Changes in 5.10.138
ALSA: info: Fix llseek return value when using callback
ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU
x86/mm: Use proper mask when setting PUD mapping
rds: add missing barrier to release_refill
ata: libata-eh: Add missing command name
mmc: pxamci: Fix another error handling path in pxamci_probe()
mmc: pxamci: Fix an error handling path in pxamci_probe()
mmc: meson-gx: Fix an error handling path in meson_mmc_probe()
btrfs: fix lost error handling when looking up extended ref on log replay
tracing: Have filter accept "common_cpu" to be consistent
ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II
can: ems_usb: fix clang's -Wunaligned-access warning
apparmor: fix quiet_denied for file rules
apparmor: fix absroot causing audited secids to begin with =
apparmor: Fix failed mount permission check error message
apparmor: fix aa_label_asxprint return check
apparmor: fix setting unconfined mode on a loaded profile
apparmor: fix overlapping attachment computation
apparmor: fix reference count leak in aa_pivotroot()
apparmor: Fix memleak in aa_simple_write_to_buffer()
Documentation: ACPI: EINJ: Fix obsolete example
NFSv4.1: Don't decrease the value of seq_nr_highest_sent
NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
NFSv4: Fix races in the legacy idmapper upcall
NFSv4.1: RECLAIM_COMPLETE must handle EACCES
NFSv4/pnfs: Fix a use-after-free bug in open
bpf: Acquire map uref in .init_seq_private for array map iterator
bpf: Acquire map uref in .init_seq_private for hash map iterator
bpf: Acquire map uref in .init_seq_private for sock local storage map iterator
bpf: Acquire map uref in .init_seq_private for sock{map,hash} iterator
bpf: Check the validity of max_rdwr_access for sock local storage map iterator
can: mcp251x: Fix race condition on receive interrupt
net: atlantic: fix aq_vec index out of range error
sunrpc: fix expiry of auth creds
SUNRPC: Reinitialise the backchannel request buffers before reuse
virtio_net: fix memory leak inside XPD_TX with mergeable
devlink: Fix use-after-free after a failed reload
net: bgmac: Fix a BUG triggered by wrong bytes_compl
pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
pinctrl: sunxi: Add I/O bias setting for H6 R-PIO
pinctrl: qcom: sm8250: Fix PDC map
ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
geneve: do not use RT_TOS for IPv6 flowlabel
ipv6: do not use RT_TOS for IPv6 flowlabel
plip: avoid rcu debug splat
vsock: Fix memory leak in vsock_connect()
vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
dt-bindings: arm: qcom: fix MSM8916 MTP compatibles
dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources
ceph: use correct index when encoding client supported features
tools/vm/slabinfo: use alphabetic order when two values are equal
ceph: don't leak snap_rwsem in handle_cap_grant
kbuild: dummy-tools: avoid tmpdir leak in dummy gcc
tools build: Switch to new openssl API for test-libcrypto
NTB: ntb_tool: uninitialized heap data in tool_fn_write()
nfp: ethtool: fix the display error of `ethtool -m DEVNAME`
xen/xenbus: fix return type in xenbus_file_read()
atm: idt77252: fix use-after-free bugs caused by tst_timer
geneve: fix TOS inheriting for ipv4
perf probe: Fix an error handling path in 'parse_perf_probe_command()'
dpaa2-eth: trace the allocated address instead of page struct
nios2: page fault et.al. are *not* restartable syscalls...
nios2: don't leave NULLs in sys_call_table[]
nios2: traced syscall does need to check the syscall number
nios2: fix syscall restart checks
nios2: restarts apply only to the first sigframe we build...
