* [PATCH 4.9 00/21] 4.9.76-stable review
@ 2018-01-08 12:59 Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 01/21] kernel/acct.c: fix the acct->needcheck check in check_free_space() Greg Kroah-Hartman
` (24 more replies)
0 siblings, 25 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuahkh, patches,
ben.hutchings, lkft-triage, stable
This is the start of the stable review cycle for the 4.9.76 release.
There are 21 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed Jan 10 12:59:08 UTC 2018.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.76-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 4.9.76-rc1
Borislav Petkov <bp@suse.de>
Map the vsyscall page with _PAGE_USER
Thomas Gleixner <tglx@linutronix.de>
x86/tlb: Drop the _GPL from the cpu_tlbstate export
Boris Brezillon <boris.brezillon@free-electrons.com>
mtd: nand: pxa3xx: Fix READOOB implementation
Helge Deller <deller@gmx.de>
parisc: qemu idle sleep support
Helge Deller <deller@gmx.de>
parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel
Tom Lendacky <thomas.lendacky@amd.com>
x86/microcode/AMD: Add support for fam17h microcode loading
Aaron Ma <aaron.ma@canonical.com>
Input: elantech - add new icbody type 15
Vineet Gupta <vgupta@synopsys.com>
ARC: uaccess: dont use "l" gcc inline asm constraint modifier
Robin Murphy <robin.murphy@arm.com>
iommu/arm-smmu-v3: Cope with duplicated Stream IDs
Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
iommu/arm-smmu-v3: Don't free page table ops twice
Oleg Nesterov <oleg@redhat.com>
kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal()
Oleg Nesterov <oleg@redhat.com>
kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals
Oleg Nesterov <oleg@redhat.com>
kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL
Thiago Rafael Becker <thiago.becker@gmail.com>
kernel: make groups_sort calling a responsibility group_info allocators
Jens Axboe <axboe@fb.com>
nbd: fix use-after-free of rq/bio in the xmit path
David Howells <dhowells@redhat.com>
fscache: Fix the default for fscache_maybe_release_page()
Stefan Brüns <stefan.bruens@rwth-aachen.de>
sunxi-rsb: Include OF based modalias in device uevent
Eric Biggers <ebiggers@google.com>
crypto: pcrypt - fix freeing pcrypt instances
Eric Biggers <ebiggers@google.com>
crypto: chacha20poly1305 - validate the digest size
Jan Engelhardt <jengelh@inai.de>
crypto: n2 - cure use after free
Oleg Nesterov <oleg@redhat.com>
kernel/acct.c: fix the acct->needcheck check in check_free_space()
-------------
Diffstat:
Makefile | 4 ++--
arch/arc/include/asm/uaccess.h | 5 +++--
arch/parisc/include/asm/ldcw.h | 2 ++
arch/parisc/kernel/entry.S | 13 ++++++++++--
arch/parisc/kernel/pacache.S | 9 ++++++--
arch/parisc/kernel/process.c | 39 +++++++++++++++++++++++++++++++++++
arch/s390/kernel/compat_linux.c | 1 +
arch/x86/entry/vsyscall/vsyscall_64.c | 5 +++++
arch/x86/include/asm/vsyscall.h | 2 ++
arch/x86/kernel/cpu/microcode/amd.c | 4 ++++
arch/x86/mm/init.c | 2 +-
arch/x86/mm/kaiser.c | 34 ++++++++++++++++++++++++++----
crypto/chacha20poly1305.c | 6 +++++-
crypto/pcrypt.c | 19 +++++++++--------
drivers/block/nbd.c | 32 ++++++++++++++++++++--------
drivers/bus/sunxi-rsb.c | 1 +
drivers/crypto/n2_core.c | 3 +++
drivers/input/mouse/elantech.c | 2 +-
drivers/iommu/arm-smmu-v3.c | 17 +++++++++++----
drivers/mtd/nand/pxa3xx_nand.c | 1 +
fs/nfsd/auth.c | 3 +++
include/linux/cred.h | 1 +
include/linux/fscache.h | 2 +-
kernel/acct.c | 2 +-
kernel/groups.c | 5 +++--
kernel/signal.c | 18 +++++++++-------
kernel/uid16.c | 1 +
net/sunrpc/auth_gss/gss_rpc_xdr.c | 1 +
net/sunrpc/auth_gss/svcauth_gss.c | 1 +
net/sunrpc/svcauth_unix.c | 2 ++
30 files changed, 188 insertions(+), 49 deletions(-)
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 01/21] kernel/acct.c: fix the acct->needcheck check in check_free_space()
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 02/21] crypto: n2 - cure use after free Greg Kroah-Hartman
` (23 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, TSUKADA Koutaro, Oleg Nesterov,
Al Viro, Andrew Morton, Linus Torvalds
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleg Nesterov <oleg@redhat.com>
commit 4d9570158b6260f449e317a5f9ed030c2504a615 upstream.
As Tsukada explains, the time_is_before_jiffies(acct->needcheck) check
is very wrong, we need time_is_after_jiffies() to make sys_acct() work.
Ignoring the overflows, the code should "goto out" if needcheck >
jiffies, while currently it checks "needcheck < jiffies" and thus in the
likely case check_free_space() does nothing until jiffies overflow.
In particular this means that sys_acct() is simply broken, acct_on()
sets acct->needcheck = jiffies and expects that check_free_space()
should set acct->active = 1 after the free-space check, but this won't
happen if jiffies increments in between.
This was broken by commit 32dc73086015 ("get rid of timer in
kern/acct.c") in 2011, then another (correct) commit 795a2f22a8ea
("acct() should honour the limits from the very beginning") made the
problem more visible.
Link: http://lkml.kernel.org/r/20171213133940.GA6554@redhat.com
Fixes: 32dc73086015 ("get rid of timer in kern/acct.c")
Reported-by: TSUKADA Koutaro <tsukada@ascade.co.jp>
Suggested-by: TSUKADA Koutaro <tsukada@ascade.co.jp>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/acct.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -99,7 +99,7 @@ static int check_free_space(struct bsd_a
{
struct kstatfs sbuf;
- if (time_is_before_jiffies(acct->needcheck))
+ if (time_is_after_jiffies(acct->needcheck))
goto out;
/* May block */
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 02/21] crypto: n2 - cure use after free
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 01/21] kernel/acct.c: fix the acct->needcheck check in check_free_space() Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 03/21] crypto: chacha20poly1305 - validate the digest size Greg Kroah-Hartman
` (22 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Jan Engelhardt, David S. Miller,
Herbert Xu
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Engelhardt <jengelh@inai.de>
commit 203f45003a3d03eea8fa28d74cfc74c354416fdb upstream.
queue_cache_init is first called for the Control Word Queue
(n2_crypto_probe). At that time, queue_cache[0] is NULL and a new
kmem_cache will be allocated. If the subsequent n2_register_algs call
fails, the kmem_cache will be released in queue_cache_destroy, but
queue_cache_init[0] is not set back to NULL.
So when the Module Arithmetic Unit gets probed next (n2_mau_probe),
queue_cache_init will not allocate a kmem_cache again, but leave it
as its bogus value, causing a BUG() to trigger when queue_cache[0] is
eventually passed to kmem_cache_zalloc:
n2_crypto: Found N2CP at /virtual-devices@100/n2cp@7
n2_crypto: Registered NCS HVAPI version 2.0
called queue_cache_init
n2_crypto: md5 alg registration failed
n2cp f028687c: /virtual-devices@100/n2cp@7: Unable to register algorithms.
called queue_cache_destroy
n2cp: probe of f028687c failed with error -22
n2_crypto: Found NCP at /virtual-devices@100/ncp@6
n2_crypto: Registered NCS HVAPI version 2.0
called queue_cache_init
kernel BUG at mm/slab.c:2993!
Call Trace:
[0000000000604488] kmem_cache_alloc+0x1a8/0x1e0
(inlined) kmem_cache_zalloc
(inlined) new_queue
(inlined) spu_queue_setup
(inlined) handle_exec_unit
[0000000010c61eb4] spu_mdesc_scan+0x1f4/0x460 [n2_crypto]
[0000000010c62b80] n2_mau_probe+0x100/0x220 [n2_crypto]
[000000000084b174] platform_drv_probe+0x34/0xc0
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/n2_core.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/crypto/n2_core.c
+++ b/drivers/crypto/n2_core.c
@@ -1620,6 +1620,7 @@ static int queue_cache_init(void)
CWQ_ENTRY_SIZE, 0, NULL);
if (!queue_cache[HV_NCS_QTYPE_CWQ - 1]) {
kmem_cache_destroy(queue_cache[HV_NCS_QTYPE_MAU - 1]);
+ queue_cache[HV_NCS_QTYPE_MAU - 1] = NULL;
return -ENOMEM;
}
return 0;
@@ -1629,6 +1630,8 @@ static void queue_cache_destroy(void)
{
kmem_cache_destroy(queue_cache[HV_NCS_QTYPE_MAU - 1]);
kmem_cache_destroy(queue_cache[HV_NCS_QTYPE_CWQ - 1]);
+ queue_cache[HV_NCS_QTYPE_MAU - 1] = NULL;
+ queue_cache[HV_NCS_QTYPE_CWQ - 1] = NULL;
}
static int spu_queue_register(struct spu_queue *p, unsigned long q_type)
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 03/21] crypto: chacha20poly1305 - validate the digest size
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 01/21] kernel/acct.c: fix the acct->needcheck check in check_free_space() Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 02/21] crypto: n2 - cure use after free Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 04/21] crypto: pcrypt - fix freeing pcrypt instances Greg Kroah-Hartman
` (21 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, syzbot, Eric Biggers, Herbert Xu
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Biggers <ebiggers@google.com>
commit e57121d08c38dabec15cf3e1e2ad46721af30cae upstream.
