1. 24 8月, 2018 19 次提交
  2. 23 8月, 2018 21 次提交
    • N
      include/linux/compiler*.h: make compiler-*.h mutually exclusive · 815f0ddb
      Nick Desaulniers 提交于
      Commit cafa0010 ("Raise the minimum required gcc version to 4.6")
      recently exposed a brittle part of the build for supporting non-gcc
      compilers.
      
      Both Clang and ICC define __GNUC__, __GNUC_MINOR__, and
      __GNUC_PATCHLEVEL__ for quick compatibility with code bases that haven't
      added compiler specific checks for __clang__ or __INTEL_COMPILER.
      
      This is brittle, as they happened to get compatibility by posing as a
      certain version of GCC.  This broke when upgrading the minimal version
      of GCC required to build the kernel, to a version above what ICC and
      Clang claim to be.
      
      Rather than always including compiler-gcc.h then undefining or
      redefining macros in compiler-intel.h or compiler-clang.h, let's
      separate out the compiler specific macro definitions into mutually
      exclusive headers, do more proper compiler detection, and keep shared
      definitions in compiler_types.h.
      
      Fixes: cafa0010 ("Raise the minimum required gcc version to 4.6")
      Reported-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
      Suggested-by: NEli Friedman <efriedma@codeaurora.org>
      Suggested-by: NJoe Perches <joe@perches.com>
      Signed-off-by: NNick Desaulniers <ndesaulniers@google.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      815f0ddb
    • L
      Merge tag 'platform-drivers-x86-v4.19-1' of git://git.infradead.org/linux-platform-drivers-x86 · 899fbc33
      Linus Torvalds 提交于
      Pull x86 platform driver updates from Andy Shevchenko:
      
       - The driver for Silead touchscreen configurations has been renamed
         from silead_dmi to touchscreen_dmi since it starts supporting other
         touchscreens which require some DMI quirks
      
         It also gets expanded to cover cases for Chuwi Vi10, ONDA V891W,
         Connect Tablet 9, Onda V820w, and Cube KNote i1101 tablets.
      
       - Another bunch of changes is related to Mellanox platform code to
         allow user space to communicate with Mellanox for system control and
         monitoring purposes. The driver notifies user on hotplug device
         signal receiving.
      
       - ASUS WMI drivers recognize lid flip action on UX360, and correctly
         toggles airplane mode LED. In addition the keyboard backlight toggle
         gets support.
      
       - ThinkPad ACPI driver enables support for calculator key (on at least
         P52). It also has been fixed to support three characters model
         designators, which are used for modern laptops. Earlier the battery,
         marked as BAT1, on ThinkPad laptops has not been configured properly,
         which is fixed. On the opposite the multi-battery configurations now
         probed correctly.
      
       - Dell SMBIOS driver starts working on some Dell servers which do not
         support token interface. The regression with backlight detection has
         also been fixed. In order to support dock mode on some laptops, Intel
         virtual button driver has been fixed. The last but not least is the
         fix to Intel HID driver due to changes in Dell systems that prevented
         to use power button.
      
