-----BEGIN PGP SIGNATURE-----
iQJNBAABCAA3FiEERFwmR4yFob14UDOYC8702P6YulgFAmbMN2wZHHZlZ2FyZC5u
b3NzdW1Ab3JhY2xlLmNvbQAKCRALzvTY/pi6WI/OD/0df1vNkreJiEgYmrzoT5rG
FekNwYxJLpnN2cIk5qZv5SUSrZDfqPEMzhz4tuv0kVMv8gb+k8tXpBGr6rfZlYEw
UoDAZzAN0Ns0JwxtPoIIJrjfD1a0xq8teSGhbphUDLA/fH/M66pTPtJrDjia/99E
0Ymhc+8pv77UljmaxjEoQ8a0hXoe/TxoxwJpUdklwhcXZ+u4+FwJfxxHd4webnGs
XiC1rrq4fYOX5MaomrGhKQBFv/iQAM+U9VHn4m1yLqDXYXn3j7stOa8dPY5g6EJw
kzPsure193EXj9Tp5Y+sC+aExLGfaO7MB+hlXR0El/cHboTFJshafVuIhHp93zlI
4NVExnDe3Xmrb7U4hCJd2L2z3Vgq8jSH0R1FwZqfZruOo+B1zG9/SIiM96pD5YR1
ugk2P9XAXEpDUoMv4XPCNlpMetT7HBdUWIJCZQDCTl1axiGWnqs1MpGVHfavoTLz
CKuoluR/0vL5lVX7vrc1Pb6+7APaY0U9ehVDlMbumS2PmpkLsoaTbTLlJsnVBrmg
fkN4sjja0mszL4f5zzPCZ/9G8opf63+LLiheUNdnB4yWn7VoK4+kH3v3dW3e2gzJ
t5IYygJ8Ys8pCLAueuiRb3pce59HrEq8mFtoF+MXlLN4fVHFwKbTtJWiEvEl5x3E
Ks8j03Ywad/Zcl5GiwnnEw==
=AZG+
-----END PGP SIGNATURE-----
Merge tag 'v4.14.352-openela' of https://github.com/openela/kernel-lts
This is the 4.14.352 OpenELA-Extended LTS stable release
* tag 'v4.14.352-openela' of https://github.com/openela/kernel-lts: (32 commits)
LTS: Update to 4.14.352
filelock: Fix fcntl/close race recovery compat path
jfs: don't walk off the end of ealist
ocfs2: add bounds checking to ocfs2_check_dir_entry()
net: relax socket state check at accept time.
ACPI: processor_idle: Fix invalid comparison with insertion sort for latency
ARM: 9324/1: fix get_user() broken with veneer
filelock: Remove locks reliably when fcntl/close race is detected
hfsplus: fix uninit-value in copy_name
selftests/vDSO: fix clang build errors and warnings
spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices
fs: better handle deep ancestor chains in is_subdir()
Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD()
net: usb: qmi_wwan: add Telit FN912 compositions
ALSA: dmaengine_pcm: terminate dmaengine before synchronize
s390/sclp: Fix sclp_init() cleanup on failure
Input: elantech - fix touchpad state on resume for Lenovo N24
wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
mei: demote client disconnect warning on suspend to debug
...
Change-Id: I4cbdfa0321bf83d62ac62f386eb77d21c5785dec
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmVmGT0ACgkQONu9yGCS
aT5ERQ//Tx5hvAL4WlnyNLMshNB5Ep8cuB1JryM1pi5BbtQxToDFZv3aJKkqj2K3
CRFq1x5hO9dli5MK5RTaO4JwCSwOphBDEqswOrtIdI7nHHzkMGBF7UUwezc6M5TZ
7cjs3LFnsVJJITBUAM/f33HyYXUPiMw/TEcWcFnJLJgWQafpOQ4kRH5k5UOL8Kgm
LV+E9YhBikaRpPpsC6obxT7KnaSnOScdUjjD+DRBm+UNhx/F3HVSY2ZY/Mr1XTyJ
v0QhzMAgWdBVGja8+9qU2e8pPw36NcEli539iU4HfrmCUry4J0Mh+XFYbpzvhQLC
U72e0vIoievkxYM1krnI2+wIFh58qlFGwKEIYag+eg0DuJn4ttaTFG9+rkn2lcI9
+d6JqALAImPtd5ZdISj7mBI8mWoTl73Hl5RNnJQQBaBwdHZQc2IXXJQUSbfyDE8/
gor9eEls3E2FtucEtihbsCF/5M0IXs+tr4b67qo73HfS6lqGFGLAFQUlKvhPr0R/
baoEoIb6bsH9oTCLjNoH1vSRPM9VEj3+AFOzK4D3wlfEhDRYkNZDQ/MF3btv6HTp
ifLXerLLxSK56OOqn3yyGOmUhtpR+sPLBrjhrALrcWOjESH9i7zvmHRLCow9qbmx
bf6Qxz6L8/+JIkdDNCN/l7NuzNyCUj0U/ObR1WWXp/n8ZqUpGR0=
=rkdh
-----END PGP SIGNATURE-----
Merge 4.14.331 into android-4.14-stable
Changes in 4.14.331
locking/ww_mutex/test: Fix potential workqueue corruption
clocksource/drivers/timer-imx-gpt: Fix potential memory leak
clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
wifi: ath9k: fix clang-specific fortify warnings
wifi: ath10k: fix clang-specific fortify warning
net: annotate data-races around sk->sk_dst_pending_confirm
drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
selftests/efivarfs: create-read: fix a resource leak
crypto: pcrypt - Fix hungtask for PADATA_RESET
RDMA/hfi1: Use FIELD_GET() to extract Link Width
fs/jfs: Add check for negative db_l2nbperpage
fs/jfs: Add validity check for db_maxag and db_agpref
jfs: fix array-index-out-of-bounds in dbFindLeaf
jfs: fix array-index-out-of-bounds in diAlloc
ALSA: hda: Fix possible null-ptr-deref when assigning a stream
atm: iphase: Do PCI error checks on own line
scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
tty: vcc: Add check for kstrdup() in vcc_probe()
i2c: sun6i-p2wi: Prevent potential division by zero
media: gspca: cpia1: shift-out-of-bounds in set_flicker
media: vivid: avoid integer overflow
gfs2: ignore negated quota changes
pwm: Fix double shift bug
media: venus: hfi: add checks to perform sanity on queue pointers
randstruct: Fix gcc-plugin performance mode to stay in group
KVM: x86: Ignore MSR_AMD64_TW_CFG access
audit: don't take task_lock() in audit_exe_compare() code path
audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
PCI/sysfs: Protect driver's D3cold preference from user space
mmc: vub300: fix an error code
PM: hibernate: Use __get_safe_page() rather than touching the list
PM: hibernate: Clean up sync_read handling in snapshot_write_next()
mmc: meson-gx: Remove setting of CMD_CFG_ERROR
genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev
mcb: fix error handling for different scenarios when parsing
parisc: Prevent booting 64-bit kernels on PA1.x machines
parisc/pgtable: Do not drop upper 5 address bits of physical address
ALSA: info: Fix potential deadlock at disconnection
net: dsa: lan9303: consequently nested-lock physical MDIO
i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
media: sharp: fix sharp encoding
media: venus: hfi: fix the check to handle session buffer requirement
ext4: apply umask if ACL support is disabled
ext4: correct offset of gdb backup in non meta_bg group to update_backups
ext4: correct return value of ext4_convert_meta_bg
ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids
net: sched: fix race condition in qdisc_graft()
Linux 4.14.331
Change-Id: I1a1bce75363d3b2c731f3e947543c6506bed9817
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 381fdb73d1e2a48244de7260550e453d1003bb8e upstream.
