ming_qian [Mon, 14 May 2018 05:37:00 +0000 (07:37 +0200)]
UBUNTU: SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device
BugLink: https://bugs.launchpad.net/bugs/1763748
The length of UVC 1.5 video control is 48, and it id 34 for UVC 1.1.
Change it to 48 for UVC 1.5 device,
and the UVC 1.5 device can be recognized.
More changes to the driver are needed for full UVC 1.5 compatibility.
However, at least the UVC 1.5 Realtek RTS5847/RTS5852 cameras have
been reported to work well.
Signed-off-by: ming_qian <ming_qian@realsil.com.cn> Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com> Acked-by: AceLan Kao <acelan.kao@canonical.com> Acked-by: Andy Whitcroft <andy.whitcroft@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
BugLink: http://bugs.launchpad.net/bugs/1769721
his adds support for the P950ER, which has the same required fixup as the P950HR, but has a different PCI ID.
Signed-off-by: Jeremy Soller <jeremy@system76.com> Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com> Acked-by: Po-Hsu Lin <po-hsu.lin@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Mika Westerberg [Thu, 3 May 2018 05:13:00 +0000 (07:13 +0200)]
thunderbolt: Prevent crash when ICM firmware is not running
BugLink: https://bugs.launchpad.net/bugs/1768292
On Lenovo ThinkPad Yoga 370 (and possibly some other Lenovo models as
well) the Thunderbolt host controller sometimes comes up in such way
that the ICM firmware is not running properly. This is most likely an
issue in BIOS/firmware but as side-effect driver crashes the kernel due
to NULL pointer dereference:
Paolo Pisati [Thu, 3 May 2018 08:25:00 +0000 (10:25 +0200)]
UBUNTU: [Config] snapdragon: DRM_I2C_ADV7511=y
BugLink: http://bugs.launchpad.net/bugs/1768761 Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Igor Russkikh [Wed, 2 May 2018 04:59:00 +0000 (06:59 +0200)]
net: aquantia: oops when shutdown on already stopped device
BugLink: https://bugs.launchpad.net/bugs/1767088
In case netdev is closed at the moment of pci shutdown, aq_nic_stop
gets called second time. napi_disable in that case hangs indefinitely.
In other case, if device was never opened at all, we get oops because
of null pointer access.
We should invoke aq_nic_stop conditionally, only if device is running
at the moment of shutdown.
Reported-by: David Arcari <darcari@redhat.com> Fixes: 90869ddfefeb ("net: aquantia: Implement pci shutdown callback") Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 9a11aff25fd43d5bd2660ababdc9f564b0ba183a) Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Igor Russkikh [Wed, 2 May 2018 04:59:00 +0000 (06:59 +0200)]
net: aquantia: Regression on reset with 1.x firmware
BugLink: https://bugs.launchpad.net/bugs/1767088
On ASUS XG-C100C with 1.5.44 firmware a special mode called "dirty wake"
is active. With this mode when motherboard gets powered (but no poweron
happens yet), NIC automatically enables powersave link and watches
for WOL packet.
This normally allows to powerup the PC after AC power failures.
Not all motherboards or bios settings gives power to PCI slots,
so this mode is not enabled on all the hardware.
4.16 linux driver introduced full hardware reset sequence
This is required since before that we had no NIC hardware
reset implemented and there were side effects of "not clean start".
But this full reset is incompatible with "dirty wake" WOL feature
it keeps the PHY link in a special mode forever. As a consequence,
driver sees no link and no traffic.
To fix this we forcibly change FW state to idle state before doing
the full reset. This makes FW to restore link state.
Fixes: c8c82eb net: aquantia: Introduce global AQC hardware reset sequence Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit cce96d1883dae4b79f44890e5118243d806da286) Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Benjamin Poirier [Fri, 27 Apr 2018 18:31:00 +0000 (20:31 +0200)]
e1000e: Remove Other from EIAC
BugLink: http://bugs.launchpad.net/bugs/1764892
It was reported that emulated e1000e devices in vmware esxi 6.5 Build 7526125 do not link up after commit 4aea7a5c5e94 ("e1000e: Avoid receiver
overrun interrupt bursts", v4.15-rc1). Some tracing shows that after
e1000e_trigger_lsc() is called, ICR reads out as 0x0 in e1000_msix_other()
on emulated e1000e devices. In comparison, on real e1000e 82574 hardware,
icr=0x80000004 (_INT_ASSERTED | _LSC) in the same situation.
Some experimentation showed that this flaw in vmware e1000e emulation can
be worked around by not setting Other in EIAC. This is how it was before 16ecba59bc33 ("e1000e: Do not read ICR in Other interrupt", v4.5-rc1).
Fixes: 4aea7a5c5e94 ("e1000e: Avoid receiver overrun interrupt bursts") Signed-off-by: Benjamin Poirier <bpoirier@suse.com> Tested-by: Aaron Brown <aaron.f.brown@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
(cherry picked from commit 745d0bd3af99ccc8c5f5822f808cd133eadad6ac) Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Acked-by: Khalid Elmously <khalid.elmously@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
UBUNTU: SAUCE: platform/x86: acer-wmi: add another KEY_POWER keycode
BugLink: http://bugs.launchpad.net/bugs/1766054
Now that we have informed the firmware that the Power Button driver is
active, laptops such as the Acer Swift 3 will generate a WMI key event with
code 0x87 when the power button key is pressed. Add this keycode to the
table so that it is converted to an appropriate input event.
Signed-off-by: Antonio Rosario Intilisano <antonio.intilisano@gmail.com> Acked-by: Gianfranco Costamagna <locutusofborg@debian.org> Cc: Chris Chiu <chiu@endlessm.com> Cc: Daniel Drake <drake@endlessm.com> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Hui Wang [Tue, 24 Apr 2018 05:10:00 +0000 (07:10 +0200)]
ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags
BugLink: https://bugs.launchpad.net/bugs/1766398
Otherwise, the pin will be regarded as microphone, and the jack name
is "Mic Phantom", it is always on in the pulseaudio even nothing is
plugged into the jack. So the UI is confusing to users since the
microphone always shows up in the UI even there is no microphone
plugged.
