- 13 May, 2015 29 commits
-
-
Markos Chandras authored
Commit 5306a545 upstream. Commit 32098ec7 ("MIPS: Makefile: Move the ASEs checks after setting the core's CFLAGS") re-arranged the MIPS ASE detection code and also added the current cflags to the detection logic. However, this introduced a few bugs. First of all, the mips-cflags should not be quoted since that ends up being passed as a string to subsequent commands leading to broken detection from the cc-option-* tools. Moreover, in order to avoid duplicating the cflags-y because of how cc-option works, we rework the logic so we pass only those cflags which are needed by the selected ASE. Finally, fix some typos resulting in MSA not being detected correctly. Signed-off-by:
Markos Chandras <markos.chandras@imgtec.com> Fixes: Commit 32098ec7 ("MIPS: Makefile: Move the ASEs checks after setting the core's CFLAGS") Cc: Maciej W. Rozycki <macro@linux-mips.org> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/9661/Signed-off-by:
Ralf Baechle <ralf@linux-mips.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Markos Chandras authored
Commit 48f8eaee upstream. Set good default FPU flags (FR0) for O32 binaries similar to what the kernel does for the N64/N32 ones. This also fixes a regression introduced in commit 46490b57 ("MIPS: kernel: elf: Improve the overall ABI and FPU mode checks") when MIPS_O32_FP64_SUPPORT is disabled. In that case, the mips_set_personality_fp() did not set the FPU mode at all because it assumed that the FPU mode was already set properly. That led to O32 userland problems. Signed-off-by:
Mans Rullgard <mans@mansr.com> Fixes: 46490b57 ("MIPS: kernel: elf: Improve the overall ABI and FPU mode checks") Tested-by:
Aaro Koskinen <aaro.koskinen@iki.fi> Cc: Matthew Fortune <Matthew.Fortune@imgtec.com> Cc: Paul Burton <paul.burton@imgtec.com> Cc: linux-mips@linux-mips.org Patchwork: http://patchwork.linux-mips.org/patch/9344/Signed-off-by:
-
Rafał Miłecki authored
Commit 96f7c213 upstream. Since the day of adding this code it was broken. We were iterating over a wrong array and checking for wrong NVRAM entry. Signed-off-by:
Rafał Miłecki <zajec5@gmail.com> Cc: linux-mips@linux-mips.org Cc: Hauke Mehrtens <hauke@hauke-m.de> Patchwork: https://patchwork.linux-mips.org/patch/9654/Signed-off-by:
-
Markos Chandras authored
Commit 6ca716f2 upstream. A 64-bit build for Malta produces far too many build problems when SMP/CPS is selected. Moreover, there is currently no 64-bit product with SMP/CPS so we disable SMP/CPS when building for 64-bit until it is properly supported. Signed-off-by:
-
Niklas Cassel authored
Commit 90db024f upstream. If we have an FPU, enroll ourselves in the FPU-full mask. Matching the MT_SMP and CMP implementations of smp_setup. Signed-off-by:
Niklas Cassel <niklass@axis.com> Cc: paul.burton@imgtec.com Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/8948/Signed-off-by:
-
John Crispin authored
Commit a7b7aad3 upstream. A driver was added in commit 5433acd8 ("MIPS: ralink: add illegal access driver") without the Kconfig section being added. Fix this by adding the symbol to the Kconfig file. Signed-off-by:
John Crispin <blogic@openwrt.org> Reported-by:
Paul Bolle <pebolle@tiscali.nl> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/9299/Signed-off-by:
-
John Crispin authored
Commit 93a7de88 upstream. A wrong symbol is referenced by commit 187c26dd ("MIPS: ralink: add rt2880 pci driver"). Fix this by changing it to the correct symbol. Signed-off-by:
-
Adrien Schildknecht authored
Commit 179fa46f upstream. The commit 21400f25 ("MIPS: BCM47XX: Make ssb init NVRAM instead of bcm47xx polling it") introduces a dependency to SSB_SFLASH but did not add it to the Kconfig. drivers/ssb/driver_mipscore.c:216:36: error: 'struct ssb_mipscore' has no member named 'sflash' struct ssb_sflash *sflash = &mcore->sflash; ^ drivers/ssb/driver_mipscore.c:249:12: error: dereferencing pointer to incomplete type if (sflash->present) { ^ Signed-off-by:
