All of lore.kernel.org
 help / color / mirror / Atom feed
* [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h
@ 2016-01-28 10:51 Jiri Slaby
  2016-01-28 10:51 ` [patch added to 3.12-stable] ARM: 8160/1: drop warning about return_address not using unwind tables Jiri Slaby
                   ` (29 more replies)
  0 siblings, 30 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:51 UTC (permalink / raw)
  To: stable; +Cc: Behan Webster, Russell King, Jiri Slaby

From: Behan Webster <behanw@converseincode.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit aeea3592a13bf12861943e44fc48f1f270941f8d upstream.

With compilers which follow the C99 standard (like modern versions of gcc and
clang), "extern inline" does the wrong thing (emits code for an externally
linkable version of the inline function). In this case using static inline
and removing the NULL version of return_address in return_address.c does
the right thing.

Signed-off-by: Behan Webster <behanw@converseincode.com>
Reviewed-by: Mark Charlebois <charlebm@gmail.com>
Acked-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 arch/arm/include/asm/ftrace.h    | 2 +-
 arch/arm/kernel/return_address.c | 5 -----
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/arch/arm/include/asm/ftrace.h b/arch/arm/include/asm/ftrace.h
index f89515adac60..2bb8cac28b9e 100644
--- a/arch/arm/include/asm/ftrace.h
+++ b/arch/arm/include/asm/ftrace.h
@@ -45,7 +45,7 @@ void *return_address(unsigned int);
 
 #else
 
-extern inline void *return_address(unsigned int level)
+static inline void *return_address(unsigned int level)
 {
 	return NULL;
 }
diff --git a/arch/arm/kernel/return_address.c b/arch/arm/kernel/return_address.c
index fafedd86885d..f6aa84d5b93c 100644
--- a/arch/arm/kernel/return_address.c
+++ b/arch/arm/kernel/return_address.c
@@ -63,11 +63,6 @@ void *return_address(unsigned int level)
 #warning "TODO: return_address should use unwind tables"
 #endif
 
-void *return_address(unsigned int level)
-{
-	return NULL;
-}
-
 #endif /* if defined(CONFIG_FRAME_POINTER) && !defined(CONFIG_ARM_UNWIND) / else */
 
 EXPORT_SYMBOL_GPL(return_address);
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] ARM: 8160/1: drop warning about return_address not using unwind tables
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
@ 2016-01-28 10:51 ` Jiri Slaby
  2016-01-28 11:07   ` Uwe Kleine-König
  2016-01-28 10:51 ` [patch added to 3.12-stable] drm/radeon: cypress_dpm: Fix unused variable warning when CONFIG_ACPI=n Jiri Slaby
                   ` (28 subsequent siblings)
  29 siblings, 1 reply; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:51 UTC (permalink / raw)
  To: stable; +Cc: Uwe Kleine-König, Russell King, Jiri Slaby

From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit e16343c47e4276f5ebc77ca16feb5e50ca1918f9 upstream.

The warning was introduced in 2009 (commit 4bf1fa5a34aa ([ARM] 5613/1:
implement CALLER_ADDRESSx)). The only "problem" here is that
CALLER_ADDRESSx for x > 1 returns NULL which doesn't do much harm.

The drawback of implementing a fix (i.e. use unwind tables to implement CALLER_ADDRESSx) is that much of the unwinder code would need to be marked as not
traceable.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 arch/arm/kernel/return_address.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/arch/arm/kernel/return_address.c b/arch/arm/kernel/return_address.c
index f6aa84d5b93c..98ea4b7eb406 100644
--- a/arch/arm/kernel/return_address.c
+++ b/arch/arm/kernel/return_address.c
@@ -59,10 +59,6 @@ void *return_address(unsigned int level)
 
 #else /* if defined(CONFIG_FRAME_POINTER) && !defined(CONFIG_ARM_UNWIND) */
 
-#if defined(CONFIG_ARM_UNWIND)
-#warning "TODO: return_address should use unwind tables"
-#endif
-
 #endif /* if defined(CONFIG_FRAME_POINTER) && !defined(CONFIG_ARM_UNWIND) / else */
 
 EXPORT_SYMBOL_GPL(return_address);
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] drm/radeon: cypress_dpm: Fix unused variable warning when CONFIG_ACPI=n
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
  2016-01-28 10:51 ` [patch added to 3.12-stable] ARM: 8160/1: drop warning about return_address not using unwind tables Jiri Slaby
@ 2016-01-28 10:51 ` Jiri Slaby
  2016-01-28 10:51 ` [patch added to 3.12-stable] drm: radeon: ni_dpm: " Jiri Slaby
                   ` (27 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:51 UTC (permalink / raw)
  To: stable; +Cc: Alex Deucher, Jiri Slaby

From: Alex Deucher <alexander.deucher@amd.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit 936b32643cb03dcb34ef5dab81970229b1cc2a33 upstream.

With CONFIG_ACPI=n the following build warning is seen:

drivers/gpu/drm/radeon/cypress_dpm.c:302:31: warning: unused variable 'eg_pi' [-Wunused-variable]

Protect eg_pi with CONFIG_ACPI.

Based on patch from: Fabio Estevam <fabio.estevam@freescale.com>
but doesn't mix allocation and code.

Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 drivers/gpu/drm/radeon/cypress_dpm.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/gpu/drm/radeon/cypress_dpm.c b/drivers/gpu/drm/radeon/cypress_dpm.c
index 7143783fb237..b5a00771f27a 100644
--- a/drivers/gpu/drm/radeon/cypress_dpm.c
+++ b/drivers/gpu/drm/radeon/cypress_dpm.c
@@ -299,7 +299,9 @@ void cypress_program_response_times(struct radeon_device *rdev)
 static int cypress_pcie_performance_request(struct radeon_device *rdev,
 					    u8 perf_req, bool advertise)
 {
+#if defined(CONFIG_ACPI)
 	struct evergreen_power_info *eg_pi = evergreen_get_pi(rdev);
+#endif
 	u32 tmp;
 
 	udelay(10);
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] drm: radeon: ni_dpm: Fix unused variable warning when CONFIG_ACPI=n
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
  2016-01-28 10:51 ` [patch added to 3.12-stable] ARM: 8160/1: drop warning about return_address not using unwind tables Jiri Slaby
  2016-01-28 10:51 ` [patch added to 3.12-stable] drm/radeon: cypress_dpm: Fix unused variable warning when CONFIG_ACPI=n Jiri Slaby
@ 2016-01-28 10:51 ` Jiri Slaby
  2016-01-28 10:51 ` [patch added to 3.12-stable] lkdtm: adjust recursion size to avoid warnings Jiri Slaby
                   ` (26 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:51 UTC (permalink / raw)
  To: stable; +Cc: Fabio Estevam, Alex Deucher, Jiri Slaby

From: Fabio Estevam <fabio.estevam@freescale.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit 71473dbd66d4a61be4cd531ef96b4877f6ee3941 upstream.

With CONFIG_ACPI=n the following build warning is seen:

drivers/gpu/drm/radeon/ni_dpm.c:3448:31: warning: unused variable 'eg_pi' [-Wunused-variable]

Move the definition of eg_pi inside the CONFIG_ACPI 'if' block.

Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 drivers/gpu/drm/radeon/ni_dpm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/radeon/ni_dpm.c b/drivers/gpu/drm/radeon/ni_dpm.c
index 85f36e702595..89bdc12adebb 100644
--- a/drivers/gpu/drm/radeon/ni_dpm.c
+++ b/drivers/gpu/drm/radeon/ni_dpm.c
@@ -3445,9 +3445,9 @@ static int ni_enable_smc_cac(struct radeon_device *rdev,
 static int ni_pcie_performance_request(struct radeon_device *rdev,
 				       u8 perf_req, bool advertise)
 {
+#if defined(CONFIG_ACPI)
 	struct evergreen_power_info *eg_pi = evergreen_get_pi(rdev);
 
-#if defined(CONFIG_ACPI)
 	if ((perf_req == PCIE_PERF_REQ_PECI_GEN1) ||
             (perf_req == PCIE_PERF_REQ_PECI_GEN2)) {
 		if (eg_pi->pcie_performance_request_registered == false)
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] lkdtm: adjust recursion size to avoid warnings
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (2 preceding siblings ...)
  2016-01-28 10:51 ` [patch added to 3.12-stable] drm: radeon: ni_dpm: " Jiri Slaby
@ 2016-01-28 10:51 ` Jiri Slaby
  2016-01-28 10:51 ` [patch added to 3.12-stable] RDMA/cxgb4: Fix gcc warning on 32-bit arch Jiri Slaby
                   ` (25 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:51 UTC (permalink / raw)
  To: stable; +Cc: Kees Cook, Greg Kroah-Hartman, Jiri Slaby

From: Kees Cook <keescook@chromium.org>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit 7d196ac303652588c60350f0a581d71e2e7b1a50 upstream.

When CONFIG_FRAME_WARN is set low (e.g. some ARM builds), the hard-coded
stack buffer size used for kernel stack over run testing triggers build
warnings. Instead, avoid the warning by recalcuating the buffer size and
recursion count needed to trigger the test. Also uses the recursion counter
indirectly to avoid changing the parameter during the test.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 drivers/misc/lkdtm.c | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c
index 9cbd0370ca44..482344242f94 100644
--- a/drivers/misc/lkdtm.c
+++ b/drivers/misc/lkdtm.c
@@ -49,8 +49,19 @@
 #include <linux/ide.h>
 #endif
 
+/*
+ * Make sure our attempts to over run the kernel stack doesn't trigger
+ * a compiler warning when CONFIG_FRAME_WARN is set. Then make sure we
+ * recurse past the end of THREAD_SIZE by default.
+ */
+#if defined(CONFIG_FRAME_WARN) && (CONFIG_FRAME_WARN > 0)
+#define REC_STACK_SIZE (CONFIG_FRAME_WARN / 2)
+#else
+#define REC_STACK_SIZE (THREAD_SIZE / 8)
+#endif
+#define REC_NUM_DEFAULT ((THREAD_SIZE / REC_STACK_SIZE) * 2)
+
 #define DEFAULT_COUNT 10
-#define REC_NUM_DEFAULT 10
 #define EXEC_SIZE 64
 
 enum cname {
@@ -140,8 +151,7 @@ static DEFINE_SPINLOCK(lock_me_up);
 static u8 data_area[EXEC_SIZE];
 
 module_param(recur_count, int, 0644);
-MODULE_PARM_DESC(recur_count, " Recursion level for the stack overflow test, "\
-				 "default is 10");
+MODULE_PARM_DESC(recur_count, " Recursion level for the stack overflow test");
 module_param(cpoint_name, charp, 0444);
 MODULE_PARM_DESC(cpoint_name, " Crash Point, where kernel is to be crashed");
 module_param(cpoint_type, charp, 0444);
@@ -280,16 +290,16 @@ static int lkdtm_parse_commandline(void)
 	return -EINVAL;
 }
 
-static int recursive_loop(int a)
+static int recursive_loop(int remaining)
 {
-	char buf[1024];
+	char buf[REC_STACK_SIZE];
 
-	memset(buf,0xFF,1024);
-	recur_count--;
-	if (!recur_count)
+	/* Make sure compiler does not optimize this away. */
+	memset(buf, (remaining & 0xff) | 0x1, REC_STACK_SIZE);
+	if (!remaining)
 		return 0;
 	else
-        	return recursive_loop(a);
+		return recursive_loop(remaining - 1);
 }
 
 static void do_nothing(void)
@@ -333,7 +343,7 @@ static void lkdtm_do_action(enum ctype which)
 			;
 		break;
 	case CT_OVERFLOW:
-		(void) recursive_loop(0);
+		(void) recursive_loop(recur_count);
 		break;
 	case CT_CORRUPT_STACK:
 		corrupt_stack();
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] RDMA/cxgb4: Fix gcc warning on 32-bit arch
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (3 preceding siblings ...)
  2016-01-28 10:51 ` [patch added to 3.12-stable] lkdtm: adjust recursion size to avoid warnings Jiri Slaby
@ 2016-01-28 10:51 ` Jiri Slaby
  2016-01-28 10:51 ` [patch added to 3.12-stable] mISDN: avoid arch specific __builtin_return_address call Jiri Slaby
                   ` (24 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:51 UTC (permalink / raw)
  To: stable; +Cc: Paul Bolle, Roland Dreier, Jiri Slaby

From: Paul Bolle <pebolle@tiscali.nl>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit 298589b1cb626adf4beba6dd8e3cd4b64e8799be upstream.