After adding this flag, the jack name is "Headset Mic Phantom", then
the pulseaudio can handle its detection correctly.
Fixes: f0ba9d699e5c ("ALSA: hda/realtek - Fix Dell headset Mic can't record") Cc: <stable@vger.kernel.org> Signed-off-by: Hui Wang <hui.wang@canonical.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
(cherry picked from commit 3ce0d5aa265bcc0a4b281cb0cabf92491276101b) Signed-off-by: Hui Wang <hui.wang@canonical.com> Acked-by: Po-Hsu Lin <po-hsu.lin@canonical.com> Acked-by: Aaron Ma <aaron.ma@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Hui Wang [Tue, 24 Apr 2018 05:44:00 +0000 (07:44 +0200)]
ALSA: hda/realtek - adjust the location of one mic
BugLink: https://bugs.launchpad.net/bugs/1766477
There are two front mics on this machine, if we don't adjust the
location for one of them, they will have the same mixer name,
pulseaudio can't handle this situation.
After applying this FIXUP, they will have different mixer name,
then pulseaudio can handle them correctly.
Cc: <stable@vger.kernel.org> Signed-off-by: Hui Wang <hui.wang@canonical.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
(cherry picked from commit a3dafb2200bf3c13905a088e82ae11f1eb275a83) Signed-off-by: Hui Wang <hui.wang@canonical.com> Acked-by: Aaron Ma <aaron.ma@canonical.com> Acked-by: Po-Hsu Lin <po-hsu.lin@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Colin Ian King [Tue, 17 Apr 2018 11:04:00 +0000 (13:04 +0200)]
UBUNTU: SAUCE: (noup) Update zfs to 0.7.5-1ubuntu15 (LP: #1764690)
BugLink: http://bugs.launchpad.net/bugs/1764690
This sync's SRU fixes in ZFS 0.7.5-1ubuntu15 to the kernel ZFS driver.
Fixes zfsonlinux issues fix in upstream ZFS repository:
- OpenZFS 8373 - TXG_WAIT in ZIL commit path
Closes zfsonlinux #6403
- zfs promote|rename .../%recv should be an error
Closes zfsonlinux #4843, #6339
- Fix parsable 'zfs get' for compressratios
Closes zfsonlinux #6436, #6449
- Fix zpool events scripted mode tab separator
Closes zfsonlinux #6444, #6445
- zv_suspend_lock in zvol_open()/zvol_release()
Closes zfsonlinux #6342
- Allow longer SPA names in stats, allows bigger pool names
Closes zfsonlinux #6481
- vdev_mirror: load balancing fixes
Closes zfsonlinux #6461
- Fix zfs_ioc_pool_sync should not use fnvlist
Closes zfsonlinux #6529
- OpenZFS 8375 - Kernel memory leak in nvpair code
Closes zfsonlinux #6578
- OpenZFS 7261 - nvlist code should enforce name length limit
Closes zfsonlinux #6579
- OpenZFS 5778 - nvpair_type_is_array() does not recognize
DATA_TYPE_INT8_ARRAY
Closes zfsonlinux #6580
- dmu_objset: release bonus buffer in failure path
Closes zfsonlinux #6575
- Fix false config_cache_write events
Closes zfsonlinux #6617
- Fix printk() calls missing log level
Closes zfsonlinux #6672
- Fix abdstats kstat on 32-bit systems
Closes zfsonlinux #6721
- Relax ASSERT for #6526
Closes zfsonlinux #6526
- Fix coverity defects: 147480, 147584 (Logically dead code)
Closes zfsonlinux #6745
- Fix coverity defects: CID 161388 (Resource Leak)
Closes zfsonlinux #6755
- Use ashift=12 by default on SSDSC2BW48 disks
Closes zfsonlinux #6774
- OpenZFS 8558, 8602 - lwp_create() returns EAGAIN
Closes zfsonlinux #6779
- ZFS send fails to dump objects larger than 128PiB
Closes zfsonlinux #6760
- Sort output of tunables in arc_summary.py
Closes zfsonlinux #6828
- Fix data on evict_skips in arc_summary.py
Closes zfsonlinux #6882, #6883
- Fix segfault in zpool iostat when adding VDEVs
Closes zfsonlinux #6748, #6872
- ZTS: Fix create-o_ashift test case
Closes zfsonlinux #6924, #6877
- Handle invalid options in arc_summary
Closes zfsonlinux #6983
- Call commit callbacks from the tail of the list
Closes zfsonlinux #6986
- Fix 'zpool add' handling of nested interior VDEVs
Closes zfsonlinux #6678, #6996
- Fix -fsanitize=address memory leak
kmem_alloc(0, ...) in userspace returns a leakable pointer.
