uapi: Define __BITS_PER_LONG based on compiler target#2
Open
trader418 wants to merge 9 commits intork779:lineage-16.0from
trader418:lineage-16.0
Open
uapi: Define __BITS_PER_LONG based on compiler target#2trader418 wants to merge 9 commits intork779:lineage-16.0from trader418:lineage-16.0
trader418 wants to merge 9 commits intork779:lineage-16.0from
trader418:lineage-16.0
Conversation
Mitigate BT and WiFi multiexistence in P Change-Id: Ia05a60754bc3e5e22ab44b625a61df9abc3b60db
rmnet_data assigns device name by the order they are created. This causes problems which multiple processes are trying to create devices and leads to random device names. Assign device name as specified by user. [mikeioannina]: Backport to 3.10 Change-Id: Ida836c9fd6ac9451e437665838197d90cb9cc53b CRs-Fixed: 2018785 Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Author
|
Fixes build error "format specifies type 'ssize_t' (aka 'int') but the |
… be OK now... Change-Id: I0adb8fe9c5029bad3ac52629003c3b78e9442936 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
O_TMPFILE | O_CREAT => linkat() with AT_SYMLINK_FOLLOW and /proc/self/fd/<n> as oldpath (i.e. flink()) will create a link O_TMPFILE | O_CREAT | O_EXCL => ENOENT on attempt to link those guys Change-Id: I5e28485680c3320cd0fccc0ba1bea8b963fca7fe Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[suggested by Rasmus Villemoes] make O_DIRECTORY | O_RDWR part of O_TMPFILE; that will fail on old kernels in a lot more cases than what I came up with. And make sure O_CREAT doesn't get there... Change-Id: Iaa3c8b487d44515b539150bdb5d0b749b87d3ea2 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
The man page for open(2) indicates that when O_CREAT is specified, the
'mode' argument applies only to future accesses to the file:
Note that this mode applies only to future accesses of the newly
created file; the open() call that creates a read-only file
may well return a read/write file descriptor.
The man page for open(2) implies that 'mode' is treated identically by
O_CREAT and O_TMPFILE.
O_TMPFILE, however, behaves differently:
int fd = open("/tmp", O_TMPFILE | O_RDWR, 0);
assert(fd == -1);
assert(errno == EACCES);
int fd = open("/tmp", O_TMPFILE | O_RDWR, 0600);
assert(fd > 0);
For O_CREAT, do_last() sets acc_mode to MAY_OPEN only:
if (*opened & FILE_CREATED) {
/* Don't check for write permission, don't truncate */
open_flag &= ~O_TRUNC;
will_truncate = false;
acc_mode = MAY_OPEN;
path_to_nameidata(path, nd);
goto finish_open_created;
}
But for O_TMPFILE, do_tmpfile() passes the full op->acc_mode to
may_open().
This patch lines up the behavior of O_TMPFILE with O_CREAT. After the
inode is created, may_open() is called with acc_mode = MAY_OPEN, in
do_tmpfile().
A different, but related glibc bug revealed the discrepancy:
https://sourceware.org/bugzilla/show_bug.cgi?id=17523
The glibc lazily loads the 'mode' argument of open() and openat() using
va_arg() only if O_CREAT is present in 'flags' (to support both the 2
argument and the 3 argument forms of open; same idea for openat()).
However, the glibc ignores the 'mode' argument if O_TMPFILE is in
'flags'.
On x86_64, for open(), it magically works anyway, as 'mode' is in
RDX when entering open(), and is still in RDX on SYSCALL, which is where
the kernel looks for the 3rd argument of a syscall.
But openat() is not quite so lucky: 'mode' is in RCX when entering the
glibc wrapper for openat(), while the kernel looks for the 4th argument
of a syscall in R10. Indeed, the syscall calling convention differs from
the regular calling convention in this respect on x86_64. So the kernel
sees mode = 0 when trying to use glibc openat() with O_TMPFILE, and
fails with EACCES.
