1. 06 4月, 2021 4 次提交
  2. 27 3月, 2021 2 次提交
    • S
      x86/sgx: Add SGX_CHILD_PRESENT hardware error code · 231d3dbd
      Sean Christopherson 提交于
      SGX driver can accurately track how enclave pages are used.  This
      enables SECS to be specifically targeted and EREMOVE'd only after all
      child pages have been EREMOVE'd.  This ensures that SGX driver will
      never encounter SGX_CHILD_PRESENT in normal operation.
      
      Virtual EPC is different.  The host does not track how EPC pages are
      used by the guest, so it cannot guarantee EREMOVE success.  It might,
      for instance, encounter a SECS with a non-zero child count.
      
      Add a definition of SGX_CHILD_PRESENT.  It will be used exclusively by
      the SGX virtualization driver to handle recoverable EREMOVE errors when
      saniziting EPC pages after they are freed.
      Signed-off-by: NSean Christopherson <sean.j.christopherson@intel.com>
      Signed-off-by: NKai Huang <kai.huang@intel.com>
      Signed-off-by: NBorislav Petkov <bp@suse.de>
      Acked-by: NDave Hansen <dave.hansen@intel.com>
      Acked-by: NJarkko Sakkinen <jarkko@kernel.org>
      Link: https://lkml.kernel.org/r/050b198e882afde7e6eba8e6a0d4da39161dbb5a.1616136308.git.kai.huang@intel.com
      231d3dbd
    • K
      x86/sgx: Wipe out EREMOVE from sgx_free_epc_page() · b0c7459b
      Kai Huang 提交于
      EREMOVE takes a page and removes any association between that page and
      an enclave. It must be run on a page before it can be added into another
      enclave. Currently, EREMOVE is run as part of pages being freed into the
      SGX page allocator. It is not expected to fail, as it would indicate a
      use-after-free of EPC pages. Rather than add the page back to the pool
      of available EPC pages, the kernel intentionally leaks the page to avoid
      additional errors in the future.
      
      However, KVM does not track how guest pages are used, which means that
      SGX virtualization use of EREMOVE might fail. Specifically, it is
      legitimate that EREMOVE returns SGX_CHILD_PRESENT for EPC assigned to
      KVM guest, because KVM/kernel doesn't track SECS pages.
      
      To allow SGX/KVM to introduce a more permissive EREMOVE helper and
      to let the SGX virtualization code use the allocator directly, break
      out the EREMOVE call from the SGX page allocator. Rename the original
      sgx_free_epc_page() to sgx_encl_free_epc_page(), indicating that
      it is used to free an EPC page assigned to a host enclave. Replace
      sgx_free_epc_page() with sgx_encl_free_epc_page() in all call sites so
      there's no functional change.
      
      At the same time, improve the error message when EREMOVE fails, and
      add documentation to explain to the user what that failure means and
      to suggest to the user what to do when this bug happens in the case it
      happens.
      
       [ bp: Massage commit message, fix typos and sanitize text, simplify. ]
      Signed-off-by: NKai Huang <kai.huang@intel.com>
      Signed-off-by: NBorislav Petkov <bp@suse.de>
      Reviewed-by: NJarkko Sakkinen <jarkko@kernel.org>
      Link: https://lkml.kernel.org/r/20210325093057.122834-1-kai.huang@intel.com
      b0c7459b
  3. 26 3月, 2021 2 次提交
  4. 25 3月, 2021 1 次提交
  5. 24 3月, 2021 1 次提交
  6. 20 3月, 2021 2 次提交
    • D
      selftests/sgx: Improve error detection and messages · 4284f7ac
      Dave Hansen 提交于
      The SGX device file (/dev/sgx_enclave) is unusual in that it requires
      execute permissions.  It has to be both "chmod +x" *and* be on a
      filesystem without 'noexec'.
      
      In the future, udev and systemd should get updates to set up systems
      automatically.  But, for now, nobody's systems do this automatically,
      and everybody gets error messages like this when running ./test_sgx:
      
      	0x0000000000000000 0x0000000000002000 0x03
      	0x0000000000002000 0x0000000000001000 0x05
      	0x0000000000003000 0x0000000000003000 0x03
      	mmap() failed, errno=1.
      
      That isn't very user friendly, even for forgetful kernel developers.
      
      Further, the test case is rather haphazard about its use of fprintf()
      versus perror().
      
      Improve the error messages.  Use perror() where possible.  Lastly,
      do some sanity checks on opening and mmap()ing the device file so
      that we can get a decent error message out to the user.
      
