summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-08-01exec: Consolidate dumpability logicKees Cook1-6/+5
Since it's already valid to set dumpability in the early part of setup_new_exec(), we can consolidate the logic into a single place. The BINPRM_FLAGS_ENFORCE_NONDUMP is set during would_dump() calls before setup_new_exec(), so its test is safe to move as well. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: James Morris <james.l.morris@oracle.com>
2017-08-01smack: Remove redundant pdeath_signal clearingKees Cook1-15/+0
This removes the redundant pdeath_signal clearing in Smack: the check in smack_bprm_committing_creds() matches the check in smack_bprm_set_creds() (which used to be in the now-removed smack_bprm_securexec() hook) and since secureexec is now being checked for clearing pdeath_signal, this is redundant to the common exec code. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: James Morris <james.l.morris@oracle.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
2017-08-01exec: Use secureexec for clearing pdeath_signalKees Cook1-2/+1
Like dumpability, clearing pdeath_signal happens both in setup_new_exec() and later in commit_creds(). The test in setup_new_exec() is different from all other privilege comparisons, though: it is checking the new cred (bprm) uid vs the old cred (current) euid. This appears to be a bug, introduced by commit a6f76f23d297 ("CRED: Make execve() take advantage of copy-on-write credentials"): - if (bprm->e_uid != current_euid() || - bprm->e_gid != current_egid()) { - set_dumpable(current->mm, suid_dumpable); + if (bprm->cred->uid != current_euid() || + bprm->cred->gid != current_egid()) { It was bprm euid vs current euid (and egids), but the effective got dropped. Nothing in the exec flow changes bprm->cred->uid (nor gid). The call traces are: prepare_bprm_creds() prepare_exec_creds() prepare_creds() memcpy(new_creds, old_creds, ...) security_prepare_creds() (unimplemented by commoncap) ... prepare_binprm() bprm_fill_uid() resets euid/egid to current euid/egid sets euid/egid on bprm based on set*id file bits security_bprm_set_creds() cap_bprm_set_creds() handle all caps-based manipulations so this test is effectively a test of current_uid() vs current_euid(), which is wrong, just like the prior dumpability tests were wrong. The commit log says "Clear pdeath_signal and set dumpable on certain circumstances that may not be covered by commit_creds()." This may be meaning the earlier old euid vs new euid (and egid) test that got changed. Luckily, as with dumpability, this is all masked by commit_creds() which performs old/new euid and egid tests and clears pdeath_signal. And again, like dumpability, we should include LSM secureexec logic for pdeath_signal clearing. For example, Smack goes out of its way to clear pdeath_signal when it finds a secureexec condition. Cc: David Howells <dhowells@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: James Morris <james.l.morris@oracle.com>
2017-08-01exec: Use secureexec for setting dumpabilityKees Cook1-1/+1
The examination of "current" to decide dumpability is wrong. This was a check of and euid/uid (or egid/gid) mismatch in the existing process, not the newly created one. This appears to stretch back into even the "history.git" tree. Luckily, dumpability is later set in commit_creds(). In earlier kernel versions before creds existed, similar checks also existed late in the exec flow, covering up the mistake as far back as I could find. Note that because the commit_creds() check examines differences of euid, uid, egid, gid, and capabilities between the old and new creds, it would look like the setup_new_exec() dumpability test could be entirely removed. However, the secureexec test may cover a different set of tests (specific to the LSMs) than what commit_creds() checks for. So, fix this test to use secureexec (the removed euid tests are redundant to the commoncap secureexec checks now). Cc: David Howells <dhowells@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: James Morris <james.l.morris@oracle.com>
2017-08-01LSM: drop bprm_secureexec hookKees Cook4-22/+5
This removes the bprm_secureexec hook since the logic has been folded into the bprm_set_creds hook for all LSMs now. Cc: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com>
2017-08-01commoncap: Move cap_elevated calculation into bprm_set_credsKees Cook2-45/+10
Instead of a separate function, open-code the cap_elevated test, which lets us entirely remove bprm->cap_effective (to use the local "effective" variable instead), and more accurately examine euid/egid changes via the existing local "is_setid". The following LTP tests were run to validate the changes: # ./runltp -f syscalls -s cap # ./runltp -f securebits # ./runltp -f cap_bounds # ./runltp -f filecaps All kernel selftests for capabilities and exec continue to pass as well. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: Andy Lutomirski <luto@kernel.org>
2017-08-01commoncap: Refactor to remove bprm_secureexec hookKees Cook4-6/+23
