11 Jun, 2018
9 commits
-
When kconfig syntax moved to use $(FOO) for environment variables
localmodconfig was not updated.
Fix so it now works with the new syntax $(FOO)Fixes: 104daea149c4 ("kconfig: reference environment variables directly and remove 'option env='")
Reported-by: Kevin Locke
Reported-by: Andrei Vagin
Signed-off-by: Sam Ravnborg
Tested-by: Kevin Locke
Signed-off-by: Masahiro Yamada -
VMLINUX_SYMBOL() is no-op unless CONFIG_HAVE_UNDERSCORE_SYMBOL_PREFIX
is defined. It has ever been selected only by BLACKFIN and METAG.
VMLINUX_SYMBOL() is unneeded for SuperH-specific code.Signed-off-by: Masahiro Yamada
-
This eliminates the workaround that requires disabling
-mprofile-kernel by default in Kconfig.Signed-off-by: Nicholas Piggin
Acked-by: Michael Ellerman
Signed-off-by: Masahiro Yamada -
It would be nice if the source code is written in the same style.
This proposes the convention for describing the compiler capability
in Kconfig.Signed-off-by: Masahiro Yamada
-
We have enabled GCC_PLUGINS for COMPILE_TEST, but allmodconfig now
produces new warnings.CC [M] drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.o
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c: In function ‘wlc_phy_workarounds_nphy_rev7’:
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c:16563:1: warning: the frame size of 3128 bytes is larger than 2048 bytes [-Wframe-larger-than=]
}
^
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c: In function ‘wlc_phy_workarounds_nphy_rev3’:
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c:16905:1: warning: the frame size of 2800 bytes is larger than 2048 bytes [-Wframe-larger-than=]
}
^
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c: In function ‘wlc_phy_cal_txiqlo_nphy’:
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c:26033:1: warning: the frame size of 2488 bytes is larger than 2048 bytes [-Wframe-larger-than=]
}
^It looks like GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is causing this.
Add "depends on !COMPILE_TEST" to not dirturb the compile test.Reported-by: Stephen Rothwell
Suggested-by: Kees Cook
Signed-off-by: Masahiro Yamada -
Now that the compiler's plugin support is checked in Kconfig,
all{yes,mod}config will not be bothered.Remove 'depends on !COMPILE_TEST' for GCC_PLUGINS.
'depends on !COMPILE_TEST' for the following three are still kept:
GCC_PLUGIN_CYC_COMPLEXITY
GCC_PLUGIN_STRUCTLEAK_VERBOSE
GCC_PLUGIN_RANDSTRUCT_PERFORMANCEKees suggested to do so because the first two are too noisy, and the
last one would reduce the compile test coverage. I commented the
reasons in arch/Kconfig.Signed-off-by: Masahiro Yamada
Acked-by: Kees Cook -
Run scripts/gcc-plugin.sh from Kconfig so that users can enable
GCC_PLUGINS only when the compiler supports building plugins.Kconfig defines a new symbol, PLUGIN_HOSTCC. This will contain
the compiler (g++ or gcc) used for building plugins, or empty
if the plugin can not be supported at all.This allows us to remove all ugly testing in Makefile.gcc-plugins.
Signed-off-by: Masahiro Yamada
Acked-by: Kees Cook -
For PowerPC, GCC 5.2 is the requirement for GCC plugins. Move the
version check to Kconfig so that the GCC plugin menus will be hidden
if an older compiler is in use.Signed-off-by: Masahiro Yamada
Acked-by: Andrew Donnellan
Reviewed-by: Kees Cook -
As Documentation/kbuild/kconfig-language.txt notes, 'select' should be
be used with care - it forces a lower limit of another symbol, ignoring
the dependency. Currently, KCOV can select GCC_PLUGINS even if arch
does not select HAVE_GCC_PLUGINS. This could cause the unmet direct
dependency.Now that Kconfig can test compiler capability, let's handle this in a
more sophisticated way.There are two ways to enable KCOV; use the compiler that natively
supports -fsanitize-coverage=trace-pc, or build the SANCOV plugin if
the compiler has ability to build GCC plugins. Hence, the correct
dependency for KCOV is:depends on CC_HAS_SANCOV_TRACE_PC || GCC_PLUGINS
You do not need to build the SANCOV plugin if the compiler already
supports -fsanitize-coverage=trace-pc. Hence, the select should be:select GCC_PLUGIN_SANCOV if !CC_HAS_SANCOV_TRACE_PC
With this, GCC_PLUGIN_SANCOV is selected only when necessary, so
scripts/Makefile.gcc-plugins can be cleaner.I also cleaned up Kconfig and scripts/Makefile.kcov as well.
Signed-off-by: Masahiro Yamada
Reviewed-by: Kees Cook
08 Jun, 2018
10 commits
-
CONFIG_GCOV_FORMAT_AUTODETECT compiles either gcc_3_4.c or gcc_4_7.c
according to your GCC version.We can achieve the equivalent behavior by setting reasonable dependency
with the knowledge of the compiler version.If GCC older than 4.7 is used, GCOV_FORMAT_3_4 is the default, but users
are still allowed to select GCOV_FORMAT_4_7 in case the newer format is
back-ported.On the other hand, If GCC 4.7 or newer is used, there is no reason to
use GCOV_FORMAT_3_4, so it should be hidden.If you downgrade the compiler to GCC 4.7 or older, oldconfig/syncconfig
will display a prompt for the choice because GCOV_FORMAT_3_4 becomes
visible as a new symbol.Signed-off-by: Masahiro Yamada
Acked-by: Peter Oberparleiter
Reviewed-by: Kees Cook -
This becomes much neater in Kconfig.
