1. 29 6月, 2018 6 次提交
    • J
      kasan: depend on CONFIG_SLUB_DEBUG · dd275caf
      Jason A. Donenfeld 提交于
      KASAN depends on having access to some of the accounting that SLUB_DEBUG
      does; without it, there are immediate crashes [1].  So, the natural
      thing to do is to make KASAN select SLUB_DEBUG.
      
      [1] http://lkml.kernel.org/r/CAHmME9rtoPwxUSnktxzKso14iuVCWT7BE_-_8PAC=pGw1iJnQg@mail.gmail.com
      
      Link: http://lkml.kernel.org/r/20180622154623.25388-1-Jason@zx2c4.com
      Fixes: f9e13c0a ("slab, slub: skip unnecessary kasan_cache_shutdown()")
      Signed-off-by: NJason A. Donenfeld <Jason@zx2c4.com>
      Acked-by: NMichal Hocko <mhocko@suse.com>
      Reviewed-by: NShakeel Butt <shakeelb@google.com>
      Acked-by: NChristoph Lameter <cl@linux.com>
      Cc: Shakeel Butt <shakeelb@google.com>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      dd275caf
    • S
      include/linux/dax.h: dax_iomap_fault() returns vm_fault_t · f77bc3a8
      Souptick Joarder 提交于
      Commit 1c8f4220 ("mm: change return type to vm_fault_t") missed a
      conversion.  It's not a big problem at present because mainline is still
      using
      
      	typedef int vm_fault_t;
      
      Fixes: 1c8f4220 ("mm: change return type to vm_fault_t")
      Link: http://lkml.kernel.org/r/20180620172046.GA27894@jordon-HP-15-Notebook-PCSigned-off-by: NSouptick Joarder <jrdr.linux@gmail.com>
      Reviewed-by: NAndrew Morton <akpm@linux-foundation.org>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Dan Williams <dan.j.williams@intel.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f77bc3a8
    • N
      x86/e820: put !E820_TYPE_RAM regions into memblock.reserved · 124049de
      Naoya Horiguchi 提交于
      There is a kernel panic that is triggered when reading /proc/kpageflags
      on the kernel booted with kernel parameter 'memmap=nn[KMG]!ss[KMG]':
      
        BUG: unable to handle kernel paging request at fffffffffffffffe
        PGD 9b20e067 P4D 9b20e067 PUD 9b210067 PMD 0
        Oops: 0000 [#1] SMP PTI
        CPU: 2 PID: 1728 Comm: page-types Not tainted 4.17.0-rc6-mm1-v4.17-rc6-180605-0816-00236-g2dfb086ef02c+ #160
        Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.fc28 04/01/2014
        RIP: 0010:stable_page_flags+0x27/0x3c0
        Code: 00 00 00 0f 1f 44 00 00 48 85 ff 0f 84 a0 03 00 00 41 54 55 49 89 fc 53 48 8b 57 08 48 8b 2f 48 8d 42 ff 83 e2 01 48 0f 44 c7 <48> 8b 00 f6 c4 01 0f 84 10 03 00 00 31 db 49 8b 54 24 08 4c 89 e7
        RSP: 0018:ffffbbd44111fde0 EFLAGS: 00010202
        RAX: fffffffffffffffe RBX: 00007fffffffeff9 RCX: 0000000000000000
        RDX: 0000000000000001 RSI: 0000000000000202 RDI: ffffed1182fff5c0
        RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000000000000001
        R10: ffffbbd44111fed8 R11: 0000000000000000 R12: ffffed1182fff5c0
        R13: 00000000000bffd7 R14: 0000000002fff5c0 R15: ffffbbd44111ff10
        FS:  00007efc4335a500(0000) GS:ffff93a5bfc00000(0000) knlGS:0000000000000000
        CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        CR2: fffffffffffffffe CR3: 00000000b2a58000 CR4: 00000000001406e0
        Call Trace:
         kpageflags_read+0xc7/0x120
         proc_reg_read+0x3c/0x60
         __vfs_read+0x36/0x170
         vfs_read+0x89/0x130
         ksys_pread64+0x71/0x90
         do_syscall_64+0x5b/0x160
         entry_SYSCALL_64_after_hwframe+0x44/0xa9
        RIP: 0033:0x7efc42e75e23
        Code: 09 00 ba 9f 01 00 00 e8 ab 81 f4 ff 66 2e 0f 1f 84 00 00 00 00 00 90 83 3d 29 0a 2d 00 00 75 13 49 89 ca b8 11 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 db d3 01 00 48 89 04 24
      
      According to kernel bisection, this problem became visible due to commit
      f7f99100 ("mm: stop zeroing memory during allocation in vmemmap")
      which changes how struct pages are initialized.
      
