1. 15 Jul, 2016 6 commits
  2. 13 Jul, 2016 4 commits
    • Dave Hansen's avatar
      x86/mm: Use pte_none() to test for empty PTE · dcb32d99
      Dave Hansen authored
      The page table manipulation code seems to have grown a couple of
      sites that are looking for empty PTEs.  Just in case one of these
      entries got a stray bit set, use pte_none() instead of checking
      for a zero pte_val().
      
      The use pte_same() makes me a bit nervous.  If we were doing a
      pte_same() check against two cleared entries and one of them had
      a stray bit set, it might fail the pte_same() check.  But, I
      don't think we ever _do_ pte_same() for cleared entries.  It is
      almost entirely used for checking for races in fault-in paths.
      Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Dave Hansen <dave@sr71.net>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Luis R. Rodriguez <mcgrof@suse.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Toshi Kani <toshi.kani@hp.com>
      Cc: dave.hansen@intel.com
      Cc: linux-mm@kvack.org
      Cc: mhocko@suse.com
      Link: http://lkml.kernel.org/r/20160708001915.813703D9@viggo.jf.intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      dcb32d99
    • Dave Hansen's avatar
      x86/mm: Disallow running with 32-bit PTEs to work around erratum · e4a84be6
      Dave Hansen authored
      The Intel(R) Xeon Phi(TM) Processor x200 Family (codename: Knights
      Landing) has an erratum where a processor thread setting the Accessed
      or Dirty bits may not do so atomically against its checks for the
      Present bit.  This may cause a thread (which is about to page fault)
      to set A and/or D, even though the Present bit had already been
      atomically cleared.
      
      These bits are truly "stray".  In the case of the Dirty bit, the
      thread associated with the stray set was *not* allowed to write to
      the page.  This means that we do not have to launder the bit(s); we
      can simply ignore them.
      
      If the PTE is used for storing a swap index or a NUMA migration index,
      the A bit could be misinterpreted as part of the swap type.  The stray
      bits being set cause a software-cleared PTE to be interpreted as a
      swap entry.  In some cases (like when the swap index ends up being
      for a non-existent swapfile), the kernel detects the stray value
      and WARN()s about it, but there is no guarantee that the kernel can
      always detect it.
      
      When we have 64-bit PTEs (64-bit mode or 32-bit PAE), we were able
      to move the swap PTE format around to avoid these troublesome bits.
      But, 32-bit non-PAE is tight on bits.  So, disallow it from running
      on this hardware.  I can't imagine anyone wanting to run 32-bit
      non-highmem kernels on this hardware, but disallowing them from
      running entirely is surely the safe thing to do.
      Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Dave Hansen <dave@sr71.net>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Luis R. Rodriguez <mcgrof@suse.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Toshi Kani <toshi.kani@hp.com>
      Cc: dave.hansen@intel.com
      Cc: linux-mm@kvack.org
      Cc: mhocko@suse.com
      Link: http://lkml.kernel.org/r/20160708001914.D0B50110@viggo.jf.intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      e4a84be6
    • Dave Hansen's avatar
      x86/mm: Ignore A/D bits in pte/pmd/pud_none() · 97e3c602
      Dave Hansen authored
      The erratum we are fixing here can lead to stray setting of the
      A and D bits.  That means that a pte that we cleared might
      suddenly have A/D set.  So, stop considering those bits when
      determining if a pte is pte_none().  The same goes for the
      other pmd_none() and pud_none().  pgd_none() can be skipped
      because it is not affected; we do not use PGD entries for
      anything other than pagetables on affected configurations.
      
      This adds a tiny amount of overhead to all pte_none() checks.
      I doubt we'll be able to measure it anywhere.
      Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Dave Hansen <dave@sr71.net>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Luis R. Rodriguez <mcgrof@suse.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Toshi Kani <toshi.kani@hp.com>
      Cc: dave.hansen@intel.com
      Cc: linux-mm@kvack.org
      Cc: mhocko@suse.com
      Link: http://lkml.kernel.org/r/20160708001912.5216F89C@viggo.jf.intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      97e3c602
    • Dave Hansen's avatar
      x86/mm: Move swap offset/type up in PTE to work around erratum · 00839ee3
      Dave Hansen authored
      This erratum can result in Accessed/Dirty getting set by the hardware
      when we do not expect them to be (on !Present PTEs).
      
