| Age | Commit message (Collapse) | Author |
|---|
|
Changes in 4.4.197
KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
s390/topology: avoid firing events before kobjs are created
s390/cio: avoid calling strlen on null pointer
s390/cio: exclude subchannels with no parent from pseudo check
KVM: nVMX: handle page fault in vmread fix
ASoC: Define a set of DAPM pre/post-up events
powerpc/powernv: Restrict OPAL symbol map to only be readable by root
can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
crypto: qat - Silence smp_processor_id() warning
ieee802154: atusb: fix use-after-free at disconnect
cfg80211: initialize on-stack chandefs
ima: always return negative code for error
fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
9p: avoid attaching writeback_fid on mmap with type PRIVATE
xen/pci: reserve MCFG areas earlier
ceph: fix directories inode i_blkbits initialization
drm/amdgpu: Check for valid number of registers to read
thermal: Fix use-after-free when unregistering thermal zone device
fuse: fix memleak in cuse_channel_open
kernel/elfcore.c: include proper prototypes
tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
perf stat: Fix a segmentation fault when using repeat forever
crypto: caam - fix concurrency issue in givencrypt descriptor
cfg80211: add and use strongly typed element iteration macros
cfg80211: Use const more consistently in for_each_element macros
nl80211: validate beacon head
ASoC: sgtl5000: Improve VAG power and mute control
panic: ensure preemption is disabled during panic()
USB: rio500: Remove Rio 500 kernel driver
USB: yurex: Don't retry on unexpected errors
USB: yurex: fix NULL-derefs on disconnect
USB: usb-skeleton: fix runtime PM after driver unbind
USB: usb-skeleton: fix NULL-deref on disconnect
xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
xhci: Check all endpoints for LPM timeout
usb: xhci: wait for CNR controller not ready bit in xhci resume
xhci: Increase STS_SAVE timeout in xhci_suspend()
USB: adutux: remove redundant variable minor
USB: adutux: fix use-after-free on disconnect
USB: adutux: fix NULL-derefs on disconnect
USB: adutux: fix use-after-free on release
USB: iowarrior: fix use-after-free on disconnect
USB: iowarrior: fix use-after-free on release
USB: iowarrior: fix use-after-free after driver unbind
USB: usblp: fix runtime PM after driver unbind
USB: chaoskey: fix use-after-free on release
USB: ldusb: fix NULL-derefs on driver unbind
serial: uartlite: fix exit path null pointer
USB: serial: keyspan: fix NULL-derefs on open() and write()
USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
USB: serial: option: add Telit FN980 compositions
USB: serial: option: add support for Cinterion CLS8 devices
USB: serial: fix runtime PM after driver unbind
USB: usblcd: fix I/O after disconnect
USB: microtek: fix info-leak at probe
USB: dummy-hcd: fix power budget for SuperSpeed mode
usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
USB: legousbtower: fix slab info leak at probe
USB: legousbtower: fix deadlock on disconnect
USB: legousbtower: fix potential NULL-deref on disconnect
USB: legousbtower: fix open after failed reset request
USB: legousbtower: fix use-after-free on release
staging: vt6655: Fix memory leak in vt6655_probe
iio: adc: ad799x: fix probe error handling
iio: light: opt3001: fix mutex unlock race
perf llvm: Don't access out-of-scope array
CIFS: Gracefully handle QueryInfo errors during open
CIFS: Force reval dentry if LOOKUP_REVAL flag is set
kernel/sysctl.c: do not override max_threads provided by userspace
arm64: capabilities: Handle sign of the feature bit
arm64: Rename cpuid_feature field extract routines
Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
cifs: Check uniqueid for SMB2+ and return -ESTALE if necessary
CIFS: Force revalidate inode when dentry is stale
media: stkwebcam: fix runtime PM after driver unbind
tracing: Get trace_array reference for available_tracers files
x86/asm: Fix MWAITX C-state hint value
xfs: clear sb->s_fs_info on mount failure
Linux 4.4.197
Change-Id: I0879b08629040431c71dae0d8b5474863d5e0391
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
commit 015664d15270a112c2371d812f03f7c579b35a73 upstream.
The Rio500 kernel driver has not been used by Rio500 owners since 2001
not long after the rio500 project added support for a user-space USB stack
through the very first versions of usbdevfs and then libusb.
Support for the kernel driver was removed from the upstream utilities
in 2008:
https://gitlab.freedesktop.org/hadess/rio500/commit/943f624ab721eb8281c287650fcc9e2026f6f5db
Cc: Cesar Miquel <miquel@df.uba.ar>
Signed-off-by: Bastien Nocera <hadess@hadess.net>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/6251c17584d220472ce882a3d9c199c401a51a71.camel@hadess.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Changes in 4.4.191
HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
MIPS: kernel: only use i8253 clocksource with periodic clockevent
netfilter: ebtables: fix a memory leak bug in compat
bonding: Force slave speed check after link state recovery for 802.3ad
can: dev: call netif_carrier_off() in register_candev()
st21nfca_connectivity_event_received: null check the allocation
st_nci_hci_connectivity_event_received: null check the allocation
ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
net: usb: qmi_wwan: Add the BroadMobi BM818 card
isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain()
isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
perf bench numa: Fix cpu0 binding
can: sja1000: force the string buffer NULL-terminated
can: peak_usb: force the string buffer NULL-terminated
NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
net: hisilicon: make hip04_tx_reclaim non-reentrant
net: hisilicon: fix hip04-xmit never return TX_BUSY
net: hisilicon: Fix dma_map_single failed on arm64
libata: add SG safety checks in SFF pio transfers
selftests: kvm: Adding config fragments
HID: wacom: correct misreported EKR ring values
Revert "dm bufio: fix deadlock with loop device"
userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
x86/apic: Handle missing global clockevent gracefully
x86/boot: Save fields explicitly, zero out everything else
x86/boot: Fix boot regression caused by bootparam sanitizing
dm btree: fix order of block initialization in btree_split_beneath
dm space map metadata: fix missing store of apply_bops() return value
dm table: fix invalid memory accesses with too high sector number
cgroup: Disable IRQs while holding css_set_lock
GFS2: don't set rgrp gl_object until it's inserted into rgrp tree
net: arc_emac: fix koops caused by sk_buff free
vhost-net: set packet weight of tx polling to 2 * vq size
vhost_net: use packet weight for rx handler, too
vhost_net: introduce vhost_exceeds_weight()
vhost: introduce vhost_exceeds_weight()
vhost_net: fix possible infinite loop
vhost: scsi: add weight support
siphash: add cryptographically secure PRF
siphash: implement HalfSipHash1-3 for hash tables
inet: switch IP ID generator to siphash
netfilter: ctnetlink: don't use conntrack/expect object addresses as id
netfilter: conntrack: Use consistent ct id hash calculation
Revert "perf test 6: Fix missing kvm module load for s390"
x86/pm: Introduce quirk framework to save/restore extra MSR registers around suspend/resume
x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm()
dmaengine: ste_dma40: fix unneeded variable warning
usb: gadget: composite: Clear "suspended" on reset/disconnect
usb: host: fotg2: restart hcd after port reset
tools: hv: fix KVP and VSS daemons exit code
watchdog: bcm2835_wdt: Fix module autoload
tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
tcp: make sure EPOLLOUT wont be missed
ALSA: seq: Fix potential concurrent access to the deleted pool
KVM: x86: Don't update RIP or do single-step on faulting emulation
x86/apic: Do not initialize LDR and DFR for bigsmp
x86/apic: Include the LDR when clearing out APIC registers
usb-storage: Add new JMS567 revision to unusual_devs
USB: cdc-wdm: fix race between write and disconnect due to flag abuse
usb: host: ohci: fix a race condition between shutdown and irq
USB: storage: ums-realtek: Update module parameter description for auto_delink_en
USB: storage: ums-realtek: Whitelist auto-delink support
ptrace,x86: Make user_64bit_mode() available to 32-bit builds
uprobes/x86: Fix detection of 32-bit user mode
mmc: sdhci-of-at91: add quirk for broken HS200
mmc: core: Fix init of SD cards reporting an invalid VDD range
stm class: Fix a double free of stm_source_device
VMCI: Release resource if the work is already queued
Revert "cfg80211: fix processing world regdomain when non modular"
mac80211: fix possible sta leak
x86/ptrace: fix up botched merge of spectrev1 fix
Linux 4.4.191
Change-Id: Ic9a2554d2ba45f9c17478f1dfb5115e1a3bc3bd7
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
[ Upstream commit c49a0a80137c7ca7d6ced4c812c9e07a949f6f24 ]
There have been reports of RDRAND issues after resuming from suspend on
some AMD family 15h and family 16h systems. This issue stems from a BIOS
not performing the proper steps during resume to ensure RDRAND continues
to function properly.
RDRAND support is indicated by CPUID Fn00000001_ECX[30]. This bit can be
reset by clearing MSR C001_1004[62]. Any software that checks for RDRAND
support using CPUID, including the kernel, will believe that RDRAND is
not supported.
Update the CPU initialization to clear the RDRAND CPUID bit for any family
15h and 16h processor that supports RDRAND. If it is known that the family
15h or family 16h system does not have an RDRAND resume issue or that the
system will not be placed in suspend, the "rdrand=force" kernel parameter
can be used to stop the clearing of the RDRAND CPUID bit.
Additionally, update the suspend and resume path to save and restore the
MSR C001_1004 value to ensure that the RDRAND CPUID setting remains in
place after resuming from suspend.
Note, that clearing the RDRAND CPUID bit does not prevent a processor
that normally supports the RDRAND instruction from executing it. So any
code that determined the support based on family and model won't #UD.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Chen Yu <yu.c.chen@intel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: "linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>
Cc: "linux-pm@vger.kernel.org" <linux-pm@vger.kernel.org>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: <stable@vger.kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: "x86@kernel.org" <x86@kernel.org>
Link: https://lkml.kernel.org/r/7543af91666f491547bd86cebb1e17c66824ab9f.1566229943.git.thomas.lendacky@amd.com
[sl: adjust context in docs]
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
commit 1ae2324f732c9c4e2fa4ebd885fa1001b70d52e1 upstream.
HalfSipHash, or hsiphash, is a shortened version of SipHash, which
generates 32-bit outputs using a weaker 64-bit key. It has *much* lower
security margins, and shouldn't be used for anything too sensitive, but
it could be used as a hashtable key function replacement, if the output
is never exposed, and if the security requirement is not too high.
The goal is to make this something that performance-critical jhash users
would be willing to use.
On 64-bit machines, HalfSipHash1-3 is slower than SipHash1-3, so we alias
SipHash1-3 to HalfSipHash1-3 on those systems.
64-bit x86_64:
[ 0.509409] test_siphash: SipHash2-4 cycles: 4049181
[ 0.510650] test_siphash: SipHash1-3 cycles: 2512884
[ 0.512205] test_siphash: HalfSipHash1-3 cycles: 3429920
[ 0.512904] test_siphash: JenkinsHash cycles: 978267
So, we map hsiphash() -> SipHash1-3
32-bit x86:
[ 0.509868] test_siphash: SipHash2-4 cycles: 14812892
[ 0.513601] test_siphash: SipHash1-3 cycles: 9510710
[ 0.515263] test_siphash: HalfSipHash1-3 cycles: 3856157
[ 0.515952] test_siphash: JenkinsHash cycles: 1148567
So, we map hsiphash() -> HalfSipHash1-3
hsiphash() is roughly 3 times slower than jhash(), but comes with a
considerable security improvement.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backported to 4.4 to avoid regression for WireGuard with only half
the siphash API present]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
commit 2c956a60778cbb6a27e0c7a8a52a91378c90e1d1 upstream.
SipHash is a 64-bit keyed hash function that is actually a
cryptographically secure PRF, like HMAC. Except SipHash is super fast,
and is meant to be used as a hashtable keyed lookup function, or as a
general PRF for short input use cases, such as sequence numbers or RNG
chaining.
For the first usage:
There are a variety of attacks known as "hashtable poisoning" in which an
attacker forms some data such that the hash of that data will be the
same, and then preceeds to fill up all entries of a hashbucket. This is
a realistic and well-known denial-of-service vector. Currently
hashtables use jhash, which is fast but not secure, and some kind of
rotating key scheme (or none at all, which isn't good). SipHash is meant
as a replacement for jhash in these cases.
There are a modicum of places in the kernel that are vulnerable to
hashtable poisoning attacks, either via userspace vectors or network
vectors, and there's not a reliable mechanism inside the kernel at the
moment to fix it. The first step toward fixing these issues is actually
getting a secure primitive into the kernel for developers to use. Then
we can, bit by bit, port things over to it as deemed appropriate.
While SipHash is extremely fast for a cryptographically secure function,
it is likely a bit slower than the insecure jhash, and so replacements
will be evaluated on a case-by-case basis based on whether or not the
difference in speed is negligible and whether or not the current jhash usage
poses a real security risk.
