Steve Glendinning [Thu, 19 Feb 2015 18:47:12 +0000 (18:47 +0000)]
smsx95xx: fix crimes against truesize
smsc95xx is adjusting truesize when it shouldn't, and following a recent patch from Eric this is now triggering warnings.
This patch stops smsc95xx from changing truesize.
Signed-off-by: Steve Glendinning <steve.glendinning@smsc.com>
Raspbian kernel package updater [Sun, 8 Oct 2017 00:59:05 +0000 (00:59 +0000)]
psudedomerge to tie in upstream history
Raspbian kernel package updater [Sun, 8 Oct 2017 00:28:57 +0000 (00:28 +0000)]
"Merge packaging changes from into to produce packaging for "
Raspbian automatic change extractor [Sat, 7 Oct 2017 23:56:50 +0000 (00:56 +0100)]
extract packaging changes from 4.9.30-2+deb9u2+rpi1+stretch+buster (
b90c499a424ec39fd24bb2a2193bc7af8540bde9)
Raspbian automatic change extractor [Sat, 7 Oct 2017 15:27:29 +0000 (16:27 +0100)]
extract packaging changes from 4.9.30-2+deb9u2+rpi1+stretch (
f36e2d91fd1e6843dbf041fcb2f3dfc7246255a4)
Raspbian automatic change extractor [Sat, 7 Oct 2017 15:27:19 +0000 (16:27 +0100)]
extract packaging changes from 4.9.30-2+deb9u2+rpi1 (
157167bd83519e5b5accea198a2d3ae93f8deb46)
Ben Hutchings [Thu, 28 Sep 2017 17:27:56 +0000 (18:27 +0100)]
Merge linux (4.9.51-1) import into refs/heads/workingbranch
Ben Hutchings [Mon, 25 Sep 2017 23:03:33 +0000 (00:03 +0100)]
inet_frag: Limit ABI change in 4.9.51
Commit
fb452a1aa3fd 'Revert "net: use lib/percpu_counter API for
fragmentation mem accounting"' changed the type of inet_frag::mem
from struct percpu_counter to atomic_t. There are few modules
that actually depend on this, but struct inet_frag is embedded in
various other structures that end up affecting symbol versions
for a huge number of networking APIs.
So add padding to keep the structure size unchanged, hide the type
change from genksyms, and rename a key inet_frag function so that
those modules that actually depend on the type of inet_frag::mem do
see an ABI change.
Gbp-Pq: Topic debian
Gbp-Pq: Name inet_frag-limit-abi-change-in-4.9.51.patch
Ben Hutchings [Mon, 25 Sep 2017 21:49:55 +0000 (22:49 +0100)]
ip6_fib: Avoid ABI change in 4.9.51
Commit
c5cff8561d2d "ipv6: add rcu grace period before freeing
fib6_node" added an rcu_head field to the end of struct fib6_node.
As this structure is always allocated and freed inside of the ipv6
module (or built-in code), we can safely hide it from genksyms.
Gbp-Pq: Topic debian
Gbp-Pq: Name ip6_fib-avoid-abi-change-in-4.9.51.patch
Ben Hutchings [Tue, 14 Jun 2016 20:32:11 +0000 (21:32 +0100)]
liblockdep: Fix 'defined but not used' warning for init_utsname()
We define init_utsname() as static but not inline, resulting
in a warning for every source file that includes lockdep.h but
doesn't call it.
Since it is only used by lockdep.c, define it in there.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name liblockdep-fix-defined-but-not-used-warning-for-init.patch
Ben Hutchings [Tue, 14 Jun 2016 19:13:24 +0000 (20:13 +0100)]
liblockdep: Fix 'set but not used' warnings
liblockdep defines trivial macros for working with interrupt flags, as
interrupts are never disabled in userland. This results in warnings
from gcc when -Wunused-but-set-variable is enabled, and it is enabled
by -Wall. Fix this by evaluating the flags parameter and casting it to
void.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name liblockdep-fix-set-but-not-used-warnings.patch
Ben Hutchings [Tue, 14 Jun 2016 19:13:23 +0000 (20:13 +0100)]
liblockdep: Fix 'unused value' warnings
liblockdep defines various macros that may expand to an expression
with no effect, while the in-kernel definition does have an effect.
This results in warnings from gcc when -Wunused-value is enabled, and
is is enabled by -Wall. Fix this by introducing trivial functions,
as function return values are generally allowed to be ignored.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name liblockdep-fix-unused-value-warnings.patch
Ben Hutchings [Tue, 14 Jun 2016 20:26:01 +0000 (21:26 +0100)]
liblockdep: Enable -Wall by default
Regressions in liblockdep may be missed because it doesn't enable
warnings.
Adding -Wall immediately introduces a lot of warnings, but those will
be fixed by the following commits.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name liblockdep-enable-wall-by-default.patch
Ben Hutchings [Tue, 14 Jun 2016 20:14:14 +0000 (21:14 +0100)]
liblockdep: Define the ARRAY_SIZE() macro
lockdep.c now uses ARRAY_SIZE().
Fixes: 75dd602a5198 ("lockdep: Fix lock_chain::base size")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name liblockdep-define-the-array_size-macro.patch
Ben Hutchings [Tue, 14 Jun 2016 20:09:19 +0000 (21:09 +0100)]
liblockdep: Fix undefined symbol prandom_u32
__lock_pin_lock() now calls prandom_u32() which is not defined in
liblockdep. __lock_pin_lock() and its caller lock_pin_lock() are dead
code in liblockdep, but we still need to provide a definition of
prandom_u32() in case lazy binding is disabled.
Fixes: e7904a28f533 ("locking/lockdep, sched/core: Implement a better ...")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name liblockdep-fix-undefined-symbol-prandom_u32.patch
Ben Hutchings [Thu, 3 Nov 2016 21:25:26 +0000 (15:25 -0600)]
cpupower: Fix checks for CPU existence
Calls to cpufreq_cpu_exists(cpu) were converted to
cpupower_is_cpu_online(cpu) when libcpupower was introduced and the
former function was deleted. However, cpupower_is_cpu_online()
returns 1 on success whereas cpufreq_cpu_exists() returned 0 on
success. It also does not distinguish physically absent and offline
CPUs, and does not set errno.
cpufreq-set has already been fixed (commit
c25badc9ceb6).
In cpufreq-bench, which prints an error message for offline CPUs,
properly distinguish and report the zero and negative cases.
Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name cpupower-fix-checks-for-cpu-existence.patch
Ben Hutchings [Thu, 9 Jun 2016 22:35:08 +0000 (23:35 +0100)]
cpupower: Bump soname version
Several functions in the libcpupower API are renamed or removed in
Linux 4.7. This is an backward-incompatible ABI change, so the
library soname should change from libcpupower.so.0 to
libcpupower.so.1.
Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name cpupower-bump-soname-version.patch
Ben Hutchings [Sun, 20 Mar 2016 21:09:02 +0000 (21:09 +0000)]
tools lib traceevent: Fix use of uninitialized variables
Fix a number of correct warnings from gcc:
> plugin_function.c:133:6: warning: 'index' may be used uninitialized in this function [-Wmaybe-uninitialized]
> int index;
> ^
'index' is initialized only if indentation is wanted. Move the
printing of indentation using 'index' into the same if-statement.
