1. 20 6月, 2017 2 次提交
    • A
      fs/proc: kcore: use kcore_list type to check for vmalloc/module address · 737326aa
      Ard Biesheuvel 提交于
      Instead of passing each start address into is_vmalloc_or_module_addr()
      to decide whether it falls into either the VMALLOC or the MODULES region,
      we can simply check the type field of the current kcore_list entry, since
      it will be set to KCORE_VMALLOC based on exactly the same conditions.
      
      As a bonus, when reading the KCORE_TEXT region on architectures that have
      one, this will avoid using vread() on the region if it happens to intersect
      with a KCORE_VMALLOC region. This is due the fact that the KCORE_TEXT
      region is the first one to be added to the kcore region list.
      Reported-by: NTan Xiaojun <tanxiaojun@huawei.com>
      Tested-by: NTan Xiaojun <tanxiaojun@huawei.com>
      Tested-by: NMark Rutland <mark.rutland@arm.com>
      Acked-by: NMark Rutland <mark.rutland@arm.com>
      Reviewed-by: NLaura Abbott <labbott@redhat.com>
      Reviewed-by: NJiri Olsa <jolsa@kernel.org>
      Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      737326aa
    • A
      drivers/char: kmem: disable on arm64 · 06c35ef1
      Ard Biesheuvel 提交于
      As it turns out, arm64 deviates from other architectures in the way it
      maps the VMALLOC region: on most (all?) other architectures, it resides
      strictly above the kernel's direct mapping of DRAM, but on arm64, this
      is the other way around. For instance, for a 48-bit VA configuration,
      we have
      
        modules : 0xffff000000000000 - 0xffff000008000000   (   128 MB)
        vmalloc : 0xffff000008000000 - 0xffff7dffbfff0000   (129022 GB)
        ...
        vmemmap : 0xffff7e0000000000 - 0xffff800000000000   (  2048 GB maximum)
                  0xffff7e0000000000 - 0xffff7e0003ff0000   (    63 MB actual)
        memory  : 0xffff800000000000 - 0xffff8000ffc00000   (  4092 MB)
      
      This has mostly gone unnoticed until now, but it does appear that it
      breaks an assumption in the kmem read/write code, which does something
      like
      
        if (p < (unsigned long) high_memory) {
          ... use straight copy_[to|from]_user() using p as virtual address ...
        }
        ...
        if (count > 0) {
          ... use vread/vwrite for accesses past high_memory ...
        }
      
      The first condition will inadvertently hold for the VMALLOC region if
      VMALLOC_START < PAGE_OFFSET [which is the case on arm64], but the read
      or write will subsequently fail the virt_addr_valid() check, resulting
      in a -ENXIO return value.
      
      Given how kmem seems to be living in borrowed time anyway, and given
      the fact that nobody noticed that the read/write interface is broken
      on arm64 in the first place, let's not bother trying to fix it, but
      simply disable the /dev/kmem interface entirely for arm64.
      Acked-by: NMark Rutland <mark.rutland@arm.com>
      Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      06c35ef1
  2. 15 6月, 2017 4 次提交
  3. 12 6月, 2017 9 次提交
  4. 07 6月, 2017 3 次提交
  5. 05 6月, 2017 1 次提交
  6. 02 6月, 2017 1 次提交
    • A
      arm64: kernel: restrict /dev/mem read() calls to linear region · 1151f838
      Ard Biesheuvel 提交于
      When running lscpu on an AArch64 system that has SMBIOS version 2.0
      tables, it will segfault in the following way:
      
        Unable to handle kernel paging request at virtual address ffff8000bfff0000
        pgd = ffff8000f9615000
        [ffff8000bfff0000] *pgd=0000000000000000
        Internal error: Oops: 96000007 [#1] PREEMPT SMP
        Modules linked in:
        CPU: 0 PID: 1284 Comm: lscpu Not tainted 4.11.0-rc3+ #103
        Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015
        task: ffff8000fa78e800 task.stack: ffff8000f9780000
        PC is at __arch_copy_to_user+0x90/0x220
        LR is at read_mem+0xcc/0x140
      
      This is caused by the fact that lspci issues a read() on /dev/mem at the
      offset where it expects to find the SMBIOS structure array. However, this
      region is classified as EFI_RUNTIME_SERVICE_DATA (as per the UEFI spec),
      and so it is omitted from the linear mapping.
      
