mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
495 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Srinivasarao P
|
f3f0576c22 |
Merge android-4.14.158 (84afceb) into msm-4.14
* refs/heads/tmp-84afceb: Linux 4.14.158 net: fec: fix clock count mis-match platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer ASoC: stm32: i2s: fix IRQ clearing ASoC: stm32: i2s: fix 16 bit format support ASoC: stm32: i2s: fix dma configuration pinctrl: stm32: fix memory leak issue mailbox: mailbox-test: fix null pointer if no mmio hwrng: stm32 - fix unbalanced pm_runtime_enable media: stm32-dcmi: fix DMA corruption when stopping streaming crypto: stm32/hash - Fix hmac issue more than 256 bytes HID: core: check whether Usage Page item is after Usage ID items futex: Prevent exit livelock futex: Provide distinct return value when owner is exiting futex: Add mutex around futex exit futex: Provide state handling for exec() as well futex: Sanitize exit state handling futex: Mark the begin of futex exit explicitly futex: Set task::futex_state to DEAD right after handling futex exit futex: Split futex_mm_release() for exit/exec exit/exec: Seperate mm_release() futex: Replace PF_EXITPIDONE with a state futex: Move futex exit handling into futex code futex: Prevent robust futex exit race y2038: futex: Move compat implementation into futex.c mtd: spi-nor: cast to u64 to avoid uint overflows mtd: rawnand: atmel: fix possible object reference leak mtd: rawnand: atmel: Fix spelling mistake in error message net: macb driver, check for SKBTX_HW_TSTAMP net: macb: Fix SUBNS increment and increase resolution watchdog: sama5d4: fix WDD value to be always set to max ext4: add more paranoia checking in ext4_expand_extra_isize handling net: sched: fix `tc -s class show` no bstats on class with nolock subqueues sctp: cache netns in sctp_ep_common tipc: fix link name length check openvswitch: remove another BUG_ON() openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() slip: Fix use-after-free Read in slip_open openvswitch: fix flow command message size net: psample: fix skb_over_panic macvlan: schedule bc_work even if error media: atmel: atmel-isc: fix INIT_WORK misplacement media: atmel: atmel-isc: fix asd memory allocation pwm: Clear chip_data in pwm_put() net: macb: fix error format in dev_err() media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE xfrm: Fix memleak on xfrm state destroy mei: bus: prefix device names on bus with the bus name USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids staging: rtl8723bs: Drop ACPI device ids staging: rtl8192e: fix potential use after free clk: at91: generated: set audio_pll_allowed in at91_clk_register_generated() clk: at91: fix update bit maps on CFG_MOR write mm, gup: add missing refcount overflow checks on s390 mtd: Remove a debug trace in mtdpart.c powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() scsi: libsas: Check SMP PHY control function result ACPI / APEI: Switch estatus pool to use vmalloc memory ACPI / APEI: Don't wait to serialise with oops messages when panic()ing scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery apparmor: delete the dentry in aafs_remove() to avoid a leak iommu/amd: Fix NULL dereference bug in match_hid_uid net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED bpf: drop refcount if bpf_map_new_fd() fails in map_create() kvm: properly check debugfs dentry before using it net: dev: Use unsigned integer as an argument to left-shift bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() sctp: don't compare hb_timer expire date before starting it net: fix possible overflow in __sk_mem_raise_allocated() sfc: initialise found bitmap in efx_ef10_mtd_probe tipc: fix skb may be leaky in tipc_link_input blktrace: Show requests without sector net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() decnet: fix DN_IFREQ_SIZE ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change serial: 8250: Fix serial8250 initialization crash net/core/neighbour: fix kmemleak minimal reference count for hash tables PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() net/core/neighbour: tell kmemleak about hash tables tipc: fix memory leak in tipc_nl_compat_publ_dump mtd: Check add_mtd_device() ret code lib/genalloc.c: include vmalloc.h drivers/base/platform.c: kmemleak ignore a known leak fork: fix some -Wmissing-prototypes warnings lib/genalloc.c: use vzalloc_node() to allocate the bitmap lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n ocfs2: clear journal dirty flag after shutdown journal net/wan/fsl_ucc_hdlc: Avoid double free in ucc_hdlc_probe() tipc: fix a missing check of genlmsg_put atl1e: checking the status of atl1e_write_phy_reg net: dsa: bcm_sf2: Propagate error value from mdio_write net: stmicro: fix a missing check of clk_prepare net: (cpts) fix a missing check of clk_prepare um: Make GCOV depend on !KCOV f2fs: fix to dirty inode synchronously net/net_namespace: Check the return value of register_pernet_subsys() net/netlink_compat: Fix a missing check of nla_parse_nested pwm: clps711x: Fix period calculation crypto: mxc-scc - fix build warnings on ARM64 powerpc/pseries: Fix node leak in update_lmb_associativity_index() powerpc/83xx: handle machine check caused by watchdog timer regulator: tps65910: fix a missing check of return value IB/rxe: Make counters thread safe drbd: fix print_st_err()'s prototype to match the definition drbd: do not block when adjusting "disk-options" while IO is frozen drbd: reject attach of unsuitable uuids even if connected drbd: ignore "all zero" peer volume sizes in handshake powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status vfio/spapr_tce: Get rid of possible infinite loop powerpc/44x/bamboo: Fix PCI range powerpc/mm: Make NULL pointer deferences explicit on bad page faults. powerpc/prom: fix early DEBUG messages powerpc/perf: Fix unit_sel/cache_sel checks ath6kl: Fix off by one error in scan completion ath6kl: Only use match sets when firmware supports it scsi: csiostor: fix incorrect dma device in case of vport scsi: qla2xxx: deadlock by configfs_depend_item RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer openrisc: Fix broken paths to arch/or32 serial: max310x: Fix tx_empty() callback Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading drivers/regulator: fix a missing check of return value powerpc/xmon: fix dump_segments() powerpc/book3s/32: fix number of bats in p/v_block_mapped() vxlan: Fix error path in __vxlan_dev_create() clocksource/drivers/fttmr010: Fix invalid interrupt register access IB/qib: Fix an error code in qib_sdma_verbs_send() xfs: Fix bulkstat compat ioctls on x32 userspace. xfs: Align compat attrlist_by_handle with native implementation. gfs2: take jdata unstuff into account in do_grow dm flakey: Properly corrupt multi-page bios. HID: doc: fix wrong data structure reference for UHID_OUTPUT pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration KVM: s390: unregister debug feature on failing arch init bnxt_en: query force speeds before disabling autoneg mode. bnxt_en: Return linux standard errors in bnxt_ethtool.c exofs_mount(): fix leaks on failure exits net/mlx5: Continue driver initialization despite debugfs failure pinctrl: xway: fix gpio-hog related boot issues vfio-mdev/samples: Use u8 instead of char for handle functions xen/pciback: Check dev_data before using it kprobes/x86/xen: blacklist non-attachable xen interrupt functions serial: 8250: Rate limit serial port rx interrupts during input overruns HID: intel-ish-hid: fixes incorrect error handling btrfs: only track ref_heads in delayed_ref_updates mtd: rawnand: sunxi: Write pageprog related opcodes to WCMD_SET mmc: meson-gx: make sure the descriptor is stopped on errors VSOCK: bind to random port for VMADDR_PORT_ANY kvm: vmx: Set IA32_TSC_AUX for legacy mode guests gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB iwlwifi: move iwl_nvm_check_version() into dvm microblaze: move "... is ready" messages to arch/microblaze/Makefile microblaze: adjust the help to the real behavior ubi: Do not drop UBI device reference before using ubi: Put MTD device after it is not used xfs: require both realtime inodes to mount rtl818x: fix potential use after free mwifiex: debugfs: correct histogram spacing, formatting mwifiex: fix potential NULL dereference and use after free crypto: user - support incremental algorithm dumps scsi: lpfc: Enable Management features for IF_TYPE=6 ACPI / LPSS: Ignore acpi_device_fix_up_power() return value ARM: ks8695: fix section mismatch warning PM / AVS: SmartReflex: NULL check before some freeing functions is not needed RDMA/vmw_pvrdma: Use atomic memory allocation in create AH ARM: OMAP1: fix USB configuration for device-only setups arm64: smp: Handle errors reported by the firmware arm64: mm: Prevent mismatched 52-bit VA support parisc: Fix HP SDC hpa address output parisc: Fix serio address output ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed ARM: dts: Fix up SQ201 flash access scsi: lpfc: Fix dif and first burst use in write commands scsi: lpfc: Fix kernel Oops due to null pring pointers pwm: bcm-iproc: Prevent unloading the driver module while in use block: drbd: remove a stray unlock in __drbd_send_protocol() mac80211: fix station inactive_time shortly after boot ceph: return -EINVAL if given fsc mount option on kernel w/o support net: bcmgenet: reapply manual settings to the PHY scripts/gdb: fix debugging modules compiled with hot/cold partitioning watchdog: meson: Fix the wrong value of left time can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open can: peak_usb: report bus recovery as well bridge: ebtables: don't crash when using dnat target in output chains net: fec: add missed clk_disable_unprepare in remove clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call x86/resctrl: Prevent NULL pointer dereference when reading mondata idr: Fix idr_alloc_u32 on 32-bit systems clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 clk: at91: avoid sleeping early reset: fix reset_control_ops kerneldoc comment clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume ASoC: kirkwood: fix external clock probe defer reset: Fix memory leak in reset_control_array_put() ASoC: compress: fix unsigned integer overflow check ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX clk: meson: gxbb: let sar_adc_clk_div set the parent clock rate Revert "KVM: nVMX: reset cache/shadows when switching loaded VMCS" UPSTREAM: dt-bindings: arm: coresight: Add support for coresight-loses-context-with-cpu BACKPORT: coresight: etm4x: Save/restore state across CPU low power states BACKPORT: ARM: 8900/1: UNWINDER_FRAME_POINTER implementation for Clang Conflicts: Documentation/devicetree/bindings/arm/coresight.txt arch/arm/Makefile drivers/hid/hid-core.c kernel/exit.c Reverted the downstream patch "HID: core: add usage_page_preceding flag for hid_concatenate_usage_page()" as original issue got fixed with upstream changes. Change-Id: I3b833825b3d1104fa07378caef144639074d0a0d Signed-off-by: Srinivasarao P <spathi@codeaurora.org> |
