On Mon, Dec 12, 2016 at 07:58:03AM +0100, Dmitry Vyukov wrote:
> On Sun, Dec 11, 2016 at 10:37 PM, Alexander Popov
> wrote:
> > On 11.12.2016 12:32, Dmitry Vyukov wrote:
> >> On Sun, Dec 11, 2016 at 1:50 AM, Alexander Popov
> >> wrote:
> >>> Subtract KASLR offset from the kernel addresses repor
On Tue, Nov 29, 2016 at 10:32:29AM +0100, Miklos Szeredi wrote:
> On Mon, Nov 28, 2016 at 12:06:09PM +0100, Quentin Casasnovas wrote:
>
> > > > > But it looks like it was re-introduced in:
> > > > >
> > > > > 2d902671ce1c ("vfs: merge .
On Mon, Nov 28, 2016 at 10:45:18AM +0100, Miklos Szeredi wrote:
> On Fri, Nov 25, 2016 at 08:28:47PM +0100, Quentin Casasnovas wrote:
> > On Fri, Nov 25, 2016 at 06:09:23PM +0100, Quentin Casasnovas wrote:
> > > If two overlayfs filesystems are stacked on top of each other, t
On Fri, Nov 25, 2016 at 06:09:23PM +0100, Quentin Casasnovas wrote:
> If two overlayfs filesystems are stacked on top of each other, then we need
> to recurse when opening a file. This used to work and was first broken by:
>
> 4bacc9c9234c ("overlayfs: Make f_path always poi
with and without this patch it returned zero so I am assuming it
does not contain any tests with stacked overlayfs.
Fixes: 2d902671ce1c ("vfs: merge .d_select_inode() into .d_real()")
Cc: Al Viro
Cc: Miklos Szeredi
Signed-off-by: Quentin Casasnovas
---
fs/overlayfs/super.c | 12
Hi,
Stacking an overlayfs on top of an overlayfs doens't work when it used to
(tested on v4.9-rc5):
#!/bin/bash -xeu
tmpdir=$(mktemp -d)
pushd ${tmpdir}
mkdir -p {upper,lower,work}
echo 'foo' > lower/bar
mount -t overlay level_zero upper -o
lowerdir=lower,upperdir=upper,workdir=work
= 0; i < size / sizeof(i); ++i) {
printf("%02x ", mem2[i]);
if (i % 32 == 31)
printf("\n");
}
close(fd);
return 0;
}
This patch is a collaboration between
_size field expressed in unsigned
long in order to save an unecessary bitshift/division in the hot path when
using KCOV_MODE_TRACE.
Cc: Dmitry Vyukov
Cc: Michal Zalewski
Cc: Kees Cook
Signed-off-by: Quentin Casasnovas
Signed-off-by: Vegard Nossum
---
kernel/kcov.c | 10 --
1 file chang
Hi Dmitry,
Sorry it took so long to implement the small suggestions you had, we've
been very busy with other projects (or at least that's our excuse!).
The changes to afl.git in order to use kcov were sent to Michal so
hopefully people can start fuzzing their kernel with AFL without
cherry-pickin
On Fri, Jun 24, 2016 at 03:10:03PM +0200, Paolo Bonzini wrote:
> On 24/06/2016 15:04, Quentin Casasnovas wrote:
> > On Thu, Jun 23, 2016 at 06:03:01PM +0200, Paolo Bonzini wrote:
> >>
> >>
> >> On 18/06/2016 11:01, Quentin Casasnovas wrote:
> >>>
On Thu, Jun 23, 2016 at 06:03:01PM +0200, Paolo Bonzini wrote:
>
>
> On 18/06/2016 11:01, Quentin Casasnovas wrote:
> > Cross-checking the KVM/VMX VMREAD emulation code with the Intel Software
> > Developper Manual Volume 3C - "VMREAD - Read Field from Virtual-Machine
d checks for #GP/#SS
exceptions")
Signed-off-by: Quentin Casasnovas
Cc: Eugene Korenevsky
Cc: Paolo Bonzini
Cc: Radim Krčmář
Cc: Thomas Gleixner
Cc: Ingo Molnar
Cc: H. Peter Anvin
Cc: linux-stable
---
arch/x86/kvm/vmx.c | 22 ++
1 file changed, 10 insertions(+), 12 d
On Mon, Dec 14, 2015 at 06:11:16PM +0300, Cyrill Gorcunov wrote:
> On Mon, Dec 14, 2015 at 03:51:26PM +0100, Quentin Casasnovas wrote:
> ...