The commoncap implementation of the bprm_secureexec hook is the only LSM that depends on the final call to its bprm_set_creds hook (since it may be called for multiple files, it ignores bprm->called_set_creds). As a result, it cannot safely _clear_ bprm->secureexec since other LSMs may have set it. Instead, remove the bprm_secureexec hook by introducing a new flag to bprm specific to commoncap: cap_elevated. This is similar to cap_effective, but that is used for a specific subset of elevated privileges, and exists solely to track state from bprm_set_creds to bprm_secureexec. As such, it will be removed in the next patch. Here, set the new bprm->cap_elevated flag when setuid/setgid has happened from bprm_fill_uid() or fscapabilities have been prepared. This temporarily moves the bprm_secureexec hook to a static inline. The helper will be removed in the next patch; this makes the step easier to review and bisect, since this does not introduce any changes to inputs nor outputs to the "elevated privileges" calculation. The new flag is merged with the bprm->secureexec flag in setup_new_exec() since this marks the end of any further prepare_binprm() calls. Cc: Andy Lutomirski <luto@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Andy Lutomirski <luto@kernel.org> Acked-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com>
2017-08-01smack: Refactor to remove bprm_secureexec hookKees Cook1-17/+4
The Smack bprm_secureexec hook can be merged with the bprm_set_creds hook since it's dealing with the same information, and all of the details are finalized during the first call to the bprm_set_creds hook via prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored via bprm->called_set_creds). Here, the test can just happen at the end of the bprm_set_creds hook, and the bprm_secureexec hook can be dropped. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: James Morris <james.l.morris@oracle.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
2017-08-01selinux: Refactor to remove bprm_secureexec hookKees Cook1-19/+5
The SELinux bprm_secureexec hook can be merged with the bprm_set_creds hook since it's dealing with the same information, and all of the details are finalized during the first call to the bprm_set_creds hook via prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored via bprm->called_set_creds). Here, the test can just happen at the end of the bprm_set_creds hook, and the bprm_secureexec hook can be dropped. Cc: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Paul Moore <paul@paul-moore.com> Tested-by: Paul Moore <paul@paul-moore.com> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: James Morris <james.l.morris@oracle.com> Reviewed-by: Andy Lutomirski <luto@kernel.org>
2017-08-01apparmor: Refactor to remove bprm_secureexec hookKees Cook4-23/+1
The AppArmor bprm_secureexec hook can be merged with the bprm_set_creds hook since it's dealing with the same information, and all of the details are finalized during the first call to the bprm_set_creds hook via prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored via bprm->called_set_creds). Here, all the comments describe how secureexec is actually calculated during bprm_set_creds, so this actually does it, drops the bprm flag that was being used internally by AppArmor, and drops the bprm_secureexec hook. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: John Johansen <john.johansen@canonical.com> Reviewed-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com>
2017-08-01binfmt: Introduce secureexec flagKees Cook4-3/+11
The bprm_secureexec hook can be moved earlier. Right now, it is called during create_elf_tables(), via load_binary(), via search_binary_handler(), via exec_binprm(). Nearly all (see exception below) state used by bprm_secureexec is created during the bprm_set_creds hook, called from prepare_binprm(). For all LSMs (except commoncaps described next), only the first execution of bprm_set_creds takes any effect (they all check bprm->called_set_creds which prepare_binprm() sets after the first call to the bprm_set_creds hook). However, all these LSMs also only do anything with bprm_secureexec when they detected a secure state during their first run of bprm_set_creds. Therefore, it is functionally identical to move the detection into bprm_set_creds, since the results from secureexec here only need to be based on the first call to the LSM's bprm_set_creds hook. The single exception is that the commoncaps secureexec hook also examines euid/uid and egid/gid differences which are controlled by bprm_fill_uid(), via prepare_binprm(), which can be called multiple times (e.g. binfmt_script, binfmt_misc), and may clear the euid/egid for the final load (i.e. the script interpreter). However, while commoncaps specifically ignores bprm->cred_prepared, and runs its bprm_set_creds hook each time prepare_binprm() may get called, it needs to base the secureexec decision on the final call to bprm_set_creds. As a result, it will need special handling. To begin this refactoring, this adds the secureexec flag to the bprm struct, and calls the secureexec hook during setup_new_exec(). This is safe since all the cred work is finished (and past the point of no return). This explicit call will be removed in later patches once the hook has been removed. Cc: David Howells <dhowells@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: James Morris <james.l.morris@oracle.com>
