linux-stable.git/arch/tile, branch v4.1.41 Linux kernel stable tree tile/ptrace: Preserve previous registers for short regset write 2017-03-06T22:29:12+00:00 Dave Martin Dave.Martin@arm.com 2017-01-06T17:54:51+00:00 d6c83f5607bfcc1420e869cde808caf5b6013964 [ Upstream commit fd7c99142d77dc4a851879a66715abf12a3193fb ] Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET to fill all the registers, the thread's old registers are preserved. Cc: stable@vger.kernel.org Signed-off-by: Dave Martin <Dave.Martin@arm.com> Signed-off-by: Chris Metcalf <cmetcalf@mellanox.com> Signed-off-by: Sasha Levin <alexander.levin@verizon.com> 
[ Upstream commit fd7c99142d77dc4a851879a66715abf12a3193fb ]

Ensure that if userspace supplies insufficient data to
PTRACE_SETREGSET to fill all the registers, the thread's old
registers are preserved.

Cc: stable@vger.kernel.org
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Signed-off-by: Chris Metcalf <cmetcalf@mellanox.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
signal: fix information leak in copy_siginfo_from_user32 2015-08-17T03:52:26+00:00 Amanieu d'Antras amanieu@gmail.com 2015-08-06T22:46:26+00:00 52124831a34a52764a2ce76f1ba0703ecf9d220a commit 3c00cb5e68dc719f2fc73a33b1b230aadfcb1309 upstream. This function can leak kernel stack data when the user siginfo_t has a positive si_code value. The top 16 bits of si_code descibe which fields in the siginfo_t union are active, but they are treated inconsistently between copy_siginfo_from_user32, copy_siginfo_to_user32 and copy_siginfo_to_user. copy_siginfo_from_user32 is called from rt_sigqueueinfo and rt_tgsigqueueinfo in which the user has full control overthe top 16 bits of si_code. This fixes the following information leaks: x86: 8 bytes leaked when sending a signal from a 32-bit process to itself. This leak grows to 16 bytes if the process uses x32. (si_code = __SI_CHLD) x86: 100 bytes leaked when sending a signal from a 32-bit process to a 64-bit process. (si_code = -1) sparc: 4 bytes leaked when sending a signal from a 32-bit process to a 64-bit process. (si_code = any) parsic and s390 have similar bugs, but they are not vulnerable because rt_[tg]sigqueueinfo have checks that prevent sending a positive si_code to a different process. These bugs are also fixed for consistency. Signed-off-by: Amanieu d'Antras <amanieu@gmail.com> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Russell King <rmk@arm.linux.org.uk> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Chris Metcalf <cmetcalf@ezchip.com> Cc: Paul Mackerras <paulus@samba.org> Cc: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 3c00cb5e68dc719f2fc73a33b1b230aadfcb1309 upstream.

This function can leak kernel stack data when the user siginfo_t has a
positive si_code value.  The top 16 bits of si_code descibe which fields
in the siginfo_t union are active, but they are treated inconsistently
between copy_siginfo_from_user32, copy_siginfo_to_user32 and
copy_siginfo_to_user.

copy_siginfo_from_user32 is called from rt_sigqueueinfo and
rt_tgsigqueueinfo in which the user has full control overthe top 16 bits
of si_code.

This fixes the following information leaks:
x86:   8 bytes leaked when sending a signal from a 32-bit process to
       itself. This leak grows to 16 bytes if the process uses x32.
       (si_code = __SI_CHLD)
x86:   100 bytes leaked when sending a signal from a 32-bit process to
       a 64-bit process. (si_code = -1)
sparc: 4 bytes leaked when sending a signal from a 32-bit process to a
       64-bit process. (si_code = any)

parsic and s390 have similar bugs, but they are not vulnerable because
rt_[tg]sigqueueinfo have checks that prevent sending a positive si_code
to a different process.  These bugs are also fixed for consistency.

Signed-off-by: Amanieu d'Antras <amanieu@gmail.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Chris Metcalf <cmetcalf@ezchip.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
tile: use free_bootmem_late() for initrd 2015-08-10T19:21:56+00:00 Chris Metcalf cmetcalf@ezchip.com 2015-07-23T18:11:09+00:00 bec2057fee79fe271a629c98feb2201faba4ff2c commit 3f81d2447b37ac697b3c600039f2c6b628c06e21 upstream. We were previously using free_bootmem() and just getting lucky that nothing too bad happened. Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 3f81d2447b37ac697b3c600039f2c6b628c06e21 upstream.

We were previously using free_bootmem() and just getting lucky
that nothing too bad happened.

Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
tile: properly use node_isset() on a nodemask_t 2015-04-28T14:36:45+00:00 Chris Metcalf cmetcalf@ezchip.com 2015-04-28T14:36:45+00:00 9b0f5d63e74a987bf56cc1774baca80a291c9d8d The code accidentally used cpu_isset() previously in one place (though properly node_isset() elsewhere). Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com> 
The code accidentally used cpu_isset() previously in one place
(though properly node_isset() elsewhere).

Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com>
Merge tag 'cpumask-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2015-04-20T17:19:03+00:00 Linus Torvalds torvalds@linux-foundation.org 2015-04-20T17:19:03+00:00 6496edfce95f943e1da43631c2f437509e56af7f Pull final removal of deprecated cpus_* cpumask functions from Rusty Russell: "This is the final removal (after several years!) of the obsolete cpus_* functions, prompted by their mis-use in staging. With these function removed, all cpu functions should only iterate to nr_cpu_ids, so we finally only allocate that many bits when cpumasks are allocated offstack" * tag 'cpumask-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (25 commits) cpumask: remove __first_cpu / __next_cpu cpumask: resurrect CPU_MASK_CPU0 linux/cpumask.h: add typechecking to cpumask_test_cpu cpumask: only allocate nr_cpumask_bits. Fix weird uses of num_online_cpus(). cpumask: remove deprecated functions. mips: fix obsolete cpumask_of_cpu usage. x86: fix more deprecated cpu function usage. ia64: remove deprecated cpus_ usage. powerpc: fix deprecated CPU_MASK_CPU0 usage. CPU_MASK_ALL/CPU_MASK_NONE: remove from deprecated region. staging/lustre/o2iblnd: Don't use cpus_weight staging/lustre/libcfs: replace deprecated cpus_ calls with cpumask_ staging/lustre/ptlrpc: Do not use deprecated cpus_* functions blackfin: fix up obsolete cpu function usage. parisc: fix up obsolete cpu function usage. tile: fix up obsolete cpu function usage. arm64: fix up obsolete cpu function usage. mips: fix up obsolete cpu function usage. x86: fix up obsolete cpu function usage. ... 
Pull final removal of deprecated cpus_* cpumask functions from Rusty Russell:
 "This is the final removal (after several years!) of the obsolete
  cpus_* functions, prompted by their mis-use in staging.

  With these function removed, all cpu functions should only iterate to
  nr_cpu_ids, so we finally only allocate that many bits when cpumasks
  are allocated offstack"

* tag 'cpumask-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (25 commits)
  cpumask: remove __first_cpu / __next_cpu
  cpumask: resurrect CPU_MASK_CPU0
  linux/cpumask.h: add typechecking to cpumask_test_cpu
  cpumask: only allocate nr_cpumask_bits.
  Fix weird uses of num_online_cpus().
  cpumask: remove deprecated functions.
  mips: fix obsolete cpumask_of_cpu usage.
  x86: fix more deprecated cpu function usage.
  ia64: remove deprecated cpus_ usage.
  powerpc: fix deprecated CPU_MASK_CPU0 usage.
  CPU_MASK_ALL/CPU_MASK_NONE: remove from deprecated region.
  staging/lustre/o2iblnd: Don't use cpus_weight
  staging/lustre/libcfs: replace deprecated cpus_ calls with cpumask_
  staging/lustre/ptlrpc: Do not use deprecated cpus_* functions
  blackfin: fix up obsolete cpu function usage.
  parisc: fix up obsolete cpu function usage.
  tile: fix up obsolete cpu function usage.
  arm64: fix up obsolete cpu function usage.
  mips: fix up obsolete cpu function usage.
  x86: fix up obsolete cpu function usage.
  ...
Merge git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile 2015-04-17T20:03:05+00:00 Linus Torvalds torvalds@linux-foundation.org 2015-04-17T20:03:05+00:00 6b6e177d632ee251c7c78d8f266a851ab9704879 Pull arch/tile updates from Chris Metcalf: "These are mostly nohz_full changes, plus a smattering of minor fixes (notably a couple for ftrace)" * git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile: tile: nohz: warn if nohz_full uses hypervisor shared cores tile: ftrace: fix function_graph tracer issues tile: map data region shadow of kernel as R/W tile: support CONTEXT_TRACKING and thus NOHZ_FULL tile: support arch_irq_work_raise arch: tile: fix null pointer dereference on pt_regs pointer tile/elf: reorganize notify_exec() tile: use si_int instead of si_ptr for compat_siginfo 
Pull arch/tile updates from Chris Metcalf:
 "These are mostly nohz_full changes, plus a smattering of minor fixes
  (notably a couple for ftrace)"

