1. 23 Oct, 2019 32 commits
    • Arnd Bergmann's avatar
      af_unix: add compat_ioctl support · 5f6beb9e
      Arnd Bergmann authored
      The af_unix protocol family has a custom ioctl command (inexplicibly
      based on SIOCPROTOPRIVATE), but never had a compat_ioctl handler for
      32-bit applications.
      
      Since all commands are compatible here, add a trivial wrapper that
      performs the compat_ptr() conversion for SIOCOUTQ/SIOCINQ.  SIOCUNIXFILE
      does not use the argument, but it doesn't hurt to also use compat_ptr()
      here.
      
      Fixes: ba94f308 ("unix: add ioctl to open a unix socket file with O_PATH")
      Cc: netdev@vger.kernel.org
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Eric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      5f6beb9e
    • Arnd Bergmann's avatar
      compat_ioctl: reimplement SG_IO handling · 98aaaec4
      Arnd Bergmann authored
      There are two code locations that implement the SG_IO ioctl: the old
      sg.c driver, and the generic scsi_ioctl helper that is in turn used by
      multiple drivers.
      
      To eradicate the old compat_ioctl conversion handler for the SG_IO
      command, I implement a readable pair of put_sg_io_hdr() /get_sg_io_hdr()
      helper functions that can be used for both compat and native mode,
      and then I call this from both drivers.
      
      For the iovec handling, there is already a compat_import_iovec() function
      that can simply be called in place of import_iovec().
      
      To avoid having to pass the compat/native state through multiple
      indirections, I mark the SG_IO command itself as compatible in
      fs/compat_ioctl.c and use in_compat_syscall() to figure out where
      we are called from.
      
      As a side-effect of this, the sg.c driver now also accepts the 32-bit
      sg_io_hdr format in compat mode using the read/write interface, not
      just ioctl. This should improve compatiblity with old 32-bit binaries,
      but it would break if any application intentionally passes the 64-bit
      data structure in compat mode here.
      
      Steffen Maier helped debug an issue in an earlier version of this patch.
      
      Cc: Steffen Maier <maier@linux.ibm.com>
      Cc: linux-scsi@vger.kernel.org
      Cc: Doug Gilbert <dgilbert@interlog.com>
      Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
      Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      98aaaec4
    • Arnd Bergmann's avatar
      compat_ioctl: move WDIOC handling into wdt drivers · b6dfb247
      Arnd Bergmann authored
      All watchdog drivers implement the same set of ioctl commands, and
      fortunately all of them are compatible between 32-bit and 64-bit
      architectures.
      
      Modern drivers always go through drivers/watchdog/wdt.c as an abstraction
      layer, but older ones implement their own file_operations on a character
      device for this.
      
      Move the handling from fs/compat_ioctl.c into the individual drivers.
      
      Note that most of the legacy drivers will never be used on 64-bit
      hardware, because they are for an old 32-bit SoC implementation, but
      doing them all at once is safer than trying to guess which ones do
      or do not need the compat_ioctl handling.
      Reviewed-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      b6dfb247
    • Arnd Bergmann's avatar
      fs: compat_ioctl: move FITRIM emulation into file systems · 314999dc
      Arnd Bergmann authored
      Remove the special case for FITRIM, and make file systems
      handle that like all other ioctl commands with their own
      handlers.
      
      Cc: linux-ext4@vger.kernel.org
      Cc: linux-f2fs-devel@lists.sourceforge.net
      Cc: Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz>
      Cc: linux-nilfs@vger.kernel.org
      Cc: ocfs2-devel@oss.oracle.com
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      314999dc
    • Arnd Bergmann's avatar
      gfs2: add compat_ioctl support · 8d098070
      Arnd Bergmann authored
      Out of the four ioctl commands supported on gfs2, only FITRIM
      works in compat mode.
      
      Add a proper handler based on the ext4 implementation.
      
