1. 24 May, 2018 1 commit
  2. 22 May, 2018 1 commit
    • Peter Maydell's avatar
      arm64: fault: Don't leak data in ESR context for user fault on kernel VA · cc198460
      Peter Maydell authored
      If userspace faults on a kernel address, handing them the raw ESR
      value on the sigframe as part of the delivered signal can leak data
      useful to attackers who are using information about the underlying hardware
      fault type (e.g. translation vs permission) as a mechanism to defeat KASLR.
      
      However there are also legitimate uses for the information provided
      in the ESR -- notably the GCC and LLVM sanitizers use this to report
      whether wild pointer accesses by the application are reads or writes
      (since a wild write is a more serious bug than a wild read), so we
      don't want to drop the ESR information entirely.
      
      For faulting addresses in the kernel, sanitize the ESR. We choose
      to present userspace with the illusion that there is nothing mapped
      in the kernel's part of the address space at all, by reporting all
      faults as level 0 translation faults taken to EL1.
      
      These fields are safe to pass through to userspace as they depend
      only on the instruction that userspace used to provoke the fault:
       EC IL (always)
       ISV CM WNR (for all data aborts)
      All the other fields in ESR except DFSC are architecturally RES0
      for an L0 translation fault taken to EL1, so can be zeroed out
      without confusing userspace.
      
      The illusion is not entirely perfect, as there is a tiny wrinkle
      where we will report an alignment fault that was not due to the memory
      type (for instance a LDREX to an unaligned address) as a translation
      fault, whereas if you do this on real unmapped memory the alignment
      fault takes precedence. This is not likely to trip anybody up in
      practice, as the only users we know of for the ESR information who
      care about the behaviour for kernel addresses only really want to
      know about the WnR bit.
      Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      cc198460
  3. 21 May, 2018 2 commits
    • Jason A. Donenfeld's avatar
      arm64: export tishift functions to modules · 255845fc
      Jason A. Donenfeld authored
      Otherwise modules that use these arithmetic operations will fail to
      link. We accomplish this with the usual EXPORT_SYMBOL, which on most
      architectures goes in the .S file but the ARM64 maintainers prefer that
      insead it goes into arm64ksyms.
      
      While we're at it, we also fix this up to use SPDX, and I personally
      choose to relicense this as GPL2||BSD so that these symbols don't need
      to be export_symbol_gpl, so all modules can use the routines, since
      these are important general purpose compiler-generated function calls.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Reported-by: default avatarPaX Team <pageexec@freemail.hu>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      255845fc
    • Will Deacon's avatar
      arm64: lse: Add early clobbers to some input/output asm operands · 32c3fa7c
      Will Deacon authored
      For LSE atomics that read and write a register operand, we need to
      ensure that these operands are annotated as "early clobber" if the
      register is written before all of the input operands have been consumed.
      Failure to do so can result in the compiler allocating the same register
      to both operands, leading to splats such as:
      
       Unable to handle kernel paging request at virtual address 11111122222221
       [...]
       x1 : 1111111122222222 x0 : 1111111122222221
       Process swapper/0 (pid: 1, stack limit = 0x000000008209f908)
       Call trace:
        test_atomic64+0x1360/0x155c
      
      where x0 has been allocated as both the value to be stored and also the
      atomic_t pointer.
      
      This patch adds the missing clobbers.
      
      Cc: <stable@vger.kernel.org>
      Cc: Dave Martin <dave.martin@arm.com>
      Cc: Robin Murphy <robin.murphy@arm.com>
      Reported-by: default avatarMark Salter <msalter@redhat.com>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      32c3fa7c
  4. 20 May, 2018 14 commits
    • Linus Torvalds's avatar
      Linux 4.17-rc6 · 771c577c
      Linus Torvalds authored
      771c577c
    • Linus Torvalds's avatar
      Merge branch 'parisc-4.17-5' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · 6fd5a36a
      Linus Torvalds authored
      Pull parisc fixlets from Helge Deller:
       "Three small section mismatch fixes, one of them was found by 0-day
        test infrastructure"
      
      * 'parisc-4.17-5' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Move ccio_cujo20_fixup() into init section
        parisc: Move setup_profiling_timer() out of init section
        parisc: Move find_pa_parent_type() out of init section
      6fd5a36a
    • Linus Torvalds's avatar
      Merge tag 'for-4.17-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · e5e03ad9
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
       "We've accumulated some fixes during the last week, some of them were
        in the works for a longer time but there are some newer ones too.
      
