1. 29 Nov, 2017 17 commits
    • Florian Fainelli's avatar
      hwrng: bcm2835 - Add Broadcom MIPS I/O accessors · 6f09359a
      Florian Fainelli authored
      Broadcom MIPS HW is always strapped to match the system-wide endian such
      that all I/O access to this RNG block is done with the native CPU
      endian, account for that.
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      6f09359a
    • Florian Fainelli's avatar
      hwrng: bcm2835 - Abstract I/O accessors · abd42026
      Florian Fainelli authored
      In preparation for allowing BCM63xx to use this driver, we abstract I/O
      accessors such that we can easily change those later on.
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Reviewed-by: default avatarEric Anholt <eric@anholt.net>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      abd42026
    • Florian Fainelli's avatar
      hwrng: bcm2835 - Manage an optional clock · 791af4f4
      Florian Fainelli authored
      One of the last steps before bcm63xx-rng can be eliminated is to manage
      a clock during hwrng::init and hwrng::cleanup, so fetch it in the probe
      function, and manage it during these two steps when valid.
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Reviewed-by: default avatarEric Anholt <eric@anholt.net>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      791af4f4
    • Florian Fainelli's avatar
      hwrng: bcm2835 - Rework interrupt masking · 04b154fa
      Florian Fainelli authored
      The interrupt masking done for Northstart Plus and Northstar (BCM5301X)
      is moved from being a function pointer mapped to of_device_id::data into
      a proper part of the hwrng::init callback. While at it, we also make the
      of_data be a proper structure indicating the platform specifics, since
      the day we need to add a second type of platform information, we would
      have to do that anyway.
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Reviewed-by: default avatarEric Anholt <eric@anholt.net>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      04b154fa
    • Florian Fainelli's avatar
      hwrng: bcm2835 - Use device managed helpers · 16a4c04b
      Florian Fainelli authored
      Now that we have moved the RNG disabling into a hwrng::cleanup callback,
      we can use the device managed registration operation and remove our
      remove callback since it won't do anything necessary.
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Reviewed-by: default avatarEric Anholt <eric@anholt.net>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      16a4c04b
    • Florian Fainelli's avatar
      hwrng: bcm2835 - Implementation cleanup callback · ec94bca7
      Florian Fainelli authored
      We should be disabling the RNG in a hwrng::cleanup callback if we are
      not longer the system selected RNG, not wait until the device driver is
      removed.
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      ec94bca7
    • Florian Fainelli's avatar
      hwrng: bcm2835 - Move enabling to hwrng::init · a8157775
      Florian Fainelli authored
      We should be moving the enabling of the HWRNG into a hwrng::init
      callback since we can be disabled and enabled every time a different
      hwrng is selected in the system.
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      a8157775
    • Florian Fainelli's avatar
      hwrng: bcm2835 - Define a driver private context · b788479f
      Florian Fainelli authored
      Instead of making hwrng::priv host the base register address, define a
      driver private context, make it per platform device instance and pass it
      down the different functions.
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Reviewed-by: default avatarEric Anholt <eric@anholt.net>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      b788479f
    • Florian Fainelli's avatar
      hwrng: bcm2835 - Obtain base register via resource · 21bb0ef4
      Florian Fainelli authored
      In preparation for consolidating bcm63xx-rng into bcm2835-rng, make sure
      that we obtain the base register via platform_get_resource() since we
      need to support the non-DT enabled MIPS-based BCM63xx DSL SoCs.
      Signed-off-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      21bb0ef4
    • Fabien DESSENNE's avatar
      crypto: stm32 - Support for STM32 CRYP crypto module · 9e054ec2
      Fabien DESSENNE authored
      This module registers block cipher algorithms that make use of the
      STMicroelectronics STM32 crypto "CRYP1" hardware.
      The following algorithms are supported:
      - aes: ecb, cbc, ctr
      - des: ecb, cbc
      - tdes: ecb, cbc
      Signed-off-by: default avatarFabien Dessenne <fabien.dessenne@st.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      9e054ec2
    • Fabien DESSENNE's avatar
      dt-bindings: Document STM32 CRYP bindings · f82f59cf
      Fabien DESSENNE authored
      Document device tree bindings for the STM32 CRYP.
      Signed-off-by: default avatarFabien Dessenne <fabien.dessenne@st.com>
      Acked-by: default avatarRob Herring <robh@kernel.org>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      f82f59cf
    • Robert Baronescu's avatar
      crypto: tcrypt - fix S/G table for test_aead_speed() · 5c6ac1d4
      Robert Baronescu authored
      In case buffer length is a multiple of PAGE_SIZE,
      the S/G table is incorrectly generated.
      Fix this by handling buflen = k * PAGE_SIZE separately.
      Signed-off-by: default avatarRobert Baronescu <robert.baronescu@nxp.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      5c6ac1d4
    • Eric Biggers's avatar
      crypto: salsa20 - fix blkcipher_walk API usage · ecaaab56
      Eric Biggers authored
      When asked to encrypt or decrypt 0 bytes, both the generic and x86
      implementations of Salsa20 crash in blkcipher_walk_done(), either when
      doing 'kfree(walk->buffer)' or 'free_page((unsigned long)walk->page)',
      because walk->buffer and walk->page have not been initialized.
      