> kbuffer-parse.c:339:27: warning: 'length' may be used uninitialized in this function [-Wmaybe-uninitialized]
> kbuf->next = kbuf->index + length;
> ^
> kbuffer-parse.c:297:15: note: 'length' was declared here
> unsigned int length;
> ^
'length' is not initialized when handling an OLD_RINGBUF_TYPE_TIME_EXTEND
record. Based on what trace-cmd does, set length = 0 in this case.
> kbuffer-parse.c: In function 'kbuffer_read_at_offset':
> kbuffer-parse.c:632:9: warning: 'data' may be used uninitialized in this function [-Wmaybe-uninitialized]
> return data;
> ^
'data' is not initialized if the offset is too small. Initialize it
to NULL so that the behaviour is the same as when the offset is too
large.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-lib-traceevent-fix-use-of-uninitialized-variables.patch
Ben Hutchings [Sun, 21 Feb 2016 15:33:15 +0000 (15:33 +0000)]
tools/build: Remove bpf() run-time check at build time
It is not correct to test that a syscall works on the build system's
kernel. We might be building on an earlier kernel version or with
security restrictions that block bpf().
Also fix the test for whether __NR_bpf is defined.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-build-remove-bpf-run-time-check-at-build-time.patch
Ben Hutchings [Fri, 25 Sep 2015 21:50:50 +0000 (22:50 +0100)]
Revert "perf build: Fix libunwind feature detection on 32-bit x86"
This reverts commit
05b41775e2edd69a83f592e3534930c934d4038e.
It broke feature detection that was working just fine for us.
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name revert-perf-build-fix-libunwind-feature-detection-on.patch
Ben Hutchings [Fri, 25 Sep 2015 19:28:10 +0000 (20:28 +0100)]
tools/hv: Fix fortify format warning
With fortify enabled, gcc warns:
tools/hv/hv_kvp_daemon.c:705:2: error: format not a string literal and no format arguments [-Werror=format-security]
snprintf(dev_id, sizeof(dev_id), kvp_net_dir);
^
kvp_net_dir is a pointer to a string literal, but lacks const
qualification. As it is never modified, it should be a const
array rather than a pointer.
Also, while snprintf() has a bounds check, the following strcat()s
do not. Combine them into a single snprintf().
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name tools-hv-fix-fortify-format-warning.patch
Ben Hutchings [Fri, 25 Sep 2015 20:36:29 +0000 (21:36 +0100)]
tools/lib/lockdep: Use LDFLAGS
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-lib-lockdep-use-ldflags.patch
Ben Hutchings [Fri, 25 Sep 2015 20:26:48 +0000 (21:26 +0100)]
tools/lib/traceevent: Use LDFLAGS
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-lib-traceevent-use-ldflags.patch
Ben Hutchings [Fri, 25 Sep 2015 19:09:23 +0000 (20:09 +0100)]
tools/perf: Remove shebang lines from perf scripts
perf scripts need to be invoked through perf, not directly through
perl (or other language interpreter). So including shebang lines in
them is useless and possibly misleading.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-perf-remove-shebangs.patch
Ben Hutchings [Thu, 13 Aug 2015 18:48:12 +0000 (20:48 +0200)]
liblockdep: Remove double-quotes from soname
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name lockdep-fix-soname.patch
Ben Hutchings [Thu, 13 Aug 2015 18:48:12 +0000 (20:48 +0200)]
liblockdep: Fix object file paths used in an out-of-tree build
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name lockdep-fix-oot-build.patch
Ben Hutchings [Mon, 13 Jul 2015 19:29:20 +0000 (20:29 +0100)]
perf tools: Use $KBUILD_BUILD_TIMESTAMP as man page date
This allows man pages to be built reproducibly.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-perf-man-date.patch
Ben Hutchings [Mon, 8 Sep 2014 17:31:24 +0000 (18:31 +0100)]
kbuild: Fix recordmcount dependency for OOT modules
We never rebuild anything in-tree when building an out-of-tree
modules, so external modules should not depend on the recordmcount
sources.
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name kbuild-fix-recordmcount-dependency.patch
Ben Hutchings [Sun, 24 Jun 2012 01:51:39 +0000 (02:51 +0100)]
usbip: Document TCP wrappers
Add references to TCP wrappers configuration in the manual page.
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name usbip-document-tcp-wrappers.patch
Ben Hutchings [Fri, 2 Dec 2016 23:06:18 +0000 (23:06 +0000)]
module: Disable matching missing version CRC
This partly reverts commit
cd3caefb4663e3811d37cc2afad3cce642d60061.
We want to fail closed if a symbol version CRC is missing, as the
alternative may allow subverting module signing.
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name module-disable-matching-missing-version-crc.patch
Ben Hutchings [Fri, 2 Dec 2016 01:26:54 +0000 (01:26 +0000)]
powerpc: Fix missing CRCs, add yet more asm-prototypes.h declarations
Add declarations for:
- __mfdcr, __mtdcr (if CONFIG_PPC_DCR_NATIVE=y; through <asm/dcr.h>)
- switch_mmu_context (if CONFIG_PPC_BOOK3S_64=n; through <asm/mmu_context.h>)
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/powerpc
Gbp-Pq: Name powerpc-fix-missing-crcs-add-yet-more-asm-prototypes.patch
Ben Hutchings [Fri, 2 Dec 2016 02:27:50 +0000 (02:27 +0000)]
powerpc: Remove Mac-on-Linux hooks
The symbols exported for use by MOL aren't getting CRCs and I was
about to fix that. But MOL is dead upstream, and the latest work on
it was to make it use KVM instead of its own kernel module. So remove
them instead.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/powerpc
Gbp-Pq: Name powerpc-remove-mac-on-linux-hooks.patch
Ben Hutchings [Thu, 1 Dec 2016 23:14:46 +0000 (23:14 +0000)]
Revert "alpha: move exports to actual definitions"
This reverts commit
00fc0e0dda6286407f3854cd71a125f519a5689c because
symbols exported from assembly don't automatically get modversions (ABI
hashes).
Gbp-Pq: Topic bugfix/alpha
Gbp-Pq: Name revert-alpha-move-exports-to-actual-definitions.patch
Ben Hutchings [Thu, 1 Dec 2016 23:14:09 +0000 (23:14 +0000)]
Revert "m68k: move exports to definitions"
This reverts commit
d13ffb5630443e6112df0263969cbdfc8ab9ab57 because
symbols exported from assembly don't automatically get modversions (ABI
hashes).
Gbp-Pq: Topic bugfix/m68k
Gbp-Pq: Name revert-m68k-move-exports-to-definitions.patch
Ben Hutchings [Thu, 1 Dec 2016 23:13:38 +0000 (23:13 +0000)]
Revert "s390: move exports to definitions"
This reverts commit
711f5df7bf3ae7657e15edf76d671042c051ce95 because
symbols exported from assembly don't automatically get modversions (ABI
hashes).
