lineage-22.2
610 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Yang Yingliang
|
52bfcc9c84 |
modules: fix compile error if don't have strict module rwx
commit 93651f80dcb616b8c9115cdafc8e57a781af22d0 upstream.
If CONFIG_ARCH_HAS_STRICT_MODULE_RWX is not defined,
we need stub for module_enable_nx() and module_enable_x().
If CONFIG_ARCH_HAS_STRICT_MODULE_RWX is defined, but
CONFIG_STRICT_MODULE_RWX is disabled, we need stub for
module_enable_nx.
Move frob_text() outside of the CONFIG_STRICT_MODULE_RWX,
because it is needed anyway.
Fixes: 2eef1399a866 ("modules: fix BUG when load module with rodata=n")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Yang Yingliang
|
ae415d7a27 |
modules: fix BUG when load module with rodata=n
commit 2eef1399a866c57687962e15142b141a4f8e7862 upstream. When loading a module with rodata=n, it causes an executing NX-protected page BUG. [ 32.379191] kernel tried to execute NX-protected page - exploit attempt? (uid: 0) [ 32.382917] BUG: unable to handle page fault for address: ffffffffc0005000 [ 32.385947] #PF: supervisor instruction fetch in kernel mode [ 32.387662] #PF: error_code(0x0011) - permissions violation [ 32.389352] PGD 240c067 P4D 240c067 PUD 240e067 PMD 421a52067 PTE 8000000421a53063 [ 32.391396] Oops: 0011 [#1] SMP PTI [ 32.392478] CPU: 7 PID: 2697 Comm: insmod Tainted: G O 5.2.0-rc5+ #202 [ 32.394588] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 [ 32.398157] RIP: 0010:ko_test_init+0x0/0x1000 [ko_test] [ 32.399662] Code: Bad RIP value. [ 32.400621] RSP: 0018:ffffc900029f3ca8 EFLAGS: 00010246 [ 32.402171] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 32.404332] RDX: 00000000000004c7 RSI: 0000000000000cc0 RDI: ffffffffc0005000 [ 32.406347] RBP: ffffffffc0005000 R08: ffff88842fbebc40 R09: ffffffff810ede4a [ 32.408392] R10: ffffea00108e3480 R11: 0000000000000000 R12: ffff88842bee21a0 [ 32.410472] R13: 0000000000000001 R14: 0000000000000001 R15: ffffc900029f3e78 [ 32.412609] FS: 00007fb4f0c0a700(0000) GS:ffff88842fbc0000(0000) knlGS:0000000000000000 [ 32.414722] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.416290] CR2: ffffffffc0004fd6 CR3: 0000000421a90004 CR4: 0000000000020ee0 [ 32.418471] Call Trace: [ 32.419136] do_one_initcall+0x41/0x1df [ 32.420199] ? _cond_resched+0x10/0x40 [ 32.421433] ? kmem_cache_alloc_trace+0x36/0x160 [ 32.422827] do_init_module+0x56/0x1f7 [ 32.423946] load_module+0x1e67/0x2580 [ 32.424947] ? __alloc_pages_nodemask+0x150/0x2c0 [ 32.426413] ? map_vm_area+0x2d/0x40 [ 32.427530] ? __vmalloc_node_range+0x1ef/0x260 [ 32.428850] ? __do_sys_init_module+0x135/0x170 [ 32.430060] ? _cond_resched+0x10/0x40 [ 32.431249] __do_sys_init_module+0x135/0x170 [ 32.432547] do_syscall_64+0x43/0x120 [ 32.433853] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Because if rodata=n, set_memory_x() can't be called, fix this by calling set_memory_x in complete_formation(); Fixes: f2c65fb3221a ("x86/modules: Avoid breaking W^X while loading modules") Suggested-by: Jian Cheng <cj.chengjian@huawei.com> Reviewed-by: Nadav Amit <namit@vmware.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: Jessica Yu <jeyu@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
8ca5759502 |
Merge 4.19.73 into android-4.19
Changes in 4.19.73
ALSA: hda - Fix potential endless loop at applying quirks
ALSA: hda/realtek - Fix overridden device-specific initialization
ALSA: hda/realtek - Add quirk for HP Pavilion 15
ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL
ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre
sched/fair: Don't assign runtime for throttled cfs_rq
drm/vmwgfx: Fix double free in vmw_recv_msg()
vhost/test: fix build for vhost test
vhost/test: fix build for vhost test - again
powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction
batman-adv: fix uninit-value in batadv_netlink_get_ifindex()
batman-adv: Only read OGM tvlv_len after buffer len check
hv_sock: Fix hang when a connection is closed
Blk-iolatency: warn on negative inflight IO counter
blk-iolatency: fix STS_AGAIN handling
{nl,mac}80211: fix interface combinations on crypto controlled devices
timekeeping: Use proper ktime_add when adding nsecs in coarse offset
selftests: fib_rule_tests: use pre-defined DEV_ADDR
x86/ftrace: Fix warning and considate ftrace_jmp_replace() and ftrace_call_replace()
powerpc/64: mark start_here_multiplatform as __ref
media: stm32-dcmi: fix irq = 0 case
arm64: dts: rockchip: enable usb-host regulators at boot on rk3328-rock64
scripts/decode_stacktrace: match basepath using shell prefix operator, not regex
riscv: remove unused variable in ftrace
nvme-fc: use separate work queue to avoid warning
clk: s2mps11: Add used attribute to s2mps11_dt_match
remoteproc: qcom: q6v5: shore up resource probe handling
modules: always page-align module section allocations
kernel/module: Fix mem leak in module_add_modinfo_attrs
drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse"
media: cec/v4l2: move V4L2 specific CEC functions to V4L2
media: cec: remove cec-edid.c
scsi: qla2xxx: Move log messages before issuing command to firmware
keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h
Drivers: hv: kvp: Fix two "this statement may fall through" warnings
x86, hibernate: Fix nosave_regions setup for hibernation
remoteproc: qcom: q6v5-mss: add SCM probe dependency
drm/amdgpu/gfx9: Update gfx9 golden settings.
drm/amdgpu: Update gc_9_0 golden settings.
KVM: x86: hyperv: enforce vp_index < KVM_MAX_VCPUS
KVM: x86: hyperv: consistently use 'hv_vcpu' for 'struct kvm_vcpu_hv' variables
KVM: x86: hyperv: keep track of mismatched VP indexes
KVM: hyperv: define VP assist page helpers
x86/kvm/lapic: preserve gfn_to_hva_cache len on cache reinit
drm/i915: Fix intel_dp_mst_best_encoder()
drm/i915: Rename PLANE_CTL_DECOMPRESSION_ENABLE
drm/i915/gen9+: Fix initial readout for Y tiled framebuffers
drm/atomic_helper: Disallow new modesets on unregistered connectors
Drivers: hv: kvp: Fix the indentation of some "break" statements
Drivers: hv: kvp: Fix the recent regression caused by incorrect clean-up
powerplay: Respect units on max dcfclk watermark
drm/amd/pp: Fix truncated clock value when set watermark
drm/amd/dm: Understand why attaching path/tile properties are needed
ARM: davinci: da8xx: define gpio interrupts as separate resources
ARM: davinci: dm365: define gpio interrupts as separate resources
ARM: davinci: dm646x: define gpio interrupts as separate resources
ARM: davinci: dm355: define gpio interrupts as separate resources
ARM: davinci: dm644x: define gpio interrupts as separate resources
s390/zcrypt: reinit ap queue state machine during device probe
media: vim2m: use workqueue
media: vim2m: use cancel_delayed_work_sync instead of flush_schedule_work
drm/i915: Restore sane defaults for KMS on GEM error load
drm/i915: Cleanup gt powerstate from gem
KVM: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch
Btrfs: clean up scrub is_dev_replace parameter
Btrfs: fix deadlock with memory reclaim during scrub
btrfs: Remove extent_io_ops::fill_delalloc
btrfs: Fix error handling in btrfs_cleanup_ordered_extents
scsi: megaraid_sas: Fix combined reply queue mode detection
scsi: megaraid_sas: Add check for reset adapter bit
scsi: megaraid_sas: Use 63-bit DMA addressing
powerpc/pkeys: Fix handling of pkey state across fork()
btrfs: volumes: Make sure no dev extent is beyond device boundary
btrfs: Use real device structure to verify dev extent
media: vim2m: only cancel work if it is for right context
ARC: show_regs: lockdep: re-enable preemption
ARC: mm: do_page_fault fixes #1: relinquish mmap_sem if signal arrives while handle_mm_fault
IB/uverbs: Fix OOPs upon device disassociation
crypto: ccree - fix resume race condition on init
crypto: ccree - add missing inline qualifier
drm/vblank: Allow dynamic per-crtc max_vblank_count
drm/i915/ilk: Fix warning when reading emon_status with no output
mfd: Kconfig: Fix I2C_DESIGNWARE_PLATFORM dependencies
tpm: Fix some name collisions with drivers/char/tpm.h
bcache: replace hard coded number with BUCKET_GC_GEN_MAX
bcache: treat stale && dirty keys as bad keys
KVM: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run
iio: adc: exynos-adc: Add S5PV210 variant
dt-bindings: iio: adc: exynos-adc: Add S5PV210 variant
iio: adc: exynos-adc: Use proper number of channels for Exynos4x12
mt76: fix corrupted software generated tx CCMP PN
drm/nouveau: Don't WARN_ON VCPI allocation failures
iwlwifi: fix devices with PCI Device ID 0x34F0 and 11ac RF modules
iwlwifi: add new card for 9260 series
x86/kvmclock: set offset for kvm unstable clock
spi: spi-gpio: fix SPI_CS_HIGH capability
powerpc/kvm: Save and restore host AMR/IAMR/UAMOR
mmc: renesas_sdhi: Fix card initialization failure in high speed mode
btrfs: scrub: pass fs_info to scrub_setup_ctx
btrfs: scrub: move scrub_setup_ctx allocation out of device_list_mutex
btrfs: scrub: fix circular locking dependency warning
btrfs: init csum_list before possible free
PCI: qcom: Fix error handling in runtime PM support
PCI: qcom: Don't deassert reset GPIO during probe
drm: add __user attribute to ptr_to_compat()
CIFS: Fix error paths in writeback code
CIFS: Fix leaking locked VFS cache pages in writeback retry
drm/i915: Handle vm_mmap error during I915_GEM_MMAP ioctl with WC set
drm/i915: Sanity check mmap length against object size
usb: typec: tcpm: Try PD-2.0 if sink does not respond to 3.0 source-caps
arm64: dts: stratix10: add the sysmgr-syscon property from the gmac's
IB/mlx5: Reset access mask when looping inside page fault handler
kvm: mmu: Fix overflow on kvm mmu page limit calculation
x86/kvm: move kvm_load/put_guest_xcr0 into atomic context
KVM: x86: Always use 32-bit SMRAM save state for 32-bit kernels
cifs: Fix lease buffer length error
media: i2c: tda1997x: select V4L2_FWNODE
ext4: protect journal inode's blocks using block_validity
ARM: dts: qcom: ipq4019: fix PCI range
ARM: dts: qcom: ipq4019: Fix MSI IRQ type
ARM: dts: qcom: ipq4019: enlarge PCIe BAR range
dt-bindings: mmc: Add supports-cqe property
dt-bindings: mmc: Add disable-cqe-dcmd property.
