Skip to content
Permalink
Branch: landlock-v10
Commits on Jul 21, 2019
  1. landlock: Add user and kernel documentation for Landlock

    l0kod committed Jul 21, 2019
    This documentation can be built with the Sphinx framework.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: James Morris <jmorris@namei.org>
    Cc: Jonathan Corbet <corbet@lwn.net>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    ---
    
    Changes since v9:
    * update with expected attach type and expected attach triggers
    
    Changes since v8:
    * remove documentation related to chaining and tagging according to this
      patch series
    
    Changes since v7:
    * update documentation according to the Landlock revamp
    
    Changes since v6:
    * add a check for ctx->event
    * rename BPF_PROG_TYPE_LANDLOCK to BPF_PROG_TYPE_LANDLOCK_RULE
    * rename Landlock version to ABI to better reflect its purpose and add a
      dedicated changelog section
    * update tables
    * relax no_new_privs recommendations
    * remove ABILITY_WRITE related functions
    * reword rule "appending" to "prepending" and explain it
    * cosmetic fixes
    
    Changes since v5:
    * update the rule hierarchy inheritance explanation
    * briefly explain ctx->arg2
    * add ptrace restrictions
    * explain EPERM
    * update example (subtype)
    * use ":manpage:"
  2. bpf,landlock: Add tests for Landlock

    l0kod committed Jul 21, 2019
    Test basic context access, ptrace protection and filesystem hooks.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: James Morris <jmorris@namei.org>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    Cc: Shuah Khan <shuah@kernel.org>
    Cc: Will Drewry <wad@chromium.org>
    ---
    
    Changes since v9:
    * replace subtype with expected_attach_type and expected_attach_triggers
    * rename inode_map_lookup() into inode_map_lookup_elem()
    * check for inode map entry without value (which is now possible thanks
      to the pointer null check)
    * use read-only inode map for Landlock programs
    
    Changes since v8:
    * update eBPF include path for macros
    * use TEST_GEN_PROGS and use the generic "clean" target
    * add more verbose errors
    * update the bpf/verifier files
    * remove chain tests (from landlock and bpf/verifier)
    * replace the whitelist tests with blacklist tests (because of stateless
      Landlock programs): remove "dotdot" tests and other depth tests
    * sync the landlock Makefile with its bpf sibling directory and use
      bpf_load_program_xattr()
    
    Changes since v7:
    * update tests and add new ones for filesystem hierarchy and Landlock
      chains.
    
    Changes since v6:
    * use the new kselftest_harness.h
    * use const variables
    * replace ASSERT_STEP with ASSERT_*
    * rename BPF_PROG_TYPE_LANDLOCK to BPF_PROG_TYPE_LANDLOCK_RULE
    * force sample library rebuild
    * fix install target
    
    Changes since v5:
    * add subtype test
    * add ptrace tests
    * split and rename files
    * cleanup and rebase
  3. bpf: Add a Landlock sandbox example

    l0kod committed Jul 21, 2019
    Add a basic sandbox tool to launch a command which is denied access to a
    list of files and directories.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: James Morris <jmorris@namei.org>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    ---
    
    Changes since v9:
    * replace subtype with expected_attach_type and expected_attach_triggers
    * add the ability to parse Landlock programs and triggers to libbpf
    * use the new bpf_inode_map_lookup_elem()
    * use read-only inode map for Landlock programs
    * remove bpf_load.c modifications
    
    Changes since v8:
    * rewrite the landlock1 sample which deny access to a set of files or
      directories (i.e. simple blacklist) to fit with the previous patches
    * add "landlock1" to .gitignore
    * in bpf_load.c, pass the subtype with a call to
      bpf_load_program_xattr()
    
    Changes since v7:
    * rewrite the example using an inode map
    * add to bpf_load the ability to handle subtypes per program type
    
    Changes since v6:
    * check return value of load_and_attach()
    * allow to write on pipes
    * rename BPF_PROG_TYPE_LANDLOCK to BPF_PROG_TYPE_LANDLOCK_RULE
    * rename Landlock version to ABI to better reflect its purpose
    * use const variable (suggested by Kees Cook)
    * remove useless definitions (suggested by Kees Cook)
    * add detailed explanations (suggested by Kees Cook)
    
    Changes since v5:
    * cosmetic fixes
    * rebase
    
    Changes since v4:
    * write Landlock rule in C and compiled it with LLVM
    * remove cgroup handling
    * remove path handling: only handle a read-only environment
    * remove errno return codes
    
    Changes since v3:
    * remove seccomp and origin field: completely free from seccomp programs
    * handle more FS-related hooks
    * handle inode hooks and directory traversal
    * add faked but consistent view thanks to ENOENT
    * add /lib64 in the example
    * fix spelling
    * rename some types and definitions (e.g. SECCOMP_ADD_LANDLOCK_RULE)
    
    Changes since v2:
    * use BPF_PROG_ATTACH for cgroup handling
  4. landlock: Add ptrace restrictions

    l0kod committed Jul 21, 2019
    A landlocked process has less privileges than a non-landlocked process
    and must then be subject to additional restrictions when manipulating
    processes. To be allowed to use ptrace(2) and related syscalls on a
    target process, a landlocked process must have a subset of the target
    process' rules.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: James Morris <jmorris@namei.org>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    ---
    
    Changes since v6:
    * factor out ptrace check
    * constify pointers
    * cleanup headers
    * use the new security_add_hooks()
  5. bpf,landlock: Add a new map type: inode

    l0kod committed Jul 21, 2019
    FIXME: 64-bits in the doc
    
    This new map store arbitrary values referenced by inode keys.  The map
    can be updated from user space with file descriptor pointing to inodes
    tied to a file system.  From an eBPF (Landlock) program point of view,
    such a map is read-only and can only be used to retrieved a value tied
    to a given inode.  This is useful to recognize an inode tagged by user
    space, without access right to this inode (i.e. no need to have a write
    access to this inode).
    
    Add dedicated BPF functions to handle this type of map:
    * bpf_inode_htab_map_update_elem()
    * bpf_inode_htab_map_lookup_elem()
    * bpf_inode_htab_map_delete_elem()
    
    This new map require a dedicated helper inode_map_lookup_elem() because
    of the key which is a pointer to an opaque data (only provided by the
    kernel).  This act like a (physical or cryptographic) key, which is why
    it is also not allowed to get the next key.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: James Morris <jmorris@namei.org>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    Cc: Jann Horn <jann@thejh.net>
    ---
    
    Changes since v9:
    * use a hash map for the inode map: integrate inodemap.c into hashtab.c
      * add map_put_key() to struct bpf_map_ops to enable to put an inode
        reference used as key
      * allow arbitrary value size instead of 64-bits
    * handle inode and map lifetime with LSM hooks
    * check access for inode lookup via syscall: similar to adding xattr,
      except it does not touch the file system (which is handy for read-only
      ones)
    * force read-only inode map for Landlock programs
    * rename inode_map_lookup() into inode_map_lookup_elem()
    * fix inode and mnt checks (suggested by Al Viro)
    
    Changes since v8:
    * remove prog chaining and object tagging to ease review
    * use bpf_map_init_from_attr()
    
    Changes since v7:
    * new design with a dedicated map and a BPF function to tie a value to
      an inode
    * add the ability to set or get a tag on an inode from a Landlock
      program
    
    Changes since v6:
    * remove WARN_ON() for missing dentry->d_inode
    * refactor bpf_landlock_func_proto() (suggested by Kees Cook)
    
