1. 09 Apr, 2018 26 commits
    • David Howells's avatar
      afs: Fix directory handling · f3ddee8d
      David Howells authored
      AFS directories are structured blobs that are downloaded just like files
      and then parsed by the lookup and readdir code and, as such, are currently
      handled in the pagecache like any other file, with the entire directory
      content being thrown away each time the directory changes.
      
      However, since the blob is a known structure and since the data version
      counter on a directory increases by exactly one for each change committed
      to that directory, we can actually edit the directory locally rather than
      fetching it from the server after each locally-induced change.
      
      What we can't do, though, is mix data from the server and data from the
      client since the server is technically at liberty to rearrange or compress
      a directory if it sees fit, provided it updates the data version number
      when it does so and breaks the callback (ie. sends a notification).
      
      Further, lookup with lookup-ahead, readdir and, when it arrives, local
      editing are likely want to scan the whole of a directory.
      
      So directory handling needs to be improved to maintain the coherency of the
      directory blob prior to permitting local directory editing.
      
      To this end:
      
       (1) If any directory page gets discarded, invalidate and reread the entire
           directory.
      
       (2) If readpage notes that if when it fetches a single page that the
           version number has changed, the entire directory is flagged for
           invalidation.
      
       (3) Read as much of the directory in one go as we can.
      
      Note that this removes local caching of directories in fscache for the
      moment as we can't pass the pages to fscache_read_or_alloc_pages() since
      page->lru is in use by the LRU.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      f3ddee8d
    • David Howells's avatar
      afs: Split the dynroot stuff out and give it its own ops tables · 66c7e1d3
      David Howells authored
      Split the AFS dynamic root stuff out of the main directory handling file
      and into its own file as they share little in common.
      
      The dynamic root code also gets its own dentry and inode ops tables.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      66c7e1d3
    • David Howells's avatar
      afs: Keep track of invalid-before version for dentry coherency · a4ff7401
      David Howells authored
      Each afs dentry is tagged with the version that the parent directory was at
      last time it was validated and, currently, if this differs, the directory
      is scanned and the dentry is refreshed.
      
      However, this leads to an excessive amount of revalidation on directories
      that get modified on the client without conflict with another client.  We
      know there's no conflict because the parent directory's data version number
      got incremented by exactly 1 on any create, mkdir, unlink, etc., therefore
      we can trust the current state of the unaffected dentries when we perform a
      local directory modification.
      
      Optimise by keeping track of the last version of the parent directory that
      was changed outside of the client in the parent directory's vnode and using
      that to validate the dentries rather than the current version.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      a4ff7401
    • David Howells's avatar
      afs: Rearrange status mapping · dd9fbcb8
      David Howells authored
      Rearrange the AFSFetchStatus to inode attribute mapping code in a number of
      ways:
      
       (1) Use an XDR structure rather than a series of incremented pointer
           accesses when decoding an AFSFetchStatus object.  This allows
           out-of-order decode.
      
       (2) Don't store the if_version value but rather just check it and abort if
           it's not something we can handle.
      
       (3) Store the owner and group in the status record as raw values rather
           than converting them to kuid/kgid.  Do that when they're mapped into
           i_uid/i_gid.
      
       (4) Validate the type and abort code up front and abort if they're wrong.
      
       (5) Split the inode attribute setting out into its own function from the
           XDR decode of an AFSFetchStatus object.  This allows it to be called
           from elsewhere too.
      
       (6) Differentiate changes to data from changes to metadata.
      
       (7) Use the split-out attribute mapping function from afs_iget().
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      dd9fbcb8
    • David Howells's avatar
      afs: Make it possible to get the data version in readpage · 0c3a5ac2
      David Howells authored
      Store the data version number indicated by an FS.FetchData op into the read
      request structure so that it's accessible by the page reader.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      0c3a5ac2
    • David Howells's avatar
      afs: Init inode before accessing cache · 5800db81
      David Howells authored
      We no longer parse symlinks when we get the inode to determine if this
      symlink is actually a mountpoint as we detect that by examining the mode
      instead (symlinks are always 0777 and mountpoints 0644).
      
      Access the cache after mapping the status so that we don't have to manually
      set the inode size now.
      
      Note that this may need adjusting if the disconnected operation is
      implemented as the file metadata may have to be obtained from the cache.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      5800db81
    • David Howells's avatar
      afs: Introduce a statistics proc file · d55b4da4
      David Howells authored
      Introduce a proc file that displays a bunch of statistics for the AFS
      filesystem in the current network namespace.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      d55b4da4
    • David Howells's avatar
      afs: Dump bad status record · 888b3384
      David Howells authored
      Dump an AFS FileStatus record that is detected as invalid.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      888b3384
    • David Howells's avatar
      afs: Implement @cell substitution handling · 37ab6368
      David Howells authored
      Implement @cell substitution handling such that if @cell is seen as a name
      in a dynamic root mount, then the name of the root cell for that network
      namespace will be substituted for @cell during lookup.
      
      The substitution of @cell for the current net namespace is set by writing
      the cell name to /proc/fs/afs/rootcell.  The value can be obtained by
      reading the file.
      
