1. 04 Jan, 2018 2 commits
    • Nick Desaulniers's avatar
      posix-timers: Prevent UB from shifting negative signed value · 29f1b2b0
      Nick Desaulniers authored
      Shifting a negative signed number is undefined behavior. Looking at the
      macros MAKE_PROCESS_CPUCLOCK and FD_TO_CLOCKID, it seems that the
      subexpression:
      
      (~(clockid_t) (pid) << 3)
      
      where clockid_t resolves to a signed int, which once negated, is
      undefined behavior to shift the value of if the results thus far are
      negative.
      
      It was further suggested to make these macros into inline functions.
      Suggested-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarNick Desaulniers <nick.desaulniers@gmail.com>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Dimitri Sivanich <sivanich@hpe.com>
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: linux-kselftest@vger.kernel.org
      Cc: Shuah Khan <shuah@kernel.org>
      Cc: Deepa Dinamani <deepa.kernel@gmail.com>
      Link: https://lkml.kernel.org/r/1514517100-18051-1-git-send-email-nick.desaulniers@gmail.com
      29f1b2b0
    • Linus Torvalds's avatar
      Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 00a5ae21
      Linus Torvalds authored
      Pull x86 page table isolation fixes from Thomas Gleixner:
       "A couple of urgent fixes for PTI:
      
         - Fix a PTE mismatch between user and kernel visible mapping of the
           cpu entry area (differs vs. the GLB bit) and causes a TLB mismatch
           MCE on older AMD K8 machines
      
         - Fix the misplaced CR3 switch in the SYSCALL compat entry code which
           causes access to unmapped kernel memory resulting in double faults.
      
         - Fix the section mismatch of the cpu_tss_rw percpu storage caused by
           using a different mechanism for declaration and definition.
      
         - Two fixes for dumpstack which help to decode entry stack issues
           better
      
         - Enable PTI by default in Kconfig. We should have done that earlier,
           but it slipped through the cracks.
      
         - Exclude AMD from the PTI enforcement. Not necessarily a fix, but if
           AMD is so confident that they are not affected, then we should not
           burden users with the overhead"
      
      * 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/process: Define cpu_tss_rw in same section as declaration
        x86/pti: Switch to kernel CR3 at early in entry_SYSCALL_compat()
        x86/dumpstack: Print registers for first stack frame
        x86/dumpstack: Fix partial register dumps
        x86/pti: Make sure the user/kernel PTEs match
        x86/cpu, x86/pti: Do not enable PTI on AMD processors
        x86/pti: Enable PTI by default
      00a5ae21
  2. 03 Jan, 2018 11 commits
  3. 02 Jan, 2018 5 commits
    • David Howells's avatar
      afs: Fix missing error handling in afs_write_end() · afae457d
      David Howells authored
      afs_write_end() is missing page unlock and put if afs_fill_page() fails.
      Reported-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      afae457d
    • David Howells's avatar
      afs: Fix unlink · 440fbc3a
      David Howells authored
      Repeating creation and deletion of a file on an afs mount will run the box
      out of memory, e.g.:
      
      	dd if=/dev/zero of=/afs/scratch/m0 bs=$((1024*1024)) count=512
      	rm /afs/scratch/m0
      
      The problem seems to be that it's not properly decrementing the nlink count
      so that the inode can be scrapped.
      
      Note that this doesn't fix local creation followed by remote deletion.
      That's harder to handle and will require a separate patch as we're not told
      that the file has been deleted - only that the directory has changed.
      Reported-by: default avatarMarc Dionne <marc.dionne@auristor.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      440fbc3a
    • Dan Carpenter's avatar
      afs: Potential uninitialized variable in afs_extract_data() · 7888da95
      Dan Carpenter authored
      Smatch warns that:
      
          fs/afs/rxrpc.c:922 afs_extract_data()
          error: uninitialized symbol 'remote_abort'.
      
