perf thread: Rename perf_event__preprocess_sample_addr to thread__resolve
Since none of the perf_event fields are used anymore, just the
perf_sample ones, and since this resolves to (map, symbol) from data
structures within struct thread, rename it to thread__resolve and make
the argument ordering similar to the one in machine__resolve().
perf machine: Rename perf_event__preprocess_sample to machine__resolve
Since we only deal with fields in the passed struct perf_sample move
this method to struct machine, that is where the perf_sample fields
will be resolved to a struct addr_location, i.e. thread, map, symbol,
etc.
To avoid parsing event->header.misc in many locations.
This will also allow setting perf.sample.{ip,cpumode} in a single place,
from tracepoint fields, as needed by 'perf kvm' with PPC guests, where
the guest hardware counters is not available at the host.
Linus Torvalds [Wed, 23 Mar 2016 13:12:39 +0000 (06:12 -0700)]
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fixes from Herbert Xu:
"This fixes the following issues:
API:
- Fix kzalloc error path crash in ecryptfs added by skcipher
conversion. Note the subject of the commit is screwed up and the
correct subject is actually in the body.
Drivers:
- A number of fixes to the marvell cesa hashing code.
- Remove bogus nested irqsave that clobbers the saved flags in ccp"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: marvell/cesa - forward devm_ioremap_resource() error code
crypto: marvell/cesa - initialize hash states
crypto: marvell/cesa - fix memory leak
crypto: ccp - fix lock acquisition code
eCryptfs: Use skcipher and shash
Linus Torvalds [Wed, 23 Mar 2016 13:06:45 +0000 (06:06 -0700)]
Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
Pull clk updates from Stephen Boyd:
"The clk changes for this release cycle are mostly dominated by new
device support in terms of LoC, but there has been some cleanup in the
core as well as the usual minor clk additions to various drivers.
Core:
- parent tracking has been simplified
- CLK_IS_ROOT is now a no-op flag, cleaning up drivers has started
- of_clk_init() doesn't consider disabled DT nodes anymore
- clk_unregister() had an error path bug squashed
- of_clk_get_parent_count() has been fixed to only return unsigned ints
- HAVE_MACH_CLKDEV is removed now that the last arch user (ARM) is gone
New Drivers:
- NXP LPC18xx creg
- QCOM IPQ4019 GCC
- TI dm814x ADPLL
- i.MX6QP
Updates:
- Cyngus audio clks found on Broadcom iProc devices
- Non-critical fixes for BCM2385 PLLs
- Samsung exynos5433 updates for clk id errors, HDMI support,
suspend/resume simplifications
- USB, CAN, LVDS, and FCP clks on shmobile devices
- sunxi got support for more clks on new SoCs and went through a
minor refactoring/rewrite to use a simpler factor clk construct
- rockchip added some more clk ids and added suport for fraction
dividers
- QCOM GDSCs in msm8996
- A new devm helper to make adding custom actions simpler (acked by Greg)"
* tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: (197 commits)
clk: bcm2835: fix check of error code returned by devm_ioremap_resource()
clk: renesas: div6: use RENESAS for #define
clk: renesas: Rename header file renesas.h
clk: max77{686,802}: Remove CLK_IS_ROOT
clk: versatile: Remove CLK_IS_ROOT
clk: sunxi: Remove use of variable length array
clk: fixed-rate: Remove CLK_IS_ROOT
clk: qcom: Remove CLK_IS_ROOT
doc: dt: add documentation for lpc1850-creg-clk driver
clk: add lpc18xx creg clk driver
clk: lpc32xx: fix compilation warning
clk: xgene: Add missing parenthesis when clearing divider value
clk: mb86s7x: Remove CLK_IS_ROOT
clk: x86: Remove clkdev.h and clk.h includes
clk: x86: Remove CLK_IS_ROOT
clk: mvebu: Remove CLK_IS_ROOT
clk: renesas: move drivers to renesas directory
clk: si5{14,351,70}: Remove CLK_IS_ROOT
clk: scpi: Remove CLK_IS_ROOT
clk: s2mps11: Remove CLK_IS_ROOT
...
Prarit Bhargava [Tue, 22 Mar 2016 23:06:08 +0000 (19:06 -0400)]
x86/msr: Remove unused native_read_tscp()
After e76b027 ("x86,vdso: Use LSL unconditionally for vgetcpu")
native_read_tscp() is unused in the kernel. The function can be removed like
native_read_tsc() was.
Yaowei Bai [Wed, 23 Mar 2016 01:40:09 +0000 (09:40 +0800)]
x86/apic: Remove declaration of unused hw_nmi_is_cpu_stuck
Commit 10f9014912 ("x86: Cleanup hw_nmi.c cruft") removed unused
code in the hw_nmi.c file because of the redesign of the hardlockup
watchdog but left declaration of hw_nmi_is_cpu_stuck in linux/nmi.h,
so remvoe it.
Linus Walleij [Fri, 18 Mar 2016 09:12:15 +0000 (10:12 +0100)]
staging: delete STE RMI4 hackish driver
As of commit 62d5bdf972ebcfc99f72f734ae979713e4ca6450
"Merge branch 'synaptics-rmi4' into next" the input subsystem
has a proper RMI4 infrastructure and touchscreen driver.