      * tag 'platform-drivers-x86-v4.19-1' of git://git.infradead.org/linux-platform-drivers-x86: (47 commits)
        platform/x86: acer-wmi: Silence "unsupported" message a bit
        platform/x86: intel_punit_ipc: fix build errors
        platform/x86: ideapad: Add Y520-15IKBM and Y720-15IKBM to no_hw_rfkill
        platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360
        platform/x86: acer-wmi: refactor function has_cap
        platform/x86: thinkpad_acpi: Fix multi-battery bug
        platform/x86: thinkpad_acpi: extend battery quirk coverage
        platform/x86: touchscreen_dmi: Add info for the Cube KNote i1101 tablet
        platform/x86: mlx-platform: Fix copy-paste error in mlxplat_init()
        platform/x86: mlx-platform: Remove unused define
        platform/x86: mlx-platform: Change mlxreg-io configuration for MSN274x systems
        Documentation/ABI: Add new attribute for mlxreg-io sysfs interfaces
        platform/x86: mlx-platform: Allow mlxreg-io driver activation for more systems
        platform/x86: mlx-platform: Add ASIC hotplug device configuration
        platform/mellanox: mlxreg-hotplug: Add hotplug hwmon uevent notification
        platform/mellanox: mlxreg-hotplug: Improve mechanism of ASIC health discovery
        platform/x86: mlx-platform: Add mlxreg-fan platform driver activation
        platform/x86: dell-laptop: Fix backlight detection
        platform/x86: toshiba_acpi: Fix defined but not used build warnings
        platform/x86: thinkpad_acpi: Support battery quirk
        ...
      899fbc33
    • T
      ia64: Fix allnoconfig section mismatch for ioc_init/ioc_iommu_info · 2edd73a4
      Tony Luck 提交于
      This has been broken for an embarassingly long time (since v4.4).
      
      Just needs a couple of __init tags on functions to make the sections
      match up.
      Signed-off-by: NTony Luck <tony.luck@intel.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      2edd73a4
    • L
      Merge branch 'parisc-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · 45b74a65
      Linus Torvalds 提交于
      Pull more parisc updates from Helge Deller:
      
       - fix boot failure of 64-bit kernel. It got broken by the unwind
         optimization commit in merge window.
      
       - fix 64-bit userspace support (static 64-bit applications only, e.g.
         we don't yet have 64-bit userspace support in glibc).
      
       - consolidate unwind initialization code.
      
       - add machine model description to stack trace.
      
      * 'parisc-4.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Add hardware description to stack traces
        parisc: Fix boot failure of 64-bit kernel
        parisc: Consolidate unwind initialization calls
        parisc: Update comments in syscall.S regarding wide userland
        parisc: Fix ptraced 64-bit applications to call 64-bit syscalls
        parisc: Restore possibility to execute 64-bit applications
      45b74a65
    • L
      Merge tag 'xtensa-20180820' of git://github.com/jcmvbkbc/linux-xtensa · 433bcf67
      Linus Torvalds 提交于
      Pull Xtensa updates from Max Filippov:
      
       - switch xtensa arch to the generic noncoherent direct mapping
         operations
      
       - add support for DMA_ATTR_NO_KERNEL_MAPPING attribute
      
       - clean up users of platform/hardware.h in generic Xtensa code
      
       - fix assembly cache maintenance code for long cache lines
      
       - rework noMMU cache attributes initialization
      
       - add big-endian HiFi2 test_kc705_be CPU variant
      
      * tag 'xtensa-20180820' of git://github.com/jcmvbkbc/linux-xtensa:
        xtensa: add test_kc705_be variant
        xtensa: clean up boot-elf/bootstrap.S
        xtensa: make bootparam parsing optional
        xtensa: drop variant IRQ support
        xtensa: drop unneeded platform/hardware.h headers
        xtensa: move PLATFORM_NR_IRQS to Kconfig
        xtensa: rework {CONFIG,PLATFORM}_DEFAULT_MEM_START
        xtensa: drop unused {CONFIG,PLATFORM}_DEFAULT_MEM_SIZE
        xtensa: rework noMMU cache attributes initialization
        xtensa: increase ranges in ___invalidate_{i,d}cache_all
        xtensa: limit offsets in __loop_cache_{all,page}
        xtensa: platform-specific handling of coherent memory
        xtensa: support DMA_ATTR_NO_KERNEL_MAPPING attribute
        xtensa: use generic dma_noncoherent_ops
      433bcf67
    • L
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · b3721153
      Linus Torvalds 提交于
      Pull second set of KVM updates from Paolo Bonzini:
       "ARM:
         - Support for Group0 interrupts in guests
         - Cache management optimizations for ARMv8.4 systems
         - Userspace interface for RAS
         - Fault path optimization
         - Emulated physical timer fixes
         - Random cleanups
      
