1. 15 Jul, 2016 1 commit
  2. 14 Jul, 2016 1 commit
    • Lans Zhang's avatar
      PKCS#7: Fix panic when referring to the empty AKID when DEBUG defined · 7454872b
      Lans Zhang authored
      This fix resolves the following kernel panic if an empty or missing
      AuthorityKeyIdentifier is encountered and DEBUG is defined in
      pkcs7_verify.c.
      
      [  459.041989] PKEY: <==public_key_verify_signature() = 0
      [  459.041993] PKCS7: Verified signature 1
      [  459.041995] PKCS7: ==> pkcs7_verify_sig_chain()
      [  459.041999] PKCS7: verify Sample DB Certificate for SCP: 01
      [  459.042002] PKCS7: - issuer Sample KEK Certificate for SCP
      [  459.042014] BUG: unable to handle kernel NULL pointer dereference at           (null)
      [  459.042135] IP: [<ffffffff813e7b4c>] pkcs7_verify+0x72c/0x7f0
      [  459.042217] PGD 739e6067 PUD 77719067 PMD 0
      [  459.042286] Oops: 0000 [#1] PREEMPT SMP
      [  459.042328] Modules linked in:
      [  459.042368] CPU: 0 PID: 474 Comm: kexec Not tainted 4.7.0-rc7-WR8.0.0.0_standard+ #18
      [  459.042462] Hardware name: To be filled by O.E.M. To be filled by O.E.M./Aptio CRB, BIOS 5.6.5 10/09/2014
      [  459.042586] task: ffff880073a50000 ti: ffff8800738e8000 task.ti: ffff8800738e8000
      [  459.042675] RIP: 0010:[<ffffffff813e7b4c>]  [<ffffffff813e7b4c>] pkcs7_verify+0x72c/0x7f0
      [  459.042784] RSP: 0018:ffff8800738ebd58  EFLAGS: 00010246
      [  459.042845] RAX: 0000000000000000 RBX: ffff880076b7da80 RCX: 0000000000000006
      [  459.042929] RDX: 0000000000000001 RSI: ffffffff81c85001 RDI: ffffffff81ca00a9
      [  459.043014] RBP: ffff8800738ebd98 R08: 0000000000000400 R09: ffff8800788a304c
      [  459.043098] R10: 0000000000000000 R11: 00000000000060ca R12: ffff8800769a2bc0
      [  459.043182] R13: ffff880077358300 R14: 0000000000000000 R15: ffff8800769a2dc0
      [  459.043268] FS:  00007f24cc741700(0000) GS:ffff880074e00000(0000) knlGS:0000000000000000
      [  459.043365] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  459.043431] CR2: 0000000000000000 CR3: 0000000073a36000 CR4: 00000000001006f0
      [  459.043514] Stack:
      [  459.043530]  0000000000000000 ffffffbf00000020 31ffffff813e68b0 0000000000000002
      [  459.043644]  ffff8800769a2bc0 0000000000000000 00000000007197b8 0000000000000002
      [  459.043756]  ffff8800738ebdd8 ffffffff81153fb1 0000000000000000 0000000000000000
      [  459.043869] Call Trace:
      [  459.043898]  [<ffffffff81153fb1>] verify_pkcs7_signature+0x61/0x140
      [  459.043974]  [<ffffffff813e7f0b>] verify_pefile_signature+0x2cb/0x830
      [  459.044052]  [<ffffffff813e8470>] ? verify_pefile_signature+0x830/0x830
      [  459.044134]  [<ffffffff81048e25>] bzImage64_verify_sig+0x15/0x20
      [  459.046332]  [<ffffffff81046e09>] arch_kexec_kernel_verify_sig+0x29/0x40
      [  459.048552]  [<ffffffff810f10e4>] SyS_kexec_file_load+0x1f4/0x6c0
      [  459.050768]  [<ffffffff81050e36>] ? __do_page_fault+0x1b6/0x550
      [  459.052996]  [<ffffffff8199241f>] entry_SYSCALL_64_fastpath+0x17/0x93
      [  459.055242] Code: e8 0a d6 ff ff 85 c0 0f 88 7a fb ff ff 4d 39 fd 4d 89 7d 08 74 45 4d 89 fd e9 14 fe ff ff 4d 8b 76 08 31 c0 48 c7 c7 a9 00 ca 81 <41> 0f b7 36 49 8d 56 02 e8 d0 91 d6 ff 4d 8b 3c 24 4d 85 ff 0f
      [  459.060535] RIP  [<ffffffff813e7b4c>] pkcs7_verify+0x72c/0x7f0
      [  459.063040]  RSP <ffff8800738ebd58>
      [  459.065456] CR2: 0000000000000000
      [  459.075998] ---[ end trace c15f0e897cda28dc ]---
      Signed-off-by: default avatarLans Zhang <jia.zhang@windriver.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: Baoquan He <bhe@redhat.com>
      Cc: Vivek Goyal <vgoyal@redhat.com>
      cc: linux-crypto@vger.kernel.org
      cc: kexec@lists.infradead.org
      7454872b
  3. 13 Jul, 2016 5 commits
  4. 12 Jul, 2016 4 commits
    • Linus Torvalds's avatar
      Merge tag 'acpi-urgent-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · f1b5e4fa
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "One ACPI EC driver regression fix (code ordering) and three reverts of
        ACPICA commits, one that introduced a problem and two unsuccessful
        attempted fixes on top of it.
      