The ST Ux500 platform has been converted to use the new driver
and its devicetree bindings. Delete this ancient hack.
staging: android: ion_test: fix check of platform_device_register_simple() error code
On error platform_device_register_simple() returns ERR_PTR() value,
check for NULL always fails. The change corrects the check itself and
propagates the returned error upwards.
Colin Ian King [Mon, 21 Mar 2016 22:42:11 +0000 (22:42 +0000)]
staging: wilc1000: fix a couple of memory leaks
The ENOMEM error return paths are not free'ing allocated memory
resulting in a memory leak of allocated structures. Perform the
required kfree to fix the memory leaks.
Issue discovered with static analysis using CoverityScan
Cihangir Akturk [Mon, 14 Mar 2016 16:14:07 +0000 (18:14 +0200)]
staging: fsl-mc: fix incorrect type passed to dev_err macros
dev_err macros expect const struct device ** as its second
argument, but here the argument we are passing is of typ
struct device **. This patch fixes this error.
Cihangir Akturk [Mon, 14 Mar 2016 16:14:06 +0000 (18:14 +0200)]
staging: fsl-mc: fix incorrect type passed to dev_dbg macros
dev_dbg macros expect const struct device ** as its second
argument but here the argument we are passing is of type
struct device ** this patch fixes this error.
Leo Kim [Fri, 18 Mar 2016 12:23:16 +0000 (21:23 +0900)]
staging: wilc1000: fixed kernel panic when firmware is not started
This patch fixed the problems caused by if firmware is not started.
That is why, in nl80211 put current TX power in interface info.
If firmware is not started, this function(get_tx_power) does not work.
staging: most: hdm-dim2: Remove possible dereference error
Commit 3eced21a5afb ("staging: most: hdm-dim2: Replace request_irq
with devm_request_irq") introduced the following static checker
warning:
drivers/staging/most/hdm-dim2/dim2_hdm.c:841 dim2_probe() error: 'dev->netinfo_task' dereferencing possible ERR_PTR()
Remove the bug introduced by the commit due to change in control flow
by returning PTR_ERR immediately rather than returning at the end of
the function since we do not need to free anything.
Arnd Bergmann [Mon, 14 Mar 2016 22:51:09 +0000 (23:51 +0100)]
staging: lustre: really make lustre dependent on LNet
A patch intended to add a dependency on LNET for lustre didn't
actually do that and instead allowed configurations that contain
lustre with lnet but without IPv4 support that subsequently
fail to link:
warning: (LUSTRE_FS) selects LNET which has unmet direct dependencies (STAGING && INET && m && MODULES)
ERROR: "kernel_sendmsg" [drivers/staging/lustre/lnet/lnet/lnet.ko] undefined!
ERROR: "sock_create_lite" [drivers/staging/lustre/lnet/lnet/lnet.ko] undefined!
ERROR: "sock_release" [drivers/staging/lustre/lnet/lnet/lnet.ko] undefined!
ERROR: "release_sock" [drivers/staging/lustre/lnet/klnds/socklnd/ksocklnd.ko] undefined!
ERROR: "kernel_sendmsg" [drivers/staging/lustre/lnet/klnds/socklnd/ksocklnd.ko] undefined!
ERROR: "tcp_sendpage" [drivers/staging/lustre/lnet/klnds/socklnd/ksocklnd.ko] undefined!
This adds the one-line change that was evidently missing from the
commit, doing what was intended there to have a correct set of dependencies.
Signed-off-by: Arnd Bergmann <[email protected]> Fixes: b08bb6bb5af5 ("staging: lustre: make lustre dependent on LNet") Acked-by: James Simmons <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
People should not waste time and energy working on this staging driver.
At least four drivers were written for this hardware:
https://marc.info/?l=linux-wireless&m=138358275410975
And there is a replacement using the kernel wireless stack at:
https://github.com/chunkeey/rtl8192su
Also a fullmac/cfg80211 driver(r92su) is available.
People should not waste time and energy working on this staging driver.
A replacement(rtl8xxxu) using the kernel wireless stack already was merged
in the 4.3 kernel.
Linus Torvalds [Wed, 23 Mar 2016 00:09:14 +0000 (17:09 -0700)]
Merge branch 'akpm' (patches from Andrew)
Merge third patch-bomb from Andrew Morton:
- more ocfs2 changes
- a few hotfixes
- Andy's compat cleanups
- misc fixes to fatfs, ptrace, coredump, cpumask, creds, eventfd,
panic, ipmi, kgdb, profile, kfifo, ubsan, etc.
- many rapidio updates: fixes, new drivers.
- kcov: kernel code coverage feature. Like gcov, but not
"prohibitively expensive".
