1. 23 Feb, 2019 7 commits
    • Mark Levedahl's avatar
      platform/x86: ideapad-laptop: Add Y530-I5ICH-1060 to no_hw_rfkill list · b7531859
      Mark Levedahl authored
      Commit 0252894f added the Legion Y530 to the no_hw_rfkill
      list, but missed a Y530 variant using the nvidia 1060 graphics card.
      I have had to blacklist ideapad-laptop as a result to get Wi-Fi working.
      
      dmidecode info:
      
      Handle 0x0001, DMI type 1, 27 bytes
      System Information
          Manufacturer: LENOVO
          Product Name: 81LB
          Version: Lenovo Legion Y530-15ICH-1060
          Serial Number: <snip>
          UUID: <snip>
          Wake-up Type: Power Switch
          SKU Number: LENOVO_MT_81LB_BU_idea_FM_Legion Y530-15ICH-1060
          Family: Legion Y530-15ICH-1060
      Signed-off-by: default avatarMark Levedahl <mlevedahl@gmail.com>
      Signed-off-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: default avatarDarren Hart (VMware) <dvhart@infradead.org>
      b7531859
    • Vadim Pasternak's avatar
      leds: mlxreg: Add support for capability register · 530451d0
      Vadim Pasternak authored
      Add support for capability register in order to distinct between the
      systems with minor LED configuration differences. It reduces the amount
      of code describing systems' LED configuration.
      For example one system can be equipped with six LED, while the other
      with only four. Reading this information from the capability registers
      allows to use the same LED structure for such systems and set the
      relevant configuration dynamically based on capability register
      content.
      Signed-off-by: default avatarVadim Pasternak <vadimp@mellanox.com>
      Acked-by: default avatarJacek Anaszewski <jacek.anaszewski@gmail.com>
      Signed-off-by: default avatarDarren Hart (VMware) <dvhart@infradead.org>
      530451d0
    • Vadim Pasternak's avatar
      platform/mellanox: mlxreg-hotplug: Fix KASAN warning · e4c275f7
      Vadim Pasternak authored
      Fix the following KASAN warning produced when booting a 64-bit kernel:
      [   13.334750] BUG: KASAN: stack-out-of-bounds in find_first_bit+0x19/0x70
      [   13.342166] Read of size 8 at addr ffff880235067178 by task kworker/2:1/42
      [   13.342176] CPU: 2 PID: 42 Comm: kworker/2:1 Not tainted 4.20.0-rc1+ #106
      [   13.342179] Hardware name: Mellanox Technologies Ltd. MSN2740/Mellanox x86 SFF board, BIOS 5.6.5 06/07/2016
      [   13.342190] Workqueue: events deferred_probe_work_func
      [   13.342194] Call Trace:
      [   13.342206]  dump_stack+0xc7/0x15b
      [   13.342214]  ? show_regs_print_info+0x5/0x5
      [   13.342220]  ? kmsg_dump_rewind_nolock+0x59/0x59
      [   13.342234]  ? _raw_write_lock_irqsave+0x100/0x100
      [   13.351593]  print_address_description+0x73/0x260
      [   13.351603]  kasan_report+0x260/0x380
      [   13.351611]  ? find_first_bit+0x19/0x70
      [   13.351619]  find_first_bit+0x19/0x70
      [   13.351630]  mlxreg_hotplug_work_handler+0x73c/0x920 [mlxreg_hotplug]
      [   13.351639]  ? __lock_text_start+0x8/0x8
      [   13.351646]  ? _raw_write_lock_irqsave+0x80/0x100
      [   13.351656]  ? mlxreg_hotplug_remove+0x1e0/0x1e0 [mlxreg_hotplug]
      [   13.351663]  ? regmap_volatile+0x40/0xb0
      [   13.351668]  ? regcache_write+0x4c/0x90
      [   13.351676]  ? mlxplat_mlxcpld_reg_write+0x24/0x30 [mlx_platform]
      [   13.351681]  ? _regmap_write+0xea/0x220
      [   13.351688]  ? __mutex_lock_slowpath+0x10/0x10
      [   13.351696]  ? devm_add_action+0x70/0x70
      [   13.351701]  ? mutex_unlock+0x1d/0x40
      [   13.351710]  mlxreg_hotplug_probe+0x82e/0x989 [mlxreg_hotplug]
