From: Al Viro
now access_elf_reg() does the right thing for everything other than
r0, we can simplify do_grepgs_[gs]et()
Signed-off-by: Al Viro
---
arch/ia64/kernel/ptrace.c | 155 ++
1 file changed, 31 insertions(+), 124 deletions(-)
diff --git
From: Al Viro
Signed-off-by: Al Viro
---
arch/sparc/kernel/ptrace_32.c | 109 --
1 file changed, 73 insertions(+), 36 deletions(-)
diff --git a/arch/sparc/kernel/ptrace_32.c b/arch/sparc/kernel/ptrace_32.c
index f72b7d2c4716..0856e0104539 100644
From: Al Viro
NB: compat NT_S390_LAST_BREAK might be better as compat_long_t
rather than long. User-visible ABI, again...
Signed-off-by: Al Viro
---
arch/s390/kernel/ptrace.c | 199 ++
1 file changed, 58 insertions(+), 141 deletions(-)
diff --git
From: Al Viro
Signed-off-by: Al Viro
---
arch/arm64/kernel/ptrace.c | 225 +
1 file changed, 62 insertions(+), 163 deletions(-)
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 9f769e862f68..8745aecffcae 100644
--- a/arch
From: Al Viro
Signed-off-by: Al Viro
---
arch/arm64/kernel/ptrace.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 5b837741ab76..d5f3da5197a1 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel
From: Al Viro
Signed-off-by: Al Viro
---
arch/sparc/kernel/ptrace_64.c | 177 ++
1 file changed, 144 insertions(+), 33 deletions(-)
diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c
index 1b1910b67ca4..3c9eee12102a 100644
On Wed, Jun 24, 2020 at 04:48:42PM +0800, Ding Xiang wrote:
> Fix a static code checker warning:
> drivers/block/loop.c:798 loop_attr_backing_file_show()
> warn: passing zero to 'PTR_ERR'
Better fix the root cause of that the problem - bullshit checker,
that is...
On Mon, Jun 29, 2020 at 12:23:34PM -0700, Linus Torvalds wrote:
> On Mon, Jun 29, 2020 at 11:28 AM Al Viro wrote:
> >
> > ->get2() takes task+regset+buffer, returns the amount of free space
> > left in the buffer on success and -E... on error.
>
> Can we please gi
From: Al Viro
... for fetching the register window from target's stack, rather
than open-coding it.
Signed-off-by: Al Viro
---
arch/sparc/kernel/ptrace_64.c | 59 ---
1 file changed, 16 insertions(+), 43 deletions(-)
diff --git a/arch/sparc/kernel
From: Al Viro
Note: riscv_fpr_get() used to forget to zero-pad at the end.
Not worth -stable...
Signed-off-by: Al Viro
---
arch/riscv/kernel/ptrace.c | 33 +++--
1 file changed, 11 insertions(+), 22 deletions(-)
diff --git a/arch/riscv/kernel/ptrace.c b/arch/riscv
From: Al Viro
Signed-off-by: Al Viro
---
arch/parisc/kernel/ptrace.c | 84 +
1 file changed, 16 insertions(+), 68 deletions(-)
diff --git a/arch/parisc/kernel/ptrace.c b/arch/parisc/kernel/ptrace.c
index b51418ad8655..6dd7a4debb9c 100644
--- a/arch
From: Al Viro
Signed-off-by: Al Viro
---
arch/c6x/kernel/ptrace.c | 11 +++
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/arch/c6x/kernel/ptrace.c b/arch/c6x/kernel/ptrace.c
index 67af1562da86..d2402de2bc14 100644
--- a/arch/c6x/kernel/ptrace.c
+++ b/arch/c6x/kernel
From: Al Viro
Turn copy_regset_to_user() into regset_get_alloc() + copy_to_user().
Now all ->get() calls have a kernel buffer as destination.
Note that we'd already eliminated the callers of copy_regset_to_user()
with non-zero offset; now that argument is simply unused.
