Merge branch 'strict-netlink-validation'

Johannes Berg says:

====================
strict netlink validation

Here's a respin, with the following changes:
* change message when rejecting unknown at

Merge branch 'strict-netlink-validation'

Johannes Berg says:

====================
strict netlink validation

Here's a respin, with the following changes:
* change message when rejecting unknown attribute types (David Ahern)
* drop nl80211 patch - I'll apply it separately
* remove NL_VALIDATE_POLICY - we have a lot of calls to nla_parse()
that really should be without a policy as it has previously been
validated - need to find a good way to handle this later
* include the correct generic netlink change (d'oh, sorry)
====================

Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

show more ...

netlink: make validation more configurable for future strictness

We currently have two levels of strict validation:

1) liberal (default)
- undefined (type >= max) & NLA_UNSPEC attributes acce

netlink: make validation more configurable for future strictness

We currently have two levels of strict validation:

1) liberal (default)
- undefined (type >= max) & NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
- garbage at end of message accepted
2) strict (opt-in)
- NLA_UNSPEC attributes accepted
- attribute length >= expected accepted

Split out parsing strictness into four different options:
* TRAILING - check that there's no trailing data after parsing
attributes (in message or nested)
* MAXTYPE - reject attrs > max known type
* UNSPEC - reject attributes with NLA_UNSPEC policy entries
* STRICT_ATTRS - strictly validate attribute size

The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().

Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.

We end up with the following renames:
* nla_parse -> nla_parse_deprecated
* nla_parse_strict -> nla_parse_deprecated_strict
* nlmsg_parse -> nlmsg_parse_deprecated
* nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
* nla_parse_nested -> nla_parse_nested_deprecated
* nla_validate_nested -> nla_validate_nested_deprecated

Using spatch, of course:
@@
expression TB, MAX, HEAD, LEN, POL, EXT;
@@
-nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
+nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)

@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)

@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)

@@
expression TB, MAX, NLA, POL, EXT;
@@
-nla_parse_nested(TB, MAX, NLA, POL, EXT)
+nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)

@@
expression START, MAX, POL, EXT;
@@
-nla_validate_nested(START, MAX, POL, EXT)
+nla_validate_nested_deprecated(START, MAX, POL, EXT)

@@
expression NLH, HDRLEN, MAX, POL, EXT;
@@
-nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
+nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)

For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.

Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.

Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.

In effect then, this adds fully strict validation for any new command.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

show more ...

Merge branch 'fix/intel' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into asoc-intel

Merge tag 'v4.15-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into fbdev-for-next

Linux 4.15-rc5

Merge tag 'drm-intel-next-2017-12-14' into gvt-next

- Fix documentation build issues (Randy, Markus)
- Fix timestamp frequency calculation for perf on CNL (Lionel)
- New DMC firmware for Skylake (An

Merge tag 'drm-intel-next-2017-12-14' into gvt-next

- Fix documentation build issues (Randy, Markus)
- Fix timestamp frequency calculation for perf on CNL (Lionel)
- New DMC firmware for Skylake (Anusha)
- GTT flush fixes and other GGTT write track and refactors (Chris)
- Taint kernel when GPU reset fails (Chris)
- Display workarounds organization (Lucas)
- GuC and HuC initialization clean-up and fixes (Michal)
- Other fixes around GuC submission (Michal)
- Execlist clean-ups like caching ELSP reg offset and improving log readability (Chri\
s)
- Many other improvements on our logs and dumps (Chris)
- Restore GT performance in headless mode with DMC loaded (Tvrtko)
- Stop updating legacy fb parameters since FBC is not using anymore (Daniel)
- More selftest improvements (Chris)
- Preemption fixes and improvements (Chris)
- x86/early-quirks improvements for Intel graphics stolen memory. (Joonas, Matthew)
- Other improvements on Stolen Memory code to be resource centric. (Matthew)
- Improvements and fixes on fence allocation/release (Chris).

GVT:

- fixes for two coverity scan errors (Colin)
- mmio switch code refine (Changbin)
- more virtual display dmabuf fixes (Tina/Gustavo)
- misc cleanups (Pei)
- VFIO mdev display dmabuf interface and gvt support (Tina)
- VFIO mdev opregion support/fixes (Tina/Xiong/Chris)
- workload scheduling optimization (Changbin)
- preemption fix and temporal workaround (Zhenyu)
- and misc fixes after refactor (Chris)

show more ...

Sync to v4.15-rc3 for security subsystem developers to work against.

Merge airlied/drm-next into drm-intel-next-queued

Chris requested this backmerge for a reconciliation on
drm_print.h between drm-misc-next and drm-intel-next-queued

Signed-off-by: Rodrigo Vivi <rod

Merge airlied/drm-next into drm-intel-next-queued

Chris requested this backmerge for a reconciliation on
drm_print.h between drm-misc-next and drm-intel-next-queued

Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>

show more ...

Merge arlied/drm-next into drm-misc-next

We need to pull 66660d4cf21b (drm: add connector info/property for
non-desktop displays [v2]) into drm-misc-next to continue the development
of the display r

Merge arlied/drm-next into drm-misc-next

We need to pull 66660d4cf21b (drm: add connector info/property for
non-desktop displays [v2]) into drm-misc-next to continue the development
of the display rotation series.

Effectively this also pulls 4.15-r2 into drm-misc-next.

Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.com>

show more ...