      Smatch is right that "remote_abort" might be uninitialized when we pass
      it to afs_set_call_complete().  I don't know if that function uses the
      uninitialized variable.  Anyway, the comment for rxrpc_kernel_recv_data(),
      says that "*_abort should also be initialised to 0." and this patch does
      that.
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      7888da95
    • David Howells's avatar
      fscache: Fix the default for fscache_maybe_release_page() · 98801506
      David Howells authored
      Fix the default for fscache_maybe_release_page() for when the cookie isn't
      valid or the page isn't cached.  It mustn't return false as that indicates
      the page cannot yet be freed.
      
      The problem with the default is that if, say, there's no cache, but a
      network filesystem's pages are using up almost all the available memory, a
      system can OOM because the filesystem ->releasepage() op will not allow
      them to be released as fscache_maybe_release_page() incorrectly prevents
      it.
      
      This can be tested by writing a sequence of 512MiB files to an AFS mount.
      It does not affect NFS or CIFS because both of those wrap the call in a
      check of PG_fscache and it shouldn't bother Ceph as that only has
      PG_private set whilst writeback is in progress.  This might be an issue for
      9P, however.
      
      Note that the pages aren't entirely stuck.  Removing a file or unmounting
      will clear things because that uses ->invalidatepage() instead.
      
      Fixes: 201a1542 ("FS-Cache: Handle pages pending storage that get evicted under OOM conditions")
      Reported-by: default avatarMarc Dionne <marc.dionne@auristor.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-by: default avatarJeff Layton <jlayton@redhat.com>
      Acked-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Tested-by: default avatarMarc Dionne <marc.dionne@auristor.com>
      cc: stable@vger.kernel.org # 2.6.32+
      98801506
    • Eric Biggers's avatar
      capabilities: fix buffer overread on very short xattr · dc32b5c3
      Eric Biggers authored
      If userspace attempted to set a "security.capability" xattr shorter than
      4 bytes (e.g. 'setfattr -n security.capability -v x file'), then
      cap_convert_nscap() read past the end of the buffer containing the xattr
      value because it accessed the ->magic_etc field without verifying that
      the xattr value is long enough to contain that field.
      
      Fix it by validating the xattr value size first.
      
      This bug was found using syzkaller with KASAN.  The KASAN report was as
      follows (cleaned up slightly):
      
          BUG: KASAN: slab-out-of-bounds in cap_convert_nscap+0x514/0x630 security/commoncap.c:498
          Read of size 4 at addr ffff88002d8741c0 by task syz-executor1/2852
      
          CPU: 0 PID: 2852 Comm: syz-executor1 Not tainted 4.15.0-rc6-00200-gcc0aac99d977 #253
          Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014
          Call Trace:
           __dump_stack lib/dump_stack.c:17 [inline]
           dump_stack+0xe3/0x195 lib/dump_stack.c:53
           print_address_description+0x73/0x260 mm/kasan/report.c:252
           kasan_report_error mm/kasan/report.c:351 [inline]
           kasan_report+0x235/0x350 mm/kasan/report.c:409
           cap_convert_nscap+0x514/0x630 security/commoncap.c:498
           setxattr+0x2bd/0x350 fs/xattr.c:446
           path_setxattr+0x168/0x1b0 fs/xattr.c:472
           SYSC_setxattr fs/xattr.c:487 [inline]
           SyS_setxattr+0x36/0x50 fs/xattr.c:483
           entry_SYSCALL_64_fastpath+0x18/0x85
      
      Fixes: 8db6c34f ("Introduce v3 namespaced file capabilities")
      Cc: <stable@vger.kernel.org> # v4.14+
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Reviewed-by: default avatarSerge Hallyn <serge@hallyn.com>
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
      dc32b5c3
  4. 31 Dec, 2017 20 commits
    • Linus Torvalds's avatar
      Linux 4.15-rc6 · 30a7acd5
      Linus Torvalds authored
      30a7acd5
    • Linus Torvalds's avatar
      Merge branch 'x86/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · f39d7d78
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
       "A couple of fixlets for x86:
      
         - Fix the ESPFIX double fault handling for 5-level pagetables
      
         - Fix the commandline parsing for 'apic=' on 32bit systems and update
           documentation
      
         - Make zombie stack traces reliable
      
         - Fix kexec with stack canary
      
         - Fix the delivery mode for APICs which was missed when the x86
           vector management was converted to single target delivery. Caused a
           regression due to the broken hardware which ignores affinity
           settings in lowest prio delivery mode.
      