Building mem.o for 32 bits x86 triggers a GCC warning:

    drivers/infiniband/hw/cxgb4/mem.c: In function '_c4iw_write_mem_dma_aligned':
    drivers/infiniband/hw/cxgb4/mem.c:79:25: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]

Silence that warning by casting "&wr_wait" to unsigned long before
casting it to __be64.  That's what _c4iw_write_mem_inline() already does.

Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Acked-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 drivers/infiniband/hw/cxgb4/mem.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c
index 4cb8eb24497c..a80503b3795c 100644
--- a/drivers/infiniband/hw/cxgb4/mem.c
+++ b/drivers/infiniband/hw/cxgb4/mem.c
@@ -76,7 +76,7 @@ static int _c4iw_write_mem_dma_aligned(struct c4iw_rdev *rdev, u32 addr,
 	INIT_ULPTX_WR(req, wr_len, 0, 0);
 	req->wr.wr_hi = cpu_to_be32(FW_WR_OP(FW_ULPTX_WR) |
 			(wait ? FW_WR_COMPL(1) : 0));
-	req->wr.wr_lo = wait ? (__force __be64)&wr_wait : 0;
+	req->wr.wr_lo = wait ? (__force __be64)(unsigned long) &wr_wait : 0L;
 	req->wr.wr_mid = cpu_to_be32(FW_WR_LEN16(DIV_ROUND_UP(wr_len, 16)));
 	req->cmd = cpu_to_be32(ULPTX_CMD(ULP_TX_MEM_WRITE));
 	req->cmd |= cpu_to_be32(V_T5_ULP_MEMIO_ORDER(1));
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] mISDN: avoid arch specific __builtin_return_address call
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (4 preceding siblings ...)
  2016-01-28 10:51 ` [patch added to 3.12-stable] RDMA/cxgb4: Fix gcc warning on 32-bit arch Jiri Slaby
@ 2016-01-28 10:51 ` Jiri Slaby
  2016-01-28 10:51 ` [patch added to 3.12-stable] veth: don’t modify ip_summed; doing so treats packets with bad checksums as good Jiri Slaby
                   ` (23 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:51 UTC (permalink / raw)
  To: stable; +Cc: Arnd Bergmann, David S . Miller, Jiri Slaby

From: Arnd Bergmann <arnd@arndb.de>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit 3e7a8716e20b759eec0ad88145255bb33174f0c8 upstream.

Not all architectures are able to call __builtin_return_address().
On ARM, the mISDN code produces this warning:

hardware/mISDN/w6692.c: In function 'w6692_dctrl':
hardware/mISDN/w6692.c:1181:75: warning: unsupported argument to '__builtin_return_address'
  pr_debug("%s: %s dev(%d) open from %p\n", card->name, __func__,
                                                                           ^
hardware/mISDN/mISDNipac.c: In function 'open_dchannel':
hardware/mISDN/mISDNipac.c:759:75: warning: unsupported argument to '__builtin_return_address'
  pr_debug("%s: %s dev(%d) open from %p\n", isac->name, __func__,
                                                                           ^

In a lot of cases, this is relatively easy to work around by
passing the value of __builtin_return_address(0) from the
callers into the functions that want it. One exception is
the indirect 'open' function call in struct isac_hw. While it
would be possible to fix this as well, this patch only addresses
the other callers properly and lets this one return the direct
parent function, which should be good enough.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 drivers/isdn/hardware/mISDN/mISDNipac.c | 12 +++++++++---
 drivers/isdn/hardware/mISDN/w6692.c     |  6 +++---
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/drivers/isdn/hardware/mISDN/mISDNipac.c b/drivers/isdn/hardware/mISDN/mISDNipac.c
index ccd7d851be26..a77eea594b69 100644
--- a/drivers/isdn/hardware/mISDN/mISDNipac.c
+++ b/drivers/isdn/hardware/mISDN/mISDNipac.c
@@ -754,10 +754,10 @@ dbusy_timer_handler(struct isac_hw *isac)
 }
 
 static int
-open_dchannel(struct isac_hw *isac, struct channel_req *rq)
+open_dchannel_caller(struct isac_hw *isac, struct channel_req *rq, void *caller)
 {
 	pr_debug("%s: %s dev(%d) open from %p\n", isac->name, __func__,
-		 isac->dch.dev.id, __builtin_return_address(1));
+		 isac->dch.dev.id, caller);
 	if (rq->protocol != ISDN_P_TE_S0)
 		return -EINVAL;
 	if (rq->adr.channel == 1)
@@ -771,6 +771,12 @@ open_dchannel(struct isac_hw *isac, struct channel_req *rq)
 	return 0;
 }
 
+static int
+open_dchannel(struct isac_hw *isac, struct channel_req *rq)
+{
+	return open_dchannel_caller(isac, rq, __builtin_return_address(0));
+}
+
 static const char *ISACVer[] =
 {"2086/2186 V1.1", "2085 B1", "2085 B2",
  "2085 V2.3"};
@@ -1548,7 +1554,7 @@ ipac_dctrl(struct mISDNchannel *ch, u32 cmd, void *arg)
 	case OPEN_CHANNEL:
 		rq = arg;
 		if (rq->protocol == ISDN_P_TE_S0)
-			err = open_dchannel(isac, rq);
+			err = open_dchannel_caller(isac, rq, __builtin_return_address(0));
 		else
 			err = open_bchannel(ipac, rq);
 		if (err)
diff --git a/drivers/isdn/hardware/mISDN/w6692.c b/drivers/isdn/hardware/mISDN/w6692.c
index de69f6828c76..741675525b53 100644
--- a/drivers/isdn/hardware/mISDN/w6692.c
+++ b/drivers/isdn/hardware/mISDN/w6692.c
@@ -1176,10 +1176,10 @@ w6692_l1callback(struct dchannel *dch, u32 cmd)
 }
 
 static int
-open_dchannel(struct w6692_hw *card, struct channel_req *rq)
+open_dchannel(struct w6692_hw *card, struct channel_req *rq, void *caller)
 {
 	pr_debug("%s: %s dev(%d) open from %p\n", card->name, __func__,
-		 card->dch.dev.id, __builtin_return_address(1));
+		 card->dch.dev.id, caller);
 	if (rq->protocol != ISDN_P_TE_S0)
 		return -EINVAL;
 	if (rq->adr.channel == 1)
@@ -1207,7 +1207,7 @@ w6692_dctrl(struct mISDNchannel *ch, u32 cmd, void *arg)
 	case OPEN_CHANNEL:
 		rq = arg;
 		if (rq->protocol == ISDN_P_TE_S0)
-			err = open_dchannel(card, rq);
+			err = open_dchannel(card, rq, __builtin_return_address(0));
 		else
 			err = open_bchannel(card, rq);
 		if (err)
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] veth: don’t modify ip_summed; doing so treats packets with bad checksums as good.
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (5 preceding siblings ...)
  2016-01-28 10:51 ` [patch added to 3.12-stable] mISDN: avoid arch specific __builtin_return_address call Jiri Slaby
@ 2016-01-28 10:51 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] ipv6/addrlabel: fix ip6addrlbl_get() Jiri Slaby
                   ` (22 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:51 UTC (permalink / raw)
  To: stable
  Cc: Vijay Pandurangan, Evan Jones, Nicolas Dichtel, Phil Sutter,
	Toshiaki Makita, netdev, linux-kernel, David S . Miller,
	Jiri Slaby

From: Vijay Pandurangan <vijayp@vijayp.ca>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

[ Upstream commit ce8c839b74e3017996fad4e1b7ba2e2625ede82f ]

Packets that arrive from real hardware devices have ip_summed ==
CHECKSUM_UNNECESSARY if the hardware verified the checksums, or
CHECKSUM_NONE if the packet is bad or it was unable to verify it. The
current version of veth will replace CHECKSUM_NONE with
CHECKSUM_UNNECESSARY, which causes corrupt packets routed from hardware to
a veth device to be delivered to the application. This caused applications
at Twitter to receive corrupt data when network hardware was corrupting
packets.

We believe this was added as an optimization to skip computing and
verifying checksums for communication between containers. However, locally
generated packets have ip_summed == CHECKSUM_PARTIAL, so the code as
written does nothing for them. As far as we can tell, after removing this
code, these packets are transmitted from one stack to another unmodified
(tcpdump shows invalid checksums on both sides, as expected), and they are
delivered correctly to applications. We didn’t test every possible network
configuration, but we tried a few common ones such as bridging containers,
using NAT between the host and a container, and routing from hardware
devices to containers. We have effectively deployed this in production at
Twitter (by disabling RX checksum offloading on veth devices).

This code dates back to the first version of the driver, commit
<e314dbdc1c0dc6a548ecf> ("[NET]: Virtual ethernet device driver"), so I
suspect this bug occurred mostly because the driver API has evolved
significantly since then. Commit <0b7967503dc97864f283a> ("net/veth: Fix
packet checksumming") (in December 2010) fixed this for packets that get
created locally and sent to hardware devices, by not changing
CHECKSUM_PARTIAL. However, the same issue still occurs for packets coming
in from hardware devices.

Co-authored-by: Evan Jones <ej@evanjones.ca>
Signed-off-by: Evan Jones <ej@evanjones.ca>
Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Cc: Phil Sutter <phil@nwl.cc>
Cc: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
Cc: netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Vijay Pandurangan <vijayp@vijayp.ca>
Acked-by: Cong Wang <cwang@twopensource.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 drivers/net/veth.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index 61c4044f644e..917abeae77ad 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -116,12 +116,6 @@ static netdev_tx_t veth_xmit(struct sk_buff *skb, struct net_device *dev)
 		kfree_skb(skb);
 		goto drop;
 	}
-	/* don't change ip_summed == CHECKSUM_PARTIAL, as that
-	 * will cause bad checksum on forwarded packets
-	 */
-	if (skb->ip_summed == CHECKSUM_NONE &&
-	    rcv->features & NETIF_F_RXCSUM)
-		skb->ip_summed = CHECKSUM_UNNECESSARY;
 
 	if (likely(dev_forward_skb(rcv, skb) == NET_RX_SUCCESS)) {
 		struct pcpu_vstats *stats = this_cpu_ptr(dev->vstats);
-- 
2.7.0

^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] ipv6/addrlabel: fix ip6addrlbl_get()
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (6 preceding siblings ...)
  2016-01-28 10:51 ` [patch added to 3.12-stable] veth: don’t modify ip_summed; doing so treats packets with bad checksums as good Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] sctp: sctp should release assoc when sctp_make_abort_user return NULL in sctp_close Jiri Slaby
                   ` (21 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Andrey Ryabinin, David S . Miller, Jiri Slaby

From: Andrey Ryabinin <aryabinin@virtuozzo.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

[ Upstream commit e459dfeeb64008b2d23bdf600f03b3605dbb8152 ]

ip6addrlbl_get() has never worked. If ip6addrlbl_hold() succeeded,
ip6addrlbl_get() will exit with '-ESRCH'. If ip6addrlbl_hold() failed,
ip6addrlbl_get() will use about to be free ip6addrlbl_entry pointer.

Fix this by inverting ip6addrlbl_hold() check.