2017-08-01exec: Correct comments about "point of no return"Kees Cook1-3/+13
In commit 221af7f87b97 ("Split 'flush_old_exec' into two functions"), the comment about the point of no return should have stayed in flush_old_exec() since it refers to "bprm->mm = NULL;" line, but prior changes in commits c89681ed7d0e ("remove steal_locks()"), and fd8328be874f ("sanitize handling of shared descriptor tables in failing execve()") made it look like it meant the current->sas_ss_sp line instead. The comment was referring to the fact that once bprm->mm is NULL, all failures from a binfmt load_binary hook (e.g. load_elf_binary), will get SEGV raised against current. Move this comment and expand the explanation a bit, putting it above the assignment this time, and add details about the true nature of "point of no return" being the call to flush_old_exec() itself. This also removes an erroneous commet about when credentials are being installed. That has its own dedicated function, install_exec_creds(), which carries a similar (and correct) comment, so remove the bogus comment where installation is not actually happening. Cc: David Howells <dhowells@redhat.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: Serge Hallyn <serge@hallyn.com>
2017-08-01exec: Rename bprm->cred_prepared to called_set_credsKees Cook7-8/+12
The cred_prepared bprm flag has a misleading name. It has nothing to do with the bprm_prepare_cred hook, and actually tracks if bprm_set_creds has been called. Rename this flag and improve its comment. Cc: David Howells <dhowells@redhat.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: James Morris <james.l.morris@oracle.com> Acked-by: Paul Moore <paul@paul-moore.com> Acked-by: Serge Hallyn <serge@hallyn.com>
2017-07-23Linux 4.13-rc2v4.13-rc2Linus Torvalds1-1/+1
2017-07-23Properly alphabetize MAINTAINERS fileLinus Torvalds2-1741/+1815
This adds a perl script to actually parse the MAINTAINERS file, clean up some whitespace in it, warn about errors in it, and then properly sort the end result. My perl-fu is atrocious, so the script has basically been created by randomly putting various characters in a pile, mixing them around, and then looking it the end result does anything interesting when used as a perl script. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-07-23Fix up MAINTAINERS file problemsLinus Torvalds1-13/+4
Prepping for scripting the MAINTAINERS file cleanup (and possible split) showed a couple of cases where the headers for a couple of entries were bogus. There's a few different kinds of bogosities: - the X-GENE SOC EDAC case was confused and split over two lines - there were four entries for "GREYBUS PROTOCOLS DRIVERS" that were all different things. - the NOKIA N900 CAMERA SUPPORT" was duplicated all of which were more obvious when you started doing associative arrays in perl to track these things by the header (so that we can alphabetize this thing properly, and so that we might split it up by the data too). Cc: Joe Perches <joe@perches.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-07-23Merge tag 'for-linus-4.13b-rc2-tag' of ↵Linus Torvalds6-13/+33
git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen fixes from Juergen Gross: "Some fixes and cleanups for running under Xen" * tag 'for-linus-4.13b-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen/balloon: don't online new memory initially xen/x86: fix cpu hotplug xen/grant-table: log the lack of grants xen/x86: Don't BUG on CPU0 offlining
2017-07-23xen/balloon: don't online new memory initiallyJuergen Gross3-10/+23
When setting up the Xenstore watch for the memory target size the new watch will fire at once. Don't try to reach the configured target size by onlining new memory in this case, as the current memory size will be smaller in almost all cases due to e.g. BIOS reserved pages. Onlining new memory will lead to more problems e.g. undesired conflicts with NVMe devices meant to be operated as block devices. Instead remember the difference between target size and current size when the watch fires for the first time and apply it to any further size changes, too. In order to avoid races between balloon.c and xen-balloon.c init calls do the xen-balloon.c initialization from balloon.c. Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Signed-off-by: Juergen Gross <jgross@suse.com>
2017-07-23xen/x86: fix cpu hotplugJuergen Gross1-1/+2
Commit dc6416f1d711eb4c1726e845d653235dcaae12e1 ("xen/x86: Call cpu_startup_entry(CPUHP_AP_ONLINE_IDLE) from xen_play_dead()") introduced an error leading to a stack overflow of the idle task when a cpu was brought offline/online many times: by calling cpu_startup_entry() instead of returning at the end of xen_play_dead() do_idle() would be entered again and again. Don't use cpu_startup_entry(), but cpuhp_online_idle() instead allowing to return from xen_play_dead(). Cc: <stable@vger.kernel.org> # 4.12 Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Signed-off-by: Juergen Gross <jgross@suse.com>