         - Unbreak modules when AMD memory encryption is enabled
      
         - Remove an unused parameter of prepare_switch_to"
      
      * 'x86/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/apic: Switch all APICs to Fixed delivery mode
        x86/apic: Update the 'apic=' description of setting APIC driver
        x86/apic: Avoid wrong warning when parsing 'apic=' in X86-32 case
        x86-32: Fix kexec with stack canary (CONFIG_CC_STACKPROTECTOR)
        x86: Remove unused parameter of prepare_switch_to
        x86/stacktrace: Make zombie stack traces reliable
        x86/mm: Unbreak modules that use the DMA API
        x86/build: Make isoimage work on Debian
        x86/espfix/64: Fix espfix double-fault handling on 5-level systems
      f39d7d78
    • Linus Torvalds's avatar
      Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 52c90f2d
      Linus Torvalds authored
      Pull x86 page table isolation fixes from Thomas Gleixner:
       "Four patches addressing the PTI fallout as discussed and debugged
        yesterday:
      
         - Remove stale and pointless TLB flush invocations from the hotplug
           code
      
         - Remove stale preempt_disable/enable from __native_flush_tlb()
      
         - Plug the memory leak in the write_ldt() error path"
      
      * 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/ldt: Make LDT pgtable free conditional
        x86/ldt: Plug memory leak in error path
        x86/mm: Remove preempt_disable/enable() from __native_flush_tlb()
        x86/smpboot: Remove stale TLB flush invocations
      52c90f2d
    • Linus Torvalds's avatar
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · cea92e84
      Linus Torvalds authored
      Pull timer fixes from Thomas Gleixner:
       "A pile of fixes for long standing issues with the timer wheel and the
        NOHZ code:
      
         - Prevent timer base confusion accross the nohz switch, which can
           cause unlocked access and data corruption
      
         - Reinitialize the stale base clock on cpu hotplug to prevent subtle
           side effects including rollovers on 32bit
      
         - Prevent an interrupt storm when the timer softirq is already
           pending caused by tick_nohz_stop_sched_tick()
      
         - Move the timer start tracepoint to a place where it actually makes
           sense
      
         - Add documentation to timerqueue functions as they caused confusion
           several times now"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        timerqueue: Document return values of timerqueue_add/del()
        timers: Invoke timer_start_debug() where it makes sense
        nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()
        timers: Reinitialize per cpu bases on hotplug
        timers: Use deferrable base independent of base::nohz_active
      cea92e84
    • Linus Torvalds's avatar
      Merge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 8d517bdf
      Linus Torvalds authored
      Pull smp fixlet from Thomas Gleixner:
       "A trivial build warning fix for newer compilers"
      
      * 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        cpu/hotplug: Move inline keyword at the beginning of declaration
      8d517bdf
    • Linus Torvalds's avatar
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 4c470317
      Linus Torvalds authored
      Pull scheduler fixes from Thomas Gleixner:
       "Three patches addressing the fallout of the CPU_ISOLATION changes
        especially with NO_HZ_FULL plus documentation of boot parameter
        dependency"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/isolation: Document boot parameters dependency on CONFIG_CPU_ISOLATION=y
        sched/isolation: Enable CONFIG_CPU_ISOLATION=y by default
        sched/isolation: Make CONFIG_NO_HZ_FULL select CONFIG_CPU_ISOLATION
      4c470317
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e7c632fc
      Linus Torvalds authored
      Pull perf fixes from Thomas Gleixner:
      
