James Morris [Tue, 30 Sep 2014 14:45:26 +0000 (00:45 +1000)]
Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next
James Morris [Tue, 30 Sep 2014 14:44:04 +0000 (00:44 +1000)]
Merge commit 'v3.16' into next
Richard Guy Briggs [Fri, 19 Sep 2014 00:47:48 +0000 (20:47 -0400)]
selinux: normalize audit log formatting
Restructure to keyword=value pairs without spaces. Drop superfluous words in
text. Make invalid_context a keyword. Change result= keyword to seresult=.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[Minor rewrite to the patch subject line]
Signed-off-by: Paul Moore <pmoore@redhat.com>
Richard Guy Briggs [Fri, 19 Sep 2014 00:50:17 +0000 (20:50 -0400)]
selinux: cleanup error reporting in selinux_nlmsg_perm()
Convert audit_log() call to WARN_ONCE().
Rename "type=" to nlmsg_type=" to avoid confusion with the audit record
type.
Added "protocol=" to help track down which protocol (NETLINK_AUDIT?) was used
within the netlink protocol family.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[Rewrote the patch subject line]
Signed-off-by: Paul Moore <pmoore@redhat.com>
James Morris [Mon, 22 Sep 2014 12:54:56 +0000 (22:54 +1000)]
Merge tag 'keys-next-
20140922' of git://git./linux/kernel/git/dhowells/linux-fs into next
David Howells [Sun, 21 Sep 2014 23:02:01 +0000 (00:02 +0100)]
KEYS: Check hex2bin()'s return when generating an asymmetric key ID
As it stands, the code to generate an asymmetric key ID prechecks the hex
string it is given whilst determining the length, before it allocates the
buffer for hex2bin() to translate into - which mean that checking the result of
hex2bin() is redundant.
Unfortunately, hex2bin() is marked as __must_check, which means that the
following warning may be generated if the return value isn't checked:
crypto/asymmetric_keys/asymmetric_type.c: In function
asymmetric_key_hex_to_key_id:
crypto/asymmetric_keys/asymmetric_type.c:110: warning: ignoring return
value of hex2bin, declared with attribute warn_unused_result
The warning can't be avoided by casting the result to void.
Instead, use strlen() to check the length of the string and ignore the fact
that the string might not be entirely valid hex until after the allocation has
been done - in which case we can use the result of hex2bin() for this.
Signed-off-by: David Howells <dhowells@redhat.com>
James Morris [Thu, 18 Sep 2014 13:52:46 +0000 (23:52 +1000)]
Merge branch 'smack-for-3.18' of git://git.gitorious.org/smack-next/kernel into next
David Howells [Tue, 16 Sep 2014 16:38:07 +0000 (17:38 +0100)]
Merge tag 'keys-pkcs7-
20140916' into keys-next
Changes for next to improve the matching of asymmetric keys and to improve the
handling of PKCS#7 certificates:
(1) Provide a method to preparse the data supplied for matching a key. This
permits they key type to extract out the bits it needs for matching once
only.
Further, the type of search (direct lookup or iterative) can be set and
the function used to actually check the match can be set by preparse
rather than being hard coded for the type.
(2) Improves asymmetric keys identification.
Keys derived from X.509 certs now get labelled with IDs derived from their
issuer and certificate number (required to match PKCS#7) and from their
SKID and subject (required to match X.509).
IDs are now binary and match criterion preparsing is provided so that
criteria can be turned into binary blobs to make matching faster.
(3) Improves PKCS#7 message handling to permit PKCS#7 messages without X.509
cert lists to be matched to trusted keys, thereby allowing minimally sized
PKCS#7 certs to be used.
(4) Improves PKCS#7 message handling to better handle certificate chains that
are broken due to unsupported crypto that can otherwise by used to
intersect a trust keyring.
These must go on top of the PKCS#7 parser cleanup fixes.
Signed-off-by: David Howells <dhowells@redhat.com>
David Howells [Tue, 16 Sep 2014 16:36:17 +0000 (17:36 +0100)]
PKCS#7: Handle PKCS#7 messages that contain no X.509 certs
The X.509 certificate list in a PKCS#7 message is optional. To save space, we
can omit the inclusion of any X.509 certificates if we are sure that we can
look the relevant public key up by the serial number and issuer given in a
signed info block.
This also supports use of a signed info block for which we can't find a
matching X.509 cert in the certificate list, though it be populated.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
David Howells [Tue, 16 Sep 2014 16:36:15 +0000 (17:36 +0100)]
PKCS#7: Better handling of unsupported crypto
Provide better handling of unsupported crypto when verifying a PKCS#7 message.
If we can't bridge the gap between a pair of X.509 certs or between a signed
info block and an X.509 cert because it involves some crypto we don't support,
that's not necessarily the end of the world as there may be other ways points
at which we can intersect with a ring of trusted keys.
Instead, only produce ENOPKG immediately if all the signed info blocks in a
PKCS#7 message require unsupported crypto to bridge to the first X.509 cert.
Otherwise, we defer the generation of ENOPKG until we get ENOKEY during trust
validation.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
David Howells [Tue, 16 Sep 2014 16:36:13 +0000 (17:36 +0100)]
KEYS: Overhaul key identification when searching for asymmetric keys
Make use of the new match string preparsing to overhaul key identification
when searching for asymmetric keys. The following changes are made:
(1) Use the previously created asymmetric_key_id struct to hold the following
key IDs derived from the X.509 certificate or PKCS#7 message:
id: serial number + issuer
skid: subjKeyId + subject
authority: authKeyId + issuer
(2) Replace the hex fingerprint attached to key->type_data[1] with an
asymmetric_key_ids struct containing the id and the skid (if present).
(3) Make the asymmetric_type match data preparse select one of two searches:
(a) An iterative search for the key ID given if prefixed with "id:". The
prefix is expected to be followed by a hex string giving the ID to
search for. The criterion key ID is checked against all key IDs
recorded on the key.
(b) A direct search if the key ID is not prefixed with "id:". This will
look for an exact match on the key description.
(4) Make x509_request_asymmetric_key() take a key ID. This is then converted
into "id:<hex>" and passed into keyring_search() where match preparsing
will turn it back into a binary ID.
(5) X.509 certificate verification then takes the authority key ID and looks
up a key that matches it to find the public key for the certificate
signature.
(6) PKCS#7 certificate verification then takes the id key ID and looks up a
key that matches it to find the public key for the signed information
block signature.
Additional changes:
(1) Multiple subjKeyId and authKeyId values on an X.509 certificate cause the
cert to be rejected with -EBADMSG.
(2) The 'fingerprint' ID is gone. This was primarily intended to convey PGP
public key fingerprints. If PGP is supported in future, this should
generate a key ID that carries the fingerprint.
(3) Th ca_keyid= kernel command line option is now converted to a key ID and
used to match the authority key ID. Possibly this should only match the
actual authKeyId part and not the issuer as well.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
David Howells [Tue, 16 Sep 2014 16:36:11 +0000 (17:36 +0100)]
KEYS: Implement binary asymmetric key ID handling
Implement the first step in using binary key IDs for asymmetric keys rather
than hex string keys.
The previously added match data preparsing will be able to convert hex
criterion strings into binary which can then be compared more rapidly.
Further, we actually want more then one ID string per public key. The problem
is that X.509 certs refer to other X.509 certs by matching Issuer + AuthKeyId
to Subject + SubjKeyId, but PKCS#7 messages match against X.509 Issuer +
SerialNumber.
This patch just provides facilities for a later patch to make use of.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
David Howells [Tue, 16 Sep 2014 16:36:09 +0000 (17:36 +0100)]
KEYS: Update the keyrings documentation for match changes
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
David Howells [Tue, 16 Sep 2014 16:36:08 +0000 (17:36 +0100)]
KEYS: Make the key matching functions return bool
Make the key matching functions pointed to by key_match_data::cmp return bool
rather than int.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
David Howells [Tue, 16 Sep 2014 16:36:06 +0000 (17:36 +0100)]
KEYS: Remove key_type::match in favour of overriding default by match_preparse
A previous patch added a ->match_preparse() method to the key type. This is
allowed to override the function called by the iteration algorithm.
Therefore, we can just set a default that simply checks for an exact match of
the key description with the original criterion data and allow match_preparse
to override it as needed.