Uninlined, while
From: Al Viro
Signed-off-by: Al Viro
---
arch/hexagon/kernel/ptrace.c | 62 +++-
1 file changed, 21 insertions(+), 41 deletions(-)
diff --git a/arch/hexagon/kernel/ptrace.c b/arch/hexagon/kernel/ptrace.c
index dcbf7ea960cc..fa6287d1a061 100644
From: Al Viro
no callers left
Signed-off-by: Al Viro
---
include/linux/regset.h | 67 --
1 file changed, 67 deletions(-)
diff --git a/include/linux/regset.h b/include/linux/regset.h
index d82bb32e434c..facfaf300b44 100644
--- a/include/linux
From: Al Viro
Signed-off-by: Al Viro
---
arch/arm64/kernel/ptrace.c | 34 +-
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 68b7f34a08f5..5b837741ab76 100644
--- a/arch/arm64/kernel
From: Al Viro
Signed-off-by: Al Viro
---
arch/nios2/kernel/ptrace.c | 51 ++
1 file changed, 15 insertions(+), 36 deletions(-)
diff --git a/arch/nios2/kernel/ptrace.c b/arch/nios2/kernel/ptrace.c
index de97bcb7dd44..2214f95847cd 100644
--- a/arch
From: Al Viro
Signed-off-by: Al Viro
---
arch/sparc/kernel/ptrace_32.c | 127 ---
arch/sparc/kernel/ptrace_64.c | 352 ++
2 files changed, 110 insertions(+), 369 deletions(-)
diff --git a/arch/sparc/kernel/ptrace_32.c b/arch/sparc/kernel
From: Al Viro
not used anymore
Signed-off-by: Al Viro
---
arch/arm64/kernel/ptrace.c | 13 -
include/linux/regset.h | 48 +-
2 files changed, 1 insertion(+), 60 deletions(-)
diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64
From: Al Viro
->get2() takes task+regset+buffer, returns the amount of free space
left in the buffer on success and -E... on error.
buffer is represented as struct membuf - a pair of (kernel) pointer
and amount of space left
Primitives for writing to such:
* membuf_write(buf, d
From: Al Viro
dead since the removal of aout coredump support...
Signed-off-by: Al Viro
---
arch/x86/include/asm/fpu/internal.h | 1 -
arch/x86/kernel/fpu/regset.c| 16
2 files changed, 17 deletions(-)
diff --git a/arch/x86/include/asm/fpu/internal.h
b/arch/x86
From: Al Viro
The function takes the register number, finds the corresponding field
of pt_regs for registers that are saved there or does the unwind for the
registers that end up spilled on the kernel stack. Then it reads from
or writes to the resulting location.
Unfortunately, finding
On Wed, Jun 17, 2020 at 12:38:07AM +1000, Herbert Xu wrote:
> On Tue, Jun 16, 2020 at 04:38:49AM +0100, Al Viro wrote:
> >
> > Folded and pushed
>
> Thanks Al. Here's another one that I just got, could you add this
> one too?
Done...
On Tue, Jun 16, 2020 at 11:05:02AM +1000, Herbert Xu wrote:
> On Tue, Jun 16, 2020 at 10:34:40AM +1000, Stephen Rothwell wrote:
> > [Just adding Herbert to cc]
> >
> > On Tue, 16 Jun 2020 10:33:30 +1000 Stephen Rothwell
> > wrote:
> > >
> > > Hi all,
> > >
> > > After merging the vfs tree,
On Fri, Jun 12, 2020 at 04:57:37PM +1000, Herbert Xu wrote:
> The header file linux/uio.h includes crypto/hash.h which pulls in
> most of the Crypto API. Since linux/uio.h is used throughout the
> kernel this means that every tiny bit of change to the Crypto API
> causes the entire kernel to get
On Sun, Jun 14, 2020 at 09:41:17PM +0200, Alexander A. Klimov wrote:
> Hello there!
>
> At the moment one can't checkout a clean working directory w/o any changed
> files on a case-insensitive FS as the following file names have lower-case
> duplicates:
And if you use a filesystem that is
On Sat, Jun 13, 2020 at 04:41:18PM +0100, Al Viro wrote:
> On Sat, Jun 13, 2020 at 04:31:02PM +0100, Al Viro wrote:
> > On Sat, Jun 13, 2020 at 07:12:36PM +0530, afzal mohammed wrote:
> > > Hi,
> > >
> > > On Sat, Jun 13, 2020 at 01:56:15PM +0100, Al Viro wrot
On Sat, Jun 13, 2020 at 04:31:02PM +0100, Al Viro wrote:
> On Sat, Jun 13, 2020 at 07:12:36PM +0530, afzal mohammed wrote:
> > Hi,
> >
> > On Sat, Jun 13, 2020 at 01:56:15PM +0100, Al Viro wrote:
> >
> > > Incidentally, what about get_user()/put_user(
On Sat, Jun 13, 2020 at 07:12:36PM +0530, afzal mohammed wrote:
> Hi,
>
> On Sat, Jun 13, 2020 at 01:56:15PM +0100, Al Viro wrote:
>
> > Incidentally, what about get_user()/put_user()? _That_ is where it's
> > going to really hurt...
