Bryan Freed [Mon, 22 May 2017 09:20:11 +0000 (11:20 +0200)]
tpm: Apply a sane minimum adapterlimit value for retransmission.
When the I2C Infineon part is attached to an I2C adapter that imposes
a size limitation, large requests will fail with -EOPNOTSUPP. Retry
them with a sane minimum size without re-issuing the 0x05 command
as this appears to occasionally put the TPM in a bad state.
Signed-off-by: Bryan Freed <bfreed@chromium.org>
[rework the patch to adapt to the feedback received]
Signed-off-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Acked-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Jason Gunthorpe [Thu, 4 May 2017 15:53:25 +0000 (09:53 -0600)]
tpm_tis: Consolidate the platform and acpi probe flow
Now that the platform device was merged for OF support we can use the
platform device to match ACPI devices as well and run everything
through tpm_tis_init.
pnp_acpi_device is replaced with ACPI_COMPANION, and ACPI_HANDLE is
pushed further down.
platform_get_resource is used instead of acpi_dev_get_resources.
The itpm global module parameter is no longer changed during itpm
detection, instead the phy specific bit is set directly.
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jerry Snitselaar <jsnitsel@redhat.com> (with TPM 2.0)
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> (with TPM 1.2)
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Jason Gunthorpe [Thu, 4 May 2017 15:53:24 +0000 (09:53 -0600)]
tpm_tis: Use platform_get_irq
Replace the open coded IORESOURCE_IRQ with platform_get_irq, which
supports more cases.
Fixes:
00194826e6be ("tpm_tis: Clean up the force=1 module parameter")
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jerry Snitselaar <jsnitsel@redhat.com> (with TPM 2.0)
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> (with TPM 1.2)
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Jason Gunthorpe [Thu, 4 May 2017 15:53:23 +0000 (09:53 -0600)]
tpm_tis: Fix IRQ autoprobing when using platform_device
The test was backwards, triggering IRQ autoprobing if the firmware
did not specify an IRQ, instead of triggering it only when the
module force parameter was specified.
Since autoprobing is not enabled on !x86 and the platform device is
currently only used on !x86, or with force, this has gone unnoticed.
Fixes:
00194826e6be ("tpm_tis: Clean up the force=1 module parameter")
Signed-off-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jerry Snitselaar <jsnitsel@redhat.com> (with TPM 2.0)
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> (with TPM 1.2)
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Roberto Sassu [Thu, 4 May 2017 11:16:47 +0000 (13:16 +0200)]
tpm: move TPM 1.2 code of tpm_pcr_extend() to tpm1_pcr_extend()
In preparation of the modifications to tpm_pcr_extend(), which will
allow callers to supply a digest for each PCR bank of a TPM 2.0,
the TPM 1.2 specific code has been moved to tpm1_pcr_extend().
tpm1_pcr_extend() uses tpm_buf_init() to prepare the command buffer,
which offers protection against buffer overflow. It is called by
tpm_pcr_extend() and tpm_pm_suspend().
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Roberto Sassu [Wed, 3 May 2017 16:19:10 +0000 (18:19 +0200)]
tpm: move endianness conversion of ordinals to tpm_input_header
Move CPU native value to big-endian conversion of ordinals to the
tpm_input_header declarations.
With the previous and this patch it will now be possible to modify TPM 1.2
functions to use tpm_buf_init(), which expects CPU native value for the
tag and ordinal arguments.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Roberto Sassu [Wed, 3 May 2017 16:19:09 +0000 (18:19 +0200)]
tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header
In the long term, TPM 1.2 functions in the driver interface will be
modified to use tpm_buf_init().
However, tag and ordinals cannot be passed directly to tpm_buf_init(),
because this function performs CPU native to big-endian conversion of these
arguments. Since TPM_TAG_RQU_COMMAND and TPM_ORD_ are already converted,
passing them to the function will undo the previous conversion.
This patch moves the conversion of TPM_TAG_RQU_COMMAND from the tpm.h
header file in the driver directory to the tpm_input_header declarations
in the driver interface and tpm-sysfs.c.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
John Johansen [Sat, 10 Jun 2017 00:25:03 +0000 (17:25 -0700)]
apparmor: export that basic profile namespaces are supported
Allow userspace to detect that basic profile policy namespaces are
available.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Sat, 10 Jun 2017 00:22:50 +0000 (17:22 -0700)]
apparmor: add stacked domain labels interface
Update the user interface to support the stacked change_profile transition.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Sat, 10 Jun 2017 00:11:17 +0000 (17:11 -0700)]
apparmor: add domain label stacking info to apparmorfs
Now that the domain label transition is complete advertise it to
userspace.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Sat, 10 Jun 2017 00:07:58 +0000 (17:07 -0700)]
apparmor: move change_profile mediation to using labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Sat, 10 Jun 2017 00:01:43 +0000 (17:01 -0700)]
apparmor: move change_hat mediation to using labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 23:55:04 +0000 (16:55 -0700)]
apparmor: move exec domain mediation to using labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Sat, 10 Jun 2017 00:29:12 +0000 (17:29 -0700)]
apparmor: support v7 transition format compatible with label_parse
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Sat, 10 Jun 2017 00:15:56 +0000 (17:15 -0700)]
apparmor: mediate files when they are received
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 23:19:02 +0000 (16:19 -0700)]
apparmor: rework file permission to cache file access in file->ctx
This is a temporary step, towards using the file->ctx for delegation,
and also helps speed up file queries, until the permission lookup
cache is introduced.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 23:06:21 +0000 (16:06 -0700)]
apparmor: move path_link mediation to using labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 23:02:25 +0000 (16:02 -0700)]
apparmor: refactor path name lookup and permission checks around labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 22:48:20 +0000 (15:48 -0700)]
apparmor: update aa_audit_file() to use labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 21:59:51 +0000 (14:59 -0700)]
apparmor: move aa_file_perm() to use labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 21:38:35 +0000 (14:38 -0700)]