||
Greg Kroah-Hartman
|
84afceb668 |
This is the 4.14.158 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3pFmwACgkQONu9yGCS aT68qg//RlehfhDnOYveXC8iOlpnzUfE0gI0Ix5CbOuPk0pjYHD+pjC22QUK8fza LWoUH4XSmQ7k5v9xw9MXA45yEpsBajrF2uiOYEUbzEIeh2QetTa9+WlZ25wFnza9 tICP2ct9lSs+E7bs3R8RW37cRLuYfhGtc9sskMfhAdTn9MQKOf9h7jIk0lFjhMB/ GbK449Eo6+8Rh2Pai9EYhWCh70d8ZFHLN3UWZUqG8RfWj1041GwVIoNOhwh5fCOq susq/EZI58BKsUv614sUxQ+dMaY+AOLKZAeYcP49tn/aARl2MjQaYSO8wnyUSVwn F7VYN2uvDVKXZa1/vGNtF6Q6O3nuvVwOgaFFx0srH9rSA7s8se+ZQTHg9WqGo36l fl2u7VN40Lq3Hv53gDV9qLHaPaxtAh39lDG9UoGnefzdbNGPVQRTqypMeRLHidwQ CK5lmbCr9BHoOGTRE0jl147WHTXtzYxjPnUmhZlIT2vxxDXP1AQqOHLLjHviXFrp VclLhGbJUAcB3fGSZJtLHYgPlZms+AFLxDQN4l9e3Xqu+F/W9z+NlAX7bEfYLBm0 v/x/b+BL+qtQ9DBIfc57uGxajgHzoI3ZtctiqZJ93IxFMRZEQVQsHYAh/pcK2AIh ONu4VvFjhdxWFQuzAZe8IEDyHbhcQSL+IMmKq+wu9KtGOfLNxWg= =D1w0 -----END PGP SIGNATURE----- Merge 4.14.158 into android-4.14 Changes in 4.14.158 Revert "KVM: nVMX: reset cache/shadows when switching loaded VMCS" clk: meson: gxbb: let sar_adc_clk_div set the parent clock rate ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX ASoC: compress: fix unsigned integer overflow check reset: Fix memory leak in reset_control_array_put() ASoC: kirkwood: fix external clock probe defer clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume reset: fix reset_control_ops kerneldoc comment clk: at91: avoid sleeping early clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 idr: Fix idr_alloc_u32 on 32-bit systems x86/resctrl: Prevent NULL pointer dereference when reading mondata clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call net: fec: add missed clk_disable_unprepare in remove bridge: ebtables: don't crash when using dnat target in output chains can: peak_usb: report bus recovery as well can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error watchdog: meson: Fix the wrong value of left time scripts/gdb: fix debugging modules compiled with hot/cold partitioning net: bcmgenet: reapply manual settings to the PHY ceph: return -EINVAL if given fsc mount option on kernel w/o support mac80211: fix station inactive_time shortly after boot block: drbd: remove a stray unlock in __drbd_send_protocol() pwm: bcm-iproc: Prevent unloading the driver module while in use scsi: lpfc: Fix kernel Oops due to null pring pointers scsi: lpfc: Fix dif and first burst use in write commands ARM: dts: Fix up SQ201 flash access ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication parisc: Fix serio address output parisc: Fix HP SDC hpa address output arm64: mm: Prevent mismatched 52-bit VA support arm64: smp: Handle errors reported by the firmware ARM: OMAP1: fix USB configuration for device-only setups RDMA/vmw_pvrdma: Use atomic memory allocation in create AH PM / AVS: SmartReflex: NULL check before some freeing functions is not needed ARM: ks8695: fix section mismatch warning ACPI / LPSS: Ignore acpi_device_fix_up_power() return value scsi: lpfc: Enable Management features for IF_TYPE=6 crypto: user - support incremental algorithm dumps mwifiex: fix potential NULL dereference and use after free mwifiex: debugfs: correct histogram spacing, formatting rtl818x: fix potential use after free xfs: require both realtime inodes to mount ubi: Put MTD device after it is not used ubi: Do not drop UBI device reference before using microblaze: adjust the help to the real behavior microblaze: move "... is ready" messages to arch/microblaze/Makefile iwlwifi: move iwl_nvm_check_version() into dvm gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB kvm: vmx: Set IA32_TSC_AUX for legacy mode guests VSOCK: bind to random port for VMADDR_PORT_ANY mmc: meson-gx: make sure the descriptor is stopped on errors mtd: rawnand: sunxi: Write pageprog related opcodes to WCMD_SET btrfs: only track ref_heads in delayed_ref_updates HID: intel-ish-hid: fixes incorrect error handling serial: 8250: Rate limit serial port rx interrupts during input overruns kprobes/x86/xen: blacklist non-attachable xen interrupt functions xen/pciback: Check dev_data before using it vfio-mdev/samples: Use u8 instead of char for handle functions pinctrl: xway: fix gpio-hog related boot issues net/mlx5: Continue driver initialization despite debugfs failure exofs_mount(): fix leaks on failure exits bnxt_en: Return linux standard errors in bnxt_ethtool.c bnxt_en: query force speeds before disabling autoneg mode. KVM: s390: unregister debug feature on failing arch init pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 HID: doc: fix wrong data structure reference for UHID_OUTPUT dm flakey: Properly corrupt multi-page bios. gfs2: take jdata unstuff into account in do_grow xfs: Align compat attrlist_by_handle with native implementation. xfs: Fix bulkstat compat ioctls on x32 userspace. IB/qib: Fix an error code in qib_sdma_verbs_send() clocksource/drivers/fttmr010: Fix invalid interrupt register access vxlan: Fix error path in __vxlan_dev_create() powerpc/book3s/32: fix number of bats in p/v_block_mapped() powerpc/xmon: fix dump_segments() drivers/regulator: fix a missing check of return value Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading serial: max310x: Fix tx_empty() callback openrisc: Fix broken paths to arch/or32 RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer scsi: qla2xxx: deadlock by configfs_depend_item scsi: csiostor: fix incorrect dma device in case of vport ath6kl: Only use match sets when firmware supports it ath6kl: Fix off by one error in scan completion powerpc/perf: Fix unit_sel/cache_sel checks powerpc/prom: fix early DEBUG messages powerpc/mm: Make NULL pointer deferences explicit on bad page faults. powerpc/44x/bamboo: Fix PCI range vfio/spapr_tce: Get rid of possible infinite loop powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status drbd: ignore "all zero" peer volume sizes in handshake drbd: reject attach of unsuitable uuids even if connected drbd: do not block when adjusting "disk-options" while IO is frozen drbd: fix print_st_err()'s prototype to match the definition IB/rxe: Make counters thread safe regulator: tps65910: fix a missing check of return value powerpc/83xx: handle machine check caused by watchdog timer powerpc/pseries: Fix node leak in update_lmb_associativity_index() crypto: mxc-scc - fix build warnings on ARM64 pwm: clps711x: Fix period calculation net/netlink_compat: Fix a missing check of nla_parse_nested net/net_namespace: Check the return value of register_pernet_subsys() f2fs: fix to dirty inode synchronously um: Make GCOV depend on !KCOV net: (cpts) fix a missing check of clk_prepare net: stmicro: fix a missing check of clk_prepare net: dsa: bcm_sf2: Propagate error value from mdio_write atl1e: checking the status of atl1e_write_phy_reg tipc: fix a missing check of genlmsg_put net/wan/fsl_ucc_hdlc: Avoid double free in ucc_hdlc_probe() ocfs2: clear journal dirty flag after shutdown journal vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk lib/genalloc.c: use vzalloc_node() to allocate the bitmap fork: fix some -Wmissing-prototypes warnings drivers/base/platform.c: kmemleak ignore a known leak lib/genalloc.c: include vmalloc.h mtd: Check add_mtd_device() ret code tipc: fix memory leak in tipc_nl_compat_publ_dump net/core/neighbour: tell kmemleak about hash tables PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() net/core/neighbour: fix kmemleak minimal reference count for hash tables serial: 8250: Fix serial8250 initialization crash gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel decnet: fix DN_IFREQ_SIZE net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() blktrace: Show requests without sector tipc: fix skb may be leaky in tipc_link_input sfc: initialise found bitmap in efx_ef10_mtd_probe net: fix possible overflow in __sk_mem_raise_allocated() sctp: don't compare hb_timer expire date before starting it bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() net: dev: Use unsigned integer as an argument to left-shift kvm: properly check debugfs dentry before using it bpf: drop refcount if bpf_map_new_fd() fails in map_create() net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED iommu/amd: Fix NULL dereference bug in match_hid_uid apparmor: delete the dentry in aafs_remove() to avoid a leak scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery ACPI / APEI: Don't wait to serialise with oops messages when panic()ing ACPI / APEI: Switch estatus pool to use vmalloc memory scsi: libsas: Check SMP PHY control function result powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() mtd: Remove a debug trace in mtdpart.c mm, gup: add missing refcount overflow checks on s390 clk: at91: fix update bit maps on CFG_MOR write clk: at91: generated: set audio_pll_allowed in at91_clk_register_generated() staging: rtl8192e: fix potential use after free staging: rtl8723bs: Drop ACPI device ids staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P mei: bus: prefix device names on bus with the bus name xfrm: Fix memleak on xfrm state destroy media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE net: macb: fix error format in dev_err() pwm: Clear chip_data in pwm_put() media: atmel: atmel-isc: fix asd memory allocation media: atmel: atmel-isc: fix INIT_WORK misplacement macvlan: schedule bc_work even if error net: psample: fix skb_over_panic openvswitch: fix flow command message size slip: Fix use-after-free Read in slip_open openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() openvswitch: remove another BUG_ON() tipc: fix link name length check sctp: cache netns in sctp_ep_common net: sched: fix `tc -s class show` no bstats on class with nolock subqueues ext4: add more paranoia checking in ext4_expand_extra_isize handling watchdog: sama5d4: fix WDD value to be always set to max net: macb: Fix SUBNS increment and increase resolution net: macb driver, check for SKBTX_HW_TSTAMP mtd: rawnand: atmel: Fix spelling mistake in error message mtd: rawnand: atmel: fix possible object reference leak mtd: spi-nor: cast to u64 to avoid uint overflows y2038: futex: Move compat implementation into futex.c futex: Prevent robust futex exit race futex: Move futex exit handling into futex code futex: Replace PF_EXITPIDONE with a state exit/exec: Seperate mm_release() futex: Split futex_mm_release() for exit/exec futex: Set task::futex_state to DEAD right after handling futex exit futex: Mark the begin of futex exit explicitly futex: Sanitize exit state handling futex: Provide state handling for exec() as well futex: Add mutex around futex exit futex: Provide distinct return value when owner is exiting futex: Prevent exit livelock HID: core: check whether Usage Page item is after Usage ID items crypto: stm32/hash - Fix hmac issue more than 256 bytes media: stm32-dcmi: fix DMA corruption when stopping streaming hwrng: stm32 - fix unbalanced pm_runtime_enable mailbox: mailbox-test: fix null pointer if no mmio pinctrl: stm32: fix memory leak issue ASoC: stm32: i2s: fix dma configuration ASoC: stm32: i2s: fix 16 bit format support ASoC: stm32: i2s: fix IRQ clearing platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size net: fec: fix clock count mis-match Linux 4.14.158 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Thomas Gleixner