      For example:
      
      	# mount -t afs none /kafs -o dyn
      	# echo grand.central.org >/proc/fs/afs/rootcell
      	# ls /kafs/@cell
      	archive/  cvs/  doc/  local/  project/  service/  software/  user/  www/
      	# cat /proc/fs/afs/rootcell
      	grand.central.org
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      37ab6368
    • David Howells's avatar
      afs: Implement @sys substitution handling · 6f8880d8
      David Howells authored
      Implement the AFS feature by which @sys at the end of a pathname component
      may be substituted for one of a list of values, typically naming the
      operating system.  Up to 16 alternatives may be specified and these are
      tried in turn until one works.  Each network namespace has[*] a separate
      independent list.
      
      Upon creation of a new network namespace, the list of values is
      initialised[*] to a single OpenAFS-compatible string representing arch type
      plus "_linux26".  For example, on x86_64, the sysname is "amd64_linux26".
      
      [*] Or will, once network namespace support is finalised in kAFS.
      
      The list may be set by:
      
      	# for i in foo bar linux-x86_64; do echo $i; done >/proc/fs/afs/sysname
      
      for which separate writes to the same fd are amalgamated and applied on
      close.  The LF character may be used as a separator to specify multiple
      items in the same write() call.
      
      The list may be cleared by:
      
      	# echo >/proc/fs/afs/sysname
      
      and read by:
      
      	# cat /proc/fs/afs/sysname
      	foo
      	bar
      	linux-x86_64
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      6f8880d8
    • David Howells's avatar
      afs: Prospectively look up extra files when doing a single lookup · 5cf9dd55
      David Howells authored
      When afs_lookup() is called, prospectively look up the next 50 uncached
      fids also from that same directory and cache the results, rather than just
      looking up the one file requested.
      
      This allows us to use the FS.InlineBulkStatus RPC op to increase efficiency
      by fetching up to 50 file statuses at a time.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      5cf9dd55
    • David Howells's avatar
      afs: Don't over-increment the cell usage count when pinning it · 17814aef
      David Howells authored
      AFS cells that are added or set as the workstation cell through /proc are
      pinned against removal by setting the AFS_CELL_FL_NO_GC flag on them and
      taking a ref.  The ref should be only taken if the flag wasn't already set.
      
      Fix this by making it conditional.
      
      Without this an assertion failure will occur during module removal
      indicating that the refcount is too elevated.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      17814aef
    • David Howells's avatar
      afs: Fix checker warnings · fe342cf7
      David Howells authored
      Fix warnings raised by checker, including:
      
       (*) Warnings raised by unequal comparison for the purposes of sorting,
           where the endianness doesn't matter:
      
      fs/afs/addr_list.c:246:21: warning: restricted __be16 degrades to integer
      fs/afs/addr_list.c:246:30: warning: restricted __be16 degrades to integer
      fs/afs/addr_list.c:248:21: warning: restricted __be32 degrades to integer
      fs/afs/addr_list.c:248:49: warning: restricted __be32 degrades to integer
      fs/afs/addr_list.c:283:21: warning: restricted __be16 degrades to integer
      fs/afs/addr_list.c:283:30: warning: restricted __be16 degrades to integer
      
       (*) afs_set_cb_interest() is not actually used and can be removed.
      
       (*) afs_cell_gc_delay() should be provided with a sysctl.
      
       (*) afs_cell_destroy() needs to use rcu_access_pointer() to read
           cell->vl_addrs.
      
       (*) afs_init_fs_cursor() should be static.
      
       (*) struct afs_vnode::permit_cache needs to be marked __rcu.
      
       (*) afs_server_rcu() needs to use rcu_access_pointer().
      
       (*) afs_destroy_server() should use rcu_access_pointer() on
           server->addresses as the server object is no longer accessible.
      
       (*) afs_find_server() casts __be16/__be32 values to int in order to
           directly compare them for the purpose of finding a match in a list,
           but is should also annotate the cast with __force to avoid checker
           warnings.
      
       (*) afs_check_permit() accesses vnode->permit_cache outside of the RCU
           readlock, though it doesn't then access the value; the extraneous
           access is deleted.
      
      False positives:
      
       (*) Conditional locking around the code in xdr_decode_AFSFetchStatus.  This
           can be dealt with in a separate patch.
      
      fs/afs/fsclient.c:148:9: warning: context imbalance in 'xdr_decode_AFSFetchStatus' - different lock contexts for basic block
      
       (*) Incorrect handling of seq-retry lock context balance:
      
      fs/afs/inode.c:455:38: warning: context imbalance in 'afs_getattr' - different
      lock contexts for basic block
      fs/afs/server.c:52:17: warning: context imbalance in 'afs_find_server' - different lock contexts for basic block
      fs/afs/server.c:128:17: warning: context imbalance in 'afs_find_server_by_uuid' - different lock contexts for basic block
      
      Errors:
      
       (*) afs_lookup_cell_rcu() needs to break out of the seq-retry loop, not go
           round again if it successfully found the workstation cell.
      