apparmor: allow ptrace checks to be finer grained than just capability
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 21:22:14 +0000 (14:22 -0700)]
apparmor: move ptrace checks to using labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 21:23:09 +0000 (14:23 -0700)]
apparmor: add cross check permission helper macros
The cross check permission helper macros will help simplify code
that does cross task permission checks like ptrace.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 21:15:20 +0000 (14:15 -0700)]
apparmor: move resource checks to using labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 21:07:02 +0000 (14:07 -0700)]
apparmor: move capability checks to using labels
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 20:55:38 +0000 (13:55 -0700)]
apparmor: update query interface to support label queries
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 19:47:17 +0000 (12:47 -0700)]
apparmor: switch getprocattr to using label_print fns()
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 15:14:28 +0000 (08:14 -0700)]
apparmor: switch from profiles to using labels on contexts
Begin the actual switch to using domain labels by storing them on
the context and converting the label to a singular profile where
possible.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 13:19:19 +0000 (06:19 -0700)]
apparmor: add the base fns() for domain labels
Begin moving apparmor to using broader domain labels, that will allow
run time computation of domain type splitting via "stacking" of
profiles into a domain label vec.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 18:58:42 +0000 (11:58 -0700)]
apparmor: revalidate files during exec
Instead of running file revalidation lazily when read/write are called
copy selinux and revalidate the file table on exec. This avoids
extra mediation overhead in read/write and also prevents file handles
being passed through to a grand child unchecked.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 18:43:45 +0000 (11:43 -0700)]
apparmor: cleanup rename XXX_file_context() to XXX_file_ctx()
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 18:36:48 +0000 (11:36 -0700)]
apparmor: convert aa_change_XXX bool parameters to flags
Instead of passing multiple booleans consolidate on a single flags
field.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 14:24:18 +0000 (07:24 -0700)]
apparmor: cleanup remove unused and not fully implemented profile rename
Remove the partially implemented code, until this can be properly
implemented.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 14:16:46 +0000 (07:16 -0700)]
apparmor: refactor updating profiles to the newest parent
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 14:09:05 +0000 (07:09 -0700)]
apparmor: share profile name on replacement
The profile names are the same, leverage this.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 09:08:28 +0000 (02:08 -0700)]
apparmor: convert to profile block critical sections
There are still a few places where profile replacement fails to update
and a stale profile is used for mediation. Fix this by moving to
accessing the current label through a critical section that will
always ensure mediation is using the current label regardless of
whether the tasks cred has been updated or not.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 12:27:50 +0000 (05:27 -0700)]
apparmor: move bprm_committing_creds/committed_creds to lsm.c
There is no reason to have the small stubs that don't use domain
private functions in domain.c, instead move them to lsm.c and make
them static.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 09:11:29 +0000 (02:11 -0700)]
apparmor: fix display of ns name
The ns name being displayed should go through an ns view lookup.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 9 Jun 2017 09:28:19 +0000 (02:28 -0700)]
apparmor: fix apparmor_query data
The data being queried isn't always the current profile and a lookup
relative to the current profile should be done.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Sun, 4 Jun 2017 19:22:22 +0000 (12:22 -0700)]
apparmor: fix policy load/remove semantics
The namespace being passed into the replace/remove profiles fns() is
not the view, but the namespace specified by the inode from the
file hook (if present) or the loading tasks ns, if accessing the
top level virtualized load/replace file interface.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Sat, 3 Jun 2017 00:44:27 +0000 (17:44 -0700)]
apparmor: add namespace lookup fns()
Currently lookups are restricted to a single ns component in the
path. However when namespaces are allowed to have separate views, and
scopes this will not be sufficient, as it will be possible to have
a multiple component ns path in scope.
Add some ns lookup fns() to allow this and use them.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 2 Jun 2017 20:50:22 +0000 (13:50 -0700)]
apparmor: cleanup __find_child()
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Thu, 30 Mar 2017 12:25:23 +0000 (05:25 -0700)]
apparmor: provide information about path buffer size at boot
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Sat, 27 May 2017 01:35:29 +0000 (18:35 -0700)]
apparmor: add profile permission query ability
Allow userspace to query a profile about permissions, through the
transaction interface that is already used to allow userspace to
query about key,value data.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Mon, 29 May 2017 19:19:39 +0000 (12:19 -0700)]
apparmor: switch from file_perms to aa_perms
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Mon, 29 May 2017 19:16:04 +0000 (12:16 -0700)]
apparmor: add gerneric permissions struct and support fns
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Mon, 29 May 2017 18:45:29 +0000 (11:45 -0700)]
apparmor: add fn to test if profile supports a given mediation class
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Sat, 27 May 2017 00:23:23 +0000 (17:23 -0700)]
apparmor: speed up transactional queries
The simple_transaction interface is slow. It requires 4 syscalls
(open, write, read, close) per query and shares a single lock for each
queries.
So replace its use with a compatible in multi_transaction interface.
It allows for a faster 2 syscall pattern per query. After an initial
open, an arbitrary number of writes and reads can be issued. Each
write will reset the query with new data that can be read. Reads do
not clear the data, and can be issued multiple times, and used with
seek, until a new write is performed which will reset the data
available and the seek position.