      So let's restrict /dev/mem read/write access to those areas that are
      covered by the linear region.
      Reported-by: NAlexander Graf <agraf@suse.de>
      Fixes: 4dffbfc4 ("arm64/efi: mark UEFI reserved regions as MEMBLOCK_NOMAP")
      Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      1151f838
  7. 30 5月, 2017 8 次提交
    • L
      ARM64/PCI: Set root bus NUMA node on ACPI systems · db46a72b
      Lorenzo Pieralisi 提交于
      PCI core requires the NUMA node for the struct pci_host_bridge.dev to
      be set by using the pcibus_to_node(struct pci_bus*) API, that on ARM64
      systems relies on the struct pci_host_bridge->bus.dev NUMA node.
      
      The struct pci_host_bridge.dev NUMA node is then propagated through
      the PCI device hierarchy as PCI devices (and bridges) are enumerated
      under it.
      
      Therefore, in order to set-up the PCI NUMA hierarchy appropriately, the
      struct pci_host_bridge->bus.dev NUMA node must be set before core
      code calls pcibus_to_node(struct pci_bus*) on it so that PCI core can
      retrieve the NUMA node for the struct pci_host_bridge.dev device and can
      propagate it through the PCI bus tree.
      
      On ARM64 ACPI based systems the struct pci_host_bridge->bus.dev NUMA
      node can be set-up in pcibios_root_bridge_prepare() by parsing the root
      bridge ACPI device firmware binding.
      
      Add code to the pcibios_root_bridge_prepare() that, when booting with
      ACPI, parse the root bridge ACPI device companion NUMA binding and set
      the corresponding struct pci_host_bridge->bus.dev NUMA node
      appropriately.
      
      Cc: Bjorn Helgaas <bhelgaas@google.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Reviewed-by: NRobert Richter <rrichter@cavium.com>
      Tested-by: NRobert Richter <rrichter@cavium.com>
      Signed-off-by: NLorenzo Pieralisi <lorenzo.pieralisi@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      db46a72b
    • W
      arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage · 5f16a046
      Will Deacon 提交于
      FUTEX_OP_OPARG_SHIFT instructs the futex code to treat the 12-bit oparg
      field as a shift value, potentially leading to a left shift value that
      is negative or with an absolute value that is significantly larger then
      the size of the type. UBSAN chokes with:
      
      ================================================================================
      UBSAN: Undefined behaviour in ./arch/arm64/include/asm/futex.h:60:13
      shift exponent -1 is negative
      CPU: 1 PID: 1449 Comm: syz-executor0 Not tainted 4.11.0-rc4-00005-g977eb52-dirty #11
      Hardware name: linux,dummy-virt (DT)
      Call trace:
      [<ffff200008094778>] dump_backtrace+0x0/0x538 arch/arm64/kernel/traps.c:73
      [<ffff200008094cd0>] show_stack+0x20/0x30 arch/arm64/kernel/traps.c:228
      [<ffff200008c194a8>] __dump_stack lib/dump_stack.c:16 [inline]
      [<ffff200008c194a8>] dump_stack+0x120/0x188 lib/dump_stack.c:52
      [<ffff200008cc24b8>] ubsan_epilogue+0x18/0x98 lib/ubsan.c:164
      [<ffff200008cc3098>] __ubsan_handle_shift_out_of_bounds+0x250/0x294 lib/ubsan.c:421
      [<ffff20000832002c>] futex_atomic_op_inuser arch/arm64/include/asm/futex.h:60 [inline]
      [<ffff20000832002c>] futex_wake_op kernel/futex.c:1489 [inline]
      [<ffff20000832002c>] do_futex+0x137c/0x1740 kernel/futex.c:3231
      [<ffff200008320504>] SYSC_futex kernel/futex.c:3281 [inline]
      [<ffff200008320504>] SyS_futex+0x114/0x268 kernel/futex.c:3249
      [<ffff200008084770>] el0_svc_naked+0x24/0x28
      ================================================================================
      syz-executor1 uses obsolete (PF_INET,SOCK_PACKET)
      sock: process `syz-executor0' is using obsolete setsockopt SO_BSDCOMPAT
      
      This patch attempts to fix some of this by:
      
        * Making encoded_op an unsigned type, so we can shift it left even if
          the top bit is set.
      
        * Casting to signed prior to shifting right when extracting oparg
          and cmparg
      
        * Consider only the bottom 5 bits of oparg when using it as a left-shift
          value.
      