      The bug is that Salsa20 is calling blkcipher_walk_done() even when
      nothing is in 'walk.nbytes'.  But blkcipher_walk_done() is only meant to
      be called when a nonzero number of bytes have been provided.
      
      The broken code is part of an optimization that tries to make only one
      call to salsa20_encrypt_bytes() to process inputs that are not evenly
      divisible by 64 bytes.  To fix the bug, just remove this "optimization"
      and use the blkcipher_walk API the same way all the other users do.
      
      Reproducer:
      
          #include <linux/if_alg.h>
          #include <sys/socket.h>
          #include <unistd.h>
      
          int main()
          {
                  int algfd, reqfd;
                  struct sockaddr_alg addr = {
                          .salg_type = "skcipher",
                          .salg_name = "salsa20",
                  };
                  char key[16] = { 0 };
      
                  algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
                  bind(algfd, (void *)&addr, sizeof(addr));
                  reqfd = accept(algfd, 0, 0);
                  setsockopt(algfd, SOL_ALG, ALG_SET_KEY, key, sizeof(key));
                  read(reqfd, key, sizeof(key));
          }
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Fixes: eb6f13eb ("[CRYPTO] salsa20_generic: Fix multi-page processing")
      Cc: <stable@vger.kernel.org> # v2.6.25+
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      ecaaab56
    • Eric Biggers's avatar
      crypto: hmac - require that the underlying hash algorithm is unkeyed · af3ff804
      Eric Biggers authored
      Because the HMAC template didn't check that its underlying hash
      algorithm is unkeyed, trying to use "hmac(hmac(sha3-512-generic))"
      through AF_ALG or through KEYCTL_DH_COMPUTE resulted in the inner HMAC
      being used without having been keyed, resulting in sha3_update() being
      called without sha3_init(), causing a stack buffer overflow.
      
      This is a very old bug, but it seems to have only started causing real
      problems when SHA-3 support was added (requires CONFIG_CRYPTO_SHA3)
      because the innermost hash's state is ->import()ed from a zeroed buffer,
      and it just so happens that other hash algorithms are fine with that,
      but SHA-3 is not.  However, there could be arch or hardware-dependent
      hash algorithms also affected; I couldn't test everything.
      
      Fix the bug by introducing a function crypto_shash_alg_has_setkey()
      which tests whether a shash algorithm is keyed.  Then update the HMAC
      template to require that its underlying hash algorithm is unkeyed.
      
      Here is a reproducer:
      
          #include <linux/if_alg.h>
          #include <sys/socket.h>
      
          int main()
          {
              int algfd;
              struct sockaddr_alg addr = {
                  .salg_type = "hash",
                  .salg_name = "hmac(hmac(sha3-512-generic))",
              };
              char key[4096] = { 0 };
      
              algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
              bind(algfd, (const struct sockaddr *)&addr, sizeof(addr));
              setsockopt(algfd, SOL_ALG, ALG_SET_KEY, key, sizeof(key));
          }
      
      Here was the KASAN report from syzbot:
      
          BUG: KASAN: stack-out-of-bounds in memcpy include/linux/string.h:341  [inline]
          BUG: KASAN: stack-out-of-bounds in sha3_update+0xdf/0x2e0  crypto/sha3_generic.c:161
          Write of size 4096 at addr ffff8801cca07c40 by task syzkaller076574/3044
      
          CPU: 1 PID: 3044 Comm: syzkaller076574 Not tainted 4.14.0-mm1+ #25
          Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  Google 01/01/2011
          Call Trace:
            __dump_stack lib/dump_stack.c:17 [inline]
            dump_stack+0x194/0x257 lib/dump_stack.c:53
            print_address_description+0x73/0x250 mm/kasan/report.c:252
            kasan_report_error mm/kasan/report.c:351 [inline]
            kasan_report+0x25b/0x340 mm/kasan/report.c:409
            check_memory_region_inline mm/kasan/kasan.c:260 [inline]
            check_memory_region+0x137/0x190 mm/kasan/kasan.c:267
            memcpy+0x37/0x50 mm/kasan/kasan.c:303
            memcpy include/linux/string.h:341 [inline]
            sha3_update+0xdf/0x2e0 crypto/sha3_generic.c:161
            crypto_shash_update+0xcb/0x220 crypto/shash.c:109
            shash_finup_unaligned+0x2a/0x60 crypto/shash.c:151
            crypto_shash_finup+0xc4/0x120 crypto/shash.c:165
            hmac_finup+0x182/0x330 crypto/hmac.c:152
            crypto_shash_finup+0xc4/0x120 crypto/shash.c:165
            shash_digest_unaligned+0x9e/0xd0 crypto/shash.c:172
            crypto_shash_digest+0xc4/0x120 crypto/shash.c:186
            hmac_setkey+0x36a/0x690 crypto/hmac.c:66
            crypto_shash_setkey+0xad/0x190 crypto/shash.c:64
            shash_async_setkey+0x47/0x60 crypto/shash.c:207
            crypto_ahash_setkey+0xaf/0x180 crypto/ahash.c:200
            hash_setkey+0x40/0x90 crypto/algif_hash.c:446
            alg_setkey crypto/af_alg.c:221 [inline]
            alg_setsockopt+0x2a1/0x350 crypto/af_alg.c:254
            SYSC_setsockopt net/socket.c:1851 [inline]
            SyS_setsockopt+0x189/0x360 net/socket.c:1830
            entry_SYSCALL_64_fastpath+0x1f/0x96
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      af3ff804
    • Eric Biggers's avatar
      crypto: af_alg - fix NULL pointer dereference in · 887207ed
      Eric Biggers authored
       af_alg_free_areq_sgls()
      