The performance mode of the gcc-plugin randstruct was shuffling struct
members outside of the cache-line groups. Limit the range to the
specified group indexes.
Cc: linux-hardening@vger.kernel.org
Cc: stable@vger.kernel.org
Reported-by: Lukas Loidolt <e1634039@student.tuwien.ac.at>
Closes: https://lore.kernel.org/all/f3ca77f0-e414-4065-83a5-ae4c4d25545d@student.tuwien.ac.at
Fixes: 313dd1b62921 ("gcc-plugins: Add the randstruct plugin")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmJfsXYACgkQONu9yGCS
aT4FSg/+JNuh/FNAa4Es7pC4O3BpsaIIji6MEYjSw1sMMgqtmXCnbm+1TCsgCOee
auBiVGZzNjLRNESrqOPisEA5aUs31i3fVOD0c55bHgOhqxtLxaU7HmtqIlfvnEKu
a49LRtqq3AEObilBFeBHQnUrTEGO/MnI4XoUsLdR6FWJBnYsBLczDdNGYIWZ/hCX
y129piS/P53nHfmPTMH0De6soOXFIx3d82437pwA0vDEANtMx8lyaW+kdPSsgZl7
03JAQFW1KRjiLzHt+9w7c78dbnyEIQd78W4wn4NFglN7Ybxi7NFEjaf0xnyerwG2
b38ofe8Gw5IqUzF6eCHliG1UgQwZD7pNBjOIKukrpxL3bIEcTOhIQeu1HCm901k0
/Y53ju6tNCrv2PbHVylYibasxPiA2gxzFwJW/JvWWTtZZ6AwkZV0fs3LXXpmDix3
7n/QBjQcz4sOAAWwFoaxneUOTaNoFseZtW/dgqbq+Ukgt2SCP15EUDMVjIXi3fDr
3z5+QvO5IbjbcsFShVfDQ6RfnALp4TWXbrPQ+RTK77BZTbMNg7wjKxBC2MmTmStI
8aiDYecKR4FOXdW930zxYHS76gx57V30hur7jlqjFz0uNYnXU/R42kKUxEqD/86G
UNX+zMv9uH5INANIy4P6DNZyZoTHQgdMIuuhKvntg/G3BcQ5I7k=
=zpoO
-----END PGP SIGNATURE-----
Merge 4.14.276 into android-4.14-stable
Changes in 4.14.276
USB: serial: pl2303: add IBM device IDs
USB: serial: simple: add Nokia phone driver
netdevice: add the case if dev is NULL
virtio_console: break out of buf poll on remove
ethernet: sun: Free the coherent when failing in probing
spi: Fix invalid sgs value
spi: Fix erroneous sgs value with min_t()
af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
fuse: fix pipe buffer lifetime for direct_io
tpm: fix reference counting for struct tpm_chip
block: Add a helper to validate the block size
virtio-blk: Use blk_validate_block_size() to validate block size
USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
coresight: Fix TRCCONFIGR.QE sysfs interface
iio: inkern: apply consumer scale on IIO_VAL_INT cases
iio: inkern: apply consumer scale when no channel scale is available
iio: inkern: make a best effort on offset calculation
clk: uniphier: Fix fixed-rate initialization
ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
Documentation: add link to stable release candidate tree
Documentation: update stable tree link
SUNRPC: avoid race between mod_timer() and del_timer_sync()
NFSD: prevent underflow in nfssvc_decode_writeargs()
pinctrl: samsung: drop pin banks references on error paths
can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
jffs2: fix memory leak in jffs2_do_mount_fs
jffs2: fix memory leak in jffs2_scan_medium
mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
mempolicy: mbind_range() set_policy() after vma_merge()
scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
qed: display VF trust config
qed: validate and restrict untrusted VFs vlan promisc mode
Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
ALSA: cs4236: fix an incorrect NULL check on list iterator
drbd: fix potential silent data corruption
ACPI: properties: Consistently return -ENOENT if there are no more references
drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
video: fbdev: sm712fb: Fix crash in smtcfb_read()
video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
ARM: dts: exynos: add missing HDMI supplies on SMDK5250
ARM: dts: exynos: add missing HDMI supplies on SMDK5420
carl9170: fix missing bit-wise or operator for tx_params
thermal: int340x: Increase bitmap size
lib/raid6/test: fix multiple definition linking error
DEC: Limit PMAX memory probing to R3k systems
media: davinci: vpif: fix unbalanced runtime PM get
brcmfmac: firmware: Allocate space for default boardrev in nvram
brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
PCI: pciehp: Clear cmd_busy bit in polling mode
crypto: authenc - Fix sleep in atomic context in decrypt_tail
crypto: mxs-dcp - Fix scatterlist processing
spi: tegra114: Add missing IRQ check in tegra_spi_probe
selftests/x86: Add validity check and allow field splitting
spi: pxa2xx-pci: Balance reference count for PCI DMA device
hwmon: (pmbus) Add mutex to regulator ops
hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
PM: hibernate: fix __setup handler error handling
PM: suspend: fix return value of __setup handler
hwrng: atmel - disable trng on failure path
crypto: vmx - add missing dependencies
ACPI: APEI: fix return value of __setup handlers
crypto: ccp - ccp_dmaengine_unregister release dma channels
hwmon: (pmbus) Add Vin unit off handling
clocksource: acpi_pm: fix return value of __setup handler
sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
perf/core: Fix address filter parser for multiple filters
perf/x86/intel/pt: Fix address filter config for 32-bit kernel
media: coda: Fix missing put_device() call in coda_get_vdoa_data
video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
ARM: dts: qcom: ipq4019: fix sleep clock
soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
media: usb: go7007: s2250-board: fix leak in probe()
ASoC: ti: davinci-i2s: Add check for clk_enable()
ALSA: spi: Add check for clk_enable()
arm64: dts: ns2: Fix spi-cpol and spi-cpha property
arm64: dts: broadcom: Fix sata nodename
printk: fix return value of printk.devkmsg __setup handler
ASoC: mxs-saif: Handle errors for clk_enable
ASoC: atmel_ssc_dai: Handle errors for clk_enable
