1. 22 Jul, 2015 1 commit
  2. 17 Jul, 2015 9 commits
  3. 16 Jul, 2015 4 commits
  4. 14 Jul, 2015 2 commits
  5. 12 Jul, 2015 11 commits
    • Linus Torvalds's avatar
      Linux 4.2-rc2 · bc0195aa
      Linus Torvalds authored
      bc0195aa
    • Linus Torvalds's avatar
      Revert "drm/i915: Use crtc_state->active in primary check_plane func" · 01e2d062
      Linus Torvalds authored
      This reverts commit dec4f799.
      
      Jörg Otte reports a NULL pointder dereference due to this commit, as
      'crtc_state' very much can be NULL:
      
              crtc_state = state->base.state ?
                      intel_atomic_get_crtc_state(state->base.state, intel_crtc) : NULL;
      
      So the change to test 'crtc_state->base.active' cannot possibly be
      correct as-is.
      
      There may be some other minimal fix (like just checking crtc_state for
      NULL), but I'm just reverting it now for the rc2 release, and people
      like Daniel Vetter who actually know this code will figure out what the
      right solution is in the longer term.
      Reported-and-bisected-by: default avatarJörg Otte <jrg.otte@gmail.com>
      Cc: Ander Conselvan de Oliveira <ander.conselvan.de.oliveira@intel.com>
      Cc: Jani Nikula <jani.nikula@linux.intel.com>
      Cc: Daniel Vetter <daniel.vetter@intel.com>
      CC: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      01e2d062
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · c83727a6
      Linus Torvalds authored
      Pull VFS fixes from Al Viro:
       "Fixes for this cycle regression in overlayfs and a couple of
        long-standing (== all the way back to 2.6.12, at least) bugs"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        freeing unlinked file indefinitely delayed
        fix a braino in ovl_d_select_inode()
        9p: don't leave a half-initialized inode sitting around
      c83727a6
    • Linus Torvalds's avatar
      Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · 7fbb58a0
      Linus Torvalds authored
      Pull MIPS fixes from Ralf Baechle:
       "A fair number of 4.2 fixes also because Markos opened the flood gates.
      
         - Patch up the math used calculate the location for the page bitmap.
      
         - The FDC (Not what you think, FDC stands for Fast Debug Channel) IRQ
           around was causing issues on non-Malta platforms, so move the code
           to a Malta specific location.
      
         - A spelling fix replicated through several files.
      
         - Fix to the emulation of an R2 instruction for R6 cores.
      
         - Fix the JR emulation for R6.
      
         - Further patching of mindless 64 bit issues.
      
         - Ensure the kernel won't crash on CPUs with L2 caches with >= 8
           ways.
      
         - Use compat_sys_getsockopt for O32 ABI on 64 bit kernels.
      
         - Fix cache flushing for multithreaded cores.
      
         - A build fix"
      
      * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
        MIPS: O32: Use compat_sys_getsockopt.
        MIPS: c-r4k: Extend way_string array
        MIPS: Pistachio: Support CDMM & Fast Debug Channel
        MIPS: Malta: Make GIC FDC IRQ workaround Malta specific
        MIPS: c-r4k: Fix cache flushing for MT cores
        Revert "MIPS: Kconfig: Disable SMP/CPS for 64-bit"
        MIPS: cps-vec: Use macros for various arithmetics and memory operations
        MIPS: kernel: cps-vec: Replace KSEG0 with CKSEG0
        MIPS: kernel: cps-vec: Use ta0-ta3 pseudo-registers for 64-bit
        MIPS: kernel: cps-vec: Replace mips32r2 ISA level with mips64r2
        MIPS: kernel: cps-vec: Replace 'la' macro with PTR_LA
        MIPS: kernel: smp-cps: Fix 64-bit compatibility errors due to pointer casting
        MIPS: Fix erroneous JR emulation for MIPS R6
        MIPS: Fix branch emulation for BLTC and BGEC instructions
        MIPS: kernel: traps: Fix broken indentation
        MIPS: bootmem: Don't use memory holes for page bitmap
        MIPS: O32: Do not handle require 32 bytes from the stack to be readable.
        MIPS, CPUFREQ: Fix spelling of Institute.
        MIPS: Lemote 2F: Fix build caused by recent mass rename.
      7fbb58a0
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 1daa1cfb
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
      
       - the high latency PIT detection fix, which slipped through the cracks
         for rc1
      
       - a regression fix for the early printk mechanism
      
       - the x86 part to plug irq/vector related hotplug races
      
       - move the allocation of the espfix pages on cpu hotplug to non atomic
         context.  The current code triggers a might_sleep() warning.
      