        Specifics:
      
         - Fix a recent regression in the ACPI EC driver introduced by a fix
           of another problem that uncovered a latent code ordering issue in
           the driver (Lv Zheng).
      
         - Revert a recent ACPICA commit that attempted to address a lock
           ordering issue introduced by a previous fix, but caused Dell
           Precision 5510 to fail to boot, revert that previous fix too and
           finally revert the commit that caused the original problem (a
           deadlock in the ACPICA code) to happen (Rafael Wysocki)"
      
      * tag 'acpi-urgent-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        Revert "ACPI 2.0 / AML: Improve module level execution by moving the If/Else/While execution to per-table basis"
        Revert "ACPICA: Namespace: Fix deadlock triggered by MLC support in dynamic table loading"
        Revert "ACPICA: Namespace: Fix namespace/interpreter lock ordering"
        ACPI / EC: Fix code ordering issue in ec_remove_handlers()
      f1b5e4fa
    • Rafael J. Wysocki's avatar
      Merge branches 'acpica-fixes' and 'acpi-ec-fixes' · d0420d20
      Rafael J. Wysocki authored
      * acpica-fixes:
        Revert "ACPI 2.0 / AML: Improve module level execution by moving the If/Else/While execution to per-table basis"
        Revert "ACPICA: Namespace: Fix deadlock triggered by MLC support in dynamic table loading"
        Revert "ACPICA: Namespace: Fix namespace/interpreter lock ordering"
      
      * acpi-ec-fixes:
        ACPI / EC: Fix code ordering issue in ec_remove_handlers()
      d0420d20
    • Linus Torvalds's avatar
      Merge tag 'qcom-smd-list-voltage' of... · 63bab220
      Linus Torvalds authored
      Merge tag 'qcom-smd-list-voltage' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
      
      Pull regulator fix from Mark Brown:
       "Fix qcom-smd list voltage issues for msm8974
      
        This commit looks like a cleanup but in fact by causing the core to go
        down some simplified code paths for noop regulators it avoids a boot
        time crash for msm8974 platforms which was introduced in v4.7.  It has
        been in -next for a while, the issues in mainline for these platforms
        weren't flagged up to me until yesterday (I think it took some time to
        figure out what was going wrong)"
      
      * tag 'qcom-smd-list-voltage' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
        regulator: qcom_smd: Remove list_voltage callback for rpm_smps_ldo_ops_fixed
      63bab220
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 08d27eb2
      Linus Torvalds authored
      Pull vfs fixes from Al Viro.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        posix_acl: de-union a_refcount and a_rcu
        nfs_atomic_open(): prevent parallel nfs_lookup() on a negative hashed
        Use the right predicate in ->atomic_open() instances
      08d27eb2
  5. 11 Jul, 2016 7 commits
  6. 10 Jul, 2016 6 commits
    • Lukas Wunner's avatar
      x86/quirks: Add early quirk to reset Apple AirPort card · abb2bafd
      Lukas Wunner authored
      The EFI firmware on Macs contains a full-fledged network stack for
      downloading OS X images from osrecovery.apple.com. Unfortunately
      on Macs introduced 2011 and 2012, EFI brings up the Broadcom 4331
      wireless card on every boot and leaves it enabled even after
      ExitBootServices has been called. The card continues to assert its IRQ
      line, causing spurious interrupts if the IRQ is shared. It also corrupts
      memory by DMAing received packets, allowing for remote code execution
      over the air. This only stops when a driver is loaded for the wireless
      card, which may be never if the driver is not installed or blacklisted.
      