* git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile:
  tile: nohz: warn if nohz_full uses hypervisor shared cores
  tile: ftrace: fix function_graph tracer issues
  tile: map data region shadow of kernel as R/W
  tile: support CONTEXT_TRACKING and thus NOHZ_FULL
  tile: support arch_irq_work_raise
  arch: tile: fix null pointer dereference on pt_regs pointer
  tile/elf: reorganize notify_exec()
  tile: use si_int instead of si_ptr for compat_siginfo
tile: nohz: warn if nohz_full uses hypervisor shared cores 2015-04-17T18:01:41+00:00 Chris Metcalf cmetcalf@ezchip.com 2015-03-30T20:33:00+00:00 128f3cb9398b5eeb4ee04b60bd5e314f5c122821 The "hypervisor shared" cores are ones that the Tilera hypervisor uses to receive interrupts to manage hypervisor-owned devices. It's a bad idea to try to use those cores with nohz_full, since they will get interrupted unpredictably -- and invisibly to Linux tracing tools, since the interrupts are delivered at a higher privilege level to the Tilera hypervisor. Generate a clear warning at boot up that this doesn't end well for the nohz_full cores in question. Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com> 
The "hypervisor shared" cores are ones that the Tilera hypervisor
uses to receive interrupts to manage hypervisor-owned devices.
It's a bad idea to try to use those cores with nohz_full, since
they will get interrupted unpredictably -- and invisibly to Linux
tracing tools, since the interrupts are delivered at a higher
privilege level to the Tilera hypervisor.

Generate a clear warning at boot up that this doesn't end well
for the nohz_full cores in question.

Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com>
tile: ftrace: fix function_graph tracer issues 2015-04-17T18:01:38+00:00 Tony Lu zlu@ezchip.com 2015-03-27T18:46:38+00:00 437d3e124d25daaa671bfecfd4015ecd2503a955 - Add support for ARCH_SUPPORTS_FTRACE_OPS - Replace the instruction in ftrace_call with the bundle {move r10, lr; jal ftrace_stub}, so that the lr contains the right value after returning from ftrace_stub. An alternative fix might be to leave the instruction in ftrace_call alone when it is being updated with ftrace_stub. Signed-off-by: Tony Lu <zlu@ezchip.com> Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com> 
- Add support for ARCH_SUPPORTS_FTRACE_OPS
- Replace the instruction in ftrace_call with the bundle {move r10, lr;
jal ftrace_stub}, so that the lr contains the right value after returning
from ftrace_stub.  An alternative fix might be to leave the instruction
in ftrace_call alone when it is being updated with ftrace_stub.

Signed-off-by: Tony Lu <zlu@ezchip.com>
Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com>
tile: map data region shadow of kernel as R/W 2015-04-17T18:01:35+00:00 Chris Metcalf cmetcalf@ezchip.com 2015-03-27T18:35:31+00:00 a84f24230c137a4e0ab14185e9175798ca1b0376 This is necessary for things like reading /proc/kcore, doing ftrace, etc. It happens by default when using huge pages to map the kernel data, but not when using small pages. Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com> 
This is necessary for things like reading /proc/kcore, doing ftrace,
etc.  It happens by default when using huge pages to map the kernel
data, but not when using small pages.

Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com>
tile: support CONTEXT_TRACKING and thus NOHZ_FULL 2015-04-17T18:01:10+00:00 Chris Metcalf cmetcalf@ezchip.com 2015-03-23T18:23:58+00:00 49e4e15619cd7cd9fc275d460fae2a95c1337fcc Add the TIF_NOHZ flag appropriately. Add call to user_exit() on entry to do_work_pending() and on entry to syscalls via do_syscall_trace_enter(), and also the top of do_syscall_trace_exit() just because it's done in x86. Add call to user_enter() at the bottom of do_work_pending() once we have no more work to do before returning to userspace. Wrap all the trap code in exception_enter() / exception_exit(). Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com> Acked-by: Frederic Weisbecker <fweisbec@gmail.com> 
Add the TIF_NOHZ flag appropriately.

Add call to user_exit() on entry to do_work_pending() and on entry
to syscalls via do_syscall_trace_enter(), and also the top of
do_syscall_trace_exit() just because it's done in x86.

Add call to user_enter() at the bottom of do_work_pending() once we
have no more work to do before returning to userspace.

Wrap all the trap code in exception_enter() / exception_exit().

Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com>
Acked-by: Frederic Weisbecker <fweisbec@gmail.com>