1. 30 Apr, 2020 3 commits
    • Christophe Leroy's avatar
      powerpc/uaccess: Implement unsafe_copy_to_user() as a simple loop · 17bc4336
      Christophe Leroy authored
      At the time being, unsafe_copy_to_user() is based on
      raw_copy_to_user() which calls __copy_tofrom_user().
      
      __copy_tofrom_user() is a big optimised function to copy big amount
      of data. It aligns destinations to cache line in order to use
      dcbz instruction.
      
      Today unsafe_copy_to_user() is called only from filldir().
      It is used to mainly copy small amount of data like filenames,
      so __copy_tofrom_user() is not fit.
      
      Also, unsafe_copy_to_user() is used within user_access_begin/end
      sections. In those section, it is preferable to not call functions.
      
      Rewrite unsafe_copy_to_user() as a macro that uses __put_user_goto().
      We first perform a loop of long, then we finish with necessary
      complements.
      
      unsafe_copy_to_user() might be used in the near future to copy
      fixed-size data, like pt_regs structs during signal processing.
      Having it as a macro allows GCC to optimise it for instead when
      it knows the size in advance, it can unloop loops, drop complements
      when the size is a multiple of longs, etc ...
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/fe952112c29bf6a0a2778c9e6bbb4f4afd2c4258.1587143308.git.christophe.leroy@c-s.fr
      17bc4336
    • Christophe Leroy's avatar
      powerpc/uaccess: Implement unsafe_put_user() using 'asm goto' · 334710b1
      Christophe Leroy authored
      unsafe_put_user() is designed to take benefit of 'asm goto'.
      
      Instead of using the standard __put_user() approach and branch
      based on the returned error, use 'asm goto' and make the
      exception code branch directly to the error label. There is
      no code anymore in the fixup section.
      
      This change significantly simplifies functions using
      unsafe_put_user()
      
      Small exemple of the benefit with the following code:
      
      struct test {
      	u32 item1;
      	u16 item2;
      	u8 item3;
      	u64 item4;
      };
      
      int set_test_to_user(struct test __user *test, u32 item1, u16 item2, u8 item3, u64 item4)
      {
      	unsafe_put_user(item1, &test->item1, failed);
      	unsafe_put_user(item2, &test->item2, failed);
      	unsafe_put_user(item3, &test->item3, failed);
      	unsafe_put_user(item4, &test->item4, failed);
      	return 0;
      failed:
      	return -EFAULT;
      }
      
      Before the patch:
      
      00000be8 <set_test_to_user>:
       be8:	39 20 00 00 	li      r9,0
       bec:	90 83 00 00 	stw     r4,0(r3)
       bf0:	2f 89 00 00 	cmpwi   cr7,r9,0
       bf4:	40 9e 00 38 	bne     cr7,c2c <set_test_to_user+0x44>
       bf8:	b0 a3 00 04 	sth     r5,4(r3)
       bfc:	2f 89 00 00 	cmpwi   cr7,r9,0
       c00:	40 9e 00 2c 	bne     cr7,c2c <set_test_to_user+0x44>
       c04:	98 c3 00 06 	stb     r6,6(r3)
       c08:	2f 89 00 00 	cmpwi   cr7,r9,0
       c0c:	40 9e 00 20 	bne     cr7,c2c <set_test_to_user+0x44>
       c10:	90 e3 00 08 	stw     r7,8(r3)
       c14:	91 03 00 0c 	stw     r8,12(r3)
       c18:	21 29 00 00 	subfic  r9,r9,0
       c1c:	7d 29 49 10 	subfe   r9,r9,r9
       c20:	38 60 ff f2 	li      r3,-14
       c24:	7d 23 18 38 	and     r3,r9,r3
       c28:	4e 80 00 20 	blr
       c2c:	38 60 ff f2 	li      r3,-14
       c30:	4e 80 00 20 	blr
      
      00000000 <.fixup>:
      	...
        b8:	39 20 ff f2 	li      r9,-14
        bc:	48 00 00 00 	b       bc <.fixup+0xbc>
      			bc: R_PPC_REL24	.text+0xbf0
        c0:	39 20 ff f2 	li      r9,-14
        c4:	48 00 00 00 	b       c4 <.fixup+0xc4>
      			c4: R_PPC_REL24	.text+0xbfc
        c8:	39 20 ff f2 	li      r9,-14
        cc:	48 00 00 00 	b       cc <.fixup+0xcc>
        d0:	39 20 ff f2 	li      r9,-14
        d4:	48 00 00 00 	b       d4 <.fixup+0xd4>
      			d4: R_PPC_REL24	.text+0xc18
      
      00000000 <__ex_table>:
      	...
      			a0: R_PPC_REL32	.text+0xbec
      			a4: R_PPC_REL32	.fixup+0xb8
      			a8: R_PPC_REL32	.text+0xbf8
      			ac: R_PPC_REL32	.fixup+0xc0
      			b0: R_PPC_REL32	.text+0xc04
      			b4: R_PPC_REL32	.fixup+0xc8
      			b8: R_PPC_REL32	.text+0xc10
      			bc: R_PPC_REL32	.fixup+0xd0
      			c0: R_PPC_REL32	.text+0xc14
      			c4: R_PPC_REL32	.fixup+0xd0
      