      If allocating the ->tsgl member of 'struct af_alg_async_req' failed,
      during cleanup we dereferenced the NULL ->tsgl pointer in
      af_alg_free_areq_sgls(), because ->tsgl_entries was nonzero.
      
      Fix it by only freeing the ->tsgl list if it is non-NULL.
      
      This affected both algif_skcipher and algif_aead.
      
      Fixes: e870456d ("crypto: algif_skcipher - overhaul memory management")
      Fixes: d887c52d ("crypto: algif_aead - overhaul memory management")
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Cc: <stable@vger.kernel.org> # v4.14+
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Reviewed-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      887207ed
    • Eric Biggers's avatar
      crypto: algif_aead - fix reference counting of null skcipher · b32a7dc8
      Eric Biggers authored
      In the AEAD interface for AF_ALG, the reference to the "null skcipher"
      held by each tfm was being dropped in the wrong place -- when each
      af_alg_ctx was freed instead of when the aead_tfm was freed.  As
      discovered by syzkaller, a specially crafted program could use this to
      cause the null skcipher to be freed while it is still in use.
      
      Fix it by dropping the reference in the right place.
      
      Fixes: 72548b09 ("crypto: algif_aead - copy AAD from src to dst")
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Cc: <stable@vger.kernel.org> # v4.14+
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Reviewed-by: default avatarStephan Mueller <smueller@chronox.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      b32a7dc8
    • Eric Biggers's avatar
      crypto: rsa - fix buffer overread when stripping leading zeroes · d2890c37
      Eric Biggers authored
      In rsa_get_n(), if the buffer contained all 0's and "FIPS mode" is
      enabled, we would read one byte past the end of the buffer while
      scanning the leading zeroes.  Fix it by checking 'n_sz' before '!*ptr'.
      
      This bug was reachable by adding a specially crafted key of type
      "asymmetric" (requires CONFIG_RSA and CONFIG_X509_CERTIFICATE_PARSER).
      
      KASAN report:
      
          BUG: KASAN: slab-out-of-bounds in rsa_get_n+0x19e/0x1d0 crypto/rsa_helper.c:33
          Read of size 1 at addr ffff88003501a708 by task keyctl/196
      
          CPU: 1 PID: 196 Comm: keyctl Not tainted 4.14.0-09238-g1d3b78bb #26
          Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014
          Call Trace:
           rsa_get_n+0x19e/0x1d0 crypto/rsa_helper.c:33
           asn1_ber_decoder+0x82a/0x1fd0 lib/asn1_decoder.c:328
           rsa_set_pub_key+0xd3/0x320 crypto/rsa.c:278
           crypto_akcipher_set_pub_key ./include/crypto/akcipher.h:364 [inline]
           pkcs1pad_set_pub_key+0xae/0x200 crypto/rsa-pkcs1pad.c:117
           crypto_akcipher_set_pub_key ./include/crypto/akcipher.h:364 [inline]
           public_key_verify_signature+0x270/0x9d0 crypto/asymmetric_keys/public_key.c:106
           x509_check_for_self_signed+0x2ea/0x480 crypto/asymmetric_keys/x509_public_key.c:141
           x509_cert_parse+0x46a/0x620 crypto/asymmetric_keys/x509_cert_parser.c:129
           x509_key_preparse+0x61/0x750 crypto/asymmetric_keys/x509_public_key.c:174
           asymmetric_key_preparse+0xa4/0x150 crypto/asymmetric_keys/asymmetric_type.c:388
           key_create_or_update+0x4d4/0x10a0 security/keys/key.c:850
           SYSC_add_key security/keys/keyctl.c:122 [inline]
           SyS_add_key+0xe8/0x290 security/keys/keyctl.c:62
           entry_SYSCALL_64_fastpath+0x1f/0x96
      