    Changes since v5:
    * cosmetic fixes and rebase
    
    Changes since v4:
    * use a file abstraction (handle) to wrap inode, dentry, path and file
      structs
    * remove bpf_landlock_cmp_fs_beneath()
    * rename the BPF helper and move it to kernel/bpf/
    * tighten helpers accessible by a Landlock rule
    
    Changes since v3:
    * remove bpf_landlock_cmp_fs_prop() (suggested by Alexei Starovoitov)
    * add hooks dealing with struct inode and struct path pointers:
      inode_permission and inode_getattr
    * add abstraction over eBPF helper arguments thanks to wrapping structs
    * add bpf_landlock_get_fs_mode() helper to check file type and mode
    * merge WARN_ON() (suggested by Kees Cook)
    * fix and update bpf_helpers.h
    * use BPF_CALL_* for eBPF helpers (suggested by Alexei Starovoitov)
    * make handle arraymap safe (RCU) and remove buggy synchronize_rcu()
    * factor out the arraymay walk
    * use size_t to index array (suggested by Jann Horn)
    
    Changes since v2:
    * add MNT_INTERNAL check to only add file handle from user-visible FS
      (e.g. no anonymous inode)
    * replace struct file* with struct path* in map_landlock_handle
    * add BPF protos
    * fix bpf_landlock_cmp_fs_prop_with_struct_file()
  6. landlock: Handle filesystem access control

    l0kod committed Jul 21, 2019
    This add two Landlock hooks: FS_WALK and FS_PICK.
    
    The FS_WALK hook is used to walk through a file path. A program tied to
    this hook will be evaluated for each directory traversal except the last
    one if it is the leaf of the path.  It is important to differentiate
    this hook from FS_PICK to enable more powerful path evaluation in the
    future (cf. Landlock patch v8).
    
    The FS_PICK hook is used to validate a set of actions requested on a
    file. This actions are defined with triggers (e.g. read, write, open,
    append...).
    
    The Landlock LSM hook registration is done after other LSM to only run
    actions from user-space, via eBPF programs, if the access was granted by
    major (privileged) LSMs.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: James Morris <jmorris@namei.org>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    ---
    
    Changes since v9:
    * replace subtype with expected_attach_type and expected_attach_triggers
    
    Changes since v8:
    * add a new LSM_ORDER_LAST, cf. commit e2bc445 ("LSM: Introduce
      enum lsm_order")
    * add WARN_ON() for pointer dereferencement
    * remove the FS_GET subtype which rely on program chaining
    * remove the subtype option which was only used for chaining (with the
      "previous" field)
    * remove inode_lookup which depends on the (removed) nameidata security
      blob
    * remove eBPF helpers to get and set Landlock inode tags
    * do not use task LSM credentials (for now)
    
    Changes since v7:
    * major rewrite with clean Landlock hooks able to deal with file paths
    
    Changes since v6:
    * add 3 more sub-events: IOCTL, LOCK, FCNTL
      https://lkml.kernel.org/r/2fbc99a6-f190-f335-bd14-04bdeed35571@digikod.net
    * use the new security_add_hooks()
    * explain the -Werror=unused-function
    * constify pointers
    * cleanup headers
    
    Changes since v5:
    * split hooks.[ch] into hooks.[ch] and hooks_fs.[ch]
    * add more documentation
    * cosmetic fixes
    * rebase (SCALAR_VALUE)
    
    Changes since v4:
    * add LSM hook abstraction called Landlock event
      * use the compiler type checking to verify hooks use by an event
      * handle all filesystem related LSM hooks (e.g. file_permission,
        mmap_file, sb_mount...)
    * register BPF programs for Landlock just after LSM hooks registration
    * move hooks registration after other LSMs
    * add failsafes to check if a hook is not used by the kernel
    * allow partial raw value access form the context (needed for programs
      generated by LLVM)
    
    Changes since v3:
    * split commit
    * add hooks dealing with struct inode and struct path pointers:
      inode_permission and inode_getattr
    * add abstraction over eBPF helper arguments thanks to wrapping structs
  7. seccomp,landlock: Enforce Landlock programs per process hierarchy

    l0kod committed Jul 21, 2019
    The seccomp(2) syscall can be used by a task to apply a Landlock program
    to itself. As a seccomp filter, a Landlock program is enforced for the
    current task and all its future children. A program is immutable and a
    task can only add new restricting programs to itself, forming a list of
    programss.
    
    A Landlock program is tied to a Landlock hook. If the action on a kernel
    object is allowed by the other Linux security mechanisms (e.g. DAC,
    capabilities, other LSM), then a Landlock hook related to this kind of
    object is triggered. The list of programs for this hook is then
    evaluated. Each program return a binary value which can deny the action
    on a kernel object with a non-zero value. If every programs of the list
    return zero, then the action on the object is allowed.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: James Morris <jmorris@namei.org>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    Cc: Will Drewry <wad@chromium.org>
    Link: https://lkml.kernel.org/r/c10a503d-5e35-7785-2f3d-25ed8dd63fab@digikod.net
    ---
    
    Changes since v9:
    * replace subtype with expected_attach_type and expected_attach_triggers
    
    Changes since v8:
    * Remove the chaining concept from the eBPF program contexts (chain and
      cookie). We need to keep these subtypes this way to be able to make
      them evolve, though.
    
    Changes since v7:
    * handle and verify program chains
    * split and rename providers.c to enforce.c and enforce_seccomp.c
    * rename LANDLOCK_SUBTYPE_* to LANDLOCK_*
    
    Changes since v6:
    * rename some functions with more accurate names to reflect that an eBPF
      program for Landlock could be used for something else than a rule
    * reword rule "appending" to "prepending" and explain it
    * remove the superfluous no_new_privs check, only check global
      CAP_SYS_ADMIN when prepending a Landlock rule (needed for containers)
    * create and use {get,put}_seccomp_landlock() (suggested by Kees Cook)
    * replace ifdef with static inlined function (suggested by Kees Cook)
    * use get_user() (suggested by Kees Cook)
    * replace atomic_t with refcount_t (requested by Kees Cook)
    * move struct landlock_{rule,events} from landlock.h to common.h
    * cleanup headers
    
    Changes since v5:
    * remove struct landlock_node and use a similar inheritance mechanisme
      as seccomp-bpf (requested by Andy Lutomirski)
    * rename SECCOMP_ADD_LANDLOCK_RULE to SECCOMP_APPEND_LANDLOCK_RULE
    * rename file manager.c to providers.c
    * add comments
    * typo and cosmetic fixes
    
    Changes since v4:
    * merge manager and seccomp patches
    * return -EFAULT in seccomp(2) when user_bpf_fd is null to easely check
      if Landlock is supported
    * only allow a process with the global CAP_SYS_ADMIN to use Landlock
      (will be lifted in the future)
    * add an early check to exit as soon as possible if the current process
      does not have Landlock rules
    
    Changes since v3:
    * remove the hard link with seccomp (suggested by Andy Lutomirski and
      Kees Cook):
      * remove the cookie which could imply multiple evaluation of Landlock
        rules
      * remove the origin field in struct landlock_data
    * remove documentation fix (merged upstream)
    * rename the new seccomp command to SECCOMP_ADD_LANDLOCK_RULE
    * internal renaming
    * split commit
    * new design to be able to inherit on the fly the parent rules
    
    Changes since v2:
    * Landlock programs can now be run without seccomp filter but for any
      syscall (from the process) or interruption
    * move Landlock related functions and structs into security/landlock/*
      (to manage cgroups as well)
    * fix seccomp filter handling: run Landlock programs for each of their
      legitimate seccomp filter
    * properly clean up all seccomp results
    * cosmetic changes to ease the understanding
    * fix some ifdef
  8. bpf,landlock: Define an eBPF program type for Landlock hooks

    l0kod committed Jul 21, 2019
    Add a new type of eBPF program used by Landlock hooks.  The goal of this
    type of program is to accept or deny a requested access from userspace
    to a kernel object (e.g. a file).
    
