1. 27 Jul, 2020 3 commits
  2. 26 Jul, 2020 6 commits
  3. 20 Jul, 2020 1 commit
  4. 17 Jul, 2020 1 commit
  5. 10 Jul, 2020 1 commit
    • Charan Teja Kalla's avatar
      dmabuf: use spinlock to access dmabuf->name · 6348dd29
      Charan Teja Kalla authored
      There exists a sleep-while-atomic bug while accessing the dmabuf->name
      under mutex in the dmabuffs_dname(). This is caused from the SELinux
      permissions checks on a process where it tries to validate the inherited
      files from fork() by traversing them through iterate_fd() (which
      traverse files under spin_lock) and call
      match_file(security/selinux/hooks.c) where the permission checks happen.
      This audit information is logged using dump_common_audit_data() where it
      calls d_path() to get the file path name. If the file check happen on
      the dmabuf's fd, then it ends up in ->dmabuffs_dname() and use mutex to
      access dmabuf->name. The flow will be like below:
      flush_unauthorized_files()
        iterate_fd()
          spin_lock() --> Start of the atomic section.
            match_file()
              file_has_perm()
                avc_has_perm()
                  avc_audit()
                    slow_avc_audit()
      	        common_lsm_audit()
      		  dump_common_audit_data()
      		    audit_log_d_path()
      		      d_path()
                              dmabuffs_dname()
                                mutex_lock()--> Sleep while atomic.
      
      Call trace captured (on 4.19 kernels) is below:
      ___might_sleep+0x204/0x208
      __might_sleep+0x50/0x88
      __mutex_lock_common+0x5c/0x1068
      __mutex_lock_common+0x5c/0x1068
      mutex_lock_nested+0x40/0x50
      dmabuffs_dname+0xa0/0x170
      d_path+0x84/0x290
      audit_log_d_path+0x74/0x130
      common_lsm_audit+0x334/0x6e8
      slow_avc_audit+0xb8/0xf8
      avc_has_perm+0x154/0x218
      file_has_perm+0x70/0x180
      match_file+0x60/0x78
      iterate_fd+0x128/0x168
      selinux_bprm_committing_creds+0x178/0x248
      security_bprm_committing_creds+0x30/0x48
      install_exec_creds+0x1c/0x68
      load_elf_binary+0x3a4/0x14e0
      search_binary_handler+0xb0/0x1e0
      
      So, use spinlock to access dmabuf->name to avoid sleep-while-atomic.
      
      Cc: <stable@vger.kernel.org> [5.3+]
      Signed-off-by: default avatarCharan Teja Kalla <charante@codeaurora.org>
      Reviewed-by: default avatarMichael J. Ruhl <michael.j.ruhl@intel.com>
      Acked-by: default avatarChristian König <christian.koenig@amd.com>
       [sumits: added comment to spinlock_t definition to avoid warning]
      Signed-off-by: default avatarSumit Semwal <sumit.semwal@linaro.org>
      Link: https://patchwork.freedesktop.org/patch/msgid/a83e7f0d-4e54-9848-4b58-e1acdbe06735@codeaurora.org
      6348dd29
  6. 09 Jul, 2020 1 commit
    • Guenter Roeck's avatar
      drm/aspeed: Call drm_fbdev_generic_setup after drm_dev_register · 22493574
      Guenter Roeck authored
      The following backtrace is seen when running aspeed G5 kernels.
      
      WARNING: CPU: 0 PID: 1 at drivers/gpu/drm/drm_fb_helper.c:2233 drm_fbdev_generic_setup+0x138/0x198
      aspeed_gfx 1e6e6000.display: Device has not been registered.
      CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.8.0-rc3 #1
      Hardware name: Generic DT based system
      Backtrace:
      [<8010d6d0>] (dump_backtrace) from [<8010d9b8>] (show_stack+0x20/0x24)
      r7:00000009 r6:60000153 r5:00000000 r4:8119fa94
      [<8010d998>] (show_stack) from [<80b8cb98>] (dump_stack+0xcc/0xec)
      [<80b8cacc>] (dump_stack) from [<80123ef0>] (__warn+0xd8/0xfc)
      r7:00000009 r6:80e62ed0 r5:00000000 r4:974c3ccc
      [<80123e18>] (__warn) from [<80123f98>] (warn_slowpath_fmt+0x84/0xc4)
      r9:00000009 r8:806a0140 r7:000008b9 r6:80e62ed0 r5:80e631f8 r4:974c2000
      [<80123f18>] (warn_slowpath_fmt) from [<806a0140>] (drm_fbdev_generic_setup+0x138/0x198)
      r9:00000001 r8:9758fc10 r7:9758fc00 r6:00000000 r5:00000020 r4:9768a000
      [<806a0008>] (drm_fbdev_generic_setup) from [<806d4558>] (aspeed_gfx_probe+0x204/0x32c)
      r7:9758fc00 r6:00000000 r5:00000000 r4:9768a000
      [<806d4354>] (aspeed_gfx_probe) from [<806dfca0>] (platform_drv_probe+0x58/0xa8)
      
      Since commit 1aed9509 ("drm/fb-helper: Remove return value from
      drm_fbdev_generic_setup()"), drm_fbdev_generic_setup() must be called
      after drm_dev_register() to avoid the warning. Do that.
      