For the second usage:
A few places in the kernel are using MD5 or SHA1 for creating secure
sequence numbers, syn cookies, port numbers, or fast random numbers.
SipHash is a faster and more fitting, and more secure replacement for MD5
in those situations. Replacing MD5 and SHA1 with SipHash for these uses is
obvious and straight-forward, and so is submitted along with this patch
series. There shouldn't be much of a debate over its efficacy.
Dozens of languages are already using this internally for their hash
tables and PRFs. Some of the BSDs already use this in their kernels.
SipHash is a widely known high-speed solution to a widely known set of
problems, and it's time we catch-up.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Eric Biggers <ebiggers3@gmail.com>
Cc: David Laight <David.Laight@aculab.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backported to 4.4 as dependency of commits df453700e8d8 "inet: switch
IP ID generator to siphash" and 3c79107631db "netfilter: ctnetlink: don't
use conntrack/expect object addresses as id":
- Adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
Changes in 4.4.189
arm64: cpufeature: Fix CTR_EL0 field definitions
arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter
HID: Add quirk for HP X1200 PIXART OEM mouse
tcp: be more careful in tcp_fragment()
atm: iphase: Fix Spectre v1 vulnerability
net: bridge: delete local fdb on device init failure
net: fix ifindex collision during namespace removal
tipc: compat: allow tipc commands without arguments
net: sched: Fix a possible null-pointer dereference in dequeue_func()
net/mlx5: Use reversed order when unregister devices
bnx2x: Disable multi-cos feature.
compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
block: blk_init_allocated_queue() set q->fq as NULL in the fail case
spi: bcm2835: Fix 3-wire mode if DMA is enabled
x86: cpufeatures: Sort feature word 7
x86/entry/64: Fix context tracking state warning when load_gs_index fails
x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
x86/speculation: Enable Spectre v1 swapgs mitigations
x86/entry/64: Use JMP instead of JMPQ
x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
Linux 4.4.189
Change-Id: Ie53dff8ad9602a66a8c52c3fcbba354c1b7d06e5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
commit a2059825986a1c8143fd6698774fa9d83733bb11 upstream.
The previous commit added macro calls in the entry code which mitigate the
Spectre v1 swapgs issue if the X86_FEATURE_FENCE_SWAPGS_* features are
enabled. Enable those features where applicable.
The mitigations may be disabled with "nospectre_v1" or "mitigations=off".
There are different features which can affect the risk of attack:
- When FSGSBASE is enabled, unprivileged users are able to place any
value in GS, using the wrgsbase instruction. This means they can
write a GS value which points to any value in kernel space, which can
be useful with the following gadget in an interrupt/exception/NMI
handler:
if (coming from user space)
swapgs
mov %gs:<percpu_offset>, %reg1
// dependent load or store based on the value of %reg
// for example: mov %(reg1), %reg2
If an interrupt is coming from user space, and the entry code
speculatively skips the swapgs (due to user branch mistraining), it
may speculatively execute the GS-based load and a subsequent dependent
load or store, exposing the kernel data to an L1 side channel leak.
Note that, on Intel, a similar attack exists in the above gadget when
coming from kernel space, if the swapgs gets speculatively executed to
switch back to the user GS. On AMD, this variant isn't possible
because swapgs is serializing with respect to future GS-based
accesses.
NOTE: The FSGSBASE patch set hasn't been merged yet, so the above case
doesn't exist quite yet.
- When FSGSBASE is disabled, the issue is mitigated somewhat because
unprivileged users must use prctl(ARCH_SET_GS) to set GS, which
restricts GS values to user space addresses only. That means the
gadget would need an additional step, since the target kernel address
needs to be read from user space first. Something like:
if (coming from user space)
swapgs
mov %gs:<percpu_offset>, %reg1
mov (%reg1), %reg2
// dependent load or store based on the value of %reg2
// for example: mov %(reg2), %reg3
It's difficult to audit for this gadget in all the handlers, so while
there are no known instances of it, it's entirely possible that it
exists somewhere (or could be introduced in the future). Without
tooling to analyze all such code paths, consider it vulnerable.
Effects of SMAP on the !FSGSBASE case:
- If SMAP is enabled, and the CPU reports RDCL_NO (i.e., not
susceptible to Meltdown), the kernel is prevented from speculatively
reading user space memory, even L1 cached values. This effectively
disables the !FSGSBASE attack vector.
- If SMAP is enabled, but the CPU *is* susceptible to Meltdown, SMAP
still prevents the kernel from speculatively reading user space
memory. But it does *not* prevent the kernel from reading the
user value from L1, if it has already been cached. This is probably
only a small hurdle for an attacker to overcome.
Thanks to Dave Hansen for contributing the speculative_smap() function.
Thanks to Andrew Cooper for providing the inside scoop on whether swapgs
is serializing on AMD.
[ tglx: Fixed the USER fence decision and polished the comment as suggested
by Dave Hansen ]
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Dave Hansen <dave.hansen@intel.com>
[bwh: Backported to 4.4:
- Check for X86_FEATURE_KAISER instead of X86_FEATURE_PTI
- mitigations= parameter is x86-only here
- Don't use __ro_after_init
- Adjust filename, context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Changes in 4.4.186
Input: elantech - enable middle button support on 2 ThinkPads
samples, bpf: fix to change the buffer size for read()
mac80211: mesh: fix RCU warning
mwifiex: Fix possible buffer overflows at parsing bss descriptor
dt-bindings: can: mcp251x: add mcp25625 support
can: mcp251x: add support for mcp25625
Input: imx_keypad - make sure keyboard can always wake up system
ARM: davinci: da850-evm: call regulator_has_full_constraints()
ARM: davinci: da8xx: specify dma_coherent_mask for lcdc
md: fix for divide error in status_resync
bnx2x: Check if transceiver implements DDM before access
udf: Fix incorrect final NOT_ALLOCATED (hole) extent length
x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()
x86/tls: Fix possible spectre-v1 in do_get_thread_area()
mwifiex: Abort at too short BSS descriptor element
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
fscrypt: don't set policy for a dead directory
mwifiex: Don't abort on small, spec-compliant vendor IEs
USB: serial: ftdi_sio: add ID for isodebug v1
USB: serial: option: add support for GosunCn ME3630 RNDIS mode
usb: gadget: ether: Fix race between gether_disconnect and rx_submit
usb: renesas_usbhs: add a workaround for a race condition of workqueue
staging: comedi: dt282x: fix a null pointer deref on interrupt
staging: comedi: amplc_pci230: fix null pointer deref on interrupt
carl9170: fix misuse of device driver API
VMCI: Fix integer overflow in VMCI handle arrays
MIPS: Remove superfluous check for __linux__
e1000e: start network tx queue only when link is up
perf/core: Fix perf_sample_regs_user() mm check
ARM: omap2: remove incorrect __init annotation
be2net: fix link failure after ethtool offline test
ppp: mppe: Add softdep to arc4
sis900: fix TX completion
dm verity: use message limit for data block corruption message
kvm: x86: avoid warning on repeated KVM_SET_TSS_ADDR
ARC: hide unused function unw_hdr_alloc
s390: fix stfle zero padding
s390/qdio: (re-)initialize tiqdio list entries
s390/qdio: don't touch the dsci in tiqdio_add_input_queues()
KVM: x86: protect KVM_CREATE_PIT/KVM_CREATE_PIT2 with kvm->lock
Linux 4.4.186
Change-Id: Ib318f4f4b7c21ffdccc7807d8bb26c0b46557129
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
[ Upstream commit 0df82dcd55832a99363ab7f9fab954fcacdac3ae ]
Fully compatible with mcp2515, the mcp25625 have integrated transceiver.
This patch add the mcp25625 to the device tree bindings documentation.
Signed-off-by: Sean Nyekjaer <sean@geanix.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
Changes in 4.4.182
tcp: limit payload size of sacked skbs
tcp: tcp_fragment() should apply sane memory limits
tcp: add tcp_min_snd_mss sysctl
tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
Linux 4.4.182
Change-Id: Idb237d729dbdbfc2d0e41544b19f0d5d6547644b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
commit 5f3e2bf008c2221478101ee72f5cb4654b9fc363 upstream.
Some TCP peers announce a very small MSS option in their SYN and/or
SYN/ACK messages.
This forces the stack to send packets with a very high network/cpu
overhead.
Linux has enforced a minimal value of 48. Since this value includes
the size of TCP options, and that the options can consume up to 40
bytes, this means that each segment can include only 8 bytes of payload.
In some cases, it can be useful to increase the minimal value
to a saner value.
We still let the default to 48 (TCP_MIN_SND_MSS), for compatibility
reasons.
Note that TCP_MAXSEG socket option enforces a minimal value
of (TCP_MIN_MSS). David Miller increased this minimal value
in commit c39508d6f118 ("tcp: Make TCP_MAXSEG minimum more correct.")
from 64 to 88.
We might in the future merge TCP_MIN_SND_MSS and TCP_MIN_MSS.
CVE-2019-11479 -- tcp mss hardcoded to 48
Signed-off-by: Eric Dumazet <edumazet@google.com>
Suggested-by: Jonathan Looney <jtl@netflix.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Tyler Hicks <tyhicks@canonical.com>
Cc: Bruce Curtis <brucec@netflix.com>
Cc: Jonathan Lemon <jonathan.lemon@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Changes in 4.4.181
x86/speculation/mds: Revert CPU buffer clear on double fault exit
x86/speculation/mds: Improve CPU buffer clear documentation
ARM: exynos: Fix a leaked reference by adding missing of_node_put
crypto: vmx - fix copy-paste error in CTR mode
crypto: crct10dif-generic - fix use via crypto_shash_digest()
crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
ALSA: usb-audio: Fix a memory leak bug
ALSA: hda/hdmi - Consider eld_valid when reporting jack event
ALSA: hda/realtek - EAPD turn on later
ASoC: max98090: Fix restore of DAPM Muxes
ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
mm/mincore.c: make mincore() more conservative
ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L
tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
ext4: actually request zeroing of inode table after grow
ext4: fix ext4_show_options for file systems w/o journal
Btrfs: do not start a transaction at iterate_extent_inodes()
bcache: fix a race between cache register and cacheset unregister
bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
ipmi:ssif: compare block number correctly for multi-part return messages
crypto: gcm - Fix error return code in crypto_gcm_create_common()
crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
crypto: chacha20poly1305 - set cra_name correctly
crypto: salsa20 - don't access already-freed walk.iv
crypto: arm/aes-neonbs - don't access already-freed walk.iv
writeback: synchronize sync(2) against cgroup writeback membership switches
fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount
ext4: zero out the unused memory region in the extent tree block
ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
net: avoid weird emergency message
net/mlx4_core: Change the error print to info print
ppp: deflate: Fix possible crash in deflate_init
tipc: switch order of device registration to fix a crash
tipc: fix modprobe tipc failed after switch order of device registration
stm class: Fix channel free in stm output free path
md: add mddev->pers to avoid potential NULL pointer dereference
intel_th: msu: Fix single mode with IOMMU
of: fix clang -Wunsequenced for be32_to_cpu()
cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level()
media: ov6650: Fix sensor possibly not detected on probe
NFS4: Fix v4.0 client state corruption when mount
clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
fuse: fix writepages on 32bit
fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
ceph: flush dirty inodes before proceeding with remount
tracing: Fix partial reading of trace event's id file
memory: tegra: Fix integer overflow on tick value calculation
perf intel-pt: Fix instructions sampling rate
perf intel-pt: Fix improved sample timestamp
perf intel-pt: Fix sample timestamp wrt non-taken branches
fbdev: sm712fb: fix brightness control on reboot, don't set SR30
fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM
fbdev: sm712fb: fix support for 1024x768-16 mode
fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
PCI: Mark Atheros AR9462 to avoid bus reset
dm delay: fix a crash when invalid device is specified
xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
vti4: ipip tunnel deregistration fixes.