      Now, if your user doesn't have permission, you'll get the following:
      
      	$ ls -l /dev/sgx_enclave
      	crw------- 1 root root 10, 126 Mar 18 11:29 /dev/sgx_enclave
      	$ ./test_sgx
      	Unable to open /dev/sgx_enclave: Permission denied
      
      If you then 'chown dave:dave /dev/sgx_enclave' (or whatever), but
      you leave execute permissions off, you'll get:
      
      	$ ls -l /dev/sgx_enclave
      	crw------- 1 dave dave 10, 126 Mar 18 11:29 /dev/sgx_enclave
      	$ ./test_sgx
      	no execute permissions on device file
      
      If you fix that with "chmod ug+x /dev/sgx" but you leave /dev as
      noexec, you'll get this:
      
      	$ mount | grep "/dev .*noexec"
      	udev on /dev type devtmpfs (rw,nosuid,noexec,...)
      	$ ./test_sgx
      	ERROR: mmap for exec: Operation not permitted
      	mmap() succeeded for PROT_READ, but failed for PROT_EXEC
      	check that user has execute permissions on /dev/sgx_enclave and
      	that /dev does not have noexec set: 'mount | grep "/dev .*noexec"'
      
      That can be fixed with:
      
      	mount -o remount,noexec /devESC
      
      Hopefully, the combination of better error messages and the search
      engines indexing this message will help people fix their systems
      until we do this properly.
      
       [ bp: Improve error messages more. ]
      Signed-off-by: NDave Hansen <dave.hansen@linux.intel.com>
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      Signed-off-by: NBorislav Petkov <bp@suse.de>
      Reviewed-by: NJarkko Sakkinen <jarkko@kernel.org>
      Link: https://lore.kernel.org/r/20210318194301.11D9A984@viggo.jf.intel.com
      4284f7ac
    • J
      x86/sgx: Add a basic NUMA allocation scheme to sgx_alloc_epc_page() · 901ddbb9
      Jarkko Sakkinen 提交于
      Background
      ==========
      
      SGX enclave memory is enumerated by the processor in contiguous physical
      ranges called Enclave Page Cache (EPC) sections.  Currently, there is a
      free list per section, but allocations simply target the lowest-numbered
      sections.  This is functional, but has no NUMA awareness.
      
      Fortunately, EPC sections are covered by entries in the ACPI SRAT table.
      These entries allow each EPC section to be associated with a NUMA node,
      just like normal RAM.
      
      Solution
      ========
      
      Implement a NUMA-aware enclave page allocator.  Mirror the buddy allocator
      and maintain a list of enclave pages for each NUMA node.  Attempt to
      allocate enclave memory first from local nodes, then fall back to other
      nodes.
      
      Note that the fallback is not as sophisticated as the buddy allocator
      and is itself not aware of NUMA distances.  When a node's free list is
      empty, it searches for the next-highest node with enclave pages (and
      will wrap if necessary).  This could be improved in the future.
      
      Other
      =====
      
      NUMA_KEEP_MEMINFO dependency is required for phys_to_target_node().
      
       [ Kai Huang: Do not return NULL from __sgx_alloc_epc_page() because
         callers do not expect that and that leads to a NULL ptr deref. ]
      
       [ dhansen: Fix an uninitialized 'nid' variable in
         __sgx_alloc_epc_page() as
      Reported-by: Nkernel test robot <lkp@intel.com>
      
         to avoid any potential allocations from the wrong NUMA node or even
         premature allocation failures. ]
      Signed-off-by: NJarkko Sakkinen <jarkko@kernel.org>
      Signed-off-by: NKai Huang <kai.huang@intel.com>
      Signed-off-by: NDave Hansen <dave.hansen@intel.com>
      Signed-off-by: NBorislav Petkov <bp@suse.de>
      Acked-by: NDave Hansen <dave.hansen@linux.intel.com>
      Link: https://lore.kernel.org/lkml/158188326978.894464.217282995221175417.stgit@dwillia2-desk3.amr.corp.intel.com/
      Link: https://lkml.kernel.org/r/20210319040602.178558-1-kai.huang@intel.com
      Link: https://lkml.kernel.org/r/20210318214933.29341-1-dave.hansen@intel.com
      Link: https://lkml.kernel.org/r/20210317235332.362001-2-jarkko.sakkinen@intel.com
      901ddbb9
  7. 18 3月, 2021 1 次提交
  8. 15 3月, 2021 13 次提交
    • L
      Linux 5.12-rc3 · 1e28eed1
      Linus Torvalds 提交于
      1e28eed1
    • A
      prctl: fix PR_SET_MM_AUXV kernel stack leak · c995f12a
      Alexey Dobriyan 提交于
      Doing a
      
      	prctl(PR_SET_MM, PR_SET_MM_AUXV, addr, 1);
      
      will copy 1 byte from userspace to (quite big) on-stack array
      and then stash everything to mm->saved_auxv.
      AT_NULL terminator will be inserted at the very end.
      
      /proc/*/auxv handler will find that AT_NULL terminator
      and copy original stack contents to userspace.
      
