1. 17 7月, 2018 8 次提交
  2. 10 7月, 2018 2 次提交
  3. 09 7月, 2018 11 次提交
    • G
      HID: hiddev: fix potential Spectre v1 · 4f65245f
      Gustavo A. R. Silva 提交于
      uref->field_index, uref->usage_index, finfo.field_index and cinfo.index can be
      indirectly controlled by user-space, hence leading to a potential exploitation
      of the Spectre variant 1 vulnerability.
      
      This issue was detected with the help of Smatch:
      
      drivers/hid/usbhid/hiddev.c:473 hiddev_ioctl_usage() warn: potential spectre issue 'report->field' (local cap)
      drivers/hid/usbhid/hiddev.c:477 hiddev_ioctl_usage() warn: potential spectre issue 'field->usage' (local cap)
      drivers/hid/usbhid/hiddev.c:757 hiddev_ioctl() warn: potential spectre issue 'report->field' (local cap)
      drivers/hid/usbhid/hiddev.c:801 hiddev_ioctl() warn: potential spectre issue 'hid->collection' (local cap)
      
      Fix this by sanitizing such structure fields before using them to index
      report->field, field->usage and hid->collection
      
      Notice that given that speculation windows are large, the policy is
      to kill the speculation on the first load and not worry if it can be
      completed with a dependent load/store [1].
      
      [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2
      
      Cc: stable@vger.kernel.org
      Signed-off-by: NGustavo A. R. Silva <gustavo@embeddedor.com>
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      4f65245f
    • J
      HID: i2c-hid: Fix "incomplete report" noise · ef6eaf27
      Jason Andryuk 提交于
      Commit ac75a041 ("HID: i2c-hid: fix size check and type usage") started
      writing messages when the ret_size is <= 2 from i2c_master_recv.  However, my
      device i2c-DLL07D1 returns 2 for a short period of time (~0.5s) after I stop
      moving the pointing stick or touchpad.  It varies, but you get ~50 messages
      each time which spams the log hard.
      
      [  95.925055] i2c_hid i2c-DLL07D1:01: i2c_hid_get_input: incomplete report (83/2)
      
      This has also been observed with a i2c-ALP0017.
      
      [ 1781.266353] i2c_hid i2c-ALP0017:00: i2c_hid_get_input: incomplete report (30/2)
      
      Only print the message when ret_size is totally invalid and less than 2 to cut
      down on the log spam.
      
      Fixes: ac75a041 ("HID: i2c-hid: fix size check and type usage")
      Reported-by: NJohn Smith <john-s-84@gmx.net>
      Cc: stable@vger.kernel.org
      Signed-off-by: NJason Andryuk <jandryuk@gmail.com>
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      ef6eaf27
    • L
      Linux 4.18-rc4 · 1e4b044d
      Linus Torvalds 提交于
      1e4b044d
    • L
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · ca04b3cc
      Linus Torvalds 提交于
      Pull ARM SoC fixes from Olof Johansson:
       "A small collection of fixes, sort of the usual at this point, all for
        i.MX or OMAP:
      
         - Enable ULPI drivers on i.MX to avoid a hang
      
         - Pinctrl fix for touchscreen on i.MX51 ZII RDU1
      
         - Fixes for ethernet clock references on am3517
      
         - mmc0 write protect detection fix for am335x
      
         - kzalloc->kcalloc conversion in an OMAP driver
      
         - USB metastability fix for USB on dra7
      
         - Fix touchscreen wakeup on am437x"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        ARM: imx_v4_v5_defconfig: Select ULPI support
        ARM: imx_v6_v7_defconfig: Select ULPI support
        ARM: dts: omap3: Fix am3517 mdio and emac clock references
        ARM: dts: am335x-bone-common: Fix mmc0 Write Protect
        bus: ti-sysc: Use 2-factor allocator arguments
        ARM: dts: dra7: Disable metastability workaround for USB2
        ARM: dts: imx51-zii-rdu1: fix touchscreen pinctrl
        ARM: dts: am437x: make edt-ft5x06 a wakeup source
      ca04b3cc
    • L
      Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 23adbe6f
      Linus Torvalds 提交于
      Pull x86/pti updates from Thomas Gleixner:
       "Two small fixes correcting the handling of SSB mitigations on AMD
        processors"
      
      * 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
        x86/bugs: Update when to check for the LS_CFG SSBD mitigation
      23adbe6f
    • L
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 6f27a640
      Linus Torvalds 提交于
      Pull x86 fixes from Thomas Gleixner:
      
       - Prevent an out-of-bounds access in mtrr_write()
      
       - Break a circular dependency in the new hyperv IPI acceleration code
      
       - Address the build breakage related to inline functions by enforcing
         gnu_inline and explicitly bringing native_save_fl() out of line,
         which also adds a set of _ARM_ARG macros which provide 32/64bit
         safety.
      