        Most of the fixes have a reproducer and fix user visible problems,
        also candidates for stable kernels. They IMHO qualify for a late rc,
        though I did not expect that many"
      
      * tag 'for-4.17-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: fix crash when trying to resume balance without the resume flag
        btrfs: Fix delalloc inodes invalidation during transaction abort
        btrfs: Split btrfs_del_delalloc_inode into 2 functions
        btrfs: fix reading stale metadata blocks after degraded raid1 mounts
        btrfs: property: Set incompat flag if lzo/zstd compression is set
        Btrfs: fix duplicate extents after fsync of file with prealloc extents
        Btrfs: fix xattr loss after power failure
        Btrfs: send, fix invalid access to commit roots due to concurrent snapshotting
      e5e03ad9
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm · 132ce5d4
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
      
       - Łukasz Stelmach spotted a couple of issues with the decompressor.
      
       - a couple of kdump fixes found while testing kdump
      
       - replace some perl with shell code
      
       - resolve SIGFPE breakage
      
       - kprobes fixes
      
      * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: fix kill( ,SIGFPE) breakage
        ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
        ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
        ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
        ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
        ARM: replace unnecessary perl with sed and the shell $(( )) operator
        ARM: kexec: record parent context registers for non-crash CPUs
        ARM: kexec: fix kdump register saving on panic()
        ARM: 8758/1: decompressor: restore r1 and r2 just before jumping to the kernel
        ARM: 8753/1: decompressor: add a missing parameter to the addruart macro
      132ce5d4
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 8a6bd2f4
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
       "An unfortunately larger set of fixes, but a large portion is
        selftests:
      
         - Fix the missing clusterid initializaiton for x2apic cluster
           management which caused boot failures due to IPIs being sent to the
           wrong cluster
      
         - Drop TX_COMPAT when a 64bit executable is exec()'ed from a compat
           task
      
         - Wrap access to __supported_pte_mask in __startup_64() where clang
           compile fails due to a non PC relative access being generated.
      
         - Two fixes for 5 level paging fallout in the decompressor:
      
            - Handle GOT correctly for paging_prepare() and
              cleanup_trampoline()
      
            - Fix the page table handling in cleanup_trampoline() to avoid
              page table corruption.
      
         - Stop special casing protection key 0 as this is inconsistent with
           the manpage and also inconsistent with the allocation map handling.
      
         - Override the protection key wen moving away from PROT_EXEC to
           prevent inaccessible memory.
      
         - Fix and update the protection key selftests to address breakage and
           to cover the above issue
      
         - Add a MOV SS self test"
      
      [ Part of the x86 fixes were in the earlier core pull due to dependencies ]
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (21 commits)
        x86/mm: Drop TS_COMPAT on 64-bit exec() syscall
        x86/apic/x2apic: Initialize cluster ID properly
        x86/boot/compressed/64: Fix moving page table out of trampoline memory
        x86/boot/compressed/64: Set up GOT for paging_prepare() and cleanup_trampoline()
        x86/pkeys: Do not special case protection key 0
        x86/pkeys/selftests: Add a test for pkey 0
        x86/pkeys/selftests: Save off 'prot' for allocations
        x86/pkeys/selftests: Fix pointer math
        x86/pkeys: Override pkey when moving away from PROT_EXEC
        x86/pkeys/selftests: Fix pkey exhaustion test off-by-one
        x86/pkeys/selftests: Add PROT_EXEC test
        x86/pkeys/selftests: Factor out "instruction page"
        x86/pkeys/selftests: Allow faults on unknown keys
        x86/pkeys/selftests: Avoid printf-in-signal deadlocks
        x86/pkeys/selftests: Remove dead debugging code, fix dprint_in_signal
        x86/pkeys/selftests: Stop using assert()
        x86/pkeys/selftests: Give better unexpected fault error messages
        x86/selftests: Add mov_to_ss test
        x86/mpx/selftests: Adjust the self-test to fresh distros that export the MPX ABI
        x86/pkeys/selftests: Adjust the self-test to fresh distros that export the pkeys ABI
        ...
      8a6bd2f4
    • Linus Torvalds's avatar
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · b9aad922
      Linus Torvalds authored
      Pull UP timer fix from Thomas Gleixner:
       "Work around the for_each_cpu() oddity on UP kernels in the tick
        broadcast code which causes boot failures because the CPU0 bit is
        always reported as set independent of the cpumask content"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        tick/broadcast: Use for_each_cpu() specially on UP kernels
      b9aad922
    • Linus Torvalds's avatar
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 441cab96
      Linus Torvalds authored
      Pull scheduler fixlets from Thomas Gleixner:
       "Three trivial fixlets for the scheduler:
      