Adrien Schildknecht <adrien+dev@schischi.me> Cc: m@bues.ch Cc: zajec5@gmail.com Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/9598/Signed-off-by:
-
Ralf Baechle authored
Commit 9eaffa84 upstream. For a discussion, see http://patchwork.linux-mips.org/patch/9539/. This reverts commit 625c0a21. Signed-off-by:
-
Ralf Baechle authored
Commit f05ff433 upstream. This is no longer needed with the fixed, new and improved definition of cpu_has_mips_r2_exec_hazard in <asm/cpu-features.h>. For a discussion, see http://patchwork.linux-mips.org/patch/9539/. Signed-off-by:
-
Ralf Baechle authored
Commit 9cdf30bd upstream. Returns a non-zero value if the current processor implementation requires an IHB instruction to deal with an instruction hazard as per MIPS R2 architecture specification, zero otherwise. For a discussion, see http://patchwork.linux-mips.org/patch/9539/. Signed-off-by:
-
Markos Chandras authored
Commit aebac993 upstream. Commit 6ebb496f("MIPS: kernel: entry.S: Add MIPS R6 related definitions") added the MIPSR6 definition but it did not update the ISA level of the actual assembly code so a pre-MIPSR6 jr.hb instruction was generated instead. Fix this by using the MISP_ISA_LEVEL_RAW macro. Signed-off-by:
-
Markos Chandras authored
Commit 51822216 upstream. Commit 5753762c("MIPS: asm: spinlock: Replace "sub" instruction with "addiu") replaced the "sub" instruction with addiu but it did not update the immediate value in the R10000_LLSC_WAR case. Signed-off-by:
-
Markos Chandras authored
Commit f6b39ae6 upstream. Commit 934c7923("MIPS: asm: r4kcache: Add MIPS R6 cache unroll functions") added support for MIPS R6 cache flushes but it used the wrong base address register to perform the flushes so the same lines were flushed over and over. Moreover, replace the "addiu" instructions with LONG_ADDIU so the correct base address is calculated for 64-bit cores. Signed-off-by:
Maciej W. Rozycki <macro@linux-mips.org> Patchwork: https://patchwork.linux-mips.org/patch/9384/Signed-off-by:
-
Markos Chandras authored
Commit 07edf0d4 upstream. Commit b0a668fb ("MIPS: kernel: mips-r2-to-r6-emul: Add R2 emulator for MIPS R6") added the mips r2-to-r6 emulator so an R2 userland can be executed on R6 kernels. This needed both build time and runtime support. The runtime support needed the "mipsr2emu" kernel parameter instead of the "mipsr2emul" listed in the Kconfig help message. Signed-off-by:
-
Ganesan Ramalingam authored
Commit 872cd4c2 upstream. Update to the SATA PHY initialization. This is needed for SATA detection to succeed in all configurations. Signed-off-by:
Ganesan Ramalingam <ganesanr@broadcom.com> Signed-off-by:
Jayachandran C <jchandra@broadcom.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/8886/Signed-off-by:
-
Aaro Koskinen authored
Commit b083518c upstream. Fix PCI interrupt mapping for DSR1000N. This will get the PCI slot interrupts working. The mapping is based on D-Link GPL tarball. Signed-off-by:
-
Alexander Sverdlin authored
Commit 73bf3c2a upstream. udelay() in PCI/PCIe read/write callbacks cause 30ms IRQ latency on Octeon platforms because these operations are called from PCI_OP_READ() and PCI_OP_WRITE() under raw_spin_lock_irqsave(). Signed-off-by:
Alexander Sverdlin <alexander.sverdlin@nokia.com> Cc: linux-mips@linux-mips.org Cc: David Daney <ddaney@cavium.com> Cc: Rob Herring <robh@kernel.org> Cc: Jiri Kosina <jkosina@suse.cz> Cc: Randy Dunlap <rdunlap@infradead.org> Cc: Masanari Iida <standby24x7@gmail.com> Cc: Bjorn Helgaas <bhelgaas@google.com> Cc: Mathias <mathias.rulf@nokia.com> Patchwork: https://patchwork.linux-mips.org/patch/9576/Signed-off-by:
-
Lars Persson authored
