BUG: SELinux invalid_context is logged inconsistently #57

pcmoore · 2017-06-15T18:08:32Z

In /security/selinux/hooks.c whenever there is a SELINUX_ERR event, invalid_context is logged as untrusted_string. In security/selinux/ss/services.c in the function security_sid_mls_copy() it is logged as a normal string.

If sch_hhf fails in its ->init() function (either due to wrong user-space arguments as below or memory alloc failure of hh_flows) it will do a null pointer deref of q->hh_flows in its ->destroy() function. To reproduce the crash: $ tc qdisc add dev eth0 root hhf quantum 2000000 non_hh_weight 10000000 Crash log: [ 690.654882] BUG: unable to handle kernel NULL pointer dereference at (null) [ 690.655565] IP: hhf_destroy+0x48/0xbc [ 690.655944] PGD 37345067 [ 690.655948] P4D 37345067 [ 690.656252] PUD 58402067 [ 690.656554] PMD 0 [ 690.656857] [ 690.657362] Oops: 0000 [#1] SMP [ 690.657696] Modules linked in: [ 690.658032] CPU: 3 PID: 920 Comm: tc Not tainted 4.13.0-rc6+ #57 [ 690.658525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014 [ 690.659255] task: ffff880058578000 task.stack: ffff88005acbc000 [ 690.659747] RIP: 0010:hhf_destroy+0x48/0xbc [ 690.660146] RSP: 0018:ffff88005acbf9e0 EFLAGS: 00010246 [ 690.660601] RAX: 0000000000000000 RBX: 0000000000000020 RCX: 0000000000000000 [ 690.661155] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffff821f63f0 [ 690.661710] RBP: ffff88005acbfa08 R08: ffffffff81b10a90 R09: 0000000000000000 [ 690.662267] R10: 00000000f42b7019 R11: ffff880058578000 R12: 00000000ffffffea [ 690.662820] R13: ffff8800372f6400 R14: 0000000000000000 R15: 0000000000000000 [ 690.663769] FS: 00007f8ae5e8b740(0000) GS:ffff88005d980000(0000) knlGS:0000000000000000 [ 690.667069] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 690.667965] CR2: 0000000000000000 CR3: 0000000058523000 CR4: 00000000000406e0 [ 690.668918] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 690.669945] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 690.671003] Call Trace: [ 690.671743] qdisc_create+0x377/0x3fd [ 690.672534] tc_modify_qdisc+0x4d2/0x4fd [ 690.673324] rtnetlink_rcv_msg+0x188/0x197 [ 690.674204] ? rcu_read_unlock+0x3e/0x5f [ 690.675091] ? rtnl_newlink+0x729/0x729 [ 690.675877] netlink_rcv_skb+0x6c/0xce [ 690.676648] rtnetlink_rcv+0x23/0x2a [ 690.677405] netlink_unicast+0x103/0x181 [ 690.678179] netlink_sendmsg+0x326/0x337 [ 690.678958] sock_sendmsg_nosec+0x14/0x3f [ 690.679743] sock_sendmsg+0x29/0x2e [ 690.680506] ___sys_sendmsg+0x209/0x28b [ 690.681283] ? __handle_mm_fault+0xc7d/0xdb1 [ 690.681915] ? check_chain_key+0xb0/0xfd [ 690.682449] __sys_sendmsg+0x45/0x63 [ 690.682954] ? __sys_sendmsg+0x45/0x63 [ 690.683471] SyS_sendmsg+0x19/0x1b [ 690.683974] entry_SYSCALL_64_fastpath+0x23/0xc2 [ 690.684516] RIP: 0033:0x7f8ae529d690 [ 690.685016] RSP: 002b:00007fff26d2d6b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 690.685931] RAX: ffffffffffffffda RBX: ffffffff810d278c RCX: 00007f8ae529d690 [ 690.686573] RDX: 0000000000000000 RSI: 00007fff26d2d700 RDI: 0000000000000003 [ 690.687047] RBP: ffff88005acbff98 R08: 0000000000000001 R09: 0000000000000000 [ 690.687519] R10: 00007fff26d2d480 R11: 0000000000000246 R12: 0000000000000002 [ 690.687996] R13: 0000000001258070 R14: 0000000000000001 R15: 0000000000000000 [ 690.688475] ? trace_hardirqs_off_caller+0xa7/0xcf [ 690.688887] Code: 00 00 e8 2a 02 ae ff 49 8b bc 1d 60 02 00 00 48 83 c3 08 e8 19 02 ae ff 48 83 fb 20 75 dc 45 31 f6 4d 89 f7 4d 03 bd 20 02 00 00 <49> 8b 07 49 39 c7 75 24 49 83 c6 10 49 81 fe 00 40 00 00 75 e1 [ 690.690200] RIP: hhf_destroy+0x48/0xbc RSP: ffff88005acbf9e0 [ 690.690636] CR2: 0000000000000000 Fixes: 87b60cf ("net_sched: fix error recovery at qdisc creation") Fixes: 10239ed ("net-qdisc-hhf: Heavy-Hitter Filter (HHF) qdisc") Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>

rgbriggs · 2019-05-29T17:38:42Z

@stevegrubb
Should only selinux invalid_context be treated as untrusted string, or all contexts?

Should all contexts be encoded the same way?

Looking at AUDIT_SELINUX_ERR in security/selinux/ss/services.c: I'm assuming compute_sid_handle_invalid_context() should be untrusted in addition to security_sid_mls_copy() mentioned above, but security_dump_masked_av(), security_bounded_transition() and security_validtrans_handle_fail() may be trusted?

stevegrubb · 2019-06-10T20:06:29Z

The answer is another question, can the user or admin name the contexts? For example, files and user names can be changed at a whim and have to be untrusted. However, tty names from the kernel are trusted and not escaped. Can arbitrary context names be created?

rgbriggs · 2019-06-11T01:34:58Z

On 2019-06-10 13:06, Steve Grubb wrote: The answer is another question, can the user or admin name the contexts? For example, files and user names can be changed at a whim and have to be untrusted. However, tty names from the kernel are trusted and not escaped. Can arbitrary context names be created?

From a conversation on freenode:#selinux, 2019-06-10 16:45: Q: Can arbitrary context names be created? I ask to learn if audit should be reporting contexts other than "invalid_context=" as untrusted_string. redragon: you can create any context you want if you create a policy to define the context redragon: you can't arbitrarily assign an undefined context to a file Q: Can that context contain spaces and other punctuation? (and even control characters) sfix SunRaycer: no sfix: The security.selinux xattr can contain an arbitrary string but it'll be reported as an invalid contxt Valid punctuation only includes "_-,:.". danieldg: All components of a valid context will be selected from the names defined in the security policy, which is usually considered trusted. While they can be combined in lots of ways, you can't get arbitrary characters in a context even if it's not checked elsewhere. I just have to not trust invalid_context.

WOnder93 · 2019-06-11T07:53:29Z

Should only selinux invalid_context be treated as untrusted string, or all contexts?

Should all contexts be encoded the same way?

Looking at AUDIT_SELINUX_ERR in security/selinux/ss/services.c: I'm assuming compute_sid_handle_invalid_context() should be untrusted in addition to security_sid_mls_copy() mentioned above, but security_dump_masked_av(), security_bounded_transition() and security_validtrans_handle_fail() may be trusted?

Unless I'm mistaken, context_struct_to_string() should always return a string that follows the general SELinux context format, just the user/role/type/mls can be invalid under the current policy (e.g. no type defined with such name). So all of the above cases should be trusted. (@pcmoore, @stephensmalley, please correct me if I'm wrong.)

You should only need to deal with untrusted invalid contexts when they come from an external source, e.g. a file's extended attribute or the value written to a special procfs file. Actually, now that I think of it, I should have logged the srawcon/trawcon fields as untrusted in [1]... *runs off to write a patch*

[1] SELinuxProject/selinux-kernel@fede148

rgbriggs · 2019-06-11T17:23:23Z

On 2019-06-11 00:53, Ondrej Mosnáček wrote: > Looking at AUDIT_SELINUX_ERR in security/selinux/ss/services.c: I'm assuming compute_sid_handle_invalid_context() should be untrusted in addition to security_sid_mls_copy() mentioned above, but security_dump_masked_av(), security_bounded_transition() and security_validtrans_handle_fail() may be trusted? Unless I'm mistaken, `context_struct_to_string()` should always return a string that follows the general SELinux context format, just the user/role/type/mls can be invalid under the current policy (e.g. no type defined with such name). So all of the above cases should be trusted. ***@***.***, @stephensmalley, please correct me if I'm wrong.)

By looking at the code I'm gathering that all user/role/type/mls strings are passed in via the policydb which is presumed trusted. I conclude that if the policydb is gamed there are bigger problems than audit record formatting. If so, then selinux_inode_setxattr() and selinux_setprocattr() must remain as untrusted invalid_context. @stevegrubb The question remains: Must all instances of the invalid_context field be encoded the same way, untrusted_string for the parser?

stevegrubb · 2019-06-11T19:45:06Z

Yes, a field name has a specific format or it needs a new name. Said another way, all instances of the invalid_context field must be encoded the same way.

