- 25 1月, 2017 15 次提交
-
-
由 Naveen N. Rao 提交于
With bpf_jit_binary_alloc(), we allocate at a page granularity and fill the rest of the space with illegal instructions to mitigate BPF spraying attacks, while having the actual JIT'ed BPF program at a random location within the allocated space. Under this scenario, it would be better to flush the entire allocated buffer rather than just the part containing the actual program. We already flush the buffer from start to the end of the BPF program. Extend this to include the illegal instructions after the BPF program. Signed-off-by: NNaveen N. Rao <naveen.n.rao@linux.vnet.ibm.com> Acked-by: NAlexei Starovoitov <ast@kernel.org> Acked-by: NDaniel Borkmann <daniel@iogearbox.net> Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
由 Daniel Borkmann 提交于
We have a check earlier to ensure we don't proceed if image is NULL. As such, the redundant check can be removed. Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net> [Added similar changes for classic BPF JIT] Signed-off-by: NNaveen N. Rao <naveen.n.rao@linux.vnet.ibm.com> Acked-by: NAlexei Starovoitov <ast@kernel.org> Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
由 Andrew Donnellan 提交于
During EEH recovery, we deconfigure all AFUs whilst leaving the corresponding vPHB and virtual PCI device in place. If something attempts to interact with the AFU's PCI config space (e.g. running lspci) after the AFU has been deconfigured and before it's reconfigured, cxl_pcie_{read,write}_config() will read invalid values from the deconfigured struct cxl_afu and proceed to Oops when they try to dereference pointers that have been set to NULL during deconfiguration. Add a rwsem to struct cxl_afu so we can prevent interaction with config space while the AFU is deconfigured. Reported-by: NPradipta Ghosh <pradghos@in.ibm.com> Suggested-by: NFrederic Barrat <fbarrat@linux.vnet.ibm.com> Cc: stable@vger.kernel.org # v4.9+ Signed-off-by: NAndrew Donnellan <andrew.donnellan@au1.ibm.com> Signed-off-by: NVaibhav Jain <vaibhav@linux.vnet.ibm.com> Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
由 Vaibhav Jain 提交于
This change adds a force psl data cache flush during device shutdown callback. This should reduce a possibility of psl holding a dirty cache line while the CAPP is being reinitialized, which may result in a UE [load/store] machine check error. Signed-off-by: NVaibhav Jain <vaibhav@linux.vnet.ibm.com> Reviewed-by: NAndrew Donnellan <andrew.donnellan@au1.ibm.com> Acked-by: NFrederic Barrat <fbarrat@linux.vnet.ibm.com> Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
由 Greg Kurz 提交于
The kernel API does not use anything from this header file. Signed-off-by: NGreg Kurz <groug@kaod.org> Reviewed-by: NAndrew Donnellan <andrew.donnellan@au1.ibm.com> Acked-by: NFrederic Barrat <fbarrat@linux.vnet.ibm.com> Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
由 Markus Elfring 提交于
This function already has multiple exit points, so there's no harm adding another. Although it looks odd to return directly in a function which takes a lock, we've actually just dropped the mmap_sem in this code, so there's really no reason to go via a label. And it means we can drop the unhelpfully named out2 label. Signed-off-by: NMarkus Elfring <elfring@users.sourceforge.net> [mpe: Rewrite change log] Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
由 Markus Elfring 提交于
Setting err and going to ldst_done just returns 0, without using err, so just return 0 directly. We already do that for other call sites in this function. Signed-off-by: NMarkus Elfring <elfring@users.sourceforge.net> [mpe: Rewrite change log] Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
由 Gavin Shan 提交于
The RTAS device-tree node's refcount has been increased by one in the function call of_find_node_by_name(), but it's missed to be decreased by one in the error path. It leads to unbalanced refcount on RTAS device-tree node. This fixes above issue by decreasing RTAS device-tree node's refcount in error path. Signed-off-by: NGavin Shan <gwshan@linux.vnet.ibm.com> Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
由 Gavin Shan 提交于
This uses of_property_read_u32() in rtas_initialize() so that we needn't explicitly care the CPU's endian. Signed-off-by: NGavin Shan <gwshan@linux.vnet.ibm.com> Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
由 Gavin Shan 提交于
This removes the unnecessary nested if statements in function rtas_initialize(), to simplify the code. No functional changes introduced. Signed-off-by: NGavin Shan <gwshan@linux.vnet.ibm.com> Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
由 Markus Elfring 提交于
Use kmalloc_array(), which checks for overflow of the multiplication, rather than doing it by hand. Signed-off-by: NMarkus Elfring <elfring@users.sourceforge.net> Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