    This new BPF program type will be registered with the Landlock LSM
    initialization.
    
    Add an initial Landlock Kconfig and update the MAINTAINERS file.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Andy Lutomirski <luto@amacapital.net>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Cc: James Morris <jmorris@namei.org>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Serge E. Hallyn <serge@hallyn.com>
    ---
    
    Changes since v9:
    * handle inode put and map put, which fix unmount (reported by Al Viro)
    * replace subtype with expected_attach_type and expected_attach_triggers
    * check eBPF program return code
    
    Changes since v8:
    * Remove the chaining concept from the eBPF program contexts (chain and
      cookie). We need to keep these subtypes this way to be able to make
      them evolve, though.
    * remove bpf_landlock_put_extra() because there is no more a "previous"
      field to free (for now)
    
    Changes since v7:
    * cosmetic fixes
    * rename LANDLOCK_SUBTYPE_* to LANDLOCK_*
    * cleanup UAPI definitions and move them from bpf.h to landlock.h
      (suggested by Alexei Starovoitov)
    * disable Landlock by default (suggested by Alexei Starovoitov)
    * rename BPF_PROG_TYPE_LANDLOCK_{RULE,HOOK}
    * update the Kconfig
    * update the MAINTAINERS file
    * replace the IOCTL, LOCK and FCNTL events with FS_PICK, FS_WALK and
      FS_GET hook types
    * add the ability to chain programs with an eBPF program file descriptor
      (i.e. the "previous" field in a Landlock subtype) and keep a state
      with a "cookie" value available from the context
    * add a "triggers" subtype bitfield to match specific actions (e.g.
      append, chdir, read...)
    
    Changes since v6:
    * add 3 more sub-events: IOCTL, LOCK, FCNTL
      https://lkml.kernel.org/r/2fbc99a6-f190-f335-bd14-04bdeed35571@digikod.net
    * rename LANDLOCK_VERSION to LANDLOCK_ABI to better reflect its purpose,
      and move it from landlock.h to common.h
    * rename BPF_PROG_TYPE_LANDLOCK to BPF_PROG_TYPE_LANDLOCK_RULE: an eBPF
      program could be used for something else than a rule
    * simplify struct landlock_context by removing the arch and syscall_nr fields
    * remove all eBPF map functions call, remove ABILITY_WRITE
    * refactor bpf_landlock_func_proto() (suggested by Kees Cook)
    * constify pointers
    * fix doc inclusion
    
    Changes since v5:
    * rename file hooks.c to init.c
    * fix spelling
    
    Changes since v4:
    * merge a minimal (not enabled) LSM code and Kconfig in this commit
    
    Changes since v3:
    * split commit
    * revamp the landlock_context:
      * add arch, syscall_nr and syscall_cmd (ioctl, fcntl…) to be able to
        cross-check action with the event type
      * replace args array with dedicated fields to ease the addition of new
        fields
  9. bpf: Add expected_attach_triggers and a is_valid_triggers() verifier

    l0kod committed Jul 21, 2019
    The goal of the program triggers is to be able to have static triggers
    (bitflags) conditionning an eBPF program interpretation.  This help to
    avoid unnecessary runs.
    
    The struct bpf_verifier_ops gets a new optional function:
    is_valid_verifier(). This new verifier is called at the beginning of the
    eBPF program verification to check if the (optional) program triggers
    are valid.
    
    For now, only Landlock eBPF programs are using program triggers (see
    next commits) but this could be used by other program types in the
    future.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexei Starovoitov <ast@kernel.org>
    Cc: Daniel Borkmann <daniel@iogearbox.net>
    Cc: David S. Miller <davem@davemloft.net>
    Link: https://lkml.kernel.org/r/20160827205559.GA43880@ast-mbp.thefacebook.com
    ---
    
    Changes since v9:
    * replace subtype with expected_attach_type (suggested by Alexei
      Starovoitov) and a new expected_attach_triggers
    * add new bpf_attach_type: BPF_LANDLOCK_FS_PICK and BPF_LANDLOCK_FS_WALK
    * remove bpf_prog_extra from bpf_base_func_proto()
    * update libbpf and test_verifier to handle triggers
    
    Changes since v8:
    * use bpf_load_program_xattr() instead of bpf_load_program() and add
      bpf_verify_program_xattr() to deal with subtypes
    * remove put_extra() since there is no more "previous" field (for now)
    
    Changes since v7:
    * rename LANDLOCK_SUBTYPE_* to LANDLOCK_*
    * move subtype in bpf_prog_aux and use only one bit for has_subtype
      (suggested by Alexei Starovoitov)
    * wrap the prog_subtype with a prog_extra to be able to reference kernel
      pointers:
      * add an optional put_extra() function to struct bpf_prog_ops to be
        able to free the pointed data
      * replace all the prog_subtype with prog_extra in the struct
        bpf_verifier_ops functions
    * remove the ABI field (requested by Alexei Starovoitov)
    * rename subtype fields
    
    Changes since v6:
    * rename Landlock version to ABI to better reflect its purpose
    * fix unsigned integer checks
    * fix pointer cast
    * constify pointers
    * rebase
    
    Changes since v5:
    * use a prog_subtype pointer and make it future-proof
    * add subtype test
    * constify bpf_load_program()'s subtype argument
    * cleanup subtype initialization
    * rebase
    
    Changes since v4:
    * replace the "status" field with "version" (more generic)
    * replace the "access" field with "ability" (less confusing)
    
    Changes since v3:
    * remove the "origin" field
    * add an "option" field
    * cleanup comments
  10. fs,security: Add a new file access type: MAY_CHROOT

    l0kod committed Jul 21, 2019
    For compatibility reason, MAY_CHROOT is always set with MAY_CHDIR.
    However, this new flag enable to differentiate a chdir form a chroot.
    
    This is needed for the Landlock LSM to be able to evaluate a new root
    directory.
    
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Cc: Alexander Viro <viro@zeniv.linux.org.uk>
    Cc: Casey Schaufler <casey@schaufler-ca.com>
    Cc: James Morris <jmorris@namei.org>
    Cc: John Johansen <john.johansen@canonical.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Paul Moore <paul@paul-moore.com>
    Cc: "Serge E. Hallyn" <serge@hallyn.com>
    Cc: Stephen Smalley <sds@tycho.nsa.gov>
    Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Cc: linux-fsdevel@vger.kernel.org
Commits on Jul 13, 2019
  1. Merge tag 'powerpc-5.3-1' of git://git.kernel.org/pub/scm/linux/kerne…

    torvalds committed Jul 13, 2019
    …l/git/powerpc/linux
    
    Pull powerpc updates from Michael Ellerman:
     "Notable changes:
    
       - Removal of the NPU DMA code, used by the out-of-tree Nvidia driver,
         as well as some other functions only used by drivers that haven't
         (yet?) made it upstream.
    