      Whilst I think this catches all of the issues, I'd much prefer to remove
      this stuff, as I think it's unused and the bugs are copy-pasted between
      a bunch of architectures.
      Reviewed-by: NRobin Murphy <robin.murphy@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      5f16a046
    • K
      arm64: check return value of of_flat_dt_get_machine_name · 690e95dd
      Kefeng Wang 提交于
      It's useless to print machine name and setup arch-specific system
      identifiers if of_flat_dt_get_machine_name() return NULL, especially
      when ACPI-based boot.
      Reviewed-by: NGeert Uytterhoeven <geert+renesas@glider.be>
      Signed-off-by: NKefeng Wang <wangkefeng.wang@huawei.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      690e95dd
    • W
      arm64: cpufeature: Don't dump useless backtrace on CPU_OUT_OF_SPEC · 3fde2999
      Will Deacon 提交于
      Unfortunately, it turns out that mismatched CPU features in big.LITTLE
      systems are starting to appear in the wild. Whilst we should continue to
      taint the kernel with CPU_OUT_OF_SPEC for features that differ in ways
      that we can't fix up, dumping a useless backtrace out of the cpufeature
      code is pointless and irritating.
      
      This patch removes the backtrace from the taint.
      Signed-off-by: NMark Rutland <mark.rutland@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      3fde2999
    • T
      arm64: mm: explicity include linux/vmalloc.h · 6efd8499
      Tobias Klauser 提交于
      arm64's mm/mmu.c uses vm_area_add_early, struct vm_area and other
      definitions  but relies on implict inclusion of linux/vmalloc.h which
      means that changes in other headers could break the build. Thus, add an
      explicit include.
      Acked-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: NTobias Klauser <tklauser@distanz.ch>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      6efd8499
    • K
      arm64: Add dump_backtrace() in show_regs · 1149aad1
      Kefeng Wang 提交于
      Generic code expects show_regs() to dump the stack, but arm64's
      show_regs() does not. This makes it hard to debug softlockups and
      other issues that result in show_regs() being called.
      
      This patch updates arm64's show_regs() to dump the stack, as common
      code expects.
      Acked-by: NMark Rutland <mark.rutland@arm.com>
      Signed-off-by: NKefeng Wang <wangkefeng.wang@huawei.com>
      [will: folded in bug_handler fix from mrutland]
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      1149aad1
    • K
      arm64: Call __show_regs directly · c07ab957
      Kefeng Wang 提交于
      Generic code expects show_regs() to also dump the stack, but arm64's
      show_reg() does not do this. Some arm64 callers of show_regs() *only*
      want the registers dumped, without the stack.
      
      To enable generic code to work as expected, we need to make
      show_regs() dump the stack. Where we only want the registers dumped,
      we must use __show_regs().
      
      This patch updates code to use __show_regs() where only registers are
      desired. A subsequent patch will modify show_regs().
      Acked-by: NMark Rutland <mark.rutland@arm.com>
      Signed-off-by: NKefeng Wang <wangkefeng.wang@huawei.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      c07ab957
    • D
      arm64: Preventing READ_IMPLIES_EXEC propagation · 48f99c8e
      Dong Bo 提交于
      Like arch/arm/, we inherit the READ_IMPLIES_EXEC personality flag across
      fork(). This is undesirable for a number of reasons:
      
        * ELF files that don't require executable stack can end up with it
          anyway
      
        * We end up performing un-necessary I-cache maintenance when mapping
          what should be non-executable pages
      
        * Restricting what is executable is generally desirable when defending
          against overflow attacks
      
      This patch clears the personality flag when setting up the personality for
      newly spwaned native tasks. Given that semi-recent AArch64 toolchains emit
      a non-executable PT_GNU_STACK header, userspace applications can already
      not rely on READ_IMPLIES_EXEC so shouldn't be adversely affected by this
      change.
      
      Cc: <stable@vger.kernel.org>
      Reported-by: NPeter Maydell <peter.maydell@linaro.org>
      Signed-off-by: NDong Bo <dongbo4@huawei.com>
      [will: added comment to compat code, rewrote commit message]
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      48f99c8e
  8. 29 5月, 2017 2 次提交
  9. 28 5月, 2017 6 次提交
    • L
      Merge tag 'tty-4.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 249f1efd
      Linus Torvalds 提交于
      Pull tty/serial fixes from Greg KH:
       "Here are some serial and tty fixes for 4.12-rc3. They are a bit bigger
        than normal, which is why I had them bake in linux-next for a few
        weeks and didn't send them to you for -rc2.
      
        They revert a few of the serdev patches from 4.12-rc1, and bring
        things back to how they were in 4.11, to try to make things a bit more
        stable there. Rob and Johan both agree that this is the way forward,
        so this isn't people squabbling over semantics. Other than that, just
        a few minor serial driver fixes that people have had problems with.
      