      After the patch:
      
      00000be8 <set_test_to_user>:
       be8:	90 83 00 00 	stw     r4,0(r3)
       bec:	b0 a3 00 04 	sth     r5,4(r3)
       bf0:	98 c3 00 06 	stb     r6,6(r3)
       bf4:	90 e3 00 08 	stw     r7,8(r3)
       bf8:	91 03 00 0c 	stw     r8,12(r3)
       bfc:	38 60 00 00 	li      r3,0
       c00:	4e 80 00 20 	blr
       c04:	38 60 ff f2 	li      r3,-14
       c08:	4e 80 00 20 	blr
      
      00000000 <__ex_table>:
      	...
      			a0: R_PPC_REL32	.text+0xbe8
      			a4: R_PPC_REL32	.text+0xc04
      			a8: R_PPC_REL32	.text+0xbec
      			ac: R_PPC_REL32	.text+0xc04
      			b0: R_PPC_REL32	.text+0xbf0
      			b4: R_PPC_REL32	.text+0xc04
      			b8: R_PPC_REL32	.text+0xbf4
      			bc: R_PPC_REL32	.text+0xc04
      			c0: R_PPC_REL32	.text+0xbf8
      			c4: R_PPC_REL32	.text+0xc04
      Signed-off-by: default avatarChristophe Leroy <christophe.leroy@c-s.fr>
      Reviewed-by: default avatarSegher Boessenkool <segher@kernel.crashing.org>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/23e680624680a9a5405f4b88740d2596d4b17c26.1587143308.git.christophe.leroy@c-s.fr
      334710b1
    • Nicholas Piggin's avatar
      powerpc/uaccess: Evaluate macro arguments once, before user access is allowed · d02f6b7d
      Nicholas Piggin authored
      get/put_user() can be called with nontrivial arguments. fs/proc/page.c
      has a good example:
      
          if (put_user(stable_page_flags(ppage), out)) {
      
      stable_page_flags() is quite a lot of code, including spin locks in
      the page allocator.
      
      Ensure these arguments are evaluated before user access is allowed.
      
      This improves security by reducing code with access to userspace, but
      it also fixes a PREEMPT bug with KUAP on powerpc/64s:
      stable_page_flags() is currently called with AMR set to allow writes,
      it ends up calling spin_unlock(), which can call preempt_schedule. But
      the task switch code can not be called with AMR set (it relies on
      interrupts saving the register), so this blows up.
      
      It's fine if the code inside allow_user_access() is preemptible,
      because a timer or IPI will save the AMR, but it's not okay to
      explicitly cause a reschedule.
      
      Fixes: de78a9c4 ("powerpc: Add a framework for Kernel Userspace Access Protection")
      Signed-off-by: default avatarNicholas Piggin <npiggin@gmail.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20200407041245.600651-1-npiggin@gmail.com
      d02f6b7d
  2. 12 Apr, 2020 10 commits
    • Linus Torvalds's avatar
      Linux 5.7-rc1 · 8f3d9f35
      Linus Torvalds authored
      8f3d9f35
    • Linus Torvalds's avatar
      MAINTAINERS: sort field names for all entries · 3b50142d
      Linus Torvalds authored
      This sorts the actual field names too, potentially causing even more
      chaos and confusion at merge time if you have edited the MAINTAINERS
      file.  But the end result is a more consistent layout, and hopefully
      it's a one-time pain minimized by doing this just before the -rc1
      release.
      
      This was entirely scripted:
      
        ./scripts/parse-maintainers.pl --input=MAINTAINERS --output=MAINTAINERS --order
      Requested-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3b50142d
    • Linus Torvalds's avatar
      MAINTAINERS: sort entries by entry name · 4400b7d6
      Linus Torvalds authored
      They are all supposed to be sorted, but people who add new entries don't
      always know the alphabet.  Plus sometimes the entry names get edited,
      and people don't then re-order the entry.
      
      Let's see how painful this will be for merging purposes (the MAINTAINERS
      file is often edited in various different trees), but Joe claims there's
      relatively few patches in -next that touch this, and doing it just
      before -rc1 is likely the best time.  Fingers crossed.
      
      This was scripted with
      
        /scripts/parse-maintainers.pl --input=MAINTAINERS --output=MAINTAINERS
      
      but then I also ended up manually upper-casing a few entry names that
      stood out when looking at the end result.
      Requested-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4400b7d6
    • Linus Torvalds's avatar
      Merge tag 'x86-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 4f8a3cc1
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
       "A set of three patches to fix the fallout of the newly added split
        lock detection feature.
      
        It addressed the case where a KVM guest triggers a split lock #AC and
        KVM reinjects it into the guest which is not prepared to handle it.
      