xfrm4: Fix uninitialized memory read in _decode_session4
KVM: arm/arm64: Ensure vcpu target is unset on reset failure
power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG
ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
perf bench numa: Add define for RUSAGE_THREAD if not present
Revert "Don't jump to compute_result state from check_result state"
md/raid: raid5 preserve the writeback action after the parity check
btrfs: Honour FITRIM range constraints during free space trim
fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
ext4: do not delete unlinked inode from orphan list on failed truncate
KVM: x86: fix return value for reserved EFER
bio: fix improper use of smp_mb__before_atomic()
Revert "scsi: sd: Keep disk read-only when re-reading partition"
crypto: vmx - CTR: always increment IV as quadword
gfs2: Fix sign extension bug in gfs2_update_stats
Btrfs: fix race between ranged fsync and writeback of adjacent ranges
btrfs: sysfs: don't leak memory when failing add fsid
fbdev: fix divide error in fb_var_to_videomode
hugetlb: use same fault hash key for shared and private mappings
fbdev: fix WARNING in __alloc_pages_nodemask bug
media: cpia2: Fix use-after-free in cpia2_exit
media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
at76c50x-usb: Don't register led_trigger if usb_register_driver failed
perf tools: No need to include bitops.h in util.h
tools include: Adopt linux/bits.h
gfs2: Fix lru_count going negative
cxgb4: Fix error path in cxgb4_init_module
mmc: core: Verify SD bus width
powerpc/boot: Fix missing check of lseek() return value
ASoC: imx: fix fiq dependencies
spi: pxa2xx: fix SCR (divisor) calculation
brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler()
rtc: 88pm860x: prevent use-after-free on device remove
w1: fix the resume command API
dmaengine: pl330: _stop: clear interrupt status
mac80211/cfg80211: update bss channel on channel switch
ASoC: fsl_sai: Update is_slave_mode with correct value
mwifiex: prevent an array overflow
net: cw1200: fix a NULL pointer dereference
bcache: return error immediately in bch_journal_replay()
bcache: fix failure in journal relplay
bcache: add failure check to run_cache_set() for journal replay
bcache: avoid clang -Wunintialized warning
x86/build: Move _etext to actual end of .text
smpboot: Place the __percpu annotation correctly
x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault()
mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions
HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
pinctrl: pistachio: fix leaked of_node references
dmaengine: at_xdmac: remove BUG_ON macro in tasklet
media: coda: clear error return value before picture run
media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
media: au0828: stop video streaming only when last user stops
media: ov2659: make S_FMT succeed even if requested format doesn't match
audit: fix a memory leak bug
media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
media: pvrusb2: Prevent a buffer overflow
powerpc/numa: improve control of topology updates
sched/core: Check quota and period overflow at usec to nsec conversion
sched/core: Handle overflow in cpu_shares_write_u64
USB: core: Don't unbind interfaces following device reset failure
x86/irq/64: Limit IST stack overflow check to #DB stack
i40e: don't allow changes to HW VLAN stripping on active port VLANs
RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
scsi: libsas: Do discovery on empty PHY to update PHY info
mmc_spi: add a status check for spi_sync_locked
mmc: sdhci-of-esdhc: add erratum eSDHC5 support
mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
PM / core: Propagate dev->power.wakeup_path when no callbacks
extcon: arizona: Disable mic detect if running when driver is removed
s390: cio: fix cio_irb declaration
cpufreq: ppc_cbe: fix possible object reference leak
cpufreq/pasemi: fix possible object reference leak
cpufreq: pmac32: fix possible object reference leak
x86/build: Keep local relocations with ld.lld
iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
iio: hmc5843: fix potential NULL pointer dereferences
iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data
rtlwifi: fix a potential NULL pointer dereference
brcmfmac: fix missing checks for kmemdup
b43: shut up clang -Wuninitialized variable warning
brcmfmac: convert dev_init_lock mutex to completion
brcmfmac: fix race during disconnect when USB completion is in progress
scsi: ufs: Fix regulator load and icc-level configuration
scsi: ufs: Avoid configuring regulator with undefined voltage range
arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
x86/ia32: Fix ia32_restore_sigcontext() AC leak
chardev: add additional check for minor range overlap
HID: core: move Usage Page concatenation to Main item
ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
cxgb3/l2t: Fix undefined behaviour
spi: tegra114: reset controller on probe
media: wl128x: prevent two potential buffer overflows
virtio_console: initialize vtermno value for ports
tty: ipwireless: fix missing checks for ioremap
rcutorture: Fix cleanup path for invalid torture_type strings
usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
scsi: qla4xxx: avoid freeing unallocated dma memory
media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
media: go7007: avoid clang frame overflow warning with KASAN
media: saa7146: avoid high stack usage with clang
scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
spi : spi-topcliff-pch: Fix to handle empty DMA buffers
spi: rspi: Fix sequencer reset during initialization
spi: Fix zero length xfer bug
ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
llc: fix skb leak in llc_build_and_send_ui_pkt()
net-gro: fix use-after-free read in napi_gro_frags()
net: stmmac: fix reset gpio free missing
usbnet: fix kernel crash after disconnect
tipc: Avoid copying bytes beyond the supplied data
bnxt_en: Fix aggregation buffer leak under OOM condition.
net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
crypto: vmx - ghash: do nosimd fallback manually
xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
tipc: fix modprobe tipc failed after switch order of device registration -v2
sparc64: Fix regression in non-hypervisor TLB flush xcall
include/linux/bitops.h: sanitize rotate primitives
xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
usb: xhci: avoid null pointer deref when bos field is NULL
USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
USB: sisusbvga: fix oops in error path of sisusb_probe
USB: Add LPM quirk for Surface Dock GigE adapter
USB: rio500: refuse more than one device at a time
USB: rio500: fix memory leak in close after disconnect
media: usb: siano: Fix general protection fault in smsusb
media: usb: siano: Fix false-positive "uninitialized variable" warning
media: smsusb: better handle optional alignment
scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
Btrfs: fix race updating log root item during fsync
ALSA: hda/realtek - Set default power save node to 0
drm/nouveau/i2c: Disable i2c bus access after ->fini()
tty: serial: msm_serial: Fix XON/XOFF
tty: max310x: Fix external crystal register setup
memcg: make it work on sparse non-0-node systems
kernel/signal.c: trace_signal_deliver when signal_group_exit
CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM
binder: Replace "%p" with "%pK" for stable
binder: replace "%p" with "%pK"
net: create skb_gso_validate_mac_len()
bnx2x: disable GSO where gso_size is too big for hardware
brcmfmac: Add length checks on firmware events
brcmfmac: screening firmware event packet
brcmfmac: revise handling events in receive path
brcmfmac: fix incorrect event channel deduction
brcmfmac: add length checks in scheduled scan result handler
brcmfmac: add subtype check for event handling in data path
userfaultfd: don't pin the user memory in userfaultfd_file_create()
Revert "x86/build: Move _etext to actual end of .text"
net: cdc_ncm: GetNtbFormat endian fix
usb: gadget: fix request length error for isoc transfer
media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
ethtool: fix potential userspace buffer overflow
neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
net: rds: fix memory leak in rds_ib_flush_mr_pool
pktgen: do not sleep with the thread lock held.
rcu: locking and unlocking need to always be at least barriers
parisc: Use implicit space register selection for loading the coherence index of I/O pdirs
fuse: fallocate: fix return with locked inode
MIPS: pistachio: Build uImage.gz by default
genwqe: Prevent an integer overflow in the ioctl
drm/gma500/cdv: Check vbt config bits when detecting lvds panels
fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
fuse: Add FOPEN_STREAM to use stream_open()
ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
ethtool: check the return value of get_regs_len
Linux 4.4.181
Change-Id: I0c9e7effbb6bd5d1978b4ffad3db3b76af6692bc
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
commit 9d8d0294e78a164d407133dea05caf4b84247d6a upstream.
On x86_64, all returns to usermode go through
prepare_exit_to_usermode(), with the sole exception of do_nmi().
This even includes machine checks -- this was added several years
ago to support MCE recovery. Update the documentation.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Frederic Weisbecker <frederic@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jon Masters <jcm@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Fixes: 04dcbdb80578 ("x86/speculation/mds: Clear CPU buffers on exit to user")
Link: http://lkml.kernel.org/r/999fa9e126ba6a48e9d214d2f18dbde5c62ac55c.1557865329.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 88640e1dcd089879530a49a8d212d1814678dfe7 upstream.
The double fault ESPFIX path doesn't return to user mode at all --
it returns back to the kernel by simulating a #GP fault.
prepare_exit_to_usermode() will run on the way out of
general_protection before running user code.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Frederic Weisbecker <frederic@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jon Masters <jcm@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Fixes: 04dcbdb80578 ("x86/speculation/mds: Clear CPU buffers on exit to user")
Link: http://lkml.kernel.org/r/ac97612445c0a44ee10374f6ea79c222fe22a5c4.1557865329.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Changes in 4.4.180
kbuild: simplify ld-option implementation
KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number
cifs: do not attempt cifs operation on smb2+ rename error
MIPS: scall64-o32: Fix indirect syscall number load
trace: Fix preempt_enable_no_resched() abuse
sched/numa: Fix a possible divide-by-zero
ceph: ensure d_name stability in ceph_dentry_hash()
ceph: fix ci->i_head_snapc leak
nfsd: Don't release the callback slot unless it was actually held
sunrpc: don't mark uninitialised items as VALID.
USB: Add new USB LPM helpers
USB: Consolidate LPM checks to avoid enabling LPM twice
powerpc/xmon: Add RFI flush related fields to paca dump
powerpc/64s: Improve RFI L1-D cache flush fallback
powerpc/pseries: Support firmware disable of RFI flush
powerpc/powernv: Support firmware disable of RFI flush
powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
powerpc/rfi-flush: Always enable fallback flush on pseries
powerpc/rfi-flush: Differentiate enabled and patched flush types
powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
powerpc: Add security feature flags for Spectre/Meltdown
powerpc/pseries: Set or clear security feature flags
powerpc/powernv: Set or clear security feature flags
powerpc/64s: Move cpu_show_meltdown()
powerpc/64s: Enhance the information in cpu_show_meltdown()
powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
powerpc/64s: Wire up cpu_show_spectre_v1()
powerpc/64s: Wire up cpu_show_spectre_v2()
powerpc/pseries: Fix clearing of security feature flags
powerpc: Move default security feature flags
powerpc/pseries: Restore default security feature flags on setup
powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
powerpc/64s: Add barrier_nospec
powerpc/64s: Add support for ori barrier_nospec patching
powerpc/64s: Patch barrier_nospec in modules
powerpc/64s: Enable barrier_nospec based on firmware settings
powerpc/64: Use barrier_nospec in syscall entry
powerpc: Use barrier_nospec in copy_from_user()
powerpc/64s: Enhance the information in cpu_show_spectre_v1()
powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
powerpc/64: Disable the speculation barrier from the command line
powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
powerpc/64: Call setup_barrier_nospec() from setup_arch()
powerpc/64: Make meltdown reporting Book3S 64 specific
powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
powerpc/asm: Add a patch_site macro & helpers for patching instructions
powerpc/64s: Add new security feature flags for count cache flush
powerpc/64s: Add support for software count cache flush
powerpc/pseries: Query hypervisor for count cache flush settings
powerpc/powernv: Query firmware for count cache flush settings
powerpc: Avoid code patching freed init sections
powerpc/fsl: Add infrastructure to fixup branch predictor flush
powerpc/fsl: Add macro to flush the branch predictor
powerpc/fsl: Fix spectre_v2 mitigations reporting
powerpc/fsl: Add nospectre_v2 command line argument
powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
powerpc/fsl: Update Spectre v2 reporting
powerpc/security: Fix spectre_v2 reporting
powerpc/fsl: Fix the flush of branch predictor.
tipc: handle the err returned from cmd header function
slip: make slhc_free() silently accept an error pointer
intel_th: gth: Fix an off-by-one in output unassigning
fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
tipc: check link name with right length in tipc_nl_compat_link_set
bpf: reject wrong sized filters earlier
Revert "block/loop: Use global lock for ioctl() operation."
ipv4: add sanity checks in ipv4_link_failure()
team: fix possible recursive locking when add slaves
net: stmmac: move stmmac_check_ether_addr() to driver probe
ipv4: set the tcp_min_rtt_wlen range from 0 to one day
powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
powerpc/fsl: Flush branch predictor when entering KVM
powerpc/fsl: Emulate SPRN_BUCSR register
powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
Documentation: Add nospectre_v1 parameter
usbnet: ipheth: prevent TX queue timeouts when device not ready
usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
qlcnic: Avoid potential NULL pointer dereference
netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING
sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
usb: gadget: net2280: Fix overrun of OUT messages
usb: gadget: net2280: Fix net2280_dequeue()
usb: gadget: net2272: Fix net2272_dequeue()
ARM: dts: pfla02: increase phy reset duration
net: ks8851: Dequeue RX packets explicitly
net: ks8851: Reassert reset pin if chip ID check fails
net: ks8851: Delay requesting IRQ until opened
net: ks8851: Set initial carrier state to down
net: xilinx: fix possible object reference leak
net: ibm: fix possible object reference leak
net: ethernet: ti: fix possible object reference leak
scsi: qla4xxx: fix a potential NULL pointer dereference
usb: u132-hcd: fix resource leak
ceph: fix use-after-free on symlink traversal
scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
libata: fix using DMA buffers on stack
kconfig/[mn]conf: handle backspace (^H) key
vfio/type1: Limit DMA mappings per container
ALSA: line6: use dynamic buffers
ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
ipv6/flowlabel: wait rcu grace period before put_pid()
ipv6: invert flowlabel sharing check in process and user mode
bnxt_en: Improve multicast address setup logic.