> >
> > Do we want to fold may_expand_anon_vm() into may_expand_vm() (potentially
> > passing it the flags/struct file if needed) s
doc
> - add may_expand_anon_vm helper
> - call for RLIMIT_DATA test in mremap and do_brk
>
> CC: Quentin Casasnovas
> CC: Vegard Nossum
> CC: Linus Torvalds
> CC: Willy Tarreau
> CC: Andy Lutomirski
> CC: Kees Cook
> CC: Vladimir Davydov
&g
.
Cc:
Cc: Jan Kara
Fixes: 2deb1acc653c ("isofs: fix access to unallocated memory when reading...")
Signed-off-by: Quentin Casasnovas
Signed-off-by: Vegard Nossum
Tested-by: Vegard Nossum
---
fs/isofs/dir.c | 1 +
fs/isofs/namei.c | 1 +
2 files changed, 2 insertions(+)
diff --git a
On Wed, Nov 25, 2015 at 12:21:45PM +, David Laight wrote:
> From: Santosh Shilimkar
> > Sent: 24 November 2015 22:13
> ...
> > Sasha's found a NULL pointer dereference in the RDS connection code when
> > sending a message to an apparently unbound socket. The problem is caused
> > by the code c
On Fri, Oct 16, 2015 at 10:47:49AM -0700, santosh shilimkar wrote:
> On 10/16/2015 8:11 AM, Quentin Casasnovas wrote:
> > Sasha's found a NULL pointer dereference in the RDS connection code when
> > sending a message to an apparently unbound socket. The problem is caused
>
I cannot reproduce the NULL pointer dereference using Vegard's reproducer
with this patch, whereas I could without.
Complete earlier incomplete fix to CVE-2015-6937:
74e98eb08588 ("RDS: verify the underlying transport exists before creating a
connection")
Signed-off-by: Quen
On Tue, Apr 14, 2015 at 11:25:43AM +0200, Quentin Casasnovas wrote:
> Phil and I found out a problem with commit:
>
> 7e860a6e7aa6 ("cdc-acm: add sanity checks")
>
Any comment on v2?
Thanks,
Quentin
--
To unsubscribe from this list: send the line "unsubscribe lin
On Fri, Apr 17, 2015 at 10:52:43PM -0700, Guenter Roeck wrote:
> Hi Quentin,
Hi Guenter,
>
> it looks like there is another failure in linux-next, this time with
> sparc64:allmodconfig:
>
> WARNING: arch/sparc/kernel/built-in.o(__ex_table+0x3b4): Section mismatch in
> reference from the (unkn
On Thu, Apr 16, 2015 at 05:47:08AM -0700, Guenter Roeck wrote:
> On 04/16/2015 01:21 AM, Quentin Casasnovas wrote:
> > On Wed, Apr 15, 2015 at 06:43:11PM -0700, Guenter Roeck wrote:
> >> Let me know if you can find a score toolchain - otherwise I'll make a copy
> >&
On Wed, Apr 15, 2015 at 06:43:11PM -0700, Guenter Roeck wrote:
>
> For
>
> >From 2e9abac9cbde18af48951c54d52c9c515f9883a7 Mon Sep 17 00:00:00 2001
> From: Quentin Casasnovas
> Date: Wed, 15 Apr 2015 22:39:50 +0200
> Subject: [PATCH] modpost: do not try to match the SHT_
On Wed, Apr 15, 2015 at 06:26:58AM -0700, Guenter Roeck wrote:
> On 04/15/2015 01:54 AM, Quentin Casasnovas wrote:
> > The following two patches might (hopefully) fix the build breakage on score
> > and some other architectures. I've checked the new __ex_table checker
>
On Wed, Apr 15, 2015 at 08:31:50AM -0700, Guenter Roeck wrote:
> On Wed, Apr 15, 2015 at 03:46:37PM +0200, Quentin Casasnovas wrote:
> > >
> > > While I agree that those should get fixed (if they are real problems,
> > > especially the ones for parisc and mn10300
On Wed, Apr 15, 2015 at 06:26:58AM -0700, Guenter Roeck wrote:
> On 04/15/2015 01:54 AM, Quentin Casasnovas wrote:
> >
> > Let me know if this makes things better..
