        synchronize now to be coherent with the other ARM platforms
      
      * tag 'at91-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nferre/linux-at91:
        ARM: at91: Replace uses of virt_to_phys with __pa_symbol
        ARM: dts: at91: sama5d27_som1_ek: fix USB host vbus
        ARM: dts: at91: sama5d27_som1_ek: fix typos
        ARM: dts: at91: sama5d27_som1_ek: update pinmux/pinconf for LEDs and USB
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      24f5a731
    • Linus Walleij's avatar
      ARM: defconfig: update Gemini defconfig · 0694b2ee
      Linus Walleij authored
      This updates the Gemini defconfig with drivers merged
      for v4.13 or v4.14:
      - ATA driver is merged
      - DMA driver is merged
      - RTC driver gets selected from default Kconfig
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      0694b2ee
    • Arnd Bergmann's avatar
      ARM: defconfig: FRAMEBUFFER_CONSOLE can no longer be =m · e4c77f8b
      Arnd Bergmann authored
      It is no longer possible to load this at runtime, so let's
      change the few remaining users to have it built-in all
      the time.
      
      arch/arm/configs/zeus_defconfig:115:warning: symbol value 'm' invalid for FRAMEBUFFER_CONSOLE
      arch/arm/configs/viper_defconfig:116:warning: symbol value 'm' invalid for FRAMEBUFFER_CONSOLE
      arch/arm/configs/pxa_defconfig:474:warning: symbol value 'm' invalid for FRAMEBUFFER_CONSOLE
      Reported-by: default avatarkernelci.org bot <bot@kernelci.org>
      Fixes: 6104c370 ("fbcon: Make fbcon a built-time depency for fbdev")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      e4c77f8b
    • Mike Rapoport's avatar
      include/linux/fs.h: fix comment about struct address_space · 32e57c29
      Mike Rapoport authored
      Before commit 9c5d760b ("mm: split gfp_mask and mapping flags into
      separate fields") the private_* fields of struct adrress_space were
      grouped together and using "ditto" in comments describing the last
      fields was correct.
      
      With introduction of gpf_mask between private_lock and private_list
      "ditto" references the wrong description.
      
      Fix it by using the elaborate description.
      
      Link: http://lkml.kernel.org/r/1507009987-8746-1-git-send-email-rppt@linux.vnet.ibm.comSigned-off-by: default avatarMike Rapoport <rppt@linux.vnet.ibm.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      32e57c29
    • Stafford Horne's avatar
      checkpatch: fix ignoring cover-letter logic · a08ffbef
      Stafford Horne authored
      Currently running checkpatch on a directory with a cover-letter.patch
      file reports the following error:
      
        -----------------------------------------
        patches/smp-v2/v2-0000-cover-letter.patch
        -----------------------------------------
      
        ERROR: Does not appear to be a unified-diff format patch
      
      The logic to suppress the unified-diff check for cover letters is there
      but is checking $file instead of $filename.  Fix the variable to use the
      correct one.
      
      Link: http://lkml.kernel.org/r/20170909090406.31523-1-shorne@gmail.comSigned-off-by: default avatarStafford Horne <shorne@gmail.com>
      Acked-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a08ffbef
    • Sudip Mukherjee's avatar
      m32r: fix build failure · d22e3d69
      Sudip Mukherjee authored
      The allmodconfig build of m32r is failing with the error:
      
        lib/mpi/mpih-div.o: In function 'mpihelp_divrem':
        mpih-div.c:(.text+0x40): undefined reference to 'abort'
        mpih-div.c:(.text+0x40): relocation truncated to fit:
      	R_M32R_26_PCREL_RELA against undefined symbol 'abort'
      
      The function 'abort' was never defined for the m32r architecture.
      
      Create 'abort' as is done in other arch like 'arm' and 'unicore32'.
      
      Link: http://lkml.kernel.org/r/1506727220-6108-1-git-send-email-sudip.mukherjee@codethink.co.ukSigned-off-by: default avatarSudip Mukherjee <sudipm.mukherjee@gmail.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d22e3d69
    • Sergey Senozhatsky's avatar
      lib/ratelimit.c: use deferred printk() version · 656d61ce
      Sergey Senozhatsky authored
      printk_ratelimit() invokes ___ratelimit() which may invoke a normal
      printk() (pr_warn() in this particular case) to warn about suppressed
      output.  Given that printk_ratelimit() may be called from anywhere, that
      pr_warn() is dangerous - it may end up deadlocking the system.  Fix
      ___ratelimit() by using deferred printk().
      
