* [PATCH 3.10 000/319] 3.10.105-stable review
@ 2017-02-05 19:09 ` Willy Tarreau
0 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Willy Tarreau
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=UTF-8, Size: 41448 bytes --]
This is the start of the stable review cycle for the 3.10.105 release.
NOTE! This series is quite large as I've caught up with many pending fixes
that were submitted for -stable long ago and that I had been holding on
since 3.10.103 due to limited time. Most fixes address stability issues
in crypto, net, usb, scsi, kvm, random info leaks, and risks of oopses
in various subsystems. My pending queue is now empty.
It builds fine here on i586 and x86_64 for allmodconfig and on armv7 with
mvebu_defconfig.
All patches will be posted as a response to this one. If anyone has any
issue with these being applied, please let me know. If anyone thinks some
important patches are missing and should be added prior to the release,
please report them quickly with their respective mainline commit IDs.
Responses should be made by Fri Feb 10 10:00:00 CET 2017.
Anything received after that time might be too late. If someone
wants a bit more time for a deeper review, please let me know.
The whole patch series can be found in one patch at :
https://kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.10.105-rc1.gz
The shortlog and diffstat are appended below.
Thanks,
Willy
===============
Al Viro (28):
avr32: fix copy_from_user()
microblaze: fix __get_user()
microblaze: fix copy_from_user()
mn10300: failing __get_user() and get_user() should zero
m32r: fix __get_user()
sh64: failing __get_user() should zero
score: fix __get_user/get_user
s390: get_user() should zero on failure
asm-generic: make get_user() clear the destination on errors
frv: fix clear_user()
cris: buggered copy_from_user/copy_to_user/clear_user
blackfin: fix copy_from_user()
score: fix copy_from_user() and friends
sh: fix copy_from_user()
hexagon: fix strncpy_from_user() error return
mips: copy_from_user() must zero the destination on access_ok()
failure
asm-generic: make copy_from_user() zero the destination properly
alpha: fix copy_from_user()
metag: copy_from_user() should zero the destination on access_ok()
failure
parisc: fix copy_from_user()
openrisc: fix copy_from_user()
mn10300: copy_from_user() should zero on access_ok() failure...
sparc32: fix copy_from_user()
ppc32: fix copy_from_user()
ia64: copy_from_user() should zero the destination on access_ok()
failure
fix fault_in_multipages_...() on architectures with no-op access_ok()
fix memory leaks in tracing_buffers_splice_read()
arc: don't leak bits of kernel stack into coredump
Alan Stern (3):
USB: validate wMaxPacketValue entries in endpoint descriptors
USB: fix typo in wMaxPacketSize validation
USB: change bInterval default to 10 ms
Alex Vesker (2):
IB/ipoib: Don't allow MC joins during light MC flush
IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV
Alexander Usyskin (1):
mei: bus: fix received data size check in NFC fixup
Alexey Khoroshilov (2):
USB: serial: mos7720: fix non-atomic allocation in write path
USB: serial: mos7840: fix non-atomic allocation in write path
Alexey Klimov (1):
USB: serial: fix memleak in driver-registration error path
Andrew Bresticker (1):
pstore/ram: Use memcpy_fromio() to save old buffer
Andrey Grodzovsky (2):
scsi: mpt3sas: Fix secure erase premature termination
mpt2sas: Fix secure erase premature termination
Andrey Ryabinin (2):
coredump: fix unfreezable coredumping task
mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]
Andy Lutomirski (1):
x86/traps: Ignore high word of regs->cs in early_idt_handler_common
Anoob Soman (1):
packet: call fanout_release, while UNREGISTERING a netdev
Anton Blanchard (1):
powerpc/vdso64: Use double word compare on pointers
Ard Biesheuvel (1):
crypto: cryptd - initialize child shash_desc on import
Arend Van Spriel (1):
brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()
Arnaldo Carvalho de Melo (1):
perf symbols: Fixup symbol sizes before picking best ones
Arnd Bergmann (1):
staging: iio: ad5933: avoid uninitialized variable in error case
Ashish Samant (1):
ocfs2: fix start offset to ocfs2_zero_range_for_truncate()
Balbir Singh (1):
sched/core: Fix a race between try_to_wake_up() and a woken up task
Baoquan He (1):
iommu/amd: Free domain id when free a domain of struct dma_ops_domain
Bart Van Assche (2):
IB/srpt: Simplify srpt_handle_tsk_mgmt()
dm: mark request_queue dead before destroying the DM device
Ben Hutchings (1):
xen-pciback: Add name prefix to global 'permissive' variable
Boris Brezillon (1):
UBI: fastmap: scrub PEB when bitflips are detected in a free PEB EC
header
Brian King (1):
scsi: ibmvfc: Fix I/O hang when port is not mapped
Brian Norris (2):
mtd: blkdevs: fix potential deadlock + lockdep warnings
mwifiex: printk() overflow with 32-byte SSIDs
Ching Huang (1):
scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
Chris Metcalf (1):
tile: avoid using clocksource_cyc2ns with absolute cycle count
Christian Borntraeger (2):
kernel: Provide READ_ONCE and ASSIGN_ONCE
kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val)
Christian König (1):
drm/radeon: fix radeon_move_blit on 32bit systems
Chuck Lever (2):
NFS: Don't drop CB requests with invalid principals
svc: Avoid garbage replies when pc_func() returns rpc_drop_reply
Cyrille Pitchen (1):
i2c: at91: fix write transfers by clearing pending interrupt first
Daeho Jeong (2):
ext4: avoid modifying checksum fields directly during checksum
verification
ext4: reinforce check of i_dtime when clearing high fields of uid and
gid
Dan Carpenter (10):
avr32: off by one in at32_init_pio()
usb: gadget: fsl_qe_udc: signedness bug in qe_get_frame()
scsi: zfcp: spin_lock_irqsave() is not nestable
scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer()
hostfs: Freeing an ERR_PTR in hostfs_fill_sb_common()
qxl: check for kmap failures
em28xx-i2c: rt_mutex_trylock() returns zero on failure
mtd: pmcmsp-flash: Allocating too much in init_msp_flash()
tools/vm/slabinfo: fix an unintentional printf
mfd: 88pm80x: Double shifting bug in suspend/resume
Daniel Glöckner (1):
mmc: block: don't use CMD23 with very old MMC cards
Daniel Mentz (1):
lib/genalloc.c: start search from start of chunk
Daniel Vetter (1):
drm: Reject page_flip for !DRIVER_MODESET
Darrick J. Wong (1):
libxfs: clean up _calc_dquots_per_chunk
Dave Chinner (1):
xfs: fix superblock inprogress check
Dave Gerlach (1):
hwrng: omap - Only fail if pm_runtime_get_sync returns < 0
David Howells (1):
KEYS: Fix short sprintf buffer in /proc/keys show function
David Vrabel (3):
xen: Add RING_COPY_REQUEST()
xen-netback: don't use last request to determine minimum Tx credit
xen-netback: use RING_COPY_REQUEST() throughout
Denys Vlasenko (1):
include/stddef.h: Move offsetofend() from vfio.h to a generic kernel
header
Ding Tianhong (1):
rcu: Fix soft lockup for rcu_nocb_kthread
Dmitry Torokhov (3):
Input: i8042 - break load dependency between atkbd/psmouse and i8042
Input: i8042 - set up shared ps2_cmd_mutex for AUX ports
Input: ili210x - fix permissions on "calibrate" attribute
Dmitry Vyukov (1):
tty: limit terminal size to 4M chars
Douglas Caetano dos Santos (1):
tcp: fix wrong checksum calculation on MTU probing
Eli Cooper (2):
ip6_tunnel: Clear IP6CB in ip6tunnel_xmit()
ipv4: Set skb->protocol properly for local output
Emmanouil Maroudas (1):
EDAC: Increment correct counter in edac_inc_ue_error()
Emrah Demir (1):
mISDN: Fixing missing validation in base_sock_bind()
Erez Shitrit (2):
IB/ipoib: Fix memory corruption in ipoib cm mode connect flow
IB/core: Fix use after free in send_leave function
Eric Dumazet (12):
ipv6: dccp: fix out of bound access in dccp_v6_err()
ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
tcp: fix use after free in tcp_xmit_retransmit_queue()
tcp: properly scale window in tcp_v[46]_reqsk_send_ack()
tcp: fix overflow in __tcp_retransmit_skb()
tcp: take care of truncations done by sk_filter()
net: fix sk_mem_reclaim_partial()
net: avoid sk_forward_alloc overflows
net: clear sk_err_soft in sk_clone_lock()
net: mangle zero checksum in skb_checksum_help()
dccp: do not send reset to already closed sockets
dccp: fix out of bound access in dccp_v4_err()
Ewan D. Milne (1):
scsi: scsi_debug: Fix memory leak if LBP enabled and module is
unloaded
Fabio Estevam (1):
mmc: mxs: Initialize the spinlock prior to using it
Felipe Balbi (3):
usb: dwc3: gadget: increment request->actual once
usb: gadget: function: u_ether: don't starve tx request queue
usb: gadget: u_ether: remove interrupt throttling
Felix Fietkau (1):
mac80211: fix purging multicast PS buffer queue
Florian Fainelli (2):
brcmsmac: Free packet if dma_mapping_error() fails in dma_rxfill
brcmsmac: Initialize power in brcms_c_stf_ss_algo_channel_get()
Furquan Shaikh (1):
pstore/ram: Use memcpy_toio instead of memcpy
Gavin Li (1):
cdc-acm: fix wrong pipe type on rx interrupt xfers
Gavin Shan (2):
powerpc/powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data()
drivers/vfio: Rework offsetofend()
Glauber Costa (1):
cfq: fix starvation of asynchronous writes
Greg Kroah-Hartman (1):
usb: misc: legousbtower: Fix NULL pointer deference
Guenter Roeck (3):
avr32: fix 'undefined reference to `___copy_from_user'
openrisc: fix the fix of copy_from_user()
metag: Only define atomic_dec_if_positive conditionally
H.J. Lu (1):
x86/build: Build compressed x86 kernels as PIE
Hannes Frederic Sowa (2):
ipv6: split duplicate address detection and router solicitation timer
ipv6: move DAD and addrconf_verify processing to workqueue
Herbert Xu (17):
crypto: algif_skcipher - Require setkey before accept(2)
crypto: af_alg - Disallow bind/setkey/... after accept(2)
crypto: af_alg - Add nokey compatibility path
crypto: algif_skcipher - Add nokey compatibility path
crypto: hash - Add crypto_ahash_has_setkey
crypto: shash - Fix has_key setting
crypto: algif_hash - Require setkey before accept(2)
crypto: skcipher - Add crypto_skcipher_has_setkey
crypto: algif_skcipher - Add key check exception for cipher_null
crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey
path
crypto: algif_hash - Remove custom release parent function
crypto: algif_skcipher - Remove custom release parent function
crypto: af_alg - Forbid bind(2) when nokey child sockets are present
crypto: algif_hash - Fix race condition in hash_check_key
crypto: algif_skcipher - Fix race condition in skcipher_check_key
crypto: algif_skcipher - Load TX SG list after waiting
crypto: skcipher - Fix blkcipher walk OOM crash
Ido Yariv (1):
KVM: x86: fix wbinvd_dirty_mask use-after-free
Ignacio Alvarado (1):
KVM: Disable irq while unregistering user notifier
Jack Morgenstein (1):
net/mlx4_core: Allow resetting VF admin mac to zero
Jaewon Kim (1):
ratelimit: fix bug in time interval by resetting right begin time
James Hogan (4):
KVM: MIPS: Precalculate MMIO load resume PC
KVM: MIPS: Drop other CPU ASIDs on guest MMU changes
KVM: MIPS: Make ERET handle ERL before EXL
arm64: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
Jan Beulich (1):
x86/mm/xen: Suppress hugetlbfs in PV guests
Jan Kara (1):
isofs: Do not return EACCES for unknown filesystems
Jan Remmet (1):
regulator: tps65910: Work around silicon erratum SWCZ010
Jan Viktorin (1):
uio: fix dmem_region_start computation
Jann Horn (2):
swapfile: fix memory corruption via malformed swapfile
netfilter: fix namespace handling in nf_log_proc_dostring
Jeff Mahoney (2):
reiserfs: fix "new_insert_key may be used uninitialized ..."
btrfs: ensure that file descriptor used with subvol ioctls is a dir
Jeremy Linton (1):
net: sky2: Fix shutdown crash
Jim Lin (1):
usb: xhci: Fix panic if disconnect
Jiri Kosina (1):
x86/mm/pat, /dev/mem: Remove superfluous error message
Jiri Slaby (2):
tty: vt, fix bogus division in csi_J
net: sctp, forbid negative length
Joe Perches (2):
stddef.h: move offsetofend inside #ifndef/#endif guard, neaten
ipc: remove use of seq_printf return value
Joerg Roedel (1):
iommu/amd: Update Alias-DTE in update_device_table()
Johan Hovold (4):
USB: kobil_sct: fix non-atomic allocation in write path
USB: serial: cp210x: fix tiocmget error handling
mfd: core: Fix device reference leak in mfd_clone_cell
PM / sleep: fix device reference leak in test_suspend
Johannes Berg (2):
mac80211: discard multicast and 4-addr A-MSDUs
cfg80211: limit scan results cache size
John David Anglin (1):
parisc: Ensure consistent state when switching to kernel stack at
syscall entry
Joseph Qi (1):
ocfs2/dlm: fix race between convert and migration
Juergen Gross (1):
x86/xen: fix upper bound of pmd loop in xen_cleanhighmap()
Karl Beldan (1):
mtd: nand: davinci: Reinitialize the HW ECC engine in 4bit hwctl
Kashyap Desai (1):
scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough)
devices
Kinglong Mee (1):
NFSD: Using free_conn free connection
Konrad Rzeszutek Wilk (6):
xen/pciback: Save xen_pci_op commands before processing it
xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI
or MSI-X enabled
xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has
MSI or MSI-X enabled
xen/pciback: Do not install an IRQ handler for MSI interrupts.
xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has
MSI(X) enabled.
xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
Konstantin Khlebnikov (2):
ext4: use __GFP_NOFAIL in ext4_free_blocks()
net: ratelimit warnings about dst entry refcount underflow or overflow
Konstantin Shkolnyy (1):
USB: serial: cp210x: fix hardware flow-control disable
Krzysztof Kozlowski (2):
hwrng: exynos - Disable runtime PM on probe failure
thermal: hwmon: Properly report critical temperature in sysfs
Lance Richardson (1):
ip6_gre: fix flowi6_proto value in ip6gre_xmit_other()
Linus Torvalds (2):
Fix potential infoleak in older kernels
kernel: make READ_ONCE() valid on const arguments
Linus Walleij (2):
iio: accel: kxsd9: Fix raw read return
iio: accel: kxsd9: Fix scaling bug
Liu Gang (1):
gpio: mpc8xxx: Correct irq handler function
Liu ShuoX (1):
pstore: Fix buffer overflow while write offset equal to buffer size
Long Li (1):
hv: do not lose pending heartbeat vmbus packets
Maciej S. Szmigiero (1):
mISDN: Support DR6 indication in mISDNipac driver
Mahesh Bandewar (1):
bonding: Fix bonding crash
Manfred Spraul (1):
ipc/sem.c: fix complex_count vs. simple op race
Marcelo Ricardo Leitner (2):
sctp: validate chunk len before actually using it
sctp: assign assoc_id earlier in __sctp_connect
Marcin Nowakowski (1):
MIPS: ptrace: Fix regs_return_value for kernel context
Mark Bloch (1):
IB/cm: Mark stale CM id's whenever the mad agent was unregistered
Mark Rutland (1):
arm64: avoid returning from bad_mode
Markus Elfring (1):
driver core: Delete an unnecessary check before the function call
"put_device"
Matan Barak (1):
IB/mlx4: Fix create CQ error flow
Mauro Carvalho Chehab (4):
mb86a20s: fix the locking logic
mb86a20s: fix demod settings
cx231xx: don't return error on success
cx231xx: fix GPIOs for Pixelview SBTVD hybrid
Max Staudt (1):
fbdev/efifb: Fix 16 color palette entry calculation
Michael S. Tsirkin (1):
x86/um: reuse asm-generic/barrier.h
Michael Walle (1):
hwmon: (adt7411) set bit 3 in CFG1 register
Michal Hocko (1):
kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd
Michal Kubecek (2):
net: disable fragment reassembly if high_thresh is set to zero
ipvs: count pre-established TCP states as active
Michal KubeÄek (1):
ipv6: don't call fib6_run_gc() until routing is ready
Michel Dänzer (1):
drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to
on
Mike Galbraith (1):
reiserfs: Unlock superblock before calling reiserfs_quota_on_mount()
Mike Snitzer (1):
dm flakey: fix reads to be issued if drop_writes configured
Ming Lei (2):
scsi: Fix use-after-free
driver core: fix race between creating/querying glue dir and its
cleanup
Myron Stowe (1):
PCI: Handle read-only BARs on AMD CS553x devices
Nicholas Mc Guire (1):
MIPS: KVM: Fix unused variable build warning
Nicolas Dichtel (1):
ipv6: correctly add local routes when lo goes up
Nikolay Aleksandrov (1):
ipmr, ip6mr: fix scheduling while atomic and a deadlock with
ipmr_get_route
Nishanth Menon (1):
hwrng: omap - Fix assumption that runtime_get_sync will always succeed
Oleg Nesterov (1):
fs/super.c: fix race between freeze_super() and thaw_super()
Oliver Hartkopp (1):
can: bcm: fix warning in bcm_connect/proc_register
Oliver Neukum (1):
kaweth: fix firmware download
Ondrej MosnáÄek (1):
crypto: gcm - Fix IV buffer size in crypto_gcm_setkey
Pan Xinhui (1):
powerpc/nvram: Fix an incorrect partition merge
Paolo Abeni (1):
ip6_tunnel: disable caching when the traffic class is inherited
Paolo Bonzini (1):
KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
Paul Burton (1):
MIPS: Malta: Fix IOCU disable switch read for MIPS64
Paul E. McKenney (1):
compiler: Allow 1- and 2-byte smp_load_acquire() and
smp_store_release()
Paul Mackerras (2):
powerpc/mm: Don't alias user region to other regions below PAGE_OFFSET
powerpc/64: Fix incorrect return value from __copy_tofrom_user
Peter Chen (1):
usb: chipidea: move the lock initialization to core file
Peter Hurley (1):
tty: Prevent ldisc drivers from re-using stale tty fields
Peter Ujfalusi (1):
ASoC: omap-mcpdm: Fix irq resource handling
Peter Zijlstra (4):
sched/core: Fix an SMP ordering race in try_to_wake_up() vs.
schedule()
perf: Tighten (and fix) the grouping condition
arch: Introduce smp_load_acquire(), smp_store_release()
locking: Remove atomicy checks from {READ,WRITE}_ONCE
Petr Vandrovec (1):
Fix USB CB/CBI storage devices with CONFIG_VMAP_STACK=y
Punit Agrawal (1):
ACPI / APEI: Fix incorrect return value of ghes_proc()
Radim KrÄmář (1):
KVM: nVMX: postpone VMCS changes on MSR_IA32_APICBASE write
Richard Weinberger (5):
ubifs: Fix xattr_names length in exit paths
UBIFS: Fix possible memory leak in ubifs_readdir()
ubifs: Abort readdir upon error
ubifs: Fix regression in ubifs_readdir()
drbd: Fix kernel_sendmsg() usage - potential NULL deref
Robin Murphy (1):
ARM: 8616/1: dt: Respect property size when parsing CPUs
Roger Pau Monné (1):
xen-blkback: only read request operation from shared ring once
Ross Zwisler (1):
ext4: allow DAX writeback for hole punch
Russell King (2):
ARM: sa1100: clear reset status prior to reboot
ARM: sa1111: fix pcmcia suspend/resume
Sabrina Dubroca (1):
ipv6: fix rtnl locking in setsockopt for anycast and multicast
Sara Sharon (1):
iwlwifi: pcie: fix access to scratch buffer
Scot Doyle (1):
vt: clear selection before resizing
Sebastian Andrzej Siewior (2):
x86/mm: Disable preemption during CR3 read+write
pstore/core: drop cmpxchg based updates
Sergei Miroshnichenko (1):
can: dev: fix deadlock reported after bus-off
Srinivas Ramana (1):
ARM: 8618/1: decompressor: reset ttbcr fields to use TTBR0 on ARMv7
Stefan Haberland (1):
s390/dasd: fix hanging device after clear subchannel
Stefan Richter (2):
firewire: net: guard against rx buffer overflows
firewire: net: fix fragmented datagram_size off-by-one
Steffen Maier (10):
zfcp: fix fc_host port_type with NPIV
zfcp: fix ELS/GS request&response length for hardware data router
zfcp: close window with unblocked rport during rport gone
zfcp: retain trace level for SCSI and HBA FSF response records
zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace
zfcp: trace on request for open and close of WKA port
zfcp: restore tracing of handle for port and LUN with HBA records
zfcp: fix D_ID field with actual value on tracing SAN responses
zfcp: fix payload trace length for SAN request&response
zfcp: trace full payload of all SAN records (req,resp,iels)
Stephen Suryaputra Lin (1):
ipv4: use new_gw for redirect neigh lookup
Steven Rostedt (1):
x86/paravirt: Do not trace _paravirt_ident_*() functions
Steven Rostedt (Red Hat) (1):
tracing: Move mutex to protect against resetting of seq data
Sumit Saxena (1):
scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression
Takashi Iwai (3):
ALSA: rawmidi: Fix possible deadlock with virmidi registration
ALSA: ali5451: Fix out-of-bound position reporting
ALSA: pcm : Call kill_fasync() in stream lock
Tariq Toukan (1):
IB/uverbs: Fix leak of XRC target QPs
Tejun Heo (1):
timers: Use proper base migration in add_timer_on()
Theodore Ts'o (2):
ext4: validate that metadata blocks do not overlap superblock
ext4: sanity check the block and cluster size at mount time
Trond Myklebust (2):
NFSv4.x: Fix a refcount leak in nfs_callback_up_net
NFSv4: Open state recovery must account for file permission changes
Vegard Nossum (5):
ALSA: timer: fix NULL pointer dereference in read()/ioctl() race
ALSA: timer: fix division by zero after SNDRV_TIMER_IOCTL_CONTINUE
ALSA: timer: fix NULL pointer dereference on memory allocation failure
fs/seq_file: fix out-of-bounds read
net/irda: handle iriap_register_lsap() allocation failure
Vincent Stehlé (1):
ubifs: Fix assertion in layout_in_gaps()
Vineet Gupta (1):
ARC: uaccess: get_user to zero out dest in cause of fault
Vladimir Zapolskiy (1):
i2c: core: fix NULL pointer dereference under race condition
WANG Cong (2):
ppp: defer netns reference release for ppp channel
neigh: check error pointer instead of NULL for ipv4_neigh_lookup()
Wanpeng Li (1):
x86/apic: Do not init irq remapping if ioapic is disabled
Wei Yongjun (1):
ipv6: addrconf: fix dev refcont leak when DAD failed
Will Deacon (2):
arm64: spinlocks: implement smp_mb__before_spinlock() as smp_mb()
arm64: debug: avoid resetting stepping state machine when
TIF_SINGLESTEP
Xiaolong Ye (1):
PM / devfreq: Fix incorrect type issue.