      This devious scheme requires CAP_SYS_RESOURCE.
      Signed-off-by: NAlexey Dobriyan <adobriyan@gmail.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      c995f12a
    • L
      Merge tag 'irq-urgent-2021-03-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 70404fe3
      Linus Torvalds 提交于
      Pull irq fixes from Thomas Gleixner:
       "A set of irqchip updates:
      
         - Make the GENERIC_IRQ_MULTI_HANDLER configuration correct
      
         - Add a missing DT compatible string for the Ingenic driver
      
         - Remove the pointless debugfs_file pointer from struct irqdomain"
      
      * tag 'irq-urgent-2021-03-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/ingenic: Add support for the JZ4760
        dt-bindings/irq: Add compatible string for the JZ4760B
        irqchip: Do not blindly select CONFIG_GENERIC_IRQ_MULTI_HANDLER
        ARM: ep93xx: Select GENERIC_IRQ_MULTI_HANDLER directly
        irqdomain: Remove debugfs_file from struct irq_domain
      70404fe3
    • L
      Merge tag 'timers-urgent-2021-03-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 802b31c0
      Linus Torvalds 提交于
      Pull timer fix from Thomas Gleixner:
       "A single fix in for hrtimers to prevent an interrupt storm caused by
        the lack of reevaluation of the timers which expire in softirq context
        under certain circumstances, e.g. when the clock was set"
      
      * tag 'timers-urgent-2021-03-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        hrtimer: Update softirq_expires_next correctly after __hrtimer_get_next_event()
      802b31c0
    • L
      Merge tag 'sched-urgent-2021-03-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · c72cbc93
      Linus Torvalds 提交于
      Pull scheduler fixes from Thomas Gleixner:
       "A set of scheduler updates:
      
         - Prevent a NULL pointer dereference in the migration_stop_cpu()
           mechanims
      
         - Prevent self concurrency of affine_move_task()
      
         - Small fixes and cleanups related to task migration/affinity setting
      
         - Ensure that sync_runqueues_membarrier_state() is invoked on the
           current CPU when it is in the cpu mask"
      
      * tag 'sched-urgent-2021-03-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/membarrier: fix missing local execution of ipi_sync_rq_state()
        sched: Simplify set_affinity_pending refcounts
        sched: Fix affine_move_task() self-concurrency
        sched: Optimize migration_cpu_stop()
        sched: Collate affine_move_task() stoppers
        sched: Simplify migration_cpu_stop()
        sched: Fix migration_cpu_stop() requeueing
      c72cbc93
    • L
      Merge tag 'objtool-urgent-2021-03-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 19469d2a
      Linus Torvalds 提交于
      Pull objtool fix from Thomas Gleixner:
       "A single objtool fix to handle the PUSHF/POPF validation correctly for
        the paravirt changes which modified arch_local_irq_restore not to use
        popf"
      
      * tag 'objtool-urgent-2021-03-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        objtool,x86: Fix uaccess PUSHF/POPF validation
      19469d2a
    • L
      Merge tag 'locking-urgent-2021-03-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · fa509ff8
      Linus Torvalds 提交于
      Pull locking fixes from Thomas Gleixner:
       "A couple of locking fixes:
      
         - A fix for the static_call mechanism so it handles unaligned
           addresses correctly.
      
         - Make u64_stats_init() a macro so every instance gets a seperate
           lockdep key.
      
         - Make seqcount_latch_init() a macro as well to preserve the static
           variable which is used for the lockdep key"
      
      * tag 'locking-urgent-2021-03-14' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        seqlock,lockdep: Fix seqcount_latch_init()
        u64_stats,lockdep: Fix u64_stats_init() vs lockdep
        static_call: Fix the module key fixup
      fa509ff8
    • L
      Merge tag 'perf_urgent_for_v5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 75013c6c
      Linus Torvalds 提交于
      Pull perf fixes from Borislav Petkov:
      
       - Make sure PMU internal buffers are flushed for per-CPU events too and
         properly handle PID/TID for large PEBS.
      
       - Handle the case properly when there's no PMU and therefore return an
         empty list of perf MSRs for VMX to switch instead of reading random
         garbage from the stack.
      
      * tag 'perf_urgent_for_v5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/perf: Use RET0 as default for guest_get_msrs to handle "no PMU" case
        perf/x86/intel: Set PERF_ATTACH_SCHED_CB for large PEBS and LBR
        perf/core: Flush PMU internal buffers for per-CPU events
      75013c6c
    • L
      Merge tag 'efi-urgent-for-v5.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 836d7f05
      Linus Torvalds 提交于
      Pull EFI fix from Ard Biesheuvel via Borislav Petkov:
       "Fix an oversight in the handling of EFI_RT_PROPERTIES_TABLE, which was
        added v5.10, but failed to take the SetVirtualAddressMap() RT service
        into account"
      
      * tag 'efi-urgent-for-v5.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        efi: stub: omit SetVirtualAddressMap() if marked unsupported in RT_PROP table
      836d7f05
    • L
      Merge tag 'x86_urgent_for_v5.12_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 0a7c10df
      Linus Torvalds 提交于
      Pull x86 fixes from Borislav Petkov:
      
       - A couple of SEV-ES fixes and robustifications: verify usermode stack
         pointer in NMI is not coming from the syscall gap, correctly track
         IRQ states in the #VC handler and access user insn bytes atomically
         in same handler as latter cannot sleep.
      
       - Balance 32-bit fast syscall exit path to do the proper work on exit
         and thus not confuse audit and ptrace frameworks.
      
       - Two fixes for the ORC unwinder going "off the rails" into KASAN
         redzones and when ORC data is missing.
      