Signed-off-by: Masahiro Yamada
Acked-by: Will Deacon
Reviewed-by: Kees Cook -
This will be useful to describe the clang version dependency.
Signed-off-by: Masahiro Yamada
Reviewed-by: Kees Cook -
This will be useful to specify the required compiler version,
like this:config FOO
bool "Use Foo"
depends on GCC_VERSION >= 40800
help
This feature requires GCC 4.8 or newer.Signed-off-by: Masahiro Yamada
Reviewed-by: Kees Cook -
Move the test for -fstack-protector(-strong) option to Kconfig.
If the compiler does not support the option, the corresponding menu
is automatically hidden. If STRONG is not supported, it will fall
back to REGULAR. If REGULAR is not supported, it will be disabled.
This means, AUTO is implicitly handled by the dependency solver of
Kconfig, hence removed.I also turned the 'choice' into only two boolean symbols. The use of
'choice' is not a good idea here, because all of all{yes,mod,no}config
would choose the first visible value, while we want allnoconfig to
disable as many features as possible.X86 has additional shell scripts in case the compiler supports those
options, but generates broken code. I added CC_HAS_SANE_STACKPROTECTOR
to test this. I had to add -m32 to gcc-x86_32-has-stack-protector.sh
to make it work correctly.Signed-off-by: Masahiro Yamada
Acked-by: Kees Cook -
Commit 21c54b774744 ("kconfig: show compiler version text in the top
comment") was intended to detect the compiler upgrade, but Geert
reported a breakage on the m68k build.The compiler upgrade is detected by the change of the environment
variable, CC_VERSION_TEXT, which contains the first line of the output
from $(CC) --version. Currently, this works well when CROSS_COMPILE
is given via the environment variable or the Make command line.However, some architectures such as m68k can specify CROSS_COMPILE
from arch/$(SRCARCH)/Makefile as well. In this case, "make ARCH=m68k"
ends up with endless syncconfig loop.$ make ARCH=m68k defconfig
*** Default configuration is based on 'multi_defconfig'
#
# configuration written to .config
#
$ make ARCH=m68k
scripts/kconfig/conf --syncconfig Kconfig
scripts/kconfig/conf --syncconfig Kconfig
scripts/kconfig/conf --syncconfig Kconfig
scripts/kconfig/conf --syncconfig KconfigThings are happening like this:
Because arch/$(SRCARCH)/Makefile is included after CC_VERSION_TEXT
is set, it contains the host compiler version in the defconfig phase.To create or update auto.conf, the following line is triggered:
include/config/%.conf: $(KCONFIG_CONFIG) include/config/auto.conf.cmd
$(Q)$(MAKE) -f $(srctree)/Makefile syncconfigThis recurses the top Makefile after arch/$(SRCARCH)/Makefile is
included. CROSS_COMPILE is set to a m68k toolchain prefix and
exported to the recursed Make. Then, syncconfig is invoked with
the target compiler version in CC_VERSION_TEXT.The Make will restart because auto.conf and auto.conf.cmd have been
updated. At this point, CROSS_COMPILE is reset, so CC_VERSION_TEXT
is set to the host compiler version again. Then, syncconfig is
triggered due to the change of CC_VERSION_TEXT. This loop continues
eternally.To fix this problem, $(CC_VERSION_TEXT) must be evaluated only after
arch/$(SRCARCH)/Makefile. Setting it earlier is OK as long as it is
defined by using the '=' operator instead of ':='.For the defconfig phase, $(CC_VERSION_TEXT) is evaluated when Kbuild
descends into scripts/kconfig/, so it contains the target compiler
version correctly.include/config/auto.conf.cmd references $(CC_VERSION_TEXT) as well,
so it must be included after arch/$(SRCARCH)/Makefile.Fixes: 21c54b774744 ("kconfig: show compiler version text in the top comment")
Reported-by: Geert Uytterhoeven
Signed-off-by: Masahiro Yamada
Tested-by: Geert Uytterhoeven -
Pull powerpc updates from Michael Ellerman:
"Notable changes:- Support for split PMD page table lock on 64-bit Book3S (Power8/9).
- Add support for HAVE_RELIABLE_STACKTRACE, so we properly support
live patching again.- Add support for patching barrier_nospec in copy_from_user() and
syscall entry.- A couple of fixes for our data breakpoints on Book3S.
- A series from Nick optimising TLB/mm handling with the Radix MMU.
- Numerous small cleanups to squash sparse/gcc warnings from Mathieu
Malaterre.- Several series optimising various parts of the 32-bit code from
Christophe Leroy.- Removal of support for two old machines, "SBC834xE" and "C2K"
("GEFanuc,C2K"), which is why the diffstat has so many deletions.And many other small improvements & fixes.