        x86:
         - fixes for L1TF
         - a new test case
         - non-support for SGX (inject the right exception in the guest)
         - fix lockdep false positive"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (49 commits)
        KVM: VMX: fixes for vmentry_l1d_flush module parameter
        kvm: selftest: add dirty logging test
        kvm: selftest: pass in extra memory when create vm
        kvm: selftest: include the tools headers
        kvm: selftest: unify the guest port macros
        tools: introduce test_and_clear_bit
        KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
        KVM: vmx: Inject #UD for SGX ENCLS instruction in guest
        KVM: vmx: Add defines for SGX ENCLS exiting
        x86/kvm/vmx: Fix coding style in vmx_setup_l1d_flush()
        x86: kvm: avoid unused variable warning
        KVM: Documentation: rename the capability of KVM_CAP_ARM_SET_SERROR_ESR
        KVM: arm/arm64: Skip updating PTE entry if no change
        KVM: arm/arm64: Skip updating PMD entry if no change
        KVM: arm: Use true and false for boolean values
        KVM: arm/arm64: vgic: Do not use spin_lock_irqsave/restore with irq disabled
        KVM: arm/arm64: vgic: Move DEBUG_SPINLOCK_BUG_ON to vgic.h
        KVM: arm: vgic-v3: Add support for ICC_SGI0R and ICC_ASGI1R accesses
        KVM: arm64: vgic-v3: Add support for ICC_SGI0R_EL1 and ICC_ASGI1R_EL1 accesses
        KVM: arm/arm64: vgic-v3: Add core support for Group0 SGIs
        ...
      b3721153
    • L
      Merge tag 'for-4.19/post-20180822' of git://git.kernel.dk/linux-block · 5bed49ad
      Linus Torvalds 提交于
      Pull more block updates from Jens Axboe:
      
       - Set of bcache fixes and changes (Coly)
      
       - The flush warn fix (me)
      
       - Small series of BFQ fixes (Paolo)
      
       - wbt hang fix (Ming)
      
       - blktrace fix (Steven)
      
       - blk-mq hardware queue count update fix (Jianchao)
      
       - Various little fixes
      
      * tag 'for-4.19/post-20180822' of git://git.kernel.dk/linux-block: (31 commits)
        block/DAC960.c: make some arrays static const, shrinks object size
        blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
        blk-mq: init hctx sched after update ctx and hctx mapping
        block: remove duplicate initialization
        tracing/blktrace: Fix to allow setting same value
        pktcdvd: fix setting of 'ret' error return for a few cases
        block: change return type to bool
        block, bfq: return nbytes and not zero from struct cftype .write() method
        block, bfq: improve code of bfq_bfqq_charge_time
        block, bfq: reduce write overcharge
        block, bfq: always update the budget of an entity when needed
        block, bfq: readd missing reset of parent-entity service
        blk-wbt: fix IO hang in wbt_wait()
        block: don't warn for flush on read-only device
        bcache: add the missing comments for smp_mb()/smp_wmb()
        bcache: remove unnecessary space before ioctl function pointer arguments
        bcache: add missing SPDX header
        bcache: move open brace at end of function definitions to next line
        bcache: add static const prefix to char * array declarations
        bcache: fix code comments style
        ...
      5bed49ad
    • L
      Merge tag 'f2fs-for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs · fe6f0ed0
      Linus Torvalds 提交于
      Pull f2fs updates from Jaegeuk Kim:
       "In this round, we've tuned f2fs to improve general performance by
        serializing block allocation and enhancing discard flows like fstrim
        which avoids user IO contention. And we've added fsync_mode=nobarrier
        which gives an option to user where it skips issuing cache_flush
        commands to underlying flash storage. And there are many bug fixes
        related to fuzzed images, revoked atomic writes, quota ops, and minor
        direct IO.
      