          Allocated by task 196:
           __do_kmalloc mm/slab.c:3711 [inline]
           __kmalloc_track_caller+0x118/0x2e0 mm/slab.c:3726
           kmemdup+0x17/0x40 mm/util.c:118
           kmemdup ./include/linux/string.h:414 [inline]
           x509_cert_parse+0x2cb/0x620 crypto/asymmetric_keys/x509_cert_parser.c:106
           x509_key_preparse+0x61/0x750 crypto/asymmetric_keys/x509_public_key.c:174
           asymmetric_key_preparse+0xa4/0x150 crypto/asymmetric_keys/asymmetric_type.c:388
           key_create_or_update+0x4d4/0x10a0 security/keys/key.c:850
           SYSC_add_key security/keys/keyctl.c:122 [inline]
           SyS_add_key+0xe8/0x290 security/keys/keyctl.c:62
           entry_SYSCALL_64_fastpath+0x1f/0x96
      
      Fixes: 5a7de973 ("crypto: rsa - return raw integers for the ASN.1 parser")
      Cc: <stable@vger.kernel.org> # v4.8+
      Cc: Tudor Ambarus <tudor-dan.ambarus@nxp.com>
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
      Reviewed-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      d2890c37
  2. 27 Nov, 2017 1 commit
  3. 26 Nov, 2017 8 commits
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm · bbecb1cf
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
      
       - LPAE fixes for kernel-readonly regions
      
       - Fix for get_user_pages_fast on LPAE systems
      
       - avoid tying decompressor to a particular platform if DEBUG_LL is
         enabled
      
       - BUG if we attempt to return to userspace but the to-be-restored PSR
         value keeps us in privileged mode (defeating an issue that ftracetest
         found)
      
      * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: BUG if jumping to usermode address in kernel mode
        ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
        ARM: 8721/1: mm: dump: check hardware RO bit for LPAE
        ARM: make decompressor debug output user selectable
        ARM: fix get_user_pages_fast
      bbecb1cf
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · dec0029a
      Linus Torvalds authored
      Pull irq fixes from Thomas Glexiner:
      
       - unbreak the irq trigger type check for legacy platforms
      
       - a handful fixes for ARM GIC v3/4 interrupt controllers
      
       - a few trivial fixes all over the place
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        genirq/matrix: Make - vs ?: Precedence explicit
        irqchip/imgpdc: Use resource_size function on resource object
        irqchip/qcom: Fix u32 comparison with value less than zero
        irqchip/exiu: Fix return value check in exiu_init()
        irqchip/gic-v3-its: Remove artificial dependency on PCI
        irqchip/gic-v4: Add forward definition of struct irq_domain_ops
        irqchip/gic-v3: pr_err() strings should end with newlines
        irqchip/s3c24xx: pr_err() strings should end with newlines
        irqchip/gic-v3: Fix ppi-partitions lookup
        irqchip/gic-v4: Clear IRQ_DISABLE_UNLAZY again if mapping fails
        genirq: Track whether the trigger type has been set
      dec0029a
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 02fc87b1
      Linus Torvalds authored
      Pull misc x86 fixes from Ingo Molnar:
       - topology enumeration fixes
       - KASAN fix
       - two entry fixes (not yet the big series related to KASLR)
       - remove obsolete code
       - instruction decoder fix
       - better /dev/mem sanity checks, hopefully working better this time
       - pkeys fixes
       - two ACPI fixes
       - 5-level paging related fixes
       - UMIP fixes that should make application visible faults more debuggable
       - boot fix for weird virtualization environment
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (24 commits)
        x86/decoder: Add new TEST instruction pattern
        x86/PCI: Remove unused HyperTransport interrupt support
        x86/umip: Fix insn_get_code_seg_params()'s return value
        x86/boot/KASLR: Remove unused variable
        x86/entry/64: Add missing irqflags tracing to native_load_gs_index()
        x86/mm/kasan: Don't use vmemmap_populate() to initialize shadow
        x86/entry/64: Fix entry_SYSCALL_64_after_hwframe() IRQ tracing
        x86/pkeys/selftests: Fix protection keys write() warning
        x86/pkeys/selftests: Rename 'si_pkey' to 'siginfo_pkey'
        x86/mpx/selftests: Fix up weird arrays
        x86/pkeys: Update documentation about availability
        x86/umip: Print a warning into the syslog if UMIP-protected instructions are used
        x86/smpboot: Fix __max_logical_packages estimate
        x86/topology: Avoid wasting 128k for package id array
        perf/x86/intel/uncore: Cache logical pkg id in uncore driver
        x86/acpi: Reduce code duplication in mp_override_legacy_irq()
        x86/acpi: Handle SCI interrupts above legacy space gracefully
        x86/boot: Fix boot failure when SMP MP-table is based at 0
        x86/mm: Limit mmap() of /dev/mem to valid physical addresses
        x86/selftests: Add test for mapping placement for 5-level paging
        ...
      02fc87b1
    • Linus Torvalds's avatar
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 6830c8db
      Linus Torvalds authored
      Pull scheduler fixes from Ingo Molnar:
       "Misc fixes: a documentation fix, a Sparse warning fix and a debugging
        fix"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/debug: Fix task state recording/printout
        sched/deadline: Don't use dubious signed bitfields
        sched/deadline: Fix the description of runtime accounting in the documentation
      6830c8db
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 580e3d55
      Linus Torvalds authored
      Pull perf fixes from Ingo Molnar:
       "Misc fixes: two PMU driver fixes and a memory leak fix"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/core: Fix memory leak triggered by perf --namespace
        perf/x86/intel/uncore: Add event constraint for BDX PCU
        perf/x86/intel: Hide TSX events when RTM is not supported
      580e3d55
    • Linus Torvalds's avatar
      Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · cd4b5d5d
      Linus Torvalds authored
      Pull static key fix from Ingo Molnar:
       "Fix a boot warning related to bad init ordering of the static keys
        self-test"
      
      * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        jump_label: Invoke jump_label_test() via early_initcall()
      cd4b5d5d
    • Linus Torvalds's avatar
      Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · fcbc38b1
      Linus Torvalds authored
      Pull objtool fixes from Ingo Molnar:
       "A handful of objtool fixes, most of them related to making the UAPI
        header-syncing warnings easier to read and easier to act upon"
      
      * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        tools/headers: Sync objtool UAPI header
        objtool: Fix cross-build
        objtool: Move kernel headers/code sync check to a script
        objtool: Move synced files to their original relative locations
        objtool: Make unreachable annotation inline asms explicitly volatile
        objtool: Add a comment for the unreachable annotation macros
      fcbc38b1
    • Russell King's avatar
      ARM: BUG if jumping to usermode address in kernel mode · 8bafae20
      Russell King authored
      Detect if we are returning to usermode via the normal kernel exit paths
      but the saved PSR value indicates that we are in kernel mode.  This
      could occur due to corrupted stack state, which has been observed with
      "ftracetest".
      
      This ensures that we catch the problem case before we get to user code.
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      8bafae20
  4. 25 Nov, 2017 7 commits
    • Linus Torvalds's avatar
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 844056fd
      Linus Torvalds authored
      Pull timer updates from Thomas Gleixner:
      
       - The final conversion of timer wheel timers to timer_setup().
      
         A few manual conversions and a large coccinelle assisted sweep and
         the removal of the old initialization mechanisms and the related
         code.
      
       - Remove the now unused VSYSCALL update code
      
       - Fix permissions of /proc/timer_list. I still need to get rid of that
         file completely
      
       - Rename a misnomed clocksource function and remove a stale declaration
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (27 commits)
        m68k/macboing: Fix missed timer callback assignment
        treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts
        timer: Remove redundant __setup_timer*() macros
        timer: Pass function down to initialization routines
        timer: Remove unused data arguments from macros
        timer: Switch callback prototype to take struct timer_list * argument
        timer: Pass timer_list pointer to callbacks unconditionally
        Coccinelle: Remove setup_timer.cocci
        timer: Remove setup_*timer() interface
        timer: Remove init_timer() interface
        treewide: setup_timer() -> timer_setup() (2 field)
        treewide: setup_timer() -> timer_setup()
        treewide: init_timer() -> setup_timer()
        treewide: Switch DEFINE_TIMER callbacks to struct timer_list *
        s390: cmm: Convert timers to use timer_setup()
        lightnvm: Convert timers to use timer_setup()
        drivers/net: cris: Convert timers to use timer_setup()
        drm/vc4: Convert timers to use timer_setup()
        block/laptop_mode: Convert timers to use timer_setup()
        net/atm/mpc: Avoid open-coded assignment of timer callback function
        ...
      844056fd
    • Linus Torvalds's avatar
      Merge tag 'arc-4.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc · ca122fe3
      Linus Torvalds authored
      Pull ARC updates from Vineet Gupta:
      
       - more changes for HS48 cores: supporting MMUv5, detecting new
         micro-arch gizmos
      
       - axs10x platform wiring up reset driver merged in this cycle
      
       - ARC perf driver optimizations
      
      * tag 'arc-4.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
        ARC: perf: avoid vmalloc backed mmap
        ARCv2: perf: optimize given that num counters <= 32
        ARCv2: perf: tweak overflow interrupt
        ARC: [plat-axs10x] DTS: Add reset controller node to manage ethernet reset
        ARCv2: boot log: updates for HS48: dual-issue, ECC, Loop Buffer
        ARCv2: Accomodate HS48 MMUv5 by relaxing MMU ver checking
        ARC: [plat-axs10x] auto-select AXS101 or AXS103 given the  ISA config
      ca122fe3
    • Linus Torvalds's avatar
      Merge tag 'kbuild-v4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild · 5e2fda47
      Linus Torvalds authored
      Pull more Kbuild updates from Masahiro Yamada:
      
       - use 'pwd' instead of '/bin/pwd' for portability
      
       - clean up Makefiles
      
       - fix ld-option for clang
      
       - fix malloc'ed data size in Kconfig
      
       - fix parallel building along with coccicheck
      
       - fix a minor issue of package building
      
       - prompt to use "rpm-pkg" instead of "rpm"
      