PCI: Add macro for Switchtec quirk declarations
PCI: Reset Lenovo ThinkPad P50 nvgpu at boot if necessary
dm mpath: fix missing call of path selector type->end_io
blk-mq: free hw queue's resource in hctx's release handler
mmc: sdhci-pci: Add support for Intel CML
PCI: dwc: Use devm_pci_alloc_host_bridge() to simplify code
cifs: smbd: take an array of reqeusts when sending upper layer data
dm crypt: move detailed message into debug level
signal/arc: Use force_sig_fault where appropriate
ARC: mm: fix uninitialised signal code in do_page_fault
ARC: mm: SIGSEGV userspace trying to access kernel virtual memory
drm/amdkfd: Add missing Polaris10 ID
kvm: Check irqchip mode before assign irqfd
drm/amdgpu: fix ring test failure issue during s3 in vce 3.0 (V2)
drm/amdgpu/{uvd,vcn}: fetch ring's read_ptr after alloc
Btrfs: fix race between block group removal and block group allocation
cifs: add spinlock for the openFileList to cifsInodeInfo
clk: tegra: Fix maximum audio sync clock for Tegra124/210
clk: tegra210: Fix default rates for HDA clocks
IB/hfi1: Avoid hardlockup with flushlist_lock
apparmor: reset pos on failure to unpack for various functions
scsi: target/core: Use the SECTOR_SHIFT constant
scsi: target/iblock: Fix overrun in WRITE SAME emulation
staging: wilc1000: fix error path cleanup in wilc_wlan_initialize()
scsi: zfcp: fix request object use-after-free in send path causing wrong traces
cifs: Properly handle auto disabling of serverino option
ALSA: hda - Don't resume forcibly i915 HDMI/DP codec
ceph: use ceph_evict_inode to cleanup inode's resource
KVM: x86: optimize check for valid PAT value
KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value
KVM: VMX: Fix handling of #MC that occurs during VM-Entry
KVM: VMX: check CPUID before allowing read/write of IA32_XSS
KVM: PPC: Use ccr field in pt_regs struct embedded in vcpu struct
KVM: PPC: Book3S HV: Fix CR0 setting in TM emulation
ARM: dts: gemini: Set DIR-685 SPI CS as active low
RDMA/srp: Document srp_parse_in() arguments
RDMA/srp: Accept again source addresses that do not have a port number
btrfs: correctly validate compression type
resource: Include resource end in walk_*() interfaces
resource: Fix find_next_iomem_res() iteration issue
resource: fix locking in find_next_iomem_res()
pstore: Fix double-free in pstore_mkfile() failure path
dm thin metadata: check if in fail_io mode when setting needs_check
drm/panel: Add support for Armadeus ST0700 Adapt
ALSA: hda - Fix intermittent CORB/RIRB stall on Intel chips
powerpc/mm: Limit rma_size to 1TB when running without HV mode
iommu/iova: Remove stale cached32_node
gpio: don't WARN() on NULL descs if gpiolib is disabled
i2c: at91: disable TXRDY interrupt after sending data
i2c: at91: fix clk_offset for sama5d2
mm/migrate.c: initialize pud_entry in migrate_vma()
iio: adc: gyroadc: fix uninitialized return code
NFSv4: Fix delegation state recovery
bcache: only clear BTREE_NODE_dirty bit when it is set
bcache: add comments for mutex_lock(&b->write_lock)
bcache: fix race in btree_flush_write()
drm/i915: Make sure cdclk is high enough for DP audio on VLV/CHV
virtio/s390: fix race on airq_areas[]
drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors
ext4: don't perform block validity checks on the journal inode
ext4: fix block validity checks for journal inodes using indirect blocks
ext4: unsigned int compared against zero
PCI: Reset both NVIDIA GPU and HDA in ThinkPad P50 workaround
powerpc/tm: Remove msr_tm_active()
powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts
vhost: make sure log_num < in_num
Linux 4.19.73
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7bc57825aeb36759bb8e8726888da9af06392c09
|
||
|
Greg Kroah-Hartman
|
8feec99e2c |
Merge 4.19.73 into android-4.19-q
Changes in 4.19.73
ALSA: hda - Fix potential endless loop at applying quirks
ALSA: hda/realtek - Fix overridden device-specific initialization
ALSA: hda/realtek - Add quirk for HP Pavilion 15
ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL
ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre
sched/fair: Don't assign runtime for throttled cfs_rq
drm/vmwgfx: Fix double free in vmw_recv_msg()
vhost/test: fix build for vhost test
vhost/test: fix build for vhost test - again
powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction
batman-adv: fix uninit-value in batadv_netlink_get_ifindex()
batman-adv: Only read OGM tvlv_len after buffer len check
hv_sock: Fix hang when a connection is closed
Blk-iolatency: warn on negative inflight IO counter
blk-iolatency: fix STS_AGAIN handling
{nl,mac}80211: fix interface combinations on crypto controlled devices
timekeeping: Use proper ktime_add when adding nsecs in coarse offset
selftests: fib_rule_tests: use pre-defined DEV_ADDR
x86/ftrace: Fix warning and considate ftrace_jmp_replace() and ftrace_call_replace()
powerpc/64: mark start_here_multiplatform as __ref
media: stm32-dcmi: fix irq = 0 case
arm64: dts: rockchip: enable usb-host regulators at boot on rk3328-rock64
scripts/decode_stacktrace: match basepath using shell prefix operator, not regex
riscv: remove unused variable in ftrace
nvme-fc: use separate work queue to avoid warning
clk: s2mps11: Add used attribute to s2mps11_dt_match
remoteproc: qcom: q6v5: shore up resource probe handling
modules: always page-align module section allocations
kernel/module: Fix mem leak in module_add_modinfo_attrs
drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse"
media: cec/v4l2: move V4L2 specific CEC functions to V4L2
media: cec: remove cec-edid.c
scsi: qla2xxx: Move log messages before issuing command to firmware
keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h
Drivers: hv: kvp: Fix two "this statement may fall through" warnings
x86, hibernate: Fix nosave_regions setup for hibernation
remoteproc: qcom: q6v5-mss: add SCM probe dependency
drm/amdgpu/gfx9: Update gfx9 golden settings.
drm/amdgpu: Update gc_9_0 golden settings.
KVM: x86: hyperv: enforce vp_index < KVM_MAX_VCPUS
KVM: x86: hyperv: consistently use 'hv_vcpu' for 'struct kvm_vcpu_hv' variables
KVM: x86: hyperv: keep track of mismatched VP indexes
KVM: hyperv: define VP assist page helpers
x86/kvm/lapic: preserve gfn_to_hva_cache len on cache reinit
drm/i915: Fix intel_dp_mst_best_encoder()
drm/i915: Rename PLANE_CTL_DECOMPRESSION_ENABLE
drm/i915/gen9+: Fix initial readout for Y tiled framebuffers
drm/atomic_helper: Disallow new modesets on unregistered connectors
Drivers: hv: kvp: Fix the indentation of some "break" statements
Drivers: hv: kvp: Fix the recent regression caused by incorrect clean-up
powerplay: Respect units on max dcfclk watermark
drm/amd/pp: Fix truncated clock value when set watermark
drm/amd/dm: Understand why attaching path/tile properties are needed
ARM: davinci: da8xx: define gpio interrupts as separate resources
ARM: davinci: dm365: define gpio interrupts as separate resources
ARM: davinci: dm646x: define gpio interrupts as separate resources
ARM: davinci: dm355: define gpio interrupts as separate resources
ARM: davinci: dm644x: define gpio interrupts as separate resources
s390/zcrypt: reinit ap queue state machine during device probe
media: vim2m: use workqueue
media: vim2m: use cancel_delayed_work_sync instead of flush_schedule_work
drm/i915: Restore sane defaults for KMS on GEM error load
drm/i915: Cleanup gt powerstate from gem
KVM: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch
Btrfs: clean up scrub is_dev_replace parameter
Btrfs: fix deadlock with memory reclaim during scrub
btrfs: Remove extent_io_ops::fill_delalloc
btrfs: Fix error handling in btrfs_cleanup_ordered_extents
scsi: megaraid_sas: Fix combined reply queue mode detection
scsi: megaraid_sas: Add check for reset adapter bit
scsi: megaraid_sas: Use 63-bit DMA addressing
powerpc/pkeys: Fix handling of pkey state across fork()
btrfs: volumes: Make sure no dev extent is beyond device boundary
btrfs: Use real device structure to verify dev extent
media: vim2m: only cancel work if it is for right context
ARC: show_regs: lockdep: re-enable preemption
ARC: mm: do_page_fault fixes #1: relinquish mmap_sem if signal arrives while handle_mm_fault
IB/uverbs: Fix OOPs upon device disassociation
crypto: ccree - fix resume race condition on init
crypto: ccree - add missing inline qualifier
drm/vblank: Allow dynamic per-crtc max_vblank_count
drm/i915/ilk: Fix warning when reading emon_status with no output
mfd: Kconfig: Fix I2C_DESIGNWARE_PLATFORM dependencies
tpm: Fix some name collisions with drivers/char/tpm.h
bcache: replace hard coded number with BUCKET_GC_GEN_MAX
bcache: treat stale && dirty keys as bad keys
KVM: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run
iio: adc: exynos-adc: Add S5PV210 variant
dt-bindings: iio: adc: exynos-adc: Add S5PV210 variant
iio: adc: exynos-adc: Use proper number of channels for Exynos4x12
mt76: fix corrupted software generated tx CCMP PN
drm/nouveau: Don't WARN_ON VCPI allocation failures
iwlwifi: fix devices with PCI Device ID 0x34F0 and 11ac RF modules
iwlwifi: add new card for 9260 series
x86/kvmclock: set offset for kvm unstable clock
spi: spi-gpio: fix SPI_CS_HIGH capability
powerpc/kvm: Save and restore host AMR/IAMR/UAMOR
mmc: renesas_sdhi: Fix card initialization failure in high speed mode
btrfs: scrub: pass fs_info to scrub_setup_ctx
btrfs: scrub: move scrub_setup_ctx allocation out of device_list_mutex
btrfs: scrub: fix circular locking dependency warning
btrfs: init csum_list before possible free
PCI: qcom: Fix error handling in runtime PM support
PCI: qcom: Don't deassert reset GPIO during probe
drm: add __user attribute to ptr_to_compat()
CIFS: Fix error paths in writeback code
CIFS: Fix leaking locked VFS cache pages in writeback retry
drm/i915: Handle vm_mmap error during I915_GEM_MMAP ioctl with WC set
drm/i915: Sanity check mmap length against object size
usb: typec: tcpm: Try PD-2.0 if sink does not respond to 3.0 source-caps
arm64: dts: stratix10: add the sysmgr-syscon property from the gmac's
IB/mlx5: Reset access mask when looping inside page fault handler
kvm: mmu: Fix overflow on kvm mmu page limit calculation
x86/kvm: move kvm_load/put_guest_xcr0 into atomic context
KVM: x86: Always use 32-bit SMRAM save state for 32-bit kernels
cifs: Fix lease buffer length error
media: i2c: tda1997x: select V4L2_FWNODE
ext4: protect journal inode's blocks using block_validity
ARM: dts: qcom: ipq4019: fix PCI range
ARM: dts: qcom: ipq4019: Fix MSI IRQ type
ARM: dts: qcom: ipq4019: enlarge PCIe BAR range
dt-bindings: mmc: Add supports-cqe property
dt-bindings: mmc: Add disable-cqe-dcmd property.
PCI: Add macro for Switchtec quirk declarations
PCI: Reset Lenovo ThinkPad P50 nvgpu at boot if necessary
dm mpath: fix missing call of path selector type->end_io
blk-mq: free hw queue's resource in hctx's release handler
mmc: sdhci-pci: Add support for Intel CML
PCI: dwc: Use devm_pci_alloc_host_bridge() to simplify code
cifs: smbd: take an array of reqeusts when sending upper layer data
dm crypt: move detailed message into debug level
signal/arc: Use force_sig_fault where appropriate
ARC: mm: fix uninitialised signal code in do_page_fault
ARC: mm: SIGSEGV userspace trying to access kernel virtual memory
drm/amdkfd: Add missing Polaris10 ID
kvm: Check irqchip mode before assign irqfd
drm/amdgpu: fix ring test failure issue during s3 in vce 3.0 (V2)
drm/amdgpu/{uvd,vcn}: fetch ring's read_ptr after alloc
Btrfs: fix race between block group removal and block group allocation
cifs: add spinlock for the openFileList to cifsInodeInfo
clk: tegra: Fix maximum audio sync clock for Tegra124/210
clk: tegra210: Fix default rates for HDA clocks
IB/hfi1: Avoid hardlockup with flushlist_lock
apparmor: reset pos on failure to unpack for various functions
scsi: target/core: Use the SECTOR_SHIFT constant
scsi: target/iblock: Fix overrun in WRITE SAME emulation
staging: wilc1000: fix error path cleanup in wilc_wlan_initialize()
scsi: zfcp: fix request object use-after-free in send path causing wrong traces
cifs: Properly handle auto disabling of serverino option
ALSA: hda - Don't resume forcibly i915 HDMI/DP codec
ceph: use ceph_evict_inode to cleanup inode's resource
KVM: x86: optimize check for valid PAT value
KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value
KVM: VMX: Fix handling of #MC that occurs during VM-Entry
KVM: VMX: check CPUID before allowing read/write of IA32_XSS
KVM: PPC: Use ccr field in pt_regs struct embedded in vcpu struct
KVM: PPC: Book3S HV: Fix CR0 setting in TM emulation
ARM: dts: gemini: Set DIR-685 SPI CS as active low
RDMA/srp: Document srp_parse_in() arguments
RDMA/srp: Accept again source addresses that do not have a port number
btrfs: correctly validate compression type
resource: Include resource end in walk_*() interfaces
resource: Fix find_next_iomem_res() iteration issue
resource: fix locking in find_next_iomem_res()
pstore: Fix double-free in pstore_mkfile() failure path
dm thin metadata: check if in fail_io mode when setting needs_check
drm/panel: Add support for Armadeus ST0700 Adapt
ALSA: hda - Fix intermittent CORB/RIRB stall on Intel chips
powerpc/mm: Limit rma_size to 1TB when running without HV mode
iommu/iova: Remove stale cached32_node
gpio: don't WARN() on NULL descs if gpiolib is disabled
i2c: at91: disable TXRDY interrupt after sending data
i2c: at91: fix clk_offset for sama5d2
mm/migrate.c: initialize pud_entry in migrate_vma()
iio: adc: gyroadc: fix uninitialized return code
NFSv4: Fix delegation state recovery
bcache: only clear BTREE_NODE_dirty bit when it is set
bcache: add comments for mutex_lock(&b->write_lock)
bcache: fix race in btree_flush_write()
drm/i915: Make sure cdclk is high enough for DP audio on VLV/CHV
virtio/s390: fix race on airq_areas[]
drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors
ext4: don't perform block validity checks on the journal inode
ext4: fix block validity checks for journal inodes using indirect blocks
ext4: unsigned int compared against zero
PCI: Reset both NVIDIA GPU and HDA in ThinkPad P50 workaround
powerpc/tm: Remove msr_tm_active()
powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts
vhost: make sure log_num < in_num
Linux 4.19.73
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9949b14a25edc8d3fdf8518e1d862dc534b2f4f4
|
||
|
YueHaibing
|
3015291b2f |
kernel/module: Fix mem leak in module_add_modinfo_attrs
[ Upstream commit bc6f2a757d525e001268c3658bd88822e768f8db ]
In module_add_modinfo_attrs if sysfs_create_file
fails, we forget to free allocated modinfo_attrs
and roll back the sysfs files.