       (*) Fix UUID decode in afs_deliver_cb_probe_uuid().
      
       (*) afs_cache_permit() has a missing rcu_read_unlock() before one of the
           jumps to the someone_else_changed_it label.  Move the unlock to after
           the label.
      
       (*) afs_vl_get_addrs_u() is using ntohl() rather than htonl() when
           encoding to XDR.
      
       (*) afs_deliver_yfsvl_get_endpoints() is using htonl() rather than ntohl()
           when decoding from XDR.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      fe342cf7
    • David Howells's avatar
      vfs: Remove the const from dir_context::actor · a09acf4b
      David Howells authored
      Remove the const marking from the actor function pointer in the dir_context
      struct.  The const prevents the structure from being used as part of a
      kmalloc'd object as it makes the compiler require that the actor member be
      set at object initialisation time (or not at all), incuring something like
      the following error if you try and set it later:
      
      	fs/afs/dir.c:556:20: error: assignment of read-only member 'actor'
      
      Marking the member const like this adds very little in the way of sanity
      checking as the type checking system is likely to provide sufficient - and
      if not, the kernel is very likely to oops repeatably in this case.
      
      Fixes: ac6614b7 ("[readdir] constify ->actor")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Reviewed-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      a09acf4b
    • Linus Torvalds's avatar
      Merge branch 'work.namei' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · fd3b36d2
      Linus Torvalds authored
      Pull vfs namei updates from Al Viro:
      
       - make lookup_one_len() safe with parent locked only shared(incoming
         afs series wants that)
      
       - fix of getname_kernel() regression from 2015 (-stable fodder, that
         one).
      
      * 'work.namei' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        getname_kernel() needs to make sure that ->name != ->iname in long case
        make lookup_one_len() safe to use with directory locked shared
        new helper: __lookup_slow()
        merge common parts of lookup_one_len{,_unlocked} into common helper
      fd3b36d2
    • Linus Torvalds's avatar
      Merge tag 'for-linus-4.17-ofs' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux · 8ea4a5d8
      Linus Torvalds authored
      Pull orangefs updates from Mike Marshall:
       "Fixes and cleanups:
      
         - Documentation cleanups
      
         - removal of unused code
      
         - make some structs static
      
         - implement Orangefs vm_operations fault callout
      
         - eliminate two single-use functions and put their cleaned up code in
           line.
      
         - replace a vmalloc/memset instance with vzalloc
      
         - fix a race condition bug in wait code"
      
      * tag 'for-linus-4.17-ofs' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux:
        Orangefs: documentation updates
        orangefs: document package install and xfstests procedure
        orangefs: remove unused code
        orangefs: make several *_operations structs static
        orangefs: implement vm_ops->fault
        orangefs: open code short single-use functions
        orangefs: replace vmalloc and memset with vzalloc
        orangefs: bug fix for a race condition when getting a slot
      8ea4a5d8
    • Linus Torvalds's avatar
      Merge tag 'pstore-v4.17-rc1-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · 190f2ace
      Linus Torvalds authored
      Pull pstore fix from Kees Cook:
       "Fix another compression Kconfig combination missed in testing (Tobias
        Regnery)"
      
      * tag 'pstore-v4.17-rc1-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        pstore: fix crypto dependencies without compression
      190f2ace
    • Stephen Smalley's avatar
      selinux: fix missing dput() before selinuxfs unmount · fd40ffc7
      Stephen Smalley authored
      Commit 0619f0f5 ("selinux: wrap selinuxfs state") triggers a BUG
      when SELinux is runtime-disabled (i.e. systemd or equivalent disables
      SELinux before initial policy load via /sys/fs/selinux/disable based on
      /etc/selinux/config SELINUX=disabled).
      
      This does not manifest if SELinux is disabled via kernel command line
      argument or if SELinux is enabled (permissive or enforcing).
      
      Before:
        SELinux:  Disabled at runtime.
        BUG: Dentry 000000006d77e5c7{i=17,n=null}  still in use (1) [unmount of selinuxfs selinuxfs]
      
      After:
        SELinux:  Disabled at runtime.
      
      Fixes: 0619f0f5 ("selinux: wrap selinuxfs state")
      Reported-by: default avatarTetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
      Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      fd40ffc7
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · d8312a3f
      Linus Torvalds authored
      Pull kvm updates from Paolo Bonzini:
       "ARM:
         - VHE optimizations
      
         - EL2 address space randomization
      
         - speculative execution mitigations ("variant 3a", aka execution past
           invalid privilege register access)
      