      [   13.351723]  ? mlxreg_hotplug_work_handler+0x920/0x920 [mlxreg_hotplug]
      [   13.351731]  ? sysfs_do_create_link_sd.isra.2+0xf4/0x190
      [   13.351737]  ? sysfs_rename_link_ns+0xf0/0xf0
      [   13.351743]  ? devres_close_group+0x2b0/0x2b0
      [   13.351749]  ? pinctrl_put+0x20/0x20
      [   13.351755]  ? acpi_dev_pm_attach+0x2c/0xd0
      [   13.351763]  platform_drv_probe+0x70/0xd0
      [   13.351771]  really_probe+0x480/0x6e0
      [   13.351778]  ? device_attach+0x10/0x10
      [   13.351784]  ? __lock_text_start+0x8/0x8
      [   13.351790]  ? _raw_write_lock_irqsave+0x80/0x100
      [   13.351797]  ? _raw_write_lock_irqsave+0x80/0x100
      [   13.351806]  ? __driver_attach+0x190/0x190
      [   13.351812]  driver_probe_device+0x17d/0x1a0
      [   13.351819]  ? __driver_attach+0x190/0x190
      [   13.351825]  bus_for_each_drv+0xd6/0x130
      [   13.351831]  ? bus_rescan_devices+0x20/0x20
      [   13.351837]  ? __mutex_lock_slowpath+0x10/0x10
      [   13.351845]  __device_attach+0x18c/0x230
      [   13.351852]  ? device_bind_driver+0x70/0x70
      [   13.351859]  ? __mutex_lock_slowpath+0x10/0x10
      [   13.351866]  bus_probe_device+0xea/0x110
      [   13.351874]  deferred_probe_work_func+0x1c9/0x290
      [   13.351882]  ? driver_deferred_probe_add+0x1d0/0x1d0
      [   13.351889]  ? preempt_notifier_dec+0x20/0x20
      [   13.351897]  ? read_word_at_a_time+0xe/0x20
      [   13.351904]  ? strscpy+0x151/0x290
      [   13.351912]  ? set_work_pool_and_clear_pending+0x9c/0xf0
      [   13.351918]  ? __switch_to_asm+0x34/0x70
      [   13.351924]  ? __switch_to_asm+0x40/0x70
      [   13.351929]  ? __switch_to_asm+0x34/0x70
      [   13.351935]  ? __switch_to_asm+0x40/0x70
      [   13.351942]  process_one_work+0x5cc/0xa00
      [   13.351952]  ? pwq_dec_nr_in_flight+0x1e0/0x1e0
      [   13.351960]  ? pci_mmcfg_check_reserved+0x80/0xb8
      [   13.351967]  ? run_rebalance_domains+0x250/0x250
      [   13.351980]  ? stack_access_ok+0x35/0x80
      [   13.351986]  ? deref_stack_reg+0xa1/0xe0
      [   13.351994]  ? schedule+0xcd/0x250
      [   13.352000]  ? worker_enter_idle+0x2d6/0x330
      [   13.352006]  ? __schedule+0xeb0/0xeb0
      [   13.352014]  ? fork_usermode_blob+0x130/0x130
      [   13.352019]  ? mutex_lock+0xa7/0x100
      [   13.352026]  ? _raw_spin_lock_irq+0x98/0xf0
      [   13.352032]  ? _raw_read_unlock_irqrestore+0x30/0x30
      [   13.352037] i2c i2c-2: Added multiplexed i2c bus 11
      [   13.352043]  worker_thread+0x181/0xa80
      [   13.352052]  ? __switch_to_asm+0x34/0x70
      [   13.352058]  ? __switch_to_asm+0x40/0x70
      [   13.352064]  ? process_one_work+0xa00/0xa00
      [   13.352070]  ? __switch_to_asm+0x34/0x70
      [   13.352076]  ? __switch_to_asm+0x40/0x70
      [   13.352081]  ? __switch_to_asm+0x34/0x70
      [   13.352086]  ? __switch_to_asm+0x40/0x70
      [   13.352092]  ? __switch_to_asm+0x34/0x70
      [   13.352097]  ? __switch_to_asm+0x40/0x70
      [   13.352105]  ? __schedule+0x3d6/0xeb0
      [   13.352112]  ? migrate_swap_stop+0x470/0x470
      [   13.352119]  ? save_stack+0x89/0xb0
      [   13.352127]  ? kmem_cache_alloc_trace+0xe5/0x570
      [   13.352132]  ? kthread+0x59/0x1d0
      [   13.352138]  ? ret_from_fork+0x35/0x40
      [   13.352154]  ? __schedule+0xeb0/0xeb0
      [   13.352161]  ? remove_wait_queue+0x150/0x150
      [   13.352169]  ? _raw_write_lock_irqsave+0x80/0x100
      [   13.352175]  ? __lock_text_start+0x8/0x8
      [   13.352183]  ? process_one_work+0xa00/0xa00
      [   13.352188]  kthread+0x1a4/0x1d0
      [   13.352195]  ? kthread_create_worker_on_cpu+0xc0/0xc0
      [   13.352202]  ret_from_fork+0x35/0x40
      