|
7d79d1c681 |
exit/exec: Seperate mm_release()
commit 4610ba7ad877fafc0a25a30c6c82015304120426 upstream. mm_release() contains the futex exit handling. mm_release() is called from do_exit()->exit_mm() and from exec()->exec_mm(). In the exit_mm() case PF_EXITING and the futex state is updated. In the exec_mm() case these states are not touched. As the futex exit code needs further protections against exit races, this needs to be split into two functions. Preparatory only, no functional change. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Ingo Molnar <mingo@kernel.org> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/20191106224556.240518241@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Blagovest Kolenichev
|
50f461f659 |
Merge android-4.14-q.136 (7870b28) into msm-4.14
* refs/heads/tmp-7870b28: Linux 4.14.136 ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL ceph: hold i_ceph_lock when removing caps for freeing inode Fix allyesconfig output. drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl sched/fair: Don't free p->numa_faults with concurrent readers Bluetooth: hci_uart: check for missing tty operations hv_sock: Add support for delayed close iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA iommu/vt-d: Don't queue_iova() if there is no flush queue media: radio-raremono: change devm_k*alloc to k*alloc NFS: Cleanup if nfs_match_client is interrupted media: pvrusb2: use a different format for warnings media: cpia2_usb: first wake up, then free in disconnect ath10k: Change the warning message string media: au0828: fix null dereference in error path ISDN: hfcsusb: checking idx of ep configuration binder: fix possible UAF when freeing buffer arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ i2c: qup: fixed releasing dma without flush operation completion arm64: dts: marvell: Fix A37xx UART0 register size NFSv4: Fix lookup revalidate of regular files NFS: Refactor nfs_lookup_revalidate() NFS: Fix dentry revalidation on NFSv4 lookup vsock: correct removal of socket from the list VSOCK: use TCP state constants for sk_state ANDROID: fix up 9p filesystem due to CFI non-upstream patches Change-Id: I2838e5b80d1ff80132d5cbbe113ecc0037df9d5d Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
7870b283a5 |
This is the 4.14.136 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1GifQACgkQONu9yGCS aT7hpxAAwnBVBf1rQy/VtMCYKiKsovzRm+aSom9RoFtHbj3tCLyiZ0TWyAAeGlI0 tJUb1m1GXQmx6xgDufukKr6RBM0Om36Tov2+ozwNEUpZC8BH9fMGtyX+FUD9h8Nv w12LYqvIotEIjrjr7C8vOKo/5FM6zuKnkXmYwjKba6wsYY92GPVTSHw0JTrItPRk Bb9gUklImcu1VYjJrEui2KEjbtGB2RTbz6Uh3ZErrurVGFKq9K8Fcdr3XnYU5XJt kYs9pOn/QwNo0s2Zu85mm9F3gmoYYN+tj4SRLi2mJlsdGgk4NvSUvajJJLFBd6Bu pCqorb3hRe7eXPqVh1JjFzyK2n45JTg5YJUXpg+3Z7L8u/QJ8/SfZXq4NsuRC0kU +mKCGY3vspqOLdxHjP2IqJr+x8AuvjMCRWag4qzPUJ45diGjqt5+7idULa8hT8+r opg91lz51l2lVqmGvGx/Lj58JFnQxsnQfsTEJl9SuS4m3cZ9pAeaCPrelI0hTgTj 7cl6XqoWy8Y2zWM1z49bQdphM7WAFDPKXkmUyI2HwxjyVpuz0W5+Ct87NotOQlXO Gr636q6Dn40SX4U1g3vTZxIDMcQbZB/nqZMzflzlTjcDCqMpb9LCPg9+Q8RBCO4g mN7K6jIONdSsa4UcbAsBrVQ+GyyyupE/tLer1j9OUlx8vbaSCpo= =bZlp -----END PGP SIGNATURE----- Merge 4.14.136 into android-4.14-q Changes in 4.14.136 VSOCK: use TCP state constants for sk_state vsock: correct removal of socket from the list NFS: Fix dentry revalidation on NFSv4 lookup NFS: Refactor nfs_lookup_revalidate() NFSv4: Fix lookup revalidate of regular files arm64: dts: marvell: Fix A37xx UART0 register size i2c: qup: fixed releasing dma without flush operation completion arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ binder: fix possible UAF when freeing buffer ISDN: hfcsusb: checking idx of ep configuration media: au0828: fix null dereference in error path ath10k: Change the warning message string media: cpia2_usb: first wake up, then free in disconnect media: pvrusb2: use a different format for warnings NFS: Cleanup if nfs_match_client is interrupted media: radio-raremono: change devm_k*alloc to k*alloc iommu/vt-d: Don't queue_iova() if there is no flush queue iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA hv_sock: Add support for delayed close Bluetooth: hci_uart: check for missing tty operations sched/fair: Don't free p->numa_faults with concurrent readers drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl Fix allyesconfig output. ceph: hold i_ceph_lock when removing caps for freeing inode ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL Linux 4.14.136 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
20c71e6d5a |
This is the 4.14.136 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1GifQACgkQONu9yGCS aT7hpxAAwnBVBf1rQy/VtMCYKiKsovzRm+aSom9RoFtHbj3tCLyiZ0TWyAAeGlI0 tJUb1m1GXQmx6xgDufukKr6RBM0Om36Tov2+ozwNEUpZC8BH9fMGtyX+FUD9h8Nv w12LYqvIotEIjrjr7C8vOKo/5FM6zuKnkXmYwjKba6wsYY92GPVTSHw0JTrItPRk Bb9gUklImcu1VYjJrEui2KEjbtGB2RTbz6Uh3ZErrurVGFKq9K8Fcdr3XnYU5XJt kYs9pOn/QwNo0s2Zu85mm9F3gmoYYN+tj4SRLi2mJlsdGgk4NvSUvajJJLFBd6Bu pCqorb3hRe7eXPqVh1JjFzyK2n45JTg5YJUXpg+3Z7L8u/QJ8/SfZXq4NsuRC0kU +mKCGY3vspqOLdxHjP2IqJr+x8AuvjMCRWag4qzPUJ45diGjqt5+7idULa8hT8+r opg91lz51l2lVqmGvGx/Lj58JFnQxsnQfsTEJl9SuS4m3cZ9pAeaCPrelI0hTgTj 7cl6XqoWy8Y2zWM1z49bQdphM7WAFDPKXkmUyI2HwxjyVpuz0W5+Ct87NotOQlXO Gr636q6Dn40SX4U1g3vTZxIDMcQbZB/nqZMzflzlTjcDCqMpb9LCPg9+Q8RBCO4g mN7K6jIONdSsa4UcbAsBrVQ+GyyyupE/tLer1j9OUlx8vbaSCpo= =bZlp -----END PGP SIGNATURE----- Merge 4.14.136 into android-4.14 Changes in 4.14.136 VSOCK: use TCP state constants for sk_state vsock: correct removal of socket from the list NFS: Fix dentry revalidation on NFSv4 lookup NFS: Refactor nfs_lookup_revalidate() NFSv4: Fix lookup revalidate of regular files arm64: dts: marvell: Fix A37xx UART0 register size i2c: qup: fixed releasing dma without flush operation completion arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ binder: fix possible UAF when freeing buffer ISDN: hfcsusb: checking idx of ep configuration media: au0828: fix null dereference in error path ath10k: Change the warning message string media: cpia2_usb: first wake up, then free in disconnect media: pvrusb2: use a different format for warnings NFS: Cleanup if nfs_match_client is interrupted media: radio-raremono: change devm_k*alloc to k*alloc iommu/vt-d: Don't queue_iova() if there is no flush queue iommu/iova: Fix compilation error with !CONFIG_IOMMU_IOVA hv_sock: Add support for delayed close Bluetooth: hci_uart: check for missing tty operations sched/fair: Don't free p->numa_faults with concurrent readers drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl Fix allyesconfig output. ceph: hold i_ceph_lock when removing caps for freeing inode ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL Linux 4.14.136 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Jann Horn
|
d0919216e4 |
sched/fair: Don't free p->numa_faults with concurrent readers
commit 16d51a590a8ce3befb1308e0e7ab77f3b661af33 upstream.
When going through execve(), zero out the NUMA fault statistics instead of
freeing them.
During execve, the task is reachable through procfs and the scheduler. A
concurrent /proc/*/sched reader can read data from a freed ->numa_faults
allocation (confirmed by KASAN) and write it back to userspace.
I believe that it would also be possible for a use-after-free read to occur
through a race between a NUMA fault and execve(): task_numa_fault() can
lead to task_numa_compare(), which invokes task_weight() on the currently
running task of a different CPU.
Another way to fix this would be to make ->numa_faults RCU-managed or add
extra locking, but it seems easier to wipe the NUMA fault statistics on
execve.
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will@kernel.org>
Fixes: 82727018b0d3 ("sched/numa: Call task_numa_free() from do_execve()")
Link: https://lkml.kernel.org/r/20190716152047.14424-1-jannh@google.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Blagovest Kolenichev
|
b36940959e |
Merge android-4.14.106 (8ed9bc6) into msm-4.14
* refs/heads/tmp-8ed9bc6:
Revert "staging: android: ion: fix sys heap pool's gfp_flags"
Linux 4.14.106
perf/x86/intel: Implement support for TSX Force Abort
x86: Add TSX Force Abort CPUID/MSR
perf/x86/intel: Generalize dynamic constraint creation
perf/x86/intel: Make cpuc allocations consistent
driver core: Postpone DMA tear-down until after devres release
ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom
gfs2: Fix missed wakeups in find_insert_glock
ARM: 8781/1: Fix Thumb-2 syscall return for binutils 2.29+
drm: disable uncached DMA optimization for ARM and arm64
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
ARM: dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3
arm64: dts: hikey: Give wifi some time after power-on
scsi: aacraid: Fix missing break in switch statement
iscsi_ibft: Fix missing break in switch statement
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
qed: Consider TX tcs while deriving the max num_queues for PF.
qed: Fix EQ full firmware assert.
fs: ratelimit __find_get_block_slow() failure message.
i2c: omap: Use noirq system sleep pm ops to idle device for suspend
MIPS: Remove function size check in get_frame_info()
perf trace: Support multiple "vfs_getname" probes
perf symbols: Filter out hidden symbols from labels
s390/qeth: fix use-after-free in error path
netfilter: nf_nat: skip nat clash resolution for same-origin entries
selftests: netfilter: add simple masq/redirect test cases
selftests: netfilter: fix config fragment CONFIG_NF_TABLES_INET
dmaengine: dmatest: Abort test in case of mapping error
vsock/virtio: reset connected sockets on device removal
vsock/virtio: fix kernel panic after device hot-unplug
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init
bpf: fix lockdep false positive in percpu_freelist
bpf, selftests: fix handling of sparse CPU allocations
relay: check return of create_buf_file() properly
irqchip/gic-v3-its: Fix ITT_entry_size accessor
net: stmmac: Disable EEE mode earlier in XMIT callback
net: stmmac: Send TSO packets always from Queue 0
net: stmmac: Fallback to Platform Data clock in Watchdog conversion
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
usb: phy: fix link errors
DTS: CI20: Fix bugs in ci20's device tree.