      * tag 'x86_urgent_for_v5.12_rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/sev-es: Use __copy_from_user_inatomic()
        x86/sev-es: Correctly track IRQ states in runtime #VC handler
        x86/sev-es: Check regs->sp is trusted before adjusting #VC IST stack
        x86/sev-es: Introduce ip_within_syscall_gap() helper
        x86/entry: Fix entry/exit mismatch on failed fast 32-bit syscalls
        x86/unwind/orc: Silence warnings caused by missing ORC data
        x86/unwind/orc: Disable KASAN checking in the ORC unwinder, part 2
      0a7c10df
    • L
      Merge tag 'powerpc-5.12-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · c3c7579f
      Linus Torvalds 提交于
      Pull powerpc fixes from Michael Ellerman:
       "Some more powerpc fixes for 5.12:
      
         - Fix wrong instruction encoding for lis in ppc_function_entry(),
           which could potentially lead to missed kprobes.
      
         - Fix SET_FULL_REGS on 32-bit and 64e, which prevented ptrace of
           non-volatile GPRs immediately after exec.
      
         - Clean up a missed SRR specifier in the recent interrupt rework.
      
         - Don't treat unrecoverable_exception() as an interrupt handler, it's
           called from other handlers so shouldn't do the interrupt entry/exit
           accounting itself.
      
         - Fix build errors caused by missing declarations for
           [en/dis]able_kernel_vsx().
      
        Thanks to Christophe Leroy, Daniel Axtens, Geert Uytterhoeven, Jiri
        Olsa, Naveen N. Rao, and Nicholas Piggin"
      
      * tag 'powerpc-5.12-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/traps: unrecoverable_exception() is not an interrupt handler
        powerpc: Fix missing declaration of [en/dis]able_kernel_vsx()
        powerpc/64s/exception: Clean up a missed SRR specifier
        powerpc: Fix inverted SET_FULL_REGS bitop
        powerpc/64s: Use symbolic macros for function entry encoding
        powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
      c3c7579f
    • L
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 9d0c8e79
      Linus Torvalds 提交于
      Pull KVM fixes from Paolo Bonzini:
       "More fixes for ARM and x86"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: LAPIC: Advancing the timer expiration on guest initiated write
        KVM: x86/mmu: Skip !MMU-present SPTEs when removing SP in exclusive mode
        KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged
        kvm: x86: annotate RCU pointers
        KVM: arm64: Fix exclusive limit for IPA size
        KVM: arm64: Reject VM creation when the default IPA size is unsupported
        KVM: arm64: Ensure I-cache isolation between vcpus of a same VM
        KVM: arm64: Don't use cbz/adr with external symbols
        KVM: arm64: Fix range alignment when walking page tables
        KVM: arm64: Workaround firmware wrongly advertising GICv2-on-v3 compatibility
        KVM: arm64: Rename __vgic_v3_get_ich_vtr_el2() to __vgic_v3_get_gic_config()
        KVM: arm64: Don't access PMSELR_EL0/PMUSERENR_EL0 when no PMU is available
        KVM: arm64: Turn kvm_arm_support_pmu_v3() into a static key
        KVM: arm64: Fix nVHE hyp panic host context restore
        KVM: arm64: Avoid corrupting vCPU context register in guest exit
        KVM: arm64: nvhe: Save the SPE context early
        kvm: x86: use NULL instead of using plain integer as pointer
        KVM: SVM: Connect 'npt' module param to KVM's internal 'npt_enabled'
        KVM: x86: Ensure deadline timer has truly expired before posting its IRQ
      9d0c8e79
    • L
      Merge branch 'akpm' (patches from Andrew) · 50eb842f
      Linus Torvalds 提交于
      Merge misc fixes from Andrew Morton:
       "28 patches.
      
        Subsystems affected by this series: mm (memblock, pagealloc, hugetlb,
        highmem, kfence, oom-kill, madvise, kasan, userfaultfd, memcg, and
        zram), core-kernel, kconfig, fork, binfmt, MAINTAINERS, kbuild, and
        ia64"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (28 commits)
        zram: fix broken page writeback
        zram: fix return value on writeback_store
        mm/memcg: set memcg when splitting page
        mm/memcg: rename mem_cgroup_split_huge_fixup to split_page_memcg and add nr_pages argument
        ia64: fix ptrace(PTRACE_SYSCALL_INFO_EXIT) sign
        ia64: fix ia64_syscall_get_set_arguments() for break-based syscalls
        mm/userfaultfd: fix memory corruption due to writeprotect
        kasan: fix KASAN_STACK dependency for HW_TAGS
        kasan, mm: fix crash with HW_TAGS and DEBUG_PAGEALLOC
        mm/madvise: replace ptrace attach requirement for process_madvise
        include/linux/sched/mm.h: use rcu_dereference in in_vfork()
        kfence: fix reports if constant function prefixes exist
        kfence, slab: fix cache_alloc_debugcheck_after() for bulk allocations
        kfence: fix printk format for ptrdiff_t
        linux/compiler-clang.h: define HAVE_BUILTIN_BSWAP*
        MAINTAINERS: exclude uapi directories in API/ABI section
        binfmt_misc: fix possible deadlock in bm_register_write
        mm/highmem.c: fix zero_user_segments() with start > end
        hugetlb: do early cow when page pinned on src mm
        mm: use is_cow_mapping() across tree where proper
        ...
      50eb842f
  9. 14 3月, 2021 14 次提交
    • T
      Merge tag 'irqchip-fixes-5.12-1' of... · b470ebc9
      Thomas Gleixner 提交于
      Merge tag 'irqchip-fixes-5.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/urgent
      