Closes zfsonlinux #6941
- Revert raidz_map and _col structure types
Closes zfsonlinux #6981, #7023
- Use zap_count instead of cached z_size for unlink
Closes zfsonlinux #7019
- OpenZFS 8897 - zpool online -e fails assertion when run on non-leaf
vdevs
Closes zfsonlinux #7030
- OpenZFS 8898 - creating fs with checksum=skein on the boot pools
fails ungracefully
Closes zfsonlinux #7031
- Emit an error message before MMP suspends pool
Closes zfsonlinux #7048
- OpenZFS 8641 - "zpool clear" and "zinject" don't work on "spare"
or "replacing" vdevs
Closes zfsonlinux #7060
- OpenZFS 8835 - Speculative prefetch in ZFS not working for
misaligned reads
Closes zfsonlinux #7062
- OpenZFS 8972 - zfs holds: In scripted mode, do not pad columns with
spaces
Closes zfsonlinux #7063
- Revert "Remove wrong ASSERT in annotate_ecksum"
Closes zfsonlinux #7079
- OpenZFS 8731 - ASSERT3U(nui64s, <=, UINT16_MAX) fails for large
blocks
Closes zfsonlinux #7079
- Prevent zdb(8) from occasionally hanging on I/O
Closes zfsonlinux #6999
- Fix 'zfs receive -o' when used with '-e|-d'
Closes zfsonlinux #7088
- Change movaps to movups in AES-NI code
Closes zfsonlinux #7065, #7108
- tx_waited -> tx_dirty_delayed in trace_dmu.h
Closes zfsonlinux #7096
- OpenZFS 8966 - Source file zfs_acl.c, function
Closes zfsonlinux #7141
- Fix zdb -c traverse stop on damaged objset root
Closes zfsonlinux #7099
- Fix zle_decompress out of bound access
Closes zfsonlinux #7099
- Fix racy assignment of zcb.zcb_haderrors
Closes zfsonlinux #7099
- Fix zdb -R decompression
Closes zfsonlinux #7099, #4984
- Fix zdb -E segfault
Closes zfsonlinux #7099
- Fix zdb -ed on objset for exported pool
Closes zfsonlinux #7099, #6464
Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Khalid Elmously <khalid.elmously@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
drm/i915/edp: Do not do link training fallback or prune modes on EDP
BugLink: https://bugs.launchpad.net/bugs/1763271
In case of eDP because the panel has a fixed mode, the link rate
and lane count at which it is trained corresponds to the link BW
required to support the native resolution of the panel. In case of
panles with lower resolutions where fewer lanes are hooked up internally,
that number is reflected in the MAX_LANE_COUNT DPCD register of the panel.
So it is pointless to fallback to lower link rate/lane count in case
of link training failure on eDP connector since the lower link BW
will not support the native resolution of the panel and we cannot
prune the preferred mode on the eDP connector.
In case of Link training failure on the eDP panel, something is wrong
in the HW internally and hence driver errors out with a loud
and clear DRM_ERROR message.
v2:
* Fix the DEBUG_ERROR and add {} in else (Ville Syrjala)
Cc: Clinton Taylor <clinton.a.taylor@intel.com> Cc: Jim Bride <jim.bride@linux.intel.com> Cc: Jani Nikula <jani.nikula@linux.intel.com> Cc: Ville Syrjala <ville.syrjala@linux.intel.com> Cc: Dave Airlie <airlied@redhat.com> Cc: Daniel Vetter <daniel.vetter@ffwll.ch> Signed-off-by: Manasi Navare <manasi.d.navare@intel.com> Reviewed-by: Ville Syrjala <ville.syrjala@linux.intel.com>
Reference: https://bugs.freedesktop.org/show_bug.cgi?id=103369 Signed-off-by: Imre Deak <imre.deak@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/1507835618-23051-1-git-send-email-manasi.d.navare@intel.com
(cherry picked from commit c0cfb10d9e1de490e36d3b9d4228c0ea0ca30677) Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
(cherry picked from commit a306343bcd7df89d9d45a601929e26866e7b7a81) Signed-off-by: AceLan Kao <acelan.kao@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Michael Neuling [Fri, 27 Apr 2018 00:16:11 +0000 (10:16 +1000)]
stf-barrier: set eieio instruction bit 6 for future optimisations
Enable reserved instruction bit 6 in the eieio instruction; later a
faster version might be provided for this particular purpose (store
forward barrier) based on this hint.
Signed-off-by: Michael Neuling <mikey@neuling.org> Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com> Signed-off-by: Breno Leitao <brenohl@br.ibm.com>
CVE-2018-3639 (powerpc)
Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Nicholas Piggin [Tue, 24 Apr 2018 06:55:14 +0000 (16:55 +1000)]
powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
This patch prevents a possible store forwarding between privilege
domains, by inserting a store forwarding barrier in kernel entry and
exit paths.
Barriers must be inserted generally before the first load after moving
to a higher privilege, and after the last store before moving to a
lower privilege, HV and PR privilege transitions must be protected.
Barriers are added as patch sections, with all kernel/hypervisor entry
points patched, and the exit points to lower privilge levels patched
similarly to the RFI flush patching.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com> Signed-off-by: Breno Leitao <brenohl@br.ibm.com>
CVE-2018-3639 (powerpc)
Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Jiri Kosina [Thu, 10 May 2018 20:47:18 +0000 (22:47 +0200)]
x86/bugs: Fix __ssb_select_mitigation() return type
__ssb_select_mitigation() returns one of the members of enum ssb_mitigation,
not ssb_mitigation_cmd; fix the prototype to reflect that.
Fixes: 24f7fc83b9204 ("x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation") Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
CVE-2018-3639 (x86)
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
The style for the 'status' file is CamelCase or this. _.
Fixes: fae1fa0fc ("proc: Provide details on speculation flaw mitigations") Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
CVE-2018-3639 (x86)
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Intel collateral will reference the SSB mitigation bit in IA32_SPEC_CTL[2]
as SSBD (Speculative Store Bypass Disable).
Hence changing it.
It is unclear yet what the MSR_IA32_ARCH_CAPABILITIES (0x10a) Bit(4) name
is going to be. Following the rename it would be SSBD_NO but that rolls out
to Speculative Store Bypass Disable No.
Also fixed the missing space in X86_FEATURE_AMD_SSBD.
[ tglx: Fixup x86_amd_rds_enable() and rds_tif_to_amd_ls_cfg() as well ]
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
CVE-2018-3639 (x86)
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Thomas Gleixner [Fri, 4 May 2018 13:12:06 +0000 (15:12 +0200)]
seccomp: Move speculation migitation control to arch code
The migitation control is simpler to implement in architecture code as it
avoids the extra function call to check the mode. Aside of that having an
explicit seccomp enabled mode in the architecture mitigations would require
even more workarounds.