       - Initialize the shadow CR4 per cpu variable before using it.
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/mtrr: Don't copy out-of-bounds data in mtrr_write
        x86/hyper-v: Fix the circular dependency in IPI enlightenment
        x86/paravirt: Make native_save_fl() extern inline
        x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
        compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
        x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all()
      6f27a640
    • L
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 6fb2489d
      Linus Torvalds 提交于
      Pull scheduler fixes from Thomas Gleixner:
      
       - The hopefully final fix for the reported race problems in
         kthread_parkme(). The previous attempt still left a hole and was
         partially wrong.
      
       - Plug a race in the remote tick mechanism which triggers a warning
         about updates not being done correctly. That's a false positive if
         the race condition is hit as the remote CPU is idle. Plug it by
         checking the condition again when holding run queue lock.
      
       - Fix a bug in the utilization estimation of a run queue which causes
         the estimation to be 0 when a run queue is throttled.
      
       - Advance the global expiration of the period timer when the timer is
         restarted after a idle period. Otherwise the expiry time is stale and
         the timer fires prematurely.
      
       - Cure the drift between the bandwidth timer and the runqueue
         accounting, which leads to bogus throttling of runqueues
      
       - Place the call to cpufreq_update_util() correctly so the function
         will observe the correct number of running RT tasks and not a stale
         one.
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        kthread, sched/core: Fix kthread_parkme() (again...)
        sched/util_est: Fix util_est_dequeue() for throttled cfs_rq
        sched/fair: Advance global expiration when period timer is restarted
        sched/fair: Fix bandwidth timer clock drift condition
        sched/rt: Fix call to cpufreq_update_util()
        sched/nohz: Skip remote tick on idle task entirely
      6fb2489d
    • L
      Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · f5c926b9
      Linus Torvalds 提交于
      Pull objtool fix from Thomas Gleixner:
       "A single fix for objtool to address a bug in handling the cold
        subfunction detection for aliased functions which was added recently.
        The bug causes objtool to enter an infinite loop"
      
      * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        objtool: Support GCC 8 '-fnoreorder-functions'
      f5c926b9
    • L
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 124b99fb
      Linus Torvalds 提交于
      Pull crypto fixes from Herbert Xu:
      
       - add missing RETs in x86 aegis/morus
      
       - fix build error in arm speck
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: x86 - Add missing RETs
        crypto: arm/speck - fix building in Thumb2 mode
      124b99fb
    • L
      Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · 70a2dc6a
      Linus Torvalds 提交于
      Pull ext4 bugfixes from Ted Ts'o:
       "Bug fixes for ext4; most of which relate to vulnerabilities where a
        maliciously crafted file system image can result in a kernel OOPS or
        hang.
      
        At least one fix addresses an inline data bug could be triggered by
        userspace without the need of a crafted file system (although it does
        require that the inline data feature be enabled)"
      
      * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: check superblock mapped prior to committing
        ext4: add more mount time checks of the superblock
        ext4: add more inode number paranoia checks
        ext4: avoid running out of journal credits when appending to an inline file
        jbd2: don't mark block as modified if the handle is out of credits
        ext4: never move the system.data xattr out of the inode body
        ext4: clear i_data in ext4_inode_info when removing inline data
        ext4: include the illegal physical block in the bad map ext4_error msg
        ext4: verify the depth of extent tree in ext4_find_extent()
        ext4: only look at the bg_flags field if it is valid
        ext4: make sure bitmaps and the inode table don't overlap with bg descriptors
        ext4: always check block group bounds in ext4_init_block_bitmap()
        ext4: always verify the magic number in xattr blocks
        ext4: add corruption check in ext4_xattr_set_entry()
        ext4: add warn_on_error mount option
      70a2dc6a
    • L
      Merge tag 'pci-v4.18-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · 8979319f
      Linus Torvalds 提交于
      Pull PCI fixes from Bjorn Helgaas:
      
       - Fix a use-after-free in the endpoint code (Dan Carpenter)
      
       - Stop defaulting CONFIG_PCIE_DW_PLAT_HOST to yes (Geert Uytterhoeven)
      
       - Fix an nfp regression caused by a change in how we limit the number
         of VFs we can enable (Jakub Kicinski)
      