       - a series of KASAN fixes addressing boot crashes and usability
      
       - a trivial typo fix for Kconfig help text
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/kconfig: Fix typo in the CONFIG_CMDLINE_BOOL help text
        x86/irq: Retrieve irq data after locking irq_desc
        x86/irq: Use proper locking in check_irq_vectors_for_cpu_disable()
        x86/irq: Plug irq vector hotplug race
        x86/earlyprintk: Allow early_printk() to use console style parameters like '115200n8'
        x86/espfix: Init espfix on the boot CPU side
        x86/espfix: Add 'cpu' parameter to init_espfix_ap()
        x86/kasan: Move KASAN_SHADOW_OFFSET to the arch Kconfig
        x86/kasan: Add message about KASAN being initialized
        x86/kasan: Fix boot crash on AMD processors
        x86/kasan: Flush TLBs after switching CR3
        x86/kasan: Fix KASAN shadow region page tables
        x86/init: Clear 'init_level4_pgt' earlier
        x86/tsc: Let high latency PIT fail fast in quick_pit_calibrate()
      1daa1cfb
    • Linus Torvalds's avatar
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 7b732169
      Linus Torvalds authored
      Pull timer fixes from Thomas Gleixner:
       "This update from the timer departement contains:
      
         - A series of patches which address a shortcoming in the tick
           broadcast code.
      
           If the broadcast device is not available or an hrtimer emulated
           broadcast device, some of the original assumptions lead to boot
           failures.  I rather plugged all of the corner cases instead of only
           addressing the issue reported, so the change got a little larger.
      
           Has been extensivly tested on x86 and arm.
      
         - Get rid of the last holdouts using do_posix_clock_monotonic_gettime()
      
         - A regression fix for the imx clocksource driver
      
         - An update to the new state callbacks mechanism for clockevents.
           This is required to simplify the conversion, which will take place
           in 4.3"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        tick/broadcast: Prevent NULL pointer dereference
        time: Get rid of do_posix_clock_monotonic_gettime
        cris: Replace do_posix_clock_monotonic_gettime()
        tick/broadcast: Unbreak CONFIG_GENERIC_CLOCKEVENTS=n build
        tick/broadcast: Handle spurious interrupts gracefully
        tick/broadcast: Check for hrtimer broadcast active early
        tick/broadcast: Return busy when IPI is pending
        tick/broadcast: Return busy if periodic mode and hrtimer broadcast
        tick/broadcast: Move the check for periodic mode inside state handling
        tick/broadcast: Prevent deep idle if no broadcast device available
        tick/broadcast: Make idle check independent from mode and config
        tick/broadcast: Sanity check the shutdown of the local clock_event
        tick/broadcast: Prevent hrtimer recursion
        clockevents: Allow set-state callbacks to be optional
        clocksource/imx: Define clocksource for mx27
      7b732169
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · c4bc680c
      Linus Torvalds authored
      Pull irq fix from Thomas Gleixner:
       "A single fix for a cpu hotplug race vs. interrupt descriptors:
      
        Prevent irq setup/teardown across the cpu starting/dying parts of cpu
        hotplug so that the starting/dying cpu has a stable view of the
        descriptor space.  This has been an issue for all architectures in the
        cpu dying phase, where interrupts are migrated away from the dying
        cpu.  In the starting phase its mostly a x86 issue vs the vector space
        update"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        hotplug: Prevent alloc/free of irq descriptors during cpu up/down
      c4bc680c
    • Al Viro's avatar
      freeing unlinked file indefinitely delayed · 75a6f82a
      Al Viro authored
      	Normally opening a file, unlinking it and then closing will have
      the inode freed upon close() (provided that it's not otherwise busy and
      has no remaining links, of course).  However, there's one case where that
      does *not* happen.  Namely, if you open it by fhandle with cold dcache,
      then unlink() and close().
      