        Enhancements:
         - add fsync_mode=nobarrier which bypasses cache_flush command
         - enhance the discarding flow which avoids user IOs and issues in
           LBA order
         - readahead some encrypted blocks during GC
         - enable in-memory inode checksum to verify the blocks if
           F2FS_CHECK_FS is set
         - enhance nat_bits behavior
         - set -o discard by default
         - set REQ_RAHEAD to bio in ->readpages
      
        Bug fixes:
         - fix a corner case to corrupt atomic_writes revoking flow
         - revisit i_gc_rwsem to fix race conditions
         - fix some dio behaviors captured by xfstests
         - correct handling errors given by quota-related failures
         - add many sanity check flows to avoid fuzz test failures
         - add more error number propagation to their callers
         - fix several corner cases to continue fault injection w/ shutdown
           loop"
      
      * tag 'f2fs-for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: (89 commits)
        f2fs: readahead encrypted block during GC
        f2fs: avoid fi->i_gc_rwsem[WRITE] lock in f2fs_gc
        f2fs: fix performance issue observed with multi-thread sequential read
        f2fs: fix to skip verifying block address for non-regular inode
        f2fs: rework fault injection handling to avoid a warning
        f2fs: support fault_type mount option
        f2fs: fix to return success when trimming meta area
        f2fs: fix use-after-free of dicard command entry
        f2fs: support discard submission error injection
        f2fs: split discard command in prior to block layer
        f2fs: wake up gc thread immediately when gc_urgent is set
        f2fs: fix incorrect range->len in f2fs_trim_fs()
        f2fs: refresh recent accessed nat entry in lru list
        f2fs: fix avoid race between truncate and background GC
        f2fs: avoid race between zero_range and background GC
        f2fs: fix to do sanity check with block address in main area v2
        f2fs: fix to do sanity check with inline flags
        f2fs: fix to reset i_gc_failures correctly
        f2fs: fix invalid memory access
        f2fs: fix to avoid broken of dnode block list
        ...
      fe6f0ed0
    • M
      ovl: set I_CREATING on inode being created · 6faf05c2
      Miklos Szeredi 提交于
      ...otherwise there will be list corruption due to inode_sb_list_add() being
      called for inode already on the sb list.
      Signed-off-by: NMiklos Szeredi <mszeredi@redhat.com>
      Fixes: e950564b ("vfs: don't evict uninitialized inode")
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      6faf05c2
    • L
      Merge branch 'akpm' (patches from Andrew) · cd9b44f9
      Linus Torvalds 提交于
      Merge more updates from Andrew Morton:
      
       - the rest of MM
      
       - procfs updates
      
       - various misc things
      
       - more y2038 fixes
      
       - get_maintainer updates
      
       - lib/ updates
      
       - checkpatch updates
      
       - various epoll updates
      
       - autofs updates
      
       - hfsplus
      
       - some reiserfs work
      
       - fatfs updates
      
       - signal.c cleanups
      
       - ipc/ updates
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (166 commits)
        ipc/util.c: update return value of ipc_getref from int to bool
        ipc/util.c: further variable name cleanups
        ipc: simplify ipc initialization
        ipc: get rid of ids->tables_initialized hack
        lib/rhashtable: guarantee initial hashtable allocation
        lib/rhashtable: simplify bucket_table_alloc()
        ipc: drop ipc_lock()
        ipc/util.c: correct comment in ipc_obtain_object_check
        ipc: rename ipcctl_pre_down_nolock()
        ipc/util.c: use ipc_rcu_putref() for failues in ipc_addid()
        ipc: reorganize initialization of kern_ipc_perm.seq
        ipc: compute kern_ipc_perm.id under the ipc lock
        init/Kconfig: remove EXPERT from CHECKPOINT_RESTORE
        fs/sysv/inode.c: use ktime_get_real_seconds() for superblock stamp
        adfs: use timespec64 for time conversion
        kernel/sysctl.c: fix typos in comments
        drivers/rapidio/devices/rio_mport_cdev.c: remove redundant pointer md
        fork: don't copy inconsistent signal handler state to child
        signal: make get_signal() return bool
        signal: make sigkill_pending() return bool
        ...
      cd9b44f9
    • M
      ipc/util.c: update return value of ipc_getref from int to bool · 2a9d6481
      Manfred Spraul 提交于
      ipc_getref has still a return value of type "int", matching the atomic_t
      interface of atomic_inc_not_zero()/atomic_add_unless().
      
      ipc_getref now uses refcount_inc_not_zero, which has a return value of
      type "bool".
      