Fixes:
|
||
|
Jessica Yu
|
9c49f7811f |
modules: always page-align module section allocations
[ Upstream commit 38f054d549a869f22a02224cd276a27bf14b6171 ]
Some arches (e.g., arm64, x86) have moved towards non-executable
module_alloc() allocations for security hardening reasons. That means
that the module loader will need to set the text section of a module to
executable, regardless of whether or not CONFIG_STRICT_MODULE_RWX is set.
When CONFIG_STRICT_MODULE_RWX=y, module section allocations are always
page-aligned to handle memory rwx permissions. On some arches with
CONFIG_STRICT_MODULE_RWX=n however, when setting the module text to
executable, the BUG_ON() in frob_text() gets triggered since module
section allocations are not page-aligned when CONFIG_STRICT_MODULE_RWX=n.
Since the set_memory_* API works with pages, and since we need to call
set_memory_x() regardless of whether CONFIG_STRICT_MODULE_RWX is set, we
might as well page-align all module section allocations for ease of
managing rwx permissions of module sections (text, rodata, etc).
Fixes: 2eef1399a866 ("modules: fix BUG when load module with rodata=n")
Reported-by: Martin Kaiser <lists@kaiser.cx>
Reported-by: Bartosz Golaszewski <brgl@bgdev.pl>
Tested-by: David Lechner <david@lechnology.com>
Tested-by: Martin Kaiser <martin@kaiser.cx>
Tested-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Mukesh Ojha
|
224419de80 |
Kconfig.debug: module: Add debug config to debug modules
There can be scenario where, dynamically loadable modules adds a certain nodes in list data structure and forgot to remove reference from the list while unloading themself. And this can result in fault while accessing those dangling pointers. So If we log the module used address ranges, we could be able to tell exact victim module. And, It will be good to keep these debug logs under a config flag. So, let's add DEBUG_MODULE_LOAD_INFO config and use this in printing module used init and core layout address ranges. e.g: Core layout sections: [ 40.599573] .text [ 40.627074] .plt [ 40.603426] .rodata.str1.8 [ 40.608016] __mcount_loc [ 40.622142] .note.gnu.build-id [ 40.612654] .data [ 40.616438] .gnu.linkonce.this_module [ 40.634909] .bss Init layout sections [ 40.630781] .init.plt [ 40.638591] .symtab [ 40.642573] .strtab After this patch: / # rmmod sample [ 63.816318] Unloaded sample: module core layout start: 0xffffff9dbff85000 size: 0x4000 This config should not be enabled in production builds. Change-Id: I4acfc4f53c561f92ca63fa3c4559148929575580 Signed-off-by: Mukesh Ojha <mojha@codeaurora.org> Signed-off-by: Neeraj Upadhyay <neeraju@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
03d5ba4085 |
Merge 4.19.65 into android-4.19-q
Changes in 4.19.65
ARM: riscpc: fix DMA
ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200
ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again
ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
ftrace: Enable trampoline when rec count returns back to one
dmaengine: tegra-apb: Error out if DMA_PREP_INTERRUPT flag is unset
arm64: dts: rockchip: fix isp iommu clocks and power domain
kernel/module.c: Only return -EEXIST for modules that have finished loading
firmware/psci: psci_checker: Park kthreads before stopping them
MIPS: lantiq: Fix bitfield masking
dmaengine: rcar-dmac: Reject zero-length slave DMA requests
clk: tegra210: fix PLLU and PLLU_OUT1
fs/adfs: super: fix use-after-free bug
clk: sprd: Add check for return value of sprd_clk_regmap_init()
btrfs: fix minimum number of chunk errors for DUP
btrfs: qgroup: Don't hold qgroup_ioctl_lock in btrfs_qgroup_inherit()
cifs: Fix a race condition with cifs_echo_request
ceph: fix improper use of smp_mb__before_atomic()
ceph: return -ERANGE if virtual xattr value didn't fit in buffer
ACPI: blacklist: fix clang warning for unused DMI table
scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
perf version: Fix segfault due to missing OPT_END()
x86: kvm: avoid constant-conversion warning
ACPI: fix false-positive -Wuninitialized warning
be2net: Signal that the device cannot transmit during reconfiguration
x86/apic: Silence -Wtype-limits compiler warnings
x86: math-emu: Hide clang warnings for 16-bit overflow
mm/cma.c: fail if fixed declaration can't be honored
lib/test_overflow.c: avoid tainting the kernel and fix wrap size
lib/test_string.c: avoid masking memset16/32/64 failures
coda: add error handling for fget
coda: fix build using bare-metal toolchain
uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers
drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings
ipc/mqueue.c: only perform resource calculation if user valid
mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed
xen/pv: Fix a boot up hang revealed by int3 self test
x86/kvm: Don't call kvm_spurious_fault() from .fixup
x86/paravirt: Fix callee-saved function ELF sizes
x86, boot: Remove multiple copy of static function sanitize_boot_params()
drm/nouveau: fix memory leak in nouveau_conn_reset()
kconfig: Clear "written" flag to avoid data loss
kbuild: initialize CLANG_FLAGS correctly in the top Makefile
Btrfs: fix incremental send failure after deduplication
Btrfs: fix race leading to fs corruption after transaction abort
mmc: dw_mmc: Fix occasional hang after tuning on eMMC
mmc: meson-mx-sdio: Fix misuse of GENMASK macro
gpiolib: fix incorrect IRQ requesting of an active-low lineevent
IB/hfi1: Fix Spectre v1 vulnerability
mtd: rawnand: micron: handle on-die "ECC-off" devices correctly
selinux: fix memory leak in policydb_init()
ALSA: hda: Fix 1-minute detection delay when i915 module is not available
mm: vmscan: check if mem cgroup is disabled or not before calling memcg slab shrinker
s390/dasd: fix endless loop after read unit address configuration
cgroup: kselftest: relax fs_spec checks
parisc: Fix build of compressed kernel even with debug enabled
drivers/perf: arm_pmu: Fix failure path in PM notifier
arm64: compat: Allow single-byte watchpoints on all addresses
arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
nbd: replace kill_bdev() with __invalidate_device() again
xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
IB/mlx5: Fix unreg_umr to ignore the mkey state
IB/mlx5: Use direct mkey destroy command upon UMR unreg failure
IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache
IB/mlx5: Fix clean_mr() to work in the expected order
IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification
IB/hfi1: Check for error on call to alloc_rsm_map_table
drm/i915/gvt: fix incorrect cache entry for guest page mapping
eeprom: at24: make spd world-readable again
ARC: enable uboot support unconditionally
objtool: Support GCC 9 cold subfunction naming scheme
gcc-9: properly declare the {pv,hv}clock_page storage
x86/vdso: Prevent segfaults due to hoisted vclock reads
scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA
x86/cpufeatures: Carve out CQM features retrieval
x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
x86/speculation: Enable Spectre v1 swapgs mitigations
x86/entry/64: Use JMP instead of JMPQ
x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
Documentation: Add swapgs description to the Spectre v1 documentation
Linux 4.19.65
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0a9a308d7f58de904f229d059a2818fa0cb01dd3
|
||
|
Greg Kroah-Hartman
|
de4c70d6a9 |
Merge 4.19.65 into android-4.19
Changes in 4.19.65
ARM: riscpc: fix DMA
ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200
ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again
ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
ftrace: Enable trampoline when rec count returns back to one
dmaengine: tegra-apb: Error out if DMA_PREP_INTERRUPT flag is unset
arm64: dts: rockchip: fix isp iommu clocks and power domain
kernel/module.c: Only return -EEXIST for modules that have finished loading
firmware/psci: psci_checker: Park kthreads before stopping them
MIPS: lantiq: Fix bitfield masking
dmaengine: rcar-dmac: Reject zero-length slave DMA requests
clk: tegra210: fix PLLU and PLLU_OUT1
fs/adfs: super: fix use-after-free bug
clk: sprd: Add check for return value of sprd_clk_regmap_init()
btrfs: fix minimum number of chunk errors for DUP
btrfs: qgroup: Don't hold qgroup_ioctl_lock in btrfs_qgroup_inherit()
cifs: Fix a race condition with cifs_echo_request
ceph: fix improper use of smp_mb__before_atomic()
ceph: return -ERANGE if virtual xattr value didn't fit in buffer
ACPI: blacklist: fix clang warning for unused DMI table
scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
perf version: Fix segfault due to missing OPT_END()
x86: kvm: avoid constant-conversion warning
ACPI: fix false-positive -Wuninitialized warning
be2net: Signal that the device cannot transmit during reconfiguration
x86/apic: Silence -Wtype-limits compiler warnings
x86: math-emu: Hide clang warnings for 16-bit overflow
mm/cma.c: fail if fixed declaration can't be honored
lib/test_overflow.c: avoid tainting the kernel and fix wrap size
lib/test_string.c: avoid masking memset16/32/64 failures
coda: add error handling for fget
coda: fix build using bare-metal toolchain
uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers
drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings
ipc/mqueue.c: only perform resource calculation if user valid
mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed
xen/pv: Fix a boot up hang revealed by int3 self test
x86/kvm: Don't call kvm_spurious_fault() from .fixup
x86/paravirt: Fix callee-saved function ELF sizes
x86, boot: Remove multiple copy of static function sanitize_boot_params()
drm/nouveau: fix memory leak in nouveau_conn_reset()
kconfig: Clear "written" flag to avoid data loss
kbuild: initialize CLANG_FLAGS correctly in the top Makefile
Btrfs: fix incremental send failure after deduplication
Btrfs: fix race leading to fs corruption after transaction abort
mmc: dw_mmc: Fix occasional hang after tuning on eMMC
mmc: meson-mx-sdio: Fix misuse of GENMASK macro
gpiolib: fix incorrect IRQ requesting of an active-low lineevent
IB/hfi1: Fix Spectre v1 vulnerability
mtd: rawnand: micron: handle on-die "ECC-off" devices correctly
selinux: fix memory leak in policydb_init()
ALSA: hda: Fix 1-minute detection delay when i915 module is not available
mm: vmscan: check if mem cgroup is disabled or not before calling memcg slab shrinker
s390/dasd: fix endless loop after read unit address configuration
cgroup: kselftest: relax fs_spec checks
parisc: Fix build of compressed kernel even with debug enabled
drivers/perf: arm_pmu: Fix failure path in PM notifier
arm64: compat: Allow single-byte watchpoints on all addresses
arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
nbd: replace kill_bdev() with __invalidate_device() again
xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
IB/mlx5: Fix unreg_umr to ignore the mkey state
IB/mlx5: Use direct mkey destroy command upon UMR unreg failure
IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache
IB/mlx5: Fix clean_mr() to work in the expected order
IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification
IB/hfi1: Check for error on call to alloc_rsm_map_table
drm/i915/gvt: fix incorrect cache entry for guest page mapping
eeprom: at24: make spd world-readable again
ARC: enable uboot support unconditionally
objtool: Support GCC 9 cold subfunction naming scheme
gcc-9: properly declare the {pv,hv}clock_page storage
x86/vdso: Prevent segfaults due to hoisted vclock reads
scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA
x86/cpufeatures: Carve out CQM features retrieval
x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
x86/speculation: Enable Spectre v1 swapgs mitigations
x86/entry/64: Use JMP instead of JMPQ
x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
Documentation: Add swapgs description to the Spectre v1 documentation
Linux 4.19.65
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Iceeabdb164657e0a616db618e6aa8445d56b0dc1
|
||
|
Prarit Bhargava
|
09ec6c6783 |
kernel/module.c: Only return -EEXIST for modules that have finished loading
[ Upstream commit 6e6de3dee51a439f76eb73c22ae2ffd2c9384712 ] Microsoft HyperV disables the X86_FEATURE_SMCA bit on AMD systems, and linux guests boot with repeated errors: amd64_edac_mod: Unknown symbol amd_unregister_ecc_decoder (err -2) amd64_edac_mod: Unknown symbol amd_register_ecc_decoder (err -2) amd64_edac_mod: Unknown symbol amd_report_gart_errors (err -2) amd64_edac_mod: Unknown symbol amd_unregister_ecc_decoder (err -2) amd64_edac_mod: Unknown symbol amd_register_ecc_decoder (err -2) amd64_edac_mod: Unknown symbol amd_report_gart_errors (err -2) The warnings occur because the module code erroneously returns -EEXIST for modules that have failed to load and are in the process of being removed from the module list. module amd64_edac_mod has a dependency on module edac_mce_amd. Using modules.dep, systemd will load edac_mce_amd for every request of amd64_edac_mod. When the edac_mce_amd module loads, the module has state MODULE_STATE_UNFORMED and once the module load fails and the state becomes MODULE_STATE_GOING. Another request for edac_mce_amd module executes and add_unformed_module() will erroneously return -EEXIST even though the previous instance of edac_mce_amd has MODULE_STATE_GOING. Upon receiving -EEXIST, systemd attempts to load amd64_edac_mod, which fails because of unknown symbols from edac_mce_amd. add_unformed_module() must wait to return for any case other than MODULE_STATE_LIVE to prevent a race between multiple loads of dependent modules. Signed-off-by: Prarit Bhargava <prarit@redhat.com> Signed-off-by: Barret Rhoden <brho@google.com> Cc: David Arcari <darcari@redhat.com> Cc: Jessica Yu <jeyu@kernel.org> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Jessica Yu <jeyu@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
c710c4fc4e |
Merge 4.19.48 into android-4.19-q
Changes in 4.19.48 bonding/802.3ad: fix slave link initialization transition states cxgb4: offload VLAN flows regardless of VLAN ethtype inet: switch IP ID generator to siphash ipv4/igmp: fix another memory leak in igmpv3_del_delrec() ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST ipv6: Consider sk_bound_dev_if when binding a raw socket to an address ipv6: Fix redirect with VRF llc: fix skb leak in llc_build_and_send_ui_pkt() net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT net: fec: fix the clk mismatch in failed_reset path net-gro: fix use-after-free read in napi_gro_frags() net: mvneta: Fix err code path of probe net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value net: phy: marvell10g: report if the PHY fails to boot firmware net: sched: don't use tc_action->order during action dump net: stmmac: fix reset gpio free missing usbnet: fix kernel crash after disconnect net/mlx5: Avoid double free in fs init error unwinding path tipc: Avoid copying bytes beyond the supplied data net/mlx5: Allocate root ns memory using kzalloc to match kfree net/mlx5e: Disable rxhash when CQE compress is enabled net: stmmac: dma channel control register need to be init first bnxt_en: Fix aggregation buffer leak under OOM condition. net/tls: fix state removal with feature flags off net/tls: don't ignore netdev notifications if no TLS features crypto: vmx - ghash: do nosimd fallback manually include/linux/compiler*.h: define asm_volatile_goto compiler.h: give up __compiletime_assert_fallback() jump_label: move 'asm goto' support test to Kconfig xen/pciback: Don't disable PCI_COMMAND on PCI device reset. Revert "tipc: fix modprobe tipc failed after switch order of device registration" tipc: fix modprobe tipc failed after switch order of device registration Linux 4.19.48 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