      Memblock layout affects the pfn ranges covered by node/zone.  Consider
      that we have a VM with 2 NUMA nodes and each node has 4GB memory, and
      the default (no memmap= given) memblock layout is like below:
      
        MEMBLOCK configuration:
         memory size = 0x00000001fff75c00 reserved size = 0x000000000300c000
         memory.cnt  = 0x4
         memory[0x0]     [0x0000000000001000-0x000000000009efff], 0x000000000009e000 bytes on node 0 flags: 0x0
         memory[0x1]     [0x0000000000100000-0x00000000bffd6fff], 0x00000000bfed7000 bytes on node 0 flags: 0x0
         memory[0x2]     [0x0000000100000000-0x000000013fffffff], 0x0000000040000000 bytes on node 0 flags: 0x0
         memory[0x3]     [0x0000000140000000-0x000000023fffffff], 0x0000000100000000 bytes on node 1 flags: 0x0
         ...
      
      If you give memmap=1G!4G (so it just covers memory[0x2]),
      the range [0x100000000-0x13fffffff] is gone:
      
        MEMBLOCK configuration:
         memory size = 0x00000001bff75c00 reserved size = 0x000000000300c000
         memory.cnt  = 0x3
         memory[0x0]     [0x0000000000001000-0x000000000009efff], 0x000000000009e000 bytes on node 0 flags: 0x0
         memory[0x1]     [0x0000000000100000-0x00000000bffd6fff], 0x00000000bfed7000 bytes on node 0 flags: 0x0
         memory[0x2]     [0x0000000140000000-0x000000023fffffff], 0x0000000100000000 bytes on node 1 flags: 0x0
         ...
      
      This causes shrinking node 0's pfn range because it is calculated by the
      address range of memblock.memory.  So some of struct pages in the gap
      range are left uninitialized.
      
      We have a function zero_resv_unavail() which does zeroing the struct pages
      within the reserved unavailable range (i.e.  memblock.memory &&
      !memblock.reserved).  This patch utilizes it to cover all unavailable
      ranges by putting them into memblock.reserved.
      
      Link: http://lkml.kernel.org/r/20180615072947.GB23273@hori1.linux.bs1.fc.nec.co.jp
      Fixes: f7f99100 ("mm: stop zeroing memory during allocation in vmemmap")
      Signed-off-by: NNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Tested-by: NOscar Salvador <osalvador@suse.de>
      Tested-by: N"Herton R. Krzesinski" <herton@redhat.com>
      Acked-by: NMichal Hocko <mhocko@suse.com>
      Reviewed-by: NPavel Tatashin <pasha.tatashin@oracle.com>
      Cc: Steven Sistare <steven.sistare@oracle.com>
      Cc: Daniel Jordan <daniel.m.jordan@oracle.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      124049de
    • M
      slub: fix failure when we delete and create a slab cache · d50d82fa
      Mikulas Patocka 提交于
      In kernel 4.17 I removed some code from dm-bufio that did slab cache
      merging (commit 21bb1327: "dm bufio: remove code that merges slab
      caches") - both slab and slub support merging caches with identical
      attributes, so dm-bufio now just calls kmem_cache_create and relies on
      implicit merging.
      
      This uncovered a bug in the slub subsystem - if we delete a cache and
      immediatelly create another cache with the same attributes, it fails
      because of duplicate filename in /sys/kernel/slab/.  The slub subsystem
      offloads freeing the cache to a workqueue - and if we create the new
      cache before the workqueue runs, it complains because of duplicate
      filename in sysfs.
      
      This patch fixes the bug by moving the call of kobject_del from
      sysfs_slab_remove_workfn to shutdown_cache.  kobject_del must be called
      while we hold slab_mutex - so that the sysfs entry is deleted before a
      cache with the same attributes could be created.
      
      Running device-mapper-test-suite with:
      
        dmtest run --suite thin-provisioning -n /commit_failure_causes_fallback/
      
      triggered:
      
        Buffer I/O error on dev dm-0, logical block 1572848, async page read
        device-mapper: thin: 253:1: metadata operation 'dm_pool_alloc_data_block' failed: error = -5
        device-mapper: thin: 253:1: aborting current metadata transaction
        sysfs: cannot create duplicate filename '/kernel/slab/:a-0000144'
        CPU: 2 PID: 1037 Comm: kworker/u48:1 Not tainted 4.17.0.snitm+ #25
        Hardware name: Supermicro SYS-1029P-WTR/X11DDW-L, BIOS 2.0a 12/06/2017
        Workqueue: dm-thin do_worker [dm_thin_pool]
        Call Trace:
         dump_stack+0x5a/0x73
         sysfs_warn_dup+0x58/0x70
         sysfs_create_dir_ns+0x77/0x80
         kobject_add_internal+0xba/0x2e0
         kobject_init_and_add+0x70/0xb0
         sysfs_slab_add+0xb1/0x250
         __kmem_cache_create+0x116/0x150
         create_cache+0xd9/0x1f0
         kmem_cache_create_usercopy+0x1c1/0x250
         kmem_cache_create+0x18/0x20
         dm_bufio_client_create+0x1ae/0x410 [dm_bufio]
         dm_block_manager_create+0x5e/0x90 [dm_persistent_data]
         __create_persistent_data_objects+0x38/0x940 [dm_thin_pool]
         dm_pool_abort_metadata+0x64/0x90 [dm_thin_pool]
         metadata_operation_failed+0x59/0x100 [dm_thin_pool]
         alloc_data_block.isra.53+0x86/0x180 [dm_thin_pool]
         process_cell+0x2a3/0x550 [dm_thin_pool]
         do_worker+0x28d/0x8f0 [dm_thin_pool]
         process_one_work+0x171/0x370
         worker_thread+0x49/0x3f0
         kthread+0xf8/0x130
         ret_from_fork+0x35/0x40
        kobject_add_internal failed for :a-0000144 with -EEXIST, don't try to register things with the same name in the same directory.
        kmem_cache_create(dm_bufio_buffer-16) failed with error -17
      