      Therefore, update the return code to avoid implicit conversions.
      
      Link: http://lkml.kernel.org/r/20180712185241.4017-13-manfred@colorfullife.comSigned-off-by: NManfred Spraul <manfred@colorfullife.com>
      Cc: Davidlohr Bueso <dave@stgolabs.net>
      Cc: Davidlohr Bueso <dbueso@suse.de>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      2a9d6481
    • M
      ipc/util.c: further variable name cleanups · 27c331a1
      Manfred Spraul 提交于
      The varable names got a mess, thus standardize them again:
      
      id: user space id. Called semid, shmid, msgid if the type is known.
          Most functions use "id" already.
      idx: "index" for the idr lookup
          Right now, some functions use lid, ipc_addid() already uses idx as
          the variable name.
      seq: sequence number, to avoid quick collisions of the user space id
      key: user space key, used for the rhash tree
      
      Link: http://lkml.kernel.org/r/20180712185241.4017-12-manfred@colorfullife.comSigned-off-by: NManfred Spraul <manfred@colorfullife.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Davidlohr Bueso <dave@stgolabs.net>
      Cc: Davidlohr Bueso <dbueso@suse.de>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      27c331a1
    • D
      ipc: simplify ipc initialization · eae04d25
      Davidlohr Bueso 提交于
      Now that we know that rhashtable_init() will not fail, we can get rid of a
      lot of the unnecessary cleanup paths when the call errored out.
      
      [manfred@colorfullife.com: variable name added to util.h to resolve checkpatch warning]
      Link: http://lkml.kernel.org/r/20180712185241.4017-11-manfred@colorfullife.comSigned-off-by: NDavidlohr Bueso <dbueso@suse.de>
      Signed-off-by: NManfred Spraul <manfred@colorfullife.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      eae04d25
    • D
      ipc: get rid of ids->tables_initialized hack · dc2c8c84
      Davidlohr Bueso 提交于
      In sysvipc we have an ids->tables_initialized regarding the rhashtable,
      introduced in 0cfb6aee ("ipc: optimize semget/shmget/msgget for lots
      of keys")
      
      It's there, specifically, to prevent nil pointer dereferences, from using
      an uninitialized api.  Considering how rhashtable_init() can fail
      (probably due to ENOMEM, if anything), this made the overall ipc
      initialization capable of failure as well.  That alone is ugly, but fine,
      however I've spotted a few issues regarding the semantics of
      tables_initialized (however unlikely they may be):
      
      - There is inconsistency in what we return to userspace: ipc_addid()
        returns ENOSPC which is certainly _wrong_, while ipc_obtain_object_idr()
        returns EINVAL.
      
      - After we started using rhashtables, ipc_findkey() can return nil upon
        !tables_initialized, but the caller expects nil for when the ipc
        structure isn't found, and can therefore call into ipcget() callbacks.
      
      Now that rhashtable initialization cannot fail, we can properly get rid of
      the hack altogether.
      
      [manfred@colorfullife.com: commit id extended to 12 digits]
      Link: http://lkml.kernel.org/r/20180712185241.4017-10-manfred@colorfullife.comSigned-off-by: NDavidlohr Bueso <dbueso@suse.de>
      Signed-off-by: NManfred Spraul <manfred@colorfullife.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      dc2c8c84
    • D
      lib/rhashtable: guarantee initial hashtable allocation · 2d22ecf6
      Davidlohr Bueso 提交于
      rhashtable_init() may fail due to -ENOMEM, thus making the entire api
      unusable.  This patch removes this scenario, however unlikely.  In order
      to guarantee memory allocation, this patch always ends up doing
      GFP_KERNEL|__GFP_NOFAIL for both the tbl as well as
      alloc_bucket_spinlocks().
      