      Fixes: 6ddc5c3d ("gfs2: getlabel support")
      Reviewed-by: default avatarBob Peterson <rpeterso@redhat.com>
      Cc: Andreas Gruenbacher <agruenba@redhat.com>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      8d098070
    • Arnd Bergmann's avatar
      compat_ioctl: remove unused convert_in_user macro · 0581f186
      Arnd Bergmann authored
      The last users are all gone, so let's remove the macro as well.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      0581f186
    • Arnd Bergmann's avatar
      compat_ioctl: remove last RAID handling code · caca7d10
      Arnd Bergmann authored
      Commit aa98aa31 ("md: move compat_ioctl handling into md.c")
      already removed the COMPATIBLE_IOCTL() table entries and added
      a complete implementation, but a few lines got left behind and
      should also be removed here.
      
      Cc: linux-raid@vger.kernel.org
      Cc: Song Liu <song@kernel.org>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      caca7d10
    • Arnd Bergmann's avatar
      compat_ioctl: remove /dev/raw ioctl translation · 50a2e74b
      Arnd Bergmann authored
      The /dev/rawX implementation already handles these just fine, so
      the entries in the table are not needed any more.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      50a2e74b
    • Arnd Bergmann's avatar
      compat_ioctl: remove PCI ioctl translation · a92d4f10
      Arnd Bergmann authored
      The /proc/pci/ implementation already handles these just fine, so
      the entries in the table are not needed any more.
      
      Cc: linux-pci@vger.kernel.org
      Cc: Bjorn Helgaas <bhelgaas@google.com>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      a92d4f10
    • Arnd Bergmann's avatar
      compat_ioctl: remove joystick ioctl translation · aca94226
      Arnd Bergmann authored
      The joystick driver already handles these just fine, so
      the entries in the table are not needed any more.
      
      Cc: linux-input@vger.kernel.org
      Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      aca94226
    • Arnd Bergmann's avatar
      compat_ioctl: remove /dev/random commands · 507e4e2b
      Arnd Bergmann authored
      These are all handled by the random driver, so instead of listing
      each ioctl, we can use the generic compat_ptr_ioctl() helper.
      Acked-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      507e4e2b
    • Arnd Bergmann's avatar
      compat_ioctl: remove IGNORE_IOCTL() · eede0b85
      Arnd Bergmann authored
      Since commit 07d106d0 ("vfs: fix up ENOIOCTLCMD error handling"),
      we don't warn about unhandled compat-ioctl command code any more, but
      just return the same error that a native file descriptor returns when
      there is no handler.
      
      This means the IGNORE_IOCTL() annotations are completely useless and
      can all be removed. TIOCSTART/TIOCSTOP and KDGHWCLK/KDSHWCLK fall into
      the same category, but for some reason were listed as COMPATIBLE_IOCTL().
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      eede0b85
    • Arnd Bergmann's avatar
      compat_ioctl: remove translation for sound ioctls · 2022ca0a
      Arnd Bergmann authored
      The SNDCTL_* and SOUND_* commands are the old OSS user interface.
      
      I checked all the sound ioctl commands listed in fs/compat_ioctl.c
      to see if we still need the translation handlers. Here is what I
      found:
      
      - sound/oss/ is (almost) gone from the kernel, this is what actually
        needed all the translations
      - The ALSA emulation for OSS correctly handles all compat_ioctl
        commands already.
      - sound/oss/dmasound/ is the last holdout of the original OSS code,
        this is only used on arch/m68k, which has no 64-bit mode and
        hence needs no compat handlers
      - arch/um/drivers/hostaudio_kern.c may run in 64-bit mode with
        32-bit x86 user space underneath it. This rare corner case is
        the only one that still needs the compat handlers.
      
      By adding a simple redirect of .compat_ioctl to .unlocked_ioctl in the
      UML driver, we can remove all the COMPATIBLE_IOCTL() annotations without
      a change in functionality. For completeness, I'm adding the same thing
      to the dmasound file, knowing that it makes no difference.
      