- extable code consolidation for various archs
* emailed patches from Andrew Morton <[email protected]>: (81 commits)
ia64/extable: use generic search and sort routines
x86/extable: use generic search and sort routines
s390/extable: use generic search and sort routines
alpha/extable: use generic search and sort routines
kernel/...: convert pr_warning to pr_warn
drivers: dma-coherent: use memset_io for DMA_MEMORY_IO mappings
drivers: dma-coherent: use MEMREMAP_WC for DMA_MEMORY_MAP
memremap: add MEMREMAP_WC flag
memremap: don't modify flags
kernel/signal.c: add compile-time check for __ARCH_SI_PREAMBLE_SIZE
mm/mprotect.c: don't imply PROT_EXEC on non-exec fs
ipc/sem: make semctl setting sempid consistent
ubsan: fix tree-wide -Wmaybe-uninitialized false positives
kfifo: fix sparse complaints
scripts/gdb: account for changes in module data structure
scripts/gdb: add cmdline reader command
scripts/gdb: add version command
kernel: add kcov code coverage
profile: hide unused functions when !CONFIG_PROC_FS
hpwdt: use nmi_panic() when kernel panics in NMI handler
...
Linus Torvalds [Tue, 22 Mar 2016 23:28:22 +0000 (16:28 -0700)]
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull more KVM updates from Paolo Bonzini:
"Second round of KVM changes for 4.6:
- build fixes for PPC KVM
- miscellaneous bugfixes for ARM KVM
- cleanup of memory barrier and removal of redundant barriers
- x86 fixes: page tracking oops, support for old buggy KVM nested on 4.5
- support for protection keys in guests
- lockdep fix
- another conversion to simple wait queues and raw spinlocks,
backported from PREEMPT_RT"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (27 commits)
KVM: page_track: fix access to NULL slot
KVM: PPC: do not compile in vfio.o unconditionally
kvm, rt: change async pagefault code locking for PREEMPT_RT
KVM/PPC: update the comment of memory barrier in the kvmppc_prepare_to_enter()
KVM/x86: update the comment of memory barrier in the vcpu_enter_guest()
KVM: Replace smp_mb() with smp_load_acquire() in the kvm_flush_remote_tlbs()
KVM/x86: Call smp_wmb() before increasing tlbs_dirty
KVM: Replace smp_mb() with smp_mb_after_atomic() in the kvm_make_all_cpus_request()
KVM/x86: Replace smp_mb() with smp_store_mb/release() in the walk_shadow_page_lockless_begin/end()
KVM: Remove redundant smp_mb() in the kvm_mmu_commit_zap_page()
KVM, pkeys: expose CPUID/CR4 to guest
KVM, pkeys: add pkeys support for permission_fault
KVM, pkeys: introduce pkru_mask to cache conditions
KVM, pkeys: save/restore PKRU when guest/host switches
x86: pkey: introduce write_pkru() for KVM
KVM, pkeys: add pkeys support for xsave state
KVM, pkeys: disable pkeys for guests in non-paging mode
KVM: x86: remove magic number with enum cpuid_leafs
KVM: MMU: return page fault error code from permission_fault
KVM: fix spin_lock_init order on x86
...
Linus Torvalds [Tue, 22 Mar 2016 22:48:44 +0000 (15:48 -0700)]
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma
Pull more rdma updates from Doug Ledford:
"Round two of 4.6 merge window patches.
This is a monster pull request. I held off on the hfi1 driver updates
(the hfi1 driver is intimately tied to the qib driver and the new
rdmavt software library that was created to help both of them) in my
first pull request. The hfi1/qib/rdmavt update is probably 90% of
this pull request. The hfi1 driver is being left in staging so that
it can be fixed up in regards to the API that Al and yourself didn't
like. Intel has agreed to do the work, but in the meantime, this
clears out 300+ patches in the backlog queue and brings my tree and
their tree closer to sync.
This also includes about 10 patches to the core and a few to mlx5 to
create an infrastructure for configuring SRIOV ports on IB devices.
That series includes one patch to the net core that we sent to netdev@
and Dave Miller with each of the three revisions to the series. We
didn't get any response to the patch, so we took that as implicit
approval.
Finally, this series includes Intel's new iWARP driver for their x722
cards. It's not nearly the beast as the hfi1 driver. It also has a
linux-next merge issue, but that has been resolved and it now passes
just fine.
Summary:
- A few minor core fixups needed for the next patch series
- The IB SRIOV series. This has bounced around for several versions.
Of note is the fact that the first patch in this series effects the
net core. It was directed to netdev and DaveM for each iteration
of the series (three versions total). Dave did not object, but did
not respond either. I've taken this as permission to move forward
with the series.
- The new Intel X722 iWARP driver
- A huge set of updates to the Intel hfi1 driver. Of particular
interest here is that we have left the driver in staging since it
still has an API that people object to. Intel is working on a fix,
but getting these patches in now helps keep me sane as the upstream
and Intel's trees were over 300 patches apart"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (362 commits)
IB/ipoib: Allow mcast packets from other VFs
IB/mlx5: Implement callbacks for manipulating VFs
net/mlx5_core: Implement modify HCA vport command
net/mlx5_core: Add VF param when querying vport counter
IB/ipoib: Add ndo operations for configuring VFs
IB/core: Add interfaces to control VF attributes
IB/core: Support accessing SA in virtualized environment
IB/core: Add subnet prefix to port info
IB/mlx5: Fix decision on using MAD_IFC
net/core: Add support for configuring VF GUIDs
IB/{core, ulp} Support above 32 possible device capability flags
IB/core: Replace setting the zero values in ib_uverbs_ex_query_device
net/mlx5_core: Introduce offload arithmetic hardware capabilities
net/mlx5_core: Refactor device capability function
net/mlx5_core: Fix caching ATOMIC endian mode capability
ib_srpt: fix a WARN_ON() message
i40iw: Replace the obsolete crypto hash interface with shash
IB/hfi1: Add SDMA cache eviction algorithm
IB/hfi1: Switch to using the pin query function
IB/hfi1: Specify mm when releasing pages
...