packet: validate msg_namelen in send directly
USB: yurex: Fix protection fault after device removal
USB: w1 ds2490: Fix bug caused by improper use of altsetting array
USB: core: Fix unterminated string returned by usb_string()
USB: core: Fix bug caused by duplicate interface PM usage counter
HID: debug: fix race condition with between rdesc_show() and device removal
rtc: sh: Fix invalid alarm warning for non-enabled alarm
igb: Fix WARN_ONCE on runtime suspend
bonding: show full hw address in sysfs for slave entries
jffs2: fix use-after-free on symlink traversal
debugfs: fix use-after-free on symlink traversal
rtc: da9063: set uie_unsupported when relevant
vfio/pci: use correct format characters
scsi: storvsc: Fix calculation of sub-channel count
net: hns: Use NAPI_POLL_WEIGHT for hns driver
net: hns: Fix WARNING when remove HNS driver with SMMU enabled
hugetlbfs: fix memory leak for resv_map
xsysace: Fix error handling in ace_setup
ARM: orion: don't use using 64-bit DMA masks
ARM: iop: don't use using 64-bit DMA masks
usb: usbip: fix isoc packet num validation in get_pipe
staging: iio: adt7316: allow adt751x to use internal vref for all dacs
staging: iio: adt7316: fix the dac read calculation
staging: iio: adt7316: fix the dac write calculation
Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
selinux: never allow relabeling on context mounts
x86/mce: Improve error message when kernel cannot recover, p2
media: v4l2: i2c: ov7670: Fix PLL bypass register values
scsi: libsas: fix a race condition when smp task timeout
ASoC:soc-pcm:fix a codec fixup issue in TDM case
ASoC: cs4270: Set auto-increment bit for register writes
ASoC: tlv320aic32x4: Fix Common Pins
perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
iommu/amd: Set exclusion range correctly
genirq: Prevent use-after-free and work list corruption
usb: dwc3: Fix default lpm_nyet_threshold value
scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
Bluetooth: hidp: fix buffer overflow
Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
UAS: fix alignment of scatter/gather segments
ipv6: fix a potential deadlock in do_ipv6_setsockopt()
ASoC: Intel: avoid Oops if DMA setup fails
timer/debug: Change /proc/timer_stats from 0644 to 0600
netfilter: compat: initialize all fields in xt_init
platform/x86: sony-laptop: Fix unintentional fall-through
iio: adc: xilinx: fix potential use-after-free on remove
HID: input: add mapping for Expose/Overview key
HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
libnvdimm/btt: Fix a kmemdup failure check
s390/dasd: Fix capacity calculation for large volumes
s390/3270: fix lockdep false positive on view->lock
KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing
tools lib traceevent: Fix missing equality check for strcmp
init: initialize jump labels before command line option parsing
ipvs: do not schedule icmp errors from tunnels
s390: ctcm: fix ctcm_new_device error return code
selftests/net: correct the return value for run_netsocktests
gpu: ipu-v3: dp: fix CSC handling
cw1200: fix missing unlock on error in cw1200_hw_scan()
x86/vdso: Pass --eh-frame-hdr to the linker
Don't jump to compute_result state from check_result state
locking/static_keys: Provide DECLARE and well as DEFINE macros
x86/microcode/intel: Add a helper which gives the microcode revision
x86: stop exporting msr-index.h to userland
bitops: avoid integer overflow in GENMASK(_ULL)
x86/microcode/intel: Check microcode revision before updating sibling threads
x86/MCE: Save microcode revision in machine check records
x86/cpufeatures: Hide AMD-specific speculation flags
x86/speculation: Support Enhanced IBRS on future CPUs
x86/speculation: Simplify the CPU bug detection logic
x86/bugs: Add AMD's variant of SSB_NO
x86/bugs: Add AMD's SPEC_CTRL MSR usage
x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file
x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
x86/microcode: Update the new microcode revision unconditionally
x86/cpu: Sanitize FAM6_ATOM naming
KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
x86/mm: Use WRITE_ONCE() when setting PTEs
x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
x86/speculation: Propagate information about RSB filling mitigation to sysfs
x86/speculation: Update the TIF_SSBD comment
x86/speculation: Clean up spectre_v2_parse_cmdline()
x86/speculation: Remove unnecessary ret variable in cpu_show_common()
x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common()
x86/speculation: Disable STIBP when enhanced IBRS is in use
x86/speculation: Rename SSBD update functions
x86/speculation: Reorganize speculation control MSRs update
x86/Kconfig: Select SCHED_SMT if SMP enabled
sched: Add sched_smt_active()
x86/speculation: Rework SMT state change
x86/speculation: Reorder the spec_v2 code
x86/speculation: Mark string arrays const correctly
x86/speculataion: Mark command line parser data __initdata
x86/speculation: Unify conditional spectre v2 print functions
x86/speculation: Add command line control for indirect branch speculation
x86/speculation: Prepare for per task indirect branch speculation control
x86/process: Consolidate and simplify switch_to_xtra() code
x86/speculation: Avoid __switch_to_xtra() calls
x86/speculation: Prepare for conditional IBPB in switch_mm()
x86/speculation: Split out TIF update
x86/speculation: Prepare arch_smt_update() for PRCTL mode
x86/speculation: Prevent stale SPEC_CTRL msr content
x86/speculation: Add prctl() control for indirect branch speculation
x86/speculation: Enable prctl mode for spectre_v2_user
x86/speculation: Add seccomp Spectre v2 user space protection mode
x86/speculation: Provide IBPB always command line options
kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
x86/msr-index: Cleanup bit defines
x86/speculation: Consolidate CPU whitelists
x86/speculation/mds: Add basic bug infrastructure for MDS
x86/speculation/mds: Add BUG_MSBDS_ONLY
x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
x86/speculation/mds: Add mds_clear_cpu_buffers()
x86/speculation/mds: Clear CPU buffers on exit to user
x86/speculation/mds: Conditionally clear CPU buffers on idle entry
x86/speculation/mds: Add mitigation control for MDS
x86/speculation/l1tf: Document l1tf in sysfs
x86/speculation/mds: Add sysfs reporting for MDS
x86/speculation/mds: Add mitigation mode VMWERV
Documentation: Move L1TF to separate directory
Documentation: Add MDS vulnerability documentation
x86/cpu/bugs: Use __initconst for 'const' init data
x86/speculation: Move arch_smt_update() call to after mitigation decisions
x86/speculation/mds: Add SMT warning message
x86/speculation/mds: Fix comment
x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
cpu/speculation: Add 'mitigations=' cmdline option
x86/speculation: Support 'mitigations=' cmdline option
x86/speculation/mds: Add 'mitigations=' support for MDS
x86/mds: Add MDSUM variant to the MDS documentation
Documentation: Correct the possible MDS sysfs values
x86/speculation/mds: Fix documentation typo
x86/bugs: Change L1TF mitigation string to match upstream
USB: serial: use variable for status
USB: serial: fix unthrottle races
powerpc/64s: Include cpu header
bridge: Fix error path for kobject_init_and_add()
net: ucc_geth - fix Oops when changing number of buffers in the ring
packet: Fix error path in packet_init
vlan: disable SIOCSHWTSTAMP in container
vrf: sit mtu should not be updated when vrf netdev is the link
ipv4: Fix raw socket lookup for local traffic
bonding: fix arp_validate toggling in active-backup mode
drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
powerpc/booke64: set RI in default MSR
powerpc/lib: fix book3s/32 boot failure due to code patching
Linux 4.4.180
Change-Id: I72f6c596cc992689d95abc8b5d1303d6ec22b051
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
commit 95310e348a321b45fb746c176961d4da72344282 upstream.
Fix a minor typo in the MDS documentation: "eanbled" -> "enabled".
Reported-by: Jeff Bastian <jbastian@redhat.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit ea01668f9f43021b28b3f4d5ffad50106a1e1301 upstream.
Adjust the last two rows in the table that display possible values when
MDS mitigation is enabled. They both were slightly innacurate.
In addition, convert the table of possible values and their descriptions
to a list-table. The simple table format uses the top border of equals
signs to determine cell width which resulted in the first column being
far too wide in comparison to the second column that contained the
majority of the text.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
[bwh: Backported to 4.4: adjust filename]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit e672f8bf71c66253197e503f75c771dd28ada4a0 upstream.
Updated the documentation for a new CVE-2019-11091 Microarchitectural Data
Sampling Uncacheable Memory (MDSUM) which is a variant of
Microarchitectural Data Sampling (MDS). MDS is a family of side channel
attacks on internal buffers in Intel CPUs.
MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from
memory that takes a fault or assist can leave data in a microarchitectural
structure that may later be observed using one of the same methods used by
MSBDS, MFBDS or MLPDS. There are no new code changes expected for MDSUM.
The existing mitigation for MDS applies to MDSUM as well.
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Jon Masters <jcm@redhat.com>
[bwh: Backported to 4.4: adjust filename]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 5c14068f87d04adc73ba3f41c2a303d3c3d1fa12 upstream.
Add MDS to the new 'mitigations=' cmdline option.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
[bwh: Backported to 4.4:
- Drop the auto,nosmt option, which we can't support
- Adjust filenames, context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit d68be4c4d31295ff6ae34a8ddfaa4c1a8ff42812 upstream.
Configure x86 runtime CPU speculation bug mitigations in accordance with
the 'mitigations=' cmdline option. This affects Meltdown, Spectre v2,
Speculative Store Bypass, and L1TF.
The default behavior is unchanged.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86)
Reviewed-by: Jiri Kosina <jkosina@suse.cz>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Waiman Long <longman@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Jon Masters <jcm@redhat.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: linux-s390@vger.kernel.org
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-arch@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Tyler Hicks <tyhicks@canonical.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Steven Price <steven.price@arm.com>
Cc: Phil Auld <pauld@redhat.com>
Link: https://lkml.kernel.org/r/6616d0ae169308516cfdf5216bedd169f8a8291b.1555085500.git.jpoimboe@redhat.com
[bwh: Backported to 4.4:
- Drop the auto,nosmt option and the l1tf mitigation selection, which we can't
support
- Adjust filenames, context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 98af8452945c55652de68536afdde3b520fec429 upstream.
Keeping track of the number of mitigations for all the CPU speculation
bugs has become overwhelming for many users. It's getting more and more
complicated to decide which mitigations are needed for a given
architecture. Complicating matters is the fact that each arch tends to
have its own custom way to mitigate the same vulnerability.
Most users fall into a few basic categories:
a) they want all mitigations off;
b) they want all reasonable mitigations on, with SMT enabled even if
it's vulnerable; or
c) they want all reasonable mitigations on, with SMT disabled if
vulnerable.
Define a set of curated, arch-independent options, each of which is an
aggregation of existing options:
- mitigations=off: Disable all mitigations.
- mitigations=auto: [default] Enable all the default mitigations, but
leave SMT enabled, even if it's vulnerable.
- mitigations=auto,nosmt: Enable all the default mitigations, disabling
SMT if needed by a mitigation.
Currently, these options are placeholders which don't actually do
anything. They will be fleshed out in upcoming patches.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Jiri Kosina <jkosina@suse.cz> (on x86)
Reviewed-by: Jiri Kosina <jkosina@suse.cz>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Waiman Long <longman@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Jon Masters <jcm@redhat.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: linux-s390@vger.kernel.org
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-arch@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Tyler Hicks <tyhicks@canonical.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Steven Price <steven.price@arm.com>
Cc: Phil Auld <pauld@redhat.com>
Link: https://lkml.kernel.org/r/b07a8ef9b7c5055c3a4637c87d07c296d5016fe0.1555085500.git.jpoimboe@redhat.com
[bwh: Backported to 4.4:
- Drop the auto,nosmt option which we can't support
- Adjust filename]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 5999bbe7a6ea3c62029532ec84dc06003a1fa258 upstream.
Add the initial MDS vulnerability documentation.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Jon Masters <jcm@redhat.com>
[bwh: Backported to 4.4:
- Drop the index updates
- Adjust filename]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 22dd8365088b6403630b82423cf906491859b65e upstream.
In virtualized environments it can happen that the host has the microcode
update which utilizes the VERW instruction to clear CPU buffers, but the
hypervisor is not yet updated to expose the X86_FEATURE_MD_CLEAR CPUID bit
to guests.
Introduce an internal mitigation mode VMWERV which enables the invocation
of the CPU buffer clearing even if X86_FEATURE_MD_CLEAR is not set. If the
system has no updated microcode this results in a pointless execution of
the VERW instruction wasting a few CPU cycles. If the microcode is updated,
but not exposed to a guest then the CPU buffers will be cleared.
That said: Virtual Machines Will Eventually Receive Vaccine
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 8a4b06d391b0a42a373808979b5028f5c84d9c6a upstream.