       - A fix for a bug in our handling of hardware watchpoints (eg. perf
         record -e mem: ...) which could lead to register corruption and
         kernel crashes.
    
       - Enable HAVE_ARCH_HUGE_VMAP, which allows us to use large pages for
         vmalloc when using the Radix MMU.
    
       - A large but incremental rewrite of our exception handling code to
         use gas macros rather than multiple levels of nested CPP macros.
    
      And the usual small fixes, cleanups and improvements.
    
      Thanks to: Alastair D'Silva, Alexey Kardashevskiy, Andreas Schwab,
      Aneesh Kumar K.V, Anju T Sudhakar, Anton Blanchard, Arnd Bergmann,
      Athira Rajeev, Cédric Le Goater, Christian Lamparter, Christophe
      Leroy, Christophe Lombard, Christoph Hellwig, Daniel Axtens, Denis
      Efremov, Enrico Weigelt, Frederic Barrat, Gautham R. Shenoy, Geert
      Uytterhoeven, Geliang Tang, Gen Zhang, Greg Kroah-Hartman, Greg Kurz,
      Gustavo Romero, Krzysztof Kozlowski, Madhavan Srinivasan, Masahiro
      Yamada, Mathieu Malaterre, Michael Neuling, Nathan Lynch, Naveen N.
      Rao, Nicholas Piggin, Nishad Kamdar, Oliver O'Halloran, Qian Cai, Ravi
      Bangoria, Sachin Sant, Sam Bobroff, Satheesh Rajendran, Segher
      Boessenkool, Shaokun Zhang, Shawn Anastasio, Stewart Smith, Suraj
      Jitindar Singh, Thiago Jung Bauermann, YueHaibing"
    
    * tag 'powerpc-5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (163 commits)
      powerpc/powernv/idle: Fix restore of SPRN_LDBAR for POWER9 stop state.
      powerpc/eeh: Handle hugepages in ioremap space
      ocxl: Update for AFU descriptor template version 1.1
      powerpc/boot: pass CONFIG options in a simpler and more robust way
      powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h
      powerpc/irq: Don't WARN continuously in arch_local_irq_restore()
      powerpc/module64: Use symbolic instructions names.
      powerpc/module32: Use symbolic instructions names.
      powerpc: Move PPC_HA() PPC_HI() and PPC_LO() to ppc-opcode.h
      powerpc/module64: Fix comment in R_PPC64_ENTRY handling
      powerpc/boot: Add lzo support for uImage
      powerpc/boot: Add lzma support for uImage
      powerpc/boot: don't force gzipped uImage
      powerpc/8xx: Add microcode patch to move SMC parameter RAM.
      powerpc/8xx: Use IO accessors in microcode programming.
      powerpc/8xx: replace #ifdefs by IS_ENABLED() in microcode.c
      powerpc/8xx: refactor programming of microcode CPM params.
      powerpc/8xx: refactor printing of microcode patch name.
      powerpc/8xx: Refactor microcode write
      powerpc/8xx: refactor writing of CPM microcode arrays
      ...
  2. Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc

    torvalds committed Jul 13, 2019
    Pull sparc updates from David Miller:
     "Just a few small changes:
    
       - Fix console naming inconsistency with hypervisor consoles, from
         John Paul Adrian Glaubitz
    
       - Fix userland compilation due to use of u_int, from Masahiro Yamada"
    
    * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
      sparc64: Add missing newline at end of file
      sparc: fix unknown type name u_int in uapi header
      sparc: configs: Remove useless UEVENT_HELPER_PATH
      sparc: Remove redundant copy of the LGPL-2.0
      sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
  3. Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

    torvalds committed Jul 13, 2019
    Pull networking fixes from David Miller:
    
     1) Fix excessive stack usage in cxgb4, from Arnd Bergmann.
    
     2) Missing skb queue lock init in tipc, from Chris Packham.
    
     3) Fix some regressions in ipv6 flow label handling, from Eric Dumazet.
    
     4) Elide flow dissection of local packets in FIB rules, from Petar
        Penkov.
    
     5) Fix TLS support build failure in mlx5, from Tariq Toukab.
    
    * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (36 commits)
      ppp: mppe: Revert "ppp: mppe: Add softdep to arc4"
      net: dsa: qca8k: replace legacy gpio include
      net: hisilicon: Use devm_platform_ioremap_resource
      cxgb4: reduce kernel stack usage in cudbg_collect_mem_region()
      tipc: ensure head->lock is initialised
      tc-tests: updated skbedit tests
      nfp: flower: ensure ip protocol is specified for L4 matches
      nfp: flower: fix ethernet check on match fields
      net/mlx5e: Provide cb_list pointer when setting up tc block on rep
      net: phy: make exported variables non-static
      net: sched: Fix NULL-pointer dereference in tc_indr_block_ing_cmd()
      davinci_cpdma: don't cast dma_addr_t to pointer
      net: openvswitch: do not update max_headroom if new headroom is equal to old headroom
      net/mlx5e: Convert single case statement switch statements into if statements
      net/mlx5: E-Switch, Reduce ingress acl modify metadata stack usage
      net/mlx5e: Fix unused variable warning when CONFIG_MLX5_ESWITCH is off
      net/mlx5e: Fix compilation error in TLS code
      ipv6: fix static key imbalance in fl_create()
      ipv6: fix potential crash in ip6_datagram_dst_update()
      ipv6: tcp: fix flowlabels reflection for RST packets
      ...
  4. Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide

    torvalds committed Jul 13, 2019
    Pull IDE update from David Miller:
     "Small cleanup"
    
    * git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide:
      ide: use BIT() macro for defining bit-flags
  5. Merge tag 'mtd/for-5.3' of git://git.kernel.org/pub/scm/linux/kernel/…

    torvalds committed Jul 13, 2019
    …git/mtd/linux
    
    Pull MTD updates from Miquel Raynal:
     "This contains the following changes for MTD:
    
      MTD core changes:
       - New Hyperbus framework
       - New _is_locked (concat) implementation
       - Various cleanups
    
      NAND core changes:
       - use longest matching pattern in ->exec_op() default parser
       - export NAND operation tracer
       - add flag to indicate panic_write in MTD
       - use kzalloc() instead of kmalloc() and memset()
    
      Raw NAND controller drivers changes:
       - brcmnand:
           - fix BCH ECC layout for large page NAND parts
           - fallback to detected ecc-strength, ecc-step-size
           - when oops in progress use pio and interrupt polling
           - code refactor code to introduce helper functions
           - add support for v7.3 controller
       - FSMC:
           - use nand_op_trace for operation tracing
       - GPMI:
           - move all driver code into single file
           - various cleanups (including dmaengine changes)
           - use runtime PM to manage clocks
           - implement exec_op
       - MTK:
           - correct low level time calculation of r/w cycle
           - improve data sampling timing for read cycle
           - add validity check for CE# pin setting
           - fix wrongly assigned OOB buffer pointer issue
           - re-license MTK NAND driver as Dual MIT/GPL
       - STM32:
           - manage the get_irq error case
           - increase DMA completion timeouts
    
      Raw NAND chips drivers changes:
       - Macronix: add read-retry support
    
      Onenand driver changes:
       - add support for 8Gb datasize chips
       - avoid fall-through warnings
    
      SPI-NAND changes:
       - define macros for page-read ops with three-byte addresses
       - add support for two-byte device IDs and then for GigaDevice
         GD5F1GQ4UFxxG
       - add initial support for Paragon PN26G0xA
       - handle the case where the last page read has bitflips
    