> >
Hi Guenter,
>
> the crash is fixed, but now I get
>
That's a first step.. :)
> F
fixes the problem by moving that check in the caller (since we can
deal with different types of relocations) and add is_second_extable_reloc()
to make the whole thing more readable.
Signed-off-by: Quentin Casasnovas
Reported-by: Guenter Roeck
CC: Rusty Russell
---
scripts/mod/modpost.c
The following two patches might (hopefully) fix the build breakage on score
and some other architectures. I've checked the new __ex_table checker
still works on x86-64 with them (it still detects an entry pointing to
.altinstr_rplacement) and they should apply cleanly on top of Rusty's
module-next
This was leading to a divide-by-zero on some architectures and make the
build fail.
Signed-off-by: Quentin Casasnovas
Reported-by: Guenter Roeck
CC: Rusty Russell
---
scripts/mod/modpost.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/scripts/mod/modpost.c b/script
le entries. Unfortunately, it
> wasn't tested with -ffunction-sections, which some architectures
> use.
>
> Reported-by: kbuild test robot
> Cc: Quentin Casasnovas
> Signed-off-by: Rusty Russell
>
> diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
> i
On Tue, Apr 14, 2015 at 09:11:14AM -0700, Guenter Roeck wrote:
> On Tue, Apr 14, 2015 at 06:42:44PM +1000, Stephen Rothwell wrote:
> > Hi all,
> >
> > Please do not add any v4.2 material to your linux-next included trees
> > until after v4.1-rc1 is released.
> >
> > Changes since 20150413:
> >
>
On Tue, Apr 14, 2015 at 02:14:14PM +0200, Thierry Reding wrote:
> On Tue, Mar 17, 2015 at 01:40:02PM +0100, Quentin Casasnovas wrote:
> > If one of these addresses point to a non-executable section, something is
> > seriously wrong since it either means the kernel will never fault
cm: add sanity checks")
Signed-off-by: Phil Turnbull
Signed-off-by: Quentin Casasnovas
CC: Sergei Shtylyov
CC: Oliver Neukum
CC: Adam Lee
CC:
---
drivers/usb/class/cdc-acm.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/class/cdc-acm.c b/drivers/us
On Mon, Apr 13, 2015 at 11:48:27PM +0800, Adam Lee wrote:
> On Mon, Apr 13, 2015 at 05:24:04PM +0200, Quentin Casasnovas wrote:
> > Phil and I found out a problem with commit:
> >
> > 7e860a6e ("cdc-acm: add sanity checks")
> >
> > It added some sanit
Adding Greg on CC as suggested by Oliver.
On Mon, Apr 13, 2015 at 05:24:04PM +0200, Quentin Casasnovas wrote:
> Phil and I found out a problem with commit:
>
> 7e860a6e ("cdc-acm: add sanity checks")
>
> It added some sanity checks to ignore potential garbage
specially crafted USB device could be used to trigger this infinite loop.