      Instead of trying to fix them up after this happens, we just
      allow the bits to get set and try to ignore them.  We do this by
      shifting the layout of the bits we use for swap offset/type in
      our 64-bit PTEs.
      
      It looks like this:
      
       bitnrs: |     ...            | 11| 10|  9|8|7|6|5| 4| 3|2|1|0|
       names:  |     ...            |SW3|SW2|SW1|G|L|D|A|CD|WT|U|W|P|
       before: |         OFFSET (9-63)          |0|X|X| TYPE(1-5) |0|
        after: | OFFSET (14-63)  |  TYPE (9-13) |0|X|X|X| X| X|X|X|0|
      
      Note that D was already a don't care (X) even before.  We just
      move TYPE up and turn its old spot (which could be hit by the
      A bit) into all don't cares.
      
      We take 5 bits away from the offset, but that still leaves us
      with 50 bits which lets us index into a 62-bit swapfile (4 EiB).
      I think that's probably fine for the moment.  We could
      theoretically reclaim 5 of the bits (1, 2, 3, 4, 7) but it
      doesn't gain us anything.
      Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Dave Hansen <dave@sr71.net>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Luis R. Rodriguez <mcgrof@suse.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Toshi Kani <toshi.kani@hp.com>
      Cc: dave.hansen@intel.com
      Cc: linux-mm@kvack.org
      Cc: mhocko@suse.com
      Link: http://lkml.kernel.org/r/20160708001911.9A3FD2B6@viggo.jf.intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      00839ee3
  3. 10 Jul, 2016 2 commits
  4. 09 Jul, 2016 2 commits
  5. 08 Jul, 2016 24 commits
    • Linus Torvalds's avatar
      Merge tag 'ecryptfs-4.7-rc7-fixes' of... · b987c759
      Linus Torvalds authored
      Merge tag 'ecryptfs-4.7-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs
      
      Pull eCryptfs fixes from Tyler Hicks:
       "Provide a more concise fix for CVE-2016-1583:
         - Additionally fixes linux-stable regressions caused by the
           cherry-picking of the original fix
      
        Some very minor changes that have queued up:
         - Fix typos in code comments
         - Remove unnecessary check for NULL before destroying kmem_cache"
      
      * tag 'ecryptfs-4.7-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
        ecryptfs: don't allow mmap when the lower fs doesn't support it
        Revert "ecryptfs: forbid opening files without mmap handler"
        ecryptfs: fix spelling mistakes
        eCryptfs: fix typos in comment
        ecryptfs: drop null test before destroy functions
      b987c759
    • Linus Torvalds's avatar
      Merge tag 'iommu-fixes-v4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · b89c44bb
      Linus Torvalds authored
      Pull IOMMU fixes from Joerg Roedel:
       "Two Fixes:
      
         - Intel VT-d fix for a suspend/resume issue, introduced with the
           scalability improvements in this cycle.
      
         - AMD IOMMU fix for systems that have unity mappings defined.  There
           was a race where translation got enabled before the unity mappings
           were in place.  This issue was seen on some HP servers"
      
      * tag 'iommu-fixes-v4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
        iommu/amd: Fix unity mapping initialization race
        iommu/vt-d: Fix infinite loop in free_all_cpu_cached_iovas
      b89c44bb
    • Linus Torvalds's avatar
      Merge tag 'for-linus-4.7b-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · cfae7e3e
      Linus Torvalds authored
      Pull xen bug fixes from David Vrabel:
      
       - Fix two bugs in the handling of xenbus transactions.
      
       - Make the xen acpi driver compatible with Xen 4.7.
      
      * tag 'for-linus-4.7b-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen/acpi: allow xen-acpi-processor driver to load on Xen 4.7
        xenbus: simplify xenbus_dev_request_and_reply()
        xenbus: don't bail early from xenbus_dev_request_and_reply()
        xenbus: don't BUG() on user mode induced condition
      cfae7e3e
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 267ba964
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "A couple of late fixes here, but one that we've been sitting on for a
        few weeks while the details were worked out.  Specifically, we now
        enforce USER_DS on taking exceptions whilst in the kernel, which
        avoids leaking kernel data to userspace through things like perf.  The
        other patch is an update to a workaround for a hardware erratum on
        some Cavium SoCs.
      