Fixes: 2a8cc6c89039 ("[IPV6] ADDRCONF: Support RFC3484 configurable address selection policy table.")
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reviewed-by: Cong Wang <cwang@twopensource.com>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 net/ipv6/addrlabel.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv6/addrlabel.c b/net/ipv6/addrlabel.c
index b30ad3741b46..d5c918975c8c 100644
--- a/net/ipv6/addrlabel.c
+++ b/net/ipv6/addrlabel.c
@@ -558,7 +558,7 @@ static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr* nlh)
 
 	rcu_read_lock();
 	p = __ipv6_addr_label(net, addr, ipv6_addr_type(addr), ifal->ifal_index);
-	if (p && ip6addrlbl_hold(p))
+	if (p && !ip6addrlbl_hold(p))
 		p = NULL;
 	lseq = ip6addrlbl_table.seq;
 	rcu_read_unlock();
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] sctp: sctp should release assoc when sctp_make_abort_user return NULL in sctp_close
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (7 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] ipv6/addrlabel: fix ip6addrlbl_get() Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] connector: bump skb->users before callback invocation Jiri Slaby
                   ` (20 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Xin Long, David S . Miller, Jiri Slaby

From: Xin Long <lucien.xin@gmail.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

[ Upstream commit 068d8bd338e855286aea54e70d1c101569284b21 ]

In sctp_close, sctp_make_abort_user may return NULL because of memory
allocation failure. If this happens, it will bypass any state change
and never free the assoc. The assoc has no chance to be freed and it
will be kept in memory with the state it had even after the socket is
closed by sctp_close().

So if sctp_make_abort_user fails to allocate memory, we should abort
the asoc via sctp_primitive_ABORT as well. Just like the annotation in
sctp_sf_cookie_wait_prm_abort and sctp_sf_do_9_1_prm_abort said,
"Even if we can't send the ABORT due to low memory delete the TCB.
This is a departure from our typical NOMEM handling".

But then the chunk is NULL (low memory) and the SCTP_CMD_REPLY cmd would
dereference the chunk pointer, and system crash. So we should add
SCTP_CMD_REPLY cmd only when the chunk is not NULL, just like other
places where it adds SCTP_CMD_REPLY cmd.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 net/sctp/sm_statefuns.c | 6 ++++--
 net/sctp/socket.c       | 3 +--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index bf12098bbe1c..63a116c31a8b 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -4835,7 +4835,8 @@ sctp_disposition_t sctp_sf_do_9_1_prm_abort(
 
 	retval = SCTP_DISPOSITION_CONSUME;
 
-	sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
+	if (abort)
+		sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
 
 	/* Even if we can't send the ABORT due to low memory delete the
 	 * TCB.  This is a departure from our typical NOMEM handling.
@@ -4972,7 +4973,8 @@ sctp_disposition_t sctp_sf_cookie_wait_prm_abort(
 			SCTP_TO(SCTP_EVENT_TIMEOUT_T1_INIT));
 	retval = SCTP_DISPOSITION_CONSUME;
 
-	sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
+	if (abort)
+		sctp_add_cmd_sf(commands, SCTP_CMD_REPLY, SCTP_CHUNK(abort));
 
 	sctp_add_cmd_sf(commands, SCTP_CMD_NEW_STATE,
 			SCTP_STATE(SCTP_STATE_CLOSED));
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index e2b1da09dc79..9c47fbc5de0c 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -1518,8 +1518,7 @@ static void sctp_close(struct sock *sk, long timeout)
 			struct sctp_chunk *chunk;
 
 			chunk = sctp_make_abort_user(asoc, NULL, 0);
-			if (chunk)
-				sctp_primitive_ABORT(net, asoc, chunk);
+			sctp_primitive_ABORT(net, asoc, chunk);
 		} else
 			sctp_primitive_SHUTDOWN(net, asoc, NULL);
 	}
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] connector: bump skb->users before callback invocation
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (8 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] sctp: sctp should release assoc when sctp_make_abort_user return NULL in sctp_close Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] unix: properly account for FDs passed over unix sockets Jiri Slaby
                   ` (19 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Florian Westphal, David S . Miller, Jiri Slaby

From: Florian Westphal <fw@strlen.de>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

[ Upstream commit 55285bf09427c5abf43ee1d54e892f352092b1f1 ]

Dmitry reports memleak with syskaller program.
Problem is that connector bumps skb usecount but might not invoke callback.

So move skb_get to where we invoke the callback.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 drivers/connector/connector.c | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c
index fb1bad083aa9..12e737e0a5af 100644
--- a/drivers/connector/connector.c
+++ b/drivers/connector/connector.c
@@ -160,26 +160,21 @@ static int cn_call_callback(struct sk_buff *skb)
  *
  * It checks skb, netlink header and msg sizes, and calls callback helper.
  */
-static void cn_rx_skb(struct sk_buff *__skb)
+static void cn_rx_skb(struct sk_buff *skb)
 {
 	struct nlmsghdr *nlh;
-	struct sk_buff *skb;
 	int len, err;
 
-	skb = skb_get(__skb);
-
 	if (skb->len >= NLMSG_HDRLEN) {
 		nlh = nlmsg_hdr(skb);
 		len = nlmsg_len(nlh);
 
 		if (len < (int)sizeof(struct cn_msg) ||
 		    skb->len < nlh->nlmsg_len ||
-		    len > CONNECTOR_MAX_MSG_SIZE) {
-			kfree_skb(skb);
+		    len > CONNECTOR_MAX_MSG_SIZE)
 			return;
-		}
 
-		err = cn_call_callback(skb);
+		err = cn_call_callback(skb_get(skb));
 		if (err < 0)
 			kfree_skb(skb);
 	}
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] unix: properly account for FDs passed over unix sockets
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (9 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] connector: bump skb->users before callback invocation Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] bridge: Only call /sbin/bridge-stp for the initial network namespace Jiri Slaby
                   ` (18 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: willy tarreau, David S . Miller, Jiri Slaby

From: willy tarreau <w@1wt.eu>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

[ Upstream commit 712f4aad406bb1ed67f3f98d04c044191f0ff593 ]

It is possible for a process to allocate and accumulate far more FDs than
the process' limit by sending them over a unix socket then closing them
to keep the process' fd count low.

This change addresses this problem by keeping track of the number of FDs
in flight per user and preventing non-privileged processes from having
more FDs in flight than their configured FD limit.

Reported-by: socketpair@gmail.com
Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Mitigates: CVE-2013-4312 (Linux 2.0+)
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 include/linux/sched.h |  1 +
 net/unix/af_unix.c    | 24 ++++++++++++++++++++----
 net/unix/garbage.c    | 16 ++++++++++++----
 3 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/include/linux/sched.h b/include/linux/sched.h
index a4d7d19fc338..3ecea51ea060 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -664,6 +664,7 @@ struct user_struct {
 	unsigned long mq_bytes;	/* How many bytes can be allocated to mqueue? */
 #endif
 	unsigned long locked_shm; /* How many pages of mlocked shm ? */
+	unsigned long unix_inflight;	/* How many files in flight in unix sockets */
 
 #ifdef CONFIG_KEYS
 	struct key *uid_keyring;	/* UID specific keyring */
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 31b88dcb0f01..e6b021327c3a 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1484,6 +1484,21 @@ static void unix_destruct_scm(struct sk_buff *skb)
 	sock_wfree(skb);
 }
 
+/*
+ * The "user->unix_inflight" variable is protected by the garbage
+ * collection lock, and we just read it locklessly here. If you go
+ * over the limit, there might be a tiny race in actually noticing
+ * it across threads. Tough.
+ */
+static inline bool too_many_unix_fds(struct task_struct *p)
+{
+	struct user_struct *user = current_user();
+
+	if (unlikely(user->unix_inflight > task_rlimit(p, RLIMIT_NOFILE)))
+		return !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN);
+	return false;
+}
+
 #define MAX_RECURSION_LEVEL 4
 
 static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
@@ -1492,6 +1507,9 @@ static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
 	unsigned char max_level = 0;
 	int unix_sock_count = 0;
 
+	if (too_many_unix_fds(current))
+		return -ETOOMANYREFS;
+
 	for (i = scm->fp->count - 1; i >= 0; i--) {
 		struct sock *sk = unix_get_socket(scm->fp->fp[i]);
 
@@ -1513,10 +1531,8 @@ static int unix_attach_fds(struct scm_cookie *scm, struct sk_buff *skb)
 	if (!UNIXCB(skb).fp)
 		return -ENOMEM;
 
-	if (unix_sock_count) {
-		for (i = scm->fp->count - 1; i >= 0; i--)
-			unix_inflight(scm->fp->fp[i]);
-	}
+	for (i = scm->fp->count - 1; i >= 0; i--)
+		unix_inflight(scm->fp->fp[i]);
 	return max_level;
 }
 
diff --git a/net/unix/garbage.c b/net/unix/garbage.c
index 9bc73f87f64a..06730fe6ad9d 100644
--- a/net/unix/garbage.c
+++ b/net/unix/garbage.c
@@ -125,9 +125,12 @@ struct sock *unix_get_socket(struct file *filp)
 void unix_inflight(struct file *fp)
 {
 	struct sock *s = unix_get_socket(fp);
+
+	spin_lock(&unix_gc_lock);
+
 	if (s) {
 		struct unix_sock *u = unix_sk(s);
-		spin_lock(&unix_gc_lock);
+
 		if (atomic_long_inc_return(&u->inflight) == 1) {
 			BUG_ON(!list_empty(&u->link));
 			list_add_tail(&u->link, &gc_inflight_list);
@@ -135,22 +138,27 @@ void unix_inflight(struct file *fp)
 			BUG_ON(list_empty(&u->link));
 		}
 		unix_tot_inflight++;
-		spin_unlock(&unix_gc_lock);
 	}
+	fp->f_cred->user->unix_inflight++;
+	spin_unlock(&unix_gc_lock);
 }
 
 void unix_notinflight(struct file *fp)
 {
 	struct sock *s = unix_get_socket(fp);
+
+	spin_lock(&unix_gc_lock);
+
 	if (s) {
 		struct unix_sock *u = unix_sk(s);
-		spin_lock(&unix_gc_lock);
+
 		BUG_ON(list_empty(&u->link));
 		if (atomic_long_dec_and_test(&u->inflight))
 			list_del_init(&u->link);
 		unix_tot_inflight--;
-		spin_unlock(&unix_gc_lock);
 	}
+	fp->f_cred->user->unix_inflight--;
+	spin_unlock(&unix_gc_lock);
 }
 
 static void scan_inflight(struct sock *x, void (*func)(struct unix_sock *),
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] bridge: Only call /sbin/bridge-stp for the initial network namespace
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (10 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] unix: properly account for FDs passed over unix sockets Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] net: sctp: prevent writes to cookie_hmac_alg from accessing invalid memory Jiri Slaby
                   ` (17 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable
  Cc: Hannes Frederic Sowa, Eric W . Biederman, David S . Miller, Jiri Slaby

From: Hannes Frederic Sowa <hannes@stressinduktion.org>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

[ Upstream commit ff62198553e43cdffa9d539f6165d3e83f8a42bc ]

[I stole this patch from Eric Biederman. He wrote:]

> There is no defined mechanism to pass network namespace information
> into /sbin/bridge-stp therefore don't even try to invoke it except
> for bridge devices in the initial network namespace.
>
> It is possible for unprivileged users to cause /sbin/bridge-stp to be
> invoked for any network device name which if /sbin/bridge-stp does not
> guard against unreasonable arguments or being invoked twice on the
> same network device could cause problems.