      SPI-NOR core changes:
       - add support for the mt25ql02g and w25q16jv flashes
       - print error in case of jedec read id fails
       - is25lp256: add post BFPT fix to correct the addr_width
    
      SPI NOR controller drivers changes:
       - intel-spi: Add support for Intel Elkhart Lake SPI serial flash
       - smt32: remove the driver as the driver was replaced by spi-stm32-qspi.c
       - cadence-quadspi: add reset control"
    
    * tag 'mtd/for-5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux: (60 commits)
      mtd: concat: implement _is_locked mtd operation
      mtd: concat: refactor concat_lock/concat_unlock
      mtd: abi: do not use C++ style comments in uapi header
      mtd: afs: remove unneeded NULL check
      mtd: rawnand: stm32_fmc2: increase DMA completion timeouts
      mtd: rawnand: Use kzalloc() instead of kmalloc() and memset()
      mtd: hyperbus: Add driver for TI's HyperBus memory controller
      mtd: spinand: read returns badly if the last page has bitflips
      mtd: spinand: Add initial support for Paragon PN26G0xA
      mtd: rawnand: mtk: Re-license MTK NAND driver as Dual MIT/GPL
      mtd: rawnand: gpmi: remove double assignment to block_size
      dt-bindings: mtd: brcmnand: Add brcmnand, brcmnand-v7.3 support
      mtd: rawnand: brcmnand: Add support for v7.3 controller
      mtd: rawnand: brcmnand: Refactored code to introduce helper functions
      mtd: rawnand: brcmnand: When oops in progress use pio and interrupt polling
      mtd: Add flag to indicate panic_write
      mtd: rawnand: Add Macronix NAND read retry support
      mtd: onenand: Avoid fall-through warnings
      mtd: spinand: Add support for GigaDevice GD5F1GQ4UFxxG
      mtd: spinand: Add support for two-byte device IDs
      ...
  6. Merge tag 'for-5.3/dm-changes' of git://git.kernel.org/pub/scm/linux/…

    torvalds committed Jul 13, 2019
    …kernel/git/device-mapper/linux-dm
    
    Pull device mapper updates from Mike Snitzer:
    
     - Add encrypted byte-offset initialization vector (eboiv) to DM crypt.
    
     - Add optional discard features to DM snapshot which allow freeing
       space from a DM device whose free space was exhausted.
    
     - Various small improvements to use struct_size() and kzalloc().
    
     - Fix to check if DM thin metadata is in fail_io mode before attempting
       to update the superblock to set the needs_check flag. Otherwise the
       DM thin-pool can hang.
    
     - Fix DM bufio shrinker's potential for ABBA recursion deadlock with DM
       thin provisioning on loop usecase.
    
    * tag 'for-5.3/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
      dm bufio: fix deadlock with loop device
      dm snapshot: add optional discard support features
      dm crypt: implement eboiv - encrypted byte-offset initialization vector
      dm crypt: remove obsolete comment about plumb IV
      dm crypt: wipe private IV struct after key invalid flag is set
      dm integrity: use kzalloc() instead of kmalloc() + memset()
      dm: update stale comment in end_clone_bio()
      dm log writes: fix incorrect comment about the logged sequence example
      dm log writes: use struct_size() to calculate size of pending_block
      dm crypt: use struct_size() when allocating encryption context
      dm integrity: always set version on superblock update
      dm thin metadata: check if in fail_io mode when setting needs_check
  7. Merge tag 'for-linus-5.3' of git://github.com/cminyard/linux-ipmi

    torvalds committed Jul 13, 2019
    Pull IPMI updates from Corey Minyard:
     "Some small fixes for various things, nothing huge, mostly found by
      automated tools.
    
      Plus add a driver that allows Linux to act as an IPMB slave device, so
      it can be a satellite MC in an IPMI network"
    
    * tag 'for-linus-5.3' of git://github.com/cminyard/linux-ipmi:
      docs: ipmb: place it at driver-api and convert to ReST
      fix platform_no_drv_owner.cocci warnings
      ipmi: ipmb: don't allocate i2c_client on stack
      ipmi: ipmb: Fix build error while CONFIG_I2C is set to m
      Add support for IPMB driver
      drivers: ipmi: Drop device reference
      ipmi_ssif: fix unexpected driver unregister warning
      ipmi_si: use bool type for initialized variable
      ipmi_si: fix unexpected driver unregister warning
  8. Merge tag 'pinctrl-v5.3-1' of git://git.kernel.org/pub/scm/linux/kern…

    torvalds committed Jul 13, 2019
    …el/git/linusw/linux-pinctrl
    
    Pull pin control updates from Linus Walleij:
     "This is the bulk of pin control changes for the v5.3 kernel cycle:
    
      Core changes:
    
       - Device links can optionally be added between a pin control producer
         and its consumers. This will affect how the system power management
         is handled: a pin controller will not suspend before all of its
         consumers have been suspended.
    
         This was necessary for the ST Microelectronics STMFX expander and
         need to be tested on other systems as well: it makes sense to make
         this default in the long run.
    
         Right now it is opt-in per driver.
    
       - Drive strength can be specified in microamps. With decreases in
         silicon technology, milliamps isn't granular enough, let's make it
         possible to select drive strengths in microamps.
    
         Right now the Meson (AMlogic) driver needs this.
    
      New drivers:
    
       - New subdriver for the Tegra 194 SoC.
    
       - New subdriver for the Qualcomm SDM845.
    
       - New subdriver for the Qualcomm SM8150.
    
       - New subdriver for the Freescale i.MX8MN (Freescale is now a product
         line of NXP).
    
       - New subdriver for Marvell MV98DX1135.
    
      Driver improvements:
    
       - The Bitmain BM1880 driver now supports pin config in addition to
         muxing.
    
       - The Qualcomm drivers can now reserve some GPIOs as taken aside and
         not usable for users. This is used in ACPI systems to take out some
         GPIO lines used by the BIOS so that noone else (neither kernel nor
         userspace) will play with them by mistake and crash the machine.
    
       - A slew of refurbishing around the Aspeed drivers (board management
         controllers for servers) in preparation for the new Aspeed AST2600
         SoC.
    
       - A slew of improvements over the SH PFC drivers as usual.
    
       - Misc cleanups and fixes"
    
    * tag 'pinctrl-v5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: (106 commits)
      pinctrl: aspeed: Strip moved macros and structs from private header
      pinctrl: aspeed: Fix missed include
      pinctrl: baytrail: Use GENMASK() consistently
      pinctrl: baytrail: Re-use data structures from pinctrl-intel.h
      pinctrl: baytrail: Use defined macro instead of magic in byt_get_gpio_mux()
      pinctrl: qcom: Add SM8150 pinctrl driver
      dt-bindings: pinctrl: qcom: Add SM8150 pinctrl binding
      dt-bindings: pinctrl: qcom: Document missing gpio nodes
      pinctrl: aspeed: Add implementation-related documentation
      pinctrl: aspeed: Split out pinmux from general pinctrl
      pinctrl: aspeed: Clarify comment about strapping W1C
      pinctrl: aspeed: Correct comment that is no longer true
      MAINTAINERS: Add entry for ASPEED pinctrl drivers
      dt-bindings: pinctrl: aspeed: Convert AST2500 bindings to json-schema
      dt-bindings: pinctrl: aspeed: Convert AST2400 bindings to json-schema
      dt-bindings: pinctrl: aspeed: Split bindings document in two
      pinctrl: qcom: Add irq_enable callback for msm gpio
      pinctrl: madera: Fixup SPDX headers
      pinctrl: qcom: sdm845: Fix CONFIG preprocessor guard
      pinctrl: tegra: Add bitmask support for parked bits
      ...
  9. Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel…

    torvalds committed Jul 13, 2019
    …/git/dtor/input
    
    Pull input updates from Dmitry Torokhov:
    