Yadi.hu (1):
i2c-eg20t: fix race between i2c init and interrupt enable
Yoshihiro Shimoda (1):
usb: renesas_usbhs: fix clearing the {BRDY,BEMP}STS condition
zhong jiang (1):
mm,ksm: fix endless looping in allocating memory when ksm enable
arch/alpha/include/asm/uaccess.h | 19 +-
arch/arc/include/asm/uaccess.h | 11 +-
arch/arc/kernel/signal.c | 11 +-
arch/arm/boot/compressed/head.S | 2 +-
arch/arm/common/sa1111.c | 22 +-
arch/arm/include/asm/barrier.h | 15 ++
arch/arm/kernel/devtree.c | 14 +-
arch/arm/mach-sa1100/generic.c | 2 +
arch/arm64/include/asm/barrier.h | 50 ++++
arch/arm64/include/asm/elf.h | 1 +
arch/arm64/include/asm/spinlock.h | 10 +
arch/arm64/include/uapi/asm/auxvec.h | 2 +
arch/arm64/kernel/debug-monitors.c | 6 +-
arch/arm64/kernel/entry.S | 2 +-
arch/arm64/kernel/traps.c | 25 +-
arch/avr32/include/asm/uaccess.h | 11 +-
arch/avr32/kernel/avr32_ksyms.c | 2 +-
arch/avr32/lib/copy_user.S | 8 +-
arch/avr32/mach-at32ap/pio.c | 2 +-
arch/blackfin/include/asm/uaccess.h | 9 +-
arch/cris/include/asm/uaccess.h | 71 +++---
arch/frv/include/asm/uaccess.h | 12 +-
arch/hexagon/include/asm/uaccess.h | 3 +-
arch/ia64/include/asm/barrier.h | 23 ++
arch/ia64/include/asm/uaccess.h | 20 +-
arch/m32r/include/asm/uaccess.h | 2 +-
arch/metag/include/asm/atomic.h | 3 +-
arch/metag/include/asm/barrier.h | 15 ++
arch/metag/include/asm/uaccess.h | 3 +-
arch/microblaze/include/asm/uaccess.h | 11 +-
arch/mips/include/asm/barrier.h | 15 ++
arch/mips/include/asm/kvm_host.h | 7 +-
arch/mips/include/asm/ptrace.h | 2 +-
arch/mips/include/asm/uaccess.h | 3 +
arch/mips/kvm/kvm_mips_emul.c | 100 ++++++--
arch/mips/mti-malta/malta-setup.c | 8 +-
arch/mn10300/include/asm/uaccess.h | 1 +
arch/mn10300/lib/usercopy.c | 4 +-
arch/openrisc/include/asm/uaccess.h | 35 +--
arch/parisc/include/asm/uaccess.h | 7 +-
arch/parisc/kernel/syscall.S | 11 +-
arch/powerpc/include/asm/barrier.h | 21 +-
arch/powerpc/include/asm/uaccess.h | 21 +-
arch/powerpc/kernel/nvram_64.c | 6 +-
arch/powerpc/kernel/vdso64/datapage.S | 2 +-
arch/powerpc/kernel/vdso64/gettimeofday.S | 2 +-
arch/powerpc/lib/copyuser_64.S | 2 +-
arch/powerpc/mm/slb_low.S | 7 +-
arch/powerpc/platforms/powernv/pci.c | 4 +-
arch/s390/include/asm/barrier.h | 15 ++
arch/s390/include/asm/uaccess.h | 8 +-
arch/score/include/asm/uaccess.h | 46 ++--
arch/sh/include/asm/uaccess.h | 5 +-
arch/sh/include/asm/uaccess_64.h | 1 +
arch/sparc/include/asm/barrier_64.h | 15 ++
arch/sparc/include/asm/uaccess_32.h | 4 +-
arch/tile/kernel/time.c | 4 +-
arch/x86/boot/compressed/Makefile | 14 +-
arch/x86/boot/compressed/head_32.S | 28 ++
arch/x86/boot/compressed/head_64.S | 8 +
arch/x86/include/asm/barrier.h | 43 +++-
arch/x86/include/asm/hugetlb.h | 1 +
arch/x86/include/asm/tlbflush.h | 7 +
arch/x86/include/asm/uaccess.h | 2 +-
arch/x86/kernel/apic/apic.c | 3 +
arch/x86/kernel/head_32.S | 2 +-
arch/x86/kernel/paravirt.c | 4 +-
arch/x86/kvm/vmx.c | 13 +
arch/x86/kvm/x86.c | 20 +-
arch/x86/mm/pat.c | 5 +-
arch/x86/um/asm/barrier.h | 6 +-
arch/x86/xen/mmu.c | 2 +-
block/cfq-iosched.c | 13 +-
crypto/ablkcipher.c | 2 +
crypto/af_alg.c | 51 +++-
crypto/ahash.c | 5 +-
crypto/algif_hash.c | 165 +++++++++++-
crypto/algif_skcipher.c | 172 +++++++++++--
crypto/blkcipher.c | 4 +-
crypto/cryptd.c | 9 +-
crypto/gcm.c | 2 +-
crypto/shash.c | 5 +-
drivers/acpi/apei/ghes.c | 2 +-
drivers/base/core.c | 42 ++-
drivers/block/drbd/drbd_main.c | 2 +-
drivers/block/xen-blkback/common.h | 8 +-
drivers/char/hw_random/exynos-rng.c | 9 +-
drivers/char/hw_random/omap-rng.c | 16 +-
drivers/char/mem.c | 6 +-
drivers/devfreq/devfreq.c | 2 +-
drivers/edac/edac_mc.c | 2 +-
drivers/firewire/net.c | 59 +++--
drivers/gpio/gpio-mpc8xxx.c | 2 +-
drivers/gpu/drm/drm_crtc.c | 3 +
drivers/gpu/drm/qxl/qxl_draw.c | 2 +
drivers/gpu/drm/radeon/atombios_crtc.c | 2 +
drivers/gpu/drm/radeon/radeon_legacy_crtc.c | 2 +
drivers/gpu/drm/radeon/radeon_ttm.c | 4 +-
drivers/hv/hv_util.c | 10 +-
drivers/hwmon/adt7411.c | 5 +-
drivers/i2c/busses/i2c-at91.c | 58 ++++-
drivers/i2c/busses/i2c-eg20t.c | 18 +-
drivers/i2c/i2c-core.c | 2 +-
drivers/iio/accel/kxsd9.c | 2 +
drivers/infiniband/core/cm.c | 127 +++++++--
drivers/infiniband/core/multicast.c | 13 +-
drivers/infiniband/core/uverbs_main.c | 7 +-
drivers/infiniband/hw/mlx4/cq.c | 5 +-
drivers/infiniband/hw/mlx4/mcg.c | 14 +-
drivers/infiniband/ulp/ipoib/ipoib.h | 1 +
drivers/infiniband/ulp/ipoib/ipoib_cm.c | 16 ++
drivers/infiniband/ulp/ipoib/ipoib_ib.c | 9 +
drivers/infiniband/ulp/ipoib/ipoib_main.c | 2 +-
drivers/infiniband/ulp/srpt/ib_srpt.c | 59 +----
drivers/input/serio/i8042.c | 17 +-
drivers/input/serio/libps2.c | 10 +-
drivers/input/touchscreen/ili210x.c | 2 +-
drivers/iommu/amd_iommu.c | 13 +-
drivers/isdn/hardware/mISDN/ipac.h | 1 +
drivers/isdn/hardware/mISDN/mISDNipac.c | 2 +
drivers/isdn/mISDN/socket.c | 3 +
drivers/md/dm-flakey.c | 27 +-
drivers/md/dm.c | 5 +
drivers/media/dvb-frontends/mb86a20s.c | 104 ++++----
drivers/media/usb/cx231xx/cx231xx-avcore.c | 5 +-
drivers/media/usb/cx231xx/cx231xx-cards.c | 2 +-
drivers/media/usb/cx231xx/cx231xx-core.c | 3 +-
drivers/media/usb/em28xx/em28xx-i2c.c | 5 +-
drivers/mfd/mfd-core.c | 2 +
drivers/misc/mei/nfc.c | 2 +-
drivers/mmc/card/block.c | 3 +-
drivers/mmc/host/mxs-mmc.c | 4 +-
drivers/mtd/maps/pmcmsp-flash.c | 6 +-
drivers/mtd/mtd_blkdevs.c | 10 +-
drivers/mtd/nand/davinci_nand.c | 3 +
drivers/mtd/ubi/fastmap.c | 7 +-
drivers/net/bonding/bond_main.c | 7 +-
drivers/net/can/dev.c | 27 +-
drivers/net/ethernet/marvell/sky2.c | 13 +
drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 +-
drivers/net/ppp/ppp_generic.c | 5 +-
drivers/net/usb/kaweth.c | 3 +-
.../net/wireless/brcm80211/brcmfmac/wl_cfg80211.c | 2 +-
drivers/net/wireless/brcm80211/brcmsmac/dma.c | 4 +-
drivers/net/wireless/brcm80211/brcmsmac/stf.c | 2 +-
drivers/net/wireless/iwlwifi/pcie/tx.c | 4 +-
drivers/net/wireless/mwifiex/cfg80211.c | 13 +-
drivers/net/xen-netback/netback.c | 34 ++-
drivers/pci/quirks.c | 41 ++-
drivers/regulator/tps65910-regulator.c | 6 +
drivers/s390/block/dasd.c | 10 +-
drivers/s390/scsi/zfcp_dbf.c | 162 ++++++++++--
drivers/s390/scsi/zfcp_dbf.h | 14 +-
drivers/s390/scsi/zfcp_erp.c | 12 +-
drivers/s390/scsi/zfcp_ext.h | 8 +-
drivers/s390/scsi/zfcp_fsf.c | 22 +-
drivers/s390/scsi/zfcp_fsf.h | 4 +-
drivers/s390/scsi/zfcp_scsi.c | 8 +-
drivers/scsi/arcmsr/arcmsr_hba.c | 17 +-
drivers/scsi/ibmvscsi/ibmvfc.c | 1 -
drivers/scsi/megaraid/megaraid_sas.h | 2 +-
drivers/scsi/megaraid/megaraid_sas_base.c | 13 +-
drivers/scsi/mpt2sas/mpt2sas_scsih.c | 15 ++
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 14 +
drivers/scsi/scsi_debug.c | 1 +
drivers/scsi/scsi_scan.c | 2 +-
drivers/staging/iio/impedance-analyzer/ad5933.c | 17 +-
drivers/thermal/thermal_core.c | 2 +-
drivers/tty/tty_ldisc.c | 7 +
drivers/tty/vt/vt.c | 7 +-
drivers/uio/uio_dmem_genirq.c | 2 +-
drivers/usb/chipidea/core.c | 1 +
drivers/usb/chipidea/udc.c | 2 -
drivers/usb/class/cdc-acm.c | 5 +-
drivers/usb/class/cdc-acm.h | 1 -
drivers/usb/core/config.c | 93 ++++++-
drivers/usb/dwc3/gadget.c | 19 +-
drivers/usb/gadget/fsl_qe_udc.c | 7 +-
drivers/usb/gadget/u_ether.c | 7 -
drivers/usb/host/xhci-hub.c | 3 +
drivers/usb/misc/legousbtower.c | 35 ++-
drivers/usb/renesas_usbhs/mod.c | 11 +-
drivers/usb/serial/cp210x.c | 6 +-
drivers/usb/serial/kobil_sct.c | 5 +-
drivers/usb/serial/mos7720.c | 2 +-
drivers/usb/serial/mos7840.c | 4 +-
drivers/usb/serial/usb-serial.c | 4 +-
drivers/usb/storage/transport.c | 7 +-
drivers/video/efifb.c | 6 +-
drivers/xen/xen-pciback/conf_space.c | 6 +-
drivers/xen/xen-pciback/conf_space.h | 2 +-
drivers/xen/xen-pciback/conf_space_header.c | 2 +-
drivers/xen/xen-pciback/pciback.h | 1 +
drivers/xen/xen-pciback/pciback_ops.c | 75 ++++--
fs/btrfs/ioctl.c | 12 +
fs/coredump.c | 3 +
fs/ext4/ext4.h | 1 +
fs/ext4/inode.c | 50 ++--
fs/ext4/mballoc.c | 47 ++--
fs/ext4/namei.c | 9 +-
fs/ext4/super.c | 53 +++-
fs/ext4/xattr.c | 13 +-
fs/hostfs/hostfs_kern.c | 7 +-
fs/isofs/inode.c | 8 +-
fs/nfs/callback.c | 1 +
fs/nfs/callback_xdr.c | 6 +-
fs/nfs/nfs4state.c | 3 +
fs/nfsd/nfs4state.c | 3 +-
fs/ocfs2/dlm/dlmconvert.c | 12 +-
fs/ocfs2/file.c | 34 ++-
fs/pstore/ram_core.c | 51 +---
fs/reiserfs/ibalance.c | 3 +-
fs/reiserfs/super.c | 12 +-
fs/seq_file.c | 4 +-
fs/super.c | 6 +-
fs/ubifs/dir.c | 22 +-
fs/ubifs/tnc_commit.c | 2 +-
fs/ubifs/xattr.c | 2 +
fs/xfs/xfs_dquot.c | 3 +-
fs/xfs/xfs_mount.c | 3 +-
include/asm-generic/barrier.h | 15 ++
include/asm-generic/uaccess.h | 20 +-
include/crypto/hash.h | 6 +
include/crypto/if_alg.h | 11 +-
include/linux/can/dev.h | 3 +-
include/linux/compiler.h | 67 +++++
include/linux/crypto.h | 8 +
include/linux/filter.h | 6 +-
include/linux/i8042.h | 6 -
include/linux/mfd/88pm80x.h | 4 +-
include/linux/mroute.h | 2 +-
include/linux/mroute6.h | 2 +-
include/linux/netdevice.h | 1 +
include/linux/pagemap.h | 38 +--
include/linux/perf_event.h | 6 -
include/linux/sem.h | 1 +
include/linux/serio.h | 24 +-
include/linux/stddef.h | 15 +-
include/linux/vfio.h | 14 -
include/net/if_inet6.h | 10 +-
include/net/ip6_tunnel.h | 1 +
include/net/ndisc.h | 2 +
include/net/sock.h | 16 +-
include/net/tcp.h | 3 +
include/xen/interface/io/ring.h | 14 +
ipc/msg.c | 34 +--
ipc/sem.c | 155 ++++++-----
ipc/shm.c | 42 +--
ipc/util.c | 6 +-
kernel/events/core.c | 15 +-
kernel/fork.c | 10 +-
kernel/power/suspend_test.c | 4 +-
kernel/rcutree_plugin.h | 1 +
kernel/sched/core.c | 41 +++
kernel/timer.c | 19 +-
kernel/trace/trace.c | 32 +--
lib/genalloc.c | 3 +-
lib/mpi/mpi-pow.c | 7 +-
lib/ratelimit.c | 2 +-
mm/ksm.c | 3 +-
mm/swapfile.c | 2 +
net/can/bcm.c | 32 ++-
net/core/dev.c | 18 +-
net/core/dst.c | 4 +-
net/core/filter.c | 10 +-
net/core/sock.c | 10 +-
net/dccp/ipv4.c | 14 +-
net/dccp/ipv6.c | 16 +-
net/dccp/proto.c | 4 +
net/ipv4/ip_fragment.c | 4 +
net/ipv4/ip_output.c | 3 +
net/ipv4/ipmr.c | 3 +-
net/ipv4/route.c | 9 +-
net/ipv4/tcp_ipv4.c | 22 +-
net/ipv4/tcp_output.c | 15 +-
net/ipv6/addrconf.c | 283 ++++++++++++++-------
net/ipv6/af_inet6.c | 6 +
net/ipv6/anycast.c | 12 +
net/ipv6/ip6_gre.c | 1 -
net/ipv6/ip6_tunnel.c | 13 +-
net/ipv6/ip6mr.c | 5 +-
net/ipv6/mcast.c | 14 +
net/ipv6/ndisc.c | 18 +-
net/ipv6/netfilter/nf_conntrack_reasm.c | 3 +
net/ipv6/reassembly.c | 4 +
net/ipv6/route.c | 4 +-
net/ipv6/tcp_ipv6.c | 14 +-
net/irda/iriap.c | 8 +-
net/mac80211/cfg.c | 2 +-
net/mac80211/rx.c | 24 +-
net/mac80211/tx.c | 6 +-
net/netfilter/ipvs/ip_vs_proto_tcp.c | 25 +-
net/netfilter/nf_log.c | 6 +-
net/packet/af_packet.c | 1 +
net/sctp/sm_statefuns.c | 12 +-
net/sctp/socket.c | 12 +-
net/sunrpc/svc.c | 8 +-
net/wireless/core.h | 1 +
net/wireless/scan.c | 69 +++++
security/keys/proc.c | 2 +-
sound/core/pcm_lib.c | 2 +-
sound/core/rawmidi.c | 4 +-
sound/core/timer.c | 20 +-
sound/pci/ali5451/ali5451.c | 2 +
sound/soc/omap/omap-mcpdm.c | 5 +-
tools/perf/util/symbol-elf.c | 2 +-
tools/perf/util/symbol.c | 2 +-
tools/vm/slabinfo.c | 3 +-
308 files changed, 3354 insertions(+), 1327 deletions(-)
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply [flat|nested] 35+ messages in thread
* [PATCH 3.10 000/319] 3.10.105-stable review
@ 2017-02-05 19:09 ` Willy Tarreau
0 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Willy Tarreau
This is the start of the stable review cycle for the 3.10.105 release.
NOTE! This series is quite large as I've caught up with many pending fixes
that were submitted for -stable long ago and that I had been holding on
since 3.10.103 due to limited time. Most fixes address stability issues
in crypto, net, usb, scsi, kvm, random info leaks, and risks of oopses
in various subsystems. My pending queue is now empty.
It builds fine here on i586 and x86_64 for allmodconfig and on armv7 with
mvebu_defconfig.
All patches will be posted as a response to this one. If anyone has any
issue with these being applied, please let me know. If anyone thinks some
important patches are missing and should be added prior to the release,
please report them quickly with their respective mainline commit IDs.
Responses should be made by Fri Feb 10 10:00:00 CET 2017.
Anything received after that time might be too late. If someone
wants a bit more time for a deeper review, please let me know.
The whole patch series can be found in one patch at :
https://kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.10.105-rc1.gz
The shortlog and diffstat are appended below.