Note: this keeps the single lock design, if needed moving to a per
file lock will have to come later.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Sat, 27 May 2017 01:49:04 +0000 (18:49 -0700)]
apparmor: add label data availability to the feature set
gsettings mediation needs to be able to determine if apparmor supports
label data queries. A label data query can be done to test for support
but its failure is indistinguishable from other failures, making it an
unreliable indicator.
Fix by making support of label data queries available as a flag in the
apparmorfs features dir tree.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 26 May 2017 23:45:48 +0000 (16:45 -0700)]
apparmor: add mkdir/rmdir interface to manage policy namespaces
When setting up namespaces for containers its easier for them to use
an fs interface to create the namespace for the containers
policy. Allow mkdir/rmdir under the policy/namespaces/ dir to be used
to create and remove namespaces.
BugLink: http://bugs.launchpad.net/bugs/1611078
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 26 May 2017 23:27:58 +0000 (16:27 -0700)]
apparmor: add policy revision file interface
Add a policy revision file to find the current revision of a ns's policy.
There is a revision file per ns, as well as a virtualized global revision
file in the base apparmor fs directory. The global revision file when
opened will provide the revision of the opening task namespace.
The revision file can be waited on via select/poll to detect apparmor
policy changes from the last read revision of the opened file. This
means that the revision file must be read after the select/poll other
wise update data will remain ready for reading.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 26 May 2017 08:45:08 +0000 (01:45 -0700)]
apparmor: provide finer control over policy management
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 26 May 2017 22:07:22 +0000 (15:07 -0700)]
apparmor: rework perm mapping to a slightly broader set
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Fri, 26 May 2017 08:57:09 +0000 (01:57 -0700)]
apparmor: move permissions into their own file to be more easily shared
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Thu, 25 May 2017 13:35:38 +0000 (06:35 -0700)]
apparmor: convert from securityfs to apparmorfs for policy ns files
Virtualize the apparmor policy/ directory so that the current
namespace affects what part of policy is seen. To do this convert to
using apparmorfs for policy namespace files and setup a magic symlink
in the securityfs apparmor dir to access those files.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
John Johansen [Thu, 25 May 2017 13:31:46 +0000 (06:31 -0700)]
apparmor: allow specifying an already created dir to create ns entries in
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
John Johansen [Thu, 25 May 2017 13:23:42 +0000 (06:23 -0700)]
apparmor: rename apparmor file fns and data to indicate use
prefixes are used for fns/data that are not static to apparmorfs.c
with the prefixes being
aafs - special magic apparmorfs for policy namespace data
aa_sfs - for fns/data that go into securityfs
aa_fs - for fns/data that may be used in the either of aafs or
securityfs
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
John Johansen [Thu, 25 May 2017 12:52:56 +0000 (05:52 -0700)]
apparmor: add custom apparmorfs that will be used by policy namespace files
AppArmor policy needs to be able to be resolved based on the policy
namespace a task is confined by. Add a base apparmorfs filesystem that
(like nsfs) will exist as a kern mount and be accessed via jump_link
through a securityfs file.
Setup the base apparmorfs fns and data, but don't use it yet.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
John Johansen [Thu, 25 May 2017 14:27:35 +0000 (07:27 -0700)]
apparmor: use macro template to simplify namespace seq_files
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
John Johansen [Thu, 25 May 2017 11:35:09 +0000 (04:35 -0700)]
apparmor: use macro template to simplify profile seq_files
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
John Johansen [Tue, 9 May 2017 07:08:41 +0000 (00:08 -0700)]
apparmor: move to per loaddata files, instead of replicating in profiles
The loaddata sets cover more than just a single profile and should
be tracked at the ns level. Move the load data files under the namespace
and reference the files from the profiles via a symlink.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
John Johansen [Sun, 7 May 2017 12:53:37 +0000 (05:53 -0700)]
securityfs: add the ability to support symlinks
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: Kees Cook <keescook@chromium.org>
John Johansen [Tue, 23 May 2017 10:25:14 +0000 (03:25 -0700)]
apparmor: Move path lookup to using preallocated buffers
Dynamically allocating buffers is problematic and is an extra layer
that is a potntial point of failure and can slow down mediation.
Change path lookup to use the preallocated per cpu buffers.
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Mon, 22 May 2017 10:06:52 +0000 (03:06 -0700)]
apparmor: allow profiles to provide info to disconnected paths
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Mon, 22 May 2017 09:47:22 +0000 (02:47 -0700)]
apparmor: make internal lib fn skipn_spaces available to the rest of apparmor
Signed-off-by: John Johansen <john.johansen@canonical.com>
John Johansen [Mon, 22 May 2017 00:15:28 +0000 (17:15 -0700)]
apparmor: move file context into file.h
Signed-off-by: John Johansen <john.johansen@canonical.com>
Thomas Schneider [Fri, 14 Oct 2016 19:29:49 +0000 (21:29 +0200)]
security/apparmor: Use POSIX-compatible "printf '%s'"
When using a strictly POSIX-compliant shell, "-n #define ..." gets
written into the file. Use "printf '%s'" to avoid this.
Signed-off-by: Thomas Schneider <qsx@qsx.re>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Dan Carpenter [Tue, 23 May 2017 14:33:46 +0000 (17:33 +0300)]
apparmor: Fix error cod in __aa_fs_profile_mkdir()
We can either return PTR_ERR(NULL) or a PTR_ERR(a valid pointer) here.
