1. 20 Nov, 2018 2 commits
    • Ard Biesheuvel's avatar
      arm64: mm: apply r/o permissions of VM areas to its linear alias as well · c55191e9
      Ard Biesheuvel authored
      On arm64, we use block mappings and contiguous hints to map the linear
      region, to minimize the TLB footprint. However, this means that the
      entire region is mapped using read/write permissions, which we cannot
      modify at page granularity without having to take intrusive measures to
      prevent TLB conflicts.
      
      This means the linear aliases of pages belonging to read-only mappings
      (executable or otherwise) in the vmalloc region are also mapped read/write,
      and could potentially be abused to modify things like module code, bpf JIT
      code or other read-only data.
      
      So let's fix this, by extending the set_memory_ro/rw routines to take
      the linear alias into account. The consequence of enabling this is
      that we can no longer use block mappings or contiguous hints, so in
      cases where the TLB footprint of the linear region is a bottleneck,
      performance may be affected.
      
      Therefore, allow this feature to be runtime en/disabled, by setting
      rodata=full (or 'on' to disable just this enhancement, or 'off' to
      disable read-only mappings for code and r/o data entirely) on the
      kernel command line. Also, allow the default value to be set via a
      Kconfig option.
      Tested-by: default avatarLaura Abbott <labbott@redhat.com>
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      c55191e9
    • Ard Biesheuvel's avatar
      arm64: mm: purge lazily unmapped vm regions before changing permissions · b34d2ef0
      Ard Biesheuvel authored
      Call vm_unmap_aliases() every time we apply any changes to permission
      attributes of mappings in the vmalloc region. This avoids any potential
      issues resulting from lingering writable or executable aliases of
      mappings that should be read-only or non-executable, respectively.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      b34d2ef0
  2. 18 Nov, 2018 23 commits
  3. 16 Nov, 2018 9 commits
    • Linus Torvalds's avatar
      Merge tag 'fsnotify_for_v4.20-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs · 1ce80e0f
      Linus Torvalds authored
      Pull fsnotify fix from Jan Kara:
       "One small fsnotify fix for duplicate events"
      
      * tag 'fsnotify_for_v4.20-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
        fanotify: fix handling of events on child sub-directory
      1ce80e0f
    • Linus Torvalds's avatar
      Merge tag 'gfs2-4.20.fixes3' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 · e6a2562f
      Linus Torvalds authored
      Pull bfs2 fixes from Andreas Gruenbacher:
       "Fix two bugs leading to leaked buffer head references:
      
         - gfs2: Put bitmap buffers in put_super
         - gfs2: Fix iomap buffer head reference counting bug
      
        And one bug leading to significant slow-downs when deleting large
        files:
      
         - gfs2: Fix metadata read-ahead during truncate (2)"
      
      * tag 'gfs2-4.20.fixes3' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
        gfs2: Fix iomap buffer head reference counting bug
        gfs2: Fix metadata read-ahead during truncate (2)
        gfs2: Put bitmap buffers in put_super
      e6a2562f
    • Andreas Gruenbacher's avatar
      gfs2: Fix iomap buffer head reference counting bug · c26b5aa8
      Andreas Gruenbacher authored
      GFS2 passes the inode buffer head (dibh) from gfs2_iomap_begin to
      gfs2_iomap_end in iomap->private.  It sets that private pointer in
      gfs2_iomap_get.  Users of gfs2_iomap_get other than gfs2_iomap_begin
      would have to release iomap->private, but this isn't done correctly,
      leading to a leak of buffer head references.
      
      To fix this, move the code for setting iomap->private from
      gfs2_iomap_get to gfs2_iomap_begin.
      
      Fixes: 64bc06bb ("gfs2: iomap buffered write support")
      Cc: stable@vger.kernel.org # v4.19+
      Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      c26b5aa8
    • Linus Torvalds's avatar
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 32e2524a
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
       "This fixes the following issues:
      
         - Potential memory overwrite in simd
      
         - Kernel info leaks in crypto_user
      
         - NULL dereference and use-after-free in hisilicon"
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: user - Zeroize whole structure given to user space
        crypto: user - fix leaking uninitialized memory to userspace
        crypto: simd - correctly take reqsize of wrapped skcipher into account
        crypto: hisilicon - Fix reference after free of memories on error path
        crypto: hisilicon - Fix NULL dereference for same dst and src
      32e2524a
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2018-11-16' of git://anongit.freedesktop.org/drm/drm · 4efd3460
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Live from Vancouver, SoC maintainer talk, this weeks drm fixes pull
        for rc3:
      
        omapdrm:
         - regression fixes for the reordering bridge stuff that went into rc1
      
        i915:
         - incorrect EU count fix
         - HPD storm fix
         - MST fix
         - relocation fix for gen4/5
      
        amdgpu:
         - huge page handling fix
         - IH ring setup
         - XGMI aperture setup
         - watermark setup fix
      
        misc:
         - docs and MST fix"
      