If the rfc7539 template was instantiated with a hash algorithm with
digest size larger than 16 bytes (POLY1305_DIGEST_SIZE), then the digest
overran the 'tag' buffer in 'struct chachapoly_req_ctx', corrupting the
subsequent memory, including 'cryptlen'. This caused a crash during
crypto_skcipher_decrypt().
Fix it by, when instantiating the template, requiring that the
underlying hash algorithm has the digest size expected for Poly1305.
Reproducer:
#include <linux/if_alg.h>
#include <sys/socket.h>
#include <unistd.h>
int main()
{
int algfd, reqfd;
struct sockaddr_alg addr = {
.salg_type = "aead",
.salg_name = "rfc7539(chacha20,sha256)",
};
unsigned char buf[32] = { 0 };
algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(algfd, (void *)&addr, sizeof(addr));
setsockopt(algfd, SOL_ALG, ALG_SET_KEY, buf, sizeof(buf));
reqfd = accept(algfd, 0, 0);
write(reqfd, buf, 16);
read(reqfd, buf, 16);
}
Reported-by: syzbot <syzkaller@googlegroups.com>
Fixes: 71ebc4d1b27d ("crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD construction, RFC7539")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/chacha20poly1305.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/crypto/chacha20poly1305.c
+++ b/crypto/chacha20poly1305.c
@@ -610,6 +610,11 @@ static int chachapoly_create(struct cryp
algt->mask));
if (IS_ERR(poly))
return PTR_ERR(poly);
+ poly_hash = __crypto_hash_alg_common(poly);
+
+ err = -EINVAL;
+ if (poly_hash->digestsize != POLY1305_DIGEST_SIZE)
+ goto out_put_poly;
err = -ENOMEM;
inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
@@ -618,7 +623,6 @@ static int chachapoly_create(struct cryp
ctx = aead_instance_ctx(inst);
ctx->saltlen = CHACHAPOLY_IV_SIZE - ivsize;
- poly_hash = __crypto_hash_alg_common(poly);
err = crypto_init_ahash_spawn(&ctx->poly, poly_hash,
aead_crypto_instance(inst));
if (err)
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 04/21] crypto: pcrypt - fix freeing pcrypt instances
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (2 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 03/21] crypto: chacha20poly1305 - validate the digest size Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 05/21] sunxi-rsb: Include OF based modalias in device uevent Greg Kroah-Hartman
` (20 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, syzbot, Eric Biggers, Herbert Xu
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Biggers <ebiggers@google.com>
commit d76c68109f37cb85b243a1cf0f40313afd2bae68 upstream.
pcrypt is using the old way of freeing instances, where the ->free()
method specified in the 'struct crypto_template' is passed a pointer to
the 'struct crypto_instance'. But the crypto_instance is being
kfree()'d directly, which is incorrect because the memory was actually
allocated as an aead_instance, which contains the crypto_instance at a
nonzero offset. Thus, the wrong pointer was being kfree()'d.
Fix it by switching to the new way to free aead_instance's where the
->free() method is specified in the aead_instance itself.
Reported-by: syzbot <syzkaller@googlegroups.com>
Fixes: 0496f56065e0 ("crypto: pcrypt - Add support for new AEAD interface")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/pcrypt.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
--- a/crypto/pcrypt.c
+++ b/crypto/pcrypt.c
@@ -254,6 +254,14 @@ static void pcrypt_aead_exit_tfm(struct
crypto_free_aead(ctx->child);
}
+static void pcrypt_free(struct aead_instance *inst)
+{
+ struct pcrypt_instance_ctx *ctx = aead_instance_ctx(inst);
+
+ crypto_drop_aead(&ctx->spawn);
+ kfree(inst);
+}
+
static int pcrypt_init_instance(struct crypto_instance *inst,
struct crypto_alg *alg)
{
@@ -319,6 +327,8 @@ static int pcrypt_create_aead(struct cry
inst->alg.encrypt = pcrypt_aead_encrypt;
inst->alg.decrypt = pcrypt_aead_decrypt;
+ inst->free = pcrypt_free;
+
err = aead_register_instance(tmpl, inst);
if (err)
goto out_drop_aead;
@@ -349,14 +359,6 @@ static int pcrypt_create(struct crypto_t
return -EINVAL;
}
-static void pcrypt_free(struct crypto_instance *inst)
-{
- struct pcrypt_instance_ctx *ctx = crypto_instance_ctx(inst);
-
- crypto_drop_aead(&ctx->spawn);
- kfree(inst);
-}
-
static int pcrypt_cpumask_change_notify(struct notifier_block *self,
unsigned long val, void *data)
{
@@ -469,7 +471,6 @@ static void pcrypt_fini_padata(struct pa
static struct crypto_template pcrypt_tmpl = {
.name = "pcrypt",
.create = pcrypt_create,
- .free = pcrypt_free,
.module = THIS_MODULE,
};
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 05/21] sunxi-rsb: Include OF based modalias in device uevent
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (3 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 04/21] crypto: pcrypt - fix freeing pcrypt instances Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 06/21] fscache: Fix the default for fscache_maybe_release_page() Greg Kroah-Hartman
` (19 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Chen-Yu Tsai, Stefan Brüns,
Maxime Ripard
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefan Brüns <stefan.bruens@rwth-aachen.de>
commit e2bf801ecd4e62222a46d1ba9e57e710171d29c1 upstream.
Include the OF-based modalias in the uevent sent when registering devices
on the sunxi RSB bus, so that user space has a chance to autoload the
kernel module for the device.
Fixes a regression caused by commit 3f241bfa60bd ("arm64: allwinner: a64:
pine64: Use dcdc1 regulator for mmc0"). When the axp20x-rsb module for
the AXP803 PMIC is built as a module, it is not loaded and the system
ends up with an disfunctional MMC controller.
Fixes: d787dcdb9c8f ("bus: sunxi-rsb: Add driver for Allwinner Reduced Serial Bus")
Acked-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/bus/sunxi-rsb.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/bus/sunxi-rsb.c
+++ b/drivers/bus/sunxi-rsb.c
@@ -178,6 +178,7 @@ static struct bus_type sunxi_rsb_bus = {
.match = sunxi_rsb_device_match,
.probe = sunxi_rsb_device_probe,
.remove = sunxi_rsb_device_remove,
+ .uevent = of_device_uevent_modalias,
};
static void sunxi_rsb_dev_release(struct device *dev)
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 06/21] fscache: Fix the default for fscache_maybe_release_page()
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (4 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 05/21] sunxi-rsb: Include OF based modalias in device uevent Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 07/21] nbd: fix use-after-free of rq/bio in the xmit path Greg Kroah-Hartman
` (18 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Marc Dionne, David Howells,
Jeff Layton, Al Viro
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
commit 98801506552593c9b8ac11021b0cdad12cab4f6b upstream.
Fix the default for fscache_maybe_release_page() for when the cookie isn't
valid or the page isn't cached. It mustn't return false as that indicates
the page cannot yet be freed.
The problem with the default is that if, say, there's no cache, but a
network filesystem's pages are using up almost all the available memory, a
system can OOM because the filesystem ->releasepage() op will not allow
them to be released as fscache_maybe_release_page() incorrectly prevents
it.
This can be tested by writing a sequence of 512MiB files to an AFS mount.
It does not affect NFS or CIFS because both of those wrap the call in a
check of PG_fscache and it shouldn't bother Ceph as that only has
PG_private set whilst writeback is in progress. This might be an issue for
9P, however.
Note that the pages aren't entirely stuck. Removing a file or unmounting
will clear things because that uses ->invalidatepage() instead.