        Add proper sanity checks which prevent the unconditional injection
        into the guest and handles the #AC on the host side in the same way as
        user space detections are handled. Depending on the detection mode it
        either warns and disables detection for the task or kills the task if
        the mode is set to fatal"
      
      * tag 'x86-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        KVM: VMX: Extend VMXs #AC interceptor to handle split lock #AC in guest
        KVM: x86: Emulate split-lock access as a write in emulator
        x86/split_lock: Provide handle_guest_split_lock()
      4f8a3cc1
    • Linus Torvalds's avatar
      Merge tag 'timers-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 0785249f
      Linus Torvalds authored
      Pull time(keeping) updates from Thomas Gleixner:
      
       - Fix the time_for_children symlink in /proc/$PID/ so it properly
         reflects that it part of the 'time' namespace
      
       - Add the missing userns limit for the allowed number of time
         namespaces, which was half defined but the actual array member was
         not added. This went unnoticed as the array has an exessive empty
         member at the end but introduced a user visible regression as the
         output was corrupted.
      
       - Prevent further silent ucount corruption by adding a BUILD_BUG_ON()
         to catch half updated data.
      
      * tag 'timers-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        ucount: Make sure ucounts in /proc/sys/user don't regress again
        time/namespace: Add max_time_namespaces ucount
        time/namespace: Fix time_for_children symlink
      0785249f
    • Linus Torvalds's avatar
      Merge tag 'sched-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 590680d1
      Linus Torvalds authored
      Pull scheduler fixes/updates from Thomas Gleixner:
      
       - Deduplicate the average computations in the scheduler core and the
         fair class code.
      
       - Fix a raise between runtime distribution and assignement which can
         cause exceeding the quota by up to 70%.
      
       - Prevent negative results in the imbalanace calculation
      
       - Remove a stale warning in the workqueue code which can be triggered
         since the call site was moved out of preempt disabled code. It's a
         false positive.
      
       - Deduplicate the print macros for procfs
      
       - Add the ucmap values to the SCHED_DEBUG procfs output for completness
      
      * tag 'sched-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/debug: Add task uclamp values to SCHED_DEBUG procfs
        sched/debug: Factor out printing formats into common macros
        sched/debug: Remove redundant macro define
        sched/core: Remove unused rq::last_load_update_tick
        workqueue: Remove the warning in wq_worker_sleeping()
        sched/fair: Fix negative imbalance in imbalance calculation
        sched/fair: Fix race between runtime distribution and assignment
        sched/fair: Align rq->avg_idle and rq->avg_scan_cost
      590680d1
    • Linus Torvalds's avatar
      Merge tag 'perf-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 20e2aa81
      Linus Torvalds authored
      Pull perf fixes from Thomas Gleixner:
       "Three fixes/updates for perf:
      
         - Fix the perf event cgroup tracking which tries to track the cgroup
           even for disabled events.
      
         - Add Ice Lake server support for uncore events
      
         - Disable pagefaults when retrieving the physical address in the
           sampling code"
      
      * tag 'perf-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/core: Disable page faults when getting phys address
        perf/x86/intel/uncore: Add Ice Lake server uncore support
        perf/cgroup: Correct indirection in perf_less_group_idx()
        perf/core: Fix event cgroup tracking
      20e2aa81
    • Linus Torvalds's avatar
      Merge tag 'locking-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 652fa53c
      Linus Torvalds authored
      Pull locking fixes from Thomas Gleixner:
       "Three small fixes/updates for the locking core code:
      
         - Plug a task struct reference leak in the percpu rswem
           implementation.
      
         - Document the refcount interaction with PID_MAX_LIMIT
      
         - Improve the 'invalid wait context' data dump in lockdep so it
           contains all information which is required to decode the problem"
      
      * tag 'locking-urgent-2020-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        locking/lockdep: Improve 'invalid wait context' splat
        locking/refcount: Document interaction with PID_MAX_LIMIT
        locking/percpu-rwsem: Fix a task_struct refcount
      652fa53c
    • Linus Torvalds's avatar
      Merge tag '5.7-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6 · 4119bf9f
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Ten cifs/smb fixes:
      
         - five RDMA (smbdirect) related fixes
      
         - add experimental support for swap over SMB3 mounts
      
         - also a fix which improves performance of signed connections"
      
      * tag '5.7-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6:
        smb3: enable swap on SMB3 mounts
        smb3: change noisy error message to FYI
        smb3: smbdirect support can be configured by default
        cifs: smbd: Do not schedule work to send immediate packet on every receive
        cifs: smbd: Properly process errors on ib_post_send
        cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets
        cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending
        cifs: smbd: Check send queue size before posting a send
        cifs: smbd: Merge code to track pending packets
        cifs: ignore cached share root handle closing errors
      4119bf9f
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-5.7-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 50bda5fa
      Linus Torvalds authored
      Pull NFS client bugfix from Trond Myklebust:
       "Fix an RCU read lock leakage in pnfs_alloc_ds_commits_list()"
      
      * tag 'nfs-for-5.7-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        pNFS: Fix RCU lock leakage
      50bda5fa
  3. 11 Apr, 2020 14 commits
  4. 10 Apr, 2020 13 commits