Returning NULL is probably not good, but since this happens at boot
then we are probably already toasted if we were to hit this bug in real
life. In other words, it seems like a very low severity bug to me.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Markus Elfring [Sun, 7 May 2017 11:50:28 +0000 (13:50 +0200)]
apparmorfs: Use seq_putc() in two functions
Two single characters (line breaks) should be put into a sequence.
Thus use the corresponding function "seq_putc".
This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Markus Elfring [Sun, 7 May 2017 11:43:50 +0000 (13:43 +0200)]
apparmorfs: Combine two function calls into one in aa_fs_seq_raw_abi_show()
A bit of data was put into a sequence by two separate function calls.
Print the same data by a single function call instead.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: John Johansen <john.johansen@canonical.com>
James Morris [Mon, 22 May 2017 06:32:40 +0000 (16:32 +1000)]
Sync to mainline for security submaintainers to work against
Linus Torvalds [Mon, 22 May 2017 02:30:23 +0000 (19:30 -0700)]
Linux 4.12-rc2
Linus Torvalds [Mon, 22 May 2017 01:26:54 +0000 (18:26 -0700)]
x86: fix 32-bit case of __get_user_asm_u64()
The code to fetch a 64-bit value from user space was entirely buggered,
and has been since the code was merged in early 2016 in commit
b2f680380ddf ("x86/mm/32: Add support for 64-bit __get_user() on 32-bit
kernels").
Happily the buggered routine is almost certainly entirely unused, since
the normal way to access user space memory is just with the non-inlined
"get_user()", and the inlined version didn't even historically exist.
The normal "get_user()" case is handled by external hand-written asm in
arch/x86/lib/getuser.S that doesn't have either of these issues.
There were two independent bugs in __get_user_asm_u64():
- it still did the STAC/CLAC user space access marking, even though
that is now done by the wrapper macros, see commit
11f1a4b9755f
("x86: reorganize SMAP handling in user space accesses").
This didn't result in a semantic error, it just means that the
inlined optimized version was hugely less efficient than the
allegedly slower standard version, since the CLAC/STAC overhead is
quite high on modern Intel CPU's.
- the double register %eax/%edx was marked as an output, but the %eax
part of it was touched early in the asm, and could thus clobber other
inputs to the asm that gcc didn't expect it to touch.
In particular, that meant that the generated code could look like
this:
mov (%eax),%eax
mov 0x4(%eax),%edx
where the load of %edx obviously was _supposed_ to be from the 32-bit
word that followed the source of %eax, but because %eax was
overwritten by the first instruction, the source of %edx was
basically random garbage.
The fixes are trivial: remove the extraneous STAC/CLAC entries, and mark
the 64-bit output as early-clobber to let gcc know that no inputs should
alias with the output register.
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Benjamin LaHaise <bcrl@kvack.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: stable@kernel.org # v4.8+
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sun, 21 May 2017 22:25:46 +0000 (15:25 -0700)]
Clean up x86 unsafe_get/put_user() type handling
Al noticed that unsafe_put_user() had type problems, and fixed them in
commit
a7cc722fff0b ("fix unsafe_put_user()"), which made me look more
at those functions.
It turns out that unsafe_get_user() had a type issue too: it limited the
largest size of the type it could handle to "unsigned long". Which is
fine with the current users, but doesn't match our existing normal
get_user() semantics, which can also handle "u64" even when that does
not fit in a long.
While at it, also clean up the type cast in unsafe_put_user(). We
actually want to just make it an assignment to the expected type of the
pointer, because we actually do want warnings from types that don't
convert silently. And it makes the code more readable by not having
that one very long and complex line.
[ This patch might become stable material if we ever end up back-porting
any new users of the unsafe uaccess code, but as things stand now this
doesn't matter for any current existing uses. ]
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Sun, 21 May 2017 19:06:44 +0000 (12:06 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/viro/vfs
Pull misc uaccess fixes from Al Viro:
"Fix for unsafe_put_user() (no callers currently in mainline, but
anyone starting to use it will step into that) + alpha osf_wait4()
infoleak fix"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
osf_wait4(): fix infoleak
fix unsafe_put_user()
Linus Torvalds [Sun, 21 May 2017 18:52:00 +0000 (11:52 -0700)]
Merge branch 'sched-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull scheduler fix from Thomas Gleixner:
"A single scheduler fix:
Prevent idle task from ever being preempted. That makes sure that
synchronize_rcu_tasks() which is ignoring idle task does not pretend
that no task is stuck in preempted state. If that happens and idle was
preempted on a ftrace trampoline the machine crashes due to
inconsistent state"
* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched/core: Call __schedule() from do_idle() without enabling preemption
Linus Torvalds [Sun, 21 May 2017 18:45:26 +0000 (11:45 -0700)]
Merge branch 'irq-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull irq fixes from Thomas Gleixner:
"A set of small fixes for the irq subsystem:
- Cure a data ordering problem with chained interrupts
- Three small fixlets for the mbigen irq chip"
* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
genirq: Fix chained interrupt data ordering
irqchip/mbigen: Fix the clear register offset calculation
irqchip/mbigen: Fix potential NULL dereferencing
irqchip/mbigen: Fix memory mapping code
Al Viro [Mon, 15 May 2017 01:47:25 +0000 (21:47 -0400)]
osf_wait4(): fix infoleak
failing sys_wait4() won't fill struct rusage...