There's a few out-of-area changes. Some minor ftrace changes OK'ed by
Steve, and a fix to our powernv cpuidle driver. Then there's a series
touching mm, x86 and fs/proc/task_mmu.c, which cleans up some details
around pkey support. It was ack'ed/reviewed by Ingo & Dave and has
been in next for several weeks.Thanks to: Akshay Adiga, Alastair D'Silva, Alexey Kardashevskiy, Al
Viro, Andrew Donnellan, Aneesh Kumar K.V, Anju T Sudhakar, Arnd
Bergmann, Balbir Singh, Cédric Le Goater, Christophe Leroy, Christophe
Lombard, Colin Ian King, Dave Hansen, Fabio Estevam, Finn Thain,
Frederic Barrat, Gautham R. Shenoy, Haren Myneni, Hari Bathini, Ingo
Molnar, Jonathan Neuschäfer, Josh Poimboeuf, Kamalesh Babulal,
Madhavan Srinivasan, Mahesh Salgaonkar, Mark Greer, Mathieu Malaterre,
Matthew Wilcox, Michael Neuling, Michal Suchanek, Naveen N. Rao,
Nicholas Piggin, Nicolai Stange, Olof Johansson, Paul Gortmaker, Paul
Mackerras, Peter Rosin, Pridhiviraj Paidipeddi, Ram Pai, Rashmica
Gupta, Ravi Bangoria, Russell Currey, Sam Bobroff, Samuel
Mendoza-Jonas, Segher Boessenkool, Shilpasri G Bhat, Simon Guo,
Souptick Joarder, Stewart Smith, Thiago Jung Bauermann, Torsten Duwe,
Vaibhav Jain, Wei Yongjun, Wolfram Sang, Yisheng Xie, YueHaibing"* tag 'powerpc-4.18-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (251 commits)
powerpc/64s/radix: Fix missing ptesync in flush_cache_vmap
cpuidle: powernv: Fix promotion from snooze if next state disabled
powerpc: fix build failure by disabling attribute-alias warning in pci_32
ocxl: Fix missing unlock on error in afu_ioctl_enable_p9_wait()
powerpc-opal: fix spelling mistake "Uniterrupted" -> "Uninterrupted"
powerpc: fix spelling mistake: "Usupported" -> "Unsupported"
powerpc/pkeys: Detach execute_only key on !PROT_EXEC
powerpc/powernv: copy/paste - Mask SO bit in CR
powerpc: Remove core support for Marvell mv64x60 hostbridges
powerpc/boot: Remove core support for Marvell mv64x60 hostbridges
powerpc/boot: Remove support for Marvell mv64x60 i2c controller
powerpc/boot: Remove support for Marvell MPSC serial controller
powerpc/embedded6xx: Remove C2K board support
powerpc/lib: optimise PPC32 memcmp
powerpc/lib: optimise 32 bits __clear_user()
powerpc/time: inline arch_vtime_task_switch()
powerpc/Makefile: set -mcpu=860 flag for the 8xx
powerpc: Implement csum_ipv6_magic in assembly
powerpc/32: Optimise __csum_partial()
powerpc/lib: Adjust .balign inside string functions for PPC32
... -
Pull microblaze updates from Michal Simek:
- Fix simpleImage format generation
- Remove earlyprintk support and replace it by earlycon
* tag 'microblaze-v4.18-rc1' of git://git.monstr.eu/linux-2.6-microblaze:
microblaze: dts: replace 'linux,stdout-path' with 'stdout-path'
microblaze: remove redundant early_printk support
microblaze: remove unnecessary prom.h includes
microblaze: Fix simpleImage format generation -
Pull udf updates from Jan Kara:
"UDF support for UTF-16 characters in file names"* tag 'udf_for_v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
udf: Add support for decoding UTF-16 characters
udf: Add support for encoding UTF-16 characters
udf: Push sb argument to udf_name_[to|from]_CS0()
udf: Convert ident strings to proper charset
udf: Use UTF-32 UTF-8 conversion functions from NLS
udf: Always require NLS support -
Pull orangefs updates from Mike Marshall:
"Fixes and cleanups:- fix some sparse warnings
- cleanup some code formatting
- fix up some attribute/meta-data related code"
* tag 'for-linus-4.18-ofs' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux:
orangefs: use sparse annotations for holding locks across function calls.
orangefs: make debug_help_fops static
orangefs: remove unused function orangefs_get_bufmap_init
orangefs: specify user pointers when using dev_map_desc and bufmap
orangefs: formatting cleanups
orangefs: set i_size on new symlink
orangefs: report attributes_mask and attributes for statx
orangefs: make struct orangefs_file_vm_ops static
orangefs: revamp block sizes
07 Jun, 2018
21 commits
-
Pull overlayfs fixes from Miklos Szeredi:
"This contains a fix for the vfs_mkdir() issue discovered by Al, as
well as other fixes and cleanups"* tag 'ovl-fixes-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
ovl: use inode_insert5() to hash a newly created inode
ovl: Pass argument to ovl_get_inode() in a structure
vfs: factor out inode_insert5()
ovl: clean up copy-up error paths
ovl: return EIO on internal error
ovl: make ovl_create_real() cope with vfs_mkdir() safely
ovl: create helper ovl_create_temp()
ovl: return dentry from ovl_create_real()
ovl: struct cattr cleanups
ovl: strip debug argument from ovl_do_ helpers
ovl: remove WARN_ON() real inode attributes mismatch
ovl: Kconfig documentation fixes
ovl: update documentation for unionmount-testsuite -
Pull fuse updates from Miklos Szeredi:
"The most interesting part of this update is user namespace support,
mostly done by Eric Biederman. This enables safe unprivileged fuse
mounts within a user namespace.There are also a couple of fixes for bugs found by syzbot and
miscellaneous fixes and cleanups"* tag 'fuse-update-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
fuse: don't keep dead fuse_conn at fuse_fill_super().
fuse: fix control dir setup and teardown
fuse: fix congested state leak on aborted connections
fuse: Allow fully unprivileged mounts
fuse: Ensure posix acls are translated outside of init_user_ns
fuse: add writeback documentation
fuse: honor AT_STATX_FORCE_SYNC
fuse: honor AT_STATX_DONT_SYNC
fuse: Restrict allow_other to the superblock's namespace or a descendant
fuse: Support fuse filesystems outside of init_user_ns
fuse: Fail all requests with invalid uids or gids
fuse: Remove the buggy retranslation of pids in fuse_dev_do_read
fuse: return -ECONNABORTED on /dev/fuse read after abort
fuse: atomic_o_trunc should truncate pagecache -
Pull networking updates from David Miller:
1) Add Maglev hashing scheduler to IPVS, from Inju Song.