Move it into architecture code and provide a weak function in the seccomp
code. Remove the 'which' argument as this allows the architecture to decide
which mitigations are relevant for seccomp.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
CVE-2018-3639 (x86)
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Kees Cook [Thu, 3 May 2018 21:56:12 +0000 (14:56 -0700)]
seccomp: Add filter flag to opt-out of SSB mitigation
If a seccomp user is not interested in Speculative Store Bypass mitigation
by default, it can set the new SECCOMP_FILTER_FLAG_SPEC_ALLOW flag when
adding filters.
Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
CVE-2018-3639 (x86)
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Thomas Gleixner [Thu, 3 May 2018 20:09:15 +0000 (22:09 +0200)]
prctl: Add force disable speculation
For certain use cases it is desired to enforce mitigations so they cannot
be undone afterwards. That's important for loader stubs which want to
prevent a child from disabling the mitigation again. Will also be used for
seccomp(). The extra state preserving of the prctl state for SSB is a
preparatory step for EBPF dymanic speculation control.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
CVE-2018-3639 (x86)
[smb: minor context adaption in prctl.h] Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Kees Cook [Tue, 1 May 2018 22:07:31 +0000 (15:07 -0700)]
seccomp: Enable speculation flaw mitigations
When speculation flaw mitigations are opt-in (via prctl), using seccomp
will automatically opt-in to these protections, since using seccomp
indicates at least some level of sandboxing is desired.
Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
CVE-2018-3639 (x86)
Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Thomas Gleixner [Sun, 29 Apr 2018 13:26:40 +0000 (15:26 +0200)]
x86/speculation: Add prctl for Speculative Store Bypass mitigation
Add prctl based control for Speculative Store Bypass mitigation and make it
the default mitigation for Intel and AMD.
Andi Kleen provided the following rationale (slightly redacted):
There are multiple levels of impact of Speculative Store Bypass:
1) JITed sandbox.
It cannot invoke system calls, but can do PRIME+PROBE and may have call
interfaces to other code
2) Native code process.
No protection inside the process at this level.
3) Kernel.
4) Between processes.
The prctl tries to protect against case (1) doing attacks.
If the untrusted code can do random system calls then control is already
lost in a much worse way. So there needs to be system call protection in
some way (using a JIT not allowing them or seccomp). Or rather if the
process can subvert its environment somehow to do the prctl it can already
execute arbitrary code, which is much worse than SSB.
To put it differently, the point of the prctl is to not allow JITed code
to read data it shouldn't read from its JITed sandbox. If it already has
escaped its sandbox then it can already read everything it wants in its
address space, and do much worse.
The ability to control Speculative Store Bypass allows to enable the
protection selectively without affecting overall system performance.
Based on an initial patch from Tim Chen. Completely rewritten.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
CVE-2018-3639 (x86)
Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Thomas Gleixner [Sun, 29 Apr 2018 13:21:42 +0000 (15:21 +0200)]
x86/process: Allow runtime control of Speculative Store Bypass
The Speculative Store Bypass vulnerability can be mitigated with the
Reduced Data Speculation (RDS) feature. To allow finer grained control of
this eventually expensive mitigation a per task mitigation control is
required.
Add a new TIF_RDS flag and put it into the group of TIF flags which are
evaluated for mismatch in switch_to(). If these bits differ in the previous
and the next task, then the slow path function __switch_to_xtra() is
invoked. Implement the TIF_RDS dependent mitigation control in the slow
path.
If the prctl for controlling Speculative Store Bypass is disabled or no
task uses the prctl then there is no overhead in the switch_to() fast
path.
Update the KVM related speculation control functions to take TID_RDS into
account as well.
Based on a patch from Tim Chen. Completely rewritten.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Ingo Molnar <mingo@kernel.org> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
CVE-2018-3639 (x86)
Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Thomas Gleixner [Sun, 29 Apr 2018 13:20:11 +0000 (15:20 +0200)]
prctl: Add speculation control prctls
Add two new prctls to control aspects of speculation related vulnerabilites
and their mitigations to provide finer grained control over performance
impacting mitigations.
PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature
which is selected with arg2 of prctl(2). The return value uses bit 0-2 with
the following meaning:
Bit Define Description
0 PR_SPEC_PRCTL Mitigation can be controlled per task by
PR_SET_SPECULATION_CTRL
1 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is
disabled
2 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is
enabled
If all bits are 0 the CPU is not affected by the speculation misfeature.
If PR_SPEC_PRCTL is set, then the per task control of the mitigation is
available. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation
misfeature will fail.
PR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which
is selected by arg2 of prctl(2) per task. arg3 is used to hand in the
control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE.
The common return values are:
EINVAL prctl is not implemented by the architecture or the unused prctl()
arguments are not 0
ENODEV arg2 is selecting a not supported speculation misfeature
PR_SET_SPECULATION_CTRL has these additional return values:
ERANGE arg3 is incorrect, i.e. it's not either PR_SPEC_ENABLE or PR_SPEC_DISABLE
ENXIO prctl control of the selected speculation misfeature is disabled
The first supported controlable speculation misfeature is
PR_SPEC_STORE_BYPASS. Add the define so this can be shared between
architectures.
Based on an initial patch from Tim Chen and mostly rewritten.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Ingo Molnar <mingo@kernel.org> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
CVE-2018-3639 (x86)
[tyhicks: Minor backport for SAUCE patch context] Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Thomas Gleixner [Sun, 29 Apr 2018 13:01:37 +0000 (15:01 +0200)]
x86/speculation: Create spec-ctrl.h to avoid include hell
Having everything in nospec-branch.h creates a hell of dependencies when
adding the prctl based switching mechanism. Move everything which is not
required in nospec-branch.h to spec-ctrl.h and fix up the includes in the
relevant files.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Ingo Molnar <mingo@kernel.org>
CVE-2018-3639 (x86)
[tyhicks: Minor backport for context] Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
AMD does not need the Speculative Store Bypass mitigation to be enabled.
