Skip to content
  1. Aug 02, 2017
    • Kees Cook's avatar
      exec: Use sane stack rlimit under secureexec · 64701dee
      Kees Cook authored
      
      
      For a secureexec, before memory layout selection has happened, reset the
      stack rlimit to something sane to avoid the caller having control over
      the resulting layouts.
      
      $ ulimit -s
      8192
      $ ulimit -s unlimited
      $ /bin/sh -c 'ulimit -s'
      unlimited
      $ sudo /bin/sh -c 'ulimit -s'
      8192
      
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      64701dee
    • Kees Cook's avatar
      exec: Consolidate dumpability logic · 473d8963
      Kees Cook authored
      
      
      Since it's already valid to set dumpability in the early part of
      setup_new_exec(), we can consolidate the logic into a single place.
      The BINPRM_FLAGS_ENFORCE_NONDUMP is set during would_dump() calls
      before setup_new_exec(), so its test is safe to move as well.
      
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
      473d8963
    • Kees Cook's avatar
      smack: Remove redundant pdeath_signal clearing · 35b372b7
      Kees Cook authored
      
      
      This removes the redundant pdeath_signal clearing in Smack: the check in
      smack_bprm_committing_creds() matches the check in smack_bprm_set_creds()
      (which used to be in the now-removed smack_bprm_securexec() hook) and
      since secureexec is now being checked for clearing pdeath_signal, this
      is redundant to the common exec code.
      
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
      Reviewed-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      35b372b7
    • Kees Cook's avatar
      exec: Use secureexec for clearing pdeath_signal · a70423df
      Kees Cook authored
      Like dumpability, clearing pdeath_signal happens both in setup_new_exec()
      and later in commit_creds(). The test in setup_new_exec() is different
      from all other privilege comparisons, though: it is checking the new cred
      (bprm) uid vs the old cred (current) euid. This appears to be a bug,
      introduced by commit a6f76f23
      
       ("CRED: Make execve() take advantage of
      copy-on-write credentials"):
      
      -       if (bprm->e_uid != current_euid() ||
      -           bprm->e_gid != current_egid()) {
      -               set_dumpable(current->mm, suid_dumpable);
      +       if (bprm->cred->uid != current_euid() ||
      +           bprm->cred->gid != current_egid()) {
      
      It was bprm euid vs current euid (and egids), but the effective got
      dropped. Nothing in the exec flow changes bprm->cred->uid (nor gid).
      The call traces are:
      
      	prepare_bprm_creds()
      	    prepare_exec_creds()
      	        prepare_creds()
      	            memcpy(new_creds, old_creds, ...)
      	            security_prepare_creds() (unimplemented by commoncap)
      	...
      	prepare_binprm()
      	    bprm_fill_uid()
      	        resets euid/egid to current euid/egid
      	        sets euid/egid on bprm based on set*id file bits
      	    security_bprm_set_creds()
      		cap_bprm_set_creds()
      		        handle all caps-based manipulations
      
      so this test is effectively a test of current_uid() vs current_euid(),
      which is wrong, just like the prior dumpability tests were wrong.
      
      The commit log says "Clear pdeath_signal and set dumpable on
      certain circumstances that may not be covered by commit_creds()." This
      may be meaning the earlier old euid vs new euid (and egid) test that
      got changed.
      
      Luckily, as with dumpability, this is all masked by commit_creds()
      which performs old/new euid and egid tests and clears pdeath_signal.
      
      And again, like dumpability, we should include LSM secureexec logic for
      pdeath_signal clearing. For example, Smack goes out of its way to clear
      pdeath_signal when it finds a secureexec condition.
      
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
      a70423df
    • Kees Cook's avatar
      exec: Use secureexec for setting dumpability · e37fdb78
      Kees Cook authored
      
      
      The examination of "current" to decide dumpability is wrong. This was a
      check of and euid/uid (or egid/gid) mismatch in the existing process,
      not the newly created one. This appears to stretch back into even the
      "history.git" tree. Luckily, dumpability is later set in commit_creds().
      In earlier kernel versions before creds existed, similar checks also
      existed late in the exec flow, covering up the mistake as far back as I
      could find.
      