      Link: http://lkml.kernel.org/r/alpine.LRH.2.02.1806151817130.6333@file01.intranet.prod.int.rdu2.redhat.comSigned-off-by: NMikulas Patocka <mpatocka@redhat.com>
      Reported-by: NMike Snitzer <snitzer@redhat.com>
      Tested-by: NMike Snitzer <snitzer@redhat.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      d50d82fa
    • S
      Revert mm/vmstat.c: fix vmstat_update() preemption BUG · 28557cc1
      Sebastian Andrzej Siewior 提交于
      Revert commit c7f26ccf ("mm/vmstat.c: fix vmstat_update() preemption
      BUG").  Steven saw a "using smp_processor_id() in preemptible" message
      and added a preempt_disable() section around it to keep it quiet.  This
      is not the right thing to do it does not fix the real problem.
      
      vmstat_update() is invoked by a kworker on a specific CPU.  This worker
      it bound to this CPU.  The name of the worker was "kworker/1:1" so it
      should have been a worker which was bound to CPU1.  A worker which can
      run on any CPU would have a `u' before the first digit.
      
      smp_processor_id() can be used in a preempt-enabled region as long as
      the task is bound to a single CPU which is the case here.  If it could
      run on an arbitrary CPU then this is the problem we have an should seek
      to resolve.
      
      Not only this smp_processor_id() must not be migrated to another CPU but
      also refresh_cpu_vm_stats() which might access wrong per-CPU variables.
      Not to mention that other code relies on the fact that such a worker
      runs on one specific CPU only.
      
      Therefore revert that commit and we should look instead what broke the
      affinity mask of the kworker.
      
      Link: http://lkml.kernel.org/r/20180504104451.20278-1-bigeasy@linutronix.deSigned-off-by: NSebastian Andrzej Siewior <bigeasy@linutronix.de>
      Cc: Steven J. Hill <steven.hill@cavium.com>
      Cc: Tejun Heo <htejun@gmail.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      28557cc1
    • S
      lib/percpu_ida.c: don't do alloc from per-CPU list if there is none · 4bb6e96a
      Sebastian Andrzej Siewior 提交于
      In commit 804209d8 ("lib/percpu_ida.c: use _irqsave() instead of
      local_irq_save() + spin_lock") I inlined alloc_local_tag() and mixed up
      the >= check from percpu_ida_alloc() with the one in alloc_local_tag().
      
      Don't alloc from per-CPU freelist if ->nr_free is zero.
      
      Link: http://lkml.kernel.org/r/20180613075830.c3zeva52fuj6fxxv@linutronix.de
      Fixes: 804209d8 ("lib/percpu_ida.c: use _irqsave() instead of local_irq_save() + spin_lock")
      Signed-off-by: NSebastian Andrzej Siewior <bigeasy@linutronix.de>
      Reported-by: NDavid Disseldorp <ddiss@suse.de>
      Tested-by: NDavid Disseldorp <ddiss@suse.de>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Nicholas Bellinger <nab@linux-iscsi.org>
      Cc: Shaohua Li <shli@fb.com>
      Cc: Kent Overstreet <kent.overstreet@gmail.com>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Jens Axboe <axboe@kernel.dk>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      4bb6e96a
  2. 28 6月, 2018 8 次提交
    • L
      Merge tag 'xfs-4.18-fixes-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · f5749432
      Linus Torvalds 提交于
      Pull xfs fixes from Darrick Wong:
       "Here are some patches for 4.18 to fix regressions, accounting
        problems, overflow problems, and to strengthen metadata validation to
        prevent corruption.
      
        This series has been run through a full xfstests run over the weekend
        and through a quick xfstests run against this morning's master, with
        no major failures reported.
      
        Changes since last update:
      
         - more metadata validation strengthening to prevent crashes.
      
         - fix extent offset overflow problem when insert_range on a 512b
           block fs
      
         - fix some off-by-one errors in the realtime fsmap code
      
         - fix some math errors in the default resblks calculation when free
           space is low
      
         - fix a problem where stale page contents are exposed via mmap read
           after a zero_range at eof
      
         - fix accounting problems with per-ag reservations causing statfs
           reports to vary incorrectly"
      