      Fixes: 1aed9509 ("drm/fb-helper: Remove return value from drm_fbdev_generic_setup()")
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Acked-by: default avatarSam Ravnborg <sam@ravnborg.org>
      Acked-by: default avatarJoel Stanley <joel@jms.id.au>
      Signed-off-by: default avatarThomas Zimmermann <tzimmermann@suse.de>
      Link: https://patchwork.freedesktop.org/patch/msgid/20200701001002.74997-1-linux@roeck-us.net
      22493574
  7. 08 Jul, 2020 1 commit
  8. 02 Jul, 2020 1 commit
  9. 30 Jun, 2020 1 commit
  10. 25 Jun, 2020 1 commit
  11. 24 Jun, 2020 1 commit
    • Daniel Vetter's avatar
      drm/fb-helper: Fix vt restore · dc5bdb68
      Daniel Vetter authored
      In the past we had a pile of hacks to orchestrate access between fbdev
      emulation and native kms clients. We've tried to streamline this, by
      always preferring the kms side above fbdev calls when a drm master
      exists, because drm master controls access to the display resources.
      
      Unfortunately this breaks existing userspace, specifically Xorg. When
      exiting Xorg first restores the console to text mode using the KDSET
      ioctl on the vt. This does nothing, because a drm master is still
      around. Then it drops the drm master status, which again does nothing,
      because logind is keeping additional drm fd open to be able to
      orchestrate vt switches. In the past this is the point where fbdev was
      restored, as part of the ->lastclose hook on the drm side.
      
      Now to fix this regression we don't want to go back to letting fbdev
      restore things whenever it feels like, or to the pile of hacks we've
      had before. Instead try and go with a minimal exception to make the
      KDSET case work again, and nothing else.
      
      This means that if userspace does a KDSET call when switching between
      graphical compositors, there will be some flickering with fbcon
      showing up for a bit. But a) that's not a regression and b) userspace
      can fix it by improving the vt switching dance - logind should have
      all the information it needs.
      
      While pondering all this I'm also wondering wheter we should have a
      SWITCH_MASTER ioctl to allow race-free master status handover. But
      that's for another day.
      
      v2: Somehow forgot to cc all the fbdev people.
      
      v3: Fix typo Alex spotted.
      Reviewed-by: default avatarAlex Deucher <alexander.deucher@amd.com>
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=208179
      Cc: shlomo@fastmail.com
      Reported-and-Tested-by: shlomo@fastmail.com
      Cc: Michel Dänzer <michel@daenzer.net>
      Fixes: 64914da2 ("drm/fbdev-helper: don't force restores")
      Cc: Noralf Trønnes <noralf@tronnes.org>
      Cc: Thomas Zimmermann <tzimmermann@suse.de>
      Cc: Daniel Vetter <daniel.vetter@intel.com>
      Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
      Cc: Maxime Ripard <mripard@kernel.org>
      Cc: David Airlie <airlied@linux.ie>
      Cc: Daniel Vetter <daniel@ffwll.ch>
      Cc: dri-devel@lists.freedesktop.org
      Cc: <stable@vger.kernel.org> # v5.7+
      Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
      Cc: Geert Uytterhoeven <geert@linux-m68k.org>
      Cc: Nathan Chancellor <natechancellor@gmail.com>
      Cc: Qiujun Huang <hqjagain@gmail.com>
      Cc: Peter Rosin <peda@axentia.se>
      Cc: linux-fbdev@vger.kernel.org
      Signed-off-by: default avatarDaniel Vetter <daniel.vetter@intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20200624092910.3280448-1-daniel.vetter@ffwll.ch
      dc5bdb68
  12. 23 Jun, 2020 3 commits
  13. 21 Jun, 2020 3 commits
  14. 16 Jun, 2020 3 commits
  15. 15 Jun, 2020 2 commits
  16. 14 Jun, 2020 4 commits
    • Linus Torvalds's avatar
      Linux 5.8-rc1 · b3a9e3b9
      Linus Torvalds authored
      b3a9e3b9
    • Linus Torvalds's avatar
      Merge tag 'LSM-add-setgid-hook-5.8-author-fix' of git://github.com/micah-morton/linux · 4a87b197
      Linus Torvalds authored
      Pull SafeSetID update from Micah Morton:
       "Add additional LSM hooks for SafeSetID
      
        SafeSetID is capable of making allow/deny decisions for set*uid calls
        on a system, and we want to add similar functionality for set*gid
        calls.
      