         - bugfixes and cleanups
      
        PPC:
         - improvements for the radix page fault handler for HV KVM on POWER9
      
        s390:
         - more kvm stat counters
      
         - virtio gpu plumbing
      
         - documentation
      
         - facilities improvements
      
        x86:
         - support for VMware magic I/O port and pseudo-PMCs
      
         - AMD pause loop exiting
      
         - support for AMD core performance extensions
      
         - support for synchronous register access
      
         - expose nVMX capabilities to userspace
      
         - support for Hyper-V signaling via eventfd
      
         - use Enlightened VMCS when running on Hyper-V
      
         - allow userspace to disable MWAIT/HLT/PAUSE vmexits
      
         - usual roundup of optimizations and nested virtualization bugfixes
      
        Generic:
         - API selftest infrastructure (though the only tests are for x86 as
           of now)"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (174 commits)
        kvm: x86: fix a prototype warning
        kvm: selftests: add sync_regs_test
        kvm: selftests: add API testing infrastructure
        kvm: x86: fix a compile warning
        KVM: X86: Add Force Emulation Prefix for "emulate the next instruction"
        KVM: X86: Introduce handle_ud()
        KVM: vmx: unify adjacent #ifdefs
        x86: kvm: hide the unused 'cpu' variable
        KVM: VMX: remove bogus WARN_ON in handle_ept_misconfig
        Revert "KVM: X86: Fix SMRAM accessing even if VM is shutdown"
        kvm: Add emulation for movups/movupd
        KVM: VMX: raise internal error for exception during invalid protected mode state
        KVM: nVMX: Optimization: Dont set KVM_REQ_EVENT when VMExit with nested_run_pending
        KVM: nVMX: Require immediate-exit when event reinjected to L2 and L1 event pending
        KVM: x86: Fix misleading comments on handling pending exceptions
        KVM: x86: Rename interrupt.pending to interrupt.injected
        KVM: VMX: No need to clear pending NMI/interrupt on inject realmode interrupt
        x86/kvm: use Enlightened VMCS when running on Hyper-V
        x86/hyper-v: detect nested features
        x86/hyper-v: define struct hv_enlightened_vmcs and clean field bits
        ...
      d8312a3f
    • Linus Torvalds's avatar
      Fix subtle macro variable shadowing in min_not_zero() · e9092d0d
      Linus Torvalds authored
      Commit 3c8ba0d6 ("kernel.h: Retain constant expression output for
      max()/min()") rewrote our min/max macros to be very clever, but in the
      meantime resurrected a variable name shadow issue that we had had
      previously fixed in commit 589a9785 ("min/max: remove sparse
      warnings when they're nested").
      
      That commit talks about the sparse warnings that this shadowing causes,
      which we ignored as just a minor annoyance.  But it turns out that the
      sparse warning is the least of our problems.  We actually have a real
      bug due to the shadowing through the interaction with "min_not_zero()",
      which ends up doing
      
         min(__x, __y)
      
      internally, and then the new declaration of "__x" and "__y" as new
      variables in __cmp_once() results in a complete mess of an expression,
      and "min_not_zero()" doesn't work at all.
      
      For some odd reason, this only ever caused (reported) problems on s390,
      even though it is a generic issue and most of the (obviously successful)
      testing of the problematic commit had happened on other architectures.
      
      Quoting Sebastian Ott:
       "What happened is that the bio build by the partition detection code
        was attempted to be split by the block layer because the block queue
        had a max_sector setting of 0. blk_queue_max_hw_sectors uses
        min_not_zero."
      
      So re-introduce the use of __UNIQUE_ID() to make sure that the min/max
      macros do not have these kinds of clashes.
      
      [ That said, __UNIQUE_ID() itself has several issues that make it less
        than wonderful.
      
        In particular, the "uniqueness" has a fallback on the line number,
        which means that it's not actually unique in more complex cases if you
        don't build with gcc or clang (which have working unique counters that
        aren't tied to line numbers).
      
        That historical broken fallback also means that we have that pointless
        "prefix" argument that doesn't actually make much sense _except_ for
        the known-broken case. Oh well. ]
      
      Fixes: 3c8ba0d6 ("kernel.h: Retain constant expression output for max()/min()")
      Reported-and-tested-by: default avatarSebastian Ott <sebott@linux.vnet.ibm.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      e9092d0d
    • Linus Torvalds's avatar
      Merge branch 'for-linus-sa1100' of git://git.armlinux.org.uk/~rmk/linux-arm · 7886e8aa
      Linus Torvalds authored
      Pull ARM SA1100 updates from Russell King:
       "We have support for arbitary MMIO registers providing platform GPIOs,
        which allows us to abstract some of the SA11x0 CF support.
      
        This set of updates makes that change"
      
      * 'for-linus-sa1100' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: sa1100/simpad: switch simpad CF to use gpiod APIs
        ARM: sa1100/shannon: convert to generic CF sockets
        ARM: sa1100/nanoengine: convert to generic CF sockets
        ARM: sa1100/h3xxx: switch h3xxx PCMCIA to use gpiod APIs
        ARM: sa1100/cerf: convert to generic CF sockets
        ARM: sa1100/assabet: convert to generic CF sockets
        ARM: sa1100: provide infrastructure to support generic CF sockets
        pcmcia: sa1100: provide generic CF support
      7886e8aa
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm · 4a1e0052
      Linus Torvalds authored
      Pull ARM updates from Russell King:
       "A number of core ARM changes:
      
         - Refactoring linker script by Nicolas Pitre
      
         - Enable source fortification
      
         - Add support for Cortex R8"
      
      * 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: decompressor: fix warning introduced in fortify patch
        ARM: 8751/1: Add support for Cortex-R8 processor
        ARM: 8749/1: Kconfig: Add ARCH_HAS_FORTIFY_SOURCE
        ARM: simplify and fix linker script for TCM
        ARM: linker script: factor out TCM bits
        ARM: linker script: factor out vectors and stubs
        ARM: linker script: factor out unwinding table sections
        ARM: linker script: factor out stuff for the .text section
        ARM: linker script: factor out stuff for the DISCARD section
        ARM: linker script: factor out some common definitions between XIP and non-XIP
      4a1e0052
    • Linus Torvalds's avatar
      Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu · 2025fef0
      Linus Torvalds authored
      Pull m68knommu update from Greg Ungerer:
       "Only a single fix to set the DMA masks in the ColdFire FEC platform
        data structure.
      