arm64: dts: add msm8996 compatible to gicv3
ARM: pxa: ssp: unneeded to free devm_ allocated data
bpf: sock recvbuff must be limited by rmem_max in bpf_setsockopt()
soc: fsl: qbman: avoid race in clearing QMan interrupt
arm64: dts: renesas: r8a7796: Enable DMA for SCIF2
ARM: dts: omap4-droid4: Fix typo in cpcap IRQ flags
autofs: fix error return in autofs_fill_super()
autofs: drop dentry reference only when it is never used
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
lib/test_kmod.c: potential double free in error handling
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
x86_64: increase stack size for KASAN_EXTRA
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
apparmor: Fix aa_label_build() error handling for failed merges
arm64: kprobe: Always blacklist the KVM world-switch code
x86/microcode/amd: Don't falsely trick the late loading mechanism
cifs: fix computation for MAX_SMB2_HDR_SIZE
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
scsi: 53c700: pass correct "dev" to dma_alloc_attrs()
scsi: libfc: free skb when receiving invalid flogi resp
qed: Fix stack out of bounds bug
qed: Fix system crash in ll2 xmit
qed: Fix VF probe failure while FLR
qed: Fix LACP pdu drops for VFs
qed: Fix bug in tx promiscuous mode settings
nfs: Fix NULL pointer dereference of dev_name
selftests: timers: use LDLIBS instead of LDFLAGS
gpio: vf610: Mask all GPIO interrupts
netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: hns: Restart autoneg need return failed when autoneg off
net: hns: Fix for missing of_node_put() after of_parse_phandle()
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
xtensa: SMP: limit number of possible CPUs by NR_CPUS
xtensa: SMP: mark each possible CPU as present
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: fix secondary CPU initialization
selftests: cpu-hotplug: fix case where CPUs offline > CPUs present
xtensa: SMP: fix ccount_timer_shutdown
iommu/amd: Fix IOMMU page flush when detach device from a domain
ipvs: Fix signed integer overflow when setsockopt timeout
iommu/amd: Unmap all mapped pages in error path of map_sg
iommu/amd: Call free_iova_fast with pfn in map_sg
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
perf tools: Handle TOPOLOGY headers with no CPU
perf core: Fix perf_proc_update_handler() bug
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
media: uvcvideo: Fix 'type' check leading to overflow
scsi: core: reset host byte in DID_NEXUS_FAILURE case
exec: Fix mem leak in kernel_read_file
Bluetooth: Fix locking in bt_accept_enqueue() for BH context
xtensa: fix get_wchan
hugetlbfs: fix races and page leaks during migration
MIPS: irq: Allocate accurate order pages for irq stack
applicom: Fix potential Spectre v1 vulnerabilities
x86/CPU/AMD: Set the CPB bit unconditionally on F17h
net: dsa: mv88e6xxx: Fix statistics on mv88e6161
net: phy: Micrel KSZ8061: link failure after cable connect
tun: remove unnecessary memory barrier
tun: fix blocking read
mpls: Return error for RTA_GATEWAY attribute
ipv6: Return error for RTA_VIA attribute
ipv4: Return error for RTA_VIA attribute
net: avoid use IPCB in cipso_v4_error
net: Add __icmp_send helper.
xen-netback: fix occasional leak of grant ref mappings under memory pressure
xen-netback: don't populate the hash cache on XenBus disconnect
net: socket: set sock->sk to NULL after calling proto_ops::release()
net: sit: fix memory leak in sit_init_net()
net: phy: phylink: fix uninitialized variable in phylink_get_mac_state
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
net: netem: fix skb length BUG_ON in __skb_to_sgvec
netlabel: fix out-of-bounds memory accesses
net: dsa: mv88e6xxx: Fix u64 statistics
hv_netvsc: Fix IP header checksum for coalesced packets
geneve: correctly handle ipv6.disable module parameter
bnxt_en: Drop oversize TX packets to prevent errors.
tipc: fix RDM/DGRAM connect() regression
team: Free BPF filter when unregistering netdev
sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
net-sysfs: Fix mem leak in netdev_register_kobject
net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex
ip6mr: Do not call __IP6_INC_STATS() from preemptible context
staging: android: ion: fix sys heap pool's gfp_flags
staging: wilc1000: fix to set correct value for 'vif_num'
staging: comedi: ni_660x: fix missing break in switch statement
USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
USB: serial: cp210x: add ID for Ingenico 3070
USB: serial: option: add Telit ME910 ECM composition
cpufreq: Use struct kobj_attribute instead of struct global_attr
ANDROID: cuttlefish: enable CONFIG_INET_UDP_DIAG=y
ANDROID: cuttlefish: enable CONFIG_USB_RTL8152=y
Change-Id: Id5bc9a3c0ca235fcf07904455ea829c7f49618ad
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
8ed9bc6e64 |
This is the 4.14.106 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlyJcBwACgkQONu9yGCS
aT7eXQ//bDDaJaziRcXhYnlnvVl4NTgSk55HBg9lprj1Kjd1i4Nx0y+5lsj4nGdT
HBUkmKnEgBibxuAutBZIS1pZKb1Ef7iQOjoPXVFy9y9Ff31eWu/svQewYJHmMecc
K4rHu8IvnC0/lT4B4piPBKF7oV5oHG8ii3zXW1rT9CEpGMKpwGWjMqjDPc5Hzmtl
Q/mjZZe3KuLyaq7Hv08y0EgXr+c4WpbEjl6PekXB5WW4bCfbdNaeiAHB84wsRvbw
IR3IUfF/vRdacYMbpK9BUYar6nflIkQCMwpb5UFNKZooAW4gXCOfyfWZIDYAx3bv
eMc4CWXI4GNK2sCk/PuxmxRzbo/DsHIhSAitRJ/MDiViTM/ZAd4H4h5e2eL7x/Fr
+hRWT0BIsnftIzxApq57SFyw2P3/eluF6Na44En2jfWmfjSvDm/Dgdo3t0bRhJ+4
vwZKSmQZ/PuL69+0091EBwFT1JnHTtLxvuZsk6SMlcHVzQbb27PkU3o4EaX1uQ5o
AWM8vS7G8iW0JDpakyL3ANuqVnOc2epQ2a2oJWWmUMvv/+TCtj6SCmeRWDL1e0eZ
Rt9nKuPpXXKQLLrupjBqRg3o0PenYo6ADV/z4tGVW4hErTedawsVDemWbX2E4HFB
5VpWwA1NCOzHeinVDJmaxeupU5rvxoN9XbjyTs1ZTTEa0YCR9EQ=
=ijAI
-----END PGP SIGNATURE-----
Merge 4.14.106 into android-4.14
Changes in 4.14.106
cpufreq: Use struct kobj_attribute instead of struct global_attr
USB: serial: option: add Telit ME910 ECM composition
USB: serial: cp210x: add ID for Ingenico 3070
USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
staging: comedi: ni_660x: fix missing break in switch statement
staging: wilc1000: fix to set correct value for 'vif_num'
staging: android: ion: fix sys heap pool's gfp_flags
ip6mr: Do not call __IP6_INC_STATS() from preemptible context
net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex
net-sysfs: Fix mem leak in netdev_register_kobject
sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
team: Free BPF filter when unregistering netdev
tipc: fix RDM/DGRAM connect() regression
bnxt_en: Drop oversize TX packets to prevent errors.
geneve: correctly handle ipv6.disable module parameter
hv_netvsc: Fix IP header checksum for coalesced packets
net: dsa: mv88e6xxx: Fix u64 statistics
netlabel: fix out-of-bounds memory accesses
net: netem: fix skb length BUG_ON in __skb_to_sgvec
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
net: phy: phylink: fix uninitialized variable in phylink_get_mac_state
net: sit: fix memory leak in sit_init_net()
net: socket: set sock->sk to NULL after calling proto_ops::release()
xen-netback: don't populate the hash cache on XenBus disconnect
xen-netback: fix occasional leak of grant ref mappings under memory pressure
net: Add __icmp_send helper.
net: avoid use IPCB in cipso_v4_error
ipv4: Return error for RTA_VIA attribute
ipv6: Return error for RTA_VIA attribute
mpls: Return error for RTA_GATEWAY attribute
tun: fix blocking read
tun: remove unnecessary memory barrier
net: phy: Micrel KSZ8061: link failure after cable connect
net: dsa: mv88e6xxx: Fix statistics on mv88e6161
x86/CPU/AMD: Set the CPB bit unconditionally on F17h
applicom: Fix potential Spectre v1 vulnerabilities
MIPS: irq: Allocate accurate order pages for irq stack
hugetlbfs: fix races and page leaks during migration
xtensa: fix get_wchan
Bluetooth: Fix locking in bt_accept_enqueue() for BH context
exec: Fix mem leak in kernel_read_file
scsi: core: reset host byte in DID_NEXUS_FAILURE case
media: uvcvideo: Fix 'type' check leading to overflow
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
perf core: Fix perf_proc_update_handler() bug
perf tools: Handle TOPOLOGY headers with no CPU
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
iommu/amd: Call free_iova_fast with pfn in map_sg
iommu/amd: Unmap all mapped pages in error path of map_sg
ipvs: Fix signed integer overflow when setsockopt timeout
iommu/amd: Fix IOMMU page flush when detach device from a domain
xtensa: SMP: fix ccount_timer_shutdown
selftests: cpu-hotplug: fix case where CPUs offline > CPUs present
xtensa: SMP: fix secondary CPU initialization
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: mark each possible CPU as present
xtensa: SMP: limit number of possible CPUs by NR_CPUS
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
net: hns: Fix for missing of_node_put() after of_parse_phandle()
net: hns: Restart autoneg need return failed when autoneg off
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
gpio: vf610: Mask all GPIO interrupts
selftests: timers: use LDLIBS instead of LDFLAGS
nfs: Fix NULL pointer dereference of dev_name
qed: Fix bug in tx promiscuous mode settings
qed: Fix LACP pdu drops for VFs
qed: Fix VF probe failure while FLR
qed: Fix system crash in ll2 xmit
qed: Fix stack out of bounds bug
scsi: libfc: free skb when receiving invalid flogi resp
scsi: 53c700: pass correct "dev" to dma_alloc_attrs()
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
cifs: fix computation for MAX_SMB2_HDR_SIZE
x86/microcode/amd: Don't falsely trick the late loading mechanism
arm64: kprobe: Always blacklist the KVM world-switch code
apparmor: Fix aa_label_build() error handling for failed merges
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
x86_64: increase stack size for KASAN_EXTRA
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
lib/test_kmod.c: potential double free in error handling
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
autofs: drop dentry reference only when it is never used
autofs: fix error return in autofs_fill_super()
ARM: dts: omap4-droid4: Fix typo in cpcap IRQ flags
arm64: dts: renesas: r8a7796: Enable DMA for SCIF2
soc: fsl: qbman: avoid race in clearing QMan interrupt
bpf: sock recvbuff must be limited by rmem_max in bpf_setsockopt()
ARM: pxa: ssp: unneeded to free devm_ allocated data
arm64: dts: add msm8996 compatible to gicv3
DTS: CI20: Fix bugs in ci20's device tree.