Fixes: 7e860a6e ("cdc-acm: add sanity checks")
Signed-off-by: Phil Turnbull
Signed-off-by: Quentin Casasnovas
CC: Oliver Neukum
CC: Adam Lee
---
drivers/usb/class/cdc-acm.c | 3 ++-
1 file changed, 2 insertions(+),
On Mon, Apr 13, 2015 at 08:48:56PM +0930, Rusty Russell wrote:
> Quentin Casasnovas writes:
> > __ex_table is a simple table section where each entry is a pair of
> > addresses - the first address is an address which can fault in kernel
> > space, and the second address point
On Fri, Mar 20, 2015 at 11:59:41AM +1030, Rusty Russell wrote:
> Quentin Casasnovas writes:
> > Prints a warning when a section references a section outside a strict
> > white-list. This will be useful to print a warning if __ex_table
> > references a non-executable sec
On Sat, Apr 04, 2015 at 03:34:43PM +0200, Borislav Petkov wrote:
> From: Borislav Petkov
>
> Quentin caught a corner case with the generation of instruction padding
> in the ALTERNATIVE_2 macro: if len(orig_insn) < len(alt1) < len(alt2),
> then not enough padding gets added and that is not good(t
On Sat, Apr 04, 2015 at 11:25:36AM +0200, Borislav Petkov wrote:
> On Sat, Apr 04, 2015 at 10:36:11AM +0200, Quentin Casasnovas wrote:
> > Since all of these are compile time constants, could we not use the safe
> > variant on that same page? Not that I'm too worried ab
On Sat, Apr 04, 2015 at 09:34:54AM +0200, Borislav Petkov wrote:
> On Fri, Apr 03, 2015 at 10:42:17PM +0200, Quentin Casasnovas wrote:
> > If you're happy with the extra padding in such cases then your second
> > approach looks okay to me. But IMO, even if taking the '.i
On Fri, Apr 03, 2015 at 07:48:24PM +0200, Borislav Petkov wrote:
> On Fri, Apr 03, 2015 at 07:33:06PM +0200, Quentin Casasnovas wrote:
> > > Basically, the idea was:
> > >
> > > .skip len(repl1) - len(orig), 0x90
> > > .skip len(repl2) - len(repl1), 0x
On Fri, Apr 03, 2015 at 07:06:25PM +0200, Borislav Petkov wrote:
> On Fri, Apr 03, 2015 at 05:40:55PM +0200, Quentin Casasnovas wrote:
> > So yeah I still think we're not properly padding, if you take my earlier
> > example where repl2 = 5 bytes, repl1 = 4 bytes and orin_ins
On Fri, Apr 03, 2015 at 05:23:24PM +0200, Borislav Petkov wrote:
> On Fri, Apr 03, 2015 at 04:14:26PM +0200, Quentin Casasnovas wrote:
> > > This is obviously completely un-tested and not even compiled! :)
> > >
> >
> > Told you!
>
> :-)
>
>
On Fri, Apr 03, 2015 at 04:06:30PM +0200, Quentin Casasnovas wrote:
> On Thu, Apr 02, 2015 at 06:12:59PM +0200, Borislav Petkov wrote:
> > On Thu, Apr 02, 2015 at 05:52:10PM +0200, Quentin Casasnovas wrote:
> > > I've tried compiling this on top of v4.0-rc5 and I get a comp
On Thu, Apr 02, 2015 at 06:12:59PM +0200, Borislav Petkov wrote:
> On Thu, Apr 02, 2015 at 05:52:10PM +0200, Quentin Casasnovas wrote:
> > I've tried compiling this on top of v4.0-rc5 and I get a compile error
> > because alt_end_marker isn't defined. Which other patches
On Thu, Apr 02, 2015 at 06:12:59PM +0200, Borislav Petkov wrote:
> On Thu, Apr 02, 2015 at 05:52:10PM +0200, Quentin Casasnovas wrote:
> > FWIW I think this looks much nicer! I have a couple of comments though,
> > apologies in advance if they aren't relevant :)
>
&g
event where I'm not wrong about this, having a nicely named
helper altinstr_are_applied() instead of manually checking the system_state
variable would probably help!