      Upon the first table allocation failure, we shrink the size to the
      smallest value that makes sense and retry with __GFP_NOFAIL semantics.
      With the defaults, this means that from 64 buckets, we retry with only 4.
      Any later issues regarding performance due to collisions or larger table
      resizing (when more memory becomes available) is the least of our
      problems.
      
      Link: http://lkml.kernel.org/r/20180712185241.4017-9-manfred@colorfullife.comSigned-off-by: NDavidlohr Bueso <dbueso@suse.de>
      Signed-off-by: NManfred Spraul <manfred@colorfullife.com>
      Acked-by: NHerbert Xu <herbert@gondor.apana.org.au>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      2d22ecf6
    • D
      lib/rhashtable: simplify bucket_table_alloc() · 93f976b5
      Davidlohr Bueso 提交于
      As of ce91f6ee ("mm: kvmalloc does not fallback to vmalloc for
      incompatible gfp flags") we can simplify the caller and trust kvzalloc()
      to just do the right thing.  For the case of the GFP_ATOMIC context, we
      can drop the __GFP_NORETRY flag for obvious reasons, and for the
      __GFP_NOWARN case, however, it is changed such that the caller passes the
      flag instead of making bucket_table_alloc() handle it.
      
      This slightly changes the gfp flags passed on to nested_table_alloc() as
      it will now also use GFP_ATOMIC | __GFP_NOWARN.  However, I consider this
      a positive consequence as for the same reasons we want nowarn semantics in
      bucket_table_alloc().
      
      [manfred@colorfullife.com: commit id extended to 12 digits, line wraps updated]
      Link: http://lkml.kernel.org/r/20180712185241.4017-8-manfred@colorfullife.comSigned-off-by: NDavidlohr Bueso <dbueso@suse.de>
      Signed-off-by: NManfred Spraul <manfred@colorfullife.com>
      Acked-by: NMichal Hocko <mhocko@suse.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      93f976b5
    • D
      ipc: drop ipc_lock() · 82061c57
      Davidlohr Bueso 提交于
      ipc/util.c contains multiple functions to get the ipc object pointer given
      an id number.
      
      There are two sets of function: One set verifies the sequence counter part
      of the id number, other functions do not check the sequence counter.
      
      The standard for function names in ipc/util.c is
      - ..._check() functions verify the sequence counter
      - ..._idr() functions do not verify the sequence counter
      
      ipc_lock() is an exception: It does not verify the sequence counter value,
      but this is not obvious from the function name.
      
      Furthermore, shm.c is the only user of this helper.  Thus, we can simply
      move the logic into shm_lock() and get rid of the function altogether.
      
      [manfred@colorfullife.com: most of changelog]
      Link: http://lkml.kernel.org/r/20180712185241.4017-7-manfred@colorfullife.comSigned-off-by: NDavidlohr Bueso <dbueso@suse.de>
      Signed-off-by: NManfred Spraul <manfred@colorfullife.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      82061c57
    • M
      ipc/util.c: correct comment in ipc_obtain_object_check · 2e5ceb45
      Manfred Spraul 提交于
      The comment that explains ipc_obtain_object_check is wrong: The function
      checks the sequence number, not the reference counter.
      
      Note that checking the reference counter would be meaningless: The
      reference counter is decreased without holding any locks, thus an object
      with kern_ipc_perm.deleted=true may disappear at the end of the next rcu
      grace period.
      
