1. 09 10月, 2014 1 次提交
  2. 08 10月, 2014 2 次提交
  3. 07 10月, 2014 1 次提交
    • A
      x86_64, entry: Filter RFLAGS.NT on entry from userspace · 8c7aa698
      Andy Lutomirski 提交于
      The NT flag doesn't do anything in long mode other than causing IRET
      to #GP.  Oddly, CPL3 code can still set NT using popf.
      
      Entry via hardware or software interrupt clears NT automatically, so
      the only relevant entries are fast syscalls.
      
      If user code causes kernel code to run with NT set, then there's at
      least some (small) chance that it could cause trouble.  For example,
      user code could cause a call to EFI code with NT set, and who knows
      what would happen?  Apparently some games on Wine sometimes do
      this (!), and, if an IRET return happens, they will segfault.  That
      segfault cannot be handled, because signal delivery fails, too.
      
      This patch programs the CPU to clear NT on entry via SYSCALL (both
      32-bit and 64-bit, by my reading of the AMD APM), and it clears NT
      in software on entry via SYSENTER.
      
      To save a few cycles, this borrows a trick from Jan Beulich in Xen:
      it checks whether NT is set before trying to clear it.  As a result,
      it seems to have very little effect on SYSENTER performance on my
      machine.
      
      There's another minor bug fix in here: it looks like the CFI
      annotations were wrong if CONFIG_AUDITSYSCALL=n.
      
      Testers beware: on Xen, SYSENTER with NT set turns into a GPF.
      
      I haven't touched anything on 32-bit kernels.
      
      The syscall mask change comes from a variant of this patch by Anish
      Bhatt.
      
      Note to stable maintainers: there is no known security issue here.
      A misguided program can set NT and cause the kernel to try and fail
      to deliver SIGSEGV, crashing the program.  This patch fixes Far Cry
      on Wine: https://bugs.winehq.org/show_bug.cgi?id=33275
      
      Cc: <stable@vger.kernel.org>
      Reported-by: NAnish Bhatt <anish@chelsio.com>
      Signed-off-by: NAndy Lutomirski <luto@amacapital.net>
      Link: http://lkml.kernel.org/r/395749a5d39a29bd3e4b35899cf3a3c1340e5595.1412189265.git.luto@amacapital.netSigned-off-by: NH. Peter Anvin <hpa@zytor.com>
      8c7aa698
  4. 02 10月, 2014 1 次提交
  5. 29 9月, 2014 2 次提交
  6. 28 9月, 2014 7 次提交
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 1e3827bf
      Linus Torvalds 提交于
      Pull vfs fixes from Al Viro:
       "Assorted fixes + unifying __d_move() and __d_materialise_dentry() +
        minimal regression fix for d_path() of victims of overwriting rename()
        ported on top of that"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        vfs: Don't exchange "short" filenames unconditionally.
        fold swapping ->d_name.hash into switch_names()
        fold unlocking the children into dentry_unlock_parents_for_move()
        kill __d_materialise_dentry()
        __d_materialise_dentry(): flip the order of arguments
        __d_move(): fold manipulations with ->d_child/->d_subdirs
        don't open-code d_rehash() in d_materialise_unique()
        pull rehashing and unlocking the target dentry into __d_materialise_dentry()
        ufs: deal with nfsd/iget races
        fuse: honour max_read and max_write in direct_io mode
        shmem: fix nlink for rename overwrite directory
      1e3827bf
    • L
      Merge branch 'for-3.17-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup · 6111da34
      Linus Torvalds 提交于
      Pull cgroup fixes from Tejun Heo:
       "This is quite late but these need to be backported anyway.
      
        This is the fix for a long-standing cpuset bug which existed from
        2009.  cpuset makes use of PF_SPREAD_{PAGE|SLAB} flags to modify the
        task's memory allocation behavior according to the settings of the
        cpuset it belongs to; unfortunately, when those flags have to be
        changed, cpuset did so directly even whlie the target task is running,
        which is obviously racy as task->flags may be modified by the task
        itself at any time.  This obscure bug manifested as corrupt
        PF_USED_MATH flag leading to a weird crash.
      
        The bug is fixed by moving the flag to task->atomic_flags.  The first
        two are prepatory ones to help defining atomic_flags accessors and the
        third one is the actual fix"
      
      * 'for-3.17-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
        cpuset: PF_SPREAD_PAGE and PF_SPREAD_SLAB should be atomic flags
        sched: add macros to define bitops for task atomic flags
        sched: fix confusing PFA_NO_NEW_PRIVS constant
      6111da34
    • L
      Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 83692898
      Linus Torvalds 提交于
      Pull ARM SoC fixes from Olof Johansson:
       "Here's our last set of fixes for 3.17.  Most of these are for TI
        platforms, fixing some noisy Kconfig issues, runtime clock and power
        issues on several platforms and NAND timings on DRA7.
      