      Pull irqchip fixes from Marc Zyngier:
      
        - More compatible strings for the Ingenic irqchip (introducing the
          JZ4760B SoC)
        - Select GENERIC_IRQ_MULTI_HANDLER on the ARM ep93xx platform
        - Drop all GENERIC_IRQ_MULTI_HANDLER selections from the irqchip
          Kconfig, now relying on the architecture to get it right
        - Drop the debugfs_file field from struct irq_domain, now that
          debugfs can track things on its own
      b470ebc9
    • L
      Merge tag 'char-misc-5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 88fe4924
      Linus Torvalds 提交于
      Pull char/misc driver fixes from Greg KH:
       "Here are some small misc/char driver fixes to resolve some reported
        problems:
      
         - habanalabs driver fixes
      
         - Acrn build fixes (reported many times)
      
         - pvpanic module table export fix
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'char-misc-5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        misc/pvpanic: Export module FDT device table
        misc: fastrpc: restrict user apps from sending kernel RPC messages
        virt: acrn: Correct type casting of argument of copy_from_user()
        virt: acrn: Use EPOLLIN instead of POLLIN
        virt: acrn: Use vfs_poll() instead of f_op->poll()
        virt: acrn: Make remove_cpu sysfs invisible with !CONFIG_HOTPLUG_CPU
        cpu/hotplug: Fix build error of using {add,remove}_cpu() with !CONFIG_SMP
        habanalabs: fix debugfs address translation
        habanalabs: Disable file operations after device is removed
        habanalabs: Call put_pid() when releasing control device
        drivers: habanalabs: remove unused dentry pointer for debugfs files
        habanalabs: mark hl_eq_inc_ptr() as static
      88fe4924
    • L
      Merge tag 'staging-5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · be61af33
      Linus Torvalds 提交于
      Pull staging driver fixes from Greg KH:
       "Here are some small staging driver fixes for reported problems. They
        include:
      
         - wfx header file cleanup patch reverted as it could cause problems
      
         - comedi driver endian fixes
      
         - buffer overflow problems for staging wifi drivers
      
         - build dependency issue for rtl8192e driver
      
        All have been in linux-next for a while with no reported problems"
      
      * tag 'staging-5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (23 commits)
        Revert "staging: wfx: remove unused included header files"
        staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
        staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data()
        staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
        staging: comedi: pcl726: Use 16-bit 0 for interrupt data
        staging: comedi: ni_65xx: Use 16-bit 0 for interrupt data
        staging: comedi: ni_6527: Use 16-bit 0 for interrupt data
        staging: comedi: comedi_parport: Use 16-bit 0 for interrupt data
        staging: comedi: amplc_pc236_common: Use 16-bit 0 for interrupt data
        staging: comedi: pcl818: Fix endian problem for AI command data
        staging: comedi: pcl711: Fix endian problem for AI command data
        staging: comedi: me4000: Fix endian problem for AI command data
        staging: comedi: dmm32at: Fix endian problem for AI command data
        staging: comedi: das800: Fix endian problem for AI command data
        staging: comedi: das6402: Fix endian problem for AI command data
        staging: comedi: adv_pci1710: Fix endian problem for AI command data
        staging: comedi: addi_apci_1500: Fix endian problem for command sample
        staging: comedi: addi_apci_1032: Fix endian problem for COS sample
        staging: ks7010: prevent buffer overflow in ks_wlan_set_scan()
        staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
        ...
      be61af33
    • L
      Merge tag 'tty-5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · cc14086f
      Linus Torvalds 提交于
      Pull tty/serial fixes from Greg KH:
       "Here are some small tty and serial driver fixes to resolve some
        reported problems:
      
         - led tty trigger fixes based on review and were acked by the led
           maintainer
      
         - revert a max310x serial driver patch as it was causing problems
      
         - revert a pty change as it was also causing problems
      
        All of these have been in linux-next for a while with no reported
        problems"
      
      * tag 'tty-5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        Revert "drivers:tty:pty: Fix a race causing data loss on close"
        Revert "serial: max310x: rework RX interrupt handling"
        leds: trigger/tty: Use led_set_brightness_sync() from workqueue
        leds: trigger: Fix error path to not unlock the unlocked mutex
      cc14086f
    • L
      Merge tag 'usb-5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 5c7bdbf8
      Linus Torvalds 提交于
      Pull USB fixes from Greg KH:
       "Here are a small number of USB fixes for 5.12-rc3 to resolve a bunch
        of reported issues:
      