usb: phy: fix link errors
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
net: stmmac: Fallback to Platform Data clock in Watchdog conversion
net: stmmac: Send TSO packets always from Queue 0
net: stmmac: Disable EEE mode earlier in XMIT callback
irqchip/gic-v3-its: Fix ITT_entry_size accessor
relay: check return of create_buf_file() properly
bpf, selftests: fix handling of sparse CPU allocations
bpf: fix lockdep false positive in percpu_freelist
drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
vsock/virtio: fix kernel panic after device hot-unplug
vsock/virtio: reset connected sockets on device removal
dmaengine: dmatest: Abort test in case of mapping error
selftests: netfilter: fix config fragment CONFIG_NF_TABLES_INET
selftests: netfilter: add simple masq/redirect test cases
netfilter: nf_nat: skip nat clash resolution for same-origin entries
s390/qeth: fix use-after-free in error path
perf symbols: Filter out hidden symbols from labels
perf trace: Support multiple "vfs_getname" probes
MIPS: Remove function size check in get_frame_info()
i2c: omap: Use noirq system sleep pm ops to idle device for suspend
fs: ratelimit __find_get_block_slow() failure message.
qed: Fix EQ full firmware assert.
qed: Consider TX tcs while deriving the max num_queues for PF.
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
iscsi_ibft: Fix missing break in switch statement
scsi: aacraid: Fix missing break in switch statement
arm64: dts: hikey: Give wifi some time after power-on
ARM: dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
drm: disable uncached DMA optimization for ARM and arm64
ARM: 8781/1: Fix Thumb-2 syscall return for binutils 2.29+
gfs2: Fix missed wakeups in find_insert_glock
ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom
driver core: Postpone DMA tear-down until after devres release
perf/x86/intel: Make cpuc allocations consistent
perf/x86/intel: Generalize dynamic constraint creation
x86: Add TSX Force Abort CPUID/MSR
perf/x86/intel: Implement support for TSX Force Abort
Linux 4.14.106
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
YueHaibing
|
069fb92ea2 |
exec: Fix mem leak in kernel_read_file
commit f612acfae86af7ecad754ae6a46019be9da05b8e upstream.
syzkaller report this:
BUG: memory leak
unreferenced object 0xffffc9000488d000 (size 9195520):
comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s)
hex dump (first 32 bytes):
ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00 ................
02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff ..........z.....
backtrace:
[<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline]
[<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline]
[<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831
[<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924
[<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993
[<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895
[<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
[<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[<00000000241f889b>] 0xffffffffffffffff
It should goto 'out_free' lable to free allocated buf while kernel_read
fails.
Fixes: 39d637af5aa7 ("vfs: forbid write access when reading a file into memory")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Thibaut Sautereau <thibaut@sautereau.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Laurent Dufour
|
f98b74c615 |
mm: introduce INIT_VMA()
Some VMA struct fields need to be initialized once the VMA structure is allocated. Currently this only concerns anon_vma_chain field but some other will be added to support the speculative page fault. Instead of spreading the initialization calls all over the code, let's introduce a dedicated inline function. Change-Id: I9f6b29dc74055354318b548e2b6b22c37d4c61bb Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com> Patch-mainline: linux-mm @ Tue, 17 Apr 2018 16:33:13 [vinmenon@codeaurora.org: trivial merge conflict fixes] Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
85ab9a0468 |
This is the 4.14.24 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqaaf0ACgkQONu9yGCS aT7cDxAAxjZ8e9TGlix7q2wIWSFRfAaWpb4SyZYxP6pYnrdhrHr6IQ+U5ydtiRcz T+zYkpXGMTMdkmKogXITp8FUL9ztkABJ/RyHcYuTdxTSpSUN67KNrVwGbM5NobX/ dPwPkkvUQDh1jyCUsqbYMoGfBSJVH5e7KgsfCtpcnckNzX3R2TOuwRb7aVjpyD63 Nb2tY70o07bjQZ+M3iWM1cHQ5AaMkJcZeML7mc/40AAcDB0pPNr53LKfVjSFrwgK Od5tOHR//XF17Kdi1dtT+XSmHsXcocq4FEp6x4htJPD19uOou5KC31ceXi2k8UEG g6iCRrsijdTrsl0ajyrwvXRWtQFN5fUw6BjA1G1/82FE8Eovxv28VjEHFElS+jX3 gQNDsyeJjQIP7Kpq2tRLmUTtFBGnBW7pcLRR/9jmZJdKsvTGa1BwOUbp9OO2FHip hiijnuqz8gpS9mEilALpAF7QLQk3dX8qLS1HZO3KKnFLxwSJqZhENvdfPZ2Fl7kr 4zavBe7suEyj1+jEt6xqksNOEZh+KAqRIhOZVBry9bvxAG4VCiN6pxEx63uIimMC bN9OFZZACFlao/4MCOggS0M48/tWU15Hep+jstUZ3FarUfrNy4VcRjcrTKdDEPMX Z5kwJEi9p/J0cReQMagJ/Y63aG4lPHTW8wUxOlHcp+e1wi0q+Kc= =h0lU -----END PGP SIGNATURE----- Merge 4.14.24 into android-4.14 Changes in 4.14.24 hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) exec: avoid gcc-8 warning for get_task_comm mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()' scsi: aacraid: Fix I/O drop during reset dmaengine: fsl-edma: disable clks on all error paths phy: cpcap-usb: Fix platform_get_irq_byname's error checking. nvme-fc: remove double put reference if admin connect fails nvme: check hw sectors before setting chunk sectors net: aquantia: Fix actual speed capabilities reporting net: aquantia: Fix hardware DMA stream overload on large MRRS net: usb: qmi_wwan: add Telit ME910 PID 0x1101 support mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM mtd: nand: brcmnand: Zero bitflip is not an error ipv6: icmp6: Allow icmp messages to be looped back parisc: Reduce thread stack to 16 kb ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch x86/asm: Allow again using asm.h when building for the 'bpf' clang target sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege sget(): handle failures of register_shrinker() net: phy: xgene: disable clk on error paths drm/nouveau/pci: do a msi rearm on init xfrm: Reinject transport-mode packets through tasklet x86/stacktrace: Make zombie stack traces reliable mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl spi: atmel: fixed spin_lock usage inside atmel_spi_remove ASoC: nau8825: fix issue that pop noise when start capture cgroup: Fix deadlock in cpu hotplug path staging: ion: Fix ion_cma_heap allocations x86-64/Xen: eliminate W+X mappings net: mediatek: setup proper state for disabled GMAC on the default net: arc_emac: fix arc_emac_rx() error paths vxlan: update skb dst pmtu on tx path ip_gre: remove the incorrect mtu limit for ipgre tap ip6_gre: remove the incorrect mtu limit for ipgre tap ip6_tunnel: get the min mtu properly in ip6_tnl_xmit net: stmmac: Fix TX timestamp calculation net: stmmac: Fix bad RX timestamp extraction net/mlx5e: Fix ETS BW check net/mlx5: Cleanup IRQs in case of unload failure net/mlx5: Stay in polling mode when command EQ destroy fails ASoC: rsnd: fixup ADG register mask xen/balloon: Mark unallocated host memory as UNUSABLE netfilter: nf_tables: fix chain filter in nf_tables_dump_rules() scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error netfilter: uapi: correct UNTRACKED conntrack state bit number i915: Reject CCS modifiers for pipe C on Geminilake RDMA/vmw_pvrdma: Call ib_umem_release on destroy QP path ARM: dts: ls1021a: fix incorrect clock references crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t lib/mpi: Fix umul_ppmm() for MIPS64r6 arm64: dts: renesas: ulcb: Remove renesas, no-ether-link property crypto: inside-secure - per request invalidation crypto: inside-secure - free requests even if their handling failed crypto: inside-secure - fix request allocations in invalidation path netfilter: nf_tables: fix potential NULL-ptr deref in nf_tables_dump_obj_done() tipc: error path leak fixes in tipc_enable_bearer() tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path tg3: Add workaround to restrict 5762 MRRS to 2048 tg3: Enable PHY reset in MTU change path for 5720 bnx2x: Improve reliability in case of nested PCI errors perf/x86/intel: Plug memory leak in intel_pmu_init() led: core: Fix brightness setting when setting delay_off=0 IB/mlx5: Fix mlx5_ib_alloc_mr error flow genirq: Guard handle_bad_irq log messages afs: Fix missing error handling in afs_write_end() s390/dasd: fix wrongly assigned configuration data btrfs: Fix flush bio leak ip6_tunnel: allow ip6gre dev mtu to be set below 1280 Input: xen-kbdfront - do not advertise multi-touch pressure support IB/mlx4: Fix mlx4_ib_alloc_mr error flow IB/ipoib: Fix race condition in neigh creation xfs: quota: fix missed destroy of qi_tree_lock xfs: quota: check result of register_shrinker() macvlan: Fix one possible double free e1000: fix disabling already-disabled warning NET: usb: qmi_wwan: add support for YUGA CLM920-NC5 PID 0x9625 drm/ttm: check the return value of kzalloc RDMA/netlink: Fix locking around __ib_get_device_by_index x86/efi: Fix kernel param add_efi_memmap regression uapi libc compat: add fallback for unsupported libcs i40e/i40evf: Account for frags split over multiple descriptors in check linearize i40e: don't remove netdev->dev_addr when syncing uc list net: ena: unmask MSI-X only after device initialization is completed nl80211: Check for the required netlink attribute presence mac80211: mesh: drop frames appearing to be from us can: flex_can: Correct the checking for frame length in flexcan_start_xmit() wcn36xx: Fix dynamic power saving block: drain queue before waiting for q_usage_counter becoming zero ia64, sched/cputime: Fix build error if CONFIG_VIRT_CPU_ACCOUNTING_NATIVE=y bpf: sockmap missing NULL psock check leds: core: Fix regression caused by commit 2b83ff96f51d powerpc/pseries: Make RAS IRQ explicitly dependent on DLPAR WQ nvme-fabrics: initialize default host->id in nvmf_host_default() x86/platform/intel-mid: Revert "Make 'bt_sfi_data' const" bnxt_en: Fix population of flow_type in bnxt_hwrm_cfa_flow_alloc() bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. xen-netfront: enable device after manual module load mdio-sun4i: Fix a memory leak SolutionEngine771x: fix Ether platform data xen/gntdev: Fix off-by-one error when unmapping with holes xen/gntdev: Fix partial gntdev_mmap() cleanup sctp: add a ceiling to optlen in some sockopts sctp: make use of pre-calculated len net: gianfar_ptp: move set_fipers() to spinlock protecting area of_mdio: avoid MDIO bus removal when a PHY is missing nfp: always unmask aux interrupts at init mlxsw: pci: Wait after reset before accessing HW MIPS: Implement __multi3 for GCC7 MIPS64r6 builds powerpc/pseries: Enable RAS hotplug events later arm64: dts: marvell: add comphy nodes on cp110 master and slave arm64: dts: marvell: mcbin: add comphy references to Ethernet ports net: sched: fix crash when deleting secondary chains net: sched: crash on blocks with goto chain action net_sched: get rid of rcu_barrier() in tcf_block_put_ext() net: sched: fix use-after-free in tcf_block_put_ext Linux 4.14.24 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Arnd Bergmann
|
7edaa9afb9 |
exec: avoid gcc-8 warning for get_task_comm
[ Upstream commit 3756f6401c302617c5e091081ca4d26ab604bec5 ] gcc-8 warns about using strncpy() with the source size as the limit: fs/exec.c:1223:32: error: argument to 'sizeof' in 'strncpy' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] This is indeed slightly suspicious, as it protects us from source arguments without NUL-termination, but does not guarantee that the destination is terminated. This keeps the strncpy() to ensure we have properly padded target buffer, but ensures that we use the correct length, by passing the actual length of the destination buffer as well as adding a build-time check to ensure it is exactly TASK_COMM_LEN. There are only 23 callsites which I all reviewed to ensure this is currently the case. We could get away with doing only the check or passing the right length, but it doesn't hurt to do both. Link: http://lkml.kernel.org/r/20171205151724.1764896-1-arnd@arndb.de Signed-off-by: Arnd Bergmann <arnd@arndb.de> Suggested-by: Kees Cook <keescook@chromium.org> Acked-by: Kees Cook <keescook@chromium.org> Acked-by: Ingo Molnar <mingo@kernel.org> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Serge Hallyn <serge@hallyn.com> Cc: James Morris <james.l.morris@oracle.com> Cc: Aleksa Sarai <asarai@suse.de> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Frederic Weisbecker <frederic@kernel.org> Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Daniel Rosenberg
|
571be17396 |
ANDROID: vfs: Add permission2 for filesystems with per mount permissions
This allows filesystems to use their mount private data to influence the permssions they return in permission2. It has been separated into a new call to avoid disrupting current permission users. Change-Id: I9d416e3b8b6eca84ef3e336bd2af89ddd51df6ca Signed-off-by: Daniel Rosenberg <drosen@google.com> |
||
Kees Cook
|
611583d327 |
exec: Weaken dumpability for secureexec
commit e816c201aed5232171f8eb80b5d46ae6516683b9 upstream.
