- Apr 02, 2019
-
-
Krishna Manikandan authored
The dma buffer associated with the gem object is already unmapped during put_iova. Avoid unmapping it again in put_pages. Bug: 128365207 Change-Id: Iac57e164dde6f3e5913070acbe74b42691049913 Signed-off-by:
Krishna Manikandan <mkrishn@codeaurora.org>
-
- Apr 01, 2019
-
-
Petri Gynther authored
Bug: 115649324 Test: Manual testing Change-Id: I21779913e404ab776de622e109436f4f89122127 Signed-off-by:
Petri Gynther <pgynther@google.com>
-
- Mar 29, 2019
-
-
Petri Gynther authored
commit 86a136d9 ("Revert "ANDROID: input: keychord: Add keychord driver"") is the base for android-4.9-q branch. * Revert "ANDROID: input: keychord: Add keychord driver" drivers/input/misc/Kconfig drivers/input/misc/Makefile Revert "ANDROID: input: misc: keychord: move header to uapi" Revert "ANDROID: input: misc: keychord: log when keychord triggered" Revert "ANDROID: keychord: Fix a slab out-of-bounds read." Revert "Use %zu to print resid (size_t)." Revert "ANDROID: keychord: Fix races in keychord_write." Revert "ANDROID: keychord: Fix for a memory leak in keychord." Revert "ANDROID: keychord: Check for write data size" ANDROID: drop CONFIG_INPUT_KEYCHORD from cuttlefish and ranchu * BACKPORT: mm/debug.c: provide useful debugging information for VM_BUG mm/debug.c * UPSTREAM: bug: use %pB in BUG and stack protector failure kernel/panic.c lib/bug.c UPSTREAM: x86/alternative: Print unadorned pointers UPSTREAM: trace_uprobe: Display correct offset in uprobe_events * UPSTREAM: usercopy: Remove pointer from overflow report mm/usercopy.c UPSTREAM: Do not hash userspace addresses in fault handlers UPSTREAM: mm/slab.c: do not hash pointers when debugging slab UPSTREAM: kasan: use %px to print addresses instead of %p * BACKPORT: vsprintf: add printk specifier %px lib/vsprintf.c * BACKPORT: printk: hash addresses printed with %p lib/vsprintf.c * ANDROID: Fix race in crng_reseed() drivers/char/random.c * UPSTREAM: siphash: implement HalfSipHash1-3 for hash tables include/linux/siphash.h lib/siphash.c * UPSTREAM: siphash: add cryptographically secure PRF include/linux/siphash.h lib/Kconfig.debug lib/Makefile lib/siphash.c * BACKPORT: vsprintf: refactor %pK code out of pointer() lib/vsprintf.c BACKPORT: docs: correct documentation for %pK Merge upstream-f2fs-stable-linux-4.9.y into android-4.9 * BACKPORT: filemap: add a comment about FAULT_FLAG_RETRY_NOWAIT behavior mm/filemap.c * BACKPORT: filemap: drop the mmap_sem for all blocking operations mm/filemap.c * BACKPORT: filemap: kill page_cache_read usage in filemap_fault include/linux/pagemap.h mm/filemap.c * ANDROID: binder: remove extra declaration left after backport drivers/android/binder.c * UPSTREAM: net: socket: set sock->sk to NULL after calling proto_ops::release() net/socket.c * FROMGIT: binder: fix BUG_ON found by selinux-testsuite drivers/android/binder.c ANDROID: dm-bow: Fix 32 bit compile errors * ANDROID: fix 4.9 backport of psi header refactoring kernel/sched/core.c * UPSTREAM: mm: proc: smaps_rollup: fix pss_locked calculation fs/proc/task_mmu.c * UPSTREAM: binder: fix handling of misaligned binder object drivers/android/binder.c UPSTREAM: binder: fix sparse issue in binder_alloc_selftest.c * BACKPORT: binder: use userspace pointer as base of buffer space drivers/android/binder.c drivers/android/binder_alloc.c drivers/android/binder_alloc.h drivers/android/binder_trace.h * UPSTREAM: binder: fix kerneldoc header for struct binder_buffer drivers/android/binder_alloc.h * BACKPORT: binder: remove user_buffer_offset drivers/android/binder.c drivers/android/binder_alloc.c drivers/android/binder_alloc.h * UPSTREAM: binder: remove kernel vm_area for buffer space drivers/android/binder_alloc.c * UPSTREAM: binder: avoid kernel vm_area for buffer fixups drivers/android/binder.c * BACKPORT: binder: add function to copy binder object from buffer drivers/android/binder.c * BACKPORT: binder: add functions to