2) Lots of new TC subsystem tests from Roman Mashak.
3) Add TCP zero copy receive and fix delayed acks and autotuning with
SO_RCVLOWAT, from Eric Dumazet.4) Add XDP_REDIRECT support to mlx5 driver, from Jesper Dangaard
Brouer.5) Add ttl inherit support to vxlan, from Hangbin Liu.
6) Properly separate ipv6 routes into their logically independant
components. fib6_info for the routing table, and fib6_nh for sets of
nexthops, which thus can be shared. From David Ahern.7) Add bpf_xdp_adjust_tail helper, which can be used to generate ICMP
messages from XDP programs. From Nikita V. Shirokov.8) Lots of long overdue cleanups to the r8169 driver, from Heiner
Kallweit.9) Add BTF ("BPF Type Format"), from Martin KaFai Lau.
10) Add traffic condition monitoring to iwlwifi, from Luca Coelho.
11) Plumb extack down into fib_rules, from Roopa Prabhu.
12) Add Flower classifier offload support to igb, from Vinicius Costa
Gomes.13) Add UDP GSO support, from Willem de Bruijn.
14) Add documentation for eBPF helpers, from Quentin Monnet.
15) Add TLS tx offload to mlx5, from Ilya Lesokhin.
16) Allow applications to be given the number of bytes available to read
on a socket via a control message returned from recvmsg(), from
Soheil Hassas Yeganeh.17) Add x86_32 eBPF JIT compiler, from Wang YanQing.
18) Add AF_XDP sockets, with zerocopy support infrastructure as well.
From Björn Töpel.19) Remove indirect load support from all of the BPF JITs and handle
these operations in the verifier by translating them into native BPF
instead. From Daniel Borkmann.20) Add GRO support to ipv6 gre tunnels, from Eran Ben Elisha.
21) Allow XDP programs to do lookups in the main kernel routing tables
for forwarding. From David Ahern.22) Allow drivers to store hardware state into an ELF section of kernel
dump vmcore files, and use it in cxgb4. From Rahul Lakkireddy.23) Various RACK and loss detection improvements in TCP, from Yuchung
Cheng.24) Add TCP SACK compression, from Eric Dumazet.
25) Add User Mode Helper support and basic bpfilter infrastructure, from
Alexei Starovoitov.26) Support ports and protocol values in RTM_GETROUTE, from Roopa
Prabhu.27) Support bulking in ->ndo_xdp_xmit() API, from Jesper Dangaard
Brouer.28) Add lots of forwarding selftests, from Petr Machata.
29) Add generic network device failover driver, from Sridhar Samudrala.
* ra.kernel.org:/pub/scm/linux/kernel/git/davem/net-next: (1959 commits)
strparser: Add __strp_unpause and use it in ktls.
rxrpc: Fix terminal retransmission connection ID to include the channel
net: hns3: Optimize PF CMDQ interrupt switching process
net: hns3: Fix for VF mailbox receiving unknown message
net: hns3: Fix for VF mailbox cannot receiving PF response
bnx2x: use the right constant
Revert "net: sched: cls: Fix offloading when ingress dev is vxlan"
net: dsa: b53: Fix for brcm tag issue in Cygnus SoC
enic: fix UDP rss bits
netdev-FAQ: clarify DaveM's position for stable backports
rtnetlink: validate attributes in do_setlink()
mlxsw: Add extack messages for port_{un, }split failures
netdevsim: Add extack error message for devlink reload
devlink: Add extack to reload and port_{un, }split operations
net: metrics: add proper netlink validation
ipmr: fix error path when ipmr_new_table fails
ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds
net: hns3: remove unused hclgevf_cfg_func_mta_filter
netfilter: provide udp*_lib_lookup for nf_tproxy
qed*: Utilize FW 8.37.2.0
... -
Pull overflow updates from Kees Cook:
"This adds the new overflow checking helpers and adds them to the
2-factor argument allocators. And this adds the saturating size
helpers and does a treewide replacement for the struct_size() usage.
Additionally this adds the overflow testing modules to make sure
everything works.I'm still working on the treewide replacements for allocators with
"simple" multiplied arguments:*alloc(a * b, ...) -> *alloc_array(a, b, ...)
and
*zalloc(a * b, ...) -> *calloc(a, b, ...)