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>

GIT c93e682414c74be0945b2617af8a8e2781ca87fc commit 72f64cabc4bd6985c7355f5547bd3637c82762ac Author: Clement Leger <cleger@kalray.eu> Date: Mon Jul 1 09:02:45 2019 +0200 remoteproc: copy parent dma_pfn_offset for vdev When preparing the subdevice for the vdev, also copy dma_pfn_offset since this is used for sub device dma allocations. Without that, there is incoherency between the parent dma settings and the childs one, potentially leading to dma_alloc_coherent failure (due to phys_to_dma using dma_pfn_offset for translation). Fixes: 086d08725d34 ("remoteproc: create vdev subdevice with specific dma memory pool") Signed-off-by: Clement Leger <cleger@kalray.eu> Acked-by: Loic Pallardy <loic.pallardy@st.com> Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> commit 27ba4059e06b3bbd38a7d944fd5a78cdf47534f4 Author: Yunsheng Lin <linyunsheng@huawei.com> Date: Fri Jun 28 09:13:19 2019 +0800 net: link_watch: prevent starvation when processing linkwatch wq When user has configured a large number of virtual netdev, such as 4K vlans, the carrier on/off operation of the real netdev will also cause it's virtual netdev's link state to be processed in linkwatch. Currently, the processing is done in a work queue, which may cause rtnl locking starvation problem and worker starvation problem for other work queue, such as irqfd_inject wq. This patch releases the cpu when link watch worker has processed a fixed number of netdev' link watch event, and schedule the work queue again when there is still link watch event remaining. Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit f04b913834569efbbee442f2a3fb6199ce94dbbc Author: Bjorn Andersson <bjorn.andersson@linaro.org> Date: Fri Jun 21 18:21:46 2019 -0700 remoteproc: qcom: q6v5-mss: Support loading non-split images In some software releases the firmware images are not split up with each loadable segment in it's own file. Check the size of the loaded firmware to see if it still contains each segment to be loaded, before falling back to the split-out segments. Reviewed-by: Jeffrey Hugo <jeffrey.l.hugo@gmail.com> Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> commit 498b98e939007f8bb65094dfa229e84b6bf30e62 Author: Bjorn Andersson <bjorn.andersson@linaro.org> Date: Fri Jun 21 18:21:45 2019 -0700 soc: qcom: mdt_loader: Support loading non-split images In some software releases the firmware images are not split up with each loadable segment in it's own file. Check the size of the loaded firmware to see if it still contains each segment to be loaded, before falling back to the split-out segments. Acked-by: Andy Gross <agross@kernel.org> Reviewed-by: Jeffrey Hugo <jeffrey.l.hugo@gmail.com> Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> commit 87ee07f8e2efbaf473945f0aef41040212596676 Author: Petr Machata <petrm@mellanox.com> Date: Sun Jun 30 09:05:00 2019 +0300 mlxsw: spectrum: PTP: Support ethtool get_ts_info The get_ts_info callback is used for obtaining information about timestamping capabilities of a network device. On Spectrum-1, implement it to advertise the PHC and the capability to do HW timestamping, and the supported RX and TX filters. Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit 8748642751ede505c3d6de1486fa0c1f8eb8be6b Author: Petr Machata <petrm@mellanox.com> Date: Sun Jun 30 09:04:59 2019 +0300 mlxsw: spectrum: PTP: Support SIOCGHWTSTAMP, SIOCSHWTSTAMP ioctls The SIOCSHWTSTAMP ioctl configures HW timestamping on a given port. Dispatch the ioctls to per-chip handler (which add to ptp_ops). Find which PTP messages need to be timestamped and configure MTPPPC accordingly. The SIOCGHWTSTAMP ioctl is getter for the current configuration. Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit a773c76cb8491d1ae337b7073be7a263dff4b9b6 Author: Petr Machata <petrm@mellanox.com> Date: Sun Jun 30 09:04:58 2019 +0300 mlxsw: spectrum: PTP: Configure PTP traps and FIFO events Configure MTPTPT to set which message types should arrive under which PTP trap, and MOGCR to clear the timestamp queue after its contents are reported through PTP_ING_FIFO or PTP_EGR_FIFO. With this configuration, PTP packets start arriving through the PTP traps. However since timestamping is disabled by default and there is currently no way to enable it, they will not be timestamped. Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit 5d23e415977222cbe5acbb85e5902893126c6e4a Author: Petr Machata <petrm@mellanox.com> Date: Sun Jun 30 09:04:57 2019 +0300 mlxsw: spectrum: PTP: Garbage-collect unmatched entries On Spectrum-1, timestamped PTP packets and the corresponding timestamps need to be kept in caches until both are available, at which point they are matched up and packets forwarded as appropriate. However, not all packets will ever see their timestamp, and not all timestamps will ever see their packet. It is therefore necessary to dispose of such abandoned entries. To that end, introduce a garbage collector to collect entries that have not had their counterpart turn up within about a second. The GC maintains a monotonously-increasing value of GC cycle. Every entry that is put to the hash table is annotated with the GC cycle at which it should be collected. When the GC runs, it walks the hash table, and collects the objects according to their GC cycle annotation. Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit d92e4e6e33c8b19635be70fb8935b627d2e4f8fe Author: Petr Machata <petrm@mellanox.com> Date: Sun Jun 30 09:04:56 2019 +0300 mlxsw: spectrum: PTP: Support timestamping on Spectrum-1 On Spectrum-1, timestamps arrive through a pair of dedicated events: MLXSW_TRAP_ID_PTP_ING_FIFO and _EGR_FIFO. The payload delivered with those traps is contents of the timestamp FIFO at a given port in a given direction. Add a Spectrum-1-specific handler for these two events which decodes the timestamps and forwards them to the PTP module. Add a function that parses a packet, dispatching to ptp_classify_raw(), and decodes PTP message type, domain number, and sequence ID. Add a new mlxsw dependency on the PTP classifier. Add helpers that can store and retrieve unmatched timestamps and SKBs to the hash table added in a preceding patch. Add the matching code itself: upon arrival of a timestamp or a packet, look up the corresponding unmatched entry, and match it up. If there is none, add a new unmatched entry. This logic is the same on ingress as on egress. Packets and timestamps that never matched need to be eventually disposed of. A garbage collector added in a follow-up patch will take care of that. Since currently all this code is turned off, no crud will accumulate in the hash table. Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit 89e602ee6e82626cc74f6615950d3e5a26d7bdc9 Author: Petr Machata <petrm@mellanox.com> Date: Sun Jun 30 09:04:55 2019 +0300 mlxsw: spectrum: PTP: Disable BH when working with PHC Up until now, the PTP hardware clock code was only invoked in the process context (SYS_clock_adjtime -> do_clock_adjtime -> k_clock::clock_adj -> pc_clock_adjtime -> posix_clock_operations::clock_adjtime -> ptp_clock_info::adjtime -> mlxsw_spectrum). In order to enable HW timestamping, which is tied into trap handling, it will be necessary to take the clock lock from the PCI queue handler tasklets as well. Therefore use the _bh variants when handling the clock lock. Incidentally, Documentation/ptp/ptp.txt recommends _irqsave variants, but that's unnecessarily strong for our needs. Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit 810256cec105b3b1ff977f0cd47dac1a1a9a184b Author: Petr Machata <petrm@mellanox.com> Date: Sun Jun 30 09:04:54 2019 +0300 mlxsw: spectrum: PTP: Add PTP initialization / finalization Add two ptp_ops: init and fini, to initialize and finalize the PTP subsystem. Call as appropriate from mlxsw_sp_init() and _fini(). Lay the groundwork for Spectrum-1 support. On Spectrum-1, the received timestamped packets and their corresponding timestamps arrive independently, and need to be matched up. Introduce the related data types and add to struct mlxsw_sp_ptp_state the hash table that will keep the unmatched entries. Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit 0714256c3d76793b6ce52e74b4fa207cfb502246 Author: Petr Machata <petrm@mellanox.com> Date: Sun Jun 30 09:04:53 2019 +0300 mlxsw: pci: PTP: Hook into packet transmit path On Spectrum-1, timestamps are delivered separately from the packets, and need to paired up. Therefore, at some point after mlxsw_sp_port_xmit() is invoked, it is necessary to involve the chip-specific driver code to allow it to do the necessary bookkeeping and matching. On Spectrum-2, timestamps are delivered in CQE. For that reason, position the point of driver involvement into mlxsw_pci_cqe_sdq_handle() to make it hopefully easier to extend for Spectrum-2 in the future. To tell the driver what port the packet was sent on, keep tx_info in SKB control buffer. Introduce a new driver core interface mlxsw_core_ptp_transmitted(), a driver callback ptp_transmitted, and a PTP op transmitted. The callee is responsible for taking care of releasing the SKB passed to the new interfaces, and correspondingly have the new stub callbacks just call dev_kfree_skb_any(). Follow-up patches will introduce the actual content into mlxsw_sp1_ptp_transmitted() in particular. Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit d7cd206dbfb25efc5f06ea3c595074a51d48d00a Author: Petr Machata <petrm@mellanox.com> Date: Sun Jun 30 09:04:52 2019 +0300 mlxsw: core: Add support for using SKB control buffer The SKB control buffer is useful (and used) for bookkeeping of information related to that SKB. Add helpers so that the mlxsw driver(s) can safely use the buffer as well. The structure is currently empty, individual users will add members to it as necessary. Note that SKB allocation functions already clear the buffer, so the cleanup is only necessary when ndo_start_xmit is called. Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit aed4b5721143506c8170d04b13c74edeafc1a70e Author: Petr Machata <petrm@mellanox.com> Date: Sun Jun 30 09:04:51 2019 +0300 mlxsw: spectrum: PTP: Hook into packet receive path When configured, the Spectrum hardware can recognize PTP packets and trap them to the CPU using dedicated traps, PTP0 and PTP1. One reason to get PTP packets under dedicated traps is to have a separate policer suitable for the amount of PTP traffic expected when switch is operated as a boundary clock. For this, add two new trap groups, MLXSW_REG_HTGT_TRAP_GROUP_SP_PTP0 and _PTP1, and associate the two PTP traps with these two groups. In the driver, specifically for Spectrum-1, event PTP packets will need to be paired up with their timestamps. Those arrive through a different set of traps, added later in the patch set. To support this future use, introduce a new PTP op, ptp_receive. It is possible to configure which PTP messages should be trapped under which PTP trap. On Spectrum systems, we will use PTP0 for event packets (which need timestamping), and PTP1 for control packets (which do not). Thus configure PTP0 trap with a custom callback that defers to the ptp_receive op. Additionally, L2 PTP packets are actually trapped through the LLDP trap, not through any of the PTP traps. So treat the LLDP trap the same way as the PTP0 trap. Unlike PTP traps, which are currently still disabled, LLDP trap is active. Correspondingly, have all the implementations of the ptp_receive op return true, which the handler treats as a signal to forward the packet immediately. Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit dadbc6bc09e8deb886918012a45fb6b6d53ba29d Author: Petr Machata <petrm@mellanox.com> Date: Sun Jun 30 09:04:50 2019 +0300 mlxsw: spectrum: Add support for traps specific to Spectrum-1 On Spectrum-1, timestamps for PTP packets are delivered through queues of ingress and egress timestamps. There are two event traps corresponding to activity on each of those queues. This mechanism is absent on Spectrum-2, and therefore the traps should only be registered on Spectrum-1. Carry a chip-specific listener array in mlxsw_sp->listeners and listeners_count. Register listeners from that array in mlxsw_sp_traps_init(). Add a new listener array for Spectrum-1 traps and configure the newly-added mlxsw_sp->listeners with this array. The listener array is empty for now, the events will be added in a later patch. Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit 4b6b91ed2d5c7433800b5a3048facc0a69fc1714 Author: Petr Machata <petrm@mellanox.com> Date: Sun Jun 30 09:04:49 2019 +0300 mlxsw: spectrum: Extract a helper for trap registration On Spectrum-1, timestamps for PTP packets are delivered through queues of ingress and egress timestamps. There are two event traps corresponding to activity on each of those queues. This mechanism is absent on Spectrum-2, and therefore the traps should only be registered on Spectrum-1. Extract out of mlxsw_sp_traps_init() a generic helper, mlxsw_sp_traps_register(), and likewise with _unregister(). The new helpers will later be called with Spectrum-1-specific traps. Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit 41ce78b92eab99c87b75769ea4ea996e5f54cb58 Author: Petr Machata <petrm@mellanox.com> Date: Sun Jun 30 09:04:48 2019 +0300 mlxsw: reg: Add Monitoring Global Configuration Register This register serves to configure global parameters of certain monitoring operations. The following patches will use it to configure that when PTP timestamps are delivered through the PTP FIFO traps, the FIFO in question is cleared as well. Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit 98b9028ea5f6fa7e717b772488411acfeadb9d71 Author: Petr Machata <petrm@mellanox.com> Date: Sun Jun 30 09:04:47 2019 +0300 mlxsw: reg: Add Time Precision Packet Timestamping Reading The MTPPTR is used for reading the per port PTP timestamp FIFO. Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit 4dfecb65702f7207f539a2520a9c41eb010311bd Author: Petr Machata <petrm@mellanox.com> Date: Sun Jun 30 09:04:46 2019 +0300 mlxsw: reg: Add Monitoring Precision Time Protocol Trap Register This register is used for configuring under which trap to deliver PTP packets depending on type of the packet. Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit da28e87847134b85c277edf3f9d75222da57c9ca Author: Petr Machata <petrm@mellanox.com> Date: Sun Jun 30 09:04:45 2019 +0300 mlxsw: reg: Add Monitoring Time Precision Packet Port Configuration Register This register serves for configuration of which PTP messages should be timestamped. This is a global configuration, despite the register name. Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit 4a3929b223d0a13fc5920a849a2c303ccc1a1e03 Author: Bodong Wang <bodong@mellanox.com> Date: Fri Jun 28 22:36:23 2019 +0000 net/mlx5: E-Switch, Handle UC address change in switchdev mode When NVME device emulation mode is enabled, more than one PFs use the same physical port. In this case, MPFS is required to program L2 addresses. It used to rely on netdev set_rx_mode in switchdev mode, but driver later changed to not create netdev for eswitch manager once in switchdev mode. So, UC address event should be handled. Signed-off-by: Bodong Wang <bodong@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit 411ec9e0b45792e2ac7c55f94a635d5ce894910b Author: Bodong Wang <bodong@mellanox.com> Date: Fri Jun 28 22:36:22 2019 +0000 net/mlx5: E-Switch, Consider host PF for inline mode and vlan pop When ECPF is the eswitch manager, host PF is treated like other VFs. Driver should do the same for inline mode and vlan pop. Add new iterators to include host PF if ECPF is the eswitch manager. Signed-off-by: Bodong Wang <bodong@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit db68cc569eecff7dea5e346a217ce9ca5d2a0ede Author: Bodong Wang <bodong@mellanox.com> Date: Fri Jun 28 22:36:20 2019 +0000 net/mlx5: E-Switch, Use iterator for vlan and min-inline setups Use the defined iterators to traversal VF reps/vport. Also, rely on num of VFs rather than the counter of enabled vports as PF will also be enabled from ECPF side, and the counter will be different from num of VFs. Signed-off-by: Bodong Wang <bodong@mellanox.com> Reviewed-by: Parav Pandit <parav@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit 16fff98a7e827396eb68f9243636b7240f511f10 Author: Bodong Wang <bodong@mellanox.com> Date: Fri Jun 28 22:36:18 2019 +0000 net/mlx5: E-Switch, Reg/unreg function changed event at correct stage When driver is doing eswitch mode change, it's critical to keep number of enabled VFs unchanged. However, it can be changed on the fly once function changed event is registered. To remove this uncertainty, function changed event should not be registered before all setups, and first be unregistered before all cleanups. Wrap this functionality together with vport event handler. Fixes: 61fc880839e6 ("net/mlx5: E-Switch, Handle representors creation in handler context") Signed-off-by: Bodong Wang <bodong@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit 062f4bf4aab5c6bb62bea59cda59d5c64f23ba29 Author: Bodong Wang <bodong@mellanox.com> Date: Fri Jun 28 22:36:16 2019 +0000 net/mlx5: E-Switch, Consolidate eswitch function number of VFs Enabled number of VFs is key for eswich manager to do flow steering initialization and vport configurations. However, the number of enabled VFs may come from two sources as below. PF: num of VFs is provided by enabled SR-IOV of itself. ECPF: num of VFs is provided by enabled SR-IOV from its peer PF. And SR-IOV can't be enabled from ECPF itself. Current driver handles the two cases in different stages and passing the number of enabled VFs among a large scope of internal functions. It is usually hard to find out where is the real number of VFs from due to layers of argument pass-in. This patch consolidated that number from the entry point of doing eswitch setup, and maintained a copy so that eswitch functions can refer to it directly. Eswitch driver shall always use this number when referring to enabled number of VFs, don't use other numbers such as from SR-IOV. Signed-off-by: Bodong Wang <bodong@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit f6455de0b0e52dcb11aeb503151b12ec87f9c5e4 Author: Bodong Wang <bodong@mellanox.com> Date: Fri Jun 28 22:36:15 2019 +0000 net/mlx5: E-Switch, Refactor eswitch SR-IOV interface Devlink eswitch mode is not necessarily related to SR-IOV, e.g, ECPF can be at offload mode when SR-IOV is not enabled. Rename the interface and eswitch mode names to decouple from SR-IOV, and cleanup eswitch messages accordingly. Signed-off-by: Bodong Wang <bodong@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit e1d974d03e590cf8370d4820e8b467ee700925c3 Author: Bodong Wang <bodong@mellanox.com> Date: Fri Jun 28 22:36:13 2019 +0000 net/mlx5: Handle host PF vport mac/guid for ECPF When ECPF is eswitch manager, it has the privilege to query and configure the mac and node guid of host PF. While vport number of host PF is 0, the vport command should be issued with other_vport set in this case as the cmd is issued by ECPF vport(0xfffe). Add a specific function to query own vport mac. Low level functions are used by vport manager to query/modify any vport mac and node guid. Signed-off-by: Bodong Wang <bodong@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit 5f5d2536be8d5b5d3df925228ce7a6f4054d5956 Author: Bodong Wang <bodong@mellanox.com> Date: Fri Jun 28 22:36:11 2019 +0000 net/mlx5: E-Switch, Use correct flags when configuring vlan Before the offending commit, vlan will be configured if either vlan or qos is set. After the change with new set flags, function callers should provide flags accordingly. Fixes: e33dfe316cf3 ("net/mlx5: E-Switch, Allow fine tuning of eswitch vport push/pop vlan") Signed-off-by: Bodong Wang <bodong@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit d886aba677a0a75ad7fdb06e08418b481e09b036 Author: Parav Pandit <parav@mellanox.com> Date: Fri Jun 28 22:36:06 2019 +0000 net/mlx5: Reduce dependency on enabled_vfs counter and num_vfs While enabling SR-IOV, PCI core already checks that if SR-IOV is already enabled, it returns failure error code. Hence, remove such duplicate check from mlx5_core driver. While at it, make mlx5_device_disable_sriov() to perform cleanup of VFs in reverse order of mlx5_device_enable_sriov(). Signed-off-by: Parav Pandit <parav@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit 5ccf2770e83bf8739f0a7c8bed9186d7e5d2ecbc Author: Bodong Wang <bodong@mellanox.com> Date: Fri Jun 28 22:36:04 2019 +0000 net/mlx5: Don't handle VF func change if host PF is disabled When ECPF eswitch manager is at offloads mode, it monitors functions changed event from host PF side and acts according to the number of VFs enabled/disabled. As ECPF and host PF work in two independent hosts, it's possible that host PF OS reboots but ECPF system is still kept on and continues monitoring events from host PF. When kernel from host PF side is booting, PCI iov driver does sriov_init and compute_max_vf_buses by iterating over all valid num of VFs. This triggers FLR and generates functions changed events, even though host PF HCA is not enabled at this time. However, ECPF is not aware of this information, and still handles these events as usual. ECPF system will see massive number of reps are created, but destroyed immediately once creation finished. To eliminate this noise, a bit is added to host parameter context to indicate host PF is disabled. ECPF will not handle the VF changed event if this bit is set. Signed-off-by: Bodong Wang <bodong@mellanox.com> Reviewed-by: Daniel Jurgens <danielj@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit 7e26dac28101ef1ae8fb500abc8acd1ba1ab4d17 Author: Parav Pandit <parav@mellanox.com> Date: Fri Jun 28 22:36:02 2019 +0000 net/mlx5: Limit scope of mlx5_get_next_phys_dev() to PCI PF devices As mlx5_get_next_phys_dev is used only for PCI PF devices use case, limit it to search only for PCI devices. Signed-off-by: Parav Pandit <parav@mellanox.com> Reviewed-by: Vu Pham <vuhuong@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit d22663edacdfb292e7132989de93bf2828cac493 Author: Parav Pandit <parav@mellanox.com> Date: Fri Jun 28 22:36:00 2019 +0000 net/mlx5: Move pci status reg access mutex to mlx5_pci_init mlx5_pci_init() performs