         - usbip fixups for issues found by syzbot
      
         - xhci driver fixes and quirk additions
      
         - gadget driver fixes
      
         - dwc3 QCOM driver fix
      
         - usb-serial new ids and fixes
      
         - usblp fix for a long-time issue
      
         - cdc-acm quirk addition
      
         - other tiny fixes for reported problems
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'usb-5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (25 commits)
        xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state
        usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing
        xhci: Improve detection of device initiated wake signal.
        usb: xhci: do not perform Soft Retry for some xHCI hosts
        usbip: fix vudc usbip_sockfd_store races leading to gpf
        usbip: fix vhci_hcd attach_store() races leading to gpf
        usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
        usbip: fix vudc to check for stream socket
        usbip: fix vhci_hcd to check for stream socket
        usbip: fix stub_dev to check for stream socket
        usb: dwc3: qcom: Add missing DWC3 OF node refcount decrement
        USB: usblp: fix a hang in poll() if disconnected
        USB: gadget: udc: s3c2410_udc: fix return value check in s3c2410_udc_probe()
        usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
        usb: dwc3: qcom: Honor wakeup enabled/disabled state
        usb: gadget: f_uac1: stop playback on function disable
        usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot
        USB: gadget: u_ether: Fix a configfs return code
        usb: dwc3: qcom: add ACPI device id for sc8180x
        Goodix Fingerprint device is not a modem
        ...
      5c7bdbf8
    • L
      Merge tag 'erofs-for-5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs · 42062343
      Linus Torvalds 提交于
      Pull erofs fix from Gao Xiang:
       "Fix an urgent regression introduced by commit baa2c7c9 ("block:
        set .bi_max_vecs as actual allocated vector number"), which could
        cause unexpected hung since linux 5.12-rc1.
      
        Resolve it by avoiding using bio->bi_max_vecs completely"
      
      * tag 'erofs-for-5.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs:
        erofs: fix bio->bi_max_vecs behavior change
      42062343
    • L
      Merge tag 'kbuild-fixes-v5.12-2' of... · e83bad7f
      Linus Torvalds 提交于
      Merge tag 'kbuild-fixes-v5.12-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - avoid 'make image_name' invoking syncconfig
      
       - fix a couple of bugs in scripts/dummy-tools
      
       - fix LLD_VENDOR and locale issues in scripts/ld-version.sh
      
       - rebuild GCC plugins when the compiler is upgraded
      
       - allow LTO to be enabled with KASAN_HW_TAGS
      
       - allow LTO to be enabled without LLVM=1
      
      * tag 'kbuild-fixes-v5.12-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        kbuild: fix ld-version.sh to not be affected by locale
        kbuild: remove meaningless parameter to $(call if_changed_rule,dtc)
        kbuild: remove LLVM=1 test from HAS_LTO_CLANG
        kbuild: remove unneeded -O option to dtc
        kbuild: dummy-tools: adjust to scripts/cc-version.sh
        kbuild: Allow LTO to be selected with KASAN_HW_TAGS
        kbuild: dummy-tools: support MPROFILE_KERNEL checks for ppc
        kbuild: rebuild GCC plugins when the compiler is upgraded
        kbuild: Fix ld-version.sh script if LLD was built with LLD_VENDOR
        kbuild: dummy-tools: fix inverted tests for gcc
        kbuild: add image_name to no-sync-config-targets
      e83bad7f
    • M
      zram: fix broken page writeback · 2766f182
      Minchan Kim 提交于
      commit 0d835962 ("zram: support page writeback") introduced two
      problems.  It overwrites writeback_store's return value as kstrtol's
      return value, which makes return value zero so user could see zero as
      return value of write syscall even though it wrote data successfully.
      
      It also breaks index value in the loop in that it doesn't increase the
      index any longer.  It means it can write only first starting block index
      so user couldn't write all idle pages in the zram so lose memory saving
      chance.
      
      This patch fixes those issues.
      
      Link: https://lkml.kernel.org/r/20210312173949.2197662-2-minchan@kernel.org
      Fixes: 0d835962("zram: support page writeback")
      Signed-off-by: NMinchan Kim <minchan@kernel.org>
      Reported-by: NAmos Bianchi <amosbianchi@google.com>
      Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
      Cc: John Dias <joaodias@google.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      2766f182
    • M
      zram: fix return value on writeback_store · 57e0076e
      Minchan Kim 提交于
      writeback_store's return value is overwritten by submit_bio_wait's return
      value.  Thus, writeback_store will return zero since there was no IO
      error.  In the end, write syscall from userspace will see the zero as
      return value, which could make the process stall to keep trying the write
      until it will succeed.
      
      Link: https://lkml.kernel.org/r/20210312173949.2197662-1-minchan@kernel.org
      Fixes: 3b82a051("drivers/block/zram/zram_drv.c: fix error return codes not being returned in writeback_store")
      Signed-off-by: NMinchan Kim <minchan@kernel.org>
      Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
      Cc: Colin Ian King <colin.king@canonical.com>
      Cc: John Dias <joaodias@google.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      57e0076e
    • Z
      mm/memcg: set memcg when splitting page · e1baddf8
      Zhou Guanghui 提交于
      As described in the split_page() comment, for the non-compound high order
      page, the sub-pages must be freed individually.  If the memcg of the first
      page is valid, the tail pages cannot be uncharged when be freed.
      