      * tag 'xfs-4.18-fixes-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: fix fdblocks accounting w/ RMAPBT per-AG reservation
        xfs: ensure post-EOF zeroing happens after zeroing part of a file
        xfs: fix off-by-one error in xfs_rtalloc_query_range
        xfs: fix uninitialized field in rtbitmap fsmap backend
        xfs: recheck reflink state after grabbing ILOCK_SHARED for a write
        xfs: don't allow insert-range to shift extents past the maximum offset
        xfs: don't trip over negative free space in xfs_reserve_blocks
        xfs: allow empty transactions while frozen
        xfs: xfs_iflush_abort() can be called twice on cluster writeback failure
        xfs: More robust inode extent count validation
        xfs: simplify xfs_bmap_punch_delalloc_range
      f5749432
    • T
      MAINTAINERS: Timur has a kernel.org address · 0e49740c
      Timur Tabi 提交于
      Timur Tabi no longer works for Qualcomm, and he now has a kernel.org
      email address, so update MAINTAINERS accordingly.
      Signed-off-by: NTimur Tabi <timur@kernel.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      0e49740c
    • L
      Merge tag 'mips_fixes_4.18_2' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux · 59ec39fe
      Linus Torvalds 提交于
      Pull MIPS build fix from Paul Burton:
       "A single build fix for 4.18:
      
        Adjust rseq_signal_deliver() & rseq_handle_notify_resume() calls to
        add the ksig argument introduced in v4.18-rc2, around the same time as
        the unadjusted MIPS rseq support"
      
      * tag 'mips_fixes_4.18_2' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
        MIPS: Add ksig argument to rseq_{signal_deliver,handle_notify_resume}
      59ec39fe
    • L
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · f8a78bdb
      Linus Torvalds 提交于
      Pull ARM SoC fixes from Olof Johansson:
       "A handful of fixes, nothing really concerning and most touching
        devicetree files for various platforms.
      
        I also regenerated the shared multiplatform defconfigs; they have
        drifted quite a bit due to Kconfig changes and reordering, and several
        platform maintainers tried doing the same which resulted in a lot of
        conflict pain -- this way we get everybody onto the same base for next
        merge window"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (31 commits)
        arm64: dts: uniphier: fix widget name of headphone for LD11/LD20 boards
        ARM: dts: Fix SPI node for Arria10
        arm64: dts: stratix10: Fix SPI nodes for Stratix10
        qcom: cmd-db: enforce CONFIG_OF_RESERVED_MEM dependency
        ARM: Always build secure_cntvoff.S on ARM V7 to fix shmobile !SMP build
        ARM: multi_v7_defconfig: renormalize based on recent additions
        arm64: defconfig: renormalize based on recent additions
        arm64: dts: msm8916: fix Coresight ETF graph connections
        arm64: dts: apq8096-db820c: disable uart0 by default
        ARM: dts: imx6sx: fix irq for pcie bridge
        arm64: dts: Stingray: Fix I2C controller interrupt type
        arm64: dts: ns2: Fix PCIe controller interrupt type
        arm64: dts: ns2: Fix I2C controller interrupt type
        arm64: dts: specify 1.8V EMMC capabilities for bcm958742t
        arm64: dts: specify 1.8V EMMC capabilities for bcm958742k
        ARM: dts: Cygnus: Fix PCIe controller interrupt type
        ARM: dts: Cygnus: Fix I2C controller interrupt type
        ARM: dts: BCM5301x: Fix i2c controller interrupt type
        ARM: dts: HR2: Fix interrupt types for i2c and PCIe
        ARM: dts: NSP: Fix PCIe controllers interrupt types
        ...
      f8a78bdb
    • L
      Merge tag 'microblaze-v4.18-rc3' of git://git.monstr.eu/linux-2.6-microblaze · 22c3b152
      Linus Torvalds 提交于
      Pull microblaze fixes from Michal Simek:
      
       - fix architecture gpio heart beat code
      
       - add new syscalls
      
       - remove unused xlnx,compound handling
      
       - remove platform.c
      
      * tag 'microblaze-v4.18-rc3' of git://git.monstr.eu/linux-2.6-microblaze:
        microblaze: consolidate GPIO reset handling
        microblaze: remove unecessary of_platform_bus_probe call
        microblaze: Add new syscalls io_pgetevents and rseq
        microblaze: Remove architecture heart beat code
        microblaze: heartbeat: fix missing prom.h include
      22c3b152
    • L
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · debd52a0
      Linus Torvalds 提交于
      Pull SCSI fixes from James Bottomley:
       "Three small bug fixes (barrier elimination, memory leak on unload,
        spinlock recursion) and a technical enhancement left over from the
        merge window: the TCMU read length support is required for tape
        devices read when the length of the read is greater than the tape
        block size"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: scsi_debug: Fix memory leak on module unload
        scsi: qla2xxx: Spinlock recursion in qla_target
        scsi: ipr: Eliminate duplicate barriers
        scsi: target: tcmu: add read length support
      debd52a0
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · c92067ae
      Linus Torvalds 提交于
      Pull input updates from Dmitry Torokhov:
      
       - the main change is a fix for my brain-dead patch to PS/2 button
         reporting for some protocols that made it in 4.17
      
       - there is a new driver for Spreadtum vibrator that I intended to send
         during merge window but ended up not sending the 2nd pull request.
         Given that this is a brand new driver we should not see regressions
         here
      
       - a fixup to Elantech PS/2 driver to avoid decoding errors on Thinkpad
         P52
      