Thanks,
Willy
===============
Al Viro (28):
avr32: fix copy_from_user()
microblaze: fix __get_user()
microblaze: fix copy_from_user()
mn10300: failing __get_user() and get_user() should zero
m32r: fix __get_user()
sh64: failing __get_user() should zero
score: fix __get_user/get_user
s390: get_user() should zero on failure
asm-generic: make get_user() clear the destination on errors
frv: fix clear_user()
cris: buggered copy_from_user/copy_to_user/clear_user
blackfin: fix copy_from_user()
score: fix copy_from_user() and friends
sh: fix copy_from_user()
hexagon: fix strncpy_from_user() error return
mips: copy_from_user() must zero the destination on access_ok()
failure
asm-generic: make copy_from_user() zero the destination properly
alpha: fix copy_from_user()
metag: copy_from_user() should zero the destination on access_ok()
failure
parisc: fix copy_from_user()
openrisc: fix copy_from_user()
mn10300: copy_from_user() should zero on access_ok() failure...
sparc32: fix copy_from_user()
ppc32: fix copy_from_user()
ia64: copy_from_user() should zero the destination on access_ok()
failure
fix fault_in_multipages_...() on architectures with no-op access_ok()
fix memory leaks in tracing_buffers_splice_read()
arc: don't leak bits of kernel stack into coredump
Alan Stern (3):
USB: validate wMaxPacketValue entries in endpoint descriptors
USB: fix typo in wMaxPacketSize validation
USB: change bInterval default to 10 ms
Alex Vesker (2):
IB/ipoib: Don't allow MC joins during light MC flush
IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV
Alexander Usyskin (1):
mei: bus: fix received data size check in NFC fixup
Alexey Khoroshilov (2):
USB: serial: mos7720: fix non-atomic allocation in write path
USB: serial: mos7840: fix non-atomic allocation in write path
Alexey Klimov (1):
USB: serial: fix memleak in driver-registration error path
Andrew Bresticker (1):
pstore/ram: Use memcpy_fromio() to save old buffer
Andrey Grodzovsky (2):
scsi: mpt3sas: Fix secure erase premature termination
mpt2sas: Fix secure erase premature termination
Andrey Ryabinin (2):
coredump: fix unfreezable coredumping task
mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]
Andy Lutomirski (1):
x86/traps: Ignore high word of regs->cs in early_idt_handler_common
Anoob Soman (1):
packet: call fanout_release, while UNREGISTERING a netdev
Anton Blanchard (1):
powerpc/vdso64: Use double word compare on pointers
Ard Biesheuvel (1):
crypto: cryptd - initialize child shash_desc on import
Arend Van Spriel (1):
brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()
Arnaldo Carvalho de Melo (1):
perf symbols: Fixup symbol sizes before picking best ones
Arnd Bergmann (1):
staging: iio: ad5933: avoid uninitialized variable in error case
Ashish Samant (1):
ocfs2: fix start offset to ocfs2_zero_range_for_truncate()
Balbir Singh (1):
sched/core: Fix a race between try_to_wake_up() and a woken up task
Baoquan He (1):
iommu/amd: Free domain id when free a domain of struct dma_ops_domain
Bart Van Assche (2):
IB/srpt: Simplify srpt_handle_tsk_mgmt()
dm: mark request_queue dead before destroying the DM device
Ben Hutchings (1):
xen-pciback: Add name prefix to global 'permissive' variable
Boris Brezillon (1):
UBI: fastmap: scrub PEB when bitflips are detected in a free PEB EC
header
Brian King (1):
scsi: ibmvfc: Fix I/O hang when port is not mapped
Brian Norris (2):
mtd: blkdevs: fix potential deadlock + lockdep warnings
mwifiex: printk() overflow with 32-byte SSIDs
Ching Huang (1):
scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
Chris Metcalf (1):
tile: avoid using clocksource_cyc2ns with absolute cycle count
Christian Borntraeger (2):
kernel: Provide READ_ONCE and ASSIGN_ONCE
kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val)
Christian K�nig (1):
drm/radeon: fix radeon_move_blit on 32bit systems
Chuck Lever (2):
NFS: Don't drop CB requests with invalid principals
svc: Avoid garbage replies when pc_func() returns rpc_drop_reply
Cyrille Pitchen (1):
i2c: at91: fix write transfers by clearing pending interrupt first
Daeho Jeong (2):
ext4: avoid modifying checksum fields directly during checksum
verification
ext4: reinforce check of i_dtime when clearing high fields of uid and
gid
Dan Carpenter (10):
avr32: off by one in at32_init_pio()
usb: gadget: fsl_qe_udc: signedness bug in qe_get_frame()
scsi: zfcp: spin_lock_irqsave() is not nestable
scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer()
hostfs: Freeing an ERR_PTR in hostfs_fill_sb_common()
qxl: check for kmap failures
em28xx-i2c: rt_mutex_trylock() returns zero on failure
mtd: pmcmsp-flash: Allocating too much in init_msp_flash()
tools/vm/slabinfo: fix an unintentional printf
mfd: 88pm80x: Double shifting bug in suspend/resume
Daniel Gl�ckner (1):
mmc: block: don't use CMD23 with very old MMC cards
Daniel Mentz (1):
lib/genalloc.c: start search from start of chunk
Daniel Vetter (1):
drm: Reject page_flip for !DRIVER_MODESET
Darrick J. Wong (1):
libxfs: clean up _calc_dquots_per_chunk
Dave Chinner (1):
xfs: fix superblock inprogress check
Dave Gerlach (1):
hwrng: omap - Only fail if pm_runtime_get_sync returns < 0
David Howells (1):
KEYS: Fix short sprintf buffer in /proc/keys show function
David Vrabel (3):
xen: Add RING_COPY_REQUEST()
xen-netback: don't use last request to determine minimum Tx credit
xen-netback: use RING_COPY_REQUEST() throughout
Denys Vlasenko (1):
include/stddef.h: Move offsetofend() from vfio.h to a generic kernel
header
Ding Tianhong (1):
rcu: Fix soft lockup for rcu_nocb_kthread
Dmitry Torokhov (3):
Input: i8042 - break load dependency between atkbd/psmouse and i8042
Input: i8042 - set up shared ps2_cmd_mutex for AUX ports
Input: ili210x - fix permissions on "calibrate" attribute
Dmitry Vyukov (1):
tty: limit terminal size to 4M chars
Douglas Caetano dos Santos (1):
tcp: fix wrong checksum calculation on MTU probing
Eli Cooper (2):
ip6_tunnel: Clear IP6CB in ip6tunnel_xmit()
ipv4: Set skb->protocol properly for local output
Emmanouil Maroudas (1):
EDAC: Increment correct counter in edac_inc_ue_error()
Emrah Demir (1):
mISDN: Fixing missing validation in base_sock_bind()
Erez Shitrit (2):
IB/ipoib: Fix memory corruption in ipoib cm mode connect flow
IB/core: Fix use after free in send_leave function
Eric Dumazet (12):
ipv6: dccp: fix out of bound access in dccp_v6_err()
ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
tcp: fix use after free in tcp_xmit_retransmit_queue()
tcp: properly scale window in tcp_v[46]_reqsk_send_ack()
tcp: fix overflow in __tcp_retransmit_skb()
tcp: take care of truncations done by sk_filter()
net: fix sk_mem_reclaim_partial()
net: avoid sk_forward_alloc overflows
net: clear sk_err_soft in sk_clone_lock()
net: mangle zero checksum in skb_checksum_help()
dccp: do not send reset to already closed sockets
dccp: fix out of bound access in dccp_v4_err()
Ewan D. Milne (1):
scsi: scsi_debug: Fix memory leak if LBP enabled and module is
unloaded
Fabio Estevam (1):
mmc: mxs: Initialize the spinlock prior to using it
Felipe Balbi (3):
usb: dwc3: gadget: increment request->actual once
usb: gadget: function: u_ether: don't starve tx request queue
usb: gadget: u_ether: remove interrupt throttling
Felix Fietkau (1):
mac80211: fix purging multicast PS buffer queue
Florian Fainelli (2):
brcmsmac: Free packet if dma_mapping_error() fails in dma_rxfill
brcmsmac: Initialize power in brcms_c_stf_ss_algo_channel_get()
Furquan Shaikh (1):
pstore/ram: Use memcpy_toio instead of memcpy
Gavin Li (1):
cdc-acm: fix wrong pipe type on rx interrupt xfers
Gavin Shan (2):
powerpc/powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data()
drivers/vfio: Rework offsetofend()
Glauber Costa (1):
cfq: fix starvation of asynchronous writes
Greg Kroah-Hartman (1):
usb: misc: legousbtower: Fix NULL pointer deference
Guenter Roeck (3):
avr32: fix 'undefined reference to `___copy_from_user'
openrisc: fix the fix of copy_from_user()
metag: Only define atomic_dec_if_positive conditionally
H.J. Lu (1):
x86/build: Build compressed x86 kernels as PIE
Hannes Frederic Sowa (2):
ipv6: split duplicate address detection and router solicitation timer
ipv6: move DAD and addrconf_verify processing to workqueue
Herbert Xu (17):
crypto: algif_skcipher - Require setkey before accept(2)
crypto: af_alg - Disallow bind/setkey/... after accept(2)
crypto: af_alg - Add nokey compatibility path
crypto: algif_skcipher - Add nokey compatibility path
crypto: hash - Add crypto_ahash_has_setkey
crypto: shash - Fix has_key setting
crypto: algif_hash - Require setkey before accept(2)
crypto: skcipher - Add crypto_skcipher_has_setkey
crypto: algif_skcipher - Add key check exception for cipher_null
crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey
path
crypto: algif_hash - Remove custom release parent function
crypto: algif_skcipher - Remove custom release parent function
crypto: af_alg - Forbid bind(2) when nokey child sockets are present
crypto: algif_hash - Fix race condition in hash_check_key
crypto: algif_skcipher - Fix race condition in skcipher_check_key
crypto: algif_skcipher - Load TX SG list after waiting
crypto: skcipher - Fix blkcipher walk OOM crash
Ido Yariv (1):
KVM: x86: fix wbinvd_dirty_mask use-after-free
Ignacio Alvarado (1):
KVM: Disable irq while unregistering user notifier
Jack Morgenstein (1):
net/mlx4_core: Allow resetting VF admin mac to zero
Jaewon Kim (1):
ratelimit: fix bug in time interval by resetting right begin time
James Hogan (4):
KVM: MIPS: Precalculate MMIO load resume PC
KVM: MIPS: Drop other CPU ASIDs on guest MMU changes
KVM: MIPS: Make ERET handle ERL before EXL
arm64: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
Jan Beulich (1):
x86/mm/xen: Suppress hugetlbfs in PV guests
Jan Kara (1):
isofs: Do not return EACCES for unknown filesystems
Jan Remmet (1):
regulator: tps65910: Work around silicon erratum SWCZ010
Jan Viktorin (1):
uio: fix dmem_region_start computation
Jann Horn (2):
swapfile: fix memory corruption via malformed swapfile
netfilter: fix namespace handling in nf_log_proc_dostring
Jeff Mahoney (2):
reiserfs: fix "new_insert_key may be used uninitialized ..."
btrfs: ensure that file descriptor used with subvol ioctls is a dir
Jeremy Linton (1):
net: sky2: Fix shutdown crash
Jim Lin (1):
usb: xhci: Fix panic if disconnect
Jiri Kosina (1):
x86/mm/pat, /dev/mem: Remove superfluous error message
Jiri Slaby (2):
tty: vt, fix bogus division in csi_J
net: sctp, forbid negative length
Joe Perches (2):
stddef.h: move offsetofend inside #ifndef/#endif guard, neaten
ipc: remove use of seq_printf return value
Joerg Roedel (1):
iommu/amd: Update Alias-DTE in update_device_table()
Johan Hovold (4):
USB: kobil_sct: fix non-atomic allocation in write path
USB: serial: cp210x: fix tiocmget error handling
mfd: core: Fix device reference leak in mfd_clone_cell
PM / sleep: fix device reference leak in test_suspend
Johannes Berg (2):
mac80211: discard multicast and 4-addr A-MSDUs
cfg80211: limit scan results cache size
John David Anglin (1):
parisc: Ensure consistent state when switching to kernel stack at
syscall entry
Joseph Qi (1):
ocfs2/dlm: fix race between convert and migration
Juergen Gross (1):
x86/xen: fix upper bound of pmd loop in xen_cleanhighmap()
Karl Beldan (1):
mtd: nand: davinci: Reinitialize the HW ECC engine in 4bit hwctl
Kashyap Desai (1):
scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough)
devices
Kinglong Mee (1):
NFSD: Using free_conn free connection
Konrad Rzeszutek Wilk (6):
xen/pciback: Save xen_pci_op commands before processing it
xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI
or MSI-X enabled
xen/pciback: Return error on XEN_PCI_OP_enable_msix when device has
MSI or MSI-X enabled
xen/pciback: Do not install an IRQ handler for MSI interrupts.
xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has
MSI(X) enabled.
xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
Konstantin Khlebnikov (2):
ext4: use __GFP_NOFAIL in ext4_free_blocks()
net: ratelimit warnings about dst entry refcount underflow or overflow
Konstantin Shkolnyy (1):
USB: serial: cp210x: fix hardware flow-control disable
Krzysztof Kozlowski (2):
hwrng: exynos - Disable runtime PM on probe failure
thermal: hwmon: Properly report critical temperature in sysfs
Lance Richardson (1):
ip6_gre: fix flowi6_proto value in ip6gre_xmit_other()
Linus Torvalds (2):
Fix potential infoleak in older kernels
kernel: make READ_ONCE() valid on const arguments
Linus Walleij (2):
iio: accel: kxsd9: Fix raw read return
iio: accel: kxsd9: Fix scaling bug
Liu Gang (1):
gpio: mpc8xxx: Correct irq handler function
Liu ShuoX (1):
pstore: Fix buffer overflow while write offset equal to buffer size
Long Li (1):
hv: do not lose pending heartbeat vmbus packets
Maciej S. Szmigiero (1):
mISDN: Support DR6 indication in mISDNipac driver
Mahesh Bandewar (1):
bonding: Fix bonding crash
Manfred Spraul (1):
ipc/sem.c: fix complex_count vs. simple op race
Marcelo Ricardo Leitner (2):
sctp: validate chunk len before actually using it
sctp: assign assoc_id earlier in __sctp_connect
Marcin Nowakowski (1):
MIPS: ptrace: Fix regs_return_value for kernel context
Mark Bloch (1):
IB/cm: Mark stale CM id's whenever the mad agent was unregistered
Mark Rutland (1):
arm64: avoid returning from bad_mode
Markus Elfring (1):
driver core: Delete an unnecessary check before the function call
"put_device"
Matan Barak (1):
IB/mlx4: Fix create CQ error flow
Mauro Carvalho Chehab (4):
mb86a20s: fix the locking logic
mb86a20s: fix demod settings
cx231xx: don't return error on success
cx231xx: fix GPIOs for Pixelview SBTVD hybrid
Max Staudt (1):
fbdev/efifb: Fix 16 color palette entry calculation
Michael S. Tsirkin (1):
x86/um: reuse asm-generic/barrier.h
Michael Walle (1):
hwmon: (adt7411) set bit 3 in CFG1 register
Michal Hocko (1):
kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd
Michal Kubecek (2):
net: disable fragment reassembly if high_thresh is set to zero
ipvs: count pre-established TCP states as active
Michal Kubeček (1):
ipv6: don't call fib6_run_gc() until routing is ready
Michel D�nzer (1):
drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to
on
Mike Galbraith (1):
reiserfs: Unlock superblock before calling reiserfs_quota_on_mount()
Mike Snitzer (1):
dm flakey: fix reads to be issued if drop_writes configured
Ming Lei (2):
scsi: Fix use-after-free
driver core: fix race between creating/querying glue dir and its
cleanup
Myron Stowe (1):
PCI: Handle read-only BARs on AMD CS553x devices
Nicholas Mc Guire (1):
MIPS: KVM: Fix unused variable build warning
Nicolas Dichtel (1):
ipv6: correctly add local routes when lo goes up
Nikolay Aleksandrov (1):
ipmr, ip6mr: fix scheduling while atomic and a deadlock with
ipmr_get_route
Nishanth Menon (1):
hwrng: omap - Fix assumption that runtime_get_sync will always succeed
Oleg Nesterov (1):
fs/super.c: fix race between freeze_super() and thaw_super()
Oliver Hartkopp (1):
can: bcm: fix warning in bcm_connect/proc_register
Oliver Neukum (1):
kaweth: fix firmware download
Ondrej Mosnáček (1):
crypto: gcm - Fix IV buffer size in crypto_gcm_setkey
Pan Xinhui (1):
powerpc/nvram: Fix an incorrect partition merge
Paolo Abeni (1):
ip6_tunnel: disable caching when the traffic class is inherited
Paolo Bonzini (1):
KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
Paul Burton (1):
MIPS: Malta: Fix IOCU disable switch read for MIPS64
Paul E. McKenney (1):
compiler: Allow 1- and 2-byte smp_load_acquire() and
smp_store_release()
Paul Mackerras (2):
powerpc/mm: Don't alias user region to other regions below PAGE_OFFSET
powerpc/64: Fix incorrect return value from __copy_tofrom_user
Peter Chen (1):
usb: chipidea: move the lock initialization to core file
Peter Hurley (1):
tty: Prevent ldisc drivers from re-using stale tty fields
Peter Ujfalusi (1):
ASoC: omap-mcpdm: Fix irq resource handling
Peter Zijlstra (4):
sched/core: Fix an SMP ordering race in try_to_wake_up() vs.
schedule()
perf: Tighten (and fix) the grouping condition
arch: Introduce smp_load_acquire(), smp_store_release()
locking: Remove atomicy checks from {READ,WRITE}_ONCE
Petr Vandrovec (1):
Fix USB CB/CBI storage devices with CONFIG_VMAP_STACK=y
Punit Agrawal (1):
ACPI / APEI: Fix incorrect return value of ghes_proc()
Radim Krčmář (1):
KVM: nVMX: postpone VMCS changes on MSR_IA32_APICBASE write
Richard Weinberger (5):
ubifs: Fix xattr_names length in exit paths
UBIFS: Fix possible memory leak in ubifs_readdir()
ubifs: Abort readdir upon error
ubifs: Fix regression in ubifs_readdir()
drbd: Fix kernel_sendmsg() usage - potential NULL deref
Robin Murphy (1):
ARM: 8616/1: dt: Respect property size when parsing CPUs
Roger Pau Monn� (1):
xen-blkback: only read request operation from shared ring once
Ross Zwisler (1):
ext4: allow DAX writeback for hole punch
Russell King (2):
ARM: sa1100: clear reset status prior to reboot
ARM: sa1111: fix pcmcia suspend/resume
Sabrina Dubroca (1):
ipv6: fix rtnl locking in setsockopt for anycast and multicast
Sara Sharon (1):
iwlwifi: pcie: fix access to scratch buffer
Scot Doyle (1):
vt: clear selection before resizing
Sebastian Andrzej Siewior (2):
x86/mm: Disable preemption during CR3 read+write
pstore/core: drop cmpxchg based updates
Sergei Miroshnichenko (1):
can: dev: fix deadlock reported after bus-off
Srinivas Ramana (1):
ARM: 8618/1: decompressor: reset ttbcr fields to use TTBR0 on ARMv7
Stefan Haberland (1):
s390/dasd: fix hanging device after clear subchannel
Stefan Richter (2):
firewire: net: guard against rx buffer overflows
firewire: net: fix fragmented datagram_size off-by-one
Steffen Maier (10):
zfcp: fix fc_host port_type with NPIV
zfcp: fix ELS/GS request&response length for hardware data router
zfcp: close window with unblocked rport during rport gone
zfcp: retain trace level for SCSI and HBA FSF response records
zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace
zfcp: trace on request for open and close of WKA port
zfcp: restore tracing of handle for port and LUN with HBA records
zfcp: fix D_ID field with actual value on tracing SAN responses
zfcp: fix payload trace length for SAN request&response
zfcp: trace full payload of all SAN records (req,resp,iels)
Stephen Suryaputra Lin (1):
ipv4: use new_gw for redirect neigh lookup
Steven Rostedt (1):
x86/paravirt: Do not trace _paravirt_ident_*() functions
Steven Rostedt (Red Hat) (1):
tracing: Move mutex to protect against resetting of seq data
Sumit Saxena (1):
scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression
Takashi Iwai (3):
ALSA: rawmidi: Fix possible deadlock with virmidi registration
ALSA: ali5451: Fix out-of-bound position reporting
ALSA: pcm : Call kill_fasync() in stream lock
Tariq Toukan (1):
IB/uverbs: Fix leak of XRC target QPs
Tejun Heo (1):
timers: Use proper base migration in add_timer_on()
Theodore Ts'o (2):
ext4: validate that metadata blocks do not overlap superblock
ext4: sanity check the block and cluster size at mount time
Trond Myklebust (2):
NFSv4.x: Fix a refcount leak in nfs_callback_up_net
NFSv4: Open state recovery must account for file permission changes
Vegard Nossum (5):
ALSA: timer: fix NULL pointer dereference in read()/ioctl() race
ALSA: timer: fix division by zero after SNDRV_TIMER_IOCTL_CONTINUE
ALSA: timer: fix NULL pointer dereference on memory allocation failure
fs/seq_file: fix out-of-bounds read
net/irda: handle iriap_register_lsap() allocation failure
Vincent Stehl� (1):
ubifs: Fix assertion in layout_in_gaps()
Vineet Gupta (1):
ARC: uaccess: get_user to zero out dest in cause of fault
Vladimir Zapolskiy (1):
i2c: core: fix NULL pointer dereference under race condition
WANG Cong (2):
ppp: defer netns reference release for ppp channel
neigh: check error pointer instead of NULL for ipv4_neigh_lookup()
Wanpeng Li (1):
x86/apic: Do not init irq remapping if ioapic is disabled
Wei Yongjun (1):
ipv6: addrconf: fix dev refcont leak when DAD failed
Will Deacon (2):
arm64: spinlocks: implement smp_mb__before_spinlock() as smp_mb()
arm64: debug: avoid resetting stepping state machine when
TIF_SINGLESTEP
Xiaolong Ye (1):
PM / devfreq: Fix incorrect type issue.