      The compat_ioctl list contains one comment about SNDCTL_DSP_MAPINBUF and
      SNDCTL_DSP_MAPOUTBUF, which actually would need a translation handler
      if implemented. However, the native implementation just returns -EINVAL,
      so we don't care.
      Reviewed-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      2022ca0a
    • Arnd Bergmann's avatar
      compat_ioctl: remove HIDIO translation · 54b5b60a
      Arnd Bergmann authored
      The two drivers implementing these both gained proper compat_ioctl()
      handlers a long time ago with commits bb6c8d8f ("HID: hiddev:
      Add 32bit ioctl compatibilty") and ae5e49c7 ("HID: hidraw: add
      compatibility ioctl() for 32-bit applications."), so the lists in
      fs/compat_ioctl.c are no longer used.
      
      It appears that the lists were also incomplete, so the translation
      didn't actually work correctly when it was still in use.
      
      Remove them as cleanup.
      
      Cc: linux-bluetooth@vger.kernel.org
      Cc: Marcel Holtmann <marcel@holtmann.org>
      Cc: Johan Hedberg <johan.hedberg@gmail.com>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      54b5b60a
    • Arnd Bergmann's avatar
      compat_ioctl: remove HCIUART handling · 61798109
      Arnd Bergmann authored
      As of commit f0193d3e ("change semantics of ldisc ->compat_ioctl()"),
      all hciuart ioctl commands are handled correctly in the driver, and we
      never need to go through the table here.
      
      Cc: linux-bluetooth@vger.kernel.org
      Cc: Marcel Holtmann <marcel@holtmann.org>
      Cc: Johan Hedberg <johan.hedberg@gmail.com>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      61798109
    • Arnd Bergmann's avatar
      compat_ioctl: move hci_sock handlers into driver · 7a6038b3
      Arnd Bergmann authored
      All these ioctl commands are compatible, so we can handle
      them with a trivial wrapper in hci_sock.c and remove
      the listing in fs/compat_ioctl.c.
      
      A few of the commands pass integer arguments instead of
      pointers, so for correctness skip the compat_ptr() conversion
      here.
      Acked-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      7a6038b3
    • Arnd Bergmann's avatar
      compat_ioctl: move rfcomm handlers into driver · 7d60a7a6
      Arnd Bergmann authored
      All these ioctl commands are compatible, so we can handle
      them with a trivial wrapper in rfcomm/sock.c and remove
      the listing in fs/compat_ioctl.c.
      Acked-by: default avatarMarcel Holtmann <marcel@holtmann.org>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      7d60a7a6
    • Arnd Bergmann's avatar
      compat_ioctl: move isdn/capi ioctl translation into driver · 5565a3ca
      Arnd Bergmann authored
      Neither the old isdn4linux interface nor the newer mISDN stack
      ever had working 32-bit compat mode as far as I can tell.
      
      However, the CAPI stack has some ioctl commands that are
      correctly listed in fs/compat_ioctl.c.
      
      We can trivially move all of those into the corresponding
      file that implement the native handlers by adding a compat_ioctl
      redirect to that.
      
      I did notice that treating CAPI_MANUFACTURER_CMD() as compatible
      is broken, so I'm also adding a handler for that, realizing that
      in all likelyhood, nobody is ever going to call it.
      
      Cc: Karsten Keil <isdn@linux-pingi.de>
      Cc: netdev@vger.kernel.org
      Cc: isdn4linux@listserv.isdn4linux.de
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      5565a3ca
    • Arnd Bergmann's avatar
      compat_ioctl: move ATYFB_CLK handling to atyfb driver · 0ba9841a
      Arnd Bergmann authored
      These are two obscure ioctl commands, in a driver that only
      has compatible commands, so just let the driver handle this
      itself.
      Acked-by: default avatarBartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      0ba9841a
    • Arnd Bergmann's avatar
      compat_ioctl: move tape handling into drivers · 1207045d
      Arnd Bergmann authored
      MTIOCPOS and MTIOCGET are incompatible between 32-bit and 64-bit user
      space, and traditionally have been translated in fs/compat_ioctl.c.
      
      To get rid of that translation handler, move a corresponding
      implementation into each of the four drivers implementing those commands.
      