But maybe we're pretty confident this will not happen anyway?
> Cleanup comments.
>
> Signed-off-by: Borislav Petkov
> Cc: &q
On Thu, Mar 26, 2015 at 10:48:18PM +, Yu, Fenghua wrote:
> > > sctxt->fpstate=(void *)1 changes the fpstate pointer in the
> > > sigcontext. It will generate segfault and bad frame info in kernel.
> > >
> > > This is expected behavior, right? Is this still a valid test?
> >
> > Just to be clea
On Tue, Mar 17, 2015 at 09:25:07AM -0700, Linus Torvalds wrote:
> On Tue, Mar 17, 2015 at 5:39 AM, Quentin Casasnovas
> wrote:
> > Prints a warning when a section references a section outside a strict
> > white-list. This will be useful to print a warning if __ex_table
&g
Adding Rusty and Michal to CC.
On Tue, Mar 17, 2015 at 01:40:02PM +0100, Quentin Casasnovas wrote:
> __ex_table is a simple table section where each entry is a pair of
> addresses - the first address is an address which can fault in kernel
> space, and the second address points to
Adding Rusty and Michal to CC.
On Tue, Mar 17, 2015 at 01:40:00PM +0100, Quentin Casasnovas wrote:
> Signed-off-by: Quentin Casasnovas
> ---
> scripts/mod/modpost.c | 7 ---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/scripts/mod/modpost.c b/scr
Adding Rusty and Michal to CC.
On Tue, Mar 17, 2015 at 01:39:59PM +0100, Quentin Casasnovas wrote:
> Signed-off-by: Quentin Casasnovas
> ---
> scripts/mod/modpost.c | 23 ---
> 1 file changed, 12 insertions(+), 11 deletions(-)
>
> diff --git a/scrip
Adding Rusty and Michal to CC.
On Tue, Mar 17, 2015 at 01:40:01PM +0100, Quentin Casasnovas wrote:
> This shell script can be used to sanity check the __ex_table section on an
> object file, making sure the relocations in there are pointing to valid
> executable sections. If it f
Adding Rusty and Michal to CC.
On Tue, Mar 17, 2015 at 01:39:58PM +0100, Quentin Casasnovas wrote:
> This will be useful when we want to have special handlers which need to go
> through more hops to print useful information to the user.
>
> Signed-off-by: Quentin Casasnovas
> ---
Adding Rusty and Michal to CC.
On Tue, Mar 17, 2015 at 01:39:57PM +0100, Quentin Casasnovas wrote:
> .sched.text and .kprobes.text should behave exactly like .text with regards
> to how we should warn about referencing sections which might get discarded
> at runtime.
>
> Signed-
On Tue, Mar 17, 2015 at 01:07:39PM +0100, Borislav Petkov wrote:
> On Tue, Mar 17, 2015 at 12:36:58PM +0100, Quentin Casasnovas wrote:
> > Right, FWIW I think your approach is valid, but not very generic. Re-using
> > the check_insn() and making it more generic so we can wid
sched.text and .kprobes.text should behave exactly like .text with regards
to how we should warn about referencing sections which might get discarded
at runtime.
Signed-off-by: Quentin Casasnovas
---
scripts/mod/modpost.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a
Prints a warning when a section references a section outside a strict
white-list. This will be useful to print a warning if __ex_table
references a non-executable section.
Signed-off-by: Quentin Casasnovas
---
scripts/mod/modpost.c | 34 +++---
1 file changed, 19
with CONFIG_DEBUG_INFO.
Signed-off-by: Quentin Casasnovas
---
scripts/check_extable.sh | 146 +++
1 file changed, 146 insertions(+)
create mode 100755 scripts/check_extable.sh
diff --git a/scripts/check_extable.sh b/scripts/check_extable.sh
new file
o
just set .altinstr_replacement NX, but we need to warn about future cases
like this.