     - an update to Elan touchpad SMBus driver to fetch device parameters
       (size, resolution) while it is still in PS/2 mode, before switching
       over to SMBus, as in that mode some devices return garbage dimensions
    
     - update to iforce joystick driver
    
     - miscellaneous driver fixes
    
    * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: (48 commits)
      Input: gpio_keys_polled - allow specifying name of input device
      Input: edt-ft5x06 - simplify event reporting code
      Input: max77650-onkey - add MODULE_ALIAS()
      Input: atmel_mxt_ts - fix leak in mxt_update_cfg()
      Input: synaptics - enable SMBUS on T480 thinkpad trackpad
      Input: atmel_mxt_ts - fix -Wunused-const-variable
      Input: joydev - extend absolute mouse detection
      HID: quirks: Refactor ELAN 400 and 401 handling
      Input: elan_i2c - export the device id whitelist
      Input: edt-ft5x06 - use get_unaligned_be16()
      Input: iforce - add the Saitek R440 Force Wheel
      Input: iforce - use unaligned accessors, where appropriate
      Input: iforce - drop couple of temps from transport code
      Input: iforce - drop bus type from iforce structure
      Input: iforce - use DMA-safe buffores for USB transfers
      Input: iforce - allow callers supply data buffer when fetching device IDs
      Input: iforce - only call iforce_process_packet() if initialized
      Input: iforce - signal command completion from transport code
      Input: iforce - do not combine arguments for iforce_process_packet()
      Input: iforce - factor out hat handling when parsing packets
      ...
  10. Merge tag 'for-5.3/io_uring-20190711' of git://git.kernel.dk/linux-block

    torvalds committed Jul 13, 2019
    Pull io_uring updates from Jens Axboe:
     "This contains:
    
       - Support for recvmsg/sendmsg as first class opcodes.
    
         I don't envision going much further down this path, as there are
         plans in progress to support potentially any system call in an
         async fashion through io_uring. But I think it does make sense to
         have certain core ops available directly, especially those that can
         support a "try this non-blocking" flag/mode. (me)
    
       - Handle generic short reads automatically.
    
         This can happen fairly easily if parts of the buffered read is
         cached. Since the application needs to issue another request for
         the remainder, just do this internally and save kernel/user
         roundtrip while providing a nicer more robust API. (me)
    
       - Support for linked SQEs.
    
         This allows SQEs to depend on each other, enabling an application
         to eg queue a read-from-this-file,write-to-that-file pair. (me)
    
       - Fix race in stopping SQ thread (Jackie)"
    
    * tag 'for-5.3/io_uring-20190711' of git://git.kernel.dk/linux-block:
      io_uring: fix io_sq_thread_stop running in front of io_sq_thread
      io_uring: add support for recvmsg()
      io_uring: add support for sendmsg()
      io_uring: add support for sqe links
      io_uring: punt short reads to async context
      uio: make import_iovec()/compat_import_iovec() return bytes on success
  11. ppp: mppe: Revert "ppp: mppe: Add softdep to arc4"

    ebiggers authored and davem330 committed Jul 12, 2019
    Commit 0e5a610 ("ppp: mppe: switch to RC4 library interface"),
    which was merged through the crypto tree for v5.3, changed ppp_mppe.c to
    use the new arc4_crypt() library function rather than access RC4 through
    the dynamic crypto_skcipher API.
    
    Meanwhile commit aad1dcc ("ppp: mppe: Add softdep to arc4") was
    merged through the net tree and added a module soft-dependency on "arc4".
    
    The latter commit no longer makes sense because the code now uses the
    "libarc4" module rather than "arc4", and also due to the direct use of
    arc4_crypt(), no module soft-dependency is required.
    
    So revert the latter commit.
    
    Cc: Takashi Iwai <tiwai@suse.de>
    Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
    Signed-off-by: Eric Biggers <ebiggers@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  12. Merge tag 'dlm-5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/…

    torvalds committed Jul 13, 2019
    …teigland/linux-dlm
    
    Pull dlm updates from David Teigland:
     "This set removes some unnecessary debugfs error handling, and checks
      that lowcomms workqueues are not NULL before destroying"
    
    * tag 'dlm-5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm:
      dlm: no need to check return value of debugfs_create functions
      dlm: check if workqueues are NULL before flushing/destroying
  13. Merge tag '9p-for-5.3' of git://github.com/martinetd/linux

    torvalds committed Jul 13, 2019
    Pull 9p updates from Dominique Martinet:
     "Two small fixes to properly cleanup the 9p transports list if
      virtio/xen module initialization fail.
    
      9p might otherwise try to access memory from a module that failed to
      register got freed"
    
    * tag '9p-for-5.3' of git://github.com/martinetd/linux:
      9p/xen: Add cleanup path in p9_trans_xen_init
      9p/virtio: Add cleanup path in p9_virtio_init
  14. Merge tag 'f2fs-for-5.3' of git://git.kernel.org/pub/scm/linux/kernel…

    torvalds committed Jul 13, 2019
    …/git/jaegeuk/f2fs
    
    Pull f2fs updates from Jaegeuk Kim:
     "In this round, we've introduced native swap file support which can
      exploit DIO, enhanced existing checkpoint=disable feature with
      additional mount option to tune the triggering condition, and allowed
      user to preallocate physical blocks in a pinned file which will be
      useful to avoid f2fs fragmentation in append-only workloads. In
      addition, we've fixed subtle quota corruption issue.
    
      Enhancements:
       - add swap file support which uses DIO
       - allocate blocks for pinned file
       - allow SSR and mount option to enhance checkpoint=disable
       - enhance IPU IOs
       - add more sanity checks such as memory boundary access
    
      Bug fixes:
       - quota corruption in very corner case of error-injected SPO case
       - fix root_reserved on remount and some wrong counts
       - add missing fsck flag
    
      Some patches were also introduced to clean up ambiguous i_flags and
      debugging messages codes"
    
    * tag 'f2fs-for-5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: (33 commits)
      f2fs: improve print log in f2fs_sanity_check_ckpt()
      f2fs: avoid out-of-range memory access
      f2fs: fix to avoid long latency during umount
      f2fs: allow all the users to pin a file
      f2fs: support swap file w/ DIO
      f2fs: allocate blocks for pinned file
      f2fs: fix is_idle() check for discard type
      f2fs: add a rw_sem to cover quota flag changes
      f2fs: set SBI_NEED_FSCK for xattr corruption case
      f2fs: use generic EFSBADCRC/EFSCORRUPTED
      f2fs: Use DIV_ROUND_UP() instead of open-coding
      f2fs: print kernel message if filesystem is inconsistent
      f2fs: introduce f2fs_<level> macros to wrap f2fs_printk()
      f2fs: avoid get_valid_blocks() for cleanup
      f2fs: ioctl for removing a range from F2FS
      f2fs: only set project inherit bit for directory
      f2fs: separate f2fs i_flags from fs_flags and ext4 i_flags
      f2fs: replace ktype default_attrs with default_groups
      f2fs: Add option to limit required GC for checkpoint=disable
      f2fs: Fix accounting for unusable blocks
      ...
  15. Merge tag 'xfs-5.3-merge-12' of git://git.kernel.org/pub/scm/fs/xfs/x…

    torvalds committed Jul 13, 2019
    …fs-linux
    
    Pull xfs updates from Darrick Wong:
     "In this release there are a significant amounts of consolidations and
      cleanups in the log code; restructuring of the log to issue struct
      bios directly; new bulkstat ioctls to return v5 fs inode information
      (and fix all the padding problems of the old ioctl); the beginnings of
      multithreaded inode walks (e.g. quotacheck); and a reduction in memory
      usage in the online scrub code leading to reduced runtimes.
    