memory: emif: Add check for setup_interrupts
memory: emif: check the pointer temp in get_device_details()
ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED
ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
ASoC: wm8350: Handle error for wm8350_register_irq
ASoC: fsi: Add check for clk_enable
video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe
mtd: onenand: Check for error irq
drm/edid: Don't clear formats if using deep color
ath9k_htc: fix uninit value bugs
power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
ray_cs: Check ioremap return value
power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
iwlwifi: Fix -EIO error code that is never returned
dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
scsi: pm8001: Fix abort all task initialization
TOMOYO: fix __setup handlers return values
ext2: correct max file size computing
drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return
KVM: x86: Fix emulation in writing cr8
KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
i2c: xiic: Make bus names unique
power: supply: wm8350-power: Handle error for wm8350_register_irq
power: supply: wm8350-power: Add missing free in free_charger_irq
PCI: Reduce warnings on possible RW1C corruption
powerpc/sysdev: fix incorrect use to determine if list is empty
mfd: mc13xxx: Add check for mc13xxx_irq_request
vxcan: enable local echo for sent CAN frames
MIPS: RB532: fix return value of __setup handler
mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
USB: storage: ums-realtek: fix error code in rts51x_read_mem()
af_netlink: Fix shift out of bounds in group mask calculation
i2c: mux: demux-pinctrl: do not deactivate a master that is not active
tcp: ensure PMTU updates are processed during fastopen
mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
mxser: fix xmit_buf leak in activate when LSR == 0xff
pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
staging:iio:adc:ad7280a: Fix handing of device address bit reversing.
serial: 8250_mid: Balance reference count for PCI DMA device
serial: 8250: Fix race condition in RTS-after-send handling
iio: adc: Add check for devm_request_threaded_irq
clk: qcom: clk-rcg2: Update the frac table for pixel clock
remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
clk: loongson1: Terminate clk_div_table with sentinel element
clk: clps711x: Terminate clk_div_table with sentinel element
clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
NFS: remove unneeded check in decode_devicenotify_args()
pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
tty: hvc: fix return value of __setup handler
kgdboc: fix return value of __setup handler
kgdbts: fix return value of __setup handler
jfs: fix divide error in dbNextAG
netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
xen: fix is_xen_pmu()
net: phy: broadcom: Fix brcm_fet_config_init()
qlcnic: dcb: default to returning -EOPNOTSUPP
net/x25: Fix null-ptr-deref caused by x25_disconnect
NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
lib/test: use after free in register_test_dev_kmod()
selinux: use correct type for context length
loop: use sysfs_emit() in the sysfs xxx show()
Fix incorrect type in assignment of ipv6 port for audit
irqchip/nvic: Release nvic_base upon failure
ACPICA: Avoid walking the ACPI Namespace if it is not there
ACPI/APEI: Limit printable size of BERT table data
PM: core: keep irq flags in device_pm_check_callbacks()
spi: tegra20: Use of_device_get_match_data()
ext4: don't BUG if someone dirty pages without asking ext4 first
ntfs: add sanity check on allocation size
video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
video: fbdev: w100fb: Reset global state
video: fbdev: cirrusfb: check pixclock to avoid divide by zero
video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
ARM: dts: bcm2837: Add the missing L1/L2 cache information
video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
ASoC: soc-core: skip zero num_dai component in searching dai name
media: cx88-mpeg: clear interrupt status register before streaming video
ARM: tegra: tamonten: Fix I2C3 pad setting
ARM: mmp: Fix failure to remove sram device
video: fbdev: sm712fb: Fix crash in smtcfb_write()
media: hdpvr: initialize dev->worker at hdpvr_register_videodev
mmc: host: Return an error when ->enable_sdio_irq() ops is missing
powerpc/lib/sstep: Fix 'sthcx' instruction
powerpc/lib/sstep: Fix build errors with newer binutils
scsi: qla2xxx: Fix warning for missing error code
scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
KVM: Prevent module exit until all VMs are freed
ubifs: rename_whiteout: Fix double free for whiteout_ui->data
ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
ubifs: rename_whiteout: correct old_dir size computing
can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
can: mcba_usb: properly check endpoint type
gfs2: Make sure FITRIM minlen is rounded up to fs block size
pinctrl: pinconf-generic: Print arguments for bias-pull-*
ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
mm/mmap: return 1 from stack_guard_gap __setup() handler
mm/memcontrol: return 1 from cgroup.memory __setup() handler
ubi: fastmap: Return error code if memory allocation fails in add_aeb()
ASoC: topology: Allow TLV control to be either read or write
ARM: dts: spear1340: Update serial node properties
ARM: dts: spear13xx: Update SPI dma properties
openvswitch: Fixed nd target mask field in the flow dump.
KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
ubifs: Rectify space amount budget for mkdir/tmpfile operations
rtc: wm8350: Handle error for wm8350_register_irq
ARM: 9187/1: JIVE: fix return value of __setup handler
KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
ptp: replace snprintf with sysfs_emit
powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
scsi: mvsas: Replace snprintf() with sysfs_emit()
scsi: bfa: Replace snprintf() with sysfs_emit()
power: supply: axp20x_battery: properly report current when discharging
powerpc: Set crashkernel offset to mid of RMA region
PCI: aardvark: Fix support for MSI interrupts
iommu/arm-smmu-v3: fix event handling soft lockup
dm ioctl: prevent potential spectre v1 gadget
scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
scsi: aha152x: Fix aha152x_setup() __setup handler return value
net/smc: correct settings of RMB window update limit
macvtap: advertise link netns via netlink
bnxt_en: Eliminate unintended link toggle during FW reset
MIPS: fix fortify panic when copying asm exception handlers
scsi: libfc: Fix use after free in fc_exch_abts_resp()
usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
xtensa: fix DTC warning unit_address_format
Bluetooth: Fix use after free in hci_send_acl
init/main.c: return 1 from handled __setup() functions
w1: w1_therm: fixes w1_seq for ds28ea00 sensors
SUNRPC/call_alloc: async tasks mustn't block waiting for memory
NFS: swap IO handling is slightly different for O_DIRECT IO
NFS: swap-out must always use STABLE writes.
serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
virtio_console: eliminate anonymous module_init & module_exit
jfs: prevent NULL deref in diFree
parisc: Fix CPU affinity for Lasi, WAX and Dino chips
ipv6: add missing tx timestamping on IPPROTO_RAW
net: add missing SOF_TIMESTAMPING_OPT_ID support
mm: fix race between MADV_FREE reclaim and blkdev direct IO read
drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
drm/imx: Fix memory leak in imx_pd_connector_get_modes
drbd: Fix five use after free bugs in get_initial_state
Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
mm/mempolicy: fix mpol_new leak in shared_policy_replace
x86/pm: Save the MSR validity status at context setup
x86/speculation: Restore speculation related MSRs during S3 resume
btrfs: fix qgroup reserve overflow the qgroup limit
arm64: patch_text: Fixup last cpu should be master
perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
mm: don't skip swap entry even if zap_details specified
arm64: module: remove (NOLOAD) from linker script
mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning
cgroup: Use open-time credentials for process migraton perm checks
cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
cgroup: Use open-time cgroup namespace for process migration perm checks
xfrm: policy: match with both mark and mask on user interfaces
memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
veth: Ensure eth header is in skb's linear part
gpiolib: acpi: use correct format characters
mlxsw: i2c: Fix initialization error flow
net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
nfc: nci: add flush_workqueue to prevent uaf
cifs: potential buffer overflow in handling symlinks
drm/amd: Add USBC connector ID
drm/amdkfd: Check for potential null return of kmalloc_array()
Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
scsi: target: tcmu: Fix possible page UAF
scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
net: micrel: fix KS8851_MLL Kconfig
ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
gpu: ipu-v3: Fix dev_dbg frequency output
scsi: mvsas: Add PCI ID of RocketRaid 2640
drivers: net: slip: fix NPD bug in sl_tx_timeout()
mm, page_alloc: fix build_zonerefs_node()
mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
gcc-plugins: latent_entropy: use /dev/urandom
ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
ARM: davinci: da850-evm: Avoid NULL pointer dereference
smp: Fix offline cpu check in flush_smp_call_function_queue()
i2c: pasemi: Wait for write xfers to finish
Linux 4.14.276
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I45d8292ce654c0236758030a89b4618cf3a3d87b
commit c40160f2998c897231f8454bf797558d30a20375 upstream.
While the latent entropy plugin mostly doesn't derive entropy from
get_random_const() for measuring the call graph, when __latent_entropy is
applied to a constant, then it's initialized statically to output from
get_random_const(). In that case, this data is derived from a 64-bit
seed, which means a buffer of 512 bits doesn't really have that amount
of compile-time entropy.
This patch fixes that shortcoming by just buffering chunks of
/dev/urandom output and doling it out as requested.
At the same time, it's important that we don't break the use of
-frandom-seed, for people who want the runtime benefits of the latent
entropy plugin, while still having compile-time determinism. In that
case, we detect whether gcc's set_random_seed() has been called by
making a call to get_random_seed(noinit=true) in the plugin init
function, which is called after set_random_seed() is called but before
anything that calls get_random_seed(noinit=false), and seeing if it's
zero or not. If it's not zero, we're in deterministic mode, and so we
just generate numbers with a basic xorshift prng.
