- 04 Sep, 2019 2 commits
-
-
Gustavo Romero authored
When in userspace and MSR FP=0 the hardware FP state is unrelated to the current process. This is extended for transactions where if tbegin is run with FP=0, the hardware checkpoint FP state will also be unrelated to the current process. Due to this, we need to ensure this hardware checkpoint is updated with the correct state before we enable FP for this process. Unfortunately we get this wrong when returning to a process from a hardware interrupt. A process that starts a transaction with FP=0 can take an interrupt. When the kernel returns back to that process, we change to FP=1 but with hardware checkpoint FP state not updated. If this transaction is then rolled back, the FP registers now contain the wrong state. The process looks like this: Userspace: Kernel Start userspace with MSR FP=0 TM=1 < ----- ... tbegin bne Hardware interrupt ---- > <do_IRQ...> .... ret_from_except restore_math() /* sees FP=0 */ restore_fp() tm_active_with_fp() /* sees FP=1 (Incorrect) */ load_fp_state() FP = 0 -> 1 < ----- Return to userspace with MSR TM=1 FP=1 with junk in the FP TM checkpoint TM rollback reads FP junk When returning from the hardware exception, tm_active_with_fp() is incorrectly making restore_fp() call load_fp_state() which is setting FP=1. The fix is to remove tm_active_with_fp(). tm_active_with_fp() is attempting to handle the case where FP state has been changed inside a transaction. In this case the checkpointed and transactional FP state is different and hence we must restore the FP state (ie. we can't do lazy FP restore inside a transaction that's used FP). It's safe to remove tm_active_with_fp() as this case is handled by restore_tm_state(). restore_tm_state() detects if FP has been using inside a transaction and will set load_fp and call restore_math() to ensure the FP state (checkpoint and transaction) is restored. This is a data integrity problem for the current process as the FP registers are corrupted. It's also a security problem as the FP registers from one process may be leaked to another. Similarly for VMX. A simple testcase to replicate this will be posted to tools/testing/selftests/powerpc/tm/tm-poison.c This fixes CVE-2019-15031. Fixes: a7771176 ("powerpc: Don't enable FP/Altivec if not checkpointed") Cc: stable@vger.kernel.org # 4.15+ Signed-off-by: Gustavo Romero <gromero@linux.ibm.com> Signed-off-by: Michael Neuling <mikey@neuling.org> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20190904045529.23002-2-gromero@linux.vnet.ibm.com
-
Gustavo Romero authored
When we take an FP unavailable exception in a transaction we have to account for the hardware FP TM checkpointed registers being incorrect. In this case for this process we know the current and checkpointed FP registers must be the same (since FP wasn't used inside the transaction) hence in the thread_struct we copy the current FP registers to the checkpointed ones. This copy is done in tm_reclaim_thread(). We use thread->ckpt_regs.msr to determine if FP was on when in userspace. thread->ckpt_regs.msr represents the state of the MSR when exiting userspace. This is setup by check_if_tm_restore_required(). Unfortunatley there is an optimisation in giveup_all() which returns early if tsk->thread.regs->msr (via local variable `usermsr`) has FP=VEC=VSX=SPE=0. This optimisation means that check_if_tm_restore_required() is not called and hence thread->ckpt_regs.msr is not updated and will contain an old value. This can happen if due to load_fp=255 we start a userspace process with MSR FP=1 and then we are context switched out. In this case thread->ckpt_regs.msr will contain FP=1. If that same process is then context switched in and load_fp overflows, MSR will have FP=0. If that process now enters a transaction and does an FP instruction, the FP unavailable will not update thread->ckpt_regs.msr (the bug) and MSR FP=1 will be retained in thread->ckpt_regs.msr. tm_reclaim_thread() will then not perform the required memcpy and the checkpointed FP regs in the thread struct will contain the wrong values. The code path for this happening is: Userspace: Kernel Start userspace with MSR FP/VEC/VSX/SPE=0 TM=1 < ----- ... tbegin bne fp instruction FP unavailable ---- > fp_unavailable_tm() tm_reclaim_current() tm_reclaim_thread() giveup_all() return early