01f5de3fbc |
Merge 4.19.48 into android-4.19
Changes in 4.19.48 bonding/802.3ad: fix slave link initialization transition states cxgb4: offload VLAN flows regardless of VLAN ethtype inet: switch IP ID generator to siphash ipv4/igmp: fix another memory leak in igmpv3_del_delrec() ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST ipv6: Consider sk_bound_dev_if when binding a raw socket to an address ipv6: Fix redirect with VRF llc: fix skb leak in llc_build_and_send_ui_pkt() net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT net: fec: fix the clk mismatch in failed_reset path net-gro: fix use-after-free read in napi_gro_frags() net: mvneta: Fix err code path of probe net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value net: phy: marvell10g: report if the PHY fails to boot firmware net: sched: don't use tc_action->order during action dump net: stmmac: fix reset gpio free missing usbnet: fix kernel crash after disconnect net/mlx5: Avoid double free in fs init error unwinding path tipc: Avoid copying bytes beyond the supplied data net/mlx5: Allocate root ns memory using kzalloc to match kfree net/mlx5e: Disable rxhash when CQE compress is enabled net: stmmac: dma channel control register need to be init first bnxt_en: Fix aggregation buffer leak under OOM condition. net/tls: fix state removal with feature flags off net/tls: don't ignore netdev notifications if no TLS features crypto: vmx - ghash: do nosimd fallback manually include/linux/compiler*.h: define asm_volatile_goto compiler.h: give up __compiletime_assert_fallback() jump_label: move 'asm goto' support test to Kconfig xen/pciback: Don't disable PCI_COMMAND on PCI device reset. Revert "tipc: fix modprobe tipc failed after switch order of device registration" tipc: fix modprobe tipc failed after switch order of device registration Linux 4.19.48 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Masahiro Yamada
|
0276ebf166 |
jump_label: move 'asm goto' support test to Kconfig
commit e9666d10a5677a494260d60d1fa0b73cc7646eb3 upstream. Currently, CONFIG_JUMP_LABEL just means "I _want_ to use jump label". The jump label is controlled by HAVE_JUMP_LABEL, which is defined like this: #if defined(CC_HAVE_ASM_GOTO) && defined(CONFIG_JUMP_LABEL) # define HAVE_JUMP_LABEL #endif We can improve this by testing 'asm goto' support in Kconfig, then make JUMP_LABEL depend on CC_HAS_ASM_GOTO. Ugly #ifdef HAVE_JUMP_LABEL will go away, and CONFIG_JUMP_LABEL will match to the real kernel capability. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc) Tested-by: Sedat Dilek <sedat.dilek@gmail.com> [nc: Fix trivial conflicts in 4.19 arch/xtensa/kernel/jump_label.c doesn't exist yet Ensured CC_HAVE_ASM_GOTO and HAVE_JUMP_LABEL were sufficiently eliminated] Signed-off-by: Nathan Chancellor <natechancellor@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
f4aedf06d3 |
Merge 4.19.47 into android-4.19-q
Changes in 4.19.47 x86: Hide the int3_emulate_call/jmp functions from UML ext4: do not delete unlinked inode from orphan list on failed truncate ext4: wait for outstanding dio during truncate in nojournal mode f2fs: Fix use of number of devices KVM: x86: fix return value for reserved EFER bio: fix improper use of smp_mb__before_atomic() sbitmap: fix improper use of smp_mb__before_atomic() Revert "scsi: sd: Keep disk read-only when re-reading partition" crypto: vmx - CTR: always increment IV as quadword mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem kvm: svm/avic: fix off-by-one in checking host APIC ID libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead arm64/kernel: kaslr: reduce module randomization range to 2 GB arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable gfs2: Fix sign extension bug in gfs2_update_stats btrfs: don't double unlock on error in btrfs_punch_hole Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path Btrfs: avoid fallback to transaction commit during fsync of files with holes Btrfs: fix race between ranged fsync and writeback of adjacent ranges btrfs: sysfs: Fix error path kobject memory leak btrfs: sysfs: don't leak memory when failing add fsid udlfb: fix some inconsistent NULL checking fbdev: fix divide error in fb_var_to_videomode NFSv4.2 fix unnecessary retry in nfs4_copy_file_range NFSv4.1 fix incorrect return value in copy_file_range bpf: add bpf_jit_limit knob to restrict unpriv allocations brcmfmac: assure SSID length from firmware is limited brcmfmac: add subtype check for event handling in data path arm64: errata: Add workaround for Cortex-A76 erratum #1463225 btrfs: honor path->skip_locking in backref code ovl: relax WARN_ON() for overlapping layers use case fbdev: fix WARNING in __alloc_pages_nodemask bug media: cpia2: Fix use-after-free in cpia2_exit media: serial_ir: Fix use-after-free in serial_ir_init_module media: vb2: add waiting_in_dqbuf flag media: vivid: use vfree() instead of kfree() for dev->bitmap_cap ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit bpf: devmap: fix use-after-free Read in __dev_map_entry_free batman-adv: mcast: fix multicast tt/tvlv worker locking at76c50x-usb: Don't register led_trigger if usb_register_driver failed acct_on(): don't mess with freeze protection Revert "btrfs: Honour FITRIM range constraints during free space trim" gfs2: Fix lru_count going negative cxgb4: Fix error path in cxgb4_init_module NFS: make nfs_match_client killable IB/hfi1: Fix WQ_MEM_RECLAIM warning gfs2: Fix occasional glock use-after-free mmc: core: Verify SD bus width tools/bpf: fix perf build error with uClibc (seen on ARC) selftests/bpf: set RLIMIT_MEMLOCK properly for test_libbpf_open.c bpftool: exclude bash-completion/bpftool from .gitignore pattern dmaengine: tegra210-dma: free dma controller in remove() net: ena: gcc 8: fix compilation warning hv_netvsc: fix race that may miss tx queue wakeup Bluetooth: Ignore CC events not matching the last HCI command pinctrl: zte: fix leaked of_node references ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE usb: dwc2: gadget: Increase descriptors count for ISOC's usb: dwc3: move synchronize_irq() out of the spinlock protected block ASoC: hdmi-codec: unlock the device on startup errors powerpc/perf: Return accordingly on invalid chip-id in powerpc/boot: Fix missing check of lseek() return value powerpc/perf: Fix loop exit condition in nest_imc_event_init ASoC: imx: fix fiq dependencies spi: pxa2xx: fix SCR (divisor) calculation brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() drm/nouveau/bar/nv50: ensure BAR is mapped media: stm32-dcmi: return appropriate error codes during probe ARM: vdso: Remove dependency with the arch_timer driver internals arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable powerpc/watchdog: Use hrtimers for per-CPU heartbeat sched/cpufreq: Fix kobject memleak scsi: qla2xxx: Fix a qla24xx_enable_msix() error path scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() scsi: qla2xxx: Fix hardirq-unsafe locking x86/modules: Avoid breaking W^X while loading modules Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve btrfs: fix panic during relocation after ENOSPC before writeback happens btrfs: Don't panic when we can't find a root key iwlwifi: pcie: don't crash on invalid RX interrupt rtc: 88pm860x: prevent use-after-free on device remove rtc: stm32: manage the get_irq probe defer case scsi: qedi: Abort ep termination if offload not scheduled s390/kexec_file: Fix detection of text segment in ELF loader sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs w1: fix the resume command API s390: qeth: address type mismatch warning dmaengine: pl330: _stop: clear interrupt status mac80211/cfg80211: update bss channel on channel switch libbpf: fix samples/bpf build failure due to undefined UINT32_MAX slimbus: fix a potential NULL pointer dereference in of_qcom_slim_ngd_register ASoC: fsl_sai: Update is_slave_mode with correct value mwifiex: prevent an array overflow rsi: Fix NULL pointer dereference in kmalloc net: cw1200: fix a NULL pointer dereference nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE nvme-rdma: fix a NULL deref when an admin connect times out crypto: sun4i-ss - Fix invalid calculation of hash end bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set bcache: return error immediately in bch_journal_replay() bcache: fix failure in journal relplay bcache: add failure check to run_cache_set() for journal replay bcache: avoid clang -Wunintialized warning RDMA/cma: Consider scope_id while binding to ipv6 ll address vfio-ccw: Do not call flush_workqueue while holding the spinlock vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev x86/build: Move _etext to actual end of .text smpboot: Place the __percpu annotation correctly x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions Bluetooth: hci_qca: Give enough time to ROME controller to bootup. HID: logitech-hidpp: use RAP instead of FAP to get the protocol version pinctrl: pistachio: fix leaked of_node references pinctrl: samsung: fix leaked of_node references clk: rockchip: undo several noc and special clocks as critical on rk3288 perf/arm-cci: Remove broken race mitigation dmaengine: at_xdmac: remove BUG_ON macro in tasklet media: coda: clear error return value before picture run media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper media: au0828: stop video streaming only when last user stops media: ov2659: make S_FMT succeed even if requested format doesn't match audit: fix a memory leak bug media: stm32-dcmi: fix crash when subdev do not expose any formats media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() media: pvrusb2: Prevent a buffer overflow iio: adc: stm32-dfsdm: fix unmet direct dependencies detected block: fix use-after-free on gendisk powerpc/numa: improve control of topology updates powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX random: fix CRNG initialization when random.trust_cpu=1 random: add a spinlock_t to struct batched_entropy cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock sched/core: Check quota and period overflow at usec to nsec conversion sched/rt: Check integer overflow at usec to nsec conversion sched/core: Handle overflow in cpu_shares_write_u64 staging: vc04_services: handle kzalloc failure drm/msm: a5xx: fix possible object reference leak irq_work: Do not raise an IPI when queueing work on the local CPU thunderbolt: Take domain lock in switch sysfs attribute callbacks s390/qeth: handle error from qeth_update_from_chp_desc() USB: core: Don't unbind interfaces following device reset failure x86/irq/64: Limit IST stack overflow check to #DB stack drm: etnaviv: avoid DMA API warning when importing buffers phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode phy: mapphone-mdm6600: add gpiolib dependency i40e: Able to add up to 16 MAC filters on an untrusted VF i40e: don't allow changes to HW VLAN stripping on active port VLANs ACPI/IORT: Reject platform device creation on NUMA node mapping failure arm64: vdso: Fix clock_getres() for CLOCK_REALTIME RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure perf/x86/msr: Add Icelake support perf/x86/intel/rapl: Add Icelake support perf/x86/intel/cstate: Add Icelake support hwmon: (vt1211) Use request_muxed_region for Super-IO accesses hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses hwmon: (pc87427) Use request_muxed_region for Super-IO accesses hwmon: (f71805f) Use request_muxed_region for Super-IO accesses scsi: libsas: Do discovery on empty PHY to update PHY info mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers mmc_spi: add a status check for spi_sync_locked mmc: sdhci-of-esdhc: add erratum eSDHC5 support mmc: sdhci-of-esdhc: add erratum A-009204 support mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support drm/amdgpu: fix old fence check in amdgpu_fence_emit PM / core: Propagate dev->power.wakeup_path when no callbacks clk: rockchip: Fix video codec clocks on rk3288 extcon: arizona: Disable mic detect if running when driver is removed clk: rockchip: Make rkpwm a critical clock on rk3288 s390: zcrypt: initialize variables before_use x86/microcode: Fix the ancient deprecated microcode loading method s390/mm: silence compiler warning when compiling without CONFIG_PGSTE s390: cio: fix cio_irb declaration selftests: cgroup: fix cleanup path in test_memcg_subtree_control() qmi_wwan: Add quirk for Quectel dynamic config cpufreq: ppc_cbe: fix possible object reference leak cpufreq/pasemi: fix possible object reference leak cpufreq: pmac32: fix possible object reference leak cpufreq: kirkwood: fix possible object reference leak block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR x86/build: Keep local relocations with ld.lld drm/pl111: fix possible object reference leak iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion iio: hmc5843: fix potential NULL pointer dereferences iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data iio: adc: ti-ads7950: Fix improper use of mlock selftests/bpf: ksym_search won't check symbols exists rtlwifi: fix a potential NULL pointer dereference mwifiex: Fix mem leak in mwifiex_tm_cmd brcmfmac: fix missing checks for kmemdup b43: shut up clang -Wuninitialized variable warning brcmfmac: convert dev_init_lock mutex to completion brcmfmac: fix WARNING during USB disconnect in case of unempty psq brcmfmac: fix race during disconnect when USB completion is in progress brcmfmac: fix Oops when bringing up interface during USB disconnect rtc: xgene: fix possible race condition rtlwifi: fix potential NULL pointer dereference scsi: ufs: Fix regulator load and icc-level configuration scsi: ufs: Avoid configuring regulator with undefined voltage range drm/panel: otm8009a: Add delay at the end of initialization arm64: cpu_ops: fix a leaked reference by adding missing of_node_put wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP x86/uaccess, signal: Fix AC=1 bloat x86/ia32: Fix ia32_restore_sigcontext() AC leak x86/uaccess: Fix up the fixup chardev: add additional check for minor range overlap RDMA/hns: Fix bad