copy to/from binder buffers drivers/android/binder.c drivers/android/binder_alloc.c drivers/android/binder_alloc.h * UPSTREAM: binder: create userspace-to-binder-buffer copy function drivers/android/binder.c drivers/android/binder_alloc.c drivers/android/binder_alloc.h ANDROID: Add dm-bow to cuttlefish configuration ANDROID: dm-bow: Backport to 4.9 ANDROID: dm-bow: backport to 4.14 * ANDROID: dm-bow: Add dm-bow feature drivers/md/Kconfig drivers/md/Makefile * f2fs: set pin_file under CAP_SYS_ADMIN fs/f2fs/file.c * f2fs: fix to avoid deadlock in f2fs_read_inline_dir() fs/f2fs/inline.c * f2fs: fix to adapt small inline xattr space in __find_inline_xattr() fs/f2fs/xattr.c * f2fs: fix to do sanity check with inode.i_inline_xattr_size fs/f2fs/inode.c fs/f2fs/super.c fs/f2fs/xattr.h * f2fs: give some messages for inline_xattr_size fs/f2fs/super.c * f2fs: don't trigger read IO for beyond EOF page fs/f2fs/data.c * f2fs: fix to add refcount once page is tagged PG_private fs/f2fs/checkpoint.c fs/f2fs/data.c fs/f2fs/dir.c fs/f2fs/f2fs.h fs/f2fs/node.c fs/f2fs/segment.c * f2fs: remove wrong comment in f2fs_invalidate_page() fs/f2fs/data.c * f2fs: fix to use kvfree instead of kzfree fs/f2fs/xattr.c * f2fs: print more parameters in trace_f2fs_map_blocks include/trace/events/f2fs.h * f2fs: trace f2fs_ioc_shutdown fs/f2fs/file.c include/trace/events/f2fs.h * f2fs: fix to avoid deadlock of atomic file operations fs/f2fs/segment.c * f2fs: fix to dirty inode for i_mode recovery fs/f2fs/file.c * f2fs: give random value to i_generation fs/f2fs/f2fs.h fs/f2fs/namei.c fs/f2fs/super.c * f2fs: no need to take page lock in readdir fs/f2fs/dir.c * f2fs: fix to update iostat correctly in IPU path fs/f2fs/segment.c * f2fs: fix encrypted page memory leak fs/f2fs/data.c * f2fs: make fault injection covering __submit_flush_wait() fs/f2fs/segment.c * f2fs: fix to retry fill_super only if recovery failed fs/f2fs/super.c * f2fs: silence VM_WARN_ON_ONCE in mempool_alloc fs/f2fs/data.c * f2fs: correct spelling mistake include/linux/f2fs_fs.h * f2fs: fix wrong #endif fs/f2fs/f2fs.h * f2fs: don't clear CP_QUOTA_NEED_FSCK_FLAG fs/f2fs/checkpoint.c * f2fs: don't allow negative ->write_io_size_bits fs/f2fs/super.c * f2fs: fix to check inline_xattr_size boundary correctly fs/f2fs/f2fs.h fs/f2fs/super.c include/linux/f2fs_fs.h * Revert "f2fs: fix to avoid deadlock of atomic file operations" fs/f2fs/segment.c * Revert "f2fs: fix to check inline_xattr_size boundary correctly" fs/f2fs/f2fs.h fs/f2fs/super.c include/linux/f2fs_fs.h f2fs: do not use mutex lock in atomic context * f2fs: fix potential data inconsistence of checkpoint fs/f2fs/data.c fs/f2fs/f2fs.h fs/f2fs/file.c fs/f2fs/inline.c * f2fs: fix to avoid deadlock of atomic file operations fs/f2fs/segment.c * f2fs: fix to check inline_xattr_size boundary correctly fs/f2fs/f2fs.h fs/f2fs/super.c include/linux/f2fs_fs.h * f2fs: jump to label 'free_node_inode' when failing from d_make_root() fs/f2fs/super.c f2fs: fix to document inline_xattr_size option * f2fs: fix to data block override node segment by mistake fs/f2fs/super.c * f2fs: fix typos in code comments include/linux/f2fs_fs.h * f2fs: use xattr_prefix to wrap up fs/f2fs/xattr.c * f2fs: sync filesystem after roll-forward recovery fs/f2fs/checkpoint.c fs/f2fs/node.c fs/f2fs/super.c * fs: export evict_inodes fs/inode.c fs/internal.h include/linux/fs.h * f2fs: flush quota blocks after turnning it off fs/f2fs/super.c * f2fs: avoid null pointer exception in dcc_info fs/f2fs/f2fs.h * f2fs: don't wake up too frequently, if there is lots of IOs fs/f2fs/segment.h * f2fs: try to keep CP_TRIMMED_FLAG after successful umount fs/f2fs/segment.c * f2fs: add quick mode of checkpoint=disable for QA fs/f2fs/checkpoint.c fs/f2fs/f2fs.h fs/f2fs/file.c fs/f2fs/segment.c fs/f2fs/super.c include/linux/f2fs_fs.h * f2fs: run discard jobs when put_super fs/f2fs/f2fs.h fs/f2fs/segment.c fs/f2fs/super.c fs/f2fs/sysfs.c * f2fs: fix