      Note that because the commit_creds() check examines differences of euid,
      uid, egid, gid, and capabilities between the old and new creds, it would
      look like the setup_new_exec() dumpability test could be entirely removed.
      However, the secureexec test may cover a different set of tests (specific
      to the LSMs) than what commit_creds() checks for. So, fix this test to
      use secureexec (the removed euid tests are redundant to the commoncap
      secureexec checks now).
      
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
      e37fdb78
    • Kees Cook's avatar
      LSM: drop bprm_secureexec hook · 2af62280
      Kees Cook authored
      
      
      This removes the bprm_secureexec hook since the logic has been folded into
      the bprm_set_creds hook for all LSMs now.
      
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Reviewed-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Acked-by: default avatarJames Morris <james.l.morris@oracle.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      2af62280
    • Kees Cook's avatar
      commoncap: Move cap_elevated calculation into bprm_set_creds · ee67ae7e
      Kees Cook authored
      
      
      Instead of a separate function, open-code the cap_elevated test, which
      lets us entirely remove bprm->cap_effective (to use the local "effective"
      variable instead), and more accurately examine euid/egid changes via the
      existing local "is_setid".
      
      The following LTP tests were run to validate the changes:
      
      	# ./runltp -f syscalls -s cap
      	# ./runltp -f securebits
      	# ./runltp -f cap_bounds
      	# ./runltp -f filecaps
      
      All kernel selftests for capabilities and exec continue to pass as well.
      
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      Reviewed-by: default avatarAndy Lutomirski <luto@kernel.org>
      ee67ae7e
    • Kees Cook's avatar
      commoncap: Refactor to remove bprm_secureexec hook · 46d98eb4
      Kees Cook authored
      
      
      The commoncap implementation of the bprm_secureexec hook is the only LSM
      that depends on the final call to its bprm_set_creds hook (since it may
      be called for multiple files, it ignores bprm->called_set_creds). As a
      result, it cannot safely _clear_ bprm->secureexec since other LSMs may
      have set it.  Instead, remove the bprm_secureexec hook by introducing a
      new flag to bprm specific to commoncap: cap_elevated. This is similar to
      cap_effective, but that is used for a specific subset of elevated
      privileges, and exists solely to track state from bprm_set_creds to
      bprm_secureexec. As such, it will be removed in the next patch.
      
      Here, set the new bprm->cap_elevated flag when setuid/setgid has happened
      from bprm_fill_uid() or fscapabilities have been prepared. This temporarily
      moves the bprm_secureexec hook to a static inline. The helper will be
      removed in the next patch; this makes the step easier to review and bisect,
      since this does not introduce any changes to inputs nor outputs to the
      "elevated privileges" calculation.
      
      The new flag is merged with the bprm->secureexec flag in setup_new_exec()
      since this marks the end of any further prepare_binprm() calls.
      
      Cc: Andy Lutomirski <luto@kernel.org>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Reviewed-by: default avatarAndy Lutomirski <luto@kernel.org>
      Acked-by: default avatarJames Morris <james.l.morris@oracle.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      46d98eb4
    • Kees Cook's avatar
      smack: Refactor to remove bprm_secureexec hook · ccbb6e10
      Kees Cook authored
      
      
      The Smack bprm_secureexec hook can be merged with the bprm_set_creds
      hook since it's dealing with the same information, and all of the details
      are finalized during the first call to the bprm_set_creds hook via
      prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored
      via bprm->called_set_creds).
      
      Here, the test can just happen at the end of the bprm_set_creds hook,
      and the bprm_secureexec hook can be dropped.
      
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
      Reviewed-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      ccbb6e10
    • Kees Cook's avatar
      selinux: Refactor to remove bprm_secureexec hook · 62874c3a
      Kees Cook authored
      
      
      The SELinux bprm_secureexec hook can be merged with the bprm_set_creds
      hook since it's dealing with the same information, and all of the details
      are finalized during the first call to the bprm_set_creds hook via
      prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored
      via bprm->called_set_creds).
      