Add the sysfs reporting file for MDS. It exposes the vulnerability and
mitigation state similar to the existing files for the other speculative
hardware vulnerabilities.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>
[bwh: Backported to 4.4:
- Test x86_hyper instead of using hypervisor_is_type()
- Adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The vulnerabilties/l1tf attribute was added by commit 17dbca119312
"x86/speculation/l1tf: Add sysfs reporting for l1tf", which has
already been backported to 3.16, but only documented in commit
d90a7a0ec83f "x86/bugs, kvm: Introduce boot-time control of L1TF
mitigations", which has not and probbaly won't be.
Add just that line of documentation for now.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit bc1241700acd82ec69fde98c5763ce51086269f8 upstream.
Now that the mitigations are in place, add a command line parameter to
control the mitigation, a mitigation selector function and a SMT update
mechanism.
This is the minimal straight forward initial implementation which just
provides an always on/off mode. The command line parameter is:
mds=[full|off]
This is consistent with the existing mitigations for other speculative
hardware vulnerabilities.
The idle invocation is dynamically updated according to the SMT state of
the system similar to the dynamic update of the STIBP mitigation. The idle
mitigation is limited to CPUs which are only affected by MSBDS and not any
other variant, because the other variants cannot be mitigated on SMT
enabled systems.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>
[bwh: Backported to 4.4:
- Drop " __ro_after_init"
- Adjust filename, context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 07f07f55a29cb705e221eda7894dd67ab81ef343 upstream.
Add a static key which controls the invocation of the CPU buffer clear
mechanism on idle entry. This is independent of other MDS mitigations
because the idle entry invocation to mitigate the potential leakage due to
store buffer repartitioning is only necessary on SMT systems.
Add the actual invocations to the different halt/mwait variants which
covers all usage sites. mwaitx is not patched as it's not available on
Intel CPUs.
The buffer clear is only invoked before entering the C-State to prevent
that stale data from the idling CPU is spilled to the Hyper-Thread sibling
after the Store buffer got repartitioned and all entries are available to
the non idle sibling.
When coming out of idle the store buffer is partitioned again so each
sibling has half of it available. Now CPU which returned from idle could be
speculatively exposed to contents of the sibling, but the buffers are
flushed either on exit to user space or on VMENTER.
When later on conditional buffer clearing is implemented on top of this,
then there is no action required either because before returning to user
space the context switch will set the condition flag which causes a flush
on the return to user path.
Note, that the buffer clearing on idle is only sensible on CPUs which are
solely affected by MSBDS and not any other variant of MDS because the other
MDS variants cannot be mitigated when SMT is enabled, so the buffer
clearing on idle would be a window dressing exercise.
This intentionally does not handle the case in the acpi/processor_idle
driver which uses the legacy IO port interface for C-State transitions for
two reasons:
- The acpi/processor_idle driver was replaced by the intel_idle driver
almost a decade ago. Anything Nehalem upwards supports it and defaults
to that new driver.
- The legacy IO port interface is likely to be used on older and therefore
unaffected CPUs or on systems which do not receive microcode updates
anymore, so there is no point in adding that.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Reviewed-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>
[bwh: Backported to 4.4: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 04dcbdb8057827b043b3c71aa397c4c63e67d086 upstream.
Add a static key which controls the invocation of the CPU buffer clear
mechanism on exit to user space and add the call into
prepare_exit_to_usermode() and do_nmi() right before actually returning.
Add documentation which kernel to user space transition this covers and
explain why some corner cases are not mitigated.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Reviewed-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>
[bwh: Backported to 4.4: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 6a9e529272517755904b7afa639f6db59ddb793e upstream.
The Microarchitectural Data Sampling (MDS) vulernabilities are mitigated by
clearing the affected CPU buffers. The mechanism for clearing the buffers
uses the unused and obsolete VERW instruction in combination with a
microcode update which triggers a CPU buffer clear when VERW is executed.
Provide a inline function with the assembly magic. The argument of the VERW
instruction must be a memory operand as documented:
"MD_CLEAR enumerates that the memory-operand variant of VERW (for
example, VERW m16) has been extended to also overwrite buffers affected
by MDS. This buffer overwriting functionality is not guaranteed for the
register operand variant of VERW."
Documentation also recommends to use a writable data segment selector:
"The buffer overwriting occurs regardless of the result of the VERW
permission check, as well as when the selector is null or causes a
descriptor load segment violation. However, for lowest latency we
recommend using a selector that indicates a valid writable data
segment."
Add x86 specific documentation about MDS and the internal workings of the
mitigation.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Reviewed-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>
[bwh: Backported to 4.4: drop changes to doc index and configuration]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 55a974021ec952ee460dc31ca08722158639de72 upstream.
Provide the possibility to enable IBPB always in combination with 'prctl'
and 'seccomp'.
Add the extra command line options and rework the IBPB selection to
evaluate the command instead of the mode selected by the STIPB switch case.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Casey Schaufler <casey.schaufler@intel.com>
Cc: Asit Mallick <asit.k.mallick@intel.com>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Jon Masters <jcm@redhat.com>
Cc: Waiman Long <longman9394@gmail.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Dave Stewart <david.c.stewart@intel.com>
Cc: Kees Cook <keescook@chromium.org>
Link: https://lkml.kernel.org/r/20181125185006.144047038@linutronix.de
[bwh: Backported to 4.4: adjust filename]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 6b3e64c237c072797a9ec918654a60e3a46488e2 upstream.
If 'prctl' mode of user space protection from spectre v2 is selected
on the kernel command-line, STIBP and IBPB are applied on tasks which
restrict their indirect branch speculation via prctl.
SECCOMP enables the SSBD mitigation for sandboxed tasks already, so it
makes sense to prevent spectre v2 user space to user space attacks as
well.
The Intel mitigation guide documents how STIPB works:
Setting bit 1 (STIBP) of the IA32_SPEC_CTRL MSR on a logical processor
prevents the predicted targets of indirect branches on any logical
processor of that core from being controlled by software that executes
(or executed previously) on another logical processor of the same core.
Ergo setting STIBP protects the task itself from being attacked from a task
running on a different hyper-thread and protects the tasks running on
different hyper-threads from being attacked.
While the document suggests that the branch predictors are shielded between
the logical processors, the observed performance regressions suggest that
STIBP simply disables the branch predictor more or less completely. Of
course the document wording is vague, but the fact that there is also no
requirement for issuing IBPB when STIBP is used points clearly in that
direction. The kernel still issues IBPB even when STIBP is used until Intel
clarifies the whole mechanism.
IBPB is issued when the task switches out, so malicious sandbox code cannot
mistrain the branch predictor for the next user space task on the same
logical processor.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Casey Schaufler <casey.schaufler@intel.com>
Cc: Asit Mallick <asit.k.mallick@intel.com>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Jon Masters <jcm@redhat.com>
Cc: Waiman Long <longman9394@gmail.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Dave Stewart <david.c.stewart@intel.com>
Cc: Kees Cook <keescook@chromium.org>
Link: https://lkml.kernel.org/r/20181125185006.051663132@linutronix.de
[bwh: Backported to 4.4: adjust filename]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 7cc765a67d8e04ef7d772425ca5a2a1e2b894c15 upstream.
Now that all prerequisites are in place:
- Add the prctl command line option
- Default the 'auto' mode to 'prctl'
- When SMT state changes, update the static key which controls the
conditional STIBP evaluation on context switch.
- At init update the static key which controls the conditional IBPB
evaluation on context switch.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Casey Schaufler <casey.schaufler@intel.com>
Cc: Asit Mallick <asit.k.mallick@intel.com>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Jon Masters <jcm@redhat.com>
Cc: Waiman Long <longman9394@gmail.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Dave Stewart <david.c.stewart@intel.com>
Cc: Kees Cook <keescook@chromium.org>
Link: https://lkml.kernel.org/r/20181125185005.958421388@linutronix.de
[bwh: Backported to 4.4: adjust filename]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 9137bb27e60e554dab694eafa4cca241fa3a694f upstream.
Add the PR_SPEC_INDIRECT_BRANCH option for the PR_GET_SPECULATION_CTRL and
PR_SET_SPECULATION_CTRL prctls to allow fine grained per task control of
indirect branch speculation via STIBP and IBPB.
Invocations:
Check indirect branch speculation status with
- prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, 0, 0, 0);
Enable indirect branch speculation with
- prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0);
Disable indirect branch speculation with
- prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0);
Force disable indirect branch speculation with
- prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0);
See Documentation/userspace-api/spec_ctrl.rst.
Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Casey Schaufler <casey.schaufler@intel.com>
Cc: Asit Mallick <asit.k.mallick@intel.com>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Jon Masters <jcm@redhat.com>
Cc: Waiman Long <longman9394@gmail.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Dave Stewart <david.c.stewart@intel.com>
Cc: Kees Cook <keescook@chromium.org>
Link: https://lkml.kernel.org/r/20181125185005.866780996@linutronix.de
[bwh: Backported to 4.4:
- Renumber the PFA flags
- Drop changes in tools/include/uapi/linux/prctl.h
- Adjust filename]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit fa1202ef224391b6f5b26cdd44cc50495e8fab54 upstream.
Add command line control for user space indirect branch speculation
mitigations. The new option is: spectre_v2_user=
The initial options are:
- on: Unconditionally enabled
- off: Unconditionally disabled
-auto: Kernel selects mitigation (default off for now)
When the spectre_v2= command line argument is either 'on' or 'off' this
implies that the application to application control follows that state even
if a contradicting spectre_v2_user= argument is supplied.
Originally-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Casey Schaufler <casey.schaufler@intel.com>
Cc: Asit Mallick <asit.k.mallick@intel.com>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Jon Masters <jcm@redhat.com>
Cc: Waiman Long <longman9394@gmail.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Dave Stewart <david.c.stewart@intel.com>
Cc: Kees Cook <keescook@chromium.org>
Link: https://lkml.kernel.org/r/20181125185005.082720373@linutronix.de
[bwh: Backported to 4.4:
- Don't use __ro_after_init or cpu_smt_control
- Adjust filename]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit c2b71462d294cf517a0bc6e4fd6424d7cee5596f upstream.
The syzkaller fuzzer reported a bug in the USB hub driver which turned
out to be caused by a negative runtime-PM usage counter. This allowed
a hub to be runtime suspended at a time when the driver did not expect
it. The symptom is a WARNING issued because the hub's status URB is
submitted while it is already active:
URB 0000000031fb463e submitted while active
WARNING: CPU: 0 PID: 2917 at drivers/usb/core/urb.c:363
The negative runtime-PM usage count was caused by an unfortunate
design decision made when runtime PM was first implemented for USB.
At that time, USB class drivers were allowed to unbind from their
interfaces without balancing the usage counter (i.e., leaving it with
a positive count). The core code would take care of setting the
counter back to 0 before allowing another driver to bind to the
interface.
Later on when runtime PM was implemented for the entire kernel, the
opposite decision was made: Drivers were required to balance their
runtime-PM get and put calls. In order to maintain backward
compatibility, however, the USB subsystem adapted to the new
implementation by keeping an independent usage counter for each
interface and using it to automatically adjust the normal usage
counter back to 0 whenever a driver was unbound.
This approach involves duplicating information, but what is worse, it
doesn't work properly in cases where a USB class driver delays
decrementing the usage counter until after the driver's disconnect()
routine has returned and the counter has been adjusted back to 0.
Doing so would cause the usage counter to become negative. There's
even a warning about this in the USB power management documentation!
As it happens, this is exactly what the hub driver does. The
kick_hub_wq() routine increments the runtime-PM usage counter, and the
corresponding decrement is carried out by hub_event() in the context
of the hub_wq work-queue thread. This work routine may sometimes run
after the driver has been unbound from its interface, and when it does
it causes the usage counter to go negative.
It is not possible for hub_disconnect() to wait for a pending
hub_event() call to finish, because hub_disconnect() is called with
the device lock held and hub_event() acquires that lock. The only
feasible fix is to reverse the original design decision: remove the
duplicate interface-specific usage counter and require USB drivers to
balance their runtime PM gets and puts. As far as I know, all
existing drivers currently do this.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: syzbot+7634edaea4d0b341c625@syzkaller.appspotmail.com
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 26cb1f36c43ee6e89d2a9f48a5a7500d5248f836 upstream.
Currently only supported on powerpc.
Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit e59f5bd759b7dee57593c5b6c0441609bda5d530 upstream.