       - clean up *.i and *.lst patterns by "make clean"
      
      * tag 'kbuild-v4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        kbuild: drop $(extra-y) from real-objs-y
        kbuild: clean up *.i and *.lst patterns by make clean
        kbuild: rpm: prompt to use "rpm-pkg" if "rpm" target is used
        kbuild: pkg: use --transform option to prefix paths in tar
        coccinelle: fix parallel build with CHECK=scripts/coccicheck
        kconfig/symbol.c: use correct pointer type argument for sizeof
        kbuild: Set KBUILD_CFLAGS before incl. arch Makefile
        kbuild: remove all dummy assignments to obj-
        kbuild: create built-in.o automatically if parent directory wants it
        kbuild: /bin/pwd -> pwd
      5e2fda47
    • Linus Torvalds's avatar
      Merge tag 'afs-fixes-20171124' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs · f61ec2c9
      Linus Torvalds authored
      Pull AFS fixes from David Howells:
      
       - Make AFS file locking work again.
      
       - Don't write to a page that's being written out, but wait for it to
         complete.
      
       - Do d_drop() and d_add() in the right places.
      
       - Put keys on error paths.
      
       - Remove some redundant code.
      
      * tag 'afs-fixes-20171124' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs:
        afs: remove redundant assignment of dvnode to itself
        afs: cell: Remove unnecessary code in afs_lookup_cell
        afs: Fix signal handling in some file ops
        afs: Fix some dentry handling in dir ops and missing key_puts
        afs: Make afs_write_begin() avoid writing to a page that's being stored
        afs: Fix file locking
      f61ec2c9
    • Linus Torvalds's avatar
      Merge tag 'kvm-4.15-2' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 7753ea09
      Linus Torvalds authored
      Pull KVM updates from Radim Krčmář:
       "Trimmed second batch of KVM changes for Linux 4.15:
      
         - GICv4 Support for KVM/ARM
      
         - re-introduce support for CPUs without virtual NMI (cc stable) and
           allow testing of KVM without virtual NMI on available CPUs
      
         - fix long-standing performance issues with assigned devices on AMD
           (cc stable)"
      
      * tag 'kvm-4.15-2' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (30 commits)
        kvm: vmx: Allow disabling virtual NMI support
        kvm: vmx: Reinstate support for CPUs without virtual NMI
        KVM: SVM: obey guest PAT
        KVM: arm/arm64: Don't queue VLPIs on INV/INVALL
        KVM: arm/arm64: Fix GICv4 ITS initialization issues
        KVM: arm/arm64: GICv4: Theory of operations
        KVM: arm/arm64: GICv4: Enable VLPI support
        KVM: arm/arm64: GICv4: Prevent userspace from changing doorbell affinity
        KVM: arm/arm64: GICv4: Prevent a VM using GICv4 from being saved
        KVM: arm/arm64: GICv4: Enable virtual cpuif if VLPIs can be delivered
        KVM: arm/arm64: GICv4: Hook vPE scheduling into vgic flush/sync
        KVM: arm/arm64: GICv4: Use the doorbell interrupt as an unblocking source
        KVM: arm/arm64: GICv4: Add doorbell interrupt handling
        KVM: arm/arm64: GICv4: Use pending_last as a scheduling hint
        KVM: arm/arm64: GICv4: Handle INVALL applied to a vPE
        KVM: arm/arm64: GICv4: Propagate property updates to VLPIs
        KVM: arm/arm64: GICv4: Handle MOVALL applied to a vPE
        KVM: arm/arm64: GICv4: Handle CLEAR applied to a VLPI
        KVM: arm/arm64: GICv4: Propagate affinity changes to the physical ITS
        KVM: arm/arm64: GICv4: Unmap VLPI when freeing an LPI
        ...
      7753ea09
    • Linus Torvalds's avatar
      Merge tag 'powerpc-4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 83ada031
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
       "A small batch of fixes, about 50% tagged for stable and the rest for
        recently merged code.
      
        There's one more fix for the >128T handling on hash. Once a process
        had requested a single mmap above 128T we would then always search
        above 128T. The correct behaviour is to consider the hint address in
        isolation for each mmap request.
      
        Then a couple of fixes for the IMC PMU, a missing EXPORT_SYMBOL in
        VAS, a fix for STRICT_KERNEL_RWX on 32-bit, and a fix to correctly
        identify P9 DD2.1 but in code that is currently not used by default.
      