This is a logical revert of commit e37fdb785a5f ("exec: Use secureexec
for setting dumpability")
This weakens dumpability back to checking only for uid/gid changes in
current (which is useless), but userspace depends on dumpability not
being tied to secureexec.
https://bugzilla.redhat.com/show_bug.cgi?id=1528633
Reported-by: Tom Horsley <horsley1953@gmail.com>
Fixes: e37fdb785a5f ("exec: Use secureexec for setting dumpability")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Kees Cook
|
2dea756b48 |
Revert "exec: avoid RLIMIT_STACK races with prlimit()"
commit 779f4e1c6c7c661db40dfebd6dd6bda7b5f88aa3 upstream. This reverts commit 04e35f4495dd560db30c25efca4eecae8ec8c375. SELinux runs with secureexec for all non-"noatsecure" domain transitions, which means lots of processes end up hitting the stack hard-limit change that was introduced in order to fix a race with prlimit(). That race fix will need to be redesigned. Reported-by: Laura Abbott <labbott@redhat.com> Reported-by: Tomáš Trnka <trnka@scm.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Kees Cook
|
c16a65582a |
exec: avoid RLIMIT_STACK races with prlimit()
commit 04e35f4495dd560db30c25efca4eecae8ec8c375 upstream. While the defense-in-depth RLIMIT_STACK limit on setuid processes was protected against races from other threads calling setrlimit(), I missed protecting it against races from external processes calling prlimit(). This adds locking around the change and makes sure that rlim_max is set too. Link: http://lkml.kernel.org/r/20171127193457.GA11348@beast Fixes: 64701dee4178e ("exec: Use sane stack rlimit under secureexec") Signed-off-by: Kees Cook <keescook@chromium.org> Reported-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Reported-by: Brad Spengler <spender@grsecurity.net> Acked-by: Serge Hallyn <serge@hallyn.com> Cc: James Morris <james.l.morris@oracle.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Mathieu Desnoyers
|
a961e40917 |
membarrier: Provide register expedited private command
This introduces a "register private expedited" membarrier command which allows eventual removal of important memory barrier constraints on the scheduler fast-paths. It changes how the "private expedited" membarrier command (new to 4.14) is used from user-space. This new command allows processes to register their intent to use the private expedited command. This affects how the expedited private command introduced in 4.14-rc is meant to be used, and should be merged before 4.14 final. Processes are now required to register before using MEMBARRIER_CMD_PRIVATE_EXPEDITED, otherwise that command returns EPERM. This fixes a problem that arose when designing requested extensions to sys_membarrier() to allow JITs to efficiently flush old code from instruction caches. Several potential algorithms are much less painful if the user register intent to use this functionality early on, for example, before the process spawns the second thread. Registering at this time removes the need to interrupt each and every thread in that process at the first expedited sys_membarrier() system call. Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Oleg Nesterov
|
c2315c187f |
exec: load_script: kill the onstack interp[BINPRM_BUF_SIZE] array
Patch series "exec: binfmt_misc: fix use-after-free, kill
iname[BINPRM_BUF_SIZE]".
It looks like this code was always wrong, then commit 948b701a607f
("binfmt_misc: add persistent opened binary handler for containers")
added more problems.
This patch (of 6):
load_script() can simply use i_name instead, it points into bprm->buf[]
and nobody can change this memory until we call prepare_binprm().
The only complication is that we need to also change the signature of
bprm_change_interp() but this change looks good too.
While at it, do whitespace/style cleanups.
NOTE: the real motivation for this change is that people want to
increase BINPRM_BUF_SIZE, we need to change load_misc_binary() too but
this looks more complicated because afaics it is very buggy.
Link: http://lkml.kernel.org/r/20170918163446.GA26793@redhat.com
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Travis Gummels <tgummels@redhat.com>
Cc: Ben Woodard <woodard@redhat.com>
Cc: Jim Foraker <foraker1@llnl.gov>
Cc: <tdhooge@llnl.gov>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
Mimi Zohar
|
711aab1dbb |
vfs: constify path argument to kernel_read_file_from_path
This patch constifies the path argument to kernel_read_file_from_path(). Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Christoph Hellwig <hch@infradead.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Linus Torvalds
|
581bfce969 |
Merge branch 'work.set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull more set_fs removal from Al Viro:
"Christoph's 'use kernel_read and friends rather than open-coding
set_fs()' series"
* 'work.set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
fs: unexport vfs_readv and vfs_writev
fs: unexport vfs_read and vfs_write
fs: unexport __vfs_read/__vfs_write
lustre: switch to kernel_write
gadget/f_mass_storage: stop messing with the address limit
mconsole: switch to kernel_read
btrfs: switch write_buf to kernel_write
net/9p: switch p9_fd_read to kernel_write
mm/nommu: switch do_mmap_private to kernel_read
serial2002: switch serial2002_tty_write to kernel_{read/write}
fs: make the buf argument to __kernel_write a void pointer
fs: fix kernel_write prototype
fs: fix kernel_read prototype
fs: move kernel_read to fs/read_write.c
fs: move kernel_write to fs/read_write.c
autofs4: switch autofs4_write to __kernel_write
ashmem: switch to ->read_iter
|
||
Michal Hocko
|
0ee931c4e3 |
mm: treewide: remove GFP_TEMPORARY allocation flag
GFP_TEMPORARY was introduced by commit e12ba74d8ff3 ("Group short-lived
and reclaimable kernel allocations") along with __GFP_RECLAIMABLE. It's
primary motivation was to allow users to tell that an allocation is
short lived and so the allocator can try to place such allocations close
together and prevent long term fragmentation. As much as this sounds
like a reasonable semantic it becomes much less clear when to use the
highlevel GFP_TEMPORARY allocation flag. How long is temporary? Can the
context holding that memory sleep? Can it take locks? It seems there is
no good answer for those questions.
The current implementation of GFP_TEMPORARY is basically GFP_KERNEL |
__GFP_RECLAIMABLE which in itself is tricky because basically none of
the existing caller provide a way to reclaim the allocated memory. So
this is rather misleading and hard to evaluate for any benefits.
I have checked some random users and none of them has added the flag
with a specific justification. I suspect most of them just copied from
other existing users and others just thought it might be a good idea to
use without any measuring. This suggests that GFP_TEMPORARY just
motivates for cargo cult usage without any reasoning.
I believe that our gfp flags are quite complex already and especially
those with highlevel semantic should be clearly defined to prevent from
confusion and abuse. Therefore I propose dropping GFP_TEMPORARY and
replace all existing users to simply use GFP_KERNEL. Please note that
SLAB users with shrinkers will still get __GFP_RECLAIMABLE heuristic and
so they will be placed properly for memory fragmentation prevention.
I can see reasons we might want some gfp flag to reflect shorterm
allocations but I propose starting from a clear semantic definition and
only then add users with proper justification.
This was been brought up before LSF this year by Matthew [1] and it
turned out that GFP_TEMPORARY really doesn't have a clear semantic. It
seems to be a heuristic without any measured advantage for most (if not
all) its current users. The follow up discussion has revealed that
opinions on what might be temporary allocation differ a lot between
developers. So rather than trying to tweak existing users into a
semantic which they haven't expected I propose to simply remove the flag
and start from scratch if we really need a semantic for short term
allocations.