The key_type::match op is then redundant and can be removed, as can the
user_match() function.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
David Howells [Tue, 16 Sep 2014 16:36:04 +0000 (17:36 +0100)]
KEYS: Remove key_type::def_lookup_type
Remove key_type::def_lookup_type as it's no longer used. The information now
defaults to KEYRING_SEARCH_LOOKUP_DIRECT but may be overridden by
type->match_preparse().
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
David Howells [Tue, 16 Sep 2014 16:36:02 +0000 (17:36 +0100)]
KEYS: Preparse match data
Preparse the match data. This provides several advantages:
(1) The preparser can reject invalid criteria up front.
(2) The preparser can convert the criteria to binary data if necessary (the
asymmetric key type really wants to do binary comparison of the key IDs).
(3) The preparser can set the type of search to be performed. This means
that it's not then a one-off setting in the key type.
(4) The preparser can set an appropriate comparator function.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
David Howells [Tue, 16 Sep 2014 16:36:01 +0000 (17:36 +0100)]
Provide a binary to hex conversion function
Provide a function to convert a buffer of binary data into an unterminated
ascii hex string representation of that data.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
David Howells [Tue, 16 Sep 2014 16:32:55 +0000 (17:32 +0100)]
Merge tag 'keys-next-fixes-
20140916' into keys-next
Merge in keyrings fixes for next:
(1) Insert some missing 'static' annotations.
Signed-off-by: David Howells <dhowells@redhat.com>
David Howells [Tue, 16 Sep 2014 16:32:16 +0000 (17:32 +0100)]
Merge tag 'keys-fixes-
20140916' into keys-next
Merge in keyrings fixes, at least some of which later patches depend on:
(1) Reinstate the production of EPERM for key types beginning with '.' in
requests from userspace.
(2) Tidy up the cleanup of PKCS#7 message signed information blocks and fix a
bug this made more obvious.
Signed-off-by: David Howells <dhowells@redhat.coM>
David Howells [Tue, 16 Sep 2014 16:29:03 +0000 (17:29 +0100)]
PKCS#7: Fix the parser cleanup to drain parsed out X.509 certs
Fix the parser cleanup code to drain parsed out X.509 certs in the case that
the decode fails and we jump to error_decode.
The function is rearranged so that the same cleanup code is used in the success
case as the error case - just that the message descriptor under construction is
only released if it is still pointed to by the context struct at that point.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
David Howells [Tue, 16 Sep 2014 16:29:03 +0000 (17:29 +0100)]
PKCS#7: Provide a single place to do signed info block freeing
The code to free a signed info block is repeated several times, so move the
code to do it into a function of its own. This gives us a place to add clean
ups for stuff that gets added to pkcs7_signed_info.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
David Howells [Tue, 16 Sep 2014 16:29:03 +0000 (17:29 +0100)]
KEYS: Reinstate EPERM for a key type name beginning with a '.'
Reinstate the generation of EPERM for a key type name beginning with a '.' in
a userspace call. Types whose name begins with a '.' are internal only.
The test was removed by:
commit
a4e3b8d79a5c6d40f4a9703abf7fe3abcc6c3b8d
Author: Mimi Zohar <zohar@linux.vnet.ibm.com>
Date: Thu May 22 14:02:23 2014 -0400
Subject: KEYS: special dot prefixed keyring name bug fix
I think we want to keep the restriction on type name so that userspace can't
add keys of a special internal type.
Note that removal of the test causes several of the tests in the keyutils
testsuite to fail.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
David Howells [Tue, 16 Sep 2014 16:07:07 +0000 (17:07 +0100)]
PKCS#7: Add a missing static
Add a missing static (found by checker).
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
David Howells [Tue, 16 Sep 2014 16:07:07 +0000 (17:07 +0100)]
KEYS: Fix missing statics
Fix missing statics (found by checker).
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
James Morris [Fri, 12 Sep 2014 12:40:22 +0000 (22:40 +1000)]
Merge branch 'next' of git://git./linux/kernel/git/zohar/linux-integrity into next
Paul Moore [Wed, 10 Sep 2014 21:09:57 +0000 (17:09 -0400)]
selinux: make the netif cache namespace aware
While SELinux largely ignores namespaces, for good reason, there are
some places where it needs to at least be aware of namespaces in order
to function correctly. Network namespaces are one example. Basic
awareness of network namespaces are necessary in order to match a
network interface's index number to an actual network device.
This patch corrects a problem with network interfaces added to a
non-init namespace, and can be reproduced with the following commands:
[NOTE: the NetLabel configuration is here only to active the dynamic
networking controls ]
# netlabelctl unlbl add default address:0.0.0.0/0 \
label:system_u:object_r:unlabeled_t:s0
# netlabelctl unlbl add default address:::/0 \
label:system_u:object_r:unlabeled_t:s0
# netlabelctl cipsov4 add pass doi:100 tags:1
# netlabelctl map add domain:lspp_test_netlabel_t \
protocol:cipsov4,100
# ip link add type veth
# ip netns add myns
# ip link set veth1 netns myns
# ip a add dev veth0 10.250.13.100/24
# ip netns exec myns ip a add dev veth1 10.250.13.101/24
# ip l set veth0 up
# ip netns exec myns ip l set veth1 up
# ping -c 1 10.250.13.101
# ip netns exec myns ping -c 1 10.250.13.100
Reported-by: Jiri Jaburek <jjaburek@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Dmitry Kasatkin [Wed, 2 Jul 2014 12:42:19 +0000 (15:42 +0300)]
integrity: make integrity files as 'integrity' module
The kernel print macros use the KBUILD_MODNAME, which is initialized
to the module name. The current integrity/Makefile makes every file
as its own module, so pr_xxx messages are prefixed with the file name
instead of the module. Similar to the evm/Makefile and ima/Makefile,
this patch fixes the integrity/Makefile to use the single name
'integrity'.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Thu, 17 Apr 2014 12:07:15 +0000 (15:07 +0300)]
integrity: base integrity subsystem kconfig options on integrity
The integrity subsystem has lots of options and takes more than
half of the security menu. This patch consolidates the options
under "integrity", which are hidden if not enabled. This change
does not affect existing configurations. Re-configuration is not
needed.
Changes v4:
- no need to change "integrity subsystem" to menuconfig as
options are hidden, when not enabled. (Mimi)
- add INTEGRITY Kconfig help description
Changes v3:
- dependency to INTEGRITY removed when behind 'if INTEGRITY'
Changes v2:
- previous patch moved integrity out of the 'security' menu.
This version keeps integrity as a security option (Mimi).
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Thu, 17 Apr 2014 11:41:06 +0000 (14:41 +0300)]
integrity: move asymmetric keys config option
For better visual appearance it is better to co-locate
asymmetric key options together with signature support.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Thu, 8 May 2014 08:23:53 +0000 (11:23 +0300)]
ima: initialize only required template
IMA uses only one template. This patch initializes only required
template to avoid unnecessary memory allocations.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Reviewed-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Tue, 19 Aug 2014 13:48:39 +0000 (16:48 +0300)]
ima: remove usage of filename parameter
In all cases except ima_bprm_check() the filename was not defined
and ima_d_path() was used to find the full path. Unfortunately,
the bprm filename is a relative pathname (eg. ./<dir>/filename).
ima_bprm_check() selects between bprm->interp and bprm->filename.
The following dump demonstrates the differences between using
filename and interp.
bprm->filename
filename: ./foo.sh, pathname: /root/bin/foo.sh
filename: ./foo.sh, pathname: /bin/dash
bprm->interp
filename: ./foo.sh, pathname: /root/bin/foo.sh
filename: /bin/sh, pathname: /bin/dash
In both cases the pathnames are currently the same. This patch
removes usage of filename and interp in favor of d_absolute_path.
Changes v3:
- 11 extra bytes for "deleted" not needed (Mimi)
- purpose "replace relative bprm filename with full pathname" (Mimi)
Changes v2:
- use d_absolute_path() instead of d_path to work in chroot environments.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Wed, 20 Aug 2014 09:37:57 +0000 (12:37 +0300)]
ima: remove unnecessary appraisal test
ima_get_action() sets the "action" flags based on policy.
Before collecting, measuring, appraising, or auditing the
file, the "action" flag is updated based on the cached
iint->flags.
This patch removes the subsequent unnecessary appraisal
test in ima_appraise_measurement().