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro [Sun, 21 May 2017 17:08:42 +0000 (13:08 -0400)]
fix unsafe_put_user()
__put_user_size() relies upon its first argument having the same type as what
the second one points to; the only other user makes sure of that and
unsafe_put_user() should do the same.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Linus Torvalds [Sun, 21 May 2017 06:39:03 +0000 (23:39 -0700)]
Merge tag 'trace-v4.12-rc1' of git://git./linux/kernel/git/rostedt/linux-trace
Pull tracing fixes from Steven Rostedt:
- Fix a bug caused by not cleaning up the new instance unique triggers
when deleting an instance. It also creates a selftest that triggers
that bug.
- Fix the delayed optimization happening after kprobes boot up self
tests being removed by freeing of init memory.
- Comment kprobes on why the delay optimization is not a problem for
removal of modules, to keep other developers from searching that
riddle.
- Fix another case of rcu not watching in stack trace tracing.
* tag 'trace-v4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing: Make sure RCU is watching before calling a stack trace
kprobes: Document how optimized kprobes are removed from module unload
selftests/ftrace: Add test to remove instance with active event triggers
selftests/ftrace: Fix bashisms
ftrace: Remove #ifdef from code and add clear_ftrace_function_probes() stub
ftrace/instances: Clear function triggers when removing instances
ftrace: Simplify glob handling in unregister_ftrace_function_probe_func()
tracing/kprobes: Enforce kprobes teardown after testing
tracing: Move postpone selftests to core from early_initcall
Linus Torvalds [Sat, 20 May 2017 23:12:30 +0000 (16:12 -0700)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-block
Pull block fixes from Jens Axboe:
"A small collection of fixes that should go into this cycle.
- a pull request from Christoph for NVMe, which ended up being
manually applied to avoid pulling in newer bits in master. Mostly
fibre channel fixes from James, but also a few fixes from Jon and
Vijay
- a pull request from Konrad, with just a single fix for xen-blkback
from Gustavo.
- a fuseblk bdi fix from Jan, fixing a regression in this series with
the dynamic backing devices.
- a blktrace fix from Shaohua, replacing sscanf() with kstrtoull().
- a request leak fix for drbd from Lars, fixing a regression in the
last series with the kref changes. This will go to stable as well"
* 'for-linus' of git://git.kernel.dk/linux-block:
nvmet: release the sq ref on rdma read errors
nvmet-fc: remove target cpu scheduling flag
nvme-fc: stop queues on error detection
nvme-fc: require target or discovery role for fc-nvme targets
nvme-fc: correct port role bits
nvme: unmap CMB and remove sysfs file in reset path
blktrace: fix integer parse
fuseblk: Fix warning in super_setup_bdi_name()
block: xen-blkback: add null check to avoid null pointer dereference
drbd: fix request leak introduced by locking/atomic, kref: Kill kref_sub()
Vijay Immanuel [Mon, 8 May 2017 23:38:35 +0000 (16:38 -0700)]
nvmet: release the sq ref on rdma read errors
On rdma read errors, release the sq ref that was taken
when the req was initialized. This avoids a hang in
nvmet_sq_destroy() when the queue is being freed.
Signed-off-by: Vijay Immanuel <vijayi@attalasystems.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
James Smart [Tue, 25 Apr 2017 23:23:09 +0000 (16:23 -0700)]
nvmet-fc: remove target cpu scheduling flag
Remove NVMET_FCTGTFEAT_NEEDS_CMD_CPUSCHED. It's unnecessary.
Signed-off-by: James Smart <james.smart@broadcom.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
James Smart [Tue, 25 Apr 2017 22:32:01 +0000 (15:32 -0700)]
nvme-fc: stop queues on error detection
Per the recommendation by Sagi on:
http://lists.infradead.org/pipermail/linux-nvme/2017-April/009261.html
Rather than waiting for reset work thread to stop queues and abort the ios,
immediately stop the queues on error detection. Reset thread will restop
the queues (as it's called on other paths), but it does not appear to have
a side effect.
Signed-off-by: James Smart <james.smart@broadcom.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
James Smart [Fri, 5 May 2017 23:13:15 +0000 (16:13 -0700)]
nvme-fc: require target or discovery role for fc-nvme targets
In order to create an association, the remoteport must be
serving either a target role or a discovery role.
Signed-off-by: James Smart <james.smart@broadcom.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
James Smart [Fri, 5 May 2017 23:13:02 +0000 (16:13 -0700)]
nvme-fc: correct port role bits
FC Port roles is a bit mask, not individual values.
Correct nvme definitions to unique bits.
Signed-off-by: James Smart <james.smart@broadcom.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
Jon Derrick [Fri, 5 May 2017 20:52:06 +0000 (14:52 -0600)]
nvme: unmap CMB and remove sysfs file in reset path
CMB doesn't get unmapped until removal while getting remapped on every
reset. Add the unmapping and sysfs file removal to the reset path in
nvme_pci_disable to match the mapping path in nvme_pci_enable.
Fixes:
202021c1a ("nvme : Add sysfs entry for NVMe CMBs when appropriate")
Signed-off-by: Jon Derrick <jonathan.derrick@intel.com>
Acked-by: Keith Busch <keith.busch@intel.com>
Reviewed-By: Stephen Bates <sbates@raithlin.com>
Cc: <stable@vger.kernel.org> # 4.9+
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
Linus Torvalds [Sat, 20 May 2017 16:02:27 +0000 (09:02 -0700)]
Merge tag 'staging-4.12-rc2' of git://git./linux/kernel/git/gregkh/staging
Pull staging driver fixes from Greg KH:
"Here are a number of staging driver fixes for 4.12-rc2
Most of them are typec driver fixes found by reviewers and users of
the code. There are also some removals of files no longer needed in
the tree due to the ion driver rewrite in 4.12-rc1, as well as some
wifi driver fixes. And to round it out, a MAINTAINERS file update.