      The interesting part of that is now in a new linux/mtio.h header that
      wraps the existing uapi/linux/mtio.h header and provides an abstraction
      to let drivers handle both cases easily. Using an in_compat_syscall()
      check, the caller does not have to keep track of whether this was
      called through .unlocked_ioctl() or .compat_ioctl().
      Acked-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
      Cc: "Kai Mäkisara" <Kai.Makisara@kolumbus.fi>
      Cc: linux-scsi@vger.kernel.org
      Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
      Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      1207045d
    • Arnd Bergmann's avatar
      compat_ioctl: use correct compat_ptr() translation in drivers · 01b8bca8
      Arnd Bergmann authored
      A handful of drivers all have a trivial wrapper around their ioctl
      handler, but don't call the compat_ptr() conversion function at the
      moment. In practice this does not matter, since none of them are used
      on the s390 architecture and for all other architectures, compat_ptr()
      does not do anything, but using the new compat_ptr_ioctl()
      helper makes it more correct in theory, and simplifies the code.
      
      I checked that all ioctl handlers in these files are compatible
      and take either pointer arguments or no argument.
      Acked-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Acked-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Acked-by: default avatarAndrew Donnellan <andrew.donnellan@au1.ibm.com>
      Acked-by: default avatarFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      01b8bca8
    • Arnd Bergmann's avatar
      compat_ioctl: move more drivers to compat_ptr_ioctl · 1832f2d8
      Arnd Bergmann authored
      The .ioctl and .compat_ioctl file operations have the same prototype so
      they can both point to the same function, which works great almost all
      the time when all the commands are compatible.
      
      One exception is the s390 architecture, where a compat pointer is only
      31 bit wide, and converting it into a 64-bit pointer requires calling
      compat_ptr(). Most drivers here will never run in s390, but since we now
      have a generic helper for it, it's easy enough to use it consistently.
      
      I double-checked all these drivers to ensure that all ioctl arguments
      are used as pointers or are ignored, but are not interpreted as integer
      values.
      Acked-by: default avatarJason Gunthorpe <jgg@mellanox.com>
      Acked-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      Acked-by: default avatarMauro Carvalho Chehab <mchehab+samsung@kernel.org>
      Acked-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Acked-by: default avatarDavid Sterba <dsterba@suse.com>
      Acked-by: default avatarDarren Hart (VMware) <dvhart@infradead.org>
      Acked-by: default avatarJonathan Cameron <Jonathan.Cameron@huawei.com>
      Acked-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
      Acked-by: default avatarDan Williams <dan.j.williams@intel.com>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      1832f2d8
    • Arnd Bergmann's avatar
      compat_ioctl: move drivers to compat_ptr_ioctl · 407e9ef7
      Arnd Bergmann authored
      Each of these drivers has a copy of the same trivial helper function to
      convert the pointer argument and then call the native ioctl handler.
      
      We now have a generic implementation of that, so use it.
      Acked-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Acked-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Acked-by: default avatarDavid S. Miller <davem@davemloft.net>
      Acked-by: default avatarJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
      Reviewed-by: default avatarJarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
      Reviewed-by: default avatarJason Gunthorpe <jgg@mellanox.com>
      Reviewed-by: default avatarJiri Kosina <jkosina@suse.cz>
      Reviewed-by: default avatarStefan Hajnoczi <stefanha@redhat.com>
      Reviewed-by: default avatarCornelia Huck <cohuck@redhat.com>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      407e9ef7
    • Arnd Bergmann's avatar
      compat_ioctl: move rtc handling into drivers/rtc/dev.c · 076ff658
      Arnd Bergmann authored
      We no longer need the rtc compat handling to be in common code, now that
      all drivers are either moved to the rtc-class framework, or (rarely)
      exist in drivers/char for architectures without compat mode (m68k,
      alpha and ia64, respectively).
      
      I checked the list of ioctl commands in drivers, and the ones that are
      not already handled are all compatible, again with the one exception of
      m68k driver, which implements RTC_PLL_GET and RTC_PLL_SET, but has no
      compat mode.
      