      [   13.353879] The buggy address belongs to the page:
      [   13.353885] page:ffffea0008d419c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
      [   13.353890] flags: 0x2ffff8000000000()
      [   13.353897] raw: 02ffff8000000000 ffffea0008d419c8 ffffea0008d419c8 0000000000000000
      [   13.353903] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
      [   13.353905] page dumped because: kasan: bad access detected
      
      [   13.353908] Memory state around the buggy address:
      [   13.353912]  ffff880235067000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      [   13.353917]  ffff880235067080: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04
      [   13.353921] >ffff880235067100: f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2 f2 f2 f2 f2 04
      [   13.353923]                                                                 ^
      [   13.353927]  ffff880235067180: f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2 00 00 00 00 00
      [   13.353931]  ffff880235067200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      [   13.353933] ==================================================================
      
      The warning is caused by the below loop:
      	for_each_set_bit(bit, (unsigned long *)&asserted, 8) {
      while "asserted" is declared as 'unsigned'.
      
      The casting of 32-bit unsigned integer pointer to a 64-bit unsigned long
      pointer. There are two problems here.
      It causes the access of four extra byte, which can corrupt memory
      The 32-bit pointer address may not be 64-bit aligned.
      
      The fix changes variable "asserted" to "unsigned long".
      
      Fixes: 1f976f69 ("platform/x86: Move Mellanox platform hotplug driver to platform/mellanox")
      Signed-off-by: default avatarVadim Pasternak <vadimp@mellanox.com>
      Signed-off-by: default avatarDarren Hart (VMware) <dvhart@infradead.org>
      e4c275f7
    • Mattias Jacobsson's avatar
      platform/x86: wmi: fix potential null pointer dereference · c355ec65
      Mattias Jacobsson authored
      In the function wmi_dev_match() the variable id is dereferenced without
      first performing a NULL check. The variable can for example be NULL if
      a WMI driver is registered without specifying the id_table field in
      struct wmi_driver.
      
      Add a NULL check and return that the driver can't handle the device if
      the variable is NULL.
      
      Fixes: 844af950 ("platform/x86: wmi: Turn WMI into a bus driver")
      Signed-off-by: default avatarMattias Jacobsson <2pi@mok.nu>
      Signed-off-by: default avatarDarren Hart (VMware) <dvhart@infradead.org>
      c355ec65
    • Christoph Hellwig's avatar
      platform/x86: dell_rbu: stop abusing the DMA API · fd47a36f
      Christoph Hellwig authored
      For some odd reason dell_rbu actually seems to want the physical and
      not a bus address for the allocated buffer.  Lets assume that actually
      is correct given that it is BIOS-related and that is a good source
      of insanity.  In that case we should not use dma_alloc_coherent with
      a NULL device to allocate memory, but use GFP_DMA32 to stay under
      the 32-bit BIOS limit.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Acked-by: default avatarStuart Hayes <stuart.w.hayes@gmail.com>
      Signed-off-by: default avatarDarren Hart (VMware) <dvhart@infradead.org>
      fd47a36f
    • Yang Fan's avatar
      platform/x86: ideapad-laptop: Fix no_hw_rfkill_list for Lenovo RESCUER R720-15IKBN · 4d9b2864
      Yang Fan authored
      Commit ae7c8cba ("platform/x86: ideapad-laptop: add lenovo RESCUER
      R720-15IKBN to no_hw_rfkill_list") added
          DMI_MATCH(DMI_BOARD_NAME, "80WW")
      for Lenovo RESCUER R720-15IKBN.
      
