1. 23 May, 2020 5 commits
  2. 22 May, 2020 7 commits
  3. 21 May, 2020 12 commits
    • Linus Torvalds's avatar
      Merge tag 'apparmor-pr-2020-05-21' of... · 051143e1
      Linus Torvalds authored
      Merge tag 'apparmor-pr-2020-05-21' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
      
      Pull apparmor bug fixes from John Johansen:
      
       - Fix use-after-free in aa_audit_rule_init
      
       - Fix refcnt leak in policy_update
      
       - Fix potential label refcnt leak in aa_change_profile
      
      * tag 'apparmor-pr-2020-05-21' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
        apparmor: Fix use-after-free in aa_audit_rule_init
        apparmor: Fix aa_label refcnt leak in policy_update
        apparmor: fix potential label refcnt leak in aa_change_profile
      051143e1
    • Namjae Jeon's avatar
      exfat: add the dummy mount options to be backward compatible with staging/exfat · 907fa893
      Namjae Jeon authored
      As Ubuntu and Fedora release new version used kernel version equal to or
      higher than v5.4, They started to support kernel exfat filesystem.
      
      Linus reported a mount error with new version of exfat on Fedora:
      
              exfat: Unknown parameter 'namecase'
      
      This is because there is a difference in mount option between old
      staging/exfat and new exfat.  And utf8, debug, and codepage options as
      well as namecase have been removed from new exfat.
      
      This patch add the dummy mount options as deprecated option to be
      backward compatible with old one.
      Reported-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarNamjae Jeon <namjae.jeon@samsung.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Eric Sandeen <sandeen@sandeen.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      907fa893
    • Navid Emamdoost's avatar
      apparmor: Fix use-after-free in aa_audit_rule_init · c54d481d
      Navid Emamdoost authored
      In the implementation of aa_audit_rule_init(), when aa_label_parse()
      fails the allocated memory for rule is released using
      aa_audit_rule_free(). But after this release, the return statement
      tries to access the label field of the rule which results in
      use-after-free. Before releasing the rule, copy errNo and return it
      after release.
      
      Fixes: 52e8c380 ("apparmor: Fix memory leak of rule on error exit path")
      Signed-off-by: default avatarNavid Emamdoost <navid.emamdoost@gmail.com>
      Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      c54d481d
    • Xiyu Yang's avatar
      apparmor: Fix aa_label refcnt leak in policy_update · c6b39f07
      Xiyu Yang authored
      policy_update() invokes begin_current_label_crit_section(), which
      returns a reference of the updated aa_label object to "label" with
      increased refcount.
      
      When policy_update() returns, "label" becomes invalid, so the refcount
      should be decreased to keep refcount balanced.
      
      The reference counting issue happens in one exception handling path of
      policy_update(). When aa_may_manage_policy() returns not NULL, the
      refcnt increased by begin_current_label_crit_section() is not decreased,
      causing a refcnt leak.
      
      Fix this issue by jumping to "end_section" label when
      aa_may_manage_policy() returns not NULL.
      
      Fixes: 5ac8c355 ("apparmor: allow introspecting the loaded policy pre internal transform")
      Signed-off-by: default avatarXiyu Yang <xiyuyang19@fudan.edu.cn>
      Signed-off-by: default avatarXin Tan <tanxin.ctf@gmail.com>
      Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      c6b39f07
    • Xiyu Yang's avatar
      apparmor: fix potential label refcnt leak in aa_change_profile · a0b845ff
      Xiyu Yang authored
      aa_change_profile() invokes aa_get_current_label(), which returns
      a reference of the current task's label.
      
      According to the comment of aa_get_current_label(), the returned
      reference must be put with aa_put_label().
      However, when the original object pointed by "label" becomes
      unreachable because aa_change_profile() returns or a new object
      is assigned to "label", reference count increased by
      aa_get_current_label() is not decreased, causing a refcnt leak.
      
      Fix this by calling aa_put_label() before aa_change_profile() return
      and dropping unnecessary aa_get_current_label().
      
      Fixes: 9fcf78cc ("apparmor: update domain transitions that are subsets of confinement at nnp")
      Signed-off-by: default avatarXiyu Yang <xiyuyang19@fudan.edu.cn>
      Signed-off-by: default avatarXin Tan <tanxin.ctf@gmail.com>
      Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      a0b845ff
    • Palmer Dabbelt's avatar
      RISC-V: gp_in_global needs register keyword · 8356c379
      Palmer Dabbelt authored
      The Intel kernel build robot recently pointed out that I missed the
      register keyword on this one when I refactored the code to remove local
      register variables (which aren't supported by LLVM).  GCC's manual
      indicates that global register variables must have the register keyword,
      As far as I can tell lacking the register keyword causes GCC to ignore
      the __asm__ and treat this as a regular variable, but I'm not sure how
      that didn't show up as some sort of failure.
      