2017-07-23xen/grant-table: log the lack of grantsWengang Wang1-1/+8
log a message when we enter this situation: 1) we already allocated the max number of available grants from hypervisor and 2) we still need more (but the request fails because of 1)). Sometimes the lack of grants causes IO hangs in xen_blkfront devices. Adding this log would help debuging. Signed-off-by: Wengang Wang <wen.gang.wang@oracle.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Junxiao Bi <junxiao.bi@oracle.com> Reviewed-by: Juergen Gross <jgross@suse.com> Signed-off-by: Juergen Gross <jgross@suse.com>
2017-07-23xen/x86: Don't BUG on CPU0 offliningVitaly Kuznetsov1-1/+0
CONFIG_BOOTPARAM_HOTPLUG_CPU0 allows to offline CPU0 but Xen HVM guests BUG() in xen_teardown_timer(). Remove the BUG_ON(), this is probably a leftover from ancient times when CPU0 hotplug was impossible, it works just fine for HVM. Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> Acked-by: Juergen Gross <jgross@suse.com> Signed-off-by: Juergen Gross <jgross@suse.com>
2017-07-22Merge tag 'hwmon-for-linus-v4.13-rc2' of ↵Linus Torvalds1-4/+9
git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon fix from Guenter Roeck: "Avoid buffer overruns in applesmc driver" * tag 'hwmon-for-linus-v4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (applesmc) Avoid buffer overruns
2017-07-22Merge tag 'tty-4.13-rc2' of ↵Linus Torvalds14-84/+83
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial fixes from Greg KH: "Here are some small tty and serial driver fixes for 4.13-rc2. Nothing huge at all, a revert of a patch that turned out to break things, a fix up for a new tty ioctl we added in 4.13-rc1 to get the uapi definition correct, and a few minor serial driver fixes for reported issues. All of these have been in linux-next for a while with no reported issues" * tag 'tty-4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: tty: Fix TIOCGPTPEER ioctl definition tty: hide unused pty_get_peer function tty: serial: lpuart: Fix the logic for detecting the 32-bit type UART serial: imx: Prevent TX buffer PIO write when a DMA has been started Revert "serial: imx-serial - move DMA buffer configuration to DT" serial: sh-sci: Uninitialized variables in sysfs files serial: st-asc: Potential error pointer dereference
2017-07-22Merge tag 'char-misc-4.13-rc1' of ↵Linus Torvalds13-44/+55
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver fixes from Greg KH: "Here are some small char and misc driver fixes for 4.13-rc2. All fix reported problems with 4.13-rc1 or older kernels (like the binder fixes). Full details in the shortlog. All have been in linux-next with no reported issues" * tag 'char-misc-4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: w1: omap-hdq: fix error return code in omap_hdq_probe() regmap: regmap-w1: Fix build troubles w1: Fix slave count on 1-Wire bus (resend) mux: mux-core: unregister mux_class in mux_exit() mux: remove the Kconfig question for the subsystem nvmem: rockchip-efuse: amend compatible rk322x-efuse to rk3228-efuse drivers/fsi: fix fsi_slave_mode prototype fsi: core: register with postcore_initcall thunderbolt: Correct access permissions for active NVM contents vmbus: re-enable channel tasklet spmi: pmic-arb: Always allocate ppid_to_apid table MAINTAINERS: Add entry for SPMI subsystem spmi: Include OF based modalias in device uevent binder: Use wake up hint for synchronous transactions. binder: use group leader instead of open thread Revert "android: binder: Sanity check at binder ioctl"
2017-07-22Merge tag 'usb-4.13-rc2' of ↵Linus Torvalds24-72/+197
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are some small USB fixes for 4.13-rc2. The usual batch, gadget fixes for reported issues, as well as xhci fixes, and a small random collection of other fixes for reported issues. All have been in linux-next with no reported issues" * tag 'usb-4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (25 commits) xhci: fix memleak in xhci_run() usb: xhci: fix spinlock recursion for USB2 test mode xhci: fix 20000ms port resume timeout usb: xhci: Issue stop EP command only when the EP state is running xhci: Bad Ethernet performance plugged in ASM1042A host xhci: Fix NULL pointer dereference when cleaning up streams for removed host usb: renesas_usbhs: gadget: disable all eps when the driver stops usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL usb: gadget: udc: renesas_usb3: protect usb3_ep->started in usb3_start_pipen() usb: gadget: udc: renesas_usb3: fix zlp transfer by the dmac usb: gadget: udc: renesas_usb3: fix free size in renesas_usb3_dma_free_prd() usb: gadget: f_uac2: endianness fixes. usb: gadget: f_uac1: endianness fixes. include: usb: audio: specify exact endiannes of descriptors usb: gadget: udc: start_udc() can be static usb: dwc2: gadget: On USB RESET reset device address to zero usb: storage: return on error to avoid a null pointer dereference usb: typec: include linux/device.h in ucsi.h USB: cdc-acm: add device-id for quirky printer usb: dwc3: gadget: only unmap requests from DMA if mapped ...