        Summary:
      
         - Enforce USER_DS on exception entry from EL1
      
         - Apply workaround for Cavium errata #27456 on Thunderx-81xx parts"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: Enable workaround for Cavium erratum 27456 on thunderx-81xx
        arm64: kernel: Save and restore UAO and addr_limit on exception entry
      267ba964
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · a017f583
      Linus Torvalds authored
      Pull x86 fixes from Ingo Molnar:
       "Three fixes:
      
         - A boot crash fix with certain configs
         - a MAINTAINERS entry update
         - Documentation typo fixes"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/Documentation: Fix various typos in Documentation/x86/ files
        x86/amd_nb: Fix boot crash on non-AMD systems
        MAINTAINERS: Update the Calgary IOMMU entry
      a017f583
    • Linus Torvalds's avatar
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 369da7fc
      Linus Torvalds authored
      Pull scheduler fixes from Ingo Molnar:
       "Two load-balancing fixes for cgroups-intense workloads"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/fair: Fix calc_cfs_shares() fixed point arithmetics width confusion
        sched/fair: Fix effective_load() to consistently use smoothed load
      369da7fc
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 612807fe
      Linus Torvalds authored
      Pull perf fixes from Ingo Molnar:
       "Various fixes:
      
         - 32-bit callgraph bug fix
         - suboptimal event group scheduling bug fix
         - event constraint fixes for Broadwell/Skylake
         - RAPL module name collision fix"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/core: Fix pmu::filter_match for SW-led groups
        x86/perf/intel/rapl: Fix module name collision with powercap intel-rapl
        perf/x86: Fix 32-bit perf user callgraph collection
        perf/x86/intel: Update event constraints when HT is off
      612807fe
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 977dcf0c
      Linus Torvalds authored
      Pull irq fixes from Ingo Molnar:
       "Two MIPS-GIC irqchip driver fixes to unbreak certain MIPS boards"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/mips-gic: Match IPI IRQ domain by bus token only
        irqchip/mips-gic: Map to VPs using HW VPNum
      977dcf0c
    • Linus Torvalds's avatar
      Merge tag 'gpio-v4.7-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · 18b16676
      Linus Torvalds authored
      Pull GPIO fixes from Linus Walleij:
       "I don't like to toss in last minute patches, but these are all for
        things that are broken, and have bitten people for real.  Two of them
        go into stable.  Maybe all of them if the compile test problem is a
        pain in the ass also for stable folks.
      
        Final (hopefully) GPIO fixes for v4.7:
      
         - Fix an oops on the Asus Eee PC 1201
      
         - Revert a patch trying to split GPIO parsing and GPIO configuration
      
         - Revert a too liberal compile testing thing"
      
      * tag 'gpio-v4.7-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
        Revert "gpio: gpiolib-of: Allow compile testing"
        Revert "gpiolib: Split GPIO flags parsing and GPIO configuration"
        gpio: sch: Fix Oops on module load on Asus Eee PC 1201
      18b16676
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-for-v4.7-rc7' of git://people.freedesktop.org/~airlied/linux · 1d110cf5
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "One nouveau fix, and a few AMD Polaris fixes and some Allwinner fixes.
      
        I've got some vmware fixes that I might send separate over the
        weekend, they fix some black screens, but I'm still debating them"
      
      * tag 'drm-fixes-for-v4.7-rc7' of git://people.freedesktop.org/~airlied/linux:
        drm/amd/powerplay: Update CKS on/ CKS off voltage offset calculation.
        drm/amd/powerplay: fix bug that get wrong polaris evv voltage.
        drm/amd/powerplay: incorrectly use of the function return value
        drm/amd/powerplay: fix incorrect voltage table value for tonga
        drm/amd/powerplay: fix incorrect voltage table value for polaris10
        drm/nouveau/disp/sor/gf119: select correct sor when poking training pattern
        gpu: drm: sun4i_drv: add missing of_node_put after calling of_parse_phandle
        drm/sun4i: Send vblank event when the CRTC is disabled
        drm/sun4i: Report proper vblank
      1d110cf5
    • Jeff Mahoney's avatar
      ecryptfs: don't allow mmap when the lower fs doesn't support it · f0fe970d
      Jeff Mahoney authored
      There are legitimate reasons to disallow mmap on certain files, notably
      in sysfs or procfs.  We shouldn't emulate mmap support on file systems
      that don't offer support natively.
      