        This stops the warning from dma-mapping.h at boot time"
      
      * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
        m68k: set dma and coherent masks for platform FEC ethernets
      2025fef0
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha · 5148408a
      Linus Torvalds authored
      Pull alpha updates from Matt Turner:
       "A few small changes for alpha"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha:
        alpha: io: reorder barriers to guarantee writeX() and iowriteX() ordering
        alpha: Implement CPU vulnerabilities sysfs functions.
        alpha: rtc: stop validating rtc_time in .read_time
        alpha: rtc: remove unused set_mmss ops
      5148408a
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · becdce1c
      Linus Torvalds authored
      Pull s390 updates from Martin Schwidefsky:
      
       - Improvements for the spectre defense:
          * The spectre related code is consolidated to a single file
            nospec-branch.c
          * Automatic enable/disable for the spectre v2 defenses (expoline vs.
            nobp)
          * Syslog messages for specve v2 are added
          * Enable CONFIG_GENERIC_CPU_VULNERABILITIES and define the attribute
            functions for spectre v1 and v2
      
       - Add helper macros for assembler alternatives and use them to shorten
         the code in entry.S.
      
       - Add support for persistent configuration data via the SCLP Store Data
         interface. The H/W interface requires a page table that uses 4K pages
         only, the code to setup such an address space is added as well.
      
       - Enable virtio GPU emulation in QEMU. To do this the depends
         statements for a few common Kconfig options are modified.
      
       - Add support for format-3 channel path descriptors and add a binary
         sysfs interface to export the associated utility strings.
      
       - Add a sysfs attribute to control the IFCC handling in case of
         constant channel errors.
      
       - The vfio-ccw changes from Cornelia.
      
       - Bug fixes and cleanups.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: (40 commits)
        s390/kvm: improve stack frame constants in entry.S
        s390/lpp: use assembler alternatives for the LPP instruction
        s390/entry.S: use assembler alternatives
        s390: add assembler macros for CPU alternatives
        s390: add sysfs attributes for spectre
        s390: report spectre mitigation via syslog
        s390: add automatic detection of the spectre defense
        s390: move nobp parameter functions to nospec-branch.c
        s390/cio: add util_string sysfs attribute
        s390/chsc: query utility strings via fmt3 channel path descriptor
        s390/cio: rename struct channel_path_desc
        s390/cio: fix unbind of io_subchannel_driver
        s390/qdio: split up CCQ handling for EQBS / SQBS
        s390/qdio: don't retry EQBS after CCQ 96
        s390/qdio: restrict buffer merging to eligible devices
        s390/qdio: don't merge ERROR output buffers
        s390/qdio: simplify math in get_*_buffer_frontier()
        s390/decompressor: trim uncompressed image head during the build
        s390/crypto: Fix kernel crash on aes_s390 module remove.
        s390/defkeymap: fix global init to zero
        ...
      becdce1c
    • Russell King's avatar
      9178caf9
  2. 08 Apr, 2018 1 commit
  3. 07 Apr, 2018 13 commits
    • Linus Torvalds's avatar
      Merge branch 'next-integrity' of... · f8cf2f16
      Linus Torvalds authored
      Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
      
      Pull integrity updates from James Morris:
       "A mixture of bug fixes, code cleanup, and continues to close
        IMA-measurement, IMA-appraisal, and IMA-audit gaps.
      
        Also note the addition of a new cred_getsecid LSM hook by Matthew
        Garrett:
      
           For IMA purposes, we want to be able to obtain the prepared secid
           in the bprm structure before the credentials are committed. Add a
           cred_getsecid hook that makes this possible.
      
        which is used by a new CREDS_CHECK target in IMA:
      
           In ima_bprm_check(), check with both the existing process
           credentials and the credentials that will be committed when the new
           process is started. This will not change behaviour unless the
           system policy is extended to include CREDS_CHECK targets -
           BPRM_CHECK will continue to check the same credentials that it did
           previously"
      
      * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        ima: Fallback to the builtin hash algorithm
        ima: Add smackfs to the default appraise/measure list
        evm: check for remount ro in progress before writing
        ima: Improvements in ima_appraise_measurement()
        ima: Simplify ima_eventsig_init()
        integrity: Remove unused macro IMA_ACTION_RULE_FLAGS
        ima: drop vla in ima_audit_measurement()
        ima: Fix Kconfig to select TPM 2.0 CRB interface
        evm: Constify *integrity_status_msg[]
        evm: Move evm_hmac and evm_hash from evm_main.c to evm_crypto.c
        fuse: define the filesystem as untrusted
        ima: fail signature verification based on policy
        ima: clear IMA_HASH
        ima: re-evaluate files on privileged mounted filesystems
        ima: fail file signature verification on non-init mounted filesystems
        IMA: Support using new creds in appraisal policy
        security: Add a cred_getsecid hook
      f8cf2f16
    • Linus Torvalds's avatar
      Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · 4b3f1a15
      Linus Torvalds authored
      Pull TPM updates from James Morris:
       "This release contains only bug fixes. There are no new major features
        added"
      
      * 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        tpm: fix intermittent failure with self tests
        tpm: add retry logic
        tpm: self test failure should not cause suspend to fail
        tpm2: add longer timeouts for creation commands.
        tpm_crb: use __le64 annotated variable for response buffer address
        tpm: fix buffer type in tpm_transmit_cmd
        tpm: tpm-interface: fix tpm_transmit/_cmd kdoc
        tpm: cmd_ready command can be issued only after granting locality
      4b3f1a15
    • Linus Torvalds's avatar
      Merge branch 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · 706ffc8c
      Linus Torvalds authored
      Pull smack update from James Morris:
       "One small change for Automotive Grade Linux"
      
      * 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        Smack: Handle CGROUP2 in the same way that CGROUP
      706ffc8c
    • Sinan Kaya's avatar
      alpha: io: reorder barriers to guarantee writeX() and iowriteX() ordering · cd0e00c1
      Sinan Kaya authored
      memory-barriers.txt has been updated with the following requirement.
      
      "When using writel(), a prior wmb() is not needed to guarantee that the
      cache coherent memory writes have completed before writing to the MMIO
      region."
      
      Current writeX() and iowriteX() implementations on alpha are not
      satisfying this requirement as the barrier is after the register write.
      
      Move mb() in writeX() and iowriteX() functions to guarantee that HW
      observes memory changes before performing register operations.
      Signed-off-by: default avatarSinan Kaya <okaya@codeaurora.org>
      Reported-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarMatt Turner <mattst88@gmail.com>
      cd0e00c1
    • Michael Cree's avatar
      alpha: Implement CPU vulnerabilities sysfs functions. · 6fd16ce5
      Michael Cree authored
      Implement the CPU vulnerabilty show functions for meltdown, spectre_v1
      and spectre_v2 on Alpha.
      
      Tests on XP1000 (EV67/667MHz) and ES45 (EV68CB/1.25GHz) show them
      to be vulnerable to Meltdown and Spectre V1.  In the case of
      Meltdown I saw a 1 to 2% success rate in reading bytes on the
      XP1000 and 50 to 60% success rate on the ES45. (This compares to
      99.97% success reported for Intel CPUs.)  Report EV6 and later
      CPUs as vulnerable.
      
      Tests on PWS600au (EV56/600MHz) for Spectre V1 attack were
      unsuccessful (though I did not try particularly hard) so mark EV4
      through to EV56 as not vulnerable.
      Signed-off-by: default avatarMichael Cree <mcree@orcon.net.nz>
      Signed-off-by: default avatarMatt Turner <mattst88@gmail.com>
      6fd16ce5
    • Alexandre Belloni's avatar
      alpha: rtc: stop validating rtc_time in .read_time · 54f16b19
      Alexandre Belloni authored
      The RTC core is always calling rtc_valid_tm after the read_time callback.
      It is not necessary to call it just before returning from the callback.
      Signed-off-by: default avatarAlexandre Belloni <alexandre.belloni@bootlin.com>
      Signed-off-by: default avatarMatt Turner <mattst88@gmail.com>
      54f16b19
    • Alexandre Belloni's avatar
      alpha: rtc: remove unused set_mmss ops · 9917df83
      Alexandre Belloni authored
      The .set_mmss and .setmmss64 ops are only called when the RTC is not
      providing an implementation for the .set_time callback.
      
      On alpha, .set_time is provided so .set_mmss64 is never called. Remove the
      unused code.
      Signed-off-by: default avatarAlexandre Belloni <alexandre.belloni@bootlin.com>
      Signed-off-by: default avatarMatt Turner <mattst88@gmail.com>
      9917df83
    • Linus Torvalds's avatar
      Merge branch 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · bf6879dc
      Linus Torvalds authored
      Pull alpha syscall cleanups from Al Viro:
       "A couple of SYSCALL_DEFINE conversions and removal of pointless (and
        bitrotted) piece stuck in ret_from_kernel_thread since the
        kernel_exceve/kernel_thread conversions six years ago"
      
      * 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        alpha: get rid of pointless insn in ret_from_kernel_thread
        alpha: switch pci syscalls to SYSCALL_DEFINE
      bf6879dc
    • Linus Torvalds's avatar
      Merge branch 'misc.sparc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 8844a509
      Linus Torvalds authored
      Pull sparc syscall cleanups from Al Viro:
       "sparc syscall stuff - killing pointless wrappers, conversions to
        {COMPAT_,}SYSCALL_DEFINE"
      