The parameters for this are already available and can be done via MSR
C001_1020. Each family uses a different bit in that MSR for this.
[ tglx: Expose the bit mask via a variable and move the actual MSR fiddling
into the bugs code as that's the right thing to do and also required
to prepare for dynamic enable/disable ]
Suggested-by: Borislav Petkov <bp@suse.de> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Ingo Molnar <mingo@kernel.org>
CVE-2018-3639 (x86)
[tyhicks: Minor backport for context] Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
x86/bugs/intel: Set proper CPU features and setup RDS
Intel CPUs expose methods to:
- Detect whether RDS capability is available via CPUID.7.0.EDX[31],
- The SPEC_CTRL MSR(0x48), bit 2 set to enable RDS.
- MSR_IA32_ARCH_CAPABILITIES, Bit(4) no need to enable RRS.
With that in mind if spec_store_bypass_disable=[auto,on] is selected set at
boot-time the SPEC_CTRL MSR to enable RDS if the platform requires it.
Note that this does not fix the KVM case where the SPEC_CTRL is exposed to
guests which can muck with it, see patch titled :
KVM/SVM/VMX/x86/spectre_v2: Support the combination of guest and host IBRS.
And for the firmware (IBRS to be set), see patch titled:
x86/spectre_v2: Read SPEC_CTRL MSR during boot and re-use reserved bits
[ tglx: Distangled it from the intel implementation and kept the call order ]
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Borislav Petkov <bp@suse.de> Reviewed-by: Ingo Molnar <mingo@kernel.org>
CVE-2018-3639 (x86)
Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation
Contemporary high performance processors use a common industry-wide
optimization known as "Speculative Store Bypass" in which loads from
addresses to which a recent store has occurred may (speculatively) see an
older value. Intel refers to this feature as "Memory Disambiguation" which
is part of their "Smart Memory Access" capability.
Memory Disambiguation can expose a cache side-channel attack against such
speculatively read values. An attacker can create exploit code that allows
them to read memory outside of a sandbox environment (for example,
malicious JavaScript in a web page), or to perform more complex attacks
against code running within the same privilege level, e.g. via the stack.
As a first step to mitigate against such attacks, provide two boot command
line control knobs:
By default affected x86 processors will power on with Speculative
Store Bypass enabled. Hence the provided kernel parameters are written
from the point of view of whether to enable a mitigation or not.
The parameters are as follows:
- auto - Kernel detects whether your CPU model contains an implementation
of Speculative Store Bypass and picks the most appropriate
mitigation.
- on - disable Speculative Store Bypass
- off - enable Speculative Store Bypass
[ tglx: Reordered the checks so that the whole evaluation is not done
when the CPU does not support RDS ]
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Borislav Petkov <bp@suse.de> Reviewed-by: Ingo Molnar <mingo@kernel.org>
CVE-2018-3639 (x86)
Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
x86/bugs, KVM: Support the combination of guest and host IBRS
A guest may modify the SPEC_CTRL MSR from the value used by the
kernel. Since the kernel doesn't use IBRS, this means a value of zero is
what is needed in the host.
But the 336996-Speculative-Execution-Side-Channel-Mitigations.pdf refers to
the other bits as reserved so the kernel should respect the boot time
SPEC_CTRL value and use that.
This allows to deal with future extensions to the SPEC_CTRL interface if
any at all.
Note: This uses wrmsrl() instead of native_wrmsl(). I does not make any
difference as paravirt will over-write the callq *0xfff.. with the wrmsrl
assembler code.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Borislav Petkov <bp@suse.de> Reviewed-by: Ingo Molnar <mingo@kernel.org>
CVE-2018-3639 (x86)
[tyhicks: Minor backport for context] Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
The 336996-Speculative-Execution-Side-Channel-Mitigations.pdf refers to all
the other bits as reserved. The Intel SDM glossary defines reserved as
implementation specific - aka unknown.
As such at bootup this must be taken it into account and proper masking for
the bits in use applied.
A copy of this document is available at
https://bugzilla.kernel.org/show_bug.cgi?id=199511
[ tglx: Made x86_spec_ctrl_base __ro_after_init ]
Suggested-by: Jon Masters <jcm@redhat.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Borislav Petkov <bp@suse.de> Reviewed-by: Ingo Molnar <mingo@kernel.org>
CVE-2018-3639 (x86)
Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Linus Torvalds [Tue, 1 May 2018 13:55:51 +0000 (15:55 +0200)]
x86/nospec: Simplify alternative_msr_write()
The macro is not type safe and I did look for why that "g" constraint for
the asm doesn't work: it's because the asm is more fundamentally wrong.
It does
movl %[val], %%eax
but "val" isn't a 32-bit value, so then gcc will pass it in a register,
and generate code like
movl %rsi, %eax
and gas will complain about a nonsensical 'mov' instruction (it's moving a
64-bit register to a 32-bit one).
Passing it through memory will just hide the real bug - gcc still thinks
the memory location is 64-bit, but the "movl" will only load the first 32
bits and it all happens to work because x86 is little-endian.
Convert it to a type safe inline function with a little trick which hands
the feature into the ALTERNATIVE macro.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
[smb: Added u32 casting to val to fix i386 build] Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Tyler Hicks [Fri, 4 May 2018 20:30:12 +0000 (20:30 +0000)]
UBUNTU: SAUCE: LSM stacking: adjust prctl values
Since LSM Stacking is provided as an early preview in the Ubuntu
kernels, we should use unusually high values for the LSM Stacking prctls
to reduce the chances of colliding with an upstream feature.
UBUNTU: Packaging: Depends on linux-base that provides the necessary tools
BugLink: http://bugs.launchpad.net/bugs/1767133
We Depends on linux-base because of linux-update-symlinks and
linux-check-removal. Those have been introduced in a version later than
4.0ubuntu1, which shipped on Xenial.