      The issue seems to be constrained to the Broadcom 4331. Chris Milsted
      has verified that the newer Broadcom 4360 built into the MacBookPro11,3
      (2013/2014) does not exhibit this behaviour. The chances that Apple will
      ever supply a firmware fix for the older machines appear to be zero.
      
      The solution is to reset the card on boot by writing to a reset bit in
      its mmio space. This must be done as an early quirk and not as a plain
      vanilla PCI quirk to successfully combat memory corruption by DMAed
      packets: Matthew Garrett found out in 2012 that the packets are written
      to EfiBootServicesData memory (http://mjg59.dreamwidth.org/11235.html).
      This type of memory is made available to the page allocator by
      efi_free_boot_services(). Plain vanilla PCI quirks run much later, in
      subsys initcall level. In-between a time window would be open for memory
      corruption. Random crashes occurring in this time window and attributed
      to DMAed packets have indeed been observed in the wild by Chris
      Bainbridge.
      
      When Matthew Garrett analyzed the memory corruption issue in 2012, he
      sought to fix it with a grub quirk which transitions the card to D3hot:
      http://git.savannah.gnu.org/cgit/grub.git/commit/?id=9d34bb85da56
      
      This approach does not help users with other bootloaders and while it
      may prevent DMAed packets, it does not cure the spurious interrupts
      emanating from the card. Unfortunately the card's mmio space is
      inaccessible in D3hot, so to reset it, we have to undo the effect of
      Matthew's grub patch and transition the card back to D0.
      
      Note that the quirk takes a few shortcuts to reduce the amount of code:
      The size of BAR 0 and the location of the PM capability is identical
      on all affected machines and therefore hardcoded. Only the address of
      BAR 0 differs between models. Also, it is assumed that the BCMA core
      currently mapped is the 802.11 core. The EFI driver seems to always take
      care of this.
      
      Michael Büsch, Bjorn Helgaas and Matt Fleming contributed feedback
      towards finding the best solution to this problem.
      
      The following should be a comprehensive list of affected models:
          iMac13,1        2012  21.5"       [Root Port 00:1c.3 = 8086:1e16]
          iMac13,2        2012  27"         [Root Port 00:1c.3 = 8086:1e16]
          Macmini5,1      2011  i5 2.3 GHz  [Root Port 00:1c.1 = 8086:1c12]
          Macmini5,2      2011  i5 2.5 GHz  [Root Port 00:1c.1 = 8086:1c12]
          Macmini5,3      2011  i7 2.0 GHz  [Root Port 00:1c.1 = 8086:1c12]
          Macmini6,1      2012  i5 2.5 GHz  [Root Port 00:1c.1 = 8086:1e12]
          Macmini6,2      2012  i7 2.3 GHz  [Root Port 00:1c.1 = 8086:1e12]
          MacBookPro8,1   2011  13"         [Root Port 00:1c.1 = 8086:1c12]
          MacBookPro8,2   2011  15"         [Root Port 00:1c.1 = 8086:1c12]
          MacBookPro8,3   2011  17"         [Root Port 00:1c.1 = 8086:1c12]
          MacBookPro9,1   2012  15"         [Root Port 00:1c.1 = 8086:1e12]
          MacBookPro9,2   2012  13"         [Root Port 00:1c.1 = 8086:1e12]
          MacBookPro10,1  2012  15"         [Root Port 00:1c.1 = 8086:1e12]
          MacBookPro10,2  2012  13"         [Root Port 00:1c.1 = 8086:1e12]
      
      For posterity, spurious interrupts caused by the Broadcom 4331 wireless
      card resulted in splats like this (stacktrace omitted):
      