as well as the more complex cases, but that's separable from this
portion of the series. I expect to have the rest sent before -rc1
closes; there are a lot of messy cases to clean up.Summary:
- Introduce arithmetic overflow test helper functions (Rasmus)
- Use overflow helpers in 2-factor allocators (Kees, Rasmus)
- Introduce overflow test module (Rasmus, Kees)
- Introduce saturating size helper functions (Matthew, Kees)
- Treewide use of struct_size() for allocators (Kees)"
* tag 'overflow-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
treewide: Use struct_size() for devm_kmalloc() and friends
treewide: Use struct_size() for vmalloc()-family
treewide: Use struct_size() for kmalloc()-family
device: Use overflow helpers for devm_kmalloc()
mm: Use overflow helpers in kvmalloc()
mm: Use overflow helpers in kmalloc_array*()
test_overflow: Add memory allocation overflow tests
overflow.h: Add allocation size calculation helpers
test_overflow: Report test failures
test_overflow: macrofy some more, do more tests for free
lib: add runtime test of check_*_overflow functions
compiler.h: enable builtin overflow checkers and add fallback code -
Pull tracing updates from Steven Rostedt:
"One new feature was added to ftrace, which is the trace_marker now
supports triggers. For example:# cd /sys/kernel/debug/tracing
# echo 'snapshot' > events/ftrace/print/trigger
# echo 'cause snapshot' > trace_markerThe rest of the changes are various clean ups and also one stable fix
that was added late in the cycle"* tag 'trace-v4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: (21 commits)
tracing: Use match_string() instead of open coding it in trace_set_options()
branch-check: fix long->int truncation when profiling branches
ring-buffer: Fix typo in comment
ring-buffer: Fix a bunch of typos in comments
tracing/selftest: Add test to test simple snapshot trigger for trace_marker
tracing/selftest: Add test to test hist trigger between kernel event and trace_marker
tracing/selftest: Add selftests to test trace_marker histogram triggers
ftrace/selftest: Fix reset_trigger() to handle triggers with filters
ftrace/selftest: Have the reset_trigger code be a bit more careful
tracing: Document trace_marker triggers
tracing: Allow histogram triggers to access ftrace internal events
tracing: Prevent further users of zero size static arrays in trace events
tracing: Have zero size length in filter logic be full string
tracing: Add trigger file for trace_markers tracefs/ftrace/print
tracing: Do not show filter file for ftrace internal events
tracing: Add brackets in ftrace event dynamic arrays
tracing: Have event_trace_init() called by trace_init_tracefs()
tracing: Add __find_event_file() to find event files without restrictions
tracing: Do not reference event data in post call triggers
tracepoints: Fix the descriptions of tracepoint_probe_register{_prio}
... -
Pull audit updates from Paul Moore:
"Another reasonable chunk of audit changes for v4.18, thirteen patches
in total.The thirteen patches can mostly be broken down into one of four
categories: general bug fixes, accessor functions for audit state
stored in the task_struct, negative filter matches on executable
names, and extending the (relatively) new seccomp logging knobs to the
audit subsystem.The main driver for the accessor functions from Richard are the
changes we're working on to associate audit events with containers,
but I think they have some standalone value too so I figured it would
be good to get them in now.The seccomp/audit patches from Tyler apply the seccomp logging
improvements from a few releases ago to audit's seccomp logging;
starting with this patchset the changes in
/proc/sys/kernel/seccomp/actions_logged should apply to both the
standard kernel logging and audit.As usual, everything passes the audit-testsuite and it happens to
merge cleanly with your tree"[ Heh, except it had trivial merge conflicts with the SELinux tree that
also came in from Paul - Linus ]* tag 'audit-pr-20180605' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
audit: Fix wrong task in comparison of session ID
audit: use existing session info function
audit: normalize loginuid read access
audit: use new audit_context access funciton for seccomp_actions_logged
audit: use inline function to set audit context
audit: use inline function to get audit context
audit: convert sessionid unset to a macro
seccomp: Don't special case audited processes when logging
seccomp: Audit attempts to modify the actions_logged sysctl
seccomp: Configurable separator for the actions_logged string
seccomp: Separate read and write code for actions_logged sysctl
audit: allow not equal op for audit by executable
audit: add syscall information to FEATURE_CHANGE records -
Pull SELinux updates from Paul Moore:
"SELinux is back with a quiet pull request for v4.18. Three patches,
all small: two cleanups of the SELinux audit records, and one to
migrate to a newly defined type (vm_fault_t).Everything passes our test suite, and as of about five minutes ago it
merged cleanly with your tree"* tag 'selinux-pr-20180605' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
audit: normalize MAC_POLICY_LOAD record
audit: normalize MAC_STATUS record
security: selinux: Change return type to vm_fault_t -
Pull security system updates from James Morris:
- incorporate new socketpair() hook into LSM and wire up the SELinux
and Smack modules. From David Herrmann:"The idea is to allow SO_PEERSEC to be called on AF_UNIX sockets
created via socketpair(2), and return the same information as if
you emulated socketpair(2) via a temporary listener socket.Right now SO_PEERSEC will return the unlabeled credentials for a
socketpair, rather than the actual credentials of the creating
process."- remove the unused security_settime LSM hook (Sargun Dhillon).
- remove some stack allocated arrays from the keys code (Tycho
Andersen)* 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
dh key: get rid of stack allocated array for zeroes
dh key: get rid of stack allocated array
big key: get rid of stack array allocation
smack: provide socketpair callback
selinux: provide socketpair callback
net: hook socketpair() into LSM
security: add hook for socketpair()
security: remove security_settime -
Pull printk updates from Petr Mladek:
- Help userspace log daemons to catch up with a flood of messages. They
will get woken after each message even if the console is far behind
and handled by another process.- Flush printk safe buffers safely even when panic() happens in the
normal context.- Fix possible va_list reuse when race happened in printk_safe().
- Remove %pCr printf format to prevent sleeping in the atomic context.
- Misc vsprintf code cleanup.