Yadi.hu (1):
i2c-eg20t: fix race between i2c init and interrupt enable
Yoshihiro Shimoda (1):
usb: renesas_usbhs: fix clearing the {BRDY,BEMP}STS condition
zhong jiang (1):
mm,ksm: fix endless looping in allocating memory when ksm enable
arch/alpha/include/asm/uaccess.h | 19 +-
arch/arc/include/asm/uaccess.h | 11 +-
arch/arc/kernel/signal.c | 11 +-
arch/arm/boot/compressed/head.S | 2 +-
arch/arm/common/sa1111.c | 22 +-
arch/arm/include/asm/barrier.h | 15 ++
arch/arm/kernel/devtree.c | 14 +-
arch/arm/mach-sa1100/generic.c | 2 +
arch/arm64/include/asm/barrier.h | 50 ++++
arch/arm64/include/asm/elf.h | 1 +
arch/arm64/include/asm/spinlock.h | 10 +
arch/arm64/include/uapi/asm/auxvec.h | 2 +
arch/arm64/kernel/debug-monitors.c | 6 +-
arch/arm64/kernel/entry.S | 2 +-
arch/arm64/kernel/traps.c | 25 +-
arch/avr32/include/asm/uaccess.h | 11 +-
arch/avr32/kernel/avr32_ksyms.c | 2 +-
arch/avr32/lib/copy_user.S | 8 +-
arch/avr32/mach-at32ap/pio.c | 2 +-
arch/blackfin/include/asm/uaccess.h | 9 +-
arch/cris/include/asm/uaccess.h | 71 +++---
arch/frv/include/asm/uaccess.h | 12 +-
arch/hexagon/include/asm/uaccess.h | 3 +-
arch/ia64/include/asm/barrier.h | 23 ++
arch/ia64/include/asm/uaccess.h | 20 +-
arch/m32r/include/asm/uaccess.h | 2 +-
arch/metag/include/asm/atomic.h | 3 +-
arch/metag/include/asm/barrier.h | 15 ++
arch/metag/include/asm/uaccess.h | 3 +-
arch/microblaze/include/asm/uaccess.h | 11 +-
arch/mips/include/asm/barrier.h | 15 ++
arch/mips/include/asm/kvm_host.h | 7 +-
arch/mips/include/asm/ptrace.h | 2 +-
arch/mips/include/asm/uaccess.h | 3 +
arch/mips/kvm/kvm_mips_emul.c | 100 ++++++--
arch/mips/mti-malta/malta-setup.c | 8 +-
arch/mn10300/include/asm/uaccess.h | 1 +
arch/mn10300/lib/usercopy.c | 4 +-
arch/openrisc/include/asm/uaccess.h | 35 +--
arch/parisc/include/asm/uaccess.h | 7 +-
arch/parisc/kernel/syscall.S | 11 +-
arch/powerpc/include/asm/barrier.h | 21 +-
arch/powerpc/include/asm/uaccess.h | 21 +-
arch/powerpc/kernel/nvram_64.c | 6 +-
arch/powerpc/kernel/vdso64/datapage.S | 2 +-
arch/powerpc/kernel/vdso64/gettimeofday.S | 2 +-
arch/powerpc/lib/copyuser_64.S | 2 +-
arch/powerpc/mm/slb_low.S | 7 +-
arch/powerpc/platforms/powernv/pci.c | 4 +-
arch/s390/include/asm/barrier.h | 15 ++
arch/s390/include/asm/uaccess.h | 8 +-
arch/score/include/asm/uaccess.h | 46 ++--
arch/sh/include/asm/uaccess.h | 5 +-
arch/sh/include/asm/uaccess_64.h | 1 +
arch/sparc/include/asm/barrier_64.h | 15 ++
arch/sparc/include/asm/uaccess_32.h | 4 +-
arch/tile/kernel/time.c | 4 +-
arch/x86/boot/compressed/Makefile | 14 +-
arch/x86/boot/compressed/head_32.S | 28 ++
arch/x86/boot/compressed/head_64.S | 8 +
arch/x86/include/asm/barrier.h | 43 +++-
arch/x86/include/asm/hugetlb.h | 1 +
arch/x86/include/asm/tlbflush.h | 7 +
arch/x86/include/asm/uaccess.h | 2 +-
arch/x86/kernel/apic/apic.c | 3 +
arch/x86/kernel/head_32.S | 2 +-
arch/x86/kernel/paravirt.c | 4 +-
arch/x86/kvm/vmx.c | 13 +
arch/x86/kvm/x86.c | 20 +-
arch/x86/mm/pat.c | 5 +-
arch/x86/um/asm/barrier.h | 6 +-
arch/x86/xen/mmu.c | 2 +-
block/cfq-iosched.c | 13 +-
crypto/ablkcipher.c | 2 +
crypto/af_alg.c | 51 +++-
crypto/ahash.c | 5 +-
crypto/algif_hash.c | 165 +++++++++++-
crypto/algif_skcipher.c | 172 +++++++++++--
crypto/blkcipher.c | 4 +-
crypto/cryptd.c | 9 +-
crypto/gcm.c | 2 +-
crypto/shash.c | 5 +-
drivers/acpi/apei/ghes.c | 2 +-
drivers/base/core.c | 42 ++-
drivers/block/drbd/drbd_main.c | 2 +-
drivers/block/xen-blkback/common.h | 8 +-
drivers/char/hw_random/exynos-rng.c | 9 +-
drivers/char/hw_random/omap-rng.c | 16 +-
drivers/char/mem.c | 6 +-
drivers/devfreq/devfreq.c | 2 +-
drivers/edac/edac_mc.c | 2 +-
drivers/firewire/net.c | 59 +++--
drivers/gpio/gpio-mpc8xxx.c | 2 +-
drivers/gpu/drm/drm_crtc.c | 3 +
drivers/gpu/drm/qxl/qxl_draw.c | 2 +
drivers/gpu/drm/radeon/atombios_crtc.c | 2 +
drivers/gpu/drm/radeon/radeon_legacy_crtc.c | 2 +
drivers/gpu/drm/radeon/radeon_ttm.c | 4 +-
drivers/hv/hv_util.c | 10 +-
drivers/hwmon/adt7411.c | 5 +-
drivers/i2c/busses/i2c-at91.c | 58 ++++-
drivers/i2c/busses/i2c-eg20t.c | 18 +-
drivers/i2c/i2c-core.c | 2 +-
drivers/iio/accel/kxsd9.c | 2 +
drivers/infiniband/core/cm.c | 127 +++++++--
drivers/infiniband/core/multicast.c | 13 +-
drivers/infiniband/core/uverbs_main.c | 7 +-
drivers/infiniband/hw/mlx4/cq.c | 5 +-
drivers/infiniband/hw/mlx4/mcg.c | 14 +-
drivers/infiniband/ulp/ipoib/ipoib.h | 1 +
drivers/infiniband/ulp/ipoib/ipoib_cm.c | 16 ++
drivers/infiniband/ulp/ipoib/ipoib_ib.c | 9 +
drivers/infiniband/ulp/ipoib/ipoib_main.c | 2 +-
drivers/infiniband/ulp/srpt/ib_srpt.c | 59 +----
drivers/input/serio/i8042.c | 17 +-
drivers/input/serio/libps2.c | 10 +-
drivers/input/touchscreen/ili210x.c | 2 +-
drivers/iommu/amd_iommu.c | 13 +-
drivers/isdn/hardware/mISDN/ipac.h | 1 +
drivers/isdn/hardware/mISDN/mISDNipac.c | 2 +
drivers/isdn/mISDN/socket.c | 3 +
drivers/md/dm-flakey.c | 27 +-
drivers/md/dm.c | 5 +
drivers/media/dvb-frontends/mb86a20s.c | 104 ++++----
drivers/media/usb/cx231xx/cx231xx-avcore.c | 5 +-
drivers/media/usb/cx231xx/cx231xx-cards.c | 2 +-
drivers/media/usb/cx231xx/cx231xx-core.c | 3 +-
drivers/media/usb/em28xx/em28xx-i2c.c | 5 +-
drivers/mfd/mfd-core.c | 2 +
drivers/misc/mei/nfc.c | 2 +-
drivers/mmc/card/block.c | 3 +-
drivers/mmc/host/mxs-mmc.c | 4 +-
drivers/mtd/maps/pmcmsp-flash.c | 6 +-
drivers/mtd/mtd_blkdevs.c | 10 +-
drivers/mtd/nand/davinci_nand.c | 3 +
drivers/mtd/ubi/fastmap.c | 7 +-
drivers/net/bonding/bond_main.c | 7 +-
drivers/net/can/dev.c | 27 +-
drivers/net/ethernet/marvell/sky2.c | 13 +
drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 +-
drivers/net/ppp/ppp_generic.c | 5 +-
drivers/net/usb/kaweth.c | 3 +-
.../net/wireless/brcm80211/brcmfmac/wl_cfg80211.c | 2 +-
drivers/net/wireless/brcm80211/brcmsmac/dma.c | 4 +-
drivers/net/wireless/brcm80211/brcmsmac/stf.c | 2 +-
drivers/net/wireless/iwlwifi/pcie/tx.c | 4 +-
drivers/net/wireless/mwifiex/cfg80211.c | 13 +-
drivers/net/xen-netback/netback.c | 34 ++-
drivers/pci/quirks.c | 41 ++-
drivers/regulator/tps65910-regulator.c | 6 +
drivers/s390/block/dasd.c | 10 +-
drivers/s390/scsi/zfcp_dbf.c | 162 ++++++++++--
drivers/s390/scsi/zfcp_dbf.h | 14 +-
drivers/s390/scsi/zfcp_erp.c | 12 +-
drivers/s390/scsi/zfcp_ext.h | 8 +-
drivers/s390/scsi/zfcp_fsf.c | 22 +-
drivers/s390/scsi/zfcp_fsf.h | 4 +-
drivers/s390/scsi/zfcp_scsi.c | 8 +-
drivers/scsi/arcmsr/arcmsr_hba.c | 17 +-
drivers/scsi/ibmvscsi/ibmvfc.c | 1 -
drivers/scsi/megaraid/megaraid_sas.h | 2 +-
drivers/scsi/megaraid/megaraid_sas_base.c | 13 +-
drivers/scsi/mpt2sas/mpt2sas_scsih.c | 15 ++
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 14 +
drivers/scsi/scsi_debug.c | 1 +
drivers/scsi/scsi_scan.c | 2 +-
drivers/staging/iio/impedance-analyzer/ad5933.c | 17 +-
drivers/thermal/thermal_core.c | 2 +-
drivers/tty/tty_ldisc.c | 7 +
drivers/tty/vt/vt.c | 7 +-
drivers/uio/uio_dmem_genirq.c | 2 +-
drivers/usb/chipidea/core.c | 1 +
drivers/usb/chipidea/udc.c | 2 -
drivers/usb/class/cdc-acm.c | 5 +-
drivers/usb/class/cdc-acm.h | 1 -
drivers/usb/core/config.c | 93 ++++++-
drivers/usb/dwc3/gadget.c | 19 +-
drivers/usb/gadget/fsl_qe_udc.c | 7 +-
drivers/usb/gadget/u_ether.c | 7 -
drivers/usb/host/xhci-hub.c | 3 +
drivers/usb/misc/legousbtower.c | 35 ++-
drivers/usb/renesas_usbhs/mod.c | 11 +-
drivers/usb/serial/cp210x.c | 6 +-
drivers/usb/serial/kobil_sct.c | 5 +-
drivers/usb/serial/mos7720.c | 2 +-
drivers/usb/serial/mos7840.c | 4 +-
drivers/usb/serial/usb-serial.c | 4 +-
drivers/usb/storage/transport.c | 7 +-
drivers/video/efifb.c | 6 +-
drivers/xen/xen-pciback/conf_space.c | 6 +-
drivers/xen/xen-pciback/conf_space.h | 2 +-
drivers/xen/xen-pciback/conf_space_header.c | 2 +-
drivers/xen/xen-pciback/pciback.h | 1 +
drivers/xen/xen-pciback/pciback_ops.c | 75 ++++--
fs/btrfs/ioctl.c | 12 +
fs/coredump.c | 3 +
fs/ext4/ext4.h | 1 +
fs/ext4/inode.c | 50 ++--
fs/ext4/mballoc.c | 47 ++--
fs/ext4/namei.c | 9 +-
fs/ext4/super.c | 53 +++-
fs/ext4/xattr.c | 13 +-
fs/hostfs/hostfs_kern.c | 7 +-
fs/isofs/inode.c | 8 +-
fs/nfs/callback.c | 1 +
fs/nfs/callback_xdr.c | 6 +-
fs/nfs/nfs4state.c | 3 +
fs/nfsd/nfs4state.c | 3 +-
fs/ocfs2/dlm/dlmconvert.c | 12 +-
fs/ocfs2/file.c | 34 ++-
fs/pstore/ram_core.c | 51 +---
fs/reiserfs/ibalance.c | 3 +-
fs/reiserfs/super.c | 12 +-
fs/seq_file.c | 4 +-
fs/super.c | 6 +-
fs/ubifs/dir.c | 22 +-
fs/ubifs/tnc_commit.c | 2 +-
fs/ubifs/xattr.c | 2 +
fs/xfs/xfs_dquot.c | 3 +-
fs/xfs/xfs_mount.c | 3 +-
include/asm-generic/barrier.h | 15 ++
include/asm-generic/uaccess.h | 20 +-
include/crypto/hash.h | 6 +
include/crypto/if_alg.h | 11 +-
include/linux/can/dev.h | 3 +-
include/linux/compiler.h | 67 +++++
include/linux/crypto.h | 8 +
include/linux/filter.h | 6 +-
include/linux/i8042.h | 6 -
include/linux/mfd/88pm80x.h | 4 +-
include/linux/mroute.h | 2 +-
include/linux/mroute6.h | 2 +-
include/linux/netdevice.h | 1 +
include/linux/pagemap.h | 38 +--
include/linux/perf_event.h | 6 -
include/linux/sem.h | 1 +
include/linux/serio.h | 24 +-
include/linux/stddef.h | 15 +-
include/linux/vfio.h | 14 -
include/net/if_inet6.h | 10 +-
include/net/ip6_tunnel.h | 1 +
include/net/ndisc.h | 2 +
include/net/sock.h | 16 +-
include/net/tcp.h | 3 +
include/xen/interface/io/ring.h | 14 +
ipc/msg.c | 34 +--
ipc/sem.c | 155 ++++++-----
ipc/shm.c | 42 +--
ipc/util.c | 6 +-
kernel/events/core.c | 15 +-
kernel/fork.c | 10 +-
kernel/power/suspend_test.c | 4 +-
kernel/rcutree_plugin.h | 1 +
kernel/sched/core.c | 41 +++
kernel/timer.c | 19 +-
kernel/trace/trace.c | 32 +--
lib/genalloc.c | 3 +-
lib/mpi/mpi-pow.c | 7 +-
lib/ratelimit.c | 2 +-
mm/ksm.c | 3 +-
mm/swapfile.c | 2 +
net/can/bcm.c | 32 ++-
net/core/dev.c | 18 +-
net/core/dst.c | 4 +-
net/core/filter.c | 10 +-
net/core/sock.c | 10 +-
net/dccp/ipv4.c | 14 +-
net/dccp/ipv6.c | 16 +-
net/dccp/proto.c | 4 +
net/ipv4/ip_fragment.c | 4 +
net/ipv4/ip_output.c | 3 +
net/ipv4/ipmr.c | 3 +-
net/ipv4/route.c | 9 +-
net/ipv4/tcp_ipv4.c | 22 +-
net/ipv4/tcp_output.c | 15 +-
net/ipv6/addrconf.c | 283 ++++++++++++++-------
net/ipv6/af_inet6.c | 6 +
net/ipv6/anycast.c | 12 +
net/ipv6/ip6_gre.c | 1 -
net/ipv6/ip6_tunnel.c | 13 +-
net/ipv6/ip6mr.c | 5 +-
net/ipv6/mcast.c | 14 +
net/ipv6/ndisc.c | 18 +-
net/ipv6/netfilter/nf_conntrack_reasm.c | 3 +
net/ipv6/reassembly.c | 4 +
net/ipv6/route.c | 4 +-
net/ipv6/tcp_ipv6.c | 14 +-
net/irda/iriap.c | 8 +-
net/mac80211/cfg.c | 2 +-
net/mac80211/rx.c | 24 +-
net/mac80211/tx.c | 6 +-
net/netfilter/ipvs/ip_vs_proto_tcp.c | 25 +-
net/netfilter/nf_log.c | 6 +-
net/packet/af_packet.c | 1 +
net/sctp/sm_statefuns.c | 12 +-
net/sctp/socket.c | 12 +-
net/sunrpc/svc.c | 8 +-
net/wireless/core.h | 1 +
net/wireless/scan.c | 69 +++++
security/keys/proc.c | 2 +-
sound/core/pcm_lib.c | 2 +-
sound/core/rawmidi.c | 4 +-
sound/core/timer.c | 20 +-
sound/pci/ali5451/ali5451.c | 2 +
sound/soc/omap/omap-mcpdm.c | 5 +-
tools/perf/util/symbol-elf.c | 2 +-
tools/perf/util/symbol.c | 2 +-
tools/vm/slabinfo.c | 3 +-
308 files changed, 3354 insertions(+), 1327 deletions(-)
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply [flat|nested] 35+ messages in thread
* [PATCH 3.10 001/319] sched/core: Fix a race between try_to_wake_up() and a woken up task
2017-02-05 19:09 ` Willy Tarreau
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux
Cc: Balbir Singh, Peter Zijlstra, Alexey Kardashevskiy,
Linus Torvalds, Nicholas Piggin, Nicholas Piggin, Oleg Nesterov,
Thomas Gleixner, Ingo Molnar, Greg Kroah-Hartman, Willy Tarreau
From: Balbir Singh <bsingharora@gmail.com>
commit 135e8c9250dd5c8c9aae5984fde6f230d0cbfeaf upstream.
The origin of the issue I've seen is related to
a missing memory barrier between check for task->state and
the check for task->on_rq.
The task being woken up is already awake from a schedule()
and is doing the following:
do {
schedule()
set_current_state(TASK_(UN)INTERRUPTIBLE);
} while (!cond);
The waker, actually gets stuck doing the following in
try_to_wake_up():
while (p->on_cpu)
cpu_relax();
Analysis:
The instance I've seen involves the following race:
CPU1 CPU2
while () {
if (cond)
break;
do {
schedule();
set_current_state(TASK_UN..)
} while (!cond);
wakeup_routine()
spin_lock_irqsave(wait_lock)
raw_spin_lock_irqsave(wait_lock) wake_up_process()
} try_to_wake_up()
set_current_state(TASK_RUNNING); ..
list_del(&waiter.list);
CPU2 wakes up CPU1, but before it can get the wait_lock and set
current state to TASK_RUNNING the following occurs:
CPU3
wakeup_routine()
raw_spin_lock_irqsave(wait_lock)
if (!list_empty)
wake_up_process()
try_to_wake_up()
raw_spin_lock_irqsave(p->pi_lock)
..
if (p->on_rq && ttwu_wakeup())
..
while (p->on_cpu)
cpu_relax()
..
CPU3 tries to wake up the task on CPU1 again since it finds
it on the wait_queue, CPU1 is spinning on wait_lock, but immediately
after CPU2, CPU3 got it.
CPU3 checks the state of p on CPU1, it is TASK_UNINTERRUPTIBLE and
the task is spinning on the wait_lock. Interestingly since p->on_rq
is checked under pi_lock, I've noticed that try_to_wake_up() finds
p->on_rq to be 0. This was the most confusing bit of the analysis,
but p->on_rq is changed under runqueue lock, rq_lock, the p->on_rq
check is not reliable without this fix IMHO. The race is visible
(based on the analysis) only when ttwu_queue() does a remote wakeup
via ttwu_queue_remote. In which case the p->on_rq change is not
done uder the pi_lock.
The result is that after a while the entire system locks up on
the raw_spin_irqlock_save(wait_lock) and the holder spins infintely
Reproduction of the issue:
The issue can be reproduced after a long run on my system with 80
threads and having to tweak available memory to very low and running
memory stress-ng mmapfork test. It usually takes a long time to
reproduce. I am trying to work on a test case that can reproduce
the issue faster, but thats work in progress. I am still testing the
changes on my still in a loop and the tests seem OK thus far.
Big thanks to Benjamin and Nick for helping debug this as well.
Ben helped catch the missing barrier, Nick caught every missing
bit in my theory.
Signed-off-by: Balbir Singh <bsingharora@gmail.com>
[ Updated comment to clarify matching barriers. Many
architectures do not have a full barrier in switch_to()
so that cannot be relied upon. ]
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Nicholas Piggin <nicholas.piggin@gmail.com>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/e02cce7b-d9ca-1ad0-7a61-ea97c7582b37@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
kernel/sched/core.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 655d611..c8afc2c 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -1501,6 +1501,28 @@ try_to_wake_up(struct task_struct *p, unsigned int state, int wake_flags)
success = 1; /* we're going to change ->state */
cpu = task_cpu(p);
+ /*
+ * Ensure we load p->on_rq _after_ p->state, otherwise it would
+ * be possible to, falsely, observe p->on_rq == 0 and get stuck
+ * in smp_cond_load_acquire() below.