          irq 17: nobody cared (try booting with the "irqpoll" option)
          handlers:
          [<ffffffff81374370>] pcie_isr
          [<ffffffffc0704550>] sdhci_irq [sdhci] threaded [<ffffffffc07013c0>] sdhci_thread_irq [sdhci]
          [<ffffffffc0a0b960>] azx_interrupt [snd_hda_codec]
          Disabling IRQ #17
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=79301
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=111781
      Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=728916
      Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=895951#c16
      Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1009819
      Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1098621
      Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1149632#c5
      Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1279130
      Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1332732
      Tested-by: Konstantin Simanov <k.simanov@stlk.ru>        # [MacBookPro8,1]
      Tested-by: Lukas Wunner <lukas@wunner.de>                # [MacBookPro9,1]
      Tested-by: Bryan Paradis <bryan.paradis@gmail.com>       # [MacBookPro9,2]
      Tested-by: Andrew Worsley <amworsley@gmail.com>          # [MacBookPro10,1]
      Tested-by: Chris Bainbridge <chris.bainbridge@gmail.com> # [MacBookPro10,2]
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Acked-by: default avatarRafał Miłecki <zajec5@gmail.com>
      Acked-by: default avatarMatt Fleming <matt@codeblueprint.co.uk>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Bjorn Helgaas <bhelgaas@google.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Chris Milsted <cmilsted@redhat.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Cc: Michael Buesch <m@bues.ch>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: b43-dev@lists.infradead.org
      Cc: linux-pci@vger.kernel.org
      Cc: linux-wireless@vger.kernel.org
      Cc: stable@vger.kernel.org
      Cc: stable@vger.kernel.org # 123456789abc: x86/quirks: Apply nvidia_bugs quirk only on root bus
      Cc: stable@vger.kernel.org # 123456789abc: x86/quirks: Reintroduce scanning of secondary buses
      Link: http://lkml.kernel.org/r/48d0972ac82a53d460e5fce77a07b2560db95203.1465690253.git.lukas@wunner.de
      [ Did minor readability edits. ]
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      abb2bafd
    • Lukas Wunner's avatar
      x86/quirks: Reintroduce scanning of secondary buses · 850c3210
      Lukas Wunner authored
      We used to scan secondary buses until the following commit that
      was applied in 2009:
      
        8659c406 ("x86: only scan the root bus in early PCI quirks")
      
      which commit constrained early quirks to the root bus only. Its
      motivation was to prevent application of the nvidia_bugs quirk
      on secondary buses.
      
      We're about to add a quirk to reset the Broadcom 4331 wireless card on
      2011/2012 Macs, which is located on a secondary bus behind a PCIe root
      port. To facilitate that, reintroduce scanning of secondary buses.
      
      The commit message of 8659c406 notes that scanning only the root bus
      "saves quite some unnecessary scanning work". The algorithm used prior
      to 8659c406 was particularly time consuming because it scanned
      buses 0 to 31 brute force. To avoid lengthening boot time, employ a
      recursive strategy which only scans buses that are actually reachable
      from the root bus.
      
      Yinghai Lu pointed out that the secondary bus number read from a
      bridge's config space may be invalid, in particular a value of 0 would
      cause an infinite loop. The PCI core goes beyond that and recurses to a
      child bus only if its bus number is greater than the parent bus number
      (see pci_scan_bridge()). Since the root bus is numbered 0, this implies
      that secondary buses may not be 0. Do the same on early scanning.
      
      If this algorithm is found to significantly impact boot time or cause
      infinite loops on broken hardware, it would be possible to limit its
      recursion depth: The Broadcom 4331 quirk applies at depth 1, all others
      at depth 0, so the bus need not be scanned deeper than that for now. An
      alternative approach would be to revert to scanning only the root bus,
      and apply the Broadcom 4331 quirk to the root ports 8086:1c12, 8086:1e12
      and 8086:1e16. Apple always positioned the card behind either of these
      three ports. The quirk would then check presence of the card in slot 0
      below the root port and do its deed.
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Bjorn Helgaas <bhelgaas@google.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: linux-pci@vger.kernel.org
      Link: http://lkml.kernel.org/r/f0daa70dac1a9b2483abdb31887173eb6ab77bdf.1465690253.git.lukas@wunner.deSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      850c3210
    • Lukas Wunner's avatar
      x86/quirks: Apply nvidia_bugs quirk only on root bus · 447d29d1
      Lukas Wunner authored
      Since the following commit:
      
        8659c406 ("x86: only scan the root bus in early PCI quirks")
      
      ... early quirks are only applied to devices on the root bus.
      
      The motivation was to prevent application of the nvidia_bugs quirk on
      secondary buses.
      
