Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.14.233 2019-07-21T07:04:27+00:00 2019-07-21T07:04:27+00:00 Dan Carpenter dan.carpenter@oracle.com 2019-06-18T13:18:43+00:00 urn:sha1:8945fba0e3799246bfaf26b15fd28cdad0b26b26 [ Upstream commit 74b67efa8d7b4f90137f0ab9a80dd319da050350 ] The copy_from_user() function returns the number of bytes remaining to be copied but we want to return a negative error code. Otherwise the callers treat it as a successful copy. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Sean Paul <seanpaul@chromium.org> Link: https://patchwork.freedesktop.org/patch/msgid/20190618131843.GA29463@mwanda Signed-off-by: Sasha Levin <sashal@kernel.org> 2019-02-12T18:45:56+00:00 Gustavo A. R. Silva gustavo@embeddedor.com 2018-10-16T09:55:49+00:00 urn:sha1:8df7378b0de4f64c155f4a2a93005d680fc6828c [ Upstream commit a37805098900a6e73a55b3a43b7d3bcd987bb3f4 ] idx can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: drivers/gpu/drm/drm_bufs.c:1420 drm_legacy_freebufs() warn: potential spectre issue 'dma->buflist' [r] (local cap) Fix this by sanitizing idx before using it to index dma->buflist Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Link: https://patchwork.freedesktop.org/patch/msgid/20181016095549.GA23586@embeddedor.com Signed-off-by: Sasha Levin <sashal@kernel.org> 2017-07-04T17:16:26+00:00 Al Viro viro@zeniv.linux.org.uk 2017-05-25T20:24:20+00:00 urn:sha1:87d3ce1169d329bc4cab41996fccb68c06b5725b Another horror like addbufs; this one is even uglier. With that done, drm_ioc32.c should be sane. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2017-05-27T19:39:32+00:00 Al Viro viro@zeniv.linux.org.uk 2017-05-24T21:54:09+00:00 urn:sha1:5c7640ab625829fd08b7fa0160c6fd188e70b5fe Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2016-09-21T11:24:27+00:00 Markus Elfring elfring@users.sourceforge.net 2016-09-19T15:30:31+00:00 urn:sha1:b5a2ecd857a224c4fbeeaa4f60f09bea3fc1837e The script "checkpatch.pl" can point information out like the following. WARNING: Prefer kcalloc over kzalloc with multiply Thus fix the affected source code place. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Link: http://patchwork.freedesktop.org/patch/msgid/b340d1ca-f114-a523-e6d1-afe7fd6c3826@users.sourceforge.net 2016-09-21T11:24:27+00:00 Markus Elfring elfring@users.sourceforge.net 2016-09-19T15:24:20+00:00 urn:sha1:81a441378d6e5b030af5429fe2ca1763de0f053a The script "checkpatch.pl" can point information out like the following. WARNING: Prefer kcalloc over kzalloc with multiply Thus fix the affected source code place. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Link: http://patchwork.freedesktop.org/patch/msgid/606c22f3-5da5-2e84-783d-bfe5289b4a01@users.sourceforge.net 2016-09-21T11:24:27+00:00 Markus Elfring elfring@users.sourceforge.net 2016-09-19T15:17:34+00:00 urn:sha1:ed6dee41927b6acad9f209899f360d4167f3f452 The script "checkpatch.pl" can point information out like the following. WARNING: Prefer kcalloc over kzalloc with multiply Thus fix the affected source code places. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Link: http://patchwork.freedesktop.org/patch/msgid/51f88f44-130d-48ac-f531-32ca9ae3919f@users.sourceforge.net 2016-09-21T11:24:27+00:00 Markus Elfring elfring@users.sourceforge.net 2016-09-19T15:07:06+00:00 urn:sha1:2027400893a2fa03d764f62ca8e0c677d7691234 A multiplication for the size determination of a memory allocation indicated that an array data structure should be processed. Thus use the corresponding function "kmalloc_array". This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch> Link: http://patchwork.freedesktop.org/patch/msgid/b71c8fee-8e84-9f1b-8569-f1ae8b879cc5@users.sourceforge.net 2016-08-08T08:05:23+00:00 Daniel Vetter daniel.vetter@ffwll.ch 2016-08-03T19:11:10+00:00 urn:sha1:fa5386459f06dc3b9181d4c954f980b127d1a32f Except for nouveau, only legacy drivers need this really. And nouveau is already marked up with DRIVER_KMS_LEGACY_CONTEXT as the special case. I've tried to be careful to leave everything related to modeset still using the DRIVER_MODESET flag. Otherwise it's a direct replacement of !DRIVER_MODESET with DRIVER_LEGACY checks. Also helps readability since fewer negative checks overall. Reviewed-by: David Herrmann <dh.herrmann@gmail.com> Reviewed-by: Frank Binns <frank.binns@imgtec.com> Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> Link: http://patchwork.freedesktop.org/patch/msgid/1470251470-30830-2-git-send-email-daniel.vetter@ffwll.ch 2016-06-21T19:43:24+00:00 Daniel Vetter daniel.vetter@ffwll.ch 2016-06-21T08:54:12+00:00 urn:sha1:95c081c17f284de50eaca60d4d55643a64d39019 There can only be one current master, and it's for the overall device. Render/control minors don't support master-based auth at all. This simplifies the master logic a lot, at least in my eyes: All these additional pointer chases are just confusing. While doing the conversion I spotted some locking fail: - drm_lock/drm_auth check dev->master without holding the master_mutex. This is fallout from commit c996fd0b956450563454e7ccc97a82ca31f9d043 Author: Thomas Hellstrom <thellstrom@vmware.com> Date: Tue Feb 25 19:57:44 2014 +0100 drm: Protect the master management with a drm_device::master_mutex v3 but I honestly don't care one bit about those old legacy drivers using this. - debugfs name info should just grab master_mutex. - And the fbdev helper looked at it to figure out whether someone is using KMS. We just need a consistent value, so READ_ONCE. Aside: We should probably check if anyone has opened a control node too, but I guess current userspace doesn't really do that yet. v2: Balance locking, reported by Julia. v3: Rebase on top of Chris' oops fixes. Cc: Julia Lawall <julia.lawall@lip6.fr> Cc: Chris Wilson <chris@chris-wilson.co.uk> Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk> (v2) Reviewed-by: Emil Velikov <emil.l.velikov@gmail.com> (v2) Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> Link: http://patchwork.freedesktop.org/patch/msgid/1466499262-18717-1-git-send-email-daniel.vetter@ffwll.ch