+ *
+ * sched_ttwu_pending() try_to_wake_up()
+ * [S] p->on_rq = 1; [L] P->state
+ * UNLOCK rq->lock -----.
+ * \
+ * +--- RMB
+ * schedule() /
+ * LOCK rq->lock -----'
+ * UNLOCK rq->lock
+ *
+ * [task p]
+ * [S] p->state = UNINTERRUPTIBLE [L] p->on_rq
+ *
+ * Pairs with the UNLOCK+LOCK on rq->lock from the
+ * last wakeup of our task and the schedule that got our task
+ * current.
+ */
+ smp_rmb();
if (p->on_rq && ttwu_remote(p, wake_flags))
goto stat;
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 002/319] sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule()
2017-02-05 19:09 ` Willy Tarreau
(?)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux
Cc: Peter Zijlstra, Linus Torvalds, Mike Galbraith, Thomas Gleixner,
Ingo Molnar, Willy Tarreau
From: Peter Zijlstra <peterz@infradead.org>
commit ecf7d01c229d11a44609c0067889372c91fb4f36 upstream.
Oleg noticed that its possible to falsely observe p->on_cpu == 0 such
that we'll prematurely continue with the wakeup and effectively run p on
two CPUs at the same time.
Even though the overlap is very limited; the task is in the middle of
being scheduled out; it could still result in corruption of the
scheduler data structures.
CPU0 CPU1
set_current_state(...)
<preempt_schedule>
context_switch(X, Y)
prepare_lock_switch(Y)
Y->on_cpu = 1;
finish_lock_switch(X)
store_release(X->on_cpu, 0);
try_to_wake_up(X)
LOCK(p->pi_lock);
t = X->on_cpu; // 0
context_switch(Y, X)
prepare_lock_switch(X)
X->on_cpu = 1;
finish_lock_switch(Y)
store_release(Y->on_cpu, 0);
</preempt_schedule>
schedule();
deactivate_task(X);
X->on_rq = 0;
if (X->on_rq) // false
if (t) while (X->on_cpu)
cpu_relax();
context_switch(X, ..)
finish_lock_switch(X)
store_release(X->on_cpu, 0);
Avoid the load of X->on_cpu being hoisted over the X->on_rq load.
Reported-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
kernel/sched/core.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index c8afc2c..6a366f9 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -1528,6 +1528,25 @@ try_to_wake_up(struct task_struct *p, unsigned int state, int wake_flags)
#ifdef CONFIG_SMP
/*
+ * Ensure we load p->on_cpu _after_ p->on_rq, otherwise it would be
+ * possible to, falsely, observe p->on_cpu == 0.
+ *
+ * One must be running (->on_cpu == 1) in order to remove oneself
+ * from the runqueue.
+ *
+ * [S] ->on_cpu = 1; [L] ->on_rq
+ * UNLOCK rq->lock
+ * RMB
+ * LOCK rq->lock
+ * [S] ->on_rq = 0; [L] ->on_cpu
+ *
+ * Pairs with the full barrier implied in the UNLOCK+LOCK on rq->lock
+ * from the consecutive calls to schedule(); the first switching to our
+ * task, the second putting it to sleep.
+ */
+ smp_rmb();
+
+ /*
* If the owning (remote) cpu is still in the middle of schedule() with
* this task as prev, wait until its done referencing the task.
*/
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 003/319] crypto: algif_skcipher - Require setkey before accept(2)
2017-02-05 19:09 ` Willy Tarreau
` (2 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit dd504589577d8e8e70f51f997ad487a4cb6c026f upstream.
Some cipher implementations will crash if you try to use them
without calling setkey first. This patch adds a check so that
the accept(2) call will fail with -ENOKEY if setkey hasn't been
done on the socket yet.
Cc: stable@vger.kernel.org
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/algif_skcipher.c | 51 ++++++++++++++++++++++++++++++++++++++++---------
1 file changed, 42 insertions(+), 9 deletions(-)
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 83187f4..c4c121a 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -31,6 +31,11 @@ struct skcipher_sg_list {
struct scatterlist sg[0];
};
+struct skcipher_tfm {
+ struct crypto_ablkcipher *skcipher;
+ bool has_key;
+};
+
struct skcipher_ctx {
struct list_head tsgl;
struct af_alg_sgl rsgl;
@@ -546,17 +551,41 @@ static struct proto_ops algif_skcipher_ops = {
static void *skcipher_bind(const char *name, u32 type, u32 mask)
{
- return crypto_alloc_ablkcipher(name, type, mask);
+ struct skcipher_tfm *tfm;
+ struct crypto_ablkcipher *skcipher;
+
+ tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
+ if (!tfm)
+ return ERR_PTR(-ENOMEM);
+
+ skcipher = crypto_alloc_ablkcipher(name, type, mask);
+ if (IS_ERR(skcipher)) {
+ kfree(tfm);
+ return ERR_CAST(skcipher);
+ }
+
+ tfm->skcipher = skcipher;
+
+ return tfm;
}
static void skcipher_release(void *private)
{
- crypto_free_ablkcipher(private);
+ struct skcipher_tfm *tfm = private;
+
+ crypto_free_ablkcipher(tfm->skcipher);
+ kfree(tfm);
}
static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen)
{
- return crypto_ablkcipher_setkey(private, key, keylen);
+ struct skcipher_tfm *tfm = private;
+ int err;
+
+ err = crypto_ablkcipher_setkey(tfm->skcipher, key, keylen);
+ tfm->has_key = !err;
+
+ return err;
}
static void skcipher_sock_destruct(struct sock *sk)
@@ -575,20 +604,24 @@ static int skcipher_accept_parent(void *private, struct sock *sk)
{
struct skcipher_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
- unsigned int len = sizeof(*ctx) + crypto_ablkcipher_reqsize(private);
+ struct skcipher_tfm *tfm = private;
+ struct crypto_ablkcipher *skcipher = tfm->skcipher;
+ unsigned int len = sizeof(*ctx) + crypto_ablkcipher_reqsize(skcipher);
+
+ if (!tfm->has_key)
+ return -ENOKEY;
ctx = sock_kmalloc(sk, len, GFP_KERNEL);
if (!ctx)
return -ENOMEM;
-
- ctx->iv = sock_kmalloc(sk, crypto_ablkcipher_ivsize(private),
+ ctx->iv = sock_kmalloc(sk, crypto_ablkcipher_ivsize(skcipher),
GFP_KERNEL);
if (!ctx->iv) {
sock_kfree_s(sk, ctx, len);
return -ENOMEM;
}
- memset(ctx->iv, 0, crypto_ablkcipher_ivsize(private));
+ memset(ctx->iv, 0, crypto_ablkcipher_ivsize(skcipher));
INIT_LIST_HEAD(&ctx->tsgl);
ctx->len = len;
@@ -600,9 +633,9 @@ static int skcipher_accept_parent(void *private, struct sock *sk)
ask->private = ctx;
- ablkcipher_request_set_tfm(&ctx->req, private);
+ ablkcipher_request_set_tfm(&ctx->req, skcipher);
ablkcipher_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
- af_alg_complete, &ctx->completion);
+ af_alg_complete, &ctx->completion);
sk->sk_destruct = skcipher_sock_destruct;
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 004/319] crypto: af_alg - Disallow bind/setkey/... after accept(2)
2017-02-05 19:09 ` Willy Tarreau
` (3 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit c840ac6af3f8713a71b4d2363419145760bd6044 upstream.
Each af_alg parent socket obtained by socket(2) corresponds to a
tfm object once bind(2) has succeeded. An accept(2) call on that
parent socket creates a context which then uses the tfm object.
Therefore as long as any child sockets created by accept(2) exist
the parent socket must not be modified or freed.
This patch guarantees this by using locks and a reference count
on the parent socket. Any attempt to modify the parent socket will
fail with EBUSY.
Cc: stable@vger.kernel.org
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/af_alg.c | 35 ++++++++++++++++++++++++++++++++---
include/crypto/if_alg.h | 8 +++-----
2 files changed, 35 insertions(+), 8 deletions(-)
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 1aaa555..0ca108f 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -125,6 +125,23 @@ int af_alg_release(struct socket *sock)
}
EXPORT_SYMBOL_GPL(af_alg_release);
+void af_alg_release_parent(struct sock *sk)
+{
+ struct alg_sock *ask = alg_sk(sk);
+ bool last;
+
+ sk = ask->parent;
+ ask = alg_sk(sk);
+
+ lock_sock(sk);
+ last = !--ask->refcnt;
+ release_sock(sk);
+
+ if (last)
+ sock_put(sk);
+}
+EXPORT_SYMBOL_GPL(af_alg_release_parent);
+
static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
{
struct sock *sk = sock->sk;
@@ -132,6 +149,7 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
struct sockaddr_alg *sa = (void *)uaddr;
const struct af_alg_type *type;
void *private;
+ int err;
if (sock->state == SS_CONNECTED)
return -EINVAL;
@@ -157,16 +175,22 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
return PTR_ERR(private);
}
+ err = -EBUSY;
lock_sock(sk);
+ if (ask->refcnt)
+ goto unlock;
swap(ask->type, type);
swap(ask->private, private);
+ err = 0;
+
+unlock:
release_sock(sk);
alg_do_release(type, private);
- return 0;
+ return err;
}
static int alg_setkey(struct sock *sk, char __user *ukey,
@@ -199,11 +223,15 @@ static int alg_setsockopt(struct socket *sock, int level, int optname,
struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk);
const struct af_alg_type *type;
- int err = -ENOPROTOOPT;
+ int err = -EBUSY;
lock_sock(sk);
+ if (ask->refcnt)
+ goto unlock;
+
type = ask->type;
+ err = -ENOPROTOOPT;
if (level != SOL_ALG || !type)
goto unlock;
@@ -252,7 +280,8 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
sk2->sk_family = PF_ALG;
- sock_hold(sk);
+ if (!ask->refcnt++)
+ sock_hold(sk);
alg_sk(sk2)->parent = sk;
alg_sk(sk2)->type = type;
diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h
index d61c111..2f38daa 100644
--- a/include/crypto/if_alg.h
+++ b/include/crypto/if_alg.h
@@ -30,6 +30,8 @@ struct alg_sock {
struct sock *parent;
+ unsigned int refcnt;
+
const struct af_alg_type *type;
void *private;
};
@@ -64,6 +66,7 @@ int af_alg_register_type(const struct af_alg_type *type);
int af_alg_unregister_type(const struct af_alg_type *type);
int af_alg_release(struct socket *sock);
+void af_alg_release_parent(struct sock *sk);
int af_alg_accept(struct sock *sk, struct socket *newsock);
int af_alg_make_sg(struct af_alg_sgl *sgl, void __user *addr, int len,
@@ -80,11 +83,6 @@ static inline struct alg_sock *alg_sk(struct sock *sk)
return (struct alg_sock *)sk;
}
-static inline void af_alg_release_parent(struct sock *sk)
-{
- sock_put(alg_sk(sk)->parent);
-}
-
static inline void af_alg_init_completion(struct af_alg_completion *completion)
{
init_completion(&completion->completion);
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 005/319] crypto: af_alg - Add nokey compatibility path
2017-02-05 19:09 ` Willy Tarreau
` (4 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit 37766586c965d63758ad542325a96d5384f4a8c9 upstream.
This patch adds a compatibility path to support old applications
that do acept(2) before setkey.
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/af_alg.c | 13 ++++++++++++-
include/crypto/if_alg.h | 2 ++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 0ca108f..de130c2 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -76,6 +76,8 @@ int af_alg_register_type(const struct af_alg_type *type)
goto unlock;
type->ops->owner = THIS_MODULE;
+ if (type->ops_nokey)
+ type->ops_nokey->owner = THIS_MODULE;
node->type = type;
list_add(&node->list, &alg_types);
err = 0;
@@ -257,6 +259,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
const struct af_alg_type *type;
struct sock *sk2;
int err;
+ bool nokey;
lock_sock(sk);
type = ask->type;
@@ -275,12 +278,17 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
security_sk_clone(sk, sk2);
err = type->accept(ask->private, sk2);
+
+ nokey = err == -ENOKEY;
+ if (nokey && type->accept_nokey)
+ err = type->accept_nokey(ask->private, sk2);
+
if (err)
goto unlock;
sk2->sk_family = PF_ALG;
- if (!ask->refcnt++)
+ if (nokey || !ask->refcnt++)
sock_hold(sk);
alg_sk(sk2)->parent = sk;
alg_sk(sk2)->type = type;
@@ -288,6 +296,9 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
newsock->ops = type->ops;
newsock->state = SS_CONNECTED;
+ if (nokey)
+ newsock->ops = type->ops_nokey;
+
err = 0;
unlock:
diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h
index 2f38daa..9e6a2f3 100644
--- a/include/crypto/if_alg.h
+++ b/include/crypto/if_alg.h
@@ -51,8 +51,10 @@ struct af_alg_type {
void (*release)(void *private);
int (*setkey)(void *private, const u8 *key, unsigned int keylen);
int (*accept)(void *private, struct sock *sk);
+ int (*accept_nokey)(void *private, struct sock *sk);
struct proto_ops *ops;
+ struct proto_ops *ops_nokey;
struct module *owner;
char name[14];
};
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 006/319] crypto: algif_skcipher - Add nokey compatibility path
2017-02-05 19:09 ` Willy Tarreau
` (5 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit a0fa2d037129a9849918a92d91b79ed6c7bd2818 upstream.
This patch adds a compatibility path to support old applications
that do acept(2) before setkey.
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/algif_skcipher.c | 149 ++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 144 insertions(+), 5 deletions(-)
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index c4c121a..db5f0f0 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -549,6 +549,99 @@ static struct proto_ops algif_skcipher_ops = {
.poll = skcipher_poll,
};
+static int skcipher_check_key(struct socket *sock)
+{
+ int err;
+ struct sock *psk;
+ struct alg_sock *pask;
+ struct skcipher_tfm *tfm;
+ struct sock *sk = sock->sk;
+ struct alg_sock *ask = alg_sk(sk);
+
+ if (ask->refcnt)
+ return 0;
+
+ psk = ask->parent;
+ pask = alg_sk(ask->parent);
+ tfm = pask->private;
+
+ err = -ENOKEY;
+ lock_sock(psk);
+ if (!tfm->has_key)
+ goto unlock;
+
+ if (!pask->refcnt++)
+ sock_hold(psk);
+
+ ask->refcnt = 1;
+ sock_put(psk);
+
+ err = 0;
+
+unlock:
+ release_sock(psk);
+
+ return err;
+}
+
+static int skcipher_sendmsg_nokey(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t size)
+{
+ int err;
+
+ err = skcipher_check_key(sock);
+ if (err)
+ return err;
+
+ return skcipher_sendmsg(unused, sock, msg, size);
+}
+
+static ssize_t skcipher_sendpage_nokey(struct socket *sock, struct page *page,
+ int offset, size_t size, int flags)
+{
+ int err;
+
+ err = skcipher_check_key(sock);
+ if (err)
+ return err;
+
+ return skcipher_sendpage(sock, page, offset, size, flags);
+}
+
+static int skcipher_recvmsg_nokey(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t ignored, int flags)
+{
+ int err;
+
+ err = skcipher_check_key(sock);
+ if (err)
+ return err;
+
+ return skcipher_recvmsg(unused, sock, msg, ignored, flags);
+}
+
+static struct proto_ops algif_skcipher_ops_nokey = {
+ .family = PF_ALG,
+
+ .connect = sock_no_connect,
+ .socketpair = sock_no_socketpair,
+ .getname = sock_no_getname,
+ .ioctl = sock_no_ioctl,
+ .listen = sock_no_listen,
+ .shutdown = sock_no_shutdown,
+ .getsockopt = sock_no_getsockopt,
+ .mmap = sock_no_mmap,
+ .bind = sock_no_bind,
+ .accept = sock_no_accept,
+ .setsockopt = sock_no_setsockopt,
+
+ .release = af_alg_release,
+ .sendmsg = skcipher_sendmsg_nokey,
+ .sendpage = skcipher_sendpage_nokey,
+ .recvmsg = skcipher_recvmsg_nokey,
+ .poll = skcipher_poll,
+};
+
static void *skcipher_bind(const char *name, u32 type, u32 mask)
{
struct skcipher_tfm *tfm;
@@ -588,7 +681,7 @@ static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen)
return err;
}
-static void skcipher_sock_destruct(struct sock *sk)
+static void skcipher_sock_destruct_common(struct sock *sk)
{
struct alg_sock *ask = alg_sk(sk);
struct skcipher_ctx *ctx = ask->private;
@@ -597,10 +690,33 @@ static void skcipher_sock_destruct(struct sock *sk)
skcipher_free_sgl(sk);
sock_kfree_s(sk, ctx->iv, crypto_ablkcipher_ivsize(tfm));
sock_kfree_s(sk, ctx, ctx->len);
+}
+
+static void skcipher_sock_destruct(struct sock *sk)
+{
+ skcipher_sock_destruct_common(sk);
af_alg_release_parent(sk);
}
-static int skcipher_accept_parent(void *private, struct sock *sk)
+static void skcipher_release_parent_nokey(struct sock *sk)
+{
+ struct alg_sock *ask = alg_sk(sk);
+
+ if (!ask->refcnt) {
+ sock_put(ask->parent);
+ return;
+ }
+
+ af_alg_release_parent(sk);
+}
+
+static void skcipher_sock_destruct_nokey(struct sock *sk)
+{
+ skcipher_sock_destruct_common(sk);
+ skcipher_release_parent_nokey(sk);
+}
+
+static int skcipher_accept_parent_common(void *private, struct sock *sk)
{
struct skcipher_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
@@ -608,9 +724,6 @@ static int skcipher_accept_parent(void *private, struct sock *sk)
struct crypto_ablkcipher *skcipher = tfm->skcipher;
unsigned int len = sizeof(*ctx) + crypto_ablkcipher_reqsize(skcipher);
- if (!tfm->has_key)
- return -ENOKEY;
-
ctx = sock_kmalloc(sk, len, GFP_KERNEL);
if (!ctx)
return -ENOMEM;
@@ -642,12 +755,38 @@ static int skcipher_accept_parent(void *private, struct sock *sk)
return 0;
}
+static int skcipher_accept_parent(void *private, struct sock *sk)
+{
+ struct skcipher_tfm *tfm = private;
+
+ if (!tfm->has_key)
+ return -ENOKEY;
+
+ return skcipher_accept_parent_common(private, sk);
+}
+
+static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
+{
+ int err;
+
+ err = skcipher_accept_parent_common(private, sk);
+ if (err)
+ goto out;
+
+ sk->sk_destruct = skcipher_sock_destruct_nokey;
+
+out:
+ return err;
+}
+
static const struct af_alg_type algif_type_skcipher = {
.bind = skcipher_bind,
.release = skcipher_release,
.setkey = skcipher_setkey,
.accept = skcipher_accept_parent,
+ .accept_nokey = skcipher_accept_parent_nokey,
.ops = &algif_skcipher_ops,
+ .ops_nokey = &algif_skcipher_ops_nokey,
.name = "skcipher",
.owner = THIS_MODULE
};
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 007/319] crypto: hash - Add crypto_ahash_has_setkey
2017-02-05 19:09 ` Willy Tarreau
` (6 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit a5596d6332787fd383b3b5427b41f94254430827 upstream.
This patch adds a way for ahash users to determine whether a key
is required by a crypto_ahash transform.
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/ahash.c | 5 ++++-
crypto/shash.c | 4 +++-
include/crypto/hash.h | 6 ++++++
3 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/crypto/ahash.c b/crypto/ahash.c
index bcd5efc..781a8a7 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -370,6 +370,7 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
struct ahash_alg *alg = crypto_ahash_alg(hash);
hash->setkey = ahash_nosetkey;
+ hash->has_setkey = false;
hash->export = ahash_no_export;
hash->import = ahash_no_import;
@@ -382,8 +383,10 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm)
hash->finup = alg->finup ?: ahash_def_finup;
hash->digest = alg->digest;
- if (alg->setkey)
+ if (alg->setkey) {
hash->setkey = alg->setkey;
+ hash->has_setkey = true;
+ }
if (alg->export)
hash->export = alg->export;
if (alg->import)
diff --git a/crypto/shash.c b/crypto/shash.c
index 929058a..8e4256a 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -354,8 +354,10 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
crt->finup = shash_async_finup;
crt->digest = shash_async_digest;
- if (alg->setkey)
+ if (alg->setkey) {
crt->setkey = shash_async_setkey;
+ crt->has_setkey = true;
+ }
if (alg->export)
crt->export = shash_async_export;
if (alg->import)
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index 26cb1eb..c8c7987 100644
--- a/include/crypto/hash.h
+++ b/include/crypto/hash.h
@@ -94,6 +94,7 @@ struct crypto_ahash {
unsigned int keylen);
unsigned int reqsize;
+ bool has_setkey;
struct crypto_tfm base;
};
@@ -181,6 +182,11 @@ static inline void *ahash_request_ctx(struct ahash_request *req)
int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
unsigned int keylen);
+static inline bool crypto_ahash_has_setkey(struct crypto_ahash *tfm)
+{
+ return tfm->has_setkey;
+}
+
int crypto_ahash_finup(struct ahash_request *req);
int crypto_ahash_final(struct ahash_request *req);
int crypto_ahash_digest(struct ahash_request *req);
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 008/319] crypto: shash - Fix has_key setting
2017-02-05 19:09 ` Willy Tarreau
` (7 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit 00420a65fa2beb3206090ead86942484df2275f3 upstream.