        Thanks to: Aneesh Kumar K.V, Christophe Leroy, Madhavan Srinivasan,
        Sukadev Bhattiprolu"
      
      * tag 'powerpc-4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/64s: Fix Power9 DD2.1 logic in DT CPU features
        powerpc/perf: Fix IMC_MAX_PMU macro
        powerpc/perf: Fix pmu_count to count only nest imc pmus
        powerpc: Fix boot on BOOK3S_32 with CONFIG_STRICT_KERNEL_RWX
        powerpc/perf/imc: Use cpu_to_node() not topology_physical_package_id()
        powerpc/vas: Export chip_to_vas_id()
        powerpc/64s/slice: Use addr limit when computing slice mask
      83ada031
    • Linus Torvalds's avatar
      Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending · eda5d471
      Linus Torvalds authored
      Pull SCSI target updates from Nicholas Bellinger:
      
       "This series is predominantly bug-fixes, with a few small improvements
        that have been outstanding over the last release cycle.
      
        As usual, the associated bug-fixes have CC' tags for stable.
      
        Also, things have been particularly quiet wrt new developments the
        last months, with most folks continuing to focus on stability atop 4.x
        stable kernels for their respective production configurations.
      
        Also at this point, the stable trees have been synced up with
        mainline. This will continue to be a priority, as production users
        tend to run exclusively atop stable kernels, a few releases behind
        mainline.
      
        The highlights include:
      
         - Fix PR PREEMPT_AND_ABORT null pointer dereference regression in
           v4.11+ (tangwenji)
      
         - Fix OOPs during removing TCMU device (Xiubo Li + Zhang Zhuoyu)
      
         - Add netlink command reply supported option for each device (Kenjiro
           Nakayama)
      
         - cxgbit: Abort the TCP connection in case of data out timeout (Varun
           Prakash)
      
         - Fix PR/ALUA file path truncation (David Disseldorp)
      
         - Fix double se_cmd completion during ->cmd_time_out (Mike Christie)
      
         - Fix QUEUE_FULL + SCSI task attribute handling in 4.1+ (Bryant Ly +
           nab)
      
         - Fix quiese during transport_write_pending_qf endless loop (nab)
      
         - Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK in 3.14+
           (Don White + nab)"
      
      * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: (35 commits)
        tcmu: Add a missing unlock on an error path
        tcmu: Fix some memory corruption
        iscsi-target: Fix non-immediate TMR reference leak
        iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
        target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
        target: Fix quiese during transport_write_pending_qf endless loop
        target: Fix caw_sem leak in transport_generic_request_failure
        target: Fix QUEUE_FULL + SCSI task attribute handling
        iSCSI-target: Use common error handling code in iscsi_decode_text_input()
        target/iscsi: Detect conn_cmd_list corruption early
        target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
        target/iscsi: Modify iscsit_do_crypto_hash_buf() prototype
        target/iscsi: Fix endianness in an error message
        target/iscsi: Use min() in iscsit_dump_data_payload() instead of open-coding it
        target/iscsi: Define OFFLOAD_BUF_SIZE once
        target: Inline transport_put_cmd()
        target: Suppress gcc 7 fallthrough warnings
        target: Move a declaration of a global variable into a header file
        tcmu: fix double se_cmd completion
        target: return SAM_STAT_TASK_SET_FULL for TCM_OUT_OF_RESOURCES
        ...
      eda5d471
  5. 24 Nov, 2017 7 commits
    • Kees Cook's avatar
      m68k/macboing: Fix missed timer callback assignment · 54b8a230
      Kees Cook authored
      This fixes a missed function prototype callback from the timer conversions.
      Reported-by: default avatarkbuild test robot <fengguang.wu@intel.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Link: https://lkml.kernel.org/r/20171123221902.GA75727@beast
      54b8a230
    • Colin Ian King's avatar
      afs: remove redundant assignment of dvnode to itself · 43dd388b
      Colin Ian King authored
      The assignment of dvnode to itself is redundant and can be removed.
      Cleans up warning detected by cppcheck:
      
      fs/afs/dir.c:975: (warning) Redundant assignment of 'dvnode' to itself.
      
      Fixes: d2ddc776 ("afs: Overhaul volume and server record caching and fileserver rotation")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      43dd388b
    • Gustavo A. R. Silva's avatar
      afs: cell: Remove unnecessary code in afs_lookup_cell · 68327951
      Gustavo A. R. Silva authored
      Due to recent changes this piece of code is no longer needed.
      
      Addresses-Coverity-ID: 1462033
      Link: https://lkml.kernel.org/r/4923.1510957307@warthog.procyon.org.ukSigned-off-by: default avatarGustavo A. R. Silva <garsilva@embeddedor.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      68327951
    • David Howells's avatar
      afs: Fix signal handling in some file ops · 4433b691
      David Howells authored
      afs_mkdir(), afs_create(), afs_link() and afs_symlink() all need to drop
      the target dentry if a signal causes the operation to be killed immediately
      before we try to contact the server.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      4433b691
    • David Howells's avatar
      afs: Fix some dentry handling in dir ops and missing key_puts · bc1527dc
      David Howells authored
      Fix some of dentry handling in AFS directory ops:
      
       (1) Do d_drop() on the new_dentry before assigning a new inode to it in
           afs_vnode_new_inode().  It's fine to do this before calling afs_iget()
           because the operation has taken place on the server.
      
       (2) Replace d_instantiate()/d_rehash() with d_add().
      