      Here, the test can just happen at the end of the bprm_set_creds hook,
      and the bprm_secureexec hook can be dropped.
      
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatarPaul Moore <paul@paul-moore.com>
      Tested-by: default avatarPaul Moore <paul@paul-moore.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
      Reviewed-by: default avatarAndy Lutomirski <luto@kernel.org>
      62874c3a
    • Kees Cook's avatar
      apparmor: Refactor to remove bprm_secureexec hook · 993b3ab0
      Kees Cook authored
      
      
      The AppArmor bprm_secureexec hook can be merged with the bprm_set_creds
      hook since it's dealing with the same information, and all of the details
      are finalized during the first call to the bprm_set_creds hook via
      prepare_binprm() (subsequent calls due to binfmt_script, etc, are ignored
      via bprm->called_set_creds).
      
      Here, all the comments describe how secureexec is actually calculated
      during bprm_set_creds, so this actually does it, drops the bprm flag that
      was being used internally by AppArmor, and drops the bprm_secureexec hook.
      
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      993b3ab0
    • Kees Cook's avatar
      binfmt: Introduce secureexec flag · c425e189
      Kees Cook authored
      
      
      The bprm_secureexec hook can be moved earlier. Right now, it is called
      during create_elf_tables(), via load_binary(), via search_binary_handler(),
      via exec_binprm(). Nearly all (see exception below) state used by
      bprm_secureexec is created during the bprm_set_creds hook, called from
      prepare_binprm().
      
      For all LSMs (except commoncaps described next), only the first execution
      of bprm_set_creds takes any effect (they all check bprm->called_set_creds
      which prepare_binprm() sets after the first call to the bprm_set_creds
      hook).  However, all these LSMs also only do anything with bprm_secureexec
      when they detected a secure state during their first run of bprm_set_creds.
      Therefore, it is functionally identical to move the detection into
      bprm_set_creds, since the results from secureexec here only need to be
      based on the first call to the LSM's bprm_set_creds hook.
      
      The single exception is that the commoncaps secureexec hook also examines
      euid/uid and egid/gid differences which are controlled by bprm_fill_uid(),
      via prepare_binprm(), which can be called multiple times (e.g.
      binfmt_script, binfmt_misc), and may clear the euid/egid for the final
      load (i.e. the script interpreter). However, while commoncaps specifically
      ignores bprm->cred_prepared, and runs its bprm_set_creds hook each time
      prepare_binprm() may get called, it needs to base the secureexec decision
      on the final call to bprm_set_creds. As a result, it will need special
      handling.
      
      To begin this refactoring, this adds the secureexec flag to the bprm
      struct, and calls the secureexec hook during setup_new_exec(). This is
      safe since all the cred work is finished (and past the point of no return).
      This explicit call will be removed in later patches once the hook has been
      removed.
      
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Reviewed-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
      c425e189
    • Kees Cook's avatar
      exec: Correct comments about "point of no return" · a9208e42
      Kees Cook authored
      In commit 221af7f8 ("Split 'flush_old_exec' into two functions"),
      the comment about the point of no return should have stayed in
      flush_old_exec() since it refers to "bprm->mm = NULL;" line, but prior
      changes in commits c89681ed ("remove steal_locks()"), and
      fd8328be
      
       ("sanitize handling of shared descriptor tables in failing
      execve()") made it look like it meant the current->sas_ss_sp line instead.
      
      The comment was referring to the fact that once bprm->mm is NULL, all
      failures from a binfmt load_binary hook (e.g. load_elf_binary), will
      get SEGV raised against current. Move this comment and expand the
      explanation a bit, putting it above the assignment this time, and add
      details about the true nature of "point of no return" being the call
      to flush_old_exec() itself.
      