2017-07-22Merge tag 'staging-4.13-rc2' of ↵Linus Torvalds34-21/+4912
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging driver fixes from Greg KH: "Here are some small staging driver fixes for reported issues for 4.13-rc2. Also in here is a new driver, the virtualbox DRM driver. It's stand-alone and got acks from the DRM developers to go in through this tree. It's a new thing, but it should be fine for this point in the rc cycle due to it being independent. All of this has been in linux-next for a while with no reported issues" * tag 'staging-4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: staging: rtl8188eu: add TL-WN722N v2 support staging: speakup: safely register and unregister ldisc staging: speakup: add functions to register and unregister ldisc staging: speakup: safely close tty staging: sm750fb: avoid conflicting vesafb staging: lustre: ko2iblnd: check copy_from_iter/copy_to_iter return code staging: vboxvideo: Add vboxvideo to drivers/staging staging: sm750fb: fixed a assignment typo staging: rtl8188eu: memory leak in rtw_free_cmd_obj() staging: vchiq_arm: fix error codes in probe staging: comedi: ni_mio_common: fix AO timer off-by-one regression
2017-07-21MAINTAINERS: fix alphabetical orderingRandy Dunlap1-817/+816
Fix major alphabetic errors. No attempt to fix items that all begin with the same word (like ARM, BROADCOM, DRM, EDAC, FREESCALE, INTEL, OMAP, PCI, SAMSUNG, TI, USB, etc.). (diffstat +/- is different by one line because TI KEYSTONE MULTICORE had 2 blank lines after it.) Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Acked-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-07-21Merge tag 'nfs-for-4.13-2' of git://git.linux-nfs.org/projects/anna/linux-nfsLinus Torvalds9-34/+72
Pull NFS client bugfixes from Anna Schumaker: "Stable bugfix: - Fix error reporting regression Bugfixes: - Fix setting filelayout ds address race - Fix subtle access bug when using ACLs - Fix setting mnt3_counts array size - Fix a couple of pNFS commit races" * tag 'nfs-for-4.13-2' of git://git.linux-nfs.org/projects/anna/linux-nfs: NFS/filelayout: Fix racy setting of fl->dsaddr in filelayout_check_deviceid() NFS: Be more careful about mapping file permissions NFS: Store the raw NFS access mask in the inode's access cache NFSv3: Convert nfs3_proc_access() to use nfs_access_set_mask() NFS: Refactor NFS access to kernel access mask calculation net/sunrpc/xprt_sock: fix regression in connection error reporting. nfs: count correct array for mnt3_counts array size Revert commit 722f0b891198 ("pNFS: Don't send COMMITs to the DSes if...") pNFS/flexfiles: Handle expired layout segments in ff_layout_initiate_commit() NFS: Fix another COMMIT race in pNFS NFS: Fix a COMMIT race in pNFS mount: copy the port field into the cloned nfs_server structure. NFS: Don't run wake_up_bit() when nobody is waiting... nfs: add export operations
2017-07-21Merge branch 'overlayfs-linus' of ↵Linus Torvalds7-42/+88
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs Pull overlayfs fixes from Miklos Szeredi: "This fixes a crash with SELinux and several other old and new bugs" * 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: ovl: check for bad and whiteout index on lookup ovl: do not cleanup directory and whiteout index entries ovl: fix xattr get and set with selinux ovl: remove unneeded check for IS_ERR() ovl: fix origin verification of index dir ovl: mark parent impure on ovl_link() ovl: fix random return value on mount
2017-07-21Merge branch 'for-linus' of git://git.kernel.dk/linux-blockLinus Torvalds12-37/+92
Pull block fixes from Jens Axboe: "A small set of fixes for -rc2 - two fixes for BFQ, documentation and code, and a removal of an unused variable in nbd. Outside of that, a small collection of fixes from the usual crew on the nvme side" * 'for-linus' of git://git.kernel.dk/linux-block: nvmet: don't report 0-bytes in serial number nvmet: preserve controller serial number between reboots nvmet: Move serial number from controller to subsystem nvmet: prefix version configfs file with attr nvme-pci: Fix an error handling path in 'nvme_probe()' nvme-pci: Remove nvme_setup_prps BUG_ON nvme-pci: add another device ID with stripe quirk nvmet-fc: fix byte swapping in nvmet_fc_ls_create_association nvme: fix byte swapping in the streams code nbd: kill unused ret in recv_work bfq: dispatch request to prevent queue stalling after the request completion bfq: fix typos in comments about B-WF2Q+ algorithm