       - addition of few more ACPI IDs for Silead and Elan drivers
      
       - RMI4 is switched to using IRQ domain code instead of rolling its own
         implementation
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: psmouse - fix button reporting for basic protocols
        Input: xpad - fix GPD Win 2 controller name
        Input: elan_i2c_smbus - fix more potential stack buffer overflows
        Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID
        Input: elantech - fix V4 report decoding for module with middle key
        Input: elantech - enable middle button of touchpads on ThinkPad P52
        Input: do not assign new tracking ID when changing tool type
        Input: make input_report_slot_state() return boolean
        Input: synaptics-rmi4 - fix axis-swap behavior
        Input: synaptics-rmi4 - fix the error return code in rmi_probe_interrupts()
        Input: synaptics-rmi4 - convert irq distribution to irq_domain
        Input: silead - add MSSL0002 ACPI HID
        Input: goldfish_events - fix checkpatch warnings
        Input: add Spreadtrum vibrator driver
      c92067ae
    • L
      Merge branch 'fixes-v4.18-rc3' of... · 896a3492
      Linus Torvalds 提交于
      Merge branch 'fixes-v4.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
      
      Pull more security subsystem fixes from James Morris:
       "Two further fixes for the keys subsystem"
      
      * 'fixes-v4.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        dh key: fix rounding up KDF output length
        certs/blacklist: fix const confusion
      896a3492
  3. 27 6月, 2018 8 次提交
  4. 26 6月, 2018 5 次提交
    • L
      Merge branch 'fixes-v4.18-rc2' of... · 81383502
      Linus Torvalds 提交于
      Merge branch 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
      
      Pull security subsystem fixes from James Morris:
      
       - Smack: fix a regression caused by 1bbc5513
      
       - X.509: fix a (usually un-seen) bug in RSA signature parsing
      
      * 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        X.509: unpack RSA signatureValue field from BIT STRING
        Smack: Mark inode instant in smack_task_to_inode
      81383502
    • L
      Merge tag 'for-4.18-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 84bfed40
      Linus Torvalds 提交于
      Pull btrfs fixes from David Sterba:
       "Two regression fixes and an incorrect error value propagation fix from
        'rename exchange'"
      
      * tag 'for-4.18-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        Btrfs: fix return value on rename exchange failure
        btrfs: fix invalid-free in btrfs_extent_same
        Btrfs: fix physical offset reported by fiemap for inline extents
      84bfed40
    • A
      qcom: cmd-db: enforce CONFIG_OF_RESERVED_MEM dependency · 0ea3fa15
      Arnd Bergmann 提交于
      Without CONFIG_OF_RESERVED_MEM, gcc sees that the global cmd_db_header
      variable is never initialized, and through code optimization concludes
      that a lot of other code cannot possibly work after that:
      
      drivers/soc/qcom/cmd-db.c: In function 'cmd_db_read_addr':
      drivers/soc/qcom/cmd-db.c:197:21: error: 'ent.addr' may be used uninitialized in this function [-Werror=maybe-uninitialized]
        return ret < 0 ? 0 : le32_to_cpu(ent.addr);
      drivers/soc/qcom/cmd-db.c: In function 'cmd_db_read_aux_data':
      drivers/soc/qcom/cmd-db.c:224:10: error: 'ent.len' may be used uninitialized in this function [-Werror=maybe-uninitialized]
        ent_len = le16_to_cpu(ent.len);
      drivers/soc/qcom/cmd-db.c:115:6: error: 'rsc_hdr.data_offset' may be used uninitialized in this function [-Werror=maybe-uninitialized]
        u16 offset = le16_to_cpu(hdr->data_offset);
            ^~~~~~
      drivers/soc/qcom/cmd-db.c:116:6: error: 'ent.offset' may be used uninitialized in this function [-Werror=maybe-uninitialized]
        u16 loffset = le16_to_cpu(ent->offset);
            ^~~~~~~
      drivers/soc/qcom/cmd-db.c: In function 'cmd_db_read_aux_data_len':
      drivers/soc/qcom/cmd-db.c:250:38: error: 'ent.len' may be used uninitialized in this function [-Werror=maybe-uninitialized]
        return ret < 0 ? 0 : le16_to_cpu(ent.len);
                                            ^
      drivers/soc/qcom/cmd-db.c: In function 'cmd_db_read_slave_id':
      drivers/soc/qcom/cmd-db.c:272:7: error: 'ent.addr' may be used uninitialized in this function [-Werror=maybe-uninitialized]
      
      Using a hard CONFIG_OF_RESERVED_MEM dependency avoids this warning,
      and we can remove the CONFIG_OF dependency.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Reviewed-by: NBjorn Andersson <bjorn.andersson@linaro.org>
      Signed-off-by: NAndy Gross <andy.gross@linaro.org>
      0ea3fa15
    • A
      Merge tag 'qcom-fixes-for-4.18-rc1' into linus · 9573ce74
      Andy Gross 提交于
      Qualcomm Fixes for v4.18-rc1
      
      * Fix coresight graph on msm8916
      * Disable uart0 on db820c by default
      9573ce74
    • M
      X.509: unpack RSA signatureValue field from BIT STRING · b65c32ec
      Maciej S. Szmigiero 提交于
      The signatureValue field of a X.509 certificate is encoded as a BIT STRING.
      For RSA signatures this BIT STRING is of so-called primitive subtype, which
      contains a u8 prefix indicating a count of unused bits in the encoding.
      