to set sbi dirty correctly fs/f2fs/f2fs.h * f2fs: UBSAN: set boolean value iostat_enable correctly fs/f2fs/sysfs.c * f2fs: add brackets for macros fs/f2fs/f2fs.h * f2fs: check if file namelen exceeds max value fs/f2fs/dir.c * f2fs: fix to trigger fsck if dirent.name_len is zero fs/f2fs/dir.c * f2fs: no need to check return value of debugfs_create functions fs/f2fs/debug.c fs/f2fs/f2fs.h fs/f2fs/super.c * f2fs: export FS_NOCOW_FL flag to user fs/f2fs/f2fs.h fs/f2fs/file.c * f2fs: check inject_rate validity during configuring fs/f2fs/sysfs.c * f2fs: remove set but not used variable 'err' fs/f2fs/data.c * f2fs: fix compile warnings: 'struct *' declared inside parameter list include/trace/events/f2fs.h * f2fs: change error code to -ENOMEM from -EINVAL fs/f2fs/super.c Change-Id: I199547b8a925245ea0fd613296fc5cedb762c5f6 Signed-off-by:
Petri Gynther <pgynther@google.com>
-
Mark Salyzyn authored
Remove keychord driver, replaced in user space by https://android-review.googlesource.com/c/677629 . Signed-off-by:
Mark Salyzyn <salyzyn@google.com> Bug: 64114943 Bug: 129556081 Change-Id: Ie8a2b9977a21022c204a19f1a8d781ea5a23c656
-
Mark Salyzyn authored
This reverts commit 630a1e7f. Remove keychord driver, replaced in user space by https://android-review.googlesource.com/c/677629 . Signed-off-by:
Mark Salyzyn <salyzyn@google.com> Cc: Mike Lockwood <lockwood@android.com> Cc: Amit Pundir <amit.pundir@linaro.org> Bug: 64114943 Bug: 129556081 Change-Id: I6afdb551f273b6d0e25bf4b23cd8b88e39fbe47f
-
Mark Salyzyn authored
This reverts commit f4d1cf12. Remove keychord driver, replaced in user space by https://android-review.googlesource.com/c/677629 . Signed-off-by:
Mark Salyzyn <salyzyn@google.com> Cc: Colin Cross <ccross@android.com> Bug: 64114943 Bug: 129556081 Change-Id: I788f3cc4bec226fcccdd84127599e291f570087d
-
Mark Salyzyn authored
This reverts commit c4be12ac. Remove keychord driver, replaced in user space by https://android-review.googlesource.com/c/677629 . Signed-off-by:
Mark Salyzyn <salyzyn@google.com> Cc: JP Abgrall <jpa@google.com> Cc: Amit Pundir <amit.pundir@linaro.org> Bug: 64114943 Bug: 129556081 Change-Id: I6db729ae86ea9d01e2f2266c5572a4fcafcbb325
-
Mark Salyzyn authored
This reverts commit 913d980e. Remove keychord driver, replaced in user space by https://android-review.googlesource.com/c/677629 . Signed-off-by:
Mark Salyzyn <salyzyn@google.com> Cc: Amit Pundir <amit.pundir@linaro.org> Bug: 64114943 Bug: 63962952 Bug: 129556081 Change-Id: I0a652b72b0ee62974c408ffb0987cc2ef9e346c1
-
Mark Salyzyn authored
This reverts commit a1e4c795. Remove keychord driver, replaced in user space by https://android-review.googlesource.com/c/677629 . Signed-off-by:
Mark Salyzyn <salyzyn@google.com> Bug: 64114943 Change-Id: I1e2430474a857a53091a5a4c39e160f0ba7ecf25
-
Mark Salyzyn authored
This reverts commit 59584701. Remove keychord driver, replaced in user space by https://android-review.googlesource.com/c/677629 . Signed-off-by:
Mark Salyzyn <salyzyn@google.com> Bug: 64114943 Bug: 64133562 Bug: 63974334 Bug: 129556081 Change-Id: Ie94621b0adf8b1f8c0d249f74385cc2914b1aec0
-
Mark Salyzyn authored
This reverts commit 72a8dae2. Remove keychord driver, replaced in user space by https://android-review.googlesource.com/c/677629 . Signed-off-by:
Mark Salyzyn <salyzyn@google.com> Bug: 64114943 Bug: 64483974 Bug: 129556081 Change-Id: I4191a02aa70f3c4eb517b9a0ec092380b90130b4
-
Mark Salyzyn authored
This reverts commit f6738522. Remove keychord driver, replaced in user space by https://android-review.googlesource.com/c/677629 . Signed-off-by:
Mark Salyzyn <salyzyn@google.com> Bug: 64114943 Bug: 73962978 Bug: 129556081 Change-Id: Icaba57e6759f246fb75e28e5f6a84411eddaf953
-
Mark Salyzyn authored
Remove keychord driver, replaced in user space by https://android-review.googlesource.com/c/677629 . Signed-off-by:
Mark Salyzyn <salyzyn@google.com> Bug: 64114943 Bug: 129556081 Change-Id: Ie8a2b9977a21022c204a19f1a8d781ea5a23c656