pci specific initialization of the mlx5_core_dev struct. Hence move pci_status_mutex to pci initialization routine mlx5_pci_init(). This allows reusing mlx5_mdev_init() to non PCI devices. Signed-off-by: Parav Pandit <parav@mellanox.com> Reviewed-by: Vu Pham <vuhuong@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit 386e75af995c3aec475a2185b919bf46af396bfc Author: Huy Nguyen <huyn@mellanox.com> Date: Fri Jun 28 22:35:58 2019 +0000 net/mlx5: Rename mlx5_pci_dev_type to mlx5_coredev_type Rename mlx5_pci_dev_type to mlx5_coredev_type to distinguish different mlx5 device types. mlx5_coredev_type represents mlx5_core_dev instance type. Hence keep mlx5_coredev_type in mlx5_core_dev structure. Signed-off-by: Huy Nguyen <huyn@mellanox.com> Signed-off-by: Vu Pham <vuhuong@mellanox.com> Signed-off-by: Parav Pandit <parav@mellanox.com> Reviewed-by: Parav Pandit <parav@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit b8ca123860ee556a8d42ab8c5c2afa469817a813 Author: Bodong Wang <bodong@mellanox.com> Date: Fri Jun 28 22:35:55 2019 +0000 RDMA/mlx5: Cleanup rep when doing unload When an IB rep is loaded, netdev for the same vport is saved for later reference. However, it's not cleaned up when doing unload. For ECPF, kernel crashes when driver is referring to the already removed netdev. Following steps lead to a shown call trace: 1. Create n VFs from host PF 2. Distroy the VFs 3. Run "rdma link" from ARM Call trace: mlx5_ib_get_netdev+0x9c/0xe8 [mlx5_ib] mlx5_query_port_roce+0x268/0x558 [mlx5_ib] mlx5_ib_rep_query_port+0x14/0x34 [mlx5_ib] ib_query_port+0x9c/0xfc [ib_core] fill_port_info+0x74/0x28c [ib_core] nldev_port_get_doit+0x1a8/0x1e8 [ib_core] rdma_nl_rcv_msg+0x16c/0x1c0 [ib_core] rdma_nl_rcv+0xe8/0x144 [ib_core] netlink_unicast+0x184/0x214 netlink_sendmsg+0x288/0x354 sock_sendmsg+0x18/0x2c __sys_sendto+0xbc/0x138 __arm64_sys_sendto+0x28/0x34 el0_svc_common+0xb0/0x100 el0_svc_handler+0x6c/0x84 el0_svc+0x8/0xc Cleanup the rep and netdev reference when unloading IB rep. Fixes: 26628e2d58c9 ("RDMA/mlx5: Move to single device multiport ports in switchdev mode") Signed-off-by: Bodong Wang <bodong@mellanox.com> Reviewed-by: Mark Bloch <markb@mellanox.com> Reviewed-by: Parav Pandit <parav@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit 2f69e591e4531d3192841a4eb2bd9b512f5a8b66 Author: Bodong Wang <bodong@mellanox.com> Date: Fri Jun 28 22:35:53 2019 +0000 {IB, net}/mlx5: E-Switch, Use index of rep for vport to IB port mapping In the single IB device mode, the mapping between vport number and rep relies on a counter. However for dynamic vport allocation, it is desired to keep consistent map of eswitch vport and IB port. Hence, simplify code to remove the free running counter and instead use the available vport index during load/unload sequence from the eswitch. Signed-off-by: Bodong Wang <bodong@mellanox.com> Suggested-by: Parav Pandit <parav@mellanox.com> Reviewed-by: Parav Pandit <parav@mellanox.com> Reviewed-by: Mark Bloch <markb@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit d6518db278ed64561aa58f74ef5f3ee2f9dbe546 Author: Bodong Wang <bodong@mellanox.com> Date: Fri Jun 28 22:35:51 2019 +0000 net/mlx5: E-Switch, Use vport index when init rep Driver is referring to the array index when doing rep initialization, using vport is confusing as it's normally interpreted as vport number. This patch doesn't change any functionality. Signed-off-by: Bodong Wang <bodong@mellanox.com> Reviewed-by: Parav Pandit <parav@mellanox.com> Reviewed-by: Mark Bloch <markb@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit a82e0b5bdac29d9719d3ca2df01494a7947351aa Author: Shay Agroskin <shayag@mellanox.com> Date: Fri Jun 28 22:35:50 2019 +0000 net/mlx5: Added MCQI and MCQS registers' description to ifc Given a fw component index, the MCQI register allows us to query this component's information (e.g. its version and capabilities). Given a fw component index, the MCQS register allows us to query the status of a fw component, including its type and state (e.g. PRESET/IN_USE). It can be used to find the index of a component of a specific type, by sequentially increasing the component index, and querying each time the type of the returned component. If max component index is reached, 'last_index_flag' is set by the HCA. These registers' description was added to query the running and pending fw version of the HCA. Signed-off-by: Shay Agroskin <shayag@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit 1759d322f4bad2f82c376856363b725cac12e61d Author: Parav Pandit <parav@mellanox.com> Date: Fri Jun 28 22:35:48 2019 +0000 net/mlx5: Add hardware definitions for sub functions Update mlx5 device interface data structures for: 1. New command definitions for allocating, deallocating SF 2. Query SF partition 3. Eswitch SF fields 4. HCA CAP SF fields 5. Extend Eswitch functions command for SF Signed-off-by: Parav Pandit <parav@mellanox.com> Signed-off-by: Vu Pham <vuhuong@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> commit 91abab83839aa2eba073e4a63c729832fdb27ea1 Author: Matthew Wilcox (Oracle) <willy@infradead.org> Date: Mon Jul 1 17:03:29 2019 -0400 XArray: Fix xas_next() with a single entry at 0 If there is only a single entry at 0, the first time we call xas_next(), we return the entry. Unfortunately, all subsequent times we call xas_next(), we also return the entry at 0 instead of noticing that the xa_index is now greater than zero. This broke find_get_pages_contig(). Fixes: 64d3e9a9e0cc ("xarray: Step through an XArray") Reported-by: Kent Overstreet <kent.overstreet@gmail.com> Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> commit ea74a685ad819aeed316a9bae3d2a5bf762da82d Author: Richard Guy Briggs <rgb@redhat.com> Date: Thu Jun 27 12:48:01 2019 -0400 selinux: format all invalid context as untrusted The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue https://github.com/linux-audit/audit-kernel/issues/57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> commit aabf3a951c4e959a00e96e9ef11828149dfc81a8 Author: Jack Xiao <Jack.Xiao@amd.com> Date: Wed May 29 13:52:17 2019 +0800 drm/amdkfd: remove duplicated PCIE atomics request Since amdgpu has always requested PCIE atomics, kfd don't need duplicated PCIE atomics enablement. Referring to amdgpu request result is enough. Signed-off-by: Jack Xiao <Jack.Xiao@amd.com> Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com> Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> commit b2109d8ed6976569ba20da4db6eb64392ec7879d Author: Jack Xiao <Jack.Xiao@amd.com> Date: Fri May 24 00:13:14 2019 +0800 drm/amdgpu: enable PCIE atomics ops support GPU atomics operation depends on PCIE atomics support. Always enable PCIE atomics ops support in case that it hasn't been enabled. Signed-off-by: Jack Xiao <Jack.Xiao@amd.com> Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> commit bae17d2a1b6a2f1d539c77a581bb6b88ce622851 Author: Jack Xiao <Jack.Xiao@amd.com> Date: Wed May 29 13:24:22 2019 +0800 drm/amdgpu: add field indicating if has PCIE atomics support The new field in amdgpu device is used to record whether the system has PCIE atomics support. The field can be exposed to UMD or kfd whether PCIE atomics have supported. Signed-off-by: Jack Xiao <Jack.Xiao@amd.com> Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> commit 04796a3e44d4b09245706d04a79186957e9a951d Author: Evan Quan <evan.quan@amd.com> Date: Thu Jun 27 11:01:04 2019 +0800 drm/amd/powerplay: use hardware fan control if no powerplay fan table Otherwise, you may get divided-by-zero error or corrput the SMU fan control feature. Signed-off-by: Evan Quan <evan.quan@amd.com> Reviewed-by: Alex Deucher <alexander.deucher@amd.com> Tested-by: Slava Abramov <slava.abramov@amd.com> Acked-by: Slava Abramov <slava.abramov@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> commit fdafb3597a2cc46217d67bc68253024744af59b9 Author: Evan Quan <evan.quan@amd.com> Date: Wed Jun 26 10:53:39 2019 +0800 drm/amdgpu: fix MGPU fan boost enablement for XGMI reset MGPU fan boost feature should not be enabled until all the devices from the same hive are all back from reset. Signed-off-by: Evan Quan <evan.quan@amd.com> Reviewed-by: Alex Deucher <alexander.deucher@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> commit 4b22e7e33f9666d902dc0f2dd8a24e27cedd1e64 Author: Marek Olšák <marek.olsak@amd.com> Date: Wed Jun 19 19:26:59 2019 -0400 drm/amdgpu: handle AMDGPU_IB_FLAG_RESET_GDS_MAX_WAVE_ID on gfx10 Add the gfx10 equivalent of the gfx9 code. Signed-off-by: Marek Olšák <marek.olsak@amd.com> Acked-by: Christian König <christian.koenig@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> commit 9ed2c993d723129f85101e51b2ccc36ef5400a67 Author: Marek Olšák <marek.olsak@amd.com> Date: Wed Jun 19 19:26:24 2019 -0400 drm/amdgpu: fix transform feedback GDS hang on gfx10 (v2) v2: update emit_ib_size (though it's still wrong because it was wrong before) Signed-off-by: Marek Olšák <marek.olsak@amd.com> Acked-by: Christian König <christian.koenig@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> commit 2e60546368165c2449564d71f6005dda9205b5fb Author: Matteo Croce <mcroce@redhat.com> Date: Mon Jul 1 19:01:55 2019 +0200 ipv4: don't set IPv6 only flags to IPv4 addresses Avoid the situation where an IPV6 only flag is applied to an IPv4 address: # ip addr add 192.0.2.1/24 dev dummy0 nodad home mngtmpaddr noprefixroute # ip -4 addr show dev dummy0 2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 inet 192.0.2.1/24 scope global noprefixroute dummy0 valid_lft forever preferred_lft forever Or worse, by sending a malicious netlink command: # ip -4 addr show dev dummy0 2: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 inet 192.0.2.1/24 scope global nodad optimistic dadfailed home tentative mngtmpaddr noprefixroute stable-privacy dummy0 valid_lft forever preferred_lft forever Signed-off-by: Matteo Croce <mcroce@redhat.com> Reviewed-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit 841ed60264b3d37d5bf3e32cff168920e4923f88 Author: Krzysztof Kozlowski <krzk@kernel.org> Date: Sat Jun 29 13:47:39 2019 +0200 ARM: dts: exynos: Adjust buck[78] regulators to supported values on Arndale Octa The datasheet of S2MPS11 PMIC is slightly non-consistent in buck[78] voltage regulators values. 1. The voltage tables for configuring their registers mention range of voltages: 0.750 V to 3.55 V, 2. The constrains in electrical specifications say output voltage range to be different (buck7: 1.2 V to 1.5 V, buck8: 1.8 V to 2.1 V). Adjust the ranges to match the electrical specifications to stay on the safe side. Anyway these regulators stay at default value so this should not have effect. Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> commit a19a209ee420f95626451034ba287c33d0d64ce0 Author: Krzysztof Kozlowski <krzk@kernel.org> Date: Sat Jun 29 13:47:38 2019 +0200 ARM: dts: exynos: Adjust buck[78] regulators to supported values on Odroid XU3 family The datasheet of S2MPS11 PMIC is slightly non-consistent in buck[78] voltage regulators values. 