[1] http://lkml.kernel.org/r/20170118054945.GD18349@bombadil.infradead.org
[akpm@linux-foundation.org: fix typo]
[akpm@linux-foundation.org: coding-style fixes]
[sfr@canb.auug.org.au: drm/i915: fix up]
Link: http://lkml.kernel.org/r/20170816144703.378d4f4d@canb.auug.org.au
Link: http://lkml.kernel.org/r/20170728091904.14627-1-mhocko@kernel.org
Signed-off-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Acked-by: Mel Gorman <mgorman@suse.de>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Neil Brown <neilb@suse.de>
Cc: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
Christoph Hellwig
|
bdd1d2d3d2 |
fs: fix kernel_read prototype
Use proper ssize_t and size_t types for the return value and count argument, move the offset last and make it an in/out argument like all other read/write helpers, and make the buf argument a void pointer to get rid of lots of casts in the callers. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Christoph Hellwig
|
c41fbad015 |
fs: move kernel_read to fs/read_write.c
Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Kees Cook
|
fe8993b3a0 |
exec: Consolidate pdeath_signal clearing
Instead of an additional secureexec check for pdeath_signal, just move it up into the initial secureexec test. Neither perf nor arch code touches pdeath_signal, so the relocation shouldn't change anything. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge@hallyn.com> |
||
|
Kees Cook
|
64701dee41 |
exec: Use sane stack rlimit under secureexec
For a secureexec, before memory layout selection has happened, reset the stack rlimit to something sane to avoid the caller having control over the resulting layouts. $ ulimit -s 8192 $ ulimit -s unlimited $ /bin/sh -c 'ulimit -s' unlimited $ sudo /bin/sh -c 'ulimit -s' 8192 Cc: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com> |
||
|
Kees Cook
|
473d89639d |
exec: Consolidate dumpability logic
Since it's already valid to set dumpability in the early part of setup_new_exec(), we can consolidate the logic into a single place. The BINPRM_FLAGS_ENFORCE_NONDUMP is set during would_dump() calls before setup_new_exec(), so its test is safe to move as well. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: James Morris <james.l.morris@oracle.com> |
||
|
Kees Cook
|
a70423dfbc |
exec: Use secureexec for clearing pdeath_signal
Like dumpability, clearing pdeath_signal happens both in setup_new_exec()
and later in commit_creds(). The test in setup_new_exec() is different
from all other privilege comparisons, though: it is checking the new cred
(bprm) uid vs the old cred (current) euid. This appears to be a bug,
introduced by commit a6f76f23d297 ("CRED: Make execve() take advantage of
copy-on-write credentials"):
- if (bprm->e_uid != current_euid() ||
- bprm->e_gid != current_egid()) {
- set_dumpable(current->mm, suid_dumpable);
+ if (bprm->cred->uid != current_euid() ||
+ bprm->cred->gid != current_egid()) {
It was bprm euid vs current euid (and egids), but the effective got
dropped. Nothing in the exec flow changes bprm->cred->uid (nor gid).
The call traces are:
prepare_bprm_creds()
prepare_exec_creds()
prepare_creds()
memcpy(new_creds, old_creds, ...)
security_prepare_creds() (unimplemented by commoncap)
...
prepare_binprm()
bprm_fill_uid()
resets euid/egid to current euid/egid
sets euid/egid on bprm based on set*id file bits
security_bprm_set_creds()
cap_bprm_set_creds()
handle all caps-based manipulations
so this test is effectively a test of current_uid() vs current_euid(),
which is wrong, just like the prior dumpability tests were wrong.
The commit log says "Clear pdeath_signal and set dumpable on
certain circumstances that may not be covered by commit_creds()." This
may be meaning the earlier old euid vs new euid (and egid) test that
got changed.
Luckily, as with dumpability, this is all masked by commit_creds()
which performs old/new euid and egid tests and clears pdeath_signal.
And again, like dumpability, we should include LSM secureexec logic for
pdeath_signal clearing. For example, Smack goes out of its way to clear
pdeath_signal when it finds a secureexec condition.
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
|
||
|
Kees Cook
|
e37fdb785a |
exec: Use secureexec for setting dumpability
The examination of "current" to decide dumpability is wrong. This was a check of and euid/uid (or egid/gid) mismatch in the existing process, not the newly created one. This appears to stretch back into even the "history.git" tree. Luckily, dumpability is later set in commit_creds(). In earlier kernel versions before creds existed, similar checks also existed late in the exec flow, covering up the mistake as far back as I could find. Note that because the commit_creds() check examines differences of euid, uid, egid, gid, and capabilities between the old and new creds, it would look like the setup_new_exec() dumpability test could be entirely removed. However, the secureexec test may cover a different set of tests (specific to the LSMs) than what commit_creds() checks for. So, fix this test to use secureexec (the removed euid tests are redundant to the commoncap secureexec checks now). Cc: David Howells <dhowells@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: James Morris <james.l.morris@oracle.com> |
||
|
Kees Cook
|
2af6228026 |
LSM: drop bprm_secureexec hook
This removes the bprm_secureexec hook since the logic has been folded into the bprm_set_creds hook for all LSMs now. Cc: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com> |
||
|
Kees Cook
|
46d98eb4e1 |
commoncap: Refactor to remove bprm_secureexec hook
The commoncap implementation of the bprm_secureexec hook is the only LSM that depends on the final call to its bprm_set_creds hook (since it may be called for multiple files, it ignores bprm->called_set_creds). As a result, it cannot safely _clear_ bprm->secureexec since other LSMs may have set it. Instead, remove the bprm_secureexec hook by introducing a new flag to bprm specific to commoncap: cap_elevated. This is similar to cap_effective, but that is used for a specific subset of elevated privileges, and exists solely to track state from bprm_set_creds to bprm_secureexec. As such, it will be removed in the next patch. Here, set the new bprm->cap_elevated flag when setuid/setgid has happened from bprm_fill_uid() or fscapabilities have been prepared. This temporarily moves the bprm_secureexec hook to a static inline. The helper will be removed in the next patch; this makes the step easier to review and bisect, since this does not introduce any changes to inputs nor outputs to the "elevated privileges" calculation. The new flag is merged with the bprm->secureexec flag in setup_new_exec() since this marks the end of any further prepare_binprm() calls. Cc: Andy Lutomirski <luto@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Andy Lutomirski <luto@kernel.org> Acked-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com> |
||
|
Kees Cook
|
c425e189ff |
binfmt: Introduce secureexec flag
The bprm_secureexec hook can be moved earlier. Right now, it is called during create_elf_tables(), via load_binary(), via search_binary_handler(), via exec_binprm(). Nearly all (see exception below) state used by bprm_secureexec is created during the bprm_set_creds hook, called from prepare_binprm(). For all LSMs (except commoncaps described next), only the first execution of bprm_set_creds takes any effect (they all check bprm->called_set_creds which prepare_binprm() sets after the first call to the bprm_set_creds hook). However, all these LSMs also only do anything with bprm_secureexec when they detected a secure state during their first run of bprm_set_creds. Therefore, it is functionally identical to move the detection into bprm_set_creds, since the results from secureexec here only need to be based on the first call to the LSM's bprm_set_creds hook. The single exception is that the commoncaps secureexec hook also examines euid/uid and egid/gid differences which are controlled by bprm_fill_uid(), via prepare_binprm(), which can be called multiple times (e.g. binfmt_script, binfmt_misc), and may clear the euid/egid for the final load (i.e. the script interpreter). However, while commoncaps specifically ignores bprm->cred_prepared, and runs its bprm_set_creds hook each time prepare_binprm() may get called, it needs to base the secureexec decision on the final call to bprm_set_creds. As a result, it will need special handling. To begin this refactoring, this adds the secureexec flag to the bprm struct, and calls the secureexec hook during setup_new_exec(). This is safe since all the cred work is finished (and past the point of no return). This explicit call will be removed in later patches once the hook has been removed. Cc: David Howells <dhowells@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: James Morris <james.l.morris@oracle.com> |
||
|
Kees Cook
|
a9208e42ba |
exec: Correct comments about "point of no return"
In commit 221af7f87b97 ("Split 'flush_old_exec' into two functions"),
the comment about the point of no return should have stayed in
flush_old_exec() since it refers to "bprm->mm = NULL;" line, but prior
changes in commits c89681ed7d0e ("remove steal_locks()"), and
fd8328be874f ("sanitize handling of shared descriptor tables in failing
execve()") made it look like it meant the current->sas_ss_sp line instead.
The comment was referring to the fact that once bprm->mm is NULL, all
failures from a binfmt load_binary hook (e.g. load_elf_binary), will
get SEGV raised against current. Move this comment and expand the
explanation a bit, putting it above the assignment this time, and add
details about the true nature of "point of no return" being the call
to flush_old_exec() itself.
This also removes an erroneous commet about when credentials are being
installed. That has its own dedicated function, install_exec_creds(),
which carries a similar (and correct) comment, so remove the bogus comment
where installation is not actually happening.
Cc: David Howells <dhowells@redhat.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
|
||
|
Kees Cook
|
ddb4a1442d |
exec: Rename bprm->cred_prepared to called_set_creds
The cred_prepared bprm flag has a misleading name. It has nothing to do with the bprm_prepare_cred hook, and actually tracks if bprm_set_creds has been called. Rename this flag and improve its comment. Cc: David Howells <dhowells@redhat.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: James Morris <james.l.morris@oracle.com> Acked-by: Paul Moore <paul@paul-moore.com> Acked-by: Serge Hallyn <serge@hallyn.com> |
||
|
Kees Cook
|
da029c11e6 |
exec: Limit arg stack to at most 75% of _STK_LIM
To avoid pathological stack usage or the need to special-case setuid execs, just limit all arg stack usage to at most 75% of _STK_LIM (6MB). Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Kees Cook
|
98da7d0885 |
fs/exec.c: account for argv/envp pointers
When limiting the argv/envp strings during exec to 1/4 of the stack limit,
the storage of the pointers to the strings was not included. This means
that an exec with huge numbers of tiny strings could eat 1/4 of the stack
limit in strings and then additional space would be later used by the
pointers to the strings.
For example, on 32-bit with a 8MB stack rlimit, an exec with 1677721
single-byte strings would consume less than 2MB of stack, the max (8MB /
4) amount allowed, but the pointers to the strings would consume the
remaining additional stack space (1677721 * 4 == 6710884).
The result (1677721 + 6710884 == 8388605) would exhaust stack space
entirely. Controlling this stack exhaustion could result in
pathological behavior in setuid binaries (CVE-2017-1000365).