      Unlike earlier versions of this patch, I'm now adding a separate
      compat_ioctl handler that takes care of RTC_IRQP_READ32/RTC_IRQP_SET32
      and treats all other commands as compatible, leaving the native
      behavior unchanged.
      
      The old conversion handler also deals with RTC_EPOCH_READ and
      RTC_EPOCH_SET, which are not handled in rtc-dev.c but only in a single
      device driver (rtc-vr41xx), so I'm adding the compat version in the same
      place. I don't expect other drivers to need those commands in the future.
      Acked-by: default avatarAlexandre Belloni <alexandre.belloni@bootlin.com>
      Reviewed-by: default avatarBen Hutchings <ben.hutchings@codethink.co.uk>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      ---
      v4: handle RTC_EPOCH_SET32 in rtc_dev_compat_ioctl
      v3: handle RTC_IRQP_READ32/RTC_IRQP_SET32 in rtc_dev_compat_ioctl
      v2: merge compat handler into ioctl function to avoid the
          compat_alloc_user_space() roundtrip, based on feedback
          from Al Viro.
      076ff658
    • Arnd Bergmann's avatar
      ceph: fix compat_ioctl for ceph_dir_operations · 18bd6caa
      Arnd Bergmann authored
      The ceph_ioctl function is used both for files and directories, but only
      the files support doing that in 32-bit compat mode.
      
      On the s390 architecture, there is also a problem with invalid 31-bit
      pointers that need to be passed through compat_ptr().
      
      Use the new compat_ptr_ioctl() to address both issues.
      
      Note: When backporting this patch to stable kernels, "compat_ioctl:
      add compat_ptr_ioctl()" is needed as well.
      Reviewed-by: default avatar"Yan, Zheng" <zyan@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      18bd6caa
    • Al Viro's avatar
      compat_sys_ioctl(): make parallel to do_vfs_ioctl() · 37ecf8b2
      Al Viro authored
      Handle ioctls that might be handled without reaching ->ioctl() in
      native case on the top level there.  The counterpart of vfs_ioctl()
      (i.e. calling ->unlock_ioctl(), etc.) left as-is; eventually
      that would turn simply into the call of ->compat_ioctl(), but
      that'll take more work.  Once that is done, we can move the
      remains of compat_sys_ioctl() into fs/ioctl.c and finally bury
      fs/compat_ioctl.c.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      37ecf8b2
    • Al Viro's avatar
      compat: move FS_IOC_RESVSP_32 handling to fs/ioctl.c · 011da44b
      Al Viro authored
      ... and lose the ridiculous games with compat_alloc_user_space()
      there.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      011da44b
    • Al Viro's avatar
      do_vfs_ioctl(): use saner types · 34d3d0e6
      Al Viro authored
      casting to pointer to int, only to pass that to function that
      takes pointer to void and uses it as pointer to structure is
      really asking for trouble.
      
      "Some pointer, I'm not sure what to" is spelled "void *",
      not "int *"; use that.
      
      And declare the functions we are passing that pointer to
      as taking the pointer to what they really want to access.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      34d3d0e6
    • Al Viro's avatar
      compat: itanic doesn't have one · bf0a199b
      Al Viro authored
      ... and hadn't for a long time.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      bf0a199b
    • Al Viro's avatar
      FIGETBSZ: fix compat · ee26025f
      Al Viro authored
      it takes a pointer argument, regular file or no regular file
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      ee26025f
    • Al Viro's avatar
      fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP · 6b2daec1
      Al Viro authored
      Unlike FICLONE, all of those take a pointer argument; they do need
      compat_ptr() applied to arg.
      