since FP/VMX/VSX=0 /* ckpt MSR not updated (Incorrect) */ tm_reclaim() /* thread_struct ckpt FP regs contain junk (OK) */ /* Sees ckpt MSR FP=1 (Incorrect) */ no memcpy() performed /* thread_struct ckpt FP regs not fixed (Incorrect) */ tm_recheckpoint() /* Put junk in hardware checkpoint FP regs */ .... < ----- Return to userspace with MSR TM=1 FP=1 with junk in the FP TM checkpoint TM rollback reads FP junk This is a data integrity problem for the current process as the FP registers are corrupted. It's also a security problem as the FP registers from one process may be leaked to another. This patch moves up check_if_tm_restore_required() in giveup_all() to ensure thread->ckpt_regs.msr is updated correctly. A simple testcase to replicate this will be posted to tools/testing/selftests/powerpc/tm/tm-poison.c Similarly for VMX. This fixes CVE-2019-15030. Fixes: f48e91e8 ("powerpc/tm: Fix FP and VMX register corruption") Cc: stable@vger.kernel.org # 4.12+ Signed-off-by: Gustavo Romero <gromero@linux.vnet.ibm.com> Signed-off-by: Michael Neuling <mikey@neuling.org> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20190904045529.23002-1-gromero@linux.vnet.ibm.com
-
- 12 Aug, 2019 1 commit
-
-
Christophe Leroy authored
Commit ebb9d30a ("powerpc/mm: any thread in one core can be the first to setup TLB1") removed the need to know the cpu_id in early_init_this_mmu(), but the call to smp_processor_id() which was marked __maybe_used remained. Since commit ed1cd6de ("powerpc: Activate CONFIG_THREAD_INFO_IN_TASK") thread_info cannot be reached before MMU is properly set up. Drop this stale call to smp_processor_id() which makes SMP hang when CONFIG_PREEMPT is set. Fixes: ebb9d30a ("powerpc/mm: any thread in one core can be the first to setup TLB1") Fixes: ed1cd6de ("powerpc: Activate CONFIG_THREAD_INFO_IN_TASK") Cc: stable@vger.kernel.org # v5.1+ Reported-by: Chris Packham <Chris.Packham@alliedtelesis.co.nz> Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> Tested-by: Chris Packham <chris.packham@alliedtelesis.co.nz> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/bef479514f4c08329fa649f67735df8918bc0976.1565268248.git.christophe.leroy@c-s.fr
-
- 31 Jul, 2019 3 commits
-
-
Michael Ellerman authored
This reverts commit 6c587584. It triggers a probable compiler bug on clang which leads to crashes. With GCC it allows the compiler to use a more efficient register allocation but current GCC versions never do that at any of the current call sites, so there's no benefit. Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
-
Christophe Leroy authored
Due to commit 4a6d8cf9 ("powerpc/mm: don't use pte_alloc_kernel() until slab is available on PPC32"), pte_alloc_kernel() cannot be used during early KASAN init. Fix it by using memblock_alloc() instead. Fixes: 2edb16ef ("powerpc/32: Add KASAN support") Cc: stable@vger.kernel.org # v5.2+ Reported-by: Erhard F. <erhard_f@mailbox.org> Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/da89670093651437f27d2975224712e0a130b055.1564552796.git.christophe.leroy@c-s.fr
-
Stephen Rothwell authored
Mark switch cases where we are expecting to fall through. This patch fixes the following warning (Building: powerpc): drivers/macintosh/smu.c: In function 'smu_queue_i2c': drivers/macintosh/smu.c:854:21: warning: this statement may fall through [-Wimplicit-fallthrough=] cmd->info.devaddr &= 0xfe; ~~~~~~~~~~~~~~~~~~^~~~~~~ drivers/macintosh/smu.c:855:2: note: here case SMU_I2C_TRANSFER_STDSUB: ^~~~ Fixes: 0365ba7f ("[PATCH] ppc64: SMU driver update & i2c support") Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20190730143704.060a2606@canb.auug.org.au
-
- 30 Jul, 2019 2 commits
-
-
Michael Ellerman authored
Mark switch cases where we are expecting to fall through. Fixes errors such as below, seen with mpc85xx_defconfig: arch/powerpc/kernel/align.c: In function 'emulate_spe': arch/powerpc/kernel/align.c:178:8: error: this statement may fall through ret |= __get_user_inatomic(temp.v[3], p++); ^~ Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20190730141917.21817-1-mpe@ellerman.id.au
-
Aneesh Kumar K.V authored