      Fixes: 52e7c52d ("RISC-V: Stop relying on GCC's register allocator's hueristics")
      Signed-off-by: default avatarPalmer Dabbelt <palmerdabbelt@google.com>
      8356c379
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · d2f8825a
      Linus Torvalds authored
      Pull virtio fixes from Michael Tsirkin:
       "Fix a couple of build warnings"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        vhost: missing __user tags
        vdpasim: remove unused variable 'ret'
      d2f8825a
    • Linus Torvalds's avatar
      Merge tag 'dmaengine-fix-5.7-rc7' of git://git.infradead.org/users/vkoul/slave-dma · cedd54f7
      Linus Torvalds authored
      Pull dmaengine fixes from Vinod Koul:
       "Some driver fixes:
      
         - dmatest restoration of defaults
      
         - tegra210-adma probe handling fix
      
         - k3-udma flags fixed for slave_sg and memcpy
      
         - list fix for zynqmp_dma
      
         - idxd interrupt completion fix
      
         - lock fix for owl"
      
      * tag 'dmaengine-fix-5.7-rc7' of git://git.infradead.org/users/vkoul/slave-dma:
        dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()'
        dmaengine: ti: k3-udma: Fix TR mode flags for slave_sg and memcpy
        dmaengine: zynqmp_dma: Move list_del inside zynqmp_dma_free_descriptor.
        dmaengine: dmatest: Restore default for channel
        dmaengine: idxd: fix interrupt completion after unmasking
        dmaengine: owl: Use correct lock in owl_dma_get_pchan()
      cedd54f7
    • Linus Torvalds's avatar
      Merge tag 'fiemap-regression-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · 57f1b0cf
      Linus Torvalds authored
      Pull ext4 fixes from Ted Ts'o:
       "Fix regression in ext4's FIEMAP handling introduced in v5.7-rc1"
      
      * tag 'fiemap-regression-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: fix fiemap size checks for bitmap files
        ext4: fix EXT4_MAX_LOGICAL_BLOCK macro
      57f1b0cf
    • Chaitanya Kulkarni's avatar
      null_blk: don't allow discard for zoned mode · 1592cd15
      Chaitanya Kulkarni authored
      Zoned block device specification do not define the behavior of
      discard/trim command as this command is generally replaced by the reset
      write pointer (zone reset) command. Emulate this in null_blk by making
      zoned and discard options mutually exclusive.
      Suggested-by: default avatarDamien Le Moal <damien.lemoal@wdc.com>
      Signed-off-by: default avatarChaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      1592cd15
    • Chaitanya Kulkarni's avatar
      null_blk: return error for invalid zone size · e2748325
      Chaitanya Kulkarni authored
      In null_init_zone_dev() check if the zone size is larger than device
      capacity, return error if needed.
      
      This also fixes the following oops :-
      
      null_blk: changed the number of conventional zones to 4294967295
      BUG: kernel NULL pointer dereference, address: 0000000000000010
      PGD 7d76c5067 P4D 7d76c5067 PUD 7d240c067 PMD 0
      Oops: 0002 [#1] SMP NOPTI
      CPU: 4 PID: 5508 Comm: nullbtests.sh Tainted: G OE 5.7.0-rc4lblk-fnext0
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e4
      RIP: 0010:null_init_zoned_dev+0x17a/0x27f [null_blk]
      RSP: 0018:ffffc90007007e00 EFLAGS: 00010246
      RAX: 0000000000000020 RBX: ffff8887fb3f3c00 RCX: 0000000000000007
      RDX: 0000000000000000 RSI: ffff8887ca09d688 RDI: ffff888810fea510
      RBP: 0000000000000010 R08: ffff8887ca09d688 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000000 R12: ffff8887c26e8000
      R13: ffffffffa05e9390 R14: 0000000000000000 R15: 0000000000000001
      FS:  00007fcb5256f740(0000) GS:ffff888810e00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000000000010 CR3: 000000081e8fe000 CR4: 00000000003406e0
      Call Trace:
       null_add_dev+0x534/0x71b [null_blk]
       nullb_device_power_store.cold.41+0x8/0x2e [null_blk]
       configfs_write_file+0xe6/0x150
       vfs_write+0xba/0x1e0
       ksys_write+0x5f/0xe0
       do_syscall_64+0x60/0x250
       entry_SYSCALL_64_after_hwframe+0x49/0xb3
      RIP: 0033:0x7fcb51c71840
      Signed-off-by: default avatarChaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      e2748325
    • Michael Ellerman's avatar
      powerpc/64s: Disable STRICT_KERNEL_RWX · 8659a0e0
      Michael Ellerman authored
      Several strange crashes have been eventually traced back to
      STRICT_KERNEL_RWX and its interaction with code patching.
      
      Various paths in our ftrace, kprobes and other patching code need to
      be hardened against patching failures, otherwise we can end up running
      with partially/incorrectly patched ftrace paths, kprobes or jump
      labels, which can then cause strange crashes.
      
      Although fixes for those are in development, they're not -rc material.
      
      There also seem to be problems with the underlying strict RWX logic,
      which needs further debugging.
      
      So for now disable STRICT_KERNEL_RWX on 64-bit to prevent people from
      enabling the option and tripping over the bugs.
      
      Fixes: 1e0fc9d1 ("powerpc/Kconfig: Enable STRICT_KERNEL_RWX for some configs")
      Cc: stable@vger.kernel.org # v4.13+
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Link: https://lore.kernel.org/r/20200520133605.972649-1-mpe@ellerman.id.au
      8659a0e0
  4. 20 May, 2020 11 commits
  5. 19 May, 2020 5 commits