Gbp-Pq: Topic bugfix/s390
Gbp-Pq: Name revert-s390-move-exports-to-definitions.patch
Ben Hutchings [Thu, 12 Jan 2017 00:08:36 +0000 (00:08 +0000)]
Revert "sparc: move exports to definitions"
This reverts commit
d3867f0483103b8ff7edfdea3ef1981c03d96891 because
symbols exported from assembly don't automatically get modversions (ABI
hashes).
Commit
70a6fcf3283a "[sparc] unify 32bit and 64bit string.h" removed
the export of __memmove; don't try to export it again. It also
completely disabled declaration of prototypes of memscan, memcpy and
memset, which are defined as macros. gcc will still generate implicit
calls to memcpy and memset, so restore both exports and prototypes for
them. Don't restore the export of memscan.
Commit
aa95ce361ed9 "sparc64: Delete __ret_efault." did what it says;
don't try to export that symbol.
Gbp-Pq: Topic bugfix/sparc
Gbp-Pq: Name revert-sparc-move-exports-to-definitions.patch
Ben Hutchings [Thu, 1 Dec 2016 23:20:31 +0000 (23:20 +0000)]
Revert "ia64: move exports to definitions"
This reverts commit
e007c53397acb5554e226693e3bff54a312ccd96 because
symbols exported from assembly don't automatically get modversions (ABI
hashes).
Gbp-Pq: Topic bugfix/ia64
Gbp-Pq: Name revert-ia64-move-exports-to-definitions.patch
Jan H. Schönherr [Thu, 7 Sep 2017 18:02:30 +0000 (19:02 +0100)]
KVM: VMX: Do not BUG() on out-of-bounds guest IRQ
The value of the guest_irq argument to vmx_update_pi_irte() is
ultimately coming from a KVM_IRQFD API call. Do not BUG() in
vmx_update_pi_irte() if the value is out-of bounds. (Especially,
since KVM as a whole seems to hang after that.)
Instead, print a message only once if we find that we don't have a
route for a certain IRQ (which can be out-of-bounds or within the
array).
This fixes CVE-2017-
1000252.
Fixes: efc644048ecde54 ("KVM: x86: Update IRTE for posted-interrupts")
Signed-off-by: Jan H. Schönherr <jschoenh@amazon.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name kvm-vmx-do-not-bug-on-out-of-bounds-guest-irq.patch
Xin Long [Sun, 27 Aug 2017 12:25:26 +0000 (20:25 +0800)]
scsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
ChunYu found a kernel crash by syzkaller:
[ 651.617875] kasan: CONFIG_KASAN_INLINE enabled
[ 651.618217] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 651.618731] general protection fault: 0000 [#1] SMP KASAN
[ 651.621543] CPU: 1 PID: 9539 Comm: scsi Not tainted 4.11.0.cov #32
[ 651.621938] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 651.622309] task:
ffff880117780000 task.stack:
ffff8800a3188000
[ 651.622762] RIP: 0010:skb_release_data+0x26c/0x590
[...]
[ 651.627260] Call Trace:
[ 651.629156] skb_release_all+0x4f/0x60
[ 651.629450] consume_skb+0x1a5/0x600
[ 651.630705] netlink_unicast+0x505/0x720
[ 651.632345] netlink_sendmsg+0xab2/0xe70
[ 651.633704] sock_sendmsg+0xcf/0x110
[ 651.633942] ___sys_sendmsg+0x833/0x980
[ 651.637117] __sys_sendmsg+0xf3/0x240
[ 651.638820] SyS_sendmsg+0x32/0x50
[ 651.639048] entry_SYSCALL_64_fastpath+0x1f/0xc2
It's caused by skb_shared_info at the end of sk_buff was overwritten by
ISCSI_KEVENT_IF_ERROR when parsing nlmsg info from skb in iscsi_if_rx.
During the loop if skb->len == nlh->nlmsg_len and both are sizeof(*nlh),
ev = nlmsg_data(nlh) will acutally get skb_shinfo(SKB) instead and set a
new value to skb_shinfo(SKB)->nr_frags by ev->type.
This patch is to fix it by checking nlh->nlmsg_len properly there to
avoid over accessing sk_buff.
Reported-by: ChunYu Wang <chunwang@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Chris Leech <cleech@redhat.com>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name scsi-fix-the-issue-that-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch
Vladis Dronov [Mon, 4 Sep 2017 14:00:50 +0000 (16:00 +0200)]
video: fbdev: aty: do not leak uninitialized padding in clk to userspace
'clk' is copied to a userland with padding byte(s) after 'vclk_post_div'
field unitialized, leaking data from the stack. Fix this ensuring all of
'clk' is initialized to zero.
References: https://github.com/torvalds/linux/pull/441
Reported-by: sohu0106 <sohu0106@126.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch
Dan Carpenter [Wed, 30 Aug 2017 13:30:35 +0000 (16:30 +0300)]
scsi: qla2xxx: Fix an integer overflow in sysfs code
The value of "size" comes from the user. When we add "start + size" it
could lead to an integer overflow bug.
It means we vmalloc() a lot more memory than we had intended. I believe
that on 64 bit systems vmalloc() can succeed even if we ask it to
allocate huge 4GB buffers. So we would get memory corruption and likely
a crash when we call ha->isp_ops->write_optrom() and ->read_optrom().
Only root can trigger this bug.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=194061
Cc: <stable@vger.kernel.org>
Fixes: b7cc176c9eb3 ("[SCSI] qla2xxx: Allow region-based flash-part accesses.")
Reported-by: shqking <shqking@gmail.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name scsi-qla2xxx-fix-an-integer-overflow-in-sysfs-code.patch
Jim Mattson [Tue, 12 Sep 2017 20:02:54 +0000 (13:02 -0700)]
kvm: nVMX: Don't allow L2 to access the hardware CR8
If L1 does not specify the "use TPR shadow" VM-execution control in
vmcs12, then L0 must specify the "CR8-load exiting" and "CR8-store
exiting" VM-execution controls in vmcs02. Failure to do so will give
the L2 VM unrestricted read/write access to the hardware CR8.
This fixes CVE-2017-12154.
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch
Vladis Dronov [Tue, 12 Sep 2017 22:21:21 +0000 (22:21 +0000)]
nl80211: check for the required netlink attributes presence
nl80211_set_rekey_data() does not check if the required attributes
NL80211_REKEY_DATA_{REPLAY_CTR,KEK,KCK} are present when processing
NL80211_CMD_SET_REKEY_OFFLOAD request. This request can be issued by
users with CAP_NET_ADMIN privilege and may result in NULL dereference
and a system crash. Add a check for the required attributes presence.
This patch is based on the patch by bo Zhang.
This fixes CVE-2017-12153.
References: https://bugzilla.redhat.com/show_bug.cgi?id=
1491046
Fixes: e5497d766ad ("cfg80211/nl80211: support GTK rekey offload")
Cc: <stable@vger.kernel.org> # v3.1-rc1
Reported-by: bo Zhang <zhangbo5891001@gmail.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name nl80211-check-for-the-required-netlink-attributes-presence.patch
Paolo Bonzini [Wed, 7 Jun 2017 13:13:14 +0000 (15:13 +0200)]
KVM: x86: fix singlestepping over syscall
TF is handled a bit differently for syscall and sysret, compared
to the other instructions: TF is checked after the instruction completes,
so that the OS can disable #DB at a syscall by adding TF to FMASK.