      For example, when alloc_pages_exact is used to allocate 1MB continuous
      physical memory, 2MB is charged(kmemcg is enabled and __GFP_ACCOUNT is
      set).  When make_alloc_exact free the unused 1MB and free_pages_exact free
      the applied 1MB, actually, only 4KB(one page) is uncharged.
      
      Therefore, the memcg of the tail page needs to be set when splitting a
      page.
      
      Michel:
      
      There are at least two explicit users of __GFP_ACCOUNT with
      alloc_exact_pages added recently.  See 7efe8ef2 ("KVM: arm64:
      Allocate stage-2 pgd pages with GFP_KERNEL_ACCOUNT") and c4196218
      ("KVM: s390: Add memcg accounting to KVM allocations"), so this is not
      just a theoretical issue.
      
      Link: https://lkml.kernel.org/r/20210304074053.65527-3-zhouguanghui1@huawei.comSigned-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
      Acked-by: NJohannes Weiner <hannes@cmpxchg.org>
      Reviewed-by: NZi Yan <ziy@nvidia.com>
      Reviewed-by: NShakeel Butt <shakeelb@google.com>
      Acked-by: NMichal Hocko <mhocko@suse.com>
      Cc: Hanjun Guo <guohanjun@huawei.com>
      Cc: Hugh Dickins <hughd@google.com>
      Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
      Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
      Cc: Nicholas Piggin <npiggin@gmail.com>
      Cc: Rui Xiang <rui.xiang@huawei.com>
      Cc: Tianhong Ding <dingtianhong@huawei.com>
      Cc: Weilong Chen <chenweilong@huawei.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      e1baddf8
    • Z
      mm/memcg: rename mem_cgroup_split_huge_fixup to split_page_memcg and add nr_pages argument · be6c8982
      Zhou Guanghui 提交于
      Rename mem_cgroup_split_huge_fixup to split_page_memcg and explicitly pass
      in page number argument.
      
      In this way, the interface name is more common and can be used by
      potential users.  In addition, the complete info(memcg and flag) of the
      memcg needs to be set to the tail pages.
      
      Link: https://lkml.kernel.org/r/20210304074053.65527-2-zhouguanghui1@huawei.comSigned-off-by: NZhou Guanghui <zhouguanghui1@huawei.com>
      Acked-by: NJohannes Weiner <hannes@cmpxchg.org>
      Reviewed-by: NZi Yan <ziy@nvidia.com>
      Reviewed-by: NShakeel Butt <shakeelb@google.com>
      Acked-by: NMichal Hocko <mhocko@suse.com>
      Cc: Hugh Dickins <hughd@google.com>
      Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
      Cc: Nicholas Piggin <npiggin@gmail.com>
      Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
      Cc: Hanjun Guo <guohanjun@huawei.com>
      Cc: Tianhong Ding <dingtianhong@huawei.com>
      Cc: Weilong Chen <chenweilong@huawei.com>
      Cc: Rui Xiang <rui.xiang@huawei.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      be6c8982
    • S
      ia64: fix ptrace(PTRACE_SYSCALL_INFO_EXIT) sign · 61bf318e
      Sergei Trofimovich 提交于
      In https://bugs.gentoo.org/769614 Dmitry noticed that
      `ptrace(PTRACE_GET_SYSCALL_INFO)` does not return error sign properly.
      
      The bug is in mismatch between get/set errors:
      
      static inline long syscall_get_error(struct task_struct *task,
                                           struct pt_regs *regs)
      {
              return regs->r10 == -1 ? regs->r8:0;
      }
      
      static inline long syscall_get_return_value(struct task_struct *task,
                                                  struct pt_regs *regs)
      {
              return regs->r8;
      }
      
      static inline void syscall_set_return_value(struct task_struct *task,
                                                  struct pt_regs *regs,
                                                  int error, long val)
      {
              if (error) {
                      /* error < 0, but ia64 uses > 0 return value */
                      regs->r8 = -error;
                      regs->r10 = -1;
              } else {
                      regs->r8 = val;
                      regs->r10 = 0;
              }
      }
      
      Tested on v5.10 on rx3600 machine (ia64 9040 CPU).
      
      Link: https://lkml.kernel.org/r/20210221002554.333076-2-slyfox@gentoo.org
      Link: https://bugs.gentoo.org/769614Signed-off-by: NSergei Trofimovich <slyfox@gentoo.org>
      Reported-by: NDmitry V. Levin <ldv@altlinux.org>
      Reviewed-by: NDmitry V. Levin <ldv@altlinux.org>
      Cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      61bf318e
    • S
      ia64: fix ia64_syscall_get_set_arguments() for break-based syscalls · 0ceb1ace
      Sergei Trofimovich 提交于
      In https://bugs.gentoo.org/769614 Dmitry noticed that
      `ptrace(PTRACE_GET_SYSCALL_INFO)` does not work for syscalls called via
      glibc's syscall() wrapper.
      
      ia64 has two ways to call syscalls from userspace: via `break` and via
      `eps` instructions.
      