Note that we don't detect if -frandom-seed is being used using the
documented local_tick variable, because it's assigned via:
local_tick = (unsigned) tv.tv_sec * 1000 + tv.tv_usec / 1000;
which may well overflow and become -1 on its own, and so isn't
reliable: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105171
[kees: The 256 byte rnd_buf size was chosen based on average (250),
median (64), and std deviation (575) bytes of used entropy for a
defconfig x86_64 build]
Fixes: 38addce8b600 ("gcc-plugins: Add latent_entropy plugin")
Cc: stable@vger.kernel.org
Cc: PaX Team <pageexec@freemail.hu>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220405222815.21155-1-Jason@zx2c4.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7OfIMACgkQONu9yGCS
aT5dxRAAooSpyWoPEdRPKVVF1FybPCn+0U0LZfTGEBbhNdFqb8RoLUxjUXhmYRId
Wu6BWbRuxMIPFMweR8LNwgs7mmY83ogRk91vnWDAfJ3kvNlxNfdWBNYtrnm6+YhQ
Nne8k/W7yj+oyYAPBm+SSblFGMgz8krCyRvRRf16TubZmwwFipQhJ0BdlPun5rzz
Fz99tzmt99+8nkphBMI2UIQfJN6bYUD03SRJTO7o3hD3viT5/FgfG1BQtf5eFttS
PXU2wGqBfiIaupILpOJ5ulT7Mkael9DERLx6SjDMD8eA6nOkn8oJeJHBFisjrt4k
h0TT8nlE11dyF8QrKjyFzF82pv0Gaatc7tfGdiZTHRhUHY/wcnSNCdOcGP3rLMJf
f9+cjIxSQJQr45Y+hEp5Z87GaPjg5rJiSJYvPGDrVAE4HZ9uJH1CSza3DQGPq8CB
ihssDrn9cnvqVGaCWRYMyUy8nro2VRiXSUwxAavWuIu9fRB5/66g1a8B5Fr3Npmz
Eyqlmafck+aLA5XtV+eX2tEzouIMaBKCFTvB970MeCIg1cma+P7QxMO89mvxTAwY
C//kE4bvR8o0WJHnVUreqiEPwnu2IlpmtEVEphxWXUG+VOACOfgQQnuvGSwk8F5q
thZJLwS5LOtC/s0uwXmLm8PL52nUBvT1bEyWzVgXaH/cmGKi/hs=
=Ljah
-----END PGP SIGNATURE-----
Merge 4.14.182 into android-4.14-stable
Changes in 4.14.182
ext4: add cond_resched() to ext4_protect_reserved_inode
watchdog: Fix the race between the release of watchdog_core_data and cdev
i2c: dev: Fix the race between the release of i2c_dev and cdev
padata: ensure the reorder timer callback runs on the correct CPU
padata: ensure padata_do_serial() runs on the correct CPU
ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
evm: Check also if *tfm is an error pointer in init_desc()
ima: Fix return value of ima_write_policy()
fix multiplication overflow in copy_fdtable()
iommu/amd: Fix over-read of ACPI UID from IVRS table
i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()'
ubi: Fix seq_file usage in detailed_erase_block_info debugfs file
gcc-common.h: Update for GCC 10
HID: multitouch: add eGalaxTouch P80H84 support
scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV
configfs: fix config_item refcnt leak in configfs_rmdir()
vhost/vsock: fix packet delivery order to monitoring devices
component: Silence bind error on -EPROBE_DEFER
scsi: ibmvscsi: Fix WARN_ON during event pool release
x86/apic: Move TSC deadline timer debug printk
gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp()
ceph: fix double unlock in handle_cap_export()
USB: core: Fix misleading driver bug report
platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
ARM: futex: Address build warning
padata: set cpu_index of unused CPUs to -1
padata: Replace delayed timer with immediate workqueue in padata_reorder
padata: initialize pd->cpu with effective cpumask
padata: purge get_cpu and reorder_via_wq from padata_do_serial
arm64: fix the flush_icache_range arguments in machine_kexec
l2tp: don't register sessions in l2tp_session_create()
l2tp: initialise l2tp_eth sessions before registering them
l2tp: protect sock pointer of struct pppol2tp_session with RCU
l2tp: initialise PPP sessions before registering them
ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option
ALSA: pcm: fix incorrect hw_base increase
apparmor: Fix aa_label refcnt leak in policy_update
dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()'
powerpc: restore alphabetic order in Kconfig
powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE
powerpc/64s: Disable STRICT_KERNEL_RWX
x86/uaccess, ubsan: Fix UBSAN vs. SMAP
ubsan: build ubsan.c more conservatively
libnvdimm/btt: Remove unnecessary code in btt_freelist_init
libnvdimm/btt: Fix LBA masking during 'free list' population
media: fdp1: Fix R-Car M3-N naming in debug message
cxgb4: free mac_hlist properly
cxgb4/cxgb4vf: Fix mac_hlist initialization and free
Revert "gfs2: Don't demote a glock until its revokes are written"
staging: iio: ad2s1210: Fix SPI reading
staging: greybus: Fix uninitialized scalar variable
iio: sca3000: Remove an erroneous 'get_device()'
iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()'
mei: release me_cl object reference
rapidio: fix an error in get_user_pages_fast() error handling
rxrpc: Fix a memory leak in rxkad_verify_response()
x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks
iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel()
iio: adc: stm32-adc: fix device used to request dma
Linux 4.14.182
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5c1fd52b8c5565f2b3be89efeefc5a66fe806247
[ Upstream commit c7527373fe28f97d8a196ab562db5589be0d34b9 ]
Remove "params.h" include, which has been dropped in GCC 10.
Remove is_a_helper() macro, which is now defined in gimple.h, as seen
when running './scripts/gcc-plugin.sh g++ g++ gcc':
In file included from <stdin>:1:
./gcc-plugins/gcc-common.h:852:13: error: redefinition of ‘static bool is_a_helper<T>::test(U*) [with U = const gimple; T = const ggoto*]’
852 | inline bool is_a_helper<const ggoto *>::test(const_gimple gs)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ./gcc-plugins/gcc-common.h:125,
from <stdin>:1:
/usr/lib/gcc/x86_64-redhat-linux/10/plugin/include/gimple.h:1037:1: note: ‘static bool is_a_helper<T>::test(U*) [with U = const gimple; T = const ggoto*]’ previously declared here
1037 | is_a_helper <const ggoto *>::test (const gimple *gs)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
Add -Wno-format-diag to scripts/gcc-plugins/Makefile to avoid
meaningless warnings from error() formats used by plugins:
scripts/gcc-plugins/structleak_plugin.c: In function ‘int plugin_init(plugin_name_args*, plugin_gcc_version*)’:
scripts/gcc-plugins/structleak_plugin.c:253:12: warning: unquoted sequence of 2 consecutive punctuation characters ‘'-’ in format [-Wformat-diag]
253 | error(G_("unknown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org>
Link: https://lore.kernel.org/r/20200407113259.270172-1-frederic.pierret@qubes-os.org
[kees: include -Wno-format-diag for plugin builds]
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Work around missing cc-option support in Kconfig by checking required
compiler flags in Makefile.
(Upstream commit 5aadfdeb8de001ca04d500586e3b033404c28617.)