        The work to do that is not yet complete, so probably won't make it in
        for v5.8, but we are looking to get this simple patch in for v5.8
        since we have it ready.
      
        We are planning on the rest of the work for extending the SafeSetID
        LSM being merged during the v5.9 merge window"
      
      * tag 'LSM-add-setgid-hook-5.8-author-fix' of git://github.com/micah-morton/linux:
        security: Add LSM hooks to set*gid syscalls
      4a87b197
    • Thomas Cedeno's avatar
      security: Add LSM hooks to set*gid syscalls · 39030e13
      Thomas Cedeno authored
      The SafeSetID LSM uses the security_task_fix_setuid hook to filter
      set*uid() syscalls according to its configured security policy. In
      preparation for adding analagous support in the LSM for set*gid()
      syscalls, we add the requisite hook here. Tested by putting print
      statements in the security_task_fix_setgid hook and seeing them get hit
      during kernel boot.
      Signed-off-by: default avatarThomas Cedeno <thomascedeno@google.com>
      Signed-off-by: default avatarMicah Morton <mortonm@chromium.org>
      39030e13
    • Linus Torvalds's avatar
      Merge tag 'for-5.8-part2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 9d645db8
      Linus Torvalds authored
      Pull btrfs updates from David Sterba:
       "This reverts the direct io port to iomap infrastructure of btrfs
        merged in the first pull request. We found problems in invalidate page
        that don't seem to be fixable as regressions or without changing iomap
        code that would not affect other filesystems.
      
        There are four reverts in total, but three of them are followup
        cleanups needed to revert a43a67a2 cleanly. The result is the
        buffer head based implementation of direct io.
      
        Reverts are not great, but under current circumstances I don't see
        better options"
      
      * tag 'for-5.8-part2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        Revert "btrfs: switch to iomap_dio_rw() for dio"
        Revert "fs: remove dio_end_io()"
        Revert "btrfs: remove BTRFS_INODE_READDIO_NEED_LOCK"
        Revert "btrfs: split btrfs_direct_IO to read and write part"
      9d645db8
  17. 13 Jun, 2020 7 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 96144c58
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix cfg80211 deadlock, from Johannes Berg.
      
       2) RXRPC fails to send norigications, from David Howells.
      
       3) MPTCP RM_ADDR parsing has an off by one pointer error, fix from
          Geliang Tang.
      
       4) Fix crash when using MSG_PEEK with sockmap, from Anny Hu.
      
       5) The ucc_geth driver needs __netdev_watchdog_up exported, from
          Valentin Longchamp.
      
       6) Fix hashtable memory leak in dccp, from Wang Hai.
      
       7) Fix how nexthops are marked as FDB nexthops, from David Ahern.
      
       8) Fix mptcp races between shutdown and recvmsg, from Paolo Abeni.
      
       9) Fix crashes in tipc_disc_rcv(), from Tuong Lien.
      
      10) Fix link speed reporting in iavf driver, from Brett Creeley.
      
      11) When a channel is used for XSK and then reused again later for XSK,
          we forget to clear out the relevant data structures in mlx5 which
          causes all kinds of problems. Fix from Maxim Mikityanskiy.
      
      12) Fix memory leak in genetlink, from Cong Wang.
      
      13) Disallow sockmap attachments to UDP sockets, it simply won't work.
          From Lorenz Bauer.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (83 commits)
        net: ethernet: ti: ale: fix allmulti for nu type ale
        net: ethernet: ti: am65-cpsw-nuss: fix ale parameters init
        net: atm: Remove the error message according to the atomic context
        bpf: Undo internal BPF_PROBE_MEM in BPF insns dump
        libbpf: Support pre-initializing .bss global variables
        tools/bpftool: Fix skeleton codegen
        bpf: Fix memlock accounting for sock_hash
        bpf: sockmap: Don't attach programs to UDP sockets
        bpf: tcp: Recv() should return 0 when the peer socket is closed
        ibmvnic: Flush existing work items before device removal
        genetlink: clean up family attributes allocations
        net: ipa: header pad field only valid for AP->modem endpoint
        net: ipa: program upper nibbles of sequencer type
        net: ipa: fix modem LAN RX endpoint id
        net: ipa: program metadata mask differently
        ionic: add pcie_print_link_status
        rxrpc: Fix race between incoming ACK parser and retransmitter
        net/mlx5: E-Switch, Fix some error pointer dereferences
        net/mlx5: Don't fail driver on failure to create debugfs
        net/mlx5e: CT: Fix ipv6 nat header rewrite actions
        ...
      96144c58
    • David Sterba's avatar
      Revert "btrfs: switch to iomap_dio_rw() for dio" · 55e20bd1
      David Sterba authored
      This reverts commit a43a67a2.
      