Ard Biesheuvel [Tue, 22 Mar 2016 21:28:20 +0000 (14:28 -0700)]
ia64/extable: use generic search and sort routines
Replace the arch specific versions of search_extable() and
sort_extable() with calls to the generic ones, which now support
relative exception tables as well.
Ard Biesheuvel [Tue, 22 Mar 2016 21:28:17 +0000 (14:28 -0700)]
x86/extable: use generic search and sort routines
Replace the arch specific versions of search_extable() and
sort_extable() with calls to the generic ones, which now support
relative exception tables as well.
Ard Biesheuvel [Tue, 22 Mar 2016 21:28:14 +0000 (14:28 -0700)]
s390/extable: use generic search and sort routines
Replace the arch specific versions of search_extable() and
sort_extable() with calls to the generic ones, which now support
relative exception tables as well.
Ard Biesheuvel [Tue, 22 Mar 2016 21:28:12 +0000 (14:28 -0700)]
alpha/extable: use generic search and sort routines
Replace the arch specific versions of search_extable() and
sort_extable() with calls to the generic ones, which now support
relative exception tables as well.
Brian Starkey [Tue, 22 Mar 2016 21:28:06 +0000 (14:28 -0700)]
drivers: dma-coherent: use memset_io for DMA_MEMORY_IO mappings
Use memset_io() for DMA_MEMORY_IO mappings which are mapped as I/O
memory, and regular memset() for DMA_MEMORY_MAP mappings.
This fixes the below alignment fault on arm64 for DMA_MEMORY_IO
mappings, where memset() uses the DC ZVA instruction which is invalid on
device memory.
Brian Starkey [Tue, 22 Mar 2016 21:28:03 +0000 (14:28 -0700)]
drivers: dma-coherent: use MEMREMAP_WC for DMA_MEMORY_MAP
When the DMA_MEMORY_MAP flag is used, memory which can be accessed
directly should be returned, so use memremap(..., MEMREMAP_WC) to
provide a writecombine mapping.
Brian Starkey [Tue, 22 Mar 2016 21:28:00 +0000 (14:28 -0700)]
memremap: add MEMREMAP_WC flag
Add a flag to memremap() for writecombine mappings. Mappings satisfied
by this flag will not be cached, however writes may be delayed or
combined into more efficient bursts. This is most suitable for buffers
written sequentially by the CPU for use by other DMA devices.
Brian Starkey [Tue, 22 Mar 2016 21:27:57 +0000 (14:27 -0700)]
memremap: don't modify flags
These patches implement a MEMREMAP_WC flag for memremap(), which can be
used to obtain writecombine mappings. This is then used for setting up
dma_coherent_mem regions which use the DMA_MEMORY_MAP flag.
The motivation is to fix an alignment fault on arm64, and the suggestion
to implement MEMREMAP_WC for this case was made at [1]. That particular
issue is handled in patch 4, which makes sure that the appropriate
memset function is used when zeroing allocations mapped as IO memory.
This patch (of 4):
Don't modify the flags input argument to memremap(). MEMREMAP_WB is
already a special case so we can check for it directly instead of
clearing flag bits in each mapper.
Helge Deller [Tue, 22 Mar 2016 21:27:54 +0000 (14:27 -0700)]
kernel/signal.c: add compile-time check for __ARCH_SI_PREAMBLE_SIZE
The value of __ARCH_SI_PREAMBLE_SIZE defines the size (including
padding) of the part of the struct siginfo that is before the union, and
it is then used to calculate the needed padding (SI_PAD_SIZE) to make
the size of struct siginfo equal to 128 (SI_MAX_SIZE) bytes.
Depending on the target architecture and word width it equals to either
3 or 4 times sizeof int.
Since the very beginning we had __ARCH_SI_PREAMBLE_SIZE wrong on the
parisc architecture for the 64bit kernel build. It's even more
frustrating, because it can easily be checked at compile time if the
value was defined correctly.
This patch adds such a check for the correctness of
__ARCH_SI_PREAMBLE_SIZE in the hope that it will prevent existing and
future architectures from running into the same problem.
I refrained from replacing __ARCH_SI_PREAMBLE_SIZE by offsetof() in
copy_siginfo() in include/asm-generic/siginfo.h, because a) it doesn't
make any difference and b) it's used in the Documentation/kmemcheck.txt
example.