As Documentation/kbuild/kconfig-language.txt notes, 'select' should be
be used with care - it forces a lower limit of another symbol, ignoring
the dependency. Currently, KCOV can select GCC_PLUGINS even if arch
does not select HAVE_GCC_PLUGINS. This could cause the unmet direct
dependency.
Now that Kconfig can test compiler capability, let's handle this in a
more sophisticated way.
There are two ways to enable KCOV; use the compiler that natively
supports -fsanitize-coverage=trace-pc, or build the SANCOV plugin if
the compiler has ability to build GCC plugins. Hence, the correct
dependency for KCOV is:
depends on CC_HAS_SANCOV_TRACE_PC || GCC_PLUGINS
You do not need to build the SANCOV plugin if the compiler already
supports -fsanitize-coverage=trace-pc. Hence, the select should be:
select GCC_PLUGIN_SANCOV if !CC_HAS_SANCOV_TRACE_PC
With this, GCC_PLUGIN_SANCOV is selected only when necessary, so
scripts/Makefile.gcc-plugins can be cleaner.
I also cleaned up Kconfig and scripts/Makefile.kcov as well.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Change-Id: Iad9110eb7b6ecef6dfcec38cf483699c1b85af01
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Bug: 147413187
commit 60f2c82ed20bde57c362e66f796cf9e0e38a6dbb upstream.
While no uses in the kernel triggered this case, it was possible to have
a false negative where a struct contains other structs which contain only
function pointers because of unreachable code in is_pure_ops_struct().
Signed-off-by: Joonwon Kang <kjw1627@gmail.com>
Link: https://lore.kernel.org/r/20190727155841.GA13586@host
Fixes: 313dd1b62921 ("gcc-plugins: Add the randstruct plugin")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 7210e060155b9cf557fb13128353c3e494fa5ed3 upstream.
The gcc-common.h file did not take into account certain macros that
might have already been defined in the build environment. This updates
the header to avoid redefining the macros, as seen on a Darwin host
using gcc 4.9.2:
HOSTCXX -fPIC scripts/gcc-plugins/arm_ssp_per_task_plugin.o - due to: scripts/gcc-plugins/gcc-common.h
In file included from scripts/gcc-plugins/arm_ssp_per_task_plugin.c:3:0:
scripts/gcc-plugins/gcc-common.h:153:0: warning: "__unused" redefined
^
In file included from /usr/include/stdio.h:64:0,
from /Users/hns/Documents/Projects/QuantumSTEP/System/Library/Frameworks/System.framework/Versions-jessie/x86_64-apple-darwin15.0.0/gcc/arm-linux-gnueabi/bin/../lib/gcc/arm-linux-gnueabi/4.9.2/plugin/include/system.h:40,
from /Users/hns/Documents/Projects/QuantumSTEP/System/Library/Frameworks/System.framework/Versions-jessie/x86_64-apple-darwin15.0.0/gcc/arm-linux-gnueabi/bin/../lib/gcc/arm-linux-gnueabi/4.9.2/plugin/include/gcc-plugin.h:28,
from /Users/hns/Documents/Projects/QuantumSTEP/System/Library/Frameworks/System.framework/Versions-jessie/x86_64-apple-darwin15.0.0/gcc/arm-linux-gnueabi/bin/../lib/gcc/arm-linux-gnueabi/4.9.2/plugin/include/plugin.h:23,
from scripts/gcc-plugins/gcc-common.h:9,
from scripts/gcc-plugins/arm_ssp_per_task_plugin.c:3:
/usr/include/sys/cdefs.h:161:0: note: this is the location of the previous definition
^
Reported-and-tested-by: "H. Nikolaus Schaller" <hns@goldelico.com>
Fixes: 189af4657186 ("ARM: smp: add support for per-task stack canaries")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b86729109c5fd0a480300f40608aac68764b5adf upstream.
GCC 8 changed the order of some fields and is very picky about ordering
in static initializers, so instead just move to dynamic initializers,
and drop the redundant already-zero field assignments.
Suggested-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Lance Albertson <lance@osuosl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.
By default all files without license information are under the default
license of the kernel, which is GPL version 2.
Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.
This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.
How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,
Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.
The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.
The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.
Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if <5
lines).
All documentation files were explicitly excluded.
The following heuristics were used to determine which SPDX license
identifiers to apply.
- when both scanners couldn't find any license traces, file was
considered to have no license information in it, and the top level
COPYING file license applied.
For non */uapi/* files that summary was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 11139
and resulted in the first patch in this series.
If that file was a */uapi/* path one, it was "GPL-2.0 WITH
Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 WITH Linux-syscall-note 930
and resulted in the second patch in this series.
- if a file had some form of licensing information in it, and was one
of the */uapi/* ones, it was denoted with the Linux-syscall-note if
any GPL family license was found in the file or had no licensing in
it (per prior point). Results summary:
SPDX license identifier # files
---------------------------------------------------|------
GPL-2.0 WITH Linux-syscall-note 270
GPL-2.0+ WITH Linux-syscall-note 169
((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21
((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17
LGPL-2.1+ WITH Linux-syscall-note 15
GPL-1.0+ WITH Linux-syscall-note 14
((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5
LGPL-2.0+ WITH Linux-syscall-note 4
LGPL-2.1 WITH Linux-syscall-note 3
((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3
((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1
and that resulted in the third patch in this series.
- when the two scanners agreed on the detected license(s), that became
the concluded license(s).
- when there was disagreement between the two scanners (one detected a
license but the other didn't, or they both detected different
licenses) a manual inspection of the file occurred.
- In most cases a manual inspection of the information in the file
resulted in a clear resolution of the license that should apply (and
which scanner probably needed to revisit its heuristics).
- When it was not immediately clear, the license identifier was
confirmed with lawyers working with the Linux Foundation.
- If there was any question as to the appropriate license identifier,
the file was flagged for further research and to be revisited later
in time.
In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.
Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights. The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.
Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.
In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.
Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
- a full scancode scan run, collecting the matched texts, detected
license ids and scores
- reviewing anything where there was a license detected (about 500+
files) to ensure that the applied SPDX license was correct
- reviewing anything where there was no detection but the patch license
was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
SPDX license was correct
This produced a worksheet with 20 files needing minor correction. This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.