nios2: add force_successful_syscall_return()
iavf: Fix adminq error handling
ASoC: tas2770: Set correct FSYNC polarity
ASoC: tas2770: Allow mono streams
ASoC: tas2770: Drop conflicting set_bias_level power setting
ASoC: tas2770: Fix handling of mute/unmute
netfilter: nf_tables: really skip inactive sets when allocating name
netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag
netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified
powerpc/pci: Fix get_phb_number() locking
spi: meson-spicc: add local pow2 clock ops to preserve rate between messages
net: dsa: mv88e6060: prevent crash on an unused port
net: moxa: pass pdev instead of ndev to DMA functions
net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry
net: dsa: felix: fix ethtool 256-511 and 512-1023 TX packet counters
net: genl: fix error path memory leak in policy dumping
net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions()
ice: Ignore EEXIST when setting promisc mode
i2c: imx: Make sure to unregister adapter on remove()
regulator: pca9450: Remove restrictions for regulator-name
i40e: Fix to stop tx_timeout recovery if GLOBR fails
fec: Fix timer capture timing in `fec_ptp_enable_pps()`
stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove()
igb: Add lock to avoid data race
kbuild: fix the modules order between drivers and libs
gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file
locking/atomic: Make test_and_*_bit() ordered on failure
ASoC: SOF: intel: move sof_intel_dsp_desc() forward
drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
audit: log nftables configuration change events once per table
netfilter: nftables: add helper function to set the base sequence number
netfilter: add helper function to set up the nfnetlink header and use it
drm/sun4i: dsi: Prevent underflow when computing packet sizes
PCI: Add ACS quirk for Broadcom BCM5750x NICs
platform/chrome: cros_ec_proto: don't show MKBP version if unsupported
usb: cdns3 fix use-after-free at workaround 2
usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info
irqchip/tegra: Fix overflow implicit truncation warnings
drm/meson: Fix overflow implicit truncation warnings
clk: ti: Stop using legacy clkctrl names for omap4 and 5
usb: host: ohci-ppc-of: Fix refcount leak bug
usb: renesas: Fix refcount leak bug
usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch
vboxguest: Do not use devm for irq
clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
uacce: Handle parent device removal or parent driver module rmmod
zram: do not lookup algorithm in backends table
clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description
scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input
gadgetfs: ep_io - wait until IRQ finishes
pinctrl: intel: Check against matching data instead of ACPI companion
cxl: Fix a memory leak in an error handling path
PCI/ACPI: Guard ARM64-specific mcfg_quirks
um: add "noreboot" command line option for PANIC_TIMEOUT=-1 setups
RDMA/rxe: Limit the number of calls to each tasklet
csky/kprobe: reclaim insn_slot on kprobe unregistration
selftests/kprobe: Do not test for GRP/ without event failures
dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
md: Notify sysfs sync_completed in md_reap_sync_thread()
nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown
drivers:md:fix a potential use-after-free bug
ext4: avoid remove directory when directory is corrupted
ext4: avoid resizing to a partial cluster size
lib/list_debug.c: Detect uninitialized lists
tty: serial: Fix refcount leak bug in ucc_uart.c
vfio: Clear the caps->buf to NULL after free
mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
modules: Ensure natural alignment for .altinstructions and __bug_table sections
riscv: mmap with PROT_WRITE but no PROT_READ is invalid
RISC-V: Add fast call path of crash_kexec()
watchdog: export lockup_detector_reconfigure
powerpc/32: Don't always pass -mcpu=powerpc to the compiler
ALSA: core: Add async signal helpers
ALSA: timer: Use deferred fasync helper
ALSA: control: Use deferred fasync helper
f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
f2fs: fix to do sanity check on segment type in build_sit_entries()
smb3: check xattr value length earlier
powerpc/64: Init jump labels before parse_early_param()
video: fbdev: i740fb: Check the argument of i740_calc_vclk()
MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
netfilter: nftables: fix a warning message in nf_tables_commit_audit_collect()
netfilter: nf_tables: fix audit memory leak in nf_tables_commit
tracing/probes: Have kprobes and uprobes use $COMM too
can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once()
can: j1939: j1939_session_destroy(): fix memory leak of skbs
PCI/ERR: Retain status from error notification
qrtr: Convert qrtr_ports from IDR to XArray
bpf: Fix KASAN use-after-free Read in compute_effective_progs
tee: fix memory leak in tee_shm_register()
Linux 5.10.138
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5983f3534b158edccd87bc7a7fe41ca07836d3eb
[ Upstream commit 87c482bdfa79f378297d92af49cdf265be199df5 ]
In the kernel image vmlinux.lds.S linker scripts the .altinstructions
and __bug_table sections are 4- or 8-byte aligned because they hold 32-
and/or 64-bit values.