2017-07-21Merge tag 'for-linus' of ↵Linus Torvalds32-119/+306
git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull more rdma fixes from Doug Ledford: "As per my previous pull request, there were two drivers that each had a rather large number of legitimate fixes still to be sent. As it turned out, I also missed a reasonably large set of fixes from one person across the stack that are all important fixes. All in all, the bnxt_re, i40iw, and Dan Carpenter are 3/4 to 2/3rds of this pull request. There were some other random fixes that I didn't send in the last pull request that I added to this one. This catches the rdma stack up to the fixes from up to about the beginning of this week. Any more fixes I'll wait and batch up later in the -rc cycle. This will give us a good base to start with for basing a for-next branch on -rc2. Summary: - i40iw fixes - bnxt_re fixes - Dan Carpenter bugfixes across stack - ten more random fixes, no more than two from any one person" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (37 commits) RDMA/core: Initialize port_num in qp_attr RDMA/uverbs: Fix the check for port number IB/cma: Fix reference count leak when no ipv4 addresses are set RDMA/iser: don't send an rkey if all data is written as immadiate-data rxe: fix broken receive queue draining RDMA/qedr: Prevent memory overrun in verbs' user responses iw_cxgb4: don't use WR keys/addrs for 0 byte reads IB/mlx4: Fix CM REQ retries in paravirt mode IB/rdmavt: Setting of QP timeout can overflow jiffies computation IB/core: Fix sparse warnings RDMA/bnxt_re: Fix the value reported for local ack delay RDMA/bnxt_re: Report MISSED_EVENTS in req_notify_cq RDMA/bnxt_re: Fix return value of poll routine RDMA/bnxt_re: Enable atomics only if host bios supports RDMA/bnxt_re: Specify RDMA component when allocating stats context RDMA/bnxt_re: Fixed the max_rd_atomic support for initiator and destination QP RDMA/bnxt_re: Report supported value to IB stack in query_device RDMA/bnxt_re: Do not free the ctx_tbl entry if delete GID fails RDMA/bnxt_re: Fix WQE Size posted to HW to prevent it from throwing error RDMA/bnxt_re: Free doorbell page index (DPI) during dealloc ucontext ...
2017-07-21Merge tag 'drm-fixes-for-v4.13-rc2' of ↵Linus Torvalds14-64/+95
git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "A bunch of fixes for rc2: two imx regressions, vc4 fix, dma-buf fix, some displayport mst fixes, and an amdkfd fix. Nothing too crazy, I assume we just haven't see much rc1 testing yet" * tag 'drm-fixes-for-v4.13-rc2' of git://people.freedesktop.org/~airlied/linux: drm/mst: Avoid processing partially received up/down message transactions drm/mst: Avoid dereferencing a NULL mstb in drm_dp_mst_handle_up_req() drm/mst: Fix error handling during MST sideband message reception drm/imx: parallel-display: Accept drm_of_find_panel_or_bridge failure drm/imx: fix typo in ipu_plane_formats[] drm/vc4: Fix VBLANK handling in crtc->enable() path dma-buf/fence: Avoid use of uninitialised timestamp drm/amdgpu: Remove unused field kgd2kfd_shared_resources.num_mec drm/radeon: Remove initialization of shared_resources.num_mec drm/amdkfd: Remove unused references to shared_resources.num_mec drm/amdgpu: Fix KFD oversubscription by tracking queues correctly
2017-07-21Merge tag 'trace-v4.13-rc1' of ↵Linus Torvalds6-26/+40
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fixes from Steven Rostedt: "Three minor updates - Use the new GFP_RETRY_MAYFAIL to be more aggressive in allocating memory for the ring buffer without causing OOMs - Fix a memory leak in adding and removing instances - Add __rcu annotation to be able to debug RCU usage of function tracing a bit better" * tag 'trace-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: trace: fix the errors caused by incompatible type of RCU variables tracing: Fix kmemleak in instance_rmdir tracing/ring_buffer: Try harder to allocate
2017-07-21Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds4-21/+38
Pull KVM fixes from Radim Krčmář: "A bunch of small fixes for x86" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: kvm: x86: hyperv: avoid livelock in oneshot SynIC timers KVM: VMX: Fix invalid guest state detection after task-switch emulation x86: add MULTIUSER dependency for KVM KVM: nVMX: Disallow VM-entry in MOV-SS shadow KVM: nVMX: track NMI blocking state separately for each VMCS KVM: x86: masking out upper bits