* tag 'printk-for-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
printk: drop in_nmi check from printk_safe_flush_on_panic()
lib/vsprintf: Remove atomic-unsafe support for %pCr
serial: sh-sci: Stop using printk format %pCr
thermal: bcm2835: Stop using printk format %pCr
clk: renesas: cpg-mssr: Stop using printk format %pCr
printk: fix possible reuse of va_list variable
printk: wake up klogd in vprintk_emit
vsprintf: Tweak pF/pf comment
lib/vsprintf: Mark expected switch fall-through
lib/vsprintf: Replace space with '_' before crng is ready
lib/vsprintf: Deduplicate pointer_string()
lib/vsprintf: Move pointer_string() upper
lib/vsprintf: Make flag_spec global
lib/vsprintf: Make strspec global
lib/vsprintf: Make dec_spec global
lib/test_printf: Mark big constant with UL -
Pull IPMI updates from Corey Minyard:
"It's been a busy release for the IPMI driver. Some notable changes:- A user was running into timeout issues doing maintenance commands
over the IPMB network behind an IPMI controller.Extend the maintenance mode concept to messages over IPMB and allow
the timeouts to be tuned.- Lots of cleanup, style fixing, some bugfixes, and such.
- At least one user was having trouble with the way the IPMI driver
would lock the i2c driver module it used.The IPMI driver was not designed for hotplug. However, hotplug is a
reality now, so the IPMI driver was modified to support hotplug.- The proc interface code is now completely removed. Long live sysfs!"
* tag 'for-linus-4.18' of git://github.com/cminyard/linux-ipmi: (35 commits)
ipmi: Properly release srcu locks on error conditions
ipmi: NPCM7xx KCS BMC: enable interrupt to the host
ipmi:bt: Set the timeout before doing a capabilities check
ipmi: Remove the proc interface
ipmi_ssif: Fix uninitialized variable issue
ipmi: add an NPCM7xx KCS BMC driver
ipmi_si: Clean up shutdown a bit
ipmi_si: Rename intf_num to si_num
ipmi: Remove smi->intf checks
ipmi_ssif: Get rid of unused intf_num
ipmi: Get rid of ipmi_user_t and ipmi_smi_t in include files
ipmi: ipmi_unregister_smi() cannot fail, have it return void
ipmi_devintf: Add an error return on invalid ioctls
ipmi: Remove usecount function from interfaces
ipmi_ssif: Remove usecount handling
ipmi: Remove condition on interface shutdown
ipmi_ssif: Convert over to a shutdown handler
ipmi_si: Convert over to a shutdown handler
ipmi: Rework locking and shutdown for hot remove
ipmi: Fix some counter issues
... -
Pull EDAC updates from Borislav Petkov:
- Stratix10 SDRAM support to altera_edac (Thor Thayer)
- the usual misc fixes all over the place
[ Also, shared branch for socfpga_stratix10.dtsi file changes with the
socfpga tree ]* tag 'edac_for_4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp:
EDAC, ghes: Make platform-based whitelisting x86-only
EDAC, altera: Fix ARM64 build warning
EDAC, skx: Fix skx_edac build error when ACPI_NFIT=m
EDAC, ghes: Use BIT() macro
EDAC, ghes: Add DDR4 and NVDIMM memory types
EDAC, altera: Handle SDRAM Uncorrectable Errors on Stratix10
Documentation: dt: edac: Move Altera SOCFPGA EDAC file
EDAC, altera: Add support for Stratix10 SDRAM EDAC
Documentation: dt: socfpga: Add Stratix10 ECC Manager binding
EDAC, ghes: Remove unused argument to ghes_edac_report_mem_error()
arm64: dts: stratix10: add sdram ecc
EDAC, i7core: Fix spelling mistake: "redundacy" -> "redundancy"
EDAC, ghes: Add a null pointer check in ghes_edac_unregister()
ghes, EDAC: Fix ghes_edac registration
arm64: dts: stratix10: Change pad skew values for EMAC0 PHY driver
ARM: dts: consistently use 'atmel' as at24 manufacturer in cyclone5
arm64: dts: stratix10: Add PL330 DMAC to Stratix10 dts
arm64: dts: stratix10: enable i2c, add i2c periperals
arm64: dts: stratix10: use clock bindings for the Stratix10 platform -
Pull ARM updates from Russell King:
- Initial round of Spectre variant 1 and variant 2 fixes for 32-bit ARM
- Clang support improvements
- nommu updates for v8 MPU
- enable ARM_MODULE_PLTS by default to avoid problems loading modules
with larger kernels- vmlinux.lds and dma-mapping cleanups
* 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm: (31 commits)
ARM: spectre-v1: fix syscall entry
ARM: spectre-v1: add array_index_mask_nospec() implementation
ARM: spectre-v1: add speculation barrier (csdb) macros
ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1
ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15
ARM: KVM: invalidate icache on guest exit for Cortex-A15
ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17
ARM: spectre-v2: warn about incorrect context switching functions
ARM: spectre-v2: add firmware based hardening
ARM: spectre-v2: harden user aborts in kernel space
ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit
ARM: spectre-v2: harden branch predictor on context switches
ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre
ARM: bugs: add support for per-processor bug checking
ARM: bugs: hook processor bug checking into SMP and suspend paths
ARM: bugs: prepare processor bug infrastructure
ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs
ARM: 8774/1: remove no-op macro VMLINUX_SYMBOL()
ARM: 8773/1: amba: Export amba_bustype
... -
…l/git/shuah/linux-kselftest
Pull Kselftest update from Shuah Khan:
- Work to restructure timers test suite to move PIE out of rtctest from
Alexandre Belloni.- Several minor spelling and bug fixes.