由 Aneesh Kumar K.V 提交于
In commit a4b34954 ("powerpc/mm: Cleanup LPCR defines") we updated LPCR_VRMASD wrongly as below. -#define LPCR_VRMASD (0x1ful << (63-16)) +#define LPCR_VRMASD_SH 47 +#define LPCR_VRMASD (ASM_CONST(1) << LPCR_VRMASD_SH) We initialize the VRMA bits in LPCR to 0x00 in kvm. Hence using a different mask value as above while updating lpcr should not have any impact. This patch updates it to the correct value. Fixes: a4b34954 ("powerpc/mm: Cleanup LPCR defines") Reported-by: NRam Pai <linuxram@us.ibm.com> Signed-off-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: NJia He <hejianet@gmail.com> Acked-by: NPaul Mackerras <paulus@ozlabs.org> Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
由 Paul Mackerras 提交于
Currently we have optimized hand-coded assembly checksum routines for big-endian 64-bit systems, but for little-endian we use the generic C routines. This modifies the optimized routines to work for little-endian. With this, we no longer need to enable CONFIG_GENERIC_CSUM. This also fixes a couple of comments in checksum_64.S so they accurately reflect what the associated instruction does. Signed-off-by: NPaul Mackerras <paulus@ozlabs.org> [mpe: Use the more common __BIG_ENDIAN__] Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
由 Paul Mackerras 提交于
These functions compute an IP checksum by computing a 64-bit sum and folding it to 32 bits (the "nofold" in their names refers to folding down to 16 bits). However, doing (u32) (s + (s >> 32)) is not sufficient to fold a 64-bit sum to 32 bits correctly. The addition can produce a carry out from bit 31, which needs to be added in to the sum to produce the correct result. To fix this, we copy the from64to32() function from lib/checksum.c and use that. Signed-off-by: NPaul Mackerras <paulus@ozlabs.org> Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
由 Joel Stanley 提交于
The OPAL memory console is reported to be size zero, as we do not initialise the struct attr with any size information due to the size being variable. This leads users to think that the console is empty. Instead report the maximum size. Signed-off-by: NJoel Stanley <joel@jms.id.au> Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
- 23 1月, 2017 7 次提交
-
-
由 Aneesh Kumar K.V 提交于
We now support THP with both 64k and 4K page size configuration for radix. (hash only support THP with 64K page size). Hence we will have CONFIG_TRANSPARENT_HUGEPAGE enabled for both PPC_64K and PPC_4K config. Since we only need large pmd page table with hash configuration (to store the slot information in the second half of the table) restrict the large pmd page table to THP and 64K configs. Signed-off-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Reviewed-by: NAnshuman Khandual <khandual@linux.vnet.ibm.com> Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
由 Aneesh Kumar K.V 提交于
We don't do this for other page table entries. So lets keep this simple and always return false for hugepd check on a 64K page size config. Signed-off-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
-
由 Linus Torvalds 提交于
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull x86 fix from Thomas Gleixner: "Restore the retrigger callbacks in the IO APIC irq chips. That addresses a long standing regression which got introduced with the rewrite of the x86 irq subsystem two years ago and went unnoticed so far" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/ioapic: Restore IO-APIC irq_chip retrigger callback
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull smp/hotplug fix from Thomas Gleixner: "Remove an unused variable which is a leftover from the notifier removal" * 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: cpu/hotplug: Remove unused but set variable in _cpu_down()
-
git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost由 Linus Torvalds 提交于
Pull virtio/vhost fixes from Michael Tsirkin: "Random fixes and cleanups that accumulated over the time" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: virtio/s390: virtio: constify virtio_config_ops structures virtio/s390: add missing \n to end of dev_err message virtio/s390: support READ_STATUS command for virtio-ccw tools/virtio/ringtest: tweaks for s390 tools/virtio/ringtest: fix run-on-all.sh for offline cpus virtio_console: fix a crash in config_work_handler vhost/scsi: silence uninitialized variable warning vhost: scsi: constify target_core_fabric_ops structures
-
git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux由 Linus Torvalds 提交于