      We have to strip this prefix from signature data, just as we already do for
      key data in x509_extract_key_data() function.
      
      This wasn't noticed earlier because this prefix byte is zero for RSA key
      sizes divisible by 8. Since BIT STRING is a big-endian encoding adding zero
      prefixes has no bearing on its value.
      
      The signature length, however was incorrect, which is a problem for RSA
      implementations that need it to be exactly correct (like AMD CCP).
      Signed-off-by: NMaciej S. Szmigiero <mail@maciej.szmigiero.name>
      Fixes: c26fd69f ("X.509: Add a crypto key parser for binary (DER) X.509 certificates")
      Cc: stable@vger.kernel.org
      Signed-off-by: NJames Morris <james.morris@microsoft.com>
      b65c32ec
  5. 25 6月, 2018 10 次提交
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 6f0d349d
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Fix netpoll OOPS in r8169, from Ville Syrjälä.
      
       2) Fix bpf instruction alignment on powerpc et al., from Eric Dumazet.
      
       3) Don't ignore IFLA_MTU attribute when creating new ipvlan links. From
          Xin Long.
      
       4) Fix use after free in AF_PACKET, from Eric Dumazet.
      
       5) Mis-matched RTNL unlock in xen-netfront, from Ross Lagerwall.
      
       6) Fix VSOCK loopback on big-endian, from Claudio Imbrenda.
      
       7) Missing RX buffer offset correction when computing DMA addresses in
          mvneta driver, from Antoine Tenart.
      
       8) Fix crashes in DCCP's ccid3_hc_rx_send_feedback, from Eric Dumazet.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (34 commits)
        sfc: make function efx_rps_hash_bucket static
        strparser: Corrected typo in documentation.
        qmi_wwan: add support for the Dell Wireless 5821e module
        cxgb4: when disabling dcb set txq dcb priority to 0
        net_sched: remove a bogus warning in hfsc
        net: dccp: switch rx_tstamp_last_feedback to monotonic clock
        net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
        net: Remove depends on HAS_DMA in case of platform dependency
        MAINTAINERS: Add file patterns for dsa device tree bindings
        net: mscc: make sparse happy
        net: mvneta: fix the Rx desc DMA address in the Rx path
        Documentation: e1000: Fix docs build error
        Documentation: e100: Fix docs build error
        Documentation: e1000: Use correct heading adornment
        Documentation: e100: Use correct heading adornment
        ipv6: mcast: fix unsolicited report interval after receiving querys
        vhost_net: validate sock before trying to put its fd
        VSOCK: fix loopback on big-endian systems
        net: ethernet: ti: davinci_cpdma: make function cpdma_desc_pool_create static
        xen-netfront: Update features after registering netdev
        ...
      6f0d349d
    • D
      xfs: fix fdblocks accounting w/ RMAPBT per-AG reservation · d8cb5e42
      Darrick J. Wong 提交于
      In __xfs_ag_resv_init we incorrectly calculate the amount by which to
      decrease fdblocks when reserving blocks for the rmapbt.  Because rmapbt
      allocations do not decrease fdblocks, we must decrease fdblocks by the
      entire size of the requested reservation in order to achieve our goal of
      always having enough free blocks to satisfy an rmapbt expansion.
      
      This is in contrast to the refcountbt/finobt, which /do/ subtract from
      fdblocks whenever they allocate a block.  For this allocation type we
      preserve the existing behavior where we decrease fdblocks only by the
      requested reservation minus the size of the existing tree.
      
      This fixes the problem where the available block counts reported by
      statfs change across a remount if there had been an rmapbt size change
      since mount time.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NAllison Henderson <allison.henderson@oracle.com>
      d8cb5e42
    • D
      xfs: ensure post-EOF zeroing happens after zeroing part of a file · e53c4b59
      Darrick J. Wong 提交于
      If a user asks us to zero_range part of a file, the end of the range is
      EOF, and not aligned to a page boundary, invoke writeback of the EOF
      page to ensure that the post-EOF part of the page is zeroed.  This
      ensures that we don't expose stale memory contents via mmap, if in a
      clumsy manner.
      