Currently, nvdimm subsystem expects the device numa node for SCM device to be an online node. It also doesn't try to bring the device numa node online. Hence if we use a non-online numa node as device node we hit crashes like below. This is because we try to access uninitialized NODE_DATA in different code paths. cpu 0x0: Vector: 300 (Data Access) at [c0000000fac53170] pc: c0000000004bbc50: ___slab_alloc+0x120/0xca0 lr: c0000000004bc834: __slab_alloc+0x64/0xc0 sp: c0000000fac53400 msr: 8000000002009033 dar: 73e8 dsisr: 80000 current = 0xc0000000fabb6d80 paca = 0xc000000003870000 irqmask: 0x03 irq_happened: 0x01 pid = 7, comm = kworker/u16:0 Linux version 5.2.0-06234-g76bd729b2644 (kvaneesh@ltc-boston123) (gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)) #135 SMP Thu Jul 11 05:36:30 CDT 2019 enter ? for help [link register ] c0000000004bc834 __slab_alloc+0x64/0xc0 [c0000000fac53400] c0000000fac53480 (unreliable) [c0000000fac53500] c0000000004bc818 __slab_alloc+0x48/0xc0 [c0000000fac53560] c0000000004c30a0 __kmalloc_node_track_caller+0x3c0/0x6b0 [c0000000fac535d0] c000000000cfafe4 devm_kmalloc+0x74/0xc0 [c0000000fac53600] c000000000d69434 nd_region_activate+0x144/0x560 [c0000000fac536d0] c000000000d6b19c nd_region_probe+0x17c/0x370 [c0000000fac537b0] c000000000d6349c nvdimm_bus_probe+0x10c/0x230 [c0000000fac53840] c000000000cf3cc4 really_probe+0x254/0x4e0 [c0000000fac538d0] c000000000cf429c driver_probe_device+0x16c/0x1e0 [c0000000fac53950] c000000000cf0b44 bus_for_each_drv+0x94/0x130 [c0000000fac539b0] c000000000cf392c __device_attach+0xdc/0x200 [c0000000fac53a50] c000000000cf231c bus_probe_device+0x4c/0xf0 [c0000000fac53a90] c000000000ced268 device_add+0x528/0x810 [c0000000fac53b60] c000000000d62a58 nd_async_device_register+0x28/0xa0 [c0000000fac53bd0] c0000000001ccb8c async_run_entry_fn+0xcc/0x1f0 [c0000000fac53c50] c0000000001bcd9c process_one_work+0x46c/0x860 [c0000000fac53d20] c0000000001bd4f4 worker_thread+0x364/0x5f0 [c0000000fac53db0] c0000000001c7260 kthread+0x1b0/0x1c0 [c0000000fac53e20] c00000000000b954 ret_from_kernel_thread+0x5c/0x68 The patch tries to fix this by picking the nearest online node as the SCM node. This does have a problem of us losing the information that SCM node is equidistant from two other online nodes. If applications need to understand these fine-grained details we should express then like x86 does via /sys/devices/system/node/nodeX/accessY/initiators/ With the patch we get # numactl -H available: 2 nodes (0-1) node 0 cpus: node 0 size: 0 MB node 0 free: 0 MB node 1 cpus: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 node 1 size: 130865 MB node 1 free: 129130 MB node distances: node 0 1 0: 10 20 1: 20 10 # cat /sys/bus/nd/devices/region0/numa_node 0 # dmesg | grep papr_scm [ 91.332305] papr_scm ibm,persistent-memory:ibm,pmemory@44104001: Region registered with target node 2 and online node 0 Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20190729095128.23707-1-aneesh.kumar@linux.ibm.com
-
- 29 Jul, 2019 1 commit
-
-
Santosh Sivaraj authored
Implicit fallthrough warning was enabled globally which broke the build. Make it explicit with a `fall through` comment. Signed-off-by: Santosh Sivaraj <santosh@fossix.org> Reviewed-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20190729055536.25591-1-santosh@fossix.org
-
- 28 Jul, 2019 14 commits
-
-
Michael Ellerman authored
Wire up the new clone3 syscall added in commit 7f192e3c ("fork: add clone3"). This requires a ppc_clone3 wrapper, in order to save the non-volatile GPRs before calling into the generic syscall code. Otherwise we hit the BUG_ON in CHECK_FULL_REGS in copy_thread(). Lightly tested using Christian's test code on a Power8 LE VM. Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Acked-by: Christian Brauner <christian@brauner.io> Link: https://lore.kernel.org/r/20190724140259.23554-1-mpe@ellerman.id.au
-
Linus Torvalds authored
-
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linuxLinus Torvalds authored
Pull structleak fix from Kees Cook: "Disable gcc-based stack variable auto-init under KASAN (Arnd Bergmann). This fixes a bunch of build warnings under KASAN and the gcc-plugin-based stack auto-initialization features (which are arguably redundant, so better to let KASAN control this)" * tag 'meminit-v5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACK
-
Linus Torvalds authored