      This also removes an erroneous commet about when credentials are being
      installed. That has its own dedicated function, install_exec_creds(),
      which carries a similar (and correct) comment, so remove the bogus comment
      where installation is not actually happening.
      
      Cc: David Howells <dhowells@redhat.com>
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      a9208e42
    • Kees Cook's avatar
      exec: Rename bprm->cred_prepared to called_set_creds · ddb4a144
      Kees Cook authored
      
      
      The cred_prepared bprm flag has a misleading name. It has nothing to do
      with the bprm_prepare_cred hook, and actually tracks if bprm_set_creds has
      been called. Rename this flag and improve its comment.
      
      Cc: David Howells <dhowells@redhat.com>
      Cc: Stephen Smalley <sds@tycho.nsa.gov>
      Cc: Casey Schaufler <casey@schaufler-ca.com>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Acked-by: default avatarJames Morris <james.l.morris@oracle.com>
      Acked-by: default avatarPaul Moore <paul@paul-moore.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      ddb4a144
  2. Jul 24, 2017
    • Linus Torvalds's avatar
      Linux 4.13-rc2 · 520eccdf
      Linus Torvalds authored
      520eccdf
    • Linus Torvalds's avatar
      Properly alphabetize MAINTAINERS file · 7683e9e5
      Linus Torvalds authored
      
      
      This adds a perl script to actually parse the MAINTAINERS file, clean up
      some whitespace in it, warn about errors in it, and then properly sort
      the end result.
      
      My perl-fu is atrocious, so the script has basically been created by
      randomly putting various characters in a pile, mixing them around, and
      then looking it the end result does anything interesting when used as a
      perl script.
      
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7683e9e5
    • Linus Torvalds's avatar
      Fix up MAINTAINERS file problems · f47e07bc
      Linus Torvalds authored
      
      
      Prepping for scripting the MAINTAINERS file cleanup (and possible split)
      showed a couple of cases where the headers for a couple of entries were
      bogus.
      
      There's a few different kinds of bogosities:
      
       - the X-GENE SOC EDAC case was confused and split over two lines
      
       - there were four entries for "GREYBUS PROTOCOLS DRIVERS" that were all
         different things.
      
       - the NOKIA N900 CAMERA SUPPORT" was duplicated
      
      all of which were more obvious when you started doing associative arrays
      in perl to track these things by the header (so that we can alphabetize
      this thing properly, and so that we might split it up by the data too).
      
      Cc: Joe Perches <joe@perches.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f47e07bc
    • Linus Torvalds's avatar
      Merge tag 'for-linus-4.13b-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · a56e88ec
      Linus Torvalds authored
      Pull xen fixes from Juergen Gross:
       "Some fixes and cleanups for running under Xen"
      
      * tag 'for-linus-4.13b-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen/balloon: don't online new memory initially
        xen/x86: fix cpu hotplug
        xen/grant-table: log the lack of grants
        xen/x86: Don't BUG on CPU0 offlining
      a56e88ec
  3. Jul 23, 2017
  4. Jul 22, 2017
    • Linus Torvalds's avatar
      Merge tag 'char-misc-4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · dedaff2f
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are some small char and misc driver fixes for 4.13-rc2. All fix
        reported problems with 4.13-rc1 or older kernels (like the binder
        fixes). Full details in the shortlog.
      
        All have been in linux-next with no reported issues"
      
      * tag 'char-misc-4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        w1: omap-hdq: fix error return code in omap_hdq_probe()
        regmap: regmap-w1: Fix build troubles
        w1: Fix slave count on 1-Wire bus (resend)
        mux: mux-core: unregister mux_class in mux_exit()
        mux: remove the Kconfig question for the subsystem
        nvmem: rockchip-efuse: amend compatible rk322x-efuse to rk3228-efuse
        drivers/fsi: fix fsi_slave_mode prototype
        fsi: core: register with postcore_initcall
        thunderbolt: Correct access permissions for active NVM contents
        vmbus: re-enable channel tasklet
        spmi: pmic-arb: Always allocate ppid_to_apid table
        MAINTAINERS: Add entry for SPMI subsystem
        spmi: Include OF based modalias in device uevent
        binder: Use wake up hint for synchronous transactions.
        binder: use group leader instead of open thread
        Revert "android: binder: Sanity check at binder ioctl"
      dedaff2f
    • Linus Torvalds's avatar
      Merge tag 'usb-4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 55fd939e
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are some small USB fixes for 4.13-rc2.
      