Signed-off-by: Quentin Casasnovas
---
scripts/mod/modpost.c | 141 ++
1 file changed, 141 insertions(+)
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
ind
This will be useful when we want to have special handlers which need to go
through more hops to print useful information to the user.
Signed-off-by: Quentin Casasnovas
---
scripts/mod/modpost.c | 68 +++
1 file changed, 42 insertions(+), 26
Signed-off-by: Quentin Casasnovas
---
scripts/mod/modpost.c | 23 ---
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 0f48f8b..c69681e 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -1270,6
Signed-off-by: Quentin Casasnovas
---
scripts/mod/modpost.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index c69681e..bf0cf81 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -1432,16 +1432,17
Hi,
This patch-set adds some sanity checks on the __ex_table section so that it
makes it much harder to introduce wrong entries in there. It works by
checking every relocation in __ex_table and making sure it points to an
executable section and does not point to a list of black-listed sections,
l
On Tue, Mar 17, 2015 at 12:20:15PM +0100, Borislav Petkov wrote:
> On Tue, Mar 17, 2015 at 11:00:46AM +0100, Quentin Casasnovas wrote:
> > Fair point, but AFAIUI we can't do check_insn(XSAVES) alone as of today,
> > and the "..." in your "check_isns(XSAVEOPT, ..
On Tue, Mar 17, 2015 at 10:47:50AM +0100, Borislav Petkov wrote:
>
> We can even go a step further and add a static_cpu_has_safe thing which
> checks two features instead of one. The penalty we'd get is a single
> inconditional JMP which in the face of XSAVE* is nothing.
>
What was the argument
On Tue, Mar 17, 2015 at 10:47:50AM +0100, Borislav Petkov wrote:
> On Mon, Mar 16, 2015 at 11:37:44PM +0100, Quentin Casasnovas wrote:
>
> ...
>
> > __user_insn("btl [var2], %0 \n\t",
> > , /* no outputs, no need for dummy arg */
On Sun, Mar 15, 2015 at 05:50:36PM +0100, Oleg Nesterov wrote:
> Change xsave_user() and xrestore_user() to avoid the (imho) horrible
> and should-die xstate_fault helper, they both can use __user_insn().
>
> This also removes the "memory" clobber but I think it was never needed.
> xrestore_user()
On Sun, Mar 15, 2015 at 05:49:48PM +0100, Oleg Nesterov wrote:
> Hello.
>
> Another a bit off-topic change, but I'd like to finish the discussion
> with Quentin.
>
> And almost cosmetic. But I added the RFC tag to make it clear that this
> needs a review from someone who understands gcc-asm better
On Wed, Mar 04, 2015 at 08:06:51PM +0100, Oleg Nesterov wrote:
> On 03/04, Dave Hansen wrote:
> >
> > I'm running a commit from the tip/x86/fpu branch: ae486033b98. It's on
> > a system which I normally boot with 'noxsaves'. When I boot without
> > 'noxsaves' it is getting a GPF around the time t
Improper arithmetics when calculting the address of the extended ref could
lead to an out of bounds memory read and kernel panic.
Signed-off-by: Quentin Casasnovas
---
fs/btrfs/tree-log.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git fs/btrfs/tree-log.c fs/btrfs/tree-log.c
Commit-ID: d496a002ae1f02425168e5211c237abee588651a
Gitweb: http://git.kernel.org/tip/d496a002ae1f02425168e5211c237abee588651a
Author: Quentin Casasnovas
AuthorDate: Thu, 26 Feb 2015 18:03:59 +0100
Committer: Borislav Petkov
CommitDate: Mon, 2 Mar 2015 20:30:42 +0100
x86/microcode
On Mon, Mar 02, 2015 at 04:04:28PM +0100, Borislav Petkov wrote:
>
> Ok, ok, you got me persuaded.