         - move print_rt_rq() and print_dl_rq() declarations to the right
           place
      
         - make grub_reclaim() static
      
         - fix the bogus documentation reference in Kconfig"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/fair: Fix documentation file path
        sched/deadline: Make the grub_reclaim() function static
        sched/debug: Move the print_rt_rq() and print_dl_rq() declarations to kernel/sched/sched.h
      441cab96
    • Linus Torvalds's avatar
      Merge branch 'ras-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 74cce52f
      Linus Torvalds authored
      Pull RAS fix from Thomas Gleixner:
       "Fix a regression in the new AMD SMCA code which issues an SMP function
        call from the early interrupt disabled region of CPU hotplug. To avoid
        that, use cached block addresses which can be used directly"
      
      * 'ras-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/MCE/AMD: Cache SMCA MISC block addresses
      74cce52f
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 95bcce4d
      Linus Torvalds authored
      Pull perf tooling fixes from Thomas Gleixner:
      
       - fix segfault when processing unknown threads in cs-etm
      
       - fix "perf test inet_pton" on s390 failing due to missing inline
      
       - display all available events on 'perf annotate --stdio'
      
       - add missing newline when parsing an empty BPF program
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf tools: Add missing newline when parsing empty BPF proggie
        perf cs-etm: Remove redundant space
        perf cs-etm: Support unknown_thread in cs_etm_auxtrace
        perf annotate: Display all available events on --stdio
        perf test: "probe libc's inet_pton" fails on s390 due to missing inline
      95bcce4d
    • Linus Torvalds's avatar
      Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 4b65f455
      Linus Torvalds authored
      Pull locking fixes from Thomas Gleixner:
       "Two fixes to address shortcomings of the rwsem/percpu-rwsem lock
        debugging code which emits false positive warnings when the rwsem is
        anonymously locked and unlocked"
      
      * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        locking/percpu-rwsem: Annotate rwsem ownership transfer by setting RWSEM_OWNER_UNKNOWN
        locking/rwsem: Add a new RWSEM_ANONYMOUSLY_OWNED flag
      4b65f455
    • Linus Torvalds's avatar
      Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 056ad121
      Linus Torvalds authored
      Pull EFI fixes from Thomas Gleixner:
      
       - Use explicitely sized type for the romimage pointer in the 32bit EFI
         protocol struct so a 64bit kernel does not expand it to 64bit. Ditto
         for the 64bit struct to avoid the reverse issue on 32bit kernels.
      
       - Handle randomized tex offset correctly in the ARM64 EFI stub to avoid
         unaligned data resulting in stack corruption and other hard to
         diagnose wreckage.
      
      * 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        efi/libstub/arm64: Handle randomized TEXT_OFFSET
        efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
      056ad121
    • Linus Torvalds's avatar
      Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 583dbad3
      Linus Torvalds authored
      Pull core fixes from Thomas Gleixner:
      
       - Unbreak the BPF compilation which got broken by the unconditional
         requirement of asm-goto, which is not supported by clang.
      
       - Prevent probing on exception masking instructions in uprobes and
         kprobes to avoid the issues of the delayed exceptions instead of
         having an ugly workaround.
      