      * 'misc.sparc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        sparc: get rid of asm wrapper for nis_syscall()
        sparc: switch compat {f,}truncate64() to COMPAT_SYSCALL_DEFINE
        sparc: switch compat pread64 and pwrite64 to COMPAT_SYSCALL_DEFINE
        convert compat sync_file_range() to COMPAT_SYSCALL_DEFINE
        switch sparc_remap_file_pages() to SYSCALL_DEFINE
        sparc: get rid of memory_ordering(2) wrapper
        sparc: trivial conversions to {COMPAT_,}SYSCALL_DEFINE()
        sparc: bury a zombie extern that had been that way for twenty years
        sparc: get rid of remaining SIGN... wrappers
        sparc: kill useless SIGN... wrappers
        sparc: get rid of sys_sparc_pipe() wrappers
      8844a509
    • Linus Torvalds's avatar
      treewide: fix up files incorrectly marked executable · 90fda63f
      Linus Torvalds authored
      Joe Perches noted that we have a few source files that for some
      inexplicable reason (read: I'm too lazy to even go look at the history)
      are marked executable:
      
        drivers/gpu/drm/amd/amdgpu/vce_v4_0.c
        drivers/net/ethernet/cadence/macb_ptp.c
      
      A simple git command line to show executable C/asm/header files is this:
      
          git ls-files -s '*.[chsS]' | grep '^100755'
      
      and then you can fix them up with scripting by just feeding that output
      into:
      
          | cut -f2 | xargs chmod -x
      
      and commit it.
      
      Which is exactly what this commit does.
      Reported-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      90fda63f
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 0d5b1bd3
      Linus Torvalds authored
      Pull i2c updates from Wolfram Sang:
      
       -I2C core now reports proper OF style module alias. I'd like to repeat
        the note from the commit msg here (Thanks, Javier!):
      
            NOTE: This patch may break out-of-tree drivers that were relying
                  on this behavior, and only had an I2C device ID table even
                  when the device was registered via OF.
      
                  There are no remaining drivers in mainline that do this, but
                  out-of-tree drivers have to be fixed and define a proper OF
                  device ID table to have module auto-loading working.
      
       - new driver for the SynQuacer I2C controller
      
       - major refactoring of the QUP driver
      
       - the piix4 driver now uses request_muxed_region which should fix a
         long standing resource conflict with the sp5100_tco watchdog
      
       - a bunch of small core & driver improvements
      
      * 'i2c/for-4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (53 commits)
        i2c: add support for Socionext SynQuacer I2C controller
        dt-bindings: i2c: add binding for Socionext SynQuacer I2C
        i2c: Update i2c_trace_msg static key to modern api
        i2c: fix parameter of trace_i2c_result
        i2c: imx: avoid taking clk_prepare mutex in PM callbacks
        i2c: imx: use clk notifier for rate changes
        i2c: make i2c_check_addr_validity() static
        i2c: rcar: fix mask value of prohibited bit
        dt-bindings: i2c: document R8A77965 bindings
        i2c: pca-platform: drop gpio from platform data
        i2c: pca-platform: use device_property_read_u32
        i2c: pca-platform: unconditionally use devm_gpiod_get_optional
        sh: sh7785lcr: add GPIO lookup table for i2c controller reset
        i2c: qup: reorganization of driver code to remove polling for qup v2
        i2c: qup: reorganization of driver code to remove polling for qup v1
        i2c: qup: send NACK for last read sub transfers
        i2c: qup: fix buffer overflow for multiple msg of maximum xfer len
        i2c: qup: change completion timeout according to transfer length
        i2c: qup: use the complete transfer length to choose DMA mode
        i2c: qup: proper error handling for i2c error in BAM mode
        ...
      0d5b1bd3
    • Linus Torvalds's avatar
      Merge tag 'powerpc-4.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 49a695ba
      Linus Torvalds authored
      Pull powerpc updates from Michael Ellerman:
       "Notable changes:
      
         - Support for 4PB user address space on 64-bit, opt-in via mmap().
      
         - Removal of POWER4 support, which was accidentally broken in 2016
           and no one noticed, and blocked use of some modern instructions.
      
         - Workarounds so that the hypervisor can enable Transactional Memory
           on Power9.
      
         - A series to disable the DAWR (Data Address Watchpoint Register) on
           Power9.
      
         - More information displayed in the meltdown/spectre_v1/v2 sysfs
           files.
      
         - A vpermxor (Power8 Altivec) implementation for the raid6 Q
           Syndrome.
      
         - A big series to make the allocation of our pacas (per cpu area),
           kernel page tables, and per-cpu stacks NUMA aware when using the
           Radix MMU on Power9.
      
        And as usual many fixes, reworks and cleanups.
      