        The usual batch, gadget fixes for reported issues, as well as xhci
        fixes, and a small random collection of other fixes for reported
        issues.
      
        All have been in linux-next with no reported issues"
      
      * tag 'usb-4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (25 commits)
        xhci: fix memleak in xhci_run()
        usb: xhci: fix spinlock recursion for USB2 test mode
        xhci: fix 20000ms port resume timeout
        usb: xhci: Issue stop EP command only when the EP state is running
        xhci: Bad Ethernet performance plugged in ASM1042A host
        xhci: Fix NULL pointer dereference when cleaning up streams for removed host
        usb: renesas_usbhs: gadget: disable all eps when the driver stops
        usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL
        usb: gadget: udc: renesas_usb3: protect usb3_ep->started in usb3_start_pipen()
        usb: gadget: udc: renesas_usb3: fix zlp transfer by the dmac
        usb: gadget: udc: renesas_usb3: fix free size in renesas_usb3_dma_free_prd()
        usb: gadget: f_uac2: endianness fixes.
        usb: gadget: f_uac1: endianness fixes.
        include: usb: audio: specify exact endiannes of descriptors
        usb: gadget: udc: start_udc() can be static
        usb: dwc2: gadget: On USB RESET reset device address to zero
        usb: storage: return on error to avoid a null pointer dereference
        usb: typec: include linux/device.h in ucsi.h
        USB: cdc-acm: add device-id for quirky printer
        usb: dwc3: gadget: only unmap requests from DMA if mapped
        ...
      55fd939e
    • Linus Torvalds's avatar
      Merge tag 'staging-4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · bcb53e57
      Linus Torvalds authored
      Pull staging driver fixes from Greg KH:
       "Here are some small staging driver fixes for reported issues for
        4.13-rc2.
      
        Also in here is a new driver, the virtualbox DRM driver. It's
        stand-alone and got acks from the DRM developers to go in through this
        tree. It's a new thing, but it should be fine for this point in the rc
        cycle due to it being independent.
      
        All of this has been in linux-next for a while with no reported
        issues"
      
      * tag 'staging-4.13-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: rtl8188eu: add TL-WN722N v2 support
        staging: speakup: safely register and unregister ldisc
        staging: speakup: add functions to register and unregister ldisc
        staging: speakup: safely close tty
        staging: sm750fb: avoid conflicting vesafb
        staging: lustre: ko2iblnd: check copy_from_iter/copy_to_iter return code
        staging: vboxvideo: Add vboxvideo to drivers/staging
        staging: sm750fb: fixed a assignment typo
        staging: rtl8188eu: memory leak in rtw_free_cmd_obj()
        staging: vchiq_arm: fix error codes in probe
        staging: comedi: ni_mio_common: fix AO timer off-by-one regression
      bcb53e57
    • Randy Dunlap's avatar
      MAINTAINERS: fix alphabetical ordering · 82abbea7
      Randy Dunlap authored
      
      
      Fix major alphabetic errors.  No attempt to fix items that all begin
      with the same word (like ARM, BROADCOM, DRM, EDAC, FREESCALE, INTEL,
      OMAP, PCI, SAMSUNG, TI, USB, etc.).
      
      (diffstat +/- is different by one line because TI KEYSTONE MULTICORE
      had 2 blank lines after it.)
      
      Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Acked-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      82abbea7
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-4.13-2' of git://git.linux-nfs.org/projects/anna/linux-nfs · 505d5c11
      Linus Torvalds authored
      Pull NFS client bugfixes from Anna Schumaker:
       "Stable bugfix:
         - Fix error reporting regression
      
        Bugfixes:
         - Fix setting filelayout ds address race
         - Fix subtle access bug when using ACLs
         - Fix setting mnt3_counts array size
         - Fix a couple of pNFS commit races"
      
      * tag 'nfs-for-4.13-2' of git://git.linux-nfs.org/projects/anna/linux-nfs:
        NFS/filelayout: Fix racy setting of fl->dsaddr in filelayout_check_deviceid()
        NFS: Be more careful about mapping file permissions
        NFS: Store the raw NFS access mask in the inode's access cache
        NFSv3: Convert nfs3_proc_access() to use nfs_access_set_mask()
        NFS: Refactor NFS access to kernel access mask calculation
        net/sunrpc/xprt_sock: fix regression in connection error reporting.
        nfs: count correct array for mnt3_counts array size
        Revert commit 722f0b89 ("pNFS: Don't send COMMITs to the DSes if...")
        pNFS/flexfiles: Handle expired layout segments in ff_layout_initiate_commit()
        NFS: Fix another COMMIT race in pNFS
        NFS: Fix a COMMIT race in pNFS
        mount: copy the port field into the cloned nfs_server structure.
        NFS: Don't run wake_up_bit() when nobody is waiting...
        nfs: add export operations
      505d5c11
    • Linus Torvalds's avatar
      Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs · 99313414
      Linus Torvalds authored
      Pull overlayfs fixes from Miklos Szeredi:
       "This fixes a crash with SELinux and several other old and new bugs"
      
      * 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
        ovl: check for bad and whiteout index on lookup
        ovl: do not cleanup directory and whiteout index entries
        ovl: fix xattr get and set with selinux
        ovl: remove unneeded check for IS_ERR()
        ovl: fix origin verification of index dir
        ovl: mark parent impure on ovl_link()
        ovl: fix random return value on mount
      99313414
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · 0151ef00
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "A small set of fixes for -rc2 - two fixes for BFQ, documentation and
        code, and a removal of an unused variable in nbd. Outside of that, a
        small collection of fixes from the usual crew on the nvme side"
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        nvmet: don't report 0-bytes in serial number
        nvmet: preserve controller serial number between reboots
        nvmet: Move serial number from controller to subsystem
        nvmet: prefix version configfs file with attr
        nvme-pci: Fix an error handling path in 'nvme_probe()'
        nvme-pci: Remove nvme_setup_prps BUG_ON
        nvme-pci: add another device ID with stripe quirk
        nvmet-fc: fix byte swapping in nvmet_fc_ls_create_association
        nvme: fix byte swapping in the streams code
        nbd: kill unused ret in recv_work
        bfq: dispatch request to prevent queue stalling after the request completion
        bfq: fix typos in comments about B-WF2Q+ algorithm
      0151ef00
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma · bb236dbe
      Linus Torvalds authored
      Pull more rdma fixes from Doug Ledford:
       "As per my previous pull request, there were two drivers that each had
        a rather large number of legitimate fixes still to be sent.
      
        As it turned out, I also missed a reasonably large set of fixes from
        one person across the stack that are all important fixes. All in all,
        the bnxt_re, i40iw, and Dan Carpenter are 3/4 to 2/3rds of this pull
        request.
      
        There were some other random fixes that I didn't send in the last pull
        request that I added to this one. This catches the rdma stack up to
        the fixes from up to about the beginning of this week. Any more fixes
        I'll wait and batch up later in the -rc cycle. This will give us a
        good base to start with for basing a for-next branch on -rc2.
      