       - plug a memory leak in the intel pmu init code
      
       - clang fixes
      
       - tooling fix to avoid including kernel headers
      
       - a fix for jvmti to generate correct debug information for inlined
         code
      
       - replace backtick with a regular shell function
      
       - fix the build in hardened environments
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86/intel: Plug memory leak in intel_pmu_init()
        x86/asm: Allow again using asm.h when building for the 'bpf' clang target
        tools arch s390: Do not include header files from the kernel sources
        perf jvmti: Generate correct debug information for inlined code
        perf tools: Fix up build in hardened environments
        perf tools: Use shell function for perl cflags retrieval
      e7c632fc
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 88fa025d
      Linus Torvalds authored
      Pull irq fixes from Thomas Gleixner:
       "A rather large update after the kaisered maintainer finally found time
        to handle regression reports.
      
         - The larger part addresses a regression caused by the x86 vector
           management rework.
      
           The reservation based model does not work reliably for MSI
           interrupts, if they cannot be masked (yes, yet another hw
           engineering trainwreck). The reason is that the reservation mode
           assigns a dummy vector when the interrupt is allocated and switches
           to a real vector when the interrupt is requested.
      
           If the MSI entry cannot be masked then the initialization might
           raise an interrupt before the interrupt is requested, which ends up
           as spurious interrupt and causes device malfunction and worse. The
           fix is to exclude MSI interrupts which do not support masking from
           reservation mode and assign a real vector right away.
      
         - Extend the extra lockdep class setup for nested interrupts with a
           class for the recently added irq_desc::request_mutex so lockdep can
           differeniate and does not emit false positive warnings.
      
         - A ratelimit guard for the bad irq printout so in case a bad irq
           comes back immediately the system does not drown in dmesg spam"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        genirq/msi, x86/vector: Prevent reservation mode for non maskable MSI
        genirq/irqdomain: Rename early argument of irq_domain_activate_irq()
        x86/vector: Use IRQD_CAN_RESERVE flag
        genirq: Introduce IRQD_CAN_RESERVE flag
        genirq/msi: Handle reactivation only on success
        gpio: brcmstb: Make really use of the new lockdep class
        genirq: Guard handle_bad_irq log messages
        kernel/irq: Extend lockdep class for request mutex
      88fa025d
    • Linus Torvalds's avatar
      Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 31336ed9
      Linus Torvalds authored
      Pull objtool fixes from Thomas Gleixner:
       "Three fixlets for objtool:
      
         - Address two segfaults related to missing parameter and clang
           objects
      
         - Make it compile clean with clang"
      
      * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        objtool: Fix seg fault with clang-compiled objects
        objtool: Fix seg fault caused by missing parameter
        objtool: Fix Clang enum conversion warning
      31336ed9
    • Linus Torvalds's avatar
      Merge tag 'char-misc-4.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 8371e5a0
      Linus Torvalds authored
      Pull char/misc fixes from Greg KH:
       "Here are six small fixes of some of the char/misc drivers that have
        been sent in to resolve reported issues.
      
        Nothing major, a binder use-after-free fix, some thunderbolt bugfixes,
        a hyper-v bugfix, and an nvmem driver fix. All of these have been in
        linux-next with no reported issues for a while"
      
      * tag 'char-misc-4.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        nvmem: meson-mx-efuse: fix reading from an offset other than 0
        binder: fix proc->files use-after-free
        vmbus: unregister device_obj->channels_kset
        thunderbolt: Mask ring interrupt properly when polling starts
        MAINTAINERS: Add thunderbolt.rst to the Thunderbolt driver entry
        thunderbolt: Make pathname to force_power shorter
      8371e5a0
    • Linus Torvalds's avatar
      Merge tag 'driver-core-4.15-rc6' of... · 4288e6b4
      Linus Torvalds authored
      Merge tag 'driver-core-4.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
      
      Pull driver core fixes from Greg KH:
       "Here are two driver core fixes for 4.15-rc6, resolving some reported
        issues.
      