       (3) Don't d_drop() the new_dentry in afs_rename() on error.
      
      Also fix afs_link() and afs_rename() to call key_put() on all error paths
      where the key is taken.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      bc1527dc
    • David Howells's avatar
      afs: Make afs_write_begin() avoid writing to a page that's being stored · 5a039c32
      David Howells authored
      Make afs_write_begin() wait for a page that's marked PG_writeback because:
      
       (1) We need to avoid interference with the data being stored so that the
           data on the server ends up in a defined state.
      
       (2) page->private is used to track the window of dirty data within a page,
           but it's also used by the storage code to track what's being written,
           being cleared by the completion notification.  Ownership can't be
           relinquished by the storage code until completion because it a store
           fails, the data must be remarked dirty.
      
      Tracing shows something like the following (edited):
      
       x86_64-linux-gn-15940 [1] afs_page_dirty: vn=ffff8800bef33800 9c75 begin 0-125
          kworker/u8:3-114   [2] afs_page_dirty: vn=ffff8800bef33800 9c75 store+ 0-125
       x86_64-linux-gn-15940 [1] afs_page_dirty: vn=ffff8800bef33800 9c75 begin 0-2052
          kworker/u8:3-114   [2] afs_page_dirty: vn=ffff8800bef33800 9c75 clear 0-2052
          kworker/u8:3-114   [2] afs_page_dirty: vn=ffff8800bef33800 9c75 store 0-0
          kworker/u8:3-114   [2] afs_page_dirty: vn=ffff8800bef33800 9c75 WARN 0-0
      
      The clear (completion) corresponding to the store+ (store continuation from
      a previous page) happens between the second begin (afs_write_begin) and the
      store corresponding to that.  This results in the second store not seeing
      any data to write back, leading to the following warning:
      
      WARNING: CPU: 2 PID: 114 at ../fs/afs/write.c:403 afs_write_back_from_locked_page+0x19d/0x76c [kafs]
      Modules linked in: kafs(E)
      CPU: 2 PID: 114 Comm: kworker/u8:3 Tainted: G            E   4.14.0-fscache+ #242
      Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
      Workqueue: writeback wb_workfn (flush-afs-2)
      task: ffff8800cad72600 task.stack: ffff8800cad44000
      RIP: 0010:afs_write_back_from_locked_page+0x19d/0x76c [kafs]
      RSP: 0018:ffff8800cad47aa0 EFLAGS: 00010246
      RAX: 0000000000000001 RBX: ffff8800bef33a20 RCX: 0000000000000000
      RDX: 000000000000000f RSI: ffffffff81c5d0e0 RDI: ffff8800cad72e78
      RBP: ffff8800d31ea1e8 R08: ffff8800c1358000 R09: ffff8800ca00e400
      R10: ffff8800cad47a38 R11: ffff8800c5d9e400 R12: 0000000000000000
      R13: ffffea0002d9df00 R14: ffffffffa0023c1c R15: 0000000000007fdf
      FS:  0000000000000000(0000) GS:ffff8800ca700000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007f85ac6c4000 CR3: 0000000001c10001 CR4: 00000000001606e0
      Call Trace:
       ? clear_page_dirty_for_io+0x23a/0x267
       afs_writepages_region+0x1be/0x286 [kafs]
       afs_writepages+0x60/0x127 [kafs]
       do_writepages+0x36/0x70
       __writeback_single_inode+0x12f/0x635
       writeback_sb_inodes+0x2cc/0x452
       __writeback_inodes_wb+0x68/0x9f
       wb_writeback+0x208/0x470
       ? wb_workfn+0x22b/0x565
       wb_workfn+0x22b/0x565
       ? worker_thread+0x230/0x2ac
       process_one_work+0x2cc/0x517
       ? worker_thread+0x230/0x2ac
       worker_thread+0x1d4/0x2ac
       ? rescuer_thread+0x29b/0x29b
       kthread+0x15d/0x165
       ? kthread_create_on_node+0x3f/0x3f
       ? call_usermodehelper_exec_async+0x118/0x11f
       ret_from_fork+0x24/0x30
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      5a039c32
    • Thomas Gleixner's avatar
      sched/debug: Fix task state recording/printout · 3f5fe9fe
      Thomas Gleixner authored
      The recent conversion of the task state recording to use task_state_index()
      broke the sched_switch tracepoint task state output.
      
      task_state_index() returns surprisingly an index (0-7) which is then
      printed with __print_flags() applying bitmasks. Not really working and
      resulting in weird states like 'prev_state=t' instead of 'prev_state=I'.
      
      Use TASK_REPORT_MAX instead of TASK_STATE_MAX to report preemption. Build a
      bitmask from the return value of task_state_index() and store it in
      entry->prev_state, which makes __print_flags() work as expected.
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Cc: stable@vger.kernel.org
      Fixes: efb40f58 ("sched/tracing: Fix trace_sched_switch task-state printing")
      Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1711221304180.1751@nanosSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      3f5fe9fe