1. 01 Feb, 2019 2 commits
  2. 21 Jan, 2019 6 commits
  3. 16 Jan, 2019 4 commits
    • Jonathan Corbet's avatar
      kernel-doc: suppress 'not described' warnings for embedded struct fields · be5cd20c
      Jonathan Corbet authored
      The ability to add kerneldoc comments for fields in embedded structures is
      useful, but it brought along a whole bunch of warnings for fields that
      could not be described before.  In many cases, there's little value in
      adding docs for these nested fields, and in cases like:
      
             	struct a {
                  struct b {
      	        int c;
      	    } d, e;
      	};
      
      "c" would have to be described twice (as d.c and e.c) to make the warnings
      go away.
      
      We can no doubt do something smarter, but simply suppressing the warnings
      for this case removes about 70 warnings from the docs build, freeing us to
      focus on the ones that matter more.  So make kerneldoc be silent about
      missing descriptions for any field containing a ".".
      Signed-off-by: default avatarJonathan Corbet <corbet@lwn.net>
      be5cd20c
    • Thomas Gleixner's avatar
      scripts/spdxcheck.py: Handle special quotation mark comments · 959b4968
      Thomas Gleixner authored
      The SuperH boot code files use a magic format for the SPDX identifier
      comment:
      
        LIST "SPDX-License-Identifier: .... "
      
      The trailing quotation mark is not stripped before the token parser is
      invoked and causes the scan to fail. Handle it gracefully.
      
      Fixes: 6a0abce4 ("sh: include: convert to SPDX identifiers")
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
      Cc: Simon Horman <horms+renesas@verge.net.au>
      Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
      Cc: Rich Felker <dalias@libc.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Kate Stewart <kstewart@linuxfoundation.org>
      Reviewed-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarJonathan Corbet <corbet@lwn.net>
      959b4968
    • Thomas Gleixner's avatar
      LICENSES: Add GCC runtime library exception text · 6e6c61d3
      Thomas Gleixner authored
      A recent commit added SPDX identifiers to the SuperH low level library code
      which originates from GCC. This code is licensed under the GPL 2.0 or later
      with the GCC runtime library exception.
      
      Unfortunately the authors did not bother to add the exception text to the
      LICENSES directory so spdxcheck fails with:
      
       arch/sh/lib/ashiftrt.S: 1:42 Invalid Exception ID: GCC-exception-2.0
       arch/sh/lib/ashlsi3.S: 1:42 Invalid Exception ID: GCC-exception-2.0
       arch/sh/lib/ashrsi3.S: 1:42 Invalid Exception ID: GCC-exception-2.0
       arch/sh/lib/lshrsi3.S: 1:42 Invalid Exception ID: GCC-exception-2.0
       arch/sh/lib/movmem.S: 1:42 Invalid Exception ID: GCC-exception-2.0
       arch/sh/lib/udiv_qrnnd.S: 1:42 Invalid Exception ID: GCC-exception-2.0
       arch/sh/lib/udivsi3.S: 1:42 Invalid Exception ID: GCC-exception-2.0
       arch/sh/lib/udivsi3_i4i-Os.S: 1:42 Invalid Exception ID: GCC-exception-2.0
       arch/sh/lib/udivsi3_i4i.S: 1:42 Invalid Exception ID: GCC-exception-2.0
      
      Add the exception text along with the required tags which allow automated
      checking.
      
      Fixes: 4494ce4f ("sh: lib: convert to SPDX identifiers")
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Acked-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
      Cc: Simon Horman <horms+renesas@verge.net.au>
      Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
      Cc: Rich Felker <dalias@libc.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Kate Stewart <kstewart@linuxfoundation.org>
      Signed-off-by: default avatarJonathan Corbet <corbet@lwn.net>
      6e6c61d3
    • Yang Shi's avatar
      doc: memcontrol: fix the obsolete content about force empty · 053bc569
      Yang Shi authored
      We don't do page cache reparent anymore when offlining memcg, so update
      force empty related content accordingly.
      Reviewed-by: default avatarShakeel Butt <shakeelb@google.com>
      Acked-by: default avatarMichal Hocko <mhocko@suse.com>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Signed-off-by: default avatarYang Shi <yang.shi@linux.alibaba.com>
      Signed-off-by: default avatarJonathan Corbet <corbet@lwn.net>
      053bc569
  4. 15 Jan, 2019 8 commits
  5. 14 Jan, 2019 2 commits
  6. 08 Jan, 2019 3 commits
  7. 07 Jan, 2019 12 commits
  8. 06 Jan, 2019 3 commits
    • Linus Torvalds's avatar
      Change mincore() to count "mapped" pages rather than "cached" pages · 574823bf
      Linus Torvalds authored
      The semantics of what "in core" means for the mincore() system call are
      somewhat unclear, but Linux has always (since 2.3.52, which is when
      mincore() was initially done) treated it as "page is available in page
      cache" rather than "page is mapped in the mapping".
      