endianess of port_pd variable sh: sh7786: Add explicit I/O cast to sh7786_mm_sel() HID: core: move Usage Page concatenation to Main item ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put cxgb3/l2t: Fix undefined behaviour HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent spi: tegra114: reset controller on probe kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice. media: video-mux: fix null pointer dereferences media: wl128x: prevent two potential buffer overflows media: gspca: Kill URBs on USB device disconnect efifb: Omit memory map check on legacy boot thunderbolt: property: Fix a missing check of kzalloc thunderbolt: Fix to check the return value of kmemdup timekeeping: Force upper bound for setting CLOCK_REALTIME scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check virtio_console: initialize vtermno value for ports tty: ipwireless: fix missing checks for ioremap overflow: Fix -Wtype-limits compilation warnings x86/mce: Fix machine_check_poll() tests for error types rcutorture: Fix cleanup path for invalid torture_type strings x86/mce: Handle varying MCA bank counts rcuperf: Fix cleanup path for invalid perf_type strings usb: core: Add PM runtime calls to usb_hcd_platform_shutdown scsi: qla4xxx: avoid freeing unallocated dma memory scsi: lpfc: avoid uninitialized variable warning selinux: avoid uninitialized variable warning batman-adv: allow updating DAT entry timeouts on incoming ARP Replies dmaengine: tegra210-adma: use devm_clk_*() helpers hwrng: omap - Set default quality thunderbolt: Fix to check return value of ida_simple_get thunderbolt: Fix to check for kmemdup failure drm/amd/display: fix releasing planes when exiting odm thunderbolt: property: Fix a NULL pointer dereference e1000e: Disable runtime PM on CNP+ tinydrm/mipi-dbi: Use dma-safe buffers for all SPI transfers igb: Exclude device from suspend direct complete optimization media: si2165: fix a missing check of return value media: dvbsky: Avoid leaking dvb frontend media: m88ds3103: serialize reset messages in m88ds3103_set_frontend media: staging: davinci_vpfe: disallow building with COMPILE_TEST drm/amd/display: Fix Divide by 0 in memory calculations drm/amd/display: Set stream->mode_changed when connectors change scsi: ufs: fix a missing check of devm_reset_control_get media: vimc: stream: fix thread state before sleep media: gspca: do not resubmit URBs when streaming has stopped media: go7007: avoid clang frame overflow warning with KASAN media: vimc: zero the media_device on probe scsi: lpfc: Fix FDMI manufacturer attribute value scsi: lpfc: Fix fc4type information for FDMI media: saa7146: avoid high stack usage with clang scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices spi : spi-topcliff-pch: Fix to handle empty DMA buffers drm/omap: dsi: Fix PM for display blank with paired dss_pll calls spi: rspi: Fix sequencer reset during initialization spi: imx: stop buffer overflow in RX FIFO flush spi: Fix zero length xfer bug ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM drm/v3d: Handle errors from IRQ setup. drm/drv: Hold ref on parent device during drm_device lifetime drm: Wake up next in drm_read() chain if we are forced to putback the event drm/sun4i: dsi: Change the start delay calculation vfio-ccw: Prevent quiesce function going into an infinite loop drm/sun4i: dsi: Enforce boundaries on the start delay NFS: Fix a double unlock from nfs_match,get_client Linux 4.19.47 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
cab4399ebf |
Merge 4.19.47 into android-4.19
Changes in 4.19.47 x86: Hide the int3_emulate_call/jmp functions from UML ext4: do not delete unlinked inode from orphan list on failed truncate ext4: wait for outstanding dio during truncate in nojournal mode f2fs: Fix use of number of devices KVM: x86: fix return value for reserved EFER bio: fix improper use of smp_mb__before_atomic() sbitmap: fix improper use of smp_mb__before_atomic() Revert "scsi: sd: Keep disk read-only when re-reading partition" crypto: vmx - CTR: always increment IV as quadword mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem kvm: svm/avic: fix off-by-one in checking host APIC ID libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead arm64/kernel: kaslr: reduce module randomization range to 2 GB arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable gfs2: Fix sign extension bug in gfs2_update_stats btrfs: don't double unlock on error in btrfs_punch_hole Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path Btrfs: avoid fallback to transaction commit during fsync of files with holes Btrfs: fix race between ranged fsync and writeback of adjacent ranges btrfs: sysfs: Fix error path kobject memory leak btrfs: sysfs: don't leak memory when failing add fsid udlfb: fix some inconsistent NULL checking fbdev: fix divide error in fb_var_to_videomode NFSv4.2 fix unnecessary retry in nfs4_copy_file_range NFSv4.1 fix incorrect return value in copy_file_range bpf: add bpf_jit_limit knob to restrict unpriv allocations brcmfmac: assure SSID length from firmware is limited brcmfmac: add subtype check for event handling in data path arm64: errata: Add workaround for Cortex-A76 erratum #1463225 btrfs: honor path->skip_locking in backref code ovl: relax WARN_ON() for overlapping layers use case fbdev: fix WARNING in __alloc_pages_nodemask bug media: cpia2: Fix use-after-free in cpia2_exit media: serial_ir: Fix use-after-free in serial_ir_init_module media: vb2: add waiting_in_dqbuf flag media: vivid: use vfree() instead of kfree() for dev->bitmap_cap ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit bpf: devmap: fix use-after-free Read in __dev_map_entry_free batman-adv: mcast: fix multicast tt/tvlv worker locking at76c50x-usb: Don't register led_trigger if usb_register_driver failed acct_on(): don't mess with freeze protection Revert "btrfs: Honour FITRIM range constraints during free space trim" gfs2: Fix lru_count going negative cxgb4: Fix error path in cxgb4_init_module NFS: make nfs_match_client killable IB/hfi1: Fix WQ_MEM_RECLAIM warning gfs2: Fix occasional glock use-after-free mmc: core: Verify SD bus width tools/bpf: fix perf build error with uClibc (seen on ARC) selftests/bpf: set RLIMIT_MEMLOCK properly for test_libbpf_open.c bpftool: exclude bash-completion/bpftool from .gitignore pattern dmaengine: tegra210-dma: free dma controller in remove() net: ena: gcc 8: fix compilation warning hv_netvsc: fix race that may miss tx queue wakeup Bluetooth: Ignore CC events not matching the last HCI command pinctrl: zte: fix leaked of_node references ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE usb: dwc2: gadget: Increase descriptors count for ISOC's usb: dwc3: move synchronize_irq() out of the spinlock protected block ASoC: hdmi-codec: unlock the device on startup errors powerpc/perf: Return accordingly on invalid chip-id in powerpc/boot: Fix missing check of lseek() return value powerpc/perf: Fix loop exit condition in nest_imc_event_init ASoC: imx: fix fiq dependencies spi: pxa2xx: fix SCR (divisor) calculation brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() drm/nouveau/bar/nv50: ensure BAR is mapped media: stm32-dcmi: return appropriate error codes during probe ARM: vdso: Remove dependency with the arch_timer driver internals arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable powerpc/watchdog: Use hrtimers for per-CPU heartbeat sched/cpufreq: Fix kobject memleak scsi: qla2xxx: Fix a qla24xx_enable_msix() error path scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() scsi: qla2xxx: Fix hardirq-unsafe locking x86/modules: Avoid breaking W^X while loading modules Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve btrfs: fix panic during relocation after ENOSPC before writeback happens btrfs: Don't panic when we can't find a root key iwlwifi: pcie: don't crash on invalid RX interrupt rtc: 88pm860x: prevent use-after-free on device remove rtc: stm32: manage the get_irq probe defer case scsi: qedi: Abort ep termination if offload not scheduled s390/kexec_file: Fix detection of text segment in ELF loader sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs w1: fix the resume command API s390: qeth: address type mismatch warning dmaengine: pl330: _stop: clear interrupt status mac80211/cfg80211: update bss channel on channel switch libbpf: fix samples/bpf build failure due to undefined UINT32_MAX slimbus: fix a potential NULL pointer dereference in of_qcom_slim_ngd_register ASoC: fsl_sai: Update is_slave_mode with correct value mwifiex: prevent an array overflow rsi: Fix NULL pointer dereference in kmalloc net: cw1200: fix a NULL pointer dereference nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE nvme-rdma: fix a NULL deref when an admin connect times out crypto: sun4i-ss - Fix invalid calculation of hash end bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set bcache: return error immediately in bch_journal_replay() bcache: fix failure in journal relplay bcache: add failure check to run_cache_set() for journal replay bcache: avoid clang -Wunintialized warning RDMA/cma: Consider scope_id while binding to ipv6 ll address vfio-ccw: Do not call flush_workqueue while holding the spinlock vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev x86/build: Move _etext to actual end of .text smpboot: Place the __percpu annotation correctly x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions Bluetooth: hci_qca: Give enough time to ROME controller to bootup. HID: logitech-hidpp: use RAP instead of FAP to get the protocol version pinctrl: pistachio: fix leaked of_node references pinctrl: samsung: fix leaked of_node references clk: rockchip: undo several noc and special clocks as critical on rk3288 perf/arm-cci: Remove broken race mitigation dmaengine: at_xdmac: remove BUG_ON macro in tasklet media: coda: clear error return value before picture run media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper media: au0828: stop video streaming only when last user stops media: ov2659: make S_FMT succeed even if requested format doesn't match audit: fix a memory leak bug media: stm32-dcmi: fix crash when subdev do not expose any formats media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() media: pvrusb2: Prevent a buffer overflow iio: adc: stm32-dfsdm: fix unmet direct dependencies detected block: fix use-after-free on gendisk powerpc/numa: improve control of topology updates powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX random: fix CRNG initialization when random.trust_cpu=1 random: add a spinlock_t to struct batched_entropy cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock sched/core: Check quota and period overflow at usec to nsec conversion sched/rt: Check integer overflow at usec to nsec conversion sched/core: Handle overflow in cpu_shares_write_u64 staging: vc04_services: handle kzalloc failure drm/msm: a5xx: fix possible object reference leak irq_work: Do not raise an IPI when queueing work on the local CPU thunderbolt: Take domain lock in switch sysfs attribute callbacks s390/qeth: handle error from qeth_update_from_chp_desc() USB: core: Don't unbind interfaces following device reset failure x86/irq/64: Limit IST stack overflow check to #DB stack drm: etnaviv: avoid DMA API warning when importing buffers phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode phy: mapphone-mdm6600: add gpiolib dependency i40e: Able to add up to 16 MAC filters on an untrusted VF i40e: don't allow changes to HW VLAN stripping on active port VLANs ACPI/IORT: Reject platform device creation on NUMA node mapping failure arm64: vdso: Fix clock_getres() for CLOCK_REALTIME RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure perf/x86/msr: Add Icelake support perf/x86/intel/rapl: Add Icelake support perf/x86/intel/cstate: Add Icelake support hwmon: (vt1211) Use request_muxed_region for Super-IO accesses hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses hwmon: (pc87427) Use request_muxed_region for Super-IO accesses hwmon: (f71805f) Use request_muxed_region for Super-IO accesses scsi: libsas: Do discovery on empty PHY to update PHY info mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers mmc_spi: add a status check for spi_sync_locked mmc: sdhci-of-esdhc: add erratum eSDHC5 support mmc: sdhci-of-esdhc: add erratum A-009204 support mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support drm/amdgpu: fix old fence check in amdgpu_fence_emit PM / core: Propagate dev->power.wakeup_path when no callbacks clk: rockchip: Fix video codec clocks on rk3288 extcon: arizona: Disable mic detect if running when driver is removed clk: rockchip: Make rkpwm a critical clock on rk3288 s390: zcrypt: initialize variables before_use x86/microcode: Fix the ancient deprecated microcode loading method s390/mm: silence compiler warning when compiling without CONFIG_PGSTE s390: cio: fix cio_irb declaration selftests: cgroup: fix cleanup path in test_memcg_subtree_control() qmi_wwan: Add quirk for Quectel dynamic config cpufreq: ppc_cbe: fix possible object reference leak cpufreq/pasemi: fix possible object reference leak cpufreq: pmac32: fix possible object reference leak cpufreq: kirkwood: fix possible object reference leak block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR x86/build: Keep local relocations with ld.lld drm/pl111: fix possible object reference leak iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion iio: hmc5843: fix potential NULL pointer dereferences iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data iio: adc: ti-ads7950: Fix improper use of mlock selftests/bpf: ksym_search won't check symbols exists rtlwifi: fix a potential NULL pointer dereference mwifiex: Fix mem leak in mwifiex_tm_cmd brcmfmac: fix missing checks for kmemdup b43: shut up clang -Wuninitialized variable warning brcmfmac: convert dev_init_lock mutex to completion brcmfmac: fix WARNING during USB disconnect in case of unempty psq brcmfmac: fix race during disconnect when USB completion is in progress brcmfmac: fix Oops when bringing up interface during USB disconnect rtc: xgene: fix possible race condition rtlwifi: fix potential NULL pointer dereference scsi: ufs: Fix regulator load and icc-level configuration scsi: ufs: Avoid configuring regulator with undefined voltage range drm/panel: otm8009a: Add delay at the end of initialization arm64: cpu_ops: fix a leaked reference by adding missing of_node_put wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP x86/uaccess, signal: Fix AC=1 bloat x86/ia32: Fix ia32_restore_sigcontext() AC leak x86/uaccess: Fix up the fixup chardev: add additional check for minor range overlap RDMA/hns: Fix bad endianess of port_pd variable sh: sh7786: Add explicit I/O cast to sh7786_mm_sel() HID: core: move Usage Page concatenation to Main item ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put