        Summary:
      
         - i40iw fixes
      
         - bnxt_re fixes
      
         - Dan Carpenter bugfixes across stack
      
         - ten more random fixes, no more than two from any one person"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (37 commits)
        RDMA/core: Initialize port_num in qp_attr
        RDMA/uverbs: Fix the check for port number
        IB/cma: Fix reference count leak when no ipv4 addresses are set
        RDMA/iser: don't send an rkey if all data is written as immadiate-data
        rxe: fix broken receive queue draining
        RDMA/qedr: Prevent memory overrun in verbs' user responses
        iw_cxgb4: don't use WR keys/addrs for 0 byte reads
        IB/mlx4: Fix CM REQ retries in paravirt mode
        IB/rdmavt: Setting of QP timeout can overflow jiffies computation
        IB/core: Fix sparse warnings
        RDMA/bnxt_re: Fix the value reported for local ack delay
        RDMA/bnxt_re: Report MISSED_EVENTS in req_notify_cq
        RDMA/bnxt_re: Fix return value of poll routine
        RDMA/bnxt_re: Enable atomics only if host bios supports
        RDMA/bnxt_re: Specify RDMA component when allocating stats context
        RDMA/bnxt_re: Fixed the max_rd_atomic support for initiator and destination QP
        RDMA/bnxt_re: Report supported value to IB stack in query_device
        RDMA/bnxt_re: Do not free the ctx_tbl entry if delete GID fails
        RDMA/bnxt_re: Fix WQE Size posted to HW to prevent it from throwing error
        RDMA/bnxt_re: Free doorbell page index (DPI) during dealloc ucontext
        ...
      bb236dbe
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-for-v4.13-rc2' of git://people.freedesktop.org/~airlied/linux · 24a1635a
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "A bunch of fixes for rc2: two imx regressions, vc4 fix, dma-buf fix,
        some displayport mst fixes, and an amdkfd fix.
      
        Nothing too crazy, I assume we just haven't see much rc1 testing yet"
      
      * tag 'drm-fixes-for-v4.13-rc2' of git://people.freedesktop.org/~airlied/linux:
        drm/mst: Avoid processing partially received up/down message transactions
        drm/mst: Avoid dereferencing a NULL mstb in drm_dp_mst_handle_up_req()
        drm/mst: Fix error handling during MST sideband message reception
        drm/imx: parallel-display: Accept drm_of_find_panel_or_bridge failure
        drm/imx: fix typo in ipu_plane_formats[]
        drm/vc4: Fix VBLANK handling in crtc->enable() path
        dma-buf/fence: Avoid use of uninitialised timestamp
        drm/amdgpu: Remove unused field kgd2kfd_shared_resources.num_mec
        drm/radeon: Remove initialization of shared_resources.num_mec
        drm/amdkfd: Remove unused references to shared_resources.num_mec
        drm/amdgpu: Fix KFD oversubscription by tracking queues correctly
      24a1635a
    • Linus Torvalds's avatar
      Merge tag 'trace-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · f79ec886
      Linus Torvalds authored
      Pull tracing fixes from Steven Rostedt:
       "Three minor updates
      
         - Use the new GFP_RETRY_MAYFAIL to be more aggressive in allocating
           memory for the ring buffer without causing OOMs
      
         - Fix a memory leak in adding and removing instances
      
         - Add __rcu annotation to be able to debug RCU usage of function
           tracing a bit better"
      
      * tag 'trace-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        trace: fix the errors caused by incompatible type of RCU variables
        tracing: Fix kmemleak in instance_rmdir
        tracing/ring_buffer: Try harder to allocate
      f79ec886
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · b0a75281
      Linus Torvalds authored
      Pull KVM fixes from Radim Krčmář:
       "A bunch of small fixes for x86"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm: x86: hyperv: avoid livelock in oneshot SynIC timers
        KVM: VMX: Fix invalid guest state detection after task-switch emulation
        x86: add MULTIUSER dependency for KVM
        KVM: nVMX: Disallow VM-entry in MOV-SS shadow
        KVM: nVMX: track NMI blocking state separately for each VMCS
        KVM: x86: masking out upper bits
      b0a75281
    • Linus Torvalds's avatar
      Merge tag 'powerpc-4.13-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 10fc9554
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
       "A handful of fixes, mostly for new code:
      
         - some reworking of the new STRICT_KERNEL_RWX support to make sure we
           also remove executable permission from __init memory before it's
           freed.
      
         - a fix to some recent optimisations to the hypercall entry where we
           were clobbering r12, this was breaking nested guests (PR KVM).
      