      Link: http://lkml.kernel.org/r/20180712185241.4017-6-manfred@colorfullife.comSigned-off-by: NManfred Spraul <manfred@colorfullife.com>
      Reviewed-by: NDavidlohr Bueso <dbueso@suse.de>
      Cc: Davidlohr Bueso <dave@stgolabs.net>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      2e5ceb45
    • M
      ipc: rename ipcctl_pre_down_nolock() · 4241c1a3
      Manfred Spraul 提交于
      Both the comment and the name of ipcctl_pre_down_nolock() are misleading:
      The function must be called while holdling the rw semaphore.
      
      Therefore the patch renames the function to ipcctl_obtain_check(): This
      name matches the other names used in util.c:
      
      - "obtain" function look up a pointer in the idr, without
        acquiring the object lock.
      - The caller is responsible for locking.
      - _check means that the sequence number is checked.
      
      Link: http://lkml.kernel.org/r/20180712185241.4017-5-manfred@colorfullife.comSigned-off-by: NManfred Spraul <manfred@colorfullife.com>
      Reviewed-by: NDavidlohr Bueso <dbueso@suse.de>
      Cc: Davidlohr Bueso <dave@stgolabs.net>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      4241c1a3
    • M
      ipc/util.c: use ipc_rcu_putref() for failues in ipc_addid() · 39cfffd7
      Manfred Spraul 提交于
      ipc_addid() is impossible to use:
      - for certain failures, the caller must not use ipc_rcu_putref(),
        because the reference counter is not yet initialized.
      - for other failures, the caller must use ipc_rcu_putref(),
        because parallel operations could be ongoing already.
      
      The patch cleans that up, by initializing the refcount early, and by
      modifying all callers.
      
      The issues is related to the finding of
      syzbot+2827ef6b3385deb07eaf@syzkaller.appspotmail.com: syzbot found an
      issue with reading kern_ipc_perm.seq, here both read and write to already
      released memory could happen.
      
      Link: http://lkml.kernel.org/r/20180712185241.4017-4-manfred@colorfullife.comSigned-off-by: NManfred Spraul <manfred@colorfullife.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Davidlohr Bueso <dave@stgolabs.net>
      Cc: Davidlohr Bueso <dbueso@suse.de>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      39cfffd7
    • M
      ipc: reorganize initialization of kern_ipc_perm.seq · e2652ae6
      Manfred Spraul 提交于
      ipc_addid() initializes kern_ipc_perm.seq after having called idr_alloc()
      (within ipc_idr_alloc()).
      
      Thus a parallel semop() or msgrcv() that uses ipc_obtain_object_check()
      may see an uninitialized value.
      
      The patch moves the initialization of kern_ipc_perm.seq before the calls
      of idr_alloc().
      
      Notes:
      1) This patch has a user space visible side effect:
      If /proc/sys/kernel/*_next_id is used (i.e.: checkpoint/restore) and
      if semget()/msgget()/shmget() fails in the final step of adding the id
      to the rhash tree, then .._next_id is cleared. Before the patch, is
      remained unmodified.
      
      There is no change of the behavior after a successful ..get() call: It
      always clears .._next_id, there is no impact to non checkpoint/restore
      code as that code does not use .._next_id.
      
      2) The patch correctly documents that after a call to ipc_idr_alloc(),
      the full tear-down sequence must be used. The callers of ipc_addid()
      do not fullfill that, i.e. more bugfixes are required.
      
      The patch is a squash of a patch from Dmitry and my own changes.
      
      Link: http://lkml.kernel.org/r/20180712185241.4017-3-manfred@colorfullife.com
      Reported-by: syzbot+2827ef6b3385deb07eaf@syzkaller.appspotmail.com
      Signed-off-by: NManfred Spraul <manfred@colorfullife.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Davidlohr Bueso <dave@stgolabs.net>
      Cc: Michael Kerrisk <mtk.manpages@gmail.com>
      Cc: Davidlohr Bueso <dbueso@suse.de>
      Cc: Herbert Xu <herbert@gondor.apana.org.au>
      Cc: Michal Hocko <mhocko@suse.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      e2652ae6