The unversioned Depends makes some upgrades to Bionic and installations of
linux-hwe-edge to break because those tools are not found during the configure
phase.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Andy Whitcroft <andy.whitcroft@canonical.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
UBUNTU: [Packaging] fix invocation of header postinst hooks
BugLink: http://bugs.launchpad.net/bugs/1766391
There's a typo in the headers postinst which prevents triggering
of dkms builds on installation. Change this to use the correct
path, /etc/kernel/header_postinst.d.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Khaled Elmously <khalid.elmously@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Khaled Elmously <khalid.elmously@canonical.com>
powerpc/pseries: Fix clearing of security feature flags
BugLink: http://bugs.launchpad.net/bugs/1765429
The H_CPU_BEHAV_* flags should be checked for in the 'behaviour' field
of 'struct h_cpu_char_result' -- 'character' is for H_CPU_CHAR_*
flags.
Found by playing around with QEMU's implementation of the hypercall:
This clears H_CPU_BEHAV_FAVOUR_SECURITY and H_CPU_BEHAV_L1D_FLUSH_PR
so pseries_setup_rfi_flush() disables 'rfi_flush'; and it also
clears H_CPU_CHAR_L1D_THREAD_PRIV flag. So there is no RFI flush
mitigation at all for cpu_show_meltdown() to report; but currently
it does:
Brown-paper-bag-by: Michael Ellerman <mpe@ellerman.id.au> Fixes: f636c14790ea ("powerpc/pseries: Set or clear security feature flags") Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
(cherry picked from commit 0f9bdfe3c77091e8704d2e510eb7c2c2c6cde524) Signed-off-by: Breno Leitao <leitao@debian.org> Acked-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Andy Whitcroft [Fri, 4 Aug 2017 15:49:43 +0000 (16:49 +0100)]
UBUNTU: [Packaging] signing -- switch to linux-image as signed when available
When we are signing for an architecture switch to producing a
linux-image-unsigned package from the primary source. linux-signed will
then produce the linux-image package which will be signed. We expect
all consumers to use the signed form even if they are not utilising
the signature.
BugLink: http://bugs.launchpad.net/bugs/1764794 Signed-off-by: Andy Whitcroft <apw@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Andy Whitcroft [Tue, 24 Oct 2017 12:41:57 +0000 (13:41 +0100)]
UBUNTU: [Packaging] switch to triggers for postinst.d postrm.d handling
When we install linux-image we have to run kernel postinst.d support in
case this kernel has no linux-image-extra. Should it have an extra and
we install we then have to assume that is being installed cold
and that the same processing is neeed. If we are installing both at the
same time, we necessarily trigger kernel postinst.d twice. As this
includes rebuilding the initramfs and reconfiguring the boot loader this
is very inefficient.
For removal of linux-image-extra when we remove the package we also
need to run postinst.d handling in order to pare down the initramfs to
linux-image contents only. However when we are removing both packages
we immediatly remove the rebuilt initramfs. Doubly annoying.
This patch switches us to using a trigger against the linux-image package
for all postinst.d and postrm.d handling. On installation postinst.d
gets triggered twice once by linux-image and once by linux-image-extra.
As triggers are non-cumulative we will only run this processing
once. When removing both packages we will trigger postinst.d from
linux-image-extra and then in linux-image postrm.d we effectivly ignore
the pending trigger and simply run the postrm.d. This prevents us from
rebuilding the initramfs.
BugLink: http://bugs.launchpad.net/bugs/1764794 Signed-off-by: Andy Whitcroft <apw@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1765083
Git commit c60a03fee0e5 ("s390: switch to {get,put}_compat_sigset()")
contains a typo and now copies the wrong pointer to user space.
Use the correct pointer instead.
Reported-and-tested-by: Stefan Liebler <stli@linux.vnet.ibm.com> Fixes: c60a03fee0e5 ("s390: switch to {get,put}_compat_sigset()") Cc: <stable@vger.kernel.org> # v4.15+ Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
(cherry picked from commit 8b09ca746a643ca452cd41a522046a96ee5a55fd) Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: d-i: move ipr to storage-core-modules on ppc64el
BugLink: https://bugs.launchpad.net/bugs/1751813
Drivers from scsi-modules are not included in the netinst initrd, while the
ones in storage-core-modules are.
As the installer does not wait or enable synchronous scan on the scsi devices,
if the driver is loaded late, the installer might not show all disks.
Though loading the driver earlier does not guarantee that all disks will be
shown, it is more likely, which makes ppc64el users happier, as this is the
most used controller on IBM Power Systems.
Moving the driver to storage-core-modules makes it included in the netinst
initrd, which makes it load earlier, and users have reported that makes disks
appear when the partitioning interface comes up.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
UBUNTU: SAUCE: (no-up) rename the adv7511 drm driver to adv7511_drm
BugLink: http://bugs.launchpad.net/bugs/1764816
This has the same name as another module, and due to some quirk
only one of them will get installed. Which one it is seems to be
nondeterministic, but if the drm module is missing in our
snapdragon flavor then the display and audio will fail to work.
Rename the module to avoid the duplication.
Acked-by: Colin Ian King <colin.king@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
John Johansen [Sat, 14 Apr 2018 05:52:58 +0000 (22:52 -0700)]
UBUNTU: SAUCE: apparmor: fix memory leak when duplicate profile load
AppArmor is leaking the newly loaded profile and its proxy when
the profile is an exact match to the currently loaded version.
In this case the match check results in the profile being skipped
and put with out dealing with the proxy and forwarding thus creating
a circular refcount and a leak.