1. The voltage tables for configuring their registers mention range of voltages: 0.750 V to 3.55 V, 2. The constrains in electrical specifications say output voltage range to be different (buck7: 1.2 V to 1.5 V, buck8: 1.8 V to 2.1 V). Adjust the ranges to match the electrical specifications to stay on the safe side. Also change the name of regulators to match reality. Anyway these regulators stay at default value so this should not have effect. Reported-by: Anand Moon <linux.amoon@gmail.com> Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> commit 8386e6a7b07c51b8b9e2d3c0bb08e551db5c5ae5 Author: Marek Szyprowski <m.szyprowski@samsung.com> Date: Thu Jun 27 13:57:25 2019 +0200 ARM: dts: exynos: Move Mali400 GPU node to "/soc" Mali400 GPU hardware module is a standard hardware module integrated to Exynos3210/4210/4412 SoCs, so it should reside under the "/soc" node. The only SoC components which are placed in the DT root, are those, which are a part of CPUs: like ARM architected timers and ARM performance measurement units. Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> commit 47f28b41df6ba2efd05db705689617b969589168 Author: Marek Szyprowski <m.szyprowski@samsung.com> Date: Thu Jun 27 13:55:53 2019 +0200 ARM: dts: exynos: Fix imprecise abort on Mali GPU probe on Exynos4210 The PMU module of Mali400 GPU is optional and it looks that it is not present on Exynos4210, because any access to its registers causes external abort. This patch removes "pmu" interrupt for Exynos4210 SoCs, so the driver will skip the PMU module. This fixes following fault during kernel boot: Unhandled fault: imprecise external abort (0x1406) at 0x00000000 (lima_pmu_init) from [<c059e6f8>] (lima_device_init+0x244/0x5a0) (lima_device_init) from [<c059e40c>] (lima_pdev_probe+0x7c/0xd8) (lima_pdev_probe) from [<c05afcb8>] (platform_drv_probe+0x48/0x9c) (platform_drv_probe) from [<c05ad594>] (really_probe+0x1c4/0x400) (really_probe) from [<c05ad988>] (driver_probe_device+0x78/0x1b8) (driver_probe_device) from [<c05add30>] (device_driver_attach+0x58/0x60) (device_driver_attach) from [<c05ade34>] (__driver_attach+0xfc/0x160) (__driver_attach) from [<c05ab650>] (bus_for_each_dev+0x68/0xb4) (bus_for_each_dev) from [<c05ac734>] (bus_add_driver+0x104/0x20c) (bus_add_driver) from [<c05aece0>] (driver_register+0x78/0x10c) (driver_register) from [<c0103214>] (do_one_initcall+0x8c/0x430) (do_one_initcall) from [<c0f01328>] (kernel_init_freeable+0x3c8/0x4d0) (kernel_init_freeable) from [<c0ac3aa0>] (kernel_init+0x8/0x10c) (kernel_init) from [<c01010b4>] (ret_from_fork+0x14/0x20) The PMU module seems to work fine on Exynos4412 SoCs, so the patch also moves the interrupt definitions to exynos4210.dtsi and exynos4412.dtsi respectively, to keep only the common part in exynos4.dtsi. Fixes: 13efd80acaa4 ("ARM: dts: exynos: Add GPU/Mali 400 node to Exynos4") Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org> commit 98482377dc7295d0c70e251925b7cc14aff4c5ac Author: Evan Green <evgreen@chromium.org> Date: Mon Jul 1 10:30:30 2019 -0700 ALSA: hda: Fix widget_mutex incomplete protection The widget_mutex was introduced to serialize callers to hda_widget_sysfs_{re}init. However, its protection of the sysfs widget array is incomplete. For example, it is acquired around the call to hda_widget_sysfs_reinit(), which actually creates the new array, but isn't still acquired when codec->num_nodes and codec->start_nid is updated. So the lock ensures one thread sets up the new array at a time, but doesn't ensure which thread's value will end up in codec->num_nodes. If a larger num_nodes wins but a smaller array was set up, the next call to refresh_widgets() will touch free memory as it iterates over codec->num_nodes that aren't there. The widget_lock really protects both the tree as well as codec->num_nodes, start_nid, and end_nid, so make sure it's held across that update. It should also be held during snd_hdac_get_sub_nodes(), so that a very old read from that function doesn't end up clobbering a later update. Fixes: ed180abba7f1 ("ALSA: hda: Fix race between creating and refreshing sysfs entries") Signed-off-by: Evan Green <evgreen@chromium.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> commit 9f4a8181aa2f08dc7254ca5eafa60c873fe61f65 Author: Vineet Gupta <vgupta@synopsys.com> Date: Wed May 22 08:47:13 2019 -0700 ARCv2: entry: simplify return to Delay Slot via interrupt Commit 4255b07f2c9c43540 ("ARCv2: STAR 9000793984: Handle return from intr to Delay Slot") involved a complex 2 staged trampoline. Apparently this can be greatly simplified by returning from pure kernel mode (iso interrupt) so drop to pure kernel mdoe and execute the normal exception return path. Testing this was a bit of challenge as return from interrupt is rarely executed now after commit 4de0e52867d83105767 ("ARCv2: STAR 9000814690: Really Re-enable interrupts to avoid deadlocks"). That fix is necessary evil and pct interrupts etc do exercise intr return path. Anyhow after a revert of above in my local test setup I was able to hit this case and verify the patch works. Signed-off-by: Vineet Gupta <vgupta@synopsys.com> commit 6c5b01c2ed257819c6c1cc80eb4aeae9e1268c14 Author: Vineet Gupta <vgupta@synopsys.com> Date: Wed May 15 16:08:10 2019 -0700 ARC: entry: EV_Trap expects r10 (vs. r9) to have exception cause avoids 1 MOV instruction in light of double load/store code Signed-off-by: Vineet Gupta <vgupta@synopsys.com> commit a4880801a72ecc2dcdfa432f81a754f3e7438567 Author: Vineet Gupta <vgupta@synopsys.com> Date: Wed May 15 15:36:46 2019 -0700 ARCv2: entry: rewrite to enable use of double load/stores LDD/STD - the motivation was to be remove blatent copy-paste due to hasty support of CONFIG_ARC_IRQ_NO_AUTOSAVE support - but with refactoring we could use LDD/STD to greatly optimize the code Signed-off-by: Vineet Gupta <vgupta@synopsys.com> commit ab854bfcd310b5872fe12eb8d3f2c30fe427f8f7 Author: Vineet Gupta <vgupta@synopsys.com> Date: Fri May 10 16:24:15 2019 -0700 ARCv2: entry: avoid a branch Signed-off-by: Vineet Gupta <vgupta@synopsys.com> commit 23c0cbd0c75c3b564850294427fd2be2bc2a015b Author: Vineet Gupta <vgupta@synopsys.com> Date: Tue Apr 9 19:16:37 2019 -0700 ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE Upon a taken interrupt/exception from User mode, HS hardware auto sets Z flag. This helps shave a few instructions from EXCEPTION_PROLOGUE by eliding re-reading ERSTATUS and some bit fiddling. However TLB Miss Exception handler can clobber the CPU flags and still end up in EXCEPTION_PROLOGUE in the slow path handling TLB handling case: EV_TLBMissD do_slow_path_pf EV_TLBProtV (aliased to call_do_page_fault) EXCEPTION_PROLOGUE As a result, EXCEPTION_PROLOGUE need to "unclobber" the Z flag which this patch changes. It is now pushed out to TLB Miss Exception handler. The reasons beings: - The flag restoration is only needed for slowpath TLB Miss Exception handling, but currently being in EXCEPTION_PROLOGUE penalizes all exceptions such as ProtV and syscall Trap, where Z flag is already as expected. - Pushing unclobber out to where it was clobbered is much cleaner and also serves to document the fact. - Makes EXCEPTION_PROLGUE similar to INTERRUPT_PROLOGUE so easier to refactor the common parts which is what this series aims to do Signed-off-by: Vineet Gupta <vgupta@synopsys.com> commit 45869eb0c0afd72bd5ab2437d4b00915697c044a Author: Vineet Gupta <vgupta@synopsys.com> Date: Tue Apr 9 16:55:15 2019 -0700 ARCv2: entry: comments about hardware auto-save on taken interrupts Signed-off-by: Vineet Gupta <vgupta@synopsys.com> commit 926150db8558dca59617c8786c3f91c239290ee1 Author: Vineet Gupta <vgupta@synopsys.com> Date: Tue May 14 16:28:30 2019 -0700 ARC: mm: do_page_fault refactor #8: release mmap_sem sooner In case of successful page fault handling, this patch releases mmap_sem before updating the perf stat event for major/minor faults. So even though the contention reduction is NOT super high, it is still an improvement. There's an additional code size improvement as we only have 2 up_read() calls now. Note to myself: -------------- 1. Given the way it is done, we are forced to move @bad_area label earlier causing the various "goto bad_area" cases to hit perf stat code. - PERF_COUNT_SW_PAGE_FAULTS is NOW updated for access errors which is what arm/arm64 seem to be doing as well (with slightly different code) - PERF_COUNT_SW_PAGE_FAULTS_{MAJ,MIN} must NOT be updated for the error case which is guarded by now setting @fault initial value to VM_FAULT_ERROR which serves both cases when handle_mm_fault() returns error or is not called at all. 2. arm/arm64 use two homebrew fault flags VM_FAULT_BAD{MAP,MAPACCESS} which I was inclined to add too but seems not needed for ARC - given that we have everything is 1 function we can still use goto - we setup si_code at the right place (arm* do that in the end) - we init fault already to error value which guards entry into perf stats event update Cc: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Vineet Gupta <vgupta@synopsys.com> commit 5e91bf5ce9b8740076f5283f1ec3a5b023950920 Author: Vineet Gupta <vgupta@synopsys.com> Date: Tue May 14 15:55:31 2019 -0700 ARC: mm: do_page_fault refactor #7: fold the various error handling - single up_read() call vs. 4 - so much easier on eyes Technically it seems like @bad_area label moved up, but even in old regime, it was a special case of delivering SIGSEGV unconditionally which we now do as well, although with checks. Also note that @fault needs to be initialized since we can land in @bad_area (which reads it) without setting it up with return value of handle_mm_fault() - failing to do so did bite us although as a side effect of different patch: see [1] [1]: http://lists.infradead.org/pipermail/linux-snps-arc/2019-May/005803.html Signed-off-by: Vineet Gupta <vgupta@synopsys.com> commit 98cb57ad70fb7c8a9c030d3e83fe66b546906e28 Author: Vineet Gupta <vgupta@synopsys.com> Date: Tue May 14 15:10:45 2019 -0700 ARC: mm: do_page_fault refactor #6: error handlers to use same pattern - up_read - if !user_mode - whatever error handling Signed-off-by: Vineet Gupta <vgupta@synopsys.com> commit d0542c7eacd5b507fa53570b610706df122a2f37 Author: Vineet Gupta <vgupta@synopsys.com> Date: Tue May 14 14:45:44 2019 -0700 ARC: mm: do_page_fault refactor #5: scoot no_context to end This is different than the rest of signal handling stuff No functional change Signed-off-by: Vineet Gupta <vgupta@synopsys.com> commit 02c88d142ea6e64b0f81dcf3687a889d8a3556ba Author: Vineet Gupta <vgupta@synopsys.com> Date: Tue May 14 14:35:45 2019 -0700 ARC: mm: do_page_fault refactor #4: consolidate retry related logic stats update code can now elide "retry" check and additional level of indentation since all retry handling is done ahead of it already Signed-off-by: Vineet Gupta <vgupta@synopsys.com> commit 85c5e33763a731967ca59085ffe6e694f872d38e Author: Vineet Gupta <vgupta@synopsys.com> Date: Tue May 14 14:25:54 2019 -0700 ARC: mm: do_page_fault refactor #3: tidyup vma access permission code The coding pattern to NOT intialize variables at declaration time but rather near code which makes us eof them makes it much easier to grok the overall logic, specially when the init is not simply 0 or 1 Signed-off-by: Vineet Gupta <vgupta@synopsys.com> commit 13e2cc1240eb14d1a08b2c32f88b25bf20210ebc Author: Vineet Gupta <vgupta@synopsys.com> Date: Tue May 14 16:07:24 2019 -0700 ARC: mm: do_page_fault refactor #2: remove short lived variable Compiler will do this anyways, still.. No functional change. Signed-off-by: Vineet Gupta <vgupta@synopsys.com> commit 450e5b6f654b52bd7495e84cd46dd37d7e184415 Author: Vineet Gupta <vgupta@synopsys.com> Date: Tue May 14 14:22:47 2019 -0700 ARC: mm: do_page_fault refactor #1: remove label @good_area Invert the condition for stack expansion. No functional change Signed-off-by: Vineet Gupta <vgupta@synopsys.com> commit 6e32a74a6f151c3e64d7d79e54948b8938be2cdc Author: Daniel T. Lee <danieltimlee@gmail.com> Date: Sat Jun 29 22:33:58 2019 +0900 samples: pktgen: allow to specify destination port Currently, kernel pktgen has the feature to specify udp destination port for sending packet. (e.g. pgset "udp_dst_min 9") But on samples, each of the scripts doesn't have any option to achieve this. This commit adds the DST_PORT option to specify the target port(s) in the script. -p : ($DST_PORT) destination PORT range (e.g. 433-444) is also allowed Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Acked-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit 226b96c25d84ab32abeb6a000166a755db3ebfa9 Author: Daniel T. Lee <danieltimlee@gmail.com> Date: Sat Jun 29 22:33:57 2019 +0900 samples: pktgen: add some helper functions for port parsing This commit adds port parsing and port validate helper function to parse single or range of port(s) from a given string. (e.g. 1234, 443-444) Helpers will be used in prior to set target port(s) in samples/pktgen. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Acked-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit 88405680ec57c35f5886dbb81b3f6f638f74f40d Author: Vandana BN <bnvandana@gmail.com> Date: Mon Jul 1 19:46:10 2019 +0530 net:gue.h:Fix shifting signed 32-bit value by 31 bits problem Fix GUE_PFLAG_REMCSUM to use "U" cast to avoid shifting signed 32-bit value by 31 bits problem. Signed-off-by: Vandana BN <bnvandana@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit a346abe051bd2bd0d5d0140b2da9ec95639acad7 Author: Eric Dumazet <edumazet@google.com> Date: Mon Jul 1 06:39:36 2019 -0700 ipv6: icmp: allow flowlabel reflection in echo replies Extend flowlabel_reflect bitmask to allow conditional reflection of incoming flowlabels in echo replies. Note this has precedence against auto flowlabels. Add flowlabel_reflect enum to replace hard coded values. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit 40f6a2cb9cfc5da713f745b23bcc2c6761e5eb5e Author: Vandana BN <bnvandana@gmail.com> Date: Mon Jul 1 17:25:39 2019 +0530 net: dst.h: Fix shifting signed 32-bit value by 31 bits problem Fix DST_FEATURE_ECN_CA to use "U" cast to avoid shifting signed 32-bit value by 31 bits problem. Signed-off-by: Vandana BN <bnvandana@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit dca895b65d634f9e6506d5385ed58a8b9abd4900 Author: Hangbin Liu <liuhangbin@gmail.com> Date: Mon Jul 1 16:45:28 2019 +0800 Documentation/networking: fix default_ttl typo in mpls-sysctl default_ttl should be integer instead of bool Reported-by: Ying Xu <yinxu@redhat.com> Fixes: a59166e47086 ("mpls: allow TTL propagation from IP packets to be configured") Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Reviewed-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> commit 535cfa75a6457c9eb5d35cd11f4a07f684d33a0a Author: Alex Deucher <alexander.deucher@amd.com> Date: Mon Jul 1 08:39:19 2019 -0500 drm/amdgpu/gfx10: use reset default for PA_SC_FIFO_SIZE Recommended by the hw team. Reviewed-and-Tested-by: Huang Rui <ray.huang@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> commit 02d7a73b5048a82d4344ba598cbf19dcc9df913f Author: Alex Deucher <alexander.deucher@amd.com> Date: Mon Jul 1 08:38:12 2019 -0500 drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE Recommended by the hw team. Reviewed-and-Tested-by: Huang Rui <ray.huang@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com> commit 8759aa4cc1d36749845b7c99b12ab180e12f2699 Author: Chris Wilson <chris@chris-wilson.co.uk> Date: Mon Jul 1 11:04:54 2019 +0100 drm/i915/execlists: Refactor CSB state machine Daniele pointed out that the CSB status information will change with Tigerlake and suggested that we could rearrange our state machine to hide the differences in generation. gcc also prefers the explicit state machine, so make it so: process_csb 1980 1967 -13 Suggested-by: Daniele Ceraolo Spurio <daniele.ceraolospurio@intel.com> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Cc: Daniele Ceraolo Spurio <daniele.ceraolospurio@intel.com> Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com> Cc: Mika Kuoppala <mika.kuoppala@linux.intel.com> Reviewed-by: Mika Kuoppala <mika.kuoppala@linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20190701100502.15639-4-chris@chris-wilson.co.uk commit 7f3a8dff1219fba3076fe207972d1d7893c099bb Author: Christoph Hellwig <hch@lst.de> Date: Mon Jun 24 07:47:28 2019 +0200 asm-generic: remove ptrace.h No one is using this header anymore. Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Paul Burton <paul.burton@mips.com> Signed-off-by: Arnd Bergmann <arnd@arndb.de> commit 79f2562c326e0731f9c9f089d47c89399ad732e2 Author: Christoph Hellwig <hch@lst.de> Date: Mon Jun 24 07:47:27 2019 +0200 x86: don't use asm-generic/ptrace.h Doing the indirection through macros for the regs accessors just makes them harder to read, so implement the helpers directly. Note that only the helpers actually used are implemented now. Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Ingo Molnar <mingo@kernel.org> Acked-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Arnd Bergmann <arnd@arndb.de> commit 045bd00f3ef08e934af058bf41979061e2a05cf2 Author: Christoph Hellwig <hch@lst.de> Date: Mon Jun 24 07:47:26 2019 +0200 sh: don't use asm-generic/ptrace.h Doing the indirection through macros for the regs accessors just makes them harder to read, so implement the helpers directly. Note that only the helpers actually used are implemented now. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Arnd Bergmann <arnd@arndb.de> commit b42dfdea6052f7e8880f78e8e17881b30fefb840 Author: Christoph Hellwig <hch@lst.de> Date: Mon Jun 24 07:47:25 2019 +0200 powerpc: don't use asm-generic/ptrace.h Doing the indirection through macros for the regs accessors just makes them harder to read, so implement the helpers directly. Note that only the helpers actually used are implemented now. Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Arnd Bergmann <arnd@arndb.de> commit 56a5d00328e1d859b743e14b6e2ca76d47ba6e5d Author: Christoph Hellwig <hch@lst.de> Date: Mon Jun 24 07:47:24 2019 +0200 arm64: don't use asm-generic/ptrace.h Doing the indirection through macros for the regs accessors just makes them harder to read, so implement the helpers directly. Note that only the helpers actually used are implemented now. Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Arnd Bergmann <arnd@arndb.de> commit f80c9a9a04d3fa8231d2477f6a2c8b66a84ab41b Author: Matt Roper <matthew.d.roper@intel.com> Date: Tue Jun 25 17:03:50 2019 -0700 drm/i915/ehl: Don't program PHY_MISC on EHL PHY C Although EHL added a third combo PHY, no PHY_MISC register was added for PHY C. The bspec indicates that there's no need to program the "DE to IO Comp Pwr Down" setting for this PHY that we usually need to set in PHY_MISC. v2: - Add IS_ELKHARTLAKE() guards since future platforms that have a PHY C are likely to reinstate the PHY_MISC register. (Jose) - Use goto's to skip PHY_MISC programming & minimize code deltas. (Jose) Bspec: 33148 Cc: José Roberto de Souza <jose.souza@intel.com> Signed-off-by: Matt Roper <matthew.d.roper@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20190626000352.31926-4-matthew.d.roper@intel.com Reviewed-by: José Roberto de Souza <jose.souza@intel.com> commit 0e933162b0420b5258c34da719ac65269e4dbc49 Author: Matt Roper <matthew.d.roper@intel.com> Date: Tue Jun 25 17:03:49 2019 -0700 drm/i915/ehl: Add third combo PHY offset v2: Rename register to _EHL_COMBOPHY_C. (Jose) Cc: José Roberto de Souza <jose.souza@intel.com> Signed-off-by: Matt Roper <matthew.d.roper@intel.com> Reviewed-by: José Roberto de Souza <jose.souza@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20190626000352.31926-3-matthew.d.roper@intel.com commit 4a8134d57c6ca7b67acb0812f1f32ef60a2f19c0 Author: Matt Roper <matthew.d.roper@intel.com> Date: Tue Jun 25 17:03:48 2019 -0700 drm/i915/icl: Drop port parameter to icl_get_combo_buf_trans() The port parameter hasn't been used since the last bspec phy programming update. Drop it to make some upcoming changes simpler. References: 9659c1af451a ("drm/i915/icl: combo port vswing programming changes per BSPEC") Cc: Clint Taylor <clinton.a.taylor@intel.com> Signed-off-by: Matt Roper <matthew.d.roper@intel.com> Reviewed-by: Clint Taylor <Clinton.A.Taylor@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20190626000352.31926-2-matthew.d.roper@intel.com commit 7e328e5930ad85c4669ca12bd20e1828a62a391a Author: Darrick J. Wong <darrick.wong@oracle.com> Date: Mon Jul 1 08:25:36 2019 -0700 mm/fs: don't allow writes to immutable files The chattr manpage has this to say about immutable files: "A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file, most of the file's metadata can not be modified, and the file can not be opened in write mode." Once the flag is set, it is enforced for quite a few file operations, such as fallocate, fpunch, fzero, rm, touch, open, etc. However, we don't check for immutability when doing a write(), a PROT_WRITE mmap(), a truncate(), or a write to a previously established mmap. If a program has an open write fd to a file that the administrator subsequently marks immutable, the program still can change the file contents. Weird! The ability to write to an immutable file does not follow the manpage promise that immutable files cannot be modified. Worse yet it's inconsistent with the behavior of other syscalls which don't allow modifications of immutable files. Therefore, add the necessary checks to make the write, mmap, and truncate behavior consistent with what the manpage says and consistent with other syscalls on filesystems which support IMMUTABLE. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Jan Kara <jack@suse.cz> commit dbc77f31e58b2902a5e7643761c04bf69f57a32a Author: Darrick J. Wong <darrick.wong@oracle.com> Date: Mon Jul 1 08:25:36 2019 -0700 vfs: only allow FSSETXATTR to set DAX flag on files and dirs The DAX flag only applies to files and directories, so don't let it get set for other types of files. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Jan Kara <jack@suse.cz> commit ca29be753445450799958e7d2e5d797d1153389e Author: Darrick J. Wong <darrick.wong@oracle.com> Date: Mon Jul 1 08:25:36 2019 -0700 vfs: teach vfs_ioc_fssetxattr_check to check extent size hints Move the extent size hint checks that aren't xfs-specific to the vfs. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Jan Kara <jack@suse.cz> commit f991492ed11055934f1b35615cb1b435325939bf Auth…