When the sysret is executed the #DB is taken "as if" the syscall insn
just completed.
KVM emulates syscall so that it can trap 32-bit syscall on Intel processors.
Fix the behavior, otherwise you could get #DB on a user stack which is not
nice. This does not affect Linux guests, as they use an IST or task gate
for #DB.
This fixes CVE-2017-7518.
Cc: stable@vger.kernel.org
Reported-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
[bwh: Backported to 4.9:
- kvm_vcpu_check_singlestep() sets some flags differently
- Drop changes to kvm_skip_emulated_instruction()]
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name kvm-x86-fix-singlestepping-over-syscall.patch
Trond Myklebust [Wed, 26 Apr 2017 15:55:27 +0000 (11:55 -0400)]
NFSv4: Fix callback server shutdown
We want to use kthread_stop() in order to ensure the threads are
shut down before we tear down the nfs_callback_info in nfs_callback_down.
Tested-and-reviewed-by: Kinglong Mee <kinglongmee@gmail.com>
Reported-by: Kinglong Mee <kinglongmee@gmail.com>
Fixes: bb6aeba736ba9 ("NFSv4.x: Switch to using svc_set_num_threads()...")
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name nfsv4-fix-callback-server-shutdown.patch
Trond Myklebust [Wed, 26 Apr 2017 15:55:26 +0000 (11:55 -0400)]
SUNRPC: Refactor svc_set_num_threads()
Refactor to separate out the functions of starting and stopping threads
so that they can be used in other helpers.
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Tested-and-reviewed-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name sunrpc-refactor-svc_set_num_threads.patch
Amey Telawane [Wed, 3 May 2017 10:11:14 +0000 (15:41 +0530)]
tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
Strcpy is inherently not safe, and strlcpy() should be used instead.
__trace_find_cmdline() uses strcpy() because the comms saved must have a
terminating nul character, but it doesn't hurt to add the extra protection
of using strlcpy() instead of strcpy().
Link: http://lkml.kernel.org/r/1493806274-13936-1-git-send-email-amit.pundir@linaro.org
Signed-off-by: Amey Telawane <ameyt@codeaurora.org>
[AmitP: Cherry-picked this commit from CodeAurora kernel/msm-3.10
https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=
2161ae9a70b12cf18ac8e5952a20161ffbccb477]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
[ Updated change log and removed the "- 1" from len parameter ]
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tracing-Use-strlcpy-instead-of-strcpy-in-__trace_fin.patch
Ben Hutchings [Sun, 26 Feb 2017 21:01:50 +0000 (21:01 +0000)]
time: Mark TIMER_STATS as broken
This is a substitute for upstream commit
dfb4357da6dd "time: Remove
CONFIG_TIMER_STATS", which avoids the need to resolve conflicts with
the PREEMPT_RT patch series.
Gbp-Pq: Topic debian
Gbp-Pq: Name time-mark-timer_stats-as-broken.patch
Ben Hutchings [Tue, 16 Feb 2016 02:45:42 +0000 (02:45 +0000)]
PCI: Set pci=nobios by default
CONFIG_PCI_GOBIOS results in physical addresses 640KB-1MB being mapped
W+X, which is undesirable for security reasons and will result in a
warning at boot now that we enable CONFIG_DEBUG_WX.
This can be overridden using the kernel parameter "pci=nobios", but we
want to disable W+X by default. Disable PCI BIOS probing by default;
it can still be enabled using "pci=bios".
Gbp-Pq: Topic debian
Gbp-Pq: Name i386-686-pae-pci-set-pci-nobios-by-default.patch
Linn Crosetto [Tue, 30 Aug 2016 17:54:38 +0000 (11:54 -0600)]
arm64: add kernel config option to set securelevel when in Secure Boot mode
Add a kernel configuration option to enable securelevel, to restrict
userspace's ability to modify the running kernel when UEFI Secure Boot is
enabled. Based on the x86 patch by Matthew Garrett.
Determine the state of Secure Boot in the EFI stub and pass this to the
kernel using the FDT.
Signed-off-by: Linn Crosetto <linn@hpe.com>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name arm64-add-kernel-config-option-to-set-securelevel-wh.patch
Linn Crosetto [Mon, 22 Feb 2016 19:54:37 +0000 (12:54 -0700)]
arm64/efi: Disable secure boot if shim is in insecure mode
Port to arm64 a patch originally written by Josh Boyer for the x86 EFI
stub.
A user can manually tell the shim boot loader to disable validation of
images it loads. When a user does this, it creates a UEFI variable called
MokSBState that does not have the runtime attribute set. Given that the
user explicitly disabled validation, we can honor that and not enable
secure boot mode if that variable is set.
Signed-off-by: Linn Crosetto <linn@hpe.com>
Cc: Josh Boyer <jwboyer@fedoraproject.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name arm64-efi-disable-secure-boot-if-shim-is-in-insecure.patch
Ben Hutchings [Thu, 2 Jun 2016 23:48:39 +0000 (00:48 +0100)]
mtd: Disable slram and phram when securelevel is enabled
The slram and phram drivers both allow mapping regions of physical
address space such that they can then be read and written by userland
through the MTD interface. This is probably usable to manipulate
hardware into overwriting kernel code on many systems. Prevent that
if securelevel is set.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name mtd-disable-slram-and-phram-when-securelevel-is-enabled.patch
Matthew Garrett [Tue, 12 Jan 2016 20:51:27 +0000 (12:51 -0800)]
Enable cold boot attack mitigation
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name enable-cold-boot-attack-mitigation.patch
Linn Crosetto [Wed, 16 Mar 2016 20:43:33 +0000 (14:43 -0600)]
acpi: Disable APEI error injection if securelevel is set
ACPI provides an error injection mechanism, EINJ, for debugging and testing
the ACPI Platform Error Interface (APEI) and other RAS features. If
supported by the firmware, ACPI specification 5.0 and later provide for a
way to specify a physical memory address to which to inject the error.
Injecting errors through EINJ can produce errors which to the platform are
indistinguishable from real hardware errors. This can have undesirable
side-effects, such as causing the platform to mark hardware as needing
replacement.
While it does not provide a method to load unauthenticated privileged code,
the effect of these errors may persist across reboots and affect trust in
the underlying hardware, so disable error injection through EINJ if
securelevel is set.
Signed-off-by: Linn Crosetto <linn@hpe.com>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name acpi-disable-apei-error-injection-if-securelevel-is-.patch
Linn Crosetto [Fri, 4 Mar 2016 23:08:24 +0000 (16:08 -0700)]
acpi: Disable ACPI table override if securelevel is set
From the kernel documentation (initrd_table_override.txt):
If the ACPI_INITRD_TABLE_OVERRIDE compile option is true, it is possible
to override nearly any ACPI table provided by the BIOS with an
instrumented, modified one.
When securelevel is set, the kernel should disallow any unauthenticated
changes to kernel space. ACPI tables contain code invoked by the kernel, so
do not allow ACPI tables to be overridden if securelevel is set.