cxgb3/l2t: Fix undefined behaviour HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent spi: tegra114: reset controller on probe kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice. media: video-mux: fix null pointer dereferences media: wl128x: prevent two potential buffer overflows media: gspca: Kill URBs on USB device disconnect efifb: Omit memory map check on legacy boot thunderbolt: property: Fix a missing check of kzalloc thunderbolt: Fix to check the return value of kmemdup timekeeping: Force upper bound for setting CLOCK_REALTIME scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check virtio_console: initialize vtermno value for ports tty: ipwireless: fix missing checks for ioremap overflow: Fix -Wtype-limits compilation warnings x86/mce: Fix machine_check_poll() tests for error types rcutorture: Fix cleanup path for invalid torture_type strings x86/mce: Handle varying MCA bank counts rcuperf: Fix cleanup path for invalid perf_type strings usb: core: Add PM runtime calls to usb_hcd_platform_shutdown scsi: qla4xxx: avoid freeing unallocated dma memory scsi: lpfc: avoid uninitialized variable warning selinux: avoid uninitialized variable warning batman-adv: allow updating DAT entry timeouts on incoming ARP Replies dmaengine: tegra210-adma: use devm_clk_*() helpers hwrng: omap - Set default quality thunderbolt: Fix to check return value of ida_simple_get thunderbolt: Fix to check for kmemdup failure drm/amd/display: fix releasing planes when exiting odm thunderbolt: property: Fix a NULL pointer dereference e1000e: Disable runtime PM on CNP+ tinydrm/mipi-dbi: Use dma-safe buffers for all SPI transfers igb: Exclude device from suspend direct complete optimization media: si2165: fix a missing check of return value media: dvbsky: Avoid leaking dvb frontend media: m88ds3103: serialize reset messages in m88ds3103_set_frontend media: staging: davinci_vpfe: disallow building with COMPILE_TEST drm/amd/display: Fix Divide by 0 in memory calculations drm/amd/display: Set stream->mode_changed when connectors change scsi: ufs: fix a missing check of devm_reset_control_get media: vimc: stream: fix thread state before sleep media: gspca: do not resubmit URBs when streaming has stopped media: go7007: avoid clang frame overflow warning with KASAN media: vimc: zero the media_device on probe scsi: lpfc: Fix FDMI manufacturer attribute value scsi: lpfc: Fix fc4type information for FDMI media: saa7146: avoid high stack usage with clang scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices spi : spi-topcliff-pch: Fix to handle empty DMA buffers drm/omap: dsi: Fix PM for display blank with paired dss_pll calls spi: rspi: Fix sequencer reset during initialization spi: imx: stop buffer overflow in RX FIFO flush spi: Fix zero length xfer bug ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM drm/v3d: Handle errors from IRQ setup. drm/drv: Hold ref on parent device during drm_device lifetime drm: Wake up next in drm_read() chain if we are forced to putback the event drm/sun4i: dsi: Change the start delay calculation vfio-ccw: Prevent quiesce function going into an infinite loop drm/sun4i: dsi: Enforce boundaries on the start delay NFS: Fix a double unlock from nfs_match,get_client Linux 4.19.47 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Nadav Amit
|
8715ce033e |
x86/modules: Avoid breaking W^X while loading modules
[ Upstream commit f2c65fb3221adc6b73b0549fc7ba892022db9797 ] When modules and BPF filters are loaded, there is a time window in which some memory is both writable and executable. An attacker that has already found another vulnerability (e.g., a dangling pointer) might be able to exploit this behavior to overwrite kernel code. Prevent having writable executable PTEs in this stage. In addition, avoiding having W+X mappings can also slightly simplify the patching of modules code on initialization (e.g., by alternatives and static-key), as would be done in the next patch. This was actually the main motivation for this patch. To avoid having W+X mappings, set them initially as RW (NX) and after they are set as RO set them as X as well. Setting them as executable is done as a separate step to avoid one core in which the old PTE is cached (hence writable), and another which sees the updated PTE (executable), which would break the W^X protection. Suggested-by: Thomas Gleixner <tglx@linutronix.de> Suggested-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Nadav Amit <namit@vmware.com> Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: <akpm@linux-foundation.org> Cc: <ard.biesheuvel@linaro.org> Cc: <deneen.t.dock@intel.com> Cc: <kernel-hardening@lists.openwall.com> Cc: <kristen@linux.intel.com> Cc: <linux_dti@icloud.com> Cc: <will.deacon@arm.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Dave Hansen <dave.hansen@intel.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jessica Yu <jeyu@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Rik van Riel <riel@surriel.com> Link: https://lkml.kernel.org/r/20190426001143.4983-12-namit@vmware.com Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Sami Tolvanen
|
895fc0a0b1 |
ANDROID: add support for clang Control Flow Integrity (CFI)
This change adds the CONFIG_CFI_CLANG option, CFI error handling, and a faster look-up table for cross module CFI checks. Bug: 67506682 Change-Id: Ic009f0a629b552a0eb16e6d89808c7029e91447d Signed-off-by: Sami Tolvanen <samitolvanen@google.com> |
||
|
Sami Tolvanen
|
4976b0dad5 |
ANDROID: add support for clang Control Flow Integrity (CFI)
This change adds the CONFIG_CFI_CLANG option, CFI error handling, and a faster look-up table for cross module CFI checks. Bug: 67506682 Bug: 133186739 Change-Id: Ic009f0a629b552a0eb16e6d89808c7029e91447d Signed-off-by: Sami Tolvanen <samitolvanen@google.com> |
||
|
Peter Rajnoha
|
f7debeebcd |
kobject: return error code if writing /sys/.../uevent fails
[ Upstream commit df44b479654f62b478c18ee4d8bc4e9f897a9844 ] Propagate error code back to userspace if writing the /sys/.../uevent file fails. Before, the write operation always returned with success, even if we failed to recognize the input string or if we failed to generate the uevent itself. With the error codes properly propagated back to userspace, we are able to react in userspace accordingly by not assuming and awaiting a uevent that is not delivered. Signed-off-by: Peter Rajnoha <prajnoha@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Ard Biesheuvel
|
7290d58095 |
module: use relative references for __ksymtab entries
An ordinary arm64 defconfig build has ~64 KB worth of __ksymtab entries, each consisting of two 64-bit fields containing absolute references, to the symbol itself and to a char array containing its name, respectively. When we build the same configuration with KASLR enabled, we end up with an additional ~192 KB of relocations in the .init section, i.e., one 24 byte entry for each absolute reference, which all need to be processed at boot time. Given how the struct kernel_symbol that describes each entry is completely local to module.c (except for the references emitted by EXPORT_SYMBOL() itself), we can easily modify it to contain two 32-bit relative references instead. This reduces the size of the __ksymtab section by 50% for all 64-bit architectures, and gets rid of the runtime relocations entirely for architectures implementing KASLR, either via standard PIE linking (arm64) or using custom host tools (x86). Note that the binary search involving __ksymtab contents relies on each section being sorted by symbol name. This is implemented based on the input section names, not the names in the ksymtab entries, so this patch does not interfere with that. Given that the use of place-relative relocations requires support both in the toolchain and in the module loader, we cannot enable this feature for all architectures. So make it dependent on whether CONFIG_HAVE_ARCH_PREL32_RELOCATIONS is defined. Link: http://lkml.kernel.org/r/20180704083651.24360-4-ard.biesheuvel@linaro.org Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Jessica Yu <jeyu@kernel.org> Acked-by: Michael Ellerman <mpe@ellerman.id.au> Reviewed-by: Will Deacon <will.deacon@arm.com> Acked-by: Ingo Molnar <mingo@kernel.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Bjorn Helgaas <bhelgaas@google.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: James Morris <james.morris@microsoft.com> Cc: James Morris <jmorris@namei.org> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Kees Cook <keescook@chromium.org> Cc: Nicolas Pitre <nico@linaro.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Petr Mladek <pmladek@suse.com> Cc: Russell King <linux@armlinux.org.uk> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Thomas Garnier <thgarnie@google.com> Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Linus Torvalds
|
d190775206 |
Merge tag 'modules-for-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux
Pull modules updates from Jessica Yu:
"Summary of modules changes for the 4.19 merge window:
- Fix modules kallsyms for livepatch. Livepatch modules can have
SHN_UNDEF symbols in their module symbol tables for later symbol
resolution, but kallsyms shouldn't be returning these symbols
- Some code cleanups and minor reshuffling in load_module() were done
to log the module name when module signature verification fails"
* tag 'modules-for-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux:
kernel/module: Use kmemdup to replace kmalloc+memcpy
ARM: module: fix modsign build error
modsign: log module name in the event of an error
module: replace VMLINUX_SYMBOL_STR() with __stringify() or string literal
module: print sensible error code
module: setup load info before module_sig_check()
module: make it clear when we're handling the module copy in info->hdr
module: exclude SHN_UNDEF symbols from kallsyms api
|
||
|
zhong jiang
|
9be936f4b3 |
kernel/module: Use kmemdup to replace kmalloc+memcpy
we prefer to the kmemdup rather than kmalloc+memcpy. so just replace them. Signed-off-by: zhong jiang <zhongjiang@huawei.com> Signed-off-by: Jessica Yu <jeyu@kernel.org> |
||
|
Mimi Zohar
|
c77b8cdf74 |
module: replace the existing LSM hook in init_module
Both the init_module and finit_module syscalls call either directly or indirectly the security_kernel_read_file LSM hook. This patch replaces the direct call in init_module with a call to the new security_kernel_load_data hook and makes the corresponding changes in SELinux, LoadPin, and IMA. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Jeff Vander Stoep <jeffv@google.com> Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: Kees Cook <keescook@chromium.org> Acked-by: Jessica Yu <jeyu@kernel.org> Acked-by: Paul Moore <paul@paul-moore.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com> |
||
|
Jessica Yu
|
f314dfea16 |
modsign: log module name in the event of an error
Now that we have the load_info struct all initialized (including info->name, which contains the name of the module) before module_sig_check(), make the load_info struct and hence module name available to mod_verify_sig() so that we can log the module name in the event of an error. Signed-off-by: Jessica Yu <jeyu@kernel.org> |
||
|
Masahiro Yamada
|
996302c5e8 |
module: replace VMLINUX_SYMBOL_STR() with __stringify() or string literal
With the special case handling for Blackfin and Metag was removed by
commit
|
||
|
Jason A. Donenfeld
|
62267e0ecc |
module: print sensible error code
Printing "err 0" to the user in the warning message is not particularly useful, especially when this gets transformed into a -ENOENT for the remainder of the call chain. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Jessica Yu <jeyu@kernel.org> |
||
|
Jessica Yu
|
5fdc7db644 |
module: setup load info before module_sig_check()
We want to be able to log the module name in early error messages, such as when module signature verification fails. Previously, the module name is set in layout_and_allocate(), meaning that any error messages that happen before (such as those in module_sig_check()) won't be logged with a module name, which isn't terribly helpful. In order to do this, reshuffle the order in load_module() and set up load info earlier so that we can log the module name along with these error messages. This requires splitting rewrite_section_headers() out of setup_load_info(). While we're at it, clean up and split up the operations done in layout_and_allocate(), setup_load_info(), and rewrite_section_headers() more cleanly so these functions only perform what their names suggest. Signed-off-by: Jessica Yu <jeyu@kernel.org> |
||
|
Jessica Yu
|
81a0abd9f2 |
module: make it clear when we're handling the module copy in info->hdr
In load_module(), it's not always clear whether we're handling the temporary module copy in info->hdr (which is freed at the end of load_module()) or if we're handling the module already allocated and copied to it's final place. Adding an info->mod field and using it whenever we're handling the temporary copy makes that explicitly clear. Signed-off-by: Jessica Yu <jeyu@kernel.org> |
||
|
Jessica Yu
|
9f2d1e68cf |
module: exclude SHN_UNDEF symbols from kallsyms api
Livepatch modules are special in that we preserve their entire symbol tables in order to be able to apply relocations after module load. The unwanted side effect of this is that undefined (SHN_UNDEF) symbols of livepatch modules are accessible via the kallsyms api and this can confuse symbol resolution in livepatch (klp_find_object_symbol()) and cause subtle bugs in livepatch. Have the module kallsyms api skip over SHN_UNDEF symbols. These symbols are usually not available for normal modules anyway as we cut down their symbol tables to just the core (non-undefined) symbols, so this should really just affect livepatch modules. Note that this patch doesn't affect the display of undefined symbols in /proc/kallsyms. Reported-by: Josh Poimboeuf <jpoimboe@redhat.com> Tested-by: Josh Poimboeuf <jpoimboe@redhat.com> Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Jessica Yu <jeyu@kernel.org> |
||
|
Linus Torvalds
|
de7f01c22a |
Merge tag 'modules-for-v4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux
Pull module updates from Jessica Yu: "Minor code cleanup and also allow sig_enforce param to be shown in sysfs with CONFIG_MODULE_SIG_FORCE" * tag 'modules-for-v4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux: module: Allow to always show the status of modsign module: Do not access sig_enforce directly |
||
|
Linus Torvalds
|
2857676045 |
Merge tag 'overflow-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull overflow updates from Kees Cook:
"This adds the new overflow checking helpers and adds them to the
2-factor argument allocators. And this adds the saturating size
helpers and does a treewide replacement for the struct_size() usage.