2017-07-21Merge tag 'powerpc-4.13-3' of ↵Linus Torvalds11-34/+102
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "A handful of fixes, mostly for new code: - some reworking of the new STRICT_KERNEL_RWX support to make sure we also remove executable permission from __init memory before it's freed. - a fix to some recent optimisations to the hypercall entry where we were clobbering r12, this was breaking nested guests (PR KVM). - a fix for the recent patch to opal_configure_cores(). This could break booting on bare metal Power8 boxes if the kernel was built without CONFIG_JUMP_LABEL_FEATURE_CHECK_DEBUG. - .. and finally a workaround for spurious PMU interrupts on Power9 DD2. Thanks to: Nicholas Piggin, Anton Blanchard, Balbir Singh" * tag 'powerpc-4.13-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/mm: Mark __init memory no-execute when STRICT_KERNEL_RWX=y powerpc/mm/hash: Refactor hash__mark_rodata_ro() powerpc/mm/radix: Refactor radix__mark_rodata_ro() powerpc/64s: Fix hypercall entry clobbering r12 input powerpc/perf: Avoid spurious PMU interrupts after idle powerpc/powernv: Fix boot on Power8 bare metal due to opal_configure_cores()
2017-07-21Merge branch 'x86-urgent-for-linus' of ↵Linus Torvalds16-38/+55
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Half of the fixes are for various build time warnings triggered by randconfig builds. Most (but not all...) were harmless. There's also: - ACPI boundary condition fixes - UV platform fixes - defconfig updates - an AMD K6 CPU init fix - a %pOF printk format related preparatory change - .. and a warning fix related to the tlb/PCID changes" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/devicetree: Convert to using %pOF instead of ->full_name x86/platform/uv/BAU: Disable BAU on single hub configurations x86/platform/intel-mid: Fix a format string overflow warning x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG x86/build: Silence the build with "make -s" x86/io: Add "memory" clobber to insb/insw/insl/outsb/outsw/outsl x86/fpu/math-emu: Avoid bogus -Wint-in-bool-context warning x86/fpu/math-emu: Fix possible uninitialized variable use perf/x86: Shut up false-positive -Wmaybe-uninitialized warning x86/defconfig: Remove stale, old Kconfig options x86/ioapic: Pass the correct data to unmask_ioapic_irq() x86/acpi: Prevent out of bound access caused by broken ACPI tables x86/mm, KVM: Fix warning when !CONFIG_PREEMPT_COUNT x86/platform/uv/BAU: Fix congested_response_us not taking effect x86/cpu: Use indirect call to measure performance in init_amd_k6()
2017-07-21Merge branch 'timers-urgent-for-linus' of ↵Linus Torvalds1-2/+10
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer fix from Ingo Molnar: "A timer_irq_init() clocksource API robustness fix" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: clocksource/drivers/timer-of: Handle of_irq_get_byname() result correctly
2017-07-21Merge branch 'sched-urgent-for-linus' of ↵Linus Torvalds2-9/+11
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler fixes from Ingo Molnar: "A cputime fix and code comments/organization fix to the deadline scheduler" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/deadline: Fix confusing comments about selection of top pi-waiter sched/cputime: Don't use smp_processor_id() in preemptible context
2017-07-21Merge branch 'perf-urgent-for-linus' of ↵Linus Torvalds9-42/+221
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "Two hw-enablement patches, two race fixes, three fixes for regressions of semantics, plus a number of tooling fixes" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86/intel: Add proper condition to run sched_task callbacks perf/core: Fix locking for children siblings group read perf/core: Fix scheduling regression of pinned groups perf/x86/intel: Fix debug_store reset field for freq events perf/x86/intel: Add Goldmont Plus CPU PMU support perf/x86/intel: Enable C-state residency events for Apollo Lake perf symbols: Accept zero as the kernel base address Revert "perf/core: Drop kernel samples even though :u is specified" perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its target perf evsel: State in the default event name if attr.exclude_kernel is set perf evsel: Fix attr.exclude_kernel setting for default cycles:p
2017-07-21Merge branch 'locking-urgent-for-linus' of ↵Linus Torvalds1-1/+0