       - Prevent a double free_page() in the error path of do_kexec_load()
      
       - A set of objtool updates addressing various issues mostly related to
         switch tables and the noreturn detection for recursive sibling calls
      
       - Header sync for tools.
      
      * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        objtool: Detect RIP-relative switch table references, part 2
        objtool: Detect RIP-relative switch table references
        objtool: Support GCC 8 switch tables
        objtool: Support GCC 8's cold subfunctions
        objtool: Fix "noreturn" detection for recursive sibling calls
        objtool, kprobes/x86: Sync the latest <asm/insn.h> header with tools/objtool/arch/x86/include/asm/insn.h
        x86/cpufeature: Guard asm_volatile_goto usage for BPF compilation
        uprobes/x86: Prohibit probing on MOV SS instruction
        kprobes/x86: Prohibit probing on exception masking instructions
        x86/kexec: Avoid double free_page() upon do_kexec_load() failure
      583dbad3
    • Linus Torvalds's avatar
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 203ec2fe
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
       "A handful of fixes. I've been queuing them up a bit too long so the
        list is longer than it otherwise would have been spread out across a
        few -rcs.
      
        In general, it's a scattering of fixes across several platforms,
        nothing truly serious enough to point out.
      
        There's a slightly larger batch of them for the Davinci platforms due
        to work to bring them back to life after some time, so there's a
        handful of regressions, some of them going back very far, others more
        recent.
      
        There's also a few patches fixing DT on Renesas platforms since they
        changed some bindings without remaining backwards compatible,
        splitting up describing LVDS as a proper bridge instead of having it
        as part of the display unit.
      
        We could push for them to be backwards compatible with old device
        trees, but it's likely to regress eventually if nobody's actually
        using said compatibility"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (36 commits)
        ARM: davinci: board-dm646x-evm: set VPIF capture card name
        ARM: davinci: board-dm646x-evm: pass correct I2C adapter id for VPIF
        ARM: davinci: dm646x: fix timer interrupt generation
        ARM: keystone: fix platform_domain_notifier array overrun
        arm64: dts: exynos: Fix interrupt type for I2S1 device on Exynos5433
        ARM: dts: imx51-zii-rdu1: fix touchscreen bindings
        firmware: arm_scmi: Use after free in scmi_create_protocol_device()
        ARM: dts: cygnus: fix irq type for arm global timer
        Revert "ARM: dts: logicpd-som-lv: Fix pinmux controller references"
        tee: check shm references are consistent in offset/size
        tee: shm: fix use-after-free via temporarily dropped reference
        ARM: dts: imx7s: Pass the 'fsl,sec-era' property
        ARM: dts: tegra20: Revert "Fix ULPI regression on Tegra20"
        ARM: dts: correct missing "compatible" entry for ti81xx SoCs
        ARM: OMAP1: ams-delta: fix deferred_fiq handler
        arm64: tegra: Make BCM89610 PHY interrupt as active low
        ARM: davinci: fix GPIO lookup for I2C
        ARM: dts: logicpd-som-lv: Fix pinmux controller references
        ARM: dts: logicpd-som-lv: Fix Audio Mute
        ARM: dts: logicpd-som-lv: Fix WL127x Startup Issues
        ...
      203ec2fe
    • Olof Johansson's avatar
      Merge tag 'tegra-for-4.17-fixes-2' of... · 709f490d
      Olof Johansson authored
      Merge tag 'tegra-for-4.17-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux into fixes
      
      arm64: tegra: Device tree fixes for v4.17
      
      This contains a one-line update to the device tree of the Tegra186 P3310
      processor module, fixing the polarity of the PHY interrupt. Originally,
      this was queued to go into v4.18, but the PHY ID matching patch has now
      found its way into v4.17-rc5, which means that the PHY driver will know
      how to identify the PHY on this board and try to use the interrupt. This
      will unfortunately cause networking to break on P3310, hence why I think
      this should go into v4.17.
      
      * tag 'tegra-for-4.17-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux:
        arm64: tegra: Make BCM89610 PHY interrupt as active low
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      709f490d
  5. 19 May, 2018 22 commits