      Sasha reported the following lockdep error:
      
       : Unregister pv shared memory for cpu 8
       : select_fallback_rq: 3 callbacks suppressed
       : process 8583 (trinity-c78) no longer affine to cpu8
       :
       : ======================================================
       : WARNING: possible circular locking dependency detected
       : 4.14.0-rc2-next-20170927+ #252 Not tainted
       : ------------------------------------------------------
       : migration/8/62 is trying to acquire lock:
       : (&port_lock_key){-.-.}, at: serial8250_console_write()
       :
       : but task is already holding lock:
       : (&rq->lock){-.-.}, at: sched_cpu_dying()
       :
       : which lock already depends on the new lock.
       :
       :
       : the existing dependency chain (in reverse order) is:
       :
       : -> #3 (&rq->lock){-.-.}:
       : __lock_acquire()
       : lock_acquire()
       : _raw_spin_lock()
       : task_fork_fair()
       : sched_fork()
       : copy_process.part.31()
       : _do_fork()
       : kernel_thread()
       : rest_init()
       : start_kernel()
       : x86_64_start_reservations()
       : x86_64_start_kernel()
       : verify_cpu()
       :
       : -> #2 (&p->pi_lock){-.-.}:
       : __lock_acquire()
       : lock_acquire()
       : _raw_spin_lock_irqsave()
       : try_to_wake_up()
       : default_wake_function()
       : woken_wake_function()
       : __wake_up_common()
       : __wake_up_common_lock()
       : __wake_up()
       : tty_wakeup()
       : tty_port_default_wakeup()
       : tty_port_tty_wakeup()
       : uart_write_wakeup()
       : serial8250_tx_chars()
       : serial8250_handle_irq.part.25()
       : serial8250_default_handle_irq()
       : serial8250_interrupt()
       : __handle_irq_event_percpu()
       : handle_irq_event_percpu()
       : handle_irq_event()
       : handle_level_irq()
       : handle_irq()
       : do_IRQ()
       : ret_from_intr()
       : native_safe_halt()
       : default_idle()
       : arch_cpu_idle()
       : default_idle_call()
       : do_idle()
       : cpu_startup_entry()
       : rest_init()
       : start_kernel()
       : x86_64_start_reservations()
       : x86_64_start_kernel()
       : verify_cpu()
       :
       : -> #1 (&tty->write_wait){-.-.}:
       : __lock_acquire()
       : lock_acquire()
       : _raw_spin_lock_irqsave()
       : __wake_up_common_lock()
       : __wake_up()
       : tty_wakeup()
       : tty_port_default_wakeup()
       : tty_port_tty_wakeup()
       : uart_write_wakeup()
       : serial8250_tx_chars()
       : serial8250_handle_irq.part.25()
       : serial8250_default_handle_irq()
       : serial8250_interrupt()
       : __handle_irq_event_percpu()
       : handle_irq_event_percpu()
       : handle_irq_event()
       : handle_level_irq()
       : handle_irq()
       : do_IRQ()
       : ret_from_intr()
       : native_safe_halt()
       : default_idle()
       : arch_cpu_idle()
       : default_idle_call()
       : do_idle()
       : cpu_startup_entry()
       : rest_init()
       : start_kernel()
       : x86_64_start_reservations()
       : x86_64_start_kernel()
       : verify_cpu()
       :
       : -> #0 (&port_lock_key){-.-.}:
       : check_prev_add()
       : __lock_acquire()
       : lock_acquire()
       : _raw_spin_lock_irqsave()
       : serial8250_console_write()
       : univ8250_console_write()
       : console_unlock()
       : vprintk_emit()
       : vprintk_default()
       : vprintk_func()
       : printk()
       : ___ratelimit()
       : __printk_ratelimit()
       : select_fallback_rq()
       : sched_cpu_dying()
       : cpuhp_invoke_callback()
       : take_cpu_down()
       : multi_cpu_stop()
       : cpu_stopper_thread()
       : smpboot_thread_fn()
       : kthread()
       : ret_from_fork()
       :
       : other info that might help us debug this:
       :
       : Chain exists of:
       :   &port_lock_key --> &p->pi_lock --> &rq->lock
       :
       :  Possible unsafe locking scenario:
       :
       :        CPU0                    CPU1
       :        ----                    ----
       :   lock(&rq->lock);
       :                                lock(&p->pi_lock);
       :                                lock(&rq->lock);
       :   lock(&port_lock_key);
       :
       :  *** DEADLOCK ***
       :
       : 4 locks held by migration/8/62:
       : #0: (&p->pi_lock){-.-.}, at: sched_cpu_dying()
       : #1: (&rq->lock){-.-.}, at: sched_cpu_dying()
       : #2: (printk_ratelimit_state.lock){....}, at: ___ratelimit()
       : #3: (console_lock){+.+.}, at: vprintk_emit()
       :
       : stack backtrace:
       : CPU: 8 PID: 62 Comm: migration/8 Not tainted 4.14.0-rc2-next-20170927+ #252
       : Call Trace:
       : dump_stack()
       : print_circular_bug()
       : check_prev_add()
       : ? add_lock_to_list.isra.26()
       : ? check_usage()
       : ? kvm_clock_read()
       : ? kvm_sched_clock_read()
       : ? sched_clock()
       : ? check_preemption_disabled()
       : __lock_acquire()
       : ? __lock_acquire()
       : ? add_lock_to_list.isra.26()
       : ? debug_check_no_locks_freed()
       : ? memcpy()
       : lock_acquire()
       : ? serial8250_console_write()
       : _raw_spin_lock_irqsave()
       : ? serial8250_console_write()
       : serial8250_console_write()
       : ? serial8250_start_tx()
       : ? lock_acquire()
       : ? memcpy()
       : univ8250_console_write()
       : console_unlock()
       : ? __down_trylock_console_sem()
       : vprintk_emit()
       : vprintk_default()
       : vprintk_func()
       : printk()
       : ? show_regs_print_info()
       : ? lock_acquire()
       : ___ratelimit()
       : __printk_ratelimit()
       : select_fallback_rq()
       : sched_cpu_dying()
       : ? sched_cpu_starting()
       : ? rcutree_dying_cpu()
       : ? sched_cpu_starting()
       : cpuhp_invoke_callback()
       : ? cpu_disable_common()
       : take_cpu_down()
       : ? trace_hardirqs_off_caller()
       : ? cpuhp_invoke_callback()
       : multi_cpu_stop()
       : ? __this_cpu_preempt_check()
       : ? cpu_stop_queue_work()
       : cpu_stopper_thread()
       : ? cpu_stop_create()
       : smpboot_thread_fn()
       : ? sort_range()
       : ? schedule()
       : ? __kthread_parkme()
       : kthread()
       : ? sort_range()
       : ? kthread_create_on_node()
       : ret_from_fork()
       : process 9121 (trinity-c78) no longer affine to cpu8
       : smpboot: CPU 8 is now offline
      