-
This CL fixes race conditions inside easelcomm_stop_local and also fixes a race condition in easelcomm command handler. Bug: 112309571 Bug: 112312381 Change-Id: I7a7e8188869e66b48af10ef03438e2f8068dcf41 Signed-off-by:
Alexander Perez <alexperez@google.com>
-
Hridya Valsaraju authored
pick_prebuilt script does not look for it any longer. Test: make Bug: 129350739 Change-Id: Id0413901932ace63712d1414937c937e47bccc83 Signed-off-by:
Hridya Valsaraju <hridya@google.com>
-
Petri Gynther authored
Switch to 1 MiB static log buffer in __log_buf[]: define __LOG_BUF_LEN (1 << CONFIG_LOG_BUF_SHIFT) static char __log_buf[__LOG_BUF_LEN] __aligned(LOG_ALIGN); instead of having the log buffer reallocated at boot by: setup_log_buf() log_buf_add_cpu() log_buf_len_update() new_log_buf = memblock_virt_alloc_nopanic() There is no need to do this reallocation for the log buffer. Change-Id: Ibe9cdef76ac654d9b176086a33baac7128746121 Signed-off-by:
Petri Gynther <pgynther@google.com>
-
Eric Biggers authored
Commit 9060cb71 ("net: crypto set sk to NULL when af_alg_release.") fixed a use-after-free in sockfs_setattr() when an AF_ALG socket is closed concurrently with fchownat(). However, it ignored that many other proto_ops::release() methods don't set sock->sk to NULL and therefore allow the same use-after-free: - base_sock_release - bnep_sock_release - cmtp_sock_release - data_sock_release - dn_release - hci_sock_release - hidp_sock_release - iucv_sock_release - l2cap_sock_release - llcp_sock_release - llc_ui_release - rawsock_release - rfcomm_sock_release - sco_sock_release - svc_release - vcc_release - x25_release Rather than fixing all these and relying on every socket type to get this right forever, just make __sock_release() set sock->sk to NULL itself after calling proto_ops::release(). Reproducer that produces the KASAN splat when any of these socket types are configured into the kernel: #include <pthread.h> #include <stdlib.h> #include <sys/socket.h> #include <unistd.h> pthread_t t; volatile int fd; void *close_thread(void *arg) { for (;;) { usleep(rand() % 100); close(fd); } } int main() { pthread_create(&t, NULL, close_thread, NULL); for (;;) { fd = socket(rand() % 50, rand() % 11, 0); fchownat(fd, "", 1000, 1000, 0x1000); close(fd); } } Fixes: 86741ec2 ("net: core: Add a UID field to struct sock.") Signed-off-by:
Eric Biggers <ebiggers@google.com> Acked-by:
Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by:
David S. Miller <davem@davemloft.net> (cherry picked from commit ff7b11aa) Bug: 125367761 Test: used reproducer above Change-Id: Ied4bbca5c7eb80c201fec6e0aabc95c24acc1b59 Signed-off-by:
Eric Biggers <ebiggers@google.com>
-
Andrey Konovalov authored
(from https://lore.kernel.org/patchwork/patch/994348 ) This patch adds a simple test, that calls the uname syscall with a tagged user pointer as an argument. Without the kernel accepting tagged user pointers the test fails with EFAULT. Bug: 112461694 Change-Id: Id23d66680a6bb55a098ef69bfa8af90c096fe53b Signed-off-by:
Andrey Konovalov <andreyknvl@google.com>
-
Andrey Konovalov authored
(from https://lore.kernel.org/patchwork/patch/994350 ) Document the changes in Documentation/arm64/tagged-pointers.txt. Bug: 112461694 Change-Id: If1b651e611a10ae57917385c3ad0cdff50a60e46 Signed-off-by:
Andrey Konovalov <andreyknvl@google.com>
-
Andrey Konovalov authored
(from https://lore.kernel.org/patchwork/patch/994349 ) In copy_mount_options a user address is being subtracted from TASK_SIZE. If the address is lower than TASK_SIZE, the size is calculated to not allow the exact_copy_from_user() call to cross TASK_SIZE boundary. However if the address is tagged, then the size will be calculated incorrectly. Untag the address before subtracting. Bug: 112461694 Change-Id: I7228ae4a599b2a25139af12f6c87cd2abbad51ce Signed-off-by:
Andrey Konovalov <andreyknvl@google.com>
-
Andrey Konovalov authored