Oh. that's unexpected :)
>
> Better?
>
> :-)
>
I prefer it, thanks!
Quentin
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vge
On Mon, Mar 02, 2015 at 02:29:50PM +0100, Borislav Petkov wrote:
> On Mon, Mar 02, 2015 at 02:03:36PM +0100, Quentin Casasnovas wrote:
> > So at the last loop iteration for j == i, we'll do kfree(saved_ptr[j])
> > which AFAICT hasn't been initialized yet. Usi
Hi Boris!
On Mon, Mar 02, 2015 at 01:34:41PM +0100, Borislav Petkov wrote:
> Hi guys,
>
> here's the first pile of microcode loader cleanups for 4.1.
>
> Please pull,
> thanks.
>
> ---
> The following changes since commit c517d838eb7d07bbe9507871fab3931deccff539:
>
> Linux 4.0-rc1 (2015-02-2
(Removing stable from CC...)
Ping on this?
On Mon, Feb 02, 2015 at 02:58:36PM +0100, Quentin Casasnovas wrote:
> It is possible for the *_read*() functions to fail, in which case it'll
> leave its third argument untouched. Most of the code do not check the
> return value of *_rea
Improper arithmetics when calculting the address of the extended ref could
lead to an out of bounds memory read and kernel panic.
Signed-off-by: Quentin Casasnovas
---
fs/btrfs/tree-log.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git fs/btrfs/tree-log.c fs/btrfs/tree-log.c
Improper pointer arithmetics when calculating the address of the extended
header could lead to an out of bounds memory read and kernel panic.
Signed-off-by: Quentin Casasnovas
---
arch/x86/kernel/cpu/microcode/intel_early.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git
On Tue, Feb 24, 2015 at 05:48:17PM +0100, Borislav Petkov wrote:
>
> Thanks for the review, very good points. I had spotted some of them
> myself but had to restrain myself not to do them now for the very
> simple reason: we want this code first cleaned up nicely, in small and
> self-contained pie
On Tue, Feb 24, 2015 at 11:36:59AM +0100, Borislav Petkov wrote:
> From: Borislav Petkov
>
> Hi,
>
> so this is something which got started in the aftermath of a discussion
> about some robustifying fixes to the microcode loader by Quentin.
> Everyone agrees that current code needs a good rubbin
On Tue, Feb 24, 2015 at 11:37:12AM +0100, Borislav Petkov wrote:
>
> While at it, make pr_* stuff use "microcode: " prefix for easier
> grepping and document how to enable the DEBUG build.
>
> +++ b/arch/x86/kernel/cpu/microcode/intel_early.c
> @@ -16,6 +16,14 @@
> * as published by the Free
On Tue, Feb 24, 2015 at 11:37:07AM +0100, Borislav Petkov wrote:
> @@ -159,42 +134,40 @@ static enum ucode_state
> matching_model_microcode(struct microcode_header_intel *mc_header,
> unsigned long sig)
> {
> - u8 x86, x86_model;
> - u8 x86_ucode, x86_model_ucode;
>
On Tue, Feb 24, 2015 at 11:37:09AM +0100, Borislav Petkov wrote:
> @@ -153,16 +152,15 @@ int get_matching_sig(unsigned int csig, int cpf, void
> *mc, int rev)
> }
>
> /*
> - * return 0 - no update found
> - * return 1 - found update
> + * Returns 1 if update has been found, 0 otherwise.
> */
On Tue, Feb 24, 2015 at 11:37:06AM +0100, Borislav Petkov wrote:
> +++ b/arch/x86/include/asm/microcode_intel.h
> @@ -60,8 +60,12 @@ extern int
> get_matching_microcode(unsigned int csig, int cpf, void *mc, int rev);
> extern int microcode_sanity_check(void *mc, int print_err);
> extern int get_
On Tue, Feb 24, 2015 at 11:37:04AM +0100, Borislav Petkov wrote:
> From: Borislav Petkov
>
> ... of microcode patches instead of handing in a pointer which is used
> for I/O in an otherwise void function.