[Hannes: changed patch using netns_eq]

Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 net/bridge/br_stp_if.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
index 886f6d6dc48a..3995a66c3e4e 100644
--- a/net/bridge/br_stp_if.c
+++ b/net/bridge/br_stp_if.c
@@ -128,7 +128,10 @@ static void br_stp_start(struct net_bridge *br)
 	char *argv[] = { BR_STP_PROG, br->dev->name, "start", NULL };
 	char *envp[] = { NULL };
 
-	r = call_usermodehelper(BR_STP_PROG, argv, envp, UMH_WAIT_PROC);
+	if (net_eq(dev_net(br->dev), &init_net))
+		r = call_usermodehelper(BR_STP_PROG, argv, envp, UMH_WAIT_PROC);
+	else
+		r = -ENOENT;
 
 	spin_lock_bh(&br->lock);
 
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] net: sctp: prevent writes to cookie_hmac_alg from accessing invalid memory
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (11 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] bridge: Only call /sbin/bridge-stp for the initial network namespace Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] ipv6: tcp: add rcu locking in tcp_v6_send_synack() Jiri Slaby
                   ` (16 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Sasha Levin, David S . Miller, Jiri Slaby

From: Sasha Levin <sasha.levin@oracle.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

[ Upstream commit 320f1a4a175e7cd5d3f006f92b4d4d3e2cbb7bb5 ]

proc_dostring() needs an initialized destination string, while the one
provided in proc_sctp_do_hmac_alg() contains stack garbage.

Thus, writing to cookie_hmac_alg would strlen() that garbage and end up
accessing invalid memory.

Fixes: 3c68198e7 ("sctp: Make hmac algorithm selection for cookie generation dynamic")
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 net/sctp/sysctl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
index 968355f0de60..596aa3c5321c 100644
--- a/net/sctp/sysctl.c
+++ b/net/sctp/sysctl.c
@@ -306,7 +306,7 @@ static int proc_sctp_do_hmac_alg(struct ctl_table *ctl,
 	struct ctl_table tbl;
 	bool changed = false;
 	char *none = "none";
-	char tmp[8];
+	char tmp[8] = {0};
 	int ret;
 
 	memset(&tbl, 0, sizeof(struct ctl_table));
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] ipv6: tcp: add rcu locking in tcp_v6_send_synack()
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (12 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] net: sctp: prevent writes to cookie_hmac_alg from accessing invalid memory Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] tcp_yeah: don't set ssthresh below 2 Jiri Slaby
                   ` (15 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Eric Dumazet, David S . Miller, Jiri Slaby

From: Eric Dumazet <edumazet@google.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

[ Upstream commit 3e4006f0b86a5ae5eb0e8215f9a9e1db24506977 ]

When first SYNACK is sent, we already hold rcu_read_lock(), but this
is not true if a SYNACK is retransmitted, as a timer (soft) interrupt
does not hold rcu_read_lock()

Fixes: 45f6fad84cc30 ("ipv6: add complete rcu protection around np->opt")
Reported-by: Dave Jones <davej@codemonkey.org.uk>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 net/ipv6/tcp_ipv6.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 90004c6e3bff..7138ee87e07c 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -484,8 +484,10 @@ static int tcp_v6_send_synack(struct sock *sk, struct dst_entry *dst,
 
 		fl6->daddr = treq->rmt_addr;
 		skb_set_queue_mapping(skb, queue_mapping);
+		rcu_read_lock();
 		err = ip6_xmit(sk, skb, fl6, rcu_dereference(np->opt),
 			       np->tclass);
+		rcu_read_unlock();
 		err = net_xmit_eval(err);
 	}
 
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] tcp_yeah: don't set ssthresh below 2
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (13 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] ipv6: tcp: add rcu locking in tcp_v6_send_synack() Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] phonet: properly unshare skbs in phonet_rcv() Jiri Slaby
                   ` (14 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable
  Cc: Neal Cardwell, Yuchung Cheng, Eric Dumazet, David S . Miller, Jiri Slaby

From: Neal Cardwell <ncardwell@google.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

[ Upstream commit 83d15e70c4d8909d722c0d64747d8fb42e38a48f ]

For tcp_yeah, use an ssthresh floor of 2, the same floor used by Reno
and CUBIC, per RFC 5681 (equation 4).

tcp_yeah_ssthresh() was sometimes returning a 0 or negative ssthresh
value if the intended reduction is as big or bigger than the current
cwnd. Congestion control modules should never return a zero or
negative ssthresh. A zero ssthresh generally results in a zero cwnd,
causing the connection to stall. A negative ssthresh value will be
interpreted as a u32 and will set a target cwnd for PRR near 4
billion.

Oleksandr Natalenko reported that a system using tcp_yeah with ECN
could see a warning about a prior_cwnd of 0 in
tcp_cwnd_reduction(). Testing verified that this was due to
tcp_yeah_ssthresh() misbehaving in this way.

Reported-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 net/ipv4/tcp_yeah.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv4/tcp_yeah.c b/net/ipv4/tcp_yeah.c
index 05c3b6f0e8e1..bf8321d6f2ef 100644
--- a/net/ipv4/tcp_yeah.c
+++ b/net/ipv4/tcp_yeah.c
@@ -222,7 +222,7 @@ static u32 tcp_yeah_ssthresh(struct sock *sk) {
 	yeah->fast_count = 0;
 	yeah->reno_count = max(yeah->reno_count>>1, 2U);
 
-	return tp->snd_cwnd - reduction;
+	return max_t(int, tp->snd_cwnd - reduction, 2);
 }
 
 static struct tcp_congestion_ops tcp_yeah __read_mostly = {
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] phonet: properly unshare skbs in phonet_rcv()
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (14 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] tcp_yeah: don't set ssthresh below 2 Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] ipv6: update skb->csum when CE mark is propagated Jiri Slaby
                   ` (13 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Eric Dumazet, Remi Denis-Courmont, David S . Miller, Jiri Slaby

From: Eric Dumazet <edumazet@google.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

[ Upstream commit 7aaed57c5c2890634cfadf725173c7c68ea4cb4f ]

Ivaylo Dimitrov reported a regression caused by commit 7866a621043f
("dev: add per net_device packet type chains").

skb->dev becomes NULL and we crash in __netif_receive_skb_core().

Before above commit, different kind of bugs or corruptions could happen
without major crash.

But the root cause is that phonet_rcv() can queue skb without checking
if skb is shared or not.

Many thanks to Ivaylo Dimitrov for his help, diagnosis and tests.

Reported-by: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Tested-by: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Remi Denis-Courmont <courmisch@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 net/phonet/af_phonet.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c
index 5a940dbd74a3..f0229223bf91 100644
--- a/net/phonet/af_phonet.c
+++ b/net/phonet/af_phonet.c
@@ -377,6 +377,10 @@ static int phonet_rcv(struct sk_buff *skb, struct net_device *dev,
 	struct sockaddr_pn sa;
 	u16 len;
 
+	skb = skb_share_check(skb, GFP_ATOMIC);
+	if (!skb)
+		return NET_RX_DROP;
+
 	/* check we have at least a full Phonet header */
 	if (!pskb_pull(skb, sizeof(struct phonethdr)))
 		goto out;
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] ipv6: update skb->csum when CE mark is propagated
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (15 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] phonet: properly unshare skbs in phonet_rcv() Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] team: Replace rcu_read_lock with a mutex in team_vlan_rx_kill_vid Jiri Slaby
                   ` (12 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Eric Dumazet, David S . Miller, Jiri Slaby

From: Eric Dumazet <edumazet@google.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

[ Upstream commit 34ae6a1aa0540f0f781dd265366036355fdc8930 ]

When a tunnel decapsulates the outer header, it has to comply
with RFC 6080 and eventually propagate CE mark into inner header.

It turns out IP6_ECN_set_ce() does not correctly update skb->csum
for CHECKSUM_COMPLETE packets, triggering infamous "hw csum failure"
messages and stack traces.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 include/net/inet_ecn.h       | 19 ++++++++++++++++---
 net/ipv6/xfrm6_mode_tunnel.c |  2 +-
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/include/net/inet_ecn.h b/include/net/inet_ecn.h
index 3bd22795c3e2..194723c2e7bb 100644
--- a/include/net/inet_ecn.h
+++ b/include/net/inet_ecn.h
@@ -111,11 +111,24 @@ static inline void ipv4_copy_dscp(unsigned int dscp, struct iphdr *inner)
 
 struct ipv6hdr;
 
-static inline int IP6_ECN_set_ce(struct ipv6hdr *iph)
+/* Note:
+ * IP_ECN_set_ce() has to tweak IPV4 checksum when setting CE,
+ * meaning both changes have no effect on skb->csum if/when CHECKSUM_COMPLETE
+ * In IPv6 case, no checksum compensates the change in IPv6 header,
+ * so we have to update skb->csum.
+ */
+static inline int IP6_ECN_set_ce(struct sk_buff *skb, struct ipv6hdr *iph)
 {
+	__be32 from, to;
+
 	if (INET_ECN_is_not_ect(ipv6_get_dsfield(iph)))
 		return 0;
-	*(__be32*)iph |= htonl(INET_ECN_CE << 20);
+
+	from = *(__be32 *)iph;
+	to = from | htonl(INET_ECN_CE << 20);
+	*(__be32 *)iph = to;
+	if (skb->ip_summed == CHECKSUM_COMPLETE)
+		skb->csum = csum_add(csum_sub(skb->csum, from), to);
 	return 1;
 }
 
@@ -142,7 +155,7 @@ static inline int INET_ECN_set_ce(struct sk_buff *skb)
 	case cpu_to_be16(ETH_P_IPV6):
 		if (skb_network_header(skb) + sizeof(struct ipv6hdr) <=
 		    skb_tail_pointer(skb))
-			return IP6_ECN_set_ce(ipv6_hdr(skb));
+			return IP6_ECN_set_ce(skb, ipv6_hdr(skb));
 		break;
 	}
 
diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6/xfrm6_mode_tunnel.c
index 4770d515c2c8..d43c9babc2b0 100644
--- a/net/ipv6/xfrm6_mode_tunnel.c
+++ b/net/ipv6/xfrm6_mode_tunnel.c
@@ -24,7 +24,7 @@ static inline void ipip6_ecn_decapsulate(struct sk_buff *skb)
 	struct ipv6hdr *inner_iph = ipipv6_hdr(skb);
 
 	if (INET_ECN_is_ce(ipv6_get_dsfield(outer_iph)))
-		IP6_ECN_set_ce(inner_iph);
+		IP6_ECN_set_ce(skb, inner_iph);
 }
 
 /* Add encapsulation header.
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] team: Replace rcu_read_lock with a mutex in team_vlan_rx_kill_vid
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (16 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] ipv6: update skb->csum when CE mark is propagated Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] xfrm: dst_entries_init() per-net dst_ops Jiri Slaby
                   ` (11 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Ido Schimmel, David S . Miller, Jiri Slaby

From: Ido Schimmel <idosch@mellanox.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

[ Upstream commit 60a6531bfe49555581ccd65f66a350cc5693fcde ]

We can't be within an RCU read-side critical section when deleting
VLANs, as underlying drivers might sleep during the hardware operation.
Therefore, replace the RCU critical section with a mutex. This is
consistent with team_vlan_rx_add_vid.

Fixes: 3d249d4ca7d0 ("net: introduce ethernet teaming device")
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 drivers/net/team/team.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
index 020581ddfdd3..3059b8c3825f 100644
--- a/drivers/net/team/team.c
+++ b/drivers/net/team/team.c
@@ -1831,10 +1831,10 @@ static int team_vlan_rx_kill_vid(struct net_device *dev, __be16 proto, u16 vid)
 	struct team *team = netdev_priv(dev);
 	struct team_port *port;
 
-	rcu_read_lock();
-	list_for_each_entry_rcu(port, &team->port_list, list)
+	mutex_lock(&team->lock);
+	list_for_each_entry(port, &team->port_list, list)
 		vlan_vid_del(port->dev, proto, vid);
-	rcu_read_unlock();
+	mutex_unlock(&team->lock);
 
 	return 0;
 }
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] xfrm: dst_entries_init() per-net dst_ops
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (17 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] team: Replace rcu_read_lock with a mutex in team_vlan_rx_kill_vid Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] powerpc/tm: Block signal return setting invalid MSR state Jiri Slaby
                   ` (10 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Dan Streetman, Dan Streetman, Steffen Klassert, Jiri Slaby

From: Dan Streetman <dan.streetman@canonical.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

[ Upstream commit a8a572a6b5f2a79280d6e302cb3c1cb1fbaeb3e8 ]

Remove the dst_entries_init/destroy calls for xfrm4 and xfrm6 dst_ops
templates; their dst_entries counters will never be used.  Move the
xfrm dst_ops initialization from the common xfrm/xfrm_policy.c to
xfrm4/xfrm4_policy.c and xfrm6/xfrm6_policy.c, and call dst_entries_init
and dst_entries_destroy for each net namespace.