Fixes: 201a15428bd5 ("FS-Cache: Handle pages pending storage that get evicted under OOM conditions")
Reported-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Tested-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/fscache.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/linux/fscache.h
+++ b/include/linux/fscache.h
@@ -764,7 +764,7 @@ bool fscache_maybe_release_page(struct f
{
if (fscache_cookie_valid(cookie) && PageFsCache(page))
return __fscache_maybe_release_page(cookie, page, gfp);
- return false;
+ return true;
}
/**
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 07/21] nbd: fix use-after-free of rq/bio in the xmit path
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (5 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 06/21] fscache: Fix the default for fscache_maybe_release_page() Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 08/21] kernel: make groups_sort calling a responsibility group_info allocators Greg Kroah-Hartman
` (17 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Josef Bacik, Jens Axboe
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jens Axboe <axboe@fb.com>
commit 429a787be6793554ee02aacc7e1f11ebcecc4453 upstream.
For writes, we can get a completion in while we're still iterating
the request and bio chain. If that happens, we're reading freed
memory and we can crash.
Break out after the last segment and avoid having the iterator
read freed memory.
Reviewed-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/block/nbd.c | 32 +++++++++++++++++++++++---------
1 file changed, 23 insertions(+), 9 deletions(-)
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -272,6 +272,7 @@ static int nbd_send_cmd(struct nbd_devic
int result, flags;
struct nbd_request request;
unsigned long size = blk_rq_bytes(req);
+ struct bio *bio;
u32 type;
if (req->cmd_type == REQ_TYPE_DRV_PRIV)
@@ -305,16 +306,20 @@ static int nbd_send_cmd(struct nbd_devic
return -EIO;
}
- if (type == NBD_CMD_WRITE) {
- struct req_iterator iter;
+ if (type != NBD_CMD_WRITE)
+ return 0;
+
+ flags = 0;
+ bio = req->bio;
+ while (bio) {
+ struct bio *next = bio->bi_next;
+ struct bvec_iter iter;
struct bio_vec bvec;
- /*
- * we are really probing at internals to determine
- * whether to set MSG_MORE or not...
- */
- rq_for_each_segment(bvec, req, iter) {
- flags = 0;
- if (!rq_iter_last(bvec, iter))
+
+ bio_for_each_segment(bvec, bio, iter) {
+ bool is_last = !next && bio_iter_last(bvec, iter);
+
+ if (is_last)
flags = MSG_MORE;
dev_dbg(nbd_to_dev(nbd), "request %p: sending %d bytes data\n",
cmd, bvec.bv_len);
@@ -325,7 +330,16 @@ static int nbd_send_cmd(struct nbd_devic
result);
return -EIO;
}
+ /*
+ * The completion might already have come in,
+ * so break for the last one instead of letting
+ * the iterator do it. This prevents use-after-free
+ * of the bio.
+ */
+ if (is_last)
+ break;
}
+ bio = next;
}
return 0;
}
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 08/21] kernel: make groups_sort calling a responsibility group_info allocators
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (6 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 07/21] nbd: fix use-after-free of rq/bio in the xmit path Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 09/21] kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL Greg Kroah-Hartman
` (16 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Thiago Rafael Becker, Matthew Wilcox,
NeilBrown, J. Bruce Fields, Al Viro, Martin Schwidefsky,
Andrew Morton, Linus Torvalds
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thiago Rafael Becker <thiago.becker@gmail.com>
commit bdcf0a423ea1c40bbb40e7ee483b50fc8aa3d758 upstream.
In testing, we found that nfsd threads may call set_groups in parallel
for the same entry cached in auth.unix.gid, racing in the call of
groups_sort, corrupting the groups for that entry and leading to
permission denials for the client.
This patch:
- Make groups_sort globally visible.
- Move the call to groups_sort to the modifiers of group_info
- Remove the call to groups_sort from set_groups
Link: http://lkml.kernel.org/r/20171211151420.18655-1-thiago.becker@gmail.com
Signed-off-by: Thiago Rafael Becker <thiago.becker@gmail.com>
Reviewed-by: Matthew Wilcox <mawilcox@microsoft.com>
Reviewed-by: NeilBrown <neilb@suse.com>
Acked-by: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/s390/kernel/compat_linux.c | 1 +
fs/nfsd/auth.c | 3 +++
include/linux/cred.h | 1 +
kernel/groups.c | 5 +++--
kernel/uid16.c | 1 +
net/sunrpc/auth_gss/gss_rpc_xdr.c | 1 +
net/sunrpc/auth_gss/svcauth_gss.c | 1 +
net/sunrpc/svcauth_unix.c | 2 ++
8 files changed, 13 insertions(+), 2 deletions(-)
--- a/arch/s390/kernel/compat_linux.c
+++ b/arch/s390/kernel/compat_linux.c
@@ -263,6 +263,7 @@ COMPAT_SYSCALL_DEFINE2(s390_setgroups16,
return retval;
}
+ groups_sort(group_info);
retval = set_current_groups(group_info);
put_group_info(group_info);
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -59,6 +59,9 @@ int nfsd_setuser(struct svc_rqst *rqstp,
gi->gid[i] = exp->ex_anon_gid;
else
gi->gid[i] = rqgi->gid[i];
+
+ /* Each thread allocates its own gi, no race */
+ groups_sort(gi);
}
} else {
gi = get_group_info(rqgi);
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -82,6 +82,7 @@ extern int set_current_groups(struct gro
extern void set_groups(struct cred *, struct group_info *);
extern int groups_search(const struct group_info *, kgid_t);
extern bool may_setgroups(void);
+extern void groups_sort(struct group_info *);
/*
* The security context of a task
--- a/kernel/groups.c
+++ b/kernel/groups.c
@@ -77,7 +77,7 @@ static int groups_from_user(struct group
}
/* a simple Shell sort */
-static void groups_sort(struct group_info *group_info)
+void groups_sort(struct group_info *group_info)
{
int base, max, stride;
int gidsetsize = group_info->ngroups;
@@ -103,6 +103,7 @@ static void groups_sort(struct group_inf
stride /= 3;
}
}
+EXPORT_SYMBOL(groups_sort);
/* a simple bsearch */
int groups_search(const struct group_info *group_info, kgid_t grp)
@@ -134,7 +135,6 @@ int groups_search(const struct group_inf
void set_groups(struct cred *new, struct group_info *group_info)
{
put_group_info(new->group_info);
- groups_sort(group_info);
get_group_info(group_info);
new->group_info = group_info;
}
@@ -218,6 +218,7 @@ SYSCALL_DEFINE2(setgroups, int, gidsetsi
return retval;
}
+ groups_sort(group_info);
retval = set_current_groups(group_info);
put_group_info(group_info);
--- a/kernel/uid16.c
+++ b/kernel/uid16.c
@@ -190,6 +190,7 @@ SYSCALL_DEFINE2(setgroups16, int, gidset
return retval;
}
+ groups_sort(group_info);
retval = set_current_groups(group_info);
put_group_info(group_info);
--- a/net/sunrpc/auth_gss/gss_rpc_xdr.c
+++ b/net/sunrpc/auth_gss/gss_rpc_xdr.c
@@ -231,6 +231,7 @@ static int gssx_dec_linux_creds(struct x
goto out_free_groups;
creds->cr_group_info->gid[i] = kgid;
}
+ groups_sort(creds->cr_group_info);
return 0;
out_free_groups:
--- a/net/sunrpc/auth_gss/svcauth_gss.c
+++ b/net/sunrpc/auth_gss/svcauth_gss.c
@@ -481,6 +481,7 @@ static int rsc_parse(struct cache_detail
goto out;
rsci.cred.cr_group_info->gid[i] = kgid;
}
+ groups_sort(rsci.cred.cr_group_info);
/* mech name */
len = qword_get(&mesg, buf, mlen);
--- a/net/sunrpc/svcauth_unix.c
+++ b/net/sunrpc/svcauth_unix.c
@@ -520,6 +520,7 @@ static int unix_gid_parse(struct cache_d
ug.gi->gid[i] = kgid;
}
+ groups_sort(ug.gi);
ugp = unix_gid_lookup(cd, uid);
if (ugp) {
struct cache_head *ch;
@@ -819,6 +820,7 @@ svcauth_unix_accept(struct svc_rqst *rqs
kgid_t kgid = make_kgid(&init_user_ns, svc_getnl(argv));
cred->cr_group_info->gid[i] = kgid;
}
+ groups_sort(cred->cr_group_info);
if (svc_getu32(argv) != htonl(RPC_AUTH_NULL) || svc_getu32(argv) != 0) {
*authp = rpc_autherr_badverf;
return SVC_DENIED;
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 09/21] kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (7 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 08/21] kernel: make groups_sort calling a responsibility group_info allocators Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 10/21] kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals Greg Kroah-Hartman
` (15 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oleg Nesterov, Kyle Huey,
Andrew Morton, Linus Torvalds
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleg Nesterov <oleg@redhat.com>
commit 628c1bcba204052d19b686b5bac149a644cdb72e upstream.