rgbriggs · 2019-07-10T11:59:09Z

Staged in selinux/next: ea74a68 ("selinux: format all invalid context as untrusted")
Upstreamed for v5.3-rc1 in 7c0f896 ("Merge tag 'selinux-pr-20190702' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux")

syzbot reported a splat: xfrm_policy_inexact_list_reinsert+0x625/0x6e0 net/xfrm/xfrm_policy.c:877 CPU: 1 PID: 6756 Comm: syz-executor.1 Not tainted 5.3.0-rc2+ #57 Call Trace: xfrm_policy_inexact_node_reinsert net/xfrm/xfrm_policy.c:922 [inline] xfrm_policy_inexact_node_merge net/xfrm/xfrm_policy.c:958 [inline] xfrm_policy_inexact_insert_node+0x537/0xb50 net/xfrm/xfrm_policy.c:1023 xfrm_policy_inexact_alloc_chain+0x62b/0xbd0 net/xfrm/xfrm_policy.c:1139 xfrm_policy_inexact_insert+0xe8/0x1540 net/xfrm/xfrm_policy.c:1182 xfrm_policy_insert+0xdf/0xce0 net/xfrm/xfrm_policy.c:1574 xfrm_add_policy+0x4cf/0x9b0 net/xfrm/xfrm_user.c:1670 xfrm_user_rcv_msg+0x46b/0x720 net/xfrm/xfrm_user.c:2676 netlink_rcv_skb+0x1f0/0x460 net/netlink/af_netlink.c:2477 xfrm_netlink_rcv+0x74/0x90 net/xfrm/xfrm_user.c:2684 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline] netlink_unicast+0x809/0x9a0 net/netlink/af_netlink.c:1328 netlink_sendmsg+0xa70/0xd30 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:637 [inline] sock_sendmsg net/socket.c:657 [inline] There is no reproducer, however, the warning can be reproduced by adding rules with ever smaller prefixes. The sanity check ("does the policy match the node") uses the prefix value of the node before its updated to the smaller value. To fix this, update the prefix earlier. The bug has no impact on tree correctness, this is only to prevent a false warning. Reported-by: syzbot+8cc27ace5f6972910b31@syzkaller.appspotmail.com Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

Hangbin Liu says: ==================== fix dev null pointer dereference when send packets larger than mtu in collect_md mode When we send a packet larger than PMTU, we need to reply with icmp_send(ICMP_FRAG_NEEDED) or icmpv6_send(ICMPV6_PKT_TOOBIG). But with collect_md mode, kernel will crash while accessing the dst dev as __metadata_dst_init() init dst->dev to NULL by default. Here is what the code path looks like, for GRE: - ip6gre_tunnel_xmit - ip6gre_xmit_ipv4 - __gre6_xmit - ip6_tnl_xmit - if skb->len - t->tun_hlen - eth_hlen > mtu; return -EMSGSIZE - icmp_send - net = dev_net(rt->dst.dev); <-- here - ip6gre_xmit_ipv6 - __gre6_xmit - ip6_tnl_xmit - if skb->len - t->tun_hlen - eth_hlen > mtu; return -EMSGSIZE - icmpv6_send ... - decode_session4 - oif = skb_dst(skb)->dev->ifindex; <-- here - decode_session6 - oif = skb_dst(skb)->dev->ifindex; <-- here We could not fix it in __metadata_dst_init() as there is no dev supplied. Look in to the __icmp_send()/decode_session{4,6} code we could find the dst dev is actually not needed. In __icmp_send(), we could get the net by skb->dev. For decode_session{4,6}, as it was called by xfrm_decode_session_reverse() in this scenario, the oif is not used by fl4->flowi4_oif = reverse ? skb->skb_iif : oif; The reproducer is easy: ovs-vsctl add-br br0 ip link set br0 up ovs-vsctl add-port br0 gre0 -- set interface gre0 type=gre options:remote_ip=$dst_addr ip link set gre0 up ip addr add ${local_gre6}/64 dev br0 ping6 $remote_gre6 -s 1500 The kernel will crash like [40595.821651] BUG: kernel NULL pointer dereference, address: 0000000000000108 [40595.822411] #PF: supervisor read access in kernel mode [40595.822949] #PF: error_code(0x0000) - not-present page [40595.823492] PGD 0 P4D 0 [40595.823767] Oops: 0000 [#1] SMP PTI [40595.824139] CPU: 0 PID: 2831 Comm: handler12 Not tainted 5.2.0 #57 [40595.824788] Hardware name: Red Hat KVM, BIOS 1.11.1-3.module+el8.1.0+2983+b2ae9c0a 04/01/2014 [40595.825680] RIP: 0010:__xfrm_decode_session+0x6b/0x930 [40595.826219] Code: b7 c0 00 00 00 b8 06 00 00 00 66 85 d2 0f b7 ca 48 0f 45 c1 44 0f b6 2c 06 48 8b 47 58 48 83 e0 fe 0f 84 f4 04 00 00 48 8b 00 <44> 8b 80 08 01 00 00 41 f6 c4 01 4c 89 e7 ba 58 00 00 00 0f 85 47 [40595.828155] RSP: 0018:ffffc90000a73438 EFLAGS: 00010286 [40595.828705] RAX: 0000000000000000 RBX: ffff8881329d7100 RCX: 0000000000000000 [40595.829450] RDX: 0000000000000000 RSI: ffff8881339e70ce RDI: ffff8881329d7100 [40595.830191] RBP: ffffc90000a73470 R08: 0000000000000000 R09: 000000000000000a [40595.830936] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90000a73490 [40595.831682] R13: 000000000000002c R14: ffff888132ff1301 R15: ffff8881329d7100 [40595.832427] FS: 00007f5bfcfd6700(0000) GS:ffff88813ba00000(0000) knlGS:0000000000000000 [40595.833266] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [40595.833883] CR2: 0000000000000108 CR3: 000000013a368000 CR4: 00000000000006f0 [40595.834633] Call Trace: [40595.835392] ? rt6_multipath_hash+0x4c/0x390 [40595.835853] icmpv6_route_lookup+0xcb/0x1d0 [40595.836296] ? icmpv6_xrlim_allow+0x3e/0x140 [40595.836751] icmp6_send+0x537/0x840 [40595.837125] icmpv6_send+0x20/0x30 [40595.837494] tnl_update_pmtu.isra.27+0x19d/0x2a0 [ip_tunnel] [40595.838088] ip_md_tunnel_xmit+0x1b6/0x510 [ip_tunnel] [40595.838633] gre_tap_xmit+0x10c/0x160 [ip_gre] [40595.839103] dev_hard_start_xmit+0x93/0x200 [40595.839551] sch_direct_xmit+0x101/0x2d0 [40595.839967] __dev_queue_xmit+0x69f/0x9c0 [40595.840399] do_execute_actions+0x1717/0x1910 [openvswitch] [40595.840987] ? validate_set.isra.12+0x2f5/0x3d0 [openvswitch] [40595.841596] ? reserve_sfa_size+0x31/0x130 [openvswitch] [40595.842154] ? __ovs_nla_copy_actions+0x1b4/0xad0 [openvswitch] [40595.842778] ? __kmalloc_reserve.isra.50+0x2e/0x80 [40595.843285] ? should_failslab+0xa/0x20 [40595.843696] ? __kmalloc+0x188/0x220 [40595.844078] ? __alloc_skb+0x97/0x270 [40595.844472] ovs_execute_actions+0x47/0x120 [openvswitch] [40595.845041] ovs_packet_cmd_execute+0x27d/0x2b0 [openvswitch] [40595.845648] genl_family_rcv_msg+0x3a8/0x430 [40595.846101] genl_rcv_msg+0x47/0x90 [40595.846476] ? __alloc_skb+0x83/0x270 [40595.846866] ? genl_family_rcv_msg+0x430/0x430 [40595.847335] netlink_rcv_skb+0xcb/0x100 [40595.847777] genl_rcv+0x24/0x40 [40595.848113] netlink_unicast+0x17f/0x230 [40595.848535] netlink_sendmsg+0x2ed/0x3e0 [40595.848951] sock_sendmsg+0x4f/0x60 [40595.849323] ___sys_sendmsg+0x2bd/0x2e0 [40595.849733] ? sock_poll+0x6f/0xb0 [40595.850098] ? ep_scan_ready_list.isra.14+0x20b/0x240 [40595.850634] ? _cond_resched+0x15/0x30 [40595.851032] ? ep_poll+0x11b/0x440 [40595.851401] ? _copy_to_user+0x22/0x30 [40595.851799] __sys_sendmsg+0x58/0xa0 [40595.852180] do_syscall_64+0x5b/0x190 [40595.852574] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [40595.853105] RIP: 0033:0x7f5c00038c7d [40595.853489] Code: c7 20 00 00 75 10 b8 2e 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 8e f7 ff ff 48 89 04 24 b8 2e 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 d7 f7 ff ff 48 89 d0 48 83 c4 08 48 3d 01 [40595.855443] RSP: 002b:00007f5bfcf73c00 EFLAGS: 00003293 ORIG_RAX: 000000000000002e [40595.856244] RAX: ffffffffffffffda RBX: 00007f5bfcf74a60 RCX: 00007f5c00038c7d [40595.856990] RDX: 0000000000000000 RSI: 00007f5bfcf73c60 RDI: 0000000000000015 [40595.857736] RBP: 0000000000000004 R08: 0000000000000b7c R09: 0000000000000110 [40595.858613] R10: 0001000800050004 R11: 0000000000003293 R12: 000055c2d8329da0 [40595.859401] R13: 00007f5bfcf74120 R14: 0000000000000347 R15: 00007f5bfcf73c60 [40595.860185] Modules linked in: ip_gre ip_tunnel gre openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 sunrpc bochs_drm ttm drm_kms_helper drm pcspkr joydev i2c_piix4 qemu_fw_cfg xfs libcrc32c virtio_net net_failover serio_raw failover ata_generic virtio_blk pata_acpi floppy [40595.863155] CR2: 0000000000000108 [40595.863551] ---[ end trace 22209bbcacb4addd ]--- v4: Julian Anastasov remind skb->dev also could be NULL in icmp_send. We'd better still use dst.dev and do a check to avoid crash. v3: only replace pkg to packets in cover letter. So I didn't update the version info in the follow up patches. v2: fix it in __icmp_send() and decode_session{4,6} separately instead of updating shared dst dev in {ip_md, ip6}_tunnel_xmit. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>