Additionally this adds the overflow testing modules to make sure
everything works.
I'm still working on the treewide replacements for allocators with
"simple" multiplied arguments:
*alloc(a * b, ...) -> *alloc_array(a, b, ...)
and
*zalloc(a * b, ...) -> *calloc(a, b, ...)
as well as the more complex cases, but that's separable from this
portion of the series. I expect to have the rest sent before -rc1
closes; there are a lot of messy cases to clean up.
Summary:
- Introduce arithmetic overflow test helper functions (Rasmus)
- Use overflow helpers in 2-factor allocators (Kees, Rasmus)
- Introduce overflow test module (Rasmus, Kees)
- Introduce saturating size helper functions (Matthew, Kees)
- Treewide use of struct_size() for allocators (Kees)"
* tag 'overflow-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
treewide: Use struct_size() for devm_kmalloc() and friends
treewide: Use struct_size() for vmalloc()-family
treewide: Use struct_size() for kmalloc()-family
device: Use overflow helpers for devm_kmalloc()
mm: Use overflow helpers in kvmalloc()
mm: Use overflow helpers in kmalloc_array*()
test_overflow: Add memory allocation overflow tests
overflow.h: Add allocation size calculation helpers
test_overflow: Report test failures
test_overflow: macrofy some more, do more tests for free
lib: add runtime test of check_*_overflow functions
compiler.h: enable builtin overflow checkers and add fallback code
|
||
|
Kees Cook
|
acafe7e302 |
treewide: Use struct_size() for kmalloc()-family
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:
struct foo {
int stuff;
void *entry[];
};
instance = kmalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);
Instead of leaving these open-coded and prone to type mistakes, we can
now use the new struct_size() helper:
instance = kmalloc(struct_size(instance, entry, count), GFP_KERNEL);
This patch makes the changes for kmalloc()-family (and kvmalloc()-family)
uses. It was done via automatic conversion with manual review for the
"CHECKME" non-standard cases noted below, using the following Coccinelle
script:
// pkey_cache = kmalloc(sizeof *pkey_cache + tprops->pkey_tbl_len *
// sizeof *pkey_cache->table, GFP_KERNEL);
@@
identifier alloc =~ "kmalloc|kzalloc|kvmalloc|kvzalloc";
expression GFP;
identifier VAR, ELEMENT;
expression COUNT;
@@
- alloc(sizeof(*VAR) + COUNT * sizeof(*VAR->ELEMENT), GFP)
+ alloc(struct_size(VAR, ELEMENT, COUNT), GFP)
// mr = kzalloc(sizeof(*mr) + m * sizeof(mr->map[0]), GFP_KERNEL);
@@
identifier alloc =~ "kmalloc|kzalloc|kvmalloc|kvzalloc";
expression GFP;
identifier VAR, ELEMENT;
expression COUNT;
@@
- alloc(sizeof(*VAR) + COUNT * sizeof(VAR->ELEMENT[0]), GFP)
+ alloc(struct_size(VAR, ELEMENT, COUNT), GFP)
// Same pattern, but can't trivially locate the trailing element name,
// or variable name.
@@
identifier alloc =~ "kmalloc|kzalloc|kvmalloc|kvzalloc";
expression GFP;
expression SOMETHING, COUNT, ELEMENT;
@@
- alloc(sizeof(SOMETHING) + COUNT * sizeof(ELEMENT), GFP)
+ alloc(CHECKME_struct_size(&SOMETHING, ELEMENT, COUNT), GFP)
Signed-off-by: Kees Cook <keescook@chromium.org>
|
||
|
Jeffrey Hugo
|
ae646f0b9c |
init: fix false positives in W+X checking
load_module() creates W+X mappings via __vmalloc_node_range() (from
layout_and_allocate()->move_module()->module_alloc()) by using
PAGE_KERNEL_EXEC. These mappings are later cleaned up via
"call_rcu_sched(&freeinit->rcu, do_free_init)" from do_init_module().
This is a problem because call_rcu_sched() queues work, which can be run
after debug_checkwx() is run, resulting in a race condition. If hit,
the race results in a nasty splat about insecure W+X mappings, which
results in a poor user experience as these are not the mappings that
debug_checkwx() is intended to catch.
This issue is observed on multiple arm64 platforms, and has been
artificially triggered on an x86 platform.
Address the race by flushing the queued work before running the
arch-defined mark_rodata_ro() which then calls debug_checkwx().
Link: http://lkml.kernel.org/r/1525103946-29526-1-git-send-email-jhugo@codeaurora.org
Fixes:
|
||
|
Thomas Richter
|
be71eda538 |
module: Fix display of wrong module .text address
Reading file /proc/modules shows the correct address:
[root@s35lp76 ~]# cat /proc/modules | egrep '^qeth_l2'
qeth_l2 94208 1 - Live 0x000003ff80401000
and reading file /sys/module/qeth_l2/sections/.text
[root@s35lp76 ~]# cat /sys/module/qeth_l2/sections/.text
0x0000000018ea8363
displays a random address.
This breaks the perf tool which uses this address on s390
to calculate start of .text section in memory.
Fix this by printing the correct (unhashed) address.
Thanks to Jessica Yu for helping on this.
Fixes:
|
||
|
Jia Zhang
|
c554b89868 |
module: Allow to always show the status of modsign
The sig_enforce parameter could be always shown to reflect the current status of signature enforcement. For the case of CONFIG_MODULE_SIG_FORCE=y, this modification doesn't do anything, since sig_enforce can only be enabled, and not disabled, even via the kernel cmdline. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com> [jeyu: reworded commit message to provide clarification] Signed-off-by: Jessica Yu <jeyu@kernel.org> |
||
|
Jia Zhang
|
2c8fd268f4 |
module: Do not access sig_enforce directly
Call is_module_sig_enforced() instead. Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com> Signed-off-by: Jessica Yu <jeyu@kernel.org> |
||
|
Linus Torvalds
|
f5a8eb632b |
Merge tag 'arch-removal' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic
Pul removal of obsolete architecture ports from Arnd Bergmann:
"This removes the entire architecture code for blackfin, cris, frv,
m32r, metag, mn10300, score, and tile, including the associated device
drivers.
I have been working with the (former) maintainers for each one to
ensure that my interpretation was right and the code is definitely
unused in mainline kernels. Many had fond memories of working on the
respective ports to start with and getting them included in upstream,
but also saw no point in keeping the port alive without any users.
In the end, it seems that while the eight architectures are extremely
different, they all suffered the same fate: There was one company in
charge of an SoC line, a CPU microarchitecture and a software
ecosystem, which was more costly than licensing newer off-the-shelf
CPU cores from a third party (typically ARM, MIPS, or RISC-V). It
seems that all the SoC product lines are still around, but have not
used the custom CPU architectures for several years at this point. In
contrast, CPU instruction sets that remain popular and have actively
maintained kernel ports tend to all be used across multiple licensees.
[ See the new nds32 port merged in the previous commit for the next
generation of "one company in charge of an SoC line, a CPU
microarchitecture and a software ecosystem" - Linus ]
The removal came out of a discussion that is now documented at
https://lwn.net/Articles/748074/. Unlike the original plans, I'm not
marking any ports as deprecated but remove them all at once after I
made sure that they are all unused. Some architectures (notably tile,
mn10300, and blackfin) are still being shipped in products with old
kernels, but those products will never be updated to newer kernel
releases.
After this series, we still have a few architectures without mainline
gcc support:
- unicore32 and hexagon both have very outdated gcc releases, but the
maintainers promised to work on providing something newer. At least
in case of hexagon, this will only be llvm, not gcc.
- openrisc, risc-v and nds32 are still in the process of finishing
their support or getting it added to mainline gcc in the first
place. They all have patched gcc-7.3 ports that work to some
degree, but complete upstream support won't happen before gcc-8.1.
Csky posted their first kernel patch set last week, their situation
will be similar
[ Palmer Dabbelt points out that RISC-V support is in mainline gcc
since gcc-7, although gcc-7.3.0 is the recommended minimum - Linus ]"
This really says it all:
2498 files changed, 95 insertions(+), 467668 deletions(-)
* tag 'arch-removal' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic: (74 commits)
MAINTAINERS: UNICORE32: Change email account
staging: iio: remove iio-trig-bfin-timer driver
tty: hvc: remove tile driver
tty: remove bfin_jtag_comm and hvc_bfin_jtag drivers
serial: remove tile uart driver
serial: remove m32r_sio driver
serial: remove blackfin drivers
serial: remove cris/etrax uart drivers
usb: Remove Blackfin references in USB support
usb: isp1362: remove blackfin arch glue
usb: musb: remove blackfin port
usb: host: remove tilegx platform glue
pwm: remove pwm-bfin driver
i2c: remove bfin-twi driver
spi: remove blackfin related host drivers
watchdog: remove bfin_wdt driver
can: remove bfin_can driver
mmc: remove bfin_sdh driver
input: misc: remove blackfin rotary driver
input: keyboard: remove bf54x driver
...
|
||
|
Arnd Bergmann
|
1a8429132e |
mm: remove blackfin MPU support
The CONFIG_MPU option was only defined on blackfin, and that architecture is now being removed, so the respective code can be simplified. A lot of other microcontrollers have an MPU, but I suspect that if we want to bring that support back, we'd do it differently anyway. Signed-off-by: Arnd Bergmann <arnd@arndb.de> |
||
|
Leon Yu
|
3f553b308b |
module: propagate error in modules_open()
otherwise kernel can oops later in seq_release() due to dereferencing null
file->private_data which is only set if seq_open() succeeds.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
IP: seq_release+0xc/0x30
Call Trace:
close_pdeo+0x37/0xd0
proc_reg_release+0x5d/0x60
__fput+0x9d/0x1d0
____fput+0x9/0x10
task_work_run+0x75/0x90
do_exit+0x252/0xa00
do_group_exit+0x36/0xb0
SyS_exit_group+0xf/0x10
Fixes:
|
||
|
Linus Torvalds
|
581e400ff9 |
Merge tag 'modules-for-v4.16' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux
Pull modules updates from Jessica Yu: "Minor code cleanups and MAINTAINERS update" * tag 'modules-for-v4.16' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux: modpost: Remove trailing semicolon ftrace/module: Move ftrace_release_mod() to ddebug_cleanup label MAINTAINERS: Remove from module & paravirt maintenance |
||
|
Linus Torvalds
|
ab486bc9a5 |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk
Pull printk updates from Petr Mladek:
- Add a console_msg_format command line option:
The value "default" keeps the old "[time stamp] text\n" format. The
value "syslog" allows to see the syslog-like "<log
level>[timestamp] text" format.
This feature was requested by people doing regression tests, for
example, 0day robot. They want to have both filtered and full logs
at hands.
- Reduce the risk of softlockup:
Pass the console owner in a busy loop.
This is a new approach to the old problem. It was first proposed by
Steven Rostedt on Kernel Summit 2017. It marks a context in which
the console_lock owner calls console drivers and could not sleep.
On the other side, printk() callers could detect this state and use
a busy wait instead of a simple console_trylock(). Finally, the
console_lock owner checks if there is a busy waiter at the end of
the special context and eventually passes the console_lock to the
waiter.
The hand-off works surprisingly well and helps in many situations.
Well, there is still a possibility of the softlockup, for example,
when the flood of messages stops and the last owner still has too
much to flush.
There is increasing number of people having problems with
printk-related softlockups. We might eventually need to get better
solution. Anyway, this looks like a good start and promising
direction.
- Do not allow to schedule in console_unlock() called from printk():
This reverts an older controversial commit. The reschedule helped
to avoid softlockups. But it also slowed down the console output.