Commit 4d46a67a upstream. The lazy cache flushing implemented in the MIPS kernel suffers from a race condition that is exposed by do_set_pte() in mm/memory.c. A pre-condition is a file-system that writes to the page from the CPU in its readpage method and then calls flush_dcache_page(). One example is ubifs. Another pre-condition is that the dcache flush is postponed in __flush_dcache_page(). Upon a page fault for an executable mapping not existing in the page-cache, the following will happen: 1. Write to the page 2. flush_dcache_page 3. flush_icache_page 4. set_pte_at 5. update_mmu_cache (commits the flush of a dcache-dirty page) Between steps 4 and 5 another thread can hit the same page and it will encounter a valid pte. Because the data still is in the L1 dcache the CPU will fetch stale data from L2 into the icache and execute garbage. This fix moves the commit of the cache flush to step 3 to close the race window. It also reduces the amount of flushes on non-executable mappings because we never enter __flush_dcache_page() for non-aliasing CPUs. Regressions can occur in drivers that mistakenly relies on the flush_dcache_page() in get_user_pages() for DMA operations. [ralf@linux-mips.org: Folded in patch 9346 to fix highmem issue.] Signed-off-by:
Lars Persson <larper@axis.com> Cc: linux-mips@linux-mips.org Cc: paul.burton@imgtec.com Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/9346/ Patchwork: https://patchwork.linux-mips.org/patch/9738/Signed-off-by:
-
Lars Persson authored
Commit 5b9593f3 upstream. Revert commit 2a4a8b1e ("MIPS: Remove race window in page fault handling") because it increased the number of flushed dcache pages and became a performance problem for some workloads. Signed-off-by:
-
Chandrakala Chavva authored
Commit 9a49899e upstream. Also delete unused cvmx_reset_octeon() This fixes reboot for Octeon III boards Signed-off-by:
Chandrakala Chavva <cchavva@caviumnetworks.com> Signed-off-by:
Aleksey Makarov <aleksey.makarov@auriga.com> Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: David Daney <david.daney@cavium.com> Patchwork: https://patchwork.linux-mips.org/patch/9471/Signed-off-by:
-
Aaro Koskinen authored
Commit a8667d70 upstream. CONFIG_USB_OCTEON_OHCI is deprecated and no longer needed to use OHCI on OCTEON II. Instead, CONFIG_USB_OHCI_HCD_PLATFORM should be used. Signed-off-by:
-
Nicolas Schichan authored
Commit 2ec459f2 upstream. When called from prom init code, bcm63xx_gpio_init() will fail as it will call gpiochip_add() which relies on a working kmalloc() to alloc the gpio_desc array and kmalloc is not useable yet at prom init time. Move bcm63xx_gpio_init() to bcm63xx_register_devices() (an arch_initcall) where kmalloc works. Fixes: 14e85c0e ("gpio: remove gpio_descs global array") Signed-off-by:
Nicolas Schichan <nschichan@freebox.fr> Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Cc: Alexandre Courbot <acourbot@nvidia.com> Patchwork: https://patchwork.linux-mips.org/patch/9530/Signed-off-by:
-
David S. Miller authored
[ Upstream commit a134f083 ] If we don't do that, then the poison value is left in the ->pprev backlink. This can cause crashes if we do a disconnect, followed by a connect(). Tested-by:
Linus Torvalds <torvalds@linux-foundation.org> Reported-by:
Wen Xu <hotdog3645@gmail.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
-
Ido Shamay authored
[ Upstream commit 07841f9d ] When system is out of memory, refilling of RX buffers fails while the driver continue to pass the received packets to the kernel stack. At some point, when all RX buffers deplete, driver may fall into a sleep, and not recover when memory for new RX buffers is once again availible. This is because hardware does not have valid descriptors, so no interrupt will be generated for the driver to return to work in napi context. Fix it by schedule the napi poll function from stats_task delayed workqueue, as long as the allocations fail. Signed-off-by:
Ido Shamay <idos@mellanox.com> Signed-off-by:
Amir Vadai <amirv@mellanox.com> Signed-off-by:
-
Hariprasad Shenai authored