All have been in linux-next with no reported issues"
* tag 'staging-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (22 commits)
MAINTAINERS: greybus-dev list is members-only
staging: fsl-dpaa2/eth: add ETHERNET dependency
staging: typec: fusb302: refactor resume retry mechanism
staging: typec: fusb302: reset i2c_busy state in error
staging: rtl8723bs: remove re-positioned call to kfree in os_dep/ioctl_cfg80211.c
staging: rtl8192e: GetTs Fix invalid TID 7 warning.
staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of EPROM_CMD.
staging: rtl8192e: fix 2 byte alignment of register BSSIDR.
staging: rtl8192e: rtl92e_fill_tx_desc fix write to mapped out memory.
staging: vc04_services: Fix bulk cache maintenance
staging: ccree: remove extraneous spin_unlock_bh() in error handler
staging: typec: Fix sparse warnings about incorrect types
staging: typec: fusb302: do not free gpio from managed resource
staging: typec: tcpm: Fix Port Power Role field in PS_RDY messages
staging: typec: tcpm: Respond to Discover Identity commands
staging: typec: tcpm: Set correct flags in PD request messages
staging: typec: tcpm: Drop duplicate PD messages
staging: typec: fusb302: Fix chip->vbus_present init value
staging: typec: fusb302: Fix module autoload
staging: typec: tcpci: declare private structure as static
...
Linus Torvalds [Sat, 20 May 2017 15:52:34 +0000 (08:52 -0700)]
Merge tag 'usb-4.12-rc2' of git://git./linux/kernel/git/gregkh/usb
Pull USB fixes from Greg KH:
"Here are a number of small USB fixes for 4.12-rc2
Most of them come from Johan, in his valiant quest to fix up all
drivers that could be affected by "malicious" USB devices. There's
also some fixes for more "obscure" drivers to handle some of the
vmalloc stack fallout (which for USB drivers, was always the case, but
very few people actually ran those systems...)
Other than that, the normal set of xhci and gadget and musb driver
fixes as well.
All have been in linux-next with no reported issues"
* tag 'usb-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (42 commits)
usb: musb: tusb6010_omap: Do not reset the other direction's packet size
usb: musb: Fix trying to suspend while active for OTG configurations
usb: host: xhci-plat: propagate return value of platform_get_irq()
xhci: Fix command ring stop regression in 4.11
xhci: remove GFP_DMA flag from allocation
USB: xhci: fix lock-inversion problem
usb: host: xhci-ring: don't need to clear interrupt pending for MSI enabled hcd
usb: host: xhci-mem: allocate zeroed Scratchpad Buffer
xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton
usb: xhci: trace URB before giving it back instead of after
USB: serial: qcserial: add more Lenovo EM74xx device IDs
USB: host: xhci: use max-port define
USB: hub: fix SS max number of ports
USB: hub: fix non-SS hub-descriptor handling
USB: hub: fix SS hub-descriptor handling
USB: usbip: fix nonconforming hub descriptor
USB: gadget: dummy_hcd: fix hub-descriptor removable fields
doc-rst: fixed kernel-doc directives in usb/typec.rst
USB: core: of: document reference taken by companion helper
USB: ehci-platform: fix companion-device leak
...
Linus Torvalds [Sat, 20 May 2017 15:44:22 +0000 (08:44 -0700)]
Merge tag 'char-misc-4.12-rc2' of git://git./linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg KH:
"Here are five small bugfixes for reported issues with 4.12-rc1 and
earlier kernels. Nothing huge here, just a lp, mem, vpd, and uio
driver fix, along with a Kconfig fixup for one of the misc drivers.
All of these have been in linux-next with no reported issues"
* tag 'char-misc-4.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
firmware: Google VPD: Fix memory allocation error handling
drivers: char: mem: Check for address space wraparound with mmap()
uio: fix incorrect memory leak cleanup
misc: pci_endpoint_test: select CRC32
char: lp: fix possible integer overflow in lp_setup()
Linus Torvalds [Sat, 20 May 2017 15:35:27 +0000 (08:35 -0700)]
Merge git://www.linux-watchdog.org/linux-watchdog
Pull watchdog fixes from Wim Van Sebroeck:
- orion_wdt compile-test dependencies
- sama5d4_wdt: WDDIS handling and a race confition
- pcwd_usb: fix NULL-deref at probe
- cadence_wdt: fix timeout setting
- wdt_pci: fix build error if SOFTWARE_REBOOT is defined
- iTCO_wdt: all versions count down twice
- zx2967: remove redundant dev_err call in zx2967_wdt_probe()
- bcm281xx: Fix use of uninitialized spinlock
* git://www.linux-watchdog.org/linux-watchdog:
watchdog: bcm281xx: Fix use of uninitialized spinlock.