The ipv4 and ipv6 xfrms each create dst_ops template, and perform
dst_entries_init on the templates.  The template values are copied to each
net namespace's xfrm.xfrm*_dst_ops.  The problem there is the dst_ops
pcpuc_entries field is a percpu counter and cannot be used correctly by
simply copying it to another object.

The result of this is a very subtle bug; changes to the dst entries
counter from one net namespace may sometimes get applied to a different
net namespace dst entries counter.  This is because of how the percpu
counter works; it has a main count field as well as a pointer to the
percpu variables.  Each net namespace maintains its own main count
variable, but all point to one set of percpu variables.  When any net
namespace happens to change one of the percpu variables to outside its
small batch range, its count is moved to the net namespace's main count
variable.  So with multiple net namespaces operating concurrently, the
dst_ops entries counter can stray from the actual value that it should
be; if counts are consistently moved from one net namespace to another
(which my testing showed is likely), then one net namespace winds up
with a negative dst_ops count while another winds up with a continually
increasing count, eventually reaching its gc_thresh limit, which causes
all new traffic on the net namespace to fail with -ENOBUFS.

Signed-off-by: Dan Streetman <dan.streetman@canonical.com>
Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 net/ipv4/xfrm4_policy.c | 46 +++++++++++++++++++++++++++++++++---------
 net/ipv6/xfrm6_policy.c | 53 +++++++++++++++++++++++++++++++++++--------------
 net/xfrm/xfrm_policy.c  | 38 -----------------------------------
 3 files changed, 75 insertions(+), 62 deletions(-)

diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index adf998322bd2..bb201660bd8a 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -230,7 +230,7 @@ static void xfrm4_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
 	xfrm_dst_ifdown(dst, dev);
 }
 
-static struct dst_ops xfrm4_dst_ops = {
+static struct dst_ops xfrm4_dst_ops_template = {
 	.family =		AF_INET,
 	.protocol =		cpu_to_be16(ETH_P_IP),
 	.gc =			xfrm4_garbage_collect,
@@ -245,7 +245,7 @@ static struct dst_ops xfrm4_dst_ops = {
 
 static struct xfrm_policy_afinfo xfrm4_policy_afinfo = {
 	.family = 		AF_INET,
-	.dst_ops =		&xfrm4_dst_ops,
+	.dst_ops =		&xfrm4_dst_ops_template,
 	.dst_lookup =		xfrm4_dst_lookup,
 	.get_saddr =		xfrm4_get_saddr,
 	.decode_session =	_decode_session4,
@@ -267,7 +267,7 @@ static struct ctl_table xfrm4_policy_table[] = {
 	{ }
 };
 
-static int __net_init xfrm4_net_init(struct net *net)
+static int __net_init xfrm4_net_sysctl_init(struct net *net)
 {
 	struct ctl_table *table;
 	struct ctl_table_header *hdr;
@@ -295,7 +295,7 @@ err_alloc:
 	return -ENOMEM;
 }
 
-static void __net_exit xfrm4_net_exit(struct net *net)
+static void __net_exit xfrm4_net_sysctl_exit(struct net *net)
 {
 	struct ctl_table *table;
 
@@ -307,12 +307,44 @@ static void __net_exit xfrm4_net_exit(struct net *net)
 	if (!net_eq(net, &init_net))
 		kfree(table);
 }
+#else /* CONFIG_SYSCTL */
+static int inline xfrm4_net_sysctl_init(struct net *net)
+{
+	return 0;
+}
+
+static void inline xfrm4_net_sysctl_exit(struct net *net)
+{
+}
+#endif
+
+static int __net_init xfrm4_net_init(struct net *net)
+{
+	int ret;
+
+	memcpy(&net->xfrm.xfrm4_dst_ops, &xfrm4_dst_ops_template,
+	       sizeof(xfrm4_dst_ops_template));
+	ret = dst_entries_init(&net->xfrm.xfrm4_dst_ops);
+	if (ret)
+		return ret;
+
+	ret = xfrm4_net_sysctl_init(net);
+	if (ret)
+		dst_entries_destroy(&net->xfrm.xfrm4_dst_ops);
+
+	return ret;
+}
+
+static void __net_exit xfrm4_net_exit(struct net *net)
+{
+	xfrm4_net_sysctl_exit(net);
+	dst_entries_destroy(&net->xfrm.xfrm4_dst_ops);
+}
 
 static struct pernet_operations __net_initdata xfrm4_net_ops = {
 	.init	= xfrm4_net_init,
 	.exit	= xfrm4_net_exit,
 };
-#endif
 
 static void __init xfrm4_policy_init(void)
 {
@@ -321,12 +353,8 @@ static void __init xfrm4_policy_init(void)
 
 void __init xfrm4_init(void)
 {
-	dst_entries_init(&xfrm4_dst_ops);
-
 	xfrm4_state_init();
 	xfrm4_policy_init();
-#ifdef CONFIG_SYSCTL
 	register_pernet_subsys(&xfrm4_net_ops);
-#endif
 }
 
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 550b195bb2fc..b2ea43167633 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -279,7 +279,7 @@ static void xfrm6_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
 	xfrm_dst_ifdown(dst, dev);
 }
 
-static struct dst_ops xfrm6_dst_ops = {
+static struct dst_ops xfrm6_dst_ops_template = {
 	.family =		AF_INET6,
 	.protocol =		cpu_to_be16(ETH_P_IPV6),
 	.gc =			xfrm6_garbage_collect,
@@ -294,7 +294,7 @@ static struct dst_ops xfrm6_dst_ops = {
 
 static struct xfrm_policy_afinfo xfrm6_policy_afinfo = {
 	.family =		AF_INET6,
-	.dst_ops =		&xfrm6_dst_ops,
+	.dst_ops =		&xfrm6_dst_ops_template,
 	.dst_lookup =		xfrm6_dst_lookup,
 	.get_saddr = 		xfrm6_get_saddr,
 	.decode_session =	_decode_session6,
@@ -327,7 +327,7 @@ static struct ctl_table xfrm6_policy_table[] = {
 	{ }
 };
 
-static int __net_init xfrm6_net_init(struct net *net)
+static int __net_init xfrm6_net_sysctl_init(struct net *net)
 {
 	struct ctl_table *table;
 	struct ctl_table_header *hdr;
@@ -355,7 +355,7 @@ err_alloc:
 	return -ENOMEM;
 }
 
-static void __net_exit xfrm6_net_exit(struct net *net)
+static void __net_exit xfrm6_net_sysctl_exit(struct net *net)
 {
 	struct ctl_table *table;
 
@@ -367,31 +367,57 @@ static void __net_exit xfrm6_net_exit(struct net *net)
 	if (!net_eq(net, &init_net))
 		kfree(table);
 }
+#else /* CONFIG_SYSCTL */
+static int inline xfrm6_net_sysctl_init(struct net *net)
+{
+	return 0;
+}
+
+static void inline xfrm6_net_sysctl_exit(struct net *net)
+{
+}
+#endif
+
+static int __net_init xfrm6_net_init(struct net *net)
+{
+	int ret;
+
+	memcpy(&net->xfrm.xfrm6_dst_ops, &xfrm6_dst_ops_template,
+	       sizeof(xfrm6_dst_ops_template));
+	ret = dst_entries_init(&net->xfrm.xfrm6_dst_ops);
+	if (ret)
+		return ret;
+
+	ret = xfrm6_net_sysctl_init(net);
+	if (ret)
+		dst_entries_destroy(&net->xfrm.xfrm6_dst_ops);
+
+	return ret;
+}
+
+static void __net_exit xfrm6_net_exit(struct net *net)
+{
+	xfrm6_net_sysctl_exit(net);
+	dst_entries_destroy(&net->xfrm.xfrm6_dst_ops);
+}
 
 static struct pernet_operations xfrm6_net_ops = {
 	.init	= xfrm6_net_init,
 	.exit	= xfrm6_net_exit,
 };
-#endif
 
 int __init xfrm6_init(void)
 {
 	int ret;
 
-	dst_entries_init(&xfrm6_dst_ops);
-
 	ret = xfrm6_policy_init();
-	if (ret) {
-		dst_entries_destroy(&xfrm6_dst_ops);
+	if (ret)
 		goto out;
-	}
 	ret = xfrm6_state_init();
 	if (ret)
 		goto out_policy;
 
-#ifdef CONFIG_SYSCTL
 	register_pernet_subsys(&xfrm6_net_ops);
-#endif
 out:
 	return ret;
 out_policy:
@@ -401,10 +427,7 @@ out_policy:
 
 void xfrm6_fini(void)
 {
-#ifdef CONFIG_SYSCTL
 	unregister_pernet_subsys(&xfrm6_net_ops);
-#endif
 	xfrm6_policy_fini();
 	xfrm6_state_fini();
-	dst_entries_destroy(&xfrm6_dst_ops);
 }
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 57674ddc683d..5606e994f56e 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2724,7 +2724,6 @@ static struct neighbour *xfrm_neigh_lookup(const struct dst_entry *dst,
 
 int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
 {
-	struct net *net;
 	int err = 0;
 	if (unlikely(afinfo == NULL))
 		return -EINVAL;
@@ -2755,26 +2754,6 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
 	}
 	spin_unlock(&xfrm_policy_afinfo_lock);
 
-	rtnl_lock();
-	for_each_net(net) {
-		struct dst_ops *xfrm_dst_ops;
-
-		switch (afinfo->family) {
-		case AF_INET:
-			xfrm_dst_ops = &net->xfrm.xfrm4_dst_ops;
-			break;
-#if IS_ENABLED(CONFIG_IPV6)
-		case AF_INET6:
-			xfrm_dst_ops = &net->xfrm.xfrm6_dst_ops;
-			break;
-#endif
-		default:
-			BUG();
-		}
-		*xfrm_dst_ops = *afinfo->dst_ops;
-	}
-	rtnl_unlock();
-
 	return err;
 }
 EXPORT_SYMBOL(xfrm_policy_register_afinfo);
@@ -2810,22 +2789,6 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo)
 }
 EXPORT_SYMBOL(xfrm_policy_unregister_afinfo);
 
-static void __net_init xfrm_dst_ops_init(struct net *net)
-{
-	struct xfrm_policy_afinfo *afinfo;
-
-	rcu_read_lock();
-	afinfo = rcu_dereference(xfrm_policy_afinfo[AF_INET]);
-	if (afinfo)
-		net->xfrm.xfrm4_dst_ops = *afinfo->dst_ops;
-#if IS_ENABLED(CONFIG_IPV6)
-	afinfo = rcu_dereference(xfrm_policy_afinfo[AF_INET6]);
-	if (afinfo)
-		net->xfrm.xfrm6_dst_ops = *afinfo->dst_ops;
-#endif
-	rcu_read_unlock();
-}
-
 static int xfrm_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
 {
 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
@@ -2971,7 +2934,6 @@ static int __net_init xfrm_net_init(struct net *net)
 	rv = xfrm_policy_init(net);
 	if (rv < 0)
 		goto out_policy;
-	xfrm_dst_ops_init(net);
 	rv = xfrm_sysctl_init(net);
 	if (rv < 0)
 		goto out_sysctl;
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] powerpc/tm: Block signal return setting invalid MSR state
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (18 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] xfrm: dst_entries_init() per-net dst_ops Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] powerpc: Make value-returning atomics fully ordered Jiri Slaby
                   ` (9 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Michael Neuling, Michael Ellerman, Jiri Slaby

From: Michael Neuling <mikey@neuling.org>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit d2b9d2a5ad5ef04ff978c9923d19730cb05efd55 upstream.