Pull thermal management fixes from Zhang Rui: - fix a regression that thermal zone dynamically allocated sysfs attributes are freed before they're removed, which is introduced in 4.10-rc1 (Jacob von Chorus) - fix a boot warning because deprecated hwmon API is used (Fabio Estevam) - a couple of fixes for rockchip thermal driver (Brian Norris, Caesar Wang) * 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux: thermal: rockchip: fixes the conversion table thermal: core: move tz->device.groups cleanup to thermal_release thermal: thermal_hwmon: Convert to hwmon_device_register_with_info() thermal: rockchip: handle set_trips without the trip points thermal: rockchip: optimize the conversion table thermal: rockchip: fixes invalid temperature case thermal: rockchip: don't pass table structs by value thermal: rockchip: improve conversion error messages
-
- 22 1月, 2017 5 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb由 Linus Torvalds 提交于
Pull USB fixes from Greg KH: "Here are a few small USB fixes for 4.10-rc5. Most of these are gadget/dwc2 fixes for reported issues, all of these have been in linux-next for a while. The last one is a single xhci WARN_ON removal to handle an issue that the dwc3 driver is hitting in the 4.10-rc tree. The warning is harmless and needs to be removed, and a "real" fix that is more complex will show up in 4.11-rc1 for this device. That last patch hasn't been in linux-next yet due to the weekend timing, but it's a "simple" WARN_ON() removal so what could go wrong? :)" Famous last words. * tag 'usb-4.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: xhci: remove WARN_ON if dma mask is not set for platform devices usb: dwc2: host: fix Wmaybe-uninitialized warning usb: dwc2: gadget: Fix GUSBCFG.USBTRDTIM value usb: gadget: udc: atmel: remove memory leak usb: dwc3: exynos fix axius clock error path to do cleanup usb: dwc2: Avoid suspending if we're in gadget mode usb: dwc2: use u32 for DT binding parameters usb: gadget: f_fs: Fix iterations on endpoints. usb: dwc2: gadget: Fix DMA memory freeing usb: gadget: composite: Fix function used to free memory
-
git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm由 Linus Torvalds 提交于
Pull libnvdimm fixes from Dan Williams: "Two fixes: - a regression fix for the multiple-pmem-namespace-per-region support added in 4.9. Even if an existing environment is not using that feature the act of creating and a destroying a single namespace with the ndctl utility will lead to the proliferation of extra unwanted namespace devices. - a fix for the error code returned from the pmem driver when the memcpy_mcsafe() routine returns -EFAULT. Btrfs seems to be the only block I/O consumer that tries to parse the meaning of the error code when it is non-zero. Neither of these fixes are critical, the namespace leak is awkward in that it can cause device naming to change and complicates debugging namespace initialization issues. The error code fix is included out of caution for what other consumers might be expecting -EIO for block I/O errors" * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: libnvdimm, namespace: fix pmem namespace leak, delete when size set to zero pmem: return EIO on read_pmem() failure
-
git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux由 Linus Torvalds 提交于
Pull clk fix from Stephen Boyd: "One fix for Samsung Exynos524x SoCs where recent IOMMU patches have caused some of these clocks to turn off when they were always left on before" * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk/samsung: exynos542x: mark some clocks as critical
-
git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc由 Linus Torvalds 提交于
Pull ARC fixes from Vineet Gupta: - more intc updates [Yuriv] - fix module build when unwinder is turned off - IO Coherency Programming model updates - other miscellaneous * tag 'arc-4.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARC: Revert "ARC: mm: IOC: Don't enable IOC by default" ARC: mm: split arc_cache_init to allow __init reaping of bulk ARCv2: IOC: Use actual memory size to setup aperture size ARCv2: IOC: Adhere to progamming model guidelines to avoid DMA corruption ARCv2: IOC: refactor the IOC and SLC operations into own functions ARC: module: Fix !CONFIG_ARC_DW2_UNWIND builds ARCv2: save r30 on kernel entry as gcc uses it for code-gen ARCv2: IRQ: Call entry/exit functions for chained handlers in MCIP ARC: IRQ: Use hwirq instead of virq in mask/unmask ARC: mmu: clarify the MMUv3 programming model
-
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux由 Linus Torvalds 提交于