The has_key logic is wrong for shash algorithms as they always
have a setkey function. So we should instead be testing against
shash_no_setkey.
Fixes: a5596d633278 ("crypto: hash - Add crypto_ahash_has_setkey")
Cc: stable@vger.kernel.org
Reported-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/shash.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/crypto/shash.c b/crypto/shash.c
index 8e4256a..ac4d763 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -353,11 +353,10 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm)
crt->final = shash_async_final;
crt->finup = shash_async_finup;
crt->digest = shash_async_digest;
+ crt->setkey = shash_async_setkey;
+
+ crt->has_setkey = alg->setkey != shash_no_setkey;
- if (alg->setkey) {
- crt->setkey = shash_async_setkey;
- crt->has_setkey = true;
- }
if (alg->export)
crt->export = shash_async_export;
if (alg->import)
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 009/319] crypto: algif_hash - Require setkey before accept(2)
2017-02-05 19:09 ` Willy Tarreau
` (8 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit 6de62f15b581f920ade22d758f4c338311c2f0d4 upstream.
Hash implementations that require a key may crash if you use
them without setting a key. This patch adds the necessary checks
so that if you do attempt to use them without a key that we return
-ENOKEY instead of proceeding.
This patch also adds a compatibility path to support old applications
that do acept(2) before setkey.
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/algif_hash.c | 201 +++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 193 insertions(+), 8 deletions(-)
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index c542c0d8..7bc3f89 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -34,6 +34,11 @@ struct hash_ctx {
struct ahash_request req;
};
+struct algif_hash_tfm {
+ struct crypto_ahash *hash;
+ bool has_key;
+};
+
static int hash_sendmsg(struct kiocb *unused, struct socket *sock,
struct msghdr *msg, size_t ignored)
{
@@ -248,22 +253,151 @@ static struct proto_ops algif_hash_ops = {
.accept = hash_accept,
};
+static int hash_check_key(struct socket *sock)
+{
+ int err;
+ struct sock *psk;
+ struct alg_sock *pask;
+ struct algif_hash_tfm *tfm;
+ struct sock *sk = sock->sk;
+ struct alg_sock *ask = alg_sk(sk);
+
+ if (ask->refcnt)
+ return 0;
+
+ psk = ask->parent;
+ pask = alg_sk(ask->parent);
+ tfm = pask->private;
+
+ err = -ENOKEY;
+ lock_sock(psk);
+ if (!tfm->has_key)
+ goto unlock;
+
+ if (!pask->refcnt++)
+ sock_hold(psk);
+
+ ask->refcnt = 1;
+ sock_put(psk);
+
+ err = 0;
+
+unlock:
+ release_sock(psk);
+
+ return err;
+}
+
+static int hash_sendmsg_nokey(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t size)
+{
+ int err;
+
+ err = hash_check_key(sock);
+ if (err)
+ return err;
+
+ return hash_sendmsg(unused, sock, msg, size);
+}
+
+static ssize_t hash_sendpage_nokey(struct socket *sock, struct page *page,
+ int offset, size_t size, int flags)
+{
+ int err;
+
+ err = hash_check_key(sock);
+ if (err)
+ return err;
+
+ return hash_sendpage(sock, page, offset, size, flags);
+}
+
+static int hash_recvmsg_nokey(struct kiocb *unused, struct socket *sock,
+ struct msghdr *msg, size_t ignored, int flags)
+{
+ int err;
+
+ err = hash_check_key(sock);
+ if (err)
+ return err;
+
+ return hash_recvmsg(unused, sock, msg, ignored, flags);
+}
+
+static int hash_accept_nokey(struct socket *sock, struct socket *newsock,
+ int flags)
+{
+ int err;
+
+ err = hash_check_key(sock);
+ if (err)
+ return err;
+
+ return hash_accept(sock, newsock, flags);
+}
+
+static struct proto_ops algif_hash_ops_nokey = {
+ .family = PF_ALG,
+
+ .connect = sock_no_connect,
+ .socketpair = sock_no_socketpair,
+ .getname = sock_no_getname,
+ .ioctl = sock_no_ioctl,
+ .listen = sock_no_listen,
+ .shutdown = sock_no_shutdown,
+ .getsockopt = sock_no_getsockopt,
+ .mmap = sock_no_mmap,
+ .bind = sock_no_bind,
+ .setsockopt = sock_no_setsockopt,
+ .poll = sock_no_poll,
+
+ .release = af_alg_release,
+ .sendmsg = hash_sendmsg_nokey,
+ .sendpage = hash_sendpage_nokey,
+ .recvmsg = hash_recvmsg_nokey,
+ .accept = hash_accept_nokey,
+};
+
static void *hash_bind(const char *name, u32 type, u32 mask)
{
- return crypto_alloc_ahash(name, type, mask);
+ struct algif_hash_tfm *tfm;
+ struct crypto_ahash *hash;
+
+ tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
+ if (!tfm)
+ return ERR_PTR(-ENOMEM);
+
+ hash = crypto_alloc_ahash(name, type, mask);
+ if (IS_ERR(hash)) {
+ kfree(tfm);
+ return ERR_CAST(hash);
+ }
+
+ tfm->hash = hash;
+
+ return tfm;
}
static void hash_release(void *private)
{
- crypto_free_ahash(private);
+ struct algif_hash_tfm *tfm = private;
+
+ crypto_free_ahash(tfm->hash);
+ kfree(tfm);
}
static int hash_setkey(void *private, const u8 *key, unsigned int keylen)
{
- return crypto_ahash_setkey(private, key, keylen);
+ struct algif_hash_tfm *tfm = private;
+ int err;
+
+ err = crypto_ahash_setkey(tfm->hash, key, keylen);
+ tfm->has_key = !err;
+
+ return err;
}
-static void hash_sock_destruct(struct sock *sk)
+static void hash_sock_destruct_common(struct sock *sk)
{
struct alg_sock *ask = alg_sk(sk);
struct hash_ctx *ctx = ask->private;
@@ -271,15 +405,40 @@ static void hash_sock_destruct(struct sock *sk)
sock_kfree_s(sk, ctx->result,
crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)));
sock_kfree_s(sk, ctx, ctx->len);
+}
+
+static void hash_sock_destruct(struct sock *sk)
+{
+ hash_sock_destruct_common(sk);
af_alg_release_parent(sk);
}
-static int hash_accept_parent(void *private, struct sock *sk)
+static void hash_release_parent_nokey(struct sock *sk)
+{
+ struct alg_sock *ask = alg_sk(sk);
+
+ if (!ask->refcnt) {
+ sock_put(ask->parent);
+ return;
+ }
+
+ af_alg_release_parent(sk);
+}
+
+static void hash_sock_destruct_nokey(struct sock *sk)
+{
+ hash_sock_destruct_common(sk);
+ hash_release_parent_nokey(sk);
+}
+
+static int hash_accept_parent_common(void *private, struct sock *sk)
{
struct hash_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
- unsigned len = sizeof(*ctx) + crypto_ahash_reqsize(private);
- unsigned ds = crypto_ahash_digestsize(private);
+ struct algif_hash_tfm *tfm = private;
+ struct crypto_ahash *hash = tfm->hash;
+ unsigned len = sizeof(*ctx) + crypto_ahash_reqsize(hash);
+ unsigned ds = crypto_ahash_digestsize(hash);
ctx = sock_kmalloc(sk, len, GFP_KERNEL);
if (!ctx)
@@ -299,7 +458,7 @@ static int hash_accept_parent(void *private, struct sock *sk)
ask->private = ctx;
- ahash_request_set_tfm(&ctx->req, private);
+ ahash_request_set_tfm(&ctx->req, hash);
ahash_request_set_callback(&ctx->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
af_alg_complete, &ctx->completion);
@@ -308,12 +467,38 @@ static int hash_accept_parent(void *private, struct sock *sk)
return 0;
}
+static int hash_accept_parent(void *private, struct sock *sk)
+{
+ struct algif_hash_tfm *tfm = private;
+
+ if (!tfm->has_key && crypto_ahash_has_setkey(tfm->hash))
+ return -ENOKEY;
+
+ return hash_accept_parent_common(private, sk);
+}
+
+static int hash_accept_parent_nokey(void *private, struct sock *sk)
+{
+ int err;
+
+ err = hash_accept_parent_common(private, sk);
+ if (err)
+ goto out;
+
+ sk->sk_destruct = hash_sock_destruct_nokey;
+
+out:
+ return err;
+}
+
static const struct af_alg_type algif_type_hash = {
.bind = hash_bind,
.release = hash_release,
.setkey = hash_setkey,
.accept = hash_accept_parent,
+ .accept_nokey = hash_accept_parent_nokey,
.ops = &algif_hash_ops,
+ .ops_nokey = &algif_hash_ops_nokey,
.name = "hash",
.owner = THIS_MODULE
};
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 010/319] crypto: skcipher - Add crypto_skcipher_has_setkey
2017-02-05 19:09 ` Willy Tarreau
` (9 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit a1383cd86a062fc798899ab20f0ec2116cce39cb upstream.
This patch adds a way for skcipher users to determine whether a key
is required by a transform.
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/ablkcipher.c | 2 ++
crypto/blkcipher.c | 1 +
include/linux/crypto.h | 8 ++++++++
3 files changed, 11 insertions(+)
diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index ebcec74..2b6dd74 100644
--- a/crypto/ablkcipher.c
+++ b/crypto/ablkcipher.c
@@ -379,6 +379,7 @@ static int crypto_init_ablkcipher_ops(struct crypto_tfm *tfm, u32 type,
}
crt->base = __crypto_ablkcipher_cast(tfm);
crt->ivsize = alg->ivsize;
+ crt->has_setkey = alg->max_keysize;
return 0;
}
@@ -460,6 +461,7 @@ static int crypto_init_givcipher_ops(struct crypto_tfm *tfm, u32 type,
crt->givdecrypt = alg->givdecrypt ?: no_givdecrypt;
crt->base = __crypto_ablkcipher_cast(tfm);
crt->ivsize = alg->ivsize;
+ crt->has_setkey = alg->max_keysize;
return 0;
}
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index a79e7e9..37af08e 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -458,6 +458,7 @@ static int crypto_init_blkcipher_ops_async(struct crypto_tfm *tfm)
}
crt->base = __crypto_ablkcipher_cast(tfm);
crt->ivsize = alg->ivsize;
+ crt->has_setkey = alg->max_keysize;
return 0;
}
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index 2b00d92..61dd0b1 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -354,6 +354,7 @@ struct ablkcipher_tfm {
unsigned int ivsize;
unsigned int reqsize;
+ bool has_setkey;
};
struct aead_tfm {
@@ -664,6 +665,13 @@ static inline int crypto_ablkcipher_setkey(struct crypto_ablkcipher *tfm,
return crt->setkey(crt->base, key, keylen);
}
+static inline bool crypto_ablkcipher_has_setkey(struct crypto_ablkcipher *tfm)
+{
+ struct ablkcipher_tfm *crt = crypto_ablkcipher_crt(tfm);
+
+ return crt->has_setkey;
+}
+
static inline struct crypto_ablkcipher *crypto_ablkcipher_reqtfm(
struct ablkcipher_request *req)
{
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 011/319] crypto: algif_skcipher - Add key check exception for cipher_null
2017-02-05 19:09 ` Willy Tarreau
` (10 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit 6e8d8ecf438792ecf7a3207488fb4eebc4edb040 upstream.
This patch adds an exception to the key check so that cipher_null
users may continue to use algif_skcipher without setting a key.
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/algif_skcipher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index db5f0f0..4677a45 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -759,7 +759,7 @@ static int skcipher_accept_parent(void *private, struct sock *sk)
{
struct skcipher_tfm *tfm = private;
- if (!tfm->has_key)
+ if (!tfm->has_key && crypto_ablkcipher_has_setkey(tfm->skcipher))
return -ENOKEY;
return skcipher_accept_parent_common(private, sk);
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 012/319] crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey path
2017-02-05 19:09 ` Willy Tarreau
` (11 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit 6a935170a980024dd29199e9dbb5c4da4767a1b9 upstream.
This patch allows af_alg_release_parent to be called even for
nokey sockets.
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/af_alg.c | 9 ++++++++-
include/crypto/if_alg.h | 1 +
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index de130c2..2f8fd84 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -133,6 +133,12 @@ void af_alg_release_parent(struct sock *sk)
bool last;
sk = ask->parent;
+
+ if (ask->nokey_refcnt && !ask->refcnt) {
+ sock_put(sk);
+ return;
+ }
+
ask = alg_sk(sk);
lock_sock(sk);
@@ -258,8 +264,8 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
struct alg_sock *ask = alg_sk(sk);
const struct af_alg_type *type;
struct sock *sk2;
+ unsigned int nokey;
int err;
- bool nokey;
lock_sock(sk);
type = ask->type;
@@ -292,6 +298,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
sock_hold(sk);
alg_sk(sk2)->parent = sk;
alg_sk(sk2)->type = type;
+ alg_sk(sk2)->nokey_refcnt = nokey;
newsock->ops = type->ops;
newsock->state = SS_CONNECTED;
diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h
index 9e6a2f3..bfefd81 100644
--- a/include/crypto/if_alg.h
+++ b/include/crypto/if_alg.h
@@ -31,6 +31,7 @@ struct alg_sock {
struct sock *parent;
unsigned int refcnt;
+ unsigned int nokey_refcnt;
const struct af_alg_type *type;
void *private;
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 013/319] crypto: algif_hash - Remove custom release parent function
2017-02-05 19:09 ` Willy Tarreau
` (12 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit f1d84af1835846a5a2b827382c5848faf2bb0e75 upstream.
This patch removes the custom release parent function as the
generic af_alg_release_parent now works for nokey sockets too.
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/algif_hash.c | 43 +++----------------------------------------
1 file changed, 3 insertions(+), 40 deletions(-)
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 7bc3f89..512aa36 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -397,7 +397,7 @@ static int hash_setkey(void *private, const u8 *key, unsigned int keylen)
return err;
}
-static void hash_sock_destruct_common(struct sock *sk)
+static void hash_sock_destruct(struct sock *sk)
{
struct alg_sock *ask = alg_sk(sk);
struct hash_ctx *ctx = ask->private;
@@ -405,33 +405,10 @@ static void hash_sock_destruct_common(struct sock *sk)
sock_kfree_s(sk, ctx->result,
crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)));
sock_kfree_s(sk, ctx, ctx->len);
-}
-
-static void hash_sock_destruct(struct sock *sk)
-{
- hash_sock_destruct_common(sk);
- af_alg_release_parent(sk);
-}
-
-static void hash_release_parent_nokey(struct sock *sk)
-{
- struct alg_sock *ask = alg_sk(sk);
-
- if (!ask->refcnt) {
- sock_put(ask->parent);
- return;
- }
-
af_alg_release_parent(sk);
}
-static void hash_sock_destruct_nokey(struct sock *sk)
-{
- hash_sock_destruct_common(sk);
- hash_release_parent_nokey(sk);
-}
-
-static int hash_accept_parent_common(void *private, struct sock *sk)
+static int hash_accept_parent_nokey(void *private, struct sock *sk)
{
struct hash_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
@@ -474,21 +451,7 @@ static int hash_accept_parent(void *private, struct sock *sk)
if (!tfm->has_key && crypto_ahash_has_setkey(tfm->hash))
return -ENOKEY;
- return hash_accept_parent_common(private, sk);
-}
-
-static int hash_accept_parent_nokey(void *private, struct sock *sk)
-{
- int err;
-
- err = hash_accept_parent_common(private, sk);
- if (err)
- goto out;
-
- sk->sk_destruct = hash_sock_destruct_nokey;
-
-out:
- return err;
+ return hash_accept_parent_nokey(private, sk);
}
static const struct af_alg_type algif_type_hash = {
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 014/319] crypto: algif_skcipher - Remove custom release parent function
2017-02-05 19:09 ` Willy Tarreau
` (13 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit d7b65aee1e7b4c87922b0232eaba56a8a143a4a0 upstream.
This patch removes the custom release parent function as the
generic af_alg_release_parent now works for nokey sockets too.
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/algif_skcipher.c | 43 +++----------------------------------------
1 file changed, 3 insertions(+), 40 deletions(-)
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 4677a45..a7800b7 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -681,7 +681,7 @@ static int skcipher_setkey(void *private, const u8 *key, unsigned int keylen)
return err;
}
-static void skcipher_sock_destruct_common(struct sock *sk)
+static void skcipher_sock_destruct(struct sock *sk)
{
struct alg_sock *ask = alg_sk(sk);
struct skcipher_ctx *ctx = ask->private;
@@ -690,33 +690,10 @@ static void skcipher_sock_destruct_common(struct sock *sk)
skcipher_free_sgl(sk);
sock_kfree_s(sk, ctx->iv, crypto_ablkcipher_ivsize(tfm));
sock_kfree_s(sk, ctx, ctx->len);
-}
-
-static void skcipher_sock_destruct(struct sock *sk)
-{
- skcipher_sock_destruct_common(sk);
- af_alg_release_parent(sk);
-}
-
-static void skcipher_release_parent_nokey(struct sock *sk)
-{
- struct alg_sock *ask = alg_sk(sk);
-
- if (!ask->refcnt) {
- sock_put(ask->parent);
- return;
- }
-
af_alg_release_parent(sk);
}
-static void skcipher_sock_destruct_nokey(struct sock *sk)
-{
- skcipher_sock_destruct_common(sk);
- skcipher_release_parent_nokey(sk);
-}
-
-static int skcipher_accept_parent_common(void *private, struct sock *sk)
+static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
{
struct skcipher_ctx *ctx;
struct alg_sock *ask = alg_sk(sk);
@@ -762,21 +739,7 @@ static int skcipher_accept_parent(void *private, struct sock *sk)
if (!tfm->has_key && crypto_ablkcipher_has_setkey(tfm->skcipher))
return -ENOKEY;
- return skcipher_accept_parent_common(private, sk);
-}
-
-static int skcipher_accept_parent_nokey(void *private, struct sock *sk)
-{
- int err;
-
- err = skcipher_accept_parent_common(private, sk);
- if (err)
- goto out;
-
- sk->sk_destruct = skcipher_sock_destruct_nokey;
-
-out:
- return err;
+ return skcipher_accept_parent_nokey(private, sk);
}
static const struct af_alg_type algif_type_skcipher = {
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 015/319] crypto: af_alg - Forbid bind(2) when nokey child sockets are present
2017-02-05 19:09 ` Willy Tarreau
` (14 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit a6a48c565f6f112c6983e2a02b1602189ed6e26e upstream.
This patch forbids the calling of bind(2) when there are child
sockets created by accept(2) in existence, even if they are created
on the nokey path.
This is needed as those child sockets have references to the tfm
object which bind(2) will destroy.
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/af_alg.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 2f8fd84..68ec1ac 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -130,19 +130,16 @@ EXPORT_SYMBOL_GPL(af_alg_release);
void af_alg_release_parent(struct sock *sk)
{
struct alg_sock *ask = alg_sk(sk);
- bool last;
+ unsigned int nokey = ask->nokey_refcnt;
+ bool last = nokey && !ask->refcnt;
sk = ask->parent;
-
- if (ask->nokey_refcnt && !ask->refcnt) {
- sock_put(sk);
- return;
- }
-
ask = alg_sk(sk);
lock_sock(sk);
- last = !--ask->refcnt;
+ ask->nokey_refcnt -= nokey;
+ if (!last)
+ last = !--ask->refcnt;
release_sock(sk);
if (last)
@@ -185,7 +182,7 @@ static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
err = -EBUSY;
lock_sock(sk);
- if (ask->refcnt)
+ if (ask->refcnt | ask->nokey_refcnt)
goto unlock;
swap(ask->type, type);
@@ -296,6 +293,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
if (nokey || !ask->refcnt++)
sock_hold(sk);
+ ask->nokey_refcnt += nokey;
alg_sk(sk2)->parent = sk;
alg_sk(sk2)->type = type;
alg_sk(sk2)->nokey_refcnt = nokey;
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 016/319] crypto: algif_hash - Fix race condition in hash_check_key
2017-02-05 19:09 ` Willy Tarreau
` (15 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit ad46d7e33219218605ea619e32553daf4f346b9f upstream.
We need to lock the child socket in hash_check_key as otherwise
two simultaneous calls can cause the parent socket to be freed.
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/algif_hash.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 512aa36..d11d431 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -255,22 +255,23 @@ static struct proto_ops algif_hash_ops = {
static int hash_check_key(struct socket *sock)
{
- int err;
+ int err = 0;
struct sock *psk;
struct alg_sock *pask;
struct algif_hash_tfm *tfm;
struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk);
+ lock_sock(sk);
if (ask->refcnt)
- return 0;
+ goto unlock_child;
psk = ask->parent;
pask = alg_sk(ask->parent);
tfm = pask->private;
err = -ENOKEY;
- lock_sock(psk);
+ lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
if (!tfm->has_key)
goto unlock;
@@ -284,6 +285,8 @@ static int hash_check_key(struct socket *sock)
unlock:
release_sock(psk);
+unlock_child:
+ release_sock(sk);
return err;
}
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 017/319] crypto: algif_skcipher - Fix race condition in skcipher_check_key
2017-02-05 19:09 ` Willy Tarreau
` (16 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit 1822793a523e5d5730b19cc21160ff1717421bc8 upstream.