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Wed, 3 Sep 2014 07:19:58 +0000 (10:19 +0300)]
ima: add missing '__init' keywords
Add missing keywords to the function definition to cleanup
to discard initialization code.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Reviewed-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Wed, 3 Sep 2014 07:19:57 +0000 (10:19 +0300)]
ima: remove unnecessary extra variable
'function' variable value can be changed instead of
allocating extra '_func' variable.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Fri, 22 Aug 2014 06:43:55 +0000 (09:43 +0300)]
ima: simplify conditional statement to improve performance
Precede bit testing before string comparison makes code
faster. Also refactor statement as a single line pointer
assignment. Logic is following: we set 'xattr_ptr' to read
xattr value when we will do appraisal or in any case when
measurement template is other than 'ima'.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Tue, 19 Aug 2014 11:56:18 +0000 (14:56 +0300)]
integrity: remove declaration of non-existing functions
Commit
f381c27 "integrity: move ima inode integrity data management"
(re)moved few functions but left their declarations in header files.
This patch removes them and also removes duplicated declaration of
integrity_iint_find().
Commit
c7de7ad "ima: remove unused cleanup functions". This patch
removes these definitions as well.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Wed, 2 Jul 2014 12:12:26 +0000 (15:12 +0300)]
integrity: prevent flooding with 'Request for unknown key'
If file has IMA signature, IMA in enforce mode, but key is missing
then file access is blocked and single error message is printed.
If IMA appraisal is enabled in fix mode, then system runs as usual
but might produce tons of 'Request for unknown key' messages.
This patch switches 'pr_warn' to 'pr_err_ratelimited'.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Fri, 27 Jun 2014 15:15:44 +0000 (18:15 +0300)]
ima: pass 'opened' flag to identify newly created files
Empty files and missing xattrs do not guarantee that a file was
just created. This patch passes FILE_CREATED flag to IMA to
reliably identify new files.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org> 3.14+
Dmitry Kasatkin [Tue, 2 Sep 2014 13:31:43 +0000 (16:31 +0300)]
evm: properly handle INTEGRITY_NOXATTRS EVM status
Unless an LSM labels a file during d_instantiate(), newly created
files are not labeled with an initial security.evm xattr, until
the file closes. EVM, before allowing a protected, security xattr
to be written, verifies the existing 'security.evm' value is good.
For newly created files without a security.evm label, this
verification prevents writing any protected, security xattrs,
until the file closes.
Following is the example when this happens:
fd = open("foo", O_CREAT | O_WRONLY, 0644);
setxattr("foo", "security.SMACK64", value, sizeof(value), 0);
close(fd);
While INTEGRITY_NOXATTRS status is handled in other places, such
as evm_inode_setattr(), it does not handle it in all cases in
evm_protect_xattr(). By limiting the use of INTEGRITY_NOXATTRS to
newly created files, we can now allow setting "protected" xattrs.
Changelog:
- limit the use of INTEGRITY_NOXATTRS to IMA identified new files
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org> 3.14+
Jiri Pirko [Wed, 3 Sep 2014 15:42:13 +0000 (17:42 +0200)]
selinux: register nf hooks with single nf_register_hooks call
Push ipv4 and ipv6 nf hooks into single array and register/unregister
them via single call.
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Dmitry Kasatkin [Fri, 27 Jun 2014 15:04:27 +0000 (18:04 +0300)]
ima: provide flag to identify new empty files
On ima_file_free(), newly created empty files are not labeled with
an initial security.ima value, because the iversion did not change.
Commit
dff6efc "fs: fix iversion handling" introduced a change in
iversion behavior. To verify this change use the shell command:
$ (exec >foo)
$ getfattr -h -e hex -d -m security foo
This patch defines the IMA_NEW_FILE flag. The flag is initially
set, when IMA detects that a new file is created, and subsequently
checked on the ima_file_free() hook to set the initial security.ima
value.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org> 3.14+
Dmitry Kasatkin [Fri, 15 Aug 2014 10:49:22 +0000 (13:49 +0300)]
evm: prevent passing integrity check if xattr read fails
This patch fixes a bug, where evm_verify_hmac() returns INTEGRITY_PASS
if inode->i_op->getxattr() returns an error in evm_find_protected_xattrs.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Kees Cook [Tue, 12 Aug 2014 22:41:17 +0000 (15:41 -0700)]
seccomp: Add reviewers to MAINTAINERS
This adds two reviewers to the seccomp tree.
Signed-off-by: Kees Cook <keescook@chromium.org>
Paul Moore [Wed, 3 Sep 2014 14:51:59 +0000 (10:51 -0400)]
selinux: fix a problem with IPv6 traffic denials in selinux_ip_postroute()
A previous commit
c0828e50485932b7e019df377a6b0a8d1ebd3080 ("selinux:
process labeled IPsec TCP SYN-ACK packets properly in
selinux_ip_postroute()") mistakenly left out a 'break' from a switch
statement which caused problems with IPv6 traffic.
Thanks to Florian Westphal for reporting and debugging the issue.
Reported-by: Florian Westphal <fwestpha@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
David Howells [Tue, 2 Sep 2014 12:52:15 +0000 (13:52 +0100)]
KEYS: Set pr_fmt() in asymmetric key signature handling
Printing in base signature handling should have a prefix, so set pr_fmt().
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Dmitry Kasatkin [Fri, 15 Aug 2014 11:09:19 +0000 (14:09 +0300)]
evm: fix checkpatch warnings
This patch fixes checkpatch 'return' warnings introduced with commit
9819cf2 "checkpatch: warn on unnecessary void function return statements".
Use scripts/checkpatch.pl --file security/integrity/evm/evm_main.c
to produce the warnings.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Mon, 23 Jun 2014 17:32:56 +0000 (20:32 +0300)]
ima: fix fallback to use new_sync_read()
3.16 commit
aad4f8bb42af06371aa0e85bf0cd9d52c0494985
'switch simple generic_file_aio_read() users to ->read_iter()'
replaced ->aio_read with ->read_iter in most of the file systems
and introduced new_sync_read() as a replacement for do_sync_read().
Most of file systems set '->read' and ima_kernel_read is not affected.
When ->read is not set, this patch adopts fallback call changes from the
vfs_read.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: <stable@vger.kernel.org> 3.16+
Dmitry Kasatkin [Fri, 15 Aug 2014 10:28:52 +0000 (13:28 +0300)]
ima: prevent buffer overflow in ima_alloc_tfm()
This patch fixes the case where the file's signature/hash xattr contains
an invalid hash algorithm. Although we can not verify the xattr, we still
need to measure the file. Use the default IMA hash algorithm.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Mimi Zohar [Mon, 28 Jul 2014 11:59:49 +0000 (07:59 -0400)]
ima: fix ima_alloc_atfm()
The patch
3bcced39ea7d: "ima: use ahash API for file hash
calculation" from Feb 26, 2014, leads to the following static checker
warning:
security/integrity/ima/ima_crypto.c:204 ima_alloc_atfm()
        error: buffer overflow 'hash_algo_name' 17 <= 17
Unlike shash tfm memory, which is allocated on initialization, the
ahash tfm memory allocation is deferred until needed.
This patch fixes the case where ima_ahash_tfm has not yet been
allocated and the file's signature/hash xattr contains an invalid hash
algorithm. Although we can not verify the xattr, we still need to
measure the file. Use the default IMA hash algorithm.
Changelog:
- set valid algo before testing tfm - based on Dmitry's comment
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Mark Rustad [Thu, 28 Aug 2014 11:43:09 +0000 (04:43 -0700)]
security: Silence shadow warning
Renaming an unused formal parameter in the static inline function
security_inode_init_security eliminates many W=2 warnings.
Signed-off-by: Mark Rustad <mark.d.rustad@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Lukasz Pawelczyk [Fri, 29 Aug 2014 15:02:55 +0000 (17:02 +0200)]
Make Smack operate on smack_known struct where it still used char*
Smack used to use a mix of smack_known struct and char* throughout its
APIs and implementation. This patch unifies the behaviour and makes it
store and operate exclusively on smack_known struct pointers when managing
labels.
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Conflicts:
security/smack/smack_access.c
security/smack/smack_lsm.c
Lukasz Pawelczyk [Fri, 29 Aug 2014 15:02:54 +0000 (17:02 +0200)]
Fix a bidirectional UDS connect check typo
The
54e70ec5eb090193b03e69d551fa6771a5a217c4 commit introduced a
bidirectional check that should have checked for mutual WRITE access
between two labels. Due to a typo the second check was incorrect.