       - Refactor inode geometry calculation into a single structure instead
         of open-coding pieces everywhere.
    
       - Add online repair to build options.
    
       - Remove unnecessary function call flags and functions.
    
       - Claim maintainership of various loose xfs documentation and header
         files.
    
       - Use struct bio directly for log buffer IOs instead of struct
         xfs_buf.
    
       - Reduce log item boilerplate code requirements.
    
       - Merge log item code spread across too many files.
    
       - Further distinguish between log item commits and cancellations.
    
       - Various small cleanups to the ag small allocator.
    
       - Support cgroup-aware writeback
    
       - libxfs refactoring for mkfs cleanup
    
       - Remove unneeded #includes
    
       - Fix a memory allocation miscalculation in the new log bio code
    
       - Fix bisection problems
    
       - Fix a crash in ioend processing caused by tripping over freeing of
         preallocated transactions
    
       - Split out a generic inode walk mechanism from the bulkstat code,
         hook up all the internal users to use the walking code, then clean
         up bulkstat to serve only the bulkstat ioctls.
    
       - Add a multithreaded iwalk implementation to speed up quotacheck on
         fast storage with many CPUs.
    
       - Remove unnecessary return values in logging teardown functions.
    
       - Supplement the bstat and inogrp structures with new bulkstat and
         inumbers structures that have all the fields we need for v5
         filesystem features and none of the padding problems of their
         predecessors.
    
       - Wire up new ioctls that use the new structures with a much simpler
         bulk_ireq structure at the head instead of the pointerhappy mess we
         had before.
    
       - Enable userspace to constrain bulkstat returns to a single AG or a
         single special inode so that we can phase out a lot of geometry
         guesswork in userspace.
    
       - Reduce memory consumption and zeroing overhead in extended
         attribute scrub code.
    
       - Fix some behavioral regressions in the new bulkstat backend code.
    
       - Fix some behavioral regressions in the new log bio code"
    
    * tag 'xfs-5.3-merge-12' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: (100 commits)
      xfs: chain bios the right way around in xfs_rw_bdev
      xfs: bump INUMBERS cursor correctly in xfs_inumbers_walk
      xfs: don't update lastino for FSBULKSTAT_SINGLE
      xfs: online scrub needn't bother zeroing its temporary buffer
      xfs: only allocate memory for scrubbing attributes when we need it
      xfs: refactor attr scrub memory allocation function
      xfs: refactor extended attribute buffer pointer functions
      xfs: attribute scrub should use seen_enough to pass error values
      xfs: allow single bulkstat of special inodes
      xfs: specify AG in bulk req
      xfs: wire up the v5 inumbers ioctl
      xfs: wire up new v5 bulkstat ioctls
      xfs: introduce v5 inode group structure
      xfs: introduce new v5 bulkstat structure
      xfs: rename bulkstat functions
      xfs: remove various bulk request typedef usage
      fs: xfs: xfs_log: Change return type from int to void
      xfs: poll waiting for quotacheck
      xfs: multithreaded iwalk implementation
      xfs: refactor INUMBERS to use iwalk functions
      ...
Commits on Jul 12, 2019
  1. Merge tag 'vfs-fix-ioctl-checking-3' of git://git.kernel.org/pub/scm/…

    torvalds committed Jul 12, 2019
    …fs/xfs/xfs-linux
    
    Pull common SETFLAGS/FSSETXATTR parameter checking from Darrick Wong:
     "Here's a patch series that sets up common parameter checking functions
      for the FS_IOC_SETFLAGS and FS_IOC_FSSETXATTR ioctl implementations.
    
      The goal here is to reduce the amount of behaviorial variance between
      the filesystems where those ioctls originated (ext2 and XFS,
      respectively) and everybody else.
    
       - Standardize parameter checking for the SETFLAGS and FSSETXATTR
         ioctls (which were the file attribute setters for ext4 and xfs and
         have now been hoisted to the vfs)
    
       - Only allow the DAX flag to be set on files and directories"
    
    * tag 'vfs-fix-ioctl-checking-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
      vfs: only allow FSSETXATTR to set DAX flag on files and dirs
      vfs: teach vfs_ioc_fssetxattr_check to check extent size hints
      vfs: teach vfs_ioc_fssetxattr_check to check project id info
      vfs: create a generic checking function for FS_IOC_FSSETXATTR
      vfs: create a generic checking and prep function for FS_IOC_SETFLAGS
  2. Merge tag 'linux-kselftest-5.3-rc1' of git://git.kernel.org/pub/scm/l…

    torvalds committed Jul 12, 2019
    …inux/kernel/git/shuah/linux-kselftest
    
    Pull Kselftest updates from Shuah Khan:
     "This Kselftest update for Linux 5.3-rc1 consists of build failure
      fixes and minor code cleaning patch to remove duplicate headers"
    
    * tag 'linux-kselftest-5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
      rseq/selftests: Fix Thumb mode build failure on arm32
      kselftests: cgroup: remove duplicated include from test_freezer.c
      selftests: timestamping: Fix SIOCGSTAMP undeclared build failure
      selftests: dma-buf: Adding kernel config fragment CONFIG_UDMABUF=y
  3. Merge tag 'kconfig-v5.3' of git://git.kernel.org/pub/scm/linux/kernel…

    torvalds committed Jul 12, 2019
    …/git/masahiroy/linux-kbuild
    
    Pull Kconfig updates from Masahiro Yamada:
    
     - always require argument for --defconfig and remove the hard-coded
       arch/$(ARCH)/defconfig path
    
     - make arch/$(SRCARCH)/configs/defconfig the new default of defconfig
    
     - some code cleanups
    
    * tag 'kconfig-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
      kconfig: remove meaningless if-conditional in conf_read()
      kconfig: Fix spelling of sym_is_changable
      unicore32: rename unicore32_defconfig to defconfig
      kconfig: make arch/*/configs/defconfig the default of KBUILD_DEFCONFIG
      kconfig: add static qualifier to expand_string()
      kconfig: require the argument of --defconfig
      kconfig: remove always false ifeq ($(KBUILD_DEFCONFIG,) conditional
  4. Merge tag 'kbuild-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/…

    torvalds committed Jul 12, 2019
    …git/masahiroy/linux-kbuild
    
    Pull Kbuild updates from Masahiro Yamada:
    
     - remove headers_{install,check}_all targets
    
     - remove unreasonable 'depends on !UML' from CONFIG_SAMPLES
    
     - re-implement 'make headers_install' more cleanly
    
     - add new header-test-y syntax to compile-test headers
    
     - compile-test exported headers to ensure they are compilable in
       user-space
    
     - compile-test headers under include/ to ensure they are self-contained
    
     - remove -Waggregate-return, -Wno-uninitialized, -Wno-unused-value
       flags
    
     - add -Werror=unknown-warning-option for Clang
    
     - add 128-bit built-in types support to genksyms
    
     - fix missed rebuild of modules.builtin
    
     - propagate 'No space left on device' error in fixdep to Make
    
     - allow Clang to use its integrated assembler
    
     - improve some coccinelle scripts
    
     - add a new flag KBUILD_ABS_SRCTREE to request Kbuild to use absolute
       path for $(srctree).
    