- New cgroup tests from Roman Gushchin and Mike Rapoport.
- Kselftest framework changes to handle and report skipped tests
correctly.Prior to these changes, framework treated all non-zero return codes
from tests as failures. When tests are skipped with non-zero return
code, due to unmet dependencies and/or unsupported configuration,
reporting them as failed lead to false negatives on the tests that
couldn't be run.- Fixes to test Makefiles to remove unnecessary RUN_TESTS and
EMIT_TESTS overrides and use common defines from lib.mk.- Fixes to several tests to return correct Kselftest skip code.
- Changes to improve test output.
* tag 'linux-kselftest-4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: (55 commits)
selftests: lib: fix prime_numbers module search and skip logic
selftests: intel_pstate: notification about privilege required to run intel_pstate testing script
selftests: cgroup/memcontrol: add basic test for socket accounting
selftest: intel_pstate: debug support message from aperf.c and return value
kselftest/cgroup: fix variable dereferenced before check warning
selftests/intel_pstate: Enhance table printing
selftests/intel_pstate: Improve test, minor fixes
selftests: cgroup/memcontrol: add basic test for swap controls
selftests: cgroup: add memory controller self-tests
selftests: memfd: split regular and hugetlbfs tests
selftests: net: return Kselftest Skip code for skipped tests
selftests: mqueue: return Kselftest Skip code for skipped tests
selftests: memory-hotplug: return Kselftest Skip code for skipped tests
selftests: memfd: return Kselftest Skip code for skipped tests
selftests: membarrier: return Kselftest Skip code for skipped tests
selftests: media_tests: return Kselftest Skip code for skipped tests
selftests: locking: return Kselftest Skip code for skipped tests
selftests: locking: add Makefile for locking test
selftests: lib: return Kselftest Skip code for skipped tests
selftests: lib: add prime_numbers.sh test to Makefile
... -
Pull Kconfig updates from Masahiro Yamada:
"Kconfig now supports new functionality to perform textual
substitution. It has been a while since Linus suggested to move
compiler option tests from makefiles to Kconfig. Finally, here it is.The implementation has been generalized into a Make-like macro
language.Some built-in functions such as 'shell' are provided. Variables and
user-defined functions are also supported so that 'cc-option',
'ld-option', etc. are implemented as macros.Summary:
- refactor package checks for building {m,n,q,g}conf
- remove unused/unmaintained localization support
- remove Kbuild cache
- drop CONFIG_CROSS_COMPILE support
- replace 'option env=' with direct variable expansion
- add built-in functions such as 'shell'
- support variables and user-defined functions
- add helper macros as as 'cc-option'
- add unit tests and a document of the new macro language
- add 'testconfig' to help
- fix warnings from GCC 8.1"
* tag 'kconfig-v4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (30 commits)
kconfig: Avoid format overflow warning from GCC 8.1
kbuild: Move last word of nconfig help to the previous line
kconfig: Add testconfig into make help output
kconfig: add basic helper macros to scripts/Kconfig.include
kconfig: show compiler version text in the top comment
kconfig: test: add Kconfig macro language tests
Documentation: kconfig: document a new Kconfig macro language
kconfig: error out if a recursive variable references itself
kconfig: add 'filename' and 'lineno' built-in variables
kconfig: add 'info', 'warning-if', and 'error-if' built-in functions
kconfig: expand lefthand side of assignment statement
kconfig: support append assignment operator
kconfig: support simply expanded variable
kconfig: support user-defined function and recursively expanded variable
kconfig: begin PARAM state only when seeing a command keyword
kconfig: replace $(UNAME_RELEASE) with function call
kconfig: add 'shell' built-in function
kconfig: add built-in function support
kconfig: make default prompt of mainmenu less specific
kconfig: remove sym_expand_string_value()
... -
Replaces open-coded struct size calculations with struct_size() for
devm_*, f2fs_*, and sock_* allocations. Automatically generated (and
manually adjusted) from the following Coccinelle script:// Direct reference to struct field.
@@
identifier alloc =~ "devm_kmalloc|devm_kzalloc|sock_kmalloc|f2fs_kmalloc|f2fs_kzalloc";
expression HANDLE;
expression GFP;
identifier VAR, ELEMENT;
expression COUNT;
@@- alloc(HANDLE, sizeof(*VAR) + COUNT * sizeof(*VAR->ELEMENT), GFP)
+ alloc(HANDLE, struct_size(VAR, ELEMENT, COUNT), GFP)// mr = kzalloc(sizeof(*mr) + m * sizeof(mr->map[0]), GFP_KERNEL);
@@
identifier alloc =~ "devm_kmalloc|devm_kzalloc|sock_kmalloc|f2fs_kmalloc|f2fs_kzalloc";
expression HANDLE;
expression GFP;
identifier VAR, ELEMENT;
expression COUNT;
@@- alloc(HANDLE, sizeof(*VAR) + COUNT * sizeof(VAR->ELEMENT[0]), GFP)
+ alloc(HANDLE, struct_size(VAR, ELEMENT, COUNT), GFP)// Same pattern, but can't trivially locate the trailing element name,
// or variable name.