(from https://lore.kernel.org/patchwork/patch/994351 ) strncpy_from_user and strnlen_user accept user addresses as arguments, and do not go through the same path as copy_from_user and others, so here we need to handle the case of tagged user addresses separately. Untag user pointers passed to these functions. Bug: 112461694 Change-Id: Ic967545f1046e52e4ee3a10a67a617fe599eb7a1 Signed-off-by:
Andrey Konovalov <andreyknvl@google.com>
-
Andrey Konovalov authored
(from https://lore.kernel.org/patchwork/patch/994347 ) mm/gup.c provides a kernel interface that accepts user addresses and manipulates user pages directly (for example get_user_pages, that is used by the futex syscall). Since a user can provided tagged addresses, we need to handle such case. Add untagging to gup.c functions that use user addresses for vma lookup. Bug: 112461694 Change-Id: I01656a5221d9291dff7f6002e4d4a7bc244299c2 Signed-off-by:
Andrey Konovalov <andreyknvl@google.com>
-
Andrey Konovalov authored
(from https://lore.kernel.org/patchwork/patch/994346/ ) copy_from_user (and a few other similar functions) are used to copy data from user memory into the kernel memory or vice versa. Since a user can provided a tagged pointer to one of the syscalls that use copy_from_user, we need to correctly handle such pointers. Do this by untagging user pointers in access_ok and in __uaccess_mask_ptr, before performing access validity checks. Bug: 112461694 Change-Id: Idc71064575a0a758c5588aef4a5d17cdab101d70 Signed-off-by:
Andrey Konovalov <andreyknvl@google.com>
-
Andrey Konovalov authored
(from https://lore.kernel.org/patchwork/patch/994345/ ) To allow arm64 syscalls accept tagged pointers from userspace, we must untag them when they are passed to the kernel. Since untagging is done in generic parts of the kernel, the untagged_addr macro needs to be defined for all architectures. Define it as a noop for other architectures besides arm64. Bug: 112461694 Change-Id: I7b9bd43d4f27492f49b4374d3aec96577f44b7fb Signed-off-by:
Andrey Konovalov <andreyknvl@google.com>
-
Andrey Konovalov authored
(from https://lore.kernel.org/patchwork/patch/994344 ) This patch makes the untagged_addr macro accept all kinds of address types (void *, unsigned long, etc.) and allows not to specify type casts in each place where it is used. This is done by using __typeof__. Bug: 112461694 Change-Id: Ic3fcffa4ff31be0ec3765983fcd777d7d7a4069d Signed-off-by:
Andrey Konovalov <andreyknvl@google.com>
-
Robin Murphy authored
In converting __range_ok() into a static inline, I inadvertently made it more type-safe, but without considering the ordering of the relevant conversions. This leads to quite a lot of Sparse noise about the fact that we use __chk_user_ptr() after addr has already been converted from a user pointer to an unsigned long. Rather than just adding another cast for the sake of shutting Sparse up, it seems reasonable to rework the types to make logical sense (although the resulting codegen for __range_ok() remains identical). The only callers this affects directly are our compat traps where the inferred "user-pointer-ness" of a register value now warrants explicit casting. Bug: 112461694 Change-Id: I4b28f0542ff3a242387c5be9c144c1f204edd240 Signed-off-by:
Robin Murphy <robin.murphy@arm.com> Signed-off-by:
Catalin Marinas <catalin.marinas@arm.com> (cherry picked from commit 9085b34d)
-
Robin Murphy authored
Currently, USER_DS represents an exclusive limit while KERNEL_DS is inclusive. In order to do some clever trickery for speculation-safe masking, we need them both to behave equivalently - there aren't enough bits to make KERNEL_DS exclusive, so we have precisely one option. This also happens to correct a longstanding false negative for a range ending on the very top byte of kernel memory. Mark Rutland points out that we've actually got the semantics of addresses vs. segments muddled up in most of the places we need to amend, so shuffle the {USER,KERNEL}_DS definitions around such that we can correct those properly instead of just pasting "-1"s everywhere. Bug: 112461694 Change-Id: Ic1dc1b845d6574a89d1b0dbcf7c7cff61baf6e9c Signed-off-by:
Robin Murphy <robin.murphy@arm.com> Signed-off-by:
Will Deacon <will.deacon@arm.com> Signed-off-by:
Catalin Marinas <catalin.marinas@arm.com> (cherry picked from commit 51369e39)
-
Arnd Bergmann authored
MIPS just got changed to only accept a pointer argument for access_ok(), causing one warning in drivers/scsi/pmcraid.c. I tried changing x86 the same way and found the same warning in __get_user_pages_fast() and nowhere else in the kernel during randconfig testing: mm/gup.c: In function '__get_user_pages_fast': mm/gup.c:1578:6: error: passing argument 1 of '__chk_range_not_ok' makes pointer from integer without a cast [-Werror=int-conversion] It would probably be a good idea to enforce type-safety in general, so let's change this file to not cause a warning if we do that. I don't know why the warning did not appear on MIPS. Bug: 112461694 Change-Id: I20303cecbb088463c3d7db751ea349039e776b21 Fixes: 2667f50e ("mm: introduce a general RCU get_user_pages_fast()") Link: http://lkml.kernel.org/r/20170421162659.3314521-1-arnd@arndb.de Signed-off-by:
Arnd Bergmann <arnd@arndb.de> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Acked-by:
Ingo Molnar <mingo@kernel.org> Cc: Michal Hocko <mhocko@suse.com> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> Cc: Lorenzo Stoakes <lstoakes@gmail.com> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit aa2369f1)
-
Stephen Boyd authored
If a page is marked read only we should print out that fact, instead of printing out that there was a page fault. Right now we get a cryptic error message that something went wrong with an unhandled fault, but we don't evaluate the esr to figure out that it was a read/write permission fault. Instead of seeing: Unable to handle kernel paging request at virtual address ffff000008e460d8 pgd = ffff800003504000 [ffff000008e460d8] *pgd=0000000083473003, *pud=0000000083503003, *pmd=0000000000000000 Internal error: Oops: 9600004f [#1] PREEMPT SMP we'll see: Unable to handle kernel write to read-only memory at virtual address ffff000008e760d8 pgd = ffff80003d3de000 [ffff000008e760d8] *pgd=0000000083472003, *pud=0000000083435003, *pmd=0000000000000000 Internal error: Oops: 9600004f [#1] PREEMPT SMP We also add a userspace address check into is_permission_fault() so that the function doesn't return true for ttbr0 PAN faults when it shouldn't. Bug: 112461694 Change-Id: I5f4ff11815edc1ea869724e8f246f78c00ff69e1 Reviewed-by:
James Morse <james.morse@arm.com> Tested-by:
James Morse <james.morse@arm.com> Acked-by:
Laura Abbott <labbott@redhat.com> Cc: Mark Rutland <mark.rutland@arm.com> Signed-off-by:
Stephen Boyd <stephen.boyd@linaro.org> Signed-off-by:
Catalin Marinas <catalin.marinas@arm.com> (cherry picked from commit b824b930)
-
Matthew Wilcox authored
With the recent addition of hashed kernel pointers, places which need to produce useful debug output have to specify %px, not %p. This patch fixes all the VM debug to use %px. This is appropriate because it's debug output that the user should never be able to trigger, and kernel developers need to see the actual pointers. Link: http://lkml.kernel.org/r/20171219133236.GE13680@bombadil.infradead.org Signed-off-by:
Matthew Wilcox <mawilcox@microsoft.com> Acked-by:
Michal Hocko <mhocko@suse.com> Cc: "Tobin C. Harding" <me@tobin.cc> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit 152a2d19) Signed-off-by:
Sandeep Patil <sspatil@android.com> Bug: 124090075 Test: Build and boot cuttlefish Change-Id: I547bb27cd5bab8886ef192c6c0f9aac816149adb
-
Kees Cook authored
The BUG and stack protector reports were still using a raw %p. This changes it to %pB for more meaningful output. Link: http://lkml.kernel.org/r/20180301225704.GA34198@beast Fixes: ad67b74d ("printk: hash addresses printed with %p") Signed-off-by:
Kees Cook <keescook@chromium.org> Reviewed-by:
Andrew Morton <akpm@linux-foundation.org> Cc: Ingo Molnar <mingo@kernel.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Richard Weinberger <richard.weinberger@gmail.com>, Cc: <stable@vger.kernel.org> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit 0862ca42) Signed-off-by:
Sandeep Patil <sspatil@android.com> Bug: 78533979 Test: Build and boot cuttlefish Change-Id: Id4ff4ef7d236f1d7ce6d61ef071bd0d4414c8dd2
-
Borislav Petkov authored
After commit ad67b74d ("printk: hash addresses printed with %p") pointers are being hashed when printed. However, this makes the alternative debug output completely useless. Switch to %px in order to see the unadorned kernel pointers. Signed-off-by:
Borislav Petkov <bp@suse.de> Signed-off-by:
Thomas Gleixner <tglx@linutronix.de> Cc: riel@redhat.com Cc: ak@linux.intel.com Cc: peterz@infradead.org Cc: David Woodhouse <dwmw2@infradead.org> Cc: jikos@kernel.org Cc: luto@amacapital.net Cc: dave.hansen@intel.com Cc: torvalds@linux-foundation.org Cc: keescook@google.com Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: tim.c.chen@linux.intel.com Cc: gregkh@linux-foundation.org Cc: pjt@google.com Link: https://lkml.kernel.org/r/20180126121139.31959-2-bp@alien8.de (cherry picked from commit 0e6c16c6) Signed-off-by:
Sandeep Patil <sspatil@android.com> Bug: 78533979 Test: Build and boot cuttlefish Change-Id: I41bfb7c947105ec4cd83fddba8c5cb59c36ec8fd
-
Ravi Bangoria authored
Recently, how the pointers being printed with %p has been changed by commit ad67b74d ("printk: hash addresses printed with %p"). This is causing a regression while showing offset in the uprobe_events file. Instead of %p, use %px to display offset. Before patch: # perf probe -vv -x /tmp/a.out main Opening /sys/kernel/debug/tracing//uprobe_events write=1 Writing event: p:probe_a/main /tmp/a.out:0x58c # cat /sys/kernel/debug/tracing/uprobe_events p:probe_a/main /tmp/a.out:0x0000000049a0f352 After patch: # cat /sys/kernel/debug/tracing/uprobe_events p:probe_a/main /tmp/a.out:0x000000000000058c Link: http://lkml.kernel.org/r/20180106054246.15375-1-ravi.bangoria@linux.vnet.ibm.com Cc: stable@vger.kernel.org Fixes: ad67b74d ("printk: hash addresses printed with %p") Acked-by:
Srikar Dronamraju <srikar@linux.vnet.ibm.com> Signed-off-by:
Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com> Signed-off-by:
Steven Rostedt (VMware) <rostedt@goodmis.org> (cherry picked from commit 0e4d819d) Signed-off-by:
Sandeep Patil <sspatil@android.com> Bug: 78533979 Test: Build and boot cuttlefish Change-Id: I9818360c1eb6ae2a37144d29792cfdc3fd2e1807
-
Kees Cook authored
Using %p was already mostly useless in the usercopy overflow reports, so this removes it entirely to avoid confusion now that %p-hashing is enabled. Fixes: ad67b74d ("printk: hash addresses printed with %p") Signed-off-by:
Kees Cook <keescook@chromium.org> (cherry picked from commit 4f5e8386) Signed-off-by:
Sandeep Patil <sspatil@android.com> Bug: 4f5e8386 Test: Build and boot cuttlefish Change-Id: I361837fa62ab77b2299af78d8f806ed42b236203
-
Kees Cook authored
The hashing of %p was designed to restrict kernel addresses. There is no reason to hash the userspace values seen during a segfault report, so switch these to %px. (Some architectures already use %lx.) Fixes: ad67b74d ("printk: hash addresses printed with %p") Signed-off-by:
Kees Cook <keescook@chromium.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit 10a7e9d8) Signed-off-by:
Sandeep Patil <sspatil@android.com> Bug: 78533979 Test: Build and boot cuttlefish Change-Id: Ifd289b69e0ecf51cab5afe847943b72a0c7320ef
-
Geert Uytterhoeven authored