>
> All other uaccess routine
On Sat, Jun 13, 2020 at 01:51:26PM +0100, Al Viro wrote:
> On Sat, Jun 13, 2020 at 05:34:32PM +0530, afzal mohammed wrote:
>
> > Observation is that max. pages reaching copy_{from,to}_user() is 2,
> > observed maximum of n (number of bytes) being 1 page size. i think C
> &g
On Sat, Jun 13, 2020 at 05:34:32PM +0530, afzal mohammed wrote:
> Observation is that max. pages reaching copy_{from,to}_user() is 2,
> observed maximum of n (number of bytes) being 1 page size. i think C
> library cuts any size read, write to page size (if it exceeds) &
> invokes the system
On Fri, Jun 12, 2020 at 09:00:14PM +0200, Markus Elfring wrote:
> >> I suggest to take another look at published software development
> >> activities.
> >
> > Do you collateral evolution in the twenty?
>
> Evolutions and software refactorings are just happening.
> Can we continue to clarify the
On Thu, Jun 11, 2020 at 05:46:43PM -0700, Mike Kravetz wrote:
> The routine is_file_hugepages() checks f_op == hugetlbfs_file_operations
> to determine if the file resides in hugetlbfs. This is problematic when
> the file is on a union or overlay. Instead, define a new file mode
>
On Wed, Jun 10, 2020 at 06:36:16PM -0700, Matthew Wilcox wrote:
> while (file->f_mode & FMODE_OVL_UPPER)
> file = file->private_data;
> return file;
>
> Or are you proposing that overlayfs copy FMODE_HUGEPAGES from the
> underlying fs to the overlaying fs?
The latter -
On Wed, Jun 10, 2020 at 05:13:52PM -0700, Mike Kravetz wrote:
> To address this issue,
> - Add a new file operation f_real while will return the underlying file.
> Only overlayfs provides a function for this operation.
> - Add a new routine real_file() which can be used by core code get an
>
epoll conversion to read_iter from Jens; I thought there might be
more epoll stuff this cycle, but uaccess took too much time. It might
as well have sat in #work.misc, but I didn't want to rebase for no good
reason...
The following changes since commit
A couple of trivial patches that fell through the cracks last cycle
The following changes since commit 8f3d9f354286745c751374f5f1fcafee6b3f3136:
Linux 5.7-rc1 (2020-04-12 12:35:55 -0700)
are available in the git repository at:
)
Al Viro (5):
i915: switch query_{topology,engine}_info() to copy_to_user()
i915: switch copy_perf_config_registers_or_number() to unsafe_put_user()
i915 compat ioctl(): just use drm_ioctl_kernel()
i915: alloc_oa_regs(): get rid of pointless
Fixups to regressions in sysctl series.
The following changes since commit 32927393dc1ccd60fb2bdc05b9e8e88753761469:
sysctl: pass kernel pointers to ->proc_handler (2020-04-27 02:07:40 -0400)
are available in the git repository at:
)
Al Viro (9):
pselect6() and friends: take handling the combined 6th/7th args into
helper
binfmt_elf: don't bother with __{put,copy_to}_user()
binfmt_elf_fdpic: don't use __... uaccess primitives
binfmt_flat: don't use __put_user()
x86: switch
On Wed, Jun 10, 2020 at 12:12:54PM -0500, Eric W. Biederman wrote:
> > {
> > struct proc_fs_info *fs_info = proc_sb_info(sb);
> >
> > - if (fs_info->proc_self)
> > - dput(fs_info->proc_self);
> > + if (fs_info) {
> > + if (fs_info->proc_self)
> > +
On Tue, Jun 09, 2020 at 07:08:17PM +0200, Christoph Hellwig wrote:
> Hi Al,
>
> two more fixes for the kernel pointers in the sysctl handlers.
Applied and pushed. Let me beat it up a bit, if it survives - to
Linus it goes...
On Mon, Jun 08, 2020 at 03:02:46PM +0200, Christoph Hellwig wrote:
> ping? Can you pick these up now that the original patches are in
> Linus' tree?