      The difference is in stack layout:
      
      1. `eps` creates simple stack frame: no locals, in{0..7} == out{0..8}
      2. `break` uses userspace stack frame: may be locals (glibc provides
         one), in{0..7} == out{0..8}.
      
      Both work fine in syscall handling cde itself.
      
      But `ptrace(PTRACE_GET_SYSCALL_INFO)` uses unwind mechanism to
      re-extract syscall arguments but it does not account for locals.
      
      The change always skips locals registers. It should not change `eps`
      path as kernel's handler already enforces locals=0 and fixes `break`.
      
      Tested on v5.10 on rx3600 machine (ia64 9040 CPU).
      
      Link: https://lkml.kernel.org/r/20210221002554.333076-1-slyfox@gentoo.org
      Link: https://bugs.gentoo.org/769614Signed-off-by: NSergei Trofimovich <slyfox@gentoo.org>
      Reported-by: NDmitry V. Levin <ldv@altlinux.org>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      0ceb1ace
    • N
      mm/userfaultfd: fix memory corruption due to writeprotect · 6ce64428
      Nadav Amit 提交于
      Userfaultfd self-test fails occasionally, indicating a memory corruption.
      
      Analyzing this problem indicates that there is a real bug since mmap_lock
      is only taken for read in mwriteprotect_range() and defers flushes, and
      since there is insufficient consideration of concurrent deferred TLB
      flushes in wp_page_copy().  Although the PTE is flushed from the TLBs in
      wp_page_copy(), this flush takes place after the copy has already been
      performed, and therefore changes of the page are possible between the time
      of the copy and the time in which the PTE is flushed.
      
      To make matters worse, memory-unprotection using userfaultfd also poses a
      problem.  Although memory unprotection is logically a promotion of PTE
      permissions, and therefore should not require a TLB flush, the current
      userrfaultfd code might actually cause a demotion of the architectural PTE
      permission: when userfaultfd_writeprotect() unprotects memory region, it
      unintentionally *clears* the RW-bit if it was already set.  Note that this
      unprotecting a PTE that is not write-protected is a valid use-case: the
      userfaultfd monitor might ask to unprotect a region that holds both
      write-protected and write-unprotected PTEs.
      
      The scenario that happens in selftests/vm/userfaultfd is as follows:
      
      cpu0				cpu1			cpu2
      ----				----			----
      							[ Writable PTE
      							  cached in TLB ]
      userfaultfd_writeprotect()
      [ write-*unprotect* ]
      mwriteprotect_range()
      mmap_read_lock()
      change_protection()
      
      change_protection_range()
      ...
      change_pte_range()
      [ *clear* “write”-bit ]
      [ defer TLB flushes ]
      				[ page-fault ]
      				...
      				wp_page_copy()
      				 cow_user_page()
      				  [ copy page ]
      							[ write to old
      							  page ]
      				...
      				 set_pte_at_notify()
      
      A similar scenario can happen:
      
      cpu0		cpu1		cpu2		cpu3
      ----		----		----		----
      						[ Writable PTE
      				  		  cached in TLB ]
      userfaultfd_writeprotect()
      [ write-protect ]
      [ deferred TLB flush ]
      		userfaultfd_writeprotect()
      		[ write-unprotect ]
      		[ deferred TLB flush]
      				[ page-fault ]
      				wp_page_copy()
      				 cow_user_page()
      				 [ copy page ]
      				 ...		[ write to page ]
      				set_pte_at_notify()
      
      This race exists since commit 292924b2 ("userfaultfd: wp: apply
      _PAGE_UFFD_WP bit").  Yet, as Yu Zhao pointed, these races became apparent
      since commit 09854ba9 ("mm: do_wp_page() simplification") which made
      wp_page_copy() more likely to take place, specifically if page_count(page)
      > 1.
      
      To resolve the aforementioned races, check whether there are pending
      flushes on uffd-write-protected VMAs, and if there are, perform a flush
      before doing the COW.
      
      Further optimizations will follow to avoid during uffd-write-unprotect
      unnecassary PTE write-protection and TLB flushes.
      
      Link: https://lkml.kernel.org/r/20210304095423.3825684-1-namit@vmware.com
      Fixes: 09854ba9 ("mm: do_wp_page() simplification")
      Signed-off-by: NNadav Amit <namit@vmware.com>
      Suggested-by: NYu Zhao <yuzhao@google.com>
      Reviewed-by: NPeter Xu <peterx@redhat.com>
      Tested-by: NPeter Xu <peterx@redhat.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Pavel Emelyanov <xemul@openvz.org>
      Cc: Mike Kravetz <mike.kravetz@oracle.com>
      Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
      Cc: Minchan Kim <minchan@kernel.org>
      Cc: Will Deacon <will@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: <stable@vger.kernel.org>	[5.9+]
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      6ce64428