Signed-off-by: Linn Crosetto <linn@hpe.com>
[bwh: Forward-ported to 4.7: ACPI override code moved to drivers/acpi/tables.c]
[bwh: Forward-ported to 4.9: adjust context]
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name acpi-disable-acpi-table-override-if-securelevel-is-s.patch
Dave Young [Tue, 6 Oct 2015 12:31:31 +0000 (13:31 +0100)]
kexec/uefi: copy secure_boot flag in boot params across kexec reboot
Kexec reboot in case secure boot being enabled does not keep the secure
boot mode in new kernel, so later one can load unsigned kernel via legacy
kexec_load. In this state, the system is missing the protections provided
by secure boot. Adding a patch to fix this by retain the secure_boot flag
in original kernel.
secure_boot flag in boot_params is set in EFI stub, but kexec bypasses the
stub. Fixing this issue by copying secure_boot flag across kexec reboot.
Signed-off-by: Dave Young <dyoung@redhat.com>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name kexec-uefi-copy-secure_boot-flag-in-boot-params-acro.patch
Josh Boyer [Fri, 20 Jun 2014 12:53:24 +0000 (08:53 -0400)]
hibernate: Disable when securelevel is set
There is currently no way to verify the resume image when returning
from hibernate. This might compromise the securelevel trust model,
so until we can work with signed hibernate images we disable it in
a secure modules environment.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name hibernate-disable-when-securelevel-is-set.patch
Josh Boyer [Wed, 6 Feb 2013 00:25:05 +0000 (19:25 -0500)]
efi: Disable secure boot if shim is in insecure mode
A user can manually tell the shim boot loader to disable validation of
images it loads. When a user does this, it creates a UEFI variable called
MokSBState that does not have the runtime attribute set. Given that the
user explicitly disabled validation, we can honor that and not enable
secure boot mode if that variable is set.
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name efi-disable-secure-boot-if-shim-is-in-insecure-mode.patch
Matthew Garrett [Fri, 9 Aug 2013 22:36:30 +0000 (18:36 -0400)]
Add option to automatically set securelevel when in Secure Boot mode
UEFI Secure Boot provides a mechanism for ensuring that the firmware will
only load signed bootloaders and kernels. Certain use cases may also
require that the kernel prevent userspace from inserting untrusted kernel
code at runtime. Add a configuration option that enforces this automatically
when enabled.
Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name add-option-to-automatically-set-securelevel-when-in-.patch
Matthew Garrett [Fri, 9 Mar 2012 13:46:50 +0000 (08:46 -0500)]
asus-wmi: Restrict debugfs interface when securelevel is set
We have no way of validating what all of the Asus WMI methods do on a
given machine, and there's a risk that some will allow hardware state to
be manipulated in such a way that arbitrary code can be executed in the
kernel. Prevent that if securelevel is set.
Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name asus-wmi-restrict-debugfs-interface-when-securelevel.patch
Matthew Garrett [Fri, 8 Feb 2013 19:12:13 +0000 (11:12 -0800)]
x86: Restrict MSR access when securelevel is set
Permitting write access to MSRs allows userspace to modify the running
kernel. Prevent this if securelevel has been set. Based on a patch by Kees
Cook.
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name x86-restrict-msr-access-when-securelevel-is-set.patch
Matthew Garrett [Tue, 3 Sep 2013 15:23:29 +0000 (11:23 -0400)]
uswsusp: Disable when securelevel is set
uswsusp allows a user process to dump and then restore kernel state, which
makes it possible to modify the running kernel. Disable this if securelevel
has been set.
Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name uswsusp-disable-when-securelevel-is-set.patch
Matthew Garrett [Fri, 9 Aug 2013 07:33:56 +0000 (03:33 -0400)]
kexec: Disable at runtime if securelevel has been set.
kexec permits the loading and execution of arbitrary code in ring 0, which
permits the modification of the running kernel. Prevent this if securelevel
has been set.
Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name kexec-disable-at-runtime-if-securelevel-has-been-set.patch
Josh Boyer [Mon, 25 Jun 2012 23:57:30 +0000 (19:57 -0400)]
acpi: Ignore acpi_rsdp kernel parameter when securelevel is set
This option allows userspace to pass the RSDP address to the kernel, which
makes it possible for a user to execute arbitrary code in the kernel.
Disable this when securelevel is set.
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name acpi-ignore-acpi_rsdp-kernel-parameter-when-securele.patch
Matthew Garrett [Fri, 9 Mar 2012 13:39:37 +0000 (08:39 -0500)]
acpi: Limit access to custom_method if securelevel is set
custom_method effectively allows arbitrary access to system memory, making
it possible for an attacker to modify the kernel at runtime. Prevent this
if securelevel has been set.
Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name acpi-limit-access-to-custom_method-if-securelevel-is.patch
Matthew Garrett [Fri, 9 Mar 2012 14:28:15 +0000 (09:28 -0500)]
Restrict /dev/mem and /dev/kmem when securelevel is set.
Allowing users to write to address space provides mechanisms that may permit
modification of the kernel at runtime. Prevent this if securelevel has been
set.
Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
[bwh: Forward-ported to 4.9: adjust context]
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name restrict-dev-mem-and-dev-kmem-when-securelevel-is-se.patch
Matthew Garrett [Thu, 8 Mar 2012 15:35:59 +0000 (10:35 -0500)]
x86: Lock down IO port access when securelevel is enabled
IO port access would permit users to gain access to PCI configuration
registers, which in turn (on a lot of hardware) give access to MMIO register
space. This would potentially permit root to trigger arbitrary DMA, so lock
it down when securelevel is set.
Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name x86-lock-down-io-port-access-when-securelevel-is-ena.patch
Matthew Garrett [Thu, 8 Mar 2012 15:10:38 +0000 (10:10 -0500)]
PCI: Lock down BAR access when securelevel is enabled
Any hardware that can potentially generate DMA has to be locked down from
userspace in order to avoid it being possible for an attacker to modify
kernel code. This should be prevented if securelevel has been set. Default
to paranoid - in future we can potentially relax this for sufficiently
IOMMU-isolated devices.
Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name pci-lock-down-bar-access-when-securelevel-is-enabled.patch
Matthew Garrett [Mon, 9 Sep 2013 12:46:52 +0000 (08:46 -0400)]
Enforce module signatures when securelevel is greater than 0
If securelevel has been set to 1 or greater, require that all modules have
valid signatures.
Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name enforce-module-signatures-when-securelevel-is-greate.patch
Matthew Garrett [Fri, 9 Aug 2013 21:58:15 +0000 (17:58 -0400)]
Add BSD-style securelevel support
Provide a coarse-grained runtime configuration option for restricting
userspace's ability to modify the running kernel.
Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name add-bsd-style-securelevel-support.patch
Pablo Neira Ayuso [Thu, 20 Oct 2016 16:07:14 +0000 (18:07 +0200)]
netfilter: nft_ct: add notrack support
This patch adds notrack support.
I decided to add a new expression, given that this doesn't fit into the
existing set operation. Notrack doesn't need a source register, and an
hypothetical NFT_CT_NOTRACK key makes no sense since matching the
untracked state is done through NFT_CT_STATE.