Currently we allow both the MSR T and S bits to be set by userspace on
a signal return.  Unfortunately this is a reserved configuration and
will cause a TM Bad Thing exception if attempted (via rfid).

This patch checks for this case in both the 32 and 64 bit signals
code.  If both T and S are set, we mark the context as invalid.

Found using a syscall fuzzer.

Fixes: 2b0a576d15e0 ("powerpc: Add new transactional memory state to the signal context")
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 arch/powerpc/include/asm/reg.h  |  1 +
 arch/powerpc/kernel/signal_32.c | 14 +++++++++-----
 arch/powerpc/kernel/signal_64.c |  4 ++++
 3 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
index 390e09872b77..3ce6b7b5ca19 100644
--- a/arch/powerpc/include/asm/reg.h
+++ b/arch/powerpc/include/asm/reg.h
@@ -108,6 +108,7 @@
 #define MSR_TS_T	__MASK(MSR_TS_T_LG)	/*  Transaction Transactional */
 #define MSR_TS_MASK	(MSR_TS_T | MSR_TS_S)   /* Transaction State bits */
 #define MSR_TM_ACTIVE(x) (((x) & MSR_TS_MASK) != 0) /* Transaction active? */
+#define MSR_TM_RESV(x) (((x) & MSR_TS_MASK) == MSR_TS_MASK) /* Reserved */
 #define MSR_TM_TRANSACTIONAL(x)	(((x) & MSR_TS_MASK) == MSR_TS_T)
 #define MSR_TM_SUSPENDED(x)	(((x) & MSR_TS_MASK) == MSR_TS_S)
 
diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
index 7fce77b89f6d..3678e5097c59 100644
--- a/arch/powerpc/kernel/signal_32.c
+++ b/arch/powerpc/kernel/signal_32.c
@@ -867,6 +867,15 @@ static long restore_tm_user_regs(struct pt_regs *regs,
 		return 1;
 #endif /* CONFIG_SPE */
 
+	/* Get the top half of the MSR from the user context */
+	if (__get_user(msr_hi, &tm_sr->mc_gregs[PT_MSR]))
+		return 1;
+	msr_hi <<= 32;
+	/* If TM bits are set to the reserved value, it's an invalid context */
+	if (MSR_TM_RESV(msr_hi))
+		return 1;
+	/* Pull in the MSR TM bits from the user context */
+	regs->msr = (regs->msr & ~MSR_TS_MASK) | (msr_hi & MSR_TS_MASK);
 	/* Now, recheckpoint.  This loads up all of the checkpointed (older)
 	 * registers, including FP and V[S]Rs.  After recheckpointing, the
 	 * transactional versions should be loaded.
@@ -876,11 +885,6 @@ static long restore_tm_user_regs(struct pt_regs *regs,
 	current->thread.tm_texasr |= TEXASR_FS;
 	/* This loads the checkpointed FP/VEC state, if used */
 	tm_recheckpoint(&current->thread, msr);
-	/* Get the top half of the MSR */
-	if (__get_user(msr_hi, &tm_sr->mc_gregs[PT_MSR]))
-		return 1;
-	/* Pull in MSR TM from user context */
-	regs->msr = (regs->msr & ~MSR_TS_MASK) | ((msr_hi<<32) & MSR_TS_MASK);
 
 	/* This loads the speculative FP/VEC state, if used */
 	if (msr & MSR_FP) {
diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
index 4456779dba1c..1c43da49fb1c 100644
--- a/arch/powerpc/kernel/signal_64.c
+++ b/arch/powerpc/kernel/signal_64.c
@@ -420,6 +420,10 @@ static long restore_tm_sigcontexts(struct pt_regs *regs,
 
 	/* get MSR separately, transfer the LE bit if doing signal return */
 	err |= __get_user(msr, &sc->gp_regs[PT_MSR]);
+	/* Don't allow reserved mode. */
+	if (MSR_TM_RESV(msr))
+		return -EINVAL;
+
 	/* pull in MSR TM from user context */
 	regs->msr = (regs->msr & ~MSR_TS_MASK) | (msr & MSR_TS_MASK);
 
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] powerpc: Make value-returning atomics fully ordered
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (19 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] powerpc/tm: Block signal return setting invalid MSR state Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] powerpc: Make {cmp}xchg* and their atomic_ versions " Jiri Slaby
                   ` (8 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Boqun Feng, Michael Ellerman, Jiri Slaby

From: Boqun Feng <boqun.feng@gmail.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit 49e9cf3f0c04bf76ffa59242254110309554861d upstream.

According to memory-barriers.txt:

> Any atomic operation that modifies some state in memory and returns
> information about the state (old or new) implies an SMP-conditional
> general memory barrier (smp_mb()) on each side of the actual
> operation ...

Which mean these operations should be fully ordered. However on PPC,
PPC_ATOMIC_ENTRY_BARRIER is the barrier before the actual operation,
which is currently "lwsync" if SMP=y. The leading "lwsync" can not
guarantee fully ordered atomics, according to Paul Mckenney:

https://lkml.org/lkml/2015/10/14/970

To fix this, we define PPC_ATOMIC_ENTRY_BARRIER as "sync" to guarantee
the fully-ordered semantics.

This also makes futex atomics fully ordered, which can avoid possible
memory ordering problems if userspace code relies on futex system call
for fully ordered semantics.

Fixes: b97021f85517 ("powerpc: Fix atomic_xxx_return barrier semantics")
Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 arch/powerpc/include/asm/synch.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/powerpc/include/asm/synch.h b/arch/powerpc/include/asm/synch.h
index e682a7143edb..c50868681f9e 100644
--- a/arch/powerpc/include/asm/synch.h
+++ b/arch/powerpc/include/asm/synch.h
@@ -44,7 +44,7 @@ static inline void isync(void)
 	MAKE_LWSYNC_SECTION_ENTRY(97, __lwsync_fixup);
 #define PPC_ACQUIRE_BARRIER	 "\n" stringify_in_c(__PPC_ACQUIRE_BARRIER)
 #define PPC_RELEASE_BARRIER	 stringify_in_c(LWSYNC) "\n"
-#define PPC_ATOMIC_ENTRY_BARRIER "\n" stringify_in_c(LWSYNC) "\n"
+#define PPC_ATOMIC_ENTRY_BARRIER "\n" stringify_in_c(sync) "\n"
 #define PPC_ATOMIC_EXIT_BARRIER	 "\n" stringify_in_c(sync) "\n"
 #else
 #define PPC_ACQUIRE_BARRIER
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] powerpc: Make {cmp}xchg* and their atomic_ versions fully ordered
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (20 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] powerpc: Make value-returning atomics fully ordered Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] scripts/recordmcount.pl: support data in text section on powerpc Jiri Slaby
                   ` (7 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Boqun Feng, Michael Ellerman, Jiri Slaby

From: Boqun Feng <boqun.feng@gmail.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit 81d7a3294de7e9828310bbf986a67246b13fa01e upstream.

According to memory-barriers.txt, xchg*, cmpxchg* and their atomic_
versions all need to be fully ordered, however they are now just
RELEASE+ACQUIRE, which are not fully ordered.

So also replace PPC_RELEASE_BARRIER and PPC_ACQUIRE_BARRIER with
PPC_ATOMIC_ENTRY_BARRIER and PPC_ATOMIC_EXIT_BARRIER in
__{cmp,}xchg_{u32,u64} respectively to guarantee fully ordered semantics
of atomic{,64}_{cmp,}xchg() and {cmp,}xchg(), as a complement of commit
b97021f85517 ("powerpc: Fix atomic_xxx_return barrier semantics")

This patch depends on patch "powerpc: Make value-returning atomics fully
ordered" for PPC_ATOMIC_ENTRY_BARRIER definition.

Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 arch/powerpc/include/asm/cmpxchg.h | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/arch/powerpc/include/asm/cmpxchg.h b/arch/powerpc/include/asm/cmpxchg.h
index e245aab7f191..95b515113186 100644
--- a/arch/powerpc/include/asm/cmpxchg.h
+++ b/arch/powerpc/include/asm/cmpxchg.h
@@ -18,12 +18,12 @@ __xchg_u32(volatile void *p, unsigned long val)
 	unsigned long prev;
 
 	__asm__ __volatile__(
-	PPC_RELEASE_BARRIER
+	PPC_ATOMIC_ENTRY_BARRIER
 "1:	lwarx	%0,0,%2 \n"
 	PPC405_ERR77(0,%2)
 "	stwcx.	%3,0,%2 \n\
 	bne-	1b"
-	PPC_ACQUIRE_BARRIER
+	PPC_ATOMIC_EXIT_BARRIER
 	: "=&r" (prev), "+m" (*(volatile unsigned int *)p)
 	: "r" (p), "r" (val)
 	: "cc", "memory");
@@ -61,12 +61,12 @@ __xchg_u64(volatile void *p, unsigned long val)
 	unsigned long prev;
 
 	__asm__ __volatile__(
-	PPC_RELEASE_BARRIER
+	PPC_ATOMIC_ENTRY_BARRIER
 "1:	ldarx	%0,0,%2 \n"
 	PPC405_ERR77(0,%2)
 "	stdcx.	%3,0,%2 \n\
 	bne-	1b"
-	PPC_ACQUIRE_BARRIER
+	PPC_ATOMIC_EXIT_BARRIER
 	: "=&r" (prev), "+m" (*(volatile unsigned long *)p)
 	: "r" (p), "r" (val)
 	: "cc", "memory");
@@ -152,14 +152,14 @@ __cmpxchg_u32(volatile unsigned int *p, unsigned long old, unsigned long new)
 	unsigned int prev;
 
 	__asm__ __volatile__ (
-	PPC_RELEASE_BARRIER
+	PPC_ATOMIC_ENTRY_BARRIER
 "1:	lwarx	%0,0,%2		# __cmpxchg_u32\n\
 	cmpw	0,%0,%3\n\
 	bne-	2f\n"
 	PPC405_ERR77(0,%2)
 "	stwcx.	%4,0,%2\n\
 	bne-	1b"
-	PPC_ACQUIRE_BARRIER
+	PPC_ATOMIC_EXIT_BARRIER
 	"\n\
 2:"
 	: "=&r" (prev), "+m" (*p)
@@ -198,13 +198,13 @@ __cmpxchg_u64(volatile unsigned long *p, unsigned long old, unsigned long new)
 	unsigned long prev;
 
 	__asm__ __volatile__ (
-	PPC_RELEASE_BARRIER
+	PPC_ATOMIC_ENTRY_BARRIER
 "1:	ldarx	%0,0,%2		# __cmpxchg_u64\n\
 	cmpd	0,%0,%3\n\
 	bne-	2f\n\
 	stdcx.	%4,0,%2\n\
 	bne-	1b"
-	PPC_ACQUIRE_BARRIER
+	PPC_ATOMIC_EXIT_BARRIER
 	"\n\
 2:"
 	: "=&r" (prev), "+m" (*p)
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] scripts/recordmcount.pl: support data in text section on powerpc
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (21 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] powerpc: Make {cmp}xchg* and their atomic_ versions " Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] arm64: KVM: Fix AArch32 to AArch64 register mapping Jiri Slaby
                   ` (6 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Ulrich Weigand, Michael Ellerman, Jiri Slaby

From: Ulrich Weigand <ulrich.weigand@de.ibm.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit 2e50c4bef77511b42cc226865d6bc568fa7f8769 upstream.

If a text section starts out with a data blob before the first
function start label, disassembly parsing doing in recordmcount.pl
gets confused on powerpc, leading to creation of corrupted module
objects.