The comment in sig_ignored() says "Tracers may want to know about even
ignored signals" but SIGKILL can not be reported to debugger and it is
just wrong to return 0 in this case: SIGKILL should only kill the
SIGNAL_UNKILLABLE task if it comes from the parent ns.
Change sig_ignored() to ignore ->ptrace if sig == SIGKILL and rely on
sig_task_ignored().
SISGTOP coming from within the namespace is not really right too but at
least debugger can intercept it, and we can't drop it here because this
will break "gdb -p 1": ptrace_attach() won't work. Perhaps we will add
another ->ptrace check later, we will see.
Link: http://lkml.kernel.org/r/20171103184206.GB21036@redhat.com
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Tested-by: Kyle Huey <me@kylehuey.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/signal.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -88,13 +88,15 @@ static int sig_ignored(struct task_struc
if (sigismember(&t->blocked, sig) || sigismember(&t->real_blocked, sig))
return 0;
- if (!sig_task_ignored(t, sig, force))
- return 0;
-
/*
- * Tracers may want to know about even ignored signals.
+ * Tracers may want to know about even ignored signal unless it
+ * is SIGKILL which can't be reported anyway but can be ignored
+ * by SIGNAL_UNKILLABLE task.
*/
- return !t->ptrace;
+ if (t->ptrace && sig != SIGKILL)
+ return 0;
+
+ return sig_task_ignored(t, sig, force);
}
/*
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 10/21] kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (8 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 09/21] kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 11/21] kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() Greg Kroah-Hartman
` (14 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oleg Nesterov, Kyle Huey,
Andrew Morton, Linus Torvalds
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleg Nesterov <oleg@redhat.com>
commit ac25385089f673560867eb5179228a44ade0cfc1 upstream.
Change sig_task_ignored() to drop the SIG_DFL && !sig_kernel_only()
signals even if force == T. This simplifies the next change and this
matches the same check in get_signal() which will drop these signals
anyway.
Link: http://lkml.kernel.org/r/20171103184227.GC21036@redhat.com
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Tested-by: Kyle Huey <me@kylehuey.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/signal.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -72,7 +72,7 @@ static int sig_task_ignored(struct task_
handler = sig_handler(t, sig);
if (unlikely(t->signal->flags & SIGNAL_UNKILLABLE) &&
- handler == SIG_DFL && !force)
+ handler == SIG_DFL && !(force && sig_kernel_only(sig)))
return 1;
return sig_handler_ignored(handler, sig);
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 11/21] kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal()
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (9 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 10/21] kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 12/21] iommu/arm-smmu-v3: Dont free page table ops twice Greg Kroah-Hartman
` (13 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Oleg Nesterov, Dmitry Vyukov,
Kyle Huey, Kees Cook, Andrew Morton, Linus Torvalds
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleg Nesterov <oleg@redhat.com>
commit 426915796ccaf9c2bd9bb06dc5702225957bc2e5 upstream.
complete_signal() checks SIGNAL_UNKILLABLE before it starts to destroy
the thread group, today this is wrong in many ways.
If nothing else, fatal_signal_pending() should always imply that the
whole thread group (except ->group_exit_task if it is not NULL) is
killed, this check breaks the rule.
After the previous changes we can rely on sig_task_ignored();
sig_fatal(sig) && SIGNAL_UNKILLABLE can only be true if we actually want
to kill this task and sig == SIGKILL OR it is traced and debugger can
intercept the signal.
This should hopefully fix the problem reported by Dmitry. This
test-case
static int init(void *arg)
{
for (;;)
pause();
}
int main(void)
{
char stack[16 * 1024];
for (;;) {
int pid = clone(init, stack + sizeof(stack)/2,
CLONE_NEWPID | SIGCHLD, NULL);
assert(pid > 0);
assert(ptrace(PTRACE_ATTACH, pid, 0, 0) == 0);
assert(waitpid(-1, NULL, WSTOPPED) == pid);
assert(ptrace(PTRACE_DETACH, pid, 0, SIGSTOP) == 0);
assert(syscall(__NR_tkill, pid, SIGKILL) == 0);
assert(pid == wait(NULL));
}
}
triggers the WARN_ON_ONCE(!(task->jobctl & JOBCTL_STOP_PENDING)) in
task_participate_group_stop(). do_signal_stop()->signal_group_exit()
checks SIGNAL_GROUP_EXIT and return false, but task_set_jobctl_pending()
checks fatal_signal_pending() and does not set JOBCTL_STOP_PENDING.
And his should fix the minor security problem reported by Kyle,
SECCOMP_RET_TRACE can miss fatal_signal_pending() the same way if the
task is the root of a pid namespace.
Link: http://lkml.kernel.org/r/20171103184246.GD21036@redhat.com
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Reported-by: Kyle Huey <me@kylehuey.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Kyle Huey <me@kylehuey.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/signal.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -919,9 +919,9 @@ static void complete_signal(int sig, str
* then start taking the whole group down immediately.
*/
if (sig_fatal(p, sig) &&
- !(signal->flags & (SIGNAL_UNKILLABLE | SIGNAL_GROUP_EXIT)) &&
+ !(signal->flags & SIGNAL_GROUP_EXIT) &&
!sigismember(&t->real_blocked, sig) &&
- (sig == SIGKILL || !t->ptrace)) {
+ (sig == SIGKILL || !p->ptrace)) {
/*
* This signal will be fatal to the whole group.
*/
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 12/21] iommu/arm-smmu-v3: Dont free page table ops twice
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (10 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 11/21] kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 13/21] iommu/arm-smmu-v3: Cope with duplicated Stream IDs Greg Kroah-Hartman
` (12 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Robin Murphy, Jean-Philippe Brucker,
Will Deacon
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
commit 57d72e159b60456c8bb281736c02ddd3164037aa upstream.
Kasan reports a double free when finalise_stage_fn fails: the io_pgtable
ops are freed by arm_smmu_domain_finalise and then again by
arm_smmu_domain_free. Prevent this by leaving pgtbl_ops empty on failure.
Fixes: 48ec83bcbcf5 ("iommu/arm-smmu: Add initial driver support for ARM SMMUv3 devices")
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/arm-smmu-v3.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/drivers/iommu/arm-smmu-v3.c
+++ b/drivers/iommu/arm-smmu-v3.c
@@ -1547,13 +1547,15 @@ static int arm_smmu_domain_finalise(stru
domain->pgsize_bitmap = pgtbl_cfg.pgsize_bitmap;
domain->geometry.aperture_end = (1UL << ias) - 1;
domain->geometry.force_aperture = true;
- smmu_domain->pgtbl_ops = pgtbl_ops;
ret = finalise_stage_fn(smmu_domain, &pgtbl_cfg);
- if (ret < 0)
+ if (ret < 0) {
free_io_pgtable_ops(pgtbl_ops);
+ return ret;
+ }
- return ret;
+ smmu_domain->pgtbl_ops = pgtbl_ops;
+ return 0;
}
static __le64 *arm_smmu_get_step_for_sid(struct arm_smmu_device *smmu, u32 sid)
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 13/21] iommu/arm-smmu-v3: Cope with duplicated Stream IDs
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (11 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 12/21] iommu/arm-smmu-v3: Dont free page table ops twice Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 14/21] ARC: uaccess: dont use "l" gcc inline asm constraint modifier Greg Kroah-Hartman
` (11 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tomasz Nowicki, Tomasz Nowicki,
Jayachandran C., Robin Murphy, Will Deacon
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Robin Murphy <robin.murphy@arm.com>
commit 563b5cbe334e9503ab2b234e279d500fc4f76018 upstream.
For PCI devices behind an aliasing PCIe-to-PCI/X bridge, the bridge
alias to DevFn 0.0 on the subordinate bus may match the original RID of
the device, resulting in the same SID being present in the device's
fwspec twice. This causes trouble later in arm_smmu_write_strtab_ent()
when we wind up visiting the STE a second time and find it already live.
Avoid the issue by giving arm_smmu_install_ste_for_dev() the cleverness
to skip over duplicates. It seems mildly counterintuitive compared to
preventing the duplicates from existing in the first place, but since
the DT and ACPI probe paths build their fwspecs differently, this is
actually the cleanest and most self-contained way to deal with it.