Signed-off-by: Diana Craciun <diana.craciun@nxp.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
[ Upstream commit 19fad20d15a6494f47f85d869f00b11343ee5c78 ]
There is a UBSAN report as below:
UBSAN: Undefined behaviour in net/ipv4/tcp_input.c:2877:56
signed integer overflow:
2147483647 * 1000 cannot be represented in type 'int'
CPU: 3 PID: 0 Comm: swapper/3 Not tainted 5.1.0-rc4-00058-g582549e #1
Call Trace:
<IRQ>
dump_stack+0x8c/0xba
ubsan_epilogue+0x11/0x60
handle_overflow+0x12d/0x170
? ttwu_do_wakeup+0x21/0x320
__ubsan_handle_mul_overflow+0x12/0x20
tcp_ack_update_rtt+0x76c/0x780
tcp_clean_rtx_queue+0x499/0x14d0
tcp_ack+0x69e/0x1240
? __wake_up_sync_key+0x2c/0x50
? update_group_capacity+0x50/0x680
tcp_rcv_established+0x4e2/0xe10
tcp_v4_do_rcv+0x22b/0x420
tcp_v4_rcv+0xfe8/0x1190
ip_protocol_deliver_rcu+0x36/0x180
ip_local_deliver+0x15b/0x1a0
ip_rcv+0xac/0xd0
__netif_receive_skb_one_core+0x7f/0xb0
__netif_receive_skb+0x33/0xc0
netif_receive_skb_internal+0x84/0x1c0
napi_gro_receive+0x2a0/0x300
receive_buf+0x3d4/0x2350
? detach_buf_split+0x159/0x390
virtnet_poll+0x198/0x840
? reweight_entity+0x243/0x4b0
net_rx_action+0x25c/0x770
__do_softirq+0x19b/0x66d
irq_exit+0x1eb/0x230
do_IRQ+0x7a/0x150
common_interrupt+0xf/0xf
</IRQ>
It can be reproduced by:
echo 2147483647 > /proc/sys/net/ipv4/tcp_min_rtt_wlen
Fixes: f672258391b42 ("tcp: track min RTT using windowed min-filter")
Signed-off-by: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Changes in 4.4.179
arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
arm64: debug: Ensure debug handlers check triggering exception level
ext4: cleanup bh release code in ext4_ind_remove_space()
lib/int_sqrt: optimize initial value compute
tty/serial: atmel: Add is_half_duplex helper
mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
Bluetooth: Fix decrementing reference count twice in releasing socket
tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
CIFS: fix POSIX lock leak and invalid ptr deref
h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
tracing: kdb: Fix ftdump to not sleep
gpio: gpio-omap: fix level interrupt idling
sysctl: handle overflow for file-max
enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
mm/cma.c: cma_declare_contiguous: correct err handling
mm/page_ext.c: fix an imbalance with kmemleak
mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
mm/slab.c: kmemleak no scan alien caches
ocfs2: fix a panic problem caused by o2cb_ctl
f2fs: do not use mutex lock in atomic context
fs/file.c: initialize init_files.resize_wait
cifs: use correct format characters
dm thin: add sanity checks to thin-pool and external snapshot creation
cifs: Fix NULL pointer dereference of devname
fs: fix guard_bio_eod to check for real EOD errors
tools lib traceevent: Fix buffer overflow in arg_eval
usb: chipidea: Grab the (legacy) USB PHY by phandle first
scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
coresight: etm4x: Add support to enable ETMv4.2
ARM: 8840/1: use a raw_spinlock_t in unwind
mmc: omap: fix the maximum timeout setting
e1000e: Fix -Wformat-truncation warnings
IB/mlx4: Increase the timeout for CM cache
scsi: megaraid_sas: return error when create DMA pool failed
perf test: Fix failure of 'evsel-tp-sched' test on s390
SoC: imx-sgtl5000: add missing put_device()
media: sh_veu: Correct return type for mem2mem buffer helpers
media: s5p-jpeg: Correct return type for mem2mem buffer helpers
media: s5p-g2d: Correct return type for mem2mem buffer helpers
media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
leds: lp55xx: fix null deref on firmware load failure
kprobes: Prohibit probing on bsearch()
ARM: 8833/1: Ensure that NEON code always compiles with Clang
ALSA: PCM: check if ops are defined before suspending PCM
bcache: fix input overflow to cache set sysfs file io_error_halflife
bcache: fix input overflow to sequential_cutoff
bcache: improve sysfs_strtoul_clamp()
fbdev: fbmem: fix memory access if logo is bigger than the screen
cdrom: Fix race condition in cdrom_sysctl_register
ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
soc: qcom: gsbi: Fix error handling in gsbi_probe()
mt7601u: bump supported EEPROM version
ARM: avoid Cortex-A9 livelock on tight dmb loops
tty: increase the default flip buffer limit to 2*640K
media: mt9m111: set initial frame size other than 0x0
hwrng: virtio - Avoid repeated init of completion
soc/tegra: fuse: Fix illegal free of IO base address
hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
dmaengine: imx-dma: fix warning comparison of distinct pointer types
netfilter: physdev: relax br_netfilter dependency
media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
x86/build: Mark per-CPU symbols as absolute explicitly for LLD
dmaengine: tegra: avoid overflow of byte tracking
drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
binfmt_elf: switch to new creds when switching to new mm
kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
x86: vdso: Use $LD instead of $CC to link
x86/vdso: Drop implicit common-page-size linker flag
lib/string.c: implement a basic bcmp
tty: mark Siemens R3964 line discipline as BROKEN
tty: ldisc: add sysctl to prevent autoloading of ldiscs
ipv6: Fix dangling pointer when ipv6 fragment
ipv6: sit: reset ip header pointer in ipip6_rcv
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
openvswitch: fix flow actions reallocation
qmi_wwan: add Olicard 600
sctp: initialize _pad of sockaddr_in before copying to user memory
tcp: Ensure DCTCP reacts to losses
netns: provide pure entropy for net_hash_mix()
net: ethtool: not call vzalloc for zero sized memory request
ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
ALSA: seq: Fix OOB-reads from strlcpy
include/linux/bitrev.h: fix constant bitrev
ASoC: fsl_esai: fix channel swap issue when stream starts
block: do not leak memory in bio_copy_user_iov()
genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
ARM: dts: at91: Fix typo in ISC_D0 on PC9
arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
xen: Prevent buffer overflow in privcmd ioctl
sched/fair: Do not re-read ->h_load_next during hierarchical load calculation
xtensa: fix return_address
PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
perf/core: Restore mmap record type correctly
ext4: add missing brelse() in add_new_gdb_meta_bg()
ext4: report real fs size after failed resize
ALSA: echoaudio: add a check for ioremap_nocache
ALSA: sb8: add a check for request_region
IB/mlx4: Fix race condition between catas error reset and aliasguid flows
mmc: davinci: remove extraneous __init annotation
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
thermal/int340x_thermal: Add additional UUIDs
thermal/int340x_thermal: fix mode setting
tools/power turbostat: return the exit status of a command
perf top: Fix error handling in cmd_top()
perf evsel: Free evsel->counts in perf_evsel__exit()
perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
x86/hpet: Prevent potential NULL pointer dereference
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
iommu/vt-d: Check capability before disabling protected memory
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
fix incorrect error code mapping for OBJECTID_NOT_FOUND
ext4: prohibit fstrim in norecovery mode
rsi: improve kernel thread handling to fix kernel panic
9p: do not trust pdu content for stat item size
9p locks: add mount option for lock retry interval
f2fs: fix to do sanity check with current segment number
serial: uartps: console_setup() can't be placed to init section
ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
ACPI / SBS: Fix GPE storm on recent MacBookPro's
cifs: fallback to older infolevels on findfirst queryinfo retry
crypto: sha256/arm - fix crash bug in Thumb2 build
crypto: sha512/arm - fix crash bug in Thumb2 build
iommu/dmar: Fix buffer overflow during PCI bus notification
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
appletalk: Fix use-after-free in atalk_proc_exit
lib/div64.c: off by one in shift
include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
ovl: fix uid/gid when creating over whiteout
appletalk: Fix compile regression
bonding: fix event handling for stacked bonds
net: atm: Fix potential Spectre v1 vulnerabilities
net: bridge: multicast: use rcu to access port list from br_multicast_start_querier
net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
tcp: tcp_grow_window() needs to respect tcp_space()
ipv4: recompile ip options in ipv4_link_failure
ipv4: ensure rcu_read_lock() in ipv4_link_failure()
crypto: crypto4xx - properly set IV after de- and encrypt
modpost: file2alias: go back to simple devtable lookup
modpost: file2alias: check prototype of handler
tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
iio/gyro/bmg160: Use millidegrees for temperature scale
iio: ad_sigma_delta: select channel when reading register
iio: adc: at91: disable adc channel interrupt in timeout case
io: accel: kxcjk1013: restore the range after resume.
staging: comedi: vmk80xx: Fix use of uninitialized semaphore
staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
staging: comedi: ni_usb6501: Fix use of uninitialized mutex
staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
ALSA: core: Fix card races between register and disconnect
crypto: x86/poly1305 - fix overflow during partial reduction
arm64: futex: Restore oldval initialization to work around buggy compilers
x86/kprobes: Verify stack frame on kretprobe
kprobes: Mark ftrace mcount handler functions nokprobe
kprobes: Fix error check when reusing optimized probes
mac80211: do not call driver wake_tx_queue op during reconfig
Revert "kbuild: use -Oz instead of -Os when using clang"
sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
device_cgroup: fix RCU imbalance in error case
mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n
ALSA: info: Fix racy addition/deletion of nodes
Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()"
kernel/sysctl.c: fix out-of-bounds access when setting file-max
Linux 4.4.179
Change-Id: Ia88dbd6c37250a682098a4a8540672869c6adf42
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
[ Upstream commit de9c0d49d85dc563549972edc5589d195cd5e859 ]
While building arm32 allyesconfig, I ran into the following errors:
arch/arm/lib/xor-neon.c:17:2: error: You should compile this file with
'-mfloat-abi=softfp -mfpu=neon'
In file included from lib/raid6/neon1.c:27:
/home/nathan/cbl/prebuilt/lib/clang/8.0.0/include/arm_neon.h:28:2:
error: "NEON support not enabled"
Building V=1 showed NEON_FLAGS getting passed along to Clang but
__ARM_NEON__ was not getting defined. Ultimately, it boils down to Clang
only defining __ARM_NEON__ when targeting armv7, rather than armv6k,
which is the '-march' value for allyesconfig.
>From lib/Basic/Targets/ARM.cpp in the Clang source:
// This only gets set when Neon instructions are actually available, unlike
// the VFP define, hence the soft float and arch check. This is subtly
// different from gcc, we follow the intent which was that it should be set
// when Neon instructions are actually available.
if ((FPU & NeonFPU) && !SoftFloat && ArchVersion >= 7) {
Builder.defineMacro("__ARM_NEON", "1");
Builder.defineMacro("__ARM_NEON__");
// current AArch32 NEON implementations do not support double-precision
// floating-point even when it is present in VFP.
Builder.defineMacro("__ARM_NEON_FP",
"0x" + Twine::utohexstr(HW_FP & ~HW_FP_DP));
}
Ard Biesheuvel recommended explicitly adding '-march=armv7-a' at the
beginning of the NEON_FLAGS definitions so that __ARM_NEON__ always gets
definined by Clang. This doesn't functionally change anything because
that code will only run where NEON is supported, which is implicitly
armv7.