watchdog: zx2967: remove redundant dev_err call in zx2967_wdt_probe()
iTCO_wdt: all versions count down twice
watchdog: wdt_pci: fix build error if define SOFTWARE_REBOOT
watchdog: cadence_wdt: fix timeout setting
watchdog: pcwd_usb: fix NULL-deref at probe
watchdog: sama5d4: fix race condition
watchdog: sama5d4: fix WDDIS handling
watchdog: orion: fix compile-test dependencies
Linus Torvalds [Sat, 20 May 2017 15:29:30 +0000 (08:29 -0700)]
Merge tag 'drm-fixes-for-v4.12-rc2' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"Mostly nouveau and i915, fairly quiet as usual for rc2"
* tag 'drm-fixes-for-v4.12-rc2' of git://people.freedesktop.org/~airlied/linux:
drm/atmel-hlcdc: Fix output initialization
gpu: host1x: select IOMMU_IOVA
drm/nouveau/fifo/gk104-: Silence a locking warning
drm/nouveau/secboot: plug memory leak in ls_ucode_img_load_gr() error path
drm/nouveau: Fix drm poll_helper handling
drm/i915: don't do allocate_va_range again on PIN_UPDATE
drm/i915: Fix rawclk readout for g4x
drm/i915: Fix runtime PM for LPE audio
drm/i915/glk: Fix DSI "*ERROR* ULPS is still active" messages
drm/i915/gvt: avoid unnecessary vgpu switch
drm/i915/gvt: not to restore in-context mmio
drm/etnaviv: don't put fence in case of submit failure
drm/i915/gvt: fix typo: "supporte" -> "support"
drm: hdlcd: Fix the calculation of the scanout start address
Linus Torvalds [Sat, 20 May 2017 00:46:51 +0000 (17:46 -0700)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"This is the first sweep of mostly minor fixes. There's one security
one: the read past the end of a buffer in qedf, and a panic fix for
lpfc SLI-3 adapters, but the rest are a set of include and build
dependency tidy ups and assorted other small fixes and updates"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: pmcraid: remove redundant check to see if request_size is less than zero
scsi: lpfc: ensure els_wq is being checked before destroying it
scsi: cxlflash: Select IRQ_POLL
scsi: qedf: Avoid reading past end of buffer
scsi: qedf: Cleanup the type of io_log->op
scsi: lpfc: double lock typo in lpfc_ns_rsp()
scsi: qedf: properly update arguments position in function call
scsi: scsi_lib: Add #include <scsi/scsi_transport.h>
scsi: MAINTAINERS: update OSD entries
scsi: Skip deleted devices in __scsi_device_lookup
scsi: lpfc: Fix panic on BFS configuration
scsi: libfc: do not flood console with messages 'libfc: queue full ...'
Linus Torvalds [Sat, 20 May 2017 00:35:34 +0000 (17:35 -0700)]
Merge branch 'libnvdimm-for-next' of git://git./linux/kernel/git/nvdimm/nvdimm
Pull libnvdimm fixes from Dan Williams:
"A couple of compile fixes.
With the removal of the ->direct_access() method from
block_device_operations in favor of a new dax_device + dax_operations
we broke two configurations.
The CONFIG_BLOCK=n case is fixed by compiling out the block+dax
helpers in the dax core. Configurations with FS_DAX=n EXT4=y / XFS=y
and DAX=m fail due to the helpers the builtin filesystem needs being
in a module, so we stub out the helpers in the FS_DAX=n case."
* 'libnvdimm-for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
dax, xfs, ext4: compile out iomap-dax paths in the FS_DAX=n case
dax: fix false CONFIG_BLOCK dependency
Linus Torvalds [Sat, 20 May 2017 00:33:08 +0000 (17:33 -0700)]
Merge branch 'i2c/for-current' of git://git./linux/kernel/git/wsa/linux
Pull i2c fix from Wolfram Sang:
"A regression fix for I2C that would be great to have in rc2"
* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: designware: don't infer timings described by ACPI from clock rate
Linus Torvalds [Sat, 20 May 2017 00:27:28 +0000 (17:27 -0700)]
Merge tag 'iommu-fixes-v4.12-rc1' of git://git./linux/kernel/git/joro/iommu
Pull IOMMU fixes from Joerg Roedel:
- another compile-fix as a fallout of the recent header-file cleanup
- add a missing IO/TLB flush to the Intel VT-d kdump code path
- a fix for ARM64 dma code to only access initialized iova_domain
members
* tag 'iommu-fixes-v4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/mediatek: Include linux/dma-mapping.h
iommu/vt-d: Flush the IOTLB to get rid of the initial kdump mappings
iommu/dma: Don't touch invalid iova_domain members
Linus Torvalds [Fri, 19 May 2017 22:13:13 +0000 (15:13 -0700)]
Merge tag 'for-linus' of git://git./virt/kvm/kvm
Pull KVM fixes from Radim Krčmář:
"ARM:
- a fix for a build failure introduced in -rc1 when tracepoints are
enabled on 32-bit ARM.
- disable use of stack pointer protection in the hyp code which can
cause panics.
- a handful of VGIC fixes.
- a fix to the init of the redistributors on GICv3 systems that
prevented boot with kvmtool on GICv3 systems introduced in -rc1.
- a number of race conditions fixed in our MMU handling code.
- a fix for the guest being able to program the debug extensions for
the host on the 32-bit side.
PPC:
- fixes for build failures with PR KVM configurations.
- a fix for a host crash that can occur on POWER9 with radix guests.
x86:
- fixes for nested PML and nested EPT.
- a fix for crashes caused by reserved bits in SSE MXCSR that could
have been set by userspace.
- an optimization of halt polling that fixes high CPU overhead.
- fixes for four reports from Dan Carpenter's static checker.
- a protection around code that shouldn't have been preemptible.