      Link: http://lkml.kernel.org/r/20170928120405.18273-1-sergey.senozhatsky@gmail.com
      Fixes: 6b1d174b ("ratelimit: extend to print suppressed messages on release")
      Signed-off-by: default avatarSergey Senozhatsky <sergey.senozhatsky@gmail.com>
      Reported-by: default avatarSasha Levin <levinsasha928@gmail.com>
      Reviewed-by: default avatarPetr Mladek <pmladek@suse.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      656d61ce
    • Jean Delvare's avatar
      kernel/params.c: improve STANDARD_PARAM_DEF readability · e0596c80
      Jean Delvare authored
      Align the parameters passed to STANDARD_PARAM_DEF for clarity.
      
      Link: http://lkml.kernel.org/r/20170928162728.756143cc@endymionSigned-off-by: default avatarJean Delvare <jdelvare@suse.de>
      Suggested-by: default avatarIngo Molnar <mingo@kernel.org>
      Acked-by: default avatarIngo Molnar <mingo@kernel.org>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      e0596c80
    • Jean Delvare's avatar
      kernel/params.c: fix an overflow in param_attr_show · 96802e6b
      Jean Delvare authored
      Function param_attr_show could overflow the buffer it is operating on.
      
      The buffer size is PAGE_SIZE, and the string returned by
      attribute->param->ops->get is generated by scnprintf(buffer, PAGE_SIZE,
      ...) so it could be PAGE_SIZE - 1 long, with the terminating '\0' at the
      very end of the buffer.  Calling strcat(..., "\n") on this isn't safe, as
      the '\0' will be replaced by '\n' (OK) and then another '\0' will be added
      past the end of the buffer (not OK.)
      
      Simply add the trailing '\n' when writing the attribute contents to the
      buffer originally.  This is safe, and also faster.
      
      Credits to Teradata for discovering this issue.
      
      Link: http://lkml.kernel.org/r/20170928162602.60c379c7@endymionSigned-off-by: default avatarJean Delvare <jdelvare@suse.de>
      Acked-by: default avatarIngo Molnar <mingo@kernel.org>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      96802e6b
    • Jean Delvare's avatar
      kernel/params.c: fix the maximum length in param_get_string · 90ceb2a3
      Jean Delvare authored
      The length parameter of strlcpy() is supposed to reflect the size of the
      target buffer, not of the source string.  Harmless in this case as the
      buffer is PAGE_SIZE long and the source string is always much shorter than
      this, but conceptually wrong, so let's fix it.
      
      Link: http://lkml.kernel.org/r/20170928162515.24846b4f@endymionSigned-off-by: default avatarJean Delvare <jdelvare@suse.de>
      Acked-by: default avatarIngo Molnar <mingo@kernel.org>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      90ceb2a3