      CVE-2016-1583
      Signed-off-by: default avatarJeff Mahoney <jeffm@suse.com>
      Cc: stable@vger.kernel.org
      [tyhicks: clean up f_op check by using ecryptfs_file_to_lower()]
      Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      f0fe970d
    • Borislav Petkov's avatar
      x86/asm/entry: Make thunk's restore a local label · 9a7e7b57
      Borislav Petkov authored
      No need to have it appear in objdump output.
      
      No functionality change.
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Link: http://lkml.kernel.org/r/20160708141016.GH3808@pd.tnicSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      9a7e7b57
    • Jan Beulich's avatar
      xen/acpi: allow xen-acpi-processor driver to load on Xen 4.7 · 6f2d9d99
      Jan Beulich authored
      As of Xen 4.7 PV CPUID doesn't expose either of CPUID[1].ECX[7] and
      CPUID[0x80000007].EDX[7] anymore, causing the driver to fail to load on
      both Intel and AMD systems. Doing any kind of hardware capability
      checks in the driver as a prerequisite was wrong anyway: With the
      hypervisor being in charge, all such checking should be done by it. If
      ACPI data gets uploaded despite some missing capability, the hypervisor
      is free to ignore part or all of that data.
      
      Ditch the entire check_prereq() function, and do the only valid check
      (xen_initial_domain()) in the caller in its place.
      Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarDavid Vrabel <david.vrabel@citrix.com>
      6f2d9d99
    • Dmitry Safonov's avatar
      selftests/x86: Add vDSO mremap() test · f80fd3a5
      Dmitry Safonov authored
      Should print this on vDSO remapping success (on new kernels):
      
       [root@localhost ~]# ./test_mremap_vdso_32
      	AT_SYSINFO_EHDR is 0xf773f000
       [NOTE]	Moving vDSO: [f773f000, f7740000] -> [a000000, a001000]
       [OK]
      
      Or print that mremap() for vDSOs is unsupported:
      
       [root@localhost ~]# ./test_mremap_vdso_32
      	AT_SYSINFO_EHDR is 0xf773c000
       [NOTE]	Moving vDSO: [0xf773c000, 0xf773d000] -> [0xf7737000, 0xf7738000]
       [FAIL]	mremap() of the vDSO does not work on this kernel!
      Suggested-by: default avatarAndy Lutomirski <luto@kernel.org>
      Signed-off-by: default avatarDmitry Safonov <dsafonov@virtuozzo.com>
      Acked-by: default avatarAndy Lutomirski <luto@kernel.org>
      Cc: 0x7f454c46@gmail.com
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Shuah Khan <shuahkh@osg.samsung.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-kselftest@vger.kernel.org
      Cc: linux-mm@kvack.org
      Link: http://lkml.kernel.org/r/20160628113539.13606-3-dsafonov@virtuozzo.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      f80fd3a5
    • Dmitry Safonov's avatar
      x86/vdso: Add mremap hook to vm_special_mapping · b059a453
      Dmitry Safonov authored
      Add possibility for 32-bit user-space applications to move
      the vDSO mapping.
      
      Previously, when a user-space app called mremap() for the vDSO
      address, in the syscall return path it would land on the previous
      address of the vDSOpage, resulting in segmentation violation.
      
      Now it lands fine and returns to userspace with a remapped vDSO.
      
      This will also fix the context.vdso pointer for 64-bit, which does
      not affect the user of vDSO after mremap() currently, but this
      may change in the future.
      
      As suggested by Andy, return -EINVAL for mremap() that would
      split the vDSO image: that operation cannot possibly result in
      a working system so reject it.
      
      Renamed and moved the text_mapping structure declaration inside
      map_vdso(), as it used only there and now it complements the
      vvar_mapping variable.
      
      There is still a problem for remapping the vDSO in glibc
      applications: the linker relocates addresses for syscalls
      on the vDSO page, so you need to relink with the new
      addresses.
      