Merge tag 'kbuild-fixes-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild fixes from Masahiro Yamada: - add compile_commands.json to .gitignore - fix false-positive warning from gen_compile_commands.py after allnoconfig build - remove unused code * tag 'kbuild-fixes-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kbuild: remove unused single-used-m gen_compile_commands: lower the entry count threshold .gitignore: Add compilation database file kbuild: remove unused objectify macro
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-miscLinus Torvalds authored
Pull char/misc driver fixes from Greg KH: "Here are some small char and misc driver fixes for 5.3-rc2 to resolve some reported issues. Nothing major at all, some binder bugfixes for issues found, some new mei device ids, firmware building warning fixes, habanalabs fixes, a few other build fixes, and a MAINTAINERS update. All of these have been in linux-next with no reported issues" * tag 'char-misc-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: test_firmware: fix a memory leak bug hpet: Fix division by zero in hpet_time_div() eeprom: make older eeprom drivers select NVMEM_SYSFS vmw_balloon: Remove Julien from the maintainers list fpga-manager: altera-ps-spi: Fix build error mei: me: add mule creek canyon (EHL) device ids binder: prevent transactions to context manager from its own process. binder: Set end of SG buffer area properly. firmware: Fix missing inline firmware: fix build errors in paged buffer handling code habanalabs: don't reset device when getting VRHOT habanalabs: use %pad for printing a dma_addr_t
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/ttyLinus Torvalds authored
Pull tty fixes from Greg KH: "Here are two tty/vt fixes: - delete the netx-serial driver as the arch has been removed, no need to keep the serial driver for it around either. - vt console_lock fix to resolve a reported noisy warning at runtime Both of these have been in linux-next with no reported issues" * tag 'tty-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: vt: Grab console_lock around con_is_bound in show_bind tty: serial: netx: Delete driver
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdxLinus Torvalds authored
Pull SPDX fixes from Greg KH: "Here are some small SPDX fixes for 5.3-rc2 for things that came in during the 5.3-rc1 merge window that we previously missed. Only three small patches here: - two uapi patches to resolve some SPDX tags that were not correct - fix an invalid SPDX tag in the iomap Makefile file All have been properly reviewed on the public mailing lists" * tag 'spdx-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx: iomap: fix Invalid License ID treewide: remove SPDX "WITH Linux-syscall-note" from kernel-space headers again treewide: add "WITH Linux-syscall-note" to SPDX tag of uapi headers
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbLinus Torvalds authored
Pull USB fixes from Greg KH: "Here are some small fixes for 5.3-rc2. All of these resolve some reported issues, some more than others :) Included in here is: - xhci fix for an annoying issue with odd devices - reversion of some usb251xb patches that should not have been merged - usb pci quirk additions and fixups - usb storage fix - usb host controller error test fix All of these have been in linux-next with no reported issues" * tag 'usb-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: xhci: Fix crash if scatter gather is used with Immediate Data Transfer (IDT). usb: usb251xb: Reallow swap-dx-lanes to apply to the upstream port Revert "usb: usb251xb: Add US port lanes inversion property" Revert "usb: usb251xb: Add US lanes inversion dts-bindings" usb: wusbcore: fix unbalanced get/put cluster_id usb/hcd: Fix a NULL vs IS_ERR() bug in usb_hcd_setup_local_mem() usb-storage: Add a limitation for blk_queue_max_hw_sectors() usb: pci-quirks: Minor cleanup for AMD PLL quirk usb: pci-quirks: Correct AMD PLL quirk detection
-
git://git.kernel.org/pub/scm/linux/kernel/git/soc/socLinus Torvalds authored