      Found by running generic/127 when it runs zero_range and mapread at EOF
      one after the other.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Reviewed-by: NAllison Henderson <allison.henderson@oracle.com>
      e53c4b59
    • D
      xfs: fix off-by-one error in xfs_rtalloc_query_range · a3a374bf
      Darrick J. Wong 提交于
      In commit 8ad560d2 ("xfs: strengthen rtalloc query range checks")
      we strengthened the input parameter checks in the rtbitmap range query
      function, but introduced an off-by-one error in the process.  The call
      to xfs_rtfind_forw deals with the high key being rextents, but we clamp
      the high key to rextents - 1.  This causes the returned results to stop
      one block short of the end of the rtdev, which is incorrect.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NAllison Henderson <allison.henderson@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      a3a374bf
    • D
      xfs: fix uninitialized field in rtbitmap fsmap backend · 232d0a24
      Darrick J. Wong 提交于
      Initialize the extent count field of the high key so that when we use
      the high key to synthesize an 'unknown owner' record (i.e. used space
      record) at the end of the queried range we have a field with which to
      compute rm_blockcount.  This is not strictly necessary because the
      synthesizer never uses the rm_blockcount field, but we can shut up the
      static code analysis anyway.
      
      Coverity-id: 1437358
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NAllison Henderson <allison.henderson@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      232d0a24
    • D
      xfs: recheck reflink state after grabbing ILOCK_SHARED for a write · 5bd88d15
      Darrick J. Wong 提交于
      The reflink iflag could have changed since the earlier unlocked check,
      so if we got ILOCK_SHARED for a write and but we're now a reflink inode
      we have to switch to ILOCK_EXCL and relock.
      
      This helps us avoid blowing lock assertions in things like generic/166:
      
      XFS: Assertion failed: xfs_isilocked(ip, XFS_ILOCK_EXCL), file: fs/xfs/xfs_reflink.c, line: 383
      WARNING: CPU: 1 PID: 24707 at fs/xfs/xfs_message.c:104 assfail+0x25/0x30 [xfs]
      Modules linked in: deadline_iosched dm_snapshot dm_bufio ext4 mbcache jbd2 dm_flakey xfs libcrc32c dax_pmem device_dax nd_pmem sch_fq_codel af_packet [last unloaded: scsi_debug]
      CPU: 1 PID: 24707 Comm: xfs_io Not tainted 4.18.0-rc1-djw #1
      Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.10.2-1ubuntu1 04/01/2014
      RIP: 0010:assfail+0x25/0x30 [xfs]
      Code: ff 0f 0b c3 90 66 66 66 66 90 48 89 f1 41 89 d0 48 c7 c6 e8 ef 1b a0 48 89 fa 31 ff e8 54 f9 ff ff 80 3d fd ba 0f 00 00 75 03 <0f> 0b c3 0f 0b 66 0f 1f 44 00 00 66 66 66 66 90 48 63 f6 49 89 f9
      RSP: 0018:ffffc90006423ad8 EFLAGS: 00010246
      RAX: 0000000000000000 RBX: ffff880030b65e80 RCX: 0000000000000000
      RDX: 00000000ffffffc0 RSI: 000000000000000a RDI: ffffffffa01b0447
      RBP: ffffc90006423c10 R08: 0000000000000000 R09: 0000000000000000
      R10: ffff88003d43fc30 R11: f000000000000000 R12: ffff880077cda000
      R13: 0000000000000000 R14: ffffc90006423c30 R15: ffffc90006423bf9
      FS:  00007feba8986800(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 000000000138ab58 CR3: 000000003d40a000 CR4: 00000000000006a0
      Call Trace:
       xfs_reflink_allocate_cow+0x24c/0x3d0 [xfs]
       xfs_file_iomap_begin+0x6d2/0xeb0 [xfs]
       ? iomap_to_fiemap+0x80/0x80
       iomap_apply+0x5e/0x130
       iomap_dio_rw+0x2e0/0x400
       ? iomap_to_fiemap+0x80/0x80
       ? xfs_file_dio_aio_write+0x133/0x4a0 [xfs]
       xfs_file_dio_aio_write+0x133/0x4a0 [xfs]
       xfs_file_write_iter+0x7b/0xb0 [xfs]
       __vfs_write+0x16f/0x1f0
       vfs_write+0xc8/0x1c0
       ksys_pwrite64+0x74/0x90
       do_syscall_64+0x56/0x180
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      5bd88d15
    • D
      xfs: don't allow insert-range to shift extents past the maximum offset · f62cb48e
      Darrick J. Wong 提交于
      Zorro Lang reports that generic/485 blows an assert on a filesystem with
      512 byte blocks.  The test tries to fallocate a post-eof extent at the
      maximum file size and calls insert range to shift the extents right by
      two blocks.  On a 512b block filesystem this causes startoff to overflow
      the 54-bit startoff field, leading to the assert.
      
      Therefore, always check the rightmost extent to see if it would overflow
      prior to invoking the insert range machinery.
      
      Reported-by: zlang@redhat.com
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200137Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NAllison Henderson <allison.henderson@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      f62cb48e
    • D
      xfs: don't trip over negative free space in xfs_reserve_blocks · aafe12ce
      Darrick J. Wong 提交于
      If we somehow end up with a filesystem that has fewer free blocks than
      the blocks set aside to avoid ENOSPC deadlocks, it's possible that the
      free space calculation in xfs_reserve_blocks will spit out a negative
      number (because percpu_counter_sum returns s64).  We fail to notice
      this negative number and set fdblks_delta to it.  Now we increment
      fdblocks(!) and the unsigned type of m_resblks means that we end up
      setting a ridiculously huge m_resblks reservation.
      