        The first is a cacheinfo fix for DT based systems to resolve a
        reported issue that has been around for a while, and the other is to
        resolve a regression in the kobject uevent code that showed up in
        4.15-rc1.
      
        Both have been in linux-next for a while with no reported issues"
      
      * tag 'driver-core-4.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        kobject: fix suppressing modalias in uevents delivered over netlink
        drivers: base: cacheinfo: fix cache type for non-architected system cache
      4288e6b4
    • Linus Torvalds's avatar
      Merge tag 'staging-4.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 29a9b000
      Linus Torvalds authored
      Pull staging fixes from Greg KH:
       "Here are three staging driver fixes for 4.15-rc6
      
        The first resolves a bug in the lustre driver that came about due to a
        broken cleanup patch, due to crazy list usage in that codebase.
      
        The remaining two are ion driver fixes, finally getting the CMA
        interaction to work properly, resolving two regressions in that area
        of the code.
      
        All have been in linux-next with no reported issues for a while"
      
      * tag 'staging-4.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: android: ion: Fix dma direction for dma_sync_sg_for_cpu/device
        staging: ion: Fix ion_cma_heap allocations
        staging: lustre: lnet: Fix recent breakage from list_for_each conversion
      29a9b000
    • Linus Torvalds's avatar
      Merge tag 'tty-4.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · bc7236fb
      Linus Torvalds authored
      Pull TTY fix from Greg KH:
       "Here is a single tty fix for a reported issue that you wrote the patch
        for :)
      
        It's been in linux-next for a week or so with no reported issues"
      
      * tag 'tty-4.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
      bc7236fb
    • Linus Torvalds's avatar
      Merge tag 'usb-4.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · a9746e40
      Linus Torvalds authored
      Pull USB/PHY fixes from Greg KH:
       "Here are a number of small USB and PHY driver fixes for 4.15-rc6.
      
        Nothing major, but there are a number of regression fixes in here that
        resolve issues that have been reported a bunch. There are also the
        usual xhci fixes as well as a number of new usb serial device ids.
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'usb-4.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201
        xhci: Fix use-after-free in xhci debugfs
        xhci: Fix xhci debugfs NULL pointer dereference in resume from hibernate
        USB: serial: ftdi_sio: add id for Airbus DS P8GR
        usb: Add device quirk for Logitech HD Pro Webcam C925e
        usb: add RESET_RESUME for ELSA MicroLink 56K
        usbip: fix usbip bind writing random string after command in match_busid
        usbip: stub_rx: fix static checker warning on unnecessary checks
        usbip: prevent leaking socket pointer address in messages
        usbip: stub: stop printing kernel pointer addresses in messages
        usbip: vhci: stop printing kernel pointer addresses in messages
        USB: Fix off by one in type-specific length check of BOS SSP capability
        USB: serial: option: adding support for YUGA CLM920-NC5
        phy: rcar-gen3-usb2: select USB_COMMON
        phy: rockchip-typec: add pm_runtime_disable in err case
        phy: cpcap-usb: Fix platform_get_irq_byname's error checking.
        phy: tegra: fix device-tree node lookups
        USB: serial: qcserial: add Sierra Wireless EM7565
        USB: serial: option: add support for Telit ME910 PID 0x1101
        USB: chipidea: msm: fix ulpi-node lookup
      a9746e40
    • Adam Borowski's avatar
      MAINTAINERS: mark arch/blackfin/ and its gubbins as orphaned · c0b23903
      Adam Borowski authored
      The blackfin architecture has seen no maintainer action of any kind since
      April 2015.  No new code, no pull requests, no acks to patches, no response
      to mails, nothing.
      
      The web site has an expired certificate (expiration Sep 2017, issued in
      2013), the mailing list sees no answers either, with one exception:
      
        https://sourceforge.net/p/adi-buildroot/mailman/adi-buildroot-devel/
        >
        > Steven is no longer working on this for ADI. Acked by me if this works. Thanks.
        >
        > Best regards,
        > Aaron Wu
        > Analog Devices Inc.
      