Pull ARM SoC fixes from Olof Johansson: "Here's the first batch of fixes for this release cycle. Main diffstat here is the re-deletion of netx. I messed up and most likely didn't remove the files from the index when I test-merged this and saw conflicts, and from there on out 'git rerere' remembered the mistake and I missed checking it. Here it's done again as expected. Besides that: - A defconfig refresh + enabling of new drivers for u8500 - i.MX fixlets for i2c/SAI/pinmux - sleep.S build fix for Davinci - Broadcom devicetree build/warning fix" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: ARM: defconfig: u8500: Add new drivers ARM: defconfig: u8500: Refresh defconfig ARM: dts: bcm: bcm47094: add missing #cells for mdio-bus-mux ARM: davinci: fix sleep.S build error on ARMv4 arm64: dts: imx8mq: fix SAI compatible arm64: dts: imx8mm: Correct SAI3 RXC/TXFS pin's mux option #1 ARM: dts: imx6ul: fix clock frequency property name of I2C buses ARM: Delete netx a second time ARM: dts: imx7ulp: Fix usb-phy unit address format
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull x86 fixes from Thomas Gleixner: "A set of x86 fixes and functional updates: - Prevent stale huge I/O TLB mappings on 32bit. A long standing bug which got exposed by KPTI support for 32bit - Prevent bogus access_ok() warnings in arch_stack_walk_user() - Add display quirks for Lenovo devices which have height and width swapped - Add the missing CR2 fixup for 32 bit async pagefaults. Fallout of the CR2 bug fix series. - Unbreak handling of force enabled HPET by moving the 'is HPET counting' check back to the original place. - A more accurate check for running on a hypervisor platform in the MDS mitigation code. Not perfect, but more accurate than the previous one. - Update a stale and confusing comment vs. IRQ stacks" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/speculation/mds: Apply more accurate check on hypervisor platform x86/hpet: Undo the early counter is counting check x86/entry/32: Pass cr2 to do_async_page_fault() x86/irq/64: Update stale comment x86/sysfb_efi: Add quirks for some devices with swapped width and height x86/stacktrace: Prevent access_ok() warnings in arch_stack_walk_user() mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy() x86/mm: Sync also unmappings in vmalloc_sync_all() x86/mm: Check for pfn instead of page in vmalloc_sync_one()
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull scheduler fixes from Thomas Gleixner: "Two fixes for the fair scheduling class: - Prevent freeing memory which is accessible by concurrent readers - Make the RCU annotations for numa groups consistent" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/fair: Use RCU accessors consistently for ->numa_group sched/fair: Don't free p->numa_faults with concurrent readers
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull perf fixes from Thomas Gleixner: "A pile of perf related fixes: Kernel: - Fix SLOTS PEBS event constraints for Icelake CPUs - Add the missing mask bit to allow counting hardware generated prefetches on L3 for Icelake CPUs - Make the test for hypervisor platforms more accurate (as far as possible) - Handle PMUs correctly which override event->cpu - Yet another missing fallthrough annotation Tools: perf.data: - Fix loading of compressed data split across adjacent records - Fix buffer size setting for processing CPU topology perf.data header. perf stat: - Fix segfault for event group in repeat mode - Always separate "stalled cycles per insn" line, it was being appended to the "instructions" line. perf script: - Fix --max-blocks man page description. - Improve man page description of metrics. - Fix off by one in brstackinsn IPC computation. perf probe: - Avoid calling freeing routine multiple times for same pointer. perf build: - Do not use -Wshadow on gcc < 4.8, avoiding too strict warnings treated as errors, breaking the build" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86/intel: Mark expected switch fall-throughs perf/core: Fix creating kernel counters for PMUs that override event->cpu perf/x86: Apply more accurate check on hypervisor platform perf/x86/intel: Fix invalid Bit 13 for Icelake MSR_OFFCORE_RSP_x register perf/x86/intel: Fix SLOTS PEBS event constraint perf build: Do not use -Wshadow on gcc < 4.8 perf probe: Avoid calling freeing routine multiple times for same pointer perf probe: Set pev->nargs to zero after freeing pev->args entries perf session: Fix loading of compressed data split across adjacent records perf stat: Always separate stalled cycles per insn perf stat: Fix segfault for event group in repeat mode perf tools: Fix proper buffer size for feature processing perf script: Fix off by one in brstackinsn IPC computation perf script: Improve man page description of metrics perf script: Fix --max-blocks man page description