Applied and pushed; will send pull request later today.
On Sun, Jun 07, 2020 at 10:41:56PM +, Rodolfo C. Villordo wrote:
> Multiple line over 80 characters fixes by splitting in multiple lines.
> Warning found by checkpatch.pl
I doubt that checkpatch.pl can catch the real problems there:
* Hungarian Notation Sucks. Really.
* so does CamelCase,
On Sun, Jun 07, 2020 at 12:48:53PM -0700, Linus Torvalds wrote:
> Rasmus, say the word and I'll mark you for authorship on the first one.
>
> Comments? Can you find something else wrong here, or some other fixup to do?
>
> Al, any reaction?
It's correct, but this
> + if (mask & (mode ^
On Sun, May 31, 2020 at 02:04:14AM +0100, Al Viro wrote:
> The following changes since commit 8f3d9f354286745c751374f5f1fcafee6b3f3136:
>
> Linux 5.7-rc1 (2020-04-12 12:35:55 -0700)
>
> are available in the git repository at:
>
> git://git.kernel.org/pub/scm/linux/ke
On Sat, Jun 06, 2020 at 02:32:19PM +0800, Tiezhu Yang wrote:
> It is important to ensure that files that are opened always get closed.
> Failing to close files can result in file descriptor leaks. One common
> answer to this problem is to just raise the limit of open file handles
> and then
On Fri, Jun 05, 2020 at 02:50:03PM +0100, Al Viro wrote:
> On Thu, Jun 04, 2020 at 05:58:19PM +0100, David Howells wrote:
> > Hi Linus,
> >
> > Is it too late to put in a pull request for AFS changes? Apologies - I was
> > holding off and hoping that I could get Al t
On Thu, Jun 04, 2020 at 05:58:19PM +0100, David Howells wrote:
> Hi Linus,
>
> Is it too late to put in a pull request for AFS changes? Apologies - I was
> holding off and hoping that I could get Al to review the changes I made to
> the core VFS change commit (first in the series) in response to
On Thu, Jun 04, 2020 at 06:10:23AM -0400, Michael S. Tsirkin wrote:
> stac()
> for (i = 0; i < 64; ++i) {
>get_user(flags, desc[i].flags)
unsafe_get_user(), please.
>smp_rmb()
>if (!(flags & VALID))
> break;
>copy_from_user([i], desc + i,
On Thu, Jun 04, 2020 at 02:10:27PM +0800, Jason Wang wrote:
> > > get_user(flags, desc->flags)
> > > smp_rmb()
> > > if (flags & VALID)
> > > copy_from_user(, desc, sizeof adesc);
> > >
> > > this would be a good candidate I think.
> > Perhaps, once we get stac/clac out of raw_copy_from_user()
On Wed, Jun 03, 2020 at 09:53:32PM +0100, Al Viro wrote:
> On Wed, Jun 03, 2020 at 01:44:39PM -0700, Nathan Chancellor wrote:
> > > --------
> > > Al Viro (9):
> > > pselect6() and friends: take hand
On Wed, Jun 03, 2020 at 04:53:11PM -0400, Martin K. Petersen wrote:
>
> Hi Al!
>
> > OK... Acked-by/Tested-by added, branch re-pushed (commits are otherwise
> > identical). Which tree would you prefer that to go through - vfs.git,
> > scsi.git, something else?
>
> I don't have anything queued
On Wed, Jun 03, 2020 at 01:44:39PM -0700, Nathan Chancellor wrote:
> > ----
> > Al Viro (9):
> > pselect6() and friends: take handling the combined 6th/7th args into
> > helper
> > binfmt_elf: do
to fetch changes up to 174e1ea8a2f6140078b6c61068b478cf3c4aa74f:
fix a braino in ia64 uaccess csum changes (2020-06-03 16:18:09 -0400)
Al Viro (1):
fix a braino in ia64 uaccess csum changes
arch/ia64/lib
)
Al Viro (10):
comedi: move compat ioctl handling to native fops
comedi: get rid of indirection via translated_ioctl()
comedi: get rid of compat_alloc_user_space() mess in COMEDI_CHANINFO
compat
comedi: get rid of compat_alloc_user_space() mess
Christoph's assorted splice cleanups.