      The problem with that traditional semantic is that it exposes a lot of
      system cache state that it really probably shouldn't, and that users
      shouldn't really even care about.
      
      So let's try to avoid that information leak by simply changing the
      semantics to be that mincore() counts actual mapped pages, not pages
      that might be cheaply mapped if they were faulted (note the "might be"
      part of the old semantics: being in the cache doesn't actually guarantee
      that you can access them without IO anyway, since things like network
      filesystems may have to revalidate the cache before use).
      
      In many ways the old semantics were somewhat insane even aside from the
      information leak issue.  From the very beginning (and that beginning is
      a long time ago: 2.3.52 was released in March 2000, I think), the code
      had a comment saying
      
        Later we can get more picky about what "in core" means precisely.
      
      and this is that "later".  Admittedly it is much later than is really
      comfortable.
      
      NOTE! This is a real semantic change, and it is for example known to
      change the output of "fincore", since that program literally does a
      mmmap without populating it, and then doing "mincore()" on that mapping
      that doesn't actually have any pages in it.
      
      I'm hoping that nobody actually has any workflow that cares, and the
      info leak is real.
      
      We may have to do something different if it turns out that people have
      valid reasons to want the old semantics, and if we can limit the
      information leak sanely.
      
      Cc: Kevin Easton <kevin@guarana.org>
      Cc: Jiri Kosina <jikos@kernel.org>
      Cc: Masatake YAMATO <yamato@redhat.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Greg KH <gregkh@linuxfoundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Michal Hocko <mhocko@suse.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      574823bf
    • Linus Torvalds's avatar
      Fix 'acccess_ok()' on alpha and SH · 94bd8a05
      Linus Torvalds authored
      Commit 594cc251 ("make 'user_access_begin()' do 'access_ok()'")
      broke both alpha and SH booting in qemu, as noticed by Guenter Roeck.
      
      It turns out that the bug wasn't actually in that commit itself (which
      would have been surprising: it was mostly a no-op), but in how the
      addition of access_ok() to the strncpy_from_user() and strnlen_user()
      functions now triggered the case where those functions would test the
      access of the very last byte of the user address space.
      
      The string functions actually did that user range test before too, but
      they did it manually by just comparing against user_addr_max().  But
      with user_access_begin() doing the check (using "access_ok()"), it now
      exposed problems in the architecture implementations of that function.
      
      For example, on alpha, the access_ok() helper macro looked like this:
      
        #define __access_ok(addr, size) \
              ((get_fs().seg & (addr | size | (addr+size))) == 0)
      
      and what it basically tests is of any of the high bits get set (the
      USER_DS masking value is 0xfffffc0000000000).
      
      And that's completely wrong for the "addr+size" check.  Because it's
      off-by-one for the case where we check to the very end of the user
      address space, which is exactly what the strn*_user() functions do.
      
      Why? Because "addr+size" will be exactly the size of the address space,
      so trying to access the last byte of the user address space will fail
      the __access_ok() check, even though it shouldn't.  As a result, the
      user string accessor functions failed consistently - because they
      literally don't know how long the string is going to be, and the max
      access is going to be that last byte of the user address space.
      
      Side note: that alpha macro is buggy for another reason too - it re-uses
      the arguments twice.
      
      And SH has another version of almost the exact same bug:
      
        #define __addr_ok(addr) \
              ((unsigned long __force)(addr) < current_thread_info()->addr_limit.seg)
      
      so far so good: yes, a user address must be below the limit.  But then:
      
        #define __access_ok(addr, size)         \
              (__addr_ok((addr) + (size)))
      
      is wrong with the exact same off-by-one case: the case when "addr+size"
      is exactly _equal_ to the limit is actually perfectly fine (think "one
      byte access at the last address of the user address space")
      
      The SH version is actually seriously buggy in another way: it doesn't
      actually check for overflow, even though it did copy the _comment_ that
      talks about overflow.
      
      So it turns out that both SH and alpha actually have completely buggy
      implementations of access_ok(), but they happened to work in practice
      (although the SH overflow one is a serious serious security bug, not
      that anybody likely cares about SH security).
      
      This fixes the problems by using a similar macro on both alpha and SH.
      It isn't trying to be clever, the end address is based on this logic:
      
              unsigned long __ao_end = __ao_a + __ao_b - !!__ao_b;
      
      which basically says "add start and length, and then subtract one unless
      the length was zero".  We can't subtract one for a zero length, or we'd
      just hit an underflow instead.
      
      For a lot of access_ok() users the length is a constant, so this isn't
      actually as expensive as it initially looks.
      Reported-and-tested-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Cc: Matt Turner <mattst88@gmail.com>
      Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      94bd8a05
    • Linus Torvalds's avatar
      Merge tag 'fscrypt_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt · baa67073
      Linus Torvalds authored
      Pull fscrypt updates from Ted Ts'o:
       "Add Adiantum support for fscrypt"
      
      * tag 'fscrypt_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt:
        fscrypt: add Adiantum support
      baa67073