      But DMI_BOARD_NAME does not match 80WW on Lenovo RESCUER R720-15IKBN,
      thus cause Wireless LAN still be hard blocked.
      
      On Lenovo RESCUER R720-15IKBN:
          ~$ cat /sys/class/dmi/id/sys_vendor
          LENOVO
          ~$ cat /sys/class/dmi/id/board_name
          Provence-5R3
          ~$ cat /sys/class/dmi/id/product_name
          80WW
          ~$ cat /sys/class/dmi/id/product_version
          Lenovo R720-15IKBN
      
      So on Lenovo RESCUER R720-15IKBN:
          DMI_SYS_VENDOR should match "LENOVO",
          DMI_BOARD_NAME should match "Provence-5R3",
          DMI_PRODUCT_NAME should match "80WW",
          DMI_PRODUCT_VERSION should match "Lenovo R720-15IKBN".
      
      Fix it, and in according with other entries in no_hw_rfkill_list,
      use DMI_PRODUCT_VERSION instead of DMI_BOARD_NAME.
      
      Fixes: ae7c8cba ("platform/x86: ideapad-laptop: add lenovo RESCUER R720-15IKBN to no_hw_rfkill_list")
      Signed-off-by: default avatarYang Fan <nullptr.cpp@gmail.com>
      Signed-off-by: default avatarDarren Hart (VMware) <dvhart@infradead.org>
      4d9b2864
    • Hans de Goede's avatar
      platform/x86: asus-wmi: Allow loading on systems without the Asus Management GUID · c994611a
      Hans de Goede authored
      hid-asus depends on asus-wmi through the asus_wmi_evaluate_method. Before
      this commit asus-wmi, and thus hid-asus, could not be loaded on non-Asus
      systems. This breaks using Asus bluetooth keyboards such as the Asus
      T100CHI keyboard with non Asus systems.
      
      This commit fixes this by allowing asus-wmi to load on systems without the
      Asus Management GUID.
      
      This is safe to do since all asus-wmi sub drivers use
      asus_wmi_register_driver which also checks for the GUID.
      
      This commit also improves the error messages in asus_wmi_register_driver
      to include "ASUS" in their description to make them more clear. This is
      important since we now rely on those errors when loaded on systems without
      the Asus Management GUID.
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarDarren Hart (VMware) <dvhart@infradead.org>
      c994611a
  2. 21 Feb, 2019 2 commits
  3. 05 Feb, 2019 9 commits
  4. 26 Jan, 2019 8 commits
  5. 21 Jan, 2019 3 commits
  6. 20 Jan, 2019 11 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 7d0ae236
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix endless loop in nf_tables, from Phil Sutter.
      
       2) Fix cross namespace ip6_gre tunnel hash list corruption, from
          Olivier Matz.
      
       3) Don't be too strict in phy_start_aneg() otherwise we might not allow
          restarting auto negotiation. From Heiner Kallweit.
      
       4) Fix various KMSAN uninitialized value cases in tipc, from Ying Xue.
      
       5) Memory leak in act_tunnel_key, from Davide Caratti.
      
       6) Handle chip errata of mv88e6390 PHY, from Andrew Lunn.
      
       7) Remove linear SKB assumption in fou/fou6, from Eric Dumazet.
      
       8) Missing udplite rehash callbacks, from Alexey Kodanev.
      
       9) Log dirty pages properly in vhost, from Jason Wang.
      
      10) Use consume_skb() in neigh_probe() as this is a normal free not a
          drop, from Yang Wei. Likewise in macvlan_process_broadcast().
      
      11) Missing device_del() in mdiobus_register() error paths, from Thomas
          Petazzoni.
      