Link: https://github.com/ClangBuiltLinux/linux/issues/287
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Acked-by: Nicolas Pitre <nico@linaro.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
Changes in 4.4.178
mmc: pxamci: fix enum type confusion
drm/vmwgfx: Don't double-free the mode stored in par->set_mode
udf: Fix crash on IO error during truncate
mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
MIPS: Fix kernel crash for R6 in jump label branch function
futex: Ensure that futex address is aligned in handle_futex_death()
ext4: fix NULL pointer dereference while journal is aborted
ext4: fix data corruption caused by unaligned direct AIO
ext4: brelse all indirect buffer in ext4_ind_remove_space()
mmc: tmio_mmc_core: don't claim spurious interrupts
media: v4l2-ctrls.c/uvc: zero v4l2_event
locking/lockdep: Add debug_locks check in __lock_downgrade()
ALSA: hda - Record the current power state before suspend/resume calls
ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
mmc: pwrseq_simple: Make reset-gpios optional to match doc
mmc: debugfs: Add a restriction to mmc debugfs clock setting
mmc: make MAN_BKOPS_EN message a debug
mmc: sanitize 'bus width' in debug output
mmc: core: shut up "voltage-ranges unspecified" pr_info()
usb: dwc3: gadget: Fix suspend/resume during device mode
arm64: mm: Add trace_irqflags annotations to do_debug_exception()
mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
extcon: usb-gpio: Don't miss event during suspend/resume
kbuild: setlocalversion: print error to STDERR
usb: gadget: composite: fix dereference after null check coverify warning
usb: gadget: Add the gserial port checking in gs_start_tx()
tcp/dccp: drop SYN packets if accept queue is full
serial: sprd: adjust TIMEOUT to a big value
Hang/soft lockup in d_invalidate with simultaneous calls
arm64: traps: disable irq in die()
usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
serial: sprd: clear timeout interrupt only rather than all interrupts
lib/int_sqrt: optimize small argument
USB: core: only clean up what we allocated
rtc: Fix overflow when converting time64_t to rtc_time
ath10k: avoid possible string overflow
Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
sched/fair: Fix new task's load avg removed from source CPU in wake_up_new_task()
mmc: block: Allow more than 8 partitions per card
arm64: fix COMPAT_SHMLBA definition for large pages
efi: stub: define DISABLE_BRANCH_PROFILING for all architectures
ARM: 8458/1: bL_switcher: add GIC dependency
ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor
android: unconditionally remove callbacks in sync_fence_free()
vmstat: make vmstat_updater deferrable again and shut down on idle
hid-sensor-hub.c: fix wrong do_div() usage
arm64: hide __efistub_ aliases from kallsyms
perf: Synchronously free aux pages in case of allocation failure
net: diag: support v4mapped sockets in inet_diag_find_one_icsk()
Revert "mmc: block: don't use parameter prefix if built as module"
writeback: initialize inode members that track writeback history
coresight: fixing lockdep error
coresight: coresight_unregister() function cleanup
coresight: release reference taken by 'bus_find_device()'
coresight: remove csdev's link from topology
stm class: Fix locking in unbinding policy path
stm class: Fix link list locking
stm class: Prevent user-controllable allocations
stm class: Support devices with multiple instances
stm class: Fix unlocking braino in the error path
stm class: Guard output assignment against concurrency
stm class: Fix unbalanced module/device refcounting
stm class: Fix a race in unlinking
coresight: "DEVICE_ATTR_RO" should defined as static.
coresight: etm4x: Check every parameter used by dma_xx_coherent.
asm-generic: Fix local variable shadow in __set_fixmap_offset
staging: ashmem: Avoid deadlock with mmap/shrink
staging: ashmem: Add missing include
staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT
staging: goldfish: audio: fix compiliation on arm
ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies
arm64/kernel: fix incorrect EL0 check in inv_entry macro
mac80211: fix "warning: ‘target_metric’ may be used uninitialized"
perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops
arm64: kernel: Include _AC definition in page.h
PM / Hibernate: Call flush_icache_range() on pages restored in-place
stm class: Do not leak the chrdev in error path
stm class: Fix stm device initialization order
ipv6: fix endianness error in icmpv6_err
usb: gadget: configfs: add mutex lock before unregister gadget
usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG
cpu/hotplug: Handle unbalanced hotplug enable/disable
video: fbdev: Set pixclock = 0 in goldfishfb
arm64: kconfig: drop CONFIG_RTC_LIB dependency
mmc: mmc: fix switch timeout issue caused by jiffies precision
cfg80211: size various nl80211 messages correctly
stmmac: copy unicast mac address to MAC registers
dccp: do not use ipv6 header for ipv4 flow
mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
net: rose: fix a possible stack overflow
Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net)
packets: Always register packet sk in the same order
tcp: do not use ipv6 header for ipv4 flow
vxlan: Don't call gro_cells_destroy() before device is unregistered
sctp: get sctphdr by offset in sctp_compute_cksum
mac8390: Fix mmio access size probe
btrfs: remove WARN_ON in log_dir_items
btrfs: raid56: properly unmap parity page in finish_parity_scrub()
ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
ALSA: compress: add support for 32bit calls in a 64bit kernel
ALSA: rawmidi: Fix potential Spectre v1 vulnerability
ALSA: seq: oss: Fix Spectre v1 vulnerability
ALSA: pcm: Fix possible OOB access in PCM oss plugins
ALSA: pcm: Don't suspend stream in unrecoverable PCM state
scsi: sd: Fix a race between closing an sd device and sd I/O
scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices
tty: atmel_serial: fix a potential NULL pointer dereference
staging: vt6655: Remove vif check from vnt_interrupt
staging: vt6655: Fix interrupt race condition on device start up.
serial: max310x: Fix to avoid potential NULL pointer dereference
serial: sh-sci: Fix setting SCSCR_TIE while transferring data
USB: serial: cp210x: add new device id
USB: serial: ftdi_sio: add additional NovaTech products
USB: serial: mos7720: fix mos_parport refcount imbalance on error path
USB: serial: option: set driver_info for SIM5218 and compatibles
USB: serial: option: add Olicard 600
Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
perf intel-pt: Fix TSC slip
x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
KVM: Reject device ioctls from processes other than the VM's creator
xhci: Fix port resume done detection for SS ports with LPM enabled
Revert "USB: core: only clean up what we allocated"
arm64: support keyctl() system call in 32-bit mode
coresight: removing bind/unbind options from sysfs
stm class: Hide STM-specific options if STM is disabled
Linux 4.4.178
Change-Id: Iac01be124213731798a36b20d80ea3a8e911d025
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
commit ddba91801aeb5c160b660caed1800eb3aef403f8 upstream.
KVM's API requires thats ioctls must be issued from the same process
that created the VM. In other words, userspace can play games with a
VM's file descriptors, e.g. fork(), SCM_RIGHTS, etc..., but only the
creator can do anything useful. Explicitly reject device ioctls that
are issued by a process other than the VM's creator, and update KVM's
API documentation to extend its requirements to device ioctls.
Fixes: 852b6d57dc7f ("kvm: add device control API")
Cc: <stable@vger.kernel.org>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Changes in 4.4.175
drm/bufs: Fix Spectre v1 vulnerability
staging: iio: adc: ad7280a: handle error from __ad7280_read32()
ASoC: Intel: mrfld: fix uninitialized variable access
scsi: lpfc: Correct LCB RJT handling
ARM: 8808/1: kexec:offline panic_smp_self_stop CPU
dlm: Don't swamp the CPU with callbacks queued during recovery
x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
powerpc/pseries: add of_node_put() in dlpar_detach_node()
serial: fsl_lpuart: clear parity enable bit when disable parity
ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
staging:iio:ad2s90: Make probe handle spi_setup failure
staging: iio: ad7780: update voltage on read
ARM: OMAP2+: hwmod: Fix some section annotations
modpost: validate symbol names also in find_elf_symbol
perf tools: Add Hygon Dhyana support
soc/tegra: Don't leak device tree node reference
f2fs: move dir data flush to write checkpoint process
f2fs: fix wrong return value of f2fs_acl_create
sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN
nfsd4: fix crash on writing v4_end_grace before nfsd startup
arm64: ftrace: don't adjust the LR value
ARM: dts: mmp2: fix TWSI2
x86/fpu: Add might_fault() to user_insn()
media: DaVinci-VPBE: fix error handling in vpbe_initialize()
smack: fix access permissions for keyring
usb: hub: delay hub autosuspend if USB3 port is still link training
timekeeping: Use proper seqcount initializer
ARM: dts: Fix OMAP4430 SDP Ethernet startup
mips: bpf: fix encoding bug for mm_srlv32_op
iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
sata_rcar: fix deferred probing
clk: imx6sl: ensure MMDC CH0 handshake is bypassed
cpuidle: big.LITTLE: fix refcount leak
i2c-axxia: check for error conditions first
udf: Fix BUG on corrupted inode
ARM: pxa: avoid section mismatch warning
ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M
memstick: Prevent memstick host from getting runtime suspended during card detection
tty: serial: samsung: Properly set flags in autoCTS mode
arm64: KVM: Skip MMIO insn after emulation
powerpc/uaccess: fix warning/error with access_ok()
mac80211: fix radiotap vendor presence bitmap handling
xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
Bluetooth: Fix unnecessary error message for HCI request completion
cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
drbd: narrow rcu_read_lock in drbd_sync_handshake
drbd: disconnect, if the wrong UUIDs are attached on a connected peer
drbd: skip spurious timeout (ping-timeo) when failing promote
drbd: Avoid Clang warning about pointless switch statment
video: clps711x-fb: release disp device node in probe()
fbdev: fbmem: behave better with small rotated displays and many CPUs
igb: Fix an issue that PME is not enabled during runtime suspend
fbdev: fbcon: Fix unregister crash when more than one framebuffer
KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
NFS: nfs_compare_mount_options always compare auth flavors.
hwmon: (lm80) fix a missing check of the status of SMBus read
hwmon: (lm80) fix a missing check of bus read in lm80 probe
seq_buf: Make seq_buf_puts() null-terminate the buffer
crypto: ux500 - Use proper enum in cryp_set_dma_transfer
crypto: ux500 - Use proper enum in hash_set_dma_transfer
cifs: check ntwrk_buf_start for NULL before dereferencing it
um: Avoid marking pages with "changed protection"
niu: fix missing checks of niu_pci_eeprom_read
scripts/decode_stacktrace: only strip base path when a prefix of the path
ocfs2: don't clear bh uptodate for block read
isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw()
gdrom: fix a memory leak bug
block/swim3: Fix -EBUSY error when re-opening device after unmount
HID: lenovo: Add checks to fix of_led_classdev_register
kernel/hung_task.c: break RCU locks based on jiffies
fs/epoll: drop ovflist branch prediction
exec: load_script: don't blindly truncate shebang string
thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set
test_hexdump: use memcpy instead of strncpy
tipc: use destination length for copy string
string: drop __must_check from strscpy() and restore strscpy() usages in cgroup
dccp: fool proof ccid_hc_[rt]x_parse_options()
enic: fix checksum validation for IPv6
net: dp83640: expire old TX-skb
skge: potential memory corruption in skge_get_regs()
net: systemport: Fix WoL with password after deep sleep
net: dsa: slave: Don't propagate flag changes on down slave interfaces
ALSA: compress: Fix stop handling on compressed capture streams
ALSA: hda - Serialize codec registrations
fuse: call pipe_buf_release() under pipe lock
fuse: decrement NR_WRITEBACK_TEMP on the right page
fuse: handle zero sized retrieve correctly
dmaengine: imx-dma: fix wrong callback invoke
usb: phy: am335x: fix race condition in _probe
usb: gadget: udc: net2272: Fix bitwise and boolean operations
KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
perf/x86/intel/uncore: Add Node ID mask
x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out()
perf/core: Don't WARN() for impossible ring-buffer sizes
perf tests evsel-tp-sched: Fix bitwise operator
mtd: rawnand: gpmi: fix MX28 bus master lockup problem
signal: Always notice exiting tasks
signal: Better detection of synchronous signals
misc: vexpress: Off by one in vexpress_syscfg_exec()
debugfs: fix debugfs_rename parameter checking
mips: cm: reprime error cause
MIPS: OCTEON: don't set octeon_dma_bar_type if PCI is disabled
MIPS: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds
ARM: iop32x/n2100: fix PCI IRQ mapping
mac80211: ensure that mgmt tx skbs have tailroom for encryption
drm/modes: Prevent division by zero htotal
drm/vmwgfx: Fix setting of dma masks
drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user
HID: debug: fix the ring buffer implementation
NFC: nxp-nci: Include unaligned.h instead of access_ok.h
Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)"
libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()
xfrm: refine validation of template and selector families
batman-adv: Avoid WARN on net_device without parent in netns
batman-adv: Force mac header to start of data on xmit
Revert "exec: load_script: don't blindly truncate shebang string"
uapi/if_ether.h: prevent redefinition of struct ethhdr
ARM: dts: da850-evm: Correct the sound card name
ARM: dts: kirkwood: Fix polarity of GPIO fan lines
gpio: pl061: handle failed allocations
cifs: Limit memory used by lock request calls to a page
Documentation/network: reword kernel version reference
Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G"
Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK
perf/core: Fix impossible ring-buffer sizes warning
ALSA: hda - Add quirk for HP EliteBook 840 G5
ALSA: usb-audio: Fix implicit fb endpoint setup by quirk
Input: bma150 - register input device after setting private data
Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780
alpha: fix page fault handling for r16-r18 targets
alpha: Fix Eiger NR_IRQS to 128
tracing/uprobes: Fix output for multiple string arguments
x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls
signal: Restore the stop PTRACE_EVENT_EXIT
x86/a.out: Clear the dump structure initially
dm thin: fix bug where bio that overwrites thin block ignores FUA
smsc95xx: Use skb_cow_head to deal with cloned skbs
ch9200: use skb_cow_head() to deal with cloned skbs
kaweth: use skb_cow_head() to deal with cloned skbs
usb: dwc2: Remove unnecessary kfree
pinctrl: msm: fix gpio-hog related boot issues
uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define
Linux 4.4.175
Change-Id: Icf5316d73fea133f42eda7113b196de74c9ba7f6
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
It seemed odd to say "since 4.17" in a 4.4 kernel. Consider
rewording the reference to indicate where in the stable series
it was introduced as well as where it originated.