      Fixes: d79bdd52 ("vfs: wire up compat ioctl for CLONE/CLONE_RANGE")
      Fixes: 54dbc151 ("vfs: hoist the btrfs deduplication ioctl to the vfs")
      Fixes: ceac204e ("fs: make fiemap work from compat_ioctl")
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      6b2daec1
    • Arnd Bergmann's avatar
      compat_ioctl: add compat_ptr_ioctl() · 2952db0f
      Arnd Bergmann authored
      Many drivers have ioctl() handlers that are completely compatible between
      32-bit and 64-bit architectures, except for the argument that is passed
      down from user space and may have to be passed through compat_ptr()
      in order to become a valid 64-bit pointer.
      
      Using ".compat_ptr = compat_ptr_ioctl" in file operations should let
      us simplify a lot of those drivers to avoid #ifdef checks, and convert
      additional drivers that don't have proper compat handling yet.
      
      On most architectures, the compat_ptr_ioctl() just passes all arguments
      to the corresponding ->ioctl handler. The exception is arch/s390, where
      compat_ptr() clears the top bit of a 32-bit pointer value, so user space
      pointers to the second 2GB alias the first 2GB, as is the case for native
      32-bit s390 user space.
      
      The compat_ptr_ioctl() function must therefore be used only with
      ioctl functions that either ignore the argument or pass a pointer to a
      compatible data type.
      
      If any ioctl command handled by fops->unlocked_ioctl passes a plain
      integer instead of a pointer, or any of the passed data types is
      incompatible between 32-bit and 64-bit architectures, a proper handler
      is required instead of compat_ptr_ioctl.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      ---
      v3: add a better description
      v2: use compat_ptr_ioctl instead of generic_compat_ioctl_ptrarg,
      as suggested by Al Viro
      2952db0f
  2. 06 Oct, 2019 4 commits
    • Linus Torvalds's avatar
      Linux 5.4-rc2 · da0c9ea1
      Linus Torvalds authored
      da0c9ea1
    • Linus Torvalds's avatar
      elf: don't use MAP_FIXED_NOREPLACE for elf executable mappings · b212921b
      Linus Torvalds authored
      In commit 4ed28639 ("fs, elf: drop MAP_FIXED usage from elf_map") we
      changed elf to use MAP_FIXED_NOREPLACE instead of MAP_FIXED for the
      executable mappings.
      
      Then, people reported that it broke some binaries that had overlapping
      segments from the same file, and commit ad55eac7 ("elf: enforce
      MAP_FIXED on overlaying elf segments") re-instated MAP_FIXED for some
      overlaying elf segment cases.  But only some - despite the summary line
      of that commit, it only did it when it also does a temporary brk vma for
      one obvious overlapping case.
      
      Now Russell King reports another overlapping case with old 32-bit x86
      binaries, which doesn't trigger that limited case.  End result: we had
      better just drop MAP_FIXED_NOREPLACE entirely, and go back to MAP_FIXED.
      
      Yes, it's a sign of old binaries generated with old tool-chains, but we
      do pride ourselves on not breaking existing setups.
      
      This still leaves MAP_FIXED_NOREPLACE in place for the load_elf_interp()
      and the old load_elf_library() use-cases, because nobody has reported
      breakage for those. Yet.
      
      Note that in all the cases seen so far, the overlapping elf sections
      seem to be just re-mapping of the same executable with different section
      attributes.  We could possibly introduce a new MAP_FIXED_NOFILECHANGE
      flag or similar, which acts like NOREPLACE, but allows just remapping
      the same executable file using different protection flags.
      
      It's not clear that would make a huge difference to anything, but if
      people really hate that "elf remaps over previous maps" behavior, maybe
      at least a more limited form of remapping would alleviate some concerns.
      
      Alternatively, we should take a look at our elf_map() logic to see if we
      end up not mapping things properly the first time.
      