      12) Fix checksum handling of short packets in mlx5, from Cong Wang.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (96 commits)
        bpf: in __bpf_redirect_no_mac pull mac only if present
        virtio_net: bulk free tx skbs
        net: phy: phy driver features are mandatory
        isdn: avm: Fix string plus integer warning from Clang
        net/mlx5e: Fix cb_ident duplicate in indirect block register
        net/mlx5e: Fix wrong (zero) TX drop counter indication for representor
        net/mlx5e: Fix wrong error code return on FEC query failure
        net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames
        tools: bpftool: Cleanup license mess
        bpf: fix inner map masking to prevent oob under speculation
        bpf: pull in pkt_sched.h header for tooling to fix bpftool build
        selftests: forwarding: Add a test case for externally learned FDB entries
        selftests: mlxsw: Test FDB offload indication
        mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky
        net: bridge: Mark FDB entries that were added by user as such
        mlxsw: spectrum_fid: Update dummy FID index
        mlxsw: pci: Return error on PCI reset timeout
        mlxsw: pci: Increase PCI SW reset timeout
        mlxsw: pci: Ring CQ's doorbell before RDQ's
        MAINTAINERS: update email addresses of liquidio driver maintainers
        ...
      7d0ae236
    • Kees Cook's avatar
      pstore/ram: Avoid allocation and leak of platform data · 5631e857
      Kees Cook authored
      Yue Hu noticed that when parsing device tree the allocated platform data
      was never freed. Since it's not used beyond the function scope, this
      switches to using a stack variable instead.
      Reported-by: default avatarYue Hu <huyue2@yulong.com>
      Fixes: 35da6094 ("pstore/ram: add Device Tree bindings")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      5631e857
    • Ard Biesheuvel's avatar
      gcc-plugins: arm_ssp_per_task_plugin: fix for GCC 9+ · 2c88c742
      Ard Biesheuvel authored
      GCC 9 reworks the way the references to the stack canary are
      emitted, to prevent the value from being spilled to the stack
      before the final comparison in the epilogue, defeating the
      purpose, given that the spill slot is under control of the
      attacker that we are protecting ourselves from.
      
      Since our canary value address is obtained without accessing
      memory (as opposed to pre-v7 code that will obtain it from a
      literal pool), it is unlikely (although not guaranteed) that
      the compiler will spill the canary value in the same way, so
      let's just disable this improvement when building with GCC9+.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      2c88c742
    • Ard Biesheuvel's avatar
      gcc-plugins: arm_ssp_per_task_plugin: sign extend the SP mask · 560706d5
      Ard Biesheuvel authored
      The ARM per-task stack protector GCC plugin hits an assert in
      the compiler in some case, due to the fact the the SP mask
      expression is not sign-extended as it should be. So fix that.
      Suggested-by: default avatarKugan Vivekanandarajah <kugan.vivekanandarajah@linaro.org>
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      560706d5
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · bb617b9b
      Linus Torvalds authored
      Pull virtio/vhost fixes and cleanups from Michael Tsirkin:
       "Fixes and cleanups all over the place"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        vhost/scsi: Use copy_to_iter() to send control queue response
        vhost: return EINVAL if iovecs size does not match the message size
        virtio-balloon: tweak config_changed implementation
        virtio: don't allocate vqs when names[i] = NULL
        virtio_pci: use queue idx instead of array idx to set up the vq
        virtio: document virtio_config_ops restrictions
        virtio: fix virtio_config_ops description
      bb617b9b
    • Linus Torvalds's avatar
      Merge tag 'for-5.0-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 1be969f4
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
       "A handful of fixes (some of them in testing for a long time):
      
         - fix some test failures regarding cleanup after transaction abort
      
         - revert of a patch that could cause a deadlock
      
         - delayed iput fixes, that can help in ENOSPC situation when there's
           low space and a lot data to write"
      
      * tag 'for-5.0-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: wakeup cleaner thread when adding delayed iput
        btrfs: run delayed iputs before committing
        btrfs: wait on ordered extents on abort cleanup
        btrfs: handle delayed ref head accounting cleanup in abort
        Revert "btrfs: balance dirty metadata pages in btrfs_finish_ordered_io"
      1be969f4
    • Linus Torvalds's avatar
      Merge tags 'compiler-attributes-for-linus-v5.0-rc3' and... · 315a6d85
      Linus Torvalds authored
      Merge tags 'compiler-attributes-for-linus-v5.0-rc3' and 'clang-format-for-linus-v5.0-rc3' of git://github.com/ojeda/linux
      
      Pull misc clang fixes from Miguel Ojeda:
      