These .csv files were then reviewed by Greg. Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected. This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.) Finally Greg ran the script using the .csv files to
generate the patches.
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In the Linux kernel, struct type variables are rarely passed by-value,
and so functions that initialize such variables typically take an input
reference to the variable rather than returning a value that can
subsequently be used in an assignment.
If the initalization function is not part of the same compilation unit,
the lack of an assignment operation defeats any analysis the compiler
can perform as to whether the variable may be used before having been
initialized. This means we may end up passing on such variables
uninitialized, resulting in potential information leaks.
So extend the existing structleak GCC plugin so it will [optionally]
apply to all struct type variables that have their address taken at any
point, rather than only to variables of struct types that have a __user
annotation.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
This enables the automatic structure selection logic in the randstruct
GCC plugin. The selection logic randomizes all structures that contain
only function pointers, unless marked with __no_randomize_layout.
Signed-off-by: Kees Cook <keescook@chromium.org>
The NIU ethernet driver intentionally stores a page struct pointer on
top of the "mapping" field. Whitelist this case:
drivers/net/ethernet/sun/niu.c: In function ‘niu_rx_pkt_ignore’:
drivers/net/ethernet/sun/niu.c:3402:10: note: found mismatched ssa struct pointer types: ‘struct page’ and ‘struct address_space’
*link = (struct page *) page->mapping;
~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Kees Cook <keescook@chromium.org>
The big_key payload structure intentionally stores a struct path in
two void pointers to avoid header soup. Whitelist this case:
security/keys/big_key.c: In function ‘big_key_read’:
security/keys/big_key.c:293:16: note: found mismatched rhs struct pointer types: ‘struct path’ and ‘void *’
struct path *path = (struct path *)&key->payload.data[big_key_path];
^~~~
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
This is another false positive in bad cast detection:
net/unix/af_unix.c: In function ‘unix_skb_scm_eq’:
net/unix/af_unix.c:1621:31: note: found mismatched rhs struct pointer types: ‘struct unix_skb_parms’ and ‘char’
const struct unix_skb_parms *u = &UNIXCB(skb);
^
UNIXCB is:
#define UNIXCB(skb) (*(struct unix_skb_parms *)&((skb)->cb))
And ->cb is:
char cb[48] __aligned(8);
This is a rather crazy cast, but appears to be safe in the face of
randomization, so whitelist it in the plugin.
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Kees Cook <keescook@chromium.org>
The LSM initialization routines walk security_hook_heads as an array
of struct list_head instead of via names to avoid a ton of needless
source. Whitelist this to avoid the false positive warning from the
plugin:
security/security.c: In function ‘security_init’:
security/security.c:59:20: note: found mismatched op0 struct pointer types: ‘struct list_head’ and ‘struct security_hook_heads’
struct list_head *list = (struct list_head *) &security_hook_heads;
^
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: James Morris <james.l.morris@oracle.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
This randstruct plugin is modified from Brad Spengler/PaX Team's code
in the last public patch of grsecurity/PaX based on my understanding
of the code. Changes or omissions from the original code are mine and
don't reflect the original grsecurity/PaX code.
The randstruct GCC plugin randomizes the layout of selected structures
at compile time, as a probabilistic defense against attacks that need to
know the layout of structures within the kernel. This is most useful for
"in-house" kernel builds where neither the randomization seed nor other
build artifacts are made available to an attacker. While less useful for
distribution kernels (where the randomization seed must be exposed for
third party kernel module builds), it still has some value there since now
all kernel builds would need to be tracked by an attacker.
In more performance sensitive scenarios, GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
can be selected to make a best effort to restrict randomization to
cacheline-sized groups of elements, and will not randomize bitfields. This
comes at the cost of reduced randomization.
Two annotations are defined,__randomize_layout and __no_randomize_layout,
which respectively tell the plugin to either randomize or not to
randomize instances of the struct in question. Follow-on patches enable
the auto-detection logic for selecting structures for randomization
that contain only function pointers. It is disabled here to assist with
bisection.
Since any randomized structs must be initialized using designated
initializers, __randomize_layout includes the __designated_init annotation
even when the plugin is disabled so that all builds will require
the needed initialization. (With the plugin enabled, annotations for
automatically chosen structures are marked as well.)
The main differences between this implemenation and grsecurity are:
- disable automatic struct selection (to be enabled in follow-up patch)
- add designated_init attribute at runtime and for manual marking
- clarify debugging output to differentiate bad cast warnings
- add whitelisting infrastructure
- support gcc 7's DECL_ALIGN and DECL_MODE changes (Laura Abbott)
- raise minimum required GCC version to 4.7
Earlier versions of this patch series were ported by Michael Leibowitz.
Signed-off-by: Kees Cook <keescook@chromium.org>
The c-common.h file moved in stock gcc 4.7, not gcc 4.6. However, most
people building plugins with gcc 4.6 are using the Debian or Ubuntu
version, which includes a patch to move the headers to the 4.7 location.
In case anyone trips over this with a stock gcc 4.6, add a pointer to the
patch used by Debian/Ubuntu.
Signed-off-by: Kees Cook <keescook@chromium.org>
The name of the local variable was inadvertantly changed from
sancov_plugin_pass_info to sancov_pass_info:
scripts/gcc-plugins/sancov_plugin.c: In function ‘int plugin_init(plugin_name_args*, plugin_gcc_version*)’:
scripts/gcc-plugins/sancov_plugin.c:136:67: error: ‘sancov_plugin_pass_info’ was not declared in this scope
This changes the conditional reference to this variable as well.
Fixes: 5a45a4c5c3f5 ("gcc-plugins: consolidate on PASS_INFO macro")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kees Cook <keescook@chromium.org>
This plugin detects any structures that contain __user attributes and
makes sure it is being fully initialized so that a specific class of
information exposure is eliminated. (This plugin was originally designed
to block the exposure of siginfo in CVE-2013-2141.)
Ported from grsecurity/PaX. This version adds a verbose option to the
plugin and the Kconfig.