        All of these have been in linux-next for a few weeks with no reported
        issues"
      
      * tag 'tty-4.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        serial: altera_uart: call iounmap() at driver remove
        serial: imx: ensure UCR3 and UFCR are setup correctly
        MAINTAINERS/serial: Change maintainer of jsm driver
        serial: enable serdev support
        tty/serdev: add serdev registration interface
        serdev: Restore serdev_device_write_buf for atomic context
        serial: core: fix crash in uart_suspend_port
        tty: fix port buffer locking
        tty: ehv_bytechan: clean up init error handling
        serial: ifx6x60: fix use-after-free on module unload
        serial: altera_jtaguart: adding iounmap()
        serial: exar: Fix stuck MSIs
        serial: efm32: Fix parity management in 'efm32_uart_console_get_options()'
        serdev: fix tty-port client deregistration
        Revert "tty_port: register tty ports with serdev bus"
        drivers/tty: 8250: only call fintek_8250_probe when doing port I/O
      249f1efd
    • L
      Merge tag 'powerpc-4.12-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 6f68a6ae
      Linus Torvalds 提交于
      Pull powerpc fixes from Michael Ellerman:
       "Fix running SPU programs on Cell, and a few other minor fixes.
      
        Thanks to Alistair Popple, Jeremy Kerr, Michael Neuling, Nicholas
        Piggin"
      
      * tag 'powerpc-4.12-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc: Add PPC_FEATURE userspace bits for SCV and DARN instructions
        powerpc/spufs: Fix hash faults for kernel regions
        powerpc: Fix booting P9 hash with CONFIG_PPC_RADIX_MMU=N
        powerpc/powernv/npu-dma.c: Fix opal_npu_destroy_context() call
        selftests/powerpc: Fix TM resched DSCR test with some compilers
      6f68a6ae
    • L
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 38e6bf23
      Linus Torvalds 提交于
      Pull x86 fixes from Thomas Gleixner:
       "A series of fixes for X86:
      
         - The final fix for the end-of-stack issue in the unwinder
         - Handle non PAT systems gracefully
         - Prevent access to uninitiliazed memory
         - Move early delay calaibration after basic init
         - Fix Kconfig help text
         - Fix a cross compile issue
         - Unbreak older make versions"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/timers: Move simple_udelay_calibration past init_hypervisor_platform
        x86/alternatives: Prevent uninitialized stack byte read in apply_alternatives()
        x86/PAT: Fix Xorg regression on CPUs that don't support PAT
        x86/watchdog: Fix Kconfig help text file path reference to lockup watchdog documentation
        x86/build: Permit building with old make versions
        x86/unwind: Add end-of-stack check for ftrace handlers
        Revert "x86/entry: Fix the end of the stack for newly forked tasks"
        x86/boot: Use CROSS_COMPILE prefix for readelf
      38e6bf23
    • L
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 39b8ab31
      Linus Torvalds 提交于
      Pull timer fixlet from Thomas Gleixner:
       "Silence dmesg spam by making the posix cpu timer printks depend on
        print_fatal_signals"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        posix-timers: Make signal printks conditional
      39b8ab31
    • L
      Merge branch 'ras-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · de0b9d75
      Linus Torvalds 提交于
      Pull RAS fixes from Thomas Gleixner:
       "Two fixlets for RAS:
      
         - Export memory_error() so the NFIT module can utilize it
      
         - Handle memory errors in NFIT correctly"
      
      * 'ras-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        acpi, nfit: Fix the memory error check in nfit_handle_mce()
        x86/MCE: Export memory_error()
      de0b9d75
    • L
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · fac3fcae
      Linus Torvalds 提交于
      Pull perf tooling fixes from Thomas Gleixner:
      
       - Synchronization of tools and kernel headers
      
       - A series of fixes for perf report addressing various failures:
          * Handle invalid maps proper
          * Plug a memory leak
          * Handle frames and callchain order correctly
      
       - Fixes for handling inlines and children mode
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        tools/include: Sync kernel ABI headers with tooling headers
        perf tools: Put caller above callee in --children mode
        perf report: Do not drop last inlined frame
        perf report: Always honor callchain order for inlined nodes
        perf script: Add --inline option for debugging
        perf report: Fix off-by-one for non-activation frames
        perf report: Fix memory leak in addr2line when called by addr2inlines
        perf report: Don't crash on invalid maps in `-g srcline` mode
      fac3fcae
  10. 27 5月, 2017 4 次提交