The following changes since commit 8f3d9f354286745c751374f5f1fcafee6b3f3136:
Linux 5.7-rc1 (2020-04-12 12:35:55 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git work.splice
for you to
bpf_check_uarg_tail_zero() use check_zeroed_user() (2020-06-01
14:42:37 -0400)
Al Viro (9):
pselect6() and friends: take handling the combined 6th/7th args into
helper
binfmt_elf: don't bother with __{put,copy_to}_user
On Wed, Jun 03, 2020 at 06:37:11PM +, don.br...@microchip.com wrote:
> -Original Message-
> From: linux-scsi-ow...@vger.kernel.org
> [mailto:linux-scsi-ow...@vger.kernel.org] On Behalf Of Al Viro
> Sent: Friday, May 29, 2020 6:39 PM
> To: Linus Torvalds
>
On Wed, Jun 03, 2020 at 08:37:14AM -0700, Guenter Roeck wrote:
> On Fri, Mar 27, 2020 at 11:31:08PM +0000, Al Viro wrote:
> > From: Al Viro
> >
> > Just inline the call and use memcpy() instead of __copy_from_user() and
> > note that the tail is precisely ia64 csum_par
On Wed, Jun 03, 2020 at 01:29:00AM -0400, Michael S. Tsirkin wrote:
> On Wed, Jun 03, 2020 at 02:48:15AM +0100, Al Viro wrote:
> > On Tue, Jun 02, 2020 at 04:45:05AM -0400, Michael S. Tsirkin wrote:
> > > So vhost needs to poke at userspace *a lot* in a quick succession.
On Wed, Jun 03, 2020 at 11:57:11AM +0800, Jason Wang wrote:
> > How widely do you hope to stretch the user_access areas, anyway?
>
>
> To have best performance for small packets like 64B, if possible, we want to
> disable STAC not only for the metadata access done by vhost accessors but
> also
On Wed, Jun 03, 2020 at 10:29:57AM +0900, Namjae Jeon wrote:
> exfat_free() should call exfat_free_iocharset() after stealing
> param->string instead of kstrdup in exfat_parse_param().
ITYM
extfat_free() should call exfat_free_iocharset(), to prevent
a leak in case we fail after parsing
On Tue, Jun 02, 2020 at 04:45:05AM -0400, Michael S. Tsirkin wrote:
> So vhost needs to poke at userspace *a lot* in a quick succession. It
> is thus benefitial to enable userspace access, do our thing, then
> disable. Except access_ok has already been pre-validated with all the
> relevant nospec
On Tue, Jun 02, 2020 at 04:42:03PM -0400, Michael S. Tsirkin wrote:
> On Tue, Jun 02, 2020 at 05:30:48PM +0100, Al Viro wrote:
> > On Tue, Jun 02, 2020 at 04:45:05AM -0400, Michael S. Tsirkin wrote:
> > > So vhost needs to poke at userspace *a lot* in a quick succession.
On Tue, Jun 02, 2020 at 08:41:38PM +, David Laight wrote:
> In which case you need a 'user_access_begin' that takes the mm
> as an additional parameter.
What does any of that have to do with mm? Details, please.
On Tue, Jun 02, 2020 at 06:44:30PM +0100, Al Viro wrote:
> On Tue, Jun 02, 2020 at 10:18:09AM -0700, Linus Torvalds wrote:
>
>
> > You have exactly two cases:
> >
> > (a) the access_ok() would be right above the code and can't be missed
> >
> > (
On Tue, Jun 02, 2020 at 10:18:09AM -0700, Linus Torvalds wrote:
> You have exactly two cases:
>
> (a) the access_ok() would be right above the code and can't be missed
>
> (b) not
(c) what you really want is not quite access_ok().
Again, that "not quite access_ok()" should be right next
On Tue, Jun 02, 2020 at 06:15:57PM +0800, Jason Wang wrote:
>
> On 2020/6/2 下午4:45, Michael S. Tsirkin wrote:
> > So vhost needs to poke at userspace *a lot* in a quick succession. It
> > is thus benefitial to enable userspace access, do our thing, then
> > disable. Except access_ok has already
On Tue, Jun 02, 2020 at 04:45:05AM -0400, Michael S. Tsirkin wrote:
> So vhost needs to poke at userspace *a lot* in a quick succession. It
> is thus benefitial to enable userspace access, do our thing, then
> disable. Except access_ok has already been pre-validated with all the
> relevant nospec
held by exfat_mount_options.
Humm...
First of all, exfat_free() ought to call exfat_free_upcase_table().
What's more, WTF bother with that kstrdup(), anyway? Just steal the string
and be done with that...