Fixes: 8f78515425da ("iommu/arm-smmu: Implement of_xlate() for SMMUv3")
Reported-by: Tomasz Nowicki <tomasz.nowicki@caviumnetworks.com>
Tested-by: Tomasz Nowicki <Tomasz.Nowicki@cavium.com>
Tested-by: Jayachandran C. <jnair@caviumnetworks.com>
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iommu/arm-smmu-v3.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/drivers/iommu/arm-smmu-v3.c
+++ b/drivers/iommu/arm-smmu-v3.c
@@ -1582,7 +1582,7 @@ static __le64 *arm_smmu_get_step_for_sid
static int arm_smmu_install_ste_for_dev(struct iommu_fwspec *fwspec)
{
- int i;
+ int i, j;
struct arm_smmu_master_data *master = fwspec->iommu_priv;
struct arm_smmu_device *smmu = master->smmu;
@@ -1590,6 +1590,13 @@ static int arm_smmu_install_ste_for_dev(
u32 sid = fwspec->ids[i];
__le64 *step = arm_smmu_get_step_for_sid(smmu, sid);
+ /* Bridged PCI devices may end up with duplicated IDs */
+ for (j = 0; j < i; j++)
+ if (fwspec->ids[j] == sid)
+ break;
+ if (j < i)
+ continue;
+
arm_smmu_write_strtab_ent(smmu, sid, step, &master->ste);
}
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 14/21] ARC: uaccess: dont use "l" gcc inline asm constraint modifier
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (12 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 13/21] iommu/arm-smmu-v3: Cope with duplicated Stream IDs Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 15/21] Input: elantech - add new icbody type 15 Greg Kroah-Hartman
` (10 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Vineet Gupta
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vineet Gupta <vgupta@synopsys.com>
commit 79435ac78d160e4c245544d457850a56f805ac0d upstream.
This used to setup the LP_COUNT register automatically, but now has been
removed.
There was an earlier fix 3c7c7a2fc8811 which fixed instance in delay.h but
somehow missed this one as gcc change had not made its way into
production toolchains and was not pedantic as it is now !
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arc/include/asm/uaccess.h | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/arch/arc/include/asm/uaccess.h
+++ b/arch/arc/include/asm/uaccess.h
@@ -673,6 +673,7 @@ __arc_strncpy_from_user(char *dst, const
return 0;
__asm__ __volatile__(
+ " mov lp_count, %5 \n"
" lp 3f \n"
"1: ldb.ab %3, [%2, 1] \n"
" breq.d %3, 0, 3f \n"
@@ -689,8 +690,8 @@ __arc_strncpy_from_user(char *dst, const
" .word 1b, 4b \n"
" .previous \n"
: "+r"(res), "+r"(dst), "+r"(src), "=r"(val)
- : "g"(-EFAULT), "l"(count)
- : "memory");
+ : "g"(-EFAULT), "r"(count)
+ : "lp_count", "lp_start", "lp_end", "memory");
return res;
}
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 15/21] Input: elantech - add new icbody type 15
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (13 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 14/21] ARC: uaccess: dont use "l" gcc inline asm constraint modifier Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 16/21] x86/microcode/AMD: Add support for fam17h microcode loading Greg Kroah-Hartman
` (9 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Aaron Ma, Dmitry Torokhov
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aaron Ma <aaron.ma@canonical.com>
commit 10d900303f1c3a821eb0bef4e7b7ece16768fba4 upstream.
The touchpad of Lenovo Thinkpad L480 reports it's version as 15.
Signed-off-by: Aaron Ma <aaron.ma@canonical.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/mouse/elantech.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/input/mouse/elantech.c
+++ b/drivers/input/mouse/elantech.c
@@ -1609,7 +1609,7 @@ static int elantech_set_properties(struc
case 5:
etd->hw_version = 3;
break;
- case 6 ... 14:
+ case 6 ... 15:
etd->hw_version = 4;
break;
default:
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 16/21] x86/microcode/AMD: Add support for fam17h microcode loading
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (14 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 15/21] Input: elantech - add new icbody type 15 Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 17/21] parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel Greg Kroah-Hartman
` (8 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Tom Lendacky, Thomas Gleixner,
Borislav Petkov, Ingo Molnar, Alice Ferrazzi
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tom Lendacky <thomas.lendacky@amd.com>
commit f4e9b7af0cd58dd039a0fb2cd67d57cea4889abf upstream.
The size for the Microcode Patch Block (MPB) for an AMD family 17h
processor is 3200 bytes. Add a #define for fam17h so that it does
not default to 2048 bytes and fail a microcode load/update.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@alien8.de>
Link: https://lkml.kernel.org/r/20171130224640.15391.40247.stgit@tlendack-t1.amdoffice.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: Alice Ferrazzi <alicef@gentoo.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/cpu/microcode/amd.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/arch/x86/kernel/cpu/microcode/amd.c
+++ b/arch/x86/kernel/cpu/microcode/amd.c
@@ -592,6 +592,7 @@ static unsigned int verify_patch_size(u8
#define F14H_MPB_MAX_SIZE 1824
#define F15H_MPB_MAX_SIZE 4096
#define F16H_MPB_MAX_SIZE 3458
+#define F17H_MPB_MAX_SIZE 3200
switch (family) {
case 0x14:
@@ -603,6 +604,9 @@ static unsigned int verify_patch_size(u8
case 0x16:
max_size = F16H_MPB_MAX_SIZE;
break;
+ case 0x17:
+ max_size = F17H_MPB_MAX_SIZE;
+ break;
default:
max_size = F1XH_MPB_MAX_SIZE;
break;
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 17/21] parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (15 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 16/21] x86/microcode/AMD: Add support for fam17h microcode loading Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 18/21] parisc: qemu idle sleep support Greg Kroah-Hartman
` (7 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Helge Deller <deller@gmx.de>
commit 88776c0e70be0290f8357019d844aae15edaa967 upstream.
Qemu for PARISC reported on a 32bit SMP parisc kernel strange failures
about "Not-handled unaligned insn 0x0e8011d6 and 0x0c2011c9."
Those opcodes evaluate to the ldcw() assembly instruction which requires
(on 32bit) an alignment of 16 bytes to ensure atomicity.
As it turns out, qemu is correct and in our assembly code in entry.S and
pacache.S we don't pay attention to the required alignment.
This patch fixes the problem by aligning the lock offset in assembly
code in the same manner as we do in our C-code.
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/include/asm/ldcw.h | 2 ++
arch/parisc/kernel/entry.S | 13 +++++++++++--
arch/parisc/kernel/pacache.S | 9 +++++++--
3 files changed, 20 insertions(+), 4 deletions(-)
--- a/arch/parisc/include/asm/ldcw.h
+++ b/arch/parisc/include/asm/ldcw.h
@@ -11,6 +11,7 @@
for the semaphore. */
#define __PA_LDCW_ALIGNMENT 16
+#define __PA_LDCW_ALIGN_ORDER 4
#define __ldcw_align(a) ({ \
unsigned long __ret = (unsigned long) &(a)->lock[0]; \
__ret = (__ret + __PA_LDCW_ALIGNMENT - 1) \
@@ -28,6 +29,7 @@
ldcd). */
#define __PA_LDCW_ALIGNMENT 4
+#define __PA_LDCW_ALIGN_ORDER 2
#define __ldcw_align(a) (&(a)->slock)
#define __LDCW "ldcw,co"
--- a/arch/parisc/kernel/entry.S
+++ b/arch/parisc/kernel/entry.S
@@ -35,6 +35,7 @@
#include <asm/pgtable.h>
#include <asm/signal.h>
#include <asm/unistd.h>
+#include <asm/ldcw.h>
#include <asm/thread_info.h>
#include <linux/linkage.h>
@@ -46,6 +47,14 @@
#endif
.import pa_tlb_lock,data
+ .macro load_pa_tlb_lock reg
+#if __PA_LDCW_ALIGNMENT > 4
+ load32 PA(pa_tlb_lock) + __PA_LDCW_ALIGNMENT-1, \reg
+ depi 0,31,__PA_LDCW_ALIGN_ORDER, \reg
+#else
+ load32 PA(pa_tlb_lock), \reg
+#endif
+ .endm
/* space_to_prot macro creates a prot id from a space id */
@@ -457,7 +466,7 @@
.macro tlb_lock spc,ptp,pte,tmp,tmp1,fault
#ifdef CONFIG_SMP
cmpib,COND(=),n 0,\spc,2f
- load32 PA(pa_tlb_lock),\tmp
+ load_pa_tlb_lock \tmp
1: LDCW 0(\tmp),\tmp1
cmpib,COND(=) 0,\tmp1,1b
nop
@@ -480,7 +489,7 @@
/* Release pa_tlb_lock lock. */
.macro tlb_unlock1 spc,tmp
#ifdef CONFIG_SMP
- load32 PA(pa_tlb_lock),\tmp
+ load_pa_tlb_lock \tmp
tlb_unlock0 \spc,\tmp
#endif
.endm
--- a/arch/parisc/kernel/pacache.S
+++ b/arch/parisc/kernel/pacache.S
@@ -36,6 +36,7 @@
#include <asm/assembly.h>
#include <asm/pgtable.h>
#include <asm/cache.h>
+#include <asm/ldcw.h>
#include <linux/linkage.h>
.text
@@ -333,8 +334,12 @@ ENDPROC_CFI(flush_data_cache_local)
.macro tlb_lock la,flags,tmp
#ifdef CONFIG_SMP
- ldil L%pa_tlb_lock,%r1
- ldo R%pa_tlb_lock(%r1),\la
+#if __PA_LDCW_ALIGNMENT > 4
+ load32 pa_tlb_lock + __PA_LDCW_ALIGNMENT-1, \la
+ depi 0,31,__PA_LDCW_ALIGN_ORDER, \la
+#else
+ load32 pa_tlb_lock, \la
+#endif
rsm PSW_SM_I,\flags
1: LDCW 0(\la),\tmp
cmpib,<>,n 0,\tmp,3f
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 18/21] parisc: qemu idle sleep support
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (16 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 17/21] parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 19/21] mtd: nand: pxa3xx: Fix READOOB implementation Greg Kroah-Hartman
` (6 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Helge Deller, Richard Henderson
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Helge Deller <deller@gmx.de>
commit 310d82784fb4d60c80569f5ca9f53a7f3bf1d477 upstream.