I ran this patch through the 0-DAY kernel test infrastructure and only
the parisc architecture triggered as expected. That means that this
patch should be OK for all major architectures.
mm/mprotect.c: don't imply PROT_EXEC on non-exec fs
The mprotect(PROT_READ) fails when called by the READ_IMPLIES_EXEC
binary on a memory mapped file located on non-exec fs. The mprotect
does not check whether fs is _executable_ or not. The PROT_EXEC flag is
set automatically even if a memory mapped file is located on non-exec
fs. Fix it by checking whether a memory mapped file is located on a
non-exec fs. If so the PROT_EXEC is not implied by the PROT_READ. The
implementation uses the VM_MAYEXEC flag set properly in mmap. Now it is
consistent with mmap.
I did the isolated tests (PT_GNU_STACK X/NX, multiple VMAs, X/NX fs). I
also patched the official 3.19.0-47-generic Ubuntu 14.04 kernel and it
seems to work.
Davidlohr Bueso [Tue, 22 Mar 2016 21:27:48 +0000 (14:27 -0700)]
ipc/sem: make semctl setting sempid consistent
As indicated by bug#112271, Linux sets the sempid value upon semctl, and
not only for semop calls. However, within semctl we only do this for
SETVAL, leaving SETALL without updating the field, and therefore rather
inconsistent behavior when compared to other Unices.
There is really no documentation regarding this and therefore users
should not make assumptions. With this patch, along with updating
semctl.2 manpages, this scenario should become less ambiguous As such,
set sempid on SETALL cmd.
Also update some in-code documentation, specifying where the sempid is
set.
Passes ltp and custom testcase where a child (fork) does SETALL to the
set.
-fsanitize=* options makes GCC less smart than usual and increase number
of 'maybe-uninitialized' false-positives. So this patch does two things:
* Add -Wno-maybe-uninitialized to CFLAGS_UBSAN which will disable all
such warnings for instrumented files.
* Remove CONFIG_UBSAN_SANITIZE_ALL from all[yes|mod]config builds. So
the all[yes|mod]config build goes without -fsanitize=* and still with
-Wmaybe-uninitialized.
Jan Kiszka [Tue, 22 Mar 2016 21:27:39 +0000 (14:27 -0700)]
scripts/gdb: account for changes in module data structure
Commit 7523e4dc5057 ("module: use a structure to encapsulate layout.")
factored out the module_layout structure. Adjust the symbol loader and
the lsmod command to this.
Kieran Bingham [Tue, 22 Mar 2016 21:27:33 +0000 (14:27 -0700)]
scripts/gdb: add version command
lx-version Report the Linux Version of the current kernel.
Add a command to identify the version specified by the banner in the
debugged kernel.
This lets the user identify the kernel of the running kernel, and will
let later scripts compare the banner of the attached kernel against the
banner in the vmlinux symbols files to verify that the files are
correct.
Dmitry Vyukov [Tue, 22 Mar 2016 21:27:30 +0000 (14:27 -0700)]
kernel: add kcov code coverage
kcov provides code coverage collection for coverage-guided fuzzing
(randomized testing). Coverage-guided fuzzing is a testing technique
that uses coverage feedback to determine new interesting inputs to a
system. A notable user-space example is AFL
(http://lcamtuf.coredump.cx/afl/). However, this technique is not
widely used for kernel testing due to missing compiler and kernel
support.
kcov does not aim to collect as much coverage as possible. It aims to
collect more or less stable coverage that is function of syscall inputs.
To achieve this goal it does not collect coverage in soft/hard
interrupts and instrumentation of some inherently non-deterministic or
non-interesting parts of kernel is disbled (e.g. scheduler, locking).
Currently there is a single coverage collection mode (tracing), but the
API anticipates additional collection modes. Initially I also
implemented a second mode which exposes coverage in a fixed-size hash
table of counters (what Quentin used in his original patch). I've
dropped the second mode for simplicity.
This patch adds the necessary support on kernel side. The complimentary
compiler support was added in gcc revision 231296.
We've used this support to build syzkaller system call fuzzer, which has
found 90 kernel bugs in just 2 months:
We've also found 30+ bugs in our internal systems with syzkaller.
Another (yet unexplored) direction where kcov coverage would greatly
help is more traditional "blob mutation". For example, mounting a
random blob as a filesystem, or receiving a random blob over wire.
Why not gcov. Typical fuzzing loop looks as follows: (1) reset
coverage, (2) execute a bit of code, (3) collect coverage, repeat. A
typical coverage can be just a dozen of basic blocks (e.g. an invalid
input). In such context gcov becomes prohibitively expensive as
reset/collect coverage steps depend on total number of basic
blocks/edges in program (in case of kernel it is about 2M). Cost of
kcov depends only on number of executed basic blocks/edges. On top of
that, kernel requires per-thread coverage because there are always
background threads and unrelated processes that also produce coverage.
With inlined gcov instrumentation per-thread coverage is not possible.
kcov exposes kernel PCs and control flow to user-space which is
insecure. But debugfs should not be mapped as user accessible.