[ Upstream commit 7f0b8a56 ] Commit 6559a7e8 ("cxgb4: Cleanup macros so they follow the same style and look consistent") introduced a regression where reading MC1 memory in adapters where MC0 isn't present or MC0 size is not equal to MC1 size caused the adapter to crash due to incorrect computation of memoffset. Fix is to read the size of MC0 instead of MC1 for offset calculation Signed-off-by:
Steve Wise <swise@opengridcomputing.com> Signed-off-by:
Hariprasad Shenai <hariprasad@chelsio.com> Signed-off-by:
-
Benjamin Poirier authored
[ Upstream commit 42eab005 ] By default, the number of tx queues is limited by the number of online cpus in mlx4_en_get_profile(). However, this limit no longer holds after the ethtool .set_channels method has been called. In that situation, the driver may access invalid bits of certain cpumask variables when queue_index >= nr_cpu_ids. Signed-off-by:
Benjamin Poirier <bpoirier@suse.de> Acked-by:
-
Herbert Xu authored
[ Upstream commit cb6ccf09 ] The commit 3cdaa5be ("ipv4: Don't increase PMTU with Datagram Too Big message") broke PMTU in cases where the rt_pmtu value has expired but is smaller than the new PMTU value. This obsolete rt_pmtu then prevents the new PMTU value from being installed. Fixes: 3cdaa5be ("ipv4: Don't increase PMTU with Datagram Too Big message") Reported-by:
Gerd v. Egidy <gerd.von.egidy@intra2net.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
-
Alexei Starovoitov authored
[ Upstream commit 876a7ae6 ] ALU64_DIV instruction should be dividing 64-bit by 64-bit, whereas do_div() does 64-bit by 32-bit divide. x64 and arm64 JITs correctly implement 64 by 64 unsigned divide. llvm BPF backend emits code assuming that ALU64_DIV does 64 by 64. Fixes: 89aa0758 ("net: sock: allow eBPF programs to be attached to sockets") Reported-by:
Michael Holzheu <holzheu@linux.vnet.ibm.com> Acked-by:
Daniel Borkmann <daniel@iogearbox.net> Signed-off-by:
Alexei Starovoitov <ast@plumgrid.com> Signed-off-by:
-
- 06 May, 2015 11 commits
-
-
Greg Kroah-Hartman authored
-
Florian Westphal authored
commit 0b67c43c upstream. We also need to save/store in forward, else br_parse_ip_options call will zero frag_max_size as well. Fixes: 93fdd47e ('bridge: Save frag_max_size between PRE_ROUTING and POST_ROUTING') Signed-off-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by:
-
Junjie Mao authored
commit 1c34203a upstream. It is not necessary to call device_remove_groups() when device_add_groups() fails. The group added by device_add_groups() should be removed if sysfs_create_link() fails. Fixes: fa6fdb33 ("driver core: bus_type: add dev_groups") Signed-off-by:
Junjie Mao <junjie_mao@yeah.net> Signed-off-by:
-
Linus Walleij authored
commit 7085a740 upstream. This fixes a regression from the net subsystem: After commit d52fdbb7 "smc91x: retrieve IRQ and trigger flags in a modern way" a regression would appear on some legacy platforms such as the ARM PXA Zylonite that specify IRQ resources like this: static struct resource r = { .start = X, .end = X, .flags = IORESOURCE_IRQ | IORESOURCE_IRQ_HIGHEDGE, }; The previous code would retrieve the resource and parse the high edge setting in the SMC91x driver, a use pattern that means every driver specifying an IRQ flag from a static resource need to parse resource flags and apply them at runtime. As we switched the code to use IRQ descriptors to retrieve the the trigger type like this: irqd_get_trigger_type(irq_get_irq_data(...)); the code would work for new platforms using e.g. device tree as the backing irq descriptor would have its flags properly set, whereas this kind of oldstyle static resources at no point assign the trigger flags to the corresponding IRQ descriptor. To make the behaviour identical on modern device tree and legacy static platform data platforms, modify platform_get_irq() to assign the trigger flags to the irq descriptor when a client looks up an IRQ from static resources. Fixes: d52fdbb7 ("smc91x: retrieve IRQ and trigger flags in a modern way") Tested-by:
Robert Jarzmik <robert.jarzmik@free.fr> Signed-off-by:
Linus Walleij <linus.walleij@linaro.org> Signed-off-by:
-
Dan Carpenter authored
commit 13f6b191 upstream. Using the indenting we can see the curly braces were obviously intended. This is a static checker fix, but my guess is that we don't read enough bytes, because we don't calculate "t_len" correctly. Fixes: f1d82698 ('memstick: use fully asynchronous request processing') Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Cc: Alex Dubov <oakad@yahoo.com> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
-
Nishanth Menon authored
commit f4831605 upstream. time_init invokes timer64_init (which is __init annotation) since all of these are invoked at init time, lets maintain consistency by ensuring time_init is marked appropriately as well. This fixes the following warning with CONFIG_DEBUG_SECTION_MISMATCH=y WARNING: vmlinux.o(.text+0x3bfc): Section mismatch in reference from the function time_init() to the function .init.text:timer64_init() The function time_init() references the function __init timer64_init(). This is often because time_init lacks a __init annotation or the annotation of timer64_init is wrong. Fixes: 546a3954 ("C6X: time management") Signed-off-by:
Nishanth Menon <nm@ti.com> Signed-off-by:
Mark Salter <msalter@redhat.com> Signed-off-by:
-
Vutla, Lokesh authored
commit 6d7e7e02 upstream. For cases where total length of an input SGs is not same as length of the input data for encryption, omap-aes driver crashes. This happens in the case when IPsec is trying to use omap-aes driver. To avoid this, we copy all the pages from the input SG list into a contiguous buffer and prepare a single element SG list for this buffer with length as the total bytes to crypt, which is similar thing that is done in case of unaligned lengths. Fixes: 6242332f ("crypto: omap-aes - Add support for cases of unaligned lengths") Signed-off-by:
Lokesh Vutla <lokeshvutla@ti.com> Signed-off-by:
-
Nicolas Iooss authored
commit a3fa71c4 upstream. In struct wl18xx_acx_rx_rate_stat, rx_frames_per_rates field is an array, not a number. This means WL18XX_DEBUGFS_FWSTATS_FILE can't be used to display this field in debugfs (it would display a pointer, not the actual data). Use WL18XX_DEBUGFS_FWSTATS_FILE_ARRAY instead. This bug has been found by adding a __printf attribute to wl1271_format_buffer. gcc complained about "format '%u' expects argument of type 'unsigned int', but argument 5 has type 'u32 *'". Fixes: c5d94169 ("wl18xx: use new fw stats structures") Signed-off-by:
Nicolas Iooss <nicolas.iooss_linux@m4x.org> Signed-off-by:
Kalle Valo <kvalo@codeaurora.org> Signed-off-by:
-
mancha security authored
commit 0b053c95 upstream. OPTIMIZER_HIDE_VAR(), as defined when using gcc, is insufficient to ensure protection from dead store optimization. For the random driver and crypto drivers, calls are emitted ... $ gdb vmlinux (gdb) disassemble memzero_explicit Dump of assembler code for function memzero_explicit: 0xffffffff813a18b0 <+0>: push %rbp 0xffffffff813a18b1 <+1>: mov %rsi,%rdx 0xffffffff813a18b4 <+4>: xor %esi,%esi 0xffffffff813a18b6 <+6>: mov %rsp,%rbp 0xffffffff813a18b9 <+9>: callq 0xffffffff813a7120 <memset> 0xffffffff813a18be <+14>: pop %rbp 0xffffffff813a18bf <+15>: retq End of assembler dump. (gdb) disassemble extract_entropy [...] 