BugLink: http://bugs.launchpad.net/bugs/1757346 Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Colin King <colin.king@canonical.com>
Heikki Krogerus [Mon, 26 Mar 2018 10:44:42 +0000 (13:44 +0300)]
UBUNTU: SAUCE: usb: typec: ucsi: Increase command completion timeout value
BugLink: http://bugs.launchpad.net/bugs/1758797
On some boards, under heavy load, the EC firmware is
unable to complete commands even in one second. Increasing
the command completion timeout value to five seconds.
Fixes: c1b0bc2dabfa ("usb: typec: Add support for UCSI interface") Cc: <stable@vger.kernel.org> Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Colin King <colin.king@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com>
However it's an error to do so if it already has an active
pool VP.
This happens when doing soft CPU hotplug on powernv since we
don't tear down the CPU on unplug. The HW flags the error which
gets captured by the diagnostics.
Fix this by making sure to "pull" out any already active pool
first.
In future, to reduce kernel churn with patches to modify registers, any
registers which may change between board models (mostly PHY/SERDES related)
should be set in ACPI reset handler.
Signed-off-by: Xiaofei Tan <tanxiaofei@huawei.com> Signed-off-by: Xiang Chen <chenxiang66@hisilicon.com> Signed-off-by: John Garry <john.garry@huawei.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
(cherry picked from commit 15c38e31c47c0f2cd7e959054258714991a6a2d6) Signed-off-by: dann frazier <dann.frazier@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
BugLink: http://bugs.launchpad.net/bugs/1737673
drivers/staging/rts5208/sd.o: In function `.sd_power_off_card3v3':
(.text+0x5760): multiple definition of `.sd_power_off_card3v3'
drivers/misc/cardreader/rtsx_pcr.o:(.text+0x4630): first defined here
drivers/staging/rts5208/sd.o:(.opd+0x378): multiple definition of `sd_power_off_card3v3'
drivers/misc/cardreader/rtsx_pcr.o:(.opd+0x4f8): first defined here
drivers/staging/rts5208/ms.o: In function `.ms_power_off_card3v3':
(.text+0x5e70): multiple definition of `.ms_power_off_card3v3'
drivers/misc/cardreader/rtsx_pcr.o:(.text+0x46e0): first defined here
drivers/staging/rts5208/ms.o:(.opd+0x360): multiple definition of `ms_power_off_card3v3'
drivers/misc/cardreader/rtsx_pcr.o:(.opd+0x510): first defined here
Fixes: 5da4e04ae480 ("misc: rtsx: Add support for RTS5260") Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Lee Jones <lee.jones@linaro.org>
(cherry picked from commit 51bd7125f740a1bc9e79cd117d7d50f1dc67a446) Signed-off-by: AceLan Kao <acelan.kao@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
BugLink: http://bugs.launchpad.net/bugs/1737673
Add support for new chip rts5260.
In order to support rts5260, the definitions of
some internal registers and workflow have to be
modified and are different from its predecessors
and OCP function is added for RTS5260. So we need
this patch to ensure RTS5260 can work.
Signed-off-by: Rui Feng <rui_feng@realsil.com.cn> Reviewed-by: Daniel Bristot de Oliveira <bristot@redhat.com> Tested-by: Perry Yuan <perry_yuan@dell.com> Signed-off-by: Lee Jones <lee.jones@linaro.org>
(cherry picked from commit 5da4e04ae480aac5274dd020af3dfa21935028f7) Signed-off-by: AceLan Kao <acelan.kao@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: AceLan Kao <acelan.kao@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
misc: rtsx: Move Realtek Card Reader Driver to misc
BugLink: http://bugs.launchpad.net/bugs/1737673
Because Realtek card reader drivers are pcie and usb drivers,
and they bridge mmc subsystem and memstick subsystem, they are
not mfd drivers. Greg and Lee Jones had a discussion about
where to put the drivers, the result is that misc is a good
place for them, so I move all files to misc. If I don't move
them to a right place, I can't add any patch for this driver.
Signed-off-by: Rui Feng <rui_feng@realsil.com.cn> Reviewed-by: Daniel Bristot de Oliveira <bristot@redhat.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Ulf Hansson <ulf.hansson@linaro.org> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Tested-by: Perry Yuan <perry_yuan@dell.com> Signed-off-by: Lee Jones <lee.jones@linaro.org>
(backported from commit e455b69ddf9b69326d0cab28d374faf3325489c9) Signed-off-by: AceLan Kao <acelan.kao@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Tal Gilboa [Thu, 12 Apr 2018 06:42:56 +0000 (09:42 +0300)]
net/mlx5e: Fix int overflow
BugLink: http://bugs.launchpad.net/bugs/1763269
When calculating difference between samples, the values
are multiplied by 100. Large values may cause int overflow
when multiplied (usually on first iteration).
Fixed by forcing 100 to be of type unsigned long.
Fixes: 4c4dbb4a7363 ("net/mlx5e: Move dynamic interrupt coalescing code to include/linux") Signed-off-by: Tal Gilboa <talgi@mellanox.com> Reviewed-by: Andy Gospodarek <gospo@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
(backported from commit f97c3dc3c0e8d23a5c4357d182afeef4c67f5c33) Signed-off-by: Talat Batheesh <talatb@mellanox.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
John Johansen [Wed, 11 Apr 2018 09:03:26 +0000 (02:03 -0700)]
apparmor: fix mediation of prlimit
BugLink: http://bugs.launchpad.net/bugs/1763427
For primit apparmor requires that if target confinement does not match
the setting task's confinement, the setting task requires CAP_SYS_RESOURCE.
Unfortunately this was broken when rlimit enforcement was reworked to
support labels.
Fixes: 86b92cb782b3 ("apparmor: move resource checks to using labels") Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit a4c2746f4d4b32d8557ee17821f1101fd8474f92
git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor) Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Colin Ian King [Tue, 27 Mar 2018 13:35:58 +0000 (14:35 +0100)]
apparmor: fix memory leak on buffer on error exit path
BugLink: http://bugs.launchpad.net/bugs/1763427
Currently on the error exit path the allocated buffer is not free'd
causing a memory leak. Fix this by kfree'ing it.