      In the meantime, this is the minimal "don't do that then" patch while
      people hopefully think about it more.
      Reported-by: default avatarRussell King <linux@armlinux.org.uk>
      Fixes: 4ed28639 ("fs, elf: drop MAP_FIXED usage from elf_map")
      Fixes: ad55eac7 ("elf: enforce  MAP_FIXED on overlaying elf segments")
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Kees Cook <keescook@chromium.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b212921b
    • Linus Torvalds's avatar
      Merge tag 'dma-mapping-5.4-1' of git://git.infradead.org/users/hch/dma-mapping · 7cdb85df
      Linus Torvalds authored
      Pull dma-mapping regression fix from Christoph Hellwig:
       "Revert an incorret hunk from a patch that caused problems on various
        arm boards (Andrey Smirnov)"
      
      * tag 'dma-mapping-5.4-1' of git://git.infradead.org/users/hch/dma-mapping:
        dma-mapping: fix false positive warnings in dma_common_free_remap()
      7cdb85df
    • Linus Torvalds's avatar
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 43b815c6
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "A few fixes this time around:
      
         - Fixup of some clock specifications for DRA7 (device-tree fix)
      
         - Removal of some dead/legacy CPU OPP/PM code for OMAP that throws
           warnings at boot
      
         - A few more minor fixups for OMAPs, most around display
      
         - Enable STM32 QSPI as =y since their rootfs sometimes comes from
           there
      
         - Switch CONFIG_REMOTEPROC to =y since it went from tristate to bool
      
         - Fix of thermal zone definition for ux500 (5.4 regression)"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
        ARM: multi_v7_defconfig: Fix SPI_STM32_QSPI support
        ARM: dts: ux500: Fix up the CPU thermal zone
        arm64/ARM: configs: Change CONFIG_REMOTEPROC from m to y
        ARM: dts: am4372: Set memory bandwidth limit for DISPC
        ARM: OMAP2+: Fix warnings with broken omap2_set_init_voltage()
        ARM: OMAP2+: Add missing LCDC midlemode for am335x
        ARM: OMAP2+: Fix missing reset done flag for am3 and am43
        ARM: dts: Fix gpio0 flags for am335x-icev2
        ARM: omap2plus_defconfig: Enable more droid4 devices as loadable modules
        ARM: omap2plus_defconfig: Enable DRM_TI_TFP410
        DTS: ARM: gta04: introduce legacy spi-cs-high to make display work again
        ARM: dts: Fix wrong clocks for dra7 mcasp
        clk: ti: dra7: Fix mcasp8 clock bits
      43b815c6
  3. 05 Oct, 2019 4 commits
    • Linus Torvalds's avatar
      Merge tag 'kbuild-fixes-v5.4' of... · 2d00aee2
      Linus Torvalds authored
      Merge tag 'kbuild-fixes-v5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - remove unneeded ar-option and KBUILD_ARFLAGS
      
       - remove long-deprecated SUBDIRS
      
       - fix modpost to suppress false-positive warnings for UML builds
      
       - fix namespace.pl to handle relative paths to ${objtree}, ${srctree}
      
       - make setlocalversion work for /bin/sh
      
       - make header archive reproducible
      
       - fix some Makefiles and documents
      
      * tag 'kbuild-fixes-v5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        kheaders: make headers archive reproducible
        kbuild: update compile-test header list for v5.4-rc2
        kbuild: two minor updates for Documentation/kbuild/modules.rst
        scripts/setlocalversion: clear local variable to make it work for sh
        namespace: fix namespace.pl script to support relative paths
        video/logo: do not generate unneeded logo C files
        video/logo: remove unneeded *.o pattern from clean-files
        integrity: remove pointless subdir-$(CONFIG_...)
        integrity: remove unneeded, broken attempt to add -fshort-wchar
        modpost: fix static EXPORT_SYMBOL warnings for UML build
        kbuild: correct formatting of header in kbuild module docs
        kbuild: remove SUBDIRS support
        kbuild: remove ar-option and KBUILD_ARFLAGS
      2d00aee2
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 126195c9
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Twelve patches mostly small but obvious fixes or cosmetic but small
        updates"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: qla2xxx: Fix Nport ID display value
        scsi: qla2xxx: Fix N2N link up fail
        scsi: qla2xxx: Fix N2N link reset
        scsi: qla2xxx: Optimize NPIV tear down process
        scsi: qla2xxx: Fix stale mem access on driver unload
        scsi: qla2xxx: Fix unbound sleep in fcport delete path.
        scsi: qla2xxx: Silence fwdump template message
        scsi: hisi_sas: Make three functions static
        scsi: megaraid: disable device when probe failed after enabled device
        scsi: storvsc: setup 1:1 mapping between hardware queue and CPU queue
        scsi: qedf: Remove always false 'tmp_prio < 0' statement
        scsi: ufs: skip shutdown if hba is not powered
        scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF
      126195c9
    • Linus Torvalds's avatar
      Merge branch 'readdir' (readdir speedup and sanity checking) · 4f11918a
      Linus Torvalds authored
      This makes getdents() and getdents64() do sanity checking on the
      pathname that it gives to user space.  And to mitigate the performance
      impact of that, it first cleans up the way it does the user copying, so
      that the code avoids doing the SMAP/PAN updates between each part of the
      dirent structure write.
      