I'm placing this new notrack expression into nft_ct.c, I think a single
module is too much.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Gbp-Pq: Topic features/all
Gbp-Pq: Name netfilter-nft_ct-add-notrack-support.patch
Jan Kara [Mon, 31 Jul 2017 03:33:01 +0000 (23:33 -0400)]
ext4: Don't clear SGID when inheriting ACLs
When new directory 'DIR1' is created in a directory 'DIR0' with SGID bit
set, DIR1 is expected to have SGID bit set (and owning group equal to
the owning group of 'DIR0'). However when 'DIR0' also has some default
ACLs that 'DIR1' inherits, setting these ACLs will result in SGID bit on
'DIR1' to get cleared if user is not member of the owning group.
Fix the problem by moving posix_acl_update_mode() out of
__ext4_set_acl() into ext4_set_acl(). That way the function will not be
called when inheriting ACLs which is what we want as it prevents SGID
bit clearing and the mode has been properly set by posix_acl_create()
anyway.
Fixes: 073931017b49d9458aa351605b43a7e34598caef
CC: stable@vger.kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Jan Kara <jack@suse.cz>
Reviewed-by: Andreas Gruenbacher <agruenba@redhat.com>
[bwh: Backported to 4.9:
- Keep using ext4_current_time()
- Adjust context]
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name ext4-don-t-clear-sgid-when-inheriting-acls.patch
Ernesto A. Fernández [Mon, 31 Jul 2017 02:43:41 +0000 (22:43 -0400)]
ext4: preserve i_mode if __ext4_set_acl() fails
When changing a file's acl mask, __ext4_set_acl() will first set the group
bits of i_mode to the value of the mask, and only then set the actual
extended attribute representing the new acl.
If the second part fails (due to lack of space, for example) and the file
had no acl attribute to begin with, the system will from now on assume
that the mask permission bits are actual group permission bits, potentially
granting access to the wrong users.
Prevent this by only changing the inode mode after the acl has been set.
Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jan Kara <jack@suse.cz>
[bwh: Backported to 4.9: keep using ext4_current_time()]
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name ext4-preserve-i_mode-if-__ext4_set_acl-fails.patch
Ben Hutchings [Sat, 4 Mar 2017 01:44:15 +0000 (01:44 +0000)]
Kbuild.include: addtree: Remove quotes before matching path
systemtap currently fails to build modules when the kernel source and
object trees are separate.
systemtap adds something like -I"/usr/share/systemtap/runtime" to
EXTRA_CFLAGS, and addtree should not adjust this as it's specifying an
absolute directory. But since make has no understanding of shell
quoting, it does anyway.
For a long time this didn't matter, because addtree would still emit
the original -I option after the adjusted one. However, commit
db547ef19064 ("Kbuild: don't add obj tree in additional includes")
changed it to remove the original -I option.
Remove quotes (both double and single) before matching against the
excluded patterns.
References: https://bugs.debian.org/856474
Reported-by: Jack Henschel <jackdev@mailbox.org>
Reported-by: Ritesh Raj Sarraf <rrs@debian.org>
Fixes: db547ef19064 ("Kbuild: don't add obj tree in additional includes")
Cc: stable@vger.kernel.org # 4.8+
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name kbuild-include-addtree-remove-quotes-before-matching-path.patch
Ben Hutchings [Wed, 11 Jan 2017 04:30:40 +0000 (04:30 +0000)]
Partially revert "usb: Kconfig: using select for USB_COMMON dependency"
This reverts commit
cb9c1cfc86926d0e86d19c8e34f6c23458cd3478 for
USB_LED_TRIG. This config symbol has bool type and enables extra code
in usb_common itself, not a separate driver. Enabling it should not
force usb_common to be built-in!
Fixes: cb9c1cfc8692 ("usb: Kconfig: using select for USB_COMMON dependency")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name partially-revert-usb-kconfig-using-select-for-usb_co.patch
Ben Hutchings [Fri, 26 Aug 2016 00:31:28 +0000 (01:31 +0100)]
kbuild: Do not use hyphen in exported variable name
This definition in Makefile.dtbinst:
export dtbinst-root ?= $(obj)
should define and export dtbinst-root when handling the root dts
directory, and do nothing in the subdirectories. However, the
variable does not reliably get exported to the environment, perhaps
because its name contains a hyphen.
Rename the variable to dtbinst_root.
References: https://bugs.debian.org/833561
Fixes: 323a028d39cdi ("dts, kbuild: Implement support for dtb vendor subdirs")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name kbuild-do-not-use-hyphen-in-exported-variable-name.patch
Ben Hutchings [Wed, 13 Apr 2016 20:48:06 +0000 (21:48 +0100)]
fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers
This helps initramfs builders and other tools to find the full
dependencies of a module.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name fs-add-module_softdep-declarations-for-hard-coded-cr.patch
Ian Campbell [Wed, 20 Nov 2013 08:30:14 +0000 (08:30 +0000)]
phy/marvell: disable 4-port phys
The Marvell PHY was originally disabled because it can cause networking
failures on some systems. According to Lennert Buytenhek this is because some
of the variants added did not share the same register layout. Since the known
cases are all 4-ports disable those variants (indicated by a 4 in the
penultimate position of the model name) until they can be audited for
correctness.
[bwh: Also #if-out the init functions for these PHYs to avoid
compiler warnings]
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name disable-some-marvell-phys.patch
Ben Hutchings [Sat, 19 Oct 2013 18:43:35 +0000 (19:43 +0100)]
kbuild: Use -nostdinc in compile tests
gcc 4.8 and later include <stdc-predef.h> by default. In some
versions of eglibc that includes <bits/predefs.h>, but that may be
missing when building with a biarch compiler. Also <stdc-predef.h>
itself could be missing as we are only trying to build a kernel, not
userland.
The -nostdinc option disables this, though it isn't explicitly
documented. This option is already used when actually building
the kernel, but not by cc-option and other tests. This can result
in silently miscompiling the kernel.
References: https://bugs.debian.org/717557
References: https://bugs.debian.org/726861
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name kbuild-use-nostdinc-in-compile-tests.patch
Huacai Chen [Thu, 22 Jun 2017 15:06:54 +0000 (23:06 +0800)]
MIPS: Loogson: Make enum loongson_cpu_type more clear
Sort enum loongson_cpu_type in a more reasonable manner, this makes the
CPU names more clear and extensible. Those already defined enum values
are renamed to Legacy_* for compatibility.
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Cc: John Crispin <john@phrozen.org>
Cc: Steven J . Hill <Steven.Hill@cavium.com>
Cc: Fuxin Zhang <zhangfx@lemote.com>
Cc: Zhangjin Wu <wuzhangjin@gmail.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/16591/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Gbp-Pq: Topic features/mips
Gbp-Pq: Name mips-loogson-make-enum-loongson_cpu_type-more-clear.patch
Huacai Chen [Thu, 22 Jun 2017 15:06:53 +0000 (23:06 +0800)]
MIPS: Loongson-3: support irq_set_affinity() in i8259 chip
With this patch we can set irq affinity via procfs, so as to improve
network performance.