Signed-off-by: Mark Rustad <mrustad@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
Changes in 4.4.174
inet: frags: change inet_frags_init_net() return value
inet: frags: add a pointer to struct netns_frags
inet: frags: refactor ipfrag_init()
inet: frags: refactor ipv6_frag_init()
inet: frags: refactor lowpan_net_frag_init()
rhashtable: add rhashtable_lookup_get_insert_key()
rhashtable: Add rhashtable_lookup()
rhashtable: add schedule points
inet: frags: use rhashtables for reassembly units
net: ieee802154: 6lowpan: fix frag reassembly
ipfrag: really prevent allocation on netns exit
inet: frags: remove some helpers
inet: frags: get rif of inet_frag_evicting()
inet: frags: remove inet_frag_maybe_warn_overflow()
inet: frags: break the 2GB limit for frags storage
inet: frags: do not clone skb in ip_expire()
ipv6: frags: rewrite ip6_expire_frag_queue()
rhashtable: reorganize struct rhashtable layout
inet: frags: reorganize struct netns_frags
inet: frags: get rid of ipfrag_skb_cb/FRAG_CB
inet: frags: fix ip6frag_low_thresh boundary
ip: discard IPv4 datagrams with overlapping segments.
net: modify skb_rbtree_purge to return the truesize of all purged skbs.
ipv6: defrag: drop non-last frags smaller than min mtu
net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends
ip: use rb trees for IP frag queue.
ip: add helpers to process in-order fragments faster.
ip: process in-order fragments efficiently
ip: frags: fix crash in ip_do_fragment()
ipv4: frags: precedence bug in ip_expire()
inet: frags: better deal with smp races
net: fix pskb_trim_rcsum_slow() with odd trim offset
net: ipv4: do not handle duplicate fragments as overlapping
rcu: Force boolean subscript for expedited stall warnings
Linux 4.4.174
Change-Id: Id14aa3c02655a21b05d0c39497ac3dd33c115781
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
commit 3e67f106f619dcfaf6f4e2039599bdb69848c714 upstream.
Some users are willing to provision huge amounts of memory to be able
to perform reassembly reasonnably well under pressure.
Current memory tracking is using one atomic_t and integers.
Switch to atomic_long_t so that 64bit arches can use more than 2GB,
without any cost for 32bit arches.
Note that this patch avoids an overflow error, if high_thresh was set
to ~2GB, since this test in inet_frag_alloc() was never true :
if (... || frag_mem_limit(nf) > nf->high_thresh)
Tested:
$ echo 16000000000 >/proc/sys/net/ipv4/ipfrag_high_thresh
<frag DDOS>
$ grep FRAG /proc/net/sockstat
FRAG: inuse 14705885 memory 16000002880
$ nstat -n ; sleep 1 ; nstat | grep Reas
IpReasmReqds 3317150 0.0
IpReasmFails 3317112 0.0
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 648700f76b03b7e8149d13cc2bdb3355035258a9 upstream.
Some applications still rely on IP fragmentation, and to be fair linux
reassembly unit is not working under any serious load.
It uses static hash tables of 1024 buckets, and up to 128 items per bucket (!!!)
A work queue is supposed to garbage collect items when host is under memory
pressure, and doing a hash rebuild, changing seed used in hash computations.
This work queue blocks softirqs for up to 25 ms when doing a hash rebuild,
occurring every 5 seconds if host is under fire.
Then there is the problem of sharing this hash table for all netns.
It is time to switch to rhashtables, and allocate one of them per netns
to speedup netns dismantle, since this is a critical metric these days.
Lookup is now using RCU. A followup patch will even remove
the refcount hold/release left from prior implementation and save
a couple of atomic operations.
Before this patch, 16 cpus (16 RX queue NIC) could not handle more
than 1 Mpps frags DDOS.
After the patch, I reach 9 Mpps without any tuning, and can use up to 2GB
of storage for the fragments (exact number depends on frags being evicted
after timeout)
$ grep FRAG /proc/net/sockstat
FRAG: inuse 1966916 memory 2140004608
A followup patch will change the limits for 64bit arches.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Kirill Tkhai <ktkhai@virtuozzo.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Florian Westphal <fw@strlen.de>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>
Cc: Alexander Aring <alex.aring@gmail.com>
Cc: Stefan Schmidt <stefan@osg.samsung.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backported to 4.4: adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Changes in 4.4.172
tty/ldsem: Wake up readers after timed out down_write()
can: gw: ensure DLC boundaries after CAN frame modification
f2fs: clean up argument of recover_data
f2fs: cover more area with nat_tree_lock
f2fs: move sanity checking of cp into get_valid_checkpoint
f2fs: fix to convert inline directory correctly
f2fs: give -EINVAL for norecovery and rw mount
f2fs: remove an obsolete variable
f2fs: factor out fsync inode entry operations
f2fs: fix inode cache leak
f2fs: fix to avoid reading out encrypted data in page cache
f2fs: not allow to write illegal blkaddr
f2fs: avoid unneeded loop in build_sit_entries
f2fs: use crc and cp version to determine roll-forward recovery
f2fs: introduce get_checkpoint_version for cleanup
f2fs: put directory inodes before checkpoint in roll-forward recovery
f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack
f2fs: detect wrong layout
f2fs: free meta pages if sanity check for ckpt is failed
f2fs: fix race condition in between free nid allocator/initializer
f2fs: return error during fill_super
f2fs: check blkaddr more accuratly before issue a bio
f2fs: sanity check on sit entry
f2fs: enhance sanity_check_raw_super() to avoid potential overflow
f2fs: clean up with is_valid_blkaddr()
f2fs: introduce and spread verify_blkaddr
f2fs: fix to do sanity check with secs_per_zone
f2fs: fix to do sanity check with user_block_count
f2fs: Add sanity_check_inode() function
f2fs: fix to do sanity check with node footer and iblocks
f2fs: fix to do sanity check with reserved blkaddr of inline inode
f2fs: fix to do sanity check with block address in main area
f2fs: fix to do sanity check with block address in main area v2
f2fs: fix to do sanity check with cp_pack_start_sum
f2fs: fix invalid memory access
f2fs: fix missing up_read
f2fs: fix validation of the block count in sanity_check_raw_super
media: em28xx: Fix misplaced reset of dev->v4l::field_count
proc: Remove empty line in /proc/self/status
arm64/kvm: consistently handle host HCR_EL2 flags
arm64: Don't trap host pointer auth use to EL2
ipv6: fix kernel-infoleak in ipv6_local_error()
net: bridge: fix a bug on using a neighbour cache entry without checking its state
packet: Do not leak dev refcounts on error exit
ip: on queued skb use skb_header_pointer instead of pskb_may_pull
crypto: authencesn - Avoid twice completion call in decrypt path
crypto: authenc - fix parsing key with misaligned rta_len
btrfs: wait on ordered extents on abort cleanup
Yama: Check for pid death before checking ancestry
scsi: sd: Fix cache_type_store()
mips: fix n32 compat_ipc_parse_version
mfd: tps6586x: Handle interrupts on suspend
Disable MSI also when pcie-octeon.pcie_disable on
omap2fb: Fix stack memory disclosure
media: vivid: fix error handling of kthread_run
media: vivid: set min width/height to a value > 0
LSM: Check for NULL cred-security on free
media: vb2: vb2_mmap: move lock up
sunrpc: handle ENOMEM in rpcb_getport_async
selinux: fix GPF on invalid policy
sctp: allocate sctp_sockaddr_entry with kzalloc
tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
tipc: fix uninit-value in tipc_nl_compat_bearer_enable
tipc: fix uninit-value in tipc_nl_compat_link_set
tipc: fix uninit-value in tipc_nl_compat_name_table_dump
tipc: fix uninit-value in tipc_nl_compat_doit
block/loop: Use global lock for ioctl() operation.
loop: Fold __loop_release into loop_release
loop: Get rid of loop_index_mutex
loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
media: vb2: be sure to unlock mutex on errors
r8169: Add support for new Realtek Ethernet
ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE
platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey
e1000e: allow non-monotonic SYSTIM readings
writeback: don't decrement wb->refcnt if !wb->bdi
MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
arm64: perf: set suppress_bind_attrs flag to true
jffs2: Fix use of uninitialized delayed_work, lockdep breakage
pstore/ram: Do not treat empty buffers as valid
powerpc/pseries/cpuidle: Fix preempt warning
media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
net: call sk_dst_reset when set SO_DONTROUTE
scsi: target: use consistent left-aligned ASCII INQUIRY data
clk: imx6q: reset exclusive gates on init
kconfig: fix file name and line number of warn_ignored_character()
kconfig: fix memory leak when EOF is encountered in quotation
mmc: atmel-mci: do not assume idle after atmci_request_end
perf intel-pt: Fix error with config term "pt=0"
perf svghelper: Fix unchecked usage of strncpy()
perf parse-events: Fix unchecked usage of strncpy()
dm kcopyd: Fix bug causing workqueue stalls
dm snapshot: Fix excessive memory usage and workqueue stalls
ALSA: bebob: fix model-id of unit for Apogee Ensemble
sysfs: Disable lockdep for driver bind/unbind files
scsi: megaraid: fix out-of-bound array accesses
ocfs2: fix panic due to unrecovered local alloc
mm/page-writeback.c: don't break integrity writeback on ->writepage() error
mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
net: speed up skb_rbtree_purge()
ipmi:ssif: Fix handling of multi-part return messages
Linux 4.4.172
Change-Id: Icbea295f7501881279bdb3a111abfc96c6aa67fc
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
[ Upstream commit 7550c6079846a24f30d15ac75a941c8515dbedfb ]
Patch series "THP eligibility reporting via proc".
This series of three patches aims at making THP eligibility reporting much
more robust and long term sustainable. The trigger for the change is a
regression report [2] and the long follow up discussion. In short the
specific application didn't have good API to query whether a particular
mapping can be backed by THP so it has used VMA flags to workaround that.
These flags represent a deep internal state of VMAs and as such they
should be used by userspace with a great deal of caution.
A similar has happened for [3] when users complained that VM_MIXEDMAP is
no longer set on DAX mappings. Again a lack of a proper API led to an
abuse.
The first patch in the series tries to emphasise that that the semantic of
flags might change and any application consuming those should be really
careful.
The remaining two patches provide a more suitable interface to address [2]
and provide a consistent API to query the THP status both for each VMA and
process wide as well. [1]
http://lkml.kernel.org/r/20181120103515.25280-1-mhocko@kernel.org [2]
http://lkml.kernel.org/r/http://lkml.kernel.org/r/alpine.DEB.2.21.1809241054050.224429@chino.kir.corp.google.com
[3] http://lkml.kernel.org/r/20181002100531.GC4135@quack2.suse.cz
This patch (of 3):
Even though vma flags exported via /proc/<pid>/smaps are explicitly
documented to be not guaranteed for future compatibility the warning
doesn't go far enough because it doesn't mention semantic changes to those
flags. And they are important as well because these flags are a deep
implementation internal to the MM code and the semantic might change at
any time.
Let's consider two recent examples:
http://lkml.kernel.org/r/20181002100531.GC4135@quack2.suse.cz
: commit e1fb4a086495 "dax: remove VM_MIXEDMAP for fsdax and device dax" has
: removed VM_MIXEDMAP flag from DAX VMAs. Now our testing shows that in the
: mean time certain customer of ours started poking into /proc/<pid>/smaps
: and looks at VMA flags there and if VM_MIXEDMAP is missing among the VMA
: flags, the application just fails to start complaining that DAX support is
: missing in the kernel.
http://lkml.kernel.org/r/alpine.DEB.2.21.1809241054050.224429@chino.kir.corp.google.com
: Commit 1860033237d4 ("mm: make PR_SET_THP_DISABLE immediately active")
: introduced a regression in that userspace cannot always determine the set
: of vmas where thp is ineligible.
: Userspace relies on the "nh" flag being emitted as part of /proc/pid/smaps
: to determine if a vma is eligible to be backed by hugepages.
: Previous to this commit, prctl(PR_SET_THP_DISABLE, 1) would cause thp to
: be disabled and emit "nh" as a flag for the corresponding vmas as part of
: /proc/pid/smaps. After the commit, thp is disabled by means of an mm
: flag and "nh" is not emitted.
: This causes smaps parsing libraries to assume a vma is eligible for thp
: and ends up puzzling the user on why its memory is not backed by thp.
In both cases userspace was relying on a semantic of a specific VMA flag.
The primary reason why that happened is a lack of a proper interface.
While this has been worked on and it will be fixed properly, it seems that
our wording could see some refinement and be more vocal about semantic
aspect of these flags as well.
Link: http://lkml.kernel.org/r/20181211143641.3503-2-mhocko@kernel.org
Signed-off-by: Michal Hocko <mhocko@suse.com>
Acked-by: Jan Kara <jack@suse.cz>
Acked-by: Dan Williams <dan.j.williams@intel.com>
Acked-by: David Rientjes <rientjes@google.com>
Acked-by: Mike Rapoport <rppt@linux.ibm.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Paul Oppenheimer <bepvte@gmail.com>
Cc: William Kucharski <william.kucharski@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