This was not a problem so far since the compiler would never create
such text sections.  However, this has changed with a recent change
in GCC 6 to support distances of > 2GB between a function and its
assoicated TOC in the ELFv2 ABI, exposing this problem.

There is already code in recordmcount.pl to handle such data blobs
on the sparc64 platform.  This patch uses the same method to handle
those on powerpc as well.

Acked-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Ulrich Weigand <ulrich.weigand@de.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 scripts/recordmcount.pl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/recordmcount.pl b/scripts/recordmcount.pl
index a27134fc3f76..efe7567d6225 100755
--- a/scripts/recordmcount.pl
+++ b/scripts/recordmcount.pl
@@ -265,7 +265,8 @@ if ($arch eq "x86_64") {
 
 } elsif ($arch eq "powerpc") {
     $local_regex = "^[0-9a-fA-F]+\\s+t\\s+(\\.?\\S+)";
-    $function_regex = "^([0-9a-fA-F]+)\\s+<(\\.?.*?)>:";
+    # See comment in the sparc64 section for why we use '\w'.
+    $function_regex = "^([0-9a-fA-F]+)\\s+<(\\.?\\w*?)>:";
     $mcount_regex = "^\\s*([0-9a-fA-F]+):.*\\s\\.?_mcount\$";
 
     if ($bits == 64) {
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] arm64: KVM: Fix AArch32 to AArch64 register mapping
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (22 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] scripts/recordmcount.pl: support data in text section on powerpc Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] arm64: fix building without CONFIG_UID16 Jiri Slaby
                   ` (5 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Marc Zyngier, Christoffer Dall, Jiri Slaby

From: Marc Zyngier <marc.zyngier@arm.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit c0f0963464c24e034b858441205455bf2a5d93ad upstream.

When running a 32bit guest under a 64bit hypervisor, the ARMv8
architecture defines a mapping of the 32bit registers in the 64bit
space. This includes banked registers that are being demultiplexed
over the 64bit ones.

On exceptions caused by an operation involving a 32bit register, the
HW exposes the register number in the ESR_EL2 register. It was so
far understood that SW had to distinguish between AArch32 and AArch64
accesses (based on the current AArch32 mode and register number).

It turns out that I misinterpreted the ARM ARM, and the clue is in
D1.20.1: "For some exceptions, the exception syndrome given in the
ESR_ELx identifies one or more register numbers from the issued
instruction that generated the exception. Where the exception is
taken from an Exception level using AArch32 these register numbers
give the AArch64 view of the register."

Which means that the HW is already giving us the translated version,
and that we shouldn't try to interpret it at all (for example, doing
an MMIO operation from the IRQ mode using the LR register leads to
very unexpected behaviours).

The fix is thus not to perform a call to vcpu_reg32() at all from
vcpu_reg(), and use whatever register number is supplied directly.
The only case we need to find out about the mapping is when we
actively generate a register access, which only occurs when injecting
a fault in a guest.

Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 arch/arm64/include/asm/kvm_emulate.h | 8 +++++---
 arch/arm64/kvm/inject_fault.c        | 2 +-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h
index 2b01e2bdb7ef..a79bcce9b66d 100644
--- a/arch/arm64/include/asm/kvm_emulate.h
+++ b/arch/arm64/include/asm/kvm_emulate.h
@@ -86,11 +86,13 @@ static inline void vcpu_set_thumb(struct kvm_vcpu *vcpu)
 	*vcpu_cpsr(vcpu) |= COMPAT_PSR_T_BIT;
 }
 
+/*
+ * vcpu_reg should always be passed a register number coming from a
+ * read of ESR_EL2. Otherwise, it may give the wrong result on AArch32
+ * with banked registers.
+ */
 static inline unsigned long *vcpu_reg(const struct kvm_vcpu *vcpu, u8 reg_num)
 {
-	if (vcpu_mode_is_32bit(vcpu))
-		return vcpu_reg32(vcpu, reg_num);
-
 	return (unsigned long *)&vcpu_gp_regs(vcpu)->regs.regs[reg_num];
 }
 
diff --git a/arch/arm64/kvm/inject_fault.c b/arch/arm64/kvm/inject_fault.c
index 86825f8883de..f527a37ac979 100644
--- a/arch/arm64/kvm/inject_fault.c
+++ b/arch/arm64/kvm/inject_fault.c
@@ -48,7 +48,7 @@ static void prepare_fault32(struct kvm_vcpu *vcpu, u32 mode, u32 vect_offset)
 
 	/* Note: These now point to the banked copies */
 	*vcpu_spsr(vcpu) = new_spsr_value;
-	*vcpu_reg(vcpu, 14) = *vcpu_pc(vcpu) + return_offset;
+	*vcpu_reg32(vcpu, 14) = *vcpu_pc(vcpu) + return_offset;
 
 	/* Branch to exception vector */
 	if (sctlr & (1 << 13))
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] arm64: fix building without CONFIG_UID16
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (23 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] arm64: KVM: Fix AArch32 to AArch64 register mapping Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] arm64: Clear out any singlestep state on a ptrace detach operation Jiri Slaby
                   ` (4 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Arnd Bergmann, Catalin Marinas, Jiri Slaby

From: Arnd Bergmann <arnd@arndb.de>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit fbc416ff86183e2203cdf975e2881d7c164b0271 upstream.

As reported by Michal Simek, building an ARM64 kernel with CONFIG_UID16
disabled currently fails because the system call table still needs to
reference the individual function entry points that are provided by
kernel/sys_ni.c in this case, and the declarations are hidden inside
of #ifdef CONFIG_UID16:

arch/arm64/include/asm/unistd32.h:57:8: error: 'sys_lchown16' undeclared here (not in a function)
 __SYSCALL(__NR_lchown, sys_lchown16)

I believe this problem only exists on ARM64, because older architectures
tend to not need declarations when their system call table is built
in assembly code, while newer architectures tend to not need UID16
support. ARM64 only uses these system calls for compatibility with
32-bit ARM binaries.

This changes the CONFIG_UID16 check into CONFIG_HAVE_UID16, which is
set unconditionally on ARM64 with CONFIG_COMPAT, so we see the
declarations whenever we need them, but otherwise the behavior is
unchanged.

Fixes: af1839eb4bd4 ("Kconfig: clean up the long arch list for the UID16 config option")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 include/linux/syscalls.h | 2 +-
 include/linux/types.h    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index 7fac04e7ff6e..f662a3719a1b 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -499,7 +499,7 @@ asmlinkage long sys_chown(const char __user *filename,
 asmlinkage long sys_lchown(const char __user *filename,
 				uid_t user, gid_t group);
 asmlinkage long sys_fchown(unsigned int fd, uid_t user, gid_t group);
-#ifdef CONFIG_UID16
+#ifdef CONFIG_HAVE_UID16
 asmlinkage long sys_chown16(const char __user *filename,
 				old_uid_t user, old_gid_t group);
 asmlinkage long sys_lchown16(const char __user *filename,
diff --git a/include/linux/types.h b/include/linux/types.h
index 4d118ba11349..83db8e5974dc 100644
--- a/include/linux/types.h
+++ b/include/linux/types.h
@@ -35,7 +35,7 @@ typedef __kernel_gid16_t        gid16_t;
 
 typedef unsigned long		uintptr_t;
 
-#ifdef CONFIG_UID16
+#ifdef CONFIG_HAVE_UID16
 /* This is defined by include/asm-{arch}/posix_types.h */
 typedef __kernel_old_uid_t	old_uid_t;
 typedef __kernel_old_gid_t	old_gid_t;
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] arm64: Clear out any singlestep state on a ptrace detach operation
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (24 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] arm64: fix building without CONFIG_UID16 Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] arm64: mm: ensure that the zero page is visible to the page table walker Jiri Slaby
                   ` (3 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: John Blackwood, Will Deacon, Jiri Slaby

From: John Blackwood <john.blackwood@ccur.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit 5db4fd8c52810bd9740c1240ebf89223b171aa70 upstream.

Make sure to clear out any ptrace singlestep state when a ptrace(2)
PTRACE_DETACH call is made on arm64 systems.

Otherwise, the previously ptraced task will die off with a SIGTRAP
signal if the debugger just previously singlestepped the ptraced task.

Signed-off-by: John Blackwood <john.blackwood@ccur.com>
[will: added comment to justify why this is in the arch code]
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 arch/arm64/kernel/ptrace.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index ee79a1a6e965..9b9d651446ba 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -51,6 +51,12 @@
  */
 void ptrace_disable(struct task_struct *child)
 {
+	/*
+	 * This would be better off in core code, but PTRACE_DETACH has
+	 * grown its fair share of arch-specific worts and changing it
+	 * is likely to cause regressions on obscure architectures.
+	 */
+	user_disable_single_step(child);
 }
 
 #ifdef CONFIG_HAVE_HW_BREAKPOINT
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] arm64: mm: ensure that the zero page is visible to the page table walker
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (25 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] arm64: Clear out any singlestep state on a ptrace detach operation Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] parisc iommu: fix panic due to trying to allocate too large region Jiri Slaby
                   ` (2 subsequent siblings)
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Will Deacon, Greg Kroah-Hartman

From: Will Deacon <will.deacon@arm.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit 32d6397805d00573ce1fa55f408ce2bca15b0ad3 upstream.

In paging_init, we allocate the zero page, memset it to zero and then
point TTBR0 to it in order to avoid speculative fetches through the
identity mapping.

In order to guarantee that the freshly zeroed page is indeed visible to
the page table walker, we need to execute a dsb instruction prior to
writing the TTBR.

Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/arm64/mm/mmu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index f8dc7e8fce6f..84ddb372fbc6 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -374,6 +374,9 @@ void __init paging_init(void)
 
 	empty_zero_page = virt_to_page(zero_page);
 
+	/* Ensure the zero page is visible to the page table walker */
+	dsb();
+
 	/*
 	 * TTBR0 is only used for the identity mapping at this stage. Make it
 	 * point to zero page to avoid speculatively fetching new entries.
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] parisc iommu: fix panic due to trying to allocate too large region
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (26 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] arm64: mm: ensure that the zero page is visible to the page table walker Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] HID: core: Avoid uninitialized buffer access Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] mn10300: Select CONFIG_HAVE_UID16 to fix build failure Jiri Slaby
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Mikulas Patocka, Helge Deller, Jiri Slaby

From: Mikulas Patocka <mpatocka@redhat.com>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit e46e31a3696ae2d66f32c207df3969613726e636 upstream.

When using the Promise TX2+ SATA controller on PA-RISC, the system often
crashes with kernel panic, for example just writing data with the dd
utility will make it crash.

Kernel panic - not syncing: drivers/parisc/sba_iommu.c: I/O MMU @ 000000000000a000 is out of mapping resources

CPU: 0 PID: 18442 Comm: mkspadfs Not tainted 4.4.0-rc2 #2
Backtrace:
 [<000000004021497c>] show_stack+0x14/0x20
 [<0000000040410bf0>] dump_stack+0x88/0x100
 [<000000004023978c>] panic+0x124/0x360
 [<0000000040452c18>] sba_alloc_range+0x698/0x6a0
 [<0000000040453150>] sba_map_sg+0x260/0x5b8
 [<000000000c18dbb4>] ata_qc_issue+0x264/0x4a8 [libata]
 [<000000000c19535c>] ata_scsi_translate+0xe4/0x220 [libata]
 [<000000000c19a93c>] ata_scsi_queuecmd+0xbc/0x320 [libata]
 [<0000000040499bbc>] scsi_dispatch_cmd+0xfc/0x130
 [<000000004049da34>] scsi_request_fn+0x6e4/0x970
 [<00000000403e95a8>] __blk_run_queue+0x40/0x60
 [<00000000403e9d8c>] blk_run_queue+0x3c/0x68
 [<000000004049a534>] scsi_run_queue+0x2a4/0x360
 [<000000004049be68>] scsi_end_request+0x1a8/0x238
 [<000000004049de84>] scsi_io_completion+0xfc/0x688
 [<0000000040493c74>] scsi_finish_command+0x17c/0x1d0

The cause of the crash is not exhaustion of the IOMMU space, there is
plenty of free pages. The function sba_alloc_range is called with size
0x11000, thus the pages_needed variable is 0x11. The function
sba_search_bitmap is called with bits_wanted 0x11 and boundary size is
0x10 (because dma_get_seg_boundary(dev) returns 0xffff).