Pull powerpc fixes from Michael Ellerman: "Two fixes for fallout from the hugetlb changes we merged this cycle. Ten other fixes, four only affect Power9, and the rest are a bit of a mixture though nothing terrible. Thanks to: Aneesh Kumar K.V, Anton Blanchard, Benjamin Herrenschmidt, Dave Martin, Gavin Shan, Madhavan Srinivasan, Nicholas Piggin, Reza Arbab" * tag 'powerpc-4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc: Ignore reserved field in DCSR and PVR reads and writes powerpc/ptrace: Preserve previous TM fprs/vsrs on short regset write powerpc/ptrace: Preserve previous fprs/vsrs on short regset write powerpc/perf: Use MSR to report privilege level on P9 DD1 selftest/powerpc: Wrong PMC initialized in pmc56_overflow test powerpc/eeh: Enable IO path on permanent error powerpc/perf: Fix PM_BRU_CMPL event code for power9 powerpc/mm: Fix little-endian 4K hugetlb powerpc/mm/hugetlb: Don't panic when we don't find the default huge page size powerpc: Fix pgtable pmd cache init powerpc/icp-opal: Fix missing KVM case and harden replay powerpc/mm: Fix memory hotplug BUG() on radix
-
- 21 1月, 2017 10 次提交
-
-
git://git.kernel.org/pub/scm/virt/kvm/kvm由 Linus Torvalds 提交于
Pull KVM fixes from Radim Krčmář: "ARM: - Fix for timer setup on VHE machines - Drop spurious warning when the timer races against the vcpu running again - Prevent a vgic deadlock when the initialization fails (for stable) s390: - Fix a kernel memory exposure (for stable) x86: - Fix exception injection when hypercall instruction cannot be patched" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: s390: do not expose random data via facility bitmap KVM: x86: fix fixing of hypercalls KVM: arm/arm64: vgic: Fix deadlock on error handling KVM: arm64: Access CNTHCTL_EL2 bit fields correctly on VHE systems KVM: arm/arm64: Fix occasional warning from the timer work function
-
由 Linus Torvalds 提交于
Merge branch 'scsi-target-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bvanassche/linux Pull SCSI target fixes from Bart Van Assche: - two small fixes for the ibmvscsis driver - ten patches with bug fixes for the target mode of the qla2xxx driver - four patches that avoid that the "sparse" and "smatch" static analyzer tools report false positives for the qla2xxx code base * 'scsi-target-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bvanassche/linux: qla2xxx: Disable out-of-order processing by default in firmware qla2xxx: Fix erroneous invalid handle message qla2xxx: Reduce exess wait during chip reset qla2xxx: Terminate exchange if corrupted qla2xxx: Fix crash due to null pointer access qla2xxx: Collect additional information to debug fw dump qla2xxx: Reset reserved field in firmware options to 0 qla2xxx: Set tcm_qla2xxx version to automatically track qla2xxx version qla2xxx: Include ATIO queue in firmware dump when in target mode qla2xxx: Fix wrong IOCB type assumption qla2xxx: Avoid that building with W=1 triggers complaints about set-but-not-used variables qla2xxx: Move two arrays from header files to .c files qla2xxx: Declare an array with file scope static qla2xxx: Fix indentation ibmvscsis: Fix sleeping in interrupt context ibmvscsis: Fix max transfer length
-
git://git.kernel.dk/linux-block由 Linus Torvalds 提交于
Pull block fixes from Jens Axboe: "Just two small fixes for this -rc. One is just killing an unused variable from Keith, but the other fixes a performance regression for nbd in this series, where we inadvertently flipped when we set MSG_MORE when outputting data" * 'for-linus' of git://git.kernel.dk/linux-block: nbd: only set MSG_MORE when we have more to send blk-mq: Remove unused variable
-
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi由 Linus Torvalds 提交于
Pull spi fixes from Mark Brown: "The usual small smattering of driver specific fixes. A few bits that stand out here: - the R-Car patches adding fallbacks are just adding new compatible strings to the driver so that device trees are written in a more robustly future proof fashion, this isn't strictly a fix but it's just new IDs and it's better to get it into mainline sooner to improve the ABI - the DesignWare "switch to new API part 2" patch is actually a misleadingly titled fix for a bit that got missed in the original conversion" * tag 'spi-fix-v4.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi: davinci: use dma_mapping_error() spi: spi-axi: Free resources on error path spi: pxa2xx: add missed break spi: dw-mid: switch to new dmaengine_terminate_* API (part 2) spi: dw: Make debugfs name unique between instances spi: sh-msiof: Do not use C++ style comment spi: armada-3700: Set mode bits correctly spi: armada-3700: fix unsigned compare than zero on irq spi: sh-msiof: Add R-Car Gen 2 and 3 fallback bindings spi: SPI_FSL_DSPI should depend on HAS_DMA
-
git://github.com/ceph/ceph-client由 Linus Torvalds 提交于