      	In normal case you get d_delete() in unlink(2) notice that dentry
      is busy and unhash it; on the final dput() it will be forcibly evicted from
      dcache, triggering iput() and inode removal.  In this case, though, we end
      up with *two* dentries - disconnected (created by open-by-fhandle) and
      regular one (used by unlink()).  The latter will have its reference to inode
      dropped just fine, but the former will not - it's considered hashed (it
      is on the ->s_anon list), so it will stay around until the memory pressure
      will finally do it in.  As the result, we have the final iput() delayed
      indefinitely.  It's trivial to reproduce -
      
      void flush_dcache(void)
      {
              system("mount -o remount,rw /");
      }
      
      static char buf[20 * 1024 * 1024];
      
      main()
      {
              int fd;
              union {
                      struct file_handle f;
                      char buf[MAX_HANDLE_SZ];
              } x;
              int m;
      
              x.f.handle_bytes = sizeof(x);
              chdir("/root");
              mkdir("foo", 0700);
              fd = open("foo/bar", O_CREAT | O_RDWR, 0600);
              close(fd);
              name_to_handle_at(AT_FDCWD, "foo/bar", &x.f, &m, 0);
              flush_dcache();
              fd = open_by_handle_at(AT_FDCWD, &x.f, O_RDWR);
              unlink("foo/bar");
              write(fd, buf, sizeof(buf));
              system("df .");			/* 20Mb eaten */
              close(fd);
              system("df .");			/* should've freed those 20Mb */
              flush_dcache();
              system("df .");			/* should be the same as #2 */
      }
      
      will spit out something like
      Filesystem     1K-blocks   Used Available Use% Mounted on
      /dev/root         322023 303843      1131 100% /
      Filesystem     1K-blocks   Used Available Use% Mounted on
      /dev/root         322023 303843      1131 100% /
      Filesystem     1K-blocks   Used Available Use% Mounted on
      /dev/root         322023 283282     21692  93% /
      - inode gets freed only when dentry is finally evicted (here we trigger
      than by remount; normally it would've happened in response to memory
      pressure hell knows when).
      
      Cc: stable@vger.kernel.org # v2.6.38+; earlier ones need s/kill_it/unhash_it/
      Acked-by: default avatarJ. Bruce Fields <bfields@fieldses.org>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      75a6f82a
    • Al Viro's avatar
      fix a braino in ovl_d_select_inode() · 9391dd00
      Al Viro authored
      when opening a directory we want the overlayfs inode, not one from
      the topmost layer.
      Reported-By: default avatarAndrey Jr. Melnikov <temnota.am@gmail.com>
      Tested-By: default avatarAndrey Jr. Melnikov <temnota.am@gmail.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      9391dd00
    • Al Viro's avatar
      9p: don't leave a half-initialized inode sitting around · 0a73d0a2
      Al Viro authored
      Cc: stable@vger.kernel.org # all branches
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      0a73d0a2
    • Linus Torvalds's avatar
      Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/nvdimm · 59c3cb55
      Linus Torvalds authored
      Pull libnvdimm fixes from Dan Williams:
       "1) Fixes for a handful of smatch reports (Thanks Dan C.!) and minor
           bug fixes (patches 1-6)
      
        2) Correctness fixes to the BLK-mode nvdimm driver (patches 7-10).
      
           Granted these are slightly large for a -rc update.  They have been
           out for review in one form or another since the end of May and were
           deferred from the merge window while we settled on the "PMEM API"
           for the PMEM-mode nvdimm driver (ie memremap_pmem, memcpy_to_pmem,
           and wmb_pmem).
      
           Now that those apis are merged we implement them in the BLK driver
           to guarantee that mmio aperture moves stay ordered with respect to
           incoming read/write requests, and that writes are flushed through
           those mmio-windows and platform-buffers to be persistent on media.
      
        These pass the sub-system unit tests with the updates to
        tools/testing/nvdimm, and have received a successful build-report from
        the kbuild robot (468 configs).
      
        With acks from Rafael for the touches to drivers/acpi/"
      
      * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/nvdimm:
        nfit: add support for NVDIMM "latch" flag
        nfit: update block I/O path to use PMEM API
        tools/testing/nvdimm: add mock acpi_nfit_flush_address entries to nfit_test
        tools/testing/nvdimm: fix return code for unimplemented commands
        tools/testing/nvdimm: mock ioremap_wt
        pmem: add maintainer for include/linux/pmem.h
        nfit: fix smatch "use after null check" report
        nvdimm: Fix return value of nvdimm_bus_init() if class_create() fails
        libnvdimm: smatch cleanups in __nd_ioctl
        sparse: fix misplaced __pmem definition
      59c3cb55
  6. 11 Jul, 2015 8 commits
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · e4925198
      Linus Torvalds authored
      Pull i2c fixes from Wolfram Sang:
       "Mostly slight adjusments for new drivers, but also one core fix for
        which finally the dependencies are now available as well"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: Mark instantiated device nodes with OF_POPULATE
        i2c: jz4780: Fix return value if probe fails
        i2c: xgene-slimpro: Fix missing mbox_free_channel call in probe error path
        i2c: I2C_MT65XX should depend on HAS_DMA
      e4925198
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 8a7b8ff4
      Linus Torvalds authored
      Pull input fixes from Dmitry Torokhov:
       "A fix (revert) for a recent regression in Synaptics driver and a fix
        for Elan i2c touchpad driver"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Revert "Input: synaptics - allocate 3 slots to keep stability in image sensors"
        Input: elan_i2c - change the hover event from MT to ST
      8a7b8ff4
    • Linus Torvalds's avatar
      Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux · 4322f028
      Linus Torvalds authored
      Pull clk fixes from Stephen Boyd:
       "A small set of fixes for problems found by smatch in new drivers that
        we added this rc and a handful of driver fixes that came in during the
        merge window"
      
      * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
        drivers: clk: st: Incorrect register offset used for lock_status
        clk: mediatek: mt8173: Fix enabling of critical clocks
        drivers: clk: st: Fix mux bit-setting for Cortex A9 clocks
        drivers: clk: st: Add CLK_GET_RATE_NOCACHE flag to clocks
        drivers: clk: st: Fix flexgen lock init
        drivers: clk: st: Fix FSYN channel values
        drivers: clk: st: Remove unused code
        clk: qcom: Use parent rate when set rate to pixel RCG clock
        clk: at91: do not leak resources
        clk: stm32: Fix out-by-one error path in the index lookup
        clk: iproc: fix bit manipulation arithmetic
        clk: iproc: fix memory leak from clock name
      4322f028
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · 9cb1680c
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "A bunch of fixes for radeon, intel, omap and one amdkfd fix.
      
        Radeon fixes are all over, but it does fix some cursor corruption
        across suspend/resume.  i915 should fix the second warn you were
        seeing, so let us know if not.  omap is a bunch of small fixes"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (28 commits)
        drm/radeon: disable vce init on cayman (v2)
        drm/amdgpu: fix timeout calculation
        drm/radeon: check if BO_VA is set before adding it to the invalidation list
        drm/radeon: allways add the VM clear duplicate
        Revert "Revert "drm/radeon: dont switch vt on suspend""
        drm/radeon: Fold radeon_set_cursor() into radeon_show_cursor()
        drm/radeon: unpin cursor BOs on suspend and pin them again on resume (v2)
        drm/radeon: Clean up reference counting and pinning of the cursor BOs
        drm/amdkfd: validate pdd where it acquired first
        Revert "drm/i915: Allocate context objects from stolen"
        drm/i915: Declare the swizzling unknown for L-shaped configurations
        drm/radeon: fix underflow in r600_cp_dispatch_texture()
        drm/radeon: default to 2048 MB GART size on SI+
        drm/radeon: fix HDP flushing
        drm/radeon: use RCU query for GEM_BUSY syscall
        drm/amdgpu: Handle irqs only based on irq ring, not irq status regs.
        drm/radeon: Handle irqs only based on irq ring, not irq status regs.
        drm/i915: Use crtc_state->active in primary check_plane func
        drm/i915: Check crtc->active in intel_crtc_disable_planes
        drm/i915: Restore all GGTT VMAs on resume
        ...
      9cb1680c
    • Linus Torvalds's avatar
      Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · 2278cb0b
      Linus Torvalds authored
      Pull selinux fixes from James Morris.
      
      * 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        selinux: fix mprotect PROT_EXEC regression caused by mm change
        selinux: don't waste ebitmap space when importing NetLabel categories
      2278cb0b
    • Linus Torvalds's avatar
      Merge branch 'for-linus-4.2' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · 31b7a57c
      Linus Torvalds authored
      Pull btrfs fixes from Chris Mason:
       "This is an assortment of fixes.  Most of the commits are from Filipe
        (fsync, the inode allocation cache and a few others).  Mark kicked in
        a series fixing corners in the extent sharing ioctls, and everyone
        else fixed up on assorted other problems"
      