If CONFIG_DEBUG_SLAB/CONFIG_DEBUG_SLAB_LEAK are enabled, the slab code prints extra debug information when e.g. corruption is detected. This includes pointers, which are not very useful when hashed. Fix this by using %px to print unhashed pointers instead where it makes sense, and by removing the printing of a last user pointer referring to code. [geert+renesas@glider.be: v2] Link: http://lkml.kernel.org/r/1513179267-2509-1-git-send-email-geert+renesas@glider.be Link: http://lkml.kernel.org/r/1512641861-5113-1-git-send-email-geert+renesas@glider.be Fixes: ad67b74d ("printk: hash addresses printed with %p") Signed-off-by:
Geert Uytterhoeven <geert+renesas@glider.be> Acked-by:
Christoph Lameter <cl@linux.com> Acked-by:
Linus Torvalds <torvalds@linux-foundation.org> Cc: Pekka Enberg <penberg@kernel.org> Cc: David Rientjes <rientjes@google.com> Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com> Cc: "Tobin C . Harding" <me@tobin.cc> Cc: Kees Cook <keescook@chromium.org> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit 85c3e4a5) Signed-off-by:
Sandeep Patil <sspatil@android.com> Bug: 78533979 Test: Build & boot cuttlefish Change-Id: If32a97745e45b87dab98f523708c2a9c8c7acf0a
-
Tobin C. Harding authored
Pointers printed with %p are now hashed by default. Kasan needs the actual address. We can use the new printk specifier %px for this purpose. Use %px instead of %p to print addresses. Signed-off-by:
Tobin C. Harding <me@tobin.cc> (cherry picked from commit 6424f6bb) Signed-off-by:
Sandeep Patil <sspatil@android.com> Bug: 78533979 Test: Build & boot cuttlefish Change-Id: I6f242e5a3fcddbf8e6af4f601d7bb05f29340949
-
Tobin C. Harding authored
printk specifier %p now hashes all addresses before printing. Sometimes we need to see the actual unmodified address. This can be achieved using %lx but then we face the risk that if in future we want to change the way the Kernel handles printing of pointers we will have to grep through the already existent 50 000 %lx call sites. Let's add specifier %px as a clear, opt-in, way to print a pointer and maintain some level of isolation from all the other hex integer output within the Kernel. Add printk specifier %px to print the actual unmodified address. Signed-off-by:
Tobin C. Harding <me@tobin.cc> (cherry picked from commit 7b1924a1) Signed-off-by:
Sandeep Patil <sspatil@android.com> Bug: 78533979 Test: Build and boot cuttlefish Change-Id: I735db3b72abb318f535d55122f1745d0ead0dbe7
-
Tobin C. Harding authored
Currently there exist approximately 14 000 places in the kernel where addresses are being printed using an unadorned %p. This potentially leaks sensitive information regarding the Kernel layout in memory. Many of these calls are stale, instead of fixing every call lets hash the address by default before printing. This will of course break some users, forcing code printing needed addresses to be updated. Code that _really_ needs the address will soon be able to use the new printk specifier %px to print the address. For what it's worth, usage of unadorned %p can be broken down as follows (thanks to Joe Perches). $ git grep -E '%p[^A-Za-z0-9]' | cut -f1 -d"/" | sort | uniq -c 1084 arch 20 block 10 crypto 32 Documentation 8121 drivers 1221 fs 143 include 101 kernel 69 lib 100 mm 1510 net 40 samples 7 scripts 11 security 166 sound 152 tools 2 virt Add function ptr_to_id() to map an address to a 32 bit unique identifier. Hash any unadorned usage of specifier %p and any malformed specifiers. Signed-off-by:
Tobin C. Harding <me@tobin.cc> (cherry picked from commit ad67b74d) Signed-off-by:
Sandeep Patil <sspatil@android.com> Bug: 78533979 Test: Build and boot cuttlefish Test: Runtime tests by enabling CONFIG_TEST_PRINTF Change-Id: I4a12d890d7b22caa502280d78cb4f6a09c866471
-
Sandeep Patil authored
The crng_init triggers process_crng_rdy_callbacks() and those callbacks can call into the crng again. So, leave the spinlock before processing the callbacks. This is a version of upstream commit '4a072c71' Bug: 124090075 Test: Build and boot cuttlefish with hwrng enabled Change-Id: Ie5b7a60cd17eae80ca26b518c60110fd18efd548 Signed-off-by:
Sandeep Patil <sspatil@android.com>
-