This patch is obsoleted by the new console waiter logic described
above. In fact, the reschedule made the hand-off less effective.
- Deprecate "%pf" and "%pF" format specifier:
It was needed on ia64, ppc64 and parisc64 to dereference function
descriptors and show the real function address. It is done
transparently by "%ps" and "pS" format specifier now.
Sergey Senozhatsky found that all the function descriptors were in
a special elf section and could be easily detected.
- Remove printk_symbol() API:
It has been obsoleted by "%pS" format specifier, and this change
helped to remove few continuous lines and a less intuitive old API.
- Remove redundant memsets:
Sergey removed unnecessary memset when processing printk.devkmsg
command line option.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk: (27 commits)
printk: drop redundant devkmsg_log_str memsets
printk: Never set console_may_schedule in console_trylock()
printk: Hide console waiter logic into helpers
printk: Add console owner and waiter logic to load balance console writes
kallsyms: remove print_symbol() function
checkpatch: add pF/pf deprecation warning
symbol lookup: introduce dereference_symbol_descriptor()
parisc64: Add .opd based function descriptor dereference
powerpc64: Add .opd based function descriptor dereference
ia64: Add .opd based function descriptor dereference
sections: split dereference_function_descriptor()
openrisc: Fix conflicting types for _exext and _stext
lib: do not use print_symbol()
irq debug: do not use print_symbol()
sysfs: do not use print_symbol()
drivers: do not use print_symbol()
x86: do not use print_symbol()
unicore32: do not use print_symbol()
sh: do not use print_symbol()
mn10300: do not use print_symbol()
...
|
||
|
Linus Torvalds
|
b2fe5fa686 |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
Pull networking updates from David Miller:
1) Significantly shrink the core networking routing structures. Result
of http://vger.kernel.org/~davem/seoul2017_netdev_keynote.pdf
2) Add netdevsim driver for testing various offloads, from Jakub
Kicinski.
3) Support cross-chip FDB operations in DSA, from Vivien Didelot.
4) Add a 2nd listener hash table for TCP, similar to what was done for
UDP. From Martin KaFai Lau.
5) Add eBPF based queue selection to tun, from Jason Wang.
6) Lockless qdisc support, from John Fastabend.
7) SCTP stream interleave support, from Xin Long.
8) Smoother TCP receive autotuning, from Eric Dumazet.
9) Lots of erspan tunneling enhancements, from William Tu.
10) Add true function call support to BPF, from Alexei Starovoitov.
11) Add explicit support for GRO HW offloading, from Michael Chan.
12) Support extack generation in more netlink subsystems. From Alexander
Aring, Quentin Monnet, and Jakub Kicinski.
13) Add 1000BaseX, flow control, and EEE support to mvneta driver. From
Russell King.
14) Add flow table abstraction to netfilter, from Pablo Neira Ayuso.
15) Many improvements and simplifications to the NFP driver bpf JIT,
from Jakub Kicinski.
16) Support for ipv6 non-equal cost multipath routing, from Ido
Schimmel.
17) Add resource abstration to devlink, from Arkadi Sharshevsky.
18) Packet scheduler classifier shared filter block support, from Jiri
Pirko.
19) Avoid locking in act_csum, from Davide Caratti.
20) devinet_ioctl() simplifications from Al viro.
21) More TCP bpf improvements from Lawrence Brakmo.
22) Add support for onlink ipv6 route flag, similar to ipv4, from David
Ahern.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1925 commits)
tls: Add support for encryption using async offload accelerator
ip6mr: fix stale iterator
net/sched: kconfig: Remove blank help texts
openvswitch: meter: Use 64-bit arithmetic instead of 32-bit
tcp_nv: fix potential integer overflow in tcpnv_acked
r8169: fix RTL8168EP take too long to complete driver initialization.
qmi_wwan: Add support for Quectel EP06
rtnetlink: enable IFLA_IF_NETNSID for RTM_NEWLINK
ipmr: Fix ptrdiff_t print formatting
ibmvnic: Wait for device response when changing MAC
qlcnic: fix deadlock bug
tcp: release sk_frag.page in tcp_disconnect
ipv4: Get the address of interface correctly.
net_sched: gen_estimator: fix lockdep splat
net: macb: Handle HRESP error
net/mlx5e: IPoIB, Fix copy-paste bug in flow steering refactoring
ipv6: addrconf: break critical section in addrconf_verify_rtnl()
ipv6: change route cache aging logic
i40e/i40evf: Update DESC_NEEDED value to reflect larger value
bnxt_en: cleanup DIM work on device shutdown
...
|
||
|
Linus Torvalds
|
6304672b7f |
Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86/pti updates from Thomas Gleixner:
"Another set of melted spectrum related changes:
- Code simplifications and cleanups for RSB and retpolines.
- Make the indirect calls in KVM speculation safe.
- Whitelist CPUs which are known not to speculate from Meltdown and
prepare for the new CPUID flag which tells the kernel that a CPU is
not affected.
- A less rigorous variant of the module retpoline check which merily
warns when a non-retpoline protected module is loaded and reflects
that fact in the sysfs file.
- Prepare for Indirect Branch Prediction Barrier support.
- Prepare for exposure of the Speculation Control MSRs to guests, so
guest OSes which depend on those "features" can use them. Includes
a blacklist of the broken microcodes. The actual exposure of the
MSRs through KVM is still being worked on"
* 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/speculation: Simplify indirect_branch_prediction_barrier()
x86/retpoline: Simplify vmexit_fill_RSB()
x86/cpufeatures: Clean up Spectre v2 related CPUID flags
x86/cpu/bugs: Make retpoline module warning conditional
x86/bugs: Drop one "mitigation" from dmesg
x86/nospec: Fix header guards names
x86/alternative: Print unadorned pointers
x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
x86/msr: Add definitions for new speculation control MSRs
x86/cpufeatures: Add AMD feature bits for Speculation Control
x86/cpufeatures: Add Intel feature bits for Speculation Control
x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
module/retpoline: Warn about missing retpoline in module
KVM: VMX: Make indirect call speculation safe
KVM: x86: Make indirect calls in emulator speculation safe
|
||
|
Andi Kleen
|
caf7501a1b |
module/retpoline: Warn about missing retpoline in module
There's a risk that a kernel which has full retpoline mitigations becomes vulnerable when a module gets loaded that hasn't been compiled with the right compiler or the right option. To enable detection of that mismatch at module load time, add a module info string "retpoline" at build time when the module was compiled with retpoline support. This only covers compiled C source, but assembler source or prebuilt object files are not checked. If a retpoline enabled kernel detects a non retpoline protected module at load time, print a warning and report it in the sysfs vulnerability file. [ tglx: Massaged changelog ] Signed-off-by: Andi Kleen <ak@linux.intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: David Woodhouse <dwmw2@infradead.org> Cc: gregkh@linuxfoundation.org Cc: torvalds@linux-foundation.org Cc: jeyu@kernel.org Cc: arjan@linux.intel.com Link: https://lkml.kernel.org/r/20180125235028.31211-1-andi@firstfloor.org |
||
|
Namit Gupta
|
1323eac7fd |
ftrace/module: Move ftrace_release_mod() to ddebug_cleanup label
ftrace_module_init happen after dynamic_debug_setup, it is desired that cleanup should be called after this label however in current implementation it is called in free module label,ie:even though ftrace in not initialized, from so many fail case ftrace_release_mod() will be called and unnecessary traverse the whole list. In below patch we moved ftrace_release_mod() from free_module label to ddebug_cleanup label. that is the best possible location, other solution is to make new label to ftrace_release_mod() but since ftrace_module_init() is not return with minimum changes it should be in ddebug_cleanup label. Signed-off-by: Namit Gupta <gupta.namit@samsung.com> Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: Jessica Yu <jeyu@kernel.org> |
||
|
Masami Hiramatsu
|
540adea380 |
error-injection: Separate error-injection from kprobe
Since error-injection framework is not limited to be used by kprobes, nor bpf. Other kernel subsystems can use it freely for checking safeness of error-injection, e.g. livepatch, ftrace etc. So this separate error-injection framework from kprobes. Some differences has been made: - "kprobe" word is removed from any APIs/structures. - BPF_ALLOW_ERROR_INJECTION() is renamed to ALLOW_ERROR_INJECTION() since it is not limited for BPF too. - CONFIG_FUNCTION_ERROR_INJECTION is the config item of this feature. It is automatically enabled if the arch supports error injection feature for kprobe or ftrace etc. Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org> Reviewed-by: Josef Bacik <jbacik@fb.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
||
|
Sergey Senozhatsky
|
b865ea6430 |
sections: split dereference_function_descriptor()
There are two format specifiers to print out a pointer in symbolic format: '%pS/%ps' and '%pF/%pf'. On most architectures, the two mean exactly the same thing, but some architectures (ia64, ppc64, parisc64) use an indirect pointer for C function pointers, where the function pointer points to a function descriptor (which in turn contains the actual pointer to the code). The '%pF/%pf, when used appropriately, automatically does the appropriate function descriptor dereference on such architectures. The "when used appropriately" part is tricky. Basically this is a subtle ABI detail, specific to some platforms, that made it to the API level and people can be unaware of it and miss the whole "we need to dereference the function" business out. [1] proves that point (note that it fixes only '%pF' and '%pS', there might be '%pf' and '%ps' cases as well). It appears that we can handle everything within the affected arches and make '%pS/%ps' smart enough to retire '%pF/%pf'. Function descriptors live in .opd elf section and all affected arches (ia64, ppc64, parisc64) handle it properly for kernel and modules. So we, technically, can decide if the dereference is needed by simply looking at the pointer: if it belongs to .opd section then we need to dereference it. The kernel and modules have their own .opd sections, obviously, that's why we need to split dereference_function_descriptor() and use separate kernel and module dereference arch callbacks. This patch does the first step, it a) adds dereference_kernel_function_descriptor() function. b) adds a weak alias to dereference_module_function_descriptor() function. So, for the time being, we will have: 1) dereference_function_descriptor() A generic function, that simply dereferences the pointer. There is bunch of places that call it: kgdbts, init/main.c, extable, etc. 2) dereference_kernel_function_descriptor() A function to call on kernel symbols that does kernel .opd section address range test. 3) dereference_module_function_descriptor() A function to call on modules' symbols that does modules' .opd section address range test. [1] https://marc.info/?l=linux-kernel&m=150472969730573 Link: http://lkml.kernel.org/r/20171109234830.5067-2-sergey.senozhatsky@gmail.com To: Fenghua Yu <fenghua.yu@intel.com> To: Benjamin Herrenschmidt <benh@kernel.crashing.org> To: Paul Mackerras <paulus@samba.org> To: Michael Ellerman <mpe@ellerman.id.au> To: James Bottomley <jejb@parisc-linux.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Jessica Yu <jeyu@kernel.org> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: linux-ia64@vger.kernel.org Cc: linux-parisc@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Tested-by: Tony Luck <tony.luck@intel.com> #ia64 Tested-by: Santosh Sivaraj <santosh@fossix.org> #powerpc Tested-by: Helge Deller <deller@gmx.de> #parisc64 Signed-off-by: Petr Mladek <pmladek@suse.com> |
||
|
Josef Bacik
|
92ace9991d |
add infrastructure for tagging functions as error injectable
Using BPF we can override kprob'ed functions and return arbitrary values. Obviously this can be a bit unsafe, so make this feature opt-in for functions. Simply tag a function with KPROBE_ERROR_INJECT_SYMBOL in order to give BPF access to that function for error injection purposes. Signed-off-by: Josef Bacik <jbacik@fb.com> Acked-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
||
|
Linus Torvalds
|
668533dc07 |
kallsyms: take advantage of the new '%px' format
The conditional kallsym hex printing used a special fixed-width '%lx' output (KALLSYM_FMT) in preparation for the hashing of %p, but that series ended up adding a %px specifier to help with the conversions. Use it, and avoid the "print pointer as an unsigned long" code. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Linus Torvalds
|
2dcd9c71c1 |
Merge tag 'trace-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing updates from
- allow module init functions to be traced
- clean up some unused or not used by config events (saves space)
- clean up of trace histogram code
- add support for preempt and interrupt enabled/disable events
- other various clean ups
* tag 'trace-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: (30 commits)
tracing, thermal: Hide cpu cooling trace events when not in use
tracing, thermal: Hide devfreq trace events when not in use
ftrace: Kill FTRACE_OPS_FL_PER_CPU
perf/ftrace: Small cleanup
perf/ftrace: Fix function trace events
perf/ftrace: Revert ("perf/ftrace: Fix double traces of perf on ftrace:function")
tracing, dma-buf: Remove unused trace event dma_fence_annotate_wait_on
tracing, memcg, vmscan: Hide trace events when not in use
tracing/xen: Hide events that are not used when X86_PAE is not defined
tracing: mark trace_test_buffer as __maybe_unused
printk: Remove superfluous memory barriers from printk_safe
ftrace: Clear hashes of stale ips of init memory
tracing: Add support for preempt and irq enable/disable events
tracing: Prepare to add preempt and irq trace events
ftrace/kallsyms: Have /proc/kallsyms show saved mod init functions
ftrace: Add freeing algorithm to free ftrace_mod_maps
ftrace: Save module init functions kallsyms symbols for tracing
ftrace: Allow module init functions to be traced
ftrace: Add a ftrace_free_mem() function for modules to use
tracing: Reimplement log2
...
|