      But, Aaron doesn't seem to respond to queries either.
      Signed-off-by: default avatarAdam Borowski <kilobyte@angband.pl>
      Acked-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      c0b23903
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · 6bba94d0
      Linus Torvalds authored
      Pull sparc bugfix from David Miller.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        sparc64: repair calling incorrect hweight function from stubs
      6bba94d0
    • Thomas Gleixner's avatar
      x86/ldt: Make LDT pgtable free conditional · 7f414195
      Thomas Gleixner authored
      Andy prefers to be paranoid about the pagetable free in the error path of
      write_ldt(). Make it conditional and warn whenever the installment of a
      secondary LDT fails.
      Requested-by: default avatarAndy Lutomirski <luto@amacapital.net>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      7f414195
    • Thomas Gleixner's avatar
      x86/ldt: Plug memory leak in error path · a62d6985
      Thomas Gleixner authored
      The error path in write_ldt() tries to free 'old_ldt' instead of the newly
      allocated 'new_ldt', resulting in a memory leak. It also misses to clean up a
      half populated LDT pagetable, which is not a leak as it gets cleaned up
      when the process exits.
      
      Free both the potentially half populated LDT pagetable and the newly
      allocated LDT struct. This can be done unconditionally because once an LDT
      is mapped subsequent maps will succeed, because the PTE page is already
      populated and the two LDTs fit into that single page.
      Reported-by: default avatarMathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Dominik Brodowski <linux@dominikbrodowski.net>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Linus Torvalds <torvalds@linuxfoundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Fixes: f55f0501 ("x86/pti: Put the LDT in its own PGD if PTI is on")
      Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1712311121340.1899@nanosSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      a62d6985
    • Thomas Gleixner's avatar
      x86/mm: Remove preempt_disable/enable() from __native_flush_tlb() · decab088
      Thomas Gleixner authored
      The preempt_disable/enable() pair in __native_flush_tlb() was added in
      commit:
      
        5cf0791d ("x86/mm: Disable preemption during CR3 read+write")
      
      ... to protect the UP variant of flush_tlb_mm_range().
      
      That preempt_disable/enable() pair should have been added to the UP variant
      of flush_tlb_mm_range() instead.
      
      The UP variant was removed with commit:
      
        ce4a4e56 ("x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code")
      
      ... but the preempt_disable/enable() pair stayed around.
      
      The latest change to __native_flush_tlb() in commit:
      
        6fd166aa ("x86/mm: Use/Fix PCID to optimize user/kernel switches")
      
      ... added an access to a per CPU variable outside the preempt disabled
      regions, which makes no sense at all. __native_flush_tlb() must always
      be called with at least preemption disabled.
      
      Remove the preempt_disable/enable() pair and add a WARN_ON_ONCE() to catch
      bad callers independent of the smp_processor_id() debugging.
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: <stable@vger.kernel.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Dominik Brodowski <linux@dominikbrodowski.net>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Linus Torvalds <torvalds@linuxfoundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lkml.kernel.org/r/20171230211829.679325424@linutronix.deSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      decab088
    • Thomas Gleixner's avatar
      x86/smpboot: Remove stale TLB flush invocations · 322f8b8b
      Thomas Gleixner authored
      smpboot_setup_warm_reset_vector() and smpboot_restore_warm_reset_vector()
      invoke local_flush_tlb() for no obvious reason.
      
      Digging in history revealed that the original code in the 2.1 era added
      those because the code manipulated a swapper_pg_dir pagetable entry. The
      pagetable manipulation was removed long ago in the 2.3 timeframe, but the
      TLB flush invocations stayed around forever.
      
      Remove them along with the pointless pr_debug()s which come from the same 2.1
      change.
      Reported-by: default avatarDominik Brodowski <linux@dominikbrodowski.net>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: <stable@vger.kernel.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Linus Torvalds <torvalds@linuxfoundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lkml.kernel.org/r/20171230211829.586548655@linutronix.deSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      322f8b8b
  5. 30 Dec, 2017 2 commits