>
> Signed-off-by: Borislav Petkov
> ---
> arch/x86/kernel/cpu/microcode/intel_early.c |
On Tue, Feb 24, 2015 at 11:37:02AM +0100, Borislav Petkov wrote:
> From: Borislav Petkov
>
> Allocate it on the helper's _load_ucode_intel_bsp() stack instead and do
> not hand it down.
>
Going further, could you not even make uci a static global variable and
have collect_cpu_info_early() calle
On Tue, Feb 24, 2015 at 11:37:03AM +0100, Borislav Petkov wrote:
> From: Borislav Petkov
>
> Don't compute start and end from start and size in order to compute size
> again down the path in scan_microcode(). So pass size directly instead
> and simplify a bunch. Shorten variable names and remove
On Tue, Feb 24, 2015 at 11:37:01AM +0100, Borislav Petkov wrote:
> @@ -213,39 +213,46 @@ save_microcode(struct mc_saved_data *mc_saved_data,
> /*
>* Copy new microcode data.
>*/
> - mc_saved_p = kmalloc(mc_saved_count*sizeof(struct microcode_intel *),
> + saved_ptr = k
Commit-ID: 35a9ff4eec7a1725ac4364972fc6c156e4feedd0
Gitweb: http://git.kernel.org/tip/35a9ff4eec7a1725ac4364972fc6c156e4feedd0
Author: Quentin Casasnovas
AuthorDate: Tue, 3 Feb 2015 13:00:24 +0100
Committer: Borislav Petkov
CommitDate: Thu, 19 Feb 2015 12:42:23 +0100
x86/microcode
Commit-ID: f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4
Gitweb: http://git.kernel.org/tip/f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4
Author: Quentin Casasnovas
AuthorDate: Tue, 3 Feb 2015 13:00:22 +0100
Committer: Borislav Petkov
CommitDate: Thu, 19 Feb 2015 12:41:37 +0100
x86/microcode
much sense to carry on talking to the ship after some error.
This issue was found by code review while preparing Ksplice updates.
Signed-off-by: Quentin Casasnovas
---
drivers/gpu/drm/i915/dvo_ch7017.c | 1 +
drivers/gpu/drm/i915/dvo_ch7xxx.c | 1 +
drivers/gpu/drm/i915/dvo_ivch.c | 1 +
driver
On Fri, Oct 24, 2014 at 05:07:24PM +0200, Paolo Bonzini wrote:
> From: Quentin Casasnovas
>
> The third parameter of kvm_unpin_pages() when called from
> kvm_iommu_map_pages() is wrong, it should be the number of pages to un-pin
> and not the page size.
>
This got assi
On Mon, Jun 23, 2014 at 02:22:15PM -0700, Andy Lutomirski wrote:
> The bad syscall nr paths are their own incomprehensible route
> through the entry control flow. Rearrange them to work just like
> syscalls that return -ENOSYS.
>
> This fixes an OOPS in the audit code when fast-path auditing is
>
Ping Dave?
On Tue, Mar 18, 2014 at 05:16:52PM +0100, Quentin Casasnovas wrote:
> On bo reservation failure, we end up leaking fpriv.
>
> Fixes: 5e386b574cf7e1 ("drm/radeon: fix missing bo reservation")
> Cc: sta...@vger.kernel.org
> Cc: Christian König
> Cc: A
On bo reservation failure, we end up leaking fpriv.
Fixes: 5e386b574cf7e1 ("drm/radeon: fix missing bo reservation")
Cc: sta...@vger.kernel.org
Cc: Christian König
Cc: Alex Deucher
Signed-off-by: Quentin Casasnovas
---
drivers/gpu/drm/radeon/radeon_kms.c | 5 -
1 file
95 matches
Mail list logo