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull locking fixes from Thomas Gleixner: "A set of locking fixes: - Address the fallout of the rwsem rework. Missing ACQUIREs and a sanity check to prevent a use-after-free - Add missing checks for unitialized mutexes when mutex debugging is enabled. - Remove the bogus code in the generic SMP variant of arch_futex_atomic_op_inuser() - Fixup the #ifdeffery in lockdep to prevent compile warnings" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: locking/mutex: Test for initialized mutex locking/lockdep: Clean up #ifdef checks locking/lockdep: Hide unused 'class' variable locking/rwsem: Add ACQUIRE comments tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop locking/rwsem: Add missing ACQUIRE to read_slowpath exit when queue is empty locking/rwsem: Don't call owner_on_cpu() on read-owner futex: Cleanup generic SMP variant of arch_futex_atomic_op_inuser()
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull objtool fix from Thomas Gleixner: "A single robustness fix for objtool to handle unbalanced CLAC invocations under all circumstances" * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: objtool: Improve UACCESS coverage
-
- 27 Jul, 2019 10 commits
-
-
Linus Torvalds authored
Merge tag 'Wimplicit-fallthrough-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux Pull Wimplicit-fallthrough enablement from Gustavo A. R. Silva: "This marks switch cases where we are expecting to fall through, and globally enables the -Wimplicit-fallthrough option in the main Makefile. Finally, some missing-break fixes that have been tagged for -stable: - drm/amdkfd: Fix missing break in switch statement - drm/amdgpu/gfx10: Fix missing break in switch statement With these changes, we completely get rid of all the fall-through warnings in the kernel" * tag 'Wimplicit-fallthrough-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux: Makefile: Globally enable fall-through warning drm/i915: Mark expected switch fall-throughs drm/amd/display: Mark expected switch fall-throughs drm/amdkfd/kfd_mqd_manager_v10: Avoid fall-through warning drm/amdgpu/gfx10: Fix missing break in switch statement drm/amdkfd: Fix missing break in switch statement perf/x86/intel: Mark expected switch fall-throughs mtd: onenand_base: Mark expected switch fall-through afs: fsclient: Mark expected switch fall-throughs afs: yfsclient: Mark expected switch fall-throughs can: mark expected switch fall-throughs firewire: mark expected switch fall-throughs
-
git://git.kernel.org/pub/scm/linux/kernel/git/s390/linuxLinus Torvalds authored
Pull s390 updates from Heiko Carstens: - Add ABI to kernel image file which allows e.g. the file utility to figure out the kernel version. - Wire up clone3 system call. - Add support for kasan bitops instrumentation. - uapi header cleanup: use __u{16,32,64} instead of uint{16,32,64}_t. - Provide proper ARCH_ZONE_DMA_BITS so the s390 DMA zone is correctly defined with 2 GB instead of the default value of 1 MB. - Farhan Ali leaves the group of vfio-ccw maintainers. - Various small vfio-ccw fixes. - Add missing locking for airq_areas array in virtio code. - Minor qdio improvements. * tag 's390-5.3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: MAINTAINERS: vfio-ccw: Remove myself as the maintainer s390/mm: use shared variables for sysctl range check virtio/s390: fix race on airq_areas[] s390/dma: provide proper ARCH_ZONE_DMA_BITS value s390/kasan: add bitops instrumentation s390/bitops: make test functions return bool s390: wire up clone3 system call kbuild: enable arch/s390/include/uapi/asm/zcrypt.h for uapi header test s390: use __u{16,32,64} instead of uint{16,32,64}_t in uapi header s390/hypfs: fix a typo in the name of a function s390/qdio: restrict QAOB usage to IQD unicast queues s390/qdio: add sanity checks to the fast-requeue path s390: enable detection of kernel version from bzImage Documentation: fix vfio-ccw doc vfio-ccw: Update documentation for csch/hsch vfio-ccw: Don't call cp_free if we are processing a channel program vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn vfio-ccw: Fix memory leak and don't call cp_free in cp_init vfio-ccw: Fix misleading comment when setting orb.cmd.c64
-
git://git.kernel.org/pub/scm/linux/kernel/git/robh/linuxLinus Torvalds authored