Most architectures use altinstructions and BUG() or WARN() in modules as
well, but in the module linker script (module.lds.S) those sections are
currently missing. As consequence the linker will store their content
byte-aligned by default, which then can lead to unnecessary unaligned
memory accesses by the CPU when those tables are processed at runtime.
Usually unaligned memory accesses are unnoticed, because either the
hardware (as on x86 CPUs) or in-kernel exception handlers (e.g. on
parisc or sparc) emulate and fix them up at runtime. Nevertheless, such
unaligned accesses introduce a performance penalty and can even crash
the kernel if there is a bug in the unalignment exception handlers
(which happened once to me on the parisc architecture and which is why I
noticed that issue at all).
This patch fixes a non-critical issue and might be backported at any time.
It's trivial and shouldn't introduce any regression because it simply
tells the linker to use a different (8-byte alignment) for those
sections by default.
Signed-off-by: Helge Deller <deller@gmx.de>
Link: https://lore.kernel.org/all/Yr8%2Fgr8e8I7tVX4d@p100/
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit 6a3193cdd5e5b96ac65f04ee42555c216da332af upstream.
Merge module sections only when using Clang LTO. With ld.bfd, merging
sections does not appear to update the symbol tables for the module,
e.g. 'readelf -s' shows the value that a symbol would have had, if
sections were not merged. ld.lld does not show this problem.
The stale symbol table breaks gdb's function disassembler, and presumably
other things, e.g.
gdb -batch -ex "file arch/x86/kvm/kvm.ko" -ex "disassemble kvm_init"
reads the wrong bytes and dumps garbage.
Fixes: dd2776222abb ("kbuild: lto: merge module sections")
Cc: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210322234438.502582-1-seanjc@google.com
Cc: Stephen Boyd <swboyd@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The FIPS lab is required to test the service indicators and version
information services of the module, i.e. the
fips140_is_approved_service() and fips140_module_version() functions.
There are several ways we could support this:
- Implement the tests in the module ourselves. However it's unclear
that CMVP would allow this, and we would need the full list of tests,
which could change over time depending on what the lab decides to do.
- Support the lab writing, building, and loading a custom kernel module
(or a custom kernel image) that tests these functions.
- Provide a userspace interface to these services, restricted to builds
with CONFIG_CRYPTO_FIPS140_MOD_EVAL_TESTING=y. This would allow
writing the tests in userspace, which would be much easier.
Implement the last solution, since it's the easier of the two solutions
that are "guaranteed" to be allowed. Make the module register a char
device which supports some ioctls, one per function that needs to be
tested. Also provide some sample userspace code in samples/crypto/.
Note: copy_to_user() would break the integrity check, so take some care
to exclude it. This is allowed since this is non-production code.
Bug: 188620248
Change-Id: Ic256d9c5bd4d0c57ede88a3e3e76e89554909b38
Signed-off-by: Eric Biggers <ebiggers@google.com>
We currently only emit directives for handling the .text section into
the module linker script if both LTO and CFI are enabled, while for
other sections, we do this even if CFI is not enabled. This is
inconsistent at best, but as it also interferes with the assumption in
the fips140.ko module that the .text._start and .text._end input
sections are placed at the very start and end of the .text section,
which currently can only be relied upon if CFI is enabled.