Arnd Bergmann [Tue, 22 Mar 2016 21:27:26 +0000 (14:27 -0700)]
profile: hide unused functions when !CONFIG_PROC_FS
A couple of functions and variables in the profile implementation are
used only on SMP systems by the procfs code, but are unused if either
procfs is disabled or in uniprocessor kernels. gcc prints a harmless
warning about the unused symbols:
kernel/profile.c:243:13: error: 'profile_flip_buffers' defined but not used [-Werror=unused-function]
static void profile_flip_buffers(void)
^
kernel/profile.c:266:13: error: 'profile_discard_flip_buffers' defined but not used [-Werror=unused-function]
static void profile_discard_flip_buffers(void)
^
kernel/profile.c:330:12: error: 'profile_cpu_callback' defined but not used [-Werror=unused-function]
static int profile_cpu_callback(struct notifier_block *info,
^
This adds further #ifdef to the file, to annotate exactly in which cases
they are used. I have done several thousand ARM randconfig kernels with
this patch applied and no longer get any warnings in this file.
Hidehiro Kawai [Tue, 22 Mar 2016 21:27:24 +0000 (14:27 -0700)]
hpwdt: use nmi_panic() when kernel panics in NMI handler
Commit 1717f2096b54 ("panic, x86: Fix re-entrance problem due to panic
on NMI") introduced nmi_panic() which prevents concurrent and recursive
execution of panic(). It also saves registers for the crash dump on x86
by later commit 58c5661f2144 ("panic, x86: Allow CPUs to save registers
even if looping in NMI context").
hpwdt driver can call panic() from NMI handler, so replace it with
nmi_panic(). Also, do some cleanups.
Hidehiro Kawai [Tue, 22 Mar 2016 21:27:21 +0000 (14:27 -0700)]
ipmi/watchdog: use nmi_panic() when kernel panics in NMI handler
Commit 1717f2096b54 ("panic, x86: Fix re-entrance problem due to panic
on NMI") introduced nmi_panic() which prevents concurrent and recursive
execution of panic(). It also saves registers for the crash dump on x86
by later commit 58c5661f2144 ("panic, x86: Allow CPUs to save registers
even if looping in NMI context").
ipmi_watchdog driver can call panic() from NMI handler, so replace it
with nmi_panic().
Hidehiro Kawai [Tue, 22 Mar 2016 21:27:17 +0000 (14:27 -0700)]
panic: change nmi_panic from macro to function
Commit 1717f2096b54 ("panic, x86: Fix re-entrance problem due to panic
on NMI") and commit 58c5661f2144 ("panic, x86: Allow CPUs to save
registers even if looping in NMI context") introduced nmi_panic() which
prevents concurrent/recursive execution of panic(). It also saves
registers for the crash dump on x86.
However, there are some cases where NMI handlers still use panic().
This patch set partially replaces them with nmi_panic() in those cases.
Even this patchset is applied, some NMI or similar handlers (e.g. MCE
handler) continue to use panic(). This is because I can't test them
well and actual problems won't happen. For example, the possibility
that normal panic and panic on MCE happen simultaneously is very low.
This patch (of 3):
Convert nmi_panic() to a proper function and export it instead of
exporting internal implementation details to modules, for obvious
reasons.
Paolo Bonzini [Tue, 22 Mar 2016 21:27:14 +0000 (14:27 -0700)]
eventfd: document lockless access in eventfd_poll
Since commit e22553e2a25e ("eventfd: don't take the spinlock in
eventfd_poll", 2015-02-17), eventfd is reading ctx->count outside
ctx->wqh.lock.
However, things aren't as simple as the read barrier in eventfd_poll
would suggest. In fact, the read barrier, besides lacking a comment, is
not paired in any obvious manner with another read barrier, and it is
pointless because it is sitting between a write (deep in poll_wait) and
the read of ctx->count. The read barrier is acting just as a compiler
barrier, for which we can use READ_ONCE instead. This is what the code
change in this patch does.
The documentation change is just as important, however. The question,
posed by Andrea Arcangeli, is then why the thing is safe on
architectures where spin_unlock does not imply a store-load memory
barrier. The answer is that it's safe because writes of ctx->count use
the same lock as poll_wait, and hence an acquire barrier implicit in
poll_wait provides the necessary synchronization between eventfd_poll
and callers of wake_up_locked_poll. This is sort of mentioned in the
commit message with respect to eventfd_ctx_read ("eventfd_read is
similar, it will do a single decrement with the lock held") but it
applies to all other callers too. It's tricky enough that it should be
documented in the code.
Arnd Bergmann [Tue, 22 Mar 2016 21:27:11 +0000 (14:27 -0700)]
cred/userns: define current_user_ns() as a function
The current_user_ns() macro currently returns &init_user_ns when user
namespaces are disabled, and that causes several warnings when building
with gcc-6.0 in code that compares the result of the macro to
&init_user_ns itself:
fs/xfs/xfs_ioctl.c: In function 'xfs_ioctl_setattr_check_projid':
fs/xfs/xfs_ioctl.c:1249:22: error: self-comparison always evaluates to true [-Werror=tautological-compare]
if (current_user_ns() == &init_user_ns)
This is a legitimate warning in principle, but here it isn't really
helpful, so I'm reprasing the definition in a way that shuts up the
warning. Apparently gcc only warns when comparing identical literals,
but it can figure out that the result of an inline function can be
identical to a constant expression in order to optimize a condition yet
not warn about the fact that the condition is known at compile time.