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Cc: John Crispin <john@phrozen.org>
Cc: Steven J . Hill <Steven.Hill@cavium.com>
Cc: Fuxin Zhang <zhangfx@lemote.com>
Cc: Zhangjin Wu <wuzhangjin@gmail.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/16590/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Gbp-Pq: Topic features/mips
Gbp-Pq: Name mips-loongson-3-support-irq_set_affinity-in-i8259-ch.patch
Huacai Chen [Thu, 22 Jun 2017 15:06:52 +0000 (23:06 +0800)]
MIPS: Loongson-3: IRQ balancing for PCI devices
IRQ0 (HPET), IRQ1 (Keyboard), IRQ2 (Cascade), IRQ7 (SCI), IRQ8 (RTC)
and IRQ12 (Mouse) are handled by core-0 locally. Other PCI IRQs (3, 4,
5, 6, 14, 15) are balanced by all cores from Node-0. This can improve
I/O performance significantly.
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Cc: John Crispin <john@phrozen.org>
Cc: Steven J . Hill <Steven.Hill@cavium.com>
Cc: Fuxin Zhang <zhangfx@lemote.com>
Cc: Zhangjin Wu <wuzhangjin@gmail.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/16589/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Gbp-Pq: Topic features/mips
Gbp-Pq: Name mips-loongson-3-irq-balancing-for-pci-devices.patch
Huacai Chen [Thu, 22 Jun 2017 15:06:51 +0000 (23:06 +0800)]
MIPS: Loongson-3: Support 4 packages in CPU Hwmon driver
Loongson-3 machines may have as many as 4 physical packages.
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Cc: John Crispin <john@phrozen.org>
Cc: Steven J . Hill <Steven.Hill@cavium.com>
Cc: Fuxin Zhang <zhangfx@lemote.com>
Cc: Zhangjin Wu <wuzhangjin@gmail.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/16588/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Gbp-Pq: Topic features/mips
Gbp-Pq: Name mips-loongson-3-support-4-packages-in-cpu-hwmon-driv.patch
Huacai Chen [Thu, 22 Jun 2017 15:06:50 +0000 (23:06 +0800)]
MIPS: Loongson: Add NMI handler support
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Cc: John Crispin <john@phrozen.org>
Cc: Steven J . Hill <Steven.Hill@cavium.com>
Cc: Fuxin Zhang <zhangfx@lemote.com>
Cc: Zhangjin Wu <wuzhangjin@gmail.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/16587/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Gbp-Pq: Topic features/mips
Gbp-Pq: Name mips-loongson-add-nmi-handler-support.patch
Huacai Chen [Thu, 22 Jun 2017 15:06:48 +0000 (23:06 +0800)]
MIPS: Loongson: Add Loongson-3A R3 basic support
Loongson-3A R3 is very similar to Loongson-3A R2.
All Loongson-3 CPU family:
Code-name Brand-name PRId
Loongson-3A R1 Loongson-3A1000 0x6305
Loongson-3A R2 Loongson-3A2000 0x6308
Loongson-3A R3 Loongson-3A3000 0x6309
Loongson-3B R1 Loongson-3B1000 0x6306
Loongson-3B R2 Loongson-3B1500 0x6307
Signed-off-by: Huacai Chen <chenhc@lemote.com>
Cc: John Crispin <john@phrozen.org>
Cc: Steven J . Hill <Steven.Hill@cavium.com>
Cc: Fuxin Zhang <zhangfx@lemote.com>
Cc: Zhangjin Wu <wuzhangjin@gmail.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/16585/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Gbp-Pq: Topic features/mips
Gbp-Pq: Name mips-loongson-add-loongson-3a-r3-basic-support.patch
Enric Balletbo i Serra [Wed, 3 May 2017 09:56:29 +0000 (10:56 +0100)]
ARM: dts: rockchip: enable ARM Mali GPU on rk3288-veyron
Add reference to the Mali GPU device tree node on rk3288-veyron.
Tested on Minnie and Jerry boards.
Signed-off-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Signed-off-by: Guillaume Tucker <guillaume.tucker@collabora.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Gbp-Pq: Topic features/arm
Gbp-Pq: Name arm-dts-rockchip-enable-arm-mali-gpu-on-rk3288-veyro.patch
Guillaume Tucker [Wed, 3 May 2017 09:56:28 +0000 (10:56 +0100)]
ARM: dts: rockchip: enable ARM Mali GPU on rk3288-firefly
Add reference to the Mali GPU device tree node on rk3288-firefly.
Tested on Firefly board.
Signed-off-by: Guillaume Tucker <guillaume.tucker@collabora.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Gbp-Pq: Topic features/arm
Gbp-Pq: Name arm-dts-rockchip-enable-arm-mali-gpu-on-rk3288-firef.patch
Guillaume Tucker [Wed, 3 May 2017 09:56:27 +0000 (10:56 +0100)]
ARM: dts: rockchip: enable ARM Mali GPU on rk3288-rock2-som
Add reference to the Mali GPU device tree node on the
rk3288-rock2-som platform. Tested on a Radxa Rock2 Square board.
Signed-off-by: Guillaume Tucker <guillaume.tucker@collabora.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Gbp-Pq: Topic features/arm
Gbp-Pq: Name arm-dts-rockchip-enable-arm-mali-gpu-on-rk3288-rock2.patch
Guillaume Tucker [Wed, 3 May 2017 09:56:26 +0000 (10:56 +0100)]
ARM: dts: rockchip: add ARM Mali GPU node for rk3288
Add Mali GPU device tree node for the rk3288 SoC, with devfreq
opp table.
Signed-off-by: Guillaume Tucker <guillaume.tucker@collabora.com>
Tested-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Gbp-Pq: Topic features/arm
Gbp-Pq: Name arm-dts-rockchip-add-arm-mali-gpu-node-for-rk3288.patch
Guillaume Tucker [Wed, 3 May 2017 09:56:25 +0000 (10:56 +0100)]
dt-bindings: gpu: add bindings for the ARM Mali Midgard GPU
The ARM Mali Midgard GPU family is present in a number of SoCs
from many different vendors such as Samsung Exynos and Rockchip.
Import the device tree bindings documentation from the r16p0
release of the Mali Midgard GPU kernel driver:
https://developer.arm.com/-/media/Files/downloads/mali-drivers/kernel/mali-midgard-gpu/TX011-SW-99002-r16p0-00rel0.tgz
Remove the copyright and GPL licence header as deemed not necessary.
Redesign the "compatible" property strings to list all the Mali
Midgard GPU types and add vendor specific ones.
Drop the "clock-names" property as the Mali Midgard GPU uses only one
clock (the driver now needs to call clk_get with NULL).
Convert the "interrupt-names" property values to lower-case: "job",
"mmu" and "gpu".
Replace the deprecated "operating-points" optional property with
"operating-points-v2".
Omit the following optional properties in this initial version as they
are only used in very specific cases:
* snoop_enable_smc
* snoop_disable_smc
* jm_config
* power_model
* system-coherency
* ipa-model
Update the example accordingly to reflect all these changes, based on
rk3288 mali-t760.
CC: John Reitan <john.reitan@arm.com>
Signed-off-by: Guillaume Tucker <guillaume.tucker@collabora.com>
Tested-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Gbp-Pq: Topic features/arm
Gbp-Pq: Name dt-bindings-gpu-add-bindings-for-the-arm-mali-midgar.patch
Aleksey Makarov [Tue, 4 Oct 2016 07:15:32 +0000 (10:15 +0300)]
serial: pl011: add console matching function
This patch adds function pl011_console_match() that implements
method match of struct console. It allows to match consoles against
data specified in a string, for example taken from command line or
compiled by ACPI SPCR table handler.