We need to lock the child socket in skcipher_check_key as otherwise
two simultaneous calls can cause the parent socket to be freed.
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/algif_skcipher.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index a7800b7..13fd26e 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -551,22 +551,23 @@ static struct proto_ops algif_skcipher_ops = {
static int skcipher_check_key(struct socket *sock)
{
- int err;
+ int err = 0;
struct sock *psk;
struct alg_sock *pask;
struct skcipher_tfm *tfm;
struct sock *sk = sock->sk;
struct alg_sock *ask = alg_sk(sk);
+ lock_sock(sk);
if (ask->refcnt)
- return 0;
+ goto unlock_child;
psk = ask->parent;
pask = alg_sk(ask->parent);
tfm = pask->private;
err = -ENOKEY;
- lock_sock(psk);
+ lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
if (!tfm->has_key)
goto unlock;
@@ -580,6 +581,8 @@ static int skcipher_check_key(struct socket *sock)
unlock:
release_sock(psk);
+unlock_child:
+ release_sock(sk);
return err;
}
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 018/319] crypto: algif_skcipher - Load TX SG list after waiting
2017-02-05 19:09 ` Willy Tarreau
` (17 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit 4f0414e54e4d1893c6f08260693f8ef84c929293 upstream.
We need to load the TX SG list in sendmsg(2) after waiting for
incoming data, not before.
Cc: stable@vger.kernel.org
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/algif_skcipher.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 13fd26e..ea05c53 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -446,13 +446,6 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock,
char __user *from = iov->iov_base;
while (seglen) {
- sgl = list_first_entry(&ctx->tsgl,
- struct skcipher_sg_list, list);
- sg = sgl->sg;
-
- while (!sg->length)
- sg++;
-
used = ctx->used;
if (!used) {
err = skcipher_wait_for_data(sk, flags);
@@ -474,6 +467,13 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock,
if (!used)
goto free;
+ sgl = list_first_entry(&ctx->tsgl,
+ struct skcipher_sg_list, list);
+ sg = sgl->sg;
+
+ while (!sg->length)
+ sg++;
+
ablkcipher_request_set_crypt(&ctx->req, sg,
ctx->rsgl.sg, used,
ctx->iv);
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 019/319] crypto: cryptd - initialize child shash_desc on import
2017-02-05 19:09 ` Willy Tarreau
` (18 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux
Cc: Ard Biesheuvel, Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
commit 0bd2223594a4dcddc1e34b15774a3a4776f7749e upstream.
When calling .import() on a cryptd ahash_request, the structure members
that describe the child transform in the shash_desc need to be initialized
like they are when calling .init()
Cc: stable@vger.kernel.org
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/cryptd.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 75c415d..d85fab9 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -565,9 +565,14 @@ static int cryptd_hash_export(struct ahash_request *req, void *out)
static int cryptd_hash_import(struct ahash_request *req, const void *in)
{
- struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
+ struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+ struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(tfm);
+ struct shash_desc *desc = cryptd_shash_desc(req);
+
+ desc->tfm = ctx->child;
+ desc->flags = req->base.flags;
- return crypto_shash_import(&rctx->desc, in);
+ return crypto_shash_import(desc, in);
}
static int cryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb,
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 020/319] crypto: skcipher - Fix blkcipher walk OOM crash
2017-02-05 19:09 ` Willy Tarreau
` (19 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux; +Cc: Herbert Xu, Andrey Ryabinin, Willy Tarreau
From: Herbert Xu <herbert@gondor.apana.org.au>
commit acdb04d0b36769b3e05990c488dc74d8b7ac8060 upstream.
When we need to allocate a temporary blkcipher_walk_next and it
fails, the code is supposed to take the slow path of processing
the data block by block. However, due to an unrelated change
we instead end up dereferencing the NULL pointer.
This patch fixes it by moving the unrelated bsize setting out
of the way so that we enter the slow path as inteded.
Fixes: 7607bd8ff03b ("[CRYPTO] blkcipher: Added blkcipher_walk_virt_block")
Cc: stable@vger.kernel.org
Reported-by: xiakaixu <xiakaixu@huawei.com>
Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/blkcipher.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index 37af08e..39b09f25 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -238,6 +238,8 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc,
return blkcipher_walk_done(desc, walk, -EINVAL);
}
+ bsize = min(walk->blocksize, n);
+
walk->flags &= ~(BLKCIPHER_WALK_SLOW | BLKCIPHER_WALK_COPY |
BLKCIPHER_WALK_DIFF);
if (!scatterwalk_aligned(&walk->in, alignmask) ||
@@ -250,7 +252,6 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc,
}
}
- bsize = min(walk->blocksize, n);
n = scatterwalk_clamp(&walk->in, n);
n = scatterwalk_clamp(&walk->out, n);
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 021/319] crypto: gcm - Fix IV buffer size in crypto_gcm_setkey
2017-02-05 19:09 ` Willy Tarreau
` (20 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux
Cc: Ondrej MosnáÄek, Herbert Xu, Willy Tarreau
From: Ondrej MosnáÄek <omosnacek@gmail.com>
commit 50d2e6dc1f83db0563c7d6603967bf9585ce934b upstream.
The cipher block size for GCM is 16 bytes, and thus the CTR transform
used in crypto_gcm_setkey() will also expect a 16-byte IV. However,
the code currently reserves only 8 bytes for the IV, causing
an out-of-bounds access in the CTR transform. This patch fixes
the issue by setting the size of the IV buffer to 16 bytes.
Fixes: 84c911523020 ("[CRYPTO] gcm: Add support for async ciphers")
Signed-off-by: Ondrej Mosnacek <omosnacek@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
crypto/gcm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/gcm.c b/crypto/gcm.c
index 451e420..a1ec756 100644
--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -109,7 +109,7 @@ static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key,
struct crypto_ablkcipher *ctr = ctx->ctr;
struct {
be128 hash;
- u8 iv[8];
+ u8 iv[16];
struct crypto_gcm_setkey_result result;
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 022/319] MIPS: KVM: Fix unused variable build warning
2017-02-05 19:09 ` Willy Tarreau
` (21 preceding siblings ...)
(?)
@ 2017-02-05 19:09 ` Willy Tarreau
-1 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux
Cc: Nicholas Mc Guire, Gleb Natapov, Paolo Bonzini, James Hogan, kvm,
linux-mips, Ralf Baechle, Willy Tarreau
From: Nicholas Mc Guire <hofrat@osadl.org>
commit 5f508c43a7648baa892528922402f1e13f258bd4 upstream.
As kvm_mips_complete_mmio_load() did not yet modify PC at this point
as James Hogans <james.hogan@imgtec.com> explained the curr_pc variable
and the comments along with it can be dropped.
Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Link: http://lkml.org/lkml/2015/5/8/422
Cc: Gleb Natapov <gleb@kernel.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: kvm@vger.kernel.org
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/9993/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
[james.hogan@imgtec.com: Backport to 3.10..3.16]
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
arch/mips/kvm/kvm_mips_emul.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/arch/mips/kvm/kvm_mips_emul.c b/arch/mips/kvm/kvm_mips_emul.c
index 9f76438..5c2d70b 100644
--- a/arch/mips/kvm/kvm_mips_emul.c
+++ b/arch/mips/kvm/kvm_mips_emul.c
@@ -1610,7 +1610,6 @@ kvm_mips_complete_mmio_load(struct kvm_vcpu *vcpu, struct kvm_run *run)
{
unsigned long *gpr = &vcpu->arch.gprs[vcpu->arch.io_gpr];
enum emulation_result er = EMULATE_DONE;
- unsigned long curr_pc;
if (run->mmio.len > sizeof(*gpr)) {
printk("Bad MMIO length: %d", run->mmio.len);
@@ -1618,11 +1617,6 @@ kvm_mips_complete_mmio_load(struct kvm_vcpu *vcpu, struct kvm_run *run)
goto done;
}
- /*
- * Update PC and hold onto current PC in case there is
- * an error and we want to rollback the PC
- */
- curr_pc = vcpu->arch.pc;
er = update_pc(vcpu, vcpu->arch.pending_load_cause);
if (er == EMULATE_FAIL)
return er;
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 023/319] KVM: MIPS: Precalculate MMIO load resume PC
@ 2017-02-05 19:09 ` Willy Tarreau
0 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux
Cc: James Hogan, Paolo Bonzini, Radim Krčmář,
Ralf Baechle, linux-mips, kvm
From: James Hogan <james.hogan@imgtec.com>
commit e1e575f6b026734be3b1f075e780e91ab08ca541 upstream.
The advancing of the PC when completing an MMIO load is done before
re-entering the guest, i.e. before restoring the guest ASID. However if
the load is in a branch delay slot it may need to access guest code to
read the prior branch instruction. This isn't safe in TLB mapped code at
the moment, nor in the future when we'll access unmapped guest segments
using direct user accessors too, as it could read the branch from host
user memory instead.
Therefore calculate the resume PC in advance while we're still in the
right context and save it in the new vcpu->arch.io_pc (replacing the no
longer needed vcpu->arch.pending_load_cause), and restore it on MMIO
completion.
Fixes: e685c689f3a8 ("KVM/MIPS32: Privileged instruction/target branch emulation.")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim KrÄmář <rkrcmar@redhat.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Cc: <stable@vger.kernel.org> # 3.10.x-3.16.x: 5f508c43a764: MIPS: KVM: Fix unused variable build warning
Cc: <stable@vger.kernel.org> # 3.10.x-3.16.x
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[james.hogan@imgtec.com: Backport to 3.10..3.16]
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
arch/mips/include/asm/kvm_host.h | 7 ++++---
arch/mips/kvm/kvm_mips_emul.c | 25 +++++++++++++++----------
2 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/arch/mips/include/asm/kvm_host.h b/arch/mips/include/asm/kvm_host.h
index 883a162..05863e3 100644
--- a/arch/mips/include/asm/kvm_host.h
+++ b/arch/mips/include/asm/kvm_host.h
@@ -375,7 +375,10 @@ struct kvm_vcpu_arch {
/* Host KSEG0 address of the EI/DI offset */
void *kseg0_commpage;
- u32 io_gpr; /* GPR used as IO source/target */
+ /* Resume PC after MMIO completion */
+ unsigned long io_pc;
+ /* GPR used as IO source/target */
+ u32 io_gpr;
/* Used to calibrate the virutal count register for the guest */
int32_t host_cp0_count;
@@ -386,8 +389,6 @@ struct kvm_vcpu_arch {
/* Bitmask of pending exceptions to be cleared */
unsigned long pending_exceptions_clr;
- unsigned long pending_load_cause;
-
/* Save/Restore the entryhi register when are are preempted/scheduled back in */
unsigned long preempt_entryhi;
diff --git a/arch/mips/kvm/kvm_mips_emul.c b/arch/mips/kvm/kvm_mips_emul.c
index 5c2d70b..e5977f2 100644
--- a/arch/mips/kvm/kvm_mips_emul.c
+++ b/arch/mips/kvm/kvm_mips_emul.c
@@ -773,6 +773,7 @@ kvm_mips_emulate_load(uint32_t inst, uint32_t cause,
struct kvm_run *run, struct kvm_vcpu *vcpu)
{
enum emulation_result er = EMULATE_DO_MMIO;
+ unsigned long curr_pc;
int32_t op, base, rt, offset;
uint32_t bytes;
@@ -781,7 +782,18 @@ kvm_mips_emulate_load(uint32_t inst, uint32_t cause,
offset = inst & 0xffff;
op = (inst >> 26) & 0x3f;
- vcpu->arch.pending_load_cause = cause;
+ /*
+ * Find the resume PC now while we have safe and easy access to the
+ * prior branch instruction, and save it for
+ * kvm_mips_complete_mmio_load() to restore later.
+ */
+ curr_pc = vcpu->arch.pc;
+ er = update_pc(vcpu, cause);
+ if (er == EMULATE_FAIL)
+ return er;
+ vcpu->arch.io_pc = vcpu->arch.pc;
+ vcpu->arch.pc = curr_pc;
+
vcpu->arch.io_gpr = rt;
switch (op) {
@@ -1617,9 +1629,8 @@ kvm_mips_complete_mmio_load(struct kvm_vcpu *vcpu, struct kvm_run *run)
goto done;
}
- er = update_pc(vcpu, vcpu->arch.pending_load_cause);
- if (er == EMULATE_FAIL)
- return er;
+ /* Restore saved resume PC */
+ vcpu->arch.pc = vcpu->arch.io_pc;
switch (run->mmio.len) {
case 4:
@@ -1641,12 +1652,6 @@ kvm_mips_complete_mmio_load(struct kvm_vcpu *vcpu, struct kvm_run *run)
break;
}
- if (vcpu->arch.pending_load_cause & CAUSEF_BD)
- kvm_debug
- ("[%#lx] Completing %d byte BD Load to gpr %d (0x%08lx) type %d\n",
- vcpu->arch.pc, run->mmio.len, vcpu->arch.io_gpr, *gpr,
- vcpu->mmio_needed);
-
done:
return er;
}
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* [PATCH 3.10 023/319] KVM: MIPS: Precalculate MMIO load resume PC
@ 2017-02-05 19:09 ` Willy Tarreau
0 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-05 19:09 UTC (permalink / raw)
To: linux-kernel, stable, linux
Cc: James Hogan, Paolo Bonzini, Radim Krčmář,
Ralf Baechle, linux-mips, kvm, Fixunusedvariablebuildwarning,
stable, Willy Tarreau
From: James Hogan <james.hogan@imgtec.com>
commit e1e575f6b026734be3b1f075e780e91ab08ca541 upstream.
The advancing of the PC when completing an MMIO load is done before
re-entering the guest, i.e. before restoring the guest ASID. However if
the load is in a branch delay slot it may need to access guest code to
read the prior branch instruction. This isn't safe in TLB mapped code at
the moment, nor in the future when we'll access unmapped guest segments
using direct user accessors too, as it could read the branch from host
user memory instead.
Therefore calculate the resume PC in advance while we're still in the
right context and save it in the new vcpu->arch.io_pc (replacing the no
longer needed vcpu->arch.pending_load_cause), and restore it on MMIO
completion.
Fixes: e685c689f3a8 ("KVM/MIPS32: Privileged instruction/target branch emulation.")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim KrÄmář <rkrcmar@redhat.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: kvm@vger.kernel.org
Cc: <stable@vger.kernel.org> # 3.10.x-3.16.x: 5f508c43a764: MIPS: KVM: Fix unused variable build warning
Cc: <stable@vger.kernel.org> # 3.10.x-3.16.x
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[james.hogan@imgtec.com: Backport to 3.10..3.16]
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
arch/mips/include/asm/kvm_host.h | 7 ++++---
arch/mips/kvm/kvm_mips_emul.c | 25 +++++++++++++++----------
2 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/arch/mips/include/asm/kvm_host.h b/arch/mips/include/asm/kvm_host.h
index 883a162..05863e3 100644
--- a/arch/mips/include/asm/kvm_host.h
+++ b/arch/mips/include/asm/kvm_host.h
@@ -375,7 +375,10 @@ struct kvm_vcpu_arch {
/* Host KSEG0 address of the EI/DI offset */
void *kseg0_commpage;
- u32 io_gpr; /* GPR used as IO source/target */
+ /* Resume PC after MMIO completion */
+ unsigned long io_pc;
+ /* GPR used as IO source/target */
+ u32 io_gpr;
/* Used to calibrate the virutal count register for the guest */
int32_t host_cp0_count;
@@ -386,8 +389,6 @@ struct kvm_vcpu_arch {
/* Bitmask of pending exceptions to be cleared */
unsigned long pending_exceptions_clr;
- unsigned long pending_load_cause;
-
/* Save/Restore the entryhi register when are are preempted/scheduled back in */
unsigned long preempt_entryhi;
diff --git a/arch/mips/kvm/kvm_mips_emul.c b/arch/mips/kvm/kvm_mips_emul.c
index 5c2d70b..e5977f2 100644
--- a/arch/mips/kvm/kvm_mips_emul.c
+++ b/arch/mips/kvm/kvm_mips_emul.c
@@ -773,6 +773,7 @@ kvm_mips_emulate_load(uint32_t inst, uint32_t cause,
struct kvm_run *run, struct kvm_vcpu *vcpu)
{
enum emulation_result er = EMULATE_DO_MMIO;
+ unsigned long curr_pc;
int32_t op, base, rt, offset;
uint32_t bytes;
@@ -781,7 +782,18 @@ kvm_mips_emulate_load(uint32_t inst, uint32_t cause,
offset = inst & 0xffff;
op = (inst >> 26) & 0x3f;
- vcpu->arch.pending_load_cause = cause;
+ /*
+ * Find the resume PC now while we have safe and easy access to the
+ * prior branch instruction, and save it for
+ * kvm_mips_complete_mmio_load() to restore later.
+ */
+ curr_pc = vcpu->arch.pc;
+ er = update_pc(vcpu, cause);
+ if (er == EMULATE_FAIL)
+ return er;
+ vcpu->arch.io_pc = vcpu->arch.pc;
+ vcpu->arch.pc = curr_pc;
+
vcpu->arch.io_gpr = rt;
switch (op) {
@@ -1617,9 +1629,8 @@ kvm_mips_complete_mmio_load(struct kvm_vcpu *vcpu, struct kvm_run *run)
goto done;
}
- er = update_pc(vcpu, vcpu->arch.pending_load_cause);
- if (er == EMULATE_FAIL)
- return er;
+ /* Restore saved resume PC */
+ vcpu->arch.pc = vcpu->arch.io_pc;
switch (run->mmio.len) {
case 4:
@@ -1641,12 +1652,6 @@ kvm_mips_complete_mmio_load(struct kvm_vcpu *vcpu, struct kvm_run *run)
break;
}
- if (vcpu->arch.pending_load_cause & CAUSEF_BD)
- kvm_debug
- ("[%#lx] Completing %d byte BD Load to gpr %d (0x%08lx) type %d\n",
- vcpu->arch.pc, run->mmio.len, vcpu->arch.io_gpr, *gpr,
- vcpu->mmio_needed);
-
done:
return er;
}
--
2.8.0.rc2.1.gbe9624a
^ permalink raw reply related [flat|nested] 35+ messages in thread
* Re: [PATCH 3.10 000/319] 3.10.105-stable review
2017-02-05 19:09 ` Willy Tarreau
` (23 preceding siblings ...)
(?)
@ 2017-02-06 3:12 ` Guenter Roeck
2017-02-06 6:30 ` Willy Tarreau
-1 siblings, 1 reply; 35+ messages in thread
From: Guenter Roeck @ 2017-02-06 3:12 UTC (permalink / raw)
To: Willy Tarreau, linux-kernel, stable
On 02/05/2017 11:09 AM, Willy Tarreau wrote:
> This is the start of the stable review cycle for the 3.10.105 release.
>
> NOTE! This series is quite large as I've caught up with many pending fixes
> that were submitted for -stable long ago and that I had been holding on
> since 3.10.103 due to limited time. Most fixes address stability issues
> in crypto, net, usb, scsi, kvm, random info leaks, and risks of oopses
> in various subsystems. My pending queue is now empty.
>
> It builds fine here on i586 and x86_64 for allmodconfig and on armv7 with
> mvebu_defconfig.
>
> All patches will be posted as a response to this one. If anyone has any
> issue with these being applied, please let me know. If anyone thinks some
> important patches are missing and should be added prior to the release,
> please report them quickly with their respective mainline commit IDs.
>
Build results:
total: 124 pass: 98 fail: 26
Failed builds:
alpha:defconfig
alpha:allmodconfig
arc:tb10x_defconfig
avr32:defconfig
avr32:merisc_defconfig
avr32:atngw100mkii_evklcd101_defconfig
blackfin:defconfig
blackfin:BF561-EZKIT-SMP_defconfig
cris:etrax-100lx_defconfig
frv:defconfig
hexagon:defconfig
m32r:defconfig
m68k:defconfig
m68k:allmodconfig
m68k:sun3_defconfig
microblaze:mmu_defconfig
microblaze:nommu_defconfig
parisc:defconfig
parisc:a500_defconfig
score:defconfig
sh:dreamcast_defconfig
sh:shx3_defconfig
tile:tilegx_defconfig
unicore32:defconfig
xtensa:defconfig
xtensa:allmodconfig
Qemu test results:
total: 83 pass: 60 fail: 23
Failed tests:
alpha:defconfig
microblaze:microblaze_defconfig
microblaze:microblazeel_defconfig
sh:rts7751r2dplus_defconfig
sh:rts7751r2dplus_defconfig
sparc32:SPARCClassic:nosmp:sparc32_defconfig
sparc32:SPARCbook:nosmp:sparc32_defconfig
sparc32:SS-4:nosmp:sparc32_defconfig
sparc32:SS-5:nosmp:sparc32_defconfig
sparc32:SS-10:nosmp:sparc32_defconfig
sparc32:SS-20:nosmp:sparc32_defconfig
sparc32:SS-600MP:nosmp:sparc32_defconfig
sparc32:LX:nosmp:sparc32_defconfig
sparc32:Voyager:nosmp:sparc32_defconfig
sparc32:SPARCClassic:smp:sparc32_defconfig
sparc32:SPARCbook:smp:sparc32_defconfig
sparc32:SS-4:smp:sparc32_defconfig
sparc32:SS-5:smp:sparc32_defconfig
sparc32:SS-10:smp:sparc32_defconfig
sparc32:SS-20:smp:sparc32_defconfig
sparc32:SS-600MP:smp:sparc32_defconfig
sparc32:LX:smp:sparc32_defconfig
sparc32:Voyager:smp:sparc32_defconfig
As far as I can see, the failures are all due to the following build failure.
ipc/sem.c: In function 'complexmode_tryleave':
ipc/sem.c:317: error: implicit declaration of function 'smp_store_release'
ipc/sem.c: In function 'sem_lock':
ipc/sem.c:370: error: implicit declaration of function 'smp_load_acquire'
Details are available at http://kerneltests.org/builders.