Pull Devicetree fixes from Rob Herring: "The nvmem changes would typically go thru Greg's tree, but they were missed in the merge window. [ Acked by Greg ] Summary: - Fix mismatches in $id values and actual filenames. Now checked by tools. - Convert nvmem binding to DT schema - Fix a typo in of_property_read_bool() kerneldoc - Remove some redundant description in al-fic interrupt-controller" * tag 'devicetree-fixes-for-5.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: dt-bindings: Fix more $id value mismatches filenames dt-bindings: nvmem: SID: Fix the examples node names dt-bindings: nvmem: Add YAML schemas for the generic NVMEM bindings of: Fix typo in kerneldoc dt-bindings: interrupt-controller: al-fic: remove redundant binding dt-bindings: clk: allwinner,sun4i-a10-ccu: Correct path in $id
-
git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimmLinus Torvalds authored
Pull libnvdimm fixes from Dan Williams: "A collection of locking and async operations fixes for v5.3-rc2. These had been soaking in a branch targeting the merge window, but missed due to a regression hunt. This fixed up version has otherwise been in -next this past week with no reported issues. In order to gain confidence in the locking changes the pull also includes a debug / instrumentation patch to enable lockdep coverage for libnvdimm subsystem operations that depend on the device_lock for exclusion. As mentioned in the changelog it is a hack, but it works and documents the locking expectations of the sub-system in a way that others can use lockdep to verify. The driver core touches got an ack from Greg. Summary: - Fix duplicate device_unregister() calls (multiple threads competing to do unregister work when scheduling device removal from a sysfs attribute of the self-same device). - Fix badblocks registration order bug. Ensure region badblocks are initialized in advance of namespace registration. - Fix a deadlock between the bus lock and probe operations. - Export device-core infrastructure to coordinate async operations via the device ->dead state. - Add device-core infrastructure to validate device_lock() usage with lockdep" * tag 'libnvdimm-fixes-5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: driver-core, libnvdimm: Let device subsystems add local lockdep coverage libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant libnvdimm/region: Register badblocks before namespaces libnvdimm/bus: Prevent duplicate device_unregister() calls drivers/base: Introduce kill_device()
-
Masahiro Yamada authored
This is unused since commit 9f69a496 ("kbuild: split out *.mod out of {single,multi}-used-m rules"). Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
Running gen_compile_commands.py after building the kernel with allnoconfig gave this: $ ./scripts/gen_compile_commands.py WARNING: Found 449 entries. Have you compiled the kernel? Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Toru Komatsu authored
This file is used by clangd to use language server protocol. It can be generated at each compile using scripts/gen_compile_commands.py. Therefore it is different depending on the environment and should be ignored. Signed-off-by: Toru Komatsu <k0ma@utam0k.jp> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Masahiro Yamada authored
Commit 415008af ("docs-rst: convert lsm from DocBook to ReST") removed the last users of this macro. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
git://git.kernel.dk/linux-blockLinus Torvalds authored
Pull block DMA segment fix from Jens Axboe: "Here's the virtual boundary segment size fix" * tag 'for-linus-20190726-2' of git://git.kernel.dk/linux-block: block: fix max segment size handling in blk_queue_virt_boundary
-
git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinuxLinus Torvalds authored
Pull selinux fix from Paul Moore: "One small SELinux patch to add some proper bounds/overflow checking when adding a new sid/secid" * tag 'selinux-pr-20190726' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: check sidtab limit before adding a new entry
-
- 26 Jul, 2019 7 commits
-
-
Rob Herring authored
The path in the schema '$id' values are wrong. Fix them. Signed-off-by: Rob Herring <robh@kernel.org>
-
Maxime Ripard authored