      I really wanted to do this during the merge window, but didn't have
      time.  The conversion of filldir to unsafe_put_user() is something I've
      had around for years now in a private branch, but the extra pathname
      checking finally made me clean it up to the point where it is mergable.
      
      It's worth noting that the filename validity checking really should be a
      bit smarter: it would be much better to delay the error reporting until
      the end of the readdir, so that non-corrupted filenames are still
      returned.  But that involves bigger changes, so let's see if anybody
      actually hits the corrupt directory entry case before worrying about it
      further.
      
      * branch 'readdir':
        Make filldir[64]() verify the directory entry filename is valid
        Convert filldir[64]() from __put_user() to unsafe_put_user()
      4f11918a
    • Linus Torvalds's avatar
      Make filldir[64]() verify the directory entry filename is valid · 8a23eb80
      Linus Torvalds authored
      This has been discussed several times, and now filesystem people are
      talking about doing it individually at the filesystem layer, so head
      that off at the pass and just do it in getdents{64}().
      
      This is partially based on a patch by Jann Horn, but checks for NUL
      bytes as well, and somewhat simplified.
      
      There's also commentary about how it might be better if invalid names
      due to filesystem corruption don't cause an immediate failure, but only
      an error at the end of the readdir(), so that people can still see the
      filenames that are ok.
      
      There's also been discussion about just how much POSIX strictly speaking
      requires this since it's about filesystem corruption.  It's really more
      "protect user space from bad behavior" as pointed out by Jann.  But
      since Eric Biederman looked up the POSIX wording, here it is for context:
      
       "From readdir:
      
         The readdir() function shall return a pointer to a structure
         representing the directory entry at the current position in the
         directory stream specified by the argument dirp, and position the
         directory stream at the next entry. It shall return a null pointer
         upon reaching the end of the directory stream. The structure dirent
         defined in the <dirent.h> header describes a directory entry.
      
        From definitions:
      
         3.129 Directory Entry (or Link)
      
         An object that associates a filename with a file. Several directory
         entries can associate names with the same file.
      
        ...
      
         3.169 Filename
      
         A name consisting of 1 to {NAME_MAX} bytes used to name a file. The
         characters composing the name may be selected from the set of all
         character values excluding the slash character and the null byte. The
         filenames dot and dot-dot have special meaning. A filename is
         sometimes referred to as a 'pathname component'."
      
      Note that I didn't bother adding the checks to any legacy interfaces
      that nobody uses.
      
      Also note that if this ends up being noticeable as a performance
      regression, we can fix that to do a much more optimized model that
      checks for both NUL and '/' at the same time one word at a time.
      
      We haven't really tended to optimize 'memchr()', and it only checks for
      one pattern at a time anyway, and we really _should_ check for NUL too
      (but see the comment about "soft errors" in the code about why it
      currently only checks for '/')
      
      See the CONFIG_DCACHE_WORD_ACCESS case of hash_name() for how the name
      lookup code looks for pathname terminating characters in parallel.
      
      Link: https://lore.kernel.org/lkml/20190118161440.220134-2-jannh@google.com/
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Jann Horn <jannh@google.com>
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8a23eb80