The function sba_search_bitmap attempts to allocate 17 pages that must not
cross 16-page boundary - it can't satisfy this requirement
(iommu_is_span_boundary always returns true) and fails even if there are
many free entries in the IOMMU space.

How did it happen that we try to allocate 17 pages that don't cross
16-page boundary? The cause is in the function iommu_coalesce_chunks. This
function tries to coalesce adjacent entries in the scatterlist. The
function does several checks if it may coalesce one entry with the next,
one of those checks is this:

	if (startsg->length + dma_len > max_seg_size)
		break;

When it finishes coalescing adjacent entries, it allocates the mapping:

sg_dma_len(contig_sg) = dma_len;
dma_len = ALIGN(dma_len + dma_offset, IOVP_SIZE);
sg_dma_address(contig_sg) =
	PIDE_FLAG
	| (iommu_alloc_range(ioc, dev, dma_len) << IOVP_SHIFT)
	| dma_offset;

It is possible that (startsg->length + dma_len > max_seg_size) is false
(we are just near the 0x10000 max_seg_size boundary), so the funcion
decides to coalesce this entry with the next entry. When the coalescing
succeeds, the function performs
	dma_len = ALIGN(dma_len + dma_offset, IOVP_SIZE);
And now, because of non-zero dma_offset, dma_len is greater than 0x10000.
iommu_alloc_range (a pointer to sba_alloc_range) is called and it attempts
to allocate 17 pages for a device that must not cross 16-page boundary.

To fix the bug, we must make sure that dma_len after addition of
dma_offset and alignment doesn't cross the segment boundary. I.e. change
	if (startsg->length + dma_len > max_seg_size)
		break;
to
	if (ALIGN(dma_len + dma_offset + startsg->length, IOVP_SIZE) > max_seg_size)
		break;

This patch makes this change (it precalculates max_seg_boundary at the
beginning of the function iommu_coalesce_chunks). I also added a check
that the mapping length doesn't exceed dma_get_seg_boundary(dev) (it is
not needed for Promise TX2+ SATA, but it may be needed for other devices
that have dma_get_seg_boundary lower than dma_get_max_seg_size).

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 drivers/parisc/iommu-helpers.h | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/drivers/parisc/iommu-helpers.h b/drivers/parisc/iommu-helpers.h
index 8c33491b21fe..c6aa38883466 100644
--- a/drivers/parisc/iommu-helpers.h
+++ b/drivers/parisc/iommu-helpers.h
@@ -104,7 +104,11 @@ iommu_coalesce_chunks(struct ioc *ioc, struct device *dev,
 	struct scatterlist *contig_sg;	   /* contig chunk head */
 	unsigned long dma_offset, dma_len; /* start/len of DMA stream */
 	unsigned int n_mappings = 0;
-	unsigned int max_seg_size = dma_get_max_seg_size(dev);
+	unsigned int max_seg_size = min(dma_get_max_seg_size(dev),
+					(unsigned)DMA_CHUNK_SIZE);
+	unsigned int max_seg_boundary = dma_get_seg_boundary(dev) + 1;
+	if (max_seg_boundary)	/* check if the addition above didn't overflow */
+		max_seg_size = min(max_seg_size, max_seg_boundary);
 
 	while (nents > 0) {
 
@@ -139,14 +143,11 @@ iommu_coalesce_chunks(struct ioc *ioc, struct device *dev,
 
 			/*
 			** First make sure current dma stream won't
-			** exceed DMA_CHUNK_SIZE if we coalesce the
+			** exceed max_seg_size if we coalesce the
 			** next entry.
 			*/   
-			if(unlikely(ALIGN(dma_len + dma_offset + startsg->length,
-					    IOVP_SIZE) > DMA_CHUNK_SIZE))
-				break;
-
-			if (startsg->length + dma_len > max_seg_size)
+			if (unlikely(ALIGN(dma_len + dma_offset + startsg->length, IOVP_SIZE) >
+				     max_seg_size))
 				break;
 
 			/*
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] HID: core: Avoid uninitialized buffer access
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (27 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] parisc iommu: fix panic due to trying to allocate too large region Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  2016-01-28 10:52 ` [patch added to 3.12-stable] mn10300: Select CONFIG_HAVE_UID16 to fix build failure Jiri Slaby
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable
  Cc: Richard Purdie, Jiri Kosina, linux-input, Darren Hart,
	Jiri Kosina, Jiri Slaby

From: Richard Purdie <richard.purdie@linuxfoundation.org>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit 79b568b9d0c7c5d81932f4486d50b38efdd6da6d upstream.

hid_connect adds various strings to the buffer but they're all
conditional. You can find circumstances where nothing would be written
to it but the kernel will still print the supposedly empty buffer with
printk. This leads to corruption on the console/in the logs.

Ensure buf is initialized to an empty string.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[dvhart: Initialize string to "" rather than assign buf[0] = NULL;]
Cc: Jiri Kosina <jikos@kernel.org>
Cc: linux-input@vger.kernel.org
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 drivers/hid/hid-core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index 85b0da8c33f4..7ca1b4a97a14 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -1514,7 +1514,7 @@ int hid_connect(struct hid_device *hdev, unsigned int connect_mask)
 		"Multi-Axis Controller"
 	};
 	const char *type, *bus;
-	char buf[64];
+	char buf[64] = "";
 	unsigned int i;
 	int len;
 	int ret;
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* [patch added to 3.12-stable] mn10300: Select CONFIG_HAVE_UID16 to fix build failure
  2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
                   ` (28 preceding siblings ...)
  2016-01-28 10:52 ` [patch added to 3.12-stable] HID: core: Avoid uninitialized buffer access Jiri Slaby
@ 2016-01-28 10:52 ` Jiri Slaby
  29 siblings, 0 replies; 32+ messages in thread
From: Jiri Slaby @ 2016-01-28 10:52 UTC (permalink / raw)
  To: stable; +Cc: Guenter Roeck, Arnd Bergmann, Jiri Slaby

From: Guenter Roeck <linux@roeck-us.net>

This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.

===============

commit c86576ea114a9a881cf7328dc7181052070ca311 upstream.

mn10300 builds fail with

fs/stat.c: In function 'cp_old_stat':
fs/stat.c:163:2: error: 'old_uid_t' undeclared

ipc/util.c: In function 'ipc64_perm_to_ipc_perm':
ipc/util.c:540:2: error: 'old_uid_t' undeclared

Select CONFIG_HAVE_UID16 and remove local definition of CONFIG_UID16
to fix the problem.

Fixes: fbc416ff8618 ("arm64: fix building without CONFIG_UID16")
Cc: Arnd Bergmann <arnd@arndb.de>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 arch/mn10300/Kconfig | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/arch/mn10300/Kconfig b/arch/mn10300/Kconfig
index 6aaa1607001a..c61bf144b8f2 100644
--- a/arch/mn10300/Kconfig
+++ b/arch/mn10300/Kconfig
@@ -1,6 +1,7 @@
 config MN10300
 	def_bool y
 	select HAVE_OPROFILE
+	select HAVE_UID16
 	select GENERIC_IRQ_SHOW
 	select ARCH_WANT_IPC_PARSE_VERSION
 	select HAVE_ARCH_TRACEHOOK
@@ -37,9 +38,6 @@ config HIGHMEM
 config NUMA
 	def_bool n
 
-config UID16
-	def_bool y
-
 config RWSEM_GENERIC_SPINLOCK
 	def_bool y
 
-- 
2.7.0


^ permalink raw reply related	[flat|nested] 32+ messages in thread

* Re: [patch added to 3.12-stable] ARM: 8160/1: drop warning about return_address not using unwind tables
  2016-01-28 10:51 ` [patch added to 3.12-stable] ARM: 8160/1: drop warning about return_address not using unwind tables Jiri Slaby
@ 2016-01-28 11:07   ` Uwe Kleine-König
  0 siblings, 0 replies; 32+ messages in thread
From: Uwe Kleine-König @ 2016-01-28 11:07 UTC (permalink / raw)
  To: Jiri Slaby; +Cc: stable, Russell King

Hello,

On Thu, Jan 28, 2016 at 11:51:53AM +0100, Jiri Slaby wrote:
> From: Uwe Kleine-K�nig <u.kleine-koenig@pengutronix.de>
> 
> This patch has been added to the 3.12 stable tree. If you have any
> objections, please let us know.

I don't object, I just wonder this is taken. Do you need it for conflict
resolution or is the patch important on it's own?

Best regards
Uwe

-- 
Pengutronix e.K.                           | Uwe Kleine-K�nig            |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |

^ permalink raw reply	[flat|nested] 32+ messages in thread

end of thread, other threads:[~2016-01-28 11:07 UTC | newest]

Thread overview: 32+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-28 10:51 [patch added to 3.12-stable] ARM: 8158/1: LLVMLinux: use static inline in ARM ftrace.h Jiri Slaby
2016-01-28 10:51 ` [patch added to 3.12-stable] ARM: 8160/1: drop warning about return_address not using unwind tables Jiri Slaby
2016-01-28 11:07   ` Uwe Kleine-König
2016-01-28 10:51 ` [patch added to 3.12-stable] drm/radeon: cypress_dpm: Fix unused variable warning when CONFIG_ACPI=n Jiri Slaby
2016-01-28 10:51 ` [patch added to 3.12-stable] drm: radeon: ni_dpm: " Jiri Slaby
2016-01-28 10:51 ` [patch added to 3.12-stable] lkdtm: adjust recursion size to avoid warnings Jiri Slaby
2016-01-28 10:51 ` [patch added to 3.12-stable] RDMA/cxgb4: Fix gcc warning on 32-bit arch Jiri Slaby
2016-01-28 10:51 ` [patch added to 3.12-stable] mISDN: avoid arch specific __builtin_return_address call Jiri Slaby
2016-01-28 10:51 ` [patch added to 3.12-stable] veth: don’t modify ip_summed; doing so treats packets with bad checksums as good Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] ipv6/addrlabel: fix ip6addrlbl_get() Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] sctp: sctp should release assoc when sctp_make_abort_user return NULL in sctp_close Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] connector: bump skb->users before callback invocation Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] unix: properly account for FDs passed over unix sockets Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] bridge: Only call /sbin/bridge-stp for the initial network namespace Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] net: sctp: prevent writes to cookie_hmac_alg from accessing invalid memory Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] ipv6: tcp: add rcu locking in tcp_v6_send_synack() Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] tcp_yeah: don't set ssthresh below 2 Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] phonet: properly unshare skbs in phonet_rcv() Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] ipv6: update skb->csum when CE mark is propagated Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] team: Replace rcu_read_lock with a mutex in team_vlan_rx_kill_vid Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] xfrm: dst_entries_init() per-net dst_ops Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] powerpc/tm: Block signal return setting invalid MSR state Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] powerpc: Make value-returning atomics fully ordered Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] powerpc: Make {cmp}xchg* and their atomic_ versions " Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] scripts/recordmcount.pl: support data in text section on powerpc Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] arm64: KVM: Fix AArch32 to AArch64 register mapping Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] arm64: fix building without CONFIG_UID16 Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] arm64: Clear out any singlestep state on a ptrace detach operation Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] arm64: mm: ensure that the zero page is visible to the page table walker Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] parisc iommu: fix panic due to trying to allocate too large region Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] HID: core: Avoid uninitialized buffer access Jiri Slaby
2016-01-28 10:52 ` [patch added to 3.12-stable] mn10300: Select CONFIG_HAVE_UID16 to fix build failure Jiri Slaby

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.