         - a fix for the recent patch to opal_configure_cores(). This could
           break booting on bare metal Power8 boxes if the kernel was built
           without CONFIG_JUMP_LABEL_FEATURE_CHECK_DEBUG.
      
         - .. and finally a workaround for spurious PMU interrupts on Power9
           DD2.
      
        Thanks to: Nicholas Piggin, Anton Blanchard, Balbir Singh"
      
      * tag 'powerpc-4.13-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/mm: Mark __init memory no-execute when STRICT_KERNEL_RWX=y
        powerpc/mm/hash: Refactor hash__mark_rodata_ro()
        powerpc/mm/radix: Refactor radix__mark_rodata_ro()
        powerpc/64s: Fix hypercall entry clobbering r12 input
        powerpc/perf: Avoid spurious PMU interrupts after idle
        powerpc/powernv: Fix boot on Power8 bare metal due to opal_configure_cores()
      10fc9554
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 4ec9f7a1
      Linus Torvalds authored
      Pull x86 fixes from Ingo Molnar:
       "Half of the fixes are for various build time warnings triggered by
        randconfig builds. Most (but not all...) were harmless.
      
        There's also:
      
         - ACPI boundary condition fixes
      
         - UV platform fixes
      
         - defconfig updates
      
         - an AMD K6 CPU init fix
      
         - a %pOF printk format related preparatory change
      
         - .. and a warning fix related to the tlb/PCID changes"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/devicetree: Convert to using %pOF instead of ->full_name
        x86/platform/uv/BAU: Disable BAU on single hub configurations
        x86/platform/intel-mid: Fix a format string overflow warning
        x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
        x86/build: Silence the build with "make -s"
        x86/io: Add "memory" clobber to insb/insw/insl/outsb/outsw/outsl
        x86/fpu/math-emu: Avoid bogus -Wint-in-bool-context warning
        x86/fpu/math-emu: Fix possible uninitialized variable use
        perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
        x86/defconfig: Remove stale, old Kconfig options
        x86/ioapic: Pass the correct data to unmask_ioapic_irq()
        x86/acpi: Prevent out of bound access caused by broken ACPI tables
        x86/mm, KVM: Fix warning when !CONFIG_PREEMPT_COUNT
        x86/platform/uv/BAU: Fix congested_response_us not taking effect
        x86/cpu: Use indirect call to measure performance in init_amd_k6()
      4ec9f7a1
    • Linus Torvalds's avatar
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e234b4a8
      Linus Torvalds authored
      Pull timer fix from Ingo Molnar:
       "A timer_irq_init() clocksource API robustness fix"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        clocksource/drivers/timer-of: Handle of_irq_get_byname() result correctly
      e234b4a8
    • Linus Torvalds's avatar
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 5a77f025
      Linus Torvalds authored
      Pull scheduler fixes from Ingo Molnar:
       "A cputime fix and code comments/organization fix to the deadline
        scheduler"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/deadline: Fix confusing comments about selection of top pi-waiter
        sched/cputime: Don't use smp_processor_id() in preemptible context
      5a77f025
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · bbcdea65
      Linus Torvalds authored
      Pull perf fixes from Ingo Molnar:
       "Two hw-enablement patches, two race fixes, three fixes for regressions
        of semantics, plus a number of tooling fixes"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86/intel: Add proper condition to run sched_task callbacks
        perf/core: Fix locking for children siblings group read
        perf/core: Fix scheduling regression of pinned groups
        perf/x86/intel: Fix debug_store reset field for freq events
        perf/x86/intel: Add Goldmont Plus CPU PMU support
        perf/x86/intel: Enable C-state residency events for Apollo Lake
        perf symbols: Accept zero as the kernel base address
        Revert "perf/core: Drop kernel samples even though :u is specified"
        perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its target
        perf evsel: State in the default event name if attr.exclude_kernel is set
        perf evsel: Fix attr.exclude_kernel setting for default cycles:p
      bbcdea65