Guenter
^ permalink raw reply [flat|nested] 35+ messages in thread
* Re: [PATCH 3.10 000/319] 3.10.105-stable review
2017-02-06 3:12 ` [PATCH 3.10 000/319] 3.10.105-stable review Guenter Roeck
@ 2017-02-06 6:30 ` Willy Tarreau
0 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-06 6:30 UTC (permalink / raw)
To: Guenter Roeck; +Cc: linux-kernel, stable
Hi Guenter,
On Sun, Feb 05, 2017 at 07:12:58PM -0800, Guenter Roeck wrote:
> On 02/05/2017 11:09 AM, Willy Tarreau wrote:
> > This is the start of the stable review cycle for the 3.10.105 release.
> >
> > NOTE! This series is quite large as I've caught up with many pending fixes
> > that were submitted for -stable long ago and that I had been holding on
> > since 3.10.103 due to limited time. Most fixes address stability issues
> > in crypto, net, usb, scsi, kvm, random info leaks, and risks of oopses
> > in various subsystems. My pending queue is now empty.
> >
> > It builds fine here on i586 and x86_64 for allmodconfig and on armv7 with
> > mvebu_defconfig.
> >
> > All patches will be posted as a response to this one. If anyone has any
> > issue with these being applied, please let me know. If anyone thinks some
> > important patches are missing and should be added prior to the release,
> > please report them quickly with their respective mainline commit IDs.
> >
>
> Build results:
> total: 124 pass: 98 fail: 26
> Failed builds:
> alpha:defconfig
> alpha:allmodconfig
> arc:tb10x_defconfig
> avr32:defconfig
> avr32:merisc_defconfig
> avr32:atngw100mkii_evklcd101_defconfig
> blackfin:defconfig
> blackfin:BF561-EZKIT-SMP_defconfig
> cris:etrax-100lx_defconfig
> frv:defconfig
> hexagon:defconfig
> m32r:defconfig
> m68k:defconfig
> m68k:allmodconfig
> m68k:sun3_defconfig
> microblaze:mmu_defconfig
> microblaze:nommu_defconfig
> parisc:defconfig
> parisc:a500_defconfig
> score:defconfig
> sh:dreamcast_defconfig
> sh:shx3_defconfig
> tile:tilegx_defconfig
> unicore32:defconfig
> xtensa:defconfig
> xtensa:allmodconfig
>
> Qemu test results:
> total: 83 pass: 60 fail: 23
> Failed tests:
> alpha:defconfig
> microblaze:microblaze_defconfig
> microblaze:microblazeel_defconfig
> sh:rts7751r2dplus_defconfig
> sh:rts7751r2dplus_defconfig
> sparc32:SPARCClassic:nosmp:sparc32_defconfig
> sparc32:SPARCbook:nosmp:sparc32_defconfig
> sparc32:SS-4:nosmp:sparc32_defconfig
> sparc32:SS-5:nosmp:sparc32_defconfig
> sparc32:SS-10:nosmp:sparc32_defconfig
> sparc32:SS-20:nosmp:sparc32_defconfig
> sparc32:SS-600MP:nosmp:sparc32_defconfig
> sparc32:LX:nosmp:sparc32_defconfig
> sparc32:Voyager:nosmp:sparc32_defconfig
> sparc32:SPARCClassic:smp:sparc32_defconfig
> sparc32:SPARCbook:smp:sparc32_defconfig
> sparc32:SS-4:smp:sparc32_defconfig
> sparc32:SS-5:smp:sparc32_defconfig
> sparc32:SS-10:smp:sparc32_defconfig
> sparc32:SS-20:smp:sparc32_defconfig
> sparc32:SS-600MP:smp:sparc32_defconfig
> sparc32:LX:smp:sparc32_defconfig
> sparc32:Voyager:smp:sparc32_defconfig
>
> As far as I can see, the failures are all due to the following build failure.
>
> ipc/sem.c: In function 'complexmode_tryleave':
> ipc/sem.c:317: error: implicit declaration of function 'smp_store_release'
> ipc/sem.c: In function 'sem_lock':
> ipc/sem.c:370: error: implicit declaration of function 'smp_load_acquire'
Thanks a lot. I'll revert these ones and revert the patch that required
this one, it'll be safer.
Many thanks,
Willy
^ permalink raw reply [flat|nested] 35+ messages in thread
* Re: [PATCH 3.10 000/319] 3.10.105-stable review
2017-02-05 19:09 ` Willy Tarreau
` (24 preceding siblings ...)
(?)
@ 2017-02-06 8:13 ` Willy Tarreau
2017-02-06 14:46 ` Guenter Roeck
-1 siblings, 1 reply; 35+ messages in thread
From: Willy Tarreau @ 2017-02-06 8:13 UTC (permalink / raw)
To: linux-kernel, stable, linux
On Sun, Feb 05, 2017 at 08:09:04PM +0100, Willy Tarreau wrote:
> This is the start of the stable review cycle for the 3.10.105 release.
>
> NOTE! This series is quite large as I've caught up with many pending fixes
> that were submitted for -stable long ago and that I had been holding on
> since 3.10.103 due to limited time. Most fixes address stability issues
> in crypto, net, usb, scsi, kvm, random info leaks, and risks of oopses
> in various subsystems. My pending queue is now empty.
>
> It builds fine here on i586 and x86_64 for allmodconfig and on armv7 with
> mvebu_defconfig.
>
> All patches will be posted as a response to this one. If anyone has any
> issue with these being applied, please let me know. If anyone thinks some
> important patches are missing and should be added prior to the release,
> please report them quickly with their respective mainline commit IDs.
>
> Responses should be made by Fri Feb 10 10:00:00 CET 2017.
> Anything received after that time might be too late. If someone
> wants a bit more time for a deeper review, please let me know.
>
> The whole patch series can be found in one patch at :
> https://kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.10.105-rc1.gz
An updated patch was pushed here :
https://kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.10.105-rc2.gz
It drops the following patches which broke some architectures :
arch: Introduce smp_load_acquire(), smp_store_release()
kernel: Provide READ_ONCE and ASSIGN_ONCE
kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val)
kernel: make READ_ONCE() valid on const arguments
locking: Remove atomicy checks from {READ,WRITE}_ONCE
compiler: Allow 1- and 2-byte smp_load_acquire() and smp_store_release()
ipc: remove use of seq_printf return value
ipc/sem.c: fix complex_count vs. simple op race
It reverts this one as an alternative :
ipc/sem.c: optimize sem_lock()
And it drops this one as not needed (thanks to Bart Van Assche):
IB/srpt: Simplify srpt_handle_tsk_mgmt()
The deadline for the review remains unchanged.
Thanks!
Willy
^ permalink raw reply [flat|nested] 35+ messages in thread
* Re: [PATCH 3.10 000/319] 3.10.105-stable review
2017-02-06 8:13 ` Willy Tarreau
@ 2017-02-06 14:46 ` Guenter Roeck
2017-02-06 15:10 ` Willy Tarreau
2017-02-06 22:48 ` Willy Tarreau
0 siblings, 2 replies; 35+ messages in thread
From: Guenter Roeck @ 2017-02-06 14:46 UTC (permalink / raw)
To: Willy Tarreau, linux-kernel, stable
On 02/06/2017 12:13 AM, Willy Tarreau wrote:
> On Sun, Feb 05, 2017 at 08:09:04PM +0100, Willy Tarreau wrote:
>> This is the start of the stable review cycle for the 3.10.105 release.
>>
>> NOTE! This series is quite large as I've caught up with many pending fixes
>> that were submitted for -stable long ago and that I had been holding on
>> since 3.10.103 due to limited time. Most fixes address stability issues
>> in crypto, net, usb, scsi, kvm, random info leaks, and risks of oopses
>> in various subsystems. My pending queue is now empty.
>>
>> It builds fine here on i586 and x86_64 for allmodconfig and on armv7 with
>> mvebu_defconfig.
>>
>> All patches will be posted as a response to this one. If anyone has any
>> issue with these being applied, please let me know. If anyone thinks some
>> important patches are missing and should be added prior to the release,
>> please report them quickly with their respective mainline commit IDs.
>>
>> Responses should be made by Fri Feb 10 10:00:00 CET 2017.
>> Anything received after that time might be too late. If someone
>> wants a bit more time for a deeper review, please let me know.
>>
>> The whole patch series can be found in one patch at :
>> https://kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.10.105-rc1.gz
>
> An updated patch was pushed here :
>
> https://kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.10.105-rc2.gz
>
Better, but unfortunately there is now a different build error.
Build results:
total: 124 pass: 122 fail: 2
Failed builds:
x86_64:allyesconfig
x86_64:allmodconfig
Qemu test results:
total: 83 pass: 83 fail: 0
Build error:
drivers/block/xen-blkback/common.h: In function 'blkif_get_x86_32_req':
drivers/block/xen-blkback/common.h:272:2: error: implicit declaration of function 'READ_ONCE'
Guenter
^ permalink raw reply [flat|nested] 35+ messages in thread
* Re: [PATCH 3.10 000/319] 3.10.105-stable review
2017-02-06 14:46 ` Guenter Roeck
@ 2017-02-06 15:10 ` Willy Tarreau
2017-02-06 22:48 ` Willy Tarreau
1 sibling, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-06 15:10 UTC (permalink / raw)
To: Guenter Roeck; +Cc: linux-kernel, stable
On Mon, Feb 06, 2017 at 06:46:39AM -0800, Guenter Roeck wrote:
> On 02/06/2017 12:13 AM, Willy Tarreau wrote:
> > On Sun, Feb 05, 2017 at 08:09:04PM +0100, Willy Tarreau wrote:
> > > This is the start of the stable review cycle for the 3.10.105 release.
> > >
> > > NOTE! This series is quite large as I've caught up with many pending fixes
> > > that were submitted for -stable long ago and that I had been holding on
> > > since 3.10.103 due to limited time. Most fixes address stability issues
> > > in crypto, net, usb, scsi, kvm, random info leaks, and risks of oopses
> > > in various subsystems. My pending queue is now empty.
> > >
> > > It builds fine here on i586 and x86_64 for allmodconfig and on armv7 with
> > > mvebu_defconfig.
> > >
> > > All patches will be posted as a response to this one. If anyone has any
> > > issue with these being applied, please let me know. If anyone thinks some
> > > important patches are missing and should be added prior to the release,
> > > please report them quickly with their respective mainline commit IDs.
> > >
> > > Responses should be made by Fri Feb 10 10:00:00 CET 2017.
> > > Anything received after that time might be too late. If someone
> > > wants a bit more time for a deeper review, please let me know.
> > >
> > > The whole patch series can be found in one patch at :
> > > https://kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.10.105-rc1.gz
> >
> > An updated patch was pushed here :
> >
> > https://kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.10.105-rc2.gz
> >
>
> Better, but unfortunately there is now a different build error.
>
> Build results:
> total: 124 pass: 122 fail: 2
> Failed builds:
> x86_64:allyesconfig
> x86_64:allmodconfig
>
> Qemu test results:
> total: 83 pass: 83 fail: 0
>
> Build error:
>
> drivers/block/xen-blkback/common.h: In function 'blkif_get_x86_32_req':
> drivers/block/xen-blkback/common.h:272:2: error: implicit declaration of function 'READ_ONCE'
Thank you, I didn't realize that one of the Xen patches was depending
on it. It will make things a bit more complicated but it's easier for
me to debug an architecture I can more easily test ;-)
Willy
^ permalink raw reply [flat|nested] 35+ messages in thread
* Re: [PATCH 3.10 000/319] 3.10.105-stable review
2017-02-06 14:46 ` Guenter Roeck
2017-02-06 15:10 ` Willy Tarreau
@ 2017-02-06 22:48 ` Willy Tarreau
2017-02-06 23:48 ` Guenter Roeck
2017-02-07 4:56 ` Guenter Roeck
1 sibling, 2 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-06 22:48 UTC (permalink / raw)
To: Guenter Roeck; +Cc: linux-kernel, stable
On Mon, Feb 06, 2017 at 06:46:39AM -0800, Guenter Roeck wrote:
> > An updated patch was pushed here :
> >
> > https://kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.10.105-rc2.gz
> >
>
> Better, but unfortunately there is now a different build error.
>
> Build results:
> total: 124 pass: 122 fail: 2
> Failed builds:
> x86_64:allyesconfig
> x86_64:allmodconfig
>
> Qemu test results:
> total: 83 pass: 83 fail: 0
>
> Build error:
>
> drivers/block/xen-blkback/common.h: In function 'blkif_get_x86_32_req':
> drivers/block/xen-blkback/common.h:272:2: error: implicit declaration of function 'READ_ONCE'
So I could easily reproduce it on allmodconfig here and fix it, by
replacing this READ_ONCE with ACCESS_ONCE. You don't need to build again
Guenter, your report already helped me a lot.
Thanks!
Willy
^ permalink raw reply [flat|nested] 35+ messages in thread
* Re: [PATCH 3.10 000/319] 3.10.105-stable review
2017-02-06 22:48 ` Willy Tarreau
@ 2017-02-06 23:48 ` Guenter Roeck
2017-02-07 4:56 ` Guenter Roeck
1 sibling, 0 replies; 35+ messages in thread
From: Guenter Roeck @ 2017-02-06 23:48 UTC (permalink / raw)
To: Willy Tarreau; +Cc: linux-kernel, stable
On Mon, Feb 06, 2017 at 11:48:03PM +0100, Willy Tarreau wrote:
> On Mon, Feb 06, 2017 at 06:46:39AM -0800, Guenter Roeck wrote:
> > > An updated patch was pushed here :
> > >
> > > https://kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.10.105-rc2.gz
> > >
> >
> > Better, but unfortunately there is now a different build error.
> >
> > Build results:
> > total: 124 pass: 122 fail: 2
> > Failed builds:
> > x86_64:allyesconfig
> > x86_64:allmodconfig
> >
> > Qemu test results:
> > total: 83 pass: 83 fail: 0
> >
> > Build error:
> >
> > drivers/block/xen-blkback/common.h: In function 'blkif_get_x86_32_req':
> > drivers/block/xen-blkback/common.h:272:2: error: implicit declaration of function 'READ_ONCE'
>
> So I could easily reproduce it on allmodconfig here and fix it, by
> replacing this READ_ONCE with ACCESS_ONCE. You don't need to build again
> Guenter, your report already helped me a lot.
>
The system will start a build automatically after a change shows up
in your repository. Nothing I need to do other than pay for servers
and electricity :-).
I just checked - the next build of 3.10 is scheduled to start in about
an hour.
Cheers
Guenter
^ permalink raw reply [flat|nested] 35+ messages in thread
* Re: [PATCH 3.10 000/319] 3.10.105-stable review
2017-02-06 22:48 ` Willy Tarreau
2017-02-06 23:48 ` Guenter Roeck
@ 2017-02-07 4:56 ` Guenter Roeck
2017-02-07 6:39 ` Willy Tarreau
1 sibling, 1 reply; 35+ messages in thread
From: Guenter Roeck @ 2017-02-07 4:56 UTC (permalink / raw)
To: Willy Tarreau; +Cc: linux-kernel, stable
On 02/06/2017 02:48 PM, Willy Tarreau wrote:
> On Mon, Feb 06, 2017 at 06:46:39AM -0800, Guenter Roeck wrote:
>>> An updated patch was pushed here :
>>>
>>> https://kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.10.105-rc2.gz
>>>
>>
>> Better, but unfortunately there is now a different build error.
>>
>> Build results:
>> total: 124 pass: 122 fail: 2
>> Failed builds:
>> x86_64:allyesconfig
>> x86_64:allmodconfig
>>
>> Qemu test results:
>> total: 83 pass: 83 fail: 0
>>
>> Build error:
>>
>> drivers/block/xen-blkback/common.h: In function 'blkif_get_x86_32_req':
>> drivers/block/xen-blkback/common.h:272:2: error: implicit declaration of function 'READ_ONCE'
>
> So I could easily reproduce it on allmodconfig here and fix it, by
> replacing this READ_ONCE with ACCESS_ONCE. You don't need to build again
> Guenter, your report already helped me a lot.
>
This time everything builds fine.
Build results:
total: 124 pass: 124 fail: 0
Qemu test results:
total: 83 pass: 83 fail: 0
Guenter
^ permalink raw reply [flat|nested] 35+ messages in thread
* Re: [PATCH 3.10 000/319] 3.10.105-stable review
2017-02-07 4:56 ` Guenter Roeck
@ 2017-02-07 6:39 ` Willy Tarreau
0 siblings, 0 replies; 35+ messages in thread
From: Willy Tarreau @ 2017-02-07 6:39 UTC (permalink / raw)
To: Guenter Roeck; +Cc: linux-kernel, stable
On Mon, Feb 06, 2017 at 08:56:25PM -0800, Guenter Roeck wrote:
> On 02/06/2017 02:48 PM, Willy Tarreau wrote:
> > On Mon, Feb 06, 2017 at 06:46:39AM -0800, Guenter Roeck wrote:
> > > > An updated patch was pushed here :
> > > >
> > > > https://kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.10.105-rc2.gz
> > > >
> > >
> > > Better, but unfortunately there is now a different build error.
> > >
> > > Build results:
> > > total: 124 pass: 122 fail: 2
> > > Failed builds:
> > > x86_64:allyesconfig
> > > x86_64:allmodconfig
> > >
> > > Qemu test results:
> > > total: 83 pass: 83 fail: 0
> > >
> > > Build error:
> > >
> > > drivers/block/xen-blkback/common.h: In function 'blkif_get_x86_32_req':
> > > drivers/block/xen-blkback/common.h:272:2: error: implicit declaration of function 'READ_ONCE'
> >
> > So I could easily reproduce it on allmodconfig here and fix it, by
> > replacing this READ_ONCE with ACCESS_ONCE. You don't need to build again
> > Guenter, your report already helped me a lot.
> >
>
> This time everything builds fine.
>
> Build results:
> total: 124 pass: 124 fail: 0
> Qemu test results:
> total: 83 pass: 83 fail: 0
Pretty cool, thanks!
Willy
^ permalink raw reply [flat|nested] 35+ messages in thread
end of thread, other threads:[~2017-02-07 6:39 UTC | newest]
Thread overview: 35+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-05 19:09 [PATCH 3.10 000/319] 3.10.105-stable review Willy Tarreau
2017-02-05 19:09 ` Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 001/319] sched/core: Fix a race between try_to_wake_up() and a woken up task Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 002/319] sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 003/319] crypto: algif_skcipher - Require setkey before accept(2) Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 004/319] crypto: af_alg - Disallow bind/setkey/... after accept(2) Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 005/319] crypto: af_alg - Add nokey compatibility path Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 006/319] crypto: algif_skcipher " Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 007/319] crypto: hash - Add crypto_ahash_has_setkey Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 008/319] crypto: shash - Fix has_key setting Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 009/319] crypto: algif_hash - Require setkey before accept(2) Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 010/319] crypto: skcipher - Add crypto_skcipher_has_setkey Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 011/319] crypto: algif_skcipher - Add key check exception for cipher_null Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 012/319] crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey path Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 013/319] crypto: algif_hash - Remove custom release parent function Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 014/319] crypto: algif_skcipher " Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 015/319] crypto: af_alg - Forbid bind(2) when nokey child sockets are present Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 016/319] crypto: algif_hash - Fix race condition in hash_check_key Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 017/319] crypto: algif_skcipher - Fix race condition in skcipher_check_key Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 018/319] crypto: algif_skcipher - Load TX SG list after waiting Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 019/319] crypto: cryptd - initialize child shash_desc on import Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 020/319] crypto: skcipher - Fix blkcipher walk OOM crash Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 021/319] crypto: gcm - Fix IV buffer size in crypto_gcm_setkey Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 022/319] MIPS: KVM: Fix unused variable build warning Willy Tarreau
2017-02-05 19:09 ` [PATCH 3.10 023/319] KVM: MIPS: Precalculate MMIO load resume PC Willy Tarreau
2017-02-05 19:09 ` Willy Tarreau
2017-02-06 3:12 ` [PATCH 3.10 000/319] 3.10.105-stable review Guenter Roeck
2017-02-06 6:30 ` Willy Tarreau
2017-02-06 8:13 ` Willy Tarreau
2017-02-06 14:46 ` Guenter Roeck
2017-02-06 15:10 ` Willy Tarreau
2017-02-06 22:48 ` Willy Tarreau
2017-02-06 23:48 ` Guenter Roeck
2017-02-07 4:56 ` Guenter Roeck
2017-02-07 6:39 ` Willy Tarreau
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.