This is exactly what we want here, and it looks reasonable because we
generally prefer inline functions over macros anyway.
Fix synchronization issues found during testing using multiple DMA
transfer requests to the same channel:
- lost MSI-X interrupt notifications
- non-synchronized attempts to start DMA channel HW resulting in error
message from the driver
- cookie tracking/update race conditions resulting in incorrect DMA
transfer status report
rapidio/tsi721_dma: update error reporting from prep_sg callback
Switch to returning error-valued pointer instead of simple NULL pointer.
This allows to properly identify situation when request queue is full
and therefore gives to upper layer an option to retry operation later.
Replace "all-or-nothing" debug output with controlled debug output using
functional block masks. This allows run time control of debug messages
through 'dbg_level' module parameter.
For some reason the original part was not applied to mainline code
tree. The inbound window mapping part has been applied later during
tsi721 mport driver submission. Now goes the second part with
corresponding HW support.
- Add spinlock protection into outbound message queuing routine.
- Change outbound message interrupt handler to avoid deadlock when
calling registered callback routine.
- Allow infinite retries for outbound messages to avoid retry threshold
error signaling in systems with nodes that have slow message receive
queue processing.
Add new Port Write handler registration interfaces that attach PW
handlers to local mport device objects. This is different from old
interface that attaches PW callback to individual RapidIO device. The
new interfaces are intended for use for common event handling (e.g.
hot-plug notifications) while the old interface is available for
individual device drivers.
This patch is based on patch proposed by Andre van Herk but preserves
existing per-device interface and adds lock protection for list
handling.
RIONET driver registers itself as class interface that supports only
removal notification, 'add_device' callback is not provided because
RIONET network device can be initialized only after enumeration is
completed and the existing method (using remote peer addition) satisfies
this condition.
rapidio/rionet: add locking into add/remove device
Add spinlock protection when handling list of connected peers and
ability to handle new peer device addition after the RIONET device was
open. Before his update RIONET was sending JOIN requests only when it
have been opened, peer devices added later have been missing from this
process.
Add hardware-specific device removal support for Tsi721 PCIe-to-RapidIO
bridge. To avoid excessive data type conversions, parameters passed to
some internal functions have been revised. Dynamic memory allocations
of rio_mport and rio_ops have been replaced to reduce references between
data structures.
Add common mport removal support functions into the RapidIO subsystem
core.
Changes to the existing mport registration process have been made to
avoid race conditions with active subsystem interfaces immediately after
mport device registration: part of initialization code from
rio_register_mport() have been moved into separate function
rio_mport_initialize() to allow to perform mport registration as the
final step of setup process.
rapidio: rework common RIO device add/delete routines
This patch moves per-net device list handling from rio-scan to common
RapidIO core and adds a matching device deletion routine. This makes
device object creation/removal available to other implementations of
enumeration/discovery process.
Add shutdown notification handler which terminates active connections
with remote RapidIO nodes. This prevents remote nodes from sending
packets to the powered off node and eliminates hardware error events on
remote nodes.
rapidio/tsi721: add option to configure direct mapping of IB window
Add an option to configure mapping of Inbound Window without RIO-to-PCIe
address translation.
If a local memory buffer is not properly aligned to meet HW requirements
for RapidIO address mapping with address translation, caller can request
an inbound window with matching RapidIO address assigned to it. This
implementation selects RapidIO base address and size for inbound window
that are capable to accommodate the local memory buffer.
These patches are the result of extensive collaboration within the
RapidIO.org Software Task Group between Texas Instruments, Freescale,
Prodrive Technologies, Nokia Networks, BAE and IDT. Additional input
was received from other members of RapidIO.org. The objective was to
create a character mode driver interface which exposes the capabilities
of RapidIO devices directly to applications, in a manner that allows the
numerous and varied RapidIO implementations to interoperate.
The Software Task Group has also developed fabric management, Remote
Memory Access, and sockets applications which make use of these
interfaces in user space. Intensive testing with these applications
prompted the RapidIO subsystem updates provided within this set of
patches.
This patch (of 29):
Replace default Ethernet-specific routine by the custom one to allow
setting of larger MTU supported by RapidIO messaging (max RIO packet
size is 4096 bytes).
Fix deadlocking during concurrent receive and transmit operations on SMP
platforms caused by the use of incorrect lock: on transmit 'tx_lock'
spinlock should be used instead of 'lock' which is used for receive
operation.
This fix is applicable to kernel versions starting from v2.15.
Jann Horn [Tue, 22 Mar 2016 21:25:36 +0000 (14:25 -0700)]
fs/coredump: prevent fsuid=0 dumps into user-controlled directories
This commit fixes the following security hole affecting systems where
all of the following conditions are fulfilled:
- The fs.suid_dumpable sysctl is set to 2.
- The kernel.core_pattern sysctl's value starts with "/". (Systems
where kernel.core_pattern starts with "|/" are not affected.)
- Unprivileged user namespace creation is permitted. (This is
true on Linux >=3.8, but some distributions disallow it by
default using a distro patch.)