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Lukasz Pawelczyk [Fri, 29 Aug 2014 15:02:53 +0000 (17:02 +0200)]
Small fixes in comments describing function parameters
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Casey Schaufler [Wed, 27 Aug 2014 21:51:27 +0000 (14:51 -0700)]
Smack: Bring-up access mode
People keep asking me for permissive mode, and I keep saying "no".
Permissive mode is wrong for more reasons than I can enumerate,
but the compelling one is that it's once on, never off.
Nonetheless, there is an argument to be made for running a
process with lots of permissions, logging which are required,
and then locking the process down. There wasn't a way to do
that with Smack, but this provides it.
The notion is that you start out by giving the process an
appropriate Smack label, such as "ATBirds". You create rules
with a wide range of access and the "b" mode. On Tizen it
might be:
ATBirds System rwxalb
ATBirds User rwxalb
ATBirds _ rwxalb
User ATBirds wb
System ATBirds wb
Accesses that fail will generate audit records. Accesses
that succeed because of rules marked with a "b" generate
log messages identifying the rule, the program and as much
object information as is convenient.
When the system is properly configured and the programs
brought in line with the labeling scheme the "b" mode can
be removed from the rules. When the system is ready for
production the facility can be configured out.
This provides the developer the convenience of permissive
mode without creating a system that looks like it is
enforcing a policy while it is not.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Stephen Smalley [Mon, 4 Aug 2014 17:36:49 +0000 (13:36 -0400)]
selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID.
If the callee SID is bounded by the caller SID, then allowing
the transition to occur poses no risk of privilege escalation and we can
therefore safely allow the transition to occur. Add this exemption
for both the case where a transition was explicitly requested by the
application and the case where an automatic transition is defined in
policy.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Marcin Niesluchowski [Tue, 19 Aug 2014 12:26:32 +0000 (14:26 +0200)]
Smack: Fix setting label on successful file open
While opening with CAP_MAC_OVERRIDE file label is not set.
Other calls may access it after CAP_MAC_OVERRIDE is dropped from process.
Signed-off-by: Marcin Niesluchowski <m.niesluchow@samsung.com>
Konstantin Khlebnikov [Thu, 7 Aug 2014 16:52:49 +0000 (20:52 +0400)]
Smack: remove unneeded NULL-termination from securtity label
Values of extended attributes are stored as binary blobs. NULL-termination
of them isn't required. It just wastes disk space and confuses command-line
tools like getfattr because they have to print that zero byte at the end.
This patch removes terminating zero byte from initial security label in
smack_inode_init_security and cuts it out in function smack_inode_getsecurity
which is used by syscall getxattr. This change seems completely safe, because
function smk_parse_smack ignores everything after first zero byte.
Signed-off-by: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
Konstantin Khlebnikov [Thu, 7 Aug 2014 16:52:43 +0000 (20:52 +0400)]
Smack: handle zero-length security labels without panic
Zero-length security labels are invalid but kernel should handle them.
This patch fixes kernel panic after setting zero-length security labels:
# attr -S -s "SMACK64" -V "" file
And after writing zero-length string into smackfs files syslog and onlycp:
# python -c 'import os; os.write(1, "")' > /smack/syslog
The problem is caused by brain-damaged logic in function smk_parse_smack()
which takes pointer to buffer and its length but if length below or equal zero
it thinks that the buffer is zero-terminated. Unfortunately callers of this
function are widely used and proper fix requires serious refactoring.
Signed-off-by: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
Konstantin Khlebnikov [Thu, 7 Aug 2014 16:52:33 +0000 (20:52 +0400)]
Smack: fix behavior of smack_inode_listsecurity
Security operation ->inode_listsecurity is used for generating list of
available extended attributes for syscall listxattr. Currently it's used
only in nfs4 or if filesystem doesn't provide i_op->listxattr.
The list is the set of NULL-terminated names, one after the other.
This method must include zero byte at the and into result.
Also this function must return length even if string does not fit into
output buffer or it is NULL, see similar method in selinux and man listxattr.
Signed-off-by: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
Paul Moore [Tue, 5 Aug 2014 19:44:22 +0000 (15:44 -0400)]
Merge tag 'v3.16' into next
Linux 3.16
James Morris [Tue, 5 Aug 2014 14:52:01 +0000 (00:52 +1000)]
Merge tag 'keys-next-
20140805' of git://git./linux/kernel/git/dhowells/linux-fs into next
Linus Torvalds [Sun, 3 Aug 2014 22:25:02 +0000 (15:25 -0700)]
Linux 3.16
Linus Torvalds [Sun, 3 Aug 2014 16:58:20 +0000 (09:58 -0700)]
Merge branch 'timers-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull timer fixes from Thomas Gleixner:
"Two fixes in the timer area:
- a long-standing lock inversion due to a printk
- suspend-related hrtimer corruption in sched_clock"
* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
timer: Fix lock inversion between hrtimer_bases.lock and scheduler locks
sched_clock: Avoid corrupting hrtimer tree during suspend
David Howells [Sun, 3 Aug 2014 11:54:48 +0000 (12:54 +0100)]
X.509: Need to export x509_request_asymmetric_key()
Need to export x509_request_asymmetric_key() so that PKCS#7 can use it if
compiled as a module.
Reported-by: James Morris <jmorris@namei.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Linus Torvalds [Sat, 2 Aug 2014 17:57:39 +0000 (10:57 -0700)]
Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
"A few fixes for ARM. Some of these are correctness issues:
- TLBs must be flushed after the old mappings are removed by the DMA
mapping code, but before the new mappings are established.
- An off-by-one entry error in the Keystone LPAE setup code.
Fixes include:
- ensuring that the identity mapping for LPAE does not remove the
kernel image from the identity map.
- preventing userspace from trapping into kgdb.
- fixing a preemption issue in the Intel iwmmxt code.
- fixing a build error with nommu.
Other changes include:
- Adding a note about which areas of memory are expected to be
accessible while the identity mapping tables are in place"
* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
ARM: 8124/1: don't enter kgdb when userspace executes a kgdb break instruction
ARM: idmap: add identity mapping usage note
ARM: 8115/1: LPAE: reduce damage caused by idmap to virtual memory layout
ARM: fix alignment of keystone page table fixup
ARM: 8112/1: only select ARM_PATCH_PHYS_VIRT if MMU is enabled
ARM: 8100/1: Fix preemption disable in iwmmxt_task_enable()
ARM: DMA: ensure that old section mappings are flushed from the TLB
Omar Sandoval [Fri, 1 Aug 2014 17:14:06 +0000 (18:14 +0100)]
ARM: 8124/1: don't enter kgdb when userspace executes a kgdb break instruction
The kgdb breakpoint hooks (kgdb_brk_fn and kgdb_compiled_brk_fn)
should only be entered when a kgdb break instruction is executed
from the kernel. Otherwise, if kgdb is enabled, a userspace program
can cause the kernel to drop into the debugger by executing either
KGDB_BREAKINST or KGDB_COMPILED_BREAK.
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Russell King [Tue, 29 Jul 2014 11:18:34 +0000 (12:18 +0100)]
ARM: idmap: add identity mapping usage note
Add a note about the usage of the identity mapping; we do not support
accesses outside of the identity map region and kernel image while a
CPU is using the identity map. This is because the identity mapping
may overwrite vmalloc space, IO mappings, the vectors pages, etc.
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
James Morris [Sat, 2 Aug 2014 12:58:02 +0000 (22:58 +1000)]
Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next
Linus Torvalds [Sat, 2 Aug 2014 01:01:41 +0000 (18:01 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/viro/vfs
Pull vfs fixes from Al Viro:
"This contains a couple of fixes - one is the aio fix from Christoph,
the other a fallocate() one from Eric"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
vfs: fix check for fallocate on active swapfile
direct-io: fix AIO regression
Linus Torvalds [Sat, 2 Aug 2014 00:37:01 +0000 (17:37 -0700)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull x86 fix from Peter Anvin:
"A single fix to not invoke the espfix code on Xen PV, as it turns out
to oops the guest when invoked after all. This patch leaves some
amount of dead code, in particular unnecessary initialization of the
espfix stacks when they won't be used, but in the interest of keeping
the patch minimal that cleanup can wait for the next cycle"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86_64/entry/xen: Do not invoke espfix64 on Xen
Linus Torvalds [Sat, 2 Aug 2014 00:16:05 +0000 (17:16 -0700)]
Merge tag 'staging-3.16-rc8' of git://git./linux/kernel/git/gregkh/staging
Pull staging driver bugfixes from Greg KH:
"Here are some tiny staging driver bugfixes that I've had in my tree
for the past week that resolve some reported issues. Nothing major at
all, but it would be good to get them merged for 3.16-rc8 or -final"
* tag 'staging-3.16-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
staging: vt6655: Fix disassociated messages every 10 seconds
staging: vt6655: Fix Warning on boot handle_irq_event_percpu.
staging: rtl8723au: rtw_resume(): release semaphore before exit on error
iio:bma180: Missing check for frequency fractional part
iio:bma180: Fix scale factors to report correct acceleration units
iio: buffer: Fix demux table creation
Linus Torvalds [Fri, 1 Aug 2014 19:50:05 +0000 (12:50 -0700)]
Merge tag 'dm-3.16-fixes-3' of git://git./linux/kernel/git/device-mapper/linux-dm
Pull device mapper fixes from Mike Snitzer:
"Fix dm bufio shrinker to properly zero-fill all fields.