Now that the examples are validated, the examples in the SID binding generates an error since the node names aren't one of the valid ones. Let's switch for one that is ok. Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com> Signed-off-by: Rob Herring <robh@kernel.org>
-
Maxime Ripard authored
The nvmem providers and consumers have a bunch of generic properties that are needed in a device tree. Add a YAML schemas for those. Reviewed-by: Rob Herring <robh@kernel.org> Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com> [Srini: Changed licence to (GPL-2.0 OR BSD-2-Clause)] Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> Signed-off-by: Rob Herring <robh@kernel.org>
-
Thierry Reding authored
"Findfrom" is not a word. Replace the function synopsis by something that makes sense. Signed-off-by: Thierry Reding <treding@nvidia.com> Signed-off-by: Rob Herring <robh@kernel.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsiLinus Torvalds authored
Pull SCSI fixes from James Bottomley: "Nine fixes: The most important core one is the dma_max_mapping_size fix that corrects the boot problem Gunter Roeck was having. A couple of other driver only fixes are significant, like the cxgbi selector support addition, the alua 2 second delay and the fdomain build fix" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG scsi: ibmvfc: fix WARN_ON during event pool release scsi: fcoe: fix a typo scsi: megaraid_sas: Make some functions static scsi: megaraid_sas: fix panic on loading firmware crashdump scsi: megaraid_sas: fix spelling mistake "megarid_sas" -> "megaraid_sas" scsi: core: fix the dma_max_mapping_size call scsi: fdomain: fix building pcmcia front-end scsi: target: cxgbit: add support for IEEE_8021QAZ_APP_SEL_STREAM selector
-
git://anongit.freedesktop.org/drm/drmLinus Torvalds authored
Pull drm fixes from Daniel Vetter: "Dave seems to collect an entire streak of things happening, so again me typing pull summary. Nothing nefarious here, most of the fixes are for new stuff or things users won't see. The amd-display patches are a bit different, and very much look like they should have at least some cc: stable tags. Might be amd is a bit too comfortable with their internal tree and not enough looking at upstream. Dave&me are looking into this, in case something needs rectified with process here. Also no intel fixes pull, but intel CI is general become rather good, still I guess expect a notch more for -rc3. Summary: amdgpu: - fixes for (new in 5.3) hw support (vega20, navi) - disable RAS - lots of display fixes all over (audio, DSC, dongle, clock mgr) ttm: - fix dma_free_attrs calls to appease dma debugging msm: - fixes for dma-api, locking debug and compiler splats core: - fix cmdline mode to not apply rotation if not specified (new in 5.3) - compiler warn fix" * tag 'drm-fixes-2019-07-26' of git://anongit.freedesktop.org/drm/drm: (46 commits) drm/amd/display: Set enabled to false at start of audio disable drm/amdgpu/smu: move fan rpm query into the asic specific code drm/amd/powerplay: custom peak clock freq for navi10 drm: silence variable 'conn' set but not used drm/msm: stop abusing dma_map/unmap for cache drm/msm/dpu: Correct dpu encoder spinlock initialization drm/msm: correct NULL pointer dereference in context_init drm/amd/display: handle active dongle port type is DP++ or DP case drm/amd/display: do not read link setting if edp not connected drm/amd/display: Increase size of audios array drm/amd/display: drop ASSERT() if eDP panel is not connected drm/amd/display: Only enable audio if speaker allocation exists drm/amd/display: Fix dc_create failure handling and 666 color depths drm/amd/display: allocate 4 ddc engines for RV2 drm/amd/display: put back front end initialization sequence drm/amd/display: Wait for flip to complete drm/amd/display: Change min_h_sync_width from 8 to 4 drm/amd/display: use encoder's engine id to find matched free audio device drm/amd/display: fix DMCU hang when going into Modern Standby drm/amd/display: Disable Audio on reinitialize hardware ...
-
Christoph Hellwig authored
We should only set the max segment size to unlimited if we actually have a virt boundary. Otherwise we accidentally clear that limit when called from the SCSI midlayer, which always calls blk_queue_virt_boundary, even if that mask is 0. Fixes: 7ad388d8 ("scsi: core: add a host / host template field for the virt boundary") Reported-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@kernel.dk>
-