Pull ceph fixes from Ilya Dryomov: "Three filesystem endianness fixes (one goes back to the 2.6 era, all marked for stable) and two fixups for this merge window's patches" * tag 'ceph-for-4.10-rc5' of git://github.com/ceph/ceph-client: ceph: fix bad endianness handling in parse_reply_info_extra ceph: fix endianness bug in frag_tree_split_cmp ceph: fix endianness of getattr mask in ceph_d_revalidate libceph: make sure ceph_aes_crypt() IV is aligned ceph: fix ceph_get_caps() interruption
-
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs由 Linus Torvalds 提交于
Pull overlayfs fix from Miklos Szeredi: "This fixes a regression introduced in this cycle" * 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: ovl: fix possible use after free on redirect dir lookup
-
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse由 Linus Torvalds 提交于
Pull fuse fixes from Miklos Szeredi: "Fix two regressions, one introduced in 4.9 and a less recent one in 4.2" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: fix time_to_jiffies nsec sanity check fuse: clear FR_PENDING flag when moving requests out of pending queue
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi由 Linus Torvalds 提交于
Pull SCSI fixes from James Bottomley: "This is a set of 12 fixes including the mpt3sas one that was causing hangs on ATA passthrough. The others are a couple of zoned block device fixes, a SAS device detection bug which lead to SATA drives not being matched to bays, two qla2xxx MSI fixes, a qla2xxx req for rsp confusion caused by cut and paste, and a few other minor fixes" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: mpt3sas: fix hang on ata passthrough commands scsi: lpfc: Set elsiocb contexts to NULL after freeing it scsi: sd: Ignore zoned field for host-managed devices scsi: sd: Fix wrong DPOFUA disable in sd_read_cache_type scsi: bfa: fix wrongly initialized variable in bfad_im_bsg_els_ct_request() scsi: ses: Fix SAS device detection in enclosure scsi: libfc: Fix variable name in fc_set_wwpn scsi: lpfc: avoid double free of resource identifiers scsi: qla2xxx: remove irq_affinity_notifier scsi: qla2xxx: fix MSI-X vector affinity scsi: qla2xxx: Fix apparent cut-n-paste error. scsi: qla2xxx: Get mutex lock before checking optrom_state
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux由 Linus Torvalds 提交于
Pull arm64 fixes from Catalin Marinas: - avoid potential stack information leak via the ptrace ABI caused by uninitialised variables - SWIOTLB DMA API fall-back allocation fix when the SWIOTLB buffer is not initialised (all RAM is suitable for 32-bit DMA masks) - fix the bad_mode function returning for unhandled exceptions coming from user space - fix name clash in __page_to_voff() * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: avoid returning from bad_mode arm64/ptrace: Reject attempts to set incomplete hardware breakpoint fields arm64/ptrace: Avoid uninitialised struct padding in fpr_set() arm64/ptrace: Preserve previous registers for short regset write arm64/ptrace: Preserve previous registers for short regset write arm64/ptrace: Preserve previous registers for short regset write arm64: mm: avoid name clash in __page_to_voff() arm64: Fix swiotlb fallback allocation
-
git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux由 Radim Krčmář 提交于
KVM: s390: Fix for 4.10 (via kvm/master) Fix a kernel memory exposure.
-
- 20 1月, 2017 3 次提交
-
-
由 Christian Borntraeger 提交于
kvm_s390_get_machine() populates the facility bitmap by copying bytes from the host results that are stored in a 256 byte array in the prefix page. The KVM code does use the size of the target buffer (2k), thus copying and exposing unrelated kernel memory (mostly machine check related logout data). Let's use the size of the source buffer instead. This is ok, as the target buffer will always be greater or equal than the source buffer as the KVM internal buffers (and thus S390_ARCH_FAC_LIST_SIZE_BYTE) cover the maximum possible size that is allowed by STFLE, which is 256 doublewords. All structures are zero allocated so we can leave bytes 256-2047 unchanged. Add a similar fix for kvm_arch_init_vm(). Reported-by: NHeiko Carstens <heiko.carstens@de.ibm.com> [found with smatch] Signed-off-by: NChristian Borntraeger <borntraeger@de.ibm.com> CC: stable@vger.kernel.org Acked-by: NCornelia Huck <cornelia.huck@de.ibm.com>
-
由 Mathias Nyman 提交于
The warn on is a bit too much, we will anyway set the dma mask if not set previously. The main reason for this fix is that 4.10-rc1 has a dwc3 change that pass a parent sysdev dev pointer instead of setting the dma mask of its xhci platform device. xhci platform driver can then get more attributes from the sysdev than just the dma mask. The usb core and xhci changes are not yet in 4.10, and a fix like this was preferred instead of taking those big changes this late in the rc-cycle. Signed-off-by: NMathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
由 Zhang Rui 提交于
-