Fix race in dm cache that caused improper reporting of the number of
dirty blocks in the cache"
* tag 'dm-3.16-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
dm cache: fix race affecting dirty block count
dm bufio: fully initialize shrinker
Linus Torvalds [Fri, 1 Aug 2014 19:49:02 +0000 (12:49 -0700)]
Merge tag 'fixes-for-linus' of git://git./linux/kernel/git/arm/arm-soc
Pull ARM straggler SoC fix from Olof Johansson:
"A DT bugfix for Nomadik that had an ambigouos double-inversion of a
gpio line, and one MAINTAINER URL update that might as well go in now.
We could hold off until the merge window, but then we'll just have to
mark the DT fix for stable and it just seems like in total causing
more work"
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
MAINTAINERS: Update Tegra Git URL
ARM: nomadik: fix up double inversion in DT
Anssi Hannula [Fri, 1 Aug 2014 15:55:47 +0000 (11:55 -0400)]
dm cache: fix race affecting dirty block count
nr_dirty is updated without locking, causing it to drift so that it is
non-zero (either a small positive integer, or a very large one when an
underflow occurs) even when there are no actual dirty blocks. This was
due to a race between the workqueue and map function accessing nr_dirty
in parallel without proper protection.
People were seeing under runs due to a race on increment/decrement of
nr_dirty, see: https://lkml.org/lkml/2014/6/3/648
Fix this by using an atomic_t for nr_dirty.
Reported-by: roma1390@gmail.com
Signed-off-by: Anssi Hannula <anssi.hannula@iki.fi>
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Cc: stable@vger.kernel.org
Greg Thelen [Thu, 31 Jul 2014 16:07:19 +0000 (09:07 -0700)]
dm bufio: fully initialize shrinker
1d3d4437eae1 ("vmscan: per-node deferred work") added a flags field to
struct shrinker assuming that all shrinkers were zero filled. The dm
bufio shrinker is not zero filled, which leaves arbitrary kmalloc() data
in flags. So far the only defined flags bit is SHRINKER_NUMA_AWARE.
But there are proposed patches which add other bits to shrinker.flags
(e.g. memcg awareness).
Rather than simply initializing the shrinker, this patch uses kzalloc()
when allocating the dm_bufio_client to ensure that the embedded shrinker
and any other similar structures are zeroed.
This fixes theoretical over aggressive shrinking of dm bufio objects.
If the uninitialized dm_bufio_client.shrinker.flags contains
SHRINKER_NUMA_AWARE then shrink_slab() would call the dm shrinker for
each numa node rather than just once. This has been broken since 3.12.
Signed-off-by: Greg Thelen <gthelen@google.com>
Acked-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Cc: stable@vger.kernel.org # v3.12+
Paul Moore [Fri, 1 Aug 2014 15:17:37 +0000 (11:17 -0400)]
netlabel: shorter names for the NetLabel catmap funcs/structs
Historically the NetLabel LSM secattr catmap functions and data
structures have had very long names which makes a mess of the NetLabel
code and anyone who uses NetLabel. This patch renames the catmap
functions and structures from "*_secattr_catmap_*" to just "*_catmap_*"
which improves things greatly.
There are no substantial code or logic changes in this patch.
Signed-off-by: Paul Moore <pmoore@redhat.com>
Tested-by: Casey Schaufler <casey@schaufler-ca.com>
Paul Moore [Fri, 1 Aug 2014 15:17:29 +0000 (11:17 -0400)]
netlabel: fix the catmap walking functions
The two NetLabel LSM secattr catmap walk functions didn't handle
certain edge conditions correctly, causing incorrect security labels
to be generated in some cases. This patch corrects these problems and
converts the functions to use the new _netlbl_secattr_catmap_getnode()
function in order to reduce the amount of repeated code.
Cc: stable@vger.kernel.org
Signed-off-by: Paul Moore <pmoore@redhat.com>
Tested-by: Casey Schaufler <casey@schaufler-ca.com>
Paul Moore [Fri, 1 Aug 2014 15:17:17 +0000 (11:17 -0400)]
netlabel: fix the horribly broken catmap functions
The NetLabel secattr catmap functions, and the SELinux import/export
glue routines, were broken in many horrible ways and the SELinux glue
code fiddled with the NetLabel catmap structures in ways that we
probably shouldn't allow. At some point this "worked", but that was
likely due to a bit of dumb luck and sub-par testing (both inflicted
by yours truly). This patch corrects these problems by basically
gutting the code in favor of something less obtuse and restoring the
NetLabel abstractions in the SELinux catmap glue code.
Everything is working now, and if it decides to break itself in the
future this code will be much easier to debug than the code it
replaces.
One noteworthy side effect of the changes is that it is no longer
necessary to allocate a NetLabel catmap before calling one of the
NetLabel APIs to set a bit in the catmap. NetLabel will automatically
allocate the catmap nodes when needed, resulting in less allocations
when the lowest bit is greater than 255 and less code in the LSMs.
Cc: stable@vger.kernel.org
Reported-by: Christian Evans <frodox@zoho.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Tested-by: Casey Schaufler <casey@schaufler-ca.com>
Paul Moore [Fri, 1 Aug 2014 15:17:03 +0000 (11:17 -0400)]
netlabel: fix a problem when setting bits below the previously lowest bit
The NetLabel category (catmap) functions have a problem in that they
assume categories will be set in an increasing manner, e.g. the next
category set will always be larger than the last. Unfortunately, this
is not a valid assumption and could result in problems when attempting
to set categories less than the startbit in the lowest catmap node.
In some cases kernel panics and other nasties can result.
This patch corrects the problem by checking for this and allocating a
new catmap node instance and placing it at the front of the list.