      * 'for-linus-4.2' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
        Btrfs: fix wrong check for btrfs_force_chunk_alloc()
        Btrfs: fix warning of bytes_may_use
        Btrfs: fix hang when failing to submit bio of directIO
        Btrfs: fix a comment in inode.c:evict_inode_truncate_pages()
        Btrfs: fix memory corruption on failure to submit bio for direct IO
        btrfs: don't update mtime/ctime on deduped inodes
        btrfs: allow dedupe of same inode
        btrfs: fix deadlock with extent-same and readpage
        btrfs: pass unaligned length to btrfs_cmp_data()
        Btrfs: fix fsync after truncate when no_holes feature is enabled
        Btrfs: fix fsync xattr loss in the fast fsync path
        Btrfs: fix fsync data loss after append write
        Btrfs: fix crash on close_ctree() if cleaner starts new transaction
        Btrfs: fix race between caching kthread and returning inode to inode cache
        Btrfs: use kmem_cache_free when freeing entry in inode cache
        Btrfs: fix race between balance and unused block group deletion
        btrfs: add error handling for scrub_workers_get()
        btrfs: cleanup noused initialization of dev in btrfs_end_bio()
        btrfs: qgroup: allow user to clear the limitation on qgroup
      31b7a57c
    • Linus Torvalds's avatar
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 84e3e9d0
      Linus Torvalds authored
      Pull ARM SoC fixes from Kevin Hilman:
       "A fairly random colletion of fixes based on -rc1 for OMAP, sunxi and
        prima2 as well as a few arm64-specific DT fixes.
      
        This series also includes a late to support a new Allwinner (sunxi)
        SoC, but since it's rather simple and isolated to the
        platform-specific code, it's included it for this -rc"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        arm64: dts: add device tree for ARM SMM-A53x2 on LogicTile Express 20MG
        arm: dts: vexpress: add missing CCI PMU device node to TC2
        arm: dts: vexpress: describe all PMUs in TC2 dts
        GICv3: Add ITS entry to THUNDER dts
        arm64: dts: Add poweroff button device node for APM X-Gene platform
        ARM: dts: am4372.dtsi: disable rfbi
        ARM: dts: am57xx-beagle-x15: Provide supply for usb2_phy2
        ARM: dts: am4372: Add emif node
        Revert "ARM: dts: am335x-boneblack: disable RTC-only sleep"
        ARM: sunxi: Enable simplefb in the defconfig
        ARM: Remove deprecated symbol from defconfig files
        ARM: sunxi: Add Machine support for A33
        ARM: sunxi: Introduce Allwinner H3 support
        Documentation: sunxi: Update Allwinner SoC documentation
        ARM: prima2: move to use REGMAP APIs for rtciobrg
        ARM: dts: atlas7: add pinctrl and gpio descriptions
        ARM: OMAP2+: Remove unnessary return statement from the void function, omap2_show_dma_caps
        memory: omap-gpmc: Fix parsing of devices
      84e3e9d0
    • Thomas Gleixner's avatar
      tick/broadcast: Prevent NULL pointer dereference · c4d029f2
      Thomas Gleixner authored
      Dan reported that the recent changes to the broadcast code introduced
      a potential NULL dereference.
      
      Add the proper check.
      
      Fixes: e0454311 "tick/broadcast: Sanity check the shutdown of the local clock_event"
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      c4d029f2
  7. 10 Jul, 2015 5 commits
    • Linus Torvalds's avatar
      Merge branch 'parisc-4.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · b9243b5a
      Linus Torvalds authored
      Pull parisc fixes from Helge Deller:
       "We have one important patch from Dave Anglin and myself which fixes
        PTE/TLB race conditions which caused random segmentation faults on our
        debian buildd servers, and one patch from Alex Ivanov which speeds up
        the graphical text console on the STI framebuffer driver"
      
      * 'parisc-4.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Fix some PTE/TLB race conditions and optimize __flush_tlb_range based on timing results
        stifb: Implement hardware accelerated copyarea
      b9243b5a
    • James Morris's avatar
    • Stephen Smalley's avatar
      selinux: fix mprotect PROT_EXEC regression caused by mm change · 892e8cac
      Stephen Smalley authored
      commit 66fc1303 ("mm: shmem_zero_setup
      skip security check and lockdep conflict with XFS") caused a regression
      for SELinux by disabling any SELinux checking of mprotect PROT_EXEC on
      shared anonymous mappings.  However, even before that regression, the
      checking on such mprotect PROT_EXEC calls was inconsistent with the
      checking on a mmap PROT_EXEC call for a shared anonymous mapping.  On a
      mmap, the security hook is passed a NULL file and knows it is dealing
      with an anonymous mapping and therefore applies an execmem check and no
      file checks.  On a mprotect, the security hook is passed a vma with a
      non-NULL vm_file (as this was set from the internally-created shmem
      file during mmap) and therefore applies the file-based execute check
      and no execmem check.  Since the aforementioned commit now marks the
      shmem zero inode with the S_PRIVATE flag, the file checks are disabled
      and we have no checking at all on mprotect PROT_EXEC.  Add a test to
      the mprotect hook logic for such private inodes, and apply an execmem
      check in that case.  This makes the mmap and mprotect checking
      consistent for shared anonymous mappings, as well as for /dev/zero and
      ashmem.
      