Change-Id: Ib052bbc6fcc68d3060f91732a78ddbff6f71e0a6
Signed-off-by: Eric Rannaud <e@nanocritical.com>
Acked-by: Andy Lutomirski <luto@amacapital.net>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* We may compile 32-bit ARM code against these kernel headers in many situations, so provide a compiler-defined method of obtaining the width of long. Change-Id: Iac5e48200d70f1258ab3caca1a8f1eb6e8f7f2d3
Prior to null pointer check, SIP node was deleted from the list a null pointer check is added to confront the exception. Bug: 111529827 Change-Id: Ia12fa468eed7d1a91fad96840fa27cb0e4e208a8 Acked-by: Rishav LNU <rna@qti.qualcomm.com> Signed-off-by: Utkarsh Saxena <usaxena@codeaurora.org>
…l_leeco_msm8976 into HEAD Change-Id: I7427ed6ac89a08fbffb75fa1e1f04d96b4536cdf
rk779
pushed a commit
that referenced
this pull request
Jan 16, 2019
[ 3634.427545] WARNING: at ../../../../../../kernel/leeco/msm8976/net/sched/sch_generic.c:255 dev_watchdog+0x1e8/0x258() [ 3634.427562] NETDEV WATCHDOG: rmnet_ipa0 (): transmit queue 0 timed out [ 3634.427575] Modules linked in: [ 3634.427604] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 3.10.108-lineageos-g5dc604d8ea0 #2 [ 3634.427618] Call trace: [ 3634.427647] [<ffffffc0000886ac>] dump_backtrace+0x0/0x274 [ 3634.427671] [<ffffffc000088940>] show_stack+0x20/0x28 [ 3634.427693] [<ffffffc000e025b0>] dump_stack+0x20/0x28 [ 3634.427720] [<ffffffc0000a01e0>] warn_slowpath_common+0x80/0xa4 [ 3634.427741] [<ffffffc0000a027c>] warn_slowpath_fmt+0x78/0x84 [ 3634.427762] [<ffffffc000c52f1c>] dev_watchdog+0x1e8/0x258 [ 3634.427784] [<ffffffc0000afd88>] call_timer_fn+0xdc/0x1e8 [ 3634.427803] [<ffffffc0000b0780>] run_timer_softirq+0x4a4/0x4d8 [ 3634.427826] [<ffffffc0000a8658>] __do_softirq+0x19c/0x300 [ 3634.427845] [<ffffffc0000a88a8>] do_softirq+0x54/0x64 [ 3634.427866] [<ffffffc0000a8b10>] irq_exit+0x7c/0xc8 [ 3634.427886] [<ffffffc000085558>] handle_IRQ+0x94/0xb0 [ 3634.427905] [<ffffffc0000818a8>] gic_handle_irq+0x5c/0x8c [ 3634.427922] Exception stack(0xffffffc0b0adfcb0 to 0xffffffc0b0adfdd0) [ 3634.427943] fca0: 00000001 00000000 b525a1f0 ffffffc0 [ 3634.427968] fcc0: b0adfdf0 ffffffc0 007eb980 ffffffc0 00000000 00000000 00000000 00000000 [ 3634.427992] fce0: 25c17d03 00000002 34156157 00000000 00000018 00000000 8a6bdb19 000d7de3 [ 3634.428017] fd00: 45b0a68b 00000010 000ff720 00000000 b5193519 00000032 00084000 ffffffc0 [ 3634.428041] fd20: 00000000 00000000 00000000 00000000 04c5d83d 00000000 b3c5f000 00000000 [ 3634.428064] fd40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 3634.428089] fd60: 00000000 00000000 00000001 00000000 b525a1f0 ffffffc0 017b0de0 ffffffc0 [ 3634.428113] fd80: 015fb1a8 ffffffc0 00000001 00000000 00000001 00000000 adfebc68 ffffffc0 [ 3634.428137] fda0: 017b5000 ffffffc0 adfebc18 ffffffc0 adfebc18 ffffffc0 b0adfdf0 ffffffc0 [ 3634.428155] fdc0: 007eb6d0 ffffffc0 b0adfdf0 ffffffc0
rk779
pushed a commit
that referenced
this pull request
May 1, 2019
commit 2eb9eabf1e868fda15808954fb29b0f105ed65f1 upstream.
syzkaller with KASAN reported an out-of-bounds read in
asn1_ber_decoder(). It can be reproduced by the following command,
assuming CONFIG_X509_CERTIFICATE_PARSER=y and CONFIG_KASAN=y:
keyctl add asymmetric desc $'\x30\x30' @s
The bug is that the length of an ASN.1 data value isn't validated in the
case where it is encoded using the short form, causing the decoder to
read past the end of the input buffer. Fix it by validating the length.