      Without that the next syscall through glibc may fail:
      
        Program received signal SIGSEGV, Segmentation fault.
        #0  0xf7fd9b80 in __kernel_vsyscall ()
        #1  0xf7ec8238 in _exit () from /usr/lib32/libc.so.6
      Signed-off-by: default avatarDmitry Safonov <dsafonov@virtuozzo.com>
      Acked-by: default avatarAndy Lutomirski <luto@kernel.org>
      Cc: 0x7f454c46@gmail.com
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-mm@kvack.org
      Link: http://lkml.kernel.org/r/20160628113539.13606-2-dsafonov@virtuozzo.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      b059a453
    • Jan Beulich's avatar
      xenbus: simplify xenbus_dev_request_and_reply() · e5a79475
      Jan Beulich authored
      No need to retain a local copy of the full request message, only the
      type is really needed.
      Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
      Signed-off-by: default avatarDavid Vrabel <david.vrabel@citrix.com>
      e5a79475
    • Jan Beulich's avatar
      xenbus: don't bail early from xenbus_dev_request_and_reply() · 7469be95
      Jan Beulich authored
      xenbus_dev_request_and_reply() needs to track whether a transaction is
      open.  For XS_TRANSACTION_START messages it calls transaction_start()
      and for XS_TRANSACTION_END messages it calls transaction_end().
      
      If sending an XS_TRANSACTION_START message fails or responds with an
      an error, the transaction is not open and transaction_end() must be
      called.
      
      If sending an XS_TRANSACTION_END message fails, the transaction is
      still open, but if an error response is returned the transaction is
      closed.
      
      Commit 027bd7e8 ("xen/xenbus: Avoid synchronous wait on XenBus
      stalling shutdown/restart") introduced a regression where failed
      XS_TRANSACTION_START messages were leaving the transaction open.  This
      can cause problems with suspend (and migration) as all transactions
      must be closed before suspending.
      
      It appears that the problematic change was added accidentally, so just
      remove it.
      Signed-off-by: default avatarJan Beulich <jbeulich@suse.com>
      Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarDavid Vrabel <david.vrabel@citrix.com>
      7469be95
    • Jiri Kosina's avatar
      x86/mm/pat, /dev/mem: Remove superfluous error message · 39380b80
      Jiri Kosina authored
      Currently it's possible for broken (or malicious) userspace to flood a
      kernel log indefinitely with messages a-la
      
      	Program dmidecode tried to access /dev/mem between f0000->100000
      
      because range_is_allowed() is case of CONFIG_STRICT_DEVMEM being turned on
      dumps this information each and every time devmem_is_allowed() fails.
      
      Reportedly userspace that is able to trigger contignuous flow of these
      messages exists.
      
      It would be possible to rate limit this message, but that'd have a
      questionable value; the administrator wouldn't get information about all
      the failing accessess, so then the information would be both superfluous
      and incomplete at the same time :)
      
      Returning EPERM (which is what is actually happening) is enough indication
      for userspace what has happened; no need to log this particular error as
      some sort of special condition.
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Luis R. Rodriguez <mcgrof@suse.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Toshi Kani <toshi.kani@hp.com>
      Link: http://lkml.kernel.org/r/alpine.LNX.2.00.1607081137020.24757@cbobk.fhfr.pmSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      39380b80
    • Ingo Molnar's avatar
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · cc23c619
      Linus Torvalds authored
      Pull apparmor fix from James Morris.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        apparmor: fix oops, validate buffer size in apparmor_setprocattr()
      cc23c619
    • Linus Torvalds's avatar
      Merge tag 'acpi-4.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 7ed18e2d
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "All of these fix recent regressions in ACPICA, in the ACPI PCI IRQ
        management code and in the ACPI AML debugger.
      
        Specifics:
      
         - Fix a lock ordering issue in ACPICA introduced by a recent commit
           that attempted to fix a deadlock in the dynamic table loading code
           which in turn appeared after changes related to the handling of
           module-level AML also made in this cycle (Lv Zheng).
      
         - Fix a recent regression in the ACPI IRQ management code that may
           cause PCI drivers to be unable to register an IRQ if that IRQ
           happens to be shared with a device on the ISA bus, like the
           parallel port, by reverting one commit entirely and restoring the
           previous behavior in two other places (Sinan Kaya).
      
         - Fix a recent regression in the ACPI AML debugger introduced by the
           commit that removed incorrect usage of IS_ERR_VALUE() from multiple
           places (Lv Zheng)"
      
      * tag 'acpi-4.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI / debugger: Fix regression introduced by IS_ERR_VALUE() removal
        ACPICA: Namespace: Fix namespace/interpreter lock ordering
        ACPI,PCI,IRQ: separate ISA penalty calculation
        Revert "ACPI, PCI, IRQ: remove redundant code in acpi_irq_penalty_init()"
        ACPI,PCI,IRQ: factor in PCI possible
      7ed18e2d
    • Linus Torvalds's avatar
      Merge tag 'pm-4.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · c09230f3
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "One fix for a recent cpuidle core change that, against all odds,
        introduced a functional regression on Power systems and the fix for
        the crash during resume from hibernation on x86-64 that has been in
        the works for the last few weeks (it actually was ready last week, but
        I wanted to allow the reporters to test if for some more time).
      