      Avoid this comedy of errors by detecting the negative free space and
      returning -ENOSPC.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NAllison Henderson <allison.henderson@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      aafe12ce
    • D
      xfs: allow empty transactions while frozen · 10ee2526
      Darrick J. Wong 提交于
      In commit e89c0413 ("xfs: implement the GETFSMAP ioctl") we
      created the ability to obtain empty transactions.  These transactions
      have no log or block reservations and therefore can't modify anything.
      Since they're also NO_WRITECOUNT they can run while the fs is frozen,
      so we don't need to WARN_ON about that usage.
      Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
      Reviewed-by: NAllison Henderson <allison.henderson@oracle.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      10ee2526
    • P
      MIPS: Add ksig argument to rseq_{signal_deliver,handle_notify_resume} · 662d855c
      Paul Burton 提交于
      Commit 784e0300 ("rseq: Avoid infinite recursion when delivering
      SIGSEGV") added a new ksig argument to the rseq_signal_deliver() &
      rseq_handle_notify_resume() functions, and was merged in v4.18-rc2.
      Meanwhile MIPS support for restartable sequences was also merged in
      v4.18-rc2 with commit 9ea141ad ("MIPS: Add support for restartable
      sequences"), and therefore didn't get updated for the API change.
      
      This results in build failures like the following:
      
          CC      arch/mips/kernel/signal.o
        arch/mips/kernel/signal.c: In function 'handle_signal':
        arch/mips/kernel/signal.c:804:22: error: passing argument 1 of
          'rseq_signal_deliver' from incompatible pointer type
          [-Werror=incompatible-pointer-types]
          rseq_signal_deliver(regs);
                              ^~~~
        In file included from ./include/linux/context_tracking.h:5,
                         from arch/mips/kernel/signal.c:12:
        ./include/linux/sched.h:1811:56: note: expected 'struct ksignal *' but
          argument is of type 'struct pt_regs *'
          static inline void rseq_signal_deliver(struct ksignal *ksig,
                                                 ~~~~~~~~~~~~~~~~^~~~
        arch/mips/kernel/signal.c:804:2: error: too few arguments to function
          'rseq_signal_deliver'
          rseq_signal_deliver(regs);
          ^~~~~~~~~~~~~~~~~~~
      
      Fix this by adding the ksig argument as was done for other architectures
      in commit 784e0300 ("rseq: Avoid infinite recursion when delivering
      SIGSEGV").
      Signed-off-by: NPaul Burton <paul.burton@mips.com>
      Acked-by: NMathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Patchwork: https://patchwork.linux-mips.org/patch/19603/
      Cc: James Hogan <jhogan@kernel.org>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
      Cc: Boqun Feng <boqun.feng@gmail.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      662d855c
  6. 24 6月, 2018 3 次提交
    • C
      sfc: make function efx_rps_hash_bucket static · 829eb053
      Colin Ian King 提交于
      The function efx_rps_hash_bucket is local to the source and
      does not need to be in global scope, so make it static.
      
      Cleans up sparse warning:
      symbol 'efx_rps_hash_bucket' was not declared. Should it be static?
      Signed-off-by: NColin Ian King <colin.king@canonical.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      829eb053
    • L
      Linux 4.18-rc2 · 7daf201d
      Linus Torvalds 提交于
      7daf201d
    • L
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · c81b995f
      Linus Torvalds 提交于
      Pull perf fixes from Thomas Gleixner:
       "A pile of perf updates:
      
        Kernel side:
      
         - Remove an incorrect warning in uprobe_init_insn() when
           insn_get_length() fails. The error return code is handled at the
           call site.
      
         - Move the inline keyword to the right place in the perf ringbuffer
           code to address a W=1 build warning.
      
        Tooling:
      
        perf stat:
      
         - Fix metric column header display alignment
      
         - Improve error messages for default attributes, providing better
           output for error in command line.
      
         - Add --interval-clear option, to provide a 'watch' like printing
      
        perf script:
      
         - Show hw-cache events too
      
        perf c2c:
      
         - Fix data dependency problem in layout of 'struct c2c_hist_entry'
      
        Core:
      
         - Do not blindly assume that 'struct perf_evsel' can be obtained via
           a straight forward container_of() as there are call sites which
           hand in a plain 'struct hist' which is not part of a container.
      
         - Fix error index in the PMU event parser, so that error messages can
           point to the problematic token"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/core: Move the inline keyword at the beginning of the function declaration
        uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
        perf script: Show hw-cache events
        perf c2c: Keep struct hist_entry at the end of struct c2c_hist_entry
        perf stat: Add event parsing error handling to add_default_attributes
        perf stat: Allow to specify specific metric column len
        perf stat: Fix metric column header display alignment
        perf stat: Use only color_fprintf call in print_metric_only
        perf stat: Add --interval-clear option
        perf tools: Fix error index for pmu event parser
        perf hists: Reimplement hists__has_callchains()
        perf hists browser gtk: Use hist_entry__has_callchains()
        perf hists: Make hist_entry__has_callchains() work with 'perf c2c'
        perf hists: Save the callchain_size in struct hist_entry
      c81b995f