      Cc: <stable@vger.kernel.org> # 4.1.x
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
      892e8cac
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 1604f871
      Linus Torvalds authored
      Pull arm64 fixes and clean-up from Catalin Marinas:
       - ACPI fix when checking the validity of the GICC MADT subtable
       - handle debug exceptions in the el*_inv exception entries
       - remove pointless register assignment in two compat syscall wrappers
       - unnecessary include path
       - defconfig update
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: entry32: remove pointless register assignment
        arm64: entry: handle debug exceptions in el*_inv
        arm64: Keep the ARM64 Kconfig selects sorted
        ACPI / ARM64 : use the new BAD_MADT_GICC_ENTRY macro
        ACPI / ARM64: add BAD_MADT_GICC_ENTRY() macro
        arm64: defconfig: Add Ceva ahci to the defconfig
        arm64: remove another unnecessary libfdt include path
      1604f871
    • John David Anglin's avatar
      parisc: Fix some PTE/TLB race conditions and optimize __flush_tlb_range based on timing results · 01ab6057
      John David Anglin authored
      The increased use of pdtlb/pitlb instructions seemed to increase the
      frequency of random segmentation faults building packages. Further, we
      had a number of cases where TLB inserts would repeatedly fail and all
      forward progress would stop. The Haskell ghc package caused a lot of
      trouble in this area. The final indication of a race in pte handling was
      this syslog entry on sibaris (C8000):
      
       swap_free: Unused swap offset entry 00000004
       BUG: Bad page map in process mysqld  pte:00000100 pmd:019bbec5
       addr:00000000ec464000 vm_flags:00100073 anon_vma:0000000221023828 mapping: (null) index:ec464
       CPU: 1 PID: 9176 Comm: mysqld Not tainted 4.0.0-2-parisc64-smp #1 Debian 4.0.5-1
       Backtrace:
        [<0000000040173eb0>] show_stack+0x20/0x38
        [<0000000040444424>] dump_stack+0x9c/0x110
        [<00000000402a0d38>] print_bad_pte+0x1a8/0x278
        [<00000000402a28b8>] unmap_single_vma+0x3d8/0x770
        [<00000000402a4090>] zap_page_range+0xf0/0x198
        [<00000000402ba2a4>] SyS_madvise+0x404/0x8c0
      
      Note that the pte value is 0 except for the accessed bit 0x100. This bit
      shouldn't be set without the present bit.
      
      It should be noted that the madvise system call is probably a trigger for many
      of the random segmentation faults.
      
      In looking at the kernel code, I found the following problems:
      
      1) The pte_clear define didn't take TLB lock when clearing a pte.
      2) We didn't test pte present bit inside lock in exception support.
      3) The pte and tlb locks needed to merged in order to ensure consistency
      between page table and TLB. This also has the effect of serializing TLB
      broadcasts on SMP systems.
      
      The attached change implements the above and a few other tweaks to try
      to improve performance. Based on the timing code, TLB purges are very
      slow (e.g., ~ 209 cycles per page on rp3440). Thus, I think it
      beneficial to test the split_tlb variable to avoid duplicate purges.
      Probably, all PA 2.0 machines have combined TLBs.
      
      I dropped using __flush_tlb_range in flush_tlb_mm as I realized all
      applications and most threads have a stack size that is too large to
      make this useful. I added some comments to this effect.
      
      Since implementing 1 through 3, I haven't had any random segmentation
      faults on mx3210 (rp3440) in about one week of building code and running
      as a Debian buildd.
      Signed-off-by: default avatarJohn David Anglin <dave.anglin@bell.net>
      Cc: stable@vger.kernel.org # v3.18+
      Signed-off-by: default avatarHelge Deller <deller@gmx.de>
      01ab6057