Merge branch 'fix/amd' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into asoc-amd

Merge tag 'v4.15-rc1' into next-seccomp

Linux 4.15-rc1

Merge branch 'dts-fixes' into omap-for-v4.15/fixes-dt

Merge branch 'soc-fixes' into omap-for-v4.15/fixes

Merge tag 'v4.15-rc1' into patchwork

Linux 4.15-rc1

* tag 'v4.15-rc1': (12179 commits)
Linux 4.15-rc1
ARM: BUG if jumping to usermode address in kernel mode
m68k/macboing: Fix missed timer ca

Merge tag 'v4.15-rc1' into patchwork

Linux 4.15-rc1

* tag 'v4.15-rc1': (12179 commits)
Linux 4.15-rc1
ARM: BUG if jumping to usermode address in kernel mode
m68k/macboing: Fix missed timer callback assignment
afs: remove redundant assignment of dvnode to itself
afs: cell: Remove unnecessary code in afs_lookup_cell
afs: Fix signal handling in some file ops
afs: Fix some dentry handling in dir ops and missing key_puts
afs: Make afs_write_begin() avoid writing to a page that's being stored
sched/debug: Fix task state recording/printout
x86/decoder: Add new TEST instruction pattern
x86/PCI: Remove unused HyperTransport interrupt support
x86/umip: Fix insn_get_code_seg_params()'s return value
x86/boot/KASLR: Remove unused variable
genirq/matrix: Make - vs ?: Precedence explicit
irqchip/imgpdc: Use resource_size function on resource object
irqchip/qcom: Fix u32 comparison with value less than zero
ipvlan: Fix insufficient skb linear check for ipv6 icmp
ipvlan: Fix insufficient skb linear check for arp
geneve: only configure or fill UDP_ZERO_CSUM6_RX/TX info when CONFIG_IPV6
net: dsa: bcm_sf2: Clear IDDQ_GLOBAL_PWR bit for PHY
...

show more ...

Merge tag 'v4.15-rc1' into drm-misc-fixes

Linux 4.15-rc1

Pull in the merge window to resync. Dave didn't get his -fixes pull
landed in time, and now there's another rockchip fix pending, so
fast-fo

Merge tag 'v4.15-rc1' into drm-misc-fixes

Linux 4.15-rc1

Pull in the merge window to resync. Dave didn't get his -fixes pull
landed in time, and now there's another rockchip fix pending, so
fast-forwarding isn't possible, hence backmerge.

Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>

show more ...

Merge branch 'next' into for-linus

Prepare input updates for 4.15 merge window.

Merge tag 'asoc-v4.15' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Updates for v4.15

The biggest thing this release has been the conversion of the AC98 bus

Merge tag 'asoc-v4.15' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Updates for v4.15

The biggest thing this release has been the conversion of the AC98 bus
to the driver model, that's been a long time coming so thanks to Robert
Jarzmik for his dedication there. Due to there being some AC97 MFD
there's a few fairly large changes in input and the MFD layer, mainly to
the wm97xx driver.

There's also some drivers/drm changes to support the new AMD Stoney
platform, these are shared with the DRM subsystem and should be being
merged via both.

Within the subsystem the overwhelming bulk of the changes is in the
Intel drivers which continue to need lots of cleanups and fixes, this
release they've also gained support for their open source firmware.
There's also some large changs in the core as Morimoto-san continues to
mirror operations into the component level in preparation for conversion
of drivers to that.

- The AC97 bus has finally caught up with the driver model thanks to
some dedicated and persistent work from Robert Jarzmik.
- Continued work from Morimoto-san on moving us towards being able to
use components for everything.
- Lots of cleanups for the Intel platform code, including support for
their open source audio firmware.
- Support for scaling MCLK with sample rate in simple-card.
- Support for AMD Stoney platform.

show more ...

Merge tag 'v4.14' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/torvalds/linux

Linux 4.14

Merge branch 'linus' into x86/platform, to refresh the branch

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge branch 'linus' into sched/core, to pick up fixes

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge tag 'v4.14-rc8' into next

Merge with mainline to bring in SPDX markings to avoid annoying merge
problems when some header files get deleted.

Merge branch 'linus' into x86/asm, to pick up fixes and resolve conflicts

Conflicts:
arch/x86/kernel/cpu/Makefile

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge branch 'linus' into x86/apic, to resolve conflicts

Conflicts:
arch/x86/include/asm/x2apic.h

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge branch 'linus' into core/objtool, to pick up dependent fixes

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge branch 'linus' into locking/core, to resolve conflicts

Conflicts:
include/linux/compiler-clang.h
include/linux/compiler-gcc.h
include/linux/compiler-intel.h
include/uapi/linux/stddef.h

Si

Merge branch 'linus' into locking/core, to resolve conflicts

Conflicts:
include/linux/compiler-clang.h
include/linux/compiler-gcc.h
include/linux/compiler-intel.h
include/uapi/linux/stddef.h

Signed-off-by: Ingo Molnar <mingo@kernel.org>

show more ...

Merge branch 'linus' into perf/core, to fix conflicts

Conflicts:
tools/perf/arch/arm/annotate/instructions.c
tools/perf/arch/arm64/annotate/instructions.c
tools/perf/arch/powerpc/annotate/instruc

Merge branch 'linus' into perf/core, to fix conflicts

Conflicts:
tools/perf/arch/arm/annotate/instructions.c
tools/perf/arch/arm64/annotate/instructions.c
tools/perf/arch/powerpc/annotate/instructions.c
tools/perf/arch/s390/annotate/instructions.c
tools/perf/arch/x86/tests/intel-cqm.c
tools/perf/ui/tui/progress.c
tools/perf/util/zlib.c

Signed-off-by: Ingo Molnar <mingo@kernel.org>

show more ...