Signed-off-by: Al Viro
---
diff --git a/fs/exfat/super.c b/fs/exfat/super.c
index
ded a PPC board. APUS support was killed off a long time ago,
> > > when arch/ppc/ was still king, but these #ifdefs were missed, because
> > > they didn't test for CONFIG_APUS.
> >
> > Add FIXME about using the C code variants (APUS ones) in the future.
>
On Mon, Jun 01, 2020 at 04:46:45PM -0700, Linus Torvalds wrote:
> On Mon, Jun 1, 2020 at 11:40 AM Al Viro wrote:
> >
> > Assorted patches from Miklos; an interesting part here is
> > /proc/mounts
> > stuff...
>
> You know, this could really have done wi
Mostly Christoph's stuff...
The following changes since commit 8f3d9f354286745c751374f5f1fcafee6b3f3136:
Linux 5.7-rc1 (2020-04-12 12:35:55 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git work.set_fs-exec
for you to fetch
-05-29 11:06:38 -0400)
Al Viro (19):
dlmfs_file_write(): get rid of pointless access_ok()
fat_dir_ioctl(): hadn't needed that access_ok() for more than a decade...
btrfs_ioctl_send(): don't bother with access_ok
-05-29
16:11:50 -0400)
Al Viro (15):
get rid of csum_partial_copy_to_user()
x86_64: csum_..._copy_..._user(): switch to unsafe_..._user()
x86: switch both 32bit and 64bit to providing csum_and_copy_from_user
Assorted patches from Miklos; an interesting part here is /proc/mounts
stuff...
The following changes since commit 0e698dfa282211e414076f9dc7e83c1c288314fd:
Linux 5.7-rc4 (2020-05-03 14:56:04 -0700)
are available in the git repository at:
/kernel/git/viro/vfs.git
uaccess.__copy_to_user
for you to fetch changes up to 0702e4f39034f15855def3165fe7213c7c2c0163:
dlmfs: convert dlmfs_file_read() to copy_to_user() (2020-04-23 14:02:49 -0400)
Al Viro (2):
esas2r: don't
/viro/vfs.git uaccess.__put_user
for you to fetch changes up to ebe6976d3634a311367f72c2402f148ab9f23920:
pcm_native: result of put_user() needs to be checked (2020-04-26 09:33:49
-0400)
Al Viro (3):
compat sysinfo(2
/kernel/git/viro/vfs.git
uaccess.__copy_from_user
for you to fetch changes up to ff847781049c37dff9ad4af2bf2d7aad02622f96:
pstore: switch to copy_from_user() (2020-04-23 10:52:48 -0400)
Al Viro (2):
firewire: switch
On Fri, May 29, 2020 at 11:00:07PM +0100, David Howells wrote:
> @@ -1245,15 +1282,9 @@ static int test_inode_iunique(struct super_block *sb,
> unsigned long ino)
> struct inode *inode;
>
> spin_lock(_hash_lock);
> - hlist_for_each_entry(inode, b, i_hash) {
> - if
to cf51e129b96847f969bfb8af1ee1516a01a70b39:
sparc32: fix register window handling in genregs32_[gs]et() (2020-05-20
13:29:37 -0400)
Al Viro (2):
sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
sparc32: fix register window handling
On Sat, May 30, 2020 at 08:42:32PM +0100, Al Viro wrote:
> On Sat, May 30, 2020 at 12:20:54PM -0700, Linus Torvalds wrote:
> > On Sat, May 30, 2020 at 12:14 PM Al Viro wrote:
> > >
> > > > And none of that code verifies that the end result is a user address
On Sat, May 30, 2020 at 12:20:54PM -0700, Linus Torvalds wrote:
> On Sat, May 30, 2020 at 12:14 PM Al Viro wrote:
> >
> > > And none of that code verifies that the end result is a user address.
> >
> > kvm_is_error_hva() is
> > return addr >= PAGE
On Sat, May 30, 2020 at 08:19:40PM +0100, Al Viro wrote:
> On Sat, May 30, 2020 at 11:52:44AM -0700, Linus Torvalds wrote:
>
> > And I don't understand why you mention set_fs() vs access_ok(). None
> > of this code has anything that messes with set_fs(). The access_o
On Sat, May 30, 2020 at 11:52:44AM -0700, Linus Torvalds wrote:
> And I don't understand why you mention set_fs() vs access_ok(). None
> of this code has anything that messes with set_fs(). The access_ok()
> is garbage and shouldn't exist, and those user accesses should all use
> the checking
On Sat, May 30, 2020 at 11:52:44AM -0700, Linus Torvalds wrote:
>
> It really isn't.