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull locking fixlet from Ingo Molnar: "Remove an unnecessary priority adjustment in the rtmutex code" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: locking/rtmutex: Remove unnecessary priority adjustment
2017-07-21NFS/filelayout: Fix racy setting of fl->dsaddr in filelayout_check_deviceid()Trond Myklebust1-2/+11
We must set fl->dsaddr once, and once only, even if there are multiple processes calling filelayout_check_deviceid() for the same layout segment. Reported-by: Olga Kornievskaia <kolga@netapp.com> Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
2017-07-21Merge branch 'irq-urgent-for-linus' of ↵Linus Torvalds7-15/+15
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq fixes from Ingo Molnar: "A resume_irq() fix, plus a number of static declaration fixes" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip/digicolor: Drop unnecessary static irqchip/mips-cpu: Drop unnecessary static irqchip/gic/realview: Drop unnecessary static irqchip/mips-gic: Remove population of irq domain names genirq/PM: Properly pretend disabled state when force resuming interrupts
2017-07-21Merge branch 'core-urgent-for-linus' of ↵Linus Torvalds10-19/+23
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull core fixes from Ingo Molnar: "A fix to WARN_ON_ONCE() done by modules, plus a MAINTAINERS update" * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: debug: Fix WARN_ON_ONCE() for modules MAINTAINERS: Update the PTRACE entry
2017-07-21NFS: Be more careful about mapping file permissionsTrond Myklebust1-8/+17
When mapping a directory, we want the MAY_WRITE permissions to reflect whether or not we have permission to modify, add and delete the directory entries. MAY_EXEC must map to lookup permissions. On the other hand, for files, we want MAY_WRITE to reflect a permission to modify and extend the file. Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
2017-07-21NFS: Store the raw NFS access mask in the inode's access cacheTrond Myklebust2-4/+7
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
2017-07-21NFSv3: Convert nfs3_proc_access() to use nfs_access_set_mask()Trond Myklebust1-9/+2
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
2017-07-21NFS: Refactor NFS access to kernel access mask calculationTrond Myklebust1-8/+23
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
2017-07-21net/sunrpc/xprt_sock: fix regression in connection error reporting.NeilBrown1-0/+2
Commit 3d4762639dd3 ("tcp: remove poll() flakes when receiving RST") in v4.12 changed the order in which ->sk_state_change() and ->sk_error_report() are called when a socket is shut down - sk_state_change() is now called first. This causes xs_tcp_state_change() -> xs_sock_mark_closed() -> xprt_disconnect_done() to wake all pending tasked with -EAGAIN. When the ->sk_error_report() callback arrives, it is too late to pass the error on, and it is lost. As easy way to demonstrate the problem caused is to try to start rpc.nfsd while rcpbind isn't running. nfsd will attempt a tcp connection to rpcbind. A ECONNREFUSED error is returned, but sunrpc code loses the error and keeps retrying. If it saw the ECONNREFUSED, it would abort. To fix this, handle the sk->sk_err in the TCP_CLOSE branch of xs_tcp_state_change(). Fixes: 3d4762639dd3 ("tcp: remove poll() flakes when receiving RST") Cc: stable@vger.kernel.org (v4.12) Signed-off-by: NeilBrown <neilb@suse.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
2017-07-21nfs: count correct array for mnt3_counts array sizeEryu Guan1-1/+1
Array size of mnt3_counts should be the size of array mnt3_procedures, not mnt_procedures, though they're same in size right now. Found this by code inspection. Fixes: 1c5876ddbdb4 ("sunrpc: move p_count out of struct rpc_procinfo") Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Eryu Guan <eguan@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
2017-07-21x86/devicetree: Convert to using %pOF instead of ->full_nameRob Herring1-2/+1
Now that we have a custom printf format specifier, convert users of full_name to use %pOF instead. This is preparation to remove storing of the full path string for each device node. Signed-off-by: Rob Herring <robh@kernel.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: devicetree@vger.kernel.org Link: http://lkml.kernel.org/r/20170718214339.7774-7-robh@kernel.org [ Clarify the error message while at it, as 'node' is ambiguous. ] Signed-off-by: Ingo Molnar <mingo@kernel.org>