       - Fix failure path cleanup issues in the new R-Car gen3 PHY support
         (Marek Vasut)
      
       - Fix leaks of OF nodes in faraday, xilinx-nwl, xilinx (Nicholas Mc
         Guire)
      
      * tag 'pci-v4.18-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        nfp: stop limiting VFs to 0
        PCI/IOV: Reset total_VFs limit after detaching PF driver
        PCI: faraday: Add missing of_node_put()
        PCI: xilinx-nwl: Add missing of_node_put()
        PCI: xilinx: Add missing of_node_put()
        PCI: endpoint: Use after free in pci_epf_unregister_driver()
        PCI: controller: dwc: Do not let PCIE_DW_PLAT_HOST default to yes
        PCI: rcar: Clean up PHY init on failure
        PCI: rcar: Shut the PHY down in failpath
      8979319f
  4. 08 7月, 2018 6 次提交
  5. 07 7月, 2018 5 次提交
    • L
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 624434af
      Linus Torvalds 提交于
      Pull SCSI fixes from James Bottomley:
       "This is two minor bug fixes (aacraid, target) and a fix for a
        potential exploit in the way sg handles teardown"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: sg: mitigate read/write abuse
        scsi: aacraid: Fix PD performance regression over incorrect qd being set
        scsi: target: Fix truncated PR-in ReadKeys response
      624434af
    • L
      Merge tag 'for-linus-20180706' of git://git.kernel.dk/linux-block · 29119529
      Linus Torvalds 提交于
      Pull block fixes from Jens Axboe:
       "Two minor fixes for this series:
      
         - add LOOP_SET_BLOCK_SIZE as compat ioctl (Evan Green)
      
         - drbd use-after-free fix (Lars Ellenberg)"
      
      * tag 'for-linus-20180706' of git://git.kernel.dk/linux-block:
        loop: Add LOOP_SET_BLOCK_SIZE in compat ioctl
        drbd: fix access after free
      29119529
    • L
      Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux · c2b58149
      Linus Torvalds 提交于
      Pull clk fixes from Stephen Boyd:
       "The usual collection of driver fixlets:
      
         - build cleanup/fix for the sunxi makefile that tried to save size
           but failed and prevented dead code elimination from working
      
         - two Davinci clk driver fixes for a typo causing build failures in
           different configurations and an error check that checks the wrong
           variable.
      
         - undo the DT ABI breaking imx6ul binding header shuffle that got
           merged this cycle"
      
      * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
        dt-bindings: clock: imx6ul: Do not change the clock definition order
        clk: davinci: fix a typo (which leads to build failures)
        clk: davinci: cfgchip: testing the wrong variable
        clk: sunxi-ng: replace lib-y with obj-y
      c2b58149
    • L
      Merge tag 'vfio-v4.18-rc4' of git://github.com/awilliam/linux-vfio · 1bb15570
      Linus Torvalds 提交于
      Pull VFIO fixes from Alex Williamson:
      
       - Make vfio-pci IGD extensions optional via Kconfig (Alex Williamson)
      
       - Remove unused and soon to be removed map_atomic callback from mbochs
         sample driver, add unmap callback to avoid dmabuf leaks (Gerd
         Hoffmann)
      
       - Fix usage of get_user_pages_longterm() (Jason Gunthorpe)
      
       - Fix sample mbochs driver vm_operations_struct.fault return type
         (Souptick Joarder)
      
      * tag 'vfio-v4.18-rc4' of git://github.com/awilliam/linux-vfio:
        sample/vfio-mdev: Change return type to vm_fault_t
        vfio: Use get_user_pages_longterm correctly
        sample/mdev/mbochs: add mbochs_kunmap_dmabuf
        sample/mdev/mbochs: remove mbochs_kmap_atomic_dmabuf
        vfio/pci: Make IGD support a configurable option
      1bb15570
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · b4d05621
      Linus Torvalds 提交于
      Pull s390 fixes from Martin Schwidefsky:
       "A few more changes for v4.18:
      
         - wire up the two new system calls io_pgetevents and rseq
      
         - fix a register corruption in the expolines code for machines
           without EXRL
      
         - drastically reduce the memory utilization of the dasd driver
      
         - fix reference counting for KVM page table pages"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390: wire up rseq system call
        s390: wire up io_pgetevents system call
        s390/mm: fix refcount usage for 4K pgste
        s390/dasd: reduce the default queue depth and nr of hardware queues
        s390: Correct register corruption in critical section cleanup
      b4d05621
  6. 06 7月, 2018 8 次提交