[akpm@linux-foundation.org: additional commenting from Kees]
Fixes: b6a2fea39318 ("mm: variable length argument support")
Link: http://lkml.kernel.org/r/20170622001720.GA32173@beast
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Rik van Riel <riel@redhat.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Qualys Security Advisory <qsa@qualys.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
Kyle Huey
|
e9ea1e7f53 |
x86/arch_prctl: Add ARCH_[GET|SET]_CPUID
Intel supports faulting on the CPUID instruction beginning with Ivy Bridge. When enabled, the processor will fault on attempts to execute the CPUID instruction with CPL>0. Exposing this feature to userspace will allow a ptracer to trap and emulate the CPUID instruction. When supported, this feature is controlled by toggling bit 0 of MSR_MISC_FEATURES_ENABLES. It is documented in detail in Section 2.3.2 of https://bugzilla.kernel.org/attachment.cgi?id=243991 Implement a new pair of arch_prctls, available on both x86-32 and x86-64. ARCH_GET_CPUID: Returns the current CPUID state, either 0 if CPUID faulting is enabled (and thus the CPUID instruction is not available) or 1 if CPUID faulting is not enabled. ARCH_SET_CPUID: Set the CPUID state to the second argument. If cpuid_enabled is 0 CPUID faulting will be activated, otherwise it will be deactivated. Returns ENODEV if CPUID faulting is not supported on this system. The state of the CPUID faulting flag is propagated across forks, but reset upon exec. Signed-off-by: Kyle Huey <khuey@kylehuey.com> Cc: Grzegorz Andrejczuk <grzegorz.andrejczuk@intel.com> Cc: kvm@vger.kernel.org Cc: Radim Krčmář <rkrcmar@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: Andi Kleen <andi@firstfloor.org> Cc: linux-kselftest@vger.kernel.org Cc: Nadav Amit <nadav.amit@gmail.com> Cc: Robert O'Callahan <robert@ocallahan.org> Cc: Richard Weinberger <richard@nod.at> Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com> Cc: Borislav Petkov <bp@suse.de> Cc: Andy Lutomirski <luto@kernel.org> Cc: Len Brown <len.brown@intel.com> Cc: Shuah Khan <shuah@kernel.org> Cc: user-mode-linux-devel@lists.sourceforge.net Cc: Jeff Dike <jdike@addtoit.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: user-mode-linux-user@lists.sourceforge.net Cc: David Matlack <dmatlack@google.com> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> Cc: Dmitry Safonov <dsafonov@virtuozzo.com> Cc: linux-fsdevel@vger.kernel.org Cc: Paolo Bonzini <pbonzini@redhat.com> Link: http://lkml.kernel.org/r/20170320081628.18952-9-khuey@kylehuey.com Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
||
Ingo Molnar
|
299300258d |
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task.h>
We are going to split <linux/sched/task.h> out of <linux/sched.h>, which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder <linux/sched/task.h> file that just maps to <linux/sched.h> to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Ingo Molnar
|
6a3827d750 |
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/numa_balancing.h>
We are going to split <linux/sched/numa_balancing.h> out of <linux/sched.h>, which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder <linux/sched/numa_balancing.h> file that just maps to <linux/sched.h> to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Ingo Molnar
|
3f07c01441 |
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h>
We are going to split <linux/sched/signal.h> out of <linux/sched.h>, which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder <linux/sched/signal.h> file that just maps to <linux/sched.h> to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Ingo Molnar
|
f7ccbae45c |
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/coredump.h>
We are going to split <linux/sched/coredump.h> out of <linux/sched.h>, which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder <linux/sched/coredump.h> file that just maps to <linux/sched.h> to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Ingo Molnar
|
6e84f31522 |
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/mm.h>
We are going to split <linux/sched/mm.h> out of <linux/sched.h>, which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder <linux/sched/mm.h> file that just maps to <linux/sched.h> to make this patch obviously correct and bisectable. The APIs that are going to be moved first are: mm_alloc() __mmdrop() mmdrop() mmdrop_async_fn() mmdrop_async() mmget_not_zero() mmput() mmput_async() get_task_mm() mm_access() mm_release() Include the new header in the files that are going to need it. Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Ingo Molnar
|
780de9dd27 |
sched/headers, cgroups: Remove the threadgroup_change_*() wrappery
threadgroup_change_begin()/end() is a pointless wrapper around cgroup_threadgroup_change_begin()/end(), minus a might_sleep() in the !CONFIG_CGROUPS=y case. Remove the wrappery, move the might_sleep() (the down_read() already has a might_sleep() check). This debloats <linux/sched.h> a bit and simplifies this API. Update all call sites. No change in functionality. Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
Vivek Goyal
|
fea6d2a610 |
vfs: Use upper filesystem inode in bprm_fill_uid()
Right now bprm_fill_uid() uses inode fetched from file_inode(bprm->file).
This in turn returns inode of lower filesystem (in a stacked filesystem
setup).
I was playing with modified patches of shiftfs posted by james bottomley
and realized that through shiftfs setuid bit does not take effect. And
reason being that we fetch uid/gid from inode of lower fs (and not from
shiftfs inode). And that results in following checks failing.
/* We ignore suid/sgid if there are no mappings for them in the ns */
if (!kuid_has_mapping(bprm->cred->user_ns, uid) ||
!kgid_has_mapping(bprm->cred->user_ns, gid))
return;
uid/gid fetched from lower fs inode might not be mapped inside the user
namespace of container. So we need to look at uid/gid fetched from
upper filesystem (shiftfs in this particular case) and these should be
mapped and setuid bit can take affect.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
|
||
Eric W. Biederman
|
9227dd2a84 |
exec: Remove LSM_UNSAFE_PTRACE_CAP
With previous changes every location that tests for LSM_UNSAFE_PTRACE_CAP also tests for LSM_UNSAFE_PTRACE making the LSM_UNSAFE_PTRACE_CAP redundant, so remove it. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
|
Linus Torvalds
|
7c0f6ba682 |
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
This was entirely automated, using the script by Al:
PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*<asm/uaccess.h>'
sed -i -e "s!$PATT!#include <linux/uaccess.h>!" \
$(git grep -l "$PATT"|grep -v ^include/linux/uaccess.h)
to do the replacement at the end of the merge window.
Requested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
Aleksa Sarai
|
613cc2b6f2 |
fs: exec: apply CLOEXEC before changing dumpable task flags
If you have a process that has set itself to be non-dumpable, and it
then undergoes exec(2), any CLOEXEC file descriptors it has open are
"exposed" during a race window between the dumpable flags of the process
being reset for exec(2) and CLOEXEC being applied to the file
descriptors. This can be exploited by a process by attempting to access
/proc/<pid>/fd/... during this window, without requiring CAP_SYS_PTRACE.
The race in question is after set_dumpable has been (for get_link,
though the trace is basically the same for readlink):
[vfs]
-> proc_pid_link_inode_operations.get_link
-> proc_pid_get_link
-> proc_fd_access_allowed
-> ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS);
Which will return 0, during the race window and CLOEXEC file descriptors
will still be open during this window because do_close_on_exec has not
been called yet. As a result, the ordering of these calls should be
reversed to avoid this race window.
This is of particular concern to container runtimes, where joining a
PID namespace with file descriptors referring to the host filesystem
can result in security issues (since PRCTL_SET_DUMPABLE doesn't protect
against access of CLOEXEC file descriptors -- file descriptors which may
reference filesystem objects the container shouldn't have access to).
Cc: dev@opencontainers.org
Cc: <stable@vger.kernel.org> # v3.2+
Reported-by: Michael Crosby <crosbymichael@gmail.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
||
|
Linus Torvalds
|
a57cb1c1d7 |
Merge branch 'akpm' (patches from Andrew)
Merge more updates from Andrew Morton: - a few misc things - kexec updates - DMA-mapping updates to better support networking DMA operations - IPC updates - various MM changes to improve DAX fault handling - lots of radix-tree changes, mainly to the test suite. All leading up to reimplementing the IDA/IDR code to be a wrapper layer over the radix-tree. However the final trigger-pulling patch is held off for 4.11. * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (114 commits) radix tree test suite: delete unused rcupdate.c radix tree test suite: add new tag check radix-tree: ensure counts are initialised radix tree test suite: cache recently freed objects radix tree test suite: add some more functionality idr: reduce the number of bits per level from 8 to 6 rxrpc: abstract away knowledge of IDR internals tpm: use idr_find(), not idr_find_slowpath() idr: add ida_is_empty radix tree test suite: check multiorder iteration radix-tree: fix replacement for multiorder entries radix-tree: add radix_tree_split_preload() radix-tree: add radix_tree_split radix-tree: add radix_tree_join radix-tree: delete radix_tree_range_tag_if_tagged() radix-tree: delete radix_tree_locate_item() radix-tree: improve multiorder iterators btrfs: fix race in btrfs_free_dummy_fs_info() radix-tree: improve dump output radix-tree: make radix_tree_find_next_bit more useful ... |
||
Lorenzo Stoakes
|
5b56d49fc3 |
mm: add locked parameter to get_user_pages_remote()
Patch series "mm: unexport __get_user_pages_unlocked()". This patch series continues the cleanup of get_user_pages*() functions taking advantage of the fact we can now pass gup_flags as we please. It firstly adds an additional 'locked' parameter to get_user_pages_remote() to allow for its callers to utilise VM_FAULT_RETRY functionality. This is necessary as the invocation of __get_user_pages_unlocked() in process_vm_rw_single_vec() makes use of this and no other existing higher level function would allow it to do so. Secondly existing callers of __get_user_pages_unlocked() are replaced with the appropriate higher-level replacement - get_user_pages_unlocked() if the current task and memory descriptor are referenced, or get_user_pages_remote() if other task/memory descriptors are referenced (having acquiring mmap_sem.) This patch (of 2): Add a int *locked parameter to get_user_pages_remote() to allow VM_FAULT_RETRY faulting behaviour similar to get_user_pages_[un]locked(). Taking into account the previous adjustments to get_user_pages*() functions allowing for the passing of gup_flags, we are now in a position where __get_user_pages_unlocked() need only be exported for his ability to allow VM_FAULT_RETRY behaviour, this adjustment allows us to subsequently unexport __get_user_pages_unlocked() as well as allowing for future flexibility in the use of get_user_pages_remote(). [sfr@canb.auug.org.au: merge fix for get_user_pages_remote API change] Link: http://lkml.kernel.org/r/20161122210511.024ec341@canb.auug.org.au Link: http://lkml.kernel.org/r/20161027095141.2569-2-lstoakes@gmail.com Signed-off-by: Lorenzo Stoakes <lstoakes@gmail.com> Acked-by: Michal Hocko <mhocko@suse.com> Cc: Jan Kara <jack@suse.cz> Cc: Hugh Dickins <hughd@google.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: Rik van Riel <riel@redhat.com> Cc: Mel Gorman <mgorman@techsingularity.net> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Radim Krcmar <rkrcmar@redhat.com> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Linus Torvalds
|
412ac77a9d |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull namespace updates from Eric Biederman: "After a lot of discussion and work we have finally reachanged a basic understanding of what is necessary to make unprivileged mounts safe in the presence of EVM and IMA xattrs which the last commit in this series reflects. While technically it is a revert the comments it adds are important for people not getting confused in the future. Clearing up that confusion allows us to seriously work on unprivileged mounts of fuse in the next development cycle. The rest of the fixes in this set are in the intersection of user namespaces, ptrace, and exec. I started with the first fix which started a feedback cycle of finding additional issues during review and fixing them. Culiminating in a fix for a bug that has been present since at least Linux v1.0. Potentially these fixes were candidates for being merged during the rc cycle, and are certainly backport candidates but enough little things turned up during review and testing that I decided they should be handled as part of the normal development process just to be certain there were not any great surprises when it came time to backport some of these fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC" exec: Ensure mm->user_ns contains the execed files ptrace: Don't allow accessing an undumpable mm ptrace: Capture the ptracer's creds not PT_PTRACE_CAP mm: Add a user_ns owner to mm_struct and fix ptrace permission checks |