Add qemu idle sleep support when running under qemu with SeaBIOS PDC
firmware.
Like the power architecture we use the "or" assembler instructions,
which translate to nops on real hardware, to indicate that qemu shall
idle sleep.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/kernel/process.c | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
--- a/arch/parisc/kernel/process.c
+++ b/arch/parisc/kernel/process.c
@@ -39,6 +39,7 @@
#include <linux/kernel.h>
#include <linux/mm.h>
#include <linux/fs.h>
+#include <linux/cpu.h>
#include <linux/module.h>
#include <linux/personality.h>
#include <linux/ptrace.h>
@@ -181,6 +182,44 @@ int dump_task_fpu (struct task_struct *t
}
/*
+ * Idle thread support
+ *
+ * Detect when running on QEMU with SeaBIOS PDC Firmware and let
+ * QEMU idle the host too.
+ */
+
+int running_on_qemu __read_mostly;
+
+void __cpuidle arch_cpu_idle_dead(void)
+{
+ /* nop on real hardware, qemu will offline CPU. */
+ asm volatile("or %%r31,%%r31,%%r31\n":::);
+}
+
+void __cpuidle arch_cpu_idle(void)
+{
+ local_irq_enable();
+
+ /* nop on real hardware, qemu will idle sleep. */
+ asm volatile("or %%r10,%%r10,%%r10\n":::);
+}
+
+static int __init parisc_idle_init(void)
+{
+ const char *marker;
+
+ /* check QEMU/SeaBIOS marker in PAGE0 */
+ marker = (char *) &PAGE0->pad0;
+ running_on_qemu = (memcmp(marker, "SeaBIOS", 8) == 0);
+
+ if (!running_on_qemu)
+ cpu_idle_poll_ctrl(1);
+
+ return 0;
+}
+arch_initcall(parisc_idle_init);
+
+/*
* Copy architecture-specific thread state
*/
int
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 19/21] mtd: nand: pxa3xx: Fix READOOB implementation
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (17 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 18/21] parisc: qemu idle sleep support Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 20/21] x86/tlb: Drop the _GPL from the cpu_tlbstate export Greg Kroah-Hartman
` (5 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Sean Nyekjær, Willy Tarreau,
Boris Brezillon, Ezequiel Garcia, Robert Jarzmik,
Richard Weinberger
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Boris Brezillon <boris.brezillon@free-electrons.com>
commit fee4380f368e84ed216b62ccd2fbc4126f2bf40b upstream.
In the current driver, OOB bytes are accessed in raw mode, and when a
page access is done with NDCR_SPARE_EN set and NDCR_ECC_EN cleared, the
driver must read the whole spare area (64 bytes in case of a 2k page,
16 bytes for a 512 page). The driver was only reading the free OOB
bytes, which was leaving some unread data in the FIFO and was somehow
leading to a timeout.
We could patch the driver to read ->spare_size + ->ecc_size instead of
just ->spare_size when READOOB is requested, but we'd better make
in-band and OOB accesses consistent.
Since the driver is always accessing in-band data in non-raw mode (with
the ECC engine enabled), we should also access OOB data in this mode.
That's particularly useful when using the BCH engine because in this
mode the free OOB bytes are also ECC protected.
Fixes: 43bcfd2bb24a ("mtd: nand: pxa3xx: Add driver-specific ECC BCH support")
Reported-by: Sean Nyekjær <sean.nyekjaer@prevas.dk>
Tested-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Acked-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Tested-by: Sean Nyekjaer <sean.nyekjaer@prevas.dk>
Acked-by: Robert Jarzmik <robert.jarzmik@free.fr>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/nand/pxa3xx_nand.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/mtd/nand/pxa3xx_nand.c
+++ b/drivers/mtd/nand/pxa3xx_nand.c
@@ -950,6 +950,7 @@ static void prepare_start_command(struct
switch (command) {
case NAND_CMD_READ0:
+ case NAND_CMD_READOOB:
case NAND_CMD_PAGEPROG:
info->use_ecc = 1;
break;
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 20/21] x86/tlb: Drop the _GPL from the cpu_tlbstate export
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (18 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 19/21] mtd: nand: pxa3xx: Fix READOOB implementation Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 21/21] Map the vsyscall page with _PAGE_USER Greg Kroah-Hartman
` (4 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel
Cc: Greg Kroah-Hartman, stable, Kees Cook, Thomas Gleixner,
Peter Zijlstra, Andy Lutomirski, Thomas Backlund
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Gleixner <tglx@linutronix.de>
commit 1e5476815fd7f98b888e01a0f9522b63085f96c9 upstream.
The recent changes for PTI touch cpu_tlbstate from various tlb_flush
inlines. cpu_tlbstate is exported as GPL symbol, so this causes a
regression when building out of tree drivers for certain graphics cards.
Aside of that the export was wrong since it was introduced as it should
have been EXPORT_PER_CPU_SYMBOL_GPL().
Use the correct PER_CPU export and drop the _GPL to restore the previous
state which allows users to utilize the cards they payed for.
As always I'm really thrilled to make this kind of change to support the
#friends (or however the hot hashtag of today is spelled) from that closet
sauce graphics corp.
Fixes: 1e02ce4cccdc ("x86: Store a per-cpu shadow copy of CR4")
Fixes: 6fd166aae78c ("x86/mm: Use/Fix PCID to optimize user/kernel switches")
Reported-by: Kees Cook <keescook@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Thomas Backlund <tmb@mageia.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/mm/init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -768,7 +768,7 @@ DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb
.state = 0,
.cr4 = ~0UL, /* fail hard if we screw up cr4 shadow initialization */
};
-EXPORT_SYMBOL_GPL(cpu_tlbstate);
+EXPORT_PER_CPU_SYMBOL(cpu_tlbstate);
void update_cache_mode_entry(unsigned entry, enum page_cache_mode cache)
{
^ permalink raw reply [flat|nested] 27+ messages in thread
* [PATCH 4.9 21/21] Map the vsyscall page with _PAGE_USER
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (19 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 20/21] x86/tlb: Drop the _GPL from the cpu_tlbstate export Greg Kroah-Hartman
@ 2018-01-08 12:59 ` Greg Kroah-Hartman
2018-01-08 16:47 ` [PATCH 4.9 00/21] 4.9.76-stable review kernelci.org bot
` (3 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-08 12:59 UTC (permalink / raw
To: linux-kernel; +Cc: Greg Kroah-Hartman, stable, Borislav Petkov, Hugh Dickins
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Borislav Petkov <bp@suse.de>
This needs to happen early in kaiser_pagetable_walk(), before the
hierarchy is established so that _PAGE_USER permission can be really
set.
A proper fix would be to teach kaiser_pagetable_walk() to update those
permissions but the vsyscall page is the only exception here so ...
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/entry/vsyscall/vsyscall_64.c | 5 +++++
arch/x86/include/asm/vsyscall.h | 2 ++
arch/x86/mm/kaiser.c | 34 ++++++++++++++++++++++++++++++----
3 files changed, 37 insertions(+), 4 deletions(-)
--- a/arch/x86/entry/vsyscall/vsyscall_64.c
+++ b/arch/x86/entry/vsyscall/vsyscall_64.c
@@ -66,6 +66,11 @@ static int __init vsyscall_setup(char *s
}
early_param("vsyscall", vsyscall_setup);
+bool vsyscall_enabled(void)
+{
+ return vsyscall_mode != NONE;
+}
+
static void warn_bad_vsyscall(const char *level, struct pt_regs *regs,
const char *message)
{
--- a/arch/x86/include/asm/vsyscall.h
+++ b/arch/x86/include/asm/vsyscall.h
@@ -12,12 +12,14 @@ extern void map_vsyscall(void);
* Returns true if handled.