        - A fix for OPTIMIZER_HIDE_VAR from Michael S Tsirkin
      
        - Update clang-format with the latest for_each macro list from Jason
          Gunthorpe
      
      * tag 'compiler-attributes-for-linus-v5.0-rc3' of git://github.com/ojeda/linux:
        include/linux/compiler*.h: fix OPTIMIZER_HIDE_VAR
      
      * tag 'clang-format-for-linus-v5.0-rc3' of git://github.com/ojeda/linux:
        clang-format: Update .clang-format with the latest for_each macro list
      315a6d85
    • Florian La Roche's avatar
      fix int_sqrt64() for very large numbers · fbfaf851
      Florian La Roche authored
      If an input number x for int_sqrt64() has the highest bit set, then
      fls64(x) is 64.  (1UL << 64) is an overflow and breaks the algorithm.
      
      Subtracting 1 is a better guess for the initial value of m anyway and
      that's what also done in int_sqrt() implicitly [*].
      
      [*] Note how int_sqrt() uses __fls() with two underscores, which already
          returns the proper raw bit number.
      
          In contrast, int_sqrt64() used fls64(), and that returns bit numbers
          illogically starting at 1, because of error handling for the "no
          bits set" case. Will points out that he bug probably is due to a
          copy-and-paste error from the regular int_sqrt() case.
      Signed-off-by: default avatarFlorian La Roche <Florian.LaRoche@googlemail.com>
      Acked-by: default avatarWill Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      fbfaf851
    • Will Deacon's avatar
      x86: uaccess: Inhibit speculation past access_ok() in user_access_begin() · 6e693b3f
      Will Deacon authored
      Commit 594cc251 ("make 'user_access_begin()' do 'access_ok()'")
      makes the access_ok() check part of the user_access_begin() preceding a
      series of 'unsafe' accesses.  This has the desirable effect of ensuring
      that all 'unsafe' accesses have been range-checked, without having to
      pick through all of the callsites to verify whether the appropriate
      checking has been made.
      
      However, the consolidated range check does not inhibit speculation, so
      it is still up to the caller to ensure that they are not susceptible to
      any speculative side-channel attacks for user addresses that ultimately
      fail the access_ok() check.
      
      This is an oversight, so use __uaccess_begin_nospec() to ensure that
      speculation is inhibited until the access_ok() check has passed.
      Reported-by: default avatarJulien Thierry <julien.thierry@arm.com>
      Signed-off-by: default avatarWill Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6e693b3f
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · b0f3e768
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "Three arm64 fixes for -rc3.
      
        We've plugged a couple of nasty issues involving KASLR-enabled
        kernels, and removed a redundant #define that was introduced as part
        of the KHWASAN fixes from akpm at -rc2.
      
         - Fix broken kpti page-table rewrite in bizarre KASLR configuration
      
         - Fix module loading with KASLR
      
         - Remove redundant definition of ARCH_SLAB_MINALIGN"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        kasan, arm64: remove redundant ARCH_SLAB_MINALIGN define
        arm64: kaslr: ensure randomized quantities are clean to the PoC
        arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on
      b0f3e768
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · 6436408e
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2019-01-20
      
      The following pull-request contains BPF updates for your *net* tree.
      
      The main changes are:
      
      1) Fix a out-of-bounds access in __bpf_redirect_no_mac, from Willem.
      
      2) Fix bpf_setsockopt to reset sock dst on SO_MARK changes, from Peter.
      
      3) Fix map in map masking to prevent out-of-bounds access under
         speculative execution, from Daniel.
      
      4) Fix bpf_setsockopt's SO_MAX_PACING_RATE to support TCP internal
         pacing, from Yuchung.
      
      5) Fix json writer license in bpftool, from Thomas.
      
      6) Fix AF_XDP to check if an actually queue exists during umem
         setup, from Krzysztof.
      
      7) Several fixes to BPF stackmap's build id handling. Another fix
         for bpftool build to account for libbfd variations wrt linking
         requirements, from Stanislav.
      
      8) Fix BPF samples build with clang by working around missing asm
         goto, from Yonghong.
      
      9) Fix libbpf to retry program load on signal interrupt, from Lorenz.
      
      10) Various minor compile warning fixes in BPF code, from Mathieu.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6436408e