      We're about to reintroduce scanning of secondary buses for a quirk to
      reset the Broadcom 4331 wireless card on 2011/2012 Macs. To prevent
      regressions, open code the requirement to apply nvidia_bugs only on the
      root bus.
      Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Bjorn Helgaas <bhelgaas@google.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Link: http://lkml.kernel.org/r/4d5477c1d76b2f0387a780f2142bbcdd9fee869b.1465690253.git.lukas@wunner.deSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      447d29d1
    • Vegard Nossum's avatar
      perf/x86: Fix bogus kernel printk, again · eb019503
      Vegard Nossum authored
      This showed up as "6Failed to access..." here.
      Signed-off-by: default avatarVegard Nossum <vegard.nossum@oracle.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Chen Yucong <slaoub@gmail.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Fixes: 1b74dde7 ("x86/cpu: Convert printk(KERN_<LEVEL> ...) to pr_<level>(...)")
      Link: http://lkml.kernel.org/r/1468170841-17045-1-git-send-email-vegard.nossum@oracle.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      eb019503
    • Linus Torvalds's avatar
      Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · 617a8d6b
      Linus Torvalds authored
      Pull MIPS fix from Ralf Baechle:
       "Another week with just a single 4.7 fix.
      
        This fixes a possible 'loss' of the huge page bit from pmd on
        permission change"
      
      * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
        MIPS: Fix page table corruption on THP permission changes.
      617a8d6b
    • Josh Poimboeuf's avatar
      objtool: Fix STACK_FRAME_NON_STANDARD macro checking for function symbols · 0ea5ad86
      Josh Poimboeuf authored
      Mathieu Desnoyers reported that the STACK_FRAME_NON_STANDARD macro
      wasn't working with the lttng_filter_interpret_bytecode() function in
      the lttng-modules code.
      
      Usually the relocation created by STACK_FRAME_NON_STANDARD creates a
      reference to a section symbol like this:
      
        Offset              Type            Value               Addend Name
        000000000000000000  X86_64_64       000000000000000000   +3136 .text
      
      But in this case it created a reference to a function symbol:
      
        Offset              Type            Value               Addend Name
        000000000000000000  X86_64_64       0x00000000000003a0      +0 lttng_filter_interpret_bytecode
      
      To be honest I have no idea what causes gcc to decide to do one over the
      other.  But both are valid ELF, so add support for the function symbol.
      Reported-by: default avatarMathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: lttng-dev@lists.lttng.org
      Link: http://lkml.kernel.org/r/9cee42843bc6d94e990a152e4e0319cfdf6756ef.1466023450.git.jpoimboe@redhat.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      0ea5ad86
  7. 09 Jul, 2016 2 commits
    • Dave Hansen's avatar
      x86/cpu: Fix duplicated X86_BUG(9) macro · 8709ed4d
      Dave Hansen authored
      cpufeatures.h currently defines X86_BUG(9) twice on 32-bit:
      
      	#define X86_BUG_NULL_SEG        X86_BUG(9) /* Nulling a selector preserves the base */
      	...
      	#ifdef CONFIG_X86_32
      	#define X86_BUG_ESPFIX          X86_BUG(9) /* "" IRET to 16-bit SS corrupts ESP/RSP high bits */
      	#endif
      
      I think what happened was that this added the X86_BUG_ESPFIX, but
      in an #ifdef below most of the bugs:
      
      	58a5aac5 x86/entry/32: Introduce and use X86_BUG_ESPFIX instead of paravirt_enabled
      
      Then this came along and added X86_BUG_NULL_SEG, but collided
      with the earlier one that did the bug below the main block
      defining all the X86_BUG()s.
      
      	7a5d6704 x86/cpu: Probe the behavior of nulling out a segment at boot time
      Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
      Acked-by: default avatarAndy Lutomirski <luto@kernel.org>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Dave Hansen <dave@sr71.net>
      Cc: Denys Vlasenko <dvlasenk@redhat.com>
      Cc: H. Peter Anvin <hpa@zytor.com>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: stable@vger.kernel.org
      Link: http://lkml.kernel.org/r/20160618001503.CEE1B141@viggo.jf.intel.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      8709ed4d
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · ee40fb29
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Three fixes.  One is the qla24xx MSI regression, one is a theoretical
        problem over blacklist matching, which would bite USB badly if it ever
        triggered and one is a system hang with a particular type of IPR
        device"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        qla2xxx: Fix NULL pointer deref in QLA interrupt
        SCSI: fix new bug in scsi_dev_info_list string matching
        ipr: Clear interrupt on croc/crocodile when running with LSI
      ee40fb29
  8. 08 Jul, 2016 14 commits