rgbriggs · 2019-11-14T19:43:53Z

Please close. Upstream in Linux 5.3 4d856f7

Here's the KASAN report: BUG: KASAN: use-after-free in skcipher_crypt_done+0xe8/0x1a8 Read of size 1 at addr ffff00002304001c by task swapper/0/0 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.0-rc1-00162-gfcb90d5 #57 Hardware name: LS1046A RDB Board (DT) Call trace: dump_backtrace+0x0/0x260 show_stack+0x14/0x20 dump_stack+0xe8/0x144 print_address_description.isra.11+0x64/0x348 __kasan_report+0x11c/0x230 kasan_report+0xc/0x18 __asan_load1+0x5c/0x68 skcipher_crypt_done+0xe8/0x1a8 caam_jr_dequeue+0x390/0x608 tasklet_action_common.isra.13+0x1ec/0x230 tasklet_action+0x24/0x30 efi_header_end+0x1a4/0x370 irq_exit+0x114/0x128 __handle_domain_irq+0x80/0xe0 gic_handle_irq+0x50/0xa0 el1_irq+0xb8/0x180 _raw_spin_unlock_irq+0x2c/0x78 finish_task_switch+0xa4/0x2f8 __schedule+0x3a4/0x890 schedule_idle+0x28/0x50 do_idle+0x22c/0x338 cpu_startup_entry+0x24/0x40 rest_init+0xf8/0x10c arch_call_rest_init+0xc/0x14 start_kernel+0x774/0x7b4 Allocated by task 263: save_stack+0x24/0xb0 __kasan_kmalloc.isra.10+0xc4/0xe0 kasan_kmalloc+0xc/0x18 __kmalloc+0x178/0x2b8 skcipher_edesc_alloc+0x21c/0x1018 skcipher_encrypt+0x84/0x150 crypto_skcipher_encrypt+0x50/0x68 test_skcipher_vec_cfg+0x4d4/0xc10 test_skcipher_vec+0xf8/0x1d8 alg_test_skcipher+0xec/0x230 alg_test.part.44+0x114/0x4a0 alg_test+0x1c/0x60 cryptomgr_test+0x34/0x58 kthread+0x1b8/0x1c0 ret_from_fork+0x10/0x18 Freed by task 0: save_stack+0x24/0xb0 __kasan_slab_free+0x10c/0x188 kasan_slab_free+0x10/0x18 kfree+0x7c/0x298 skcipher_crypt_done+0xe0/0x1a8 caam_jr_dequeue+0x390/0x608 tasklet_action_common.isra.13+0x1ec/0x230 tasklet_action+0x24/0x30 efi_header_end+0x1a4/0x370 The buggy address belongs to the object at ffff000023040000 which belongs to the cache dma-kmalloc-512 of size 512 The buggy address is located 28 bytes inside of 512-byte region [ffff000023040000, ffff000023040200) The buggy address belongs to the page: page:fffffe00006c1000 refcount:1 mapcount:0 mapping:ffff00093200c400 index:0x0 compound_mapcount: 0 flags: 0xffff00000010200(slab|head) raw: 0ffff00000010200 dead000000000100 dead000000000122 ffff00093200c400 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff00002303ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff00002303ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff000023040000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff000023040080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff000023040100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Fixes: ee38767 ("crypto: caam - support crypto_engine framework for SKCIPHER algorithms") Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Park Ju Hyung <qkrwngud825@gmail.com> Signed-off-by: atndko <z1281552865@gmail.com>

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Park Ju Hyung <qkrwngud825@gmail.com>

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Adam W. Willis <return.of.octobot@gmail.com>

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Park Ju Hyung <qkrwngud825@gmail.com>

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Adam W. Willis <return.of.octobot@gmail.com>

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Park Ju Hyung <qkrwngud825@gmail.com>

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Adam W. Willis <return.of.octobot@gmail.com>

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Park Ju Hyung <qkrwngud825@gmail.com> (cherry picked from commit 58c09fd324667980b74132f6811e263370a406f7)

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Park Ju Hyung <qkrwngud825@gmail.com>

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Park Ju Hyung <qkrwngud825@gmail.com> Signed-off-by: Forenche <prahul2003@gmail.com>

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Park Ju Hyung <qkrwngud825@gmail.com>

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Park Ju Hyung <qkrwngud825@gmail.com> (cherry picked from commit 58c09fd324667980b74132f6811e263370a406f7) (cherry picked from commit da3c428c49f4a34d912b12c2f733546ae239ec26) (cherry picked from commit 2fc0e1dbe078cc400dd376cdc4e6d6e48aca7b05)

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Reinazhard <reinazhard@gmail.com>

Since priv->rx_mapping[i] is maped in moxart_mac_open(), we should unmap it from moxart_mac_stop(). Fixes 2 warnings. 1. During error unwinding in moxart_mac_probe(): "goto init_fail;", then moxart_mac_free_memory() calls dma_unmap_single() with priv->rx_mapping[i] pointers zeroed. WARNING: CPU: 0 PID: 1 at kernel/dma/debug.c:963 check_unmap+0x704/0x980 DMA-API: moxart-ethernet 92000000.mac: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=1600 bytes] CPU: 0 PID: 1 Comm: swapper Not tainted 5.19.0+ #60 Hardware name: Generic DT based system unwind_backtrace from show_stack+0x10/0x14 show_stack from dump_stack_lvl+0x34/0x44 dump_stack_lvl from __warn+0xbc/0x1f0 __warn from warn_slowpath_fmt+0x94/0xc8 warn_slowpath_fmt from check_unmap+0x704/0x980 check_unmap from debug_dma_unmap_page+0x8c/0x9c debug_dma_unmap_page from moxart_mac_free_memory+0x3c/0xa8 moxart_mac_free_memory from moxart_mac_probe+0x190/0x218 moxart_mac_probe from platform_probe+0x48/0x88 platform_probe from really_probe+0xc0/0x2e4 2. After commands: ip link set dev eth0 down ip link set dev eth0 up WARNING: CPU: 0 PID: 55 at kernel/dma/debug.c:570 add_dma_entry+0x204/0x2ec DMA-API: moxart-ethernet 92000000.mac: cacheline tracking EEXIST, overlapping mappings aren't supported CPU: 0 PID: 55 Comm: ip Not tainted 5.19.0+ #57 Hardware name: Generic DT based system unwind_backtrace from show_stack+0x10/0x14 show_stack from dump_stack_lvl+0x34/0x44 dump_stack_lvl from __warn+0xbc/0x1f0 __warn from warn_slowpath_fmt+0x94/0xc8 warn_slowpath_fmt from add_dma_entry+0x204/0x2ec add_dma_entry from dma_map_page_attrs+0x110/0x328 dma_map_page_attrs from moxart_mac_open+0x134/0x320 moxart_mac_open from __dev_open+0x11c/0x1ec __dev_open from __dev_change_flags+0x194/0x22c __dev_change_flags from dev_change_flags+0x14/0x44 dev_change_flags from devinet_ioctl+0x6d4/0x93c devinet_ioctl from inet_ioctl+0x1ac/0x25c v1 -> v2: Extraneous change removed. Fixes: 6c821bd ("net: Add MOXA ART SoCs ethernet driver") Signed-off-by: Sergei Antonov <saproj@gmail.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Link: https://lore.kernel.org/r/20220819110519.1230877-1-saproj@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Reinazhard <reinazhard@gmail.com>

The userspace tools expect all fields of the same name to be logged consistently with the same encoding. Since the invalid_context fields contain untrusted strings in selinux_inode_setxattr() and selinux_setprocattr(), encode all instances of this field the same way as though they were untrusted even though compute_sid_handle_invalid_context() and security_sid_mls_copy() are trusted. Please see github issue linux-audit/audit-kernel#57 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Reinazhard <reinazhard@gmail.com> Signed-off-by: meydiwahendra <meydiwahendra@gmail.com>

pcmoore added bug priority/low labels Jun 15, 2017

pcmoore self-assigned this Jun 15, 2017

pcmoore closed this as completed Nov 14, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

BUG: SELinux invalid_context is logged inconsistently #57

BUG: SELinux invalid_context is logged inconsistently #57

pcmoore commented Jun 15, 2017

rgbriggs commented May 29, 2019 •

edited

Loading

stevegrubb commented Jun 10, 2019

rgbriggs commented Jun 11, 2019 via email

WOnder93 commented Jun 11, 2019

rgbriggs commented Jun 11, 2019 via email

stevegrubb commented Jun 11, 2019

rgbriggs commented Jul 10, 2019

rgbriggs commented Nov 14, 2019

BUG: SELinux invalid_context is logged inconsistently #57

BUG: SELinux invalid_context is logged inconsistently #57

Comments

pcmoore commented Jun 15, 2017

rgbriggs commented May 29, 2019 • edited Loading

stevegrubb commented Jun 10, 2019

rgbriggs commented Jun 11, 2019 via email

WOnder93 commented Jun 11, 2019

rgbriggs commented Jun 11, 2019 via email

stevegrubb commented Jun 11, 2019

rgbriggs commented Jul 10, 2019

rgbriggs commented Nov 14, 2019

rgbriggs commented May 29, 2019 •

edited

Loading