The bug report was:
BUG: KASAN: slab-out-of-bounds in asn1_ber_decoder+0x10cb/0x1730 lib/asn1_decoder.c:233
Read of size 1 at addr ffff88003cccfa02 by task syz-executor0/6818
CPU: 1 PID: 6818 Comm: syz-executor0 Not tainted 4.14.0-rc7-00008-g5f479447d983 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0xb3/0x10b lib/dump_stack.c:52
print_address_description+0x79/0x2a0 mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351 [inline]
kasan_report+0x236/0x340 mm/kasan/report.c:409
__asan_report_load1_noabort+0x14/0x20 mm/kasan/report.c:427
asn1_ber_decoder+0x10cb/0x1730 lib/asn1_decoder.c:233
x509_cert_parse+0x1db/0x650 crypto/asymmetric_keys/x509_cert_parser.c:89
x509_key_preparse+0x64/0x7a0 crypto/asymmetric_keys/x509_public_key.c:174
asymmetric_key_preparse+0xcb/0x1a0 crypto/asymmetric_keys/asymmetric_type.c:388
key_create_or_update+0x347/0xb20 security/keys/key.c:855
SYSC_add_key security/keys/keyctl.c:122 [inline]
SyS_add_key+0x1cd/0x340 security/keys/keyctl.c:62
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x447c89
RSP: 002b:00007fca7a5d3bd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
RAX: ffffffffffffffda RBX: 00007fca7a5d46cc RCX: 0000000000447c89
RDX: 0000000020006f4a RSI: 0000000020006000 RDI: 0000000020001ff5
RBP: 0000000000000046 R08: fffffffffffffffd R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fca7a5d49c0 R15: 00007fca7a5d4700
Fixes: 42d5ec2 ("X.509: Add an ASN.1 decoder")
Bug: 73827422
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: Ic3610c239a719762d5b337c3fff670a8aa581069
Git-repo: https://android.googlesource.com/kernel/msm
Git-commit: f4d43291da8a3db89c7d9597beb782775c623d3c
Signed-off-by: Srinivasa Rao Kuppala <srkupp@codeaurora.org>
rk779
pushed a commit
that referenced
this pull request
May 1, 2019
[ 3634.427545] WARNING: at ../../../../../../kernel/leeco/msm8976/net/sched/sch_generic.c:255 dev_watchdog+0x1e8/0x258() [ 3634.427562] NETDEV WATCHDOG: rmnet_ipa0 (): transmit queue 0 timed out [ 3634.427575] Modules linked in: [ 3634.427604] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 3.10.108-lineageos-g5dc604d8ea0 #2 [ 3634.427618] Call trace: [ 3634.427647] [<ffffffc0000886ac>] dump_backtrace+0x0/0x274 [ 3634.427671] [<ffffffc000088940>] show_stack+0x20/0x28 [ 3634.427693] [<ffffffc000e025b0>] dump_stack+0x20/0x28 [ 3634.427720] [<ffffffc0000a01e0>] warn_slowpath_common+0x80/0xa4 [ 3634.427741] [<ffffffc0000a027c>] warn_slowpath_fmt+0x78/0x84 [ 3634.427762] [<ffffffc000c52f1c>] dev_watchdog+0x1e8/0x258 [ 3634.427784] [<ffffffc0000afd88>] call_timer_fn+0xdc/0x1e8 [ 3634.427803] [<ffffffc0000b0780>] run_timer_softirq+0x4a4/0x4d8 [ 3634.427826] [<ffffffc0000a8658>] __do_softirq+0x19c/0x300 [ 3634.427845] [<ffffffc0000a88a8>] do_softirq+0x54/0x64 [ 3634.427866] [<ffffffc0000a8b10>] irq_exit+0x7c/0xc8 [ 3634.427886] [<ffffffc000085558>] handle_IRQ+0x94/0xb0 [ 3634.427905] [<ffffffc0000818a8>] gic_handle_irq+0x5c/0x8c [ 3634.427922] Exception stack(0xffffffc0b0adfcb0 to 0xffffffc0b0adfdd0) [ 3634.427943] fca0: 00000001 00000000 b525a1f0 ffffffc0 [ 3634.427968] fcc0: b0adfdf0 ffffffc0 007eb980 ffffffc0 00000000 00000000 00000000 00000000 [ 3634.427992] fce0: 25c17d03 00000002 34156157 00000000 00000018 00000000 8a6bdb19 000d7de3 [ 3634.428017] fd00: 45b0a68b 00000010 000ff720 00000000 b5193519 00000032 00084000 ffffffc0 [ 3634.428041] fd20: 00000000 00000000 00000000 00000000 04c5d83d 00000000 b3c5f000 00000000 [ 3634.428064] fd40: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 3634.428089] fd60: 00000000 00000000 00000001 00000000 b525a1f0 ffffffc0 017b0de0 ffffffc0 [ 3634.428113] fd80: 015fb1a8 ffffffc0 00000001 00000000 00000001 00000000 adfebc68 ffffffc0 [ 3634.428137] fda0: 017b5000 ffffffc0 adfebc18 ffffffc0 adfebc18 ffffffc0 b0adfdf0 ffffffc0 [ 3634.428155] fdc0: 007eb6d0 ffffffc0 b0adfdf0 ffffffc0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
situations, so provide a compiler-defined method of obtaining the width
of long.
Change-Id: Iac5e48200d70f1258ab3caca1a8f1eb6e8f7f2d3