*/
extern bool emulate_vsyscall(struct pt_regs *regs, unsigned long address);
+extern bool vsyscall_enabled(void);
#else
static inline void map_vsyscall(void) {}
static inline bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
{
return false;
}
+bool vsyscall_enabled(void) { return false; }
#endif
#endif /* _ASM_X86_VSYSCALL_H */
--- a/arch/x86/mm/kaiser.c
+++ b/arch/x86/mm/kaiser.c
@@ -19,6 +19,7 @@
#include <asm/pgalloc.h>
#include <asm/desc.h>
#include <asm/cmdline.h>
+#include <asm/vsyscall.h>
int kaiser_enabled __read_mostly = 1;
EXPORT_SYMBOL(kaiser_enabled); /* for inlined TLB flush functions */
@@ -110,12 +111,13 @@ static inline unsigned long get_pa_from_
*
* Returns a pointer to a PTE on success, or NULL on failure.
*/
-static pte_t *kaiser_pagetable_walk(unsigned long address)
+static pte_t *kaiser_pagetable_walk(unsigned long address, bool user)
{
pmd_t *pmd;
pud_t *pud;
pgd_t *pgd = native_get_shadow_pgd(pgd_offset_k(address));
gfp_t gfp = (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO);
+ unsigned long prot = _KERNPG_TABLE;
if (pgd_none(*pgd)) {
WARN_ONCE(1, "All shadow pgds should have been populated");
@@ -123,6 +125,17 @@ static pte_t *kaiser_pagetable_walk(unsi
}
BUILD_BUG_ON(pgd_large(*pgd) != 0);
+ if (user) {
+ /*
+ * The vsyscall page is the only page that will have
+ * _PAGE_USER set. Catch everything else.
+ */
+ BUG_ON(address != VSYSCALL_ADDR);
+
+ set_pgd(pgd, __pgd(pgd_val(*pgd) | _PAGE_USER));
+ prot = _PAGE_TABLE;
+ }
+
pud = pud_offset(pgd, address);
/* The shadow page tables do not use large mappings: */
if (pud_large(*pud)) {
@@ -135,7 +148,7 @@ static pte_t *kaiser_pagetable_walk(unsi
return NULL;
spin_lock(&shadow_table_allocation_lock);
if (pud_none(*pud)) {
- set_pud(pud, __pud(_KERNPG_TABLE | __pa(new_pmd_page)));
+ set_pud(pud, __pud(prot | __pa(new_pmd_page)));
__inc_zone_page_state(virt_to_page((void *)
new_pmd_page), NR_KAISERTABLE);
} else
@@ -155,7 +168,7 @@ static pte_t *kaiser_pagetable_walk(unsi
return NULL;
spin_lock(&shadow_table_allocation_lock);
if (pmd_none(*pmd)) {
- set_pmd(pmd, __pmd(_KERNPG_TABLE | __pa(new_pte_page)));
+ set_pmd(pmd, __pmd(prot | __pa(new_pte_page)));
__inc_zone_page_state(virt_to_page((void *)
new_pte_page), NR_KAISERTABLE);
} else
@@ -191,7 +204,7 @@ static int kaiser_add_user_map(const voi
ret = -EIO;
break;
}
- pte = kaiser_pagetable_walk(address);
+ pte = kaiser_pagetable_walk(address, flags & _PAGE_USER);
if (!pte) {
ret = -ENOMEM;
break;
@@ -318,6 +331,19 @@ void __init kaiser_init(void)
kaiser_init_all_pgds();
+ /*
+ * Note that this sets _PAGE_USER and it needs to happen when the
+ * pagetable hierarchy gets created, i.e., early. Otherwise
+ * kaiser_pagetable_walk() will encounter initialized PTEs in the
+ * hierarchy and not set the proper permissions, leading to the
+ * pagefaults with page-protection violations when trying to read the
+ * vsyscall page. For example.
+ */
+ if (vsyscall_enabled())
+ kaiser_add_user_map_early((void *)VSYSCALL_ADDR,
+ PAGE_SIZE,
+ __PAGE_KERNEL_VSYSCALL);
+
for_each_possible_cpu(cpu) {
void *percpu_vaddr = __per_cpu_user_mapped_start +
per_cpu_offset(cpu);
^ permalink raw reply [flat|nested] 27+ messages in thread
* Re: [PATCH 4.9 00/21] 4.9.76-stable review
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (20 preceding siblings ...)
2018-01-08 12:59 ` [PATCH 4.9 21/21] Map the vsyscall page with _PAGE_USER Greg Kroah-Hartman
@ 2018-01-08 16:47 ` kernelci.org bot
2018-01-08 20:59 ` Shuah Khan
` (2 subsequent siblings)
24 siblings, 0 replies; 27+ messages in thread
From: kernelci.org bot @ 2018-01-08 16:47 UTC (permalink / raw
To: Greg Kroah-Hartman, linux-kernel
Cc: Greg Kroah-Hartman, torvalds, akpm, linux, shuahkh, patches,
ben.hutchings, lkft-triage, stable
stable-rc/linux-4.9.y boot: 131 boots: 1 failed, 127 passed with 3 offline (v4.9.75-21-gb12801888e5f)
Full Boot Summary: https://kernelci.org/boot/all/job/stable-rc/branch/linux-4.9.y/kernel/v4.9.75-21-gb12801888e5f/
Full Build Summary: https://kernelci.org/build/stable-rc/branch/linux-4.9.y/kernel/v4.9.75-21-gb12801888e5f/
Tree: stable-rc
Branch: linux-4.9.y
Git Describe: v4.9.75-21-gb12801888e5f
Git Commit: b12801888e5f8f35d1656efc0805fc385bd2487c
Git URL: http://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
Tested: 70 unique boards, 20 SoC families, 18 builds out of 183
Boot Regressions Detected:
arm:
at91_dt_defconfig:
at91rm9200ek_rootfs:nfs:
lab-free-electrons: new failure (last pass: v4.9.75)
Boot Failure Detected:
arm:
at91_dt_defconfig
at91rm9200ek_rootfs:nfs: 1 failed lab
Offline Platforms:
arm:
multi_v7_defconfig:
exynos5420-arndale-octa: 1 offline lab
exynos_defconfig:
exynos5420-arndale-octa: 1 offline lab
sunxi_defconfig:
sun4i-a10-cubieboard: 1 offline lab
---
For more info write to <info@kernelci.org>
^ permalink raw reply [flat|nested] 27+ messages in thread
* Re: [PATCH 4.9 00/21] 4.9.76-stable review
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (21 preceding siblings ...)
2018-01-08 16:47 ` [PATCH 4.9 00/21] 4.9.76-stable review kernelci.org bot
@ 2018-01-08 20:59 ` Shuah Khan
2018-01-09 11:59 ` Naresh Kamboju
2018-01-09 13:45 ` Guenter Roeck
24 siblings, 0 replies; 27+ messages in thread
From: Shuah Khan @ 2018-01-08 20:59 UTC (permalink / raw
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, linux, patches, ben.hutchings, lkft-triage,
stable, Shuah Khan
On 01/08/2018 05:59 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.9.76 release.
> There are 21 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed Jan 10 12:59:08 UTC 2018.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.76-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 27+ messages in thread
* Re: [PATCH 4.9 00/21] 4.9.76-stable review
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (22 preceding siblings ...)
2018-01-08 20:59 ` Shuah Khan
@ 2018-01-09 11:59 ` Naresh Kamboju
2018-01-09 12:42 ` Greg Kroah-Hartman
2018-01-09 13:45 ` Guenter Roeck
24 siblings, 1 reply; 27+ messages in thread
From: Naresh Kamboju @ 2018-01-09 11:59 UTC (permalink / raw
To: Greg Kroah-Hartman
Cc: linux-kernel, Linus Torvalds, Andrew Morton, Guenter Roeck,
Shuah Khan, patches, Ben Hutchings, lkft-triage, linux- stable
On 8 January 2018 at 18:29, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
> This is the start of the stable review cycle for the 4.9.76 release.
> There are 21 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed Jan 10 12:59:08 UTC 2018.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.76-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
No regressions on arm64, arm and x86_64.
NOTE:
There were multiple pushes on 4.9.76-rc1 here is what we have the
latest results.