Cc: stable@vger.kernel.org
Reported-by: Christian Evans <frodox@zoho.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Tested-by: Casey Schaufler <casey@schaufler-ca.com>
Jan Kara [Fri, 1 Aug 2014 10:20:02 +0000 (12:20 +0200)]
timer: Fix lock inversion between hrtimer_bases.lock and scheduler locks
clockevents_increase_min_delta() calls printk() from under
hrtimer_bases.lock. That causes lock inversion on scheduler locks because
printk() can call into the scheduler. Lockdep puts it as:
======================================================
[ INFO: possible circular locking dependency detected ]
3.15.0-rc8-06195-g939f04b #2 Not tainted
-------------------------------------------------------
trinity-main/74 is trying to acquire lock:
(&port_lock_key){-.....}, at: [<
811c60be>] serial8250_console_write+0x8c/0x10c
but task is already holding lock:
(hrtimer_bases.lock){-.-...}, at: [<
8103caeb>] hrtimer_try_to_cancel+0x13/0x66
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #5 (hrtimer_bases.lock){-.-...}:
[<
8104a942>] lock_acquire+0x92/0x101
[<
8142f11d>] _raw_spin_lock_irqsave+0x2e/0x3e
[<
8103c918>] __hrtimer_start_range_ns+0x1c/0x197
[<
8107ec20>] perf_swevent_start_hrtimer.part.41+0x7a/0x85
[<
81080792>] task_clock_event_start+0x3a/0x3f
[<
810807a4>] task_clock_event_add+0xd/0x14
[<
8108259a>] event_sched_in+0xb6/0x17a
[<
810826a2>] group_sched_in+0x44/0x122
[<
81082885>] ctx_sched_in.isra.67+0x105/0x11f
[<
810828e6>] perf_event_sched_in.isra.70+0x47/0x4b
[<
81082bf6>] __perf_install_in_context+0x8b/0xa3
[<
8107eb8e>] remote_function+0x12/0x2a
[<
8105f5af>] smp_call_function_single+0x2d/0x53
[<
8107e17d>] task_function_call+0x30/0x36
[<
8107fb82>] perf_install_in_context+0x87/0xbb
[<
810852c9>] SYSC_perf_event_open+0x5c6/0x701
[<
810856f9>] SyS_perf_event_open+0x17/0x19
[<
8142f8ee>] syscall_call+0x7/0xb
-> #4 (&ctx->lock){......}:
[<
8104a942>] lock_acquire+0x92/0x101
[<
8142f04c>] _raw_spin_lock+0x21/0x30
[<
81081df3>] __perf_event_task_sched_out+0x1dc/0x34f
[<
8142cacc>] __schedule+0x4c6/0x4cb
[<
8142cae0>] schedule+0xf/0x11
[<
8142f9a6>] work_resched+0x5/0x30
-> #3 (&rq->lock){-.-.-.}:
[<
8104a942>] lock_acquire+0x92/0x101
[<
8142f04c>] _raw_spin_lock+0x21/0x30
[<
81040873>] __task_rq_lock+0x33/0x3a
[<
8104184c>] wake_up_new_task+0x25/0xc2
[<
8102474b>] do_fork+0x15c/0x2a0
[<
810248a9>] kernel_thread+0x1a/0x1f
[<
814232a2>] rest_init+0x1a/0x10e
[<
817af949>] start_kernel+0x303/0x308
[<
817af2ab>] i386_start_kernel+0x79/0x7d
-> #2 (&p->pi_lock){-.-...}:
[<
8104a942>] lock_acquire+0x92/0x101
[<
8142f11d>] _raw_spin_lock_irqsave+0x2e/0x3e
[<
810413dd>] try_to_wake_up+0x1d/0xd6
[<
810414cd>] default_wake_function+0xb/0xd
[<
810461f3>] __wake_up_common+0x39/0x59
[<
81046346>] __wake_up+0x29/0x3b
[<
811b8733>] tty_wakeup+0x49/0x51
[<
811c3568>] uart_write_wakeup+0x17/0x19
[<
811c5dc1>] serial8250_tx_chars+0xbc/0xfb
[<
811c5f28>] serial8250_handle_irq+0x54/0x6a
[<
811c5f57>] serial8250_default_handle_irq+0x19/0x1c
[<
811c56d8>] serial8250_interrupt+0x38/0x9e
[<
810510e7>] handle_irq_event_percpu+0x5f/0x1e2
[<
81051296>] handle_irq_event+0x2c/0x43
[<
81052cee>] handle_level_irq+0x57/0x80
[<
81002a72>] handle_irq+0x46/0x5c
[<
810027df>] do_IRQ+0x32/0x89
[<
8143036e>] common_interrupt+0x2e/0x33
[<
8142f23c>] _raw_spin_unlock_irqrestore+0x3f/0x49
[<
811c25a4>] uart_start+0x2d/0x32
[<
811c2c04>] uart_write+0xc7/0xd6
[<
811bc6f6>] n_tty_write+0xb8/0x35e
[<
811b9beb>] tty_write+0x163/0x1e4
[<
811b9cd9>] redirected_tty_write+0x6d/0x75
[<
810b6ed6>] vfs_write+0x75/0xb0
[<
810b7265>] SyS_write+0x44/0x77
[<
8142f8ee>] syscall_call+0x7/0xb
-> #1 (&tty->write_wait){-.....}:
[<
8104a942>] lock_acquire+0x92/0x101
[<
8142f11d>] _raw_spin_lock_irqsave+0x2e/0x3e
[<
81046332>] __wake_up+0x15/0x3b
[<
811b8733>] tty_wakeup+0x49/0x51
[<
811c3568>] uart_write_wakeup+0x17/0x19
[<
811c5dc1>] serial8250_tx_chars+0xbc/0xfb
[<
811c5f28>] serial8250_handle_irq+0x54/0x6a
[<
811c5f57>] serial8250_default_handle_irq+0x19/0x1c
[<
811c56d8>] serial8250_interrupt+0x38/0x9e
[<
810510e7>] handle_irq_event_percpu+0x5f/0x1e2
[<
81051296>] handle_irq_event+0x2c/0x43
[<
81052cee>] handle_level_irq+0x57/0x80
[<
81002a72>] handle_irq+0x46/0x5c
[<
810027df>] do_IRQ+0x32/0x89
[<
8143036e>] common_interrupt+0x2e/0x33
[<
8142f23c>] _raw_spin_unlock_irqrestore+0x3f/0x49
[<
811c25a4>] uart_start+0x2d/0x32
[<
811c2c04>] uart_write+0xc7/0xd6
[<
811bc6f6>] n_tty_write+0xb8/0x35e
[<
811b9beb>] tty_write+0x163/0x1e4
[<
811b9cd9>] redirected_tty_write+0x6d/0x75
[<
810b6ed6>] vfs_write+0x75/0xb0
[<
810b7265>] SyS_write+0x44/0x77
[<
8142f8ee>] syscall_call+0x7/0xb
-> #0 (&port_lock_key){-.....}:
[<
8104a62d>] __lock_acquire+0x9ea/0xc6d
[<
8104a942>] lock_acquire+0x92/0x101
[<
8142f11d>] _raw_spin_lock_irqsave+0x2e/0x3e
[<
811c60be>] serial8250_console_write+0x8c/0x10c
[<
8104e402>] call_console_drivers.constprop.31+0x87/0x118
[<
8104f5d5>] console_unlock+0x1d7/0x398
[<
8104fb70>] vprintk_emit+0x3da/0x3e4
[<
81425f76>] printk+0x17/0x19
[<
8105bfa0>] clockevents_program_min_delta+0x104/0x116
[<
8105c548>] clockevents_program_event+0xe7/0xf3
[<
8105cc1c>] tick_program_event+0x1e/0x23
[<
8103c43c>] hrtimer_force_reprogram+0x88/0x8f
[<
8103c49e>] __remove_hrtimer+0x5b/0x79
[<
8103cb21>] hrtimer_try_to_cancel+0x49/0x66
[<
8103cb4b>] hrtimer_cancel+0xd/0x18
[<
8107f102>] perf_swevent_cancel_hrtimer.part.60+0x2b/0x30
[<
81080705>] task_clock_event_stop+0x20/0x64
[<
81080756>] task_clock_event_del+0xd/0xf
[<
81081350>] event_sched_out+0xab/0x11e
[<
810813e0>] group_sched_out+0x1d/0x66
[<
81081682>] ctx_sched_out+0xaf/0xbf
[<
81081e04>] __perf_event_task_sched_out+0x1ed/0x34f
[<
8142cacc>] __schedule+0x4c6/0x4cb
[<
8142cae0>] schedule+0xf/0x11
[<
8142f9a6>] work_resched+0x5/0x30
other info that might help us debug this:
Chain exists of:
&port_lock_key --> &ctx->lock --> hrtimer_bases.lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(hrtimer_bases.lock);
lock(&ctx->lock);
lock(hrtimer_bases.lock);
lock(&port_lock_key);
*** DEADLOCK ***
4 locks held by trinity-main/74:
#0: (&rq->lock){-.-.-.}, at: [<
8142c6f3>] __schedule+0xed/0x4cb
#1: (&ctx->lock){......}, at: [<
81081df3>] __perf_event_task_sched_out+0x1dc/0x34f
#2: (hrtimer_bases.lock){-.-...}, at: [<
8103caeb>] hrtimer_try_to_cancel+0x13/0x66
#3: (console_lock){+.+...}, at: [<
8104fb5d>] vprintk_emit+0x3c7/0x3e4
stack backtrace:
CPU: 0 PID: 74 Comm: trinity-main Not tainted
3.15.0-rc8-06195-g939f04b #2
00000000 81c3a310 8b995c14 81426f69 8b995c44 81425a99 8161f671 8161f570
8161f538 8161f559 8161f538 8b995c78 8b142bb0 00000004 8b142fdc 8b142bb0
8b995ca8 8104a62d 8b142fac 000016f2 81c3a310 00000001 00000001 00000003
Call Trace:
[<
81426f69>] dump_stack+0x16/0x18
[<
81425a99>] print_circular_bug+0x18f/0x19c
[<
8104a62d>] __lock_acquire+0x9ea/0xc6d
[<
8104a942>] lock_acquire+0x92/0x101
[<
811c60be>] ? serial8250_console_write+0x8c/0x10c
[<
811c6032>] ? wait_for_xmitr+0x76/0x76
[<
8142f11d>] _raw_spin_lock_irqsave+0x2e/0x3e
[<
811c60be>] ? serial8250_console_write+0x8c/0x10c
[<
811c60be>] serial8250_console_write+0x8c/0x10c
[<
8104af87>] ? lock_release+0x191/0x223
[<
811c6032>] ? wait_for_xmitr+0x76/0x76
[<
8104e402>] call_console_drivers.constprop.31+0x87/0x118
[<
8104f5d5>] console_unlock+0x1d7/0x398
[<
8104fb70>] vprintk_emit+0x3da/0x3e4
[<
81425f76>] printk+0x17/0x19
[<
8105bfa0>] clockevents_program_min_delta+0x104/0x116
[<
8105cc1c>] tick_program_event+0x1e/0x23
[<
8103c43c>] hrtimer_force_reprogram+0x88/0x8f
[<
8103c49e>] __remove_hrtimer+0x5b/0x79
[<
8103cb21>] hrtimer_try_to_cancel+0x49/0x66
[<
8103cb4b>] hrtimer_cancel+0xd/0x18
[<
8107f102>] perf_swevent_cancel_hrtimer.part.60+0x2b/0x30
[<
81080705>] task_clock_event_stop+0x20/0x64
[<
81080756>] task_clock_event_del+0xd/0xf
[<
81081350>] event_sched_out+0xab/0x11e
[<
810813e0>] group_sched_out+0x1d/0x66
[<
81081682>] ctx_sched_out+0xaf/0xbf
[<
81081e04>] __perf_event_task_sched_out+0x1ed/0x34f
[<
8104416d>] ? __dequeue_entity+0x23/0x27
[<
81044505>] ? pick_next_task_fair+0xb1/0x120
[<
8142cacc>] __schedule+0x4c6/0x4cb
[<
81047574>] ? trace_hardirqs_off_caller+0xd7/0x108
[<
810475b0>] ? trace_hardirqs_off+0xb/0xd
[<
81056346>] ? rcu_irq_exit+0x64/0x77
Fix the problem by using printk_deferred() which does not call into the
scheduler.