        Thanks to: Aaro Koskinen, Alexandre Belloni, Alexey Kardashevskiy,
        Alistair Popple, Andy Shevchenko, Aneesh Kumar K.V, Anshuman Khandual,
        Balbir Singh, Benjamin Herrenschmidt, Christophe Leroy, Christophe
        Lombard, Cyril Bur, Daniel Axtens, Dave Young, Finn Thain, Frederic
        Barrat, Gustavo Romero, Horia Geantă, Jonathan Neuschäfer, Kees Cook,
        Larry Finger, Laurent Dufour, Laurent Vivier, Logan Gunthorpe,
        Madhavan Srinivasan, Mark Greer, Mark Hairgrove, Markus Elfring,
        Mathieu Malaterre, Matt Brown, Matt Evans, Mauricio Faria de Oliveira,
        Michael Neuling, Naveen N. Rao, Nicholas Piggin, Paul Mackerras,
        Philippe Bergheaud, Ram Pai, Rob Herring, Sam Bobroff, Segher
        Boessenkool, Simon Guo, Simon Horman, Stewart Smith, Sukadev
        Bhattiprolu, Suraj Jitindar Singh, Thiago Jung Bauermann, Vaibhav
        Jain, Vaidyanathan Srinivasan, Vasant Hegde, Wei Yongjun"
      
      * tag 'powerpc-4.17-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (207 commits)
        powerpc/64s/idle: Fix restore of AMOR on POWER9 after deep sleep
        powerpc/64s: Fix POWER9 DD2.2 and above in cputable features
        powerpc/64s: Fix pkey support in dt_cpu_ftrs, add CPU_FTR_PKEY bit
        powerpc/64s: Fix dt_cpu_ftrs to have restore_cpu clear unwanted LPCR bits
        Revert "powerpc/64s/idle: POWER9 ESL=0 stop avoid save/restore overhead"
        powerpc: iomap.c: introduce io{read|write}64_{lo_hi|hi_lo}
        powerpc: io.h: move iomap.h include so that it can use readq/writeq defs
        cxl: Fix possible deadlock when processing page faults from cxllib
        powerpc/hw_breakpoint: Only disable hw breakpoint if cpu supports it
        powerpc/mm/radix: Update command line parsing for disable_radix
        powerpc/mm/radix: Parse disable_radix commandline correctly.
        powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb
        powerpc/mm/radix: Update pte fragment count from 16 to 256 on radix
        powerpc/mm/keys: Update documentation and remove unnecessary check
        powerpc/64s/idle: POWER9 ESL=0 stop avoid save/restore overhead
        powerpc/64s/idle: Consolidate power9_offline_stop()/power9_idle_stop()
        powerpc/powernv: Always stop secondaries before reboot/shutdown
        powerpc: hard disable irqs in smp_send_stop loop
        powerpc: use NMI IPI for smp_send_stop
        powerpc/powernv: Fix SMT4 forcing idle code
        ...
      49a695ba
    • Linus Torvalds's avatar
      Merge tag 'leaks-4.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks · 299f89d5
      Linus Torvalds authored
      Pull leaking-addresses updates from Tobin Harding:
       "This set represents improvements to the scripts/leaking_addresses.pl
        script.
      
        The major improvement is that with this set applied the script
        actually runs in a reasonable amount of time (less than a minute on a
        standard stock Ubuntu user desktop). Also, we have a second maintainer
        now and a tree hosted on kernel.org
      
        We do a few code clean ups. We fix the command help output. Handling
        of the vsyscall address range is fixed to check the whole range
        instead of just the start/end addresses. We add support for 5 page
        table levels (suggested on LKML). We use a system command to get the
        machine architecture instead of using Perl. Calling this command for
        every regex comparison is what previously choked the script, caching
        the result of this call gave the major speed improvement. We add
        support for scanning 32-bit kernels using the user/kernel memory
        split. Path skipping code refactored and simplified (meaning easier
        script configuration). We remove version numbering. We add a variable
        name to improve readability of a regex and finally we check filenames
        for leaking addresses.
      
        Currently script scans /proc/PID for all PID. With this set applied we
        only scan for PID==1. It was observed that on an idle system files
        under /proc/PID are predominantly the same for all processes. Also it
        was noted that the script does not scan _all_ the kernel since it only
        scans active processes. Scanning only for PID==1 makes explicit the
        inherent flaw in the script that the scan is only partial and also
        speeds things up"
      
      * tag 'leaks-4.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks:
        MAINTAINERS: Update LEAKING_ADDRESSES
        leaking_addresses: check if file name contains address
        leaking_addresses: explicitly name variable used in regex
        leaking_addresses: remove version number
        leaking_addresses: skip '/proc/1/syscall'
        leaking_addresses: skip all /proc/PID except /proc/1
        leaking_addresses: cache architecture name
        leaking_addresses: simplify path skipping
        leaking_addresses: do not parse binary files
        leaking_addresses: add 32-bit support
        leaking_addresses: add is_arch() wrapper subroutine
        leaking_addresses: use system command to get arch
        leaking_addresses: add support for 5 page table levels
        leaking_addresses: add support for kernel config file
        leaking_addresses: add range check for vsyscall memory
        leaking_addresses: indent dependant options
        leaking_addresses: remove command examples
        leaking_addresses: remove mention of kptr_restrict
        leaking_addresses: fix typo function not called
      299f89d5