      This patch reverts the main part of switching direct io implementation
      to iomap infrastructure. There's a problem in invalidate page that
      couldn't be solved as regression in this development cycle.
      
      The problem occurs when buffered and direct io are mixed, and the ranges
      overlap. Although this is not recommended, filesystems implement
      measures or fallbacks to make it somehow work. In this case, fallback to
      buffered IO would be an option for btrfs (this already happens when
      direct io is done on compressed data), but the change would be needed in
      the iomap code, bringing new semantics to other filesystems.
      
      Another problem arises when again the buffered and direct ios are mixed,
      invalidation fails, then -EIO is set on the mapping and fsync will fail,
      though there's no real error.
      
      There have been discussions how to fix that, but revert seems to be the
      least intrusive option.
      
      Link: https://lore.kernel.org/linux-btrfs/20200528192103.xm45qoxqmkw7i5yl@fiona/Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      55e20bd1
    • Grygorii Strashko's avatar
      net: ethernet: ti: ale: fix allmulti for nu type ale · bc139119
      Grygorii Strashko authored
      On AM65xx MCU CPSW2G NUSS and 66AK2E/L NUSS allmulti setting does not allow
      unregistered mcast packets to pass.
      
      This happens, because ALE VLAN entries on these SoCs do not contain port
      masks for reg/unreg mcast packets, but instead store indexes of
      ALE_VLAN_MASK_MUXx_REG registers which intended for store port masks for
      reg/unreg mcast packets.
      This path was missed by commit 9d1f6447 ("net: ethernet: ti: ale: fix
      seeing unreg mcast packets with promisc and allmulti disabled").
      
      Hence, fix it by taking into account ALE type in cpsw_ale_set_allmulti().
      
      Fixes: 9d1f6447 ("net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled")
      Signed-off-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bc139119
    • Grygorii Strashko's avatar
      net: ethernet: ti: am65-cpsw-nuss: fix ale parameters init · 2074f9ea
      Grygorii Strashko authored
      The ALE parameters structure is created on stack, so it has to be reset
      before passing to cpsw_ale_create() to avoid garbage values.
      
      Fixes: 93a76530 ("net: ethernet: ti: introduce am65x/j721e gigabit eth subsystem driver")
      Signed-off-by: default avatarGrygorii Strashko <grygorii.strashko@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2074f9ea
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · fa7566a0
      David S. Miller authored
      Alexei Starovoitov says:
      
      ====================
      pull-request: bpf 2020-06-12
      
      The following pull-request contains BPF updates for your *net* tree.
      
      We've added 26 non-merge commits during the last 10 day(s) which contain
      a total of 27 files changed, 348 insertions(+), 93 deletions(-).
      
      The main changes are:
      
      1) sock_hash accounting fix, from Andrey.
      
      2) libbpf fix and probe_mem sanitizing, from Andrii.
      
      3) sock_hash fixes, from Jakub.
      
      4) devmap_val fix, from Jesper.
      
      5) load_bytes_relative fix, from YiFei.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fa7566a0
    • Liao Pingfang's avatar
      net: atm: Remove the error message according to the atomic context · bf97bac9
      Liao Pingfang authored
      Looking into the context (atomic!) and the error message should be dropped.
      Signed-off-by: default avatarLiao Pingfang <liao.pingfang@zte.com.cn>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bf97bac9
    • Linus Torvalds's avatar
      Merge tag '5.8-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6 · f82e7b57
      Linus Torvalds authored
      Pull more cifs updates from Steve French:
       "12 cifs/smb3 fixes, 2 for stable.
      
         - add support for idsfromsid on create and chgrp/chown allowing
           ability to save owner information more naturally for some workloads
      
         - improve query info (getattr) when SMB3.1.1 posix extensions are
           negotiated by using new query info level"
      
      * tag '5.8-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6:
        smb3: Add debug message for new file creation with idsfromsid mount option
        cifs: fix chown and chgrp when idsfromsid mount option enabled
        smb3: allow uid and gid owners to be set on create with idsfromsid mount option
        smb311: Add tracepoints for new compound posix query info
        smb311: add support for using info level for posix extensions query
        smb311: Add support for lookup with posix extensions query info
        smb311: Add support for SMB311 query info (non-compounded)
        SMB311: Add support for query info using posix extensions (level 100)
        smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl
        smb3: fix typo in mount options displayed in /proc/mounts
        cifs: Add get_security_type_str function to return sec type.
        smb3: extend fscache mount volume coherency check
      f82e7b57