This patch was merged to tty-next but then reverted because of
conflict with
commit
46e36683f433 ("serial: earlycon: Extend earlycon command line option to support 64-bit addresses")
Now it is fixed.
Signed-off-by: Aleksey Makarov <aleksey.makarov@linaro.org>
Reviewed-by: Peter Hurley <peter@hurleysoftware.com>
Acked-by: Russell King <rmk+kernel@armlinux.org.uk>
Tested-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Gbp-Pq: Topic features/arm64
Gbp-Pq: Name serial-pl011-add-console-matching-function.patch
Arnd Bergmann [Thu, 2 Feb 2017 11:38:33 +0000 (12:38 +0100)]
ARM: orion5x: fix Makefile for linkstation-lschl.dtb
The rename of orion5x-lschl.dts needs to be reflected in the Makefile:
make[3]: *** No rule to make target 'arch/arm/boot/dts/orion5x-lschl.dtb', needed by '__build'.
Fixes: 6cfd3cd8d836 ("ARM: dts: orion5x-lschl: More consistent naming on linkstation series")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Gbp-Pq: Topic features/arm
Gbp-Pq: Name ARM-orion5x-fix-Makefile-for-linkstation-lschl.dtb.patch
Roger Shimizu [Mon, 30 Jan 2017 11:07:30 +0000 (20:07 +0900)]
ARM: dts: orion5x-lschl: More consistent naming on linkstation series
DTS files, which includes orion5x-linkstation.dtsi, are named:
orion5x-linkstation-*.dts
So we rename the file below:
arch/arm/boot/dts/orion5x-lschl.dts
to the new name:
arch/arm/boot/dts/orion5x-linkstation-lschl.dts
Because DTS conversion of this device was just introduced in 4.9, Debian
is still using legacy device support, other distros are the same,
so here we won't expect any impact actually.
Fixes: f94f268979a2 ("ARM: dts: orion5x: convert ls-chl to FDT")
Cc: Ashley Hughes <ashley.hughes@blueyonder.co.uk>
Signed-off-by: Roger Shimizu <rogershimizu@gmail.com>
Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Gbp-Pq: Topic features/arm
Gbp-Pq: Name ARM-dts-orion5x-lschl-More-consistent-naming-on-link.patch
Roger Shimizu [Mon, 30 Jan 2017 11:07:29 +0000 (20:07 +0900)]
ARM: dts: orion5x-lschl: Fix model name
Model name should be consistent with legacy device file, so that user
can migrate their system from legacy device support to device-tree
safely.
Legacy device file is currently removed, but it can be found on 4.8
or previous version of linux:
arch/arm/mach-orion5x/ls-chl-setup.c
Fixes: f94f268979a2 ("ARM: dts: orion5x: convert ls-chl to FDT")
Cc: Ashley Hughes <ashley.hughes@blueyonder.co.uk>
Signed-off-by: Roger Shimizu <rogershimizu@gmail.com>
Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Gbp-Pq: Topic features/arm
Gbp-Pq: Name ARM-dts-orion5x-lschl-Fix-model-name.patch
Neil Armstrong [Wed, 18 Jan 2017 16:50:45 +0000 (17:50 +0100)]
ARM64: dts: meson-gx: Add firmware reserved memory zones
The Amlogic Meson GXBB/GXL/GXM secure monitor uses part of the memory space,
this patch adds these reserved zones.
Without such reserved memory zones, running the following stress command :
$ stress-ng --vm 16 --vm-bytes 128M --timeout 10s
multiple times:
Could lead to the following kernel crashes :
[ 46.937975] Bad mode in Error handler detected on CPU1, code 0xbf000000 -- SError
...
[ 47.058536] Internal error: Attempting to execute userspace memory:
8600000f [#3] PREEMPT SMP
...
Instead of the OOM killer.
Fixes: 4f24eda8401f ("ARM64: dts: Prepare configs for Amlogic Meson GXBaby")
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Reviewed-by: Andreas Färber <afaerber@suse.de>
[khilman: added Fixes tag, added _reserved and unit addresses]
Signed-off-by: Kevin Hilman <khilman@baylibre.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
[bwh: Backported to 4.9: adjust filename]
Gbp-Pq: Topic features/arm64
Gbp-Pq: Name dts-meson-gx-add-firmware-reserved-memory-zone.patch
Ashley Hughes [Sat, 19 Nov 2016 07:10:27 +0000 (08:10 +0100)]
ARM: dts: orion5x: convert ls-chl to FDT
This patch converts my orion5x ls-chl Linkstation device to device tree.
[gregory.clement@free-electrons.com: fix title, add back the commit log,
move the removal of the platform in an other patch]
Signed-off-by: Ashley Hughes <ashley.hughes@blueyonder.co.uk>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Gbp-Pq: Topic features/arm
Gbp-Pq: Name ARM-dts-orion5x-convert-ls-chl-to-FDT.patch
Uwe Kleine-König [Tue, 3 Jan 2017 19:35:01 +0000 (20:35 +0100)]
ARM: dts: turris-omnia: add support for ethernet switch
The Turris Omnia features a Marvell MV88E6176 ethernet switch. Add it to
the dts.
Signed-off-by: Uwe Kleine-König <uwe@kleine-koenig.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Tested-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Gbp-Pq: Topic features/arm
Gbp-Pq: Name arm-dts-turris-omnia-add-support-for-ethernet-switch.patch
Uwe Kleine-König [Fri, 25 Nov 2016 14:26:58 +0000 (15:26 +0100)]
ARM: dts: add support for Turris Omnia
This machine is an open hardware router by cz.nic driven by a
Marvell Armada 385.
Signed-off-by: Uwe Kleine-König <uwe@kleine-koenig.org>
Signed-off-by: Tomas Hlavacek <tmshlvck@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Gbp-Pq: Topic features/arm
Gbp-Pq: Name arm-dts-add-support-for-turris-omnia.patch
Ben Hutchings [Fri, 25 Jul 2014 00:16:15 +0000 (01:16 +0100)]
x86: Make x32 syscall support conditional on a kernel parameter
Enabling x32 in the standard amd64 kernel would increase its attack
surface while provide no benefit to the vast majority of its users.
No-one seems interested in regularly checking for vulnerabilities
specific to x32 (at least no-one with a white hat).
Still, adding another flavour just to turn on x32 seems wasteful. And
the only differences on syscall entry are two instructions (mask out
the x32 flag and compare the syscall number).
So pad the standard comparison with a nop and add a kernel parameter
"syscall.x32" which controls whether this is replaced with the x32
version at boot time. Add a Kconfig parameter to set the default.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name x86-make-x32-syscall-support-conditional.patch
Ben Hutchings [Mon, 5 Dec 2011 04:00:58 +0000 (04:00 +0000)]
x86: memtest: WARN if bad RAM found
Since this is not a particularly thorough test, if we find any bad
bits of RAM then there is a fair chance that there are other bad bits
we fail to detect.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name x86-memtest-WARN-if-bad-RAM-found.patch
projects / linux-4.9.git / log