     - do not ignore errors when compression utility is missing
    
     - misc cleanups
    
    * tag 'kbuild-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (49 commits)
      kbuild: use -- separater intead of $(filter-out ...) for cc-cross-prefix
      kbuild: Inform user to pass ARCH= for make mrproper
      kbuild: fix compression errors getting ignored
      kbuild: add a flag to force absolute path for srctree
      kbuild: replace KBUILD_SRCTREE with boolean building_out_of_srctree
      kbuild: remove src and obj from the top Makefile
      scripts/tags.sh: remove unused environment variables from comments
      scripts/tags.sh: drop SUBARCH support for ARM
      kbuild: compile-test kernel headers to ensure they are self-contained
      kheaders: include only headers into kheaders_data.tar.xz
      kheaders: remove meaningless -R option of 'ls'
      kbuild: support header-test-pattern-y
      kbuild: do not create wrappers for header-test-y
      kbuild: compile-test exported headers to ensure they are self-contained
      init/Kconfig: add CONFIG_CC_CAN_LINK
      kallsyms: exclude kasan local symbols on s390
      kbuild: add more hints about SUBDIRS replacement
      coccinelle: api/stream_open: treat all wait_.*() calls as blocking
      coccinelle: put_device: Add a cast to an expression for an assignment
      coccinelle: put_device: Adjust a message construction
      ...
  5. Merge tag 'asm-generic-5.3' of git://git.kernel.org/pub/scm/linux/ker…

    torvalds committed Jul 12, 2019
    …nel/git/arnd/asm-generic
    
    Pull asm-generic updates from Arnd Bergmann:
     "The asm-generic changes for 5.3 consist of a cleanup series to remove
      ptrace.h from Christoph Hellwig, who explains:
    
        'asm-generic/ptrace.h is a little weird in that it doesn't actually
         implement any functionality, but it provided multiple layers of
         macros that just implement trivial inline functions. We implement
         those directly in the few architectures and be off with a much
         simpler design.'
    
      at https://lore.kernel.org/lkml/20190624054728.30966-1-hch@lst.de/"
    
    * tag 'asm-generic-5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic:
      asm-generic: remove ptrace.h
      x86: don't use asm-generic/ptrace.h
      sh: don't use asm-generic/ptrace.h
      powerpc: don't use asm-generic/ptrace.h
      arm64: don't use asm-generic/ptrace.h
  6. Merge tag 's390-5.3-2' of git://git.kernel.org/pub/scm/linux/kernel/g…

    torvalds committed Jul 12, 2019
    …it/s390/linux
    
    Pull more s390 updates from Vasily Gorbik:
    
     - Fix integer overflow during stack frame unwind with invalid
       backchain.
    
     - Cleanup unused symbol export in zcrypt code.
    
     - Fix MIO addressing control activation in PCI code and expose its
       usage via sysfs.
    
     - Fix kernel image signature verification report presence detection.
    
     - Fix irq registration in vfio-ap code.
    
     - Add CPU measurement counters for newer machines.
    
     - Add base DASD thin provisioning support and code cleanups.
    
    * tag 's390-5.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: (21 commits)
      s390/unwind: avoid int overflow in outside_of_stack
      s390/zcrypt: remove the exporting of ap_query_configuration
      s390/pci: add mio_enabled attribute
      s390: fix setting of mio addressing control
      s390/ipl: Fix detection of has_secure attribute
      s390: vfio-ap: fix irq registration
      s390/cpumf: Add extended counter set definitions for model 8561 and 8562
      s390/dasd: Handle out-of-space constraint
      s390/dasd: Add discard support for ESE volumes
      s390/dasd: Use ALIGN_DOWN macro
      s390/dasd: Make dasd_setup_queue() a discipline function
      s390/dasd: Add new ioctl to release space
      s390/dasd: Add dasd_sleep_on_queue_interruptible()
      s390/dasd: Add missing intensity definition
      s390/dasd: Fix whitespace
      s390/dasd: Add dynamic formatting support for ESE volumes
      s390/dasd: Recognise data for ESE volumes
      s390/dasd: Put sub-order definitions in a separate section
      s390/dasd: Make layout analysis ESE compatible
      s390/dasd: Remove old defines and function
      ...
  7. net: dsa: qca8k: replace legacy gpio include

    chunkeey authored and davem330 committed Jul 12, 2019
    This patch replaces the legacy bulk gpio.h include
    with the proper gpio/consumer.h variant. This was
    caught by the kbuild test robot that was running
    into an error because of this.
    
    For more information why linux/gpio.h is bad can be found in:
    commit 56a46b6 ("gpio: Clarify that <linux/gpio.h> is legacy")
    
    Reported-by: kbuild test robot <lkp@intel.com>
    Link: https://www.spinics.net/lists/netdev/msg584447.html
    Fixes: a653f2f ("net: dsa: qca8k: introduce reset via gpio feature")
    Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
    Reviewed-by: Vivien Didelot <vivien.didelot@gmail.com>
    Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  8. Merge tag 'nios2-v5.3-rc1' of git://git.kernel.org/pub/scm/linux/kern…

    torvalds committed Jul 12, 2019
    …el/git/lftan/nios2
    
    Pull arch/nios2 updates from Ley Foon Tan.
    
    * tag 'nios2-v5.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2:
      nios2: configs: Remove useless UEVENT_HELPER_PATH
      nios2: remove pointless second entry for CONFIG_TRACE_IRQFLAGS_SUPPORT
  9. net: hisilicon: Use devm_platform_ioremap_resource

    xiaojiangfeng authored and davem330 committed Jul 12, 2019
    Use devm_platform_ioremap_resource instead of
    devm_ioremap_resource. Make the code simpler.
    
    Signed-off-by: Jiangfeng Xiao <xiaojiangfeng@huawei.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  10. cxgb4: reduce kernel stack usage in cudbg_collect_mem_region()

    arndb authored and davem330 committed Jul 12, 2019
    The cudbg_collect_mem_region() and cudbg_read_fw_mem() both use several
    hundred kilobytes of kernel stack space. One gets inlined into the other,
    which causes the stack usage to be combined beyond the warning limit
    when building with clang:
    
    drivers/net/ethernet/chelsio/cxgb4/cudbg_lib.c:1057:12: error: stack frame size of 1244 bytes in function 'cudbg_collect_mem_region' [-Werror,-Wframe-larger-than=]
    
    Restructuring cudbg_collect_mem_region() lets clang do the same
    optimization that gcc does and reuse the stack slots as it can
    see that the large variables are never used together.
    
    A better fix might be to avoid using cudbg_meminfo on the stack
    altogether, but that requires a larger rewrite.
    
    Fixes: a1c6952 ("cxgb4: collect MC memory dump")
    Signed-off-by: Arnd Bergmann <arnd@arndb.de>
    Signed-off-by: David S. Miller <davem@davemloft.net>
Older
You can’t perform that action at this time.