Signed-off-by: Kees Cook <keescook@chromium.org>
Now that PASS_INFO() exists, use it in the other existing gcc plugins,
instead of always open coding the same thing.
Based on updates to the grsecurity/PaX gcc plugins.
Signed-off-by: Kees Cook <keescook@chromium.org>
This updates the GCC plugins gcc-common.h from PaX Team to include
more helpers and header files, specifically adds the PASS_INFO()
macro to make plugin declarations nicer and a helper for proper
const string building.
Signed-off-by: Kees Cook <keescook@chromium.org>
This updates gcc-common.h from Emese Revfy for gcc 7. This fixes issues seen
by Kugan and Arnd. Build tested with gcc 5.4 and 7 snapshot.
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
The stack frame size could grow too large when the plugin used long long
on 32-bit architectures when the given function had too many basic blocks.
The gcc warning was:
drivers/pci/hotplug/ibmphp_ebda.c: In function 'ibmphp_access_ebda':
drivers/pci/hotplug/ibmphp_ebda.c:409:1: warning: the frame size of 1108 bytes is larger than 1024 bytes [-Wframe-larger-than=]
This switches latent_entropy from u64 to unsigned long.
Thanks to PaX Team and Emese Revfy for the patch.
Signed-off-by: Kees Cook <keescook@chromium.org>
This adds a new gcc plugin named "latent_entropy". It is designed to
extract as much possible uncertainty from a running system at boot time as
possible, hoping to capitalize on any possible variation in CPU operation
(due to runtime data differences, hardware differences, SMP ordering,
thermal timing variation, cache behavior, etc).
At the very least, this plugin is a much more comprehensive example for
how to manipulate kernel code using the gcc plugin internals.
The need for very-early boot entropy tends to be very architecture or
system design specific, so this plugin is more suited for those sorts
of special cases. The existing kernel RNG already attempts to extract
entropy from reliable runtime variation, but this plugin takes the idea to
a logical extreme by permuting a global variable based on any variation
in code execution (e.g. a different value (and permutation function)
is used to permute the global based on loop count, case statement,
if/then/else branching, etc).
To do this, the plugin starts by inserting a local variable in every
marked function. The plugin then adds logic so that the value of this
variable is modified by randomly chosen operations (add, xor and rol) and
random values (gcc generates separate static values for each location at
compile time and also injects the stack pointer at runtime). The resulting
value depends on the control flow path (e.g., loops and branches taken).
Before the function returns, the plugin mixes this local variable into
the latent_entropy global variable. The value of this global variable
is added to the kernel entropy pool in do_one_initcall() and _do_fork(),
though it does not credit any bytes of entropy to the pool; the contents
of the global are just used to mix the pool.
Additionally, the plugin can pre-initialize arrays with build-time
random contents, so that two different kernel builds running on identical
hardware will not have the same starting values.
Signed-off-by: Emese Revfy <re.emese@gmail.com>
[kees: expanded commit message and code comments]
Signed-off-by: Kees Cook <keescook@chromium.org>
This adds support for building more complex gcc plugins that live in a
subdirectory instead of just in a single source file.
Reported-by: PaX Team <pageexec@freemail.hu>
Signed-off-by: Emese Revfy <re.emese@gmail.com>
[kees: clarified commit message]
Signed-off-by: Kees Cook <keescook@chromium.org>
There's no reason to repeat the same names in the Makefile when the .so
files have already been listed. The .o list can be generated from them.
Reported-by: PaX Team <pageexec@freemail.hu>
Signed-off-by: Emese Revfy <re.emese@gmail.com>
[kees: clarified commit message]
Signed-off-by: Kees Cook <keescook@chromium.org>
The sancov gcc plugin inserts a __sanitizer_cov_trace_pc() call
at the start of basic blocks.
This plugin is a helper plugin for the kcov feature. It supports
all gcc versions with plugin support (from gcc-4.5 on).
It is based on the gcc commit "Add fuzzing coverage support" by Dmitry Vyukov
(https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=231296).
Signed-off-by: Emese Revfy <re.emese@gmail.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michal Marek <mmarek@suse.com>
Add a very simple plugin to demonstrate the GCC plugin infrastructure. This GCC
plugin computes the cyclomatic complexity of each function.
The complexity M of a function's control flow graph is defined as:
M = E - N + 2P
where
E = the number of edges
N = the number of nodes
P = the number of connected components (exit nodes).
Signed-off-by: Emese Revfy <re.emese@gmail.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michal Marek <mmarek@suse.com>
This patch allows to build the whole kernel with GCC plugins. It was ported from
grsecurity/PaX. The infrastructure supports building out-of-tree modules and
building in a separate directory. Cross-compilation is supported too.
Currently the x86, arm, arm64 and uml architectures enable plugins.
The directory of the gcc plugins is scripts/gcc-plugins. You can use a file or a directory
there. The plugins compile with these options:
* -fno-rtti: gcc is compiled with this option so the plugins must use it too
* -fno-exceptions: this is inherited from gcc too
* -fasynchronous-unwind-tables: this is inherited from gcc too
* -ggdb: it is useful for debugging a plugin (better backtrace on internal
errors)
* -Wno-narrowing: to suppress warnings from gcc headers (ipa-utils.h)
* -Wno-unused-variable: to suppress warnings from gcc headers (gcc_version
variable, plugin-version.h)
The infrastructure introduces a new Makefile target called gcc-plugins. It
supports all gcc versions from 4.5 to 6.0. The scripts/gcc-plugin.sh script
chooses the proper host compiler (gcc-4.7 can be built by either gcc or g++).
This script also checks the availability of the included headers in
scripts/gcc-plugins/gcc-common.h.
The gcc-common.h header contains frequently included headers for GCC plugins
and it has a compatibility layer for the supported gcc versions.
The gcc-generate-*-pass.h headers automatically generate the registration
structures for GIMPLE, SIMPLE_IPA, IPA and RTL passes.
Note that 'make clean' keeps the *.so files (only the distclean or mrproper
targets clean all) because they are needed for out-of-tree modules.
Based on work created by the PaX Team.
Signed-off-by: Emese Revfy <re.emese@gmail.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michal Marek <mmarek@suse.com>