      * tag 'drm-fixes-2018-11-16' of git://anongit.freedesktop.org/drm/drm: (23 commits)
        drm/i915: Account for scale factor when calculating initial phase
        drm/i915: Clean up skl_program_scaler()
        drm/i915: Move programming plane scaler to its own function.
        drm/i915/icl: Drop spurious register read from icl_dbuf_slices_update
        drm/i915: fix broadwell EU computation
        drm/amdgpu: fix huge page handling on Vega10
        drm/amd/pp: Fix truncated clock value when set watermark
        drm/amdgpu: fix bug with IH ring setup
        drm/meson: venc: dmt mode must use encp
        drm/amdgpu: set system aperture to cover whole FB region
        drm/i915: Fix hpd handling for pins with two encoders
        drm/i915/execlists: Force write serialisation into context image vs execution
        drm/i915/icl: Fix power well 2 wrt. DC-off toggling order
        drm/i915: Fix NULL deref when re-enabling HPD IRQs on systems with MST
        drm/i915: Fix possible race in intel_dp_add_mst_connector()
        drm/i915/ringbuffer: Delay after EMIT_INVALIDATE for gen4/gen5
        drm/omap: dsi: Fix missing of_platform_depopulate()
        drm/omap: Move DISPC runtime PM handling to omapdrm
        drm/omap: dsi: Ensure the device is active during probe
        drm/omap: hdmi4: Ensure the device is active during bind
        ...
      4efd3460
    • Linus Torvalds's avatar
      Merge tag 'powerpc-4.20-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · ef268de1
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
       "Two weeks worth of fixes since rc1.
      
         - I broke 16-byte alignment of the stack when we moved PPR into
           pt_regs. Despite being required by the ABI this broke almost
           nothing, we eventually hit it in code where GCC does arithmetic on
           the stack pointer assuming the bottom 4 bits are clear. Fix it by
           padding the in-kernel pt_regs by 8 bytes.
      
         - A couple of commits fixing minor bugs in the recent SLB rewrite.
      
         - A build fix related to tracepoints in KVM in some configurations.
      
         - Our old "IO workarounds" code written for Cell couldn't coexist in
           a kernel that runs on Power9 with the Radix MMU, fix that.
      
         - Remove the NPU DMA ops, these just printed a warning and should
           never have been called.
      
         - Suppress an overly chatty message triggered by CPU hotplug in some
           configs.
      
         - Two small selftest fixes.
      
        Thanks to: Alistair Popple, Gustavo Romero, Nicholas Piggin, Satheesh
        Rajendran, Scott Wood"
      
      * tag 'powerpc-4.20-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        selftests/powerpc: Adjust wild_bctr to build with old binutils
        powerpc/64: Fix kernel stack 16-byte alignment
        powerpc/numa: Suppress "VPHN is not supported" messages
        selftests/powerpc: Fix wild_bctr test to work on ppc64
        powerpc/io: Fix the IO workarounds code to work with Radix
        powerpc/mm/64s: Fix preempt warning in slb_allocate_kernel()
        KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE
        powerpc/mm/64s: Only use slbfee on CPUs that support it
        powerpc/mm/64s: Use PPC_SLBFEE macro
        powerpc/mm/64s: Consolidate SLB assertions
        powerpc/powernv/npu: Remove NPU DMA ops
      ef268de1
    • Linus Torvalds's avatar
      Merge tag 'xtensa-20181115' of git://github.com/jcmvbkbc/linux-xtensa · 50d25bdc
      Linus Torvalds authored
      Pull Xtensa fixes from Max Filippov:
      
       - fix stack alignment for bFLT binaries.
      
       - fix physical-to-virtual address translation for boot parameters in
         MMUv3 256+256 and 512+512 virtual memory layouts.
      
      * tag 'xtensa-20181115' of git://github.com/jcmvbkbc/linux-xtensa:
        xtensa: fix boot parameters address translation
        xtensa: make sure bFLT stack is 16 byte aligned
      50d25bdc
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20181115' of git://git.kernel.dk/linux-block · 59749c2d
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - Discard loop fix, caused by integer overflow (Dave)
      
       - Blacklist of Samsung drive that hangs with power management (Diego)
      
       - Copy bio priority when cloning it (Hannes)
      
       - Fix race condition exposed in floppy (me)
      
       - Fix SCSI queue cleanup regression. While elusive, it caused oopses in
         queue running (Ming)
      
       - Fix bad string copy in kyber tracing (Omar)
      
      * tag 'for-linus-20181115' of git://git.kernel.dk/linux-block:
        SCSI: fix queue cleanup race before queue initialization is done
        block: fix 32 bit overflow in __blkdev_issue_discard()
        libata: blacklist SAMSUNG MZ7TD256HAFV-000L9 SSD
        block: copy ioprio in __bio_clone_fast() and bounce
        kyber: fix wrong strlcpy() size in trace_kyber_latency()
        floppy: fix race condition in __floppy_read_block_0()
      59749c2d
    • Linus Torvalds's avatar
      Merge tag 'fuse-fixes-4.20-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse · 9b5f361a
      Linus Torvalds authored
      Pull fuse fixes from Miklos Szeredi:
       "A couple of fixes, all bound for -stable (i.e. not regressions in this
        cycle)"
      
      * tag 'fuse-fixes-4.20-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
        fuse: fix use-after-free in fuse_direct_IO()
        fuse: fix possibly missed wake-up after abort
        fuse: fix leaked notify reply
      9b5f361a
  4. 15 Nov, 2018 6 commits