@@
identifier alloc =~ "devm_kmalloc|devm_kzalloc|sock_kmalloc|f2fs_kmalloc|f2fs_kzalloc";
expression HANDLE;
expression GFP;
expression SOMETHING, COUNT, ELEMENT;
@@- alloc(HANDLE, sizeof(SOMETHING) + COUNT * sizeof(ELEMENT), GFP)
+ alloc(HANDLE, CHECKME_struct_size(&SOMETHING, ELEMENT, COUNT), GFP)Signed-off-by: Kees Cook
-
This only finds one hit in the entire tree, but here's the Coccinelle:
// Directly refer to structure's field
@@
identifier alloc =~ "vmalloc|vzalloc";
identifier VAR, ELEMENT;
expression COUNT;
@@- alloc(sizeof(*VAR) + COUNT * sizeof(*VAR->ELEMENT))
+ alloc(struct_size(VAR, ELEMENT, COUNT))// mr = kzalloc(sizeof(*mr) + m * sizeof(mr->map[0]), GFP_KERNEL);
@@
identifier alloc =~ "vmalloc|vzalloc";
identifier VAR, ELEMENT;
expression COUNT;
@@- alloc(sizeof(*VAR) + COUNT * sizeof(VAR->ELEMENT[0]))
+ alloc(struct_size(VAR, ELEMENT, COUNT))// Same pattern, but can't trivially locate the trailing element name,
// or variable name.
@@
identifier alloc =~ "vmalloc|vzalloc";
expression SOMETHING, COUNT, ELEMENT;
@@- alloc(sizeof(SOMETHING) + COUNT * sizeof(ELEMENT))
+ alloc(CHECKME_struct_size(&SOMETHING, ELEMENT, COUNT))Signed-off-by: Kees Cook
-
One of the more common cases of allocation size calculations is finding
the size of a structure that has a zero-sized array at the end, along
with memory for some number of elements for that array. For example:struct foo {
int stuff;
void *entry[];
};instance = kmalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);
Instead of leaving these open-coded and prone to type mistakes, we can
now use the new struct_size() helper:instance = kmalloc(struct_size(instance, entry, count), GFP_KERNEL);
This patch makes the changes for kmalloc()-family (and kvmalloc()-family)
uses. It was done via automatic conversion with manual review for the
"CHECKME" non-standard cases noted below, using the following Coccinelle
script:// pkey_cache = kmalloc(sizeof *pkey_cache + tprops->pkey_tbl_len *
// sizeof *pkey_cache->table, GFP_KERNEL);
@@
identifier alloc =~ "kmalloc|kzalloc|kvmalloc|kvzalloc";
expression GFP;
identifier VAR, ELEMENT;
expression COUNT;
@@- alloc(sizeof(*VAR) + COUNT * sizeof(*VAR->ELEMENT), GFP)
+ alloc(struct_size(VAR, ELEMENT, COUNT), GFP)// mr = kzalloc(sizeof(*mr) + m * sizeof(mr->map[0]), GFP_KERNEL);
@@
identifier alloc =~ "kmalloc|kzalloc|kvmalloc|kvzalloc";
expression GFP;
identifier VAR, ELEMENT;
expression COUNT;
@@- alloc(sizeof(*VAR) + COUNT * sizeof(VAR->ELEMENT[0]), GFP)
+ alloc(struct_size(VAR, ELEMENT, COUNT), GFP)// Same pattern, but can't trivially locate the trailing element name,
// or variable name.
@@
identifier alloc =~ "kmalloc|kzalloc|kvmalloc|kvzalloc";
expression GFP;
expression SOMETHING, COUNT, ELEMENT;
@@- alloc(sizeof(SOMETHING) + COUNT * sizeof(ELEMENT), GFP)
+ alloc(CHECKME_struct_size(&SOMETHING, ELEMENT, COUNT), GFP)Signed-off-by: Kees Cook
-
strp_unpause queues strp_work in order to parse any messages that
arrived while the strparser was paused. However, the process invoking
strp_unpause could eagerly parse a buffered message itself if it held
the sock lock.__strp_unpause is an alternative to strp_pause that avoids the scheduling
overhead that results when a receiving thread unpauses the strparser
and waits for the next message to be delivered by the workqueue thread.This patch more than doubled the IOPS achieved in a benchmark of NBD
traffic encrypted using ktls.Signed-off-by: Doron Roberts-Kedes
Signed-off-by: David S. Miller -
When retransmitting the final ACK or ABORT packet for a call, the cid field
in the packet header is set to the connection's cid, but this is incorrect
as it also needs to include the channel number on that connection that the
call was made on.Fix this by OR'ing in the channel number.
Note that this fixes the bug that:
commit 1a025028d400b23477341aa7ec2ce55f8b39b554
rxrpc: Fix handling of call quietly cancelled out on serverworks around. I'm not intending to revert that as it will help protect
against problems that might occur on the server.Fixes: 3136ef49a14c ("rxrpc: Delay terminal ACK transmission on a client call")
Signed-off-by: David Howells
Signed-off-by: David S. Miller -
Salil Mehta says:
====================
Bug fixes & optimization for HNS3 DriverThis patch-set presents miscellaneous bug fixes and an optimization
for HNS3 driverV1->V2:
* Fixes the compilation break reported by David Miller & Kbuild
====================Signed-off-by: David S. Miller
-
When the PF frequently switches the CMDQ interrupt, if the CMDQ_SRC is
not cleared before the hardware interrupt is generated, the new interrupt
will not be reported.This patch optimizes this problem by clearing CMDQ_SRC and RESET_STS
before enabling interrupt and syncing pending IRQ handlers after disabling
interrupt.Fixes: 466b0c00391b ("net: hns3: Add support for misc interrupt")
Signed-off-by: Xi Wang
Signed-off-by: Peng Li
Signed-off-by: Salil Mehta
Signed-off-by: David S. Miller