        There are also a couple of bug fixes for i.MX, one for QCOM and a
       small fix to avoid section mismatch noise on PXA.
      
        Diffstat looks large, partially due to some tables being updated and
        thus touching many lines.  The qcom gsbi change also restructures
        clock management a bit and thus touches a bunch of lines.
      
        All in all, a bit more changes than we'd like at this point, but
        nothing stands out as risky either so it seems like the right thing to
        send it up now instead of holding it to the merge window"
      
      * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        drivers/soc: qcom: do not disable the iface clock in probe
        ARM: imx: fix .is_enabled() of shared gate clock
        ARM: OMAP3: Fix I/O chain clock line assertion timed out error
        ARM: keystone: dts: fix bindings for pcie and usb clock nodes
        bus: omap_l3_noc: Fix connID for OMAP4
        ARM: DT: imx53: fix lvds channel 1 port
        ARM: dts: cm-t54: fix serial console power supply.
        ARM: dts: dra7-evm: Fix NAND GPMC timings
        ARM: pxa: fix section mismatch warning for pxa_timer_nodt_init
        ARM: OMAP: Fix Kconfig warning for omap1
      83692898
    • L
      Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · 74807afd
      Linus Torvalds 提交于
      Pull MIPS fixes from Ralf Baechle:
       "The final round of fixes.  One corner case in the math emulator and
        another one in the mcount function for ftrace"
      
      * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
        MIPS: mcount: Adjust stack pointer for static trace in MIPS32
        MIPS: Fix MFC1 & MFHC1 emulation for 64-bit MIPS systems
      74807afd
    • L
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · cd40fab6
      Linus Torvalds 提交于
      Pull x86 fixes from Ingo Molnar:
       "This has:
      
         - EFI revert to fix a boot regression
         - early_ioremap() fix for boot failure
         - KASLR fix for possible boot failures
         - EFI fix for corrupted string printing
         - remove a misleading EFI bootup 'failed!' error message
      
        Unfortunately it's all rather close to the merge window"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/efi: Truncate 64-bit values when calling 32-bit OutputString()
        x86/efi: Delete misleading efi_printk() error message
        Revert "efi/x86: efistub: Move shared dependencies to <asm/efi.h>"
        x86/kaslr: Avoid the setup_data area when picking location
        x86 early_ioremap: Increase FIX_BTMAPS_SLOTS to 8
      cd40fab6
    • M
      vfs: Don't exchange "short" filenames unconditionally. · d2fa4a84
      Mikhail Efremov 提交于
      Only exchange source and destination filenames
      if flags contain RENAME_EXCHANGE.
      In case if executable file was running and replaced by
      other file /proc/PID/exe should still show correct file name,
      not the old name of the file by which it was replaced.
      
      The scenario when this bug manifests itself was like this:
      * ALT Linux uses rpm and start-stop-daemon;
      * during a package upgrade rpm creates a temporary file
        for an executable to rename it upon successful unpacking;
      * start-stop-daemon is run subsequently and it obtains
        the (nonexistant) temporary filename via /proc/PID/exe
        thus failing to identify the running process.
      
      Note that "long" filenames (> DNAiME_INLINE_LEN) are still
      exchanged without RENAME_EXCHANGE and this behaviour exists
      long enough (should be fixed too apparently).
      So this patch is just an interim workaround that restores
      behavior for "short" names as it was before changes
      introduced by commit da1ce067 ("vfs: add cross-rename").
      
      See https://lkml.org/lkml/2014/9/7/6 for details.
      
      AV: the comments about being more careful with ->d_name.hash
      than with ->d_name.name are from back in 2.3.40s; they
      became obsolete by 2.3.60s, when we started to unhash the
      target instead of swapping hash chain positions followed
      by d_delete() as we used to do when dcache was first
      introduced.
      Acked-by: NMiklos Szeredi <mszeredi@suse.cz>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: linux-fsdevel@vger.kernel.org
      Cc: stable@vger.kernel.org
      Fixes: da1ce067 "vfs: add cross-rename"
      Signed-off-by: NMikhail Efremov <sem@altlinux.org>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      d2fa4a84
    • L
      fold swapping ->d_name.hash into switch_names() · a28ddb87
      Linus Torvalds 提交于
      and do it along with ->d_name.len there
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      a28ddb87
  7. 27 9月, 2014 10 次提交
  8. 26 9月, 2014 16 次提交