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Cc: stable@vger.kernel.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Eric Biggers [Wed, 25 Jun 2014 04:45:08 +0000 (23:45 -0500)]
vfs: fix check for fallocate on active swapfile
Fix the broken check for calling sys_fallocate() on an active swapfile,
introduced by commit
0790b31b69374ddadefe ("fs: disallow all fallocate
operation on active swapfile").
Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Christoph Hellwig [Wed, 30 Jul 2014 11:18:48 +0000 (07:18 -0400)]
direct-io: fix AIO regression
The direct-io.c rewrite to use the iov_iter infrastructure stopped updating
the size field in struct dio_submit, and thus rendered the check for
allowing asynchronous completions to always return false. Fix this by
comparing it to the count of bytes in the iov_iter instead.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Tim Chen <tim.c.chen@linux.intel.com>
Tested-by: Tim Chen <tim.c.chen@linux.intel.com>
Linus Torvalds [Thu, 31 Jul 2014 23:42:10 +0000 (16:42 -0700)]
Merge tag 'pm+acpi-3.16-rc8' of git://git./linux/kernel/git/rafael/linux-pm
Pull ACPI fix from Rafael Wysocki:
"One commit that fixes a problem causing PNP devices to be associated
with wrong ACPI device objects sometimes during device enumeration due
to an incorrect check in a matching function.
That problem was uncovered by the ACPI device enumeration rework in
3.14"
* tag 'pm+acpi-3.16-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI / PNP: Fix acpi_pnp_match()
Linus Torvalds [Thu, 31 Jul 2014 17:02:15 +0000 (10:02 -0700)]
Merge tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mike.turquette/linux
Pull clock driver fix from Mike Turquette:
"A single patch to re-enable audio which is broken on all DRA7
SoC-based platforms. Missed this one from the last set of fixes"
* tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mike.turquette/linux:
clk: ti: clk-7xx: Correct ABE DPLL configuration
Linus Torvalds [Thu, 31 Jul 2014 17:01:34 +0000 (10:01 -0700)]
Merge git://git./linux/kernel/git/herbert/crypto-2.6
Pull crypto fix from Herbert Xu:
"This adds missing SELinux labeling to AF_ALG sockets which apparently
causes SELinux (or at least the SELinux people) to misbehave :)"
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: af_alg - properly label AF_ALG socket
Linus Torvalds [Thu, 31 Jul 2014 17:00:42 +0000 (10:00 -0700)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi
Pull SCSI barrier fix from James Bottomley:
"This is a potential data corruption fix: If we get an error sending
down a barrier, we simply ignore it meaning the barrier semantics get
violated without anyone being any the wiser. If the system crashes at
this point, the filesystem potentially becomes corrupt. Fix is to
report errors on failed barriers"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: handle flush errors properly
Peter Ujfalusi [Wed, 2 Apr 2014 13:48:45 +0000 (16:48 +0300)]
clk: ti: clk-7xx: Correct ABE DPLL configuration
ABE DPLL frequency need to be lowered from
361267200
to
180633600 to facilitate the ATL requironments.
The dpll_abe_m2x2_ck clock need to be set to double
of ABE DPLL rate in order to have correct clocks
for audio.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Acked-by: Tero Kristo <t-kristo@ti.com>
Signed-off-by: Mike Turquette <mturquette@linaro.org>
Milan Broz [Tue, 29 Jul 2014 18:41:09 +0000 (18:41 +0000)]
crypto: af_alg - properly label AF_ALG socket
Th AF_ALG socket was missing a security label (e.g. SELinux)
which means that socket was in "unlabeled" state.
This was recently demonstrated in the cryptsetup package
(cryptsetup v1.6.5 and later.)
See https://bugzilla.redhat.com/show_bug.cgi?id=
1115120
This patch clones the sock's label from the parent sock
and resolves the issue (similar to AF_BLUETOOTH protocol family).
Cc: stable@vger.kernel.org
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
David Howells [Thu, 31 Jul 2014 13:46:44 +0000 (14:46 +0100)]
PKCS#7: X.509 certificate issuer and subject are mandatory fields in the ASN.1
X.509 certificate issuer and subject fields are mandatory fields in the ASN.1
and so their existence needn't be tested for. They are guaranteed to end up
with an empty string if the name material has nothing we can use (see
x509_fabricate_name()).
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
David Rientjes [Thu, 31 Jul 2014 02:05:55 +0000 (19:05 -0700)]
kexec: fix build error when hugetlbfs is disabled
free_huge_page() is undefined without CONFIG_HUGETLBFS and there's no
need to filter PageHuge() page is such a configuration either, so avoid
exporting the symbol to fix a build error:
In file included from kernel/kexec.c:14:0:
kernel/kexec.c: In function 'crash_save_vmcoreinfo_init':
kernel/kexec.c:1623:20: error: 'free_huge_page' undeclared (first use in this function)
VMCOREINFO_SYMBOL(free_huge_page);
^
Introduced by commit
8f1d26d0e59b ("kexec: export free_huge_page to
VMCOREINFO")
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Acked-by: Olof Johansson <olof@lixom.net>
Cc: Atsushi Kumagai <kumagai-atsushi@mxc.nes.nec.co.jp>
Cc: Baoquan He <bhe@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David Rientjes <rientjes@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Thu, 31 Jul 2014 00:16:36 +0000 (17:16 -0700)]
Merge branch 'akpm' (patches from Andrew Morton)
Merge fixes from Andrew Morton:
"10 fixes"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
Josh has moved
kexec: export free_huge_page to VMCOREINFO
mm: fix filemap.c pagecache_get_page() kernel-doc warnings
mm: debugfs: move rounddown_pow_of_two() out from do_fault path
memcg: oom_notify use-after-free fix
hwpoison: call action_result() in failure path of hwpoison_user_mappings()
hwpoison: fix hugetlbfs/thp precheck in hwpoison_user_mappings()
rapidio/tsi721_dma: fix failure to obtain transaction descriptor
mm, thp: do not allow thp faults to avoid cpuset restrictions
mm/page-writeback.c: fix divide by zero in bdi_dirty_limits()
Josh Triplett [Wed, 30 Jul 2014 23:08:42 +0000 (16:08 -0700)]
Josh has moved
My IBM email addresses haven't worked for years; also map some
old-but-functional forwarding addresses to my canonical address.