Summary
------------------------------------------------------------------------
kernel: 4.9.76-rc1
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
git branch: linux-4.9.y
git commit: ae26dbfc6ade0e6fa912ca0648632e2108c53502
git describe: v4.9.75-22-gae26dbfc6ade
Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-4.9-oe/build/v4.9.75-22-gae26dbfc6ade
No regressions (compared to build v4.9.75-21-gafa583f23eca)
Boards, architectures and test suites:
-------------------------------------
hi6220-hikey - arm64
* boot - pass: 20,
* kselftest - skip: 23, pass: 40,
* libhugetlbfs - skip: 1, pass: 90,
* ltp-cap_bounds-tests - pass: 2,
* ltp-containers-tests - pass: 64,
* ltp-fcntl-locktests-tests - pass: 2,
* ltp-filecaps-tests - pass: 2,
* ltp-fs-tests - pass: 60,
* ltp-fs_bind-tests - pass: 2,
* ltp-fs_perms_simple-tests - pass: 19,
* ltp-fsx-tests - pass: 2,
* ltp-hugetlb-tests - skip: 1, pass: 21,
* ltp-io-tests - pass: 3,
* ltp-ipc-tests - pass: 9,
* ltp-math-tests - pass: 11,
* ltp-nptl-tests - pass: 2,
* ltp-pty-tests - pass: 4,
* ltp-sched-tests - pass: 14,
* ltp-securebits-tests - pass: 4,
* ltp-syscalls-tests - skip: 121, pass: 983,
* ltp-timers-tests - pass: 12,
juno-r2 - arm64
* boot - pass: 20,
* kselftest - skip: 23, pass: 40,
* libhugetlbfs - skip: 1, pass: 90,
* ltp-cap_bounds-tests - pass: 2,
* ltp-containers-tests - pass: 64,
* ltp-fcntl-locktests-tests - pass: 2,
* ltp-filecaps-tests - pass: 2,
* ltp-fs_bind-tests - pass: 2,
* ltp-fs_perms_simple-tests - pass: 19,
* ltp-fsx-tests - pass: 2,
* ltp-hugetlb-tests - pass: 22,
* ltp-io-tests - pass: 3,
* ltp-ipc-tests - pass: 9,
* ltp-math-tests - pass: 11,
* ltp-nptl-tests - pass: 2,
* ltp-pty-tests - pass: 4,
* ltp-sched-tests - pass: 14,
* ltp-securebits-tests - pass: 4,
* ltp-syscalls-tests - skip: 121, pass: 987,
* ltp-timers-tests - pass: 12,
x15 - arm
* boot - pass: 20,
* kselftest - skip: 25, pass: 37,
* libhugetlbfs - skip: 1, pass: 87,
* ltp-cap_bounds-tests - pass: 2,
* ltp-containers-tests - pass: 64,
* ltp-fcntl-locktests-tests - pass: 2,
* ltp-filecaps-tests - pass: 2,
* ltp-fs-tests - pass: 60,
* ltp-fs_bind-tests - pass: 2,
* ltp-fs_perms_simple-tests - pass: 19,
* ltp-fsx-tests - pass: 2,
* ltp-hugetlb-tests - skip: 2, pass: 20,
* ltp-io-tests - pass: 3,
* ltp-ipc-tests - pass: 9,
* ltp-math-tests - pass: 11,
* ltp-nptl-tests - pass: 2,
* ltp-pty-tests - pass: 4,
* ltp-sched-tests - skip: 1, pass: 13,
* ltp-securebits-tests - pass: 4,
* ltp-syscalls-tests - skip: 66, pass: 1037,
* ltp-timers-tests - pass: 12,
x86_64
* boot - pass: 20,
* kselftest - skip: 24, pass: 53,
* libhugetlbfs - skip: 1, pass: 90,
* ltp-cap_bounds-tests - pass: 2,
* ltp-containers-tests - pass: 64,
* ltp-fcntl-locktests-tests - pass: 2,
* ltp-filecaps-tests - pass: 2,
* ltp-fs-tests - skip: 1, pass: 61,
* ltp-fs_bind-tests - pass: 2,
* ltp-fs_perms_simple-tests - pass: 19,
* ltp-fsx-tests - pass: 2,
* ltp-hugetlb-tests - pass: 22,
* ltp-io-tests - pass: 3,
* ltp-ipc-tests - pass: 9,
* ltp-math-tests - pass: 11,
* ltp-nptl-tests - pass: 2,
* ltp-pty-tests - pass: 4,
* ltp-sched-tests - skip: 1, pass: 9,
* ltp-securebits-tests - pass: 4,
* ltp-syscalls-tests - skip: 116, pass: 1016,
* ltp-timers-tests - pass: 12,
Documentation - https://collaborate.linaro.org/display/LKFT/Email+Reports
Tested-by: Naresh Kamboju <naresh.kamboju@linaro.org>
^ permalink raw reply [flat|nested] 27+ messages in thread
* Re: [PATCH 4.9 00/21] 4.9.76-stable review
2018-01-09 11:59 ` Naresh Kamboju
@ 2018-01-09 12:42 ` Greg Kroah-Hartman
0 siblings, 0 replies; 27+ messages in thread
From: Greg Kroah-Hartman @ 2018-01-09 12:42 UTC (permalink / raw
To: Naresh Kamboju
Cc: linux-kernel, Linus Torvalds, Andrew Morton, Guenter Roeck,
Shuah Khan, patches, Ben Hutchings, lkft-triage, linux- stable
On Tue, Jan 09, 2018 at 05:29:30PM +0530, Naresh Kamboju wrote:
> On 8 January 2018 at 18:29, Greg Kroah-Hartman
> <gregkh@linuxfoundation.org> wrote:
> > This is the start of the stable review cycle for the 4.9.76 release.
> > There are 21 patches in this series, all will be posted as a response
> > to this one. If anyone has any issues with these being applied, please
> > let me know.
> >
> > Responses should be made by Wed Jan 10 12:59:08 UTC 2018.
> > Anything received after that time might be too late.
> >
> > The whole patch series can be found in one patch at:
> > kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.9.76-rc1.gz
> > or in the git tree and branch at:
> > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.9.y
> > and the diffstat can be found below.
> >
> > thanks,
> >
> > greg k-h
>
> Results from Linaro’s test farm.
> No regressions on arm64, arm and x86_64.
>
> NOTE:
> There were multiple pushes on 4.9.76-rc1 here is what we have the
> latest results.
Great, thanks for testing and letting me know.
greg k-h
^ permalink raw reply [flat|nested] 27+ messages in thread
* Re: [PATCH 4.9 00/21] 4.9.76-stable review
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
` (23 preceding siblings ...)
2018-01-09 11:59 ` Naresh Kamboju
@ 2018-01-09 13:45 ` Guenter Roeck
24 siblings, 0 replies; 27+ messages in thread
From: Guenter Roeck @ 2018-01-09 13:45 UTC (permalink / raw
To: Greg Kroah-Hartman, linux-kernel
Cc: torvalds, akpm, shuahkh, patches, ben.hutchings, lkft-triage,
stable
On 01/08/2018 04:59 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 4.9.76 release.
> There are 21 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed Jan 10 12:59:08 UTC 2018.
> Anything received after that time might be too late.
>
Build results:
total: 145 pass: 145 fail: 0
Qemu test results:
total: 126 pass: 126 fail: 0
Details are available at http://kerneltests.org/builders.
Guenter
^ permalink raw reply [flat|nested] 27+ messages in thread
end of thread, other threads:[~2018-01-09 13:45 UTC | newest]
Thread overview: 27+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-01-08 12:59 [PATCH 4.9 00/21] 4.9.76-stable review Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 01/21] kernel/acct.c: fix the acct->needcheck check in check_free_space() Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 02/21] crypto: n2 - cure use after free Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 03/21] crypto: chacha20poly1305 - validate the digest size Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 04/21] crypto: pcrypt - fix freeing pcrypt instances Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 05/21] sunxi-rsb: Include OF based modalias in device uevent Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 06/21] fscache: Fix the default for fscache_maybe_release_page() Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 07/21] nbd: fix use-after-free of rq/bio in the xmit path Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 08/21] kernel: make groups_sort calling a responsibility group_info allocators Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 09/21] kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 10/21] kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 11/21] kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 12/21] iommu/arm-smmu-v3: Dont free page table ops twice Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 13/21] iommu/arm-smmu-v3: Cope with duplicated Stream IDs Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 14/21] ARC: uaccess: dont use "l" gcc inline asm constraint modifier Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 15/21] Input: elantech - add new icbody type 15 Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 16/21] x86/microcode/AMD: Add support for fam17h microcode loading Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 17/21] parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 18/21] parisc: qemu idle sleep support Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 19/21] mtd: nand: pxa3xx: Fix READOOB implementation Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 20/21] x86/tlb: Drop the _GPL from the cpu_tlbstate export Greg Kroah-Hartman
2018-01-08 12:59 ` [PATCH 4.9 21/21] Map the vsyscall page with _PAGE_USER Greg Kroah-Hartman
2018-01-08 16:47 ` [PATCH 4.9 00/21] 4.9.76-stable review kernelci.org bot
2018-01-08 20:59 ` Shuah Khan
2018-01-09 11:59 ` Naresh Kamboju
2018-01-09 12:42 ` Greg Kroah-Hartman
2018-01-09 13:45 ` Guenter Roeck
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.