So rearrange the #ifdef so that it only covers the .text.__cfi_check
input section. Note that aligning to page size is likely to be redundant
in any case, given that the .text section is laid out first, and module
allocations are page aligned to begin with, so making that part
unconditional is unlikely to make an observeable difference in the
output.
Bug: 153614920
Bug: 188620248
Fixes: 6be141eb36 ("ANDROID: crypto: fips140 - perform load time integrity check")
Change-Id: I3f9ed0ae8fa8fe5693c8d2964566cbb42c101aa7
Signed-off-by: Ard Biesheuvel <ardb@google.com>
(cherry picked from commit 6ae8277450ae86113cf7eea8b8348e509e2cc72d)
In order to comply with FIPS 140-2 requirements, implement a fips140
module that carries all AES, SHA-xxx and DRBG implementations with the
associated chaining mode templates, and perform an integrity selfcheck
at load time. The algorithms contained in the module will be registered
with the crypto API, and will supersede any existing copies of the same
algorithms that were already being provided by the core kernel.
Bug: 153614920
Bug: 188620248
Test: boot tested on Pixel hw both with and without a live algo ('hmac(sha1-ce)')
Change-Id: Ia893d9992fc12e2617d1ed2899c9794859c389d1
Signed-off-by: Ard Biesheuvel <ardb@google.com>
Merge module sections only when using Clang LTO. With ld.bfd, merging
sections does not appear to update the symbol tables for the module,
e.g. 'readelf -s' shows the value that a symbol would have had, if
sections were not merged. ld.lld does not show this problem.
The stale symbol table breaks gdb's function disassembler, and presumably
other things, e.g.
gdb -batch -ex "file arch/x86/kvm/kvm.ko" -ex "disassemble kvm_init"
reads the wrong bytes and dumps garbage.
Fixes: dd2776222abb ("kbuild: lto: merge module sections")
Cc: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210322234438.502582-1-seanjc@google.com
(cherry picked from commit 6a3193cdd5e5b96ac65f04ee42555c216da332af)
Bug: 187129171
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I295d9a6b71a41fd1585059d0f48a2a2c13eb2361
With CONFIG_LTO_CLANG_FULL, LLVM drops all CFI jump table symbols
from vmlinux, which doesn't affect kernel functionality, but can
make stack traces and other kernel output that prints out jump
table addresses harder to read.
This change works around the issue for now by adding a script that
tells kallsyms about the missing jump table symbols, even though
they don't actually exist in the symbol table, and generates a
linker script to add the missing symbols to kernel modules.
Bug: 186152035
Bug: 187415564
Change-Id: Ic3c51751c756f2f5fb2a31229e16c3397eb6e666
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
On modules with no executable code, LLVM generates a __cfi_check stub,
but won't align it to page size as expected. This change ensures the
function is at the beginning of the .text section and correctly aligned
for the CFI shadow.
Also discard the .eh_frame section, which LLD may emit with CFI_CLANG.
Bug: 145210207
Change-Id: I08923febb549aa64454282cc864ac80dadd717b9
Link: https://bugs.llvm.org/show_bug.cgi?id=46293
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
There was a request to preprocess the module linker script like we
do for the vmlinux one. (https://lkml.org/lkml/2020/8/21/512)
The difference between vmlinux.lds and module.lds is that the latter
is needed for external module builds, thus must be cleaned up by
'make mrproper' instead of 'make clean'. Also, it must be created
by 'make modules_prepare'.
You cannot put it in arch/$(SRCARCH)/kernel/, which is cleaned up by
'make clean'. I moved arch/$(SRCARCH)/kernel/module.lds to
arch/$(SRCARCH)/include/asm/module.lds.h, which is included from
scripts/module.lds.S.
scripts/module.lds is fine because 'make clean' keeps all the
build artifacts under scripts/.
You can add arch-specific sections in <asm/module.lds.h>.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Tested-by: Jessica Yu <jeyu@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Palmer Dabbelt <palmerdabbelt@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Jessica Yu <jeyu@kernel.org>