Under these conditions, if a program executes under secure exec rules,
causing it to run with the SUID_DUMP_ROOT flag, then unshares its user
namespace, changes its root directory and crashes, the coredump will be
written using fsuid=0 and a path derived from kernel.core_pattern - but
this path is interpreted relative to the root directory of the process,
allowing the attacker to control where a coredump will be written with
root privileges.
To fix the security issue, always interpret core_pattern for dumps that
are written under SUID_DUMP_ROOT relative to the root directory of init.
triggers the 2nd WARN_ON_ONCE(!signr) warning in do_jobctl_trap(). The
problem is that __ptrace_unlink() clears task->jobctl under siglock but
task->ptrace is cleared without this lock held; this fools the "else"
branch which assumes that !PT_SEIZED means PT_PTRACED.
Note also that most of other PTRACE_SEIZE checks can race with detach
from the exiting tracer too. Say, the callers of ptrace_trap_notify()
assume that SEIZED can't go away after it was checked.
fat: add config option to set UTF-8 mount option by default
FAT has long supported its own default file name encoding config
setting, separate from CONFIG_NLS_DEFAULT.
However, if UTF-8 encoded file names are desired FAT character set
should not be set to utf8 since this would make file names case
sensitive even if case insensitive matching is requested. Instead,
"utf8" mount options should be provided to enable UTF-8 file names in
FAT file system.
Unfortunately, there was no possibility to set the default value of this
option so on UTF-8 system "utf8" mount option had to be added manually
to most FAT mounts.
This patch adds config option to set such default value.
Andy Lutomirski [Tue, 22 Mar 2016 21:25:27 +0000 (14:25 -0700)]
x86/compat: remove is_compat_task()
x86's is_compat_task always checked the current syscall type, not the
task type. It has no non-arch users any more, so just remove it to
avoid confusion.
On x86, nothing should really be checking the task ABI. There are
legitimate users for the syscall ABI and for the mm ABI.
Andy Lutomirski [Tue, 22 Mar 2016 21:25:21 +0000 (14:25 -0700)]
input: redefine INPUT_COMPAT_TEST as in_compat_syscall()
The input compat code should work like all other compat code: for 32-bit
syscalls, use the 32-bit ABI and for 64-bit syscalls, use the 64-bit
ABI. We have a helper for that (in_compat_syscall()): just use it.
Andy Lutomirski [Tue, 22 Mar 2016 21:25:19 +0000 (14:25 -0700)]
drivers/gpu/drm/amd/amdkfd: use in_compat_syscall to check open() caller type
amdkfd wants to know syscall type, not task type. Check directly.
Unfortunately, amdkfd is making nasty assumptions that a process'
bitness is a well-defined constant thing. This isn't the case on x86.
I don't know how much this matters, but this patch has no effect on
generated code on x86, so amdkfd is equally broken with and without this
patch.
Andy Lutomirski [Tue, 22 Mar 2016 21:25:16 +0000 (14:25 -0700)]
drivers/firmware/efi/efivars.c: use in_compat_syscall() to check for compat callers
This should make no difference on any architecture, as x86's historical
is_compat_task behavior really did check whether the calling syscall was
a compat syscall. x86's is_compat_task is going away, though.
Andy Lutomirski [Tue, 22 Mar 2016 21:25:13 +0000 (14:25 -0700)]
firewire: use in_compat_syscall to check ioctl compatness
Firewire was using is_compat_task to check whether it was in a compat
ioctl or a non-compat ioctl. Use is_compat_syscall instead so it works
properly on all architectures.
Andy Lutomirski [Tue, 22 Mar 2016 21:25:07 +0000 (14:25 -0700)]
net/sctp: use in_compat_syscall for sctp_getsockopt_connectx3
SCTP unfortunately has a different ABI for SCTP_SOCKOPT_CONNECTX3 for
32-bit and 64-bit callers. Use in_compat_syscall to correctly
distinguish them on all architectures.
Andy Lutomirski [Tue, 22 Mar 2016 21:25:04 +0000 (14:25 -0700)]
ext4: in ext4_dir_llseek, check syscall bitness directly
ext4 treats directory offsets differently for 32-bit and 64-bit callers.
Check the caller type using in_compat_syscall, not is_compat_task. This
changes behavior on SPARC slightly.
Andy Lutomirski [Tue, 22 Mar 2016 21:24:58 +0000 (14:24 -0700)]
auditsc: for seccomp events, log syscall compat state using in_compat_syscall
Except on SPARC, this is what the code always did. SPARC compat seccomp
was buggy, although the impact of the bug was limited because SPARC
32-bit and 64-bit syscall numbers are the same.
Andy Lutomirski [Tue, 22 Mar 2016 21:24:52 +0000 (14:24 -0700)]
seccomp: check in_compat_syscall, not is_compat_task, in strict mode
Seccomp wants to know the syscall bitness, not the caller task bitness,
when it selects the syscall whitelist.
As far as I know, this makes no difference on any architecture, so it's
not a security problem. (It generates identical code everywhere except
sparc, and, on sparc, the syscall numbering is the same for both ABIs.)
projects / linux.git / log