- a fix for port IO emulation"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (27 commits)
KVM: x86: prevent uninitialized variable warning in check_svme()
KVM: x86/vPMU: fix undefined shift in intel_pmu_refresh()
KVM: x86: zero base3 of unusable segments
KVM: X86: Fix read out-of-bounds vulnerability in kvm pio emulation
KVM: x86: Fix potential preemption when get the current kvmclock timestamp
KVM: Silence underflow warning in avic_get_physical_id_entry()
KVM: arm/arm64: Hold slots_lock when unregistering kvm io bus devices
KVM: arm/arm64: Fix bug when registering redist iodevs
KVM: x86: lower default for halt_poll_ns
kvm: arm/arm64: Fix use after free of stage2 page table
kvm: arm/arm64: Force reading uncached stage2 PGD
KVM: nVMX: fix EPT permissions as reported in exit qualification
KVM: VMX: Don't enable EPT A/D feature if EPT feature is disabled
KVM: x86: Fix load damaged SSEx MXCSR register
kvm: nVMX: off by one in vmx_write_pml_buffer()
KVM: arm: rename pm_fake handler to trap_raz_wi
KVM: arm: plug potential guest hardware debug leakage
kvm: arm/arm64: Fix race in resetting stage2 PGD
KVM: arm/arm64: vgic-v3: Use PREbits to infer the number of ICH_APxRn_EL2 registers
KVM: arm/arm64: vgic-v3: Do not use Active+Pending state for a HW interrupt
...
Linus Torvalds [Fri, 19 May 2017 22:06:48 +0000 (15:06 -0700)]
Merge tag 'for-linus-4.12b-rc2-tag' of git://git./linux/kernel/git/xen/tip
Pull xen fixes from Juergen Gross:
"Some fixes for the new Xen 9pfs frontend and some minor cleanups"
* tag 'for-linus-4.12b-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
xen: make xen_flush_tlb_all() static
xen: cleanup pvh leftovers from pv-only sources
xen/9pfs: p9_trans_xen_init and p9_trans_xen_exit can be static
xen/9pfs: fix return value check in xen_9pfs_front_probe()
Linus Torvalds [Fri, 19 May 2017 22:03:24 +0000 (15:03 -0700)]
Merge tag 'devicetree-fixes-for-4.12' of git://git./linux/kernel/git/robh/linux
Pull DeviceTree fixes from Rob Herring:
- fix missing allocation failure handling in fdt code
- fix dtc compile error on 32-bit hosts
- revert bad sparse changes causing GCC7 warnings
* tag 'devicetree-fixes-for-4.12' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
of: fdt: add missing allocation-failure check
dtc: check.c fix compile error
Partially Revert "of: fix sparse warnings in fdt, irq, reserved mem, and resolver code"
Linus Torvalds [Fri, 19 May 2017 20:36:56 +0000 (13:36 -0700)]
Merge tag 'armsoc-fixes' of git://git./linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Olof Johansson:
"We had a small batch of fixes before -rc1, but here is a larger one.
It contains a backmerge of 4.12-rc1 since some of the downstream
branches we merge had that as base; at the same time we already had
merged contents before -rc1 and rebase wasn't the right solution.
A mix of random smaller fixes and a few things worth pointing out:
- We've started telling people to avoid cross-tree shared branches if
all they're doing is picking up one or two DT-used constants from a
shared include file, and instead to use the numeric values on first
submission. Follow-up moving over to symbolic names are sent in
right after -rc1, i.e. here. It's only a few minor patches of this
type.
- Linus Walleij and others are resurrecting the 'Gemini' platform,
and wanted a cut-down platform-specific defconfig for it. So I
picked that up for them.
- Rob Herring ran 'savedefconfig' on arm64, it's a bit churny but it
helps people to prepare patches since it's a pain when defconfig
and current savedefconfig contents differs too much.
- Devicetree additions for some pinctrl drivers for Armada that were
merged this window. I'd have preferred to see those earlier but
it's not a huge deail.
The biggest change worth pointing out though since it's touching other
parts of the tree: We added prefixes to be used when cross-including
DT contents between arm64 and arm, allowing someone to #include
<arm/foo.dtsi> from arm64, and likewise. As part of that, we needed
arm/foo.dtsi to work on arm as well. The way I suggested this to Heiko
resulted in a recursive symlink.
Instead, I've now moved it out of arch/*/boot/dts/include, into a
shared location under scripts/dtc. While I was at it, I consolidated
so all architectures now behave the same way in this manner.
Rob Herring (DT maintainer) has acked it. I cc:d most other arch
maintainers but nobody seems to care much; it doesn't really affect
them since functionality is unchanged for them by default"
* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (29 commits)
arm64: dts: rockchip: fix include reference
firmware: ti_sci: fix strncat length check
ARM: remove duplicate 'const' annotations'
arm64: defconfig: enable options needed for QCom DB410c board
arm64: defconfig: sync with savedefconfig
ARM: configs: add a gemini defconfig
devicetree: Move include prefixes from arch to separate directory
ARM: dts: dra7: Reduce cpu thermal shutdown temperature
memory: omap-gpmc: Fix debug output for access width
ARM: dts: LogicPD Torpedo: Fix camera pin mux
ARM: dts: omap4: enable CEC pin for Pandaboard A4 and ES
ARM: dts: gta04: fix polarity of clocks for mcbsp4
ARM: dts: dra7: Add power hold and power controller properties to palmas
soc: imx: add PM dependency for IMX7_PM_DOMAINS
ARM: dts: imx6sx-sdb: Remove OPP override
ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin
soc: bcm: brcmstb: Correctly match 7435 SoC
tee: add ARM_SMCCC dependency
ARM: omap2+: make omap4_get_cpu1_ns_pa_addr declaration usable
ARM64: dts: mediatek: configure some fixed mmc parameters
...