Update my GPG key fingerprint; I moved to 4096R a long time ago.
Update description.
Signed-off-by: Josh Triplett <josh@joshtriplett.org>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Atsushi Kumagai [Wed, 30 Jul 2014 23:08:39 +0000 (16:08 -0700)]
kexec: export free_huge_page to VMCOREINFO
PG_head_mask was added into VMCOREINFO to filter huge pages in
b3acc56bfe1
("kexec: save PG_head_mask in VMCOREINFO"), but makedumpfile still need
another symbol to filter *hugetlbfs* pages.
If a user hope to filter user pages, makedumpfile tries to exclude them by
checking the condition whether the page is anonymous, but hugetlbfs pages
aren't anonymous while they also be user pages.
We know it's possible to detect them in the same way as PageHuge(),
so we need the start address of free_huge_page():
int PageHuge(struct page *page)
{
if (!PageCompound(page))
return 0;
page = compound_head(page);
return get_compound_page_dtor(page) == free_huge_page;
}
For that reason, this patch changes free_huge_page() into public
to export it to VMCOREINFO.
Signed-off-by: Atsushi Kumagai <kumagai-atsushi@mxc.nes.nec.co.jp>
Acked-by: Baoquan He <bhe@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Randy Dunlap [Wed, 30 Jul 2014 23:08:37 +0000 (16:08 -0700)]
mm: fix filemap.c pagecache_get_page() kernel-doc warnings
Fix kernel-doc warnings in mm/filemap.c: pagecache_get_page():
Warning(..//mm/filemap.c:1054): No description found for parameter 'cache_gfp_mask'
Warning(..//mm/filemap.c:1054): No description found for parameter 'radix_gfp_mask'
Warning(..//mm/filemap.c:1054): Excess function parameter 'gfp_mask' description in 'pagecache_get_page'
Fixes:
2457aec63745 ("mm: non-atomically mark page accessed during page cache allocation where possible")
[mgorman@suse.de: change everything]
[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Mel Gorman <mgorman@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Andrey Ryabinin [Wed, 30 Jul 2014 23:08:35 +0000 (16:08 -0700)]
mm: debugfs: move rounddown_pow_of_two() out from do_fault path
do_fault_around() expects fault_around_bytes rounded down to nearest page
order. Instead of calling rounddown_pow_of_two every time in
fault_around_pages()/fault_around_mask() we could do round down when user
changes fault_around_bytes via debugfs interface.
This also fixes bug when user set fault_around_bytes to 0. Result of
rounddown_pow_of_two(0) is not defined, therefore fault_around_bytes == 0
doesn't work without this patch.
Let's set fault_around_bytes to PAGE_SIZE if user sets to something less
than PAGE_SIZE
[akpm@linux-foundation.org: tweak code layout]
Fixes:
a9b0f861("mm: nominate faultaround area in bytes rather than page order")
Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: <stable@vger.kernel.org> [3.15.x]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Michal Hocko [Wed, 30 Jul 2014 23:08:33 +0000 (16:08 -0700)]
memcg: oom_notify use-after-free fix
Paul Furtado has reported the following GPF:
general protection fault: 0000 [#1] SMP
Modules linked in: ipv6 dm_mod xen_netfront coretemp hwmon x86_pkg_temp_thermal crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel ablk_helper cryptd lrw gf128mul glue_helper aes_x86_64 microcode pcspkr ext4 jbd2 mbcache raid0 xen_blkfront
CPU: 3 PID: 3062 Comm: java Not tainted 3.16.0-rc5 #1
task:
ffff8801cfe8f170 ti:
ffff8801d2ec4000 task.ti:
ffff8801d2ec4000
RIP: e030:mem_cgroup_oom_synchronize+0x140/0x240
RSP: e02b:
ffff8801d2ec7d48 EFLAGS:
00010283
RAX:
0000000000000001 RBX:
ffff88009d633800 RCX:
000000000000000e
RDX:
fffffffffffffffe RSI:
ffff88009d630200 RDI:
ffff88009d630200
RBP:
ffff8801d2ec7da8 R08:
0000000000000012 R09:
00000000fffffffe
R10:
0000000000000000 R11:
0000000000000000 R12:
ffff88009d633800
R13:
ffff8801d2ec7d48 R14:
dead000000100100 R15:
ffff88009d633a30
FS:
00007f1748bb4700(0000) GS:
ffff8801def80000(0000) knlGS:
0000000000000000
CS: e033 DS: 0000 ES: 0000 CR0:
000000008005003b
CR2:
00007f4110300308 CR3:
00000000c05f7000 CR4:
0000000000002660
Call Trace:
pagefault_out_of_memory+0x18/0x90
mm_fault_error+0xa9/0x1a0
__do_page_fault+0x478/0x4c0
do_page_fault+0x2c/0x40
page_fault+0x28/0x30
Code: 44 00 00 48 89 df e8 40 ca ff ff 48 85 c0 49 89 c4 74 35 4c 8b b0 30 02 00 00 4c 8d b8 30 02 00 00 4d 39 fe 74 1b 0f 1f 44 00 00 <49> 8b 7e 10 be 01 00 00 00 e8 42 d2 04 00 4d 8b 36 4d 39 fe 75
RIP mem_cgroup_oom_synchronize+0x140/0x240
Commit
fb2a6fc56be6 ("mm: memcg: rework and document OOM waiting and
wakeup") has moved mem_cgroup_oom_notify outside of memcg_oom_lock
assuming it is protected by the hierarchical OOM-lock.
Although this is true for the notification part the protection doesn't
cover unregistration of event which can happen in parallel now so
mem_cgroup_oom_notify can see already unlinked and/or freed
mem_cgroup_eventfd_list.
Fix this by using memcg_oom_lock also in mem_cgroup_oom_notify.
Addresses https://bugzilla.kernel.org/show_bug.cgi?id=80881
Fixes:
fb2a6fc56be6 (mm: memcg: rework and document OOM waiting and wakeup)
Signed-off-by: Michal Hocko <mhocko@suse.cz>
Reported-by: Paul Furtado <paulfurtado91@gmail.com>
Tested-by: Paul Furtado <paulfurtado91@gmail.com>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: <stable@vger.kernel.org> [3.12+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Naoya Horiguchi [Wed, 30 Jul 2014 23:08:30 +0000 (16:08 -0700)]
hwpoison: call action_result() in failure path of hwpoison_user_mappings()
hwpoison_user_mappings() could fail for various reasons, so printk()s to
print out the reasons should be done in each failure check inside
hwpoison_user_mappings().
And currently we don't call action_result() when hwpoison_user_mappings()
fails, which is not consistent with other exit points of memory error
handler. So this patch fixes these messaging problems.
Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Chen Yucong <slaoub@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Naoya Horiguchi [Wed, 30 Jul 2014 23:08:28 +0000 (16:08 -0700)]
hwpoison: fix hugetlbfs/thp precheck in hwpoison_user_mappings()
A recent fix from Chen Yucong, commit
0bc1f8b0682c ("hwpoison: fix the
handling path of the victimized page frame that belong to non-LRU")
rejects going into unmapping operation for hugetlbfs/thp pages, which
results in failing error containing on such pages. This patch fixes it.
With this patch, hwpoison functional tests in mce-test testsuite pass.
Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Chen Yucong <slaoub@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alexandre Bounine [Wed, 30 Jul 2014 23:08:26 +0000 (16:08 -0700)]
rapidio/tsi721_dma: fix failure to obtain transaction descriptor
This is a bug fix for the situation when function tsi721_desc_get() fails
to obtain a free transaction descriptor.
The bug usually results in a memory access crash dump when data transfer
scatter-gather list has more entries than size of hardware buffer
descriptors ring. This fix ensures that error is properly returned to a
caller instead of an invalid entry.
This patch is applicable to kernel versions starting from v3.5.
Signed-off-by: Alexandre Bounine <alexandre.bounine@idt.com>
Cc: Matt Porter <mporter@kernel.crashing.org>
Cc: Andre van Herk <andre.van.herk@prodrive-technologies.com>
Cc: Stef van Os <stef.van.os@prodrive-technologies.com>
Cc: Vinod Koul <vinod.koul@intel.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: <stable@vger.kernel.org> [3.5+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>