>
> Your very first statement shows how broken it is:
>
> > FWIW, the kvm side of things (vhost is yet another pile of fun) is
> >
> > [x86] kvm_hv_set_msr_pw():
> > arch/x86/kvm/hyperv.c:1027: if
On Sat, May 30, 2020 at 10:57:24AM -0700, Linus Torvalds wrote:
> So no. I disagree. There is absolutely nothing "obviously ok" about
> any of that kvm code. Quite the reverse.
>
> I'd argue that it's very much obviously *NOT* ok, even while it might
> just happen to work.
Actually, it's
On Sat, May 30, 2020 at 03:31:47PM +0100, Al Viro wrote:
> It's a bit trickier than that, but I want to deal with that at the same
> time as the rest of kvm/vhost stuff. So for this series I just went
> for minimal change. There's quite a pile of vhost and kvm stuff,
> but it's n
On Fri, May 29, 2020 at 04:52:59PM -0700, Linus Torvalds wrote:
> On Fri, May 29, 2020 at 4:27 PM Al Viro wrote:
> > a/arch/x86/kvm/hyperv.c
> > - if (__clear_user((void __user *)addr, sizeof(u32)))
> > + if (__put_user(0, (u32 __user *)addr))
On Fri, May 29, 2020 at 07:43:10PM -0700, Kees Cook wrote:
> Can anyone clarify the expected failure mode from SCM_RIGHTS? Can we
> move the put_user() after instead? I think cleanup would just be:
> replace_fd(fd, NULL, 0)
Bollocks.
Repeat after me: descriptor tables can be shared. There is
From: Al Viro
no need for building a native struct on kernel stack, copying
it to userland one, then calling hpsa_ioctl() which copies it
back into _another_ instance of the same struct.
Signed-off-by: Al Viro
---
drivers/scsi/hpsa.c | 80
From: Al Viro
Signed-off-by: Al Viro
---
drivers/scsi/hpsa.c | 116 +---
1 file changed, 56 insertions(+), 60 deletions(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index 1e9302e99d05..3344a06c938e 100644
--- a/drivers/scsi/hpsa.c
From: Al Viro
Signed-off-by: Al Viro
---
drivers/scsi/hpsa.c | 7 ++-
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index c7fbe56891ef..81d0414e2117 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -6577,14 +6577,11
From: Al Viro
"BIG" in the name refers to the amount of data being transferred,
_not_ the size of structure itself; it's 140 or 144 bytes (for
32bit and 64bit hosts resp.). IOCTL_Command_struct is 136 or
144 bytes large...
No point whatsoever turning that into dynamic allocation,
the ioctls in
question. So this series definitely needs a review and testing
from hpsa maintainers before it might go anywhere.
The series is in vfs.git #uaccess.hpsa, based at v5.7-rc1
Al Viro (4):
hpsa passthrough: lift {BIG_,}IOCTL_Command_struct copy{in,out} into
hpsa_ioctl
From: Al Viro
that's the only caller of __clear_user() in generic code, and it's
not hot enough to bother with skipping access_ok().
Signed-off-by: Al Viro
---
include/linux/regset.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/regset.h b/include/linux
From: Al Viro
Signed-off-by: Al Viro
---
arch/x86/kernel/sys_ia32.c | 40 ++--
1 file changed, 22 insertions(+), 18 deletions(-)
diff --git a/arch/x86/kernel/sys_ia32.c b/arch/x86/kernel/sys_ia32.c
index ab03fede1422..f8d65c99feb8 100644
--- a/arch/x86
From: Al Viro
... rather than open-coding it, and badly, at that.
Signed-off-by: Al Viro
---
kernel/bpf/syscall.c | 25 ++---
1 file changed, 6 insertions(+), 19 deletions(-)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 64783da34202..41ba746ecbc2 100644
From: Al Viro
Signed-off-by: Al Viro
---
arch/x86/kvm/hyperv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c
index bcefa9d4e57e..b85b211d4676 100644
--- a/arch/x86/kvm/hyperv.c
+++ b/arch/x86/kvm/hyperv.c
@@ -1129,7 +1129,7
701 - 800 of 11792 matches
Mail list logo