0xffffffff814a5009 <+313>: mov %r12,%rdi 0xffffffff814a500c <+316>: mov $0xa,%esi 0xffffffff814a5011 <+321>: callq 0xffffffff813a18b0 <memzero_explicit> 0xffffffff814a5016 <+326>: mov -0x48(%rbp),%rax [...] ... but in case in future we might use facilities such as LTO, then OPTIMIZER_HIDE_VAR() is not sufficient to protect gcc from a possible eviction of the memset(). We have to use a compiler barrier instead. Minimal test example when we assume memzero_explicit() would *not* be a call, but would have been *inlined* instead: static inline void memzero_explicit(void *s, size_t count) { memset(s, 0, count); <foo> } int main(void) { char buff[20]; snprintf(buff, sizeof(buff) - 1, "test"); printf("%s", buff); memzero_explicit(buff, sizeof(buff)); return 0; } With <foo> := OPTIMIZER_HIDE_VAR(): (gdb) disassemble main Dump of assembler code for function main: [...] 0x0000000000400464 <+36>: callq 0x400410 <printf@plt> 0x0000000000400469 <+41>: xor %eax,%eax 0x000000000040046b <+43>: add $0x28,%rsp 0x000000000040046f <+47>: retq End of assembler dump. With <foo> := barrier(): (gdb) disassemble main Dump of assembler code for function main: [...] 0x0000000000400464 <+36>: callq 0x400410 <printf@plt> 0x0000000000400469 <+41>: movq $0x0,(%rsp) 0x0000000000400471 <+49>: movq $0x0,0x8(%rsp) 0x000000000040047a <+58>: movl $0x0,0x10(%rsp) 0x0000000000400482 <+66>: xor %eax,%eax 0x0000000000400484 <+68>: add $0x28,%rsp 0x0000000000400488 <+72>: retq End of assembler dump. As can be seen, movq, movq, movl are being emitted inlined via memset(). Reference: http://thread.gmane.org/gmane.linux.kernel.cryptoapi/13764/ Fixes: d4c5efdb ("random: add and use memzero_explicit() for clearing data") Cc: Theodore Ts'o <tytso@mit.edu> Signed-off-by:
mancha security <mancha1@zoho.com> Signed-off-by:
Hannes Frederic Sowa <hannes@stressinduktion.org> Acked-by:
Stephan Mueller <smueller@chronox.de> Signed-off-by:
-
David Rientjes authored
commit 5265047a upstream. Commit 077fcf11 ("mm/thp: allocate transparent hugepages on local node") restructured alloc_hugepage_vma() with the intent of only allocating transparent hugepages locally when there was not an effective interleave mempolicy. alloc_pages_exact_node() does not limit the allocation to the single node, however, but rather prefers it. This is because __GFP_THISNODE is not set which would cause the node-local nodemask to be passed. Without it, only a nodemask that prefers the local node is passed. Fix this by passing __GFP_THISNODE and falling back to small pages when the allocation fails. Commit 9f1b868a ("mm: thp: khugepaged: add policy for finding target node") suffers from a similar problem for khugepaged, which is also fixed. Fixes: 077fcf11 ("mm/thp: allocate transparent hugepages on local node") Fixes: 9f1b868a ("mm: thp: khugepaged: add policy for finding target node") Signed-off-by:
David Rientjes <rientjes@google.com> Acked-by:
Vlastimil Babka <vbabka@suse.cz> Cc: Christoph Lameter <cl@linux.com> Cc: Pekka Enberg <penberg@kernel.org> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Mel Gorman <mgorman@suse.de> Cc: Pravin Shelar <pshelar@nicira.com> Cc: Jarno Rajahalme <jrajahalme@nicira.com> Cc: Li Zefan <lizefan@huawei.com> Cc: Greg Thelen <gthelen@google.com> Cc: Tejun Heo <tj@kernel.org> Signed-off-by:
-
Daniel Borkmann authored
commit 80f1d68c upstream. I noticed that a helper function with argument type ARG_ANYTHING does not need to have an initialized value (register). This can worst case lead to unintented stack memory leakage in future helper functions if they are not carefully designed, or unintended application behaviour in case the application developer was not careful enough to match a correct helper function signature in the API. The underlying issue is that ARG_ANYTHING should actually be split into two different semantics: 1) ARG_DONTCARE for function arguments that the helper function does not care about (in other words: the default for unused function arguments), and 2) ARG_ANYTHING that is an argument actually being used by a helper function and *guaranteed* to be an initialized register. The current risk is low: ARG_ANYTHING is only used for the 'flags' argument (r4) in bpf_map_update_elem() that internally does strict checking. Fixes: 17a52670 ("bpf: verifier (add verifier core)") Signed-off-by:
-