Detected by CoverityScan, CID#1466876 ("Resource leaks")
Fixes: 1180b4c757aa ("apparmor: fix dangling symlinks to policy rawdata after replacement") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 588558eb6d0e0b6edfa65a67e906c2ffeba63ff1
git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor) Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
John Johansen [Fri, 16 Mar 2018 05:31:38 +0000 (22:31 -0700)]
apparmor: fix dangling symlinks to policy rawdata after replacement
BugLink: http://bugs.launchpad.net/bugs/1763427
When policy replacement occurs the symlinks in the profile directory
need to be updated to point to the new rawdata, otherwise once the
old rawdata is removed the symlink becomes broken.
Fix this by dynamically generating the symlink everytime it is read.
These links are used enough that their value needs to be cached and
this way we can avoid needing locking to read and update the link
value.
Fixes: a481f4d917835 ("apparmor: add custom apparmorfs that will be used by policy namespace files") BugLink: http://bugs.launchpad.net/bugs/1755563 Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 1180b4c757aab5506f1be367000364dd5cf5cd02
git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor) Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
John Johansen [Thu, 1 Feb 2018 11:32:02 +0000 (12:32 +0100)]
apparmor: audit unknown signal numbers
BugLink: http://bugs.launchpad.net/bugs/1763427
Allow apparmor to audit the number of a signal that it does not
provide a mapping for and is currently being reported only as
unknown.
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 3acfd5f54ca16c15c36ac2f218357f2707b7edb8
git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor) Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
A ptrace rule should be able to specify a generic trace pattern with
a rule like
signal send A//&**,
however this is failing because while the correct label match routine
is called, it is being done post label decomposition so it is always
being done against a profile instead of the stacked label.
To fix this refactor the cross check to pass the full peer label in to
the label_match.
Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 3dc6b1ce6861ebf40b68ab4b752a05584a1f99bf
git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor) Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
John Johansen [Thu, 1 Feb 2018 10:24:10 +0000 (11:24 +0100)]
apparmor: fix logging of the existence test for signals
BugLink: http://bugs.launchpad.net/bugs/1763427
The existence test is not being properly logged as the signal mapping
maps it to the last entry in the named signal table. This is done
to help catch bugs by making the 0 mapped signal value invalid so
that we can catch the signal value not being filled in.
When fixing the off-by-one comparision logic the reporting of the
existence test was broken, because the logic behind the mapped named
table was hidden. Fix this by adding a define for the name lookup
and using it.
Cc: Stable <stable@vger.kernel.org> Fixes: f7dc4c9a855a1 ("apparmor: fix off-by-one comparison on MAXMAPPED_SIG") Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 98cf5bbff413eadf1b9cb195a7b80cc61c72a50e
git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor) Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
BugLink: http://bugs.launchpad.net/bugs/1762913
The powerpc NMI IPIs may not be recoverable if they are taken in
some sections of code, and also there have been and still are issues
with taking NMIs (in KVM guest code, in firmware, etc) which makes them
a bit dangerous to use.
Generic code like softlockup detector and rcu stall detectors really
hammer on trigger_*_backtrace, which has lead to further problems
because we've implemented it with the NMI.
So stop providing NMI backtraces for now. Importantly, the powerpc code
uses NMI IPIs in crash/debug, and the SMP hardlockup watchdog. So if the
softlockup and rcu hang detection traces are not being printed because
the CPU is stuck with interrupts off, then the hard lockup watchdog
should get it with the NMI IPI.
Fixes: 2104180a5369 ("powerpc/64s: implement arch-specific hardlockup watchdog") Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
(cherry picked from commit 47712a921bb781caf69fca9eae43be19968816cb) Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
BugLink: http://bugs.launchpad.net/bugs/1762928
Currently it's possible that a thread on PPC64 LE has its endianness
flipped inadvertently to Big-Endian resulting in a crash once the process
is back from the signal handler.
If giveup_all() is called when regs->msr has the bits MSR.FP and MSR.VEC
disabled (and hence MSR.VSX disabled too) it returns without calling
check_if_tm_restore_required() which copies regs->msr to ckpt_regs->msr if
the process caught a signal whilst in transactional mode. Then once in
setup_tm_sigcontexts() MSR from ckpt_regs.msr is used, but since
check_if_tm_restore_required() was not called previuosly, gp_regs[PT_MSR]
gets a copy of invalid MSR bits as MSR in ckpt_regs was not updated from
regs->msr and so is zeroed. Later when leaving the signal handler once in
sys_rt_sigreturn() the TS bits of gp_regs[PT_MSR] are checked to determine
if restore_tm_sigcontexts() must be called to pull in the correct MSR state
into the user context. Because TS bits are zeroed
restore_tm_sigcontexts() is never called and MSR restored from the user
context on returning from the signal handler has the MSR.LE (the endianness
bit) forced to zero (Big-Endian). That leads, for instance, to 'nop' being
treated as an illegal instruction in the following sequence:
tbegin.
beq 1f
trap
tend.
1: nop
on PPC64 LE machines and the process dies just after returning from the
signal handler.
PPC64 BE is also affected but in a subtle way since forcing Big-Endian on
a BE machine does not change the endianness.
This commit fixes the issue described above by ensuring that once in
setup_tm_sigcontexts() the MSR used is from regs->msr instead of from
ckpt_regs->msr and by ensuring that we pull in only the MSR.FP, MSR.VEC,
and MSR.VSX bits from ckpt_regs->msr.
The fix was tested both on LE and BE machines and no regression regarding
the powerpc/tm selftests was observed.
Signed-off-by: Gustavo Romero <gromero@linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
(cherry picked from commit 1c200e63d055ec0125e44a5e386b9b78aada7eb3) Signed-off-by: Joseph Salisbury <joseph.salisbury@canonical.com> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
projects / mirror_ubuntu-bionic-kernel.git / log