        Specifics:
      
         - Fix a recent performance regression on Power systems (powernv and
           pseries) introduced by a core cpuidle commit that decreased the
           precision of the last_residency conversion from nano- to
           microseconds, which should not matter in theory, but turned out to
           play not-so-well with the special "snooze" idle state on Power
           (Shreyas B Prabhu).
      
         - Fix a crash during resume from hibernation on x86-64 caused by
           possible corruption of the kernel text part of page tables in the
           last phase of image restoration exposed by a security-related
           change during the 4.3 development cycle (Rafael Wysocki)"
      
      * tag 'pm-4.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        cpuidle: Fix last_residency division
        x86/power/64: Fix kernel text mapping corruption during image restoration
      c09230f3
    • Dave Airlie's avatar
      Merge tag 'sunxi-drm-fixes-for-4.7-2' of... · 39c88594
      Dave Airlie authored
      Merge tag 'sunxi-drm-fixes-for-4.7-2' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux into drm-fixes
      
      Allwinner DRM driver fixes for 4.7, take 2
      
      A new set of fixes for the sun4i driver, mostly related to vblank handling,
      and a minor fix to release a reference on the device tree nodes we're
      parsing in the probe logic.
      
      * tag 'sunxi-drm-fixes-for-4.7-2' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux:
        gpu: drm: sun4i_drv: add missing of_node_put after calling of_parse_phandle
        drm/sun4i: Send vblank event when the CRTC is disabled
        drm/sun4i: Report proper vblank
      39c88594
    • Vegard Nossum's avatar
      apparmor: fix oops, validate buffer size in apparmor_setprocattr() · 30a46a46
      Vegard Nossum authored
      When proc_pid_attr_write() was changed to use memdup_user apparmor's
      (interface violating) assumption that the setprocattr buffer was always
      a single page was violated.
      
      The size test is not strictly speaking needed as proc_pid_attr_write()
      will reject anything larger, but for the sake of robustness we can keep
      it in.
      
      SMACK and SELinux look safe to me, but somebody else should probably
      have a look just in case.
      
      Based on original patch from Vegard Nossum <vegard.nossum@oracle.com>
      modified for the case that apparmor provides null termination.
      
      Fixes: bb646cdbReported-by: default avatarVegard Nossum <vegard.nossum@oracle.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: John Johansen <john.johansen@canonical.com>
      Cc: Paul Moore <paul@paul-moore.com>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: Eric Paris <eparis@parisplace.org>
      Cc: Casey Schaufler <casey@schaufler-ca.com>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Reviewed-by: default avatarTyler Hicks <tyhicks@canonical.com>
      Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
      30a46a46
  6. 07 Jul, 2016 2 commits
    • Jeff Mahoney's avatar
      Revert "ecryptfs: forbid opening files without mmap handler" · 78c4e172
      Jeff Mahoney authored
      This reverts commit 2f36db71.
      
      It fixed a local root exploit but also introduced a dependency on
      the lower file system implementing an mmap operation just to open a file,
      which is a bit of a heavy hammer.  The right fix is to have mmap depend
      on the existence of the mmap handler instead.
      Signed-off-by: default avatarJeff Mahoney <jeffm@suse.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
      78c4e172
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · ac904ae6
      Linus Torvalds authored
      Pull block IO fixes from Jens Axboe:
       "Three small fixes that have been queued up and tested for this series:
      
         - A bug fix for xen-blkfront from Bob Liu, fixing an issue with
           incomplete requests during migration.
      
         - A fix for an ancient issue in retrieving the IO priority of a
           different PID than self, preventing that task from going away while
           we access it.  From Omar.
      
         - A writeback fix from Tahsin, fixing a case where we'd call ihold()
           with a zero ref count inode"
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        block: fix use-after-free in sys_ioprio_get()
        writeback: inode cgroup wb switch should not call ihold()
        xen-blkfront: save uncompleted reqs in blkfront_resume()
      ac904ae6